summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/mechglue
Commit message (Collapse)AuthorAgeFilesLines
...
* Initialize localname on error in gss_localnameGreg Hudson2011-10-061-4/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25316 dc483132-0cff-0310-8789-dd5450dbe970
* Windows fixes: remove unreferenced; use sizeof to compute array sizeSam Hartman2011-09-281-2/+1
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25272 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2011-09-212-66/+68
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25224 dc483132-0cff-0310-8789-dd5450dbe970
* * New implementation to map a gss name to localnameSam Hartman2011-09-213-56/+75
| | | | | | | | | | | | | | | | * Write gss_pname_to_uid in terms of gss_localname; suppress on win32 * Add test for gss_pname_to_uid indirectly testing gss_localname * gss_localname is the SPI, not gss_pname_to_uid * fix some const gss_OID->gss_const_oid Signed-off-by: Sam Hartman <hartmans@painless-security.com> gss_localname: map gss name to localname git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25222 dc483132-0cff-0310-8789-dd5450dbe970
* Formatting fixesGreg Hudson2011-09-191-203/+219
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25209 dc483132-0cff-0310-8789-dd5450dbe970
* On Windows, parse mechanism info from Registry instead of mech fileSam Hartman2011-09-191-169/+351
| | | | | | | | | | | Currently the code parses @sysconfdir@/gss/mech as a set of GSS mechanisms to dynamically load. On Windows this should come from the registry. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25198 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the mechglue union cred auxinfo fieldGreg Hudson2011-09-058-242/+65
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25152 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-042-15/+15
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* Fix style issues in r25087Greg Hudson2011-08-292-3/+3
| | | | | | | | | | | * Function names should be at the beginning of lines in definitions. * Changes should not create lines >79 characters. * Continuation lines should align after left parens when appropriate. Also, krb5_gss_accept_sec_context_ext and acquire_accept_cred are not gss mechanism functions and should not have been tagged. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25116 dc483132-0cff-0310-8789-dd5450dbe970
* Fix major status handling in gss_acquire_credGreg Hudson2011-08-111-0/+1
| | | | | | | | | | | If we have at least one cred element after the mech loop, reset major before continuing on, or we could mistakenly return a failure status from the last mech (and free the returned creds). Reported by aberry@likewise.com. ticket: 6944 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25097 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2011-08-091-1/+1
| | | | | | Also remove the erroneously added gssapi_err_krb5 error table sources. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25091 dc483132-0cff-0310-8789-dd5450dbe970
* call gssint_mecherrmap_init() from gssint_mechglue_init()Sam Hartman2011-08-091-0/+1
| | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25090 dc483132-0cff-0310-8789-dd5450dbe970
* Use KRB5_CALLCONV for all gss mechanism functions. Also wrap #include ↵Sam Hartman2011-08-096-64/+66
| | | | | | | | | <unistd.h> with #ifdef HAVE_UNISTD_H in g_authorize_localname.c Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25087 dc483132-0cff-0310-8789-dd5450dbe970
* Fix gss_set_cred_option cred creation with no nameGreg Hudson2011-07-221-6/+8
| | | | | | | | | | | When creating a cred in the mechglue with gss_acquire_cred, the mechanism is allowed to return no name from gss_inquire_cred. But in the analagous operation in gss_set_cred_option, that would result in an error from gss_display_name. Make the call to gss_display_name conditional on the mechanism name being set. Reported by Andrew Bartlett. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25037 dc483132-0cff-0310-8789-dd5450dbe970
* make dependEzra Peisach2011-07-011-8/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25007 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-101-49/+44
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Handle null OID values in gss_oid_equal()Greg Hudson2011-04-161-0/+3
| | | | | | ticket: 6890 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24885 dc483132-0cff-0310-8789-dd5450dbe970
* Check mech_type as well as mech_name in gssint_import_internal_name(),Greg Hudson2011-04-161-1/+2
| | | | | | | | for the sake of static analyzers. (Also, since this is an internal function, it can be called on a half-constructed MN; checking the type alone would be insufficient.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24884 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a code path where mech could be used uninitialized inGreg Hudson2011-04-161-1/+1
