summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Restore interoperability with 1.6 addprinc -randkeyGreg Hudson2010-01-081-0/+28
| | | | | | | | | | | | | The arcfour string-to-key operation in krb5 1.7 (or later) disagrees with the dummy password used by the addprinc -randkey operation in krb5 1.6's kadmin client, because it's not valid UTF-8. Recognize the 1.6 dummy password and use a random password instead. ticket: 6626 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23610 dc483132-0cff-0310-8789-dd5450dbe970
* yarrow code does not initialize keyblock enctype and uses unitialized valueEzra Peisach2010-01-082-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | The yarrow code uses a keyblock that is partially initialized. This results in krb5_k_free_key trying to look up the enctype to call the free handler. One of the valgrind reports: (there are several paths) ==26701== Conditional jump or move depends on uninitialised value(s) ==26701== at 0x40E9AF0: find_enctype (etypes.h:81) ==26701== by 0x40E9C9E: krb5_k_free_key (key.c:91) ==26701== by 0x40D641A: krb5int_yarrow_cipher_init (ycipher.c:49) ==26701== by 0x40D593A: yarrow_gate_locked (yarrow.c:578) ==26701== by 0x40D5349: krb5int_yarrow_output_Block (yarrow.c:423) ==26701== by 0x40D581B: yarrow_output_locked (yarrow.c:553) ==26701== by 0x40D5667: krb5int_yarrow_output (yarrow.c:513) ==26701== by 0x40EBD2D: krb5_c_random_make_octets (prng.c:112) ==26701== by 0x40D4119: krb5int_old_encrypt (old_aead.c:97) ==26701== by 0x40E9696: krb5_k_encrypt_iov (encrypt_iov.c:42) ==26701== by 0x8049554: main (t_encrypt.c:206) ==26701== ticket: 6625 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23609 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_derive_key results in cache with uninitialized valuesEzra Peisach2010-01-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | krb5int_derive_key creates a temporary keyblock to add to the derived cache. krb5_k_free_key will iterate over the derived keys and for ones with cache will lookup the enctype for the key_cleanup handler. Unfortunatly, there isn't a keyblock init function that does not allocate the keyblock - as I suspect this problem will appear in other places. The valgrind log of this problem is: ==7281== Conditional jump or move depends on uninitialised value(s) ==7281== at 0x40E9AE8: find_enctype (etypes.h:81) ==7281== by 0x40E9C96: krb5_k_free_key (key.c:91) ==7281== by 0x40E9C52: krb5_k_free_key (key.c:86) ==7281== by 0x40EBB00: krb5_c_prf (prf.c:87) ==7281== by 0x40E7B1B: prf_plus (cf2.c:77) ==7281== by 0x40E7CE6: krb5_c_fx_cf2_simple (cf2.c:125) ==7281== by 0x804899C: main (t_cf2.c:70) ==7281== with memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23608 dc483132-0cff-0310-8789-dd5450dbe970
* When retrieving the kadmin/history key, accept any enctype, as theGreg Hudson2010-01-071-2/+2
| | | | | | | | | | current master key enctype may not match the one the KDB was created with. ticket: 6546 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23607 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5_auth_con_getauthenticator into copy_athctr.c as a better logical ↵Zhanna Tsitkov2010-01-072-9/+41
| | | | | | location git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23606 dc483132-0cff-0310-8789-dd5450dbe970
* Revert change to Makefile.in that ended up not being neededSam Hartman2010-01-071-6/+1
| | | | | | ticket: 6624 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23605 dc483132-0cff-0310-8789-dd5450dbe970
* automated tests for anonymous pkinitSam Hartman2010-01-076-1/+120
| | | | | | | | | | | | | Implement tests for anonymous pkinit. A certificate and private key are checked in; these tests will stop working in 2023. Note that r23602 needs to be pulled up before this ticket. ticket: 6624 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23604 dc483132-0cff-0310-8789-dd5450dbe970
* Always treat anonymous as preauth requiredSam Hartman2010-01-071-0/+1
| | | | | | | | | | Always treat the WELLKNOWN/ANONYMOUS principal as requiring pre-authentication. The anonymous draft depends on a pre-auth exchange to invoke pkinit. ticket: 6623 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23603 dc483132-0cff-0310-8789-dd5450dbe970
* Make preauth_module_dir override, rather than supplement, theGreg Hudson2010-01-072-66/+20
| | | | | | | built-in path list, to avoid problems with running the same preauth module twice. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23602 dc483132-0cff-0310-8789-dd5450dbe970
* Use a distinct pass/fail string for kinit_fast so its failures can beGreg Hudson2010-01-071-3/+3
| | | | | | distinguished from kinit's. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23601 dc483132-0cff-0310-8789-dd5450dbe970
