Date: Thu, 7 Aug 2008 21:30:05 GMT From: Ed Schouten <ed@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 146871 for review Message-ID: <200808072130.m77LU5pg025602@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=146871 Change 146871 by ed@ed_dull on 2008/08/07 21:29:56 IFC. Affected files ... .. //depot/projects/mpsafetty/bin/cp/utils.c#2 integrate .. //depot/projects/mpsafetty/games/fortune/fortune/fortune.6#2 integrate .. //depot/projects/mpsafetty/games/fortune/fortune/fortune.c#2 integrate .. //depot/projects/mpsafetty/games/fortune/strfile/strfile.c#2 integrate .. //depot/projects/mpsafetty/gnu/usr.bin/groff/tmac/mdoc.local#2 integrate .. //depot/projects/mpsafetty/include/complex.h#2 integrate .. //depot/projects/mpsafetty/include/gssapi/gssapi.h#2 integrate .. //depot/projects/mpsafetty/include/rpc/Makefile#2 integrate .. //depot/projects/mpsafetty/include/rpc/auth.h#2 integrate .. //depot/projects/mpsafetty/include/rpc/rpcsec_gss.h#1 branch .. //depot/projects/mpsafetty/include/rpc/svc.h#2 integrate .. //depot/projects/mpsafetty/kerberos5/lib/libgssapi_krb5/Makefile#2 integrate .. //depot/projects/mpsafetty/kerberos5/lib/libgssapi_krb5/pname_to_uid.c#1 branch .. //depot/projects/mpsafetty/lib/Makefile#2 integrate .. //depot/projects/mpsafetty/lib/libc/rpc/Makefile.inc#2 integrate .. //depot/projects/mpsafetty/lib/libc/rpc/Symbol.map#2 integrate .. //depot/projects/mpsafetty/lib/libc/rpc/clnt_dg.c#2 integrate .. //depot/projects/mpsafetty/lib/libc/rpc/clnt_perror.c#2 integrate .. //depot/projects/mpsafetty/lib/libc/rpc/clnt_vc.c#2 integrate .. //depot/projects/mpsafetty/lib/libc/rpc/rpcsec_gss_stub.c#1 branch .. //depot/projects/mpsafetty/lib/libc/rpc/svc.c#2 integrate .. //depot/projects/mpsafetty/lib/libc/rpc/svc_auth.c#2 integrate .. //depot/projects/mpsafetty/lib/libc/rpc/svc_dg.c#2 integrate .. //depot/projects/mpsafetty/lib/libc/rpc/svc_raw.c#2 integrate .. //depot/projects/mpsafetty/lib/libc/rpc/svc_vc.c#2 integrate .. //depot/projects/mpsafetty/lib/libc/xdr/xdr_rec.c#2 integrate .. //depot/projects/mpsafetty/lib/libgssapi/Makefile#2 integrate .. //depot/projects/mpsafetty/lib/libgssapi/Symbol.map#2 integrate .. //depot/projects/mpsafetty/lib/libgssapi/gss_mech_switch.c#2 integrate .. //depot/projects/mpsafetty/lib/libgssapi/gss_pname_to_uid.c#1 branch .. //depot/projects/mpsafetty/lib/libgssapi/gss_utils.c#2 integrate .. //depot/projects/mpsafetty/lib/libgssapi/mech_switch.h#2 integrate .. //depot/projects/mpsafetty/lib/libgssapi/utils.h#2 integrate .. //depot/projects/mpsafetty/lib/librpcsec_gss/Makefile#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/Symbol.map#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_get_error.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_get_mech_info.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_get_mechanisms.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_get_principal_name.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_get_versions.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_getcred.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_is_installed.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_max_data_length.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_mech_to_oid.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_oid_to_mech.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_qop_to_num.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_seccreate.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_set_callback.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_set_defaults.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_set_svc_name.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_svc_max_data_length.