| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
At this time we link t_etypes against init_ctx.so during "make check",
which breaks if init_ctx contains reference to the profile library.
More general solutions to this problem are under discussion.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23530 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 6607
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This ticket implements Project/Anonymous pkinit from k5wiki. Provides
support for completely anonymous principals and untested client
support for realm-exposed anonymous authentication.
* Introduce kinit -n
* Introduce kadmin -n
* krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache
* No longer generate ad-initial-verified-cas in pkinit
* Fix pkinit interactions with non-TGT authentication
Merge remote branch 'anonymous' into trunk
Conflicts:
src/lib/krb5/krb/gic_opt.c
ticket: 6607
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23525 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
delete it and all references.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23524 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23523 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
Define new make variable OFFLINE to "no"; if it's set to "yes", skip
the testing of t_locate_kdc, which requires access to mit.edu SRV
records.
ticket: 6606
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23520 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
corresponding to the moved use of profile_copy in r23484.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23519 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23484 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23483 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
underlying mechanism. Fixes SPNEGO credential delegation in 1.7 and
copying of SPNEGO initiator creds in both 1.7 and trunk. Patch
provided by nalin@redhat.com.
ticket: 6594
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23482 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
handle NULL arguments, so we have to check.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23480 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Merge /users/lhoward/gssextras-no-cqa to trunk. Adds
gss_pseudo_random and gss_store_cred.
ticket: 6597
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23479 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23477 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Heimdal API and its functionality is covered by
krb5_get_init_creds_opt_set_out_ccache.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23469 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
krb5int_parse_enctype_list, at the cost of making repeated realloc()
calls during parsing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23468 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23467 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge branches/fast-negotiate into trunk.
This implements http://k5wiki.kerberos.org/wiki/Projects/Fast_negotiation
Additional changes:
* krb5_c_make_checksum with checksum type 0 uses mandatory checksum for given key enctype
Conflicts:
src/lib/crypto/krb/make_checksum.c
ticket: 6595
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23465 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23464 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
krb5int_confounder_checksum works.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23463 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dependencies on the internals of modules.
* Keyhash providers are gone.
* The cksumtypes table contains checksum and verify functions,
similar to the etypes encrypt and decrypt functions. New checksum
functions parallel the old keyhash providers, and there are also
functions for unkeyed and derived-key HMAC checksums.
* The flags field is now used to indicate whether a checksum is
unkeyed, but not whether it is a derived-key HMAC checksum.
* The descbc checksum is handled through a new enc_provider function
which calculates a CBC MAC.
The OpenSSL module does not implement the CBC MAC function (it didn't
implement descbc before). builtin/des could probably get rid of
f_cksum.c (the old DES CBC routine) with some alterations to
string2key.c.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23462 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
practices
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23460 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
The libdb2 test suite would fail if /bin/csh was not present. The
tests did not execute /bin/csh - but used the contents as data to put
into the test database. Iterate over a few "known" files until one is found
that could be used for it... Tests for /bin/csh, /bin/cat, /usr/bin/cat,
/bin/ls, /usr/bin/ls. If none of these exist - then fail.
ticket: 6593
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23458 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23457 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23456 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23455 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_dbe_def_search_enctype and krb5int_parse_enctype_list were making
assumptions that enctype numbers are positive. Potentially more code
makes this assumption, but these appear to be the major ones.
ticket: 6592
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23454 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
to free garbarge.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23453 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
they are never used by callers.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23452 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23451 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
instead of lists of krb5_data. Make the base HMAC APIs take
crypto_iov lists and drop the _iov variants.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23450 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
validate_and_schedule, and drop the _iov suffix from the one we do
use. (Cleanup from r23444.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23449 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
caller requests zero bytes, by allocating one byte instead.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23448 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23447 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
internal interface can't return an error.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23446 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23445 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
drop the _iov suffix from most encryption- and decryption-related
functions. The enc_provider encrypt and decrypt functions take IOVs,
as do the enctype entries in etypes.c, and there are no separate
encrypt_iov or decrypt_iov functions.
aead_provider is gone. Enctype functions now take pointers to the
enctype entry instead of pointers to the enc/hash/aead providers; this
allows dk_encrypt and dk_decrypt to be polymorphic in the length
function they use now that AES and DES3 can't differentiate by aead
provider.
aes_string_to_key needed to be moved into the krb/ fold for this since
it's an enctype function; it was duplicated between builtin/ and
openssl/ before. This leaves openssl/aes empty; the build system
currently demands that all modules have the same directory structure,
so the directory and Makefile will stick around for now.
Three separate copies of the derive_random logic are also now
consolidated into one.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23443 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23442 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23441 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using my previous patch, if a local hostname like "foobar.local"
is looked up, you may get back a link-local IPv6 address. However,
the KDC seems to be unable to respond from that address, resulting in
a ~1s delay for each KDC exchange while waiting for the client to fail
over to another address (in my case, another IPv6 address).
Create a new object for holding whatever auxiliary information might
be needed to properly transmit the response to the client. Currently,
that only means the interface index number under IPv6. Fill it in on
receipt, always; copy it back to the pktinfo structure when
transmitting, ONLY if the local source address is link-local.
If an error occurs while transmitting the reply, print both the remote
destination address and the local source address. Use getnameinfo
instead of inet_ntop.
Apply the same changes to kadmind, to keep the versions of network.c
more or less in sync.
ticket: 6591
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23440 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many of the tests are set up to fail if the local hostname can't be
mapped to an address and back to a name again. If the name results in
an address, and we can get a fully-qualified name or something that
looks like it, though, we should be able to just go ahead and run some
tests.
This is also closer to the current behavior of sname_to_principal when
reverse DNS is enabled.
ticket: 6590
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23439 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23438 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
functions don't need excessive conditionals internally.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23437 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23436 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23435 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23434 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23433 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
functions for loading and storing potentially-unaligned values.
Improves bulk AES encryption performance by 2% or so on 32-bit x86
with gcc 4.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23432 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23431 dc483132-0cff-0310-8789-dd5450dbe970
|