oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,843 Commits 4 Branches 2 Tags
51aed5d8206d5e21952820735d04ffd80a3a9cd9
Commit Graph

46 Commits

Author SHA1 Message Date
Luke Howard 7de958252c gssapi: add some Apple (c) notices for mechglue bugfix import 
ad426d03 imported some minor bugfixes from the Darwin Heimdal-520 drop; a few
copyright notices were omitted in the merge, which are included here.
 2019-01-04 21:30:10 +11:00
Luke Howard 735039dbdc gssapi: implement gss_set_neg_mechs() (#495) 
Implementation of gss_set_neg_mechs() and gss_get_neg_mechs() as defined in RFC
4178. New gss_release_cred_by_mech() API for dropping a credential from a
mechanism glue credential.
 2019-01-04 15:50:11 +11:00
Luke Howard e0bb9c10ca gssapi: credential store extensions (#451) 
Implement the GSS-API credential store API extensions defined by MIT here:

https://k5wiki.kerberos.org/wiki/Projects/Credential_Store_extensions

Note: we kill off gss_acquire_cred_ext() here. This was never a public API,
although mechanisms could have implemented it and I briefly used it in my
BrowserID prototype mechanism. gss_acquire_cred_ext_from() occupies the place
in the dispatch table where gss_acquire_cred_ext() used to, but this structure
was never visible outside Heimdal (i.e. it is only used by internal
mechanisms);

(Mechanisms that need to accept arbitrary key/value dictionaries from
applications should now implement gss_acquire_cred_from().)
 2019-01-03 14:38:39 -06:00
Luke Howard 728650f3dd gssapi: canonicalize mech OID in gss_accept_sec_context() 2019-01-03 17:54:32 +11:00
Luke Howard 29fe69f95f gssapi: fix dlsym() return value casting 
Fix warnings on Windows (and possibly other platforms) but appropriately
casting the return value of dlsym().
 2019-01-03 17:53:15 +11:00
Nicolas Williams e6d1c10808 Rewrite gss_add_cred() (fix #413) 
It turns out gss_add_cred() really needed a complete rewrite.  It's much
better to first have a gss_duplicate_cred() (which has been needed for
other reasons anyways), and use that when the input_cred_handle is not
GSS_C_NO_CREDENTIAL and output_cred_handle is not NULL, then mutate that
duplicate credential handle (or the input_cred_handle if
output_cred_handle is NULL).
 2018-12-28 19:26:25 -06:00
Nicolas Williams 774f166e31 First attempt s/\<const gss_.*_t/gss_const_.*_t/g 2013-06-02 15:30:58 -05:00
Luke Howard 07777511d1 implement gss_localname 2011-10-08 12:15:09 +11:00
Luke Howard 79ff133ae9 make gss_acquire_cred_ext private 2011-05-20 14:31:08 +02:00
Luke Howard 33d1877c21 use gss_const_OID for gss_acquire_cred_ext 2011-05-14 17:16:49 +02:00
Luke Howard 48719d5651 shim acquire_cred_with_password SPI into acquire_cred_ext 2011-05-14 17:00:55 +02:00
Luke Howard dfba868910 Merge branch 'master' into lukeh/acquire-cred-ex-moonshot-integ 
Conflicts:
	lib/gssapi/Makefile.am
	lib/gssapi/mech/gss_acquire_cred_with_password.c
	lib/gssapi/test_context.c
	lib/gssapi/version-script.map
 2011-05-14 16:48:49 +02:00
Luke Howard 02cf28e20b implement gss_acquire_cred_ex with password support 
add missing SPIs to gss_mech_switch

