summaryrefslogtreecommitdiffstats
path: root/src/include
Commit message (Collapse)AuthorAgeFilesLines
...
* Replace krb5_ with krb5Int_ prefix for non-API functionsZhanna Tsitkov2009-10-281-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23079 dc483132-0cff-0310-8789-dd5450dbe970
* Heimdal DB bridge plugin for KDC back endGreg Hudson2009-10-272-0/+4
| | | | | | | | | Merge Luke's users/lhoward/heimmig branch to trunk. Implements a KDC back-end plugin which interfaces to a Heimdal HDB plugin. ticket: 6578 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23073 dc483132-0cff-0310-8789-dd5450dbe970
* Account lockoutGreg Hudson2009-10-253-6/+19
| | | | | | | | | | | | Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
* Allow the constrained delegation authorization method to use the evidence ↵Luke Howard2009-10-211-0/+1
| | | | | | ticket client name as input to the authorization decision git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22963 dc483132-0cff-0310-8789-dd5450dbe970
* remove some unneeded extensions from the Novell backend authdata SPILuke Howard2009-10-211-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22961 dc483132-0cff-0310-8789-dd5450dbe970
* Increment authdata SPI to V2 (V1 was experimental) to accountLuke Howard2009-10-211-3/+3
| | | | | | for additional krbtgt key parameter. This was at Sam's suggestion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22958 dc483132-0cff-0310-8789-dd5450dbe970
* Implement new APIs to allow improved crypto performanceGreg Hudson2009-10-192-14/+117
| | | | | | | | | | | Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the krb5_k_* APIs to use them, and caching of derived keys when krb5_k_* functions are used. Updates the krb5 auth context and GSS id-rec to use krb5_keys. ticket: 6576 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944 dc483132-0cff-0310-8789-dd5450dbe970
* Implement GSS naming extensions and authdata verificationGreg Hudson2009-10-094-6/+316
| | | | | | | | | Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming extensions and verification of authorization data. ticket: 6572 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
* Add convenience functions zapfree (test for null, zap, free) andGreg Hudson2009-10-031-0/+21
| | | | | | k5alloc (allocate memory, set a krb5_error_code result) to k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22838 dc483132-0cff-0310-8789-dd5450dbe970
* Remove autoconf.h on "make distclean".Greg Hudson2009-09-161-0/+3
| | | | | | | | Check for the presence of a build in the src tree for "make depend". Suggest "make distclean" when "make depend" detects a build in the src tree or an attempt to make depend in the src tree. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22776 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj.: Move prf and random-to-key ops from backend to krbZhanna Tsitkov2009-09-161-0/+3
| | | | | | bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769 dc483132-0cff-0310-8789-dd5450dbe970
* Fix stupid logic bug in last versionKen Raeburn2009-09-151-2/+2
| | | | | | ticket: 6565 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22766 dc483132-0cff-0310-8789-dd5450dbe970
* Check __BIG_ENDIAN__ and __LITTLE_ENDIAN__ to determine endianness.Ken Raeburn2009-09-151-2/+6
| | | | | | | | | In fallback code, check ia64 platforms for hpux vs everything else; HP-UX uses big-endian mode. ticket: 6565 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22761 dc483132-0cff-0310-8789-dd5450dbe970
* Implement s4u extensionsGreg Hudson2009-09-134-4/+59
| | | | | | | | | Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj: OpemSSL crypto feed for ↵Zhanna Tsitkov2009-09-031-0/+1
| | | | | | | | hmac/md5/md4/sha1/rc4/des/des3(w/o iov) bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22709 dc483132-0cff-0310-8789-dd5450dbe970
* Get "make depend" to work in an unbuilt source tree, since bad depsGreg Hudson2009-08-031-0/+2
| | | | | | | | files can make it difficult to build the tree. To do this, make the depends target depend on generated header files and on header file copies or links into the main include directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22486 dc483132-0cff-0310-8789-dd5450dbe970
* Include <assert.h> in k5-platform.h, since we use assertions in someGreg Hudson2009-07-301-0/+1
