oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,566 Commits 2 Branches 2 Tags
6b2ebfcf8a8a442c85a0ebdda0f65d1cc87ca3a3
Commit Graph

27566 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicolas Williams
1826106ff4 When asking for the strongest key, get it right 2013-07-27 17:29:54 -05:00
Nicolas Williams
1f147f0fa6 Check all three DES types 2013-07-27 16:51:01 -05:00
Nicolas Williams
f4f89ac8e0 Fix bug with use strongest session key feature 2013-07-27 03:21:12 -05:00
Love Hornquist Astrand
afa9db62ba match code, pointed out by Sergio Gelato <Sergio.Gelato@astro.su.se> 2013-07-26 10:35:49 +02:00
Love Hornquist Astrand
1a8038d8a6 don't free armor_ccache, since krb5_cc are not yet ref counted 2013-07-19 14:56:01 +02:00
Love Hornquist Astrand
3484432cc5 clean log between test, dump log on failure 2013-07-19 14:53:22 +02:00
Love Hornquist Astrand
ad824fcd6a remove bit that might make old perl fail 2013-07-19 14:40:37 +02:00
Love Hornquist Astrand
bf69625424 spelling 2013-07-19 00:26:28 +02:00
Love Hornquist Astrand
a21f1f384a We always say we support FAST/enc-pa-rep 2013-07-19 00:24:43 +02:00
Love Hornquist Astrand
39abb10aa9 move where we reset etypelist 2013-07-18 16:36:08 +02:00
Love Hornquist Astrand
581f834b4e include db6/db.h 2013-07-18 14:58:54 +02:00
Love Hornquist Astrand
787d9ceec9 check for db6/db.h 2013-07-18 14:58:54 +02:00
Love Hornquist Astrand
82d71b063b support db6 too, based on patch from Lars Wendler <wendler@fasihi.net> 2013-07-18 14:58:54 +02:00
Love Hornquist Astrand
644bbff26f better documentation 2013-07-18 14:58:54 +02:00
Love Hornquist Astrand
f8fb62ff1b remember to free auth_data 2013-07-18 14:58:54 +02:00
Nico Williams
ea1e3776fb heim_ipc is not available on Win32 yet 2013-07-16 21:06:34 -05:00
Nico Williams
1f78baf198 Make krb5-types.h define int64_t on Win32 2013-07-16 21:04:32 -05:00
Love Hornquist Astrand
f49339f31b make fast work with mit kerberos 2013-07-16 15:31:30 +02:00
Love Hornquist Astrand
ad74581850 add KRB5_PADATA_FX_FAST_ARMOR to the fast armor data 2013-07-16 15:17:25 +02:00
Love Hornquist Astrand
5be2888433 add auth_data bits 2013-07-16 15:14:57 +02:00
Love Hornquist Astrand
b4d1168557 add auth_data 2013-07-16 15:13:31 +02:00
Love Hornquist Astrand
bee5290cc3 add KERB-ARMOR-SERVICE-REPLY 2013-07-16 15:12:43 +02:00
Love Hornquist Astrand
28611511ec adopt _krb5_get_ad 2013-07-16 15:10:24 +02:00
Love Hornquist Astrand
4d799bdd26 support derive key and prf for des3 2013-07-16 15:00:19 +02:00
Love Hornquist Astrand
d41f005cc1 add _krb5_get_ad 2013-07-16 14:57:03 +02:00
Love Hornquist Astrand
a1168815ec use krb5_cc_get_lifetime 2013-07-16 14:42:24 +02:00
Love Hornquist Astrand
9f979d20d7 prefix json functions 2013-07-16 13:06:57 +02:00
Jeffrey Altman
72e6a0f383 fcache: correct build errors on Windows 
Windows does not have getuid().

Change-Id: Ib92785716b056a69e42c32ec122d8a5f6f12ffbe

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-07-16 12:44:36 +02:00
Love Hornquist Astrand
884b007938 Check owner too 2013-07-12 17:20:41 +02:00
Love Hornquist Astrand
f396f66523 add [libdefaults]fcache_strict_checking to gate the strict checking, defaults to on 2013-07-11 21:17:49 +02:00
Love Hornquist Astrand
2a565482f4 More strict fcache rules 
- use O_NOFOLLOW
- be more strict not to follow symlinks
- require cache files to be owned by the user
- have sane permissions (not group/other readable)
 2013-07-11 19:29:04 +02:00
Love Hornquist Astrand
efe81b12ef allow the non preauth case again 2013-07-11 15:56:04 +02:00
Love Hornquist Astrand
3ad1bf2dcc provide O_NOFOLLOW if there is non 2013-07-10 22:06:19 +02:00
Love Hornquist Astrand
44ddd05ec1 honor env when not issuid 2013-07-10 22:02:43 +02:00
Love Hornquist Astrand
403f599dbd better error reporting 2013-07-10 21:50:23 +02:00
Ben Kaduk
5dfaa0d10b Be friendly to krb5_generate_random_block consumers 
Allow them to disable the EGD/profile access and the use of a
random seed file.

