oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
9eb01c66e961e8561d1ded69082bc89ecd3b4860
heimdal/lib/gssapi/mech
History
Luke Howard 7df0195c26 gss: fix downlevel Windows interop regression 
The recent changes to SPNEGO removed support for GSS_C_PEER_HAS_UPDATED_SPNEGO,
through which the Kerberos mechanism could indicate to SPNEGO that the peer did
not suffer from SPNEGO conformance bugs present in some versions of Windows.*

This patch restores this workaround, documented in [MS-SPNG] Appendix A <7>
Section 3.1.5.1. Whilst improving interoperability with these admittedly now
unsupported versions of Windows, it does introduce a risk that Kerberos with
pre-AES ciphers could be negotiated in lieu of a stronger and more preferred
mechanism.

Note: this patch inverts the mechanism interface from
GSS_C_PEER_HAS_UPDATED_SPNEGO to GSS_C_INQ_PEER_HAS_BUGGY_SPNEGO, so that new
mechanisms (which did not ship with these older versions of Windows) are not
required to implement it.

* Windows 2000, Windows 2003, and Windows XP
2020-04-13 10:26:38 +10:00
..
compat.h
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
context.c
Move some infra bits of lib/krb5/ to lib/base/ (2)
2020-03-02 10:56:13 -06:00
context.h
gssapi: remove non-mech status from _gss_mg_error() from Heimdal-520
2019-01-03 14:38:39 -06:00
cred.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
cred.h
gss: merge enhanced Apple mechglue logging
2020-02-04 17:28:35 +11:00
doxygen.c
Fix some Doxygen warnings
2016-12-14 22:05:46 -06:00
gss_accept_sec_context.c
gss: initialize mech output parameters in mechglue
2020-03-02 17:17:03 +11:00
gss_acquire_cred_from.c
gss: add some missing GM_USE_MG_CRED checks
2020-02-04 17:28:35 +11:00
gss_acquire_cred_with_password.c
gssapi: credential store extensions (#451)
2019-01-03 14:38:39 -06:00
gss_acquire_cred.c
gssapi: credential store extensions (#451)
2019-01-03 14:38:39 -06:00
gss_add_cred_from.c
gss: add some missing GM_USE_MG_CRED checks
2020-02-04 17:28:35 +11:00
gss_add_cred_with_password.c
gssapi: credential store extensions (#451)
2019-01-03 14:38:39 -06:00
gss_add_cred.c
gssapi: credential store extensions (#451)
2019-01-03 14:38:39 -06:00
gss_add_oid_set_member.c
remove trailing whitespace
2011-05-21 11:57:31 -07:00
gss_aeap.c
gss: __gss_c_attr_stream_sizes_oid_desc declspec
2020-04-11 10:04:43 +10:00
gss_authorize_localname.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_buffer_set.c
Warning fixes from Christos Zoulas
2011-04-29 20:25:05 -07:00
gss_canonicalize_name.c
gssapi: add some Apple (c) notices for mechglue bugfix import
2019-01-04 21:30:10 +11:00
gss_compare_name.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_context_time.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
gss_create_empty_oid_set.c
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
gss_cred.c
gss: merge enhanced Apple mechglue logging
2020-02-04 17:28:35 +11:00
gss_decapsulate_token.c
remove trailing whitespace
2011-05-21 11:57:31 -07:00
gss_delete_name_attribute.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_delete_sec_context.c
gssapi: import mechglue allocation utility functions from Heimdal-520
2019-01-03 14:38:39 -06:00
gss_destroy_cred.c
gss: fix copy/paste error in gss_destroy_cred()
2020-04-11 10:02:09 +10:00
gss_display_name_ext.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_display_name.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_display_status.c
gssapi: remove non-mech status from _gss_mg_error() from Heimdal-520
2019-01-03 14:38:39 -06:00
gss_duplicate_cred.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_duplicate_name.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_duplicate_oid.c
gss: intern OIDs (#447)
2018-12-18 23:28:38 -06:00
gss_encapsulate_token.c
remove trailing whitespace
2011-05-21 11:57:31 -07:00
gss_export_name_composite.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_export_name.c
gss: merge Apple name helper APIs
2020-02-04 17:28:35 +11:00
gss_export_sec_context.c
fix null pointer dereference errors
2019-01-04 01:02:59 -05:00
gss_get_mic.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
gss_get_name_attribute.c
gss: merge Apple name helper APIs
2020-02-04 17:28:35 +11:00
