summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Change basename of libkadm5 libraries to avoid Heimdal conflictGreg Hudson2010-01-196-8/+18
| | | | | | ticket: 6644 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23662 dc483132-0cff-0310-8789-dd5450dbe970
* In kinit_anonymous, fail out if we receive a password request fromGreg Hudson2010-01-191-1/+11
| | | | | | kinit, instead of hanging. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23661 dc483132-0cff-0310-8789-dd5450dbe970
* Make history key exempt from permitted_enctypesGreg Hudson2010-01-141-7/+7
| | | | | | | | | | | | In kdb_init_hist, just use the first key entry in the kadmin/history entry. This makes the history key work even if the enctype is disallowed by allow_weak_crypto=false or other configuration. ticket: 6640 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23657 dc483132-0cff-0310-8789-dd5450dbe970
* Add test program for decryption of overly short buffersGreg Hudson2010-01-122-2/+135
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23652 dc483132-0cff-0310-8789-dd5450dbe970
* Use keyed checksum type for DES FASTGreg Hudson2010-01-121-0/+3
| | | | | | | | | | | | DES enctypes have unkeyed mandatory-to-implement checksums. Since FAST requires a keyed checksum, we must pick something else in that case. ticket: 6633 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23629 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify and fix FAST check for keyed checksum typeGreg Hudson2010-01-121-15/+4
| | | | | | | | | | | | Use krb5_c_is_keyed_checksum to detect unkeyed checksums when handling FAST requests. The old check was broken for 1.8 because krb5_c_verify_checksum got pickier about invalid keyblocks. ticket: 6632 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23628 dc483132-0cff-0310-8789-dd5450dbe970
* Group together the funtions related to the supplying options to preauth ↵Zhanna Tsitkov2010-01-114-125/+159
| | | | | | | | plugin modules. Also, removed krb5int_ prefix from the names of some static functions in gic_opt.c.s git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23625 dc483132-0cff-0310-8789-dd5450dbe970
* (memory leak)Ezra Peisach2010-01-101-2/+0
| | | | | | ktest_make_sample_ad_signedpath_data: Do not initialize client field twice. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23624 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5_authdata_export_authdata into the separate file for better code ↵Zhanna Tsitkov2010-01-103-65/+99
| | | | | | modularity git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23623 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_pbkdf2_hmac_sha1 fails to set enctype on keyblockEzra Peisach2010-01-091-0/+1
| | | | | | | | | | | krb5int_pbkdf2_hmac_sha1 fails to set enctype on a termporary keyblock - resulting in valgrind picking up on a conditional branch w/ unset value. Initialize value. ticket: 6630 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23622 dc483132-0cff-0310-8789-dd5450dbe970
* Fix t_locate_kdc.c test program after r23613 when krb5_ prefix was removed ↵Zhanna Tsitkov2010-01-081-1/+1
| | | | | | from the names of the static functions in locate_kdc.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23614 dc483132-0cff-0310-8789-dd5450dbe970
* Move kdc related functionality from pac.c into pac_sign.cZhanna Tsitkov2010-01-085-307/+363
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23613 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_dk_string_to_key fails to set enctypeEzra Peisach2010-01-081-0/+1
| | | | | | | | | | Failure to set the enctype before invoking krb5_k_create_key results in potential memory leak. ticket: 6628 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23612 dc483132-0cff-0310-8789-dd5450dbe970
* Set enctype in crypto_tests to prevent memory leaksEzra Peisach2010-01-082-17/+13
| | | | | | | | | | The key caching is causing memory leaks if enctype is not set as the enctype specific cleanup handlers are not called. ticket: 6627 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23611 dc483132-0cff-0310-8789-dd5450dbe970
* Restore interoperability with 1.6 addprinc -randkeyGreg Hudson2010-01-081-0/+28
| | | | | | | | | | | | | The arcfour string-to-key operation in krb5 1.7 (or later) disagrees with the dummy password used by the addprinc -randkey operation in krb5 1.6's kadmin client, because it's not valid UTF-8. Recognize the 1.6 dummy password and use a random password instead. ticket: 6626 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23610 dc483132-0cff-0310-8789-dd5450dbe970
