summaryrefslogtreecommitdiffstats
path: root/proxy/src
Commit message (Collapse)AuthorAgeFilesLines
* Since krb5 1.14 inquire_context may return no nameHEADwipmasterSimo Sorce2015-12-141-6/+10
| | | | | | | | | In 1.14 a patch to more officially support partially established contexts has been intrdouced. With this patch names are not returned. Cope with that by checking if a name is provided before trying to convert. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix acquiring default credentialsSimo Sorce2015-12-011-1/+3
| | | | | | | | | In this case we want to prefer sourcing the "acceptor" credentials from a keytab if available, as that's what applications expect if they have no credentials. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
* Add helpers to store and retrieve encrypted credsSimo Sorce2015-12-014-9/+246
| | | | | | | | This will allow to (ab)use the krb5 ccache to store encrypted credentials in the user's ccache for later reuse. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
* Add gss_acquire_cred_impersonate_name supportSimo Sorce2015-12-0111-26/+261
| | | | | | | | This is used by a client that wants to peform a s4u2self operation using its server credentials. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
* Add helper to find options in rpc messagesSimo Sorce2015-12-012-30/+44
| | | | | | | Use it in gp_export.c where the code is duplicate already. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwoood <rharwood@redhat.com>
* Add higher level debugging for all rpc callsSimo Sorce2015-12-0114-0/+804
| | | | | | | Print everything, except octet string buffers which are truncated. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
* Add options to specify a debug levelSimo Sorce2015-12-015-13/+71
| | | | | | | | Print only messages that are at that level or lower. Also add timestamps to debug messages. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
* Improve code in gp_export_gssx_cred()Simo Sorce2015-11-301-9/+5
| | | | | | | | Remove dead code, and set length only if allocation was successful. Also resolve valgrind complaints about uninitialized memory. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
* Fix const warning that can lead to issuesSimo Sorce2015-11-301-1/+1
| | | | | | | This could lead to a free() being called on a constant, and that wuld be bad. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
* Fix const warning in gp_creds.cSimo Sorce2015-11-302-1/+3
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
* Fix several leaksRobbie Harwood2015-11-195-0/+8
| | | | | Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix possible explicit NULL deref in gpm_accept_sec_contextRobbie Harwood2015-10-291-5/+7
| | | | | Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix potential deadlock on socket grabRobbie Harwood2015-10-291-3/+1
| | | | | Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Clear message structure before decoding into itRobbie Harwood2015-10-211-0/+1
| | | | | | | | This resolves a segfault appearing on ARM. Ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1235902 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Log useful message on kernel interface failureRobbie Harwood2015-10-091-5/+8
| | | | | | | | | Also, cause all failures on accessing this interface to exit GSS-Proxy similar to config file errors. Ticket: https://fedorahosted.org/gss-proxy/ticket/126 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Correct handling of EINTR on read()/write()Robbie Harwood2015-09-281-2/+2
| | | | | | | | The common send/recv functions where zeroing the ret variable only once causing a loop if EINTR as actually ever set. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Signed-off-by: Simo Sorce <simo@redhat.com>
* Reload config on SIGHUPRobbie Harwood2015-09-154-45/+157
| | | | | | | | For sockets, we will only reinitialize those that have changed. Additionally, the old text about SIGHUP behavior was incorrect. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Ticket: https://fedorahosted.org/gss-proxy/ticket/125
* getpwman(3) can return NULL without setting errnoRobbie Harwood2015-09-141-0/+3
| | | | | Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Allow configdir and configfile to be specified togetherRobbie Harwood2015-09-141-7/+0
| | | | | | | Not being able to do this is a relic of a previous design. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix formatting on noncompliant copyright linesRobbie Harwood2015-09-0461-1477/+61
| | | | | Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Error on `allow_any_uid` issuesRobbie Harwood (frozencemetery)2015-09-041-1/+43
| | | | | | | | As per gssproxy.conf(5), setting allow_any_uid without also setting socket or selinux_context is known to cause problems. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Extract generalized selinux context comparison functionRobbie Harwood2015-09-042-13/+26
| | | | | Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add support for config directoriesRobbie Harwood (frozencemetery)2015-09-044-30/+142
| | | | | | | | | | Option '-C|--configdir' has been added, and defaults to /etc/gssproxy. File "gssproxy.conf" and all files of the form "##-foo.conf" will be read from that directory. Ticket: https://fedorahosted.org/gss-proxy/ticket/122 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Remove one layer of abstraction over dinglibsRobbie Harwood (frozencemetery)2015-08-313-397/+261
| | | | | | | | A handful of parameter name differences (`key` vs. `keyname`) have been tweaked but the function bodies are otherwise unchanged. Signed-off-by: Robbie Harwood (frozencemetery) <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Allow symbolic euids in conf filesRobbie Harwood (frozencemetery)2015-08-261-9/+25
| | | | | | Fixes: https://fedorahosted.org/gss-proxy/ticket/151 Signed-off-by: Robbie Harwood (frozencemetery) <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Remove support for iniparse libraryRoland Mainz2015-04-153-258/+0
| | | | | | | | | | This library already does not support some features we need and we want to drop its usage as the code quality is bad. Fixes: https://fedorahosted.org/gss-proxy/ticket/139 Signed-off-by: Roland Mainz <rmainz@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix handling of context initializationSimo Sorce2015-03-301-5/+7
| | | | | | | | | | | | | | If a previous call has decided to use only local (to the process) credentials, then we need to override all the way to the end. A previous patch also swapped the order in which credential handler and context handler are initialized, make sure also to swap the fallback checks. Set the behavior to the process default only if it wasn't forced to local. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Lukas Slebodnik <lslebodn@redhat.com>
* Suppress warning: use after freeLukas Slebodnik2015-03-291-0/+1
| | | | | | | | | | | | | | | | | gssx_ctx is released in case of error. After the latest changes, the old ctx is always replaced to new one and output argument is set. Although it would not be used because return code would not be success it's safer to set NULL to the pointer and avoid warnings from static analyzers. src/client/gpm_init_sec_context.c:108: alias: Assigning: "ctx" = "res->context_handle". Now both point to the same storage. src/client/gpm_init_sec_context.c:156: freed_arg: "free" frees "ctx". src/client/gpm_init_sec_context.c:173: use_after_free: Using freed pointer "ctx". Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Include header file with prototypes in implementation moduleLukas Slebodnik2015-03-291-0/+2
| | | | | | | | | Functions implemented in gp_util.c have prototypes in header file gp_common.h, but it was not included. This patch prevent potential conflicts between ptototype and definition of function. Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Remove unused parameter from get_pipe_nameLukas Slebodnik2015-03-291-2/+2
| | | | | Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix warning value stored to 'ret' is never readLukas Slebodnik2015-03-291-1/+2
| | | | | | | | | | | | | | Error: UNUSED_VALUE src/gp_rpc_import_and_canon_name.c:87: value_overwrite: Overwriting previous write to "ret" with value from "gp_conv_status_to_gssx(&icna->call_ctx, ret_maj, ret_min, mech, &icnr->status)". src/gp_rpc_import_and_canon_name.c:52: assigned_value: Assigning value "22" to "ret" here, but that stored value is overwritten before it can be used. Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Suppress exported_composite_name for the kernelSimo Sorce2015-03-241-0/+10
| | | | | | | | | | The kernel makes no use of this data, and ita causes allocation issues in some cases with waste of space on the kernel side. Fixes: https://fedorahosted.org/gss-proxy/ticket/129 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
* Properly handle security contexts on errorSimo Sorce2015-03-245-39/+62
| | | | | | | | | | | | | | | | On error we need to make sure we do not return a pointer to a security context that may have been already freed. So make sure to always unconditionally return the context that we've been returned by our callees. Also reorganize the code so we do not accidently wipe the context and leak memoy on error. This fixed a double-free bug found by NFS folks @ Red Hat Fixes: https://fedorahosted.org/gss-proxy/ticket/137 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
* Fix error in compiling without SELinuxSimo Sorce2015-03-241-10/+9
| | | | | | | | Fixes: #131 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com> Reviewed-by: Roland Mainz <rmainz@redhat.com>
* Fix cast errorSimo Sorce2015-03-241-1/+3
