summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb/rd_priv.c
Commit message (Collapse)AuthorAgeFilesLines
* Replace i_vector with cstate in auth contextGreg Hudson2013-02-071-8/+3
| | | | | Use a proper cipher state in the auth context structure, and free it when the auth context is freed. Simplify mk_priv/rd_priv accordingly.
* Make kprop/kpropd work with RC4 session keyGreg Hudson2013-02-071-6/+4
| | | | | | | | | | In krb5_auth_con_initivector and mk_priv/rd_priv, stop assuming that the enctype's block size is the size of the cipher state. Instead, make and discard a cipher state to get the size. ticket: 7561 target_version: 1.11.1 tags: pullup
* Make krb5_check_clockskew publicGreg Hudson2011-10-311-1/+1
| | | | | | | | | | | | Rename krb5int_check_clockskew to krb5_check_clockskew and make it public, in order to give kdcpreauth plugins a way to check timestamps against the configured clock skew. ticket: 6996 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25424 dc483132-0cff-0310-8789-dd5450dbe970
* Allow rd_priv/rd_safe without remote addressGreg Hudson2011-10-151-1/+2
| | | | | | | | | | | | | | Allow krb5_rd_priv and krb5_rd_safe to work when there is no remote address set in the auth context, unless the KRB5_AUTH_CONTEXT_DO_TIMES flag is set (in which case we need the remote address for the replay cache name). Note that failing to set the remote address can create a vulnerability to reflection attacks in some protocols, although it is fairly easy to defend against--either use sequence numbers, or make sure that requests don't look like replies, or both. ticket: 6978 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25355 dc483132-0cff-0310-8789-dd5450dbe970
* Factor out the address checks in krb5_rd_safe and krb5_rd_priv intoGreg Hudson2011-04-021-93/+16
| | | | | | a new function k5_privsafe_check_addrs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24806 dc483132-0cff-0310-8789-dd5450dbe970
* In libkrb5, move krb5int_auth_con_chkseqnum to a new file privsafe.c,Greg Hudson2011-04-021-2/+2
| | | | | | | renamed to k5_privsafe_check_seqnum. Declare it in int-proto.h rather than k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24805 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-091-5/+1
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-311-147/+147
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Implement new APIs to allow improved crypto performanceGreg Hudson2009-10-191-10/+10
| | | | | | | | | | | Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the krb5_k_* APIs to use them, and caching of derived keys when krb5_k_* functions are used. Updates the krb5 auth context and GSS id-rec to use krb5_keys. ticket: 6576 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944 dc483132-0cff-0310-8789-dd5450dbe970
* mk_safe and mk_priv require the local address to be set in the authGreg Hudson2009-04-081-14/+15
| | | | | | | | | | context; rd_safe and rd_priv require the remote address to be set. Create error codes for both kinds of missing addresses and stop trying futilely to handle the cases where they are not set. ticket: 1165 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22184 dc483132-0cff-0310-8789-dd5450dbe970
* Start to phase out krb5_xfree macro, which just casts its argument toKen Raeburn2009-01-281-6/+6
| | | | | | | | | | | char* and calls free. Replace most uses, outside of the LDAP KDB plugin, which doesn't build on my test system of the moment because of version dependencies. Add one explicit cast to make the change warning-neutral (under gcc 4.0.1 on Mac OS X 10.5.6). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21812 dc483132-0cff-0310-8789-dd5450dbe970
* Add message hash support to the replay interface, using extensionGreg Hudson2009-01-121-0/+1
