summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* If the new configuration data that is passed to krb5_cc_set_config is NULL, ↵Zhanna Tsitkov2011-03-292-57/+56
| | | | | | | | just remove the old configuration. Moved short krb5_cc_set_config usage example from krb5.hin into the separate file. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24753 dc483132-0cff-0310-8789-dd5450dbe970
* Updated the documentation for the krb5_ error_message function family. Zhanna Tsitkov2011-03-292-94/+97
| | | | | | | Created the directory doc/doxy_examples/ to hold examples used in the doxygen documentation. Added usage example for the krb5_get/set/free_error_message functions git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24752 dc483132-0cff-0310-8789-dd5450dbe970
* Static function names should not have krb5_ prefixZhanna Tsitkov2011-03-291-12/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24751 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the weak key checks from the builtin rc4 enc provider. ThereGreg Hudson2011-03-281-17/+0
| | | | | | | | | | | | | | is no standards support for avoiding RC4 weak keys, so rejecting them causes periodic failures. Heimdal and Microsoft do not check for weak keys. Attacks based on these weak keys are probably thwarted by the use of a confounder, and even if not, the reduction in work factor is not terribly significant for 128-bit keys. ticket: 6886 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24750 dc483132-0cff-0310-8789-dd5450dbe970
* Use first principal in keytab when verifying credsGreg Hudson2011-03-284-25/+171
| | | | | | | | | | In krb5_verify_init_creds(), use the first principal in the keytab to verify the credentials instead of the result of krb5_sname_to_principal(). Also add tests. ticket: 6887 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24749 dc483132-0cff-0310-8789-dd5450dbe970
* Documentation update. Mostly related to _kt_ and _cc_ routinesZhanna Tsitkov2011-03-281-118/+162
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24748 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a precedence error in g_make_token_header() which caused it toGreg Hudson2011-03-251-2/+2
| | | | | | | | write the wrong length when no token type is passed. (From r24739 in users/lhoward/moonshot-mechglue-fixes.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24745 dc483132-0cff-0310-8789-dd5450dbe970
* Set better error messages when plugins fail to load.Greg Hudson2011-03-251-4/+8
| | | | | | (From r24741 in users/lhowards/moonshot-mechglue-fixes.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24744 dc483132-0cff-0310-8789-dd5450dbe970
* Fix DAL documentation to recommend using krb5_db_get_context() andGreg Hudson2011-03-241-2/+2
| | | | | | | krb5_db_set_context() instead of directly accessing context->dal_handle->db_context (which requires internal headers). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24743 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesEzra Peisach2011-03-191-39/+22
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24730 dc483132-0cff-0310-8789-dd5450dbe970
* Minor clean-up in krb5.hinZhanna Tsitkov2011-03-181-44/+20
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24729 dc483132-0cff-0310-8789-dd5450dbe970
* Move doxygen comments from source to header. Updated comments and added some ↵Zhanna Tsitkov2011-03-182-46/+55
| | | | | | | | usage examples. Affected functions: krb5_cc_get_config, krb5_cc_set_config, krb5_is_config_principal git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24728 dc483132-0cff-0310-8789-dd5450dbe970
* Reinstate the line wrapping of the copyright notice in krb5.hin, andGreg Hudson2011-03-181-3/+3
| | | | | | fix the format of the header comment. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24727 dc483132-0cff-0310-8789-dd5450dbe970
* Added usage examples to the krb5_build_principal function familyZhanna Tsitkov2011-03-181-24/+56
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24726 dc483132-0cff-0310-8789-dd5450dbe970
* Use a helper function to clarify prepare_error_as() in the KDCGreg Hudson2011-03-181-63/+82
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24725 dc483132-0cff-0310-8789-dd5450dbe970
* KDC memory leak of reply padata for FAST repliesGreg Hudson2011-03-171-0/+1
| | | | | | | | | | | | kdc_fast_response_handle_padata() replaces rep->padata, causing the old value to be leaked. As a minimal fix, free the old value of rep->padata before replacing it. ticket: 6885 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24724 dc483132-0cff-0310-8789-dd5450dbe970
