summaryrefslogtreecommitdiffstats
path: root/proxy/src/mechglue
Commit message (Collapse)AuthorAgeFilesLines
* Import names as remote name by default.Simo Sorce2013-04-101-14/+21
| | | | | | | | | | | Always use remote name by default, otherwise canonicalization will loose information about the original name, for example it will convert names of the special type GSS_C_NT_STRING_UID_NAME or GSS_NT_MACHINE_UID_NAME in a non reversible way and the proxy will not be a le to use them as intended (for impersonation by trusted services). Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Remove unused variablesSimo Sorce2013-04-031-2/+0
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix a few more resource leaksSimo Sorce2013-04-032-2/+3
| | | | | | Still a couple resource leaks after the last Coverity scan Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix dereference after null checks found by CoveritySimo Sorce2013-04-032-3/+7
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix resource leaks found by CoveritySimo Sorce2013-04-034-17/+29
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix uninizialized variables found by CoveritySimo Sorce2013-04-032-8/+8
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add client side support to set allowed enctypesSimo Sorce2013-03-271-1/+92
| | | | | | | | | When using remote credentials, intercept set_cred_option calls and register an option into the existing set of crdentials with the request to set allowed entypes at the first use of said crdentials. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add helper function to check for krb5 oidSimo Sorce2013-03-272-0/+15
| | | | | | | | | | The krb5 mechanism supports multiple oids for historical reasons. Add a function to generically check if a mech oid is any of the krb5 mechanism known oids for functions that do not care which exact oid is being used of the krb5 family. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Use token wrapper in gpp_remote_lo_local_ctxSimo Sorce2013-03-221-4/+39
| | | | | We need to do the wrapping in order to get back an actual local context. Otherwise we get back an interposed context from gssapi.
* Create helper function to wrap tokenSimo Sorce2013-03-223-20/+34
| | | | Wrap the token in a helper function so that the code can be reused elsewhere.
* Fix gssi_context_time for remote calls.Günther Deschner2013-03-141-4/+3
| | | | | | lifetime is alredy returned as remaining seconds of lifetime. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix gssi_import_sec_context_by_mech()Günther Deschner2013-03-141-1/+1
| | | | | | Use spmech->length as we are replacing the original oid with spmech. Signed-off-by: Simo Sorce <simo@redhat.com>
* mechglue: add trace debuggingGünther Deschner2013-03-1411-0/+131
| | | | | | This is enabled via --with-gssidebug. Signed-off-by: Simo Sorce <simo@redhat.com>
* mechglue: initialize gpp cred_handle in gssi_acquire_cred_with_password().Günther Deschner2013-02-221-1/+1
|
* mechglue: fix gssi_set_cred_option() arguments.Günther Deschner2013-02-222-4/+4
|
* interposer-plugin: Fix MIT 1.11 gssi_import_sec_context_by_mech symbol name.Günther Deschner2013-02-152-8/+8
|
* Change interposer usage, clients need to set GSS_USE_PROXY=1|YES.Günther Deschner2013-01-151-2/+5
| | | | | | The variable _GSSPROXY_LOOPS has been changed in favor of GSS_USE_PROXY. From now on, applications needs to explicitly enable the usage of the gssproxy interposer inception.
* Implement export_name_compositeGünther Deschner2012-10-252-0/+28
|
* Implement internal_release_oidSimo Sorce2012-10-252-0/+27
|
* Implement misc spi callsSimo Sorce2012-10-252-0/+218
|
* Implement privacy/integrity mechglue wrappersSimo Sorce2012-10-252-0/+420
|
* Implement indicate mechs related mechglue wrappersSimo Sorce2012-10-252-0/+217
|
* Implement name related mechglue wrappersSimo Sorce2012-10-252-0/+456
|
* Implement display status mechglue wrappersSimo Sorce2012-10-252-0/+75
|
* Implement init sec context mechglue wrapperSimo Sorce2012-10-252-0/+226
|
* Implement accept sec context mechglue wrappersSimo Sorce2012-10-252-0/+167
|
* Implement context related mechglue wrappersSimo Sorce2012-10-252-0/+460
| | | | | Use the new spi call in order to be able to properly implement a context locally.
