| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The kernel makes no use of this data, and ita causes allocation issues
in some cases with waste of space on the kernel side.
Fixes: https://fedorahosted.org/gss-proxy/ticket/129
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On error we need to make sure we do not return a pointer to a
security context that may have been already freed.
So make sure to always unconditionally return the context that we've
been returned by our callees.
Also reorganize the code so we do not accidently wipe the context
and leak memoy on error.
This fixed a double-free bug found by NFS folks @ Red Hat
Fixes: https://fedorahosted.org/gss-proxy/ticket/137
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
- use automake variables for simplification of file installation
instead of make install hooks
- if configure is not called from $srcdir then few directories
were not created.
- few files were not removed with make unistall
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
Fixes: #132
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Lukas Slebodnik <lslebodn@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Lukas Slebodnik <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Fixes: #131
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
Reviewed-by: Roland Mainz <rmainz@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
An unsigned int cannot be cast to a size_t. On some architectures (like s390)
they have different sizes resulting in both writing out of bounds and getting
just a zero in the length field and causing the next operation to fail.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
Reviewed-by: Roland Mainz <rmainz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is embarrassing, but due to the fact we were passing in client
evnironment variables we were not actually testing the GSS-Proxy, just
regular GSSAPI as the client started so quickly that the socket was
not available yet and it simply fell back to regular GSSAPI.
This commit allows some time for the GSS-Proxy to actually start and
prevents the client from falling back by not telling it where client
credentials are.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
| |
Restrict what environment variables are available by default.
gssapienv in particular should not bleed in KRB5_KTNAME.
|
|
|
|
|
|
|
| |
Trap OSError is the kill does not find the subprocess.
This may happen if the subprocess fails early and terminates on its own.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
| |
Instead reuse it across the whole test by passing it down
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
This will help understanding why gss-proxy interposed programs are
failing.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
| |
This way it can be used both in stderr debugging as well as for sending
errors to syslog.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
This requires at least Fedora version 1.11.5 where mech.d support was
backported or upstreams > 1.12 version.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Guenther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The mechglue expects the mechanism function to zero them in all cases.
Otherwise on error it will later try to free the output buffer value
which can be an arbitrary pointer. This will cause a segfault or
worse in glibc's free().
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Roland Mainz <rmainz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The macro AC_BUILD_AUX_DIR was used too late. As a result of this automake 1.15
generated configure script which ignored the directory build/ and was not able
to find missing files.
configure: error: cannot find install-sh, install.sh,
or shtool in "." "./.." "./../..".
After removing macro AC_BUILD_AUX_DIR, autoreconf will install auxiliary files
into $srcdir.
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
Value of enum gp_rpc_accept_status GP_RPC_SUCCESS is 0
Value of enum gp_rpc_reject_status GP_RPC_RPC_MISMATCH is 0
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
| |
Result of 'malloc' is converted to a pointer of type 'uint32_t', which is
incompatible with sizeof operand type 'int32_t'
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make distcheck failed with error:
Makefile:1229: tests/.deps/cli_srv_comm.Po: No such file or directory
Makefile:1230: tests/.deps/interposetest.Po: No such file or directory
make[2]: *** No rule to make target 'tests/.deps/interposetest.Po'. Stop.
make[2]: Leaving directory './gss-proxy/proxy/bdir/gssproxy-0.3.1/_build'
Makefile:1528: recipe for target 'distclean-recursive' failed
make[1]: *** [distclean-recursive] Error 1
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mkdir build_dir
cd build_dir
../configiure
make tests
./tests/runtests.py
make: ./tests/runtests.py: Command not found
Makefile:2010: recipe for target 'tests' failed
make: *** [tests] Error 127
make test_proxymech
TMPDIR=tests/scripts/ ./tests/scripts/dlopen.sh ./.libs/proxymech.so || exit 1
/bin/sh: ./tests/scripts/dlopen.sh: No such file or directory
Makefile:2056: recipe for target 'test_proxymech' failed
make: *** [test_proxymech] Error 1
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make rpms failed becuase header file t_utils.h was not included in tarball
t_accept.c:3:21: fatal error: t_utils.h: No such file or directory
#include "t_utils.h"
^
compilation terminated.
Makefile:445: recipe for target 't_accept.o' failed
make[3]: *** [t_accept.o] Error 1
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This sets up a kdc using socket_wrapper and nss_wrapper from the cwrap
project, and uses a dirty hack to force gssapi to load the current
proxymech interposer library.
