/[pdpsoft]/trunk/grid-mw-security/cgul
ViewVC logotype

Log of /trunk/grid-mw-security/cgul

View Directory Listing Directory Listing


Sticky Revision:

Revision 1749 - Directory Listing
Modified Wed Jun 9 13:54:08 2010 UTC (11 years, 11 months ago) by aramv
Fixed memleak

Revision 1718 - Directory Listing
Modified Fri May 28 12:22:34 2010 UTC (12 years ago) by msalle
Adding header file made by configure


Revision 1717 - Directory Listing
Modified Fri May 28 12:20:27 2010 UTC (12 years ago) by msalle
Adding safefile-1.0 from Jim Kupsch. 


Revision 1709 - Directory Listing
Modified Thu May 20 12:19:51 2010 UTC (12 years ago) by aramv
Removed debug output

Revision 1708 - Directory Listing
Modified Thu May 20 10:37:51 2010 UTC (12 years ago) by aramv
Only using vsnprintf when needed, renamed asprintf to my_asprintf to avoid conflicts with GNU code

Revision 1707 - Directory Listing
Modified Wed May 19 16:23:47 2010 UTC (12 years ago) by aramv
Added tiny fixes to log_to_file.c

Revision 1704 - Directory Listing
Modified Wed May 19 13:21:28 2010 UTC (12 years ago) by aramv
Using new header file

Revision 1703 - Directory Listing
Modified Wed May 19 13:19:31 2010 UTC (12 years ago) by aramv
Added unixprivs prototypes

Revision 1702 - Directory Listing
Modified Wed May 19 12:52:50 2010 UTC (12 years ago) by aramv
Fixed asprintf misuse

Revision 1701 - Directory Listing
Modified Wed May 19 12:45:45 2010 UTC (12 years ago) by aramv
Fixed C++ style comment

Revision 1694 - Directory Listing
Modified Tue May 18 15:17:36 2010 UTC (12 years ago) by aramv
Fixed pid_t to string code to be warningless. I hope it works on OpenSolaris too

Revision 1693 - Directory Listing
Modified Tue May 18 14:50:12 2010 UTC (12 years ago) by aramv
Fixed const char bug

Revision 1686 - Directory Listing
Modified Wed May 12 13:22:02 2010 UTC (12 years ago) by msalle
Need to #include <sys/types.h> for uid_t and gid_t


Revision 1682 - Directory Listing
Modified Tue May 11 09:40:20 2010 UTC (12 years ago) by aramv
Different include

Revision 1675 - Directory Listing
Modified Tue May 11 09:35:18 2010 UTC (12 years ago) by aramv
Removed main

Revision 1674 - Directory Listing
Modified Tue May 11 09:32:35 2010 UTC (12 years ago) by aramv
Moved gridmapdir to gridmapfile

Revision 1673 - Directory Listing
Modified Tue May 11 09:32:03 2010 UTC (12 years ago) by aramv
Moved gridmapdir to gridmapfile

Revision 1672 - Directory Listing
Modified Tue May 11 09:24:58 2010 UTC (12 years ago) by aramv
Fixed mini-memleak

Revision 1660 - Directory Listing
Modified Thu May 6 15:29:04 2010 UTC (12 years ago) by aramv
Added some gridmapdir code

Revision 1649 - Directory Listing
Modified Tue Apr 20 12:40:26 2010 UTC (12 years, 1 month ago) by aramv
Missed a spot

Revision 1618 - Directory Listing
Modified Fri Apr 9 09:45:30 2010 UTC (12 years, 1 month ago) by aramv
Fixed small bug. Added ident setter. Flushing fd after each write

Revision 1617 - Directory Listing
Modified Thu Apr 8 12:35:02 2010 UTC (12 years, 1 month ago) by okoeroo
More firm checks



Revision 1616 - Directory Listing
Modified Thu Apr 8 12:27:00 2010 UTC (12 years, 1 month ago) by okoeroo
fixed typos and compile problems. This now works.



Revision 1614 - Directory Listing
Modified Thu Apr 8 12:04:15 2010 UTC (12 years, 1 month ago) by aramv
Fixed small memleak

Revision 1613 - Directory Listing
Modified Thu Apr 8 09:49:09 2010 UTC (12 years, 1 month ago) by aramv
Moved signatures and typedefs to header

Revision 1612 - Directory Listing
Modified Thu Apr 8 09:44:44 2010 UTC (12 years, 1 month ago) by aramv
Renamed references to EEF/EES to CGUL

Revision 1611 - Directory Listing
Modified Wed Apr 7 09:31:09 2010 UTC (12 years, 1 month ago) by okoeroo
Added cgul_x509_select_final_cert_from_chain() which checks if there is a End-Entity Certificate or delegation to be selected as the final certificate.



