| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
* Function names should be at the beginning of lines in definitions.
* Changes should not create lines >79 characters.
* Continuation lines should align after left parens when appropriate.
Also, krb5_gss_accept_sec_context_ext and acquire_accept_cred are
not gss mechanism functions and should not have been tagged.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25116 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
<unistd.h> with #ifdef HAVE_UNISTD_H in g_authorize_localname.c
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25087 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24877 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
gss_import_sec_context in some error paths.
ticket: 6678
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23834 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23457 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
egregious formatting quirks. Add emacs mode settings to flag
untabified source files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20876 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add several new gcc warning flags, used in the KfM build process.
Put declarations before code.
Fix a bunch of signed/unsigned type mixes, mostly by changing variable
types to unsigned int.
Fix constness in handling name of default ccache name.
Make sure functions get declared with prototypes:
krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt
krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get.
Don't shadow global names: stat accept index open encrypt. Fix
variable shadowing in LDAP ASN.1 support.
Don't define unused krb5int_local_addresses.
Don't export internal krb5_change_set_password.
Fix error return indications from gssint_oid_to_mech.
Create and use k5-gmt_mktime.h to provide one global declaration of
krb5int_gmt_mktime, needed before we've generated krb5.h on some
platforms.
Not incorporated from initial patch: const changes in function
signatures.
ticket: 6096
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20317 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Save detailed error messages (usually from the krb5 library) in
per-thread storage, mapping each error code to the most recently
produced message for it. Return the message from display_status.
Currently not implemented for a few cases where the krb5 mechanism
returns a minor status code of 0, or another value different from the
libkrb5 error code.
Other functions are available to store a generic string or formatted
message, but aren't used much at present.
Tested with these errors in context establishment:
* missing ccache (libkrb5 shows pathname if FILE: type)
* missing keytab (libkrb5 shows pathname if FILE: type)
* server principal unknown (libkrb5 shows server principal)
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19672 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
krb5_gss_init_context to calls to krb5_gss_init_context.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18015 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_context
* import_sec_context.c: krb5_gss_ser_init() contains a function
pointer table. this table must use pointers to functions of
type KRB5_CALLCONV.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16244 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
instead of requiring it be passed in as an argument.
* k5unseal.c (kg_unseal): Likewise.
* gssapiP_krb5.h (kg_seal, kg_unseal): Declarations updated.
* delete_sec_context.c, process_context_token.c, seal.c, sign.c, unseal.c,
verify.c: Callers changed.
* inq_context.c (krb5_gss_inquire_context): Use krb5 context contained in
security context instead of calling kg_get_context.
* wrap_size_limit.c (krb5_gss_wrap_size_limit): Likewise.
* import_sec_context.c (krb5_gss_ser_init): New function.
(krb5_gss_import_sec_context): Create a krb5 context locally to use for the
import.
* export_sec_context.c (krb5_gss_export_sec_context): Use the krb5 context in
the security context.
* gssapiP_krb5.h (krb5_gss_ser_init): Declare.
* gssapi_krb5.c (kg_get_context): Don't call krb5 serialization initialization
code here.
* accept_sec_context.c (krb5_gss_accept_sec_context): Free the new krb5 context
in an error case not caught before.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16171 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
FAR/NEAR specs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13786 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
variable set but never used.
* ser_sctx.c (kg_queue_internalize): Ditto
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13640 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
init_sec_context.c inq_cred.c: Cast const gss_OID to gss_OID for
gssapi functions which are not speced with const in the RFC.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13360 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
all three mechanism ID's recognized by this implementation, with the
RFC1964 OID first (and thus preferred).
import_sec_context.c (krb5_gss_convert_static_mech_oid): Make the old
convert_static_oid() function globally accessible with a namespace
compliant name, since init_sec_context() needs to be able to use this
function.
indicate_mechs.c (krb5_gss_indicate_mechs): Return the v1v2 mechanism
set OID, since we should return all the mechanisms that we support.
