oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,092 Commits 2 Branches 2 Tags
5b2d65fa2bc4cee683531c4d23c25349f8cc7b19
Commit Graph

4983 Commits

Author SHA1 Message Date
Asanka Herath
154de6b3a3 krb5_kuserok() only does the local principal test on Windows 
Remove the other tests for now.  The file and directory access checks must be
made against the respective DACLs.
 2010-05-26 10:38:39 -04:00
Love Hornquist Astrand
aa371571f9 insert _FLAG into the name 2010-03-29 19:08:00 -07:00
Love Hornquist Astrand
cf35620ecf name flag 1 as KRB5_INIT_CREDS_STEP_CONTINUE 2010-03-29 18:55:41 -07:00
Love Hornquist Astrand
4660ec8358 check for underruns 2010-03-21 21:05:21 -07:00
Love Hornquist Astrand
f26d6c2398 (krb5_set_default_in_tkt_etypes): filter out unwanted enctypes 
Needed for Samba that tries really hard to use DES encryption types.

Reported by Natanael Copa on heimdal-discuss
 2010-03-17 09:30:11 -07:00
Matthias Dieter Wallnöfer
69ea9b38e9 heimdal - fix overlapped identifiers in the "krb5" library 
heimdal - fix overlapped identifiers in the "krb5" library

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-16 10:05:35 -07:00
Love Hornquist Astrand
50990d61cf free always "ctx->password" when it isn't needed anymore 
Patch originally from Matthias Dieter Wallnöfer, changed by me to keep
clearing the password from memory.
 2010-03-16 10:04:20 -07:00
Love Hornquist Astrand
313a2243bb Allow users to specify their own configuration file ~/.krb5/config 
Idea from Rune L on heimdal-discuss
 2010-03-16 09:09:27 -07:00
Love Hornquist Astrand
ae74dc7316 allow a cross realm ticket returned in the non referrals case 2010-03-07 01:02:02 -08:00
Love Hornquist Astrand
03262460dd use krb5_principal_is_krbtgt 2010-03-07 01:01:32 -08:00
Love Hornquist Astrand
71150bb1bc add krb5_principal_is_krbtgt 2010-03-07 01:00:48 -08:00
Love Hornquist Astrand
711ef346a0 move krb5_set_home_dir_access() group krb5 2010-02-10 18:26:46 -08:00
Love Hornquist Astrand
c9a0c39786 add check for [libdefaults_entries]allow_weak_crypto 2010-02-04 16:13:06 -08:00
Russ Allbery
8a57d5cb08 Add krb5_allow_weak_crypto API to enable weak enctypes 
Add krb5_allow_weak_crypto parallel to the API introduced in MIT
Kerberos 1.8.  Enables or disables all enctypes marked as weak.
Add a new enctype flag marking weak enctypes (all of the ones that
are disabled by default).

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-27 21:50:58 -08:00
Love Hornquist Astrand
deee0bbad9 put SOCK_CLOEXEC in the right argument, from Harald Barth 2010-01-25 23:01:09 -08:00
Russ Allbery
4038832098 Export krb5_principal_get_num_comp 
krb5_principal_get_num_comp was prototyped as a public function but
not exported from libkrb5.  Add it to the export version map.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-25 22:39:14 -08:00
Love Hornquist Astrand
1f4bb75eef Only free hx509ctx if its actually allocated 2010-01-12 17:47:54 -08:00
Love Hornquist Astrand
c24a7d2d80 fix const-ifyier on cc-ops 2010-01-08 13:07:27 +01:00
Love Hornquist Astrand
26770c90f3 move unused variable to inside #ifdef 2010-01-08 12:59:35 +01:00
Love Hornquist Astrand
f3ea26c759 remove unused variable 2010-01-08 12:58:20 +01:00
Love Hornquist Astrand
332f988737 make verify checksum ct 2010-01-01 13:09:22 +01:00
Love Hornquist Astrand
8d28c442d5 Merge branch 'master' into win32-port 2009-12-23 14:03:37 +01:00
Asanka Herath
68cfbb7e19 Add rk_cloexec_dir() to lib/roken 2009-12-22 14:03:39 -05:00
Guido Günther
33f3be4d52 Don't free the hx509ctx 
otherwise we crash if we fail to init certs (e.g. due to missing
smartcard).