* yarrow code does not initialize keyblock enctype and uses unitialized valueEzra Peisach2010-01-082-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | The yarrow code uses a keyblock that is partially initialized. This results in krb5_k_free_key trying to look up the enctype to call the free handler. One of the valgrind reports: (there are several paths) ==26701== Conditional jump or move depends on uninitialised value(s) ==26701== at 0x40E9AF0: find_enctype (etypes.h:81) ==26701== by 0x40E9C9E: krb5_k_free_key (key.c:91) ==26701== by 0x40D641A: krb5int_yarrow_cipher_init (ycipher.c:49) ==26701== by 0x40D593A: yarrow_gate_locked (yarrow.c:578) ==26701== by 0x40D5349: krb5int_yarrow_output_Block (yarrow.c:423) ==26701== by 0x40D581B: yarrow_output_locked (yarrow.c:553) ==26701== by 0x40D5667: krb5int_yarrow_output (yarrow.c:513) ==26701== by 0x40EBD2D: krb5_c_random_make_octets (prng.c:112) ==26701== by 0x40D4119: krb5int_old_encrypt (old_aead.c:97) ==26701== by 0x40E9696: krb5_k_encrypt_iov (encrypt_iov.c:42) ==26701== by 0x8049554: main (t_encrypt.c:206) ==26701== ticket: 6625 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23609 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_derive_key results in cache with uninitialized valuesEzra Peisach2010-01-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | krb5int_derive_key creates a temporary keyblock to add to the derived cache. krb5_k_free_key will iterate over the derived keys and for ones with cache will lookup the enctype for the key_cleanup handler. Unfortunatly, there isn't a keyblock init function that does not allocate the keyblock - as I suspect this problem will appear in other places. The valgrind log of this problem is: ==7281== Conditional jump or move depends on uninitialised value(s) ==7281== at 0x40E9AE8: find_enctype (etypes.h:81) ==7281== by 0x40E9C96: krb5_k_free_key (key.c:91) ==7281== by 0x40E9C52: krb5_k_free_key (key.c:86) ==7281== by 0x40EBB00: krb5_c_prf (prf.c:87) ==7281== by 0x40E7B1B: prf_plus (cf2.c:77) ==7281== by 0x40E7CE6: krb5_c_fx_cf2_simple (cf2.c:125) ==7281== by 0x804899C: main (t_cf2.c:70) ==7281== with memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23608 dc483132-0cff-0310-8789-dd5450dbe970
* When retrieving the kadmin/history key, accept any enctype, as theGreg Hudson2010-01-071-2/+2
| | | | | | | | | | current master key enctype may not match the one the KDB was created with. ticket: 6546 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23607 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5_auth_con_getauthenticator into copy_athctr.c as a better logical ↵Zhanna Tsitkov2010-01-072-9/+41
| | | | | | location git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23606 dc483132-0cff-0310-8789-dd5450dbe970
* Revert change to Makefile.in that ended up not being neededSam Hartman2010-01-071-6/+1
| | | | | | ticket: 6624 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23605 dc483132-0cff-0310-8789-dd5450dbe970
* automated tests for anonymous pkinitSam Hartman2010-01-076-1/+120
| | | | | | | | | | | | | Implement tests for anonymous pkinit. A certificate and private key are checked in; these tests will stop working in 2023. Note that r23602 needs to be pulled up before this ticket. ticket: 6624 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23604 dc483132-0cff-0310-8789-dd5450dbe970
* Always treat anonymous as preauth requiredSam Hartman2010-01-071-0/+1
| | | | | | | | | | Always treat the WELLKNOWN/ANONYMOUS principal as requiring pre-authentication. The anonymous draft depends on a pre-auth exchange to invoke pkinit. ticket: 6623 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23603 dc483132-0cff-0310-8789-dd5450dbe970
* Make preauth_module_dir override, rather than supplement, theGreg Hudson2010-01-072-66/+20
| | | | | | | built-in path list, to avoid problems with running the same preauth module twice. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23602 dc483132-0cff-0310-8789-dd5450dbe970
* Use a distinct pass/fail string for kinit_fast so its failures can beGreg Hudson2010-01-071-3/+3
| | | | | | distinguished from kinit's. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23601 dc483132-0cff-0310-8789-dd5450dbe970
* Add miising files from rev #23593Zhanna Tsitkov2010-01-072-0/+405
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23600 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_dbe_def_search_enctype more consistent about when it returnsGreg Hudson2010-01-061-27/+23
| | | | | | | KRB5_KDB_NO_PERMITTED_KEY. Now it will return that error if it sees any non-permitted enctypes which match the search criteria. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23599 dc483132-0cff-0310-8789-dd5450dbe970
* Don't return KRB5_KDB_NO_PERMITTED_KEY fromGreg Hudson2010-01-061-1/+2
| | | | | | | | | | | krb5_dbe_def_search_enctype if we previously returned results (i.e. if *start > 0). ticket: 6622 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23597 dc483132-0cff-0310-8789-dd5450dbe970
* Divide copy_auth.c into three files based on the functionality. Namely, Zhanna Tsitkov2010-01-065-321/+45
| | | | | | | | 1. copy/merge authdata 2. KDC related encode authdata 3. decode authdata git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23593 dc483132-0cff-0310-8789-dd5450dbe970
* Since krb5int_validate_times is used only inside krb dir do not export it ↵Zhanna Tsitkov2010-01-064-5/+4
| | | | | | and move its prototype into int-proto.h git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23592 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_validate_times into krb5int_validate_times as it is internal ↵Zhanna Tsitkov2010-01-055-6/+6
