libtirpc/libtirpc-0.3.3-rc2.patch

838 lines
26 KiB
Diff
Raw Normal View History

diff --git a/configure.ac b/configure.ac
index 99a0d33..06f2fca 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5,6 +5,33 @@ AC_CONFIG_SRCDIR([src/auth_des.c])
AC_CONFIG_MACRO_DIR([m4])
AC_PROG_CC
+# LT_VERSION_INFO="current:revision:age"
+#
+# From the libtool manual:
+#
+# 1. Start with version information of 0:0:0 for each libtool library.
+# 2. Update the version information only immediately before a public
+# release of your software. More frequent updates are unnecessary,
+# and only guarantee that the current interface number gets larger faster.
+# 3. If the library source code has changed at all since the last update,
+# then increment revision (c:r:a becomes c:r+1:a).
+# 4. If any interfaces have been added, removed, or changed since the last
+# update, increment current, and set revision to 0.
+# 5. If any interfaces have been added since the last public release,
+# then increment age.
+# 6. If any interfaces have been removed since the last public release,
+# then set age to 0.
+#
+# _Never_ try to set the interface numbers so that they correspond to the
+# release number of your package. This is an abuse that only fosters
+# misunderstanding of the purpose of library versions.
+#
+# In addition to these rules, symbol versioning is now in effect. soname
+# changes should be avoided.
+#
+LT_VERSION_INFO="2:0:1"
+AC_SUBST([LT_VERSION_INFO])
+
AC_CHECK_HEADER([gssapi/gssapi.h], [HAVE_GSSAPI_H=yes], [HAVE_GSSAPI_H=no])
AC_ARG_ENABLE(gssapi,
diff --git a/man/rpc_gss_get_mech_info.3t b/man/rpc_gss_get_mech_info.3t
index 1f3ba04..44f0df3 100644
--- a/man/rpc_gss_get_mech_info.3t
+++ b/man/rpc_gss_get_mech_info.3t
@@ -29,28 +29,33 @@
.Os
.Sh NAME
.Nm rpc_gss_get_mech_info
-.Nd "Get extra information about a security mechanism"
+.Nd "Get Quality of Protection information for a security mechanism"
.Sh SYNOPSIS
.In rpc/rpcsec_gss.h
.Ft const char **
.Fn rpc_gss_get_mech_info "const char *mech" "rpc_gss_service_t *service"
.Sh DESCRIPTION
-This function looks up a mechanism by name by reading the file
-/etc/gss/mech and queries it for its capabilities.
+This function returns the list of QOP names supported by the
+GSS_API mechanism named "mech".
.Sh PARAMETERS
.Bl -tag -width ".It service"
.It mech
-The mechanism to search for
+The name of a GSS_API mechanism.
+"kerberos_v5" is currently the only supported mechanism.
.It service
-If the mechanism is found, the maximum supported service type is
-returned in
-.Fa *service
+Buffer in which maximum service type is planted
.El
.Sh RETURN VALUES
-If the mechanism is found,
-a list of the supported qualities of protection is returned,
-otherwise
-.Dv NULL .
+If the named GSS_API mechanism is recognized,
+a list of the supported Qualities of Protection is returned.
+The maximum supported service type for the mechanism is returned in
+.Fa *service .
+Otherwise
+.Dv NULL
+is returned.
+.Pp
+Note: The returned QOP list is statically allocated memory.
+The caller must not free this array.
.Sh AVAILABILITY
The
.Fn rpc_gss_get_mech_info
diff --git a/man/rpc_gss_getcred.3t b/man/rpc_gss_getcred.3t
index 8589f08..691df31 100644
--- a/man/rpc_gss_getcred.3t
+++ b/man/rpc_gss_getcred.3t
@@ -51,7 +51,6 @@ If non-null,
.Fa *rcred
is set to point at the raw credentials for this request
.It ucred
-.It rcred
If non-null,
.Fa *ucred
is set to point at the corresponding unix credentials
diff --git a/man/rpc_gss_is_installed.3t b/man/rpc_gss_is_installed.3t
index 274a1f0..d5f5e44 100644
--- a/man/rpc_gss_is_installed.3t
+++ b/man/rpc_gss_is_installed.3t
@@ -29,23 +29,24 @@
.Os
.Sh NAME
.Nm rpc_gss_is_installed
-.Nd "Query for the presence os a security mechanism"
+.Nd "Query for the presence of a security mechanism"
.Sh SYNOPSIS
.In rpc/rpcsec_gss.h
.Ft bool_t
.Fn rpc_gss_is_installed "const char *mech"
.Sh DESCRIPTION
-This function looks up a mechanism by name by reading the file
-/etc/gss/mech.
