Commit Graph

4947 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
fdeb7b2318 fix sizeof 2011-12-03 13:02:28 -08:00
Nicolas Williams
89bae59b49 Fix error clobbering bug and code review comments 2011-12-02 01:04:22 -06:00
Nicolas Williams
da14596f0e Add a test for aname2lname 2011-12-02 01:03:31 -06:00
Nicolas Williams
f468ed4759 Make krb5_aname_to_localname() use the libheimbase binary search functions 2011-12-02 01:03:08 -06:00
Nicolas Williams
aea02876e7 Initial aname2lname plugin patch based on code from Love
Included is a default plugin that searches a sorted text file where
    every line is of the form:
	<unparsed-principal>[<whitespace><username>]
    If the username is missing in a matching line then an error is
    returned.  If a matching line is not found then the next plugin will
    be allowed to run, if any.
2011-12-02 00:58:26 -06:00
Nicolas Williams
d0abcebf80 Make _krb5_plugin_run_f() use krb5_plugin_register()ed plugins too 2011-12-02 00:58:26 -06:00
Luke Howard
21173f98dc add fast.c to dist sources 2011-11-29 12:52:32 +11:00
Luke Howard
c18d1a804e add fast.c to Windows build 2011-11-29 12:51:07 +11:00
Nicolas Williams
c757eb7fb0 Rename and fix as/tgs-use-strongest-key config parameters
Different ticket session key enctype selection options should
    distinguish between target principal type (krbtgt vs. not), not
    between KDC request types.
2011-11-25 17:21:04 -06:00
Nicolas Williams
81293d9334 krb5_get_init_creds*() should not krb5_cc_close() the FAST ccache! 2011-11-22 17:04:35 -06:00
Nicolas Williams
ad60b236a0 Add missing symbols to export list 2011-11-22 17:04:03 -06:00
Love Hornquist Astrand
118f99e308 tell if keytab is missing principal 2011-11-22 11:00:51 -08:00
Love Hörnquist Åstrand
354ef711f3 restructure 2011-11-21 20:34:35 -08:00
Love Hörnquist Åstrand
1d7c483db2 use get and set 2011-11-21 20:34:35 -08:00
Stefan Metzmacher
7ecbac23f6 lib/krb5: add utf8 support to build_logon_name() for the PAC
Pair-Programmed-With: Arvid Requate <requate@univention.de>

