#define rpcsec_gsserr_credproblem 13
#define rpcsec_gsserr_ctxproblem 14
-#if 0
-static void
-add_supplementary_groups(char *secname, char *name, struct svc_cred *cred)
-{
- int ret;
- static gid_t *groups = NULL;
-
- cred->cr_ngroups = NGROUPS;
- ret = nfs4_gss_princ_to_grouplist(secname, name,
- cred->cr_groups, &cred->cr_ngroups);
- if (ret < 0) {
- groups = realloc(groups, cred->cr_ngroups*sizeof(gid_t));
- ret = nfs4_gss_princ_to_grouplist(secname, name,
- groups, &cred->cr_ngroups);
- if (ret < 0)
- cred->cr_ngroups = 0;
- else {
- if (cred->cr_ngroups > NGROUPS)
- cred->cr_ngroups = NGROUPS;
- memcpy(cred->cr_groups, groups,
- cred->cr_ngroups*sizeof(gid_t));
- }
- }
-}
-#endif
-
-#if 0
-static int
-get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred)
-{
- u_int32_t maj_stat, min_stat;
- gss_buffer_desc name;
- char *sname;
- int res = -1;
- uid_t uid, gid;
- gss_OID name_type = GSS_C_NO_OID;
- char *secname;
-
- maj_stat = gss_display_name(&min_stat, client_name, &name, &name_type);
- if (maj_stat != GSS_S_COMPLETE) {
- pgsserr("get_ids: gss_display_name",
- maj_stat, min_stat, mech);
- goto out;
- }
- if (name.length >= 0xffff || /* be certain name.length+1 doesn't overflow */
- !(sname = calloc(name.length + 1, 1))) {
- printerr(0, "WARNING: get_ids: error allocating %d bytes "
- "for sname\n", name.length + 1);
- gss_release_buffer(&min_stat, &name);
- goto out;
- }
- memcpy(sname, name.value, name.length);
- printerr(1, "sname = %s\n", sname);
- gss_release_buffer(&min_stat, &name);
-
- res = -EINVAL;
- if ((secname = mech2file(mech)) == NULL) {
- printerr(0, "WARNING: get_ids: error mapping mech to "
- "file for name '%s'\n", sname);
- goto out_free;
- }
- nfs4_init_name_mapping(NULL); /* XXX: should only do this once */
- res = nfs4_gss_princ_to_ids(secname, sname, &uid, &gid);
- if (res < 0) {
- /*
- * -ENOENT means there was no mapping, any other error
- * value means there was an error trying to do the
- * mapping.
- * If there was no mapping, we send down the value -1
- * to indicate that the anonuid/anongid for the export
- * should be used.
- */
- if (res == -ENOENT) {
- cred->cr_uid = -1;
- cred->cr_gid = -1;
- cred->cr_ngroups = 0;
- res = 0;
- goto out_free;
- }
- printerr(0, "WARNING: get_ids: failed to map name '%s' "
- "to uid/gid: %s\n", sname, strerror(-res));
- goto out_free;
- }
- cred->cr_uid = uid;
- cred->cr_gid = gid;
- add_supplementary_groups(secname, sname, cred);
- res = 0;
-out_free:
- free(sname);
-out:
- return res;
-}
-#endif
-
-#if 0
-void
-print_hexl(int pri, unsigned char *cp, int length)
-{
- int i, j, jm;
- unsigned char c;
-
- printerr(pri, "length %d\n",length);
- printerr(pri, "\n");
-
- for (i = 0; i < length; i += 0x10) {
- printerr(pri, " %04x: ", (unsigned int)i);
- jm = length - i;
- jm = jm > 16 ? 16 : jm;
-
- for (j = 0; j < jm; j++) {
- if ((j % 2) == 1)
- printerr(pri, "%02x ", (unsigned int)cp[i+j]);
- else
- printerr(pri, "%02x", (unsigned int)cp[i+j]);
- }
- for (; j < 16; j++) {
- if ((j % 2) == 1)
- printerr(pri," ");
- else
- printerr(pri," ");
- }
- printerr(pri," ");
-
- for (j = 0; j < jm; j++) {
- c = cp[i+j];
- c = isprint(c) ? c : '.';
- printerr(pri,"%c", c);
- }
- printerr(pri,"\n");
- }
-}
-#endif
-
static int
get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred,
lnet_nid_t nid, uint32_t lustre_svc)