krb5.git - MIT Kerberos patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	destest.c no longer needs crypto_int.h	Greg Hudson	2011-04-03	1	-1/+0
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24825 dc483132-0cff-0310-8789-dd5450dbe970
*	Use RFC 5587 const types for draft-josefsson-gss-capsulate APIs	Luke Howard	2011-04-03	4	-13/+13
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24821 dc483132-0cff-0310-8789-dd5450dbe970
*	Only use RTLD_NODELETE if it's available	Ken Raeburn	2011-04-03	1	-3/+11
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24815 dc483132-0cff-0310-8789-dd5450dbe970
*	Factor out the address checks in krb5_rd_safe and krb5_rd_priv into	Greg Hudson	2011-04-02	4	-171/+105
\| \| \| \| \| \|	a new function k5_privsafe_check_addrs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24806 dc483132-0cff-0310-8789-dd5450dbe970
*	In libkrb5, move krb5int_auth_con_chkseqnum to a new file privsafe.c,	Greg Hudson	2011-04-02	7	-173/+203
\| \| \| \| \| \| \|	renamed to k5_privsafe_check_seqnum. Declare it in int-proto.h rather than k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24805 dc483132-0cff-0310-8789-dd5450dbe970
*	Add PADL license to collected licenses	Greg Hudson	2011-04-02	2	-0/+72
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24804 dc483132-0cff-0310-8789-dd5450dbe970
*	When doing S4U2Self for the anon principal, use the server realm	Luke Howard	2011-04-02	1	-4/+12
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24793 dc483132-0cff-0310-8789-dd5450dbe970
*	typo fix	Luke Howard	2011-04-02	1	-1/+1
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24792 dc483132-0cff-0310-8789-dd5450dbe970
*	Allow absolute paths for mechglue libraries. From r24736 in	Greg Hudson	2011-04-01	1	-1/+5
\| \| \| \| \| \|	users/lhoward/moonshot-mechglue/fixes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24781 dc483132-0cff-0310-8789-dd5450dbe970
*	Implement draft-josefsson-gss-capsulate	Greg Hudson	2011-04-01	6	-0/+169
\| \| \| \| \| \| \| \| \| \| \|	Add gss_encapsulate_token(), gss_decapsulate_token(), and gss_oid_equal() APIs, which are already present in Heimdal and Shishi. From r24737, r24738, and r24740 in users/lhoward/moonshot-mechglue-fixes. ticket: 6890 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24780 dc483132-0cff-0310-8789-dd5450dbe970
*	Fix a potential uninitialized free in prepare_error_as()	Greg Hudson	2011-04-01	1	-1/+1
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24779 dc483132-0cff-0310-8789-dd5450dbe970
*	only reset greeting if provided attribute is urn:greet:greeting	Luke Howard	2011-04-01	1	-0/+3
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24776 dc483132-0cff-0310-8789-dd5450dbe970
*	s4u2proxy_set_attribute should only return EPERM for its own attribute	Luke Howard	2011-04-01	1	-8/+2
\| \| \| \| \| \|	Failure to do this breaks other attribute providers' set_attribute() git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24775 dc483132-0cff-0310-8789-dd5450dbe970
*	In r21175 (on the mskrb branch, merged in r21690) the result codes for	Greg Hudson	2011-03-29	1	-2/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	password quality and other errors were accidentally reversed. Fix them so that password quality errors generate a "soft" failure and other errors generate a "hard" failure, as Heimdal and Microsoft do. Also recognize KADM5_PASS_Q_GENERIC (added in 1.9) as a password quality error. ticket: 6888 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24755 dc483132-0cff-0310-8789-dd5450dbe970
*	In krb5_cc_move if something went wrong, free the dst credential cache	Zhanna Tsitkov	2011-03-29	2	-3/+9
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24754 dc483132-0cff-0310-8789-dd5450dbe970
*	If the new configuration data that is passed to krb5_cc_set_config is NULL, ↵	Zhanna Tsitkov	2011-03-29	3	-57/+72
\| \| \| \| \| \| \| \|	just remove the old configuration. Moved short krb5_cc_set_config usage example from krb5.hin into the separate file. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24753 dc483132-0cff-0310-8789-dd5450dbe970
*	Updated the documentation for the krb5_ error_message function family.	Zhanna Tsitkov	2011-03-29	3	-94/+117
\| \| \| \| \| \| \|	Created the directory doc/doxy_examples/ to hold examples used in the doxygen documentation. Added usage example for the krb5_get/set/free_error_message functions git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24752 dc483132-0cff-0310-8789-dd5450dbe970
