summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5_32.def
Commit message (Collapse)AuthorAgeFilesLines
* Add API to interpret changepw result stringsGreg Hudson2012-05-091-0/+3
| | | | | | | | | | | | | Active Directory returns structured policy information in the nominally UTF-8 result string field of a password change reply. Add a new API krb5_chpw_message() to convert a result string into a displayable message, interpreting policy information if present. Patch from stefw@gnome.org with changes. ticket: 7128 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25857 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_check_clockskew publicGreg Hudson2011-10-311-0/+1
| | | | | | | | | | | | Rename krb5int_check_clockskew to krb5_check_clockskew and make it public, in order to give kdcpreauth plugins a way to check timestamps against the configured clock skew. ticket: 6996 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25424 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_find_authdata publicGreg Hudson2011-10-251-0/+1
| | | | | | | | | | Rename krb5int_find_authdata to krb5_find_authdata and make it public. ticket: 6992 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25414 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_pac_sign publicGreg Hudson2011-10-121-0/+1
| | | | | | | | | | | | krb5int_pac_sign was created as a private API because it is only needed by the KDC. But it is actually used by DAL or authdata plugin modules, not the core KDC code. Since plugin modules should not need to consume internal libkrb5 functions, rename krb5int_pac_sign to krb5_pac_sign and make it public. ticket: 6974 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25325 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_cc_select() API and pluggable interfaceGreg Hudson2011-09-051-0/+1
| | | | | | | | | | | The interface has two built-in modules. The realm module guesses a cache based on the server realm if it is known. The k5identity module (Unix only) chooses a client principal based on rules in a .k5identity file in the user's homedir. ticket: 6957 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25158 dc483132-0cff-0310-8789-dd5450dbe970
* Add new cache collection APIsGreg Hudson2011-09-051-0/+5
| | | | | | | | | | | | | | | * krb5_cc_get_full_name retrieves the full type:name of a cache. * krb5_cc_switch makes a cache the primary cache. * krb5_cc_cache_match searches the collection for a client principal. * krb5_free_string releases a string (for the krb5_cc_get_full_name result). All of these are from Heimdal except for krb5_free_string (Heimdal uses krb5_xfree). ticket: 6954 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25155 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2011-08-091-2/+2
| | | | | | Also remove the erroneously added gssapi_err_krb5 error table sources. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25091 dc483132-0cff-0310-8789-dd5450dbe970
* Added functions to export tables krb5_32:Sam Hartman2011-08-091-0/+2
| | | | | | | | | | krb5int_c_mandatory_cksumtype, krb5int_arcfour_gsscrypt gssapi32: gss_pname_to_uid Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25086 dc483132-0cff-0310-8789-dd5450dbe970
* Fix name of krb5_init_context_profile in krb5_32.defGreg Hudson2011-08-091-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25079 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_init_context_profile APIGreg Hudson2011-07-201-0/+1
| | | | | | ticket: 6929 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25026 dc483132-0cff-0310-8789-dd5450dbe970
* Add k5_kt_get_principal, an internal krb5 interface to try to get aGreg Hudson2011-04-081-0/+1
| | | | | | | | principal name from a keytab. Used currently by vfy_increds.c (in place of its static helper); will also be used when querying the name of the default gss-krb5 acceptor cred. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24859 dc483132-0cff-0310-8789-dd5450dbe970
* Improve acceptor name flexibilityGreg Hudson2011-02-071-0/+3
| | | | | | | | | | | | | | | | | | | | | | Be more flexible about the principal names we will accept for a given GSS acceptor name. Also add support for a new libdefaults profile variable ignore_acceptor_hostname, which causes the hostnames of host-based service principals to be ignored when passed by server applications as acceptor names. Note that we still always invoke krb5_sname_to_principal() when importing a gss-krb5 mechanism name, even though we won't always use the result. This is an unfortunate waste of getaddrinfo/getnameinfo queries in some situations, but the code surgery necessary to defer it appears too risky at this time. The project proposal for this change is at: http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names ticket: 6855 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24616 dc483132-0cff-0310-8789-dd5450dbe970
* Supply static ordinals for new symbols in gssapi32.def and krb5_32.def,Greg Hudson2010-11-261-114/+114
| | | | | | | | for consistency with KFW 3.x. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24535 dc483132-0cff-0310-8789-dd5450dbe970
