oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,047 Commits 2 Branches 2 Tags
e80248ed363b11c64d4577f94fb65cdb6712ef5d
Commit Graph

66 Commits

Author SHA1 Message Date
Luke Howard
6af3ea9099 gss: merge enhanced Apple mechglue logging 
Add _gss_mg_log() and friends for logging from within the mechanism glue and
SPNEGO. These APIs wrap around the libkrb5 logging APIs.
 2020-02-04 17:28:35 +11:00
Luke Howard
31af9ba703 gss: use tail queue instead of singly linked list in mechglue 
The GSS mechglue uses singly linked lists for mechanisms and mechanism objects,
to which new entries are inserted at the head. This breaks ordering of
mechanisms specified in OID sets and in /etc/gss/mech, as they will be back to
front. Use a tail queue instead so that new entries are inserted at the end.
 2020-02-04 17:28:35 +11:00
Luke Howard
64d5d138a9 gss: mechanism optional interfaces 
Make mechanism interfaces that are optional in usage, optional in
implementation, i.e. do not require them to be present when dynamically loading
a mechanism. In order to aid minimal mechanism implementation, more of these
should likely be made optional (this will require an additional check in the
mechglue to return GSS_S_UNAVAILABLE if the function pointer is NULL). This is
left as a future exercise.
 2020-02-04 17:28:35 +11:00
Luke Howard
735039dbdc gssapi: implement gss_set_neg_mechs() (#495) 
Implementation of gss_set_neg_mechs() and gss_get_neg_mechs() as defined in RFC
4178. New gss_release_cred_by_mech() API for dropping a credential from a
mechanism glue credential.
 2019-01-04 15:50:11 +11:00
Luke Howard
befe1b8f90 always load plugins with RTLD_LOCAL/RTLD_GROUP if available 2019-01-03 20:06:27 -06:00
Luke Howard
e0bb9c10ca gssapi: credential store extensions (#451) 
Implement the GSS-API credential store API extensions defined by MIT here:

https://k5wiki.kerberos.org/wiki/Projects/Credential_Store_extensions

Note: we kill off gss_acquire_cred_ext() here. This was never a public API,
although mechanisms could have implemented it and I briefly used it in my
BrowserID prototype mechanism. gss_acquire_cred_ext_from() occupies the place
in the dispatch table where gss_acquire_cred_ext() used to, but this structure
was never visible outside Heimdal (i.e. it is only used by internal
mechanisms);

(Mechanisms that need to accept arbitrary key/value dictionaries from
applications should now implement gss_acquire_cred_from().)
 2019-01-03 14:38:39 -06:00
Luke Howard
728650f3dd gssapi: canonicalize mech OID in gss_accept_sec_context() 2019-01-03 17:54:32 +11:00
Luke Howard
29fe69f95f gssapi: fix dlsym() return value casting 
Fix warnings on Windows (and possibly other platforms) but appropriately
casting the return value of dlsym().
 2019-01-03 17:53:15 +11:00
Luke Howard
7e0ff63b38 gssapi: add OPTSYM for gss_duplicate_cred() (#487) 
Allow API-as-SPI mechanisms to provide gss_duplicate_cred(), introduced
in e6d1c108.
 2018-12-29 20:22:12 +11:00
Luke Howard
3c92747f2a gss: fix leak in add_builtin() if interning OID fails 
4a93c477 (#447) introduced a leak in add_builtin().  Reported by
jaltman@auristor.com.
 2018-12-23 15:34:27 +11:00
Luke Howard
4a93c4774a gss: intern OIDs (#447) 
Intern OIDs so that gss_release_oid() can be a NOOP.
 2018-12-18 23:28:38 -06:00
Gary Lockyer
1c8cae58cc heimdal: Use #ifdef HAVE_DLOPEN around functions and variables used by HAVE_DLOPEN 
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
 2018-09-10 14:40:51 -04:00
Luke Howard
788d39b3ce set m->gm_mech.gm_name 2014-01-04 16:31:01 +11:00
Luke Howard
4ff005a6a4 gm_mech_oid must be set 
mechanism credentials created by dynamically loaded mechanisms do not work
because the gm_mech_oid field is unset for such mechanisms (instead, only
gm_mech.gm_mech_oid is).
 2014-01-04 15:58:10 +11:00
Luke Howard
07777511d1 implement gss_localname 2011-10-08 12:15:09 +11:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Luke Howard
79ff133ae9 make gss_acquire_cred_ext private 2011-05-20 14:31:08 +02:00
Luke Howard
cbebf13216 acquire_cred_with_password is a SPI symbol 2011-05-14 17:09:20 +02:00
Luke Howard
48719d5651 shim acquire_cred_with_password SPI into acquire_cred_ext 2011-05-14 17:00:55 +02:00
Luke Howard
dfba868910 Merge branch 'master' into lukeh/acquire-cred-ex-moonshot-integ 
Conflicts:
	lib/gssapi/Makefile.am
	lib/gssapi/mech/gss_acquire_cred_with_password.c
	lib/gssapi/test_context.c
	lib/gssapi/version-script.map
 2011-05-14 16:48:49 +02:00
Luke Howard
3069d80734 Merge branch 'master' into lukeh/acquire-cred-ex 2011-05-14 14:56:16 +02:00
Luke Howard
d1b553aae2 add some loopback detection in GSS dynamic loading 2011-05-13 02:27:01 +02:00
Luke Howard
6971125a79 add some loopback detection in GSS dynamic loading 2011-05-13 02:26:41 +02:00
Luke Howard
5dc4aeee49 Merge branch 'master' into lukeh/moonshot 
Conflicts:
	lib/gssapi/mech/gss_mech_switch.c
 2011-05-13 00:19:01 +02:00
Luke Howard
b323601091 mechglue fixes 
- support gssspi_set_cred_option
- pick up OID sets of names for dynamic mechs
 2011-05-13 00:16:56 +02:00
Luke Howard
02cf28e20b implement gss_acquire_cred_ex with password support 
add missing SPIs to gss_mech_switch

