summaryrefslogtreecommitdiffstats
path: root/proxy/src
Commit message (Collapse)AuthorAgeFilesLines
* Fix write_pid debug messageSimo Sorce2013-03-271-1/+1
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Use token wrapper in gpp_remote_lo_local_ctxSimo Sorce2013-03-221-4/+39
| | | | | We need to do the wrapping in order to get back an actual local context. Otherwise we get back an interposed context from gssapi.
* Create helper function to wrap tokenSimo Sorce2013-03-223-20/+34
| | | | Wrap the token in a helper function so that the code can be reused elsewhere.
* Write pid file at startup.Simo Sorce2013-03-224-0/+37
|
* Make socket path a configure optionSimo Sorce2013-03-222-23/+13
| | | | | | | The kernel uses the fixed path named /var/run/gssproxy.sock Make this default a configure time option and default to it. Also remove the option to change the socket at configure time, neither the kernel nor proxymech.so can cope with a change anyway.
* Enable kernel support.Simo Sorce2013-03-224-0/+60
| | | | | | | | The Linux kernel now requires the gss-proxy to signal when it is available. This is done by writing 1 to the file /proc/net/rpc/use-gss-proxy Once this happens the kernel will try to attach to the gss-proxy socket and use it instead of the classic rpc.svcgssd daemon.
* Fix gssi_context_time for remote calls.Günther Deschner2013-03-141-4/+3
| | | | | | lifetime is alredy returned as remaining seconds of lifetime. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix gssi_import_sec_context_by_mech()Günther Deschner2013-03-141-1/+1
| | | | | | Use spmech->length as we are replacing the original oid with spmech. Signed-off-by: Simo Sorce <simo@redhat.com>
* mechglue: add trace debuggingGünther Deschner2013-03-1411-0/+131
| | | | | | This is enabled via --with-gssidebug. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add debug statement when gp_rpc_execute is called.Günther Deschner2013-03-141-17/+61
| | | | | | Add code to print the name of tehe GSSX function being executed. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add support to get peer's SeLinux contextSimo Sorce2013-03-141-2/+21
|
* Fix includesSimo Sorce2013-03-146-0/+6
| | | | | These includes are necessary when switching to gssrpc because they are not automatically dragged in via dependencies in system rpc.h
* mechglue: initialize gpp cred_handle in gssi_acquire_cred_with_password().Günther Deschner2013-02-221-1/+1
|
* mechglue: fix gssi_set_cred_option() arguments.Günther Deschner2013-02-222-4/+4
|
* interposer-plugin: Fix MIT 1.11 gssi_import_sec_context_by_mech symbol name.Günther Deschner2013-02-152-8/+8
|
* Change interposer usage, clients need to set GSS_USE_PROXY=1|YES.Günther Deschner2013-01-152-3/+6
| | | | | | The variable _GSSPROXY_LOOPS has been changed in favor of GSS_USE_PROXY. From now on, applications needs to explicitly enable the usage of the gssproxy interposer inception.
* Use new gss_import/export_cred functionsSimo Sorce2012-10-259-403/+98
| | | | | | | This allows us to remove the ring_buffer hack and become completely stateless as well as remove a possible DoS avenue. R.I.P. Ring Buffer :-)
* Implement export_name_compositeGünther Deschner2012-10-252-0/+28
|
* Call gss_export_name_composite() from gp_conv_name_to_gssx().Günther Deschner2012-10-252-1/+23
| | | | Make sure to return success in gp_conv_name_to_gssx() at that point.
* Add gpm_export_name_composite().Günther Deschner2012-10-252-0/+31
|
* New test program to exercise the mechglue pluginSimo Sorce2012-10-251-1/+1
|
* Implement internal_release_oidSimo Sorce2012-10-252-0/+27
|
* Implement misc spi callsSimo Sorce2012-10-252-0/+218
|
* Implement privacy/integrity mechglue wrappersSimo Sorce2012-10-252-0/+420
|
* Implement indicate mechs related mechglue wrappersSimo Sorce2012-10-253-1/+217
|
* Implement name related mechglue wrappersSimo Sorce2012-10-252-0/+456
|
* Implement display status mechglue wrappersSimo Sorce2012-10-252-0/+75
|
* Implement init sec context mechglue wrapperSimo Sorce2012-10-253-0/+228
|
* Implement accept sec context mechglue wrappersSimo Sorce2012-10-252-0/+167
|
* Implement context related mechglue wrappersSimo Sorce2012-10-252-0/+460
| | | | | Use the new spi call in order to be able to properly implement a context locally.
* Implement cred related mechglue wrappersSimo Sorce2012-10-253-0/+831
|
* Add name handle wrapperSimo Sorce2012-10-259-111/+142
|
* Add context handle wrapperSimo Sorce2012-10-255-12/+17
|
* Add cred handle wrapperSimo Sorce2012-10-256-23/+28
|
* Add function to ease copying oidsSimo Sorce2012-10-252-0/+25
|
* Add function to convert remote context to localSimo Sorce2012-10-252-0/+18
|
* Add simple functions to map errorsSimo Sorce2012-10-252-0/+26
| | | | | | | | | | The mechglue stores a map of errors/mech oids, this means that we should never return the same error we got from a mechanism after re-entering the mechglue as we then may get the mechglue confused and prevent us from asking an interposed mech for the error. Also we want to try to aqvoid collisions from errors returned from the proxy, as they could end up fetching errors from the wrong mechanism. For now just make a very simple mapping by always adding a special error base.
* Add function to return a special mechSimo Sorce2012-10-253-0/+204
| | | | | | | | When the interposer wants to call the mechglue and have it call a real mechanism it does so by providing a speecial mechanism oid. This is an oid composed of the procy plugin oid and the real mechanism oid that the mechglue transforms back into a real OID before selecting the appropriate mechanism.
* Add mechanism to select behavior based on envvarSimo Sorce2012-10-252-0/+38
|
* Add loop avoidance in proxy daemon and gssapi pluginSimo Sorce2012-10-252-0/+11
|
* Add initialization codeSimo Sorce2012-10-252-0/+141
| | | | | | | For now return fixed list of mechanisms. Later on we can try to fetch this list from the proxy. Also split RPC client code from actual plugin
* Implement gpm_wrap_size_limit().Günther Deschner2012-09-142-0/+91
| | | | Acked-by: Simo Sorce <simo@redhat.com>
* Implement gpm_unwrap().Günther Deschner2012-09-142-0/+130
| | | | Acked-by: Simo Sorce <simo@redhat.com>
* Implement gpm_wrap()Günther Deschner2012-09-142-1/+130
| | | | Acked-by: Simo Sorce <simo@redhat.com>
* Implement gpm_verify_mic().Günther Deschner2012-09-142-0/+98
|
* Implement gpm_get_mic().Günther Deschner2012-09-142-1/+103
|
* Implement gpm_compare_nameSimo Sorce2012-09-142-0/+53
|
* Implement gpm_inquire_contextSimo Sorce2012-09-142-0/+121
|
* Implement gpm_inquire_credSimo Sorce2012-09-142-0/+221
|
* Move client lib files in their own directorySimo Sorce2012-08-3110-7/+2
| | | | | | | Make space for the actual mechglue plugin interface. The mechglue interface will use the client library to communicate with the gss-proxy but will reimplement all GSSAPI SPI as wrappers in order to properly handle fallbacks to local mechanism and other input/output transformations.
generated by cgit (git 2.34.1) at 2025-09-25 23:13:54 +0000