From: Steve Dickson <SteveD@redhat.com>
To: Jeff Layton <jlayton@redhat.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH v2 0/6] gssd: add the GSSAPI acceptor name to the info passed in downcall
Date: Wed, 30 Apr 2014 12:30:16 -0400 [thread overview]
Message-ID: <53612518.5000401@RedHat.com> (raw)
In-Reply-To: <1397575172-28377-1-git-send-email-jlayton@redhat.com>
On 04/15/2014 11:19 AM, Jeff Layton wrote:
> v2:
> - add patch to reset lifetime_rec if gss_inquire_context fails
> - ensure that we always send the length in the downcall, even if
> there is no acceptor string.
> - comment and error handling fixups (primarily in last patch)
>
> Recently, I started a mailing list thread about some authentication
> failures that I was seeing on the callback channel when krb5 was in use.
>
> After a bit of discussion we determined that the right way to fix it
> was to save off the GSSAPI acceptor name used in the SETCLIENT call,
> and then ensure that the same principal is used in callback requests.
>
> This patchset is the userland portion of that change. It basically
> just adds the acceptor name to the downcall, immediately following
> the context token. Older kernel will just ignore this data, so this
> should be safe.
>
> There is also a companion kernel patchset that will allow the kernel
> to save off this info for later usage.
>
> Jeff Layton (6):
> gssd: handle malloc failure appropriately in do_downcall
> gssd: make do_downcall a void return
> gssd: move hostbased name routines into separate file
> gssd: add new routine for generating a hostbased principal in a
> gss_buffer_t
> gssd: explicitly set lifetime_rec to 0 when gss_inquire_context fails
> gssd: scrape the acceptor name out of the context
>
> utils/gssd/Makefile.am | 2 +
> utils/gssd/gss_names.c | 138 ++++++++++++++++++++++++++++++++++++++++++++++
> utils/gssd/gss_names.h | 36 ++++++++++++
> utils/gssd/gssd_proc.c | 53 ++++++++++++------
> utils/gssd/svcgssd_proc.c | 66 +---------------------
> 5 files changed, 214 insertions(+), 81 deletions(-)
> create mode 100644 utils/gssd/gss_names.c
> create mode 100644 utils/gssd/gss_names.h
>
Committed... All six patches...
steved.
prev parent reply other threads:[~2014-04-30 17:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-15 15:19 [PATCH v2 0/6] gssd: add the GSSAPI acceptor name to the info passed in downcall Jeff Layton
2014-04-15 15:19 ` [PATCH v2 1/6] gssd: handle malloc failure appropriately in do_downcall Jeff Layton
2014-04-15 15:19 ` [PATCH v2 2/6] gssd: make do_downcall a void return Jeff Layton
2014-04-15 15:19 ` [PATCH v2 3/6] gssd: move hostbased name routines into separate file Jeff Layton
2014-04-15 15:19 ` [PATCH v2 4/6] gssd: add new routine for generating a hostbased principal in a gss_buffer_t Jeff Layton
2014-04-15 15:19 ` [PATCH v2 5/6] gssd: explicitly set lifetime_rec to 0 when gss_inquire_context fails Jeff Layton
2014-04-15 15:19 ` [PATCH v2 6/6] gssd: scrape the acceptor name out of the context Jeff Layton
2014-04-30 16:30 ` Steve Dickson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53612518.5000401@RedHat.com \
--to=steved@redhat.com \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.