838 lines
26 KiB
Diff
838 lines
26 KiB
Diff
|
diff --git a/configure.ac b/configure.ac
|
||
|
index 99a0d33..06f2fca 100644
|
||
|
--- a/configure.ac
|
||
|
+++ b/configure.ac
|
||
|
@@ -5,6 +5,33 @@ AC_CONFIG_SRCDIR([src/auth_des.c])
|
||
|
AC_CONFIG_MACRO_DIR([m4])
|
||
|
AC_PROG_CC
|
||
|
|
||
|
+# LT_VERSION_INFO="current:revision:age"
|
||
|
+#
|
||
|
+# From the libtool manual:
|
||
|
+#
|
||
|
+# 1. Start with version information of 0:0:0 for each libtool library.
|
||
|
+# 2. Update the version information only immediately before a public
|
||
|
+# release of your software. More frequent updates are unnecessary,
|
||
|
+# and only guarantee that the current interface number gets larger faster.
|
||
|
+# 3. If the library source code has changed at all since the last update,
|
||
|
+# then increment revision (c:r:a becomes c:r+1:a).
|
||
|
+# 4. If any interfaces have been added, removed, or changed since the last
|
||
|
+# update, increment current, and set revision to 0.
|
||
|
+# 5. If any interfaces have been added since the last public release,
|
||
|
+# then increment age.
|
||
|
+# 6. If any interfaces have been removed since the last public release,
|
||
|
+# then set age to 0.
|
||
|
+#
|
||
|
+# _Never_ try to set the interface numbers so that they correspond to the
|
||
|
+# release number of your package. This is an abuse that only fosters
|
||
|
+# misunderstanding of the purpose of library versions.
|
||
|
+#
|
||
|
+# In addition to these rules, symbol versioning is now in effect. soname
|
||
|
+# changes should be avoided.
|
||
|
+#
|
||
|
+LT_VERSION_INFO="2:0:1"
|
||
|
+AC_SUBST([LT_VERSION_INFO])
|
||
|
+
|
||
|
AC_CHECK_HEADER([gssapi/gssapi.h], [HAVE_GSSAPI_H=yes], [HAVE_GSSAPI_H=no])
|
||
|
|
||
|
AC_ARG_ENABLE(gssapi,
|
||
|
diff --git a/man/rpc_gss_get_mech_info.3t b/man/rpc_gss_get_mech_info.3t
|
||
|
index 1f3ba04..44f0df3 100644
|
||
|
--- a/man/rpc_gss_get_mech_info.3t
|
||
|
+++ b/man/rpc_gss_get_mech_info.3t
|
||
|
@@ -29,28 +29,33 @@
|
||
|
.Os
|
||
|
.Sh NAME
|
||
|
.Nm rpc_gss_get_mech_info
|
||
|
-.Nd "Get extra information about a security mechanism"
|
||
|
+.Nd "Get Quality of Protection information for a security mechanism"
|
||
|
.Sh SYNOPSIS
|
||
|
.In rpc/rpcsec_gss.h
|
||
|
.Ft const char **
|
||
|
.Fn rpc_gss_get_mech_info "const char *mech" "rpc_gss_service_t *service"
|
||
|
.Sh DESCRIPTION
|
||
|
-This function looks up a mechanism by name by reading the file
|
||
|
-/etc/gss/mech and queries it for its capabilities.
|
||
|
+This function returns the list of QOP names supported by the
|
||
|
+GSS_API mechanism named "mech".
|
||
|
.Sh PARAMETERS
|
||
|
.Bl -tag -width ".It service"
|
||
|
.It mech
|
||
|
-The mechanism to search for
|
||
|
+The name of a GSS_API mechanism.
|
||
|
+"kerberos_v5" is currently the only supported mechanism.
|
||
|
.It service
|
||
|
-If the mechanism is found, the maximum supported service type is
|
||
|
-returned in
|
||
|
-.Fa *service
|
||
|
+Buffer in which maximum service type is planted
|
||
|
.El
|
||
|
.Sh RETURN VALUES
|
||
|
-If the mechanism is found,
|
||
|
-a list of the supported qualities of protection is returned,
|
||
|
-otherwise
|
||
|
-.Dv NULL .
|
||
|
+If the named GSS_API mechanism is recognized,
|
||
|
+a list of the supported Qualities of Protection is returned.
|
||
|
+The maximum supported service type for the mechanism is returned in
|
||
|
+.Fa *service .
|
||
|
+Otherwise
|
||
|
+.Dv NULL
|
||
|
+is returned.
|
||
|
+.Pp
|
||
|
+Note: The returned QOP list is statically allocated memory.
|
||
|
+The caller must not free this array.
|
||
|
.Sh AVAILABILITY
|
||
|
The
|
||
|
.Fn rpc_gss_get_mech_info
|
||
|
diff --git a/man/rpc_gss_getcred.3t b/man/rpc_gss_getcred.3t
|
||
|
index 8589f08..691df31 100644
|
||
|
--- a/man/rpc_gss_getcred.3t
|
||
|
+++ b/man/rpc_gss_getcred.3t
|
||
|
@@ -51,7 +51,6 @@ If non-null,
|
||
|
.Fa *rcred
|
||
|
is set to point at the raw credentials for this request
|
||
|
.It ucred
|
||
|
-.It rcred
|
||
|
If non-null,
|
||
|
.Fa *ucred
|
||
|
is set to point at the corresponding unix credentials
|
||
|
diff --git a/man/rpc_gss_is_installed.3t b/man/rpc_gss_is_installed.3t
|
||
|
index 274a1f0..d5f5e44 100644
|
||
|
--- a/man/rpc_gss_is_installed.3t
|
||
|
+++ b/man/rpc_gss_is_installed.3t
|
||
|
@@ -29,23 +29,24 @@
|
||
|
.Os
|
||
|
.Sh NAME
|
||
|
.Nm rpc_gss_is_installed
|
||
|
-.Nd "Query for the presence os a security mechanism"
|
||
|
+.Nd "Query for the presence of a security mechanism"
|
||
|
.Sh SYNOPSIS
|
||
|
.In rpc/rpcsec_gss.h
|
||
|
.Ft bool_t
|
||
|
.Fn rpc_gss_is_installed "const char *mech"
|
||
|
.Sh DESCRIPTION
|
||
|
-This function looks up a mechanism by name by reading the file
|
||
|
-/etc/gss/mech.
