summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* * get_in_tkt.c (get_in_tkt_enctypes): Now constKen Raeburn2003-12-202-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15948 dc483132-0cff-0310-8789-dd5450dbe970
* * arcfour.c (l40): Now constKen Raeburn2003-12-202-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15947 dc483132-0cff-0310-8789-dd5450dbe970
* * arcfour.c (arcfour_weakkey1, arcfour_weakkey2, arcfour_weakkeys): Now constKen Raeburn2003-12-202-7/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15946 dc483132-0cff-0310-8789-dd5450dbe970
* Replace the array of 8 mit_des_cblock object 'mit_des_zeroblock' definedKen Raeburn2003-12-2010-10/+23
| | | | | | | locally in multiple files with one defined in f_cbc.c; make it a single element rather than an array. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15945 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c: Include k5-int.h for accessorTom Yu2003-12-192-0/+5
| | | | | | | ticket: 2077 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15944 dc483132-0cff-0310-8789-dd5450dbe970
* * ftp.c (do_auth): Handle a return code of 335, where the authenticationKen Raeburn2003-12-192-1/+6
| | | | | | | | | exchange requires more messages. ticket: 2062 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15943 dc483132-0cff-0310-8789-dd5450dbe970
* ticket 2049Jeffrey Altman2003-12-192-5/+12
| | | | | | fix an incorrect level of indirection for a krb5_creds data structure. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15942 dc483132-0cff-0310-8789-dd5450dbe970
* The new functions krb5int_c_mandatory_cksumtype, krb5_ser_pack_int64,Jeffrey Altman2003-12-1910-14/+64
| | | | | | | | | | | | | and krb5_ser_unpack_int64 are considered private. Therefore, in order for them to be used from within gssapi they must be added to the krb5int_accessor mechanism. This allows us to not publicize their existence via exportation on Windows or MacOSX. ticket: new tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15941 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_retr.c: Extract the test to determine if a credential matchesJeffrey Altman2003-12-193-37/+217
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a requested credential according to the specified fields into a private function: krb5int_cc_creds_match_request() * cc_mslsa.c: Extend the functionality of krb5_lcc_retrieve() to perform a MS Kerberos LSA ticket request if there is no matching credential in the cache. The MS Kerberos LSA places the following restriction on what tickets it will place into the LSA cache: tickets obtained by an application request for a specific set of kerberos flags or enctype will not be cached. Therefore, we first make a request with no flags or enctype in the hope that we will be lucky and get the right ones anyway. If not, we make the application's request and return that ticket if it matches the other criteria. Implemented a similar technique for krb5_lcc_store(). Since we can not write to the cache, when a store request is made we instead perform a ticket request through the lsa for a matching credential. If we receive one, we return success. Otherwise, we return the KRB5_CC_READONLY error. With these changes I am now able to operate entirely with the MSLSA ccache as the default cache provided the MS LSA credentials are for the principal I wish to use. Obviously, one cannot change principals while the MSLSA ccache is the default. ticket: 2049 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15939 dc483132-0cff-0310-8789-dd5450dbe970
* * conv_creds.c (krb5int_encode_v4tkt): Zero out unused parts of ticket. Use aKen Raeburn2003-12-162-4/+18
| | | | | | | temorary in case krb5_int32 isn't "int". (decode_v4tkt): Use a temorary in case krb5_int32 isn't "int". git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15936 dc483132-0cff-0310-8789-dd5450dbe970
* * k5-platform.h (SIZE_MAX): Provide default definition if stdint.h doesn'tKen Raeburn2003-12-152-2/+41
| | | | | | | | define it. ticket: 2040 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15929 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2003-12-1546-1296/+1505
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15928 dc483132-0cff-0310-8789-dd5450dbe970
* * win-mac.h: source code written to the C99 standard assumes thereJeffrey Altman2003-12-152-0/+15
| | | | | | | | | | | | | are standard definitions for the MAX sizes of C types including size_t. The MAX preprocessor variables are declared in limits.h but limits.h is not included by any of the other header files. We will therefore include it via win-mac.h. We must also add a declaration of SIZE_MAX (for size_t) because Microsoft does not provide one. ticket: 2040 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15927 dc483132-0cff-0310-8789-dd5450dbe970
