summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi
Commit message (Collapse)AuthorAgeFilesLines
* Bump the accessor version number since we made changes.Greg Hudson2009-10-283-20/+21
| | | | | | | | Take the opportunity to regularize accessor field names (no krb5 or krb5int prefixes). Fix a test program which was still using krb5_hmac. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23081 dc483132-0cff-0310-8789-dd5450dbe970
* Replace krb5_ with krb5Int_ prefix for non-API functionsZhanna Tsitkov2009-10-281-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23079 dc483132-0cff-0310-8789-dd5450dbe970
* Reformat function definition headers in gss-krb5's util_crypt.c toGreg Hudson2009-10-251-98/+48
| | | | | | meet coding standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23039 dc483132-0cff-0310-8789-dd5450dbe970
* Comment out empty definition of krb5_gss_set_sec_context_option_ops and itsLuke Howard2009-10-231-0/+4
| | | | | | usage, because ISO C apparently forbids empty array initializers git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23002 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure that a GSS_C_BOTH acquired for GSS_C_NO_NAME still passesLuke Howard2009-10-223-1/+3
| | | | | | | | a NULL server principal to krb5_rd_req(). Without this the name canonicalisation support in 1.7 was broken for GSS_C_BOTH credentials, because cred->name would always be set. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22973 dc483132-0cff-0310-8789-dd5450dbe970
* Make some gss-krb5 utility functions take enctypes instead of keys,Greg Hudson2009-10-208-38/+44
| | | | | | | | and adjust callers. Fixes a bug where kg_arcfour_docrypt_iov was passing a keyblock instead of a key to kg_translate_iov after the enc-perf merge. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22956 dc483132-0cff-0310-8789-dd5450dbe970
* use ANSI prototypes for acquire_XXX_cred, and fix cast to calling ↵Luke Howard2009-10-201-14/+13
| | | | | | acquire_accept_cred() git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22955 dc483132-0cff-0310-8789-dd5450dbe970
* Implement new APIs to allow improved crypto performanceGreg Hudson2009-10-1918-196/+260
| | | | | | | | | | | Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the krb5_k_* APIs to use them, and caching of derived keys when krb5_k_* functions are used. Updates the krb5 auth context and GSS id-rec to use krb5_keys. ticket: 6576 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944 dc483132-0cff-0310-8789-dd5450dbe970
* Move destest to builtin/des, because it depends on overriding someTom Yu2009-10-103-296/+387
| | | | | | | | internals. Make depend. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
* Implement GSS naming extensions and authdata verificationGreg Hudson2009-10-0943-251/+2369
| | | | | | | | | Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming extensions and verification of authorization data. ticket: 6572 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a few bugs in r22736. Cherry-picked from Luke's authdata branchGreg Hudson2009-09-211-1/+1
| | | | | | ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22780 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up warnings of unused variables that have crept into the source tree..Ezra Peisach2009-09-201-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22779 dc483132-0cff-0310-8789-dd5450dbe970
* Re-run make depend without autoconf.h in the source treeGreg Hudson2009-09-164-718/+694
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj.: Move prf and random-to-key ops from backend to krbZhanna Tsitkov2009-09-164-678/+724
| | | | | | bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769 dc483132-0cff-0310-8789-dd5450dbe970
* Implement s4u extensionsGreg Hudson2009-09-1322-210/+1454
| | | | | | | | | Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
* Fix parsing of GSS exported namesGreg Hudson2009-09-111-4/+18
| | | | | | | | | | Cherry-picked from Luke's authdata branch. ticket: 6559 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22732 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak in gss_krb5int_copy_ccacheGreg Hudson2009-09-091-1/+4
| | | | | | | | | | | gss_krb5int_copy_ccache was iterating over credentials in a ccache without freeing them. ticket: 6558 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22718 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak in spnego accept_sec_context error pathGreg Hudson2009-08-271-0/+7
