summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* AES shouldn't be in KDC default enctype listKen Raeburn2003-05-132-1/+6
| | | | | | | | | | | Until all services including GSS-based ones can support AES, we don't want it in the default supported enctypes list on the KDC. ticket: new tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15428 dc483132-0cff-0310-8789-dd5450dbe970
* reduce AES string-to-key iteration count to 4096Ken Raeburn2003-05-132-3/+39
| | | | | | | | | | | | | | * aes_s2k.c (DEFAULT_ITERATION_COUNT): New macro; define to 4096. (MAX_ITERATION_COUNT): New macro. (krb5int_aes_string_to_key): Use them. Also added a proper copyright notice. ticket: new tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15427 dc483132-0cff-0310-8789-dd5450dbe970
* Fix minor error in previous commit that broke v4 saltsSam Hartman2003-05-131-1/+1
| | | | | | | Ticket: 1470 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15426 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leaks and double frees in preauth2.cSam Hartman2003-05-134-42/+81
| | | | | | | Ticket: 1470 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15425 dc483132-0cff-0310-8789-dd5450dbe970
* Add AES enctypes to t_encryptSam Hartman2003-05-132-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15424 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in: Add setting of KRB_ERR on WindowsTom Yu2003-05-122-0/+5
| | | | | | ticket: 1477 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15419 dc483132-0cff-0310-8789-dd5450dbe970
* Don't #include compile_et .c filesSam Hartman2003-05-124-12/+18
| | | | | | | | | | | | | | At least the e2fsprogs compile_et produces .c files that duplicate definitions found in com_err.h and so you need to avoid including those .c files in other files. In order to do this we duplicate the string tables. Ticket: new Target_Version: 1.3 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15415 dc483132-0cff-0310-8789-dd5450dbe970
* * IMplement etype_info in KDC. If the request contains any newSam Hartman2003-05-129-89/+97
| | | | | | | | | | | | | | | | | | | | enctypes (currently AES but anything not explicitly listed as old) then only etype_info2 is sent back in response. Send back etype_info2 all the time. Also send back etype_info2 to provide salt and s2kparams with AS reply not just for preauth errors. * Expose interface for getting string2key with parameters (previously implemented but not exported) * IN the client (at least for get_init_creds interface) prfer etype_info2 to etype_info and pw_salt. Pass s2kparams and use string2key_with_params. Ticket: 1454 Status: open Target_Version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15412 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new krb5_context field for the config-file tgs_enctypes, whichKen Raeburn2003-05-103-23/+57
| | | | | | | | | | | applications cannot override, and use it for ticket-granting tickets needed to acquire some desired service ticket. ticket: 1429 tags: pullup status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15411 dc483132-0cff-0310-8789-dd5450dbe970
* punt leftover conflict markersTom Yu2003-05-101-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15410 dc483132-0cff-0310-8789-dd5450dbe970
* Rename the local_subkey and remote_subkey fields in the auth_contextTom Yu2003-05-1019-77/+200
| | | | | | | | | | | | | | | | | to send_subkey and recv_subkey, respectively. Add new APIs to query and set these fields. Change the behavior of mk_req_ext, rd_req_dec, and rd_rep to set both subkeys. Applications wanting to set unidirectional subkeys may still do so by saving the values of subkeys and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the send_subkey. ticket: 1415 status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
* * init_os_ctx.c: Added support for KLL's __KLAllowHomeDirectoryAccess() ↵Alexandra Ellwood2003-05-072-1/+12
| | | | | | function so that krb4, krb5 and gssapi will not access the user's homedir if the application forbids it git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15398 dc483132-0cff-0310-8789-dd5450dbe970
* Fix typoSam Hartman2003-05-061-1/+1
| | | | | | | Ticket: 1454 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15394 dc483132-0cff-0310-8789-dd5450dbe970
* Implement encoders for etype_info2 and add support to s2kparams forSam Hartman2003-05-068-9/+63
