oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,380 Commits 2 Branches 2 Tags
c9e5da9d2b9d1e9c81e69e1ed96e82f4bf5eee2c
Commit Graph

1082 Commits

Author SHA1 Message Date
Jeffrey Altman
217ada7a06 use const consistently for acquire_cred 
Change-Id: I000d954267efa16439e19b0604c660f3c5be791c
 2011-05-17 13:51:12 -04:00
Jeffrey Altman
771f29a451 remove extra initializers to krb5_mech 
Change-Id: Iee4d7dfd668a6e6da251b93dfd6ca3a7f7bcb062
 2011-05-17 13:44:04 -04:00
Jeffrey Altman
6c1ad560ea no C99 named struct initializers on Windows 
commit f5f9014c90 added the
first use of C99 named struct initializers which are not
supported on Windows.  Remove their use in external.c and
in ks_dir.c.

Change-Id: Ibb6b2d5b3dbd4041cb638d2c7a9bd6f916fd45d7
 2011-05-17 12:02:16 -04:00
Jeffrey Altman
6850d6a65f avoid uninit variable and unreachable code warnings 
most of these warnings are not problems because of ample
use of abort() calls.  However, the large number of warnings
makes it difficult to identify real problems.  Initialize
the variables to shut up the compilers.

Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
 2011-05-17 12:02:16 -04:00
Luke Howard
6d9be164b7 add GSS_C_INQ_SSPI_SESSION_KEY for Kerberos 2011-05-16 16:50:01 +02:00
Luke Howard
33d1877c21 use gss_const_OID for gss_acquire_cred_ext 2011-05-14 17:16:49 +02:00
Luke Howard
dfba868910 Merge branch 'master' into lukeh/acquire-cred-ex-moonshot-integ 
Conflicts:
	lib/gssapi/Makefile.am
	lib/gssapi/mech/gss_acquire_cred_with_password.c
	lib/gssapi/test_context.c
	lib/gssapi/version-script.map
 2011-05-14 16:48:49 +02:00
Luke Howard
3069d80734 Merge branch 'master' into lukeh/acquire-cred-ex 2011-05-14 14:56:16 +02:00
Luke Howard
272a30405f remove trailing whitespace 2011-05-14 14:51:41 +02:00
Luke Howard
eec71dac7c Revert "disable _gsskrb5_pname_to_uid, there's no aname_to_localname" 
This reverts commit ad69ac97b1.
 2011-05-14 14:51:10 +02:00
Luke Howard
9f2cd17add Revert "remove krb5 authorize_localname impl, there's no krb5_kuserok" 
This reverts commit 4b92552c1e.
 2011-05-14 14:51:08 +02:00
Luke Howard
ad69ac97b1 disable _gsskrb5_pname_to_uid, there's no aname_to_localname 2011-05-13 00:47:37 +02:00
Luke Howard
4b92552c1e remove krb5 authorize_localname impl, there's no krb5_kuserok 2011-05-13 00:46:14 +02:00
Luke Howard
8687bab419 correct switched order of pname_to_uid/authorize_localname 2011-05-13 00:41:18 +02:00
Luke Howard
f1aa972bb8 fix trailing comma 2011-05-12 13:04:59 +02:00
Luke Howard
e128b0ca01 Merge branch 'master' into lukeh/moonshot 
Conflicts:
	lib/gssapi/krb5/external.c
	lib/libedit/src/vi.c
 2011-05-12 13:04:55 +02:00
Love Hornquist Astrand
59f4918ef0 set the CFXSentByAcceptor flag, patch from Jaideep Padhye 2011-04-29 20:34:42 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Luke Howard
02cf28e20b implement gss_acquire_cred_ex with password support 
add missing SPIs to gss_mech_switch