*	Static function names should not have krb5_ prefix	Zhanna Tsitkov	2011-03-29	1	-12/+14
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24751 dc483132-0cff-0310-8789-dd5450dbe970
*	Remove the weak key checks from the builtin rc4 enc provider. There	Greg Hudson	2011-03-28	1	-17/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	is no standards support for avoiding RC4 weak keys, so rejecting them causes periodic failures. Heimdal and Microsoft do not check for weak keys. Attacks based on these weak keys are probably thwarted by the use of a confounder, and even if not, the reduction in work factor is not terribly significant for 128-bit keys. ticket: 6886 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24750 dc483132-0cff-0310-8789-dd5450dbe970
*	Use first principal in keytab when verifying creds	Greg Hudson	2011-03-28	4	-25/+171
\| \| \| \| \| \| \| \| \| \|	In krb5_verify_init_creds(), use the first principal in the keytab to verify the credentials instead of the result of krb5_sname_to_principal(). Also add tests. ticket: 6887 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24749 dc483132-0cff-0310-8789-dd5450dbe970
*	Documentation update. Mostly related to _kt_ and _cc_ routines	Zhanna Tsitkov	2011-03-28	1	-118/+162
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24748 dc483132-0cff-0310-8789-dd5450dbe970
*	Fix a precedence error in g_make_token_header() which caused it to	Greg Hudson	2011-03-25	1	-2/+2
\| \| \| \| \| \| \| \|	write the wrong length when no token type is passed. (From r24739 in users/lhoward/moonshot-mechglue-fixes.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24745 dc483132-0cff-0310-8789-dd5450dbe970
*	Set better error messages when plugins fail to load.	Greg Hudson	2011-03-25	1	-4/+8
\| \| \| \| \| \|	(From r24741 in users/lhowards/moonshot-mechglue-fixes.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24744 dc483132-0cff-0310-8789-dd5450dbe970
*	Fix DAL documentation to recommend using krb5_db_get_context() and	Greg Hudson	2011-03-24	1	-2/+2
\| \| \| \| \| \| \|	krb5_db_set_context() instead of directly accessing context->dal_handle->db_context (which requires internal headers). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24743 dc483132-0cff-0310-8789-dd5450dbe970
*	Update dependencies	Ezra Peisach	2011-03-19	1	-39/+22
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24730 dc483132-0cff-0310-8789-dd5450dbe970
*	Minor clean-up in krb5.hin	Zhanna Tsitkov	2011-03-18	1	-44/+20
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24729 dc483132-0cff-0310-8789-dd5450dbe970
*	Move doxygen comments from source to header. Updated comments and added some ↵	Zhanna Tsitkov	2011-03-18	2	-46/+55
\| \| \| \| \| \| \| \|	usage examples. Affected functions: krb5_cc_get_config, krb5_cc_set_config, krb5_is_config_principal git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24728 dc483132-0cff-0310-8789-dd5450dbe970
*	Reinstate the line wrapping of the copyright notice in krb5.hin, and	Greg Hudson	2011-03-18	1	-3/+3
\| \| \| \| \| \|	fix the format of the header comment. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24727 dc483132-0cff-0310-8789-dd5450dbe970
*	Added usage examples to the krb5_build_principal function family	Zhanna Tsitkov	2011-03-18	1	-24/+56
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24726 dc483132-0cff-0310-8789-dd5450dbe970
*	Use a helper function to clarify prepare_error_as() in the KDC	Greg Hudson	2011-03-18	1	-63/+82
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24725 dc483132-0cff-0310-8789-dd5450dbe970
*	KDC memory leak of reply padata for FAST replies	Greg Hudson	2011-03-17	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \|	kdc_fast_response_handle_padata() replaces rep->padata, causing the old value to be leaked. As a minimal fix, free the old value of rep->padata before replacing it. ticket: 6885 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24724 dc483132-0cff-0310-8789-dd5450dbe970
*	Don't leak the default realm name when initializing the default realm	Greg Hudson	2011-03-17	1	-1/+8
\| \| \| \| \| \|	in the KDC. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24723 dc483132-0cff-0310-8789-dd5450dbe970
*	KDC memory leak in FAST error path	Greg Hudson	2011-03-17	4	-20/+23
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	When kdc_fast_handle_error() produces a FAST-encoded error, it puts it into err->e_data and it never gets freed (since in the non-FAST case, err->e_data contains aliased pointers). Fix this by storing the encoded error in an output variable which is placed into the error's e_data by the caller and then freed. ticket: 6884 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24722 dc483132-0cff-0310-8789-dd5450dbe970
