* nfs-utils patches for nfsv4.0 callbacks
@ 2013-09-19 20:57 J. Bruce Fields
2013-09-19 20:57 ` [PATCH 1/3] gssd: fix strncmp bug causing client removals J. Bruce Fields
` (2 more replies)
0 siblings, 3 replies; 11+ messages in thread
From: J. Bruce Fields @ 2013-09-19 20:57 UTC (permalink / raw)
To: steved; +Cc: linux-nfs
NFSv4.0 callbacks over krb5 have been broken for a while. With the
following three patches I've at least witnessed a succesful null
callback.
--b.
^ permalink raw reply [flat|nested] 11+ messages in thread* [PATCH 1/3] gssd: fix strncmp bug causing client removals 2013-09-19 20:57 nfs-utils patches for nfsv4.0 callbacks J. Bruce Fields @ 2013-09-19 20:57 ` J. Bruce Fields 2013-09-19 21:00 ` J. Bruce Fields 2013-09-19 21:03 ` [PATCHv2 " J. Bruce Fields 2013-09-19 20:57 ` [PATCH 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields 2013-09-19 20:57 ` [PATCH 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields 2 siblings, 2 replies; 11+ messages in thread From: J. Bruce Fields @ 2013-09-19 20:57 UTC (permalink / raw) To: steved; +Cc: linux-nfs, root, J. Bruce Fields From: root <root@pip4.fieldses.org> Both dirname and pdir are null-terminated strings, so there's no reason I can see for the strncmp. And this gives the wrong result when comparing the "nfsd" and "nfsd4_cb" directories! The results were callback clients being removed immediately after creation, when lack of a client with the corresponding name under "nfsd" lead gssd to believe it had disappeared from "nfsd4_cb". Signed-off-by: J. Bruce Fields <bfields@redhat.com> --- utils/gssd/gssd_proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index 2d3dbec..0383883 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -525,7 +525,7 @@ update_old_clients(struct dirent **namelist, int size, char *pdir) /* only compare entries in the global list that are from the * same pipefs parent directory as "pdir" */ - if (strncmp(clp->dirname, pdir, strlen(pdir)) != 0) continue; + if (strcmp(clp->dirname, pdir) != 0) continue; stillhere = 0; for (i=0; i < size; i++) { -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 1/3] gssd: fix strncmp bug causing client removals 2013-09-19 20:57 ` [PATCH 1/3] gssd: fix strncmp bug causing client removals J. Bruce Fields @ 2013-09-19 21:00 ` J. Bruce Fields 2013-09-19 21:03 ` [PATCHv2 " J. Bruce Fields 1 sibling, 0 replies; 11+ messages in thread From: J. Bruce Fields @ 2013-09-19 21:00 UTC (permalink / raw) To: J. Bruce Fields; +Cc: steved, linux-nfs On Thu, Sep 19, 2013 at 04:57:17PM -0400, J. Bruce Fields wrote: > From: root <root@pip4.fieldses.org> Ugh, sorry. I'll just resend all three of these with the authors fixed. --b. ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCHv2 1/3] gssd: fix strncmp bug causing client removals 2013-09-19 20:57 ` [PATCH 1/3] gssd: fix strncmp bug causing client removals J. Bruce Fields 2013-09-19 21:00 ` J. Bruce Fields @ 2013-09-19 21:03 ` J. Bruce Fields 2013-09-19 21:03 ` [PATCHv2 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields ` (2 more replies) 1 sibling, 3 replies; 11+ messages in thread From: J. Bruce Fields @ 2013-09-19 21:03 UTC (permalink / raw) To: steved; +Cc: linux-nfs, J. Bruce Fields From: "J. Bruce Fields" <bfields@redhat.com> Both dirname and pdir are null-terminated strings, so there's no reason I can see for the strncmp. And this gives the wrong result when comparing the "nfsd" and "nfsd4_cb" directories! The results were callback clients being removed immediately after creation, when lack of a client with the corresponding name under "nfsd" lead gssd to believe it had disappeared from "nfsd4_cb". Signed-off-by: J. Bruce Fields <bfields@redhat.com> --- utils/gssd/gssd_proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index 2d3dbec..0383883 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -525,7 +525,7 @@ update_old_clients(struct dirent **namelist, int size, char *pdir) /* only compare entries in the global list that are from the * same pipefs parent directory as "pdir" */ - if (strncmp(clp->dirname, pdir, strlen(pdir)) != 0) continue; + if (strcmp(clp->dirname, pdir) != 0) continue; stillhere = 0; for (i=0; i < size; i++) { -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCHv2 2/3] gssd: don't use tgtname to find our keytab 2013-09-19 21:03 ` [PATCHv2 " J. Bruce Fields @ 2013-09-19 21:03 ` J. Bruce Fields 2013-09-24 19:17 ` Steve Dickson 2013-09-19 21:03 ` [PATCHv2 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields 2013-09-24 19:17 ` [PATCHv2 1/3] gssd: fix strncmp bug causing client removals Steve Dickson 2 siblings, 1 reply; 11+ messages in thread From: J. Bruce Fields @ 2013-09-19 21:03 UTC (permalink / raw) To: steved; +Cc: linux-nfs, J. Bruce Fields From: "J. Bruce Fields" <bfields@redhat.com> The tgtname is of the form service@hostname. It's not a hostname, and attempting to look it up here just causes failure of any upcall with a "target=" field (currently, any upcall on behalf of an nfsv4.0 callback). I think the theory was that knowning that target= name might help pick the right keytab, but I don't really know if that's helpful. For now, just stop trying to do this. Signed-off-by: J. Bruce Fields <bfields@redhat.com> --- utils/gssd/gssd_proc.c | 3 +-- utils/gssd/krb5_util.c | 10 +++------- utils/gssd/krb5_util.h | 3 +-- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index 0383883..7200a78 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -1035,8 +1035,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, int success = 0; do { gssd_refresh_krb5_machine_credential(clp->servername, - NULL, service, - tgtname); + NULL, service); /* * Get a list of credential cache names and try each * of them until one works or we've tried them all diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 83b9651..c6e52fd 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -1149,7 +1149,7 @@ gssd_get_krb5_machine_cred_list(char ***list) if (ple->ccname) { /* Make sure cred is up-to-date before returning it */ retval = gssd_refresh_krb5_machine_credential(NULL, ple, - NULL, NULL); + NULL); if (retval) continue; if (i + 1 > listsize) { @@ -1240,8 +1240,7 @@ gssd_destroy_krb5_machine_creds(void) int gssd_refresh_krb5_machine_credential(char *hostname, struct gssd_k5_kt_princ *ple, - char *service, - char *tgtname) + char *service) { krb5_error_code code = 0; krb5_context context; @@ -1280,10 +1279,7 @@ gssd_refresh_krb5_machine_credential(char *hostname, if (ple == NULL) { krb5_keytab_entry kte; - if (tgtname == NULL) - tgtname = hostname; - - code = find_keytab_entry(context, kt, tgtname, &kte, svcnames); + code = find_keytab_entry(context, kt, hostname, &kte, svcnames); if (code) { printerr(0, "ERROR: %s: no usable keytab entry found " "in keytab %s for connection with host %s\n", diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h index eed1294..3f0723e 100644 --- a/utils/gssd/krb5_util.h +++ b/utils/gssd/krb5_util.h @@ -31,8 +31,7 @@ void gssd_setup_krb5_machine_gss_ccache(char *servername); void gssd_destroy_krb5_machine_creds(void); int gssd_refresh_krb5_machine_credential(char *hostname, struct gssd_k5_kt_princ *ple, - char *service, - char *tgtname); + char *service); char *gssd_k5_err_msg(krb5_context context, krb5_error_code code); void gssd_k5_get_default_realm(char **def_realm); -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCHv2 2/3] gssd: don't use tgtname to find our keytab 2013-09-19 21:03 ` [PATCHv2 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields @ 2013-09-24 19:17 ` Steve Dickson 0 siblings, 0 replies; 11+ messages in thread From: Steve Dickson @ 2013-09-24 19:17 UTC (permalink / raw) To: J. Bruce Fields; +Cc: linux-nfs On 19/09/13 17:03, J. Bruce Fields wrote: > From: "J. Bruce Fields" <bfields@redhat.com> > > The tgtname is of the form service@hostname. It's not a hostname, and > attempting to look it up here just causes failure of any upcall with a > "target=" field (currently, any upcall on behalf of an nfsv4.0 > callback). > > I think the theory was that knowning that target= name might help pick > the right keytab, but I don't really know if that's helpful. For now, > just stop trying to do this. > > Signed-off-by: J. Bruce Fields <bfields@redhat.com> Committed.... steved. > --- > utils/gssd/gssd_proc.c | 