|
||
|
+This function indicates whether the GSS_API mechanism named "mech"
|
||
|
+is installed and enabled.
|
||
|
.Sh PARAMETERS
|
||
|
.Bl -tag -width ".It mech"
|
||
|
.It mech
|
||
|
-The mechanism to search for
|
||
|
+The name of a GSS_API mechanism.
|
||
|
+"kerberos_v5" is currently the only supported mechanism.
|
||
|
.El
|
||
|
.Sh RETURN VALUES
|
||
|
Returns
|
||
|
.Dv TRUE
|
||
|
-if the mechanism is installed,
|
||
|
+if the named GSS_API mechanism is installed and enabled,
|
||
|
.Dv FALSE
|
||
|
otherwise.
|
||
|
.Sh AVAILABILITY
|
||
|
diff --git a/man/rpc_gss_mech_to_oid.3t b/man/rpc_gss_mech_to_oid.3t
|
||
|
index 8bbe616..4a1b25d 100644
|
||
|
--- a/man/rpc_gss_mech_to_oid.3t
|
||
|
+++ b/man/rpc_gss_mech_to_oid.3t
|
||
|
@@ -35,22 +35,27 @@
|
||
|
.Ft bool_t
|
||
|
.Fn rpc_gss_mech_to_oid "const char *mech" "gss_OID *oid_ret"
|
||
|
.Sh DESCRIPTION
|
||
|
-This function looks up a mechanism by name by reading the file
|
||
|
-/etc/gss/mech.
|
||
|
+This function returns the GSS OID associated with the GSS_API
|
||
|
+mechanism "mech".
|
||
|
.Sh PARAMETERS
|
||
|
.Bl -tag -width ".It oid_ret"
|
||
|
.It mech
|
||
|
-The mechanism name to search for
|
||
|
+The name of a GSS_API mechanism.
|
||
|
+"kerberos_v5" is currently the only supported mechanism.
|
||
|
.It oid_ret
|
||
|
-If the mechanism is found, the corresponding GSS-API oid is returned
|
||
|
-in
|
||
|
-.Fa *oid_ret
|
||
|
+Buffer in which to place the returned OID
|
||
|
.El
|
||
|
.Sh RETURN VALUES
|
||
|
-If the mechanism is found,
|
||
|
+If the GSS_API mechanism name is recognized,
|
||
|
.Dv TRUE
|
||
|
-is returned, otherwise
|
||
|
-.Dv FALSE .
|
||
|
+is returned.
|
||
|
+The corresponding GSS-API oid is returned in
|
||
|
+.Fa *oid_ret .
|
||
|
+Otherwise
|
||
|
+.Dv FALSE
|
||
|
+is returned and
|
||
|
+.Fa *oid_ret
|
||
|
+is left untouched.
|
||
|
.Sh AVAILABILITY
|
||
|
The
|
||
|
.Fn rpc_gss_mech_to_oid
|
||
|
diff --git a/man/rpc_gss_qop_to_num.3t b/man/rpc_gss_qop_to_num.3t
|
||
|
index 3968216..7ac1a4c 100644
|
||
|
--- a/man/rpc_gss_qop_to_num.3t
|
||
|
+++ b/man/rpc_gss_qop_to_num.3t
|
||
|
@@ -29,30 +29,37 @@
|
||
|
.Os
|
||
|
.Sh NAME
|
||
|
.Nm rpc_gss_qop_to_num
|
||
|
-.Nd "Convert a quality of protection name to number"
|
||
|
+.Nd "Convert a Quality of Protection name to number"
|
||
|
.Sh SYNOPSIS
|
||
|
.In rpc/rpcsec_gss.h
|
||
|
.Ft bool_t
|
||
|
.Fn rpc_gss_qop_to_num "const char *qop" "const char *mech" "u_int *num_ret"
|
||
|
.Sh DESCRIPTION
|
||
|
-This function looks up a quality of protection by name by reading the file
|
||
|
-/etc/gss/qop.
|
||
|
+This function returns the numeric QOP value associated with the
|
||
|
+GSS_API QOP "qop" and mechanism "mech."
|
||
|
.Sh PARAMETERS
|
||
|
.Bl -tag -width ".It number_ret"
|
||
|
.It qop
|
||
|
-The quality of protection to search for
|
||
|
+The name of Quality of Protection associated with the
|
||
|
+GSS_API mechanism "mech".
|
||
|
+"GSS_C_QOP_DEFAULT" is currently the only supported QOP.
|
||
|
.It mech
|
||
|
-The mechanism name to search for
|
||
|
+The name of a GSS_API mechanism.
|
||
|
+"kerberos_v5" is currently the only supported mechanism.
