oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,873 Commits 2 Branches 2 Tags
ba8c3dbc6261ab397ce5bb4fc0ca6b0ea23eb46a
Commit Graph

36 Commits

Author SHA1 Message Date
Stefan Metzmacher
ba8c3dbc62 lib/gssapi/krb5: implement GSS_C_CHANNEL_BOUND_FLAG for gss_init_sec_context() 
This will force KERB_AP_OPTIONS_CBT to be sent.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2024-07-06 16:14:43 -04:00
Luke Howard
fbd091d65e gss: use mechglue instead of gsskrb5 encoders 
Replace calls to _gsskrb5_{en,de}code...() with mechglue equivalents.
 2023-01-16 09:16:39 +11:00
Joseph Sutton
b19633f9b9 Use constant-time memcmp when comparing sensitive buffers 
This helps to avoid timing attacks.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2022-04-30 13:35:52 -04:00
Joseph Sutton
1c93a6ff26 heimdal: Avoid overflow when performing bitwise shift operations 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2022-01-18 00:31:45 -05:00
Isaac Boukris
a4527a28a3 Implement KERB_AP_OPTIONS_CBT (server side) 
if the client asserted knowledge of channel-bindings by
passing KERB_AP_OPTIONS_CBT, and the server passed bindings,
require the bindings to match.
 2021-08-06 13:15:19 +10:00
Isaac Boukris
51ce4c8d15 gssapi: add channel-bound return flag 
In gss_accept_sec_context, return a new flag to let
the caller know that bindings were provided and verified.
 2021-08-06 13:15:19 +10:00
Nicolas Williams
1c81ddf4e2 Round #2 of scan-build warnings cleanup 2016-11-16 17:03:14 -06:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
a7e8f05c9b Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] 
This was introduced by checking the Kerberos 5 checksum as a
alternative to the 8003 checksum.

Thanks to MIT Kerberos and Shawn Emery for forwarding this issue
 2010-05-26 11:53:31 -05:00
Love Hornquist Astrand
03cb3aa56b use EVP_MD_CTX_create 2009-08-20 17:13:09 -07:00
Love Hornquist Astrand
fcfa32b0b9 Use constant time memcmp 2009-08-17 12:04:51 +02:00
Love Hornquist Astrand
ddb8230917 switch to use EVP interface instead of old MDX_ style interface 2009-08-17 10:10:42 +02:00
Love Hörnquist Åstrand
c99b2003e2 Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25286 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-22 17:56:41 +00:00
Love Hörnquist Åstrand
269a7a057b flatten include headers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24382 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-25 00:35:00 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
dfa6f7b248 reference all include files using krb5/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18334 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 22:16:04 +00:00
Love Hörnquist Åstrand
ee09f98c15 Rename local include file, remove global files. 
Stop exposing global gssapi symbols.
Rename gss_context_id_t and gss_cred_id_t to local names.
Remove SPNEGO code, its now in its own gssapi module.
Add mechglue inquire functions.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:54:04 +00:00
Love Hörnquist Åstrand
4ecf2c2402 (gssapi_decode_*): make data argument const void * 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17434 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-04 11:56:14 +00:00
Love Hörnquist Åstrand
b42998d374 (gssapi_krb5_verify_8003_checksum): check that cksum isn't NULL 
From: Nicolas Pouvesle <npouvesle@tenablesecurity.com>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14710 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-04-01 08:55:36 +00:00
Luke Howard
efc892cd8b use symbolic name for checksum type 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14444 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-01-05 02:31:47 +00:00
Love Hörnquist Åstrand
f6ab4150d5 remove #if 0'ed code 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12845 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-18 18:06:18 +00:00
Love Hörnquist Åstrand
c7573576f2 add gssapi_{en,de}code_be_om_uint32 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12669 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-08-28 00:02:24 +00:00
Love Hörnquist Åstrand
25fd1be6bc export and rename encode_om_uint32/decode_om_uint32 and start to use them 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12363 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-06-17 03:49:26 +00:00
Johan Danielsson
c70d871a1b (gssapi_krb5_verify_8003_checksum): check size of input 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11532 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-10-31 14:38:49 +00:00
Assar Westerlund
c11e13db09 (gssapi_krb5_verify_8003_checksum): handle zero channel bindings 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10878 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-03-10 23:47:39 +00:00
Assar Westerlund
28d9223040 (gssapi_krb5_verify_8003_checksum, gssapi_krb5_create_8003_checksum): make more consistent by always returning an gssapi error and setting minor status. update callers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10588 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-08-29 02:21:09 +00:00
Jacques A. Vidrine
c14ed9002f = Create a cache for delegated credentials when needed. 
= Return GSS_S_BAD_BINDINGS when appropriate, and otherwise
  tweak the return value handling in gss_accept_sec_context
  to be sure they are set to something reasonable.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10582 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-08-28 18:59:37 +00:00
Assar Westerlund
59a594bad4 use the openssl api for md4/md5/sha. handle openssl/*.h 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9559 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-01-29 02:09:01 +00:00
Assar Westerlund
7d7194da08 code for token delegation. From Daniel Kouril <kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8429 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-06-21 02:32:38 +00:00
Assar Westerlund
1ee6d08980 update to pseudo-standard APIs for md4,md5,sha. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7819 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-01-25 23:10:13 +00:00
Johan Danielsson
c5b916ca6f remove advertising clause 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7464 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1999-12-02 17:05:13 +00:00
Johan Danielsson
c309115820 Implement `gssapi_krb5_verify_8003_checksum'. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4654 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1998-03-23 22:45:35 +00:00
Assar Westerlund
cf17bcaa9e (gssapi_krb5_create_8003_checksum): remove unused variable 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4004 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-11-16 02:18:59 +00:00
Johan Danielsson
5a32a5c8e7 Add copyright notice. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2389 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-07-16 21:40:05 +00:00
Assar Westerlund
7193a60cda *** empty log message *** 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1919 ec53bebd-3082-4978-b11e-865c3cabbd6b
 1997-06-16 03:46:36 +00:00