RT RT/krbdev.mit.edu: Ticket #2587 export usable gss context / limit negotiated enctypes Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
2587
Status
resolved
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Tags
Version_reported
Version_Fixed
  • 1.4
Target_Version
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Fri Jun 4 16:44:52 2004
Starts: Not set
Started: Tue Jun 8 17:50:20 2004
Last Contact: Thu Jul 29 11:29:29 2004
Due: Not set
Updated: Mon Nov 15 22:22:11 2004 by tlyu
 

 People  
Owner
 hartmans
Requestors
 kwc@citi.umich.edu
Cc
 
AdminCc
 
 

 More about Kevin Coffman  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Fri Jun  4 16:44:54 2004  kwc@citi.umich.edu - Ticket created    
     
From: "Kevin Coffman" <kwc@citi.umich.edu>
To: <krb5-bugs@mit.edu>
Date: Fri, 4 Jun 2004 15:55:52 -0400
Cc: kwc@citi.umich.edu
Subject: export usable gss context / limit negotiated enctypes

 

     
The attached files add mechanism-specific GSS-API routines to export and
free a "usable" gssapi security context, and limit the encryption types
negotiated to create the context.

There is a patch file against CVS head circa 2004.04.20, two new .c files
and a .h file which go into the lib/gssapi/krb5 directory.

Kevin Coffman
University of Michigan -- CITI
kwc@citi.umich.edu

Download (untitled) 378b
     
 
Download krb5-export-context.diff 8.1k
     
 
Download set_allowable_enctypes.c 3.8k
     
 
Download gssapi_krb5_ext.h 5.7k
     
 
Download lucid_context.c 7.3k
      Tue Jun  8 14:39:55 2004  hartmans - Taken    
      Tue Jun  8 15:06:11 2004  hartmans - Correspondence added    
     
To: rt@krbdev.mit.edu
Subject: [krbdev.mit.edu #2587] copyright
Date: Tue,  8 Jun 2004 15:06:10 -0400 (EDT)
From: hartmans@mit.edu (Sam Hartman)
RT-Send-Cc: 


Hi.  Just noting that the only copyright I see on this patch is a MIT
copyright.  That's certainly easiest for us, but if you plan to attach
any additional copyrights, please do so now.



Download (untitled) 188b
      Tue Jun  8 17:38:33 2004  hartmans - Correspondence added    
     
To: rt@krbdev.mit.edu
Subject: [krbdev.mit.edu #2587] Why does set_allowable_enctypes take a mechanism
Date: Tue,  8 Jun 2004 17:38:31 -0400 (EDT)
From: hartmans@mit.edu (Sam Hartman)
RT-Send-Cc: 



Why does gss_krb5_set_allowable_enctypes take a mechanism oid?

O, for namespace consistency I've renamed
krb5_gss_set_allowable_enctypes to gss_krb5_set_allowable_enctypes.




Download (untitled) 178b
      Tue Jun  8 17:50:20 2004  hartmans - Status changed from new to open    
      Tue Jun  8 17:50:21 2004  hartmans - Correspondence added    
     
From: hartmans@mit.edu
Subject: CVS Commit

Patch from kwc@citi.umich.edu to support
gss_krb5_export_lucid_sec_context and other facilities for NFSv4
implementations.

In order to apply this patch gss_krb5.h needs to be auto-generated so we can expose a
64-bit type for sequence numbers.


To generate a diff of this commit:



	cvs diff -r1.69 -r1.70 krb5/src/lib/gssapi/ChangeLog
	cvs diff -r1.26 -r1.27 krb5/src/lib/gssapi/configure.in
	cvs diff -r1.139 -r1.140 krb5/src/lib/gssapi/generic/ChangeLog
	cvs diff -r1.39 -r1.40
		krb5/src/lib/gssapi/generic/gssapiP_generic.h
	cvs diff -r1.13 -r1.14 krb5/src/lib/gssapi/generic/util_validate.c
	cvs diff -r1.6 -r1.7
		krb5/src/lib/gssapi/generic/utl_nohash_validate.c
	cvs diff -r1.253 -r1.254 krb5/src/lib/gssapi/krb5/ChangeLog
	cvs diff -r1.72 -r1.73 krb5/src/lib/gssapi/krb5/Makefile.in
	cvs diff -r1.63 -r1.64 krb5/src/lib/gssapi/krb5/gssapiP_krb5.h
	cvs diff -r1.5 -r1.6 krb5/src/lib/gssapi/krb5/gssapi_err_krb5.et
	cvs diff -r1.79 -r1.80 krb5/src/lib/gssapi/krb5/init_sec_context.c
	cvs diff -r0 -r1.1 krb5/src/lib/gssapi/krb5/gssapi_krb5.hin
		krb5/src/lib/gssapi/krb5/lucid_context.c
		krb5/src/lib/gssapi/krb5/set_allowable_enctypes.c
	cvs diff -r1.27 -r0 krb5/src/lib/gssapi/krb5/gssapi_krb5.h


