--- diff -puN utils/gssd/gssd_keyring.c~pass-message-key utils/gssd/gssd_keyring.c --- nfs-utils-1.0.10/utils/gssd/gssd_keyring.c~pass-message-key 2006-10-05 12:55:56.000000000 -0400 +++ nfs-utils-1.0.10-andros/utils/gssd/gssd_keyring.c 2006-10-05 12:57:07.000000000 -0400 @@ -269,9 +269,9 @@ keyring_do_downcall(struct clnt_info *cl char keybuf[2048]; int buflen; - printerr(1, "%s: called for uid %d <%d:%d:%d>\n", + printerr(1, "%s: called for uid %d <%d:%d:%d> message key %d\n", __FUNCTION__, clp->uid, clp->session_ring, - clp->process_ring, clp->thread_ring); + clp->process_ring, clp->thread_ring, clp->mkey); buflen = sizeof(keybuf); if (serialize_ctx_key_data(keybuf, &buflen, clp, pd, context_token)) { @@ -435,6 +435,7 @@ handle_keyring_upcall(struct clnt_info * char op[16]; uid_t uid; gid_t gid; + uint32_t mkey; key_serial_t key, authkey, tkey, pkey, skey; printerr(2, "===> %s: clp %p\n", __FUNCTION__, clp); @@ -448,15 +449,16 @@ handle_keyring_upcall(struct clnt_info * goto out_err; } - if ((num = sscanf(upmsg, "%s %d %d %d %d %d %d %d", op, &uid, &gid, - &key, &authkey, &tkey, &pkey, &skey)) != 8) { + if ((num = sscanf(upmsg, "%s %d %d %d %d %d %d %d %d", op, &uid, &mkey, + &gid, &key, &authkey, &tkey, &pkey, &skey)) != 9) { printerr(0, "WARNING: failed parsing message from keyring " - "upcall pipe. Got %d items but expected 8.\n"); + "upcall pipe. Got %d items but expected 9.\n", num); err = -1; goto out_err; } clp->uid = uid; + clp->mkey = mkey; clp->gid = gid; clp->key = key; clp->authkey = authkey; @@ -486,9 +488,10 @@ handle_keyring_upcall(struct clnt_info * * context and instantiating the key. */ printerr(1, "===> %s: handling keyring upcall to instantiate %s " - "ctx key %d (with authkey %d) for uid %d <%d:%d:%d> \n", + "ctx key %d (with authkey %d) for uid %d <%d:%d:%d> " + "with message key %d\n", __FUNCTION__, clp->mechanism, key, authkey, uid, - skey, pkey, tkey); + skey, pkey, tkey, mkey); if (strcmp(clp->mechanism, "krb5") == 0) { keyring_handle_krb5_upcall(clp); @@ -503,12 +506,12 @@ handle_keyring_upcall(struct clnt_info * __FUNCTION__, clp->mechanism); } - printerr(1, "<=== %s: uid %d <%d:%d:%d>\n", __FUNCTION__, - uid, skey, pkey, tkey); + printerr(1, "<=== %s: uid %d <%d:%d:%d> message key %d\n", __FUNCTION__, + uid, skey, pkey, tkey, mkey); return; out_err: - printerr(1, "<=== %s: uid %d (err %d) <%d:%d:%d>\n", - __FUNCTION__, uid, err, skey, pkey, tkey); + printerr(1, "<=== %s: uid %d (err %d) <%d:%d:%d> message key %d\n", + __FUNCTION__, uid, err, skey, pkey, tkey, mkey); keyring_do_error_downcall(clp, err); } diff -puN utils/gssd/gssd.h~pass-message-key utils/gssd/gssd.h --- nfs-utils-1.0.10/utils/gssd/gssd.h~pass-message-key 2006-10-05 12:55:56.000000000 -0400 +++ nfs-utils-1.0.10-andros/utils/gssd/gssd.h 2006-10-05 12:55:56.000000000 -0400 @@ -54,6 +54,7 @@ #define GSSD_SERVICE_NAME_LEN 3 #define INFOBUFLEN 256 +#define UPMSGBUFLEN 8 /* * The gss mechanisms that we can handle @@ -92,6 +93,7 @@ struct clnt_info { char *ip_string; int port; uint32_t lifetime; + uint32_t mkey; key_serial_t key; key_serial_t authkey; key_serial_t thread_ring; diff -puN utils/gssd/gssd_proc.c~pass-message-key utils/gssd/gssd_proc.c --- nfs-utils-1.0.10/utils/gssd/gssd_proc.c~pass-message-key 2006-10-05 12:55:56.000000000 -0400 +++ nfs-utils-1.0.10-andros/utils/gssd/gssd_proc.c 