Roland C. Dowdeswell
74db6a120f
Change #elseif to #elif.
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2012-01-10 22:54:50 +01:00
Love Hornquist Astrand
0d7d3e4ab5
allow overriding default krb5_config_file
2012-01-10 22:54:16 +01:00
Andrew Bartlett
7a89f14aa5
Revert "make paranoia check less paranoid" - check that key types strictly match
...
This reverts commit c25af51232
because
otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a
KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2012-01-10 22:54:16 +01:00
Andrew Bartlett
cdc04ce0ff
make hmac-md5 the keyed checksum type for arcfour-hmac-md5
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2012-01-10 22:54:16 +01:00
Jeffrey Altman
81db1ebce2
Correct d68aee90ed
...
in any case. Both EAI_NODATA and WSANO_DATA can exist at the
same time.
Change-Id: I4378d8d3a5471a472a9b32632b0c70a1d717b951
2012-01-10 10:19:27 -05:00
Jeffrey Altman
d68aee90ed
Windows: translate WSANO_DATA to HEIM_EAI_NODAT
...
Change-Id: I9116ab68b1f2ac4417577125df1efc5a1b42c89e
2012-01-08 17:10:01 -05:00
Nicolas Williams
d769eced7b
Plugin symbols can't have '-' in them... Also add example to krb5-plugin.7
2011-12-22 17:44:47 -06:00
Russ Allbery
911c993757
Fix reauthentication after password change in init_creds_password
...
When retrying authentication after a password change of an expired
password, use the new password instead of the original one. Also,
pass in the correct length for the new password buffer to
change_password and zero the buffer that holds the new password on
function exit.
Signed-off-by: Russ Allbery <rra@stanford.edu >
Signed-off-by: Nicolas Williams <nico@cryptonector.com >
2011-12-22 14:53:08 -06:00
Nicolas Williams
223af60018
Oops, forgot to actually add krb5-plugin.7
...
I use a shell alias that expands to git add -uv ..., and the -u
means new files don't get added :(
2011-12-22 14:42:05 -06:00
Nicolas Williams
25e623a957
Fix doxygen comment in krb5_aname_to_lname()
2011-12-22 11:17:42 -06:00
Nicolas Williams
672f6285ce
Add doxygen docs for some plugin structs
2011-12-22 11:17:21 -06:00
Nicolas Williams
06974f27cb
Add a krb5-plugin.7 manpage to document the plugin system
2011-12-21 13:59:37 -06:00
Love Hornquist Astrand
8e1b58e923
move function pointer to last argument
2011-12-15 21:48:33 -08:00
Love Hornquist Astrand
9cfc014a66
name KRB5_PLUGIN_KUSEROK "kuserok-plugin"
2011-12-15 21:46:43 -08:00
Nicolas Williams
4630ef1bdc
Fix kuserok.c:check_owner_file(), make tests/kdc/check-authz run
2011-12-14 18:01:35 -06:00
Love Hornquist Astrand
477738a80d
try w/o FAST if the KDC doesnt seem to handle it
2011-12-14 08:46:05 -08:00
Love Hornquist Astrand
d453899462
split user and dir, use rk_getpwnam_r
2011-12-12 21:53:41 -08:00
Love Hornquist Astrand
167084b3e7
ident
2011-12-12 21:28:52 -08:00
Andrew Bartlett
0e7437ba2e
HEIMDAL: Supply krb5_context to _krb5_internal_hmac to allow logging
...