Revision 1610 - Directory Listing
Modified Tue Apr 6 15:31:40 2010 UTC (12 years, 1 month ago) by okoeroo
Added cgul_x509_select_eec_from_chain() to simplify the code in cgul_x509_chain_to_subject_dn() and cgul_x509_chain_to_issuer_dn().


/******************************************************************************
Function:       cgul_x509_select_eec_from_chain()
Description:    Get the End-Entity Certificate from a certificate chain
Parameters:
                certstack: certificate chain
Returns:        pointer to X509 EEC
******************************************************************************/
X509 * cgul_x509_select_eec_from_chain (STACK_OF(X509) * chain);

/******************************************************************************
Function:       cgul_x509_chain_to_subject_dn()
Description:    Get the Subject DN of the End-Entity Certificate of the X509 cert
Parameters:
                certstack: certificate chain
Returns:        Subject DN string (which should be freed)
******************************************************************************/
char * cgul_x509_chain_to_subject_dn(STACK_OF(X509) * chain);

/******************************************************************************
Function:       cgul_x509_chain_to_issuer_dn()
Description:    Get the Issuer DN of the End-Entity Certificate of the X509 cert
Parameters:
                certstack: certificate chain
Returns:        Issuer DN string (which should be freed)
******************************************************************************/
char * cgul_x509_chain_to_issuer_dn(STACK_OF(X509) * chain);




Revision 1584 - Directory Listing
Modified Sun Mar 21 19:02:50 2010 UTC (12 years, 2 months ago) by okoeroo
Adding a function to test is a socket is still active and functional.



Revision 1556 - Directory Listing
Modified Thu Mar 11 15:52:41 2010 UTC (12 years, 2 months ago) by aramv
Added flush

Revision 1523 - Directory Listing
Modified Thu Feb 25 09:40:15 2010 UTC (12 years, 3 months ago) by okoeroo
Added specific variables to reduce function calls and fix a reporting error where a GID was to be printed, but a UID was set.



Revision 1516 - Directory Listing
Modified Thu Feb 18 14:18:14 2010 UTC (12 years, 3 months ago) by msalle
- updated comment


Revision 1515 - Directory Listing
Modified Thu Feb 18 14:08:32 2010 UTC (12 years, 3 months ago) by msalle
- Heavily improved mkdir_with_parents function for crippled automount behaviour.



Revision 1514 - Directory Listing
Modified Thu Feb 18 13:30:13 2010 UTC (12 years, 3 months ago) by msalle
- resync-ed with glexec: lstat -> stat etc.


Revision 1512 - Directory Listing
Modified Mon Feb 15 16:16:49 2010 UTC (12 years, 3 months ago) by msalle
- new function cgul_add_src_pattern() to add substring pattern entries from a
  src environment to a target environment. E.g. for GLEXEC_ variables into the
  target process environment.
- reworked related cgul_add_src_list(), so that it is more or less consistent
  internally consistent with the new cgul_add_src_pattern()



Revision 1510 - Directory Listing
Modified Sun Feb 14 12:31:32 2010 UTC (12 years, 3 months ago) by msalle
Bringing fileutil back in sync with version in gLExec



Revision 1509 - Directory Listing
Modified Sun Feb 14 12:31:10 2010 UTC (12 years, 3 months ago) by msalle
Bringing environ back in sync with version in gLExec.



Revision 1508 - Directory Listing
Modified Thu Feb 11 16:03:11 2010 UTC (12 years, 3 months ago) by msalle
- don't change const char * parameter, so put it in a buffer..


Revision 1503 - Directory Listing
Modified Wed Feb 10 23:32:47 2010 UTC (12 years, 3 months ago) by msalle
- cgul_write_uniq_proxy now updates the template such that one can figure out
  the actual filename



Revision 1498 - Directory Listing
Modified Wed Feb 10 15:44:18 2010 UTC (12 years, 3 months ago) by msalle
- Updated the API for the proxy reading and config file, after extensively
  looking at use-cases.
  Preferred for config file: 'glexec'.root (or 'scas'.root or whatever), and
  reading as glexec.glexec or glexec.gid
- two writing functions synchronized.


Revision 1493 - Directory Listing
Modified Tue Feb 9 22:01:18 2010 UTC (12 years, 3 months ago) by msalle
- (almost) no type incompatibilities. Removed 1 potentially dangerous size_t



Revision 1491 - Directory Listing
Modified Tue Feb 9 16:30:01 2010 UTC (12 years, 3 months ago) by msalle
- introduced cgul_ prefix for environ
- synchronized two proxy writing functions, thereby fixing a const char* writing
  issue (segfault).


