Add option to specify allowed usage.

Credentials can often be used both to accept and to initiate contexts.
With this option admins can allow a specific usage only.
This is to avoid allowing an unprivileged process to fool a remote
client by allowing it to impersonate a server, when we only want to
allow this service to use credentials to initiate contexts.

1 files changed, 19 insertions, 0 deletions

diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c
index 943906a..2aeaaa9 100644
--- a/proxy/src/gp_config.c
+++ b/proxy/src/gp_config.c
@@ -163,6 +163,9 @@ static int load_services(struct gp_config *cfg, struct gp_ini_context *ctx)
             }
             cfg->num_svcs++;
 
+            /* by default allow both */
+            cfg->svcs[n]->cred_usage = GSS_C_BOTH;
+
             cfg->svcs[n]->name = strdup(secname + 8);
             if (!cfg->svcs[n]->name) {
                 ret = ENOMEM;
@@ -271,6 +274,22 @@ static int load_services(struct gp_config *cfg, struct gp_ini_context *ctx)
                     goto done;
                 }
             }
+
+            ret = gp_config_get_string(ctx, secname, "cred_usage", &value);
+            if (ret == 0) {
+                if (strcasecmp(value, "initiate") == 0) {
+                    cfg->svcs[n]->cred_usage = GSS_C_INITIATE;
+                } else if (strcasecmp(value, "accept") == 0) {
+                    cfg->svcs[n]->cred_usage = GSS_C_ACCEPT;
+                } else if (strcasecmp(value, "both") == 0) {
+                    cfg->svcs[n]->cred_usage = GSS_C_BOTH;
+                } else {
+                    GPDEBUG("Invalid value '%s' for cred_usage in [%s].\n",
+                            value, secname);
+                    ret = EINVAL;
+                    goto done;
+                }
+            }
         }
         safefree(secname);
     }