Age | Commit message (Collapse) | Author | Files | Lines |
|
usage, because ISO C apparently forbids empty array initializers
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23002 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming
extensions and verification of authorization data.
ticket: 6572
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22779 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self
and S4U2Proxy extensions.
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
|
|
to allow finer-grained testing.
ticket: 6487
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22352 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21779 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21778 dc483132-0cff-0310-8789-dd5450dbe970
|
|
after setting up an array with no elements.
ifdef out array declarations and code that uses it until there are entries.
Affects: krb5_gss_inquire_cred_by_oid_ops and
krb5_gss_set_sec_context_option_ops which would return an error in any
case as here are no entries in the arrays.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21740 dc483132-0cff-0310-8789-dd5450dbe970
|
|
These are not standard interfaces, are not used by our tree
and were added because they might be useful but ended up not being used.
The stubs in gssapi.hin remain as they were shipped with previous releases.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21728 dc483132-0cff-0310-8789-dd5450dbe970
|
|
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6200
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20898 dc483132-0cff-0310-8789-dd5450dbe970
|
|
egregious formatting quirks. Add emacs mode settings to flag
untabified source files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20876 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ENOMEM explicitly instead of reading it from errno. This may make
static analysis tools less confused about when we return zero vs
nonzero values.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20313 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Save detailed error messages (usually from the krb5 library) in
per-thread storage, mapping each error code to the most recently
produced message for it. Return the message from display_status.
Currently not implemented for a few cases where the krb5 mechanism
returns a minor status code of 0, or another value different from the
libkrb5 error code.
Other functions are available to store a generic string or formatted
message, but aren't used much at present.
Tested with these errors in context establishment:
* missing ccache (libkrb5 shows pathname if FILE: type)
* missing keytab (libkrb5 shows pathname if FILE: type)
* server principal unknown (libkrb5 shows server principal)
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19672 dc483132-0cff-0310-8789-dd5450dbe970
|
|
and testing the correct thing appears to be to have gss_krb5_ccache_name()
stop gss_acquire_cred() from searching for the desired name in the cache
collection. If the caller sets the ccache name then gss_acquire_cred will only
look in that ccache. Added kg_caller_provided_ccache_name() to tell whether
or not the caller has actually set the ccache. This should fix the problem for
both Mac OS X and Windows.
ticket: 4024
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18343 dc483132-0cff-0310-8789-dd5450dbe970
|
|
mechglue and SPNEGO implementations. Additional changes outside of
src/lib/gssapi:
* src/configure.in: Add lib/gssapi/mechglue and lib/gssapi/spnego
to list of directories to output Makefile in.
* src/lib/rpc/unit-test/rpc_test.0/expire.exp (expired): Update
regexp for mechglue.
* src/tests/dejagnu/krb-standalone/v4gssftp.exp (v4ftp_test):
Update "Miscellaneous failure" regexp for mechglue.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18131 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_gss_init_context to calls to krb5_gss_init_context.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18015 dc483132-0cff-0310-8789-dd5450dbe970
|
|
(kg_sync_ccache_name, kg_get_ccache_name, kg_set_ccache_name): Get and set
thread-specific values instead.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16632 dc483132-0cff-0310-8789-dd5450dbe970
|
|
in the local-context case. Check for errors in making the copy.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16628 dc483132-0cff-0310-8789-dd5450dbe970
|
|
because calling krb5_free_context will destroy it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16627 dc483132-0cff-0310-8789-dd5450dbe970
|
|
*think* I've gotten all the places where a ccache or keytab name that's been
stored gets applied to whichever context needs it.
* gssapi_krb5.c (kg_sync_ccache_name): Add context argument instead of calling
kg_get_context.
(kg_get_ccache_name): Use a locally created krb5 context instead of calling
kg_get_context.
(kg_get_context): Deleted.
* acquire_cred.c (acquire_init_cred): Pass current context.
(krb5_gss_acquire_cred): Use a locally created krb5 context instead of calling
kg_get_context.
* add_cred.c (krb5_gss_add_cred): Call kg_sync_ccache_name.
* init_sec_context.c (krb5_gss_init_sec_context): Likewise.
* gssapiP_krb5.h (kg_sync_ccache_name): Update prototype.
(kg_get_context): Delete declaration.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16597 dc483132-0cff-0310-8789-dd5450dbe970
|
|
be 0.
(kg_set_ccache_name): Likewise. Return after an error rather than continuing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16267 dc483132-0cff-0310-8789-dd5450dbe970
|
|
instead of requiring it be passed in as an argument.
* k5unseal.c (kg_unseal): Likewise.
* gssapiP_krb5.h (kg_seal, kg_unseal): Declarations updated.
* delete_sec_context.c, process_context_token.c, seal.c, sign.c, unseal.c,
verify.c: Callers changed.
* inq_context.c (krb5_gss_inquire_context): Use krb5 context contained in
security context instead of calling kg_get_context.
