summaryrefslogtreecommitdiffstats
path: root/src/include
Commit message (Collapse)AuthorAgeFilesLines
...
* Added the note to the trace API functions that they have higher priority ↵Zhanna Tsitkov2011-11-091-2/+8
| | | | | | than the KRB5_TRACE env variable git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25466 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_check_clockskew publicGreg Hudson2011-10-312-1/+15
| | | | | | | | | | | | Rename krb5int_check_clockskew to krb5_check_clockskew and make it public, in order to give kdcpreauth plugins a way to check timestamps against the configured clock skew. ticket: 6996 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25424 dc483132-0cff-0310-8789-dd5450dbe970
* Fix format string for TRACE_INIT_CREDS_SERVICEGreg Hudson2011-10-261-1/+1
| | | | | | | | | | This should also be pulled up to 1.10. ticket: 6993 tags: pullup target_version: 1.9.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25417 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_find_authdata publicGreg Hudson2011-10-252-6/+21
| | | | | | | | | | Rename krb5int_find_authdata to krb5_find_authdata and make it public. ticket: 6992 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25414 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor salt computation into libkdb5Greg Hudson2011-10-241-0/+6
| | | | | | | Add a new API krb5_dbe_compute_salt() to determine the salt for a key data entry, and use it in the three places we currently compute salts. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25410 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure termination in Windows vsnprintf wrapperGreg Hudson2011-10-181-1/+3
| | | | | | | | | | | | | | | The Windows _vsnprintf does not terminate its output buffer in the overflow case. Make sure we do that in the wrapper. Reported by Chris Hecker. (Not an issue for KfW 3.2 since we weren't using snprintf in 1.6.x except in Unix-specific code.) ticket: 6980 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25367 dc483132-0cff-0310-8789-dd5450dbe970
* Make reindentTom Yu2011-10-172-17/+16
| | | | | | | Also fix pkinit_crypto_nss.c struct initializers and add parens to a ternary operator in do_as_req.c for better indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970
* Install krb5/preauth_plugin.hGreg Hudson2011-10-151-0/+1
| | | | | | | | | | The clpreauth and kdcpreauth pluggable interfaces are public as of krb5 1.10. Install the header so that preauth modules can be built outside of the krb5 source tree. ticket: 6977 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25353 dc483132-0cff-0310-8789-dd5450dbe970
* Rename PAC type constants to avoid conflictsGreg Hudson2011-10-151-7/+7
| | | | | | | | Since the PAC type constants are now exposed in krb5.h, give them a KRB5_ prefix so they don't conflict with similar PAC type constants in other packages, like Samba. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25352 dc483132-0cff-0310-8789-dd5450dbe970
* Hide gak_fct interface and arguments in clpreauthGreg Hudson2011-10-152-47/+45
| | | | | | | | | | | | | | | | | | | | | | Remove the gak_fct, gak_data, salt, s2kparams, and as_key arguments of krb5_clpreauth_process_fn and krb5_clpreauth_tryagain_fn. To replace them, add two callbacks: one which gets the AS key using the previously selected etype-info2 information, and a second which lets the module replace the AS key with one it has computed. This changes limits module flexibility in a few ways. Modules cannot check whether the AS key was already obtained before asking for it, and they cannot use the etype-info2 salt and s2kparams for purposes other than getting the password-based AS key. It is believed that of existing preauth mechanisms, only SAM-2 preauth needs more flexibility than the new interfaces provide, and as an internal legacy mechanism it can cheat. Future mechanisms should be okay since the current IETF philosophy is that etype-info2 information should not be used for other purposes. ticket: 6976 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25351 dc483132-0cff-0310-8789-dd5450dbe970
* Make kdcpreauth edata method respond via callbackGreg Hudson2011-10-151-10/+20
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25348 dc483132-0cff-0310-8789-dd5450dbe970
* Add new header gssapi_alloc.hSam Hartman2011-10-141-1/+1
| | | | | | | | | | | | | | | Contains allocator methods for use with mechanisms and mechglues for allocations that must be made in one module but freed in another. On windows, an allocation made in one module cannot safely be freed in another using the usual c runtime malloc/free; runtime dll mismatch will cause heap corruption in that case. But it is safe to instead directly use HeapAlloc()/HeapFree() specifying the default process heap. For now, this header is not public. If it becomes public strncpy will need to be used instead of strlcpy. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25330 dc483132-0cff-0310-8789-dd5450dbe970
* Removed unused macrosZhanna Tsitkov2011-10-141-7/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25328 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the doxygen comments for krb5_pac_signZhanna Tsitkov2011-10-121-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25326 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_pac_sign publicGreg Hudson2011-10-122-9/+21
