| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Print only messages that are at that level or lower.
Also add timestamps to debug messages.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
|
|
|
|
|
|
| |
Ticket: https://fedorahosted.org/gss-proxy/ticket/152
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is embarrassing, but due to the fact we were passing in client
evnironment variables we were not actually testing the GSS-Proxy, just
regular GSSAPI as the client started so quickly that the socket was
not available yet and it simply fell back to regular GSSAPI.
This commit allows some time for the GSS-Proxy to actually start and
prevents the client from falling back by not telling it where client
credentials are.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
| |
Restrict what environment variables are available by default.
gssapienv in particular should not bleed in KRB5_KTNAME.
|
|
|
|
|
|
|
| |
Trap OSError is the kill does not find the subprocess.
This may happen if the subprocess fails early and terminates on its own.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
| |
Instead reuse it across the whole test by passing it down
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make rpms failed becuase header file t_utils.h was not included in tarball
t_accept.c:3:21: fatal error: t_utils.h: No such file or directory
#include "t_utils.h"
^
compilation terminated.
Makefile:445: recipe for target 't_accept.o' failed
make[3]: *** [t_accept.o] Error 1
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This sets up a kdc using socket_wrapper and nss_wrapper from the cwrap
project, and uses a dirty hack to force gssapi to load the current
proxymech interposer library.
It provisions a service and a user key then runs the interpostest binary
in this artifical environment.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Guenther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a 4 coverity issues, ranging from memory leaks, to uninitialized
variables, to potential NULL derefernce.
Also a TOCTOU report that is in one of the accessory test scripts.
The bug itself is not reallya TOCTOU, but the check done in the script is
unecessary, so I just removed it.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
We first need to fix our tests and implementation.
Temporary workaround for:
https://fedorahosted.org/gss-proxy/ticket/81
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
Vendors can call "make test_proxymech" from their specfile to make sure
proxymech.so can be properly loaded by the GSSAPI.
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
test all possible proxy mode combinations only when --all is given.
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
By setting closewait to 0 after waitpid we would loop forever not the max 10
times we intended to.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Adds options to set a sepcific proxy behavior for both the client and
the server subprocesses by setting the GSSPROXY_BEHAVIOR environment
variable after forking.
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
| |
|
| |
|
|
|
|
| |
Acked-by: Simo Sorce <simo@redhat.com>
|
|
|
|
| |
Acked-by: Simo Sorce <simo@redhat.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Make space for the actual mechglue plugin interface. The mechglue interface
will use the client library to communicate with the gss-proxy but will
reimplement all GSSAPI SPI as wrappers in order to properly handle fallbacks to
local mechanism and other input/output transformations.
|
| |
|
| |
|
| |
|
|
|
|
| |
Connecting to the proxy is handled internally by the client mechglue library.
|
|
|
|
|
| |
The test program is now testing almost all functions so change name to reflect
reaility.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|