summaryrefslogtreecommitdiffstats
path: root/proxy/src/gp_socket.c
Commit message (Collapse)AuthorAgeFilesLines
* Reload config on SIGHUPRobbie Harwood2015-09-151-1/+8
| | | | | | | | For sockets, we will only reinitialize those that have changed. Additionally, the old text about SIGHUP behavior was incorrect. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Ticket: https://fedorahosted.org/gss-proxy/ticket/125
* Fix formatting on noncompliant copyright linesRobbie Harwood2015-09-041-24/+1
| | | | | Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Extract generalized selinux context comparison functionRobbie Harwood2015-09-041-13/+25
| | | | | Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Use gp_strerror() everywhere instead of strerror()Simo Sorce2013-11-221-7/+7
| | | | | | https://fedorahosted.org/gss-proxy/ticket/111 Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Allow arbitrary users to connect to a serviceSimo Sorce2013-10-181-0/+5
| | | | | | | | | | | The rpc.gssd daemon is changing to fork and change uid to the unprivileged user it wants to authenticate, this means gssproxy needs to allow connection from any euid. When this is done though, the trusted flag needs to be dropped, if the connecting euid does not match the default trusted uid to prevent improper impersonation. Resolves: https://fedorahosted.org/gss-proxy/ticket/103 Reviewed-by: Günther Deschner <gdeschner@redhat.com
* Fix selinux option checkSimo Sorce2013-08-261-1/+1
| | | | | | Found by coverity (CID 11894) Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add service match using SeLinux ContextSimo Sorce2013-07-021-13/+54
| | | | | | | | | | | | Using getpeercon we can know the elinux context of the process talking to gssproxy. Use this information as an optional additional filter to match processes to service definitions. If a selinux_context option with a full user;role;type context is specified into a service section, then the connecting process must also be running under the specified selinux context in order to be allowed to connect. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add support for per-service socketsSimo Sorce2013-04-231-5/+23
| | | | | | | | This way different processes running as the same user can be configured as different servervices Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Fix dereference after null checks found by CoveritySimo Sorce2013-04-031-0/+2
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add support to get peer's SeLinux contextSimo Sorce2013-03-141-2/+21
|
* Fix DEBUG message formatSimo Sorce2012-08-061-1/+2
|
* Mention socket filename in debug output in init_unix_socket().Günther Deschner2012-06-211-1/+2
| | | | Guenther
* Replace direct syslog calls with logging macrosSimo Sorce2012-04-151-5/+4
|
* Add some socket debuggingSimo Sorce2012-04-151-1/+14
|
* creds: add code to import krb5 credentials based on configuration.Simo Sorce2012-04-051-9/+6
|
* Depend on UCRED, we cannot work otherwise.Simo Sorce2012-04-051-4/+0
|
* gp_socket: properly handle fagment bitSimo Sorce2012-03-221-1/+15
|
* gp_socket: Optimize sending data with writevSimo Sorce2012-03-221-21/+22
| | | | | | Turns out the Linux kernel expects to get the whole reply in a single operation. This optimizes the code to call one less syscall and makes it also more compact. So let's please the kernel and get better code in place.
* Split gp_utils.h into proxy headers and commonly useful headersSimo Sorce2012-01-291-1/+1
|
* Add rpc processing infrastructureSimo Sorce2012-01-201-3/+0
|
* Prefix replies on the wire with the packet sizeSimo Sorce2012-01-191-0/+27
|
* Add worker threadsSimo Sorce2012-01-171-4/+13
|
* Add proper reader/writer functions to gp_socketSimo Sorce2012-01-171-43/+236
|
* Add gssproxy_ctxSimo Sorce2012-01-171-1/+3
| | | | And store configuration context within it.
* Add config.h so that HAVE_UCRED is properly detectedSimo Sorce2012-01-121-1/+15
|
* Socket helpersSimo Sorce2012-01-041-0/+237
generated by cgit (git 2.34.1) at 2025-07-03 09:39:18 +0000