| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
proxymehc.so may be used in setuid binaries so follow best security
practices and use secure_getenv() if available.
Fallback to poorman emulation when secure_getenv() is not available.
Resolves: https://fedorahosted.org/gss-proxy/ticket/110
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
In some cases we need to pass on the corresponding real oid, after we
are given a special oid.
Add helper functions to do that.
https://fedorahosted.org/gss-proxy/ticket/107
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
|
| |
Only LOCAL_ONLY,LOCAL_FIRST and REMOTE_FIRST allowed.
REMOTE_ONLY is recognized but configure aborts as long as it is not supported.
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The krb5 mechanism supports multiple oids for historical reasons.
Add a function to generically check if a mech oid is any of the krb5
mechanism known oids for functions that do not care which exact oid is
being used of the krb5 family.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
| |
We need to do the wrapping in order to get back an actual local context.
Otherwise we get back an interposed context from gssapi.
|
| |
|
|
| |
Wrap the token in a helper function so that the code can be reused elsewhere.
|
| |
|
|
|
|
| |
The variable _GSSPROXY_LOOPS has been changed in favor of GSS_USE_PROXY. From
now on, applications needs to explicitly enable the usage of the gssproxy
interposer inception.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The mechglue stores a map of errors/mech oids, this means that we should never
return the same error we got from a mechanism after re-entering the mechglue as
we then may get the mechglue confused and prevent us from asking an interposed
mech for the error. Also we want to try to aqvoid collisions from errors
returned from the proxy, as they could end up fetching errors from the wrong
mechanism.
For now just make a very simple mapping by always adding a special error base.
|
| |
|
|
|
|
|
|
| |
When the interposer wants to call the mechglue and have it call a real
mechanism it does so by providing a speecial mechanism oid.
This is an oid composed of the procy plugin oid and the real mechanism oid
that the mechglue transforms back into a real OID before selecting the
appropriate mechanism.
|
| | |
|
| | |
|
|
|
For now return fixed list of mechanisms.
Later on we can try to fetch this list from the proxy.
Also split RPC client code from actual plugin
|