* Don't leak the default realm name when initializing the default realmGreg Hudson2011-03-171-1/+8
| | | | | | in the KDC. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24723 dc483132-0cff-0310-8789-dd5450dbe970
* KDC memory leak in FAST error pathGreg Hudson2011-03-174-20/+23
| | | | | | | | | | | | | | When kdc_fast_handle_error() produces a FAST-encoded error, it puts it into err->e_data and it never gets freed (since in the non-FAST case, err->e_data contains aliased pointers). Fix this by storing the encoded error in an output variable which is placed into the error's e_data by the caller and then freed. ticket: 6884 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24722 dc483132-0cff-0310-8789-dd5450dbe970
* KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]Tom Yu2011-03-151-0/+2
| | | | | | | | | | | Fix a double-free condition in the KDC that can occur during an AS-REQ when PKINIT is enabled. ticket: 6881 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24705 dc483132-0cff-0310-8789-dd5450dbe970
* Resolve a few miscellaneous warningsGreg Hudson2011-03-1414-37/+35
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24703 dc483132-0cff-0310-8789-dd5450dbe970
* Remove two headers accidentally left behind in r24677Greg Hudson2011-03-142-71/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24702 dc483132-0cff-0310-8789-dd5450dbe970
* Although it can't actually happen, make it more explicit that we won'tGreg Hudson2011-03-111-1/+2
| | | | | | | | | dereference a null mech in the cleanup handler of the mechglue's gss_accept_sec_context. ticket: 6813 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24701 dc483132-0cff-0310-8789-dd5450dbe970
* Fix NSS PBKDF2 in the v4 salt (i.e. empty salt) caseGreg Hudson2011-03-111-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24700 dc483132-0cff-0310-8789-dd5450dbe970
* Move the des and AFS string-to-key implementations into lib/crypto/krb,Greg Hudson2011-03-1122-1258/+1025
| | | | | | | | since they aren't standard crypto primitives. Revise the module SPI accordingly. Add tests for AFS string-to-key to t_str2key.c to replace the ones in the (now defunct) t_afss2k.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24699 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a couple of key import modes in the NSS module, although they don'tGreg Hudson2011-03-112-2/+2
| | | | | | seem to matter a lot. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24698 dc483132-0cff-0310-8789-dd5450dbe970
* Remove ser_eblk.c, which has been unused since r11001 (October 1998)Greg Hudson2011-03-091-255/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24697 dc483132-0cff-0310-8789-dd5450dbe970
* Add one-line descriptions in the filename comments to prototype.[ch]Greg Hudson2011-03-092-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24696 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-09770-3179/+2227
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Add a script and Makefile target to check for violations of theGreg Hudson2011-03-092-0/+110
| | | | | | recently added standards for copyright and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24694 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak independently found by Tim Pozdeev and Arlene BerryTom Yu2011-03-081-0/+1
| | | | | | | | | | This change should be pulled up to the 1.8 and 1.7 branches as well. ticket: 6844 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24693 dc483132-0cff-0310-8789-dd5450dbe970
* SPNEGO's accept_sec_context and init_sec_context produce a null contextGreg Hudson2011-03-081-2/+6
| | | | | | | | | | | on error, so it needs to silently succeed when deleting a null context. It was instead passing the null context along to the mechglue which would produce an error, causing a leak of the mechglue's union context wrapper. Reported by aberry@likewise.com. ticket: 6863 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24692 dc483132-0cff-0310-8789-dd5450dbe970
* prototype/getopt.c hasn't been updated in quite some time and we don'tGreg Hudson2011-03-081-31/+0
| | | | | | really need it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24691 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesEzra Peisach2011-03-061-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24690 dc483132-0cff-0310-8789-dd5450dbe970
* Fix up signed/unsigned warnings in this directory. There are still Ezra Peisach2011-03-065-11/+13