|
||
|
.It number_ret
|
||
|
-If the quality of protection is found, the corresponding number is
|
||
|
-returned in
|
||
|
-.Fa *num_ret
|
||
|
+Buffer in which to place the returned QOP number
|
||
|
.El
|
||
|
.Sh RETURN VALUES
|
||
|
-If the value is found,
|
||
|
+If the QOP and mechanism names are recognized,
|
||
|
.Dv TRUE
|
||
|
-is returned, otherwise
|
||
|
-.Dv FALSE .
|
||
|
+is returned.
|
||
|
+The corresponding QOP number is returned in
|
||
|
+.Fa *num_ret .
|
||
|
+Otherwise
|
||
|
+.Dv FALSE
|
||
|
+is returned and
|
||
|
+.It number_ret
|
||
|
+is left untouched.
|
||
|
.Sh AVAILABILITY
|
||
|
The
|
||
|
.Fn rpc_gss_qop_to_num
|
||
|
diff --git a/man/rpc_gss_seccreate.3t b/man/rpc_gss_seccreate.3t
|
||
|
index 9f526a6..b52df19 100644
|
||
|
--- a/man/rpc_gss_seccreate.3t
|
||
|
+++ b/man/rpc_gss_seccreate.3t
|
||
|
@@ -55,9 +55,8 @@ For instance, a principal such as
|
||
|
.Qq nfs@server.example.com
|
||
|
might be used by an application which needs to contact an NFS server
|
||
|
.It mechanism
|
||
|
-The desired mechanism for this security context.
|
||
|
-The value of mechanism should be the name of one of the security
|
||
|
-mechanisms listed in /etc/gss/mech.
|
||
|
+The name of the GSS_API mechanism to use for the new security context.
|
||
|
+"kerberos_v5" is currently the only supported mechanism.
|
||
|
.It service
|
||
|
Type of service requested.
|
||
|
.Bl -tag -width "rpc_gss_svc_integrity"
|
||
|
@@ -72,8 +71,9 @@ RPC headers and data are integrity protected by a checksum.
|
||
|
RPC headers are integrity protected by a checksum and data is encrypted.
|
||
|
.El
|
||
|
.It qop
|
||
|
-Desired quality of protection or NULL for the default.
|
||
|
-Available values are listed in /etc/gss/qop
|
||
|
+The name of the Quality of Protection to use for the new security context,
|
||
|
+or NULL to use the default QOP.
|
||
|
+"GSS_C_QOP_DEFAULT" is currently the only supported QOP.
|
||
|
.It options_req
|
||
|
Extra security context options to be passed to the underlying GSS-API
|
||
|
mechanism.
|
||
|
diff --git a/src/Makefile.am b/src/Makefile.am
|
||
|
index 6cc567a..0fb827b 100644
|
||
|
--- a/src/Makefile.am
|
||
|
+++ b/src/Makefile.am
|
||
|
@@ -12,36 +12,8 @@ AM_CPPFLAGS = -I$(top_srcdir)/tirpc -include config.h -DPORTMAP -DINET6 \
|
||
|
|
||
|
lib_LTLIBRARIES = libtirpc.la
|
||
|
|
||
|
-#
|
||
|
-# Set the library version information
|
||
|
-#
|
||
|
-# According to the libtool manual:
|
||
|
-#
|
||
|
-# "This flag accepts an argument of the form current[:revision[:age]].
|
||
|
-#
|
||
|
-# If either revision or age are omitted, they default to 0. Also note that
|
||
|
-# age must be less than or equal to the current interface number.
|
||
|
-#
|
||
|
-# Here are a set of rules to help you update your library version information:
|
||
|
-#
|
||
|
-# 1. Start with version information of 0:0:0 for each libtool library.
|
||
|
-# 2. Update the version information only immediately before a public
|
||
|
-# release of your software. More frequent updates are unnecessary,
|
||
|
-# and only guarantee that the current interface number gets larger faster.
|
||
|
-# 3. If the library source code has changed at all since the last update,
|
||
|
-# then increment revision (c:r:a becomes c:r+1:a).
|
||
|
-# 4. If any interfaces have been added, removed, or changed since the last
|
||
|
-# update, increment current, and set revision to 0.
|
||
|
-# 5. If any interfaces have been added since the last public release,
|
||
|
-# then increment age.
|
||
|
-# 6. If any interfaces have been removed since the last public release,
|
||
|
-# then set age to 0.
|
||
|
-#
|
||
|
-# _Never_ try to set the interface numbers so that they correspond to the
|
||
|
-# release number of your package. This is an abuse that only fosters
|
||
|
-# misunderstanding of the purpose of library versions."
