From patchwork Thu Jun 20 19:56:03 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maximilian Wilhelm X-Patchwork-Id: 2757941 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 8D5479F39E for ; Thu, 20 Jun 2013 19:56:13 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id DA5BF20148 for ; Thu, 20 Jun 2013 19:56:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B1CB220133 for ; Thu, 20 Jun 2013 19:56:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1161196Ab3FTT4K (ORCPT ); Thu, 20 Jun 2013 15:56:10 -0400 Received: from mail.rfc2324.org ([31.172.8.67]:50102 "EHLO mail.rfc2324.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1161110Ab3FTT4J (ORCPT ); Thu, 20 Jun 2013 15:56:09 -0400 Received: from rfc2324.org ([31.172.8.84] helo=principal.rfc2324.org) by mail.rfc2324.org with esmtp rfc2324.org Mailserver id 1Upkxg-0002Zl-4V; Thu, 20 Jun 2013 21:56:08 +0200 Received: by principal.rfc2324.org (Postfix, from userid 666) id 08A0C8F2CB; Thu, 20 Jun 2013 21:56:04 +0200 (CEST) Date: Thu, 20 Jun 2013 21:56:03 +0200 From: Maximilian Wilhelm To: steved@redhat.com Cc: linux-nfs@vger.kernel.org Message-ID: <20130620195603.GE16125@principal.rfc2324.org> Mail-Followup-To: steved@redhat.com, linux-nfs@vger.kernel.org MIME-Version: 1.0 Content-Disposition: inline X-Operating-System: Linux 2.6.32-5-amd64 on x86_64 X-Warning: This message may contain ironic / sarcastic elements. X-GC-3.12: GCM/CS/IT/MU d+(--) s: a- C++$ UL++++$ P++(+++) L++++ E--- W+ N o+ K- w O? M V? PS+ PE Y+(++) PGP++ t 5+ X- R* !tv b+(++) DI+(++) !D G++ e+++* h>-(---) r++ y? User-Agent: Mutt/1.5.20 (2009-06-14) X-SA-Exim-Connect-IP: 31.172.8.84 X-SA-Exim-Mail-From: max@principal.rfc2324.org X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Spam-Level: X-Spam-Status: No, score=-8.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_TVD_MIME_EPI, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Subject: [PATCH]: gssd: Fix preferred_realm option handling X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:26:47 +0000) X-SA-Exim-Scanned: Yes (on mail.rfc2324.org) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Hi, the gssd currently ignores any preferred realm given via the -R command line option. The attached patch fixes that behaviour and makes sure the preferrred_realm is used first when searching for a valid principal for mount authentication. I would be happy if you would apply this. This would close bug #235 in bugzilla. Thanks Max commit 36784e52650fb08d9012a243365693f2a0eb1f93 Author: Maximilian Wilhelm Date: Thu Jun 20 21:30:17 2013 +0200 Fix handling of preferred realm command line option. The current implementation ignores any preferred realm specified on the command line. Fix this behaviour and make sure the preferred realm is used as first realm when trying to acquire a keytab entry. Signed-off-by: Maximilian Wilhelm Signed-off-by: Frederik Moellers diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c index 6275dd8..d6bf8cc 100644 --- a/utils/gssd/krb5_util.c +++ b/utils/gssd/krb5_util.c @@ -852,11 +852,18 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, } /* - * Try the "appropriate" realm first, and if nothing found for that - * realm, try the default realm (if it hasn't already been tried). + * Make sure the preferred_realm, which may have been explicitly set + * on the command line, is tried first. If nothing is found go on with + * the host and local default realm (if that hasn't already been tried). */ i = 0; realm = realmnames[i]; + + if (strcmp (realm, preferred_realm) != 0) { + realm = preferred_realm; + i = -1; + } + while (1) { if (realm == NULL) { tried_all = 1;