Date: Thu, 11 Jun 2009 15:05:45 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-current@freebsd.org Subject: Re: kgssapi won't build, I need prison help Message-ID: <Pine.GSO.4.63.0906111500001.5596@muncher.cs.uoguelph.ca> In-Reply-To: <20090611170448.M22887@maildrop.int.zabbadoz.net> References: <Pine.GSO.4.63.0906111131001.6225@muncher.cs.uoguelph.ca> <20090611170448.M22887@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 11 Jun 2009, Bjoern A. Zeeb wrote: > > 1) note pr_hostid is unsinged long, ci_hostid is unit32_t. > Thanks, I just changed ci_hostid to unsigned long. > 2) I do not know what that code does but ideally it should be from the > same context as being called which might be hard in this case. > > For svc_rpc_gss_find_client you may want to move the check into the > foreach loop as an addition criteria; client seems to know the > context it runs in (cred-> ...) > > For svc_rpc_gss_create_client() I would say you'll have to pass in > the correct context. > I didn't write the code, but I think it is using hostid as a sanity check in a user credential handle that the RPCSEC_GSS has given to a client as a shorthand for the credentials associated with a Kerberos ticket the client previously got authenticated. Since I think the threads executing this code will all be children of the nfsd, how about: curthread->td_ucred->cr_prison->pr_hostid rick ps: It's a little like the problem discussed previously w.r.t. how the server side rpc code should acquire credentials, I think?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.63.0906111500001.5596>