krb5.git
28 years agoChanged `mutual' element of struct _krb5_gss_ctx_id_rec into more general
Kevin Mitchell [Fri, 7 Jun 1996 19:22:25 +0000 (19:22 +0000)]
Changed `mutual' element of struct _krb5_gss_ctx_id_rec into more general
`gss_flags' and updated functions that process it; now get delegation flag
set properly :)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8275 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoadd mkey_from_kbd, update create/modify masks
Barry Jaspan [Thu, 6 Jun 1996 21:55:07 +0000 (21:55 +0000)]
add mkey_from_kbd, update create/modify masks

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8274 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoDon't pass $(LIBCMD) on the command line. It's set in the windows.in
Theodore Tso [Thu, 6 Jun 1996 20:37:07 +0000 (20:37 +0000)]
Don't pass $(LIBCMD) on the command line.  It's set in the windows.in
prologue for all Makefiles anyway.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8271 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoAdd the option /PAGESIZE:128 to the library command, since the krb5
Theodore Tso [Thu, 6 Jun 1996 19:55:49 +0000 (19:55 +0000)]
Add the option /PAGESIZE:128 to the library command, since the krb5
library has gotten so big.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8260 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoDon't use htonl(); it doesn't exist under Windows. Instead do the
Theodore Tso [Thu, 6 Jun 1996 19:54:22 +0000 (19:54 +0000)]
Don't use htonl(); it doesn't exist under Windows.  Instead do the
test by casting a pointer to an integer to a char *.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8259 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUpdate function prototype for krb5_encrypt_tkt_part
Theodore Tso [Thu, 6 Jun 1996 19:53:25 +0000 (19:53 +0000)]
Update function prototype for krb5_encrypt_tkt_part

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8258 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoAdd port number reserved for the password changing protocol
Theodore Tso [Thu, 6 Jun 1996 19:49:27 +0000 (19:49 +0000)]
Add port number reserved for the password changing protocol

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8257 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoMinor grammer fix
Theodore Tso [Thu, 6 Jun 1996 19:48:30 +0000 (19:48 +0000)]
Minor grammer fix

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8256 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUpdate krb5.constants file
Theodore Tso [Thu, 6 Jun 1996 19:47:15 +0000 (19:47 +0000)]
Update krb5.constants file

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8255 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUpdate .Sanitize file
Theodore Tso [Thu, 6 Jun 1996 19:46:38 +0000 (19:46 +0000)]
Update .Sanitize file

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8254 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoRemove extraneous '*' from definition
Theodore Tso [Thu, 6 Jun 1996 18:21:37 +0000 (18:21 +0000)]
Remove extraneous '*' from definition

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8251 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUpdate .Sanitize files
Theodore Tso [Thu, 6 Jun 1996 17:52:39 +0000 (17:52 +0000)]
Update .Sanitize files

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8250 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUpdate .Sanitize file
Theodore Tso [Thu, 6 Jun 1996 17:44:42 +0000 (17:44 +0000)]
Update .Sanitize file

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8249 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUpdated .Sanitize file
Theodore Tso [Thu, 6 Jun 1996 17:44:05 +0000 (17:44 +0000)]
Updated .Sanitize file

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8248 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUpdate patchlevel for Beta 6 release
Theodore Tso [Thu, 6 Jun 1996 05:03:24 +0000 (05:03 +0000)]
Update patchlevel for Beta 6 release

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8247 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUpdate .Sanitize files to reflect current file status
Theodore Tso [Thu, 6 Jun 1996 04:47:59 +0000 (04:47 +0000)]
Update .Sanitize files to reflect current file status

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8246 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoWhen reading in the test value from a file, don't free free
Theodore Tso [Thu, 6 Jun 1996 04:46:29 +0000 (04:46 +0000)]
When reading in the test value from a file, don't free free
inbuf.value until after the last place where we use it.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8245 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoRemove last traces of the krb425 library
Theodore Tso [Thu, 6 Jun 1996 04:26:56 +0000 (04:26 +0000)]
Remove last traces of the krb425 library

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8244 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago(FILES): Include lib/crypto/sha/* in list of files to be built for
Theodore Tso [Thu, 6 Jun 1996 04:10:04 +0000 (04:10 +0000)]
(FILES): Include lib/crypto/sha/* in list of files to be built for
Windows and the Macintosh.

