summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* fix typoKen Raeburn2004-03-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16143 dc483132-0cff-0310-8789-dd5450dbe970
* don't get a krb5_context for the routines that don't need itKen Raeburn2004-03-034-12/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16142 dc483132-0cff-0310-8789-dd5450dbe970
* Set context flags after calling krb5_rd_req so that the replay cache is set upSam Hartman2004-02-262-2/+8
| | | | | | | Ticket: 2284 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16129 dc483132-0cff-0310-8789-dd5450dbe970
* dependency updatesKen Raeburn2004-02-241-5/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16121 dc483132-0cff-0310-8789-dd5450dbe970
* * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation forKen Raeburn2004-02-232-6/+19
| | | | | | | | | confidential CFX tokens. ticket: 2266 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16107 dc483132-0cff-0310-8789-dd5450dbe970
* * ser_sctx.c (kg_oid_externalize): Check for errors.Ken Raeburn2004-02-102-49/+154
| | | | | | | | | | | | | | | | (kg_oid_internalize): Check for errors. Free allocated storage on error. (kg_queue_externalize): Check for errorrs. (kg_queue_internalize): Check for errors. Free allocated storage on error. (kg_ctx_size): Update for new context data. (kg_ctx_externalize): Update for new context data. Check for error storing trailer. (kg_ctx_internalize): Update for new context data. Check for errors in a few more cases. ticket: 2166 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16050 dc483132-0cff-0310-8789-dd5450dbe970
* no license on k5sealv3.cKen Raeburn2004-02-081-2/+28
| | | | | | | | | | Updated copyright notice to include standard license for release. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16028 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-02-05 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-02-064-7/+24
| | | | | | | | | | | | | | | | | | * gssapiP_krb5.h: remove KG_IMPLFLAGS macro * init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS macro with previous macro definition * accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS macro with new definition. As per 1964 the INTEG and CONF flags are supposed to indicate the availability of the services in the client. By applying the previous definition of KG_IMPLFLAGS the INTEG and CONF flags are always on. This can be a problem because some clients such as Microsoft's Kerberos SSPI allow CONF and INTEG to be used independently. By forcing the flags on, we would end up with inconsist state with the client. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16022 dc483132-0cff-0310-8789-dd5450dbe970
* need more testing support for MSKen Raeburn2004-01-273-3/+43
| | | | | | | | | | | | | | | | | | This should allow use of the CFX_EXERCISE code to better check interoperability of MS and MIT code with regard to future extensibility. * init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't crash on null pointer in debugging code. (new_connection): Disable CFX_EXERCISE unknown-token-id case detection. * accept_sec_context.c (krb5_gss_accept_sec_context) [CFX_EXERCISE]: Log to /tmp/gsslog whether delegation or extra option bytes were present. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15983 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c: Include auth_con.h if CFX_EXERCISE is defined.Ken Raeburn2004-01-053-15/+48
| | | | | | | | | | | | | | | (make_gss_checksum) [CFX_EXERCISE]: If the key enctype is aes256, insert some stuff after the delegation slot. (new_connection) [CFX_EXERCISE]: Don't send messages with bogus token ids. * accept_sec_context.c (krb5_gss_accept_sec_context): Don't discard the delegation flag; only look for a delegation if the flag is set, and only look for delegation, not other options. Ignore any other data there. ticket: 2079 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15964 dc483132-0cff-0310-8789-dd5450dbe970
* * util_crypt.c (kg_encrypt, kg_decrypt): Input pointer now points to const.Ken Raeburn2003-12-204-5/+12
| | | | | | | * gssapiP_krb5.h: Declarations updated. * util_seed.c (zeros): Now const. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15956 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c: Include k5-int.h for accessorTom Yu2003-12-192-0/+5
| | | | | | | ticket: 2077 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15944 dc483132-0cff-0310-8789-dd5450dbe970
