svn commit: r192616 - head/sys/fs/nfs

Rick Macklem rmacklem at FreeBSD.org
Sat May 23 00:40:18 UTC 2009 

Author: rmacklem
Date: Sat May 23 00:40:17 2009
New Revision: 192616
URL: http://svn.freebsd.org/changeset/base/192616

Log:
  Fix the rpc_gss_secfind() call in nfs_commonkrpc.c so that
  the code will build when "options KGSSAPI" is specified
  without requiring the proposed changes that add host based
  initiator principal support. It will not handle the case where
  the client uses a host based initiator principal until those
  changes are committed. The code that uses those changes is
  #ifdef'd notyet until the krpc rpcsec_changes are committed.
  
  Approved by:	kib (mentor)

Modified:
  head/sys/fs/nfs/nfs_commonkrpc.c

Modified: head/sys/fs/nfs/nfs_commonkrpc.c
==============================================================================
--- head/sys/fs/nfs/nfs_commonkrpc.c	Sat May 23 00:07:55 2009	(r192615)
+++ head/sys/fs/nfs/nfs_commonkrpc.c	Sat May 23 00:40:17 2009	(r192616)
@@ -299,8 +299,10 @@ nfs_getauth(struct nfssockreq *nrp, int 
 #ifdef KGSSAPI
 	rpc_gss_service_t svc;
 	AUTH *auth;
+#ifdef notyet
 	rpc_gss_options_req_t req_options;
 #endif
+#endif
 
 	switch (secflavour) {
 #ifdef KGSSAPI
@@ -317,6 +319,7 @@ nfs_getauth(struct nfssockreq *nrp, int 
 			svc = rpc_gss_svc_integrity;
 		else
 			svc = rpc_gss_svc_privacy;
+#ifdef notyet
 		req_options.req_flags = GSS_C_MUTUAL_FLAG;
 		req_options.time_req = 0;
 		req_options.my_cred = GSS_C_NO_CREDENTIAL;
@@ -326,8 +329,20 @@ nfs_getauth(struct nfssockreq *nrp, int 
 		auth = rpc_gss_secfind(nrp->nr_client, cred,
 		    clnt_principal, srv_principal, mech_oid, svc,
 		    &req_options);
-		return (auth);
+#else
+		/*
+		 * Until changes to the rpcsec_gss code are committed,
+		 * there is no support for host based initiator
+		 * principals. As such, that case cannot yet be handled.
+		 */
+		if (clnt_principal == NULL)
+			auth = rpc_gss_secfind(nrp->nr_client, cred,
+			    srv_principal, mech_oid, svc);
+		else
+			auth = NULL;
 #endif
+		return (auth);
+#endif	/* KGSSAPI */
 	case AUTH_SYS:
 	default:
 		return (authunix_create(cred));

More information about the svn-src-all mailing list