| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
We started generating gssapi_krb5.h from gssapi_krb5.hin when we
needed to use a 64-bit type for lucid contexts. Since we can now
assume a standard name for 64-bit types, we can stop generating the
header.
|
| |
|
|
|
|
|
|
|
| |
There is no reason to deny a zero-length cred store, so don't check
for it in val_acq_cred_args or val_add_cred_args.
ticket: 7836 (new)
target_version: 1.12.2
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A GSS krb5 error response contains a KRB-ERROR message, which is
required to have a server principal name, although few recipients
actually use it. Starting in 1.3, accept_sec_context would fail to
encode the error in the GSS_C_NO_NAME/GSS_C_NO_CREDENTIAL case
(introduced by #1370) because cred->princ (which became
cred->name->princ in 1.8) is unset.
This problem got worse in 1.10 because we stopped setting the server
field in all cases due to the changes for #6855. In 1.11 the problem
got worse again when a misguided change to the mechglue started
discarding output tokens when the mechanism returns an error; the
mechglue should only do so when it itself causes the error.
Fix krb5 gss_accept_sec_context by unconditionally decoding the AP-REQ
and using krb5_rd_req_decoded, and then using the requested ticket
server in the KRB-ERROR message. Fix the mechglue
gss_accept_sec_context by reverting that part of commit
56feee187579905c9101b0cdbdd8c6a850adcfc9. Add a test program which
artificially induces a replay cache failure (the easiest failure we
can produce which has an associated RFC 4120 error code) and checks
that this can be communicated back to the initiator via an error
token.
ticket: 1445
target_version: 1.12
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add gss_get_mic_iov, gss_get_mic_iov_length, and gss_verify_mic_iov
functions, which work similarly to the corresponding IOV wrap
functions. Add a new buffer type GSS_IOV_BUFFER_TYPE_MIC_TOKEN for
the destination buffer.
Most of the internal code for this was already present, and just
needed to be fixed up and adjusted to use the new buffer type for the
MIC token.
ticket: 7705 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When the import/export credential feature was implement the related
functions were added to struct gss_config, but the initialization
function that dynamically loads modules was not changed to see if
the plugin being loaded provided such functions.
This will allow non-builtin mechanism and interposer mechanism to
implement custom import/export credential extensions if they wish.
ticket: 7682
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When the credential store feature was implement the related functions
were added to struct gss_config, but the initialization function that
dynamically loads modules was not changed to see if the plugin being
loaded provided such functions.
This will allow non-builtin mechanism and interposer mechanism to
implement custom credential store extensions if they wish.
ticket: 7682
|
| |
|
|
|
|
|
|
|
| |
Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make
sure to use DEFINES for local defines (not DEFS). Remove some other
unnecessary makefile content.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Locking and unlocking a non-recursive mutex is a simple memory
operation and should not fail on any reasonable platform with correct
usage. A pthread mutex can return EDEADLK on lock or EPERM on unlock,
or EINVAL if the mutex is uninitialized, but all of these conditions
would reflect serious bugs in the calling code.
Change the k5_mutex_lock and k5_mutex_unlock wrappers to return void
and adjust all call sites. Propagate this change through
k5_cc_mutex_lock and k5_cc_mutex_unlock as well.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code was correctly selecting the mechanism to execute, but it was
improperly setting the mechanism type of the internal context when the
selected mechanism was that of an interposer and vice versa.
When an interposer is involved the internal context is that of the
interposer, so the mechanism type of the context needs to be the
interposer oid. Conversely, when an interposer re-enters gssapi and
presents a token with a special oid, the mechanism called is the real
mechanism, and the context returned is a real mechanism context. In
this case the mechanism type of the context needs to be that of the
real mechanism.
ticket: 7592
target_version: 1.11.2
tags: pullup
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity. Reformat some k5buf implementation code to match current
practices.
|
| |
|
|
|
| |
Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.
|
| |
|
|
|
|
|
| |
Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header. For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.
|
| |
|
|
|
|
|
| |
Fix style issues in kerrs.c and errors.c. Rename error handling
functions to use shorter k5_ prefix. Eliminate an inoperable
krb5int_set_error() call in gic_opte_alloc and convert the other
call to use krb5_set_error_message().
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add entries to OBJS and SRCS as well as STLIBOBJS.
Use KRB5_CALLCONV at function definition as well as declaration.
Declare missing variable in _WIN32-conditional code.
ticket: 7479 (new)
tags: pullup
target_version: 1.11
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
An interposer mech needs to be able to handle multiple mechanisms.
When importing a mech token for a name, cred, or context, the
interposer mech needs to know the mech type of the token being
imported. To make this work, add SPI calls which accept a mech type
argument.
[ghudson@mit.edu: Stylistic changes, commit squashing, commit message]
|
| |
|
|
|
|
|
|
|
|
| |
Wherever a GSSAPI mechglue function accepts a mech OID from the
caller, use gssint_select_mech_type() to choose the mechanism to use.
Wherever a mechglue function outputs a mech OID to the caller, use
gssint_get_public_oid() or gssint_make_public_oid_set() to expose the
public mech OID.
[ghudson@mit.edu: Stylistic changes, commit squashing, commit message]
|
| |
|
|
|
|
|
|
|
|
| |
Add gssint_select_mechanism() to determine what mechanism to use for a
caller-specified OID, gssint_get_public_oid() to determine what
mechanism to expose to the caller, and gssint_make_public_oid_set to
translate an array of mech OIDs into a set of public OIDs. In
gssint_get_mechanism(), match interposed OIDs as well as real ones.
