Application developers have a tendency to use krb5_get_error_message()
as a drop in replacement for error_message() and under various
circumstances they pass in a NULL context. This method works fine
for MIT's implementation which ignores the context but in Heimdal
passing in a NULL context would dump core.
This patch set modifies krb5_get_error_message() in order to
permit the passing of a NULL context. First, if the context
is NULL, an attempt will be made to allocate one locally for
the purpose of evaluating the error code. Second, if a local
context cannot be allocated, fall back on calling error_message().
If error_message() fails to return a string, then generate an
"unknown error" response.
Only if all of the above fails is NULL returned.
Change-Id: If4baf7d6c428cf0baf11c044b8dfd5c2b3cdf7e4
Add _krb5_set_default_cc_name_to_registry() function and
call use it on Windows to set the user's default credential cache.
Change-Id: Ib59ff218a098a841bc61846abf873736380b5c6c
The new _krb5_store_string_to_reg_value() function permits
the caller to create REG_SZ, REG_EXPAND_SZ, REG_DWORD, and
REG_MULTI_SZ entries in the registry.
Change-Id: Ib5740ad07209618d8ea4c0bf3c75615f27e98b4e
commit 0ed83cebd3 removed the
weak enctypes from the default enctype list. This is a change
in behavior from 1.5.x which permitted the use of weak enctypes
if "allow_weak_crypto" is set to true. This patchset creates
two default enctype lists. One with weak enctypes and the other
without. The weak version is used if "allow_weak_crypto" is set
to true.
Change-Id: Ide5cce0645836249031350bfaf619d970635e579
Several additional posix errnos are now used within Heimdal.
Add definitions for them.
With the introduction of VS2010 VC errno.h now includes definitions
for the full posix error number list. Instead of mapping errno values
to Winsock errors, use the new VS2010 assignments.
Change-Id: Ieb7c5efbcbedb1c10d56e5c8a63ddd58a15df9b1
Also: add support for ignoring null enctype / zero-length keys,
which *can* be found in MIT DB entries created in pre-historic
times.
Also: make the mitdb HDB backend more elegant (e.g., use the ASN.1
compiler's generated sequence/array utility functions.
Also: add a utility function needed for kadm5 kvno change
improvements and make kadmin's mod --kvno work correctly and
naturally.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Heimdal can be executed in environments in which the user
account profile is not loaded. In such environments it is
not possible to use PROV_RSA_FULL as it stores required
data within the profile. Instead, fallback to PROV_RNG which
does not store data within the profile and can be used to access
secure random number generator routines.
Change-Id: If600246f39645ed6bf5af0dd237f5adfddcf6c0c
on a big endian machine, usage of this file in the kernel
is somewhat troublesome since the linux kernel already has
a well known global/#define called current.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
This will be used to indicate to the backend if a fetch is for
an AS REQ or TGS REQ. Samba needs to take some action in the
HDB_F_FOR_TGS_REQ case and always canonicalize the principal
names, even without HDB_F_CANON.
metze
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
The 'min_args' and 'max_args' values were ignored whenever
an 'argument' value was not present as a child of the 'command'.
'argument' values are often specified as children of the 'option'
value when more than one 'option' is an argument.
This patchset counts the number of 'argument' values specified
under a 'command' regardless of the level at which it appears.
If there are any 'argument' values, the 'min_args' and 'max_args'
are used to generate validation code for the 'command'.
Change-Id: Idc6129b4ff29914ac990f693b4dba51a30bdc971
