summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi
Commit message (Collapse)AuthorAgeFilesLines
...
* Add 64-bit sequence number support. Do sequence number ordering tests relativeKen Raeburn2003-12-1315-290/+932
| | | | | | | | | | | | | to the initial value rather than absolute. Support tokens without pseudo-ASN.1 wrappers. Don't restrict enctype lists. Implement CFX token support. With CFX_EXERCISE defined, use random padding, random rotates, and bogus initial tokens, to exercise the associated code paths. ticket: 2040 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15911 dc483132-0cff-0310-8789-dd5450dbe970
* Added kg_sync_ccache_name(), kg_get_ccache_name, and kg_set_ccache_name() ↵Alexandra Ellwood2003-12-115-33/+177
| | | | | | | | and rewrote gss_krb5_ccache_name() and added a call to kg_sync_ccache_name() to acquire_init_cred() to fix a bug where on systems with multiple ccaches that GSSAPI gets stuck on the ccache that was default when it launched ticket: 2060 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15879 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_gss_register_acceptor_identity does not allocate enough memory for ↵Ezra Peisach2003-07-192-1/+6
| | | | | | | | | | | | | | | | cached keytab * acquire_cred.c (krb5_gss_register_acceptor_identity): Allocate enough memory to include the null at the end of the keytab char *. Essentially off by one error. ticket: new target_version: 1.3.1 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15699 dc483132-0cff-0310-8789-dd5450dbe970
* Remove kg_release_defcred and caching of default credential. RewriteTom Yu2003-07-179-479/+625
| | | | | | | | | | | | krb5_gss_init_sec_context() while we're at it to make defcred-related changes easier, and as a side effect, fix some error condition memory leaks. ticket: 1365 target_version: 1.3.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15694 dc483132-0cff-0310-8789-dd5450dbe970
* delete ##WIN16## lines from makefilesKen Raeburn2003-07-174-2/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15691 dc483132-0cff-0310-8789-dd5450dbe970
* * accept_sec_context.c (krb5_gss_accept_sec_context): CallTom Yu2003-07-152-4/+9
| | | | | | | | | | TREAD_STR with correct arguments. Patch from Emily Ratliff. ticket: 1015 tags: pullup target_version: 1.3.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15687 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (acquire_init_cred): Close the ccache ifTom Yu2003-07-102-0/+8
| | | | | | | | | | | krb5_cc_set_flags() fails, as krb5int_cc_default succeeds even if the file is not there, but krb5_cc_set_flags will fail in turning off OPENCLOSE mode if the file can't be opened. Thanks to Kent Wu. ticket: 1656 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15680 dc483132-0cff-0310-8789-dd5450dbe970
* libgss leaks, UMRsTom Yu2003-06-133-0/+9
| | | | | | | | | | | | | | | | | | * init_sec_context.c (krb5_gss_init_sec_context): Free default_enctypes to avoid leaking returned value from krb5_get_tgs_ktypes. * k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if token.length == 0, to avoid spurious uninitialized memory references when calling memcpy() with a zero length. ticket: new target_version: 1.3 tags: pullup component: krb5-libs cc: Kent_Wu@trendmicro.com git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15619 dc483132-0cff-0310-8789-dd5450dbe970
* make_ap_req_v1 leaks memoryTom Yu2003-06-132-0/+7
| | | | | | | | | | | | * init_sec_context.c (make_ap_req_v1): Free checksum_data if needed, to avoid leaking memory. Found by Kent Wu. ticket: new target_version: 1.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15618 dc483132-0cff-0310-8789-dd5450dbe970
* make-depend updatesKen Raeburn2003-05-241-17/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15490 dc483132-0cff-0310-8789-dd5450dbe970
* Be more friendly towards parallel buildsKen Raeburn2003-05-142-5/+17
| | | | | | | | | | * Makefile.in ($(EHDRDIR)$(S)timestamp): New target, used for ensuring $(EHDRDIR) exists. (clean-unix): Delete the dummy file. ($(EHDRDIR)$(S)gssapi.h): Depend on it, instead of creating the directory here. ($(EHDRDIR)$(S)gssapi_generic.h): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15443 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.h: Remove check for GSS_RFC_COMPLIANT_OIDSTom Yu2003-05-132-3/+4