Download (untitled) 1.1k
      Wed Jun  9 08:48:57 2004  kwc@citi.umich.edu - Comments added    
     
To: rt-comment@krbdev.mit.edu
Cc: kwc@citi.umich.edu, krb5-prs@mit.edu
Subject: Re: [krbdev.mit.edu #2587] Why does set_allowable_enctypes  take a mechanism
Date: Wed, 09 Jun 2004 08:48:54 -0400
From: Kevin Coffman <kwc@citi.umich.edu>
RT-Send-Cc: 

> Why does gss_krb5_set_allowable_enctypes take a mechanism oid?

Obviously, it is not used.  I just forgot to remove it.
I believe Love pointed this out as unnecessary earlier.

> O, for namespace consistency I've renamed
> krb5_gss_set_allowable_enctypes to gss_krb5_set_allowable_enctypes.

I'm happy with either name.  It makes our glue code a bit more
complicated.

BTW, I don't think we need to add any copyright.



Download (untitled) 421b
      Wed Jun  9 13:58:21 2004  hartmans - Correspondence added    
     
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2587] Why does set_allowable_enctypes  take a mechanism
From: Sam Hartman <hartmans@mit.edu>
Date: Wed, 09 Jun 2004 13:58:19 -0400
RT-Send-Cc: 

OK.  I believe things are all checked in then.  You should look at
gssapi_krb5.h and see if things look good for you.



Download (untitled) 119b
      Wed Jun  9 14:15:35 2004  kwc@citi.umich.edu - Comments added    
     
To: rt-comment@krbdev.mit.edu
Cc: kwc@citi.umich.edu, krb5-prs@mit.edu
Subject: Re: [krbdev.mit.edu #2587] Why does set_allowable_enctypes  take a mechanism
Date: Wed, 09 Jun 2004 14:15:33 -0400
From: Kevin Coffman <kwc@citi.umich.edu>
RT-Send-Cc: 

> OK.  I believe things are all checked in then.  You should look at
> gssapi_krb5.h and see if things look good for you.

I'm trying it out.  I'm still/again hitting an assertion failure
involved with the pthreads locking changes, but am currently trying to
create a better environment where I can test/debug this.



Download (untitled) 317b
      Wed Jun  9 19:56:46 2004  raeburn - Comments added    
     
Cc: rt-comment@krbdev.mit.edu, krb5-prs@mit.edu
From: Ken Raeburn <raeburn@MIT.EDU>
Subject: Re: [krbdev.mit.edu #2587] Why does set_allowable_enctypes  take a mechanism
Date: Wed, 9 Jun 2004 19:56:20 -0400
To: Kevin Coffman <kwc@citi.umich.edu>
RT-Send-Cc: 

On Jun 9, 2004, at 14:15, Kevin Coffman wrote:
> I'm trying it out.  I'm still/again hitting an assertion failure
> involved with the pthreads locking changes, but am currently trying to
> create a better environment where I can test/debug this.

I'd like to know of any cases like that you run into, if it's a
single-threaded program, or if it's a multi-threaded program *and* you
configured the Kerberos build with --enable-thread-support.  That
option may not be present in our next release, so don't advertise it
too much.

If it's a multi-threaded program and the thread support isn't turned
on, then assertion failures are the correct result, for the current
snapshots.  The debug code is still switched on in that case to help me
find cases where locks are accidentally left locked, or don't get
initialized properly, etc.

Ken



Download (untitled) 844b
      Wed Jun  9 22:17:43 2004  hartmans - Correspondence added    
     
From: hartmans@mit.edu
Subject: CVS Commit

Install gssapi_krb5.h from build dir not srcdir.


To generate a diff of this commit:



	cvs diff -r1.255 -r1.256 krb5/src/lib/gssapi/krb5/ChangeLog
	cvs diff -r1.74 -r1.75 krb5/src/lib/gssapi/krb5/Makefile.in


Download (untitled) 211b
      Thu Jul 29 11:29:26 2004  hartmans - Status changed from open to resolved    
      Thu Jul 29 11:29:26 2004  hartmans - Correspondence added    
     
From: hartmans@mit.edu
Subject: CVS Commit

Export lucid context functions and gss_krb5_set_allowable_enctypes


To generate a diff of this commit:



	cvs diff -r1.76 -r1.77 krb5/src/lib/gssapi/ChangeLog
	cvs diff -r1.2 -r1.3 krb5/src/lib/gssapi/libgssapi_krb5.exports


Download (untitled) 226b
      Mon Nov 15 22:22:10 2004  tlyu - Version_Fixed 1.4 added