oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,628 Commits 2 Branches 2 Tags
fd7c870550a2eebd4ff750ca0ff9bebee31bca01
Commit Graph

15461 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
0f489b7b28 unexport krb5_init_etype, remove duplicate code 2011-06-14 21:08:52 -07:00
Nicolas Williams
016193ac6a Added manpage documentation for krb5_{as, tgs}_enctypes. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
2fbad6432b Initial support for default_{as, tgs}_etypes. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
256cf6ea12 This patch adds support for a use-strongest-server-key krb5.conf kdc parameter that controls how the KDC (AS and TGS) selects a long-term key from a service principal's HDB entry. If TRUE the KDC picks the strongest supported key from the service principal's current keyset. If FALSE the KDC picks the first supported key from the service principal's current keyset. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
481fe133b2 Also added preauth-use-strongest-session-key krb5.conf kdc parameter, similar to {as, tgs}-use-strongest-session-key. The latter two control ticket session key enctype selection in the AS and TGS cases, respectively, while the former controls PA-ETYPE-INFO2 enctype selection in the AS case. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Nicolas Williams
a7a8a7e95c Initial patch to add as-use-strongest-session-key and same for tgs krb5.conf parameters for the KDC. These control the session key enctype selection algorithm for the AS and TGS respectively: if TRUE then they prefer the strongest enctype supported by the client, the KDC and the target principal, else they prefer the first enctype fromt he client's list that is also supported by the KDC and the target principal. 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-14 20:35:19 -07:00
Love Hörnquist Åstrand
e72940c962 more frameworks for test_name 2011-06-13 21:19:10 -07:00
ghudson@MIT.EDU
3c725a465e Initialize zero before using it in unwrap_des(). 
Heimdal since fc702a97f5 (August 2009)
can't process DES wrap tokens unless the stack garbage in the zero
array happens to be all zeros.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-06-13 21:18:07 -07:00
Love Hornquist Astrand
ade3d65e73 more limits 2011-05-22 20:57:30 -07:00
Love Hornquist Astrand
8b1b47035d Switch to krb5_enomem 2011-05-22 20:43:31 -07:00
Love Hörnquist Åstrand
5829bfe476 add LIB_heimbase 2011-05-22 17:28:24 -07:00
Love Hörnquist Åstrand
48a91b7fc5 change prefix ETYPE_ to KRB5_ENCTYPE_ and provide compat symbols 2011-05-22 14:06:40 -07:00
Love Hornquist Astrand
3564726537 support NT_USER_NAME for real 2011-05-22 13:02:08 -07:00
Love Hornquist Astrand
9dc505a721 cred is no longer a name, handle that 2011-05-22 13:01:32 -07:00
Love Hornquist Astrand
26085dfbc0 allocate enough memory 2011-05-21 13:25:24 -07:00
Love Hornquist Astrand
58ffee93b7 allow GSS_C_NT_USER_NAME too 2011-05-21 13:07:22 -07:00
Love Hornquist Astrand
58ea513056 fix error message 2011-05-21 12:11:04 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Thomas Klausner
97df66c0a0 Put Nd argument after Nd macro. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-05-21 11:54:27 -07:00
Thomas Klausner
db8e287e41 Use "Fl Fl" for long options. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-05-21 11:54:14 -07:00
Luke Howard
79ff133ae9 make gss_acquire_cred_ext private 2011-05-20 14:31:08 +02:00
Love Hornquist Astrand
9cf61bc762 add mech/compat.h for distribution 2011-05-19 00:02:06 -07:00
Love Hornquist Astrand
c7c22aef44 clean slc-lex.c 2011-05-18 22:15:49 -07:00
Love Hornquist Astrand
e4580fe4cc add glue for krb5_einval 2011-05-18 22:00:37 -07:00
Love Hornquist Astrand
4c063f2955 quite const warning 2011-05-18 22:00:20 -07:00
Love Hornquist Astrand
c6c32a431f provide _krb5_einval and _krb5_debug_backtrace that will ease figuring out when it happens 2011-05-18 21:59:56 -07:00
Love Hornquist Astrand
492492e42a use new function krb5_einval instead of returning EINVAL directly 2011-05-18 21:59:23 -07:00
Love Hornquist Astrand
3ada607635 Final fixes from Christos Zoulas 2011-05-18 21:58:57 -07:00
Jeffrey Altman
f51c82c245 link gssapi to heimbase.dll on windows 
Change-Id: I4635dcdfd0a50353b27d1a4c22f09931ae6b6117
 2011-05-19 00:32:53 -04:00
Jeffrey Altman
18b76b6236 fcache: prevent null pointer dereference 
Validate krb5_ccache and krb5_cc_cursor inputs
before use.  Avoid null pointer dereference which
can occur if an application fails to properly check
return codes.