* * add missing ChangeLog entryJeffrey Altman2003-12-151-0/+5
| | | | | | ticket: 1471 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15926 dc483132-0cff-0310-8789-dd5450dbe970
* * k5-platform.h: apply casts (unsigned char) to the assignments fromJeffrey Altman2003-12-151-16/+16
| | | | | | | | 64-bit ints to unsigned char fields to avoid warnings ticket: 1471 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15925 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_msla.c: Enable purging of the MS Kerberos LSA cache when the TGTJeffrey Altman2003-12-152-6/+11
| | | | | | | | | has expired. This will force the LSA to get a new TGT instead of returning the expired version. ticket: 2049 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15924 dc483132-0cff-0310-8789-dd5450dbe970
* krb524 subdirectory does not get fully cleaned due to change introduced by 1491Ezra Peisach2003-12-152-1/+7
| | | | | | | | | | * Makefile.in (clean-unix): Clean up more files now that STLIBOBS is not used (introduced in 1491). Some files were missed. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15923 dc483132-0cff-0310-8789-dd5450dbe970
* * when initiating an enumeration of the ccache contents performJeffrey Altman2003-12-152-0/+13
| | | | | | | | | | a fetch of the TGT. This will trigger an update request by the MS LSA on Windows 2000 and XP which is perfectly willing to allow TGTs to expire. ticket: 2049 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15922 dc483132-0cff-0310-8789-dd5450dbe970
* move prof-int.h to be the first include file in order to obtainJeffrey Altman2003-12-1410-14/+25
| | | | | | | | | platform specific preprocessor variables used to selectively import other header files ticket: 2068 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15921 dc483132-0cff-0310-8789-dd5450dbe970
* * krb4_32.def: Remove exports from KfM not yet compiled in KfWJeffrey Altman2003-12-133-7/+23
| | | | | | | | | | | | | | krb_ad_tkt, krb_pw_tkt, kuserok, tkt_string, FSp_xxx * krb5_32.def: Add exports of private functions necessary for building new gssapi32.dll: krb5int_c_mandatory_cksumtype ; PRIVATE GSSAPI k5-int.h krb5_ser_pack_int64 ; PRIVATE GSSAPI k5-int.h krb5_ser_unpack_int64 ; PRIVATE GSSAPI k5-int.h ticket: 2067 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15920 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in: Remove extraneous spaces ..Jeffrey Altman2003-12-131-0/+5
| | | | | | ticket: 2049 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15919 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in: remove extraneous spaces from ##WIN32## commentedJeffrey Altman2003-12-131-2/+2
| | | | | | | | defines for MSLSA_OBJ and MSLSA_SRC ticket: 2049 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15918 dc483132-0cff-0310-8789-dd5450dbe970
* Gets a bit closer, still not working..Ken Raeburn2003-12-133-15/+63
| | | | | | | | | | | | | | | | * ftpcmd.y (getline): Allow "AUTH" as an unprotected command. * ftpd.c (login): Fix checks for accept_sec_context status. Only send back one message in the CONTINUE_NEEDED case. (with_gss_error_text): New function, split out from reply_gss_error. (reply_gss_error): Call it. (reply_gss_error_1): New function. (log_gss_error, log_gss_error_1): New functions. (login): Call log_gss_error instead of syslog on error from gss_display_name. ticket: 2062 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15917 dc483132-0cff-0310-8789-dd5450dbe970
* * aclocal.m4 (WITH_CC): Drop -Wno-comment, since we don't support SunOS 4 ↵Ken Raeburn2003-12-132-2/+8
| | | | | | any longer git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15916 dc483132-0cff-0310-8789-dd5450dbe970
* * default.exp (passes): Add an AES-only pass.Ken Raeburn2003-12-132-1/+46
| | | | | | | | | | | | (start_kerberos_daemons): Check for error "No principal in keytab matches desired name". (dump_db): New proc, for debugging. (spawn_xterm): Add GSSCLIENT to list of exported variables. ticket: 2066 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15915 dc483132-0cff-0310-8789-dd5450dbe970
* * telnet.exp: Skip tests if no DES key types are enabledKen Raeburn2003-12-132-0/+10
| | | | | | | ticket: 2066 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15914 dc483132-0cff-0310-8789-dd5450dbe970
* * gssftp.exp (ftp_test): Look for "GSSAPI authentication failed" errorKen Raeburn2003-12-132-0/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15913 dc483132-0cff-0310-8789-dd5450dbe970
* don't limit enctype lists at init timeKen Raeburn2003-12-132-10/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15912 dc483132-0cff-0310-8789-dd5450dbe970
* Add 64-bit sequence number support. Do sequence number ordering tests relativeKen Raeburn2003-12-1315-290/+932
