summaryrefslogtreecommitdiffstats
path: root/src/include
Commit message (Collapse)AuthorAgeFilesLines
* Make enctype and checksumtype name mapping table types private to theKen Raeburn2009-01-151-63/+0
| | | | | | | | crypto library. Add a field for aliases to the record type so that aliases don't have to be implemented by duplicating all the other information. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21753 dc483132-0cff-0310-8789-dd5450dbe970
* Fix an additional multiple-write case noted by John, where sendauthKen Raeburn2009-01-151-1/+2
| | | | | | | | | | | | calls write_message twice in a row. Add new function krb5int_write_messages, calls krb5_net_writev with multiple messages (currently only two at a time). Use it from krb5_write_message and krb5_sendauth. ticket: 6339 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21752 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke Howard to:Sam Hartman2009-01-131-1/+7
| | | | | | | | | | * Accept both CFX and non-CFX tokens all the time on acceptor * Only produce an acceptor subkey if you are using cfx or dce or negotiating up to cfx Additional changes from Sam Hartman: * do not assume that the ticket key type (server key) is a valid target for negotiation: the client may not support it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21742 dc483132-0cff-0310-8789-dd5450dbe970
* Add message hash support to the replay interface, using extensionGreg Hudson2009-01-121-0/+4
| | | | | | | | | | | | | | records (with an empty client string) to retain compatibility with old code. For rd_req, the ciphertext of the authenticator (with no ASN.1 wrapping) is hashed; for other uses of the replay cache, no message hash is used at this time. This commit adds a command-line tool for testing the replay cache but does not add any automated tests. ticket: 1201 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21723 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke HowardSam Hartman2009-01-061-1/+7
| | | | | | to make an explicit call to check the ACL for s4u delegations rather than relying on tl-data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21712 dc483132-0cff-0310-8789-dd5450dbe970
* Fix capitalizationSam Hartman2009-01-061-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21707 dc483132-0cff-0310-8789-dd5450dbe970
* move generated dependencies out of Makefile.inKen Raeburn2009-01-051-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Move automatically-generated dependencies into separate files in the source tree, and take the data out of Makefile.in. Keep the "make depend" rules for stripping out the dependencies from Makefile.in, in case some optional directories were missed, but everything that builds on my UNIX build has been converted. (Converting a directory just requires creating an empty "deps" file so that config.status can build the makefile, and then later running "make depend" in that directory to get the correct content for it.) Change configure scripts to incorporate the "deps" file when building each Makefile. This change requires the existence of a file "deps" in each source directory where we build a makefile, even if there are no sources for which to compute dependencies; a switch to GNU make would let us conditionalize that, but we can assess that later. Update dependencies for the generate Makefile itself to list the deps file. This will also require some minor tweaking of the Windows build, to make it incorporate the new deps file. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
* xrealm_non_transitive not trust_non_transitiveSam Hartman2009-01-031-2/+2
| | | | | | | | | | Kerberos does not imply trust in the existence of a cross-realm key. Trust is implied when a foreign principal is placed on an ACL: the remote realm is trusted to authenticate that principal and is trusted not to confuse one principal with another. Keep terminology consistent. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21693 dc483132-0cff-0310-8789-dd5450dbe970
* Remove flags that do not correspond to behavior we supportSam Hartman2009-01-031-4/+0
| | | | | | | non_ms_principal would need to be phrased in terms of what behavior is being changed, not client OS. The pkinit flag would need to be better documented git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21692 dc483132-0cff-0310-8789-dd5450dbe970
* KDB API should not be publicSam Hartman2009-01-031-3/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21691 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-0310-28/+1108
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r21589, and export krb5_get_fallback_host_realm insteadGreg Hudson2008-12-292-4/+4
