oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
25,628 Commits 2 Branches 2 Tags
fd3d2ccd0df64447c70a1ebdec77fc7f44d0aa45
Commit Graph

14767 Commits

Author SHA1 Message Date
Love Hornquist Astrand
cfb43997ae define YY_NULL 2010-03-20 14:44:16 -07:00
Love Hornquist Astrand
b0a79dcd40 Improve the dns retry logic 
Bug reported by Richard Silverman on heimdal-bugs
 2010-03-19 14:19:43 -07:00
Love Hornquist Astrand
3af54e67d9 Renumber signedticket to 512 since 142 was stolen. 2010-03-19 13:44:51 -07:00
Andrew Tridge
6bff49a89d memset the right length of the {i,o}pad data, memset opad not ipad in the opad case (typo) 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-18 10:59:51 -07:00
Love Hornquist Astrand
f26d6c2398 (krb5_set_default_in_tkt_etypes): filter out unwanted enctypes 
Needed for Samba that tries really hard to use DES encryption types.

Reported by Natanael Copa on heimdal-discuss
 2010-03-17 09:30:11 -07:00
Matthias Dieter Wallnöfer
69ea9b38e9 heimdal - fix overlapped identifiers in the "krb5" library 
heimdal - fix overlapped identifiers in the "krb5" library

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-03-16 10:05:35 -07:00
Love Hornquist Astrand
50990d61cf free always "ctx->password" when it isn't needed anymore 
Patch originally from Matthias Dieter Wallnöfer, changed by me to keep
clearing the password from memory.
 2010-03-16 10:04:20 -07:00
Love Hornquist Astrand
313a2243bb Allow users to specify their own configuration file ~/.krb5/config 
Idea from Rune L on heimdal-discuss
 2010-03-16 09:09:27 -07:00
Love Hornquist Astrand
33d80cbcfc include roken.h 2010-03-12 09:04:39 -08:00
Love Hornquist Astrand
cf1b11f8a0 export more 2010-03-11 23:35:26 -08:00
Love Hornquist Astrand
6da28e73eb move same ifdef magic from roken-common.h.in to here, use strerror() 2010-03-11 23:35:00 -08:00
Love Hornquist Astrand
7d9335ce69 in the STRERROR_R_PROTO_COMPATIBLE case, only provide a rk_strerror_r function if there is a broken prototype 
From harald barth.
 2010-03-11 18:40:47 -08:00
Love Hornquist Astrand
e57bd85101 spelling 2010-03-10 20:05:31 -08:00
Love Hornquist Astrand
ae74dc7316 allow a cross realm ticket returned in the non referrals case 2010-03-07 01:02:02 -08:00
Love Hornquist Astrand
03262460dd use krb5_principal_is_krbtgt 2010-03-07 01:01:32 -08:00
Love Hornquist Astrand
71150bb1bc add krb5_principal_is_krbtgt 2010-03-07 01:00:48 -08:00
Love Hornquist Astrand
a46bc97443 Windows code never calls dirfd, avoid warning 2010-02-27 19:23:08 -08:00
Love Hornquist Astrand
94a8d9c5e5 autoconf test for dirfd and dd_fd 2010-02-25 22:18:32 -08:00
Love Hornquist Astrand
53024a5a22 start to document gss_import_name 2010-02-21 23:21:58 +01:00
Love Hornquist Astrand
521098738c document gss_release_name 2010-02-21 23:21:43 +01:00
Love Hornquist Astrand
24eeb74c4a make getnameinfo quiet by default 2010-02-20 14:01:53 -08:00
Love Hornquist Astrand
7c86764dea make getifaddrs quiet by default 2010-02-20 13:59:39 -08:00
Love Hornquist Astrand
e297702f78 split dist and nodisk source for heim_ipc[cs] 
So that the generated files doesn't have to be built on host w/o mig,
reported by Jelmer Vernooij on heimdal-discuss
 2010-02-20 11:22:07 -08:00
Love Hornquist Astrand
3ddb2af8d5 more flags and stuff 2010-02-13 17:41:33 -08:00
Love Hornquist Astrand
33e9da40b4 *** empty log message *** 2010-02-13 17:39:08 -08:00
Love Hornquist Astrand
61d6c3b9c5 add flags in gssapi_context_flags 2010-02-13 17:38:56 -08:00
Love Hornquist Astrand
53f7c6be92 more refs 2010-02-13 17:28:29 -08:00
Love Hornquist Astrand
57332c9b7d gssapi_mechs_intro 2010-02-13 17:28:13 -08:00
Love Hornquist Astrand
b7581f5dcb document more about mechs 2010-02-13 17:27:14 -08:00
Love Hornquist Astrand
96852bdc79 list contants for mechs 2010-02-13 17:23:09 -08:00
Love Hornquist Astrand
84b58b78b6 start of documention of gss_init_sec_context 2010-02-13 17:14:46 -08:00
Love Hornquist Astrand
711ef346a0 move krb5_set_home_dir_access() group krb5 2010-02-10 18:26:46 -08:00
Love Hornquist Astrand
c9a0c39786 add check for [libdefaults_entries]allow_weak_crypto 2010-02-04 16:13:06 -08:00
Russ Allbery
bc3d8992cd Don't attempt to load a password quality verifier from NULL 
When kadm5_add_passwd_quality_verifier is called with a NULL
check_library parameter and [password_quality].policy_libraries
is set, the function calls add_verifier() for each string in the
policy_libraries section and then falls through to the non-NULL
case and calls add_verifier() a final time with a NULL argument.
This leads to dlopening the running executable and then failing
since it contains no password quality verifier.

