packages/gssproxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 0.8.3

Browse Source
This commit is contained in:
yixiangzhike 2020-07-25 18:32:24 +08:00
parent e77a29cd09
commit c507a0735a
8 changed files with 10 additions and 280 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
Always-choose-highest-requested-debug-level.patch
View File

@ -1,107 +0,0 @@
From d284ec7dc9fe0a824b177873078aeb36a25b7878 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 11 Apr 2018 16:15:00 -0400
Subject: [PATCH] Always choose highest requested debug level
Allowing the CLI to lower the debug level specified in a config file
is dubious, and previously broken since we don't distinguish "default
value" from "explicitly requested value of 0" in popt. This resulted
in "Debug Enabled (level: 0)" even when the log level was not actually
0, which is confusing for users.
Remove the gp_debug_args() function since it is no longer used.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges: #229
(cherry picked from commit 5a714768aec776dc875237dd729c85389932a688)
---
src/gp_debug.c | 34 ++++++++--------------------------
src/gp_debug.h | 3 +--
src/gssproxy.c | 2 +-
3 files changed, 10 insertions(+), 29 deletions(-)
diff --git a/src/gp_debug.c b/src/gp_debug.c
index 4a141fc..a0f51f0 100644
--- a/src/gp_debug.c
+++ b/src/gp_debug.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2011 the GSS-PROXY contributors, see COPYING for license */
+/* Copyright (C) 2011,2018 the GSS-PROXY contributors, see COPYING for license */
#include "config.h"
#include <stdbool.h>
@@ -7,35 +7,17 @@
#include "gp_log.h"
/* global debug switch */
-int gp_debug;
-
-int gp_debug_args(int level) {
- static int args_level = 0;
-
- if (level != 0) {
- args_level = level;
- }
- return args_level;
-}
+int gp_debug = 0;
void gp_debug_toggle(int level)
{
- static bool krb5_trace_set = false;
+ if (level <= gp_debug)
+ return;
- /* Command line and environment options override config file */
- gp_debug = gp_debug_args(0);
- if (gp_debug == 0) {
- gp_debug = level;
- }
- if (level >= 3) {
- if (!getenv("KRB5_TRACE")) {
- setenv("KRB5_TRACE", "/dev/stderr", 1);
- krb5_trace_set = true;
- }
- } else if (krb5_trace_set) {
- unsetenv("KRB5_TRACE");
- krb5_trace_set = false;
- }
+ if (level >= 3 && !getenv("KRB5_TRACE"))
+ setenv("KRB5_TRACE", "/dev/stderr", 1);
+
+ gp_debug = level;
GPDEBUG("Debug Enabled (level: %d)\n", level);
}
diff --git a/src/gp_debug.h b/src/gp_debug.h
index 1c2f8a3..4932bfd 100644
--- a/src/gp_debug.h
+++ b/src/gp_debug.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2011 the GSS-PROXY contributors, see COPYING for license */
+/* Copyright (C) 2011,2018 the GSS-PROXY contributors, see COPYING for license */
#ifndef _GP_DEBUG_H_
#define _GP_DEBUG_H_
@@ -10,7 +10,6 @@
extern int gp_debug;
-int gp_debug_args(int level);
void gp_debug_toggle(int);
void gp_debug_printf(const char *format, ...);
void gp_debug_time_printf(const char *format, ...);
diff --git a/src/gssproxy.c b/src/gssproxy.c
index 6d36a5d..db6e89b 100644
--- a/src/gssproxy.c
+++ b/src/gssproxy.c
@@ -208,7 +208,7 @@ int main(int argc, const char *argv[])
if (opt_debug || opt_debug_level > 0) {
if (opt_debug_level == 0) opt_debug_level = 1;
- gp_debug_args(opt_debug_level);
+ gp_debug_toggle(opt_debug_level);
}
if (opt_daemon && opt_interactive) {

