Blame SOURCES/libtirpc-0.2.4-svc-gss-memleaks.patch

b39f54
diff --git a/src/svc.c b/src/svc.c
b39f54
index 08cd6c9..8afd15d 100644
b39f54
--- a/src/svc.c
b39f54
+++ b/src/svc.c
b39f54
@@ -649,6 +649,7 @@ svc_getreq_common (fd)
b39f54
     {
b39f54
       if (SVC_RECV (xprt, &msg))
b39f54
 	{
b39f54
+	  bool_t no_dispatch;
b39f54
 
b39f54
 	  /* now find the exported program and call it */
b39f54
 	  struct svc_callout *s;
b39f54
@@ -660,11 +661,14 @@ svc_getreq_common (fd)
b39f54
 	  r.rq_proc = msg.rm_call.cb_proc;
b39f54
 	  r.rq_cred = msg.rm_call.cb_cred;
b39f54
 	  /* first authenticate the message */
b39f54
-	  if ((why = _authenticate (&r, &msg)) != AUTH_OK)
b39f54
+	  why = _gss_authenticate(&r, &msg, &no_dispatch);
b39f54
+	  if (why != AUTH_OK)
b39f54
 	    {
b39f54
 	      svcerr_auth (xprt, why);
b39f54
 	      goto call_done;
b39f54
 	    }
b39f54
+	  if (no_dispatch)
b39f54
+	    goto call_done;
b39f54
 	  /* now match message with a registered service */
b39f54
 	  prog_found = FALSE;
b39f54
 	  low_vers = (rpcvers_t) - 1L;
b39f54
diff --git a/src/svc_auth.c b/src/svc_auth.c
b39f54
index e80d5f9..31241c9 100644
b39f54
--- a/src/svc_auth.c
b39f54
+++ b/src/svc_auth.c
b39f54
@@ -82,9 +82,10 @@ static struct authsvc *Auths = NULL;
b39f54
  * invalid.
b39f54
  */
b39f54
 enum auth_stat
b39f54
-_authenticate(rqst, msg)
b39f54
+_gss_authenticate(rqst, msg, no_dispatch)
b39f54
 	struct svc_req *rqst;
b39f54
 	struct rpc_msg *msg;
b39f54
+	bool_t *no_dispatch;
b39f54
 {
b39f54
 	int cred_flavor;
b39f54
 	struct authsvc *asp;
b39f54
@@ -97,6 +98,7 @@ _authenticate(rqst, msg)
b39f54
 	rqst->rq_xprt->xp_verf.oa_flavor = _null_auth.oa_flavor;
b39f54
 	rqst->rq_xprt->xp_verf.oa_length = 0;
b39f54
 	cred_flavor = rqst->rq_cred.oa_flavor;
b39f54
+	*no_dispatch = FALSE;
b39f54
 	switch (cred_flavor) {
b39f54
 	case AUTH_NONE:
b39f54
 		dummy = _svcauth_none(rqst, msg);
b39f54
@@ -112,6 +114,11 @@ _authenticate(rqst, msg)
b39f54
 		dummy = _svcauth_des(rqst, msg);
b39f54
 		return (dummy);
b39f54
 #endif
b39f54
+#ifdef HAVE_RPCSEC_GSS
b39f54
+	case RPCSEC_GSS:
b39f54
+		dummy = _svcauth_gss(rqst, msg, no_dispatch);
b39f54
+		return (dummy);
b39f54
+#endif
b39f54
 	default:
b39f54
 		break;
b39f54
 	}
b39f54
@@ -132,6 +139,13 @@ _authenticate(rqst, msg)
b39f54
 	return (AUTH_REJECTEDCRED);
b39f54
 }
b39f54
 
b39f54
+enum auth_stat
b39f54
+_authenticate(struct svc_req *rqst, struct rpc_msg *msg)
b39f54
+{
b39f54
+	bool_t no_dispatch;
b39f54
+	return _gss_authenticate(rqst, msg, &no_dispatch);
b39f54
+}
b39f54
+
b39f54
 /*
b39f54
  *  Allow the rpc service to register new authentication types that it is
b39f54
  *  prepared to handle.  When an authentication flavor is registered,
b39f54
@@ -161,6 +175,9 @@ svc_auth_reg(cred_flavor, handler)
b39f54
 #ifdef DES_BUILTIN
b39f54
 	    case AUTH_DES:
b39f54
 #endif
b39f54
+#ifdef HAVE_RPCSEC_GSS
b39f54
+	    case RPCSEC_GSS:
b39f54
+#endif
b39f54
 		/* already registered */
b39f54
 		return (1);
b39f54
 
