summaryrefslogtreecommitdiffstats
path: root/src/include
Commit message (Collapse)AuthorAgeFilesLines
...
* Document the DAL interface in comments, as an aid to moduleGreg Hudson2010-01-251-184/+546
| | | | | | implementors. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23666 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_allow_weak_crypto APIGreg Hudson2010-01-191-0/+5
| | | | | | | | | | | | Add an API to allow apps to override the profile setting of allow_weak_crypto, so that aklog can work with krb5 1.8 out of the box until OpenAFS finishes migrating away from DES. ticket: 6645 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23663 dc483132-0cff-0310-8789-dd5450dbe970
* Since krb5int_validate_times is used only inside krb dir do not export it ↵Zhanna Tsitkov2010-01-061-4/+0
| | | | | | and move its prototype into int-proto.h git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23592 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_validate_times into krb5int_validate_times as it is internal ↵Zhanna Tsitkov2010-01-051-1/+1
| | | | | | function git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23591 dc483132-0cff-0310-8789-dd5450dbe970
* disable weak crypto by defaultTom Yu2010-01-051-1/+1
| | | | | | | | | Set allow_weak_crypto=false by default. Set default master key enctype to sha256. Adjust test suite to compensate. ticket: 6621 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
* Bring back krb5_kt_free_entry which really does the same thing asSam Hartman2010-01-042-4/+5
| | | | | | | krb5_free_keytab_entry_contents per discussion on krbdev in order to avoid breaking samba builds. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23581 dc483132-0cff-0310-8789-dd5450dbe970
* Enable caching of key-derived context info such as key schedules fromKen Raeburn2010-01-031-0/+12
| | | | | | | | | | | | | one encryption operation to another. Use a new function in the enc_provider structure for cleanup. Implement caching of aes_ctx values. Using Greg's performance tests from the derived-key caching work, on a 2.8GHz Xeon, I see 1 million AES-128 encryptions of 16 bytes improved by 5-6%; encryptions of 1024 bytes and checksums are not significantly affected. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23574 dc483132-0cff-0310-8789-dd5450dbe970
* No comma at end of enumerator listKen Raeburn2009-12-311-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23548 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5int_get_domain_realm_mapping into kdc_util.c as this function is a ↵Zhanna Tsitkov2009-12-301-0/+3
| | | | | | helper in kdc code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23546 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new profile variable preauth_module_dir, which specifiesGreg Hudson2009-12-281-0/+1
| | | | | | | | directories to look for preauth plugins in prior to the hardcoded locations. Undocumented for now since, like db_module_dir, this is mostly intended for the test suite. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23531 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-281-10/+9
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-283-17/+42
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* On Luke's advice, remove krb5_init_creds_store_creds. It is not aGreg Hudson2009-12-151-4/+0
| | | | | | | Heimdal API and its functionality is covered by krb5_get_init_creds_opt_set_out_ccache. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23469 dc483132-0cff-0310-8789-dd5450dbe970
* fast negotiation projecSam Hartman2009-12-142-8/+60
| | | | | | | | | | | | | | | | Merge branches/fast-negotiate into trunk. This implements http://k5wiki.kerberos.org/wiki/Projects/Fast_negotiation Additional changes: * krb5_c_make_checksum with checksum type 0 uses mandatory checksum for given key enctype Conflicts: src/lib/crypto/krb/make_checksum.c ticket: 6595 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23465 dc483132-0cff-0310-8789-dd5450dbe970
* Restructure the crypto checksum implementation to minimizeGreg Hudson2009-12-101-20/+5
| | | | | | | | | | | | | | | | | | | | | dependencies on the internals of modules. * Keyhash providers are gone. * The cksumtypes table contains checksum and verify functions, similar to the etypes encrypt and decrypt functions. New checksum functions parallel the old keyhash providers, and there are also functions for unkeyed and derived-key HMAC checksums. * The flags field is now used to indicate whether a checksum is unkeyed, but not whether it is a derived-key HMAC checksum. * The descbc checksum is handled through a new enc_provider function which calculates a CBC MAC. The OpenSSL module does not implement the CBC MAC function (it didn't implement descbc before). builtin/des could probably get rid of f_cksum.c (the old DES CBC routine) with some alterations to string2key.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23462 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the ivec parameters from the keyhash provider functions, asGreg Hudson2009-12-061-6/+3
