Re: kgssapi won't build, I need prison help

From: Rick Macklem <rmacklem_at_uoguelph.ca>
Date: Thu, 11 Jun 2009 15:05:45 -0400 (EDT)
On Thu, 11 Jun 2009, Bjoern A. Zeeb wrote:

>
> 1) note pr_hostid is unsinged long, ci_hostid is unit32_t.
>
Thanks, I just changed ci_hostid to unsigned long.

> 2) I do not know what that code does but ideally it should be from the
>   same context as being called which might be hard in this case.
>
>   For svc_rpc_gss_find_client you may want to move the check into the
>   foreach loop as an addition criteria; client seems to know the
>   context it runs in (cred-> ...)
>
>   For svc_rpc_gss_create_client() I would say you'll have to pass in
>   the correct context.
>
I didn't write the code, but I think it is using hostid as a sanity
check in a user credential handle that the RPCSEC_GSS has given to
a client as a shorthand for the credentials associated with a
Kerberos ticket the client previously got authenticated.

Since I think the threads executing this code will all be children
of the nfsd, how about:
 	curthread->td_ucred->cr_prison->pr_hostid

rick
ps: It's a little like the problem discussed previously w.r.t. how
     the server side rpc code should acquire credentials, I think?
Received on Thu Jun 11 2009 - 17:04:14 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:49 UTC