summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* * init_sec_context.c (make_ap_req_v1): Free checksum dataTom Yu2004-08-283-4/+14
| | | | | | | | | allocated by make_gss_checksum() to avoid leak. * k5sealv3.c (gss_krb5int_unseal_token_v3): Free plain.data after checksum is verified, to avoid leak. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16696 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (krb5_gss_acquire_cred): Call gssint_initialize_library.Ken Raeburn2004-08-262-1/+13
| | | | | | Return correct error code on mutex initialization failure. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16687 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_ccache_name): Variable deleted.Ken Raeburn2004-07-302-3/+23
| | | | | | | (kg_sync_ccache_name, kg_get_ccache_name, kg_set_ccache_name): Get and set thread-specific values instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16632 dc483132-0cff-0310-8789-dd5450dbe970
* Add a mutex to the GSSAPI krb5 mechanism credential structure. Lock it whileKen Raeburn2004-07-2911-30/+146
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | frobbing the contents. Also added krb5_gss_validate_cred_1, which is like krb5_gss_validate_cred but for internal use. It lets the caller supply the krb5_context instead of creating yet another one locally, and leaves the new credential mutex locked on a successful return so that the caller doesn't have to reacquire it. More functions should be changed to use this internally, but it's a performance issue; I don't think it's a correctness or thread-safety issue. * gssapiP_krb5.h (struct _krb5_gss_cred_id_rec): Add a mutex. (krb5_gss_validate_cred_1): Declare. * accept_sec_context.c (rd_and_store_for_creds): Initialize mutex. * acquire_cred.c (krb5_gss_acquire_cred): Initialize mutex. * add_cred.c (krb5_gss_add_cred): Create the krb5 context earlier. Call krb5_gss_validate_cred_1. Make sure the mutex is locked. * copy_ccache.c (gss_krb5_copy_ccache): Lock the mutex in the source credential. * init_sec_context.c (get_credentials, new_connection): Check that the mutex is locked. (mutual_auth): Delete unused credential argument. (krb5_gss_init_sec_context): Lock the mutex. * inq_cred.c (krb5_gss_inquire_cred): Lock the mutex. * rel_cred.c (krb5_gss_release_cred): Destroy the mutex. * set_allowable_enctypes.c (gss_krb5_set_allowable_enctypes): Lock the mutex. * val_cred.c (krb5_gss_validate_cred_1): New function. (krb5_gss_validate_cred): Use it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16630 dc483132-0cff-0310-8789-dd5450dbe970
* * set_ccache.c (gss_krb5_ccache_name): Don't make a copy of the string returnedKen Raeburn2004-07-292-29/+13
| | | | | | | by kg_get_ccache_name. Simplify some calls using a temporary error code variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16629 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_get_ccache_name): Make the copy always, not justKen Raeburn2004-07-292-16/+22
| | | | | | in the local-context case. Check for errors in making the copy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16628 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_get_ccache_name): Make a copy of the default ccache name,Ken Raeburn2004-07-282-1/+8
| | | | | | because calling krb5_free_context will destroy it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16627 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2004-07-161-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16611 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of the global krb5 context used by the GSSAPI Kerberos mechanism. IKen Raeburn2004-07-156-48/+49
| | | | | | | | | | | | | | | | | | | | *think* I've gotten all the places where a ccache or keytab name that's been stored gets applied to whichever context needs it. * gssapi_krb5.c (kg_sync_ccache_name): Add context argument instead of calling kg_get_context. (kg_get_ccache_name): Use a locally created krb5 context instead of calling kg_get_context. (kg_get_context): Deleted. * acquire_cred.c (acquire_init_cred): Pass current context. (krb5_gss_acquire_cred): Use a locally created krb5 context instead of calling kg_get_context. * add_cred.c (krb5_gss_add_cred): Call kg_sync_ccache_name. * init_sec_context.c (krb5_gss_init_sec_context): Likewise. * gssapiP_krb5.h (kg_sync_ccache_name): Update prototype. (kg_get_context): Delete declaration. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16597 dc483132-0cff-0310-8789-dd5450dbe970
* * set_ccache.c (gss_krb5_ccache_name): Check thread-specific data for the savedKen Raeburn2004-07-142-5/+30
| | | | | | "old" name to free. Save the new old name in thread-specific data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16594 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapiP_krb5.h (gssint_krb5_keytab_lock): DeclareKen Raeburn2004-07-142-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16593 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c: Include gss_libinit.h.Ken Raeburn2004-07-142-8/+43