* Add miising files from rev #23593Zhanna Tsitkov2010-01-072-0/+405
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23600 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_dbe_def_search_enctype more consistent about when it returnsGreg Hudson2010-01-061-27/+23
| | | | | | | KRB5_KDB_NO_PERMITTED_KEY. Now it will return that error if it sees any non-permitted enctypes which match the search criteria. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23599 dc483132-0cff-0310-8789-dd5450dbe970
* Don't return KRB5_KDB_NO_PERMITTED_KEY fromGreg Hudson2010-01-061-1/+2
| | | | | | | | | | | krb5_dbe_def_search_enctype if we previously returned results (i.e. if *start > 0). ticket: 6622 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23597 dc483132-0cff-0310-8789-dd5450dbe970
* Divide copy_auth.c into three files based on the functionality. Namely, Zhanna Tsitkov2010-01-065-321/+45
| | | | | | | | 1. copy/merge authdata 2. KDC related encode authdata 3. decode authdata git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23593 dc483132-0cff-0310-8789-dd5450dbe970
* Since krb5int_validate_times is used only inside krb dir do not export it ↵Zhanna Tsitkov2010-01-064-5/+4
| | | | | | and move its prototype into int-proto.h git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23592 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_validate_times into krb5int_validate_times as it is internal ↵Zhanna Tsitkov2010-01-055-6/+6
| | | | | | function git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23591 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5int_tgtname into krb5_tgtname as an internal functionZhanna Tsitkov2010-01-057-16/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23590 dc483132-0cff-0310-8789-dd5450dbe970
* Update trunk for post-1.8-branchTom Yu2010-01-051-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23589 dc483132-0cff-0310-8789-dd5450dbe970
* README, copyright, patchlevel for krb5-1.8 branchTom Yu2010-01-051-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23587 dc483132-0cff-0310-8789-dd5450dbe970
* disable weak crypto by defaultTom Yu2010-01-056-25/+50
| | | | | | | | | Set allow_weak_crypto=false by default. Set default master key enctype to sha256. Adjust test suite to compensate. ticket: 6621 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
* Install encrypted_challenge plugin during fake-installTom Yu2010-01-041-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23585 dc483132-0cff-0310-8789-dd5450dbe970
* Add preauth_module_dir support to the KDC preauth module loaderGreg Hudson2010-01-041-3/+44
| | | | | | | (should have been part of r23531). Most or all of this logic should be moved into the plugin code or a layer above it, after the branch. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23584 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous documentationSam Hartman2010-01-042-1/+41
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23583 dc483132-0cff-0310-8789-dd5450dbe970
* Other changes in this ticket guarantee that the padata argument toSam Hartman2010-01-041-1/+1
| | | | | | | | return callbacks is non-null; don't check for null in pkinit_srv.c. ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23582 dc483132-0cff-0310-8789-dd5450dbe970
* Bring back krb5_kt_free_entry which really does the same thing asSam Hartman2010-01-042-4/+5
| | | | | | | krb5_free_keytab_entry_contents per discussion on krbdev in order to avoid breaking samba builds. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23581 dc483132-0cff-0310-8789-dd5450dbe970
* Test FAST authentication during each passSam Hartman2010-01-043-7/+62
| | | | | | | Because a new principal is added to the database, the iprop test expected output is updated. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23580 dc483132-0cff-0310-8789-dd5450dbe970
* Fix documentation of armor cache based on fast negotiation projectSam Hartman2010-01-041-3/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23579 dc483132-0cff-0310-8789-dd5450dbe970
* kdc_supported_enctypes does nothing; eradicate mentions thereofTom Yu2010-01-042-30/+0
| | | | | | | | | kdc_supported_enctypes does nothing. Remove all mention of it from documentation and test suites. ticket: 6620 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23578 dc483132-0cff-0310-8789-dd5450dbe970
* Don't accept AS replies encrypted in enctypes other than the ones weGreg Hudson2010-01-041-0/+18
| | | | | | asked for. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23577 dc483132-0cff-0310-8789-dd5450dbe970
* For the better code modularity keep some "free" routines closer to the ↵Zhanna Tsitkov2010-01-047-177/+100
