summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi
Commit message (Collapse)AuthorAgeFilesLines
...
* Add files containing the export lists used on UNIX, in each directoryKen Raeburn2004-04-222-0/+170
| | | | | | | | | | | | | | where we build a shared library, whether or not it gets installed. These should match the complete AIX export lists for a full build including krb4 support, and will eventually be used on other UNIX platforms, and cut down to just the symbols we actually want to export. We'll also have to add additional information, eventually, for versioning and such, but currently this is just a list of C symbol names. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16259 dc483132-0cff-0310-8789-dd5450dbe970
* * k5unseal.c: gss_krb5int_unseal_token_v3() takes a pointer toJeffrey Altman2004-04-133-2/+10
| | | | | | | | | | | krb5_context * import_sec_context.c: krb5_gss_ser_init() contains a function pointer table. this table must use pointers to functions of type KRB5_CALLCONV. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16244 dc483132-0cff-0310-8789-dd5450dbe970
* * rel_cred.c (krb5_gss_release_cred): Create and destroy a local krb5 context.Ken Raeburn2004-03-214-8/+34
| | | | | | | * rel_name.c (krb5_gss_release_name): Likewise. * val_cred.c (krb5_gss_validate_cred): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16196 dc483132-0cff-0310-8789-dd5450dbe970
* log for export/import_name changes I accidentally checked in with another changeKen Raeburn2004-03-191-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16194 dc483132-0cff-0310-8789-dd5450dbe970
* back out a change I didn't mean to check inKen Raeburn2004-03-191-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16193 dc483132-0cff-0310-8789-dd5450dbe970
* acquire_cred.c: revert previous change, it breaks the test suiteKen Raeburn2004-03-195-30/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16192 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (krb5_gss_acquire_cred): Create and destroy a local krb5Ken Raeburn2004-03-199-22/+92
| | | | | | | | | | | | | | | context. * add_cred.c (krb5_gss_add_cred): Likewise. * compare_name.c (krb5_gss_compare_name): Likewise. * copy_ccache.c (gss_krb5_copy_ccache): Likewise. * disp_name.c (krb5_gss_display_name): Likewise. * duplicate_name.c (krb5_gss_duplicate_name): Likewise. * inq_cred.c (krb5_gss_inquire_cred): Likewise. * context_time.c (krb5_gss_context_time): Use the krb5 context in the GSS security context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16187 dc483132-0cff-0310-8789-dd5450dbe970
* * k5seal.c (kg_seal): Extract the krb5 context from the security contextKen Raeburn2004-03-1517-96/+109
| | | | | | | | | | | | | | | | | | | | | | | | | instead of requiring it be passed in as an argument. * k5unseal.c (kg_unseal): Likewise. * gssapiP_krb5.h (kg_seal, kg_unseal): Declarations updated. * delete_sec_context.c, process_context_token.c, seal.c, sign.c, unseal.c, verify.c: Callers changed. * inq_context.c (krb5_gss_inquire_context): Use krb5 context contained in security context instead of calling kg_get_context. * wrap_size_limit.c (krb5_gss_wrap_size_limit): Likewise. * import_sec_context.c (krb5_gss_ser_init): New function. (krb5_gss_import_sec_context): Create a krb5 context locally to use for the import. * export_sec_context.c (krb5_gss_export_sec_context): Use the krb5 context in the security context. * gssapiP_krb5.h (krb5_gss_ser_init): Declare. * gssapi_krb5.c (kg_get_context): Don't call krb5 serialization initialization code here. * accept_sec_context.c (krb5_gss_accept_sec_context): Free the new krb5 context in an error case not caught before. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16171 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Add a krb5 context object.Ken Raeburn2004-03-155-22/+72
| | | | | | | | | | | | * init_sec_context.c (krb5_gss_init_sec_context): Create a new krb5 context, and store it in the security context if successful. If there's already a security context, use the krb5 context in it. * accept_sec_context.c (krb5_gss_accept_sec_context): Create a new krb5 context, and store it in the security context if successful. * delete_sec_context.c (krb5_gss_delete_sec_context): If the security context has a krb5 context, free it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16170 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Delete fields init_token andKen Raeburn2004-03-143-65/+11
| | | | | | | | | | testing_unknown_tokid. * init_sec_context.c (new_connection): Drop support (already inside "#if 0") for them. (krb5_gss_init_sec_context): Drop support for testing_unknown_tokid. (mutual_auth): Don't let major_status be used uninitialized. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16168 dc483132-0cff-0310-8789-dd5450dbe970
* Add a mutex to protect the set manipulationsKen Raeburn2004-03-143-21/+87
