summaryrefslogtreecommitdiffstats
path: root/src/include
Commit message (Collapse)AuthorAgeFilesLines
...
* define SSIZE_MAX forWindowsKen Raeburn2009-02-111-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21956 dc483132-0cff-0310-8789-dd5450dbe970
* unistd.h is posix onlyKen Raeburn2009-02-111-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21955 dc483132-0cff-0310-8789-dd5450dbe970
* Rename functions from k5_ipc_stream_* to krb5int_ipc_stream_*, because some ↵Ken Raeburn2009-02-091-31/+31
| | | | | | of them will have to be exported git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21938 dc483132-0cff-0310-8789-dd5450dbe970
* Change contract of krb5int_utf8_normalize and fix memory leaksGreg Hudson2009-02-091-2/+2
| | | | | | | | | | | | Make krb5int_utf8_normalize return a krb5_error_code and always allocate a structure to be placed in the output parameter. Adjust the function structure to use a cleanup handler, fixing many memory leaks. ticket: 6378 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21923 dc483132-0cff-0310-8789-dd5450dbe970
* More C++ compatibility: Don't use "typedef struct tag *tag"; renameKen Raeburn2009-02-092-4/+4
| | | | | | the tag and keep the same typedefname. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21918 dc483132-0cff-0310-8789-dd5450dbe970
* C++ compatibility fix -- g++ says "types may not be defined in casts",Ken Raeburn2009-02-091-24/+24
| | | | | | so do the gcc unaligned-struct trick only for C, not C++. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21917 dc483132-0cff-0310-8789-dd5450dbe970
* use casts, for c++ compilation on windowsKen Raeburn2009-02-051-12/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21902 dc483132-0cff-0310-8789-dd5450dbe970
* Create and use (in several places) a variant ofKen Raeburn2009-02-051-0/+3
| | | | | | | krb5int_copy_data_contents that adds a trailing '\0' so the result can be used as a C string. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21893 dc483132-0cff-0310-8789-dd5450dbe970
* declare replacement [v]asprintf functionsKen Raeburn2009-02-051-5/+9
| | | | | | | | | | | | | | | If HAVE_VASPRINTF is not defined, make sure krb5int_{,v}asprintf functions always get declared, applying the preprocessor conditional test only to the GCC format attribute. If HAVE_VASPRINTF is defined, don't declare them at all. This fixes a bunch of function-not-declared warnings under Sun cc. ticket: 6364 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21888 dc483132-0cff-0310-8789-dd5450dbe970
* Use macros for config parametersZhanna Tsitkov2009-02-041-6/+23
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21879 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a whitespace error introduced when fixing a typo in the definesGreg Hudson2009-02-021-1/+1
| | | | | | added to k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21873 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a typo in the defines added to k5-int.hGreg Hudson2009-02-021-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21872 dc483132-0cff-0310-8789-dd5450dbe970
* Introduces macros for config parametersZhanna Tsitkov2009-02-021-0/+77
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21871 dc483132-0cff-0310-8789-dd5450dbe970
* Collect hairy parts of krb5_is_<msgtype> macros into one helper macroKen Raeburn2009-02-021-51/+20
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21869 dc483132-0cff-0310-8789-dd5450dbe970
* Default allow_weak_crypto=true for now. Default supported_enctypes toTom Yu2009-01-311-0/+5
| | | | | | | | | exclude single-DES enctypes. ticket: 6353 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21851 dc483132-0cff-0310-8789-dd5450dbe970
* Master Key Migration ProjectWill Fiveash2009-01-301-4/+166
| | | | | | | | | | | | | | | Commit for the Master Key Migration Project. http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration This commit provides the ability to add a new master key (with an enctype differing from the current master key) to the master key principal and stash file and then migrate the encryption of existing principals long term keys to use the new master key. In addition deletion of master keys is provided. ticket: 6354 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
* Changed the name match_config_pattern to krb5_match_config_pattern. Check ↵Zhanna Tsitkov2009-01-301-1/+1
| | | | | | strdup return code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21838 dc483132-0cff-0310-8789-dd5450dbe970
* Introduced match_config_pattern function to find a pattern in the config ↵Zhanna Tsitkov2009-01-291-0/+1
| | | | | | value strings git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21828 dc483132-0cff-0310-8789-dd5450dbe970
* disable single-DES by defaultTom Yu2009-01-281-0/+4
| | | | | | | | | | Mark all single-DES enctypes as "weak", and create a new libdefaults variable "allow_weak_crypto", which defaults to "false". ticket: 6353 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21823 dc483132-0cff-0310-8789-dd5450dbe970
* Change 16/32/64-bit big-/little-endian/native unaligned load/storeKen Raeburn2009-01-241-16/+28
| | | | | | | | routines to take void pointers, so they can operate on both plain and unsigned char buffers, or other types. Remove some now-unneeded casts. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21793 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the need for the domain_realm mapping table on the client side by ↵Zhanna Tsitkov2009-01-233-2/+9
| | | | | | implementing minimal referral support in the KDC git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21792 dc483132-0cff-0310-8789-dd5450dbe970
* fix trailing whitespaceTom Yu2009-01-221-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21779 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceTom Yu2009-01-221-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21778 dc483132-0cff-0310-8789-dd5450dbe970
