oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,070 Commits 2 Branches 2 Tags
git2svn-syncpoint-master
Commit Graph

27070 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicolas Williams
0e852b330f Make sure we always allow weak enctypes in MIT HDB test 
Also, we still try to create the version key in the MIT HDB, so we
    might as well update the test DB to have the version key already
    there.  (But really, we should just never write to the MIT HDB.)
 2011-11-09 00:59:51 -06:00
Nicolas Williams
19b6c47f72 Handle 1DES enctype similarity in MIT HDB 
We have some cross-realm principals in an MIT KDB with one kind of
    1DES enctype, but the other realm's KDCs issue x-realm TGTs where
    the ticket encpart key enctype is a different 1DES enctype.  We need
    this to work if we use Heimdal with the MIT HDB backend.

    An alternative would be to check for similar (or, rather,
    compatible) enctypes in the KDC (and elsewhere?).  This patch avoids
    the need to make such ugly changes elsewhere.
 2011-11-09 00:59:15 -06:00
Nicolas Williams
8586d9f88e Fix enctype selection issues for PAC and other authz-data signatures 
We were using the enctype from the PA-TGS-REQ's AP-REQ's Ticket to
    decide what key from the service's realm's krbtgt principal to use.
    This breaks when: a) we're doing cross-realm, b) the service's
    realm's krbtgt principal doesn't have keys for the enctype used in
    the cross-realm TGT.

