oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
25,648 Commits 2 Branches 2 Tags
ce438f343ca7cc5506e843470713b7d51bfba49c
Commit Graph

25648 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Love Hornquist Astrand
a76daa7e35 support WIND_PROFILE_LDAP_CASE 2010-03-29 01:13:30 -07:00
Andrew Bartlett
d9f4d53dda s4:heimdal Use correct variable to advance past -- options in kpasswd 
This bug was introduced when kpasswd was migrated to a local getarg()
call, in Heimdal commit 7dd146072c

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-27 01:20:52 -07:00
Love Hornquist Astrand
aaf310f99e constify 2010-03-23 20:20:51 -07:00
Love Hornquist Astrand
de6da2f212 add people 2010-03-21 22:09:54 -07:00
Love Hornquist Astrand
096902359f 1.3.2 2010-03-21 21:36:35 -07:00
Love Hornquist Astrand
4660ec8358 check for underruns 2010-03-21 21:05:21 -07:00
Love Hornquist Astrand
d02418be27 windows doesn't have /dev/random 2010-03-21 16:44:30 -07:00
Love Hornquist Astrand
08572822da use pathp for pathbased file names 2010-03-21 16:07:45 -07:00
Love Hornquist Astrand
408e3420d1 try hard to unset HOME and randfile 2010-03-21 16:06:34 -07:00
Love Hornquist Astrand
83e2a17c0f document more assumptions about hdb_rename 2010-03-21 14:56:57 -07:00
Love Hornquist Astrand
d837f736f8 Make locking work when doing rename, rename assume db in not ->hdb_open'ed. 2010-03-21 14:55:36 -07:00
Love Hornquist Astrand
c491b59007 pull out unix /dev/random if we cant get users home directory 2010-03-21 11:01:24 -07:00
Love Hornquist Astrand
76122d97c2 Test emptier environment 2010-03-21 10:59:26 -07:00
Love Hornquist Astrand
fc9aff2260 log the source too 2010-03-21 09:41:20 -07:00
Love Hornquist Astrand
3ac7d626c2 log failures 2010-03-21 09:37:42 -07:00
Love Hornquist Astrand
32d148b2f8 Check for dd_fd in DIR not struct dirent 
Pointed out by Ragnnar Sundblad in private mail
 2010-03-21 09:08:46 -07:00
Love Hornquist Astrand
fea82013eb Check for dd_fd in DIR not struct dirent 
Pointed out by Ragnnar Sundblad in private mail
 2010-03-21 08:58:33 -07:00
Love Hornquist Astrand
ad2de1222f spelling 2010-03-20 15:25:55 -07:00
Love Hornquist Astrand
cfb43997ae define YY_NULL 2010-03-20 14:44:16 -07:00
Love Hornquist Astrand
b0a79dcd40 Improve the dns retry logic 
Bug reported by Richard Silverman on heimdal-bugs
 2010-03-19 14:19:43 -07:00
Love Hornquist Astrand
d3efb7d043 don't bother supporting KRB5_AUTHDATA_SIGNTICKET_OLD 2010-03-19 13:58:45 -07:00
Love Hornquist Astrand
24e2001f51 support old SIGNTICKET too 2010-03-19 13:56:20 -07:00
Love Hornquist Astrand
3af54e67d9 Renumber signedticket to 512 since 142 was stolen. 2010-03-19 13:44:51 -07:00
Andrew Tridge
6bff49a89d memset the right length of the {i,o}pad data, memset opad not ipad in the opad case (typo) 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-18 10:59:51 -07:00
Love Hornquist Astrand
f26d6c2398 (krb5_set_default_in_tkt_etypes): filter out unwanted enctypes 
Needed for Samba that tries really hard to use DES encryption types.

