oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,842 Commits 2 Branches 2 Tags
f49e99e15f082e17e40d5c30e740cdd4d97a88e7
Commit Graph

17598 Commits

Author SHA1 Message Date
Nicolas Williams
a04721b737 Added basic policy support, w/ policy names listed in krb5.conf 2011-07-22 16:05:21 -05:00
Nicolas Williams
c338446ede More kadm5 policy stub stuff. 2011-07-22 16:04:53 -05:00
Nicolas Williams
26f9924bb3 Added stubs for the kadm5 policy functions. 2011-07-22 16:04:53 -05:00
Nicolas Williams
56259efbac Added dummy kadm5_get_policies() 2011-07-22 16:04:52 -05:00
Nicolas Williams
abd94953e2 Fixes to lock nesting code. 2011-07-22 16:04:52 -05:00
Nicolas Williams
58d72035f1 Added kadm5_lock() and unlock. 2011-07-22 16:04:52 -05:00
Nicolas Williams
109607a355 Fix uninitialized variable. 2011-07-22 16:04:52 -05:00
Nicolas Williams
45294a93a7 Added a disting get-keys authorization for kadmind. 2011-07-22 16:04:52 -05:00
Nicolas Williams
3d0019d3ce Added kadm5_setkey_principal*() and kadm5_decrypt_key(). 2011-07-22 16:04:52 -05:00
Nicolas Williams
e8e314bbb1 Beginning of another new kadm5 function. Need to switch branches for a bit. 2011-07-22 16:04:52 -05:00
Nicolas Williams
6e04b05e9d Initial support for kadm5_randkey_principal_3(), needed by krb5_admin. 
NOT TESTED YET.
 2011-07-22 16:04:52 -05:00
Nicolas Williams
51e9da4a66 Fixed (preemptively) a double free and added password history based on key history. 2011-07-22 16:04:52 -05:00
Nicolas Williams
34189a23fe Added a flag to ensure that we don't mod/store hdb entries fetched with specified kvno. 2011-07-22 16:04:51 -05:00
Nicolas Williams
e7f385ad0d Initial patch to make the MIT KDB backend for HDB handle multiple kvnos. 2011-07-22 16:04:51 -05:00
Nicolas Williams
34bb7ae363 Fix double free. 2011-07-22 16:04:51 -05:00
Nicolas Williams
a095933ee0 We want the time that a keyset was set, not the time it was replaced. 2011-07-22 16:04:51 -05:00
Nicolas Williams
b45ac85b65 Add support for fetching old keys via kadm5 API. 2011-07-22 16:04:51 -05:00
Nicolas Williams
08650b573b Also encrypt the history when storing the entry. 2011-07-22 16:04:51 -05:00
Nicolas Williams
fca53990e4 Initial commit for second approach for multiple kvno. NOT TESTED! 2011-07-22 16:04:51 -05:00
Love Hornquist Astrand
ed91d4c9e3 Mac compat 2011-07-22 11:50:30 -07:00
Jeffrey Altman
c13deafcce Synchronize Windows export list with Unix 
Change-Id: Ic0ee3d1f4b49761fbd2676f4f9562f1bf906e382
 2011-07-21 11:50:45 -04:00
Jeffrey Altman
27cc30d38e GSS_C_ATTR_LOCAL_LOGIN_USER 
Be consistent with other GSSAPI global variables.  GSS_C_ATTR_LOCAL_LOGIN_USER
becomes a macro in gssapi.h that refers to an exported variable
__gss_c_attr_local_login_user

Change-Id: I2661d74cd0f760780f75b35f92d6b4f9112080dc
 2011-07-21 11:46:15 -04:00
Jeffrey Altman
b7df4f8bb3 dirent: fix filespec_from_dir_path 
If the path does not begin with a separator, do not advance
skip the first character in the component referred to by 'comp'.

Change-Id: Ide184ba2065bd8b2075be27b8e1f4cae11026fdd
 2011-07-21 11:40:04 -04:00
Jeffrey Altman
b8ce309acb Permit TESTMechType array to initialize on Windows (C89) 
Change-Id: I3c006b9c45f29b129ad6f5102792c1e912bd9c8e
 2011-07-21 11:36:31 -04:00
Love Hörnquist Åstrand
f79183821f sprinkle doxygen and kode more like the rest of the code base 2011-07-19 21:29:19 -07:00
Roland C. Dowdeswell
77c8ef2c06 krb5_free_default_realm() from mit_glue.c needs to be exported to be useful. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-19 21:25:47 -07:00
Roland C. Dowdeswell
3ef06de67b Fix a couple of bugs in krb5_c_valid_enctype(): 
1.  on errors, it appears to core dump, and

