summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi
Commit message (Collapse)AuthorAgeFilesLines
...
* Untabify a recent gssapi_alloc.h changeGreg Hudson2011-10-141-1/+2
| | | | | | Also mark the file as using the krb5 C style. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25343 dc483132-0cff-0310-8789-dd5450dbe970
* Fix gssapi_strdupSam Hartman2011-10-141-7/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25342 dc483132-0cff-0310-8789-dd5450dbe970
* gssalloc memory management for gss_buffer_setSam Hartman2011-10-143-9/+26
| | | | | | | | compiles, but untested Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25341 dc483132-0cff-0310-8789-dd5450dbe970
* Use gssalloc memory management where appropriateSam Hartman2011-10-1416-65/+66
| | | | | | | | | | gss_buffer_t may be freed in a different module from where they are allocated so it is not safe to use strdup/malloc/calloc/free. similarly, gss_OID_set need to use gssalloc functions. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25332 dc483132-0cff-0310-8789-dd5450dbe970
* Utility functions to move allocations from k5buf/krb5_data to gss_buffer_tSam Hartman2011-10-142-1/+66
| | | | | | | | | | | | On Unix, these simply move the buffer pointer, but on windows they need to reallocated with gssalloc_malloc and coied since the gss_buffer_t may need to be freed in a separate module with potentially mismatched c runtime. Also fix a mismatched parameter warning in generic_gss_copy_oid_set(). Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25331 dc483132-0cff-0310-8789-dd5450dbe970
* Add new header gssapi_alloc.hSam Hartman2011-10-143-1/+67
| | | | | | | | | | | | | | | Contains allocator methods for use with mechanisms and mechglues for allocations that must be made in one module but freed in another. On windows, an allocation made in one module cannot safely be freed in another using the usual c runtime malloc/free; runtime dll mismatch will cause heap corruption in that case. But it is safe to instead directly use HeapAlloc()/HeapFree() specifying the default process heap. For now, this header is not public. If it becomes public strncpy will need to be used instead of strlcpy. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25330 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify gss_indicate_mechs() by using generic_gss_copy_oid_setSam Hartman2011-10-141-52/+3
| | | | | | | | | ...instead of hand-duplicating all the logic therein. Also makes the switch to using gssalloc functions with oid_sets easier. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25329 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in make_gss_checksumGreg Hudson2011-10-071-0/+1
| | | | | | | | | | From greg.mcclement@sap.com. ticket: 6972 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25323 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize localname on error in gss_localnameGreg Hudson2011-10-061-4/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25316 dc483132-0cff-0310-8789-dd5450dbe970
* gss_unwrap_iov crashes with stream buffers for 3des, des, rc4Sam Hartman2011-10-051-1/+5
| | | | | | | | | | | | | | Use correct key to determine enctype for KG2 tokens in kg_unseal_stream_iov Tested with AES for a new enctype and 3DES for an old enctype. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 6970 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25309 dc483132-0cff-0310-8789-dd5450dbe970
* Windows fixes: remove unreferenced; use sizeof to compute array sizeSam Hartman2011-09-281-2/+1
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25272 dc483132-0cff-0310-8789-dd5450dbe970
* Windows fixes: add KRB5_CALLCONV where neededSam Hartman2011-09-281-1/+1
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25269 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2011-09-213-77/+80
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25224 dc483132-0cff-0310-8789-dd5450dbe970
* * New implementation to map a gss name to localnameSam Hartman2011-09-216-75/+106
| | | | | | | | | | | | | | | | * Write gss_pname_to_uid in terms of gss_localname; suppress on win32 * Add test for gss_pname_to_uid indirectly testing gss_localname * gss_localname is the SPI, not gss_pname_to_uid * fix some const gss_OID->gss_const_oid Signed-off-by: Sam Hartman <hartmans@painless-security.com> gss_localname: map gss name to localname git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25222 dc483132-0cff-0310-8789-dd5450dbe970
* Formatting fixesGreg Hudson2011-09-191-203/+219
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25209 dc483132-0cff-0310-8789-dd5450dbe970
* __func__ -> __FUNCTION__ in #ifdef DEBUG blocks in util_errmap.cSam Hartman2011-09-191-2/+2
| | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25200 dc483132-0cff-0310-8789-dd5450dbe970
* On Windows, parse mechanism info from Registry instead of mech fileSam Hartman2011-09-191-169/+351
| | | | | | | | | | | Currently the code parses @sysconfdir@/gss/mech as a set of GSS mechanisms to dynamically load. On Windows this should come from the registry. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25198 dc483132-0cff-0310-8789-dd5450dbe970
