summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb
Commit message (Collapse)AuthorAgeFilesLines
...
* Big step towards integrating libkrb524 into libkrb5:Ken Raeburn2003-05-245-0/+438
| | | | | | | | | | | | | | | | | | | | | | | Move libkrb524 code, including error table, into libkrb5. Now libkrb5 initialization pulls in the krb524 error table, so krb524_init_ets is gone; all calls deleted. Move krb4 life/time conversion functions into libkrb5 under new names, using accessor hooks to get at them from libkrb4. Move declarations from krb524.h into krb5.h, k5-int.h, or krb524d.h; the last doesn't get copied into the include directory. Changed inclusions of krb524.h to the appropriate files, if any were needed. Rebuilt dependencies in Makefiles. These changes are likely to break the Windows build; I'll look into that soon. ticket: 1491 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15491 dc483132-0cff-0310-8789-dd5450dbe970
* make-depend updatesKen Raeburn2003-05-241-267/+257
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15490 dc483132-0cff-0310-8789-dd5450dbe970
* use kdc_default_optionsSam Hartman2003-05-232-1/+5
| | | | | | | | | | | The documentation and context initialization supports an option called kdc_default_options which is an integer that sets the default KDC request flags. Make the code actually use the option. Ticket: new Component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15485 dc483132-0cff-0310-8789-dd5450dbe970
* * gen_seqnum.c (krb5_generate_seq_number): Fix think-o on sequenceTom Yu2003-05-232-1/+4
| | | | | | | | | number mask. ticket: 1262 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15480 dc483132-0cff-0310-8789-dd5450dbe970
* Implement heuristic for matching broken Heimdal sequence number encodingsTom Yu2003-05-235-2/+184
| | | | | | | | | ticket: 1263 target_version: 1.3 tags: pullup status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15479 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_populate_gic_opt should return voidSam Hartman2003-05-222-1/+5
| | | | | | | | | | | Since none of the functions it calls can return an error, this should return void. Ticket: new Target_Version: 1.3 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15465 dc483132-0cff-0310-8789-dd5450dbe970
* Set length correctly in krb5_get_in_tkt_with_password if password isTom Yu2003-05-212-4/+11
| | | | | | | | | | actually passed in. Also, fix test suite to be more lenient about password prompts, which changed under the previous patches for this ticket. ticket: 1480 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15463 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_in_tkt now only supports old (non-etype-info2) enctypesSam Hartman2003-05-202-1/+18
| | | | | | | Ticket: 1480 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15462 dc483132-0cff-0310-8789-dd5450dbe970
* Implement krb5_get_in_tkt_with_password andSam Hartman2003-05-207-257/+155
| | | | | | | | | | | | krb5_get_in_tkt_with_keytab in terms of krb5_get_init_creds. It turns out that these do in fact need to use get_init_creds not get_init_creds_{password,keytab} because of those functions do not allow the AS request to be returned. Ticket: 1480 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15461 dc483132-0cff-0310-8789-dd5450dbe970
* Sequence numbers are now unsigned. Implement lenient parser forTom Yu2003-05-183-4/+26
| | | | | | | | | | | sequence numbers which folds received negative sequence numbers into positive unsigned numbers. Constrain the space of initial sequence numbers to facilitate backwards compatibility. ticket: 1262 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15457 dc483132-0cff-0310-8789-dd5450dbe970
* * chpw.c (krb5int_rd_chpw_rep): Allow new kpasswd error codes up throughKen Raeburn2003-05-172-1/+4
| | | | | | | | | _INITIAL_FLAG_NEEDED. ticket: 1441 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15455 dc483132-0cff-0310-8789-dd5450dbe970
* * ser_ctx.c (krb5_context_internalize): Copy read-in OS context data intoKen Raeburn2003-05-172-6/+22
| | | | | | | | | krb5_context and free up the newly allocated OS context. ticket: 1497 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15453 dc483132-0cff-0310-8789-dd5450dbe970
* Try forwarding with no enctype restriction if forwarding with anSam Hartman2003-05-132-3/+12
| | | | | | | | enctype restriction fails. This is sufficient for 1.3. Ticket: 1473 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15431 dc483132-0cff-0310-8789-dd5450dbe970
* Fix minor error in previous commit that broke v4 saltsSam Hartman2003-05-131-1/+1
| | | | | | | Ticket: 1470 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15426 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leaks and double frees in preauth2.cSam Hartman2003-05-134-42/+81
| | | | | | | Ticket: 1470 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15425 dc483132-0cff-0310-8789-dd5450dbe970
* * IMplement etype_info in KDC. If the request contains any newSam Hartman2003-05-125-88/+88