43
Always-use-the-encype-we-selected.patch
View File

@ -1,43 +0,0 @@
From 64bf7f099fe52a214794486d16e3383ff25e8682 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 27 Feb 2018 11:59:25 -0500
Subject: [PATCH] Always use the encype we selected
The enctype is selected from the keytab or from the fallback code.
Either way make sure to use the enctype stored in the key block.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Merges: #226
(cherry picked from commit d73c96d658059ce64ecd41ff2924071d86f2b54f)
---
src/gp_export.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/gp_export.c b/src/gp_export.c
index c9f5fd4..5e8e160 100644
--- a/src/gp_export.c
+++ b/src/gp_export.c
@@ -168,11 +168,10 @@ uint32_t gp_init_creds_handle(uint32_t *min, const char *svc_name,
GP_CREDS_HANDLE_KEY_ENCTYPE, 0,
&handle->key);
if (ret == 0) {
- ret = krb5_c_make_random_key(handle->context,
- GP_CREDS_HANDLE_KEY_ENCTYPE,
+ ret = krb5_c_make_random_key(handle->context, handle->key->enctype,
handle->key);
GPDEBUG("Service: %s, Enckey: [ephemeral], Enctype: %d\n",
- svc_name, GP_CREDS_HANDLE_KEY_ENCTYPE);
+ svc_name, handle->key->enctype);
}
if (ret) {
ret_min = ret;
@@ -254,7 +253,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,
memset(&enc_handle, '\0', sizeof(krb5_enc_data));
- enc_handle.enctype = GP_CREDS_HANDLE_KEY_ENCTYPE;
+ enc_handle.enctype = key->enctype;
enc_handle.ciphertext.data = in->octet_string_val;
enc_handle.ciphertext.length = in->octet_string_len;

74
Clarify-debug-and-debug_level-in-man-pages.patch
View File

@ -1,74 +0,0 @@
From d71d354f1020a7deac57f26cc7c2cafb3fa675a3 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 11 Apr 2018 16:01:21 -0400
Subject: [PATCH] Clarify debug and debug_level in man pages
In particular, add debug_level to gssproxy(5) since it was previously
accepted but not documented.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges: #229
(cherry picked from commit e0e96e46be03102903533a9816b4deefe1adfaf8)
---
man/gssproxy.8.xml | 24 +++++++++++++++++++++++-
man/gssproxy.conf.5.xml | 5 ++++-
2 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/man/gssproxy.8.xml b/man/gssproxy.8.xml
index 1df4b0d..21f7e6a 100644
--- a/man/gssproxy.8.xml
+++ b/man/gssproxy.8.xml
@@ -118,13 +118,35 @@
</para>
</listitem>
</varlistentry>
+
<varlistentry>
<term>
<option>-d</option>,<option>--debug</option>
</term>
<listitem>
<para>
- Turn on debugging.
+ Turn on debugging. This option is identical to
+ --debug-level=1.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>--debug-level=</option>
+ </term>
+ <listitem>
+ <para>
+ Turn on debugging at the specified level. 0
+ corresponds to no logging, while 1 turns on basic
+ debug logging. Level 2 increases verbosity, including
+ more detailed credential verification.
+ </para>
+ <para>
+ At level 3 and above, KRB5_TRACE output is logged. If
+ KRB5_TRACE was already set in the execution
+ environment, trace output is sent to its value
+ instead.
</para>
</listitem>
</varlistentry>
diff --git a/man/gssproxy.conf.5.xml b/man/gssproxy.conf.5.xml
index de846b4..21c9653 100644
--- a/man/gssproxy.conf.5.xml
+++ b/man/gssproxy.conf.5.xml
@@ -192,7 +192,10 @@
<varlistentry>
<term>debug (boolean)</term>
<listitem>
- <para>Enable debugging to syslog.</para>
+ <para>
+ Enable debugging to syslog. Setting to true is
+ identical to setting debug_level to 1.
+ </para>
<para>Default: debug = false</para>
</listitem>
</varlistentry>

