Parent Directory | Revision Graph
|Links to HEAD:||(view) (download) (as text) (annotate)|
fix failure handling for myproxy_creds_retrieve() calls in myproxy_creds_retrieve_all_ex(): 1) when trying to load default credential, it's not an error if we don't find one - this is a fix to my last commit 2) when scanning directory, if we fail to load a credential that should be there, don't rely on creds structure that may be cleared, but instead use stashed values when logging error
log if myproxy_creds_retrieve() fails when it shouldn't
in myproxy-server, fix abort when processing INFO response when the user has stored credentials both with and without a credential name; bug was introduced in myproxy-server v4.9 (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7209)
use /var/lib/myproxy as first choice default storage directory, for Filesystem Hierarchy Standard compliance; still fallback to /var/myproxy and $GLOBUS_LOCATION/var/myproxy for alternatives (http://www.pathname.com/fhs/pub/fhs-2.3.html#THEVARHIERARCHY)
Now skipping private files in cert_dir if the MyProxy server is already up serving requests; it will continue to fail to start if private files are found in cert_dir.
fix double-free in myproxy_install_trusted_cert_files() on write error (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7135)
Added myproxy-server trustroots security improvements info to VERSION file and a couple naming changes.
myproxy-server trustroots security improvements: 1. cert_dir should default to undefined rather than /etc/grid-security/certificates 2. get-trustroots handling in myproxy-server should check if cert_dir is defined and if not, should generate a warning in log. 3. update myproxy-server.config: example at the top, cert_dir entry later on 4. update myproxy-server-setup 5. update man pages: anywhere example myproxy-server.config appears 6. only deliver world-readable files; fail entire operation if a non-world-readable regular file is encountered. 7. also do sanity check on myproxy-server startup: if cert_dir is defined, abort if non-world-readable file inside
treat trustroot file contents as binary data rather than text in myproxy-logon -T / myproxy-get-trustroots
write data file and lock file atomically
atomically update credential files and avoid unnecessary file copies; myproxy_creds_store() now moves file to the repository, rather than copying
when cleaning CRLs, also remove any CRLs we can't read or parse
when scanning directory for credentials in myproxy_creds_retrieve_all_ex(), check filename right away for matching username (like we did in the old code), as this should be more efficient for repositories with many credentials than checking after we load the credentials from disk
combine the logic of myproxy_creds_retrieve_all() and myproxy_admin_retrieve_all() into one function to avoid subtle differences between the two implementations.
fix printf compiler warnings: "format not a string literal and no format arguments"
replace fixed-length buffer in read_data_file() repository file parser with dynamically-sized buffer to support credentials with policies longer than 511 characters (http://bugzilla.globus.org/globus/show_bug.cgi?id=6723)
in myproxy_install_trusted_cert_files(), update files atomically (using rename) rather than overwriting
just call safe_is_path_trusted_r() once on startup for now so we don't fill the syslogs with warnings
implement stricter checks on myproxy-server storage directory security using Safefile's safe_is_path_trusted_r() (http://pages.cs.wisc.edu/~kupsch/safefile/); for now, these checks result in WARNING messages rather than errors
add max_cred_lifetime option in myproxy-server.config to limit the lifetime of credentials stored in the repository
for myproxy-logon -T, bootstrap the trusted certificates directory atomically (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6432)
code cleanup with help from Jim Kupsch: - fix uninitialized variables - check return values - remove dead code - fix strncpy() calls
Use DES_crypt() instead of des_crypt() for OpenSSL 0.9.8 compatibility.
On stat() failure in myproxy_get_certs(), log error and continue.
The dirent d_type field isn't portable. Replace with stat() call.
In myproxy_get_certs(), when gathering X509_CERT_DIR files, only process regular files, skipping directories or other special files.