(makefile-windows): Build lib/crypto/sha/makefile for Windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8243 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoInclude sha in the list of subdirectories for the Macintosh
Theodore Tso [Thu, 6 Jun 1996 04:09:22 +0000 (04:09 +0000)]
Include sha in the list of subdirectories for the Macintosh

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8242 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoA static function must not use the INTERFACE keyword
Theodore Tso [Thu, 6 Jun 1996 04:08:49 +0000 (04:08 +0000)]
A static function must not use the INTERFACE keyword

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8241 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * krb5_decode_test.c (main): For asn1_decode_enc_kdc_rep_part,
Ezra Peisach [Wed, 5 Jun 1996 20:00:43 +0000 (20:00 +0000)]
* krb5_decode_test.c (main): For asn1_decode_enc_kdc_rep_part,
starttime will equal authtime if not sent OTW.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8232 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * asn1_k_decode.c (asn1_decode_enc_kdc_rep_part): If starttime is
Ezra Peisach [Wed, 5 Jun 1996 19:58:00 +0000 (19:58 +0000)]
* asn1_k_decode.c (asn1_decode_enc_kdc_rep_part): If starttime is
not sent over the wire, set equal to authtime.

The kdc does not return the starttime if it matches the authtime. This
shows up readilly with kdc5_hammer....

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8231 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoAlways do USE_ANAME if kdbm_deplib is not defined, since in shared
Theodore Tso [Tue, 4 Jun 1996 20:14:19 +0000 (20:14 +0000)]
Always do USE_ANAME if kdbm_deplib is not defined, since in shared
library situations we may need to resolve all undefined symbols.  (We
don't do USE_ANAME if kdbm_deplib is defined because the db library
used for kdb may be different from the one used for the aname work.
This is a bit of an ugly botch, but it will work for now.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8226 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * configure.in: Ezra's changes to allow compiling w/o krb4
Tom Yu [Tue, 4 Jun 1996 04:27:51 +0000 (04:27 +0000)]
* configure.in: Ezra's changes to allow compiling w/o krb4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8212 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * configure.in: Ezra's patches to allow compilation w/o krb4
Tom Yu [Tue, 4 Jun 1996 04:27:01 +0000 (04:27 +0000)]
* configure.in: Ezra's patches to allow compilation w/o krb4
support

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8211 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * Makefile.in,configure.in: allow compilation w/o krb4 (Ezra's
Tom Yu [Tue, 4 Jun 1996 04:26:20 +0000 (04:26 +0000)]
* Makefile.in,configure.in: allow compilation w/o krb4 (Ezra's
patches)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8210 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * login.c: Ezra's patches to trim unsed arg from
Tom Yu [Tue, 4 Jun 1996 04:23:39 +0000 (04:23 +0000)]
* login.c: Ezra's patches to trim unsed arg from
verify_krb_v5_tgt, etc.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8209 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * Makefile.in, configure.in: back out previous changes and use
Tom Yu [Mon, 3 Jun 1996 20:17:01 +0000 (20:17 +0000)]
* Makefile.in, configure.in: back out previous changes and use
Ezra's patches instead.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8207 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * configure.in, Makefile.in: only link getdtablesize.o if needed
Tom Yu [Mon, 3 Jun 1996 02:10:00 +0000 (02:10 +0000)]
* configure.in, Makefile.in: only link getdtablesize.o if needed

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8205 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoswitch to USE_KADM5_API_VERSION == n instead of USE_KADM5_API_VERSION_n
Barry Jaspan [Thu, 30 May 1996 17:13:17 +0000 (17:13 +0000)]
switch to USE_KADM5_API_VERSION == n instead of USE_KADM5_API_VERSION_n