3 +-- > utils/gssd/krb5_util.c | 10 +++------- > utils/gssd/krb5_util.h | 3 +-- > 3 files changed, 5 insertions(+), 11 deletions(-) > > diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c > index 0383883..7200a78 100644 > --- a/utils/gssd/gssd_proc.c > +++ b/utils/gssd/gssd_proc.c > @@ -1035,8 +1035,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, > int success = 0; > do { > gssd_refresh_krb5_machine_credential(clp->servername, > - NULL, service, > - tgtname); > + NULL, service); > /* > * Get a list of credential cache names and try each > * of them until one works or we've tried them all > diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c > index 83b9651..c6e52fd 100644 > --- a/utils/gssd/krb5_util.c > +++ b/utils/gssd/krb5_util.c > @@ -1149,7 +1149,7 @@ gssd_get_krb5_machine_cred_list(char ***list) > if (ple->ccname) { > /* Make sure cred is up-to-date before returning it */ > retval = gssd_refresh_krb5_machine_credential(NULL, ple, > - NULL, NULL); > + NULL); > if (retval) > continue; > if (i + 1 > listsize) { > @@ -1240,8 +1240,7 @@ gssd_destroy_krb5_machine_creds(void) > int > gssd_refresh_krb5_machine_credential(char *hostname, > struct gssd_k5_kt_princ *ple, > - char *service, > - char *tgtname) > + char *service) > { > krb5_error_code code = 0; > krb5_context context; > @@ -1280,10 +1279,7 @@ gssd_refresh_krb5_machine_credential(char *hostname, > if (ple == NULL) { > krb5_keytab_entry kte; > > - if (tgtname == NULL) > - tgtname = hostname; > - > - code = find_keytab_entry(context, kt, tgtname, &kte, svcnames); > + code = find_keytab_entry(context, kt, hostname, &kte, svcnames); > if (code) { > printerr(0, "ERROR: %s: no usable keytab entry found " > "in keytab %s for connection with host %s\n", > diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h > index eed1294..3f0723e 100644 > --- a/utils/gssd/krb5_util.h > +++ b/utils/gssd/krb5_util.h > @@ -31,8 +31,7 @@ void gssd_setup_krb5_machine_gss_ccache(char *servername); > void gssd_destroy_krb5_machine_creds(void); > int gssd_refresh_krb5_machine_credential(char *hostname, > struct gssd_k5_kt_princ *ple, > - char *service, > - char *tgtname); > + char *service); > char *gssd_k5_err_msg(krb5_context context, krb5_error_code code); > void gssd_k5_get_default_realm(char **def_realm); > > ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCHv2 3/3] gssd: let tgtname override clp->servicename 2013-09-19 21:03 ` [PATCHv2 " J. Bruce Fields 2013-09-19 21:03 ` [PATCHv2 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields @ 2013-09-19 21:03 ` J. Bruce Fields 2013-09-24 19:17 ` Steve Dickson 2013-09-24 19:17 ` [PATCHv2 1/3] gssd: fix strncmp bug causing client removals Steve Dickson 2 siblings, 1 reply; 11+ messages in thread From: J. Bruce Fields @ 2013-09-19 21:03 UTC (permalink / raw) To: steved; +Cc: linux-nfs, J. Bruce Fields From: "J. Bruce Fields" <bfields@redhat.com> When the kernel provides an explicit "target=" name in the upcall, that should override the name in clp->servicename. Signed-off-by: J. Bruce Fields <bfields@redhat.com> --- utils/gssd/gssd_proc.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index 7200a78..e58c341 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -822,6 +822,7 @@ set_port: */ static int create_auth_rpc_client(struct clnt_info *clp, + char *tgtname, CLIENT **clnt_return, AUTH **auth_return, uid_t uid, @@ -926,14 +927,16 @@ create_auth_rpc_client(struct clnt_info *clp, clnt_spcreateerror(rpc_errmsg)); goto out_fail; } + if (!tgtname) + tgtname = clp->servicename; - printerr(2, "creating context with server %s\n", clp->servicename); - auth = authgss_create_default(rpc_clnt, clp->servicename, &sec); + printerr(2, "creating context with server %s\n", tgtname); + auth = authgss_create_default(rpc_clnt, tgtname, &sec); if (!auth) { /* Our caller should print appropriate message */ printerr(2, "WARNING: Failed to create krb5 context for " "user with uid %d for server %s\n", - uid, clp->servername); + uid, tgtname); goto out_fail; } @@ -1015,7 +1018,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, /* Try first to acquire credentials directly via GSSAPI */ err = gssd_acquire_user_cred(uid, &gss_cred); if (!err) - create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, + create_resp = create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid, AUTHTYPE_KRB5, gss_cred); /* if create_auth_rplc_client fails try the traditional method of * trolling for credentials */ @@ -1024,7 +1027,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, if (err == -EKEYEXPIRED) downcall_err = -EKEYEXPIRED; else if (!err) - create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, + create_resp = create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid, AUTHTYPE_KRB5, GSS_C_NO_CREDENTIAL); } } @@ -1048,7 +1051,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, } for (ccname = credlist; ccname && *ccname; ccname++) { gssd_setup_krb5_machine_gss_ccache(*ccname); - if ((create_auth_rpc_client(clp, &rpc_clnt, + if ((create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid, AUTHTYPE_KRB5, GSS_C_NO_CREDENTIAL)) == 0) { -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCHv2 3/3] gssd: let tgtname override clp->servicename 2013-09-19 21:03 ` [PATCHv2 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields @ 2013-09-24 19:17 ` Steve Dickson 0 siblings, 0 replies; 11+ messages in thread From: Steve Dickson @ 2013-09-24 19:17 UTC (permalink / raw) To: J. Bruce Fields; +Cc: linux-nfs On 19/09/13 17:03, J. Bruce Fields wrote: > From: "J. Bruce Fields" <bfields@redhat.com> > > When the kernel provides an explicit "target=" name in the upcall, that > should override the name in clp->servicename. > > Signed-off-by: J. Bruce Fields <bfields@redhat.com> Committed... steved. > --- > utils/gssd/gssd_proc.c | 15 +++++++++------ > 1 file changed, 9 insertions(+), 6 deletions(-) > > diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c > index 7200a78..e58c341 100644 > --- a/utils/gssd/gssd_proc.c > +++ b/utils/gssd/gssd_proc.c > @@ -822,6 +822,7 @@ set_port: > */ > static int > create_auth_rpc_client(struct clnt_info *clp, > + char *tgtname, > CLIENT **clnt_return, > AUTH **auth_return, > uid_t uid, > @@ -926,14 +927,16 @@ create_auth_rpc_client(struct clnt_info *clp, > clnt_spcreateerror(rpc_errmsg)); > goto out_fail; > } > + if (!tgtname) > + tgtname = clp->servicename; > > - printerr(2, "creating context with server %s\n", clp->servicename); > - auth = authgss_create_default(rpc_clnt, clp->servicename, &sec); > + printerr(2, "creating context with server %s\n", tgtname); > + auth = authgss_create_default(rpc_clnt, tgtname, &sec); > if (!auth) { > /* Our caller should print appropriate message */ > printerr(2, "WARNING: Failed to create krb5 context for " > "user with uid %d for server %s\n", > - uid, clp->servername); > + uid, tgtname); > goto out_fail; > } > > @@ -1015,7 +1018,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, > /* Try first to acquire credentials directly via GSSAPI */ > err = gssd_acquire_user_cred(uid, &gss_cred); > if (!err) > - create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, > + create_resp = create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid, > AUTHTYPE_KRB5, gss_cred); > /* if create_auth_rplc_client fails try the traditional method of > * trolling for credentials */ > @@ -1024,7 +1027,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, > if (err == -EKEYEXPIRED) > downcall_err = -EKEYEXPIRED; > else if (!err) > - create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, > + create_resp = create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid, > AUTHTYPE_KRB5, GSS_C_NO_CREDENTIAL); > } > } > @@ -1048,7 +1051,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, > } > for (ccname = credlist; ccname && *ccname; ccname++) { > gssd_setup_krb5_machine_gss_ccache(*ccname); > - if ((create_auth_rpc_client(clp, &rpc_clnt, > + if ((create_auth_rpc_client(clp, tgtname, &rpc_clnt, > &auth, uid, > AUTHTYPE_KRB5, > GSS_C_NO_CREDENTIAL)) == 0) { > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCHv2 1/3] gssd: fix strncmp bug causing client removals 2013-09-19 21:03 ` [PATCHv2 " J. Bruce Fields 2013-09-19 21:03 ` [PATCHv2 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields 2013-09-19 