Commit Graph

15861 Commits

Author SHA1 Message Date
Nicolas Williams
c757eb7fb0 Rename and fix as/tgs-use-strongest-key config parameters
Different ticket session key enctype selection options should
    distinguish between target principal type (krbtgt vs. not), not
    between KDC request types.
2011-11-25 17:21:04 -06:00
Nicolas Williams
7d04b50398 Merge branch 'kdc-tester' 2011-11-22 17:08:33 -06:00
Nicolas Williams
81293d9334 krb5_get_init_creds*() should not krb5_cc_close() the FAST ccache! 2011-11-22 17:04:35 -06:00
Nicolas Williams
ad60b236a0 Add missing symbols to export list 2011-11-22 17:04:03 -06:00
Love Hornquist Astrand
35848f5869 use low match distance for helping, or use ask user to use "help" 2011-11-22 13:58:41 -08:00
Love Hornquist Astrand
00494ac136 use sl_did_you_mean 2011-11-22 12:21:15 -08:00
Love Hornquist Astrand
e0613d6aa6 use ? 2011-11-22 12:19:04 -08:00
Love Hornquist Astrand
623bd64f0c use sl_did_you_mean 2011-11-22 12:18:48 -08:00
Love Hornquist Astrand
d26df6ba7f export sl_did_you_mean that uses OptimalStringAlignmentDistance to propose an alternative 2011-11-22 12:18:37 -08:00
Love Hornquist Astrand
118f99e308 tell if keytab is missing principal 2011-11-22 11:00:51 -08:00
Love Hornquist Astrand
f2319c2458 better help on unknown command 2011-11-22 11:00:51 -08:00
Love Hörnquist Åstrand
354ef711f3 restructure 2011-11-21 20:34:35 -08:00
Love Hörnquist Åstrand
1d7c483db2 use get and set 2011-11-21 20:34:35 -08:00
Love Hornquist Astrand
8a0e0f9472 do m-r on more then one prime 2011-11-21 20:33:53 -08:00
Stefan Metzmacher
7ecbac23f6 lib/krb5: add utf8 support to build_logon_name() for the PAC
Pair-Programmed-With: Arvid Requate <requate@univention.de>

metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-11-16 19:42:45 -08:00
Stefan Metzmacher
55d66f2aff lib/wind: export wind_ucs2write()
Pair-Programmed-With: Arvid Requate <requate@univention.de>

metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-11-16 19:42:45 -08:00
Stefan Metzmacher
805304d3f8 lib/winbd: fix wind_ucs2write with WIND_RW_LE
Pair-Programmed-With: Arvid Requate <requate@univention.de>

metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-11-16 19:42:44 -08:00
Stefan Metzmacher
dcd34e5967 lib/wind: fix wind_ucs4utf8() and wind_ucs2utf8()
Pair-Programmed-With: Arvid Requate <requate@univention.de>

metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-11-16 19:42:44 -08:00
Nicolas Williams
349609ed20 Initial test of x-realm TGT w/ kvno 0 and key rollover
NOTE: The test runs and succeeds, but the client seems to be getting
	  a new x-realm TGT after we set the kvno to 0 or remove the
	  kvno from the tickets.  This means we're not really testing
	  the TGS paths!  So this test is not yet ready.
2011-11-15 21:53:34 -06:00
Nicolas Williams
c9609cdb37 Initial patch for dealing with AD x-realm key rollover
AD issues x-realm TGTs with kvno 0.  On key x-realm trust key change
    we need to be able to try current and previous keys for trust, else
    we will have some failures.
2011-11-15 21:53:33 -06:00
Love Hörnquist Åstrand
01ddeee37f use heim_verbose 2011-11-13 10:01:40 -08:00
Nicolas Williams
19b6c47f72 Handle 1DES enctype similarity in MIT HDB
We have some cross-realm principals in an MIT KDB with one kind of
    1DES enctype, but the other realm's KDCs issue x-realm TGTs where
    the ticket encpart key enctype is a different 1DES enctype.  We need
    this to work if we use Heimdal with the MIT HDB backend.

