Jeffrey Altman 
							
						 
					 
					
						
						
							
						
						771f29a451 
					 
					
						
						
							
							remove extra initializers to krb5_mech  
						
						... 
						
						
						
						Change-Id: Iee4d7dfd668a6e6da251b93dfd6ca3a7f7bcb062 
						
						
					 
					
						2011-05-17 13:44:04 -04:00 
						 
				 
			
				
					
						
							
							
								Jeffrey Altman 
							
						 
					 
					
						
						
							
						
						6c1ad560ea 
					 
					
						
						
							
							no C99 named struct initializers on Windows  
						
						... 
						
						
						
						commit f5f9014c90 
						
						
					 
					
						2011-05-17 12:02:16 -04:00 
						 
				 
			
				
					
						
							
							
								Jeffrey Altman 
							
						 
					 
					
						
						
							
						
						6850d6a65f 
					 
					
						
						
							
							avoid uninit variable and unreachable code warnings  
						
						... 
						
						
						
						most of these warnings are not problems because of ample
use of abort() calls.  However, the large number of warnings
makes it difficult to identify real problems.  Initialize
the variables to shut up the compilers.
Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8 
						
						
					 
					
						2011-05-17 12:02:16 -04:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						6d9be164b7 
					 
					
						
						
							
							add GSS_C_INQ_SSPI_SESSION_KEY for Kerberos  
						
						
						
						
					 
					
						2011-05-16 16:50:01 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						33d1877c21 
					 
					
						
						
							
							use gss_const_OID for gss_acquire_cred_ext  
						
						
						
						
					 
					
						2011-05-14 17:16:49 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						dfba868910 
					 
					
						
						
							
							Merge branch 'master' into lukeh/acquire-cred-ex-moonshot-integ  
						
						... 
						
						
						
						Conflicts:
	lib/gssapi/Makefile.am
	lib/gssapi/mech/gss_acquire_cred_with_password.c
	lib/gssapi/test_context.c
	lib/gssapi/version-script.map 
						
						
					 
					
						2011-05-14 16:48:49 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						3069d80734 
					 
					
						
						
							
							Merge branch 'master' into lukeh/acquire-cred-ex  
						
						
						
						
					 
					
						2011-05-14 14:56:16 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						272a30405f 
					 
					
						
						
							
							remove trailing whitespace  
						
						
						
						
					 
					
						2011-05-14 14:51:41 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						eec71dac7c 
					 
					
						
						
							
							Revert "disable _gsskrb5_pname_to_uid, there's no aname_to_localname"  
						
						... 
						
						
						
						This reverts commit ad69ac97b1 
						
						
					 
					
						2011-05-14 14:51:10 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						9f2cd17add 
					 
					
						
						
							
							Revert "remove krb5 authorize_localname impl, there's no krb5_kuserok"  
						
						... 
						
						
						
						This reverts commit 4b92552c1e 
						
						
					 
					
						2011-05-14 14:51:08 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						ad69ac97b1 
					 
					
						
						
							
							disable _gsskrb5_pname_to_uid, there's no aname_to_localname  
						
						
						
						
					 
					
						2011-05-13 00:47:37 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						4b92552c1e 
					 
					
						
						
							
							remove krb5 authorize_localname impl, there's no krb5_kuserok  
						
						
						
						
					 
					
						2011-05-13 00:46:14 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						8687bab419 
					 
					
						
						
							
							correct switched order of pname_to_uid/authorize_localname  
						
						
						
						
					 
					
						2011-05-13 00:41:18 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						f1aa972bb8 
					 
					
						
						
							
							fix trailing comma  
						
						
						
						
					 
					
						2011-05-12 13:04:59 +02:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						e128b0ca01 
					 
					
						
						
							
							Merge branch 'master' into lukeh/moonshot  
						
						... 
						
