Add krb5_allow_weak_crypto parallel to the API introduced in MIT
Kerberos 1.8. Enables or disables all enctypes marked as weak.
Add a new enctype flag marking weak enctypes (all of the ones that
are disabled by default).
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
krb5_principal_get_num_comp was prototyped as a public function but
not exported from libkrb5. Add it to the export version map.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
* h-github/master: (64 commits)
refix socket wrappers with rk_
Patch from Secure Endpoints/Asanka Herath for windows support
unset KRB5CCNAME
its really just LIBADD more most of them
correct quoting
Use -lpthread for modern freebsd instead
clean KRB5CCNAME and KRB5_CONFIG, require test to reset them
more up ${env_setup}
use PTHREADS_LIBADD for freebsd6 and newer
add PTHREAD_LIBADD
add PTHREAD_LIBADD
add PTHREAD_LIBADD
switch to PTHREADS_LIBADD
log what the error string say too
More debug logging
sprinkle more 'echo "test failed"'
sprinkle 'echo "test failed"'
use calloc(), indent more prettier
in sh, equal compare is really = for strings, not ==
Check for duplicates, already loaded mechs
...
Conflicts (resolved):
lib/krb5/auth_context.c
lib/krb5/changepw.c
lib/krb5/context.c
lib/krb5/error_string.c
lib/krb5/kuserok.c
lib/krb5/libkrb5-exports.def.in
lib/krb5/net_write.c
lib/krb5/store_fd.c
lib/krb5/test_cc.c
lib/roken/strerror_r.c
This usually occurs when re-initializing a file credential
cache over the top of an existing one.
This was meant to be fixed in commit 48cb3aa by calling
fcc_destroy(), but that only unlinks the "from" file
(which was already renamed or unlinked) but still doesn't
free the in-memory credentials. Using fcc_close() instead of
fcc_destroy() frees the leaked in-memory credentials.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
When a socket and a file descriptor aren't interchangeable, these
functions should be able to determine whether it has received one or
the other and act accordingly.
This assumes that a fd can be cast into a SOCKET.
