oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,060 Commits 2 Branches 2 Tags
29603ecb161b4e7db0e80cb15d1ac3873a93adf0
Commit Graph

4771 Commits

Author SHA1 Message Date
Andrew Bartlett
a42b77fb22 heimdal Add handling for PAC signatures over all encryption types 
There are exceptions from the expected behaviour of 'checksum type
matches key type' that we must deal with here, or else we can't serve
DES-only servers.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-06 19:56:48 +01:00
Simon Wilkinson
1d9072f026 krb5: reorganise crypto.c 
lib/krb5/crypto.c was a large, monolithic block of code which made
it very difficult to selectively enable and disable particular
alogrithms.

Reorganise crypto.c into individual files for each encryption and
salt time, and place the structures which tie everything together
into their own file (crypto-algs.c)

Add a non-installed library (librfc3961) and test program
(test_rfc3961) which builds a minimal rfc3961 crypto library, and
checks that it is usable.
 2010-11-03 11:12:24 +00:00
Love Hornquist Astrand
6184422fef compare the value of the client realm now that it might not be the same pointer 
fixes the check-delegate test that the new direct hop patch broke
 2010-11-01 13:46:56 -07:00
Love Hornquist Astrand
a16f7ea0ab add missing 
prototype
 2010-10-31 01:09:24 -07:00
Asanka C. Herath
a73d30e619 get_cred_kdc_capath() always try direct cross-realm first 2010-10-31 01:04:27 -07:00
Love Hornquist Astrand
6f9a423c0a add libheimbase.la 2010-10-30 13:59:19 -07:00
Love Hornquist Astrand
e0a1e0a806 simplify 2010-10-27 20:48:55 -07:00
Love Hornquist Astrand
edc1c3e2a1 add heimbase.h 2010-10-27 20:43:15 -07:00
Love Hornquist Astrand
7259b7deff new way to run plugins that have less overhead (code and performance vice) 2010-10-27 20:42:35 -07:00
Love Hornquist Astrand
ba8fe4b799 load plugin once 2010-10-27 20:42:01 -07:00
Jan Rękorajski
99f690fd19 krb5_cc_last_change_time is missing 2010-10-18 16:07:59 -07:00
Love Hornquist Astrand
0a608964a4 only set error code in case of failure, add comment 2010-10-02 12:13:19 -07:00
Love Hornquist Astrand
0789271ebb indent, return error code 2010-10-02 11:59:53 -07:00
Andrew Bartlett
7ea9ccf737 heimdal: added verbose logging of hemimdal crypto errors 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-02 11:56:26 -07:00
Buck Huppmann
799956e9b7 Check if we should enable weak crypto before parsing enctypes list 
This since the enctypes lists doesn't include weak crypto alg in the
resulting list.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-02 11:28:20 -07:00
Love Hornquist Astrand
6beb058640 Handle picky windows RODC servers 2010-10-01 17:49:05 -07:00
Love Hornquist Astrand
1072afd6bf Andrew Bartlet pointed out that the patch was incomplete, update and write doxygen. 2010-09-30 00:44:35 -07:00
Love Hornquist Astrand
f454f45fbf If the hostname contains a dot, assumes it's a FQAN and don't use 
search domains since that might be painfully slow when machine is
disconnected from that network.

Found by Tridge
 2010-09-28 22:37:01 -07:00
Karolin Seeger
035106be97 s4-krb5: Fix typos in comment. 
Karolin