| | | | | | | | | | * gssapiP_generic.h: Include k5-thread.h. (g_set): Add a mutex. (G_SET_INIT): Initialize it. * util_validate.c (g_save, g_validate, g_delete): Lock the mutex while working on the set. (BDB version untested.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16167 dc483132-0cff-0310-8789-dd5450dbe970
* Make the set type separate from the set-element (linked list node) typeKen Raeburn2004-03-146-29/+50
| | | | | | | | | | | | | | | | | * generic/gssapiP_generic.h (g_set): New struct type. (G_SET_INIT): New macro. * generic/util_validate.c (g_save, g_validate, g_delete): Change first argument to take a g_set * rather than void **; use the address of the void pointer from the structure. (g_save_name, g_save_cred_id, g_save_ctx_id, g_validate_name, g_validate_cred_id, g_validate_ctx_id, g_delete_name, g_delete_cred_id, g_delete_ctx_id): Updated first argument type. * genericgssapiP_generic.h: Declarations updated. * krb5/gssapi_krb5.c (kg_vdb): Change type to g_set and initialize. * krb5/gssapiP_krb5.h (kg_vdb): Declaration updated. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16166 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapiP_generic.h (struct _g_set_elt, g_set_elt): Renamed from non-_eltKen Raeburn2004-03-144-21/+27
| | | | | | | versions. * util_set.c, util_validate.c: Uses updated. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16165 dc483132-0cff-0310-8789-dd5450dbe970
* Missing prototype for gss_krb5int_unseal_token_v3Ezra Peisach2004-03-082-0/+12
| | | | | | | | | gssapiP_krb5.h: Add prototype for gss_krb5int_unseal_token_v3. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16159 dc483132-0cff-0310-8789-dd5450dbe970
* fix typoKen Raeburn2004-03-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16143 dc483132-0cff-0310-8789-dd5450dbe970
* don't get a krb5_context for the routines that don't need itKen Raeburn2004-03-034-12/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16142 dc483132-0cff-0310-8789-dd5450dbe970
* Set context flags after calling krb5_rd_req so that the replay cache is set upSam Hartman2004-02-262-2/+8
| | | | | | | Ticket: 2284 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16129 dc483132-0cff-0310-8789-dd5450dbe970
* dependency updatesKen Raeburn2004-02-241-5/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16121 dc483132-0cff-0310-8789-dd5450dbe970
* ignore some more generated filesKen Raeburn2004-02-241-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16119 dc483132-0cff-0310-8789-dd5450dbe970
* * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation forKen Raeburn2004-02-232-6/+19
| | | | | | | | | confidential CFX tokens. ticket: 2266 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16107 dc483132-0cff-0310-8789-dd5450dbe970
* * ser_sctx.c (kg_oid_externalize): Check for errors.Ken Raeburn2004-02-102-49/+154
| | | | | | | | | | | | | | | | (kg_oid_internalize): Check for errors. Free allocated storage on error. (kg_queue_externalize): Check for errorrs. (kg_queue_internalize): Check for errors. Free allocated storage on error. (kg_ctx_size): Update for new context data. (kg_ctx_externalize): Update for new context data. Check for error storing trailer. (kg_ctx_internalize): Update for new context data. Check for errors in a few more cases. ticket: 2166 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16050 dc483132-0cff-0310-8789-dd5450dbe970
* * util_ordering.c (g_queue_externalize, g_queue_internalize): Check forKen Raeburn2004-02-092-0/+9
| | | | | | | | | sufficient buffer space. ticket: 2166 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16040 dc483132-0cff-0310-8789-dd5450dbe970
* no license on k5sealv3.cKen Raeburn2004-02-081-2/+28
| | | | | | | | | | Updated copyright notice to include standard license for release. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16028 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-02-05 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-02-064-7/+24
| | | | | | | | | | | | | | | | | | * gssapiP_krb5.h: remove KG_IMPLFLAGS macro * init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS macro with previous macro definition * accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS macro with new definition. As per 1964 the INTEG and CONF flags are supposed to indicate the availability of the services in the client. By applying the previous definition of KG_IMPLFLAGS the INTEG and CONF flags are always on. This can be a problem because some clients such as Microsoft's Kerberos SSPI allow CONF and INTEG to be used independently. By forcing the flags on, we would end up with inconsist state with the client. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16022 dc483132-0cff-0310-8789-dd5450dbe970
* need more testing support for MSKen Raeburn2004-01-273-3/+43