* Fix Windows buildGreg Hudson2010-11-251-13/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Repair the Windows build. Tested with the prepare-on-Unix method. Some specific changes include: * Removed the IPC finalizer (no longer used after r20787) from ccapi/lib/ccapi_ipc.c, as it was creating a difficult dependency chain for the pingtest build in ccapi/test. Also updated pingtest to use the k5_ipc_stream interfaces since cci_stream is gone. * Reverted the apparently non-functional r20277. * klist -V prints just "Kerberos for Windows", since it has no access to PACKAGE_NAME and PACKAGE_VERSION from autoconf. This should be addressed correctly. * krb5, telnet, gssftp, and NIM are removed from the build. * Some files had CRLFs; these were replaced with LFs and the svn:eol-style property set on the files. Otherwise the CRLFs became CRCRLFs after the zip transfer. * Windows does not have opendir/readdir, so added Windows code to prof_parse.c for includedir. Probable fodder for a libkrb5support portability shim. ticket: 6826 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24533 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5_get_in_tktTom Yu2010-05-121-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24013 dc483132-0cff-0310-8789-dd5450dbe970
* remove des425 syms; add some new dce,iov syms needed for gssapiKen Raeburn2009-02-111-9/+18
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21964 dc483132-0cff-0310-8789-dd5450dbe970
* Add static ordinals to DLL exportsJeffrey Altman2007-09-301-269/+269
| | | | | | | | | | | | | | | Add static ordinals to DLL exports in krb5_32.def, xpprof32.def gssapi32.def, and krb524.def. Not added to k5sprt32.def as all of the functions are private. Not added to krb4_32.def as the library is not supported as part of KFW. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20024 dc483132-0cff-0310-8789-dd5450dbe970
* remove inadvertent commit of symbols temporarily exported in Jeffrey Altman2007-08-141-9/+0
| | | | | | | | a sandbox to permit building of pkinit code on Windows. ticket: 5645 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19819 dc483132-0cff-0310-8789-dd5450dbe970
* export krb5_get_profileJeffrey Altman2007-08-111-2/+10
| | | | | | | | | | Export krb5_get_profile. Remove comment saying it should be added and just do it. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19818 dc483132-0cff-0310-8789-dd5450dbe970
* get_init_creds_opt extensibilityTom Yu2007-01-301-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r18922@cathode-dark-space: coffman | 2006-12-04 18:30:15 -0500 First cut at making the get_init_creds_opt structure extendable and adding library functions to set options for preauthentication plugins. This does *not* include a compatibility function to work like Heimdal's krb5_get_init_creds_opt_set_pkinit() function. Hopefully, the test code that doesn't belong in kinit.c is obvious. r18929@cathode-dark-space: coffman | 2006-12-07 10:01:20 -0500 Remove extra "user_id" parameter. Add function which duplicates the Heimdal interface (if we can agree on what the matching attribute names should be). r18934@cathode-dark-space: coffman | 2006-12-08 15:28:03 -0500 Update to use the simplified interface for krb5_get_init_creds_opt_set_pa() Add code in kinit to process "-X" options as preauth options and pass them along. r18936@cathode-dark-space: coffman | 2006-12-11 12:04:26 -0500 Move prototypes for get_init_creds_opt_get_pa() and krb5_get_init_creds_opt_free_pa() into the preauth_plugin.h header rather than krb5.hin. ticket: new status: open component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19127 dc483132-0cff-0310-8789-dd5450dbe970
* This commit adds two new functions, krb5_server_decrypt_ticket_keyblock Jeffrey Altman2007-01-161-0/+1
| | | | | | | | | | | | | | | | | (private) and krb5_server_decrypt_ticket_keytab (public). These functions take a krb5_ticket as input and decrypt it using the provided key data. The public function is useful for higher level application protocols such a TLS-KRB5 and AFS RX-KRB5 which exchange a service but do not use the AP-REQ/AP-REP messages. This commit also adds new functionality to kvno which permits kvno when provided a keytab as input to verify whether or not the keytab contains a key that can successfully decrypt the obtains service ticket. ticket: 5349 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19062 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_init_creds_opt_set_change_password_promptJeffrey Altman2006-12-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | krb5_get_init_creds_opt_set_change_password_prompt is a new gic option that permits the prompter code to be skipped when the password has expired. This option is meant to be used by credential managers such as NetIDMgr and Kerberos.app that have their own built in password change dialogs. This patch adds the new function, exports it on Windows, and makes use of it within the Krb5 identity provider for NetIDMgr. The patch is written to ensure that no changes to the krb5_get_init_creds_opt structure are required and to ensure that the default behavior, prompting, is maintained. The export lists for UNIX and KFM must still be updated. The function prototype was committed as part of ticket 3642. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18954 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/ccache/ccbase.c (krb5int_cc_getops): InternalTom Yu2006-11-181-0/+1