| | | | | | | | | | | | | | records (with an empty client string) to retain compatibility with old code. For rd_req, the ciphertext of the authenticator (with no ASN.1 wrapping) is hashed; for other uses of the replay cache, no message hash is used at this time. This commit adds a command-line tool for testing the replay cache but does not add any automated tests. ticket: 1201 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21723 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-031-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out code for looking up the current time, comparing the offset ofKen Raeburn2007-07-201-10/+2
| | | | | | | a supplied timestamp against the configured maximum clock skew, and possibly generating an error message, into a separate routine. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19722 dc483132-0cff-0310-8789-dd5450dbe970
* Use memset to silence some 'may be used uninitialized' warningsKen Raeburn2007-03-251-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19279 dc483132-0cff-0310-8789-dd5450dbe970
* whitespace (mostly wrapping long lines produced by protoize)Ken Raeburn2007-03-251-2/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19278 dc483132-0cff-0310-8789-dd5450dbe970
* Implement heuristic for matching broken Heimdal sequence number encodingsTom Yu2003-05-231-1/+2
| | | | | | | | | ticket: 1263 target_version: 1.3 tags: pullup status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15479 dc483132-0cff-0310-8789-dd5450dbe970
* Rename the local_subkey and remote_subkey fields in the auth_contextTom Yu2003-05-101-3/+2
| | | | | | | | | | | | | | | | | to send_subkey and recv_subkey, respectively. Add new APIs to query and set these fields. Change the behavior of mk_req_ext, rd_req_dec, and rd_rep to set both subkeys. Applications wanting to set unidirectional subkeys may still do so by saving the values of subkeys and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the send_subkey. ticket: 1415 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
* protoizeKen Raeburn2002-09-031-16/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14812 dc483132-0cff-0310-8789-dd5450dbe970
* * appdefault.c, get_in_tkt.c: made conf_yes and conf_no const toTom Yu2002-06-261-1/+1
| | | | | | | | | | | | | | | improve load time on Mach-O * init_ctx: fixed Mac OS macros [pullups from 1-2-2-branch] * rd_safe.c, rd_priv.c, rd_cred.c, preauth.c, mk_safe.c, mk_cred.c, appdefault.c: use "" includes for krb5.h, k5-int.h and syslog.h [pullup from 1-2-2-branch] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14583 dc483132-0cff-0310-8789-dd5450dbe970
* Danilo also says we can get rid of _MSDOS (Win16) tests, and explicit ↵Ken Raeburn2001-10-061-3/+3
| | | | | | FAR/NEAR specs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13786 dc483132-0cff-0310-8789-dd5450dbe970
* Danilo says we can get rid of the DLLIMP stuff nowKen Raeburn2001-10-041-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13775 dc483132-0cff-0310-8789-dd5450dbe970
* pullup from 1.2 branchKen Raeburn2000-06-271-7/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12442 dc483132-0cff-0310-8789-dd5450dbe970
* copyright notice updates from 1.1 branchKen Raeburn1999-09-241-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
* pull up 3des implementation from the marc-3des branchMarc Horowitz1998-10-301-25/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
* rd_cred.c (krb5_rd_cred):Theodore Tso1998-02-061-2/+2
| | | | | | | | | rd_safe.c (krb5_rd_safe): rd_priv.c (krb5_rd_priv): Use the remote_subkey first, since the mk_* routines try to use their local_subkey first. Otherwise, the wrong keys will get used if subkeys are used in both directions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10415 dc483132-0cff-0310-8789-dd5450dbe970
* Windows/NT integration (V1_0_WIN32_BRANCH merge)Richard Basch1997-02-061-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9788 dc483132-0cff-0310-8789-dd5450dbe970
* * krbconfig.c: Removed the krb5_clockskew variableTheodore Tso1995-11-081-2/+1
