diff options
Diffstat (limited to 'proxy')
| -rw-r--r-- | proxy/examples/gssproxy.conf.in | 1 | ||||
| -rw-r--r-- | proxy/src/gp_config.c | 7 | ||||
| -rw-r--r-- | proxy/src/gp_creds.c | 27 | ||||
| -rw-r--r-- | proxy/src/gp_export.c | 8 | ||||
| -rw-r--r-- | proxy/src/gp_export.h | 6 | ||||
| -rw-r--r-- | proxy/src/gp_proxy.h | 11 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_accept_sec_context.c | 11 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_acquire_cred.c | 13 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_creds.h | 9 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_get_mic.c | 3 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_import_and_canon_name.c | 3 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_indicate_mechs.c | 3 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_init_sec_context.c | 12 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_process.c | 13 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_process.h | 3 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_release_handle.c | 3 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_unwrap.c | 3 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_verify_mic.c | 3 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_wrap.c | 3 | ||||
| -rw-r--r-- | proxy/src/gp_rpc_wrap_size_limit.c | 3 | ||||
| -rw-r--r-- | proxy/src/gp_socket.c | 5 | ||||
| -rw-r--r-- | proxy/src/gp_workers.c | 10 |
22 files changed, 90 insertions, 70 deletions
diff --git a/proxy/examples/gssproxy.conf.in b/proxy/examples/gssproxy.conf.in index 0f8339e..262125a 100644 --- a/proxy/examples/gssproxy.conf.in +++ b/proxy/examples/gssproxy.conf.in @@ -13,5 +13,6 @@ cred_store = keytab:/etc/krb5.keytab cred_store = ccache:FILE:@gpstatedir@/clients/krb5cc_%U cred_store = client_keytab:@gpstatedir@/clients/%U.keytab + allow_any_uid = yes trusted = yes euid = 0 diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c index ee218b4..943906a 100644 --- a/proxy/src/gp_config.c +++ b/proxy/src/gp_config.c @@ -184,6 +184,13 @@ static int load_services(struct gp_config *cfg, struct gp_ini_context *ctx) } cfg->svcs[n]->euid = valnum; + ret = gp_config_get_string(ctx, secname, "allow_any_uid", &value); + if (ret == 0) { + if (gp_boolean_is_true(value)) { + cfg->svcs[n]->any_uid = true; + } + } + ret = gp_config_get_string(ctx, secname, "trusted", &value); if (ret == 0) { if (gp_boolean_is_true(value)) { diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c index 4d68afb..b047d8f 100644 --- a/proxy/src/gp_creds.c +++ b/proxy/src/gp_creds.c @@ -49,12 +49,12 @@ struct supported_mechs_map { { 0, NULL } }; -bool gp_creds_allowed_mech(struct gp_service *svc, gss_OID desired_mech) +bool gp_creds_allowed_mech(struct gp_call_ctx *gpcall, gss_OID desired_mech) { int i; for (i = 0; supported_mechs_map[i].internal_id != 0; i++) { - if (svc->mechs & supported_mechs_map[i].internal_id) { + if (gpcall->service->mechs & supported_mechs_map[i].internal_id) { if (gss_oid_equal(desired_mech, supported_mechs_map[i].mech)) { return true; } @@ -64,8 +64,7 @@ bool gp_creds_allowed_mech(struct gp_service *svc, gss_OID desired_mech) return false; } -uint32_t gp_get_supported_mechs(uint32_t *min, - struct gp_service *svc, gss_OID_set *set) +uint32_t gp_get_supported_mechs(uint32_t *min, gss_OID_set *set) { uint32_t ret_maj; uint32_t