s/acquire_cred_ex/acquire_cred_ext/g
 2011-04-16 11:06:24 +02:00
Love Hornquist Astrand
523d84b417 return error from lower layer 2011-04-14 12:54:16 -07:00
Love Hornquist Astrand
6f5b93fc8b return error from lower layer 2011-04-14 12:54:16 -07:00
Love Hornquist Astrand
ec88b5d043 move _gss_DES3_get_mic_compat to after ->target is set 
Patch from Roland Dowdeswell
 2011-04-14 12:54:15 -07:00
Luke Howard
0d7bc0c549 remove user_ok from gss_authorize_localname 2011-04-09 13:41:51 +10:00
Luke Howard
bac9c34172 authorize_localname SPI now includes nametype 2011-04-09 11:34:19 +10:00
Luke Howard
6c6e483e00 gss_authorize_localname implementation 2011-04-08 10:58:57 +10:00
Luke Howard
6ec5011d48 Merge branch 'master' into lukeh/moonshot 2011-04-08 09:05:36 +10:00
Love Hornquist Astrand
3d36172090 allow keytab specifiction to gsskrb5_register_acceptor_identity 2011-04-07 07:15:28 -07:00
Luke Howard
ca48b27fe7 add _gsskrb5_pname_to_uid implementation 2011-03-20 23:31:32 +11:00
Luke Howard
0dff021161 add krb5 glue for userok 2011-03-20 20:57:24 +11:00
Derrick Brashear
c5d0acb859 Correct "not newer" etypes per RFC 4121 
Section 1 of RFC 4121 describes behavior which
    applies when using "newer" etypes, then goes on in
    table form to list etypes which are not newer.
    While it specifies it is ok to use new token formats
    when both initiator and acceptor are known to handle them,
    this code makes no such verification, and encoded an
    incorrect set of etypes as "not newer". Correct the list.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-02-24 19:22:25 -08:00
Love Hornquist Astrand
7e1ba19fda setup cfx context, found by Jaideep Padhye 2011-02-02 21:37:26 -08:00
Andrew Tridgell
9e1d467534 s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERY 
this e_data field in a kerberos error packet tells windows to do clock
skew recovery.

See [MS-KILE] 2.2.1 KERB-ERROR-DATA

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-30 11:26:31 -08:00
Luke Howard
21c5987018 Rename GSS_IOV_BUFFER_TYPE_FLAG to GSS_IOV_BUFFER_FLAG 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-03 13:22:57 +01:00
Love Hornquist Astrand
2038d6f56e don't whine when principal is not found in cache, also, use krb5_cc function to make it not hit the network 2010-11-29 09:31:07 -08:00
Love Hornquist Astrand
5dcf0753f4 fill in all mo that make sense for now 2010-11-25 23:52:43 -08:00
Love Hornquist Astrand
6ca842c5b7 gss_indicate_mechs_by_attrs 2010-11-25 21:40:25 -08:00
Love Hornquist Astrand
c1069f8a36 add _gss_oid_name_table 2010-11-25 20:20:03 -08:00
Love Hornquist Astrand
bdc9112651 add missing symbols 2010-11-25 18:36:55 -08:00
Love Hornquist Astrand
dbeeb18a53 generate oids using table 2010-11-25 18:32:33 -08:00
Love Hornquist Astrand
2e31740f62 always check for error token in case of a failure 2010-11-08 13:40:01 -08:00
Andrew Bartlett
526aeef0c7 heimdal Add clock-skew handling to DCE-style GSSAPI 
The clock skew handling was previously only on properly wrapped
GSSAPI, and was skipped for DCE-style.  This allows the ASN.1 errors
from the krb5_rd_req to suggest parsing as a kerberos error packet.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-08 13:36:52 -08:00
Andrew Bartlett
5cc4d5d2bd heimdal Use a seperate krb5_auth_context for the delegated credentials 
This makes it much more clear that the timestamp written here is not
used in mutual authentication.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-02 20:47:12 -07:00
Asanka Herath
5dcc605f6b Fix calling conventions for Windows 2010-08-20 13:14:10 -04:00
Love Hornquist Astrand
083b8b63ee oids no longer compare to GSS_C_NO_OID 2010-07-22 23:21:44 -07:00
Love Hornquist Astrand
1021099f3d rename external so that they can be included in array and struct initializer 2010-07-22 20:47:04 -07:00
Love Hornquist Astrand
2b1645aa08 catch error from as.*printf 2010-05-30 13:44:41 -07:00
Love Hornquist Astrand
a7e8f05c9b Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] 
This was introduced by checking the Kerberos 5 checksum as a
alternative to the 8003 checksum.

Thanks to MIT Kerberos and Shawn Emery for forwarding this issue
 2010-05-26 11:53:31 -05:00
Love Hornquist Astrand
9f5772050b Match old code and use krb5_sname_to_principal on the imported name for acquire cred. 
Reported by Jan Rekorajski
 2009-12-13 22:55:36 -08:00
Love Hornquist Astrand
5b7780b997 use krb5_auth_con_getremoteseqnumber 2009-12-04 21:35:18 -08:00
Love Hornquist Astrand
c402cda0a4 use krb5_auth_con_getremoteseqnumber 2009-12-04 21:30:06 -08:00