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpcsec_gss.3#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpcsec_gss.c#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpcsec_gss_conf.c#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpcsec_gss_int.h#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpcsec_gss_misc.c#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/rpcsec_gss_prot.c#1 branch .. //depot/projects/mpsafetty/lib/librpcsec_gss/svc_rpcsec_gss.c#1 branch .. //depot/projects/mpsafetty/lib/msun/Makefile#4 integrate .. //depot/projects/mpsafetty/lib/msun/Symbol.map#3 integrate .. //depot/projects/mpsafetty/lib/msun/man/cimag.3#2 integrate .. //depot/projects/mpsafetty/lib/msun/src/s_cimag.c#2 integrate .. //depot/projects/mpsafetty/lib/msun/src/s_cimagf.c#2 integrate .. //depot/projects/mpsafetty/lib/msun/src/s_cimagl.c#2 integrate .. //depot/projects/mpsafetty/lib/msun/src/s_conj.c#2 integrate .. //depot/projects/mpsafetty/lib/msun/src/s_conjf.c#2 integrate .. //depot/projects/mpsafetty/lib/msun/src/s_conjl.c#2 integrate .. //depot/projects/mpsafetty/lib/msun/src/s_cproj.c#1 branch .. //depot/projects/mpsafetty/lib/msun/src/s_cprojf.c#1 branch .. //depot/projects/mpsafetty/lib/msun/src/s_cprojl.c#1 branch .. //depot/projects/mpsafetty/sbin/atacontrol/atacontrol.c#2 integrate .. //depot/projects/mpsafetty/share/man/man4/et.4#2 integrate .. //depot/projects/mpsafetty/sys/amd64/amd64/pmap.c#10 integrate .. //depot/projects/mpsafetty/sys/cam/scsi/scsi_all.c#2 integrate .. //depot/projects/mpsafetty/sys/cam/scsi/scsi_all.h#2 integrate .. //depot/projects/mpsafetty/sys/dev/ed/if_ed.c#2 integrate .. //depot/projects/mpsafetty/sys/dev/ed/if_ed_pccard.c#2 integrate .. //depot/projects/mpsafetty/sys/dev/pccard/pccard.c#3 integrate .. //depot/projects/mpsafetty/sys/dev/pccard/pccarddevs#3 integrate .. //depot/projects/mpsafetty/sys/dev/snc/if_snc_pccard.c#3 integrate .. //depot/projects/mpsafetty/sys/kern/kern_condvar.c#3 integrate .. //depot/projects/mpsafetty/sys/kern/kern_synch.c#4 integrate .. //depot/projects/mpsafetty/sys/modules/snc/Makefile#2 integrate .. //depot/projects/mpsafetty/sys/net80211/ieee80211.h#2 integrate .. //depot/projects/mpsafetty/sys/netinet/in_pcb.c#5 integrate .. //depot/projects/mpsafetty/sys/netinet/in_pcb.h#6 integrate .. //depot/projects/mpsafetty/sys/sys/sleepqueue.h#3 integrate .. //depot/projects/mpsafetty/sys/ufs/ffs/ffs_vfsops.c#3 integrate .. //depot/projects/mpsafetty/usr.bin/units/units.lib#2 integrate .. //depot/projects/mpsafetty/usr.sbin/pkg_install/Makefile.inc#2 integrate .. //depot/projects/mpsafetty/usr.sbin/pkg_install/lib/pen.c#2 integrate Differences ... ==== //depot/projects/mpsafetty/bin/cp/utils.c#2 (text+ko) ==== @@ -33,7 +33,7 @@ #endif #endif /* not lint */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/bin/cp/utils.c,v 1.53 2008/03/10 19:58:41 jhb Exp $"); +__FBSDID("$FreeBSD: src/bin/cp/utils.c,v 1.54 2008/08/07 07:29:26 trasz Exp $"); #include <sys/types.h> #include <sys/acl.h> @@ -211,7 +211,6 @@ rval = 1; } } - (void)close(from_fd); /* * Don't remove the target even after an error. The target might @@ -231,6 +230,9 @@ rval = 1; } } + + (void)close(from_fd); + return (rval); } ==== //depot/projects/mpsafetty/games/fortune/fortune/fortune.6#2 (text+ko) ==== @@ -33,7 +33,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)fortune.6 8.3 (Berkeley) 4/19/94 -.\" $FreeBSD: src/games/fortune/fortune/fortune.6,v 1.22 2007/11/07 12:08:03 ru Exp $ +.\" $FreeBSD: src/games/fortune/fortune/fortune.6,v 1.23 2008/08/07 20:07:30 ache Exp $ .\" .Dd November 7, 2007 .Dt FORTUNE 6 @@ -186,6 +186,7 @@ fortunes) .El .Sh SEE ALSO +.Xr arc4random_uniform 3 , .Xr regcomp 3 , .Xr regex 3 , .Xr strfile 8 ==== //depot/projects/mpsafetty/games/fortune/fortune/fortune.c#2 (text+ko) ==== @@ -46,7 +46,7 @@ #endif /* not lint */ #endif #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/games/fortune/fortune/fortune.c,v 1.31 2007/11/07 01:14:28 edwin Exp $"); +__FBSDID("$FreeBSD: src/games/fortune/fortune/fortune.c,v 1.32 2008/08/07 20:02:42 ache Exp $"); # include <sys/stat.h> # include <sys/endian.h> @@ -188,7 +188,6 @@ exit(find_matches() != 0); init_prob(); - srandomdev(); do { get_fort(); } while ((Short_only && fortlen() > SLEN) || @@ -982,7 +981,7 @@ if (File_list->next == NULL || File_list->percent == NO_PROB) fp = File_list; else { - choice = random() % 100; + choice = arc4random_uniform(100); DPRINTF(1, (stderr, "choice = %d\n", choice)); for (fp = File_list; fp->percent != NO_PROB; fp = fp->next) if (choice < fp->percent) @@ -1002,7 +1001,7 @@ else { if (fp->next != NULL) { sum_noprobs(fp); - choice = random() % Noprob_tbl.str_numstr; + choice = arc4random_uniform(Noprob_tbl.str_numstr); DPRINTF(1, (stderr, "choice = %d (of %u) \n", choice, Noprob_tbl.str_numstr)); while (choice >= fp->tbl.str_numstr) { @@ -1044,7 +1043,7 @@ int choice; if (Equal_probs) { - choice = random() % parent->num_children; + choice = arc4random_uniform(parent->num_children); DPRINTF(1, (stderr, " choice = %d (of %d)\n", choice, parent->num_children)); for (fp = parent->child; choice--; fp = fp->next) @@ -1054,7 +1053,7 @@ } else { get_tbl(parent); - choice = random() % parent->tbl.str_numstr; + choice = arc4random_uniform(parent->tbl.str_numstr); DPRINTF(1, (stderr, " choice = %d (of %u)\n", choice, parent->tbl.str_numstr)); for (fp = parent->child; choice >= fp->tbl.str_numstr; @@ -1143,13 +1142,13 @@ #ifdef OK_TO_WRITE_DISK if ((fd = open(fp->posfile, 0)) < 0 || read(fd, &fp->pos, sizeof fp->pos) != sizeof fp->pos) - fp->pos = random() % fp->tbl.str_numstr; + fp->pos = arc4random_uniform(fp->tbl.str_numstr); else if (fp->pos >= fp->tbl.str_numstr) fp->pos %= fp->tbl.str_numstr; if (fd >= 0) (void) close(fd); #else - fp->pos = random() % fp->tbl.str_numstr; + fp->pos = arc4random_uniform(fp->tbl.str_numstr); #endif /* OK_TO_WRITE_DISK */ } if (++(fp->pos) >= fp->tbl.str_numstr) ==== //depot/projects/mpsafetty/games/fortune/strfile/strfile.c#2 (text+ko) ==== @@ -46,7 +46,7 @@ #endif /* not lint */ #endif #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/games/fortune/strfile/strfile.c,v 1.29 2008/02/19 07:09:17 ru Exp $"); +__FBSDID("$FreeBSD: src/games/fortune/strfile/strfile.c,v 1.30 2008/08/07 20:05:51 ache Exp $"); # include <sys/param.h> # include <sys/endian.h> @@ -447,8 +447,6 @@ off_t tmp; off_t *sp; - srandomdev(); - Tbl.str_flags |= STR_RANDOM; cnt = Tbl.str_numstr; @@ -457,7 +455,7 @@ */ for (sp = Seekpts; cnt > 0; cnt--, sp++) { - i = random() % cnt; + i = arc4random_uniform(cnt); tmp = sp[0]; sp[0] = sp[i]; sp[i] = tmp; ==== //depot/projects/mpsafetty/gnu/usr.bin/groff/tmac/mdoc.local#2 (text+ko) ==== @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/gnu/usr.bin/groff/tmac/mdoc.local,v 1.63 2008/02/23 19:27:54 ru Exp $ +.\" $FreeBSD: src/gnu/usr.bin/groff/tmac/mdoc.local,v 1.64 2008/08/06 14:02:05 dfr Exp $ .\" .\" %beginstrip% . @@ -53,6 +53,7 @@ .ds doc-str-Lb-libmemstat Kernel Memory Allocator Statistics Library (libmemstat, \-lmemstat) .ds doc-str-Lb-libnetgraph Netgraph User Library (libnetgraph, \-lnetgraph) .ds doc-str-Lb-libpmc Performance Monitoring Counters Interface Library (libpmc, \-lpmc) +.ds doc-str-Lb-librpcsec_gss RPC GSS-API Authentication Library (librpcsec_gss, \-lrpcsec_gss) .ds doc-str-Lb-librpcsvc RPC Service Library (librpcsvc, \-lrpcsvc) .ds doc-str-Lb-libsdp Bluetooth Service Discovery Protocol User Library (libsdp, \-lsdp) .ds doc-str-Lb-libthr 1:1 Threading Library (libthr, \-lthr) ==== //depot/projects/mpsafetty/include/complex.h#2 (text+ko) ==== @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/include/complex.h,v 1.10 2008/03/30 20:07:15 das Exp $ + * $FreeBSD: src/include/complex.h,v 1.12 2008/08/07 15:07:48 das Exp $ */ #ifndef _COMPLEX_H @@ -48,16 +48,21 @@ long double cabsl(long double complex); double carg(double complex); float cargf(float complex); -double cimag(double complex); -float cimagf(float complex); -long double cimagl(long double complex); -double complex conj(double complex); -float complex conjf(float complex); +long double cargl(long double complex); +double cimag(double complex) __pure2; +float cimagf(float complex) __pure2; +long double cimagl(long double complex) __pure2; +double complex conj(double complex) __pure2; +float complex conjf(float complex) __pure2; +long double complex + conjl(long double complex) __pure2; +float complex cprojf(float