oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,193 Commits 2 Branches 2 Tags
9e1d467534abf97a0409d9af6ac8ea89c0e9555d
Commit Graph

15141 Commits

Author SHA1 Message Date
Andrew Tridgell
9e1d467534 s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERY 
this e_data field in a kerberos error packet tells windows to do clock
skew recovery.

See [MS-KILE] 2.2.1 KERB-ERROR-DATA

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-30 11:26:31 -08:00
Matthieu Patou
8ce821c387 heimdal: make some private key manipulation function public 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-26 12:03:50 -08:00
Matthieu Patou
4c507594d3 heimdal: make hx509_cert_public_encrypt public 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-26 12:03:35 -08:00
Andrew Bartlett
995d305f8c lib/com_err only use error_message for the exported libcom_err 
This avoids using the same function name in compile_et internally

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-26 12:00:32 -08:00
Love Hornquist Astrand
4be5db6a32 define GSS_IOV_BUFFER_FLAG_ALLOCATE and friends 2011-01-18 16:49:03 +01:00
Love Hornquist Astrand
49ca1a40fa export hx509_find_private_alg 2011-01-12 17:49:12 +01:00
Matthieu Patou
d083ae19af export hx509_private_key_ops 
export hx509_private_key_ops

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-12 17:45:17 +01:00
Luke Howard
21c5987018 Rename GSS_IOV_BUFFER_TYPE_FLAG to GSS_IOV_BUFFER_FLAG 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-03 13:22:57 +01:00
Luke Howard
0b4f6bbfc2 Use RTLD_GROUP 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-03 13:21:47 +01:00
Love Hornquist Astrand
9427bcc22e log more version numbers 2011-01-03 12:12:18 +01:00
Jelmer Vernooij
1ad64fe599 hdb.h: Include krb5.h first, so hdb.h can be included standalone. 
This makes it a bit easier to find libhdb in e.g. configure tests and
is consistent with the main header files for the other Heimdal
libraries, none of which has any prerequisite other headers.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-03 11:51:09 +01:00
Love Hornquist Astrand
73769bf777 always define HEIM_SLIST 2010-12-12 11:47:45 -08:00
Love Hornquist Astrand
3c241aef9e don't undefined SLIST 2010-12-12 11:45:53 -08:00
Love Hornquist Astrand
7c7dd8e1af prefix SLIST with HEIM 2010-12-12 11:45:35 -08:00
Jeffrey Altman
7b1e954ad4 Reorder DES algs to work around MIT pre-1.8 GSS 
Pre-1.8 MIT GSS accept_sec_context() has a bug which treats
des-cbc-md4 as if the received token format should be CFX.
The previous DES alg ordering resulted in MIT KDCs issuing
des-cbc-md4 session keys for service tickets which triggered
this bug.  Reorder the list so md4 is not preferred.

Change-Id: I11269498a6eb8494044c618db29c43f62b0ced49
 2010-12-07 00:28:13 -05:00
Asanka C. Herath
b45dd13c44 Expand path tokens for krb5.moduli 2010-12-03 17:42:42 -05:00
Asanka C. Herath
e4d2d78a21 Condition roken's ssize_t definition for compatibility 
If SSIZE_T_DEFINED macro is defined, assume we already have ssize_t.
 2010-12-03 01:12:32 -05:00
Asanka C. Herath
e0e746b1ca Revert use of backslash as an escape for double quote in config strings 2010-12-03 01:12:31 -05:00
Asanka C. Herath
7ba01bda98 Deal with possibly non-const initializers 2010-12-02 01:18:03 -05:00
Asanka C. Herath
94aa4de1b9 Windows: Don't treat drive letters as keytab types 2010-12-02 01:18:03 -05:00
Asanka C. Herath
3e8172f9e3 Initialize allocated memory in any_resolve() 
Otherwise we might attempt to free an uninitialized pointer.
 2010-12-02 01:18:02 -05:00
Asanka C. Herath
361ae3b03d Windows: Annotate data GSSAPI exports 2010-12-02 01:18:01 -05:00
Asanka C. Herath
7b8f4a58d6 Windows: Build GSSAPI tests 2010-12-02 01:17:37 -05:00
Asanka C. Herath
acc27fd2bd Include <roken.h> before <gssapi.h> 2010-12-01 17:54:29 -05:00
Asanka C. Herath
83745ddc40 Return NUL terminated strings from _gss_mg_get_error() 2010-12-01 17:53:10 -05:00
Love Hornquist Astrand
42f9c644cf Also try key usage 8 for tgs-rep subkey 
If the is Windows 2000 DC, we need to retry with key usage 8 when doing ARCFOUR.