| | | | | | | | (gssint_krb5_keytab_lock): New mutex. (krb5_gss_register_acceptor_identity, acquire_accept_cred): Lock the mutex while manipulating krb5_gss_keytab. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16590 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (LOCALINCLUDES): Add $(srcdir)/.. to the listKen Raeburn2004-07-082-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16560 dc483132-0cff-0310-8789-dd5450dbe970
* * disp_status.c: Include gss_libinit.h.Ken Raeburn2004-07-072-8/+9
| | | | | | | | (init_et): Variable deleted. (krb5_gss_display_status): Don't use init_et; instead, call gssint_initialize_library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16558 dc483132-0cff-0310-8789-dd5450dbe970
* * import_name.c (krb5_gss_import_name) [HAVE_GETPWUID_R]: Use getpwuid_rKen Raeburn2004-07-072-5/+32
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16548 dc483132-0cff-0310-8789-dd5450dbe970
* ignore generated file gssapi_krb5.hKen Raeburn2004-06-191-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16496 dc483132-0cff-0310-8789-dd5450dbe970
* oops, forgot somethingTom Yu2004-06-172-3/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16479 dc483132-0cff-0310-8789-dd5450dbe970
* * ser_sctx.c (kg_ctx_size, kg_ctx_externalize): Adjust for newTom Yu2004-06-172-1/+10
| | | | | | field cred_rcache. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16477 dc483132-0cff-0310-8789-dd5450dbe970
* ok, let's try this again..Tom Yu2004-06-164-4/+21
| | | | | | | | | | | | | | | | | * accept_sec_context.c (krb5_gss_accept_sec_context): Only null out the auth_context's rcache if it was provided by acceptor creds; this prevents a leak. * delete_sec_context.c (krb5_gss_delete_sec_context): Only null out the auth_context's rcache if it was provided by acceptor creds; this prevents a leak. * gssapiP_krb5.h (krb5_gss_ctx_id_rec): Add cred_rcache to track whether acceptor creds provided an rcache. ticket: 2600 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16465 dc483132-0cff-0310-8789-dd5450dbe970
* don't leak rcaches in accept_sec_contextTom Yu2004-06-151-1/+5
| | | | | | | | | | | | * accept_sec_context.c (krb5_gss_accept_sec_context): Don't null out rcache of auth_context prior to free if rcache was temporarily allocated; this prevents leaking rcaches. ticket: new version_reported: 1.3.4 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16453 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c (krb5_gss_init_sec_context): Fix pointerTom Yu2004-06-142-1/+7
| | | | | | | assignment when retrieving k5_context from existing context_handle. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16440 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (gssapi_krb5.h): Add Windows version of generation ruleKen Raeburn2004-06-112-0/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16432 dc483132-0cff-0310-8789-dd5450dbe970
* Install gssapi_krb5.h from build dir not srcdirSam Hartman2004-06-102-1/+4
| | | | | | | ticket: 2587 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16428 dc483132-0cff-0310-8789-dd5450dbe970
* If channel bindings are supplied to server require them to be matchedSam Hartman2004-06-092-15/+11
| | | | | | | | | | | | | | | | | | Based on discussion on kerberos@mit.edu, the decision to allow null channel bindings from a client to match even when server channel bindings are supplied is flawed. This decision assumes that we cannot get server implementations to change even though we are able to deploy a new Kerberos implementation on the server. In practice the server implementations in question have actually changed and so the only part of revision 1.54 of accept_sec_context.c we actually need is the code to ignore channel bindings if null channel bindings are passed into the server. Thus the change to allow null channel bindings from the client to match against any channel bindings on the server is backed out. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16427 dc483132-0cff-0310-8789-dd5450dbe970
* Run make dependSam Hartman2004-06-081-0/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16424 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from kwc@citi.umich.edu to supportSam Hartman2004-06-089-116/+747
| | | | | | | | | | | | gss_krb5_export_lucid_sec_context and other facilities for NFSv4 implementations. In order to apply this patch gss_krb5.h needs to be auto-generated so we can expose a 64-bit type for sequence numbers. Ticket: 2587 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16423 dc483132-0cff-0310-8789-dd5450dbe970
* updated dependenciesKen Raeburn2004-04-241-47/+42
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16269 dc483132-0cff-0310-8789-dd5450dbe970
