PERFORCE change 146871 for review
Ed Schouten
ed at FreeBSD.org
Thu Aug 7 21:30:06 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=146871
Change 146871 by ed at ed_dull on 2008/08/07 21:29:56
IFC.
Affected files ...
.. //depot/projects/mpsafetty/bin/cp/utils.c#2 integrate
.. //depot/projects/mpsafetty/games/fortune/fortune/fortune.6#2 integrate
.. //depot/projects/mpsafetty/games/fortune/fortune/fortune.c#2 integrate
.. //depot/projects/mpsafetty/games/fortune/strfile/strfile.c#2 integrate
.. //depot/projects/mpsafetty/gnu/usr.bin/groff/tmac/mdoc.local#2 integrate
.. //depot/projects/mpsafetty/include/complex.h#2 integrate
.. //depot/projects/mpsafetty/include/gssapi/gssapi.h#2 integrate
.. //depot/projects/mpsafetty/include/rpc/Makefile#2 integrate
.. //depot/projects/mpsafetty/include/rpc/auth.h#2 integrate
.. //depot/projects/mpsafetty/include/rpc/rpcsec_gss.h#1 branch
.. //depot/projects/mpsafetty/include/rpc/svc.h#2 integrate
.. //depot/projects/mpsafetty/kerberos5/lib/libgssapi_krb5/Makefile#2 integrate
.. //depot/projects/mpsafetty/kerberos5/lib/libgssapi_krb5/pname_to_uid.c#1 branch
.. //depot/projects/mpsafetty/lib/Makefile#2 integrate
.. //depot/projects/mpsafetty/lib/libc/rpc/Makefile.inc#2 integrate
.. //depot/projects/mpsafetty/lib/libc/rpc/Symbol.map#2 integrate
.. //depot/projects/mpsafetty/lib/libc/rpc/clnt_dg.c#2 integrate
.. //depot/projects/mpsafetty/lib/libc/rpc/clnt_perror.c#2 integrate
.. //depot/projects/mpsafetty/lib/libc/rpc/clnt_vc.c#2 integrate
.. //depot/projects/mpsafetty/lib/libc/rpc/rpcsec_gss_stub.c#1 branch
.. //depot/projects/mpsafetty/lib/libc/rpc/svc.c#2 integrate
.. //depot/projects/mpsafetty/lib/libc/rpc/svc_auth.c#2 integrate
.. //depot/projects/mpsafetty/lib/libc/rpc/svc_dg.c#2 integrate
.. //depot/projects/mpsafetty/lib/libc/rpc/svc_raw.c#2 integrate
.. //depot/projects/mpsafetty/lib/libc/rpc/svc_vc.c#2 integrate
.. //depot/projects/mpsafetty/lib/libc/xdr/xdr_rec.c#2 integrate
.. //depot/projects/mpsafetty/lib/libgssapi/Makefile#2 integrate
.. //depot/projects/mpsafetty/lib/libgssapi/Symbol.map#2 integrate
.. //depot/projects/mpsafetty/lib/libgssapi/gss_mech_switch.c#2 integrate
.. //depot/projects/mpsafetty/lib/libgssapi/gss_pname_to_uid.c#1 branch
.. //depot/projects/mpsafetty/lib/libgssapi/gss_utils.c#2 integrate
.. //depot/projects/mpsafetty/lib/libgssapi/mech_switch.h#2 integrate
.. //depot/projects/mpsafetty/lib/libgssapi/utils.h#2 integrate
.. //depot/projects/mpsafetty/lib/librpcsec_gss/Makefile#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/Symbol.map#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_get_error.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_get_mech_info.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_get_mechanisms.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_get_principal_name.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_get_versions.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_getcred.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_is_installed.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_max_data_length.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_mech_to_oid.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_oid_to_mech.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_qop_to_num.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_seccreate.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_set_callback.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_set_defaults.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_set_svc_name.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpc_gss_svc_max_data_length.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpcsec_gss.3#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpcsec_gss.c#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpcsec_gss_conf.c#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpcsec_gss_int.h#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpcsec_gss_misc.c#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/rpcsec_gss_prot.c#1 branch
.. //depot/projects/mpsafetty/lib/librpcsec_gss/svc_rpcsec_gss.c#1 branch
.. //depot/projects/mpsafetty/lib/msun/Makefile#4 integrate
.. //depot/projects/mpsafetty/lib/msun/Symbol.map#3 integrate
.. //depot/projects/mpsafetty/lib/msun/man/cimag.3#2 integrate
.. //depot/projects/mpsafetty/lib/msun/src/s_cimag.c#2 integrate
.. //depot/projects/mpsafetty/lib/msun/src/s_cimagf.c#2 integrate
.. //depot/projects/mpsafetty/lib/msun/src/s_cimagl.c#2 integrate
.. //depot/projects/mpsafetty/lib/msun/src/s_conj.c#2 integrate
.. //depot/projects/mpsafetty/lib/msun/src/s_conjf.c#2 integrate
.. //depot/projects/mpsafetty/lib/msun/src/s_conjl.c#2 integrate
.. //depot/projects/mpsafetty/lib/msun/src/s_cproj.c#1 branch
.. //depot/projects/mpsafetty/lib/msun/src/s_cprojf.c#1 branch
.. //depot/projects/mpsafetty/lib/msun/src/s_cprojl.c#1 branch
.. //depot/projects/mpsafetty/sbin/atacontrol/atacontrol.c#2 integrate
.. //depot/projects/mpsafetty/share/man/man4/et.4#2 integrate
.. //depot/projects/mpsafetty/sys/amd64/amd64/pmap.c#10 integrate
.. //depot/projects/mpsafetty/sys/cam/scsi/scsi_all.c#2 integrate
.. //depot/projects/mpsafetty/sys/cam/scsi/scsi_all.h#2 integrate
.. //depot/projects/mpsafetty/sys/dev/ed/if_ed.c#2 integrate
.. //depot/projects/mpsafetty/sys/dev/ed/if_ed_pccard.c#2 integrate
.. //depot/projects/mpsafetty/sys/dev/pccard/pccard.c#3 integrate
.. //depot/projects/mpsafetty/sys/dev/pccard/pccarddevs#3 integrate
.. //depot/projects/mpsafetty/sys/dev/snc/if_snc_pccard.c#3 integrate
.. //depot/projects/mpsafetty/sys/kern/kern_condvar.c#3 integrate
.. //depot/projects/mpsafetty/sys/kern/kern_synch.c#4 integrate
.. //depot/projects/mpsafetty/sys/modules/snc/Makefile#2 integrate
.. //depot/projects/mpsafetty/sys/net80211/ieee80211.h#2 integrate
.. //depot/projects/mpsafetty/sys/netinet/in_pcb.c#5 integrate
.. //depot/projects/mpsafetty/sys/netinet/in_pcb.h#6 integrate
.. //depot/projects/mpsafetty/sys/sys/sleepqueue.h#3 integrate
.. //depot/projects/mpsafetty/sys/ufs/ffs/ffs_vfsops.c#3 integrate
.. //depot/projects/mpsafetty/usr.bin/units/units.lib#2 integrate
.. //depot/projects/mpsafetty/usr.sbin/pkg_install/Makefile.inc#2 integrate
.. //depot/projects/mpsafetty/usr.sbin/pkg_install/lib/pen.c#2 integrate
Differences ...
