oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,842 Commits 2 Branches 2 Tags
f49e99e15f082e17e40d5c30e740cdd4d97a88e7
Commit Graph

17598 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
671e231d75 fix warning 2011-07-24 14:09:23 -07:00
Linus Nordberg
2e35198908 Add version-script.map to _DEPENDENCIES. 
Added to 11 out of 14 directories with map files.  Not lib/ntlm,
lib/hcrypto and kdc which have the map file as an explicit dependency
to _OBBJECTS.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 14:07:59 -07:00
Love Hörnquist Åstrand
f60ec15834 partly unify enctype/keytype since there is only enctypes 2011-07-24 14:03:08 -07:00
Love Hörnquist Åstrand
8f2294e1f9 switch order of type and GSSAPI_LIB_VARIABLE 2011-07-24 13:00:36 -07:00
Love Hörnquist Åstrand
052c5767fd fixup type for GSS_C_ATTR_LOCAL_LOGIN_USER 2011-07-24 12:47:55 -07:00
Love Hörnquist Åstrand
d434bda588 make sure keylen is a multiple of 2 2011-07-24 12:34:51 -07:00
Andrew Bartlett
84bc108d8f lib/krb5: Allow any kvno to match when searching the keytab. 
Windows does not use a KVNO when it checks it's passwords, and MIT
doesn't check the KVNO when no acceptor identity is specified (looping
over all keys in the keytab).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 10:37:40 -07:00
Nicolas Williams
a7717ae4f9 Use heim_assert() instead of assert() 2011-07-24 11:10:37 -05:00
Nicolas Williams
11c54cd6c8 Protect against negative n_ks_tuple values and against randkey returning negative n_keys 2011-07-24 11:08:58 -05:00
Nicolas Williams
95262936c7 s/assert/heim_assert/ and remove dead code 2011-07-24 11:07:27 -05:00
Love Hörnquist Åstrand
4bff0fbb31 check for NULL as argument to krb5_{prepend,set}_error_message functions 2011-07-23 12:06:01 -07:00
Love Hörnquist Åstrand
fb8c65a8c2 better logging 2011-07-23 11:44:42 -07:00
Love Hörnquist Åstrand
12403a31ce sprinkle more windows files 2011-07-23 11:18:21 -07:00
Nicolas Williams
dfc7ec92fa Make kadm5_lock() and unlock work, and add kadmin commands for them. 
The libkadm5 functions hdb_open() and close around all HDB ops.  This
meant the previous implementation of kadm5_lock() and unlock would
always result in a core dump.  Now we hdb_open() for write in
kadm5_lock() and hdb_close() in kadm5_unlock(), with all kadm5_s_*()
functions now not opening nor closing the HDB when the server context
keep_open flag is set.

Also, there's now kadmin(8) lock and unlock commands.  These are there
primarily as a way to test the kadm5_lock()/unlock() operations, but
MIT's kadmin.local also has lock/unlock commands, and these can be
useful for scripting (though they require much care).
 2011-07-22 21:07:48 -05:00
Nicolas Williams
43c5244ecc Fix from Roland Dowdeswell -- kadm5_setkey_principal() has to rev kvno earlier 2011-07-22 16:18:44 -05:00
Nicolas Williams
e23a1efdc9 Fixes for updates of KADM5_KVNO but not KEY_DATA and vice-versa. 
It turns out that updates of kvno but not key data and vice-versa are
both, allowed and actually done (e.g, in kadmin's ank).  Doing the right
thing in these cases turns out to be a bit tricky, but this commit ought
to do it.
