jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 05:27:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
openafs/src/libafsauthent
History
Garrett Wollman a0417565a3 ptuser: guarantee that all names are valid C strings 
The prname type is represented in XDR as a vector[PR_MAXNAMELEN]
of char, not as a string, which means that the XDR (de)serializer
will not guarantee null-termination.  Guarantee that all buffers
used in the public protection server API are in fact valid strings
by disallowing any names that are exactly PR_MAXNAMELEN (64)
characters long.  DO NOT silently truncate names that are even
longer than this.  Consistently use the prname typedef in
declarations to reinforce the length limitation to those reading
the header file.  Introduces a new protection error code,
PRNAMETOOLONG, which will be returned if either IN or OUT parameters
would exceed the limit.

[kaduk@mit.edu convert macro to static_inline function and expand
at call sites; add string_ wrapper to add checking to viced and libadmin;
export the string_ wrapper from libafsauthent for the windows build]

Change-Id: I65f850afcfea2fd2bc0110ca7b7f6ecca247dd58
Reviewed-on: https://gerrit.openafs.org/7896
Reviewed-by: Chas Williams <3chas3@gmail.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
2016-07-16 23:57:16 -04:00
..
afsauthent.def
ptuser: guarantee that all names are valid C strings
2016-07-16 23:57:16 -04:00
afsauthent.exp
RestrictedQuery feature
2014-05-20 20:39:12 -04:00
afsauthent.rc
windows-file-versioning-20030619
2003-06-19 20:00:31 +00:00
libafsauthent.la.sym
ptuser: guarantee that all names are valid C strings
2016-07-16 23:57:16 -04:00
Makefile.in
Build and install libafsauthent.so.2
2014-10-08 10:49:49 -04:00
mapfile
Sort libtool symbol files
2014-09-10 15:24:56 -04:00
NTMakefile
Windows: Platform specific MIDL output
2014-03-17 17:25:46 -07:00
README
correct whitespace errors in readme files
2013-01-07 07:40:46 -08:00

README 

Copyright 2000, International Business Machines Corporation and others.
All Rights Reserved.

This software has been released under the terms of the IBM Public
License.  For details, see the LICENSE file in the top-level source
directory or online at http://www.openafs.org/dl/license10.html

This library is to be used by multithreaded programs that need to access
the kauth and auth library interfaces.  The primary method used to obtain
thread safety in these libraries is to lock/unlock a recursive global
mutex at the entry point of every public function in the library.

However, not all public functions are made thread safe since not all
functions are needed by the NT admin work.  In particular, there are
many public functions that make up descendants of the functions
we wish to use that weren't modified, since these functions will be
protected by the locking at a higher level function.

To prevent people from using non-thread safe functions, platform
specific methods are used to limit the functions exported by the
library (using def files under NT and mapfiles under Solaris).  For
most non-exported functions, it should be trivial to make the
transformation to thread safe by simply locking/ unlocking the
global mutex at the beginning/end of the function.