Commit Graph

695 Commits

Author SHA1 Message Date
Nicolas Williams
b5137810fb Various bug fixes in hdb-mitdb.c.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-04-04 22:44:58 -07:00
Nicolas Williams
941eba430b Fixed a bug by s/u16/SEEK_CURR/; the bug prevented this mitdb backend from parsing MIT KDB entries with multiple kvnos in non-increasing order.
Fixed a double-free bug that was triggered by MIT KDB entries with
multiple kvnos in non-increasing order.

Added lots of comments regarding the MIT KDB entry format.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-04-04 22:44:57 -07:00
Luke Howard
987658325e correctly decode MIT KDB flags
Patch from Nico Williams <nico@cryptonector.com>
2011-03-23 11:26:50 +11:00
Jelmer Vernooij
1ad64fe599 hdb.h: Include krb5.h first, so hdb.h can be included standalone.
This makes it a bit easier to find libhdb in e.g. configure tests and
is consistent with the main header files for the other Heimdal
libraries, none of which has any prerequisite other headers.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-01-03 11:51:09 +01:00
Love Hornquist Astrand
0a10f35897 drop unused functions 2010-11-28 11:50:42 -08:00
Love Hornquist Astrand
6c6726d76c drop hdb_fetch 2010-11-28 11:46:46 -08:00
Love Hornquist Astrand
917920e8cd implement fetch_kvno 2010-11-28 11:34:33 -08:00
Love Hornquist Astrand
38d0a72326 implement fetch_kvno 2010-11-28 11:33:24 -08:00
Love Hornquist Astrand
daa3d4753d implement fetch_kvno 2010-11-28 11:31:15 -08:00
Love Hornquist Astrand
ee8c2e45b4 use _hdb_fetch_kvno 2010-11-28 11:20:31 -08:00
Love Hornquist Astrand
c44315b6d9 add _hdb_fetch_kvno 2010-11-28 11:19:43 -08:00
Love Hornquist Astrand
617c51a150 kvno is krb5_kvno not unsigned 2010-11-28 11:19:22 -08:00
Love Hornquist Astrand
8ece8672ae kvno is krb5_kvno not unsigned 2010-11-28 11:19:15 -08:00
Andrew Bartlett
f469fc6d49 heimdal Add support for extracting a particular KVNO from the database
This should allow master key rollover.

(but the real reason is to allow multiple krbtgt accounts, as used by
Active Directory to implement RODC support)

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-11-28 09:52:54 -08:00
Love Hornquist Astrand
1be05e6568 support KRB5_KDB_SALTTYPE_CERTHASH 2010-11-27 13:27:35 -08:00
Love Hornquist Astrand
0690211131 use public version of krb5_enomem 2010-11-25 10:48:33 -08:00
Love Hornquist Astrand
3b1b7e41b0 use krb5_set_error_message and krb5_enomem 2010-11-24 14:36:35 -08:00
Asanka C. Herath
6bf16f5250 Windows: Use --one-code-file when building ASN1 2010-11-24 15:33:27 -05:00
Asanka C. Herath
2f8031c1d1 Cast dlsym() returns before use 2010-11-24 15:33:10 -05:00
Asanka C. Herath
42cf8947aa Windows: Avoid importing locally defined ASN1 symbols 2010-11-24 15:33:09 -05:00
Asanka C. Herath
f40fe926ad Windows: Comprehensive clean target 2010-11-24 15:32:13 -05:00
Love Hornquist Astrand
37fcf33d7c document hdb_entry_ex 2010-11-18 23:40:09 -08:00
Love Hornquist Astrand
c71d2bf0d3 spelling, From Kaiting Chen <kaitocracy@gmail.com> 2010-11-18 23:25:18 -08:00
Joerg Pulz
4154bb82ce Add libintl for i18n support
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-10-18 08:27:33 -07:00
Love Hornquist Astrand
f225af82c1 if db_create() returns non zero, fail 2010-10-06 21:37:50 -07:00
Andrew Bartlett
c434086ba0 Add error code to use when a secret is not in this database
This will happen on an RODC, which has the entry, but not the full
secret.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-10-02 11:52:28 -07:00
Andrew Bartlett
0e128912af s4:heimdal Add hooks to check with the DB before we allow s4u2self
This allows us to resolve multiple forms of a name, allowing for
example machine$@REALM to get an S4U2Self ticket for
host/machine@REALM.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-09-26 15:11:05 -07:00
Karolin Seeger
260e19ac09 s4-heimdal: Fix typo in comment.
Karolin

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-09-26 15:06:58 -07:00
Asanka Herath
77c91f86a0 Windows: Remove test_hdbkeys from test-run
test_hdbkeys is not a standalone test app.
2010-09-14 08:03:39 -04:00
Asanka Herath
fbbfbdda32 Windows: Fix exports for libhdb 2010-09-14 08:03:39 -04:00
Eray Aslan
a1c14b2319 Add --with-berkeley-db-include option
Adds --with-berkeley-db-include=dir option to configure to use berkeley
db headers in dir.  Default is to let configure check.  Also adds
support for checking for and using db5/db.h

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-09-05 18:41:30 -07:00
Asanka Herath
5dcc605f6b Fix calling conventions for Windows 2010-08-20 13:14:10 -04:00
Asanka Herath
ba44354336 Windows: Check exported symbols
During a test run, cross check the Windows exports list against the
version-script files.  For the test to pass, all symbols on either
list should be accounted for.

