utils: Return status 0 on clean exits Some init systems actually expect daemons to return 0 on success. Signed-off-by: Steve Dickson <steved@redhat.com>
nfs-utils: Add support to svcgssd to limit the negotiated enctypes Recent versions of Kerberos libraries negotiate and use an "acceptor subkey". This negotiation does not consider that a service may have limited the encryption keys in its keytab. A patch (http://src.mit.edu/fisheye/changelog/krb5/?cs=24603) has been added to the MIT Kerberos code to allow an application to indicate that it wants to limit the encryption types negotiated. (This functionality has been available on the client/initiator side for a while. The new patch adds this support to the server/acceptor side.) This patch adds support to read a recently added nfsd proc file to determine the encryption types supported by the kernel and calls the function to limit encryption types negotiated for the acceptor subkey. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>
Improve debugging in svcgssd Added in gss_display_error() which translates the GSS error into the actual GSS macro name. Currently only the translation of these errors are logged. Since those translations are buried deep in the kerberos library code, having the actual GSS macro name makes it easier to follow the code. Moved the nfs4_init_name_mapping() call into main() so if debug is enabled the DNS name and realms will be logged during start up. Signed-off-by: Steve Dickson <steved@redhat.com>
svcgssd: Adding a <-p principal> flag Allow the principal that is used to get the machines creds definable on the command like with the new '-p <principal>'. This is useful in cluster environments. Signed-off-by: Eberhard Kuemmerle <E.Kuemmerle@fz-juelich.de> Signed-off-by: Steve Dickson <steved@redhat.com>
Removed warnings from svcgssd.c svcgssd.c: In function 'sig_hup': svcgssd.c:160: warning: unused parameter 'signal' Signed-off-by: Steve Dickson <steved@redhat.com>
mydaemon: remove closeall() calls from mydaemon() idmapd and svcgssd have a mydaemon() routine that uses closeall() to close file descriptors. Unfortunately, they aren't using it correctly and it ends up closing the pipe that the child process uses to talk to its parent. Fix this by not using closeall() in this routine and instead, just close the file descriptors that we know need to be closed. If /dev/null can't be opened for some reason, then just have the child exit with a non-zero error. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Set the verbosity level in both the librpcsecgss and libnfsidmapd libraries when verbosity level is set by the '-v' flag it on either daemon. Signed-off-by: Steve Dickson <steved@redhat.com>
In recent Fedora builds, the '-D _FORTIFY_SOURCE=2' compile flag has been set. This cause warnings to be generated when return values from reads/writes (and other calls) are not checked. The patch address those warnings. Signed-off-by: Steve Dickson <steved@redhat.com>
gssd: Use same style for including config.h that rest of nfs-utils uses Clean up. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Fix new warning after strict prototype checking enabled Fix function declaration to eliminate compiler warning about it not being a prototype after -Wstrict-prototypes was added. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
Add option to svcgssd to enable libnfsidmap debugging. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> As suggested by Glenn Machin <GMachin@sandia.gov>. Allow svcgssd to turn on libnfsidmap debugging. This uses a new command-line parameter so that it can be enabled independently from other debugging. Signed-off-by: Neil Brown <neilb@suse.de>
Check that the gssapi library is usable early on. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Do a call to determine mechanisms supported by the gssapi library early. This allows us to discover early in case the gssapi library is somehow misconfigured. We can bail out early and give a meaningful message rather than getting errors on each attempt at a context negotiation.
Fix up the svcgss mess I made, and run autoconf/automake