| | | | | | | | | | An unsigned int cannot be cast to a size_t. On some architectures (like s390) they have different sizes resulting in both writing out of bounds and getting just a zero in the length field and causing the next operation to fail. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com> Reviewed-by: Roland Mainz <rmainz@redhat.com>
* Log why acquiring credentials failed.Simo Sorce2015-03-241-0/+2
| | | | | | | This will help understanding why gss-proxy interposed programs are failing. Signed-off-by: Simo Sorce <simo@redhat.com>
* Generalize GSS Display Status logger codeSimo Sorce2015-03-243-22/+64
| | | | | | | This way it can be used both in stderr debugging as well as for sending errors to syslog. Signed-off-by: Simo Sorce <simo@redhat.com>
* Zero out the outputs of display_nameSimo Sorce2015-01-221-0/+5
| | | | | | | | | | The mechglue expects the mechanism function to zero them in all cases. Otherwise on error it will later try to free the output buffer value which can be an arbitrary pointer. This will cause a segfault or worse in glibc's free(). Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Roland Mainz <rmainz@redhat.com>
* Fix memory leakLukas Slebodnik2015-01-151-2/+4
| | | | | Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Use defined enum instead of constantLukas Slebodnik2015-01-151-3/+3
| | | | | | | | Value of enum gp_rpc_accept_status GP_RPC_SUCCESS is 0 Value of enum gp_rpc_reject_status GP_RPC_RPC_MISMATCH is 0 Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Wrong coversion function was usedLukas Slebodnik2015-01-151-1/+1
| | | | | Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Suppress clang warningLukas Slebodnik2015-01-151-1/+1
| | | | | | | | Result of 'malloc' is converted to a pointer of type 'uint32_t', which is incompatible with sizeof operand type 'int32_t' Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add cmdline option to override default socketSimo Sorce2014-09-153-4/+14
| | | | | | | | This is especially useful for testing, but can be useful for custom configurations of gss-proxy as well (containers, chroots, etc..) Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Guenther Deschner <gdeschner@redhat.com>
* Properly cleanup mutex on failure.Simo Sorce2014-03-121-0/+3
| | | | | | | | | | If the call to create socket fails we leave a dangling lock and the client enters into a deadlock on the next call. Fixes: https://fedorahosted.org/gss-proxy/ticket/121 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Fix potential segfault in gssi_inquire_context().Günther Deschner2014-02-051-2/+2
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Block parent process until child is initialized.Simo Sorce2014-01-153-6/+50
| | | | | | | | | | | | This way the init system will not proceed starting dependencies until gssproxy is actually ready to serve requests. In particular this is used to make sure the nfsd proc file has been touched before the nfsd server is started. Resolves: https://fedorahosted.org/gss-proxy/ticket/114 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add utility functions to read()/write() safelySimo Sorce2014-01-152-0/+41
| | | | | | | Automatically handle short reads due to singals interrupting the process. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Make name conversion more robust to failureSimo Sorce2014-01-151-10/+14
| | | | | | | | | | | | | | | | NTLMSSP does not have export_name functions yet, this was causing gss_export_composite_name() to fail with a GSS_S_UNAVAILABLE error. This should be ignored, however it wasn't and on top of that the output structure was initialized but held pointers to memory freed at exit (due to the error). Make the function not failed if a mechanism do not have composite export function, but if it does make sure the output is not littered with invalid pointers. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add zero termination when the buffer is a stringSimo Sorce2014-01-153-1/+24
| | | | | | | | | | | | | This shouldn't be needed but apaprently there are a number of applications like mod_auth_kerb that just blindly assume the out buffer returned by gss_diplay_name() is a zero terminated string even though there is no guarantee it is in the API. To avoid annoying misbehavior we forcibly zero terminate strings copied and returned by the interposer. Fixes: https://fedorahosted.org/gss-proxy/ticket/101 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Add support for dropping privilegesSimo Sorce2014-01-144-0/+66
| | | | | | | | | | | | | | If the 'proxy user' configuation option is set in the [gssproxy] section then GSS Proxy will drop privileges to the specified after setting up all the sockets. Care must be taken to make sure all the resources the daemon need access to (keytabs, ccache directories, etc..) are accessible as the proxy user. Implements: https://fedorahosted.org/gss-proxy/ticket/102 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>