| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
No failure case if gssd doesn't recognize the kernel's requested
protocol. Caught with "protocol=rdma" upcall.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
find_keytab_entry() first looks for an entry of the form
<HOSTNAME>$@<DOMAIN>, which corresponds to the Active Directory machine
account. It assumes that <HOSTNAME> will be in uppercase because that's
how the entry is created if the machine is joined to the domain using
Samba.
But that's not necessarily the case if the another identity management
solution is used... for example a keytab entry for a machine account
created by Centrify will match the actual computer account in Active
Directory, whether that be in upper case, lower case, or mixed case.
So first look for an entry that matches the unmodified hostname and then
convert it to uppercase and try again only if that failed.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
The interface for controlling the debug level in libtirpc was added
over a year ago, but nothing's taking advantage of it.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we no longer fork for uid 0, gssd_atexit()
is only called when uid != 0, and fails as permissions
on the /tmp/krb5ccmachine_REALM file prohibit the
clean up of machine credentials (as it should).
Move the reaping of machine credentials back into a
SIGINT sighandler so that <Ctrl-C> destroyes
machine credentials.
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit f9cac65972da588d5218236de60a7be11247a8aa
added the fork to process_krb5_upcall so that the
child assumes the uid of the principal requesting
service.
When machine credentials are used, a gssd_k5_kt_princ
entry is added to a global list and used by future
upcalls to note when valid machine credentials have
been obtained. When a child process performs this task,
the entry to the global list is lost upon exit, and
all upcalls for machine credentials re-fetch a TGT,
even when a valid TGT is in the machine kerberos
credential cache.
Since forking is not necessary when the principal has
uid=0, solve the gssd_k5_kt_princ_list issue by only
forking when the uid != 0.
Acked-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
This reverts commit 21f10369965bb183d1a72df1da0c2811cd2b1d5c
due to child processes not exiting on upcalls.
|
| |
|
|
|
|
|
|
|
|
|
| |
From: Andy Adamson <andros@netapp.com>
exit(0) silenty reaps the gssd_k5_kt_princ struct, the in-memory
rpc.gssd cache which means that rpc.gssd will get a new TGT and TGS for
each upcall, ignoring a valid TGT in the kerberos credential cache.
Signed-off-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
In gssd_search_krb5_keytab() an error code can be
cleared by blindly setting retval to zero.
Reported-by: Jianhong Yin <jiyin@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Stumbled across this function, just had to simplify it. No mallocs
necessary, one quick loop to find the parameters. Much simpler.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Make full use of inotify by not rescanning the whole tree on each change,
instead keep track of the inotify events and make sure that the minimum
work (scan/create/delete) clients is done in most cases. Still detect
anomalies and perform a full rescan in those cases.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Save some more memory by using relative pathnames.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This is just the first step, replacing dnotify with an inotify
implementation that is not much better (still does a complete
rescan of the whole rpc_pipefs tree on each change).
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
There's a lot of fixed buffers in use here. Clean up the code and
add more documentation on the different formats that have been
used by the kernel.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Simplify the code responsible for the client dir scanning. This
is also in preparation for the inotify patches.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Simplify and refactor the code that does the topdir scanning, this
is in preparation for the inotify patches.
Signed-off-by: David H?rdeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Using more relative paths saves memory and lets us get rid of more
PATH_MAX fixed arrays.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Keep the rpc_pipefs dir open and just do a rewind/rescan when
necessary.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This makes it easier to keep track of which client belongs
to which topdir.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This code is mostly just confusing. Close the fds immediately
instead of doing so later.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Using libevent (which is already in use in idmap) saves about a hundred
lines of hand-rolled event loop code.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Move all rpc_pipefs scanning code from gssd_proc.c to gssd.c in
preparation for later patches.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
By chdir():ing to the root of the rpc_pipefs dir and making paths
relative from there (gssd already keeps a number of files open
in rpc_pipefs so chdir doesn't suddenly make it impossible to
umount rpc_pipefs because of this patch).
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Get rid of another arbitrary limitation and PATH_MAX array.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Using PATH_MAX in modern code is almost always a bad idea. Simplify
the code and remove that arbitrary limitation at the same time.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Having all the main loop code in one file is important in preparation
for later patches which add inotify and libevent.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The daemonization init/ready functions have parameters that are never used,
require the caller to keep track of some pipefds that it has no interest in
and which might not be used in some scenarios. Cleanup both functions a bit.
The idea here is also that these two functions might be good points to
insert more systemd init code later (sd_notify()).
Also, statd had a private copy of the daemonization code for unknown
reasons...so make it use the generic version instead.
