| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Take the opportunity to regularize accessor field names (no krb5 or
krb5int prefixes).
Fix a test program which was still using krb5_hmac.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23081 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23079 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
meet coding standards.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23039 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
usage, because ISO C apparently forbids empty array initializers
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23002 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
a NULL server principal to krb5_rd_req(). Without this the name
canonicalisation support in 1.7 was broken for GSS_C_BOTH
credentials, because cred->name would always be set.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22973 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
and adjust callers. Fixes a bug where kg_arcfour_docrypt_iov was
passing a keyblock instead of a key to kg_translate_iov after the
enc-perf merge.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22956 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
acquire_accept_cred()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22955 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the
krb5_k_* APIs to use them, and caching of derived keys when krb5_k_*
functions are used. Updates the krb5 auth context and GSS id-rec to
use krb5_keys.
ticket: 6576
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
internals.
Make depend.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming
extensions and verification of authorization data.
ticket: 6572
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22780 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22779 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self
and S4U2Proxy extensions.
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
Cherry-picked from Luke's authdata branch.
ticket: 6559
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22732 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
gss_krb5int_copy_ccache was iterating over credentials in a ccache
without freeing them.
ticket: 6558
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22718 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the underlying mechanism's accept_sec_context returns an error, the
spnego accept_sec_context was leaving allocated data in
*context_handle, which is incorrect for the first call according to
RFC 2744.
Fix this by mirroring some code from the spnego init_sec_context,
which always cleans up the half-constructed context in case of error.
This is allowed (though not encouraged) by RFC 2744 for second and
subsequent calls; since we were already doing it in init_sec_context,
it seems simpler to do that than keep track of whether this is a first
call or not.
ticket: 6551
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22636 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
files can make it difficult to build the tree. To do this, make the
depends target depend on generated header files and on header file
copies or links into the main include directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22486 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22361 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
1964 mode, so that we map to raw des enctypes rather than say
des-cbc-crc.
ticket: 6488
target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22354 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
The addition of etype negotiation has made the meanings of the various
keys in the GSS-API context structure more complicated. Document them
to aid in code understanding.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22353 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
to allow finer-grained testing.
ticket: 6487
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22352 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
sizeof(void *) bytes of the context into data_set, instead of the
pointer to the context.
ticket: 6488
status: open
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22351 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
which requests delegation only if the ok-as-delegate ticket flag is
set.
ticket: 6203
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22185 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SPNEGO can read beyond the end of a buffer if the claimed DER length
exceeds the number of bytes in the input buffer. This can lead to
crash or information disclosure.
Thanks to Apple for reporting this vulnerability and providing
patches.
ticket: 6443
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22174 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
sent on error.
ticket: 6417
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22173 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
acc_ctx_new() can return an error condition without establishing a
SPNEGO context structure. This can cause a null pointer dereference
in cleanup code in spnego_gss_accept_sec_context().
ticket: 6417
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22084 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
have been allocated locally, and set it in both code paths instead of
just the confidentiality-requested code path.
ticket: 6412
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22082 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
When allocating storage for the header buffer, update the internal
output buffer pointer as well.
ticket: 6412
target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22081 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the GSS-API routines for handling authdata only extract the
authorization data from the ticket, not that from the authenticator.
This is incorrect. Introduce a new function krb5_merge_authadata to
merge two authdata arrays into a newly allocated result array. Use
this function in accept_sec_context.c to include both sets of
authdata.
ticket: 6400
Target_version: 1.7
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22056 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21987 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21965 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Remove some redundant qualifiers specified redundantly multiple times more than once in variable declarations.
Also remove some useless qualifiers in casts and function argument declarations.
ticket: 6373
target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21903 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a pointer argument passed where an integer is needed.
Update Sun compiler options to make that an error. (The options we're
currently using make it an error for assignment but not for argument passing.)
ticket: 6363
target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21887 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Fix one file in gssapi where we compute offsets from a void* without casting.
Change options used with Sun compiler to make such expressions an error.
ticket: 6362
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21886 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21876 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
unicode, windows code
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21874 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21861 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
The krb5_c_crypto_length API returns unsigned int per its design.
so, use unsigned int not size_t for its output.
ticket: 6351
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21799 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21796 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21790 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21779 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21778 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21768 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21761 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
* Accept both CFX and non-CFX tokens all the time on acceptor
* Only produce an acceptor subkey if you are using cfx or dce or negotiating up to cfx
Additional changes from Sam Hartman:
* do not assume that the ticket key type (server key) is a valid target for negotiation: the client may not support it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21742 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
after setting up an array with no elements.
ifdef out array declarations and code that uses it until there are entries.
Affects: krb5_gss_inquire_cred_by_oid_ops and
krb5_gss_set_sec_context_option_ops which would return an error in any
case as here are no entries in the arrays.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21740 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
These are not standard interfaces, are not used by our tree
and were added because they might be useful but ended up not being used.
The stubs in gssapi.hin remain as they were shipped with previous releases.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21728 dc483132-0cff-0310-8789-dd5450dbe970
|