| | | | | | | | | decoders. Ticket: 1454 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15393 dc483132-0cff-0310-8789-dd5450dbe970
* Replace ovpasswd with kpasswdSam Hartman2003-05-042-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15392 dc483132-0cff-0310-8789-dd5450dbe970
* * kadm_stream.c: Fixed vts_long() and vts_short() so they return a pointer ↵Alexandra Ellwood2003-05-012-3/+15
| | | | | | to the beginning of the memory they allocate and place their data at the end of the buffer which was passed in git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15388 dc483132-0cff-0310-8789-dd5450dbe970
* AES code shouldn't define uint32_t etc if the system provides themKen Raeburn2003-04-292-1/+5
| | | | | | | | | | Use inttypes.h if available. ticket: new status: open target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15383 dc483132-0cff-0310-8789-dd5450dbe970
* set-change password breaks kpasswdSam Hartman2003-04-282-1/+7
| | | | | | | | | | | | In some cases a null realm argument was passed into the function for locating the kpasswd server. This ended up causing segfaults in kpasswd. Fix to use the right realm. ticket: new Tags: pullup Target_Version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15379 dc483132-0cff-0310-8789-dd5450dbe970
* Incorporate krb5_os_context directly into krb5_context, since they're alwaysKen Raeburn2003-04-282-15/+7
| | | | | | allocated and freed at the same time, even if in different files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15378 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_setpw_result_string should be internalSam Hartman2003-04-274-3/+12
| | | | | | | | | | | | | Make krb5_setpw_result_string a krb5int_ function prototyped in k5-int.h. The prototype was already there, but the code did not match the function name. This needs to be pulled up to the release branch to fix Windows build because of a KRB5_CALLCONV issue. ticket: new Tags: pullup Target_Version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15375 dc483132-0cff-0310-8789-dd5450dbe970
* Implementation of Microsoft set password client library code providedSam Hartman2003-04-258-19/+438
| | | | | | | | | | by Paul Nelson. Ticket: 1377 Status: open Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15373 dc483132-0cff-0310-8789-dd5450dbe970
* * kfree.c (krb5_free_pwd_sequences): Correction to previousEzra Peisach2003-04-242-2/+7
| | | | | | | | fix. Free contents of krb5_data - not just the pointer. ticket: 1439 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15369 dc483132-0cff-0310-8789-dd5450dbe970
* errno should never be explicitly declaredKen Raeburn2003-04-249-15/+14
| | | | | | | | | | | | Remove explicit declarations of errno; include errno.h as needed. (Also, errmsg in krb4, and malloc in compile_et.) ticket: new target_version: 1.3 tags: pullup status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15368 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_free_pwd_sequences only frees first elementEzra Peisach2003-04-232-7/+18
| | | | | | | | | | | | | | | | * kfree.c (krb5_free_pwd_sequences): Actually free the entire sequence of passwd_phase_elements and not just the first one. In our tree, this code is only used by krb5_free_pwd_data() which is subsequently not used anywhere else. Perhaps all code pertaining to pwd data (asn.1 decoders, encoders, etc. should be removed) ticket: new component: krb5-libs target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15364 dc483132-0cff-0310-8789-dd5450dbe970
* * alt_prof.c (kadm5_get_config_params): Add aes256 to the default supportedKen Raeburn2003-04-192-1/+6
| | | | | | | | | enctypes list. ticket: 1418 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15362 dc483132-0cff-0310-8789-dd5450dbe970
* Note to self: Save buffers before checkin, not after. GrrKen Raeburn2003-04-181-1/+5
| | | | | | | ticket: 1418 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15360 dc483132-0cff-0310-8789-dd5450dbe970
* fix typoKen Raeburn2003-04-181-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15359 dc483132-0cff-0310-8789-dd5450dbe970
* * init_ctx.c (DEFAULT_ETYPE_LIST): Add AES with 256 bits at the front of theKen Raeburn2003-04-182-0/+6
| | | | | | | | | list. No 128-bit support by defaut. ticket: 1418 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15358 dc483132-0cff-0310-8789-dd5450dbe970
* * dk_encrypt.c (krb5int_aes_dk_encrypt): Set output length properlyKen Raeburn2003-04-182-0/+7
