krb5.git - MIT Kerberos patches

	Commit message (Collapse)	Author	Age	Files	Lines
...
*	* locate_kdc.c (get_port): Replace function with macro	Ken Raeburn	2003-06-03	2	-3/+9
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15554 dc483132-0cff-0310-8789-dd5450dbe970
*	* RealmsConfig-glue.c (get_krbhst_default): Deleted.	Ken Raeburn	2003-06-03	2	-19/+5
\| \| \| \| \| \| \| \| \|	(krb_get_krbhst): Don't call it. ticket: 1551 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15553 dc483132-0cff-0310-8789-dd5450dbe970
*	Yet more double colon password prompts	Sam Hartman	2003-06-03	3	-3/+8
\| \| \| \| \| \| \| \| \| \| \|	More places in the code with password prompts needing fixing to not include colon. Ticket: new Target_Version: 1.3 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15552 dc483132-0cff-0310-8789-dd5450dbe970
*	Save a copy of the ciphertext from the kdc rather than trying to	Sam Hartman	2003-06-03	2	-0/+9
\| \| \| \| \| \| \| \| \|	decrypt the already decrypted text each time through the loop. Ticket: 1554 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15551 dc483132-0cff-0310-8789-dd5450dbe970
*	Moved krb524_convert_creds_kdc into libkrb5 and krb5.h. Also export new ↵	Alexandra Ellwood	2003-06-03	4	-397/+52
\| \| \| \| \| \|	krb5_524_convert_creds git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15549 dc483132-0cff-0310-8789-dd5450dbe970
*	* init_os_ctx.c: Included header to get __KLAllowHomeDirectoryAccess()	Alexandra Ellwood	2003-06-03	2	-0/+8
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15547 dc483132-0cff-0310-8789-dd5450dbe970
*	* default.exp (setup_root_shell): Handle error messages indicating "-x" isn't	Ken Raeburn	2003-06-03	2	-1/+15
\| \| \| \| \| \|	supported. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15545 dc483132-0cff-0310-8789-dd5450dbe970
*	Drop default_kdc_enctypes and all related code	Tom Yu	2003-06-03	5	-171/+19
\| \| \| \| \| \| \| \| \|	ticket: 1553 target_version: 1.3 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15544 dc483132-0cff-0310-8789-dd5450dbe970
*	* change_password.c (krb_change_password): Explicitly zero the	Tom Yu	2003-06-03	3	-4/+15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	session key. Zero the key derived from the new password. * mk_req.c (krb_mk_req): Explicitly zero the session key. (krb_mk_req_creds_prealm): Don't zero the session key, in case the caller wants to make use of it. ticket: 1546 status: open target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15543 dc483132-0cff-0310-8789-dd5450dbe970
*	* api.2/init-v2.exp (test117): Update lifetime expected for new defaults	Ken Raeburn	2003-06-02	2	-2/+7
\| \| \| \| \| \| \|	ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15542 dc483132-0cff-0310-8789-dd5450dbe970
*	* default.exp: Default RLOGIN_FLAGS to "-x".	Ken Raeburn	2003-06-01	2	-1/+33
\| \| \| \| \| \| \| \| \|	(start_kerberos_daemons): Watch for "Cannot bind server socket" and log it. Watch for "no sockets set up" and report an error. (setup_root_shell): Watch for "Cannot assign requested address", log it and give up. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15541 dc483132-0cff-0310-8789-dd5450dbe970
*	* alt_prof.c (kadm5_get_config_params): Change default max_life to one day	Ken Raeburn	2003-05-31	2	-1/+6
\| \| \| \| \| \| \|	ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15539 dc483132-0cff-0310-8789-dd5450dbe970
*	* kdc.conf: Delete supported and master key type specs	Ken Raeburn	2003-05-31	2	-2/+2
\| \| \| \| \| \| \|	ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15538 dc483132-0cff-0310-8789-dd5450dbe970
*	* krb5.conf: Delete commented-out enctype specs	Ken Raeburn	2003-05-31	2	-4/+2
\| \| \| \| \| \| \|	ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15537 dc483132-0cff-0310-8789-dd5450dbe970
