← Back to branch summary

~ubuntu-branches/debian/stretch/nfs-utils/stretch

« back to all changes in this revision

Viewing changes to .pc/11-532048-reduce-verbosity.patch/utils/gssd/gssd_proc.c

  • Committer: Package Import Robot
  • Author(s): Luk Claes
  • Date: 2012-05-25 20:41:58 UTC
  • mfrom: (1.2.22)
  • Revision ID: package-import@ubuntu.com-20120525204158-fte9hh32egwbk5g3
Tags: 1:1.2.6-1
http://bugs.debian.org/673798
* New upstream version
  - Remove 18-dont-use-PAGE_SIZE.patch: merged upstream.
  - Update other patches.
  - Install osd_login (part of the autologin feature).
    - Add open-iscsi and watchdog to Recommends.
* Check for blank exports file (Closes: #673798).
* Add 18-osd_login-sbindir.patch to avoid FTBFS
* Add 19-iscsiadm-path.patch so osd_login works

Show diffs side-by-side

added added

removed removed

Lines of Context:
.pc/11-532048-reduce-verbosity.patch/utils/gssd/gssd_proc.c
299
299
        if (clp->krb5_poll_index != -1)
300
300
                memset(&pollarray[clp->krb5_poll_index], 0,
301
301
                                        sizeof(struct pollfd));
302
 
        if (clp->spkm3_poll_index != -1)
303
 
                memset(&pollarray[clp->spkm3_poll_index], 0,
304
 
                                        sizeof(struct pollfd));
305
302
        if (clp->gssd_poll_index != -1)
306
303
                memset(&pollarray[clp->gssd_poll_index], 0,
307
304
                                        sizeof(struct pollfd));
308
305
        if (clp->dir_fd != -1) close(clp->dir_fd);
309
306
        if (clp->krb5_fd != -1) close(clp->krb5_fd);
310
 
        if (clp->spkm3_fd != -1) close(clp->spkm3_fd);
311
307
        if (clp->gssd_fd != -1) close(clp->gssd_fd);
312
308
        free(clp->dirname);
313
309
        free(clp->servicename);
327
323
                goto out;
328
324
        }
329
325
        clp->krb5_poll_index = -1;
330
 
        clp->spkm3_poll_index = -1;
331
326
        clp->gssd_poll_index = -1;
332
327
        clp->krb5_fd = -1;
333
 
        clp->spkm3_fd = -1;
334
328
        clp->gssd_fd = -1;
335
329
        clp->dir_fd = -1;
336
330
 
355
349
                        snprintf(name, sizeof(name), "%s/krb5", clp->dirname);
356
350
                        clp->krb5_fd = open(name, O_RDWR);
357
351
                }
358
 
                if (clp->spkm3_fd == -1) {
359
 
                        snprintf(name, sizeof(name), "%s/spkm3", clp->dirname);
360
 
                        clp->spkm3_fd = open(name, O_RDWR);
361
 
                }
362
352
 
363
353
                /* If we opened a gss-specific pipe, let's try opening
364
354
                 * the new upcall pipe again. If we succeed, close
365
355
                 * gss-specific pipe(s).
366
356
                 */
367
 
                if (clp->krb5_fd != -1 || clp->spkm3_fd != -1) {
 
357
                if (clp->krb5_fd != -1) {
368
358
                        clp->gssd_fd = open(gname, O_RDWR);
369
359
                        if (clp->gssd_fd != -1) {
370
360
                                if (clp->krb5_fd != -1)
371
361
                                        close(clp->krb5_fd);
372
362
                                clp->krb5_fd = -1;
373
 
                                if (clp->spkm3_fd != -1)
374
 
                                        close(clp->spkm3_fd);
375
 
                                clp->spkm3_fd = -1;
376
363
                        }
377
364
                }
378
365
        }
379
366
 
380
 
        if ((clp->krb5_fd == -1) && (clp->spkm3_fd == -1) &&
381
 
                        (clp->gssd_fd == -1))
 
