oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
25,514 Commits 2 Branches 2 Tags
4f11e546b52f850cf34fbfd2d34c3814834ea699
Commit Graph

25514 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Love Hornquist Astrand
fa5a1cb201 tomcrypt rsa 2010-05-22 13:19:48 -07:00
Love Hornquist Astrand
d631443133 Support both BE and LE MIT master key file formats 
Prompted by discussion on heimdal-discuss by Michael Wood, Russ Allbery,
and Henry B. Hotz.
 2010-05-22 13:16:52 -07:00
Love Hornquist Astrand
3c58379590 tomsfastmath version of rsa, keygen missing 2010-05-19 22:29:07 -07:00
Love Hornquist Astrand
0e97f54b54 man fixes 
Add two cross references, expansion of PAG, and expansion of the -c
argument to the OpenBSD tech list earlier.

From Lars Nooden
 2010-05-03 10:38:41 +02:00
Love Hornquist Astrand
fd107d08c4 use case compare for teletex string 2010-05-01 11:47:02 +02:00
Love Hornquist Astrand
af0f2717c2 test case compare 2010-05-01 11:45:40 +02:00
Love Hornquist Astrand
eec74bd2fe Wrap SOCK_CLOEXEC in ifdef, from Harald Barth 2010-04-30 15:15:58 +02:00
Simon Wilkinson
994e8641c0 hcrypto: Don't explicitly include system headers 
Don't explicitly include system headers in hash.h. These get pulled
in anyway through roken.h, and explicitly including them here makes
compiling hcrypto in the kernel much harder.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-04-29 16:43:48 +02:00
Love Hornquist Astrand
2a842e90d3 Drop MD2 support 
Patch partly from Guillaume Rousse
 2010-04-28 22:10:27 +02:00
Simon Wilkinson
887993e8b3 Add mutex protection for the fortuna PRNG 
The fortuna PRNG has an statically held internal state. Prevent
concurrent access to this internal state by adding mutexes around
all of the access classes.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-04-19 14:26:53 +02:00
Love Hornquist Astrand
dd34c02329 spelling, from Tollef Fog Heen via Brian May of Debian 2010-04-11 16:36:15 -07:00
Love Hornquist Astrand
b7c0365677 fix documentation 2010-04-08 15:36:27 -07:00
Love Hornquist Astrand
c29933e1f5 set reply_key to NULL 2010-04-07 23:01:46 -07:00
Love Hornquist Astrand
312f4f9bd6 GSS_C_NO_OID matches nothing, not even it-self, document function 2010-03-30 11:18:49 -07:00
Love Hornquist Astrand
aa371571f9 insert _FLAG into the name 2010-03-29 19:08:00 -07:00
Love Hornquist Astrand
cf35620ecf name flag 1 as KRB5_INIT_CREDS_STEP_CONTINUE 2010-03-29 18:55:41 -07:00
Love Hornquist Astrand
a76daa7e35 support WIND_PROFILE_LDAP_CASE 2010-03-29 01:13:30 -07:00
Andrew Bartlett
d9f4d53dda s4:heimdal Use correct variable to advance past -- options in kpasswd 
This bug was introduced when kpasswd was migrated to a local getarg()
call, in Heimdal commit 7dd146072c