* Implement cred related mechglue wrappersSimo Sorce2012-10-253-0/+831
|
* Add name handle wrapperSimo Sorce2012-10-252-0/+71
|
* Add context handle wrapperSimo Sorce2012-10-251-0/+5
|
* Add cred handle wrapperSimo Sorce2012-10-251-0/+5
|
* Add function to ease copying oidsSimo Sorce2012-10-252-0/+25
|
* Add function to convert remote context to localSimo Sorce2012-10-252-0/+18
|
* Add simple functions to map errorsSimo Sorce2012-10-252-0/+26
| | | | | | | | | | The mechglue stores a map of errors/mech oids, this means that we should never return the same error we got from a mechanism after re-entering the mechglue as we then may get the mechglue confused and prevent us from asking an interposed mech for the error. Also we want to try to aqvoid collisions from errors returned from the proxy, as they could end up fetching errors from the wrong mechanism. For now just make a very simple mapping by always adding a special error base.
* Add function to return a special mechSimo Sorce2012-10-252-0/+203
| | | | | | | | When the interposer wants to call the mechglue and have it call a real mechanism it does so by providing a speecial mechanism oid. This is an oid composed of the procy plugin oid and the real mechanism oid that the mechglue transforms back into a real OID before selecting the appropriate mechanism.
* Add mechanism to select behavior based on envvarSimo Sorce2012-10-252-0/+38
|
* Add loop avoidance in proxy daemon and gssapi pluginSimo Sorce2012-10-251-0/+8
|
* Add initialization codeSimo Sorce2012-10-252-0/+141
| | | | | | | For now return fixed list of mechanisms. Later on we can try to fetch this list from the proxy. Also split RPC client code from actual plugin
* Move client lib files in their own directorySimo Sorce2012-08-3110-2668/+2
| | | | | | | Make space for the actual mechglue plugin interface. The mechglue interface will use the client library to communicate with the gss-proxy but will reimplement all GSSAPI SPI as wrappers in order to properly handle fallbacks to local mechanism and other input/output transformations.
* Save internal errors in init_sec_contextSimo Sorce2012-08-311-0/+2
|
* Add function to report internal client errorsSimo Sorce2012-08-312-0/+19
| | | | | | | This is to allow gss_display_status to return a meaningful error if there is an internal client error as opposed to a returned proxy server error. If we do not do this a call to gpm_display_status() after a failure would return a NULL string and give no clue about the error.
* Always return a minor_statusSimo Sorce2012-08-311-0/+2
|
* Move release_name to the proper placeSimo Sorce2012-08-312-11/+10
|
* Fix gpm_display_statusSimo Sorce2012-08-311-19/+13
| | | | | | | Fix some assumptions in gpm_display_status and make it clearly state no error is available, when we do not have one. This is so that the plugin code later on will know when to properly fall back to ask to the local provider.
* Add gpm_inquire_name to client libSimo Sorce2012-08-312-0/+68
|
* Output type can be null in gss_display_nameSimo Sorce2012-08-061-7/+9
|
* Fix handling deleg_creds in accept_sec_contextSimo Sorce2012-07-261-13/+10
| | | | We would segfault if the user didn't want delegated redentials.
* Fix segfaults when NULL buffer is passed in.Simo Sorce2012-07-261-3/+5
|
* gp_socket: properly handle fagment bitSimo Sorce2012-03-221-1/+5
|
* server: better handle return statusSimo Sorce2012-02-231-20/+24
| | | | Ticket #33
generated by cgit (git 2.34.1) at 2025-09-26 23:33:24 +0000