| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Use a proper cipher state in the auth context structure, and free it
when the auth context is freed. Simplify mk_priv/rd_priv accordingly.
|
|
|
|
|
|
| |
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the
krb5_k_* APIs to use them, and caching of derived keys when krb5_k_*
functions are used. Updates the krb5 auth context and GSS id-rec to
use krb5_keys.
ticket: 6576
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming
extensions and verification of authorization data.
ticket: 6572
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
ticket: 1263
target_version: 1.3
tags: pullup
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15479 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
sequence numbers which folds received negative sequence numbers into
positive unsigned numbers. Constrain the space of initial sequence
numbers to facilitate backwards compatibility.
ticket: 1262
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15457 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to send_subkey and recv_subkey, respectively. Add new APIs to query
and set these fields. Change the behavior of mk_req_ext, rd_req_dec,
and rd_rep to set both subkeys. Applications wanting to set
unidirectional subkeys may still do so by saving the values of subkeys
and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use
the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the
send_subkey.
ticket: 1415
status: open
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
callback to specify the data to be checksummed by krb5_mk_req after
the auth_context has been set up. Mainly useful for GSSAPI.
Ticket: 1054
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15084 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_context_internalize): Add missing fields from the serialized
context: clockskew, default_kdc_req_sumtype, default_ap_req_sumtype,
default_safe_sumtype, kdc_default_options, library_options,
profile_secure, fcc_default_format, scc_default_format.
ser_actx.c (krb5_auth_context_size, krb5_auth_context_externalize,
krb5_auth_context_internalize): Serialize the two fields req_cksumtype
and safe_cksumtype, instead of the one cksumtype field.
mk_safe.c (krb_mk_safe): Use safe_cksumtype instead of cksumtype in
the auth context.
mk_req_ext.c (krb5_mk_req_extended): Use req_cksumtype instead of
cksumtype in the auth context.
init_ctx.c (krb5_init_context): Add support for new profile
relations libdefaults/tkt_lifetime, libdefaults/kdc_req_checksum_type,
libdefaults/ap_req_cksumtype, libdefaults/safe_checksumtype, and
libdefaults/kdc_default_options.
auth_con.h: Remove old cksumtype element, and replace it with
req_cksumtype and safe_cksumtype.
auth_con.c (krb5_auth_con_init): Initialize the req_cksumtype and
safe_cksumtype from the context's default req_cksumtype and
safe_cksumtype. (krb5_auth_con_set_req_cksumtype,
krb5_auth_con_set_safe_cksumtype): New functions, to replace old
krb5_auth_con_setcksumtype
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8017 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6618 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Free all the data associated with the auth_context.
* auth_con.c (krb5_auth_con_setkey()) : Removed.
* mk_rep.c (mk_rep()),
The krb5_mk_rep() routine must always encode the data in
the keyblock of the ticket, not the subkey.
* cleanup.h, auth_con.c (krb5_auth_con_setports()) : Added.
* auth_con.h, mk_cred.c (mk_cred()), mk_priv.c (mk_priv()),
* mk_safe.c (mk_safe()), rd_cred.c (rd_cred()),
* rd_priv.c (rd_priv()), rd_safe.c (rd_safe()) :
Changes to auth_context to better support full addresses.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5677 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* auth_con.c: Default cksumtype is now CKSUMTYPE_RSA_MD4_DES.
* auth_con.c: Added krb5_auth_con_setuseruserkey(),
krb5_auth_con_getkey(),
krb5_auth_con_getremotesubkey(),
krb5_auth_con_getauthenticator(),
krb5_auth_con_getremoteseqnumber(),
krb5_auth_con_initivector().
* auth_con.c: Fixed krb5_auth_con_getlocalsubkey() to check for
a valid local_subkey before calling krb5_copy_keyblock().
* auth_con.h: Fixed some comments.
* mk_req_ext.c (krb5_mk_req_extended()): Always pass in a seed
(the keyblock contents) to krb5_calculate_checksum()
* rd_rep.c (krb5_rd_rep()): Use appropriate key to decode reply.
* rd_safe.c (krb5_rd_safe()): Don't pass checksum to
krb5_rd_safe_basic(), it's unnecessary.
* compat_recv.c (krb5_compat_recvauth()):
* mk_rep.c (krb5_mk_rep()):
* rd_req.c (krb5_rd_req()):
* rd_req_dec.c (krb5_rd_req_decode()):
* recvauth.c (krb5_recvauth()):
Added a krb5_auth_context argument and eliminated many of
the other arguments because they are included in the
krb5_auth_context structure.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5265 dc483132-0cff-0310-8789-dd5450dbe970
|
|
support routines.
* mk_req.c (krb5_mk_req())
* mk_req_ext.c (krb5_mk_req_extended())
* rd_rep.c (krb5_rd_rep())
* sendauth.c (krb5_sendauth())
* mk_priv.c (krb5_mk_priv())
* mk_safe.c (krb5_mk_safe())
* rd_priv.c (krb5_rd_priv())
* rd_safe.c (krb5_rd_safe())
Added a krb5_auth_context argument and eliminated many of
the other arguments because they are included in the
krb5_auth_context structure.
* send_tgs.c (krb5_send_tgs()) Eliminate call to krb5_mk_req_extended(),
which does far more than krb5_send_tgs() needs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5099 dc483132-0cff-0310-8789-dd5450dbe970
|