| | | | | | | | | | | of the macros defined there, as well as in many source files which do not themselves include <assert.h>. Report and fix by Rainer Weikusat. ticket: 6533 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22475 dc483132-0cff-0310-8789-dd5450dbe970
* Enctype list configuration enhancementsGreg Hudson2009-07-291-0/+4
| | | | | | | | | | | In the processing code for enctype lists, add support for "DEFAULT" to indicate the default list, for families (des/des3/aes/rc4), and for removing entries from the current list (-foo). Also add unit tests and document. ticket: 6539 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22469 dc483132-0cff-0310-8789-dd5450dbe970
* Use zero-terminated enctype lists in the context structure instead ofGreg Hudson2009-07-271-4/+2
| | | | | | counted lists, to reduce impedance mismatches. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22456 dc483132-0cff-0310-8789-dd5450dbe970
* k5-platform.h no longer takes responsibility for making "staticGreg Hudson2009-07-011-1/+0
| | | | | | inline" work, so remove the comment which says it does. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22425 dc483132-0cff-0310-8789-dd5450dbe970
* Restore limited support for static linkingGreg Hudson2009-06-081-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add enough static linking support to run the test suite without shared libraries, to facilitate gcov and other kinds of instrumentation. The necessary changes include: * Undo some of the changes which removed static linking support, and cannibalize the defunct krb5_force_static conditional block in aclocal.m4. * Add --enable-static-only configure option. * For plugins, use a different symbol name for static and dynamic builds, via a macro in k5plugin.h. * Add build machinery for building static libraries for plugins (somewhat grotty due to the difference in names). * Move plugin subdirs earlier in SUBDIRS in src/Makefile.in. * Make the in-tree KDB5 plugins dependencies of libkdb5 in a static build (aclocal.m4 has to know what they are). * In kdb5.c, cannibalize the broken _KDB5_STATIC_LINK support to allow "loading" of statically linked plugin libraries. Preauth, authdata, locate, and GSSAPI plugins are not handled by this change, as they are not currently necessary to the test suite. Supporting GSSAPI plugins may be a bit tricky but the others should be straightforward if they become needed. $(STLIBEXT) changes from .a-nobuild to .a in a normal shared build as a result of these changes (except on AIX where aclocal.m4 changes it). This does not seem to be important as we avoid selecting the static library for building via other means. ticket: 6510 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22406 dc483132-0cff-0310-8789-dd5450dbe970
* UCS2 support doesn't handle upper half of BMPGreg Hudson2009-05-141-7/+4
| | | | | | | | | | | | Make krb5_ucs2 an unsigned type. Eliminate the need for distinguished values for ucs2 and ucs4 characters by changing the API of the single- character conversion routines. ticket: 6489 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22350 dc483132-0cff-0310-8789-dd5450dbe970
* Try decrypting using session key if subkey fails in tgs rep handlingSam Hartman2009-05-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | Heimdal at least up through 1.2 incorrectly encrypts the TGS response in the session key not the subkey when a subkey is supplied. See RFC 4120 page 35. Work around this by trying decryption using the session key after the subkey fails. * decode_kdc_rep.c: rename to krb5int_decode_tgs_rep; only used for TGS and now needs to take keyusage * gc_via_tkt: pass in session key and appropriate usage if subkey fails. Note that the dead code to process AS responses in decode_kdc_rep is not removed by this commit. That will be removed as FAST TGS client support is integrated post 1.7. ticket: 6484 Tags: pullup Target_Version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22325 dc483132-0cff-0310-8789-dd5450dbe970
* Add DEBUG_ERROR_LOCATIONS supportGreg Hudson2009-04-292-0/+26
| | | | | | | | | | | | If DEBUG_ERROR_LOCATIONS is defined, replace uses of krb5_set_error_message and krb5int_set_error with calls to the new _fl variants of those functions, and include filename and line number information in the calls. Requires C99-style variadic macros if defined. ticket: 6479 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22291 dc483132-0cff-0310-8789-dd5450dbe970