When changing passphrase to "", simply don't encrypt the private key. The myproxy-change-pass-phrase and myproxy-admin-change-pass commands behaved inconsistently in this regard. The change here forces consistent behavior.
free unused memory -- fix leaks
add myproxy_clean_crls() function to remove bad CRL files
rename check_trusted_certs_dir to myproxy_check_trusted_certs_dir and make it a public function. myproxy_bootstrap_trust() uses it.
remove unused variable
OpenSSL will check certificate validity times as part of ssl_verify_gsi_chain(), and we don't need a duplicate check in myproxy_creds_verify(), so remove it, especially considering our time checks cause problems such as <http://bugzilla.ncsa.uiuc.edu/show_bug.cgi?id=346>.
don't check locks in myproxy_creds_verify(), as a locked credential is not necessarily an invalid credential
add new myproxy_creds_verify() function
sterilize username to consistently handle usernames starting with '.'
don't md5sum usernames containing '-' as that'll cause backward compat issues. just deal with the ambiguity via the new USERNAME entry in the data file.
fix handling of usernames/crednames containing '/', '-', or '.' by md5summing any usernames containing '-', storing the actual username in the .data file (for display by myproxy-admin-query), and splitting on the last '.' in the filename to find the .creds and .data suffixes (rather than the first '.', i.e., strrchr instead of strchr)
Markus's changes for pkcs11 supportCVS: ----------------------------------------------------------------------
commit MYPROXY_2_2-branch-end to HEAD
on INFO query, if no matching credentials found, put only that fact in the error message, rather than including other errors (such as credentials do not exist) which could give useful information to an attacker (http://bugzilla.ncsa.uiuc.edu/show_bug.cgi?id=326)
- add myproxy_creds_free() - fix some memory leaks
new trusted_retrievers option for certificate-only authentication to the myproxy-server
More clean up. myproxy-replicate: changed master to primary, slave to secondary. myproxy-test-replicate: changed master to primary, slave to secondary. myproxy.c: fixed up debug message. myproxy_creds.c: fixed up debug messages.
bugfix for recently added myproxy_get_storage_dir(): was missing () on function call
merged changes between MYPROXY_2_0 and MYPROXY_2_0-CA-branch-done to MYPROXY_2_2-branch
add myproxy_get_storage_dir(), used by certauth_extensions.c
*** empty log message ***
in myproxy_creds_delete(), give a better error message ("Credentials do not exist.") on ENOENT
removed fixed length buffers in protocol handling code, to efficiently and correctly handle messages of different sizes
- move string funcs to string_funcs.[ch] where we can re-use them - fix bug where we always skipped the last trusted_cert in the list
use fprintf(file, "%s", buf) instead of fprintf(file, buf) in case buf has some escape characters (fix in new code, not yet released)
Client-side support for trusted certificates directory download. This code still has a bug somewhere in regards to memory allocation as it is segfaulting when writing files out to ~/.globus/certificates.
fix bugs in myproxy_get_certs(): - ignore "." and ".." in directory listing - pass full pathname to buffer_from_file()
added myproxy_certs_free() and myproxy_get_certs() for trusted certificates directory
Changes made to handle slave server failure.
Corrections based on testing of myproxy-store and myproxy-retrieve.
initialize local variables, particularly pointers, for safety
Changes made to support store and retrieve of end entity credentials. Changes made to: gsi_socket.c gsi_socket.h myproxy.c myproxy_creds.c myproxy_creds.h myproxy_protocol.h myproxy_server.c Added: myproxy_get_credential.c and myproxy_store.c
do O_CREAT open() with unlink() and O_EXCL instead of O_TRUNC so we're sure to set the requested mode on the newly created file.
accept empty pass phrases in myproxy_creds_change_passphrase for unencrypted private keys
- add myproxy_creds_verify_passphrase() to have passphrase logic in one place. we verify the passphrase by either trying to decrypt the key (new method) or comparing with the stashed crypted passphrase (for backward compat) - don't write out crypted passphrase anymore. we can check the passphrase by trying to decrypt the private key (new method)
oops. in myproxy_print_cred_info(), print to the FILE *arg, not always to stdout.
