gss-proxy.git/proxy/src/client, branch master Work on gss-proxy before it lands upstream Add gss_acquire_cred_impersonate_name support 2015-12-01T22:45:53+00:00 Simo Sorce simo@redhat.com 2014-08-12T22:05:47+00:00 7e71db8edc9694ed75110ddd9efa373250cc0545 This is used by a client that wants to peform a s4u2self operation using its server credentials. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwoood <rharwood@redhat.com> 
This is used by a client that wants to peform a s4u2self operation
using its server credentials.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
Fix const warning that can lead to issues 2015-11-30T17:59:01+00:00 Simo Sorce simo@redhat.com 2015-11-12T22:24:42+00:00 439cd2ff3bc7b2ab6374104f12c0dba5870f0381 This could lead to a free() being called on a constant, and that wuld be bad. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> 
This could lead to a free() being called on a constant, and that wuld be bad.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Fix possible explicit NULL deref in gpm_accept_sec_context 2015-10-29T21:52:08+00:00 Robbie Harwood rharwood@redhat.com 2015-10-29T21:44:47+00:00 0ad90967eb23066c1e346579f7476ed3c9d0582d Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Fix potential deadlock on socket grab 2015-10-29T21:51:06+00:00 Robbie Harwood rharwood@redhat.com 2015-10-29T21:28:14+00:00 461a5fa9f91a2753ebeef6323a64239c35e2f250 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Clear message structure before decoding into it 2015-10-21T21:00:19+00:00 Robbie Harwood rharwood@redhat.com 2015-10-21T16:46:29+00:00 959309797916214cc4f0cd8832bcdbcc3d62dc0c This resolves a segfault appearing on ARM. Ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1235902 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
This resolves a segfault appearing on ARM.

Ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1235902
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Correct handling of EINTR on read()/write() 2015-09-29T01:41:40+00:00 Robbie Harwood rharwood@redhat.com 2015-09-28T23:59:59+00:00 df58bccfa5bfb42d7162f537c506a658729d4175 The common send/recv functions where zeroing the ret variable only once causing a loop if EINTR as actually ever set. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Signed-off-by: Simo Sorce <simo@redhat.com> 
The common send/recv functions where zeroing the ret variable only
once causing a loop if EINTR as actually ever set.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
Fix formatting on noncompliant copyright lines 2015-09-04T20:34:42+00:00 Robbie Harwood rharwood@redhat.com 2015-09-04T20:16:26+00:00 78228b158ab45d2150ce47fdda363ff268810df0 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Suppress warning: use after free 2015-03-29T21:34:42+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-03-28T15:49:17+00:00 00c6b95f7f10bd0b1897f8384d7ff985a9633c81 gssx_ctx is released in case of error. After the latest changes, the old ctx is always replaced to new one and output argument is set. Although it would not be used because return code would not be success it's safer to set NULL to the pointer and avoid warnings from static analyzers. src/client/gpm_init_sec_context.c:108: alias: Assigning: "ctx" = "res->context_handle". Now both point to the same storage. src/client/gpm_init_sec_context.c:156: freed_arg: "free" frees "ctx". src/client/gpm_init_sec_context.c:173: use_after_free: Using freed pointer "ctx". Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
gssx_ctx is released in case of error. After the latest changes,
the old ctx is always replaced to new one and output argument is set.

Although it would not be used because return code would not be success
it's safer to set NULL to the pointer and avoid warnings from static analyzers.

src/client/gpm_init_sec_context.c:108:
    alias: Assigning: "ctx" = "res->context_handle".
    Now both point to the same storage.
src/client/gpm_init_sec_context.c:156: freed_arg: "free" frees "ctx".
src/client/gpm_init_sec_context.c:173: use_after_free: Using freed pointer "ctx".

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Remove unused parameter from get_pipe_name 2015-03-29T21:32:01+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-03-28T13:14:04+00:00 ff6e3a3f259a5e55ccf92a1b8ec60fb264ac3425 Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Properly handle security contexts on error 2015-03-24T15:49:25+00:00 Simo Sorce simo@redhat.com 2015-02-26T20:49:59+00:00 ab69b71fcf9187269058b4e1ff7b394cc37f19da On error we need to make sure we do not return a pointer to a security context that may have been already freed. So make sure to always unconditionally return the context that we've been returned by our callees. Also reorganize the code so we do not accidently wipe the context and leak memoy on error. This fixed a double-free bug found by NFS folks @ Red Hat Fixes: https://fedorahosted.org/gss-proxy/ticket/137 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com> 
On error we need to make sure we do not return a pointer to a
security context that may have been already freed.
So make sure to always unconditionally return the context that we've
been returned by our callees.
Also reorganize the code so we do not accidently wipe the context
and leak memoy on error.

This fixed a double-free bug found by NFS folks @ Red Hat

Fixes: https://fedorahosted.org/gss-proxy/ticket/137

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>