krb5.git/src/lib/gssapi/krb5, branch proxymech MIT Kerberos patches make depend 2013-03-24T05:30:33+00:00 Greg Hudson ghudson@mit.edu 2013-03-24T05:30:33+00:00 24c8bacbccc854dc30fd6baee49cdd2bf2557e47 






Fix argument type in kg_unseal_v1
2013-03-15T06:16:39+00:00

Greg Hudson
ghudson@mit.edu

2013-03-15T06:16:39+00:00

54d91d0666ac7539b0a8fe26fc4cb795ade1a042

The caller of kg_unseal_v1 passes a gss_qop_t * for the qop_state
parameter, so make it use that type instead of an int *.  Noted by
David Benjamin <davidben@mit.edu>.





The caller of kg_unseal_v1 passes a gss_qop_t * for the qop_state
parameter, so make it use that type instead of an int *.  Noted by
David Benjamin <davidben@mit.edu>.







Add k5_json_array_fmt and use it in export_cred.c
2013-02-13T20:53:29+00:00

Greg Hudson
ghudson@mit.edu

2013-02-12T02:07:54+00:00

80f53c8b2c745e75dc9d22acba63812d8533c133

Add a template-based array constructor for convenient marshalling of
structured values as JSON array values.  Use it to simplify
export_cred.c.





Add a template-based array constructor for convenient marshalling of
structured values as JSON array values.  Use it to simplify
export_cred.c.







Make internal JSON functions return error codes
2013-02-13T20:53:29+00:00

Greg Hudson
ghudson@mit.edu

2012-10-30T21:17:45+00:00

61116eb28a7520dda1e5febba95ac6ba1e70e6ac

Return error codes (0, ENOMEM, or EINVAL) from JSON support functions
instead of returning results directly.  This makes error handling
simpler for functions which assemble JSON objects and then return a
krb5_error_code values.  Adjust all callers.  Use shims in
export_cred.c to minimize changes there; it will be redesigned
internally in a subsequent commit.





Return error codes (0, ENOMEM, or EINVAL) from JSON support functions
instead of returning results directly.  This makes error handling
simpler for functions which assemble JSON objects and then return a
krb5_error_code values.  Adjust all callers.  Use shims in
export_cred.c to minimize changes there; it will be redesigned
internally in a subsequent commit.







Add and use k5memdup, k5memdup0 helpers
2013-02-09T05:43:35+00:00

Greg Hudson
ghudson@mit.edu

2013-02-09T05:43:35+00:00

7905cd6a2eddbf264242bb2a85f811878b2da7ab

Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.





Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.







make depend
2013-01-10T17:46:26+00:00

Greg Hudson
ghudson@mit.edu

2013-01-10T17:46:26+00:00

2807e8e1e1dc89b3d482de7c73d13d19187fdb38

Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.





Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.







Rename ccache configuration macros
2013-01-09T17:03:13+00:00

Zhanna Tsitkov
tsitkova@mit.edu

2013-01-09T17:03:13+00:00

941e26f9eb76471159e0a024aeac63f1b6e6ea45

KRB5_CONF_ prefix should be used for the krb5/kdc.conf parameters.
Use KRB5_CC_CONF_ prefix for cache configuration variables.





KRB5_CONF_ prefix should be used for the krb5/kdc.conf parameters.
Use KRB5_CC_CONF_ prefix for cache configuration variables.







Separate clpreauth and kdcpreauth interfaces
2012-12-19T19:24:21+00:00

Greg Hudson
ghudson@mit.edu

2012-10-21T23:37:14+00:00

f0794cba6a406fc834434eb6dc794bf29eda4a13

Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header.  For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.





Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header.  For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.







GENC should always export composite names
2012-10-03T16:47:02+00:00

Luke Howard
lukeh@padl.com

2012-09-01T01:08:27+00:00

123ff4cb9bdd2e13aa6b636c98a7fc3f9ee06f85

RFC 6680 requires that gss_export_name_composite begin the output
token with 04 02.  So we must produce a composite token even if the
name has no authdata, and be able to consume a composite token with no
authdata attributes.

[ghudson@mit.edu: expanded commit message]

ticket: 7400 (new)





RFC 6680 requires that gss_export_name_composite begin the output
token with 04 02.  So we must produce a composite token even if the
name has no authdata, and be able to consume a composite token with no
authdata attributes.

[ghudson@mit.edu: expanded commit message]

ticket: 7400 (new)







Keep verifier cred locked in accept_sec_context
2012-09-21T19:47:30+00:00

Greg Hudson
ghudson@mit.edu

2012-09-21T19:47:30+00:00

7889227a9651677a2bba6b57041c4d53b6621822

It might have been safe to access the krb5 verifier cred without a
lock before constrained delegation, but it is less likely to be safe
now that we might access both the initiator and acceptor parts of the
cred.  Hold a lock on the cred for the full accept_sec_context
operation.

ticket: 7366 (new)





It might have been safe to access the krb5 verifier cred without a
lock before constrained delegation, but it is less likely to be safe
now that we might access both the initiator and acceptor parts of the
cred.  Hold a lock on the cred for the full accept_sec_context
operation.

ticket: 7366 (new)