summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Move krb5_get_profile back to init_os_ctx.c for now and revert r23519.Greg Hudson2009-12-284-8/+9
| | | | | | | | At this time we link t_etypes against init_ctx.so during "make check", which breaks if init_ctx contains reference to the profile library. More general solutions to this problem are under discussion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23530 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-2815-134/+167
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-2828-284/+731
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* Remove libpty referencesKen Raeburn2009-12-281-4/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23525 dc483132-0cff-0310-8789-dd5450dbe970
* The "comment" field of prf_data_t was never actually set nor used, soKen Raeburn2009-12-282-8/+0
| | | | | | delete it and all references. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23524 dc483132-0cff-0310-8789-dd5450dbe970
* Performance testing programs for krb5_init_context and profile data fetchKen Raeburn2009-12-283-1/+580
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23523 dc483132-0cff-0310-8789-dd5450dbe970
* allow testing when offlineKen Raeburn2009-12-282-1/+12
| | | | | | | | | | Define new make variable OFFLINE to "no"; if it's set to "yes", skip the testing of t_locate_kdc, which requires access to mit.edu SRV records. ticket: 6606 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23520 dc483132-0cff-0310-8789-dd5450dbe970
* Include prof_int.h in init_ctx.c instead of init_os_ctx.c,Ken Raeburn2009-12-284-3/+2
| | | | | | corresponding to the moved use of profile_copy in r23484. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23519 dc483132-0cff-0310-8789-dd5450dbe970
* Code modularity related updatesZhanna Tsitkov2009-12-2313-316/+383
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23484 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5_ prefix from some static func namesZhanna Tsitkov2009-12-229-102/+111
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23483 dc483132-0cff-0310-8789-dd5450dbe970
* Add a set_cred_option handler for SPNEGO which forwards to theGreg Hudson2009-12-212-1/+25
| | | | | | | | | | | | underlying mechanism. Fixes SPNEGO credential delegation in 1.7 and copying of SPNEGO initiator creds in both 1.7 and trunk. Patch provided by nalin@redhat.com. ticket: 6594 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23482 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a cleanup handler in the store_creds code; krb5_cc_close doesn'tGreg Hudson2009-12-171-2/+2
| | | | | | handle NULL arguments, so we have to check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23480 dc483132-0cff-0310-8789-dd5450dbe970
* Add GSS extensions to store credentials, generate random bitsGreg Hudson2009-12-1717-8/+939
| | | | | | | | | Merge /users/lhoward/gssextras-no-cqa to trunk. Adds gss_pseudo_random and gss_store_cred. ticket: 6597 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23479 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixesGreg Hudson2009-12-161-7/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23477 dc483132-0cff-0310-8789-dd5450dbe970
* On Luke's advice, remove krb5_init_creds_store_creds. It is not aGreg Hudson2009-12-153-16/+0
| | | | | | | Heimdal API and its functionality is covered by krb5_get_init_creds_opt_set_out_ccache. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23469 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of the requirement of defining MAX_ENCTYPE inGreg Hudson2009-12-151-36/+56
| | | | | | | krb5int_parse_enctype_list, at the cost of making repeated realloc() calls during parsing. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23468 dc483132-0cff-0310-8789-dd5450dbe970
* Formatining enhancementZhanna Tsitkov2009-12-152-18/+21
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23467 dc483132-0cff-0310-8789-dd5450dbe970
* fast negotiation projecSam Hartman2009-12-1422-163/+790
| | | | | | | | | | | | | | | | Merge branches/fast-negotiate into trunk. This implements http://k5wiki.kerberos.org/wiki/Projects/Fast_negotiation Additional changes: * krb5_c_make_checksum with checksum type 0 uses mandatory checksum for given key enctype Conflicts: src/lib/crypto/krb/make_checksum.c ticket: 6595 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23465 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use sizeof(pointertype) to get the length of an allocated arrayTom Yu2009-12-101-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23464 dc483132-0cff-0310-8789-dd5450dbe970
* Add comments to make it slightly clearer howGreg Hudson2009-12-101-1/+2
| | | | | | krb5int_confounder_checksum works. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23463 dc483132-0cff-0310-8789-dd5450dbe970
* Restructure the crypto checksum implementation to minimizeGreg Hudson2009-12-1046-1299/+864
