From patchwork Wed Jul 8 18:27:22 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 493086 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3684D1402B7 for ; Thu, 9 Jul 2015 04:27:32 +1000 (AEST) Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id t68IRS8J006124 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 8 Jul 2015 18:27:28 GMT Received: from oss.oracle.com (oss-old-reserved.oracle.com [137.254.22.2]) by userv0021.oracle.com (8.13.8/8.13.8) with ESMTP id t68IRSSu008311 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 8 Jul 2015 18:27:28 GMT Received: from localhost ([127.0.0.1] helo=lb-oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1ZCu47-00068b-UI; Wed, 08 Jul 2015 11:27:27 -0700 Received: from aserv0022.oracle.com ([141.146.126.234]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1ZCu46-00068U-Fk for fedfs-utils-devel@oss.oracle.com; Wed, 08 Jul 2015 11:27:26 -0700 Received: from aserp1020.oracle.com (aserp1020.oracle.com [141.146.126.67]) by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id t68IRQuK001411 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 8 Jul 2015 18:27:26 GMT Received: from userp2040.oracle.com (userp2040.oracle.com [156.151.31.90]) by aserp1020.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id t68IRPua015179 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 8 Jul 2015 18:27:26 GMT Authentication-Results: aserp1020.oracle.com; dkim=pass reason="2048-bit key" header.d=gmail.com header.i=@gmail.com header.b=ivEnMavc Received: from pps.filterd (userp2040.oracle.com [127.0.0.1]) by userp2040.oracle.com (8.14.7/8.14.7) with SMTP id t68IOMtf034392 for ; Wed, 8 Jul 2015 18:27:25 GMT Received: from mail-qg0-f44.google.com (mail-qg0-f44.google.com [209.85.192.44]) by userp2040.oracle.com with ESMTP id 1vh3ufk5np-1 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for ; Wed, 08 Jul 2015 18:27:25 +0000 Received: by qget71 with SMTP id t71so104179686qge.2 for ; Wed, 08 Jul 2015 11:27:24 -0700 (PDT) X-Received: by 10.140.151.209 with SMTP id 200mr19190157qhx.71.1436380044529; Wed, 08 Jul 2015 11:27:24 -0700 (PDT) Received: from seurat.1015granger.net ([2604:8800:100:81fc:20c:29ff:fe44:ec31]) by smtp.gmail.com with ESMTPSA id o65sm1902934qge.34.2015.07.08.11.27.23 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 Jul 2015 11:27:23 -0700 (PDT) From: Chuck Lever To: fedfs-utils-devel@oss.oracle.com Date: Wed, 08 Jul 2015 11:27:22 -0700 Message-ID: <20150708182722.24274.75249.stgit@seurat.1015granger.net> In-Reply-To: <20150708182053.24274.13851.stgit@seurat.1015granger.net> References: <20150708182053.24274.13851.stgit@seurat.1015granger.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-ServerName: mail-qg0-f44.google.com X-Proofpoint-Virus-Version: vendor=nai engine=5700 definitions=7856 signatures=670602 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 kscore.is_bulkscore=0 kscore.compositescore=1 compositescore=0.9 suspectscore=3 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.9 spamscore=0 urlsuspectscore=0.9 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1506180000 definitions=main-1507080276 Subject: [fedfs-utils] [PATCH 09/11] libadmin: Use new rpc_gss client-side API X-BeenThere: fedfs-utils-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: fedfs-utils Developers List-Id: fedfs-utils Developers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: fedfs-utils-devel-bounces@oss.oracle.com Errors-To: fedfs-utils-devel-bounces@oss.oracle.com X-Source-IP: userv0021.oracle.com [156.151.31.71] Replace obsolete auth_gss_create(3) with rpc_gss_seccreate(3t). Signed-off-by: Chuck Lever --- src/libadmin/admin-internal.h | 4 ++-- src/libadmin/admin.c | 10 +++++----- src/libadmin/gss.c | 24 ++++++++++++++---------- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/src/libadmin/admin-internal.h b/src/libadmin/admin-internal.h index 2cae3e8..4c6a21b 100644 --- a/src/libadmin/admin-internal.h +++ b/src/libadmin/admin-internal.h @@ -28,7 +28,7 @@ #include #include -#include +#include #include "fedfs_admin.h" #include "admin.h" @@ -40,7 +40,7 @@ struct fedfs_admin { char *ad_hostname; char *ad_nettype; int ad_secflavor; - rpc_gss_svc_t ad_gss_svc; + rpc_gss_service_t ad_gss_svc; CLIENT *ad_client; enum clnt_stat ad_rpc_status; struct timeval ad_timeout; diff --git a/src/libadmin/admin.c b/src/libadmin/admin.c index 4770c98..f2d7283 100644 --- a/src/libadmin/admin.c +++ b/src/libadmin/admin.c @@ -4,7 +4,7 @@ */ /* - * Copyright 2013 Oracle. All rights reserved. + * Copyright 2013, 2015 Oracle. All rights reserved. * * This file is part of fedfs-utils. * @@ -241,11 +241,11 @@ static int admin_new(const char *hostname, const char *nettype, const char *security, admin_t *result) { - rpc_gss_svc_t svc; + rpc_gss_service_t svc; admin_t new; int flavor; - svc = RPCSEC_GSS_SVC_NONE; + svc = rpcsec_gss_svc_none; if (strcasecmp(security, "sys") == 0) flavor = AUTH_UNIX; else if (strcasecmp(security, "unix") == 0) @@ -254,10 +254,10 @@ admin_new(const char *hostname, const char *nettype, const char *security, flavor = RPCSEC_GSS; } else if (strcasecmp(security, "krb5i") == 0) { flavor = RPCSEC_GSS; - svc = RPCSEC_GSS_SVC_INTEGRITY; + svc = rpcsec_gss_svc_integrity; } else if (strcasecmp(security, "krb5p") == 0) { flavor = RPCSEC_GSS; - svc = RPCSEC_GSS_SVC_PRIVACY; + svc = rpcsec_gss_svc_privacy; } else return EINVAL; diff --git a/src/libadmin/gss.c b/src/libadmin/gss.c index 65b8785..897f58f 100644 --- a/src/libadmin/gss.c +++ b/src/libadmin/gss.c @@ -4,7 +4,7 @@ */ /* - * Copyright 2013 Oracle. All rights reserved. + * Copyright 2013, 2015 Oracle. All rights reserved. * * This file is part of fedfs-utils. * @@ -240,12 +240,19 @@ admin_acquire_user_cred(gss_cred_id_t *cred) int admin_authgss_create(CLIENT *clnt, admin_t host, AUTH **auth) { - struct rpc_gss_sec sec; + rpc_gss_options_req_t req = { + .req_flags = GSS_C_MUTUAL_FLAG, + }; OM_uint32 min_stat; char *svc_name; int retval; AUTH *tmp; + if (!rpc_gss_is_installed("kerberos_v5")) { + xlog(D_GENERAL, "No kerberos_v5 support"); + return EACCES; + } + xlog(D_CALL, "Creating GSS context for server %s", admin_hostname(host)); @@ -254,16 +261,13 @@ admin_authgss_create(CLIENT *clnt, admin_t host, AUTH **auth) if (svc_name == NULL) goto out; - retval = admin_acquire_user_cred(&sec.cred); + retval = admin_acquire_user_cred(&req.my_cred); if (retval != 0) goto out; - sec.mech = &admin_gss_krb5_oid; - sec.qop = GSS_C_QOP_DEFAULT; - sec.svc = host->ad_gss_svc; - sec.req_flags = GSS_C_MUTUAL_FLAG; - - tmp = authgss_create_default(clnt, svc_name, &sec); + tmp = rpc_gss_seccreate(clnt, svc_name, "kerberos_v5", + host->ad_gss_svc, + NULL, &req, NULL); if (tmp == NULL) { xlog(D_GENERAL, "cf_stat = %d", rpc_createerr.cf_stat); xlog(D_GENERAL, "%s", clnt_spcreateerror(__func__)); @@ -273,7 +277,7 @@ admin_authgss_create(CLIENT *clnt, admin_t host, AUTH **auth) *auth = tmp; retval = 0; - (void)gss_release_cred(&min_stat, &sec.cred); + (void)gss_release_cred(&min_stat, &req.my_cred); out: free(svc_name);