*	* krb5.conf: Delete Athena KDC specifications. Delete Cygnus realm info.	Ken Raeburn	2003-05-31	2	-13/+10
\| \| \| \| \| \| \| \| \| \| \|	Replace CLUB.CC.CMU.EDU info with ANDREW.CMU.EDU, which has SRV records and thus doesn't need KDC specs. Provide a commented-out example of a [logging] spec. ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15536 dc483132-0cff-0310-8789-dd5450dbe970
*	* krb5.conf.M: Remove "kdc =" lines from "realms" section example, and	Ken Raeburn	2003-05-31	2	-4/+7
\| \| \| \| \| \| \| \| \|	recommend not using it unless DNS info isn't available. ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15535 dc483132-0cff-0310-8789-dd5450dbe970
*	* get_in_tkt.c (krb5_get_init_creds): Change hardcoded default ticket lifetime	Ken Raeburn	2003-05-30	2	-1/+4
\| \| \| \| \| \| \| \| \|	from 10 hours to 24 hours. ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15533 dc483132-0cff-0310-8789-dd5450dbe970
*	* main.c (init_realm): Use KRB5_KDB_MAX_RLIFE, not KRB5_KDB_MAX_LIFE, as	Ken Raeburn	2003-05-30	2	-1/+6
\| \| \| \| \| \| \| \| \| \| \|	default for realm's max renewable lifetime. (KRB5_KDB_MAX_RLIFE is currently one week) ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15532 dc483132-0cff-0310-8789-dd5450dbe970
*	* init_ctx.c (DEFAULT_KDC_TIMESYNC): Define as 1 always.	Ken Raeburn	2003-05-30	2	-8/+5
\| \| \| \| \| \| \| \| \|	(DEFAULT_CCACHE_TYPE): Define as 4 always. ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15529 dc483132-0cff-0310-8789-dd5450dbe970
*	* osconf.h (DEFAULT_KDC_ENCTYPE): Default to des3 now	Ken Raeburn	2003-05-30	2	-1/+5
\| \| \| \| \| \| \|	ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15528 dc483132-0cff-0310-8789-dd5450dbe970
*	update kinit krb4 fallback lifetime default	Ken Raeburn	2003-05-30	2	-1/+5
\| \| \| \| \| \| \| \| \|	* kinit.c (KRB4_BACKUP_DEFAULT_LIFE_SECS): Update to one day. ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15527 dc483132-0cff-0310-8789-dd5450dbe970
*	* get_in_tkt.c: (verify_as_reply) Only check the renewable lifetime of ↵	Alexandra Ellwood	2003-05-30	2	-0/+8
\| \| \| \| \| \|	tickets whose request options included KDC_OPT_RENEWABLE_OK if those options did not also include KDC_OPT_RENEWABLE. Otherwise verify_as_reply() will fail for all renewable tickets git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15524 dc483132-0cff-0310-8789-dd5450dbe970
*	update path for kdc.conf in man page	Ken Raeburn	2003-05-30	2	-1/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The man page puts kdc.conf in lib/krb5kdc, but it should be var/krb5kdc. (It's also hardcoded as being in /usr/local, but that's another bug...) * kdc.conf.M (FILES): Refer to correct location for kdc.conf in the default installation path. ticket: new target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15523 dc483132-0cff-0310-8789-dd5450dbe970
*	krb524d.h: removed invalid Mac pragmas [RT 1533]	Alexandra Ellwood	2003-05-29	2	-7/+4
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15520 dc483132-0cff-0310-8789-dd5450dbe970
*	Rename interface to krb5_524_convert_creds, export it from krb5 library.	Ken Raeburn	2003-05-28	12	-15/+71
\| \| \| \| \| \| \| \| \| \| \| \|	Provide old names as functions for UNIX/MacOS binary compatibility, and deprecated macros for source code compatibility. (For Windows, we'll still need a krb524.dll, and it can worry about providing the old names.) Enable support on Windows always. ticket: 1491 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15513 dc483132-0cff-0310-8789-dd5450dbe970
*	* schpw.c (process_chpw_request): Log chpw requests	Tom Yu	2003-05-27	2	-1/+18
\| \| \| \| \| \| \| \|	ticket: 1519 tags: pullup status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15502 dc483132-0cff-0310-8789-dd5450dbe970
