krb5.git/src/lib/gssapi/spnego, branch gss_cs MIT Kerberos patches Let SPNEGO display mechanism errors 2013-12-18T20:58:55+00:00 Simo Sorce simo@redhat.com 2013-12-17T21:15:14+00:00 d160bc733a3dbeb6d84f4e175234ff18738d9f66 To avoid potential recursion we use a thread local variable that tells us whether the ancestor was called via spnego_gss_display_name(). If we detect recursion, we assume that we returned a com_err code like ENOMEM and call error_message(); in the worst case that will result in an "Unknown error" message. [ghudson@mit.edu: Edited comments and commit message; removed an unneeded line of code.] ticket: 7045 target_version: 1.12.1 tags: pullup 
To avoid potential recursion we use a thread local variable that tells
us whether the ancestor was called via spnego_gss_display_name().  If
we detect recursion, we assume that we returned a com_err code like
ENOMEM and call error_message(); in the worst case that will result in
an "Unknown error" message.

[ghudson@mit.edu: Edited comments and commit message; removed an
unneeded line of code.]

ticket: 7045
target_version: 1.12.1
tags: pullup
Fix memory leak in SPNEGO initiator 2013-12-16T16:39:41+00:00 Simo Sorce simo@redhat.com 2013-12-13T17:00:41+00:00 1cda48a7ed4069cfc052f974ec3d76a9137c8c5a If we eliminate a mechanism from the initiator list because gss_init_sec_context fails, free the memory for that mech OID before removing it from the list. [ghudson@mit.edu: clarified commit message] ticket: 7803 (new) target_version: 1.12.1 tags: pullup 
If we eliminate a mechanism from the initiator list because
gss_init_sec_context fails, free the memory for that mech OID before
removing it from the list.

[ghudson@mit.edu: clarified commit message]

ticket: 7803 (new)
target_version: 1.12.1
tags: pullup
Remove unneeded check in SPNEGO initiator 2013-12-16T16:35:52+00:00 Greg Hudson ghudson@mit.edu 2013-12-16T16:35:42+00:00 1249c75810e3d5c33ba723c65a904ee914ca8048 In init_ctx_cont, if the response token contains no fields, we set a return value but don't actually quit out of the function. We do not need this check (we will fail later on if a piece of required information isn't present), so just remove it. Reported by simo@redhat.com. 
In init_ctx_cont, if the response token contains no fields, we set a
return value but don't actually quit out of the function.  We do not
need this check (we will fail later on if a piece of required
information isn't present), so just remove it.  Reported by
simo@redhat.com.
Fix SPNEGO one-hop interop against old IIS 2013-12-12T15:51:34+00:00 Greg Hudson ghudson@mit.edu 2013-12-10T17:04:18+00:00 37af638b742dbd642eb70092e4f7781c3f69d86d IIS 6.0 and similar return a zero length reponse buffer in the last SPNEGO packet when context initiation is performed without mutual authentication. In this case the underlying Kerberos mechanism has already completed successfully on the first invocation, and SPNEGO does not expect a mech response token in the answer. If we get an empty mech response token when the mech is complete during negotiation, ignore it. [ghudson@mit.edu: small code style and commit message changes] ticket: 7797 (new) target_version: 1.12.1 tags: pullup 
IIS 6.0 and similar return a zero length reponse buffer in the last
SPNEGO packet when context initiation is performed without mutual
authentication.  In this case the underlying Kerberos mechanism has
already completed successfully on the first invocation, and SPNEGO
does not expect a mech response token in the answer.  If we get an
empty mech response token when the mech is complete during
negotiation, ignore it.

[ghudson@mit.edu: small code style and commit message changes]

ticket: 7797 (new)
target_version: 1.12.1
tags: pullup
Avoid malloc(0) in SPNEGO get_input_token 2013-12-07T02:06:26+00:00 Greg Hudson ghudson@mit.edu 2013-12-06T23:56:56+00:00 13fd26e1863c79f616653f6a10a58c01f65fceff If we read a zero-length token in spnego_mech.c's get_input_token(), set the value pointer to NULL instead of calling malloc(0). ticket: 7794 (new) 
If we read a zero-length token in spnego_mech.c's get_input_token(),
set the value pointer to NULL instead of calling malloc(0).

ticket: 7794 (new)
Add GSSAPI IOV MIC functions 2013-09-18T22:22:16+00:00 Greg Hudson ghudson@mit.edu 2013-09-08T01:13:48+00:00 d750ef3130b76dd079e863ed395eb3620a37386b Add gss_get_mic_iov, gss_get_mic_iov_length, and gss_verify_mic_iov functions, which work similarly to the corresponding IOV wrap functions. Add a new buffer type GSS_IOV_BUFFER_TYPE_MIC_TOKEN for the destination buffer. Most of the internal code for this was already present, and just needed to be fixed up and adjusted to use the new buffer type for the MIC token. ticket: 7705 (new) 
Add gss_get_mic_iov, gss_get_mic_iov_length, and gss_verify_mic_iov
functions, which work similarly to the corresponding IOV wrap
functions.  Add a new buffer type GSS_IOV_BUFFER_TYPE_MIC_TOKEN for
the destination buffer.

Most of the internal code for this was already present, and just
needed to be fixed up and adjusted to use the new buffer type for the
MIC token.

ticket: 7705 (new)
Fix various warnings 2013-06-07T19:19:37+00:00 Greg Hudson ghudson@mit.edu 2013-06-07T19:17:31+00:00 e51c089b745161dd6e1d64998e99d065fc22377e 






Reduce boilerplate in makefiles
2013-05-17T00:09:27+00:00

Greg Hudson
ghudson@mit.edu

2013-05-16T18:21:12+00:00

4b0985f8573840838bcfa8ec1df3dcd39a3dbf15

Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.





Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.







Fix mismatched spnego_mech.c declarations
2013-05-03T17:09:08+00:00

Greg Hudson
ghudson@mit.edu

2013-05-03T17:09:08+00:00

8c4db8f776c65b50fe3af82fd62a67022dd9a6d5

The mechglue definitions of gssint_get_der_length and friends use
unsigned int for the buffer length, not OM_uint32.





The mechglue definitions of gssint_get_der_length and friends use
unsigned int for the buffer length, not OM_uint32.







make depend
2013-03-24T05:30:33+00:00

Greg Hudson
ghudson@mit.edu

2013-03-24T05:30:33+00:00

24c8bacbccc854dc30fd6baee49cdd2bf2557e47