summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Updated command line utilities not to complain about missing getopt() definitionSam Hartman2011-09-196-0/+16
| | | | | | Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25201 dc483132-0cff-0310-8789-dd5450dbe970
* __func__ -> __FUNCTION__ in #ifdef DEBUG blocks in util_errmap.cSam Hartman2011-09-191-2/+2
| | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25200 dc483132-0cff-0310-8789-dd5450dbe970
* Protect autoconf #defines (HAVE_FOO, et al) in win-mac.h with #ifdef ↵Sam Hartman2011-09-193-1/+7
| | | | | | | | | KRB5_PRIVATE add -DKRB5_PRIVATE to CPPFLAGS in win-pre.in and to ALL_CXXFLAGS and ALL_CFLAGS in pre.in Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25199 dc483132-0cff-0310-8789-dd5450dbe970
* On Windows, parse mechanism info from Registry instead of mech fileSam Hartman2011-09-191-169/+351
| | | | | | | | | | | Currently the code parses @sysconfdir@/gss/mech as a set of GSS mechanisms to dynamically load. On Windows this should come from the registry. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25198 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the ticket from the pkinit-alg-agility KDF function, to matchSam Hartman2011-09-195-49/+28
| | | | | | | | | agreed changes to the IETF specification. Includes removing a parameter from the KDF function, removing the ticket from the ASN.1 encoder, and updating the test code. Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25197 dc483132-0cff-0310-8789-dd5450dbe970
* Asn1_encode: indicate DER compressed form without tag or length as inputSam Hartman2011-09-191-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25196 dc483132-0cff-0310-8789-dd5450dbe970
* Implement encoding and decoding for supportedKDFs and kdfIDSam Hartman2011-09-195-37/+111
| | | | | | pkinit: ASN.1 encoders and decoders for new KDF git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25195 dc483132-0cff-0310-8789-dd5450dbe970
* * Extend auth_packSam Hartman2011-09-195-3/+40
| | | | | | | | | | * extend dh_rep * add krb5_free_octet_data * extend pkinit free functions pkinit: add supportedKDFs and kdfID to structures git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25194 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor to use oid instead of algorithm_id in KDF interfaceSam Hartman2011-09-193-12/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25193 dc483132-0cff-0310-8789-dd5450dbe970
* pkinit_crypto_openssl: fix signed vs unsigned comparisonSam Hartman2011-09-191-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25192 dc483132-0cff-0310-8789-dd5450dbe970
* implementation of new function and test program for pkinit agility.Sam Hartman2011-09-195-3/+475
| | | | | | | | | | | Implementation of pkinit_alg_agility_kdf() function to implement the key derivation function defined in draft-ietf-krb-wg-pkinit-alg-agility-04, and implementation of pkinit_kdf_test program to test the new KDF against the test vector in the draft. Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25191 dc483132-0cff-0310-8789-dd5450dbe970
* Added underlying ASN.1 structures for pkinit algorithm agilitySam Hartman2011-09-193-3/+59
| | | | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> tested-by: Sam Hartman <hartmans@debian.org> fixes-from: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25190 dc483132-0cff-0310-8789-dd5450dbe970
* In pkinit_crypto_openssl.c, modified pkinit_octetstring2key() toSam Hartman2011-09-192-4/+5
| | | | | | | | | | | | eliminate a possible memory leak in the error path, where the key_block->length was set to zero but the key_block->contents were not freed. Also, changed calloc() call to a malloc() call to avoid allocating up to 8 times as much buffer space as needed. In keyblocks.c, modified kr5_free_keyblock_contents() to set the key->length to zero after the key->contents have been freed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25189 dc483132-0cff-0310-8789-dd5450dbe970
* In order for asn1_encode_oid to be called from DEFLENFNTYPE it needsSam Hartman2011-09-192-2/+2
| | | | | | | | to take void * like all the other string encoders. asn1_encode_oid: take void not asn1_octet git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25188 dc483132-0cff-0310-8789-dd5450dbe970
* asn1_encode.{c,h}: support DEFOCTETWRAPTYPESam Hartman2011-09-192-6/+16
| | | | | | | | | Support a way of defining a type that indicates that the DER encoding of some other type is wrapped inside an octet string in a produced encoding. To support this, support encoding of tagged things where the class is not constructed; in this case it will be primitive. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25187 dc483132-0cff-0310-8789-dd5450dbe970
* pkinit: client: Use SignedData for anonymousSam Hartman2011-09-193-207/+234
| | | | | | | | | Per RFc 6112 use SignedData not ContentInfo for anonymous when the KDC offers support for PKINIT_KX padata. ticket: 6962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25186 dc483132-0cff-0310-8789-dd5450dbe970
* Fix pkinit warningsSam Hartman2011-09-193-5/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25185 dc483132-0cff-0310-8789-dd5450dbe970
* Support pkinit: SignedData with no signers (KDC)Sam Hartman2011-09-192-187/+209
| | | | | | | | | For anonymous, MIT 1.9 sends ContentInfo rather than SignedData. This violates RFc 6112. This patch accepts the RFC 6112 style encoding. ticket: 6961 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25184 dc483132-0cff-0310-8789-dd5450dbe970
