From: Olga Kornievskaia <[email protected]>
Revert commit f5b6e6fdb1e6 "gss-api: expose gss major/minor error in
authgss_refresh()".
Instead of modifying existing api, use rpc_gss_seccreate() which exposes
the error values.
Signed-off-by: Olga Kornievskaia <[email protected]>
---
src/auth_gss.c | 14 ++++++--------
tirpc/rpc/auth_gss.h | 2 --
2 files changed, 6 insertions(+), 10 deletions(-)
diff --git a/src/auth_gss.c b/src/auth_gss.c
index 3127b92..e317664 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -184,7 +184,6 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
AUTH *auth, *save_auth;
struct rpc_gss_data *gd;
OM_uint32 min_stat = 0;
- rpc_gss_options_ret_t ret;
gss_log_debug("in authgss_create()");
@@ -230,12 +229,8 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
save_auth = clnt->cl_auth;
clnt->cl_auth = auth;
- memset(&ret, 0, sizeof(rpc_gss_options_ret_t));
- if (!authgss_refresh(auth, &ret)) {
+ if (!authgss_refresh(auth, NULL))
auth = NULL;
- sec->major_status = ret.major_status;
- sec->minor_status = ret.minor_status;
- }
else
authgss_auth_get(auth); /* Reference for caller */
@@ -624,9 +619,12 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
}
static bool_t
-authgss_refresh(AUTH *auth, void *ret)
+authgss_refresh(AUTH *auth, void *dummy)
{
- return _rpc_gss_refresh(auth, (rpc_gss_options_ret_t *)ret);
+ rpc_gss_options_ret_t ret;
+
+ memset(&ret, 0, sizeof(ret));
+ return _rpc_gss_refresh(auth, &ret);
}
bool_t
diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h
index a530d42..f2af6e9 100644
--- a/tirpc/rpc/auth_gss.h
+++ b/tirpc/rpc/auth_gss.h
@@ -64,8 +64,6 @@ struct rpc_gss_sec {
rpc_gss_svc_t svc; /* service */
gss_cred_id_t cred; /* cred handle */
u_int req_flags; /* req flags for init_sec_context */
- int major_status;
- int minor_status;
};
/* Private data required for kernel implementation */
--
2.39.1
From: Olga Kornievskaia <[email protected]>
Fix rpc_gss_seccreate() usage of the passed in gss credential.
Fixes: 5f1fe4dde861 ("Pass time_req and input_channel_bindings through to init_sec_context")
Signed-off-by: Olga Kornievskaia <[email protected]>
---
src/auth_gss.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/auth_gss.c b/src/auth_gss.c
index e317664..9d18f96 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -842,9 +842,9 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
gd->sec = sec;
if (req) {
- sec.req_flags = req->req_flags;
+ gd->sec.req_flags = req->req_flags;
gd->time_req = req->time_req;
- sec.cred = req->my_cred;
+ gd->sec.cred = req->my_cred;
gd->icb = req->input_channel_bindings;
}
--
2.39.1
On Wed, Dec 06, 2023 at 04:31:26PM -0500, Olga Kornievskaia wrote:
> From: Olga Kornievskaia <[email protected]>
>
> Revert commit f5b6e6fdb1e6 "gss-api: expose gss major/minor error in
> authgss_refresh()".
>
> Instead of modifying existing api, use rpc_gss_seccreate() which exposes
> the error values.
>
> Signed-off-by: Olga Kornievskaia <[email protected]>
Reviewed-by: Chuck Lever <[email protected]>
> ---
> src/auth_gss.c | 14 ++++++--------
> tirpc/rpc/auth_gss.h | 2 --
> 2 files changed, 6 insertions(+), 10 deletions(-)
>
> diff --git a/src/auth_gss.c b/src/auth_gss.c
> index 3127b92..e317664 100644
> --- a/src/auth_gss.c
> +++ b/src/auth_gss.c
> @@ -184,7 +184,6 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
> AUTH *auth, *save_auth;
> struct rpc_gss_data *gd;
> OM_uint32 min_stat = 0;
> - rpc_gss_options_ret_t ret;
>
> gss_log_debug("in authgss_create()");
>
> @@ -230,12 +229,8 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
> save_auth = clnt->cl_auth;
> clnt->cl_auth = auth;
>
> - memset(&ret, 0, sizeof(rpc_gss_options_ret_t));
> - if (!authgss_refresh(auth, &ret)) {
> + if (!authgss_refresh(auth, NULL))
> auth = NULL;
> - sec->major_status = ret.major_status;
> - sec->minor_status = ret.minor_status;
> - }
> else
> authgss_auth_get(auth); /* Reference for caller */
>
> @@ -624,9 +619,12 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
> }
>
> static bool_t
> -authgss_refresh(AUTH *auth, void *ret)
> +authgss_refresh(AUTH *auth, void *dummy)
> {
> - return _rpc_gss_refresh(auth, (rpc_gss_options_ret_t *)ret);
> + rpc_gss_options_ret_t ret;
> +
> + memset(&ret, 0, sizeof(ret));
> + return _rpc_gss_refresh(auth, &ret);
> }
>
> bool_t
> diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h
> index a530d42..f2af6e9 100644
> --- a/tirpc/rpc/auth_gss.h
> +++ b/tirpc/rpc/auth_gss.h
> @@ -64,8 +64,6 @@ struct rpc_gss_sec {
> rpc_gss_svc_t svc; /* service */
> gss_cred_id_t cred; /* cred handle */
> u_int req_flags; /* req flags for init_sec_context */
> - int major_status;
> - int minor_status;
> };
>
> /* Private data required for kernel implementation */
> --
> 2.39.1
>
--
Chuck Lever
On Wed, Dec 06, 2023 at 04:31:27PM -0500, Olga Kornievskaia wrote:
> From: Olga Kornievskaia <[email protected]>
>
> Fix rpc_gss_seccreate() usage of the passed in gss credential.
