oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,006 Commits 2 Branches 2 Tags
0e6bd29e44a16b35cd709f450f6771f0dd32f128
Commit Graph

27006 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Love Hornquist Astrand
483afb3390 avoid compile warning 2011-10-29 19:14:14 -07:00
Love Hornquist Astrand
6436cd99b7 remove lex_classic_input(void) prototype 2011-10-29 19:13:04 -07:00
Love Hornquist Astrand
42e6fb794d avoid const warning 2011-10-29 19:10:20 -07:00
Nicolas Williams
1192120b86 Fix 64-bit warnings in name canon rules code 2011-10-29 16:48:56 -05:00
Love Hörnquist Åstrand
1fe4d77846 remove getprogname.c 2011-10-28 20:36:40 -07:00
Love Hörnquist Åstrand
a57988153e indent 2011-10-28 20:08:08 -07:00
Love Hörnquist Åstrand
f06e684ece recover lost check-kdc.in 2011-10-28 20:03:20 -07:00
Love Hörnquist Åstrand
f1e7d2ccba allow checksum type NULL since des3-cbc-null uses it (gss-api mech) 2011-10-28 19:54:02 -07:00
Love Hörnquist Åstrand
f0fb8b1bef merge error 2011-10-28 19:34:35 -07:00
Love Hörnquist Åstrand
b4972bd4f0 no longer need getprogname() 2011-10-28 19:31:05 -07:00
Love Hörnquist Åstrand
3570802d59 use getprogname if we have, otherwise punt, remove roken dependency 2011-10-28 19:30:55 -07:00
Love Hörnquist Åstrand
1a1bd736c0 merge support for FAST in as-req codepath 2011-10-28 19:25:48 -07:00
Nicolas Williams
3a393427e9 krb5_principal_compare() can't return errors... 2011-10-27 22:57:02 -05:00
Nicolas Williams
c433fefb23 Fix contributewd by Roland Dowdeswell for 64-bit bug in name canon patches 2011-10-27 17:34:57 -05:00
Nicolas Williams
0b6639dcce Fix makefile bug for name canon testing 2011-10-22 14:55:48 -05:00
Nicolas Williams
612e5c2a12 Test name canon rules via GSS and put kdc tests last 
Put kdc last in tests/Makefile.am.  There's two tests in tests/kdc
    that have been failing for a long time, and that causes the
    remaining tests to not be run.  By putting kdc last those tests do
    run.
 2011-10-22 14:54:27 -05:00
Nicolas Williams
ce04492b36 Fix silly bug in krb5_get_credentials_with_flags() 2011-10-22 14:54:27 -05:00
Nicolas Williams
9c8ceada75 Fix test bug, add test of DNS resolver searchlist name canon rule 2011-10-22 14:54:26 -05:00
Nicolas Williams
8fde93e3fb Initial name canon rules tests (just kgetcred) 2011-10-22 14:54:26 -05:00
Nicolas Williams
5c54736678 Removed "weak" option and implemented use-referrals/no-referrals 2011-10-22 14:54:26 -05:00
Nicolas Williams
c764ad95e5 Document name canonicalization rules 2011-10-22 14:54:26 -05:00
Nicolas Williams
e1be4482ac Improve kgetcred support for name canon rules and document 2011-10-22 14:54:26 -05:00
Nicolas Williams
f4471b11d6 Call krb5_set_error_message() and don't clobber ret in debug code 2011-10-22 14:54:25 -05:00
Nicolas Williams
248e1eb772 Cleanups: s/\<assert\>/heim_assert/ 2011-10-22 14:54:25 -05:00
Nicolas Williams
9f5a43084c Cleanups: s/ENOMEM/krb5_enomem(context)/ 2011-10-22 14:54:25 -05:00
Nicolas Williams
2f03603d6b Cleanups: s/krb5int_/_krb5_/ and moved priv stuff from krb5.h 2011-10-22 14:54:25 -05:00
Nicolas Williams
001fc24102 Removed vestiges of no-reverse-lookup/reverse-lookup option that was never implemented 2011-10-22 14:54:24 -05:00
Nicolas Williams
a5e77c578e Deferred hostname canon using name canon rules 2011-10-22 14:54:13 -05:00
