gss-proxy.git/proxy/src/mechglue, branch wip Work on gss-proxy before it lands upstream Add helpers to store and retrieve encrypted creds 2015-12-01T22:45:56+00:00 Simo Sorce simo@redhat.com 2015-11-09T22:10:56+00:00 84fcb276d2253f34e5d50a87e42e34c1fd918a55 This will allow to (ab)use the krb5 ccache to store encrypted credentials in the user's ccache for later reuse. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwoood <rharwood@redhat.com> 
This will allow to (ab)use the krb5 ccache to store encrypted
credentials in the user's ccache for later reuse.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
Add gss_acquire_cred_impersonate_name support 2015-12-01T22:45:53+00:00 Simo Sorce simo@redhat.com 2014-08-12T22:05:47+00:00 7e71db8edc9694ed75110ddd9efa373250cc0545 This is used by a client that wants to peform a s4u2self operation using its server credentials. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwoood <rharwood@redhat.com> 
This is used by a client that wants to peform a s4u2self operation
using its server credentials.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
Fix formatting on noncompliant copyright lines 2015-09-04T20:34:42+00:00 Robbie Harwood rharwood@redhat.com 2015-09-04T20:16:26+00:00 78228b158ab45d2150ce47fdda363ff268810df0 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Fix handling of context initialization 2015-03-30T13:16:37+00:00 Simo Sorce simo@redhat.com 2015-03-29T21:42:08+00:00 f2b4591c2673fc72a809d89e9b2d1b90e4710af0 If a previous call has decided to use only local (to the process) credentials, then we need to override all the way to the end. A previous patch also swapped the order in which credential handler and context handler are initialized, make sure also to swap the fallback checks. Set the behavior to the process default only if it wasn't forced to local. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Lukas Slebodnik <lslebodn@redhat.com> 
If a previous call has decided to use only local (to the process)
credentials, then we need to override all the way to the end.

A previous patch also swapped the order in which credential handler
and context handler are initialized, make sure also to swap the
fallback checks.
Set the behavior to the process default only if it wasn't forced to
local.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Lukas Slebodnik <lslebodn@redhat.com>
Properly handle security contexts on error 2015-03-24T15:49:25+00:00 Simo Sorce simo@redhat.com 2015-02-26T20:49:59+00:00 ab69b71fcf9187269058b4e1ff7b394cc37f19da On error we need to make sure we do not return a pointer to a security context that may have been already freed. So make sure to always unconditionally return the context that we've been returned by our callees. Also reorganize the code so we do not accidently wipe the context and leak memoy on error. This fixed a double-free bug found by NFS folks @ Red Hat Fixes: https://fedorahosted.org/gss-proxy/ticket/137 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com> 
On error we need to make sure we do not return a pointer to a
security context that may have been already freed.
So make sure to always unconditionally return the context that we've
been returned by our callees.
Also reorganize the code so we do not accidently wipe the context
and leak memoy on error.

This fixed a double-free bug found by NFS folks @ Red Hat

Fixes: https://fedorahosted.org/gss-proxy/ticket/137

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
Zero out the outputs of display_name 2015-01-22T19:54:05+00:00 Simo Sorce simo@redhat.com 2015-01-22T19:26:23+00:00 9da1bc9dec8d228b35ef8639832cddc5e477ddf8 The mechglue expects the mechanism function to zero them in all cases. Otherwise on error it will later try to free the output buffer value which can be an arbitrary pointer. This will cause a segfault or worse in glibc's free(). Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Roland Mainz <rmainz@redhat.com> 
The mechglue expects the mechanism function to zero them in all cases.
Otherwise on error it will later try to free the output buffer value
which can be an arbitrary pointer. This will cause a segfault or
worse in glibc's free().

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Roland Mainz <rmainz@redhat.com>
Fix potential segfault in gssi_inquire_context(). 2014-02-05T14:08:53+00:00 Günther Deschner gdeschner@redhat.com 2014-01-29T16:59:03+00:00 c17f20b949d2e80e596ce21ecd944db80aaa80b1 Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Use secure_getenv in client and mechglue module 2013-11-21T12:48:25+00:00 Simo Sorce simo@redhat.com 2013-11-20T16:58:22+00:00 23f4ee4359d10f66e1938ce6b1d92d3cc77865ff proxymehc.so may be used in setuid binaries so follow best security practices and use secure_getenv() if available. Fallback to poorman emulation when secure_getenv() is not available. Resolves: https://fedorahosted.org/gss-proxy/ticket/110 Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
proxymehc.so may be used in setuid binaries so follow best security
practices and use secure_getenv() if available.
Fallback to poorman emulation when secure_getenv() is not available.

Resolves: https://fedorahosted.org/gss-proxy/ticket/110

Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Fix calling gpm_inquire_cred_by_mech 2013-11-19T13:04:09+00:00 Simo Sorce simo@redhat.com 2013-11-13T23:13:44+00:00 b8901d1d20a5d0ef1a3118bfe5816e04c09e6cf5 We need to pass the real mechanism oid here, not the spcial oid. special oids are used exclusively by the interposer and gssapi machinery that calls the interposer, they must never be propagated to clients or servers. https://fedorahosted.org/gss-proxy/ticket/107 Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
We need to pass the real mechanism oid here, not the spcial oid.
special oids are used exclusively by the interposer and gssapi
machinery that calls the interposer, they must never be propagated
to clients or servers.

https://fedorahosted.org/gss-proxy/ticket/107

Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Add way to return regular oid from special 2013-11-19T13:04:03+00:00 Simo Sorce simo@redhat.com 2013-11-13T23:12:44+00:00 122b35f7adf37bc81f6d53bb5f9e058b68334cbb In some cases we need to pass on the corresponding real oid, after we are given a special oid. Add helper functions to do that. https://fedorahosted.org/gss-proxy/ticket/107 Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
In some cases we need to pass on the corresponding real oid, after we
are given a special oid.
Add helper functions to do that.

https://fedorahosted.org/gss-proxy/ticket/107

Reviewed-by: Günther Deschner <gdeschner@redhat.com>