Viktor Dukhovni 
							
						 
					 
					
						
						
							
						
						fca6363307 
					 
					
						
						
							
							Drop delegated creds when target is NULL  
						
						... 
						
						
						
						In gsskrb5_accept_delegated_token() it is wrong to store the delegated
credentials in the default ccache by default.  When the caller does not
provide a target credential handle, we just do nothing and return success.
Test the return value of gsskrb5_accept_delegated_token() against
GSS_S_COMPLETE, rather than 0. 
						
						
					 
					
						2015-03-10 03:07:29 +00:00 
						 
				 
			
				
					
						
							
							
								Nicolas Williams 
							
						 
					 
					
						
						
							
						
						774f166e31 
					 
					
						
						
							
							First attempt s/\<const gss_.*_t/gss_const_.*_t/g  
						
						
						
						
					 
					
						2013-06-02 15:30:58 -05:00 
						 
				 
			
				
					
						
							
							
								Nicolas Williams 
							
						 
					 
					
						
						
							
						
						40a7d4b62f 
					 
					
						
						
							
							More fixes for -Werror (GCC 4.6 catches more stuff)  
						
						
						
						
					 
					
						2011-11-02 23:20:55 -05:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						0879b9831a 
					 
					
						
						
							
							remove trailing whitespace  
						
						
						
						
					 
					
						2011-05-21 11:57:31 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						523d84b417 
					 
					
						
						
							
							return error from lower layer  
						
						
						
						
					 
					
						2011-04-14 12:54:16 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						3d36172090 
					 
					
						
						
							
							allow keytab specifiction to gsskrb5_register_acceptor_identity  
						
						
						
						
					 
					
						2011-04-07 07:15:28 -07:00 
						 
				 
			
				
					
						
							
							
								Derrick Brashear 
							
						 
					 
					
						
						
							
						
						c5d0acb859 
					 
					
						
						
							
							Correct "not newer" etypes per RFC 4121  
						
						... 
						
						
						
						Section 1 of RFC 4121 describes behavior which
    applies when using "newer" etypes, then goes on in
    table form to list etypes which are not newer.
    While it specifies it is ok to use new token formats
    when both initiator and acceptor are known to handle them,
    this code makes no such verification, and encoded an
    incorrect set of etypes as "not newer". Correct the list.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2011-02-24 19:22:25 -08:00 
						 
				 
			
				
					
						
							
							
								Andrew Tridgell 
							
						 
					 
					
						
						
							
						
						9e1d467534 
					 
					
						
						
							
							s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERY  
						
						... 
						
						
						
						this e_data field in a kerberos error packet tells windows to do clock
skew recovery.
See [MS-KILE] 2.2.1 KERB-ERROR-DATA
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org >
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2011-01-30 11:26:31 -08:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						5dcc605f6b 
					 
					
						
						
							
							Fix calling conventions for Windows  
						
						
						
						
					 
					
						2010-08-20 13:14:10 -04:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						2b1645aa08 
					 
					
						
						
							
							catch error from as.*printf  
						
						
						
						
					 
					
						2010-05-30 13:44:41 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						a7e8f05c9b 
					 
					
						
						
							
							Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]  
						
						... 
						
						
						
						This was introduced by checking the Kerberos 5 checksum as a
alternative to the 8003 checksum.
Thanks to MIT Kerberos and Shawn Emery for forwarding this issue 
						
						
					 
					
						2010-05-26 11:53:31 -05:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						5b7780b997 
					 
					
						
						
							
							use krb5_auth_con_getremoteseqnumber  
						
						
						
						
					 
					
						2009-12-04 21:35:18 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						fa502c6648 
					 
					
						
						
							
							Add support for gss_{import,export}_cred() as requested by metze  
						
						... 
						
						
						
						Works for krb5 and SPNEGO mechanisms. Kerberos credentials are passed as
credential cache names, or if there are memory based credentials, inband in the protocol. This means that the credentials buffers must be keep secret.
As documented by IBM (they have the wrong prototype though)
and GGF (GSS-API Extensions) back in 2001 
						
						
					 
					
						2009-07-29 13:36:02 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						de5f912e02 
					 
					
						
						
							
							Contributed by Andrew Bartlett:  
						
						... 
						
						
						
						When Samba4's 'fake' GSSAPI client contacts Windows 2008, and does not
request AP_MUTUAL_REQUIRED, it does not elicit a response packet.
We had previously assumed it was unconditional.  Samba3 didn't mind
very much, but Samba4's samba3-like client did, and the behaviour
differed to Win2008 behaviour.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25328 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-07-15 22:18:00 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						c99b2003e2 
					 
					
						
						
							
							Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25286 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-06-22 17:56:41 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						cae7efb522 
					 
					
						
						
							
							Make KRB5KRB_AP_ERR_TKT_NYV trigger error_token too.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25128 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-04-16 08:31:15 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						06e0f0d12f 
					 
					
						
						
							
							use krb5_cc_new_unique, use constants for cache types  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25051 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-04-03 04:05:59 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						269a7a057b 
					 
					
						
						
							
							flatten include headers  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24382 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-01-25 00:35:00 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						9586101a49 
					 
					
						
						
							
							use the krb5_crypto directly, skipping some per packet calculation, make cfx handling simpler  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24067 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-12-11 04:52:10 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						d4f5c19c1d 
					 
					
						
						
							
							make IS_CFX a more_flag  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24057 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-12-11 04:50:22 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						6937d41a02 
					 
					
						
						
							
							remove trailing whitespace  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-09-13 09:21:03 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						e172367898 
					 
					
						
						
							
							switch to utf8 encoding of all files  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-09-13 08:53:55 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						70a00b7fab 
					 
					
						
						
							
							Only send KRB_ERROR token when there is clock skew, limits when we  
						
						... 
						
