summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Change subdir processing so that SUBDIRS will contain the configuredKen Raeburn2004-03-082-1/+5
| | | | | | | | | | | | | | subdirs only for the makefile in the directory with the configure script, and will have only $(LOCAL_SUBDIRS) elsewhere. Drop the use of "MY_SUBDIRS=." to override SUBDIRS in favor of this way of keeping SUBDIRS empty. Drop other uses of MY_SUBDIRS in favor of LOCAL_SUBDIRS or (in one case, the top level) overriding the SUBDIRS setting from pre.in. One less thing to keep tweaking as configure scripts get reorganized and merged. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16158 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2004-03-063-3/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16154 dc483132-0cff-0310-8789-dd5450dbe970
* For keytab, ccache, and rcache type registries, use const more, andKen Raeburn2004-03-066-21/+101
| | | | | | use a mutex to protect manipulation of the lists. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16153 dc483132-0cff-0310-8789-dd5450dbe970
* * lock_file.c (krb5_lock_file): Initialize flock data on entry, but don'tKen Raeburn2004-03-062-4/+6
| | | | | | bother with a static version to copy from. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16150 dc483132-0cff-0310-8789-dd5450dbe970
* Use more const data in the keytab type registryKen Raeburn2004-03-062-6/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16149 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Don't check for --enable-athena and don't define ↵Ken Raeburn2004-03-042-6/+5
| | | | | | ATHENA_DES3_KLUDGE git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16145 dc483132-0cff-0310-8789-dd5450dbe970
* fix typoKen Raeburn2004-03-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16143 dc483132-0cff-0310-8789-dd5450dbe970
* don't get a krb5_context for the routines that don't need itKen Raeburn2004-03-034-12/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16142 dc483132-0cff-0310-8789-dd5450dbe970
* minor formatting, mostly whitespaceKen Raeburn2004-03-031-37/+38
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16141 dc483132-0cff-0310-8789-dd5450dbe970
* * rc_base.c: Delete unused and untested semaphore supportKen Raeburn2004-03-033-29/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16140 dc483132-0cff-0310-8789-dd5450dbe970
* * gic_pwd.c (krb5_get_in_tkt_with_password): Fix a case Jeff missedKen Raeburn2004-02-282-1/+7
| | | | | | | ticket: 2296 version_fixed: git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16139 dc483132-0cff-0310-8789-dd5450dbe970
* * lib/helpers.exp (expect_kadm_ok): Check for eof and report a specific errorKen Raeburn2004-02-272-0/+6
| | | | | | for that case. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16138 dc483132-0cff-0310-8789-dd5450dbe970
* As discussed on the krbdev mailing list, krb5_get_init_creds_password()Jeffrey Altman2004-02-2710-24/+83
| | | | | | | | | | | | | | | | | | | | | | | suffered from a behavior in which it would unintentionally query a master KDC twice if in fact the KDC queried when krb5int_sendto() was called with use_master = 0 was in fact the master. This resulted in more than an additional protocol operation. There were two negative side effects. First, in the case of an incorrect password there would be two counts against the max retry attempts. Second, in the case of hardware pre-auth and an expired password, the user would be asked to enter their expired password twice before being told it was expired. This has been fixed by changing the use_master parameter into an in/out parameter and modifying krb5int_sendto() to indicate which KDC it received the response from. This allows the use_master parameter to be set to indicate whether or not the response came from a master KDC regardless of whether a master KDC was requested. ticket: new target_version: next tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16137 dc483132-0cff-0310-8789-dd5450dbe970
* Set context flags after calling krb5_rd_req so that the replay cache is set upSam Hartman2004-02-262-2/+8
| | | | | | | Ticket: 2284 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16129 dc483132-0cff-0310-8789-dd5450dbe970
* Move apputils dir from util to lib, to get its proper place in theKen Raeburn2004-02-267-2/+163
