oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,131 Commits 2 Branches 2 Tags
c403b660825f0f99451a805408f6a8ef354d1cd7
Commit Graph

37 Commits

Author SHA1 Message Date
Nicolas Williams
e48e75cd22 Better support for "non-standard" GSS mechs (fix) 2020-04-21 19:51:16 -05:00
Nicolas Williams
92c288994a Better support for "non-standard" GSS mechs 
If an initial security context token doesn't have a standard header per
RFC2743 then try all mechanisms until one succeeds or all fail.

We still try to guess NTLMSSP, raw Kerberos, and SPNEGO, from tasting
the initial security context token.
 2020-04-17 14:37:39 -05:00
Luke Howard
e8de24f236 gss: initialize mech output parameters in mechglue 
Initialize mechanism output parameters before calling mechanism
GSS_Accept_sec_context(), to behave robustly with poorly implemented mechanisms
that may return before initializing them.
 2020-03-02 17:17:03 +11:00
Luke Howard
e80248ed36 gss: add some missing GM_USE_MG_CRED checks 
GM_USE_MG_CRED allows a mechanism glue credential to be used by a mechanism
without additional wrapping. Although no extant mechanisms use this flag, the
flag had sporadic support in the mechanism glue already. In the interest of
consistency, add missing GM_USE_MG_CRED checks. If this functionality is not
desired, then all checks should be removed.
 2020-02-04 17:28:35 +11:00
Luke Howard
6af3ea9099 gss: merge enhanced Apple mechglue logging 
Add _gss_mg_log() and friends for logging from within the mechanism glue and
SPNEGO. These APIs wrap around the libkrb5 logging APIs.
 2020-02-04 17:28:35 +11:00
Luke Howard
31af9ba703 gss: use tail queue instead of singly linked list in mechglue 
The GSS mechglue uses singly linked lists for mechanisms and mechanism objects,
to which new entries are inserted at the head. This breaks ordering of
mechanisms specified in OID sets and in /etc/gss/mech, as they will be back to
front. Use a tail queue instead so that new entries are inserted at the end.
 2020-02-04 17:28:35 +11:00
Luke Howard
e9b3b2326d gssapi: remove non-mech status from _gss_mg_error() from Heimdal-520 
_gss_mg_error() should only handle mechanism-specific status codes which are
returned in minor_status. major_status has a global namespace.
 2019-01-03 14:38:39 -06:00
Luke Howard
83f15553e0 gssapi: import mechglue allocation utility functions from Heimdal-520 
Apple's Heimdal impelmentation uses a number of utility functions for
allocating names and credentials, to avoid calling malloc or calloc directly.
Import them.
 2019-01-03 14:38:39 -06:00
Luke Howard
728650f3dd gssapi: canonicalize mech OID in gss_accept_sec_context() 2019-01-03 17:54:32 +11:00
Nicolas Williams
774f166e31 First attempt s/\<const gss_.*_t/gss_const_.*_t/g 2013-06-02 15:30:58 -05:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
7c7dd8e1af prefix SLIST with HEIM 2010-12-12 11:45:35 -08:00
Asanka Herath
5dcc605f6b Fix calling conventions for Windows 2010-08-20 13:14:10 -04:00
Love Hornquist Astrand
609e8dd156 reset GSS_C_DELEG_FLAG when there is no consumer 2010-01-19 21:22:53 +00:00
Love Hornquist Astrand
d890db78a8 Drop RCSID 2009-09-10 09:06:18 -07:00
Love Hornquist Astrand
022e7d4319 Return unwrapped delegated credentials if the actual mech is not the called mech 
Assumes that pseudo mechs are are of how mechglue credentails look like and
return credentials like that.

Pointed out on krbdev by Nicolas Williams
 2009-08-26 22:32:50 -07:00
Love Hörnquist Åstrand
c9d5eca012 only set ret flags i we have them 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25195 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-06 19:04:26 +00:00
Love Hörnquist Åstrand
c4ed8e9588 point to msft documentation. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23875 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-08 16:14:41 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
6172e895f9 remove allocated_ctx. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23501 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-11 10:00:00 +00:00
Love Hörnquist Åstrand
dddffe995f Delete context on failure. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23500 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-11 09:59:55 +00:00
Love Hörnquist Åstrand
5fed824f37 its vs it\'s etc. From Bjorn Sandell 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22071 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-11-14 20:04:50 +00:00
Love Hörnquist Åstrand
b949891f64 Handle underlaying mech not returning mn. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21237 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-20 11:21:09 +00:00
Love Hörnquist Åstrand
c84d4731b3 Only wrap the delegated cred if we got a delegated mech cred. 
From Rafal Malinowski.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21187 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-20 03:30:45 +00:00
Love Hörnquist Åstrand
bee2a593cd dont keep track of gc_usage, just figure it out at gss_inquire_cred() time 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20626 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-05-08 13:56:49 +00:00
Love Hörnquist Åstrand
0406f11498 Reset out variables using propper macros. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19949 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-17 10:05:51 +00:00
Love Hörnquist Åstrand
8ed92d4e85 sprinkel _gss_mg_error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19928 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-16 10:37:54 +00:00
Love Hörnquist Åstrand
48eb7bea6f spelling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19844 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-11 10:40:42 +00:00
Love Hörnquist Åstrand
ef6b5a7236 Make compile. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19367 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-15 20:12:20 +00:00
Love Hörnquist Åstrand
e4ac6bf6ed Add detection of NTLMSSP. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19361 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-15 20:04:14 +00:00
Love Hörnquist Åstrand
53eeb7198a Try better guessing what is mech we are going to select by looking 
harder at the input_token, idea from Luke Howard's mechglue branch.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18981 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-10 03:30:12 +00:00
Love Hörnquist Åstrand
6c33791de5 SLIST_INIT the ->gc_mc 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18892 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-25 00:45:12 +00:00
Love Hörnquist Åstrand
6accd4715c (gss_accept_sec_context): if the token doesn't start with [APPLICATION 
0] SEQUENCE, lets assume its a DCE-style kerberos 5 connection. XXX
this needs to be made better in cause we get another GSS-API protocol
violating protocol. It should be possible to detach the Kerberos
DCE-style since it starts with a AP-REQ PDU, but that have to wait for
now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18167 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-25 19:24:48 +00:00
Love Hörnquist Åstrand
81e9020b7d Insert the delegated sub cred on the delegated cred handle, not cred handle 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17766 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-30 19:11:48 +00:00
Love Hörnquist Åstrand
f6770953cf (gss_accept_sec_context): handle the case where ret_flags == NULL 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17765 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-30 18:42:41 +00:00
Love Hörnquist Åstrand
d3f8f8e122 Bug fixes, cleanup, compiler warnings, restructure code. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17700 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 09:00:26 +00:00
Love Hörnquist Åstrand
2baa7e7d61 Initial revision 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17692 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:34:45 +00:00