| | | | | | | | | | | | | | | | function to fetch ops vector given ccache prefix string. (krb5_cc_new_unique): New function to generate a new unique ccache of a given type. * src/include/krb5/krb5.hin: Prototype for krb5_cc_new_unique(). * src/lib/krb5/libkrb5.exports: * src/lib/krb5_32.def: Add krb5_cc_new_unique(). ticket: 3091 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18857 dc483132-0cff-0310-8789-dd5450dbe970
* update export listsTom Yu2006-10-061-0/+3
| | | | | | | ticket: 4389 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18653 dc483132-0cff-0310-8789-dd5450dbe970
* Set the canonicalize flag in TGS requests and accept cross-realm referral ↵Sam Hartman2006-09-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tickets. We do not yet accept tickets in which the server name changes. * krb5_sname_to_principal: If there is no domain realm mapping return null realm *krb5_get_cred_via_tkt: New behavior as described below 1) the referrals case: - check for TGT for initial realm - if a remote realm was specified (which must have happened via a domain_realm mapping), obtain a TGT for it the standard way and start with that. - use client realm for server if not specified - iterate through this loop: - request ticket with referrals turned on - if that fails: - if this was the first request, punt to non-referrals case - otherwise, retry once without referrals turned on then terminate either way - if it works, either use the service ticket or follow the referral path - if loop count exceeded, hardfail 2) the nonreferrals case - this is mostly the old walk_realm_tree TGT-finding (which allows limited shortcut referrals per 4120) followed by a standard tgs-req. - originally requested principal is used for this, although if we were handed something without a realm, determine a fallback realm based on DNS TXT records or a truncation of the domain name. ticket: 2652 Owner: amb git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18598 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5_32.def: Export krb5_copy_contextTom Yu2006-06-261-0/+1
| | | | | | | | | | | * src/lib/krb5/libkrb5.exports: Export krb5_copy_context. * src/lib/krb5/krb/init_ctx.c (krb5_copy_context): Fix malloc argument for nctx. Handle null default_ccname case. ticket: 2856 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18229 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5_32.def: Add the new error-message functionsKen Raeburn2006-03-271-1/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17780 dc483132-0cff-0310-8789-dd5450dbe970
* Implement RFC 3961 PRFSam Hartman2005-05-201-0/+2
| | | | | | | | | | | | | | Add krb5_c_prf, a function that implements the RFC 3961 PRF. As part of this change, the krb5_init_keyblock and krb5 free routines move to libk5crypto. Public stubs remain in libkrb5, but the actual implementation is an internal interface in libk5crypto ticket: new Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17219 dc483132-0cff-0310-8789-dd5450dbe970
* Add new function krb5_boolean krb5_is_thread_safe(void) to library.Jeffrey Altman2005-01-051-0/+1
| | | | | | | | | | | | | This function simply reports whether or not ENABLE_THREADS was specified at compile time. It is meant to be used by applications which need to know whether or not multithread libraries must be initialized OR whether or not calls to Kerberos library functions from multi-threaded applications must be protected by an application global mutex. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17003 dc483132-0cff-0310-8789-dd5450dbe970
* Mark krb5_principal2salt has being declared with the wrong calling conventionJeffrey Altman2004-12-201-3/+3
| | | | | | | | ticket: new target_version: 1.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16960 dc483132-0cff-0310-8789-dd5450dbe970
* The new functions krb5int_c_mandatory_cksumtype, krb5_ser_pack_int64,Jeffrey Altman2003-12-191-4/+0
| | | | | | | | | | | | | and krb5_ser_unpack_int64 are considered private. Therefore, in order for them to be used from within gssapi they must be added to the krb5int_accessor mechanism. This allows us to not publicize their existence via exportation on Windows or MacOSX. ticket: new tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15941 dc483132-0cff-0310-8789-dd5450dbe970
* * krb4_32.def: Remove exports from KfM not yet compiled in KfWJeffrey Altman2003-12-131-0/+5
| | | | | | | | | | | | | | krb_ad_tkt, krb_pw_tkt, kuserok, tkt_string, FSp_xxx * krb5_32.def: Add exports of private functions necessary for building new gssapi32.dll: krb5int_c_mandatory_cksumtype ; PRIVATE GSSAPI k5-int.h krb5_ser_pack_int64 ; PRIVATE GSSAPI k5-int.h krb5_ser_unpack_int64 ; PRIVATE GSSAPI k5-int.h ticket: 2067 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15920 dc483132-0cff-0310-8789-dd5450dbe970
* Export krb5_principal2saltAlexandra Ellwood2003-07-211-0/+1
