summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* In kg_new_connection(), make sure k_cred is freed in all failureGreg Hudson2010-04-221-3/+2
| | | | | | cases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23926 dc483132-0cff-0310-8789-dd5450dbe970
* Amend r23917 to correct some uses of *out_creds which should now useGreg Hudson2010-04-211-3/+2
| | | | | | the local variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23918 dc483132-0cff-0310-8789-dd5450dbe970
* In the get_credentials() helper of the gss-krb5 init_sec_context code,Greg Hudson2010-04-211-2/+8
| | | | | | ensure that *out_creds is only filled in on successful return. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23917 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Arlene Berry to not use freed memory inTom Yu2010-03-231-1/+2
| | | | | | | | | | gss_import_sec_context in some error paths. ticket: 6678 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23834 dc483132-0cff-0310-8789-dd5450dbe970
* Implement gss_set_neg_mechsGreg Hudson2010-02-101-0/+1
| | | | | | | | | | | | | | | | | Implement gss_set_neg_mechs in SPNEGO by intersecting the provided mech set with the mechanisms available in the union credential. As we now need space to hold the mech set, the SPNEGO credential is now a structure and not just a mechglue credential. t_spnego.c is a test program which exercises the new logic. Like the other GSSAPI tests, it is not run as part of "make check" at this time. ticket: 6658 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23715 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Arlene Berry to return a comparable static OID objectTom Yu2010-02-051-0/+3
| | | | | | | | | | | instead of the application-passed (probably dynamically allocated) OID, to avoid use-after-free problems. ticket: 6598 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23695 dc483132-0cff-0310-8789-dd5450dbe970
* define MIN() in lib/gssapi/krb5/prf.cTom Yu2010-01-261-0/+4
| | | | | | | | | | | | Apply patch from Doug Engert to define MIN(), which was causing prf.c to fail compilation on Solaris. (The definition was probably leaking from sys/param.h, included indirectly somehow.) ticket: 6648 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23673 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-01-031-0/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23575 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_gss_acquire_cred will deref garbage pointer if actual_mechs is NULLEzra Peisach2010-01-031-3/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23572 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-281-1/+2
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-282-2/+18
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a cleanup handler in the store_creds code; krb5_cc_close doesn'tGreg Hudson2009-12-171-2/+2
| | | | | | handle NULL arguments, so we have to check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23480 dc483132-0cff-0310-8789-dd5450dbe970
* Add GSS extensions to store credentials, generate random bitsGreg Hudson2009-12-176-1/+354
| | | | | | | | | Merge /users/lhoward/gssextras-no-cqa to trunk. Adds gss_pseudo_random and gss_store_cred. ticket: 6597 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23479 dc483132-0cff-0310-8789-dd5450dbe970
* Mark and reindent lib/gssapi, with some exceptionsTom Yu2009-12-0848-269/+269
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23457 dc483132-0cff-0310-8789-dd5450dbe970
* ReindentZhanna Tsitkov2009-11-301-35/+26
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23393 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the non-iov entry point introduced in r23378, since it's easyGreg Hudson2009-11-291-5/+6
| | | | | | | | to use the iov entry point at both call sites. Rename the iov entry point to remove the "_iov" suffix since it's no longer needed to disambiguate. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23381 dc483132-0cff-0310-8789-dd5450dbe970
* Create functional internal interfaces to allow GSSAPI to performGreg Hudson2009-11-282-125/+21
| | | | | | | | arcfour encryption of GSS tokens. This factors out derivation of the usage and encryption keys, and removes the need for the provider structures to be visible to all of krb5 via k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23378 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_key versions of the auth context key accessors, and use themGreg Hudson2009-11-271-29/+12
| | | | | | to simplify the gss-krb5 code a little bit. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23372 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-222-486/+524
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-317-7/+0
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Bump the accessor version number since we made changes.Greg Hudson2009-10-283-20/+21
| | | | | | | | Take the opportunity to regularize accessor field names (no krb5 or krb5int prefixes). Fix a test program which was still using krb5_hmac. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23081 dc483132-0cff-0310-8789-dd5450dbe970
* Replace krb5_ with krb5Int_ prefix for non-API functionsZhanna Tsitkov2009-10-281-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23079 dc483132-0cff-0310-8789-dd5450dbe970
* Reformat function definition headers in gss-krb5's util_crypt.c toGreg Hudson2009-10-251-98/+48
| | | | | | meet coding standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23039 dc483132-0cff-0310-8789-dd5450dbe970
* Comment out empty definition of krb5_gss_set_sec_context_option_ops and itsLuke Howard2009-10-231-0/+4
| | | | | | usage, because ISO C apparently forbids empty array initializers git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23002 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure that a GSS_C_BOTH acquired for GSS_C_NO_NAME still passesLuke Howard2009-10-223-1/+3
| | | | | | | | a NULL server principal to krb5_rd_req(). Without this the name canonicalisation support in 1.7 was broken for GSS_C_BOTH credentials, because cred->name would always be set. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22973 dc483132-0cff-0310-8789-dd5450dbe970
* Make some gss-krb5 utility functions take enctypes instead of keys,Greg Hudson2009-10-208-38/+44
| | | | | | | | and adjust callers. Fixes a bug where kg_arcfour_docrypt_iov was passing a keyblock instead of a key to kg_translate_iov after the enc-perf merge. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22956 dc483132-0cff-0310-8789-dd5450dbe970
* use ANSI prototypes for acquire_XXX_cred, and fix cast to calling ↵Luke Howard2009-10-201-14/+13