+This function indicates whether the GSS_API mechanism named "mech"
+is installed and enabled.
.Sh PARAMETERS
.Bl -tag -width ".It mech"
.It mech
-The mechanism to search for
+The name of a GSS_API mechanism.
+"kerberos_v5" is currently the only supported mechanism.
.El
.Sh RETURN VALUES
Returns
.Dv TRUE
-if the mechanism is installed,
+if the named GSS_API mechanism is installed and enabled,
.Dv FALSE
otherwise.
.Sh AVAILABILITY
diff --git a/man/rpc_gss_mech_to_oid.3t b/man/rpc_gss_mech_to_oid.3t
index 8bbe616..4a1b25d 100644
--- a/man/rpc_gss_mech_to_oid.3t
+++ b/man/rpc_gss_mech_to_oid.3t
@@ -35,22 +35,27 @@
.Ft bool_t
.Fn rpc_gss_mech_to_oid "const char *mech" "gss_OID *oid_ret"
.Sh DESCRIPTION
-This function looks up a mechanism by name by reading the file
-/etc/gss/mech.
+This function returns the GSS OID associated with the GSS_API
+mechanism "mech".
.Sh PARAMETERS
.Bl -tag -width ".It oid_ret"
.It mech
-The mechanism name to search for
+The name of a GSS_API mechanism.
+"kerberos_v5" is currently the only supported mechanism.
.It oid_ret
-If the mechanism is found, the corresponding GSS-API oid is returned
-in
-.Fa *oid_ret
+Buffer in which to place the returned OID
.El
.Sh RETURN VALUES
-If the mechanism is found,
+If the GSS_API mechanism name is recognized,
.Dv TRUE
-is returned, otherwise
-.Dv FALSE .
+is returned.
+The corresponding GSS-API oid is returned in
+.Fa *oid_ret .
+Otherwise
+.Dv FALSE
+is returned and
+.Fa *oid_ret
+is left untouched.
.Sh AVAILABILITY
The
.Fn rpc_gss_mech_to_oid
diff --git a/man/rpc_gss_qop_to_num.3t b/man/rpc_gss_qop_to_num.3t
index 3968216..7ac1a4c 100644
--- a/man/rpc_gss_qop_to_num.3t
+++ b/man/rpc_gss_qop_to_num.3t
@@ -29,30 +29,37 @@
.Os
.Sh NAME
.Nm rpc_gss_qop_to_num
-.Nd "Convert a quality of protection name to number"
+.Nd "Convert a Quality of Protection name to number"
.Sh SYNOPSIS
.In rpc/rpcsec_gss.h
.Ft bool_t
.Fn rpc_gss_qop_to_num "const char *qop" "const char *mech" "u_int *num_ret"
.Sh DESCRIPTION
-This function looks up a quality of protection by name by reading the file
-/etc/gss/qop.
+This function returns the numeric QOP value associated with the
+GSS_API QOP "qop" and mechanism "mech."
.Sh PARAMETERS
.Bl -tag -width ".It number_ret"
.It qop
-The quality of protection to search for
+The name of Quality of Protection associated with the
+GSS_API mechanism "mech".
+"GSS_C_QOP_DEFAULT" is currently the only supported QOP.
.It mech
-The mechanism name to search for
+The name of a GSS_API mechanism.
+"kerberos_v5" is currently the only supported mechanism.
.It number_ret
-If the quality of protection is found, the corresponding number is
-returned in
-.Fa *num_ret
+Buffer in which to place the returned QOP number
.El
.Sh RETURN VALUES
-If the value is found,
+If the QOP and mechanism names are recognized,
.Dv TRUE
-is returned, otherwise
-.Dv FALSE .
+is returned.
+The corresponding QOP number is returned in
+.Fa *num_ret .
+Otherwise
+.Dv FALSE
+is returned and
+.It number_ret
+is left untouched.
