| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Using libevent (which is already in use in idmap) saves about a hundred
lines of hand-rolled event loop code.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Having all the main loop code in one file is important in preparation
for later patches which add inotify and libevent.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The tirpc variable is another library to add, not additional flags.
I'm guessing the reason this hasn't caused problems is that it only
shows up with static libraries.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add mention of new files, remove mention of old files,
and cause "make dist" to create something very similar to
the current distributions.
systemd files are not currently included in "make dist" and some
files generated by "rpcgen" are (though they aren't in official
distribution).
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Now that gssproxy is supported on modern kernels,
the svcgssd is no longer needed. This switch
disables the building of the daemon.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
In a later patch, we'll need gssd to call into this code as well as
svcgssd. Move it into a common file that both can link in.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As Bruce recently pointed out, gss_clnt_send_err basically does an
unsolicited downcall into the kernel to try and destroy a valid GSS
context. That has been broken however since this kernel commit:
commit 3b68aaeaf54065e5c44583a1d33ffb7793953ba4
Author: Trond Myklebust <Trond.Myklebust@netapp.com>
Date: Thu Jun 7 10:14:15 2007 -0400
SUNRPC: Always match an upcall message in gss_pipe_downcall()
Downcalls that don't match an in-progress upcall just get back an
-ENOENT error and don't actually do anything. Remove these tools
since they've been useless for the last 6 years.
Reported-by: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Make libgssglue configurable still but disabled by default.
There is no reason to use libgssglue anymore, and modern gssapi
supports all needed features for nfs-utils.
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is essentially the same as the previous version, but has
been respun to fix up some merge conflicts with some of Chuck's
recent changes.
When we first added tirpc support, we took a "big hammer" approach, and
had it add libtirpc to $LIBS. That had the effect of making it so that
that library was linked into every binary. That's unnecessary, and
wasteful with memory.
Don't let AC_CHECK_LIB add -ltirpc to $LIBS. Instead, have the autoconf
tests set $(LIBTIRPC) in the makefiles, and have the programs that
need it explicitly include that library. In the event that we're not
using libtirpc, then set $LIBTIRPC to a blank string.
This necessitates a change to the bindresvport_sa check too. Since that
library is no longer included in $LIBS, we need to convert that check
to use AC_CHECK_LIB instead of AC_CHECK_FUNCS.
This patch also fixes a subtle bug. If the library was usable, but the
includes were not, the test would set $enable_tirpc to "no", but
HAVE_LIBTIRPC would still be true. That configuration would likely
fail to build.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
...as that makes that library get linked into every binary. Also,
replace "hardcoded" -lnfsidmap linker flag in Makefiles with
a AC_SUBST variable.
This fixes a regression introduced in commit d7c64dd.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent versions of Kerberos libraries negotiate and use
an "acceptor subkey". This negotiation does not consider
that a service may have limited the encryption keys in its
keytab. A patch (http://src.mit.edu/fisheye/changelog/krb5/?cs=24603)
has been added to the MIT Kerberos code to allow an application
to indicate that it wants to limit the encryption types negotiated.
(This functionality has been available on the client/initiator
side for a while. The new patch adds this support to the
server/acceptor side.)
This patch adds support to read a recently added nfsd
proc file to determine the encryption types supported by
the kernel and calls the function to limit encryption
types negotiated for the acceptor subkey.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Jeff Layton <jlayton@redhat.com>
Make the pkgconfig check for libgssglue conditional on tirpc being
enabled. When it's disabled, the pkgconfig check for librpcsecgss will
pull in the gssglue lib and include dir automatically.
Also, make sure we include GSSGLUE_CFLAGS and the GSSGLUE_LIBS to the
appropriate places in utils/gssd/Makefile.am so that we pick up
the gssglue libs when tirpc is enabled.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
use the new xlog logging infrastructure.
This patch removes all of the old idmap_* logging functions and replaced them
with the corresponding xlog functions. In addition that that it also reworks
the gssd logging wrappers to use the new xlog_backend. Finally it makes
necessary changes to the build files to get the project compiling again.
Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
Now that the nfslib library has all the necessary functions and they
all operate as needed, use them instead of the private versions in
utils/gssd/cacheio.c.
The obsolete private versions are removed in the next patch.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
The 0.8 release of Heimdal has (will have) support for the lucid context.
The handling of lucid_sec_context can be shared between builds with MIT
or Heimdal Kerberos.
Split out the lucid_sec_context code from context_mit.c
and make a new common file, context_lucid.c.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| | |
|
| |
|
|
| |
Avoid usage of -rpath is generally safer, and is required by Debian policy.
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add CFLAGS to make sure we find and use the correct gssapi.h when
building gss_clnt_send_err
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of having separate copies of the gssapi and rpcsecgss
header files, or depending on the Kerberos gssapi header,
locate the headers now installed with the libgssapi and librpcsecgss
libraries.
Remove local copies of the gssapi and rpcsecgss header files.
This depends on the configure_use_autotools patch.
|
| |
|
|
|
| |
into their own file.
(Really this time)
|
| | |
|
| |
|
