Branch: refs/heads/master
Home: https://github.com/xrootd/xrootd
Commit: 41ca4872672e6b077b168280ad61e05eb76e7086
https://github.com/xrootd/xrootd/commit/41ca4872672e6b077b168280ad61e05eb76e7086
Author: Brian Bockelman <[log in to unmask]>
Date: 2018-06-07 (Thu, 07 Jun 2018)
Changed paths:
M src/XrdSecgsi/XrdSecProtocolgsi.cc
Log Message:
-----------
Expand the hostname if necessary.
Use `getaddrinfo` to determine whether the user-provided hostname
is a complete, valid hostname. If it isn't, then ask `getaddrinfo`
for a canonical name and use that.
Commit: 5e5867390ef557b97aa9b54a4fd98a08b78c7f8d
https://github.com/xrootd/xrootd/commit/5e5867390ef557b97aa9b54a4fd98a08b78c7f8d
Author: Brian Bockelman <[log in to unmask]>
Date: 2018-06-07 (Thu, 07 Jun 2018)
Changed paths:
M src/XrdSecgsi/XrdSecProtocolgsi.cc
Log Message:
-----------
Allow XrdSecGSITrustDNS setting to disable use of all DNS lookups.
By setting XrdSecGSITrustDNS=0, one can disable all DNS lookups in
the client for matching a server certificate to the current connection.
This is the most safe setting but has fairly significant backward
compatibility implications if this is set. The default is to trust
DNS for a few limited cases.
Commit: 2831c4e394e25d9df96bd40de8b048ce4ea0a584
https://github.com/xrootd/xrootd/commit/2831c4e394e25d9df96bd40de8b048ce4ea0a584
Author: Brian Bockelman <[log in to unmask]>
Date: 2018-06-07 (Thu, 07 Jun 2018)
Changed paths:
M src/XrdSecgsi/XrdSecProtocolgsi.cc
Log Message:
-----------
Simplify logic for utilizing DNS.
Rely more on XrdNetAddr routines where at all possible.
We now call a hostname non-qualified if it contains no '.' characters.
While the previous algorithm potentially handled more side cases,
it had the strong downside of always relying on DNS security. Since
that's precisely what we want to avoid, we only consider the case
where the user specifies `foo` and wants the search name to expand
it to `foo.example.com`.
Commit: ef677245919768aef64e9bd1766b83f3f96c7717
https://github.com/xrootd/xrootd/commit/ef677245919768aef64e9bd1766b83f3f96c7717
Author: Brian Bockelman <[log in to unmask]>
Date: 2018-06-07 (Thu, 07 Jun 2018)
Changed paths:
M src/XrdSecgsi/XrdSecProtocolgsi.cc
Log Message:
-----------
Remove unnecessary includes.
Commit: 6d714efedc89346629bd1fe4a546ac7953269225
https://github.com/xrootd/xrootd/commit/6d714efedc89346629bd1fe4a546ac7953269225
Author: Gerardo Ganis <[log in to unmask]>
Date: 2018-06-14 (Thu, 14 Jun 2018)
Changed paths:
M src/XrdSecgsi/XrdSecProtocolgsi.cc
M src/XrdSecgsi/XrdSecProtocolgsi.hh
Log Message:
-----------
secgsi: improve control of new option 'Trust DNS'
For consistency the variable should be called XrdSecGSITRUSTDNS and,
server side, the new option should be controlled by switch
-trustdns:[0|1] (default 1) .
The switch and the env are processed in XrdSecProtocolgsiInit() .
Signed-off-by: Brian Bockelman <[log in to unmask]>
Commit: 9aa9dad0a18503689fd8bff24d36b278e2679d06
https://github.com/xrootd/xrootd/commit/9aa9dad0a18503689fd8bff24d36b278e2679d06
Author: Gerardo GANIS <[log in to unmask]>
Date: 2018-06-14 (Thu, 14 Jun 2018)
Changed paths:
M src/XrdSecgsi/XrdSecProtocolgsi.cc
M src/XrdSecgsi/XrdSecProtocolgsi.hh
Log Message:
-----------
Merge pull request #731 from bbockelm/reverse_dns_gsi_v3
Use DNS lookups to expand non-FQDNs
Compare: https://github.com/xrootd/xrootd/compare/caba6ea93808...9aa9dad0a185
**NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
|