oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,619 Commits 2 Branches 2 Tags
01ef38b74321da6a5692d9ab49fef871570e3ac2
Commit Graph

29 Commits

Author SHA1 Message Date
Luke Howard
6554dc69b0 gss: allow partial accept context export in SPNEGO 
Support for exporting partially established acceptor context tokens. With this,
an acceptor can send the initiator an encrypted state cookie containing the
exported context token.

(The concrete mechanism, of course, must either require a single round trip or
support partial context export itself. Kerberos and GSS EAP would work, but
Kerberos with GSS_C_DCE_STYLE would not, as currently implemented.)

Partial context export is not permitted for initiators.
 2021-08-07 18:56:33 +10:00
Nicolas Williams
1a8855e6c4 spnego: Also use mechglue names 2020-04-25 21:22:32 -05:00
Luke Howard
4fb6a6adc9 gss: port NegoEx implementation from MIT 
An implementation of draft-zhu-negoex-04 for MIT Kerberos was developed in
2011. This has been recently integrated, with many fixes from Greg Hudson. This
commit ports it to Heimdal. The implementation has been interoperability tested
with MIT Kerberos and Windows, using the GSS EAP mechanism developed as part of
the Moonshot project.

The SPNEGO code was also updated to import the state machine from Apple which
improves mechListMIC processing and avoids discarding initial context tokens
generated during mechanism probing, that can be used for optimistic tokens.

Finally, to aid in testing, the GSS-API mechanism glue configuration file can
be changed using the environment variable GSS_MECH_CONFIG. This environment
variable name, along with the format of the configuration file, is compatible
with MIT (although it would be difficult for a single mechanism binary to
support both implementations).
 2020-02-04 17:28:35 +11:00
Luke Howard
ae5c60286a gss: remove SPNEGO name wrappers 
Wrapping GSS names at the SPNEGO level serves no purpose; remove it and return
mechglue names directly. This required a small change to the NTLM mechanism to
allow NULL names to be passed to its release name function.
 2020-02-04 17:28:35 +11:00
Luke Howard
4a93c4774a gss: intern OIDs (#447) 
Intern OIDs so that gss_release_oid() can be a NOOP.
 2018-12-18 23:28:38 -06:00
Nicolas Williams
52a562a3a4 Misc fixes (coverity) 2016-11-18 22:21:45 -06:00
Nicolas Williams
774f166e31 First attempt s/\<const gss_.*_t/gss_const_.*_t/g 2013-06-02 15:30:58 -05:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Asanka Herath
5dcc605f6b Fix calling conventions for Windows 2010-08-20 13:14:10 -04:00
Love Hornquist Astrand
de0102fa0c drop RCSID 2009-11-14 11:14:56 -08:00
Love Hornquist Astrand
0d60a7d0ae implement gss-wrap-iov and friends 2009-08-29 09:04:53 -07:00
Love Hörnquist Åstrand
65adbffd77 handle error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24877 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-27 03:34:54 +00:00
Love Hörnquist Åstrand
a5d7a1ad04 Drop sign/seal functions (version 1 of the interface). 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24744 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-16 19:11:51 +00:00
Love Hörnquist Åstrand
269a7a057b flatten include headers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24382 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-25 00:35:00 +00:00
Love Hörnquist Åstrand
f106a2aff9 release mechs when done, cid#75 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24137 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 05:06:03 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
784ffbfa6a Make delegated credentials delegated directly, Oleg Sharoiko pointed out that it always didnt work with the old code. Also add som missing cred and context pass-thou functions in the SPNEGO layer 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22688 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-16 11:33:58 +00:00
Love Hörnquist Åstrand
2b90d952c6 (_gss_spnego_inquire_context): make work, based on patch from Ryan Sleevi. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22604 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-02-21 21:12:48 +00:00
Love Hörnquist Åstrand
3673482a9b make the SPNEGO mech store the error itself instead, works for everything except other stackable mechs 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22600 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-02-21 12:46:24 +00:00
Love Hörnquist Åstrand
a906ca54bf (_gss_spnego_display_name): if input_name is null, fail. 
From Rafal Malinowski.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21035 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-09 15:32:47 +00:00
Love Hörnquist Åstrand
62270350bc try harder to handle names better. handle missing acceptor and initator creds better (ie dont propose/accept mech that there are no credentials for) split NegTokenInit and NegTokenResp in acceptor 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19397 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-18 12:59:50 +00:00
Love Hörnquist Åstrand
4e9e341188 reference all include files using spnego/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18336 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 22:27:13 +00:00
Love Hörnquist Åstrand
246de3cc42 prefix all gss_spnego with _, use generated headers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18191 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-02 08:07:58 +00:00
Love Hörnquist Åstrand
493bd788d4 Make internal function static (and rename). 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18189 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-02 07:29:58 +00:00
Love Hörnquist Åstrand
3db3b74783 reimplement gss_spnego_inquire_names_for_mech 
add support function _gss_spnego_supported_mechs


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17810 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-07-06 19:31:24 +00:00
Love Hörnquist Åstrand
5f14a70630 drop gss_spnego_indicate_mechs 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17804 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-07-05 22:38:02 +00:00
Love Hörnquist Åstrand
909a02791f remove gss_spnego_inquire_names_for_mech, let the mechglue layer implement it 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17800 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-07-05 21:32:49 +00:00
Love Hörnquist Åstrand
534d628c29 Rename gss_context_id_t and gss_cred_id_t to local names 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17699 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:58:17 +00:00
Love Hörnquist Åstrand
2baa7e7d61 Initial revision 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17692 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:34:45 +00:00