.Sh AVAILABILITY
The
.Fn rpc_gss_qop_to_num
diff --git a/man/rpc_gss_seccreate.3t b/man/rpc_gss_seccreate.3t
index 9f526a6..b52df19 100644
--- a/man/rpc_gss_seccreate.3t
+++ b/man/rpc_gss_seccreate.3t
@@ -55,9 +55,8 @@ For instance, a principal such as
.Qq nfs@server.example.com
might be used by an application which needs to contact an NFS server
.It mechanism
-The desired mechanism for this security context.
-The value of mechanism should be the name of one of the security
-mechanisms listed in /etc/gss/mech.
+The name of the GSS_API mechanism to use for the new security context.
+"kerberos_v5" is currently the only supported mechanism.
.It service
Type of service requested.
.Bl -tag -width "rpc_gss_svc_integrity"
@@ -72,8 +71,9 @@ RPC headers and data are integrity protected by a checksum.
RPC headers are integrity protected by a checksum and data is encrypted.
.El
.It qop
-Desired quality of protection or NULL for the default.
-Available values are listed in /etc/gss/qop
+The name of the Quality of Protection to use for the new security context,
+or NULL to use the default QOP.
+"GSS_C_QOP_DEFAULT" is currently the only supported QOP.
.It options_req
Extra security context options to be passed to the underlying GSS-API
mechanism.
diff --git a/src/Makefile.am b/src/Makefile.am
index 6cc567a..0fb827b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -12,36 +12,8 @@ AM_CPPFLAGS = -I$(top_srcdir)/tirpc -include config.h -DPORTMAP -DINET6 \
lib_LTLIBRARIES = libtirpc.la
-#
-# Set the library version information
-#
-# According to the libtool manual:
-#
-# "This flag accepts an argument of the form current[:revision[:age]].
-#
-# If either revision or age are omitted, they default to 0. Also note that
-# age must be less than or equal to the current interface number.
-#
-# Here are a set of rules to help you update your library version information:
-#
-# 1. Start with version information of 0:0:0 for each libtool library.
-# 2. Update the version information only immediately before a public
-# release of your software. More frequent updates are unnecessary,
-# and only guarantee that the current interface number gets larger faster.
-# 3. If the library source code has changed at all since the last update,
-# then increment revision (c:r:a becomes c:r+1:a).
-# 4. If any interfaces have been added, removed, or changed since the last
-# update, increment current, and set revision to 0.
-# 5. If any interfaces have been added since the last public release,
-# then increment age.
-# 6. If any interfaces have been removed since the last public release,
-# then set age to 0.
-#
-# _Never_ try to set the interface numbers so that they correspond to the
-# release number of your package. This is an abuse that only fosters
-# misunderstanding of the purpose of library versions."
-#
-libtirpc_la_LDFLAGS = -lpthread -version-info 1:10:0
+libtirpc_la_LDFLAGS = -Wl,-no-undefined -lpthread
+libtirpc_la_LDFLAGS += -version-info @LT_VERSION_INFO@
libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
@@ -50,11 +22,12 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \
rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
+ svc_auth_des.c \
svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
auth_time.c auth_des.c authdes_prot.c debug.c
## XDR
-libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c
+libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
if SYMVERS
libtirpc_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libtirpc.map
@@ -69,7 +42,7 @@ if GSS
endif
libtirpc_la_SOURCES += key_call.c key_prot_xdr.c getpublickey.c
-libtirpc_la_SOURCES += netname.c netnamer.c rtime.c
+libtirpc_la_SOURCES += netname.c netnamer.c rpcdname.c rtime.c
CLEANFILES = cscope.* *~
DISTCLEANFILES = Makefile.in
diff --git a/src/auth_gss.c b/src/auth_gss.c
index 722d54c..4fa8568 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -821,7 +821,6 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
clnt->cl_auth = auth;
if (_rpc_gss_refresh(auth, ret) == FALSE) {
- authgss_destroy(auth);
auth = NULL;
} else {
rpc_gss_clear_error();
diff --git a/src/libtirpc.map b/src/libtirpc.map
index 063cddd..7d7f40f 100644
--- a/src/libtirpc.map
+++ b/src/libtirpc.map
@@ -316,6 +316,15 @@ TIRPC_0.3.2 {
xdr_unixcred;
} TIRPC_0.3.1;
+TIRPC_0.3.3 {
+ __getpublickey_LOCAL;
+ __key_decryptsession_pk_LOCAL;
+ __key_encryptsession_pk_LOCAL;
+ __key_gendes_LOCAL;
+ xdr_sizeof;
+ authdes_pk_create;
+} TIRPC_0.3.2;
+
TIRPC_PRIVATE {
global:
__libc_clntudp_bufcreate;
diff --git a/src/rpc_com.h b/src/rpc_com.h
index 52a8c48..10bec79 100644
--- a/src/rpc_com.h
+++ b/src/rpc_com.h
@@ -40,47 +40,20 @@
#ifndef _TIRPC_RPCCOM_H
#define _TIRPC_RPCCOM_H
-
-/* #pragma ident "@(#)rpc_com.h 1.11 93/07/05 SMI" */
-
-/*
- * The max size of the transport, if the size cannot be determined
- * by other means.
