Commit Graph

15097 Commits

Author SHA1 Message Date
Love Hornquist Astrand
9e4bc686d3 drop rcsid 2009-09-07 21:22:46 -07:00
Love Hornquist Astrand
9120d17eb0 Tell some what servers we tried to talk to 2009-09-07 20:55:05 -07:00
Love Hornquist Astrand
4c06438189 Add _krb5_krbhst_get_realm() to get what realm was used 2009-09-07 20:54:48 -07:00
Love Hornquist Astrand
878eb853df Add debug_dest member 2009-09-07 20:38:29 -07:00
Love Hornquist Astrand
6770fd45e1 Sprinkle _krb5_debug() for more info about what the framework is actually doing behind our back 2009-09-07 20:22:44 -07:00
Love Hornquist Astrand
5a3630ba00 Add _krb5_log() used for internal logging 2009-09-07 20:22:14 -07:00
Love Hornquist Astrand
c0333682c6 Add logging if its specfied by the configuration file 2009-09-07 20:21:38 -07:00
Love Hornquist Astrand
16b4ddcf14 document gss_release_cred 2009-09-06 12:18:14 -07:00
Love Hornquist Astrand
3c1deaa6c2 move krb5_compare_creds to doxygen 2009-09-06 11:46:03 -07:00
Love Hornquist Astrand
e2cbb2d350 document flags to krb5_compare_creds() 2009-09-06 11:45:25 -07:00
Love Hornquist Astrand
3b761fddc0 check the clients with current_version, and if client have newer, whine 2009-09-05 14:41:03 -07:00
Love Hornquist Astrand
03b6f9a09b Don't send diffs to dead slaves 2009-09-05 14:31:49 -07:00
Love Hornquist Astrand
df00111aaf Don't try to print NULL, solaris printf wont have it
Reported in [HEIMDAL-635] by John Center
2009-09-03 09:16:37 -07:00
Love Hornquist Astrand
4bcc97bd09 doxygen fix vget_time uses args 2009-09-01 12:44:23 -07:00
Love Hornquist Astrand
30f13f0d5b doxygen fix get_strings uses ... 2009-09-01 12:43:50 -07:00
Love Hornquist Astrand
9f9783464c Don't make krb5_ccache point into krb5_context allocated memory
Don't make a copy of the krb5_cc_ops into krb5_context and hand that
out to callers of the api, this way its possible to free a krb5_context
w/o invalidating all krb5_ccaches that was allocated using that krb5_context
(also, it saves memory)
2009-09-01 12:22:16 -07:00
Love Hornquist Astrand
20001366aa Better support for kinit -k when client have subset of enctypes compared to KDC
Get the list of enctypes and use that to calculate the list of client supported
enctypes when talking to the KDC, this to make sure that KDC doesn't send
pw-challanges to the client for enctypes that the client software support
but there is no entry in the keytab.
2009-08-30 13:25:38 -07:00
Love Hornquist Astrand
54e10a2a13 Provide better error messages for libkafs 2009-08-30 11:10:15 -07:00
Love Hornquist Astrand
a9cb60d7d5 more drop krb5_unparse_name.3 since its now in doxygen 2009-08-29 12:14:21 -07:00
Love Hornquist Astrand
80816d275e more doxygen 2009-08-29 12:13:41 -07:00
Love Hornquist Astrand
0d60a7d0ae implement gss-wrap-iov and friends 2009-08-29 09:04:53 -07:00
Love Hornquist Astrand
c81b66aa0c init gm_flags for dynamic modules 2009-08-29 08:53:16 -07:00
Love Hornquist Astrand
8f376895ae drop export symbol 2009-08-29 08:51:00 -07:00
Love Hornquist Astrand
dce2342816 drop krb5_ticket.3 2009-08-29 01:28:28 -07:00
Love Hornquist Astrand
940f050300 doxygen 2009-08-29 01:26:16 -07:00
Stefan Metzmacher
2f1a370cd3 hack for gss-wrap-iov to it work
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-28 13:31:12 -07:00
Love Hornquist Astrand
f030b4e59a free context 2009-08-27 18:30:29 -07:00
Love Hornquist Astrand
9a4e91b1de don't reset handle twice 2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
74538fc2af Plug memory leak in prf function 2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
6c3f3fafa3 Don't leak kerberos credentials when trying dns canon 2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
45cfe3f971 Fix server context client context order to match callee 2009-08-27 18:30:28 -07:00
Love Hornquist Astrand
1999c85670 Make mech glue layer aware of composite mechs that uses mech glue layer credentials
This make it possible to use krb5/ntlm credentials with SPNEGO.
Needs some more work to avoid double fetching credentials.
2009-08-27 12:12:44 -07:00
Love Hornquist Astrand
32ee735d73 drop RCSID 2009-08-26 23:15:35 -07:00
Love Hornquist Astrand
a2820df666 spelling 2009-08-26 22:53:38 -07:00
Love Hornquist Astrand
d18cdee577 don't reset EC 2009-08-26 22:52:26 -07:00
Love Hornquist Astrand
ebb2e72c61 make error message more unique 2009-08-26 22:43:25 -07:00
Love Hornquist Astrand
022e7d4319 Return unwrapped delegated credentials if the actual mech is not the called mech
Assumes that pseudo mechs are are of how mechglue credentails look like and
return credentials like that.

Pointed out on krbdev by Nicolas Williams
2009-08-26 22:32:50 -07:00
Love Hornquist Astrand
559103b218 if not trailer set, init EC to 0 2009-08-26 21:40:07 -07:00
Love Hornquist Astrand
ba4909eba5 Link libroken with libcrypt since roken uses crypt() in unix_verify_password
Found by Guillaume Rousse
2009-08-26 15:20:51 -07:00
Love Hornquist Astrand
13ba2956cc Check if COM_ERR_BINDDOMAIN_krb5 is defined, if it is, use bindtextdomain()
Older versions of compile_et doesn't support gettext/libintl support,
if they don't, there will be no such symbols and we can't load the
text domains for those symbols, so lets skip that.

Pointed out by Guillaume Rousse on heimdal-discuss
2009-08-26 09:02:25 -07:00
Love Hornquist Astrand
23aebd619b Only release keys if they are allocated 2009-08-25 23:54:58 -07:00
Stefan Metzmacher
03998aeccb gsskrb5: fix test_context. after gss_wrap_iov changes
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
40a6abd116 gsskrb5: make the check for dcestyle and conf_req_flag == 0 more explicit
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
560cb0c132 gsskrb5: fix ec and padding handling in _gssapi_unwrap_cfx_iov()
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
76f0fb9170 gsskrb5: fix ec and padding handling in _gssapi_wrap_cfx_iov()
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
f286dd5d64 gsskrb5: fix _gssapi_wrap_iov_length_cfx() - there's more than just krb5 overhead...
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
1a0423fd3d gsskrb5: make _gk_allocate_buffer() non static
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:38 -07:00
Stefan Metzmacher
60725fd2f5 gsskrb5: add _gk_verify_buffers()
metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-08-25 23:34:37 -07:00
Love Hornquist Astrand
a29c65b417 add krb5_free_unparsed_name for OpenSSH + gssapi patch, make it deprecated 2009-08-25 23:07:21 -07:00
Love Hornquist Astrand
1b07597123 drop EVP_cts support 2009-08-25 20:29:23 -07:00