| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
This is the only thread safe way to pass in aribitrary values for all the bits
of environment we want to use when doing impersonation within gss-proxy.
Requires MIT version 1.12 for the client_keytab part to be operational.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
| |
This way it can be reused for keytab path names too
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In case the name type is GSS_C_NT_STRING_UID_NAME or GSS_NT_MACHINE_UID_NAME
we want to be able to impersonate the user referenced by the uid.
This is allowed exclusively for trusted services otherwise a generic
unprivileged application would be allowed to impersonate any user if there are
credentials available on the system or client keytabs installed.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add %U support which will insert the user uid number instead of name.
Fix %% support by actually removing one of the % charcters
Fix %<invalid> sequence by actually bailing out if one is found.
Add GPDEBUG statements to indicate what went wrong.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
| |
These includes are necessary when switching to gssrpc because they
are not automatically dragged in via dependencies in system rpc.h
|
| |
|
