summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/krb5/import_sec_context.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix style issues in r25087Greg Hudson2011-08-291-2/+2
| | | | | | | | | | | * Function names should be at the beginning of lines in definitions. * Changes should not create lines >79 characters. * Continuation lines should align after left parens when appropriate. Also, krb5_gss_accept_sec_context_ext and acquire_accept_cred are not gss mechanism functions and should not have been tagged. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25116 dc483132-0cff-0310-8789-dd5450dbe970
* Use KRB5_CALLCONV for all gss mechanism functions. Also wrap #include ↵Sam Hartman2011-08-091-1/+1
| | | | | | | | | <unistd.h> with #ifdef HAVE_UNISTD_H in g_authorize_localname.c Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25087 dc483132-0cff-0310-8789-dd5450dbe970
* Remove pointer validation code from the gss krb5 mechGreg Hudson2011-04-131-7/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24877 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-091-6/+1
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Arlene Berry to not use freed memory inTom Yu2010-03-231-1/+2
| | | | | | | | | | gss_import_sec_context in some error paths. ticket: 6678 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23834 dc483132-0cff-0310-8789-dd5450dbe970
* Mark and reindent lib/gssapi, with some exceptionsTom Yu2009-12-081-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23457 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* Untabify. Normalize whitespace. Reindent. Fix some of the mostTom Yu2008-10-151-39/+40
| | | | | | | egregious formatting quirks. Add emacs mode settings to flag untabified source files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20876 dc483132-0cff-0310-8789-dd5450dbe970
* Based on patch from lxs, with some changes:Ken Raeburn2008-08-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add several new gcc warning flags, used in the KfM build process. Put declarations before code. Fix a bunch of signed/unsigned type mixes, mostly by changing variable types to unsigned int. Fix constness in handling name of default ccache name. Make sure functions get declared with prototypes: krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get. Don't shadow global names: stat accept index open encrypt. Fix variable shadowing in LDAP ASN.1 support. Don't define unused krb5int_local_addresses. Don't export internal krb5_change_set_password. Fix error return indications from gssint_oid_to_mech. Create and use k5-gmt_mktime.h to provide one global declaration of krb5int_gmt_mktime, needed before we've generated krb5.h on some platforms. Not incorporated from initial patch: const changes in function signatures. ticket: 6096 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970
* Free context after use, not beforeKen Raeburn2008-05-151-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20317 dc483132-0cff-0310-8789-dd5450dbe970
* gss krb5 mech enhanced error messagesKen Raeburn2007-07-041-1/+3
| | | | | | | | | | | | | | | | | | | | | | Save detailed error messages (usually from the krb5 library) in per-thread storage, mapping each error code to the most recently produced message for it. Return the message from display_status. Currently not implemented for a few cases where the krb5 mechanism returns a minor status code of 0, or another value different from the libkrb5 error code. Other functions are available to store a generic string or formatted message, but aren't used much at present. Tested with these errors in context establishment: * missing ccache (libkrb5 shows pathname if FILE: type) * missing keytab (libkrb5 shows pathname if FILE: type) * server principal unknown (libkrb5 shows server principal) ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19672 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5_init_context macro hack; change all the calls except inKen Raeburn2006-05-171-1/+1
| | | | | | krb5_gss_init_context to calls to krb5_gss_init_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18015 dc483132-0cff-0310-8789-dd5450dbe970
* * k5unseal.c: gss_krb5int_unseal_token_v3() takes a pointer toJeffrey Altman2004-04-131-1/+1