==== //depot/projects/mpsafetty/bin/cp/utils.c#2 (text+ko) ====
@@ -33,7 +33,7 @@
#endif
#endif /* not lint */
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/bin/cp/utils.c,v 1.53 2008/03/10 19:58:41 jhb Exp $");
+__FBSDID("$FreeBSD: src/bin/cp/utils.c,v 1.54 2008/08/07 07:29:26 trasz Exp $");
#include <sys/types.h>
#include <sys/acl.h>
@@ -211,7 +211,6 @@
rval = 1;
}
}
- (void)close(from_fd);
/*
* Don't remove the target even after an error. The target might
@@ -231,6 +230,9 @@
rval = 1;
}
}
+
+ (void)close(from_fd);
+
return (rval);
}
==== //depot/projects/mpsafetty/games/fortune/fortune/fortune.6#2 (text+ko) ====
@@ -33,7 +33,7 @@
.\" SUCH DAMAGE.
.\"
.\" @(#)fortune.6 8.3 (Berkeley) 4/19/94
-.\" $FreeBSD: src/games/fortune/fortune/fortune.6,v 1.22 2007/11/07 12:08:03 ru Exp $
+.\" $FreeBSD: src/games/fortune/fortune/fortune.6,v 1.23 2008/08/07 20:07:30 ache Exp $
.\"
.Dd November 7, 2007
.Dt FORTUNE 6
@@ -186,6 +186,7 @@
fortunes)
.El
.Sh SEE ALSO
+.Xr arc4random_uniform 3 ,
.Xr regcomp 3 ,
.Xr regex 3 ,
.Xr strfile 8
==== //depot/projects/mpsafetty/games/fortune/fortune/fortune.c#2 (text+ko) ====
@@ -46,7 +46,7 @@
#endif /* not lint */
#endif
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/games/fortune/fortune/fortune.c,v 1.31 2007/11/07 01:14:28 edwin Exp $");
+__FBSDID("$FreeBSD: src/games/fortune/fortune/fortune.c,v 1.32 2008/08/07 20:02:42 ache Exp $");
# include <sys/stat.h>
# include <sys/endian.h>
@@ -188,7 +188,6 @@
exit(find_matches() != 0);
init_prob();
- srandomdev();
do {
get_fort();
} while ((Short_only && fortlen() > SLEN) ||
@@ -982,7 +981,7 @@
if (File_list->next == NULL || File_list->percent == NO_PROB)
fp = File_list;
else {
- choice = random() % 100;
+ choice = arc4random_uniform(100);
DPRINTF(1, (stderr, "choice = %d\n", choice));
for (fp = File_list; fp->percent != NO_PROB; fp = fp->next)
if (choice < fp->percent)
@@ -1002,7 +1001,7 @@
else {
if (fp->next != NULL) {
sum_noprobs(fp);
- choice = random() % Noprob_tbl.str_numstr;
+ choice = arc4random_uniform(Noprob_tbl.str_numstr);
DPRINTF(1, (stderr, "choice = %d (of %u) \n", choice,
Noprob_tbl.str_numstr));
while (choice >= fp->tbl.str_numstr) {
@@ -1044,7 +1043,7 @@
int choice;
if (Equal_probs) {
- choice = random() % parent->num_children;
+ choice = arc4random_uniform(parent->num_children);
DPRINTF(1, (stderr, " choice = %d (of %d)\n",
choice, parent->num_children));
for (fp = parent->child; choice--; fp = fp->next)
@@ -1054,7 +1053,7 @@
}
else {
get_tbl(parent);
- choice = random() % parent->tbl.str_numstr;
+ choice = arc4random_uniform(parent->tbl.str_numstr);
DPRINTF(1, (stderr, " choice = %d (of %u)\n",
choice, parent->tbl.str_numstr));
for (fp = parent->child; choice >= fp->tbl.str_numstr;
@@ -1143,13 +1142,13 @@
#ifdef OK_TO_WRITE_DISK
if ((fd = open(fp->posfile, 0)) < 0 ||
read(fd, &fp->pos, sizeof fp->pos) != sizeof fp->pos)
- fp->pos = random() % fp->tbl.str_numstr;
+ fp->pos = arc4random_uniform(fp->tbl.str_numstr);
else if (fp->pos >= fp->tbl.str_numstr)
fp->pos %= fp->tbl.str_numstr;
if (fd >= 0)
(void) close(fd);
#else
- fp->pos = random() % fp->tbl.str_numstr;
+ fp->pos = arc4random_uniform(fp->tbl.str_numstr);
#endif /* OK_TO_WRITE_DISK */
}
if (++(fp->pos) >= fp->tbl.str_numstr)
==== //depot/projects/mpsafetty/games/fortune/strfile/strfile.c#2 (text+ko) ====
@@ -46,7 +46,7 @@
#endif /* not lint */
#endif
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/games/fortune/strfile/strfile.c,v 1.29 2008/02/19 07:09:17 ru Exp $");
+__FBSDID("$FreeBSD: src/games/fortune/strfile/strfile.c,v 1.30 2008/08/07 20:05:51 ache Exp $");