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8173 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoupdate kadm5_get_policy to use caller allocation
Barry Jaspan [Thu, 30 May 1996 17:02:09 +0000 (17:02 +0000)]
update kadm5_get_policy to use caller allocation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8172 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * aclocal.m4 (AC_CHECK_DBM_PROTO): sense of arguments to be
Tom Yu [Wed, 29 May 1996 22:42:55 +0000 (22:42 +0000)]
* aclocal.m4 (AC_CHECK_DBM_PROTO): sense of arguments to be
evaluated was reversed

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8163 dc483132-0cff-0310-8789-dd5450dbe970

28 years agountabify
Barry Jaspan [Wed, 29 May 1996 21:28:52 +0000 (21:28 +0000)]
untabify

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8161 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoremove an xxx, add a new one, update SUPPORT_DESMD5 description
Barry Jaspan [Wed, 29 May 1996 21:18:45 +0000 (21:18 +0000)]
remove an xxx, add a new one, update SUPPORT_DESMD5 description

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8159 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoadd AUTH_LIST and AUTH_CHANGEPW error codes
Barry Jaspan [Wed, 29 May 1996 21:10:10 +0000 (21:10 +0000)]
add AUTH_LIST and AUTH_CHANGEPW error codes

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8158 dc483132-0cff-0310-8789-dd5450dbe970

28 years agofirst cut at updating authorization semantics
Barry Jaspan [Wed, 29 May 1996 18:58:21 +0000 (18:58 +0000)]
first cut at updating authorization semantics

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8151 dc483132-0cff-0310-8789-dd5450dbe970

28 years agocompletely rework configuration parameters
Barry Jaspan [Wed, 29 May 1996 18:08:50 +0000 (18:08 +0000)]
completely rework configuration parameters

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8150 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUse USE_ANAME
Sam Hartman [Sun, 26 May 1996 01:57:43 +0000 (01:57 +0000)]
Use USE_ANAME

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8124 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUse KRB5_RUN_FLAGS
Sam Hartman [Thu, 23 May 1996 23:36:14 +0000 (23:36 +0000)]
Use KRB5_RUN_FLAGS

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8121 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago Do not build libgssapi.a on AIX, because it doesnt work
Sam Hartman [Thu, 23 May 1996 23:35:00 +0000 (23:35 +0000)]
Do not build libgssapi.a on AIX, because it doesnt work
(unresolved symbols) and would be fairly useless anyway.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8120 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUse KRB5_RUN_FLAGS in configure.in, and use appropriate run flags for
Sam Hartman [Thu, 23 May 1996 23:34:05 +0000 (23:34 +0000)]
Use KRB5_RUN_FLAGS in configure.in, and use appropriate run flags for
each test so shared libraries are happy.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8119 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUse KRB5_RUN_FLAGS in configure.in, and use appropriate run flags for
Sam Hartman [Thu, 23 May 1996 23:32:51 +0000 (23:32 +0000)]
Use KRB5_RUN_FLAGS in configure.in, and use appropriate run flags for
each test so shared libraries are happy.

Also, for tests that use weak or zero keys, make sure we link
in enough object modules to allow us to overide parts of libcrypto
even on systems with early binding in shared libs lik AIX.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8118 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago* Ignore the error if we cannot make ksu set-uid; we don't want to
Sam Hartman [Thu, 23 May 1996 23:30:44 +0000 (23:30 +0000)]
* Ignore the error if we cannot make ksu set-uid; we don't want to
abort make install in this situation.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8117 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUse secure context for login
Sam Hartman [Thu, 23 May 1996 23:29:33 +0000 (23:29 +0000)]
Use secure context for login

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8116 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoadd KRB5_TL_KADM5_E_DATA
Barry Jaspan [Thu, 23 May 1996 18:35:26 +0000 (18:35 +0000)]
add KRB5_TL_KADM5_E_DATA

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8109 dc483132-0cff-0310-8789-dd5450dbe970