21:03 ` [PATCHv2 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields @ 2013-09-24 19:17 ` Steve Dickson 2 siblings, 0 replies; 11+ messages in thread From: Steve Dickson @ 2013-09-24 19:17 UTC (permalink / raw) To: J. Bruce Fields; +Cc: linux-nfs On 19/09/13 17:03, J. Bruce Fields wrote: > From: "J. Bruce Fields" <bfields@redhat.com> > > Both dirname and pdir are null-terminated strings, so there's no reason > I can see for the strncmp. > > And this gives the wrong result when comparing the "nfsd" and "nfsd4_cb" > directories! The results were callback clients being removed > immediately after creation, when lack of a client with the corresponding > name under "nfsd" lead gssd to believe it had disappeared from > "nfsd4_cb". > > Signed-off-by: J. Bruce Fields <bfields@redhat.com> Committed... steved. > --- > utils/gssd/gssd_proc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c > index 2d3dbec..0383883 100644 > --- a/utils/gssd/gssd_proc.c > +++ b/utils/gssd/gssd_proc.c > @@ -525,7 +525,7 @@ update_old_clients(struct dirent **namelist, int size, char *pdir) > /* only compare entries in the global list that are from the > * same pipefs parent directory as "pdir" > */ > - if (strncmp(clp->dirname, pdir, strlen(pdir)) != 0) continue; > + if (strcmp(clp->dirname, pdir) != 0) continue; > > stillhere = 0; > for (i=0; i < size; i++) { > ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 2/3] gssd: don't use tgtname to find our keytab 2013-09-19 20:57 nfs-utils patches for nfsv4.0 callbacks J. Bruce Fields 2013-09-19 20:57 ` [PATCH 1/3] gssd: fix strncmp bug causing client removals J. Bruce Fields @ 2013-09-19 20:57 ` J. Bruce Fields 2013-09-19 20:57 ` [PATCH 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields 2 siblings, 0 replies; 11+ messages in thread From: J. Bruce Fields @ 2013-09-19 20:57 UTC (permalink / raw) To: steved; +Cc: linux-nfs, J. Bruce Fields From: "J. Bruce Fields" <bfields@redhat.com> The tgtname is of the form service@hostname. It's not a hostname, and attempting to look it up here just causes failure of any upcall with a "target=" field (currently, any upcall on behalf of an nfsv4.0 callback). I think the theory was that knowning that target= name might help pick the right keytab, but I don't really know if that's helpful. For now, just stop trying to do this. Signed-off-by: J. Bruce Fields <bfields@redhat.com> --- utils/gssd/gssd_proc.c | 3 +-- utils/gssd/krb5_util.c | 10 +++------- utils/gssd/krb5_util.h | 3 +-- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index 0383883..7200a78 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -1035,8 +1035,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, int success = 0; do { gssd_refresh_krb5_machine_credential(clp->servername, - NULL, service, - tgtname); + NULL, service); /* * Get a list of credential cache names and try each * of them until one works or we've tried them all diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 83b9651..c6e52fd 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -1149,7 +1149,7 @@ gssd_get_krb5_machine_cred_list(char ***list) if (ple->ccname) { /* Make sure cred is up-to-date before returning it */ retval = gssd_refresh_krb5_machine_credential(NULL, ple, - NULL, NULL); + NULL); if (retval) continue; if (i + 1 > listsize) { @@ -1240,8 +1240,7 @@ gssd_destroy_krb5_machine_creds(void) int gssd_refresh_krb5_machine_credential(char *hostname, struct gssd_k5_kt_princ *ple, - char *service, - char *tgtname) + char *service) { krb5_error_code code = 0; krb5_context context; @@ -1280,10 +1279,7 @@ gssd_refresh_krb5_machine_credential(char *hostname, if (ple == NULL) { krb5_keytab_entry kte; - if (tgtname == NULL) - tgtname = hostname; - - code = find_keytab_entry(context, kt, tgtname, &kte, svcnames); + code = find_keytab_entry(context, kt, hostname, &kte, svcnames); if (code) { printerr(0, "ERROR: %s: no usable keytab entry found " "in keytab %s for connection with host %s\n", diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h index eed1294..3f0723e 100644 --- a/utils/gssd/krb5_util.h +++ b/utils/gssd/krb5_util.h @@ -31,8 +31,7 @@ void