oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,270 Commits 2 Branches 2 Tags
1c81ddf4e26b3637d1d37c08c045274fdc0a50cc
Commit Graph

124 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
00bcd44370 Switch from using a specific error message context in the TLS to have 
a whole krb5_context in TLS. This have some interestion side-effekts
for the configruration setting options since they operate on
per-thread basis now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19031 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-13 18:02:57 +00:00
Love Hörnquist Åstrand
1a7ec40448 (init_auth): There is no OID wrapping on the reply token. From Andrew Bartlett 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18934 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-07 17:40:01 +00:00
Love Hörnquist Åstrand
b619dd374c Avoid leaking memory. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18888 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 23:03:19 +00:00
Love Hörnquist Åstrand
dfa6f7b248 reference all include files using krb5/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18334 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 22:16:04 +00:00
Love Hörnquist Åstrand
67655a5dd5 Add GSS_C_DCE_STYLE. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18149 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-22 11:22:14 +00:00
Love Hörnquist Åstrand
226ba0b6cd merge most of the initiator part from the samba patch by Stefan Metzmacher and Andrew Bartlet (still missing DCE/RPC support) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18147 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-22 10:41:31 +00:00
Love Hörnquist Åstrand
b1537f3cca Make work on compilers that are somewhat more picky then gcc4 (like gcc2.95) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17777 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-30 20:57:33 +00:00
Love Hörnquist Åstrand
54afe1180f (do_delegation): use KDCOptions2int to convert fwd_flags to an 
integer, since otherwise int2KDCOptions in krb5_get_forwarded_creds wont do the right thing.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17770 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-30 19:38:40 +00:00
Love Hörnquist Åstrand
03567db502 make gss_name_t an opaque type 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17736 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-29 07:27:26 +00:00
Love Hörnquist Åstrand
ee09f98c15 Rename local include file, remove global files. 
Stop exposing global gssapi symbols.
Rename gss_context_id_t and gss_cred_id_t to local names.
Remove SPNEGO code, its now in its own gssapi module.
Add mechglue inquire functions.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:54:04 +00:00
Love Hörnquist Åstrand
c4d0fcfc9d Less pointer signedness warnings (partly by using the new asn.1 CHOICE decoder) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17560 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-13 09:27:45 +00:00
Love Hörnquist Åstrand
cb704efeeb Rename u_intXX_t to uintXX_t 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17445 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-05 10:37:46 +00:00
Love Hörnquist Åstrand
30627ab04b Spelling. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17027 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-09 18:45:18 +00:00
Love Hörnquist Åstrand
d28785e212 Change sematics of ok-as-delegate to match windows if 
[gssapi]realm/ok-as-delegate=true is set, otherwise keep old sematics.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16283 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-11-02 11:52:49 +00:00
Love Hörnquist Åstrand
72fabc6c6b (spnego_reply): Don't pass back raw Kerberos errors, use GSS-API 
errors instead.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16158 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-12 07:25:18 +00:00
Love Hörnquist Åstrand
4171c2f2a7 avoid warnings, update (c) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15873 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-08-11 10:47:25 +00:00
Love Hörnquist Åstrand
33f176705d (spnego_initial): NegotiationToken encoder now that we have one with 
the new asn1. compiler.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15637 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-07-13 07:00:15 +00:00
Love Hörnquist Åstrand
e9cef62ab1 (init_auth): honor ok-as-delegate if local configuration approves 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15319 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-30 20:58:29 +00:00
Love Hörnquist Åstrand
9ae8bc983a Prefix Der_class with ASN1_C_ to avoid problems with system 
headerfiles that pollute the name space.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15264 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-29 15:13:10 +00:00
Love Hörnquist Åstrand
c226c11008 (init_auth): set KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED (for java 
compatibility), also while here, use krb5_auth_con_addflags


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15151 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-17 08:15:30 +00:00
Love Hörnquist Åstrand
d0443e2058 prefix all sequence symbols with _, they are not part of the GSS-API api. By comment from Wynn Wilkes <wynnw@vintela.com> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14989 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-04-27 17:51:27 +00:00
Luke Howard
244ca04320 Remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG, it is no longer in rfc2478bis 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14584 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-02-21 08:48:15 +00:00
Luke Howard
1d02386069 don't call krb5_get_credentials() with 
KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache
growing indefinitely as no key is found with KEYTYPE_NULL