28 years agojik's comments
Barry Jaspan [Thu, 23 May 1996 10:36:20 +0000 (10:36 +0000)]
jik's comments

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8107 dc483132-0cff-0310-8789-dd5450dbe970

28 years agomd4crypto.c:
Richard Basch [Wed, 22 May 1996 02:42:20 +0000 (02:42 +0000)]
md4crypto.c:
The incorrect size was being used to compare the computed message
digest and the supplied checksum for the "fixed" md4 case, causing
decryption integrity failures.
[Fixed by epeisach/audited by basch; fixes 'make check']

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8099 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUpdate use of libupdate to use the new command line arguments
Theodore Tso [Tue, 21 May 1996 01:09:17 +0000 (01:09 +0000)]
Update use of libupdate to use the new command line arguments

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8086 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoRemove vestigal ODBM support
Theodore Tso [Mon, 20 May 1996 22:17:27 +0000 (22:17 +0000)]
Remove vestigal ODBM support

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8085 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoRemove support for ODBM
Theodore Tso [Mon, 20 May 1996 22:17:00 +0000 (22:17 +0000)]
Remove support for ODBM

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8084 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoRemove vestigal support for ODBM
Theodore Tso [Mon, 20 May 1996 22:15:32 +0000 (22:15 +0000)]
Remove vestigal support for ODBM

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8083 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoUpdate autoconf to version 2.10. This will fix the reported bugs of
Theodore Tso [Mon, 20 May 1996 22:09:09 +0000 (22:09 +0000)]
Update autoconf to version 2.10.  This will fix the reported bugs of
the install-sh script getting cached with the wrong values, as well as
bringing us to a more recent version of autoconf.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8078 dc483132-0cff-0310-8789-dd5450dbe970

28 years agokrb5.conf.M: Document kdc_req_checksumtype, as_req_checksum_type, and
Theodore Tso [Mon, 20 May 1996 21:27:22 +0000 (21:27 +0000)]
krb5.conf.M: Document kdc_req_checksumtype, as_req_checksum_type, and
safe_checksum_type.

krb5.conf: Remove the tkt_lifetime parameter altogether.  We may end
up doing it slightly differently post-Beta 6...

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8067 dc483132-0cff-0310-8789-dd5450dbe970

28 years agomd5crypto.c, md5crypto.h: Change use of RSA_MD5_DES_CKSUM_LENGTH to
Theodore Tso [Mon, 20 May 1996 21:20:12 +0000 (21:20 +0000)]
md5crypto.c, md5crypto.h: Change use of RSA_MD5_DES_CKSUM_LENGTH to
use OLD_RSA_MD5_DES_CKSUM_LENGTH and NEW_RSA_MD5_DES_CKSUM_LENGTH, as
appropriate.

t_cksum.c (main): Use proper header file constants to get the correct
checksum length for the MD4 and MD5 old-style and new-style checksum
functions.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8066 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoChange use of RSA_MD4_DES_CKSUM_LENGTH to use
Theodore Tso [Mon, 20 May 1996 21:18:39 +0000 (21:18 +0000)]
Change use of RSA_MD4_DES_CKSUM_LENGTH to use
OLD_RSA_MD4_DES_CKSUM_LENGTH and NEW_RSA_MD4_DES_CKSUM_LENGTH, as
appropriate.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8065 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoDon't do timing tests; it takes too long!
Theodore Tso [Mon, 20 May 1996 21:16:20 +0000 (21:16 +0000)]
Don't do timing tests; it takes too long!