Change-Id: I8023808936e60cc7b8e57a062106cfcdc51ee7d7
 2011-05-18 10:20:09 -04:00
Love Hornquist Astrand
305596d9ad Rename subsystem_DEPRECATED to subsystem_DEPRECATED_FUNCTION(X) 
Start to explain what the replacement function is.
Generate the #define/#undef logic in generated header files.
Use gcc style where the deprecation warning is after the prototype.
 2011-05-17 23:12:51 -07:00
Love Hornquist Astrand
9ed040da38 fix compile warning 2011-05-17 23:01:40 -07:00
Love Hornquist Astrand
5774dcfbd8 actually return datum with real content 2011-05-17 21:54:32 -07:00
Love Hornquist Astrand
f78cb2ca4b Only include myflags if we use HAVE_DB3 2011-05-17 21:48:33 -07:00
Love Hornquist Astrand
01f0a1f509 move tsearch.c to autodetection for libroken.la 2011-05-17 21:47:02 -07:00
Love Hornquist Astrand
4c7ba73439 Default to false(?), at least default to something. 2011-05-17 21:22:45 -07:00
Love Hornquist Astrand
1c10632690 Add define for ret 2011-05-17 21:21:20 -07:00
Love Hornquist Astrand
9b07f0e847 Include <heimbase.h>. 2011-05-17 21:21:07 -07:00
Love Hornquist Astrand
b01fe66069 Use right variable with comparing lengths. Patch orignally from Jaideep Padhye 2011-05-17 21:17:59 -07:00
Jeffrey Altman
aaa4400942 Apply missing function modifiers 
GSSAPI_CALLCONV, GSSAPI_LIB_FUNC, GSSAPI_LIB_CALL as appropriate

Change-Id: I5198cfc7dd665bdc064aa0e613dac7db7465e2b9
 2011-05-17 14:02:49 -04:00
Jeffrey Altman
87aad6a13a Add NO_LOCALNAME 
The pname to uid functionality at present assumes there is
an implementation of getpwnam() and that the local user
identifier is an integer.  On Windows, the local user identifier
is a SId.  Add NO_LOCALNAME as a build option so that Windows
(for now) can build without providing a getpwnam() implementation.

Change-Id: I04cfd6d2cd52e6228733f1da1dab420b453e6566
 2011-05-17 13:56:37 -04:00
Jeffrey Altman
dbbf89bccf Add Luke's new gss functionality to Windows 
Change-Id: I0109e0e5a3d819428ac0a81aafa26b812c8a9206
 2011-05-17 13:52:35 -04:00
Jeffrey Altman
217ada7a06 use const consistently for acquire_cred 
Change-Id: I000d954267efa16439e19b0604c660f3c5be791c
 2011-05-17 13:51:12 -04:00
Jeffrey Altman
771f29a451 remove extra initializers to krb5_mech 
Change-Id: Iee4d7dfd668a6e6da251b93dfd6ca3a7f7bcb062
 2011-05-17 13:44:04 -04:00
Jeffrey Altman
13f63decb6 conditionally export kcm functions on windows 
Change-Id: I3d11595e690467afccc4f82f4eafee1cb2736757
 2011-05-17 13:40:58 -04:00
Jeffrey Altman
6c1ad560ea no C99 named struct initializers on Windows 
commit f5f9014c90 added the
first use of C99 named struct initializers which are not
supported on Windows.  Remove their use in external.c and
in ks_dir.c.

Change-Id: Ibb6b2d5b3dbd4041cb638d2c7a9bd6f916fd45d7
 2011-05-17 12:02:16 -04:00
Jeffrey Altman
6850d6a65f avoid uninit variable and unreachable code warnings 
most of these warnings are not problems because of ample
use of abort() calls.  However, the large number of warnings
makes it difficult to identify real problems.  Initialize
the variables to shut up the compilers.

Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
 2011-05-17 12:02:16 -04:00
Jeffrey Altman
36dcd37cc7 use %p printf format spec for pointers 
do not cast to unsigned long since a 64-bit pointer
and 32-bit long will truncate the value.

Change-Id: Ibeda98171ccbab4b55950bb02c858773e1028cbf
 2011-05-17 12:02:15 -04:00
Jeffrey Altman
844fa0ad5a avoid calling hx509_free_cert() twice 
in krb5_pk_enterprise_cert() pkinit.c, hx509_free_cert()
could be called twice.

Change-Id: I9911d38f1f926721dca2753c6296f26c66c474ad
 2011-05-17 12:02:14 -04:00
Jeffrey Altman
52556b1b74 fix uninitialized vars in pkinit.c find_cert() 
'start' must be initialized to '1'

'ret' to HX509_CERT_NOT_FOUND

Change-Id: I748bd9856f70b7d627082f73a3a22f1395a604ba
 2011-05-17 12:02:14 -04:00