rpm/nfs-utils
SHA256
1
0
Fork 0
forked from pool/nfs-utils
Code Pull Requests Activity
nfs-utils/0001-gssd-revert-commit-a5f3b7ccb01c.patch
Dirk Mueller 99d3e0d9fa - add 0001-gssd-revert-commit-a5f3b7ccb01c.patch, 
0002-gssd-revert-commit-513630d720bd.patch,
  0003-gssd-switch-to-using-rpc_gss_seccreate.patch,
  0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch,
  0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch,
  0006-configure-check-for-rpc_gss_seccreate.patch: fixes for
  libtirpc 1.3.5
- drop reenable-nfsv2.patch (poo#106679)
  Fix crash when rpc-gssd run with -v.
- Replace references to /var/adm/fillup-templates with new
  options.
- do not strip the binaries
- mkinitrd-boot.sh: allow other mkinitrd-setup
- nfs-utils-eperm-fallback.patch:  mount.nfs
  Includes new config file: /etc/nfsmount.conf and
- Kill processes on NFS mounts when unmounting
  bnc#442490
  * fix typo in handling of "init.d/nfs status"
- nfs.init:
  * unmount rpc_pipefs
- fix sysconfig filename for changed fillup call
   services (gssd and idmpad have been rolled in to nfs/nfsserver).
- remove svcinfo.d dir as it is provided now by filesystem
- update to version 1.1.2
- uses libgssglue instead of libgssapi
- add rpcbind support [fate#300607]
- added gssapi to buildrequires
  (#116355)
  showmount has been removed there (#309782)
- added README.NFSv4 (#182775)

OBS-URL: https://build.opensuse.org/package/show/Base:System/nfs-utils?expand=0&rev=285
2024-08-20 20:22:12 +00:00

100 lines
3.3 KiB
Diff
Raw Blame History

From 20c0797937e9ec43a78a2f5475d4296897f8c537 Mon Sep 17 00:00:00 2001
From: Olga Kornievskaia <kolga@netapp.com>
Date: Mon, 11 Dec 2023 08:46:35 -0500
Subject: [PATCH 1/6] gssd: revert commit a5f3b7ccb01c
In preparation for using rpc_gss_seccreate() function, revert commit
a5f3b7ccb01c "gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user
credentials"
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/gssd/gssd_proc.c | 2 --
utils/gssd/krb5_util.c | 42 ------------------------------------------
utils/gssd/krb5_util.h | 1 -
3 files changed, 45 deletions(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index a96647df..e5cc1d98 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -419,8 +419,6 @@ create_auth_rpc_client(struct clnt_info *clp,
if (cred == GSS_C_NO_CREDENTIAL)
retval = gssd_refresh_krb5_machine_credential(clp->servername,
"*", NULL, 1);
- else
- retval = gssd_k5_remove_bad_service_cred(clp->servername);
if (!retval) {
auth = authgss_create_default(rpc_clnt, tgtname,
&sec);
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 6f66ef4f..f6ce1fec 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1553,48 +1553,6 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
return ret;
}
-/* Removed a service ticket for nfs/<name> from the ticket cache
- */
-int
-gssd_k5_remove_bad_service_cred(char *name)
-{
- krb5_creds in_creds, out_creds;
- krb5_error_code ret;
- krb5_context context;
- krb5_ccache cache;
- krb5_principal principal;
- int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
- char srvname[1024];
-
- ret = krb5_init_context(&context);
- if (ret)
- goto out_cred;
- ret = krb5_cc_default(context, &cache);
- if (ret)
- goto out_free_context;
- ret = krb5_cc_get_principal(context, cache, &principal);
- if (ret)
- goto out_close_cache;
- memset(&in_creds, 0, sizeof(in_creds));
- in_creds.client = principal;
- sprintf(srvname, "nfs/%s", name);
- ret = krb5_parse_name(context, srvname, &in_creds.server);
- if (ret)
- goto out_free_principal;
- ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
- if (ret)
- goto out_free_principal;
- ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
-out_free_principal:
- krb5_free_principal(context, principal);
-out_close_cache:
- krb5_cc_close(context, cache);
-out_free_context:
- krb5_free_context(context);
-out_cred:
- return ret;
-}
-
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
/*
* this routine obtains a credentials handle via gss_acquire_cred()
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index 7ef87018..62c91a0e 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -22,7 +22,6 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
void gssd_k5_get_default_realm(char **def_realm);
int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
-int gssd_k5_remove_bad_service_cred(char *srvname);
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
extern int limit_to_legacy_enctypes;
--
2.46.0
View Git Blame Copy Permalink