summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 0.3.1v0.3.1Simo Sorce2014-01-261-1/+1
|
* Fix segfault in init context.Simo Sorce2014-01-262-6/+11
| | | | | | | | | | | The init context function was improperly initializing the ctx variable (too late) when some early error conditions can happen. Therefore passing to the delete context function a random memory address it would then try to free. This wuld cause a SEGFAULT in most cases. Additionally unfortunately iconv_close() does not follow good practices and blindignly dereferences data, even if the passed in pointer is NULL. So add a check before calling.
* Release 0.3.0v0.3.0Simo Sorce2014-01-121-1/+1
|
* Implement Import/Export cred functionsexport_credSimo Sorce2014-01-123-0/+216
|
* Generalize export_state and related functionsSimo Sorce2014-01-121-75/+82
|
* Expose cred store names in public header file.Simo Sorce2014-01-123-6/+8
| | | | Easier to use from clients this way.
* Test export/import context functionsexport_ctxSimo Sorce2013-12-151-0/+35
|
* Implement import context functionSimo Sorce2013-12-151-1/+313
|
* Implement export context functionSimo Sorce2013-12-155-1/+434
| | | | | The Export format version is set to 0.1 Long term keys are not exported.
* Add import/export functions for the RC4 stateSimo Sorce2013-12-152-0/+56
|
* Use RC4 instead of EVP interface of opensslSimo Sorce2013-12-151-49/+10
| | | | | This makes it much easier to export/import the crypto state. In preparation for implemeting import/export of context.
* Fix potential leaks in delete_contextSimo Sorce2013-12-151-0/+6
| | | | | | | | Free RC4 state if any Free workstations tring if any Also make sure to safely zero the struct before freeing to avoid leaking any key material.
* Do not copy creds on the contextSimo Sorce2013-12-152-63/+51
| | | | | There is no need to copy creds around, they are always available or retrievable.
* Fix memleaks in init_sec_contextStefan Becker2013-12-131-1/+3
|
* Fix memory leak with gssntlm_namesSimo Sorce2013-12-131-1/+1
| | | | Thanks to Stefan Becker <chemobejk@gmail.com> for finding this leak.
* Fix spec file krb5-libs depSimo Sorce2013-11-231-1/+1
|
* Fix NTLM specific cred_store prefixesSimo Sorce2013-11-231-3/+3
| | | | | Can't use ':' in the prefix name as ':' is the separator between prefix and values.
* Bump up version number to prerelease levelSimo Sorce2013-10-241-1/+1
|
* Add methods to inquire credentialsSimo Sorce2013-10-244-0/+165
| | | | Also add simple sanity check test.
* Add support for NTLMv1 Signing and SealingSimo Sorce2013-10-233-49/+134
| | | | Including tests to verify conformance to MS-NLMP
* Add CRC32 function using Zlib's crc32Simo Sorce2013-10-234-0/+161
|
* Fix URLs with new upstream locationsSimo Sorce2013-10-231-2/+2
|
* Release 0.2.0v0.2.0Simo Sorce2013-10-181-1/+1
|
* Test connectionless contextsconnectionlessSimo Sorce2013-10-181-2/+233
|
* Support connectionless signing and sealing.Simo Sorce2013-10-183-11/+104
| | | | | In connectionless mode (GSS_C_DATAGRAM_FLAG on) sealing keys ust be rotated for each message.
* Add way to set sequence numbres.Simo Sorce2013-10-185-0/+81
| | | | | | | | | | | In NTLMSSP connectionless mode applications are supposed to provide the sequence number, however GSSAPI's get_mic and verify_mic functions do not allow to pass an explicit sequence number. Allow to override the context sequence numbers using a custom oid and implemnting gss_set_sec_context_option() Allows the operation only if the context is in connectionless mode.
* Add support for connectionless modeSimo Sorce2013-10-181-46/+117
| | | | | This needs a new GSSAPI flag, for now grab a number and define GSS_C_DATAGRAM_FLAG ourselves.
* Add public devel header fileSimo Sorce2013-10-184-7/+60
| | | | | This contains definitions for various OIDs and flags needed to implemented non-standard features like NTLMSSP Connectionless mode.
* Add special case for enterprise namesSimo Sorce2013-10-181-1/+42
| | | | | | | | | | | | | | | | | | | | | | | | When enterprise names are used they need to be passed with the embedded '@' signed escaped with a '\', when that is done the whole name is used as the user name and the name is not split on the @ or \ characters. These forms are now supported: foo USERNAME: foo DOMAIN: <null> BAR\foo USERNAME: foo DOMAIN: BAR foo@BAR USERNAME: foo DOMAIN: BAR foo\@bar.example.com USERNAME: foo\@bar.example.com DOMAIN: <null>
* Treat NO OID as GSS_C_NT_USER_NAME on importSimo Sorce2013-10-181-3/+6
|
* Fix potential segfault condition in RC4_FREESimo Sorce2013-10-181-1/+1
|
* Fix generation of signing keys and add testsSimo Sorce2013-10-182-1/+184
|
* Fix symbols export regex to include gssspi_ too.Simo Sorce2013-10-181-1/+1
| | | | Thanks to David Woodhouse for finding out.
* Test acquire_cred_with_passwordSimo Sorce2013-10-171-12/+36
|
* Add support for gss_acquire_cred_with_password()Simo Sorce2013-10-173-0/+60
|
* Fix handling of NULL domainSimo Sorce2013-10-172-10/+17
| | | | | | | | | Fix segafult in NTOWFv2. When domain is NULL it is just omitted from the NTOWFv2 computation. Fix segfault in accept_sec_context, just make dom_name be an empty string. Fix also memory leaks.
* Fix acquiring creds via cred_storeSimo Sorce2013-10-171-0/+26
| | | | Make sure to set the cred type and copy in the name.
* Streamline spec file.Simo Sorce2013-10-171-22/+10
| | | | Fixes as requested by Fedora review
* Bump up version number afeter 0.1.0 releaseSimo Sorce2013-10-171-1/+1
|
* Correct upstream page in specSimo Sorce2013-10-141-2/+2
|
* Make version 0.1.0v0.1.0Simo Sorce2013-10-131-1/+1
|
* Fix typos in README.txtSimo Sorce2013-10-131-1/+1
|
* Add more tests.Simo Sorce2013-08-211-0/+30
| | | | Cover gss_inquire_context and gss_display_name implementations.
* Add gss_display_name implementationSimo Sorce2013-08-213-0/+85
|
* Add implementation of gss_inquire_contextSimo Sorce2013-08-214-0/+154
| | | | Also add source and target names to the context.
* Test Integrity and ConfidentialitySimo Sorce2013-08-191-0/+69
|
* Add integrity and confidentiality functionsSimo Sorce2013-08-1910-7/+548
|
* Add testsing of gssntlm mechglue functionsSimo Sorce2013-08-183-4/+138
|
* Basic implementation of accept_sec_contextSimo Sorce2013-08-188-41/+625
| | | | For now works only for satndalone server with access to a password file.
* Add support for server credentialsSimo Sorce2013-07-281-1/+40
|
generated by cgit (git 2.34.1) at 2024-05-09 02:50:04 +0000