summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* If the client offers the alg agility KDF, use itSam Hartman2011-09-211-1/+1
| | | | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> pkinit: changes to call alg-agility KDF git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25218 dc483132-0cff-0310-8789-dd5450dbe970
* Add stubs for new pkinit encodersGreg Hudson2011-09-211-1/+19
| | | | | | | | The new pkinit encoders for hash agility are in the library export list (whereas older encoders are invoked via the accessor), so we need to provide stubs for them if we're building without pkinit support. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25216 dc483132-0cff-0310-8789-dd5450dbe970
* Add kadmin functionality for string attributesGreg Hudson2011-09-2110-0/+278
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25215 dc483132-0cff-0310-8789-dd5450dbe970
* Add KRB5_TL_STRING_ATTRS and libkdb5 accessorsGreg Hudson2011-09-215-1/+287
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25214 dc483132-0cff-0310-8789-dd5450dbe970
* Fix asn.1 encoder build without PKINIT supportGreg Hudson2011-09-211-51/+52
| | | | | | | Move all of the added PKINIT hash agility stuff inside the #ifndef DISABLE_PKINIT block. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25213 dc483132-0cff-0310-8789-dd5450dbe970
* Make ASN.1 code build without PKINIT supportGreg Hudson2011-09-191-23/+23
| | | | | | | | Move asn1_decode_kdf_alg_id and asn1_decode_sequence_of_kdf_alg_id inside the #ifndef DISABLE_PKINIT block; otherwise they reference a nonexistent asn1_decode_kdf_alg_id_ptr when PKINIT is disabled. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25211 dc483132-0cff-0310-8789-dd5450dbe970
* Formatting fixesGreg Hudson2011-09-196-234/+250
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25209 dc483132-0cff-0310-8789-dd5450dbe970
* Add KRB5_CALLCONV to krb5_init_context_profile definition in init_ctx.c ↵Sam Hartman2011-09-191-1/+1
| | | | | | | | | Remove extraneous 'p' Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25203 dc483132-0cff-0310-8789-dd5450dbe970
* __func__ -> __FUNCTION__ in #ifdef DEBUG blocks in util_errmap.cSam Hartman2011-09-191-2/+2
| | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25200 dc483132-0cff-0310-8789-dd5450dbe970
* On Windows, parse mechanism info from Registry instead of mech fileSam Hartman2011-09-191-169/+351
| | | | | | | | | | | Currently the code parses @sysconfdir@/gss/mech as a set of GSS mechanisms to dynamically load. On Windows this should come from the registry. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25198 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the ticket from the pkinit-alg-agility KDF function, to matchSam Hartman2011-09-191-1/+0
| | | | | | | | | agreed changes to the IETF specification. Includes removing a parameter from the KDF function, removing the ticket from the ASN.1 encoder, and updating the test code. Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25197 dc483132-0cff-0310-8789-dd5450dbe970
* Asn1_encode: indicate DER compressed form without tag or length as inputSam Hartman2011-09-191-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25196 dc483132-0cff-0310-8789-dd5450dbe970
* Implement encoding and decoding for supportedKDFs and kdfIDSam Hartman2011-09-194-36/+108
| | | | | | pkinit: ASN.1 encoders and decoders for new KDF git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25195 dc483132-0cff-0310-8789-dd5450dbe970
* * Extend auth_packSam Hartman2011-09-192-0/+11
| | | | | | | | | | * extend dh_rep * add krb5_free_octet_data * extend pkinit free functions pkinit: add supportedKDFs and kdfID to structures git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25194 dc483132-0cff-0310-8789-dd5450dbe970
* Added underlying ASN.1 structures for pkinit algorithm agilitySam Hartman2011-09-192-3/+37
| | | | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> tested-by: Sam Hartman <hartmans@debian.org> fixes-from: Sam Hartman <hartmans@debian.org> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25190 dc483132-0cff-0310-8789-dd5450dbe970
* In pkinit_crypto_openssl.c, modified pkinit_octetstring2key() toSam Hartman2011-09-191-0/+1
| | | | | | | | | | | | eliminate a possible memory leak in the error path, where the key_block->length was set to zero but the key_block->contents were not freed. Also, changed calloc() call to a malloc() call to avoid allocating up to 8 times as much buffer space as needed. In keyblocks.c, modified kr5_free_keyblock_contents() to set the key->length to zero after the key->contents have been freed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25189 dc483132-0cff-0310-8789-dd5450dbe970
* In order for asn1_encode_oid to be called from DEFLENFNTYPE it needsSam Hartman2011-09-192-2/+2
| | | | | | | | to take void * like all the other string encoders. asn1_encode_oid: take void not asn1_octet git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25188 dc483132-0cff-0310-8789-dd5450dbe970
* asn1_encode.{c,h}: support DEFOCTETWRAPTYPESam Hartman2011-09-192-6/+16