b39f54
diff --git a/src/svc_auth_gss.c b/src/svc_auth_gss.c
b39f54
index 3a3c980..7376107 100644
b39f54
--- a/src/svc_auth_gss.c
b39f54
+++ b/src/svc_auth_gss.c
b39f54
@@ -116,6 +116,7 @@ svcauth_gss_import_name(char *service)
b39f54
 	gss_name_t	name;
b39f54
 	gss_buffer_desc	namebuf;
b39f54
 	OM_uint32	maj_stat, min_stat;
b39f54
+	bool_t		result;
b39f54
 
b39f54
 	gss_log_debug("in svcauth_gss_import_name()");
b39f54
 
b39f54
@@ -130,11 +131,9 @@ svcauth_gss_import_name(char *service)
b39f54
 			maj_stat, min_stat);
b39f54
 		return (FALSE);
b39f54
 	}
b39f54
-	if (svcauth_gss_set_svc_name(name) != TRUE) {
b39f54
-		gss_release_name(&min_stat, &name);
b39f54
-		return (FALSE);
b39f54
-	}
b39f54
-	return (TRUE);
b39f54
+	result = svcauth_gss_set_svc_name(name);
b39f54
+	gss_release_name(&min_stat, &name);
b39f54
+	return result;
b39f54
 }
b39f54
 
b39f54
 static bool_t
b39f54
@@ -211,6 +210,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
b39f54
 					      NULL,
b39f54
 					      NULL);
b39f54
 
b39f54
+	 xdr_free((xdrproc_t)xdr_rpc_gss_init_args, (caddr_t)&recv_tok);
b39f54
+
b39f54
 	if (gr->gr_major != GSS_S_COMPLETE &&
b39f54
 	    gr->gr_major != GSS_S_CONTINUE_NEEDED) {
b39f54
 		gss_log_status("svcauth_gss_accept_sec_context: accept_sec_context",
b39f54
@@ -279,8 +280,11 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
b39f54
 			return (FALSE);
b39f54
 
b39f54
 		rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
b39f54
-		rqst->rq_xprt->xp_verf.oa_base = checksum.value;
b39f54
+		memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value,
b39f54
+			checksum.length);
b39f54
 		rqst->rq_xprt->xp_verf.oa_length = checksum.length;
b39f54
+
b39f54
+		gss_release_buffer(&min_stat, &checksum);
b39f54
 	}
b39f54
 	return (TRUE);
b39f54
 }
b39f54
@@ -363,10 +367,13 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
b39f54
 			maj_stat, min_stat);
b39f54
 		return (FALSE);
b39f54
 	}
b39f54
+
b39f54
 	rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
b39f54
-	rqst->rq_xprt->xp_verf.oa_base = (caddr_t)checksum.value;
b39f54
+	memcpy(rqst->rq_xprt->xp_verf.oa_base, checksum.value, checksum.length);
b39f54
 	rqst->rq_xprt->xp_verf.oa_length = (u_int)checksum.length;
b39f54
 
b39f54
+	gss_release_buffer(&min_stat, &checksum);
b39f54
+
b39f54
 	return (TRUE);
b39f54
 }
b39f54
 
b39f54
@@ -379,8 +386,10 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
b39f54
 	struct rpc_gss_cred	*gc;
b39f54
 	struct rpc_gss_init_res	 gr;
b39f54
 	int			 call_stat, offset;
b39f54
+	enum auth_stat           result = AUTH_OK;
b39f54
+	OM_uint32		 min_stat;
b39f54
 
b39f54
-	gss_log_debug("in svcauth_gss()");
b39f54
+	gss_log_debug("in _svcauth_gss()");
b39f54
 
b39f54
 	/* Initialize reply. */
b39f54
 	rqst->rq_xprt->xp_verf = _null_auth;
b39f54
@@ -419,19 +428,25 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
b39f54
 	XDR_DESTROY(&xdrs);
b39f54
 
b39f54
 	/* Check version. */
b39f54
-	if (gc->gc_v != RPCSEC_GSS_VERSION)
b39f54
-		return (AUTH_BADCRED);
b39f54
+	if (gc->gc_v != RPCSEC_GSS_VERSION) {
b39f54
+		result = AUTH_BADCRED;
b39f54
+		goto out;
b39f54
+	}
b39f54
 
