summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Documentation updates. Mostly GIC relatedZhanna Tsitkov2011-04-121-9/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24875 dc483132-0cff-0310-8789-dd5450dbe970
* Shuffle around some gss-krb5 entry points to eliminate four mostlyGreg Hudson2011-04-119-301/+171
| | | | | | | content-free source files and better separate IOV stuff from non-IOV stuff. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24874 dc483132-0cff-0310-8789-dd5450dbe970
* Add Doxygen markup for gss_userok() and gss_authorize_localname()Greg Hudson2011-04-101-0/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24870 dc483132-0cff-0310-8789-dd5450dbe970
* Implement gss_authorize_localname, as discussed on the kitten list,Greg Hudson2011-04-107-121/+145
| | | | | | | | | | | | | and make gss_userok a wrapper around it matching the Gnu GSS prototype. The SPI for gss_authorize_localname doesn't match the API since we have no way of representing the contents of an internal name to a mech at the moment. From r24855, r24857, r24858, r24862, r24863, r24864, r24866, r24867, and r24868 in users/lhoward/moonshot-mechglue-fixes. ticket: 6891 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24869 dc483132-0cff-0310-8789-dd5450dbe970
* When inquiring the default GSS acceptor principal, return a principalGreg Hudson2011-04-081-3/+19
| | | | | | | | name from the keytab if we can, for better compliance with GSSAPI. ticket: 6897 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24861 dc483132-0cff-0310-8789-dd5450dbe970
* Correctly recognize non-iterable keytabs in k5_kt_get_principal()Greg Hudson2011-04-081-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24860 dc483132-0cff-0310-8789-dd5450dbe970
* Add k5_kt_get_principal, an internal krb5 interface to try to get aGreg Hudson2011-04-084-23/+36
| | | | | | | | principal name from a keytab. Used currently by vfy_increds.c (in place of its static helper); will also be used when querying the name of the default gss-krb5 acceptor cred. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24859 dc483132-0cff-0310-8789-dd5450dbe970
* In the authdata framework, determine which authdata sources to queryGreg Hudson2011-04-071-3/+18
| | | | | | | based on the module's usage flags. From r24794 in users/lhoward/moonshot-mechglue-fixes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24853 dc483132-0cff-0310-8789-dd5450dbe970
* Allow anonymous name to be imported with empty name bufferGreg Hudson2011-04-061-4/+11
| | | | | | | | | | | | When importing a name of type GSS_C_NT_ANONYMOUS, allow the input name buffer to be null or empty (null is translated into empty before mechanisms see it). From r24820 in users/lhoward/moonshot-mechglue-fixes. ticket: 6896 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24852 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-04-054-18/+48
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24844 dc483132-0cff-0310-8789-dd5450dbe970
* gss_duplicate_name SPI for SPNEGOGreg Hudson2011-04-058-46/+109
| | | | | | | | | | Preserve attributes when duplicating a name, using the mechanism's implementation of gss_duplicate_name if present, or a loop over the attributes if not. ticket: 6895 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24843 dc483132-0cff-0310-8789-dd5450dbe970
* More sensical mech selection for gss_acquire_cred/accept_sec_contextGreg Hudson2011-04-042-49/+44
| | | | | | | | | | | | | | If a caller passes an empty mech set to gss_acquire_cred, get a cred for all mechs instead of just the krb5 mech, as we don't know what mechanism the cred is going to be used with (particularly in the acceptor case). As a related fix, if a caller passes a credential to gss_accept_sec_context and it does not contain a mech-specific cred for the token's mech, error out instead of using the default cred with the token's mechanism. ticket: 6894 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24840 dc483132-0cff-0310-8789-dd5450dbe970
* r24838 accidentally added a gss_duplicate_name line toGreg Hudson2011-04-041-1/+0
| | | | | | | | | build_dynamicMech(), breaking the build (since gss_duplicate_name isn't in gss_mechanism yet). Revert that part of the change. ticket: 6892 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24839 dc483132-0cff-0310-8789-dd5450dbe970
* Prevent bleed-through of mechglue symbols into loaded mechsGreg Hudson2011-04-041-54/+67
| | | | | | | | | | | When loading a mech's symbols individually, make sure the symbol we got wasn't just a mechglue symbol showing through because the mech was linked against the mechglue. From r24719 in users/lhoward/moonshot-mechglue-fixes. ticket: 6892 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24838 dc483132-0cff-0310-8789-dd5450dbe970
