| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Credentials can often be used both to accept and to initiate contexts.
With this option admins can allow a specific usage only.
This is to avoid allowing an unprivileged process to fool a remote
client by allowing it to impersonate a server, when we only want to
allow this service to use credentials to initiate contexts.
|
| |
|
|
|
|
|
|
|
|
| |
The rpc.gssd daemon is changing to fork and change uid to the unprivileged
user it wants to authenticate, this means gssproxy needs to allow connection
from any euid. When this is done though, the trusted flag needs to be dropped,
if the connecting euid does not match the default trusted uid to prevent
improper impersonation.
Resolves: https://fedorahosted.org/gss-proxy/ticket/103
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Using getpeercon we can know the elinux context of the process talking to
gssproxy. Use this information as an optional additional filter to match
processes to service definitions.
If a selinux_context option with a full user;role;type context is specified
into a service section, then the connecting process must also be running under
the specified selinux context in order to be allowed to connect.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
|
| |
This way different processes running as the same user can be configured as
different servervices
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The krb5_{ccache,keytab,client_keytab} parameters are replaced with a
multivalued "cred_store" parameter instead.
krb5_keytab = /etc/krb5.keytab
becomes:
cred_store = keytab:/etc/krb5.keytab
Likewise for the "krb5_ccache" and "krb5_client_keytab" parameters.
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
| |
The Linux kernel now requires the gss-proxy to signal when it is available.
This is done by writing 1 to the file /proc/net/rpc/use-gss-proxy
Once this happens the kernel will try to attach to the gss-proxy socket
and use it instead of the classic rpc.svcgssd daemon.
|
| |
|
|
|
|
|
| |
This allows us to remove the ring_buffer hack and become completely
stateless as well as remove a possible DoS avenue.
R.I.P. Ring Buffer :-)
|
| |
|
|
|
|
| |
Guenther
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
Guenther
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
Guenther
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
Guenther
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
Keeping 2 separate sections for credentials and services seem to just make
things really confusing. The off chance of reusing a 'credential' section is
dwarfed by the confusion cause by keeping them separate. Having to copy a full
service section is not a big deal so KISS wins here.
|
| | |
|
| |
|