* wrap_size_limit.c (krb5_gss_wrap_size_limit): Likewise.
* import_sec_context.c (krb5_gss_ser_init): New function.
(krb5_gss_import_sec_context): Create a krb5 context locally to use for the
import.
* export_sec_context.c (krb5_gss_export_sec_context): Use the krb5 context in
the security context.
* gssapiP_krb5.h (krb5_gss_ser_init): Declare.
* gssapi_krb5.c (kg_get_context): Don't call krb5 serialization initialization
code here.
* accept_sec_context.c (krb5_gss_accept_sec_context): Free the new krb5 context
in an error case not caught before.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16171 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* generic/gssapiP_generic.h (g_set): New struct type.
(G_SET_INIT): New macro.
* generic/util_validate.c (g_save, g_validate, g_delete): Change first argument
to take a g_set * rather than void **; use the address of the void pointer from
the structure.
(g_save_name, g_save_cred_id, g_save_ctx_id, g_validate_name,
g_validate_cred_id, g_validate_ctx_id, g_delete_name, g_delete_cred_id,
g_delete_ctx_id): Updated first argument type.
* genericgssapiP_generic.h: Declarations updated.
* krb5/gssapi_krb5.c (kg_vdb): Change type to g_set and initialize.
* krb5/gssapiP_krb5.h (kg_vdb): Declaration updated.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16166 dc483132-0cff-0310-8789-dd5450dbe970
|
|
and rewrote gss_krb5_ccache_name() and added a call to kg_sync_ccache_name() to acquire_init_cred() to fix a bug where on systems with multiple ccaches that GSSAPI gets stuck on the ccache that was default when it launched
ticket: 2060
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15879 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_gss_init_sec_context() while we're at it to make defcred-related
changes easier, and as a side effect, fix some error condition memory
leaks.
ticket: 1365
target_version: 1.3.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15694 dc483132-0cff-0310-8789-dd5450dbe970
|
|
not appropriate for inquire_cred() to cause new credentials to be
fetched.
* init_sec_context.c (krb5_gss_init_sec_context): Explicitly
release default cred in the NO_CREDENTIAL case, so it is always
refreshed.
ticket: 1305
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15201 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* gssapi_krb5.c (kg_get_defcred): Check for invalid or expired
defcred if it exists, and call acquire_cred() again if necessary.
ticket: 1305
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15199 dc483132-0cff-0310-8789-dd5450dbe970
|
|
for the Mac because we can't assume people will include them and
get the OID macro and the old names on the Mac.
* disp_status.c: Updated Mac OS X header paths.
* gssapiP_krb5.h: Updated Mac OS X header paths and added
prototype on Mac.
* gssapi_krb5.h: Updated Mac OS X headers to new framework layout
* gssapi_krb5.h, gssapi_krb5.c: Added oids from rfc 1964 using the
suggested names.
[pullups from 1-2-2-branch]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14646 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14592 dc483132-0cff-0310-8789-dd5450dbe970
|
|
variable.
* util_ctxsetup.c (kg2_parse_token): Fix erroneous assignment in
conditional. (code not used in current tree).
* util_seed.c, util_seqnum.c, util_crypt.c, util_cksum.c: Cleanup
up assignments in conditionals.
* ser_sctx.c (kg_queue_internalize): Get rid of unused variable.
* gssapiP_krb5.h: Renable prototype for krb5_gss_release_oid() as
code is back (since 1996).
* k5unseal.c (kg_unseal_v1): Declare internal function static.
* init_sec_context.c (make_ap_req_v2): Comment out non-referenced
function.
* gssapi_krb5.c: Include k5-int.h for krb5_ser_* prototypes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13241 dc483132-0cff-0310-8789-dd5450dbe970
|
|
all three mechanism ID's recognized by this implementation, with the
RFC1964 OID first (and thus preferred).
import_sec_context.c (krb5_gss_convert_static_mech_oid): Make the old
convert_static_oid() function globally accessible with a namespace
compliant name, since init_sec_context() needs to be able to use this
function.
indicate_mechs.c (krb5_gss_indicate_mechs): Return the v1v2 mechanism
set OID, since we should return all the mechanisms that we support.
init_sec_context.c (krb5_gss_init_sec_context): Make ctx->mech_used
use a static OID, since it is returned by gss_inquire_context which
must return a static OID.
wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix bug where we would
overestimate the size of the allowable input message by one byte,
because we weren't passing the right estimate of the wrapped data to
g_token_size().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11315 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
|
|
accept_sec_context.c (krb5_gss_accept_sec_context): Don't return an
error token if we can't provide the server name to the KRB5 error
structure (because cred isn't initialized).
gssapi_krb5.c, gssapi_krb5.h: Export the oid of static arrays as
krb5_gss_oid_array since it's needed by gss_import_sec_context.
import_sec_context.c: Fix up the OID of the mechanism in the imported
security context so that we use the static OID if at all possible.
