summaryrefslogtreecommitdiffstats
path: root/proxy/src/client
Commit message (Collapse)AuthorAgeFilesLines
* Add gss_acquire_cred_impersonate_name supportSimo Sorce2015-12-012-1/+34
| | | | | | | | This is used by a client that wants to peform a s4u2self operation using its server credentials. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
* Fix const warning that can lead to issuesSimo Sorce2015-11-301-1/+1
| | | | | | | This could lead to a free() being called on a constant, and that wuld be bad. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
* Fix possible explicit NULL deref in gpm_accept_sec_contextRobbie Harwood2015-10-291-5/+7
| | | | | Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix potential deadlock on socket grabRobbie Harwood2015-10-291-3/+1
| | | | | Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Clear message structure before decoding into itRobbie Harwood2015-10-211-0/+1
| | | | | | | | This resolves a segfault appearing on ARM. Ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1235902 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Correct handling of EINTR on read()/write()Robbie Harwood2015-09-281-2/+2
| | | | | | | | The common send/recv functions where zeroing the ret variable only once causing a loop if EINTR as actually ever set. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix formatting on noncompliant copyright linesRobbie Harwood2015-09-0415-365/+15
| | | | | Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Suppress warning: use after freeLukas Slebodnik2015-03-291-0/+1
| | | | | | | | | | | | | | | | | gssx_ctx is released in case of error. After the latest changes, the old ctx is always replaced to new one and output argument is set. Although it would not be used because return code would not be success it's safer to set NULL to the pointer and avoid warnings from static analyzers. src/client/gpm_init_sec_context.c:108: alias: Assigning: "ctx" = "res->context_handle". Now both point to the same storage. src/client/gpm_init_sec_context.c:156: freed_arg: "free" frees "ctx". src/client/gpm_init_sec_context.c:173: use_after_free: Using freed pointer "ctx". Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Remove unused parameter from get_pipe_nameLukas Slebodnik2015-03-291-2/+2
| | | | | Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Properly handle security contexts on errorSimo Sorce2015-03-242-12/+15
| | | | | | | | | | | | | | | | On error we need to make sure we do not return a pointer to a security context that may have been already freed. So make sure to always unconditionally return the context that we've been returned by our callees. Also reorganize the code so we do not accidently wipe the context and leak memoy on error. This fixed a double-free bug found by NFS folks @ Red Hat Fixes: https://fedorahosted.org/gss-proxy/ticket/137 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
* Properly cleanup mutex on failure.Simo Sorce2014-03-121-0/+3
| | | | | | | | | | If the call to create socket fails we leave a dangling lock and the client enters into a deadlock on the next call. Fixes: https://fedorahosted.org/gss-proxy/ticket/121 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add zero termination when the buffer is a stringSimo Sorce2014-01-151-1/+2
| | | | | | | | | | | | | This shouldn't be needed but apaprently there are a number of applications like mod_auth_kerb that just blindly assume the out buffer returned by gss_diplay_name() is a zero terminated string even though there is no guarantee it is in the API. To avoid annoying misbehavior we forcibly zero terminate strings copied and returned by the interposer. Fixes: https://fedorahosted.org/gss-proxy/ticket/101 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Use gp_strerror() everywhere instead of strerror()Simo Sorce2013-11-221-2/+2
| | | | | | https://fedorahosted.org/gss-proxy/ticket/111 Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Use secure_getenv in client and mechglue moduleSimo Sorce2013-11-211-1/+1
| | | | | | | | | | proxymehc.so may be used in setuid binaries so follow best security practices and use secure_getenv() if available. Fallback to poorman emulation when secure_getenv() is not available. Resolves: https://fedorahosted.org/gss-proxy/ticket/110 Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Fix continuations in context establishment callsSimo Sorce2013-11-191-11/+10
| | | | | | | | | | | | Properly support continuations, including returning the rigth error code and exporting partial contexts. Fixes multistep authentications in particular for the initialization case which always uses continuations. Resolves: https://fedorahosted.org/gss-proxy/ticket/108 Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Preserve requested flags and lifetimeSimo Sorce2013-11-191-0/+3
| | | | | | | | | These arguments have been accidentally forgotten causing failures for applications that specify non default flags and non indefinite lifetime. https://fedorahosted.org/gss-proxy/ticket/106 Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Fix resource leak in gpm_accept_sec_context().Günther Deschner2013-10-151-8/+8