| | | | | | | | | Support a way of defining a type that indicates that the DER encoding of some other type is wrapped inside an octet string in a produced encoding. To support this, support encoding of tagged things where the class is not constructed; in this case it will be primitive. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25187 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a typo in r25026Greg Hudson2011-09-151-6/+6
| | | | | | | A stray "p" was added to krb5_init_context_profile() inside a _WIN32 block. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25180 dc483132-0cff-0310-8789-dd5450dbe970
* Split signal setup into loop_setup_signals()Greg Hudson2011-09-141-21/+22
| | | | | | | In the KDC, set up signals in the worker process child after forking from the monitor process. From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25176 dc483132-0cff-0310-8789-dd5450dbe970
* Reinitialize verto after creating worker childGreg Hudson2011-09-141-3/+9
| | | | | | | Also mark fd events as reinitiable so they survive the fork. From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25175 dc483132-0cff-0310-8789-dd5450dbe970
* Fix verto-k5ev.h dependencies for system libvertoGreg Hudson2011-09-141-16/+16
| | | | | | | | | When we build with the internal verto, we include verto-k5ev.h in order to create loops. When we build with the system verto, we don't include that header file. Add depfix logic and pre.in variables to avoid depending on verto-k5ev.h for a system verto build. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25173 dc483132-0cff-0310-8789-dd5450dbe970
* Fix verto.h dependencies for system libvertoGreg Hudson2011-09-091-16/+16
| | | | | | | | When we have conditionally built bundled source, we need logic in depfix.pl and variables in pre.in to avoid depending on the bundled verto.h in generated dependencies. Add that logic for verto. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25170 dc483132-0cff-0310-8789-dd5450dbe970
* Fix some error-handling bugs in cc_dir.cGreg Hudson2011-09-071-4/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25168 dc483132-0cff-0310-8789-dd5450dbe970
* Change how bundled libverto is linkedGreg Hudson2011-09-061-0/+7
| | | | | | | | | Give libverto-k5ev a header file. When using the internal verto library, link against -lverto-k5ev and use verto_default_k5ev() instead of verto_default(), bypassing the module loading logic and making static builds possible. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25166 dc483132-0cff-0310-8789-dd5450dbe970
* Fix several bugs in gss-krb5 inq_credGreg Hudson2011-09-061-8/+9
| | | | | | | | | cred could be used uninitialized if krb5_timeofday() failed. defcred had the wrong type. kg_cred_resolve() should be used instead of krb5_gss_validate_cred() to do delayed name/ccache resolution and get a lock. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25164 dc483132-0cff-0310-8789-dd5450dbe970
* Newer GCCs optimizer catches a variable used without initializationEzra Peisach2011-09-062-463/+849
| | | | | | in the bison library code. Use a GCC pragma to suppress. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25163 dc483132-0cff-0310-8789-dd5450dbe970
* Make gss-krb5 use cache collectionGreg Hudson2011-09-056-83/+149
| | | | | | | | | | | | | | | | For default credentials, defer ccache resolution until we need the information. If this happens in init_sec_context when we have the target principal in hand, use krb5_cc_select() to pick a cache. If the target principal is not known, use the default cache. For credentials with a specified principal, use krb5_cc_cache_match() to find the cache. If no cache is found and a password is specified, create a new cache within the collection to hold the new credentials, if the default cache type supports a collection. ticket: 6958 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25160 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor gss-krb5 acquire_init_credGreg Hudson2011-09-051-224/+237
| | | | | | | | These changes have no functional impact, but will allow the GSSAPI changes for credential selection to be made with a minimum of code movement. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25159 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_cc_select() API and pluggable interfaceGreg Hudson2011-09-0510-1/+565
| | | | | | | | | | | The interface has two built-in modules. The realm module guesses a cache based on the server realm if it is known. The k5identity module (Unix only) chooses a client principal based on rules in a .k5identity file in the user's homedir. ticket: 6957 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25158 dc483132-0cff-0310-8789-dd5450dbe970
* Add ccache collection support to toolsGreg Hudson2011-09-051-1/+1
| | | | | | | | | | | | | | | | * "kdestroy -A" destroys all caches in collection. * "kinit princ" searches the collection for a matching cache and overwrites it, or creates a new cache in the collection, if the type of the default cache is collection-enabled. The chosen cache also becomes the primary cache for the collection. * "klist -l" lists (in summary form) the caches in the collection. * "klist -A" lists the content of all of the caches in the collection. * "kswitch -c cache" (new command) makes cache the primary cache. * "kswitch -p princ" makes the cache for princ the primary cache. ticket: 6956 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25157 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unneeded cccol behaviorsGreg Hudson2011-09-055-499/+146
