summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* disable weak crypto by defaultTom Yu2010-01-056-25/+50
| | | | | | | | | Set allow_weak_crypto=false by default. Set default master key enctype to sha256. Adjust test suite to compensate. ticket: 6621 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
* Install encrypted_challenge plugin during fake-installTom Yu2010-01-041-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23585 dc483132-0cff-0310-8789-dd5450dbe970
* Add preauth_module_dir support to the KDC preauth module loaderGreg Hudson2010-01-041-3/+44
| | | | | | | (should have been part of r23531). Most or all of this logic should be moved into the plugin code or a layer above it, after the branch. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23584 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous documentationSam Hartman2010-01-042-1/+41
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23583 dc483132-0cff-0310-8789-dd5450dbe970
* Other changes in this ticket guarantee that the padata argument toSam Hartman2010-01-041-1/+1
| | | | | | | | return callbacks is non-null; don't check for null in pkinit_srv.c. ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23582 dc483132-0cff-0310-8789-dd5450dbe970
* Bring back krb5_kt_free_entry which really does the same thing asSam Hartman2010-01-042-4/+5
| | | | | | | krb5_free_keytab_entry_contents per discussion on krbdev in order to avoid breaking samba builds. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23581 dc483132-0cff-0310-8789-dd5450dbe970
* Test FAST authentication during each passSam Hartman2010-01-043-7/+62
| | | | | | | Because a new principal is added to the database, the iprop test expected output is updated. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23580 dc483132-0cff-0310-8789-dd5450dbe970
* Fix documentation of armor cache based on fast negotiation projectSam Hartman2010-01-041-3/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23579 dc483132-0cff-0310-8789-dd5450dbe970
* kdc_supported_enctypes does nothing; eradicate mentions thereofTom Yu2010-01-042-30/+0
| | | | | | | | | kdc_supported_enctypes does nothing. Remove all mention of it from documentation and test suites. ticket: 6620 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23578 dc483132-0cff-0310-8789-dd5450dbe970
* Don't accept AS replies encrypted in enctypes other than the ones weGreg Hudson2010-01-041-0/+18
| | | | | | asked for. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23577 dc483132-0cff-0310-8789-dd5450dbe970
* For the better code modularity keep some "free" routines closer to the ↵Zhanna Tsitkov2010-01-047-177/+100
| | | | | | resource allocators. Also, reindent cleanup in the touched files git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23576 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-01-039-65/+131
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23575 dc483132-0cff-0310-8789-dd5450dbe970
* Enable caching of key-derived context info such as key schedules fromKen Raeburn2010-01-033-18/+72
| | | | | | | | | | | | | one encryption operation to another. Use a new function in the enc_provider structure for cleanup. Implement caching of aes_ctx values. Using Greg's performance tests from the derived-key caching work, on a 2.8GHz Xeon, I see 1 million AES-128 encryptions of 16 bytes improved by 5-6%; encryptions of 1024 bytes and checksums are not significantly affected. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23574 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a case where krb5int_aes_decrypt was trying to encrypt a blockGreg Hudson2010-01-031-1/+1
| | | | | | instead of decrypting it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23573 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_gss_acquire_cred will deref garbage pointer if actual_mechs is NULLEzra Peisach2010-01-031-3/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23572 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize variables in case of error path winds up freeing stack garbageEzra Peisach2010-01-031-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23571 dc483132-0cff-0310-8789-dd5450dbe970
* Ignore some routing messages indicating changes that don't affect ourKen Raeburn2010-01-031-0/+24
| | | | | | set of local addresses. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23570 dc483132-0cff-0310-8789-dd5450dbe970
* Remove old 'full' arg to KDC that should've gone away with '-4'Ken Raeburn2010-01-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23569 dc483132-0cff-0310-8789-dd5450dbe970
* Some unsigned/signed warning cleanupEzra Peisach2010-01-034-4/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23568 dc483132-0cff-0310-8789-dd5450dbe970
* Use krb5int_count_etypes in rd_req_decoded_optGreg Hudson2010-01-021-4/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23567 dc483132-0cff-0310-8789-dd5450dbe970
* Test -P options to kdc and kadmind to write out a pid file. Verify contents of Ezra Peisach2010-01-021-2/+35
| | | | | | pid file match pid of executable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23566 dc483132-0cff-0310-8789-dd5450dbe970
* Factor out copying and counting of zero-terminated enctype lists intoGreg Hudson2010-01-019-102/+102
| | | | | | a new file src/lib/krb5/krb/etype_list.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23565 dc483132-0cff-0310-8789-dd5450dbe970
* Update copyright year in prototype sourcesGreg Hudson2010-01-012-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23564 dc483132-0cff-0310-8789-dd5450dbe970
* Change db_args from being a global to only defined in the functionEzra Peisach2010-01-012-16/+16
| | | | | | | that uses it. This removes a warning of shadowed variable names. Change several functions to static when limited to main.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23563 dc483132-0cff-0310-8789-dd5450dbe970
* Add gcc printf attribute for kdc_err prototypeEzra Peisach2010-01-011-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23562 dc483132-0cff-0310-8789-dd5450dbe970
