aboutsummaryrefslogtreecommitdiff
path: root/src/lib/gssapi
AgeCommit message (Collapse)AuthorFilesLines
2011-04-09fix regression in mech SPI availability checklhoward/moonshot-mechglue-fixesLuke Howard1-2/+5
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24868 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-09remove user_ok outparam from gss_authorize_localnameLuke Howard4-54/+39
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24867 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-09return GSS_S_NAME_NOT_MN if name not mechnameLuke Howard1-3/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24866 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-09Merge branch 'master' into users/lhoward/moonshot-mechglue-fixesLuke Howard1-3/+19
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24865 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-09in gss_userok, import name as GSS_C_NT_USER_NAMELuke Howard1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24864 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-09update for new authorize_localname SPILuke Howard1-0/+6
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24863 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-09Cleanup, add mech type to authorize_localname SPILuke Howard3-23/+30
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24862 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-08remove redundant import_name callLuke Howard1-31/+15
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24858 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-08make SPI entrypoint for authorize_localname gssspi_authorize_localnameLuke Howard3-5/+7
to avoid prototype conflicts in mechanism implementations git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24857 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-07implement gss_authorize_localnameLuke Howard6-64/+102
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24855 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-06Merge branch 'master' into users/lhoward/moonshot-mechglue-fixesLuke Howard1-0/+32
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24845 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-04Merge branch 'master' into users/lhoward/moonshot-mechglue-fixesLuke Howard6-17/+15
Conflicts: src/appl/gss-sample/gss-server.c src/lib/gssapi/mechglue/Makefile.in src/lib/gssapi/mechglue/g_acquire_cred.c src/lib/gssapi/mechglue/g_initialize.c git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24841 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-03allow empty names when importing GSS_C_NT_ANONYMOUSLuke Howard1-4/+11
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24820 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-03make const_attrs buffer staticLuke Howard1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24819 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-03add a symbolic name, GSS_C_ATTR_LOCAL_LOGIN_USER, for local-login-user attributeLuke Howard5-10/+12
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24816 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-01Support for transiting attributes between mechanismsLuke Howard1-2/+68
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24777 dc483132-0cff-0310-8789-dd5450dbe970
2011-04-01verify desired and actual mech OIDs are equal before trying gss_duplicate_nameLuke Howard1-2/+7
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24762 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-28gss_userok() naming extensions wrapper need not check for completeLuke Howard1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24747 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-22log plugin load errors to stderrLuke Howard1-7/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24742 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-22compesenate for missing TOK_ID when calculating encap sizeLuke Howard1-0/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24740 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-22Fix order of operations bug in token size calculationLuke Howard1-2/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24739 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-22fix a couple of nits in draft-josefsson-gss-capsulate-01Luke Howard3-2/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24738 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-22Implement draft-josefsson-gss-capsulate-01Luke Howard6-0/+165
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24737 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-21Allow absolute paths for mechglue librariesLuke Howard1-1/+5
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24736 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-21return GSS_S_UNAVAILABLE on localname lookup errorLuke Howard1-4/+10
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24734 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-21add attribute-based implementation of gssd_pname_to_uidLuke Howard2-17/+121
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24733 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-20set minor_status to KRB5_NO_LOCALNAME if pname_to_uid failsLuke Howard1-3/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24732 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-20Use PADL rather than MIT copyright for userok extensions (workLuke Howard1-18/+26
not performed under MIT contract and may be reused for other projects) git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24731 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-17allow mechanisms to export a gss_duplicate_name SPI that supportsLuke Howard7-54/+45
composite name copies (i.e. copying attributes). this was a bug. git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24721 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-17Use pointer test to avoid mechglue symbol loopbackLuke Howard1-54/+67