| | | | | | | | | ticket: 1482 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15429 dc483132-0cff-0310-8789-dd5450dbe970
* Rename the local_subkey and remote_subkey fields in the auth_contextTom Yu2003-05-103-6/+14
| | | | | | | | | | | | | | | | | to send_subkey and recv_subkey, respectively. Add new APIs to query and set these fields. Change the behavior of mk_req_ext, rd_req_dec, and rd_rep to set both subkeys. Applications wanting to set unidirectional subkeys may still do so by saving the values of subkeys and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the send_subkey. ticket: 1415 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
* Do not claim GSS_C_PROT_READY_FLAG since we don't support itSam Hartman2003-03-144-1/+14
| | | | | | | | | | | | | Our code does not currently support GSS_C_PROT_READY_FLAG so only return that flag after context establishment. A potential future addition is to support that flag and return GAP_TOKEN if the initiator processes a message token before the final context token. Ticket: 1352 Tags: pullup Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15280 dc483132-0cff-0310-8789-dd5450dbe970
* Yet another attempt at cross-directory dependencies. Seems to fix the parallelKen Raeburn2003-03-082-8/+46
| | | | | | | | | | | build, and hasn't broken the out-of-date case so far as I can tell, so far... Added a bunch of comments describing the cases that need to be handled. * Makefile.in ($(BUILDTOP)/include/gssapi/gssapi.h, generic/gssapi.h, generic/gssapi_err_generic.h, krb5/gssapi_err_krb5.h): Comment out old rules and dependencies; depend on all-recurse and supply a no-op rule. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15270 dc483132-0cff-0310-8789-dd5450dbe970
* * gss_libinit.c: Changed USE_HARDCODED_FALLBACK_ERROR_TABLES macro to ↵Alexandra Ellwood2003-03-072-2/+8
| | | | | | !USE_BUNDLE_ERROR_STRINGS so Darwin based builds get com_err style error tables git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15266 dc483132-0cff-0310-8789-dd5450dbe970
* * disp_status.c, gssapi_krb5.h, gssapiP_krb5.h: Removed Mac header gooberAlexandra Ellwood2003-03-064-20/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15253 dc483132-0cff-0310-8789-dd5450dbe970
* * disp_com_err_status.c, gssapi_generic.h: Removed Mac header goober. * ↵Alexandra Ellwood2003-03-065-19/+12
| | | | | | gssapiP_generic.h, gssapi.hin: Removed macintosh check because we don't build on OS 9 anymore. * gssapi.hin: Removed enumsalwaysint because there are no typed enums in this header. Removed duplicate CFM-68K magic git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15252 dc483132-0cff-0310-8789-dd5450dbe970
* * gss_libinit.c: Removed Mac header goober. Fixed ↵Alexandra Ellwood2003-03-063-8/+13
| | | | | | USE_HARDCODED_FALLBACK_ERROR_TABLES macro used by KfM. * gss_libinit.h: do not use the same multiple include protection macro as krb5_libinit.h. Changed to GSSAPI_LIBINIT_H git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15251 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (krb5_gss_register_acceptor_identity): NewTom Yu2003-03-063-19/+61
| | | | | | | | | | | | function. Allows global override of default keytab for gss_acquire_cred() purposes. (acquire_accept_cred): Implement override. * gssapi_krb5.h: Add krb5_gss_register_acceptor_identity. ticket: 880 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15236 dc483132-0cff-0310-8789-dd5450dbe970
* Do not expect sequence number in encrypted krb_credSam Hartman2003-03-042-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15219 dc483132-0cff-0310-8789-dd5450dbe970
* GSS_C_NO_CREDENTIAL should accept any principalSam Hartman2003-03-045-40/+62
| | | | | | | | | | | | | | | | If a context is accepted with GSS_C_NO_CREDENTIAL or if a credential is acquired with GSS_C_NO_NAME as the acceptor name then allow any principal in the keytab to be used as the acceptor name. This means that gss_inquire_cred can return GSS_C_NO_NAME from a credential. ticket: new Tags: enhancement cc: nicolas.williams@sun.com cc: krbdev@mit.edu git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15218 dc483132-0cff-0310-8789-dd5450dbe970
