Lines 72-107
struct svc_cred {
Link Here
|
72 |
int cr_ngroups; |
72 |
int cr_ngroups; |
73 |
gid_t cr_groups[NGROUPS]; |
73 |
gid_t cr_groups[NGROUPS]; |
74 |
}; |
74 |
}; |
75 |
static char vbuf[RPC_CHAN_BUF_SIZE]; |
|
|
76 |
|
75 |
|
77 |
static int |
76 |
static int |
78 |
do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred, |
77 |
do_svc_downcall(gss_buffer_desc *out_handle, struct svc_cred *cred, |
79 |
gss_OID mech, gss_buffer_desc *context_token, |
78 |
gss_OID mech, gss_buffer_desc *context_token, |
80 |
int32_t endtime, char *client_name) |
79 |
int32_t endtime, char *client_name) |
81 |
{ |
80 |
{ |
82 |
FILE *f; |
81 |
char buf[RPC_CHAN_BUF_SIZE], *bp; |
83 |
int i; |
82 |
int i, f, err, blen; |
84 |
char *fname = NULL; |
83 |
char *fname = NULL; |
85 |
int err; |
|
|
86 |
|
84 |
|
87 |
printerr(1, "doing downcall\n"); |
85 |
printerr(1, "doing downcall\n"); |
88 |
if ((fname = mech2file(mech)) == NULL) |
86 |
if ((fname = mech2file(mech)) == NULL) |
89 |
goto out_err; |
87 |
goto out_err; |
90 |
f = fopen(SVCGSSD_CONTEXT_CHANNEL, "w"); |
88 |
f = open(SVCGSSD_CONTEXT_CHANNEL, O_WRONLY); |
91 |
if (f == NULL) { |
89 |
if (f < 0) { |
92 |
printerr(0, "WARNING: unable to open downcall channel " |
90 |
printerr(0, "WARNING: unable to open downcall channel " |
93 |
"%s: %s\n", |
91 |
"%s: %s\n", |
94 |
SVCGSSD_CONTEXT_CHANNEL, strerror(errno)); |
92 |
SVCGSSD_CONTEXT_CHANNEL, strerror(errno)); |
95 |
goto out_err; |
93 |
goto out_err; |
96 |
} |
94 |
} |
97 |
setvbuf(f, vbuf, _IOLBF, RPC_CHAN_BUF_SIZE); |
95 |
bp = buf, blen = sizeof(buf); |
98 |
qword_printhex(f, out_handle->value, out_handle->length); |
96 |
qword_addhex(&bp, &blen, out_handle->value, out_handle->length); |
99 |
/* XXX are types OK for the rest of this? */ |
97 |
/* XXX are types OK for the rest of this? */ |
100 |
/* For context cache, use the actual context endtime */ |
98 |
/* For context cache, use the actual context endtime */ |
101 |
qword_printint(f, endtime); |
99 |
qword_addint(&bp, &blen, endtime); |
102 |
qword_printint(f, cred->cr_uid); |
100 |
qword_addint(&bp, &blen, cred->cr_uid); |
103 |
qword_printint(f, cred->cr_gid); |
101 |
qword_addint(&bp, &blen, cred->cr_gid); |
104 |
qword_printint(f, cred->cr_ngroups); |
102 |
qword_addint(&bp, &blen, cred->cr_ngroups); |
105 |
printerr(2, "mech: %s, hndl len: %d, ctx len %d, timeout: %d (%d from now), " |
103 |
printerr(2, "mech: %s, hndl len: %d, ctx len %d, timeout: %d (%d from now), " |
106 |
"clnt: %s, uid: %d, gid: %d, num aux grps: %d:\n", |
104 |
"clnt: %s, uid: %d, gid: %d, num aux grps: %d:\n", |
107 |
fname, out_handle->length, context_token->length, |
105 |
fname, out_handle->length, context_token->length, |
Lines 109-127
do_svc_downcall(gss_buffer_desc *out_han
Link Here
|
109 |
client_name ? client_name : "<null>", |
107 |
client_name ? client_name : "<null>", |
110 |
cred->cr_uid, cred->cr_gid, cred->cr_ngroups); |
108 |
cred->cr_uid, cred->cr_gid, cred->cr_ngroups); |
111 |
for (i=0; i < cred->cr_ngroups; i++) { |
109 |
for (i=0; i < cred->cr_ngroups; i++) { |
112 |
qword_printint(f, cred->cr_groups[i]); |
