Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp2760944rdb; Wed, 4 Oct 2023 10:32:52 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGoLdRUtKaXfALdZra/Q+F9Ukt4upYrQbFIArMQdRNL9GeKs248iDrR9e4O0cDviYhx0agz X-Received: by 2002:a05:6e02:13d0:b0:351:526a:4ac with SMTP id v16-20020a056e0213d000b00351526a04acmr2776614ilj.2.1696440772460; Wed, 04 Oct 2023 10:32:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696440772; cv=none; d=google.com; s=arc-20160816; b=XUZEXUi17nzOKpXPE1IwEmyVJtcv7x2vaO6T37VPZ7qDEoDgspSWN1dTdDTfQvwlXG EMR2I3TCxE2Ti2qBBpNndBDmfjChH1eP22Cjzq2N3I5YmBVJJdbgY3AfSzN3Nds1KlpW iQ8+9jqphEKdHtIag2AiiJCMVl/+dQgaWxOcGSs7od4VLjm/O9Rqgp31Q4qZJTmKTgWx Aa8WoI+JSAFtqHr3PRyIT7YA0ZlknQMgMx2LHrM8WaBRL1hS2gQL0gvJDa1pmb6xdP2S Fn0ynH6ggcL/K7mb6oU0vsDoM6iBtFUVbobQYNaFwsq3Dj02jY0eHNJAikPux5NtAyNH p+dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=rKXOGT5CRMwFBpLfQ7bu6N50H+dU0TdyuSUnUTcWLb4=; fh=uNRrSD0XciptfTJwyKJ3Qz1AkNjyaoXT9yPd2pM8S/o=; b=wTsiTYQY7aSY+x1is+RhXCDz++8dloYTRHFajjYdVAxEaHToSbWH4sh8Eypspf0oIb qNxgD5Y1ObuR1LHKXVNkN423paa5CRgi72Qmvp+OWSvQuyO1VJVk9xNrda7w04jVMcYJ BsvA79JmBDfpg5zojFaxdccZ3kUSGlzZlP3Tf5bX6FgvjdImsMgtNJ8SPmczRpSRyhlu MoHFP2wEA22XV2XvO+Smc0C3YgfYLHD5z92y43zqjOf1IQ7uRg4MJzYhy8sxz4rwXRhr iSDTRrH9pzhLZLMRUS6uTiAo7jWSaMdmupvZR/YmyHxTSlE/UZhY98PKiqTjz43jhNPx ktLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=WQtKT5Fy; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id d17-20020a637351000000b00573f9dbef8asi4416185pgn.266.2023.10.04.10.32.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 10:32:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=WQtKT5Fy; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id ACA638061368; Wed, 4 Oct 2023 10:32:46 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243497AbjJDRcs (ORCPT + 99 others); Wed, 4 Oct 2023 13:32:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39460 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243433AbjJDRcr (ORCPT ); Wed, 4 Oct 2023 13:32:47 -0400 Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E1D59E for ; Wed, 4 Oct 2023 10:32:43 -0700 (PDT) Received: by mail-io1-xd2f.google.com with SMTP id ca18e2360f4ac-79fab2caf70so108239f.1 for ; Wed, 04 Oct 2023 10:32:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696440762; x=1697045562; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=rKXOGT5CRMwFBpLfQ7bu6N50H+dU0TdyuSUnUTcWLb4=; b=WQtKT5Fyzq8LTSEm0GIEVsbFSJd8xP3ZViKmCCZ1XwihY9/aqgJ5ZPED1kjORQpaf/ 4qrcGYPp9GElxXnDziDr0EWKBgJJEoRu5gl5T7Br9kGIMycb6HXZTioTwZlAUjmPvOD6 ybMjypkuTf5aYOdC3PojQSpj5Idsqob/L4pMBjOvcTv7FdY1gR3rUS/FzHDdU+OX0xSq w7cMSIHw7DLyyCPcHHCSQVsNaK+erT772cdk7Vg57NyGIn2uk3j755YM4Bi4elA5KI9w RQbSbgIxYk1wtIamxyvUU7EmIPH5zRf3U5ZpRidJppGOpciJud8l0W1/rO6XkuHvytPU oXaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696440762; x=1697045562; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=rKXOGT5CRMwFBpLfQ7bu6N50H+dU0TdyuSUnUTcWLb4=; b=w3lVrhinBvSWWqiuaOu7NMJu79zHrDeo5N24q/O2Nxasq5794fVd89QTnfAVcckECL 1fty6zj9z+Y1FbJUIXZfC7AKW2BCylNCZ3m55/EhFVC311XeLV58A4vaQ/CYFoftux52 H56cTCVGduCF0j3bfmOfxKdbVO3ba+Ho8Mx34gdwQDVfkBwHCDeaUi/W2LnXHjGUIihY wwpQ/Go6wavBrLXjFPWNrUJRs5MBlDsnc79OCESDeouLANo3Bl+NLkWrR9rlU/oFnYCu P7giaTWJ/zYwSaSAFmFLwz6v5rGhKyeFPCoRZm9twbNOeNsUEcsz81L8swDP64KOvikT 4MkQ== X-Gm-Message-State: AOJu0YxtSRPQsdFcPpBqoZ+y71k9jNTw2uXAwg+R8vTCRNkrQlu7oP4P sfRQXevqJNLyAJsGOV1gB20nkWelOpA= X-Received: by 2002:a05:6602:1a07:b0:79d:1c65:9bde with SMTP id bo7-20020a0566021a0700b0079d1c659bdemr3401297iob.1.1696440762655; Wed, 04 Oct 2023 10:32:42 -0700 (PDT) Received: from kolga-mac-1.attlocal.net ([2600:1700:6a10:2e90:d99c:94dd:ccd6:fb22]) by smtp.gmail.com with ESMTPSA id u23-20020a6be417000000b007870289f4fdsm1066598iog.51.2023.10.04.10.32.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Oct 2023 10:32:41 -0700 (PDT) From: Olga Kornievskaia To: steved@redhat.com Cc: linux-nfs@vger.kernel.org Subject: [PATCH v2 0/3] nfs-utils: gssd support for KRB5_AP_ERR_BAD_INTEGRITY Date: Wed, 4 Oct 2023 13:32:35 -0400 Message-Id: <20231004173240.46924-1-olga.kornievskaia@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 04 Oct 2023 10:32:47 -0700 (PDT) From: Olga Kornievskaia Together with libtirpc patch this series attempts to provide support for handling KRB5_AP_ERR_BAD_INTEGRITY. Such error can be returned by the server when it has changed its key material and the client is still using the service ticket that was issues prior to the change. Upon calling authgss_create_default() and receiving a NULL context, we can inspect the returned structure to see if gss major/minor error code was set. If the client determines that it received KRB5_AP_ERR_BAD_INTEGRITY error, it will proceed to handle it based on what type of credentials were used for context establishement. If machine credentials were used, the client can call into a routine and force credential renewal. If user credentials were used, the client needs to remove the existing service ticket and then retry the request. -- fix compile warning in libtirpc patch Olga Kornievskaia (3): gssd: enable forcing cred renewal using the keytab gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user credentials utils/gssd/gssd_proc.c | 20 ++++++++++++-- utils/gssd/krb5_util.c | 62 ++++++++++++++++++++++++++++++++++++------ utils/gssd/krb5_util.h | 4 ++- 3 files changed, 75 insertions(+), 11 deletions(-) -- 2.39.1