oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,546 Commits 2 Branches 2 Tags
fac34871be3d77db541d0e91eb9b511c3208d33b
Commit Graph

26546 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicolas Williams
fac34871be More kadmin support for kvno diff policy. 2011-07-22 16:06:01 -05:00
Nicolas Williams
3794d8b37b Changed lib/hdb/Makefile.am to use --sequence=HDB-Ext-KeySet 2011-07-22 16:06:01 -05:00
Nicolas Williams
355ae357eb Moved set_time field of hdb_keyset to end and add extensibility marker. 2011-07-22 16:06:01 -05:00
Nicolas Williams
c2ec368c36 Add HDB extension for storing policy regarding what historic keys may be used for 2011-07-22 16:06:00 -05:00
Nicolas Williams
308e53a4a8 Initial support for filtering out "dead" historical keys. 2011-07-22 16:05:21 -05:00
Nicolas Williams
7e0a801e28 Changed decrypt key history logic and added HDB_F_ALL_KVNOS. 2011-07-22 16:05:21 -05:00
Nicolas Williams
1f349a6aba kadmin support for policies. 2011-07-22 16:05:21 -05:00
Nicolas Williams
a04721b737 Added basic policy support, w/ policy names listed in krb5.conf 2011-07-22 16:05:21 -05:00
Nicolas Williams
c338446ede More kadm5 policy stub stuff. 2011-07-22 16:04:53 -05:00
Nicolas Williams
26f9924bb3 Added stubs for the kadm5 policy functions. 2011-07-22 16:04:53 -05:00
Nicolas Williams
56259efbac Added dummy kadm5_get_policies() 2011-07-22 16:04:52 -05:00
Nicolas Williams
abd94953e2 Fixes to lock nesting code. 2011-07-22 16:04:52 -05:00
Nicolas Williams
58d72035f1 Added kadm5_lock() and unlock. 2011-07-22 16:04:52 -05:00
Nicolas Williams
109607a355 Fix uninitialized variable. 2011-07-22 16:04:52 -05:00
Nicolas Williams
45294a93a7 Added a disting get-keys authorization for kadmind. 2011-07-22 16:04:52 -05:00
Nicolas Williams
3d0019d3ce Added kadm5_setkey_principal*() and kadm5_decrypt_key(). 2011-07-22 16:04:52 -05:00
Nicolas Williams
e8e314bbb1 Beginning of another new kadm5 function. Need to switch branches for a bit. 2011-07-22 16:04:52 -05:00
Nicolas Williams
6e04b05e9d Initial support for kadm5_randkey_principal_3(), needed by krb5_admin. 
NOT TESTED YET.
 2011-07-22 16:04:52 -05:00
Nicolas Williams
51e9da4a66 Fixed (preemptively) a double free and added password history based on key history. 2011-07-22 16:04:52 -05:00
Nicolas Williams
34189a23fe Added a flag to ensure that we don't mod/store hdb entries fetched with specified kvno. 2011-07-22 16:04:51 -05:00
Nicolas Williams
e7f385ad0d Initial patch to make the MIT KDB backend for HDB handle multiple kvnos. 2011-07-22 16:04:51 -05:00
Nicolas Williams
34bb7ae363 Fix double free. 2011-07-22 16:04:51 -05:00
Nicolas Williams
a095933ee0 We want the time that a keyset was set, not the time it was replaced. 2011-07-22 16:04:51 -05:00
Nicolas Williams
b45ac85b65 Add support for fetching old keys via kadm5 API. 2011-07-22 16:04:51 -05:00
Nicolas Williams
08650b573b Also encrypt the history when storing the entry. 2011-07-22 16:04:51 -05:00
Nicolas Williams
fca53990e4 Initial commit for second approach for multiple kvno. NOT TESTED! 2011-07-22 16:04:51 -05:00
Love Hornquist Astrand
ed91d4c9e3 Mac compat 2011-07-22 11:50:30 -07:00
Love Hörnquist Åstrand
fe10979669 Merge pull request #9 from lha/master 
gss names
 2011-07-22 11:41:49 -07:00
Jeffrey Altman
c13deafcce Synchronize Windows export list with Unix 
Change-Id: Ic0ee3d1f4b49761fbd2676f4f9562f1bf906e382
 2011-07-21 11:50:45 -04:00
Jeffrey Altman
27cc30d38e GSS_C_ATTR_LOCAL_LOGIN_USER 
Be consistent with other GSSAPI global variables.  GSS_C_ATTR_LOCAL_LOGIN_USER
becomes a macro in gssapi.h that refers to an exported variable
__gss_c_attr_local_login_user

Change-Id: I2661d74cd0f760780f75b35f92d6b4f9112080dc
 2011-07-21 11:46:15 -04:00
Jeffrey Altman
b7df4f8bb3 dirent: fix filespec_from_dir_path 
If the path does not begin with a separator, do not advance
skip the first character in the component referred to by 'comp'.

