summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Suppress building camellia-gen in "make check" for now (it has a buildGreg Hudson2010-11-211-1/+2
| | | | | | | issue on Solaris which will go away when Camellia support becomes unconditional). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24525 dc483132-0cff-0310-8789-dd5450dbe970
* Implement Camellia-CTS-CMAC instead of Camellia-CCMGreg Hudson2010-11-2038-1515/+2449
| | | | | | | | | | | Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC. Still not compiled in by default since we don't have enctype assignments yet. ticket: 6822 target_verion: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24524 dc483132-0cff-0310-8789-dd5450dbe970
* Include <openssl/des.h> in the OpenSSL back end's weak_key.c for theGreg Hudson2010-11-091-0/+1
| | | | | | DES_is_weak_key prototype. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24512 dc483132-0cff-0310-8789-dd5450dbe970
* Use size_t to hold set counts in net-server.cGreg Hudson2010-11-031-9/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24506 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_error_message cannot return NULL, and returns "Success" onGreg Hudson2010-11-013-11/+6
| | | | | | error code 0. Simplify some overly paranoid code accordingly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24489 dc483132-0cff-0310-8789-dd5450dbe970
* Don't fail out from krb5_get_credentials() if we can't store a ticketGreg Hudson2010-10-271-10/+4
| | | | | | | | into the ccache. ticket: 6812 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24488 dc483132-0cff-0310-8789-dd5450dbe970
* FILE keytabs have been able to handle write operations since krb5 1.7,Greg Hudson2010-10-261-31/+12
| | | | | | | | | | as an apparently unintended side effect of r20594. Clean up the code by combining the identical resolve functions for FILE and WRFILE, and removing the code to set up a WRFILE default keytab name in kadmin.c. Also fixes a slight display bug; k5test.py needs to be adjusted to expect the correct output. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24487 dc483132-0cff-0310-8789-dd5450dbe970
* Add a kg_encrypt_inplace() utility function to the krb5 GSS mech, andGreg Hudson2010-10-266-101/+108
| | | | | | | | | | use it where we do in-place encryption of checksums in the non-CFX seal tokens with raw DES enctypes. Avoids a harmless but incorrect in-place memcpy(). ticket: 6770 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24485 dc483132-0cff-0310-8789-dd5450dbe970
* Set *conf_state on successful return fromGreg Hudson2010-10-261-0/+2
| | | | | | | | | | | gss_krb5int_make_seal_token_v3_iov, fixing a case where it wasn't always set by gss_wrap_iov. Patch from aberry@likewise.com. ticket: 6809 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24483 dc483132-0cff-0310-8789-dd5450dbe970
* When we create a temporary memory ccache for use within aGreg Hudson2010-10-255-3/+10
| | | | | | | | | | | krb5_gss_cred_id_rec, set a flag to indicate that the ccache should be destroyed rather than closed. Patch from aberry@likewise.com. ticket: 6787 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24482 dc483132-0cff-0310-8789-dd5450dbe970
* Use safer output parameter handling inGreg Hudson2010-10-251-2/+4
| | | | | | | | | | krb5_gss_acquire_cred_impersonate_name and its subsidiary helpers. ticket: 6796 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24481 dc483132-0cff-0310-8789-dd5450dbe970
* In acquire_init_cred in the GSS krb5 mech, don't intern cred->name,Greg Hudson2010-10-251-4/+2
| | | | | | | | | | | since it's not used as an output parameter. Fixes a memory leak. Reported by aberry@likewise.com. ticket: 6793 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24480 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-10-241-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24479 dc483132-0cff-0310-8789-dd5450dbe970
* Declare xdr_purgekeys_argKen Raeburn2010-10-231-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24476 dc483132-0cff-0310-8789-dd5450dbe970
* Include k5-int.h for function declarationsKen Raeburn2010-10-231-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24473 dc483132-0cff-0310-8789-dd5450dbe970
* Try harder to retain the "brand" string in the shared libraryKen Raeburn2010-10-232-5/+14
| | | | | | | Make the brand array non-static, and actually use the value in (the infrequently-called) krb5_init_secure_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24471 dc483132-0cff-0310-8789-dd5450dbe970
* Better libk5crypto NSS fork safetyGreg Hudson2010-10-233-6/+124
