OpenSDE
/
package-nopast
3
0
Fork 0
Code Issues 9 Projects 1 Releases Activity
OpenSDE Packages Database (without history before r20070)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10369 Commits
49 Branches
0 Tags
34 MiB
Tree: 9f2a2f434e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9f2a2f434e'
${ noResults }
package-nopast/network/libtirpc/libtirpc-0.2.3-rc2.patch

950 lines
29 KiB
Raw Normal View History

libtirpc: added patch integrating upstream fixes (0.2.3-rc2)
13 years ago
  1. # --- SDE-COPYRIGHT-NOTE-BEGIN ---
  2. # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
  3. #
  4. # Filename: package/.../libtirpc/libtirpc-0.2.3-rc2.patch
  5. # Copyright (C) 2011 The OpenSDE Project
  6. #
  7. # More information can be found in the files COPYING and README.
  8. #
  9. # This patch file is dual-licensed. It is available under the license the
  10. # patched project is licensed under, as long as it is an OpenSource license
  11. # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
  12. # of the GNU General Public License as published by the Free Software
  13. # Foundation; either version 2 of the License, or (at your option) any later
  14. # version.
  15. # --- SDE-COPYRIGHT-NOTE-END ---
  17. From 40dcc63eecbd1dfc30363351a61167353bb814a4 Mon Sep 17 00:00:00 2001
  18. From: Steve Dickson <steved@redhat.com>
  19. Date: Sat, 18 Jun 2011 09:49:40 -0400
  20. Subject: [PATCH 01/11] Do not skip records with nonblocking connections
  22. With non-blocking connections, do not skip records when receiving
  23. the streams since entire value messages can be ignored which
  24. in cause the entire stream to become out of sync.
  26. For example, two mounts simultaneously send two unmaps
  27. commands. The first one is read, then the second thrown
  28. away due to skipping the record. Skipping this record
  29. will cause XDR error later in processing of the stream.
  31. Signed-off-by: Steve Dickson <steved@redhat.com>
  32. ---
  33. src/svc_vc.c | 6 +++++-
  34. 1 files changed, 5 insertions(+), 1 deletions(-)
  36. diff --git libtirpc-0.2.2/src/svc_vc.c libtirpc-0.2.3-rc2/src/svc_vc.c
  37. index aaaf2d7..87406f1 100644
  38. --- libtirpc-0.2.2/src/svc_vc.c
  39. +++ libtirpc-0.2.3-rc2/src/svc_vc.c
  40. @@ -610,7 +610,11 @@ svc_vc_recv(xprt, msg)
  41. }
  43. xdrs->x_op = XDR_DECODE;
  44. - (void)xdrrec_skiprecord(xdrs);
  45. + /*
  46. + * No need skip records with nonblocking connections
  47. + */
  48. + if (cd->nonblock == FALSE)
  49. + (void)xdrrec_skiprecord(xdrs);
  50. if (xdr_callmsg(xdrs, msg)) {
  51. cd->x_id = msg->rm_xid;
  52. return (TRUE);
  53. --
  54. 1.7.2.3
  57. From 84570a5f6c5d588d38fb4d42fb13048e62bea71d Mon Sep 17 00:00:00 2001
  58. From: Matthew N. Dodd <matthew.nygard.dodd@gmail.com>
  59. Date: Mon, 20 Jun 2011 13:32:58 -0400
  60. Subject: [PATCH 02/11] PCSEC_GSS_SVC_PRIVACY failure.
  62. in authgss_prot.c:xdr_rpc_gss_wrap_data(), gss_wrap() is called in the
  63. svc == RPCSEC_GSS_SVC_PRIVACY conditional block with databuf.length
  64. uninitialized.
  66. Initialization performed in the svc == RPCSEC_GSS_SVC_INTEGRITY
  67. conditional block should be moved.
  69. Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
  70. Signed-off-by: Steve Dickson <steved@redhat.com>
  71. ---
  72. src/authgss_prot.c | 2 +-
  73. 1 files changed, 1 insertions(+), 1 deletions(-)
  75. diff --git libtirpc-0.2.2/src/authgss_prot.c libtirpc-0.2.3-rc2/src/authgss_prot.c
  76. index 9d7fa09..0168318 100644
  77. --- libtirpc-0.2.2/src/authgss_prot.c
  78. +++ libtirpc-0.2.3-rc2/src/authgss_prot.c
  79. @@ -161,6 +161,7 @@ xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
  80. databuflen = end - start - 4;
  81. XDR_SETPOS(xdrs, start + 4);
  82. databuf.value = XDR_INLINE(xdrs, databuflen);
  83. + databuf.length = databuflen;
  85. xdr_stat = FALSE;
  87. @@ -169,7 +170,6 @@ xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
  88. XDR_SETPOS(xdrs, start);
  89. if (!xdr_u_int(xdrs, (u_int *)&databuflen))
  90. return (FALSE);
  91. - databuf.length = databuflen;
  93. /* Checksum rpc_gss_data_t. */
  94. maj_stat = gss_get_mic(&min_stat, ctx, qop,
  95. --
  96. 1.7.2.3
  99. From 1e786fc401ff625fdcec3e0bdc495125feb0a070 Mon Sep 17 00:00:00 2001
  100. From: Matthew N. Dodd <matthew.nygard.dodd@gmail.com>
  101. Date: Mon, 20 Jun 2011 13:33:35 -0400
  102. Subject: [PATCH 03/11] Use of lseek() in xdr_rec.c:xdrrec_getpos().
  104. The use of lseek() in xdr_rec.c:xdrrec_getpos() without checking for
  105. ESPIPE will fail to handle the common case, resulting in poor behavior
  106. in calling code. (In particular auth_gss.c:authgss_marshal() calls
  107. gss_get_mic() with rpcbuf.length set to -1, with spectacular results.)
  109. The original MIT Krb5 RPC code lacks this addition, which I'm unclear of
  110. the utility of in the first place.