| | | | | | | ticket: 1418 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15357 dc483132-0cff-0310-8789-dd5450dbe970
* * g_ad_tkt.c: Added support for login library to get_ad_tkt. Support is ↵Alexandra Ellwood2003-04-142-0/+16
| | | | | | copied from Mac Kerberos4 library and conditionalized for USE_LOGIN_LIBRARY to avoid changing get_ad_tkt's behavior for non-Kerberos Login Library builds git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15352 dc483132-0cff-0310-8789-dd5450dbe970
* Finish implementation of CBC+CTS decryption and truncated HMAC for AES.Ken Raeburn2003-04-139-36/+348
| | | | | | | | | Fix memory management bugs. ticket: 1418 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15351 dc483132-0cff-0310-8789-dd5450dbe970
* Obscure memory leak in asn1_decode_kdc_req_bodyEzra Peisach2003-04-132-1/+20
| | | | | | | | | | | | * asn1_k_decode.c (asn1_decode_kdc_req_body): Fix memory leak if optional server field is lacking, ticket: new component: krb5-libs target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15350 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid really, really huge cpu time usage caused by iteration count inKen Raeburn2003-04-132-0/+11
| | | | | | | | | | | | | spoofed preauth data. (Merely huge cpu time usage is probably still possible.) * aes_s2k.c (krb5int_aes_string_to_key): Return an error if the supplied iteration count is really, really large. ticket: 1418 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15349 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak in krb5_read_passwordKen Raeburn2003-04-132-6/+8
| | | | | | | | | | | * read_pwd.c (krb5_read_password): Always free temporary storage used for verification version of password. ticket: new target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15348 dc483132-0cff-0310-8789-dd5450dbe970
* don't install in-tree libdbTom Yu2003-04-024-12/+27
| | | | | | | | | | | | | Don't install the in-tree libdb. This requires that libkdb, etc. explicitly pull in the object files of the in-tree libdb if not using the system libdb. ticket: new status: open target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15320 dc483132-0cff-0310-8789-dd5450dbe970
* * unparse.c (krb5_unparse_name_ext): Don't move buffer pointer backwards ifKen Raeburn2003-04-012-1/+5
| | | | | | | | nothing has been put into the buffer yet. ticket: 1397 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15314 dc483132-0cff-0310-8789-dd5450dbe970
* Red Hat's krb5_princ_size fixesKen Raeburn2003-04-016-9/+35
| | | | | | | | ticket: 1397 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15312 dc483132-0cff-0310-8789-dd5450dbe970
* If the auth context does not have the DO_TIME flag set and no replaySam Hartman2003-04-012-1/+8
| | | | | | | | | cache is available, do not generate one. ticket: 1400 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15311 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2003-003: xdrmem int overflowsTom Yu2003-03-242-6/+21
| | | | | | | | | | | | | * xdr_mem.c (xdrmem_create): Perform some additional size checks. (xdrmem_getlong, xdrmem_putlong, xdrmem_getbytes): Check x_handy prior to decrementing it. ticket: new status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15300 dc483132-0cff-0310-8789-dd5450dbe970
* fix kadmind startup failure with krb4 vuln patchTom Yu2003-03-192-8/+15
| | | | | | | | | | | * keytab.c (krb5_ktkdb_get_entry): Do not perform the enctype comparison if the requested enctype is a wildcard. ticket: new status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15295 dc483132-0cff-0310-8789-dd5450dbe970
* Disable krb4 cross-realm in krb524d and krb5kdc. Provide an option toSam Hartman2003-03-172-1/+54
| | | | | | | | | | | | | | | | | | | reenable (-X) which prints a warning that you are creating a security hole. Remove support for generating krb4 tickets encrypted using 3DES service keys as it is insecure. They are still accepted however. The KDc is much more strict about accepting only tickets that it would have issued in the current configuration. In particular if the KDC would choose some enctype for writing a TGT, other enctypes will not be accepted when using a TGT. Ticket: 1385 Target_Version: 1.3 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15286 dc483132-0cff-0310-8789-dd5450dbe970
* Do not claim GSS_C_PROT_READY_FLAG since we don't support itSam Hartman2003-03-144-1/+14