367
        if ((clp->krb5_fd == -1) && (clp->gssd_fd == -1))
382
368
                return -1;
383
369
        snprintf(info_file_name, sizeof(info_file_name), "%s/info",
384
370
                        clp->dirname);
431
417
                pollarray[clp->krb5_poll_index].events |= POLLIN;
432
418
        }
433
419
 
434
 
        if ((clp->spkm3_fd != -1) && (clp->spkm3_poll_index == -1)) {
435
 
                if (get_poll_index(&clp->spkm3_poll_index)) {
436
 
                        printerr(0, "ERROR: Too many spkm3 clients\n");
437
 
                        return -1;
438
 
                }
439
 
                pollarray[clp->spkm3_poll_index].fd = clp->spkm3_fd;
440
 
                pollarray[clp->spkm3_poll_index].events |= POLLIN;
441
 
        }
442
 
 
443
420
        return 0;
444
421
}
445
422
 
839
816
                sec.mech = (gss_OID)&krb5oid;
840
817
                sec.req_flags = GSS_C_MUTUAL_FLAG;
841
818
        }
842
 
        else if (authtype == AUTHTYPE_SPKM3) {
843
 
                sec.mech = (gss_OID)&spkm3oid;
844
 
                /* XXX sec.req_flags = GSS_C_ANON_FLAG;
845
 
                 * Need a way to switch....
846
 
                 */
847
 
                sec.req_flags = GSS_C_MUTUAL_FLAG;
848
 
        }
849
819
        else {
850
820
                printerr(0, "ERROR: Invalid authentication type (%d) "
851
821
                        "in create_auth_rpc_client\n", authtype);
919
889
        auth = authgss_create_default(rpc_clnt, clp->servicename, &sec);
920
890
        if (!auth) {
921
891
                /* Our caller should print appropriate message */
922
 
                printerr(2, "WARNING: Failed to create %s context for "
 
892
                printerr(2, "WARNING: Failed to create krb5 context for "
923
893
                            "user with uid %d for server %s\n",
924
 
                        (authtype == AUTHTYPE_KRB5 ? "krb5":"spkm3"),
925
894
                         uid, clp->servername);
926
895
                goto out_fail;
927
896
        }
949
918
        goto out;
950
919
}
951
920
 
 
921
static char *
 
922
user_cachedir(char *dirname, uid_t uid)
 
923
{
 
924
        struct passwd *pw;
 
925
        char *ptr;
 
926
 
 
927
        if ((pw = getpwuid(uid)) == NULL) {
 
928
                printerr(0, "user_cachedir: Failed to find '%d' uid"
 
929
                            " for cache directory\n");
 
930
                return NULL;
 
931
        }
 
932
        ptr = malloc(strlen(dirname)+strlen(pw->pw_name)+2);
 
933
        if (ptr)
 
934
                sprintf(ptr, "%s/%s", dirname, pw->pw_name);
 
935
 
 
936
        return ptr;
 
937
}
952
938
/*
953
939
 * this code uses the userland rpcsec gss library to create a krb5
954
940
 * context on behalf of the kernel
963
949
        gss_buffer_desc         token;
964
950
        char                    **credlist = NULL;
965
951
        char                    **ccname;
966
 
        char                    **dirname;
 
952
        char                    **dirname, *dir, *userdir;
967
953
        int                     create_resp = -1;
968
954
        int                     err, downcall_err = -EACCES;
969
955
 
1006
992
                                service == NULL)) {
1007
993
                /* Tell krb5 gss which credentials cache to use */
1008
994
                for (dirname = ccachesearch; *dirname != NULL; dirname++) {
1009
 
                        err = gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname);
 
995
                        /* See if the user name is needed */
 
996
                        if (strncmp(*dirname, GSSD_USER_CRED_DIR, 
 
997
                                        strlen(GSSD_USER_CRED_DIR)) == 0) {
 
998
                                userdir = user_cachedir(*dirname, uid);
 
999
                                if (userdir == NULL) 
 
1000
                                        continue;
 
1001
                                dir = userdir;
 
1002
                        } else
 
1003
                                dir = *dirname;
 
1004
 
 
1005
                        err = gssd_setup_krb5_user_gss_ccache(uid, clp->servername, dir);
 
