summaryrefslogtreecommitdiffstats
path: root/proxy/src
diff options
context:
space:
mode:
Diffstat (limited to 'proxy/src')
-rw-r--r--proxy/src/gp_config.c7
-rw-r--r--proxy/src/gp_creds.c27
-rw-r--r--proxy/src/gp_export.c8
-rw-r--r--proxy/src/gp_export.h6
-rw-r--r--proxy/src/gp_proxy.h11
-rw-r--r--proxy/src/gp_rpc_accept_sec_context.c11
-rw-r--r--proxy/src/gp_rpc_acquire_cred.c13
-rw-r--r--proxy/src/gp_rpc_creds.h9
-rw-r--r--proxy/src/gp_rpc_get_mic.c3
-rw-r--r--proxy/src/gp_rpc_import_and_canon_name.c3
-rw-r--r--proxy/src/gp_rpc_indicate_mechs.c3
-rw-r--r--proxy/src/gp_rpc_init_sec_context.c12
-rw-r--r--proxy/src/gp_rpc_process.c13
-rw-r--r--proxy/src/gp_rpc_process.h3
-rw-r--r--proxy/src/gp_rpc_release_handle.c3
-rw-r--r--proxy/src/gp_rpc_unwrap.c3
-rw-r--r--proxy/src/gp_rpc_verify_mic.c3
-rw-r--r--proxy/src/gp_rpc_wrap.c3
-rw-r--r--proxy/src/gp_rpc_wrap_size_limit.c3
-rw-r--r--proxy/src/gp_socket.c5
-rw-r--r--proxy/src/gp_workers.c10
21 files changed, 89 insertions, 70 deletions
diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c
index ee218b4..943906a 100644
--- a/proxy/src/gp_config.c
+++ b/proxy/src/gp_config.c
@@ -184,6 +184,13 @@ static int load_services(struct gp_config *cfg, struct gp_ini_context *ctx)
}
cfg->svcs[n]->euid = valnum;
+ ret = gp_config_get_string(ctx, secname, "allow_any_uid", &value);
+ if (ret == 0) {
+ if (gp_boolean_is_true(value)) {
+ cfg->svcs[n]->any_uid = true;
+ }
+ }
+
ret = gp_config_get_string(ctx, secname, "trusted", &value);
if (ret == 0) {
if (gp_boolean_is_true(value)) {
diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
index 4d68afb..b047d8f 100644
--- a/proxy/src/gp_creds.c
+++ b/proxy/src/gp_creds.c
@@ -49,12 +49,12 @@ struct supported_mechs_map {
{ 0, NULL }
};
-bool gp_creds_allowed_mech(struct gp_service *svc, gss_OID desired_mech)
+bool gp_creds_allowed_mech(struct gp_call_ctx *gpcall, gss_OID desired_mech)
{
int i;
for (i = 0; supported_mechs_map[i].internal_id != 0; i++) {
- if (svc->mechs & supported_mechs_map[i].internal_id) {
+ if (gpcall->service->mechs & supported_mechs_map[i].internal_id) {
if (gss_oid_equal(desired_mech, supported_mechs_map[i].mech)) {
return true;
}
@@ -64,8 +64,7 @@ bool gp_creds_allowed_mech(struct gp_service *svc, gss_OID desired_mech)
return false;
}
-uint32_t gp_get_supported_mechs(uint32_t *min,
- struct gp_service *svc, gss_OID_set *set)
+uint32_t gp_get_supported_mechs(uint32_t *min, gss_OID_set *set)
{
uint32_t ret_maj;
uint32_t ret_min;
@@ -102,7 +101,8 @@ struct gp_service *gp_creds_match_conn(struct gssproxy_ctx *gpctx,
socket = gp_conn_get_socket(conn);
for (i = 0; i < gpctx->config->num_svcs; i++) {
- if (gpctx->config->svcs[i]->euid == gcs->ucred.uid) {
+ if (gpctx->config->svcs[i]->any_uid ||
+ gpctx->config->svcs[i]->euid == gcs->ucred.uid) {
if (gpctx->config->svcs[i]->socket) {
if (!gp_same(socket, gpctx->config->svcs[i]->socket)) {
continue;
@@ -202,12 +202,13 @@ static void free_cred_store_elements(gss_key_value_set_desc *cs)
safefree(cs->elements);
}
-static int gp_get_cred_environment(struct gp_service *svc,
+static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
gssx_name *desired_name,
gss_name_t *requested_name,
gss_cred_usage_t cred_usage,
