oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,442 Commits 2 Branches 2 Tags
57de79ce6df8fa2be1a67b6c82cdbd690a49ada9
Commit Graph

53 Commits

Author SHA1 Message Date
Luke Howard
ad2a352600 gssapi/krb5: treat empty padding buffers as absent 
For compatibility with SSPI, treat an empty padding buffer as equivalent to an
absent padding buffer (unelss the caller is requesting allocation).
 2020-07-12 15:55:02 +10:00
Luke Howard
c105b15605 gssapi/krb5: ensure singleton buffer in _gk_find_buffer() 
_gk_find_buffer() is used to locate singleton header, padding or trailer
buffers. Return NULL if multiple such buffers are found.
 2020-07-12 15:54:52 +10:00
Luke Howard
b73baa42ef gssapi/krb5: make PADDING buffer optional in GSS IOV API 
RFC 4121/4757 don't require padding as they operate as stream ciphers. Make the
PADDING buffer optional when using these encryption types with gss_wrap_iov()
and gss_unwrap_iov().
 2020-07-12 14:26:14 +10:00
Nicolas Williams
1c81ddf4e2 Round #2 of scan-build warnings cleanup 2016-11-16 17:03:14 -06:00
Andreas Schneider
cfc398d32e s4-heimdal: Remove the execute flag of cfx.c. 
The scripts which are extracting debuginfo are looking for files with
the executable bit and find cfx.c which isn't a executable.
 2014-03-24 23:07:49 -05:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
59f4918ef0 set the CFXSentByAcceptor flag, patch from Jaideep Padhye 2011-04-29 20:34:42 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Luke Howard
21c5987018 Rename GSS_IOV_BUFFER_TYPE_FLAG to GSS_IOV_BUFFER_FLAG 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-03 13:22:57 +01:00
Stefan Metzmacher
2f1a370cd3 hack for gss-wrap-iov to it work 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-28 13:31:12 -07:00
Love Hornquist Astrand
d18cdee577 don't reset EC 2009-08-26 22:52:26 -07:00
Love Hornquist Astrand
559103b218 if not trailer set, init EC to 0 2009-08-26 21:40:07 -07:00
Stefan Metzmacher
40a6abd116 gsskrb5: make the check for dcestyle and conf_req_flag == 0 more explicit 
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-25 23:34:38 -07:00
Stefan Metzmacher
560cb0c132 gsskrb5: fix ec and padding handling in _gssapi_unwrap_cfx_iov() 
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-25 23:34:38 -07:00
Stefan Metzmacher
76f0fb9170 gsskrb5: fix ec and padding handling in _gssapi_wrap_cfx_iov() 
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-25 23:34:38 -07:00
Stefan Metzmacher
f286dd5d64 gsskrb5: fix _gssapi_wrap_iov_length_cfx() - there's more than just krb5 overhead... 
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-25 23:34:38 -07:00
Stefan Metzmacher
1a0423fd3d gsskrb5: make _gk_allocate_buffer() non static 
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-25 23:34:38 -07:00
Stefan Metzmacher
60725fd2f5 gsskrb5: add _gk_verify_buffers() 
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-25 23:34:37 -07:00
Love Hornquist Astrand
fcfa32b0b9 Use constant time memcmp 2009-08-17 12:04:51 +02:00
Love Hornquist Astrand
6ac304d156 Use min() instead of MIN() 2009-08-14 20:05:36 +02:00
Love Hornquist Astrand
95993f222c Fix order of flags, passes regression test now 2009-08-05 13:42:34 +02:00
Love Hornquist Astrand
0ede7ac561 Pass down the use-dce-style flag instead of the while gssapi krb5 context 2009-08-05 12:00:07 +02:00
Stefan Metzmacher
ab9e5d13ec gsskrb5: try to be compatible with windows for gss_wrap* and cfx 
The good thing is that windows and heimdal both use EC=0
in the non DCE_STYLE case, so we need the windows compat hack
only in DCE_STYLE mode.

metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-08-04 20:22:05 +02:00
Love Hörnquist Åstrand
8be9f44602 rename find_buffer 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25289 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-23 03:45:56 +00:00
Love Hörnquist Åstrand
c99b2003e2 Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25286 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-22 17:56:41 +00:00
Love Hörnquist Åstrand
269a7a057b flatten include headers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24382 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-25 00:35:00 +00:00
Love Hörnquist Åstrand
9586101a49 use the krb5_crypto directly, skipping some per packet calculation, make cfx handling simpler 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24067 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:52:10 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
00bcd44370 Switch from using a specific error message context in the TLS to have 
a whole krb5_context in TLS. This have some interestion side-effekts
for the configruration setting options since they operate on
per-thread basis now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19031 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-13 18:02:57 +00:00
Love Hörnquist Åstrand
14f11cf880 (_gssapi_verify_mic_cfx): always free crypto context. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18882 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 21:13:22 +00:00
Love Hörnquist Åstrand
dfa6f7b248 reference all include files using krb5/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18334 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 22:16:04 +00:00
Love Hörnquist Åstrand
610f467aca Redo the wrap length calculations. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17838 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-07-19 14:17:05 +00:00
Love Hörnquist Åstrand
ee09f98c15 Rename local include file, remove global files. 
Stop exposing global gssapi symbols.
Rename gss_context_id_t and gss_cred_id_t to local names.
Remove SPNEGO code, its now in its own gssapi module.
Add mechglue inquire functions.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:54:04 +00:00
Love Hörnquist Åstrand
622495b00b Less pointer signedness warnings. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17561 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-13 09:32:02 +00:00
Love Hörnquist Åstrand
cb704efeeb Rename u_intXX_t to uintXX_t 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17445 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-05 10:37:46 +00:00
Love Hörnquist Åstrand
f832671530 Less pointer signedness warnings. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17436 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-04 11:59:19 +00:00
Love Hörnquist Åstrand
d0443e2058 prefix all sequence symbols with _, they are not part of the GSS-API api. By comment from Wynn Wilkes <wynnw@vintela.com> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14989 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-04-27 17:51:27 +00:00
Love Hörnquist Åstrand
85d7c792a7 s/CTXAcceptorSubkey/CFXAcceptorSubkey/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13699 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-08 08:25:40 +00:00
Love Hörnquist Åstrand
2588cbdf67 enforce AcceptorSubkey 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13516 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-14 16:11:59 +00:00
Love Hörnquist Åstrand
98136e9e42 make rrc a modulus operation if its longer then the length of the message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13208 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-12-12 12:32:50 +00:00
Love Hörnquist Åstrand
ab68d05e93 Wrap token was in wrong order, found by Sam Hartman 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13183 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-12-05 22:44:41 +00:00
Love Hörnquist Åstrand
c5d2778488 add AcceptorSubkey (but no code understand it yet) 
ignore unknown token flags


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13181 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-12-04 11:16:38 +00:00
Love Hörnquist Åstrand
00c0fe1ebb fix {} error, pointed out by Liqiang Zhu 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13114 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-11-14 03:11:23 +00:00
Love Hörnquist Åstrand
33b781c6f6 Sequence number should be stored in bigendian order 
From: Luke Howard <lukeh@padl.com>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13110 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-11-10 15:40:36 +00:00
Love Hörnquist Åstrand
bb7c2ec23c checksum the header last in MIC token, update to -03 
From: Luke Howard <lukeh@padl.com>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13082 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-11-06 01:27:50 +00:00
Love Hörnquist Åstrand
f5f69fb1ba - EC and RRC are big-endian, not little-endian 
- The default is now to rotate regardless of GSS_C_DCE_STYLE. There
  are no longer any references to GSS_C_DCE_STYLE.
- rrc_rotate() avoids allocating memory on the heap if rrc <= 256
From: Luke Howard <lukeh@padl.com>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12912 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-23 10:08:24 +00:00
Love Hörnquist Åstrand
7c533af43a rrc_rotate() was untested and broken, fix it 
set and verify wrap Token->Filler
correct token ID for wrap tokens, were accidentally swapped with delete tokens
From: Luke Howard <lukeh@PADL.COM>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12904 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-22 21:46:53 +00:00
Love Hörnquist Åstrand
7fa07e336e no ASN.1-ish header on per-message tokens 
From: Luke Howard <lukeh@PADL.COM>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12899 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-21 17:35:19 +00:00
Love Hörnquist Åstrand
653d7b010b RRC also need to be zero before wraping them 
From: Luke Howard <lukeh@PADL.COM>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12777 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-05 09:49:22 +00:00
Love Hörnquist Åstrand
6cdb4003eb EC is not included in the checksum since the length might change 
depending on the data.
From: Luke Howard <lukeh@PADL.COM>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12746 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-03 08:36:57 +00:00