    The fix is to pick the correct key (strongest or first, per-config)
    from the service's realm's krbtgt principal.
 2011-11-09 00:32:38 -06:00
Nicolas Williams
40a7d4b62f More fixes for -Werror (GCC 4.6 catches more stuff) 2011-11-02 23:20:55 -05:00
Nicolas Williams
3bebbe5323 Fixes to make Heimdal -Wall -Werror clean 
These fixes make developer mode build, at least on Ubuntu.
 2011-11-02 21:42:08 -05:00
Love Hörnquist Åstrand
9c830f5237 indent 2011-10-31 22:10:09 -07:00
Love Hörnquist Åstrand
877df213eb make sure we don't use stack content, don't count on that unsigned value can be negative 2011-10-31 22:05:42 -07:00
Love Hörnquist Åstrand
2e2b5daf7a send output to /dev/null 2011-10-31 21:27:51 -07:00
Love Hornquist Astrand
f3709535ea make make rules silent 2011-10-31 09:49:56 -07:00
Love Hornquist Astrand
5835c81e6c make the test tell what they do, disable LOCALDOMAIN tests 2011-10-31 09:06:10 -07:00
Nicolas Williams
c353962428 Oops, mismerge in principal.c 2011-10-31 00:29:36 -05:00
Nicolas Williams
104bb8ef53 Fix unitialized HDB_extension problem (specifically the mandatory field) 2011-10-31 00:20:05 -05:00
Nicolas Williams
7da9d7d75f Fix memory leak in name canon rule iterator 2011-10-31 00:15:07 -05:00
Love Hörnquist Åstrand
c8f1a6f0a0 don't install hcrypto unless we build them 2011-10-30 19:51:59 -07:00
Love Hornquist Astrand
483afb3390 avoid compile warning 2011-10-29 19:14:14 -07:00
Love Hornquist Astrand
6436cd99b7 remove lex_classic_input(void) prototype 2011-10-29 19:13:04 -07:00
Love Hornquist Astrand
42e6fb794d avoid const warning 2011-10-29 19:10:20 -07:00
Nicolas Williams
1192120b86 Fix 64-bit warnings in name canon rules code 2011-10-29 16:48:56 -05:00
Love Hörnquist Åstrand
1fe4d77846 remove getprogname.c 2011-10-28 20:36:40 -07:00
Love Hörnquist Åstrand
a57988153e indent 2011-10-28 20:08:08 -07:00
Love Hörnquist Åstrand
f06e684ece recover lost check-kdc.in 2011-10-28 20:03:20 -07:00
Love Hörnquist Åstrand
f1e7d2ccba allow checksum type NULL since des3-cbc-null uses it (gss-api mech) 2011-10-28 19:54:02 -07:00
Love Hörnquist Åstrand
f0fb8b1bef merge error 2011-10-28 19:34:35 -07:00
Love Hörnquist Åstrand
b4972bd4f0 no longer need getprogname() 2011-10-28 19:31:05 -07:00
Love Hörnquist Åstrand
3570802d59 use getprogname if we have, otherwise punt, remove roken dependency 2011-10-28 19:30:55 -07:00
Love Hörnquist Åstrand
1a1bd736c0 merge support for FAST in as-req codepath 2011-10-28 19:25:48 -07:00
Nicolas Williams
3a393427e9 krb5_principal_compare() can't return errors... 2011-10-27 22:57:02 -05:00
Nicolas Williams
c433fefb23 Fix contributewd by Roland Dowdeswell for 64-bit bug in name canon patches 2011-10-27 17:34:57 -05:00
Nicolas Williams
0b6639dcce Fix makefile bug for name canon testing 2011-10-22 14:55:48 -05:00
Nicolas Williams
612e5c2a12 Test name canon rules via GSS and put kdc tests last 
Put kdc last in tests/Makefile.am.  There's two tests in tests/kdc
    that have been failing for a long time, and that causes the
    remaining tests to not be run.  By putting kdc last those tests do
    run.
 2011-10-22 14:54:27 -05:00
Nicolas Williams
ce04492b36 Fix silly bug in krb5_get_credentials_with_flags() 2011-10-22 14:54:27 -05:00
Nicolas Williams
9c8ceada75 Fix test bug, add test of DNS resolver searchlist name canon rule 2011-10-22 14:54:26 -05:00
Nicolas Williams
8fde93e3fb Initial name canon rules tests (just kgetcred) 2011-10-22 14:54:26 -05:00
Nicolas Williams
5c54736678 Removed "weak" option and implemented use-referrals/no-referrals 2011-10-22 14:54:26 -05:00
Nicolas Williams
c764ad95e5 Document name canonicalization rules 2011-10-22 14:54:26 -05:00
Nicolas Williams
e1be4482ac Improve kgetcred support for name canon rules and document 2011-10-22 14:54:26 -05:00
Nicolas Williams
f4471b11d6 Call krb5_set_error_message() and don't clobber ret in debug code 2011-10-22 14:54:25 -05:00
Nicolas Williams
248e1eb772 Cleanups: s/\<assert\>/heim_assert/ 2011-10-22 14:54:25 -05:00
Nicolas Williams
9f5a43084c Cleanups: s/ENOMEM/krb5_enomem(context)/ 2011-10-22 14:54:25 -05:00
Nicolas Williams
2f03603d6b Cleanups: s/krb5int_/_krb5_/ and moved priv stuff from krb5.h 2011-10-22 14:54:25 -05:00
Nicolas Williams
001fc24102 Removed vestiges of no-reverse-lookup/reverse-lookup option that was never implemented 2011-10-22 14:54:24 -05:00
Nicolas Williams
a5e77c578e Deferred hostname canon using name canon rules 2011-10-22 14:54:13 -05:00
Love Hornquist Astrand
587cf45846 add @anchor 2011-10-20 22:09:40 +02:00
Love Hornquist Astrand
b1012edee3 add 
krb5_auth_con_getsendsubkey
 2011-10-19 21:11:12 +02:00
Love Hornquist Astrand
fed3050bc0 use ` instead of $( to please legacy solaris /bin/sh 2011-10-19 11:36:18 +02:00
Love Hornquist Astrand
33f717edb2 Only set msg in case we have one, from Rangar Sundblad 2011-10-19 10:38:59 +02:00
Nicolas Williams
6bcdba3a38 Fix autogen.sh to be portable and fail when autoreconf fails 2011-10-17 16:27:58 -05:00
Nicolas Williams
d56bb35a50 Fix autogen.sh to be more portable and to fail when autoreconf fails 2011-10-17 15:47:50 -05:00
Love Hornquist Astrand
f7efe9516f more references 2011-10-14 14:58:29 +02:00
Love Hornquist Astrand
7b77de50a0 kadmin modify --pkinit-acl example 2011-10-14 14:53:50 +02:00