replace crypt() calls with des_crypt() for portability to OpenSSL 0.9.7
remove unused variable
bugfix: hash usernames containing '/' in myproxy_creds_retrieve_all()
add support for administratively locked credentials via myproxy-admin-query
in myproxy_admin_retrieve_all(), interpret a credname of "" to be a query for the default credential only
- do ssl_proxy_file_destroy() instead of unlink() on cred files - in myproxy_admin_retrieve_all(), support more query options: - query by credname - query by start_time and/or end_time
replace getuid() with geteuid() to support setuid executables
removed duplicate copy_file()
myproxy-admin branch merged to trunk (from myproxy-admin-branch-merge-point)
changes to myproxy_admin_retrieve_all(): - call check_storage_directory() to make sure storage_dir is non-NULL - replace goto with if statement - minor memory-management cleanup
move most #includes to myproxy_common.h for ease of porting
minor improvements on error messages regarding storage directory permissions
arq complete. acpp almost done.
don't need <sys/dir.h>
myproxy-change-pass-phrase command added to trunk merged from Chetan's change-pass-phrase branch
myproxy-cp completed, tested and PROTOCOL file updated
- minor change to storage directory search rules: - use /var/myproxy if it exists, else - use $GLOBUS_LOCATION/var/myproxy if it exists, else - mkdir(/var/myproxy) and use that if possible, else - mkdir($GLOBUS_LOCATION/var/myproxy) and use that if possible - myproxy_set_storage_dir() now returns int - add myproxy_check_storage_dir() so the server can check the storage dir immediately on startup before an actual request comes in
removed unused variable declaration
specifically check for ENOENT errno for nonexistent credentials and return a more descriptive error message in that case
removed myproxy-init -force feature. it seemed like a good idea at the time but now I think it's going to cause more inconvenience than it's worth.
- removed force_credential_overwrite from struct myproxy_creds and instead made it a second argument to myproxy_creds_store() - bugfix: don't reset credname in myproxy_creds_retrieve() but let read_data_file() set it - some reformatting - in myproxy_creds_delete(), no need to call read_data_file()
in myproxy_creds_retrieve(), explicitly (re-)set username, credname, and location in credential structure
sterilize credential name before using it in a filename
some cleanup work on this module: - removed myproxy_creds_fetch_entry(), as it basically does the same thing as myproxy_creds_retrieve() - added myproxy_creds_retrieve_all(), which returns a list of credentials, to replace myproxy-creds_info(), which filled in the server's response structure; better to not have this module depend directly on the server code
#include <dirent.h> to get MAXPATHLEN and alphasort() definitions from system header files rather than defining them here
replace C++-style // comments with old C-style /* */ comments for portability
removed union from myproxy_response_t struct because it makes it unweildy to reference elements in the struct; I'd rather waste a few bytes and have more readable code
removed tests for MULTICRED_FEATURE: always build the MULTICRED_FEATURE code
- no longer use sslutil.h since sslutils.h is gone in GT 2.2 - remove some unused variables - #include "myproxy_log.h" for prototypes
Bug fix - 2. force_credential_overwrite fixed in myproxy_creds_store
bug fix - 1
- removed some unused MULTICRED_FEATURE code - initialize creds structure in read_data_file() before filling it in, in case the structure has some old values in it - removed some unneeded memsets() on myproxy_creds structures that are initialized at declaration - removed unused myproxy_creds structure in myproxy_creds_info() - updated myproxy_creds_free_contents() to free members recently added to the structure and cleaned up the code a bit
- in write_data_file(), only write NAME if one is set - initialize myproxy_creds structures with 0s
Remove default credential name, description, retriever, and renewer strings. NULL indicates the default. We don't need separate strings for it.
