]> git.decadent.org.uk Git - nfs-utils.git/blobdiff - utils/gssd/gssd_proc.c
projects / nfs-utils.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
gssd: NULL-terminate buffer after read in read_service_info (try #2)
[nfs-utils.git] / utils / gssd / gssd_proc.c
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index 6860cc852e844f87dbaf6d53d6106578f093d942..fb97a13e7e2761673d130397a2318db2fbf156e7 100644 (file)
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -38,10 +38,14 @@
 
 */
 
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif /* HAVE_CONFIG_H */
+
 #ifndef _GNU_SOURCE
 #define _GNU_SOURCE
 #endif
-#include "config.h"
+
 #include <sys/param.h>
 #include <rpc/rpc.h>
 #include <sys/stat.h>
@@ -66,7 +70,6 @@
 #include "gssd.h"
 #include "err_util.h"
 #include "gss_util.h"
-#include "gss_oids.h"
 #include "krb5_util.h"
 #include "context.h"
 
@@ -102,9 +105,9 @@ int pollsize;  /* the size of pollaray (in pollfd's) */
 /* XXX buffer problems: */
 static int
 read_service_info(char *info_file_name, char **servicename, char **servername,
-                 int *prog, int *vers, char **protocol) {
+                 int *prog, int *vers, char **protocol, int *port) {
 #define INFOBUFLEN 256
-       char            buf[INFOBUFLEN];
+       char            buf[INFOBUFLEN + 1];
        static char     dummy[128];
        int             nbytes;
        static char     service[128];
@@ -112,6 +115,8 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
        char            program[16];
        char            version[16];
        char            protoname[16];
+       char            cb_port[128];
+       char            *p;
        in_addr_t       inaddr;
        int             fd = -1;
        struct hostent  *ent = NULL;
@@ -127,6 +132,7 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
        if ((nbytes = read(fd, buf, INFOBUFLEN)) == -1)
                goto fail;
        close(fd);
+       buf[nbytes] = '\0';
 
        numfields = sscanf(buf,"RPC server: %127s\n"
                   "service: %127s %15s version %15s\n"
@@ -143,6 +149,10 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
                goto fail;
        }
 
+       cb_port[0] = '\0';
+       if ((p = strstr(buf, "port")) != NULL)
+               sscanf(p, "port: %127s\n", cb_port);
+
        /* check service, program, and version */
        if(memcmp(service, "nfs", 3)) return -1;
        *prog = atoi(program + 1); /* skip open paren */
@@ -163,6 +173,8 @@ read_service_info(char *info_file_name, char **servicename, char **servername,
        if (!(*servicename = calloc(strlen(buf) + 1, 1)))
                goto fail;
        memcpy(*servicename, buf, strlen(buf));
+       if (cb_port[0] != '\0')
+               *port = atoi(cb_port);
 
        if (!(*protocol = strdup(protoname)))
                goto fail;
@@ -238,7 +250,7 @@ process_clnt_dir_files(struct clnt_info * clp)
        if ((clp->servicename == NULL) &&
             read_service_info(info_file_name, &clp->servicename,
                                &clp->servername, &clp->prog, &clp->vers,
-                               &clp->protocol))
+                               &clp->protocol, &clp->port))
                return -1;
        return 0;
 }
@@ -419,7 +431,7 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
            gss_buffer_desc *context_token)
 {
        char    *buf = NULL, *p = NULL, *end = NULL;
-       unsigned int timeout = 0; /* XXX decide on a reasonable value */
+       unsigned int timeout = context_timeout;
        unsigned int buf_size = 0;
 
        printerr(1, "doing downcall\n");
@@ -430,7 +442,6 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
        end = buf + buf_size;
 
        if (WRITE_BYTES(&p, end, uid)) goto out_err;
-       /* Not setting any timeout for now: */
        if (WRITE_BYTES(&p, end, timeout)) goto out_err;
        if (WRITE_BYTES(&p, end, pd->pd_seq_win)) goto out_err;
        if (write_buffer(&p, end, &pd->pd_ctx_hndl)) goto out_err;
@@ -441,7 +452,7 @@ do_downcall(int k5_fd, uid_t uid, struct authgss_private_data *pd,
        return 0;
 out_err:
        if (buf) free(buf);
-       printerr(0, "Failed to write downcall!\n");
+       printerr(1, "Failed to write downcall!\n");
        return -1;
 }
 