| | | | | | they are never used by callers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23452 dc483132-0cff-0310-8789-dd5450dbe970
* Make the libk5crypto hash_provider interface take crypto_iov listsGreg Hudson2009-12-061-16/+6
| | | | | | | instead of lists of krb5_data. Make the base HMAC APIs take crypto_iov lists and drop the _iov variants. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23450 dc483132-0cff-0310-8789-dd5450dbe970
* Make the alloc_data and k5alloc convenience functions work if theGreg Hudson2009-12-051-3/+5
| | | | | | caller requests zero bytes, by allocating one byte instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23448 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate the IOV and non-IOV encryption/decryption code paths, andGreg Hudson2009-12-041-35/+8
| | | | | | | | | | | | | | | | | | | | | | | | drop the _iov suffix from most encryption- and decryption-related functions. The enc_provider encrypt and decrypt functions take IOVs, as do the enctype entries in etypes.c, and there are no separate encrypt_iov or decrypt_iov functions. aead_provider is gone. Enctype functions now take pointers to the enctype entry instead of pointers to the enc/hash/aead providers; this allows dk_encrypt and dk_decrypt to be polymorphic in the length function they use now that AES and DES3 can't differentiate by aead provider. aes_string_to_key needed to be moved into the krb/ fold for this since it's an enctype function; it was duplicated between builtin/ and openssl/ before. This leaves openssl/aes empty; the build system currently demands that all modules have the same directory structure, so the directory and Makefile will stick around for now. Three separate copies of the derive_random logic are also now consolidated into one. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
* Temporarily define UINT16_TYPE and UINT32_TYPE so the load/storeKen Raeburn2009-12-031-24/+15
| | | | | | functions don't need excessive conditionals internally. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23437 dc483132-0cff-0310-8789-dd5450dbe970
* Add store_{16,32,64}_n functions, for potentially-unaligned, native-order valuesKen Raeburn2009-12-021-0/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23431 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the non-iov entry point introduced in r23378, since it's easyGreg Hudson2009-11-291-14/+4
| | | | | | | | to use the iov entry point at both call sites. Rename the iov entry point to remove the "_iov" suffix since it's no longer needed to disambiguate. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23381 dc483132-0cff-0310-8789-dd5450dbe970
* Create functional internal interfaces to allow GSSAPI to performGreg Hudson2009-11-281-16/+24
| | | | | | | | arcfour encryption of GSS tokens. This factors out derivation of the usage and encryption keys, and removes the need for the provider structures to be visible to all of krb5 via k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23378 dc483132-0cff-0310-8789-dd5450dbe970
* Add a convenience inline function in k5-int.h to initialize aGreg Hudson2009-11-281-0/+13
| | | | | | krb5_data structure with allocated memory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23376 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_key versions of the auth context key accessors, and use themGreg Hudson2009-11-271-0/+9
| | | | | | to simplify the gss-krb5 code a little bit. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23372 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_k_prf, the krb5_key version of krb5_c_prfGreg Hudson2009-11-271-0/+3
| | | | | | ticket: 6576 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23365 dc483132-0cff-0310-8789-dd5450dbe970
* libkrb5 support for non-blocking AS requestsGreg Hudson2009-11-261-0/+52
| | | | | | | | | | | Merge Luke's iakerb-libkrb5-as-only branch into trunk with several bug fixes. Adds support for the krb5_init_creds APIs (same as Heimdal's) which allow AS requests to be performed via a different transport than the blocking send_to_kdc. ticket: 6586 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23358 dc483132-0cff-0310-8789-dd5450dbe970
* Defer the conversion of the gic options structure to the extended formGreg Hudson2009-11-251-7/+7
| | | | | | | until we reach krb5_get_init_creds. Rename that function to krb5int_get_init_creds since it isn't public. Also stop exporting it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23357 dc483132-0cff-0310-8789-dd5450dbe970
* Punt the volatile cast in the non-gcc, non-Windows version of zap.Greg Hudson2009-11-242-2/+5
| | | | | | | Use a function call into libkrb5support instead, since that's hard to inline. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23339 dc483132-0cff-0310-8789-dd5450dbe970
