diff options
| author | Simo Sorce <simo@redhat.com> | 2013-12-22 16:13:56 -0500 |
|---|---|---|
| committer | Günther Deschner <gdeschner@redhat.com> | 2014-01-14 16:07:27 +0100 |
| commit | a14cb37d199fec9227f668fe107bf38f99b8b842 (patch) | |
| tree | 87846966a6820a6c109e856d7185f490f81ffd01 /proxy/src/gp_proxy.h | |
| parent | 8b147c9196d9068d0fc5e5a8919b84e8cbb97ef4 (diff) | |
| download | gss-proxy-a14cb37d199fec9227f668fe107bf38f99b8b842.tar.gz gss-proxy-a14cb37d199fec9227f668fe107bf38f99b8b842.tar.xz gss-proxy-a14cb37d199fec9227f668fe107bf38f99b8b842.zip | |
Add support for dropping privileges
If the 'proxy user' configuation option is set in the [gssproxy] section then
GSS Proxy will drop privileges to the specified after setting up all the
sockets.
Care must be taken to make sure all the resources the daemon need access to
(keytabs, ccache directories, etc..) are accessible as the proxy user.
Implements: https://fedorahosted.org/gss-proxy/ticket/102
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Diffstat (limited to 'proxy/src/gp_proxy.h')
| -rw-r--r-- | proxy/src/gp_proxy.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h index b6c64ae..733fec5 100644 --- a/proxy/src/gp_proxy.h +++ b/proxy/src/gp_proxy.h @@ -74,6 +74,8 @@ struct gp_config { struct gp_service **svcs; int num_svcs; + + char *proxy_user; /* user to drop privs to if not NULL */ }; struct gp_workers; @@ -109,6 +111,7 @@ void fini_server(void); verto_ctx *init_event_loop(void); void init_proc_nfsd(struct gp_config *cfg); void write_pid(void); +int drop_privs(struct gp_config *cfg); /* from gp_socket.c */ struct gp_sock_ctx *init_unix_socket(struct gssproxy_ctx *gpctx, |