oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
24,142 Commits 2 Branches 2 Tags
c99b2003e283d5d94d70f1ac47e47cc203a22e08
Commit Graph

81 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
c99b2003e2 Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25286 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-22 17:56:41 +00:00
Love Hörnquist Åstrand
cae7efb522 Make KRB5KRB_AP_ERR_TKT_NYV trigger error_token too. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25128 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-16 08:31:15 +00:00
Love Hörnquist Åstrand
06e0f0d12f use krb5_cc_new_unique, use constants for cache types 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25051 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-03 04:05:59 +00:00
Love Hörnquist Åstrand
269a7a057b flatten include headers 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24382 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-25 00:35:00 +00:00
Love Hörnquist Åstrand
9586101a49 use the krb5_crypto directly, skipping some per packet calculation, make cfx handling simpler 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24067 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:52:10 +00:00
Love Hörnquist Åstrand
d4f5c19c1d make IS_CFX a more_flag 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24057 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:50:22 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
70a00b7fab Only send KRB_ERROR token when there is clock skew, limits when we 
send KRB-ERROR for non-MUTUAL tokens.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23541 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-16 22:59:26 +00:00
Love Hörnquist Åstrand
a48756092c If there is a initiator subkey, copy that to acceptor subkey to match 
windows behavior. From Metze.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23528 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-08-14 23:29:40 +00:00
Love Hörnquist Åstrand
f9dc9da0a9 No reply in non-MUTUAL mode, but we don't know that its non-MUTUAL 
mode yet, thats inside the 8003 checksum.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23433 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-26 18:44:26 +00:00
Love Hörnquist Åstrand
d847a7a67f Reset minor_status to 0. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23431 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-26 18:41:36 +00:00
Love Hörnquist Åstrand
9ca267f328 Always return GSS_S_CONTINUE_NEEDED, pointed out from Metze. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23430 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-26 18:41:16 +00:00
Love Hörnquist Åstrand
39fe446983 Support parsing KRB-ERROR passed back from windows server when the time is out of sync, modify krb5_cc_[sg]et_config interface to handle principals too, add tests for this 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23420 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-26 18:37:48 +00:00
Love Hörnquist Åstrand
dde69289ca Explain why we don't destroy the ccache. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20199 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-02-07 22:36:39 +00:00
Love Hörnquist Åstrand
00bcd44370 Switch from using a specific error message context in the TLS to have 
a whole krb5_context in TLS. This have some interestion side-effekts
for the configruration setting options since they operate on
per-thread basis now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19031 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-13 18:02:57 +00:00
Love Hörnquist Åstrand
3dced0866c (gsskrb5_acceptor_start): use krb5_rd_req_ctx 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18930 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-07 14:52:05 +00:00
Love Hörnquist Åstrand
8051eadfb4 (gsskrb5_accept_delegated_token): need to free ccache 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18895 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-25 04:19:45 +00:00
Love Hörnquist Åstrand
dfa6f7b248 reference all include files using krb5/ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18334 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 22:16:04 +00:00
Love Hörnquist Åstrand
67b56ea02a indent comment 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18208 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-02 21:18:42 +00:00
Love Hörnquist Åstrand
7d573742a1 Merge of the acceptor part from the samba patch by Stefan Metzmacher 
and Andrew Bartlet.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18152 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-22 14:52:11 +00:00
Love Hörnquist Åstrand
24397fd675 reimplement gsskrb5_register_acceptor_identity 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17847 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-07-20 02:28:37 +00:00
Love Hörnquist Åstrand
2cdda8a767 (_gsskrb5_accept_sec_context): use GSS_C_NO_NAME 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17826 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-07-10 18:28:22 +00:00
Love Hörnquist Åstrand
03567db502 make gss_name_t an opaque type 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17736 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-29 07:27:26 +00:00
Love Hörnquist Åstrand
ee09f98c15 Rename local include file, remove global files. 
Stop exposing global gssapi symbols.
Rename gss_context_id_t and gss_cred_id_t to local names.
Remove SPNEGO code, its now in its own gssapi module.
Add mechglue inquire functions.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17697 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-28 08:54:04 +00:00
Love Hörnquist Åstrand
dd796d90c2 (gsskrb5_is_cfx): always set is_cfx. From Andrew Abartlet. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17523 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-09 07:16:39 +00:00
Love Hörnquist Åstrand
e4f39fc8ae Use gss_krb5_import_cred 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16294 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-11-25 15:57:35 +00:00
Love Hörnquist Åstrand
2a0d1e1d88 (gsskrb5_accept_delegated_token): rewrite to use gss_krb5_import_ccache 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16280 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-11-02 08:55:19 +00:00
Love Hörnquist Åstrand
9ae8bc983a Prefix Der_class with ASN1_C_ to avoid problems with system 
headerfiles that pollute the name space.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15264 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-29 15:13:10 +00:00
Love Hörnquist Åstrand
d0443e2058 prefix all sequence symbols with _, they are not part of the GSS-API api. By comment from Wynn Wilkes <wynnw@vintela.com> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14989 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-04-27 17:51:27 +00:00
Love Hörnquist Åstrand
e743a6ca8a break out the processing of the delegated credential to a separate 
function to make error handling easier, move the credential handling
to after other setup is done