Thanks to Andrew and Tridge that helped me debug this using their systems.
 2010-11-29 11:19:24 -08:00
Asanka C. Herath
d4f1d0e900 Canonicalize the program name if necessary in setprogname() 2010-11-29 13:32:24 -05:00
Love Hornquist Astrand
2038d6f56e don't whine when principal is not found in cache, also, use krb5_cc function to make it not hit the network 2010-11-29 09:31:07 -08:00
Love Hornquist Astrand
987faedb80 add random abstraction 2010-11-29 09:31:07 -08:00
Love Hornquist Astrand
bad0e733c5 less exit with failures 2010-11-29 09:31:07 -08:00
Love Hornquist Astrand
a2b45360c2 add random_init 2010-11-29 09:31:07 -08:00
Asanka C. Herath
b755dc12f4 Windows: Fix hcrypto tests on cygwin 2010-11-29 10:53:50 -05:00
Asanka C. Herath
6d662f71d7 Windows: Fix export lists 2010-11-29 10:53:49 -05:00
Asanka C. Herath
e3559160b7 Include roken.h before gssapi.h 2010-11-29 10:41:47 -05:00
Asanka C. Herath
87801aca51 Windows: Build gsstool 2010-11-29 10:41:46 -05:00
Love Hornquist Astrand
edb2464ab9 NETLOGON mechanism, for use in DCE-RPC 2010-11-28 19:35:40 -08:00
Love Hornquist Astrand
0a10f35897 drop unused functions 2010-11-28 11:50:42 -08:00
Love Hornquist Astrand
6c6726d76c drop hdb_fetch 2010-11-28 11:46:46 -08:00
Love Hornquist Astrand
965836509b switch to hdb_fetch_kvno 2010-11-28 11:43:02 -08:00
Love Hornquist Astrand
917920e8cd implement fetch_kvno 2010-11-28 11:34:33 -08:00
Love Hornquist Astrand
38d0a72326 implement fetch_kvno 2010-11-28 11:33:24 -08:00
Love Hornquist Astrand
daa3d4753d implement fetch_kvno 2010-11-28 11:31:15 -08:00
Love Hornquist Astrand
ee8c2e45b4 use _hdb_fetch_kvno 2010-11-28 11:20:31 -08:00
Love Hornquist Astrand
c44315b6d9 add _hdb_fetch_kvno 2010-11-28 11:19:43 -08:00
Love Hornquist Astrand
617c51a150 kvno is krb5_kvno not unsigned 2010-11-28 11:19:22 -08:00
Love Hornquist Astrand
8ece8672ae kvno is krb5_kvno not unsigned 2010-11-28 11:19:15 -08:00
Love Hornquist Astrand
2ec1c3fbec use int32_t for krb5_kvno 2010-11-28 11:18:55 -08:00
Andrew Bartlett
f469fc6d49 heimdal Add support for extracting a particular KVNO from the database 
This should allow master key rollover.

(but the real reason is to allow multiple krbtgt accounts, as used by
Active Directory to implement RODC support)

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-28 09:52:54 -08:00
Andrew Bartlett
e189d712ce Don't dereference NULL in error verify_checksum error path 
Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-28 09:46:43 -08:00
Love Hornquist Astrand
e9f26f08f2 add more symbols 2010-11-27 19:27:19 -08:00