gssd_setup_krb5_machine_gss_ccache(char *servername); void gssd_destroy_krb5_machine_creds(void); int gssd_refresh_krb5_machine_credential(char *hostname, struct gssd_k5_kt_princ *ple, - char *service, - char *tgtname); + char *service); char *gssd_k5_err_msg(krb5_context context, krb5_error_code code); void gssd_k5_get_default_realm(char **def_realm); -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 3/3] gssd: let tgtname override clp->servicename 2013-09-19 20:57 nfs-utils patches for nfsv4.0 callbacks J. Bruce Fields 2013-09-19 20:57 ` [PATCH 1/3] gssd: fix strncmp bug causing client removals J. Bruce Fields 2013-09-19 20:57 ` [PATCH 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields @ 2013-09-19 20:57 ` J. Bruce Fields 2 siblings, 0 replies; 11+ messages in thread From: J. Bruce Fields @ 2013-09-19 20:57 UTC (permalink / raw) To: steved; +Cc: linux-nfs, root, J. Bruce Fields From: root <root@pip4.fieldses.org> When the kernel provides an explicit "target=" name in the upcall, that should override the name in clp->servicename. Signed-off-by: J. Bruce Fields <bfields@redhat.com> --- utils/gssd/gssd_proc.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index 7200a78..e58c341 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -822,6 +822,7 @@ set_port: */ static int create_auth_rpc_client(struct clnt_info *clp, + char *tgtname, CLIENT **clnt_return, AUTH **auth_return, uid_t uid, @@ -926,14 +927,16 @@ create_auth_rpc_client(struct clnt_info *clp, clnt_spcreateerror(rpc_errmsg)); goto out_fail; } + if (!tgtname) + tgtname = clp->servicename; - printerr(2, "creating context with server %s\n", clp->servicename); - auth = authgss_create_default(rpc_clnt, clp->servicename, &sec); + printerr(2, "creating context with server %s\n", tgtname); + auth = authgss_create_default(rpc_clnt, tgtname, &sec); if (!auth) { /* Our caller should print appropriate message */ printerr(2, "WARNING: Failed to create krb5 context for " "user with uid %d for server %s\n", - uid, clp->servername); + uid, tgtname); goto out_fail; } @@ -1015,7 +1018,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, /* Try first to acquire credentials directly via GSSAPI */ err = gssd_acquire_user_cred(uid, &gss_cred); if (!err) - create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, + create_resp = create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid, AUTHTYPE_KRB5, gss_cred); /* if create_auth_rplc_client fails try the traditional method of * trolling for credentials */ @@ -1024,7 +1027,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, if (err == -EKEYEXPIRED) downcall_err = -EKEYEXPIRED; else if (!err) - create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, + create_resp = create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid, AUTHTYPE_KRB5, GSS_C_NO_CREDENTIAL); } } @@ -1048,7 +1051,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, } for (ccname = credlist; ccname && *ccname; ccname++) { gssd_setup_krb5_machine_gss_ccache(*ccname); - if ((create_auth_rpc_client(clp, &rpc_clnt, + if ((create_auth_rpc_client(clp, tgtname, &rpc_clnt, &auth, uid, AUTHTYPE_KRB5, GSS_C_NO_CREDENTIAL)) == 0) { -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
end of thread, other threads:[~2013-09-24 19:17 UTC | newest] Thread overview: 11+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-09-19 20:57 nfs-utils patches for nfsv4.0 callbacks J. Bruce Fields 2013-09-19 20:57 ` [PATCH 1/3] gssd: fix strncmp bug causing client removals J. Bruce Fields 2013-09-19 21:00 ` J. Bruce Fields 2013-09-19 21:03 ` [PATCHv2 " J. Bruce Fields 2013-09-19 21:03 ` [PATCHv2 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields 2013-09-24 19:17 ` Steve Dickson 2013-09-19 21:03 ` [PATCHv2 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields 2013-09-24 19:17 ` Steve Dickson 2013-09-24 19:17 ` [PATCHv2 1/3] gssd: fix strncmp bug causing client removals Steve Dickson 2013-09-19 20:57 ` [PATCH 2/3] gssd: don't use tgtname to find our keytab J. Bruce Fields 2013-09-19 20:57 ` [PATCH 3/3] gssd: let tgtname override clp->servicename J. Bruce Fields
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).