summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* In testrealm.py, add ksu and kvno to the list of build directoriesGreg Hudson2010-04-041-1/+3
| | | | | | containing programs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23858 dc483132-0cff-0310-8789-dd5450dbe970
* Fix backwards flag output in krb5_init_creds_step()Greg Hudson2010-03-291-2/+2
| | | | | | | | | | | | krb5_init_creds_step() is taken from Heimdal, which sets *flags to 1 for "continue" and 0 for "stop". Unfortunately, we got it backwards in 1.8; fix it for 1.8.1. ticket: 6693 tags: pullup target_version: 1.8.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23844 dc483132-0cff-0310-8789-dd5450dbe970
* Always pass -W option to kdb5_util create in testingKen Raeburn2010-03-274-5/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23838 dc483132-0cff-0310-8789-dd5450dbe970
* In gc_frm_kdc.c, rename cur_kdc to cur_realm and nxt_kdc to nxt_realm,Greg Hudson2010-03-261-67/+70
| | | | | | | | | | to make it easier to distinguish them from cur_tgt and nxt_tgt. Make similar name changes to lst_kdc and kdc_list, as well as the function find_nxt_kdc(). No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23837 dc483132-0cff-0310-8789-dd5450dbe970
* Straighten the if-ladder in encrypted challenge's process_preauth,Greg Hudson2010-03-251-7/+6
| | | | | | | making it clearer that control drops through if one of the first couple of steps fails. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23836 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Arlene Berry to not use freed memory inTom Yu2010-03-231-1/+2
| | | | | | | | | | gss_import_sec_context in some error paths. ticket: 6678 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23834 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGOTom Yu2010-03-231-22/+16
| | | | | | | | | | | The SPNEGO implementation in krb5-1.7 and later could crash due to assertion failure when receiving some sorts of invalid GSS-API tokens. ticket: 6690 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23832 dc483132-0cff-0310-8789-dd5450dbe970
* Include t_spengno.o in list of OBJS so make clean will removeEzra Peisach2010-03-231-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23831 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_typed_data not castable to krb5_pa_data on 64-bit MacOSXTom Yu2010-03-232-11/+13
| | | | | | | | | | | | | Move krb5_typed_data to krb5.hin from k5-int-pkinit.h because krb5int_fast_process_error was assuming that it was safe to cast it to krb5_pa_data. It's not safe to do the cast on 64-bit MacOSX because krb5.hin uses #pragma pack on that platform. ticket: 6689 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23829 dc483132-0cff-0310-8789-dd5450dbe970
* Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512Greg Hudson2010-03-201-1/+1
| | | | | | | | | | | | | | | | | | | | KRB5_AUTHDATA_SIGNTICKET, originally a Heimdal authorization data type, was used to implement PAC-less constrained delegation in krb5 1.8. Unfortunately, it was found that Microsoft was using 142 for other purposes, which could result in a ticket issued by an MIT or Heimdal KDC being rejected by a Windows Server 2008 R2 application server. Because KRB5_AUTHDATA_SIGNTICKET is only used to communicate among a realm's KDCs, it is relatively easy to change the number, so MIT and Heimdal are both migrating to a new number. This change will cause a transitional interoperability issue when a realm mixes MIT krb5 1.8 (or Heimdal 1.3.1) KDCs with MIT krb5 1.8.1 (or Heimdal 1.3.2) KDCs, but only for constrained delegation evidence tickets. ticket: 6687 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23821 dc483132-0cff-0310-8789-dd5450dbe970
* Document the ticket_lifetime libdefaults setting (which was added inGreg Hudson2010-03-191-0/+4
| | | | | | | | | | r16656, #2656). Based on a patch from nalin@redhat.com. ticket: 6680 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23820 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the kpasswd fallback from the ccache principal name to theGreg Hudson2010-03-181-7/+11
| | | | | | | | | | username in the case where the ccache doesn't exist. ticket: 6683 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23819 dc483132-0cff-0310-8789-dd5450dbe970
* Include int-proto.h in mk_req_ext.c for krb5int_validate_timesGreg Hudson2010-03-181-0/+1
| | | | | | declaration. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23818 dc483132-0cff-0310-8789-dd5450dbe970
* UntabifyKen Raeburn2010-03-181-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23817 dc483132-0cff-0310-8789-dd5450dbe970
* Copyright noticeKen Raeburn2010-03-181-1/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23816 dc483132-0cff-0310-8789-dd5450dbe970
* When checking for KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT, don'tGreg Hudson2010-03-171-1/+1
| | | | | | | | | | dereference options if it's NULL. ticket: 6681 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23815 dc483132-0cff-0310-8789-dd5450dbe970
* Add more verbosity when the -V option to kinit is specified. Based onGreg Hudson2010-03-171-0/+21
| | | | | | | | a patch from Jeff Blaine <jblaine@kickflop.net>. ticket: 6684 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23814 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the Python version check to use constructs available in olderGreg Hudson2010-03-171-10/+4
