gss-proxy.git - Work on gss-proxy before it lands upstream

	Commit message (Collapse)	Author	Age	Files	Lines
*	Use secure_getenv in client and mechglue modulegetenv	Simo Sorce	2013-11-20	1	-3/+4
\| \| \| \| \| \| \| \|	proxymehc.so may be used in setuid binaries so follow best security practices and use secure_getenv() if available. Fallback to poorman emulation when secure_getenv() is not available. Resolves: https://fedorahosted.org/gss-proxy/ticket/110
*	Add service match using SeLinux Context	Simo Sorce	2013-07-02	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \|	Using getpeercon we can know the elinux context of the process talking to gssproxy. Use this information as an optional additional filter to match processes to service definitions. If a selinux_context option with a full user;role;type context is specified into a service section, then the connecting process must also be running under the specified selinux context in order to be allowed to connect. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
*	Make sure dlopen.sh is part of the tarball	Günther Deschner	2013-05-22	1	-1/+1
\| \| \| \|	Signed-off-by: Günther Deschner <gdeschner@redhat.com>
*	Add dlopen script to check for unresolved symbols.	Günther Deschner	2013-05-15	1	-0/+6
\| \| \| \| \| \| \| \|	Vendors can call "make test_proxymech" from their specfile to make sure proxymech.so can be properly loaded by the GSSAPI. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
*	Fix unresolved symbol gp_boolean_is_true() in mechglue plugin.	Günther Deschner	2013-05-15	1	-2/+3
\| \| \| \| \| \| \| \|	At the same time, rename gp_common.c to gp_util.c to make it more visible there is no relation to gp_common.h. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
*	Add --with-gpstate-path=PATH configure switch.	Günther Deschner	2013-05-06	1	-2/+2
\| \| \| \| \|	Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
*	Add support for per-service sockets	Simo Sorce	2013-04-23	1	-0/+1
\| \| \| \| \| \| \| \|	This way different processes running as the same user can be configured as different servervices Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
*	Improve default configuration.	Simo Sorce	2013-04-23	1	-1/+0
\| \| \| \| \| \| \| \|	Install by default working nfs configuration. For RPM also install by default file to configure interposer plugin. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
*	Add generic function to get creds defaults	Simo Sorce	2013-04-10	1	-4/+5
\| \| \| \| \|	Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
*	Add dinglibs ini configuration detection and backend.	Günther Deschner	2013-04-08	1	-0/+3
\| \| \| \| \|	Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
*	Abstract configuration layer for gssproxy.	Günther Deschner	2013-04-08	1	-0/+3
\| \| \| \| \|	Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
*	Use gssrpc instead of system rpc	Simo Sorce	2013-03-14	1	-1/+1
\| \| \| \| \|	This avoids issues with libraris like libtirpc as gssrpc renames all the symbols to avoid clashes with system libraries.
*	Add custom implementation of xdr_uint64_t	Simo Sorce	2013-03-14	1	-1/+2
\| \| \| \|	This is needed because gssrpc doesn't have one.
*	Add example GSS-API mechanism plugins config file.	Günther Deschner	2013-01-15	1	-0/+2
\| \| \| \|	The file is not installed automatically yet.
*	Use new gss_import/export_cred functions	Simo Sorce	2012-10-25	1	-1/+0
\| \| \| \| \| \| \|	This allows us to remove the ring_buffer hack and become completely stateless as well as remove a possible DoS avenue. R.I.P. Ring Buffer :-)
*	Makefile: Add src/mechglue/gss_plugin.h to header list.	Günther Deschner	2012-10-25	1	-1/+2
\| \| \| \|	Acked-by: Simo Sorce <simo@redhat.com>
*	New test program to exercise the mechglue plugin	Simo Sorce	2012-10-25	1	-2/+10
\|
*	Implement misc spi calls	Simo Sorce	2012-10-25	1	-0/+1
\|
*	Implement privacy/integrity mechglue wrappers	Simo Sorce	2012-10-25	1	-0/+1
\|
*	Implement indicate mechs related mechglue wrappers	Simo Sorce	2012-10-25	1	-0/+1
\|
*	Implement name related mechglue wrappers	Simo Sorce	2012-10-25	1	-0/+1
\|
*	Implement display status mechglue wrappers	Simo Sorce	2012-10-25	1	-0/+1
\|
*	Implement init sec context mechglue wrapper	Simo Sorce	2012-10-25	1	-0/+1
\|
*	Implement accept sec context mechglue wrappers	Simo Sorce	2012-10-25	1	-0/+1
\|
*	Implement context related mechglue wrappers	Simo Sorce	2012-10-25	1	-0/+1
\| \| \| \| \|	Use the new spi call in order to be able to properly implement a context locally.
