Andrew Bartlett 
							
						 
					 
					
						
						
							
						
						a42b77fb22 
					 
					
						
						
							
							heimdal Add handling for PAC signatures over all encryption types  
						
						... 
						
						
						
						There are exceptions from the expected behaviour of 'checksum type
matches key type' that we must deal with here, or else we can't serve
DES-only servers.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2010-11-06 19:56:48 +01:00 
						 
				 
			
				
					
						
							
							
								Simon Wilkinson 
							
						 
					 
					
						
						
							
						
						1d9072f026 
					 
					
						
						
							
							krb5: reorganise crypto.c  
						
						... 
						
						
						
						lib/krb5/crypto.c was a large, monolithic block of code which made
it very difficult to selectively enable and disable particular
alogrithms.
Reorganise crypto.c into individual files for each encryption and
salt time, and place the structures which tie everything together
into their own file (crypto-algs.c)
Add a non-installed library (librfc3961) and test program
(test_rfc3961) which builds a minimal rfc3961 crypto library, and
checks that it is usable. 
						
						
					 
					
						2010-11-03 11:12:24 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						6184422fef 
					 
					
						
						
							
							compare the value of the client realm now that it might not be the same pointer  
						
						... 
						
						
						
						fixes the check-delegate test that the new direct hop patch broke 
						
						
					 
					
						2010-11-01 13:46:56 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						a16f7ea0ab 
					 
					
						
						
							
							add missing  
						
						... 
						
						
						
						prototype 
						
						
					 
					
						2010-10-31 01:09:24 -07:00 
						 
				 
			
				
					
						
							
							
								Asanka C. Herath 
							
						 
					 
					
						
						
							
						
						a73d30e619 
					 
					
						
						
							
							get_cred_kdc_capath() always try direct cross-realm first  
						
						
						
						
					 
					
						2010-10-31 01:04:27 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						6f9a423c0a 
					 
					
						
						
							
							add libheimbase.la  
						
						
						
						
					 
					
						2010-10-30 13:59:19 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						e0a1e0a806 
					 
					
						
						
							
							simplify  
						
						
						
						
					 
					
						2010-10-27 20:48:55 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						edc1c3e2a1 
					 
					
						
						
							
							add heimbase.h  
						
						
						
						
					 
					
						2010-10-27 20:43:15 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						7259b7deff 
					 
					
						
						
							
							new way to run plugins that have less overhead (code and performance vice)  
						
						
						
						
					 
					
						2010-10-27 20:42:35 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						ba8fe4b799 
					 
					
						
						
							
							load plugin once  
						
						
						
						
					 
					
						2010-10-27 20:42:01 -07:00 
						 
				 
			
				
					
						
							
							
								Jan Rękorajski 
							
						 
					 
					
						
						
							
						
						99f690fd19 
					 
					
						
						
							
							krb5_cc_last_change_time is missing  
						
						
						
						
					 
					
						2010-10-18 16:07:59 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						0a608964a4 
					 
					
						
						
							
							only set error code in case of failure, add comment  
						
						
						
						
					 
					
						2010-10-02 12:13:19 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						0789271ebb 
					 
					
						
						
							
							indent, return error code  
						
						
						
						
					 
					
						2010-10-02 11:59:53 -07:00 
						 
				 
			
				
					
						
							
							
								Andrew Bartlett 
							
						 
					 
					
						
						
							
						
						7ea9ccf737 
					 
					
						
						
							
							heimdal: added verbose logging of hemimdal crypto errors  
						
						... 
						
						
						
						Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2010-10-02 11:56:26 -07:00 
						 
				 
			
				
					
						
							
							
								Buck Huppmann 
							
						 
					 
					
						
						
							
						
						799956e9b7 
					 
					
						
						
							
							Check if we should enable weak crypto before parsing enctypes list  
						
						... 
						
						
						
						This since the enctypes lists doesn't include weak crypto alg in the
resulting list.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2010-10-02 11:28:20 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						6beb058640 
					 
					
						
						
							
							Handle picky windows RODC servers  
						
						
						
						
					 
					
						2010-10-01 17:49:05 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						1072afd6bf 
					 
					
						
						
							
							Andrew Bartlet pointed out that the patch was incomplete, update and write doxygen.  
						
