Application developers have a tendency to use krb5_get_error_message()
as a drop in replacement for error_message() and under various
circumstances they pass in a NULL context. This method works fine
for MIT's implementation which ignores the context but in Heimdal
passing in a NULL context would dump core.
This patch set modifies krb5_get_error_message() in order to
permit the passing of a NULL context. First, if the context
is NULL, an attempt will be made to allocate one locally for
the purpose of evaluating the error code. Second, if a local
context cannot be allocated, fall back on calling error_message().
If error_message() fails to return a string, then generate an
"unknown error" response.
Only if all of the above fails is NULL returned.
Change-Id: If4baf7d6c428cf0baf11c044b8dfd5c2b3cdf7e4
Add _krb5_set_default_cc_name_to_registry() function and
call use it on Windows to set the user's default credential cache.
Change-Id: Ib59ff218a098a841bc61846abf873736380b5c6c
The new _krb5_store_string_to_reg_value() function permits
the caller to create REG_SZ, REG_EXPAND_SZ, REG_DWORD, and
REG_MULTI_SZ entries in the registry.
Change-Id: Ib5740ad07209618d8ea4c0bf3c75615f27e98b4e
commit 0ed83cebd3 removed the
weak enctypes from the default enctype list. This is a change
in behavior from 1.5.x which permitted the use of weak enctypes
if "allow_weak_crypto" is set to true. This patchset creates
two default enctype lists. One with weak enctypes and the other
without. The weak version is used if "allow_weak_crypto" is set
to true.
Change-Id: Ide5cce0645836249031350bfaf619d970635e579
Krb5 admin patches 2nd
This has all the patches needed for krb5_admind to build and pass most tests, that includes:
- more kadm5 API compatibility (including very basic profile functionality)
- multi-kvno support (useful for key rollovers) (a test for this is included in tests/db/check-kdc)
Unfinished:
- password history (currently uses key history, needs to be separated and use digests)
- policies (only default policy allowed)
- mit kdb changes not tested yet
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
Added to 11 out of 14 directories with map files. Not lib/ntlm,
lib/hcrypto and kdc which have the map file as an explicit dependency
to _OBBJECTS.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
Windows does not use a KVNO when it checks it's passwords, and MIT
doesn't check the KVNO when no acceptor identity is specified (looping
over all keys in the keytab).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
1. on errors, it appears to core dump, and
2. the sense of the return code is inverted from the
MIT implementation.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
Updates from Asanka to complete the Heimdal on Windows install package. Plugins in Software/Heimdal; customizable 32-bit tools directory in multi-platform installer; Feature Tree view; and updated version number.
The 'plugin_dir' value is Heimdal specific. So keep it in the
Software/Heimdal registry key. The Software/Kerberos registry key
will also be loaded and will contain generic Kerberos configuration.