Commit Graph

4878 Commits

Author SHA1 Message Date
Nicolas Williams
9f5a43084c Cleanups: s/ENOMEM/krb5_enomem(context)/ 2011-10-22 14:54:25 -05:00
Nicolas Williams
2f03603d6b Cleanups: s/krb5int_/_krb5_/ and moved priv stuff from krb5.h 2011-10-22 14:54:25 -05:00
Nicolas Williams
001fc24102 Removed vestiges of no-reverse-lookup/reverse-lookup option that was never implemented 2011-10-22 14:54:24 -05:00
Nicolas Williams
a5e77c578e Deferred hostname canon using name canon rules 2011-10-22 14:54:13 -05:00
Love Hornquist Astrand
b1012edee3 add
krb5_auth_con_getsendsubkey
2011-10-19 21:11:12 +02:00
Love Hornquist Astrand
1b88a3b6c7 Only does implicit matching for first component, reported by Harry Coin 2011-10-14 00:33:57 +02:00
Love Hornquist Astrand
8192b9ed35 remove refernces to kerberos 4 and kaserver 2011-10-12 12:40:59 +02:00
Jeffrey Altman
cbf126bede Permit NULL context to krb5_get_error_message()
Application developers have a tendency to use krb5_get_error_message()
as a drop in replacement for error_message() and under various
circumstances they pass in a NULL context.  This method works fine
for MIT's implementation which ignores the context but in Heimdal
passing in a NULL context would dump core.

This patch set modifies krb5_get_error_message() in order to
permit the passing of a NULL context.  First, if the context
is NULL, an attempt will be made to allocate one locally for
the purpose of evaluating the error code.  Second, if a local
context cannot be allocated, fall back on calling error_message().
If error_message() fails to return a string, then generate an
"unknown error" response.

Only if all of the above fails is NULL returned.

Change-Id: If4baf7d6c428cf0baf11c044b8dfd5c2b3cdf7e4
2011-09-27 14:26:26 -04:00
Love Hornquist Astrand
777b24fbb5 add krb5_is_enctype_weak 2011-09-26 08:47:37 +02:00
Jeffrey Altman
9a127beb26 Windows: set default ccache to registry
Add _krb5_set_default_cc_name_to_registry() function and
call use it on Windows to set the user's default credential cache.

Change-Id: Ib59ff218a098a841bc61846abf873736380b5c6c
2011-09-26 02:00:13 -04:00
Jeffrey Altman
132693df5a Add _krb5_store_string_to_reg_value() for Windows
The new _krb5_store_string_to_reg_value() function permits
the caller to create REG_SZ, REG_EXPAND_SZ, REG_DWORD, and
REG_MULTI_SZ entries in the registry.

Change-Id: Ib5740ad07209618d8ea4c0bf3c75615f27e98b4e
2011-09-26 01:58:29 -04:00
Jeffrey Altman
3854e64a4a include weak etypes in default etype list if allow_weak_crypto
commit 0ed83cebd3 removed the
weak enctypes from the default enctype list.  This is a change
in behavior from 1.5.x which permitted the use of weak enctypes
if "allow_weak_crypto" is set to true.  This patchset creates
two default enctype lists.  One with weak enctypes and the other
without.  The weak version is used if "allow_weak_crypto" is set
to true.

Change-Id: Ide5cce0645836249031350bfaf619d970635e579
2011-09-26 01:44:16 -04:00
Love Hornquist Astrand
d3f85af92c move deprecated function to deprecated.c 2011-09-25 19:03:11 +02:00
Love Hornquist Astrand
0b02f05a19 error_buf is gone 2011-09-25 17:49:06 +02:00
Love Hornquist Astrand
2daeea4feb handle error code from size_too_large more correct 2011-09-22 16:36:52 +02:00
Love Hornquist Astrand
f1a6f9a9fa remove warning, remove forward declaration by moving the function up, ident 2011-09-02 05:20:47 -07:00
Harald Barth
38df403d45 Move common code to krb5_unsupported_enctype() and make error message contain string instead of error number
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-09-02 05:15:47 -07:00
Love Hornquist Astrand
e5ce363778 list both des-cbc-crc and des-cbc-md5 entries 2011-08-31 09:13:37 -07:00
Love Hörnquist Åstrand
11ac82ecf2 no more krb4 2011-08-10 09:21:32 -07:00
Love Hörnquist Åstrand
4a43975270 drop unused KRB4 bits 2011-07-30 14:14:52 -07:00
Love Hörnquist Åstrand
0ed83cebd3 disable old deprecated enctypes 2011-07-30 12:11:08 -07:00
Love Hörnquist Åstrand
8060a561db switch to KRB5_ENCTYPE 2011-07-24 16:02:22 -07:00
Love Hörnquist Åstrand
8fccb51d49 Merge pull request #12 from nicowilliams/krb5_admin_patches_2nd
Krb5 admin patches 2nd

This has all the patches needed for krb5_admind to build and pass most tests, that includes:
- more kadm5 API compatibility (including very basic profile functionality)
- multi-kvno support (useful for key rollovers) (a test for this is included in tests/db/check-kdc)

Unfinished:
- password history (currently uses key history, needs to be separated and use digests)
- policies (only default policy allowed)
- mit kdb changes not tested yet


Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-07-24 15:41:36 -07:00
Love Hörnquist Åstrand
671e231d75 fix warning 2011-07-24 14:09:23 -07:00
Linus Nordberg
2e35198908 Add version-script.map to _DEPENDENCIES.
Added to 11 out of 14 directories with map files.  Not lib/ntlm,
lib/hcrypto and kdc which have the map file as an explicit dependency
to _OBBJECTS.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-07-24 14:07:59 -07:00
Love Hörnquist Åstrand
f60ec15834 partly unify enctype/keytype since there is only enctypes 2011-07-24 14:03:08 -07:00
Andrew Bartlett
84bc108d8f lib/krb5: Allow any kvno to match when searching the keytab.
Windows does not use a KVNO when it checks it's passwords, and MIT
doesn't check the KVNO when no acceptor identity is specified (looping
over all keys in the keytab).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-07-24 10:37:40 -07:00
Love Hörnquist Åstrand
4bff0fbb31 check for NULL as argument to krb5_{prepend,set}_error_message functions 2011-07-23 12:06:01 -07:00
Love Hörnquist Åstrand
fb8c65a8c2 better logging 2011-07-23 11:44:42 -07:00
Love Hörnquist Åstrand
12403a31ce sprinkle more windows files 2011-07-23 11:18:21 -07:00
Nicolas Williams
6e04b05e9d Initial support for kadm5_randkey_principal_3(), needed by krb5_admin.
NOT TESTED YET.
2011-07-22 16:04:52 -05:00
Jeffrey Altman
c13deafcce Synchronize Windows export list with Unix
Change-Id: Ic0ee3d1f4b49761fbd2676f4f9562f1bf906e382
2011-07-21 11:50:45 -04:00
Love Hörnquist Åstrand
f79183821f sprinkle doxygen and kode more like the rest of the code base 2011-07-19 21:29:19 -07:00
Roland C. Dowdeswell
77c8ef2c06 krb5_free_default_realm() from mit_glue.c needs to be exported to be useful.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-07-19 21:25:47 -07:00
Roland C. Dowdeswell
3ef06de67b Fix a couple of bugs in krb5_c_valid_enctype():
1.  on errors, it appears to core dump, and

      2.  the sense of the return code is inverted from the
          MIT implementation.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-07-19 21:25:15 -07:00
Love Hörnquist Åstrand
7aaba443bc add NTMakefile and windows directories 2011-07-17 12:16:59 -07:00
Love Hörnquist Åstrand
9bff431435 sizeof is used incorrectly in DES3_random_to_key()
from OpenBSD via Jonathan Gray <jsg@goblin.cx>
2011-07-13 23:16:06 -07:00
Jeffrey Altman
49cead6a58 Merge pull request #11 from asankah/master
Updates from Asanka to complete the Heimdal on Windows install package.  Plugins in Software/Heimdal; customizable 32-bit tools directory in multi-platform installer; Feature Tree view; and updated version number.
2011-06-20 13:26:52 -07:00
Love Hörnquist Åstrand
5a25df7851 set HEIMDAL_LOCALEDIR for librfc3961.la too 2011-06-19 11:02:27 -07:00
Asanka C. Herath
3048545de3 Windows: Use Software/Heimdal registry key for Heimdal specific configuration
The 'plugin_dir' value is Heimdal specific.  So keep it in the
Software/Heimdal registry key.  The Software/Kerberos registry key
will also be loaded and will contain generic Kerberos configuration.
2011-06-15 01:55:19 -04:00
Love Hörnquist Åstrand
7dccddc6fb count number of enctypes too 2011-06-14 21:44:23 -07:00
Love Hörnquist Åstrand
0f489b7b28 unexport krb5_init_etype, remove duplicate code 2011-06-14 21:08:52 -07:00
Nicolas Williams
016193ac6a Added manpage documentation for krb5_{as, tgs}_enctypes.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-06-14 20:35:19 -07:00
Nicolas Williams
2fbad6432b Initial support for default_{as, tgs}_etypes.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-06-14 20:35:19 -07:00
Nicolas Williams
256cf6ea12 This patch adds support for a use-strongest-server-key krb5.conf kdc parameter that controls how the KDC (AS and TGS) selects a long-term key from a service principal's HDB entry. If TRUE the KDC picks the strongest supported key from the service principal's current keyset. If FALSE the KDC picks the first supported key from the service principal's current keyset.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-06-14 20:35:19 -07:00
Nicolas Williams
481fe133b2 Also added preauth-use-strongest-session-key krb5.conf kdc parameter, similar to {as, tgs}-use-strongest-session-key. The latter two control ticket session key enctype selection in the AS and TGS cases, respectively, while the former controls PA-ETYPE-INFO2 enctype selection in the AS case.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-06-14 20:35:19 -07:00
Nicolas Williams
a7a8a7e95c Initial patch to add as-use-strongest-session-key and same for tgs krb5.conf parameters for the KDC. These control the session key enctype selection algorithm for the AS and TGS respectively: if TRUE then they prefer the strongest enctype supported by the client, the KDC and the target principal, else they prefer the first enctype fromt he client's list that is also supported by the KDC and the target principal.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-06-14 20:35:19 -07:00
Love Hornquist Astrand
8b1b47035d Switch to krb5_enomem 2011-05-22 20:43:31 -07:00
Love Hörnquist Åstrand
48a91b7fc5 change prefix ETYPE_ to KRB5_ENCTYPE_ and provide compat symbols 2011-05-22 14:06:40 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00