110 |
qword_addint(&bp, &blen, cred->cr_groups[i]); |
113 |
printerr(2, " (%4d) %d\n", i+1, cred->cr_groups[i]); |
111 |
printerr(2, " (%4d) %d\n", i+1, cred->cr_groups[i]); |
114 |
} |
112 |
} |
115 |
qword_print(f, fname); |
113 |
qword_add(&bp, &blen, fname); |
116 |
qword_printhex(f, context_token->value, context_token->length); |
114 |
qword_addhex(&bp, &blen, context_token->value, context_token->length); |
117 |
if (client_name) |
115 |
if (client_name) |
118 |
qword_print(f, client_name); |
116 |
qword_add(&bp, &blen, client_name); |
119 |
err = qword_eol(f); |
117 |
qword_addeol(&bp, &blen); |
120 |
if (err) { |
118 |
err = 0; |
|
|
119 |
if (blen <= 0 || write(f, buf, bp - buf) != bp - buf) { |
121 |
printerr(1, "WARNING: error writing to downcall channel " |
120 |
printerr(1, "WARNING: error writing to downcall channel " |
122 |
"%s: %s\n", SVCGSSD_CONTEXT_CHANNEL, strerror(errno)); |
121 |
"%s: %s\n", SVCGSSD_CONTEXT_CHANNEL, strerror(errno)); |
|
|
122 |
err = -1; |
123 |
} |
123 |
} |
124 |
fclose(f); |
124 |
close(f); |
125 |
return err; |
125 |
return err; |
126 |
out_err: |
126 |
out_err: |
127 |
printerr(1, "WARNING: downcall failed\n"); |
127 |
printerr(1, "WARNING: downcall failed\n"); |
Lines 381-387
out_err:
Link Here
|
381 |
} |
381 |
} |
382 |
|
382 |
|
383 |
void |
383 |
void |
384 |
handle_nullreq(FILE *f) { |
384 |
handle_nullreq(int *f) { |
385 |
/* XXX initialize to a random integer to reduce chances of unnecessary |
385 |
/* XXX initialize to a random integer to reduce chances of unnecessary |
386 |
* invalidation of existing ctx's on restarting svcgssd. */ |
386 |
* invalidation of existing ctx's on restarting svcgssd. */ |
387 |
static u_int32_t handle_seq = 0; |
387 |
static u_int32_t handle_seq = 0; |
Lines 403-422
handle_nullreq(FILE *f) {
Link Here
|
403 |
u_int32_t maj_stat = GSS_S_FAILURE, min_stat = 0; |
403 |
u_int32_t maj_stat = GSS_S_FAILURE, min_stat = 0; |
404 |
u_int32_t ignore_min_stat; |
404 |
u_int32_t ignore_min_stat; |
405 |
struct svc_cred cred; |
405 |
struct svc_cred cred; |
406 |
static char *lbuf = NULL; |
406 |
char lbuf[RPC_CHAN_BUF_SIZE]; |
407 |
static int lbuflen = 0; |
407 |
int lbuflen = 0; |
408 |
static char *cp; |
408 |
char *cp; |
409 |
int32_t ctx_endtime; |
409 |
int32_t ctx_endtime; |
410 |
char *hostbased_name = NULL; |
410 |
char *hostbased_name = NULL; |
411 |
|
411 |
|
412 |
printerr(1, "handling null request\n"); |
412 |
printerr(1, "handling null request\n"); |
413 |
|
413 |
|
414 |
if (readline(fileno(f), &lbuf, &lbuflen) != 1) { |
414 |
lbuflen = read(f, lbuf, sizeof(lbuf)); |
|
|
415 |
if (lbuflen <= 0 || lbuf[lbuflen-1] != '\n') { |
415 |
printerr(0, "WARNING: handle_nullreq: " |
416 |
printerr(0, "WARNING: handle_nullreq: " |
416 |
"failed reading request\n"); |
417 |
"failed reading request\n"); |
417 |
return; |
418 |
return; |
418 |
} |
419 |
} |
419 |
|
420 |
lbuf[lbuflen-1] = 0; |
420 |
cp = lbuf; |
421 |
cp = lbuf; |
421 |
|
422 |
|
422 |
in_handle.length = (size_t) qword_get(&cp, in_handle.value, |
423 |
in_handle.length = (size_t) qword_get(&cp, in_handle.value, |