| | | | | | | | | | | | | to the initial value rather than absolute. Support tokens without pseudo-ASN.1 wrappers. Don't restrict enctype lists. Implement CFX token support. With CFX_EXERCISE defined, use random padding, random rotates, and bogus initial tokens, to exercise the associated code paths. ticket: 2040 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15911 dc483132-0cff-0310-8789-dd5450dbe970
* add get_name callback for kdb keytab type, for debuggingKen Raeburn2003-12-132-1/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15910 dc483132-0cff-0310-8789-dd5450dbe970
* ignore extra lines output when debugging code enabledKen Raeburn2003-12-132-0/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15909 dc483132-0cff-0310-8789-dd5450dbe970
* Add platform-dependent 64-bit and inline-function support via new headerKen Raeburn2003-12-1313-61/+350
| | | | | | | | | | | | | | | k5-platform.h. Add 64-bit serializer support. [Not needed for ticket 1471, but needed for 2040 and annoying to check in separately.] Add to (internal for now) crypto API a function to get the mandatory checksum type associated with an enctype. New support for server-generated subkey, selected via an auth_context flag. ticket: 1471 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15908 dc483132-0cff-0310-8789-dd5450dbe970
* * an_to_ln.c (krb5_aname_to_localname): Don't write one byte pastTom Yu2003-12-132-6/+14
| | | | | | | | | | the end of a string. Found by Christopher Nebergall. ticket: 2024 component: krb5-libs version_reported: 1.3.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15895 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in: Move ##WIN32## constructs from insideTom Yu2003-12-132-9/+12
| | | | | | | | | | backslash-continued lists, as it was breaking them. Move explicit dependency information from under automatic dependencies. ticket: 2049 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15894 dc483132-0cff-0310-8789-dd5450dbe970
* * Added new krb5_ccache type "MSLSA" for Windows only.Jeffrey Altman2003-12-1211-832/+1349
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new ccache type provides an interface for the MIT krb5_cc api functions to be used to access the contents of the MS Kerberos LSA cache. The ccache type is read-only because the MS Kerberos LSA does not allow third party applications to insert credentials into the cache. The primary motivation of this work was to encapsulate the complex operations necessary to manipulate the MS Kerberos LSA. The code was far from trivial and was often implemented incorrectly. Worse still was the fact that each version of Windows since W2K modified the use of the LSA API. The code which was originally donated in the form of ms2mit.c had many memory and handle leaks which were acceptable for a one time application such as ms2mit.c. Unfortunately, this code has started to appear in many other applications: KfW's Leash, the AFS Wake systray tool, and others. By using the new MSLSA ccache the implementation of ms2mit.c went from 890 lines to 50 lines of code and comments. All that is necessary is for the MSLSA ccache to be resolved and for its contents to be copied with krb5_cc_copy_creds to the default ccache. The MSLSA ccache implements all of the functions of a ccache except those which would be used to store data into the ccache. When a write attempt is performed the new error KRB5_CC_READONLY is returned. The residual portion of the MSLSA ccache name is current ignored but preserved. If you ask for ccache "MSLSA:myname" you will be given access to the LSA cache for the current Logon Session. If you later ask for the name of the ccache you will be returned the same name. In the future, the residual might be used to provide information necessary to identify a specific logon session whose cache it is desired to access. If this is ever done, the applications which use it will have to possess the SeTcbPrivilege privilege. Using KfW's Leash it is now possible to set the Krb5 credential cache to "MSLSA:" and use it to monitor the contents of the MS Kerberos LSA cache. As part of adding this functionality, krb5_32.dll is not linked against the "secur32.lib" library as the Lsa security sdk routines are stored in the SECUR32.DLL file. ticket: 2049 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15886 dc483132-0cff-0310-8789-dd5450dbe970
* Remove cvsignore filesSam Hartman2003-12-112-5/+0
| | | | | | Ticket: 2061 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15881 dc483132-0cff-0310-8789-dd5450dbe970
* Remove kadmind4 and v5passwddSam Hartman2003-12-1135-9626/+6
