Permalink
Commits on Apr 30, 2010
  1. Merge trunk changes from r23937 to r23957 to iakerb branch.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23958 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 30, 2010
  2. Fix formatting of IAKERB changes to k5-int.h (the changes were

    probably made before the surrounding prototypes were reformatted).
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23957 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 30, 2010
  3. Fix some minor tabbing issues in the IAKERB changes to the mechglue's

    g_initialize.c.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23956 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 30, 2010
  4. In iakerb_acceptor_step(), avoid the use of goto for looping, and fix

    a memory leak and possible double-free in some error cases.  Also fold
    some function calls into fewer lines.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23955 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 30, 2010
  5. In iakerb_make_finished(), eliminate a call to

    krb5int_c_mandatory_cksumtype() by passing zero to
    krb5_k_make_checksum instead.  Because we can.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23954 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 30, 2010
  6. Stop using a union in struct _iakerb_ctx_id_rec. We don't need the

    space savings, and it was confusing to have u.gssc used without
    checking the discriminator in the acceptor code.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23953 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 30, 2010
  7. Remove some unnecessary includes from new iakerb.c.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23952 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 30, 2010
  8. Fix line length in change to kg_validate_ctx_id() macro.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23951 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 30, 2010
  9. Clean up IAKERB changes to init_sec_context.c in krb5 gss mech: add

    back a CFX_EXERCISE block which is likely necessary for compilation
    with that flag, and remove the unused exts parameter to mutual_auth().
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23950 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 30, 2010
Commits on Apr 27, 2010
  1. If IAKERB is used with no TGT, return KRB5_CC_NOTFOUND instead of

    going fruitlessly into the AS code path and returning EINVAL.  Also
    better handle the case where service credentials exist but are of an
    unsupported enctype.  Make a note that we aren't as consistent as we
    would like to be in the case where the TGT exists but has expired.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23948 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 27, 2010
  2. Make IAKERB work properly when used in conjunction with default creds

    or creds acquired with gss_acquire_cred (as opposed to
    gss_acquire_cred_with_password).  Previously it would fall back to the
    krb5 mech too early and perform a blocking TGS request.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23947 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 27, 2010
  3. Register IAKERB after the krb5 mechs so it doesn't get used in

    preference to the krb5 mech with SPNEGO or when no mech is specified
    to gss_init_sec_context().
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23946 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 27, 2010
Commits on Apr 26, 2010
  1. If gss_acquire_cred_with_password is used with no default ccache,

    initialize the default ccache and fill it in, instead of creating a
    memory ccache.  Adjust gss-sample test cases to expect that there will
    be cached creds.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23944 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 26, 2010
  2. On the iakerb branch, use krb5_auth_con_set_checksum_func for DES/DES3

    enctypes as well as the modern ones.  It works fine and it makes the
    subkey available for the IAKERB checksum.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23943 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 26, 2010
Commits on Apr 25, 2010
  1. On the iakerb branch, modify t_gss_sample.py to exercise different

    mechs, including IAKERB.  Currently does not pass due to unresolved
    bugs.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23941 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 25, 2010
  2. On the iakerb branch, fix spnego_gss_acquire_cred_with_password to

    wrap the resulting creds.  (The wrapping didn't exist when the code
    was originally written.)
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23940 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 25, 2010
Commits on Apr 24, 2010
  1. Fix up IAKERB changes to get_credentials() in gss-krb5's

    init_sec_context.c after the trunk merge.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23939 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 24, 2010
  2. Merge trunk changes from r23929 to r23937 to iakerb branch.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23938 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 24, 2010
  3. Merge trunk changes from r23909 to r23929.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23930 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 24, 2010
Commits on Apr 20, 2010
  1. In the krb5 GSSAPI mech, adjust the error code expected from

    krb5_get_credentials() when there is no TGT in the ccache, in light of
    r23909.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23911 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 20, 2010
  2. Merge trunk changes from r23906 to r23909.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23910 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 20, 2010
  3. In iakerb.c, use symbolic names for *_creds_step() continue flags, now

    that they exist.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23908 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 20, 2010
  4. Merge trunk changes from r23900 to r23906.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23907 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 20, 2010
Commits on Apr 14, 2010
  1. Merge trunk changes from r23874 to r23900 to iakerb branch.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23901 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 14, 2010
  2. Create KRB5_TKT_CREDS_CONTINUE symbolic name for flag bit 1 in the

    krb5_tkt_creds_step() output.  Finish doxygen documentation for
    krb5_tkt_creds APIs.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23898 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 14, 2010
  3. Move all of the krb5_tkt_code from gc_frm_kdc.c into get_creds.c and

    delete gc_frm_kdc.c.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23897 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 14, 2010
  4. Get rid of krb5_tkt_creds_store_creds() as it is no longer needed.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23896 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 14, 2010
  5. Move the cache store and check for non-forwardable constrained

    delegation creds from krb5_get_credentials into krb5_tkt_creds.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23895 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 14, 2010
  6. Small code reorg in gc_frm_kdc.c.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23894 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 14, 2010
  7. Move the cache check from krb5_get_credentials() into the

    krb5_tkt_creds functions.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23893 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 14, 2010
  8. Make krb5_tkt_creds_init() take KRB5_GC_* options like

    krb5_get_credentials() does.  Add doxygen documentation for some of the
    krb5_tkt_creds APIs.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23892 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 14, 2010
Commits on Apr 12, 2010
  1. Split out the allocate-and-retrieve part of get_cached_tgt in

    preparation for adding a cache check for the service creds.  Also add
    a field to remember KRB5_CC_NOT_KTYPE errors for the local TGT (and
    later for service creds).
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23886 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 12, 2010
  2. Fix a bug in make_request_for_service: use the caller-specified KCD

    options as intended, not the field for options we remember between
    request and response.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23885 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 12, 2010
  3. Move validation/renewal APIs into a separate file. Make them use

    gc_via_tkt directly, which is more correct for non-TGT validation or
    renewal.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23883 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 12, 2010
Commits on Apr 8, 2010
  1. Use krb5_cc_dup to make a copy of the ccache handle passed to

    krb5_tkt_creds_init(), so that ccache can be closed before the context
    is freed.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23876 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Apr 8, 2010