summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* * afsstring2key.c (krb5_afs_encrypt): Drop EDFLAG as an argument, make it localKen Raeburn2004-02-172-4/+23
| | | | | | | | instead, since we always pass 0. (afs_crypt): Call changed. (krb5_afs_crypt_setkey, krb5_afs_encrypt): Use memcpy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16094 dc483132-0cff-0310-8789-dd5450dbe970
* Don't specify defaults for GET{PEER,SOCK}NAME_ARG{2,3}_TYPE macrosKen Raeburn2004-02-144-26/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16082 dc483132-0cff-0310-8789-dd5450dbe970
* * t_encrypt.c (compare_results): New function.Ken Raeburn2004-02-133-8/+57
| | | | | | | | | | | | (main): Use it to check decryption results against the original plaintext. When testing with cipher state, encrypt and then decrypt (and verify) two messages. * Makefile.in (t_encrypt$(EXEEXT)): Depend on CRYPTO_DEPLIB. ticket: 2229 status: resolved tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16079 dc483132-0cff-0310-8789-dd5450dbe970
* * dk_decrypt.c (krb5_dk_decrypt_maybe_trunc_hmac): New argument IVEC_MODE. IfKen Raeburn2004-02-133-11/+48
| | | | | | | | | | | | clear, same old behavior. If set, copy out next to last block for CTS. (krb5_dk_decrypt, krb5int_aes_dk_decrypt): Pass extra argument. * dk_encrypt.c (krb5int_aes_dk_encrypt): For IV, copy out next to last block for CTS. ticket: 2229 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16077 dc483132-0cff-0310-8789-dd5450dbe970
* Change PRIOCNTL_HACK code to use "==" rather than "eq", as "eq" is notTom Yu2004-02-134-6/+16
| | | | | | | | | | available in tcl-8.3. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16071 dc483132-0cff-0310-8789-dd5450dbe970
* priocntl workaround for Solaris 9 pty-close bugTom Yu2004-02-139-2/+102
| | | | | | | | | | | | Implement gross hack to use priocntl to work around the Solaris 9 pty-close bug. Run expect at a higher class "FX" priority than spawned processes, which run at a lower class "FX" priority. "make check" needs to start from a process which has FX priority >= 30 and FX priority limit >= 30. Thanks to Bill Sommerfeld for the hints. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16069 dc483132-0cff-0310-8789-dd5450dbe970
* * ser_sctx.c (kg_oid_externalize): Check for errors.Ken Raeburn2004-02-102-49/+154
| | | | | | | | | | | | | | | | (kg_oid_internalize): Check for errors. Free allocated storage on error. (kg_queue_externalize): Check for errorrs. (kg_queue_internalize): Check for errors. Free allocated storage on error. (kg_ctx_size): Update for new context data. (kg_ctx_externalize): Update for new context data. Check for error storing trailer. (kg_ctx_internalize): Update for new context data. Check for errors in a few more cases. ticket: 2166 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16050 dc483132-0cff-0310-8789-dd5450dbe970
* Call htons for default port of password serverSam Hartman2004-02-092-1/+5
| | | | | | | Ticket: 2171 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16047 dc483132-0cff-0310-8789-dd5450dbe970
* * util_ordering.c (g_queue_externalize, g_queue_internalize): Check forKen Raeburn2004-02-092-0/+9
| | | | | | | | | sufficient buffer space. ticket: 2166 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16040 dc483132-0cff-0310-8789-dd5450dbe970
* * t_cts.c (test_cts): Process encryption and decryption IVs separately, makeKen Raeburn2004-02-092-3/+33
| | | | | | | | | sure they match, and display the value. ticket: 2223 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16039 dc483132-0cff-0310-8789-dd5450dbe970
* * aes.c (krb5int_aes_encrypt, krb5int_aes_decrypt): Copy out value for new IVKen Raeburn2004-02-092-0/+10
| | | | | | | ticket: 2223 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16038 dc483132-0cff-0310-8789-dd5450dbe970
* no license on k5sealv3.cKen Raeburn2004-02-081-2/+28
| | | | | | | | | | Updated copyright notice to include standard license for release. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16028 dc483132-0cff-0310-8789-dd5450dbe970
* Enable aes128-cts for clientSam Hartman2004-02-062-0/+5
| | | | | | | | | | | | | Currently we support aes128-cts but do not enable it by default. It looks like interoperability problems will be created by this decision. So add aes128-cts to the default list of enctypes for client configuration and for permitted_enctypes. Ticket: new Target_Version: 1.3.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16026 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-02-05 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-02-064-7/+24