[ghudson@mit.edu: Stylistic changes, commit squashing, commit message]
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Extend the syntax of the gss mech config file to allow a module type
delimited by triangle brackets. If the module type is "interposer",
flag the mechanism entry as being an interposer mechanism. A module
marked as an interposer is loaded immediately (so it can interpose a
built-in mechanism) and produces a list of OIDs to interpose.
Interposer mechanisms are not exposed to applications.
[ghudson@mit.edu: Stylistic changes, commit squashing, commit
message]
|
| |
|
|
| |
Use helper functions to shorten and clarify loadConfigFile.
|
| |
|
|
|
|
|
| |
Get rid of gssint_get_mechanisms, gssint_mech_to_oid, and
gssint_oid_to_mech, which constructed a list of mechanism names and
mapped between mech names and OIDs. These functions were only used by
gss_inquire_mechs_for_name, which now uses gss_indicate_mechs instead.
|
| |
|
|
|
|
|
|
|
| |
Use gss_indicate_mechs instead of gssint_get_mechanisms and
gssint_mech_to_oid to iterate over the list of mechanism OIDs. Use a
static helper to determine whether a mech supports a name type,
avoiding most of the work done in the for loop. Use a cleanup
handler. Don't leave partial results in the output parameter on
error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Failure handling during the postprocessing of
mech->gss_accept_sec_context was inconsistent. In one case we delete
the output token but leave the partly-constructed context present in
*context_handle (violating RFC 2744 if this is the first call); in
other cases we leave the output token in the caller's buffer but do
destroy the partly-constructed context. Make this more consistent by
always destroying the output token and partly-constructed context.
(RFC 2744 prefers, but does not require, leaving the
partly-constructed context present on error if it was present on
entry. At the moment we are ignoring that preference.)
[ghudson@mit.edu: Rewrote commit message with more details]
|
| | |
|
| |
|
|
|
|
|
|
| |
Add gss_export_cred and gss_import_cred mechglue functions to
serialize and unserialize GSSAPI credential handles. Mechanism
implementations and tests will follow.
ticket: 7354 (new)
|
| |
|
|
| |
ticket: 7347 (new)
|
| |
|
|
|
| |
The most recent commit to g_acquire_cred.c allocates an OID set to
pass to the mech, but never releases it. Fix that.
|
| |
|
|
|
|
|
|
|
| |
Fix some GSSAPI buffer allocations which were missed in
800358b1790ef82710af0b6021c6ff2dca2b0de7: gss_export_sec_context,
gss_display_name, and IAKERB and SPNEGO token construction.
ticket: 7233 (new)
tags: pullup
|
| |
|
|
|
|
|
|
| |
This function did not serve any useful purpose. Remove it and the
special case it creates; move the only function it contained to the
main gss_mechanism structure where it belongs. Note that the function
name is preserved so that loadable modules are not affected by this
change.
|
| |
|
|
|
|
| |
This way the mechanism handler knows what mech type is intended.
This allows plugin that implement multiple mechanisms or interposer
plugins to know what they are being asked to do.
|
| | |
|
| |
|
|
|
|
| |
This allows us to still use it for type safety in the APIs while at
the same time prevent code from trying to dereference internal_ctx_id
by mistake.
|
| |
|
|
|
|
|
|
|
|
|
| |
Use gssapi calls to construct the oid sets. It is not safe on windows
to use malloc to hand-construct the set and then call gss_release_oid_set()
to clean it up.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7227 (new)
tags: pullup
|
| |
|
|
|
|
|
|
|
| |
Add new APIs gss_acquire_cred_from, gss_add_cred_from, and
gss_store_cred_into, which take additional argments to specify the
location of the credential storage using a key-value map, where keys
are interpreted by the mechanisms.
ticket: 7217 (new)
|
| |
|
|
| |
The code that used it is no longer in this file.
|
| |
|
|
|
|
|
|
|
| |
In gssint_import_internal_name, don't map the minor code from
mech->gss_duplicate_name if it returned successfully. Fixes an
"unexpected non-zero minor status" error reported by SAP's gsstest
when it invokes gss_canonicalize_name().
ticket: 7194 (new)
|
| |
|
|
|
|
|
|
|
|
|
| |
If we can't acquire creds for any mech in gss_acquire_cred, return the
status of the first mech instead of the last mech, as it's more useful
in the typical case (where the first mech is krb5 and the last mech is
SPNEGO). This error reporting is not ideal when the user was
expecting to use some mech other than krb5, but it's about as good as
things were prior to #6894.
ticket: 6973
|
| |
|
|
|
|
|
|
|
|
|
|
| |
GSS functions which accept gss_buffer_t output arguments should
initialize those buffers to empty on startup (see gss_wrap, for
instance). Do so for gss_get_name_attribute in the mechglue.
ticket: 7089
target_version: 1.10.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25700 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25344 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
gss_buffer_t may be freed in a different module from where they
are allocated so it is not safe to use strdup/malloc/calloc/free.
similarly, gss_OID_set need to use gssalloc functions.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25332 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
...instead of hand-duplicating all the logic therein. Also makes
the switch to using gssalloc functions with oid_sets easier.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25329 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25316 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25272 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25224 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Write gss_pname_to_uid in terms of gss_localname; suppress on win32
* Add test for gss_pname_to_uid indirectly testing gss_localname
* gss_localname is the SPI, not gss_pname_to_uid
* fix some const gss_OID->gss_const_oid
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
gss_localname: map gss name to localname
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25222 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25209 dc483132-0cff-0310-8789-dd5450dbe970
|
