Luke Howard 
							
						 
					 
					
						
						
							
						
						272a30405f 
					 
					
						
						
							
							remove trailing whitespace  
						
						
						
						
					 
					
						2011-05-14 14:51:41 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						eec71dac7c 
					 
					
						
						
							
							Revert "disable _gsskrb5_pname_to_uid, there's no aname_to_localname"  
						
						... 
						
						
						
						This reverts commit ad69ac97b1 
						
						
					 
					
						2011-05-14 14:51:10 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						9f2cd17add 
					 
					
						
						
							
							Revert "remove krb5 authorize_localname impl, there's no krb5_kuserok"  
						
						... 
						
						
						
						This reverts commit 4b92552c1e 
						
						
					 
					
						2011-05-14 14:51:08 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						ad69ac97b1 
					 
					
						
						
							
							disable _gsskrb5_pname_to_uid, there's no aname_to_localname  
						
						
						
						
					 
					
						2011-05-13 00:47:37 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						4b92552c1e 
					 
					
						
						
							
							remove krb5 authorize_localname impl, there's no krb5_kuserok  
						
						
						
						
					 
					
						2011-05-13 00:46:14 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						8687bab419 
					 
					
						
						
							
							correct switched order of pname_to_uid/authorize_localname  
						
						
						
						
					 
					
						2011-05-13 00:41:18 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						f1aa972bb8 
					 
					
						
						
							
							fix trailing comma  
						
						
						
						
					 
					
						2011-05-12 13:04:59 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						e128b0ca01 
					 
					
						
						
							
							Merge branch 'master' into lukeh/moonshot  
						
						... 
						
						
						
						Conflicts:
	lib/gssapi/krb5/external.c
	lib/libedit/src/vi.c 
						
						
					 
					
						2011-05-12 13:04:55 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						59f4918ef0 
					 
					
						
						
							
							set the CFXSentByAcceptor flag, patch from Jaideep Padhye  
						
						
						
						
					 
					
						2011-04-29 20:34:42 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						f5f9014c90 
					 
					
						
						
							
							Warning fixes from Christos Zoulas  
						
						... 
						
						
						
						- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code 
						
						
					 
					
						2011-04-29 20:25:05 -07:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						02cf28e20b 
					 
					
						
						
							
							implement gss_acquire_cred_ex with password support  
						
						... 
						
						
						
						add missing SPIs to gss_mech_switch
s/acquire_cred_ex/acquire_cred_ext/g 
						
						
					 
					
						2011-04-16 11:06:24 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						523d84b417 
					 
					
						
						
							
							return error from lower layer  
						
						
						
						
					 
					
						2011-04-14 12:54:16 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						6f5b93fc8b 
					 
					
						
						
							
							return error from lower layer  
						
						
						
						
					 
					
						2011-04-14 12:54:16 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						ec88b5d043 
					 
					
						
						
							
							move _gss_DES3_get_mic_compat to after ->target is set  
						
						... 
						
						
						
						Patch from Roland Dowdeswell 
						
						
					 
					
						2011-04-14 12:54:15 -07:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						0d7bc0c549 
					 
					
						
						
							
							remove user_ok from gss_authorize_localname  
						
						
						
						
					 
					
						2011-04-09 13:41:51 +10:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						bac9c34172 
					 
					
						
						
							
							authorize_localname SPI now includes nametype  
						
						
						
						
					 
					
						2011-04-09 11:34:19 +10:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						6c6e483e00 
					 
					
						
						
							
							gss_authorize_localname implementation  
						
						
						
						
					 
					
						2011-04-08 10:58:57 +10:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						6ec5011d48 
					 
					
						
						
							
							Merge branch 'master' into lukeh/moonshot  
						
						
						
						
					 
					
						2011-04-08 09:05:36 +10:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						3d36172090 
					 
					
						
						
							
							allow keytab specifiction to gsskrb5_register_acceptor_identity  
						
						
						
						
					 
					
						2011-04-07 07:15:28 -07:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						ca48b27fe7 
					 
					
						
						
							
							add _gsskrb5_pname_to_uid implementation  
						
						
						
						
					 
					
						2011-03-20 23:31:32 +11:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						0dff021161 
					 
					
						
						
							
							add krb5 glue for userok  
						
						
						
						
					 
					
						2011-03-20 20:57:24 +11:00 
						 
				 
			
				
					
						
							
							
								Derrick Brashear 
							
						 
					 
					
						
						
							
						
						c5d0acb859 
					 
					
						
						
							
							Correct "not newer" etypes per RFC 4121  
						
						... 
						
						
						
						Section 1 of RFC 4121 describes behavior which
    applies when using "newer" etypes, then goes on in
    table form to list etypes which are not newer.
    While it specifies it is ok to use new token formats
    when both initiator and acceptor are known to handle them,
    this code makes no such verification, and encoded an
    incorrect set of etypes as "not newer". Correct the list.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2011-02-24 19:22:25 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						7e1ba19fda 
					 
					
						
						
							
							setup cfx context, found by Jaideep Padhye  
						
						
						
						
					 
					
						2011-02-02 21:37:26 -08:00 
						 
				 
			
				
					
						
							
							
								Andrew Tridgell 
							
						 
					 
					
						
						
							
						
						9e1d467534 
					 
					
						
						
							
							s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERY  
						
						... 
						
						
						
						this e_data field in a kerberos error packet tells windows to do clock
skew recovery.
See [MS-KILE] 2.2.1 KERB-ERROR-DATA
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org >
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2011-01-30 11:26:31 -08:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						21c5987018 
					 
					
						
						
							
							Rename GSS_IOV_BUFFER_TYPE_FLAG to GSS_IOV_BUFFER_FLAG  
						
						... 
						
