| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24825 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24821 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24815 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
a new function k5_privsafe_check_addrs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24806 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
renamed to k5_privsafe_check_seqnum. Declare it in int-proto.h rather
than k5-int.h.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24805 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24804 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24793 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24792 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
users/lhoward/moonshot-mechglue/fixes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24781 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Add gss_encapsulate_token(), gss_decapsulate_token(), and
gss_oid_equal() APIs, which are already present in Heimdal and Shishi.
From r24737, r24738, and r24740 in
users/lhoward/moonshot-mechglue-fixes.
ticket: 6890
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24780 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24779 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24776 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Failure to do this breaks other attribute providers' set_attribute()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24775 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
password quality and other errors were accidentally reversed. Fix
them so that password quality errors generate a "soft" failure and
other errors generate a "hard" failure, as Heimdal and Microsoft do.
Also recognize KADM5_PASS_Q_GENERIC (added in 1.9) as a password
quality error.
ticket: 6888
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24755 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24754 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
just remove the old configuration.
Moved short krb5_cc_set_config usage example from krb5.hin into the separate file.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24753 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Created the directory doc/doxy_examples/ to hold examples used in the doxygen documentation.
Added usage example for the krb5_get/set/free_error_message functions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24752 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24751 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
is no standards support for avoiding RC4 weak keys, so rejecting them
causes periodic failures. Heimdal and Microsoft do not check for weak
keys. Attacks based on these weak keys are probably thwarted by the
use of a confounder, and even if not, the reduction in work factor is
not terribly significant for 128-bit keys.
ticket: 6886
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24750 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
In krb5_verify_init_creds(), use the first principal in the keytab
to verify the credentials instead of the result of
krb5_sname_to_principal(). Also add tests.
ticket: 6887
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24749 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24748 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
write the wrong length when no token type is passed.
(From r24739 in users/lhoward/moonshot-mechglue-fixes.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24745 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
(From r24741 in users/lhowards/moonshot-mechglue-fixes.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24744 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
krb5_db_set_context() instead of directly accessing
context->dal_handle->db_context (which requires internal headers).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24743 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24730 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24729 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
usage examples.
Affected functions: krb5_cc_get_config, krb5_cc_set_config, krb5_is_config_principal
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24728 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
fix the format of the header comment.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24727 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24726 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24725 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
kdc_fast_response_handle_padata() replaces rep->padata, causing the
old value to be leaked. As a minimal fix, free the old value of
rep->padata before replacing it.
ticket: 6885
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24724 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
in the KDC.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24723 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When kdc_fast_handle_error() produces a FAST-encoded error, it puts it
into err->e_data and it never gets freed (since in the non-FAST case,
err->e_data contains aliased pointers). Fix this by storing the
encoded error in an output variable which is placed into the error's
e_data by the caller and then freed.
ticket: 6884
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24722 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a double-free condition in the KDC that can occur during an
AS-REQ when PKINIT is enabled.
ticket: 6881
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24705 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24704 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24703 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24702 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
dereference a null mech in the cleanup handler of the mechglue's
gss_accept_sec_context.
ticket: 6813
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24701 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24700 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
since they aren't standard crypto primitives. Revise the module SPI
accordingly. Add tests for AFS string-to-key to t_str2key.c to replace
the ones in the (now defunct) t_afss2k.c.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24699 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
seem to matter a lot.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24698 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24697 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24696 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
recently added standards for copyright and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24694 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
This change should be pulled up to the 1.8 and 1.7 branches as well.
ticket: 6844
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24693 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
on error, so it needs to silently succeed when deleting a null context.
It was instead passing the null context along to the mechglue which
would produce an error, causing a leak of the mechglue's union context
wrapper. Reported by aberry@likewise.com.
ticket: 6863
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24692 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
really need it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24691 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24690 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
a few more - but these were the obvious ones.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24689 dc483132-0cff-0310-8789-dd5450dbe970
|