summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb
Commit message (Collapse)AuthorAgeFilesLines
...
* When setting up to get a TGT for the service realm in the TGS code,Greg Hudson2010-04-201-5/+5
| | | | | | | | | | | | get the cached local TGT before setting up the realm path. Prior to this change, calling krb5_get_credentials() with an empty ccache would result in KRB5_CC_NOTFOUND for a foreign server principal, but would result in KRB5_NO_TKT_IN_REALM (generated by krb5_walk_realm_tree) for a local server principal. With this change, KRB5_CC_NOTFOUND is returned in both cases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23909 dc483132-0cff-0310-8789-dd5450dbe970
* Add KRB5_INIT_CREDS_STEP_FLAG_CONTINUE for parity with Heimdal.Greg Hudson2010-04-203-14/+11
| | | | | | | | Rename KRB5_TKT_CREDS_CONTINUE to KRB5_TKT_CREDS_STEP_FLAG_CONTINUE for consistency. Adjust init_creds context to be less confusing in light of the above. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23906 dc483132-0cff-0310-8789-dd5450dbe970
* Introduce new krb5_tkt_creds APIGreg Hudson2010-04-144-1483/+1105
| | | | | | | | | | | | Merged from branches/iakerb: add new asynchronous krb5_tkt_creds APIs, which allow a caller to take responsibility for transporting requests to the KDC and getting responses back. Rewrite the existing krb5_get_credentials API in terms of the new functions. Get rid of krb5_get_cred_from_kdc and friends, since they are no longer used. ticket: 6700 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23900 dc483132-0cff-0310-8789-dd5450dbe970
* Validate and renew should work on non-TGT credsGreg Hudson2010-04-133-151/+197
| | | | | | | | | | | | | The validate and renew APIs were using get_cred_from_kdc, which always presents a TGT to get credentials. Instead, they should present the ticket they are trying to validate or renew. This is most easily done with krb5_get_cred_via_tkt(). Move the relevant code into a new file since it now has nothing in common with the other APIs implemented in get_creds.c. ticket: 6699 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23891 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5int_send_tgs(); it is unused as of r23358Greg Hudson2010-04-083-90/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23881 dc483132-0cff-0310-8789-dd5450dbe970
* Fix backwards flag output in krb5_init_creds_step()Greg Hudson2010-03-291-2/+2
| | | | | | | | | | | | krb5_init_creds_step() is taken from Heimdal, which sets *flags to 1 for "continue" and 0 for "stop". Unfortunately, we got it backwards in 1.8; fix it for 1.8.1. ticket: 6693 tags: pullup target_version: 1.8.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23844 dc483132-0cff-0310-8789-dd5450dbe970
* In gc_frm_kdc.c, rename cur_kdc to cur_realm and nxt_kdc to nxt_realm,Greg Hudson2010-03-261-67/+70
| | | | | | | | | | to make it easier to distinguish them from cur_tgt and nxt_tgt. Make similar name changes to lst_kdc and kdc_list, as well as the function find_nxt_kdc(). No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23837 dc483132-0cff-0310-8789-dd5450dbe970
* Include int-proto.h in mk_req_ext.c for krb5int_validate_timesGreg Hudson2010-03-181-0/+1
| | | | | | declaration. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23818 dc483132-0cff-0310-8789-dd5450dbe970
* When checking for KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT, don'tGreg Hudson2010-03-171-1/+1
| | | | | | | | | | dereference options if it's NULL. ticket: 6681 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23815 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_fast_free_state segfaults if state is nullSam Hartman2010-02-091-0/+2
| | | | | | | | | | | | | krb5int_fast_free_state fails if state is null. INstead it should simply return Reorganization of the get_init_creds logic has created situations where the init_creds loop can fail between the time when the context is initialized and the fast state is initialized. ticket: 6657 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23713 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up error handling in krb5int_make_tgs_request_ext, closing someGreg Hudson2010-02-021-60/+41
| | | | | | unlikely memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23682 dc483132-0cff-0310-8789-dd5450dbe970
* set_default_enctype_var should filter not reject weak enctypesTom Yu2010-02-012-32/+105
| | | | | | | | | | | | | | | | | | With allow_weak_crypto=false, set_default_enctype_var() (helper function for krb5_set_default_tgs_enctypes(), etc.) was rejecting any application-provided enctype list that contained any weak enctype even when valid strong enctypes were present. This broke some Samba things. Filter the weak enctypes instead. Add test cases. Reported to Debian by Holger Isenberg. (Debian bug #566977) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977 Thanks to Simo Sorce for testing. ticket: 6653 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23681 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of kdb_ext.h and allow out-of-tree KDB pluginsGreg Hudson2010-01-271-19/+66