* Use com_err_deplib rather than an explicit path so we do not have ourSam Hartman2003-03-021-1/+1
| | | | | | | shared libraries depend at a make level on com_err if we use the system com_err library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15212 dc483132-0cff-0310-8789-dd5450dbe970
* There isn't really a point to validating cred_handle if it was justTom Yu2003-03-012-6/+11
| | | | | | | | | | | | acquired by acquire_cred(), so instead of the suggested patch, validate verifier_cred_handle only if we didn't acquire_cred(). * accept_sec_context.c (krb5_gss_accept_sec_context): Don't validate verifier_cred_handle if GSS_C_NO_CREDENTIAL is passed in. ticket: 1356 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15211 dc483132-0cff-0310-8789-dd5450dbe970
* Thanks, similar patch appliedTom Yu2003-02-252-6/+52
| | | | | | | | | * set_ccache.c (gss_krb5_ccache_name): Don't return a pointer to freed memory. ticket: 1346 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15205 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_get_defcred): Revert previous; it's probablyTom Yu2003-02-243-32/+34
| | | | | | | | | | | | | | not appropriate for inquire_cred() to cause new credentials to be fetched. * init_sec_context.c (krb5_gss_init_sec_context): Explicitly release default cred in the NO_CREDENTIAL case, so it is always refreshed. ticket: 1305 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15201 dc483132-0cff-0310-8789-dd5450dbe970
* This should fix things, but I don't have an easy way to testTom Yu2003-02-212-15/+37
| | | | | | | | | | * gssapi_krb5.c (kg_get_defcred): Check for invalid or expired defcred if it exists, and call acquire_cred() again if necessary. ticket: 1305 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15199 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in ($(GSSAPI_KRB5_HDR)): Use $(S) to avoid problems onTom Yu2003-02-142-1/+6
| | | | | | windows. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15189 dc483132-0cff-0310-8789-dd5450dbe970
* Oops, add $(GSSAPI_KRB5_HDR) to all-unixTom Yu2003-02-132-2/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15186 dc483132-0cff-0310-8789-dd5450dbe970
* More tweaks to deal with parallel buildsTom Yu2003-02-134-28/+32
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15185 dc483132-0cff-0310-8789-dd5450dbe970
* Fix recursion-forcing rules to be more friendly to parallel buildsTom Yu2003-02-114-2/+24
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15179 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in: Another attempt... turns our that the "copy"Tom Yu2003-02-112-8/+15
| | | | | | | | command on Windows preserves modtimes, so spurious rebuilds were happening even with the stamp file, since the target in $(EHDRDIR) is always out of date with respect to the stamp file. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15178 dc483132-0cff-0310-8789-dd5450dbe970
* Fix some things to avoid spurious rebuilds of header filesTom Yu2003-02-114-13/+28
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15177 dc483132-0cff-0310-8789-dd5450dbe970
* Have g_token_size return unsigned int for signed/unsigned cleanupEzra Peisach2003-02-095-4/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15171 dc483132-0cff-0310-8789-dd5450dbe970
* Use new target create-ehdrdir, defined differently for UNIX and WIN32, toKen Raeburn2003-01-172-6/+11
| | | | | | | conditionally create the target directory $(EHDRDIR) if needed, before copying files into it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15128 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in ($(EHDRDIR)$(S)gssapi.h): Depend on includes-unix, to make sureKen Raeburn2003-01-172-2/+9
| | | | | | | the directory is created before installation of the file. ($(EHDRDIR)$(S)gssapi_generic.h): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15125 dc483132-0cff-0310-8789-dd5450dbe970
* Search for ar, ranlib, install in KRB5_BUILD_LIBRARY* macros rather thanKen Raeburn2003-01-102-6/+3
