summaryrefslogtreecommitdiffstats
path: root/sys/fs
diff options
context:
space:
mode:
authorrmacklem <rmacklem@FreeBSD.org>2011-06-19 22:08:55 +0000
committerrmacklem <rmacklem@FreeBSD.org>2011-06-19 22:08:55 +0000
commitbe57e75b00c1ba88332a570e83564f6cae5dba45 (patch)
tree1748b2392bad991b60d72c1a5c4c795f329b87ca /sys/fs
parentf3c935589780909d53003a34a63975a197937374 (diff)
downloadFreeBSD-src-be57e75b00c1ba88332a570e83564f6cae5dba45.zip
FreeBSD-src-be57e75b00c1ba88332a570e83564f6cae5dba45.tar.gz
Fix the kgssapi so that it can be loaded as a module. Currently
the NFS subsystems use five of the rpcsec_gss/kgssapi entry points, but since it was not obvious which others might be useful, all nineteen were included. Basically the nineteen entry points are set in a structure called rpc_gss_entries and inline functions defined in sys/rpc/rpcsec_gss.h check for the entry points being non-NULL and then call them. A default value is returned otherwise. Requested by rwatson. Reviewed by: jhb MFC after: 2 weeks
Diffstat (limited to 'sys/fs')
-rw-r--r--sys/fs/nfs/nfs_commonkrpc.c14
-rw-r--r--sys/fs/nfsclient/nfs_clkrpc.c12
-rw-r--r--sys/fs/nfsserver/nfs_nfsdkrpc.c37
3 files changed, 18 insertions, 45 deletions
diff --git a/sys/fs/nfs/nfs_commonkrpc.c b/sys/fs/nfs/nfs_commonkrpc.c
index 72df6c5..df23e49 100644
--- a/sys/fs/nfs/nfs_commonkrpc.c
+++ b/sys/fs/nfs/nfs_commonkrpc.c
@@ -323,9 +323,7 @@ newnfs_disconnect(struct nfssockreq *nrp)
client = nrp->nr_client;
nrp->nr_client = NULL;
mtx_unlock(&nrp->nr_mtx);
-#ifdef KGSSAPI
- rpc_gss_secpurge(client);
-#endif
+ rpc_gss_secpurge_call(client);
CLNT_CLOSE(client);
CLNT_RELEASE(client);
} else {
@@ -337,21 +335,18 @@ static AUTH *
nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal,
char *srv_principal, gss_OID mech_oid, struct ucred *cred)
{
-#ifdef KGSSAPI
rpc_gss_service_t svc;
AUTH *auth;
#ifdef notyet
rpc_gss_options_req_t req_options;
#endif
-#endif
switch (secflavour) {
-#ifdef KGSSAPI
case RPCSEC_GSS_KRB5:
case RPCSEC_GSS_KRB5I:
case RPCSEC_GSS_KRB5P:
if (!mech_oid) {
- if (!rpc_gss_mech_to_oid("kerberosv5", &mech_oid))
+ if (!rpc_gss_mech_to_oid_call("kerberosv5", &mech_oid))
return (NULL);
}
if (secflavour == RPCSEC_GSS_KRB5)
@@ -367,7 +362,7 @@ nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal,
req_options.input_channel_bindings = NULL;
req_options.enc_type = nfs_keytab_enctype;
- auth = rpc_gss_secfind(nrp->nr_client, cred,
+ auth = rpc_gss_secfind_call(nrp->nr_client, cred,
clnt_principal, srv_principal, mech_oid, svc,
&req_options);
#else
@@ -377,7 +372,7 @@ nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal,
* principals. As such, that case cannot yet be handled.
