Imported Upstream version 1.2.4

[nfs-utils.git] / utils / gssd / svcgssd_proc.c

diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c
index f1bfbef7b57a3b63428c3ab278e97c31966252ff..c714d99dd654aaff3b3369bebcbc0df0946284dd 100644 (file)
--- a/utils/gssd/svcgssd_proc.c
+++ b/utils/gssd/svcgssd_proc.c
@@ -56,7 +56,9 @@
 #include "gss_util.h"
 #include "err_util.h"
 #include "context.h"
+#include "misc.h"
 #include "gss_oids.h"
+#include "svcgssd_krb5.h"
 
 extern char * mech2file(gss_OID mech);
 #define SVCGSSD_CONTEXT_CHANNEL "/proc/net/rpc/auth.rpcsec.context/channel"
@@ -70,6 +72,7 @@ struct svc_cred {
        int     cr_ngroups;
        gid_t   cr_groups[NGROUPS];
 };
+static char vbuf[RPC_CHAN_BUF_SIZE];
 
 static int
 do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
@@ -91,6 +94,7 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred,
                             SVCGSSD_CONTEXT_CHANNEL, strerror(errno));
                goto out_err;
        }
+       setvbuf(f, vbuf, _IOLBF, RPC_CHAN_BUF_SIZE);
        qword_printhex(f, out_handle->value, out_handle->length);
        /* XXX are types OK for the rest of this? */
        /* For context cache, use the actual context endtime */
@@ -132,7 +136,7 @@ struct gss_verifier {
 #define RPCSEC_GSS_SEQ_WIN     5
 
 static int
-send_response(FILE *f, gss_buffer_desc *in_handle, gss_buffer_desc *in_token,
+send_response(gss_buffer_desc *in_handle, gss_buffer_desc *in_token,
              u_int32_t maj_stat, u_int32_t min_stat,
              gss_buffer_desc *out_handle, gss_buffer_desc *out_token)
 {
@@ -241,7 +245,7 @@ get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred)
                        "file for name '%s'\n", sname);
                goto out_free;
        }
-       nfs4_init_name_mapping(NULL); /* XXX: should only do this once */
+
        res = nfs4_gss_princ_to_ids(secname, sname, &uid, &gid);
        if (res < 0) {
                /*
@@ -431,12 +435,6 @@ handle_nullreq(FILE *f) {
        print_hexl("in_tok", in_tok.value, in_tok.length);
 #endif
 
-       if (in_tok.length < 0) {
-               printerr(0, "WARNING: handle_nullreq: "
-                           "failed parsing request\n");
-               goto out_err;
-       }
-
        if (in_handle.length != 0) { /* CONTINUE_INIT case */
                if (in_handle.length != sizeof(ctx)) {
                        printerr(0, "WARNING: handle_nullreq: "
@@ -449,6 +447,10 @@ handle_nullreq(FILE *f) {
                memcpy(&ctx, in_handle.value, in_handle.length);
        }
 
+       if (svcgssd_limit_krb5_enctypes()) {
+               goto out_err;
+       }
+
        maj_stat = gss_accept_sec_context(&min_stat, &ctx, gssd_creds,
                        &in_tok, GSS_C_NO_CHANNEL_BINDINGS, &client_name,
                        &mech, &out_tok, &ret_flags, NULL, NULL);
@@ -498,7 +500,7 @@ handle_nullreq(FILE *f) {
        do_svc_downcall(&out_handle, &cred, mech, &ctx_token, ctx_endtime,
                        hostbased_name);
 continue_needed:
-       send_response(f, &in_handle, &in_tok, maj_stat, min_stat,
+       send_response(&in_handle, &in_tok, maj_stat, min_stat,
                        &out_handle, &out_tok);
 out:
        if (ctx_token.value != NULL)
@@ -514,7 +516,7 @@ out:
 out_err:
        if (ctx != GSS_C_NO_CONTEXT)
                gss_delete_sec_context(&ignore_min_stat, &ctx, &ignore_out_tok);
-       send_response(f, &in_handle, &in_tok, maj_stat, min_stat,
+       send_response(&in_handle, &in_tok, maj_stat, min_stat,
                        &null_token, &null_token);
        goto out;
 }