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14764 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-04-10 15:01:21 +00:00
Luke Howard
cdddef90f9 allow client to indicate that subkey should be used 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14445 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-01-05 02:32:05 +00:00
Love Hörnquist Åstrand
7055cb55cc (send_accept): use _gss_spnego_require_mechlist_mic to figure out if 
we need to send MechList


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13693 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-07 14:22:44 +00:00
Love Hörnquist Åstrand
503d84b4f9 (gsskrb5_register_acceptor_identity): allow reseting to default keytab 
by passing in NULL as identity.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13689 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-05 20:17:26 +00:00
Love Hörnquist Åstrand
384bd1719c (gsskrb5_is_cfx): krb5_keyblock->keytype is an enctype, not keytype 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13687 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-05 19:22:01 +00:00
Love Hörnquist Åstrand
2cd2a26a21 remove unused variable 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13686 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-05 14:53:53 +00:00
Love Hörnquist Åstrand
3e8096a511 use ASN1_MALLOC_ENCODE 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13685 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-04-05 13:57:33 +00:00
Love Hörnquist Åstrand
fb53d3762e handle acceptor asserted subkey 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13519 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-14 16:31:02 +00:00
Love Hörnquist Åstrand
912dfa6eee (spnego_accept_sec_context): make sure the length of the choice 
element doesn't overrun us


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13445 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-07 14:26:20 +00:00
Love Hörnquist Åstrand
b10b3f845a use krb5_auth_con_addflags 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13190 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-12-07 17:14:09 +00:00
Love Hörnquist Åstrand
3882d8ca5f Don't require timestamp to be set on delegated token, its already 
protected by the outer token (and windows doesn't alway send it)
Pointed out by Zi-Bin Yang <zbyang@decru.com> on heimdal-discuss


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13128 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-11-22 22:42:16 +00:00
Love Hörnquist Åstrand
63904d7af3 (gsskrb5_accept_sec_context): set sequence number when not requesting 
mutual auth
From: Luke Howard <lukeh@PADL.COM>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12839 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-17 04:20:33 +00:00
Love Hörnquist Åstrand
1448ad988f SPNEGO doesn't include gss wrapping on SubsequentContextToken like the 
Kerberos 5 mech does.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12802 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-09 10:54:09 +00:00
Love Hörnquist Åstrand
aa2eabd394 Add support for SPNEGO on the initator side. Implementation initially 
from Assar Westerlund, passes though quite a lot of hands before I
commited it.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12794 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-09 03:28:54 +00:00
Love Hörnquist Åstrand
c8cf8c9880 encap/decap now takes a oid 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12639 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-08-25 20:02:49 +00:00
Love Hörnquist Åstrand
090bb1f54b don't clear output_token twice 
remember to free data
use sequence number verifier


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12364 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-06-17 03:57:49 +00:00
Love Hörnquist Åstrand
63b7fe118d (gss_accept_sec_context): make sure time is returned in seconds from 
now, not in kerberos time


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12347 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-06-03 15:25:41 +00:00
Love Hörnquist Åstrand
42f3fc029a - do some basic locking (no reference counting so contexts can be 
removed while still used)
- don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct
- make sure all lifetime are returned in seconds left until expired,
  not in unix epoch


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12317 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-05-21 14:52:14 +00:00
Love Hörnquist Åstrand
ad83859f1a (gss_accept_sec_context): take care to set export value to something 
sane before we start so caller will have harmless values in them if we
failed, set lifetime from ticket expiration date


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11739 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-03-16 17:41:12 +00:00
Love Hörnquist Åstrand
f9ab95a942 (gss_accept_sec_context): check if we need compat for older get_mic/verify_mic 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11617 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-01-27 14:03:29 +00:00