| | | | | | ticket: 1679 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15701 dc483132-0cff-0310-8789-dd5450dbe970
* Export krb5_get_permitted_enctypes and krb5_set_real_time for SambaAlexandra Ellwood2003-07-091-0/+2
| | | | | | ticket: 1655 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15678 dc483132-0cff-0310-8789-dd5450dbe970
* Rename interface to krb5_524_convert_creds, export it from krb5 library.Ken Raeburn2003-05-281-0/+4
| | | | | | | | | | | | Provide old names as functions for UNIX/MacOS binary compatibility, and deprecated macros for source code compatibility. (For Windows, we'll still need a krb524.dll, and it can worry about providing the old names.) Enable support on Windows always. ticket: 1491 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15513 dc483132-0cff-0310-8789-dd5450dbe970
* * IMplement etype_info in KDC. If the request contains any newSam Hartman2003-05-121-0/+1
| | | | | | | | | | | | | | | | | | | | enctypes (currently AES but anything not explicitly listed as old) then only etype_info2 is sent back in response. Send back etype_info2 all the time. Also send back etype_info2 to provide salt and s2kparams with AS reply not just for preauth errors. * Expose interface for getting string2key with parameters (previously implemented but not exported) * IN the client (at least for get_init_creds interface) prfer etype_info2 to etype_info and pw_salt. Pass s2kparams and use string2key_with_params. Ticket: 1454 Status: open Target_Version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15412 dc483132-0cff-0310-8789-dd5450dbe970
* Rename the local_subkey and remote_subkey fields in the auth_contextTom Yu2003-05-101-0/+4
| | | | | | | | | | | | | | | | | to send_subkey and recv_subkey, respectively. Add new APIs to query and set these fields. Change the behavior of mk_req_ext, rd_req_dec, and rd_rep to set both subkeys. Applications wanting to set unidirectional subkeys may still do so by saving the values of subkeys and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the send_subkey. ticket: 1415 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
* Implementation of Microsoft set password client library code providedSam Hartman2003-04-251-0/+2
| | | | | | | | | | by Paul Nelson. Ticket: 1377 Status: open Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15373 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (K4LIBS): Revert previousTom Yu2003-02-111-0/+1
| | | | | | | * krb5_32.def: Add afs_string_to_key, which is now needed by the krb4 library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15176 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5_32.def: Export krb5_rc_close, krb5_free_enc_tkt_part, andKen Raeburn2003-01-171-0/+3
| | | | | | krb5_decrypt_tkt_part, for GSSAPI. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15129 dc483132-0cff-0310-8789-dd5450dbe970
* This should be all that remains of the 1-2-2-branch merge; someTom Yu2003-01-131-191/+176
| | | | | | | | | | | additional sanity-checking of merge needed though. * krb5_32.def: Merge from 1-2-2-branch. ticket: 1177 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15117 dc483132-0cff-0310-8789-dd5450dbe970
* Implement krb5_auth_con_set_checksum_func, an API for setting aSam Hartman2003-01-061-0/+2
| | | | | | | | | | callback to specify the data to be checksummed by krb5_mk_req after the auth_context has been set up. Mainly useful for GSSAPI. Ticket: 1054 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15084 dc483132-0cff-0310-8789-dd5450dbe970
* export krb5_set_default_tgs_enctypesSam Hartman2001-11-201-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14014 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5_32.def: Add krb5_kt_* functions: krb5_kt_close,Danilo Almeida2001-10-161-0/+7
| | | | | | | krb5_kt_get_entry, krb5_kt_get_name, krb5_kt_get_type, krb5_kt_start_seq_get, krb5_kt_next_entry, and krb5_kt_end_seq_get. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13812 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5_32.def: Add krb5_rc_close() so gssapi buildsDanilo Almeida2001-01-221-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12930 dc483132-0cff-0310-8789-dd5450dbe970
* Add missing krb5_cc_store_cred()Danilo Almeida2000-07-301-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12594 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5_32.def: Add krb5_cc_* functionsDanilo Almeida2000-07-201-0/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12575 dc483132-0cff-0310-8789-dd5450dbe970
* * krb4_32.def: Add krb_in_tkt.Danilo Almeida2000-07-191-0/+1
| | | | | | * krb5_32.def: Add krb5int_accessor. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12561 dc483132-0cff-0310-8789-dd5450dbe970
* pullup from 1.2 branchKen Raeburn2000-06-271-32/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12442 dc483132-0cff-0310-8789-dd5450dbe970
* 2000-05-15 Jeffrey Altman <jaltman@columbia.edu>Jeffrey Altman2000-05-161-1/+3
| | | | | | | | | * Export new public functions krb5_appdefault_string krb5_appdefault_boolean git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12260 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-11-20 13:26:03 +0000