* The new functions krb5int_c_mandatory_cksumtype, krb5_ser_pack_int64,Jeffrey Altman2003-12-194-9/+41
| | | | | | | | | | | | | and krb5_ser_unpack_int64 are considered private. Therefore, in order for them to be used from within gssapi they must be added to the krb5int_accessor mechanism. This allows us to not publicize their existence via exportation on Windows or MacOSX. ticket: new tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15941 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2003-12-151-46/+93
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15928 dc483132-0cff-0310-8789-dd5450dbe970
* Add 64-bit sequence number support. Do sequence number ordering tests relativeKen Raeburn2003-12-1311-264/+846
| | | | | | | | | | | | | to the initial value rather than absolute. Support tokens without pseudo-ASN.1 wrappers. Don't restrict enctype lists. Implement CFX token support. With CFX_EXERCISE defined, use random padding, random rotates, and bogus initial tokens, to exercise the associated code paths. ticket: 2040 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15911 dc483132-0cff-0310-8789-dd5450dbe970
* Added kg_sync_ccache_name(), kg_get_ccache_name, and kg_set_ccache_name() ↵Alexandra Ellwood2003-12-115-33/+177
| | | | | | | | and rewrote gss_krb5_ccache_name() and added a call to kg_sync_ccache_name() to acquire_init_cred() to fix a bug where on systems with multiple ccaches that GSSAPI gets stuck on the ccache that was default when it launched ticket: 2060 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15879 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_gss_register_acceptor_identity does not allocate enough memory for ↵Ezra Peisach2003-07-192-1/+6
| | | | | | | | | | | | | | | | cached keytab * acquire_cred.c (krb5_gss_register_acceptor_identity): Allocate enough memory to include the null at the end of the keytab char *. Essentially off by one error. ticket: new target_version: 1.3.1 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15699 dc483132-0cff-0310-8789-dd5450dbe970
* Remove kg_release_defcred and caching of default credential. RewriteTom Yu2003-07-177-476/+620
| | | | | | | | | | | | krb5_gss_init_sec_context() while we're at it to make defcred-related changes easier, and as a side effect, fix some error condition memory leaks. ticket: 1365 target_version: 1.3.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15694 dc483132-0cff-0310-8789-dd5450dbe970
* delete ##WIN16## lines from makefilesKen Raeburn2003-07-172-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15691 dc483132-0cff-0310-8789-dd5450dbe970
* * accept_sec_context.c (krb5_gss_accept_sec_context): CallTom Yu2003-07-152-4/+9
| | | | | | | | | | TREAD_STR with correct arguments. Patch from Emily Ratliff. ticket: 1015 tags: pullup target_version: 1.3.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15687 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (acquire_init_cred): Close the ccache ifTom Yu2003-07-102-0/+8
| | | | | | | | | | | krb5_cc_set_flags() fails, as krb5int_cc_default succeeds even if the file is not there, but krb5_cc_set_flags will fail in turning off OPENCLOSE mode if the file can't be opened. Thanks to Kent Wu. ticket: 1656 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15680 dc483132-0cff-0310-8789-dd5450dbe970
* libgss leaks, UMRsTom Yu2003-06-133-0/+9
| | | | | | | | | | | | | | | | | | * init_sec_context.c (krb5_gss_init_sec_context): Free default_enctypes to avoid leaking returned value from krb5_get_tgs_ktypes. * k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if token.length == 0, to avoid spurious uninitialized memory references when calling memcpy() with a zero length. ticket: new target_version: 1.3 tags: pullup component: krb5-libs cc: Kent_Wu@trendmicro.com git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15619 dc483132-0cff-0310-8789-dd5450dbe970
* make_ap_req_v1 leaks memoryTom Yu2003-06-132-0/+7
| | | | | | | | | | | | * init_sec_context.c (make_ap_req_v1): Free checksum_data if needed, to avoid leaking memory. Found by Kent Wu. ticket: new target_version: 1.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15618 dc483132-0cff-0310-8789-dd5450dbe970
* make-depend updatesKen Raeburn2003-05-241-17/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15490 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.h: Remove check for GSS_RFC_COMPLIANT_OIDSTom Yu2003-05-132-3/+4