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8064 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoupdate Makefile.in for new libupdate
Tom Yu [Mon, 20 May 1996 15:22:11 +0000 (15:22 +0000)]
update Makefile.in for new libupdate

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8060 dc483132-0cff-0310-8789-dd5450dbe970

28 years agofix libupdate and allow it to deal with multiple directories
Tom Yu [Mon, 20 May 1996 15:20:34 +0000 (15:20 +0000)]
fix libupdate and allow it to deal with multiple directories

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8059 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoFixes so krb5_seteuid compiles on Ultrix
Sam Hartman [Mon, 20 May 1996 06:54:42 +0000 (06:54 +0000)]
Fixes so krb5_seteuid compiles on Ultrix

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8058 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoFix up some annoying pre-processor typos
Sam Hartman [Mon, 20 May 1996 06:36:02 +0000 (06:36 +0000)]
Fix up some annoying pre-processor typos

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8057 dc483132-0cff-0310-8789-dd5450dbe970

28 years agodocument changes to libupdate.sh
Tom Yu [Mon, 20 May 1996 05:17:57 +0000 (05:17 +0000)]
document changes to libupdate.sh

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8056 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * libupdate.sh: do the shift before the assignments
Tom Yu [Mon, 20 May 1996 05:17:15 +0000 (05:17 +0000)]
* libupdate.sh: do the shift before the assignments

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8055 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoFix for HPUx
Sam Hartman [Mon, 20 May 1996 04:14:17 +0000 (04:14 +0000)]
Fix for HPUx

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8054 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoDo not keep source cache open if we are going to use
Sam Hartman [Mon, 20 May 1996 04:08:27 +0000 (04:08 +0000)]
Do not keep source cache open if we are going to use
it as the target cache.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8053 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago As per mail describing the ksu problem, invent a krb5util
Sam Hartman [Sun, 19 May 1996 18:56:50 +0000 (18:56 +0000)]
As per mail describing the ksu problem, invent a krb5util
function to properly set the euid on all systems where it is possible.
Ksu cannot be used without this function in a secure manner.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8052 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoCheck for uid_t so that new prototype works
Sam Hartman [Sun, 19 May 1996 18:55:35 +0000 (18:55 +0000)]
Check for uid_t so that new prototype works

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8051 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoPrototype new function: krb5_seteuid
Sam Hartman [Sun, 19 May 1996 18:54:59 +0000 (18:54 +0000)]
Prototype new function: krb5_seteuid

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8050 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoSignificant security fixes to ksu
Sam Hartman [Sun, 19 May 1996 18:52:51 +0000 (18:52 +0000)]
Significant security fixes to ksu

* Use source euid all throughout procedure of opening source ccache,
Richard's code had a race condition.

* Use target euid while looking up .k5login and constructing target ccache.

* Avoid chowns completely; they create race conditions.  Fchown could
have been used if we wanted to be really careful, but they aren't
necessary and we would have to violate abstractions.

* Clean up several conditions that would allow users to delete
arbitrary files of the user they were ksuing to without authorization.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8049 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * kdb_dbm.c: Do not provide prototypes for dbm_error or
Ezra Peisach [Sat, 18 May 1996 19:08:50 +0000 (19:08 +0000)]
  * kdb_dbm.c: Do not provide prototypes for dbm_error or
              dbm_clearerr if they are really macros.

Required for Ultrix...

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8048 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * des3_sha.c: Add static keywords in function declarartions to
Ezra Peisach [Sat, 18 May 1996 17:42:15 +0000 (17:42 +0000)]
  * des3_sha.c: Add static keywords in function declarartions to
               match earlier declarations.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8047 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoDefine $library from the positional arguments before --force uses $library
Theodore Tso [Sat, 18 May 1996 06:07:05 +0000 (06:07 +0000)]
Define $library from the positional arguments before --force uses $library

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8046 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoFix memory leak. Free tempbuf before returning
Theodore Tso [Sat, 18 May 1996 06:04:00 +0000 (06:04 +0000)]
Fix memory leak.  Free tempbuf before returning

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8045 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoDefine MD5_K5BETA_COMPAT and MD5_K5BETA_COMP_DEF so that we continue
Theodore Tso [Sat, 18 May 1996 05:55:59 +0000 (05:55 +0000)]
Define MD5_K5BETA_COMPAT and MD5_K5BETA_COMP_DEF so that we continue
doing things the wrong (broken) way.  All hail backwards
compatibility....  The code now generates the old checksum, but it
will verify both the old and the correct checksum formats.

