Commit Graph

330 Commits

Author SHA1 Message Date
Douglas Bagnall
832d7af018 GSSAPI: regenerate lib/gssapi/mech/gss_oid.c with consistent sort
This is generated from lib/gssapi/oid.txt using lib/gssapi/gen-oid.pl,
which sorts the entries to ensure minimal diff churn when an oid is
added or changed.

The lack of effective changes can be seen by sorting both versions, a
bit like this:

$ git show HEAD~~:lib/gssapi/mech/gss_oid.c | sort > /tmp/gss_oid.c-OLD
$ cat lib/gssapi/mech/gss_oid.c | sort > /tmp/gss_oid.c-NEW
$ diff -u /tmp/gss_oid.c*
$ #Nothing to see!

This is of course not a reliable check in general, but works for this
simple file in concert with ordinary inspection.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2015-07-31 15:51:13 +12:00
Douglas Bagnall
afab2ff867 GSSAPI: use rk_UNCONST() on password and cert oid
These missed out on the rk_UNCONST()ification by virtue of being added
in a parallel branch. In the diagram below, they got added in 02cf28e,
while the rk_UNCONSTs were added in f5f9014.

* cc47c8f Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues.
*   3069d80 Merge branch 'master' into lukeh/acquire-cred-ex
|\
| * f5f9014 Warning fixes from Christos Zoulas
* | 02cf28e implement gss_acquire_cred_ex with password support
|/
* 2170219 add more oids

rk_UNCONST amounts to a cast to (void *), removing const.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2015-07-31 15:51:13 +12:00
Jeffrey Altman
2de3d14937 YFS Coverity 11745
Change-Id: I4172f81a187cf398c4538de36067ae19eb2534e3
2015-04-21 21:57:23 -04:00
Nicolas Williams
290e2430c4 Don't use mech default cred when input cred isn't
gss_init_sec_context() with input_cred_handle != GSS_C_NO_CREDENTIAL
should NOT proceed if there is no element in the given credential for
the requested mechanism.
2015-04-17 10:55:47 -05:00
Nicolas Williams
5822db085d Fix memory leak in _gss_acquire_mech_cred 2015-04-15 12:37:52 -05:00
Nicolas Williams
db2ba88384 Make gss_acquire_cred_with_password() like Solaris
Solaris'/Illumos' gss_acquire_cred_with_password() does not have
side-effects.  MIT and Heimdal have differed, but it's now agreed that
the Solaris/Illumos behavior is correct.

To make a credential obained with gss_acquire_cred_with_password()
available to other processes, use gss_store_cred().
2015-04-15 12:27:40 -05:00
Nicolas Williams
d5044abac8 Improve gss_store_cred() for cred sets 2015-04-13 16:59:19 -05:00
Nicolas Williams
533578e726 Make gss_store_cred() work 2015-03-24 11:50:00 -05:00
Luke Howard
788d39b3ce set m->gm_mech.gm_name 2014-01-04 16:31:01 +11:00
Luke Howard
4ff005a6a4 gm_mech_oid must be set
mechanism credentials created by dynamically loaded mechanisms do not work
because the gm_mech_oid field is unset for such mechanisms (instead, only
gm_mech.gm_mech_oid is).
2014-01-04 15:58:10 +11:00
Nicolas Williams
774f166e31 First attempt s/\<const gss_.*_t/gss_const_.*_t/g 2013-06-02 15:30:58 -05:00
Marco Molteni
8cc9326f64 Document some GSS-API functions and fix some spelling errors. No code changes.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2012-09-27 14:26:29 -07:00
Roland C. Dowdeswell
cc47c8fa7b Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues.
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer.  Note that we get different
warnings on different machines and so this will be a work in
progress.  So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).

Notably, we fixed

	1.  a lot of missing structure initialisers,

	2.  unchecked return values for functions that glibc
	    marks as __attribute__((warn-unused-result)),

	3.  made minor modifications to slc and asn1_compile
	    which can generate code which generates warnings,
	    and

	4.  a few stragglers here and there.

We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g.  rsh, rcp,
popper, ftp and telnet.

Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.

We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
2012-02-20 19:45:41 +00:00
Nicolas Williams
40a7d4b62f More fixes for -Werror (GCC 4.6 catches more stuff) 2011-11-02 23:20:55 -05:00
Luke Howard
f48061bda7 check localname attr authenticated 2011-10-08 12:23:25 +11:00
Luke Howard
07777511d1 implement gss_localname 2011-10-08 12:15:09 +11:00
Love Hörnquist Åstrand
8f2294e1f9 switch order of type and GSSAPI_LIB_VARIABLE 2011-07-24 13:00:36 -07:00
Love Hörnquist Åstrand
052c5767fd fixup type for GSS_C_ATTR_LOCAL_LOGIN_USER 2011-07-24 12:47:55 -07:00
Jeffrey Altman
27cc30d38e GSS_C_ATTR_LOCAL_LOGIN_USER
Be consistent with other GSSAPI global variables.  GSS_C_ATTR_LOCAL_LOGIN_USER
becomes a macro in gssapi.h that refers to an exported variable
__gss_c_attr_local_login_user