# include <sys/param.h>
# include <sys/endian.h>
@@ -447,8 +447,6 @@
off_t tmp;
off_t *sp;
- srandomdev();
-
Tbl.str_flags |= STR_RANDOM;
cnt = Tbl.str_numstr;
@@ -457,7 +455,7 @@
*/
for (sp = Seekpts; cnt > 0; cnt--, sp++) {
- i = random() % cnt;
+ i = arc4random_uniform(cnt);
tmp = sp[0];
sp[0] = sp[i];
sp[i] = tmp;
==== //depot/projects/mpsafetty/gnu/usr.bin/groff/tmac/mdoc.local#2 (text+ko) ====
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD: src/gnu/usr.bin/groff/tmac/mdoc.local,v 1.63 2008/02/23 19:27:54 ru Exp $
+.\" $FreeBSD: src/gnu/usr.bin/groff/tmac/mdoc.local,v 1.64 2008/08/06 14:02:05 dfr Exp $
.\"
.\" %beginstrip%
.
@@ -53,6 +53,7 @@
.ds doc-str-Lb-libmemstat Kernel Memory Allocator Statistics Library (libmemstat, \-lmemstat)
.ds doc-str-Lb-libnetgraph Netgraph User Library (libnetgraph, \-lnetgraph)
.ds doc-str-Lb-libpmc Performance Monitoring Counters Interface Library (libpmc, \-lpmc)
+.ds doc-str-Lb-librpcsec_gss RPC GSS-API Authentication Library (librpcsec_gss, \-lrpcsec_gss)
.ds doc-str-Lb-librpcsvc RPC Service Library (librpcsvc, \-lrpcsvc)
.ds doc-str-Lb-libsdp Bluetooth Service Discovery Protocol User Library (libsdp, \-lsdp)
.ds doc-str-Lb-libthr 1:1 Threading Library (libthr, \-lthr)
==== //depot/projects/mpsafetty/include/complex.h#2 (text+ko) ====
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/include/complex.h,v 1.10 2008/03/30 20:07:15 das Exp $
+ * $FreeBSD: src/include/complex.h,v 1.12 2008/08/07 15:07:48 das Exp $
*/
#ifndef _COMPLEX_H
@@ -48,16 +48,21 @@
long double cabsl(long double complex);
double carg(double complex);
float cargf(float complex);
-double cimag(double complex);
-float cimagf(float complex);
-long double cimagl(long double complex);
-double complex conj(double complex);
-float complex conjf(float complex);
+long double cargl(long double complex);
+double cimag(double complex) __pure2;
+float cimagf(float complex) __pure2;
+long double cimagl(long double complex) __pure2;
+double complex conj(double complex) __pure2;
+float complex conjf(float complex) __pure2;
+long double complex
+ conjl(long double complex) __pure2;
+float complex cprojf(float complex) __pure2;
+double complex cproj(double complex) __pure2;
long double complex
- conjl(long double complex);
-double creal(double complex);
-float crealf(float complex);
-long double creall(long double complex);
+ cprojl(long double complex) __pure2;
+double creal(double complex) __pure2;
+float crealf(float complex) __pure2;
+long double creall(long double complex) __pure2;
double complex csqrt(double complex);
float complex csqrtf(float complex);
long double complex
==== //depot/projects/mpsafetty/include/gssapi/gssapi.h#2 (text+ko) ====
@@ -25,7 +25,7 @@
* HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
* MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
- * $FreeBSD: src/include/gssapi/gssapi.h,v 1.4 2008/05/16 02:06:10 dfr Exp $
+ * $FreeBSD: src/include/gssapi/gssapi.h,v 1.5 2008/08/06 14:02:05 dfr Exp $
*/
#ifndef _GSSAPI_GSSAPI_H_
@@ -837,6 +837,15 @@
gss_buffer_t /* buffer for result */
);
+#ifdef _UID_T_DECLARED
+OM_uint32 gss_pname_to_uid
+ (OM_uint32 *, /* minor status */
+ const gss_name_t pname, /* principal name */
+ const gss_OID mech, /* mechanism to query */
+ uid_t *uidp /* pointer to UID for result */
+ );
+#endif
+
__END_DECLS
#endif /* _GSSAPI_GSSAPI_H_ */
==== //depot/projects/mpsafetty/include/rpc/Makefile#2 (text+ko) ====
@@ -1,5 +1,5 @@
# from: @(#)Makefile 2.3 88/08/11 4.0 RPCSRC
-# $FreeBSD: src/include/rpc/Makefile,v 1.3 2007/04/10 22:10:16 pjd Exp $
