oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,568 Commits 2 Branches 2 Tags
635ac1aa85494bca29cd6eeb3554746625c06c7d
Commit Graph

66 Commits

Author SHA1 Message Date
Nicolas Williams
db2ba88384 Make gss_acquire_cred_with_password() like Solaris 
Solaris'/Illumos' gss_acquire_cred_with_password() does not have
side-effects.  MIT and Heimdal have differed, but it's now agreed that
the Solaris/Illumos behavior is correct.

To make a credential obained with gss_acquire_cred_with_password()
available to other processes, use gss_store_cred().
 2015-04-15 12:27:40 -05:00
Viktor Dukhovni
dee03d9bee Rename cred handle lifetime to endtime 
And change type from OM_uint32 to time_t.
 2015-04-14 11:27:25 -05:00
Viktor Dukhovni
3bb33fa6e8 Fix cred handle lifetime/expiration confusion 
In at least two instances the krb5 cred handle expiration time was misused
as a remaining lifetime.  This is not surprising since the field name is
wrong ("lifetime" not "expiration").  This commit fixes the code, the next
commit will rename the field and change its type from OM_uint32 to time_t.
 2015-04-14 11:27:24 -05:00
Nicolas Williams
9a515026b9 gss_add_cred() doesn't always output lifetime 2015-04-14 11:27:24 -05:00
Nicolas Williams
67af588bce Don't require NUL term. in gss_add_cred_with_pw 2015-04-14 11:27:24 -05:00
Nicolas Williams
7e51f78178 Simplify __gsskrb5_ccache_lifetime 2015-04-13 16:59:21 -05:00
Nicolas Williams
487b6820f6 Revamp name canonicalization code 2015-03-24 11:49:58 -05:00
Viktor Dukhovni
cfdf6d5cbe gsskrb5: Make krb5 mech use referrals 
Modify the gss krb5 mech to always use referrals unless the
KRB5_NCRO_NO_REFERRALS flag is set.

Change-Id: I7efd873ac922a43adafa2c492703b576847a885f
 2015-03-14 16:08:32 -04:00
Nicolas Williams
774f166e31 First attempt s/\<const gss_.*_t/gss_const_.*_t/g 2013-06-02 15:30:58 -05:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
4c063f2955 quite const warning 2011-05-18 22:00:20 -07:00
Jeffrey Altman
217ada7a06 use const consistently for acquire_cred 
Change-Id: I000d954267efa16439e19b0604c660f3c5be791c
 2011-05-17 13:51:12 -04:00
Luke Howard
33d1877c21 use gss_const_OID for gss_acquire_cred_ext 2011-05-14 17:16:49 +02:00
Luke Howard
02cf28e20b implement gss_acquire_cred_ex with password support 
add missing SPIs to gss_mech_switch