|
||
|
-#
|
||
|
-libtirpc_la_LDFLAGS = -lpthread -version-info 1:10:0
|
||
|
+libtirpc_la_LDFLAGS = -Wl,-no-undefined -lpthread
|
||
|
+libtirpc_la_LDFLAGS += -version-info @LT_VERSION_INFO@
|
||
|
|
||
|
libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
|
||
|
clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
|
||
|
@@ -50,11 +22,12 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
|
||
|
pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \
|
||
|
rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
|
||
|
rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
|
||
|
+ svc_auth_des.c \
|
||
|
svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
|
||
|
auth_time.c auth_des.c authdes_prot.c debug.c
|
||
|
|
||
|
## XDR
|
||
|
-libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c
|
||
|
+libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c
|
||
|
|
||
|
if SYMVERS
|
||
|
libtirpc_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libtirpc.map
|
||
|
@@ -69,7 +42,7 @@ if GSS
|
||
|
endif
|
||
|
|
||
|
libtirpc_la_SOURCES += key_call.c key_prot_xdr.c getpublickey.c
|
||
|
-libtirpc_la_SOURCES += netname.c netnamer.c rtime.c
|
||
|
+libtirpc_la_SOURCES += netname.c netnamer.c rpcdname.c rtime.c
|
||
|
|
||
|
CLEANFILES = cscope.* *~
|
||
|
DISTCLEANFILES = Makefile.in
|
||
|
diff --git a/src/auth_gss.c b/src/auth_gss.c
|
||
|
index 722d54c..4fa8568 100644
|
||
|
--- a/src/auth_gss.c
|
||
|
+++ b/src/auth_gss.c
|
||
|
@@ -821,7 +821,6 @@ rpc_gss_seccreate(CLIENT *clnt, char *principal, char *mechanism,
|
||
|
clnt->cl_auth = auth;
|
||
|
|
||
|
if (_rpc_gss_refresh(auth, ret) == FALSE) {
|
||
|
- authgss_destroy(auth);
|
||
|
auth = NULL;
|
||
|
} else {
|
||
|
rpc_gss_clear_error();
|
||
|
diff --git a/src/libtirpc.map b/src/libtirpc.map
|
||
|
index 063cddd..7d7f40f 100644
|
||
|
--- a/src/libtirpc.map
|
||
|
+++ b/src/libtirpc.map
|
||
|
@@ -316,6 +316,15 @@ TIRPC_0.3.2 {
|
||
|
xdr_unixcred;
|
||
|
} TIRPC_0.3.1;
|
||
|
|
||
|
+TIRPC_0.3.3 {
|
||
|
+ __getpublickey_LOCAL;
|
||
|
+ __key_decryptsession_pk_LOCAL;
|
||
|
+ __key_encryptsession_pk_LOCAL;
|
||
|
+ __key_gendes_LOCAL;
|
||
|
+ xdr_sizeof;
|
||
|
+ authdes_pk_create;
|
||
|
+} TIRPC_0.3.2;
|
||
|
+
|
||
|
TIRPC_PRIVATE {
|
||
|
global:
|
||
|
__libc_clntudp_bufcreate;
|
||
|
diff --git a/src/rpc_com.h b/src/rpc_com.h
|
||
|
index 52a8c48..10bec79 100644
|
||
|
--- a/src/rpc_com.h
|
||
|
+++ b/src/rpc_com.h
|
||
|
@@ -40,47 +40,20 @@
|
||
|
#ifndef _TIRPC_RPCCOM_H
|
||
|
#define _TIRPC_RPCCOM_H
|
||
|
|
||
|
-
|
||
|
-/* #pragma ident "@(#)rpc_com.h 1.11 93/07/05 SMI" */
|
||
|
-
|
||
|
-/*
|
||
|
- * The max size of the transport, if the size cannot be determined
|
||
|
- * by other means.
|
||
|
- */
|
||
|
-#define RPC_MAXDATASIZE 9000
|
||
|
-#define RPC_MAXADDRSIZE 1024
|
||
|
-
|
||
|
-#define __RPC_GETXID(now) ((u_int32_t)getpid() ^ (u_int32_t)(now)->tv_sec ^ \
|
||
|
- (u_int32_t)(now)->tv_usec)
|
||
|
+#include <rpc/rpc_com.h>
|
||
|
|
||
|
#ifdef __cplusplus
|
||
|
extern "C" {
|
||
|
#endif
|
||
|
-extern u_int __rpc_get_a_size(int);
|
||
|
-extern int __rpc_dtbsize(void);
|
||
|
-extern struct netconfig * __rpcgettp(int);
|
||
|
-extern int __rpc_get_default_domain(char **);
|
||
|
-struct netbuf *__rpc_set_netbuf(struct netbuf *, const void *, size_t);
|
||
|
|
||
|
-char *__rpc_taddr2uaddr_af(int, const struct netbuf *);
|
||
|
-struct netbuf *__rpc_uaddr2taddr_af(int, const char *);
|
||
|
-int __rpc_fixup_addr(struct netbuf *, const struct netbuf *);
|
||
|
-int __rpc_sockinfo2netid(struct __rpc_sockinfo *, const char **);
|
||
|
-int __rpc_seman2socktype(int);
|
||
|
-int __rpc_socktype2seman(int);
|
||
|
-void *rpc_nullproc(CLIENT *);
|
||
|
-int __rpc_sockisbound(int);
|
||
|
+struct netbuf *__rpc_set_netbuf(struct netbuf *, const void *, size_t);
|
||
|
|
||
|
-struct netbuf *__rpcb_findaddr(rpcprog_t, rpcvers_t, const struct netconfig *,
|
||
|
- const char *, CLIENT **);
|
||
|
struct netbuf *__rpcb_findaddr_timed(rpcprog_t, rpcvers_t,
|
||
|
