From a56989b6658c3555d965f51ff636754dec440e87 Mon Sep 17 00:00:00 2001 From: Trond Myklebust Date: Wed, 28 Nov 2012 14:30:07 -0500 Subject: gssd: Handle the target name correctly The target name contains a hostname in the realm that we are authenticating to. Since we may be authenticating to a different realm than the default realm for the server, we should not assume that the target name and host name point to the same string. In fact, the kernel NFS client will always use its own hostname as the target name, since it is always authenticating to its own default realm. On the other hand, the NFS server's callback channel will pass the hostname of the NFS client that it is authenticating too (Section 3.4, RFC3530). This patch fixes the handling of the target name in process_krb5_upcall, and ensures that it gets passed to find_keytab_entry(). Signed-off-by: Trond Myklebust Signed-off-by: Steve Dickson --- utils/gssd/gssd_proc.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'utils/gssd/gssd_proc.c') diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index aa5bbb9..2fba7de 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -951,12 +951,6 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, printerr(1, "handling krb5 upcall (%s)\n", clp->dirname); - if (tgtname) { - if (clp->servicename) { - free(clp->servicename); - clp->servicename = strdup(tgtname); - } - } token.length = 0; token.value = NULL; memset(&pd, 0, sizeof(struct authgss_private_data)); @@ -1005,7 +999,8 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname, int success = 0; do { gssd_refresh_krb5_machine_credential(clp->servername, - NULL, service); + NULL, service, + tgtname); /* * Get a list of credential cache names and try each * of them until one works or we've tried them all -- cgit