| | | | | | | | | | | | | | | | | | * gssapiP_krb5.h: remove KG_IMPLFLAGS macro * init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS macro with previous macro definition * accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS macro with new definition. As per 1964 the INTEG and CONF flags are supposed to indicate the availability of the services in the client. By applying the previous definition of KG_IMPLFLAGS the INTEG and CONF flags are always on. This can be a problem because some clients such as Microsoft's Kerberos SSPI allow CONF and INTEG to be used independently. By forcing the flags on, we would end up with inconsist state with the client. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16022 dc483132-0cff-0310-8789-dd5450dbe970
* Remove reference to the ntstatus.h header in cc_mslsa.cJeffrey Altman2004-02-042-1/+6
| | | | | | | | | | | This header is not present in the August 2001 Platform SDK which is the current minimum SDK version. ticket: new tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16020 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-02-02 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-02-032-1/+22
| | | | | | | | | | | | | | | | | | * cc_msla.c: GetMSCacheTicketFromCacheInfo() uses the tktinfo->TicketFlags as the value to assign to TicketRequest->TicketFlags. This field is blindly inserted into the kdc-options[0] field of the TGS_REQ. If there are bits such as TRANSIT_POLICY_CHECKED in the TicketFlags, this will result in an unknown TGS_OPTION being processed by the KDC. This has been fixed by mapping the Ticket Flags to KDC options. We only map Forwardable, Forwarded, Proxiable, and Renewable. The others should not be used. ticket: 2190 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16013 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: the MSLSA code was crashing on Pismere machines whenJeffrey Altman2004-02-022-10/+36
| | | | | | | | | | | | | | | | | | | | logging on with cross realm credentials. On these machines there are 8 tickets within the LSA cache from two different realms. One of the krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe processes. The attempt to access the ticket returns a SubStatus code of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that the logon attempt was invalid due to bad authentication information. kerbtray has no problem listing this ticket. The other seven tickets in the cache including the Initial Ticket are accessible. Modified krb5_lcc_next_cred() to skip to the next ticket if an attempt to read a single ticket fails. ticket: 2184 tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15997 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: optimize the get_next logic by storing a handle to theJeffrey Altman2004-02-012-18/+30
| | | | | | | | | | MS TGT in the lcc_cursor data structure ticket:new tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15993 dc483132-0cff-0310-8789-dd5450dbe970
* Do not export tickets from the LSA if they contain NULL session keys.Jeffrey Altman2004-01-312-6/+19
| | | | | | | | | | This is primarily to prevent unusable TGTs from being imported into the MIT Credential Cache ticket: 2153 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15991 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-01-30 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-01-312-20/+98
| | | | | | | | | | | | | | | | | | | | * cc_mslsa.c: As per extensive conversations with Doug Engert we have concluded that MS is not specifying a complete set of domain information when it comes to service tickets other than the initial TGT. What happens is the client principal domain cannot be derived from the fields they export. Code has now been added to obtain the domain from the initial TGT and use that when constructing the client principals for all tickets. This behavior can be turned off by setting a registry either on a per-user or a system-wide basis: {HKCU,HKLM}\Software\MIT\Kerberos5 PreserveInitialTicketIdentity = 0x0 (DWORD) ticket: 2139 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15990 dc483132-0cff-0310-8789-dd5450dbe970
* need more testing support for MSKen Raeburn2004-01-273-3/+43
| | | | | | | | | | | | | | | | | | This should allow use of the CFX_EXERCISE code to better check interoperability of MS and MIT code with regard to future extensibility. * init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't crash on null pointer in debugging code. (new_connection): Disable CFX_EXERCISE unknown-token-id case detection. * accept_sec_context.c (krb5_gss_accept_sec_context) [CFX_EXERCISE]: Log to /tmp/gsslog whether delegation or extra option bytes were present. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15983 dc483132-0cff-0310-8789-dd5450dbe970
* fix typosJeffrey Altman2004-01-073-5/+5
| | | | | | | ticket: 2106 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15975 dc483132-0cff-0310-8789-dd5450dbe970