| | | | | | a few more - but these were the obvious ones. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24689 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up memory leaks at end of program. No leaks now on successEzra Peisach2011-03-062-0/+21
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24688 dc483132-0cff-0310-8789-dd5450dbe970
* On make clean remove test programs and object files. In lib/krb5/krbEzra Peisach2011-03-065-3/+18
| | | | | | make depend as a test program was missed from the source list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24687 dc483132-0cff-0310-8789-dd5450dbe970
* Add test vectors from RFC 3961 for DES and DES3 to t_str2key.c. FixGreg Hudson2011-03-052-1/+98
| | | | | | OpenSSL module handling of salts in its DES string-to-key. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24686 dc483132-0cff-0310-8789-dd5450dbe970
* Add test script for user2user programsEzra Peisach2011-03-053-4/+35
| | | | | | | | Simple test programs to make sure that user2user functions. ticket: 6878 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24685 dc483132-0cff-0310-8789-dd5450dbe970
* Include crypto_int.h for mit_des_fixup_key_parity prototypeEzra Peisach2011-03-051-6/+7
| | | | | | Cleanup signed/unsigned warnings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24684 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a conceptual (but not practical) type mismatch in the OpenSSLGreg Hudson2011-03-051-1/+1
| | | | | | module's mit_des_fixup_key_parity resulting from r24677. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24683 dc483132-0cff-0310-8789-dd5450dbe970
* Make enc provider free_state function return voidGreg Hudson2011-03-056-25/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24682 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the init_state and free_state enctype functions and go back toGreg Hudson2011-03-053-49/+2
| | | | | | | always delegating state to the enc provider. (We needed enctype- specific state initialization for CCM enctypes when we had them.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24681 dc483132-0cff-0310-8789-dd5450dbe970
* Move t_cf2 from lib/crypto/builtin to lib/crypto/crypto_tests, as itGreg Hudson2011-03-059-20/+116
| | | | | | is not specific to the builtin module. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24680 dc483132-0cff-0310-8789-dd5450dbe970
* Flatten lib/crypto/krb, as its seven subdirectories only contained aGreg Hudson2011-03-0542-587/+128
| | | | | | few source file each (often only 1-2). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24679 dc483132-0cff-0310-8789-dd5450dbe970
* Fix SHA-256 on big-endian platformsGreg Hudson2011-03-031-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24678 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate almost all lib/crypto/krb headers into a singleGreg Hudson2011-03-02212-3960/+1884
| | | | | | | | | | | | | crypto_int.h. In that header, define and document responsibilities for crypto modules, some of which are satisfied through a module-specific crypto_mod.h. In the OpenSSL and NSS modules, remove many of the headers and sources providing functionality which isn't needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and SHA-1 hashing, as well as DES weak key testing). Change most Makefile.ins to only include headers from lib/crypto/krb and lib/crypto/$(CRYPTO_IMPL), instead of from many different directories. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24677 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some declarations from kdc_preauth.c which are no longer neededGreg Hudson2011-03-021-9/+0
| | | | | | after r24403. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24676 dc483132-0cff-0310-8789-dd5450dbe970
* In export-check.pl, display a better error if there are duplicateGreg Hudson2011-03-021-0/+4
| | | | | | symbols in the export list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24675 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify lib/crypto/krb/arcfour in the wake of r23444. Move theGreg Hudson2011-02-2811-393/+305
| | | | | | | contents of arcfour_aead.c into arcfour.c, turn the key derivation helper functions into static functions, and eliminate arcfour-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24673 dc483132-0cff-0310-8789-dd5450dbe970
* Use the hash provider interface in krb5int_arcfour_string_to_key soGreg Hudson2011-02-282-34/+13
| | | | | | | that we don't need a direct interface to MD4 in the crypto modules. Also clean up the code a bit. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24672 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-03 22:53:36 +0000