gss_key_value_set_desc *cs)
{
+ struct gp_service *svc;
gss_name_t name = GSS_C_NO_NAME;
gss_OID_desc name_type;
uint32_t ret_maj = 0;
@@ -222,17 +223,25 @@ static int gp_get_cred_environment(struct gp_service *svc,
int ck_num = -1;
int c, s;
- target_uid = svc->euid;
+ target_uid = gp_conn_get_uid(gpcall->connection);
+ svc = gpcall->service;
if (desired_name) {
gp_conv_gssx_to_oid(&desired_name->name_type, &name_type);
+ /* A service retains the trusted flag only if the current uid matches
+ * the configured euid */
if (svc->trusted &&
+ (svc->euid == target_uid) &&
(gss_oid_equal(&name_type, GSS_C_NT_STRING_UID_NAME) ||
gss_oid_equal(&name_type, GSS_C_NT_MACHINE_UID_NAME))) {
target_uid = atol(desired_name->display_name.octet_string_val);
user_requested = true;
} else {
+ /* it's a user request if it comes from an arbitrary uid */
+ if (svc->euid != target_uid) {
+ user_requested = true;
+ }
ret_maj = gp_conv_gssx_to_name(&ret_min, desired_name, &name);
if (ret_maj) {
goto done;
@@ -333,7 +342,7 @@ done:
}
uint32_t gp_add_krb5_creds(uint32_t *min,
- struct gp_service *svc,
+ struct gp_call_ctx *gpcall,
gss_cred_id_t in_cred,
gssx_name *desired_name,
gss_cred_usage_t cred_usage,
@@ -369,7 +378,7 @@ uint32_t gp_add_krb5_creds(uint32_t *min,
return GSS_S_CRED_UNAVAIL;
}
- ret_min = gp_get_cred_environment(svc, desired_name, &req_name,
+ ret_min = gp_get_cred_environment(gpcall, desired_name, &req_name,
cred_usage, &cred_store);
if (ret_min) {
ret_maj = GSS_S_CRED_UNAVAIL;
diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c
index 2710589..51dd686 100644
--- a/proxy/src/gp_export.c
+++ b/proxy/src/gp_export.c
@@ -187,7 +187,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,
return 0;
}
-uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_service *svc,
+uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall,
gss_cred_id_t *in, gssx_cred *out)
{
uint32_t ret_maj;
@@ -268,7 +268,7 @@ uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_service *svc,
el->acceptor_time_rec = acceptor_lifetime;
}
- handle = gp_service_get_creds_handle(svc);
+ handle = gp_service_get_creds_handle(gpcall->service);
if (!handle) {
ret_maj = GSS_S_FAILURE;
ret_min = EINVAL;
@@ -340,7 +340,7 @@ static void gp_set_cred_options(gssx_cred *cred, gss_cred_id_t gss_cred)
}
}
-uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_service *svc,
+uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall,
gssx_cred *cred, gss_cred_id_t *out)
{
gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
@@ -349,7 +349,7 @@ uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_service *svc,
uint32_t ret_min;
int ret;
- handle = gp_service_get_creds_handle(svc);
+ handle = gp_service_get_creds_handle(gpcall->service);
if (!handle) {
ret_maj = GSS_S_FAILURE;
ret_min = EINVAL;
diff --git a/proxy/src/gp_export.h b/proxy/src/gp_export.h
index 28d2229..58c0040 100644
--- a/proxy/src/gp_export.h
+++ b/proxy/src/gp_export.h
@@ -29,11 +29,11 @@
#include <gssapi/gssapi.h>
#include "rpcgen/gss_proxy.h"
-struct gp_service;
+struct gp_call_ctx;
-uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_service *svc,
+uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall,