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14583 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-02-21 08:44:25 +00:00
Love Hörnquist Åstrand
88562c0362 (spnego_reply): use _gss_spnego_require_mechlist_mic to figure out if 
we need to check MechListMIC; From: Luke Howard <lukeh@padl.com>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13694 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-07 14:24:58 +00:00
Love Hörnquist Åstrand
23e937a42a avoid the malloc loop and just allocate the propper amount of data 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13684 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-05 13:34:32 +00:00
Love Hörnquist Åstrand
b8af153f50 (spnego_initial): handle mech_token better 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13682 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-05 08:48:20 +00:00
Love Hörnquist Åstrand
fb53d3762e handle acceptor asserted subkey 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13519 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-14 16:31:02 +00:00
Love Hörnquist Åstrand
f96b2ccb60 (spnego_reply): make sure the length of the choice element doesn't 
overrun us


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13444 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-07 14:25:33 +00:00
Love Hörnquist Åstrand
2c1317d353 (init_auth): set sequence number when not requesting mutual auth 
From: Luke Howard <lukeh@PADL.COM>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12838 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-17 04:15:36 +00:00
Love Hörnquist Åstrand
b1576251e1 (spnego_initial): add #if 0 out version of the CHOICE branch encoding, 
also where here, free no longer used memory


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12818 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-10 20:49:11 +00:00
Love Hörnquist Åstrand
bb22f358b1 (spnego_initial): catch errors and return them 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12806 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-09 23:44:25 +00:00
Love Hörnquist Åstrand
c65c7ace38 (spnego_reply): SPNEGO doesn't include gss wrapping on 
SubsequentContextToken like the Kerberos 5 mech does. Lets check for
it anyway.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12801 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-09 10:40:12 +00:00
Love Hörnquist Åstrand
c94bb7e568 Add support for SPNEGO on the initator side. Tested with ldap server 
on a Windows 2000 DC. Implementation initially from Assar Westerlund,
passes though quite a lot of hands before I commited it.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12792 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-09 02:31:47 +00:00
Love Hörnquist Åstrand
c8cf8c9880 encap/decap now takes a oid 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12639 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-08-25 20:02:49 +00:00
Love Hörnquist Åstrand
32752ea144 (repl_mutual): don't set kerberos error where there was no kerberos error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12496 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-07-22 19:53:43 +00:00
Love Hörnquist Åstrand
532c716e88 remember to free data 
use sequence number verifier


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12365 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-06-17 03:58:43 +00:00
Love Hörnquist Åstrand
f6870509a7 (init_auth): if the cred is expired before we tries to create a token, 
fail so the peer doesn't need reject us
(*): make sure time is returned in seconds from now, not in kerberos time
(repl_mutual): remember to unlock the context mutex


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12345 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-06-03 15:22:58 +00:00
Love Hörnquist Åstrand
42f3fc029a - do some basic locking (no reference counting so contexts can be 
removed while still used)
- don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct
- make sure all lifetime are returned in seconds left until expired,
  not in unix epoch


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12317 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-05-21 14:52:14 +00:00
Love Hörnquist Åstrand
67c9487313 take care to set export value to something sane before we start so 
caller will have harmless values in them if then function fails


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11766 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-03-16 18:00:00 +00:00
Love Hörnquist Åstrand
c448764976 (do_delegation): remove unused variable subkey 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11669 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-02-27 20:18:12 +00:00
Love Hörnquist Åstrand
797b1db76b (init_auth): only generate one subkey 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11657 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-02-21 03:05:37 +00:00
Love Hörnquist Åstrand
cd32525e84 (init_auth): check if we need compat for older get_mic/verify_mic 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11622 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-01-27 14:07:56 +00:00
Johan Danielsson
14d8cdb894 check return value from gssapi_krb5_init 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11534 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-10-31 16:06:35 +00:00
Johan Danielsson
9ff457f2fd we need to generate a local subkey here 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11333 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-09-02 17:16:12 +00:00
Johan Danielsson
1473f2521c (init_auth): set AP_OPTS_USE_SUBKEY 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11326 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-09-02 15:37:16 +00:00
Assar Westerlund
28d9223040 (gssapi_krb5_verify_8003_checksum, gssapi_krb5_create_8003_checksum): make more consistent by always returning an gssapi error and setting minor status. update callers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10588 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-08-29 02:21:09 +00:00
Assar Westerlund
e129105771 handle minor_status more consistently 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10533 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-08-23 04:35:55 +00:00
Assar Westerlund
e55eee640b try to return the error string from krb5 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9902 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-05-11 09:16:47 +00:00
Assar Westerlund
11eeed3017 add missing setting of minor_status and failure checks 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-02-18 03:39:09 +00:00
Assar Westerlund
71a4b877eb indent 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9624 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-01-30 22:49:56 +00:00