| | | | | | | | | | | | | | | | | | | | If the underlying mechanism's accept_sec_context returns an error, the spnego accept_sec_context was leaving allocated data in *context_handle, which is incorrect for the first call according to RFC 2744. Fix this by mirroring some code from the spnego init_sec_context, which always cleans up the half-constructed context in case of error. This is allowed (though not encouraged) by RFC 2744 for second and subsequent calls; since we were already doing it in init_sec_context, it seems simpler to do that than keep track of whether this is a first call or not. ticket: 6551 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22636 dc483132-0cff-0310-8789-dd5450dbe970
* Get "make depend" to work in an unbuilt source tree, since bad depsGreg Hudson2009-08-032-2/+2
| | | | | | | | files can make it difficult to build the tree. To do this, make the depends target depend on generated header files and on header file copies or links into the main include directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22486 dc483132-0cff-0310-8789-dd5450dbe970
* fix minor syntax errorKen Raeburn2009-05-221-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22361 dc483132-0cff-0310-8789-dd5450dbe970
* Copy the sequence key rather than the subkey for lucid contexts in RFCSam Hartman2009-05-181-1/+1
| | | | | | | | | | | 1964 mode, so that we map to raw des enctypes rather than say des-cbc-crc. ticket: 6488 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22354 dc483132-0cff-0310-8789-dd5450dbe970
* Document use of key fields in GSS contextSam Hartman2009-05-181-6/+11
| | | | | | | | The addition of etype negotiation has made the meanings of the various keys in the GSS-API context structure more complicated. Document them to aid in code understanding. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22353 dc483132-0cff-0310-8789-dd5450dbe970
* Add IOV_SHIM_EXERCISE_WRAP and IOV_SHIM_EXERCISE_UNWRAP conditionalsTom Yu2009-05-141-2/+5
| | | | | | | | | to allow finer-grained testing. ticket: 6487 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22352 dc483132-0cff-0310-8789-dd5450dbe970
* gss_krb5int_export_lucid_sec_context was erroneously copying the firstGreg Hudson2009-05-141-1/+1
| | | | | | | | | | | | sizeof(void *) bytes of the context into data_set, instead of the pointer to the context. ticket: 6488 status: open tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22351 dc483132-0cff-0310-8789-dd5450dbe970
* Using a patch from Apple, add support for GSS_C_DELEG_POLICY_FLAG,Greg Hudson2009-04-082-1/+11
| | | | | | | | | | | which requests delegation only if the ok-as-delegate ticket flag is set. ticket: 6203 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22185 dc483132-0cff-0310-8789-dd5450dbe970
* CVE-2009-0844 SPNEGO can read beyond buffer endTom Yu2009-04-071-27/+24
| | | | | | | | | | | | | | | SPNEGO can read beyond the end of a buffer if the claimed DER length exceeds the number of bytes in the input buffer. This can lead to crash or information disclosure. Thanks to Apple for reporting this vulnerability and providing patches. ticket: 6443 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22174 dc483132-0cff-0310-8789-dd5450dbe970
* Apply revised patch from Apple that ensures that a REJECT token isTom Yu2009-04-071-3/+5
| | | | | | | | sent on error. ticket: 6417 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22173 dc483132-0cff-0310-8789-dd5450dbe970
* CVE-2009-0845 SPNEGO can dereference a null pointerTom Yu2009-03-131-1/+2
| | | | | | | | | | | | acc_ctx_new() can return an error condition without establishing a SPNEGO context structure. This can cause a null pointer dereference in cleanup code in spnego_gss_accept_sec_context(). ticket: 6417 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22084 dc483132-0cff-0310-8789-dd5450dbe970
* Better fix: Delay setting 'outbuf' until after the header buffer mightKen Raeburn2009-03-121-3/+2
| | | | | | | | | | have been allocated locally, and set it in both code paths instead of just the confidentiality-requested code path. ticket: 6412 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22082 dc483132-0cff-0310-8789-dd5450dbe970
* crash using library-allocated storage for header in wrap_iovKen Raeburn2009-03-121-2/+3
| | | | | | | | | | | When allocating storage for the header buffer, update the internal output buffer pointer as well. ticket: 6412 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22081 dc483132-0cff-0310-8789-dd5450dbe970
* Include authenticator and ticket authdata in gss-apiSam Hartman2009-02-261-2/+2
| | | | | | | | | | | | | | | Currently, the GSS-API routines for handling authdata only extract the authorization data from the ticket, not that from the authenticator. This is incorrect. Introduce a new function krb5_merge_authadata to merge two authdata arrays into a newly allocated result array. Use this function in accept_sec_context.c to include both sets of authdata. ticket: 6400 Target_version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22056 dc483132-0cff-0310-8789-dd5450dbe970