| | | | | | | | | | | | | | | | | | This should allow use of the CFX_EXERCISE code to better check interoperability of MS and MIT code with regard to future extensibility. * init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't crash on null pointer in debugging code. (new_connection): Disable CFX_EXERCISE unknown-token-id case detection. * accept_sec_context.c (krb5_gss_accept_sec_context) [CFX_EXERCISE]: Log to /tmp/gsslog whether delegation or extra option bytes were present. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15983 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c: Include auth_con.h if CFX_EXERCISE is defined.Ken Raeburn2004-01-053-15/+48
| | | | | | | | | | | | | | | (make_gss_checksum) [CFX_EXERCISE]: If the key enctype is aes256, insert some stuff after the delegation slot. (new_connection) [CFX_EXERCISE]: Don't send messages with bogus token ids. * accept_sec_context.c (krb5_gss_accept_sec_context): Don't discard the delegation flag; only look for a delegation if the flag is set, and only look for delegation, not other options. Ignore any other data there. ticket: 2079 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15964 dc483132-0cff-0310-8789-dd5450dbe970
* * util_crypt.c (kg_encrypt, kg_decrypt): Input pointer now points to const.Ken Raeburn2003-12-204-5/+12
| | | | | | | * gssapiP_krb5.h: Declarations updated. * util_seed.c (zeros): Now const. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15956 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_generic.c (const_oids): Renamed from oids, and now const.Ken Raeburn2003-12-202-1/+8
| | | | | | (oids): New macro, casts const_oids to non-const pointer for use in initializers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15955 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c: Include k5-int.h for accessorTom Yu2003-12-192-0/+5
| | | | | | | ticket: 2077 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15944 dc483132-0cff-0310-8789-dd5450dbe970
* The new functions krb5int_c_mandatory_cksumtype, krb5_ser_pack_int64,Jeffrey Altman2003-12-194-9/+41
| | | | | | | | | | | | | and krb5_ser_unpack_int64 are considered private. Therefore, in order for them to be used from within gssapi they must be added to the krb5int_accessor mechanism. This allows us to not publicize their existence via exportation on Windows or MacOSX. ticket: new tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15941 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2003-12-153-58/+118
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15928 dc483132-0cff-0310-8789-dd5450dbe970
* Add 64-bit sequence number support. Do sequence number ordering tests relativeKen Raeburn2003-12-1315-290/+932
| | | | | | | | | | | | | to the initial value rather than absolute. Support tokens without pseudo-ASN.1 wrappers. Don't restrict enctype lists. Implement CFX token support. With CFX_EXERCISE defined, use random padding, random rotates, and bogus initial tokens, to exercise the associated code paths. ticket: 2040 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15911 dc483132-0cff-0310-8789-dd5450dbe970
* Added kg_sync_ccache_name(), kg_get_ccache_name, and kg_set_ccache_name() ↵Alexandra Ellwood2003-12-115-33/+177
| | | | | | | | and rewrote gss_krb5_ccache_name() and added a call to kg_sync_ccache_name() to acquire_init_cred() to fix a bug where on systems with multiple ccaches that GSSAPI gets stuck on the ccache that was default when it launched ticket: 2060 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15879 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_gss_register_acceptor_identity does not allocate enough memory for ↵Ezra Peisach2003-07-192-1/+6
| | | | | | | | | | | | | | | | cached keytab * acquire_cred.c (krb5_gss_register_acceptor_identity): Allocate enough memory to include the null at the end of the keytab char *. Essentially off by one error. ticket: new target_version: 1.3.1 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15699 dc483132-0cff-0310-8789-dd5450dbe970
* Remove kg_release_defcred and caching of default credential. RewriteTom Yu2003-07-179-479/+625
| | | | | | | | | | | | krb5_gss_init_sec_context() while we're at it to make defcred-related changes easier, and as a side effect, fix some error condition memory leaks. ticket: 1365 target_version: 1.3.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15694 dc483132-0cff-0310-8789-dd5450dbe970
* delete ##WIN16## lines from makefilesKen Raeburn2003-07-174-2/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15691 dc483132-0cff-0310-8789-dd5450dbe970
* * accept_sec_context.c (krb5_gss_accept_sec_context): CallTom Yu2003-07-152-4/+9
| | | | | | | | | | TREAD_STR with correct arguments. Patch from Emily Ratliff. ticket: 1015 tags: pullup target_version: 1.3.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15687 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (acquire_init_cred): Close the ccache ifTom Yu2003-07-102-0/+8