| | | | | | function git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23591 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5int_tgtname into krb5_tgtname as an internal functionZhanna Tsitkov2010-01-057-16/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23590 dc483132-0cff-0310-8789-dd5450dbe970
* Update trunk for post-1.8-branchTom Yu2010-01-051-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23589 dc483132-0cff-0310-8789-dd5450dbe970
* README, copyright, patchlevel for krb5-1.8 branchTom Yu2010-01-051-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23587 dc483132-0cff-0310-8789-dd5450dbe970
* disable weak crypto by defaultTom Yu2010-01-056-25/+50
| | | | | | | | | Set allow_weak_crypto=false by default. Set default master key enctype to sha256. Adjust test suite to compensate. ticket: 6621 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
* Install encrypted_challenge plugin during fake-installTom Yu2010-01-041-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23585 dc483132-0cff-0310-8789-dd5450dbe970
* Add preauth_module_dir support to the KDC preauth module loaderGreg Hudson2010-01-041-3/+44
| | | | | | | (should have been part of r23531). Most or all of this logic should be moved into the plugin code or a layer above it, after the branch. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23584 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous documentationSam Hartman2010-01-042-1/+41
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23583 dc483132-0cff-0310-8789-dd5450dbe970
* Other changes in this ticket guarantee that the padata argument toSam Hartman2010-01-041-1/+1
| | | | | | | | return callbacks is non-null; don't check for null in pkinit_srv.c. ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23582 dc483132-0cff-0310-8789-dd5450dbe970
* Bring back krb5_kt_free_entry which really does the same thing asSam Hartman2010-01-042-4/+5
| | | | | | | krb5_free_keytab_entry_contents per discussion on krbdev in order to avoid breaking samba builds. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23581 dc483132-0cff-0310-8789-dd5450dbe970
* Test FAST authentication during each passSam Hartman2010-01-043-7/+62
| | | | | | | Because a new principal is added to the database, the iprop test expected output is updated. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23580 dc483132-0cff-0310-8789-dd5450dbe970
* Fix documentation of armor cache based on fast negotiation projectSam Hartman2010-01-041-3/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23579 dc483132-0cff-0310-8789-dd5450dbe970
* kdc_supported_enctypes does nothing; eradicate mentions thereofTom Yu2010-01-042-30/+0
| | | | | | | | | kdc_supported_enctypes does nothing. Remove all mention of it from documentation and test suites. ticket: 6620 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23578 dc483132-0cff-0310-8789-dd5450dbe970
* Don't accept AS replies encrypted in enctypes other than the ones weGreg Hudson2010-01-041-0/+18
| | | | | | asked for. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23577 dc483132-0cff-0310-8789-dd5450dbe970
* For the better code modularity keep some "free" routines closer to the ↵Zhanna Tsitkov2010-01-047-177/+100
| | | | | | resource allocators. Also, reindent cleanup in the touched files git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23576 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-01-039-65/+131
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23575 dc483132-0cff-0310-8789-dd5450dbe970
* Enable caching of key-derived context info such as key schedules fromKen Raeburn2010-01-033-18/+72
| | | | | | | | | | | | | one encryption operation to another. Use a new function in the enc_provider structure for cleanup. Implement caching of aes_ctx values. Using Greg's performance tests from the derived-key caching work, on a 2.8GHz Xeon, I see 1 million AES-128 encryptions of 16 bytes improved by 5-6%; encryptions of 1024 bytes and checksums are not significantly affected. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23574 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a case where krb5int_aes_decrypt was trying to encrypt a blockGreg Hudson2010-01-031-1/+1
| | | | | | instead of decrypting it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23573 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_gss_acquire_cred will deref garbage pointer if actual_mechs is NULLEzra Peisach2010-01-031-3/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23572 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize variables in case of error path winds up freeing stack garbageEzra Peisach2010-01-031-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23571 dc483132-0cff-0310-8789-dd5450dbe970
* Ignore some routing messages indicating changes that don't affect ourKen Raeburn2010-01-031-0/+24
| | | | | | set of local addresses. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23570 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-06 06:00:12 +0000