* Add stub function implementations to support krb5_cc_remove_cred() whichJeffrey Altman2004-01-066-5/+57
| | | | | | | | | | | would cause a null pointer dereference if called. The new KRB5_CC_NOSUPP error is returned to indicate the lack of implementation. ticket: 2106 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15974 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c: Include auth_con.h if CFX_EXERCISE is defined.Ken Raeburn2004-01-053-15/+48
| | | | | | | | | | | | | | | (make_gss_checksum) [CFX_EXERCISE]: If the key enctype is aes256, insert some stuff after the delegation slot. (new_connection) [CFX_EXERCISE]: Don't send messages with bogus token ids. * accept_sec_context.c (krb5_gss_accept_sec_context): Don't discard the delegation flag; only look for a delegation if the flag is set, and only look for delegation, not other options. Ignore any other data there. ticket: 2079 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15964 dc483132-0cff-0310-8789-dd5450dbe970
* move some basic header and function checks from lib/krb5 to includeKen Raeburn2003-12-242-4/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15960 dc483132-0cff-0310-8789-dd5450dbe970
* * dnssrv.c: wrap the entire module in #ifdef KRB5_DNS_LOOKUP to preventJeffrey Altman2003-12-222-0/+7
| | | | | | | | | | | the dependency on the resolver library when DNS functionality is not being compiled into the krb5 library. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15958 dc483132-0cff-0310-8789-dd5450dbe970
* * util_crypt.c (kg_encrypt, kg_decrypt): Input pointer now points to const.Ken Raeburn2003-12-204-5/+12
| | | | | | | * gssapiP_krb5.h: Declarations updated. * util_seed.c (zeros): Now const. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15956 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_generic.c (const_oids): Renamed from oids, and now const.Ken Raeburn2003-12-202-1/+8
| | | | | | (oids): New macro, casts const_oids to non-const pointer for use in initializers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15955 dc483132-0cff-0310-8789-dd5450dbe970
* * realm_iter.c (krb5_realm_iterator_create): Array NAMES is now constKen Raeburn2003-12-202-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15954 dc483132-0cff-0310-8789-dd5450dbe970
* * prompter.c (catch_signals, restore_signals): Take pointer to old signalKen Raeburn2003-12-202-28/+37
| | | | | | | | | | | | handler info as new argument. (osiginfo): New typedef. (setup_tty, restore_tty): Take pointer to old signal handler info and old termios settings as new arguments. (krb5_prompter_posix): Pass the extra arguments, addresses of new automatic variables. (osigint, saveparm): Variables deleted. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15952 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (STLIBOBJS, OBJS, SRCS): Don't build promptusr.cKen Raeburn2003-12-202-8/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15951 dc483132-0cff-0310-8789-dd5450dbe970
* oops. actually do the #undef DEBUGKen Raeburn2003-12-201-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15950 dc483132-0cff-0310-8789-dd5450dbe970
* * sendto_kdc.c (default_debug_handler, put, putstr): Define only if DEBUG isKen Raeburn2003-12-202-1/+11
| | | | | | | | defined. (DEBUG): Don't define. (krb5int_sendtokdc_debug_handler): Initialize to null if DEBUG is not defined. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15949 dc483132-0cff-0310-8789-dd5450dbe970
* * get_in_tkt.c (get_in_tkt_enctypes): Now constKen Raeburn2003-12-202-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15948 dc483132-0cff-0310-8789-dd5450dbe970
* * arcfour.c (l40): Now constKen Raeburn2003-12-202-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15947 dc483132-0cff-0310-8789-dd5450dbe970
* * arcfour.c (arcfour_weakkey1, arcfour_weakkey2, arcfour_weakkeys): Now constKen Raeburn2003-12-202-7/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15946 dc483132-0cff-0310-8789-dd5450dbe970
* Replace the array of 8 mit_des_cblock object 'mit_des_zeroblock' definedKen Raeburn2003-12-2010-10/+23
| | | | | | | locally in multiple files with one defined in f_cbc.c; make it a single element rather than an array. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15945 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c: Include k5-int.h for accessorTom Yu2003-12-192-0/+5
| | | | | | | ticket: 2077 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15944 dc483132-0cff-0310-8789-dd5450dbe970
* ticket 2049Jeffrey Altman2003-12-192-5/+12
| | | | | | fix an incorrect level of indirection for a krb5_creds data structure. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15942 dc483132-0cff-0310-8789-dd5450dbe970
* The new functions krb5int_c_mandatory_cksumtype, krb5_ser_pack_int64,Jeffrey Altman2003-12-198-13/+53
