mirror of
https://github.com/opnsense/src.git
synced 2026-02-11 14:55:36 -05:00
b9410313c6
During recent testing related to the IETF NFSv4 Bakeathon, it was discovered that Kerberized NFSv4.1/4.2 mounts to pNFS servers (sec=krb5[ip],pnfs mount options) was broken. The FreeBSD client was using the "service principal" for the MDS to try and establish a rpcsec_gss credential for a DS, which is incorrect. (A "service principal" looks like "nfs@<fqdn-of-server>" and the <fqdn-of-server> for the DS is not the same as the MDS for most pNFS servers.) To fix this, the rpcsec_gss code needs to be able to do a reverse DNS lookup of the DS's IP address. A new kgssapi upcall to the gssd(8) daemon is added by this patch to do the reverse DNS along with a new rpcsec_gss function to generate the "service principal". A separate patch to the gssd(8) will be committed, so that this patch will fix the problem. Without the gssd(8) patch, the new upcall fails and current/incorrect behaviour remains. This bug only affects the rare case of a Kerberized (sec=krb5[ip],pnfs) mount using pNFS. This patch changes the internal KAPI between the kgssapi and nfscl modules, but since I did a version bump a few days ago, I will not do one this time. (cherry picked from commit dd7d42a1fae5a4879b62689a165238082421f343) |
||
|---|---|---|
| .. | ||
| rpcsec_gss | ||
| rpcsec_tls | ||
| auth.h | ||
| auth_none.c | ||
| auth_unix.c | ||
| authunix_prot.c | ||
| clnt.h | ||
| clnt_bck.c | ||
| clnt_dg.c | ||
| clnt_rc.c | ||
| clnt_stat.h | ||
| clnt_vc.c | ||
| getnetconfig.c | ||
| krpc.h | ||
| netconfig.h | ||
| nettype.h | ||
| pmap_prot.h | ||
| replay.c | ||
| replay.h | ||
| rpc.h | ||
| rpc_callmsg.c | ||
| rpc_com.h | ||
| rpc_generic.c | ||
| rpc_msg.h | ||
| rpc_prot.c | ||
| rpcb_clnt.c | ||
| rpcb_clnt.h | ||
| rpcb_prot.c | ||
| rpcb_prot.h | ||
| rpcm_subs.h | ||
| rpcsec_gss.h | ||
| rpcsec_tls.h | ||
| svc.c | ||
| svc.h | ||
| svc_auth.c | ||
| svc_auth.h | ||
| svc_auth_unix.c | ||
| svc_dg.c | ||
| svc_generic.c | ||
| svc_vc.c | ||
| types.h | ||
| xdr.h | ||