| | | | | | build process (after include). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16128 dc483132-0cff-0310-8789-dd5450dbe970
* * sendto_kdc.c (start_connection): Close socket if connect() call fails for anKen Raeburn2004-02-262-0/+6
| | | | | | | | | unexpected reason. ticket: 2277 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16123 dc483132-0cff-0310-8789-dd5450dbe970
* Remove ENCTYPE_LOCAL_DES3_HMAC_SHA1Sam Hartman2004-02-2410-414/+15
| | | | | | | | | | Previously, MIT had support for a version of the des3 enctype with a 32-bit length prepended to encrypted data. Remove that support. This is non-standard and is no longer needed even at MIT. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16122 dc483132-0cff-0310-8789-dd5450dbe970
* dependency updatesKen Raeburn2004-02-241-5/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16121 dc483132-0cff-0310-8789-dd5450dbe970
* ignore generated shared librariesKen Raeburn2004-02-241-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16120 dc483132-0cff-0310-8789-dd5450dbe970
* ignore some more generated filesKen Raeburn2004-02-248-0/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16119 dc483132-0cff-0310-8789-dd5450dbe970
* Move daemon.c into a new library of utility routines for linking our programsKen Raeburn2004-02-242-95/+4
| | | | | | | | | | | | against but which we don't want to install as a separate library. Change Kerberos and application servers to link against the library if they might need the replacement daemon() function. Add a dummy file to the library in case daemon() is not needed, so we don't have an empty library, which we may not handle properly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16118 dc483132-0cff-0310-8789-dd5450dbe970
* ignore generated krb524 error table codeKen Raeburn2004-02-241-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16116 dc483132-0cff-0310-8789-dd5450dbe970
* * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation forKen Raeburn2004-02-232-6/+19
| | | | | | | | | confidential CFX tokens. ticket: 2266 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16107 dc483132-0cff-0310-8789-dd5450dbe970
* ignore some files generated during testingKen Raeburn2004-02-192-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16103 dc483132-0cff-0310-8789-dd5450dbe970
* protoizeKen Raeburn2004-02-1955-412/+249
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16102 dc483132-0cff-0310-8789-dd5450dbe970
* ignore aes-gen programKen Raeburn2004-02-191-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16101 dc483132-0cff-0310-8789-dd5450dbe970
* delete some blank lines in fn defsKen Raeburn2004-02-191-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16098 dc483132-0cff-0310-8789-dd5450dbe970
* * pcbc_encrypt.c (des_pcbc_encrypt): Don't pass a temporary variable toKen Raeburn2004-02-182-3/+8
| | | | | | DES_DO_ENCRYPT and _DECRYPT. Drop the temporary variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16096 dc483132-0cff-0310-8789-dd5450dbe970
* * f_tables.h (DES_DO_ENCRYPT, DES_DO_DECRYPT): Allocate temporary variableKen Raeburn2004-02-175-24/+30
| | | | | | | | | | | locally instead of taking the extra argument. * d3_cbc.c (krb5int_des3_cbc_encrypt): Don't pass the extra argument, and delete the automatic variable. (krb5int_des3_cbc_decrypt): Likewise. * f_cbc.c (krb5int_des_cbc_encrypt, krb5int_des_cbc_decrypt): Likewise. * f_cksum.c (mit_des_cbc_cksum): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16095 dc483132-0cff-0310-8789-dd5450dbe970
* * afsstring2key.c (krb5_afs_encrypt): Drop EDFLAG as an argument, make it localKen Raeburn2004-02-172-4/+23
| | | | | | | | instead, since we always pass 0. (afs_crypt): Call changed. (krb5_afs_crypt_setkey, krb5_afs_encrypt): Use memcpy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16094 dc483132-0cff-0310-8789-dd5450dbe970
* Don't specify defaults for GET{PEER,SOCK}NAME_ARG{2,3}_TYPE macrosKen Raeburn2004-02-144-26/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16082 dc483132-0cff-0310-8789-dd5450dbe970
* * t_encrypt.c (compare_results): New function.Ken Raeburn2004-02-133-8/+57
