summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixed some warnings and Windows 64 portability issues in the leash executableSam Hartman2011-10-146-20/+22
| | | | | | Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25338 dc483132-0cff-0310-8789-dd5450dbe970
* Fixed some warnings in libwinSam Hartman2011-10-143-10/+10
| | | | | | Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25337 dc483132-0cff-0310-8789-dd5450dbe970
* Updated resource file dependencies for leashdllSam Hartman2011-10-141-1/+1
| | | | | | Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25336 dc483132-0cff-0310-8789-dd5450dbe970
* re-remove windows/gss from windows buildSam Hartman2011-10-141-4/+2
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25335 dc483132-0cff-0310-8789-dd5450dbe970
* Fix windows fork detectionSam Hartman2011-10-141-6/+10
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25334 dc483132-0cff-0310-8789-dd5450dbe970
* Add "-dce" commandline option to gss-client.c to set GSS_C_DCE_STYLE flagSam Hartman2011-10-143-1/+9
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25333 dc483132-0cff-0310-8789-dd5450dbe970
* Use gssalloc memory management where appropriateSam Hartman2011-10-1417-106/+112
| | | | | | | | | | gss_buffer_t may be freed in a different module from where they are allocated so it is not safe to use strdup/malloc/calloc/free. similarly, gss_OID_set need to use gssalloc functions. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25332 dc483132-0cff-0310-8789-dd5450dbe970
* Utility functions to move allocations from k5buf/krb5_data to gss_buffer_tSam Hartman2011-10-142-1/+66
| | | | | | | | | | | | On Unix, these simply move the buffer pointer, but on windows they need to reallocated with gssalloc_malloc and coied since the gss_buffer_t may need to be freed in a separate module with potentially mismatched c runtime. Also fix a mismatched parameter warning in generic_gss_copy_oid_set(). Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25331 dc483132-0cff-0310-8789-dd5450dbe970
* Add new header gssapi_alloc.hSam Hartman2011-10-147-4/+74
| | | | | | | | | | | | | | | Contains allocator methods for use with mechanisms and mechglues for allocations that must be made in one module but freed in another. On windows, an allocation made in one module cannot safely be freed in another using the usual c runtime malloc/free; runtime dll mismatch will cause heap corruption in that case. But it is safe to instead directly use HeapAlloc()/HeapFree() specifying the default process heap. For now, this header is not public. If it becomes public strncpy will need to be used instead of strlcpy. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25330 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify gss_indicate_mechs() by using generic_gss_copy_oid_setSam Hartman2011-10-141-52/+3
| | | | | | | | | ...instead of hand-duplicating all the logic therein. Also makes the switch to using gssalloc functions with oid_sets easier. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25329 dc483132-0cff-0310-8789-dd5450dbe970
* Removed unused macrosZhanna Tsitkov2011-10-143-13/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25328 dc483132-0cff-0310-8789-dd5450dbe970
* Add PKINIT NSS supportGreg Hudson2011-10-137-5/+5370
| | | | | | | | | Add an implementation of PKINIT using NSS instead of OpenSSL, from nalin@redhat.com. ticket: 6975 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25327 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the doxygen comments for krb5_pac_signZhanna Tsitkov2011-10-121-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25326 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_pac_sign publicGreg Hudson2011-10-126-26/+35
| | | | | | | | | | | | krb5int_pac_sign was created as a private API because it is only needed by the KDC. But it is actually used by DAL or authdata plugin modules, not the core KDC code. Since plugin modules should not need to consume internal libkrb5 functions, rename krb5int_pac_sign to krb5_pac_sign and make it public. ticket: 6974 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25325 dc483132-0cff-0310-8789-dd5450dbe970
* Documentation pass over preauth_plugin.hGreg Hudson2011-10-121-38/+37
| | | | | | No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25324 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in make_gss_checksumGreg Hudson2011-10-071-0/+1
| | | | | | | | | | From greg.mcclement@sap.com. ticket: 6972 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25323 dc483132-0cff-0310-8789-dd5450dbe970
* Minor cleanups to encrypted challengeGreg Hudson2011-10-072-56/+50
