oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,231 Commits 2 Branches 2 Tags
c8753450b14a53c61b6773dacf9723752dbc9efb
Commit Graph

5283 Commits

Author SHA1 Message Date
Nicolas Williams
481fe133b2 Also added preauth-use-strongest-session-key krb5.conf kdc parameter, similar to {as, tgs}-use-strongest-session-key. The latter two control ticket session key enctype selection in the AS and TGS cases, respectively, while the former controls PA-ETYPE-INFO2 enctype selection in the AS case. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
a7a8a7e95c Initial patch to add as-use-strongest-session-key and same for tgs krb5.conf parameters for the KDC. These control the session key enctype selection algorithm for the AS and TGS respectively: if TRUE then they prefer the strongest enctype supported by the client, the KDC and the target principal, else they prefer the first enctype fromt he client's list that is also supported by the KDC and the target principal. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Love Hornquist Astrand
8b1b47035d Switch to krb5_enomem 2011-05-22 20:43:31 -07:00
Love Hörnquist Åstrand
48a91b7fc5 change prefix ETYPE_ to KRB5_ENCTYPE_ and provide compat symbols 2011-05-22 14:06:40 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
e4580fe4cc add glue for krb5_einval 2011-05-18 22:00:37 -07:00
Love Hornquist Astrand
c6c32a431f provide _krb5_einval and _krb5_debug_backtrace that will ease figuring out when it happens 2011-05-18 21:59:56 -07:00
Love Hornquist Astrand
492492e42a use new function krb5_einval instead of returning EINVAL directly 2011-05-18 21:59:23 -07:00
Jeffrey Altman
18b76b6236 fcache: prevent null pointer dereference 
Validate krb5_ccache and krb5_cc_cursor inputs
before use.  Avoid null pointer dereference which
can occur if an application fails to properly check
return codes.

Change-Id: I8023808936e60cc7b8e57a062106cfcdc51ee7d7
 2011-05-18 10:20:09 -04:00
Love Hornquist Astrand
305596d9ad Rename subsystem_DEPRECATED to subsystem_DEPRECATED_FUNCTION(X) 
Start to explain what the replacement function is.
Generate the #define/#undef logic in generated header files.
Use gcc style where the deprecation warning is after the prototype.
 2011-05-17 23:12:51 -07:00
Love Hornquist Astrand
9ed040da38 fix compile warning 2011-05-17 23:01:40 -07:00
Jeffrey Altman
13f63decb6 conditionally export kcm functions on windows 
Change-Id: I3d11595e690467afccc4f82f4eafee1cb2736757
 2011-05-17 13:40:58 -04:00
Jeffrey Altman
6850d6a65f avoid uninit variable and unreachable code warnings 
most of these warnings are not problems because of ample
use of abort() calls.  However, the large number of warnings
makes it difficult to identify real problems.  Initialize
the variables to shut up the compilers.

Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
 2011-05-17 12:02:16 -04:00
Jeffrey Altman
36dcd37cc7 use %p printf format spec for pointers 
do not cast to unsigned long since a 64-bit pointer
and 32-bit long will truncate the value.

Change-Id: Ibeda98171ccbab4b55950bb02c858773e1028cbf
 2011-05-17 12:02:15 -04:00
Jeffrey Altman
844fa0ad5a avoid calling hx509_free_cert() twice 
in krb5_pk_enterprise_cert() pkinit.c, hx509_free_cert()
could be called twice.

Change-Id: I9911d38f1f926721dca2753c6296f26c66c474ad
 2011-05-17 12:02:14 -04:00
Jeffrey Altman
52556b1b74 fix uninitialized vars in pkinit.c find_cert() 
'start' must be initialized to '1'

'ret' to HX509_CERT_NOT_FOUND

Change-Id: I748bd9856f70b7d627082f73a3a22f1395a604ba
 2011-05-17 12:02:14 -04:00
Jeffrey Altman
9bf311fc3c export krb5_kt_have_content() on windows 
Change-Id: Iee6615e6e6d14d36546fadee5b3b374d750202cb
 2011-05-17 12:02:13 -04:00
Jeffrey Altman
0a36d16131 add KRB5_LIB_FUNCTION/KRB5_LIB_CALL to kcm.c 
Change-Id: I7bc2f54b968843c05aabf03afa556a3d31b696c0
 2011-05-17 12:02:13 -04:00
Jeffrey Altman
0fa2edf620 install kcm.h on windows 
Windows does not yet support the kcm.  However, the header
is now required for building lib/gssapi/ntlm so install it.

