Love Hornquist Astrand
fea82013eb
Check for dd_fd in DIR not struct dirent
...
Pointed out by Ragnnar Sundblad in private mail
2010-03-21 08:58:33 -07:00
Love Hornquist Astrand
ad2de1222f
spelling
2010-03-20 15:25:55 -07:00
Love Hornquist Astrand
cfb43997ae
define YY_NULL
2010-03-20 14:44:16 -07:00
Love Hornquist Astrand
b0a79dcd40
Improve the dns retry logic
...
Bug reported by Richard Silverman on heimdal-bugs
2010-03-19 14:19:43 -07:00
Love Hornquist Astrand
d3efb7d043
don't bother supporting KRB5_AUTHDATA_SIGNTICKET_OLD
2010-03-19 13:58:45 -07:00
Love Hornquist Astrand
24e2001f51
support old SIGNTICKET too
2010-03-19 13:56:20 -07:00
Love Hornquist Astrand
3af54e67d9
Renumber signedticket to 512 since 142 was stolen.
2010-03-19 13:44:51 -07:00
Andrew Tridge
6bff49a89d
memset the right length of the {i,o}pad data, memset opad not ipad in the opad case (typo)
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2010-03-18 10:59:51 -07:00
Love Hornquist Astrand
f26d6c2398
(krb5_set_default_in_tkt_etypes): filter out unwanted enctypes
...
Needed for Samba that tries really hard to use DES encryption types.
Reported by Natanael Copa on heimdal-discuss
2010-03-17 09:30:11 -07:00
Love Hornquist Astrand
523c393829
Better error message for decomp
2010-03-17 06:21:56 -07:00
Love Hornquist Astrand
a6f9dfc5ad
drop krb4
2010-03-16 20:43:24 -07:00
Love Hornquist Astrand
433b1d5073
drop RCSID
2010-03-16 12:52:58 -07:00
Love Hornquist Astrand
dde9ae659b
drop RCSID
2010-03-16 12:50:09 -07:00
Russ Allbery
97648fc257
Disable kpasswdd error replies to completely malformed requests
...
Only send an error reply if the request passes basic verification.
Otherwise, kpasswdd would reply to every UDP packet, allowing an
attacker to set up a ping-pong DoS attack via a spoofed UDP packet with
a source address of another UDP service that also replies to every
packet.
Also suppress the error reply if ap_req_len is 0, since this indicates
an error packet. An error packet may be the result of a ping-pong
attacker pointing us at another kpasswdd.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2010-03-16 11:50:22 -07:00
Russ Allbery
5230b2f8f5
Discard old keys in MIT dump files in hprop
...
An MIT dump file may contain multiple key sets for one principal, with
different kvnos. The Heimdal database can only represent a single
kvno, and previously the kvno was set to the last key found in the entry
and all keys were added to the entry. Since kvnos are given from high
to low in the database dump, this would result in the principal getting
the kvno of the oldest key and all keys stored without regard for kvno.
Instead, ignore all keys with kvnos lower than the first kvno we see and
only store keys with a kvno matching it. If we see a key with a kvno
higher than the first kvno we see, exit with an error since that case is
not currently handled (and should not happen in a typical MIT database
dump).
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2010-03-16 11:48:15 -07:00
Matthias Dieter Wallnöfer
69ea9b38e9
heimdal - fix overlapped identifiers in the "krb5" library
...
heimdal - fix overlapped identifiers in the "krb5" library
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2010-03-16 10:05:35 -07:00
Love Hornquist Astrand
50990d61cf
free always "ctx->password" when it isn't needed anymore
...
Patch originally from Matthias Dieter Wallnöfer, changed by me to keep
clearing the password from memory.
2010-03-16 10:04:20 -07:00
Love Hornquist Astrand
313a2243bb
Allow users to specify their own configuration file ~/.krb5/config
...