Reported by Natanael Copa on heimdal-discuss
 2010-03-17 09:30:11 -07:00
Love Hornquist Astrand
523c393829 Better error message for decomp 2010-03-17 06:21:56 -07:00
Love Hornquist Astrand
a6f9dfc5ad drop krb4 2010-03-16 20:43:24 -07:00
Love Hornquist Astrand
433b1d5073 drop RCSID 2010-03-16 12:52:58 -07:00
Love Hornquist Astrand
dde9ae659b drop RCSID 2010-03-16 12:50:09 -07:00
Russ Allbery
97648fc257 Disable kpasswdd error replies to completely malformed requests 
Only send an error reply if the request passes basic verification.
Otherwise, kpasswdd would reply to every UDP packet, allowing an
attacker to set up a ping-pong DoS attack via a spoofed UDP packet with
a source address of another UDP service that also replies to every
packet.

Also suppress the error reply if ap_req_len is 0, since this indicates
an error packet.  An error packet may be the result of a ping-pong
attacker pointing us at another kpasswdd.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-16 11:50:22 -07:00
Russ Allbery
5230b2f8f5 Discard old keys in MIT dump files in hprop 
An MIT dump file may contain multiple key sets for one principal, with
different kvnos.  The Heimdal database can only represent a single
kvno, and previously the kvno was set to the last key found in the entry
and all keys were added to the entry.  Since kvnos are given from high
to low in the database dump, this would result in the principal getting
the kvno of the oldest key and all keys stored without regard for kvno.

Instead, ignore all keys with kvnos lower than the first kvno we see and
only store keys with a kvno matching it.  If we see a key with a kvno
higher than the first kvno we see, exit with an error since that case is
not currently handled (and should not happen in a typical MIT database
dump).

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-16 11:48:15 -07:00
Matthias Dieter Wallnöfer
69ea9b38e9 heimdal - fix overlapped identifiers in the "krb5" library 
heimdal - fix overlapped identifiers in the "krb5" library

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-16 10:05:35 -07:00
Love Hornquist Astrand
50990d61cf free always "ctx->password" when it isn't needed anymore 
Patch originally from Matthias Dieter Wallnöfer, changed by me to keep
clearing the password from memory.
 2010-03-16 10:04:20 -07:00
Love Hornquist Astrand
313a2243bb Allow users to specify their own configuration file ~/.krb5/config 
Idea from Rune L on heimdal-discuss
 2010-03-16 09:09:27 -07:00
Harald Barth
a06a40dd77 dont use modern syntax to please old makeinfo 2010-03-15 05:05:10 -07:00
Love Hornquist Astrand
33d80cbcfc include roken.h 2010-03-12 09:04:39 -08:00
Love Hornquist Astrand
cf1b11f8a0 export more 2010-03-11 23:35:26 -08:00
Love Hornquist Astrand
6da28e73eb move same ifdef magic from roken-common.h.in to here, use strerror() 2010-03-11 23:35:00 -08:00
Love Hornquist Astrand
7d9335ce69 in the STRERROR_R_PROTO_COMPATIBLE case, only provide a rk_strerror_r function if there is a broken prototype 
From harald barth.
 2010-03-11 18:40:47 -08:00
Love Hornquist Astrand
e57bd85101 spelling 2010-03-10 20:05:31 -08:00
Love Hornquist Astrand
f2611400b0 Set e_text for more cases 2010-03-07 02:44:25 -08:00
Love Hornquist Astrand
ae74dc7316 allow a cross realm ticket returned in the non referrals case 2010-03-07 01:02:02 -08:00
Love Hornquist Astrand
03262460dd use krb5_principal_is_krbtgt 2010-03-07 01:01:32 -08:00
Love Hornquist Astrand
71150bb1bc add krb5_principal_is_krbtgt 2010-03-07 01:00:48 -08:00
Love Hornquist Astrand
a46bc97443 Windows code never calls dirfd, avoid warning 2010-02-27 19:23:08 -08:00
Love Hornquist Astrand
94a8d9c5e5 autoconf test for dirfd and dd_fd 2010-02-25 22:18:32 -08:00
Love Hornquist Astrand
53024a5a22 start to document gss_import_name 2010-02-21 23:21:58 +01:00
Love Hornquist Astrand
521098738c document gss_release_name 2010-02-21 23:21:43 +01:00
Love Hornquist Astrand
a40c4855ed provide complete krb5-mit.conf 2010-02-21 07:03:46 -08:00
Love Hornquist Astrand
564fe5cb05 remove heimdal-db* 2010-02-21 07:01:30 -08:00