summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-281-1/+2
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-282-2/+18
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a cleanup handler in the store_creds code; krb5_cc_close doesn'tGreg Hudson2009-12-171-2/+2
| | | | | | handle NULL arguments, so we have to check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23480 dc483132-0cff-0310-8789-dd5450dbe970
* Add GSS extensions to store credentials, generate random bitsGreg Hudson2009-12-176-1/+354
| | | | | | | | | Merge /users/lhoward/gssextras-no-cqa to trunk. Adds gss_pseudo_random and gss_store_cred. ticket: 6597 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23479 dc483132-0cff-0310-8789-dd5450dbe970
* Mark and reindent lib/gssapi, with some exceptionsTom Yu2009-12-0848-269/+269
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23457 dc483132-0cff-0310-8789-dd5450dbe970
* ReindentZhanna Tsitkov2009-11-301-35/+26
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23393 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the non-iov entry point introduced in r23378, since it's easyGreg Hudson2009-11-291-5/+6
| | | | | | | | to use the iov entry point at both call sites. Rename the iov entry point to remove the "_iov" suffix since it's no longer needed to disambiguate. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23381 dc483132-0cff-0310-8789-dd5450dbe970
* Create functional internal interfaces to allow GSSAPI to performGreg Hudson2009-11-282-125/+21
| | | | | | | | arcfour encryption of GSS tokens. This factors out derivation of the usage and encryption keys, and removes the need for the provider structures to be visible to all of krb5 via k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23378 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_key versions of the auth context key accessors, and use themGreg Hudson2009-11-271-29/+12
| | | | | | to simplify the gss-krb5 code a little bit. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23372 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-222-486/+524
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-317-7/+0
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Bump the accessor version number since we made changes.Greg Hudson2009-10-283-20/+21
| | | | | | | | Take the opportunity to regularize accessor field names (no krb5 or krb5int prefixes). Fix a test program which was still using krb5_hmac. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23081 dc483132-0cff-0310-8789-dd5450dbe970
* Replace krb5_ with krb5Int_ prefix for non-API functionsZhanna Tsitkov2009-10-281-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23079 dc483132-0cff-0310-8789-dd5450dbe970
* Reformat function definition headers in gss-krb5's util_crypt.c toGreg Hudson2009-10-251-98/+48
| | | | | | meet coding standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23039 dc483132-0cff-0310-8789-dd5450dbe970
* Comment out empty definition of krb5_gss_set_sec_context_option_ops and itsLuke Howard2009-10-231-0/+4
| | | | | | usage, because ISO C apparently forbids empty array initializers git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23002 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure that a GSS_C_BOTH acquired for GSS_C_NO_NAME still passesLuke Howard2009-10-223-1/+3
| | | | | | | | a NULL server principal to krb5_rd_req(). Without this the name canonicalisation support in 1.7 was broken for GSS_C_BOTH credentials, because cred->name would always be set. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22973 dc483132-0cff-0310-8789-dd5450dbe970
* Make some gss-krb5 utility functions take enctypes instead of keys,Greg Hudson2009-10-208-38/+44
| | | | | | | | and adjust callers. Fixes a bug where kg_arcfour_docrypt_iov was passing a keyblock instead of a key to kg_translate_iov after the enc-perf merge. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22956 dc483132-0cff-0310-8789-dd5450dbe970
* use ANSI prototypes for acquire_XXX_cred, and fix cast to calling ↵Luke Howard2009-10-201-14/+13
| | | | | | acquire_accept_cred() git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22955 dc483132-0cff-0310-8789-dd5450dbe970
* Implement new APIs to allow improved crypto performanceGreg Hudson2009-10-1918-196/+260
| | | | | | | | | | | Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the krb5_k_* APIs to use them, and caching of derived keys when krb5_k_* functions are used. Updates the krb5 auth context and GSS id-rec to use krb5_keys. ticket: 6576 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944 dc483132-0cff-0310-8789-dd5450dbe970
* Move destest to builtin/des, because it depends on overriding someTom Yu2009-10-101-283/+308
| | | | | | | | internals. Make depend. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
* Implement GSS naming extensions and authdata verificationGreg Hudson2009-10-0921-217/+1190
| | | | | | | | | Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming extensions and verification of authorization data. ticket: 6572 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up warnings of unused variables that have crept into the source tree..Ezra Peisach2009-09-201-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22779 dc483132-0cff-0310-8789-dd5450dbe970
* Re-run make depend without autoconf.h in the source treeGreg Hudson2009-09-161-432/+421
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj.: Move prf and random-to-key ops from backend to krbZhanna Tsitkov2009-09-161-410/+435
| | | | | | bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769 dc483132-0cff-0310-8789-dd5450dbe970
* Implement s4u extensionsGreg Hudson2009-09-1310-53/+543
| | | | | | | | | Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
* Fix parsing of GSS exported namesGreg Hudson2009-09-111-4/+18
| | | | | | | | | | Cherry-picked from Luke's authdata branch. ticket: 6559 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22732 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak in gss_krb5int_copy_ccacheGreg Hudson2009-09-091-1/+4
| | | | | | | | | | | gss_krb5int_copy_ccache was iterating over credentials in a ccache without freeing them. ticket: 6558 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22718 dc483132-0cff-0310-8789-dd5450dbe970
* Get "make depend" to work in an unbuilt source tree, since bad depsGreg Hudson2009-08-031-1/+1