  112. Reverting to the MIT code permits correct function of a trivial RPC
  113. client using GSS.
  115. Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
  116. Signed-off-by: Steve Dickson <steved@redhat.com>
  117. ---
  118. src/xdr_rec.c | 27 +++++++++++++--------------
  119. 1 files changed, 13 insertions(+), 14 deletions(-)
  121. diff --git libtirpc-0.2.2/src/xdr_rec.c libtirpc-0.2.3-rc2/src/xdr_rec.c
  122. index 4e815d7..2aca623 100644
  123. --- libtirpc-0.2.2/src/xdr_rec.c
  124. +++ libtirpc-0.2.3-rc2/src/xdr_rec.c
  125. @@ -64,7 +64,6 @@
  126. #include <rpc/clnt.h>
  127. #include <stddef.h>
  128. #include "rpc_com.h"
  129. -#include <unistd.h>
  130. static bool_t xdrrec_getlong(XDR *, long *);
  131. static bool_t xdrrec_putlong(XDR *, const long *);
  132. static bool_t xdrrec_getbytes(XDR *, char *, u_int);
  133. @@ -330,22 +329,22 @@ xdrrec_getpos(xdrs)
  134. RECSTREAM *rstrm = (RECSTREAM *)xdrs->x_private;
  135. off_t pos;
  137. - pos = lseek((int)(u_long)rstrm->tcp_handle, (off_t)0, 1);
  138. - if (pos != -1)
  139. - switch (xdrs->x_op) {
  140. + switch (xdrs->x_op) {
  142. - case XDR_ENCODE:
  143. - pos += rstrm->out_finger - rstrm->out_base;
  144. - break;
  145. + case XDR_ENCODE:
  146. + pos = rstrm->out_finger - rstrm->out_base
  147. + - BYTES_PER_XDR_UNIT;
  148. + break;
  150. - case XDR_DECODE:
  151. - pos -= rstrm->in_boundry - rstrm->in_finger;
  152. - break;
  153. + case XDR_DECODE:
  154. + pos = rstrm->in_boundry - rstrm->in_finger
  155. + - BYTES_PER_XDR_UNIT;
  156. + break;
  158. - default:
  159. - pos = (off_t) -1;
  160. - break;
  161. - }
  162. + default:
  163. + pos = (off_t) -1;
  164. + break;
  165. + }
  166. return ((u_int) pos);
  167. }
  169. --
  170. 1.7.2.3
  173. From 2abb87646f696726f4ee3a89db6ebfc8adbd9b9b Mon Sep 17 00:00:00 2001
  174. From: Matthew N. Dodd <matthew.nygard.dodd@gmail.com>
  175. Date: Mon, 20 Jun 2011 13:34:34 -0400
  176. Subject: [PATCH 04/11] AUTH_WRAP/AUTH_UNWRAP support.
  178. Client code lacks support for authenticator wrapping/unwrapping, which
  179. is particularly useful when using GSS.
  181. Verified for both tcp & udp using a trivial RPC client against a MIT
  182. Krb5 server.
  184. Signed-off-by: Steve Dickson <steved@redhat.com>
  185. ---
  186. src/auth_des.c | 8 ++++++++
  187. src/auth_none.c | 8 ++++++++
  188. src/auth_unix.c | 8 ++++++++
  189. src/clnt_dg.c | 10 +++++++---
  190. src/clnt_vc.c | 5 +++--
  191. 5 files changed, 34 insertions(+), 5 deletions(-)
  193. diff --git libtirpc-0.2.2/src/auth_des.c libtirpc-0.2.3-rc2/src/auth_des.c
  194. index 37e7667..829c817 100644
  195. --- libtirpc-0.2.2/src/auth_des.c
  196. +++ libtirpc-0.2.3-rc2/src/auth_des.c
  197. @@ -472,6 +472,12 @@ authdes_destroy(AUTH *auth)
  198. FREE(auth, sizeof(AUTH));
  199. }
  201. +static bool_t
  202. +authdes_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xfunc, caddr_t xwhere)
  203. +{
  204. + return ((*xfunc)(xdrs, xwhere));
  205. +}
  206. +
  207. static struct auth_ops *
  208. authdes_ops(void)
  209. {
  210. @@ -487,6 +493,8 @@ authdes_ops(void)
  211. ops.ah_validate = authdes_validate;
  212. ops.ah_refresh = authdes_refresh;
  213. ops.ah_destroy = authdes_destroy;
  214. + ops.ah_wrap = authdes_wrap;
  215. + ops.ah_unwrap = authdes_wrap;
  216. }
  217. mutex_unlock(&authdes_ops_lock);
  218. return (&ops);
  219. diff --git libtirpc-0.2.2/src/auth_none.c libtirpc-0.2.3-rc2/src/auth_none.c
  220. index a439ec6..008c589 100644
  221. --- libtirpc-0.2.2/src/auth_none.c
  222. +++ libtirpc-0.2.3-rc2/src/auth_none.c
  223. @@ -155,6 +155,12 @@ authnone_destroy(AUTH *client)
  224. {
  225. }
  227. +static bool_t
  228. +authnone_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xfunc, caddr_t xwhere)
  229. +{
  230. + return ((*xfunc)(xdrs, xwhere));
  231. +}
  232. +
  233. static struct auth_ops *
  234. authnone_ops()
  235. {
  236. @@ -170,6 +176,8 @@ authnone_ops()
  237. ops.ah_validate = authnone_validate;