+# $FreeBSD: src/include/rpc/Makefile,v 1.4 2008/08/06 14:02:05 dfr Exp $
.SUFFIXES: .x
@@ -11,7 +11,7 @@
HFILES= auth.h auth_unix.h clnt.h clnt_soc.h clnt_stat.h \
nettype.h pmap_clnt.h pmap_prot.h pmap_rmt.h raw.h \
- rpc.h rpc_msg.h rpcb_clnt.h rpcent.h rpc_com.h \
+ rpc.h rpc_msg.h rpcb_clnt.h rpcent.h rpc_com.h rpcsec_gss.h \
svc.h svc_auth.h svc_soc.h svc_dg.h xdr.h
# Secure RPC
==== //depot/projects/mpsafetty/include/rpc/auth.h#2 (text+ko) ====
@@ -31,7 +31,7 @@
* from: @(#)auth.h 1.17 88/02/08 SMI
* from: @(#)auth.h 2.3 88/08/07 4.0 RPCSRC
* from: @(#)auth.h 1.43 98/02/02 SMI
- * $FreeBSD: src/include/rpc/auth.h,v 1.21 2006/02/28 16:02:26 deischen Exp $
+ * $FreeBSD: src/include/rpc/auth.h,v 1.22 2008/08/06 14:02:05 dfr Exp $
*/
/*
@@ -132,7 +132,7 @@
* failed locally
*/
AUTH_INVALIDRESP=6, /* bogus response verifier */
- AUTH_FAILED=7 /* some unknown reason */
+ AUTH_FAILED=7, /* some unknown reason */
#ifdef KERBEROS
/*
* kerberos errors
@@ -142,8 +142,14 @@
AUTH_TIMEEXPIRE = 9, /* time of credential expired */
AUTH_TKT_FILE = 10, /* something wrong with ticket file */
AUTH_DECODE = 11, /* can't decode authenticator */
- AUTH_NET_ADDR = 12 /* wrong net address in ticket */
+ AUTH_NET_ADDR = 12, /* wrong net address in ticket */
#endif /* KERBEROS */
+ /*
+ * RPCSEC_GSS errors
+ */
+ RPCSEC_GSS_CREDPROBLEM = 13,
+ RPCSEC_GSS_CTXPROBLEM = 14,
+ RPCSEC_GSS_NODISPATCH = 0x8000000
};
union des_block {
@@ -352,5 +358,13 @@
#define AUTH_DH 3 /* for Diffie-Hellman mechanism */
#define AUTH_DES AUTH_DH /* for backward compatibility */
#define AUTH_KERB 4 /* kerberos style */
+#define RPCSEC_GSS 6 /* RPCSEC_GSS */
+
+/*
+ * Pseudo auth flavors for RPCSEC_GSS.
+ */
+#define RPCSEC_GSS_KRB5 390003
+#define RPCSEC_GSS_KRB5I 390004
+#define RPCSEC_GSS_KRB5P 390005
#endif /* !_RPC_AUTH_H */
==== //depot/projects/mpsafetty/include/rpc/svc.h#2 (text+ko) ====
@@ -30,7 +30,7 @@
*
* from: @(#)svc.h 1.35 88/12/17 SMI
* from: @(#)svc.h 1.27 94/04/25 SMI
- * $FreeBSD: src/include/rpc/svc.h,v 1.24 2003/06/15 10:32:01 mbr Exp $
+ * $FreeBSD: src/include/rpc/svc.h,v 1.25 2008/08/06 14:02:05 dfr Exp $
*/
/*
@@ -127,6 +127,27 @@
} SVCXPRT;
/*
+ * Interface to server-side authentication flavors.
+ */
+typedef struct __rpc_svcauth {
+ struct svc_auth_ops {
+ int (*svc_ah_wrap)(struct __rpc_svcauth *, XDR *,
+ xdrproc_t, caddr_t);
+ int (*svc_ah_unwrap)(struct __rpc_svcauth *, XDR *,
+ xdrproc_t, caddr_t);
+ } *svc_ah_ops;
+ void *svc_ah_private;
+} SVCAUTH;
+
+/*
+ * Server transport extensions (accessed via xp_p3).
+ */
+typedef struct __rpc_svcxprt_ext {
+ int xp_flags; /* versquiet */
+ SVCAUTH xp_auth; /* interface to auth methods */
+} SVCXPRT_EXT;
+
+/*
* Service request
*/
struct svc_req {
@@ -184,6 +205,20 @@
#define SVC_CONTROL(xprt, rq, in) \
(*(xprt)->xp_ops2->xp_control)((xprt), (rq), (in))
+#define SVC_EXT(xprt) \
+ ((SVCXPRT_EXT *) xprt->xp_p3)
+
+#define SVC_AUTH(xprt) \
+ (SVC_EXT(xprt)->xp_auth)
+
+/*
+ * Operations defined on an SVCAUTH handle
+ */
+#define SVCAUTH_WRAP(auth, xdrs, xfunc, xwhere) \
+ ((auth)->svc_ah_ops->svc_ah_wrap(auth, xdrs, xfunc, xwhere))
+#define SVCAUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \
+ ((auth)->svc_ah_ops->svc_ah_unwrap(auth, xdrs, xfunc, xwhere))
+
/*
* Service registration
*
@@ -298,6 +333,12 @@
#endif /* def FD_SETSIZE */
/*
+ * A set of null auth methods used by any authentication protocols
+ * that don't need to inspect or modify the message body.
+ */
+extern SVCAUTH _svc_auth_null;
+
+/*
* a small program implemented by the svc_rpc implementation itself;
* also see clnt.h for protocol numbers.
