45b9139cc4
if we are using db1 or db3 (really 3,4,5), when we will need LIB_db_create, otherwise use LIB_NDBM
2011-06-19 11:20:48 -07:00
5a25df7851
set HEIMDAL_LOCALEDIR for librfc3961.la too
2011-06-19 11:02:27 -07:00
09b07e9ef4
fix ifdef
2011-06-19 10:58:50 -07:00
625d29fc3e
remove unused ifdef
2011-06-19 10:58:35 -07:00
749c112c31
only set IP_TOS on IPv4 sockets
2011-06-19 10:58:22 -07:00
e5eb401fcd
simplify checking and start to use __has_extension
2011-06-19 10:43:12 -07:00
4337582a64
add missing break, quiet clang analyzer
2011-06-19 10:28:51 -07:00
e54d07a9b6
kdc: check and regenerate the PAC in the s4u2proxy case
...
TODO: we need to add a S4U_DELEGATION_INFO to the PAC later.
metze
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-06-19 10:26:11 -07:00
9ab4070800
kdc: pass the correct principal name for the resulting service ticket
...
Depending on S4U2Proxy the principal name for the resulting
ticket is not the principal of the client ticket.
metze
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-06-19 10:26:11 -07:00
2c031ca78c
kdc: let check_PAC() to verify the incoming server and krbtgt cheksums
...
For a normal TGS-REQ they're both signed with krbtgt key.
But for S4U2Proxy requests which ask for contrained delegation,
the keys differ.
metze
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-06-19 10:26:11 -07:00
b8ddbe73c4
quite down clang analyzer warnings for the generate asn1 code
2011-06-14 22:29:49 -07:00
e9e4f99f01
add missing space in log message
2011-06-14 22:00:25 -07:00
63565137d3
don't set i = 0, its never read
2011-06-14 21:57:34 -07:00
7dccddc6fb
count number of enctypes too
2011-06-14 21:44:23 -07:00
0f489b7b28
unexport krb5_init_etype, remove duplicate code
2011-06-14 21:08:52 -07:00
f93a56f931
Set improved enctypes parameter defaults to better match the RFC.
...
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-06-14 20:35:19 -07:00
016193ac6a
Added manpage documentation for krb5_{as, tgs}_enctypes.
...
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-06-14 20:35:19 -07:00
2fbad6432b
Initial support for default_{as, tgs}_etypes.
...
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-06-14 20:35:19 -07:00
c06d5ebfda
Fixes to patches that add *use-strong* parameters.
...
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-06-14 20:35:19 -07:00
8ada355954
Forgot to default use_strongest_server_key...
...
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-06-14 20:35:19 -07:00
76a192b906
Forgot to default preauth_use_strongest_session_key...
...
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-06-14 20:35:19 -07:00
256cf6ea12
This patch adds support for a use-strongest-server-key krb5.conf kdc parameter that controls how the KDC (AS and TGS) selects a long-term key from a service principal's HDB entry. If TRUE the KDC picks the strongest supported key from the service principal's current keyset. If FALSE the KDC picks the first supported key from the service principal's current keyset.
...
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-06-14 20:35:19 -07:00
481fe133b2
Also added preauth-use-strongest-session-key krb5.conf kdc parameter, similar to {as, tgs}-use-strongest-session-key. The latter two control ticket session key enctype selection in the AS and TGS cases, respectively, while the former controls PA-ETYPE-INFO2 enctype selection in the AS case.
...
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-06-14 20:35:19 -07:00
a7a8a7e95c
Initial patch to add as-use-strongest-session-key and same for tgs krb5.conf parameters for the KDC. These control the session key enctype selection algorithm for the AS and TGS respectively: if TRUE then they prefer the strongest enctype supported by the client, the KDC and the target principal, else they prefer the first enctype fromt he client's list that is also supported by the KDC and the target principal.
...
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org >
2011-06-14 20:35:19 -07:00
ec35b8d4a2
add option to disable --disable-heimdal-documentation
2011-06-14 20:33:44 -07:00
4a6fa9a979
distribute version-script.map
2011-06-14 07:18:32 -07:00
277bec06e7
simplify error printing, context contains error
2011-06-14 07:11:43 -07:00
40a53bae5f
Don't build ppc any more, don't have a compiler for that any more
2011-06-13 21:23:23 -07:00
e72940c962
more frameworks for test_name
2011-06-13 21:19:10 -07:00
3c725a465e
Initialize zero before using it in unwrap_des().
...
Heimdal since fc702a97f5lha@h5l.org >
2011-06-13 21:18:07 -07:00
9c040227a5
1.5pre2
2011-06-13 20:29:47 -07:00
ade3d65e73
more limits
2011-05-22 20:57:30 -07:00
9d4addf9c1
fix preferences
2011-05-22 20:47:32 -07:00
8b1b47035d
Switch to krb5_enomem
2011-05-22 20:43:31 -07:00
5829bfe476
add LIB_heimbase
2011-05-22 17:28:24 -07:00
27f3d822cf
Maybe include <sys/types.h> and <sys/select.h>
2011-05-22 17:14:29 -07:00
b019c085bd
handle leaks excluded
2011-05-22 14:26:59 -07:00
48a91b7fc5
change prefix ETYPE_ to KRB5_ENCTYPE_ and provide compat symbols
2011-05-22 14:06:40 -07:00
3564726537
support NT_USER_NAME for real
2011-05-22 13:02:08 -07:00
9dc505a721
cred is no longer a name, handle that
2011-05-22 13:01:32 -07:00
12c3c12160
pass in client name
2011-05-22 13:01:00 -07:00
9a5019156c
remove debug and don't check targetname since it doesn't really matter
2011-05-21 13:27:57 -07:00
5564106268
use client-amel
2011-05-21 13:25:51 -07:00
26085dfbc0
allocate enough memory
2011-05-21 13:25:24 -07:00
58ffee93b7
allow GSS_C_NT_USER_NAME too
2011-05-21 13:07:22 -07:00
cb7cbbb906
add more people that have contributed
2011-05-21 12:23:47 -07:00
58ea513056
fix error message
2011-05-21 12:11:04 -07:00
0879b9831a
remove trailing whitespace
2011-05-21 11:57:31 -07:00
25e86d6f4d
check for execinfo.h and backtrace()
2011-05-21 11:55:21 -07:00
97df66c0a0
Put Nd argument after Nd macro.
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2011-05-21 11:54:27 -07:00
Love Hörnquist Åstrand