GSS Masquerade: gssd_proc
Benjamin Coddington
Benjamin.Coddington at uvm.edu
Mon Mar 17 16:15:28 EDT 2008
This patch causes gssd to retry context creation as each user listed in
/proc/sys/fs/nfs/masqueraders if a first attempt fails.
---
utils/gssd/gssd_proc.c | 18 ++++++++++++++++++
1 files changed, 18 insertions(+), 0 deletions(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 6860cc8..2fd11a3 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -38,6 +38,8 @@
*/
+#define NFS_MASQUERADE 1
+
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
@@ -676,6 +678,10 @@ handle_krb5_upcall(struct clnt_info *clp)
char **credlist = NULL;
char **ccname;
int create_resp = -1;
+#ifdef NFS_MASQUERADE
+ uid_t masquid;
+ FILE *masquers;
+#endif
printerr(1, "handling krb5 upcall\n");
@@ -695,6 +701,18 @@ handle_krb5_upcall(struct clnt_info *clp)
create_resp = create_auth_rpc_client(clp, &rpc_clnt,
&auth, uid,
AUTHTYPE_KRB5);
+#ifdef NFS_MASQUERADE
+ /* Try as a masquerader */
+ if (create_resp != 0) {
+ masquers =
fopen("/proc/sys/fs/nfs/masqueraders", "r");
+ while (fscanf(masquers, "%lu\n", &masquid) == 1
&& create_resp != 0) {
+ printerr(1, "attempting auth as
masquerader %lu\n", masquid);
+ create_resp =
create_auth_rpc_client(clp, &rpc_clnt, &auth,
+
masquid, AUTHTYPE_KRB5);
+ }
+ fclose(masquers);
+ }
+#endif
}
if (create_resp != 0) {
if (uid == 0 && root_uses_machine_creds == 1) {
More information about the NFSv4
mailing list