@@ -587,6 +598,8 @@ int create_auth_rpc_client(struct clnt_info *clp,
                         clp->servername, uid);
                goto out_fail;
        }
+       if (clp->port)
+               ((struct sockaddr_in *)a->ai_addr)->sin_port = htons(clp->port);
        if (a->ai_protocol == IPPROTO_TCP) {
                if ((rpc_clnt = clnttcp_create(
                                        (struct sockaddr_in *) a->ai_addr,
@@ -675,6 +688,7 @@ handle_krb5_upcall(struct clnt_info *clp)
        gss_buffer_desc         token;
        char                    **credlist = NULL;
        char                    **ccname;
+       char                    **dirname;
        int                     create_resp = -1;
 
        printerr(1, "handling krb5 upcall\n");
@@ -691,10 +705,13 @@ handle_krb5_upcall(struct clnt_info *clp)
 
        if (uid != 0 || (uid == 0 && root_uses_machine_creds == 0)) {
                /* Tell krb5 gss which credentials cache to use */
-               gssd_setup_krb5_user_gss_ccache(uid, clp->servername);
-
-               create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
-                                                    AUTHTYPE_KRB5);
+               for (dirname = ccachesearch; *dirname != NULL; dirname++) {
+                       if (gssd_setup_krb5_user_gss_ccache(uid, clp->servername, *dirname) == 0)
+                               create_resp = create_auth_rpc_client(clp, &rpc_clnt, &auth, uid,
+                                                            AUTHTYPE_KRB5);
+                       if (create_resp == 0)
+                               break;
+               }
        }
        if (create_resp != 0) {
                if (uid == 0 && root_uses_machine_creds == 1) {
@@ -728,14 +745,14 @@ handle_krb5_upcall(struct clnt_info *clp)
                        }
                        gssd_free_krb5_machine_cred_list(credlist);
                        if (!success) {
-                               printerr(0, "WARNING: Failed to create krb5 context "
+                               printerr(1, "WARNING: Failed to create krb5 context "
                                         "for user with uid %d with any "
                                         "credentials cache for server %s\n",
                                         uid, clp->servername);
                                goto out_return_error;
                        }
                } else {
-                       printerr(0, "WARNING: Failed to create krb5 context "
+                       printerr(1, "WARNING: Failed to create krb5 context "
                                 "for user with uid %d for server %s\n",
                                 uid, clp->servername);
                        goto out_return_error;
@@ -743,13 +760,13 @@ handle_krb5_upcall(struct clnt_info *clp)
        }
 
        if (!authgss_get_private_data(auth, &pd)) {
-               printerr(0, "WARNING: Failed to obtain authentication "
+               printerr(1, "WARNING: Failed to obtain authentication "
                            "data for user with uid %d for server %s\n",
                         uid, clp->servername);
                goto out_return_error;
        }
 
-       if (serialize_context_for_kernel(pd.pd_ctx, &token, &krb5oid)) {
+       if (serialize_context_for_kernel(pd.pd_ctx, &token, &krb5oid, NULL)) {
                printerr(0, "WARNING: Failed to serialize krb5 context for "
                            "user with uid %d for server %s\n",
                         uid, clp->servername);
@@ -761,8 +778,10 @@ handle_krb5_upcall(struct clnt_info *clp)
 out:
        if (token.value)
                free(token.value);
+#ifndef HAVE_LIBTIRPC
        if (pd.pd_ctx_hndl.length != 0)
                authgss_free_private_data(&pd);
+#endif
        if (auth)
                AUTH_DESTROY(auth);
        if (rpc_clnt)
@@ -811,7 +830,7 @@ handle_spkm3_upcall(struct clnt_info *clp)
                goto out_return_error;
        }
 
-       if (serialize_context_for_kernel(pd.pd_ctx, &token, &spkm3oid)) {
+       if (serialize_context_for_kernel(pd.pd_ctx, &token, &spkm3oid, NULL)) {
                printerr(0, "WARNING: Failed to serialize spkm3 context for "
                            "user with uid %d for server\n",
                         uid, clp->servername);
Debian package of nfs-utils