Also fixed two bugs in the "correct" MD5_CRYPTO implementation; use a
zero initialization vector, and calculate the confounder at the
beginning of the message, not at the end.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8044 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoDefine MD4_K5BETA_COMPAT and MD4_K5BETA_COMP_DEF so that we continue
Theodore Tso [Sat, 18 May 1996 05:55:25 +0000 (05:55 +0000)]
Define MD4_K5BETA_COMPAT and MD4_K5BETA_COMP_DEF so that we continue
doing things the wrong (broken) way.  All hail backwards
compatibility....  The code now generates the old checksum, but it
will verify both the old and the correct checksum formats.

Also fixed two bugs in the "correct" MD4_CRYPTO implementation; use a
zero initialization vector, and calculate the confounder at the
beginning of the message, not at the end.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8043 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoupdate randkey to return an array of keyblocks, not key_data; update
Barry Jaspan [Fri, 17 May 1996 21:38:25 +0000 (21:38 +0000)]
update randkey to return an array of keyblocks, not key_data; update
get_principal to take pointer to struct, not pointer to pointer to
struct

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8041 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoCorrectly implement getsockname(), so it does getsockname(), not
Theodore Tso [Fri, 17 May 1996 18:21:41 +0000 (18:21 +0000)]
Correctly implement getsockname(), so it does getsockname(), not
getpeername(), and add the function getpeername().

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8040 dc483132-0cff-0310-8789-dd5450dbe970

28 years agodefine USE_KADM5_API_VERSION_n
Barry Jaspan [Fri, 17 May 1996 15:42:30 +0000 (15:42 +0000)]
define USE_KADM5_API_VERSION_n

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8039 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoseparate from server and tools information, rename into separate document
Barry Jaspan [Thu, 16 May 1996 19:28:04 +0000 (19:28 +0000)]
separate from server and tools information, rename into separate document

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8034 dc483132-0cff-0310-8789-dd5450dbe970

28 years agodefine KADM5_API_VERSION_2
Barry Jaspan [Thu, 16 May 1996 19:19:39 +0000 (19:19 +0000)]
define KADM5_API_VERSION_2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8033 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoInterim checkin of most of jhawks comments. Still a few more to do
Ezra Peisach [Thu, 16 May 1996 02:33:38 +0000 (02:33 +0000)]
Interim checkin of most of jhawks comments. Still a few more to do

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8032 dc483132-0cff-0310-8789-dd5450dbe970

28 years agofirst, rough cut at OV -> kadm5 naming
Barry Jaspan [Wed, 15 May 1996 15:03:13 +0000 (15:03 +0000)]
first, rough cut at OV -> kadm5 naming

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8031 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago(AC_CHECK_DBM_PROTOS): If the test had already been run and the result
Ezra Peisach [Wed, 15 May 1996 01:58:21 +0000 (01:58 +0000)]
(AC_CHECK_DBM_PROTOS): If the test had already been run and the result
cached, arguments $3 and $4 were never executed.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8030 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago* k5seal.c k5unseal.c util_cksum.c:
Richard Basch [Wed, 15 May 1996 01:05:28 +0000 (01:05 +0000)]
* k5seal.c k5unseal.c util_cksum.c:
        setup krb5_checksum "contents" and "length" field prior to
        calling krb5_calculate_checksum().

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8029 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoFixed changelog to reflect previous checkin
Richard Basch [Wed, 15 May 1996 01:04:37 +0000 (01:04 +0000)]
Fixed changelog to reflect previous checkin

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8028 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago* des_crc.c des_md5.c:
Richard Basch [Wed, 15 May 1996 01:03:37 +0000 (01:03 +0000)]
* des_crc.c des_md5.c:
        set the length field of the cksum structure.

* des3_sha.c:
        Increase the confounder length to 24 bytes.
        Set the length of the cksum structure.

