summaryrefslogtreecommitdiffstats
path: root/proxy/src/gp_creds.c
Commit message (Collapse)AuthorAgeFilesLines
* Treat credential store as opaquely as possible.Simo Sorce2013-04-231-68/+94
| | | | | | | | | | | | | The credential store design goal is to allow administrators to set arbitrary strings without additional applications knowledge. This allows extending the number of crdential types GSSAPI can be made to support without having to recompile applications to add explicit support. Only explicitly check for cred store values that ned special treatment and let admins decide what to put in cred_store. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Special case client_keytab for root userSimo Sorce2013-04-101-2/+7
| | | | | | | | Use /etc/krb5.keytab when nfsd service tries to acquire creds and no id is specified in desired_name. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Use new GSSAPI Credential Store APISimo Sorce2013-04-101-49/+22
| | | | | | | | | | This is the only thread safe way to pass in aribitrary values for all the bits of environment we want to use when doing impersonation within gss-proxy. Requires MIT version 1.12 for the client_keytab part to be operational. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add generic function to get creds defaultsSimo Sorce2013-04-101-21/+58
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Move string formatting in a separate functionSimo Sorce2013-04-101-57/+66
| | | | | | | This way it can be reused for keytab path names too Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Carefully process desired name based on serviceSimo Sorce2013-04-101-14/+31
| | | | | | | | | | | | In case the name type is GSS_C_NT_STRING_UID_NAME or GSS_NT_MACHINE_UID_NAME we want to be able to impersonate the user referenced by the uid. This is allowed exclusively for trusted services otherwise a generic unprivileged application would be allowed to impersonate any user if there are credentials available on the system or client keytabs installed. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Improve ccache formatting.Simo Sorce2013-03-271-14/+37
| | | | | | | | | | Add %U support which will insert the user uid number instead of name. Fix %% support by actually removing one of the % charcters Fix %<invalid> sequence by actually bailing out if one is found. Add GPDEBUG statements to indicate what went wrong. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Fix includesSimo Sorce2013-03-141-0/+1
| | | | | These includes are necessary when switching to gssrpc because they are not automatically dragged in via dependencies in system rpc.h
* creds: add code to import krb5 credentials based on configuration.Simo Sorce2012-04-051-0/+304
generated by cgit (git 2.34.1) at 2025-09-26 18:40:13 +0000