Without this, log messages from any abort are not printed to
the samba logs.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2011-12-11 21:45:15 -08:00
Nicolas Williams
35e28dcd5d
Fix incomplete sentence in krb5.conf.5
2011-12-10 14:27:46 -06:00
Nicolas Williams
27ba7a5982
Address code review comments (use .Xr and .Pa macros in krb5.conf.5)
2011-12-10 14:06:16 -06:00
Nicolas Williams
3109770484
Address code review comments (use _krb5_homedir_access())
2011-12-10 14:06:09 -06:00
Nicolas Williams
8e04b6dce2
Address code review comments (use krb5_enomem())
2011-12-10 14:05:35 -06:00
Nicolas Williams
abd065be02
Add a test for krb5_kuserok()
2011-12-08 13:34:02 -06:00
Nicolas Williams
b9f8e6d956
Add DENY rule for krb5_kuserok() and update manpage
2011-12-08 13:34:02 -06:00
Nicolas Williams
8e63cff2cc
Document krb5_kuserok() configuration parameters
2011-12-08 13:34:01 -06:00
Nicolas Williams
ad7e54d698
Generalize token expansion to allow for context-specific tokens
2011-12-08 13:33:37 -06:00
Nicolas Williams
6aec02f979
Make krb5_kuserok() pluggable and add features (including MIT config compat)
2011-12-08 13:33:36 -06:00
Nicolas Williams
cfe7f6312a
Improve _krb5_plugin_run_f()
2011-12-08 13:33:36 -06:00
Love Hörnquist Åstrand
01884ebf2f
fix argument order
2011-12-03 13:24:15 -08:00
Love Hörnquist Åstrand
fdeb7b2318
fix sizeof
2011-12-03 13:02:28 -08:00
Nicolas Williams
89bae59b49
Fix error clobbering bug and code review comments
2011-12-02 01:04:22 -06:00
Nicolas Williams
da14596f0e
Add a test for aname2lname
2011-12-02 01:03:31 -06:00
Nicolas Williams
f468ed4759
Make krb5_aname_to_localname() use the libheimbase binary search functions
2011-12-02 01:03:08 -06:00
Nicolas Williams
aea02876e7
Initial aname2lname plugin patch based on code from Love
...
Included is a default plugin that searches a sorted text file where
every line is of the form:
<unparsed-principal>[<whitespace><username>]
If the username is missing in a matching line then an error is
returned. If a matching line is not found then the next plugin will
be allowed to run, if any.
2011-12-02 00:58:26 -06:00
Nicolas Williams
d0abcebf80
Make _krb5_plugin_run_f() use krb5_plugin_register()ed plugins too
2011-12-02 00:58:26 -06:00
Luke Howard
21173f98dc
add fast.c to dist sources
2011-11-29 12:52:32 +11:00
Luke Howard
c18d1a804e
add fast.c to Windows build
2011-11-29 12:51:07 +11:00
Nicolas Williams
c757eb7fb0
Rename and fix as/tgs-use-strongest-key config parameters
...
Different ticket session key enctype selection options should
distinguish between target principal type (krbtgt vs. not), not
between KDC request types.
2011-11-25 17:21:04 -06:00
Nicolas Williams
81293d9334
krb5_get_init_creds*() should not krb5_cc_close() the FAST ccache!
2011-11-22 17:04:35 -06:00
Nicolas Williams
ad60b236a0
Add missing symbols to export list
2011-11-22 17:04:03 -06:00
Love Hornquist Astrand
118f99e308
tell if keytab is missing principal
2011-11-22 11:00:51 -08:00
Love Hörnquist Åstrand
354ef711f3
restructure
2011-11-21 20:34:35 -08:00
Love Hörnquist Åstrand
1d7c483db2
use get and set
2011-11-21 20:34:35 -08:00
Stefan Metzmacher
7ecbac23f6
lib/krb5: add utf8 support to build_logon_name() for the PAC
...
Pair-Programmed-With: Arvid Requate <requate@univention.de >
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2011-11-16 19:42:45 -08:00
Nicolas Williams
349609ed20
Initial test of x-realm TGT w/ kvno 0 and key rollover
...
NOTE: The test runs and succeeds, but the client seems to be getting
a new x-realm TGT after we set the kvno to 0 or remove the
kvno from the tickets. This means we're not really testing
the TGS paths! So this test is not yet ready.
2011-11-15 21:53:34 -06:00
Nicolas Williams
40a7d4b62f
More fixes for -Werror (GCC 4.6 catches more stuff)
2011-11-02 23:20:55 -05:00
Nicolas Williams
3bebbe5323
Fixes to make Heimdal -Wall -Werror clean
...
These fixes make developer mode build, at least on Ubuntu.
2011-11-02 21:42:08 -05:00
Love Hörnquist Åstrand
9c830f5237
indent
2011-10-31 22:10:09 -07:00
Love Hörnquist Åstrand
877df213eb
make sure we don't use stack content, don't count on that unsigned value can be negative
2011-10-31 22:05:42 -07:00