X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fgssd%2Fsvcgssd_proc.c;h=b390beae2fe90ef17908e816b976d34442d540f3;hp=794c2f42ec9bbf1cbc92b8e42356dae874ab2977;hb=d78a45a152d2270b6e92b451b6b4585567ec2f8a;hpb=6a6e6526d7c6db42688d5fd32a6b555489b49cae diff --git a/utils/gssd/svcgssd_proc.c b/utils/gssd/svcgssd_proc.c index 794c2f4..b390bea 100644 --- a/utils/gssd/svcgssd_proc.c +++ b/utils/gssd/svcgssd_proc.c @@ -33,6 +33,10 @@ */ +#ifdef HAVE_CONFIG_H +#include +#endif /* HAVE_CONFIG_H */ + #include #include #include @@ -46,6 +50,7 @@ #include #include #include +#include #include "svcgssd.h" #include "gss_util.h" @@ -67,7 +72,8 @@ struct svc_cred { static int do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred, - gss_OID mech, gss_buffer_desc *context_token) + gss_OID mech, gss_buffer_desc *context_token, + int32_t endtime) { FILE *f; int i; @@ -86,13 +92,15 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred, } qword_printhex(f, out_handle->value, out_handle->length); /* XXX are types OK for the rest of this? */ - qword_printint(f, 0x7fffffff); /*XXX need a better timeout */ + /* For context cache, use the actual context endtime */ + qword_printint(f, endtime); qword_printint(f, cred->cr_uid); qword_printint(f, cred->cr_gid); qword_printint(f, cred->cr_ngroups); - printerr(2, "mech: %s, hndl len: %d, ctx len %d, timeout: %d, " + printerr(2, "mech: %s, hndl len: %d, ctx len %d, timeout: %d (%d from now), " "uid: %d, gid: %d, num aux grps: %d:\n", - fname, out_handle->length, context_token->length, 0x7fffffff, + fname, out_handle->length, context_token->length, + endtime, endtime - time(0), cred->cr_uid, cred->cr_gid, cred->cr_ngroups); for (i=0; i < cred->cr_ngroups; i++) { qword_printint(f, cred->cr_groups[i]); @@ -104,7 +112,7 @@ do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred, fclose(f); return err; out_err: - printerr(0, "WARNING: downcall failed\n"); + printerr(1, "WARNING: downcall failed\n"); return -1; } @@ -130,7 +138,8 @@ send_response(FILE *f, gss_buffer_desc *in_handle, gss_buffer_desc *in_token, qword_addhex(&bp, &blen, in_handle->value, in_handle->length); qword_addhex(&bp, &blen, in_token->value, in_token->length); - qword_addint(&bp, &blen, 0x7fffffff); /*XXX need a better timeout */ + /* For init cache, only needed for a short time */ + qword_addint(&bp, &blen, time(0) + 60); qword_adduint(&bp, &blen, maj_stat); qword_adduint(&bp, &blen, min_stat); qword_addhex(&bp, &blen, out_handle->value, out_handle->length); @@ -242,7 +251,7 @@ get_ids(gss_name_t client_name, gss_OID mech, struct svc_cred *cred) res = 0; goto out_free; } - printerr(0, "WARNING: get_ids: failed to map name '%s' " + printerr(1, "WARNING: get_ids: failed to map name '%s' " "to uid/gid: %s\n", sname, strerror(-res)); goto out_free; } @@ -320,6 +329,7 @@ handle_nullreq(FILE *f) { static char *lbuf = NULL; static int lbuflen = 0; static char *cp; + int32_t ctx_endtime; printerr(1, "handling null request\n"); @@ -374,7 +384,7 @@ handle_nullreq(FILE *f) { goto continue_needed; } else if (maj_stat != GSS_S_COMPLETE) { - printerr(0, "WARNING: gss_accept_sec_context failed\n"); + printerr(1, "WARNING: gss_accept_sec_context failed\n"); pgsserr("handle_nullreq: gss_accept_sec_context", maj_stat, min_stat, mech); goto out_err; @@ -396,7 +406,7 @@ handle_nullreq(FILE *f) { /* kernel needs ctx to calculate verifier on null response, so * must give it context before doing null call: */ - if (serialize_context_for_kernel(ctx, &ctx_token, mech)) { + if (serialize_context_for_kernel(ctx, &ctx_token, mech, &ctx_endtime)) { printerr(0, "WARNING: handle_nullreq: " "serialize_context_for_kernel failed\n"); maj_stat = GSS_S_FAILURE; @@ -405,7 +415,7 @@ handle_nullreq(FILE *f) { /* We no longer need the gss context */ gss_delete_sec_context(&ignore_min_stat, &ctx, &ignore_out_tok); - do_svc_downcall(&out_handle, &cred, mech, &ctx_token); + do_svc_downcall(&out_handle, &cred, mech, &ctx_token, ctx_endtime); continue_needed: send_response(f, &in_handle, &in_tok, maj_stat, min_stat, &out_handle, &out_tok);