gss_cred_id_t *in, gssx_cred *out);
-uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_service *svc,
+uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall,
gssx_cred *cred, gss_cred_id_t *out);
int gp_get_exported_context_type(struct gssx_call_ctx *ctx);
diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h
index 835fcf5..a5b3a28 100644
--- a/proxy/src/gp_proxy.h
+++ b/proxy/src/gp_proxy.h
@@ -50,6 +50,7 @@ struct gp_creds_handle;
struct gp_service {
char *name;
uid_t euid;
+ bool any_uid;
bool trusted;
bool kernel_nfsd;
char *socket;
@@ -87,6 +88,12 @@ struct gp_sock_ctx {
struct gp_conn;
+struct gp_call_ctx {
+ struct gssproxy_ctx *gpctx;
+ struct gp_service *service;
+ struct gp_conn *connection;
+};
+
/* from gp_config.c */
struct gp_config *read_config(char *config_file, int opt_daemonize);
struct gp_creds_handle *gp_service_get_creds_handle(struct gp_service *svc);
@@ -107,6 +114,7 @@ void gp_conn_free(struct gp_conn *conn);
void gp_socket_send_data(verto_ctx *vctx, struct gp_conn *conn,
uint8_t *buffer, size_t buflen);
struct gp_creds *gp_conn_get_creds(struct gp_conn *conn);
+uid_t gp_conn_get_uid(struct gp_conn *conn);
const char *gp_conn_get_socket(struct gp_conn *conn);
bool gp_conn_check_selinux(struct gp_conn *conn, SELINUX_CTX ctx);
@@ -117,8 +125,7 @@ int gp_query_new(struct gp_workers *w, struct gp_conn *conn,
uint8_t *buffer, size_t buflen);
/* from gp_rpc.c */
-int gp_rpc_process_call(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_rpc_process_call(struct gp_call_ctx *gpcall,
uint8_t *inbuf, size_t inlen,
uint8_t **outbuf, size_t *outlen);
diff --git a/proxy/src/gp_rpc_accept_sec_context.c b/proxy/src/gp_rpc_accept_sec_context.c
index e43b72a..40370aa 100644
--- a/proxy/src/gp_rpc_accept_sec_context.c
+++ b/proxy/src/gp_rpc_accept_sec_context.c
@@ -25,8 +25,7 @@
#include "gp_rpc_process.h"
-int gp_accept_sec_context(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_accept_sec_context(struct gp_call_ctx *gpcall,
union gp_rpc_arg *arg,
union gp_rpc_res *res)
{
@@ -67,14 +66,15 @@ int gp_accept_sec_context(struct gssproxy_ctx *gpctx,
}
if (asca->cred_handle) {
- ret_maj = gp_import_gssx_cred(&ret_min, gpsvc, asca->cred_handle, &ach);
+ ret_maj = gp_import_gssx_cred(&ret_min, gpcall,
+ asca->cred_handle, &ach);
if (ret_maj) {
goto done;
}
}
if (ach == GSS_C_NO_CREDENTIAL) {
- ret_maj = gp_add_krb5_creds(&ret_min, gpsvc,
+ ret_maj = gp_add_krb5_creds(&ret_min, gpcall,
NULL, NULL,
GSS_C_ACCEPT,
0, 0,
@@ -145,8 +145,7 @@ int gp_accept_sec_context(struct gssproxy_ctx *gpctx,
ret_min = ENOMEM;
goto done;
}
- ret_maj = gp_export_gssx_cred(&ret_min,
- gpsvc,
+ ret_maj = gp_export_gssx_cred(&ret_min, gpcall,
&dch, ascr->delegated_cred_handle);
if (ret_maj) {
goto done;
diff --git a/proxy/src/gp_rpc_acquire_cred.c b/proxy/src/gp_rpc_acquire_cred.c
index c5bf1a2..0f53989 100644
--- a/proxy/src/gp_rpc_acquire_cred.c
+++ b/proxy/src/gp_rpc_acquire_cred.c
@@ -26,8 +26,7 @@
#include "gp_rpc_process.h"
#include <gssapi/gssapi_krb5.h>
-int gp_acquire_cred(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_acquire_cred(struct gp_call_ctx *gpcall,
union gp_rpc_arg *arg,
union gp_rpc_res *res)
{
