summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Add a call to limit_string that appears to have been accidentally removedSam Hartman2009-01-121-0/+1
| | | | | | somewhere along the mskrb-integ branch git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21729 dc483132-0cff-0310-8789-dd5450dbe970
* Remove gss_export_name_object and gss_import_name_object.Sam Hartman2009-01-129-243/+0
| | | | | | | | These are not standard interfaces, are not used by our tree and were added because they might be useful but ended up not being used. The stubs in gssapi.hin remain as they were shipped with previous releases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21728 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke Howard:Sam Hartman2009-01-123-7/+30
| | | | | | | | | Previously when using the kdb keytab, there was a check to confirm that the server was supported as a server and that attackers could not force an enctype downgrade. Add these to kdc_get_server_key git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21727 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke HowardSam Hartman2009-01-121-5/+2
| | | | | | There's a superfluous check in kdc_util.c; ad_entry is always non NULL git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21726 dc483132-0cff-0310-8789-dd5450dbe970
* Restore behavior of returning KRB5APP_ERR_BAD_INTEGRITY fromSam Hartman2009-01-121-1/+1
| | | | | | | | preauth methods. This creates a problem for Windows clients, but not doing it creates a problem for MIT clients. Today our KDC is more likely to be used with MIT clients, but we need to examine this issues in more detail. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21725 dc483132-0cff-0310-8789-dd5450dbe970
* Check the return code from krb5int_clean_hostname as the sanity ↵Zhanna Tsitkov2009-01-121-3/+7
| | | | | | verification of the hostname might fail git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21724 dc483132-0cff-0310-8789-dd5450dbe970
* Add message hash support to the replay interface, using extensionGreg Hudson2009-01-1215-43/+384
| | | | | | | | | | | | | | records (with an empty client string) to retain compatibility with old code. For rd_req, the ciphertext of the authenticator (with no ASN.1 wrapping) is hashed; for other uses of the replay cache, no message hash is used at this time. This commit adds a command-line tool for testing the replay cache but does not add any automated tests. ticket: 1201 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21723 dc483132-0cff-0310-8789-dd5450dbe970
* Follow "off-path" TGT referralsTom Yu2009-01-091-21/+189
| | | | | | | ticket: 5627 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21720 dc483132-0cff-0310-8789-dd5450dbe970
* Remove conflict marker; restore broken copyright lineKen Raeburn2009-01-091-2/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21719 dc483132-0cff-0310-8789-dd5450dbe970
* kdb/keytab.c: map KRB5_KDB_NO_MATCHING_KEY to KRB5_KT_KVNONOTFOUND.Sam Hartman2009-01-071-0/+2
| | | | | | | At least in cases other than tgts, this code handles its own enctype matching, so kvno not found is the only thing that produces the no matching key error. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21718 dc483132-0cff-0310-8789-dd5450dbe970
* Don't create include/kerberosIV on installationKen Raeburn2009-01-072-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21717 dc483132-0cff-0310-8789-dd5450dbe970
* Add support for referral null realms and use the default realm as ↵Sam Hartman2009-01-061-2/+10
| | | | | | | | krb5_rd_req_extended does ticket: 5954 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21716 dc483132-0cff-0310-8789-dd5450dbe970
* Remove ksu's own implementation of krb5_verify_init_creds now that it is not ↵Sam Hartman2009-01-061-122/+0
| | | | | | | | | used ticket: 5954 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21715 dc483132-0cff-0310-8789-dd5450dbe970
* Ksu should call krb5_verify_init_creds instead of using its own function.Sam Hartman2009-01-061-7/+13
| | | | | | | | | This was prompted by a desire for ksu to work without a domain_realm mapping for the local server, but the duplication of code is bad anyway. ticket: 5954 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21714 dc483132-0cff-0310-8789-dd5450dbe970
* Set RELTAIL back to "trunk"Tom Yu2009-01-061-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21713 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke HowardSam Hartman2009-01-062-39/+30
| | | | | | to make an explicit call to check the ACL for s4u delegations rather than relying on tl-data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21712 dc483132-0cff-0310-8789-dd5450dbe970
* be a little looser in checking for tail outputKen Raeburn2009-01-061-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21711 dc483132-0cff-0310-8789-dd5450dbe970
* remove unused fileKen Raeburn2009-01-061-190/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21710 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up many error-condition leaks of the server handle in theGreg Hudson2009-01-061-83/+46
| | | | | | kadmind server stubs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21709 dc483132-0cff-0310-8789-dd5450dbe970
* In kadmin, remove a bunch of checks for handle being NULL (some old,Greg Hudson2009-01-061-41/+41
| | | | | | | some introduced by the last rev) when it is known from context that handle is not NULL. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21708 dc483132-0cff-0310-8789-dd5450dbe970
* Fix capitalizationSam Hartman2009-01-062-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21707 dc483132-0cff-0310-8789-dd5450dbe970
* Oops. Don't include openssl install paths from my local machine.Ken Raeburn2009-01-051-19/+3
| | | | | | | | Thanks to Ezra for noticing so quickly. ticket: 6315 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21706 dc483132-0cff-0310-8789-dd5450dbe970
* include string.hKen Raeburn2009-01-051-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21705 dc483132-0cff-0310-8789-dd5450dbe970
* fix missed var renameKen Raeburn2009-01-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21704 dc483132-0cff-0310-8789-dd5450dbe970
* Define SWAP16 if not already definedKen Raeburn2009-01-051-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21703 dc483132-0cff-0310-8789-dd5450dbe970
* No C++ style comments in C code pleaseKen Raeburn2009-01-051-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21702 dc483132-0cff-0310-8789-dd5450dbe970
* move generated dependencies out of Makefile.inKen Raeburn2009-01-05207-7120/+7012
