Log of /trunk/grid-mw-security/cgul

---

Revision 1584 - Directory Listing
Modified Sun Mar 21 19:02:50 2010 UTC (12 years, 2 months ago) by okoeroo

Adding a function to test is a socket is still active and functional.

---

Revision 1556 - Directory Listing
Modified Thu Mar 11 15:52:41 2010 UTC (12 years, 2 months ago) by aramv

Added flush

---

Revision 1523 - Directory Listing
Modified Thu Feb 25 09:40:15 2010 UTC (12 years, 2 months ago) by okoeroo

Added specific variables to reduce function calls and fix a reporting error where a GID was to be printed, but a UID was set.

---

Revision 1516 - Directory Listing
Modified Thu Feb 18 14:18:14 2010 UTC (12 years, 3 months ago) by msalle

- updated comment

---

Revision 1515 - Directory Listing
Modified Thu Feb 18 14:08:32 2010 UTC (12 years, 3 months ago) by msalle

- Heavily improved mkdir_with_parents function for crippled automount behaviour.

---

Revision 1514 - Directory Listing
Modified Thu Feb 18 13:30:13 2010 UTC (12 years, 3 months ago) by msalle

- resync-ed with glexec: lstat -> stat etc.

---

Revision 1512 - Directory Listing
Modified Mon Feb 15 16:16:49 2010 UTC (12 years, 3 months ago) by msalle

- new function cgul_add_src_pattern() to add substring pattern entries from a
  src environment to a target environment. E.g. for GLEXEC_ variables into the
  target process environment.
- reworked related cgul_add_src_list(), so that it is more or less consistent
  internally consistent with the new cgul_add_src_pattern()

---

Revision 1510 - Directory Listing
Modified Sun Feb 14 12:31:32 2010 UTC (12 years, 3 months ago) by msalle

Bringing fileutil back in sync with version in gLExec

---

Revision 1509 - Directory Listing
Modified Sun Feb 14 12:31:10 2010 UTC (12 years, 3 months ago) by msalle

Bringing environ back in sync with version in gLExec.

---

Revision 1508 - Directory Listing
Modified Thu Feb 11 16:03:11 2010 UTC (12 years, 3 months ago) by msalle

- don't change const char * parameter, so put it in a buffer..

---

Revision 1503 - Directory Listing
Modified Wed Feb 10 23:32:47 2010 UTC (12 years, 3 months ago) by msalle

- cgul_write_uniq_proxy now updates the template such that one can figure out
  the actual filename

---

Revision 1498 - Directory Listing
Modified Wed Feb 10 15:44:18 2010 UTC (12 years, 3 months ago) by msalle

- Updated the API for the proxy reading and config file, after extensively
  looking at use-cases.
  Preferred for config file: 'glexec'.root (or 'scas'.root or whatever), and
  reading as glexec.glexec or glexec.gid
- two writing functions synchronized.

---

Revision 1493 - Directory Listing
Modified Tue Feb 9 22:01:18 2010 UTC (12 years, 3 months ago) by msalle

- (almost) no type incompatibilities. Removed 1 potentially dangerous size_t

---

Revision 1491 - Directory Listing
Modified Tue Feb 9 16:30:01 2010 UTC (12 years, 3 months ago) by msalle

- introduced cgul_ prefix for environ
- synchronized two proxy writing functions, thereby fixing a const char* writing
  issue (segfault).

---

Revision 1486 - Directory Listing
Modified Tue Feb 9 15:13:55 2010 UTC (12 years, 3 months ago) by msalle

- parent directory of to-be-written proxy is created and with right mode.

---

Revision 1484 - Directory Listing
Modified Tue Feb 9 14:54:49 2010 UTC (12 years, 3 months ago) by msalle

- LICENSES added
- added ifndef construct to prevent double inclusion
- added many comments
- fixed a few uninitialized variables 
- fixed too small buffer for reading (\0 forgotten)
  also fixed forgotten addition of \0 after reading.
- read_config() now has preferred uid/gid. 0 (root) effectively ignores, because
  root is always trusted (cannot be untrusted).
- priv_drop has int argu's because uid/gid is unsigned.
- same for read_proxy: read_gid is int
- priv_drop now fails when NOT euid==0
- read_config figures out whether switching or not and acts accordingly: in
  switching mode we demand confidential, in non-switching, trusted is good
  enough.
- check on template in write_uniq_proxy: ending with 6 times X
- difference in file mode and dirmode, for same one...
- fixed bug in dir creation, missed last element.