@@ -49,7 +48,7 @@ int gp_acquire_cred(struct gssproxy_ctx *gpctx,
acr = &res->acquire_cred;
if (aca->input_cred_handle) {
- ret_maj = gp_import_gssx_cred(&ret_min, gpsvc,
+ ret_maj = gp_import_gssx_cred(&ret_min, gpcall,
aca->input_cred_handle, &in_cred);
if (ret_maj) {
goto done;
@@ -80,7 +79,7 @@ int gp_acquire_cred(struct gssproxy_ctx *gpctx,
for (i = 0; i < desired_mechs->count; i++) {
desired_mech = &desired_mechs->elements[i];
- if (!gp_creds_allowed_mech(gpsvc, desired_mech)) {
+ if (!gp_creds_allowed_mech(gpcall, desired_mech)) {
continue;
}
@@ -99,7 +98,7 @@ int gp_acquire_cred(struct gssproxy_ctx *gpctx,
goto done;
}
} else {
- ret_maj = gp_get_supported_mechs(&ret_min, gpsvc, &use_mechs);
+ ret_maj = gp_get_supported_mechs(&ret_min, &use_mechs);
if (ret_maj) {
goto done;
}
@@ -114,7 +113,7 @@ int gp_acquire_cred(struct gssproxy_ctx *gpctx,
* that define keytabs and ccaches and principals */
if (gss_oid_equal(desired_mech, gss_mech_krb5)) {
ret_maj = gp_add_krb5_creds(&ret_min,
- gpsvc,
+ gpcall,
in_cred,
aca->desired_name,
cred_usage,
@@ -150,7 +149,7 @@ int gp_acquire_cred(struct gssproxy_ctx *gpctx,
ret_min = ENOMEM;
goto done;
}
- ret_maj = gp_export_gssx_cred(&ret_min, gpsvc,
+ ret_maj = gp_export_gssx_cred(&ret_min, gpcall,
&out_cred, acr->output_cred_handle);
if (ret_maj) {
goto done;
diff --git a/proxy/src/gp_rpc_creds.h b/proxy/src/gp_rpc_creds.h
index 50e3392..6389ebe 100644
--- a/proxy/src/gp_rpc_creds.h
+++ b/proxy/src/gp_rpc_creds.h
@@ -30,14 +30,13 @@
#include <stdint.h>
#include <gssapi/gssapi.h>
-struct gp_service;
+struct gp_call_ctx;
-bool gp_creds_allowed_mech(struct gp_service *svc, gss_OID desired_mech);
-uint32_t gp_get_supported_mechs(uint32_t *min,
- struct gp_service *svc, gss_OID_set *set);
+bool gp_creds_allowed_mech(struct gp_call_ctx *gpcall, gss_OID desired_mech);
+uint32_t gp_get_supported_mechs(uint32_t *min, gss_OID_set *set);
uint32_t gp_add_krb5_creds(uint32_t *min,
- struct gp_service *svc,
+ struct gp_call_ctx *gpcall,
gss_cred_id_t in_cred,
gssx_name *desired_name,
gss_cred_usage_t cred_usage,
diff --git a/proxy/src/gp_rpc_get_mic.c b/proxy/src/gp_rpc_get_mic.c
index 9f37731..ca60fe4 100644
--- a/proxy/src/gp_rpc_get_mic.c
+++ b/proxy/src/gp_rpc_get_mic.c
@@ -27,8 +27,7 @@
#include "gp_rpc_process.h"
#include <gssapi/gssapi.h>
-int gp_get_mic(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_get_mic(struct gp_call_ctx *gpcall,
union gp_rpc_arg *arg,
union gp_rpc_res *res)
{
diff --git a/proxy/src/gp_rpc_import_and_canon_name.c b/proxy/src/gp_rpc_import_and_canon_name.c
index ba2bc06..1988a8b 100644
--- a/proxy/src/gp_rpc_import_and_canon_name.c
+++ b/proxy/src/gp_rpc_import_and_canon_name.c
@@ -31,8 +31,7 @@
* I am not kidding, if you hav not read it, go back and do it now, or do not
* touch this function */
-int gp_import_and_canon_name(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_import_and_canon_name(struct gp_call_ctx *gpcall,
union gp_rpc_arg *arg,
union gp_rpc_res *res)
{
diff --git a/proxy/src/gp_rpc_indicate_mechs.c b/proxy/src/gp_rpc_indicate_mechs.c
index c85243b..e231828 100644
--- a/proxy/src/gp_rpc_indicate_mechs.c
+++ b/proxy/src/gp_rpc_indicate_mechs.c
@@ -26,8 +26,7 @@
#include "gp_rpc_process.h"