* Make enctype and checksumtype name mapping table types private to theKen Raeburn2009-01-151-63/+0
| | | | | | | | crypto library. Add a field for aliases to the record type so that aliases don't have to be implemented by duplicating all the other information. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21753 dc483132-0cff-0310-8789-dd5450dbe970
* Fix an additional multiple-write case noted by John, where sendauthKen Raeburn2009-01-151-1/+2
| | | | | | | | | | | | calls write_message twice in a row. Add new function krb5int_write_messages, calls krb5_net_writev with multiple messages (currently only two at a time). Use it from krb5_write_message and krb5_sendauth. ticket: 6339 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21752 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke Howard to:Sam Hartman2009-01-131-1/+7
| | | | | | | | | | * Accept both CFX and non-CFX tokens all the time on acceptor * Only produce an acceptor subkey if you are using cfx or dce or negotiating up to cfx Additional changes from Sam Hartman: * do not assume that the ticket key type (server key) is a valid target for negotiation: the client may not support it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21742 dc483132-0cff-0310-8789-dd5450dbe970
* Add message hash support to the replay interface, using extensionGreg Hudson2009-01-121-0/+4
| | | | | | | | | | | | | | records (with an empty client string) to retain compatibility with old code. For rd_req, the ciphertext of the authenticator (with no ASN.1 wrapping) is hashed; for other uses of the replay cache, no message hash is used at this time. This commit adds a command-line tool for testing the replay cache but does not add any automated tests. ticket: 1201 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21723 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke HowardSam Hartman2009-01-061-1/+7
| | | | | | to make an explicit call to check the ACL for s4u delegations rather than relying on tl-data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21712 dc483132-0cff-0310-8789-dd5450dbe970
* Fix capitalizationSam Hartman2009-01-061-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21707 dc483132-0cff-0310-8789-dd5450dbe970
* move generated dependencies out of Makefile.inKen Raeburn2009-01-051-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Move automatically-generated dependencies into separate files in the source tree, and take the data out of Makefile.in. Keep the "make depend" rules for stripping out the dependencies from Makefile.in, in case some optional directories were missed, but everything that builds on my UNIX build has been converted. (Converting a directory just requires creating an empty "deps" file so that config.status can build the makefile, and then later running "make depend" in that directory to get the correct content for it.) Change configure scripts to incorporate the "deps" file when building each Makefile. This change requires the existence of a file "deps" in each source directory where we build a makefile, even if there are no sources for which to compute dependencies; a switch to GNU make would let us conditionalize that, but we can assess that later. Update dependencies for the generate Makefile itself to list the deps file. This will also require some minor tweaking of the Windows build, to make it incorporate the new deps file. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
* xrealm_non_transitive not trust_non_transitiveSam Hartman2009-01-031-2/+2
| | | | | | | | | | Kerberos does not imply trust in the existence of a cross-realm key. Trust is implied when a foreign principal is placed on an ACL: the remote realm is trusted to authenticate that principal and is trusted not to confuse one principal with another. Keep terminology consistent. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21693 dc483132-0cff-0310-8789-dd5450dbe970
* Remove flags that do not correspond to behavior we supportSam Hartman2009-01-031-4/+0
| | | | | | | non_ms_principal would need to be phrased in terms of what behavior is being changed, not client OS. The pkinit flag would need to be better documented git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21692 dc483132-0cff-0310-8789-dd5450dbe970
* KDB API should not be publicSam Hartman2009-01-031-3/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21691 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-0310-28/+1108
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r21589, and export krb5_get_fallback_host_realm insteadGreg Hudson2008-12-292-4/+4
| | | | | | | | | | | | | | Rationale: Zephyr and AFS both use the Kerberos realm name as the name of the service realm (AFS realm or Zephyr galaxy). AFS can grab the Kerberos realm from the ticket being aklogged, but Zephyr is not necessarily getting credentials at all (you could be sending an unauthenticated message), and currently finds its answer by looking up the realm of the server host. Although we can't currently provide an accurate result for this lookup in the presence of referrals, we do need to provide enough tools to get as good of an answer as libzephyr could have gotten before referrals went in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21631 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up krb5_get_fallback_host_realm in two respects:Greg Hudson2008-12-242-4/+4
| | | | | | | | | | | | 1. It isn't exported from libkrb5 (and no one seems to complain about that). So give it a krb5int_ name and move its declaration to k5-int.h. Also stop exporting it from the collected client lib. 2. It returned a list of realms, but its only caller assumes that the list contains exactly one realm. So just make it return a single realm. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21589 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb524, lib/des425, lib/krb4, and include/kerberosIV.Greg Hudson2008-12-1815-2200/+0