s/acquire_cred_ex/acquire_cred_ext/g
 2011-04-16 11:06:24 +02:00
Luke Howard 0d7bc0c549 remove user_ok from gss_authorize_localname 2011-04-09 13:41:51 +10:00
Luke Howard bac9c34172 authorize_localname SPI now includes nametype 2011-04-09 11:34:19 +10:00
Luke Howard 6c6e483e00 gss_authorize_localname implementation 2011-04-08 10:58:57 +10:00
Luke Howard 0dff021161 add krb5 glue for userok 2011-03-20 20:57:24 +11:00
Luke Howard e78371829c implement gss_userok/gss_pname_to_uid 2011-03-20 20:34:59 +11:00
Luke Howard 9455577b65 Merge branch 'master' of github.com:heimdal/heimdal 
Conflicts:
	lib/gssapi/gssapi/gssapi.h
	lib/gssapi/gssapi_mech.h
	lib/gssapi/mech/gss_mech_switch.c
 2011-03-20 19:08:10 +11:00
Love Hornquist Astrand 4248882381 drop gss_name_any since it removed from the draft 2011-03-12 12:49:42 -08:00
Love Hornquist Astrand fbf5cff0ac Patch from Luke Howard to allow dynamic gss_mo 2011-03-12 12:45:53 -08:00
Luke Howard 2b2ab30f53 Add naming extension SPIs 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-03-12 12:35:43 -08:00
Luke Howard 45cd381f53 Cleanup API-as-SPI compatibility layer 2011-01-09 22:05:27 +11:00
Luke Howard 5b47a8816d MIT SASL/attribute introspection SPI compat 2011-01-03 22:51:51 +11:00
Luke Howard cace66a435 Add naming extension SPIs 2011-01-03 14:45:07 +11:00
Luke Howard 098148ac20 MIT SPI compat 2011-01-02 20:30:57 +11:00
Love Hornquist Astrand 99e1c33987 sprinkle GSSAPI_CALLCONV, add missing space in */* 2010-11-27 19:11:09 -08:00
Love Hornquist Astrand 5dcf0753f4 fill in all mo that make sense for now 2010-11-25 23:52:43 -08:00
Love Hornquist Astrand 6ca842c5b7 gss_indicate_mechs_by_attrs 2010-11-25 21:40:25 -08:00
Love Hornquist Astrand c1069f8a36 add _gss_oid_name_table 2010-11-25 20:20:03 -08:00
Love Hornquist Astrand ab9267c04e constify 2010-11-25 19:20:26 -08:00
Love Hornquist Astrand ca1b7bfcc3 initial drop of gss-mo 2010-11-25 11:48:02 -08:00
Asanka Herath 5dcc605f6b Fix calling conventions for Windows 2010-08-20 13:14:10 -04:00
Love Hornquist Astrand 1999c85670 Make mech glue layer aware of composite mechs that uses mech glue layer credentials 
This make it possible to use krb5/ntlm credentials with SPNEGO.
Needs some more work to avoid double fetching credentials.
 2009-08-27 12:12:44 -07:00
Love Hornquist Astrand fa502c6648 Add support for gss_{import,export}_cred() as requested by metze 
Works for krb5 and SPNEGO mechanisms. Kerberos credentials are passed as
credential cache names, or if there are memory based credentials, inband in the protocol. This means that the credentials buffers must be keep secret.

As documented by IBM (they have the wrong prototype though)
and GGF (GSS-API Extensions) back in 2001
 2009-07-29 13:36:02 +02:00
Love Hörnquist Åstrand 52878d9adb add store_cred 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24905 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-22 17:20:57 +00:00
Love Hörnquist Åstrand 9dc18665cc add conf_state to iov_length 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24771 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-22 23:24:05 +00:00
Love Hörnquist Åstrand 4454264639 make compile 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24718 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-16 18:35:17 +00:00
Love Hörnquist Åstrand fd92ce1950 Switch arguments. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24714 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-16 18:34:36 +00:00
Love Hörnquist Åstrand 63d1d155f2 switch from unsigned int to int for iov_count 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24083 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:55:56 +00:00
Love Hörnquist Åstrand 7f6d448621 implement the new gss_*_iov interfaces 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24055 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:49:37 +00:00
Love Hörnquist Åstrand 3673482a9b make the SPNEGO mech store the error itself instead, works for everything except other stackable mechs 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22600 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-02-21 12:46:24 +00:00
Love Hörnquist Åstrand 0df01c9241 Add hook for gm_pseudo_random. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20044 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-23 23:39:15 +00:00
Love Hörnquist Åstrand 8f687061ab add __gss_ntlm_initialize 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19365 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-15 20:08:25 +00:00
Love Hörnquist Åstrand 7e00d0f690 Add gss_set_{sec_context,cred}_option 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17713 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 14:07:44 +00:00
Love Hörnquist Åstrand 6814e8f515 merge mechglue code 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17701 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 09:02:32 +00:00