* Move KRB5_KDB_OK_AS_DELEGATE from kdb_ext.h to kdb.h. Add kadminGreg Hudson2009-04-272-2/+1
| | | | | | | | | | | support for the flag. In the KDC, remove the restriction on returning the flag on cross-realm TGTs since there is now a defined meaning for that (it allows ok-as-delegate to be honored on the foreign realm's service tickets). ticket: 5596 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22281 dc483132-0cff-0310-8789-dd5450dbe970
* Merge fast branch at 22166 onto trunkSam Hartman2009-04-031-2/+2
| | | | | | ticket: 6436 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22167 dc483132-0cff-0310-8789-dd5450dbe970
* Implement FAST from draft-ietf-krb-wg-preauth-frameworkSam Hartman2009-03-314-9/+154
| | | | | | | | | | | | Merge fast branch at 22146 onto trunk Implement the kerberos pre-authentication framework FAST feature per Projects/FAST on the wiki. ticket: 6436 Target_Version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22149 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r21880 which included k5-int.h in several pkinit source files.Greg Hudson2009-03-241-16/+0
| | | | | | | | Instead, move the pkinit-specific KRB5_CONF macros to pkinit.h, and add duplicate definitions of the non-pkinit-specific macros used by the pkinit code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22113 dc483132-0cff-0310-8789-dd5450dbe970
* Install kadmin and kdb headersGreg Hudson2009-03-202-0/+11
| | | | | | | | | | | | | | Add disclaimers to the kadmin and kdb headers about the weaker stability commitments we make for their APIs, and install them for the benefit of users who can tolerate such instability. (The kadmin interface is the real goal here, but the kadmin header includes kdb.h so we need to install both.) ticket: 6431 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22112 dc483132-0cff-0310-8789-dd5450dbe970
* Implement tests for authdata functionsSam Hartman2009-03-161-0/+5
| | | | | | | | | Implement some test cases for krb5_merge_authdata and krb5int_find_authdata ticket: 6422 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22097 dc483132-0cff-0310-8789-dd5450dbe970
* Implement KRB-FX_CF2Sam Hartman2009-03-161-0/+15
| | | | | | | | | | Draft-ietf-krb-wg-preauth-framework defines a function KRB-FX-CF2 that combines two keys of arbitrary enctype. Implement this function as an exported API. ticket: 6421 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22094 dc483132-0cff-0310-8789-dd5450dbe970
* Make a working krb5_copy_error_messageGreg Hudson2009-03-112-3/+3
| | | | | | | | | | | | The krb5_copy_error_state macro wasn't used, didn't work, and didn't need to be a macro. Replace it with an exported API function named krb5_copy_error_message. ticket: 6407 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22078 dc483132-0cff-0310-8789-dd5450dbe970
* Rename kdb_setup_lib_handle to krb5_db_setup_lib_handle and export it.Greg Hudson2009-03-101-0/+1
| | | | | | | | | | | | | Make kdb5_ldap_util work again by calling this function to set up dal_handle instead of using one with an uninitialized lib_handle. It is likely that kdb5_ldap_util will only function given a krb5.conf which specifies a realm with an LDAP database module as the default realm. Not sure if that was the case before. ticket: 6403 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22071 dc483132-0cff-0310-8789-dd5450dbe970
* Include authenticator and ticket authdata in gss-apiSam Hartman2009-02-261-0/+8
| | | | | | | | | | | | | | | Currently, the GSS-API routines for handling authdata only extract the authorization data from the ticket, not that from the authenticator. This is incorrect. Introduce a new function krb5_merge_authadata to merge two authdata arrays into a newly allocated result array. Use this function in accept_sec_context.c to include both sets of authdata. ticket: 6400 Target_version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22056 dc483132-0cff-0310-8789-dd5450dbe970
* Implement TGS authenticator subkey usageSam Hartman2009-02-131-3/+8