metze

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2011-11-16 19:42:45 -08:00
Nicolas Williams
349609ed20 Initial test of x-realm TGT w/ kvno 0 and key rollover
NOTE: The test runs and succeeds, but the client seems to be getting
	  a new x-realm TGT after we set the kvno to 0 or remove the
	  kvno from the tickets.  This means we're not really testing
	  the TGS paths!  So this test is not yet ready.
2011-11-15 21:53:34 -06:00
Nicolas Williams
40a7d4b62f More fixes for -Werror (GCC 4.6 catches more stuff) 2011-11-02 23:20:55 -05:00
Nicolas Williams
3bebbe5323 Fixes to make Heimdal -Wall -Werror clean
These fixes make developer mode build, at least on Ubuntu.
2011-11-02 21:42:08 -05:00
Love Hörnquist Åstrand
9c830f5237 indent 2011-10-31 22:10:09 -07:00
Love Hörnquist Åstrand
877df213eb make sure we don't use stack content, don't count on that unsigned value can be negative 2011-10-31 22:05:42 -07:00
Nicolas Williams
c353962428 Oops, mismerge in principal.c 2011-10-31 00:29:36 -05:00
Nicolas Williams
7da9d7d75f Fix memory leak in name canon rule iterator 2011-10-31 00:15:07 -05:00
Nicolas Williams
1192120b86 Fix 64-bit warnings in name canon rules code 2011-10-29 16:48:56 -05:00
Love Hörnquist Åstrand
a57988153e indent 2011-10-28 20:08:08 -07:00
Love Hörnquist Åstrand
f1e7d2ccba allow checksum type NULL since des3-cbc-null uses it (gss-api mech) 2011-10-28 19:54:02 -07:00
Love Hörnquist Åstrand
1a1bd736c0 merge support for FAST in as-req codepath 2011-10-28 19:25:48 -07:00
Nicolas Williams
3a393427e9 krb5_principal_compare() can't return errors... 2011-10-27 22:57:02 -05:00
Nicolas Williams
c433fefb23 Fix contributewd by Roland Dowdeswell for 64-bit bug in name canon patches 2011-10-27 17:34:57 -05:00
Nicolas Williams
0b6639dcce Fix makefile bug for name canon testing 2011-10-22 14:55:48 -05:00
Nicolas Williams
ce04492b36 Fix silly bug in krb5_get_credentials_with_flags() 2011-10-22 14:54:27 -05:00
Nicolas Williams
8fde93e3fb Initial name canon rules tests (just kgetcred) 2011-10-22 14:54:26 -05:00
Nicolas Williams
5c54736678 Removed "weak" option and implemented use-referrals/no-referrals 2011-10-22 14:54:26 -05:00
Nicolas Williams
c764ad95e5 Document name canonicalization rules 2011-10-22 14:54:26 -05:00
Nicolas Williams
f4471b11d6 Call krb5_set_error_message() and don't clobber ret in debug code 2011-10-22 14:54:25 -05:00
Nicolas Williams
248e1eb772 Cleanups: s/\<assert\>/heim_assert/ 2011-10-22 14:54:25 -05:00
Nicolas Williams
9f5a43084c Cleanups: s/ENOMEM/krb5_enomem(context)/ 2011-10-22 14:54:25 -05:00
Nicolas Williams
2f03603d6b Cleanups: s/krb5int_/_krb5_/ and moved priv stuff from krb5.h 2011-10-22 14:54:25 -05:00
Nicolas Williams
001fc24102 Removed vestiges of no-reverse-lookup/reverse-lookup option that was never implemented 2011-10-22 14:54:24 -05:00
Nicolas Williams
a5e77c578e Deferred hostname canon using name canon rules 2011-10-22 14:54:13 -05:00
Love Hornquist Astrand
b1012edee3 add
krb5_auth_con_getsendsubkey
2011-10-19 21:11:12 +02:00
Love Hornquist Astrand
1b88a3b6c7 Only does implicit matching for first component, reported by Harry Coin 2011-10-14 00:33:57 +02:00
Love Hornquist Astrand
8192b9ed35 remove refernces to kerberos 4 and kaserver 2011-10-12 12:40:59 +02:00
Jeffrey Altman
cbf126bede Permit NULL context to krb5_get_error_message()
Application developers have a tendency to use krb5_get_error_message()
as a drop in replacement for error_message() and under various
circumstances they pass in a NULL context.  This method works fine
for MIT's implementation which ignores the context but in Heimdal
passing in a NULL context would dump core.

This patch set modifies krb5_get_error_message() in order to
permit the passing of a NULL context.  First, if the context
is NULL, an attempt will be made to allocate one locally for
the purpose of evaluating the error code.  Second, if a local
context cannot be allocated, fall back on calling error_message().
If error_message() fails to return a string, then generate an
"unknown error" response.

Only if all of the above fails is NULL returned.

Change-Id: If4baf7d6c428cf0baf11c044b8dfd5c2b3cdf7e4
2011-09-27 14:26:26 -04:00
Love Hornquist Astrand
777b24fbb5 add krb5_is_enctype_weak 2011-09-26 08:47:37 +02:00
Jeffrey Altman
9a127beb26 Windows: set default ccache to registry
Add _krb5_set_default_cc_name_to_registry() function and
call use it on Windows to set the user's default credential cache.

Change-Id: Ib59ff218a098a841bc61846abf873736380b5c6c
2011-09-26 02:00:13 -04:00
Jeffrey Altman
132693df5a Add _krb5_store_string_to_reg_value() for Windows
The new _krb5_store_string_to_reg_value() function permits
the caller to create REG_SZ, REG_EXPAND_SZ, REG_DWORD, and
REG_MULTI_SZ entries in the registry.

Change-Id: Ib5740ad07209618d8ea4c0bf3c75615f27e98b4e
2011-09-26 01:58:29 -04:00
Jeffrey Altman
3854e64a4a include weak etypes in default etype list if allow_weak_crypto
commit 0ed83cebd3 removed the
weak enctypes from the default enctype list.  This is a change
in behavior from 1.5.x which permitted the use of weak enctypes
if "allow_weak_crypto" is set to true.  This patchset creates
two default enctype lists.  One with weak enctypes and the other
without.  The weak version is used if "allow_weak_crypto" is set
to true.

Change-Id: Ide5cce0645836249031350bfaf619d970635e579
2011-09-26 01:44:16 -04:00
Love Hornquist Astrand
d3f85af92c move deprecated function to deprecated.c 2011-09-25 19:03:11 +02:00
Love Hornquist Astrand
0b02f05a19 error_buf is gone 2011-09-25 17:49:06 +02:00
Love Hornquist Astrand
2daeea4feb handle error code from size_too_large more correct 2011-09-22 16:36:52 +02:00