oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,302 Commits 2 Branches 2 Tags
2dec179e357f19d03aa2e2e24b3a2ca131627ca1
Commit Graph

29 Commits

Author SHA1 Message Date
Luke Howard
6554dc69b0 gss: allow partial accept context export in SPNEGO 
Support for exporting partially established acceptor context tokens. With this,
an acceptor can send the initiator an encrypted state cookie containing the
exported context token.

(The concrete mechanism, of course, must either require a single round trip or
support partial context export itself. Kerberos and GSS EAP would work, but
Kerberos with GSS_C_DCE_STYLE would not, as currently implemented.)

Partial context export is not permitted for initiators.
 2021-08-07 18:56:33 +10:00
Luke Howard
55a553c56d gss: don't use mechglue private header in SPNEGO 
Unbreak last commit, including mech_locl.h in SPNEGO appears to break Windows
builds
 2020-04-27 15:10:29 +10:00
Luke Howard
7cdc9934b1 gss: initialize output parameters in NegoEx 
NegoEx failed to initialize output parameters in _gss_negoex_{init,accept}
which could lead it to crash if the underlying mechanism returned an error.
 2020-04-27 14:38:33 +10:00
Luke Howard
4fb6a6adc9 gss: port NegoEx implementation from MIT 
An implementation of draft-zhu-negoex-04 for MIT Kerberos was developed in
2011. This has been recently integrated, with many fixes from Greg Hudson. This
commit ports it to Heimdal. The implementation has been interoperability tested
with MIT Kerberos and Windows, using the GSS EAP mechanism developed as part of
the Moonshot project.

The SPNEGO code was also updated to import the state machine from Apple which
improves mechListMIC processing and avoids discarding initial context tokens
generated during mechanism probing, that can be used for optimistic tokens.

Finally, to aid in testing, the GSS-API mechanism glue configuration file can
be changed using the environment variable GSS_MECH_CONFIG. This environment
variable name, along with the format of the configuration file, is compatible
with MIT (although it would be difficult for a single mechanism binary to
support both implementations).
 2020-02-04 17:28:35 +11:00
Luke Howard
ae5c60286a gss: remove SPNEGO name wrappers 
Wrapping GSS names at the SPNEGO level serves no purpose; remove it and return
mechglue names directly. This required a small change to the NTLM mechanism to
allow NULL names to be passed to its release name function.
 2020-02-04 17:28:35 +11:00
Luke Howard
4a93c4774a gss: intern OIDs (#447) 
Intern OIDs so that gss_release_oid() can be a NOOP.
 2018-12-18 23:28:38 -06:00
Daria Phoebe Brashear
b12e01035c gss: _locl.h files should include local copy of -private.h files 
apparently some versions of heimdal installed mech private headers.
don't inadvertantly end up with it in your path from a previous version
 2018-04-19 13:12:59 -04:00
Love Hornquist Astrand
9b07f0e847 Include <heimbase.h>. 2011-05-17 21:21:07 -07:00
Asanka Herath
b1063ea8fc Initial Windows port 2009-11-24 10:11:14 -08:00
Love Hornquist Astrand
022e7d4319 Return unwrapped delegated credentials if the actual mech is not the called mech 
Assumes that pseudo mechs are are of how mechglue credentails look like and
return credentials like that.

Pointed out on krbdev by Nicolas Williams
 2009-08-26 22:32:50 -07:00
Love Hörnquist Åstrand
269a7a057b flatten include headers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24382 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-25 00:35:00 +00:00
Love Hörnquist Åstrand
ef70ee1c5a Add back "mech/utils.h", its needed for oid/buffer functions. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23161 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-05-05 09:56:20 +00:00
Love Hörnquist Åstrand
fc518d9fca Changes from doug barton to make spnego indepedant of the heimdal version of the plugin system. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23158 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-05-02 09:45:28 +00:00
Love Hörnquist Åstrand
784ffbfa6a Make delegated credentials delegated directly, Oleg Sharoiko pointed out that it always didnt work with the old code. Also add som missing cred and context pass-thou functions in the SPNEGO layer 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22688 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-16 11:33:58 +00:00
Love Hörnquist Åstrand
363515e856 check that the generated acceptor mechlist is acceptable too 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19411 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-18 15:42:03 +00:00
Love Hörnquist Åstrand
62270350bc try harder to handle names better. handle missing acceptor and initator creds better (ie dont propose/accept mech that there are no credentials for) split NegTokenInit and NegTokenResp in acceptor 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19397 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-18 12:59:50 +00:00
Love Hörnquist Åstrand
07a8f134e8 Make bitfields unsigned, add maybe_open. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19050 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-15 11:37:25 +00:00
Love Hörnquist Åstrand
4fc6a5e397 Include <roken.h> for compatiblity. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18941 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-07 19:53:40 +00:00
Love Hörnquist Åstrand
7136a32661 Maybe include <netdb.h>. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18409 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-12 06:28:06 +00:00
Love Hörnquist Åstrand
4e9e341188 reference all include files using spnego/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18336 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 22:27:13 +00:00
Love Hörnquist Åstrand
34b26c738d Maybe include <sys/types.h>. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18319 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 18:27:00 +00:00
Love Hörnquist Åstrand
246de3cc42 prefix all gss_spnego with _, use generated headers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18191 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-02 08:07:58 +00:00
Love Hörnquist Åstrand
c667d17ea8 Include <sys/param.h> for MAXHOSTNAMELEN. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18184 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-01 17:50:55 +00:00
Love Hörnquist Åstrand
3db3b74783 reimplement gss_spnego_inquire_names_for_mech 
add support function _gss_spnego_supported_mechs


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17810 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-07-06 19:31:24 +00:00
Love Hörnquist Åstrand
5f14a70630 drop gss_spnego_indicate_mechs 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17804 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-07-05 22:38:02 +00:00
Love Hörnquist Åstrand
909a02791f remove gss_spnego_inquire_names_for_mech, let the mechglue layer implement it 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17800 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-07-05 21:32:49 +00:00
Love Hörnquist Åstrand
799057c5f0 remove dependency on libkrb5 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17708 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 09:45:00 +00:00
Love Hörnquist Åstrand
534d628c29 Rename gss_context_id_t and gss_cred_id_t to local names 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17699 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:58:17 +00:00
Love Hörnquist Åstrand
2baa7e7d61 Initial revision 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17692 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:34:45 +00:00