const struct netconfig *, const char *host, CLIENT **clpp,
|
||
|
struct timeval *tp);
|
||
|
|
||
|
bool_t __rpc_control(int,void *);
|
||
|
|
||
|
-char *_get_next_token(char *, int);
|
||
|
-
|
||
|
bool_t __svc_clean_idle(fd_set *, int, bool_t);
|
||
|
bool_t __xdrrec_setnonblock(XDR *, int);
|
||
|
bool_t __xdrrec_getrec(XDR *, enum xprt_stat *, bool_t);
|
||
|
diff --git a/src/rpc_gss_utils.c b/src/rpc_gss_utils.c
|
||
|
index 9a7fed3..80fc78a 100644
|
||
|
--- a/src/rpc_gss_utils.c
|
||
|
+++ b/src/rpc_gss_utils.c
|
||
|
@@ -159,6 +159,7 @@ static char *_rpc_gss_krb5_qop_names[] = {
|
||
|
NULL,
|
||
|
};
|
||
|
|
||
|
+/* GSS_MECH_KRB5_OID: Defined by RFC 1964 */
|
||
|
static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5 = {
|
||
|
.mi_name = "kerberos_v5",
|
||
|
.mi_oid = { 9, "\052\206\110\206\367\022\001\002\002" },
|
||
|
@@ -166,8 +167,17 @@ static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5 = {
|
||
|
.mi_qops = _rpc_gss_krb5_qops,
|
||
|
};
|
||
|
|
||
|
+/* GSS_KRB5_NT_PRINCIPAL_NAME: Defined by RFC 1964 */
|
||
|
+static struct _rpc_gss_mechanism _rpc_gss_mech_kerberos_v5_princname = {
|
||
|
+ .mi_name = "kerberos_v5",
|
||
|
+ .mi_oid = { 10, "\052\206\110\206\367\022\001\002\002\001" },
|
||
|
+ .mi_qop_names = _rpc_gss_krb5_qop_names,
|
||
|
+ .mi_qops = _rpc_gss_krb5_qops,
|
||
|
+};
|
||
|
+
|
||
|
static struct _rpc_gss_mechanism *_rpc_gss_mechanisms[] = {
|
||
|
&_rpc_gss_mech_kerberos_v5,
|
||
|
+ &_rpc_gss_mech_kerberos_v5_princname,
|
||
|
NULL,
|
||
|
};
|
||
|
|
||
|
@@ -187,13 +197,20 @@ _rpc_gss_find_mechanism(char *mechanism)
|
||
|
return NULL;
|
||
|
}
|
||
|
|
||
|
+static bool_t
|
||
|
+_rpc_gss_OID_equal(rpc_gss_OID o1, rpc_gss_OID o2)
|
||
|
+{
|
||
|
+ return (o1->length == o2->length) &&
|
||
|
+ (memcmp(o1->elements, o2->elements, o1->length) == 0);
|
||
|
+}
|
||
|
+
|
||
|
static struct _rpc_gss_mechanism *
|
||
|
_rpc_gss_find_oid(rpc_gss_OID oid)
|
||
|
{
|
||
|
unsigned int i;
|
||
|
|
||
|
for (i = 0; _rpc_gss_mechanisms[i] != NULL; i++)
|
||
|
- if (g_OID_equal(oid, &_rpc_gss_mechanisms[i]->mi_oid))
|
||
|
+ if (_rpc_gss_OID_equal(oid, &_rpc_gss_mechanisms[i]->mi_oid))
|
||
|
return _rpc_gss_mechanisms[i];
|
||
|
return NULL;
|
||
|
}
|
||
|
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
|
||
|
index e146ed4..1ec7b3f 100644
|
||
|
--- a/src/rpc_soc.c
|
||
|
+++ b/src/rpc_soc.c
|
||
|
@@ -61,6 +61,7 @@
|
||
|
#include <string.h>
|
||
|
#include <unistd.h>
|
||
|
#include <fcntl.h>
|
||
|
+#include <rpcsvc/nis.h>
|
||
|
|
||
|
#include "rpc_com.h"
|
||
|
|
||
|
@@ -531,7 +532,6 @@ authdes_create(servername, window, syncaddr, ckey)
|
||
|
struct sockaddr *syncaddr; /* optional hostaddr to sync with */
|
||
|
des_block *ckey; /* optional conversation key to use */
|
||
|
{
|
||
|
- AUTH *dummy;
|
||
|
AUTH *nauth;
|
||
|
char hostname[NI_MAXHOST];
|
||
|
|
||
|
@@ -540,19 +540,68 @@ authdes_create(servername, window, syncaddr, ckey)
|
||
|
* Change addr to hostname, because that is the way
|
||
|
* new interface takes it.
|
||
|
*/
|
||
|
- if (getnameinfo(syncaddr, sizeof(syncaddr), hostname,
|
||
|
- sizeof hostname, NULL, 0, 0) != 0)
|
||
|
- goto fallback;
|
||
|
-
|
||
|
+ switch (syncaddr->sa_family) {
|
||
|
+ case AF_INET:
|
||
|
+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname,
|
||
|
+ sizeof hostname, NULL, 0, 0) != 0)
|
||
|
+ goto fallback;
|
||
|
+ break;
|
||
|
+ case AF_INET6:
|
||
|
+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in6), hostname,
|
||
|
+ sizeof hostname, NULL, 0, 0) != 0)
|
||
|
+ goto fallback;
|
||
|
+ break;
|
||
|
+ default:
|
||
|
+ goto fallback;
|
||
|
+ }
|
||
|
nauth = authdes_seccreate(servername, window, hostname, ckey);
|
||
|
return (nauth);
|
||
|
}
|
||
|
fallback:
|
||
|
- dummy = authdes_seccreate(servername, window, NULL, ckey);
|
||
|
- return (dummy);
|
||
|
+ return authdes_seccreate(servername, window, NULL, ckey);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
+ * Create the client des authentication object. Obsoleted by
|
||
|
+ * authdes_pk_seccreate().