| | | | | | explicitly in directories using those macros. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15111 dc483132-0cff-0310-8789-dd5450dbe970
* Use markers in Makefile.in rather than rules in configure.in to indicate whenKen Raeburn2003-01-107-4/+26
| | | | | | | | to use the lib.in and libobj.in makefile fragments. Pushing this per-directory info into Makefile.in will make it a little easier to work on combining configure scripts for multiple directories. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15107 dc483132-0cff-0310-8789-dd5450dbe970
* For new encryption types and for RC4, encrypt the krb_cred message inSam Hartman2003-01-082-51/+93
| | | | | | | | | | the initial gssapi token if credentials are being delegated. For consistency with Microsoft, we encrypt the credentials using the session key not the subsession key. Ticket: 1054 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15091 dc483132-0cff-0310-8789-dd5450dbe970
* Nuke some old .orig filesKen Raeburn2003-01-086-197/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15089 dc483132-0cff-0310-8789-dd5450dbe970
* 2002-12-05 Sam Hartman <hartmans@mit.edu>Sam Hartman2002-12-062-23/+28
| | | | | | | | | * util_token.c (g_verify_token_header g_make_token_header): Accept -1 to mean that no token type is expected; the token type is purely an RFC 1964 artifact and is not used in other mechanisms such as SPNEGO. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15029 dc483132-0cff-0310-8789-dd5450dbe970
* * accept_sec_context.c (krb5_gss_accept_sec_context): Use unsignedEzra Peisach2002-11-158-12/+31
| | | | | | | | | | | | | | | | | | | lengths for arguments to g_token_size and g_make_token_header. * export_name.c (krb5_gss_export_name): Change local length variable to unsigned. * k5unseal.c (kg_unseal_v1): Seqnum variable changed from krb5_int32 to krb5_ui_4. * k5seal.c (make_seal_token_v1): Change seqnum argument to krb5_ui_4 from krb5_int32 to match krb5_gss_ctx_id_rec struct. * gssapiP_krb5.h, util_crypt.c, util_seqnum.c: kg_make_seq_num(), kg_get_seq_num() changed to use krb5_ui_4 for sequence numbers. kg_encrypt(), kg_decrypt() length argument now unsigned. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15007 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapiP_generic.h, util_token.c: Change g_make_token_header andEzra Peisach2002-11-153-5/+12
| | | | | | g_verfy_token_header to take an unsigned length in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15006 dc483132-0cff-0310-8789-dd5450dbe970
* Implement an install-headers target to install public headers into KRB5_INCDIR;Sam Hartman2002-10-074-2/+10
| | | | | | | | probably called by setting DESTDIR. ticket: 1208 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14912 dc483132-0cff-0310-8789-dd5450dbe970
* Add some dependencies on phony build targets to help with cross-directory ↵Ken Raeburn2002-09-242-0/+7
| | | | | | dependencies git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14897 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in: Revert $(S)=>/ change, for Windows supportKen Raeburn2002-08-298-15/+31
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14786 dc483132-0cff-0310-8789-dd5450dbe970
* Ignore a bunch of files generated by building in the source tree, excludingKen Raeburn2002-08-292-0/+5
| | | | | | | those covered by CVSROOT/cvsignore patterns. Static UNIX build only, at the moment, may need updates for other configurations. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14783 dc483132-0cff-0310-8789-dd5450dbe970
* undo quoting changesKen Raeburn2002-08-272-10/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14779 dc483132-0cff-0310-8789-dd5450dbe970
* more quotingKen Raeburn2002-08-272-4/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14778 dc483132-0cff-0310-8789-dd5450dbe970
* Quote targets of some copy operations within the build tree. NeededKen Raeburn2002-08-274-3/+12
| | | | | | | now for Windows since we use "/" as a directory separator in places where Windows would also look for command options. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14776 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-30 09:22:14 +0000