From: Jeff Layton <jlayton@redhat.com>
To: steved@redhat.com
Cc: linux-nfs@vger.kernel.org, "J. Bruce Fields" <bfields@fieldses.org>
Subject: [PATCH] nfs-utils: remove gss_clnt_send_err and gss_destroy_creds
Date: Thu,  3 Oct 2013 14:28:01 -0400
Message-Id: <1380824881-2958-1-git-send-email-jlayton@redhat.com>
Sender: linux-nfs-owner@vger.kernel.org

As Bruce recently pointed out, gss_clnt_send_err basically does an
unsolicited downcall into the kernel to try and destroy a valid GSS
context. That has been broken however since this kernel commit:

    commit 3b68aaeaf54065e5c44583a1d33ffb7793953ba4
    Author: Trond Myklebust <Trond.Myklebust@netapp.com>
    Date:   Thu Jun 7 10:14:15 2007 -0400

        SUNRPC: Always match an upcall message in gss_pipe_downcall()

Downcalls that don't match an in-progress upcall just get back an
-ENOENT error and don't actually do anything. Remove these tools
since they've been useless for the last 6 years.

Reported-by: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
---
 utils/gssd/Makefile.am         |   8 +--
 utils/gssd/gss_clnt_send_err.c | 108 -----------------------------------------
 utils/gssd/gss_destroy_creds   |  11 -----
 3 files changed, 1 insertion(+), 126 deletions(-)
 delete mode 100644 utils/gssd/gss_clnt_send_err.c
 delete mode 100644 utils/gssd/gss_destroy_creds

diff --git a/utils/gssd/Makefile.am b/utils/gssd/Makefile.am
index a300da2..a9a3e42 100644
--- a/utils/gssd/Makefile.am
+++ b/utils/gssd/Makefile.am
@@ -5,8 +5,7 @@ man8_MANS	= gssd.man svcgssd.man
 RPCPREFIX	= rpc.
 KPREFIX		= @kprefix@
 sbin_PREFIXED	= gssd svcgssd
-sbin_PROGRAMS	= $(sbin_PREFIXED) gss_clnt_send_err
-sbin_SCRIPTS	= gss_destroy_creds
+sbin_PROGRAMS	= $(sbin_PREFIXED)
 
 EXTRA_DIST = \
 	gss_destroy_creds \
@@ -65,11 +64,6 @@ svcgssd_LDFLAGS = $(KRBLDFLAGS)
 svcgssd_CFLAGS = $(AM_CFLAGS) $(CFLAGS) \
 		 $(RPCSECGSS_CFLAGS) $(KRBCFLAGS) $(GSSAPI_CFLAGS)
 
-gss_clnt_send_err_SOURCES = gss_clnt_send_err.c
-
-gss_clnt_send_err_CFLAGS = $(AM_CFLAGS) $(CFLAGS) \
-		 $(RPCSECGSS_CFLAGS) $(KRBCFLAGS) $(GSSAPI_CFLAGS)
-
 MAINTAINERCLEANFILES = Makefile.in
 
 #######################################################################
diff --git a/utils/gssd/gss_clnt_send_err.c b/utils/gssd/gss_clnt_send_err.c
deleted file mode 100644
index 4800a01..0000000
--- a/utils/gssd/gss_clnt_send_err.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
-  Copyright (c) 2000 The Regents of the University of Michigan.
-  All rights reserved.
-
-  Copyright (c) 2004 Bruce Fields <bfields@umich.edu>
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
-
-  1. Redistributions of source code must retain the above copyright
-     notice, this list of conditions and the following disclaimer.
-  2. Redistributions in binary form must reproduce the above copyright
-     notice, this list of conditions and the following disclaimer in the
-     documentation and/or other materials provided with the distribution.
-  3. Neither the name of the University nor the names of its
-     contributors may be used to endorse or promote products derived
-     from this software without specific prior written permission.
-
-  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
-  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif	/* HAVE_CONFIG_H */
-
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <rpc/rpc.h>
-
-#include <unistd.h>
-#include <err.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <pwd.h>
-#include <fcntl.h>
-
-#include "gssd.h"
-#include "write_bytes.h"
-
-char pipefsdir[PATH_MAX] = GSSD_PIPEFS_DIR;
-
-static void
-usage(char *progname)
-{
-	fprintf(stderr, "usage: %s clntdir user [user ...]\n", progname);
-	exit(1);
-}
-
-static int
-do_error_downcall(int k5_fd, uid_t uid, int err)
-{
-	char    buf[1024];
-	char    *p = buf, *end = buf + 1024;
-	unsigned int timeout = 0;
-	int     zero = 0;
-
-	if (WRITE_BYTES(&p, end, uid)) return -1;
-	if (WRITE_BYTES(&p, end, timeout)) return -1;
-	/* use seq_win = 0 to indicate an error: */
-	if (WRITE_BYTES(&p, end, zero)) return -1;
-	if (WRITE_BYTES(&p, end, err)) return -1;
-
-	if (write(k5_fd, buf, p - buf) < p - buf) return -1;
-	return 0;
-}
-
-int
-main(int argc, char *argv[])
-{
-	int fd;
-	int i;
-	uid_t uid;
-	char *endptr;
-	struct passwd *pw;
-
-	if (argc < 3)
-		usage(argv[0]);
-	fd = open(argv[1], O_WRONLY);
-	if (fd == -1)
-		err(1, "unable to open %s", argv[1]);
-
-	for (i = 2; i < argc; i++) {
-		uid = strtol(argv[i], &endptr, 10);
-		if (*endptr != '\0') {
-			pw = getpwnam(argv[i]);
-			if (!pw)
-				err(1, "unknown user %s", argv[i]);
-			uid = pw->pw_uid;
-		}
-		if (do_error_downcall(fd, uid, -1))
-			err(1, "failed to destroy cred for user %s", argv[i]);
-	}
-	exit(0);
-}
diff --git a/utils/gssd/gss_destroy_creds b/utils/gssd/gss_destroy_creds
deleted file mode 100644
index 1f978d1..0000000
--- a/utils/gssd/gss_destroy_creds
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-path=`mount|grep rpc_pipefs|awk '{ print $3;exit }'`
-
-if [ -z "$path" ]; then
-	echo "unable to find rpc_pipefs; is it mounted?"
-	exit 1
-fi;
-
-find "$path" -name 'krb5' -exec gss_clnt_send_err '{}' $* ';'
-
-- 
1.8.3.1