*/
@@ -306,6 +347,8 @@
__END_DECLS
__BEGIN_DECLS
+extern SVCXPRT *svc_xprt_alloc(void);
+extern void svc_xprt_free(SVCXPRT *);
extern void svc_getreq(int);
extern void svc_getreqset(fd_set *);
extern void svc_getreq_common(int);
==== //depot/projects/mpsafetty/kerberos5/lib/libgssapi_krb5/Makefile#2 (text+ko) ====
@@ -1,4 +1,4 @@
-# $FreeBSD: src/kerberos5/lib/libgssapi_krb5/Makefile,v 1.1 2008/05/07 13:53:03 dfr Exp $
+# $FreeBSD: src/kerberos5/lib/libgssapi_krb5/Makefile,v 1.2 2008/08/06 14:02:05 dfr Exp $
LIB= gssapi_krb5
LDFLAGS= -Wl,-Bsymbolic
@@ -46,6 +46,7 @@
inquire_mechs_for_name.c \
inquire_names_for_mech.c \
inquire_sec_context_by_oid.c \
+ pname_to_uid.c \
prefix.c \
prf.c \
process_context_token.c \
==== //depot/projects/mpsafetty/lib/Makefile#2 (text+ko) ====
@@ -1,5 +1,5 @@
# @(#)Makefile 8.1 (Berkeley) 6/4/93
-# $FreeBSD: src/lib/Makefile,v 1.231 2008/05/25 22:11:23 rwatson Exp $
+# $FreeBSD: src/lib/Makefile,v 1.232 2008/08/06 14:02:05 dfr Exp $
.include <bsd.own.mk>
@@ -22,6 +22,7 @@
# libtacplus must be built before libpam.
# libutil must be built before libpam.
# libypclnt must be built before libpam.
+# libgssapi must be built before librpcsec_gss
#
# Otherwise, the SUBDIR list should be in alphabetical order.
@@ -31,7 +32,7 @@
libbegemot ${_libbluetooth} libbsnmp libbz2 \
libcalendar libcam libcompat libdevinfo libdevstat libdisk \
libdwarf libedit libexpat libfetch libftpio libgeom ${_libgpib} \
- ${_libgssapi} libipsec \
+ ${_libgssapi} ${_librpcsec_gss} libipsec \
${_libipx} libkiconv libmagic libmemstat ${_libmilter} ${_libmp} \
${_libncp} ${_libngatm} libopie libpam libpcap \
libpmc libproc librt ${_libsdp} ${_libsm} ${_libsmb} \
@@ -62,6 +63,7 @@
.if ${MK_GSSAPI} != "no"
_libgssapi= libgssapi
+_librpcsec_gss= librpcsec_gss
.endif
.if ${MK_IPX} != "no"
==== //depot/projects/mpsafetty/lib/libc/rpc/Makefile.inc#2 (text+ko) ====
@@ -1,5 +1,5 @@
# @(#)Makefile 5.11 (Berkeley) 9/6/90
-# $FreeBSD: src/lib/libc/rpc/Makefile.inc,v 1.28 2006/03/13 01:14:59 deischen Exp $
+# $FreeBSD: src/lib/libc/rpc/Makefile.inc,v 1.29 2008/08/06 14:02:05 dfr Exp $
.PATH: ${.CURDIR}/rpc ${.CURDIR}/.
SRCS+= auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
@@ -8,8 +8,9 @@
getrpcport.c mt_misc.c pmap_clnt.c pmap_getmaps.c pmap_getport.c \
pmap_prot.c pmap_prot2.c pmap_rmt.c rpc_prot.c rpc_commondata.c \
rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
- rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_generic.c \
- svc_raw.c svc_run.c svc_simple.c svc_vc.c
+ rpcb_st_xdr.c rpcsec_gss_stub.c svc.c svc_auth.c svc_dg.c \
+ svc_auth_unix.c svc_generic.c svc_raw.c svc_run.c svc_simple.c \
+ svc_vc.c
# Secure-RPC
SRCS+= auth_time.c auth_des.c authdes_prot.c des_crypt.c des_soft.c \
==== //depot/projects/mpsafetty/lib/libc/rpc/Symbol.map#2 (text) ====
@@ -1,5 +1,5 @@
/*
- * $FreeBSD: src/lib/libc/rpc/Symbol.map,v 1.3 2007/05/31 13:01:34 deischen Exp $
+ * $FreeBSD: src/lib/libc/rpc/Symbol.map,v 1.4 2008/08/06 14:02:05 dfr Exp $
*/
FBSD_1.0 {
@@ -244,4 +244,8 @@
* Remove this hack if rpcinfo stops building with it.
*/
__svc_clean_idle;
+ __rpc_gss_unwrap;
+ __rpc_gss_unwrap_stub;
+ __rpc_gss_wrap;
+ __rpc_gss_wrap_stub;
};
==== //depot/projects/mpsafetty/lib/libc/rpc/clnt_dg.c#2 (text+ko) ====
@@ -37,7 +37,7 @@
static char sccsid[] = "@(#)clnt_dg.c 1.19 89/03/16 Copyr 1988 Sun Micro";
#endif
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/lib/libc/rpc/clnt_dg.c,v 1.19 2007/03/04 12:25:03 simon Exp $");
+__FBSDID("$FreeBSD: src/lib/libc/rpc/clnt_dg.c,v 1.20 2008/08/06 14:02:05 dfr Exp $");
/*
* Implements a connectionless client side RPC.
