oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
25,119 Commits 2 Branches 2 Tags
687db64c567b4529aa723a8f5f87946f7cde4cd5
Commit Graph

108 Commits

Author SHA1 Message Date
Love Hornquist Astrand
c402cda0a4 use krb5_auth_con_getremoteseqnumber 2009-12-04 21:30:06 -08:00
Love Hornquist Astrand
75a61b8842 krb5_build_authenticator is private 2009-10-05 22:09:23 -07:00
Love Hornquist Astrand
a132ffe757 Simplify krb5_build_authenticator and unexport 2009-10-05 19:52:28 -07:00
Love Hornquist Astrand
9e13b309d9 use krb5_make_principal 2009-10-04 11:29:43 -07:00
Love Hornquist Astrand
6c3f3fafa3 Don't leak kerberos credentials when trying dns canon 2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
8b71d0b93f Prefer the realm of the user when doing referrals style ISC krb5-get-creds 
The the realm of the user's principal and prefer that when doing a lookup.
This code still need to be smarter can cache the "initial value" -> positive result
to avoid roundtrips to the KDC.
 2009-07-17 15:43:19 -07:00
Love Hörnquist Åstrand
c99b2003e2 Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25286 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-22 17:56:41 +00:00
Love Hörnquist Åstrand
9e9258e2b8 comment out unsupported options 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25183 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-06 19:02:03 +00:00
Love Hörnquist Åstrand
269a7a057b flatten include headers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24382 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-25 00:35:00 +00:00
Love Hörnquist Åstrand
9586101a49 use the krb5_crypto directly, skipping some per packet calculation, make cfx handling simpler 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24067 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:52:10 +00:00
Love Hörnquist Åstrand
9c1460fe80 dont need cfx flag here 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24058 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:50:38 +00:00
Love Hörnquist Åstrand
d4f5c19c1d make IS_CFX a more_flag 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24057 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:50:22 +00:00
Love Hörnquist Åstrand
2d85294ede Default to use the username as passed in by the user. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23843 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-14 15:27:42 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
227aca963e Avoid dns canonlisation for hosts, until we know what client credential we are going to use, and when we know that, lets check if the user really want to use canonlision, XXX should be able to configure per target realm too 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23678 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-25 02:34:24 +00:00
Love Hörnquist Åstrand
84199f34d1 provide slightly better error codes 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23537 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-16 22:58:41 +00:00
Love Hörnquist Åstrand
3b3ffff06d Only strip DELEG_FLAG if there is a realm setting, simplify the 
GSS_C_DELEG_POLICY_FLAG handling.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23527 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-14 23:29:29 +00:00
Love Hörnquist Åstrand
c69717db61 If we used GSS_C_DELEG_POLICY_FLAG, trust KDC, still trust realm configuration. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23481 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-11 09:57:56 +00:00
Love Hörnquist Åstrand
e0168633ea Break on failure 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23422 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-26 18:38:29 +00:00
Love Hörnquist Åstrand
39fe446983 Support parsing KRB-ERROR passed back from windows server when the time is out of sync, modify krb5_cc_[sg]et_config interface to handle principals too, add tests for this 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23420 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-26 18:37:48 +00:00
Love Hörnquist Åstrand
d4d7d06749 realm-config > 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23404 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-26 18:30:35 +00:00
Love Hörnquist Åstrand
c2442955f0 Check for realm-config in the ccache configuration, and use that. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23400 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-26 18:28:59 +00:00
Love Hörnquist Åstrand
1ef0828640 Match the orignal patch I got from metze, seems that DCE-STYLE is even 
more weirer then what I though when I merged the patch.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23388 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-25 09:07:49 +00:00
Love Hörnquist Åstrand
eec537e94b restore flags after mk_rep is done. Prompted by comments from metze 
and abartlet.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23387 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-25 08:23:32 +00:00
Love Hörnquist Åstrand
aad8c2b04d krb5: just don't force, but allow the flags when GSS_CF_NO_CI_FLAGS is given 
From Stefan Metzmacher