Idea from Rune L on heimdal-discuss
2010-03-16 09:09:27 -07:00
Harald Barth
a06a40dd77
dont use modern syntax to please old makeinfo
2010-03-15 05:05:10 -07:00
Love Hornquist Astrand
33d80cbcfc
include roken.h
2010-03-12 09:04:39 -08:00
Love Hornquist Astrand
cf1b11f8a0
export more
2010-03-11 23:35:26 -08:00
Love Hornquist Astrand
6da28e73eb
move same ifdef magic from roken-common.h.in to here, use strerror()
2010-03-11 23:35:00 -08:00
Love Hornquist Astrand
7d9335ce69
in the STRERROR_R_PROTO_COMPATIBLE case, only provide a rk_strerror_r function if there is a broken prototype
...
From harald barth.
2010-03-11 18:40:47 -08:00
Love Hornquist Astrand
e57bd85101
spelling
2010-03-10 20:05:31 -08:00
Love Hornquist Astrand
f2611400b0
Set e_text for more cases
2010-03-07 02:44:25 -08:00
Love Hornquist Astrand
ae74dc7316
allow a cross realm ticket returned in the non referrals case
2010-03-07 01:02:02 -08:00
Love Hornquist Astrand
03262460dd
use krb5_principal_is_krbtgt
2010-03-07 01:01:32 -08:00
Love Hornquist Astrand
71150bb1bc
add krb5_principal_is_krbtgt
2010-03-07 01:00:48 -08:00
Love Hornquist Astrand
a46bc97443
Windows code never calls dirfd, avoid warning
2010-02-27 19:23:08 -08:00
Love Hornquist Astrand
94a8d9c5e5
autoconf test for dirfd and dd_fd
2010-02-25 22:18:32 -08:00
Love Hornquist Astrand
53024a5a22
start to document gss_import_name
2010-02-21 23:21:58 +01:00
Love Hornquist Astrand
521098738c
document gss_release_name
2010-02-21 23:21:43 +01:00
Love Hornquist Astrand
a40c4855ed
provide complete krb5-mit.conf
2010-02-21 07:03:46 -08:00
Love Hornquist Astrand
564fe5cb05
remove heimdal-db*
2010-02-21 07:01:30 -08:00
Love Hornquist Astrand
24eeb74c4a
make getnameinfo quiet by default
2010-02-20 14:01:53 -08:00
Love Hornquist Astrand
7c86764dea
make getifaddrs quiet by default
2010-02-20 13:59:39 -08:00
Love Hornquist Astrand
e297702f78
split dist and nodisk source for heim_ipc[cs]
...
So that the generated files doesn't have to be built on host w/o mig,
reported by Jelmer Vernooij on heimdal-discuss
2010-02-20 11:22:07 -08:00
Ingo Schwarze
0b2eece5be
Do not use nested displays. Found by and unbreaking the build with mandoc(1). I will also send this patch upstream. OK todd@ jmc@
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2010-02-20 11:21:26 -08:00
Guido Günther
45a94f309b
Use libcapng to drop all privileges
...
except for CAPNG_NET_BIND_SERVICE so we can bind to ports < 1024.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2010-02-18 19:08:45 -08:00
Love Hornquist Astrand
ec18315352
drop autobuild
2010-02-18 19:08:24 -08:00
Love Hornquist Astrand
90397c9e4b
drop autobuild
2010-02-18 19:07:25 -08:00
Love Hornquist Astrand
3ddb2af8d5
more flags and stuff
2010-02-13 17:41:33 -08:00
Love Hornquist Astrand
33e9da40b4
*** empty log message ***
2010-02-13 17:39:08 -08:00
Love Hornquist Astrand
61d6c3b9c5
add flags in gssapi_context_flags
2010-02-13 17:38:56 -08:00
Love Hornquist Astrand
53f7c6be92
more refs
2010-02-13 17:28:29 -08:00
Love Hornquist Astrand
57332c9b7d
gssapi_mechs_intro
2010-02-13 17:28:13 -08:00
Love Hornquist Astrand
b7581f5dcb
document more about mechs
2010-02-13 17:27:14 -08:00
Love Hornquist Astrand
96852bdc79
list contants for mechs
2010-02-13 17:23:09 -08:00
Love Hornquist Astrand
84b58b78b6
start of documention of gss_init_sec_context
2010-02-13 17:14:46 -08:00
Love Hornquist Astrand
711ef346a0
move krb5_set_home_dir_access() group krb5
2010-02-10 18:26:46 -08:00