diff --git a/.gitignore b/.gitignore index b7814a3..ef97e01 100644 --- a/.gitignore +++ b/.gitignore @@ -34,6 +34,9 @@ libtirpc.pc lib*.a src/libtirpc.la src/libtirpc_la-*.lo +tirpc/stamp-h2 +tirpc/tirpc-features.h + # generic editor backup et al *~ .stgitmail.txt diff --git a/src/Makefile.am b/src/Makefile.am index e4ed8aa..fba2aa4 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,7 +24,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \ svc_auth_des.c \ svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \ - auth_time.c auth_des.c authdes_prot.c debug.c + auth_time.c auth_des.c authdes_prot.c debug.c des_crypt.c des_impl.c ## XDR libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c xdr_sizeof.c diff --git a/src/auth_des.c b/src/auth_des.c index 4d3639e..af2f61f 100644 --- a/src/auth_des.c +++ b/src/auth_des.c @@ -46,8 +46,8 @@ #include #include #include -#undef NIS -#include + +#include "nis.h" #if defined(LIBC_SCCS) && !defined(lint) #endif diff --git a/src/auth_gss.c b/src/auth_gss.c index 9b88c38..5959893 100644 --- a/src/auth_gss.c +++ b/src/auth_gss.c @@ -526,6 +526,14 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret) gr.gr_major != GSS_S_CONTINUE_NEEDED)) { options_ret->major_status = gr.gr_major; options_ret->minor_status = gr.gr_minor; + if (call_stat != RPC_SUCCESS) { + struct rpc_err err; + clnt_geterr(gd->clnt, &err); + LIBTIRPC_DEBUG(1, ("authgss_refresh: %s errno: %s", + clnt_sperrno(call_stat), strerror(err.re_errno))); + } else + gss_log_status("authgss_refresh:", + gr.gr_major, gr.gr_minor); return FALSE; } diff --git a/src/auth_time.c b/src/auth_time.c index 10e58eb..7f83ab4 100644 --- a/src/auth_time.c +++ b/src/auth_time.c @@ -44,8 +44,8 @@ #include //#include #include -#undef NIS -#include + +#include "nis.h" #ifdef TESTING diff --git a/src/clnt_vc.c b/src/clnt_vc.c index a72f9f7..a5fbe2f 100644 --- a/src/clnt_vc.c +++ b/src/clnt_vc.c @@ -72,6 +72,8 @@ #define CMGROUP_MAX 16 #define SCM_CREDS 0x03 /* process creds (struct cmsgcred) */ +#undef rpc_createerr /* make it clear it is a thread safe variable */ + /* * Credentials structure, used to verify the identity of a peer * process that has sent us a message. This is allocated by the @@ -188,10 +190,11 @@ clnt_vc_create(fd, raddr, prog, vers, sendsz, recvsz) cl = (CLIENT *)mem_alloc(sizeof (*cl)); ct = (struct ct_data *)mem_alloc(sizeof (*ct)); if ((cl == (CLIENT *)NULL) || (ct == (struct ct_data *)NULL)) { + struct rpc_createerr *ce = &get_rpc_createerr(); + ce->cf_stat = RPC_SYSTEMERROR; + ce->cf_error.re_errno = errno; (void) syslog(LOG_ERR, clnt_vc_errstr, clnt_vc_str, __no_mem_str); - rpc_createerr.cf_stat = RPC_SYSTEMERROR; - rpc_createerr.cf_error.re_errno = errno; goto err; } ct->ct_addr.buf = NULL; @@ -230,26 +233,29 @@ clnt_vc_create(fd, raddr, prog, vers, sendsz, recvsz) assert(vc_cv != (cond_t *) NULL); /* - * XXX - fvdl connecting while holding a mutex? + * Do not hold mutex during connect */ + mutex_unlock(&clnt_fd_lock); + slen = sizeof ss; if (getpeername(fd, (struct sockaddr *)&ss, &slen) < 0) { if (errno != ENOTCONN) { - rpc_createerr.cf_stat = RPC_SYSTEMERROR; - rpc_createerr.cf_error.re_errno = errno; - mutex_unlock(&clnt_fd_lock); + struct rpc_createerr *ce = &get_rpc_createerr(); + ce->cf_stat = RPC_SYSTEMERROR; + ce->cf_error.re_errno = errno; thr_sigsetmask(SIG_SETMASK, &(mask), NULL); goto err; } if (connect(fd, (struct sockaddr *)raddr->buf, raddr->len) < 0){ - rpc_createerr.cf_stat = RPC_SYSTEMERROR; - rpc_createerr.cf_error.re_errno = errno; - mutex_unlock(&clnt_fd_lock); - thr_sigsetmask(SIG_SETMASK, &(mask), NULL); - goto err; + if (errno != EISCONN) { + struct rpc_createerr *ce = &get_rpc_createerr(); + ce->cf_stat = RPC_SYSTEMERROR; + ce->cf_error.re_errno = errno; + thr_sigsetmask(SIG_SETMASK, &(mask), NULL); + goto err; + } } } - mutex_unlock(&clnt_fd_lock); if (!