summaryrefslogtreecommitdiffstats
path: root/proxy
Commit message (Collapse)AuthorAgeFilesLines
* Add helper function to check for krb5 oidSimo Sorce2013-03-272-0/+15
| | | | | | | | | | The krb5 mechanism supports multiple oids for historical reasons. Add a function to generically check if a mech oid is any of the krb5 mechanism known oids for functions that do not care which exact oid is being used of the krb5 family. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Improve ccache formatting.Simo Sorce2013-03-272-14/+42
| | | | | | | | | | Add %U support which will insert the user uid number instead of name. Fix %% support by actually removing one of the % charcters Fix %<invalid> sequence by actually bailing out if one is found. Add GPDEBUG statements to indicate what went wrong. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Test all possible proxy mode combinations.Günther Deschner2013-03-271-3/+16
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Make it easier to test gssproxy behavior settings.Günther Deschner2013-03-271-40/+95
| | | | | | | | | Adds options to set a sepcific proxy behavior for both the client and the server subprocesses by setting the GSSPROXY_BEHAVIOR environment variable after forking. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix write_pid debug messageSimo Sorce2013-03-271-1/+1
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Use token wrapper in gpp_remote_lo_local_ctxSimo Sorce2013-03-221-4/+39
| | | | | We need to do the wrapping in order to get back an actual local context. Otherwise we get back an interposed context from gssapi.
* Create helper function to wrap tokenSimo Sorce2013-03-223-20/+34
| | | | Wrap the token in a helper function so that the code can be reused elsewhere.
* Packaging fixesAndreas Schneider2013-03-221-10/+8
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix systemd config file for gssproxy.Günther Deschner2013-03-221-1/+1
| | | | Reviewed-by: Simo Sorce <simo@redhat.com>
* Add systemd packaging to gssproxy spec file.Günther Deschner2013-03-221-9/+22
| | | | Reviewed-by: Simo Sorce <simo@redhat.com>
* Add various fixes to gssproxy.spec.Günther Deschner2013-03-221-80/+35
| | | | Reviewed-by: Simo Sorce <simo@redhat.com>
* Write pid file at startup.Simo Sorce2013-03-226-18/+55
|
* Make socket path a configure optionSimo Sorce2013-03-225-39/+25
| | | | | | | The kernel uses the fixed path named /var/run/gssproxy.sock Make this default a configure time option and default to it. Also remove the option to change the socket at configure time, neither the kernel nor proxymech.so can cope with a change anyway.
* Enable kernel support.Simo Sorce2013-03-225-0/+61
| | | | | | | | The Linux kernel now requires the gss-proxy to signal when it is available. This is done by writing 1 to the file /proc/net/rpc/use-gss-proxy Once this happens the kernel will try to attach to the gss-proxy socket and use it instead of the classic rpc.svcgssd daemon.
* Remove gssproxy.serviceSimo Sorce2013-03-221-14/+0
| | | | | This file is generated by gssproxy.service.in so keep only the source in git.
* Fix gssi_context_time for remote calls.Günther Deschner2013-03-141-4/+3
| | | | | | lifetime is alredy returned as remaining seconds of lifetime. Signed-off-by: Simo Sorce <simo@redhat.com>
* Fix gssi_import_sec_context_by_mech()Günther Deschner2013-03-141-1/+1
| | | | | | Use spmech->length as we are replacing the original oid with spmech. Signed-off-by: Simo Sorce <simo@redhat.com>
* mechglue: add trace debuggingGünther Deschner2013-03-1413-0/+146
| | | | | | This is enabled via --with-gssidebug. Signed-off-by: Simo Sorce <simo@redhat.com>
* interpostest: improve debug output when gss_context_time() fails.Günther Deschner2013-03-141-2/+5
| | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* Add debug statement when gp_rpc_execute is called.Günther Deschner2013-03-142-17/+64
| | | | | | Add code to print the name of tehe GSSX function being executed. Signed-off-by: Simo Sorce <simo@redhat.com>
* Add support to get peer's SeLinux contextSimo Sorce2013-03-141-2/+21
|
* Use gssrpc instead of system rpcSimo Sorce2013-03-144-5/+10
| | | | | This avoids issues with libraris like libtirpc as gssrpc renames all the symbols to avoid clashes with system libraries.
