| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
Mostly thanks to Sylvain Cherrier <sylvain.cherrier@free.fr>
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add option to store gssd ccaches in a MEMORY: cache rather
than the default FILE: cache. In response to suggestion
from Steve Dickson <steved@redhat.com> and
Nalin Dahyabhai <nalin@redhat.com>.
|
|
|
|
|
|
|
|
| |
Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Implement a new version of lucid spkm3 context which is passed
down to the kernel.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
We've been ignoring all mapping errors and instead mapping to a "nobody" user
or group.
This is arguably OK for the cases where we're returning a value to the user
(so, id->name mapping on the server or name->id mapping on the client).
But it's a disaster in the other direction (id->name on the server or id->name
on the client): for example, a chown to an unknown user should *not*
automatically be translated into a succesful chown to "nobody".
This patch fixes that problem on the server side.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Clean up a few warning messages.
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Change configure test for gethostbyname, and properly
determine whether "-lnsl" or "-lsocket" are really
required.
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Fix the error message printed when pkg-config is unable to locate
information for librpcsecgss so the message is actually printed.
|
| |
|
|
|
|
|
| |
Printing export options should avoid printing 'anonuid=65534'
rather than avoiding 'anonuid=-2'.
|
|
|
|
|
|
|
| |
Note: 1.0.10 should be used in preference to
1.0.9 especially with kernels 2.6.18 and later
otherwise 'rpc.nfsd N' won't work to change the
number of threads after nfsd has been started.
|
|
|
|
|
|
|
|
|
| |
support/nfs/nfssvc.c: if any ports are already open,
don't try to open any more.
This means that once nfsd is running
rpc.nfsd X
will just change the number of threads, not the
ports in use.
|
|
|
|
| |
Add warning of neither 'subtree_check' or 'no_subtree_check' present.
|
| |
|
|
|
|
| |
We obviously need to allocate space for the terminating nul too.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Kernel routine nfsd_setuser() in fs/nfsd/auth.c checks for the
value -1 and defaults the credential's fsuid/fsgid to the
correct anonuid/anongid values for the given export. We should
be passing this value (-1) down when a name mapping cannot be found.
Thanks to J. Bruce Fields <bfields@fieldses.org> for the reference.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Acked-by: J. Bruce Fields <bfields@fieldses.org>
|
| |
|
|
|
|
|
|
|
| |
mount.nfs does not yet support 'user' option and some others.
To make it support this we need to make it setuid-root, and
some security isses need to be resolved before that can be done
safely.
|
|
|
|
|
| |
nfssvc_versbits() has to be called before nfssvc_setfds()
for the version processing to work correctly
|
|
|
|
| |
Avoid usage of -rpath is generally safer, and is required by Debian policy.
|
|
|
|
| |
as this is more consistant across achitectures.
|
|
|
|
|
|
| |
statistics and print them.
Submitted by: Shankar Anand <shanand@novell.com>
|
| |
|
|
|
|
| |
This is more consistant across platforms.
|
|
|
|
| |
a manpage and installed rpcdebug (in sbindir).
|
| |
|
| |
|
|
|
|
|
| |
rquota_svc.c is still by-hand as it contains alot of extras.
These should really be moved to rquota_server.c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
deleted: support/export/keys.c
deleted: support/include/rpcdispatch.h
deleted: support/include/rpcsec.h
deleted: support/include/version.h
deleted: support/include/ypupdate.h
deleted: support/nfs/clients.c
deleted: support/nfs/keytab.c
deleted: support/nfs/ypupdate_xdr.c
deleted: support/rpc/include/Makefile.am
deleted: tools/rpcdebug/neat_idea.c
deleted: utils/mountd/mount_xdr.c
deleted: utils/rquotad/pathnames.h
|
|
|
|
| |
Just remove the link first.
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Older versions of MIT Kerberos are missing an OID definition, causing
the configure checks for librpcsecgss to fail. We shouldn't be depending
on their libraries during the configure.
|
|
|
|
|
|
|
|
|
|
|
| |
- unused variable 'buf'
- emit a declaration for `buf' on demand.
- unused variable 'i'
- declare i immediately before use
- unused value from IXDR_PUT_
- cast to (void)
- type-punned pointer reference
- cast to (void*) first :-(
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Temporary patch to do default mapping if we get an error while trying to
map a gss principal to the appropriate uid/gid. This currently returns
hardcoded values. This may be correct, or we may need to try and figure
out the correct values to match the anonuid/anongid for the export.
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Change message priorities for errors and debug messages.
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
The readline routine expects much smaller messages than we are passing.
Change the default initial allocation and increment value from 128
to 2048. This saves many calls to realloc().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Update the printerr() function to:
1) Determine whether we'll print the message before going to all the
work of formatting it.
2) Don't just toss away messages that are too long for the buffer.
Print what we can and give an indication of the truncation with
"..." at the end.
3) Use a single buffer rather than two.
4) Messages either go to syslog (with level ERR) or stderr. Don't
send some messages to syslog level DEBUG.
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
As suggested by Olaf Kirch <okir@suse.de>, use setfsuid() rather than
seteuid() when creating a gss context. This prevents users from using
credentials that do not belong to them, while also preventing them from
doing things like killing, renicing, or changing the priority of the
gssd process while it is processing the context creation.
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Specify that the acquire_cred call should only be concerned with returning
Kerberos credentials since this is Kerberos-only functionality.
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Do a call to determine mechanisms supported by the gssapi library early.
This allows us to discover early in case the gssapi library is somehow
misconfigured. We can bail out early and give a meaningful message
rather than getting errors on each attempt at a context negotiation.
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Correct the definition of mech_used in the gss context to use gss_OID_desc.
This fixes problems on 64-bit machines when referencing the OID.
Also updates write_buffer function to use u_int rather than size_t when
doing calculations.
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add CFLAGS to make sure we find and use the correct gssapi.h when
building gss_clnt_send_err
|
| |
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| | |
Update change log and change version number
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
-T - will suppressing listening for TCP connection.
-U - will suppress UDP
-H host - will only listen on that local address
-p port - will listen on that port.
This requires kernel patches which will hopefully be in 2.6.19 and possibly some
earlier test and vendor kernels.
|
| |
| |
| |
| |
| |
| | |
e.g. -N 2
means that NFSv2 won't be supported, just v3 and v4 (if the kernel
supports them).
|
| |
| |
| |
| |
| | |
Greg Banks suggested some variations, particularly improved
use of xmalloc/xstrdup functions. Thanks.
|
| |
| |
| |
| | |
Thanks to Michael Halcrow for finding them.
|