| | | | | | | | | Per email to kerberos-announce remove kadmind4 and v5passwdd from the distribution. Ticket: new Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15880 dc483132-0cff-0310-8789-dd5450dbe970
* Added kg_sync_ccache_name(), kg_get_ccache_name, and kg_set_ccache_name() ↵Alexandra Ellwood2003-12-115-33/+177
| | | | | | | | and rewrote gss_krb5_ccache_name() and added a call to kg_sync_ccache_name() to acquire_init_cred() to fix a bug where on systems with multiple ccaches that GSSAPI gets stuck on the ccache that was default when it launched ticket: 2060 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15879 dc483132-0cff-0310-8789-dd5450dbe970
* Note that krb4 expiration needs to be more conservative than krb5Sam Hartman2003-12-112-0/+18
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15878 dc483132-0cff-0310-8789-dd5450dbe970
* Add exports for functions exported by KfMJeffrey Altman2003-12-082-0/+34
| | | | | | | | ticket: 2051 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15871 dc483132-0cff-0310-8789-dd5450dbe970
* 2003-11-26 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2003-12-082-0/+33
| | | | | | | | | | | * cc_default.c: Add support for Leash Kinit Dialog on Windows to krb5int_c_default() ticket: 2028 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15870 dc483132-0cff-0310-8789-dd5450dbe970
* Add support for conditional inclusion of flags when building as part ofJeffrey Altman2003-12-082-1/+11
| | | | | | | | | | | | KfW. The only flag defined at this time is USE_LEASH which is defined to allow GSSAPI32.DLL to enable the use of Leash Kinit dialogs when there are no tickets ticket: 2028 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15869 dc483132-0cff-0310-8789-dd5450dbe970
* work around Solaris 9 pty-close bugTom Yu2003-12-069-1/+105
| | | | | | | | | | | | Create a LD_PRELOAD object, exitsleep, that will sleep for a short time prior to calling the real exit() function. This attempts to work around a Solaris 9 kernel bug where output will get lost if it is written to a pty immediately prior to the pty close. ticket: new component: krb5-build git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15864 dc483132-0cff-0310-8789-dd5450dbe970
* Updated project to reflect changes in source filesAlexandra Ellwood2003-11-251-0/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15850 dc483132-0cff-0310-8789-dd5450dbe970
* initial sequence number mask short by 4 bitsTom Yu2003-10-302-1/+6
| | | | | | | | | | | | | * gen_seqnum.c (krb5_generate_seq_number): Fix mask; was short by 4 bits. ticket: new version_reported: 1.3.1 target_version: 1.3.2 component: krb5-libs tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15849 dc483132-0cff-0310-8789-dd5450dbe970
* * sendto_kdc.c: Sockets must be closed with closesocket() insteadJeffrey Altman2003-10-272-1/+7
| | | | | | | | | | | | of close() for proper socket deallocation on systems which do not use file descriptors for sockets. i.e., Windows. ticket: 1973 target_version: 1.3.2 tags: pullup status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15844 dc483132-0cff-0310-8789-dd5450dbe970
* Because of the failure of Windows 2000 and Windows XP to perform properJeffrey Altman2003-10-212-2/+28
| | | | | | | | | | | | | | | | | | | | ticket expiration time management, the MS Kerberos LSA will return tickets to a calling application with lifetimes as short as one second. Tickets with lifetimes less than five minutes can cause problems for most apps. Tickets with lifetimes less than 20 minutes will trigger the Leash ticket lifetime warnings. Instead of accepting whatever tickets are returned by MS LSA from the cache, if the ticket lifetime is less than 20 minutes force a retrieval operation bypassing the LSA ticket cache. ticket: 1962 target_version: 1.3.2 tags: pullup owner: jaltman@mit.edu status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15843 dc483132-0cff-0310-8789-dd5450dbe970
* removed deleted files from projectAlexandra Ellwood2003-10-211-31/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15842 dc483132-0cff-0310-8789-dd5450dbe970
* Updated to work with XcodeAlexandra Ellwood2003-10-171-1270/+2003
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15841 dc483132-0cff-0310-8789-dd5450dbe970
* * api.1/lock.exp: Work around a race condition in the Solaris 9Tom Yu2003-10-172-18/+56
| | | | | | | | | | | | | | | pty implementation: output sent to a pty slave immediately before last close/exit can get lost on the way to the master. This is Sun bug #4927647. The workaround consists of changing the tests to always make lock-test wait to read a character prior to exiting, so any output prior to the "wait" directive will not get lost. ticket: 1792 tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15840 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-22 18:51:13 +0000