| | | | | | | | | | | krb5_context * import_sec_context.c: krb5_gss_ser_init() contains a function pointer table. this table must use pointers to functions of type KRB5_CALLCONV. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16244 dc483132-0cff-0310-8789-dd5450dbe970
* * k5seal.c (kg_seal): Extract the krb5 context from the security contextKen Raeburn2004-03-151-6/+37
| | | | | | | | | | | | | | | | | | | | | | | | | instead of requiring it be passed in as an argument. * k5unseal.c (kg_unseal): Likewise. * gssapiP_krb5.h (kg_seal, kg_unseal): Declarations updated. * delete_sec_context.c, process_context_token.c, seal.c, sign.c, unseal.c, verify.c: Callers changed. * inq_context.c (krb5_gss_inquire_context): Use krb5 context contained in security context instead of calling kg_get_context. * wrap_size_limit.c (krb5_gss_wrap_size_limit): Likewise. * import_sec_context.c (krb5_gss_ser_init): New function. (krb5_gss_import_sec_context): Create a krb5 context locally to use for the import. * export_sec_context.c (krb5_gss_export_sec_context): Use the krb5 context in the security context. * gssapiP_krb5.h (krb5_gss_ser_init): Declare. * gssapi_krb5.c (kg_get_context): Don't call krb5 serialization initialization code here. * accept_sec_context.c (krb5_gss_accept_sec_context): Free the new krb5 context in an error case not caught before. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16171 dc483132-0cff-0310-8789-dd5450dbe970
* Danilo also says we can get rid of _MSDOS (Win16) tests, and explicit ↵Ken Raeburn2001-10-061-1/+1
| | | | | | FAR/NEAR specs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13786 dc483132-0cff-0310-8789-dd5450dbe970
* * import_sec_context.c (krb5_gss_import_sec_context): Get rid ofEzra Peisach2001-07-251-2/+0
| | | | | | | variable set but never used. * ser_sctx.c (kg_queue_internalize): Ditto git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13640 dc483132-0cff-0310-8789-dd5450dbe970
* * accept_sec_context.c acquire_cred.c import_sec_context.cEzra Peisach2001-06-181-1/+1
| | | | | | | init_sec_context.c inq_cred.c: Cast const gss_OID to gss_OID for gssapi functions which are not speced with const in the RFC. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13360 dc483132-0cff-0310-8789-dd5450dbe970
* copyright notice updates from 1.1 branchKen Raeburn1999-09-241-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
* gssapi_krb5.c: Rearrange OID's so that the V1V2 mechanism set returnsTheodore Tso1999-03-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | all three mechanism ID's recognized by this implementation, with the RFC1964 OID first (and thus preferred). import_sec_context.c (krb5_gss_convert_static_mech_oid): Make the old convert_static_oid() function globally accessible with a namespace compliant name, since init_sec_context() needs to be able to use this function. indicate_mechs.c (krb5_gss_indicate_mechs): Return the v1v2 mechanism set OID, since we should return all the mechanisms that we support. init_sec_context.c (krb5_gss_init_sec_context): Make ctx->mech_used use a static OID, since it is returned by gss_inquire_context which must return a static OID. wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix bug where we would overestimate the size of the allowable input message by one byte, because we weren't passing the right estimate of the wrapped data to g_token_size(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11315 dc483132-0cff-0310-8789-dd5450dbe970
* k5unseal.c (kg_unseal): Clean up lint warningsTheodore Tso1998-07-021-0/+21
| | | | | | | | | | | | | | | accept_sec_context.c (krb5_gss_accept_sec_context): Don't return an error token if we can't provide the server name to the KRB5 error structure (because cred isn't initialized). gssapi_krb5.c, gssapi_krb5.h: Export the oid of static arrays as krb5_gss_oid_array since it's needed by gss_import_sec_context. import_sec_context.c: Fix up the OID of the mechanism in the imported security context so that we use the static OID if at all possible. This is needed since gss_inquire_context() must return a static OID. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10618 dc483132-0cff-0310-8789-dd5450dbe970
