kadm5_c_destroy did not use rk_closesocket when cleaning up
the context. This results in an exception on Windows since a
socket is not a file descriptor.
Change-Id: I9ebddad61f0199acb495a0773925df4f41e4fef2
In the previous implementation when .k5login or .k5login.d existed
and k5login_authoritative was false, no further plugins were tried.
Also when k5login_authoritative was true and .k5login did not match,
the directory was never tried.
mechanism credentials created by dynamically loaded mechanisms do not work
because the gm_mech_oid field is unset for such mechanisms (instead, only
gm_mech.gm_mech_oid is).
In order to support plugins for kadmin that use libkadm5srv, the
libkadm5clnt library has to be versioned to avoid hijacking all
of the function calls that should go to the server library. Omit
the _kadm5_ clients from the public interface, and version
everything else.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
The first enctype RFC3961 prf output length's bytes are correct because
the little- and big-endian representations of unsigned zero are the
same. The second block of output was wrong because the counter was not
being encoded as big-endian.
This change could break applications. But those applications would not
have been interoperating with other implementations anyways (in
particular: MIT's).
The use of the wrong value for the length of ":mkey=" was identified
by Brian May and reported via github:
https://github.com/heimdal/heimdal/issues/40
Change-Id: I0aed86a5bb0359b7a266369076fde5e62f23b5fe
Modify the signature of mp_find_prime() to permit the number of
Miller-Rabin rounds to be specified. In addition, valid responses
now include MP_NO, MP_YES, and MP_VAL which is returned when
mp_prime_is_prime() fails.
Change-Id: I0195129a4dd75875e6dddb6d49a5ceb30afb1a17
libtommath protects the inclusion of functions by wrapping their
declarations by CPP #ifdef tests and defining the matching macros
within libtommath_class.h.
Add missing macros:
BN_MP_FIND_PRIME_C
BN_MP_ISPRIME_C
Change-Id: Ic577300114f8e88d7a3af3d9f717a249d57f03b1
As pointed out by Steffen Jaeckel [https://github.com/sjaeckel],
within bn_mp_prime_next_prime() t <= PRIME_SIZE as per the check
at the top of the function. Remove the unnecessary comparison in
a for loop conditional.
Change-Id: I868bee1a7a019e0ab06bf2b81cc71cf66ca9acff
C++ does not permit struct names and typedef names to be the same.
Rename
struct krb5_name_canon_rule to struct krb5_name_canon_rule_data
and
struct krb5_name_canon_iterator to struct krb5_name_canon_iterator_data
Change-Id: I92766e0878bf0beef92de1649baf9e5cafbf86aa
Since the memory is allocated inside the Kerberos library, it
should be freed by code inside the same library. free, as
previously recommended, therefore doesn't seem appropriate.
Instead, recommend krb5_xfree, which exists for this purpose.
krb5_set_default_realm.3 man page update
Change-Id: I11d119edf03148cbdc654480c72ddffb540084ec