| | | | | | | | files can make it difficult to build the tree. To do this, make the depends target depend on generated header files and on header file copies or links into the main include directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22486 dc483132-0cff-0310-8789-dd5450dbe970
* Copy the sequence key rather than the subkey for lucid contexts in RFCSam Hartman2009-05-181-1/+1
| | | | | | | | | | | 1964 mode, so that we map to raw des enctypes rather than say des-cbc-crc. ticket: 6488 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22354 dc483132-0cff-0310-8789-dd5450dbe970
* Document use of key fields in GSS contextSam Hartman2009-05-181-6/+11
| | | | | | | | The addition of etype negotiation has made the meanings of the various keys in the GSS-API context structure more complicated. Document them to aid in code understanding. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22353 dc483132-0cff-0310-8789-dd5450dbe970
* Add IOV_SHIM_EXERCISE_WRAP and IOV_SHIM_EXERCISE_UNWRAP conditionalsTom Yu2009-05-141-2/+5
| | | | | | | | | to allow finer-grained testing. ticket: 6487 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22352 dc483132-0cff-0310-8789-dd5450dbe970
* gss_krb5int_export_lucid_sec_context was erroneously copying the firstGreg Hudson2009-05-141-1/+1
| | | | | | | | | | | | sizeof(void *) bytes of the context into data_set, instead of the pointer to the context. ticket: 6488 status: open tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22351 dc483132-0cff-0310-8789-dd5450dbe970
* Using a patch from Apple, add support for GSS_C_DELEG_POLICY_FLAG,Greg Hudson2009-04-081-1/+10
| | | | | | | | | | | which requests delegation only if the ok-as-delegate ticket flag is set. ticket: 6203 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22185 dc483132-0cff-0310-8789-dd5450dbe970
* Better fix: Delay setting 'outbuf' until after the header buffer mightKen Raeburn2009-03-121-3/+2
| | | | | | | | | | have been allocated locally, and set it in both code paths instead of just the confidentiality-requested code path. ticket: 6412 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22082 dc483132-0cff-0310-8789-dd5450dbe970
* crash using library-allocated storage for header in wrap_iovKen Raeburn2009-03-121-2/+3
| | | | | | | | | | | When allocating storage for the header buffer, update the internal output buffer pointer as well. ticket: 6412 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22081 dc483132-0cff-0310-8789-dd5450dbe970
* Include authenticator and ticket authdata in gss-apiSam Hartman2009-02-261-2/+2
| | | | | | | | | | | | | | | Currently, the GSS-API routines for handling authdata only extract the authorization data from the ticket, not that from the authenticator. This is incorrect. Introduce a new function krb5_merge_authadata to merge two authdata arrays into a newly allocated result array. Use this function in accept_sec_context.c to include both sets of authdata. ticket: 6400 Target_version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22056 dc483132-0cff-0310-8789-dd5450dbe970
* Don't apply 'const' twice. Make kg_arcfour_l40 staticKen Raeburn2009-02-121-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21987 dc483132-0cff-0310-8789-dd5450dbe970
* remove some redundant or useless qualifiersKen Raeburn2009-02-061-24/+24
| | | | | | | | | | | Remove some redundant qualifiers specified redundantly multiple times more than once in variable declarations. Also remove some useless qualifiers in casts and function argument declarations. ticket: 6373 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21903 dc483132-0cff-0310-8789-dd5450dbe970
* int/ptr bug in gssapi codeKen Raeburn2009-02-051-1/+1
| | | | | | | | | | | | Fix a pointer argument passed where an integer is needed. Update Sun compiler options to make that an error. (The options we're currently using make it an error for assignment but not for argument passing.) ticket: 6363 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21887 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-022-9/+9
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* TWRITE_STR casts second argument; don't add redundant castingKen Raeburn2009-02-021-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21874 dc483132-0cff-0310-8789-dd5450dbe970
* explicitly initialize pointer fields after memset (for coverity)Ken Raeburn2009-02-021-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21861 dc483132-0cff-0310-8789-dd5450dbe970
* gss_header|trailerlen should be unsigned intSam Hartman2009-01-261-9/+9
| | | | | | | | | The krb5_c_crypto_length API returns unsigned int per its design. so, use unsigned int not size_t for its output. ticket: 6351 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21799 dc483132-0cff-0310-8789-dd5450dbe970
* Use 16/32-bit big/little-endian store functions in more placesKen Raeburn2009-01-266-44/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21796 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some null checks in cases where pointers can't be nullGreg Hudson2009-01-232-7/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21790 dc483132-0cff-0310-8789-dd5450dbe970
* fix trailing whitespaceTom Yu2009-01-229-28/+24
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21779 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceTom Yu2009-01-2229-1711/+1711
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21778 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke: fix error return of krb5_gss_use_kdc_contextGreg Hudson2009-01-211-1/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21768 dc483132-0cff-0310-8789-dd5450dbe970
* patch from Luke - minor cleanupKen Raeburn2009-01-173-10/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21761 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke Howard to:Sam Hartman2009-01-136-60/+180
| | | | | | | | | | * Accept both CFX and non-CFX tokens all the time on acceptor * Only produce an acceptor subkey if you are using cfx or dce or negotiating up to cfx Additional changes from Sam Hartman: * do not assume that the ticket key type (server key) is a valid target for negotiation: the client may not support it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21742 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 08:08:08 +0000