summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Correct a miscarriage of justice committed by the style policeGreg Hudson2010-10-061-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24437 dc483132-0cff-0310-8789-dd5450dbe970
* Merge users/lhoward/sasl-gs2 to trunkGreg Hudson2010-10-0617-14/+1407
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24436 dc483132-0cff-0310-8789-dd5450dbe970
* Minor comments related changed. Zhanna Tsitkov2010-10-065-6/+35
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24433 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust prototype files for easier extraction of copyright/licenseGreg Hudson2010-10-062-8/+8
| | | | | | statements, per mailing list discussion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24432 dc483132-0cff-0310-8789-dd5450dbe970
* Document that krb5_get_error_message() never returns NULLGreg Hudson2010-10-051-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24430 dc483132-0cff-0310-8789-dd5450dbe970
* CVE-2010-1322 KDC uninitialized pointer crash in authorization data handling ↵Tom Yu2010-10-051-4/+4
| | | | | | | | | | | | | | | | | | | (MITKRB5-SA-2010-006) When the KDC receives certain TGS-REQ messages, it may dereference an uninitialized pointer while processing authorization data, causing a crash, or in rare cases, unauthorized information disclosure, ticket modification, or execution of arbitrary code. The crash may be triggered by legitimate requests. Correctly implement the filtering of authorization data items to avoid leaving uninitialized pointers when omitting items. ticket: 6797 tags: pullup target_version: 1.8.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24429 dc483132-0cff-0310-8789-dd5450dbe970
* Add RUN_SETUP so make check works by setting the proper LD_LIBRARY_PATHEzra Peisach2010-10-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24428 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the NSS PRNG build. Fix the build for non-gmake make. Revert aGreg Hudson2010-10-053-10/+6
| | | | | | no longer necessary change to lib/crypto/krb/Makefile.in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24427 dc483132-0cff-0310-8789-dd5450dbe970
* Constify the name field of a kadm5_hook vtable, since it holds aGreg Hudson2010-10-051-1/+1
| | | | | | string literal. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24426 dc483132-0cff-0310-8789-dd5450dbe970
* Add a name field to the pwqual plugin vtable and log pwqual moduleGreg Hudson2010-10-058-1/+29
| | | | | | rejections. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24425 dc483132-0cff-0310-8789-dd5450dbe970
* Propagate modprinc -unlock from master to slave KDCsGreg Hudson2010-10-0514-32/+203
| | | | | | | | | | | | Create a new tl-data type to hold the time of the last administrative unlock, and factor it into decisions about account lockout. Since tl-data values are propagated from master to slave, this will cause modprinc -unlock operations to reach slave KDCs on the next propagation. ticket: 6795 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
* Add additional NRL copyrightSam Hartman2010-10-051-0/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24423 dc483132-0cff-0310-8789-dd5450dbe970
* Document kadm5_hook interfaceSam Hartman2010-10-052-0/+28
| | | | | | | | * krb5.conf * admin.texinfo * kadm5_hook_plugin.h: document initvt requirement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24422 dc483132-0cff-0310-8789-dd5450dbe970
* Some missed files needed for rev #24420Zhanna Tsitkov2010-10-0520-0/+1541
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24421 dc483132-0cff-0310-8789-dd5450dbe970
* Improves prng code modularity. Introduces fortuna-like prng that can be used ↵Zhanna Tsitkov2010-10-0535-200/+794
| | | | | | | | | in lieu of yarrow. Yarrow stays the default prng while fortuna may be engaged during configuration by using "--with-prng-alg=fortuna" flag. Also, nss crypto backend continues to use its own prng. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24420 dc483132-0cff-0310-8789-dd5450dbe970
* Add mit_afs_string_to_key declarationZhanna Tsitkov2010-10-051-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24419 dc483132-0cff-0310-8789-dd5450dbe970
* Add a missing protototype which was breaking the crypto build with theGreg Hudson2010-10-051-0/+5
| | | | | | NSS back end after r24409. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24418 dc483132-0cff-0310-8789-dd5450dbe970
* Protoize old-style function definitions in kdb5.c and normalizeGreg Hudson2010-10-041-131/+75
| | | | | | formatting of definition headers. No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24417 dc483132-0cff-0310-8789-dd5450dbe970
* Merge branches/nss to trunkGreg Hudson2010-10-0258-19/+3954
