Commit Graph

997 Commits

Author SHA1 Message Date
Love Hornquist Astrand
6ca842c5b7 gss_indicate_mechs_by_attrs 2010-11-25 21:40:25 -08:00
Love Hornquist Astrand
c1069f8a36 add _gss_oid_name_table 2010-11-25 20:20:03 -08:00
Love Hornquist Astrand
bdc9112651 add missing symbols 2010-11-25 18:36:55 -08:00
Love Hornquist Astrand
dbeeb18a53 generate oids using table 2010-11-25 18:32:33 -08:00
Love Hornquist Astrand
2e31740f62 always check for error token in case of a failure 2010-11-08 13:40:01 -08:00
Andrew Bartlett
526aeef0c7 heimdal Add clock-skew handling to DCE-style GSSAPI
The clock skew handling was previously only on properly wrapped
GSSAPI, and was skipped for DCE-style.  This allows the ASN.1 errors
from the krb5_rd_req to suggest parsing as a kerberos error packet.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-11-08 13:36:52 -08:00
Andrew Bartlett
5cc4d5d2bd heimdal Use a seperate krb5_auth_context for the delegated credentials
This makes it much more clear that the timestamp written here is not
used in mutual authentication.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-10-02 20:47:12 -07:00
Asanka Herath
5dcc605f6b Fix calling conventions for Windows 2010-08-20 13:14:10 -04:00
Love Hornquist Astrand
083b8b63ee oids no longer compare to GSS_C_NO_OID 2010-07-22 23:21:44 -07:00
Love Hornquist Astrand
1021099f3d rename external so that they can be included in array and struct initializer 2010-07-22 20:47:04 -07:00
Love Hornquist Astrand
2b1645aa08 catch error from as.*printf 2010-05-30 13:44:41 -07:00
Love Hornquist Astrand
a7e8f05c9b Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
This was introduced by checking the Kerberos 5 checksum as a
alternative to the 8003 checksum.

Thanks to MIT Kerberos and Shawn Emery for forwarding this issue
2010-05-26 11:53:31 -05:00
Love Hornquist Astrand
9f5772050b Match old code and use krb5_sname_to_principal on the imported name for acquire cred.
Reported by Jan Rekorajski
2009-12-13 22:55:36 -08:00
Love Hornquist Astrand
5b7780b997 use krb5_auth_con_getremoteseqnumber 2009-12-04 21:35:18 -08:00
Love Hornquist Astrand
c402cda0a4 use krb5_auth_con_getremoteseqnumber 2009-12-04 21:30:06 -08:00
Love Hornquist Astrand
5a23717814 use krb5_auth_con_getremoteseqnumber 2009-12-04 21:29:48 -08:00
Love Hornquist Astrand
75a61b8842 krb5_build_authenticator is private 2009-10-05 22:09:23 -07:00
Love Hornquist Astrand
a132ffe757 Simplify krb5_build_authenticator and unexport 2009-10-05 19:52:28 -07:00
Love Hornquist Astrand
9e13b309d9 use krb5_make_principal 2009-10-04 11:29:43 -07:00
Love Hornquist Astrand
914417c5c8 Remove unused structure 2009-09-19 13:55:34 -07:00
Stefan Metzmacher
103cc941eb gssapi/krb5: set cred_handle in _gsskrb5_import_cred
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-09-18 14:29:50 -07:00
Love Hornquist Astrand
8f376895ae drop export symbol 2009-08-29 08:51:00 -07:00
Stefan Metzmacher
2f1a370cd3 hack for gss-wrap-iov to it work
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-28 13:31:12 -07:00
Love Hornquist Astrand
74538fc2af Plug memory leak in prf function 2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
6c3f3fafa3 Don't leak kerberos credentials when trying dns canon 2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
1999c85670 Make mech glue layer aware of composite mechs that uses mech glue layer credentials
This make it possible to use krb5/ntlm credentials with SPNEGO.
Needs some more work to avoid double fetching credentials.
2009-08-27 12:12:44 -07:00
Love Hornquist Astrand
d18cdee577 don't reset EC 2009-08-26 22:52:26 -07:00
Love Hornquist Astrand
559103b218 if not trailer set, init EC to 0 2009-08-26 21:40:07 -07:00
Stefan Metzmacher
40a6abd116 gsskrb5: make the check for dcestyle and conf_req_flag == 0 more explicit
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
560cb0c132 gsskrb5: fix ec and padding handling in _gssapi_unwrap_cfx_iov()
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
76f0fb9170 gsskrb5: fix ec and padding handling in _gssapi_wrap_cfx_iov()
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
f286dd5d64 gsskrb5: fix _gssapi_wrap_iov_length_cfx() - there's more than just krb5 overhead...
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
1a0423fd3d gsskrb5: make _gk_allocate_buffer() non static
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
60725fd2f5 gsskrb5: add _gk_verify_buffers()
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:37 -07:00
Love Hornquist Astrand
6618ca5ffc switch to EVP_MD_CTX_create() and thus make smaller 2009-08-21 07:22:49 -07:00
Love Hornquist Astrand
56f90c5b19 switch to EVP_MD_CTX_create() and thus make smaller 2009-08-21 07:16:28 -07:00
Love Hornquist Astrand
f465930be7 switch to EVP_MD_CTX_create() and thus make smaller 2009-08-21 07:16:19 -07:00
Love Hornquist Astrand
dfd40e4403 switch to EVP_MD_CTX_create() and thus make smaller 2009-08-21 07:16:09 -07:00
Love Hornquist Astrand
03cb3aa56b use EVP_MD_CTX_create 2009-08-20 17:13:09 -07:00
Love Hornquist Astrand
88d55a1d06 Make compile for weak crypto global (HEIM_WEAK_CRYPTO) and use it for GSSAPI too 2009-08-17 18:06:42 +02:00
Love Hornquist Astrand
fc702a97f5 switch to use EVP interface instead of old crypto interface 2009-08-17 17:30:59 +02:00
Love Hornquist Astrand
62433c844c switch to use EVP interface instead of old crypto interface 2009-08-17 16:02:45 +02:00
Love Hornquist Astrand
fcfa32b0b9 Use constant time memcmp 2009-08-17 12:04:51 +02:00
Love Hornquist Astrand
42cec58cb4 switch to use EVP interface instead of old crypto interface 2009-08-17 11:43:24 +02:00
Love Hornquist Astrand
ddb54ca483 switch to use EVP interface instead of old MDX_ style interface 2009-08-17 10:16:13 +02:00
Love Hornquist Astrand
13c3b9b1c6 switch to use EVP interface instead of old MDX_ style interface 2009-08-17 10:15:31 +02:00
Love Hornquist Astrand
639e93d436 switch to use EVP interface instead of old MDX_ style interface 2009-08-17 10:14:24 +02:00
Love Hornquist Astrand
3ef05891ee switch to use EVP interface instead of old MDX_ style interface 2009-08-17 10:13:04 +02:00
Love Hornquist Astrand
ddb8230917 switch to use EVP interface instead of old MDX_ style interface 2009-08-17 10:10:42 +02:00
Love Hornquist Astrand
6ac304d156 Use min() instead of MIN() 2009-08-14 20:05:36 +02:00