| | | | | | | | | | | | | | | | | | | | enctypes (currently AES but anything not explicitly listed as old) then only etype_info2 is sent back in response. Send back etype_info2 all the time. Also send back etype_info2 to provide salt and s2kparams with AS reply not just for preauth errors. * Expose interface for getting string2key with parameters (previously implemented but not exported) * IN the client (at least for get_init_creds interface) prfer etype_info2 to etype_info and pw_salt. Pass s2kparams and use string2key_with_params. Ticket: 1454 Status: open Target_Version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15412 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new krb5_context field for the config-file tgs_enctypes, whichKen Raeburn2003-05-103-23/+57
| | | | | | | | | | | applications cannot override, and use it for ticket-granting tickets needed to acquire some desired service ticket. ticket: 1429 tags: pullup status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15411 dc483132-0cff-0310-8789-dd5450dbe970
* punt leftover conflict markersTom Yu2003-05-101-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15410 dc483132-0cff-0310-8789-dd5450dbe970
* Rename the local_subkey and remote_subkey fields in the auth_contextTom Yu2003-05-1014-71/+176
| | | | | | | | | | | | | | | | | to send_subkey and recv_subkey, respectively. Add new APIs to query and set these fields. Change the behavior of mk_req_ext, rd_req_dec, and rd_rep to set both subkeys. Applications wanting to set unidirectional subkeys may still do so by saving the values of subkeys and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the send_subkey. ticket: 1415 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
* Fix typoSam Hartman2003-05-061-1/+1
| | | | | | | Ticket: 1454 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15394 dc483132-0cff-0310-8789-dd5450dbe970
* Implement encoders for etype_info2 and add support to s2kparams forSam Hartman2003-05-062-0/+5
| | | | | | | | | decoders. Ticket: 1454 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15393 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_setpw_result_string should be internalSam Hartman2003-04-272-2/+6
| | | | | | | | | | | | | Make krb5_setpw_result_string a krb5int_ function prototyped in k5-int.h. The prototype was already there, but the code did not match the function name. This needs to be pulled up to the release branch to fix Windows build because of a KRB5_CALLCONV issue. ticket: new Tags: pullup Target_Version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15375 dc483132-0cff-0310-8789-dd5450dbe970
* Implementation of Microsoft set password client library code providedSam Hartman2003-04-252-4/+298
| | | | | | | | | | by Paul Nelson. Ticket: 1377 Status: open Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15373 dc483132-0cff-0310-8789-dd5450dbe970
* * kfree.c (krb5_free_pwd_sequences): Correction to previousEzra Peisach2003-04-242-2/+7
| | | | | | | | fix. Free contents of krb5_data - not just the pointer. ticket: 1439 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15369 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_free_pwd_sequences only frees first elementEzra Peisach2003-04-232-7/+18
| | | | | | | | | | | | | | | | * kfree.c (krb5_free_pwd_sequences): Actually free the entire sequence of passwd_phase_elements and not just the first one. In our tree, this code is only used by krb5_free_pwd_data() which is subsequently not used anywhere else. Perhaps all code pertaining to pwd data (asn.1 decoders, encoders, etc. should be removed) ticket: new component: krb5-libs target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15364 dc483132-0cff-0310-8789-dd5450dbe970
* Note to self: Save buffers before checkin, not after. GrrKen Raeburn2003-04-181-1/+5
| | | | | | | ticket: 1418 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15360 dc483132-0cff-0310-8789-dd5450dbe970
* fix typoKen Raeburn2003-04-181-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15359 dc483132-0cff-0310-8789-dd5450dbe970
* * init_ctx.c (DEFAULT_ETYPE_LIST): Add AES with 256 bits at the front of theKen Raeburn2003-04-182-0/+6
| | | | | | | | | list. No 128-bit support by defaut. ticket: 1418 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15358 dc483132-0cff-0310-8789-dd5450dbe970
* * unparse.c (krb5_unparse_name_ext): Don't move buffer pointer backwards ifKen Raeburn2003-04-012-1/+5
| | | | | | | | nothing has been put into the buffer yet. ticket: 1397 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15314 dc483132-0cff-0310-8789-dd5450dbe970
* Red Hat's krb5_princ_size fixesKen Raeburn2003-04-014-4/+23
| | | | | | | | ticket: 1397 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15312 dc483132-0cff-0310-8789-dd5450dbe970
* If the auth context does not have the DO_TIME flag set and no replaySam Hartman2003-04-012-1/+8
| | | | | | | | | cache is available, do not generate one. ticket: 1400 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15311 dc483132-0cff-0310-8789-dd5450dbe970
* * t_kerb.c: Only include krb.h if krb4 support compiled in,Ezra Peisach2003-03-092-0/+12
| | | | | | otherwise define ANAME_SZ, INST_SZ and REALM_SZ. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15271 dc483132-0cff-0310-8789-dd5450dbe970
* * preauth2.c (pa_sam_2): Add intermediate size_t variable to holdTom Yu2003-03-062-1/+8