  238. ops.ah_refresh = authnone_refresh;
  239. ops.ah_destroy = authnone_destroy;
  240. + ops.ah_wrap = authnone_wrap;
  241. + ops.ah_unwrap = authnone_wrap;
  242. }
  243. mutex_unlock(&ops_lock);
  244. return (&ops);
  245. diff --git libtirpc-0.2.2/src/auth_unix.c libtirpc-0.2.3-rc2/src/auth_unix.c
  246. index c2469da..5b8990f 100644
  247. --- libtirpc-0.2.2/src/auth_unix.c
  248. +++ libtirpc-0.2.3-rc2/src/auth_unix.c
  249. @@ -396,6 +396,12 @@ marshal_new_auth(auth)
  250. XDR_DESTROY(xdrs);
  251. }
  253. +static bool_t
  254. +authunix_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xfunc, caddr_t xwhere)
  255. +{
  256. + return ((*xfunc)(xdrs, xwhere));
  257. +}
  258. +
  259. static struct auth_ops *
  260. authunix_ops()
  261. {
  262. @@ -411,6 +417,8 @@ authunix_ops()
  263. ops.ah_validate = authunix_validate;
  264. ops.ah_refresh = authunix_refresh;
  265. ops.ah_destroy = authunix_destroy;
  266. + ops.ah_wrap = authunix_wrap;
  267. + ops.ah_unwrap = authunix_wrap;
  268. }
  269. mutex_unlock(&ops_lock);
  270. return (&ops);
  271. diff --git libtirpc-0.2.2/src/clnt_dg.c libtirpc-0.2.3-rc2/src/clnt_dg.c
  272. index 79fed5d..4a1f60a 100644
  273. --- libtirpc-0.2.2/src/clnt_dg.c
  274. +++ libtirpc-0.2.3-rc2/src/clnt_dg.c
  275. @@ -366,7 +366,7 @@ call_again:
  277. if ((! XDR_PUTINT32(xdrs, (int32_t *)&proc)) ||
  278. (! AUTH_MARSHALL(cl->cl_auth, xdrs)) ||
  279. - (! (*xargs)(xdrs, argsp))) {
  280. + (! AUTH_WRAP(cl->cl_auth, xdrs, xargs, argsp))) {
  281. cu->cu_error.re_status = RPC_CANTENCODEARGS;
  282. goto out;
  283. }
  284. @@ -400,8 +400,8 @@ get_reply:
  285. * (We assume that this is actually only executed once.)
  286. */
  287. reply_msg.acpted_rply.ar_verf = _null_auth;
  288. - reply_msg.acpted_rply.ar_results.where = resultsp;
  289. - reply_msg.acpted_rply.ar_results.proc = xresults;
  290. + reply_msg.acpted_rply.ar_results.where = NULL;
  291. + reply_msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_void;
  293. fd.fd = cu->cu_fd;
  294. fd.events = POLLIN;
  295. @@ -512,6 +512,10 @@ get_reply:
  296. &reply_msg.acpted_rply.ar_verf)) {
  297. cu->cu_error.re_status = RPC_AUTHERROR;
  298. cu->cu_error.re_why = AUTH_INVALIDRESP;
  299. + } else if (! AUTH_UNWRAP(cl->cl_auth, &reply_xdrs,
  300. + xresults, resultsp)) {
  301. + if (cu->cu_error.re_status == RPC_SUCCESS)
  302. + cu->cu_error.re_status = RPC_CANTDECODERES;
  303. }
  304. if (reply_msg.acpted_rply.ar_verf.oa_base != NULL) {
  305. xdrs->x_op = XDR_FREE;
  306. diff --git libtirpc-0.2.2/src/clnt_vc.c libtirpc-0.2.3-rc2/src/clnt_vc.c
  307. index 359063c..097cae8 100644
  308. --- libtirpc-0.2.2/src/clnt_vc.c
  309. +++ libtirpc-0.2.3-rc2/src/clnt_vc.c
  310. @@ -364,7 +364,7 @@ call_again:
  311. if ((! XDR_PUTBYTES(xdrs, ct->ct_u.ct_mcallc, ct->ct_mpos)) ||
  312. (! XDR_PUTINT32(xdrs, (int32_t *)&proc)) ||
  313. (! AUTH_MARSHALL(cl->cl_auth, xdrs)) ||
  314. - (! (*xdr_args)(xdrs, args_ptr))) {
  315. + (! AUTH_WRAP(cl->cl_auth, xdrs, xdr_args, args_ptr))) {
  316. if (ct->ct_error.re_status == RPC_SUCCESS)
  317. ct->ct_error.re_status = RPC_CANTENCODEARGS;
  318. (void)xdrrec_endofrecord(xdrs, TRUE);
  319. @@ -420,7 +420,8 @@ call_again:
  320. &reply_msg.acpted_rply.ar_verf)) {
  321. ct->ct_error.re_status = RPC_AUTHERROR;
  322. ct->ct_error.re_why = AUTH_INVALIDRESP;
  323. - } else if (! (*xdr_results)(xdrs, results_ptr)) {
  324. + } else if (! AUTH_UNWRAP(cl->cl_auth, xdrs,
  325. + xdr_results, results_ptr)) {
  326. if (ct->ct_error.re_status == RPC_SUCCESS)
  327. ct->ct_error.re_status = RPC_CANTDECODERES;
  328. }
  329. --
  330. 1.7.2.3
  333. From 82cc2e6129c872c8be09381055f2fb5641c5e6fe Mon Sep 17 00:00:00 2001
  334. From: Matthew N. Dodd <matthew.nygard.dodd@gmail.com>
  335. Date: Mon, 20 Jun 2011 13:34:56 -0400
  336. Subject: [PATCH 05/11] SVCAUTH_WRAP/SVCAUTH_UNWRAP
  338. Server code lacks support for authenticator wrapping/unwrapping, which
  339. is particularly useful when using GSS.
