oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,310 Commits 2 Branches 2 Tags
5716b51c184b10600955f3a75dd1b396d06cdace
Commit Graph

5539 Commits

Author SHA1 Message Date
Love Hornquist Astrand
5be2888433 add auth_data bits 2013-07-16 15:14:57 +02:00
Love Hornquist Astrand
b4d1168557 add auth_data 2013-07-16 15:13:31 +02:00
Love Hornquist Astrand
28611511ec adopt _krb5_get_ad 2013-07-16 15:10:24 +02:00
Love Hornquist Astrand
4d799bdd26 support derive key and prf for des3 2013-07-16 15:00:19 +02:00
Love Hornquist Astrand
d41f005cc1 add _krb5_get_ad 2013-07-16 14:57:03 +02:00
Jeffrey Altman
72e6a0f383 fcache: correct build errors on Windows 
Windows does not have getuid().

Change-Id: Ib92785716b056a69e42c32ec122d8a5f6f12ffbe

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-07-16 12:44:36 +02:00
Love Hornquist Astrand
884b007938 Check owner too 2013-07-12 17:20:41 +02:00
Love Hornquist Astrand
f396f66523 add [libdefaults]fcache_strict_checking to gate the strict checking, defaults to on 2013-07-11 21:17:49 +02:00
Love Hornquist Astrand
2a565482f4 More strict fcache rules 
- use O_NOFOLLOW
- be more strict not to follow symlinks
- require cache files to be owned by the user
- have sane permissions (not group/other readable)
 2013-07-11 19:29:04 +02:00
Love Hornquist Astrand
44ddd05ec1 honor env when not issuid 2013-07-10 22:02:43 +02:00
Love Hornquist Astrand
403f599dbd better error reporting 2013-07-10 21:50:23 +02:00
Ben Kaduk
5dfaa0d10b Be friendly to krb5_generate_random_block consumers 
Allow them to disable the EGD/profile access and the use of a
random seed file.

These facilities are not tenable when running in the kernel.
 2013-07-03 23:17:38 -05:00
Love Hornquist Astrand
786e790f2c mdoc uses the .Lk macro to mark up hyperlinks (from Igor Sobrado <sobrado@orion.ciencias.uniovi.es>) 2013-06-27 19:41:10 +02:00
Igor Sobrado
be204adf4c Add more documentation links to section 8 pages 
As kerberos(8) provides a brief outline of this network authentication
system I would suggest extending SEE ALSO to include a few section 8
commands.  I have excluded kadmind(8) and kpasswdd(8) as these servers
can be easily reachable from kadmin(8) and kpasswd(8) manual pages
respectively.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-06-27 09:33:08 +02:00
Jeffrey Altman
5f138a16ef libkrb5: Add missing KRB5_LIB_FUNCTION/KRB5_LIB_CALL 
KRB5_LIB_FUNCTION and KRB5_LIB_CALL are necessary even on private
functions that are exported.

Change-Id: Iccd0cfe87ff0a9d851e29890e9cb55b3ae517ce1
 2013-06-22 21:17:32 -04:00
Jeffrey Altman
dd47d25e5d libkrb5: No fchmod on Windows 
There is no fchmod() implementation on Windows.  For now prevent its
use on Windows with #ifndef _WIN32 but in the future set_default_cache()
should be updated to set ownership permissions for the cache file.

Change-Id: I57214dfecbd25d7b337a568fa5e522c0a22dbb76
 2013-06-22 21:17:29 -04:00
Jeffrey Altman
57d55d2b81 libkrb5: replace mkdir with rk_mkdir in dcache.c 
Now that libroken provides rk_mkdir(), use it.

Change-Id: Ibf208e45cc36b85198bcb266267bf4665f32ba2f
 2013-06-22 21:17:27 -04:00
Jeffrey Altman
b07058dbe1 Build new lib/krb5 sources on Windows 
db_plugin.c
   dcache.c
   plugin.c

Change-Id: Icb67253d8c1cb8a368c886010e7b4aedca61348c
 2013-06-22 21:17:19 -04:00
Jeffrey Altman
eccbdac238 Remove unused variable 
Change-Id: Id0249ead009e0a544913460aec15a3abc5bc0f98
 2013-06-22 21:17:13 -04:00
Jeffrey Altman
423ef23e43 Windows: _krb5_store_string_to_reg_value REG_DWORD 
If the registry type is NONE and the string is all numeric or
if the type is DWORD, the string is converted to a DWORD and then
stored into the registry as a REG_DWORD using RegSetValueEx().
The input parameter should be a pointer to the DWORD variable not
its value.