#include "gp_debug.h"
-int gp_indicate_mechs(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_indicate_mechs(struct gp_call_ctx *gpcall,
union gp_rpc_arg *arg,
union gp_rpc_res *res)
{
diff --git a/proxy/src/gp_rpc_init_sec_context.c b/proxy/src/gp_rpc_init_sec_context.c
index fa87b15..944389c 100644
--- a/proxy/src/gp_rpc_init_sec_context.c
+++ b/proxy/src/gp_rpc_init_sec_context.c
@@ -25,8 +25,7 @@
#include "gp_rpc_process.h"
-int gp_init_sec_context(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_init_sec_context(struct gp_call_ctx *gpcall,
union gp_rpc_arg *arg,
union gp_rpc_res *res)
{
@@ -68,15 +67,18 @@ int gp_init_sec_context(struct gssproxy_ctx *gpctx,
}
if (isca->cred_handle) {
- ret_maj = gp_import_gssx_cred(&ret_min, gpsvc,
+ ret_maj = gp_import_gssx_cred(&ret_min, gpcall,
isca->cred_handle, &ich);
if (ret_maj) {
goto done;
}
+ } else {
+ /* FIXME: get ccache from gpsvc ? */
+ ret_maj = GSS_S_CRED_UNAVAIL;
+ ret_min = 0;
+ goto done;
}
- /* FIXME: gett ccache from gpsvc */
-
ret_maj = gp_conv_gssx_to_name(&ret_min, isca->target_name, &target_name);
if (ret_maj) {
goto done;
diff --git a/proxy/src/gp_rpc_process.c b/proxy/src/gp_rpc_process.c
index 18f8dc6..74dada1 100644
--- a/proxy/src/gp_rpc_process.c
+++ b/proxy/src/gp_rpc_process.c
@@ -333,14 +333,14 @@ static const char *gp_rpc_procname(uint32_t proc)
return gp_xdr_set[proc].proc_name;
}
-static int gp_rpc_execute(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc, uint32_t proc,
+static int gp_rpc_execute(struct gp_call_ctx *gpcall, uint32_t proc,
union gp_rpc_arg *arg, union gp_rpc_res *res)
{
GPDEBUG("gp_rpc_execute: executing %d (%s) for service \"%s\", euid: %d, socket: %s\n",
- proc, gp_rpc_procname(proc), gpsvc->name, gpsvc->euid, gpsvc->socket);
+ proc, gp_rpc_procname(proc), gpcall->service->name,
+ gp_conn_get_uid(gpcall->connection), gpcall->service->socket);
- return gp_xdr_set[proc].exec_fn(gpctx, gpsvc, arg, res);
+ return gp_xdr_set[proc].exec_fn(gpcall, arg, res);
}
static int gp_rpc_return_buffer(XDR *xdr_reply_ctx, char *reply_buffer,
@@ -371,8 +371,7 @@ static void gp_rpc_free_xdrs(int proc,
xdr_free(gp_xdr_set[proc].res_fn, (char *)res);
}
-int gp_rpc_process_call(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_rpc_process_call(struct gp_call_ctx *gpcall,
uint8_t *inbuf, size_t inlen,
uint8_t **outbuf, size_t *outlen)
{
@@ -398,7 +397,7 @@ int gp_rpc_process_call(struct gssproxy_ctx *gpctx,
ret = gp_rpc_decode_call(&xdr_call_ctx, &xid, &proc, &arg, &acc, &rej);
if (!ret) {
/* execute request */
- ret = gp_rpc_execute(gpctx, gpsvc, proc, &arg, &res);
+ ret = gp_rpc_execute(gpcall, proc, &arg, &res);
if (ret) {
acc = GP_RPC_SYSTEM_ERR;
ret = EINVAL;
diff --git a/proxy/src/gp_rpc_process.h b/proxy/src/gp_rpc_process.h
index a0e8102..0a9b426 100644
--- a/proxy/src/gp_rpc_process.h
+++ b/proxy/src/gp_rpc_process.h
@@ -42,8 +42,7 @@
struct gssproxy_ctx;
struct gp_service;
-#define gp_exec_std_args struct gssproxy_ctx *gpctx, \
- struct gp_service *gpsvc, \
+#define gp_exec_std_args struct gp_call_ctx *gpcall, \
union gp_rpc_arg *arg, \
union gp_rpc_res *res
diff --git a/proxy/src/gp_rpc_release_handle.c b/proxy/src/gp_rpc_release_handle.c
