pcp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

pcp updates: auth

from [Nathan Scott] [Permanent Link][Original]
To: PCP <pcp@xxxxxxxxxxx>
Subject: pcp updates: auth
From: Nathan Scott <nathans@xxxxxxxxxx>
Date: Fri, 19 Jul 2013 03:40:42 -0400 (EDT)
Delivered-to: pcp@xxxxxxxxxxx
In-reply-to: <778982268.4515737.1374219554626.JavaMail.root@xxxxxxxxxx>
Reply-to: Nathan Scott <nathans@xxxxxxxxxx>
Thread-index: ++E9r/YARtSpL+wmTDGKkTUAFzKlOA==
Thread-topic: pcp updates: auth 
Changes committed to git://oss.sgi.com/pcp/pcp.git dev

 man/man1/pmcd.1                |    9 ++++
 qa/832                         |   76 +++++++++++++++++++++++++++++++++++++++++
 qa/832.out                     |   21 +++++++++++
 qa/group                       |    1 
 src/include/pcp/impl.h         |    3 +
 src/libpcp/src/auxconnect.c    |   16 +++++++-
 src/libpcp/src/auxserver.c     |   35 +++++++++++++++++-
 src/libpcp/src/check-statics   |    1 
 src/libpcp/src/connect.c       |   13 +++++--
 src/libpcp/src/context.c       |    2 -
 src/libpcp/src/err.c           |    3 +
 src/libpcp/src/secureconnect.c |    5 ++
 src/libpcp/src/secureserver.c  |   35 ++++++++++++++++--
 src/pmcd/src/config.c          |    8 ++++
 src/pmcd/src/pmcd.c            |   10 ++++-
 15 files changed, 221 insertions(+), 17 deletions(-)

commit df88a72575ef9c44148fb431062379aff55cb403
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date:   Fri Jul 19 17:37:58 2013 +1000

    Super-secure-mode for pmcd, only connections with creds allowed
    
    Adds a protocol mechanism whereby pmcd can inform clients that
    they absolutely must provide credentials (without this, its an
    optional feature; we now add a hard requirement).  This allows
    us to enter into user/pass interactions, even without the user
    requesting some form of authentication.
    
    Adds a new -S option to pmcd, for the hard-core punters who want
    to insist on creds-only (SASL-authenticated/unix-domain) socket
    connections.  If user/group ACLs are used, this mode is entered
    automatically as well, as this information is then not optional.
    
    Test qa/832 exercises this functionality.

commit 1deb050e701be3e79b2f57950468ac0920527c90
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date:   Fri Jul 19 17:27:03 2013 +1000

    Ensure we do not force unix domain sockets down the SASL path
    
    Somehow I lost this change on an earlier commit.  It removes an
    earlier (incorrect) association I made that unixsock/local attrs
    on a connection should force the authentication part of the over-
    the-wire protocol exchange to happen.  If we do that, we end up
    in SASL-land for unix domain sockets, which we do not want/need.
    
    This fixes test qa/831 once more, which spontaneously combusted
    as a result of this change going AWOL.

commit e97a7ecfcb8fc75834627f42e5de4c1441c7d21b
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date:   Fri Jul 19 17:21:11 2013 +1000

    Ensure SASL errors are easily identifiable as such
    
    Noticed SASL has one error code that maps to the impressively
    vague "generic error" message.  So that we know when errors are
    coming from libsasl, this adds an "Authentication - " prefix to
    the start of any SASL error we report via pmErrStr_r.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • pcp updates: auth, Nathan Scott <=
Previous by Date:  Re: [pcp] QA and release status, Ken McDonell
Next by Date:  pcp updates - qa/438, Ken McDonell
Previous by Thread:  QA and release status, Nathan Scott
Next by Thread:  pcp updates - qa/438, Ken McDonell
Indexes:  [Date] [Thread] [Top] [All Lists]