From owner-freebsd-current@FreeBSD.ORG Thu Jun 11 19:04:14 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8195C106566C for ; Thu, 11 Jun 2009 19:04:14 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca [131.104.91.44]) by mx1.freebsd.org (Postfix) with ESMTP id 365F88FC0A for ; Thu, 11 Jun 2009 19:04:13 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAMTxMEqDaFvL/2dsb2JhbADREYQKBQ X-IronPort-AV: E=Sophos;i="4.42,203,1243828800"; d="scan'208";a="38179118" Received: from nile.cs.uoguelph.ca ([131.104.91.203]) by esa-jnhn-pri.mail.uoguelph.ca with ESMTP; 11 Jun 2009 15:04:13 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by nile.cs.uoguelph.ca (Postfix) with ESMTP id 24F168D40ED; Thu, 11 Jun 2009 15:04:13 -0400 (EDT) X-Virus-Scanned: amavisd-new at nile.cs.uoguelph.ca Received: from nile.cs.uoguelph.ca ([127.0.0.1]) by localhost (nile.cs.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EKlWL9f-n7DO; Thu, 11 Jun 2009 15:04:12 -0400 (EDT) Received: from muncher.cs.uoguelph.ca (muncher.cs.uoguelph.ca [131.104.91.102]) by nile.cs.uoguelph.ca (Postfix) with ESMTP id 456C38D40C0; Thu, 11 Jun 2009 15:04:12 -0400 (EDT) Received: from localhost (rmacklem@localhost) by muncher.cs.uoguelph.ca (8.11.7p3+Sun/8.11.6) with ESMTP id n5BJ5jE06354; Thu, 11 Jun 2009 15:05:45 -0400 (EDT) X-Authentication-Warning: muncher.cs.uoguelph.ca: rmacklem owned process doing -bs Date: Thu, 11 Jun 2009 15:05:45 -0400 (EDT) From: Rick Macklem X-X-Sender: rmacklem@muncher.cs.uoguelph.ca To: "Bjoern A. Zeeb" In-Reply-To: <20090611170448.M22887@maildrop.int.zabbadoz.net> Message-ID: References: <20090611170448.M22887@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-current@freebsd.org Subject: Re: kgssapi won't build, I need prison help X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2009 19:04:14 -0000 On Thu, 11 Jun 2009, Bjoern A. Zeeb wrote: > > 1) note pr_hostid is unsinged long, ci_hostid is unit32_t. > Thanks, I just changed ci_hostid to unsigned long. > 2) I do not know what that code does but ideally it should be from the > same context as being called which might be hard in this case. > > For svc_rpc_gss_find_client you may want to move the check into the > foreach loop as an addition criteria; client seems to know the > context it runs in (cred-> ...) > > For svc_rpc_gss_create_client() I would say you'll have to pass in > the correct context. > I didn't write the code, but I think it is using hostid as a sanity check in a user credential handle that the RPCSEC_GSS has given to a client as a shorthand for the credentials associated with a Kerberos ticket the client previously got authenticated. Since I think the threads executing this code will all be children of the nfsd, how about: curthread->td_ucred->cr_prison->pr_hostid rick ps: It's a little like the problem discussed previously w.r.t. how the server side rpc code should acquire credentials, I think?