oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,546 Commits 2 Branches 2 Tags
fac34871be3d77db541d0e91eb9b511c3208d33b
Commit Graph

618 Commits

Author SHA1 Message Date
Nicolas Williams
3794d8b37b Changed lib/hdb/Makefile.am to use --sequence=HDB-Ext-KeySet 2011-07-22 16:06:01 -05:00
Nicolas Williams
355ae357eb Moved set_time field of hdb_keyset to end and add extensibility marker. 2011-07-22 16:06:01 -05:00
Nicolas Williams
c2ec368c36 Add HDB extension for storing policy regarding what historic keys may be used for 2011-07-22 16:06:00 -05:00
Nicolas Williams
308e53a4a8 Initial support for filtering out "dead" historical keys. 2011-07-22 16:05:21 -05:00
Nicolas Williams
7e0a801e28 Changed decrypt key history logic and added HDB_F_ALL_KVNOS. 2011-07-22 16:05:21 -05:00
Nicolas Williams
a04721b737 Added basic policy support, w/ policy names listed in krb5.conf 2011-07-22 16:05:21 -05:00
Nicolas Williams
abd94953e2 Fixes to lock nesting code. 2011-07-22 16:04:52 -05:00
Nicolas Williams
58d72035f1 Added kadm5_lock() and unlock. 2011-07-22 16:04:52 -05:00
Nicolas Williams
109607a355 Fix uninitialized variable. 2011-07-22 16:04:52 -05:00
Nicolas Williams
6e04b05e9d Initial support for kadm5_randkey_principal_3(), needed by krb5_admin. 
NOT TESTED YET.
 2011-07-22 16:04:52 -05:00
Nicolas Williams
51e9da4a66 Fixed (preemptively) a double free and added password history based on key history. 2011-07-22 16:04:52 -05:00
Nicolas Williams
34189a23fe Added a flag to ensure that we don't mod/store hdb entries fetched with specified kvno. 2011-07-22 16:04:51 -05:00
Nicolas Williams
e7f385ad0d Initial patch to make the MIT KDB backend for HDB handle multiple kvnos. 2011-07-22 16:04:51 -05:00
Nicolas Williams
34bb7ae363 Fix double free. 2011-07-22 16:04:51 -05:00
Nicolas Williams
a095933ee0 We want the time that a keyset was set, not the time it was replaced. 2011-07-22 16:04:51 -05:00
Nicolas Williams
08650b573b Also encrypt the history when storing the entry. 2011-07-22 16:04:51 -05:00
Nicolas Williams
fca53990e4 Initial commit for second approach for multiple kvno. NOT TESTED! 2011-07-22 16:04:51 -05:00
Love Hörnquist Åstrand
7aaba443bc add NTMakefile and windows directories 2011-07-17 12:16:59 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Jeffrey Altman
6850d6a65f avoid uninit variable and unreachable code warnings 
most of these warnings are not problems because of ample
use of abort() calls.  However, the large number of warnings
makes it difficult to identify real problems.  Initialize
the variables to shut up the compilers.

Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
 2011-05-17 12:02:16 -04:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Love Hornquist Astrand
7a4d4c5f4e Add HAVE_SQLITE3 that allows control if you want sqlite or not 2011-04-16 10:26:43 -07:00
Nicolas Williams
4244f13866 This makes hdb-sqlite work: moving the unseal of keys past the value2entry decoding. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-04-16 10:19:40 -07:00
Nicolas Williams
b5137810fb Various bug fixes in hdb-mitdb.c. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-04-04 22:44:58 -07:00
Nicolas Williams
941eba430b Fixed a bug by s/u16/SEEK_CURR/; the bug prevented this mitdb backend from parsing MIT KDB entries with multiple kvnos in non-increasing order. 
Fixed a double-free bug that was triggered by MIT KDB entries with
multiple kvnos in non-increasing order.