| | | | | | | | gss_accept_sec_context after r24645. ticket: 6813 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24883 dc483132-0cff-0310-8789-dd5450dbe970
* Implement gss_authorize_localname, as discussed on the kitten list,Greg Hudson2011-04-104-104/+109
| | | | | | | | | | | | | and make gss_userok a wrapper around it matching the Gnu GSS prototype. The SPI for gss_authorize_localname doesn't match the API since we have no way of representing the contents of an internal name to a mech at the moment. From r24855, r24857, r24858, r24862, r24863, r24864, r24866, r24867, and r24868 in users/lhoward/moonshot-mechglue-fixes. ticket: 6891 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24869 dc483132-0cff-0310-8789-dd5450dbe970
* Allow anonymous name to be imported with empty name bufferGreg Hudson2011-04-061-4/+11
| | | | | | | | | | | | When importing a name of type GSS_C_NT_ANONYMOUS, allow the input name buffer to be null or empty (null is translated into empty before mechanisms see it). From r24820 in users/lhoward/moonshot-mechglue-fixes. ticket: 6896 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24852 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-04-051-0/+32
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24844 dc483132-0cff-0310-8789-dd5450dbe970
* gss_duplicate_name SPI for SPNEGOGreg Hudson2011-04-055-46/+82
| | | | | | | | | | Preserve attributes when duplicating a name, using the mechanism's implementation of gss_duplicate_name if present, or a loop over the attributes if not. ticket: 6895 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24843 dc483132-0cff-0310-8789-dd5450dbe970
* More sensical mech selection for gss_acquire_cred/accept_sec_contextGreg Hudson2011-04-042-49/+44
| | | | | | | | | | | | | | If a caller passes an empty mech set to gss_acquire_cred, get a cred for all mechs instead of just the krb5 mech, as we don't know what mechanism the cred is going to be used with (particularly in the acceptor case). As a related fix, if a caller passes a credential to gss_accept_sec_context and it does not contain a mech-specific cred for the token's mech, error out instead of using the default cred with the token's mechanism. ticket: 6894 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24840 dc483132-0cff-0310-8789-dd5450dbe970
* r24838 accidentally added a gss_duplicate_name line toGreg Hudson2011-04-041-1/+0
| | | | | | | | | build_dynamicMech(), breaking the build (since gss_duplicate_name isn't in gss_mechanism yet). Revert that part of the change. ticket: 6892 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24839 dc483132-0cff-0310-8789-dd5450dbe970
* Prevent bleed-through of mechglue symbols into loaded mechsGreg Hudson2011-04-041-54/+67
| | | | | | | | | | | When loading a mech's symbols individually, make sure the symbol we got wasn't just a mechglue symbol showing through because the mech was linked against the mechglue. From r24719 in users/lhoward/moonshot-mechglue-fixes. ticket: 6892 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24838 dc483132-0cff-0310-8789-dd5450dbe970
* Add gss_userok and gss_pname_to_uid to dynamic mech loading table.Greg Hudson2011-04-041-0/+2
| | | | | | | | From r24711 in users/lhoward/moonshot-mechglue-fixes. ticket: 6891 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24837 dc483132-0cff-0310-8789-dd5450dbe970
* Add gss_userok and gss_pname_to_uidGreg Hudson2011-04-044-59/+293
| | | | | | | | | | | | | | | Resurrect gss_userok and gss_pname_to_uid in the mechglue. Add krb5 mech implementations using krb5_kuserok and krb5_aname_to_localname, as well as mechanism-independent implementations based on name attributes. From r24710, r24715, r24717, r24731, r24732, r24733, r24734, r24735, r24747, r24816, and r24819 in users/lhoward/moonshot-mechglue-fixes, with minor edits. ticket: 6891 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24836 dc483132-0cff-0310-8789-dd5450dbe970
* Use RFC 5587 const types for draft-josefsson-gss-capsulate APIsLuke Howard2011-04-033-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24821 dc483132-0cff-0310-8789-dd5450dbe970
* Allow absolute paths for mechglue libraries. From r24736 inGreg Hudson2011-04-011-1/+5
| | | | | | users/lhoward/moonshot-mechglue/fixes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24781 dc483132-0cff-0310-8789-dd5450dbe970
* Implement draft-josefsson-gss-capsulateGreg Hudson2011-04-014-0/+145
| | | | | | | | | | | Add gss_encapsulate_token(), gss_decapsulate_token(), and gss_oid_equal() APIs, which are already present in Heimdal and Shishi. From r24737, r24738, and r24740 in users/lhoward/moonshot-mechglue-fixes. ticket: 6890 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24780 dc483132-0cff-0310-8789-dd5450dbe970
* Although it can't actually happen, make it more explicit that we won'tGreg Hudson2011-03-111-1/+2
