Skip to content
This repository has been archived by the owner on Dec 15, 2020. It is now read-only.

Releases: scitokens/xrootd-scitokens

Bug Fix for allowed issuers

06 Aug 14:59
@djw8605 djw8605
v1.2.2
b54b536
This commit was signed with the committer’s verified signature.
djw8605 Derek Weitzel
GPG key ID: E81016349F44B760
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Bug Fix for allowed issuers Latest
Latest

This is a bug fix for features discovered when testing on EL8.

  • Fix vector resize for new el8 behavior #30
  • Fix allowed issuers when sending them to JWT deserialize #31
Assets 2
Loading

Update library version to depend on XRootD version

02 Jul 17:02
@djw8605 djw8605
v1.2.1
026a602
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Update library version to depend on XRootD version 
Merge pull request #28 from ddavila0/patch-2

Fix versioning and change requirements to allow RCs
Loading

Security Update

26 Mar 16:35
@djw8605 djw8605
v1.2.0
124062e
This commit was signed with the committer’s verified signature.
djw8605 Derek Weitzel
GPG key ID: E81016349F44B760
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Security Update

This release fixes a security issue when parsing scitokens.

Summary:

The xrootd-scitokens plugin v1.1.0 (and earlier) contains an authorization logic error that permits both read and write access to files when the user’s token authorizes only read or write permission.

Impact:

An authorized user with a valid token granting read access to files also obtains write access to those files (and vice versa). The impact does not apply to typical xrootd-scitokens deployment scenarios: (a) read-only filesystems (e.g., accessing caches) or (b) where both read and write permissions are granted for all generated tokens (e.g., OSG-Connect).

Recommendation:

Update to xrootd-scitokens plugin v1.2 (or later) and restart of xrootd is recommended.

Loading

Passthrough of Scitokens Auth

16 Jan 17:07
@djw8605 djw8605
v1.1.0
805115d
This commit was signed with the committer’s verified signature.
djw8605 Derek Weitzel
GPG key ID: E81016349F44B760
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Passthrough of Scitokens Auth

If the scitokens authorization fails, pass through the credentials to the next method in the chain (if there is one).

Loading

Rewrite for SciTokens C API

16 May 17:35
@djw8605 djw8605
v1.0.0
5e205b6
This commit was signed with the committer’s verified signature.
djw8605 Derek Weitzel
GPG key ID: E81016349F44B760
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Rewrite for SciTokens C API

In this release, we switched the SciTokens integration from the Python API to with the SciTokens C API.

Loading

Flexible Authorization Handling

23 Mar 18:53
@djw8605 djw8605
v0.5.0
502c634
Compare
Choose a tag to compare
Flexible Authorization Handling

In this release, we significantly improve the authorization handling with the following three features:

  • base_path can now take a comma-separated list of paths, allowing a single issuer to cover multiple parts of the filesystem namespace.
  • restricted_path was introduced. This option restricts the paths the issuer is allowed to issue authorizations for within its base area(s). It is intended to ease the migrations to a SciTokens-based setup for existing storages where multiple groups share a same base area.
  • default_user was introduced. This provides the ability to set the username in the credential for requests that pass the scitokens authorization. It allows the sysadmin to map the filesystem access of an issuer to a specific Unix username.
Loading