ebb2e72c61
make error message more unique
2009-08-26 22:43:25 -07:00
022e7d4319
Return unwrapped delegated credentials if the actual mech is not the called mech
...
Assumes that pseudo mechs are are of how mechglue credentails look like and
return credentials like that.
Pointed out on krbdev by Nicolas Williams
2009-08-26 22:32:50 -07:00
559103b218
if not trailer set, init EC to 0
2009-08-26 21:40:07 -07:00
ba4909eba5
Link libroken with libcrypt since roken uses crypt() in unix_verify_password
...
Found by Guillaume Rousse
2009-08-26 15:20:51 -07:00
13ba2956cc
Check if COM_ERR_BINDDOMAIN_krb5 is defined, if it is, use bindtextdomain()
...
Older versions of compile_et doesn't support gettext/libintl support,
if they don't, there will be no such symbols and we can't load the
text domains for those symbols, so lets skip that.
Pointed out by Guillaume Rousse on heimdal-discuss
2009-08-26 09:02:25 -07:00
23aebd619b
Only release keys if they are allocated
2009-08-25 23:54:58 -07:00
03998aeccb
gsskrb5: fix test_context. after gss_wrap_iov changes
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
40a6abd116
gsskrb5: make the check for dcestyle and conf_req_flag == 0 more explicit
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
560cb0c132
gsskrb5: fix ec and padding handling in _gssapi_unwrap_cfx_iov()
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
76f0fb9170
gsskrb5: fix ec and padding handling in _gssapi_wrap_cfx_iov()
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
f286dd5d64
gsskrb5: fix _gssapi_wrap_iov_length_cfx() - there's more than just krb5 overhead...
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
1a0423fd3d
gsskrb5: make _gk_allocate_buffer() non static
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:38 -07:00
60725fd2f5
gsskrb5: add _gk_verify_buffers()
...
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-25 23:34:37 -07:00
a29c65b417
add krb5_free_unparsed_name for OpenSSH + gssapi patch, make it deprecated
2009-08-25 23:07:21 -07:00
1b07597123
drop EVP_cts support
2009-08-25 20:29:23 -07:00
7e1e9dc2e7
drop cts support
2009-08-25 20:28:33 -07:00
a1aa022f8b
drop evp-aes-cts
2009-08-25 20:27:04 -07:00
a4d850a656
don't include evp-aes-cts.c
2009-08-25 20:26:38 -07:00
0d6e55df3c
don't include evp-aes-cts.c
2009-08-25 20:26:25 -07:00
6ead770ad1
Implement CTS in terms of CBC
2009-08-25 20:26:01 -07:00
31871b4990
deifne KRB5_DEPRECATED
2009-08-25 14:35:42 -07:00
400cc459fa
deprecate krb5_config_parse_string_multi
2009-08-24 20:24:41 -07:00
46b48bc3e7
Document time function, krb5_config_parse_string_multi is not used
2009-08-24 19:52:10 -07:00
9ccc79c5b6
Don't leak context if nsi_probe failes
...
Deduced from valgrind log produced by Markus Moeller
2009-08-22 10:52:22 -07:00
eb7448156c
export d2i_RSAPublicKey
2009-08-21 21:42:03 -07:00
9f5d22b98a
define and use d2i_RSAPublicKey
2009-08-21 18:57:09 -07:00
72e306c7e3
Push cert down deaper into the stack
2009-08-21 18:34:21 -07:00
aee7858b16
Clean new files
2009-08-21 15:14:57 -07:00
edb688c1e7
don't run EC test if there is broken EC support
2009-08-21 14:04:13 -07:00
30aa8a7166
there is already one verify, don't make two
2009-08-21 13:42:22 -07:00
796a522b46
always call cipher-init so that we can reset IV when caller wants too
2009-08-21 07:43:50 -07:00
2b6a34e132
allocate cleam memory for cipher to play with
2009-08-21 07:43:29 -07:00
6618ca5ffc
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 07:22:49 -07:00
56f90c5b19
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 07:16:28 -07:00
f465930be7
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 07:16:19 -07:00
dfd40e4403
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 07:16:09 -07:00
4f7156de1a
switch to EVP_MD_CTX_create() and thus make smaller
2009-08-21 06:45:20 -07:00
292ff66a64
unused variable
2009-08-21 06:22:01 -07:00
9020bb0208
some more doxygen
2009-08-21 06:07:53 -07:00
3021868ebb
Drop write only assignments
2009-08-20 20:13:08 -07:00
03cb3aa56b
use EVP_MD_CTX_create
2009-08-20 17:13:09 -07:00
27b8565d5f
Make verifing detached signatures easier
2009-08-20 16:27:25 -07:00
e3da85a4ab
add aliases to commands
2009-08-20 14:05:18 -07:00
f6da838557
init variables since compiler doesn't get __attribute__((noreturn))
2009-08-20 14:05:06 -07:00
1838afe680
Make sure return values are checked, always unblind if we blinded, handle error better
2009-08-20 14:04:34 -07:00
f0aec0e637
allow one argument
2009-08-20 10:20:09 -07:00
62dc336bf9
Friendlier signing
2009-08-20 09:59:05 -07:00
a7b2f1460b
Allow --no-signer to work
2009-08-20 08:50:27 -07:00
14a68d5668
Set umask before creating credentials database to make sure cache is user only readable
...
Reported by Anton Lundin <glance@acc.umu.se >
2009-08-20 08:40:50 -07:00
76afc31e9b
Try both v4 and v6 socket types
...
The libroken-getifaddrs fails to retrive the ipv6-address in
solaris-zones but it might connect over ipv6 anyway, and then the kdc
refuses to give a ticket with the cryptic message:
kinit: krb5_get_init_creds: No ENC-TS found
A saner message ends up in the kdc's logfile.
because of a ENXIO when looking for a ipv6-address on the
ipv4-interface, the whole getlifaddrs2 fails and getifaddrs2 is run
instead and it just discovers the ipv4-address.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2009-08-20 07:51:56 -07:00
Love Hornquist Astrand