| | | | | | | | | | | | | Our code does not currently support GSS_C_PROT_READY_FLAG so only return that flag after context establishment. A potential future addition is to support that flag and return GAP_TOKEN if the initiator processes a message token before the final context token. Ticket: 1352 Tags: pullup Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15280 dc483132-0cff-0310-8789-dd5450dbe970
* Rewrite asn1_get_tag interface to use a structure pointer rather than severalKen Raeburn2003-03-127-203/+246
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pointer variables for the returned data. Use the structure in the caller when straightforward; in cases where macros use different but overlapping sets of automatic scalar variables in one file, copy the values out of the structures for now, until they can be analyzed more carefully. * asn1_get.c (asn1_get_tag): Deleted. (asn1_get_tag_2): Renamed from asn1_get_tag_indef, now uses a pointer to taginfo rather than a bunch of pointer args. (asn1_get_id, asn1_get_length): Folded into asn1_get_tag_2. (asn1_get_sequence): Call asn1_get_tag_2. * asn1_get.h (taginfo): New structure. (asn1_get_tag_indef, asn1_get_tag, asn1_get_id, asn1_get_length): Declarations deleted. (asn1_get_tag_2): Declare. * asn1_decode.c (setup): Declare only a taginfo variable. (asn1class, construction, tagnum, length): New macros. (tag): Call asn1_get_tag_2. * asn1_k_decode.c (next_tag, get_eoc, apptag, end_sequence_of, end_sequence_of_no_tagvars, asn1_decode_krb5_flags): Call asn1_get_tag_2; if no error, copy out values into scalar variables. (asn1_decode_ticket): Call asn1_get_tag_2. * asn1buf.c (asn1buf_skiptail): Call asn1_get_tag_2. * krb5_decode.c (check_apptag, next_tag, get_eoc): Call asn1_get_tag_2; if no error, copy out values into scalar variables. (decode_krb5_enc_kdc_rep_part): Call asn1_get_tag_2. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15274 dc483132-0cff-0310-8789-dd5450dbe970
* * t_kerb.c: Only include krb.h if krb4 support compiled in,Ezra Peisach2003-03-092-0/+12
| | | | | | otherwise define ANAME_SZ, INST_SZ and REALM_SZ. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15271 dc483132-0cff-0310-8789-dd5450dbe970
* Yet another attempt at cross-directory dependencies. Seems to fix the parallelKen Raeburn2003-03-082-8/+46
| | | | | | | | | | | build, and hasn't broken the out-of-date case so far as I can tell, so far... Added a bunch of comments describing the cases that need to be handled. * Makefile.in ($(BUILDTOP)/include/gssapi/gssapi.h, generic/gssapi.h, generic/gssapi_err_generic.h, krb5/gssapi_err_krb5.h): Comment out old rules and dependencies; depend on all-recurse and supply a no-op rule. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15270 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5_libinit.c: Changed USE_HARDCODED_FALLBACK_ERROR_TABLES macro to ↵Alexandra Ellwood2003-03-072-2/+8
| | | | | | !USE_BUNDLE_ERROR_STRINGS so Darwin based builds get com_err style error tables git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15267 dc483132-0cff-0310-8789-dd5450dbe970
* * gss_libinit.c: Changed USE_HARDCODED_FALLBACK_ERROR_TABLES macro to ↵Alexandra Ellwood2003-03-072-2/+8
| | | | | | !USE_BUNDLE_ERROR_STRINGS so Darwin based builds get com_err style error tables git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15266 dc483132-0cff-0310-8789-dd5450dbe970
* * preauth2.c (pa_sam_2): Add intermediate size_t variable to holdTom Yu2003-03-062-1/+8
| | | | | | | | output of krb5_c_encrypt_length(). ticket: 1373 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15264 dc483132-0cff-0310-8789-dd5450dbe970
* * c_ustime.c: Removed Mac OS 9 code. * ccdefname.c: Conditionalize on ↵Alexandra Ellwood2003-03-066-123/+29
| | | | | | USE_CCAPI and not TARGET_OS_MAC so Darwin builds work. * init_os_ctx.c: Modified to use DEFAULT_SECURE_PROFILE_PATH and DEFAULT_PROFILE_PATH for KfM homedir-relative config files. * read_pwd.c: Cast to remove const warnings. * timeofday.c: Do the same thing on the Mac as on Unix git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15259 dc483132-0cff-0310-8789-dd5450dbe970
* * appdefault.c: Fix constness to avoid warning. * init_ctx.c: Do the same ↵Alexandra Ellwood2003-03-064-3/+11
| | | | | | stuff on the Mac as on Unix. * preauth2.c: Added cast to fix warning git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15258 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-16 05:31:57 +0000