b39f54
 	/* Check RPCSEC_GSS service. */
b39f54
 	if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
b39f54
 	    gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
b39f54
-	    gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
b39f54
-		return (AUTH_BADCRED);
b39f54
+	    gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) {
b39f54
+		result = AUTH_BADCRED;
b39f54
+		goto out;
b39f54
+	}
b39f54
 
b39f54
 	/* Check sequence number. */
b39f54
 	if (gd->established) {
b39f54
-		if (gc->gc_seq > MAXSEQ)
b39f54
-			return (RPCSEC_GSS_CTXPROBLEM);
b39f54
+		if (gc->gc_seq > MAXSEQ) {
b39f54
+			result = RPCSEC_GSS_CTXPROBLEM;
b39f54
+			goto out;
b39f54
+		}
b39f54
 
b39f54
 		if ((offset = gd->seqlast - gc->gc_seq) < 0) {
b39f54
 			gd->seqlast = gc->gc_seq;
b39f54
@@ -441,7 +456,8 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
b39f54
 		}
b39f54
 		else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
b39f54
 			*no_dispatch = 1;
b39f54
-			return (RPCSEC_GSS_CTXPROBLEM);
b39f54
+			result = RPCSEC_GSS_CTXPROBLEM;
b39f54
+			goto out;
b39f54
 		}
b39f54
 		gd->seq = gc->gc_seq;
b39f54
 		gd->seqmask |= (1 << offset);
b39f54
@@ -452,35 +468,52 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
b39f54
 		rqst->rq_svcname = (char *)gd->ctx;
b39f54
 	}
b39f54
 
b39f54
+	rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
b39f54
+
b39f54
 	/* Handle RPCSEC_GSS control procedure. */
b39f54
 	switch (gc->gc_proc) {
b39f54
 
b39f54
 	case RPCSEC_GSS_INIT:
b39f54
 	case RPCSEC_GSS_CONTINUE_INIT:
b39f54
-		if (rqst->rq_proc != NULLPROC)
b39f54
-			return (AUTH_FAILED);		/* XXX ? */
b39f54
+		if (rqst->rq_proc != NULLPROC) {
b39f54
+			result = AUTH_FAILED;
b39f54
+			break;
b39f54
+		}
b39f54
 
b39f54
 		if (_svcauth_gss_name == NULL) {
b39f54
-			if (!svcauth_gss_import_name("nfs"))
b39f54
-				return (AUTH_FAILED);
b39f54
+			if (!svcauth_gss_import_name("nfs")) {
b39f54
+				result = AUTH_FAILED;
b39f54
+				break;
b39f54
+			}
b39f54
 		}
b39f54
 
b39f54
-		if (!svcauth_gss_acquire_cred())
b39f54
-			return (AUTH_FAILED);
b39f54
+		if (!svcauth_gss_acquire_cred()) {
b39f54
+			result = AUTH_FAILED;
b39f54
+			break;
b39f54
+		}
b39f54
 
b39f54
-		if (!svcauth_gss_accept_sec_context(rqst, &gr))
b39f54
-			return (AUTH_REJECTEDCRED);
b39f54
+		if (!svcauth_gss_accept_sec_context(rqst, &gr)) {
b39f54
+			result = AUTH_REJECTEDCRED;
b39f54
+			break;
b39f54
+		}
b39f54
 
b39f54
-		if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win)))
b39f54
-			return (AUTH_FAILED);
b39f54
+		if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
b39f54
+			result = AUTH_FAILED;
b39f54
+			break;
b39f54
+		}
b39f54
 
b39f54
 		*no_dispatch = TRUE;
b39f54
 
b39f54
 		call_stat = svc_sendreply(rqst->rq_xprt, 
b39f54
 			(xdrproc_t)xdr_rpc_gss_init_res, (caddr_t)&gr);
b39f54
 
b39f54
-		if (!call_stat)
b39f54
-			return (AUTH_FAILED);
b39f54
+		gss_release_buffer(&min_stat, &gr.gr_token);
b39f54
+		free(gr.gr_ctx.value);
b39f54
+
b39f54
+		if (!call_stat) {
b39f54
+			result = AUTH_FAILED;
b39f54
+			break;
b39f54
+		}
b39f54
 
b39f54
 		if (gr.gr_major == GSS_S_COMPLETE)
b39f54
 			gd->established = TRUE;
b39f54
@@ -488,25 +521,36 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
b39f54
 		break;
b39f54
 
