oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
21,030 Commits 2 Branches 2 Tags
5fed824f372c97454833e489a2714058aac47df6
Commit Graph

79 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
5fed824f37 its vs it\'s etc. From Bjorn Sandell 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22071 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-11-14 20:04:50 +00:00
Love Hörnquist Åstrand
d3807ad882 Add hideous glue for (NFS) clients that wants to limit the available 
enctypes to what it can support (encryption in kernel). If there is no
enctypes selected for this credential, reset it to the default set of
enctypes.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20326 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-04-12 16:49:57 +00:00
Love Hörnquist Åstrand
942fb2686e update (c) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20061 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-30 11:57:46 +00:00
Love Hörnquist Åstrand
715d4a304f revert 1.75: (init_auth): only turn on GSS_C_CONF_FLAG and 
GSS_C_INT_FLAG if the caller requseted it.

This is because Kerberos always support INT|CONF, matches behavior
with MS and MIT. The creates problems for the GSS-SPNEGO mech.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20058 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-30 11:56:20 +00:00
Love Hörnquist Åstrand
fa438f7ca1 (init_auth): only turn on GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the 
caller requseted it.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19324 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-13 10:33:20 +00:00
Love Hörnquist Åstrand
00bcd44370 Switch from using a specific error message context in the TLS to have 
a whole krb5_context in TLS. This have some interestion side-effekts
for the configruration setting options since they operate on
per-thread basis now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19031 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-13 18:02:57 +00:00
Love Hörnquist Åstrand
1a7ec40448 (init_auth): There is no OID wrapping on the reply token. From Andrew Bartlett 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18934 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-07 17:40:01 +00:00
Love Hörnquist Åstrand
b619dd374c Avoid leaking memory. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18888 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 23:03:19 +00:00
Love Hörnquist Åstrand
dfa6f7b248 reference all include files using krb5/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18334 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 22:16:04 +00:00
Love Hörnquist Åstrand
67655a5dd5 Add GSS_C_DCE_STYLE. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18149 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-22 11:22:14 +00:00
Love Hörnquist Åstrand
226ba0b6cd merge most of the initiator part from the samba patch by Stefan Metzmacher and Andrew Bartlet (still missing DCE/RPC support) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18147 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-22 10:41:31 +00:00
Love Hörnquist Åstrand
b1537f3cca Make work on compilers that are somewhat more picky then gcc4 (like gcc2.95) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17777 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-30 20:57:33 +00:00
Love Hörnquist Åstrand
54afe1180f (do_delegation): use KDCOptions2int to convert fwd_flags to an 
integer, since otherwise int2KDCOptions in krb5_get_forwarded_creds wont do the right thing.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17770 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-30 19:38:40 +00:00
Love Hörnquist Åstrand
03567db502 make gss_name_t an opaque type 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17736 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-29 07:27:26 +00:00
Love Hörnquist Åstrand
ee09f98c15 Rename local include file, remove global files. 
Stop exposing global gssapi symbols.
Rename gss_context_id_t and gss_cred_id_t to local names.
Remove SPNEGO code, its now in its own gssapi module.
Add mechglue inquire functions.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:54:04 +00:00
Love Hörnquist Åstrand
c4d0fcfc9d Less pointer signedness warnings (partly by using the new asn.1 CHOICE decoder) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17560 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-13 09:27:45 +00:00
Love Hörnquist Åstrand
cb704efeeb Rename u_intXX_t to uintXX_t 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17445 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-05 10:37:46 +00:00
Love Hörnquist Åstrand
30627ab04b Spelling. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17027 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-09 18:45:18 +00:00
Love Hörnquist Åstrand
d28785e212 Change sematics of ok-as-delegate to match windows if 
[gssapi]realm/ok-as-delegate=true is set, otherwise keep old sematics.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16283 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-11-02 11:52:49 +00:00
Love Hörnquist Åstrand
72fabc6c6b (spnego_reply): Don't pass back raw Kerberos errors, use GSS-API 
errors instead.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16158 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-12 07:25:18 +00:00
Love Hörnquist Åstrand
4171c2f2a7 avoid warnings, update (c) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15873 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-08-11 10:47:25 +00:00
Love Hörnquist Åstrand
33f176705d (spnego_initial): NegotiationToken encoder now that we have one with 
the new asn1. compiler.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15637 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-07-13 07:00:15 +00:00
Love Hörnquist Åstrand
e9cef62ab1 (init_auth): honor ok-as-delegate if local configuration approves 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15319 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-30 20:58:29 +00:00
Love Hörnquist Åstrand
9ae8bc983a Prefix Der_class with ASN1_C_ to avoid problems with system 
headerfiles that pollute the name space.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15264 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-29 15:13:10 +00:00
Love Hörnquist Åstrand
c226c11008 (init_auth): set KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED (for java 
compatibility), also while here, use krb5_auth_con_addflags