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-09-26 15:12:09 -07:00
Asanka C. Herath
cad554ad3d Generalize MSLSA ccache type to a plug-in based ccache type 2010-09-18 23:50:38 -04:00
Love Hornquist Astrand
fea391eb96 remove prefix zeros 2010-09-18 14:45:33 -07:00
Love Hornquist Astrand
8668bfaefc less brokenness 2010-09-18 11:55:59 -07:00
Love Hornquist Astrand
9907781fa3 make address a full adress 2010-09-18 11:26:09 -07:00
Love Hornquist Astrand
4328f3980f make addresses not use compression in the middle since diffrent 
inet_ntop have diffrent way to format them
 2010-09-17 12:20:29 -07:00
Anton Lundin
46a4a64dfe ifdef away code to be able to build with --disable-krb4 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-09-16 22:47:14 -07:00
Love Hornquist Astrand
0bfd697f62 use krb5_unparse_name instead of krb5_unparse_name_short since that doesnt fail. From Zdenek Hatas 2010-09-16 20:59:35 -07:00
Love Hornquist Astrand
6a57e6a784 make test pass 2010-09-15 21:57:48 -07:00
Asanka Herath
b3797f428b Add krb5_c_random_make_octets() to mit_glue.c 2010-09-14 08:04:19 -04:00
Asanka Herath
80599fcd94 Define KRB5_TC_OPENCLOSE and KRB5_TC_NOTICKET in krb5.h 2010-09-14 08:04:18 -04:00
Asanka Herath
e447009d1b Add krb5_free_default_realm() to MIT glue 2010-09-14 08:04:18 -04:00
Asanka Herath
d4a80084f1 Don't return a freed pointer in allocate_ccache() 2010-09-14 08:04:17 -04:00
Asanka Herath
fa4021698e Handle Windows pathnames properly in krb5_cc_resolve() 
On Windows, a pathname can contain a drive letter and a colon.
krb5_cc_resolve() used to check whether there were any colons in the
ccache name string and assume it is a FILE: cache if there weren't.
In addition, on Windows, check for a drive specification.
 2010-09-14 08:04:17 -04:00
Asanka Herath
a7ccfa0717 Define KRB5_TC_NOTICKET 2010-09-14 08:04:15 -04:00
Asanka Herath
5c39c25c77 Fix comment 2010-09-14 08:04:14 -04:00
Asanka Herath
c93c2c72be Additional MIT glue 
Add compatible exports for:

krb5_auth_con_getsendsubkey()
krb5_auth_con_getrecvsubkey()
krb5_auth_con_setsendsubkey()
krb5_auth_con_setrecvsubkey()
 2010-09-14 08:04:14 -04:00
Asanka Herath
ff9cb6572d Deal with NULL or empty input for expand_path_tokens() 
_krb5_expand_path_tokens() should return an empty string if the input
string is empty or NULL, instead of always returning a NULL for these
two cases.
 2010-09-14 08:04:13 -04:00
Asanka Herath
e8e56defaf Don't rely on non-CCAPI v3 exports 
krb5_ipc_client_set_target_uid() and krb5_ipc_client_clear_target()
may not be present in CCAPI plug-in.  Don't rely on their existence.
 2010-09-14 08:04:12 -04:00
Asanka Herath
ba02163f2e Windows: Don't ignore failure in test_addr from now on 2010-09-14 08:04:12 -04:00
Asanka Herath
9db9b146fb Windows: Add support for MSLSA: cache type using a plug-in 2010-09-14 08:04:11 -04:00
Asanka Herath
96dadaaeff Windows: Decorate krb5_cc_copy_creds export definition 2010-09-14 08:03:37 -04:00
Asanka Herath
4925fb863c Address of an imported symbol is not always a constant 
On Windows, the address of a symbol imported from a DLL is not
considered a constant.  Therefore, it can't be used to initialized
static data.
 2010-09-14 08:03:37 -04:00
Asanka Herath
4b36b36e0b Add roken/rename.c to fix non-standard rename() 
roken/rename.c is for platforms where the native rename()
implementation does not replace the target if it already exists.  This
implementation isn't atomic, but should be close enough for most
purposes.

For correct behavior, rk_rename() should be used instead of rename().
rk_rename() is #defined to be rename() on platforms where this fix is
not necessary.
 2010-09-14 08:03:34 -04:00
Asanka Herath
6cc480fc09 Additional tests cases for test_addr.c 
On platform where we build our own inet_ntop(), exercise it a bit
more.  Specifically for zero string compression of IPv6 addresses.
 2010-09-14 08:03:33 -04:00
Asanka Herath
bd795255aa Fix fcc_remove_cred() on platforms with non-standard rename() 2010-09-14 08:03:31 -04:00
Asanka Herath
b74fa12602 Windows: Have test binaries depend on built libraries 2010-09-14 08:03:30 -04:00
Love Hornquist Astrand
ba5c014af0 add krb5_get_permitted_enctypes 2010-09-08 22:04:03 -07:00
Love Hornquist Astrand
3798647400 Define HAVE_CFPROPERTYLISTCREATEWITHSTREAM if this is 10.6 or newer 2010-09-08 12:22:12 -07:00
Love Hornquist Astrand
d893207413 add check-rd-req-server 2010-09-01 21:56:17 -07:00
Love Hornquist Astrand
856c1c0a86 accept >= 0 and valid return codes from RAND_bytes due to broken engine from the isc bind implementation, reported by Sam Liddicott 2010-09-01 21:00:07 -07:00
Asanka Herath
f88854effa Windows: Correct calling convention for krb5_free_unparsed_name() 2010-08-20 13:14:14 -04:00