| | | | | | | | | dereference a null mech in the cleanup handler of the mechglue's gss_accept_sec_context. ticket: 6813 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24701 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-0920-81/+23
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-251-5/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* Don't leak the mechanism internal context when we get an error in theGreg Hudson2011-02-221-1/+6
| | | | | | | | | | mechglue's gss_accept_sec_context. From aberry@likewise.com. ticket: 6813 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24645 dc483132-0cff-0310-8789-dd5450dbe970
* Tighten up the error handling in the mechglue's gss_canonicalize_name,Greg Hudson2011-01-101-32/+14
| | | | | | | | | eliminating a null pointer dereference in the (unlikely) case that allocation of out_union fails. Reported by aberry@likewise.com. ticket: 6817 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24592 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure time() is prototyped in g_accept_sec_context.cGreg Hudson2010-12-141-0/+1
| | | | | | | | | | | | | r22736 added a call to time() in g_accept_sec_context.c. Include <time.h> to ensure that this call is correctly prototyped. Previously <time.h> was only included implicitly through <pthread.h>, which doesn't apply when thread support is disabled. ticket: 6842 tags: pullup target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24568 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2010-12-051-0/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24561 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-281-1/+1
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* Fix Windows buildGreg Hudson2010-11-254-24/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Repair the Windows build. Tested with the prepare-on-Unix method. Some specific changes include: * Removed the IPC finalizer (no longer used after r20787) from ccapi/lib/ccapi_ipc.c, as it was creating a difficult dependency chain for the pingtest build in ccapi/test. Also updated pingtest to use the k5_ipc_stream interfaces since cci_stream is gone. * Reverted the apparently non-functional r20277. * klist -V prints just "Kerberos for Windows", since it has no access to PACKAGE_NAME and PACKAGE_VERSION from autoconf. This should be addressed correctly. * krb5, telnet, gssftp, and NIM are removed from the build. * Some files had CRLFs; these were replaced with LFs and the svn:eol-style property set on the files. Otherwise the CRLFs became CRCRLFs after the zip transfer. * Windows does not have opendir/readdir, so added Windows code to prof_parse.c for includedir. Probable fodder for a libkrb5support portability shim. ticket: 6826 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24533 dc483132-0cff-0310-8789-dd5450dbe970
* Plug a memory leak in gss_indicate_mechsGreg Hudson2010-10-091-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24447 dc483132-0cff-0310-8789-dd5450dbe970
* In gss_indicate_mechs, avoid setting the output pointer until successGreg Hudson2010-10-081-17/+17
| | | | | | is guaranteed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24445 dc483132-0cff-0310-8789-dd5450dbe970
* In gss_inquire_attrs_for_mech, remove the assumption that mech_attrsGreg Hudson2010-10-081-1/+2
| | | | | | != NULL in a particular error case. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24444 dc483132-0cff-0310-8789-dd5450dbe970
* Merge users/lhoward/sasl-gs2 to trunkGreg Hudson2010-10-065-0/+470
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24436 dc483132-0cff-0310-8789-dd5450dbe970
* Add gss_krb5_import_credGreg Hudson2010-09-272-31/+165
| | | | | | | | | | | | Add gss_krb5_import_cred from Heimdal; allows krb5 creds to be acquired from a keytab or ccache into a GSSAPI credential without using global process or thread variables. Merged from the users/lhoward/import-cred branch. ticket: 6785 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24356 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-081-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-071-5/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* In gss_acquire_cred_with_password() and gss_add_cred_with_password(),Greg Hudson2010-05-201-38/+23
| | | | | | | require desired_name to be set, and always honor it. This is consistent with the Sun implementation and simplifies the code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24072 dc483132-0cff-0310-8789-dd5450dbe970
* If gss_inquire_cred is called with a null credential, acquire aGreg Hudson2010-05-171-44/+13
| | | | | | | | default initiator credential and process it normally, instead of using a completely different code path (the default mechanism's inquire_cred handler). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24052 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-05-161-0/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24041 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-29 17:43:23 +0000