 2011-07-22 16:07:10 -05:00
Nicolas Williams
1e14951592 Preserve set_time on historic keysets in kadm5_s_modify_principal() path. 2011-07-22 16:07:10 -05:00
Nicolas Williams
0f53687346 Two mods from Roland to make kadm5_setkey_principal_3() work. 2011-07-22 16:07:09 -05:00
Nicolas Williams
4f5dbf2f81 Two patches from Roland Dowdeswell to make n_keys/new_keys args optional. 2011-07-22 16:07:09 -05:00
Nicolas Williams
c818890dd7 Re-write _kadm5_set_keys2() to handle key history. 2011-07-22 16:07:08 -05:00
Nicolas Williams
1eb56edd86 Introduce Keys ::= SEQUENCE OF Key in hdb.asn1 so we can get convenience utils. 2011-07-22 16:07:08 -05:00
Nicolas Williams
689d4f4dd9 Another HDB_F_DECRYPT-isn't-critical fix. 2011-07-22 16:07:08 -05:00
Nicolas Williams
5335559845 Oops, HDB_F_DECRYPT isn't critical; making it so breaks tests. 2011-07-22 16:07:08 -05:00
Nicolas Williams
a246c394d2 Fix warnings. 2011-07-22 16:07:08 -05:00
Nicolas Williams
f2897efd09 Make the KDC path work. 2011-07-22 16:07:08 -05:00
Nicolas Williams
e23c7a7daf How on earth did this build breaking thinko get through? 2011-07-22 16:07:07 -05:00
Nicolas Williams
9d6d3ee5f3 Fixed a likely bug in modify_principal() where the memset() of ent happens after early error checking. 2011-07-22 16:07:07 -05:00
Nicolas Williams
07370612bd Remove policy name checking against krb5.conf code. 2011-07-22 16:07:07 -05:00
Nicolas Williams
87742e8118 Add missing KADM5_AUTH_GET_KEYS error and use it. 2011-07-22 16:07:07 -05:00
Nicolas Williams
909653e50f Add comment and assert about key history to kadm5_log_replay_modify() 2011-07-22 16:07:07 -05:00
Nicolas Williams
b16ca34642 Fix incorrect key history check optimization. (NOT TESTED) 2011-07-22 16:07:07 -05:00
Nicolas Williams
784e6a69df Avoid useless work related to keepold. 2011-07-22 16:07:07 -05:00
Nicolas Williams
9adb40a06e Forgot to export the kadm5 policy functions. 2011-07-22 16:07:06 -05:00
Nicolas Williams
31974aa24c More s/int/size_t/ for iterators. Also fixed a stupid bug. 2011-07-22 16:07:06 -05:00
Nicolas Williams
0d90e0c4d0 Complete --keepold support and fix crasher in kadmin cpw -r --keepold. 2011-07-22 16:07:06 -05:00
Nicolas Williams
558a8d05a6 Forgot to export kadm5_store_principal_ent_nokeys(). 2011-07-22 16:07:06 -05:00
Nicolas Williams
a35ea4955a create_principal() must memset(ent, 0, ...) before ever returning (fixes core dump) 2011-07-22 16:07:06 -05:00
Nicolas Williams
cf1c898e95 Undo a s/size_t/int/. Iterators must be unsigned. 2011-07-22 16:07:05 -05:00
Nicolas Williams
0674e4b13a Ooops! Mind those tags when re-ordering ASN.1 SEQUENCEs! (hdb_keyset) 2011-07-22 16:07:05 -05:00
Nicolas Williams
4b0245d096 Export the new kadm5 functions. 2011-07-22 16:07:05 -05:00
Nicolas Williams
e16360e2db Add --keepold option to cpw. 2011-07-22 16:07:05 -05:00
Nicolas Williams
acc8cd4b22 Duh, act on keepold in randkey! 2011-07-22 16:06:25 -05:00
Nicolas Williams
e7ea698366 Fixed dumb bug that caused keys to not accumulate in history. 2011-07-22 16:06:01 -05:00
Nicolas Williams
53ea8ac59b Make changes to hdb_keyset type be backward-compatible. 2011-07-22 16:06:01 -05:00
Nicolas Williams
a280ed4d4c Forgot a file for the hdb_keyset backwards-compat extention. 2011-07-22 16:06:01 -05:00
Nicolas Williams
3794d8b37b Changed lib/hdb/Makefile.am to use --sequence=HDB-Ext-KeySet 2011-07-22 16:06:01 -05:00
Nicolas Williams
355ae357eb Moved set_time field of hdb_keyset to end and add extensibility marker. 2011-07-22 16:06:01 -05:00
Nicolas Williams
c2ec368c36 Add HDB extension for storing policy regarding what historic keys may be used for 2011-07-22 16:06:00 -05:00
Nicolas Williams
308e53a4a8 Initial support for filtering out "dead" historical keys. 2011-07-22 16:05:21 -05:00
Nicolas Williams
7e0a801e28 Changed decrypt key history logic and added HDB_F_ALL_KVNOS. 2011-07-22 16:05:21 -05:00