diff options
| author | neilbrown <neilbrown> | 2006-03-28 00:48:27 +0000 |
|---|---|---|
| committer | neilbrown <neilbrown> | 2006-03-28 00:48:27 +0000 |
| commit | 2ca793c93c09d0bc180b8eed9819206fd42aff21 (patch) | |
| tree | f2178bfa004750e9b56d8330949a1be7f36bd657 | |
| parent | 4ce79c4ef9d40b9df12e1f55c2fbb7a75744052c (diff) | |
| download | nfs-utils-2ca793c93c09d0bc180b8eed9819206fd42aff21.tar.gz | |
Update krb5 code to use glue routine lucid context functions
The gssd code should not know about the glue layer's context structure.
A previous patch added gss_export_lucid_sec_context() and
gss_free_lucid_sec_context() functions to the gssapi glue layer.
Use these functions rather than calling directly to the Kerberos
gssapi code (which requires the Kerberos context handle rather
than the glue's context handle).
(really this time)
| -rw-r--r-- | ChangeLog | 14 | ||||
| -rw-r--r-- | utils/gssd/context.c | 16 | ||||
| -rw-r--r-- | utils/gssd/context.h | 3 | ||||
| -rw-r--r-- | utils/gssd/context_mit.c | 23 | ||||
| -rw-r--r-- | utils/gssd/gssd_proc.c | 4 | ||||
| -rw-r--r-- | utils/gssd/svcgssd_proc.c | 2 |
6 files changed, 43 insertions, 19 deletions
@@ -1,4 +1,18 @@ 2006-03-28 kwc@citi.umich.edu + Update krb5 code to use glue routine lucid context functions + + + + The gssd code should not know about the glue layer's context structure. + A previous patch added gss_export_lucid_sec_context() and + gss_free_lucid_sec_context() functions to the gssapi glue layer. + Use these functions rather than calling directly to the Kerberos + gssapi code (which requires the Kerberos context handle rather + than the glue's context handle). + + (really this time) + +2006-03-28 kwc@citi.umich.edu Separate out context handling code for MIT Kerberos and SPKM3 into their own file. diff --git a/utils/gssd/context.c b/utils/gssd/context.c index 02d162f..4bab3e7 100644 --- a/utils/gssd/context.c +++ b/utils/gssd/context.c @@ -41,19 +41,19 @@ #include "context.h" int -serialize_context_for_kernel(gss_ctx_id_t ctx, gss_buffer_desc *buf) +serialize_context_for_kernel(gss_ctx_id_t ctx, + gss_buffer_desc *buf, + gss_OID mech) { - gss_union_ctx_id_t uctx = (gss_union_ctx_id_t)ctx; - - if (g_OID_equal(&krb5oid, uctx->mech_type)) - return serialize_krb5_ctx(uctx->internal_ctx_id, buf); + if (g_OID_equal(&krb5oid, mech)) + return serialize_krb5_ctx(ctx, buf); #ifdef HAVE_SPKM3_H - else if (g_OID_equal(&spkm3oid, uctx->mech_type)) - return serialize_spkm3_ctx(uctx, buf); + else if (g_OID_equal(&spkm3oid, mech)) + return serialize_spkm3_ctx(ctx, buf); #endif else { printerr(0, "ERROR: attempting to serialize context with " - "unknown mechanism oid\n"); + "unknown/unsupported mechanism oid\n"); return -1; } } diff --git a/utils/gssd/context.h b/utils/gssd/context.h index b296539..2c9396a 100644 --- a/utils/gssd/context.h +++ b/utils/gssd/context.h @@ -33,7 +33,8 @@ #include <rpc/rpc.h> -int serialize_context_for_kernel(gss_ctx_id_t ctx, gss_buffer_desc *buf); +int serialize_context_for_kernel(gss_ctx_id_t ctx, gss_buffer_desc *buf, + gss_OID mech); int serialize_spkm3_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf); int serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf); diff --git a/utils/gssd/context_mit.c b/utils/gssd/context_mit.c index 0af92a3..ba94fd8 100644 --- a/utils/gssd/context_mit.c +++ b/utils/gssd/context_mit.c @@ -232,10 +232,13 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf) int retcode = 0; printerr(2, "DEBUG: serialize_krb5_ctx: lucid version!\n"); - maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx, - 1, &return_ctx); - if (maj_stat != GSS_S_COMPLETE) + maj_stat = gss_export_lucid_sec_context(&min_stat, ctx, + 1, &return_ctx); + if (maj_stat != GSS_S_COMPLETE) { + pgsserr("gss_export_lucid_sec_context", + maj_stat, min_stat, &krb5oid); goto out_err; + } /* Check the version returned, we only support v1 right now */ vers = ((gss_krb5_lucid_context_version_t *)return_ctx)->version; @@ -256,12 +259,18 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss_buffer_desc *buf) else retcode = prepare_krb5_rfc_cfx_buffer(lctx, buf); - maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, - (void *)lctx); - if (maj_stat != GSS_S_COMPLETE) + maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx); + if (maj_stat != GSS_S_COMPLETE) { + pgsserr("gss_export_lucid_sec_context", + maj_stat, min_stat, &krb5oid); printerr(0, "WARN: failed to free lucid sec context\n"); - if (retcode) + } + + if (retcode) { + printerr(1, "serialize_krb5_ctx: prepare_krb5_*_buffer " + "failed (retcode = %d)\n", retcode); goto out_err; + } return 0; diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index f2907c9..4c3d85d 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -688,7 +688,7 @@ handle_krb5_upcall(struct clnt_info *clp) goto out_return_error; } - if (serialize_context_for_kernel(pd.pd_ctx, &token)) { + if (serialize_context_for_kernel(pd.pd_ctx, &token, &krb5oid)) { printerr(0, "WARNING: Failed to serialize krb5 context for " "user with uid %d for server %s\n", uid, clp->servername); @@ -743,7 +743,7 @@ handle_spkm3_upcall(struct clnt_info *clp) goto out_return_error; } - if (serialize_context_for_kernel(pd.pd_ctx, &token)) { + if (serialize_context_for_kernel(pd.pd_ctx, &token, &spkm3oid)) { printerr(0, "WARNING: Failed to serialize spkm3 context for " "user with uid %d for server\n", uid, clp->servername); diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c index b43a023..fd1076e 100644 --- a/utils/gssd/svcgssd_proc.c +++ b/utils/gssd/svcgssd_proc.c @@ -365,7 +365,7 @@ handle_nullreq(FILE *f) { /* kernel needs ctx to calculate verifier on null response, so * must give it context before doing null call: */ - if (serialize_context_for_kernel(ctx, &ctx_token)) { + if (serialize_context_for_kernel(ctx, &ctx_token, mech)) { printerr(0, "WARNING: handle_nullreq: " "serialize_context_for_kernel failed\n"); maj_stat = GSS_S_FAILURE; |