*	* win-pre.in (CPPFLAGS): Define KRB5_DEPRECATED=1	Ken Raeburn	2003-05-27	2	-1/+5
\| \| \| \| \| \| \|	ticket: 1528 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15500 dc483132-0cff-0310-8789-dd5450dbe970
*	Avoid memory leak of server and client principal in	Sam Hartman	2003-05-27	3	-1/+52
\| \| \| \| \| \| \| \| \|	krb5_get_in_tkt_with{_password,_keytab} Ticket: 1525 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15498 dc483132-0cff-0310-8789-dd5450dbe970
*	* Makefile.in (KRBHDEP): Add krb524_err header	Ken Raeburn	2003-05-27	2	-1/+5
\| \| \| \| \| \| \|	ticket: 1491 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15497 dc483132-0cff-0310-8789-dd5450dbe970
*	* Makefile.in (clean-windows): Remove new "timestamp" file when	Ken Raeburn	2003-05-27	2	-1/+6
\| \| \| \| \| \|	cleaning up. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15496 dc483132-0cff-0310-8789-dd5450dbe970
*	* krb5.hin: Sequence number of krb5_replay_data should be unsigned	Ezra Peisach	2003-05-25	2	-1/+5
\| \| \| \| \| \| \|	ticket: 1262 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15493 dc483132-0cff-0310-8789-dd5450dbe970
*	Missing prototype for krb5_db_iterate_ext	Ezra Peisach	2003-05-25	2	-0/+8
\| \| \| \| \| \| \| \|	* kdb.h: Add prototype for krb5_db_iterate_ext. Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15492 dc483132-0cff-0310-8789-dd5450dbe970
*	Big step towards integrating libkrb524 into libkrb5:	Ken Raeburn	2003-05-24	54	-881/+758
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Move libkrb524 code, including error table, into libkrb5. Now libkrb5 initialization pulls in the krb524 error table, so krb524_init_ets is gone; all calls deleted. Move krb4 life/time conversion functions into libkrb5 under new names, using accessor hooks to get at them from libkrb4. Move declarations from krb524.h into krb5.h, k5-int.h, or krb524d.h; the last doesn't get copied into the include directory. Changed inclusions of krb524.h to the appropriate files, if any were needed. Rebuilt dependencies in Makefiles. These changes are likely to break the Windows build; I'll look into that soon. ticket: 1491 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15491 dc483132-0cff-0310-8789-dd5450dbe970
*	make-depend updates	Ken Raeburn	2003-05-24	46	-1015/+1003
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15490 dc483132-0cff-0310-8789-dd5450dbe970
*	When generating etype_info2 for DES style keys, use s2kparams to	Sam Hartman	2003-05-24	4	-12/+58
\| \| \| \| \| \| \| \| \| \| \| \|	communicate the type if the key has afs3 salt. If such s2kparams are received by the client, use the afs string2key function to process the key. Ticket: 1512 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15489 dc483132-0cff-0310-8789-dd5450dbe970
*	Populate etype_info_entry.s2kparams.data	Sam Hartman	2003-05-24	2	-1/+7
\| \| \| \| \| \| \| \| \| \| \|	The ASN.1 decoder for etype_info_entry accidentally throws away the pointer to s2kparams data. Don't Correctly store the pointer. Ticket: new Target_Version: 1.3 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15488 dc483132-0cff-0310-8789-dd5450dbe970
*	use kdc_default_options	Sam Hartman	2003-05-23	2	-1/+5
\| \| \| \| \| \| \| \| \| \| \|	The documentation and context initialization supports an option called kdc_default_options which is an integer that sets the default KDC request flags. Make the code actually use the option. Ticket: new Component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15485 dc483132-0cff-0310-8789-dd5450dbe970
*	Memory leak in kdc etype_info2 preauth	Ezra Peisach	2003-05-23	2	-2/+14