| | | | | | versions of Python. (python --version was added in 2.5.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23813 dc483132-0cff-0310-8789-dd5450dbe970
* Add a version check to the Python test, so that we don't try to runGreg Hudson2010-03-171-2/+11
| | | | | | k5test in Python 2.3 or below. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23812 dc483132-0cff-0310-8789-dd5450dbe970
* Merge users/raeburn/branches/network-mergeKen Raeburn2010-03-1720-2066/+473
| | | | | | | | | | Re-integrates the forked versions of network.c in kdc and kadmin/server. Server-specific initialization and SIGHUP-reset code is moved into other source files; the more generic network-servicing code is merged and moved into apputils library already used by both programs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23811 dc483132-0cff-0310-8789-dd5450dbe970
* handle NT_SRV_INST in service principal referralsTom Yu2010-03-161-0/+1
| | | | | | | | | | | Handle NT_SRV_INST in service principal cross-realm referrals, as Windows apparently uses that instead of NT_SRV_HST for at least some service principals. ticket: 6685 target_version: 1.8.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23810 dc483132-0cff-0310-8789-dd5450dbe970
* Set up KRB5_RUN_ENV for pytests, so that Python-based tests can runTom Yu2010-03-153-2/+7
| | | | | | without first running "make install". git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23805 dc483132-0cff-0310-8789-dd5450dbe970
* Lazy history key creationGreg Hudson2010-03-112-60/+37
| | | | | | | | | | | Create kadmin/history lazily when we need it (i.e. when a password is changed on a principal with a policy) instead of whenever we open the database. Allows kadmin.local to be used as a read-only tool on non- kadmin-conformant database back ends such as the Samba bridge. ticket: 6679 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23799 dc483132-0cff-0310-8789-dd5450dbe970
* Use KRB5_CONF_ macros instead of strings in the source file for profile ↵Zhanna Tsitkov2010-03-102-6/+8
| | | | | | config attributes "default" and "logging" git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23798 dc483132-0cff-0310-8789-dd5450dbe970
* Remove vestigial include/spnego-asn1.hGreg Hudson2010-03-101-90/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23796 dc483132-0cff-0310-8789-dd5450dbe970
* Add a "make testrealm" target using the Python test framework. AsGreg Hudson2010-03-083-12/+92
| | | | | | | part of this, expose the environments in K5Realm as attributes so that test scripts can modify them. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23794 dc483132-0cff-0310-8789-dd5450dbe970
* Make python test start_in_inetd functionEzra Peisach2010-03-073-2/+5
| | | | | | | | | util/k5test.py: Fix incorrect variable used tests/dejagnu/t_inetd.c: Flush stdout after outputting "Ready!" tests/dejagnu/Makefile.in: Always compile t_inetd - even in runtest is not present git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23773 dc483132-0cff-0310-8789-dd5450dbe970
* Release the internal_name field of a SPNEGO context if it has not beenGreg Hudson2010-03-051-0/+3
| | | | | | | | | | claimed for a caller argument. ticket: 6674 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23772 dc483132-0cff-0310-8789-dd5450dbe970
* Add a Python test to run t_spnegoGreg Hudson2010-03-052-0/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23771 dc483132-0cff-0310-8789-dd5450dbe970
* In post.in, add a check-pytests intermediate target for Makefile.in toGreg Hudson2010-03-051-3/+8
| | | | | | add dependencies to, for test scripts which run C test programs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23770 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a double-free in the t_spnego test program resulting from overlyGreg Hudson2010-03-051-3/+0
| | | | | | careless cutting and pasting. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23769 dc483132-0cff-0310-8789-dd5450dbe970
* Add a message parameter to k5test's success(), to briefly indicate theGreg Hudson2010-03-053-9/+12
| | | | | | scope of test scripts. Only displayed when verbose is set. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23768 dc483132-0cff-0310-8789-dd5450dbe970
* Add IPv6 support to changepw.c (reverting r21004 since it is no longerGreg Hudson2010-03-051-7/+26
| | | | | | | | | | necessary). Patch from Submit Bose <sbose@redhat.com>. ticket: 6661 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23767 dc483132-0cff-0310-8789-dd5450dbe970
* Ignore improperly encoded signedpath AD elementsGreg Hudson2010-03-051-1/+5
| | | | | | | | | | | | | We have some reason to believe Microsoft and Heimdal are both using the authdata value 142 for different purposes, leading to failures in verify_ad_signedpath(). For better interoperability, treat such tickets as unsigned, rather than invalid. ticket: 6676 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23766 dc483132-0cff-0310-8789-dd5450dbe970
* Error out if a Python test program failsGreg Hudson2010-03-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23765 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up a help string in k5testGreg Hudson2010-03-041-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23764 dc483132-0cff-0310-8789-dd5450dbe970
* Python test frameworkGreg Hudson2010-03-047-1/+1159