						
						
						
					 
					
						2010-09-30 00:44:35 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						f454f45fbf 
					 
					
						
						
							
							If the hostname contains a dot, assumes it's a FQAN and don't use  
						
						... 
						
						
						
						search domains since that might be painfully slow when machine is
disconnected from that network.
Found by Tridge 
						
						
					 
					
						2010-09-28 22:37:01 -07:00 
						 
				 
			
				
					
						
							
							
								Karolin Seeger 
							
						 
					 
					
						
						
							
						
						035106be97 
					 
					
						
						
							
							s4-krb5: Fix typos in comment.  
						
						... 
						
						
						
						Karolin
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2010-09-26 15:12:09 -07:00 
						 
				 
			
				
					
						
							
							
								Asanka C. Herath 
							
						 
					 
					
						
						
							
						
						cad554ad3d 
					 
					
						
						
							
							Generalize MSLSA ccache type to a plug-in based ccache type  
						
						
						
						
					 
					
						2010-09-18 23:50:38 -04:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						fea391eb96 
					 
					
						
						
							
							remove prefix zeros  
						
						
						
						
					 
					
						2010-09-18 14:45:33 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						8668bfaefc 
					 
					
						
						
							
							less brokenness  
						
						
						
						
					 
					
						2010-09-18 11:55:59 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						9907781fa3 
					 
					
						
						
							
							make address a full adress  
						
						
						
						
					 
					
						2010-09-18 11:26:09 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						4328f3980f 
					 
					
						
						
							
							make addresses not use compression in the middle since diffrent  
						
						... 
						
						
						
						inet_ntop have diffrent way to format them 
						
						
					 
					
						2010-09-17 12:20:29 -07:00 
						 
				 
			
				
					
						
							
							
								Anton Lundin 
							
						 
					 
					
						
						
							
						
						46a4a64dfe 
					 
					
						
						
							
							ifdef away code to be able to build with --disable-krb4  
						
						... 
						
						
						
						Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2010-09-16 22:47:14 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						0bfd697f62 
					 
					
						
						
							
							use krb5_unparse_name instead of krb5_unparse_name_short since that doesnt fail. From Zdenek Hatas  
						
						
						
						
					 
					
						2010-09-16 20:59:35 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						6a57e6a784 
					 
					
						
						
							
							make test pass  
						
						
						
						
					 
					
						2010-09-15 21:57:48 -07:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						b3797f428b 
					 
					
						
						
							
							Add krb5_c_random_make_octets() to mit_glue.c  
						
						
						
						
					 
					
						2010-09-14 08:04:19 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						80599fcd94 
					 
					
						
						
							
							Define KRB5_TC_OPENCLOSE and KRB5_TC_NOTICKET in krb5.h  
						
						
						
						
					 
					
						2010-09-14 08:04:18 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						e447009d1b 
					 
					
						
						
							
							Add krb5_free_default_realm() to MIT glue  
						
						
						
						
					 
					
						2010-09-14 08:04:18 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						d4a80084f1 
					 
					
						
						
							
							Don't return a freed pointer in allocate_ccache()  
						
						
						
						
					 
					
						2010-09-14 08:04:17 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						fa4021698e 
					 
					
						
						
							
							Handle Windows pathnames properly in krb5_cc_resolve()  
						
						... 
						
						
						
						On Windows, a pathname can contain a drive letter and a colon.
krb5_cc_resolve() used to check whether there were any colons in the
ccache name string and assume it is a FILE: cache if there weren't.
In addition, on Windows, check for a drive specification. 
						
						
					 
					
						2010-09-14 08:04:17 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						a7ccfa0717 
					 
					
						
						
							
							Define KRB5_TC_NOTICKET  
						
						
						
						
					 
					
						2010-09-14 08:04:15 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						5c39c25c77 
					 
					
						
						
							
							Fix comment  
						
						
						
						
					 
					
						2010-09-14 08:04:14 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						c93c2c72be 
					 
					
						
						
							
							Additional MIT glue  
						
						... 
						