*	KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]	Tom Yu	2011-03-15	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \|	Fix a double-free condition in the KDC that can occur during an AS-REQ when PKINIT is enabled. ticket: 6881 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24705 dc483132-0cff-0310-8789-dd5450dbe970
*	Remove the Yarrow copyright notice since the code is gone	Greg Hudson	2011-03-15	2	-56/+0
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24704 dc483132-0cff-0310-8789-dd5450dbe970
*	Resolve a few miscellaneous warnings	Greg Hudson	2011-03-14	14	-37/+35
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24703 dc483132-0cff-0310-8789-dd5450dbe970
*	Remove two headers accidentally left behind in r24677	Greg Hudson	2011-03-14	2	-71/+0
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24702 dc483132-0cff-0310-8789-dd5450dbe970
*	Although it can't actually happen, make it more explicit that we won't	Greg Hudson	2011-03-11	1	-1/+2
\| \| \| \| \| \| \| \| \|	dereference a null mech in the cleanup handler of the mechglue's gss_accept_sec_context. ticket: 6813 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24701 dc483132-0cff-0310-8789-dd5450dbe970
*	Fix NSS PBKDF2 in the v4 salt (i.e. empty salt) case	Greg Hudson	2011-03-11	1	-1/+2
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24700 dc483132-0cff-0310-8789-dd5450dbe970
*	Move the des and AFS string-to-key implementations into lib/crypto/krb,	Greg Hudson	2011-03-11	22	-1258/+1025
\| \| \| \| \| \| \| \|	since they aren't standard crypto primitives. Revise the module SPI accordingly. Add tests for AFS string-to-key to t_str2key.c to replace the ones in the (now defunct) t_afss2k.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24699 dc483132-0cff-0310-8789-dd5450dbe970
*	Fix a couple of key import modes in the NSS module, although they don't	Greg Hudson	2011-03-11	2	-2/+2
\| \| \| \| \| \|	seem to matter a lot. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24698 dc483132-0cff-0310-8789-dd5450dbe970
*	Remove ser_eblk.c, which has been unused since r11001 (October 1998)	Greg Hudson	2011-03-09	1	-255/+0
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24697 dc483132-0cff-0310-8789-dd5450dbe970
*	Add one-line descriptions in the filename comments to prototype.[ch]	Greg Hudson	2011-03-09	2	-4/+4
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24696 dc483132-0cff-0310-8789-dd5450dbe970
*	Adjust most C source files to match the new standards for copyright	Greg Hudson	2011-03-09	770	-3179/+2227
\| \| \| \| \| \|	and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
*	Add a script and Makefile target to check for violations of the	Greg Hudson	2011-03-09	2	-0/+110
\| \| \| \| \| \|	recently added standards for copyright and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24694 dc483132-0cff-0310-8789-dd5450dbe970
*	Fix a memory leak independently found by Tim Pozdeev and Arlene Berry	Tom Yu	2011-03-08	1	-0/+1
\| \| \| \| \| \| \| \| \| \|	This change should be pulled up to the 1.8 and 1.7 branches as well. ticket: 6844 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24693 dc483132-0cff-0310-8789-dd5450dbe970
*	SPNEGO's accept_sec_context and init_sec_context produce a null context	Greg Hudson	2011-03-08	1	-2/+6
\| \| \| \| \| \| \| \| \| \| \|	on error, so it needs to silently succeed when deleting a null context. It was instead passing the null context along to the mechglue which would produce an error, causing a leak of the mechglue's union context wrapper. Reported by aberry@likewise.com. ticket: 6863 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24692 dc483132-0cff-0310-8789-dd5450dbe970
*	prototype/getopt.c hasn't been updated in quite some time and we don't	Greg Hudson	2011-03-08	1	-31/+0
\| \| \| \| \| \|	really need it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24691 dc483132-0cff-0310-8789-dd5450dbe970
*	Update dependencies	Ezra Peisach	2011-03-06	1	-1/+3
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24690 dc483132-0cff-0310-8789-dd5450dbe970
*	Fix up signed/unsigned warnings in this directory. There are still	Ezra Peisach	2011-03-06	5	-11/+13
\| \| \| \| \| \|	a few more - but these were the obvious ones. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24689 dc483132-0cff-0310-8789-dd5450dbe970