Date: Thu, 11 Jun 2009 15:05:45 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-current@freebsd.org Subject: Re: kgssapi won't build, I need prison help Message-ID: <Pine.GSO.4.63.0906111500001.5596@muncher.cs.uoguelph.ca> In-Reply-To: <20090611170448.M22887@maildrop.int.zabbadoz.net> References: <Pine.GSO.4.63.0906111131001.6225@muncher.cs.uoguelph.ca> <20090611170448.M22887@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 11 Jun 2009, Bjoern A. Zeeb wrote:
>
> 1) note pr_hostid is unsinged long, ci_hostid is unit32_t.
>
Thanks, I just changed ci_hostid to unsigned long.
> 2) I do not know what that code does but ideally it should be from the
> same context as being called which might be hard in this case.
>
> For svc_rpc_gss_find_client you may want to move the check into the
> foreach loop as an addition criteria; client seems to know the
> context it runs in (cred-> ...)
>
> For svc_rpc_gss_create_client() I would say you'll have to pass in
> the correct context.
>
I didn't write the code, but I think it is using hostid as a sanity
check in a user credential handle that the RPCSEC_GSS has given to
a client as a shorthand for the credentials associated with a
Kerberos ticket the client previously got authenticated.
Since I think the threads executing this code will all be children
of the nfsd, how about:
curthread->td_ucred->cr_prison->pr_hostid
rick
ps: It's a little like the problem discussed previously w.r.t. how
the server side rpc code should acquire credentials, I think?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.63.0906111500001.5596>