Nicolas Williams
6dd66df594
Make master build on Windows
...
Add strtoll()/strtoull() to lib/roken
Add stdint.h to lib/roken (Windows only)
Add logic to detect whether to use lib/roken's stdint.h based on
Visual Studio version
Add include of stdint.h in generated ASN.1 code
Export missing symbols for 64-bit integers in lib/asn1
Export missing symbols for FAST
Add missing sources to kdc/NTMakefile
Fix issue in kuserok
Fix bsearch issues
2012-01-17 12:10:14 -06:00
Patrik Lundin
10bca3892d
Add missing "Debugging Kerberos problems" to menu.
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2012-01-15 21:56:37 +01:00
Nicolas Williams
11763aecc7
There's no HEIM_BOOL_TRUE; use heim_bool_create(1) instead
2012-01-13 16:18:50 -06:00
Roland C. Dowdeswell
74db6a120f
Change #elseif to #elif.
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2012-01-10 22:54:50 +01:00
Love Hornquist Astrand
0f9f9d3ab6
add strtoll.c
2012-01-10 22:54:16 +01:00
Love Hornquist Astrand
07a88f4b5a
use no-store
2012-01-10 22:54:16 +01:00
Love Hornquist Astrand
9b0bc022f1
support kgetcred
2012-01-10 22:54:16 +01:00
Love Hornquist Astrand
a372712fd0
test tgs-req too
2012-01-10 22:54:16 +01:00
Love Hornquist Astrand
0d7d3e4ab5
allow overriding default krb5_config_file
2012-01-10 22:54:16 +01:00
Andrew Bartlett
7a89f14aa5
Revert "make paranoia check less paranoid" - check that key types strictly match
...
This reverts commit c25af51232lha@h5l.org >
2012-01-10 22:54:16 +01:00
Andrew Bartlett
cdc04ce0ff
make hmac-md5 the keyed checksum type for arcfour-hmac-md5
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2012-01-10 22:54:16 +01:00
Andrew Bartlett
5ce504c1fb
use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3
...
This allows a strict link between checksum types and key types to be
enforced.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2012-01-10 22:54:16 +01:00
Jeffrey Altman
81db1ebce2
Correct d68aee90ed
...
in any case. Both EAI_NODATA and WSANO_DATA can exist at the
same time.
Change-Id: I4378d8d3a5471a472a9b32632b0c70a1d717b951
2012-01-10 10:19:27 -05:00
Jeffrey Altman
d68aee90ed
Windows: translate WSANO_DATA to HEIM_EAI_NODAT
...
Change-Id: I9116ab68b1f2ac4417577125df1efc5a1b42c89e
2012-01-08 17:10:01 -05:00
Nicolas Williams
7d7624f7f7
Fix CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd
...
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
http://security.freebsd.org/patches/SA-11:08/telnetd.patch
2011-12-28 17:50:30 -06:00
Russ Allbery
5ca056969a
Close memory leak in the client kadmin library
...
kadm5_c_destroy was not freeing the kadm5_client_context, just its
contents. Also free the context itself.
Signed-off-by: Nicolas Williams <nico@cryptonector.com >
2011-12-22 18:36:17 -06:00
Nicolas Williams
d769eced7b
Plugin symbols can't have '-' in them... Also add example to krb5-plugin.7
2011-12-22 17:44:47 -06:00
Russ Allbery
911c993757
Fix reauthentication after password change in init_creds_password
...
When retrying authentication after a password change of an expired
password, use the new password instead of the original one. Also,
pass in the correct length for the new password buffer to
change_password and zero the buffer that holds the new password on
function exit.
Signed-off-by: Russ Allbery <rra@stanford.edu >
Signed-off-by: Nicolas Williams <nico@cryptonector.com >
2011-12-22 14:53:08 -06:00
Russ Allbery
0f81a468a3
Link kdc-tester with libheimbase directly
...
It directly uses symbols provided by that library.
Signed-off-by: Nicolas Williams <nico@cryptonector.com >
2011-12-22 14:52:58 -06:00
Nicolas Williams
223af60018
Oops, forgot to actually add krb5-plugin.7
...