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15151 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-17 08:15:30 +00:00
Love Hörnquist Åstrand
d0443e2058 prefix all sequence symbols with _, they are not part of the GSS-API api. By comment from Wynn Wilkes <wynnw@vintela.com> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14989 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-04-27 17:51:27 +00:00
Luke Howard
244ca04320 Remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG, it is no longer in rfc2478bis 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14584 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-02-21 08:48:15 +00:00
Luke Howard
1d02386069 don't call krb5_get_credentials() with 
KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache
growing indefinitely as no key is found with KEYTYPE_NULL


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14583 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-02-21 08:44:25 +00:00
Love Hörnquist Åstrand
88562c0362 (spnego_reply): use _gss_spnego_require_mechlist_mic to figure out if 
we need to check MechListMIC; From: Luke Howard <lukeh@padl.com>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13694 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-07 14:24:58 +00:00
Love Hörnquist Åstrand
23e937a42a avoid the malloc loop and just allocate the propper amount of data 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13684 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-05 13:34:32 +00:00
Love Hörnquist Åstrand
b8af153f50 (spnego_initial): handle mech_token better 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13682 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-05 08:48:20 +00:00
Love Hörnquist Åstrand
fb53d3762e handle acceptor asserted subkey 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13519 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-14 16:31:02 +00:00
Love Hörnquist Åstrand
f96b2ccb60 (spnego_reply): make sure the length of the choice element doesn't 
overrun us


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13444 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-07 14:25:33 +00:00
Love Hörnquist Åstrand
2c1317d353 (init_auth): set sequence number when not requesting mutual auth 
From: Luke Howard <lukeh@PADL.COM>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12838 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-17 04:15:36 +00:00
Love Hörnquist Åstrand
b1576251e1 (spnego_initial): add #if 0 out version of the CHOICE branch encoding, 
also where here, free no longer used memory


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12818 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-10 20:49:11 +00:00
Love Hörnquist Åstrand
bb22f358b1 (spnego_initial): catch errors and return them 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12806 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-09 23:44:25 +00:00
Love Hörnquist Åstrand
c65c7ace38 (spnego_reply): SPNEGO doesn't include gss wrapping on 
SubsequentContextToken like the Kerberos 5 mech does. Lets check for
it anyway.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12801 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-09 10:40:12 +00:00
Love Hörnquist Åstrand
c94bb7e568 Add support for SPNEGO on the initator side. Tested with ldap server 
on a Windows 2000 DC. Implementation initially from Assar Westerlund,
passes though quite a lot of hands before I commited it.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12792 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-09 02:31:47 +00:00
Love Hörnquist Åstrand
c8cf8c9880 encap/decap now takes a oid 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12639 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-08-25 20:02:49 +00:00
Love Hörnquist Åstrand
32752ea144 (repl_mutual): don't set kerberos error where there was no kerberos error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12496 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-07-22 19:53:43 +00:00
Love Hörnquist Åstrand
532c716e88 remember to free data 
use sequence number verifier


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12365 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-06-17 03:58:43 +00:00
Love Hörnquist Åstrand
f6870509a7 (init_auth): if the cred is expired before we tries to create a token, 
fail so the peer doesn't need reject us
(*): make sure time is returned in seconds from now, not in kerberos time
(repl_mutual): remember to unlock the context mutex


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12345 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-06-03 15:22:58 +00:00
Love Hörnquist Åstrand
42f3fc029a - do some basic locking (no reference counting so contexts can be 
removed while still used)
- don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct
- make sure all lifetime are returned in seconds left until expired,
  not in unix epoch


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12317 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-05-21 14:52:14 +00:00
Love Hörnquist Åstrand
67c9487313 take care to set export value to something sane before we start so 
caller will have harmless values in them if then function fails


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11766 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-03-16 18:00:00 +00:00
Love Hörnquist Åstrand
c448764976 (do_delegation): remove unused variable subkey 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11669 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-02-27 20:18:12 +00:00
Love Hörnquist Åstrand
797b1db76b (init_auth): only generate one subkey 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11657 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-02-21 03:05:37 +00:00
Love Hörnquist Åstrand
cd32525e84 (init_auth): check if we need compat for older get_mic/verify_mic 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11622 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-01-27 14:07:56 +00:00
Johan Danielsson
14d8cdb894 check return value from gssapi_krb5_init 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11534 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-10-31 16:06:35 +00:00
Johan Danielsson
9ff457f2fd we need to generate a local subkey here 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11333 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-09-02 17:16:12 +00:00
Johan Danielsson
1473f2521c (init_auth): set AP_OPTS_USE_SUBKEY 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11326 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-09-02 15:37:16 +00:00