complex) __pure2; +double complex cproj(double complex) __pure2; long double complex - conjl(long double complex); -double creal(double complex); -float crealf(float complex); -long double creall(long double complex); + cprojl(long double complex) __pure2; +double creal(double complex) __pure2; +float crealf(float complex) __pure2; +long double creall(long double complex) __pure2; double complex csqrt(double complex); float complex csqrtf(float complex); long double complex ==== //depot/projects/mpsafetty/include/gssapi/gssapi.h#2 (text+ko) ==== @@ -25,7 +25,7 @@ * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. * - * $FreeBSD: src/include/gssapi/gssapi.h,v 1.4 2008/05/16 02:06:10 dfr Exp $ + * $FreeBSD: src/include/gssapi/gssapi.h,v 1.5 2008/08/06 14:02:05 dfr Exp $ */ #ifndef _GSSAPI_GSSAPI_H_ @@ -837,6 +837,15 @@ gss_buffer_t /* buffer for result */ ); +#ifdef _UID_T_DECLARED +OM_uint32 gss_pname_to_uid + (OM_uint32 *, /* minor status */ + const gss_name_t pname, /* principal name */ + const gss_OID mech, /* mechanism to query */ + uid_t *uidp /* pointer to UID for result */ + ); +#endif + __END_DECLS #endif /* _GSSAPI_GSSAPI_H_ */ ==== //depot/projects/mpsafetty/include/rpc/Makefile#2 (text+ko) ==== @@ -1,5 +1,5 @@ # from: @(#)Makefile 2.3 88/08/11 4.0 RPCSRC -# $FreeBSD: src/include/rpc/Makefile,v 1.3 2007/04/10 22:10:16 pjd Exp $ +# $FreeBSD: src/include/rpc/Makefile,v 1.4 2008/08/06 14:02:05 dfr Exp $ .SUFFIXES: .x @@ -11,7 +11,7 @@ HFILES= auth.h auth_unix.h clnt.h clnt_soc.h clnt_stat.h \ nettype.h pmap_clnt.h pmap_prot.h pmap_rmt.h raw.h \ - rpc.h rpc_msg.h rpcb_clnt.h rpcent.h rpc_com.h \ + rpc.h rpc_msg.h rpcb_clnt.h rpcent.h rpc_com.h rpcsec_gss.h \ svc.h svc_auth.h svc_soc.h svc_dg.h xdr.h # Secure RPC ==== //depot/projects/mpsafetty/include/rpc/auth.h#2 (text+ko) ==== @@ -31,7 +31,7 @@ * from: @(#)auth.h 1.17 88/02/08 SMI * from: @(#)auth.h 2.3 88/08/07 4.0 RPCSRC * from: @(#)auth.h 1.43 98/02/02 SMI - * $FreeBSD: src/include/rpc/auth.h,v 1.21 2006/02/28 16:02:26 deischen Exp $ + * $FreeBSD: src/include/rpc/auth.h,v 1.22 2008/08/06 14:02:05 dfr Exp $ */ /* @@ -132,7 +132,7 @@ * failed locally */ AUTH_INVALIDRESP=6, /* bogus response verifier */ - AUTH_FAILED=7 /* some unknown reason */ + AUTH_FAILED=7, /* some unknown reason */ #ifdef KERBEROS /* * kerberos errors @@ -142,8 +142,14 @@ AUTH_TIMEEXPIRE = 9, /* time of credential expired */ AUTH_TKT_FILE = 10, /* something wrong with ticket file */ AUTH_DECODE = 11, /* can't decode authenticator */ - AUTH_NET_ADDR = 12 /* wrong net address in ticket */ + AUTH_NET_ADDR = 12, /* wrong net address in ticket */ #endif /* KERBEROS */ + /* + * RPCSEC_GSS errors + */ + RPCSEC_GSS_CREDPROBLEM = 13, + RPCSEC_GSS_CTXPROBLEM = 14, + RPCSEC_GSS_NODISPATCH = 0x8000000 }; union des_block { @@ -352,5 +358,13 @@ #define AUTH_DH 3 /* for Diffie-Hellman mechanism */ #define AUTH_DES AUTH_DH /* for backward compatibility */ #define AUTH_KERB 4 /* kerberos style */ +#define RPCSEC_GSS 6 /* RPCSEC_GSS */ + +/* + * Pseudo auth flavors for RPCSEC_GSS. + */ +#define RPCSEC_GSS_KRB5 390003 +#define RPCSEC_GSS_KRB5I 390004 +#define RPCSEC_GSS_KRB5P 390005 #endif /* !_RPC_AUTH_H */ ==== //depot/projects/mpsafetty/include/rpc/svc.h#2 (text+ko) ==== @@ -30,7 +30,7 @@ * * from: @(#)svc.h 1.35 88/12/17 SMI * from: @(#)svc.h 1.27 94/04/25 SMI - * $FreeBSD: src/include/rpc/svc.h,v 1.24 2003/06/15 10:32:01 mbr Exp $ + * $FreeBSD: src/include/rpc/svc.h,v 1.25 2008/08/06 14:02:05 dfr Exp $ */ /* @@ -127,6 +127,27 @@ } SVCXPRT; /* + * Interface to server-side authentication flavors. + */ +typedef struct __rpc_svcauth { + struct svc_auth_ops { + int (*svc_ah_wrap)(struct __rpc_svcauth *, XDR *, + xdrproc_t, caddr_t); + int (*svc_ah_unwrap)(struct __rpc_svcauth *, XDR *, + xdrproc_t, caddr_t); + } *svc_ah_ops; + void *svc_ah_private; +} SVCAUTH; + +/* + * Server transport extensions (accessed via xp_p3). + */ +typedef struct __rpc_svcxprt_ext { + int xp_flags; /* versquiet */ + SVCAUTH xp_auth; /* interface to auth methods */ +} SVCXPRT_EXT; + +/* * Service