| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Use a proper cipher state in the auth context structure, and free it
when the auth context is freed. Simplify mk_priv/rd_priv accordingly.
|
|
|
|
|
|
|
|
|
|
| |
In krb5_auth_con_initivector and mk_priv/rd_priv, stop assuming that
the enctype's block size is the size of the cipher state. Instead,
make and discard a cipher state to get the size.
ticket: 7561
target_version: 1.11.1
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename krb5int_check_clockskew to krb5_check_clockskew and make it
public, in order to give kdcpreauth plugins a way to check timestamps
against the configured clock skew.
ticket: 6996
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25424 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow krb5_rd_priv and krb5_rd_safe to work when there is no remote
address set in the auth context, unless the KRB5_AUTH_CONTEXT_DO_TIMES
flag is set (in which case we need the remote address for the replay
cache name). Note that failing to set the remote address can create a
vulnerability to reflection attacks in some protocols, although it is
fairly easy to defend against--either use sequence numbers, or make
sure that requests don't look like replies, or both.
ticket: 6978
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25355 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
a new function k5_privsafe_check_addrs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24806 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
renamed to k5_privsafe_check_seqnum. Declare it in int-proto.h rather
than k5-int.h.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24805 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the
krb5_k_* APIs to use them, and caching of derived keys when krb5_k_*
functions are used. Updates the krb5 auth context and GSS id-rec to
use krb5_keys.
ticket: 6576
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
context; rd_safe and rd_priv require the remote address to be set.
Create error codes for both kinds of missing addresses and stop trying
futilely to handle the cases where they are not set.
ticket: 1165
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22184 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
char* and calls free.
Replace most uses, outside of the LDAP KDB plugin, which doesn't build
on my test system of the moment because of version dependencies. Add
one explicit cast to make the change warning-neutral (under gcc 4.0.1
on Mac OS X 10.5.6).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21812 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
records (with an empty client string) to retain compatibility with old
code. For rd_req, the ciphertext of the authenticator (with no ASN.1
wrapping) is hashed; for other uses of the replay cache, no message
hash is used at this time.
This commit adds a command-line tool for testing the replay cache but
does not add any automated tests.
ticket: 1201
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21723 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
a supplied timestamp against the configured maximum clock skew, and
possibly generating an error message, into a separate routine.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19722 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19279 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19278 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
ticket: 1263
target_version: 1.3
tags: pullup
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15479 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to send_subkey and recv_subkey, respectively. Add new APIs to query
and set these fields. Change the behavior of mk_req_ext, rd_req_dec,
and rd_rep to set both subkeys. Applications wanting to set
unidirectional subkeys may still do so by saving the values of subkeys
and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use
the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the
send_subkey.
ticket: 1415
status: open
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14812 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
improve load time on Mach-O
* init_ctx: fixed Mac OS macros
[pullups from 1-2-2-branch]
* rd_safe.c, rd_priv.c, rd_cred.c, preauth.c, mk_safe.c,
mk_cred.c, appdefault.c: use "" includes for krb5.h, k5-int.h and
syslog.h
[pullup from 1-2-2-branch]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14583 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
FAR/NEAR specs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13786 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13775 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12442 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
rd_safe.c (krb5_rd_safe):
rd_priv.c (krb5_rd_priv): Use the remote_subkey first, since the mk_*
routines try to use their local_subkey first. Otherwise, the wrong
keys will get used if subkeys are used in both directions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10415 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9788 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* srv_rcache.c (krb5_get_server_rcache):
* rd_safe.c (krb5_rd_safe):
* rd_req_dec.c (krb5_rd_req_decoded):
* rd_priv.c (krb5_rd_priv):
* rd_cred.c (krb5_rd_cred):
* gc_via_tkt.c (krb5_get_cred_via_tkt):
* get_in_tkt.c (verify_as_reply): Replace use of krb5_clockskew with
context->clockskew.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7063 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
t_ser.c: Work around an optimizer bug in gcc under OSF/1 2.1.