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-12-22 18:49:39 +01:00
Asanka Herath
ff11a8ae43 Merge remote branch 'lha/master' into win32-port2 
* lha/master:
  Clean kadm5-pwcheck.h
  rename closesocket to rk_closesocket
  Log what principal was used in the failure case
 2009-12-22 11:05:03 -05:00
Love Hornquist Astrand
4182a61eba rename closesocket to rk_closesocket 2009-12-22 09:03:05 +01:00
Asanka Herath
7f5b105fd6 Fix exports 2009-12-21 18:06:05 -05:00
Asanka Herath
16faee892e Use correct socket glue and try to maintain constness 2009-12-21 18:05:39 -05:00
Asanka Herath
a0ae9f5a0e Merge remote branch 'h-github/master' into win32-port2 
* h-github/master: (64 commits)
  refix socket wrappers with rk_
  Patch from Secure Endpoints/Asanka Herath for windows support
  unset KRB5CCNAME
  its really just LIBADD more most of them
  correct quoting
  Use -lpthread for modern freebsd instead
  clean KRB5CCNAME and KRB5_CONFIG, require test to reset them
  more up ${env_setup}
  use PTHREADS_LIBADD for freebsd6 and newer
  add PTHREAD_LIBADD
  add PTHREAD_LIBADD
  add PTHREAD_LIBADD
  switch to PTHREADS_LIBADD
  log what the error string say too
  More debug logging
  sprinkle more 'echo "test failed"'
  sprinkle 'echo "test failed"'
  use calloc(), indent more prettier
  in sh, equal compare is really = for strings, not ==
  Check for duplicates, already loaded mechs
  ...

Conflicts (resolved):
	lib/krb5/auth_context.c
	lib/krb5/changepw.c
	lib/krb5/context.c
	lib/krb5/error_string.c
	lib/krb5/kuserok.c
	lib/krb5/libkrb5-exports.def.in
	lib/krb5/net_write.c
	lib/krb5/store_fd.c
	lib/krb5/test_cc.c
	lib/roken/strerror_r.c
 2009-12-21 13:44:00 -05:00
Love Hornquist Astrand
d1d0de730d refix socket wrappers with rk_ 2009-12-21 08:50:46 +01:00
Love Hornquist Astrand
687db64c56 Patch from Secure Endpoints/Asanka Herath for windows support 2009-12-21 08:45:28 +01:00
Love Hornquist Astrand
d9e7f5cd97 add PTHREAD_LIBADD 2009-12-17 09:25:30 +01:00
Love Hornquist Astrand
986aff5a86 (kcm_send_request): if heim_ipc_init_context, we have not kcm 2009-12-14 16:05:10 -08:00
Love Hornquist Astrand
8df64cb195 add krb5_auth_con_getremoteseqnumber 2009-12-13 13:33:41 -08:00
Love Hornquist Astrand
722a54f6ba add missing ; 2009-12-13 13:29:02 -08:00
Love Hornquist Astrand
fff9350227 less dup rk_ 2009-12-13 12:24:47 -08:00
Love Hornquist Astrand
0a4b702cf1 less dup rk_ 2009-12-13 12:22:33 -08:00
Love Hornquist Astrand
75aa4b44fa switch to rk_strerror_r 2009-12-13 11:42:12 -08:00
Love Hornquist Astrand
3f1ba393c5 bump -version-info 2009-12-11 03:14:15 +01:00
Ted Percival
bfcdeda3b4 Fix memory leak in fcc_move 
This usually occurs when re-initializing a file credential
cache over the top of an existing one.

This was meant to be fixed in commit 48cb3aa by calling
fcc_destroy(), but that only unlinks the "from" file
(which was already renamed or unlinked) but still doesn't
free the in-memory credentials. Using fcc_close() instead of
fcc_destroy() frees the leaked in-memory credentials.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-12-10 23:35:44 +01:00
Love Hornquist Astrand
d57236a520 add back krb5_version and krb5_long_version to libkrb5, hide them in libvers 
prompted by bug reported by Markus Moeller
 2009-12-07 21:16:43 -08:00
Andrew Tridgell
a92eef4668 s4-heimdal: fixed a use-after-free heimdal bug 
s4-heimdal: fixed a use-after-free heimdal bug

This caused samba4kinit to segfault on some systems

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-12-07 20:50:31 -08:00
Kamen Mazdrashki
778df10ddc krb5: Fix leaked hx509_context pointer 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-12-07 09:07:07 -08:00
Asanka Herath
f065ca176f (lib/krb5) Update exports list 2009-11-26 01:55:48 -05:00
Asanka Herath
393a597858 SOCK_INIT/SOCK_EXIT -> rk_SOCK_INIT/rk_SOCK_EXIT and net_write_s() -> net_write() 2009-11-26 01:42:57 -05:00
Asanka Herath
67c3295fcb KRB5_DEPRECATED should be prefixed to the declaration 2009-11-26 01:41:57 -05:00
Asanka Herath
72848585cd KRB5_DEPRECATED needs to be prefixed to the declaration on Windows 2009-11-25 12:43:16 -05:00
Asanka Herath
798d78e098 (lib/krb5/auth_context.c) Fix declaration 2009-11-25 12:43:15 -05:00
Love Hornquist Astrand
86f4c66efd Merge branch 'master' into wip/win32-port2 2009-11-25 05:41:14 -08:00
Gabor Gombas
b6fe5a95d3 kdc and kinit wanted to use some symbols that were not exported by 
libkrb5/libkdc

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2009-11-25 05:18:49 -08:00