request */ struct svc_req { @@ -184,6 +205,20 @@ #define SVC_CONTROL(xprt, rq, in) \ (*(xprt)->xp_ops2->xp_control)((xprt), (rq), (in)) +#define SVC_EXT(xprt) \ + ((SVCXPRT_EXT *) xprt->xp_p3) + +#define SVC_AUTH(xprt) \ + (SVC_EXT(xprt)->xp_auth) + +/* + * Operations defined on an SVCAUTH handle + */ +#define SVCAUTH_WRAP(auth, xdrs, xfunc, xwhere) \ + ((auth)->svc_ah_ops->svc_ah_wrap(auth, xdrs, xfunc, xwhere)) +#define SVCAUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \ + ((auth)->svc_ah_ops->svc_ah_unwrap(auth, xdrs, xfunc, xwhere)) + /* * Service registration * @@ -298,6 +333,12 @@ #endif /* def FD_SETSIZE */ /* + * A set of null auth methods used by any authentication protocols + * that don't need to inspect or modify the message body. + */ +extern SVCAUTH _svc_auth_null; + +/* * a small program implemented by the svc_rpc implementation itself; * also see clnt.h for protocol numbers. */ @@ -306,6 +347,8 @@ __END_DECLS __BEGIN_DECLS +extern SVCXPRT *svc_xprt_alloc(void); +extern void svc_xprt_free(SVCXPRT *); extern void svc_getreq(int); extern void svc_getreqset(fd_set *); extern void svc_getreq_common(int); ==== //depot/projects/mpsafetty/kerberos5/lib/libgssapi_krb5/Makefile#2 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/kerberos5/lib/libgssapi_krb5/Makefile,v 1.1 2008/05/07 13:53:03 dfr Exp $ +# $FreeBSD: src/kerberos5/lib/libgssapi_krb5/Makefile,v 1.2 2008/08/06 14:02:05 dfr Exp $ LIB= gssapi_krb5 LDFLAGS= -Wl,-Bsymbolic @@ -46,6 +46,7 @@ inquire_mechs_for_name.c \ inquire_names_for_mech.c \ inquire_sec_context_by_oid.c \ + pname_to_uid.c \ prefix.c \ prf.c \ process_context_token.c \ ==== //depot/projects/mpsafetty/lib/Makefile#2 (text+ko) ==== @@ -1,5 +1,5 @@ # @(#)Makefile 8.1 (Berkeley) 6/4/93 -# $FreeBSD: src/lib/Makefile,v 1.231 2008/05/25 22:11:23 rwatson Exp $ +# $FreeBSD: src/lib/Makefile,v 1.232 2008/08/06 14:02:05 dfr Exp $ .include <bsd.own.mk> @@ -22,6 +22,7 @@ # libtacplus must be built before libpam. # libutil must be built before libpam. # libypclnt must be built before libpam. +# libgssapi must be built before librpcsec_gss # # Otherwise, the SUBDIR list should be in alphabetical order. @@ -31,7 +32,7 @@ libbegemot ${_libbluetooth} libbsnmp libbz2 \ libcalendar libcam libcompat libdevinfo libdevstat libdisk \ libdwarf libedit libexpat libfetch libftpio libgeom ${_libgpib} \ - ${_libgssapi} libipsec \ + ${_libgssapi} ${_librpcsec_gss} libipsec \ ${_libipx} libkiconv libmagic libmemstat ${_libmilter} ${_libmp} \ ${_libncp} ${_libngatm} libopie libpam libpcap \ libpmc libproc librt ${_libsdp} ${_libsm} ${_libsmb} \ @@ -62,6 +63,7 @@ .if ${MK_GSSAPI} != "no" _libgssapi= libgssapi +_librpcsec_gss= librpcsec_gss .endif .if ${MK_IPX} != "no" ==== //depot/projects/mpsafetty/lib/libc/rpc/Makefile.inc#2 (text+ko) ==== @@ -1,5 +1,5 @@ # @(#)Makefile 5.11 (Berkeley) 9/6/90 -# $FreeBSD: src/lib/libc/rpc/Makefile.inc,v 1.28 2006/03/13 01:14:59 deischen Exp $ +# $FreeBSD: src/lib/libc/rpc/Makefile.inc,v 1.29 2008/08/06 14:02:05 dfr Exp $ .PATH: ${.CURDIR}/rpc ${.CURDIR}/. SRCS+= auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \ @@ -8,8 +8,9 @@ getrpcport.c mt_misc.c pmap_clnt.c pmap_getmaps.c pmap_getport.c \ pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \ rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \ - rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_generic.c \ - svc_raw.c svc_run.c svc_simple.c svc_vc.c + rpcb_st_xdr.c rpcsec_gss_stub.c svc.c svc_auth.c svc_dg.c \ + svc_auth_unix.c svc_generic.c svc_raw.c svc_run.c svc_simple.c \ + svc_vc.c # Secure-RPC SRCS+= auth_time.c auth_des.c authdes_prot.c des_crypt.c des_soft.c \ ==== //depot/projects/mpsafetty/lib/libc/rpc/Symbol.map#2 (text) ==== @@ -1,5 +1,5 @@ /* - * $FreeBSD: src/lib/libc/rpc/Symbol.map,v 1.3 2007/05/31 13:01:34 deischen Exp $ + * $FreeBSD: src/lib/libc/rpc/Symbol.map,v 1.4 2008/08/06 14:02:05 dfr Exp $ */ FBSD_1.0 { @@ -244,4 +244,8 @@ * Remove this hack if rpcinfo stops building with it. */ __svc_clean_idle; + __rpc_gss_unwrap; + __rpc_gss_unwrap_stub; + __rpc_gss_wrap; + __rpc_gss_wrap_stub; }; ==== //depot/projects/mpsafetty/lib/libc/rpc/clnt_dg.c#2 (text+ko) ==== @@ -37,7 +37,7 @@ static char sccsid[] = "@(#)clnt_dg.c 1.19 89/03/16 Copyr 1988 Sun Micro"; #endif #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/lib/libc/rpc/clnt_dg.c,v 1.19 2007/03/04 12:25:03 simon Exp $"); +__FBSDID("$FreeBSD: src/lib/libc/rpc/clnt_dg.c,v 1.20 2008/08/06 14:02:05 dfr Exp $"); /* * Implements a connectionless client side RPC. @@ -52,6 +52,7 @@ #include <sys/ioctl.h> #include <arpa/inet.h> #include <rpc/rpc.h> +#include <rpc/rpcsec_gss.h> #include <errno.h> #include <stdlib.h> #include <string.h> @@ -113,6 +114,8 @@ /* VARIABLES PROTECTED BY clnt_fd_lock: dg_fd_locks, dg_cv */ +#define MCALL_MSG_SIZE 24 + /* * Private data kept per client handle */ @@ -127,6 +130,7 @@ XDR cu_outxdrs; u_int cu_xdrpos; u_int cu_sendsz; /* send size */ + char cu_outhdr[MCALL_MSG_SIZE]; char *cu_outbuf; u_int cu_recvsz; /* recv size */ int cu_async; @@ -253,13 +257,16 @@ call_msg.rm_xid = __RPC_GETXID(&now); call_msg.rm_call.cb_prog = program; call_msg.rm_call.cb_vers = version; - xdrmem_create(&(cu->cu_outxdrs), cu->cu_outbuf, sendsz, XDR_ENCODE); - if (! xdr_callhdr(&(cu->cu_outxdrs), &call_msg)) { + xdrmem_create(&(cu->cu_outxdrs), cu->cu_outhdr, MCALL_MSG_SIZE, + XDR_ENCODE); + if (! xdr_callhdr(&cu->cu_outxdrs, &call_msg)) { rpc_createerr.cf_stat = RPC_CANTENCODEARGS; /* XXX */ rpc_createerr.cf_error.re_errno = 0; goto err2; } cu->cu_xdrpos = XDR_GETPOS(&(cu->cu_outxdrs)); + XDR_DESTROY(&cu->cu_outxdrs); + xdrmem_create(&cu->cu_outxdrs, cu->cu_outbuf, sendsz, XDR_ENCODE); /* XXX fvdl - do we still want this? */ #if 0 @@ -312,6 +319,7 @@ XDR reply_xdrs; bool_t ok; int nrefreshes = 2; /* number of times to refresh cred */ + int nretries = 0; /* number of times we retransmitted */ struct timeval timeout; struct timeval retransmit_time; struct timeval next_sendtime, starttime, time_waited, tv; @@ -375,25 +383,37 @@ kin_len = 1; call_again: - xdrs = &(cu->cu_outxdrs); - if (cu->cu_async == TRUE && xargs == NULL) - goto get_reply; - xdrs->x_op = XDR_ENCODE; - XDR_SETPOS(xdrs, cu->cu_xdrpos); /* * the transaction is the first thing in the out buffer * XXX Yes, and it's in network byte order, so we should to * be careful when we increment it, shouldn't we. */ - xid = ntohl(*(u_int32_t *)(void *)(cu->cu_outbuf)); + xid = ntohl(*(u_int32_t *)(void *)(cu->cu_outhdr)); xid++; - *(u_int32_t *)(void *)(cu->cu_outbuf) = htonl(xid); + *(u_int32_t *)(void *)(cu->cu_outhdr) = htonl(xid); +call_again_same_xid: + xdrs = &(cu->cu_outxdrs); + if (cu->cu_async == TRUE && xargs == NULL) + goto get_reply; + xdrs->x_op = XDR_ENCODE; + XDR_SETPOS(xdrs, 0); - if ((! XDR_PUTINT32(xdrs, &proc)) || - (! AUTH_MARSHALL(cl->cl_auth, xdrs)) || - (! (*xargs)(xdrs, argsp))) { - cu->cu_error.re_status = RPC_CANTENCODEARGS; - goto out; + if (cl->cl_auth->ah_cred.oa_flavor != RPCSEC_GSS) { + if ((! XDR_PUTBYTES(xdrs, cu->cu_outhdr, cu->cu_xdrpos)) || + (! XDR_PUTINT32(xdrs, &proc)) || + (! AUTH_MARSHALL(cl->cl_auth, xdrs)) || + (! (*xargs)(xdrs, argsp))) { + cu->cu_error.re_status = RPC_CANTENCODEARGS; + goto out; + } + } else { + *(uint32_t *) &cu->cu_outhdr[cu->cu_xdrpos] = htonl(proc); + if (!__rpc_gss_wrap(cl->cl_auth, cu->cu_outhdr, + cu->cu_xdrpos + sizeof(uint32_t), + xdrs, xargs, argsp)) { + cu->cu_error.re_status = RPC_CANTENCODEARGS; + goto out; + } } outlen = (size_t)XDR_GETPOS(xdrs); @@ -420,8 +440,13 @@ * (We assume that this is actually only executed once.) */ reply_msg.acpted_rply.ar_verf = _null_auth; - reply_msg.acpted_rply.ar_results.where = resultsp; - reply_msg.acpted_rply.ar_results.proc = xresults; + if (cl->cl_auth->ah_cred.oa_flavor != RPCSEC_GSS) { + reply_msg.acpted_rply.ar_results.where = resultsp; + reply_msg.acpted_rply.ar_results.proc = xresults; + } else { + reply_msg.acpted_rply.ar_results.where = NULL; + reply_msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_void; + } for (;;) { /* Decide how long to wait. */ @@ -483,7 +508,17 @@ &retransmit_time); timeradd(&next_sendtime, &retransmit_time, &next_sendtime); - goto send_again; + nretries++; + + /* + * When retransmitting a RPCSEC_GSS message, + * we must use a new sequence number (handled + * by __rpc_gss_wrap above). + */ + if (cl->cl_auth->ah_cred.oa_flavor != RPCSEC_GSS) + goto send_again; + else + goto call_again_same_xid; } } inlen = (socklen_t)recvlen; @@ -505,8 +540,37 @@ if (cu->cu_error.re_status == RPC_SUCCESS) { if (! AUTH_VALIDATE(cl->cl_auth, &reply_msg.acpted_rply.ar_verf)) { + if (nretries && + cl->cl_auth->ah_cred.oa_flavor + == RPCSEC_GSS) + /* + * If we retransmitted, its + * possible that we will + * receive a reply for one of + * the earlier transmissions + * (which will use an older + * RPCSEC_GSS sequence + * number). In this case, just + * go back and listen for a + * new reply. We could keep a + * record of all the seq + * numbers we have transmitted + * so far so that we could + * accept a reply for any of + * them here. + */ + goto get_reply; cu->cu_error.re_status = RPC_AUTHERROR; cu->cu_error.re_why = AUTH_INVALIDRESP; + } else { + if (cl->cl_auth->ah_cred.oa_flavor + == RPCSEC_GSS) { + if (!__rpc_gss_unwrap(cl->cl_auth, + &reply_xdrs, xresults, + resultsp)) + cu->cu_error.re_status = + RPC_CANTDECODERES; + } } if (reply_msg.acpted_rply.ar_verf.oa_base != NULL) { xdrs->x_op = XDR_FREE; @@ -670,12 +734,12 @@ * This will get the xid of the PREVIOUS call */ *(u_int32_t *)info = - ntohl(*(u_int32_t *)(void *)cu->cu_outbuf); + ntohl(*(u_int32_t *)(void *)cu->cu_outhdr); break; case CLSET_XID: /* This will set the xid of the NEXT call */ - *(u_int32_t *)(void *)cu->cu_outbuf = + *(u_int32_t *)(void *)cu->cu_outhdr = htonl(*(u_int32_t *)info - 1); /* decrement by 1 as clnt_dg_call() increments once */ break; @@ -688,12 +752,12 @@ * call_struct is changed */ *(u_int32_t *)info = - ntohl(*(u_int32_t *)(void *)(cu->cu_outbuf + + ntohl(*(u_int32_t *)(void *)(cu->cu_outhdr + 4 * BYTES_PER_XDR_UNIT)); break; case CLSET_VERS: - *(u_int32_t *)(void *)(cu->cu_outbuf + 4 * BYTES_PER_XDR_UNIT) + *(u_int32_t *)(void *)(cu->cu_outhdr + 4 * BYTES_PER_XDR_UNIT) = htonl(*(u_int32_t *)info); break; @@ -705,12 +769,12 @@ * call_struct is changed */ *(u_int32_t *)info = - ntohl(*(u_int32_t *)(void *)(cu->cu_outbuf + + ntohl(*(u_int32_t *)(void *)(cu->cu_outhdr + 3 * BYTES_PER_XDR_UNIT)); break; case CLSET_PROG: - *(u_int32_t *)(void *)(cu->cu_outbuf + 3 * BYTES_PER_XDR_UNIT) + *(u_int32_t *)(void *)(cu->cu_outhdr + 3 * BYTES_PER_XDR_UNIT) = htonl(*(u_int32_t *)info); break; case CLSET_ASYNC: ==== //depot/projects/mpsafetty/lib/libc/rpc/clnt_perror.c#2 (text+ko) ==== @@ -35,7 +35,7 @@ static char *sccsid = "@(#)clnt_perror.c 2.1 88/07/29 4.0 RPCSRC"; #endif #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/lib/libc/rpc/clnt_perror.c,v 1.17 2004/10/16 06:11:34 obrien Exp $"); +__FBSDID("$FreeBSD: src/lib/libc/rpc/clnt_perror.c,v 1.18 2008/08/06 14:02:05 dfr Exp $"); /* * clnt_perror.c @@ -309,7 +309,14 @@ "Server rejected verifier", /* 4 - AUTH_REJECTEDVERF */ "Client credential too weak", /* 5 - AUTH_TOOWEAK */ "Invalid server verifier", /* 6 - AUTH_INVALIDRESP */ - "Failed (unspecified error)" /* 7 - AUTH_FAILED */ + "Failed (unspecified error)", /* 7 - AUTH_FAILED */ + "Kerberos generic error", /* 8 - AUTH_KERB_GENERIC*/ + "Kerberos credential expired", /* 9 - AUTH_TIMEEXPIRE */ + "Bad kerberos ticket file", /* 10 - AUTH_TKT_FILE */ + "Can't decode kerberos authenticator", /* 11 - AUTH_DECODE */ + "Address wrong in kerberos ticket", /* 12 - AUTH_NET_ADDR */ + "GSS-API crediential problem", /* 13 - RPCSEC_GSS_CREDPROBLEM */ + "GSS-API context problem" /* 14 - RPCSEC_GSS_CTXPROBLEM */ }; static char * ==== //depot/projects/mpsafetty/lib/libc/rpc/clnt_vc.c#2 (text+ko) ==== @@ -35,7 +35,7 @@ static char sccsid3[] = "@(#)clnt_vc.c 1.19 89/03/16 Copyr 1988 Sun Micro"; #endif #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/lib/libc/rpc/clnt_vc.c,v 1.20 2006/09/09 22:18:57 mbr Exp $"); +__FBSDID("$FreeBSD: src/lib/libc/rpc/clnt_vc.c,v 1.21 2008/08/06 