* this commit includes all the changes on the OV_9510_INTEGRATION andMarc Horowitz1996-07-221-34/+21
| | | | | | | | | OV_MERGE branches. This includes, but is not limited to, the new openvision admin system, and major changes to gssapi to add functionality, and bring the implementation in line with rfc1964. before committing, the code was built and tested for netbsd and solaris. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8774 dc483132-0cff-0310-8789-dd5450dbe970
* k5mech.c (krb5_gss_get_context): Initialize the serializers here,Theodore Tso1996-03-021-47/+33
| | | | | | | | | | | | | | instead of in export and import security context. This will speed things up a little. export_sec_context.c (krb5_gss_export_sec_context): import_sec_context.c (krb5_gss_import_sec_context): Don't create a serialization context just for importing/exporting credentials. Use the passed-in gssapi context. This speeds things up significantly. Assume the serializers are initialized in krb5_gss_get_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7582 dc483132-0cff-0310-8789-dd5450dbe970
* * import_sec_context.c (krb5_gss_import_sec_context): Do notEzra Peisach1996-02-241-3/+3
| | | | | | | | | | | | shadow parameter ctx. * inq_context.c (krb5_gss_inquire_context): Do not shadow parameter ctx. The variable ctx was used both as an argument to the function (and put into the variabel context) and declared as a local variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7521 dc483132-0cff-0310-8789-dd5450dbe970
* gssapiP_krb5.h: Changed most krb5 gssapi functions to take a void * asTheodore Tso1996-02-241-2/+3
| | | | | | | | | | | their first argument, instead of a krb5_context. Makes for a cleaner interface to the mechanism glue layer. k5mech.c (krb5_gss_initialize): Call name-type/mechanism registration function so that mechanism glue layer knows whether or not a name needs to be lazy evaluated or not. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7514 dc483132-0cff-0310-8789-dd5450dbe970
* Lots of memory leaks and other fixes...Theodore Tso1995-09-161-8/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | gssapiP_krb5.h: Remove context and cred from the gssapi security context, as they aren't needed. kg_seal and kg_unseal now take a krb5_context argument. ser_sctx.c (kg_ctx_size, kg_ctx_externalize, kg_ctx_internalize): No longer serialize the context and cred fields of the gssapi security context. krb5_gss_glue.c: Don't rely on the context field of the gssapi security context. Use kg_context instead. verify.c (krb5_gss_verify, krb5_gss_verify_mic): unseal.c (krb5_gss_unwrap, krb5_gss_unseal): sign.c (krb5_gss_sign, krb5_gss_get_mic): seal.c (krb5_gss_seal, krb5_gss_wrap): process_context_token.c (krb5_gss_process_context_token): k5unseal.c (kg_unseal): k5seal.c (kg_seal_size): Add a krb5_context argument to this function, so we don't have to depend on the context field in the gssapi security context. init_sec_context.c (krb5_gss_init_sec_context): Don't initialize the context and cred fields in the gssapi security context. Copy ctx->subkey to ctx->seq.key, so they are separately allocated. gssapi_krb5.c (kg_get_context): When initialize kg_context, call krb5_init_ets() so that the error tables are initialized. export_sec_context.c (krb5_gss_export_sec_context): Don't depend on the context field from the gssapi security context. Free ctx->seq.key. delete_sec_context.c (krb5_gss_delete_sec_context): kg_seal() now takes a krb5_context argument. Free ctx->seq.key. acquire_cred.c (krb5_gss_acquire_cred): Clear the gssapi credential before setting it, to prevent purify from complaining. accept_sec_context.c (krb5_gss_accept_sec_context): Remove context and cred from the gssapi security context. Make sure the ticket is freed after we're done with it. import_sec_context.c (krb5_gss_import_sec_context): Don't bash the input interprocess_token. Otherwise, it can't be freed. Don't depend on the context field in the gss security context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6798 dc483132-0cff-0310-8789-dd5450dbe970
* Add new modules to support {im,ex}port of GSSAPI contextPaul Park1995-08-291-0/+101
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6625 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-06-06 23:57:26 +0000