Commit Graph

5555 Commits

Author SHA1 Message Date
Jeffrey Altman
cbf126bede Permit NULL context to krb5_get_error_message()
Application developers have a tendency to use krb5_get_error_message()
as a drop in replacement for error_message() and under various
circumstances they pass in a NULL context.  This method works fine
for MIT's implementation which ignores the context but in Heimdal
passing in a NULL context would dump core.

This patch set modifies krb5_get_error_message() in order to
permit the passing of a NULL context.  First, if the context
is NULL, an attempt will be made to allocate one locally for
the purpose of evaluating the error code.  Second, if a local
context cannot be allocated, fall back on calling error_message().
If error_message() fails to return a string, then generate an
"unknown error" response.

Only if all of the above fails is NULL returned.

Change-Id: If4baf7d6c428cf0baf11c044b8dfd5c2b3cdf7e4
2011-09-27 14:26:26 -04:00
Love Hornquist Astrand
777b24fbb5 add krb5_is_enctype_weak 2011-09-26 08:47:37 +02:00
Jeffrey Altman
9a127beb26 Windows: set default ccache to registry
Add _krb5_set_default_cc_name_to_registry() function and
call use it on Windows to set the user's default credential cache.

Change-Id: Ib59ff218a098a841bc61846abf873736380b5c6c
2011-09-26 02:00:13 -04:00
Jeffrey Altman
132693df5a Add _krb5_store_string_to_reg_value() for Windows
The new _krb5_store_string_to_reg_value() function permits
the caller to create REG_SZ, REG_EXPAND_SZ, REG_DWORD, and
REG_MULTI_SZ entries in the registry.

Change-Id: Ib5740ad07209618d8ea4c0bf3c75615f27e98b4e
2011-09-26 01:58:29 -04:00
Jeffrey Altman
3854e64a4a include weak etypes in default etype list if allow_weak_crypto
commit 0ed83cebd3 removed the
weak enctypes from the default enctype list.  This is a change
in behavior from 1.5.x which permitted the use of weak enctypes
if "allow_weak_crypto" is set to true.  This patchset creates
two default enctype lists.  One with weak enctypes and the other
without.  The weak version is used if "allow_weak_crypto" is set
to true.

Change-Id: Ide5cce0645836249031350bfaf619d970635e579
2011-09-26 01:44:16 -04:00
Love Hornquist Astrand
d3f85af92c move deprecated function to deprecated.c 2011-09-25 19:03:11 +02:00
Love Hornquist Astrand
0b02f05a19 error_buf is gone 2011-09-25 17:49:06 +02:00
Love Hornquist Astrand
2daeea4feb handle error code from size_too_large more correct 2011-09-22 16:36:52 +02:00
Love Hornquist Astrand
f1a6f9a9fa remove warning, remove forward declaration by moving the function up, ident 2011-09-02 05:20:47 -07:00
Harald Barth
38df403d45 Move common code to krb5_unsupported_enctype() and make error message contain string instead of error number
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-09-02 05:15:47 -07:00
Love Hornquist Astrand
e5ce363778 list both des-cbc-crc and des-cbc-md5 entries 2011-08-31 09:13:37 -07:00
Love Hörnquist Åstrand
11ac82ecf2 no more krb4 2011-08-10 09:21:32 -07:00
Love Hörnquist Åstrand
4a43975270 drop unused KRB4 bits 2011-07-30 14:14:52 -07:00
Love Hörnquist Åstrand
0ed83cebd3 disable old deprecated enctypes 2011-07-30 12:11:08 -07:00
Love Hörnquist Åstrand
b6fc70019e better error message 2011-07-24 22:33:39 -07:00
Love Hörnquist Åstrand
0941d6dbce add constant for WELLKNOWN:ORG.H5L realm 2011-07-24 21:29:27 -07:00
Linus Nordberg
bebb50797f Add krb5_init_creds symbols needed by kinit.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-07-24 20:24:39 -07:00
Love Hörnquist Åstrand
888780c9e7 add fast symbols 2011-07-24 20:24:39 -07:00
Love Hörnquist Åstrand
e9053800f1 add Fast cookie 2011-07-24 20:24:39 -07:00
Love Hornquist Astrand
242d7e1602 comment 2011-07-24 20:24:39 -07:00
Love Hornquist Astrand
5d1ae998f9 "better" error codes 2011-07-24 20:24:39 -07:00
Love Hornquist Astrand
067072f81e complete KrbFastFinished message work 2011-07-24 20:24:39 -07:00
Love Hornquist Astrand
b6d5637b61 fill in more bits 2011-07-24 20:24:39 -07:00
Love Hornquist Astrand
7635eee8c4 simplify 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
04c7dd7cee start completion of KrbFastFinished 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
91df0a8120 add _krb5_fast_cf2 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
19e572db60 add krb5_process_last_request 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
b73d402a47 export process last request 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
01993e8d76 remove to strict usage 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
a01520cb50 validate KRB5_PADATA_REQ_ENC_PA_REP 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
adf772865c new use of _krb5_extract_ticket 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
aaf9594429 new use of _krb5_extract_ticket 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
f76cf44d82 add KRB5_ANON_REALM 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
d9b36b3155 add fast.c 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
7b398263da Partial FAST 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
0ca5e44955 shared key for _krb5_fast_armor_key 2011-07-24 20:24:38 -07:00
Love Hornquist Astrand
8e65528f84 disable none 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
2e8b550e7b punt if caller passed us a crypto object, we didn't find a keyed checksum type 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
7c55029060 Add fast armor bits 2011-07-24 20:24:37 -07:00
Love Hornquist Astrand
16d16588d2 move back init_as_req when building packet 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
7bc5fe72fb more keyusage 2011-07-24 20:24:36 -07:00
Love Hornquist Astrand
91fce795af add more key usage for fast 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
c148c2b432 unused key 2011-07-24 20:24:35 -07:00
Love Hornquist Astrand
580ba6aa72 KU bits for fast 2011-07-24 20:24:34 -07:00
Love Hörnquist Åstrand
1879af9e43 Break out fast state, shuffle around state so that as-req is inited earlier 2011-07-24 20:24:34 -07:00
Love Hörnquist Åstrand
04128ac081 Use reply_key from fast layer. 2011-07-24 20:24:34 -07:00
Love Hörnquist Åstrand
fd7c870550 add reply reply_key 2011-07-24 20:24:34 -07:00
Love Hörnquist Åstrand
a5e342f8ba Add fast_state. 2011-07-24 20:24:34 -07:00
Love Hörnquist Åstrand
8060a561db switch to KRB5_ENCTYPE 2011-07-24 16:02:22 -07:00
Love Hörnquist Åstrand
8fccb51d49 Merge pull request #12 from nicowilliams/krb5_admin_patches_2nd
Krb5 admin patches 2nd

This has all the patches needed for krb5_admind to build and pass most tests, that includes:
- more kadm5 API compatibility (including very basic profile functionality)
- multi-kvno support (useful for key rollovers) (a test for this is included in tests/db/check-kdc)

Unfinished:
- password history (currently uses key history, needs to be separated and use digests)
- policies (only default policy allowed)
- mit kdb changes not tested yet


Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-07-24 15:41:36 -07:00