Signed-off-by: David H?rdeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The tirpc variable is another library to add, not additional flags.
I'm guessing the reason this hasn't caused problems is that it only
shows up with static libraries.
Signed-off-by: David Hardeman <david@hardeman.nu>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add mention of new files, remove mention of old files,
and cause "make dist" to create something very similar to
the current distributions.
systemd files are not currently included in "make dist" and some
files generated by "rpcgen" are (though they aren't in official
distribution).
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Now that gssproxy is supported on modern kernels,
the svcgssd is no longer needed. This switch
disables the building of the daemon.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible for "preferred_realm" to be NULL, in which case we
don't want to pass it to strcmp. Other places that use this variable
test whether it's NULL first -- we need to do the same here.
This should fix the gssd crash reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=1108615
Reported-by: Brian J. Murrell <brian@interlinx.bc.ca>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enable kerberized NFS mounts to succeed even if the
principal is not <HOSTNAME>$.
It works by reading another principal name from the [appdefaults]
section of krb5.conf:
[appdefaults]
nfs = {
ad_principal_name = 129.125.39.115$
}
Signed-off-by: Jurjen Bokma <j.bokma@rug.nl>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using rpc.gssd to secure NFSv3 FS using krb5, the following errors
can happen as a result of network congestion.
"rpc.gssd WARNING: can't create tcp rpc_clnt to server ... : RPC: Remote
system error - Connection timed out"
we had a successful reproducer of the problem which we tested using this
patch by starting rpc.gssd with "-T 60" as the option which solved the
problem. reproducer steps were to throttle the network using tc command
and then in a never ending loop mount the share, then write some data in
the file on the share and unmount it. keep a delay of 5 sec between the
iteration of each loop.
CC: Christian Horn <chorn@redhat.com>
Signed-off-by: Rinku Kothiya <rkothiya@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When there is no kernel modules loaded the rpc_pipefs
directory is empty, which cause rpc.gssd to silently
exit.
This patch adds a check to see if the topdirs_list
is empty. If so error out without dropping a core.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
In commit 51fda07a "gssd: scrape the acceptor name out of the context"
the allocated buffer size is not large enough to hold the actual data
that is written to the buffer. This fixes the allocated buffer size.
Reviewed-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Veli-Matti Lintu <veli-matti.lintu@opinsys.fi>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
...and pass it to the kernel in the downcall. Legacy kernels will just
ignore the extra data, but with a proposed kernel patch the kernel will
grab this info and use it to verify requests on the v4.0 callback
channel.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Contrary to the comment here, the lifetime_rec is not necessarily set
to zero on failure. That's only guaranteed to be the case if the context
has expired.
Cc: Andy Adamson <androsadamson@gmail.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
We'll need a gss_buffer_t to pass to the downcall marshalling code.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
In a later patch, we'll need gssd to call into this code as well as
svcgssd. Move it into a common file that both can link in.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
...since its return code is ignored anyway.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
...and get rid of some pointless NULL ptr checks.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When trying to use the special MS Windows hostanme we need to stop
at the first '.' if we got a FQDN from gethostname()
Tee HOST$@REALM form in fact uses the AD samAccountName attribute to
represent 'HOST', and that attribute is always the host's shortname.
Characters like '.' are actually illegal for a shortname in AD.
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some krb5 routines will attempt to access files in the user's home
directory. This is problematic for gssd when the user's homedir is
on a kerberized NFS mount as it will end up deadlocked.
Fix this by setting $HOME unconditionally to "/".
Fixes this Fedora bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1052902
Reported-by: Enrico Scholz <rh-bugzilla@ensc.de>
Reported-by: nmorey <nmorey@kalray.eu>
Tested-by: Michael Young <m.a.young@durham.ac.uk>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The name variable is always set to NULL now in all callers, so just
sto passing it around needlessly.
The uid_t variable is not used at all, so chuck it out too.
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since now rpc.gssd is switching uid before attempting to acquire
credentials, we do not need to pass in the special uid-as-a-string name
to gssapi, because the process is already running under the user's
credentials.
By removing this code we can fix a class of false negatives where the
user name does not match the actual ccache credentials and the ccache
type used is not one of the only 2 supported explicitly by rpc.gssd by
the fallback trolling done later.
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
With some proposed kernel changes, it won't even attempt to upcall
sometimes if it doesn't appear that gssd is running. This means that
we have a theoretical race between gssd starting up at boot time and
the init process attempting to mount kerberized filesystems.
Fix this by switching gssd to use mydaemon() and having the child
only release the parent after it has processed the directory once.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
