Love Hornquist Astrand
16b4ddcf14
document gss_release_cred
2009-09-06 12:18:14 -07:00
Love Hornquist Astrand
0d60a7d0ae
implement gss-wrap-iov and friends
2009-08-29 09:04:53 -07:00
Love Hornquist Astrand
c81b66aa0c
init gm_flags for dynamic modules
2009-08-29 08:53:16 -07:00
Love Hornquist Astrand
8f376895ae
drop export symbol
2009-08-29 08:51:00 -07:00
Stefan Metzmacher
2f1a370cd3
hack for gss-wrap-iov to it work
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-28 13:31:12 -07:00
Love Hornquist Astrand
f030b4e59a
free context
2009-08-27 18:30:29 -07:00
Love Hornquist Astrand
9a4e91b1de
don't reset handle twice
2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
74538fc2af
Plug memory leak in prf function
2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
6c3f3fafa3
Don't leak kerberos credentials when trying dns canon
2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
45cfe3f971
Fix server context client context order to match callee
2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
1999c85670
Make mech glue layer aware of composite mechs that uses mech glue layer credentials
...
This make it possible to use krb5/ntlm credentials with SPNEGO.
Needs some more work to avoid double fetching credentials.
2009-08-27 12:12:44 -07:00
Love Hornquist Astrand
32ee735d73
drop RCSID
2009-08-26 23:15:35 -07:00
Love Hornquist Astrand
a2820df666
spelling
2009-08-26 22:53:38 -07:00
Love Hornquist Astrand
d18cdee577
don't reset EC
2009-08-26 22:52:26 -07:00
Love Hornquist Astrand
ebb2e72c61
make error message more unique
2009-08-26 22:43:25 -07:00
Love Hornquist Astrand
022e7d4319
Return unwrapped delegated credentials if the actual mech is not the called mech
...
Assumes that pseudo mechs are are of how mechglue credentails look like and
return credentials like that.
Pointed out on krbdev by Nicolas Williams
2009-08-26 22:32:50 -07:00
Love Hornquist Astrand
559103b218
if not trailer set, init EC to 0
2009-08-26 21:40:07 -07:00
Stefan Metzmacher
03998aeccb
gsskrb5: fix test_context. after gss_wrap_iov changes
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
40a6abd116
gsskrb5: make the check for dcestyle and conf_req_flag == 0 more explicit
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
560cb0c132
gsskrb5: fix ec and padding handling in _gssapi_unwrap_cfx_iov()
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
76f0fb9170
gsskrb5: fix ec and padding handling in _gssapi_wrap_cfx_iov()
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
f286dd5d64
gsskrb5: fix _gssapi_wrap_iov_length_cfx() - there's more than just krb5 overhead...
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
1a0423fd3d
gsskrb5: make _gk_allocate_buffer() non static
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
60725fd2f5
gsskrb5: add _gk_verify_buffers()
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:37 -07:00
Love Hornquist Astrand
9ccc79c5b6
Don't leak context if nsi_probe failes
...
Deduced from valgrind log produced by Markus Moeller
2009-08-22 10:52:22 -07:00
Love Hornquist Astrand
6618ca5ffc
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 07:22:49 -07:00
Love Hornquist Astrand
56f90c5b19
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 07:16:28 -07:00
Love Hornquist Astrand
f465930be7
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 07:16:19 -07:00
Love Hornquist Astrand
dfd40e4403
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 07:16:09 -07:00
Love Hornquist Astrand
03cb3aa56b
use EVP_MD_CTX_create
2009-08-20 17:13:09 -07:00
Love Hornquist Astrand
88d55a1d06
Make compile for weak crypto global (HEIM_WEAK_CRYPTO) and use it for GSSAPI too
2009-08-17 18:06:42 +02:00
Love Hornquist Astrand
fc702a97f5
switch to use EVP interface instead of old crypto interface
2009-08-17 17:30:59 +02:00
Love Hornquist Astrand
62433c844c
switch to use EVP interface instead of old crypto interface
2009-08-17 16:02:45 +02:00
Love Hornquist Astrand
fcfa32b0b9
Use constant time memcmp
2009-08-17 12:04:51 +02:00
Love Hornquist Astrand
42cec58cb4
switch to use EVP interface instead of old crypto interface
2009-08-17 11:43:24 +02:00
Love Hornquist Astrand
dfd1edb54d
switch to use EVP interface instead of old MDX_ style interface
2009-08-17 10:20:01 +02:00
Love Hornquist Astrand
ddb54ca483
switch to use EVP interface instead of old MDX_ style interface
2009-08-17 10:16:13 +02:00
Love Hornquist Astrand
13c3b9b1c6
switch to use EVP interface instead of old MDX_ style interface
2009-08-17 10:15:31 +02:00
Love Hornquist Astrand
639e93d436
switch to use EVP interface instead of old MDX_ style interface
2009-08-17 10:14:24 +02:00
Love Hornquist Astrand
3ef05891ee
switch to use EVP interface instead of old MDX_ style interface
2009-08-17 10:13:04 +02:00
Love Hornquist Astrand
ddb8230917
switch to use EVP interface instead of old MDX_ style interface
2009-08-17 10:10:42 +02:00
Love Hornquist Astrand
6ac304d156
Use min() instead of MIN()
2009-08-14 20:05:36 +02:00
Love Hornquist Astrand
07f0c8be5d
Clean better
2009-08-06 10:18:52 +02:00
Love Hornquist Astrand
95993f222c
Fix order of flags, passes regression test now
2009-08-05 13:42:34 +02:00
Love Hornquist Astrand
0ede7ac561
Pass down the use-dce-style flag instead of the while gssapi krb5 context
2009-08-05 12:00:07 +02:00
Stefan Metzmacher
ab9e5d13ec
gsskrb5: try to be compatible with windows for gss_wrap* and cfx
...
The good thing is that windows and heimdal both use EC=0
in the non DCE_STYLE case, so we need the windows compat hack
only in DCE_STYLE mode.
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-04 20:22:05 +02:00
Stefan Metzmacher
0297d047a4
gsskrb5: add support for DCE_STYLE and des and des3 keys
...
Only the des keys are tested as windows doesn't support des3
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-04 20:21:20 +02:00
Love Hornquist Astrand
3cebc3767f
add more test to test_acquire_cred that removes the need of test_init_creds.c
2009-08-03 13:05:36 +02:00
Love Hornquist Astrand
3608b815b4
Don't bother checking usage of minor_status [CID-23]
2009-07-30 14:01:57 +02:00
Love Hornquist Astrand
901bac07e8
Don't need to look check *input_name twice [CID-27].
2009-07-30 14:00:48 +02:00