| | | | | | | | | | | | | | Rationale: Zephyr and AFS both use the Kerberos realm name as the name of the service realm (AFS realm or Zephyr galaxy). AFS can grab the Kerberos realm from the ticket being aklogged, but Zephyr is not necessarily getting credentials at all (you could be sending an unauthenticated message), and currently finds its answer by looking up the realm of the server host. Although we can't currently provide an accurate result for this lookup in the presence of referrals, we do need to provide enough tools to get as good of an answer as libzephyr could have gotten before referrals went in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21631 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up krb5_get_fallback_host_realm in two respects:Greg Hudson2008-12-242-4/+4
| | | | | | | | | | | | 1. It isn't exported from libkrb5 (and no one seems to complain about that). So give it a krb5int_ name and move its declaration to k5-int.h. Also stop exporting it from the collected client lib. 2. It returned a list of realms, but its only caller assumes that the list contains exactly one realm. So just make it return a single realm. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21589 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb524, lib/des425, lib/krb4, and include/kerberosIV.Greg Hudson2008-12-1815-2200/+0
| | | | | | | | | | Remove krb4 build system references and conditionals. Move des425 header stuff referenced by des_int.h into des_int.h. Remove krb4 test cases. ticket: 6303 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21544 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb4 code in libkrb5Greg Hudson2008-12-151-14/+0
| | | | | | | ticket: 6303 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21452 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up some kadmind4 relics left behind in osconf.hinGreg Hudson2008-12-091-12/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21300 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto IOV API per Projects/AEAD encryption APISam Hartman2008-12-022-3/+122
| | | | | | | | | | | | | | Merge in the mskrb-crypto-iov branch at r21259 in order to move an implementation of http://k5wiki.kerberos.org/wiki/Projects/AEAD_encryption_API onto the trunk. This branch contains a subset of the commits on the mskrb-integ branch that implement the krb5 library part of the crypto IOV API. ticket: new Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21263 dc483132-0cff-0310-8789-dd5450dbe970
* Move cc_mutex code from k5-int.h - where it is globally available to cc-int.hEzra Peisach2008-12-011-31/+0
| | | | | | | where it is declared and used. The functions are not exported by the library - nor are they used outside lib/krb5/ccache... For cc_file.h - include cc-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21205 dc483132-0cff-0310-8789-dd5450dbe970
* PERF: Introduced a new function krb5_is_permitted_enctype_ext to replace ↵Zhanna Tsitkov2008-11-171-0/+10
| | | | | | multiple calls to krb5_is_permitted_enctype git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21128 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5int_buf_cstr to krb5int_buf_data, since k5bufs can be usedGreg Hudson2008-11-051-3/+3
| | | | | | | | | | | for binary data as well as C string data. The buffer will always have a null byte at krb5int_buf_len bytes regardless of whether it contains C string data. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21003 dc483132-0cff-0310-8789-dd5450dbe970
* Add _with_password credential acquisition functions to KIM APIAlexandra Ellwood2008-11-032-3/+76
| | | | | | | | Needed for kinit password option. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20963 dc483132-0cff-0310-8789-dd5450dbe970
* In the k5buf module, add a function to append formatted data to aGreg Hudson2008-10-281-0/+8
| | | | | | | | | buffer. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20932 dc483132-0cff-0310-8789-dd5450dbe970
* Add the k5buf string module to libkrb5supportGreg Hudson2008-10-282-0/+120
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20929 dc483132-0cff-0310-8789-dd5450dbe970
* Remove empty declaration of struct _krb5_kt_ops after the fully defined ↵Ezra Peisach2008-10-271-1/+0
| | | | | | structure git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20926 dc483132-0cff-0310-8789-dd5450dbe970
