summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Use gp_boolean_is_true from interposer plugin's GSS_USE_PROXY check.master-envGünther Deschner2013-04-261-1/+2
| | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com>
* Make gp_boolean_is_true non-static.Günther Deschner2013-04-263-12/+13
| | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com>
* Rename option_is_set to gp_boolean_is_true.Günther Deschner2013-04-261-4/+4
| | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com>
* Require nothing less than MIT krb5 1.11.2Simo Sorce2013-04-231-2/+2
| | | | | | | | | | | Actually one feature requires the upstream master branch to be fully functional. In fedora this patch [1] has been backported to 1.11.2 to have the full functionality available. Once upstream will release 1.12 that will become the minimum reuirement. [1] https://github.com/krb5/krb5/commit/38cc076579888695a5820ceb44fe43020f5b61e1 Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix typo in gssproxy.8 manpageSimo Sorce2013-04-231-1/+1
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add new gssproxy-mech.8 manpage to describe the interposer pluginGünther Deschner2013-04-234-4/+150
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add more documentation in the gssproxy.conf manpage.Günther Deschner2013-04-231-0/+176
| | | | | | | Document options, sections, substitutions and default values. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add documentation for -d|--debug in gssproxy manpage.Günther Deschner2013-04-231-0/+11
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Use const string in config functionsSimo Sorce2013-04-235-19/+19
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Make config functions return actual error codes.Simo Sorce2013-04-233-27/+43
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Convert gp_config_get_* to return an error.Günther Deschner2013-04-236-103/+204
| | | | | | | ENOENT is returned if no value is available. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add support for per-service socketsSimo Sorce2013-04-2310-21/+128
| | | | | | | | This way different processes running as the same user can be configured as different servervices Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Improve default configuration.Simo Sorce2013-04-235-19/+15
| | | | | | | | Install by default working nfs configuration. For RPM also install by default file to configure interposer plugin. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Treat credential store as opaquely as possible.Simo Sorce2013-04-232-69/+95
| | | | | | | | | | | | | The credential store design goal is to allow administrators to set arbitrary strings without additional applications knowledge. This allows extending the number of crdential types GSSAPI can be made to support without having to recompile applications to add explicit support. Only explicitly check for cred store values that ned special treatment and let admins decide what to put in cred_store. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Use mutivalued "cred_store" parameter, deprecate unused parameters.Günther Deschner2013-04-232-27/+36
| | | | | | | | | | | | | | | | The krb5_{ccache,keytab,client_keytab} parameters are replaced with a multivalued "cred_store" parameter instead. krb5_keytab = /etc/krb5.keytab becomes: cred_store = keytab:/etc/krb5.keytab Likewise for the "krb5_ccache" and "krb5_client_keytab" parameters. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Signed-off-by: Simo Sorce <simo@redhat.com>
* Add gp_config_get_string_array() and an implementation in dinglibs backend.Günther Deschner2013-04-234-0/+104
| | | | | | | | | | | | | This call returns an allocated array of strings. It allows to return multiple values for a single parameter like: param = value1 param = value2 This cannot be supported with iniparser, so we have to remove iniparser support. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix potential double-frees in load_services().Günther Deschner2013-04-231-6/+5
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add --all option to interposetestGünther Deschner2013-04-231-1/+14
| | | | | | | test all possible proxy mode combinations only when --all is given. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* When checking for gssrpc libs also add gssapi library paths.Günther Deschner2013-04-111-1/+1
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Silence a configure warning by adding AM_PROG_AR.Günther Deschner2013-04-111-0/+1
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix memory leak in gp_service_free().Günther Deschner2013-04-111-0/+1
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Special case client_keytab for root userSimo Sorce2013-04-101-2/+7
| | | | | | | | Use /etc/krb5.keytab when nfsd service tries to acquire creds and no id is specified in desired_name. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Use new GSSAPI Credential Store APISimo Sorce2013-04-102-50/+38
