0e852b330f
Make sure we always allow weak enctypes in MIT HDB test
...
Also, we still try to create the version key in the MIT HDB, so we
might as well update the test DB to have the version key already
there. (But really, we should just never write to the MIT HDB.)
2011-11-09 00:59:51 -06:00
19b6c47f72
Handle 1DES enctype similarity in MIT HDB
...
We have some cross-realm principals in an MIT KDB with one kind of
1DES enctype, but the other realm's KDCs issue x-realm TGTs where
the ticket encpart key enctype is a different 1DES enctype. We need
this to work if we use Heimdal with the MIT HDB backend.
An alternative would be to check for similar (or, rather,
compatible) enctypes in the KDC (and elsewhere?). This patch avoids
the need to make such ugly changes elsewhere.
2011-11-09 00:59:15 -06:00
8586d9f88e
Fix enctype selection issues for PAC and other authz-data signatures
...
We were using the enctype from the PA-TGS-REQ's AP-REQ's Ticket to
decide what key from the service's realm's krbtgt principal to use.
This breaks when: a) we're doing cross-realm, b) the service's
realm's krbtgt principal doesn't have keys for the enctype used in
the cross-realm TGT.
The fix is to pick the correct key (strongest or first, per-config)
from the service's realm's krbtgt principal.
2011-11-09 00:32:38 -06:00
40a7d4b62f
More fixes for -Werror (GCC 4.6 catches more stuff)
2011-11-02 23:20:55 -05:00
3bebbe5323
Fixes to make Heimdal -Wall -Werror clean
...
These fixes make developer mode build, at least on Ubuntu.
2011-11-02 21:42:08 -05:00
9c830f5237
indent
2011-10-31 22:10:09 -07:00
877df213eb
make sure we don't use stack content, don't count on that unsigned value can be negative
2011-10-31 22:05:42 -07:00
2e2b5daf7a
send output to /dev/null
2011-10-31 21:27:51 -07:00
f3709535ea
make make rules silent
2011-10-31 09:49:56 -07:00
5835c81e6c
make the test tell what they do, disable LOCALDOMAIN tests
2011-10-31 09:06:10 -07:00
c353962428
Oops, mismerge in principal.c
2011-10-31 00:29:36 -05:00
104bb8ef53
Fix unitialized HDB_extension problem (specifically the mandatory field)
2011-10-31 00:20:05 -05:00
7da9d7d75f
Fix memory leak in name canon rule iterator
2011-10-31 00:15:07 -05:00
c8f1a6f0a0
don't install hcrypto unless we build them
2011-10-30 19:51:59 -07:00
483afb3390
avoid compile warning
2011-10-29 19:14:14 -07:00
6436cd99b7
remove lex_classic_input(void) prototype
2011-10-29 19:13:04 -07:00
42e6fb794d
avoid const warning
2011-10-29 19:10:20 -07:00
1192120b86
Fix 64-bit warnings in name canon rules code
2011-10-29 16:48:56 -05:00
1fe4d77846
remove getprogname.c
2011-10-28 20:36:40 -07:00
a57988153e
indent
2011-10-28 20:08:08 -07:00
f06e684ece
recover lost check-kdc.in
2011-10-28 20:03:20 -07:00
f1e7d2ccba
allow checksum type NULL since des3-cbc-null uses it (gss-api mech)
2011-10-28 19:54:02 -07:00
f0fb8b1bef
merge error
2011-10-28 19:34:35 -07:00
b4972bd4f0
no longer need getprogname()
2011-10-28 19:31:05 -07:00
3570802d59
use getprogname if we have, otherwise punt, remove roken dependency
2011-10-28 19:30:55 -07:00
1a1bd736c0
merge support for FAST in as-req codepath
2011-10-28 19:25:48 -07:00
3a393427e9
krb5_principal_compare() can't return errors...
2011-10-27 22:57:02 -05:00
c433fefb23
Fix contributewd by Roland Dowdeswell for 64-bit bug in name canon patches
2011-10-27 17:34:57 -05:00
0b6639dcce
Fix makefile bug for name canon testing
2011-10-22 14:55:48 -05:00
612e5c2a12
Test name canon rules via GSS and put kdc tests last
...
Put kdc last in tests/Makefile.am. There's two tests in tests/kdc
that have been failing for a long time, and that causes the
remaining tests to not be run. By putting kdc last those tests do
run.
2011-10-22 14:54:27 -05:00
ce04492b36
Fix silly bug in krb5_get_credentials_with_flags()
2011-10-22 14:54:27 -05:00
9c8ceada75
Fix test bug, add test of DNS resolver searchlist name canon rule
2011-10-22 14:54:26 -05:00
8fde93e3fb
Initial name canon rules tests (just kgetcred)
2011-10-22 14:54:26 -05:00
5c54736678
Removed "weak" option and implemented use-referrals/no-referrals
2011-10-22 14:54:26 -05:00
c764ad95e5
Document name canonicalization rules
2011-10-22 14:54:26 -05:00
e1be4482ac
Improve kgetcred support for name canon rules and document
2011-10-22 14:54:26 -05:00
f4471b11d6
Call krb5_set_error_message() and don't clobber ret in debug code
2011-10-22 14:54:25 -05:00
248e1eb772
Cleanups: s/\<assert\>/heim_assert/
2011-10-22 14:54:25 -05:00
9f5a43084c
Cleanups: s/ENOMEM/krb5_enomem(context)/
2011-10-22 14:54:25 -05:00
2f03603d6b
Cleanups: s/krb5int_/_krb5_/ and moved priv stuff from krb5.h
2011-10-22 14:54:25 -05:00
001fc24102
Removed vestiges of no-reverse-lookup/reverse-lookup option that was never implemented
2011-10-22 14:54:24 -05:00
a5e77c578e
Deferred hostname canon using name canon rules
2011-10-22 14:54:13 -05:00
587cf45846
add @anchor
2011-10-20 22:09:40 +02:00
b1012edee3
add
...
krb5_auth_con_getsendsubkey
2011-10-19 21:11:12 +02:00
fed3050bc0
use ` instead of $( to please legacy solaris /bin/sh
2011-10-19 11:36:18 +02:00
33f717edb2
Only set msg in case we have one, from Rangar Sundblad
2011-10-19 10:38:59 +02:00
6bcdba3a38
Fix autogen.sh to be portable and fail when autoreconf fails
2011-10-17 16:27:58 -05:00
d56bb35a50
Fix autogen.sh to be more portable and to fail when autoreconf fails
2011-10-17 15:47:50 -05:00
f7efe9516f
more references
2011-10-14 14:58:29 +02:00
7b77de50a0
kadmin modify --pkinit-acl example
2011-10-14 14:53:50 +02:00
Nicolas Williams