* partial rewrite of the ASN.1 encodersKen Raeburn2008-10-251-7/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of a pile of macros generating code, that have to be threaded together in just the right way to get a valid ASN.1 encoding, we now have a pile of macros for defining data structures describing the objects and the ASN.1 types they should be encoded as, which structures are interpreted by recursive invocations of an encoder engine; there should be somewhat less rope for accidentally creating invalid encodings. The new macros are commented in asn1_k_encode.c. Putting most of the work into the encoder engine also reduces the code size (in one configuration, including LDAP-KDB and PKINIT encoders, code size went from 37K to <16K, though 10K of tables were added, and the PKINIT encoders are still open-coded). Some encoder interfaces have been revised to be more regular -- all now take one pointer to const argument (no two-input encoders, no pointer-to-non-const-pointer-to-const). A few encoders were eliminated or disabled because they were neither used nor exported from the library. The LDAP-KDB encoder has been converted, but the PKINIT encoders have not as there are no regression tests for them currently. There is still plenty of room for improvement; some notes on specific ideas have been added. String encoding primitives have been combined to reduce code size. A primitive for encoding bit strings has been added. Some miscellaneous warnings in the decoders have been cleaned up. A new dejagnu test case is added that ensures that KRB-SAFE messages get exercised. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20923 dc483132-0cff-0310-8789-dd5450dbe970
* More regression tests for ASN.1 encodersKen Raeburn2008-10-251-0/+5
| | | | | | | | | Export encode_krb5_sam_response_2 and encode_krb5_enc_sam_response_enc_2 via accessor. Add encode tests for encode_krb5_sam_key, _enc_sam_response_enc, _predicted_sam_response, _sam_response_2, _enc_sam_response_enc_2. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20922 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_build_principal_va does not allocate krb5_principalAlexandra Ellwood2008-10-242-1/+16
| | | | | | | | | | | | | | | | | krb5_build_principal_va does not allocate the outer krb5_principal, making it useless for generating krb5_principals which can be freed with krb5_free_principal. Added krb5_build_principal_alloc_va which allocates the krb5_principal. Added krb5int_build_principal_alloc_va which is used by KIM to avoid code duplication. KIM's kim_identity_create_from_components takes the first component as an argument because principals with no components cannot be represented with the KIM UI. Modified KIM to use this new API. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20918 dc483132-0cff-0310-8789-dd5450dbe970
* Add build system support for strlcpy and strlcat on platforms which doGreg Hudson2008-10-241-0/+8
| | | | | | | | | not provide it natively. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20916 dc483132-0cff-0310-8789-dd5450dbe970
* Use snprintf instead of strcpy/strcat in many placesGreg Hudson2008-10-231-0/+16
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20912 dc483132-0cff-0310-8789-dd5450dbe970
* Merge KerberosIPC into k5_mig supportAlexandra Ellwood2008-10-151-6/+1
| | | | | | | | | Now that there are no servers using only kipc_* calls, merge them into the k5_mig_* calls. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20873 dc483132-0cff-0310-8789-dd5450dbe970
* Now that we have support for conditionally exporting symbols from the supportKen Raeburn2008-10-151-74/+5
| | | | | | library, use that for the [v]asprintf replacement functions when needed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20871 dc483132-0cff-0310-8789-dd5450dbe970
* preferences should handle KIM_OPTIONS_DEFAULTAlexandra Ellwood2008-10-092-2/+4
| | | | | | ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20854 dc483132-0cff-0310-8789-dd5450dbe970
* KL APIs which take a NULL principal return klParameterErrAlexandra Ellwood2008-10-091-21/+24
| | | | | | | | | Fixed by making kim_ccache_create_from_client_identity take KIM_IDENTITY_ANY (at which point it returns the system default ccache). ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20850 dc483132-0cff-0310-8789-dd5450dbe970
* Change LDAP key-sequence encoder to use a single data structureKen Raeburn2008-10-061-12/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20829 dc483132-0cff-0310-8789-dd5450dbe970
* Support for change password checkbox in enter and selectAlexandra Ellwood2008-10-021-4/+12
| | | | | | | | identity ui elements. ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20812 dc483132-0cff-0310-8789-dd5450dbe970