| | | | | | | | | | | | (main): Use it to check decryption results against the original plaintext. When testing with cipher state, encrypt and then decrypt (and verify) two messages. * Makefile.in (t_encrypt$(EXEEXT)): Depend on CRYPTO_DEPLIB. ticket: 2229 status: resolved tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16079 dc483132-0cff-0310-8789-dd5450dbe970
* * dk_decrypt.c (krb5_dk_decrypt_maybe_trunc_hmac): New argument IVEC_MODE. IfKen Raeburn2004-02-133-11/+48
| | | | | | | | | | | | clear, same old behavior. If set, copy out next to last block for CTS. (krb5_dk_decrypt, krb5int_aes_dk_decrypt): Pass extra argument. * dk_encrypt.c (krb5int_aes_dk_encrypt): For IV, copy out next to last block for CTS. ticket: 2229 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16077 dc483132-0cff-0310-8789-dd5450dbe970
* Change PRIOCNTL_HACK code to use "==" rather than "eq", as "eq" is notTom Yu2004-02-134-6/+16
| | | | | | | | | | available in tcl-8.3. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16071 dc483132-0cff-0310-8789-dd5450dbe970
* priocntl workaround for Solaris 9 pty-close bugTom Yu2004-02-139-2/+102
| | | | | | | | | | | | Implement gross hack to use priocntl to work around the Solaris 9 pty-close bug. Run expect at a higher class "FX" priority than spawned processes, which run at a lower class "FX" priority. "make check" needs to start from a process which has FX priority >= 30 and FX priority limit >= 30. Thanks to Bill Sommerfeld for the hints. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16069 dc483132-0cff-0310-8789-dd5450dbe970
* * ser_sctx.c (kg_oid_externalize): Check for errors.Ken Raeburn2004-02-102-49/+154
| | | | | | | | | | | | | | | | (kg_oid_internalize): Check for errors. Free allocated storage on error. (kg_queue_externalize): Check for errorrs. (kg_queue_internalize): Check for errors. Free allocated storage on error. (kg_ctx_size): Update for new context data. (kg_ctx_externalize): Update for new context data. Check for error storing trailer. (kg_ctx_internalize): Update for new context data. Check for errors in a few more cases. ticket: 2166 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16050 dc483132-0cff-0310-8789-dd5450dbe970
* Call htons for default port of password serverSam Hartman2004-02-092-1/+5
| | | | | | | Ticket: 2171 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16047 dc483132-0cff-0310-8789-dd5450dbe970
* * util_ordering.c (g_queue_externalize, g_queue_internalize): Check forKen Raeburn2004-02-092-0/+9
| | | | | | | | | sufficient buffer space. ticket: 2166 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16040 dc483132-0cff-0310-8789-dd5450dbe970
* * t_cts.c (test_cts): Process encryption and decryption IVs separately, makeKen Raeburn2004-02-092-3/+33
| | | | | | | | | sure they match, and display the value. ticket: 2223 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16039 dc483132-0cff-0310-8789-dd5450dbe970
* * aes.c (krb5int_aes_encrypt, krb5int_aes_decrypt): Copy out value for new IVKen Raeburn2004-02-092-0/+10
| | | | | | | ticket: 2223 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16038 dc483132-0cff-0310-8789-dd5450dbe970
* no license on k5sealv3.cKen Raeburn2004-02-081-2/+28
| | | | | | | | | | Updated copyright notice to include standard license for release. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16028 dc483132-0cff-0310-8789-dd5450dbe970
* Enable aes128-cts for clientSam Hartman2004-02-062-0/+5
| | | | | | | | | | | | | Currently we support aes128-cts but do not enable it by default. It looks like interoperability problems will be created by this decision. So add aes128-cts to the default list of enctypes for client configuration and for permitted_enctypes. Ticket: new Target_Version: 1.3.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16026 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-02-05 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-02-064-7/+24
| | | | | | | | | | | | | | | | | | * gssapiP_krb5.h: remove KG_IMPLFLAGS macro * init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS macro with previous macro definition * accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS macro with new definition. As per 1964 the INTEG and CONF flags are supposed to indicate the availability of the services in the client. By applying the previous definition of KG_IMPLFLAGS the INTEG and CONF flags are always on. This can be a problem because some clients such as Microsoft's Kerberos SSPI allow CONF and INTEG to be used independently. By forcing the flags on, we would end up with inconsist state with the client. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16022 dc483132-0cff-0310-8789-dd5450dbe970
