oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,058 Commits 2 Branches 2 Tags
cdc04ce0ffdd6b3d3d3104de7388714bae84e7a9
Commit Graph

27058 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Bartlett
cdc04ce0ff make hmac-md5 the keyed checksum type for arcfour-hmac-md5 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2012-01-10 22:54:16 +01:00
Andrew Bartlett
5ce504c1fb use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3 
This allows a strict link between checksum types and key types to be
enforced.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2012-01-10 22:54:16 +01:00
Jeffrey Altman
81db1ebce2 Correct d68aee90ed 
in any case.  Both EAI_NODATA and WSANO_DATA can exist at the
same time.

Change-Id: I4378d8d3a5471a472a9b32632b0c70a1d717b951
 2012-01-10 10:19:27 -05:00
Jeffrey Altman
d68aee90ed Windows: translate WSANO_DATA to HEIM_EAI_NODAT 
Change-Id: I9116ab68b1f2ac4417577125df1efc5a1b42c89e
 2012-01-08 17:10:01 -05:00
Nicolas Williams
7d7624f7f7 Fix CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
    http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
    http://security.freebsd.org/patches/SA-11:08/telnetd.patch
 2011-12-28 17:50:30 -06:00
Russ Allbery
5ca056969a Close memory leak in the client kadmin library 
kadm5_c_destroy was not freeing the kadm5_client_context, just its
contents.  Also free the context itself.

Signed-off-by: Nicolas Williams <nico@cryptonector.com>
 2011-12-22 18:36:17 -06:00
Nicolas Williams
d769eced7b Plugin symbols can't have '-' in them... Also add example to krb5-plugin.7 2011-12-22 17:44:47 -06:00
Russ Allbery
911c993757 Fix reauthentication after password change in init_creds_password 
When retrying authentication after a password change of an expired
password, use the new password instead of the original one.  Also,
pass in the correct length for the new password buffer to
change_password and zero the buffer that holds the new password on
function exit.

Signed-off-by: Russ Allbery <rra@stanford.edu>
Signed-off-by: Nicolas Williams <nico@cryptonector.com>
 2011-12-22 14:53:08 -06:00
Russ Allbery
0f81a468a3 Link kdc-tester with libheimbase directly 
It directly uses symbols provided by that library.

Signed-off-by: Nicolas Williams <nico@cryptonector.com>
 2011-12-22 14:52:58 -06:00
Nicolas Williams
223af60018 Oops, forgot to actually add krb5-plugin.7 
I use a shell alias that expands to git add -uv ..., and the -u
    means new files don't get added :(
 2011-12-22 14:42:05 -06:00
Nicolas Williams
25e623a957 Fix doxygen comment in krb5_aname_to_lname() 2011-12-22 11:17:42 -06:00
Nicolas Williams
672f6285ce Add doxygen docs for some plugin structs 2011-12-22 11:17:21 -06:00
Nicolas Williams
8aa248370f Make the build system make and install section 7 manpages 2011-12-21 15:43:56 -06:00
Nicolas Williams
06974f27cb Add a krb5-plugin.7 manpage to document the plugin system 2011-12-21 13:59:37 -06:00
Love Hornquist Astrand
a66a23bb45 Apply old patch from me that handles client's behind NAT 
Tested by Harald Barth and bugfix by Ragnar Sundblad
 2011-12-15 22:00:00 -08:00
Love Hornquist Astrand
b6f3ca6712 add heim_show, sort lines 2011-12-15 21:51:06 -08:00
Love Hornquist Astrand
8e1b58e923 move function pointer to last argument 2011-12-15 21:48:33 -08:00
Love Hornquist Astrand
b780dddb9b add show 2011-12-15 21:48:20 -08:00
Love Hornquist Astrand
d05e64b967 move function pointer to last argument 2011-12-15 21:48:09 -08:00
Love Hornquist Astrand
8deda7a299 add show, move function pointer to last argument 2011-12-15 21:47:56 -08:00
Love Hornquist Astrand
9cfc014a66 name KRB5_PLUGIN_KUSEROK "kuserok-plugin" 2011-12-15 21:46:43 -08:00
Nicolas Williams
dd05873d0c Fix regression in ASN.1 int type generation 
The 64-bit integer support changed the logic for deciding when an
    INTEGER should map to a signed or unsigned 32- or 64-bit integer
    type.  The upshot is that two places where we had {0, INT_MAX}
    ranges needed to be changed to be {0, UINT_MAX}.