| | | | | | | | output of krb5_c_encrypt_length(). ticket: 1373 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15264 dc483132-0cff-0310-8789-dd5450dbe970
* * appdefault.c: Fix constness to avoid warning. * init_ctx.c: Do the same ↵Alexandra Ellwood2003-03-064-3/+11
| | | | | | stuff on the Mac as on Unix. * preauth2.c: Added cast to fix warning git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15258 dc483132-0cff-0310-8789-dd5450dbe970
* * srv_rcache.c (krb5_get_server_rcache): Fix missedTom Yu2003-03-052-1/+6
| | | | | | isinvalidrcname -> isvalidrcname. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15224 dc483132-0cff-0310-8789-dd5450dbe970
* Fix rcache character test introduced in last commitSam Hartman2003-03-051-2/+2
| | | | | | Ticket: 1370 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15222 dc483132-0cff-0310-8789-dd5450dbe970
* GSS_C_NO_CREDENTIAL should accept any principalSam Hartman2003-03-043-2/+13
| | | | | | | | | | | | | | | | If a context is accepted with GSS_C_NO_CREDENTIAL or if a credential is acquired with GSS_C_NO_NAME as the acceptor name then allow any principal in the keytab to be used as the acceptor name. This means that gss_inquire_cred can return GSS_C_NO_NAME from a credential. ticket: new Tags: enhancement cc: nicolas.williams@sun.com cc: krbdev@mit.edu git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15218 dc483132-0cff-0310-8789-dd5450dbe970
* Handle NULL result_string->data returned from error inTom Yu2003-02-252-2/+8
| | | | | | | | | | | | krb5_change_password(). The SAMDATA() macro in lib/krb5/krb/preauth2.c seems to already be fixed. KfM's kpasswd equivalent still needs to be dealt with. ticket: 1055 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15204 dc483132-0cff-0310-8789-dd5450dbe970
* Fix typo pointed out by jenselby in doc passSam Hartman2003-02-241-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15200 dc483132-0cff-0310-8789-dd5450dbe970
* The client sorts the enctype list returned by etype_info orderingSam Hartman2003-02-152-1/+77
| | | | | | | | | | | | enctypes that it requested or that are similar to ones it requested first. The KDC only includes enctypes in etype_info if they were requested by the client. ticket: 1006 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15191 dc483132-0cff-0310-8789-dd5450dbe970
* Fix double free of AS keySam Hartman2003-02-132-1/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15188 dc483132-0cff-0310-8789-dd5450dbe970
* Support credentials encrypted in the session key rather thanSam Hartman2003-02-112-4/+25
| | | | | | the subsession key. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15181 dc483132-0cff-0310-8789-dd5450dbe970
* Get addressless tickets by defaultSam Hartman2003-02-042-2/+6
| | | | | | | | | By default Kerberos obtains addressless tickets. ticket: new Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15150 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak in krb5_send_tgs()Ezra Peisach2003-01-122-0/+6
| | | | | | | | * send_tgs.c (krb5_send_tgs): Free memory leak of TGS_REQ. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15115 dc483132-0cff-0310-8789-dd5450dbe970
* Use markers in Makefile.in rather than rules in configure.in to indicate whenKen Raeburn2003-01-102-0/+7
| | | | | | | | to use the lib.in and libobj.in makefile fragments. Pushing this per-directory info into Makefile.in will make it a little easier to work on combining configure scripts for multiple directories. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15107 dc483132-0cff-0310-8789-dd5450dbe970
* Patch to get new service tickets in preference to using expiredSam Hartman2003-01-102-1/+15
| | | | | | | | service tickets in krb5_get_credentials. Ticket: 1260 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15106 dc483132-0cff-0310-8789-dd5450dbe970
* Previously fwd_tgt_creds required either that the hostname be passedSam Hartman2003-01-082-14/+25
| | | | | | | | | | | in or that the principal be a host-based service. This means you cannot for example forward tickets to a GSSAPI user-based service. The requirement to get the hostname is only needed in cases where addressless tickets are not used. So when addressless tickets are used, do not require the hostname. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15099 dc483132-0cff-0310-8789-dd5450dbe970
* * appdefault.c (conf_yes, conf_no): Now constKen Raeburn2003-01-082-2/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15093 dc483132-0cff-0310-8789-dd5450dbe970
* For new encryption types and for RC4, encrypt the krb_cred message inSam Hartman2003-01-082-9/+10
| | | | | | | | | | the initial gssapi token if credentials are being delegated. For consistency with Microsoft, we encrypt the credentials using the session key not the subsession key. Ticket: 1054 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15091 dc483132-0cff-0310-8789-dd5450dbe970
* Fix logic error in previous patch that broke gss_init_sec_contextSam Hartman2003-01-072-9/+14
| | | | | | | ticket: 1054 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15087 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-30 01:46:06 +0000