| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Future work needs access to the base pipefs directory rather than
the nfs subdirectory. Create two separate paths called
pipefs_dir and pipefs_nfsdir with the name of each.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
Don't restrict machine credentials to be "nfs/<machine.name>".
Use any usable credentials contained in the keytab file.
[We actually attempt to use the first entry found for each
realm, not every entry, in the keytab.]
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new option ("-n") to rpc.gssd to indicate that accesses as root
(uid 0) should not use machine credentials, but should instead use
"normal" Kerberos credentials obtained by root.
This change was prompted by a suggestion and patch from Daniel
Muntz <Dan.Muntz@netapp.com>. That patch suggested trying "normal"
credentials first and falling back to using machine creds for
uid 0 if normal creds failed.
This opens up the case where root may have credentials as "foo@REALM"
and begins accessing files. Then the context using those credentials
expires and must be renewed. If the credentials are now expired, then
root's new context would fall back and be created with the machine
credentials.
Instead, this patch insists that the administrator choose to use either
machine credentials for accesses by uid 0 (the default behavior, as
it was before) or "normal" credentials. In the latter case, arrangements
must be made to obtain credentials before attempting a mount. There
should be no doubts which credentials are used for uid 0.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
| |
Free keytab entries while processing keytab file.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
| |
As this is a file in /tmp, a symlink could take us anywhere...
If it was a NFS filesystem with a dead server, we could block for a long time..
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
As suggested by Glenn Machin <GMachin@sandia.gov>. Allow svcgssd
to turn on libnfsidmap debugging. This uses a new command-line
parameter so that it can be enabled independently from other
debugging.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
The 0.8 release of Heimdal has (will have) support for the lucid context.
The handling of lucid_sec_context can be shared between builds with MIT
or Heimdal Kerberos.
Split out the lucid_sec_context code from context_mit.c
and make a new common file, context_lucid.c.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Glenn Machin <gmachin@sandia.gov>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Some installations use different name formats for their credentials
caches. Instead of checking that the uid is part of the name, just
make sure that uid is the owner of the file.
This is a modification of the original patch from Glenn.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Remove Kerberos implementation dependency from svcgssd_mech2file.c
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
GSSAPI error codes (major and minor) are defined as unsigned values.
However, we treat them as signed while passing them down to the
kernel where conversion fails if they include the minus sign.
Convert them as unsigned.
Signed-off-by: Neil Brown <neilb@suse.de>
|
| |
|
|
| |
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/76409
|
| |
|
|
|
|
| |
And make sure that if we fail to export a filesystem in mountd,
then we don't try to get a filehandle on it, or a deadlock
might occur.
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add option to store gssd ccaches in a MEMORY: cache rather
than the default FILE: cache. In response to suggestion
from Steve Dickson <steved@redhat.com> and
Nalin Dahyabhai <nalin@redhat.com>.
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Implement a new version of lucid spkm3 context which is passed
down to the kernel.
|
| |
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Clean up a few warning messages.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Kernel routine nfsd_setuser() in fs/nfsd/auth.c checks for the
value -1 and defaults the credential's fsuid/fsgid to the
correct anonuid/anongid values for the given export. We should
be passing this value (-1) down when a name mapping cannot be found.
Thanks to J. Bruce Fields <bfields@fieldses.org> for the reference.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Acked-by: J. Bruce Fields <bfields@fieldses.org>
|
| | |
|
| |
|
|
| |
Avoid usage of -rpath is generally safer, and is required by Debian policy.
|
| |
|
|
| |
as this is more consistant across achitectures.
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Temporary patch to do default mapping if we get an error while trying to
map a gss principal to the appropriate uid/gid. This currently returns
hardcoded values. This may be correct, or we may need to try and figure
out the correct values to match the anonuid/anongid for the export.
|
| |
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Change message priorities for errors and debug messages.
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
The readline routine expects much smaller messages than we are passing.
Change the default initial allocation and increment value from 128
to 2048. This saves many calls to realloc().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Update the printerr() function to:
1) Determine whether we'll print the message before going to all the
work of formatting it.
2) Don't just toss away messages that are too long for the buffer.
Print what we can and give an indication of the truncation with
"..." at the end.