  341. Verified for both tcp & udp using a trivial RPC server against an MIT
  342. Krb5 client.
  344. Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
  345. Signed-off-by: Steve Dickson <steved@redhat.com>
  346. ---
  347. src/svc.c | 11 +++--------
  348. src/svc_auth_unix.c | 5 +++++
  349. src/svc_dg.c | 31 +++++++++++++++++++++++++++++--
  350. src/svc_vc.c | 37 ++++++++++++++++++++++++++++++++++---
  351. tirpc/rpc/svc_auth.h | 18 ++++++++++++------
  352. 5 files changed, 83 insertions(+), 19 deletions(-)
  354. diff --git libtirpc-0.2.2/src/svc.c libtirpc-0.2.3-rc2/src/svc.c
  355. index b4a63d0..08cd6c9 100644
  356. --- libtirpc-0.2.2/src/svc.c
  357. +++ libtirpc-0.2.3-rc2/src/svc.c
  358. @@ -77,9 +77,6 @@ static struct svc_callout
  360. extern rwlock_t svc_lock;
  361. extern rwlock_t svc_fd_lock;
  362. -#ifdef HAVE_LIBGSSAPI
  363. -extern struct svc_auth_ops svc_auth_gss_ops;
  364. -#endif
  366. static struct svc_callout *svc_find (rpcprog_t, rpcvers_t,
  367. struct svc_callout **, char *);
  368. @@ -717,11 +714,9 @@ svc_getreq_common (fd)
  369. SVC_DESTROY (xprt);
  370. break;
  371. }
  372. - else if ((xprt->xp_auth != NULL)
  373. -#ifdef HAVE_LIBGSSAPI
  374. - && (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)
  375. -#endif
  376. - ) {
  377. + else if ((xprt->xp_auth != NULL) &&
  378. + (xprt->xp_auth->svc_ah_private == NULL))
  379. + {
  380. xprt->xp_auth = NULL;
  381. }
  382. }
  383. diff --git libtirpc-0.2.2/src/svc_auth_unix.c libtirpc-0.2.3-rc2/src/svc_auth_unix.c
  384. index ce83859..9585069 100644
  385. --- libtirpc-0.2.2/src/svc_auth_unix.c
  386. +++ libtirpc-0.2.3-rc2/src/svc_auth_unix.c
  387. @@ -43,6 +43,8 @@
  389. #include <rpc/rpc.h>
  391. +extern SVCAUTH svc_auth_none;
  392. +
  393. /*
  394. * Unix longhand authenticator
  395. */
  396. @@ -67,6 +69,8 @@ _svcauth_unix(rqst, msg)
  397. assert(rqst != NULL);
  398. assert(msg != NULL);
  400. + rqst->rq_xprt->xp_auth = &svc_auth_none;
  401. +
  402. area = (struct area *) rqst->rq_clntcred;
  403. aup = &area->area_aup;
  404. aup->aup_machname = area->area_machname;
  405. @@ -142,5 +146,6 @@ _svcauth_short(rqst, msg)
  406. struct svc_req *rqst;
  407. struct rpc_msg *msg;
  408. {
  409. + rqst->rq_xprt->xp_auth = &svc_auth_none;
  410. return (AUTH_REJECTEDCRED);
  411. }
  412. diff --git libtirpc-0.2.2/src/svc_dg.c libtirpc-0.2.3-rc2/src/svc_dg.c
  413. index 66a56ee..5ef9df2 100644
  414. --- libtirpc-0.2.2/src/svc_dg.c
  415. +++ libtirpc-0.2.3-rc2/src/svc_dg.c
  416. @@ -134,6 +134,7 @@ svc_dg_create(fd, sendsize, recvsize)
  417. su->su_cache = NULL;
  418. xprt->xp_fd = fd;
  419. xprt->xp_p2 = su;
  420. + xprt->xp_auth = NULL;
  421. xprt->xp_verf.oa_base = su->su_verfbody;
  422. svc_dg_ops(xprt);
  423. xprt->xp_rtaddr.maxlen = sizeof (struct sockaddr_storage);
  424. @@ -234,10 +235,27 @@ svc_dg_reply(xprt, msg)
  425. bool_t stat = FALSE;
  426. size_t slen;
  428. + xdrproc_t xdr_results;
  429. + caddr_t xdr_location;
  430. + bool_t has_args;
  431. +
  432. + if (msg->rm_reply.rp_stat == MSG_ACCEPTED &&
  433. + msg->rm_reply.rp_acpt.ar_stat == SUCCESS) {
  434. + has_args = TRUE;
  435. + xdr_results = msg->acpted_rply.ar_results.proc;
  436. + xdr_location = msg->acpted_rply.ar_results.where;
  437. +
  438. + msg->acpted_rply.ar_results.proc = (xdrproc_t)xdr_void;
  439. + msg->acpted_rply.ar_results.where = NULL;
  440. + } else
  441. + has_args = FALSE;
  442. +
  443. xdrs->x_op = XDR_ENCODE;
  444. XDR_SETPOS(xdrs, 0);
  445. msg->rm_xid = su->su_xid;
  446. - if (xdr_replymsg(xdrs, msg)) {
  447. + if (xdr_replymsg(xdrs, msg) &&
  448. + (!has_args ||
  449. + (SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_results, xdr_location)))) {
  450. struct msghdr *msg = &su->su_msghdr;
  451. struct iovec iov;
  453. @@ -264,7 +282,12 @@ svc_dg_getargs(xprt, xdr_args, args_ptr)
  454. xdrproc_t xdr_args;
