| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
A client must be tusted or must be explicitly allowed to perform
impersonation or constrained delegation to be able to use evidence
tickets for s4u2proxy operations.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
Denies by default.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
This will provide immediate feedback if an option is incorrectly
formatted as well as avoid multiple parsing when the cred store spec
needs to be used in multiple places.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If available use a keytab for creds encryption.
Since now we can store encrypted credentials, on the cient side, for later
reuse, it is better to be able to decrypt them even after a gssproxy daemon
restart (maintenance, crashes, etc..)
If a keytab is rotated this can cause a restarted gssproxy to fail to decrypt
stored credentials, but in that case those credentials are also probably
useless and need to be refreshed, so this is not a huge deal, and definitely
better than the status quo.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
If we do not initialize the ccache additional entries will pile up and the
code that retrieves the encrypted credentials will end up sourcing old,
expired creds instead of the latest ones. Plues storage size may grow
indefinitely.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Merges #35
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the calling application is passing in a cred_store, it's either one of two
cases:
- The application previously stored credentials in a ccache and now wants to
use them.
- The application has access to specific keys and wants to acquire a local
credential.
In the first case we can only work with a remote call as a local mechanism
wouldn't know what to do with remote creds. In the latter calling the remote
code would make no sense as we have local credentials.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges #34
|
| |
|
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges #33
|
| |
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes 31
|
| |
|
|
|
|
|
| |
Some compilers don't like GSS_C_NO_NAME as a generic NULL value.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges 32
|
| |
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The gssproxy daemon uses SO_PEERCRED to determine credentials of the
connecting process. However, these credentials are set only at the time
connect has called. Therefore they must be reset every time uid or pid
changes. For completeness, we check gid as well.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Closes #27
|
| |
|
|
|
|
|
|
| |
Should be EXP_CREDS_TYPE_OPTION, not EXP_CTX_TYPE_OPTION.
Fixes: e155f81d84f7 ("Add helper to find options in rpc messages")
Signed-off-by: Andrew Elble <aweits@rit.edu>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This bug was found by Coverity.
Merges #25
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The krb5_principal option was defined and documented but not actually used.
Implement it's use when a service keytab is provided.
Ticket: https://fedorahosted.org/gss-proxy/ticket/155
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
|
|
|
| |
If the socket is null the strcmp will segfault.
Check for equality of pointers or nullity before entering the strcmp()
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per rfc5587, gss_inquire_attrs_for_mech must accept NULL mech_attrs
and known_mech_attrs arguments. Up until 1.14, MIT krb5 was not ever
passing NULLs in these fields.
This fixes an interposer loop (and subsequent segmentation fault) due
to our previous assumption that these arguments not be NULL.
See also: https://tools.ietf.org/html/rfc5587#section-3.4.3
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
In 1.14 a patch to more officially support partially established contexts
has been intrdouced. With this patch names are not returned.
Cope with that by checking if a name is provided before trying to convert.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
In this case we want to prefer sourcing the "acceptor" credentials from
a keytab if available, as that's what applications expect if they have
no credentials.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
|
| |
|
|
|
|
|
|
| |
This will allow to (ab)use the krb5 ccache to store encrypted
credentials in the user's ccache for later reuse.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
|
| |
|
|
|
|
|
|
| |
This is used by a client that wants to peform a s4u2self operation
using its server credentials.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
|
| |
|
|
|
|
|
| |
Use it in gp_export.c where the code is duplicate already.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
|
| |
|
|
|
|
|
| |
Print everything, except octet string buffers which are truncated.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
|
|
|
| |
Print only messages that are at that level or lower.
Also add timestamps to debug messages.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
|
|
|
| |
Remove dead code, and set length only if allocation was successful.
Also resolve valgrind complaints about uninitialized memory.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
|
|
| |
This could lead to a free() being called on a constant, and that wuld be bad.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
This resolves a segfault appearing on ARM.
Ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1235902
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Also, cause all failures on accessing this interface to exit GSS-Proxy similar
to config file errors.
Ticket: https://fedorahosted.org/gss-proxy/ticket/126
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
The common send/recv functions where zeroing the ret variable only
once causing a loop if EINTR as actually ever set.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
For sockets, we will only reinitialize those that have changed. Additionally,
the old text about SIGHUP behavior was incorrect.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Ticket: https://fedorahosted.org/gss-proxy/ticket/125
|
| |
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
| |
Not being able to do this is a relic of a previous design.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
As per gssproxy.conf(5), setting allow_any_uid without also setting socket or
selinux_context is known to cause problems.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Option '-C|--configdir' has been added, and defaults to /etc/gssproxy. File
"gssproxy.conf" and all files of the form "##-foo.conf" will be read from that
directory.
Ticket: https://fedorahosted.org/gss-proxy/ticket/122
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
A handful of parameter name differences (`key` vs. `keyname`) have been
tweaked but the function bodies are otherwise unchanged.
Signed-off-by: Robbie Harwood (frozencemetery) <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://fedorahosted.org/gss-proxy/ticket/151
Signed-off-by: Robbie Harwood (frozencemetery) <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This library already does not support some features we need and
we want to drop its usage as the code quality is bad.
Fixes: https://fedorahosted.org/gss-proxy/ticket/139
Signed-off-by: Roland Mainz <rmainz@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a previous call has decided to use only local (to the process)
credentials, then we need to override all the way to the end.
A previous patch also swapped the order in which credential handler
and context handler are initialized, make sure also to swap the
fallback checks.
Set the behavior to the process default only if it wasn't forced to
local.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Lukas Slebodnik <lslebodn@redhat.com>
|