						
						
						Add compatible exports for:
krb5_auth_con_getsendsubkey()
krb5_auth_con_getrecvsubkey()
krb5_auth_con_setsendsubkey()
krb5_auth_con_setrecvsubkey() 
						
						
					 
					
						2010-09-14 08:04:14 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						ff9cb6572d 
					 
					
						
						
							
							Deal with NULL or empty input for expand_path_tokens()  
						
						... 
						
						
						
						_krb5_expand_path_tokens() should return an empty string if the input
string is empty or NULL, instead of always returning a NULL for these
two cases. 
						
						
					 
					
						2010-09-14 08:04:13 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						e8e56defaf 
					 
					
						
						
							
							Don't rely on non-CCAPI v3 exports  
						
						... 
						
						
						
						krb5_ipc_client_set_target_uid() and krb5_ipc_client_clear_target()
may not be present in CCAPI plug-in.  Don't rely on their existence. 
						
						
					 
					
						2010-09-14 08:04:12 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						ba02163f2e 
					 
					
						
						
							
							Windows: Don't ignore failure in test_addr from now on  
						
						
						
						
					 
					
						2010-09-14 08:04:12 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						9db9b146fb 
					 
					
						
						
							
							Windows: Add support for MSLSA: cache type using a plug-in  
						
						
						
						
					 
					
						2010-09-14 08:04:11 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						96dadaaeff 
					 
					
						
						
							
							Windows: Decorate krb5_cc_copy_creds export definition  
						
						
						
						
					 
					
						2010-09-14 08:03:37 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						4925fb863c 
					 
					
						
						
							
							Address of an imported symbol is not always a constant  
						
						... 
						
						
						
						On Windows, the address of a symbol imported from a DLL is not
considered a constant.  Therefore, it can't be used to initialized
static data. 
						
						
					 
					
						2010-09-14 08:03:37 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						4b36b36e0b 
					 
					
						
						
							
							Add roken/rename.c to fix non-standard rename()  
						
						... 
						
						
						
						roken/rename.c is for platforms where the native rename()
implementation does not replace the target if it already exists.  This
implementation isn't atomic, but should be close enough for most
purposes.
For correct behavior, rk_rename() should be used instead of rename().
rk_rename() is #defined to be rename() on platforms where this fix is
not necessary. 
						
						
					 
					
						2010-09-14 08:03:34 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						6cc480fc09 
					 
					
						
						
							
							Additional tests cases for test_addr.c  
						
						... 
						
						
						
						On platform where we build our own inet_ntop(), exercise it a bit
more.  Specifically for zero string compression of IPv6 addresses. 
						
						
					 
					
						2010-09-14 08:03:33 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						bd795255aa 
					 
					
						
						
							
							Fix fcc_remove_cred() on platforms with non-standard rename()  
						
						
						
						
					 
					
						2010-09-14 08:03:31 -04:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						b74fa12602 
					 
					
						
						
							
							Windows: Have test binaries depend on built libraries  
						
						
						
						
					 
					
						2010-09-14 08:03:30 -04:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						ba5c014af0 
					 
					
						
						
							
							add krb5_get_permitted_enctypes  
						
						
						
						
					 
					
						2010-09-08 22:04:03 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						3798647400 
					 
					
						
						
							
							Define HAVE_CFPROPERTYLISTCREATEWITHSTREAM if this is 10.6 or newer  
						
						
						
						
					 
					
						2010-09-08 12:22:12 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						d893207413 
					 
					
						
						
							
							add check-rd-req-server  
						
						
						
						
					 
					
						2010-09-01 21:56:17 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						856c1c0a86 
					 
					
						
						
							
							accept >= 0 and valid return codes from RAND_bytes due to broken engine from the isc bind implementation, reported by Sam Liddicott  
						
						
						
						
					 
					
						2010-09-01 21:00:07 -07:00 
						 
				 
			
				
					
						
							
							
								Asanka Herath 
							
						 
					 
					
						
						
							
						
						f88854effa 
					 
					
						
						
							
							Windows: Correct calling convention for krb5_free_unparsed_name()  
						
						
						
						
					 
					
						2010-08-20 13:14:14 -04:00