* Drop code for finding top source directory among severalKen Raeburn2011-09-181-20/+1
| | | | | | | possibilities, since with only one configure script now, we know exactly where it is. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25183 dc483132-0cff-0310-8789-dd5450dbe970
* Don't check for memmove, inet_ntoa, inet_aton, pthread.h, orKen Raeburn2011-09-181-3/+2
| | | | | | semaphore.h, since the results of the tests are never used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25182 dc483132-0cff-0310-8789-dd5450dbe970
* Add invocations of AC_LANG_SOURCE to deal with autoconf 2.68 warningKen Raeburn2011-09-181-8/+8
| | | | | | | messages. Verified to produce the same configure script (under autoconf 2.68 on Mac OS X) as before. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25181 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a typo in r25026Greg Hudson2011-09-151-6/+6
| | | | | | | A stray "p" was added to krb5_init_context_profile() inside a _WIN32 block. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25180 dc483132-0cff-0310-8789-dd5450dbe970
* Fix terminate_workers() in the KDCGreg Hudson2011-09-141-3/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25179 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify terminate_workers() in the KDCGreg Hudson2011-09-141-8/+9
| | | | | | | Fixes a bug where we wait for one too many workers to terminate after one of them crashes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25178 dc483132-0cff-0310-8789-dd5450dbe970
* Set up monitor signal handlers before forkingGreg Hudson2011-09-141-17/+20
| | | | | | | | | This avoids a race condition where a child reports "starting..." and begins to service requests before the monitor is ready to handle termination signals. Really only an issue for the test suite. From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25177 dc483132-0cff-0310-8789-dd5450dbe970
* Split signal setup into loop_setup_signals()Greg Hudson2011-09-144-24/+56
| | | | | | | In the KDC, set up signals in the worker process child after forking from the monitor process. From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25176 dc483132-0cff-0310-8789-dd5450dbe970
* Reinitialize verto after creating worker childGreg Hudson2011-09-142-3/+11
| | | | | | | Also mark fd events as reinitiable so they survive the fork. From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25175 dc483132-0cff-0310-8789-dd5450dbe970
* Update verto sources to 2011-09-14 versionsGreg Hudson2011-09-142-2/+3
| | | | | | | Also add verto_reinitialize to libverto exports (missed in the last update). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25174 dc483132-0cff-0310-8789-dd5450dbe970
* Fix verto-k5ev.h dependencies for system libvertoGreg Hudson2011-09-143-16/+20
| | | | | | | | | When we build with the internal verto, we include verto-k5ev.h in order to create loops. When we build with the system verto, we don't include that header file. Add depfix logic and pre.in variables to avoid depending on verto-k5ev.h for a system verto build. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25173 dc483132-0cff-0310-8789-dd5450dbe970
* Update verto sources to 2011-09-10 versionsGreg Hudson2011-09-124-26/+98
| | | | | | Also update verto-k5ev.c to match changes to verto-libev.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25172 dc483132-0cff-0310-8789-dd5450dbe970
* Wait before killing daemons in interactive k5testGreg Hudson2011-09-101-0/+5
| | | | | | | If k5test is invoked with any stop, wait, or debug options, wait for input before killing daemons, in case a daemon is being debugged. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25171 dc483132-0cff-0310-8789-dd5450dbe970
* Fix verto.h dependencies for system libvertoGreg Hudson2011-09-097-103/+106
| | | | | | | | When we have conditionally built bundled source, we need logic in depfix.pl and variables in pre.in to avoid depending on the bundled verto.h in generated dependencies. Add that logic for verto. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25170 dc483132-0cff-0310-8789-dd5450dbe970
* Fall back to EV_USE_SELECTTom Yu2011-09-071-2/+2
| | | | | | | | ev.c explicitly disables poll() on Mac and FreeBSD, which left our standalone version without any working back ends on Mac OS X, for example. Fall back to using select() on these platforms. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25169 dc483132-0cff-0310-8789-dd5450dbe970
* Fix some error-handling bugs in cc_dir.cGreg Hudson2011-09-071-4/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25168 dc483132-0cff-0310-8789-dd5450dbe970
* Go back to symlinks for liblinksGreg Hudson2011-09-061-2/+2
| | | | | | | | Now that we're not using dynamic loading for libverto-k5ev, we don't need to use hard links for liblinks, and using them would interfere with an AFS build tree. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25167 dc483132-0cff-0310-8789-dd5450dbe970
* Change how bundled libverto is linkedGreg Hudson2011-09-068-21/+77
| | | | | | | | | Give libverto-k5ev a header file. When using the internal verto library, link against -lverto-k5ev and use verto_default_k5ev() instead of verto_default(), bypassing the module loading logic and making static builds possible. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25166 dc483132-0cff-0310-8789-dd5450dbe970