* Remove reference to the ntstatus.h header in cc_mslsa.cJeffrey Altman2004-02-042-1/+6
| | | | | | | | | | | This header is not present in the August 2001 Platform SDK which is the current minimum SDK version. ticket: new tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16020 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-02-02 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-02-032-1/+22
| | | | | | | | | | | | | | | | | | * cc_msla.c: GetMSCacheTicketFromCacheInfo() uses the tktinfo->TicketFlags as the value to assign to TicketRequest->TicketFlags. This field is blindly inserted into the kdc-options[0] field of the TGS_REQ. If there are bits such as TRANSIT_POLICY_CHECKED in the TicketFlags, this will result in an unknown TGS_OPTION being processed by the KDC. This has been fixed by mapping the Ticket Flags to KDC options. We only map Forwardable, Forwarded, Proxiable, and Renewable. The others should not be used. ticket: 2190 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16013 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: the MSLSA code was crashing on Pismere machines whenJeffrey Altman2004-02-022-10/+36
| | | | | | | | | | | | | | | | | | | | logging on with cross realm credentials. On these machines there are 8 tickets within the LSA cache from two different realms. One of the krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe processes. The attempt to access the ticket returns a SubStatus code of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that the logon attempt was invalid due to bad authentication information. kerbtray has no problem listing this ticket. The other seven tickets in the cache including the Initial Ticket are accessible. Modified krb5_lcc_next_cred() to skip to the next ticket if an attempt to read a single ticket fails. ticket: 2184 tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15997 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: optimize the get_next logic by storing a handle to theJeffrey Altman2004-02-012-18/+30
| | | | | | | | | | MS TGT in the lcc_cursor data structure ticket:new tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15993 dc483132-0cff-0310-8789-dd5450dbe970
* Do not export tickets from the LSA if they contain NULL session keys.Jeffrey Altman2004-01-312-6/+19
| | | | | | | | | | This is primarily to prevent unusable TGTs from being imported into the MIT Credential Cache ticket: 2153 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15991 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-01-30 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-01-312-20/+98
| | | | | | | | | | | | | | | | | | | | * cc_mslsa.c: As per extensive conversations with Doug Engert we have concluded that MS is not specifying a complete set of domain information when it comes to service tickets other than the initial TGT. What happens is the client principal domain cannot be derived from the fields they export. Code has now been added to obtain the domain from the initial TGT and use that when constructing the client principals for all tickets. This behavior can be turned off by setting a registry either on a per-user or a system-wide basis: {HKCU,HKLM}\Software\MIT\Kerberos5 PreserveInitialTicketIdentity = 0x0 (DWORD) ticket: 2139 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15990 dc483132-0cff-0310-8789-dd5450dbe970
* need more testing support for MSKen Raeburn2004-01-273-3/+43
| | | | | | | | | | | | | | | | | | This should allow use of the CFX_EXERCISE code to better check interoperability of MS and MIT code with regard to future extensibility. * init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't crash on null pointer in debugging code. (new_connection): Disable CFX_EXERCISE unknown-token-id case detection. * accept_sec_context.c (krb5_gss_accept_sec_context) [CFX_EXERCISE]: Log to /tmp/gsslog whether delegation or extra option bytes were present. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15983 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-15 09:21:16 +0000