If the check_library argument is NULL, only call add_verifier()
for the configured policy_libraries and do not fall through to
the non-NULL case.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-02-02 20:46:23 -08:00
Love Hornquist Astrand
04d3215d39 _wind_ucs2read is not a private symbol 2010-02-02 20:16:47 -08:00
Russ Allbery
8a57d5cb08 Add krb5_allow_weak_crypto API to enable weak enctypes 
Add krb5_allow_weak_crypto parallel to the API introduced in MIT
Kerberos 1.8.  Enables or disables all enctypes marked as weak.
Add a new enctype flag marking weak enctypes (all of the ones that
are disabled by default).

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-27 21:50:58 -08:00
Love Hornquist Astrand
560fc640bb Lowercase linux, from Harald Barth 2010-01-26 22:14:59 -08:00
Love Hornquist Astrand
908ece3604 Adapt for Linux with SOCK_CLOEXEC, patch from Harald Barth 2010-01-26 10:46:51 -08:00
Love Hornquist Astrand
4376b6c8b1 spelling 2010-01-25 23:50:37 -08:00
Love Hornquist Astrand
2fbdb6a514 rewrite socket to rk_socket of there is SOCK_CLOEXEC and there is linux, prompted by Harald Barth 2010-01-25 23:01:18 -08:00
Love Hornquist Astrand
deee0bbad9 put SOCK_CLOEXEC in the right argument, from Harald Barth 2010-01-25 23:01:09 -08:00
Russ Allbery
4038832098 Export krb5_principal_get_num_comp 
krb5_principal_get_num_comp was prototyped as a public function but
not exported from libkrb5.  Add it to the export version map.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-25 22:39:14 -08:00
Love Hornquist Astrand
609e8dd156 reset GSS_C_DELEG_FLAG when there is no consumer 2010-01-19 21:22:53 +00:00
Russ Allbery
3441bbb98e Clarify documentation of password quality check modules 
Be clearer in the info documentation that the part of the policy
name before the colon is the name of the module, not the static
string "module".  State explicitly that "builtin" can be used as the
module name to identify built-in policies.

Use the same terminology in kadm5_pwcheck(3) as the info documentation,
changing test-name to policy-name and vendor to module-name.  State
explicitly how the module name and policy name are used to select which
policies to run.

Rephrase a few sentences, add a paragraph break, and fix a few typos
for clarity.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-15 23:33:25 +00:00
Russ Allbery
80317bbd20 Pass external password quality program name as first argument 
Pass the path to the external password quality program as the first
argument to the program and the principal as the second argument, as is
conventional, rather than passing only the principal.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-01-14 23:38:17 +00:00
Love Hornquist Astrand
1f4bb75eef Only free hx509ctx if its actually allocated 2010-01-12 17:47:54 -08:00
Love Hornquist Astrand
1b3a8d3032 just close socket 2010-01-08 14:19:21 +01:00
Love Hornquist Astrand
3b51f94c2b Make compile on pre-leopard (Tiger needs CSSM_SIZE), From Quanah Gibson-Mount 2010-01-08 13:17:47 +01:00
Love Hornquist Astrand
9200bb1738 Wrap <CommonCrypto/CommonDigest.h> with ifdef since it doesn't exists on Tiger 2010-01-08 13:12:44 +01:00
Love Hornquist Astrand
f6e0d19cc0 make rk_SOCK_EXIT a statment to avoid warnings 2010-01-08 13:08:24 +01:00