oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,143 Commits 2 Branches 2 Tags
03a08825d04d285c8b4d3b4fab0806d9d382e3cc
Commit Graph

29143 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicolas Williams
c433fefb23 Fix contributewd by Roland Dowdeswell for 64-bit bug in name canon patches 2011-10-27 17:34:57 -05:00
Nicolas Williams
0b6639dcce Fix makefile bug for name canon testing 2011-10-22 14:55:48 -05:00
Nicolas Williams
612e5c2a12 Test name canon rules via GSS and put kdc tests last 
Put kdc last in tests/Makefile.am.  There's two tests in tests/kdc
    that have been failing for a long time, and that causes the
    remaining tests to not be run.  By putting kdc last those tests do
    run.
 2011-10-22 14:54:27 -05:00
Nicolas Williams
ce04492b36 Fix silly bug in krb5_get_credentials_with_flags() 2011-10-22 14:54:27 -05:00
Nicolas Williams
9c8ceada75 Fix test bug, add test of DNS resolver searchlist name canon rule 2011-10-22 14:54:26 -05:00
Nicolas Williams
8fde93e3fb Initial name canon rules tests (just kgetcred) 2011-10-22 14:54:26 -05:00
Nicolas Williams
5c54736678 Removed "weak" option and implemented use-referrals/no-referrals 2011-10-22 14:54:26 -05:00
Nicolas Williams
c764ad95e5 Document name canonicalization rules 2011-10-22 14:54:26 -05:00
Nicolas Williams
e1be4482ac Improve kgetcred support for name canon rules and document 2011-10-22 14:54:26 -05:00
Nicolas Williams
f4471b11d6 Call krb5_set_error_message() and don't clobber ret in debug code 2011-10-22 14:54:25 -05:00
Nicolas Williams
248e1eb772 Cleanups: s/\<assert\>/heim_assert/ 2011-10-22 14:54:25 -05:00
Nicolas Williams
9f5a43084c Cleanups: s/ENOMEM/krb5_enomem(context)/ 2011-10-22 14:54:25 -05:00
Nicolas Williams
2f03603d6b Cleanups: s/krb5int_/_krb5_/ and moved priv stuff from krb5.h 2011-10-22 14:54:25 -05:00
Nicolas Williams
001fc24102 Removed vestiges of no-reverse-lookup/reverse-lookup option that was never implemented 2011-10-22 14:54:24 -05:00
Nicolas Williams
a5e77c578e Deferred hostname canon using name canon rules 2011-10-22 14:54:13 -05:00
Love Hornquist Astrand
587cf45846 add @anchor 2011-10-20 22:09:40 +02:00
Love Hornquist Astrand
b1012edee3 add 
krb5_auth_con_getsendsubkey
 2011-10-19 21:11:12 +02:00
Love Hornquist Astrand
fed3050bc0 use ` instead of $( to please legacy solaris /bin/sh 2011-10-19 11:36:18 +02:00
Love Hornquist Astrand
33f717edb2 Only set msg in case we have one, from Rangar Sundblad 2011-10-19 10:38:59 +02:00
Nicolas Williams
6bcdba3a38 Fix autogen.sh to be portable and fail when autoreconf fails 2011-10-17 16:27:58 -05:00
Nicolas Williams
d56bb35a50 Fix autogen.sh to be more portable and to fail when autoreconf fails 2011-10-17 15:47:50 -05:00
Love Hornquist Astrand
f7efe9516f more references 2011-10-14 14:58:29 +02:00
Love Hornquist Astrand
7b77de50a0 kadmin modify --pkinit-acl example 2011-10-14 14:53:50 +02:00
Love Hornquist Astrand
28563373a8 more documentation about pkinit 2011-10-14 14:49:00 +02:00
Love Hornquist Astrand
1b88a3b6c7 Only does implicit matching for first component, reported by Harry Coin 2011-10-14 00:33:57 +02:00
Love Hornquist Astrand
d6474982e5 document kdc options 2011-10-12 15:37:24 +02:00
Love Hornquist Astrand
c2be6a8580 we have @subsection Configure the KDC, let remove the XXX 2011-10-12 15:29:59 +02:00
Love Hornquist Astrand
f574312ce1 remove kaserver ref 2011-10-12 12:41:00 +02:00
Love Hornquist Astrand
a061e7b22f remove kaserver ref 2011-10-12 12:40:59 +02:00
Love Hornquist Astrand
8192b9ed35 remove refernces to kerberos 4 and kaserver 2011-10-12 12:40:59 +02:00
Nicolas Williams
4c6976a6bd Fix check-des 
The previous fix was incomplete.  But it also finally uncovered an
    old check-des problem that I'd had once and which may have gotten
    papered over by changing the default of one of the *strongest* KDC
    parameters.  The old problem is that we were passing the wrong
    enctype to _kdc_encode_reply(): we were passing the session key
    enctype where the ticket enc-part key's enctype was expected.