| | | | | | | | | | | | | * srv_rcache.c (krb5_get_server_rcache): * rd_safe.c (krb5_rd_safe): * rd_req_dec.c (krb5_rd_req_decoded): * rd_priv.c (krb5_rd_priv): * rd_cred.c (krb5_rd_cred): * gc_via_tkt.c (krb5_get_cred_via_tkt): * get_in_tkt.c (verify_as_reply): Replace use of krb5_clockskew with context->clockskew. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7063 dc483132-0cff-0310-8789-dd5450dbe970
* Reintegrate Macintosh changesEzra Peisach1995-09-121-2/+2
| | | | | | | | t_ser.c: Work around an optimizer bug in gcc under OSF/1 2.1. The timeofday calls were left in the stage as described in the ChangeLog git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6766 dc483132-0cff-0310-8789-dd5450dbe970
* Mac Beta 1 submissionKeith Vetter1995-09-111-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6749 dc483132-0cff-0310-8789-dd5450dbe970
* * auth_con.c, decrypt_tk.c, encode_kdc.c, encrypt_tk.c,Chris Provenzano1995-09-061-2/+2
| | | | | | | | | | | * gc_frm_kdc.c, gen_seqnum.c, get_creds.c, get_in_tkt.c, * in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c, init_ctx.c, * kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c, mk_req._ext.c, * preauth.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c, * send_tgs.c, sendauth.c, ser_actx.c, ser_ctx.c, ser_eblk.c, * ser_key.c, t_ser.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6727 dc483132-0cff-0310-8789-dd5450dbe970
* * decode_kdc.c, decrypt_tk.c, encode_kdc.c, encrypt_tk.c, gc_frm_kdc.cChris Provenzano1995-09-061-2/+2
| | | | | | | | | | | * gc_via_tkt.c, get_in_tkt.c, in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c * init_ctx.c, kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c * mk_req_ext.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c, * send_tgs.c, ser_ctx.c, ser_eblk.c, ser_key.c, t_ser.c: Remove krb5_enctype references, and replace with krb5_keytype where appropriate git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6687 dc483132-0cff-0310-8789-dd5450dbe970
* * rd_safe.c (krb5_rd_safe_basic): Pass context to os_localaddrTom Yu1995-07-061-1/+1
| | | | | | | | | | * rd_priv.c (krb5_rd_priv_basic): Pass context to os_localaddr. * rd_cred.c (krb5_rd_cred_basic): Pass context to os_localaddr. * get_in_tkt.c (krb5_get_in_tkt): Pass context to os_localaddr. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6243 dc483132-0cff-0310-8789-dd5450dbe970
* changes to accomodate redefinition of krb5_auth_contextTom Yu1995-06-111-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6035 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up gcc -Wall flamesTheodore Tso1995-06-081-16/+18
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5981 dc483132-0cff-0310-8789-dd5450dbe970
* * mk_cred.c (krb5_mk_cred()), mk_priv.c (krb5_mk_priv()),Chris Provenzano1995-05-111-2/+2
| | | | | | | | | * mk_safe.c (krb5_mk_safe()), rd_cred.c (krb5_rd_cred()), * rd_priv.c (krb5_rd_prev()), rd_safe.c (krb5_rd_safe()): Pass the contents pointer returned from krb5_make_fulladdr() to free() not the address of the pointer. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5801 dc483132-0cff-0310-8789-dd5450dbe970
* Fix lots of typos in krb5_make_fulladdrs() patch. (Lots of places whereTheodore Tso1995-05-031-2/+2
| | | | | | remote_addr was used where remote_port should have been used instead.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5687 dc483132-0cff-0310-8789-dd5450dbe970
* * mk_cred.c (mk_cred()), mk_priv.c (mk_priv()), mk_safe.c (mk_safe()),Chris Provenzano1995-05-021-13/+23
| | | | | | | * rd_cred.c (rd_cred()), rd_priv.c (rd_priv()), rd_safe.c (rd_safe()): Don't call krb5_make_fulladdrs() if a port isn't specified. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5684 dc483132-0cff-0310-8789-dd5450dbe970
* * auth_con.c (krb5_auth_con_free()) :Chris Provenzano1995-05-011-4/+38
