libgssglue: add new recipe

libgssglue exports a gssapi interface which calls other gssapi libraries. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-05-07 04:58:47 +00:00 · 2017-07-28 10:00:56 +08:00
parent 2f30963b82
commit 1c3afde094
6 changed files with 223 additions and 0 deletions
@@ -0,0 +1,60 @@
 fix the bug:
 g_canon_name.c:125:5: warning: passing argument 2 of '__gss_copy_namebuf' from incompatible pointer type [enabled by default]
 the 2nd argument of __gss_copy_namebuf should be address of *gss_buffer_t, \
 but a *gss_buffer_t is assigned.
 what __gss_copy_namebuf does is to alloc memory for a gss_buffer_desc and \
 copy from src and return its address.
 if following code failed, gss_release_name will free \
 union_canon_name->external_name.value if it is not NULL.
 OM_uint32 __gss_copy_namebuf(src, dest)
    gss_buffer_t   src;
    gss_buffer_t   *dest;
 typedef struct gss_union_name_t {
 	gss_mechanism		gss_mech;
 	gss_OID			name_type;
 	gss_buffer_desc		external_name;
 	/*
 	 * These last two fields are only filled in for mechanism
 	 * names.
 	 */
 	gss_OID			mech_type;
 	gss_name_t		mech_name;
 } gss_union_name_desc, *gss_union_name_t;
 typedef struct gss_buffer_desc_struct {
      size_t length;
      void FAR *value;
 } gss_buffer_desc, FAR *gss_buffer_t;
 Upstream-Status: Pending
 Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
 --- a/src/g_canon_name.c
 +++ b/src/g_canon_name.c
@@ -121,11 +121,17 @@ gss_canonicalize_name (OM_uint32 *minor_
     union_canon_name->mech_name = mech_name;
 -    status = __gss_copy_namebuf(&union_input_name->external_name,
 -				&union_canon_name->external_name);
 -    if (status != GSS_S_COMPLETE)
 -	goto failure;
 +    union_canon_name->external_name.value = (void*) malloc(
 +                      union_input_name->external_name.length + 1);
 +    if (!union_canon_name->external_name.value)
 +        goto failure;
 +    memcpy(union_canon_name->external_name.value, 
 +           union_input_name->external_name.value, 
 +           union_input_name->external_name.length);
 +    union_canon_name->external_name.length = 
 +                      union_input_name->external_name.length; 
 +   
     if (union_input_name->name_type != GSS_C_NO_OID) {
 	status = generic_gss_copy_oid(minor_status,
 				      union_input_name->name_type,
@@ -0,0 +1,43 @@
 Use secure_getenv instead of getenv for setuid programs
 (bnc#694598 CVE-2011-2709 bnc#831805)
 import from:
 https://build.opensuse.org/package/view_file/openSUSE:Factory/libgssglue/secure-getenv.patch
 Upstream-Status: Pending
 Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
 diff --git a/src/g_initialize.c b/src/g_initialize.c
 index 200f173..935a9fa 100644
 --- a/src/g_initialize.c
 +++ b/src/g_initialize.c
@@ -26,6 +26,7 @@
  * This function will initialize the gssapi mechglue library
  */
 +#define _GNU_SOURCE
 #include "mglueP.h"
 #include <stdlib.h>
@@ -197,8 +198,7 @@ static void solaris_initialize ()
     void *dl;
     gss_mechanism (*sym)(void), mech;
 -    if ((getuid() != geteuid()) ||
 -        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
 +    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
 	filename = MECH_CONF;
     if ((conffile = fopen(filename, "r")) == NULL) {
@@ -274,8 +274,7 @@ static void linux_initialize ()
     void *dl;
     gss_mechanism (*sym)(void), mech;
 -    if ((getuid() != geteuid()) ||
 -        ((filename = getenv("GSSAPI_MECH_CONF")) == NULL))
 +    if ((filename = secure_getenv("GSSAPI_MECH_CONF")) == NULL)
 	filename = MECH_CONF;
     if ((conffile = fopen(filename, "r")) == NULL) {
@@ -0,0 +1,21 @@
 Fix the warning for getuid, geteuid
 g_initialize.c: In function 'linux_initialize':
 g_initialize.c:275:5: warning: implicit declaration of function 'getuid' [-Wimplicit-function-declaration]
 g_initialize.c:275:5: warning: implicit declaration of function 'geteuid' [-Wimplicit-function-declaration]
 Upstream-Status: Pending
 Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
 diff --git a/src/g_initialize.c b/src1/g_initialize.c
 index 82fcce1..200f173 100644
 --- a/src/g_initialize.c
