From: Andy Adamson <andros@xxxxxxxxxx>
Pass gss version to authgss_create
If version 3 fails, fall back to version 1
Signed-off-by: Andy Adamson <andros@xxxxxxxxxx>
---
autogen.sh | 0
src/auth_gss.c | 19 +++++++++++++++----
tirpc/rpc/auth_gss.h | 8 +++++++-
3 files changed, 22 insertions(+), 5 deletions(-)
mode change 100644 => 100755 autogen.sh
diff --git a/autogen.sh b/autogen.sh
old mode 100644
new mode 100755
diff --git a/src/auth_gss.c b/src/auth_gss.c
index cf96ada..8f3da2c 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -132,6 +132,7 @@ char *p;
fprintf(stderr, " qop: %d\n", ptr->qop);
fprintf(stderr, " service: %d\n", ptr->svc);
fprintf(stderr, " cred: %p\n", ptr->cred);
+ fprintf(stderr, " gss version: %d\n", ptr->gss_vers);
}
struct rpc_gss_data {
@@ -156,9 +157,14 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
AUTH *auth, *save_auth;
struct rpc_gss_data *gd;
OM_uint32 min_stat = 0;
+ int vers;
gss_log_debug("in authgss_create()");
+ /* Old gssd versions do not set gss_vers */
+ vers = sec->gss_vers == 0 ? RPCSEC_GSS_VERSION : sec->gss_vers;
+
+retry_gssv1:
memset(&rpc_createerr, 0, sizeof(rpc_createerr));
if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
@@ -190,7 +196,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
gd->ctx = GSS_C_NO_CONTEXT;
gd->sec = *sec;
- gd->gc.gc_v = RPCSEC_GSS_VERSION;
+ gd->gc.gc_v = vers;
gd->gc.gc_proc = RPCSEC_GSS_INIT;
gd->gc.gc_svc = gd->sec.svc;
@@ -200,9 +206,13 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
save_auth = clnt->cl_auth;
clnt->cl_auth = auth;
- if (!authgss_refresh(auth, NULL))
- auth = NULL;
- else
+ if (!authgss_refresh(auth, NULL)) {
+ if (vers == RPCSEC_GSS3_VERSION) {
+ vers = RPCSEC_GSS_VERSION;
+ goto retry_gssv1;
+ } else
+ auth = NULL;
+ } else
auth_get(auth); /* Reference for caller */
clnt->cl_auth = save_auth;
@@ -263,6 +273,7 @@ authgss_get_private_data(AUTH *auth, struct authgss_private_data *pd)
pd->pd_ctx = gd->ctx;
pd->pd_ctx_hndl = gd->gc.gc_ctx;
pd->pd_seq_win = gd->win;
+ pd->pd_gss_vers = gd->gc.gc_v;
/*
* We've given this away -- don't try to use it ourself any more
* Caller should call authgss_free_private_data to free data.
diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h
index a17b34b..a311e08 100644
--- a/tirpc/rpc/auth_gss.h
+++ b/tirpc/rpc/auth_gss.h
@@ -45,7 +45,10 @@ typedef enum {
RPCSEC_GSS_DATA = 0,
RPCSEC_GSS_INIT = 1,
RPCSEC_GSS_CONTINUE_INIT = 2,
- RPCSEC_GSS_DESTROY = 3
+ RPCSEC_GSS_DESTROY = 3,
+ RPCSEC_GSS_BIND_CHANNEL = 4, /* GSSv2, not used */
+ RPCSEC_GSS_CREATE = 5, /* GSSv3 */
+ RPCSEC_GSS_LIST = 6 /* GSSv3 */
} rpc_gss_proc_t;
/* RPCSEC_GSS services. */
@@ -56,6 +59,7 @@ typedef enum {
} rpc_gss_svc_t;
#define RPCSEC_GSS_VERSION 1
+#define RPCSEC_GSS3_VERSION 3
/* RPCSEC_GSS security triple. */
struct rpc_gss_sec {
@@ -64,6 +68,7 @@ struct rpc_gss_sec {
rpc_gss_svc_t svc; /* service */
gss_cred_id_t cred; /* cred handle */
u_int req_flags; /* req flags for init_sec_context */
+ int gss_vers; /* highest supported gss version */
};
/* Private data required for kernel implementation */
@@ -71,6 +76,7 @@ struct authgss_private_data {
gss_ctx_id_t pd_ctx; /* Session context handle */
gss_buffer_desc pd_ctx_hndl; /* Credentials context handle */
u_int pd_seq_win; /* Sequence window */
+ u_int pd_gss_vers; /* RPCSEC_GSS version */
};
#define g_OID_equal(o1, o2) \
--
1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
