X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=common-src%2Fkrb5-security.c;h=8a11ad675ad0afc8821ac02a432b01eae4e052b7;hb=c88ee0799dbba0d855be48a5c148c4586400b142;hp=dc70b318dcb49a00204c547a4b4bc4f91a435716;hpb=94a044f90357edefa6f4ae9f0b1d5885b0e34aee;p=debian%2Famanda

diff --git a/common-src/krb5-security.c b/common-src/krb5-security.c
index dc70b31..8a11ad6 100644
--- a/common-src/krb5-security.c
+++ b/common-src/krb5-security.c
@@ -37,11 +37,9 @@
 #include "util.h"
 #include "event.h"
 #include "packet.h"
-#include "queue.h"
 #include "security.h"
 #include "security-util.h"
 #include "stream.h"
-#include "version.h"
 #include "sockaddr-util.h"
 
 #ifdef KRB5_HEIMDAL_INCLUDES
@@ -116,15 +114,10 @@
  */
 #define GSS_TIMEOUT                     30
 
-/*
- * The largest buffer we can send/receive.
- */
-#define AMANDA_MAX_TOK_SIZE             (MAX_TAPE_BLOCK_BYTES * 4)
-
 /*
  * This is the tcp stream buffer size
  */
-#define KRB5_STREAM_BUFSIZE     (MAX_TAPE_BLOCK_BYTES * 2)
+#define KRB5_STREAM_BUFSIZE     (32768 * 2)
 
 /*
  * This is the max number of outgoing connections we can have at once.
@@ -331,8 +324,8 @@ krb5_accept(
     void	(*fn)(security_handle_t *, pkt_t *),
     void       *datap)
 {
-    struct sockaddr_storage sin;
-    socklen_t len;
+    sockaddr_union sin;
+    socklen_t_equiv len;
     struct tcp_conn *rc;
     char hostname[NI_MAXHOST];
     int result;
@@ -511,7 +504,7 @@ gss_client(
 	 * Send back the response
 	 */
 	if (send_tok.length != 0 && tcpm_send_token(rc, rc->write, rs->handle, &errmsg, send_tok.value, send_tok.length) < 0) {
-	    security_seterror(&rh->sech, rc->errmsg);
+	    security_seterror(&rh->sech, "%s", rc->errmsg);
 	    gss_release_buffer(&min_stat, &send_tok);
 	    goto done;
 	}
@@ -556,7 +549,6 @@ gss_server(
     gss_name_t gss_name;
     gss_cred_id_t gss_creds;
     char *p, *realm, *msg;
-    uid_t euid;
     int rval = -1;
     int rvalue;
     char errbuf[256];
@@ -571,16 +563,9 @@ gss_server(
      * out of the default keytab.  We also need to be root in
      * gss_accept_context() thanks to the replay cache code.
      */
-    euid = geteuid();
-    if (getuid() != 0) {
-	g_snprintf(errbuf, SIZEOF(errbuf),
-	    _("real uid is %ld, needs to be 0 to read krb5 host key"),
-	    (long)getuid());
-	goto out;
-    }
     if (!set_root_privs(0)) {
 	g_snprintf(errbuf, SIZEOF(errbuf),
-	    _("can't seteuid to uid 0: %s"), strerror(errno));
+	    _("can't take root privileges to read krb5 host key: %s"), strerror(errno));
 	goto out;
     }