| | | | | | | | | | | | krb5int_pac_sign was created as a private API because it is only needed by the KDC. But it is actually used by DAL or authdata plugin modules, not the core KDC code. Since plugin modules should not need to consume internal libkrb5 functions, rename krb5int_pac_sign to krb5_pac_sign and make it public. ticket: 6974 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25325 dc483132-0cff-0310-8789-dd5450dbe970
* Documentation pass over preauth_plugin.hGreg Hudson2011-10-121-38/+37
| | | | | | No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25324 dc483132-0cff-0310-8789-dd5450dbe970
* Add get_string, free_string kdcpreauth callbacksGreg Hudson2011-10-061-0/+10
| | | | | | | | String attributes should be useful to preauth modules without having to link against libkdb5. Add a callback to make client string attributes accessible to modules. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25318 dc483132-0cff-0310-8789-dd5450dbe970
* Ditch fast_factor.h since it contains only stubsGreg Hudson2011-10-061-45/+0
| | | | | | | | Leave a comment behind where we called fast_set_kdc_verified(). Remove the call to fast_kdc_replace_reply_key() since it's wrong (encrypted challenge doesn't replace the reply key in that sense). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25317 dc483132-0cff-0310-8789-dd5450dbe970
* Use type-safe callbacks in preauth interfaceGreg Hudson2011-10-062-117/+63
| | | | | | | | | | | | | | | Replace the generic get_data functions in clpreauth and kdcpreauth with structures containing callback functions. Each structure has a minor version number to allow adding new callbacks. For simplicity, the new fast armor key callbacks return aliases, which is how we would supply the armor key as a function parameter. The new client keys callback is paired with a free_keys callback to reduce the amount of cleanup code needed in modules. ticket: 6971 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25315 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5int_gettimeofday to k5sprt for platforms w/o native gettimeofdaySam Hartman2011-10-051-0/+5
| | | | | | | | | | Microsecond accuracy on _WIN32, but only one second accuracy on other, AFAIK purely hypothetical, platforms that lack native gettimeofday. Shamelessly cribbed from Heimdal. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25310 dc483132-0cff-0310-8789-dd5450dbe970
* Fix incorrect formatting of KDF fields, no substantive changeSam Hartman2011-10-051-2/+2
| | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25301 dc483132-0cff-0310-8789-dd5450dbe970
* Use an opaque handle in the kdcpreauth callbackGreg Hudson2011-10-053-32/+22
| | | | | | | | | | | | | | Instead of passing a request and entry to the kdcpreauth get_data callback, pass an opaque handle. Remove DB entry and key data parameters from kdcpreauth methods (but keep the request, since that's transparent). The SecurID plugin links against libkdb5 and needs access to the client DB entry. Rather than continue to pass a DB entry to kdcpreauth methods, add a get_data callback to get the client DB entry for the few plugins which might need it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25300 dc483132-0cff-0310-8789-dd5450dbe970
* Create e_data as pa_data in KDC interfacesGreg Hudson2011-10-042-12/+26
| | | | | | | | | | | | All current known uses of e_data are encoded as pa-data or typed-data. FAST requires that e_data be expressed as pa-data. Change the DAL and kdcpreauth interfaces so that e_data is returned as a sequence of pa-data elements. Add a preauth module flag to indicate that the sequence should be encoded as typed-data in non-FAST errors. ticket: 6969 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25298 dc483132-0cff-0310-8789-dd5450dbe970
* Make kdcpreauth verify respond via callbackGreg Hudson2011-10-031-4/+9
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25294 dc483132-0cff-0310-8789-dd5450dbe970
* Make dispatch() respond via a callbackGreg Hudson2011-10-031-6/+5
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25291 dc483132-0cff-0310-8789-dd5450dbe970
* Moved Windows specific include files to src/windows/includeSam Hartman2011-09-2811-3468/+0
| | | | | | | | Updated Windows specific Makefiles to search for header files in src/windows/include Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25279 dc483132-0cff-0310-8789-dd5450dbe970
* Enabled unconditional build of kfwlogon on WindowsSam Hartman2011-09-285-0/+2431
| | | | | | | | Removed dependency on KFW, as it is now a part of the same build. Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25258 dc483132-0cff-0310-8789-dd5450dbe970
* Moved LoadFuncs/UnloadFuncs() to windows/libSam Hartman2011-09-281-0/+41
| | | | | | Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25257 dc483132-0cff-0310-8789-dd5450dbe970
* Added leashdll/wshelper related files from KFWSam Hartman2011-09-285-0/+996
| | | | | | From: Alexey Melnikov <alexey.melnikov@isode.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25243 dc483132-0cff-0310-8789-dd5450dbe970
* win-mac.h additions for windows buildSam Hartman2011-09-281-1/+1
| | | | | | | | | windows implementation of k5_get_os_entropy() Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25242 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate domain-based client realm walkGreg Hudson2011-09-281-0/+4
