oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
25,420 Commits 2 Branches 2 Tags
a750f29cda1f2349e6a9b2bf98b6898960f618b6
Commit Graph

25420 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Russ Allbery
01d54cacc9 Allow weak crypto in hprop 
hprop may be decrypting an old database encrypted with a DES master
key, in which case it shouldn't fail because DES is disabled by default.

This could permit weak enctypes to be used when authenticating to a
remote hpropd, although stronger enctypes are still preferred.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-27 21:57:32 -08:00
Russ Allbery
8a57d5cb08 Add krb5_allow_weak_crypto API to enable weak enctypes 
Add krb5_allow_weak_crypto parallel to the API introduced in MIT
Kerberos 1.8.  Enables or disables all enctypes marked as weak.
Add a new enctype flag marking weak enctypes (all of the ones that
are disabled by default).

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-27 21:50:58 -08:00
Love Hornquist Astrand
560fc640bb Lowercase linux, from Harald Barth 2010-01-26 22:14:59 -08:00
Love Hornquist Astrand
908ece3604 Adapt for Linux with SOCK_CLOEXEC, patch from Harald Barth 2010-01-26 10:46:51 -08:00
Love Hornquist Astrand
4376b6c8b1 spelling 2010-01-25 23:50:37 -08:00
Love Hornquist Astrand
2fbdb6a514 rewrite socket to rk_socket of there is SOCK_CLOEXEC and there is linux, prompted by Harald Barth 2010-01-25 23:01:18 -08:00
Love Hornquist Astrand
deee0bbad9 put SOCK_CLOEXEC in the right argument, from Harald Barth 2010-01-25 23:01:09 -08:00
Russ Allbery
4038832098 Export krb5_principal_get_num_comp 
krb5_principal_get_num_comp was prototyped as a public function but
not exported from libkrb5.  Add it to the export version map.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-25 22:39:14 -08:00
Love Hornquist Astrand
609e8dd156 reset GSS_C_DELEG_FLAG when there is no consumer 2010-01-19 21:22:53 +00:00
Russ Allbery
3441bbb98e Clarify documentation of password quality check modules 
Be clearer in the info documentation that the part of the policy
name before the colon is the name of the module, not the static
string "module".  State explicitly that "builtin" can be used as the
module name to identify built-in policies.

Use the same terminology in kadm5_pwcheck(3) as the info documentation,
changing test-name to policy-name and vendor to module-name.  State
explicitly how the module name and policy name are used to select which
policies to run.

