oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
94bb267a8b2c6b7283e4e6688bbace67da06178f
heimdal/lib/gssapi/krb5
History
Nicolas Williams 472509fd46 gsskrb5: Do not leak authenticator on retry 
We have a Heimdal special where when the acceptor sends back an error
token for clock skew or ticket-not-yet-valid errors then the acceptor
application will get GSS_S_CONTINUE_NEEDED from gss_accept_sec_context()
so that the initiator may retry with the same context.

But we were retaining the auth_context, which means that when the
initiator does send a new token, the acceptor leaks memory because
krb5_verify_ap_req2() doesn't clean up the auth_context on reuse.  The
end result is that we leak a lot in those cases.
2022-01-07 21:04:19 -06:00
..
8003.c
Implement KERB_AP_OPTIONS_CBT (server side)
2021-08-06 13:15:19 +10:00
accept_sec_context.c
gsskrb5: Do not leak authenticator on retry
2022-01-07 21:04:19 -06:00
acquire_cred.c
gsskrb5: Use optimistic anon PKINIT armored FAST
2021-12-30 18:54:54 +11:00
add_cred.c
gsskrb5: Check dst-TGT pokicy at store time
2020-07-09 13:27:11 -05:00
address_to_krb5addr.c
flatten include headers
2009-01-25 00:35:00 +00:00
aeap.c
lib/gssapi/krb5: implement gss_[un]wrap_iov[_length] with arcfour-hmac-md5
2015-07-31 17:30:23 +12:00
arcfour.c
Always perform == or != operation on cmp function result
2021-11-24 22:30:44 -05:00
authorize_localname.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
canonicalize_name.c
Revamp name canonicalization code
2015-03-24 11:49:58 -05:00
ccache_name.c
gss: implement gss_krb5_ccache_name()
2021-09-06 13:26:55 +10:00
cfx.c
gssapi/krb5: treat empty padding buffers as absent
2020-07-12 15:55:02 +10:00
cfx.h
Switch from using a specific error message context in the TLS to have
2006-11-13 18:02:57 +00:00
compare_name.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
compat.c
remove trailing whitespace
2011-05-21 11:57:31 -07:00
context_time.c
Round #2 of scan-build warnings cleanup
2016-11-16 17:03:14 -06:00
copy_ccache.c
gsskrb5: Check dst-TGT pokicy at store time
2020-07-09 13:27:11 -05:00
creds.c
gss: add oid/buffer storage helpers to mechglue
2021-08-10 10:16:54 +10:00
decapsulate.c
lib/gssapi/krb5: make _gssapi_verify_pad() more robust
2015-07-31 17:30:23 +12:00
delete_sec_context.c
gssapi/krb5: delete_sec_context must close ccache if CLOSE_CCACHE
2020-06-29 11:40:48 -04:00
display_name.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
display_status.c
gss: avoid string concatenation warning in error message init
2021-05-17 10:09:01 +10:00
duplicate_cred.c
gsskrb5: Check dst-TGT pokicy at store time
2020-07-09 13:27:11 -05:00
duplicate_name.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
encapsulate.c
move _gssapi_make_mech_header to avoid need to prototype
2018-04-19 13:12:59 -04:00
export_name.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
export_sec_context.c
gssapi/krb5/{export,import}_sec_context: make smaller tokens.
2021-08-07 18:54:56 +10:00
external.c
gss: Make krb5 name attrs table-driven
2022-01-08 10:38:01 +11:00
get_mic.c
use memset_s
2017-04-29 01:05:59 -04:00
gkrb5_err.et
gssapi: credential store extensions (#451)
2019-01-03 14:38:39 -06:00
gsskrb5_locl.h
gss: implement gss_krb5_ccache_name()
2021-09-06 13:26:55 +10:00
import_name.c
gss: Fix sign extension bug (from be708ca3cf)
2022-01-06 15:25:38 -06:00
import_sec_context.c
gssapi/krb5/{export,import}_sec_context: make smaller tokens.
2021-08-07 18:54:56 +10:00
indicate_mechs.c
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
init_sec_context.c
gss: Add way to set authenticator authz-data
2022-01-08 10:38:01 +11:00
init.c
gss: register GSS_KRB5_S error table
2020-02-04 17:28:35 +11:00
inquire_context.c
Rename context handle lifetime to endtime
2015-04-14 11:27:25 -05:00
inquire_cred_by_mech.c
Fix gss_inquire_cred_by_mech.
2015-03-10 03:07:29 +00:00
inquire_cred_by_oid.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
inquire_cred.c
gssapi: credential store extensions (#451)
2019-01-03 14:38:39 -06:00
inquire_mechs_for_name.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
inquire_names_for_mech.c
remove trailing whitespace
2011-05-21 11:57:31 -07:00
inquire_sec_context_by_oid.c
gss: fix downlevel Windows interop regression
2020-04-13 10:26:38 +10:00
name_attrs.c
gss: Make sure to indicate PAC buffers
2022-01-08 10:38:01 +11:00
pname_to_uid.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
prf.c
Fix krb5's gss_pseudo_random() (n is big-endian)
2013-10-30 14:26:15 -05:00
process_context_token.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
release_buffer.c
Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types.
2009-06-22 17:56:41 +00:00
release_cred.c
gsskrb5: Check dst-TGT pokicy at store time
2020-07-09 13:27:11 -05:00
release_name.c
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
sequence.c
remove trailing whitespace
2011-05-21 11:57:31 -07:00
set_cred_option.c
krb5: Improve cccol sub naming; add gss_store_cred_into2()
2020-03-02 17:48:04 -06:00
set_sec_context_option.c
gss: implement gss_krb5_ccache_name()
2021-09-06 13:26:55 +10:00
store_cred.c
gsskrb5: Check dst-TGT pokicy at store time
2020-07-09 13:27:11 -05:00
test_acquire_cred.c
Rewrite gss_add_cred() (fix #413)
2018-12-28 19:26:25 -06:00
test_cfx.c
switch to KRB5_ENCTYPE
2011-07-24 16:02:22 -07:00
test_cred.c
Rewrite gss_add_cred() (fix #413)
2018-12-28 19:26:25 -06:00
test_kcred.c
Add note about racy tests
2019-10-03 13:09:18 -05:00
test_oid.c
Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types.
2009-06-22 17:56:41 +00:00
test_sequence.c
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
ticket_flags.c
Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types.
2009-06-22 17:56:41 +00:00
unwrap.c
GSS unwrap: wipe copy of DES key when done with it
2018-12-14 06:18:26 -05:00
verify_mic.c
use memset_s
2017-04-29 01:05:59 -04:00
wrap.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00