| | | | | | | | | ticket: 1482 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15429 dc483132-0cff-0310-8789-dd5450dbe970
* Rename the local_subkey and remote_subkey fields in the auth_contextTom Yu2003-05-103-6/+14
| | | | | | | | | | | | | | | | | to send_subkey and recv_subkey, respectively. Add new APIs to query and set these fields. Change the behavior of mk_req_ext, rd_req_dec, and rd_rep to set both subkeys. Applications wanting to set unidirectional subkeys may still do so by saving the values of subkeys and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the send_subkey. ticket: 1415 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
* Do not claim GSS_C_PROT_READY_FLAG since we don't support itSam Hartman2003-03-144-1/+14
| | | | | | | | | | | | | Our code does not currently support GSS_C_PROT_READY_FLAG so only return that flag after context establishment. A potential future addition is to support that flag and return GAP_TOKEN if the initiator processes a message token before the final context token. Ticket: 1352 Tags: pullup Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15280 dc483132-0cff-0310-8789-dd5450dbe970
* * disp_status.c, gssapi_krb5.h, gssapiP_krb5.h: Removed Mac header gooberAlexandra Ellwood2003-03-064-20/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15253 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (krb5_gss_register_acceptor_identity): NewTom Yu2003-03-063-19/+61
| | | | | | | | | | | | function. Allows global override of default keytab for gss_acquire_cred() purposes. (acquire_accept_cred): Implement override. * gssapi_krb5.h: Add krb5_gss_register_acceptor_identity. ticket: 880 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15236 dc483132-0cff-0310-8789-dd5450dbe970
* Do not expect sequence number in encrypted krb_credSam Hartman2003-03-042-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15219 dc483132-0cff-0310-8789-dd5450dbe970
* GSS_C_NO_CREDENTIAL should accept any principalSam Hartman2003-03-045-40/+62
| | | | | | | | | | | | | | | | If a context is accepted with GSS_C_NO_CREDENTIAL or if a credential is acquired with GSS_C_NO_NAME as the acceptor name then allow any principal in the keytab to be used as the acceptor name. This means that gss_inquire_cred can return GSS_C_NO_NAME from a credential. ticket: new Tags: enhancement cc: nicolas.williams@sun.com cc: krbdev@mit.edu git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15218 dc483132-0cff-0310-8789-dd5450dbe970
* There isn't really a point to validating cred_handle if it was justTom Yu2003-03-012-6/+11
| | | | | | | | | | | | acquired by acquire_cred(), so instead of the suggested patch, validate verifier_cred_handle only if we didn't acquire_cred(). * accept_sec_context.c (krb5_gss_accept_sec_context): Don't validate verifier_cred_handle if GSS_C_NO_CREDENTIAL is passed in. ticket: 1356 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15211 dc483132-0cff-0310-8789-dd5450dbe970
* Thanks, similar patch appliedTom Yu2003-02-252-6/+52
| | | | | | | | | * set_ccache.c (gss_krb5_ccache_name): Don't return a pointer to freed memory. ticket: 1346 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15205 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_get_defcred): Revert previous; it's probablyTom Yu2003-02-243-32/+34
| | | | | | | | | | | | | | not appropriate for inquire_cred() to cause new credentials to be fetched. * init_sec_context.c (krb5_gss_init_sec_context): Explicitly release default cred in the NO_CREDENTIAL case, so it is always refreshed. ticket: 1305 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15201 dc483132-0cff-0310-8789-dd5450dbe970
* This should fix things, but I don't have an easy way to testTom Yu2003-02-212-15/+37
| | | | | | | | | | * gssapi_krb5.c (kg_get_defcred): Check for invalid or expired defcred if it exists, and call acquire_cred() again if necessary. ticket: 1305 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15199 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in ($(GSSAPI_KRB5_HDR)): Use $(S) to avoid problems onTom Yu2003-02-142-1/+6
| | | | | | windows. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15189 dc483132-0cff-0310-8789-dd5450dbe970
* Oops, add $(GSSAPI_KRB5_HDR) to all-unixTom Yu2003-02-132-2/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15186 dc483132-0cff-0310-8789-dd5450dbe970