  455. void *args_ptr;
  456. {
  457. - return (*xdr_args)(&(su_data(xprt)->su_xdrs), args_ptr);
  458. + if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs),
  459. + xdr_args, args_ptr)) {
  460. + (void)svc_freeargs(xprt, xdr_args, args_ptr);
  461. + return FALSE;
  462. + }
  463. + return TRUE;
  464. }
  466. static bool_t
  467. @@ -288,6 +311,10 @@ svc_dg_destroy(xprt)
  468. xprt_unregister(xprt);
  469. if (xprt->xp_fd != -1)
  470. (void)close(xprt->xp_fd);
  471. + if (xprt->xp_auth != NULL) {
  472. + SVCAUTH_DESTROY(xprt->xp_auth);
  473. + xprt->xp_auth = NULL;
  474. + }
  475. XDR_DESTROY(&(su->su_xdrs));
  476. (void) mem_free(rpc_buffer(xprt), su->su_iosz);
  477. (void) mem_free(su, sizeof (*su));
  478. diff --git libtirpc-0.2.2/src/svc_vc.c libtirpc-0.2.3-rc2/src/svc_vc.c
  479. index 87406f1..74632e2 100644
  480. --- libtirpc-0.2.2/src/svc_vc.c
  481. +++ libtirpc-0.2.3-rc2/src/svc_vc.c
  482. @@ -172,6 +172,7 @@ svc_vc_create(fd, sendsize, recvsize)
  483. xprt->xp_p1 = r;
  484. xprt->xp_p2 = NULL;
  485. xprt->xp_p3 = NULL;
  486. + xprt->xp_auth = NULL;
  487. xprt->xp_verf = _null_auth;
  488. svc_vc_rendezvous_ops(xprt);
  489. xprt->xp_port = (u_short)-1; /* It is the rendezvouser */
  490. @@ -283,6 +284,7 @@ makefd_xprt(fd, sendsize, recvsize)
  491. xdrrec_create(&(cd->xdrs), sendsize, recvsize,
  492. xprt, read_vc, write_vc);
  493. xprt->xp_p1 = cd;
  494. + xprt->xp_auth = NULL;
  495. xprt->xp_verf.oa_base = cd->verf_body;
  496. svc_vc_ops(xprt); /* truely deals with calls */
  497. xprt->xp_port = 0; /* this is a connection, not a rendezvouser */
  498. @@ -412,6 +414,10 @@ __svc_vc_dodestroy(xprt)
  499. XDR_DESTROY(&(cd->xdrs));
  500. mem_free(cd, sizeof(struct cf_conn));
  501. }
  502. + if (xprt->xp_auth != NULL) {
  503. + SVCAUTH_DESTROY(xprt->xp_auth);
  504. + xprt->xp_auth = NULL;
  505. + }
  506. if (xprt->xp_rtaddr.buf)
  507. mem_free(xprt->xp_rtaddr.buf, xprt->xp_rtaddr.maxlen);
  508. if (xprt->xp_ltaddr.buf)
  509. @@ -632,8 +638,13 @@ svc_vc_getargs(xprt, xdr_args, args_ptr)
  511. assert(xprt != NULL);
  512. /* args_ptr may be NULL */
  513. - return ((*xdr_args)(&(((struct cf_conn *)(xprt->xp_p1))->xdrs),
  514. - args_ptr));
  515. +
  516. + if (! SVCAUTH_UNWRAP(xprt->xp_auth,
  517. + &(((struct cf_conn *)(xprt->xp_p1))->xdrs),
  518. + xdr_args, args_ptr)) {
  519. + return FALSE;
  520. + }
  521. + return TRUE;
  522. }
  524. static bool_t
  525. @@ -662,15 +673,35 @@ svc_vc_reply(xprt, msg)
  526. XDR *xdrs;
  527. bool_t rstat;
  529. + xdrproc_t xdr_results;
  530. + caddr_t xdr_location;
  531. + bool_t has_args;
  532. +
  533. assert(xprt != NULL);
  534. assert(msg != NULL);
  536. cd = (struct cf_conn *)(xprt->xp_p1);
  537. xdrs = &(cd->xdrs);
  539. + if (msg->rm_reply.rp_stat == MSG_ACCEPTED &&
  540. + msg->rm_reply.rp_acpt.ar_stat == SUCCESS) {
  541. + has_args = TRUE;
  542. + xdr_results = msg->acpted_rply.ar_results.proc;
  543. + xdr_location = msg->acpted_rply.ar_results.where;
  544. +
  545. + msg->acpted_rply.ar_results.proc = (xdrproc_t)xdr_void;
  546. + msg->acpted_rply.ar_results.where = NULL;
  547. + } else
  548. + has_args = FALSE;
  549. +
  550. xdrs->x_op = XDR_ENCODE;
  551. msg->rm_xid = cd->x_id;
  552. - rstat = xdr_replymsg(xdrs, msg);
  553. + rstat = FALSE;
  554. + if (xdr_replymsg(xdrs, msg) &&
  555. + (!has_args ||
  556. + (SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_results, xdr_location)))) {
  557. + rstat = TRUE;
  558. + }
  559. (void)xdrrec_endofrecord(xdrs, TRUE);
  560. return (rstat);
  561. }
  562. diff --git libtirpc-0.2.2/tirpc/rpc/svc_auth.h libtirpc-0.2.3-rc2/tirpc/rpc/svc_auth.h
  563. index 659e90c..14269d1 100644
  564. --- libtirpc-0.2.2/tirpc/rpc/svc_auth.h
  565. +++ libtirpc-0.2.3-rc2/tirpc/rpc/svc_auth.h
  566. @@ -44,17 +44,23 @@
  567. /*
  568. * Interface to server-side authentication flavors.
