diff options
author | Simo Sorce <simo@redhat.com> | 2012-09-13 17:46:18 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2012-10-25 16:01:46 -0400 |
commit | e78bee35cf2309e1d2b7ae9c9af38a1dd8e841c8 (patch) | |
tree | 2998d8736a6182d1d164ac1f72387a94ee815716 /proxy/src/gp_config.c | |
parent | 14af3cd9a2bcc00a3c98941c42007032f2e810e3 (diff) | |
download | gss-proxy-e78bee35cf2309e1d2b7ae9c9af38a1dd8e841c8.tar.gz gss-proxy-e78bee35cf2309e1d2b7ae9c9af38a1dd8e841c8.tar.xz gss-proxy-e78bee35cf2309e1d2b7ae9c9af38a1dd8e841c8.zip |
Use new gss_import/export_cred functions
This allows us to remove the ring_buffer hack and become completely
stateless as well as remove a possible DoS avenue.
R.I.P. Ring Buffer :-)
Diffstat (limited to 'proxy/src/gp_config.c')
-rw-r--r-- | proxy/src/gp_config.c | 87 |
1 files changed, 8 insertions, 79 deletions
diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c index 6776ed5..e6ad49c 100644 --- a/proxy/src/gp_config.c +++ b/proxy/src/gp_config.c @@ -30,10 +30,8 @@ #include <errno.h> #include "gp_proxy.h" #include "iniparser.h" -#include "gp_ring_buffer.h" #define GP_SOCKET_NAME "gssproxy.socket" -#define GP_RING_BUFFER_SIZE 4096 static void gp_service_free(struct gp_service *svc) { @@ -43,6 +41,7 @@ static void gp_service_free(struct gp_service *svc) free(svc->krb5.keytab); free(svc->krb5.ccache); } + gp_free_creds_handle(&svc->creds_handle); memset(svc, 0, sizeof(struct gp_service)); } @@ -126,39 +125,15 @@ static int get_krb5_mech_cfg(struct gp_service *svc, return 0; } -static int setup_service_ring_buffer(struct gp_config *cfg, - struct gp_service *svc, - int buffer_size) +static int setup_service_creds_handle(struct gp_service *svc) { uint32_t ret_maj, ret_min; - struct gp_ring_buffer **newrb; - uint32_t num; - if (buffer_size == -1) { - /* a reasonable default ? */ - buffer_size = GP_RING_BUFFER_SIZE; - } - - num = cfg->num_ring_buffers; - newrb = realloc(cfg->ring_buffers, - sizeof(struct gp_ring_buffer *) * (num + 1)); - if (!newrb) { - return ENOMEM; - } - cfg->ring_buffers = newrb; - - ret_maj = gp_init_ring_buffer(&ret_min, - svc->name, - buffer_size, - &cfg->ring_buffers[num]); + ret_maj = gp_init_creds_handle(&ret_min, &svc->creds_handle); if (ret_maj) { return ret_min; } - cfg->num_ring_buffers++; - - svc->ring_buffer = cfg->ring_buffers[num]; - return 0; } @@ -219,21 +194,9 @@ static int load_services(struct gp_config *cfg, dictionary *dict) } } - if (cfg->svcs[n]->trusted) { - /* buffer 0 is trusted */ - cfg->svcs[n]->ring_buffer = cfg->ring_buffers[0]; - } else { - /* buffer 1 is untrusted */ - cfg->svcs[n]->ring_buffer = cfg->ring_buffers[1]; - } - - value = get_char_value(dict, secname, "dedicated_ring_buffer"); - if (value && option_is_set(value)) { - valnum = get_int_value(dict, secname, "ring_buffer_size"); - ret = setup_service_ring_buffer(cfg, cfg->svcs[n], valnum); - if (ret) { - goto done; - } + ret = setup_service_creds_handle(cfg->svcs[n]); + if (ret) { + goto done; } value = get_char_value(dict, secname, "mechs"); @@ -322,34 +285,6 @@ int load_config(struct gp_config *cfg) cfg->num_workers = iniparser_getint(d, "gssproxy:worker threads", 0); - /* The two main ring_buffers need to be initialized before any dedicated - * ring_buffers (from services) are appended - gd */ - - cfg->num_ring_buffers = 2; - cfg->ring_buffers = calloc(cfg->num_ring_buffers, sizeof(struct gp_ring_buffer *)); - if (!cfg->ring_buffers) { - ret = ENOMEM; - goto done; - } - - ret_maj = gp_init_ring_buffer(&ret_min, - "default_trusted", - GP_RING_BUFFER_SIZE, - &cfg->ring_buffers[0]); - if (ret_maj) { - ret = ret_min; - goto done; - } - - ret_maj = gp_init_ring_buffer(&ret_min, - "default_untrusted", - GP_RING_BUFFER_SIZE, - &cfg->ring_buffers[1]); - if (ret_maj) { - ret = ret_min; - goto done; - } - ret = load_services(cfg, d); done: @@ -400,9 +335,9 @@ struct gp_config *read_config(char *config_file, int opt_daemonize) return cfg; } -struct gp_ring_buffer *gp_service_get_ring_buffer(struct gp_service *svc) +struct gp_creds_handle *gp_service_get_creds_handle(struct gp_service *svc) { - return svc->ring_buffer; + return svc->creds_handle; } void free_config(struct gp_config *config) @@ -421,10 +356,4 @@ void free_config(struct gp_config *config) } free(config->svcs); - - for (i=0; i < config->num_ring_buffers; i++) { - gp_free_ring_buffer(config->ring_buffers[i]); - } - - free(config->ring_buffers); } |