@@ -28,7 +28,7 @@
#include <time.h>
#include <rpc/clnt.h>
-#include <rpc/auth_gss.h>
+#include <rpc/rpcsec_gss.h>
#include "fedfs_admin.h"
#include "admin.h"
@@ -40,7 +40,7 @@ struct fedfs_admin {
char *ad_hostname;
char *ad_nettype;
int ad_secflavor;
- rpc_gss_svc_t ad_gss_svc;
+ rpc_gss_service_t ad_gss_svc;
CLIENT *ad_client;
enum clnt_stat ad_rpc_status;
struct timeval ad_timeout;
@@ -4,7 +4,7 @@
*/
/*
- * Copyright 2013 Oracle. All rights reserved.
+ * Copyright 2013, 2015 Oracle. All rights reserved.
*
* This file is part of fedfs-utils.
*
@@ -241,11 +241,11 @@ static int
admin_new(const char *hostname, const char *nettype, const char *security,
admin_t *result)
{
- rpc_gss_svc_t svc;
+ rpc_gss_service_t svc;
admin_t new;
int flavor;
- svc = RPCSEC_GSS_SVC_NONE;
+ svc = rpcsec_gss_svc_none;
if (strcasecmp(security, "sys") == 0)
flavor = AUTH_UNIX;
else if (strcasecmp(security, "unix") == 0)
@@ -254,10 +254,10 @@ admin_new(const char *hostname, const char *nettype, const char *security,
flavor = RPCSEC_GSS;
} else if (strcasecmp(security, "krb5i") == 0) {
flavor = RPCSEC_GSS;
- svc = RPCSEC_GSS_SVC_INTEGRITY;
+ svc = rpcsec_gss_svc_integrity;
} else if (strcasecmp(security, "krb5p") == 0) {
flavor = RPCSEC_GSS;
- svc = RPCSEC_GSS_SVC_PRIVACY;
+ svc = rpcsec_gss_svc_privacy;
} else
return EINVAL;
@@ -4,7 +4,7 @@
*/
/*
- * Copyright 2013 Oracle. All rights reserved.
+ * Copyright 2013, 2015 Oracle. All rights reserved.
*
* This file is part of fedfs-utils.
*
@@ -240,12 +240,19 @@ admin_acquire_user_cred(gss_cred_id_t *cred)
int
admin_authgss_create(CLIENT *clnt, admin_t host, AUTH **auth)
{
- struct rpc_gss_sec sec;
+ rpc_gss_options_req_t req = {
+ .req_flags = GSS_C_MUTUAL_FLAG,
+ };
OM_uint32 min_stat;
char *svc_name;
int retval;
AUTH *tmp;
+ if (!rpc_gss_is_installed("kerberos_v5")) {
+ xlog(D_GENERAL, "No kerberos_v5 support");
+ return EACCES;
+ }
+
xlog(D_CALL, "Creating GSS context for server %s",
admin_hostname(host));
@@ -254,16 +261,13 @@ admin_authgss_create(CLIENT *clnt, admin_t host, AUTH **auth)
if (svc_name == NULL)
goto out;
- retval = admin_acquire_user_cred(&sec.cred);
+ retval = admin_acquire_user_cred(&req.my_cred);
if (retval != 0)
goto out;
- sec.mech = &admin_gss_krb5_oid;
- sec.qop = GSS_C_QOP_DEFAULT;
- sec.svc = host->ad_gss_svc;
- sec.req_flags = GSS_C_MUTUAL_FLAG;
-
- tmp = authgss_create_default(clnt, svc_name, &sec);
+ tmp = rpc_gss_seccreate(clnt, svc_name, "kerberos_v5",
+ host->ad_gss_svc,
+ NULL, &req, NULL);
if (tmp == NULL) {
xlog(D_GENERAL, "cf_stat = %d", rpc_createerr.cf_stat);
xlog(D_GENERAL, "%s", clnt_spcreateerror(__func__));
@@ -273,7 +277,7 @@ admin_authgss_create(CLIENT *clnt, admin_t host, AUTH **auth)
*auth = tmp;
retval = 0;
- (void)gss_release_cred(&min_stat, &sec.cred);
+ (void)gss_release_cred(&min_stat, &req.my_cred);
out:
free(svc_name);
Replace obsolete auth_gss_create(3) with rpc_gss_seccreate(3t). Signed-off-by: Chuck Lever <chuck.lever@oracle.com> --- src/libadmin/admin-internal.h | 4 ++-- src/libadmin/admin.c | 10 +++++----- src/libadmin/gss.c | 24 ++++++++++++++---------- 3 files changed, 21 insertions(+), 17 deletions(-)