Love Hornquist Astrand
6ca842c5b7
gss_indicate_mechs_by_attrs
2010-11-25 21:40:25 -08:00
Love Hornquist Astrand
c1069f8a36
add _gss_oid_name_table
2010-11-25 20:20:03 -08:00
Love Hornquist Astrand
bdc9112651
add missing symbols
2010-11-25 18:36:55 -08:00
Love Hornquist Astrand
dbeeb18a53
generate oids using table
2010-11-25 18:32:33 -08:00
Love Hornquist Astrand
2e31740f62
always check for error token in case of a failure
2010-11-08 13:40:01 -08:00
Andrew Bartlett
526aeef0c7
heimdal Add clock-skew handling to DCE-style GSSAPI
...
The clock skew handling was previously only on properly wrapped
GSSAPI, and was skipped for DCE-style. This allows the ASN.1 errors
from the krb5_rd_req to suggest parsing as a kerberos error packet.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2010-11-08 13:36:52 -08:00
Andrew Bartlett
5cc4d5d2bd
heimdal Use a seperate krb5_auth_context for the delegated credentials
...
This makes it much more clear that the timestamp written here is not
used in mutual authentication.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2010-10-02 20:47:12 -07:00
Asanka Herath
5dcc605f6b
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
Love Hornquist Astrand
083b8b63ee
oids no longer compare to GSS_C_NO_OID
2010-07-22 23:21:44 -07:00
Love Hornquist Astrand
1021099f3d
rename external so that they can be included in array and struct initializer
2010-07-22 20:47:04 -07:00
Love Hornquist Astrand
2b1645aa08
catch error from as.*printf
2010-05-30 13:44:41 -07:00
Love Hornquist Astrand
a7e8f05c9b
Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
...
This was introduced by checking the Kerberos 5 checksum as a
alternative to the 8003 checksum.
Thanks to MIT Kerberos and Shawn Emery for forwarding this issue
2010-05-26 11:53:31 -05:00
Love Hornquist Astrand
9f5772050b
Match old code and use krb5_sname_to_principal on the imported name for acquire cred.
...
Reported by Jan Rekorajski
2009-12-13 22:55:36 -08:00
Love Hornquist Astrand
5b7780b997
use krb5_auth_con_getremoteseqnumber
2009-12-04 21:35:18 -08:00
Love Hornquist Astrand
c402cda0a4
use krb5_auth_con_getremoteseqnumber
2009-12-04 21:30:06 -08:00
Love Hornquist Astrand
5a23717814
use krb5_auth_con_getremoteseqnumber
2009-12-04 21:29:48 -08:00
Love Hornquist Astrand
75a61b8842
krb5_build_authenticator is private
2009-10-05 22:09:23 -07:00
Love Hornquist Astrand
a132ffe757
Simplify krb5_build_authenticator and unexport
2009-10-05 19:52:28 -07:00
Love Hornquist Astrand
9e13b309d9
use krb5_make_principal
2009-10-04 11:29:43 -07:00
Love Hornquist Astrand
914417c5c8
Remove unused structure
2009-09-19 13:55:34 -07:00
Stefan Metzmacher
103cc941eb
gssapi/krb5: set cred_handle in _gsskrb5_import_cred
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-09-18 14:29:50 -07:00
Love Hornquist Astrand
8f376895ae
drop export symbol
2009-08-29 08:51:00 -07:00
Stefan Metzmacher
2f1a370cd3
hack for gss-wrap-iov to it work
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-28 13:31:12 -07:00
Love Hornquist Astrand
74538fc2af
Plug memory leak in prf function
2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
6c3f3fafa3
Don't leak kerberos credentials when trying dns canon
2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
1999c85670
Make mech glue layer aware of composite mechs that uses mech glue layer credentials
...
This make it possible to use krb5/ntlm credentials with SPNEGO.
Needs some more work to avoid double fetching credentials.
2009-08-27 12:12:44 -07:00
Love Hornquist Astrand
d18cdee577
don't reset EC
2009-08-26 22:52:26 -07:00
Love Hornquist Astrand
559103b218
if not trailer set, init EC to 0
2009-08-26 21:40:07 -07:00
Stefan Metzmacher
40a6abd116
gsskrb5: make the check for dcestyle and conf_req_flag == 0 more explicit
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
560cb0c132
gsskrb5: fix ec and padding handling in _gssapi_unwrap_cfx_iov()
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
76f0fb9170
gsskrb5: fix ec and padding handling in _gssapi_wrap_cfx_iov()
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
f286dd5d64
gsskrb5: fix _gssapi_wrap_iov_length_cfx() - there's more than just krb5 overhead...
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
1a0423fd3d
gsskrb5: make _gk_allocate_buffer() non static
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
60725fd2f5
gsskrb5: add _gk_verify_buffers()
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:37 -07:00
Love Hornquist Astrand
6618ca5ffc
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 07:22:49 -07:00
Love Hornquist Astrand
56f90c5b19
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 07:16:28 -07:00
Love Hornquist Astrand
f465930be7
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 07:16:19 -07:00
Love Hornquist Astrand
dfd40e4403
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 07:16:09 -07:00
Love Hornquist Astrand
03cb3aa56b
use EVP_MD_CTX_create
2009-08-20 17:13:09 -07:00
Love Hornquist Astrand
88d55a1d06
Make compile for weak crypto global (HEIM_WEAK_CRYPTO) and use it for GSSAPI too
2009-08-17 18:06:42 +02:00
Love Hornquist Astrand
fc702a97f5
switch to use EVP interface instead of old crypto interface
2009-08-17 17:30:59 +02:00
Love Hornquist Astrand
62433c844c
switch to use EVP interface instead of old crypto interface
2009-08-17 16:02:45 +02:00
Love Hornquist Astrand
fcfa32b0b9
Use constant time memcmp
2009-08-17 12:04:51 +02:00
Love Hornquist Astrand
42cec58cb4
switch to use EVP interface instead of old crypto interface
2009-08-17 11:43:24 +02:00
Love Hornquist Astrand
ddb54ca483
switch to use EVP interface instead of old MDX_ style interface
2009-08-17 10:16:13 +02:00
Love Hornquist Astrand
13c3b9b1c6
switch to use EVP interface instead of old MDX_ style interface
2009-08-17 10:15:31 +02:00
Love Hornquist Astrand
639e93d436
switch to use EVP interface instead of old MDX_ style interface
2009-08-17 10:14:24 +02:00
Love Hornquist Astrand
3ef05891ee
switch to use EVP interface instead of old MDX_ style interface
2009-08-17 10:13:04 +02:00
Love Hornquist Astrand
ddb8230917
switch to use EVP interface instead of old MDX_ style interface
2009-08-17 10:10:42 +02:00
Love Hornquist Astrand
6ac304d156
Use min() instead of MIN()
2009-08-14 20:05:36 +02:00