Change-Id: I9949794d1159797e11c3e6fdd5675ae857cf04a1
 2011-05-17 12:02:12 -04:00
Luke Howard
e128b0ca01 Merge branch 'master' into lukeh/moonshot 
Conflicts:
	lib/gssapi/krb5/external.c
	lib/libedit/src/vi.c
 2011-05-12 13:04:55 +02:00
Love Hornquist Astrand
be92276b8b Fix bug in realm encoding reported by Mark Pröhl 
Also, add basic test while here.
 2011-05-08 11:22:07 -07:00
Love Hornquist Astrand
77c7747cc3 plug memory leak 2011-05-08 11:21:44 -07:00
Love Hornquist Astrand
bd2d4c2f79 ->max_alloc to krb5_storage and use it 2011-05-08 00:16:02 -07:00
Love Hornquist Astrand
114dff9ebd add depency on built headerfiels for librfc3961_la_OBJECTS 2011-05-07 12:29:52 -07:00
Love Hornquist Astrand
b1909b2daa Fixes from NetBSD via Thomas Klausner and Roland C. Dowdeswell 2011-05-04 21:31:10 -07:00
Love Hornquist Astrand
9a1a5e5da6 Mandoc and spelling fixes from Thomas Klausner 2011-04-29 20:37:33 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Love Hornquist Astrand
66c15e7caf add support for sha256 and sha512 for the nist kdf 2011-04-25 14:46:38 -07:00
Love Hornquist Astrand
f632c5239e one element per line 2011-04-14 12:54:16 -07:00
Luke Howard
6ec5011d48 Merge branch 'master' into lukeh/moonshot 2011-04-08 09:05:36 +10:00
Love Hornquist Astrand
372db4d853 add krb5_kt_have_content 2011-04-07 07:15:27 -07:00
Love Hornquist Astrand
f1718af272 make work again after adding loopback addresses 2011-04-07 07:15:27 -07:00
Nicolas Williams
c5041352cb Fixed a bug in the initial loopback ifs patch. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-04-04 22:45:33 -07:00
Nicolas Williams
e7672a71aa Patch to include non-loopback addresses from loopback interfaces. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-04-04 22:45:33 -07:00
Nicolas Williams
941eba430b Fixed a bug by s/u16/SEEK_CURR/; the bug prevented this mitdb backend from parsing MIT KDB entries with multiple kvnos in non-increasing order. 
Fixed a double-free bug that was triggered by MIT KDB entries with
multiple kvnos in non-increasing order.

Added lots of comments regarding the MIT KDB entry format.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-04-04 22:44:57 -07:00
Luke Howard
093403a2a7 Merge branch 'master' into lukeh/moonshot 2011-04-03 18:08:23 +10:00
Love Hornquist Astrand
a70217d371 include krb5_copy_context 2011-04-01 00:27:32 -07:00
Luke Howard
4748fc9489 Merge branch 'master' into lukeh/moonshot 2011-03-22 15:45:12 +11:00
Love Hornquist Astrand
7c039e5630 Add missing quoting in manpage. Patch from Nicolas Joly. 2011-03-21 09:28:32 -07:00
Luke Howard
d116a78297 add missing exports 2011-03-21 23:53:17 +11:00
Luke Howard
841a5ed3ba export krb5_kcm_call/krb5_kcm_storage_request 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-03-20 23:27:04 -07:00
Love Hornquist Astrand
c3905ff795 glue in some more functions 2011-03-12 19:29:00 -08:00
Love Hornquist Astrand
1bb482e168 prefix internal structures with _krb5_ 2011-03-12 13:50:39 -08:00
Love Hornquist Astrand
03806492d9 prefix symbols that are _krb5_ structures 2011-03-12 13:45:09 -08:00
Love Hornquist Astrand
b59a20bc1f clarify documentation 2011-03-12 11:37:13 -08:00
Love Hornquist Astrand
1f59fe0edf move up internal framework to avoid using already installed frameworks 2011-02-12 09:49:35 -08:00
Love Hornquist Astrand
2fb63b37e7 add KRB5_KU_AS_REQ 2011-02-06 16:35:10 -08:00
Jeffrey Altman
7b1e954ad4 Reorder DES algs to work around MIT pre-1.8 GSS 
Pre-1.8 MIT GSS accept_sec_context() has a bug which treats
des-cbc-md4 as if the received token format should be CFX.
The previous DES alg ordering resulted in MIT KDCs issuing
des-cbc-md4 session keys for service tickets which triggered
this bug.  Reorder the list so md4 is not preferred.

Change-Id: I11269498a6eb8494044c618db29c43f62b0ced49
 2010-12-07 00:28:13 -05:00
Asanka C. Herath
b45dd13c44 Expand path tokens for krb5.moduli 2010-12-03 17:42:42 -05:00
Asanka C. Herath
e0e746b1ca Revert use of backslash as an escape for double quote in config strings 2010-12-03 01:12:31 -05:00