@@ -52,6 +52,7 @@
#include <sys/ioctl.h>
#include <arpa/inet.h>
#include <rpc/rpc.h>
+#include <rpc/rpcsec_gss.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
@@ -113,6 +114,8 @@
/* VARIABLES PROTECTED BY clnt_fd_lock: dg_fd_locks, dg_cv */
+#define MCALL_MSG_SIZE 24
+
/*
* Private data kept per client handle
*/
@@ -127,6 +130,7 @@
XDR cu_outxdrs;
u_int cu_xdrpos;
u_int cu_sendsz; /* send size */
+ char cu_outhdr[MCALL_MSG_SIZE];
char *cu_outbuf;
u_int cu_recvsz; /* recv size */
int cu_async;
@@ -253,13 +257,16 @@
call_msg.rm_xid = __RPC_GETXID(&now);
call_msg.rm_call.cb_prog = program;
call_msg.rm_call.cb_vers = version;
- xdrmem_create(&(cu->cu_outxdrs), cu->cu_outbuf, sendsz, XDR_ENCODE);
- if (! xdr_callhdr(&(cu->cu_outxdrs), &call_msg)) {
+ xdrmem_create(&(cu->cu_outxdrs), cu->cu_outhdr, MCALL_MSG_SIZE,
+ XDR_ENCODE);
+ if (! xdr_callhdr(&cu->cu_outxdrs, &call_msg)) {
rpc_createerr.cf_stat = RPC_CANTENCODEARGS; /* XXX */
rpc_createerr.cf_error.re_errno = 0;
goto err2;
}
cu->cu_xdrpos = XDR_GETPOS(&(cu->cu_outxdrs));
+ XDR_DESTROY(&cu->cu_outxdrs);
+ xdrmem_create(&cu->cu_outxdrs, cu->cu_outbuf, sendsz, XDR_ENCODE);
/* XXX fvdl - do we still want this? */
#if 0
@@ -312,6 +319,7 @@
XDR reply_xdrs;
bool_t ok;
int nrefreshes = 2; /* number of times to refresh cred */
+ int nretries = 0; /* number of times we retransmitted */
struct timeval timeout;
struct timeval retransmit_time;
struct timeval next_sendtime, starttime, time_waited, tv;
@@ -375,25 +383,37 @@
kin_len = 1;
call_again:
- xdrs = &(cu->cu_outxdrs);
- if (cu->cu_async == TRUE && xargs == NULL)
- goto get_reply;
- xdrs->x_op = XDR_ENCODE;
- XDR_SETPOS(xdrs, cu->cu_xdrpos);
/*
* the transaction is the first thing in the out buffer
* XXX Yes, and it's in network byte order, so we should to
* be careful when we increment it, shouldn't we.
*/
- xid = ntohl(*(u_int32_t *)(void *)(cu->cu_outbuf));
+ xid = ntohl(*(u_int32_t *)(void *)(cu->cu_outhdr));
xid++;
- *(u_int32_t *)(void *)(cu->cu_outbuf) = htonl(xid);
+ *(u_int32_t *)(void *)(cu->cu_outhdr) = htonl(xid);
+call_again_same_xid:
+ xdrs = &(cu->cu_outxdrs);
+ if (cu->cu_async == TRUE && xargs == NULL)
+ goto get_reply;
+ xdrs->x_op = XDR_ENCODE;
+ XDR_SETPOS(xdrs, 0);
- if ((! XDR_PUTINT32(xdrs, &proc)) ||
- (! AUTH_MARSHALL(cl->cl_auth, xdrs)) ||
- (! (*xargs)(xdrs, argsp))) {
- cu->cu_error.re_status = RPC_CANTENCODEARGS;
- goto out;
+ if (cl->cl_auth->ah_cred.oa_flavor != RPCSEC_GSS) {
+ if ((! XDR_PUTBYTES(xdrs, cu->cu_outhdr, cu->cu_xdrpos)) ||
+ (! XDR_PUTINT32(xdrs, &proc)) ||
+ (! AUTH_MARSHALL(cl->cl_auth, xdrs)) ||
+ (! (*xargs)(xdrs, argsp))) {
+ cu->cu_error.re_status = RPC_CANTENCODEARGS;
+ goto out;
+ }
+ } else {
+ *(uint32_t *) &cu->cu_outhdr[cu->cu_xdrpos] = htonl(proc);
+ if (!__rpc_gss_wrap(cl->cl_auth, cu->cu_outhdr,
+ cu->cu_xdrpos + sizeof(uint32_t),
+ xdrs, xargs, argsp)) {
+ cu->cu_error.re_status = RPC_CANTENCODEARGS;
+ goto out;
+ }
}
outlen = (size_t)XDR_GETPOS(xdrs);
@@ -420,8 +440,13 @@
* (We assume that this is actually only executed once.)
*/
reply_msg.acpted_rply.ar_verf = _null_auth;
- reply_msg.acpted_rply.ar_results.where = resultsp;
- reply_msg.acpted_rply.ar_results.proc = xresults;
+ if (cl->cl_auth->ah_cred.oa_flavor != RPCSEC_GSS) {
+ reply_msg.acpted_rply.ar_results.where = resultsp;
+ reply_msg.acpted_rply.ar_results.proc = xresults;
+ } else {
+ reply_msg.acpted_rply.ar_results.where = NULL;
+ reply_msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_void;
+ }
for (;;) {
/* Decide how long to wait. */
@@ -483,7 +508,17 @@
&retransmit_time);
timeradd(&next_sendtime, &retransmit_time,
&next_sendtime);
- goto send_again;
+ nretries++;
+
+ /*
+ * When retransmitting a RPCSEC_GSS message,
+ * we must use a new sequence number (handled
+ * by __rpc_gss_wrap above).
+ */
+ if (cl->cl_auth->ah_cred.oa_flavor != RPCSEC_GSS)
+ goto send_again;
+ else
+ goto call_again_same_xid;
}
}
inlen = (socklen_t)recvlen;
@@ -505,8 +540,37 @@
if (cu->cu_error.re_status == RPC_SUCCESS) {
if (! AUTH_VALIDATE(cl->cl_auth,
&reply_msg.acpted_rply.ar_verf)) {
+ if (nretries &&
+ cl->cl_auth->ah_cred.oa_flavor
+ == RPCSEC_GSS)
+ /*
+ * If we retransmitted, its
+ * possible that we will
+ * receive a reply for one of
+ * the earlier transmissions
+ * (which will use an older
+ * RPCSEC_GSS sequence
+ * number). In this case, just
+ * go back and listen for a
+ * new reply. We could keep a
+ * record of all the seq
+ * numbers we have transmitted
+ * so far so that we could
+ * accept a reply for any of
+ * them here.