| | | | | | | | | | | | | Move the contents of kdb_ext.h into kdb.h, since there is no meaningful "extensions" category of DB interfaces now that this stuff is in our tree. Allows out-of-tree KDB plugins to be built since we install kdb.h. ticket: 6649 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23674 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Arlene Berry to plug a memory leakTom Yu2010-01-261-1/+3
| | | | | | | | ticket: 6599 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23672 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_allow_weak_crypto APIGreg Hudson2010-01-192-0/+39
| | | | | | | | | | | | Add an API to allow apps to override the profile setting of allow_weak_crypto, so that aklog can work with krb5 1.8 out of the box until OpenAFS finishes migrating away from DES. ticket: 6645 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23663 dc483132-0cff-0310-8789-dd5450dbe970
* Use keyed checksum type for DES FASTGreg Hudson2010-01-121-0/+3
| | | | | | | | | | | | DES enctypes have unkeyed mandatory-to-implement checksums. Since FAST requires a keyed checksum, we must pick something else in that case. ticket: 6633 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23629 dc483132-0cff-0310-8789-dd5450dbe970
* Group together the funtions related to the supplying options to preauth ↵Zhanna Tsitkov2010-01-114-125/+159
| | | | | | | | plugin modules. Also, removed krb5int_ prefix from the names of some static functions in gic_opt.c.s git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23625 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5_authdata_export_authdata into the separate file for better code ↵Zhanna Tsitkov2010-01-103-65/+99
| | | | | | modularity git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23623 dc483132-0cff-0310-8789-dd5450dbe970
* Move kdc related functionality from pac.c into pac_sign.cZhanna Tsitkov2010-01-084-301/+357
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23613 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5_auth_con_getauthenticator into copy_athctr.c as a better logical ↵Zhanna Tsitkov2010-01-072-9/+41
| | | | | | location git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23606 dc483132-0cff-0310-8789-dd5450dbe970
* Make preauth_module_dir override, rather than supplement, theGreg Hudson2010-01-071-33/+10
| | | | | | | built-in path list, to avoid problems with running the same preauth module twice. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23602 dc483132-0cff-0310-8789-dd5450dbe970
* Add miising files from rev #23593Zhanna Tsitkov2010-01-072-0/+405
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23600 dc483132-0cff-0310-8789-dd5450dbe970
* Divide copy_auth.c into three files based on the functionality. Namely, Zhanna Tsitkov2010-01-065-321/+45
| | | | | | | | 1. copy/merge authdata 2. KDC related encode authdata 3. decode authdata git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23593 dc483132-0cff-0310-8789-dd5450dbe970
* Since krb5int_validate_times is used only inside krb dir do not export it ↵Zhanna Tsitkov2010-01-062-0/+4
| | | | | | and move its prototype into int-proto.h git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23592 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_validate_times into krb5int_validate_times as it is internal ↵Zhanna Tsitkov2010-01-053-4/+4
| | | | | | function git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23591 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5int_tgtname into krb5_tgtname as an internal functionZhanna Tsitkov2010-01-056-15/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23590 dc483132-0cff-0310-8789-dd5450dbe970
* disable weak crypto by defaultTom Yu2010-01-052-1/+4
| | | | | | | | | Set allow_weak_crypto=false by default. Set default master key enctype to sha256. Adjust test suite to compensate. ticket: 6621 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
* Don't accept AS replies encrypted in enctypes other than the ones weGreg Hudson2010-01-041-0/+18
| | | | | | asked for. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23577 dc483132-0cff-0310-8789-dd5450dbe970
* For the better code modularity keep some "free" routines closer to the ↵Zhanna Tsitkov2010-01-044-125/+78
| | | | | | resource allocators. Also, reindent cleanup in the touched files git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23576 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-01-031-3/+58
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23575 dc483132-0cff-0310-8789-dd5450dbe970