    We need to tweak the integer type mapping logic to have a bias for
    unsigned integer types.  Unsigned is better.
 2011-12-15 14:37:09 -06:00
Nicolas Williams
4630ef1bdc Fix kuserok.c:check_owner_file(), make tests/kdc/check-authz run 2011-12-14 18:01:35 -06:00
Love Hornquist Astrand
fb26e41d06 to utf8 2011-12-14 08:46:05 -08:00
Love Hornquist Astrand
477738a80d try w/o FAST if the KDC doesnt seem to handle it 2011-12-14 08:46:05 -08:00
Love Hörnquist Åstrand
2be0f1a1a4 check that we don't use negative size for arrays 2011-12-13 21:52:05 -08:00
Love Hörnquist Åstrand
2a551314a6 don't use negative size 2011-12-13 21:51:48 -08:00
Nicolas Williams
a222521e68 64-bit build fixes for ASN.1 compiler 64-bit integer support 2011-12-13 13:03:57 -06:00
Love Hornquist Astrand
449fb4775e check length of TESTuint64 2011-12-12 23:13:56 -08:00
Love Hornquist Astrand
80fd2959b9 check length of TESTuint64 2011-12-12 23:13:47 -08:00
Love Hornquist Astrand
9a4f8c3da7 add missing dependency 2011-12-12 23:11:21 -08:00
Love Hornquist Astrand
b91258ccdc better naming 2011-12-12 22:49:25 -08:00
Love Hornquist Astrand
a11ca3cb1b add rk_getpwnam_r 2011-12-12 21:55:06 -08:00
Love Hornquist Astrand
d453899462 split user and dir, use rk_getpwnam_r 2011-12-12 21:53:41 -08:00
Love Hornquist Astrand
167084b3e7 ident 2011-12-12 21:28:52 -08:00
Love Hornquist Astrand
54ce0a776c re-encode as utf8 2011-12-12 21:26:52 -08:00
Nicolas Williams
19d378f44d Add 64-bit integer support to ASN.1 compiler 
ASN.1 INTEGERs will now compile to C int64_t or uint64_t, depending
    on whether the constraint ranges include numbers that cannot be
    represented in 32-bit ints and whether they include negative
    numbers.

    Template backend support included.  check-template is now built with
    --template, so we know we're testing it.

    Tests included.
 2011-12-12 20:01:20 -06:00
Andrew Bartlett
0e7437ba2e HEIMDAL: Supply krb5_context to _krb5_internal_hmac to allow logging 
Without this, log messages from any abort are not printed to
the samba logs.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-12-11 21:45:15 -08:00
Love Hornquist Astrand
c4d97ae93e encode result code with right length, pointed out by Rangar Sundblad, thanks! 2011-12-11 18:22:29 -08:00
Love Hornquist Astrand
2eb0d6ec82 dont entrust sprintf to encode binary packets 2011-12-11 18:08:05 -08:00
Nicolas Williams
35e28dcd5d Fix incomplete sentence in krb5.conf.5 2011-12-10 14:27:46 -06:00
Nicolas Williams
27ba7a5982 Address code review comments (use .Xr and .Pa macros in krb5.conf.5) 2011-12-10 14:06:16 -06:00
Nicolas Williams
e00b43a94b Address code review comments (k5login/foo in EXTRA_DIST) 2011-12-10 14:06:15 -06:00
Nicolas Williams
3109770484 Address code review comments (use _krb5_homedir_access()) 2011-12-10 14:06:09 -06:00
Nicolas Williams
8e04b6dce2 Address code review comments (use krb5_enomem()) 2011-12-10 14:05:35 -06:00
Nicolas Williams
abd065be02 Add a test for krb5_kuserok() 2011-12-08 13:34:02 -06:00
Nicolas Williams
b9f8e6d956 Add DENY rule for krb5_kuserok() and update manpage 2011-12-08 13:34:02 -06:00
Nicolas Williams
8e63cff2cc Document krb5_kuserok() configuration parameters 2011-12-08 13:34:01 -06:00
Nicolas Williams
ad7e54d698 Generalize token expansion to allow for context-specific tokens 2011-12-08 13:33:37 -06:00
Nicolas Williams
6aec02f979 Make krb5_kuserok() pluggable and add features (including MIT config compat) 2011-12-08 13:33:36 -06:00