This is needed since gss_inquire_context() must return a static OID.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10618 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kg_oid_size): Add a GSSAPI OID magic number to the externalized OID,
so that if the OID is skipped, (it is optional), the serialization
code can resyncronize if necessary.
(kg_queue_internalize, kg_queue_externalize, kg_queue_size): New functions
to externalize the gssapi queue.
(kg_ctx_size, kg_ctx_exteranlize, kg_ctx_import): Changed to include
the mech_used field and to include the auth context.
gssapi_krb5.c (kg_get_context): Add calls to correctly initialize the
serializers needed by import and export sec context.
delete_sec_context.c (krb5_gss_delete_sec_context): Remember to release the
mech_used OID if necessary!
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9213 dc483132-0cff-0310-8789-dd5450dbe970
|
|
bonehead.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9154 dc483132-0cff-0310-8789-dd5450dbe970
|
|
OV_MERGE branches. This includes, but is not limited to, the new openvision
admin system, and major changes to gssapi to add functionality, and bring
the implementation in line with rfc1964. before committing, the
code was built and tested for netbsd and solaris.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8774 dc483132-0cff-0310-8789-dd5450dbe970
|
|
their first argument, instead of a krb5_context. Makes for a cleaner
interface to the mechanism glue layer.
k5mech.c (krb5_gss_initialize): Call name-type/mechanism registration
function so that mechanism glue layer knows whether or not a name
needs to be lazy evaluated or not.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7514 dc483132-0cff-0310-8789-dd5450dbe970
|
|
gssapiP_krb5.h: Remove context and cred from the gssapi security
context, as they aren't needed. kg_seal and kg_unseal now take a
krb5_context argument.
ser_sctx.c (kg_ctx_size, kg_ctx_externalize, kg_ctx_internalize): No
longer serialize the context and cred fields of the gssapi security
context.
krb5_gss_glue.c: Don't rely on the context field of the gssapi
security context. Use kg_context instead.
verify.c (krb5_gss_verify, krb5_gss_verify_mic):
unseal.c (krb5_gss_unwrap, krb5_gss_unseal):
sign.c (krb5_gss_sign, krb5_gss_get_mic):
seal.c (krb5_gss_seal, krb5_gss_wrap):
process_context_token.c (krb5_gss_process_context_token):
k5unseal.c (kg_unseal):
k5seal.c (kg_seal_size): Add a krb5_context argument to this function,
so we don't have to depend on the context field in the gssapi
security context.
init_sec_context.c (krb5_gss_init_sec_context): Don't initialize the
context and cred fields in the gssapi security context. Copy
ctx->subkey to ctx->seq.key, so they are separately allocated.
gssapi_krb5.c (kg_get_context): When initialize kg_context, call
krb5_init_ets() so that the error tables are initialized.
export_sec_context.c (krb5_gss_export_sec_context): Don't depend on
the context field from the gssapi security context. Free
ctx->seq.key.
delete_sec_context.c (krb5_gss_delete_sec_context): kg_seal() now
takes a krb5_context argument. Free ctx->seq.key.
acquire_cred.c (krb5_gss_acquire_cred): Clear the gssapi credential
before setting it, to prevent purify from complaining.
accept_sec_context.c (krb5_gss_accept_sec_context): Remove context and
cred from the gssapi security context. Make sure the ticket is freed
after we're done with it.
import_sec_context.c (krb5_gss_import_sec_context): Don't bash the
input interprocess_token. Otherwise, it can't be freed. Don't
depend on the context field in the gss security context.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6798 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6638 dc483132-0cff-0310-8789-dd5450dbe970
|
|
o removed INTERFACE from non-api functions
o add FAR to pointers visible to the world
o made the tests for __STDC__ also check for _WINDOWS
o creates GSSAPI.DLL & GSSAPI.LIB as per spec.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5354 dc483132-0cff-0310-8789-dd5450dbe970
|
|
windows INTERFACE keyword to functions. A few int/long fixes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4959 dc483132-0cff-0310-8789-dd5450dbe970
|
|
not initialized, initialize it automatically. Initialize the connection
context's krb5_context varaible in init_security_context and
accept_security_context.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4824 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Added krb5_context to all krb5_routines
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4808 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4191 dc483132-0cff-0310-8789-dd5450dbe970
|
|
OpenVision....)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4170 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3716 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3696 dc483132-0cff-0310-8789-dd5450dbe970
|
|
To: tytso@MIT.EDU
Subject: gssapi
Date: Fri, 17 Dec 1993 17:55:06 -0500
From: Marc Horowitz <marc@security.ov.com>
This is named in my RCS tree as MIT931217. The copyright notice
included is (hopefully) final. Good luck!
Marc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3205 dc483132-0cff-0310-8789-dd5450dbe970
|