index a9f5ee2..97fc896 100644
--- a/proxy/src/gp_rpc_release_handle.c
+++ b/proxy/src/gp_rpc_release_handle.c
@@ -25,8 +25,7 @@
#include "gp_rpc_process.h"
-int gp_release_handle(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_release_handle(struct gp_call_ctx *gpcall,
union gp_rpc_arg *arg,
union gp_rpc_res *res)
{
diff --git a/proxy/src/gp_rpc_unwrap.c b/proxy/src/gp_rpc_unwrap.c
index a1f5404..a20b8ea 100644
--- a/proxy/src/gp_rpc_unwrap.c
+++ b/proxy/src/gp_rpc_unwrap.c
@@ -27,8 +27,7 @@
#include "gp_rpc_process.h"
#include <gssapi/gssapi.h>
-int gp_unwrap(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_unwrap(struct gp_call_ctx *gpcall,
union gp_rpc_arg *arg,
union gp_rpc_res *res)
{
diff --git a/proxy/src/gp_rpc_verify_mic.c b/proxy/src/gp_rpc_verify_mic.c
index b2032de..68369a0 100644
--- a/proxy/src/gp_rpc_verify_mic.c
+++ b/proxy/src/gp_rpc_verify_mic.c
@@ -27,8 +27,7 @@
#include "gp_rpc_process.h"
#include <gssapi/gssapi.h>
-int gp_verify_mic(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_verify_mic(struct gp_call_ctx *gpcall,
union gp_rpc_arg *arg,
union gp_rpc_res *res)
{
diff --git a/proxy/src/gp_rpc_wrap.c b/proxy/src/gp_rpc_wrap.c
index e8ef530..d17c292 100644
--- a/proxy/src/gp_rpc_wrap.c
+++ b/proxy/src/gp_rpc_wrap.c
@@ -27,8 +27,7 @@
#include "gp_rpc_process.h"
#include <gssapi/gssapi.h>
-int gp_wrap(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_wrap(struct gp_call_ctx *gpcall,
union gp_rpc_arg *arg,
union gp_rpc_res *res)
{
diff --git a/proxy/src/gp_rpc_wrap_size_limit.c b/proxy/src/gp_rpc_wrap_size_limit.c
index 90f989d..481d04a 100644
--- a/proxy/src/gp_rpc_wrap_size_limit.c
+++ b/proxy/src/gp_rpc_wrap_size_limit.c
@@ -27,8 +27,7 @@
#include "gp_rpc_process.h"
#include <gssapi/gssapi.h>
-int gp_wrap_size_limit(struct gssproxy_ctx *gpctx,
- struct gp_service *gpsvc,
+int gp_wrap_size_limit(struct gp_call_ctx *gpcall,
union gp_rpc_arg *arg,
union gp_rpc_res *res)
{
diff --git a/proxy/src/gp_socket.c b/proxy/src/gp_socket.c
index 521a2ee..b1851a2 100644
--- a/proxy/src/gp_socket.c
+++ b/proxy/src/gp_socket.c
@@ -101,6 +101,11 @@ struct gp_creds *gp_conn_get_creds(struct gp_conn *conn)
return &conn->creds;
}
+uid_t gp_conn_get_uid(struct gp_conn *conn)
+{
+ return conn->creds.ucred.uid;
+}
+
const char *gp_conn_get_socket(struct gp_conn *conn)
{
return conn->sock_ctx->socket;
diff --git a/proxy/src/gp_workers.c b/proxy/src/gp_workers.c
index 6d650c6..bca2cc8 100644
--- a/proxy/src/gp_workers.c
+++ b/proxy/src/gp_workers.c
@@ -430,19 +430,21 @@ static void *gp_worker_main(void *pvt)
static void gp_handle_query(struct gp_workers *w, struct gp_query *q)
{
- struct gp_service *gpsvc;
+ struct gp_call_ctx gpcall;
uint8_t *buffer;
size_t buflen;
int ret;
/* find service */
- gpsvc = gp_creds_match_conn(w->gpctx, q->conn);
- if (!gpsvc) {
+ gpcall.gpctx = w->gpctx;
+ gpcall.service = gp_creds_match_conn(w->gpctx, q->conn);
+ if (!gpcall.service) {
q->status = GP_QUERY_ERR;
return;
}
+ gpcall.connection = q->conn;
- ret = gp_rpc_process_call(w->gpctx, gpsvc,
+ ret = gp_rpc_process_call(&gpcall,
q->buffer, q->buflen,
&buffer, &buflen);
if (ret) {
generated by cgit (git 2.34.1) at 2025-07-03 13:21:01 +0000