  569. */
  570. -typedef struct {
  571. +typedef struct SVCAUTH {
  572. struct svc_auth_ops {
  573. - int (*svc_ah_wrap)(void);
  574. - int (*svc_ah_unwrap)(void);
  575. - int (*svc_ah_destroy)(void);
  576. + int (*svc_ah_wrap)(struct SVCAUTH *, XDR *, xdrproc_t,
  577. + caddr_t);
  578. + int (*svc_ah_unwrap)(struct SVCAUTH *, XDR *, xdrproc_t,
  579. + caddr_t);
  580. + int (*svc_ah_destroy)(struct SVCAUTH *);
  581. } *svc_ah_ops;
  582. caddr_t svc_ah_private;
  583. } SVCAUTH;
  585. -#define SVCAUTH_DESTROY(cred) ((*(cred)->svc_ah_ops->svc_ah_destroy)())
  586. -#define svcauth_destroy(cred) ((*(cred)->svc_ah_ops->svc_ah_destroy)())
  587. +#define SVCAUTH_WRAP(auth, xdrs, xfunc, xwhere) \
  588. + ((*((auth)->svc_ah_ops->svc_ah_wrap))(auth, xdrs, xfunc, xwhere))
  589. +#define SVCAUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \
  590. + ((*((auth)->svc_ah_ops->svc_ah_unwrap))(auth, xdrs, xfunc, xwhere))
  591. +#define SVCAUTH_DESTROY(auth) \
  592. + ((*((auth)->svc_ah_ops->svc_ah_destroy))(auth))
  594. /*
  595. * Server side authenticator
  596. --
  597. 1.7.2.3
  600. From 6c43043ececc2e9f613dc86086c7ac4970aeb690 Mon Sep 17 00:00:00 2001
  601. From: Matthew N. Dodd <matthew.nygard.dodd@gmail.com>
  602. Date: Mon, 20 Jun 2011 13:35:54 -0400
  603. Subject: [PATCH 06/11] auth_null used when auth_none is appropriate
  605. svc_auth.c uses a fake entry function for AUTH_NULL (AUTH_NONE) when the
  606. use of the svc_auth_none is appropriate.
  608. With the previous patches to make use of WRAP/UNWRAP svc_auth_none is
  609. required.
  611. Signed-off-by: Steve Dickson <steved@redhat.com>
  612. ---
  613. src/svc_auth.c | 13 ++-----------
  614. tirpc/rpc/auth.h | 2 +-
  615. 2 files changed, 3 insertions(+), 12 deletions(-)
  617. diff --git libtirpc-0.2.2/src/svc_auth.c libtirpc-0.2.3-rc2/src/svc_auth.c
  618. index c6b3a0b..e80d5f9 100644
  619. --- libtirpc-0.2.2/src/svc_auth.c
  620. +++ libtirpc-0.2.3-rc2/src/svc_auth.c
  621. @@ -98,8 +98,8 @@ _authenticate(rqst, msg)
  622. rqst->rq_xprt->xp_verf.oa_length = 0;
  623. cred_flavor = rqst->rq_cred.oa_flavor;
  624. switch (cred_flavor) {
  625. - case AUTH_NULL:
  626. - dummy = _svcauth_null(rqst, msg);
  627. + case AUTH_NONE:
  628. + dummy = _svcauth_none(rqst, msg);
  629. return (dummy);
  630. case AUTH_SYS:
  631. dummy = _svcauth_unix(rqst, msg);
  632. @@ -132,15 +132,6 @@ _authenticate(rqst, msg)
  633. return (AUTH_REJECTEDCRED);
  634. }
  636. -/*ARGSUSED*/
  637. -enum auth_stat
  638. -_svcauth_null(rqst, msg)
  639. - struct svc_req *rqst;
  640. - struct rpc_msg *msg;
  641. -{
  642. - return (AUTH_OK);
  643. -}
  644. -
  645. /*
  646. * Allow the rpc service to register new authentication types that it is
  647. * prepared to handle. When an authentication flavor is registered,
  648. diff --git libtirpc-0.2.2/tirpc/rpc/auth.h libtirpc-0.2.3-rc2/tirpc/rpc/auth.h
  649. index 734e6b9..f669ae4 100644
  650. --- libtirpc-0.2.2/tirpc/rpc/auth.h
  651. +++ libtirpc-0.2.3-rc2/tirpc/rpc/auth.h
  652. @@ -373,7 +373,7 @@ __END_DECLS
  653. __BEGIN_DECLS
  654. struct svc_req;
  655. struct rpc_msg;
  656. -enum auth_stat _svcauth_null (struct svc_req *, struct rpc_msg *);
  657. +enum auth_stat _svcauth_none (struct svc_req *, struct rpc_msg *);
  658. enum auth_stat _svcauth_short (struct svc_req *, struct rpc_msg *);
  659. enum auth_stat _svcauth_unix (struct svc_req *, struct rpc_msg *);
  660. __END_DECLS
  661. --
  662. 1.7.2.3
  665. From 8271dfe7ec97a993fe3e369c9e02165f54f32322 Mon Sep 17 00:00:00 2001
  666. From: Matthew N. Dodd <matthew.nygard.dodd@gmail.com>
  667. Date: Mon, 20 Jun 2011 13:42:18 -0400
  668. Subject: [PATCH 07/11] Reference count AUTHs
  670. RPCSEC GSSv3 has the concept of a parent and a compound credential. As
  671. the normal course of operation involves using multiple AUTHs per client
  672. connection, and providing parent and compounds AUTHs when creating a
  673. GSSv3 AUTH, we need a way of reference counting them so that
  674. AUTH_DESTROY does not free them out from under a GSSv3 AUTH that is
  675. using them.