* Expand comments around 'zap' codeKen Raeburn2009-11-241-1/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23319 dc483132-0cff-0310-8789-dd5450dbe970
* Make zap() work with non-gcc C++ compilers.Greg Hudson2009-11-221-5/+4
| | | | | | Eliminate the intermediate name krb5int_zap_data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23311 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-221-9/+7
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* Put krb5_auth_con_set_req_cksumtype back in the public API, since itGreg Hudson2009-11-192-4/+4
| | | | | | is needed by the BSD applications which will be unbundled in 1.8. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23292 dc483132-0cff-0310-8789-dd5450dbe970
* Rework using "do { } while (0)" in macro bodies to avoid divergentTom Yu2009-11-171-4/+8
| | | | | | emacs-22 vs emacs-23 indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23252 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up some open-parenthesis problems, and reindentTom Yu2009-11-161-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23246 dc483132-0cff-0310-8789-dd5450dbe970
* Move prototypes for krb5int_send_tgs and krb5int_decode_tgs_rep to int-proto.h.Ezra Peisach2009-11-161-21/+0
| | | | | | These functions are not exported by the library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23232 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5int_get_fq_local_hostname to os-proto.h. Not exportedEzra Peisach2009-11-151-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23188 dc483132-0cff-0310-8789-dd5450dbe970
* Moved krb5int_sendto prototype to os-proto.h. This function is not exported Ezra Peisach2009-11-151-11/+0
| | | | | | from libkrb5 - so the rest of the world does not need to see it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23186 dc483132-0cff-0310-8789-dd5450dbe970
* Add an exception for include/iprop.h and revert its reformatting,Greg Hudson2009-11-151-119/+118
| | | | | | since it was generated with rpcgen. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23185 dc483132-0cff-0310-8789-dd5450dbe970
* Fix typos in previousTom Yu2009-11-141-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23182 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent include directory, reformatting prototypes as necessary.Greg Hudson2009-11-1453-5622/+5216
| | | | | | | Exclude include/gssrpc due to its Sun origin and k5-platform.h due to macros too hairy for emacs c-mode to handle. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23180 dc483132-0cff-0310-8789-dd5450dbe970
* Remove include/krb54proto.h as it is no longer usedGreg Hudson2009-11-141-17/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23163 dc483132-0cff-0310-8789-dd5450dbe970
* Constrained delegation without PAC supportGreg Hudson2009-11-142-0/+33
| | | | | | | | | | | Merge Luke's users/lhoward/s4u2proxy branch to trunk. Implements a Heimdal-compatible mechanism for allowing constrained delegation without back-end support for PACs. Back-end support exists in LDAP only (via a new krbAllowedToDelegateTo attribute), not DB2. ticket: 6580 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23160 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up a bunch of signed/unsigned comparison warningsGreg Hudson2009-11-021-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23120 dc483132-0cff-0310-8789-dd5450dbe970
* Un-constify struct errinfo's msg field because it is the owner of thatGreg Hudson2009-11-011-1/+1
| | | | | | | memory (even though the memory is intended to be immutable during its lifetime). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23116 dc483132-0cff-0310-8789-dd5450dbe970
* In k5-int.h, fix make_data to work with C++Greg Hudson2009-11-011-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23115 dc483132-0cff-0310-8789-dd5450dbe970
* Move the implementations of four deprecated crypto functions toGreg Hudson2009-11-011-23/+0
| | | | | | | | old_api_glue.c. Move the prototypes of seven deprecated crypto functions to old_api_glue.c instead of k5-int.h, since we don't use those functions internally. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23112 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-3161-1733/+1732
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Add a couple of krb5_data convenience constructor functions, toGreg Hudson2009-10-291-19/+26
| | | | | | | | facilitate properly initializing krb5_data objects. Adjust formatting of the existing krb5_data convenience functions and remove the #if 0 block. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23092 dc483132-0cff-0310-8789-dd5450dbe970
* Bump the accessor version number since we made changes.Greg Hudson2009-10-281-18/+16
| | | | | | | | Take the opportunity to regularize accessor field names (no krb5 or krb5int prefixes). Fix a test program which was still using krb5_hmac. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23081 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 13:08:44 +0000