- */
-#define RPC_MAXDATASIZE 9000
-#define RPC_MAXADDRSIZE 1024
-
-#define __RPC_GETXID(now) ((u_int32_t)getpid() ^ (u_int32_t)(now)->tv_sec ^ \
- (u_int32_t)(now)->tv_usec)
+#include <rpc/rpc_com.h>
#ifdef __cplusplus
extern "C" {
#endif
-extern u_int __rpc_get_a_size(int);
-extern int __rpc_dtbsize(void);
-extern struct netconfig * __rpcgettp(int);
-extern int __rpc_get_default_domain(char **);
-struct netbuf *__rpc_set_netbuf(struct netbuf *, const void *, size_t);
-char *__rpc_taddr2uaddr_af(int, const struct netbuf *);
-struct netbuf *__rpc_uaddr2taddr_af(int, const char *);
-int __rpc_fixup_addr(struct netbuf *, const struct netbuf *);
-int __rpc_sockinfo2netid(struct __rpc_sockinfo *, const char **);
-int __rpc_seman2socktype(int);
-int __rpc_socktype2seman(int);
-void *rpc_nullproc(CLIENT *);
-int __rpc_sockisbound(int);
+struct netbuf *__rpc_set_netbuf(struct netbuf *, const void *, size_t);
-struct netbuf *__rpcb_findaddr(rpcprog_t, rpcvers_t, const struct netconfig *,
- const char *, CLIENT **);
struct netbuf *__rpcb_findaddr_timed(rpcprog_t, rpcvers_t,
const struct netconfig *, const char *host, CLIENT **clpp,
struct timeval *tp);
bool_t __rpc_control(int,void *);
-char *_get_next_token(char *, int);
-
bool_t __svc_clean_idle(fd_set *, int, bool_t);
bool_t __xdrrec_setnonblock(XDR *, int);
bool_t __xdrrec_getrec(XDR *, enum xprt_stat *, bool_t);
diff --git a/src/rpc_gss_utils.c b/src/rpc_gss_utils.c
index 9a7fed3..80fc78a 100644
--- a/src/rpc_gss_utils.c
+++ b/src/rpc_gss_utils.c
@@ -159,6 +159,7 @@ static char *_rpc_gss_krb5_qop_names[] = {
NULL,
};
+/* GSS_MECH_KRB5_OID: Defined by RFC 1964 */
static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5 = {
.mi_name = "kerberos_v5",
.mi_oid = { 9, "\052\206\110\206\367\022\001\002\002" },
@@ -166,8 +167,17 @@ static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5 = {
.mi_qops = _rpc_gss_krb5_qops,
};
+/* GSS_KRB5_NT_PRINCIPAL_NAME: Defined by RFC 1964 */
+static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5_princname = {
+ .mi_name = "kerberos_v5",
+ .mi_oid = { 10, "\052\206\110\206\367\022\001\002\002\001" },
+ .mi_qop_names = _rpc_gss_krb5_qop_names,
+ .mi_qops = _rpc_gss_krb5_qops,
+};
+
static struct _rpc_gss_mechanism *_rpc_gss_mechanisms[] = {
&_rpc_gss_mech_kerberos_v5,
+ &_rpc_gss_mech_kerberos_v5_princname,
NULL,
};
@@ -187,13 +197,20 @@ _rpc_gss_find_mechanism(char *mechanism)
return NULL;
}
+static bool_t
+_rpc_gss_OID_equal(rpc_gss_OID o1, rpc_gss_OID o2)
+{
+ return (o1->length == o2->length) &&
+ (memcmp(o1->elements, o2->elements, o1->length) == 0);
+}
+
static struct _rpc_gss_mechanism *
_rpc_gss_find_oid(rpc_gss_OID oid)
{
unsigned int i;
for (i = 0; _rpc_gss_mechanisms[i] != NULL; i++)
- if (g_OID_equal(oid, &_rpc_gss_mechanisms[i]->mi_oid))
+ if (_rpc_gss_OID_equal(oid, &_rpc_gss_mechanisms[i]->mi_oid))
return _rpc_gss_mechanisms[i];
return NULL;
}
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index e146ed4..1ec7b3f 100644
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -61,6 +61,7 @@
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
+#include <rpcsvc/nis.h>
#include "rpc_com.h"
@@ -531,7 +532,6 @@ authdes_create(servername, window, syncaddr, ckey)
struct sockaddr *syncaddr; /* optional hostaddr to sync with */
des_block *ckey; /* optional conversation key to use */
{
- AUTH *dummy;
AUTH *nauth;
char hostname[NI_MAXHOST];
@@ -540,19 +540,68 @@ authdes_create(servername, window, syncaddr, ckey)
* Change addr to hostname, because that is the way
* new interface takes it.