* Added support for library initialization and finalization, and verificationKen Raeburn2004-04-242-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | that the initializer completed successfully. Delay initialization on POSIX until the first "verification" call. Currently specific to a few platforms, but should still build on others without thread support enabled. Use it to finish creating (if necessary) and destroy mutexes, and free some other storage "permanently" allocated by libraries (currently, libkrb5 cache/keytab type registries only). Change initialization of static mutexes to a two-step operation, a static "partial" initializer and a "finish_init" routine called from a thread-safe environment like library initialization is assumed to be. POSIX will use the former, Windows will use the latter, and the debug support will check that *both* have been used. Added init/fini functions to com_err, profile, krb5, and gssapi libraries. (The profile library one may need to be removed later.) The existing ones, not thread-safe, are still around. Use weak symbol support if available to figure out if the pthread library has been linked in, and avoid calling certain routines if the C library stubs are known not to exist or work. Stub declarations for thread-specific data. Minor bugfixes, whitespace changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16268 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_get_ccache_name): Don't test err while it's still known toKen Raeburn2004-04-242-32/+27
| | | | | | | be 0. (kg_set_ccache_name): Likewise. Return after an error rather than continuing. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16267 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2004-04-231-66/+104
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16261 dc483132-0cff-0310-8789-dd5450dbe970
* * k5unseal.c: gss_krb5int_unseal_token_v3() takes a pointer toJeffrey Altman2004-04-133-2/+10
| | | | | | | | | | | krb5_context * import_sec_context.c: krb5_gss_ser_init() contains a function pointer table. this table must use pointers to functions of type KRB5_CALLCONV. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16244 dc483132-0cff-0310-8789-dd5450dbe970
* * rel_cred.c (krb5_gss_release_cred): Create and destroy a local krb5 context.Ken Raeburn2004-03-214-8/+34
| | | | | | | * rel_name.c (krb5_gss_release_name): Likewise. * val_cred.c (krb5_gss_validate_cred): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16196 dc483132-0cff-0310-8789-dd5450dbe970
* log for export/import_name changes I accidentally checked in with another changeKen Raeburn2004-03-191-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16194 dc483132-0cff-0310-8789-dd5450dbe970
* back out a change I didn't mean to check inKen Raeburn2004-03-191-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16193 dc483132-0cff-0310-8789-dd5450dbe970
* acquire_cred.c: revert previous change, it breaks the test suiteKen Raeburn2004-03-195-30/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16192 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (krb5_gss_acquire_cred): Create and destroy a local krb5Ken Raeburn2004-03-199-22/+92
| | | | | | | | | | | | | | | context. * add_cred.c (krb5_gss_add_cred): Likewise. * compare_name.c (krb5_gss_compare_name): Likewise. * copy_ccache.c (gss_krb5_copy_ccache): Likewise. * disp_name.c (krb5_gss_display_name): Likewise. * duplicate_name.c (krb5_gss_duplicate_name): Likewise. * inq_cred.c (krb5_gss_inquire_cred): Likewise. * context_time.c (krb5_gss_context_time): Use the krb5 context in the GSS security context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16187 dc483132-0cff-0310-8789-dd5450dbe970
* * k5seal.c (kg_seal): Extract the krb5 context from the security contextKen Raeburn2004-03-1517-96/+109
| | | | | | | | | | | | | | | | | | | | | | | | | instead of requiring it be passed in as an argument. * k5unseal.c (kg_unseal): Likewise. * gssapiP_krb5.h (kg_seal, kg_unseal): Declarations updated. * delete_sec_context.c, process_context_token.c, seal.c, sign.c, unseal.c, verify.c: Callers changed. * inq_context.c (krb5_gss_inquire_context): Use krb5 context contained in security context instead of calling kg_get_context. * wrap_size_limit.c (krb5_gss_wrap_size_limit): Likewise. * import_sec_context.c (krb5_gss_ser_init): New function. (krb5_gss_import_sec_context): Create a krb5 context locally to use for the import. * export_sec_context.c (krb5_gss_export_sec_context): Use the krb5 context in the security context. * gssapiP_krb5.h (krb5_gss_ser_init): Declare. * gssapi_krb5.c (kg_get_context): Don't call krb5 serialization initialization code here. * accept_sec_context.c (krb5_gss_accept_sec_context): Free the new krb5 context in an error case not caught before. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16171 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Add a krb5 context object.Ken Raeburn2004-03-155-22/+72
| | | | | | | | | | | | * init_sec_context.c (krb5_gss_init_sec_context): Create a new krb5 context, and store it in the security context if successful. If there's already a security context, use the krb5 context in it. * accept_sec_context.c (krb5_gss_accept_sec_context): Create a new krb5 context, and store it in the security context if successful. * delete_sec_context.c (krb5_gss_delete_sec_context): If the security context has a krb5 context, free it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16170 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Delete fields init_token andKen Raeburn2004-03-143-65/+11