    An alternative would be to check for similar (or, rather,
    compatible) enctypes in the KDC (and elsewhere?).  This patch avoids
    the need to make such ugly changes elsewhere.
2011-11-09 00:59:15 -06:00
Nicolas Williams
40a7d4b62f More fixes for -Werror (GCC 4.6 catches more stuff) 2011-11-02 23:20:55 -05:00
Nicolas Williams
3bebbe5323 Fixes to make Heimdal -Wall -Werror clean
These fixes make developer mode build, at least on Ubuntu.
2011-11-02 21:42:08 -05:00
Love Hörnquist Åstrand
9c830f5237 indent 2011-10-31 22:10:09 -07:00
Love Hörnquist Åstrand
877df213eb make sure we don't use stack content, don't count on that unsigned value can be negative 2011-10-31 22:05:42 -07:00
Love Hörnquist Åstrand
2e2b5daf7a send output to /dev/null 2011-10-31 21:27:51 -07:00
Nicolas Williams
c353962428 Oops, mismerge in principal.c 2011-10-31 00:29:36 -05:00
Nicolas Williams
104bb8ef53 Fix unitialized HDB_extension problem (specifically the mandatory field) 2011-10-31 00:20:05 -05:00
Nicolas Williams
7da9d7d75f Fix memory leak in name canon rule iterator 2011-10-31 00:15:07 -05:00
Love Hornquist Astrand
6436cd99b7 remove lex_classic_input(void) prototype 2011-10-29 19:13:04 -07:00
Love Hornquist Astrand
42e6fb794d avoid const warning 2011-10-29 19:10:20 -07:00
Nicolas Williams
1192120b86 Fix 64-bit warnings in name canon rules code 2011-10-29 16:48:56 -05:00
Love Hörnquist Åstrand
1fe4d77846 remove getprogname.c 2011-10-28 20:36:40 -07:00
Love Hörnquist Åstrand
a57988153e indent 2011-10-28 20:08:08 -07:00
Love Hörnquist Åstrand
f1e7d2ccba allow checksum type NULL since des3-cbc-null uses it (gss-api mech) 2011-10-28 19:54:02 -07:00
Love Hörnquist Åstrand
b4972bd4f0 no longer need getprogname() 2011-10-28 19:31:05 -07:00
Love Hörnquist Åstrand
3570802d59 use getprogname if we have, otherwise punt, remove roken dependency 2011-10-28 19:30:55 -07:00
Love Hörnquist Åstrand
1a1bd736c0 merge support for FAST in as-req codepath 2011-10-28 19:25:48 -07:00
Nicolas Williams
3a393427e9 krb5_principal_compare() can't return errors... 2011-10-27 22:57:02 -05:00
Nicolas Williams
c433fefb23 Fix contributewd by Roland Dowdeswell for 64-bit bug in name canon patches 2011-10-27 17:34:57 -05:00
Nicolas Williams
0b6639dcce Fix makefile bug for name canon testing 2011-10-22 14:55:48 -05:00
Nicolas Williams
ce04492b36 Fix silly bug in krb5_get_credentials_with_flags() 2011-10-22 14:54:27 -05:00
Nicolas Williams
8fde93e3fb Initial name canon rules tests (just kgetcred) 2011-10-22 14:54:26 -05:00
Nicolas Williams
5c54736678 Removed "weak" option and implemented use-referrals/no-referrals 2011-10-22 14:54:26 -05:00
Nicolas Williams
c764ad95e5 Document name canonicalization rules 2011-10-22 14:54:26 -05:00
Nicolas Williams
f4471b11d6 Call krb5_set_error_message() and don't clobber ret in debug code 2011-10-22 14:54:25 -05:00
Nicolas Williams
248e1eb772 Cleanups: s/\<assert\>/heim_assert/ 2011-10-22 14:54:25 -05:00
Nicolas Williams
9f5a43084c Cleanups: s/ENOMEM/krb5_enomem(context)/ 2011-10-22 14:54:25 -05:00
Nicolas Williams
2f03603d6b Cleanups: s/krb5int_/_krb5_/ and moved priv stuff from krb5.h 2011-10-22 14:54:25 -05:00