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24719 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-17implement attribute-based userok authorisation logic as suggestedLuke Howard1-24/+121
by Sam Hartman git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24717 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-17avoid unnecessary call to gssint_get_mechanism() in case of error pathLuke Howard1-6/+6
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24715 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-17plug introduced leak in gss_acquire_credLuke Howard1-0/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24714 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-17If calling gss_accept_sec_context with non-NULL credentials, ensureLuke Howard1-5/+10
that you have credentials for the mechanism being accepted. git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24713 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-17make gss_acquire_cred(GSS_C_NO_OID_SET) acquire credentials for allLuke Howard1-42/+32
mechanisms rather than just the default mechanism. git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24712 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-17look for gss_{wrap_size_limit,pname_to_uid} when dynamically loading mechs ↵Luke Howard1-0/+2
by symbol git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24711 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-17Reinstate gss_userok and gss_pname_to_uidLuke Howard8-50/+173
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24710 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-11Although it can't actually happen, make it more explicit that we won'tGreg Hudson1-1/+2
dereference a null mech in the cleanup handler of the mechglue's gss_accept_sec_context. ticket: 6813 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24701 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-09Adjust most C source files to match the new standards for copyrightGreg Hudson50-211/+77
and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-08Fix a memory leak independently found by Tim Pozdeev and Arlene BerryTom Yu1-0/+1
This change should be pulled up to the 1.8 and 1.7 branches as well. ticket: 6844 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24693 dc483132-0cff-0310-8789-dd5450dbe970
2011-03-08SPNEGO's accept_sec_context and init_sec_context produce a null contextGreg Hudson1-2/+6
on error, so it needs to silently succeed when deleting a null context. It was instead passing the null context along to the mechglue which would produce an error, causing a leak of the mechglue's union context wrapper. Reported by aberry@likewise.com. ticket: 6863 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24692 dc483132-0cff-0310-8789-dd5450dbe970
2011-02-25Make dependGreg Hudson3-264/+217
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
2011-02-22Fix a memory leak introduced in r23926 where k_cred was not freed onGreg Hudson1-30/+24
successful return from kg_new_connection(). Reported by Julien Chaffraix. ticket: 6800 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24646 dc483132-0cff-0310-8789-dd5450dbe970
2011-02-22Don't leak the mechanism internal context when we get an error in theGreg Hudson1-1/+6
mechglue's gss_accept_sec_context. From aberry@likewise.com. ticket: 6813 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24645 dc483132-0cff-0310-8789-dd5450dbe970
2011-02-14In kg_acceptor_princ, make Coverity happy by using a different test toGreg Hudson1-1/+1
determine if we should set (*princ_out)->type. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24638 dc483132-0cff-0310-8789-dd5450dbe970
2011-02-07Improve acceptor name flexibilityGreg Hudson7-58/+207
Be more flexible about the principal names we will accept for a given GSS acceptor name. Also add support for a new libdefaults profile variable ignore_acceptor_hostname, which causes the hostnames of host-based service principals to be ignored when passed by server applications as acceptor names. Note that we still always invoke krb5_sname_to_principal() when importing a gss-krb5 mechanism name, even though we won't always use the result. This is an unfortunate waste of getaddrinfo/getnameinfo queries in some situations, but the code surgery necessary to defer it appears too risky at this time. The project proposal for this change is at: http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names ticket: 6855 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24616 dc483132-0cff-0310-8789-dd5450dbe970
2011-02-04Change flow control in krb5_gss_import_name to better match currentGreg Hudson1-95/+60
coding practices. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24613 dc483132-0cff-0310-8789-dd5450dbe970
2011-02-03Remove an unnecessary statement in acquire_init_cred(). We never setGreg Hudson1-7/+1
an acceptor name different from desired_princ. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24612 dc483132-0cff-0310-8789-dd5450dbe970
2011-01-25Make gss_krb5_set_allowable_enctypes work for the acceptorGreg Hudson1-0/+9
With the addition of enctype negotiation in 1.7, a gss-krb5 acceptor can choose an enctype for the acceptor subkey other than the one in the keytab. If the resulting security context will be exported and re-imported by another gss-krb5 implementation (such as one in the kernel), the acceptor needs a way to restrict the set of negotiated enctypes to those supported by the other implementation. We had that functionality for the initiator already in the form of gss_krb5_set_allowable_enctypes; this change makes it work for the acceptor as well. ticket: 6852 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24603 dc483132-0cff-0310-8789-dd5450dbe970
2011-01-12Don't call memset with a zero lengthKen Raeburn1-1/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24594 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-07-08 23:24:48 +0000