| | | | | | | | | | Remove krb4 build system references and conditionals. Move des425 header stuff referenced by des_int.h into des_int.h. Remove krb4 test cases. ticket: 6303 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21544 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb4 code in libkrb5Greg Hudson2008-12-151-14/+0
| | | | | | | ticket: 6303 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21452 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up some kadmind4 relics left behind in osconf.hinGreg Hudson2008-12-091-12/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21300 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto IOV API per Projects/AEAD encryption APISam Hartman2008-12-022-3/+122
| | | | | | | | | | | | | | Merge in the mskrb-crypto-iov branch at r21259 in order to move an implementation of http://k5wiki.kerberos.org/wiki/Projects/AEAD_encryption_API onto the trunk. This branch contains a subset of the commits on the mskrb-integ branch that implement the krb5 library part of the crypto IOV API. ticket: new Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21263 dc483132-0cff-0310-8789-dd5450dbe970
* Move cc_mutex code from k5-int.h - where it is globally available to cc-int.hEzra Peisach2008-12-011-31/+0
| | | | | | | where it is declared and used. The functions are not exported by the library - nor are they used outside lib/krb5/ccache... For cc_file.h - include cc-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21205 dc483132-0cff-0310-8789-dd5450dbe970
* PERF: Introduced a new function krb5_is_permitted_enctype_ext to replace ↵Zhanna Tsitkov2008-11-171-0/+10
| | | | | | multiple calls to krb5_is_permitted_enctype git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21128 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5int_buf_cstr to krb5int_buf_data, since k5bufs can be usedGreg Hudson2008-11-051-3/+3
| | | | | | | | | | | for binary data as well as C string data. The buffer will always have a null byte at krb5int_buf_len bytes regardless of whether it contains C string data. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21003 dc483132-0cff-0310-8789-dd5450dbe970
* Add _with_password credential acquisition functions to KIM APIAlexandra Ellwood2008-11-032-3/+76
| | | | | | | | Needed for kinit password option. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20963 dc483132-0cff-0310-8789-dd5450dbe970
* In the k5buf module, add a function to append formatted data to aGreg Hudson2008-10-281-0/+8
| | | | | | | | | buffer. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20932 dc483132-0cff-0310-8789-dd5450dbe970
* Add the k5buf string module to libkrb5supportGreg Hudson2008-10-282-0/+120
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20929 dc483132-0cff-0310-8789-dd5450dbe970
* Remove empty declaration of struct _krb5_kt_ops after the fully defined ↵Ezra Peisach2008-10-271-1/+0
| | | | | | structure git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20926 dc483132-0cff-0310-8789-dd5450dbe970
* partial rewrite of the ASN.1 encodersKen Raeburn2008-10-251-7/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of a pile of macros generating code, that have to be threaded together in just the right way to get a valid ASN.1 encoding, we now have a pile of macros for defining data structures describing the objects and the ASN.1 types they should be encoded as, which structures are interpreted by recursive invocations of an encoder engine; there should be somewhat less rope for accidentally creating invalid encodings. The new macros are commented in asn1_k_encode.c. Putting most of the work into the encoder engine also reduces the code size (in one configuration, including LDAP-KDB and PKINIT encoders, code size went from 37K to <16K, though 10K of tables were added, and the PKINIT encoders are still open-coded). Some encoder interfaces have been revised to be more regular -- all now take one pointer to const argument (no two-input encoders, no pointer-to-non-const-pointer-to-const). A few encoders were eliminated or disabled because they were neither used nor exported from the library. The LDAP-KDB encoder has been converted, but the PKINIT encoders have not as there are no regression tests for them currently. There is still plenty of room for improvement; some notes on specific ideas have been added. String encoding primitives have been combined to reduce code size. A primitive for encoding bit strings has been added. Some miscellaneous warnings in the decoders have been cleaned up. A new dejagnu test case is added that ensures that KRB-SAFE messages get exercised. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20923 dc483132-0cff-0310-8789-dd5450dbe970
* More regression tests for ASN.1 encodersKen Raeburn2008-10-251-0/+5
| | | | | | | | | Export encode_krb5_sam_response_2 and encode_krb5_enc_sam_response_enc_2 via accessor. Add encode tests for encode_krb5_sam_key, _enc_sam_response_enc, _predicted_sam_response, _sam_response_2, _enc_sam_response_enc_2. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20922 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_build_principal_va does not allocate krb5_principalAlexandra Ellwood2008-10-242-1/+16
| | | | | | | | | | | | | | | | | krb5_build_principal_va does not allocate the outer krb5_principal, making it useless for generating krb5_principals which can be freed with krb5_free_principal. Added krb5_build_principal_alloc_va which allocates the krb5_principal. Added krb5int_build_principal_alloc_va which is used by KIM to avoid code duplication. KIM's kim_identity_create_from_components takes the first component as an argument because principals with no components cannot be represented with the KIM UI. Modified KIM to use this new API. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20918 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-30 02:26:30 +0000