*/
- if (getnameinfo(syncaddr, sizeof(syncaddr), hostname,
- sizeof hostname, NULL, 0, 0) != 0)
- goto fallback;
-
+ switch (syncaddr->sa_family) {
+ case AF_INET:
+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname,
+ sizeof hostname, NULL, 0, 0) != 0)
+ goto fallback;
+ break;
+ case AF_INET6:
+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in6), hostname,
+ sizeof hostname, NULL, 0, 0) != 0)
+ goto fallback;
+ break;
+ default:
+ goto fallback;
+ }
nauth = authdes_seccreate(servername, window, hostname, ckey);
return (nauth);
}
fallback:
- dummy = authdes_seccreate(servername, window, NULL, ckey);
- return (dummy);
+ return authdes_seccreate(servername, window, NULL, ckey);
}
/*
+ * Create the client des authentication object. Obsoleted by
+ * authdes_pk_seccreate().
+ */
+extern AUTH *authdes_pk_seccreate(const char *, netobj *, u_int, const char *,
+ const des_block *, nis_server *);
+
+AUTH *
+authdes_pk_create(servername, pkey, window, syncaddr, ckey)
+ char *servername; /* network name of server */
+ netobj *pkey; /* public key */
+ u_int window; /* time to live */
+ struct sockaddr *syncaddr; /* optional hostaddr to sync with */
+ des_block *ckey; /* optional conversation key to use */
+{
+ AUTH *nauth;
+ char hostname[NI_MAXHOST];
+
+ if (syncaddr) {
+ /*
+ * Change addr to hostname, because that is the way
+ * new interface takes it.
+ */
+ switch (syncaddr->sa_family) {
+ case AF_INET:
+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname,
+ sizeof hostname, NULL, 0, 0) != 0)
+ goto fallback;
+ break;
+ default:
+ goto fallback;
+ }
+ nauth = authdes_pk_seccreate(servername, pkey, window, hostname, ckey, NULL);
+ return (nauth);
+ }
+fallback:
+ return authdes_pk_seccreate(servername, pkey, window, NULL, ckey, NULL);
+}
+
+
+/*
* Create a client handle for a unix connection. Obsoleted by clnt_vc_create()
*/
CLIENT *
diff --git a/src/rpcdname.c b/src/rpcdname.c
new file mode 100644
index 0000000..3e6a988
--- /dev/null
+++ b/src/rpcdname.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2009, Sun Microsystems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * - Neither the name of Sun Microsystems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * rpcdname.c
+ * Gets the default domain name
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+
+static char *default_domain = 0;
+
+static char *
+get_default_domain()
+{
+ char temp[256];
+
+ if (default_domain)
+ return (default_domain);
+ if (getdomainname(temp, sizeof(temp)) < 0)
+ return (0);
+ if ((int) strlen(temp) > 0) {
+ default_domain = (char *)malloc((strlen(temp)+(unsigned)1));
+ if (default_domain == 0)
+ return (0);
+ (void) strcpy(default_domain, temp);
+ return (default_domain);
+ }
+ return (0);
+}
+
+/*
+ * This is a wrapper for the system call getdomainname which returns a
+ * ypclnt.h error code in the failure case. It also checks to see that
+ * the domain name is non-null, knowing that the null string is going to
+ * get rejected elsewhere in the NIS client package.