  677. Signed-off-by: Steve Dickson <steved@redhat.com>
  678. ---
  679. src/auth_des.c | 1 +
  680. src/auth_gss.c | 2 ++
  681. src/auth_unix.c | 1 +
  682. tirpc/rpc/auth.h | 35 +++++++++++++++++++++++++++++++----
  683. 4 files changed, 35 insertions(+), 4 deletions(-)
  685. diff --git libtirpc-0.2.2/src/auth_des.c libtirpc-0.2.3-rc2/src/auth_des.c
  686. index 829c817..f0c8b8c 100644
  687. --- libtirpc-0.2.2/src/auth_des.c
  688. +++ libtirpc-0.2.3-rc2/src/auth_des.c
  689. @@ -223,6 +223,7 @@ authdes_pk_seccreate(const char *servername, netobj *pkey, u_int window,
  690. goto failed;
  691. }
  692. ad->ad_nis_srvr = NULL; /* not needed any longer */
  693. + auth_get(auth); /* Reference for caller */
  694. return (auth);
  696. failed:
  697. diff --git libtirpc-0.2.2/src/auth_gss.c libtirpc-0.2.3-rc2/src/auth_gss.c
  698. index df3017a..98f0341 100644
  699. --- libtirpc-0.2.2/src/auth_gss.c
  700. +++ libtirpc-0.2.3-rc2/src/auth_gss.c
  701. @@ -200,6 +200,8 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
  703. if (!authgss_refresh(auth))
  704. auth = NULL;
  705. + else
  706. + auth_get(auth); /* Reference for caller */
  708. clnt->cl_auth = save_auth;
  710. diff --git libtirpc-0.2.2/src/auth_unix.c libtirpc-0.2.3-rc2/src/auth_unix.c
  711. index 5b8990f..4b9b13f 100644
  712. --- libtirpc-0.2.2/src/auth_unix.c
  713. +++ libtirpc-0.2.3-rc2/src/auth_unix.c
  714. @@ -162,6 +162,7 @@ authunix_create(machname, uid, gid, len, aup_gids)
  715. */
  716. auth->ah_cred = au->au_origcred;
  717. marshal_new_auth(auth);
  718. + auth_get(auth); /* Reference for caller */
  719. return (auth);
  720. #ifndef _KERNEL
  721. cleanup_authunix_create:
  722. diff --git libtirpc-0.2.2/tirpc/rpc/auth.h libtirpc-0.2.3-rc2/tirpc/rpc/auth.h
  723. index f669ae4..5f66e67 100644
  724. --- libtirpc-0.2.2/tirpc/rpc/auth.h
  725. +++ libtirpc-0.2.3-rc2/tirpc/rpc/auth.h
  726. @@ -203,8 +203,22 @@ typedef struct __auth {
  728. } *ah_ops;
  729. void *ah_private;
  730. + int ah_refcnt;
  731. } AUTH;
  733. +static __inline int
  734. +auth_get(AUTH *auth)
  735. +{
  736. + return __sync_add_and_fetch(&auth->ah_refcnt, 1);
  737. +}
  738. +
  739. +static __inline int
  740. +auth_put(AUTH *auth)
  741. +{
  742. + return __sync_sub_and_fetch(&auth->ah_refcnt, 1);
  743. +}
  744. +
  745. +
  747. /*
  748. * Authentication ops.
  749. @@ -234,10 +248,23 @@ typedef struct __auth {
  750. #define auth_refresh(auth, msg) \
  751. ((*((auth)->ah_ops->ah_refresh))(auth, msg))
  753. -#define AUTH_DESTROY(auth) \
  754. - ((*((auth)->ah_ops->ah_destroy))(auth))
  755. -#define auth_destroy(auth) \
  756. - ((*((auth)->ah_ops->ah_destroy))(auth))
  757. +#define AUTH_DESTROY(auth) \
  758. + do { \
  759. + int refs; \
  760. + if ((refs = auth_put((auth))) == 0) \
  761. + ((*((auth)->ah_ops->ah_destroy))(auth));\
  762. + log_debug("%s: auth_put(), refs %d\n", \
  763. + __func__, refs); \
  764. + } while (0)
  765. +
  766. +#define auth_destroy(auth) \
  767. + do { \
  768. + int refs; \
  769. + if ((refs = auth_put((auth))) == 0) \
  770. + ((*((auth)->ah_ops->ah_destroy))(auth));\
  771. + log_debug("%s: auth_put(), refs %d\n", \
  772. + __func__, refs); \
  773. + } while (0)
  775. #define AUTH_WRAP(auth, xdrs, xfunc, xwhere) \
  776. ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
  777. --
  778. 1.7.2.3
  781. From e1cd6dc047c2f4d08f66776bc0206eeb5092f1f8 Mon Sep 17 00:00:00 2001
  782. From: Matthew N. Dodd <matthew.nygard.dodd@gmail.com>
  783. Date: Mon, 20 Jun 2011 13:45:11 -0400
  784. Subject: [PATCH 08/11] Use correct AUTH when calling RPCSEC_GSS_DESTROY.
  786. When using multiple AUTHs per client connection, calling
  787. AUTH_DESTROY(auth) may result in 'cl_auth' being set to something other
  788. than 'auth'.
  790. Avoid this by saving and restoring 'cl_auth' across the
  791. RPCSEC_GSS_DESTROY clnt_call().
  793. Signed-off-by: Steve Dickson <steved@redhat.com>
  794. ---
  795. src/auth_gss.c | 11 +++++++++++
  796. 1 files changed, 11 insertions(+), 0 deletions(-)
  798. diff --git libtirpc-0.2.2/src/auth_gss.c libtirpc-0.2.3-rc2/src/auth_gss.c
  799. index 98f0341..a992049 100644
  800. --- libtirpc-0.2.2/src/auth_gss.c
  801. +++ libtirpc-0.2.3-rc2/src/auth_gss.c
  802. @@ -557,9 +557,20 @@ authgss_destroy_context(AUTH *auth)
  804. if (gd->gc.gc_ctx.length != 0) {
  805. if (gd->established) {
  806. + AUTH *save_auth = NULL;
  807. +
  808. + /* Make sure we use the right auth_ops */
  809. + if (gd->clnt->cl_auth != auth) {
  810. + save_auth = gd->clnt->cl_auth;
  811. + gd->clnt->cl_auth = auth;
  812. + }
  813. +
  814. gd->gc.gc_proc = RPCSEC_GSS_DESTROY;
  815. clnt_call(gd->clnt, NULLPROC, (xdrproc_t)xdr_void, NULL,
  816. (xdrproc_t)xdr_void, NULL, AUTH_TIMEOUT);
  817. +
  818. + if (save_auth != NULL)
  819. + gd->clnt->cl_auth = save_auth;
  820. }
  821. gss_release_buffer(&min_stat, &gd->gc.gc_ctx);
  822. /* XXX ANDROS check size of context - should be 8 */
  823. --
  824. 1.7.2.3
  827. From 5f9d6c0f7fc2dd1db56ec8bfad3661306fde3b5c Mon Sep 17 00:00:00 2001
  828. From: Mike Frysinger <vapier@gentoo.org>
  829. Date: Mon, 20 Jun 2011 13:48:56 -0400
  830. Subject: [PATCH 09/11] Add multiple inclusion protection to rpc/des.h
  832. If you try to include this file multiple times, you get a build failure
  833. due to redefinitions of enums and such.