* Updated documentation to reflect new APIs and re-ran DoxygenAlexandra Ellwood2008-10-019-43/+84
| | | | | | ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20806 dc483132-0cff-0310-8789-dd5450dbe970
* Make unset strings in kim_options and kim_selection_hintsAlexandra Ellwood2008-10-011-1/+3
| | | | | | | | | | | | be empty strings rather than NULL. This simplifies the stream code (and makes it easier to read and debug). In order to prevent copying tons of NUL bytes around, special case kim_string functions to use a special constant kim_empty_string. ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20804 dc483132-0cff-0310-8789-dd5450dbe970
* Support for passing options back and forth for enter_identity and Alexandra Ellwood2008-10-011-1/+2
| | | | | | | | hints back for select_identity. ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20794 dc483132-0cff-0310-8789-dd5450dbe970
* CCAPI should use common ipc and stream codeAlexandra Ellwood2008-09-301-5/+0
| | | | | | | | | KIM and CCAPI should share the same IPC and stream object types. Modified CCAPI to use code in src/util (stream) and src/util/mac (ipc) ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20787 dc483132-0cff-0310-8789-dd5450dbe970
* Added support for disabling password saving, both globallyAlexandra Ellwood2008-09-291-1/+6
| | | | | | | | and also per prompt via the UI. ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20781 dc483132-0cff-0310-8789-dd5450dbe970
* Removed useless init and cleanup functions. Alexandra Ellwood2008-09-291-1/+1
| | | | | | | | Fixed request port list handling. ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20778 dc483132-0cff-0310-8789-dd5450dbe970
* Create common stream and ipc layer for CCAPI and KIM. Alexandra Ellwood2008-09-283-1/+86
| | | | | | | | | Will switch CCAPI to this new code later though, so as not to destabilize KfM and the Windows builds. ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20769 dc483132-0cff-0310-8789-dd5450dbe970
* Renamed kim_identity_get_components to kim_identity_get_components_stringAlexandra Ellwood2008-09-271-2/+2
| | | | | | | | | | | | to better reflect what it does (a string of everything but the realm, not an array of components like the old name might imply). Added private functions which will be used by KLL to shim on top of KIM. Private functions also reduce memory allocations inside of KIM. ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20766 dc483132-0cff-0310-8789-dd5450dbe970
* KerberosAgent MachIPC supportAlexandra Ellwood2008-09-271-0/+10
| | | | | | ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20763 dc483132-0cff-0310-8789-dd5450dbe970
* Added kim_credential_get_options and kim_ccache_get_optionsAlexandra Ellwood2008-09-262-0/+34
| | | | | | | | for KerberosAgent to use to create new favorite identities ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20760 dc483132-0cff-0310-8789-dd5450dbe970
* Removed application name setting function from kim_selection_hints headersAlexandra Ellwood2008-09-261-28/+2
| | | | | | ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20758 dc483132-0cff-0310-8789-dd5450dbe970
* Initial checkin of Mac OS X ipc support. Alexandra Ellwood2008-09-261-7/+2
| | | | | | | | | | | | Also moved "set application name" functionality to kim_library_ because most applications do not need to call it and their name doesn't usually change over time or per thread By putting it in a global setting apps that do need to call it only have to call it once instead of every time they want to authenticate. ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20757 dc483132-0cff-0310-8789-dd5450dbe970
* Removed prototype with no implementationAlexandra Ellwood2008-09-251-13/+0
| | | | | | ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20750 dc483132-0cff-0310-8789-dd5450dbe970
* Fixed bugs in command line change password support.Alexandra Ellwood2008-09-242-62/+27
| | | | | | | | | | Removed low level change password functions from export list because they require a UI context. Added kim_ccache functions needed by klist to export list. ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20749 dc483132-0cff-0310-8789-dd5450dbe970
* Renamed error handling files to reflect what they do now.Alexandra Ellwood2008-09-235-103/+53
| | | | | | | | | | Moved GUI code into OS-specific directory. Fixed bugs in cache collection iterator routines where it was mishandling the magic empty ccache created when the cache collection is empty. ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20747 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-02-06 06:47:15 +0000