From: Steve Dickson <steved@redhat.com>
To: Olga Kornievskaia <olga.kornievskaia@gmail.com>
Cc: linux-nfs@vger.kernel.org,
libtirpc <libtirpc-devel@lists.sourceforge.net>
Subject: Re: [PATCH v2 1/1] gss-api: expose gss major/minor error in authgss_refresh()
Date: Sat, 7 Oct 2023 07:00:23 -0400 [thread overview]
Message-ID: <2e43a00c-fc85-597a-c43a-1b46b2b39d49@redhat.com> (raw)
In-Reply-To: <20231004173240.46924-2-olga.kornievskaia@gmail.com>
On 10/4/23 1:32 PM, Olga Kornievskaia wrote:
> From: Olga Kornievskaia <kolga@netapp.com>
>
> When the client calls into the libtirpc to establish security
> context, the errors that occurred are squashed. Instead, extend
> authgss_refresh to propagate back the gss major/minor error
> codes to the caller.
>
> --- v2 fix a compiler warning reported by Steve Dickson
>
> Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Committed... (tag libtirpc-1-3-4-rc3)
steved
> ---
> src/auth_gss.c | 14 ++++++++------
> tirpc/rpc/auth_gss.h | 2 ++
> 2 files changed, 10 insertions(+), 6 deletions(-)
>
> diff --git a/src/auth_gss.c b/src/auth_gss.c
> index e317664..3127b92 100644
> --- a/src/auth_gss.c
> +++ b/src/auth_gss.c
> @@ -184,6 +184,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
> AUTH *auth, *save_auth;
> struct rpc_gss_data *gd;
> OM_uint32 min_stat = 0;
> + rpc_gss_options_ret_t ret;
>
> gss_log_debug("in authgss_create()");
>
> @@ -229,8 +230,12 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
> save_auth = clnt->cl_auth;
> clnt->cl_auth = auth;
>
> - if (!authgss_refresh(auth, NULL))
> + memset(&ret, 0, sizeof(rpc_gss_options_ret_t));
> + if (!authgss_refresh(auth, &ret)) {
> auth = NULL;
> + sec->major_status = ret.major_status;
> + sec->minor_status = ret.minor_status;
> + }
> else
> authgss_auth_get(auth); /* Reference for caller */
>
> @@ -619,12 +624,9 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
> }
>
> static bool_t
> -authgss_refresh(AUTH *auth, void *dummy)
> +authgss_refresh(AUTH *auth, void *ret)
> {
> - rpc_gss_options_ret_t ret;
> -
> - memset(&ret, 0, sizeof(ret));
> - return _rpc_gss_refresh(auth, &ret);
> + return _rpc_gss_refresh(auth, (rpc_gss_options_ret_t *)ret);
> }
>
> bool_t
> diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h
> index f2af6e9..a530d42 100644
> --- a/tirpc/rpc/auth_gss.h
> +++ b/tirpc/rpc/auth_gss.h
> @@ -64,6 +64,8 @@ struct rpc_gss_sec {
> rpc_gss_svc_t svc; /* service */
> gss_cred_id_t cred; /* cred handle */
> u_int req_flags; /* req flags for init_sec_context */
> + int major_status;
> + int minor_status;
> };
>
> /* Private data required for kernel implementation */
next prev parent reply other threads:[~2023-10-07 11:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-04 17:32 [PATCH v2 0/3] nfs-utils: gssd support for KRB5_AP_ERR_BAD_INTEGRITY Olga Kornievskaia
2023-10-04 17:32 ` [PATCH v2 1/1] gss-api: expose gss major/minor error in authgss_refresh() Olga Kornievskaia
2023-10-07 11:00 ` Steve Dickson [this message]
2023-10-04 17:32 ` [PATCH 1/3] nfs-utils: gssd: enable forcing cred renewal using the keytab Olga Kornievskaia
2023-10-04 17:32 ` [PATCH 1/1] gssd: fix handling DNS lookup failure Olga Kornievskaia
2023-10-04 17:32 ` [PATCH 2/3] nfs-utils: gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials Olga Kornievskaia
2023-10-04 17:32 ` [PATCH 3/3] nfs-utils: gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user credentials Olga Kornievskaia
2023-10-16 16:15 ` [PATCH v2 0/3] nfs-utils: gssd support for KRB5_AP_ERR_BAD_INTEGRITY Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2e43a00c-fc85-597a-c43a-1b46b2b39d49@redhat.com \
--to=steved@redhat.com \
--cc=libtirpc-devel@lists.sourceforge.net \
--cc=linux-nfs@vger.kernel.org \
--cc=olga.kornievskaia@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).