kgssapi won't build, I need prison help
Rick Macklem
rmacklem at uoguelph.ca
Thu Jun 11 19:04:14 UTC 2009
On Thu, 11 Jun 2009, Bjoern A. Zeeb wrote:
>
> 1) note pr_hostid is unsinged long, ci_hostid is unit32_t.
>
Thanks, I just changed ci_hostid to unsigned long.
> 2) I do not know what that code does but ideally it should be from the
> same context as being called which might be hard in this case.
>
> For svc_rpc_gss_find_client you may want to move the check into the
> foreach loop as an addition criteria; client seems to know the
> context it runs in (cred-> ...)
>
> For svc_rpc_gss_create_client() I would say you'll have to pass in
> the correct context.
>
I didn't write the code, but I think it is using hostid as a sanity
check in a user credential handle that the RPCSEC_GSS has given to
a client as a shorthand for the credentials associated with a
Kerberos ticket the client previously got authenticated.
Since I think the threads executing this code will all be children
of the nfsd, how about:
curthread->td_ucred->cr_prison->pr_hostid
rick
ps: It's a little like the problem discussed previously w.r.t. how
the server side rpc code should acquire credentials, I think?
More information about the freebsd-current
mailing list