    The whole enctype being passed in is superfluous anyways.  Let's
    clean that up next.
 2011-10-12 01:17:54 -05:00
Nicolas Williams
12cd2c9cbd Fix TGS ticket enc-part key selection 
When I added support for configuring how the KDC selects session,
    reply, and ticket enc-part keys I accidentally had the KDC use the
    session key selection algorithm for selecting the ticket enc-part
    key.  This becomes a problem when using a Heimdal KDC with an MIT
    KDB as the HDB backend and when the krbtgt keys are not in
    strongest-to-weakest order, in which case forwardable tickets minted
    by the Heimdal KDC will not be accepted by MIT KDCs with the same
    KDB.
 2011-10-11 23:57:58 -05:00
Love Hornquist Astrand
8aceafc430 moved to lib/gssapi/oid.txt 2011-10-11 20:28:29 +02:00
Luke Howard
f48061bda7 check localname attr authenticated 2011-10-08 12:23:25 +11:00
Luke Howard
07777511d1 implement gss_localname 2011-10-08 12:15:09 +11:00
Nicolas Williams
1b03abb250 This should be the final fix for enctype 0 issues (tested) 
But how to build an MIT KDB with enctype 0 keys for testing in
    Heimdal?  Hmmm...
 2011-10-06 00:55:54 -05:00
Nicolas Williams
e15cabe10a Fix for enctype 0 / length 0 keys in MIT HDB backend was incomplete 2011-10-05 17:50:26 -05:00
Nicolas Williams
3d6f86af27 Fix segfault in hdb-mitdb when princ have salt 2011-10-02 23:08:37 -05:00
Love Hornquist Astrand
ee7340860a remove classic input 2011-10-02 17:23:26 +02:00
Love Hornquist Astrand
391bce7ca2 lets try classic input() too 2011-10-02 13:46:28 +02:00
Love Hornquist Astrand
49b471f1a2 Heimdal 1.5.1 2011-10-02 13:26:37 +02:00
Love Hornquist Astrand
923f3a434f free krb5_storage when dne 2011-09-30 12:44:34 +02:00
Love Hornquist Astrand
3c0e9b8fd1 dont use bool since its c99 2011-09-30 11:49:01 +02:00
Love Hornquist Astrand
b76f6f1e93 add more people 2011-09-29 13:58:23 +02:00
Love Hornquist Astrand
a1738def66 solaris want's _XOPEN_SOURCE set to 600, From Ragnar Sundblad 2011-09-29 13:57:24 +02:00
Love Hornquist Astrand
240b298e61 Simplify base/section rules, patch from David R Boldt 2011-09-29 13:52:06 +02:00
Nicolas Williams
1de3db5678 Make getpwnam_r() check work on Ubuntu 
NULL is not defined w/o including stddefs.h, so the test program
    fails to compile.  A simple s/NULL/0/ fixes it.
 2011-09-27 17:32:11 -05:00
Nicolas Williams
4ae39ce0b3 Added one more export to libheimbase -- needed by tests 2011-09-27 16:29:11 -05:00
Nicolas Williams
cdceea1b3e Revert "A simple (but wrong?) fix for Solaris build issues" 
This reverts commit 6a7f2a5b2e.
 2011-09-27 16:05:34 -05:00
Nicolas Williams
e927695a5d Better fix for the Solaris getpwnam_r() build issue 2011-09-27 16:05:03 -05:00