__rpc_fd2sockinfo(fd, &si)) goto err; thr_sigsetmask(SIG_SETMASK, &(mask), NULL); diff --git a/src/des_impl.c b/src/des_impl.c index c5b7ed6..15bec2a 100644 --- a/src/des_impl.c +++ b/src/des_impl.c @@ -6,7 +6,8 @@ /* see to obtain a copy. */ #include #include -#include +#include +#include static const uint32_t des_SPtrans[8][64] = @@ -587,7 +588,7 @@ _des_crypt (char *buf, unsigned len, struct desparams *desp) } tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; tbuf[0] = tbuf[1] = 0; - __bzero (schedule, sizeof (schedule)); + memset (schedule, 0, sizeof (schedule)); return (1); } diff --git a/src/getpublickey.c b/src/getpublickey.c index 764a5f9..8cf4dc2 100644 --- a/src/getpublickey.c +++ b/src/getpublickey.c @@ -38,8 +38,10 @@ #include #include #include +#ifdef YP #include #include +#endif #include #include diff --git a/src/getrpcport.c b/src/getrpcport.c index b452c99..c28cd61 100644 --- a/src/getrpcport.c +++ b/src/getrpcport.c @@ -57,8 +57,8 @@ getrpcport(host, prognum, versnum, proto) memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; addr.sin_port = 0; - if (hp->h_length > sizeof(addr)) - hp->h_length = sizeof(addr); + if (hp->h_length > sizeof(addr.sin_addr.s_addr)) + hp->h_length = sizeof(addr.sin_addr.s_addr); memcpy(&addr.sin_addr.s_addr, hp->h_addr, (size_t)hp->h_length); /* Inconsistent interfaces need casts! :-( */ return (pmap_getport(&addr, (u_long)prognum, (u_long)versnum, diff --git a/src/nis.h b/src/nis.h new file mode 100644 index 0000000..588c041 --- /dev/null +++ b/src/nis.h @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2010, Oracle America, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * * Neither the name of the "Oracle America, Inc." nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _INTERNAL_NIS_H +#define _INTERNAL_NIS_H 1 + +/* This file only contains the definition of nis_server, to be + able to compile libtirpc without the need to have a glibc + with sunrpc or a libnsl already installed. */ + +#define NIS_PK_NONE 0 + +struct nis_attr { + char *zattr_ndx; + struct { + u_int zattr_val_len; + char *zattr_val_val; + } zattr_val; +}; +typedef struct nis_attr nis_attr; + +typedef char *nis_name; + +struct endpoint { + char *uaddr; + char *family; + char *proto; +}; +typedef struct endpoint endpoint; + +struct nis_server { + nis_name name; + struct { + u_int ep_len; + endpoint *ep_val; + } ep; + uint32_t key_type; + netobj pkey; +}; +typedef struct nis_server nis_server; + +#endif /* ! _INTERNAL_NIS_H */ diff --git a/src/rpc_dtablesize.c b/src/rpc_dtablesize.c index 13d320c..3fe503a 100644 --- a/src/rpc_dtablesize.c +++ b/src/rpc_dtablesize.c @@ -27,22 +27,14 @@ */ #include - #include - -int _rpc_dtablesize(void); /* XXX */ +#include +#include /* * Cache the result of getdtablesize(), so we don't have to do an * expensive system call every time. */ -/* - * XXX In FreeBSD 2.x, you can have the maximum number of open file - * descriptors be greater than FD_SETSIZE (which us 256 by default). - * - * Since old programs tend to use this call to determine the first arg - * for _select(), having this return > FD_SETSIZE is a Bad Idea(TM)! - */ int _rpc_dtablesize(void) { diff --git a/src/rpc_soc.c b/src/rpc_soc.c index 1ec7b3f..ed0892a 100644 --- a/src/rpc_soc.c +++ b/src/rpc_soc.c @@ -61,8 +61,8 @@ #include #include #include -#include +#include "nis.h" #include "rpc_com.h" extern mutex_t rpcsoc_lock; diff --git a/src/rtime.c b/src/rtime.c index c34e0af..b642840 100644 --- a/src/rtime.c +++ b/src/rtime.c @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #include @@ -67,7 +68,8 @@ rtime(addrp, timep, timeout) struct timeval *timeout; { int s; - fd_set readfds; + struct pollfd fd; + int milliseconds; int res; unsigned long thetime; struct sockaddr_in from; @@ -94,31 +96,32 @@ rtime(addrp, timep, timeout) addrp->sin_port = serv->s_port; if (type == SOCK_DGRAM) { - res = sendto(s, (char *)&thetime, sizeof(thetime), 0, + res = sendto(s, (char *)&thetime, sizeof(thetime), 0, (struct sockaddr *)addrp, sizeof(*addrp)); if (res < 0) { do_close(s); - return(-1); + return(-1); } - do { - FD_ZERO(&readfds); - FD_SET(s, &readfds); - res = select(_rpc_dtablesize(), &readfds, - (fd_set *)NULL, (fd_set *)NULL, timeout); - } while (res < 0 && errno == EINTR); + + milliseconds = (timeout->tv_sec * 1000) + (timeout->tv_usec / 1000); + fd.fd = s; + fd.events = POLLIN; + do + res = poll (&fd, 1, milliseconds); + while (res < 0 && errno == EINTR); if (res <= 0) { if (res == 0) { errno = ETIMEDOUT; } do_close(s); - return(-1); + return(-1); } fromlen = sizeof(from); - res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0, + res = recvfrom(s, (char *)&thetime, sizeof(thetime), 0, (struct sockaddr *)&from, &fromlen); do_close(s); if (res < 0) { - return(-1); + return(-1); } } else { if (connect(s, (struct sockaddr *)addrp, sizeof(*addrp)) < 0) { diff --git a/src/svc.c b/src/svc.c index 9c41445..b59467b 100644 --- a/src/svc.c +++ b/src/svc.c @@ -99,7 +99,7 @@ xprt_register (xprt) { __svc_xports = (SVCXPRT **) calloc (_rpc_dtablesize(), sizeof (SVCXPRT *)); if (__svc_xports == NULL) - return; + goto unlock; } if (sock < _rpc_dtablesize()) { @@ -120,14 +120,14 @@ xprt_register (xprt) svc_pollfd[i].fd = sock; svc_pollfd[i].events = (POLLIN | POLLPRI | POLLRDNORM | POLLRDBAND); - return; + goto unlock; } new_svc_pollfd = (struct pollfd *) realloc (svc_pollfd, sizeof (struct pollfd) * (svc_max_pollfd + 1)); if (new_svc_pollfd == NULL) /* Out of memory */ - return; + goto unlock; svc_pollfd = new_svc_pollfd; ++svc_max_pollfd; @@ -135,6 +135,7 @@ xprt_register (xprt) svc_pollfd[svc_max_pollfd - 1].events = (POLLIN | POLLPRI | POLLRDNORM | POLLRDBAND); } +unlock: rwlock_unlock (&svc_fd_lock); } diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c index 5bc264c..2e90146 100644 --- a/src/svc_auth_des.c +++ b/src/svc_auth_des.c @@ -86,13 +86,13 @@ static struct cache_entry *authdes_cache/* [AUTHDES_CACHESZ] */; static short *authdes_lru/* [AUTHDES_CACHESZ] */; static void cache_init(); /* initialize the cache */ -static short cache_spot(); /* find an entry in the cache */ -static void cache_ref(/*short sid*/); /* note that sid was ref'd */ +static short cache_spot(des_block *key, char *name, struct timeval *timestamp); /* find an entry in the cache */ +static void cache_ref(short sid); /* note that sid was ref'd */ -static void invalidate(); /* invalidate entry in cache */ +static void invalidate(char *cred); /* invalidate entry in cache */ /* - * cache statistics + * cache statistics */ static struct { u_long ncachehits; /* times cache hit, and is not replay */ diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c index b6aa407..bece46a 100644 --- a/src/svc_auth_gss.c +++ b/src/svc_auth_gss.c @@ -129,6 +129,8 @@ struct svc_rpc_gss_data { ((struct svc_rpc_gss_data *)(auth)->svc_ah_private) /* Global server credentials. */ +static u_int _svcauth_req_time = 0; +static gss_OID_set_desc _svcauth_oid_set = {1, GSS_C_NULL_OID }; static gss_cred_id_t _svcauth_gss_creds; static gss_name_t _svcauth_gss_name = GSS_C_NO_NAME; static char * _svcauth_svc_name = NULL; @@ -167,6 +169,7 @@ svcauth_gss_import_name(char *service) gss_name_t name; gss_buffer_desc namebuf; OM_uint32 maj_stat, min_stat; + bool_t result; gss_log_debug("in svcauth_gss_import_name()"); @@ -181,22 +184,21 @@ svcauth_gss_import_name(char *service) maj_stat, min_stat); return (FALSE); } - if (svcauth_gss_set_svc_name(name) != TRUE) { - gss_release_name(&min_stat, &name); - return (FALSE); - } - return (TRUE); + result = svcauth_gss_set_svc_name(name); + gss_release_name(&min_stat, &name); + return result; } static bool_t -svcauth_gss_acquire_cred(u_int req_time, gss_OID_set_desc *oid_set) +svcauth_gss_acquire_cred(void) { OM_uint32 maj_stat, min_stat; gss_log_debug("in svcauth_gss_acquire_cred()"); - maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, req_time, - oid_set, GSS_C_ACCEPT, + maj_stat = gss_acquire_cred(&min_stat, _svcauth_gss_name, + _svcauth_req_time, &_svcauth_oid_set, + GSS_C_ACCEPT, &_svcauth_gss_creds, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) { @@ -300,6 +302,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, NULL, &gd->deleg); + xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok); + if (gr->gr_major != GSS_S_COMPLETE && gr->gr_major != GSS_S_CONTINUE_NEEDED) { gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context", @@ -352,8 +356,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, return (FALSE); rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; - rqst->rq_xprt->xp_verf.oa_base = checksum.value; + memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, + checksum.length); rqst->rq_xprt->xp_verf.oa_length = checksum.length; + + gss_release_buffer(&min_stat, &checksum); } return (TRUE); } @@ -435,10 +442,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num) maj_stat, min_stat); return (FALSE); } + rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; - rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value; + memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length); rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length; + gss_release_buffer(&min_stat, &checksum); + return (TRUE); } @@ -568,6 +578,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) gss_qop_t qop; struct svcauth_gss_cache_entry **ce; time_t now; + enum auth_stat result = AUTH_OK; + OM_uint32 min_stat; gss_log_debug("in svcauth_gss()"); @@ -621,19 +633,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) XDR_DESTROY(&xdrs); /* Check version. */ - if (gc->gc_v != RPCSEC_GSS_VERSION) - return (AUTH_BADCRED); + if (gc->gc_v != RPCSEC_GSS_VERSION) { + result = AUTH_BADCRED; + goto out; + } /* Check RPCSEC_GSS service. */ if (gc->gc_svc != RPCSEC_GSS_SVC_NONE && gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && - gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) - return (AUTH_BADCRED); + gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) { + result = AUTH_BADCRED; + goto