oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,908 Commits 2 Branches 2 Tags
7da9d7d75fe63506ea145dab919b73f245364323
Commit Graph

650 Commits

Author SHA1 Message Date
Nicolas Williams
1b03abb250 This should be the final fix for enctype 0 issues (tested) 
But how to build an MIT KDB with enctype 0 keys for testing in
    Heimdal?  Hmmm...
 2011-10-06 00:55:54 -05:00
Nicolas Williams
e15cabe10a Fix for enctype 0 / length 0 keys in MIT HDB backend was incomplete 2011-10-05 17:50:26 -05:00
Nicolas Williams
3d6f86af27 Fix segfault in hdb-mitdb when princ have salt 2011-10-02 23:08:37 -05:00
Love Hornquist Astrand
923f3a434f free krb5_storage when dne 2011-09-30 12:44:34 +02:00
Jeffrey Altman
15796ce63d Add missing export 
Patchset 0c893d3980 left
out the export of hdb_change_kvno for Windows.

Change-Id: Ie41a867054465994249a651725c72fcec333f19d
 2011-09-23 15:26:32 -04:00
Nicolas Williams
0c893d3980 Fixed booboos from kadm5 key history patch set 
Also: add support for ignoring null enctype / zero-length keys,
    which *can* be found in MIT DB entries created in pre-historic
    times.

    Also: make the mitdb HDB backend more elegant (e.g., use the ASN.1
    compiler's generated sequence/array utility functions.

    Also: add a utility function needed for kadm5 kvno change
    improvements and make kadmin's mod --kvno work correctly and
    naturally.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-09-22 15:13:13 +02:00
Luke Howard
775a452313 some Windows build fixes 2011-09-12 20:11:36 +10:00
Love Hörnquist Åstrand
c9e37efbe1 try get spelling right 2011-07-30 14:27:32 -07:00
Stefan Metzmacher
272d7511ca lib/hdb: add HDB_F_FOR_AS_REQ and HDB_F_FOR_TGS_REQ flags 
This will be used to indicate to the backend if a fetch is for
an AS REQ or TGS REQ. Samba needs to take some action in the
HDB_F_FOR_TGS_REQ case and always canonicalize the principal
names, even without HDB_F_CANON.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-30 11:56:46 -07:00
Love Hörnquist Åstrand
5fc3d6fffa spelling 2011-07-27 08:28:44 -07:00
Love Hörnquist Åstrand
5732d85e29 generate sequence for HDB-Ext-KeySet and Keys 2011-07-26 20:18:57 -07:00
Love Hörnquist Åstrand
8b7e31c301 plug memory leak 2011-07-26 20:15:33 -07:00
Love Hörnquist Åstrand
74ec640500 Only free ext on replace 2011-07-24 20:23:30 -07:00
Love Hörnquist Åstrand
2ae9bbb915 update (c) 2011-07-24 20:04:02 -07:00
Love Hörnquist Åstrand
1a6195153f start to use KRB5_ENCTYPE_ 2011-07-24 20:02:10 -07:00
Love Hörnquist Åstrand
f9afd37eed use add_HDB_Ext_KeySet and plug memory leak 2011-07-24 18:14:25 -07:00
Love Hörnquist Åstrand
e32186d9de expore more 2011-07-24 16:15:06 -07:00
Love Hörnquist Åstrand
8fccb51d49 Merge pull request #12 from nicowilliams/krb5_admin_patches_2nd 
Krb5 admin patches 2nd

This has all the patches needed for krb5_admind to build and pass most tests, that includes:
- more kadm5 API compatibility (including very basic profile functionality)
- multi-kvno support (useful for key rollovers) (a test for this is included in tests/db/check-kdc)

Unfinished:
- password history (currently uses key history, needs to be separated and use digests)
- policies (only default policy allowed)
- mit kdb changes not tested yet


Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 15:41:36 -07:00
Linus Nordberg
2e35198908 Add version-script.map to _DEPENDENCIES. 
Added to 11 out of 14 directories with map files.  Not lib/ntlm,
lib/hcrypto and kdc which have the map file as an explicit dependency
to _OBBJECTS.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 14:07:59 -07:00
Love Hörnquist Åstrand
f60ec15834 partly unify enctype/keytype since there is only enctypes 2011-07-24 14:03:08 -07:00
Nicolas Williams
95262936c7 s/assert/heim_assert/ and remove dead code 2011-07-24 11:07:27 -05:00
Love Hörnquist Åstrand
12403a31ce sprinkle more windows files 2011-07-23 11:18:21 -07:00
Nicolas Williams
1eb56edd86 Introduce Keys ::= SEQUENCE OF Key in hdb.asn1 so we can get convenience utils. 2011-07-22 16:07:08 -05:00
Nicolas Williams
689d4f4dd9 Another HDB_F_DECRYPT-isn't-critical fix. 2011-07-22 16:07:08 -05:00
Nicolas Williams
5335559845 Oops, HDB_F_DECRYPT isn't critical; making it so breaks tests. 2011-07-22 16:07:08 -05:00
Nicolas Williams
a246c394d2 Fix warnings. 2011-07-22 16:07:08 -05:00
Nicolas Williams
f2897efd09 Make the KDC path work. 2011-07-22 16:07:08 -05:00
Nicolas Williams
31974aa24c More s/int/size_t/ for iterators. Also fixed a stupid bug. 2011-07-22 16:07:06 -05:00
Nicolas Williams
cf1c898e95 Undo a s/size_t/int/. Iterators must be unsigned. 2011-07-22 16:07:05 -05:00
Nicolas Williams
0674e4b13a Ooops! Mind those tags when re-ordering ASN.1 SEQUENCEs! (hdb_keyset) 2011-07-22 16:07:05 -05:00
Nicolas Williams
53ea8ac59b Make changes to hdb_keyset type be backward-compatible. 2011-07-22 16:06:01 -05:00
Nicolas Williams
a280ed4d4c Forgot a file for the hdb_keyset backwards-compat extention. 2011-07-22 16:06:01 -05:00
Nicolas Williams
3794d8b37b Changed lib/hdb/Makefile.am to use --sequence=HDB-Ext-KeySet 2011-07-22 16:06:01 -05:00
Nicolas Williams
355ae357eb Moved set_time field of hdb_keyset to end and add extensibility marker. 2011-07-22 16:06:01 -05:00
Nicolas Williams
c2ec368c36 Add HDB extension for storing policy regarding what historic keys may be used for 2011-07-22 16:06:00 -05:00
Nicolas Williams
308e53a4a8 Initial support for filtering out "dead" historical keys. 2011-07-22 16:05:21 -05:00
Nicolas Williams
7e0a801e28 Changed decrypt key history logic and added HDB_F_ALL_KVNOS. 2011-07-22 16:05:21 -05:00
Nicolas Williams
a04721b737 Added basic policy support, w/ policy names listed in krb5.conf 2011-07-22 16:05:21 -05:00
Nicolas Williams
abd94953e2 Fixes to lock nesting code. 2011-07-22 16:04:52 -05:00
Nicolas Williams
58d72035f1 Added kadm5_lock() and unlock. 2011-07-22 16:04:52 -05:00
Nicolas Williams
109607a355 Fix uninitialized variable. 2011-07-22 16:04:52 -05:00
Nicolas Williams
6e04b05e9d Initial support for kadm5_randkey_principal_3(), needed by krb5_admin. 
NOT TESTED YET.
 2011-07-22 16:04:52 -05:00
Nicolas Williams
51e9da4a66 Fixed (preemptively) a double free and added password history based on key history. 2011-07-22 16:04:52 -05:00
Nicolas Williams
34189a23fe Added a flag to ensure that we don't mod/store hdb entries fetched with specified kvno. 2011-07-22 16:04:51 -05:00
Nicolas Williams
e7f385ad0d Initial patch to make the MIT KDB backend for HDB handle multiple kvnos. 2011-07-22 16:04:51 -05:00
Nicolas Williams
34bb7ae363 Fix double free. 2011-07-22 16:04:51 -05:00
Nicolas Williams
a095933ee0 We want the time that a keyset was set, not the time it was replaced. 2011-07-22 16:04:51 -05:00
Nicolas Williams
08650b573b Also encrypt the history when storing the entry. 2011-07-22 16:04:51 -05:00
Nicolas Williams
fca53990e4 Initial commit for second approach for multiple kvno. NOT TESTED! 2011-07-22 16:04:51 -05:00
Love Hörnquist Åstrand
7aaba443bc add NTMakefile and windows directories 2011-07-17 12:16:59 -07:00