X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fgssd%2Fgssd_proc.c;h=336f3e9c1686e7bea708289206aebe96e753b221;hp=a55418b22ac61bc75b36e0966b25e272fd60c54a;hb=b7a3eb501f8eef61b7767445b2e09b4dca813c82;hpb=c4b2281c6c748b768de7a49af89660c9c1a68b11 diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c index a55418b..336f3e9 100644 --- a/utils/gssd/gssd_proc.c +++ b/utils/gssd/gssd_proc.c @@ -104,7 +104,7 @@ struct pollfd * pollarray; -int pollsize; /* the size of pollaray (in pollfd's) */ +unsigned long pollsize; /* the size of pollaray (in pollfd's) */ /* * convert a presentation address string to a sockaddr_storage struct. Returns @@ -299,15 +299,11 @@ destroy_client(struct clnt_info *clp) if (clp->krb5_poll_index != -1) memset(&pollarray[clp->krb5_poll_index], 0, sizeof(struct pollfd)); - if (clp->spkm3_poll_index != -1) - memset(&pollarray[clp->spkm3_poll_index], 0, - sizeof(struct pollfd)); if (clp->gssd_poll_index != -1) memset(&pollarray[clp->gssd_poll_index], 0, sizeof(struct pollfd)); if (clp->dir_fd != -1) close(clp->dir_fd); if (clp->krb5_fd != -1) close(clp->krb5_fd); - if (clp->spkm3_fd != -1) close(clp->spkm3_fd); if (clp->gssd_fd != -1) close(clp->gssd_fd); free(clp->dirname); free(clp->servicename); @@ -327,10 +323,8 @@ insert_new_clnt(void) goto out; } clp->krb5_poll_index = -1; - clp->spkm3_poll_index = -1; clp->gssd_poll_index = -1; clp->krb5_fd = -1; - clp->spkm3_fd = -1; clp->gssd_fd = -1; clp->dir_fd = -1; @@ -346,6 +340,25 @@ process_clnt_dir_files(struct clnt_info * clp) char gname[PATH_MAX]; char info_file_name[PATH_MAX]; + if (clp->gssd_close_me) { + printerr(2, "Closing 'gssd' pipe for %s\n", clp->dirname); + close(clp->gssd_fd); + memset(&pollarray[clp->gssd_poll_index], 0, + sizeof(struct pollfd)); + clp->gssd_fd = -1; + clp->gssd_poll_index = -1; + clp->gssd_close_me = 0; + } + if (clp->krb5_close_me) { + printerr(2, "Closing 'krb5' pipe for %s\n", clp->dirname); + close(clp->krb5_fd); + memset(&pollarray[clp->krb5_poll_index], 0, + sizeof(struct pollfd)); + clp->krb5_fd = -1; + clp->krb5_poll_index = -1; + clp->krb5_close_me = 0; + } + if (clp->gssd_fd == -1) { snprintf(gname, sizeof(gname), "%s/gssd", clp->dirname); clp->gssd_fd = open(gname, O_RDWR); @@ -355,30 +368,22 @@ process_clnt_dir_files(struct clnt_info * clp) snprintf(name, sizeof(name), "%s/krb5", clp->dirname); clp->krb5_fd = open(name, O_RDWR); } - if (clp->spkm3_fd == -1) { - snprintf(name, sizeof(name), "%s/spkm3", clp->dirname); - clp->spkm3_fd = open(name, O_RDWR); - } /* If we opened a gss-specific pipe, let's try opening * the new upcall pipe again. If we succeed, close * gss-specific pipe(s). */ - if (clp->krb5_fd != -1 || clp->spkm3_fd != -1) { + if (clp->krb5_fd != -1) { clp->gssd_fd = open(gname, O_RDWR); if (clp->gssd_fd != -1) { if (clp->krb5_fd != -1) close(clp->krb5_fd); clp->krb5_fd = -1; - if (clp->spkm3_fd != -1) - close(clp->spkm3_fd); - clp->spkm3_fd = -1; } } } - if ((clp->krb5_fd == -1) && (clp->spkm3_fd == -1) && - (clp->gssd_fd == -1)) + if ((clp->krb5_fd == -1) && (clp->gssd_fd == -1)) return -1; snprintf(info_file_name, sizeof(info_file_name), "%s/info", clp->dirname); @@ -431,15 +436,6 @@ insert_clnt_poll(struct clnt_info *clp) pollarray[clp->krb5_poll_index].events |= POLLIN; } - if ((clp->spkm3_fd != -1) && (clp->spkm3_poll_index == -1)) { - if (get_poll_index(&clp->spkm3_poll_index)) { - printerr(0, "ERROR: Too many spkm3 clients\n"); - return -1; - } - pollarray[clp->spkm3_poll_index].fd = clp->spkm3_fd; - pollarray[clp->spkm3_poll_index].events |= POLLIN; - } - return 0; } @@ -839,13 +835,6 @@ int create_auth_rpc_client(struct clnt_info *clp, sec.mech = (gss_OID)&krb5oid; sec.req_flags = GSS_C_MUTUAL_FLAG; } - else if (authtype == AUTHTYPE_SPKM3) { - sec.mech = (gss_OID)&spkm3oid; - /* XXX sec.req_flags = GSS_C_ANON_FLAG; - * Need a way to switch.... - */ - sec.req_flags = GSS_C_MUTUAL_FLAG; - } else { printerr(0, "ERROR: Invalid authentication type (%d) " "in create_auth_rpc_client\n", authtype); @@ -859,7 +848,7 @@ int create_auth_rpc_client(struct clnt_info *clp, * Do this before creating rpc connection since we won't need * rpc connection if it fails! */ - if (limit_krb5_enctypes(&sec, uid)) { + if (limit_krb5_enctypes(&sec)) { printerr(1, "WARNING: Failed while limiting krb5 " "encryption types for user with uid %d\n", uid); @@ -919,9 +908,8 @@ int create_auth_rpc_client(struct clnt_info *clp, auth = authgss_create_default(rpc_clnt, clp->servicename, &sec); if (!auth) { /* Our caller should print appropriate message */ - printerr(2, "WARNING: Failed to create %s context for " + printerr(2, "WARNING: Failed to create krb5 context for " "user with uid %d for server %s\n", - (authtype == AUTHTYPE_KRB5 ? "krb5":"spkm3"), uid, clp->servername); goto out_fail; } @@ -936,7 +924,7 @@ int create_auth_rpc_client(struct clnt_info *clp, if (sec.cred != GSS_C_NO_CREDENTIAL) gss_release_cred(&min_stat, &sec.cred); /* Restore euid to original value */ - if ((save_uid != -1) && (setfsuid(save_uid) != uid)) { + if (((int)save_uid != -1) && (setfsuid(save_uid) != (int)uid)) { printerr(0, "WARNING: Failed to restore fsuid" " to uid %d from %d\n", save_uid, uid); } @@ -1103,65 +1091,12 @@ out_return_error: goto out; } -/* - * this code uses the userland rpcsec gss library to create an spkm3 - * context on behalf of the kernel - */ -static void -process_spkm3_upcall(struct clnt_info *clp, uid_t uid, int fd) -{ - CLIENT *rpc_clnt = NULL; - AUTH *auth = NULL; - struct authgss_private_data pd; - gss_buffer_desc token; - - printerr(2, "handling spkm3 upcall (%s)\n", clp->dirname); - - token.length = 0; - token.value = NULL; - - if (create_auth_rpc_client(clp, &rpc_clnt, &auth, uid, AUTHTYPE_SPKM3)) { - printerr(0, "WARNING: Failed to create spkm3 context for " - "user with uid %d\n", uid); - goto out_return_error; - } - - if (!authgss_get_private_data(auth, &pd)) { - printerr(0, "WARNING: Failed to obtain authentication " - "data for user with uid %d for server %s\n", - uid, clp->servername); - goto out_return_error; - } - - if (serialize_context_for_kernel(pd.pd_ctx, &token, &spkm3oid, NULL)) { - printerr(0, "WARNING: Failed to serialize spkm3 context for " - "user with uid %d for server\n", - uid, clp->servername); - goto out_return_error; - } - - do_downcall(fd, uid, &pd, &token); - -out: - if (token.value) - free(token.value); - if (auth) - AUTH_DESTROY(auth); - if (rpc_clnt) - clnt_destroy(rpc_clnt); - return; - -out_return_error: - do_error_downcall(fd, uid, -1); - goto out; -} - void handle_krb5_upcall(struct clnt_info *clp) { uid_t uid; - if (read(clp->krb5_fd, &uid, sizeof(uid)) < sizeof(uid)) { + if (read(clp->krb5_fd, &uid, sizeof(uid)) < (ssize_t)sizeof(uid)) { printerr(0, "WARNING: failed reading uid from krb5 " "upcall pipe: %s\n", strerror(errno)); return; @@ -1170,20 +1105,6 @@ handle_krb5_upcall(struct clnt_info *clp) return process_krb5_upcall(clp, uid, clp->krb5_fd, NULL, NULL); } -void -handle_spkm3_upcall(struct clnt_info *clp) -{ - uid_t uid; - - if (read(clp->spkm3_fd, &uid, sizeof(uid)) < sizeof(uid)) { - printerr(0, "WARNING: failed reading uid from spkm3 " - "upcall pipe: %s\n", strerror(errno)); - return; - } - - return process_spkm3_upcall(clp, uid, clp->spkm3_fd); -} - void handle_gssd_upcall(struct clnt_info *clp) { @@ -1245,7 +1166,7 @@ handle_gssd_upcall(struct clnt_info *clp) goto out; if (sscanf(p, "enctypes=%s", enctypes) != 1) { printerr(0, "WARNING: handle_gssd_upcall: " - "failed to parse target name " + "failed to parse encryption types " "in upcall string '%s'\n", lbuf); goto out; } @@ -1292,8 +1213,6 @@ handle_gssd_upcall(struct clnt_info *clp) if (strcmp(mech, "krb5") == 0) process_krb5_upcall(clp, uid, clp->gssd_fd, target, service); - else if (strcmp(mech, "spkm3") == 0) - process_spkm3_upcall(clp, uid, clp->gssd_fd); else printerr(0, "WARNING: handle_gssd_upcall: " "received unknown gss mech '%s'\n", mech);