oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,646 Commits 2 Branches 2 Tags
c9e37efbe100dc28ed204d13c8cf15d562cea078
Commit Graph

4859 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
4a43975270 drop unused KRB4 bits 2011-07-30 14:14:52 -07:00
Love Hörnquist Åstrand
0ed83cebd3 disable old deprecated enctypes 2011-07-30 12:11:08 -07:00
Love Hörnquist Åstrand
8060a561db switch to KRB5_ENCTYPE 2011-07-24 16:02:22 -07:00
Love Hörnquist Åstrand
8fccb51d49 Merge pull request #12 from nicowilliams/krb5_admin_patches_2nd 
Krb5 admin patches 2nd

This has all the patches needed for krb5_admind to build and pass most tests, that includes:
- more kadm5 API compatibility (including very basic profile functionality)
- multi-kvno support (useful for key rollovers) (a test for this is included in tests/db/check-kdc)

Unfinished:
- password history (currently uses key history, needs to be separated and use digests)
- policies (only default policy allowed)
- mit kdb changes not tested yet


Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 15:41:36 -07:00
Love Hörnquist Åstrand
671e231d75 fix warning 2011-07-24 14:09:23 -07:00
Linus Nordberg
2e35198908 Add version-script.map to _DEPENDENCIES. 
Added to 11 out of 14 directories with map files.  Not lib/ntlm,
lib/hcrypto and kdc which have the map file as an explicit dependency
to _OBBJECTS.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 14:07:59 -07:00
Love Hörnquist Åstrand
f60ec15834 partly unify enctype/keytype since there is only enctypes 2011-07-24 14:03:08 -07:00
Andrew Bartlett
84bc108d8f lib/krb5: Allow any kvno to match when searching the keytab. 
Windows does not use a KVNO when it checks it's passwords, and MIT
doesn't check the KVNO when no acceptor identity is specified (looping
over all keys in the keytab).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 10:37:40 -07:00
Love Hörnquist Åstrand
4bff0fbb31 check for NULL as argument to krb5_{prepend,set}_error_message functions 2011-07-23 12:06:01 -07:00
Love Hörnquist Åstrand
fb8c65a8c2 better logging 2011-07-23 11:44:42 -07:00
Love Hörnquist Åstrand
12403a31ce sprinkle more windows files 2011-07-23 11:18:21 -07:00
Nicolas Williams
6e04b05e9d Initial support for kadm5_randkey_principal_3(), needed by krb5_admin. 
NOT TESTED YET.
 2011-07-22 16:04:52 -05:00
Jeffrey Altman
c13deafcce Synchronize Windows export list with Unix 
Change-Id: Ic0ee3d1f4b49761fbd2676f4f9562f1bf906e382
 2011-07-21 11:50:45 -04:00
Love Hörnquist Åstrand
f79183821f sprinkle doxygen and kode more like the rest of the code base 2011-07-19 21:29:19 -07:00
Roland C. Dowdeswell
77c8ef2c06 krb5_free_default_realm() from mit_glue.c needs to be exported to be useful. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-19 21:25:47 -07:00
Roland C. Dowdeswell
3ef06de67b Fix a couple of bugs in krb5_c_valid_enctype(): 
1.  on errors, it appears to core dump, and

      2.  the sense of the return code is inverted from the
          MIT implementation.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-19 21:25:15 -07:00
Love Hörnquist Åstrand
7aaba443bc add NTMakefile and windows directories 2011-07-17 12:16:59 -07:00
Love Hörnquist Åstrand
9bff431435 sizeof is used incorrectly in DES3_random_to_key() 
from OpenBSD via Jonathan Gray <jsg@goblin.cx>
 2011-07-13 23:16:06 -07:00
Jeffrey Altman
49cead6a58 Merge pull request #11 from asankah/master 
Updates from Asanka to complete the Heimdal on Windows install package.  Plugins in Software/Heimdal; customizable 32-bit tools directory in multi-platform installer; Feature Tree view; and updated version number.
 2011-06-20 13:26:52 -07:00
Love Hörnquist Åstrand
5a25df7851 set HEIMDAL_LOCALEDIR for librfc3961.la too 2011-06-19 11:02:27 -07:00
Asanka C. Herath
3048545de3 Windows: Use Software/Heimdal registry key for Heimdal specific configuration 
The 'plugin_dir' value is Heimdal specific.  So keep it in the
Software/Heimdal registry key.  The Software/Kerberos registry key
will also be loaded and will contain generic Kerberos configuration.
 2011-06-15 01:55:19 -04:00
Love Hörnquist Åstrand
7dccddc6fb count number of enctypes too 2011-06-14 21:44:23 -07:00
Love Hörnquist Åstrand
0f489b7b28 unexport krb5_init_etype, remove duplicate code 2011-06-14 21:08:52 -07:00
Nicolas Williams
016193ac6a Added manpage documentation for krb5_{as, tgs}_enctypes. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
2fbad6432b Initial support for default_{as, tgs}_etypes. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
256cf6ea12 This patch adds support for a use-strongest-server-key krb5.conf kdc parameter that controls how the KDC (AS and TGS) selects a long-term key from a service principal's HDB entry. If TRUE the KDC picks the strongest supported key from the service principal's current keyset. If FALSE the KDC picks the first supported key from the service principal's current keyset. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
481fe133b2 Also added preauth-use-strongest-session-key krb5.conf kdc parameter, similar to {as, tgs}-use-strongest-session-key. The latter two control ticket session key enctype selection in the AS and TGS cases, respectively, while the former controls PA-ETYPE-INFO2 enctype selection in the AS case. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
a7a8a7e95c Initial patch to add as-use-strongest-session-key and same for tgs krb5.conf parameters for the KDC. These control the session key enctype selection algorithm for the AS and TGS respectively: if TRUE then they prefer the strongest enctype supported by the client, the KDC and the target principal, else they prefer the first enctype fromt he client's list that is also supported by the KDC and the target principal. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Love Hornquist Astrand
8b1b47035d Switch to krb5_enomem 2011-05-22 20:43:31 -07:00
Love Hörnquist Åstrand
48a91b7fc5 change prefix ETYPE_ to KRB5_ENCTYPE_ and provide compat symbols 2011-05-22 14:06:40 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
e4580fe4cc add glue for krb5_einval 2011-05-18 22:00:37 -07:00
Love Hornquist Astrand
c6c32a431f provide _krb5_einval and _krb5_debug_backtrace that will ease figuring out when it happens 2011-05-18 21:59:56 -07:00
Love Hornquist Astrand
492492e42a use new function krb5_einval instead of returning EINVAL directly 2011-05-18 21:59:23 -07:00
Jeffrey Altman
18b76b6236 fcache: prevent null pointer dereference 
Validate krb5_ccache and krb5_cc_cursor inputs
before use.  Avoid null pointer dereference which
can occur if an application fails to properly check
return codes.

