From patchwork Thu Sep 19 21:03:51 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bruce Fields <bfields@redhat.com>
X-Patchwork-Id: 2913491
Return-Path: <linux-nfs-owner@kernel.org>
X-Original-To: patchwork-linux-nfs@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id B1B5FBFF05
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Thu, 19 Sep 2013 21:04:02 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id A8AF020300
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Thu, 19 Sep 2013 21:04:00 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id B2178202EB
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Thu, 19 Sep 2013 21:03:59 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752602Ab3ISVD6 (ORCPT
	<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
	Thu, 19 Sep 2013 17:03:58 -0400
Received: from fieldses.org ([174.143.236.118]:44681 "EHLO fieldses.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752103Ab3ISVD6 (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
	Thu, 19 Sep 2013 17:03:58 -0400
Received: from bfields by fieldses.org with local (Exim 4.76)
	(envelope-from <bfields@fieldses.org>)
	id 1VMlOI-0008CE-0J; Thu, 19 Sep 2013 17:03:58 -0400
From: "J. Bruce Fields" <bfields@redhat.com>
To: steved@redhat.com
Cc: linux-nfs@vger.kernel.org, "J. Bruce Fields" <bfields@redhat.com>
Subject: [PATCHv2 2/3] gssd: don't use tgtname to find our keytab
Date: Thu, 19 Sep 2013 17:03:51 -0400
Message-Id: <1379624632-31476-2-git-send-email-bfields@redhat.com>
X-Mailer: git-send-email 1.7.9.5
In-Reply-To: <1379624632-31476-1-git-send-email-bfields@redhat.com>
References: <1379624239-31199-2-git-send-email-bfields@redhat.com>
	<1379624632-31476-1-git-send-email-bfields@redhat.com>
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: "J. Bruce Fields" <bfields@redhat.com>

The tgtname is of the form service@hostname.  It's not a hostname, and
attempting to look it up here just causes failure of any upcall with a
"target=" field (currently, any upcall on behalf of an nfsv4.0
callback).

I think the theory was that knowning that target= name might help pick
the right keytab, but I don't really know if that's helpful.  For now,
just stop trying to do this.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
 utils/gssd/gssd_proc.c |  3 +--
 utils/gssd/krb5_util.c | 10 +++-------
 utils/gssd/krb5_util.h |  3 +--
 3 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 0383883..7200a78 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -1035,8 +1035,7 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
 			int success = 0;
 			do {
 				gssd_refresh_krb5_machine_credential(clp->servername,
-								     NULL, service,
-								     tgtname);
+								     NULL, service);
 				/*
 				 * Get a list of credential cache names and try each
 				 * of them until one works or we've tried them all
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 83b9651..c6e52fd 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1149,7 +1149,7 @@ gssd_get_krb5_machine_cred_list(char ***list)
 		if (ple->ccname) {
 			/* Make sure cred is up-to-date before returning it */
 			retval = gssd_refresh_krb5_machine_credential(NULL, ple,
-				NULL, NULL);
+				NULL);
 			if (retval)
 				continue;
 			if (i + 1 > listsize) {
@@ -1240,8 +1240,7 @@ gssd_destroy_krb5_machine_creds(void)
 int
 gssd_refresh_krb5_machine_credential(char *hostname,
 				     struct gssd_k5_kt_princ *ple, 
-					 char *service,
-					 char *tgtname)
+					 char *service)
 {
 	krb5_error_code code = 0;
 	krb5_context context;
@@ -1280,10 +1279,7 @@ gssd_refresh_krb5_machine_credential(char *hostname,
 	if (ple == NULL) {
 		krb5_keytab_entry kte;
 
-		if (tgtname == NULL)
-			tgtname = hostname;
-
-		code = find_keytab_entry(context, kt, tgtname, &kte, svcnames);
+		code = find_keytab_entry(context, kt, hostname, &kte, svcnames);
 		if (code) {
 			printerr(0, "ERROR: %s: no usable keytab entry found "
 				 "in keytab %s for connection with host %s\n",
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index eed1294..3f0723e 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -31,8 +31,7 @@ void gssd_setup_krb5_machine_gss_ccache(char *servername);
 void gssd_destroy_krb5_machine_creds(void);
 int  gssd_refresh_krb5_machine_credential(char *hostname,
 					  struct gssd_k5_kt_princ *ple, 
-					  char *service,
-					  char *tgtname);
+					  char *service);
 char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
 void gssd_k5_get_default_realm(char **def_realm);