ret_min; @@ -102,7 +101,8 @@ struct gp_service *gp_creds_match_conn(struct gssproxy_ctx *gpctx, socket = gp_conn_get_socket(conn); for (i = 0; i < gpctx->config->num_svcs; i++) { - if (gpctx->config->svcs[i]->euid == gcs->ucred.uid) { + if (gpctx->config->svcs[i]->any_uid || + gpctx->config->svcs[i]->euid == gcs->ucred.uid) { if (gpctx->config->svcs[i]->socket) { if (!gp_same(socket, gpctx->config->svcs[i]->socket)) { continue; @@ -202,12 +202,13 @@ static void free_cred_store_elements(gss_key_value_set_desc *cs) safefree(cs->elements); } -static int gp_get_cred_environment(struct gp_service *svc, +static int gp_get_cred_environment(struct gp_call_ctx *gpcall, gssx_name *desired_name, gss_name_t *requested_name, gss_cred_usage_t cred_usage, gss_key_value_set_desc *cs) { + struct gp_service *svc; gss_name_t name = GSS_C_NO_NAME; gss_OID_desc name_type; uint32_t ret_maj = 0; @@ -222,17 +223,25 @@ static int gp_get_cred_environment(struct gp_service *svc, int ck_num = -1; int c, s; - target_uid = svc->euid; + target_uid = gp_conn_get_uid(gpcall->connection); + svc = gpcall->service; if (desired_name) { gp_conv_gssx_to_oid(&desired_name->name_type, &name_type); + /* A service retains the trusted flag only if the current uid matches + * the configured euid */ if (svc->trusted && + (svc->euid == target_uid) && (gss_oid_equal(&name_type, GSS_C_NT_STRING_UID_NAME) || gss_oid_equal(&name_type, GSS_C_NT_MACHINE_UID_NAME))) { target_uid = atol(desired_name->display_name.octet_string_val); user_requested = true; } else { + /* it's a user request if it comes from an arbitrary uid */ + if (svc->euid != target_uid) { + user_requested = true; + } ret_maj = gp_conv_gssx_to_name(&ret_min, desired_name, &name); if (ret_maj) { goto done; @@ -333,7 +342,7 @@ done: } uint32_t gp_add_krb5_creds(uint32_t *min, - struct gp_service *svc, + struct gp_call_ctx *gpcall, gss_cred_id_t in_cred, gssx_name *desired_name, gss_cred_usage_t cred_usage, @@ -369,7 +378,7 @@ uint32_t gp_add_krb5_creds(uint32_t *min, return GSS_S_CRED_UNAVAIL; } - ret_min = gp_get_cred_environment(svc, desired_name, &req_name, + ret_min = gp_get_cred_environment(gpcall, desired_name, &req_name, cred_usage, &cred_store); if (ret_min) { ret_maj = GSS_S_CRED_UNAVAIL; diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c index 2710589..51dd686 100644 --- a/proxy/src/gp_export.c +++ b/proxy/src/gp_export.c @@ -187,7 +187,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key, return 0; } -uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_service *svc, +uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall, gss_cred_id_t *in, gssx_cred *out) { uint32_t ret_maj; @@ -268,7 +268,7 @@ uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_service *svc, el->acceptor_time_rec = acceptor_lifetime; } - handle = gp_service_get_creds_handle(svc); + handle = gp_service_get_creds_handle(gpcall->service); if (!handle) { ret_maj = GSS_S_FAILURE; ret_min = EINVAL; @@ -340,7 +340,7 @@ static void gp_set_cred_options(gssx_cred *cred, gss_cred_id_t gss_cred) } } -uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_service *svc, +uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall, gssx_cred *cred, gss_cred_id_t *out) { gss_buffer_desc token = GSS_C_EMPTY_BUFFER; @@ -349,7 +349,7 @@ uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_service *svc, uint32_t ret_min; int ret; - handle = gp_service_get_creds_handle(svc); + handle = gp_service_get_creds_handle(gpcall->service); if (!handle) { ret_maj = GSS_S_FAILURE; ret_min = EINVAL; diff --git a/proxy/src/gp_export.h b/proxy/src/gp_export.h index 28d2229..58c0040 100644 --- a/proxy/src/gp_export.h +++ b/proxy/src/gp_export.h @@ -29,11 +29,11 @@ #include <gssapi/gssapi.h> #include "rpcgen/gss_proxy.h" -struct gp_service; +struct gp_call_ctx; -uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_service *svc, +uint32_t gp_export_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall, gss_cred_id_t *in, gssx_cred *out); -uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_service *svc, +uint32_t gp_import_gssx_cred(uint32_t *min, struct gp_call_ctx *gpcall, gssx_cred *cred, gss_cred_id_t *out); int gp_get_exported_context_type(struct gssx_call_ctx *ctx); diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h index 835fcf5..a5b3a28 100644 --- a/proxy/src/gp_proxy.h +++ b/proxy/src/gp_proxy.h @@ -50,6 +50,7 @@ struct gp_creds_handle; struct gp_service { char *name; uid_t euid; + bool any_uid; bool trusted; bool kernel_nfsd; char *socket; @@ -87,6 +88,12 @@ struct gp_sock_ctx { struct gp_conn; +struct gp_call_ctx { + struct gssproxy_ctx *gpctx; + struct gp_service *service; + struct gp_conn *connection; +}; + /* from gp_config.c */ struct gp_config *read_config(char *config_file, int opt_daemonize); struct gp_creds_handle *gp_service_get_creds_handle(struct gp_service *svc); @@ -107,6 +114,7 @@ void gp_conn_free(struct gp_conn *conn); void gp_socket_send_data(verto_ctx *vctx, struct gp_conn *conn, uint8_t *buffer, size_t buflen); struct gp_creds *gp_conn_get_creds(struct gp_conn *conn); +uid_t gp_conn_get_uid(struct gp_conn *conn); const char *gp_conn_get_socket(struct gp_conn *conn); bool gp_conn_check_selinux(struct gp_conn *conn, SELINUX_CTX ctx); @@ -117,8 +125,7 @@ int gp_query_new(struct gp_workers *w, struct gp_conn *conn, uint8_t *buffer, size_t buflen); /* from gp_rpc.c */ -int gp_rpc_process_call(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_rpc_process_call(struct gp_call_ctx *gpcall, uint8_t *inbuf, size_t inlen, uint8_t **outbuf, size_t *outlen); diff --git a/proxy/src/gp_rpc_accept_sec_context.c b/proxy/src/gp_rpc_accept_sec_context.c index e43b72a..40370aa 100644 --- a/proxy/src/gp_rpc_accept_sec_context.c +++ b/proxy/src/gp_rpc_accept_sec_context.c @@ -25,8 +25,7 @@ #include "gp_rpc_process.h" -int gp_accept_sec_context(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_accept_sec_context(struct gp_call_ctx *gpcall, union gp_rpc_arg *arg, union gp_rpc_res *res) { @@ -67,14 +66,15 @@ int gp_accept_sec_context(struct gssproxy_ctx *gpctx, } if (asca->cred_handle) { - ret_maj = gp_import_gssx_cred(&ret_min, gpsvc, asca->cred_handle, &ach); + ret_maj = gp_import_gssx_cred(&ret_min, gpcall, + asca->cred_handle, &ach); if (ret_maj) { goto done; } } if (ach == GSS_C_NO_CREDENTIAL) { - ret_maj = gp_add_krb5_creds(&ret_min, gpsvc, + ret_maj = gp_add_krb5_creds(&ret_min, gpcall, NULL, NULL, GSS_C_ACCEPT, 0, 0, @@ -145,8 +145,7 @@ int gp_accept_sec_context(struct gssproxy_ctx *gpctx, ret_min = ENOMEM; goto done; } - ret_maj = gp_export_gssx_cred(&ret_min, - gpsvc, + ret_maj = gp_export_gssx_cred(&ret_min, gpcall, &dch, ascr->delegated_cred_handle); if (ret_maj) { goto done; diff --git a/proxy/src/gp_rpc_acquire_cred.c b/proxy/src/gp_rpc_acquire_cred.c index c5bf1a2..0f53989 100644 --- a/proxy/src/gp_rpc_acquire_cred.c +++ b/proxy/src/gp_rpc_acquire_cred.c @@ -26,8 +26,7 @@ #include "gp_rpc_process.h" #include <gssapi/gssapi_krb5.h> -int gp_acquire_cred(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_acquire_cred(struct gp_call_ctx *gpcall, union gp_rpc_arg *arg, union gp_rpc_res *res) { @@ -49,7 +48,7 @@ int gp_acquire_cred(struct gssproxy_ctx *gpctx, acr = &res->acquire_cred; if (aca->input_cred_handle) { - ret_maj = gp_import_gssx_cred(&ret_min, gpsvc, + ret_maj = gp_import_gssx_cred(&ret_min, gpcall, aca->input_cred_handle, &in_cred); if (ret_maj) { goto done; @@ -80,7 +79,7 @@ int gp_acquire_cred(struct gssproxy_ctx *gpctx, for (i = 0; i < desired_mechs->count; i++) { desired_mech = &desired_mechs->elements[i]; - if (!gp_creds_allowed_mech(gpsvc, desired_mech)) { + if (!gp_creds_allowed_mech(gpcall, desired_mech)) { continue; } @@ -99,7 +98,7 @@ int gp_acquire_cred(struct gssproxy_ctx *gpctx, goto done; } } else { - ret_maj = gp_get_supported_mechs(&ret_min, gpsvc, &use_mechs); + ret_maj = gp_get_supported_mechs(&ret_min, &use_mechs); if (ret_maj) { goto done; } @@ -114,7 +113,7 @@ int gp_acquire_cred(struct gssproxy_ctx *gpctx, * that define keytabs and ccaches and principals */ if (gss_oid_equal(desired_mech, gss_mech_krb5)) { ret_maj = gp_add_krb5_creds(&ret_min, - gpsvc, + gpcall, in_cred, aca->desired_name, cred_usage, @@ -150,7 +149,7 @@ int gp_acquire_cred(struct gssproxy_ctx *gpctx, ret_min = ENOMEM; goto done; } - ret_maj = gp_export_gssx_cred(&ret_min, gpsvc, + ret_maj = gp_export_gssx_cred(&ret_min, gpcall, &out_cred, acr->output_cred_handle); if (ret_maj) { goto done; diff --git a/proxy/src/gp_rpc_creds.h b/proxy/src/gp_rpc_creds.h index 50e3392..6389ebe 100644 --- a/proxy/src/gp_rpc_creds.h +++ b/proxy/src/gp_rpc_creds.h @@ -30,14 +30,13 @@ #include <stdint.h> #include <gssapi/gssapi.h> -struct gp_service; +struct gp_call_ctx; -bool gp_creds_allowed_mech(struct gp_service *svc, gss_OID desired_mech); -uint32_t gp_get_supported_mechs(uint32_t *min, - struct gp_service *svc, gss_OID_set *set); +bool gp_creds_allowed_mech(struct gp_call_ctx *gpcall, gss_OID desired_mech); +uint32_t gp_get_supported_mechs(uint32_t *min, gss_OID_set *set); uint32_t gp_add_krb5_creds(uint32_t *min, - struct gp_service *svc, + struct gp_call_ctx *gpcall, gss_cred_id_t in_cred, gssx_name *desired_name, gss_cred_usage_t cred_usage, diff --git a/proxy/src/gp_rpc_get_mic.c b/proxy/src/gp_rpc_get_mic.c index 9f37731..ca60fe4 100644 --- a/proxy/src/gp_rpc_get_mic.c +++ b/proxy/src/gp_rpc_get_mic.c @@ -27,8 +27,7 @@ #include "gp_rpc_process.h" #include <gssapi/gssapi.h> -int gp_get_mic(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_get_mic(struct gp_call_ctx *gpcall, union gp_rpc_arg *arg, union gp_rpc_res *res) { diff --git a/proxy/src/gp_rpc_import_and_canon_name.c b/proxy/src/gp_rpc_import_and_canon_name.c index ba2bc06..1988a8b 100644 --- a/proxy/src/gp_rpc_import_and_canon_name.c +++ b/proxy/src/gp_rpc_import_and_canon_name.c @@ -31,8 +31,7 @@ * I am not kidding, if you hav not read it, go back and do it now, or do not * touch this function */ -int gp_import_and_canon_name(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_import_and_canon_name(struct