On Tue, Apr 22, 2008 at 03:06:24PM -0400, Olga Kornievskaia wrote:
>
>
> J. Bruce Fields wrote:
>> On Tue, Apr 22, 2008 at 06:19:09PM +0200, Quentin Godfroy wrote:
>>
>>> Hi,
>>>
>>> I have a problem with krb5 authentification and nfsv4:
>>>
>>> basically the server is behind a NAT which over I do not have much control.
>>> To mount exported partitions I use socat on the NAT and redirect some TCP port
>>> (actually 2050 because 2049 is firewalled) to the port 2049 on the server. I
>>> can successfuly mount with auth=sys,port=2050, but I am unable to mount with
>>> kerberos authentification. The problem seems to lie within rpc.gssd which does
>>> not care for the port setting and tries to contact the server on port 2049.
>>>
>>> I suppose the same could happen with nfsv{2,3} (provided the mountd port is
>>> redirected as well)
>>>
>>> Is this a problem you were aware of?
>>>
>>> I suppose fixing it may require a change in the callback between the kernel
>>> and rpc.gssd?
>>>
>>
>> What kernel are you on? As of 2.6.24 (more specifically:
>>
>> bf19aacecbeebccb2c3d150a8bd9416b7dba81fe "nfs: add server port
>> to rpc_pipe info file"
>>
>> the kernel does give gssd the information it needs to figure out which
>> port the server is on.
>>
>> Looks to me like gssd doesn't yet use that yet, though. Olga, did you
>> have a patch to make gssd read the "port:" line from the info file?
>>
> We'll try to create a new nfs-utils-citi-all patch that includes this,
> but for now try the attached file.
I think this is ready to go upstream, too.
--b.
>
> >From 3506247fd27131c0a2f9b8ef9ad2fe794d07beac Mon Sep 17 00:00:00 2001
> From: Olga Kornievskaia <aglo@xxxxxxxxxxxxxx>
> Date: Thu, 7 Feb 2008 11:43:40 -0500
> Subject: [PATCH] gssd_read_port
>
> ---
> utils/gssd/gssd.h | 1 +
> utils/gssd/gssd_proc.c | 14 ++++++++++++--
> 2 files changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h
> index 65182a5..5d88fd8 100644
> --- a/utils/gssd/gssd.h
> +++ b/utils/gssd/gssd.h
> @@ -82,6 +82,7 @@ struct clnt_info {
> int krb5_poll_index;
> int spkm3_fd;
> int spkm3_poll_index;
> + int port;
> };
>
> void init_client_list(void);
> diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
> index 40c0b9a..c832ac6 100644
> --- a/utils/gssd/gssd_proc.c
> +++ b/utils/gssd/gssd_proc.c
> @@ -102,7 +102,7 @@ int pollsize; /* the size of pollaray (in pollfd's) */
> /* XXX buffer problems: */
> static int
> read_service_info(char *info_file_name, char **servicename, char **servername,
> - int *prog, int *vers, char **protocol) {
> + int *prog, int *vers, char **protocol, int *port) {
> #define INFOBUFLEN 256
> char buf[INFOBUFLEN];
> static char dummy[128];
> @@ -112,6 +112,8 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
> char program[16];
> char version[16];
> char protoname[16];
> + char cb_port[128];
> + char *p;
> in_addr_t inaddr;
> int fd = -1;
> struct hostent *ent = NULL;
> @@ -143,6 +145,10 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
> goto fail;
> }
>
> + cb_port[0] = '\0';
> + if ((p = strstr(buf, "port")) != NULL)
> + sscanf(p, "port: %127s\n", cb_port);
> +
> /* check service, program, and version */
> if (memcmp(service, "nfs", 3))
> return -1;
> @@ -171,6 +177,8 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
> if (!(*servicename = calloc(strlen(buf) + 1, 1)))
> goto fail;
> memcpy(*servicename, buf, strlen(buf));
> + if (cb_port[0] != '\0')
> + *port = atoi(cb_port);
>
> if (!(*protocol = strdup(protoname)))
> goto fail;
> @@ -246,7 +254,7 @@ process_clnt_dir_files(struct clnt_info * clp)
> if ((clp->servicename == NULL) &&
> read_service_info(info_file_name, &clp->servicename,
> &clp->servername, &clp->prog, &clp->vers,
> - &clp->protocol))
> + &clp->protocol, &clp->port))
> return -1;
> return 0;
> }
> @@ -628,6 +636,8 @@ int create_auth_rpc_client(struct clnt_info *clp,
> clp->servername, uid);
> goto out_fail;
> }
> + if (clp->port)
> + ((struct sockaddr_in *)a->ai_addr)->sin_port = htons(clp->port);
> if (a->ai_protocol == IPPROTO_TCP) {
> if ((rpc_clnt = clnttcp_create(
> (struct sockaddr_in *) a->ai_addr,
> --
> 1.5.3.7
>
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
