oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,691 Commits 2 Branches 2 Tags
8e65528f844c2b0eb14adc16bc828ad549d3bd26
Commit Graph

4869 Commits

Author SHA1 Message Date
Love Hornquist Astrand
8e65528f84 disable none 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
2e8b550e7b punt if caller passed us a crypto object, we didn't find a keyed checksum type 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
7c55029060 Add fast armor bits 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
16d16588d2 move back init_as_req when building packet 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
7bc5fe72fb more keyusage 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
91fce795af add more key usage for fast 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
c148c2b432 unused key 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
580ba6aa72 KU bits for fast 2011-07-24 20:24:34 -07:00
Love Hörnquist Åstrand
1879af9e43 Break out fast state, shuffle around state so that as-req is inited earlier 2011-07-24 20:24:34 -07:00
Love Hörnquist Åstrand
04128ac081 Use reply_key from fast layer. 2011-07-24 20:24:34 -07:00
Love Hörnquist Åstrand
fd7c870550 add reply reply_key 2011-07-24 20:24:34 -07:00
Love Hörnquist Åstrand
a5e342f8ba Add fast_state. 2011-07-24 20:24:34 -07:00
Love Hörnquist Åstrand
8060a561db switch to KRB5_ENCTYPE 2011-07-24 16:02:22 -07:00
Love Hörnquist Åstrand
8fccb51d49 Merge pull request #12 from nicowilliams/krb5_admin_patches_2nd 
Krb5 admin patches 2nd

This has all the patches needed for krb5_admind to build and pass most tests, that includes:
- more kadm5 API compatibility (including very basic profile functionality)
- multi-kvno support (useful for key rollovers) (a test for this is included in tests/db/check-kdc)

Unfinished:
- password history (currently uses key history, needs to be separated and use digests)
- policies (only default policy allowed)
- mit kdb changes not tested yet


Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 15:41:36 -07:00
Love Hörnquist Åstrand
671e231d75 fix warning 2011-07-24 14:09:23 -07:00
Linus Nordberg
2e35198908 Add version-script.map to _DEPENDENCIES. 
Added to 11 out of 14 directories with map files.  Not lib/ntlm,
lib/hcrypto and kdc which have the map file as an explicit dependency
to _OBBJECTS.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 14:07:59 -07:00
Love Hörnquist Åstrand
f60ec15834 partly unify enctype/keytype since there is only enctypes 2011-07-24 14:03:08 -07:00
Andrew Bartlett
84bc108d8f lib/krb5: Allow any kvno to match when searching the keytab. 
Windows does not use a KVNO when it checks it's passwords, and MIT
doesn't check the KVNO when no acceptor identity is specified (looping
over all keys in the keytab).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 10:37:40 -07:00
Love Hörnquist Åstrand
4bff0fbb31 check for NULL as argument to krb5_{prepend,set}_error_message functions 2011-07-23 12:06:01 -07:00
Love Hörnquist Åstrand
fb8c65a8c2 better logging 2011-07-23 11:44:42 -07:00
Love Hörnquist Åstrand
12403a31ce sprinkle more windows files 2011-07-23 11:18:21 -07:00
Nicolas Williams
6e04b05e9d Initial support for kadm5_randkey_principal_3(), needed by krb5_admin. 
NOT TESTED YET.
 2011-07-22 16:04:52 -05:00
Jeffrey Altman
c13deafcce Synchronize Windows export list with Unix 
Change-Id: Ic0ee3d1f4b49761fbd2676f4f9562f1bf906e382
 2011-07-21 11:50:45 -04:00
Love Hörnquist Åstrand
f79183821f sprinkle doxygen and kode more like the rest of the code base 2011-07-19 21:29:19 -07:00
Roland C. Dowdeswell
77c8ef2c06 krb5_free_default_realm() from mit_glue.c needs to be exported to be useful. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-19 21:25:47 -07:00
Roland C. Dowdeswell
3ef06de67b Fix a couple of bugs in krb5_c_valid_enctype(): 
1.  on errors, it appears to core dump, and