23
Don-t-leak-sock_ctx-if-verto_add_io-fails.patch
View File

@ -1,23 +0,0 @@
From 322a7e578cc1f3b54bfb317dd57442231a8f7cf7 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 2 Aug 2018 16:02:50 -0400
Subject: [PATCH] Don't leak sock_ctx if verto_add_io() fails
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
(cherry picked from commit 459152be1e701af6aafdecffc1af21156b43bf78)
---
src/gssproxy.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/gssproxy.c b/src/gssproxy.c
index db6e89b..93c1c1e 100644
--- a/src/gssproxy.c
+++ b/src/gssproxy.c
@@ -46,6 +46,7 @@ static verto_ev *setup_socket(char *sock_name, verto_ctx *vctx)
ev = verto_add_io(vctx, vflags, accept_sock_conn, sock_ctx->fd);
if (!ev) {
+ free(sock_ctx);
return NULL;
}

24
Unlock-cond_mutex-before-pthread-exit-in-gp_worker_main.patch
View File

@ -1,24 +0,0 @@
From cb761412e299ef907f22cd7c4146d50c8a792003 Mon Sep 17 00:00:00 2001
From: Guiyao <guiyao@huawei.com>
Date: Mar 26 2020 17:54:17 +0000
Subject: Unlock cond_mutex before pthread exit in gp_worker_main()
Signed-off-by: GuiYao <guiyao@huawei.com>
[rharwood@redhat.com: whitespace, tweak commit message]
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
---
diff --git a/src/gp_workers.c b/src/gp_workers.c
index 18f38f6..ae42cef 100644
--- a/src/gp_workers.c
+++ b/src/gp_workers.c
@@ -369,6 +369,7 @@ static void *gp_worker_main(void *pvt)
/* wait for next query */
pthread_cond_wait(&t->cond_wakeup, &t->cond_mutex);
if (t->pool->shutdown) {
+ pthread_mutex_unlock(&t->cond_mutex);
pthread_exit(NULL);
}
}

BIN
gssproxy-0.8.0.tar.gz
View File

Binary file not shown.

BIN
gssproxy-0.8.3.tar.gz Normal file
View File

Binary file not shown.

19
gssproxy.spec
View File

@ -3,18 +3,13 @@
%global gpstatedir %{_localstatedir}/lib/gssproxy %global gpstatedir %{_localstatedir}/lib/gssproxy
Name: gssproxy Name: gssproxy
Version: 0.8.0 Version: 0.8.3
Release: 12 Release: 1
Summary: GSSAPI Proxy Summary: GSSAPI Proxy
License: MIT License: MIT
URL: https://pagure.io/gssproxy URL: https://github.com/gssapi/gssproxy
Source0: %{name}-%{version}.tar.gz Source0: https://github.com/gssapi/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
Patch0: Always-use-the-encype-we-selected.patch
Patch1: Clarify-debug-and-debug_level-in-man-pages.patch
Patch2: Always-choose-highest-requested-debug-level.patch
Patch3: Don-t-leak-sock_ctx-if-verto_add_io-fails.patch
Patch4: Unlock-cond_mutex-before-pthread-exit-in-gp_worker_main.patch
Requires: krb5 keyutils libverto-module-base libini_config Requires: krb5 keyutils libverto-module-base libini_config
Requires(post): systemd Requires(post): systemd
@ -90,6 +85,12 @@ mkdir -p %{buildroot}%{gpstatedir}/rcache
%{_mandir}/man8/gssproxy-mech.8* %{_mandir}/man8/gssproxy-mech.8*
%changelog %changelog
* Sat Jul 25 2020 zhangxingliang <zhangxingliang3@huawei.com> - 0.8.3-1
- Type:update
- ID:NA
- SUG:NA
- DESC:update to 0.8.3
* Fri Mar 27 2020 steven <steven_ygui@163.com> - 0.8.0-12 * Fri Mar 27 2020 steven <steven_ygui@163.com> - 0.8.0-12
- Unlock cond_mutex before pthread exit in gp_worker_main() - Unlock cond_mutex before pthread exit in gp_worker_main()