| | | | | | | | | | | | | | | | | Free all the data associated with the auth_context. * auth_con.c (krb5_auth_con_setkey()) : Removed. * mk_rep.c (mk_rep()), The krb5_mk_rep() routine must always encode the data in the keyblock of the ticket, not the subkey. * cleanup.h, auth_con.c (krb5_auth_con_setports()) : Added. * auth_con.h, mk_cred.c (mk_cred()), mk_priv.c (mk_priv()), * mk_safe.c (mk_safe()), rd_cred.c (rd_cred()), * rd_priv.c (rd_priv()), rd_safe.c (rd_safe()) : Changes to auth_context to better support full addresses. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5677 dc483132-0cff-0310-8789-dd5450dbe970
* Call krb5_free_priv_enc_part to free the entire privenc_msg structureTheodore Tso1995-04-291-6/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5655 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in : Added gc_via_tkt.c and removed get_fcreds.cChris Provenzano1995-04-261-9/+16
| | | | | | | | | | | | | * auth_con.c (krb5_auth_con_setaddrs()) : Fixed so it allocates space and copies addresses, not just pointer. * mk_cred.c: Completely rewritten from sources donated by asriniva. * rd_cred.c: Completely rewritten from sources donated by asriniva. * mk_priv.c (krb5_mk_priv()), mk_safe.c (krb5_mk_safe()), rd_priv.c (krb5_rd_priv()), and rd_safe (krb5_rd_safe()) : Try using a subkey before using the session key for encryption. * recvauth.c (krb5_recvauth()): Don't close the rcache on success. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5489 dc483132-0cff-0310-8789-dd5450dbe970
* Windows global stuff:Keith Vetter1995-04-141-1/+1
| | | | | | | | | o removed INTERFACE from non-api functions o add FAR to pointers visible to the world o made the tests for __STDC__ also check for _WINDOWS o creates GSSAPI.DLL & GSSAPI.LIB as per spec. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5354 dc483132-0cff-0310-8789-dd5450dbe970
* * auth_con.h auth_con.c Added for krb5_auth_con definition andChris Provenzano1995-03-101-124/+143
| | | | | | | | | | | | | | | | | | | | | support routines. * mk_req.c (krb5_mk_req()) * mk_req_ext.c (krb5_mk_req_extended()) * rd_rep.c (krb5_rd_rep()) * sendauth.c (krb5_sendauth()) * mk_priv.c (krb5_mk_priv()) * mk_safe.c (krb5_mk_safe()) * rd_priv.c (krb5_rd_priv()) * rd_safe.c (krb5_rd_safe()) Added a krb5_auth_context argument and eliminated many of the other arguments because they are included in the krb5_auth_context structure. * send_tgs.c (krb5_send_tgs()) Eliminate call to krb5_mk_req_extended(), which does far more than krb5_send_tgs() needs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5099 dc483132-0cff-0310-8789-dd5450dbe970
* * *.c: Avoid <krb5/...> includes.John Gilmore1995-02-281-6/+1
| | | | | | * parse.c: Exdent #ifndef to left margin for old compilers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5015 dc483132-0cff-0310-8789-dd5450dbe970
* Converted the krb5/krb directory to work under windows. Mostly added theKeith Vetter1995-02-271-2/+2
| | | | | | windows INTERFACE keyword to functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5002 dc483132-0cff-0310-8789-dd5450dbe970
* Removed all references to DECLARG and OLDDECLARG.Chris Provenzano1995-01-131-31/+25
| | | | | | Added krb5_context to all krb5_routines. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4810 dc483132-0cff-0310-8789-dd5450dbe970
* stamp out rcs keywordsMark Eichin1994-08-181-6/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4191 dc483132-0cff-0310-8789-dd5450dbe970
* Always check the sender and receiver addresses. If the receiver is nullTheodore Tso1994-06-021-22/+26
| | | | | | use the local address. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3673 dc483132-0cff-0310-8789-dd5450dbe970
* Change use of xfree to krb5_xfree to prevent namespace pollutionTheodore Tso1993-10-151-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2670 dc483132-0cff-0310-8789-dd5450dbe970
* Change export warning notice from "is assumed to require an export license"Theodore Tso1993-09-011-2/+2
| | | | | | to "may require..." git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2638 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-06-28 01:05:12 +0000