These facilities are not tenable when running in the kernel.
 2013-07-03 23:17:38 -05:00
Love Hornquist Astrand
2107924b37 catch error from krb5_ functions 
Reported by http://www.forallsecure.com/bug-reports/2f227b78584144ab1f55549b36ea16ba2d1664e0/ via
Brian May <bam@debian.org>
 2013-06-28 08:46:26 +02:00
Love Hornquist Astrand
1cd578f6b4 catch error value from krb5_ functions and exit 
Reported at http://www.forallsecure.com/bug-reports/ab3ec8cc54656801f51daa47b6d5608ef9339eb9/
via Brian May <brian@microcomaustralia.com.au>
 2013-06-28 08:40:49 +02:00
Love Hornquist Astrand
786e790f2c mdoc uses the .Lk macro to mark up hyperlinks (from Igor Sobrado <sobrado@orion.ciencias.uniovi.es>) 2013-06-27 19:41:10 +02:00
Igor Sobrado
be204adf4c Add more documentation links to section 8 pages 
As kerberos(8) provides a brief outline of this network authentication
system I would suggest extending SEE ALSO to include a few section 8
commands.  I have excluded kadmind(8) and kpasswdd(8) as these servers
can be easily reachable from kadmin(8) and kpasswd(8) manual pages
respectively.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-06-27 09:33:08 +02:00
Jeffrey Altman
5f138a16ef libkrb5: Add missing KRB5_LIB_FUNCTION/KRB5_LIB_CALL 
KRB5_LIB_FUNCTION and KRB5_LIB_CALL are necessary even on private
functions that are exported.

Change-Id: Iccd0cfe87ff0a9d851e29890e9cb55b3ae517ce1
 2013-06-22 21:17:32 -04:00
Jeffrey Altman
dd47d25e5d libkrb5: No fchmod on Windows 
There is no fchmod() implementation on Windows.  For now prevent its
use on Windows with #ifndef _WIN32 but in the future set_default_cache()
should be updated to set ownership permissions for the cache file.

Change-Id: I57214dfecbd25d7b337a568fa5e522c0a22dbb76
 2013-06-22 21:17:29 -04:00
Jeffrey Altman
57d55d2b81 libkrb5: replace mkdir with rk_mkdir in dcache.c 
Now that libroken provides rk_mkdir(), use it.

Change-Id: Ibf208e45cc36b85198bcb266267bf4665f32ba2f
 2013-06-22 21:17:27 -04:00
Jeffrey Altman
8fa446d75c roken: Add rk_mkdir() 
The Windows version of mkdir() does not share the same signature
as the POSIX version.  Add rk_mkdir() with an POSIX compliant signature
to libroken.  The current implementation ignores the 'mode' parameter
on Windows but a future implementation could provide the required
functionality with native Win32 APIs.

Change-Id: I084d42e0f27932e9b8131d310dbf34849f5fe4b6
 2013-06-22 21:17:26 -04:00
Jeffrey Altman
de305a6f4c roken: Define S_IRWXU and friends on Windows 
POSIX mkdir (unlike the Windows version) takes a 'mode_t' parameter.
Provide definitions for the mode_t constants.

Change-Id: Ie57e746aa3e579e28f93064ab430f1128508cc84
 2013-06-22 21:17:24 -04:00
Jeffrey Altman
63735cc066 roken: include direct.h if HAVE_DIRECT_H 
the prototype for "mkdir() on Windows is provided by direct.h.

Change-Id: I15c1d8fcc6fe58ba763bae236e92cfac958c66d1
 2013-06-22 21:17:23 -04:00
Jeffrey Altman
bdfb19128d roken: build writev.c on Windows 
Change-Id: I3c3fb4abb7cd093355c26b4a18366fa2b5a3224c
 2013-06-22 21:17:22 -04:00
Jeffrey Altman
9547a2ca9e Avoid unused variable warning on Windows 
Windows has neither O_NONBLOCK nor FIOBIO and sockets aren't file
descriptors in any case.  Avoid warning that 'flags' is unused in
socket_set_nonblocking().

Change-Id: I431cfae3a88577e75b5230f645639b5a17832f5c
 2013-06-22 21:17:20 -04:00
Jeffrey Altman
b07058dbe1 Build new lib/krb5 sources on Windows 
db_plugin.c
   dcache.c
   plugin.c

Change-Id: Icb67253d8c1cb8a368c886010e7b4aedca61348c
 2013-06-22 21:17:19 -04:00
Jeffrey Altman
8fe301c692 Include krb5-private.h in gssapi/ntlm/crypto.c 
Instead of locally defining prototypes for private functions
_krb5_crc_update and _krb5_crc_init_table simply include
krb5-private.h.

Change-Id: Ia7931f8df2e68eb038d112797edfd456ffcdd23a
 2013-06-22 21:17:18 -04:00