| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Various paranoia checks:
gssd_proc.c: pass max_field sizes to sscanf to avoid buffer
overflow
svcgssd_proc.c: range_check name.length, to ensure name.length+1
doesn't wrap
idmapd.c(nfsdcb): make sure at least one byte is read before
zeroing the last byte that was read, otherwise memory corruption
is possible.
Found by SuSE security audit.
|
|
|
|
|
| |
Check for sufficient version of librpcsecgss and libgssapi
in configure.in
|
|
|
|
|
| |
Update aclocal/tcp-wrappers.m4 to define HAVE_LIBWRAP and
HAVE_TCP_WRAPPERS as appropriate.
|
| |
|
|
|
|
|
|
|
| |
Update calls to gss_export_lucid_sec_context()
Change the calls to gss_export_lucid_sec_context() to match the corrected
interface definition in libgssapi-0.9.
|
|
|
|
|
|
| |
Plug memory leaks in svcgssd
Various memory leaks in the svcgssd context processing are eliminated.
|
|
|
|
|
|
|
| |
Fix memory leak of the AUTH structure on context negotiations
Free AUTH structure after completing context negotiation and sending
context information to the kernel.
|
|
|
|
| |
Fix support/include/config.h.in such as would be done be running autoheader.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of having separate copies of the gssapi and rpcsecgss
header files, or depending on the Kerberos gssapi header,
locate the headers now installed with the libgssapi and librpcsecgss
libraries.
Remove local copies of the gssapi and rpcsecgss header files.
This depends on the configure_use_autotools patch.
|
|
|
|
|
|
|
| |
Print debugging message indicating the type of encryption keys being sent
down to the kernel. This should make it easier to detect cases where
unsupported encryption types are being negotiated.
(really this time)
|
|
|
|
|
|
|
|
|
|
| |
From: Vince Busam <vbusam@google.com>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Don't unnecessarily close and re-open all pipes after every DNOTIFY
signal. These unnecessary closes were triggering a kernel Oops.
Original patch modified to correct segfault when unmounting last
NFSv4 mount.
|
|
|
|
|
|
|
|
|
| |
From: Vince Busam <vbusam@google.com>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add command line option to specify which directory should be searched
to find credentials caches.
(really this time)
|
|
|
|
|
|
|
|
| |
We need to get access to the internal krb5 context pointer for
older (pre-1.4) versions of MIT Kerberos. We get a pointer to
the gss glue's context. Get the right pointer before accessing
the context information.
(really this time)
|
|
|
|
|
|
| |
warning.
(really this time)
|
|
|
|
|
|
|
|
|
|
|
| |
The gssd code should not know about the glue layer's context structure.
A previous patch added gss_export_lucid_sec_context() and
gss_free_lucid_sec_context() functions to the gssapi glue layer.
Use these functions rather than calling directly to the Kerberos
gssapi code (which requires the Kerberos context handle rather
than the glue's context handle).
(really this time)
|
| |
|
|
|
|
|
| |
into their own file.
(Really this time)
|
|
|
|
|
|
| |
Read and process new configuration option, Cache-Expiration, and use
the value to determine how long idmapping entries are cached.
(Really this time)
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Print debugging message indicating the type of encryption keys being sent
down to the kernel. This should make it easier to detect cases where
unsupported encryption types are being negotiated.
|
|
|
|
|
|
|
| |
Don't unnecessarily close and re-open all pipes after every DNOTIFY
signal. These unnecessary closes were triggering a kernel Oops.
Original patch modified to correct segfault when unmounting last
NFSv4 mount.
|
|
|
|
|
| |
Add command line option to specify which directory should be searched
to find credentials caches.
|
|
|
|
|
|
|
| |
We need to get access to the internal krb5 context pointer for
older (pre-1.4) versions of MIT Kerberos. We get a pointer to
the gss glue's context. Get the right pointer before accessing
the context information.
|
|
|
|
| |
Remove unused groups variable from get_ids() which was causing a compiler warning.
|
|
|
|
|
|
|
|
|
| |
The gssd code should not know about the glue layer's context structure.
A previous patch added gss_export_lucid_sec_context() and
gss_free_lucid_sec_context() functions to the gssapi glue layer.
Use these functions rather than calling directly to the Kerberos
gssapi code (which requires the Kerberos context handle rather
than the glue's context handle).
|
|
|
|
| |
into their own file.
|
|
|
|
|
|
|
|
|
|
|
| |
Remove directory svcgssd which was only created because the old
build system could not handle building two daemons in the same
directory. This eliminates build complications since gssd and
svcgssd also share many source files.
This patch effectively removes the utils/svcgssd directory, moving
all its files to the utils/gssd directory. File utils/gssd/Makefile.am
is modified with directions to build both gssd and svcgssd.
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of having separate copies of the gssapi and rpcsecgss
header files, or depending on the Kerberos gssapi header,
locate the headers now installed with the libgssapi and librpcsecgss
libraries.
Remove local copies of the gssapi and rpcsecgss header files.
This depends on the configure_use_autotools patch.
|
|
|
|
|
| |
Read and process new configuration option, Cache-Expiration, and use
the value to determine how long idmapping entries are cached.
|
|
|
|
|
|
| |
This patch adds a call to the new libnfsidmap library function
nfs4_set_debug(), which defines the verbosity level libnfsidmap
should use as well as the logging function.
|
|
|
|
|
| |
Delete event processing for a file descriptor before closing it.
This was causing hangs when used in combination with libevent-1.0b.
|
|
|
|
|
| |
SuSE 10.0 puts krb5-config in yet another obscure location.
Look for it there and use it if found.
|
| |
|
|
|
|
|
|
|
| |
Add "$(DESTDIR)" to the paths for the "$(statedir)" files so they are
put in the right place when DESTDIR is defined.
Add the rpcsec header files to EXTRA_DIST list.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|