I use a shell alias that expands to git add -uv ..., and the -u
means new files don't get added :(
2011-12-22 14:42:05 -06:00
Nicolas Williams
25e623a957
Fix doxygen comment in krb5_aname_to_lname()
2011-12-22 11:17:42 -06:00
Nicolas Williams
672f6285ce
Add doxygen docs for some plugin structs
2011-12-22 11:17:21 -06:00
Nicolas Williams
8aa248370f
Make the build system make and install section 7 manpages
2011-12-21 15:43:56 -06:00
Nicolas Williams
06974f27cb
Add a krb5-plugin.7 manpage to document the plugin system
2011-12-21 13:59:37 -06:00
Love Hornquist Astrand
a66a23bb45
Apply old patch from me that handles client's behind NAT
...
Tested by Harald Barth and bugfix by Ragnar Sundblad
2011-12-15 22:00:00 -08:00
Love Hornquist Astrand
b6f3ca6712
add heim_show, sort lines
2011-12-15 21:51:06 -08:00
Love Hornquist Astrand
8e1b58e923
move function pointer to last argument
2011-12-15 21:48:33 -08:00
Love Hornquist Astrand
b780dddb9b
add show
2011-12-15 21:48:20 -08:00
Love Hornquist Astrand
d05e64b967
move function pointer to last argument
2011-12-15 21:48:09 -08:00
Love Hornquist Astrand
8deda7a299
add show, move function pointer to last argument
2011-12-15 21:47:56 -08:00
Love Hornquist Astrand
9cfc014a66
name KRB5_PLUGIN_KUSEROK "kuserok-plugin"
2011-12-15 21:46:43 -08:00
Nicolas Williams
dd05873d0c
Fix regression in ASN.1 int type generation
...
The 64-bit integer support changed the logic for deciding when an
INTEGER should map to a signed or unsigned 32- or 64-bit integer
type. The upshot is that two places where we had {0, INT_MAX}
ranges needed to be changed to be {0, UINT_MAX}.
We need to tweak the integer type mapping logic to have a bias for
unsigned integer types. Unsigned is better.
2011-12-15 14:37:09 -06:00
Nicolas Williams
4630ef1bdc
Fix kuserok.c:check_owner_file(), make tests/kdc/check-authz run
2011-12-14 18:01:35 -06:00
Love Hornquist Astrand
fb26e41d06
to utf8
2011-12-14 08:46:05 -08:00
Love Hornquist Astrand
477738a80d
try w/o FAST if the KDC doesnt seem to handle it
2011-12-14 08:46:05 -08:00
Love Hörnquist Åstrand
2be0f1a1a4
check that we don't use negative size for arrays
2011-12-13 21:52:05 -08:00
Love Hörnquist Åstrand
2a551314a6
don't use negative size
2011-12-13 21:51:48 -08:00
Nicolas Williams
a222521e68
64-bit build fixes for ASN.1 compiler 64-bit integer support
2011-12-13 13:03:57 -06:00
Love Hornquist Astrand
449fb4775e
check length of TESTuint64
2011-12-12 23:13:56 -08:00
Love Hornquist Astrand
80fd2959b9
check length of TESTuint64
2011-12-12 23:13:47 -08:00
Love Hornquist Astrand
9a4f8c3da7
add missing dependency
2011-12-12 23:11:21 -08:00
Love Hornquist Astrand
b91258ccdc
better naming
2011-12-12 22:49:25 -08:00
Love Hornquist Astrand
a11ca3cb1b
add rk_getpwnam_r
2011-12-12 21:55:06 -08:00
Love Hornquist Astrand
d453899462
split user and dir, use rk_getpwnam_r
2011-12-12 21:53:41 -08:00
Love Hornquist Astrand
167084b3e7
ident
2011-12-12 21:28:52 -08:00
Love Hornquist Astrand
54ce0a776c
re-encode as utf8
2011-12-12 21:26:52 -08:00
Nicolas Williams
19d378f44d
Add 64-bit integer support to ASN.1 compiler
...
ASN.1 INTEGERs will now compile to C int64_t or uint64_t, depending
on whether the constraint ranges include numbers that cannot be
represented in 32-bit ints and whether they include negative
numbers.
Template backend support included. check-template is now built with
--template, so we know we're testing it.
Tests included.
2011-12-12 20:01:20 -06:00
Andrew Bartlett
0e7437ba2e
HEIMDAL: Supply krb5_context to _krb5_internal_hmac to allow logging
...
Without this, log messages from any abort are not printed to
the samba logs.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2011-12-11 21:45:15 -08:00
Love Hornquist Astrand
c4d97ae93e
encode result code with right length, pointed out by Rangar Sundblad, thanks!
2011-12-11 18:22:29 -08:00
Love Hornquist Astrand
2eb0d6ec82
dont entrust sprintf to encode binary packets
2011-12-11 18:08:05 -08:00