Revision 1486 - Directory Listing
Modified Tue Feb 9 15:13:55 2010 UTC (12 years, 3 months ago) by msalle
- parent directory of to-be-written proxy is created and with right mode.


Revision 1484 - Directory Listing
Modified Tue Feb 9 14:54:49 2010 UTC (12 years, 3 months ago) by msalle
- LICENSES added
- added ifndef construct to prevent double inclusion
- added many comments
- fixed a few uninitialized variables 
- fixed too small buffer for reading (\0 forgotten)
  also fixed forgotten addition of \0 after reading.
- read_config() now has preferred uid/gid. 0 (root) effectively ignores, because
  root is always trusted (cannot be untrusted).
- priv_drop has int argu's because uid/gid is unsigned.
- same for read_proxy: read_gid is int
- priv_drop now fails when NOT euid==0
- read_config figures out whether switching or not and acts accordingly: in
  switching mode we demand confidential, in non-switching, trusted is good
  enough.
- check on template in write_uniq_proxy: ending with 6 times X
- difference in file mode and dirmode, for same one...
- fixed bug in dir creation, missed last element.



Revision 1476 - Directory Listing
Modified Mon Feb 8 16:11:46 2010 UTC (12 years, 3 months ago) by msalle
- new function cgul_read_config that reads a config file into a memory buffer
  using J. Kupsch' safefile (only the safe_is_path_trusted_r() )

- hopefully raise all privileges also when failure.

- remove dead code



Revision 1475 - Directory Listing
Modified Mon Feb 8 15:25:32 2010 UTC (12 years, 3 months ago) by okoeroo
Fixed errors



Revision 1474 - Directory Listing
Modified Mon Feb 8 15:18:44 2010 UTC (12 years, 3 months ago) by okoeroo
Creating a one liner to print the current process information.



Revision 1473 - Directory Listing
Modified Mon Feb 8 15:00:23 2010 UTC (12 years, 3 months ago) by msalle
- Added extra return code -3 for cgul_write_proxy(): permissions error
  Also split opening/changing ownership/mode for this, in this function
- fixed number of missing variable declarations
- fixed number of typos


Revision 1470 - Directory Listing
Modified Mon Feb 8 12:37:50 2010 UTC (12 years, 3 months ago) by msalle
- First (preliminary) version of fileutil files: locking, reading/writing proxy
  and directory creation.



Revision 1453 - Directory Listing
Modified Wed Feb 3 21:29:34 2010 UTC (12 years, 3 months ago) by msalle
- Use properly size_t when needed


Revision 1452 - Directory Listing
Modified Tue Feb 2 19:09:23 2010 UTC (12 years, 3 months ago) by msalle
- introducing env_t (char **): now use &dst for creation/updating of
  environments instead of return value of functions.
  This makes it easier to have a few additions in a row etc.

- make sure when input whitelist and/or src is null everything works as
  expected: new environment should be created and initialized to empty, old
  environment should be left unchanged.

- make sure environ.h is effectively included once using a #ifndef


Revision 1449 - Directory Listing
Modified Tue Feb 2 02:35:46 2010 UTC (12 years, 3 months ago) by msalle
- added new function setenv_dst() adding a name, value pair to the dst
  environment, similar to add_namevalue()

- check explicitly that whitelists aren't NULL, which lead to a segfault...



Revision 1447 - Directory Listing
Modified Sun Jan 31 18:24:07 2010 UTC (12 years, 3 months ago) by msalle
We're not in 2004... Changed year to 2010


Revision 1446 - Directory Listing
Modified Sun Jan 31 11:10:18 2010 UTC (12 years, 3 months ago) by msalle
No copyright text for us, only EGEE allowed (instructions from Francesco).



Revision 1444 - Directory Listing
Modified Fri Jan 29 10:02:55 2010 UTC (12 years, 3 months ago) by msalle
The tabs have been spaced out...


Revision 1443 - Directory Listing
Modified Fri Jan 29 10:00:16 2010 UTC (12 years, 3 months ago) by aramv
Changed tabs into spaces

Revision 1442 - Directory Listing
Modified Fri Jan 29 09:58:13 2010 UTC (12 years, 3 months ago) by msalle
license text to be included in any source file (incl. .h, Makefile etc...)