1006
 
 
1007
                        if (userdir) {
 
1008
                                free(userdir);
 
1009
                                userdir = NULL;
 
1010
                        }
1010
1011
                        if (err == -EKEYEXPIRED)
1011
1012
                                downcall_err = -EKEYEXPIRED;
1012
1013
                        else if (!err)
1103
1104
        goto out;
1104
1105
}
1105
1106
 
1106
 
/*
1107
 
 * this code uses the userland rpcsec gss library to create an spkm3
1108
 
 * context on behalf of the kernel
1109
 
 */
1110
 
static void
1111
 
process_spkm3_upcall(struct clnt_info *clp, uid_t uid, int fd)
1112
 
{
1113
 
        CLIENT                  *rpc_clnt = NULL;
1114
 
        AUTH                    *auth = NULL;
1115
 
        struct authgss_private_data pd;
1116
 
        gss_buffer_desc         token;
1117
 
 
1118
 
        printerr(2, "handling spkm3 upcall (%s)\n", clp->dirname);
1119
 
 
1120
 
        token.length = 0;
1121
 
        token.value = NULL;
1122
 
 
1123
 
        if (create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, AUTHTYPE_SPKM3)) {
1124
 
                printerr(0, "WARNING: Failed to create spkm3 context for "
1125
 
                            "user with uid %d\n", uid);
1126
 
                goto out_return_error;
1127
 
        }
1128
 
 
1129
 
        if (!authgss_get_private_data(auth, &pd)) {
1130
 
                printerr(0, "WARNING: Failed to obtain authentication "
1131
 
                            "data for user with uid %d for server %s\n",
1132
 
                         uid, clp->servername);
1133
 
                goto out_return_error;
1134
 
        }
1135
 
 
1136
 
        if (serialize_context_for_kernel(pd.pd_ctx, &token, &spkm3oid, NULL)) {
1137
 
                printerr(0, "WARNING: Failed to serialize spkm3 context for "
1138
 
                            "user with uid %d for server\n",
1139
 
                         uid, clp->servername);
1140
 
                goto out_return_error;
1141
 
        }
1142
 
 
1143
 
        do_downcall(fd, uid, &pd, &token);
1144
 
 
1145
 
out:
1146
 
        if (token.value)
1147
 
                free(token.value);
1148
 
        if (auth)
1149
 
                AUTH_DESTROY(auth);
1150
 
        if (rpc_clnt)
1151
 
                clnt_destroy(rpc_clnt);
1152
 
        return;
1153
 
 
1154
 
out_return_error:
1155
 
        do_error_downcall(fd, uid, -1);
1156
 
        goto out;
1157
 
}
1158
 
 
1159
1107
void
1160
1108
handle_krb5_upcall(struct clnt_info *clp)
1161
1109
{
1171
1119
}
1172
1120
 
1173
1121
void
1174
 
handle_spkm3_upcall(struct clnt_info *clp)
1175
 
{
1176
 
        uid_t                   uid;
1177
 
 
1178
 
        if (read(clp->spkm3_fd, &uid, sizeof(uid)) < (ssize_t)sizeof(uid)) {
1179
 
                printerr(0, "WARNING: failed reading uid from spkm3 "
1180
 
                         "upcall pipe: %s\n", strerror(errno));
1181
 
                return;
1182
 
        }
1183
 
 
1184
 
        return process_spkm3_upcall(clp, uid, clp->spkm3_fd);
1185
 
}
1186
 
 
1187
 
void
1188
1122
handle_gssd_upcall(struct clnt_info *clp)
1189
1123
{
1190
1124
        uid_t                   uid;
1292
1226
 
1293
1227
        if (strcmp(mech, "krb5") == 0)
1294
1228
                process_krb5_upcall(clp, uid, clp->gssd_fd, target, service);
1295
 
        else if (strcmp(mech, "spkm3") == 0)
1296
 
                process_spkm3_upcall(clp, uid, clp->gssd_fd);
1297
1229
        else
1298
1230
                printerr(0, "WARNING: handle_gssd_upcall: "
1299
1231
                            "received unknown gss mech '%s'\n", mech);