						
						
						Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2011-01-03 13:22:57 +01:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						2038d6f56e 
					 
					
						
						
							
							don't whine when principal is not found in cache, also, use krb5_cc function to make it not hit the network  
						
						
						
						
					 
					
						2010-11-29 09:31:07 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						5dcf0753f4 
					 
					
						
						
							
							fill in all mo that make sense for now  
						
						
						
						
					 
					
						2010-11-25 23:52:43 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						6ca842c5b7 
					 
					
						
						
							
							gss_indicate_mechs_by_attrs  
						
						
						
						
					 
					
						2010-11-25 21:40:25 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						c1069f8a36 
					 
					
						
						
							
							add _gss_oid_name_table  
						
						
						
						
					 
					
						2010-11-25 20:20:03 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						bdc9112651 
					 
					
						
						
							
							add missing symbols  
						
						
						
						
					 
					
						2010-11-25 18:36:55 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						dbeeb18a53 
					 
					
						
						
							
							generate oids using table  
						
						
						
						
					 
					
						2010-11-25 18:32:33 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						2e31740f62 
					 
					
						
						
							
							always check for error token in case of a failure  
						
						
						
						
					 
					
						2010-11-08 13:40:01 -08:00 
						 
				 
			
				
					
						
							
							
								Andrew Bartlett 
							
						 
					 
					
						
						
							
						
						526aeef0c7 
					 
					
						
						
							
							heimdal Add clock-skew handling to DCE-style GSSAPI  
						
						... 
						
						
						
						The clock skew handling was previously only on properly wrapped
GSSAPI, and was skipped for DCE-style.  This allows the ASN.1 errors
from the krb5_rd_req to suggest parsing as a kerberos error packet.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2010-11-08 13:36:52 -08:00 
						 
				 
			
				
					
						
							
							
								Andrew Bartlett 
							
						 
					 
					
						
						
							
						
						5cc4d5d2bd 
					 
					
						
						
							
							heimdal Use a seperate krb5_auth_context for the delegated credentials  
						
						... 
						
						
						
						This makes it much more clear that the timestamp written here is not
used in mutual authentication.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2010-10-02 20:47:12 -07:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						5dcc605f6b 
					 
					
						
						
							
							Fix calling conventions for Windows  
						
						
						
						
					 
					
						2010-08-20 13:14:10 -04:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						083b8b63ee 
					 
					
						
						
							
							oids no longer compare to GSS_C_NO_OID  
						
						
						
						
					 
					
						2010-07-22 23:21:44 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						1021099f3d 
					 
					
						
						
							
							rename external so that they can be included in array and struct initializer  
						
						
						
						
					 
					
						2010-07-22 20:47:04 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						2b1645aa08 
					 
					
						
						
							
							catch error from as.*printf  
						
						
						
						
					 
					
						2010-05-30 13:44:41 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						a7e8f05c9b 
					 
					
						
						
							
							Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]  
						
						... 
						
						
						
						This was introduced by checking the Kerberos 5 checksum as a
alternative to the 8003 checksum.
Thanks to MIT Kerberos and Shawn Emery for forwarding this issue 
						
						
					 
					
						2010-05-26 11:53:31 -05:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						9f5772050b 
					 
					
						
						
							
							Match old code and use krb5_sname_to_principal on the imported name for acquire cred.  
						
						... 
						
						
						
						Reported by Jan Rekorajski 
						
						
					 
					
						2009-12-13 22:55:36 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						5b7780b997 
					 
					
						
						
							
							use krb5_auth_con_getremoteseqnumber  
						
						
						
						
					 
					
						2009-12-04 21:35:18 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						c402cda0a4 
					 
					
						
						
							
							use krb5_auth_con_getremoteseqnumber  
						
						
						
						
					 
					
						2009-12-04 21:30:06 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						5a23717814 
					 
					
						
						
							
							use krb5_auth_con_getremoteseqnumber  
						
						
						
						
					 
					
						2009-12-04 21:29:48 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						75a61b8842 
					 
					
						
						
							
							krb5_build_authenticator is private  
						
						
						
						
					 
					
						2009-10-05 22:09:23 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						a132ffe757 
					 
					
						
						
							
							Simplify krb5_build_authenticator and unexport  
						
						
						
						
					 
					
						2009-10-05 19:52:28 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						9e13b309d9 
					 
					
						
						
							
							use krb5_make_principal  
						
						
						
						
					 
					
						2009-10-04 11:29:43 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						914417c5c8 
					 
					
						
						
							
							Remove unused structure  
						
						
						
						
					 
					
						2009-09-19 13:55:34 -07:00 
						 
				 
			
				
					
						
							
							
								Stefan Metzmacher 
							
						 
					 
					
						
						
							
						
						103cc941eb 
					 
					
						
						
							
							gssapi/krb5: set cred_handle in _gsskrb5_import_cred  
						
						... 
						
						
						
						metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2009-09-18 14:29:50 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						8f376895ae 
					 
					
						
						
							
							drop export symbol  
						
						
						
						
					 
					
						2009-08-29 08:51:00 -07:00 
						 
				 
			
				
					
						
							
							
								Stefan Metzmacher 
							
						 
					 
					
						
						
							
						
						2f1a370cd3 
					 
					
						
						
							
							hack for gss-wrap-iov to it work  
						
						... 
						
						
						
						Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2009-08-28 13:31:12 -07:00