+ */
+int
+__rpc_get_default_domain(domain)
+ char **domain;
+{
+ if ((*domain = get_default_domain()) != 0)
+ return (0);
+ return (-1);
+}
diff --git a/src/svc_auth.c b/src/svc_auth.c
index 31241c9..94029bb 100644
--- a/src/svc_auth.c
+++ b/src/svc_auth.c
@@ -38,6 +38,7 @@
#include <reentrant.h>
#include <sys/types.h>
#include <rpc/rpc.h>
+#include <rpc/auth_des.h>
#include <stdlib.h>
/*
@@ -109,11 +110,9 @@ _gss_authenticate(rqst, msg, no_dispatch)
case AUTH_SHORT:
dummy = _svcauth_short(rqst, msg);
return (dummy);
-#ifdef DES_BUILTIN
case AUTH_DES:
dummy = _svcauth_des(rqst, msg);
return (dummy);
-#endif
#ifdef HAVE_RPCSEC_GSS
case RPCSEC_GSS:
dummy = _svcauth_gss(rqst, msg, no_dispatch);
@@ -172,9 +171,7 @@ svc_auth_reg(cred_flavor, handler)
case AUTH_NULL:
case AUTH_SYS:
case AUTH_SHORT:
-#ifdef DES_BUILTIN
case AUTH_DES:
-#endif
#ifdef HAVE_RPCSEC_GSS
case RPCSEC_GSS:
#endif
diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c
index 08e2bee..5bc264c 100644
--- a/src/svc_auth_des.c
+++ b/src/svc_auth_des.c
@@ -433,7 +433,6 @@ cache_spot(key, name, timestamp)
}
-#if (defined(sun) || defined(vax) || defined(__FreeBSD__))
/*
* Local credential handling stuff.
* NOTE: bsd unix dependent.
@@ -528,5 +527,3 @@ invalidate(cred)
}
((struct bsdcred *)cred)->grouplen = INVALID;
}
-#endif
-
diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
index 016357b..0206e5e 100644
--- a/src/svc_auth_gss.c
+++ b/src/svc_auth_gss.c
@@ -235,28 +235,20 @@ static bool_t
_rpc_gss_fill_in_creds(struct svc_rpc_gss_data *gd, struct rpc_gss_cred *gc)
{
rpc_gss_rawcred_t *rcred = &gd->rcred;
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc buf;
rcred->version = gc->gc_v;
if (!rpc_gss_oid_to_mech(gd->sec.mech, &rcred->mechanism))
return FALSE;
rcred->service = _rpc_gss_svc_to_service(gd->sec.svc);
- maj_stat = gss_export_name(&min_stat, gd->client_name, &buf);
- if (maj_stat != GSS_S_COMPLETE) {
- gss_log_status("gss_export_name", maj_stat, min_stat);
- return FALSE;
- }
rcred->client_principal = calloc(1, sizeof(rpc_gss_principal_t) +
- buf.length);
- if (rcred->client_principal == NULL) {
- (void)gss_release_buffer(&min_stat, &buf);
+ gd->cname.length);
+ if (rcred->client_principal == NULL)
return FALSE;
- }
- rcred->client_principal->len = buf.length;
- (void)memcpy(rcred->client_principal->name, buf.value, buf.length);
- (void)gss_release_buffer(&min_stat, &buf);
+
+ rcred->client_principal->len = gd->cname.length;
+ (void)memcpy(rcred->client_principal->name,
+ gd->cname.value, gd->cname.length);
rcred->svc_principal = _svcauth_svc_name;
diff --git a/src/svc_generic.c b/src/svc_generic.c
index f49d776..7aae796 100644
--- a/src/svc_generic.c
+++ b/src/svc_generic.c
@@ -283,6 +283,8 @@ svc_tli_create(fd, nconf, bindaddr, sendsz, recvsz)
xprt->xp_type = __rpc_socktype2seman(si.si_socktype);
if (nconf) {
+ if (xprt->xp_netid != NULL)
+ free(xprt->xp_netid);
xprt->xp_netid = strdup(nconf->nc_netid);
xprt->xp_tp = strdup(nconf->nc_device);
}
