aboutsummaryrefslogtreecommitdiff
path: root/src/lib/gssapi/generic/gssapi_ext.h
AgeCommit message (Collapse)AuthorFilesLines
2023-04-10Add GSS_C_INQ_ODBC_SESSION_KEYGreg Hudson1-0/+7
The Oracle database wire protocol contains a cipher reinitialization operation using the ticket session key. Add a query operation (similar to GSS_C_INQ_SSPI_SESSION_KEY) to retrieve the ticket session key rather than the subkey. ticket: 9091 (new)
2020-05-20Implement GSS_C_CHANNEL_BOUND_FLAGAlexander Scheel1-0/+2
Define a new channel-bound GSS return flag, and set it in the krb5 mech if the initiator sent channel bindings matching the acceptor's. Do not error out if the acceptor specifies channel bindings and the initiator does not send them. [ghudson@mit.edu: simplified code changes; fleshed out commit message] [iboukris: cherry-picked from another PR and reduced in scope] ticket: 8899 (new)
2019-12-06Implement NegoExLuke Howard1-0/+45
Implement draft-zhu-negoex. Mechanisms supporting the NegoEx GSS extensions will be negotiated only through NegoEx, unless they assert the GSS_C_MA_NEGOEX_AND_SPNEGO mech attribute, in which case they may also be negotiated directly via SPNEGO. ticket: 8851
2019-07-11Fix typosAntoine Cœur1-1/+1
2018-02-15Fix grouping of GGF extensions in gssapi_ext.hRobbie Harwood1-12/+19
Move gss_import/export_cred to be with the rest of the GGF extensions and mark them as using Heimdal's signatures. Also add clarifying comments that gss_set_cred_option and gssspi_mech_invoke are not part of the GGF extensions.
2017-04-10Add support to query the SSF of a GSS contextSimo Sorce1-0/+11
Cyrus SASL provides a Security Strength Factor number to assess the relative "strength" of the negotiated mechanism, and applications sometimes make access control decisions based on it. Add a call that allows us to query the mechanism that established the GSS security context to ask what is the current SSF, based on the enctype of the session key. ticket: 8569 (new)
2013-09-18Add GSSAPI IOV MIC functionsGreg Hudson1-0/+41
Add gss_get_mic_iov, gss_get_mic_iov_length, and gss_verify_mic_iov functions, which work similarly to the corresponding IOV wrap functions. Add a new buffer type GSS_IOV_BUFFER_TYPE_MIC_TOKEN for the destination buffer. Most of the internal code for this was already present, and just needed to be fixed up and adjusted to use the new buffer type for the MIC token. ticket: 7705 (new)
2012-09-11Introduce gss_export_cred and gss_import_credGreg Hudson1-0/+12
Add gss_export_cred and gss_import_cred mechglue functions to serialize and unserialize GSSAPI credential handles. Mechanism implementations and tests will follow. ticket: 7354 (new)
2012-08-31Add support for GSS_C_NT_COMPOSITE_EXPORTLuke Howard1-0/+1
ticket: 7347 (new)
2012-07-20Introduce credential store extensionsSimo Sorce1-0/+56
Add new APIs gss_acquire_cred_from, gss_add_cred_from, and gss_store_cred_into, which take additional argments to specify the location of the credential storage using a key-value map, where keys are interpreted by the mechanisms. ticket: 7217 (new)
2012-03-27Fix up gssapi_ext.h Doxygen markup somewhatGreg Hudson1-8/+10
* Bring formatting for gss_userok and gss_authorize_localname into conformance. * Bring parameter markup for gss_localname into conformance. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25790 dc483132-0cff-0310-8789-dd5450dbe970
2011-09-21WhitespaceGreg Hudson1-11/+12
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25224 dc483132-0cff-0310-8789-dd5450dbe970
2011-09-21* New implementation to map a gss name to localnameSam Hartman1-0/+19
* Write gss_pname_to_uid in terms of gss_localname; suppress on win32 * Add test for gss_pname_to_uid indirectly testing gss_localname * gss_localname is the SPI, not gss_pname_to_uid * fix some const gss_OID->gss_const_oid Signed-off-by: Sam Hartman <hartmans@painless-security.com> gss_localname: map gss name to localname git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25222 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-10Add Doxygen markup for gss_userok() and gss_authorize_localname()Greg Hudson1-0/+29
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24870 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-10Implement gss_authorize_localname, as discussed on the kitten list,Greg Hudson1-4/+7
and make gss_userok a wrapper around it matching the Gnu GSS prototype. The SPI for gss_authorize_localname doesn't match the API since we have no way of representing the contents of an internal name to a mech at the moment. From r24855, r24857, r24858, r24862, r24863, r24864, r24866, r24867, and r24868 in users/lhoward/moonshot-mechglue-fixes. ticket: 6891 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24869 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-04Add gss_userok and gss_pname_to_uidGreg Hudson1-11/+14
Resurrect gss_userok and gss_pname_to_uid in the mechglue. Add krb5 mech implementations using krb5_kuserok and krb5_aname_to_localname, as well as mechanism-independent implementations based on name attributes. From r24710, r24715, r24717, r24731, r24732, r24733, r24734, r24735, r24747, r24816, and r24819 in users/lhoward/moonshot-mechglue-fixes, with minor edits. ticket: 6891 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24836 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-03Use RFC 5587 const types for draft-josefsson-gss-capsulate APIsLuke Howard1-7/+7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24821 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-01Implement draft-josefsson-gss-capsulateGreg Hudson1-0/+21
Add gss_encapsulate_token(), gss_decapsulate_token(), and gss_oid_equal() APIs, which are already present in Heimdal and Shishi. From r24737, r24738, and r24740 in users/lhoward/moonshot-mechglue-fixes. ticket: 6890 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24780 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-09Adjust most C source files to match the new standards for copyrightGreg Hudson1-1/+0
and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
2010-09-27Add gss_krb5_import_credGreg Hudson1-3/+2
Add gss_krb5_import_cred from Heimdal; allows krb5 creds to be acquired from a keytab or ccache into a GSSAPI credential without using global process or thread variables. Merged from the users/lhoward/import-cred branch. ticket: 6785 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24356 dc483132-0cff-0310-8789-dd5450dbe970
2010-04-30Add IAKERB mechanism and gss_acquire_cred_with_passwordGreg Hudson1-0/+27
Merge branches/iakerb to trunk. Includes the following: * New IAKERB mechanism. * New gss_acquire_cred_with_password mechglue function. * ASN.1 encoders and decoders for IAKERB structures (with tests). * New shortcuts in gss-sample client and server. * Tests to exercise SPNEGO and IAKERB using gss-sample application. ticket: 6712 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23960 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-09Implement GSS naming extensions and authdata verificationGreg Hudson1-1/+74
Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming extensions and verification of authorization data. ticket: 6572 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
2009-09-13Implement s4u extensionsGreg Hudson1-0/+31
Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-03Merge mskrb-integ onto trunkSam Hartman1-0/+261
The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-08-16 23:31:36 +0000