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-27 01:20:52 -07:00
Love Hornquist Astrand
aaf310f99e constify 2010-03-23 20:20:51 -07:00
Love Hornquist Astrand
de6da2f212 add people 2010-03-21 22:09:54 -07:00
Love Hornquist Astrand
096902359f 1.3.2 2010-03-21 21:36:35 -07:00
Love Hornquist Astrand
4660ec8358 check for underruns 2010-03-21 21:05:21 -07:00
Love Hornquist Astrand
d02418be27 windows doesn't have /dev/random 2010-03-21 16:44:30 -07:00
Love Hornquist Astrand
08572822da use pathp for pathbased file names 2010-03-21 16:07:45 -07:00
Love Hornquist Astrand
408e3420d1 try hard to unset HOME and randfile 2010-03-21 16:06:34 -07:00
Love Hornquist Astrand
83e2a17c0f document more assumptions about hdb_rename 2010-03-21 14:56:57 -07:00
Love Hornquist Astrand
d837f736f8 Make locking work when doing rename, rename assume db in not ->hdb_open'ed. 2010-03-21 14:55:36 -07:00
Love Hornquist Astrand
c491b59007 pull out unix /dev/random if we cant get users home directory 2010-03-21 11:01:24 -07:00
Love Hornquist Astrand
76122d97c2 Test emptier environment 2010-03-21 10:59:26 -07:00
Love Hornquist Astrand
fc9aff2260 log the source too 2010-03-21 09:41:20 -07:00
Love Hornquist Astrand
3ac7d626c2 log failures 2010-03-21 09:37:42 -07:00
Love Hornquist Astrand
32d148b2f8 Check for dd_fd in DIR not struct dirent 
Pointed out by Ragnnar Sundblad in private mail
 2010-03-21 09:08:46 -07:00
Love Hornquist Astrand
fea82013eb Check for dd_fd in DIR not struct dirent 
Pointed out by Ragnnar Sundblad in private mail
 2010-03-21 08:58:33 -07:00
Love Hornquist Astrand
ad2de1222f spelling 2010-03-20 15:25:55 -07:00
Love Hornquist Astrand
cfb43997ae define YY_NULL 2010-03-20 14:44:16 -07:00
Love Hornquist Astrand
b0a79dcd40 Improve the dns retry logic 
Bug reported by Richard Silverman on heimdal-bugs
 2010-03-19 14:19:43 -07:00
Love Hornquist Astrand
d3efb7d043 don't bother supporting KRB5_AUTHDATA_SIGNTICKET_OLD 2010-03-19 13:58:45 -07:00
Love Hornquist Astrand
24e2001f51 support old SIGNTICKET too 2010-03-19 13:56:20 -07:00
Love Hornquist Astrand
3af54e67d9 Renumber signedticket to 512 since 142 was stolen. 2010-03-19 13:44:51 -07:00
Andrew Tridge
6bff49a89d memset the right length of the {i,o}pad data, memset opad not ipad in the opad case (typo) 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-18 10:59:51 -07:00
Love Hornquist Astrand
f26d6c2398 (krb5_set_default_in_tkt_etypes): filter out unwanted enctypes 
Needed for Samba that tries really hard to use DES encryption types.

Reported by Natanael Copa on heimdal-discuss
 2010-03-17 09:30:11 -07:00
Love Hornquist Astrand
523c393829 Better error message for decomp 2010-03-17 06:21:56 -07:00
Love Hornquist Astrand
a6f9dfc5ad drop krb4 2010-03-16 20:43:24 -07:00
Love Hornquist Astrand
433b1d5073 drop RCSID 2010-03-16 12:52:58 -07:00
Love Hornquist Astrand
dde9ae659b drop RCSID 2010-03-16 12:50:09 -07:00
Russ Allbery
97648fc257 Disable kpasswdd error replies to completely malformed requests 
Only send an error reply if the request passes basic verification.
Otherwise, kpasswdd would reply to every UDP packet, allowing an
attacker to set up a ping-pong DoS attack via a spoofed UDP packet with
a source address of another UDP service that also replies to every
packet.

Also suppress the error reply if ap_req_len is 0, since this indicates
an error packet.  An error packet may be the result of a ping-pong
attacker pointing us at another kpasswdd.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-16 11:50:22 -07:00
Russ Allbery
5230b2f8f5 Discard old keys in MIT dump files in hprop 
An MIT dump file may contain multiple key sets for one principal, with
different kvnos.  The Heimdal database can only represent a single
kvno, and previously the kvno was set to the last key found in the entry
and all keys were added to the entry.  Since kvnos are given from high
to low in the database dump, this would result in the principal getting
the kvno of the oldest key and all keys stored without regard for kvno.

Instead, ignore all keys with kvnos lower than the first kvno we see and
only store keys with a kvno matching it.  If we see a key with a kvno
higher than the first kvno we see, exit with an error since that case is
not currently handled (and should not happen in a typical MIT database
dump).

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-16 11:48:15 -07:00
Matthias Dieter Wallnöfer
69ea9b38e9 heimdal - fix overlapped identifiers in the "krb5" library 
heimdal - fix overlapped identifiers in the "krb5" library

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-16 10:05:35 -07:00
Love Hornquist Astrand
50990d61cf free always "ctx->password" when it isn't needed anymore 
Patch originally from Matthias Dieter Wallnöfer, changed by me to keep
clearing the password from memory.
 2010-03-16 10:04:20 -07:00
Love Hornquist Astrand
313a2243bb Allow users to specify their own configuration file ~/.krb5/config 
Idea from Rune L on heimdal-discuss
 2010-03-16 09:09:27 -07:00