Anonymous names should always compare FALSE in GSS_Compare_name(). If the names
are being compared at the mechglue layer then we should check for
GSS_C_NT_ANONYMOUS.
Add the --export-import-context flag to test_context, for validating that
security contexts round-trip through GSS_Export_sec_context() and
GSS_Import_sec_context().
The prototype for gss_set_sec_context_option() allows it to return a new
context, however this was not implemented. This functionality is required by
GSS_KRB5_IMPORT_RFC4121_CONTEXT_X.
The SPNEGO dispatch table does not include gss_duplicate_cred(). It can call
directly into the mechglue because a SPNEGO credential is a mechglue
credential.
SPNEGO credentials are mechglue credentials. SPNEGO credential wrapper
functions can be replaced with direct calls into the mechglue, unless a
specific check is required to avoid infinite recursion (as is the case where
the mechglue enumerates all mechanism when passed a null credential handle).
The recent changes to SPNEGO removed support for GSS_C_PEER_HAS_UPDATED_SPNEGO,
through which the Kerberos mechanism could indicate to SPNEGO that the peer did
not suffer from SPNEGO conformance bugs present in some versions of Windows.*
This patch restores this workaround, documented in [MS-SPNG] Appendix A <7>
Section 3.1.5.1. Whilst improving interoperability with these admittedly now
unsupported versions of Windows, it does introduce a risk that Kerberos with
pre-AES ciphers could be negotiated in lieu of a stronger and more preferred
mechanism.
Note: this patch inverts the mechanism interface from
GSS_C_PEER_HAS_UPDATED_SPNEGO to GSS_C_INQ_PEER_HAS_BUGGY_SPNEGO, so that new
mechanisms (which did not ship with these older versions of Windows) are not
required to implement it.
* Windows 2000, Windows 2003, and Windows XP
Pending integration of #551, the krb5 mechanism does not support
GSS_C_ANON_FLAG. Remove the GSS_C_MA_AUTH_INIT_ANON mechanism attribute until
such time it does.
Sort the list of mechanisms proposed by the initiator so that mechanisms are
preferred by their advertised support for GSS flags. For example, if
GSS_C_MUTUAL_FLAG is requested, a mechanism that offers GSS_C_MA_AUTH_TARG will
be preferred over one that doesn't. The flag/mechanism attribute combinations
are also assigned a weight (mutual trumps anonymous, for example).
Add mergesort_r() as a stable sort function that can be used by other
components of Heimdal. Note that there is no standardized prototype for this
function, however it appears that both FreeBSD and glibc would adopt the glibc
convention (where the private data argument appears last). See:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214248
__gss_c_attr_stream_sizes_oid_desc was tagged with GSSAPI_LIB_FUNCTION instead
of GSSAPI_LIB_VARIABLE; whilst the macro expansion is identical, fix for
cleanliness
This is needed so that sshd and such can get make practical use of the
"ccache" key in GSS cred stores.
This commit only changes the store path, not the acquisition path.
gss_store_cred_into*() will now switch the new cred cache to be the
primary/default cred cache when
- the caller requested it and,
- if the caller passed in a user name, the creds' principal is the best
principal for the named user.
A principal is the best principal for a user when the principal has just
one component, the component is the user's username, and the realm is
the configured user_realm.
If using the new --cache-default-for option, use the real default if the
principal is the best principal for the user.
A principal is the best principal for a user when the principal has just
one component, the component is the user's username, and the realm is
the configured user_realm.
bcb5ed28fb ("kdc/kx509.c: clean up
krb5_get_error_message strings used for mk_error_resp") introduced a
build failure. 'context' is not a local variable but a field in the
kx509_req_context.
Change-Id: I38a8a9b1a19c3370dfc039d6e09445425936c32b
mk_error_response expects the strings it builds will need to be freed but
not those passed in; krb5_get_error_message generates a string which needs to
be freed. keep track of and free those strings.
the code to perform cleanup is present but an overzealous goto out
precludes it from being called. break from our for loop in event of error
and allow cleanup to take place
on error from der_parse_heim_old we early exit via out, which frees
s and cprinc; we should not do so a second time unless we explicitly
NULL the pointers but there is no value in doing so.
