summaryrefslogtreecommitdiffstats
path: root/src/include
Commit message (Collapse)AuthorAgeFilesLines
...
* Correct the DAL documentation ofGreg Hudson2010-02-011-5/+9
| | | | | | | KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE; proxy is the target service, not the delegating service. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23680 dc483132-0cff-0310-8789-dd5450dbe970
* Correct the DAL documentation for how modules should handle referralsGreg Hudson2010-01-291-17/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23678 dc483132-0cff-0310-8789-dd5450dbe970
* Handle migration from pre-1.7 databases with master key kvno != 1Greg Hudson2010-01-281-0/+8
| | | | | | | | | | | | | | | | | | | | krb5_dbe_lookup_mkvno assumes an mkvno of 1 for entries with no explicit tl_data. We've seen at least one pre-1.7 KDB with a master kvno of 0, violating this assumption. Fix this as follows: * krb5_dbe_lookup_mkvno outputs 0 instead of 1 if no tl_data exists. * A new function krb5_dbe_get_mkvno translates this 0 value to the minimum version number in the mkey_list. (krb5_dbe_lookup_mkvno cannot do this as it doesn't take the mkey_list as a parameter.) * Call sites to krb5_dbe_lookup_mkvno are converted to krb5_dbe_get_mkvno, except for an LDAP case where it is acceptable to store 0 if the mkvno is unknown. ticket: 6650 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23676 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of kdb_ext.h and allow out-of-tree KDB pluginsGreg Hudson2010-01-272-169/+133
| | | | | | | | | | | | | Move the contents of kdb_ext.h into kdb.h, since there is no meaningful "extensions" category of DB interfaces now that this stuff is in our tree. Allows out-of-tree KDB plugins to be built since we install kdb.h. ticket: 6649 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23674 dc483132-0cff-0310-8789-dd5450dbe970
* In the DAL comments, document KRB5_KDB_INCLUDE_PAC, and correct theGreg Hudson2010-01-251-7/+14
| | | | | | | documentation of the S4U flags to indicate that they affect PAC generation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23667 dc483132-0cff-0310-8789-dd5450dbe970
* Document the DAL interface in comments, as an aid to moduleGreg Hudson2010-01-251-184/+546
| | | | | | implementors. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23666 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_allow_weak_crypto APIGreg Hudson2010-01-191-0/+5
| | | | | | | | | | | | Add an API to allow apps to override the profile setting of allow_weak_crypto, so that aklog can work with krb5 1.8 out of the box until OpenAFS finishes migrating away from DES. ticket: 6645 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23663 dc483132-0cff-0310-8789-dd5450dbe970
* Since krb5int_validate_times is used only inside krb dir do not export it ↵Zhanna Tsitkov2010-01-061-4/+0
| | | | | | and move its prototype into int-proto.h git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23592 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_validate_times into krb5int_validate_times as it is internal ↵Zhanna Tsitkov2010-01-051-1/+1
| | | | | | function git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23591 dc483132-0cff-0310-8789-dd5450dbe970
* disable weak crypto by defaultTom Yu2010-01-051-1/+1
| | | | | | | | | Set allow_weak_crypto=false by default. Set default master key enctype to sha256. Adjust test suite to compensate. ticket: 6621 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
* Bring back krb5_kt_free_entry which really does the same thing asSam Hartman2010-01-042-4/+5
| | | | | | | krb5_free_keytab_entry_contents per discussion on krbdev in order to avoid breaking samba builds. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23581 dc483132-0cff-0310-8789-dd5450dbe970
* Enable caching of key-derived context info such as key schedules fromKen Raeburn2010-01-031-0/+12
| | | | | | | | | | | | | one encryption operation to another. Use a new function in the enc_provider structure for cleanup. Implement caching of aes_ctx values. Using Greg's performance tests from the derived-key caching work, on a 2.8GHz Xeon, I see 1 million AES-128 encryptions of 16 bytes improved by 5-6%; encryptions of 1024 bytes and checksums are not significantly affected. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23574 dc483132-0cff-0310-8789-dd5450dbe970
* No comma at end of enumerator listKen Raeburn2009-12-311-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23548 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5int_get_domain_realm_mapping into kdc_util.c as this function is a ↵Zhanna Tsitkov2009-12-301-0/+3
| | | | | | helper in kdc code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23546 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new profile variable preauth_module_dir, which specifiesGreg Hudson2009-12-281-0/+1
| | | | | | | | directories to look for preauth plugins in prior to the hardcoded locations. Undocumented for now since, like db_module_dir, this is mostly intended for the test suite. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23531 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-281-10/+9
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-283-17/+42