| | | | | | | | | | | | | Use SECMOD_RestartModules() from the forthcoming NSS 3.12.9 release to make the libk5crypto back end work after a fork. Add a test program to exercise fork detection in the NSS back end. Add a configure-time version check to ensure that we're using NSS 3.12.9 or later. ticket: 6810 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24470 dc483132-0cff-0310-8789-dd5450dbe970
* Make it possible to override CRYPTO_IMPL_CFLAGS and CRYPTO_IMPL_LIBS atGreg Hudson2010-10-229-9/+20
| | | | | | make time. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24469 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-10-131-5/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24454 dc483132-0cff-0310-8789-dd5450dbe970
* Fix leaks in get_init_creds interfaceSam Hartman2010-10-131-3/+9
| | | | | | | | | | | | | | | | | In Debian Bug 598032, Bastian Blank points out that there are two leaks in the get_init_creds interface: * Free ctx->request->padata after sending the KDC request so it is not overwritten the next time around the loop. * If options is NULL passed into krb5_get_init_creds_init, then set up a non-extended options structure so that krb5_get_init_creds_free will free the options. ticket: 6801 target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24452 dc483132-0cff-0310-8789-dd5450dbe970
* When returning KRB5_KT_NOTFOUND from krb5_ktfile_get_entry, set anGreg Hudson2010-10-111-1/+8
| | | | | | extended error message indicating which principal was not found. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24448 dc483132-0cff-0310-8789-dd5450dbe970
* Plug a memory leak in gss_indicate_mechsGreg Hudson2010-10-091-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24447 dc483132-0cff-0310-8789-dd5450dbe970
* Encoding cleanup: curly quotes to ASCII quotes, and some ISO-8859-1Tom Yu2010-10-0840-40/+40
| | | | | | files to UTF-8. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24446 dc483132-0cff-0310-8789-dd5450dbe970
* In gss_indicate_mechs, avoid setting the output pointer until successGreg Hudson2010-10-081-17/+17
| | | | | | is guaranteed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24445 dc483132-0cff-0310-8789-dd5450dbe970
* In gss_inquire_attrs_for_mech, remove the assumption that mech_attrsGreg Hudson2010-10-081-1/+2
| | | | | | != NULL in a particular error case. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24444 dc483132-0cff-0310-8789-dd5450dbe970
* Remove duplicate code block in spnego_gss_set_cred_option()Greg Hudson2010-10-081-17/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24443 dc483132-0cff-0310-8789-dd5450dbe970
* Add a kadm5 RPC for purging old keys from the KDB (e.g., fromTom Yu2010-10-088-0/+135
| | | | | | | | | | | | | | | change_password -keepold), and add a kadmin CLI command for it. Keeping ticket open because an automated test needs to be added. Long-term future work includes start/expire dates on keys, or not-yet-valid flags. ticket: 1219 status: open target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24442 dc483132-0cff-0310-8789-dd5450dbe970
* Performance issue in LDAP policy fetchGreg Hudson2010-10-072-4/+5
| | | | | | | | | | Instead of performing a tree search to fill in the refcnt field of a policy object whenever a policy is fetched, set the refcnt to 0 and perform a check when policies are deleted. ticket: 6799 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24440 dc483132-0cff-0310-8789-dd5450dbe970
* set NT-SRV-INST on TGS principal namesTom Yu2010-10-061-1/+12
| | | | | | | | | | | | | | Set NT-SRV-INST on TGS principal names in get_in_tkt.c:build_in_tkt_name because Windows Server 2008 R2 RODC insists on it. Thanks to Bill Fellows for reporting this problem. ticket: 6798 tags: pullup target_version: 1.8.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24438 dc483132-0cff-0310-8789-dd5450dbe970
* Correct a miscarriage of justice committed by the style policeGreg Hudson2010-10-061-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24437 dc483132-0cff-0310-8789-dd5450dbe970
* Merge users/lhoward/sasl-gs2 to trunkGreg Hudson2010-10-0613-1/+1096
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24436 dc483132-0cff-0310-8789-dd5450dbe970
* Minor comments related changed. Zhanna Tsitkov2010-10-065-6/+35
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24433 dc483132-0cff-0310-8789-dd5450dbe970
* Add RUN_SETUP so make check works by setting the proper LD_LIBRARY_PATHEzra Peisach2010-10-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24428 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the NSS PRNG build. Fix the build for non-gmake make. Revert aGreg Hudson2010-10-053-10/+6