* Fix t_ccselect bugsGreg Hudson2011-09-062-4/+3
| | | | | | | initiator_cred wasn't initialized if no second arg was given. t_ccselect wasn't removed on make clean. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25165 dc483132-0cff-0310-8789-dd5450dbe970
* Fix several bugs in gss-krb5 inq_credGreg Hudson2011-09-061-8/+9
| | | | | | | | | cred could be used uninitialized if krb5_timeofday() failed. defcred had the wrong type. kg_cred_resolve() should be used instead of krb5_gss_validate_cred() to do delayed name/ccache resolution and get a lock. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25164 dc483132-0cff-0310-8789-dd5450dbe970
* Newer GCCs optimizer catches a variable used without initializationEzra Peisach2011-09-062-463/+849
| | | | | | in the bison library code. Use a GCC pragma to suppress. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25163 dc483132-0cff-0310-8789-dd5450dbe970
* Update kerberos man pageGreg Hudson2011-09-051-36/+56
| | | | | | | Remove references to the unbundled applications. Add documentation of environment variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25162 dc483132-0cff-0310-8789-dd5450dbe970
* Use a .so redirect for .k5login.5Greg Hudson2011-09-052-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25161 dc483132-0cff-0310-8789-dd5450dbe970
* Make gss-krb5 use cache collectionGreg Hudson2011-09-0510-91/+456
| | | | | | | | | | | | | | | | For default credentials, defer ccache resolution until we need the information. If this happens in init_sec_context when we have the target principal in hand, use krb5_cc_select() to pick a cache. If the target principal is not known, use the default cache. For credentials with a specified principal, use krb5_cc_cache_match() to find the cache. If no cache is found and a password is specified, create a new cache within the collection to hold the new credentials, if the default cache type supports a collection. ticket: 6958 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25160 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor gss-krb5 acquire_init_credGreg Hudson2011-09-051-224/+237
| | | | | | | | These changes have no functional impact, but will allow the GSSAPI changes for credential selection to be made with a minimum of code movement. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25159 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_cc_select() API and pluggable interfaceGreg Hudson2011-09-0517-3/+797
| | | | | | | | | | | The interface has two built-in modules. The realm module guesses a cache based on the server realm if it is known. The k5identity module (Unix only) chooses a client principal based on rules in a .k5identity file in the user's homedir. ticket: 6957 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25158 dc483132-0cff-0310-8789-dd5450dbe970
* Add ccache collection support to toolsGreg Hudson2011-09-0523-67/+700
| | | | | | | | | | | | | | | | * "kdestroy -A" destroys all caches in collection. * "kinit princ" searches the collection for a matching cache and overwrites it, or creates a new cache in the collection, if the type of the default cache is collection-enabled. The chosen cache also becomes the primary cache for the collection. * "klist -l" lists (in summary form) the caches in the collection. * "klist -A" lists the content of all of the caches in the collection. * "kswitch -c cache" (new command) makes cache the primary cache. * "kswitch -p princ" makes the cache for princ the primary cache. ticket: 6956 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25157 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unneeded cccol behaviorsGreg Hudson2011-09-055-499/+146
| | | | | | | | | | Do not yield any default caches in the top level cccol implementation. In the FILE type, yield the default cache if it exists and is of type FILE, instead of yielding the set of open file caches. ticket: 6955 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25156 dc483132-0cff-0310-8789-dd5450dbe970
* Add new cache collection APIsGreg Hudson2011-09-0513-0/+193
| | | | | | | | | | | | | | | * krb5_cc_get_full_name retrieves the full type:name of a cache. * krb5_cc_switch makes a cache the primary cache. * krb5_cc_cache_match searches the collection for a client principal. * krb5_free_string releases a string (for the krb5_cc_get_full_name result). All of these are from Heimdal except for krb5_free_string (Heimdal uses krb5_xfree). ticket: 6954 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25155 dc483132-0cff-0310-8789-dd5450dbe970
* Add the DIR ccache typeGreg Hudson2011-09-057-27/+755
| | | | | | | | | | | | The DIR ccache type supports a collection of credential caches within a private directory (which must be created out of band). One cache is designated as primary at any given time. Setting the default cache name to DIR:dirname will cause caches within dirname to be present in the global cache collection. ticket: 6953 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25154 dc483132-0cff-0310-8789-dd5450dbe970
* Add fnmatch support to libkrb5supportGreg Hudson2011-09-055-3/+257
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25153 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the mechglue union cred auxinfo fieldGreg Hudson2011-09-058-242/+65
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25152 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-10-01 09:33:03 +0000