Change-Id: I9ff12121c6c17eb5afb2ea89adf8bb9cc6aa3a89
 2013-06-22 21:17:12 -04:00
Nicolas Williams
f80cc553f8 Make build on Windows 2013-06-21 23:09:44 -05:00
Nicolas Williams
647fad8295 Remove name canon rules from krb5.conf.5 2013-06-09 23:42:37 -05:00
Love Hornquist Astrand
a3f21747aa move to new plugin system 2013-06-04 00:16:55 -07:00
Love Hornquist Astrand
060474df16 quel 64bit warnings, fixup implicit encoding for template, fix spelling 2013-06-03 21:46:20 -07:00
Viktor Dukhovni
2433496ea6 Simplify user_realm support by removing krb5_parse_name_flags_realm() 
and setting the realm as necessary in the caller.
 2013-05-16 23:15:00 -04:00
Viktor Dukhovni
203e2beedd The DIR ccache code and tests don't quite work yet. 2013-05-16 00:34:36 -04:00
Viktor Dukhovni
4ce879c938 Fix: double free 2013-05-16 00:34:24 -04:00
Viktor Dukhovni
4fcad71a3a Two new flags for krb5_parse_name_flags_realm(): 
- KRB5_PRINCIPAL_PARSE_IGNORE_REALM: MIT compatible

    - KRB5_PRINCIPAL_PARSE_NO_DEF_REALM: Don't default the realm

The first ignores the realm if present.

The second does not impute the default realm if no realm is given and
leaves the realm NULL.  This will be used in kinit to determine whether
the user provided a realm or not, and if not we may use the user_realm,
or find the realm via the keytab.
 2013-05-16 00:32:08 -04:00
Viktor Dukhovni
a2127d091d New krb5_parse_name_flags_realm supports explicit default realm. 
Set the realm argument to NULL to get the usual default realm.

The krb5_parse_name_flags() function is now a wrapper around
krb5_parse_name_flags_realm().
 2013-05-16 00:32:08 -04:00
Viktor Dukhovni
01fff2ca9c Allow krb5_principal_set_realm to set the realm to NULL. 2013-05-16 00:32:06 -04:00
Ben Kaduk
402e7ba08d Update URL for Kerberos FAQ 
Submitted by Trix Farrar <trix@basement.net> as FreeBSD PR 178417.
 2013-05-08 12:10:24 -04:00
Love Hornquist Astrand
ed6c3921e6 make krb5_cc_get_lifetime sane 2013-05-07 13:10:22 -07:00
Love Hornquist Astrand
55e5bfdfe0 add krb5_principal_is_root_krbtgt 2013-05-07 13:10:02 -07:00
Love Hornquist Astrand
71c2303eb8 make compile 2013-05-07 13:09:33 -07:00
Viktor Dukhovni
bf40b8cc63 Comment wordsmithing 2013-05-02 01:31:01 -04:00
Love Hornquist Astrand
dfaedb7847 plug a memory leak, don't use strcpy/strcat 2013-05-01 13:55:21 -07:00
Love Hornquist Astrand
c8cc2378f6 first go at dcc_get_cache_first 2013-04-30 11:01:12 -07:00
Love Hornquist Astrand
de61953108 handle creation of DIR caches 2013-04-29 22:54:11 -07:00
Love Hornquist Astrand
a7e86affd8 add basic DIR support for file caches 2013-04-29 12:30:21 -07:00
Love Hornquist Astrand
e8317b955f allow optional q in DH DomainParameters 2013-04-29 11:37:39 -07:00
Harald Barth
3f52037382 Better error messages when UTF8 conversion fails 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-26 00:05:53 -07:00
Love Hornquist Astrand
124ab6957c plug memory leak 2013-04-24 20:17:01 -07:00
Love Hornquist Astrand
6f03e4ba76 plug memory leaks 2013-04-24 17:55:55 -07:00
Love Hornquist Astrand
6850c9ac5d type casting to avoid printf warning 2013-04-24 16:45:24 -07:00
Viktor Dukhovni
435c02fa26 Compare pac timestamp to unix timestamp right when neither are set 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:28:26 -07:00
Viktor Dukhovni
9ca0a2b62f More consistent error checks in build_principal() 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:26:23 -07:00
Viktor Dukhovni
a825143e73 The k5login_directory parameter and SYSTEM-K5LOGIN[:directory] are supposed to be directories, not path templates with %{luser} substitution 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:25:59 -07:00
Viktor Dukhovni
5903031630 Don't SEGV on as-is rules without realm= 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:23:36 -07:00
Love Hörnquist Åstrand
9bde530ceb match function returns boolean true 2013-04-13 12:31:33 -07:00
Nicolas Williams
f490acc526 Winsock connect returns WSAEWOULDBLOCK... 
...instead of EINPROGRESS.  And we get to call WSAGetLasteError() too boot :(
 2013-03-18 23:15:29 -05:00