| | | | | | | | | | Do not yield any default caches in the top level cccol implementation. In the FILE type, yield the default cache if it exists and is of type FILE, instead of yielding the set of open file caches. ticket: 6955 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25156 dc483132-0cff-0310-8789-dd5450dbe970
* Add new cache collection APIsGreg Hudson2011-09-0511-0/+123
| | | | | | | | | | | | | | | * krb5_cc_get_full_name retrieves the full type:name of a cache. * krb5_cc_switch makes a cache the primary cache. * krb5_cc_cache_match searches the collection for a client principal. * krb5_free_string releases a string (for the krb5_cc_get_full_name result). All of these are from Heimdal except for krb5_free_string (Heimdal uses krb5_xfree). ticket: 6954 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25155 dc483132-0cff-0310-8789-dd5450dbe970
* Add the DIR ccache typeGreg Hudson2011-09-057-27/+755
| | | | | | | | | | | | The DIR ccache type supports a collection of credential caches within a private directory (which must be created out of band). One cache is designated as primary at any given time. Setting the default cache name to DIR:dirname will cause caches within dirname to be present in the global cache collection. ticket: 6953 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25154 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the mechglue union cred auxinfo fieldGreg Hudson2011-09-058-242/+65
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25152 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize some more variablesKen Raeburn2011-09-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25151 dc483132-0cff-0310-8789-dd5450dbe970
* Silence various "may be used uninitialized" warnings from GCC causedKen Raeburn2011-09-058-9/+10
| | | | | | | | | by it not figuring out the control flow (initialization and use both tied to some other variable). DB2 code not included. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25146 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-0433-132/+125
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* Skip redundant inclusion of iprop.hKen Raeburn2011-09-042-2/+18
| | | | | | | Suppress GCC's unused-variable diagnostic for purely generated code using outside tools, known to have that issue but not ours to fix. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25142 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of variables triggering gcc's "defined but not used"Ken Raeburn2011-09-0410-40/+0
| | | | | | complaints, almost entirely "rcsid" variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25141 dc483132-0cff-0310-8789-dd5450dbe970
* Untabify some files mistakenly created with tabsGreg Hudson2011-09-0412-310/+310
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25140 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2011-09-041-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25137 dc483132-0cff-0310-8789-dd5450dbe970
* Rename local variable "socket" to avoid the one shadowed-declarationKen Raeburn2011-09-041-3/+3
| | | | | | warning I get in a simple GNU/Linux build. Solaris may have others. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25136 dc483132-0cff-0310-8789-dd5450dbe970
* declarations before codeKen Raeburn2011-09-041-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25135 dc483132-0cff-0310-8789-dd5450dbe970
* Fix pointer type in net-server.c:make_event()Greg Hudson2011-09-041-1/+2
| | | | | | | We use void pointers as temporaries in other uses of ADD(), so do so here as well. The type-safe type would be verto_ev **. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25134 dc483132-0cff-0310-8789-dd5450dbe970
* Fix arg list for dummy version of setup_udp_pktinfo_portsKen Raeburn2011-09-041-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25133 dc483132-0cff-0310-8789-dd5450dbe970
* Migrate net-server loop to use libvertoGreg Hudson2011-09-021-588/+589
| | | | | | From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25132 dc483132-0cff-0310-8789-dd5450dbe970
* Add a loop_ prefix to net-server.c functionsGreg Hudson2011-09-021-11/+12
| | | | | | From npmccallum@redhat.com. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25128 dc483132-0cff-0310-8789-dd5450dbe970
* Fix cross-realm traversal TGT requestsGreg Hudson2011-09-011-1/+1
| | | | | | | | | | | | When requesting a cross-realm TGT, use the KDC instance of the current TGT (the second data component), not the realm which the TGT came from. ticket: 6952 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25121 dc483132-0cff-0310-8789-dd5450dbe970
* Fix connection termination bug in sendto_kdcGreg Hudson2011-09-011-4/+4
| | | | | | | | | | | When terminating a connection, close and invalidate conn->fd so that we don't look for it in selstate on the next select or poll invocation. Looking for such an fd is harmless when using select, but results in an assertion failure when using poll. ticket: 6951 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25120 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 21:05:29 +0000