| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
A handful of parameter name differences (`key` vs. `keyname`) have been
tweaked but the function bodies are otherwise unchanged.
Signed-off-by: Robbie Harwood (frozencemetery) <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This library already does not support some features we need and
we want to drop its usage as the code quality is bad.
Fixes: https://fedorahosted.org/gss-proxy/ticket/139
Signed-off-by: Roland Mainz <rmainz@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove -fno-strict-aliasing (this is not required because gssproxy is
mostly a good ISO C99/C11 citizen) and replace it with
-Werror=strict-aliasing to ensure that if *anything* creeps up the
build will just fail (this requires in gcc4.x's case the use of
-fstrict-aliasing, too).
Signed-off-by: Roland Mainz <rmainz@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
| |
Fixes: https://fedorahosted.org/gss-proxy/ticket/138
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- use automake variables for simplification of file installation
instead of make install hooks
- if configure is not called from $srcdir then few directories
were not created.
- few files were not removed with make unistall
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
| |
Fixes: #132
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
This way it can be used both in stderr debugging as well as for sending
errors to syslog.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The macro AC_BUILD_AUX_DIR was used too late. As a result of this automake 1.15
generated configure script which ignored the directory build/ and was not able
to find missing files.
configure: error: cannot find install-sh, install.sh,
or shtool in "." "./.." "./../..".
After removing macro AC_BUILD_AUX_DIR, autoreconf will install auxiliary files
into $srcdir.
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make distcheck failed with error:
Makefile:1229: tests/.deps/cli_srv_comm.Po: No such file or directory
Makefile:1230: tests/.deps/interposetest.Po: No such file or directory
make[2]: *** No rule to make target 'tests/.deps/interposetest.Po'. Stop.
make[2]: Leaving directory './gss-proxy/proxy/bdir/gssproxy-0.3.1/_build'
Makefile:1528: recipe for target 'distclean-recursive' failed
make[1]: *** [distclean-recursive] Error 1
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mkdir build_dir
cd build_dir
../configiure
make tests
./tests/runtests.py
make: ./tests/runtests.py: Command not found
Makefile:2010: recipe for target 'tests' failed
make: *** [tests] Error 127
make test_proxymech
TMPDIR=tests/scripts/ ./tests/scripts/dlopen.sh ./.libs/proxymech.so || exit 1
/bin/sh: ./tests/scripts/dlopen.sh: No such file or directory
Makefile:2056: recipe for target 'test_proxymech' failed
make: *** [test_proxymech] Error 1
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This sets up a kdc using socket_wrapper and nss_wrapper from the cwrap
project, and uses a dirty hack to force gssapi to load the current
proxymech interposer library.
It provisions a service and a user key then runs the interpostest binary
in this artifical environment.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Guenther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
proxymehc.so may be used in setuid binaries so follow best security
practices and use secure_getenv() if available.
Fallback to poorman emulation when secure_getenv() is not available.
Resolves: https://fedorahosted.org/gss-proxy/ticket/110
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Using getpeercon we can know the elinux context of the process talking to
gssproxy. Use this information as an optional additional filter to match
processes to service definitions.
If a selinux_context option with a full user;role;type context is specified
into a service section, then the connecting process must also be running under
the specified selinux context in order to be allowed to connect.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
| |
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
|
| |
Vendors can call "make test_proxymech" from their specfile to make sure
proxymech.so can be properly loaded by the GSSAPI.
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
At the same time, rename gp_common.c to gp_util.c to make it more visible
there is no relation to gp_common.h.
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
This way different processes running as the same user can be configured as
different servervices
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
|
| |
Install by default working nfs configuration.
For RPM also install by default file to configure interposer plugin.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
This avoids issues with libraris like libtirpc as gssrpc renames all the
symbols to avoid clashes with system libraries.
|
| |
|
|
| |
This is needed because gssrpc doesn't have one.
|
| |
|
|
| |
The file is not installed automatically yet.
|
| |
|
|
|
|
|
| |
This allows us to remove the ring_buffer hack and become completely
stateless as well as remove a possible DoS avenue.
R.I.P. Ring Buffer :-)
|
| |
|
|
| |
Acked-by: Simo Sorce <simo@redhat.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Use the new spi call in order to be able to properly implement
a context locally.
|
| | |
|
| |
|
|
|
|
|
| |
For now return fixed list of mechanisms.
Later on we can try to fetch this list from the proxy.
Also split RPC client code from actual plugin
|
| | |
|
| |
|
|
| |
Acked-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Acked-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Acked-by: Simo Sorce <simo@redhat.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Make space for the actual mechglue plugin interface. The mechglue interface
will use the client library to communicate with the gss-proxy but will
reimplement all GSSAPI SPI as wrappers in order to properly handle fallbacks to
local mechanism and other input/output transformations.
|
| |
|
|
| |
Acked-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Acked-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Acked-by: Simo Sorce <simo@redhat.com>
|
