Displaying 6 results from an estimated 6 matches for "env_prefix_len".
2017 Feb 11
2
[RFC][cifs-utils PATCH] cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's /proc/<pid>/environ file
...<keyutils.h>
#include <time.h>
@@ -154,11 +155,126 @@ err_cache:
return credtime;
}
+#define ENV_PATH_FMT "/proc/%d/environ"
+#define ENV_PATH_MAXLEN (6 + 10 + 8 + 1)
+
+#define ENV_NAME "KRB5CCNAME"
+#define ENV_PREFIX "KRB5CCNAME="
+#define ENV_PREFIX_LEN 11
+
+#define ENV_BUF_START (4096)
+#define ENV_BUF_MAX (131072)
+
+/**
+ * get_cachename_from_process_env - scrape value of $KRB5CCNAME out of the
+ * initiating process' environment.
+ * @pid: initiating pid value from the upcall string
+ *
+ * Open the /proc/<pid>/environ...
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop capabilities before
doing most of its work. This may help reduce the attack surface of the
program.
Jeff Layton (4):
cifs.upcall: convert
2017 Feb 10
0
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
...#include <time.h>
@@ -154,12 +155,127 @@ err_cache:
return credtime;
}
+#define CIFS_UPCALL_ENV_PATH_FMT "/proc/%d/environ"
+#define CIFS_UPCALL_ENV_PATH_MAXLEN (6 + 10 + 8 + 1)
+
+#define ENV_NAME "KRB5CCNAME"
+#define ENV_PREFIX "KRB5CCNAME="
+#define ENV_PREFIX_LEN 11
+
+#define ENV_BUF_START (4096)
+#define ENV_BUF_MAX (131072)
+
+/**
+ * get_cachename_from_process_env - scrape value of $KRB5CCNAME out of the
+ * initiating process' environment.
+ * @pid: initiating pid value from the upcall string
+ *
+ * Open the /proc/<pid>/environ...
2017 Feb 14
3
[PATCH v2 0/2] cifs.upcall: allow cifs.upcall to grab $KRB5CCNAME from initiating process
Small respin of the patches that I posted a few days ago. The main
difference is the reordering of the series to make it do the group
and grouplist manipulation first, and then the patch that makes
it grab the KRB5CCNAME from the initiating process.
I think the code is sound, my main question is whether we really
need the command-line switch for this. Should this just be the
default mode of
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Apologies for v3 series, I had some extra patches in there. This is
the one that should have been sent. Relabeled as v4 for clarity.
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop
2017 Feb 10
5
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
On Fri, 2017-02-10 at 11:15 -0600, Chad William Seys wrote:
> Hi Jeff,
>
> > So we have a default credcache for the user for whom we are operating
> > as, but we can't get the default principal name from it. My guess is
> > that it's not finding the
>
> This mount is run by root UID=0 and seems to be find that credential
> cache without problem (earlier