Rephrase a few sentences, add a paragraph break, and fix a few typos
for clarity.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-15 23:33:25 +00:00
Russ Allbery
80317bbd20 Pass external password quality program name as first argument 
Pass the path to the external password quality program as the first
argument to the program and the principal as the second argument, as is
conventional, rather than passing only the principal.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-14 23:38:17 +00:00
Love Hornquist Astrand
1f4bb75eef Only free hx509ctx if its actually allocated 2010-01-12 17:47:54 -08:00
Love Hornquist Astrand
1b3a8d3032 just close socket 2010-01-08 14:19:21 +01:00
Love Hornquist Astrand
3b51f94c2b Make compile on pre-leopard (Tiger needs CSSM_SIZE), From Quanah Gibson-Mount 2010-01-08 13:17:47 +01:00
Love Hornquist Astrand
461c1b1535 check for CommonCrypto/CommonDigest.h since it doesn't exists on Tiger 2010-01-08 13:13:10 +01:00
Love Hornquist Astrand
9200bb1738 Wrap <CommonCrypto/CommonDigest.h> with ifdef since it doesn't exists on Tiger 2010-01-08 13:12:44 +01:00
Love Hornquist Astrand
f6e0d19cc0 make rk_SOCK_EXIT a statment to avoid warnings 2010-01-08 13:08:24 +01:00
Love Hornquist Astrand
c24a7d2d80 fix const-ifyier on cc-ops 2010-01-08 13:07:27 +01:00
Love Hornquist Astrand
26770c90f3 move unused variable to inside #ifdef 2010-01-08 12:59:35 +01:00
Love Hornquist Astrand
f3ea26c759 remove unused variable 2010-01-08 12:58:20 +01:00
Love Hornquist Astrand
3cc8e8bfc7 listen for http requests 2010-01-06 12:54:54 +01:00
Love Hornquist Astrand
8857c285e8 build ts-http 2010-01-06 12:54:27 +01:00
Love Hornquist Astrand
dad3296f64 expose SIPC_TYPE flags 2010-01-06 12:54:09 +01:00
Love Hornquist Astrand
0f5267b97f Make http connections work 2010-01-06 12:53:52 +01:00
Love Hornquist Astrand
1354b6650b clean up http support 2010-01-06 10:42:28 +01:00
Love Hornquist Astrand
68d2f52ad4 fixup prototype 2010-01-06 10:42:16 +01:00
Love Hornquist Astrand
6847593406 Include <base64.h>. 2010-01-06 10:40:53 +01:00
Love Hornquist Astrand
eab88ad791 Include <ctype.h>. 2010-01-06 10:36:12 +01:00
Love Hornquist Astrand
ef30147831 Add Secure Endpoints, Inc 2010-01-05 19:23:38 +01:00
Love Hornquist Astrand
8aed9dceeb need to fix lib/krb5/expand_path_w32.c 2010-01-05 19:21:45 +01:00
Love Hornquist Astrand
2711882f3f Add bits to support HTTP in server 2010-01-04 16:11:18 +01:00
Love Hornquist Astrand
48504c5771 [Heimdal-704] export encode_Key/length_Key, from Jan Rekorajski 2010-01-04 13:14:11 +01:00
Love Hornquist Astrand
e5bc5d6a32 happy new year 2010-01-02 17:57:12 +01:00
Love Hornquist Astrand
6a7810d12f Export initialize_hdb_error_table_r and free_Salt, requested by Jelmer Vernooij in Debian bug #56275 2010-01-02 17:53:57 +01:00
Love Hornquist Astrand
51717efb34 Export kdc_check_flags, requested by Jelmer Vernooij in Debian bug #56275 2010-01-02 17:51:57 +01:00
Love Hornquist Astrand
102087bd67 export GSS_KRB5_CRED_NO_CI_FLAGS_X, needed by samba 2010-01-02 17:48:26 +01:00
Love Hornquist Astrand
d65ba36a5e replace exeext too 2010-01-01 13:33:47 +01:00
Love Hornquist Astrand
332f988737 make verify checksum ct 2010-01-01 13:09:22 +01:00
Love Hornquist Astrand
dd04b1d7ba make DES_is_weak_key ct 2010-01-01 13:08:04 +01:00
Love Hornquist Astrand
212a3ea09a test weak keys 2010-01-01 13:07:20 +01:00
Love Hornquist Astrand
dd9e076e47 reorder to remove if (0); 2009-12-25 10:45:26 +01:00
Love Hornquist Astrand
15cff173a2 Use #ifdef SIGXCPU instead of #ifndef NO_SIGXCPU 2009-12-25 10:44:40 +01:00
Love Hornquist Astrand
5b515900d6 NO_INETD removed 2009-12-25 10:42:50 +01:00
Love Hornquist Astrand
b914fd57c5 remove NO_INETD by shuffling code around 2009-12-25 06:37:57 +01:00
Love Hornquist Astrand
02e980612e make #ifdef positive, add comments 2009-12-24 07:19:49 +01:00
Love Hornquist Astrand
08d12ee6e0 implement RAND_pseudorand for the w32 provider in terms of w32crypto_bytes 2009-12-24 07:13:15 +01:00
Love Hornquist Astrand
95888d4ad3 rk_cloexec_dir uses dirfd that is not available on windows 
All unixes have something like it, roken provides macro if not available.
 2009-12-23 19:38:21 +01:00
Love Hornquist Astrand
3a09421025 no dirent.h, use dirent.hin instead 2009-12-23 19:29:40 +01:00
Love Hornquist Astrand
354cb547f9 minor windows merge stuff 2009-12-23 17:07:53 +01:00
Love Hornquist Astrand
7a7061ac70 use strtol 2009-12-23 17:07:36 +01:00