>
> Fixes: 5f1fe4dde861 ("Pass time_req and input_channel_bindings through to init_sec_context")
> Signed-off-by: Olga Kornievskaia <[email protected]>
Reviewed-by: Chuck Lever <[email protected]>
> ---
> src/auth_gss.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/auth_gss.c b/src/auth_gss.c
> index e317664..9d18f96 100644
> --- a/src/auth_gss.c
> +++ b/src/auth_gss.c
> @@ -842,9 +842,9 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
> gd->sec = sec;
>
> if (req) {
> - sec.req_flags = req->req_flags;
> + gd->sec.req_flags = req->req_flags;
> gd->time_req = req->time_req;
> - sec.cred = req->my_cred;
> + gd->sec.cred = req->my_cred;
> gd->icb = req->input_channel_bindings;
> }
>
> --
> 2.39.1
>
--
Chuck Lever
On 12/6/23 4:31 PM, Olga Kornievskaia wrote:
> From: Olga Kornievskaia <[email protected]>
>
> Revert commit f5b6e6fdb1e6 "gss-api: expose gss major/minor error in
> authgss_refresh()".
>
> Instead of modifying existing api, use rpc_gss_seccreate() which exposes
> the error values.
>
> Signed-off-by: Olga Kornievskaia <[email protected]>
Committed... (tag: libtirpc-1-3-5-rc1
steved.
> ---
> src/auth_gss.c | 14 ++++++--------
> tirpc/rpc/auth_gss.h | 2 --
> 2 files changed, 6 insertions(+), 10 deletions(-)
>
> diff --git a/src/auth_gss.c b/src/auth_gss.c
> index 3127b92..e317664 100644
> --- a/src/auth_gss.c
> +++ b/src/auth_gss.c
> @@ -184,7 +184,6 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
> AUTH *auth, *save_auth;
> struct rpc_gss_data *gd;
> OM_uint32 min_stat = 0;
> - rpc_gss_options_ret_t ret;
>
> gss_log_debug("in authgss_create()");
>
> @@ -230,12 +229,8 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
> save_auth = clnt->cl_auth;
> clnt->cl_auth = auth;
>
> - memset(&ret, 0, sizeof(rpc_gss_options_ret_t));
> - if (!authgss_refresh(auth, &ret)) {
> + if (!authgss_refresh(auth, NULL))
> auth = NULL;
> - sec->major_status = ret.major_status;
> - sec->minor_status = ret.minor_status;
> - }
> else
> authgss_auth_get(auth); /* Reference for caller */
>
> @@ -624,9 +619,12 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
> }
>
> static bool_t
> -authgss_refresh(AUTH *auth, void *ret)
> +authgss_refresh(AUTH *auth, void *dummy)
> {
> - return _rpc_gss_refresh(auth, (rpc_gss_options_ret_t *)ret);
> + rpc_gss_options_ret_t ret;
> +
> + memset(&ret, 0, sizeof(ret));
> + return _rpc_gss_refresh(auth, &ret);
> }
>
> bool_t
> diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h
> index a530d42..f2af6e9 100644
> --- a/tirpc/rpc/auth_gss.h
> +++ b/tirpc/rpc/auth_gss.h
> @@ -64,8 +64,6 @@ struct rpc_gss_sec {
> rpc_gss_svc_t svc; /* service */
> gss_cred_id_t cred; /* cred handle */
> u_int req_flags; /* req flags for init_sec_context */
> - int major_status;
> - int minor_status;
> };
>
> /* Private data required for kernel implementation */
On 12/6/23 4:31 PM, Olga Kornievskaia wrote:
> From: Olga Kornievskaia <[email protected]>
>
> Fix rpc_gss_seccreate() usage of the passed in gss credential.
>
> Fixes: 5f1fe4dde861 ("Pass time_req and input_channel_bindings through to init_sec_context")
> Signed-off-by: Olga Kornievskaia <[email protected]>
Committed... (tag: libtirpc-1-3-5-rc1)
steved.
> ---
> src/auth_gss.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/auth_gss.c b/src/auth_gss.c
> index e317664..9d18f96 100644
> --- a/src/auth_gss.c
> +++ b/src/auth_gss.c
> @@ -842,9 +842,9 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
> gd->sec = sec;
>
> if (req) {
> - sec.req_flags = req->req_flags;
> + gd->sec.req_flags = req->req_flags;
> gd->time_req = req->time_req;
> - sec.cred = req->my_cred;
> + gd->sec.cred = req->my_cred;
> gd->icb = req->input_channel_bindings;
> }
>