---

Revision 1476 - Directory Listing
Modified Mon Feb 8 16:11:46 2010 UTC (12 years, 3 months ago) by msalle

- new function cgul_read_config that reads a config file into a memory buffer
  using J. Kupsch' safefile (only the safe_is_path_trusted_r() )

- hopefully raise all privileges also when failure.

- remove dead code

---

Revision 1475 - Directory Listing
Modified Mon Feb 8 15:25:32 2010 UTC (12 years, 3 months ago) by okoeroo

Fixed errors

---

Revision 1474 - Directory Listing
Modified Mon Feb 8 15:18:44 2010 UTC (12 years, 3 months ago) by okoeroo

Creating a one liner to print the current process information.

---

Revision 1473 - Directory Listing
Modified Mon Feb 8 15:00:23 2010 UTC (12 years, 3 months ago) by msalle

- Added extra return code -3 for cgul_write_proxy(): permissions error
  Also split opening/changing ownership/mode for this, in this function
- fixed number of missing variable declarations
- fixed number of typos

---

Revision 1470 - Directory Listing
Modified Mon Feb 8 12:37:50 2010 UTC (12 years, 3 months ago) by msalle

- First (preliminary) version of fileutil files: locking, reading/writing proxy
  and directory creation.

---

Revision 1453 - Directory Listing
Modified Wed Feb 3 21:29:34 2010 UTC (12 years, 3 months ago) by msalle

- Use properly size_t when needed

---

Revision 1452 - Directory Listing
Modified Tue Feb 2 19:09:23 2010 UTC (12 years, 3 months ago) by msalle

- introducing env_t (char **): now use &dst for creation/updating of
  environments instead of return value of functions.
  This makes it easier to have a few additions in a row etc.

- make sure when input whitelist and/or src is null everything works as
  expected: new environment should be created and initialized to empty, old
  environment should be left unchanged.

- make sure environ.h is effectively included once using a #ifndef

---

Revision 1449 - Directory Listing
Modified Tue Feb 2 02:35:46 2010 UTC (12 years, 3 months ago) by msalle

- added new function setenv_dst() adding a name, value pair to the dst
  environment, similar to add_namevalue()

- check explicitly that whitelists aren't NULL, which lead to a segfault...

---

Revision 1447 - Directory Listing
Modified Sun Jan 31 18:24:07 2010 UTC (12 years, 3 months ago) by msalle

We're not in 2004... Changed year to 2010

---

Revision 1446 - Directory Listing
Modified Sun Jan 31 11:10:18 2010 UTC (12 years, 3 months ago) by msalle

No copyright text for us, only EGEE allowed (instructions from Francesco).

---

Revision 1444 - Directory Listing
Modified Fri Jan 29 10:02:55 2010 UTC (12 years, 3 months ago) by msalle

The tabs have been spaced out...

---

Revision 1443 - Directory Listing
Modified Fri Jan 29 10:00:16 2010 UTC (12 years, 3 months ago) by aramv

Changed tabs into spaces

---

Revision 1442 - Directory Listing
Modified Fri Jan 29 09:58:13 2010 UTC (12 years, 3 months ago) by msalle

license text to be included in any source file (incl. .h, Makefile etc...)

---

Revision 1441 - Directory Listing
Modified Fri Jan 29 09:50:02 2010 UTC (12 years, 3 months ago) by msalle

- Added a getenv for 'external' environments
- no more pointer arithmetics...

---

Revision 1440 - Directory Listing
Modified Thu Jan 28 21:03:50 2010 UTC (12 years, 3 months ago) by okoeroo

Adding arbitrary X509-related functions. These are from LCMAPS. And from what I now know about OpenSSL, some might be re-written to be less fragile or use less memory.