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* On Luke's advice, remove krb5_init_creds_store_creds. It is not aGreg Hudson2009-12-151-4/+0
| | | | | | | Heimdal API and its functionality is covered by krb5_get_init_creds_opt_set_out_ccache. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23469 dc483132-0cff-0310-8789-dd5450dbe970
* fast negotiation projecSam Hartman2009-12-142-8/+60
| | | | | | | | | | | | | | | | Merge branches/fast-negotiate into trunk. This implements http://k5wiki.kerberos.org/wiki/Projects/Fast_negotiation Additional changes: * krb5_c_make_checksum with checksum type 0 uses mandatory checksum for given key enctype Conflicts: src/lib/crypto/krb/make_checksum.c ticket: 6595 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23465 dc483132-0cff-0310-8789-dd5450dbe970
* Restructure the crypto checksum implementation to minimizeGreg Hudson2009-12-101-20/+5
| | | | | | | | | | | | | | | | | | | | | dependencies on the internals of modules. * Keyhash providers are gone. * The cksumtypes table contains checksum and verify functions, similar to the etypes encrypt and decrypt functions. New checksum functions parallel the old keyhash providers, and there are also functions for unkeyed and derived-key HMAC checksums. * The flags field is now used to indicate whether a checksum is unkeyed, but not whether it is a derived-key HMAC checksum. * The descbc checksum is handled through a new enc_provider function which calculates a CBC MAC. The OpenSSL module does not implement the CBC MAC function (it didn't implement descbc before). builtin/des could probably get rid of f_cksum.c (the old DES CBC routine) with some alterations to string2key.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23462 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the ivec parameters from the keyhash provider functions, asGreg Hudson2009-12-061-6/+3
| | | | | | they are never used by callers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23452 dc483132-0cff-0310-8789-dd5450dbe970
* Make the libk5crypto hash_provider interface take crypto_iov listsGreg Hudson2009-12-061-16/+6
| | | | | | | instead of lists of krb5_data. Make the base HMAC APIs take crypto_iov lists and drop the _iov variants. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23450 dc483132-0cff-0310-8789-dd5450dbe970
* Make the alloc_data and k5alloc convenience functions work if theGreg Hudson2009-12-051-3/+5
| | | | | | caller requests zero bytes, by allocating one byte instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23448 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate the IOV and non-IOV encryption/decryption code paths, andGreg Hudson2009-12-041-35/+8
| | | | | | | | | | | | | | | | | | | | | | | | drop the _iov suffix from most encryption- and decryption-related functions. The enc_provider encrypt and decrypt functions take IOVs, as do the enctype entries in etypes.c, and there are no separate encrypt_iov or decrypt_iov functions. aead_provider is gone. Enctype functions now take pointers to the enctype entry instead of pointers to the enc/hash/aead providers; this allows dk_encrypt and dk_decrypt to be polymorphic in the length function they use now that AES and DES3 can't differentiate by aead provider. aes_string_to_key needed to be moved into the krb/ fold for this since it's an enctype function; it was duplicated between builtin/ and openssl/ before. This leaves openssl/aes empty; the build system currently demands that all modules have the same directory structure, so the directory and Makefile will stick around for now. Three separate copies of the derive_random logic are also now consolidated into one. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
* Temporarily define UINT16_TYPE and UINT32_TYPE so the load/storeKen Raeburn2009-12-031-24/+15
| | | | | | functions don't need excessive conditionals internally. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23437 dc483132-0cff-0310-8789-dd5450dbe970
* Add store_{16,32,64}_n functions, for potentially-unaligned, native-order valuesKen Raeburn2009-12-021-0/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23431 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the non-iov entry point introduced in r23378, since it's easyGreg Hudson2009-11-291-14/+4
| | | | | | | | to use the iov entry point at both call sites. Rename the iov entry point to remove the "_iov" suffix since it's no longer needed to disambiguate. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23381 dc483132-0cff-0310-8789-dd5450dbe970
* Create functional internal interfaces to allow GSSAPI to performGreg Hudson2009-11-281-16/+24
| | | | | | | | arcfour encryption of GSS tokens. This factors out derivation of the usage and encryption keys, and removes the need for the provider structures to be visible to all of krb5 via k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23378 dc483132-0cff-0310-8789-dd5450dbe970
* Add a convenience inline function in k5-int.h to initialize aGreg Hudson2009-11-281-0/+13
| | | | | | krb5_data structure with allocated memory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23376 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_key versions of the auth context key accessors, and use themGreg Hudson2009-11-271-0/+9