removed initialization of unused myproxy_creds field restrictions
- segv fix: some confusion between retrievers and renewers variables - some code reformatting
modify signature of function passed to scandir(3) to agree with its signature
Everything working fine. Merged onto the main trunk
Finished changes to the protocol. New version uses file system database and is compatible with the previous version
Multiple credentials per user implemented with the file system backend
merging MYPROXY_0_4_2-gpt-branch (at MYPROXY_0_4_2-gpt-branch-done) to trunk
don't check storage_dir before calling check_storage_directory() because check_storage_directory() can now create the directory and set storage_dir
don't compile in storage directory location; based it off $GLOBUS_LOCATION by default instead
minor error correcting
myodbc support working
fixing minor bugs - 1
MyODBC thru IODBC
IODBC properly integrated
Disabling multicred-feature fully supported and tested. Updated INSTALL
Can disable multiple credentials per user feature
myproxy-destroy works with database. error handling done
Error handling done CVSr ----------------------------------------------------------------------
Stores and retrieves credentials from database
Restore - 1
Records are sent back to client
patch from Dan Kouril: - store creds in MYPROXY_SERVER_STORE_DIR, as defined by configure
myproxy-info retrieves info from database
*** empty log message ***
supports forced database write
merging changes from trunk to multicred-branch
myproxy-init supports command line args for specifying credential name and description. myproxy-server writes to database
Database support enabled
contributed by Daniel Kouril <firstname.lastname@example.org>: - add myproxy-info command - add --with-myproxy-server-etc-path and --with-myproxy-server-store-path configure switches
merging MYPROXY_0_4_2-per-cred-auth-branch to trunk
Phase 1: Retriever and renewer DNS implementation complete
Retrievers and Renewers complete Default retrievers and renewers added Anonymous retrievers and renewers added Fully tested and is functional Date: Feb. 20, 2002
Committed on Feb 18th at 10:31 AM Retrieval half-way through. Renewal to be done
get md5.h from sslutil.h, which knows which version to use
in case existing usernames are longer than 8 chars on upgrade, only hash usernames that actually contain a '/' to support DNs as usernames but allow backwards compatibility
need to include <md5global.h> before <md5.h> in Globus Grid API 2.0 beta
patch from Dan Kouril to resurrect username hashing, this time only for usernames longer than 8 chars, for backwards compatibility
removed redundant authorization code; all authorization checking happens in myproxy_server.c and myproxy_authorization.c now
added myproxy_creds_fetch_entry() from MYPROXY_0_2alpha3-datagrid-branch
- memory leak fix from datagrid-branch - set storage dir from command line (patch from datagrid-branch)
patches from Daniel Kouril <email@example.com> and Miroslav Ruda <firstname.lastname@example.org> for the Datagrid project
* gsi_socket.c, gsi_socket_test.c, myproxy.c, myproxy_creds.c, myproxy_server.c, myproxy_server_config.c: Replaced snprintf() calles with functions from string_func.c because of snprintf() being non-existant on Solaris 2.5.1 boxes and behavioral differences in return value between gnu libc and solaris implementations. * myproxy.c: Added encode_command(), encode_response() and encode_lifetime() functions.
Removed warnings: -added proto for crypt() -Removed some unused variables.
Check to make sure a user owns a set of credentials before allowing them to overwrite them.
added Ben Temko's changes to encrypt the password stored in <user>.data using crypt()
added <stdlib.h> to list of headers
Added MYPROXY_SERVER_DIR definition with intent to eventually make it a configure option. Spiffed up some of the logging.
Bug fix to allow reading of credentials data file.
Couple of bug fixes to get myproxy_creds_store() working.
Updated code to match description in header file.
All the code written and compiling, still not debugged.
myproxy_creds interface for storage/retrieval of user credentials. Still non-functional, but API should be firm.
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, select a symbolic revision name using the selection box, or choose 'Use Text Field' and enter a numeric revision.
|Powered by ViewVC 1.0.1|