| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25201 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25200 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
KRB5_PRIVATE add -DKRB5_PRIVATE to CPPFLAGS in win-pre.in and to ALL_CXXFLAGS and ALL_CFLAGS in pre.in
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25199 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the code parses @sysconfdir@/gss/mech as a set of GSS
mechanisms to dynamically load. On Windows this should come from the
registry.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25198 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
agreed changes to the IETF specification. Includes removing a parameter from
the KDF function, removing the ticket from the ASN.1 encoder, and updating
the test code.
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25197 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25196 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
pkinit: ASN.1 encoders and decoders for new KDF
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25195 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
* extend dh_rep
* add krb5_free_octet_data
* extend pkinit free functions
pkinit: add supportedKDFs and kdfID to structures
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25194 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25193 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25192 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Implementation of pkinit_alg_agility_kdf() function to implement the
key derivation function defined in draft-ietf-krb-wg-pkinit-alg-agility-04,
and implementation of pkinit_kdf_test program to test the new KDF
against the test vector in the draft.
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25191 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
tested-by: Sam Hartman <hartmans@debian.org>
fixes-from: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25190 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
eliminate a possible memory leak in the error path, where the
key_block->length was set to zero but the key_block->contents were
not freed. Also, changed calloc() call to a malloc() call to avoid
allocating up to 8 times as much buffer space as needed.
In keyblocks.c, modified kr5_free_keyblock_contents() to set the
key->length to zero after the key->contents have been freed.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25189 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
to take void * like all the other string encoders.
asn1_encode_oid: take void not asn1_octet
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25188 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Support a way of defining a type that indicates that the DER encoding
of some other type is wrapped inside an octet string in a produced
encoding. To support this, support encoding of tagged things where
the class is not constructed; in this case it will be primitive.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25187 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Per RFc 6112 use SignedData not ContentInfo for anonymous when the KDC
offers support for PKINIT_KX padata.
ticket: 6962
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25186 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25185 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
For anonymous, MIT 1.9 sends
ContentInfo rather than SignedData. This violates RFc 6112. This patch accepts the RFC 6112 style encoding.
ticket: 6961
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25184 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
possibilities, since with only one configure script now, we know
exactly where it is.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25183 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
semaphore.h, since the results of the tests are never used.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25182 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
messages. Verified to produce the same configure script (under
autoconf 2.68 on Mac OS X) as before.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25181 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
A stray "p" was added to krb5_init_context_profile() inside a _WIN32
block.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25180 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25179 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Fixes a bug where we wait for one too many workers to terminate after
one of them crashes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25178 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
This avoids a race condition where a child reports "starting..." and
begins to service requests before the monitor is ready to handle
termination signals. Really only an issue for the test suite. From
npmccallum@redhat.com.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25177 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
In the KDC, set up signals in the worker process child after forking
from the monitor process. From npmccallum@redhat.com.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25176 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Also mark fd events as reinitiable so they survive the fork. From
npmccallum@redhat.com.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25175 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Also add verto_reinitialize to libverto exports (missed in the last
update).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25174 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
When we build with the internal verto, we include verto-k5ev.h in
order to create loops. When we build with the system verto, we don't
include that header file. Add depfix logic and pre.in variables to
avoid depending on verto-k5ev.h for a system verto build.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25173 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Also update verto-k5ev.c to match changes to verto-libev.c.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25172 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
If k5test is invoked with any stop, wait, or debug options, wait for
input before killing daemons, in case a daemon is being debugged.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25171 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
When we have conditionally built bundled source, we need logic in
depfix.pl and variables in pre.in to avoid depending on the bundled
verto.h in generated dependencies. Add that logic for verto.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25170 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
ev.c explicitly disables poll() on Mac and FreeBSD, which left our
standalone version without any working back ends on Mac OS X, for
example. Fall back to using select() on these platforms.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25169 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25168 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Now that we're not using dynamic loading for libverto-k5ev, we don't
need to use hard links for liblinks, and using them would interfere
with an AFS build tree.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25167 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Give libverto-k5ev a header file. When using the internal verto
library, link against -lverto-k5ev and use verto_default_k5ev()
instead of verto_default(), bypassing the module loading logic and
making static builds possible.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25166 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
initiator_cred wasn't initialized if no second arg was given.
t_ccselect wasn't removed on make clean.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25165 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
cred could be used uninitialized if krb5_timeofday() failed. defcred
had the wrong type. kg_cred_resolve() should be used instead of
krb5_gss_validate_cred() to do delayed name/ccache resolution and get
a lock.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25164 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
in the bison library code. Use a GCC pragma to suppress.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25163 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Remove references to the unbundled applications. Add documentation of
environment variables.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25162 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25161 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For default credentials, defer ccache resolution until we need the
information. If this happens in init_sec_context when we have the
target principal in hand, use krb5_cc_select() to pick a cache. If
the target principal is not known, use the default cache.
For credentials with a specified principal, use krb5_cc_cache_match()
to find the cache. If no cache is found and a password is specified,
create a new cache within the collection to hold the new credentials,
if the default cache type supports a collection.
ticket: 6958
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25160 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
These changes have no functional impact, but will allow the GSSAPI
changes for credential selection to be made with a minimum of code
movement.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25159 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
The interface has two built-in modules. The realm module guesses a
cache based on the server realm if it is known. The k5identity module
(Unix only) chooses a client principal based on rules in a .k5identity
file in the user's homedir.
ticket: 6957
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25158 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* "kdestroy -A" destroys all caches in collection.
* "kinit princ" searches the collection for a matching cache and
overwrites it, or creates a new cache in the collection, if the
type of the default cache is collection-enabled. The chosen cache
also becomes the primary cache for the collection.
* "klist -l" lists (in summary form) the caches in the collection.
* "klist -A" lists the content of all of the caches in the collection.
* "kswitch -c cache" (new command) makes cache the primary cache.
* "kswitch -p princ" makes the cache for princ the primary cache.
ticket: 6956
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25157 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
Do not yield any default caches in the top level cccol implementation.
In the FILE type, yield the default cache if it exists and is of type
FILE, instead of yielding the set of open file caches.
ticket: 6955
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25156 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* krb5_cc_get_full_name retrieves the full type:name of a cache.
* krb5_cc_switch makes a cache the primary cache.
* krb5_cc_cache_match searches the collection for a client principal.
* krb5_free_string releases a string (for the krb5_cc_get_full_name
result).
All of these are from Heimdal except for krb5_free_string (Heimdal uses
krb5_xfree).
ticket: 6954
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25155 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DIR ccache type supports a collection of credential caches within
a private directory (which must be created out of band). One cache is
designated as primary at any given time. Setting the default cache
name to DIR:dirname will cause caches within dirname to be present in
the global cache collection.
ticket: 6953
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25154 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25153 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25152 dc483132-0cff-0310-8789-dd5450dbe970
|