It provisions a service and a user key then runs the interpostest binary
in this artifical environment.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Guenther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
| |
This is especially useful for testing, but can be useful for custom
configurations of gss-proxy as well (containers, chroots, etc..)
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Guenther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
If the call to create socket fails we leave a dangling lock and the client
enters into a deadlock on the next call.
Fixes: https://fedorahosted.org/gss-proxy/ticket/121
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This way the init system will not proceed starting dependencies until gssproxy
is actually ready to serve requests.
In particular this is used to make sure the nfsd proc file has been touched
before the nfsd server is started.
Resolves: https://fedorahosted.org/gss-proxy/ticket/114
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
| |
Automatically handle short reads due to singals interrupting the process.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NTLMSSP does not have export_name functions yet, this was causing
gss_export_composite_name() to fail with a GSS_S_UNAVAILABLE error.
This should be ignored, however it wasn't and on top of that the output
structure was initialized but held pointers to memory freed at exit (due to the
error).
Make the function not failed if a mechanism do not have composite export
function, but if it does make sure the output is not littered with invalid
pointers.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This shouldn't be needed but apaprently there are a number of applications
like mod_auth_kerb that just blindly assume the out buffer returned by
gss_diplay_name() is a zero terminated string even though there is no
guarantee it is in the API. To avoid annoying misbehavior we forcibly zero
terminate strings copied and returned by the interposer.
Fixes: https://fedorahosted.org/gss-proxy/ticket/101
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the 'proxy user' configuation option is set in the [gssproxy] section then
GSS Proxy will drop privileges to the specified after setting up all the
sockets.
Care must be taken to make sure all the resources the daemon need access to
(keytabs, ccache directories, etc..) are accessible as the proxy user.
Implements: https://fedorahosted.org/gss-proxy/ticket/102
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
| |
Resolves: https://fedorahosted.org/gss-proxy/ticket/112
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
| |
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/gss-proxy/ticket/111
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately strerror() is not thread safe so we have to juggle with
strerror_r() which is a can of worms as 2 incompatible implementations
are available depending on what is defined at compile time.
Try to do something sane.
https://fedorahosted.org/gss-proxy/ticket/111
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
proxymehc.so may be used in setuid binaries so follow best security
practices and use secure_getenv() if available.
Fallback to poorman emulation when secure_getenv() is not available.
Resolves: https://fedorahosted.org/gss-proxy/ticket/110
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
| |
When a service is configured with cred_usage = initiate it is
ok to allow only client credentials to be defined.
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
| |
Take a copy here, the option string is const and strtok_r() is not a safe
function as it may change the string it manipulates.
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
| |
Resolves: https://fedorahosted.org/gss-proxy/ticket/109
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
| |
Resolves: https://fedorahosted.org/gss-proxy/ticket/109
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2 New configuration options are made available:
- filter_flags
- enforce_flags
Any GSS Flags listed in the filter_flags option is forcibly filtered
out before a gss_init_sec_context() call is invoked.
Any GSS Flags listed in the enforce_flags option is forcibly added
to the list of flags requested by a gss_init_sec_context() call is
invoked.
Flags can be either literals or numeric and must be preceded by the
sign + (to add to the list) or - (to remove from the list).
Resolves: https://fedorahosted.org/gss-proxy/ticket/109
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
| |
In some cases a name may not be provided, still try to perform
impersonation if the service is configured that way.
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
| |
If the remote client tries to initialize the context without first
acquiring credentials, try to acquire appropriate credentials if
the service allows it.
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Properly support continuations, including returning the rigth error code
and exporting partial contexts.
Fixes multistep authentications in particular for the initialization case
which always uses continuations.
Resolves: https://fedorahosted.org/gss-proxy/ticket/108
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We need to pass the real mechanism oid here, not the spcial oid.
special oids are used exclusively by the interposer and gssapi
machinery that calls the interposer, they must never be propagated
to clients or servers.
https://fedorahosted.org/gss-proxy/ticket/107
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
In some cases we need to pass on the corresponding real oid, after we
are given a special oid.
Add helper functions to do that.
https://fedorahosted.org/gss-proxy/ticket/107
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
|
|
|
|
|
| |
These arguments have been accidentally forgotten causing failures for
applications that specify non default flags and non indefinite lifetime.
https://fedorahosted.org/gss-proxy/ticket/106
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
|
|
|
| |
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|