						
						
						Conflicts:
	lib/gssapi/krb5/external.c
	lib/libedit/src/vi.c 
						
						
					 
					
						2011-05-12 13:04:55 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						59f4918ef0 
					 
					
						
						
							
							set the CFXSentByAcceptor flag, patch from Jaideep Padhye  
						
						
						
						
					 
					
						2011-04-29 20:34:42 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						f5f9014c90 
					 
					
						
						
							
							Warning fixes from Christos Zoulas  
						
						... 
						
						
						
						- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code 
						
						
					 
					
						2011-04-29 20:25:05 -07:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						02cf28e20b 
					 
					
						
						
							
							implement gss_acquire_cred_ex with password support  
						
						... 
						
						
						
						add missing SPIs to gss_mech_switch
s/acquire_cred_ex/acquire_cred_ext/g 
						
						
					 
					
						2011-04-16 11:06:24 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						523d84b417 
					 
					
						
						
							
							return error from lower layer  
						
						
						
						
					 
					
						2011-04-14 12:54:16 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						6f5b93fc8b 
					 
					
						
						
							
							return error from lower layer  
						
						
						
						
					 
					
						2011-04-14 12:54:16 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						ec88b5d043 
					 
					
						
						
							
							move _gss_DES3_get_mic_compat to after ->target is set  
						
						... 
						
						
						
						Patch from Roland Dowdeswell 
						
						
					 
					
						2011-04-14 12:54:15 -07:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						0d7bc0c549 
					 
					
						
						
							
							remove user_ok from gss_authorize_localname  
						
						
						
						
					 
					
						2011-04-09 13:41:51 +10:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						bac9c34172 
					 
					
						
						
							
							authorize_localname SPI now includes nametype  
						
						
						
						
					 
					
						2011-04-09 11:34:19 +10:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						6c6e483e00 
					 
					
						
						
							
							gss_authorize_localname implementation  
						
						
						
						
					 
					
						2011-04-08 10:58:57 +10:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						6ec5011d48 
					 
					
						
						
							
							Merge branch 'master' into lukeh/moonshot  
						
						
						
						
					 
					
						2011-04-08 09:05:36 +10:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						3d36172090 
					 
					
						
						
							
							allow keytab specifiction to gsskrb5_register_acceptor_identity  
						
						
						
						
					 
					
						2011-04-07 07:15:28 -07:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						ca48b27fe7 
					 
					
						
						
							
							add _gsskrb5_pname_to_uid implementation  
						
						
						
						
					 
					
						2011-03-20 23:31:32 +11:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						0dff021161 
					 
					
						
						
							
							add krb5 glue for userok  
						
						
						
						
					 
					
						2011-03-20 20:57:24 +11:00 
						 
				 
			
				
					
						
							
							
								Derrick Brashear 
							
						 
					 
					
						
						
							
						
						c5d0acb859 
					 
					
						
						
							
							Correct "not newer" etypes per RFC 4121  
						
						... 
						
						
						
						Section 1 of RFC 4121 describes behavior which
    applies when using "newer" etypes, then goes on in
    table form to list etypes which are not newer.
    While it specifies it is ok to use new token formats
    when both initiator and acceptor are known to handle them,
    this code makes no such verification, and encoded an
    incorrect set of etypes as "not newer". Correct the list.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2011-02-24 19:22:25 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						7e1ba19fda 
					 
					
						
						
							
							setup cfx context, found by Jaideep Padhye  
						
						
						
						
					 
					
						2011-02-02 21:37:26 -08:00 
						 
				 
			
				
					
						
							
							
								Andrew Tridgell 
							
						 
					 
					
						
						
							
						
						9e1d467534 
					 
					
						
						
							
							s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERY  
						
						... 
						
						
						
						this e_data field in a kerberos error packet tells windows to do clock
skew recovery.
See [MS-KILE] 2.2.1 KERB-ERROR-DATA
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org >
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2011-01-30 11:26:31 -08:00 
						 
				 
			
				
					
						
							
							
								Luke Howard 
							
						 
					 
					
						
						
							
						
						21c5987018 
					 
					
						
						
							
							Rename GSS_IOV_BUFFER_TYPE_FLAG to GSS_IOV_BUFFER_FLAG  
						
						... 
						