* Use krb5int_count_etypes in rd_req_decoded_optGreg Hudson2010-01-021-4/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23567 dc483132-0cff-0310-8789-dd5450dbe970
* Factor out copying and counting of zero-terminated enctype lists intoGreg Hudson2010-01-018-99/+100
| | | | | | a new file src/lib/krb5/krb/etype_list.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23565 dc483132-0cff-0310-8789-dd5450dbe970
* Include os-proto.h for _krb5_conf_boolean prototype before declarationEzra Peisach2009-12-301-0/+2
| | | | | | of function. (gcc warning) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23547 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the krb5_set_default_in_tkt_ktypes andGreg Hudson2009-12-301-7/+0
| | | | | | | krb5_set_default_tgs_ktypes during context initialization, as they weren't doing anything. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23545 dc483132-0cff-0310-8789-dd5450dbe970
* Create a separate file for krb5_copy_context for better code modularityZhanna Tsitkov2009-12-293-63/+141
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23538 dc483132-0cff-0310-8789-dd5450dbe970
* Functions in enc_helper.c serve different code blocks. Split themZhanna Tsitkov2009-12-293-27/+70
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23535 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new profile variable preauth_module_dir, which specifiesGreg Hudson2009-12-281-5/+48
| | | | | | | | directories to look for preauth plugins in prior to the hardcoded locations. Undocumented for now since, like db_module_dir, this is mostly intended for the test suite. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23531 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5_get_profile back to init_os_ctx.c for now and revert r23519.Greg Hudson2009-12-282-8/+1
| | | | | | | | At this time we link t_etypes against init_ctx.so during "make check", which breaks if init_ctx contains reference to the profile library. More general solutions to this problem are under discussion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23530 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-283-29/+36
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-284-10/+147
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* Include prof_int.h in init_ctx.c instead of init_os_ctx.c,Ken Raeburn2009-12-282-1/+2
| | | | | | corresponding to the moved use of profile_copy in r23484. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23519 dc483132-0cff-0310-8789-dd5450dbe970
* Code modularity related updatesZhanna Tsitkov2009-12-239-235/+309
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23484 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5_ prefix from some static func namesZhanna Tsitkov2009-12-229-102/+111
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23483 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixesGreg Hudson2009-12-161-7/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23477 dc483132-0cff-0310-8789-dd5450dbe970
* On Luke's advice, remove krb5_init_creds_store_creds. It is not aGreg Hudson2009-12-151-11/+0
| | | | | | | Heimdal API and its functionality is covered by krb5_get_init_creds_opt_set_out_ccache. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23469 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of the requirement of defining MAX_ENCTYPE inGreg Hudson2009-12-151-36/+56
| | | | | | | krb5int_parse_enctype_list, at the cost of making repeated realloc() calls during parsing. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23468 dc483132-0cff-0310-8789-dd5450dbe970
* Formatining enhancementZhanna Tsitkov2009-12-151-11/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23467 dc483132-0cff-0310-8789-dd5450dbe970
* fast negotiation projecSam Hartman2009-12-145-104/+400
| | | | | | | | | | | | | | | | Merge branches/fast-negotiate into trunk. This implements http://k5wiki.kerberos.org/wiki/Projects/Fast_negotiation Additional changes: * krb5_c_make_checksum with checksum type 0 uses mandatory checksum for given key enctype Conflicts: src/lib/crypto/krb/make_checksum.c ticket: 6595 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23465 dc483132-0cff-0310-8789-dd5450dbe970
* Change file holder for krb5int_check_clockskew. Minor Style changes per code ↵Zhanna Tsitkov2009-12-091-41/+25
| | | | | | practices git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23460 dc483132-0cff-0310-8789-dd5450dbe970
* handle negative enctypes betterTom Yu2009-12-071-2/+3
| | | | | | | | | | | krb5_dbe_def_search_enctype and krb5int_parse_enctype_list were making assumptions that enctype numbers are positive. Potentially more code makes this assumption, but these appear to be the major ones. ticket: 6592 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23454 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 15:46:34 +0000