*/
if (clnt_principal == NULL)
- auth = rpc_gss_secfind(nrp->nr_client, cred,
+ auth = rpc_gss_secfind_call(nrp->nr_client, cred,
srv_principal, mech_oid, svc);
else
auth = NULL;
@@ -385,7 +380,6 @@ nfs_getauth(struct nfssockreq *nrp, int secflavour, char *clnt_principal,
if (auth != NULL)
return (auth);
/* fallthrough */
-#endif /* KGSSAPI */
case AUTH_SYS:
default:
return (authunix_create(cred));
diff --git a/sys/fs/nfsclient/nfs_clkrpc.c b/sys/fs/nfsclient/nfs_clkrpc.c
index c4f7e94..0cd41b3 100644
--- a/sys/fs/nfsclient/nfs_clkrpc.c
+++ b/sys/fs/nfsclient/nfs_clkrpc.c
@@ -215,12 +215,9 @@ nfscbd_addsock(struct file *fp)
int
nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args)
{
-#ifdef KGSSAPI
char principal[128];
int error;
-#endif
-#ifdef KGSSAPI
if (args != NULL) {
error = copyinstr(args->principal, principal,
sizeof(principal), NULL);
@@ -229,7 +226,6 @@ nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args)
} else {
principal[0] = '\0';
}
-#endif
/*
* Only the first nfsd actually does any work. The RPC code
@@ -244,20 +240,16 @@ nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args *args)
NFSD_UNLOCK();
-#ifdef KGSSAPI
if (principal[0] != '\0')
- rpc_gss_set_svc_name(principal, "kerberosv5",
+ rpc_gss_set_svc_name_call(principal, "kerberosv5",
GSS_C_INDEFINITE, NFS_CALLBCKPROG, NFSV4_CBVERS);
-#endif
nfscbd_pool->sp_minthreads = 4;
nfscbd_pool->sp_maxthreads = 4;
svc_run(nfscbd_pool);
-#ifdef KGSSAPI
- rpc_gss_clear_svc_name(NFS_CALLBCKPROG, NFSV4_CBVERS);
-#endif
+ rpc_gss_clear_svc_name_call(NFS_CALLBCKPROG, NFSV4_CBVERS);
NFSD_LOCK();
nfs_numnfscbd--;
diff --git a/sys/fs/nfsserver/nfs_nfsdkrpc.c b/sys/fs/nfsserver/nfs_nfsdkrpc.c
index 8ce70fa..2484919 100644
--- a/sys/fs/nfsserver/nfs_nfsdkrpc.c
+++ b/sys/fs/nfsserver/nfs_nfsdkrpc.c
@@ -386,18 +386,14 @@ nfsrvd_addsock(struct file *fp)
int
nfsrvd_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
{
-#ifdef KGSSAPI
char principal[MAXHOSTNAMELEN + 5];
int error;
bool_t ret2, ret3, ret4;
-#endif
-#ifdef KGSSAPI
error = copyinstr(args->principal, principal, sizeof (principal),
NULL);
if (error)
return (error);
-#endif
/*
* Only the first nfsd actually does any work. The RPC code
@@ -412,38 +408,29 @@ nfsrvd_nfsd(struct thread *td, struct nfsd_nfsd_args *args)
NFSD_UNLOCK();
-#ifdef KGSSAPI
/* An empty string implies AUTH_SYS only. */
if (principal[0] != '\0') {
- ret2 = rpc_gss_set_svc_name(principal, "kerberosv5",
- GSS_C_INDEFINITE, NFS_PROG, NFS_VER2);
- ret3 = rpc_gss_set_svc_name(principal, "kerberosv5",
- GSS_C_INDEFINITE, NFS_PROG, NFS_VER3);
- ret4 = rpc_gss_set_svc_name(principal, "kerberosv5",
- GSS_C_INDEFINITE, NFS_PROG, NFS_VER4);
-
- if (!ret2 || !ret3 || !ret4) {
- NFSD_LOCK();
- newnfs_numnfsd--;
- nfsrvd_init(1);
- NFSD_UNLOCK();
- return (EAUTH);
- }
+ ret2 = rpc_gss_set_svc_name_call(principal,
+ "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER2);
+ ret3 = rpc_gss_set_svc_name_call(principal,
+ "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER3);
+ ret4 = rpc_gss_set_svc_name_call(principal,
+ "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER4);
+
+ if (!ret2 || !ret3 || !ret4)
+ printf("nfsd: can't register svc name\n");
}
-#endif
nfsrvd_pool->sp_minthreads = args->minthreads;
nfsrvd_pool->sp_maxthreads = args->maxthreads;
svc_run(nfsrvd_pool);
-#ifdef KGSSAPI
if (principal[0] != '\0') {
- rpc_gss_clear_svc_name(NFS_PROG, NFS_VER2);
- rpc_gss_clear_svc_name(NFS_PROG, NFS_VER3);
- rpc_gss_clear_svc_name(NFS_PROG, NFS_VER4);
+ rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER2);
+ rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER3);
+ rpc_gss_clear_svc_name_call(NFS_PROG, NFS_VER4);
}
-#endif
NFSD_LOCK();
newnfs_numnfsd--;
OpenPOWER on IntegriCloud