14:02:05 dfr Exp $"); /* * clnt_tcp.c, Implements a TCP/IP based, client side RPC. @@ -77,6 +77,7 @@ #include <signal.h> #include <rpc/rpc.h> +#include <rpc/rpcsec_gss.h> #include "un-namespace.h" #include "rpc_com.h" #include "mt_misc.h" @@ -285,6 +286,7 @@ } ct->ct_mpos = XDR_GETPOS(&(ct->ct_xdrs)); XDR_DESTROY(&(ct->ct_xdrs)); + assert(ct->ct_mpos + sizeof(uint32_t) <= MCALL_MSG_SIZE); /* * Create a client handle which uses xdrrec for serialization @@ -331,6 +333,7 @@ int refreshes = 2; sigset_t mask, newmask; int rpc_lock_value; + bool_t reply_stat; assert(cl != NULL); @@ -360,15 +363,28 @@ ct->ct_error.re_status = RPC_SUCCESS; x_id = ntohl(--(*msg_x_id)); - if ((! XDR_PUTBYTES(xdrs, ct->ct_u.ct_mcallc, ct->ct_mpos)) || - (! XDR_PUTINT32(xdrs, &proc)) || - (! AUTH_MARSHALL(cl->cl_auth, xdrs)) || - (! (*xdr_args)(xdrs, args_ptr))) { - if (ct->ct_error.re_status == RPC_SUCCESS) - ct->ct_error.re_status = RPC_CANTENCODEARGS; - (void)xdrrec_endofrecord(xdrs, TRUE); - release_fd_lock(ct->ct_fd, mask); - return (ct->ct_error.re_status); + if (cl->cl_auth->ah_cred.oa_flavor != RPCSEC_GSS) { + if ((! XDR_PUTBYTES(xdrs, ct->ct_u.ct_mcallc, ct->ct_mpos)) || + (! XDR_PUTINT32(xdrs, &proc)) || + (! AUTH_MARSHALL(cl->cl_auth, xdrs)) || + (! (*xdr_args)(xdrs, args_ptr))) { + if (ct->ct_error.re_status == RPC_SUCCESS) + ct->ct_error.re_status = RPC_CANTENCODEARGS; + (void)xdrrec_endofrecord(xdrs, TRUE); + release_fd_lock(ct->ct_fd, mask); + return (ct->ct_error.re_status); + } + } else { + *(uint32_t *) &ct->ct_u.ct_mcallc[ct->ct_mpos] = htonl(proc); + if (! __rpc_gss_wrap(cl->cl_auth, ct->ct_u.ct_mcallc, + ct->ct_mpos + sizeof(uint32_t), + xdrs, xdr_args, args_ptr)) { + if (ct->ct_error.re_status == RPC_SUCCESS) + ct->ct_error.re_status = RPC_CANTENCODEARGS; + (void)xdrrec_endofrecord(xdrs, TRUE); + release_fd_lock(ct->ct_fd, mask); + return (ct->ct_error.re_status); + } } if (! xdrrec_endofrecord(xdrs, shipnow)) { release_fd_lock(ct->ct_fd, mask); @@ -419,9 +435,18 @@ &reply_msg.acpted_rply.ar_verf)) { ct->ct_error.re_status = RPC_AUTHERROR; ct->ct_error.re_why = AUTH_INVALIDRESP; - } else if (! (*xdr_results)(xdrs, results_ptr)) { - if (ct->ct_error.re_status == RPC_SUCCESS) - ct->ct_error.re_status = RPC_CANTDECODERES; + } else { + if (cl->cl_auth->ah_cred.oa_flavor != RPCSEC_GSS) { + reply_stat = (*xdr_results)(xdrs, results_ptr); + } else { + reply_stat = __rpc_gss_unwrap(cl->cl_auth, + xdrs, xdr_results, results_ptr); + } + if (! reply_stat) { + if (ct->ct_error.re_status == RPC_SUCCESS) + ct->ct_error.re_status = + RPC_CANTDECODERES; + } } /* free verifier ... */ if (reply_msg.acpted_rply.ar_verf.oa_base != NULL) { ==== //depot/projects/mpsafetty/lib/libc/rpc/svc.c#2 (text+ko) ==== @@ -34,7 +34,7 @@ static char *sccsid = "@(#)svc.c 2.4 88/08/11 4.0 RPCSRC"; #endif #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/lib/libc/rpc/svc.c,v 1.24 2006/02/27 22:10:59 deischen Exp $"); +__FBSDID("$FreeBSD: src/lib/libc/rpc/svc.c,v 1.25 2008/08/06 14:02:05 dfr Exp $"); /* * svc.c, Server-side remote procedure call interface. @@ -67,7 +67,7 @@ #define RQCRED_SIZE 400 /* this size is excessive */ #define SVC_VERSQUIET 0x0001 /* keep quiet about vers mismatch */ -#define version_keepquiet(xp) ((u_long)(xp)->xp_p3 & SVC_VERSQUIET) +#define version_keepquiet(xp) (SVC_EXT(xp)->xp_flags & SVC_VERSQUIET) #define max(a, b) (a > b ? a : b) @@ -452,20 +452,16 @@ __svc_versquiet_on(xprt) SVCXPRT *xprt; { - u_long tmp; - tmp = ((u_long) xprt->xp_p3) | SVC_VERSQUIET; - xprt->xp_p3 = tmp; + SVC_EXT(xprt)->xp_flags |= SVC_VERSQUIET; } void __svc_versquiet_off(xprt) SVCXPRT *xprt; { - u_long tmp; - tmp = ((u_long) xprt->xp_p3) & ~SVC_VERSQUIET; - xprt->xp_p3 = tmp; + SVC_EXT(xprt)->xp_flags &= ~SVC_VERSQUIET; } void @@ -479,7 +475,8 @@ __svc_versquiet_get(xprt) SVCXPRT *xprt; { - return ((int) xprt->xp_p3) & SVC_VERSQUIET; + + return (SVC_EXT(xprt)->xp_flags & SVC_VERSQUIET); } #endif @@ -555,6 +552,39 @@ SVC_REPLY(xprt, &rply); >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808072130.m77LU5pg025602>