Chaskiel Grundman 
							
						 
					 
					
						
						
							
						
						5f2a93f5ca 
					 
					
						
						
							
							Recognize anonymous AS requests using bit 14  
						
						... 
						
						
						
						Check KDC Option bit 14 in addition to 16 when identifying anonymous
AS-REQs. This provides compatibility with older heimdal releases. 
						
						
					 
					
						2014-07-03 12:24:08 -04:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						19f9fdbcea 
					 
					
						
						
							
							don't bother seeing q if not sent  
						
						
						
						
					 
					
						2013-04-29 11:42:46 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						e8317b955f 
					 
					
						
						
							
							allow optional q in DH DomainParameters  
						
						
						
						
					 
					
						2013-04-29 11:37:39 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						c7cd31ef9d 
					 
					
						
						
							
							make sure we propagate an error code in case of wrong number of ms-san  
						
						... 
						
						
						
						Patch from Matthieu Hautreux 
						
						
					 
					
						2013-02-10 19:07:44 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						029de6cfa4 
					 
					
						
						
							
							pass back an heim_error from hx509_cert_init  
						
						
						
						
					 
					
						2012-10-07 06:33:13 -07:00 
						 
				 
			
				
					
						
							
							
								Roland C. Dowdeswell 
							
						 
					 
					
						
						
							
						
						cc47c8fa7b 
					 
					
						
						
							
							Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues.  
						
						... 
						
						
						
						We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer.  Note that we get different
warnings on different machines and so this will be a work in
progress.  So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).
Notably, we fixed
	1.  a lot of missing structure initialisers,
	2.  unchecked return values for functions that glibc
	    marks as __attribute__((warn-unused-result)),
	3.  made minor modifications to slc and asn1_compile
	    which can generate code which generates warnings,
	    and
	4.  a few stragglers here and there.
We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g.  rsh, rcp,
popper, ftp and telnet.
Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.
We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do. 
						
						
					 
					
						2012-02-20 19:45:41 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						1a1bd736c0 
					 
					
						
						
							
							merge support for FAST in as-req codepath  
						
						
						
						
					 
					
						2011-10-28 19:25:48 -07:00 
						 
				 
			
				
					
						
							
							
								Nicolas Williams 
							
						 
					 
					
						
						
							
						
						a5e77c578e 
					 
					
						
						
							
							Deferred hostname canon using name canon rules  
						
						
						
						
					 
					
						2011-10-22 14:54:13 -05:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						13eeb30a1d 
					 
					
						
						
							
							Create a request structure  
						
						
						
						
					 
					
						2011-07-24 20:24:37 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						f102ee7831 
					 
					
						
						
							
							compiler warning  
						
						
						
						
					 
					
						2011-07-24 19:56:09 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						0879b9831a 
					 
					
						
						
							
							remove trailing whitespace  
						
						
						
						
					 
					
						2011-05-21 11:57:31 -07:00 
						 
				 
			
				
					
						
							
							
								Jeffrey Altman 
							
						 
					 
					
						
						
							
						
						6850d6a65f 
					 
					
						
						
							
							avoid uninit variable and unreachable code warnings  
						
						... 
						
						
						
						most of these warnings are not problems because of ample
use of abort() calls.  However, the large number of warnings
makes it difficult to identify real problems.  Initialize
the variables to shut up the compilers.
Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8 
						
						
					 
					
						2011-05-17 12:02:16 -04:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						f5f9014c90 
					 
					
						
						
							
							Warning fixes from Christos Zoulas  
						
						... 
						
						
						
						- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code 
						
						
					 
					
						2011-04-29 20:25:05 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						7639f83561 
					 
					
						
						
							
							Use right length. Pointed out by Tom Yu  
						
						
						
						
					 
					
						2010-06-28 20:22:22 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						6e05462c1e 
					 
					
						
						
							
							DH_compute_key might not include zero pre-filling, add it back. Reported by Tom Yu of MIT Kerberos  
						
						
						
						
					 
					
						2010-06-28 21:50:43 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						dde9ae659b 
					 
					
						
						
							
							drop RCSID  
						
						
						
						
					 
					
						2010-03-16 12:50:09 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						55db6909fe 
					 
					
						
						
							
							_kdc_pk_initialize needs to be exported for kdc-replay  
						
						... 
						
						
						
						prompted by patch from Gabor Gombas <gombasg@sztaki.hu > 
						
						
					 
					
						2009-11-25 05:08:44 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						dd67212157 
					 
					
						
						
							
							add disable btmm support  
						
						
						
						
					 
					
						2009-11-22 00:29:36 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						97dd51a2da 
					 
					
						
						
							
							use krb5_get_error_message()  
						
						
						
						
					 
					
						2009-11-03 23:50:45 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						2ec7e6b4fa 
					 
					
						
						
							
							Use hx509_context that build from krb5_context  
						
						
						
						
					 
					
						2009-09-29 13:13:21 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						e27f40b032 
					 
					
						
						
							
							update usage for _krb5_pk_load_id  
						
						
						
						
					 
					
						2009-09-29 11:28:51 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						7fbe96b164 
					 
					
						
						
							
							Paranoid in checking that we parsed the complete buffer  
						
						
						
						
					 
					
						2009-09-29 08:26:17 -07:00 
						 
				 
			
				
					
						
							
							
								Andrew Bartlett 
							
						 
					 
					
						
						
							
						
						f8c121b282 
					 
					
						
						
							
							Add support for user principal names in certificates [HEIMDAL-602]  
						
						... 
						