						
						
						send KRB-ERROR for non-MUTUAL tokens.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23541 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-08-16 22:59:26 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						a48756092c 
					 
					
						
						
							
							If there is a initiator subkey, copy that to acceptor subkey to match  
						
						... 
						
						
						
						windows behavior. From Metze.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23528 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-08-14 23:29:40 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						f9dc9da0a9 
					 
					
						
						
							
							No reply in non-MUTUAL mode, but we don't know that its non-MUTUAL  
						
						... 
						
						
						
						mode yet, thats inside the 8003 checksum.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23433 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-07-26 18:44:26 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						d847a7a67f 
					 
					
						
						
							
							Reset minor_status to 0.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23431 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-07-26 18:41:36 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						9ca267f328 
					 
					
						
						
							
							Always return GSS_S_CONTINUE_NEEDED, pointed out from Metze.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23430 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-07-26 18:41:16 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						39fe446983 
					 
					
						
						
							
							Support parsing KRB-ERROR passed back from windows server when the time is out of sync, modify krb5_cc_[sg]et_config interface to handle principals too, add tests for this  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23420 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-07-26 18:37:48 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						dde69289ca 
					 
					
						
						
							
							Explain why we don't destroy the ccache.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20199 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2007-02-07 22:36:39 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						00bcd44370 
					 
					
						
						
							
							Switch from using a specific error message context in the TLS to have  
						
						... 
						
						
						
						a whole krb5_context in TLS. This have some interestion side-effekts
for the configruration setting options since they operate on
per-thread basis now.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19031 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-11-13 18:02:57 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						3dced0866c 
					 
					
						
						
							
							(gsskrb5_acceptor_start): use krb5_rd_req_ctx  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18930 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-11-07 14:52:05 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						8051eadfb4 
					 
					
						
						
							
							(gsskrb5_accept_delegated_token): need to free ccache  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18895 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-10-25 04:19:45 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						dfa6f7b248 
					 
					
						
						
							
							reference all include files using krb5/  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18334 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-10-07 22:16:04 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						67b56ea02a 
					 
					
						
						
							
							indent comment  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18208 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-10-02 21:18:42 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						7d573742a1 
					 
					
						
						
							
							Merge of the acceptor part from the samba patch by Stefan Metzmacher  
						
						... 
						
						
						
						and Andrew Bartlet.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18152 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-09-22 14:52:11 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						24397fd675 
					 
					
						
						
							
							reimplement gsskrb5_register_acceptor_identity  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17847 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-07-20 02:28:37 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						2cdda8a767 
					 
					
						
						
							
							(_gsskrb5_accept_sec_context): use GSS_C_NO_NAME  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17826 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-07-10 18:28:22 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						03567db502 
					 
					
						
						
							
							make gss_name_t an opaque type  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17736 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-06-29 07:27:26 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						ee09f98c15 
					 
					
						
						
							
							Rename local include file, remove global files.  
						
						... 
						
						
						
						Stop exposing global gssapi symbols.
Rename gss_context_id_t and gss_cred_id_t to local names.
Remove SPNEGO code, its now in its own gssapi module.
Add mechglue inquire functions.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17697 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-06-28 08:54:04 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						dd796d90c2 
					 
					
						
						
							
							(gsskrb5_is_cfx): always set is_cfx. From Andrew Abartlet.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17523 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2006-05-09 07:16:39 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						e4f39fc8ae 
					 
					
						
						
							
							Use gss_krb5_import_cred  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16294 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-11-25 15:57:35 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						2a0d1e1d88 
					 
					
						
						
							
							(gsskrb5_accept_delegated_token): rewrite to use gss_krb5_import_ccache  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16280 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-11-02 08:55:19 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						9ae8bc983a 
					 
					
						
						
							
							Prefix Der_class with ASN1_C_ to avoid problems with system  
						
						... 
						
						
						
						headerfiles that pollute the name space.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15264 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-05-29 15:13:10 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						d0443e2058 
					 
					
						
						
							
							prefix all sequence symbols with _, they are not part of the GSS-API api. By comment from Wynn Wilkes <wynnw@vintela.com>  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14989 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-04-27 17:51:27 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						e743a6ca8a 
					 
					
						
						
							
							break out the processing of the delegated credential to a separate  
						
						... 
						
						
						
						function to make error handling easier, move the credential handling
to after other setup is done
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14764 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-04-10 15:01:21 +00:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						cdddef90f9 
					 
					
						
						
							
							allow client to indicate that subkey should be used  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14445 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2005-01-05 02:32:05 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						7055cb55cc 
					 
					
						
						
							
							(send_accept): use _gss_spnego_require_mechlist_mic to figure out if  
						
						... 
						
						
						
						we need to send MechList
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13693 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2004-04-07 14:22:44 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						503d84b4f9 
					 
					
						
						
							
							(gsskrb5_register_acceptor_identity): allow reseting to default keytab  
						
						... 
						
						
						
						by passing in NULL as identity.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13689 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2004-04-05 20:17:26 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						384bd1719c 
					 
					
						
						
							
							(gsskrb5_is_cfx): krb5_keyblock->keytype is an enctype, not keytype  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13687 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2004-04-05 19:22:01 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						2cd2a26a21 
					 
					
						
						
							
							remove unused variable  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13686 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2004-04-05 14:53:53 +00:00