| | | | | | acquire_accept_cred() git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22955 dc483132-0cff-0310-8789-dd5450dbe970
* Implement new APIs to allow improved crypto performanceGreg Hudson2009-10-1918-196/+260
| | | | | | | | | | | Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the krb5_k_* APIs to use them, and caching of derived keys when krb5_k_* functions are used. Updates the krb5 auth context and GSS id-rec to use krb5_keys. ticket: 6576 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944 dc483132-0cff-0310-8789-dd5450dbe970
* Move destest to builtin/des, because it depends on overriding someTom Yu2009-10-101-283/+308
| | | | | | | | internals. Make depend. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
* Implement GSS naming extensions and authdata verificationGreg Hudson2009-10-0921-217/+1190
| | | | | | | | | Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming extensions and verification of authorization data. ticket: 6572 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up warnings of unused variables that have crept into the source tree..Ezra Peisach2009-09-201-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22779 dc483132-0cff-0310-8789-dd5450dbe970
* Re-run make depend without autoconf.h in the source treeGreg Hudson2009-09-161-432/+421
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj.: Move prf and random-to-key ops from backend to krbZhanna Tsitkov2009-09-161-410/+435
| | | | | | bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769 dc483132-0cff-0310-8789-dd5450dbe970
* Implement s4u extensionsGreg Hudson2009-09-1310-53/+543
| | | | | | | | | Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
* Fix parsing of GSS exported namesGreg Hudson2009-09-111-4/+18
| | | | | | | | | | Cherry-picked from Luke's authdata branch. ticket: 6559 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22732 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak in gss_krb5int_copy_ccacheGreg Hudson2009-09-091-1/+4
| | | | | | | | | | | gss_krb5int_copy_ccache was iterating over credentials in a ccache without freeing them. ticket: 6558 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22718 dc483132-0cff-0310-8789-dd5450dbe970
* Get "make depend" to work in an unbuilt source tree, since bad depsGreg Hudson2009-08-031-1/+1
| | | | | | | | files can make it difficult to build the tree. To do this, make the depends target depend on generated header files and on header file copies or links into the main include directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22486 dc483132-0cff-0310-8789-dd5450dbe970
* Copy the sequence key rather than the subkey for lucid contexts in RFCSam Hartman2009-05-181-1/+1
| | | | | | | | | | | 1964 mode, so that we map to raw des enctypes rather than say des-cbc-crc. ticket: 6488 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22354 dc483132-0cff-0310-8789-dd5450dbe970
* Document use of key fields in GSS contextSam Hartman2009-05-181-6/+11
| | | | | | | | The addition of etype negotiation has made the meanings of the various keys in the GSS-API context structure more complicated. Document them to aid in code understanding. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22353 dc483132-0cff-0310-8789-dd5450dbe970
* Add IOV_SHIM_EXERCISE_WRAP and IOV_SHIM_EXERCISE_UNWRAP conditionalsTom Yu2009-05-141-2/+5
| | | | | | | | | to allow finer-grained testing. ticket: 6487 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22352 dc483132-0cff-0310-8789-dd5450dbe970
* gss_krb5int_export_lucid_sec_context was erroneously copying the firstGreg Hudson2009-05-141-1/+1
| | | | | | | | | | | | sizeof(void *) bytes of the context into data_set, instead of the pointer to the context. ticket: 6488 status: open tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22351 dc483132-0cff-0310-8789-dd5450dbe970
* Using a patch from Apple, add support for GSS_C_DELEG_POLICY_FLAG,Greg Hudson2009-04-081-1/+10
| | | | | | | | | | | which requests delegation only if the ok-as-delegate ticket flag is set. ticket: 6203 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22185 dc483132-0cff-0310-8789-dd5450dbe970
* Better fix: Delay setting 'outbuf' until after the header buffer mightKen Raeburn2009-03-121-3/+2
| | | | | | | | | | have been allocated locally, and set it in both code paths instead of just the confidentiality-requested code path. ticket: 6412 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22082 dc483132-0cff-0310-8789-dd5450dbe970
* crash using library-allocated storage for header in wrap_iovKen Raeburn2009-03-121-2/+3
| | | | | | | | | | | When allocating storage for the header buffer, update the internal output buffer pointer as well. ticket: 6412 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22081 dc483132-0cff-0310-8789-dd5450dbe970
* Include authenticator and ticket authdata in gss-apiSam Hartman2009-02-261-2/+2
| | | | | | | | | | | | | | | Currently, the GSS-API routines for handling authdata only extract the authorization data from the ticket, not that from the authenticator. This is incorrect. Introduce a new function krb5_merge_authadata to merge two authdata arrays into a newly allocated result array. Use this function in accept_sec_context.c to include both sets of authdata. ticket: 6400 Target_version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22056 dc483132-0cff-0310-8789-dd5450dbe970
* Don't apply 'const' twice. Make kg_arcfour_l40 staticKen Raeburn2009-02-121-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21987 dc483132-0cff-0310-8789-dd5450dbe970
* remove some redundant or useless qualifiersKen Raeburn2009-02-061-24/+24
| | | | | | | | | | | Remove some redundant qualifiers specified redundantly multiple times more than once in variable declarations. Also remove some useless qualifiers in casts and function argument declarations. ticket: 6373 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21903 dc483132-0cff-0310-8789-dd5450dbe970
* int/ptr bug in gssapi codeKen Raeburn2009-02-051-1/+1
| | | | | | | | | | | | Fix a pointer argument passed where an integer is needed. Update Sun compiler options to make that an error. (The options we're currently using make it an error for assignment but not for argument passing.) ticket: 6363 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21887 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-022-9/+9
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* TWRITE_STR casts second argument; don't add redundant castingKen Raeburn2009-02-021-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21874 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 02:07:05 +0000