---

Revision 1439 - Directory Listing
Modified Thu Jan 28 20:58:44 2010 UTC (12 years, 3 months ago) by msalle

- fixed a few initialization (valgrind) problems.
- updated comments: remarks on strdup/putenv etc.

---

Revision 1438 - Directory Listing
Modified Thu Jan 28 19:46:50 2010 UTC (12 years, 3 months ago) by okoeroo

Removing double file.

---

Revision 1437 - Directory Listing
Modified Thu Jan 28 19:45:25 2010 UTC (12 years, 3 months ago) by okoeroo

Adding first part for OpenSSL (specific) tools. In this case its a (non functional) grid-proxy-verify. It's the same tool, but torn apart, refactored and with more useful APIs. Essentially the same as Jan Just's grid-proxy-verify. This code has been lifted from the lcmaps-plugins-verify-proxy.

---

Revision 1436 - Directory Listing
Modified Thu Jan 28 16:48:35 2010 UTC (12 years, 3 months ago) by msalle

- added a number of new functions to:
    add single pairs to external environment,
    put some general stuff in special functions,
- Fixed a few memory leaks, probably none left (-:

---

Revision 1429 - Directory Listing
Modified Mon Jan 25 16:42:10 2010 UTC (12 years, 3 months ago) by msalle

- strarrlen returns NULL when argument is NULL (not just when list is empty).
  This is convenient...

---

Revision 1420 - Directory Listing
Modified Mon Jan 25 10:40:31 2010 UTC (12 years, 3 months ago) by msalle

environ.c / environ.h Provides methods to safely backup the environment, to
clear the current environment and to re-set certain parts from the backup
into it.

---

Revision 1418 - Directory Listing
Modified Sun Jan 24 09:49:55 2010 UTC (12 years, 3 months ago) by okoeroo

Added:
gid_t threadsafe_getgid_from_name (const char * groupname)

---

Revision 1417 - Directory Listing
Modified Sat Jan 23 20:37:07 2010 UTC (12 years, 3 months ago) by okoeroo

Adding IPv6 capable client and service implementations.

Warning! This code still needs work to be cleaned from my personal/private/local/laptop hacking.

---

Revision 1411 - Directory Listing
Modified Thu Jan 21 15:33:50 2010 UTC (12 years, 4 months ago) by aramv

Added fancy bitmask and open/close functions

---

Revision 1409 - Directory Listing
Modified Thu Jan 21 10:40:37 2010 UTC (12 years, 4 months ago) by aramv

Added proper timestamp and hostname

---

Revision 1407 - Directory Listing
Modified Wed Jan 20 16:06:49 2010 UTC (12 years, 4 months ago) by aramv

Moved passwd size test to its own directory

---

Revision 1406 - Directory Listing
Modified Wed Jan 20 16:06:12 2010 UTC (12 years, 4 months ago) by aramv

Added a log-to-file example

---

Revision 1405 - Directory Listing
Modified Wed Jan 20 13:42:07 2010 UTC (12 years, 4 months ago) by okoeroo

Fixed the threadsafe_getuid_from_name() to be safer, easier to read, contain a 1k buffer by default, clean itself up properly, set errno at the end of the function to the proper state (bypassing the free() and other functions) and having sufficient comments in the code for understandability.

---

Revision 1404 - Directory Listing
Modified Wed Jan 20 11:48:59 2010 UTC (12 years, 4 months ago) by okoeroo

Added threadsafe_getuid_from_name()

---

Revision 1403 - Directory Listing
Modified Wed Jan 20 11:21:41 2010 UTC (12 years, 4 months ago) by okoeroo

Added Unix Privilege manipulation tool.

Includes:
UID up and Down grader and the generation of a list of gid_t's from a username.

---

Revision 1401 - Directory Listing
Modified Wed Jan 20 10:55:35 2010 UTC (12 years, 4 months ago) by okoeroo

Added a set of random character selection functions.

---

Revision 1400 - Directory Listing
Modified Wed Jan 20 10:07:44 2010 UTC (12 years, 4 months ago) by msalle

- checks errno
- no warnings

---

Revision 1397 - Directory Listing
Added Tue Jan 19 15:59:50 2010 UTC (12 years, 4 months ago) by aramv

Added a test for password struct size on your platform