| | | | | | | | | | | | | and krb5_ser_unpack_int64 are considered private. Therefore, in order for them to be used from within gssapi they must be added to the krb5int_accessor mechanism. This allows us to not publicize their existence via exportation on Windows or MacOSX. ticket: new tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15941 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_retr.c: Extract the test to determine if a credential matchesJeffrey Altman2003-12-193-37/+217
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a requested credential according to the specified fields into a private function: krb5int_cc_creds_match_request() * cc_mslsa.c: Extend the functionality of krb5_lcc_retrieve() to perform a MS Kerberos LSA ticket request if there is no matching credential in the cache. The MS Kerberos LSA places the following restriction on what tickets it will place into the LSA cache: tickets obtained by an application request for a specific set of kerberos flags or enctype will not be cached. Therefore, we first make a request with no flags or enctype in the hope that we will be lucky and get the right ones anyway. If not, we make the application's request and return that ticket if it matches the other criteria. Implemented a similar technique for krb5_lcc_store(). Since we can not write to the cache, when a store request is made we instead perform a ticket request through the lsa for a matching credential. If we receive one, we return success. Otherwise, we return the KRB5_CC_READONLY error. With these changes I am now able to operate entirely with the MSLSA ccache as the default cache provided the MS LSA credentials are for the principal I wish to use. Obviously, one cannot change principals while the MSLSA ccache is the default. ticket: 2049 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15939 dc483132-0cff-0310-8789-dd5450dbe970
* * conv_creds.c (krb5int_encode_v4tkt): Zero out unused parts of ticket. Use aKen Raeburn2003-12-162-4/+18
| | | | | | | temorary in case krb5_int32 isn't "int". (decode_v4tkt): Use a temorary in case krb5_int32 isn't "int". git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15936 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2003-12-1532-1116/+1294
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15928 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_msla.c: Enable purging of the MS Kerberos LSA cache when the TGTJeffrey Altman2003-12-152-6/+11
| | | | | | | | | has expired. This will force the LSA to get a new TGT instead of returning the expired version. ticket: 2049 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15924 dc483132-0cff-0310-8789-dd5450dbe970
* * when initiating an enumeration of the ccache contents performJeffrey Altman2003-12-152-0/+13
| | | | | | | | | | a fetch of the TGT. This will trigger an update request by the MS LSA on Windows 2000 and XP which is perfectly willing to allow TGTs to expire. ticket: 2049 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15922 dc483132-0cff-0310-8789-dd5450dbe970
* * krb4_32.def: Remove exports from KfM not yet compiled in KfWJeffrey Altman2003-12-133-7/+23
| | | | | | | | | | | | | | krb_ad_tkt, krb_pw_tkt, kuserok, tkt_string, FSp_xxx * krb5_32.def: Add exports of private functions necessary for building new gssapi32.dll: krb5int_c_mandatory_cksumtype ; PRIVATE GSSAPI k5-int.h krb5_ser_pack_int64 ; PRIVATE GSSAPI k5-int.h krb5_ser_unpack_int64 ; PRIVATE GSSAPI k5-int.h ticket: 2067 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15920 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in: Remove extraneous spaces ..Jeffrey Altman2003-12-131-0/+5
| | | | | | ticket: 2049 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15919 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in: remove extraneous spaces from ##WIN32## commentedJeffrey Altman2003-12-131-2/+2
| | | | | | | | defines for MSLSA_OBJ and MSLSA_SRC ticket: 2049 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15918 dc483132-0cff-0310-8789-dd5450dbe970
* don't limit enctype lists at init timeKen Raeburn2003-12-132-10/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15912 dc483132-0cff-0310-8789-dd5450dbe970
* Add 64-bit sequence number support. Do sequence number ordering tests relativeKen Raeburn2003-12-1315-290/+932
| | | | | | | | | | | | | to the initial value rather than absolute. Support tokens without pseudo-ASN.1 wrappers. Don't restrict enctype lists. Implement CFX token support. With CFX_EXERCISE defined, use random padding, random rotates, and bogus initial tokens, to exercise the associated code paths. ticket: 2040 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15911 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-13 07:33:46 +0000