| | | | | | | Resolves Coverity CID #12027. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix socket error handling.Simo Sorce2013-05-161-44/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Grab the socket lock for the whole conversation. We need to keep the lock until the whole conversation is over. Otherwise we may have concurrency issues where communication gets intermixed and errors in one thread can cause a thread to hang. Here is what we observed: thread 1: grabs lock and send a request. thread 2: grabs lock and sends a request server: thread 2 request causes a fatal error and the server close the connection thread 2: grabs the lock and waits for a reply. thread 2: gets the error and returns to caller with it (connection is closed). thread 1: grabs the lock (which reopens the closed channel) and reads ... ... forever as the server has already killed all the previous state. 2. Fail immediately on short reads for the initial 4 byte length header. If the first 4 bytes do not come at once don't bother retrying. In 99.9% of the cases what we are witnessing here is a fatal error from the proxy that closed the socket. Reopening the scket cannot accomplish anything as the request sent down the channel is tied to the specific socket, so once the socket is closed there is no hope to ever get back a reply. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add support for per-service socketsSimo Sorce2013-04-231-1/+7
| | | | | | | | This way different processes running as the same user can be configured as different servervices Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Use send() in client library to avoid SIGPIPESimo Sorce2013-04-031-2/+2
| | | | | | | | | | | The client library lives in applications that may not be blocking or ignoring SIGPIPE. Using write() can cause SIGPIPE to be raised in the application if the proxy is restarted. If the application does not catch the signal then it is terminated. Make sure this does not happen by using send() with the MSG_NOSIGNAL flag. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix missing break statement found by CoveritySimo Sorce2013-04-031-0/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix infinite loop due to bad sign of variableSimo Sorce2013-04-031-1/+1
| | | | | | | | | | | Change the i variable to be a signed integer ot the loop will never end because and unsigned integer decremented past 0 simply wraps to a very big integer. The condition that would break the loop can never be true therefore the code would loop forever until eventually a double free would cause a crash. Found by Coverity. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix resource leaks found by CoveritySimo Sorce2013-04-031-8/+18
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix reporting of wrong error codesSimo Sorce2013-04-031-0/+3
| | | | | | Found by Coverity as 'Argument cannot be negative' type of error. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix dereference before null error fund by CoveritySimo Sorce2013-04-031-1/+3
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix uninizialized variables found by CoveritySimo Sorce2013-04-031-6/+5
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix copy and paste error found by CoveritySimo Sorce2013-04-031-2/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix unchecked return values found by CoveritySimo Sorce2013-04-032-3/+18
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Make socket path a configure optionSimo Sorce2013-03-221-5/+1
| | | | | | | The kernel uses the fixed path named /var/run/gssproxy.sock Make this default a configure time option and default to it. Also remove the option to change the socket at configure time, neither the kernel nor proxymech.so can cope with a change anyway.
* Fix includesSimo Sorce2013-03-142-0/+2
| | | | | These includes are necessary when switching to gssrpc because they are not automatically dragged in via dependencies in system rpc.h
* Add gpm_export_name_composite().Günther Deschner2012-10-252-0/+31
|
* Implement indicate mechs related mechglue wrappersSimo Sorce2012-10-251-1/+0
|
* Add name handle wrapperSimo Sorce2012-10-257-111/+71
|
* Add context handle wrapperSimo Sorce2012-10-254-12/+12
|
* Add cred handle wrapperSimo Sorce2012-10-255-23/+23
|
* Add function to return a special mechSimo Sorce2012-10-251-0/+1
| | | | | | | | When the interposer wants to call the mechglue and have it call a real mechanism it does so by providing a speecial mechanism oid. This is an oid composed of the procy plugin oid and the real mechanism oid that the mechglue transforms back into a real OID before selecting the appropriate mechanism.
* Implement gpm_wrap_size_limit().Günther Deschner2012-09-142-0/+91
| | | | Acked-by: Simo Sorce <simo@redhat.com>
* Implement gpm_unwrap().Günther Deschner2012-09-142-0/+130
| | | | Acked-by: Simo Sorce <simo@redhat.com>
* Implement gpm_wrap()Günther Deschner2012-09-142-1/+130
| | | | Acked-by: Simo Sorce <simo@redhat.com>
* Implement gpm_verify_mic().Günther Deschner2012-09-142-0/+98
|
* Implement gpm_get_mic().Günther Deschner2012-09-142-1/+103
|
* Implement gpm_compare_nameSimo Sorce2012-09-142-0/+53
|
* Implement gpm_inquire_contextSimo Sorce2012-09-142-0/+121
|
* Implement gpm_inquire_credSimo Sorce2012-09-142-0/+221
|
* Move client lib files in their own directorySimo Sorce2012-08-319-0/+2661
Make space for the actual mechglue plugin interface. The mechglue interface will use the client library to communicate with the gss-proxy but will reimplement all GSSAPI SPI as wrappers in order to properly handle fallbacks to local mechanism and other input/output transformations.
generated by cgit (git 2.34.1) at 2025-07-05 18:39:52 +0000