Change-Id: I8023808936e60cc7b8e57a062106cfcdc51ee7d7
 2011-05-18 10:20:09 -04:00
Love Hornquist Astrand
305596d9ad Rename subsystem_DEPRECATED to subsystem_DEPRECATED_FUNCTION(X) 
Start to explain what the replacement function is.
Generate the #define/#undef logic in generated header files.
Use gcc style where the deprecation warning is after the prototype.
 2011-05-17 23:12:51 -07:00
Love Hornquist Astrand
9ed040da38 fix compile warning 2011-05-17 23:01:40 -07:00
Jeffrey Altman
13f63decb6 conditionally export kcm functions on windows 
Change-Id: I3d11595e690467afccc4f82f4eafee1cb2736757
 2011-05-17 13:40:58 -04:00
Jeffrey Altman
6850d6a65f avoid uninit variable and unreachable code warnings 
most of these warnings are not problems because of ample
use of abort() calls.  However, the large number of warnings
makes it difficult to identify real problems.  Initialize
the variables to shut up the compilers.

Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
 2011-05-17 12:02:16 -04:00
Jeffrey Altman
36dcd37cc7 use %p printf format spec for pointers 
do not cast to unsigned long since a 64-bit pointer
and 32-bit long will truncate the value.

Change-Id: Ibeda98171ccbab4b55950bb02c858773e1028cbf
 2011-05-17 12:02:15 -04:00
Jeffrey Altman
844fa0ad5a avoid calling hx509_free_cert() twice 
in krb5_pk_enterprise_cert() pkinit.c, hx509_free_cert()
could be called twice.

Change-Id: I9911d38f1f926721dca2753c6296f26c66c474ad
 2011-05-17 12:02:14 -04:00
Jeffrey Altman
52556b1b74 fix uninitialized vars in pkinit.c find_cert() 
'start' must be initialized to '1'

'ret' to HX509_CERT_NOT_FOUND

Change-Id: I748bd9856f70b7d627082f73a3a22f1395a604ba
 2011-05-17 12:02:14 -04:00
Jeffrey Altman
9bf311fc3c export krb5_kt_have_content() on windows 
Change-Id: Iee6615e6e6d14d36546fadee5b3b374d750202cb
 2011-05-17 12:02:13 -04:00
Jeffrey Altman
0a36d16131 add KRB5_LIB_FUNCTION/KRB5_LIB_CALL to kcm.c 
Change-Id: I7bc2f54b968843c05aabf03afa556a3d31b696c0
 2011-05-17 12:02:13 -04:00
Jeffrey Altman
0fa2edf620 install kcm.h on windows 
Windows does not yet support the kcm.  However, the header
is now required for building lib/gssapi/ntlm so install it.

Change-Id: I9949794d1159797e11c3e6fdd5675ae857cf04a1
 2011-05-17 12:02:12 -04:00
Luke Howard
e128b0ca01 Merge branch 'master' into lukeh/moonshot 
Conflicts:
	lib/gssapi/krb5/external.c
	lib/libedit/src/vi.c
 2011-05-12 13:04:55 +02:00
Love Hornquist Astrand
be92276b8b Fix bug in realm encoding reported by Mark Pröhl 
Also, add basic test while here.
 2011-05-08 11:22:07 -07:00
Love Hornquist Astrand
77c7747cc3 plug memory leak 2011-05-08 11:21:44 -07:00
Love Hornquist Astrand
bd2d4c2f79 ->max_alloc to krb5_storage and use it 2011-05-08 00:16:02 -07:00
Love Hornquist Astrand
114dff9ebd add depency on built headerfiels for librfc3961_la_OBJECTS 2011-05-07 12:29:52 -07:00