Commit Graph

25345 Commits

Author SHA1 Message Date
Love Hornquist Astrand
3553a3e837 pre8 2009-08-28 13:39:14 -07:00
Stefan Metzmacher
2f1a370cd3 hack for gss-wrap-iov to it work
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-28 13:31:12 -07:00
Love Hornquist Astrand
33019cc597 Spelling, from Guillaume Rousse 2009-08-27 19:11:08 -07:00
Love Hornquist Astrand
f030b4e59a free context 2009-08-27 18:30:29 -07:00
Love Hornquist Astrand
9a4e91b1de don't reset handle twice 2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
74538fc2af Plug memory leak in prf function 2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
6c3f3fafa3 Don't leak kerberos credentials when trying dns canon 2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
45cfe3f971 Fix server context client context order to match callee 2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
1999c85670 Make mech glue layer aware of composite mechs that uses mech glue layer credentials
This make it possible to use krb5/ntlm credentials with SPNEGO.
Needs some more work to avoid double fetching credentials.
2009-08-27 12:12:44 -07:00
Love Hornquist Astrand
32ee735d73 drop RCSID 2009-08-26 23:15:35 -07:00
Love Hornquist Astrand
a2820df666 spelling 2009-08-26 22:53:38 -07:00
Love Hornquist Astrand
d18cdee577 don't reset EC 2009-08-26 22:52:26 -07:00
Love Hornquist Astrand
ebb2e72c61 make error message more unique 2009-08-26 22:43:25 -07:00
Love Hornquist Astrand
022e7d4319 Return unwrapped delegated credentials if the actual mech is not the called mech
Assumes that pseudo mechs are are of how mechglue credentails look like and
return credentials like that.

Pointed out on krbdev by Nicolas Williams
2009-08-26 22:32:50 -07:00
Love Hornquist Astrand
559103b218 if not trailer set, init EC to 0 2009-08-26 21:40:07 -07:00
Love Hornquist Astrand
ba4909eba5 Link libroken with libcrypt since roken uses crypt() in unix_verify_password
Found by Guillaume Rousse
2009-08-26 15:20:51 -07:00
Love Hornquist Astrand
f40805ec75 move iov TODO to generate TODO 2009-08-26 09:10:54 -07:00
Love Hornquist Astrand
13ba2956cc Check if COM_ERR_BINDDOMAIN_krb5 is defined, if it is, use bindtextdomain()
Older versions of compile_et doesn't support gettext/libintl support,
if they don't, there will be no such symbols and we can't load the
text domains for those symbols, so lets skip that.

Pointed out by Guillaume Rousse on heimdal-discuss
2009-08-26 09:02:25 -07:00
Love Hornquist Astrand
e9603a6446 Only try ecdsa if there really is ecdsa support 2009-08-26 00:30:36 -07:00
Love Hornquist Astrand
23aebd619b Only release keys if they are allocated 2009-08-25 23:54:58 -07:00
Stefan Metzmacher
03998aeccb gsskrb5: fix test_context. after gss_wrap_iov changes
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
40a6abd116 gsskrb5: make the check for dcestyle and conf_req_flag == 0 more explicit
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
560cb0c132 gsskrb5: fix ec and padding handling in _gssapi_unwrap_cfx_iov()
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
76f0fb9170 gsskrb5: fix ec and padding handling in _gssapi_wrap_cfx_iov()
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
f286dd5d64 gsskrb5: fix _gssapi_wrap_iov_length_cfx() - there's more than just krb5 overhead...
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
1a0423fd3d gsskrb5: make _gk_allocate_buffer() non static
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
60725fd2f5 gsskrb5: add _gk_verify_buffers()
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:37 -07:00
Love Hornquist Astrand
a29c65b417 add krb5_free_unparsed_name for OpenSSH + gssapi patch, make it deprecated 2009-08-25 23:07:21 -07:00
Love Hornquist Astrand
19b997c61b add kswitch.1 2009-08-25 21:34:07 -07:00
Love Hornquist Astrand
02e28048df simple manpages for kswitch.1 2009-08-25 21:33:51 -07:00
Love Hornquist Astrand
1b07597123 drop EVP_cts support 2009-08-25 20:29:23 -07:00
Love Hornquist Astrand
7e1e9dc2e7 drop cts support 2009-08-25 20:28:33 -07:00
Love Hornquist Astrand
a1aa022f8b drop evp-aes-cts 2009-08-25 20:27:04 -07:00
Love Hornquist Astrand
a4d850a656 don't include evp-aes-cts.c 2009-08-25 20:26:38 -07:00
Love Hornquist Astrand
0d6e55df3c don't include evp-aes-cts.c 2009-08-25 20:26:25 -07:00
Love Hornquist Astrand
6ead770ad1 Implement CTS in terms of CBC 2009-08-25 20:26:01 -07:00
Love Hornquist Astrand
31871b4990 deifne KRB5_DEPRECATED 2009-08-25 14:35:42 -07:00
Love Hornquist Astrand
29562070ba no rpc for kadmin 2009-08-25 13:24:19 -07:00
Love Hornquist Astrand
400cc459fa deprecate krb5_config_parse_string_multi 2009-08-24 20:24:41 -07:00
Love Hornquist Astrand
46b48bc3e7 Document time function, krb5_config_parse_string_multi is not used 2009-08-24 19:52:10 -07:00
Love Hornquist Astrand
9ccc79c5b6 Don't leak context if nsi_probe failes
Deduced from valgrind log produced by Markus Moeller
2009-08-22 10:52:22 -07:00
Love Hornquist Astrand
eb7448156c export d2i_RSAPublicKey 2009-08-21 21:42:03 -07:00
Love Hornquist Astrand
9f5d22b98a define and use d2i_RSAPublicKey 2009-08-21 18:57:09 -07:00
Love Hornquist Astrand
72e306c7e3 Push cert down deaper into the stack 2009-08-21 18:34:21 -07:00
Love Hornquist Astrand
aee7858b16 Clean new files 2009-08-21 15:14:57 -07:00
Love Hornquist Astrand
edb688c1e7 don't run EC test if there is broken EC support 2009-08-21 14:04:13 -07:00
Love Hornquist Astrand
30aa8a7166 there is already one verify, don't make two 2009-08-21 13:42:22 -07:00
Love Hornquist Astrand
941b2a1135 1.3.0pre7 2009-08-21 11:38:34 -07:00
Love Hornquist Astrand
796a522b46 always call cipher-init so that we can reset IV when caller wants too 2009-08-21 07:43:50 -07:00
Love Hornquist Astrand
2b6a34e132 allocate cleam memory for cipher to play with 2009-08-21 07:43:29 -07:00