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25320 dc483132-0cff-0310-8789-dd5450dbe970
* Use built-in modules for encrypted timestampGreg Hudson2011-10-079-80/+306
| | | | | | | | Break out the encrypted timestamp code from kdc_preauth.c and preauth2.c into built-in modules, allowing admins to disable it and reducing the size of the framework code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25319 dc483132-0cff-0310-8789-dd5450dbe970
* Add get_string, free_string kdcpreauth callbacksGreg Hudson2011-10-062-0/+25
| | | | | | | | String attributes should be useful to preauth modules without having to link against libkdb5. Add a callback to make client string attributes accessible to modules. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25318 dc483132-0cff-0310-8789-dd5450dbe970
* Ditch fast_factor.h since it contains only stubsGreg Hudson2011-10-068-75/+18
| | | | | | | | Leave a comment behind where we called fast_set_kdc_verified(). Remove the call to fast_kdc_replace_reply_key() since it's wrong (encrypted challenge doesn't replace the reply key in that sense). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25317 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize localname on error in gss_localnameGreg Hudson2011-10-061-4/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25316 dc483132-0cff-0310-8789-dd5450dbe970
* Use type-safe callbacks in preauth interfaceGreg Hudson2011-10-0611-524/+238
| | | | | | | | | | | | | | | Replace the generic get_data functions in clpreauth and kdcpreauth with structures containing callback functions. Each structure has a minor version number to allow adding new callbacks. For simplicity, the new fast armor key callbacks return aliases, which is how we would supply the armor key as a function parameter. The new client keys callback is paired with a free_keys callback to reduce the amount of cleanup code needed in modules. ticket: 6971 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25315 dc483132-0cff-0310-8789-dd5450dbe970
* Remove edata code in sample preauth pluginsGreg Hudson2011-10-052-44/+3
| | | | | | | The code assumes unstructured edata and would be somewhat annoying to reframe in terms of pa-data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25314 dc483132-0cff-0310-8789-dd5450dbe970
* Replace gss_pname_to_uid with gss_localname in gss-server.cSam Hartman2011-10-051-5/+5
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25313 dc483132-0cff-0310-8789-dd5450dbe970
* Replace gss_pname_to_uid with gss_localname in gssapi32.defSam Hartman2011-10-051-1/+1
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25312 dc483132-0cff-0310-8789-dd5450dbe970
* Don't need to check for fork on windowsSam Hartman2011-10-051-3/+8
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25311 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5int_gettimeofday to k5sprt for platforms w/o native gettimeofdaySam Hartman2011-10-054-1/+127
| | | | | | | | | | Microsecond accuracy on _WIN32, but only one second accuracy on other, AFAIK purely hypothetical, platforms that lack native gettimeofday. Shamelessly cribbed from Heimdal. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25310 dc483132-0cff-0310-8789-dd5450dbe970
* gss_unwrap_iov crashes with stream buffers for 3des, des, rc4Sam Hartman2011-10-051-1/+5
| | | | | | | | | | | | | | Use correct key to determine enctype for KG2 tokens in kg_unseal_stream_iov Tested with AES for a new enctype and 3DES for an old enctype. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 6970 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25309 dc483132-0cff-0310-8789-dd5450dbe970
* From: Sam Hartman <hartmans@debian.org>Sam Hartman2011-10-051-0/+2
| | | | | | Pkinit: offer supported KDFs in client git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25308 dc483132-0cff-0310-8789-dd5450dbe970
* Add tests to pkinit_kdf_test to test SHA-256/AES and SHA-512/DES3Sam Hartman2011-10-051-14/+113
| | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25307 dc483132-0cff-0310-8789-dd5450dbe970
* Make alg agility KDF work properly when the hash length differs from the key ↵Sam Hartman2011-10-051-4/+10
| | | | | | | | length Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25306 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up unused constantsSam Hartman2011-10-051-3/+0
| | | | | | From: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25305 dc483132-0cff-0310-8789-dd5450dbe970
* Make pkinit fall back to octetstring2key() if there are not matching KDFsSam Hartman2011-10-051-7/+5
| | | | | | From: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25304 dc483132-0cff-0310-8789-dd5450dbe970