 +++ b/src/g_initialize.c
@@ -29,6 +29,8 @@
 #include "mglueP.h"
 #include <stdlib.h>
 +#include <unistd.h>   /*getuid, geteuid */
 +#include <sys/types.h>
 #include <stdio.h>
 #include <string.h>
 #include <ctype.h>
@@ -0,0 +1,27 @@
 1) add free if malloc failed for (*mechanisms)->elements
 2) g_inq_cred.c: In function 'gss_inquire_cred':
 g_inq_cred.c:161:8: warning: passing argument 3 of 'generic_gss_copy_oid' from incompatible pointer type [enabled by default]
 Upstream-Status: Pending
 Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
 --- a/src/g_inq_cred.c
 +++ b/src/g_inq_cred.c
@@ -152,13 +152,15 @@ gss_OID_set *		mechanisms;
 			     union_cred->count);
 	if ((*mechanisms)->elements == NULL) {
 	    *minor_status = ENOMEM;
 +	    free(*mechanisms);
 +	    *mechanisms = GSS_C_NO_OID_SET;
 	    return (GSS_S_FAILURE);
 	}
 	for (i=0; i < union_cred->count; i++) {
 -	    status = generic_gss_copy_oid(minor_status,
 +	    status = generic_gss_add_oid_set_member(minor_status,
 	    				  &union_cred->mechs_array[i],
 -					  &((*mechanisms)->elements[i]));
 +					  mechanisms);
 	    if (status != GSS_S_COMPLETE)
 	        break;
 	}
@@ -0,0 +1,21 @@
 fix the warning:
 warning: implicit declaration of function 'generic_gss_copy_oid_set' [-Wimplicit-function-declaration]
 Upstream-Status: Pending
 Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
 --- a/src/mglueP.h
 +++ b/src/mglueP.h
@@ -447,6 +447,12 @@ OM_uint32 generic_gss_copy_oid
 	    gss_OID *		/* new_oid */
 	    );
 +OM_uint32 generic_gss_copy_oid_set
 +	   (OM_uint32 *minor_status,	/* minor_status */
 +	    const gss_OID_set_desc * const oidset,	/* oid */
 +	    gss_OID_set *new_oidset			/* new_oid */
 +	   );
 +
 OM_uint32 generic_gss_create_empty_oid_set
 	   (OM_uint32 *,	/* minor_status */
 	    gss_OID_set *	/* oid_set */
@@ -0,0 +1,51 @@
 SUMMARY = "Exports a gssapi interface which calls other gssapi libraries"
 DESCRIPTION = "\
 This library exports a gssapi interface, but does not implement any gssapi \
 mechanisms itself; instead it calls gssapi routines in other libraries, \
 depending on the mechanism. \
 "
 HOMEPAGE = "http://www.citi.umich.edu/projects/nfsv4/linux/"
 SECTION = "libs"
 LICENSE = "BSD-3-Clause | HPND"
 #Copyright (c) 1996, by Sun Microsystems, Inc.                   HPND
 #Copyright (c) 2007 The Regents of the University of Michigan. BSD-3-Clause
 #Copyright 1995 by the Massachusetts Institute of Technology.  HPND without Disclaimer
 #Copyright 1993 by OpenVision Technologies, Inc.               HPND
 LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \
                    file://src/g_accept_sec_context.c;beginline=3;endline=23;md5=8a7f4017cb7f4be49f8981cb8c472690 \
                    file://src/g_ccache_name.c;beginline=1;endline=32;md5=208d4de05d5c8273963a8332f084faa7 \
                    file://src/oid_ops.c;beginline=1;endline=26;md5=1f194d148b396972da26759a8ec399f0 \
                    file://src/oid_ops.c;beginline=378;endline=398;md5=e02c165cb8383e950214baca2fbd664b \
 "
 SRC_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/${BPN}/${BP}.tar.gz \
           file://libgssglue-canon-name.patch  \
           file://libgssglue-gss-inq-cred.patch  \
           file://libgssglue-mglueP.patch \
           file://libgssglue-g-initialize.patch \
           file://libgssglue-fix-CVE-2011-2709.patch \
 "
 SRC_URI[md5sum] = "088797f3180702fa54e786496b32e750"
 SRC_URI[sha256sum] = "3f791a75502ba723e5e85e41e5e0c711bb89e2716b7c0ec6e74bd1df6739043a"
 # gssglue can use krb5, spkm3... as gssapi library, configurable
 RRECOMMENDS_${PN} += "krb5"
 inherit autotools
 do_install_append() {
    # install some docs
    install -d -m 0755 ${D}${docdir}/${BPN}
    install -m 0644 ${S}/AUTHORS ${S}/ChangeLog ${S}/NEWS ${S}/README ${D}${docdir}/${BPN}
    # install the gssapi_mech.conf
    install -d -m 0755 ${D}${sysconfdir}
    install -m 0644 ${S}/doc/gssapi_mech.conf ${D}${sysconfdir}
    # change the libgssapi_krb5.so path and name(it is .so.2)
    sed -i -e "s:/usr/lib/libgssapi_krb5.so:libgssapi_krb5.so.2:" ${D}${sysconfdir}/gssapi_mech.conf
 }