Love Hornquist Astrand
587cf45846 add @anchor 2011-10-20 22:09:40 +02:00
Love Hornquist Astrand
b1012edee3 add 
krb5_auth_con_getsendsubkey
 2011-10-19 21:11:12 +02:00
Love Hornquist Astrand
fed3050bc0 use ` instead of $( to please legacy solaris /bin/sh 2011-10-19 11:36:18 +02:00
Love Hornquist Astrand
33f717edb2 Only set msg in case we have one, from Rangar Sundblad 2011-10-19 10:38:59 +02:00
Nicolas Williams
6bcdba3a38 Fix autogen.sh to be portable and fail when autoreconf fails 2011-10-17 16:27:58 -05:00
Nicolas Williams
d56bb35a50 Fix autogen.sh to be more portable and to fail when autoreconf fails 2011-10-17 15:47:50 -05:00
Love Hornquist Astrand
f7efe9516f more references 2011-10-14 14:58:29 +02:00
Love Hornquist Astrand
7b77de50a0 kadmin modify --pkinit-acl example 2011-10-14 14:53:50 +02:00
Love Hornquist Astrand
28563373a8 more documentation about pkinit 2011-10-14 14:49:00 +02:00
Love Hornquist Astrand
1b88a3b6c7 Only does implicit matching for first component, reported by Harry Coin 2011-10-14 00:33:57 +02:00
Love Hornquist Astrand
d6474982e5 document kdc options 2011-10-12 15:37:24 +02:00
Love Hornquist Astrand
c2be6a8580 we have @subsection Configure the KDC, let remove the XXX 2011-10-12 15:29:59 +02:00
Love Hornquist Astrand
f574312ce1 remove kaserver ref 2011-10-12 12:41:00 +02:00
Love Hornquist Astrand
a061e7b22f remove kaserver ref 2011-10-12 12:40:59 +02:00
Love Hornquist Astrand
8192b9ed35 remove refernces to kerberos 4 and kaserver 2011-10-12 12:40:59 +02:00
Nicolas Williams
4c6976a6bd Fix check-des 
The previous fix was incomplete.  But it also finally uncovered an
    old check-des problem that I'd had once and which may have gotten
    papered over by changing the default of one of the *strongest* KDC
    parameters.  The old problem is that we were passing the wrong
    enctype to _kdc_encode_reply(): we were passing the session key
    enctype where the ticket enc-part key's enctype was expected.

    The whole enctype being passed in is superfluous anyways.  Let's
    clean that up next.
 2011-10-12 01:17:54 -05:00
Nicolas Williams
12cd2c9cbd Fix TGS ticket enc-part key selection 
When I added support for configuring how the KDC selects session,
    reply, and ticket enc-part keys I accidentally had the KDC use the
    session key selection algorithm for selecting the ticket enc-part
    key.  This becomes a problem when using a Heimdal KDC with an MIT
    KDB as the HDB backend and when the krbtgt keys are not in
    strongest-to-weakest order, in which case forwardable tickets minted
    by the Heimdal KDC will not be accepted by MIT KDCs with the same
    KDB.
 2011-10-11 23:57:58 -05:00
Love Hornquist Astrand
8aceafc430 moved to lib/gssapi/oid.txt 2011-10-11 20:28:29 +02:00
Luke Howard
f48061bda7 check localname attr authenticated 2011-10-08 12:23:25 +11:00
Luke Howard
07777511d1 implement gss_localname 2011-10-08 12:15:09 +11:00
Nicolas Williams
1b03abb250 This should be the final fix for enctype 0 issues (tested) 
But how to build an MIT KDB with enctype 0 keys for testing in
    Heimdal?  Hmmm...
 2011-10-06 00:55:54 -05:00
Nicolas Williams
e15cabe10a Fix for enctype 0 / length 0 keys in MIT HDB backend was incomplete 2011-10-05 17:50:26 -05:00