* Fix several bugs in gss-krb5 inq_credGreg Hudson2011-09-061-8/+9
| | | | | | | | | cred could be used uninitialized if krb5_timeofday() failed. defcred had the wrong type. kg_cred_resolve() should be used instead of krb5_gss_validate_cred() to do delayed name/ccache resolution and get a lock. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25164 dc483132-0cff-0310-8789-dd5450dbe970
* Make gss-krb5 use cache collectionGreg Hudson2011-09-056-83/+149
| | | | | | | | | | | | | | | | For default credentials, defer ccache resolution until we need the information. If this happens in init_sec_context when we have the target principal in hand, use krb5_cc_select() to pick a cache. If the target principal is not known, use the default cache. For credentials with a specified principal, use krb5_cc_cache_match() to find the cache. If no cache is found and a password is specified, create a new cache within the collection to hold the new credentials, if the default cache type supports a collection. ticket: 6958 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25160 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor gss-krb5 acquire_init_credGreg Hudson2011-09-051-224/+237
| | | | | | | | These changes have no functional impact, but will allow the GSSAPI changes for credential selection to be made with a minimum of code movement. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25159 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the mechglue union cred auxinfo fieldGreg Hudson2011-09-058-242/+65
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25152 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-0410-33/+30
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* Fix style issues in r25087Greg Hudson2011-08-2937-297/+289
| | | | | | | | | | | * Function names should be at the beginning of lines in definitions. * Changes should not create lines >79 characters. * Continuation lines should align after left parens when appropriate. Also, krb5_gss_accept_sec_context_ext and acquire_accept_cred are not gss mechanism functions and should not have been tagged. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25116 dc483132-0cff-0310-8789-dd5450dbe970
* Fix call to gss_inquire_cred from spnego_gss_acquire_cred_impersonate_nameGreg Hudson2011-08-111-13/+11
| | | | | | | | | | | If desired_mechs is NULL (this should never happen when invoked from the MIT mechglue), we call gss_inquire_cred to get a list of mechs. This call needs to pass a union cred handle, not the SPNEGO handle we got as input. Reported by aberry@likewise.com. ticket: 6945 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25098 dc483132-0cff-0310-8789-dd5450dbe970
* Fix major status handling in gss_acquire_credGreg Hudson2011-08-111-0/+1
| | | | | | | | | | | If we have at least one cred element after the mech loop, reset major before continuing on, or we could mistakenly return a failure status from the last mech (and free the returned creds). Reported by aberry@likewise.com. ticket: 6944 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25097 dc483132-0cff-0310-8789-dd5450dbe970
* Correctly dereference cred_handle when assigning to spcred inGreg Hudson2011-08-111-1/+1
| | | | | | | | | | spnego_gss_set_cred_option. Reported by aberry@likewise.com. ticket: 6943 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25096 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2011-08-093-93/+1
| | | | | | Also remove the erroneously added gssapi_err_krb5 error table sources. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25091 dc483132-0cff-0310-8789-dd5450dbe970
* call gssint_mecherrmap_init() from gssint_mechglue_init()Sam Hartman2011-08-091-0/+1
| | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25090 dc483132-0cff-0310-8789-dd5450dbe970
* Use KRB5_CALLCONV for all gss mechanism functions. Also wrap #include ↵Sam Hartman2011-08-0943-269/+365
| | | | | | | | | <unistd.h> with #ifdef HAVE_UNISTD_H in g_authorize_localname.c Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25087 dc483132-0cff-0310-8789-dd5450dbe970
* Add 'const' to fix mismatched parameter warningsSam Hartman2011-08-092-2/+2
| | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25085 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up the lock in gss_krb5int_import_credGreg Hudson2011-07-231-12/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25040 dc483132-0cff-0310-8789-dd5450dbe970
* Fix gss_set_cred_option cred creation with no nameGreg Hudson2011-07-221-6/+8
| | | | | | | | | | | When creating a cred in the mechglue with gss_acquire_cred, the mechanism is allowed to return no name from gss_inquire_cred. But in the analagous operation in gss_set_cred_option, that would result in an error from gss_display_name. Make the call to gss_display_name conditional on the mechanism name being set. Reported by Andrew Bartlett. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25037 dc483132-0cff-0310-8789-dd5450dbe970
* Fix name initialization in gss_krb5int_import_credGreg Hudson2011-07-201-0/+6