						
						
						Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2011-01-03 13:22:57 +01:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						2038d6f56e 
					 
					
						
						
							
							don't whine when principal is not found in cache, also, use krb5_cc function to make it not hit the network  
						
						
						
						
					 
					
						2010-11-29 09:31:07 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						5dcf0753f4 
					 
					
						
						
							
							fill in all mo that make sense for now  
						
						
						
						
					 
					
						2010-11-25 23:52:43 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						6ca842c5b7 
					 
					
						
						
							
							gss_indicate_mechs_by_attrs  
						
						
						
						
					 
					
						2010-11-25 21:40:25 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						c1069f8a36 
					 
					
						
						
							
							add _gss_oid_name_table  
						
						
						
						
					 
					
						2010-11-25 20:20:03 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						bdc9112651 
					 
					
						
						
							
							add missing symbols  
						
						
						
						
					 
					
						2010-11-25 18:36:55 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						dbeeb18a53 
					 
					
						
						
							
							generate oids using table  
						
						
						
						
					 
					
						2010-11-25 18:32:33 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						2e31740f62 
					 
					
						
						
							
							always check for error token in case of a failure  
						
						
						
						
					 
					
						2010-11-08 13:40:01 -08:00 
						 
				 
			
				
					
						
							
							
								Andrew Bartlett 
							
						 
					 
					
						
						
							
						
						526aeef0c7 
					 
					
						
						
							
							heimdal Add clock-skew handling to DCE-style GSSAPI  
						
						... 
						
						
						
						The clock skew handling was previously only on properly wrapped
GSSAPI, and was skipped for DCE-style.  This allows the ASN.1 errors
from the krb5_rd_req to suggest parsing as a kerberos error packet.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2010-11-08 13:36:52 -08:00 
						 
				 
			
				
					
						
							
							
								Andrew Bartlett 
							
						 
					 
					
						
						
							
						
						5cc4d5d2bd 
					 
					
						
						
							
							heimdal Use a seperate krb5_auth_context for the delegated credentials  
						
						... 
						
						
						
						This makes it much more clear that the timestamp written here is not
used in mutual authentication.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2010-10-02 20:47:12 -07:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						5dcc605f6b 
					 
					
						
						
							
							Fix calling conventions for Windows  
						
						
						
						
					 
					
						2010-08-20 13:14:10 -04:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						083b8b63ee 
					 
					
						
						
							
							oids no longer compare to GSS_C_NO_OID  
						
						
						
						
					 
					
						2010-07-22 23:21:44 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						1021099f3d 
					 
					
						
						
							
							rename external so that they can be included in array and struct initializer  
						
						
						
						
					 
					
						2010-07-22 20:47:04 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						2b1645aa08 
					 
					
						
						
							
							catch error from as.*printf  
						
						
						
						
					 
					
						2010-05-30 13:44:41 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						a7e8f05c9b 
					 
					
						
						
							
							Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]  
						
						... 
						
						
						
						This was introduced by checking the Kerberos 5 checksum as a
alternative to the 8003 checksum.
Thanks to MIT Kerberos and Shawn Emery for forwarding this issue 
						
						
					 
					
						2010-05-26 11:53:31 -05:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						9f5772050b 
					 
					
						
						
							
							Match old code and use krb5_sname_to_principal on the imported name for acquire cred.  
						
						... 
						
						
						
						Reported by Jan Rekorajski 
						
						
					 
					
						2009-12-13 22:55:36 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						5b7780b997 
					 
					
						
						
							
							use krb5_auth_con_getremoteseqnumber  
						
						
						
						
					 
					
						2009-12-04 21:35:18 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						c402cda0a4 
					 
					
						
						
							
							use krb5_auth_con_getremoteseqnumber  
						
						
						
						
					 
					
						2009-12-04 21:30:06 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						5a23717814 
					 
					
						
						
							
							use krb5_auth_con_getremoteseqnumber  
						
						
						
						
					 
					
						2009-12-04 21:29:48 -08:00