Luke Howard 
							
						 
					 
					
						
						
							
						
						e0bb9c10ca 
					 
					
						
						
							
							gssapi: credential store extensions ( #451 )  
						
						... 
						
						
						
						Implement the GSS-API credential store API extensions defined by MIT here:
https://k5wiki.kerberos.org/wiki/Projects/Credential_Store_extensions 
Note: we kill off gss_acquire_cred_ext() here. This was never a public API,
although mechanisms could have implemented it and I briefly used it in my
BrowserID prototype mechanism. gss_acquire_cred_ext_from() occupies the place
in the dispatch table where gss_acquire_cred_ext() used to, but this structure
was never visible outside Heimdal (i.e. it is only used by internal
mechanisms);
(Mechanisms that need to accept arbitrary key/value dictionaries from
applications should now implement gss_acquire_cred_from().) 
						
						
					 
					
						2019-01-03 14:38:39 -06:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						af0d8ef677 
					 
					
						
						
							
							gssapi: support for client keytab in gss_acquire_cred ( #383 )  
						
						... 
						
						
						
						For compatibility with MIT Kerberos, support automatic acquisition of initiator
credentials if a client keytab is available. The default path on non-Windows is
/var/heimdal/user/%{euid}/client.keytab, but can be overriden with the
KRB5_CLIENT_KTNAME environment variable or the default_client_keytab_name
configuration option. If a client keytab does not exist, or exists but does not
contain the principal for which initiator credentials are being acquired, the
system keytab is tried. 
						
						
					 
					
						2018-12-31 18:20:37 +11:00 
						 
				 
			
				
					
						
							
							
								Nicolas Williams 
							
						 
					 
					
						
						
							
						
						db2ba88384 
					 
					
						
						
							
							Make gss_acquire_cred_with_password() like Solaris  
						
						... 
						
						
						
						Solaris'/Illumos' gss_acquire_cred_with_password() does not have
side-effects.  MIT and Heimdal have differed, but it's now agreed that
the Solaris/Illumos behavior is correct.
To make a credential obained with gss_acquire_cred_with_password()
available to other processes, use gss_store_cred(). 
						
						
					 
					
						2015-04-15 12:27:40 -05:00 
						 
				 
			
				
					
						
							
							
								Viktor Dukhovni 
							
						 
					 
					
						
						
							
						
						dee03d9bee 
					 
					
						
						
							
							Rename cred handle lifetime to endtime  
						
						... 
						
						
						
						And change type from OM_uint32 to time_t. 
						
						
					 
					
						2015-04-14 11:27:25 -05:00 
						 
				 
			
				
					
						
							
							
								Viktor Dukhovni 
							
						 
					 
					
						
						
							
						
						3bb33fa6e8 
					 
					
						
						
							
							Fix cred handle lifetime/expiration confusion  
						
						... 
						
						
						
						In at least two instances the krb5 cred handle expiration time was misused
as a remaining lifetime.  This is not surprising since the field name is
wrong ("lifetime" not "expiration").  This commit fixes the code, the next
commit will rename the field and change its type from OM_uint32 to time_t. 
						
						
					 
					
						2015-04-14 11:27:24 -05:00 
						 
				 
			
				
					
						
							
							
								Nicolas Williams 
							
						 
					 
					
						
						
							
						
						9a515026b9 
					 
					
						
						
							
							gss_add_cred() doesn't always output lifetime  
						
						
						
						
					 
					
						2015-04-14 11:27:24 -05:00 
						 
				 
			
				
					
						
							
							
								Nicolas Williams 
							
						 
					 
					
						
						
							
						
						67af588bce 
					 
					
						
						
							
							Don't require NUL term. in gss_add_cred_with_pw  
						
						
						
						
					 
					
						2015-04-14 11:27:24 -05:00 
						 
				 
			
				
					
						
							
							
								Nicolas Williams 
							
						 
					 
					
						
						
							
						
						7e51f78178 
					 
					
						
						
							
							Simplify __gsskrb5_ccache_lifetime  
						
						
						
						
					 
					
						2015-04-13 16:59:21 -05:00 
						 
				 
			
				
					
						
							
							
								Nicolas Williams 
							
						 
					 
					
						
						
							
						
						487b6820f6 
					 
					
						
						
							
							Revamp name canonicalization code  
						
						
						
						
					 
					
						2015-03-24 11:49:58 -05:00 
						 
				 
			
				
					
						
							
							
								Viktor Dukhovni 
							
						 
					 
					
						
						
							
						
						cfdf6d5cbe 
					 
					
						
						
							
							gsskrb5: Make krb5 mech use referrals  
						
						... 
						