gp_call_ctx *gpcall, union gp_rpc_arg *arg, union gp_rpc_res *res) { diff --git a/proxy/src/gp_rpc_indicate_mechs.c b/proxy/src/gp_rpc_indicate_mechs.c index c85243b..e231828 100644 --- a/proxy/src/gp_rpc_indicate_mechs.c +++ b/proxy/src/gp_rpc_indicate_mechs.c @@ -26,8 +26,7 @@ #include "gp_rpc_process.h" #include "gp_debug.h" -int gp_indicate_mechs(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_indicate_mechs(struct gp_call_ctx *gpcall, union gp_rpc_arg *arg, union gp_rpc_res *res) { diff --git a/proxy/src/gp_rpc_init_sec_context.c b/proxy/src/gp_rpc_init_sec_context.c index fa87b15..944389c 100644 --- a/proxy/src/gp_rpc_init_sec_context.c +++ b/proxy/src/gp_rpc_init_sec_context.c @@ -25,8 +25,7 @@ #include "gp_rpc_process.h" -int gp_init_sec_context(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_init_sec_context(struct gp_call_ctx *gpcall, union gp_rpc_arg *arg, union gp_rpc_res *res) { @@ -68,15 +67,18 @@ int gp_init_sec_context(struct gssproxy_ctx *gpctx, } if (isca->cred_handle) { - ret_maj = gp_import_gssx_cred(&ret_min, gpsvc, + ret_maj = gp_import_gssx_cred(&ret_min, gpcall, isca->cred_handle, &ich); if (ret_maj) { goto done; } + } else { + /* FIXME: get ccache from gpsvc ? */ + ret_maj = GSS_S_CRED_UNAVAIL; + ret_min = 0; + goto done; } - /* FIXME: gett ccache from gpsvc */ - ret_maj = gp_conv_gssx_to_name(&ret_min, isca->target_name, &target_name); if (ret_maj) { goto done; diff --git a/proxy/src/gp_rpc_process.c b/proxy/src/gp_rpc_process.c index 18f8dc6..74dada1 100644 --- a/proxy/src/gp_rpc_process.c +++ b/proxy/src/gp_rpc_process.c @@ -333,14 +333,14 @@ static const char *gp_rpc_procname(uint32_t proc) return gp_xdr_set[proc].proc_name; } -static int gp_rpc_execute(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, uint32_t proc, +static int gp_rpc_execute(struct gp_call_ctx *gpcall, uint32_t proc, union gp_rpc_arg *arg, union gp_rpc_res *res) { GPDEBUG("gp_rpc_execute: executing %d (%s) for service \"%s\", euid: %d, socket: %s\n", - proc, gp_rpc_procname(proc), gpsvc->name, gpsvc->euid, gpsvc->socket); + proc, gp_rpc_procname(proc), gpcall->service->name, + gp_conn_get_uid(gpcall->connection), gpcall->service->socket); - return gp_xdr_set[proc].exec_fn(gpctx, gpsvc, arg, res); + return gp_xdr_set[proc].exec_fn(gpcall, arg, res); } static int gp_rpc_return_buffer(XDR *xdr_reply_ctx, char *reply_buffer, @@ -371,8 +371,7 @@ static void gp_rpc_free_xdrs(int proc, xdr_free(gp_xdr_set[proc].res_fn, (char *)res); } -int gp_rpc_process_call(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_rpc_process_call(struct gp_call_ctx *gpcall, uint8_t *inbuf, size_t inlen, uint8_t **outbuf, size_t *outlen) { @@ -398,7 +397,7 @@ int gp_rpc_process_call(struct gssproxy_ctx *gpctx, ret = gp_rpc_decode_call(&xdr_call_ctx, &xid, &proc, &arg, &acc, &rej); if (!ret) { /* execute request */ - ret = gp_rpc_execute(gpctx, gpsvc, proc, &arg, &res); + ret = gp_rpc_execute(gpcall, proc, &arg, &res); if (ret) { acc = GP_RPC_SYSTEM_ERR; ret = EINVAL; diff --git a/proxy/src/gp_rpc_process.h b/proxy/src/gp_rpc_process.h index a0e8102..0a9b426 100644 --- a/proxy/src/gp_rpc_process.h +++ b/proxy/src/gp_rpc_process.h @@ -42,8 +42,7 @@ struct gssproxy_ctx; struct gp_service; -#define gp_exec_std_args struct gssproxy_ctx *gpctx, \ - struct