      2.  the sense of the return code is inverted from the
          MIT implementation.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-19 21:25:15 -07:00
Love Hörnquist Åstrand
7aaba443bc add NTMakefile and windows directories 2011-07-17 12:16:59 -07:00
Love Hörnquist Åstrand
9bff431435 sizeof is used incorrectly in DES3_random_to_key() 
from OpenBSD via Jonathan Gray <jsg@goblin.cx>
 2011-07-13 23:16:06 -07:00
Jeffrey Altman
49cead6a58 Merge pull request #11 from asankah/master 
Updates from Asanka to complete the Heimdal on Windows install package.  Plugins in Software/Heimdal; customizable 32-bit tools directory in multi-platform installer; Feature Tree view; and updated version number.
 2011-06-20 13:26:52 -07:00
Love Hörnquist Åstrand
45b9139cc4 if we are using db1 or db3 (really 3,4,5), when we will need LIB_db_create, otherwise use LIB_NDBM 2011-06-19 11:20:48 -07:00
Love Hörnquist Åstrand
5a25df7851 set HEIMDAL_LOCALEDIR for librfc3961.la too 2011-06-19 11:02:27 -07:00
Love Hörnquist Åstrand
4337582a64 add missing break, quiet clang analyzer 2011-06-19 10:28:51 -07:00
Asanka C. Herath
3048545de3 Windows: Use Software/Heimdal registry key for Heimdal specific configuration 
The 'plugin_dir' value is Heimdal specific.  So keep it in the
Software/Heimdal registry key.  The Software/Kerberos registry key
will also be loaded and will contain generic Kerberos configuration.
 2011-06-15 01:55:19 -04:00
Love Hörnquist Åstrand
b8ddbe73c4 quite down clang analyzer warnings for the generate asn1 code 2011-06-14 22:29:49 -07:00
Love Hörnquist Åstrand
63565137d3 don't set i = 0, its never read 2011-06-14 21:57:34 -07:00
Love Hörnquist Åstrand
7dccddc6fb count number of enctypes too 2011-06-14 21:44:23 -07:00
Love Hörnquist Åstrand
0f489b7b28 unexport krb5_init_etype, remove duplicate code 2011-06-14 21:08:52 -07:00
Nicolas Williams
016193ac6a Added manpage documentation for krb5_{as, tgs}_enctypes. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
2fbad6432b Initial support for default_{as, tgs}_etypes. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
256cf6ea12 This patch adds support for a use-strongest-server-key krb5.conf kdc parameter that controls how the KDC (AS and TGS) selects a long-term key from a service principal's HDB entry. If TRUE the KDC picks the strongest supported key from the service principal's current keyset. If FALSE the KDC picks the first supported key from the service principal's current keyset. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
481fe133b2 Also added preauth-use-strongest-session-key krb5.conf kdc parameter, similar to {as, tgs}-use-strongest-session-key. The latter two control ticket session key enctype selection in the AS and TGS cases, respectively, while the former controls PA-ETYPE-INFO2 enctype selection in the AS case. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
a7a8a7e95c Initial patch to add as-use-strongest-session-key and same for tgs krb5.conf parameters for the KDC. These control the session key enctype selection algorithm for the AS and TGS respectively: if TRUE then they prefer the strongest enctype supported by the client, the KDC and the target principal, else they prefer the first enctype fromt he client's list that is also supported by the KDC and the target principal. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Love Hörnquist Åstrand
e72940c962 more frameworks for test_name 2011-06-13 21:19:10 -07:00
ghudson@MIT.EDU
3c725a465e Initialize zero before using it in unwrap_des(). 
Heimdal since fc702a97f5 (August 2009)
can't process DES wrap tokens unless the stack garbage in the zero
array happens to be all zeros.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-13 21:18:07 -07:00
Love Hornquist Astrand
ade3d65e73 more limits 2011-05-22 20:57:30 -07:00
Love Hornquist Astrand
8b1b47035d Switch to krb5_enomem 2011-05-22 20:43:31 -07:00
Love Hörnquist Åstrand
5829bfe476 add LIB_heimbase 2011-05-22 17:28:24 -07:00
Love Hörnquist Åstrand
48a91b7fc5 change prefix ETYPE_ to KRB5_ENCTYPE_ and provide compat symbols 2011-05-22 14:06:40 -07:00
Love Hornquist Astrand
3564726537 support NT_USER_NAME for real 2011-05-22 13:02:08 -07:00