Added lots of comments regarding the MIT KDB entry format.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-04-04 22:44:57 -07:00
Luke Howard
987658325e correctly decode MIT KDB flags 
Patch from Nico Williams <nico@cryptonector.com>
 2011-03-23 11:26:50 +11:00
Jelmer Vernooij
1ad64fe599 hdb.h: Include krb5.h first, so hdb.h can be included standalone. 
This makes it a bit easier to find libhdb in e.g. configure tests and
is consistent with the main header files for the other Heimdal
libraries, none of which has any prerequisite other headers.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-01-03 11:51:09 +01:00
Love Hornquist Astrand
0a10f35897 drop unused functions 2010-11-28 11:50:42 -08:00
Love Hornquist Astrand
6c6726d76c drop hdb_fetch 2010-11-28 11:46:46 -08:00
Love Hornquist Astrand
917920e8cd implement fetch_kvno 2010-11-28 11:34:33 -08:00
Love Hornquist Astrand
38d0a72326 implement fetch_kvno 2010-11-28 11:33:24 -08:00
Love Hornquist Astrand
daa3d4753d implement fetch_kvno 2010-11-28 11:31:15 -08:00
Love Hornquist Astrand
ee8c2e45b4 use _hdb_fetch_kvno 2010-11-28 11:20:31 -08:00
Love Hornquist Astrand
c44315b6d9 add _hdb_fetch_kvno 2010-11-28 11:19:43 -08:00
Love Hornquist Astrand
617c51a150 kvno is krb5_kvno not unsigned 2010-11-28 11:19:22 -08:00
Love Hornquist Astrand
8ece8672ae kvno is krb5_kvno not unsigned 2010-11-28 11:19:15 -08:00
Andrew Bartlett
f469fc6d49 heimdal Add support for extracting a particular KVNO from the database 
This should allow master key rollover.

(but the real reason is to allow multiple krbtgt accounts, as used by
Active Directory to implement RODC support)

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-28 09:52:54 -08:00
Love Hornquist Astrand
1be05e6568 support KRB5_KDB_SALTTYPE_CERTHASH 2010-11-27 13:27:35 -08:00
Love Hornquist Astrand
0690211131 use public version of krb5_enomem 2010-11-25 10:48:33 -08:00
Love Hornquist Astrand
3b1b7e41b0 use krb5_set_error_message and krb5_enomem 2010-11-24 14:36:35 -08:00
Asanka C. Herath
6bf16f5250 Windows: Use --one-code-file when building ASN1 2010-11-24 15:33:27 -05:00
Asanka C. Herath
2f8031c1d1 Cast dlsym() returns before use 2010-11-24 15:33:10 -05:00
Asanka C. Herath
42cf8947aa Windows: Avoid importing locally defined ASN1 symbols 2010-11-24 15:33:09 -05:00
Asanka C. Herath
f40fe926ad Windows: Comprehensive clean target 2010-11-24 15:32:13 -05:00
Love Hornquist Astrand
37fcf33d7c document hdb_entry_ex 2010-11-18 23:40:09 -08:00
Love Hornquist Astrand
c71d2bf0d3 spelling, From Kaiting Chen <kaitocracy@gmail.com> 2010-11-18 23:25:18 -08:00
Joerg Pulz
4154bb82ce Add libintl for i18n support 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-18 08:27:33 -07:00
Love Hornquist Astrand
f225af82c1 if db_create() returns non zero, fail 2010-10-06 21:37:50 -07:00
Andrew Bartlett
c434086ba0 Add error code to use when a secret is not in this database 
This will happen on an RODC, which has the entry, but not the full
secret.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-10-02 11:52:28 -07:00
Andrew Bartlett
0e128912af s4:heimdal Add hooks to check with the DB before we allow s4u2self 
This allows us to resolve multiple forms of a name, allowing for
example machine$@REALM to get an S4U2Self ticket for
host/machine@REALM.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-09-26 15:11:05 -07:00