| | | | | | to simplify the gss-krb5 code a little bit. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23372 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_k_prf, the krb5_key version of krb5_c_prfGreg Hudson2009-11-271-0/+3
| | | | | | ticket: 6576 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23365 dc483132-0cff-0310-8789-dd5450dbe970
* libkrb5 support for non-blocking AS requestsGreg Hudson2009-11-261-0/+52
| | | | | | | | | | | Merge Luke's iakerb-libkrb5-as-only branch into trunk with several bug fixes. Adds support for the krb5_init_creds APIs (same as Heimdal's) which allow AS requests to be performed via a different transport than the blocking send_to_kdc. ticket: 6586 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23358 dc483132-0cff-0310-8789-dd5450dbe970
* Defer the conversion of the gic options structure to the extended formGreg Hudson2009-11-251-7/+7
| | | | | | | until we reach krb5_get_init_creds. Rename that function to krb5int_get_init_creds since it isn't public. Also stop exporting it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23357 dc483132-0cff-0310-8789-dd5450dbe970
* Punt the volatile cast in the non-gcc, non-Windows version of zap.Greg Hudson2009-11-242-2/+5
| | | | | | | Use a function call into libkrb5support instead, since that's hard to inline. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23339 dc483132-0cff-0310-8789-dd5450dbe970
* Expand comments around 'zap' codeKen Raeburn2009-11-241-1/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23319 dc483132-0cff-0310-8789-dd5450dbe970
* Make zap() work with non-gcc C++ compilers.Greg Hudson2009-11-221-5/+4
| | | | | | Eliminate the intermediate name krb5int_zap_data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23311 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-221-9/+7
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* Put krb5_auth_con_set_req_cksumtype back in the public API, since itGreg Hudson2009-11-192-4/+4
| | | | | | is needed by the BSD applications which will be unbundled in 1.8. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23292 dc483132-0cff-0310-8789-dd5450dbe970
* Rework using "do { } while (0)" in macro bodies to avoid divergentTom Yu2009-11-171-4/+8
| | | | | | emacs-22 vs emacs-23 indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23252 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up some open-parenthesis problems, and reindentTom Yu2009-11-161-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23246 dc483132-0cff-0310-8789-dd5450dbe970
* Move prototypes for krb5int_send_tgs and krb5int_decode_tgs_rep to int-proto.h.Ezra Peisach2009-11-161-21/+0
| | | | | | These functions are not exported by the library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23232 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5int_get_fq_local_hostname to os-proto.h. Not exportedEzra Peisach2009-11-151-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23188 dc483132-0cff-0310-8789-dd5450dbe970
* Moved krb5int_sendto prototype to os-proto.h. This function is not exported Ezra Peisach2009-11-151-11/+0
| | | | | | from libkrb5 - so the rest of the world does not need to see it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23186 dc483132-0cff-0310-8789-dd5450dbe970
* Add an exception for include/iprop.h and revert its reformatting,Greg Hudson2009-11-151-119/+118
| | | | | | since it was generated with rpcgen. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23185 dc483132-0cff-0310-8789-dd5450dbe970
* Fix typos in previousTom Yu2009-11-141-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23182 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent include directory, reformatting prototypes as necessary.Greg Hudson2009-11-1453-5622/+5216
| | | | | | | Exclude include/gssrpc due to its Sun origin and k5-platform.h due to macros too hairy for emacs c-mode to handle. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23180 dc483132-0cff-0310-8789-dd5450dbe970
* Remove include/krb54proto.h as it is no longer usedGreg Hudson2009-11-141-17/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23163 dc483132-0cff-0310-8789-dd5450dbe970
* Constrained delegation without PAC supportGreg Hudson2009-11-142-0/+33
| | | | | | | | | | | Merge Luke's users/lhoward/s4u2proxy branch to trunk. Implements a Heimdal-compatible mechanism for allowing constrained delegation without back-end support for PACs. Back-end support exists in LDAP only (via a new krbAllowedToDelegateTo attribute), not DB2. ticket: 6580 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23160 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up a bunch of signed/unsigned comparison warningsGreg Hudson2009-11-021-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23120 dc483132-0cff-0310-8789-dd5450dbe970
* Un-constify struct errinfo's msg field because it is the owner of thatGreg Hudson2009-11-011-1/+1
| | | | | | | memory (even though the memory is intended to be immutable during its lifetime). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23116 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-30 06:47:00 +0000