3) Use a single buffer rather than two.
4) Messages either go to syslog (with level ERR) or stderr. Don't
send some messages to syslog level DEBUG.
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
As suggested by Olaf Kirch <okir@suse.de>, use setfsuid() rather than
seteuid() when creating a gss context. This prevents users from using
credentials that do not belong to them, while also preventing them from
doing things like killing, renicing, or changing the priority of the
gssd process while it is processing the context creation.
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Specify that the acquire_cred call should only be concerned with returning
Kerberos credentials since this is Kerberos-only functionality.
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Do a call to determine mechanisms supported by the gssapi library early.
This allows us to discover early in case the gssapi library is somehow
misconfigured. We can bail out early and give a meaningful message
rather than getting errors on each attempt at a context negotiation.
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Correct the definition of mech_used in the gss context to use gss_OID_desc.
This fixes problems on 64-bit machines when referencing the OID.
Also updates write_buffer function to use u_int rather than size_t when
doing calculations.
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add CFLAGS to make sure we find and use the correct gssapi.h when
building gss_clnt_send_err
|
| |
|
|
|
|
| |
support/include/config.h.in from source control
These are auto autogenerated by
aclocal -I aclocal ; autoheader ; automake ; autoconf
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Various paranoia checks:
gssd_proc.c: pass max_field sizes to sscanf to avoid buffer
overflow
svcgssd_proc.c: range_check name.length, to ensure name.length+1
doesn't wrap
idmapd.c(nfsdcb): make sure at least one byte is read before
zeroing the last byte that was read, otherwise memory corruption
is possible.
Found by SuSE security audit.
|
| |
|
|
|
| |
Check for sufficient version of librpcsecgss and libgssapi
in configure.in
|
| |
|
|
|
| |
Update aclocal/tcp-wrappers.m4 to define HAVE_LIBWRAP and
HAVE_TCP_WRAPPERS as appropriate.
|
| |
|
|
|
|
|
| |
Update calls to gss_export_lucid_sec_context()
Change the calls to gss_export_lucid_sec_context() to match the corrected
interface definition in libgssapi-0.9.
|
| |
|
|
|
|
| |
Plug memory leaks in svcgssd
Various memory leaks in the svcgssd context processing are eliminated.
|
| |
|
|
|
|
|
| |
Fix memory leak of the AUTH structure on context negotiations
Free AUTH structure after completing context negotiation and sending
context information to the kernel.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of having separate copies of the gssapi and rpcsecgss
header files, or depending on the Kerberos gssapi header,
locate the headers now installed with the libgssapi and librpcsecgss
libraries.
Remove local copies of the gssapi and rpcsecgss header files.
This depends on the configure_use_autotools patch.
|
| |
|
|
|
|
|
| |
Print debugging message indicating the type of encryption keys being sent
down to the kernel. This should make it easier to detect cases where
unsupported encryption types are being negotiated.
(really this time)
|
| |
|
|
|
|
|
|
|
|
| |
From: Vince Busam <vbusam@google.com>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Don't unnecessarily close and re-open all pipes after every DNOTIFY
signal. These unnecessary closes were triggering a kernel Oops.
Original patch modified to correct segfault when unmounting last
NFSv4 mount.
|
| |
|
|
|
|
|
|
|
| |
From: Vince Busam <vbusam@google.com>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Add command line option to specify which directory should be searched
to find credentials caches.
(really this time)
|
| |
|
|
|
|
|
|
| |
We need to get access to the internal krb5 context pointer for
older (pre-1.4) versions of MIT Kerberos. We get a pointer to
the gss glue's context. Get the right pointer before accessing
the context information.
(really this time)
|
| |
|
|
|
|
| |
warning.
(really this time)
|
| |
|
|
|
|
|
|
|
|
|
| |
The gssd code should not know about the glue layer's context structure.
A previous patch added gss_export_lucid_sec_context() and
gss_free_lucid_sec_context() functions to the gssapi glue layer.
Use these functions rather than calling directly to the Kerberos
gssapi code (which requires the Kerberos context handle rather
than the glue's context handle).
(really this time)
|
| | |
|
| |
|
|
|
| |
into their own file.
(Really this time)
|
| | |
|
| | |
|
| | |
|