If there are symbols that are specific to Windows or symbols that are
not included on Windows, they should be annotated in the .def file as
follows:

    ;!  non_windows_symbol

    	common_symbol

        windows_only_symbol ;!
2010-08-20 13:06:55 -04:00
Asanka Herath
cdcdc5cad5 Windows: Version information for binaries 2010-08-20 13:06:54 -04:00
Asanka Herath
d83611238a Windows: Build a single heimdal.dll
Heimdal.dll is a combination of libasn1, libwind, libhcrypto, libhx509
and libkrb5.
2010-08-20 13:06:54 -04:00
Asanka Herath
ea4d8dbfdb Windows: Use EXEPREP and DLLPREP macros for processing binaries
Once DLLs and EXEs are built, they need to have their manifests
processed and signed.  These steps are encapsulated in the EXEPREP and
DLLPREP Makefile macros.  Use them instead of invoking each processing
macro individually.
2010-08-20 13:04:06 -04:00
Asanka Herath
ab56333fd7 Variable initialization in hdb_sqlite_store()
If the call to krb5_unparse_name() fails, we might try to free an
uninitialized pointer.
2010-08-20 13:03:36 -04:00
Asanka Herath
e9160dbcfa Support parallelized builds on Windows 2010-08-20 13:03:32 -04:00
Cédric Schieli
901d655ba7 Make sure existing entries can be found by userid
A typo in LDAP__lookup_princ makes using existing LDAP entries broken,
a new entry is always created even if an entry with proper uid and
structural objectclass can be found.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-08-08 08:23:12 -07:00
Love Hornquist Astrand
fae86f1123 disable write support for ndbm 2010-07-22 20:46:53 -07:00
Love Hornquist Astrand
5bac96d338 add NO_WRITE_SUPPORT 2010-07-21 08:29:16 -07:00
Love Hornquist Astrand
05e836e7c6 add data-mkey.mit.des3.be and data-mkey.mit.des3.le 2010-05-26 14:37:26 -05:00
Love Hornquist Astrand
d631443133 Support both BE and LE MIT master key file formats
Prompted by discussion on heimdal-discuss by Michael Wood, Russ Allbery,
and Henry B. Hotz.
2010-05-22 13:16:52 -07:00
Love Hornquist Astrand
dd34c02329 spelling, from Tollef Fog Heen via Brian May of Debian 2010-04-11 16:36:15 -07:00
Love Hornquist Astrand
83e2a17c0f document more assumptions about hdb_rename 2010-03-21 14:56:57 -07:00
Love Hornquist Astrand
d837f736f8 Make locking work when doing rename, rename assume db in not ->hdb_open'ed. 2010-03-21 14:55:36 -07:00
Love Hornquist Astrand
48504c5771 [Heimdal-704] export encode_Key/length_Key, from Jan Rekorajski 2010-01-04 13:14:11 +01:00
Love Hornquist Astrand
6a7810d12f Export initialize_hdb_error_table_r and free_Salt, requested by Jelmer Vernooij in Debian bug #56275 2010-01-02 17:53:57 +01:00
Asanka Herath
a0ae9f5a0e Merge remote branch 'h-github/master' into win32-port2
* h-github/master: (64 commits)
  refix socket wrappers with rk_
  Patch from Secure Endpoints/Asanka Herath for windows support
  unset KRB5CCNAME
  its really just LIBADD more most of them
  correct quoting
  Use -lpthread for modern freebsd instead
  clean KRB5CCNAME and KRB5_CONFIG, require test to reset them
  more up ${env_setup}
  use PTHREADS_LIBADD for freebsd6 and newer
  add PTHREAD_LIBADD
  add PTHREAD_LIBADD
  add PTHREAD_LIBADD
  switch to PTHREADS_LIBADD
  log what the error string say too
  More debug logging
  sprinkle more 'echo "test failed"'
  sprinkle 'echo "test failed"'
  use calloc(), indent more prettier
  in sh, equal compare is really = for strings, not ==
  Check for duplicates, already loaded mechs
  ...

Conflicts (resolved):
	lib/krb5/auth_context.c
	lib/krb5/changepw.c
	lib/krb5/context.c
	lib/krb5/error_string.c
	lib/krb5/kuserok.c
	lib/krb5/libkrb5-exports.def.in
	lib/krb5/net_write.c
	lib/krb5/store_fd.c
	lib/krb5/test_cc.c
	lib/roken/strerror_r.c
2009-12-21 13:44:00 -05:00
Love Hornquist Astrand
c867fd3e2e Make libtool pull in the depenency on libldap
Put in explicy depenency on libdap so that libtool
might to the right thing for us.

Patch from Jan Rekorajski
2009-12-08 00:15:10 -08:00