* Add gss_userok and gss_pname_to_uid to dynamic mech loading table.Greg Hudson2011-04-041-0/+2
| | | | | | | | From r24711 in users/lhoward/moonshot-mechglue-fixes. ticket: 6891 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24837 dc483132-0cff-0310-8789-dd5450dbe970
* Add gss_userok and gss_pname_to_uidGreg Hudson2011-04-049-70/+410
| | | | | | | | | | | | | | | Resurrect gss_userok and gss_pname_to_uid in the mechglue. Add krb5 mech implementations using krb5_kuserok and krb5_aname_to_localname, as well as mechanism-independent implementations based on name attributes. From r24710, r24715, r24717, r24731, r24732, r24733, r24734, r24735, r24747, r24816, and r24819 in users/lhoward/moonshot-mechglue-fixes, with minor edits. ticket: 6891 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24836 dc483132-0cff-0310-8789-dd5450dbe970
* CoreFoundation is no longer used for UCS2 conversionsKen Raeburn2011-04-031-2/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24834 dc483132-0cff-0310-8789-dd5450dbe970
* In t_fortuna.c, use a static buffer in head_tail_test, and use %f forGreg Hudson2011-04-031-2/+3
| | | | | | a double argument, not %lf. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24830 dc483132-0cff-0310-8789-dd5450dbe970
* Don't allocate over 2MB on the stack; sparc-netbsd3.0 default stackKen Raeburn2011-04-031-1/+1
| | | | | | limit is 2MB. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24829 dc483132-0cff-0310-8789-dd5450dbe970
* Include krb5_libinit.h always, since we call krb5int_initialize_library alwaysKen Raeburn2011-04-031-3/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24828 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid using crypto_int.h in t_nfold.c for convenience on Solaris; justGreg Hudson2011-04-031-1/+3
| | | | | | prototype krb5int_nfold instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24826 dc483132-0cff-0310-8789-dd5450dbe970
* destest.c no longer needs crypto_int.hGreg Hudson2011-04-031-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24825 dc483132-0cff-0310-8789-dd5450dbe970
* Use RFC 5587 const types for draft-josefsson-gss-capsulate APIsLuke Howard2011-04-034-13/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24821 dc483132-0cff-0310-8789-dd5450dbe970
* Factor out the address checks in krb5_rd_safe and krb5_rd_priv intoGreg Hudson2011-04-024-171/+105
| | | | | | a new function k5_privsafe_check_addrs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24806 dc483132-0cff-0310-8789-dd5450dbe970
* In libkrb5, move krb5int_auth_con_chkseqnum to a new file privsafe.c,Greg Hudson2011-04-026-170/+203
| | | | | | | renamed to k5_privsafe_check_seqnum. Declare it in int-proto.h rather than k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24805 dc483132-0cff-0310-8789-dd5450dbe970
* When doing S4U2Self for the anon principal, use the server realmLuke Howard2011-04-021-4/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24793 dc483132-0cff-0310-8789-dd5450dbe970
* Allow absolute paths for mechglue libraries. From r24736 inGreg Hudson2011-04-011-1/+5
| | | | | | users/lhoward/moonshot-mechglue/fixes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24781 dc483132-0cff-0310-8789-dd5450dbe970
* Implement draft-josefsson-gss-capsulateGreg Hudson2011-04-016-0/+169
| | | | | | | | | | | Add gss_encapsulate_token(), gss_decapsulate_token(), and gss_oid_equal() APIs, which are already present in Heimdal and Shishi. From r24737, r24738, and r24740 in users/lhoward/moonshot-mechglue-fixes. ticket: 6890 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24780 dc483132-0cff-0310-8789-dd5450dbe970
* s4u2proxy_set_attribute should only return EPERM for its own attributeLuke Howard2011-04-011-8/+2
| | | | | | Failure to do this breaks other attribute providers' set_attribute() git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24775 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_cc_move if something went wrong, free the dst credential cacheZhanna Tsitkov2011-03-291-2/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24754 dc483132-0cff-0310-8789-dd5450dbe970
* If the new configuration data that is passed to krb5_cc_set_config is NULL, ↵Zhanna Tsitkov2011-03-291-45/+51
| | | | | | | | just remove the old configuration. Moved short krb5_cc_set_config usage example from krb5.hin into the separate file. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24753 dc483132-0cff-0310-8789-dd5450dbe970
* Static function names should not have krb5_ prefixZhanna Tsitkov2011-03-291-12/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24751 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the weak key checks from the builtin rc4 enc provider. ThereGreg Hudson2011-03-281-17/+0