gss_get_neg_mechs.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_import_name.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_import_sec_context.c
gssapi: remove non-mech status from _gss_mg_error() from Heimdal-520
2019-01-03 14:38:39 -06:00
gss_indicate_mechs.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_init_sec_context.c
gss: port NegoEx implementation from MIT
2020-02-04 17:28:35 +11:00
gss_inquire_context.c
gssapi: remove non-mech status from _gss_mg_error() from Heimdal-520
2019-01-03 14:38:39 -06:00
gss_inquire_cred_by_mech.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_inquire_cred_by_oid.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_inquire_cred.c
gss: port NegoEx implementation from MIT
2020-02-04 17:28:35 +11:00
gss_inquire_mechs_for_name.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_inquire_name.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_inquire_names_for_mech.c
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
gss_inquire_sec_context_by_oid.c
gssapi: remove non-mech status from _gss_mg_error() from Heimdal-520
2019-01-03 14:38:39 -06:00
gss_krb5.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_mech_switch.c
gss: port NegoEx implementation from MIT
2020-02-04 17:28:35 +11:00
gss_mo.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_names.c
gss: merge Apple name helper APIs
2020-02-04 17:28:35 +11:00
gss_oid_equal.c
remove trailing whitespace
2011-05-21 11:57:31 -07:00
gss_oid_to_str.c
use short_desc for mech name
2010-11-25 22:19:01 -08:00
gss_oid.c
gss: fix downlevel Windows interop regression
2020-04-13 10:26:38 +10:00
gss_pname_to_uid.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_process_context_token.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
gss_pseudo_random.c
gssapi: remove non-mech status from _gss_mg_error() from Heimdal-520
2019-01-03 14:38:39 -06:00
gss_release_buffer.c
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
gss_release_cred.c
gssapi: import mechglue allocation utility functions from Heimdal-520
2019-01-03 14:38:39 -06:00
gss_release_name.c
gssapi: import mechglue allocation utility functions from Heimdal-520
2019-01-03 14:38:39 -06:00
gss_release_oid_set.c
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
gss_release_oid.c
gss: intern OIDs (#447)
2018-12-18 23:28:38 -06:00
gss_seal.c
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
gss_set_cred_option.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_set_name_attribute.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_set_neg_mechs.c
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
gss_set_sec_context_option.c
gssapi: remove non-mech status from _gss_mg_error() from Heimdal-520
2019-01-03 14:38:39 -06:00
gss_sign.c
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
gss_store_cred_into.c
krb5: Improve cccol sub naming; add gss_store_cred_into2()
2020-03-02 17:48:04 -06:00
gss_store_cred.c
Make gss_store_cred*() work
2019-09-05 09:52:49 -05:00
gss_test_oid_set_member.c
Warning fixes from Christos Zoulas
2011-04-29 20:25:05 -07:00
gss_unseal.c
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
gss_unwrap.c
gssapi: import bugfixes from Apple Heimdal-520
2019-01-03 17:53:25 +11:00
gss_utils.c
Fix warnings (some bugs, some spurious)
2020-03-12 21:02:09 -05:00
gss_verify_mic.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
gss_verify.c
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
gss_wrap_size_limit.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
gss_wrap.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
gssapi.asn1
Make it into a heim_any_set, its doesn't except a tag.
2006-10-18 21:08:19 +00:00
gssspi_exchange_meta_data.c
gss: port NegoEx implementation from MIT
2020-02-04 17:28:35 +11:00
gssspi_query_mechanism_info.c
gss: port NegoEx implementation from MIT
2020-02-04 17:28:35 +11:00
gssspi_query_meta_data.c
gss: port NegoEx implementation from MIT
2020-02-04 17:28:35 +11:00
mech_locl.h
gss: port NegoEx implementation from MIT
2020-02-04 17:28:35 +11:00
mech_switch.h
gss: use tail queue instead of singly linked list in mechglue
2020-02-04 17:28:35 +11:00
mech.5
Misc fixes to man pages
2017-03-13 18:39:41 -04:00
name.h
gss: merge Apple name helper APIs
2020-02-04 17:28:35 +11:00
utils.h
gss: port NegoEx implementation from MIT
2020-02-04 17:28:35 +11:00