s/acquire_cred_ex/acquire_cred_ext/g
 2011-04-16 11:06:24 +02:00
Luke Howard
6c6e483e00 gss_authorize_localname implementation 2011-04-08 10:58:57 +10:00
Luke Howard
d116a78297 add missing exports 2011-03-21 23:53:17 +11:00
Luke Howard
e78371829c implement gss_userok/gss_pname_to_uid 2011-03-20 20:34:59 +11:00
Luke Howard
9455577b65 Merge branch 'master' of github.com:heimdal/heimdal 
Conflicts:
	lib/gssapi/gssapi/gssapi.h
	lib/gssapi/gssapi_mech.h
	lib/gssapi/mech/gss_mech_switch.c
 2011-03-20 19:08:10 +11:00
Love Hornquist Astrand
4248882381 drop gss_name_any since it removed from the draft 2011-03-12 12:49:42 -08:00
Love Hornquist Astrand
fbf5cff0ac Patch from Luke Howard to allow dynamic gss_mo 2011-03-12 12:45:53 -08:00
Luke Howard
2b2ab30f53 Add naming extension SPIs 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-03-12 12:35:43 -08:00
Luke Howard
4304e719a6 Add SPI for dynamically loading mechanism object information 2011-01-09 22:16:18 +11:00
Luke Howard
45cd381f53 Cleanup API-as-SPI compatibility layer 2011-01-09 22:05:27 +11:00
Luke Howard
0b4f6bbfc2 Use RTLD_GROUP 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-03 13:21:47 +01:00
Luke Howard
5b47a8816d MIT SASL/attribute introspection SPI compat 2011-01-03 22:51:51 +11:00
Luke Howard
cace66a435 Add naming extension SPIs 2011-01-03 14:45:07 +11:00
Luke Howard
77121ec58c Use RTLD_GROUP 2011-01-03 14:05:47 +11:00
Luke Howard
098148ac20 MIT SPI compat 2011-01-02 20:30:57 +11:00
Love Hornquist Astrand
7c7dd8e1af prefix SLIST with HEIM 2010-12-12 11:45:35 -08:00
Love Hornquist Astrand
ab9267c04e constify 2010-11-25 19:20:26 -08:00
Love Hornquist Astrand
eadb8838cb use calloc(), indent more prettier 2009-12-14 21:40:16 -08:00
Love Hornquist Astrand
a740ee89bc Check for duplicates, already loaded mechs 2009-12-14 17:16:59 -08:00
Love Hornquist Astrand
d890db78a8 Drop RCSID 2009-09-10 09:06:18 -07:00
Love Hornquist Astrand
c81b66aa0c init gm_flags for dynamic modules 2009-08-29 08:53:16 -07:00
Love Hörnquist Åstrand
ea4bb739c5 include ntlm module 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24483 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-25 20:50:05 +00:00
Love Hörnquist Åstrand
7f6d448621 implement the new gss_*_iov interfaces 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24055 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-12-11 04:49:37 +00:00
Love Hörnquist Åstrand
dc5e4b8033 try handle gss_import_name() better, its not really perfect, its breaks spengo inquire_names_for_mech, but that less common.... 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24026 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-11-12 04:18:15 +00:00
Love Hörnquist Åstrand
a002d9be31 heimdal smaller includes no ntlm, again 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23972 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-26 18:23:34 +00:00