| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GSSAPI functions are responsible for setting their output parameters
on failure. Take greater care to do so in krb5_gss_display_name.
The mechglue is generally defensive about initializing variables used
as outputs, and not assuming that mechs will set them on failure.
Make gssint_convert_name_to_union_name initialize
union_name->external_name before calling mech->gss_display_name, so
that if the mech's gss_display_name doesn't touch it, we don't free an
uninitialized pointer.
Either one of these changes prevents an unlikely memory bug which
could occur if krb5_gss_init_context fails within
krb5_gss_display_name when called from
gssint_convert_name_to_union_name.
ticket: 7915 (new)
target_version: 1.12.2
|
| |
|
|
|
|
|
|
|
|
|
| |
* Function names should be at the beginning of lines in definitions.
* Changes should not create lines >79 characters.
* Continuation lines should align after left parens when appropriate.
Also, krb5_gss_accept_sec_context_ext and acquire_accept_cred are
not gss mechanism functions and should not have been tagged.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25116 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
<unistd.h> with #ifdef HAVE_UNISTD_H in g_authorize_localname.c
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25087 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24877 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This ticket implements Project/Anonymous pkinit from k5wiki. Provides
support for completely anonymous principals and untested client
support for realm-exposed anonymous authentication.
* Introduce kinit -n
* Introduce kadmin -n
* krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache
* No longer generate ad-initial-verified-cas in pkinit
* Fix pkinit interactions with non-TGT authentication
Merge remote branch 'anonymous' into trunk
Conflicts:
src/lib/krb5/krb/gic_opt.c
ticket: 6607
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23457 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming
extensions and verification of authorization data.
ticket: 6572
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
egregious formatting quirks. Add emacs mode settings to flag
untabified source files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20876 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Save detailed error messages (usually from the krb5 library) in
per-thread storage, mapping each error code to the most recently
produced message for it. Return the message from display_status.
Currently not implemented for a few cases where the krb5 mechanism
returns a minor status code of 0, or another value different from the
libkrb5 error code.
Other functions are available to store a generic string or formatted
message, but aren't used much at present.
Tested with these errors in context establishment:
* missing ccache (libkrb5 shows pathname if FILE: type)
* missing keytab (libkrb5 shows pathname if FILE: type)
* server principal unknown (libkrb5 shows server principal)
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19672 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
krb5_gss_init_context to calls to krb5_gss_init_context.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18015 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
context.
* add_cred.c (krb5_gss_add_cred): Likewise.
* compare_name.c (krb5_gss_compare_name): Likewise.
* copy_ccache.c (gss_krb5_copy_ccache): Likewise.
* disp_name.c (krb5_gss_display_name): Likewise.
* duplicate_name.c (krb5_gss_duplicate_name): Likewise.
* inq_cred.c (krb5_gss_inquire_cred): Likewise.
* context_time.c (krb5_gss_context_time): Use the krb5 context in the GSS
security context.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16187 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* util_crypt.c (kg_encrypt, kg_decrypt): Use free() instead of
krb5_free_data_contents().
* util_cksum.c (kg_checksum_channel_bindings): Make sure that
returned memory is allocated with xmalloc() so that caller can use
xfree() on it.
* k5unseal.c (kg_unseal_v1): Use krb5_free_data_contents()
instead of xfree().
* k5seal.c (make_seal_token_v1): Use krb5_free_data_contents()
instead of xfree().
* init_sec_context.c (make_ap_req_v1): Use xfree() instead of
free() to be consistent with xmalloc() usage. Use
krb5_free_data_contents() instead of xfree().
* disp_name.c (krb5_gss_display_name): Use
krb5_free_unparsed_name() instead of xfree().
* add_cred.c (krb5_gss_add_cred): Use xfree() instead of free() to
be consistent with xmalloc() usage.
* accept_sec_context.c (krb5_gss_accept_sec_context): Remove
variables that were effectively unused. Use
krb5_free_data_contents() instead of xfree() where appropriate.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13482 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
inq_context.c (krb5_gss_inquire_context):
import_name.c (krb5_gss_import_name):
export_name.c (krb5_gss_export_name):
disp_name.c (krb5_gss_display_name):
context_time.c (krb5_gss_context_time):
acquire_cred.c (krb5_gss_acquire_cred): Clean up -Wall flames.
indicate_mechs.c (krb5_gss_indicate_mechs): Return a dynamic OID set.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10577 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
OV_MERGE branches. This includes, but is not limited to, the new openvision
admin system, and major changes to gssapi to add functionality, and bring
the implementation in line with rfc1964. before committing, the
code was built and tested for netbsd and solaris.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8774 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
their first argument, instead of a krb5_context. Makes for a cleaner
interface to the mechanism glue layer.
k5mech.c (krb5_gss_initialize): Call name-type/mechanism registration
function so that mechanism glue layer knows whether or not a name
needs to be lazy evaluated or not.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7514 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
o removed INTERFACE from non-api functions
o add FAR to pointers visible to the world
o made the tests for __STDC__ also check for _WINDOWS
o creates GSSAPI.DLL & GSSAPI.LIB as per spec.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5354 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5086 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
windows INTERFACE keyword to functions. A few int/long fixes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4959 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
* display_name.c => disp_name.c
* display_status.c => disp_status.c
* inquire_context.c => inq_context.c
* inquire_cred.c => inq_cred.c
* release_cred.c => rel_cred.c
* release_name.c => rel_name.c
* Makefile.in changed to match.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4884 dc483132-0cff-0310-8789-dd5450dbe970
|