* Treat the client's list of supported KDFs as an unordered listSam Hartman2011-10-051-4/+5
| | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25303 dc483132-0cff-0310-8789-dd5450dbe970
* Make KDF work when length of random data differs from length of hashSam Hartman2011-10-051-16/+9
| | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25302 dc483132-0cff-0310-8789-dd5450dbe970
* Fix incorrect formatting of KDF fields, no substantive changeSam Hartman2011-10-051-2/+2
| | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25301 dc483132-0cff-0310-8789-dd5450dbe970
* Use an opaque handle in the kdcpreauth callbackGreg Hudson2011-10-0517-311/+220
| | | | | | | | | | | | | | Instead of passing a request and entry to the kdcpreauth get_data callback, pass an opaque handle. Remove DB entry and key data parameters from kdcpreauth methods (but keep the request, since that's transparent). The SecurID plugin links against libkdb5 and needs access to the client DB entry. Rather than continue to pass a DB entry to kdcpreauth methods, add a get_data callback to get the client DB entry for the few plugins which might need it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25300 dc483132-0cff-0310-8789-dd5450dbe970
* Fix initialization and pointer bugs in new codeGreg Hudson2011-10-042-3/+6
| | | | | | | Coverity found some minor-to-medium bugs in some recent changes; fix them. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25299 dc483132-0cff-0310-8789-dd5450dbe970
* Create e_data as pa_data in KDC interfacesGreg Hudson2011-10-0422-261/+181
| | | | | | | | | | | | All current known uses of e_data are encoded as pa-data or typed-data. FAST requires that e_data be expressed as pa-data. Change the DAL and kdcpreauth interfaces so that e_data is returned as a sequence of pa-data elements. Add a preauth module flag to indicate that the sequence should be encoded as typed-data in non-FAST errors. ticket: 6969 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25298 dc483132-0cff-0310-8789-dd5450dbe970
* Improve k5_get_os_entropy for WindowsGreg Hudson2011-10-041-1/+2
| | | | | | | | When acquiring a crypto context for CryptGenRandom, pass CRYPT_VERIFYCONTEXT to indicate that we don't need access to private keys. Appears to make OS entropy work on Windows XP. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25297 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a Fortuna PRNG failure caseGreg Hudson2011-10-031-1/+3
| | | | | | | | If we don't have entropy when krb5_c_random_make_octets is called, unlock the mutex before returning an error. From kevin.wasserman@painless-security.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25295 dc483132-0cff-0310-8789-dd5450dbe970
* Make kdcpreauth verify respond via callbackGreg Hudson2011-10-037-214/+317
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25294 dc483132-0cff-0310-8789-dd5450dbe970
* Make check_padata() respond via a callbackGreg Hudson2011-10-033-421/+514
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25293 dc483132-0cff-0310-8789-dd5450dbe970
* Make do_as_req() respond via a callbackGreg Hudson2011-10-033-42/+80
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25292 dc483132-0cff-0310-8789-dd5450dbe970
* Make dispatch() respond via a callbackGreg Hudson2011-10-035-174/+225
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25291 dc483132-0cff-0310-8789-dd5450dbe970
* Man page spelling corrections from ville.skytta@iki.fiGreg Hudson2011-10-0210-26/+26
| | | | | | ticket: 6968 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25290 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r25288 because it can remove parts of the source treeTom Yu2011-09-291-11/+3
| | | | | | | Also, disable kdc_realm test until it works correctly on an uninstalled build and when built outside of the source tree. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25289 dc483132-0cff-0310-8789-dd5450dbe970
* Allow kdc_realm test run in case when the build and source directories are ↵Zhanna Tsitkov2011-09-291-2/+8
| | | | | | different git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25288 dc483132-0cff-0310-8789-dd5450dbe970
* git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25287 ↵Zhanna Tsitkov2011-09-291-1/+1
| | | | dc483132-0cff-0310-8789-dd5450dbe970
* Include Domain Realm Referrals (per ↵Zhanna Tsitkov2011-09-293-2/+4
| | | | | | http://k5wiki.kerberos.org/wiki/Projects/domain_realm_referrals project) test suite into "make check" git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25284 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 14:13:09 +0000