						
						
						This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ.  (This was a TODO in
the Heimdal KDC)
The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test). 
						
						
					 
					
						2009-08-04 09:34:58 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						1ca716bbc7 
					 
					
						
						
							
							Free buf on random generator error [CID-177]  
						
						
						
						
					 
					
						2009-07-30 07:42:12 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						9b710bed81 
					 
					
						
						
							
							store is never read again  
						
						
						
						
					 
					
						2009-07-29 22:37:58 +02:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						0cac9adc37 
					 
					
						
						
							
							one more HAVE_OPENSSL for EC  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25274 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-06-06 06:43:10 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						00c0fcb461 
					 
					
						
						
							
							Use OID variable instead of function.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25249 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-05-28 01:20:27 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						1530060a84 
					 
					
						
						
							
							Assume old client if it doesn't send supportedCMSTypes.  
						
						... 
						
						
						
						Add error message.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25167 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-05-04 06:16:40 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						792da8685d 
					 
					
						
						
							
							don't leak memory  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25084 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-04-04 17:08:56 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						27e41bf7d6 
					 
					
						
						
							
							If the client sent more then 10 EDI, don't bother looking more then 10  
						
						... 
						
						
						
						of performance reasons.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25002 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-03-29 19:49:09 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						eb81f54da8 
					 
					
						
						
							
							Flatten the reply  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25001 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-03-29 19:48:55 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						dd3405112f 
					 
					
						
						
							
							rename client_params and set proxy cert bit on the right context  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24994 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-03-29 09:04:00 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						5ee06ffbff 
					 
					
						
						
							
							Make one verify context per client, this way we can add our own trust  
						
						... 
						
						
						
						anchors for each client, so that self registed/special certificate are
allowed as trust anchors.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24987 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-03-29 09:02:44 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						f4f623e7d8 
					 
					
						
						
							
							comment on what to add  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24942 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-03-25 15:36:58 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						eb32e1f0ff 
					 
					
						
						
							
							add generation of session key here  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24939 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-03-25 15:36:26 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						143101e825 
					 
					
						
						
							
							better printing of keyex mech  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24704 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-02-14 20:14:07 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						985e9f898d 
					 
					
						
						
							
							mrore DH bits  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24697 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-02-14 20:12:55 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						b86374c262 
					 
					
						
						
							
							Implement ECDH in the KDC.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24695 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-02-14 20:12:36 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						11876749d4 
					 
					
						
						
							
							more bits for ECDH  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24688 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-02-14 04:17:05 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						b370260466 
					 
					
						
						
							
							Abstract out use of DH  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24687 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-02-14 04:16:54 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						4aebfb78c0 
					 
					
						
						
							
							Remove extra anonymous check.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24600 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-02-04 22:07:52 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						c1e6b65501 
					 
					
						
						
							
							use is_anonymous(), extra new argument to _krb5_pk_load_id()  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24593 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-02-04 22:06:42 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						7f61137222 
					 
					
						
						
							
							Use HX509_CMS_VS_ALLOW_ZERO_SIGNER for anonymous requests.  
						
						... 
						
						
						
						Move the check client/anonoymous logic here
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24577 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-02-04 22:03:58 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						cc20011567 
					 
					
						
						
							
							deny non valid use of anonymous requests.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24574 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-02-04 22:03:27 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						6d2fc59777 
					 
					
						
						
							
							- Add switch to select friendly_name of the certificate.  
						
						... 
						
						
						
						- Use HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH some CMS implementestions get the oid
wrong when they do evelopeddata.
- Use HX509_CMS_EV_NO_KU_CHECK since some clients send certs that are
not enveloped certs.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24196 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-12-15 04:31:32 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						49ff682fff 
					 
					
						
						
							
							better error messages  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24179 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-12-15 04:28:43 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						937e8ffe0a 
					 
					
						
						
							
							plug memory leak of DH public key  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24154 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-12-11 05:08:57 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						e295c94913 
					 
					
						
						
							
							allow freeing of client_params=NULL cid#54  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24131 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-12-11 05:05:00 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						9c92a36dd8 
					 
					
						
						
							
							return up kdc_cert from signing operation so that OSCP can do the right thing. cid#55  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24130 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-12-11 05:04:50 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						a1ebdfc19c 
					 
					
						
						
							
							remove dead code: cid# 11  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24104 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-12-11 05:00:18 +00:00