From 3abf6b5223af0ccf07d217d71978ee7987acce88 Mon Sep 17 00:00:00 2001 From: Olga Kornievskaia Date: Mon, 11 Dec 2023 08:52:47 -0500 Subject: [PATCH 3/6] gssd: switch to using rpc_gss_seccreate() If available from the libtirpc library, switch to using rpc_gss_seccreate() instead of authgss_create_default() which does not expose gss error codes. Reviewed-by: Chuck Lever Signed-off-by: Olga Kornievskaia Signed-off-by: Steve Dickson --- utils/gssd/gssd_proc.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index 4fb6b72d..99761157 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -70,6 +70,9 @@ #include #include #include +#ifdef HAVE_TIRPC_GSS_SECCREATE +#include +#endif #include "gssd.h" #include "err_util.h" @@ -330,6 +333,11 @@ create_auth_rpc_client(struct clnt_info *clp, struct timeval timeout; struct sockaddr *addr = (struct sockaddr *) &clp->addr; socklen_t salen; +#ifdef HAVE_TIRPC_GSS_SECCREATE + rpc_gss_options_req_t req; + rpc_gss_options_ret_t ret; + char mechanism[] = "kerberos_v5"; +#endif pthread_t tid = pthread_self(); sec.qop = GSS_C_QOP_DEFAULT; @@ -410,7 +418,14 @@ create_auth_rpc_client(struct clnt_info *clp, printerr(3, "create_auth_rpc_client(0x%lx): creating context with server %s\n", tid, tgtname); +#ifdef HAVE_TIRPC_GSS_SECCREATE + memset(&req, 0, sizeof(req)); + req.my_cred = sec.cred; + auth = rpc_gss_seccreate(rpc_clnt, tgtname, mechanism, + rpcsec_gss_svc_none, NULL, &req, &ret); +#else auth = authgss_create_default(rpc_clnt, tgtname, &sec); +#endif if (!auth) { /* Our caller should print appropriate message */ printerr(2, "WARNING: Failed to create krb5 context for " -- 2.46.0