+ */
+ goto get_reply;
cu->cu_error.re_status = RPC_AUTHERROR;
cu->cu_error.re_why = AUTH_INVALIDRESP;
+ } else {
+ if (cl->cl_auth->ah_cred.oa_flavor
+ == RPCSEC_GSS) {
+ if (!__rpc_gss_unwrap(cl->cl_auth,
+ &reply_xdrs, xresults,
+ resultsp))
+ cu->cu_error.re_status =
+ RPC_CANTDECODERES;
+ }
}
if (reply_msg.acpted_rply.ar_verf.oa_base != NULL) {
xdrs->x_op = XDR_FREE;
@@ -670,12 +734,12 @@
* This will get the xid of the PREVIOUS call
*/
*(u_int32_t *)info =
- ntohl(*(u_int32_t *)(void *)cu->cu_outbuf);
+ ntohl(*(u_int32_t *)(void *)cu->cu_outhdr);
break;
case CLSET_XID:
/* This will set the xid of the NEXT call */
- *(u_int32_t *)(void *)cu->cu_outbuf =
+ *(u_int32_t *)(void *)cu->cu_outhdr =
htonl(*(u_int32_t *)info - 1);
/* decrement by 1 as clnt_dg_call() increments once */
break;
@@ -688,12 +752,12 @@
* call_struct is changed
*/
*(u_int32_t *)info =
- ntohl(*(u_int32_t *)(void *)(cu->cu_outbuf +
+ ntohl(*(u_int32_t *)(void *)(cu->cu_outhdr +
4 * BYTES_PER_XDR_UNIT));
break;
case CLSET_VERS:
- *(u_int32_t *)(void *)(cu->cu_outbuf + 4 * BYTES_PER_XDR_UNIT)
+ *(u_int32_t *)(void *)(cu->cu_outhdr + 4 * BYTES_PER_XDR_UNIT)
= htonl(*(u_int32_t *)info);
break;
@@ -705,12 +769,12 @@
* call_struct is changed
*/
*(u_int32_t *)info =
- ntohl(*(u_int32_t *)(void *)(cu->cu_outbuf +
+ ntohl(*(u_int32_t *)(void *)(cu->cu_outhdr +
3 * BYTES_PER_XDR_UNIT));
break;
case CLSET_PROG:
- *(u_int32_t *)(void *)(cu->cu_outbuf + 3 * BYTES_PER_XDR_UNIT)
+ *(u_int32_t *)(void *)(cu->cu_outhdr + 3 * BYTES_PER_XDR_UNIT)
= htonl(*(u_int32_t *)info);
break;
case CLSET_ASYNC:
==== //depot/projects/mpsafetty/lib/libc/rpc/clnt_perror.c#2 (text+ko) ====
@@ -35,7 +35,7 @@
static char *sccsid = "@(#)clnt_perror.c 2.1 88/07/29 4.0 RPCSRC";
#endif
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/lib/libc/rpc/clnt_perror.c,v 1.17 2004/10/16 06:11:34 obrien Exp $");
+__FBSDID("$FreeBSD: src/lib/libc/rpc/clnt_perror.c,v 1.18 2008/08/06 14:02:05 dfr Exp $");
/*
* clnt_perror.c
@@ -309,7 +309,14 @@
"Server rejected verifier", /* 4 - AUTH_REJECTEDVERF */
"Client credential too weak", /* 5 - AUTH_TOOWEAK */
"Invalid server verifier", /* 6 - AUTH_INVALIDRESP */
- "Failed (unspecified error)" /* 7 - AUTH_FAILED */
+ "Failed (unspecified error)", /* 7 - AUTH_FAILED */
+ "Kerberos generic error", /* 8 - AUTH_KERB_GENERIC*/
+ "Kerberos credential expired", /* 9 - AUTH_TIMEEXPIRE */
+ "Bad kerberos ticket file", /* 10 - AUTH_TKT_FILE */
+ "Can't decode kerberos authenticator", /* 11 - AUTH_DECODE */
+ "Address wrong in kerberos ticket", /* 12 - AUTH_NET_ADDR */
+ "GSS-API crediential problem", /* 13 - RPCSEC_GSS_CREDPROBLEM */
+ "GSS-API context problem" /* 14 - RPCSEC_GSS_CTXPROBLEM */
};
static char *
==== //depot/projects/mpsafetty/lib/libc/rpc/clnt_vc.c#2 (text+ko) ====
@@ -35,7 +35,7 @@
static char sccsid3[] = "@(#)clnt_vc.c 1.19 89/03/16 Copyr 1988 Sun Micro";
#endif
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/lib/libc/rpc/clnt_vc.c,v 1.20 2006/09/09 22:18:57 mbr Exp $");
+__FBSDID("$FreeBSD: src/lib/libc/rpc/clnt_vc.c,v 1.21 2008/08/06 14:02:05 dfr Exp $");
/*
* clnt_tcp.c, Implements a TCP/IP based, client side RPC.
