87d204f4e2
on `nogroup` from this package OBS-URL: https://build.opensuse.org/package/show/Base:System/nfs-utils?expand=0&rev=289
100 lines
3.3 KiB
Diff
100 lines
3.3 KiB
Diff
From 20c0797937e9ec43a78a2f5475d4296897f8c537 Mon Sep 17 00:00:00 2001
|
|
From: Olga Kornievskaia <kolga@netapp.com>
|
|
Date: Mon, 11 Dec 2023 08:46:35 -0500
|
|
Subject: [PATCH 1/6] gssd: revert commit a5f3b7ccb01c
|
|
|
|
In preparation for using rpc_gss_seccreate() function, revert commit
|
|
a5f3b7ccb01c "gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user
|
|
credentials"
|
|
|
|
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
|
|
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
|
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
---
|
|
utils/gssd/gssd_proc.c | 2 --
|
|
utils/gssd/krb5_util.c | 42 ------------------------------------------
|
|
utils/gssd/krb5_util.h | 1 -
|
|
3 files changed, 45 deletions(-)
|
|
|
|
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
|
|
index a96647df..e5cc1d98 100644
|
|
--- a/utils/gssd/gssd_proc.c
|
|
+++ b/utils/gssd/gssd_proc.c
|
|
@@ -419,8 +419,6 @@ create_auth_rpc_client(struct clnt_info *clp,
|
|
if (cred == GSS_C_NO_CREDENTIAL)
|
|
retval = gssd_refresh_krb5_machine_credential(clp->servername,
|
|
"*", NULL, 1);
|
|
- else
|
|
- retval = gssd_k5_remove_bad_service_cred(clp->servername);
|
|
if (!retval) {
|
|
auth = authgss_create_default(rpc_clnt, tgtname,
|
|
&sec);
|
|
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
|
|
index 6f66ef4f..f6ce1fec 100644
|
|
--- a/utils/gssd/krb5_util.c
|
|
+++ b/utils/gssd/krb5_util.c
|
|
@@ -1553,48 +1553,6 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
|
|
return ret;
|
|
}
|
|
|
|
-/* Removed a service ticket for nfs/<name> from the ticket cache
|
|
- */
|
|
-int
|
|
-gssd_k5_remove_bad_service_cred(char *name)
|
|
-{
|
|
- krb5_creds in_creds, out_creds;
|
|
- krb5_error_code ret;
|
|
- krb5_context context;
|
|
- krb5_ccache cache;
|
|
- krb5_principal principal;
|
|
- int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
|
|
- char srvname[1024];
|
|
-
|
|
- ret = krb5_init_context(&context);
|
|
- if (ret)
|
|
- goto out_cred;
|
|
- ret = krb5_cc_default(context, &cache);
|
|
- if (ret)
|
|
- goto out_free_context;
|
|
- ret = krb5_cc_get_principal(context, cache, &principal);
|
|
- if (ret)
|
|
- goto out_close_cache;
|
|
- memset(&in_creds, 0, sizeof(in_creds));
|
|
- in_creds.client = principal;
|
|
- sprintf(srvname, "nfs/%s", name);
|
|
- ret = krb5_parse_name(context, srvname, &in_creds.server);
|
|
- if (ret)
|
|
- goto out_free_principal;
|
|
- ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
|
|
- if (ret)
|
|
- goto out_free_principal;
|
|
- ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
|
|
-out_free_principal:
|
|
- krb5_free_principal(context, principal);
|
|
-out_close_cache:
|
|
- krb5_cc_close(context, cache);
|
|
-out_free_context:
|
|
- krb5_free_context(context);
|
|
-out_cred:
|
|
- return ret;
|
|
-}
|
|
-
|
|
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
|
/*
|
|
* this routine obtains a credentials handle via gss_acquire_cred()
|
|
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
|
|
index 7ef87018..62c91a0e 100644
|
|
--- a/utils/gssd/krb5_util.h
|
|
+++ b/utils/gssd/krb5_util.h
|
|
@@ -22,7 +22,6 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
|
|
void gssd_k5_get_default_realm(char **def_realm);
|
|
|
|
int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
|
|
-int gssd_k5_remove_bad_service_cred(char *srvname);
|
|
|
|
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
|
|
extern int limit_to_legacy_enctypes;
|
|
--
|
|
2.46.0
|
|
|