|
||
|
+ */
|
||
|
+extern AUTH *authdes_pk_seccreate(const char *, netobj *, u_int, const char *,
|
||
|
+ const des_block *, nis_server *);
|
||
|
+
|
||
|
+AUTH *
|
||
|
+authdes_pk_create(servername, pkey, window, syncaddr, ckey)
|
||
|
+ char *servername; /* network name of server */
|
||
|
+ netobj *pkey; /* public key */
|
||
|
+ u_int window; /* time to live */
|
||
|
+ struct sockaddr *syncaddr; /* optional hostaddr to sync with */
|
||
|
+ des_block *ckey; /* optional conversation key to use */
|
||
|
+{
|
||
|
+ AUTH *nauth;
|
||
|
+ char hostname[NI_MAXHOST];
|
||
|
+
|
||
|
+ if (syncaddr) {
|
||
|
+ /*
|
||
|
+ * Change addr to hostname, because that is the way
|
||
|
+ * new interface takes it.
|
||
|
+ */
|
||
|
+ switch (syncaddr->sa_family) {
|
||
|
+ case AF_INET:
|
||
|
+ if (getnameinfo(syncaddr, sizeof(struct sockaddr_in), hostname,
|
||
|
+ sizeof hostname, NULL, 0, 0) != 0)
|
||
|
+ goto fallback;
|
||
|
+ break;
|
||
|
+ default:
|
||
|
+ goto fallback;
|
||
|
+ }
|
||
|
+ nauth = authdes_pk_seccreate(servername, pkey, window, hostname, ckey, NULL);
|
||
|
+ return (nauth);
|
||
|
+ }
|
||
|
+fallback:
|
||
|
+ return authdes_pk_seccreate(servername, pkey, window, NULL, ckey, NULL);
|
||
|
+}
|
||
|
+
|
||
|
+
|
||
|
+/*
|
||
|
* Create a client handle for a unix connection. Obsoleted by clnt_vc_create()
|
||
|
*/
|
||
|
CLIENT *
|
||
|
diff --git a/src/rpcdname.c b/src/rpcdname.c
|
||
|
new file mode 100644
|
||
|
index 0000000..3e6a988
|
||
|
--- /dev/null
|
||
|
+++ b/src/rpcdname.c
|
||
|
@@ -0,0 +1,72 @@
|
||
|
+/*
|
||
|
+ * Copyright (c) 2009, Sun Microsystems, Inc.
|
||
|
+ * All rights reserved.
|
||
|
+ *
|
||
|
+ * Redistribution and use in source and binary forms, with or without
|
||
|
+ * modification, are permitted provided that the following conditions are met:
|
||
|
+ * - Redistributions of source code must retain the above copyright notice,
|
||
|
+ * this list of conditions and the following disclaimer.
|
||
|
+ * - Redistributions in binary form must reproduce the above copyright notice,
|
||
|
+ * this list of conditions and the following disclaimer in the documentation
|
||
|
+ * and/or other materials provided with the distribution.
|
||
|
+ * - Neither the name of Sun Microsystems, Inc. nor the names of its
|
||
|
+ * contributors may be used to endorse or promote products derived
|
||
|
+ * from this software without specific prior written permission.
|
||
|
+ *
|
||
|
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||
|
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||
|
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||
|
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
||
|
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||
|
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||
|
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||
|
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||
|
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||
|
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||
|
+ * POSSIBILITY OF SUCH DAMAGE.
|
||
|
+ */
|
||
|
+
|
||
|
+/*
|
||
|
+ * rpcdname.c
|
||
|
+ * Gets the default domain name
|
||
|
+ */
|
||
|
+
|
||
|
+#include <stdlib.h>
|
||
|
+#include <unistd.h>
|
||
|
+#include <string.h>
|
||
|
+
|
||
|
+static char *default_domain = 0;
|
||
|
+
|
||
|
+static char *
|
||
|
+get_default_domain()
|
||
|
+{
|
||
|
+ char temp[256];
|
||
|
+
|
||
|
+ if (default_domain)
|
||
|
+ return (default_domain);
|
||
|
+ if (getdomainname(temp, sizeof(temp)) < 0)
|
||
|
+ return (0);
|
||
|
+ if ((int) strlen(temp) > 0) {
|
||
|
+ default_domain = (char *)malloc((strlen(temp)+(unsigned)1));
|
||
|
+ if (default_domain == 0)
|
||
|
+ return (0);
|
||
|
+ (void) strcpy(default_domain, temp);
|
||
|
+ return (default_domain);
|
||
|
+ }
|
||
|
+ return (0);
|
||
|
+}
|
||
|
+
|
||
|
+/*
|
||
|
+ * This is a wrapper for the system call getdomainname which returns a
|
||
|
+ * ypclnt.h error code in the failure case. It also checks to see that
|
||
|
+ * the domain name is non-null, knowing that the null string is going to
|
||
|
+ * get rejected elsewhere in the NIS client package.