s/acquire_cred_ex/acquire_cred_ext/g
 2011-04-16 11:06:24 +02:00
Love Hornquist Astrand
3d36172090 allow keytab specifiction to gsskrb5_register_acceptor_identity 2011-04-07 07:15:28 -07:00
Love Hornquist Astrand
2038d6f56e don't whine when principal is not found in cache, also, use krb5_cc function to make it not hit the network 2010-11-29 09:31:07 -08:00
Asanka Herath
5dcc605f6b Fix calling conventions for Windows 2010-08-20 13:14:10 -04:00
Love Hornquist Astrand
9f5772050b Match old code and use krb5_sname_to_principal on the imported name for acquire cred. 
Reported by Jan Rekorajski
 2009-12-13 22:55:36 -08:00
Love Hornquist Astrand
8b71d0b93f Prefer the realm of the user when doing referrals style ISC krb5-get-creds 
The the realm of the user's principal and prefer that when doing a lookup.
This code still need to be smarter can cache the "initial value" -> positive result
to avoid roundtrips to the KDC.
 2009-07-17 15:43:19 -07:00
Love Hörnquist Åstrand
c99b2003e2 Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25286 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-22 17:56:41 +00:00
Love Hörnquist Åstrand
6243aee99a use krb5_cc_new_unique, use constants for cache types 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25052 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-03 04:06:10 +00:00
Love Hörnquist Åstrand
269a7a057b flatten include headers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24382 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-25 00:35:00 +00:00
Love Hörnquist Åstrand
fe1a976ae2 new krb5_cc_cache_match 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23905 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-13 03:03:21 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
227aca963e Avoid dns canonlisation for hosts, until we know what client credential we are going to use, and when we know that, lets check if the user really want to use canonlision, XXX should be able to configure per target realm too 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23678 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-25 02:34:24 +00:00
Love Hörnquist Åstrand
f2a2070e19 make acquire_initiator_cred work again 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23534 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-16 22:58:12 +00:00
Love Hörnquist Åstrand
9407642396 catch error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23513 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-11 10:01:07 +00:00
Love Hörnquist Åstrand
78b0cb1d12 remove unread assignment 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23510 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-11 10:00:52 +00:00
Love Hörnquist Åstrand
088ad9f97d (acquire_initiator_cred): handle the credential cache better, use 
destroy/close when appriate and for all cases. Thanks to Michael Allen
for point out the memory-leak that I also fixed.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22596 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-02-18 18:05:55 +00:00
Love Hörnquist Åstrand
bf772f42e4 (acquire_acceptor_cred): Check if there is at least one entry in the 
keytab before declaring it as an useful keytab.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22124 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-12-04 00:03:52 +00:00
Love Hörnquist Åstrand
717464b9fa (acquire_acceptor_cred): don't claim everything is well on failure. 
From Phil Fisher.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21221 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-20 08:42:10 +00:00
Love Hörnquist Åstrand
ee246ab9ac Use gss oid_set functions from mechglue 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20688 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-17 18:44:31 +00:00
Love Hörnquist Åstrand
ece5f9603e Make krb5_get_init_creds_opt_free take a context argument. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19078 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-20 18:12:41 +00:00
Love Hörnquist Åstrand
00bcd44370 Switch from using a specific error message context in the TLS to have 
a whole krb5_context in TLS. This have some interestion side-effekts
for the configruration setting options since they operate on
per-thread basis now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19031 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-13 18:02:57 +00:00
Love Hörnquist Åstrand
dfa6f7b248 reference all include files using krb5/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18334 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 22:16:04 +00:00
Love Hörnquist Åstrand
03567db502 make gss_name_t an opaque type 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17736 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-29 07:27:26 +00:00
Love Hörnquist Åstrand
ee09f98c15 Rename local include file, remove global files. 
Stop exposing global gssapi symbols.
Rename gss_context_id_t and gss_cred_id_t to local names.
Remove SPNEGO code, its now in its own gssapi module.
Add mechglue inquire functions.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:54:04 +00:00
Love Hörnquist Åstrand
63506f62b3 update (c) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16341 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-12-01 21:00:03 +00:00
Love Hörnquist Åstrand
c9962c948d (acquire_acceptor_cred): only check if principal exists if we got 
called with principal as an argument.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16338 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-12-01 16:26:02 +00:00
Love Hörnquist Åstrand
1cff67e8ce (acquire_acceptor_cred): check that the acceptor exists in the keytab 
before returning ok.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16336 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-12-01 15:50:42 +00:00
Love Hörnquist Åstrand
f0dc59770a (acquire_initiator_cred): GSS_CF_DESTROY_CRED_ON_RELEASE on created credentials. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16281 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-11-02 08:56:25 +00:00
Love Hörnquist Åstrand
a5755046b4 (_gssapi_krb5_ccache_lifetime): break out code used to extract 
lifetime from a credential cache


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16239 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-26 11:25:16 +00:00
Love Hörnquist Åstrand
bc4a1da9c6 (acquire_initiator_cred): use krb5_cc_cache_match to find a matching 
creditial cache, if that failes, fallback to the default cache.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16205 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-21 12:44:08 +00:00
Luke Howard
33c4663ba5 plug leak 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14447 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-01-05 02:32:26 +00:00
Johan Danielsson
26457b7135 replace krb5_free_creds_contents by krb5_free_cred_contents 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13790 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-25 19:25:35 +00:00
Love Hörnquist Åstrand
b5cdf72e01 (gss_acquire_cred): check usage before even bothering to process it, 
add both keytab and initial tgt if requested


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13524 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-14 16:42:39 +00:00
Love Hörnquist Åstrand
7c51fd6e95 (acquire_initiator_cred): use kret instead of ret where appropriate 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12976 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-10-07 00:37:04 +00:00
Love Hörnquist Åstrand
5d190295aa add context argument to krb5_get_init_creds_opt_alloc 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12783 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-08 15:28:20 +00:00
Love Hörnquist Åstrand
61e14619de use krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12737 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-03 00:31:42 +00:00