						
						
						Modify the gss krb5 mech to always use referrals unless the
KRB5_NCRO_NO_REFERRALS flag is set.
Change-Id: I7efd873ac922a43adafa2c492703b576847a885f 
						
						
					 
					
						2015-03-14 16:08:32 -04:00 
						 
				 
			
				
					
						
							
							
								Nicolas Williams 
							
						 
					 
					
						
						
							
						
						774f166e31 
					 
					
						
						
							
							First attempt s/\<const gss_.*_t/gss_const_.*_t/g  
						
						
						
						
					 
					
						2013-06-02 15:30:58 -05:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						0879b9831a 
					 
					
						
						
							
							remove trailing whitespace  
						
						
						
						
					 
					
						2011-05-21 11:57:31 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						4c063f2955 
					 
					
						
						
							
							quite const warning  
						
						
						
						
					 
					
						2011-05-18 22:00:20 -07:00 
						 
				 
			
				
					
						
							
							
								Jeffrey Altman 
							
						 
					 
					
						
						
							
						
						217ada7a06 
					 
					
						
						
							
							use const consistently for acquire_cred  
						
						... 
						
						
						
						Change-Id: I000d954267efa16439e19b0604c660f3c5be791c 
						
						
					 
					
						2011-05-17 13:51:12 -04:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						33d1877c21 
					 
					
						
						
							
							use gss_const_OID for gss_acquire_cred_ext  
						
						
						
						
					 
					
						2011-05-14 17:16:49 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						02cf28e20b 
					 
					
						
						
							
							implement gss_acquire_cred_ex with password support  
						
						... 
						
						
						
						add missing SPIs to gss_mech_switch
s/acquire_cred_ex/acquire_cred_ext/g 
						
						
					 
					
						2011-04-16 11:06:24 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						3d36172090 
					 
					
						
						
							
							allow keytab specifiction to gsskrb5_register_acceptor_identity  
						
						
						
						
					 
					
						2011-04-07 07:15:28 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						2038d6f56e 
					 
					
						
						
							
							don't whine when principal is not found in cache, also, use krb5_cc function to make it not hit the network  
						
						
						
						
					 
					
						2010-11-29 09:31:07 -08:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						5dcc605f6b 
					 
					
						
						
							
							Fix calling conventions for Windows  
						
						
						
						
					 
					
						2010-08-20 13:14:10 -04:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						9f5772050b 
					 
					
						
						
							
							Match old code and use krb5_sname_to_principal on the imported name for acquire cred.  
						
						... 
						
						
						
						Reported by Jan Rekorajski 
						
						
					 
					
						2009-12-13 22:55:36 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						8b71d0b93f 
					 
					
						
						
							
							Prefer the realm of the user when doing referrals style ISC krb5-get-creds  
						
						... 
						
						
						
						The the realm of the user's principal and prefer that when doing a lookup.
This code still need to be smarter can cache the "initial value" -> positive result
to avoid roundtrips to the KDC. 
						
						
					 
					
						2009-07-17 15:43:19 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						c99b2003e2 
					 
					
						
						
							
							Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25286 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-06-22 17:56:41 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						6243aee99a 
					 
					
						
						
							
							use krb5_cc_new_unique, use constants for cache types  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25052 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-04-03 04:06:10 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						269a7a057b 
					 
					
						
						
							
							flatten include headers  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24382 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-01-25 00:35:00 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						fe1a976ae2 
					 
					
						
						
							
							new krb5_cc_cache_match  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23905 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-10-13 03:03:21 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						6937d41a02 
					 
					
						
						
							
							remove trailing whitespace  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-09-13 09:21:03 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						e172367898 
					 
					
						
						
							
							switch to utf8 encoding of all files  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-09-13 08:53:55 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						227aca963e 
					 
					
						
						
							
							Avoid dns canonlisation for hosts, until we know what client credential we are going to use, and when we know that, lets check if the user really want to use canonlision, XXX should be able to configure per target realm too  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23678 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-08-25 02:34:24 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						f2a2070e19 
					 
					
						
						
							
							make acquire_initiator_cred work again  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23534 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-08-16 22:58:12 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						9407642396 
					 
					
						
						
							
							catch error  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23513 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-08-11 10:01:07 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						78b0cb1d12 
					 
					
						
						
							
							remove unread assignment  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23510 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-08-11 10:00:52 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						088ad9f97d 
					 
					
						
						
							
							(acquire_initiator_cred): handle the credential cache better, use  
						
						... 
						