|
||
|
+ */
|
||
|
+int
|
||
|
+__rpc_get_default_domain(domain)
|
||
|
+ char **domain;
|
||
|
+{
|
||
|
+ if ((*domain = get_default_domain()) != 0)
|
||
|
+ return (0);
|
||
|
+ return (-1);
|
||
|
+}
|
||
|
diff --git a/src/svc_auth.c b/src/svc_auth.c
|
||
|
index 31241c9..94029bb 100644
|
||
|
--- a/src/svc_auth.c
|
||
|
+++ b/src/svc_auth.c
|
||
|
@@ -38,6 +38,7 @@
|
||
|
#include <reentrant.h>
|
||
|
#include <sys/types.h>
|
||
|
#include <rpc/rpc.h>
|
||
|
+#include <rpc/auth_des.h>
|
||
|
#include <stdlib.h>
|
||
|
|
||
|
/*
|
||
|
@@ -109,11 +110,9 @@ _gss_authenticate(rqst, msg, no_dispatch)
|
||
|
case AUTH_SHORT:
|
||
|
dummy = _svcauth_short(rqst, msg);
|
||
|
return (dummy);
|
||
|
-#ifdef DES_BUILTIN
|
||
|
case AUTH_DES:
|
||
|
dummy = _svcauth_des(rqst, msg);
|
||
|
return (dummy);
|
||
|
-#endif
|
||
|
#ifdef HAVE_RPCSEC_GSS
|
||
|
case RPCSEC_GSS:
|
||
|
dummy = _svcauth_gss(rqst, msg, no_dispatch);
|
||
|
@@ -172,9 +171,7 @@ svc_auth_reg(cred_flavor, handler)
|
||
|
case AUTH_NULL:
|
||
|
case AUTH_SYS:
|
||
|
case AUTH_SHORT:
|
||
|
-#ifdef DES_BUILTIN
|
||
|
case AUTH_DES:
|
||
|
-#endif
|
||
|
#ifdef HAVE_RPCSEC_GSS
|
||
|
case RPCSEC_GSS:
|
||
|
#endif
|
||
|
diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c
|
||
|
index 08e2bee..5bc264c 100644
|
||
|
--- a/src/svc_auth_des.c
|
||
|
+++ b/src/svc_auth_des.c
|
||
|
@@ -433,7 +433,6 @@ cache_spot(key, name, timestamp)
|
||
|
}
|
||
|
|
||
|
|
||
|
-#if (defined(sun) || defined(vax) || defined(__FreeBSD__))
|
||
|
/*
|
||
|
* Local credential handling stuff.
|
||
|
* NOTE: bsd unix dependent.
|
||
|
@@ -528,5 +527,3 @@ invalidate(cred)
|
||
|
}
|
||
|
((struct bsdcred *)cred)->grouplen = INVALID;
|
||
|
}
|
||
|
-#endif
|
||
|
-
|
||
|
diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
|
||
|
index 016357b..0206e5e 100644
|
||
|
--- a/src/svc_auth_gss.c
|
||
|
+++ b/src/svc_auth_gss.c
|
||
|
@@ -235,28 +235,20 @@ static bool_t
|
||
|
_rpc_gss_fill_in_creds(struct svc_rpc_gss_data *gd, struct rpc_gss_cred *gc)
|
||
|
{
|
||
|
rpc_gss_rawcred_t *rcred = &gd->rcred;
|
||
|
- OM_uint32 maj_stat, min_stat;
|
||
|
- gss_buffer_desc buf;
|
||
|
|
||
|
rcred->version = gc->gc_v;
|
||
|
if (!rpc_gss_oid_to_mech(gd->sec.mech, &rcred->mechanism))
|
||
|
return FALSE;
|
||
|
rcred->service = _rpc_gss_svc_to_service(gd->sec.svc);
|
||
|
- maj_stat = gss_export_name(&min_stat, gd->client_name, &buf);
|
||
|
- if (maj_stat != GSS_S_COMPLETE) {
|
||
|
- gss_log_status("gss_export_name", maj_stat, min_stat);
|
||
|
- return FALSE;
|
||
|
- }
|
||
|
|
||
|
rcred->client_principal = calloc(1, sizeof(rpc_gss_principal_t) +
|
||
|
- buf.length);
|
||
|
- if (rcred->client_principal == NULL) {
|
||
|
- (void)gss_release_buffer(&min_stat, &buf);
|
||
|
+ gd->cname.length);
|
||
|
+ if (rcred->client_principal == NULL)
|
||
|
return FALSE;
|
||
|
- }
|
||
|
- rcred->client_principal->len = buf.length;
|
||
|
- (void)memcpy(rcred->client_principal->name, buf.value, buf.length);
|
||
|
- (void)gss_release_buffer(&min_stat, &buf);
|
||
|
+
|
||
|
+ rcred->client_principal->len = gd->cname.length;
|
||
|
+ (void)memcpy(rcred->client_principal->name,
|
||
|
+ gd->cname.value, gd->cname.length);
|
||
|
|
||
|
rcred->svc_principal = _svcauth_svc_name;
|
||
|
|
||
|
diff --git a/src/svc_generic.c b/src/svc_generic.c
|
||
|
index f49d776..7aae796 100644
|
||
|
--- a/src/svc_generic.c
|
||
|
+++ b/src/svc_generic.c
|
||
|
@@ -283,6 +283,8 @@ svc_tli_create(fd, nconf, bindaddr, sendsz, recvsz)
|
||
|
xprt->xp_type = __rpc_socktype2seman(si.si_socktype);
|
||
|
|
||
|
if (nconf) {
|
||
|
+ if (xprt->xp_netid != NULL)
|
||
|
+ free(xprt->xp_netid);
|
||
|
xprt->xp_netid = strdup(nconf->nc_netid);
|
||
|