diff --git a/src/svc_vc.c b/src/svc_vc.c
index 9824631..6848c09 100644
--- a/src/svc_vc.c
+++ b/src/svc_vc.c
@@ -392,6 +392,12 @@ svc_vc_destroy(xprt)
__svc_vc_dodestroy(xprt);
}
+static bool_t
+__svc_rendezvous_socket(xprt)
+ SVCXPRT *xprt;
+{
+ return (xprt->xp_ops->xp_recv == rendezvous_request);
+}
static void
__svc_vc_dodestroy(xprt)
SVCXPRT *xprt;
@@ -403,7 +409,7 @@ __svc_vc_dodestroy(xprt)
if (xprt->xp_fd != RPC_ANYFD)
(void)close(xprt->xp_fd);
- if (xprt->xp_port != 0) {
+ if (__svc_rendezvous_socket(xprt)) {
/* a rendezvouser socket */
r = (struct cf_rendezvous *)xprt->xp_p1;
mem_free(r, sizeof (struct cf_rendezvous));
diff --git a/src/xdr_sizeof.c b/src/xdr_sizeof.c
index cc5414b..d23fbd1 100644
--- a/src/xdr_sizeof.c
+++ b/src/xdr_sizeof.c
@@ -90,7 +90,7 @@ x_inline(xdrs, len)
if (xdrs->x_op != XDR_ENCODE) {
return (NULL);
}
- if (len < (u_int)xdrs->x_base) {
+ if (len < (uintptr_t)xdrs->x_base) {
/* x_private was already allocated */
xdrs->x_handy += len;
return ((int32_t *) xdrs->x_private);
@@ -102,7 +102,7 @@ x_inline(xdrs, len)
xdrs->x_base = 0;
return (NULL);
}
- xdrs->x_base = (caddr_t) len;
+ xdrs->x_base = (caddr_t)(uintptr_t)len;
xdrs->x_handy += len;
return ((int32_t *) xdrs->x_private);
}
diff --git a/tirpc/rpc/auth.h b/tirpc/rpc/auth.h
index 3e44863..e67779c 100644
--- a/tirpc/rpc/auth.h
+++ b/tirpc/rpc/auth.h
@@ -313,6 +313,8 @@ extern AUTH *authnone_create(void); /* takes no parameters */
extern "C" {
#endif
extern AUTH *authdes_create (char *, u_int, struct sockaddr *, des_block *);
+extern AUTH *authdes_pk_create (char *, netobj *, u_int,
+ struct sockaddr *, des_block *);
extern AUTH *authdes_seccreate (const char *, const u_int, const char *,
const des_block *);
#ifdef __cplusplus
diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h
index a17b34b..5316ed6 100644
--- a/tirpc/rpc/auth_gss.h
+++ b/tirpc/rpc/auth_gss.h
@@ -73,11 +73,6 @@ struct authgss_private_data {
u_int pd_seq_win; /* Sequence window */
};
-#define g_OID_equal(o1, o2) \
- (((o1)->length == (o2)->length) && \
- ((o1)->elements != 0) && ((o2)->elements != 0) && \
- (memcmp((o1)->elements, (o2)->elements, (int) (o1)->length) == 0))
-
/* from kerberos source, gssapi_krb5.c */
extern gss_OID_desc krb5oid;
extern gss_OID_desc spkm3oid;
diff --git a/tirpc/rpc/svc.h b/tirpc/rpc/svc.h
index 8273c95..f647095 100644
--- a/tirpc/rpc/svc.h
+++ b/tirpc/rpc/svc.h
@@ -88,6 +88,7 @@ enum xprt_stat {
*/
typedef struct __rpc_svcxprt {
int xp_fd;
+#define xp_sock xp_fd
u_short xp_port; /* associated port number */
const struct xp_ops {
/* receive incoming requests */
diff --git a/tirpc/rpc/xdr.h b/tirpc/rpc/xdr.h
index 64069ab..80b35ce 100644
--- a/tirpc/rpc/xdr.h
+++ b/tirpc/rpc/xdr.h
@@ -327,6 +327,7 @@ extern bool_t xdr_hyper(XDR *, quad_t *);
extern bool_t xdr_u_hyper(XDR *, u_quad_t *);
extern bool_t xdr_longlong_t(XDR *, quad_t *);
extern bool_t xdr_u_longlong_t(XDR *, u_quad_t *);
+extern u_long xdr_sizeof(xdrproc_t, void *);
#ifdef __cplusplus
}
#endif