Allow arbitrary users to connect to a service

The rpc.gssd daemon is changing to fork and change uid to the unprivileged user it wants to authenticate, this means gssproxy needs to allow connection from any euid. When this is done though, the trusted flag needs to be dropped, if the connecting euid does not match the default trusted uid to prevent improper impersonation. Resolves: https://fedorahosted.org/gss-proxy/ticket/103
author: Simo Sorce <simo@redhat.com> 2013-10-14 16:20:11 -0400
committer: Simo Sorce <simo@redhat.com> 2013-10-14 17:30:53 -0400
commit: f513734b61873fa9bbbaec78f1221d291a0c94a5 (patch)
tree: f272be015995e05f7900f71453d2c3799c6b09af /proxy/src/gp_socket.c
parent: 66f3183c54e3c27c0224226fa60bf8b933190b4a (diff)
download: gss-proxy-f513734b61873fa9bbbaec78f1221d291a0c94a5.tar.gz
gss-proxy-f513734b61873fa9bbbaec78f1221d291a0c94a5.tar.xz
gss-proxy-f513734b61873fa9bbbaec78f1221d291a0c94a5.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/proxy/src/gp_socket.c b/proxy/src/gp_socket.c
index 521a2ee..b1851a2 100644
--- a/proxy/src/gp_socket.c
+++ b/proxy/src/gp_socket.c
@@ -101,6 +101,11 @@ struct gp_creds *gp_conn_get_creds(struct gp_conn *conn)
     return &conn->creds;
 }
 
+uid_t gp_conn_get_uid(struct gp_conn *conn)
+{
+    return conn->creds.ucred.uid;
+}
+
 const char *gp_conn_get_socket(struct gp_conn *conn)
 {
     return conn->sock_ctx->socket;
author	Simo Sorce <simo@redhat.com>	2013-10-14 16:20:11 -0400
committer	Simo Sorce <simo@redhat.com>	2013-10-14 17:30:53 -0400
commit	f513734b61873fa9bbbaec78f1221d291a0c94a5 (patch)
tree	f272be015995e05f7900f71453d2c3799c6b09af /proxy/src/gp_socket.c
parent	66f3183c54e3c27c0224226fa60bf8b933190b4a (diff)
download	gss-proxy-f513734b61873fa9bbbaec78f1221d291a0c94a5.tar.gz gss-proxy-f513734b61873fa9bbbaec78f1221d291a0c94a5.tar.xz gss-proxy-f513734b61873fa9bbbaec78f1221d291a0c94a5.zip