*	Implement cred related mechglue wrappers	Simo Sorce	2012-10-25	1	-0/+2
\|
*	Add initialization code	Simo Sorce	2012-10-25	1	-2/+5
\| \| \| \| \| \| \|	For now return fixed list of mechanisms. Later on we can try to fetch this list from the proxy. Also split RPC client code from actual plugin
*	Build mechglue as a plugin	Simo Sorce	2012-10-25	1	-0/+13
\|
*	Implement gpm_wrap_size_limit().	Günther Deschner	2012-09-14	1	-0/+1
\| \| \| \|	Acked-by: Simo Sorce <simo@redhat.com>
*	Implement gpm_unwrap().	Günther Deschner	2012-09-14	1	-0/+1
\| \| \| \|	Acked-by: Simo Sorce <simo@redhat.com>
*	Implement gpm_wrap()	Günther Deschner	2012-09-14	1	-0/+1
\| \| \| \|	Acked-by: Simo Sorce <simo@redhat.com>
*	Implement gpm_verify_mic().	Günther Deschner	2012-09-14	1	-0/+1
\|
*	Implement gpm_get_mic().	Günther Deschner	2012-09-14	1	-0/+1
\|
*	Implement gpm_inquire_context	Simo Sorce	2012-09-14	1	-0/+1
\|
*	Move client lib files in their own directory	Simo Sorce	2012-08-31	1	-9/+9
\| \| \| \| \| \| \|	Make space for the actual mechglue plugin interface. The mechglue interface will use the client library to communicate with the gss-proxy but will reimplement all GSSAPI SPI as wrappers in order to properly handle fallbacks to local mechanism and other input/output transformations.
*	Implement gp_wrap_size_limit().	Günther Deschner	2012-08-31	1	-0/+1
\| \| \| \|	Acked-by: Simo Sorce <simo@redhat.com>
*	Implement gp_unwrap().	Günther Deschner	2012-08-31	1	-0/+1
\| \| \| \|	Acked-by: Simo Sorce <simo@redhat.com>
*	Implement gp_wrap().	Günther Deschner	2012-08-31	1	-0/+1
\| \| \| \|	Acked-by: Simo Sorce <simo@redhat.com>
*	Implement gp_verify_mic().	Günther Deschner	2012-08-23	1	-0/+1
\| \| \| \|	Acked-by: Simo Sorce <simo@redhat.com>
*	Implement gp_get_mic().	Günther Deschner	2012-08-23	1	-0/+1
\| \| \| \|	Acked-by: Simo Sorce <simo@redhat.com>
*	Add missing headers to Makefile.am	Simo Sorce	2012-07-10	1	-1/+15
\|
*	Add logging helpers	Simo Sorce	2012-04-15	1	-0/+1
\|
*	creds: add code to import krb5 credentials based on configuration.	Simo Sorce	2012-04-05	1	-0/+2
\|
*	There is no need anymore to load the server config in the client test program.	Simo Sorce	2012-02-09	1	-1/+0
\|
*	Rename test program.	Simo Sorce	2012-02-09	1	-5/+5
\| \| \| \| \|	The test program is now testing almost all functions so change name to reflect reaility.
*	Implement init_sec_context mechglue function	Simo Sorce	2012-02-09	1	-0/+1
\|
*	Implement server side init_sec_context function.	Simo Sorce	2012-02-09	1	-0/+1
\|
*	Implement import_and_canon_name mechglue functions family	Simo Sorce	2012-02-07	1	-0/+1
\|
*	Implement server side import_and_canon_name()	Simo Sorce	2012-02-07	1	-0/+1
\| \| \| \| \|	Also fix name conversion functions, to properly handle exporting/importing names.
*	Add tests for indicate_mechs functions	Simo Sorce	2012-02-05	1	-0/+1
\|