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24416 dc483132-0cff-0310-8789-dd5450dbe970
* Copyright statements, whitespace, and other code formattingGreg Hudson2010-10-023-666/+772
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24415 dc483132-0cff-0310-8789-dd5450dbe970
* In the krb5_kuserok implementation, fix an unintentional type changeGreg Hudson2010-10-021-2/+2
| | | | | | | | | to "gobble" (was an int, was accidentally changed to a char) which could result in an infinite loop. ticket: 6792 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24413 dc483132-0cff-0310-8789-dd5450dbe970
* Fix type errors in t_gssextsGreg Hudson2010-10-021-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24412 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate K&R-style function definition headers in t_gssexts.c, andGreg Hudson2010-10-021-18/+10
| | | | | | reformat other definitions according to coding practices. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24411 dc483132-0cff-0310-8789-dd5450dbe970
* Use gss_set_cred_option instead of (undeclared) gssspi_set_cred_optionKen Raeburn2010-10-021-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24410 dc483132-0cff-0310-8789-dd5450dbe970
* Try to require function declarations for GCC, as we already do for theKen Raeburn2010-10-021-2/+12
| | | | | | | | | | | Sun compiler. Change the cache variable name construction to distinguish "=" from "-" in option names. Prefer -Werror-implicit-function-declaration over -Werror=implicit-function-declaration since in some versions of GCC only the former works properly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24409 dc483132-0cff-0310-8789-dd5450dbe970
* Add empty src/plugins/preauth/securid_sam2/deps to allow build to work againTom Yu2010-10-011-0/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24407 dc483132-0cff-0310-8789-dd5450dbe970
* Add an error to be returned by a preauth mechanism indicating that the KDC ↵Sam Hartman2010-10-014-2/+7
| | | | | | | | | | | should not respond to a packet * Do not generate an error response in this case * Drop a TCP connection if we are not going to respond to it. kdc: add KRB5KDC_ERR_DISCARD git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24406 dc483132-0cff-0310-8789-dd5450dbe970
* Initial securid2 support.Sam Hartman2010-10-016-0/+1006
| | | | | | builds but untested git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24405 dc483132-0cff-0310-8789-dd5450dbe970
* Enable sam_challenge_2 encodersSam Hartman2010-10-013-6/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24404 dc483132-0cff-0310-8789-dd5450dbe970
* Remove support for the old pa-sam-challenge and pa-sam-responseSam Hartman2010-10-012-1020/+46
| | | | | | | | | preauth type per discussion on krbdev. The pa-sam-challenge-2 code remains in the client. preauth: remove pa-sam-challenge git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24403 dc483132-0cff-0310-8789-dd5450dbe970
* Implement k5login_directory and k5login_authoritative optionsGreg Hudson2010-10-013-85/+134
| | | | | | | | Add and document two new options for controlling k5login behavior. ticket: 6792 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24402 dc483132-0cff-0310-8789-dd5450dbe970
* Add a simple test harness for kuserok. Build it during make check butGreg Hudson2010-10-012-2/+66
| | | | | | don't run any automated tests for the moment. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24401 dc483132-0cff-0310-8789-dd5450dbe970
* A cleaner impleentation of r24399 which adds two new auth context APIsGreg Hudson2010-10-014-4/+35
| | | | | | | | | (and is therefore less suitable for backporting to 1.8) but doesn't reach inside the auth context structure in the krb5 mechanism code. ticket: 6768 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24400 dc483132-0cff-0310-8789-dd5450dbe970
* GSSAPI forwarded credentials must be encrypted in session keyGreg Hudson2010-10-011-3/+11
| | | | | | | | | | | | | | | When IAKERB support was added, the krb5_mk_req checksum function gained access to the send subkey. This caused GSSAPI forwarded credentials to be encrypted in the subkey, which violates RFC 4121 section 4.1.1 and is not accepted by Microsoft's implementation. Temporarily null out the send subkey in the auth context so that krb5_mk_ncred uses the session key instead. ticket: 6768 target_version: 1.8.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24399 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-09-303-15/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24393 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-09-303-60/+47
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24392 dc483132-0cff-0310-8789-dd5450dbe970
* Use a different construction for defaulting ks_tuple and n_ks_tuple inGreg Hudson2010-09-301-33/+31