2006-10-05 12:55:56.000000000 -0400 @@ -443,9 +443,10 @@ do_downcall(int fd, struct clnt_info *cl unsigned int buf_size = 0; printerr(1, "doing downcall\n"); - buf_size = sizeof(clp->uid) + sizeof(timeout) + sizeof(pd->pd_seq_win) + - sizeof(pd->pd_ctx_hndl.length) + pd->pd_ctx_hndl.length + - sizeof(context_token->length) + context_token->length; + buf_size = sizeof(clp->uid) + sizeof(clp->mkey) + sizeof(timeout) + + sizeof(pd->pd_seq_win) + sizeof(pd->pd_ctx_hndl.length) + + pd->pd_ctx_hndl.length + sizeof(context_token->length) + + context_token->length; if (fd == clp->keyring_fd) buf_size += sizeof(clp->session_ring) + sizeof(clp->process_ring) + sizeof(clp->thread_ring); @@ -453,6 +454,7 @@ do_downcall(int fd, struct clnt_info *cl end = buf + buf_size; if (WRITE_BYTES(&p, end, clp->uid)) goto out_err; + if (WRITE_BYTES(&p, end, clp->mkey)) goto out_err; if (fd == clp->keyring_fd) { if (WRITE_BYTES(&p, end, clp->session_ring)) goto out_err; if (WRITE_BYTES(&p, end, clp->process_ring)) goto out_err; @@ -484,6 +486,7 @@ do_error_downcall(int fd, struct clnt_in printerr(1, "doing error downcall\n"); if (WRITE_BYTES(&p, end, clp->uid)) goto out_err; + if (WRITE_BYTES(&p, end, clp->mkey)) goto out_err; if (fd == clp->keyring_fd) { if (WRITE_BYTES(&p, end, clp->session_ring)) goto out_err; if (WRITE_BYTES(&p, end, clp->process_ring)) goto out_err; @@ -743,6 +746,9 @@ void handle_krb5_upcall(struct clnt_info *clp) { uid_t uid; + uint32_t mkey; + char upmsg[UPMSGBUFLEN]; + int num; CLIENT *rpc_clnt = NULL; AUTH *auth = NULL; struct authgss_private_data pd; @@ -756,12 +762,20 @@ handle_krb5_upcall(struct clnt_info *clp token.value = NULL; memset(&pd, 0, sizeof(struct authgss_private_data)); - if (read(clp->krb5_fd, &uid, sizeof(uid)) < sizeof(uid)) { - printerr(0, "WARNING: failed reading uid from krb5 " - "upcall pipe: %s\n", strerror(errno)); + if (read(clp->krb5_fd, upmsg, sizeof(upmsg) < 0)) { + printerr(0, "WARNING: failed reading uid and mkey from krb5 " + "upcall pipe: %s\n", strerror(errno)); goto out; } + if ((num = sscanf(upmsg, "%d %d", &uid, &mkey)) != 2) { + printerr(0, "WARNING: failed parsing message from krb5 " + "upcall pipe. Got %d items but expected 2.\n", num); + goto out; + } + clp->uid = uid; + clp->mkey = mkey; + if (uid == 0) { int success = 0; @@ -850,6 +864,9 @@ void handle_spkm3_upcall(struct clnt_info *clp) { uid_t uid; + uint32_t mkey; + char upmsg[UPMSGBUFLEN]; + int num; CLIENT *rpc_clnt = NULL; AUTH *auth = NULL; struct authgss_private_data pd; @@ -860,12 +877,20 @@ handle_spkm3_upcall(struct clnt_info *cl token.length = 0; token.value = NULL; - if (read(clp->spkm3_fd, &uid, sizeof(uid)) < sizeof(uid)) { - printerr(0, "WARNING: failed reading uid from spkm3 " + if (read(clp->spkm3_fd, upmsg, sizeof(upmsg) < 0)) { + printerr(0, "WARNING: failed reading uid and mkey from spkm3 " "upcall pipe: %s\n", strerror(errno)); goto out; } + if ((num = sscanf(upmsg, "%d %d", &uid, &mkey)) != 2) { + printerr(0, "WARNING: failed parsing message from spkm3 " + "upcall pipe. Got %d items but expected 2.\n", num); + goto out; + } + clp->uid = uid; + clp->mkey = mkey; + if (create_auth_rpc_client_wrap(clp, &rpc_clnt, &auth, uid, AUTHTYPE_SPKM3)) { printerr(0, "WARNING: Failed to create spkm3 context for " "user with uid %d\n", uid); _