| | | | | | | | | | | | | | | | | | | | | dependencies on the internals of modules. * Keyhash providers are gone. * The cksumtypes table contains checksum and verify functions, similar to the etypes encrypt and decrypt functions. New checksum functions parallel the old keyhash providers, and there are also functions for unkeyed and derived-key HMAC checksums. * The flags field is now used to indicate whether a checksum is unkeyed, but not whether it is a derived-key HMAC checksum. * The descbc checksum is handled through a new enc_provider function which calculates a CBC MAC. The OpenSSL module does not implement the CBC MAC function (it didn't implement descbc before). builtin/des could probably get rid of f_cksum.c (the old DES CBC routine) with some alterations to string2key.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23462 dc483132-0cff-0310-8789-dd5450dbe970
* Change file holder for krb5int_check_clockskew. Minor Style changes per code ↵Zhanna Tsitkov2009-12-092-41/+40
| | | | | | practices git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23460 dc483132-0cff-0310-8789-dd5450dbe970
* Remove dependency on /bin/csh in test suiteEzra Peisach2009-12-081-2/+14
| | | | | | | | | | | | The libdb2 test suite would fail if /bin/csh was not present. The tests did not execute /bin/csh - but used the contents as data to put into the test database. Iterate over a few "known" files until one is found that could be used for it... Tests for /bin/csh, /bin/cat, /usr/bin/cat, /bin/ls, /usr/bin/ls. If none of these exist - then fail. ticket: 6593 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23458 dc483132-0cff-0310-8789-dd5450dbe970
* Mark and reindent lib/gssapi, with some exceptionsTom Yu2009-12-0865-312/+318
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23457 dc483132-0cff-0310-8789-dd5450dbe970
* Mark lib/apputilsTom Yu2009-12-072-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23456 dc483132-0cff-0310-8789-dd5450dbe970
* Mark and reindent util, with some exceptionsTom Yu2009-12-0753-3413/+3472
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23455 dc483132-0cff-0310-8789-dd5450dbe970
* handle negative enctypes betterTom Yu2009-12-072-4/+5
| | | | | | | | | | | krb5_dbe_def_search_enctype and krb5int_parse_enctype_list were making assumptions that enctype numbers are positive. Potentially more code makes this assumption, but these appear to be the major ones. ticket: 6592 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23454 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize ihash_iov in case fall through to cleanup handler and tryEzra Peisach2009-12-061-1/+1
| | | | | | to free garbarge. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23453 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the ivec parameters from the keyhash provider functions, asGreg Hudson2009-12-0611-35/+26
| | | | | | they are never used by callers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23452 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2009-12-062-52/+64
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23451 dc483132-0cff-0310-8789-dd5450dbe970
* Make the libk5crypto hash_provider interface take crypto_iov listsGreg Hudson2009-12-0629-490/+297
| | | | | | | instead of lists of krb5_data. Make the base HMAC APIs take crypto_iov lists and drop the _iov variants. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23450 dc483132-0cff-0310-8789-dd5450dbe970
* In the built-in des3 provider, remove the unused version ofGreg Hudson2009-12-061-29/+3
| | | | | | | validate_and_schedule, and drop the _iov suffix from the one we do use. (Cleanup from r23444.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23449 dc483132-0cff-0310-8789-dd5450dbe970
* Make the alloc_data and k5alloc convenience functions work if theGreg Hudson2009-12-051-3/+5
| | | | | | caller requests zero bytes, by allocating one byte instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23448 dc483132-0cff-0310-8789-dd5450dbe970
* Remove tests for sched.h, kdb_db.h, kdc.c. None of these are used in the treeEzra Peisach2009-12-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23447 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some code paths in crypto-length which are dead now that theGreg Hudson2009-12-041-11/+2
| | | | | | internal interface can't return an error. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23446 dc483132-0cff-0310-8789-dd5450dbe970
* Remove CRC32_SHIFT4 code as we are unlikely to ever need itGreg Hudson2009-12-043-47/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23445 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate the IOV and non-IOV encryption/decryption code paths, andGreg Hudson2009-12-0482-4037/+1092
