gss-proxy.git, branch getenv Work on gss-proxy before it lands upstream Use secure_getenv in client and mechglue module 2013-11-20T17:03:29+00:00 Simo Sorce simo@redhat.com 2013-11-20T16:58:22+00:00 30ce3354ed3300721ddf8de069b0647b55e718e6 proxymehc.so may be used in setuid binaries so follow best security practices and use secure_getenv() if available. Fallback to poorman emulation when secure_getenv() is not available. Resolves: https://fedorahosted.org/gss-proxy/ticket/110 
proxymehc.so may be used in setuid binaries so follow best security
practices and use secure_getenv() if available.
Fallback to poorman emulation when secure_getenv() is not available.

Resolves: https://fedorahosted.org/gss-proxy/ticket/110
creds: Allow admins to define only client creds 2013-11-16T23:54:28+00:00 Simo Sorce simo@redhat.com 2013-11-16T23:54:28+00:00 9824bec3a9fc14a527a4febd60a730f6deee0918 When a service is configured with cred_usage = initiate it is ok to allow only client credentials to be defined. 
When a service is configured with cred_usage = initiate it is
ok to allow only client credentials to be defined.
config: Do not modify const strings 2013-11-16T22:28:35+00:00 Simo Sorce simo@redhat.com 2013-11-16T22:08:06+00:00 5f6b2d295cc2542429f4e1b7144eb947681f64ca Take a copy here, the option string is const and strtok_r() is not a safe function as it may change the string it manipulates. 
Take a copy here, the option string is const and strtok_r() is not a safe
function as it may change the string it manipulates.
Change version to 0.3.0 2013-10-23T17:52:19+00:00 Simo Sorce simo@redhat.com 2013-10-14T21:01:00+00:00 d01b5199eefa3cf0974e5bf49295d00f389aa6eb Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Add impersonation support 2013-10-23T17:52:13+00:00 Simo Sorce simo@redhat.com 2013-08-21T01:28:04+00:00 649554391df40d51ae9339cd7e4a1d61f0dbe025 By setting the impersonate flag to true, the acquisition of credentials will be done using constrained delegation (s4uself + s4u2proxy). To work this needs MIT Kereberos 1.11.4 or later. Previous versions have a bug in the import_cred function that prevents the library from properly importing previously exported delegated credentials. Resolves: https://fedorahosted.org/gss-proxy/ticket/95 Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
By setting the impersonate flag to true, the acquisition of credentials will
be done using constrained delegation (s4uself + s4u2proxy).

To work this needs MIT Kereberos 1.11.4 or later.
Previous versions have a bug in the import_cred function that prevents the
library from properly importing previously exported delegated credentials.

Resolves: https://fedorahosted.org/gss-proxy/ticket/95

Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Move uid to name resolution in its own function. 2013-10-23T17:51:49+00:00 Simo Sorce simo@redhat.com 2013-08-21T00:29:13+00:00 485a2eb71d3a22c50a5be35318d421b451713ccb Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Add man page entry for cred_usage 2013-10-23T13:05:44+00:00 Simo Sorce simo@redhat.com 2013-10-18T14:55:57+00:00 ee2a1573a41e4a08dd00e9b37523656ae3ef4146 Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Add man page entry for allow_any_uid 2013-10-23T13:05:36+00:00 Simo Sorce simo@redhat.com 2013-10-18T14:51:47+00:00 6275cd7a923770faaa405e8b9642f3f861f80cbe Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Add option to specify allowed usage. 2013-10-18T13:46:24+00:00 Simo Sorce simo@redhat.com 2013-10-14T20:41:13+00:00 3f587569f2fdd9ec4db05748c5ed5ebbfc1ab5c9 Credentials can often be used both to accept and to initiate contexts. With this option admins can allow a specific usage only. This is to avoid allowing an unprivileged process to fool a remote client by allowing it to impersonate a server, when we only want to allow this service to use credentials to initiate contexts. Reviewed-by: Günther Deschner <gdeschner@redhat.com 
Credentials can often be used both to accept and to initiate contexts.
With this option admins can allow a specific usage only.
This is to avoid allowing an unprivileged process to fool a remote
client by allowing it to impersonate a server, when we only want to
allow this service to use credentials to initiate contexts.

Reviewed-by: Günther Deschner <gdeschner@redhat.com
Allow arbitrary users to connect to a service 2013-10-18T13:46:24+00:00 Simo Sorce simo@redhat.com 2013-10-14T20:20:11+00:00 a324853818fd75d7ec11c68de9d499f37228b26a The rpc.gssd daemon is changing to fork and change uid to the unprivileged user it wants to authenticate, this means gssproxy needs to allow connection from any euid. When this is done though, the trusted flag needs to be dropped, if the connecting euid does not match the default trusted uid to prevent improper impersonation. Resolves: https://fedorahosted.org/gss-proxy/ticket/103 Reviewed-by: Günther Deschner <gdeschner@redhat.com 
The rpc.gssd daemon is changing to fork and change uid to the unprivileged
user it wants to authenticate, this means gssproxy needs to allow connection
from any euid. When this is done though, the trusted flag needs to be dropped,
if the connecting euid does not match the default trusted uid to prevent
improper impersonation.

Resolves: https://fedorahosted.org/gss-proxy/ticket/103
Reviewed-by: Günther Deschner <gdeschner@redhat.com