| | | | | | | | | | | | | | | | | Implement support for use of a subkey in the TGS req. This is needed by FAST TGS support. The interface to krb5_send_tgs changed in order to gain a subkey output parameter. Since this is a private interface it was renamed to krb5int_send_tgs and removed from the export list. * send_tgs.c: generate a subkey and return to caller * decode_kdc_rep.c: Use subkey keyusage * gc_via_tkt.c: pass in subkey to decode_kdc_rep * send_tgs.c: use subkey for encrypting authorization data ticket: 6393 tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21993 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure we have a free function for every data type we have an ASN.1Greg Hudson2009-02-111-0/+6
| | | | | | | | | decoder for. Export the new free functions, but only declare them in k5-int.h since they shouldn't be needed by applications. Also export a couple of encoder and decoder functions not previously exported. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21969 dc483132-0cff-0310-8789-dd5450dbe970
* define SSIZE_MAX forWindowsKen Raeburn2009-02-111-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21956 dc483132-0cff-0310-8789-dd5450dbe970
* unistd.h is posix onlyKen Raeburn2009-02-111-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21955 dc483132-0cff-0310-8789-dd5450dbe970
* Rename functions from k5_ipc_stream_* to krb5int_ipc_stream_*, because some ↵Ken Raeburn2009-02-091-31/+31
| | | | | | of them will have to be exported git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21938 dc483132-0cff-0310-8789-dd5450dbe970
* Change contract of krb5int_utf8_normalize and fix memory leaksGreg Hudson2009-02-091-2/+2
| | | | | | | | | | | | Make krb5int_utf8_normalize return a krb5_error_code and always allocate a structure to be placed in the output parameter. Adjust the function structure to use a cleanup handler, fixing many memory leaks. ticket: 6378 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21923 dc483132-0cff-0310-8789-dd5450dbe970
* More C++ compatibility: Don't use "typedef struct tag *tag"; renameKen Raeburn2009-02-092-4/+4
| | | | | | the tag and keep the same typedefname. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21918 dc483132-0cff-0310-8789-dd5450dbe970
* C++ compatibility fix -- g++ says "types may not be defined in casts",Ken Raeburn2009-02-091-24/+24
| | | | | | so do the gcc unaligned-struct trick only for C, not C++. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21917 dc483132-0cff-0310-8789-dd5450dbe970
* use casts, for c++ compilation on windowsKen Raeburn2009-02-051-12/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21902 dc483132-0cff-0310-8789-dd5450dbe970
* Create and use (in several places) a variant ofKen Raeburn2009-02-051-0/+3
| | | | | | | krb5int_copy_data_contents that adds a trailing '\0' so the result can be used as a C string. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21893 dc483132-0cff-0310-8789-dd5450dbe970
* declare replacement [v]asprintf functionsKen Raeburn2009-02-051-5/+9
| | | | | | | | | | | | | | | If HAVE_VASPRINTF is not defined, make sure krb5int_{,v}asprintf functions always get declared, applying the preprocessor conditional test only to the GCC format attribute. If HAVE_VASPRINTF is defined, don't declare them at all. This fixes a bunch of function-not-declared warnings under Sun cc. ticket: 6364 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21888 dc483132-0cff-0310-8789-dd5450dbe970
* Use macros for config parametersZhanna Tsitkov2009-02-041-6/+23
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21879 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a whitespace error introduced when fixing a typo in the definesGreg Hudson2009-02-021-1/+1
| | | | | | added to k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21873 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a typo in the defines added to k5-int.hGreg Hudson2009-02-021-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21872 dc483132-0cff-0310-8789-dd5450dbe970
* Introduces macros for config parametersZhanna Tsitkov2009-02-021-0/+77
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21871 dc483132-0cff-0310-8789-dd5450dbe970
* Collect hairy parts of krb5_is_<msgtype> macros into one helper macroKen Raeburn2009-02-021-51/+20
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21869 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 16:57:00 +0000