| | | | | | | | | | | | Add a framework for writing tests in Python. Documentation is in the initial docstring of util/k5test.py. Inaugurate the framework with two test scripts, t_general.py and t_anonypkinit.py, which together test the same operations as standalone.exp from the dejagnu test suite. ticket: 6672 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23763 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some more test suite cruft:Greg Hudson2010-02-282-21/+7
| | | | | | | | | | | | | * localhostname from get_hostname was unused. * database_name is no longer used except (misleadingly) in kdb5_util output. * admin_database_name and admin_database_lockfile are no longer used. * default_domain is only used for v4->v5 principal conversion, which isn't tested. * libkadm5's init-v2.exp had a copy of get_hostname; domain and localhostname from it were unused. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23759 dc483132-0cff-0310-8789-dd5450dbe970
* On Linux platforms, use -Wl,--enable-new-dtags when linking sharedGreg Hudson2010-02-271-2/+2
| | | | | | | | | libraries and programs using them. The primary effect is to get ld to set DT_RUNPATH in addition to DT_RPATH, which in turn allows the LD_LIBRARY_PATH environment variable to override the compiled-in runpath, which is friendlier to the test framework. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23758 dc483132-0cff-0310-8789-dd5450dbe970
* doc updates for allow_weak_cryptoTom Yu2010-02-251-0/+8
| | | | | | | | | | Update documentation to be more helpful about allow_weak_crypto. ticket: 6669 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23750 dc483132-0cff-0310-8789-dd5450dbe970
* Two problems in kadm5_get_principal mask handlingGreg Hudson2010-02-241-6/+8
| | | | | | | | | | | | KADM5_MOD_NAME was being applied to entry->principal instead of entry->mod_name. KADM5_MKVNO was not being applied to entry->mkvno. Patch from Marcus Watts <mdw@umich.edu>. ticket: 6668 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23749 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some more dejagnu test suite cruft:Greg Hudson2010-02-221-26/+0
| | | | | | | * check_date was only used by the application tests. * touch was never used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23745 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unused cruft in the dejagnu test suite's default.exp:Greg Hudson2010-02-221-471/+3
| | | | | | | | | | | | | * RLOGIN, RLOGIN_FLAGS, ROOT_PROMPT, ROOT_SHELL, check_k5login, restore_kerberos_env, setup_root_shell, setup_root_shell_noremote, setup_wrapper: No longer used now that the applications are in a separate tree. * v4_compatible_enctype: No longer used with krb4 support gone. * tail1, krb_exit: Apparently never used. * KERBEROS_SERVER: Added long ago in r5686 and removed shortly after in r5695, but the test suite support for it never got excised. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23744 dc483132-0cff-0310-8789-dd5450dbe970
* Explain the current SPNEGO initiator/acceptor design in comments. NoGreg Hudson2010-02-221-11/+66
| | | | | | code changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23743 dc483132-0cff-0310-8789-dd5450dbe970
* Fix two unrelated problems in SPNEGO which don't crop up with the krb5Greg Hudson2010-02-221-10/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | mechanism. 1. The third call to spnego_init_accept_context uses faulty logic to determine if the exchange is complete, preventing a third mech token from being sent to the acceptor if no MIC exchange is required. Follow the logic used in the second call (in init_ctx_nego), which is correct. 2. If the acceptor selects a mech other than the optimistic mech, it sets sc->mic_reqd to 1 whether or not the selected mech supports MICs (which isn't known until the mech completes). Most code outside of handle_mic checks sc->mic_reqd along with (sc->ctx_flags & GSS_C_INTEG_FLAG), but the code in acc_ctx_call_acc neglected to do so, so it could improperly delegate responsibility for deciding when the negotiation was finished to handle_mic--which never gets called if (sc->ctx_flags & GSS_C_INTEG_FLAG) is false. Fix acc_ctx_call_acc to check sc->ctx_flags so that mechs which don't support integrity protection can complete if they are selected non-optimistically. ticket: 6603 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23742 dc483132-0cff-0310-8789-dd5450dbe970
* Use bswap16 and bswap32 on NetBSDKen Raeburn2010-02-201-2/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23741 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-02-206-34/+55
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23740 dc483132-0cff-0310-8789-dd5450dbe970
* Move array decl from mixed within code down into the block where it'sKen Raeburn2010-02-201-8/+11
| | | | | | actually used, for C90 compliance. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23739 dc483132-0cff-0310-8789-dd5450dbe970
* Update export list for 2007 plugin interface changeKen Raeburn2010-02-201-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23738 dc483132-0cff-0310-8789-dd5450dbe970
* Move array decl from mixed within code down into the block where it'sKen Raeburn2010-02-201-8/+11
| | | | | | actually used, for C90 compliance. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23737 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-10-09 20:23:56 +0000