Revision 1441 - Directory Listing
Modified Fri Jan 29 09:50:02 2010 UTC (12 years, 3 months ago) by msalle
- Added a getenv for 'external' environments
- no more pointer arithmetics...


Revision 1440 - Directory Listing
Modified Thu Jan 28 21:03:50 2010 UTC (12 years, 4 months ago) by okoeroo
Adding arbitrary X509-related functions. These are from LCMAPS. And from what I now know about OpenSSL, some might be re-written to be less fragile or use less memory.




Revision 1439 - Directory Listing
Modified Thu Jan 28 20:58:44 2010 UTC (12 years, 4 months ago) by msalle
- fixed a few initialization (valgrind) problems.
- updated comments: remarks on strdup/putenv etc.



Revision 1438 - Directory Listing
Modified Thu Jan 28 19:46:50 2010 UTC (12 years, 4 months ago) by okoeroo
Removing double file.



Revision 1437 - Directory Listing
Modified Thu Jan 28 19:45:25 2010 UTC (12 years, 4 months ago) by okoeroo
Adding first part for OpenSSL (specific) tools. In this case its a (non functional) grid-proxy-verify. It's the same tool, but torn apart, refactored and with more useful APIs. Essentially the same as Jan Just's grid-proxy-verify. This code has been lifted from the lcmaps-plugins-verify-proxy.




Revision 1436 - Directory Listing
Modified Thu Jan 28 16:48:35 2010 UTC (12 years, 4 months ago) by msalle
- added a number of new functions to:
    add single pairs to external environment,
    put some general stuff in special functions,
- Fixed a few memory leaks, probably none left (-:



Revision 1429 - Directory Listing
Modified Mon Jan 25 16:42:10 2010 UTC (12 years, 4 months ago) by msalle
- strarrlen returns NULL when argument is NULL (not just when list is empty).
  This is convenient...



Revision 1420 - Directory Listing
Modified Mon Jan 25 10:40:31 2010 UTC (12 years, 4 months ago) by msalle
environ.c / environ.h Provides methods to safely backup the environment, to
clear the current environment and to re-set certain parts from the backup
into it.



Revision 1418 - Directory Listing
Modified Sun Jan 24 09:49:55 2010 UTC (12 years, 4 months ago) by okoeroo
Added:
gid_t threadsafe_getgid_from_name (const char * groupname)






Revision 1417 - Directory Listing
Modified Sat Jan 23 20:37:07 2010 UTC (12 years, 4 months ago) by okoeroo
Adding IPv6 capable client and service implementations.

Warning! This code still needs work to be cleaned from my personal/private/local/laptop hacking.



Revision 1411 - Directory Listing
Modified Thu Jan 21 15:33:50 2010 UTC (12 years, 4 months ago) by aramv
Added fancy bitmask and open/close functions

Revision 1409 - Directory Listing
Modified Thu Jan 21 10:40:37 2010 UTC (12 years, 4 months ago) by aramv
Added proper timestamp and hostname

Revision 1407 - Directory Listing
Modified Wed Jan 20 16:06:49 2010 UTC (12 years, 4 months ago) by aramv
Moved passwd size test to its own directory

Revision 1406 - Directory Listing
Modified Wed Jan 20 16:06:12 2010 UTC (12 years, 4 months ago) by aramv
Added a log-to-file example

Revision 1405 - Directory Listing
Modified Wed Jan 20 13:42:07 2010 UTC (12 years, 4 months ago) by okoeroo
Fixed the threadsafe_getuid_from_name() to be safer, easier to read, contain a 1k buffer by default, clean itself up properly, set errno at the end of the function to the proper state (bypassing the free() and other functions) and having sufficient comments in the code for understandability.



Revision 1404 - Directory Listing
Modified Wed Jan 20 11:48:59 2010 UTC (12 years, 4 months ago) by okoeroo
Added threadsafe_getuid_from_name()




Revision 1403 - Directory Listing
Modified Wed Jan 20 11:21:41 2010 UTC (12 years, 4 months ago) by okoeroo
Added Unix Privilege manipulation tool.

Includes:
UID up and Down grader and the generation of a list of gid_t's from a username.




Revision 1401 - Directory Listing
Modified Wed Jan 20 10:55:35 2010 UTC (12 years, 4 months ago) by okoeroo
Added a set of random character selection functions.




Revision 1400 - Directory Listing
Modified Wed Jan 20 10:07:44 2010 UTC (12 years, 4 months ago) by msalle
- checks errno
- no warnings


Revision 1397 - Directory Listing
Added Tue Jan 19 15:59:50 2010 UTC (12 years, 4 months ago) by aramv
Added a test for password struct size on your platform

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28