gp_service *gpsvc, \ +#define gp_exec_std_args struct gp_call_ctx *gpcall, \ union gp_rpc_arg *arg, \ union gp_rpc_res *res diff --git a/proxy/src/gp_rpc_release_handle.c b/proxy/src/gp_rpc_release_handle.c index a9f5ee2..97fc896 100644 --- a/proxy/src/gp_rpc_release_handle.c +++ b/proxy/src/gp_rpc_release_handle.c @@ -25,8 +25,7 @@ #include "gp_rpc_process.h" -int gp_release_handle(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_release_handle(struct gp_call_ctx *gpcall, union gp_rpc_arg *arg, union gp_rpc_res *res) { diff --git a/proxy/src/gp_rpc_unwrap.c b/proxy/src/gp_rpc_unwrap.c index a1f5404..a20b8ea 100644 --- a/proxy/src/gp_rpc_unwrap.c +++ b/proxy/src/gp_rpc_unwrap.c @@ -27,8 +27,7 @@ #include "gp_rpc_process.h" #include <gssapi/gssapi.h> -int gp_unwrap(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_unwrap(struct gp_call_ctx *gpcall, union gp_rpc_arg *arg, union gp_rpc_res *res) { diff --git a/proxy/src/gp_rpc_verify_mic.c b/proxy/src/gp_rpc_verify_mic.c index b2032de..68369a0 100644 --- a/proxy/src/gp_rpc_verify_mic.c +++ b/proxy/src/gp_rpc_verify_mic.c @@ -27,8 +27,7 @@ #include "gp_rpc_process.h" #include <gssapi/gssapi.h> -int gp_verify_mic(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_verify_mic(struct gp_call_ctx *gpcall, union gp_rpc_arg *arg, union gp_rpc_res *res) { diff --git a/proxy/src/gp_rpc_wrap.c b/proxy/src/gp_rpc_wrap.c index e8ef530..d17c292 100644 --- a/proxy/src/gp_rpc_wrap.c +++ b/proxy/src/gp_rpc_wrap.c @@ -27,8 +27,7 @@ #include "gp_rpc_process.h" #include <gssapi/gssapi.h> -int gp_wrap(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_wrap(struct gp_call_ctx *gpcall, union gp_rpc_arg *arg, union gp_rpc_res *res) { diff --git a/proxy/src/gp_rpc_wrap_size_limit.c b/proxy/src/gp_rpc_wrap_size_limit.c index 90f989d..481d04a 100644 --- a/proxy/src/gp_rpc_wrap_size_limit.c +++ b/proxy/src/gp_rpc_wrap_size_limit.c @@ -27,8 +27,7 @@ #include "gp_rpc_process.h" #include <gssapi/gssapi.h> -int gp_wrap_size_limit(struct gssproxy_ctx *gpctx, - struct gp_service *gpsvc, +int gp_wrap_size_limit(struct gp_call_ctx *gpcall, union gp_rpc_arg *arg, union gp_rpc_res *res) { diff --git a/proxy/src/gp_socket.c b/proxy/src/gp_socket.c index 521a2ee..b1851a2 100644 --- a/proxy/src/gp_socket.c +++ b/proxy/src/gp_socket.c @@ -101,6 +101,11 @@ struct gp_creds *gp_conn_get_creds(struct gp_conn *conn) return &conn->creds; } +uid_t gp_conn_get_uid(struct gp_conn *conn) +{ + return conn->creds.ucred.uid; +} + const char *gp_conn_get_socket(struct gp_conn *conn) { return conn->sock_ctx->socket; diff --git a/proxy/src/gp_workers.c b/proxy/src/gp_workers.c index 6d650c6..bca2cc8 100644 --- a/proxy/src/gp_workers.c +++ b/proxy/src/gp_workers.c @@ -430,19 +430,21 @@ static void *gp_worker_main(void *pvt) static void gp_handle_query(struct gp_workers *w, struct gp_query *q) { - struct gp_service *gpsvc; + struct gp_call_ctx gpcall; uint8_t *buffer; size_t buflen; int ret; /* find service */ - gpsvc = gp_creds_match_conn(w->gpctx, q->conn); - if (!gpsvc) { + gpcall.gpctx = w->gpctx; + gpcall.service = gp_creds_match_conn(w->gpctx, q->conn); + if (!gpcall.service) { q->status = GP_QUERY_ERR; return; } + gpcall.connection = q->conn; - ret = gp_rpc_process_call(w->gpctx, gpsvc, + ret = gp_rpc_process_call(&gpcall, q->buffer, q->buflen, &buffer, &buflen); if (ret) { |