						
						
						destroy/close when appriate and for all cases. Thanks to Michael Allen
for point out the memory-leak that I also fixed.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22596 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-02-18 18:05:55 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						bf772f42e4 
					 
					
						
						
							
							(acquire_acceptor_cred): Check if there is at least one entry in the  
						
						... 
						
						
						
						keytab before declaring it as an useful keytab.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22124 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2007-12-04 00:03:52 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						717464b9fa 
					 
					
						
						
							
							(acquire_acceptor_cred): don't claim everything is well on failure.  
						
						... 
						
						
						
						From Phil Fisher.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21221 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2007-06-20 08:42:10 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						ee246ab9ac 
					 
					
						
						
							
							Use gss oid_set functions from mechglue  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20688 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2007-05-17 18:44:31 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						ece5f9603e 
					 
					
						
						
							
							Make krb5_get_init_creds_opt_free take a context argument.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19078 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-11-20 18:12:41 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						00bcd44370 
					 
					
						
						
							
							Switch from using a specific error message context in the TLS to have  
						
						... 
						
						
						
						a whole krb5_context in TLS. This have some interestion side-effekts
for the configruration setting options since they operate on
per-thread basis now.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19031 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-11-13 18:02:57 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						dfa6f7b248 
					 
					
						
						
							
							reference all include files using krb5/  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18334 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-10-07 22:16:04 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						03567db502 
					 
					
						
						
							
							make gss_name_t an opaque type  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17736 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-06-29 07:27:26 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						ee09f98c15 
					 
					
						
						
							
							Rename local include file, remove global files.  
						
						... 
						
						
						
						Stop exposing global gssapi symbols.
Rename gss_context_id_t and gss_cred_id_t to local names.
Remove SPNEGO code, its now in its own gssapi module.
Add mechglue inquire functions.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17697 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-06-28 08:54:04 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						63506f62b3 
					 
					
						
						
							
							update (c)  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16341 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-12-01 21:00:03 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						c9962c948d 
					 
					
						
						
							
							(acquire_acceptor_cred): only check if principal exists if we got  
						
						... 
						
						
						
						called with principal as an argument.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16338 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-12-01 16:26:02 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						1cff67e8ce 
					 
					
						
						
							
							(acquire_acceptor_cred): check that the acceptor exists in the keytab  
						
						... 
						
						
						
						before returning ok.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16336 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-12-01 15:50:42 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						f0dc59770a 
					 
					
						
						
							
							(acquire_initiator_cred): GSS_CF_DESTROY_CRED_ON_RELEASE on created credentials.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16281 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-11-02 08:56:25 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						a5755046b4 
					 
					
						
						
							
							(_gssapi_krb5_ccache_lifetime): break out code used to extract  
						
						... 
						
						
						
						lifetime from a credential cache
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16239 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-10-26 11:25:16 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						bc4a1da9c6 
					 
					
						
						
							
							(acquire_initiator_cred): use krb5_cc_cache_match to find a matching  
						
						... 
						
						
						
						creditial cache, if that failes, fallback to the default cache.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16205 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-10-21 12:44:08 +00:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						33c4663ba5 
					 
					
						
						
							
							plug leak  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14447 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-01-05 02:32:26 +00:00 
						 
				 
			
				
					
						
							
							
								Johan Danielsson 
							
						 
					 
					
						
						
							
						
						26457b7135 
					 
					
						
						
							
							replace krb5_free_creds_contents by krb5_free_cred_contents  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13790 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2004-04-25 19:25:35 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						b5cdf72e01 
					 
					
						
						
							
							(gss_acquire_cred): check usage before even bothering to process it,  
						
						... 
						
						
						
						add both keytab and initial tgt if requested
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13524 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2004-03-14 16:42:39 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						7c51fd6e95 
					 
					
						
						
							
							(acquire_initiator_cred): use kret instead of ret where appropriate  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12976 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2003-10-07 00:37:04 +00:00