  835. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
  836. Signed-off-by: Steve Dickson <steved@redhat.com>
  837. ---
  838. tirpc/rpc/des.h | 5 +++++
  839. 1 files changed, 5 insertions(+), 0 deletions(-)
  841. diff --git libtirpc-0.2.2/tirpc/rpc/des.h libtirpc-0.2.3-rc2/tirpc/rpc/des.h
  842. index e3d6897..d2881ad 100644
  843. --- libtirpc-0.2.2/tirpc/rpc/des.h
  844. +++ libtirpc-0.2.3-rc2/tirpc/rpc/des.h
  845. @@ -33,6 +33,9 @@
  846. * Copyright (c) 1986 by Sun Microsystems, Inc.
  847. */
  849. +#ifndef _RPC_DES_H_
  850. +#define _RPC_DES_H_
  851. +
  852. #define DES_MAXLEN 65536 /* maximum # of bytes to encrypt */
  853. #define DES_QUICKLEN 16 /* maximum # of bytes to encrypt quickly */
  855. @@ -80,3 +83,5 @@ struct desparams {
  856. * Software DES.
  857. */
  858. extern int _des_crypt( char *, int, struct desparams * );
  859. +
  860. +#endif
  861. --
  862. 1.7.2.3
  865. From ebd3e644a79fa92b3b780d87d8028fcf64364abd Mon Sep 17 00:00:00 2001
  866. From: Mike Frysinger <vapier@gentoo.org>
  867. Date: Mon, 20 Jun 2011 13:52:14 -0400
  868. Subject: [PATCH 10/11] Revert "Include des_crypt in build"
  870. The des_crypt code requires the crypt_client code (which wasn't
  871. added), and that code requires a currently undefined function
  872. (namely xdr_desresp). Since I have no idea what that's about,
  873. and this change ends up breaking some systems, just revert it.
  875. Once we have a patch that improves portability without breaking
  876. existing systems, we can revisit this.
  878. This reverts commit 9bdcba10aa67ce3f67810c7aaac944a00dcfcee5.
  880. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
  881. Signed-off-by: Steve Dickson <steved@redhat.com>
  882. ---
  883. src/Makefile.am | 2 +-
  884. 1 files changed, 1 insertions(+), 1 deletions(-)
  886. diff --git libtirpc-0.2.2/src/Makefile.am libtirpc-0.2.3-rc2/src/Makefile.am
  887. index 7ee8cbc..6731ff9 100644
  888. --- libtirpc-0.2.2/src/Makefile.am
  889. +++ libtirpc-0.2.3-rc2/src/Makefile.am
  890. @@ -50,7 +50,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
  891. rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
  892. rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_generic.c \
  893. svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
  894. - auth_time.c auth_des.c authdes_prot.c des_crypt.c
  895. + auth_time.c auth_des.c authdes_prot.c
  897. ## XDR
  898. libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c
  899. --
  900. 1.7.2.3
  903. From e6bdc5761e5340b0df03c2b5c344b04feabaad9e Mon Sep 17 00:00:00 2001
  904. From: Steve Dickson <steved@redhat.com>
  905. Date: Wed, 20 Jul 2011 09:47:49 -0400
  906. Subject: [PATCH 11/11] Segfault in SVCAUTH_WRAP call
  908. The xprt->xp_auth pointer need to be checked before
  909. used in the SVCAUTH_WRAP call since it can be NULL
  910. during error conditions.
  912. Signed-off-by: Steve Dickson <steved@redhat.com>
  913. ---
  914. src/svc_dg.c | 4 ++--
  915. src/svc_vc.c | 4 ++--
  916. 2 files changed, 4 insertions(+), 4 deletions(-)
  918. diff --git libtirpc-0.2.2/src/svc_dg.c libtirpc-0.2.3-rc2/src/svc_dg.c
  919. index 5ef9df2..081db61 100644
  920. --- libtirpc-0.2.2/src/svc_dg.c
  921. +++ libtirpc-0.2.3-rc2/src/svc_dg.c
  922. @@ -254,8 +254,8 @@ svc_dg_reply(xprt, msg)
  923. XDR_SETPOS(xdrs, 0);
  924. msg->rm_xid = su->su_xid;
  925. if (xdr_replymsg(xdrs, msg) &&
  926. - (!has_args ||
  927. - (SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_results, xdr_location)))) {
  928. + (!has_args || (xprt->xp_auth &&
  929. + SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_results, xdr_location)))) {
  930. struct msghdr *msg = &su->su_msghdr;
  931. struct iovec iov;
  933. diff --git libtirpc-0.2.2/src/svc_vc.c libtirpc-0.2.3-rc2/src/svc_vc.c
  934. index 74632e2..4c70de8 100644
  935. --- libtirpc-0.2.2/src/svc_vc.c
  936. +++ libtirpc-0.2.3-rc2/src/svc_vc.c
  937. @@ -698,8 +698,8 @@ svc_vc_reply(xprt, msg)
  938. msg->rm_xid = cd->x_id;
  939. rstat = FALSE;
  940. if (xdr_replymsg(xdrs, msg) &&
  941. - (!has_args ||
  942. - (SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_results, xdr_location)))) {
  943. + (!has_args || (xprt->xp_auth &&
  944. + SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_results, xdr_location)))) {
  945. rstat = TRUE;
  946. }
  947. (void)xdrrec_endofrecord(xdrs, TRUE);
  948. --
  949. 1.7.2.3