* Unsigned/signed cleanupEzra Peisach2010-01-011-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23561 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new -P option to krb5kdc and kadmind which, if given, specifiesRuss Allbery2010-01-014-2/+99
| | | | | | | | | the path to which to write the PID file of the daemon after it finishes initializing. Ticket: 6618 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23560 dc483132-0cff-0310-8789-dd5450dbe970
* Free tinfo at end - so program runs with new memory leaksEzra Peisach2009-12-311-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23559 dc483132-0cff-0310-8789-dd5450dbe970
* Remove tests for functions that we do not conditionalize on. Most deprecatedEzra Peisach2009-12-311-1/+1
| | | | | | | | | | | from breakoff of apps. Specifically, do not test for: gethostbyname2 getifaddrs pthread_mutex_lock sched_yield ftime strstr timezone umask waitpid sem_init sem_trywait daemon git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23558 dc483132-0cff-0310-8789-dd5450dbe970
* Declare function as static to avoid compiler warning on missing prototypesEzra Peisach2009-12-311-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23557 dc483132-0cff-0310-8789-dd5450dbe970
* Remove $(TOBJS) for make cleanEzra Peisach2009-12-311-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23556 dc483132-0cff-0310-8789-dd5450dbe970
* Use krb5_free_default_realm instead of free on the results ofEzra Peisach2009-12-311-2/+2
| | | | | | krb5_get_default_realm(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23555 dc483132-0cff-0310-8789-dd5450dbe970
* Fix spelling and hyphen errors in man pagesRuss Allbery2009-12-314-7/+7
| | | | | | | | | | | Fix spelling errors in man pages detected by Debian's Lintian program. Also escape some -'s that are intended to be literal ASCII dashes and not Unicode hyphens so that groff won't change them into true hyphens. ticket: 6616 component: krb5-doc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23554 dc483132-0cff-0310-8789-dd5450dbe970
* NetBSD 5.0.1 uses an OpenSSL snapshot that describes itself as 0.9.9,Ken Raeburn2009-12-311-1/+1
| | | | | | | and has the EVP_PKEY_decrypt API change that was already being worked around for OpenSSL 1.0.0. Work around it for 0.9.9 too. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23553 dc483132-0cff-0310-8789-dd5450dbe970
* format %p wants void*Ken Raeburn2009-12-311-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23552 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize hash_iov, in case of premature error exitKen Raeburn2009-12-311-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23551 dc483132-0cff-0310-8789-dd5450dbe970
* Convert C++ style comments into traditional C commentsKen Raeburn2009-12-311-5/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23550 dc483132-0cff-0310-8789-dd5450dbe970
* No comma at end of enumerator listKen Raeburn2009-12-311-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23549 dc483132-0cff-0310-8789-dd5450dbe970
* No comma at end of enumerator listKen Raeburn2009-12-311-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23548 dc483132-0cff-0310-8789-dd5450dbe970
* Include os-proto.h for _krb5_conf_boolean prototype before declarationEzra Peisach2009-12-301-0/+2
| | | | | | of function. (gcc warning) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23547 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5int_get_domain_realm_mapping into kdc_util.c as this function is a ↵Zhanna Tsitkov2009-12-305-62/+68
| | | | | | helper in kdc code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23546 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the krb5_set_default_in_tkt_ktypes andGreg Hudson2009-12-301-7/+0
| | | | | | | krb5_set_default_tgs_ktypes during context initialization, as they weren't doing anything. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23545 dc483132-0cff-0310-8789-dd5450dbe970
* Create a separate file for krb5_copy_context for better code modularityZhanna Tsitkov2009-12-293-63/+141
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23538 dc483132-0cff-0310-8789-dd5450dbe970
* Combine the related code into one fileZhanna Tsitkov2009-12-295-143/+55
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23537 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an inoperable error check in return_pkinit_kxGreg Hudson2009-12-291-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23536 dc483132-0cff-0310-8789-dd5450dbe970
* Functions in enc_helper.c serve different code blocks. Split themZhanna Tsitkov2009-12-293-27/+70
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23535 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2009-003 CVE-2009-3295 KDC null deref in referralsTom Yu2009-12-292-1/+4
| | | | | | | | | | | | | On certain error conditions, prep_reprocess_req() calls kdc_err() with a null pointer as the format string, causing a null dereference and denial of service. Legitimate protocol requests can trigger this problem. ticket: 6608 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23533 dc483132-0cff-0310-8789-dd5450dbe970
* Add dejagnu test suite support for finding the preauth modules in theGreg Hudson2009-12-282-0/+3
| | | | | | | fake install. Not yet tested, except to verify that it doesn't break the existing test suite. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23532 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new profile variable preauth_module_dir, which specifiesGreg Hudson2009-12-282-5/+49
| | | | | | | | directories to look for preauth plugins in prior to the hardcoded locations. Undocumented for now since, like db_module_dir, this is mostly intended for the test suite. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23531 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5_get_profile back to init_os_ctx.c for now and revert r23519.Greg Hudson2009-12-284-8/+9
| | | | | | | | At this time we link t_etypes against init_ctx.so during "make check", which breaks if init_ctx contains reference to the profile library. More general solutions to this problem are under discussion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23530 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-04 09:55:15 +0000