OpenAFS Master Repository branch, master, updated. openafs-devel-1_5_76-4204-gcc4e292
Gerrit Code Review
gerrit@openafs.org
Wed, 2 Apr 2014 07:07:22 -0700 (PDT)
The following commit has been merged in the master branch:
commit cc4e292174f36868008d35df63df57543f033ee4
Author: Chas Williams (CONTRACTOR) <chas@cmf.nrl.navy.mil>
Date: Wed Mar 26 10:15:10 2014 -0400
ptserver: Optionally restrict anonymous access to the ptserver
Currently, one could simply query from 0 to 'pts listmax' to determine
all the usernames in a cell. The -restrict_anonymous option will block
access to almost all of the unauthenticated RPC's. PR_NameToID is still
open since aklog still needs access to this RPC. An "attack" against
this RPC would have to scan a much larger key space to determine valid
usernames in a cell.
Change-Id: I7e475bc004f08d28d195c199804befa89f0ceb0c
Reviewed-on: http://gerrit.openafs.org/10951
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Gergely Risko <gergely@risko.hu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
doc/man-pages/pod8/ptserver.pod | 7 ++++-
src/ptserver/ptprocs.c | 63 +++++++++++++++++++++++++++++---------
src/ptserver/ptserver.c | 5 +++
3 files changed, 59 insertions(+), 16 deletions(-)
--
OpenAFS Master Repository