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23330 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-27 12:01:23 +00:00
Love Hörnquist Åstrand
9972ce7b46 Don't add asn1 wrapping to token when using DCE_STYLE. 
Patch from Stefan Metze.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23255 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-03 05:29:21 +00:00
Love Hörnquist Åstrand
2d405842ad (init_auth): use right variable to detect if we want to free or not. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22671 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-09 23:57:54 +00:00
Love Hörnquist Åstrand
27a3ca100e Add flag to not add gss-api INT|CONF to the negotiation 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22655 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-02-26 12:40:35 +00:00
Love Hörnquist Åstrand
5fed824f37 its vs it\'s etc. From Bjorn Sandell 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22071 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-11-14 20:04:50 +00:00
Love Hörnquist Åstrand
d3807ad882 Add hideous glue for (NFS) clients that wants to limit the available 
enctypes to what it can support (encryption in kernel). If there is no
enctypes selected for this credential, reset it to the default set of
enctypes.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20326 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-04-12 16:49:57 +00:00
Love Hörnquist Åstrand
942fb2686e update (c) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20061 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-30 11:57:46 +00:00
Love Hörnquist Åstrand
715d4a304f revert 1.75: (init_auth): only turn on GSS_C_CONF_FLAG and 
GSS_C_INT_FLAG if the caller requseted it.

This is because Kerberos always support INT|CONF, matches behavior
with MS and MIT. The creates problems for the GSS-SPNEGO mech.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20058 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-30 11:56:20 +00:00
Love Hörnquist Åstrand
fa438f7ca1 (init_auth): only turn on GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the 
caller requseted it.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19324 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-13 10:33:20 +00:00
Love Hörnquist Åstrand
00bcd44370 Switch from using a specific error message context in the TLS to have 
a whole krb5_context in TLS. This have some interestion side-effekts
for the configruration setting options since they operate on
per-thread basis now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19031 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-13 18:02:57 +00:00
Love Hörnquist Åstrand
1a7ec40448 (init_auth): There is no OID wrapping on the reply token. From Andrew Bartlett 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18934 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-07 17:40:01 +00:00
Love Hörnquist Åstrand
b619dd374c Avoid leaking memory. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18888 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 23:03:19 +00:00
Love Hörnquist Åstrand
dfa6f7b248 reference all include files using krb5/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18334 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 22:16:04 +00:00
Love Hörnquist Åstrand
67655a5dd5 Add GSS_C_DCE_STYLE. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18149 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-22 11:22:14 +00:00
Love Hörnquist Åstrand
226ba0b6cd merge most of the initiator part from the samba patch by Stefan Metzmacher and Andrew Bartlet (still missing DCE/RPC support) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18147 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-22 10:41:31 +00:00
Love Hörnquist Åstrand
b1537f3cca Make work on compilers that are somewhat more picky then gcc4 (like gcc2.95) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17777 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-30 20:57:33 +00:00
Love Hörnquist Åstrand
54afe1180f (do_delegation): use KDCOptions2int to convert fwd_flags to an 
integer, since otherwise int2KDCOptions in krb5_get_forwarded_creds wont do the right thing.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17770 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-30 19:38:40 +00:00
Love Hörnquist Åstrand
03567db502 make gss_name_t an opaque type 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17736 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-29 07:27:26 +00:00
Love Hörnquist Åstrand
ee09f98c15 Rename local include file, remove global files. 
Stop exposing global gssapi symbols.
Rename gss_context_id_t and gss_cred_id_t to local names.
Remove SPNEGO code, its now in its own gssapi module.
Add mechglue inquire functions.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:54:04 +00:00
Love Hörnquist Åstrand
c4d0fcfc9d Less pointer signedness warnings (partly by using the new asn.1 CHOICE decoder) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17560 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-13 09:27:45 +00:00
Love Hörnquist Åstrand
cb704efeeb Rename u_intXX_t to uintXX_t 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17445 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-05 10:37:46 +00:00
Love Hörnquist Åstrand
30627ab04b Spelling. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17027 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-09 18:45:18 +00:00
Love Hörnquist Åstrand
d28785e212 Change sematics of ok-as-delegate to match windows if 
[gssapi]realm/ok-as-delegate=true is set, otherwise keep old sematics.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16283 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-11-02 11:52:49 +00:00
Love Hörnquist Åstrand
72fabc6c6b (spnego_reply): Don't pass back raw Kerberos errors, use GSS-API 
errors instead.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16158 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-12 07:25:18 +00:00
Love Hörnquist Åstrand
4171c2f2a7 avoid warnings, update (c) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15873 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-08-11 10:47:25 +00:00