Change-Id: Ide184ba2065bd8b2075be27b8e1f4cae11026fdd
 2011-07-21 11:40:04 -04:00
Jeffrey Altman
b8ce309acb Permit TESTMechType array to initialize on Windows (C89) 
Change-Id: I3c006b9c45f29b129ad6f5102792c1e912bd9c8e
 2011-07-21 11:36:31 -04:00
Love Hörnquist Åstrand
f79183821f sprinkle doxygen and kode more like the rest of the code base 2011-07-19 21:29:19 -07:00
Roland C. Dowdeswell
77c8ef2c06 krb5_free_default_realm() from mit_glue.c needs to be exported to be useful. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-19 21:25:47 -07:00
Roland C. Dowdeswell
3ef06de67b Fix a couple of bugs in krb5_c_valid_enctype(): 
1.  on errors, it appears to core dump, and

      2.  the sense of the return code is inverted from the
          MIT implementation.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-19 21:25:15 -07:00
Love Hörnquist Åstrand
7aaba443bc add NTMakefile and windows directories 2011-07-17 12:16:59 -07:00
Love Hörnquist Åstrand
9bff431435 sizeof is used incorrectly in DES3_random_to_key() 
from OpenBSD via Jonathan Gray <jsg@goblin.cx>
 2011-07-13 23:16:06 -07:00
Jeffrey Altman
49cead6a58 Merge pull request #11 from asankah/master 
Updates from Asanka to complete the Heimdal on Windows install package.  Plugins in Software/Heimdal; customizable 32-bit tools directory in multi-platform installer; Feature Tree view; and updated version number.
 2011-06-20 13:26:52 -07:00
Love Hörnquist Åstrand
d756ad019a make tests pass again 2011-06-19 11:49:33 -07:00
Love Hörnquist Åstrand
e73a5a9c54 remove stray klist 2011-06-19 11:39:39 -07:00
Love Hörnquist Åstrand
45b9139cc4 if we are using db1 or db3 (really 3,4,5), when we will need LIB_db_create, otherwise use LIB_NDBM 2011-06-19 11:20:48 -07:00
Love Hörnquist Åstrand
5a25df7851 set HEIMDAL_LOCALEDIR for librfc3961.la too 2011-06-19 11:02:27 -07:00
Love Hörnquist Åstrand
09b07e9ef4 fix ifdef 2011-06-19 10:58:50 -07:00
Love Hörnquist Åstrand
625d29fc3e remove unused ifdef 2011-06-19 10:58:35 -07:00
Love Hörnquist Åstrand
749c112c31 only set IP_TOS on IPv4 sockets 2011-06-19 10:58:22 -07:00
Love Hörnquist Åstrand
e5eb401fcd simplify checking and start to use __has_extension 2011-06-19 10:43:12 -07:00
Love Hörnquist Åstrand
4337582a64 add missing break, quiet clang analyzer 2011-06-19 10:28:51 -07:00
Stefan Metzmacher
e54d07a9b6 kdc: check and regenerate the PAC in the s4u2proxy case 
TODO: we need to add a S4U_DELEGATION_INFO to the PAC later.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-19 10:26:11 -07:00
Stefan Metzmacher
9ab4070800 kdc: pass the correct principal name for the resulting service ticket 
Depending on S4U2Proxy the principal name for the resulting
ticket is not the principal of the client ticket.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-19 10:26:11 -07:00
Stefan Metzmacher
2c031ca78c kdc: let check_PAC() to verify the incoming server and krbtgt cheksums 
For a normal TGS-REQ they're both signed with krbtgt key.
But for S4U2Proxy requests which ask for contrained delegation,
the keys differ.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-19 10:26:11 -07:00