The timeofday calls were left in the stage as described in the ChangeLog
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6766 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6749 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
* gc_frm_kdc.c, gen_seqnum.c, get_creds.c, get_in_tkt.c,
* in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c, init_ctx.c,
* kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c, mk_req._ext.c,
* preauth.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c,
* send_tgs.c, sendauth.c, ser_actx.c, ser_ctx.c, ser_eblk.c,
* ser_key.c, t_ser.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6727 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
* gc_via_tkt.c, get_in_tkt.c, in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c
* init_ctx.c, kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c
* mk_req_ext.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c,
* send_tgs.c, ser_ctx.c, ser_eblk.c, ser_key.c, t_ser.c:
Remove krb5_enctype references, and replace with
krb5_keytype where appropriate
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6687 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
* rd_priv.c (krb5_rd_priv_basic): Pass context to os_localaddr.
* rd_cred.c (krb5_rd_cred_basic): Pass context to os_localaddr.
* get_in_tkt.c (krb5_get_in_tkt): Pass context to os_localaddr.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6243 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6035 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5981 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
* mk_safe.c (krb5_mk_safe()), rd_cred.c (krb5_rd_cred()),
* rd_priv.c (krb5_rd_prev()), rd_safe.c (krb5_rd_safe()):
Pass the contents pointer returned from krb5_make_fulladdr()
to free() not the address of the pointer.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5801 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
remote_addr was used where remote_port should have been used instead.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5687 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
* rd_cred.c (rd_cred()), rd_priv.c (rd_priv()), rd_safe.c (rd_safe()):
Don't call krb5_make_fulladdrs() if a port isn't specified.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5684 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Free all the data associated with the auth_context.
* auth_con.c (krb5_auth_con_setkey()) : Removed.
* mk_rep.c (mk_rep()),
The krb5_mk_rep() routine must always encode the data in
the keyblock of the ticket, not the subkey.
* cleanup.h, auth_con.c (krb5_auth_con_setports()) : Added.
* auth_con.h, mk_cred.c (mk_cred()), mk_priv.c (mk_priv()),
* mk_safe.c (mk_safe()), rd_cred.c (rd_cred()),
* rd_priv.c (rd_priv()), rd_safe.c (rd_safe()) :
Changes to auth_context to better support full addresses.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5677 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5655 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* auth_con.c (krb5_auth_con_setaddrs()) : Fixed so it allocates
space and copies addresses, not just pointer.
* mk_cred.c: Completely rewritten from sources donated by asriniva.
* rd_cred.c: Completely rewritten from sources donated by asriniva.
* mk_priv.c (krb5_mk_priv()), mk_safe.c (krb5_mk_safe()),
rd_priv.c (krb5_rd_priv()), and rd_safe (krb5_rd_safe()) :
Try using a subkey before using the session key for encryption.
* recvauth.c (krb5_recvauth()): Don't close the rcache on success.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5489 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
o removed INTERFACE from non-api functions
o add FAR to pointers visible to the world
o made the tests for __STDC__ also check for _WINDOWS
o creates GSSAPI.DLL & GSSAPI.LIB as per spec.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5354 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
support routines.
* mk_req.c (krb5_mk_req())
* mk_req_ext.c (krb5_mk_req_extended())
* rd_rep.c (krb5_rd_rep())
* sendauth.c (krb5_sendauth())
* mk_priv.c (krb5_mk_priv())
* mk_safe.c (krb5_mk_safe())
* rd_priv.c (krb5_rd_priv())
* rd_safe.c (krb5_rd_safe())
Added a krb5_auth_context argument and eliminated many of
the other arguments because they are included in the
krb5_auth_context structure.
* send_tgs.c (krb5_send_tgs()) Eliminate call to krb5_mk_req_extended(),
which does far more than krb5_send_tgs() needs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5099 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
* parse.c: Exdent #ifndef to left margin for old compilers.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5015 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
windows INTERFACE keyword to functions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5002 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Added krb5_context to all krb5_routines.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4810 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4191 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
use the local address.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3673 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2670 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
to "may require..."
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2638 dc483132-0cff-0310-8789-dd5450dbe970
|