#include "gss_util.h"
#include "err_util.h"
#include "context.h"
+#include "misc.h"
#include "gss_oids.h"
+#include "svcgssd_krb5.h"
extern char * mech2file(gss_OID mech);
#define SVCGSSD_CONTEXT_CHANNEL "/proc/net/rpc/auth.rpcsec.context/channel"
int cr_ngroups;
gid_t cr_groups[NGROUPS];
};
+static char vbuf[RPC_CHAN_BUF_SIZE];
static int
do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
SVCGSSD_CONTEXT_CHANNEL, strerror(errno));
goto out_err;
}
+ setvbuf(f, vbuf, _IOLBF, RPC_CHAN_BUF_SIZE);
qword_printhex(f, out_handle->value, out_handle->length);
/* XXX are types OK for the rest of this? */
/* For context cache, use the actual context endtime */
if (g_OID_equal(&krb5oid, mech)) {
if (get_krb5_hostbased_name(&name, &cname) == 0)
*hostbased_name = cname;
- }
-
- /* No support for SPKM3, just print a warning (for now) */
- if (g_OID_equal(&spkm3oid, mech)) {
- printerr(1, "WARNING: get_hostbased_client_name: "
- "no hostbased_name support for SPKM3\n");
+ } else {
+ printerr(1, "WARNING: unknown/unsupport mech OID\n");
}
res = 0;
memcpy(&ctx, in_handle.value, in_handle.length);
}
+ if (svcgssd_limit_krb5_enctypes()) {
+ goto out_err;
+ }
+
maj_stat = gss_accept_sec_context(&min_stat, &ctx, gssd_creds,
&in_tok, GSS_C_NO_CHANNEL_BINDINGS, &client_name,
&mech, &out_tok, &ret_flags, NULL, NULL);