Change-Id: I2661d74cd0f760780f75b35f92d6b4f9112080dc
2011-07-21 11:46:15 -04:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Luke Howard
79ff133ae9 make gss_acquire_cred_ext private 2011-05-20 14:31:08 +02:00
Love Hornquist Astrand
4c7ba73439 Default to false(?), at least default to something. 2011-05-17 21:22:45 -07:00
Jeffrey Altman
aaa4400942 Apply missing function modifiers
GSSAPI_CALLCONV, GSSAPI_LIB_FUNC, GSSAPI_LIB_CALL as appropriate

Change-Id: I5198cfc7dd665bdc064aa0e613dac7db7465e2b9
2011-05-17 14:02:49 -04:00
Jeffrey Altman
87aad6a13a Add NO_LOCALNAME
The pname to uid functionality at present assumes there is
an implementation of getpwnam() and that the local user
identifier is an integer.  On Windows, the local user identifier
is a SId.  Add NO_LOCALNAME as a build option so that Windows
(for now) can build without providing a getpwnam() implementation.

Change-Id: I04cfd6d2cd52e6228733f1da1dab420b453e6566
2011-05-17 13:56:37 -04:00
Luke Howard
3a100237e6 fix link regression, use EVP_DigestFinal_ex 2011-05-16 23:36:02 +02:00
Luke Howard
5431c4bcd3 Set MN_mech if mechanism doesn't set it 2011-05-16 18:20:53 +02:00
Luke Howard
6abb251957 check correct status code in attr_authorize_localname 2011-05-15 15:52:40 +02:00
Luke Howard
f6ce64e1da fix uninitialised variable check in attr_pname_to_uid() 2011-05-15 14:20:56 +02:00
Luke Howard
66cd3b451c remove incorrect NULLity check for gm_pname_to_uid 2011-05-15 14:17:58 +02:00
Luke Howard
1f02feb3dc fix off-by-one in GSS_C_ATTR_LOCAL_LOGIN_USER attribute 2011-05-15 14:17:43 +02:00
Luke Howard
23bf28b1b8 remove unused variable from gss_add_cred_with_password 2011-05-15 01:51:08 +02:00
Luke Howard
810523e6c4 remove extraneous whitespace 2011-05-14 23:12:33 +02:00
Luke Howard
80f06cfc19 cleanup 2011-05-14 23:10:25 +02:00
Luke Howard
9d0a97c022 fix pointer error 2011-05-14 18:01:47 +02:00
Luke Howard
88e3968a9e implement gss_add_cred_with_password over gss_acquire_cred_ext 2011-05-14 17:57:09 +02:00
Luke Howard
33d1877c21 use gss_const_OID for gss_acquire_cred_ext 2011-05-14 17:16:49 +02:00
Luke Howard
cbebf13216 acquire_cred_with_password is a SPI symbol 2011-05-14 17:09:20 +02:00
Luke Howard
48719d5651 shim acquire_cred_with_password SPI into acquire_cred_ext 2011-05-14 17:00:55 +02:00
Luke Howard
dfba868910 Merge branch 'master' into lukeh/acquire-cred-ex-moonshot-integ
Conflicts:
	lib/gssapi/Makefile.am
	lib/gssapi/mech/gss_acquire_cred_with_password.c
	lib/gssapi/test_context.c
	lib/gssapi/version-script.map
2011-05-14 16:48:49 +02:00
Luke Howard
4a36c8dd7d remove MN check in gss_authorize_localname because all names are MNs 2011-05-14 16:10:12 +02:00
Luke Howard
3069d80734 Merge branch 'master' into lukeh/acquire-cred-ex 2011-05-14 14:56:16 +02:00
Luke Howard
d1b553aae2 add some loopback detection in GSS dynamic loading 2011-05-13 02:27:01 +02:00
Luke Howard
6971125a79 add some loopback detection in GSS dynamic loading 2011-05-13 02:26:41 +02:00
Luke Howard
5dc4aeee49 Merge branch 'master' into lukeh/moonshot
Conflicts:
	lib/gssapi/mech/gss_mech_switch.c
2011-05-13 00:19:01 +02:00
Luke Howard
b323601091 mechglue fixes
- support gssspi_set_cred_option
- pick up OID sets of names for dynamic mechs
2011-05-13 00:16:56 +02:00
Luke Howard
766b7a558c Allow composite names in gss_import_name() 2011-05-12 14:02:15 +02:00
Luke Howard
3287820448 Allow NULL arguments to gss_{get_name_attribute,inquire_name} 2011-05-12 14:02:11 +02:00
Luke Howard
4933215778 Allow NULL arguments to gss_{get_name_attribute,inquire_name} 2011-05-12 14:01:40 +02:00
Luke Howard
4693ab98df Allow composite names in gss_import_name() 2011-05-12 13:39:19 +02:00
Luke Howard
e128b0ca01 Merge branch 'master' into lukeh/moonshot
Conflicts:
	lib/gssapi/krb5/external.c
	lib/libedit/src/vi.c
2011-05-12 13:04:55 +02:00