| | | | | | resource allocators. Also, reindent cleanup in the touched files git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23576 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-01-039-65/+131
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23575 dc483132-0cff-0310-8789-dd5450dbe970
* Enable caching of key-derived context info such as key schedules fromKen Raeburn2010-01-033-18/+72
| | | | | | | | | | | | | one encryption operation to another. Use a new function in the enc_provider structure for cleanup. Implement caching of aes_ctx values. Using Greg's performance tests from the derived-key caching work, on a 2.8GHz Xeon, I see 1 million AES-128 encryptions of 16 bytes improved by 5-6%; encryptions of 1024 bytes and checksums are not significantly affected. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23574 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a case where krb5int_aes_decrypt was trying to encrypt a blockGreg Hudson2010-01-031-1/+1
| | | | | | instead of decrypting it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23573 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_gss_acquire_cred will deref garbage pointer if actual_mechs is NULLEzra Peisach2010-01-031-3/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23572 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize variables in case of error path winds up freeing stack garbageEzra Peisach2010-01-031-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23571 dc483132-0cff-0310-8789-dd5450dbe970
* Ignore some routing messages indicating changes that don't affect ourKen Raeburn2010-01-031-0/+24
| | | | | | set of local addresses. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23570 dc483132-0cff-0310-8789-dd5450dbe970
* Remove old 'full' arg to KDC that should've gone away with '-4'Ken Raeburn2010-01-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23569 dc483132-0cff-0310-8789-dd5450dbe970
* Some unsigned/signed warning cleanupEzra Peisach2010-01-034-4/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23568 dc483132-0cff-0310-8789-dd5450dbe970
* Use krb5int_count_etypes in rd_req_decoded_optGreg Hudson2010-01-021-4/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23567 dc483132-0cff-0310-8789-dd5450dbe970
* Test -P options to kdc and kadmind to write out a pid file. Verify contents of Ezra Peisach2010-01-021-2/+35
| | | | | | pid file match pid of executable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23566 dc483132-0cff-0310-8789-dd5450dbe970
* Factor out copying and counting of zero-terminated enctype lists intoGreg Hudson2010-01-019-102/+102
| | | | | | a new file src/lib/krb5/krb/etype_list.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23565 dc483132-0cff-0310-8789-dd5450dbe970
* Update copyright year in prototype sourcesGreg Hudson2010-01-012-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23564 dc483132-0cff-0310-8789-dd5450dbe970
* Change db_args from being a global to only defined in the functionEzra Peisach2010-01-012-16/+16
| | | | | | | that uses it. This removes a warning of shadowed variable names. Change several functions to static when limited to main.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23563 dc483132-0cff-0310-8789-dd5450dbe970
* Add gcc printf attribute for kdc_err prototypeEzra Peisach2010-01-011-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23562 dc483132-0cff-0310-8789-dd5450dbe970
* Unsigned/signed cleanupEzra Peisach2010-01-011-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23561 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new -P option to krb5kdc and kadmind which, if given, specifiesRuss Allbery2010-01-014-2/+99
| | | | | | | | | the path to which to write the PID file of the daemon after it finishes initializing. Ticket: 6618 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23560 dc483132-0cff-0310-8789-dd5450dbe970
* Free tinfo at end - so program runs with new memory leaksEzra Peisach2009-12-311-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23559 dc483132-0cff-0310-8789-dd5450dbe970
* Remove tests for functions that we do not conditionalize on. Most deprecatedEzra Peisach2009-12-311-1/+1
| | | | | | | | | | | from breakoff of apps. Specifically, do not test for: gethostbyname2 getifaddrs pthread_mutex_lock sched_yield ftime strstr timezone umask waitpid sem_init sem_trywait daemon git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23558 dc483132-0cff-0310-8789-dd5450dbe970
* Declare function as static to avoid compiler warning on missing prototypesEzra Peisach2009-12-311-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23557 dc483132-0cff-0310-8789-dd5450dbe970
* Remove $(TOBJS) for make cleanEzra Peisach2009-12-311-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23556 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-06 08:13:12 +0000