\| \| \| \| \| \| \| \| \| \| \| \|	* kdc_preauth.c (return_etype_info2): After encoding the etype_info2 and copying the pointers to the pa_data, free the krb5_data pointer. Ticket: new Target_Version: 1.3 Tags: pickup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15483 dc483132-0cff-0310-8789-dd5450dbe970
*	* gen_seqnum.c (krb5_generate_seq_number): Fix think-o on sequence	Tom Yu	2003-05-23	2	-1/+4
\| \| \| \| \| \| \| \| \|	number mask. ticket: 1262 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15480 dc483132-0cff-0310-8789-dd5450dbe970
*	Implement heuristic for matching broken Heimdal sequence number encodings	Tom Yu	2003-05-23	7	-2/+188
\| \| \| \| \| \| \| \| \|	ticket: 1263 target_version: 1.3 tags: pullup status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15479 dc483132-0cff-0310-8789-dd5450dbe970
*	* kt_file.c (krb5_ktfile_get_entry): Check principal name prior to	Tom Yu	2003-05-22	2	-8/+13
\| \| \| \| \| \| \| \| \| \|	checking enctype. Suggested by Wyllys Ingersoll. ticket: 1229 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15470 dc483132-0cff-0310-8789-dd5450dbe970
*	Default KRB5_DEPRECATED to 0, but force it to 1 for in-tree stuff	Tom Yu	2003-05-22	4	-15/+16
\| \| \| \| \| \| \| \|	ticket: 1483 tags: pullup status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15469 dc483132-0cff-0310-8789-dd5450dbe970
*	Log transited checkd not done as info not error	Sam Hartman	2003-05-22	2	-1/+3
\| \| \| \|	git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15468 dc483132-0cff-0310-8789-dd5450dbe970
*	Provide an explicit list of options not to be allowed in AS requests	Sam Hartman	2003-05-22	2	-5/+10
\| \| \| \| \| \| \| \| \|	rather than disallowing all unknown options. Ticket: 1202 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15467 dc483132-0cff-0310-8789-dd5450dbe970
*	Cross realm checks can check beyond end of buffer	Ezra Peisach	2003-05-22	2	-1/+6
\| \| \| \| \| \| \| \| \| \| \|	* keytab.c (is_xrealm_tgt): Use strncmp instead of strcmp - as principal and realm name do not need to be null terminated. ticket: new tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15466 dc483132-0cff-0310-8789-dd5450dbe970
*	krb5int_populate_gic_opt should return void	Sam Hartman	2003-05-22	4	-2/+10
\| \| \| \| \| \| \| \| \| \| \|	Since none of the functions it calls can return an error, this should return void. Ticket: new Target_Version: 1.3 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15465 dc483132-0cff-0310-8789-dd5450dbe970
*	* kdb5_mkdums.c (main): When attempting to register writable	Ezra Peisach	2003-05-22	2	-2/+9
\| \| \| \| \| \| \| \| \| \|	keytab, do not fail if error is KRB5_KT_TYPE_EXISTS. Ticket: 1501 Target_Version: 1.3 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15464 dc483132-0cff-0310-8789-dd5450dbe970
*	Set length correctly in krb5_get_in_tkt_with_password if password is	Tom Yu	2003-05-21	9	-25/+50
\| \| \| \| \| \| \| \| \| \|	actually passed in. Also, fix test suite to be more lenient about password prompts, which changed under the previous patches for this ticket. ticket: 1480 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15463 dc483132-0cff-0310-8789-dd5450dbe970
*	krb5_get_in_tkt now only supports old (non-etype-info2) enctypes	Sam Hartman	2003-05-20	2	-1/+18
\| \| \| \| \| \| \|	Ticket: 1480 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15462 dc483132-0cff-0310-8789-dd5450dbe970
*	Implement krb5_get_in_tkt_with_password and	Sam Hartman	2003-05-20	9	-258/+165
\| \| \| \| \| \| \| \| \| \| \| \|	krb5_get_in_tkt_with_keytab in terms of krb5_get_init_creds. It turns out that these do in fact need to use get_init_creds not get_init_creds_{password,keytab} because of those functions do not allow the AS request to be returned. Ticket: 1480 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15461 dc483132-0cff-0310-8789-dd5450dbe970