out; + } /* Check sequence number. */ if (gd->established) { - if (gc->gc_seq > MAXSEQ) - return (RPCSEC_GSS_CTXPROBLEM); + if (gc->gc_seq > MAXSEQ) { + result = RPCSEC_GSS_CTXPROBLEM; + goto out; + } if ((offset = gd->seqlast - gc->gc_seq) < 0) { gd->seqlast = gc->gc_seq; @@ -643,7 +661,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) } else if (offset >= gd->win || (gd->seqmask & (1 << offset))) { *no_dispatch = 1; - return (RPCSEC_GSS_CTXPROBLEM); + result = RPCSEC_GSS_CTXPROBLEM; + goto out; } gd->seq = gc->gc_seq; gd->seqmask |= (1 << offset); @@ -654,35 +673,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) rqst->rq_svcname = (char *)gd->ctx; } + rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base; + /* Handle RPCSEC_GSS control procedure. */ switch (gc->gc_proc) { case RPCSEC_GSS_INIT: case RPCSEC_GSS_CONTINUE_INIT: - if (rqst->rq_proc != NULLPROC) - return (AUTH_FAILED); /* XXX ? */ + if (rqst->rq_proc != NULLPROC) { + result = AUTH_FAILED; /* XXX ? */ + break; + } if (_svcauth_gss_name == GSS_C_NO_NAME) { - if (!svcauth_gss_import_name("nfs")) - return (AUTH_FAILED); + if (!svcauth_gss_import_name("nfs")) { + result = AUTH_FAILED; + break; + } } - if (!svcauth_gss_acquire_cred(0, GSS_C_NULL_OID_SET)) - return (AUTH_FAILED); + if (!svcauth_gss_acquire_cred()) { + result = AUTH_FAILED; + break; + } - if (!svcauth_gss_accept_sec_context(rqst, &gr)) - return (AUTH_REJECTEDCRED); + if (!svcauth_gss_accept_sec_context(rqst, &gr)) { + result = AUTH_REJECTEDCRED; + break; + } - if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) - return (AUTH_FAILED); + if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) { + result = AUTH_FAILED; + break; + } *no_dispatch = TRUE; call_stat = svc_sendreply(rqst->rq_xprt, (xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr); - if (!call_stat) - return (AUTH_FAILED); + gss_release_buffer(&min_stat, &gr.gr_token); + free(gr.gr_ctx.value); + + if (!call_stat) { + result = AUTH_FAILED; + break; + } if (gr.gr_major == GSS_S_COMPLETE) gd->established = TRUE; @@ -690,27 +726,37 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) break; case RPCSEC_GSS_DATA: - if (!svcauth_gss_validate(gd, msg, &qop)) - return (RPCSEC_GSS_CREDPROBLEM); + if (!svcauth_gss_validate(gd, msg, &qop)) { + result = RPCSEC_GSS_CREDPROBLEM; + break; + } - if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) - return (AUTH_FAILED); + if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) { + result = AUTH_FAILED; + break; + } if (!gd->callback_done) { gd->callback_done = TRUE; gd->sec.qop = qop; (void)rpc_gss_num_to_qop(gd->rcred.mechanism, gd->sec.qop, &gd->rcred.qop); - if (!svcauth_gss_callback(rqst, gd)) - return (AUTH_REJECTEDCRED); + if (!svcauth_gss_callback(rqst, gd)) { + result = AUTH_REJECTEDCRED; + break; + } } if (gd->locked) { if (gd->rcred.service != - _rpc_gss_svc_to_service(gc->gc_svc)) - return (AUTH_FAILED); - if (gd->sec.qop != qop) - return (AUTH_BADVERF); + _rpc_gss_svc_to_service(gc->gc_svc)) { + result = AUTH_FAILED; + break; + } + if (gd->sec.qop != qop) { + result = AUTH_BADVERF; + break; + } } if (gd->sec.qop != qop) { @@ -724,17 +770,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) break; case RPCSEC_GSS_DESTROY: - if (rqst->rq_proc != NULLPROC) - return (AUTH_FAILED); /* XXX ? */ + if (rqst->rq_proc != NULLPROC) { + result = AUTH_FAILED; /* XXX ? */ + break; + } - if (!svcauth_gss_validate(gd, msg, &qop)) - return (RPCSEC_GSS_CREDPROBLEM); + if (!svcauth_gss_validate(gd, msg, &qop)) { + result = RPCSEC_GSS_CREDPROBLEM; + break; + } - if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) - return (AUTH_FAILED); + if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) { + result = AUTH_FAILED; + break; + } - if (!svcauth_gss_release_cred()) - return (AUTH_FAILED); + if (!svcauth_gss_release_cred()) { + result = AUTH_FAILED; + break; + } SVCAUTH_DESTROY(&SVC_XP_AUTH(rqst->rq_xprt)); SVC_XP_AUTH(rqst->rq_xprt).svc_ah_ops = svc_auth_none.svc_ah_ops; @@ -743,10 +797,12 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) break; default: - return (AUTH_REJECTEDCRED); + result = AUTH_REJECTEDCRED; break; } - return (AUTH_OK); +out: + xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc); + return result; } static bool_t @@ -890,7 +946,6 @@ bool_t rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, u_int UNUSED(program), u_int UNUSED(version)) { - gss_OID_set_desc oid_set; rpc_gss_OID oid; char *save; @@ -902,14 +957,13 @@ rpc_gss_set_svc_name(char *principal, char *mechanism, u_int req_time, if (!rpc_gss_mech_to_oid(mechanism, &oid)) goto out_err; - oid_set.count = 1; - oid_set.elements = (gss_OID)oid; if (!svcauth_gss_import_name(principal)) goto out_err; - if (!svcauth_gss_acquire_cred(req_time, &oid_set)) - goto out_err; + _svcauth_req_time = req_time; + _svcauth_oid_set.count = 1; + _svcauth_oid_set.elements = (gss_OID)oid; free(_svcauth_svc_name); _svcauth_svc_name = save; return TRUE; diff --git a/src/svc_vc.c b/src/svc_vc.c index 6ae613d..97a76a3 100644 --- a/src/svc_vc.c +++ b/src/svc_vc.c @@ -270,14 +270,8 @@ makefd_xprt(fd, sendsize, recvsize) struct cf_conn *cd; const char *netid; struct __rpc_sockinfo si; - - assert(fd != -1); - if (fd >= FD_SETSIZE) { - warnx("svc_vc: makefd_xprt: fd too high\n"); - xprt = NULL; - goto done; - } + assert(fd != -1); xprt = mem_alloc(sizeof(SVCXPRT)); if (xprt == NULL) { @@ -338,22 +332,10 @@ rendezvous_request(xprt, msg) r = (struct cf_rendezvous *)xprt->xp_p1; again: len = sizeof addr; - if ((sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, - &len)) < 0) { + sock = accept(xprt->xp_fd, (struct sockaddr *)(void *)&addr, &len); + if (sock < 0) { if (errno == EINTR) goto again; - - if (errno == EMFILE || errno == ENFILE) { - /* If there are no file descriptors available, then accept will fail. - We want to delay here so the connection request can be dequeued; - otherwise we can bounce between polling and accepting, never - giving the request a chance to dequeue and eating an enormous - amount of cpu time in svc_run if we're polling on many file - descriptors. */ - struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 }; - nanosleep (&ts, NULL); - goto again; - } return (FALSE); } /* diff --git a/tirpc/rpc/des.h b/tirpc/rpc/des.h index d2881ad..018aa48 100644 --- a/tirpc/rpc/des.h +++ b/tirpc/rpc/des.h @@ -82,6 +82,6 @@ struct desparams { /* * Software DES. */ -extern int _des_crypt( char *, int, struct desparams * ); +extern int _des_crypt( char *, unsigned, struct desparams * ); #endif diff --git a/tirpc/rpc/rpcent.h b/tirpc/rpc/rpcent.h index 147f909..e07503c 100644 --- a/tirpc/rpc/rpcent.h +++ b/tirpc/rpc/rpcent.h @@ -60,10 +60,11 @@ struct rpcent { extern struct rpcent *getrpcbyname(const char *); extern struct rpcent *getrpcbynumber(int); extern struct rpcent *getrpcent(void); -#endif extern void setrpcent(int); extern void endrpcent(void); +#endif + #ifdef __cplusplus } #endif