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Move automatically-generated dependencies into separate files in the source tree, and take the data out of Makefile.in. Keep the "make depend" rules for stripping out the dependencies from Makefile.in, in case some optional directories were missed, but everything that builds on my UNIX build has been converted. (Converting a directory just requires creating an empty "deps" file so that config.status can build the makefile, and then later running "make depend" in that directory to get the correct content for it.) Change configure scripts to incorporate the "deps" file when building each Makefile. This change requires the existence of a file "deps" in each source directory where we build a makefile, even if there are no sources for which to compute dependencies; a switch to GNU make would let us conditionalize that, but we can assess that later. Update dependencies for the generate Makefile itself to list the deps file. This will also require some minor tweaking of the Windows build, to make it incorporate the new deps file. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
* Build against Python 2.5 as well as 2.3. Long term, should use python-configKen Raeburn2009-01-053-2/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21700 dc483132-0cff-0310-8789-dd5450dbe970
* fix minor comment typosKen Raeburn2009-01-051-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21699 dc483132-0cff-0310-8789-dd5450dbe970
* ifdef out unused functions that are also missing prototypes.Ezra Peisach2009-01-051-0/+2
| | | | | | krb5int_utf8_islower and krb5int_utf8_isupper. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21697 dc483132-0cff-0310-8789-dd5450dbe970
* Include ucdata/ucdata.h for missing prototypesEzra Peisach2009-01-051-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21696 dc483132-0cff-0310-8789-dd5450dbe970
* Include strings.h for memset prototypeEzra Peisach2009-01-052-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21695 dc483132-0cff-0310-8789-dd5450dbe970
* Remove support for setting a client flag indicating pkinit is used on the db ↵Sam Hartman2009-01-031-3/+0
| | | | | | | | | | | entry. I'm reasonably sure that this would belong in a pkinit plugin not in do_as_req.c. Also, the flag should be documented to indicate what it means--client attempted pkinit? Client succeeded in using pkinit? I also wonder whether you want a mechanism for a db plugin to figure out all the padata or fast factors that a request is using. Note that this flag will need to be added back by at least one vendor. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21694 dc483132-0cff-0310-8789-dd5450dbe970
* xrealm_non_transitive not trust_non_transitiveSam Hartman2009-01-032-4/+4
| | | | | | | | | | Kerberos does not imply trust in the existence of a cross-realm key. Trust is implied when a foreign principal is placed on an ACL: the remote realm is trusted to authenticate that principal and is trusted not to confuse one principal with another. Keep terminology consistent. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21693 dc483132-0cff-0310-8789-dd5450dbe970
* Remove flags that do not correspond to behavior we supportSam Hartman2009-01-031-4/+0
| | | | | | | non_ms_principal would need to be phrased in terms of what behavior is being changed, not client OS. The pkinit flag would need to be better documented git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21692 dc483132-0cff-0310-8789-dd5450dbe970
* KDB API should not be publicSam Hartman2009-01-031-3/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21691 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-03269-4617/+58874
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* With no more fakeka, we don't need the --enable-fakeka optionKen Raeburn2009-01-031-8/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21683 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unused AC_SUBSTsKen Raeburn2009-01-031-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21682 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unused variablesKen Raeburn2009-01-033-20/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21681 dc483132-0cff-0310-8789-dd5450dbe970
* Rewrite walk_rtree.c to handle hierarchical traversal better and to beTom Yu2009-01-023-309/+468
| | | | | | | | less convoluted. Update test cases. ticket: 5947 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21659 dc483132-0cff-0310-8789-dd5450dbe970
* Set auth_context's rcache to NULL after destroying and before callingTom Yu2008-12-311-1/+1
| | | | | | | krb5_auth_con_free, to avoid crashing when krb5_rc_close tries to run using a destroyed rcache handle. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21644 dc483132-0cff-0310-8789-dd5450dbe970
* I don't know what it was that someone else didn't know, but it doesn'tKen Raeburn2008-12-311-5/+3
| | | | | | belong in the copyright header. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21642 dc483132-0cff-0310-8789-dd5450dbe970
* Signed/unsigned fixesEzra Peisach2008-12-302-3/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21639 dc483132-0cff-0310-8789-dd5450dbe970
* Change kpropd_com_err_proc to prototype style, add format attributeKen Raeburn2008-12-301-5/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21637 dc483132-0cff-0310-8789-dd5450dbe970
* If full resync fails, go into backoff modeKen Raeburn2008-12-301-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21636 dc483132-0cff-0310-8789-dd5450dbe970
* Signed/unsigned fixes and remove unused variableEzra Peisach2008-12-292-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21635 dc483132-0cff-0310-8789-dd5450dbe970
* Fix up warning of suggested parens in assignment in conditionalEzra Peisach2008-12-291-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21634 dc483132-0cff-0310-8789-dd5450dbe970
* Add gssrpcint.h to contain prototype for gssrpcint_printf. IncludeEzra Peisach2008-12-295-6/+51
| | | | | | | gcc printf attribute if supported. Include header file and fix up some of the debugging printf arguments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21632 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r21589, and export krb5_get_fallback_host_realm insteadGreg Hudson2008-12-296-14/+26
| | | | | | | | | | | | | | Rationale: Zephyr and AFS both use the Kerberos realm name as the name of the service realm (AFS realm or Zephyr galaxy). AFS can grab the Kerberos realm from the ticket being aklogged, but Zephyr is not necessarily getting credentials at all (you could be sending an unauthenticated message), and currently finds its answer by looking up the realm of the server host. Although we can't currently provide an accurate result for this lookup in the presence of referrals, we do need to provide enough tools to get as good of an answer as libzephyr could have gotten before referrals went in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21631 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-14 14:20:33 +0000