Add the -h option to rpc.svcgssd to allow the hostname to be overridden.
This is useful in clustered configurations using NVSv4 and Kerberos to
ensure the hostname is set to the service name of the cluster.
Signed-off-by: Leigh Brown <leigh@xxxxxxxxxxxxx>
---
systemd/nfs.conf.man | 4 +++-
utils/gssd/gss_util.c | 21 +++++++++++++++++++++
utils/gssd/krb5_util.c | 2 +-
utils/gssd/svcgssd.c | 14 ++++++++++++--
utils/gssd/svcgssd.man | 10 +++++++++-
5 files changed, 46 insertions(+), 5 deletions(-)
diff --git a/systemd/nfs.conf.man b/systemd/nfs.conf.man
index 189b052..08ca8c2 100644
--- a/systemd/nfs.conf.man
+++ b/systemd/nfs.conf.man
@@ -228,7 +228,9 @@ for details.
.TP
.B svcgssd
Recognized values:
-.BR principal .
+.BR principal
+and
+.BR hostname .
See
.BR rpc.svcgssd (8)
diff --git a/utils/gssd/gss_util.c b/utils/gssd/gss_util.c
index 2e6d40f..9966a06 100644
--- a/utils/gssd/gss_util.c
+++ b/utils/gssd/gss_util.c
@@ -339,3 +339,24 @@ out:
return retval;
}
+static char *gssd_hostname = NULL;
+
+int gssd_gethostname(char *name, size_t len)
+{
+ if (gssd_hostname) {
+ strncpy(name, gssd_hostname, len);
+ return 0;
+ }
+ else
+ return gethostname(name, len);
+}
+
+/* NB: Different semantics to sethostname(2) */
+int gssd_sethostname(const char *name)
+{
+ if (gssd_hostname)
+ free(gssd_hostname);
+
+ gssd_hostname = strdup(name);
+ return gssd_hostname ? 0 : ENOMEM;
+}
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index b64818a..a9b84ee 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -785,7 +785,7 @@ find_keytab_entry(krb5_context context, krb5_keytab
kt, const char *tgtname,
goto out;
/* Get full local hostname */
- if (gethostname(myhostname, sizeof(myhostname)) == -1) {
+ if (gssd_gethostname(myhostname, sizeof(myhostname)) == -1) {
retval = errno;
k5err = gssd_k5_err_msg(context, retval);
printerr(1, "%s while getting local hostname\n", k5err);
diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c
index 3514ae1..62f8973 100644
--- a/utils/gssd/svcgssd.c
+++ b/utils/gssd/svcgssd.c
@@ -82,7 +82,8 @@ sig_hup(int signal)
static void
usage(char *progname)
{
- fprintf(stderr, "usage: %s [-n] [-f] [-v] [-r] [-i] [-p principal]\n",
+ fprintf(stderr, "usage: %s [-n] [-f] [-v] [-r] [-i] [-h hostname] "
+ "[-p principal]\n",
progname);
exit(1);
}
@@ -111,7 +112,13 @@ main(int argc, char *argv[])
else
principal = s;
- while ((opt = getopt(argc, argv, "fivrnp:")) != -1) {
+ s = conf_get_str("svcgssd", "hostname");
+ if (!s)
+ ;
+ else
+ gssd_sethostname(s);
+
+ while ((opt = getopt(argc, argv, "fivrnp:h:")) != -1) {
switch (opt) {
case 'f':
fg = 1;
@@ -131,6 +138,9 @@ main(int argc, char *argv[])
case 'p':
principal = optarg;
break;
+ case 'h':
+ gssd_sethostname(optarg);
+ break;
default:
usage(argv[0]);
break;
diff --git a/utils/gssd/svcgssd.man b/utils/gssd/svcgssd.man
index 15ef4c9..744cab7 100644
--- a/utils/gssd/svcgssd.man
+++ b/utils/gssd/svcgssd.man
@@ -6,7 +6,7 @@
.SH NAME
rpc.svcgssd \- server-side rpcsec_gss daemon
.SH SYNOPSIS
-.B "rpc.svcgssd [-n] [-v] [-r] [-i] [-f] [-p principal]"
+.B "rpc.svcgssd [-n] [-v] [-r] [-i] [-f] [-h hostname] [-p principal]"
.SH DESCRIPTION
The rpcsec_gss protocol gives a means of using the gss-api generic
security
api to provide security for protocols using rpc (in particular, nfs).
Before
@@ -36,6 +36,9 @@ increases the verbosity of the output (can be
specified multiple times).
If the nfsidmap library supports setting debug level,
increases the verbosity of the output (can be specified multiple
times).
.TP
+.B -h
+Use \fIhostname\fR instead of the default hostname.
+.TP
.B -p
Use \fIprincipal\fR instead of the default
.RI nfs/ FQDN @ REALM .
@@ -61,6 +64,11 @@ this is equivalent to the
option. If set to any other value, that is used like the
.B -p
option.
+.TP
+.B hostname
+This is equivalent to the
+.B -h
+option.
.SH SEE ALSO
.BR rpc.gssd(8),
--
2.11.0
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