| | | | | | | | | | | krb5_cc_set_flags() fails, as krb5int_cc_default succeeds even if the file is not there, but krb5_cc_set_flags will fail in turning off OPENCLOSE mode if the file can't be opened. Thanks to Kent Wu. ticket: 1656 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15680 dc483132-0cff-0310-8789-dd5450dbe970
* libgss leaks, UMRsTom Yu2003-06-133-0/+9
| | | | | | | | | | | | | | | | | | * init_sec_context.c (krb5_gss_init_sec_context): Free default_enctypes to avoid leaking returned value from krb5_get_tgs_ktypes. * k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if token.length == 0, to avoid spurious uninitialized memory references when calling memcpy() with a zero length. ticket: new target_version: 1.3 tags: pullup component: krb5-libs cc: Kent_Wu@trendmicro.com git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15619 dc483132-0cff-0310-8789-dd5450dbe970
* make_ap_req_v1 leaks memoryTom Yu2003-06-132-0/+7
| | | | | | | | | | | | * init_sec_context.c (make_ap_req_v1): Free checksum_data if needed, to avoid leaking memory. Found by Kent Wu. ticket: new target_version: 1.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15618 dc483132-0cff-0310-8789-dd5450dbe970
* make-depend updatesKen Raeburn2003-05-241-17/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15490 dc483132-0cff-0310-8789-dd5450dbe970
* Be more friendly towards parallel buildsKen Raeburn2003-05-142-5/+17
| | | | | | | | | | * Makefile.in ($(EHDRDIR)$(S)timestamp): New target, used for ensuring $(EHDRDIR) exists. (clean-unix): Delete the dummy file. ($(EHDRDIR)$(S)gssapi.h): Depend on it, instead of creating the directory here. ($(EHDRDIR)$(S)gssapi_generic.h): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15443 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.h: Remove check for GSS_RFC_COMPLIANT_OIDSTom Yu2003-05-132-3/+4
| | | | | | | | | ticket: 1482 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15429 dc483132-0cff-0310-8789-dd5450dbe970
* Rename the local_subkey and remote_subkey fields in the auth_contextTom Yu2003-05-103-6/+14
| | | | | | | | | | | | | | | | | to send_subkey and recv_subkey, respectively. Add new APIs to query and set these fields. Change the behavior of mk_req_ext, rd_req_dec, and rd_rep to set both subkeys. Applications wanting to set unidirectional subkeys may still do so by saving the values of subkeys and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the send_subkey. ticket: 1415 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
* Do not claim GSS_C_PROT_READY_FLAG since we don't support itSam Hartman2003-03-144-1/+14
| | | | | | | | | | | | | Our code does not currently support GSS_C_PROT_READY_FLAG so only return that flag after context establishment. A potential future addition is to support that flag and return GAP_TOKEN if the initiator processes a message token before the final context token. Ticket: 1352 Tags: pullup Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15280 dc483132-0cff-0310-8789-dd5450dbe970
* Yet another attempt at cross-directory dependencies. Seems to fix the parallelKen Raeburn2003-03-082-8/+46
| | | | | | | | | | | build, and hasn't broken the out-of-date case so far as I can tell, so far... Added a bunch of comments describing the cases that need to be handled. * Makefile.in ($(BUILDTOP)/include/gssapi/gssapi.h, generic/gssapi.h, generic/gssapi_err_generic.h, krb5/gssapi_err_krb5.h): Comment out old rules and dependencies; depend on all-recurse and supply a no-op rule. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15270 dc483132-0cff-0310-8789-dd5450dbe970
* * gss_libinit.c: Changed USE_HARDCODED_FALLBACK_ERROR_TABLES macro to ↵Alexandra Ellwood2003-03-072-2/+8
| | | | | | !USE_BUNDLE_ERROR_STRINGS so Darwin based builds get com_err style error tables git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15266 dc483132-0cff-0310-8789-dd5450dbe970
* * disp_status.c, gssapi_krb5.h, gssapiP_krb5.h: Removed Mac header gooberAlexandra Ellwood2003-03-064-20/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15253 dc483132-0cff-0310-8789-dd5450dbe970
* * disp_com_err_status.c, gssapi_generic.h: Removed Mac header goober. * ↵Alexandra Ellwood2003-03-065-19/+12
| | | | | | gssapiP_generic.h, gssapi.hin: Removed macintosh check because we don't build on OS 9 anymore. * gssapi.hin: Removed enumsalwaysint because there are no typed enums in this header. Removed duplicate CFM-68K magic git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15252 dc483132-0cff-0310-8789-dd5450dbe970
* * gss_libinit.c: Removed Mac header goober. Fixed ↵Alexandra Ellwood2003-03-063-8/+13
| | | | | | USE_HARDCODED_FALLBACK_ERROR_TABLES macro used by KfM. * gss_libinit.h: do not use the same multiple include protection macro as krb5_libinit.h. Changed to GSSAPI_LIBINIT_H git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15251 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 19:44:26 +0000