| | | | | | | | | | This is the only thread safe way to pass in aribitrary values for all the bits of environment we want to use when doing impersonation within gss-proxy. Requires MIT version 1.12 for the client_keytab part to be operational. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add generic function to get creds defaultsSimo Sorce2013-04-103-25/+66
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Move string formatting in a separate functionSimo Sorce2013-04-101-57/+66
| | | | | | | This way it can be reused for keytab path names too Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Carefully process desired name based on serviceSimo Sorce2013-04-103-39/+36
| | | | | | | | | | | | In case the name type is GSS_C_NT_STRING_UID_NAME or GSS_NT_MACHINE_UID_NAME we want to be able to impersonate the user referenced by the uid. This is allowed exclusively for trusted services otherwise a generic unprivileged application would be allowed to impersonate any user if there are credentials available on the system or client keytabs installed. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add krb5_client_keytab config optionSimo Sorce2013-04-102-0/+9
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Import names as remote name by default.Simo Sorce2013-04-101-14/+21
| | | | | | | | | | | Always use remote name by default, otherwise canonicalization will loose information about the original name, for example it will convert names of the special type GSS_C_NT_STRING_UID_NAME or GSS_NT_MACHINE_UID_NAME in a non reversible way and the proxy will not be a le to use them as intended (for impersonation by trusted services). Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Replace deprecated libtool macrosSimo Sorce2013-04-101-2/+1
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Release 0.1.1Simo Sorce2013-04-081-1/+1
|
* Prefer ini_config library support over iniparser support.Günther Deschner2013-04-085-15/+20
| | | | | | | Abort if none of these libraries are found. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add dinglibs ini configuration detection and backend.Günther Deschner2013-04-085-0/+302
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Abstract configuration layer for gssproxy.Günther Deschner2013-04-086-58/+326
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add missing newlines to GPDEBUG statements.Günther Deschner2013-04-081-7/+7
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix tabs in configure.acSimo Sorce2013-04-081-6/+6
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Remove unused variablesSimo Sorce2013-04-032-4/+0
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix use of unintialized variableSimo Sorce2013-04-031-1/+1
| | | | | | Found by Coverity Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix a few more resource leaksSimo Sorce2013-04-032-2/+3
| | | | | | Still a couple resource leaks after the last Coverity scan Signed-off-by: Simo Sorce <simo@redhat.com>
* Use send() in client library to avoid SIGPIPESimo Sorce2013-04-031-2/+2
| | | | | | | | | | | The client library lives in applications that may not be blocking or ignoring SIGPIPE. Using write() can cause SIGPIPE to be raised in the application if the proxy is restarted. If the application does not catch the signal then it is terminated. Make sure this does not happen by using send() with the MSG_NOSIGNAL flag. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix dereference after null checks found by CoveritySimo Sorce2013-04-034-6/+13
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix missing break statement found by CoveritySimo Sorce2013-04-031-0/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix infinite loop due to bad sign of variableSimo Sorce2013-04-031-1/+1
| | | | | | | | | | | Change the i variable to be a signed integer ot the loop will never end because and unsigned integer decremented past 0 simply wraps to a very big integer. The condition that would break the loop can never be true therefore the code would loop forever until eventually a double free would cause a crash. Found by Coverity. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix resource leaks found by CoveritySimo Sorce2013-04-0312-37/+61
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix reporting of wrong error codesSimo Sorce2013-04-032-0/+6
| | | | | | Found by Coverity as 'Argument cannot be negative' type of error. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix dereference before null error fund by CoveritySimo Sorce2013-04-031-1/+3
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix uninizialized variables found by CoveritySimo Sorce2013-04-035-16/+15
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix locally dead code error found by coveritySimo Sorce2013-04-031-4/+3
| | | | | | | By setting closewait to 0 after waitpid we would loop forever not the max 10 times we intended to. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix copy and paste error found by CoveritySimo Sorce2013-04-031-2/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix unchecked return values found by CoveritySimo Sorce2013-04-033-4/+24
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Set version to 0.1Simo Sorce2013-04-011-1/+1
|
generated by cgit (git 2.34.1) at 2024-05-04 09:09:20 +0000