* More tweaks to deal with parallel buildsTom Yu2003-02-132-9/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15185 dc483132-0cff-0310-8789-dd5450dbe970
* Have g_token_size return unsigned int for signed/unsigned cleanupEzra Peisach2003-02-092-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15171 dc483132-0cff-0310-8789-dd5450dbe970
* Use markers in Makefile.in rather than rules in configure.in to indicate whenKen Raeburn2003-01-102-0/+7
| | | | | | | | to use the lib.in and libobj.in makefile fragments. Pushing this per-directory info into Makefile.in will make it a little easier to work on combining configure scripts for multiple directories. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15107 dc483132-0cff-0310-8789-dd5450dbe970
* For new encryption types and for RC4, encrypt the krb_cred message inSam Hartman2003-01-082-51/+93
| | | | | | | | | | the initial gssapi token if credentials are being delegated. For consistency with Microsoft, we encrypt the credentials using the session key not the subsession key. Ticket: 1054 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15091 dc483132-0cff-0310-8789-dd5450dbe970
* Nuke some old .orig filesKen Raeburn2003-01-082-96/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15089 dc483132-0cff-0310-8789-dd5450dbe970
* * accept_sec_context.c (krb5_gss_accept_sec_context): Use unsignedEzra Peisach2002-11-158-12/+31
| | | | | | | | | | | | | | | | | | | lengths for arguments to g_token_size and g_make_token_header. * export_name.c (krb5_gss_export_name): Change local length variable to unsigned. * k5unseal.c (kg_unseal_v1): Seqnum variable changed from krb5_int32 to krb5_ui_4. * k5seal.c (make_seal_token_v1): Change seqnum argument to krb5_ui_4 from krb5_int32 to match krb5_gss_ctx_id_rec struct. * gssapiP_krb5.h, util_crypt.c, util_seqnum.c: kg_make_seq_num(), kg_get_seq_num() changed to use krb5_ui_4 for sequence numbers. kg_encrypt(), kg_decrypt() length argument now unsigned. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15007 dc483132-0cff-0310-8789-dd5450dbe970
* Implement an install-headers target to install public headers into KRB5_INCDIR;Sam Hartman2002-10-072-1/+5
| | | | | | | | probably called by setting DESTDIR. ticket: 1208 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14912 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in: Revert $(S)=>/ change, for Windows supportKen Raeburn2002-08-292-3/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14786 dc483132-0cff-0310-8789-dd5450dbe970
* Ignore a bunch of files generated by building in the source tree, excludingKen Raeburn2002-08-291-0/+2
| | | | | | | those covered by CVSROOT/cvsignore patterns. Static UNIX build only, at the moment, may need updates for other configurations. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14783 dc483132-0cff-0310-8789-dd5450dbe970
* Quote targets of some copy operations within the build tree. NeededKen Raeburn2002-08-272-1/+5
| | | | | | | now for Windows since we use "/" as a directory separator in places where Windows would also look for command options. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14776 dc483132-0cff-0310-8789-dd5450dbe970
* Change $(S)=>/ and $(U)=>.. globallyKen Raeburn2002-08-232-3/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14761 dc483132-0cff-0310-8789-dd5450dbe970
* * k5unseal.c (kg_unseal): Pass unsigned int * instead of int *Ezra Peisach2002-07-153-2/+10
| | | | | | | | | length return argument to g_verify_token_header. * accept_sec_context.c (krb5_gss_accept_sec_context): Pass OM_uint32 * instead of krb5_error_code * to krb5_gss_release_cred. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14652 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.h: Added #include of gssapi.h and gssapi_generic.hTom Yu2002-07-145-9/+96
| | | | | | | | | | | | | | | | | | | for the Mac because we can't assume people will include them and get the OID macro and the old names on the Mac. * disp_status.c: Updated Mac OS X header paths. * gssapiP_krb5.h: Updated Mac OS X header paths and added prototype on Mac. * gssapi_krb5.h: Updated Mac OS X headers to new framework layout * gssapi_krb5.h, gssapi_krb5.c: Added oids from rfc 1964 using the suggested names. [pullups from 1-2-2-branch] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14646 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-29 02:58:12 +0000