| | | | | | | | | | | | | | | | | For a very long time, KDCs have known how to perform a domain-based realm walk when serving requests for TGTs. (So if a KDC for A.B.C receives a request for krbtgt/X.B.C and doesn't have that principal, it can return one for krbtgt/B.C instead.) Performing the same heuristic on the client is unnecessary and inefficient in common cases. Add a new function k5_client_realm_path to walk_rtree.c which uses capaths values only, and returns a list of realms (as desired by get_creds.c) instead of TGT names. ticket: 6966 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25241 dc483132-0cff-0310-8789-dd5450dbe970
* Make the comments usable by DoxygenZhanna Tsitkov2011-09-261-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25237 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use accessor in encrypted challengeGreg Hudson2011-09-241-12/+1
| | | | | | | Now that the encrypted challenge code is linked into libkrb5 and the KDC, it's unnecessary to use the accessor there. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25229 dc483132-0cff-0310-8789-dd5450dbe970
* Recast encrypted challenge as linked built-insGreg Hudson2011-09-231-0/+86
| | | | | | | | Since it has no external dependencies, split up encrypted preauth into clpreauth and kdcpreauth chunks and link them directly into the consumers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25227 dc483132-0cff-0310-8789-dd5450dbe970
* Add kadmin functionality for string attributesGreg Hudson2011-09-211-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25215 dc483132-0cff-0310-8789-dd5450dbe970
* Add KRB5_TL_STRING_ATTRS and libkdb5 accessorsGreg Hudson2011-09-211-0/+34
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25214 dc483132-0cff-0310-8789-dd5450dbe970
* Formatting fixesGreg Hudson2011-09-192-10/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25209 dc483132-0cff-0310-8789-dd5450dbe970
* Protect autoconf #defines (HAVE_FOO, et al) in win-mac.h with #ifdef ↵Sam Hartman2011-09-191-0/+4
| | | | | | | | | KRB5_PRIVATE add -DKRB5_PRIVATE to CPPFLAGS in win-pre.in and to ALL_CXXFLAGS and ALL_CFLAGS in pre.in Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25199 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the ticket from the pkinit-alg-agility KDF function, to matchSam Hartman2011-09-191-1/+0
| | | | | | | | | agreed changes to the IETF specification. Includes removing a parameter from the KDF function, removing the ticket from the ASN.1 encoder, and updating the test code. Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25197 dc483132-0cff-0310-8789-dd5450dbe970
* * Extend auth_packSam Hartman2011-09-192-3/+20
| | | | | | | | | | * extend dh_rep * add krb5_free_octet_data * extend pkinit free functions pkinit: add supportedKDFs and kdfID to structures git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25194 dc483132-0cff-0310-8789-dd5450dbe970
* Added underlying ASN.1 structures for pkinit algorithm agilitySam Hartman2011-09-191-0/+22
| | | | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> tested-by: Sam Hartman <hartmans@debian.org> fixes-from: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25190 dc483132-0cff-0310-8789-dd5450dbe970
* Split signal setup into loop_setup_signals()Greg Hudson2011-09-141-1/+3
| | | | | | | In the KDC, set up signals in the worker process child after forking from the monitor process. From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25176 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_cc_select() API and pluggable interfaceGreg Hudson2011-09-054-2/+170
| | | | | | | | | | | The interface has two built-in modules. The realm module guesses a cache based on the server realm if it is known. The k5identity module (Unix only) chooses a client principal based on rules in a .k5identity file in the user's homedir. ticket: 6957 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25158 dc483132-0cff-0310-8789-dd5450dbe970
* Add new cache collection APIsGreg Hudson2011-09-052-0/+70
| | | | | | | | | | | | | | | * krb5_cc_get_full_name retrieves the full type:name of a cache. * krb5_cc_switch makes a cache the primary cache. * krb5_cc_cache_match searches the collection for a client principal. * krb5_free_string releases a string (for the krb5_cc_get_full_name result). All of these are from Heimdal except for krb5_free_string (Heimdal uses krb5_xfree). ticket: 6954 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25155 dc483132-0cff-0310-8789-dd5450dbe970
* Add fnmatch support to libkrb5supportGreg Hudson2011-09-051-0/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25153 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-041-2/+2
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-041-117/+117
| | | | | | Mostly changes column choice for backslashes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25143 dc483132-0cff-0310-8789-dd5450dbe970
* Migrate net-server loop to use libvertoGreg Hudson2011-09-021-7/+11
| | | | | | From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25132 dc483132-0cff-0310-8789-dd5450dbe970
* Add a loop_ prefix to net-server.c functionsGreg Hudson2011-09-021-9/+10
| | | | | | From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25128 dc483132-0cff-0310-8789-dd5450dbe970
* Make data_eq_string work with const stringsGreg Hudson2011-08-151-8/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25101 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 07:28:44 +0000