Branch: refs/heads/master Home: https://github.com/xrootd/xrootd Commit: 41ca4872672e6b077b168280ad61e05eb76e7086 https://github.com/xrootd/xrootd/commit/41ca4872672e6b077b168280ad61e05eb76e7086 Author: Brian Bockelman <[log in to unmask]> Date: 2018-06-07 (Thu, 07 Jun 2018) Changed paths: M src/XrdSecgsi/XrdSecProtocolgsi.cc Log Message: ----------- Expand the hostname if necessary. Use `getaddrinfo` to determine whether the user-provided hostname is a complete, valid hostname. If it isn't, then ask `getaddrinfo` for a canonical name and use that. Commit: 5e5867390ef557b97aa9b54a4fd98a08b78c7f8d https://github.com/xrootd/xrootd/commit/5e5867390ef557b97aa9b54a4fd98a08b78c7f8d Author: Brian Bockelman <[log in to unmask]> Date: 2018-06-07 (Thu, 07 Jun 2018) Changed paths: M src/XrdSecgsi/XrdSecProtocolgsi.cc Log Message: ----------- Allow XrdSecGSITrustDNS setting to disable use of all DNS lookups. By setting XrdSecGSITrustDNS=0, one can disable all DNS lookups in the client for matching a server certificate to the current connection. This is the most safe setting but has fairly significant backward compatibility implications if this is set. The default is to trust DNS for a few limited cases. Commit: 2831c4e394e25d9df96bd40de8b048ce4ea0a584 https://github.com/xrootd/xrootd/commit/2831c4e394e25d9df96bd40de8b048ce4ea0a584 Author: Brian Bockelman <[log in to unmask]> Date: 2018-06-07 (Thu, 07 Jun 2018) Changed paths: M src/XrdSecgsi/XrdSecProtocolgsi.cc Log Message: ----------- Simplify logic for utilizing DNS. Rely more on XrdNetAddr routines where at all possible. We now call a hostname non-qualified if it contains no '.' characters. While the previous algorithm potentially handled more side cases, it had the strong downside of always relying on DNS security. Since that's precisely what we want to avoid, we only consider the case where the user specifies `foo` and wants the search name to expand it to `foo.example.com`. Commit: ef677245919768aef64e9bd1766b83f3f96c7717 https://github.com/xrootd/xrootd/commit/ef677245919768aef64e9bd1766b83f3f96c7717 Author: Brian Bockelman <[log in to unmask]> Date: 2018-06-07 (Thu, 07 Jun 2018) Changed paths: M src/XrdSecgsi/XrdSecProtocolgsi.cc Log Message: ----------- Remove unnecessary includes. Commit: 6d714efedc89346629bd1fe4a546ac7953269225 https://github.com/xrootd/xrootd/commit/6d714efedc89346629bd1fe4a546ac7953269225 Author: Gerardo Ganis <[log in to unmask]> Date: 2018-06-14 (Thu, 14 Jun 2018) Changed paths: M src/XrdSecgsi/XrdSecProtocolgsi.cc M src/XrdSecgsi/XrdSecProtocolgsi.hh Log Message: ----------- secgsi: improve control of new option 'Trust DNS' For consistency the variable should be called XrdSecGSITRUSTDNS and, server side, the new option should be controlled by switch -trustdns:[0|1] (default 1) . The switch and the env are processed in XrdSecProtocolgsiInit() . Signed-off-by: Brian Bockelman <[log in to unmask]> Commit: 9aa9dad0a18503689fd8bff24d36b278e2679d06 https://github.com/xrootd/xrootd/commit/9aa9dad0a18503689fd8bff24d36b278e2679d06 Author: Gerardo GANIS <[log in to unmask]> Date: 2018-06-14 (Thu, 14 Jun 2018) Changed paths: M src/XrdSecgsi/XrdSecProtocolgsi.cc M src/XrdSecgsi/XrdSecProtocolgsi.hh Log Message: ----------- Merge pull request #731 from bbockelm/reverse_dns_gsi_v3 Use DNS lookups to expand non-FQDNs Compare: https://github.com/xrootd/xrootd/compare/caba6ea93808...9aa9dad0a185 **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1