| | | | | | no longer necessary change to lib/crypto/krb/Makefile.in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24427 dc483132-0cff-0310-8789-dd5450dbe970
* Add a name field to the pwqual plugin vtable and log pwqual moduleGreg Hudson2010-10-057-1/+28
| | | | | | rejections. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24425 dc483132-0cff-0310-8789-dd5450dbe970
* Propagate modprinc -unlock from master to slave KDCsGreg Hudson2010-10-052-0/+42
| | | | | | | | | | | | Create a new tl-data type to hold the time of the last administrative unlock, and factor it into decisions about account lockout. Since tl-data values are propagated from master to slave, this will cause modprinc -unlock operations to reach slave KDCs on the next propagation. ticket: 6795 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
* Some missed files needed for rev #24420Zhanna Tsitkov2010-10-0520-0/+1541
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24421 dc483132-0cff-0310-8789-dd5450dbe970
* Improves prng code modularity. Introduces fortuna-like prng that can be used ↵Zhanna Tsitkov2010-10-0532-195/+758
| | | | | | | | | in lieu of yarrow. Yarrow stays the default prng while fortuna may be engaged during configuration by using "--with-prng-alg=fortuna" flag. Also, nss crypto backend continues to use its own prng. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24420 dc483132-0cff-0310-8789-dd5450dbe970
* Add mit_afs_string_to_key declarationZhanna Tsitkov2010-10-051-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24419 dc483132-0cff-0310-8789-dd5450dbe970
* Add a missing protototype which was breaking the crypto build with theGreg Hudson2010-10-051-0/+5
| | | | | | NSS back end after r24409. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24418 dc483132-0cff-0310-8789-dd5450dbe970
* Protoize old-style function definitions in kdb5.c and normalizeGreg Hudson2010-10-041-131/+75
| | | | | | formatting of definition headers. No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24417 dc483132-0cff-0310-8789-dd5450dbe970
* Merge branches/nss to trunkGreg Hudson2010-10-0256-19/+3933
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24416 dc483132-0cff-0310-8789-dd5450dbe970
* In the krb5_kuserok implementation, fix an unintentional type changeGreg Hudson2010-10-021-2/+2
| | | | | | | | | to "gobble" (was an int, was accidentally changed to a char) which could result in an infinite loop. ticket: 6792 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24413 dc483132-0cff-0310-8789-dd5450dbe970
* Use gss_set_cred_option instead of (undeclared) gssspi_set_cred_optionKen Raeburn2010-10-021-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24410 dc483132-0cff-0310-8789-dd5450dbe970
* Add an error to be returned by a preauth mechanism indicating that the KDC ↵Sam Hartman2010-10-012-1/+3
| | | | | | | | | | | should not respond to a packet * Do not generate an error response in this case * Drop a TCP connection if we are not going to respond to it. kdc: add KRB5KDC_ERR_DISCARD git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24406 dc483132-0cff-0310-8789-dd5450dbe970
* Enable sam_challenge_2 encodersSam Hartman2010-10-012-4/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24404 dc483132-0cff-0310-8789-dd5450dbe970
* Remove support for the old pa-sam-challenge and pa-sam-responseSam Hartman2010-10-011-295/+46
| | | | | | | | | preauth type per discussion on krbdev. The pa-sam-challenge-2 code remains in the client. preauth: remove pa-sam-challenge git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24403 dc483132-0cff-0310-8789-dd5450dbe970
* Implement k5login_directory and k5login_authoritative optionsGreg Hudson2010-10-011-85/+118
| | | | | | | | Add and document two new options for controlling k5login behavior. ticket: 6792 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24402 dc483132-0cff-0310-8789-dd5450dbe970
* Add a simple test harness for kuserok. Build it during make check butGreg Hudson2010-10-012-2/+66
| | | | | | don't run any automated tests for the moment. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24401 dc483132-0cff-0310-8789-dd5450dbe970
* A cleaner impleentation of r24399 which adds two new auth context APIsGreg Hudson2010-10-013-4/+29
| | | | | | | | | (and is therefore less suitable for backporting to 1.8) but doesn't reach inside the auth context structure in the krb5 mechanism code. ticket: 6768 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24400 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-01 07:24:55 +0000