      2.  the sense of the return code is inverted from the
          MIT implementation.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-19 21:25:15 -07:00
Love Hörnquist Åstrand
7aaba443bc add NTMakefile and windows directories 2011-07-17 12:16:59 -07:00
Love Hörnquist Åstrand
9bff431435 sizeof is used incorrectly in DES3_random_to_key() 
from OpenBSD via Jonathan Gray <jsg@goblin.cx>
 2011-07-13 23:16:06 -07:00
Jeffrey Altman
49cead6a58 Merge pull request #11 from asankah/master 
Updates from Asanka to complete the Heimdal on Windows install package.  Plugins in Software/Heimdal; customizable 32-bit tools directory in multi-platform installer; Feature Tree view; and updated version number.
 2011-06-20 13:26:52 -07:00
Love Hörnquist Åstrand
5a25df7851 set HEIMDAL_LOCALEDIR for librfc3961.la too 2011-06-19 11:02:27 -07:00
Asanka C. Herath
3048545de3 Windows: Use Software/Heimdal registry key for Heimdal specific configuration 
The 'plugin_dir' value is Heimdal specific.  So keep it in the
Software/Heimdal registry key.  The Software/Kerberos registry key
will also be loaded and will contain generic Kerberos configuration.
 2011-06-15 01:55:19 -04:00
Love Hörnquist Åstrand
7dccddc6fb count number of enctypes too 2011-06-14 21:44:23 -07:00
Love Hörnquist Åstrand
0f489b7b28 unexport krb5_init_etype, remove duplicate code 2011-06-14 21:08:52 -07:00
Nicolas Williams
016193ac6a Added manpage documentation for krb5_{as, tgs}_enctypes. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
2fbad6432b Initial support for default_{as, tgs}_etypes. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
256cf6ea12 This patch adds support for a use-strongest-server-key krb5.conf kdc parameter that controls how the KDC (AS and TGS) selects a long-term key from a service principal's HDB entry. If TRUE the KDC picks the strongest supported key from the service principal's current keyset. If FALSE the KDC picks the first supported key from the service principal's current keyset. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
481fe133b2 Also added preauth-use-strongest-session-key krb5.conf kdc parameter, similar to {as, tgs}-use-strongest-session-key. The latter two control ticket session key enctype selection in the AS and TGS cases, respectively, while the former controls PA-ETYPE-INFO2 enctype selection in the AS case. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
a7a8a7e95c Initial patch to add as-use-strongest-session-key and same for tgs krb5.conf parameters for the KDC. These control the session key enctype selection algorithm for the AS and TGS respectively: if TRUE then they prefer the strongest enctype supported by the client, the KDC and the target principal, else they prefer the first enctype fromt he client's list that is also supported by the KDC and the target principal. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Love Hornquist Astrand
8b1b47035d Switch to krb5_enomem 2011-05-22 20:43:31 -07:00
Love Hörnquist Åstrand
48a91b7fc5 change prefix ETYPE_ to KRB5_ENCTYPE_ and provide compat symbols 2011-05-22 14:06:40 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
e4580fe4cc add glue for krb5_einval 2011-05-18 22:00:37 -07:00
Love Hornquist Astrand
c6c32a431f provide _krb5_einval and _krb5_debug_backtrace that will ease figuring out when it happens 2011-05-18 21:59:56 -07:00
Love Hornquist Astrand
492492e42a use new function krb5_einval instead of returning EINVAL directly 2011-05-18 21:59:23 -07:00
Jeffrey Altman
18b76b6236 fcache: prevent null pointer dereference 
Validate krb5_ccache and krb5_cc_cursor inputs
before use.  Avoid null pointer dereference which
can occur if an application fails to properly check
return codes.

Change-Id: I8023808936e60cc7b8e57a062106cfcdc51ee7d7
 2011-05-18 10:20:09 -04:00
Love Hornquist Astrand
305596d9ad Rename subsystem_DEPRECATED to subsystem_DEPRECATED_FUNCTION(X) 
Start to explain what the replacement function is.
Generate the #define/#undef logic in generated header files.
Use gcc style where the deprecation warning is after the prototype.
 2011-05-17 23:12:51 -07:00
Love Hornquist Astrand
9ed040da38 fix compile warning 2011-05-17 23:01:40 -07:00
Jeffrey Altman
13f63decb6 conditionally export kcm functions on windows 
Change-Id: I3d11595e690467afccc4f82f4eafee1cb2736757
 2011-05-17 13:40:58 -04:00
Jeffrey Altman
6850d6a65f avoid uninit variable and unreachable code warnings 
most of these warnings are not problems because of ample
use of abort() calls.  However, the large number of warnings
makes it difficult to identify real problems.  Initialize
the variables to shut up the compilers.

Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
 2011-05-17 12:02:16 -04:00
Jeffrey Altman
36dcd37cc7 use %p printf format spec for pointers 
do not cast to unsigned long since a 64-bit pointer
and 32-bit long will truncate the value.

Change-Id: Ibeda98171ccbab4b55950bb02c858773e1028cbf
 2011-05-17 12:02:15 -04:00