| | | | | | | the libkadm5 server principal routines, to avoid repeated conditional expressions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24391 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace and minor style changesGreg Hudson2010-09-303-23/+28
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24390 dc483132-0cff-0310-8789-dd5450dbe970
* Follow-on to r24258: initialize the new k5e1 error table where weGreg Hudson2010-09-293-0/+4
| | | | | | | | initialize the krb5 error table, and add initialize_k5e1_error_table to the libkrb5 exports list for consistency with the other error tables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24378 dc483132-0cff-0310-8789-dd5450dbe970
* make dependSam Hartman2010-09-295-4/+61
| | | | | | Add kadm5_hook test plugin to toplevel Makefile.in git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24377 dc483132-0cff-0310-8789-dd5450dbe970
* Automated tests for kadm5_hook pluginSam Hartman2010-09-297-0/+169
| | | | | | Include a k5test Python test and test plugin for the kadm5_hook interface. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24376 dc483132-0cff-0310-8789-dd5450dbe970
* kadm5_hook: new plugin interfaceSam Hartman2010-09-298-11/+451
| | | | | | | | | | | Implement http://k5wiki.kerberos.org/wiki/Projects/Kadmin_hook_interface This provides an interface that allows a plugin to track kadmin operations. This can be used for projects like the krb5-sync project. ticket: 6791 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24375 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_dbe_def_search_enctype skip key data entries with invalidGreg Hudson2010-09-281-6/+4
| | | | | | | | | | | | enctypes instead of erroring out on them. We had this behavior prior to 1.8 (more by accident than by design), but it changed as a side-effect of r23599. ticket: 6790 target_version: 1.8.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24370 dc483132-0cff-0310-8789-dd5450dbe970
* Use IAKERB OID header for all IAKERB messages including AP-REQLuke Howard2010-09-274-4/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24363 dc483132-0cff-0310-8789-dd5450dbe970
* Doxygen for k5-buf.hSam Hartman2010-09-271-9/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24360 dc483132-0cff-0310-8789-dd5450dbe970
* kpasswd: if a credential cache is present, use FASTSam Hartman2010-09-275-27/+76
| | | | | | | | | | | | | | | | If a credentials cache is available, use it as an armor cache to enable FAST negotiation for kpasswd. This requires an attacker to attack both the user's long-term key for the old password as well as the ticket used for the armor cache in order to attack the password change. Depending on how the armor ticket is obtained, this may provide limited value. However, it provides users an easy option if they are concerned about their current password. Users can kinit with one principal to help protect changing the password of another principal. * krb5_get_init_creds_opt_set_fast_ccache: new API to set fast ccache based on a krb5_ccache object rather than a resolvable string * kpasswd: always open the current credential cache even if not needed for determining the principal. If the cache has tickets, use it as an armor cache. * tests/dejagnu/krb-standalone/kadmin.exp: Arrange to test new code path ticket: 6786 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24359 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify acquire_accept_cred very slightly, avoiding some long linesGreg Hudson2010-09-271-7/+6
| | | | | | and repeated macro calls. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24357 dc483132-0cff-0310-8789-dd5450dbe970
* Add gss_krb5_import_credGreg Hudson2010-09-2715-296/+659
| | | | | | | | | | | | Add gss_krb5_import_cred from Heimdal; allows krb5 creds to be acquired from a keytab or ccache into a GSSAPI credential without using global process or thread variables. Merged from the users/lhoward/import-cred branch. ticket: 6785 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24356 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize kdb5_ldap_util's context with kadm5_init_krb5_context, likeGreg Hudson2010-09-221-1/+1
| | | | | | | kdb5_util does, in order to get the KDC profile settings as well as the regular krb5 profile settings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24337 dc483132-0cff-0310-8789-dd5450dbe970
* relicense Sun RPC to 3-clause BSD-styleTom Yu2010-09-2253-1222/+1334
| | | | | | | | | Per e-mail from Wim Coekaerts, Oracle America authorizes the relicensing of Sun RPC to 3-clause BSD-style. ticket: 6784 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24336 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-06 22:01:18 +0000