gss-proxy.git/proxy/src, branch wip Work on gss-proxy before it lands upstream Since krb5 1.14 inquire_context may return no name 2015-12-14T22:38:36+00:00 Simo Sorce simo@redhat.com 2015-12-14T22:38:36+00:00 7f6a8e0b0f54a1cb4ad734c6506122e6d391d32d In 1.14 a patch to more officially support partially established contexts has been intrdouced. With this patch names are not returned. Cope with that by checking if a name is provided before trying to convert. Signed-off-by: Simo Sorce <simo@redhat.com> 
In 1.14 a patch to more officially support partially established contexts
has been intrdouced. With this patch names are not returned.

Cope with that by checking if a name is provided before trying to convert.

Signed-off-by: Simo Sorce <simo@redhat.com>
Fix acquiring default credentials 2015-12-01T22:46:00+00:00 Simo Sorce simo@redhat.com 2015-11-13T22:54:27+00:00 8e28e35b9cf2cc6f1a2b4166b8cc1ae0856578d3 In this case we want to prefer sourcing the "acceptor" credentials from a keytab if available, as that's what applications expect if they have no credentials. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwoood <rharwood@redhat.com> 
In this case we want to prefer sourcing the "acceptor" credentials from
a keytab if available, as that's what applications expect if they have
no credentials.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
Add helpers to store and retrieve encrypted creds 2015-12-01T22:45:56+00:00 Simo Sorce simo@redhat.com 2015-11-09T22:10:56+00:00 84fcb276d2253f34e5d50a87e42e34c1fd918a55 This will allow to (ab)use the krb5 ccache to store encrypted credentials in the user's ccache for later reuse. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwoood <rharwood@redhat.com> 
This will allow to (ab)use the krb5 ccache to store encrypted
credentials in the user's ccache for later reuse.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
Add gss_acquire_cred_impersonate_name support 2015-12-01T22:45:53+00:00 Simo Sorce simo@redhat.com 2014-08-12T22:05:47+00:00 7e71db8edc9694ed75110ddd9efa373250cc0545 This is used by a client that wants to peform a s4u2self operation using its server credentials. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwoood <rharwood@redhat.com> 
This is used by a client that wants to peform a s4u2self operation
using its server credentials.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
Add helper to find options in rpc messages 2015-12-01T22:45:34+00:00 Simo Sorce simo@redhat.com 2014-08-12T22:04:42+00:00 e155f81d84f7dd0b0b643a1228c2f9c503fc87e5 Use it in gp_export.c where the code is duplicate already. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwoood <rharwood@redhat.com> 
Use it in gp_export.c where the code is duplicate already.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
Add higher level debugging for all rpc calls 2015-12-01T22:33:54+00:00 Simo Sorce simo@redhat.com 2015-11-11T04:02:04+00:00 fdcad4fa9696c5f501b16d1b3f622ccc28b6147f Print everything, except octet string buffers which are truncated. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> 
Print everything, except octet string buffers which are truncated.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Add options to specify a debug level 2015-12-01T22:33:42+00:00 Simo Sorce simo@redhat.com 2015-11-11T03:59:05+00:00 71d316dfc51bcb9e18da61fb7299bb021523cde4 Print only messages that are at that level or lower. Also add timestamps to debug messages. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> 
Print only messages that are at that level or lower.
Also add timestamps to debug messages.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Improve code in gp_export_gssx_cred() 2015-11-30T17:59:06+00:00 Simo Sorce simo@redhat.com 2015-11-29T16:25:14+00:00 79e92a939784d248390cc2357387e667b7c97d9c Remove dead code, and set length only if allocation was successful. Also resolve valgrind complaints about uninitialized memory. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> 
Remove dead code, and set length only if allocation was successful.
Also resolve valgrind complaints about uninitialized memory.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Fix const warning that can lead to issues 2015-11-30T17:59:01+00:00 Simo Sorce simo@redhat.com 2015-11-12T22:24:42+00:00 439cd2ff3bc7b2ab6374104f12c0dba5870f0381 This could lead to a free() being called on a constant, and that wuld be bad. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> 
This could lead to a free() being called on a constant, and that wuld be bad.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Fix const warning in gp_creds.c 2015-11-30T17:58:55+00:00 Simo Sorce simo@redhat.com 2015-11-13T14:58:16+00:00 0e2fb2e07272a57281e52329776b71afad93803a Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>