* Add custom implementation of xdr_uint64_tSimo Sorce2013-03-144-1/+90
| | | | This is needed because gssrpc doesn't have one.
* Fix includesSimo Sorce2013-03-146-0/+6
| | | | | These includes are necessary when switching to gssrpc because they are not automatically dragged in via dependencies in system rpc.h
* mechglue: initialize gpp cred_handle in gssi_acquire_cred_with_password().Günther Deschner2013-02-221-1/+1
|
* mechglue: fix gssi_set_cred_option() arguments.Günther Deschner2013-02-222-4/+4
|
* interposer-plugin: Fix MIT 1.11 gssi_import_sec_context_by_mech symbol name.Günther Deschner2013-02-152-8/+8
|
* Add example GSS-API mechanism plugins config file.Günther Deschner2013-01-153-1/+7
| | | | The file is not installed automatically yet.
* Change interposer usage, clients need to set GSS_USE_PROXY=1|YES.Günther Deschner2013-01-152-3/+6
| | | | | | The variable _GSSPROXY_LOOPS has been changed in favor of GSS_USE_PROXY. From now on, applications needs to explicitly enable the usage of the gssproxy interposer inception.
* Move master version to 0.0.99Simo Sorce2012-11-061-1/+1
| | | | This will set us on course for a 0.1.0 release.
* build: check for gss_import_cred and gss_export_cred.Günther Deschner2012-11-021-0/+6
|
* Use new gss_import/export_cred functionsSimo Sorce2012-10-2510-404/+98
| | | | | | | This allows us to remove the ring_buffer hack and become completely stateless as well as remove a possible DoS avenue. R.I.P. Ring Buffer :-)
* Makefile: Add src/mechglue/gss_plugin.h to header list.Günther Deschner2012-10-251-1/+2
| | | | Acked-by: Simo Sorce <simo@redhat.com>
* Add doc about current and future planned behaviorSimo Sorce2012-10-251-0/+111
|
* interposetest: add more debug statements.Günther Deschner2012-10-251-0/+13
|
* interposetest: add test for gss_export_name_composite()Günther Deschner2012-10-251-0/+11
|
* Implement export_name_compositeGünther Deschner2012-10-252-0/+28
|
* Call gss_export_name_composite() from gp_conv_name_to_gssx().Günther Deschner2012-10-252-1/+23
| | | | Make sure to return success in gp_conv_name_to_gssx() at that point.
* Add gpm_export_name_composite().Günther Deschner2012-10-252-0/+31
|
* interposetest: test gss_wrap_size_limit().Günther Deschner2012-10-251-0/+16
|
* interposetest: test gss_wrap_iov/gss_unwrap_iov.Günther Deschner2012-10-251-0/+99
| | | | Acked-by: Simo Sorce <simo@redhat.com>
* interposetest: add test for gss_export_name().Günther Deschner2012-10-251-0/+10
| | | | Acked-by: Simo Sorce <simo@redhat.com>
* Add context related testsSimo Sorce2012-10-251-4/+98
|
* Add get/verify mic testsSimo Sorce2012-10-251-4/+53
|
* Use a debug macro in interposer testSimo Sorce2012-10-251-20/+30
|
* Add interposer tests for wrap/unwrapSimo Sorce2012-10-251-0/+41
|
* New test program to exercise the mechglue pluginSimo Sorce2012-10-253-3/+543
|
* Implement internal_release_oidSimo Sorce2012-10-252-0/+27
|
* Implement misc spi callsSimo Sorce2012-10-253-0/+219
|
* Implement privacy/integrity mechglue wrappersSimo Sorce2012-10-253-0/+421
|
generated by cgit (git 2.34.1) at 2025-09-25 20:56:21 +0000