init_sec_context.c (krb5_gss_init_sec_context): Make ctx->mech_used
use a static OID, since it is returned by gss_inquire_context which
must return a static OID.
wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix bug where we would
overestimate the size of the allowable input message by one byte,
because we weren't passing the right estimate of the wrapped data to
g_token_size().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11315 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
accept_sec_context.c (krb5_gss_accept_sec_context): Don't return an
error token if we can't provide the server name to the KRB5 error
structure (because cred isn't initialized).
gssapi_krb5.c, gssapi_krb5.h: Export the oid of static arrays as
krb5_gss_oid_array since it's needed by gss_import_sec_context.
import_sec_context.c: Fix up the OID of the mechanism in the imported
security context so that we use the static OID if at all possible.
This is needed since gss_inquire_context() must return a static OID.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10618 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
OV_MERGE branches. This includes, but is not limited to, the new openvision
admin system, and major changes to gssapi to add functionality, and bring
the implementation in line with rfc1964. before committing, the
code was built and tested for netbsd and solaris.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8774 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
instead of in export and import security context. This will speed
things up a little.
export_sec_context.c (krb5_gss_export_sec_context):
import_sec_context.c (krb5_gss_import_sec_context): Don't create
a serialization context just for importing/exporting credentials.
Use the passed-in gssapi context. This speeds things up
significantly. Assume the serializers are initialized in
krb5_gss_get_context.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7582 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
shadow parameter ctx.
* inq_context.c (krb5_gss_inquire_context): Do not shadow
parameter ctx.
The variable ctx was used both as an argument to the function (and put
into the variabel context) and declared as a local variable.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7521 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
their first argument, instead of a krb5_context. Makes for a cleaner
interface to the mechanism glue layer.
k5mech.c (krb5_gss_initialize): Call name-type/mechanism registration
function so that mechanism glue layer knows whether or not a name
needs to be lazy evaluated or not.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7514 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gssapiP_krb5.h: Remove context and cred from the gssapi security
context, as they aren't needed. kg_seal and kg_unseal now take a
krb5_context argument.
ser_sctx.c (kg_ctx_size, kg_ctx_externalize, kg_ctx_internalize): No
longer serialize the context and cred fields of the gssapi security
context.
krb5_gss_glue.c: Don't rely on the context field of the gssapi
security context. Use kg_context instead.
verify.c (krb5_gss_verify, krb5_gss_verify_mic):
unseal.c (krb5_gss_unwrap, krb5_gss_unseal):
sign.c (krb5_gss_sign, krb5_gss_get_mic):
seal.c (krb5_gss_seal, krb5_gss_wrap):
process_context_token.c (krb5_gss_process_context_token):
k5unseal.c (kg_unseal):
k5seal.c (kg_seal_size): Add a krb5_context argument to this function,
so we don't have to depend on the context field in the gssapi
security context.
init_sec_context.c (krb5_gss_init_sec_context): Don't initialize the
context and cred fields in the gssapi security context. Copy
ctx->subkey to ctx->seq.key, so they are separately allocated.
gssapi_krb5.c (kg_get_context): When initialize kg_context, call
krb5_init_ets() so that the error tables are initialized.
export_sec_context.c (krb5_gss_export_sec_context): Don't depend on
the context field from the gssapi security context. Free
ctx->seq.key.
delete_sec_context.c (krb5_gss_delete_sec_context): kg_seal() now
takes a krb5_context argument. Free ctx->seq.key.
acquire_cred.c (krb5_gss_acquire_cred): Clear the gssapi credential
before setting it, to prevent purify from complaining.
accept_sec_context.c (krb5_gss_accept_sec_context): Remove context and
cred from the gssapi security context. Make sure the ticket is freed
after we're done with it.
import_sec_context.c (krb5_gss_import_sec_context): Don't bash the
input interprocess_token. Otherwise, it can't be freed. Don't
depend on the context field in the gss security context.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6798 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6625 dc483132-0cff-0310-8789-dd5450dbe970
|