Imported Upstream version 1.2.4

[nfs-utils.git] / utils / gssd / svcgssd_proc.c

diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c
index 0ecbab631f1714fce5b60e195504b70c1805d192..c714d99dd654aaff3b3369bebcbc0df0946284dd 100644 (file)
--- a/utils/gssd/svcgssd_proc.c
+++ b/utils/gssd/svcgssd_proc.c
@@ -56,7 +56,9 @@
 #include "gss_util.h"
 #include "err_util.h"
 #include "context.h"
+#include "misc.h"
 #include "gss_oids.h"
+#include "svcgssd_krb5.h"
 
 extern char * mech2file(gss_OID mech);
 #define SVCGSSD_CONTEXT_CHANNEL "/proc/net/rpc/auth.rpcsec.context/channel"
@@ -70,6 +72,7 @@ struct svc_cred {
        int     cr_ngroups;
        gid_t   cr_groups[NGROUPS];
 };
+static char vbuf[RPC_CHAN_BUF_SIZE];
 
 static int
 do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
@@ -91,6 +94,7 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
                             SVCGSSD_CONTEXT_CHANNEL, strerror(errno));
                goto out_err;
        }
+       setvbuf(f, vbuf, _IOLBF, RPC_CHAN_BUF_SIZE);
        qword_printhex(f, out_handle->value, out_handle->length);
        /* XXX are types OK for the rest of this? */
        /* For context cache, use the actual context endtime */
@@ -443,6 +447,10 @@ handle_nullreq(FILE *f) {
                memcpy(&ctx, in_handle.value, in_handle.length);
        }
 
+       if (svcgssd_limit_krb5_enctypes()) {
+               goto out_err;
+       }
+
        maj_stat = gss_accept_sec_context(&min_stat, &ctx, gssd_creds,
                        &in_tok, GSS_C_NO_CHANNEL_BINDINGS, &client_name,
                        &mech, &out_tok, &ret_flags, NULL, NULL);