| | | | | | | | If we're going to fake up a name, we have to initialize its lock. It might be better to use kg_init_name(), but we don't have a context on hand. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25030 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak of accprinc in kg_accept_krb5()Greg Hudson2011-07-201-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25029 dc483132-0cff-0310-8789-dd5450dbe970
* make dependEzra Peisach2011-07-013-70/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25007 dc483132-0cff-0310-8789-dd5450dbe970
* ANSIfy the remaining K&R functions in lib/gssapi/genericGreg Hudson2011-06-132-26/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24968 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-104-89/+90
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Kernel subsetGreg Hudson2011-05-091-0/+5
| | | | | | | | | | | Add a directory containing a "kernel subset" (context import and message functions only) of the gss-krb5 library, with a test framework to exercise the functionality and indicate when unknown dependencies creep in. ticket: 6909 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24921 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid calling gss_release_buffer() from the message-processing codeGreg Hudson2011-05-092-15/+6
| | | | | | in lib/gssapi/krb5. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24919 dc483132-0cff-0310-8789-dd5450dbe970
* Use internal crypto functions directly from util_crypt.c, avoiding aGreg Hudson2011-05-091-17/+4
| | | | | | dependency on the accessor. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24918 dc483132-0cff-0310-8789-dd5450dbe970
* Delete sec context properly in gss_krb5_export_lucid_sec_contextGreg Hudson2011-05-091-1/+1
| | | | | | | | | | | | | Since r21690, gss_krb5_export_lucid_sec_context() has been passing a union context to krb5_gss_delete_sec_context(), causing a crash as the krb5 routine attempts to interpret a union context structure as a krb5 GSS context. Call the mechglue gss_delete_sec_context instead. ticket: 6908 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24917 dc483132-0cff-0310-8789-dd5450dbe970
* The MIT krb5 and Heimdal implementations ofGreg Hudson2011-04-271-23/+6
| | | | | | | | | | | | | gss_krb5_export_lucid_sec_context error on version arguments other than 1, so the version negotiation described in the function documentation would not be backward-compatible. Change the docs so that the caller can assume the returned structure is of the requested version, but the caller will be responsible for retrying with lower version numbers on error. (Unfortunately, Heimdal and MIT return different error codes, and MIT's is in a currently-unpublished header, so we can't document the error code for unknown versions.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24903 dc483132-0cff-0310-8789-dd5450dbe970
* Correctly set the expiration field of impersonated credentials inGreg Hudson2011-04-251-1/+1
| | | | | | | | | kg_compose_deleg_cred(), so we can find them in the cache in init_sec_context. From aberry@likewise.com. ticket: 6902 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24900 dc483132-0cff-0310-8789-dd5450dbe970
* Remove kg_map_toktype(), as the call sites were removed in r21742Greg Hudson2011-04-212-28/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24892 dc483132-0cff-0310-8789-dd5450dbe970
* Handle null OID values in gss_oid_equal()Greg Hudson2011-04-161-0/+3
| | | | | | ticket: 6890 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24885 dc483132-0cff-0310-8789-dd5450dbe970
* Check mech_type as well as mech_name in gssint_import_internal_name(),Greg Hudson2011-04-161-1/+2
| | | | | | | | for the sake of static analyzers. (Also, since this is an internal function, it can be called on a half-constructed MN; checking the type alone would be insufficient.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24884 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a code path where mech could be used uninitialized inGreg Hudson2011-04-161-1/+1
| | | | | | | | gss_accept_sec_context after r24645. ticket: 6813 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24883 dc483132-0cff-0310-8789-dd5450dbe970
* Remove pointer validation code from the gss krb5 mechGreg Hudson2011-04-1335-809/+35
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24877 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_gss_display_status, correct the sense of theGreg Hudson2011-04-121-5/+6
| | | | | | | | | g_make_string_buffer test, and return GSS_S_FAILURE if it fails. Reported by snambakam@likewise.com. ticket: 6898 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24876 dc483132-0cff-0310-8789-dd5450dbe970
* Shuffle around some gss-krb5 entry points to eliminate four mostlyGreg Hudson2011-04-119-301/+171
| | | | | | | content-free source files and better separate IOV stuff from non-IOV stuff. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24874 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 12:51:11 +0000