| | | | | | | | | | | | | | | | | | | | | | | | drop the _iov suffix from most encryption- and decryption-related functions. The enc_provider encrypt and decrypt functions take IOVs, as do the enctype entries in etypes.c, and there are no separate encrypt_iov or decrypt_iov functions. aead_provider is gone. Enctype functions now take pointers to the enctype entry instead of pointers to the enc/hash/aead providers; this allows dk_encrypt and dk_decrypt to be polymorphic in the length function they use now that AES and DES3 can't differentiate by aead provider. aes_string_to_key needed to be moved into the krb/ fold for this since it's an enctype function; it was duplicated between builtin/ and openssl/ before. This leaves openssl/aes empty; the build system currently demands that all modules have the same directory structure, so the directory and Makefile will stick around for now. Three separate copies of the derive_random logic are also now consolidated into one. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r23442. Revert r23436 changes unrelated to comment reformattingTom Yu2009-12-032-12/+141
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23443 dc483132-0cff-0310-8789-dd5450dbe970
* Update export list to reflect changes in r23436Tom Yu2009-12-031-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23442 dc483132-0cff-0310-8789-dd5450dbe970
* Reformat new commentsKen Raeburn2009-12-032-28/+40
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23441 dc483132-0cff-0310-8789-dd5450dbe970
* fix slow behavior on Mac OS X with link-local addressesKen Raeburn2009-12-032-20/+96
| | | | | | | | | | | | | | | | | | | | | | | | | When using my previous patch, if a local hostname like "foobar.local" is looked up, you may get back a link-local IPv6 address. However, the KDC seems to be unable to respond from that address, resulting in a ~1s delay for each KDC exchange while waiting for the client to fail over to another address (in my case, another IPv6 address). Create a new object for holding whatever auxiliary information might be needed to properly transmit the response to the client. Currently, that only means the interface index number under IPv6. Fill it in on receipt, always; copy it back to the pktinfo structure when transmitting, ONLY if the local source address is link-local. If an error occurs while transmitting the reply, print both the remote destination address and the local source address. Use getnameinfo instead of inet_ntop. Apply the same changes to kadmind, to keep the versions of network.c more or less in sync. ticket: 6591 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23440 dc483132-0cff-0310-8789-dd5450dbe970
* allow testing even if name->addr->name mapping doesn't workKen Raeburn2009-12-033-13/+25
| | | | | | | | | | | | | | | Many of the tests are set up to fail if the local hostname can't be mapped to an address and back to a name again. If the name results in an address, and we can get a fully-qualified name or something that looks like it, though, we should be able to just go ahead and run some tests. This is also closer to the current behavior of sname_to_principal when reverse DNS is enabled. ticket: 6590 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23439 dc483132-0cff-0310-8789-dd5450dbe970
* Sense of POINTERS_ARE_ALL_THE_SAME test was backwardsKen Raeburn2009-12-031-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23438 dc483132-0cff-0310-8789-dd5450dbe970
* Temporarily define UINT16_TYPE and UINT32_TYPE so the load/storeKen Raeburn2009-12-031-24/+15
| | | | | | functions don't need excessive conditionals internally. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23437 dc483132-0cff-0310-8789-dd5450dbe970
* Reformat new block comment per coding styleGreg Hudson2009-12-021-152/+26
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23436 dc483132-0cff-0310-8789-dd5450dbe970
* Actually record dependencies of crypto testsKen Raeburn2009-12-021-1/+152
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23435 dc483132-0cff-0310-8789-dd5450dbe970
* Check ALL_DEP_SRCS, not SRCS, to decide what to put into the deps fileKen Raeburn2009-12-021-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23434 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2009-12-024-18/+32
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23433 dc483132-0cff-0310-8789-dd5450dbe970
* Perform the AES-CBC XOR operations 4 bytes at a time, using the helperKen Raeburn2009-12-021-2/+18
| | | | | | | | functions for loading and storing potentially-unaligned values. Improves bulk AES encryption performance by 2% or so on 32-bit x86 with gcc 4. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23432 dc483132-0cff-0310-8789-dd5450dbe970
* Add store_{16,32,64}_n functions, for potentially-unaligned, native-order valuesKen Raeburn2009-12-021-0/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23431 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-10-09 00:27:02 +0000