Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						dbeeb18a53 
					 
					
						
						
							
							generate oids using table  
						
						
						
						
					 
					
						2010-11-25 18:32:33 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						2e31740f62 
					 
					
						
						
							
							always check for error token in case of a failure  
						
						
						
						
					 
					
						2010-11-08 13:40:01 -08:00 
						 
				 
			
				
					
						
							
							
								Andrew Bartlett 
							
						 
					 
					
						
						
							
						
						526aeef0c7 
					 
					
						
						
							
							heimdal Add clock-skew handling to DCE-style GSSAPI  
						
						... 
						
						
						
						The clock skew handling was previously only on properly wrapped
GSSAPI, and was skipped for DCE-style.  This allows the ASN.1 errors
from the krb5_rd_req to suggest parsing as a kerberos error packet.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2010-11-08 13:36:52 -08:00 
						 
				 
			
				
					
						
							
							
								Andrew Bartlett 
							
						 
					 
					
						
						
							
						
						5cc4d5d2bd 
					 
					
						
						
							
							heimdal Use a seperate krb5_auth_context for the delegated credentials  
						
						... 
						
						
						
						This makes it much more clear that the timestamp written here is not
used in mutual authentication.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2010-10-02 20:47:12 -07:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						5dcc605f6b 
					 
					
						
						
							
							Fix calling conventions for Windows  
						
						
						
						
					 
					
						2010-08-20 13:14:10 -04:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						083b8b63ee 
					 
					
						
						
							
							oids no longer compare to GSS_C_NO_OID  
						
						
						
						
					 
					
						2010-07-22 23:21:44 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						1021099f3d 
					 
					
						
						
							
							rename external so that they can be included in array and struct initializer  
						
						
						
						
					 
					
						2010-07-22 20:47:04 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						2b1645aa08 
					 
					
						
						
							
							catch error from as.*printf  
						
						
						
						
					 
					
						2010-05-30 13:44:41 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						a7e8f05c9b 
					 
					
						
						
							
							Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]  
						
						... 
						
						
						
						This was introduced by checking the Kerberos 5 checksum as a
alternative to the 8003 checksum.
Thanks to MIT Kerberos and Shawn Emery for forwarding this issue 
						
						
					 
					
						2010-05-26 11:53:31 -05:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						9f5772050b 
					 
					
						
						
							
							Match old code and use krb5_sname_to_principal on the imported name for acquire cred.  
						
						... 
						
						
						
						Reported by Jan Rekorajski 
						
						
					 
					
						2009-12-13 22:55:36 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						5b7780b997 
					 
					
						
						
							
							use krb5_auth_con_getremoteseqnumber  
						
						
						
						
					 
					
						2009-12-04 21:35:18 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						c402cda0a4 
					 
					
						
						
							
							use krb5_auth_con_getremoteseqnumber  
						
						
						
						
					 
					
						2009-12-04 21:30:06 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						5a23717814 
					 
					
						
						
							
							use krb5_auth_con_getremoteseqnumber  
						
						
						
						
					 
					
						2009-12-04 21:29:48 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						75a61b8842 
					 
					
						
						
							
							krb5_build_authenticator is private  
						
						
						
						
					 
					
						2009-10-05 22:09:23 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						a132ffe757 
					 
					
						
						
							
							Simplify krb5_build_authenticator and unexport  
						
						
						
						
					 
					
						2009-10-05 19:52:28 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						9e13b309d9 
					 
					
						
						
							
							use krb5_make_principal  
						
						
						
						
					 
					
						2009-10-04 11:29:43 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						914417c5c8 
					 
					
						
						
							
							Remove unused structure  
						
						
						
						
					 
					
						2009-09-19 13:55:34 -07:00 
						 
				 
			
				
					
						
							
							
								Stefan Metzmacher 
							
						 
					 
					
						
						
							
						
						103cc941eb 
					 
					
						
						
							
							gssapi/krb5: set cred_handle in _gsskrb5_import_cred  
						
						... 
						
						
						
						metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2009-09-18 14:29:50 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						8f376895ae 
					 
					
						
						
							
							drop export symbol  
						
						
						
						
					 
					
						2009-08-29 08:51:00 -07:00 
						 
				 
			
				
					
						
							
							
								Stefan Metzmacher 
							
						 
					 
					
						
						
							
						
						2f1a370cd3 
					 
					
						
						
							
							hack for gss-wrap-iov to it work  
						
						... 
						
						
						
						Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2009-08-28 13:31:12 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						74538fc2af 
					 
					
						
						
							
							Plug memory leak in prf function  
						
						
						
						
					 
					
						2009-08-27 18:30:28 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						6c3f3fafa3 
					 
					
						
						
							
							Don't leak kerberos credentials when trying dns canon  
						
						
						
						
					 
					
						2009-08-27 18:30:28 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						1999c85670 
					 
					
						
						
							
							Make mech glue layer aware of composite mechs that uses mech glue layer credentials  
						
						... 
						
						
						
						This make it possible to use krb5/ntlm credentials with SPNEGO.
Needs some more work to avoid double fetching credentials. 
						
						
					 
					
						2009-08-27 12:12:44 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						d18cdee577 
					 
					
						
						
							
							don't reset EC  
						
						
						
						
					 
					
						2009-08-26 22:52:26 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						559103b218 
					 
					
						
						
							
							if not trailer set, init EC to 0  
						
						
						
						
					 
					
						2009-08-26 21:40:07 -07:00 
						 
				 
			
				
					
						
							
							
								Stefan Metzmacher 
							
						 
					 
					
						
						
							
						
						40a6abd116 
					 
					
						
						
							
							gsskrb5: make the check for dcestyle and conf_req_flag == 0 more explicit  
						
						... 
						
