gss-proxy.git/proxy, branch master-fixes3 gssproxy wip repository docs: Fill in GSSPROXY_BEHAVIOR default setting from configure option. 2013-10-17T16:53:47+00:00 Günther Deschner gdeschner@redhat.com 2013-10-17T16:53:07+00:00 9b5b78f94a8ae468a8a2fd6a16e6c5b1a0f52472 Signed-off-by: Günther Deschner <gdeschner@redhat.com> 
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
docs: autogenerate proxymech manpage. 2013-10-17T15:17:44+00:00 Günther Deschner gdeschner@redhat.com 2013-10-17T15:17:24+00:00 08173993ff56ff8552575dc1ef321f30e33d900c Signed-off-by: Günther Deschner <gdeschner@redhat.com> 
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
setup KRB5RCACHEDIR so that krb5 replay caches are created in a defined place. 2013-10-16T13:37:48+00:00 Günther Deschner gdeschner@redhat.com 2013-10-16T13:36:20+00:00 7eaa99930891f44b9a26089859a1d2d000ddb78a resolves: https://fedorahosted.org/gss-proxy/ticket/100 Signed-off-by: Günther Deschner <gdeschner@redhat.com> 
resolves: https://fedorahosted.org/gss-proxy/ticket/100
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Fix resource leak in gpm_accept_sec_context(). 2013-10-15T11:48:20+00:00 Günther Deschner gdeschner@redhat.com 2013-10-14T15:30:22+00:00 39ea56ce5d2cdfe08ed137c5262a709bbb08f151 Resolves Coverity CID #12027. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Resolves Coverity CID #12027.

Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Use right signedness for creds buffer. 2013-08-28T15:04:58+00:00 Günther Deschner gdeschner@redhat.com 2013-08-28T15:04:31+00:00 66f3183c54e3c27c0224226fa60bf8b933190b4a gp_export_creds_*() functions are using a arrays of int32_t values, however this array holds uids and gids which are unsigned integers. Signed-off-by: Günther Deschner <gdeschner@redhat.com> 
gp_export_creds_*() functions are using a arrays of int32_t values, however this
array holds uids and gids which are unsigned integers.

Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Fix selinux option check 2013-08-26T15:05:32+00:00 Simo Sorce simo@redhat.com 2013-08-26T13:03:05+00:00 659064bbe7b6596b40bd4fc238519cda2636997e Found by coverity (CID 11894) Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
Found by coverity (CID 11894)

Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Add service match using SeLinux Context 2013-07-02T14:17:23+00:00 Simo Sorce simo@redhat.com 2013-06-22T00:36:20+00:00 acc3b87b655cf7c6c0c7d698f5a5867b6732a69f Using getpeercon we can know the elinux context of the process talking to gssproxy. Use this information as an optional additional filter to match processes to service definitions. If a selinux_context option with a full user;role;type context is specified into a service section, then the connecting process must also be running under the specified selinux context in order to be allowed to connect. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
Using getpeercon we can know the elinux context of the process talking to
gssproxy. Use this information as an optional additional filter to match
processes to service definitions.
If a selinux_context option with a full user;role;type context is specified
into a service section, then the connecting process must also be running under
the specified selinux context in order to be allowed to connect.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Coverity fixes. 2013-06-27T16:07:23+00:00 Simo Sorce simo@redhat.com 2013-06-25T20:07:42+00:00 f66a585e042fbb2f313c1cbde329088fac86cea6 Fix a 4 coverity issues, ranging from memory leaks, to uninitialized variables, to potential NULL derefernce. Also a TOCTOU report that is in one of the accessory test scripts. The bug itself is not reallya TOCTOU, but the check done in the script is unecessary, so I just removed it. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
Fix a 4 coverity issues, ranging from memory leaks, to uninitialized
variables, to potential NULL derefernce.
Also a TOCTOU report that is in one of the accessory test scripts.
The bug itself is not reallya TOCTOU, but the check done in the script is
unecessary, so I just removed it.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Further improve debugging, mention servicename, socket and euid. 2013-06-24T15:51:39+00:00 Günther Deschner gdeschner@redhat.com 2013-06-21T16:39:42+00:00 6cf727aad695466f45125bd30da5b2c2e2e9d48d Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Properly check socket for connection matching. 2013-06-21T15:04:45+00:00 Simo Sorce simo@redhat.com 2013-06-19T16:18:31+00:00 aadc71e0b4ded19a4dbfeafd509d265e42659c92 We always need to chekc if the socket matches otherwise the worng service may be selected if a specific socket is being used but a service allowing the same euid is confgured to use the deault socket as well. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
We always need to chekc if the socket matches otherwise the worng service may
be selected if a specific socket is being used but a service allowing the same
euid is confgured to use the deault socket as well.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>