On 07/28/2017 04:50 PM, andros@xxxxxxxxxx wrote: > From: Andy Adamson <andros@xxxxxxxxxx> > > This results in using GSSv1, and not trying GSSv3 > > Signed-off-by: Andy Adamson <andros@xxxxxxxxxx> > --- > utils/gssd/gssd.c | 9 +++++++-- > utils/gssd/gssd.h | 1 + > utils/gssd/gssd_proc.c | 2 +- This needs a man page update... steved. > 3 files changed, 9 insertions(+), 3 deletions(-) > > diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c > index 4d18d35..58cd0b2 100644 > --- a/utils/gssd/gssd.c > +++ b/utils/gssd/gssd.c > @@ -89,6 +89,8 @@ unsigned int rpc_timeout = 5; > char *preferred_realm = NULL; > /* Avoid DNS reverse lookups on server names */ > static bool avoid_dns = true; > +/* Add gss version to downcall for GSSv3 */ > +bool use_gss_vers = true; > int thread_started = false; > pthread_mutex_t pmutex = PTHREAD_MUTEX_INITIALIZER; > pthread_cond_t pcond = PTHREAD_COND_INITIALIZER; > @@ -832,7 +834,7 @@ sig_die(int signal) > static void > usage(char *progname) > { > - fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm] [-D]\n", > + fprintf(stderr, "usage: %s [-f] [-l] [-M] [-n] [-v] [-r] [-p pipefsdir] [-k keytab] [-d ccachedir] [-t timeout] [-R preferred realm] [-D] [-G]\n", > progname); > exit(1); > } > @@ -877,7 +879,7 @@ main(int argc, char *argv[]) > if (s) > preferred_realm = s; > > - while ((opt = getopt(argc, argv, "DfvrlmnMp:k:d:t:T:R:")) != -1) { > + while ((opt = getopt(argc, argv, "DGfvrlmnMp:k:d:t:T:R:")) != -1) { > switch (opt) { > case 'f': > fg = 1; > @@ -925,6 +927,9 @@ main(int argc, char *argv[]) > case 'D': > avoid_dns = false; > break; > + case 'G': > + use_gss_vers = false; > + break; > default: > usage(argv[0]); > break; > diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h > index f4f5975..e2604c0 100644 > --- a/utils/gssd/gssd.h > +++ b/utils/gssd/gssd.h > @@ -66,6 +66,7 @@ extern pthread_mutex_t ple_lock; > extern pthread_cond_t pcond; > extern pthread_mutex_t pmutex; > extern int thread_started; > +extern bool use_gss_vers; > > struct clnt_info { > TAILQ_ENTRY(clnt_info) list; > diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c > index 689d916..f2cee58 100644 > --- a/utils/gssd/gssd_proc.c > +++ b/utils/gssd/gssd_proc.c > @@ -149,7 +149,6 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd, > char *buf = NULL, *p = NULL, *end = NULL; > unsigned int timeout = context_timeout; > unsigned int buf_size = 0; > - bool use_gss_vers = true; > > retry: > printerr(2, "doing downcall: lifetime_rec=%u acceptor=%.*s" > @@ -330,6 +329,7 @@ create_auth_rpc_client(struct clnt_info *clp, > sec.svc = RPCSEC_GSS_SVC_NONE; > sec.cred = cred; > sec.req_flags = 0; > + sec.gss_vers = use_gss_vers ? RPCSEC_GSS3_VERSION : RPCSEC_GSS_VERSION; > if (authtype == AUTHTYPE_KRB5) { > sec.mech = (gss_OID)&krb5oid; > sec.req_flags = GSS_C_MUTUAL_FLAG; > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html