						
						
						metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2009-08-25 23:34:38 -07:00 
						 
				 
			
				
					
						
							
							
								Stefan Metzmacher 
							
						 
					 
					
						
						
							
						
						560cb0c132 
					 
					
						
						
							
							gsskrb5: fix ec and padding handling in _gssapi_unwrap_cfx_iov()  
						
						... 
						
						
						
						metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2009-08-25 23:34:38 -07:00 
						 
				 
			
				
					
						
							
							
								Stefan Metzmacher 
							
						 
					 
					
						
						
							
						
						76f0fb9170 
					 
					
						
						
							
							gsskrb5: fix ec and padding handling in _gssapi_wrap_cfx_iov()  
						
						... 
						
						
						
						metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2009-08-25 23:34:38 -07:00 
						 
				 
			
				
					
						
							
							
								Stefan Metzmacher 
							
						 
					 
					
						
						
							
						
						f286dd5d64 
					 
					
						
						
							
							gsskrb5: fix _gssapi_wrap_iov_length_cfx() - there's more than just krb5 overhead...  
						
						... 
						
						
						
						metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2009-08-25 23:34:38 -07:00 
						 
				 
			
				
					
						
							
							
								Stefan Metzmacher 
							
						 
					 
					
						
						
							
						
						1a0423fd3d 
					 
					
						
						
							
							gsskrb5: make _gk_allocate_buffer() non static  
						
						... 
						
						
						
						metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2009-08-25 23:34:38 -07:00 
						 
				 
			
				
					
						
							
							
								Stefan Metzmacher 
							
						 
					 
					
						
						
							
						
						60725fd2f5 
					 
					
						
						
							
							gsskrb5: add _gk_verify_buffers()  
						
						... 
						
						
						
						metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2009-08-25 23:34:37 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						6618ca5ffc 
					 
					
						
						
							
							switch to EVP_MD_CTX_create() and thus make smaller  
						
						
						
						
					 
					
						2009-08-21 07:22:49 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						56f90c5b19 
					 
					
						
						
							
							switch to EVP_MD_CTX_create() and thus make smaller  
						
						
						
						
					 
					
						2009-08-21 07:16:28 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						f465930be7 
					 
					
						
						
							
							switch to EVP_MD_CTX_create() and thus make smaller  
						
						
						
						
					 
					
						2009-08-21 07:16:19 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						dfd40e4403 
					 
					
						
						
							
							switch to EVP_MD_CTX_create() and thus make smaller  
						
						
						
						
					 
					
						2009-08-21 07:16:09 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						03cb3aa56b 
					 
					
						
						
							
							use EVP_MD_CTX_create  
						
						
						
						
					 
					
						2009-08-20 17:13:09 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						88d55a1d06 
					 
					
						
						
							
							Make compile for weak crypto global (HEIM_WEAK_CRYPTO) and use it for GSSAPI too  
						
						
						
						
					 
					
						2009-08-17 18:06:42 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						fc702a97f5 
					 
					
						
						
							
							switch to use EVP interface instead of old crypto interface  
						
						
						
						
					 
					
						2009-08-17 17:30:59 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						62433c844c 
					 
					
						
						
							
							switch to use EVP interface instead of old crypto interface  
						
						
						
						
					 
					
						2009-08-17 16:02:45 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						fcfa32b0b9 
					 
					
						
						
							
							Use constant time memcmp  
						
						
						
						
					 
					
						2009-08-17 12:04:51 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						42cec58cb4 
					 
					
						
						
							
							switch to use EVP interface instead of old crypto interface  
						
						
						
						
					 
					
						2009-08-17 11:43:24 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						ddb54ca483 
					 
					
						
						
							
							switch to use EVP interface instead of old MDX_ style interface  
						
						
						
						
					 
					
						2009-08-17 10:16:13 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						13c3b9b1c6 
					 
					
						
						
							
							switch to use EVP interface instead of old MDX_ style interface  
						
						
						
						
					 
					
						2009-08-17 10:15:31 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						639e93d436 
					 
					
						
						
							
							switch to use EVP interface instead of old MDX_ style interface  
						
						
						
						
					 
					
						2009-08-17 10:14:24 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						3ef05891ee 
					 
					
						
						
							
							switch to use EVP interface instead of old MDX_ style interface  
						
						
						
						
					 
					
						2009-08-17 10:13:04 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						ddb8230917 
					 
					
						
						
							
							switch to use EVP interface instead of old MDX_ style interface  
						
						
						
						
					 
					
						2009-08-17 10:10:42 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						6ac304d156 
					 
					
						
						
							
							Use min() instead of MIN()  
						
						
						
						
					 
					
						2009-08-14 20:05:36 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						95993f222c 
					 
					
						
						
							
							Fix order of flags, passes regression test now  
						
						
						
						
					 
					
						2009-08-05 13:42:34 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						0ede7ac561 
					 
					
						
						
							
							Pass down the use-dce-style flag instead of the while gssapi krb5 context  
						
						
						
						
					 
					
						2009-08-05 12:00:07 +02:00 
						 
				 
			
				
					
						
							
							
								Stefan Metzmacher 
							
						 
					 
					
						
						
							
						
						ab9e5d13ec 
					 
					
						
						
							
							gsskrb5: try to be compatible with windows for gss_wrap* and cfx  
						
						... 
						
						
						
						The good thing is that windows and heimdal both use EC=0
in the non DCE_STYLE case, so we need the windows compat hack
only in DCE_STYLE mode.
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2009-08-04 20:22:05 +02:00