mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-22 02:37:15 +00:00
dd7d42a1fa
During recent testing related to the IETF NFSv4 Bakeathon, it was discovered that Kerberized NFSv4.1/4.2 mounts to pNFS servers (sec=krb5[ip],pnfs mount options) was broken. The FreeBSD client was using the "service principal" for the MDS to try and establish a rpcsec_gss credential for a DS, which is incorrect. (A "service principal" looks like "nfs@<fqdn-of-server>" and the <fqdn-of-server> for the DS is not the same as the MDS for most pNFS servers.) To fix this, the rpcsec_gss code needs to be able to do a reverse DNS lookup of the DS's IP address. A new kgssapi upcall to the gssd(8) daemon is added by this patch to do the reverse DNS along with a new rpcsec_gss function to generate the "service principal". A separate patch to the gssd(8) will be committed, so that this patch will fix the problem. Without the gssd(8) patch, the new upcall fails and current/incorrect behaviour remains. This bug only affects the rare case of a Kerberized (sec=krb5[ip],pnfs) mount using pNFS. This patch changes the internal KAPI between the kgssapi and nfscl modules, but since I did a version bump a few days ago, I will not do one this time. MFC after: 1 month |
||
|---|---|---|
| .. | ||
| krb5 | ||
| gss_accept_sec_context.c | ||
| gss_acquire_cred.c | ||
| gss_add_oid_set_member.c | ||
| gss_canonicalize_name.c | ||
| gss_create_empty_oid_set.c | ||
| gss_delete_sec_context.c | ||
| gss_display_status.c | ||
| gss_export_name.c | ||
| gss_get_mic.c | ||
| gss_impl.c | ||
| gss_import_name.c | ||
| gss_init_sec_context.c | ||
| gss_ip_to_dns.c | ||
| gss_names.c | ||
| gss_pname_to_uid.c | ||
| gss_release_buffer.c | ||
| gss_release_cred.c | ||
| gss_release_name.c | ||
| gss_release_oid_set.c | ||
| gss_set_cred_option.c | ||
| gss_test_oid_set_member.c | ||
| gss_unwrap.c | ||
| gss_verify_mic.c | ||
| gss_wrap.c | ||
| gss_wrap_size_limit.c | ||
| gssapi.h | ||
| gssapi_impl.h | ||
| gssd.x | ||
| gssd_prot.c | ||
| gsstest.c | ||
| kgss_if.m | ||