* Don't apply 'const' twice. Make kg_arcfour_l40 staticKen Raeburn2009-02-121-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21987 dc483132-0cff-0310-8789-dd5450dbe970
* remove local objects from list for windowsKen Raeburn2009-02-111-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21965 dc483132-0cff-0310-8789-dd5450dbe970
* remove some redundant or useless qualifiersKen Raeburn2009-02-061-24/+24
| | | | | | | | | | | Remove some redundant qualifiers specified redundantly multiple times more than once in variable declarations. Also remove some useless qualifiers in casts and function argument declarations. ticket: 6373 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21903 dc483132-0cff-0310-8789-dd5450dbe970
* int/ptr bug in gssapi codeKen Raeburn2009-02-051-1/+1
| | | | | | | | | | | | Fix a pointer argument passed where an integer is needed. Update Sun compiler options to make that an error. (The options we're currently using make it an error for assignment but not for argument passing.) ticket: 6363 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21887 dc483132-0cff-0310-8789-dd5450dbe970
* don't do arithmetic on void pointersKen Raeburn2009-02-041-2/+2
| | | | | | | | | Fix one file in gssapi where we compute offsets from a void* without casting. Change options used with Sun compiler to make such expressions an error. ticket: 6362 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21886 dc483132-0cff-0310-8789-dd5450dbe970
* prefer structure assignment to memcpyKen Raeburn2009-02-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21876 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-024-11/+11
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* TWRITE_STR casts second argument; don't add redundant castingKen Raeburn2009-02-021-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21874 dc483132-0cff-0310-8789-dd5450dbe970
* explicitly initialize pointer fields after memset (for coverity)Ken Raeburn2009-02-021-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21861 dc483132-0cff-0310-8789-dd5450dbe970
* gss_header|trailerlen should be unsigned intSam Hartman2009-01-261-9/+9
| | | | | | | | | The krb5_c_crypto_length API returns unsigned int per its design. so, use unsigned int not size_t for its output. ticket: 6351 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21799 dc483132-0cff-0310-8789-dd5450dbe970
* Use 16/32-bit big/little-endian store functions in more placesKen Raeburn2009-01-268-64/+27
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21796 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some null checks in cases where pointers can't be nullGreg Hudson2009-01-233-10/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21790 dc483132-0cff-0310-8789-dd5450dbe970
* fix trailing whitespaceTom Yu2009-01-229-28/+24
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21779 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceTom Yu2009-01-2235-1735/+1735
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21778 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke: fix error return of krb5_gss_use_kdc_contextGreg Hudson2009-01-211-1/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21768 dc483132-0cff-0310-8789-dd5450dbe970
* patch from Luke - minor cleanupKen Raeburn2009-01-173-10/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21761 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke Howard to:Sam Hartman2009-01-136-60/+180
| | | | | | | | | | * Accept both CFX and non-CFX tokens all the time on acceptor * Only produce an acceptor subkey if you are using cfx or dce or negotiating up to cfx Additional changes from Sam Hartman: * do not assume that the ticket key type (server key) is a valid target for negotiation: the client may not support it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21742 dc483132-0cff-0310-8789-dd5450dbe970
* FreeBSD compiler errors out on an error "zero or negative size array"Ezra Peisach2009-01-131-0/+8
| | | | | | | | | | | | after setting up an array with no elements. ifdef out array declarations and code that uses it until there are entries. Affects: krb5_gss_inquire_cred_by_oid_ops and krb5_gss_set_sec_context_option_ops which would return an error in any case as here are no entries in the arrays. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21740 dc483132-0cff-0310-8789-dd5450dbe970
* Remove gss_export_name_object and gss_import_name_object.Sam Hartman2009-01-129-243/+0
| | | | | | | | These are not standard interfaces, are not used by our tree and were added because they might be useful but ended up not being used. The stubs in gssapi.hin remain as they were shipped with previous releases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21728 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-09-30 00:25:54 +0000