summaryrefslogtreecommitdiffstats
path: root/proxy/src/gp_proxy.h
Commit message (Collapse)AuthorAgeFilesLines
* Add service match using SeLinux ContextSimo Sorce2013-07-021-0/+3
| | | | | | | | | | | | Using getpeercon we can know the elinux context of the process talking to gssproxy. Use this information as an optional additional filter to match processes to service definitions. If a selinux_context option with a full user;role;type context is specified into a service section, then the connecting process must also be running under the specified selinux context in order to be allowed to connect. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Use const string in config functionsSimo Sorce2013-04-231-1/+1
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add support for per-service socketsSimo Sorce2013-04-231-1/+10
| | | | | | | | This way different processes running as the same user can be configured as different servervices Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Use mutivalued "cred_store" parameter, deprecate unused parameters.Günther Deschner2013-04-231-3/+2
| | | | | | | | | | | | | | | | The krb5_{ccache,keytab,client_keytab} parameters are replaced with a multivalued "cred_store" parameter instead. krb5_keytab = /etc/krb5.keytab becomes: cred_store = keytab:/etc/krb5.keytab Likewise for the "krb5_ccache" and "krb5_client_keytab" parameters. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Signed-off-by: Simo Sorce <simo@redhat.com>
* Add krb5_client_keytab config optionSimo Sorce2013-04-101-0/+1
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Fix resource leaks found by CoveritySimo Sorce2013-04-031-1/+1
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Write pid file at startup.Simo Sorce2013-03-221-0/+1
|
* Enable kernel support.Simo Sorce2013-03-221-0/+4
| | | | | | | | The Linux kernel now requires the gss-proxy to signal when it is available. This is done by writing 1 to the file /proc/net/rpc/use-gss-proxy Once this happens the kernel will try to attach to the gss-proxy socket and use it instead of the classic rpc.svcgssd daemon.
* Use new gss_import/export_cred functionsSimo Sorce2012-10-251-8/+7
| | | | | | | This allows us to remove the ring_buffer hack and become completely stateless as well as remove a possible DoS avenue. R.I.P. Ring Buffer :-)
* Add free_config() and call it when server shuts down.Günther Deschner2012-06-251-0/+1
| | | | | | Guenther Signed-off-by: Simo Sorce <simo@redhat.com>
* Add gp_service_get_ring_buffer to retrieve buffer from a service.Günther Deschner2012-06-251-0/+1
| | | | | | Guenther Signed-off-by: Simo Sorce <simo@redhat.com>
* Add gp_ring_buffer pointer to struct gp_service.Günther Deschner2012-06-251-0/+4
| | | | | | Guenther Signed-off-by: Simo Sorce <simo@redhat.com>
* Add two ring_buffers to gp_config struct.Günther Deschner2012-06-251-0/+5
| | | | | | Guenther Signed-off-by: Simo Sorce <simo@redhat.com>
* creds: add code to import krb5 credentials based on configuration.Simo Sorce2012-04-051-0/+6
|
* config: Rework configuration syntaxSimo Sorce2012-04-051-20/+6
| | | | | | | Keeping 2 separate sections for credentials and services seem to just make things really confusing. The off chance of reusing a 'credential' section is dwarfed by the confusion cause by keeping them separate. Having to copy a full service section is not a big deal so KISS wins here.
* config: parse credential/service config sectionsSimo Sorce2012-02-231-0/+34
|
* Split gp_utils.h into proxy headers and commonly useful headersSimo Sorce2012-01-291-0/+80
generated by cgit (git 2.34.1) at 2025-09-26 07:45:06 +0000