[3/6] gssd: switch to using rpc_gss_seccreate()

Message ID	20231206213332.55565-4-olga.kornievskaia@gmail.com (mailing list archive)
State	New, archived
Headers	show Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YSg3uRtv" From: Olga Kornievskaia <olga.kornievskaia@gmail.com> To: steved@redhat.com Cc: linux-nfs@vger.kernel.org, chuck.lever@oracle.com Subject: [PATCH 3/6] gssd: switch to using rpc_gss_seccreate() Date: Wed, 6 Dec 2023 16:33:29 -0500 Message-Id: <20231206213332.55565-4-olga.kornievskaia@gmail.com> In-Reply-To: <20231206213332.55565-1-olga.kornievskaia@gmail.com> References: <20231206213332.55565-1-olga.kornievskaia@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	nfs-utils: handle BAD_INTEGRITY ERROR \| expand [0/6] nfs-utils: handle BAD_INTEGRITY ERROR [1/6] gssd: revert commit a5f3b7ccb01c [2/6] gssd: revert commit 513630d720bd [3/6] gssd: switch to using rpc_gss_seccreate() [4/6] gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials [5/6] gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user credentials [6/6] configure: check for rpc_gss_seccreate

Message ID

20231206213332.55565-4-olga.kornievskaia@gmail.com (mailing list archive)

State

New, archived

Headers

From: Olga Kornievskaia <olga.kornievskaia@gmail.com>
To: steved@redhat.com
Cc: linux-nfs@vger.kernel.org,
	chuck.lever@oracle.com
Subject: [PATCH 3/6] gssd: switch to using rpc_gss_seccreate()
Date: Wed,  6 Dec 2023 16:33:29 -0500
Message-Id: <20231206213332.55565-4-olga.kornievskaia@gmail.com>
In-Reply-To: <20231206213332.55565-1-olga.kornievskaia@gmail.com>
References: <20231206213332.55565-1-olga.kornievskaia@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

nfs-utils: handle BAD_INTEGRITY ERROR | expand

Commit Message

Olga Kornievskaia Dec. 6, 2023, 9:33 p.m. UTC

From: Olga Kornievskaia <kolga@netapp.com>

If available from the libtirpc library, switch to using
rpc_gss_seccreate() instead of authgss_create_default() which does not
expose gss error codes.

Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
---
 utils/gssd/gssd_proc.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 4fb6b72d..99761157 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -70,6 +70,9 @@ 
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <syscall.h>
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+#include <rpc/rpcsec_gss.h>
+#endif
 
 #include "gssd.h"
 #include "err_util.h"
@@ -330,6 +333,11 @@  create_auth_rpc_client(struct clnt_info *clp,
 	struct timeval	timeout;
 	struct sockaddr		*addr = (struct sockaddr *) &clp->addr;
 	socklen_t		salen;
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+	rpc_gss_options_req_t	req;
+	rpc_gss_options_ret_t	ret;
+	char			mechanism[] = "kerberos_v5";
+#endif
 	pthread_t tid = pthread_self();
 
 	sec.qop = GSS_C_QOP_DEFAULT;
@@ -410,7 +418,14 @@  create_auth_rpc_client(struct clnt_info *clp,
 
 	printerr(3, "create_auth_rpc_client(0x%lx): creating context with server %s\n", 
 		tid, tgtname);
+#ifdef HAVE_TIRPC_GSS_SECCREATE
+	memset(&req, 0, sizeof(req));
+	req.my_cred = sec.cred;
+	auth = rpc_gss_seccreate(rpc_clnt, tgtname, mechanism,
+			rpcsec_gss_svc_none, NULL, &req, &ret);
+#else
 	auth = authgss_create_default(rpc_clnt, tgtname, &sec);
+#endif
 	if (!auth) {
 		/* Our caller should print appropriate message */
 		printerr(2, "WARNING: Failed to create krb5 context for "

[3/6] gssd: switch to using rpc_gss_seccreate()

Commit Message

Patch