xprt->xp_tp = strdup(nconf->nc_device);
|
||
|
}
|
||
|
diff --git a/src/svc_vc.c b/src/svc_vc.c
|
||
|
index 9824631..6848c09 100644
|
||
|
--- a/src/svc_vc.c
|
||
|
+++ b/src/svc_vc.c
|
||
|
@@ -392,6 +392,12 @@ svc_vc_destroy(xprt)
|
||
|
__svc_vc_dodestroy(xprt);
|
||
|
}
|
||
|
|
||
|
+static bool_t
|
||
|
+__svc_rendezvous_socket(xprt)
|
||
|
+ SVCXPRT *xprt;
|
||
|
+{
|
||
|
+ return (xprt->xp_ops->xp_recv == rendezvous_request);
|
||
|
+}
|
||
|
static void
|
||
|
__svc_vc_dodestroy(xprt)
|
||
|
SVCXPRT *xprt;
|
||
|
@@ -403,7 +409,7 @@ __svc_vc_dodestroy(xprt)
|
||
|
|
||
|
if (xprt->xp_fd != RPC_ANYFD)
|
||
|
(void)close(xprt->xp_fd);
|
||
|
- if (xprt->xp_port != 0) {
|
||
|
+ if (__svc_rendezvous_socket(xprt)) {
|
||
|
/* a rendezvouser socket */
|
||
|
r = (struct cf_rendezvous *)xprt->xp_p1;
|
||
|
mem_free(r, sizeof (struct cf_rendezvous));
|
||
|
diff --git a/src/xdr_sizeof.c b/src/xdr_sizeof.c
|
||
|
index cc5414b..d23fbd1 100644
|
||
|
--- a/src/xdr_sizeof.c
|
||
|
+++ b/src/xdr_sizeof.c
|
||
|
@@ -90,7 +90,7 @@ x_inline(xdrs, len)
|
||
|
if (xdrs->x_op != XDR_ENCODE) {
|
||
|
return (NULL);
|
||
|
}
|
||
|
- if (len < (u_int)xdrs->x_base) {
|
||
|
+ if (len < (uintptr_t)xdrs->x_base) {
|
||
|
/* x_private was already allocated */
|
||
|
xdrs->x_handy += len;
|
||
|
return ((int32_t *) xdrs->x_private);
|
||
|
@@ -102,7 +102,7 @@ x_inline(xdrs, len)
|
||
|
xdrs->x_base = 0;
|
||
|
return (NULL);
|
||
|
}
|
||
|
- xdrs->x_base = (caddr_t) len;
|
||
|
+ xdrs->x_base = (caddr_t)(uintptr_t)len;
|
||
|
xdrs->x_handy += len;
|
||
|
return ((int32_t *) xdrs->x_private);
|
||
|
}
|
||
|
diff --git a/tirpc/rpc/auth.h b/tirpc/rpc/auth.h
|
||
|
index 3e44863..e67779c 100644
|
||
|
--- a/tirpc/rpc/auth.h
|
||
|
+++ b/tirpc/rpc/auth.h
|
||
|
@@ -313,6 +313,8 @@ extern AUTH *authnone_create(void); /* takes no parameters */
|
||
|
extern "C" {
|
||
|
#endif
|
||
|
extern AUTH *authdes_create (char *, u_int, struct sockaddr *, des_block *);
|
||
|
+extern AUTH *authdes_pk_create (char *, netobj *, u_int,
|
||
|
+ struct sockaddr *, des_block *);
|
||
|
extern AUTH *authdes_seccreate (const char *, const u_int, const char *,
|
||
|
const des_block *);
|
||
|
#ifdef __cplusplus
|
||
|
diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h
|
||
|
index a17b34b..5316ed6 100644
|
||
|
--- a/tirpc/rpc/auth_gss.h
|
||
|
+++ b/tirpc/rpc/auth_gss.h
|
||
|
@@ -73,11 +73,6 @@ struct authgss_private_data {
|
||
|
u_int pd_seq_win; /* Sequence window */
|
||
|
};
|
||
|
|
||
|
-#define g_OID_equal(o1, o2) \
|
||
|
- (((o1)->length == (o2)->length) && \
|
||
|
- ((o1)->elements != 0) && ((o2)->elements != 0) && \
|
||
|
- (memcmp((o1)->elements, (o2)->elements, (int) (o1)->length) == 0))
|
||
|
-
|
||
|
/* from kerberos source, gssapi_krb5.c */
|
||
|
extern gss_OID_desc krb5oid;
|
||
|
extern gss_OID_desc spkm3oid;
|
||
|
diff --git a/tirpc/rpc/svc.h b/tirpc/rpc/svc.h
|
||
|
index 8273c95..f647095 100644
|
||
|
--- a/tirpc/rpc/svc.h
|
||
|
+++ b/tirpc/rpc/svc.h
|
||
|
@@ -88,6 +88,7 @@ enum xprt_stat {
|
||
|
*/
|
||
|
typedef struct __rpc_svcxprt {
|
||
|
int xp_fd;
|
||
|
+#define xp_sock xp_fd
|
||
|
u_short xp_port; /* associated port number */
|
||
|
const struct xp_ops {
|
||
|
/* receive incoming requests */
|
||
|
diff --git a/tirpc/rpc/xdr.h b/tirpc/rpc/xdr.h
|
||
|
index 64069ab..80b35ce 100644
|
||
|
--- a/tirpc/rpc/xdr.h
|
||
|
+++ b/tirpc/rpc/xdr.h
|
||
|
@@ -327,6 +327,7 @@ extern bool_t xdr_hyper(XDR *, quad_t *);
|
||
|
extern bool_t xdr_u_hyper(XDR *, u_quad_t *);
|
||
|
extern bool_t xdr_longlong_t(XDR *, quad_t *);
|
||
|
extern bool_t xdr_u_longlong_t(XDR *, u_quad_t *);
|
||
|
+extern u_long xdr_sizeof(xdrproc_t, void *);
|
||
|
#ifdef __cplusplus
|
||
|
}
|
||
|
#endif
|