| | | | | | | | | | | | | | is no standards support for avoiding RC4 weak keys, so rejecting them causes periodic failures. Heimdal and Microsoft do not check for weak keys. Attacks based on these weak keys are probably thwarted by the use of a confounder, and even if not, the reduction in work factor is not terribly significant for 128-bit keys. ticket: 6886 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24750 dc483132-0cff-0310-8789-dd5450dbe970
* Use first principal in keytab when verifying credsGreg Hudson2011-03-284-25/+171
| | | | | | | | | | In krb5_verify_init_creds(), use the first principal in the keytab to verify the credentials instead of the result of krb5_sname_to_principal(). Also add tests. ticket: 6887 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24749 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a precedence error in g_make_token_header() which caused it toGreg Hudson2011-03-251-2/+2
| | | | | | | | write the wrong length when no token type is passed. (From r24739 in users/lhoward/moonshot-mechglue-fixes.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24745 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesEzra Peisach2011-03-191-39/+22
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24730 dc483132-0cff-0310-8789-dd5450dbe970
* Move doxygen comments from source to header. Updated comments and added some ↵Zhanna Tsitkov2011-03-181-42/+2
| | | | | | | | usage examples. Affected functions: krb5_cc_get_config, krb5_cc_set_config, krb5_is_config_principal git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24728 dc483132-0cff-0310-8789-dd5450dbe970
* Resolve a few miscellaneous warningsGreg Hudson2011-03-1414-37/+35
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24703 dc483132-0cff-0310-8789-dd5450dbe970
* Remove two headers accidentally left behind in r24677Greg Hudson2011-03-142-71/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24702 dc483132-0cff-0310-8789-dd5450dbe970
* Although it can't actually happen, make it more explicit that we won'tGreg Hudson2011-03-111-1/+2
| | | | | | | | | dereference a null mech in the cleanup handler of the mechglue's gss_accept_sec_context. ticket: 6813 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24701 dc483132-0cff-0310-8789-dd5450dbe970
* Fix NSS PBKDF2 in the v4 salt (i.e. empty salt) caseGreg Hudson2011-03-111-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24700 dc483132-0cff-0310-8789-dd5450dbe970
* Move the des and AFS string-to-key implementations into lib/crypto/krb,Greg Hudson2011-03-1122-1258/+1025
| | | | | | | | since they aren't standard crypto primitives. Revise the module SPI accordingly. Add tests for AFS string-to-key to t_str2key.c to replace the ones in the (now defunct) t_afss2k.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24699 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a couple of key import modes in the NSS module, although they don'tGreg Hudson2011-03-112-2/+2
| | | | | | seem to matter a lot. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24698 dc483132-0cff-0310-8789-dd5450dbe970
* Remove ser_eblk.c, which has been unused since r11001 (October 1998)Greg Hudson2011-03-091-255/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24697 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-09422-2178/+1328
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak independently found by Tim Pozdeev and Arlene BerryTom Yu2011-03-081-0/+1
| | | | | | | | | | This change should be pulled up to the 1.8 and 1.7 branches as well. ticket: 6844 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24693 dc483132-0cff-0310-8789-dd5450dbe970
* SPNEGO's accept_sec_context and init_sec_context produce a null contextGreg Hudson2011-03-081-2/+6
| | | | | | | | | | | on error, so it needs to silently succeed when deleting a null context. It was instead passing the null context along to the mechglue which would produce an error, causing a leak of the mechglue's union context wrapper. Reported by aberry@likewise.com. ticket: 6863 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24692 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesEzra Peisach2011-03-061-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24690 dc483132-0cff-0310-8789-dd5450dbe970
* Fix up signed/unsigned warnings in this directory. There are still Ezra Peisach2011-03-065-11/+13
| | | | | | a few more - but these were the obvious ones. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24689 dc483132-0cff-0310-8789-dd5450dbe970
* On make clean remove test programs and object files. In lib/krb5/krbEzra Peisach2011-03-064-2/+16
| | | | | | make depend as a test program was missed from the source list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24687 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 13:45:49 +0000