b39f54
 	case RPCSEC_GSS_DATA:
b39f54
-		if (!svcauth_gss_validate(gd, msg))
b39f54
-			return (RPCSEC_GSS_CREDPROBLEM);
b39f54
+		if (!svcauth_gss_validate(gd, msg)) {
b39f54
+			result = RPCSEC_GSS_CREDPROBLEM;
b39f54
+			break;
b39f54
+		}
b39f54
 
b39f54
-		if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
b39f54
-			return (AUTH_FAILED);
b39f54
+		if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
b39f54
+			result = AUTH_FAILED;
b39f54
+			break;
b39f54
+		}
b39f54
 		break;
b39f54
 
b39f54
 	case RPCSEC_GSS_DESTROY:
b39f54
-		if (rqst->rq_proc != NULLPROC)
b39f54
-			return (AUTH_FAILED);		/* XXX ? */
b39f54
-
b39f54
-		if (!svcauth_gss_validate(gd, msg))
b39f54
-			return (RPCSEC_GSS_CREDPROBLEM);
b39f54
+		if (rqst->rq_proc != NULLPROC) {
b39f54
+			result = AUTH_FAILED;	 /* XXX ? */
b39f54
+			break;
b39f54
+		}
b39f54
+		if (!svcauth_gss_validate(gd, msg)) {
b39f54
+			result = RPCSEC_GSS_CREDPROBLEM;
b39f54
+			break;
b39f54
+		}
b39f54
 
b39f54
-		if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
b39f54
-			return (AUTH_FAILED);
b39f54
+		if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) {
b39f54
+			result = AUTH_FAILED;
b39f54
+			break;
b39f54
+		}
b39f54
 
b39f54
-		if (!svcauth_gss_release_cred())
b39f54
-			return (AUTH_FAILED);
b39f54
+		if (!svcauth_gss_release_cred()) {
b39f54
+			result = AUTH_FAILED;
b39f54
+			break;
b39f54
+		}
b39f54
 
b39f54
 		SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth);
b39f54
 		rqst->rq_xprt->xp_auth = &svc_auth_none;
b39f54
@@ -514,10 +558,15 @@ _svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch)
b39f54
 		break;
b39f54
 
b39f54
 	default:
b39f54
-		return (AUTH_REJECTEDCRED);
b39f54
+		result =  AUTH_REJECTEDCRED;
b39f54
 		break;
b39f54
 	}
b39f54
-	return (AUTH_OK);
b39f54
+out:
b39f54
+	xdr_free((xdrproc_t)xdr_rpc_gss_cred, (caddr_t)gc);
b39f54
+	if (result != AUTH_OK)
b39f54
+		gss_log_debug("_svcauth_gss() failed: %d", result);
b39f54
+
b39f54
+	return result;
b39f54
 }
b39f54
 
b39f54
 bool_t
b39f54
diff --git a/tirpc/rpc/auth.h b/tirpc/rpc/auth.h
b39f54
index 4ce11f0..7c8f813 100644
b39f54
--- a/tirpc/rpc/auth.h
b39f54
+++ b/tirpc/rpc/auth.h
b39f54
@@ -399,6 +399,7 @@ struct rpc_msg;
b39f54
 enum auth_stat _svcauth_none (struct svc_req *, struct rpc_msg *);
b39f54
 enum auth_stat _svcauth_short (struct svc_req *, struct rpc_msg *);
b39f54
 enum auth_stat _svcauth_unix (struct svc_req *, struct rpc_msg *);
b39f54
+enum auth_stat _svcauth_gss (struct svc_req *, struct rpc_msg *, bool_t *);
b39f54
 __END_DECLS
b39f54
 
b39f54
 #define AUTH_NONE	0		/* no authentication */
b39f54
diff --git a/tirpc/rpc/svc_auth.h b/tirpc/rpc/svc_auth.h
b39f54
index 14269d1..723c989 100644
b39f54
--- a/tirpc/rpc/svc_auth.h
b39f54
+++ b/tirpc/rpc/svc_auth.h
b39f54
@@ -66,6 +66,8 @@ typedef struct SVCAUTH {
b39f54
  * Server side authenticator
b39f54
  */
b39f54
 __BEGIN_DECLS
b39f54
+extern enum auth_stat _gss_authenticate(struct svc_req *, struct rpc_msg *,
b39f54
+		bool_t *);
b39f54
 extern enum auth_stat _authenticate(struct svc_req *, struct rpc_msg *);
b39f54
 extern int svc_auth_reg(int, enum auth_stat (*)(struct svc_req *,
b39f54
 			  struct rpc_msg *));