| | | | | | | | | | testing_unknown_tokid. * init_sec_context.c (new_connection): Drop support (already inside "#if 0") for them. (krb5_gss_init_sec_context): Drop support for testing_unknown_tokid. (mutual_auth): Don't let major_status be used uninitialized. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16168 dc483132-0cff-0310-8789-dd5450dbe970
* Make the set type separate from the set-element (linked list node) typeKen Raeburn2004-03-143-2/+7
| | | | | | | | | | | | | | | | | * generic/gssapiP_generic.h (g_set): New struct type. (G_SET_INIT): New macro. * generic/util_validate.c (g_save, g_validate, g_delete): Change first argument to take a g_set * rather than void **; use the address of the void pointer from the structure. (g_save_name, g_save_cred_id, g_save_ctx_id, g_validate_name, g_validate_cred_id, g_validate_ctx_id, g_delete_name, g_delete_cred_id, g_delete_ctx_id): Updated first argument type. * genericgssapiP_generic.h: Declarations updated. * krb5/gssapi_krb5.c (kg_vdb): Change type to g_set and initialize. * krb5/gssapiP_krb5.h (kg_vdb): Declaration updated. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16166 dc483132-0cff-0310-8789-dd5450dbe970
* Missing prototype for gss_krb5int_unseal_token_v3Ezra Peisach2004-03-082-0/+12
| | | | | | | | | gssapiP_krb5.h: Add prototype for gss_krb5int_unseal_token_v3. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16159 dc483132-0cff-0310-8789-dd5450dbe970
* fix typoKen Raeburn2004-03-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16143 dc483132-0cff-0310-8789-dd5450dbe970
* don't get a krb5_context for the routines that don't need itKen Raeburn2004-03-034-12/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16142 dc483132-0cff-0310-8789-dd5450dbe970
* Set context flags after calling krb5_rd_req so that the replay cache is set upSam Hartman2004-02-262-2/+8
| | | | | | | Ticket: 2284 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16129 dc483132-0cff-0310-8789-dd5450dbe970
* dependency updatesKen Raeburn2004-02-241-5/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16121 dc483132-0cff-0310-8789-dd5450dbe970
* * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation forKen Raeburn2004-02-232-6/+19
| | | | | | | | | confidential CFX tokens. ticket: 2266 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16107 dc483132-0cff-0310-8789-dd5450dbe970
* * ser_sctx.c (kg_oid_externalize): Check for errors.Ken Raeburn2004-02-102-49/+154
| | | | | | | | | | | | | | | | (kg_oid_internalize): Check for errors. Free allocated storage on error. (kg_queue_externalize): Check for errorrs. (kg_queue_internalize): Check for errors. Free allocated storage on error. (kg_ctx_size): Update for new context data. (kg_ctx_externalize): Update for new context data. Check for error storing trailer. (kg_ctx_internalize): Update for new context data. Check for errors in a few more cases. ticket: 2166 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16050 dc483132-0cff-0310-8789-dd5450dbe970
* no license on k5sealv3.cKen Raeburn2004-02-081-2/+28
| | | | | | | | | | Updated copyright notice to include standard license for release. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16028 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-02-05 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-02-064-7/+24
| | | | | | | | | | | | | | | | | | * gssapiP_krb5.h: remove KG_IMPLFLAGS macro * init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS macro with previous macro definition * accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS macro with new definition. As per 1964 the INTEG and CONF flags are supposed to indicate the availability of the services in the client. By applying the previous definition of KG_IMPLFLAGS the INTEG and CONF flags are always on. This can be a problem because some clients such as Microsoft's Kerberos SSPI allow CONF and INTEG to be used independently. By forcing the flags on, we would end up with inconsist state with the client. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16022 dc483132-0cff-0310-8789-dd5450dbe970
* need more testing support for MSKen Raeburn2004-01-273-3/+43
| | | | | | | | | | | | | | | | | | This should allow use of the CFX_EXERCISE code to better check interoperability of MS and MIT code with regard to future extensibility. * init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't crash on null pointer in debugging code. (new_connection): Disable CFX_EXERCISE unknown-token-id case detection. * accept_sec_context.c (krb5_gss_accept_sec_context) [CFX_EXERCISE]: Log to /tmp/gsslog whether delegation or extra option bytes were present. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15983 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 19:27:12 +0000