@@ -77,6 +77,7 @@
#include <signal.h>
#include <rpc/rpc.h>
+#include <rpc/rpcsec_gss.h>
#include "un-namespace.h"
#include "rpc_com.h"
#include "mt_misc.h"
@@ -285,6 +286,7 @@
}
ct->ct_mpos = XDR_GETPOS(&(ct->ct_xdrs));
XDR_DESTROY(&(ct->ct_xdrs));
+ assert(ct->ct_mpos + sizeof(uint32_t) <= MCALL_MSG_SIZE);
/*
* Create a client handle which uses xdrrec for serialization
@@ -331,6 +333,7 @@
int refreshes = 2;
sigset_t mask, newmask;
int rpc_lock_value;
+ bool_t reply_stat;
assert(cl != NULL);
@@ -360,15 +363,28 @@
ct->ct_error.re_status = RPC_SUCCESS;
x_id = ntohl(--(*msg_x_id));
- if ((! XDR_PUTBYTES(xdrs, ct->ct_u.ct_mcallc, ct->ct_mpos)) ||
- (! XDR_PUTINT32(xdrs, &proc)) ||
- (! AUTH_MARSHALL(cl->cl_auth, xdrs)) ||
- (! (*xdr_args)(xdrs, args_ptr))) {
- if (ct->ct_error.re_status == RPC_SUCCESS)
- ct->ct_error.re_status = RPC_CANTENCODEARGS;
- (void)xdrrec_endofrecord(xdrs, TRUE);
- release_fd_lock(ct->ct_fd, mask);
- return (ct->ct_error.re_status);
+ if (cl->cl_auth->ah_cred.oa_flavor != RPCSEC_GSS) {
+ if ((! XDR_PUTBYTES(xdrs, ct->ct_u.ct_mcallc, ct->ct_mpos)) ||
+ (! XDR_PUTINT32(xdrs, &proc)) ||
+ (! AUTH_MARSHALL(cl->cl_auth, xdrs)) ||
+ (! (*xdr_args)(xdrs, args_ptr))) {
+ if (ct->ct_error.re_status == RPC_SUCCESS)
+ ct->ct_error.re_status = RPC_CANTENCODEARGS;
+ (void)xdrrec_endofrecord(xdrs, TRUE);
+ release_fd_lock(ct->ct_fd, mask);
+ return (ct->ct_error.re_status);
+ }
+ } else {
+ *(uint32_t *) &ct->ct_u.ct_mcallc[ct->ct_mpos] = htonl(proc);
+ if (! __rpc_gss_wrap(cl->cl_auth, ct->ct_u.ct_mcallc,
+ ct->ct_mpos + sizeof(uint32_t),
+ xdrs, xdr_args, args_ptr)) {
+ if (ct->ct_error.re_status == RPC_SUCCESS)
+ ct->ct_error.re_status = RPC_CANTENCODEARGS;
+ (void)xdrrec_endofrecord(xdrs, TRUE);
+ release_fd_lock(ct->ct_fd, mask);
+ return (ct->ct_error.re_status);
+ }
}
if (! xdrrec_endofrecord(xdrs, shipnow)) {
release_fd_lock(ct->ct_fd, mask);
@@ -419,9 +435,18 @@
&reply_msg.acpted_rply.ar_verf)) {
ct->ct_error.re_status = RPC_AUTHERROR;
ct->ct_error.re_why = AUTH_INVALIDRESP;
- } else if (! (*xdr_results)(xdrs, results_ptr)) {
- if (ct->ct_error.re_status == RPC_SUCCESS)
- ct->ct_error.re_status = RPC_CANTDECODERES;
+ } else {
+ if (cl->cl_auth->ah_cred.oa_flavor != RPCSEC_GSS) {
+ reply_stat = (*xdr_results)(xdrs, results_ptr);
+ } else {
+ reply_stat = __rpc_gss_unwrap(cl->cl_auth,
+ xdrs, xdr_results, results_ptr);
+ }
+ if (! reply_stat) {
+ if (ct->ct_error.re_status == RPC_SUCCESS)
+ ct->ct_error.re_status =
+ RPC_CANTDECODERES;
+ }
}
/* free verifier ... */
if (reply_msg.acpted_rply.ar_verf.oa_base != NULL) {
==== //depot/projects/mpsafetty/lib/libc/rpc/svc.c#2 (text+ko) ====
@@ -34,7 +34,7 @@
static char *sccsid = "@(#)svc.c 2.4 88/08/11 4.0 RPCSRC";
#endif
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/lib/libc/rpc/svc.c,v 1.24 2006/02/27 22:10:59 deischen Exp $");
+__FBSDID("$FreeBSD: src/lib/libc/rpc/svc.c,v 1.25 2008/08/06 14:02:05 dfr Exp $");
/*
* svc.c, Server-side remote procedure call interface.
@@ -67,7 +67,7 @@
#define RQCRED_SIZE 400 /* this size is excessive */
#define SVC_VERSQUIET 0x0001 /* keep quiet about vers mismatch */
-#define version_keepquiet(xp) ((u_long)(xp)->xp_p3 & SVC_VERSQUIET)
+#define version_keepquiet(xp) (SVC_EXT(xp)->xp_flags & SVC_VERSQUIET)
#define max(a, b) (a > b ? a : b)
@@ -452,20 +452,16 @@
__svc_versquiet_on(xprt)
SVCXPRT *xprt;
{
- u_long tmp;
- tmp = ((u_long) xprt->xp_p3) | SVC_VERSQUIET;
- xprt->xp_p3 = tmp;
+ SVC_EXT(xprt)->xp_flags |= SVC_VERSQUIET;
}
void
__svc_versquiet_off(xprt)
SVCXPRT *xprt;
{
- u_long tmp;
- tmp = ((u_long) xprt->xp_p3) & ~SVC_VERSQUIET;
- xprt->xp_p3 = tmp;
+ SVC_EXT(xprt)->xp_flags &= ~SVC_VERSQUIET;
}
void
@@ -479,7 +475,8 @@
__svc_versquiet_get(xprt)
SVCXPRT *xprt;
{
- return ((int) xprt->xp_p3) & SVC_VERSQUIET;
+
+ return (SVC_EXT(xprt)->xp_flags & SVC_VERSQUIET);
}
#endif
@@ -555,6 +552,39 @@
SVC_REPLY(xprt, &rply);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list