* cryptoconf.c:
sha-des3 cksum has been replaced by hmac-sha

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8027 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago* .Sanitize: reflect current files
Richard Basch [Wed, 15 May 1996 01:01:41 +0000 (01:01 +0000)]
* .Sanitize: reflect current files
* Makefile.in: added hmac-sha
* hmac_sha.c: implement HMAC-SHA
* sha_crypto.c: use hmac-sha
* sha_glue.c: sanity check the passed in checksum length
* shs.h: replaced sha-des3 with hmac-sha

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8026 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago* md5crypto.c md5glue.c:
Richard Basch [Wed, 15 May 1996 01:00:36 +0000 (01:00 +0000)]
* md5crypto.c md5glue.c:
        ensure the cksum content length is sufficient.

* t_cksum.c: initialize cksum.length

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8025 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago* md4crypto.c md4glue.c:
Richard Basch [Wed, 15 May 1996 01:00:03 +0000 (01:00 +0000)]
* md4crypto.c md4glue.c:
        ensure the cksum content length is sufficient

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8024 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago* des_int.h: the cs_entry routines in cbc_cksum.c are now static
Richard Basch [Wed, 15 May 1996 00:59:30 +0000 (00:59 +0000)]
* des_int.h: the cs_entry routines in cbc_cksum.c are now static

* Makefile.in: removed cs_entry.c

* cbc_cksum.c:
        caller is responsible for allocating cksum->contents
          and indicate the allocated amount in cksum->length.
        the cs_entry routines are now static and the cs_entry
          structure is now in this file to enforce proper use.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8023 dc483132-0cff-0310-8789-dd5450dbe970

28 years agocrc.c: ensure the cksum length is sufficient
Richard Basch [Wed, 15 May 1996 00:58:34 +0000 (00:58 +0000)]
crc.c: ensure the cksum length is sufficient
crc-test.c: set the cksum length field

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8022 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago* mk_req_ext.c mk_safe.c send_tgs.c:
Richard Basch [Wed, 15 May 1996 00:57:15 +0000 (00:57 +0000)]
* mk_req_ext.c mk_safe.c send_tgs.c:
        set the length field of the krb5_checksum structure before
        calling krb5_calculate_checksum.

* str_conv.c: replaced sha-des3 cksum with hmac-sha.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8021 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoreplaced CKSUMTYPE_SHA_DES3 with CKSUMTYPE_HMAC_SHA
Richard Basch [Wed, 15 May 1996 00:55:47 +0000 (00:55 +0000)]
replaced CKSUMTYPE_SHA_DES3 with CKSUMTYPE_HMAC_SHA

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8020 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoRemove old, outdated library
Theodore Tso [Tue, 14 May 1996 08:51:15 +0000 (08:51 +0000)]
Remove old, outdated library

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8019 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoChange call to krb5_auth_con_setcksumtype to use
Theodore Tso [Tue, 14 May 1996 08:42:56 +0000 (08:42 +0000)]
Change call to krb5_auth_con_setcksumtype to use
krb5_auth_con_set_req_cksumtype by default instead.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8018 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoser_ctx.c (krb5_context_size, krb5_context_externalize,
Theodore Tso [Tue, 14 May 1996 08:41:32 +0000 (08:41 +0000)]
ser_ctx.c (krb5_context_size, krb5_context_externalize,
krb5_context_internalize): Add missing fields from the serialized
context: clockskew, default_kdc_req_sumtype, default_ap_req_sumtype,
default_safe_sumtype, kdc_default_options, library_options,
profile_secure, fcc_default_format, scc_default_format.

ser_actx.c (krb5_auth_context_size, krb5_auth_context_externalize,
krb5_auth_context_internalize): Serialize the two fields req_cksumtype
and safe_cksumtype, instead of the one cksumtype field.

mk_safe.c (krb_mk_safe): Use safe_cksumtype instead of cksumtype in
the auth context.

mk_req_ext.c (krb5_mk_req_extended): Use req_cksumtype instead of
cksumtype in the auth context.

init_ctx.c (krb5_init_context): Add support for new profile
relations libdefaults/tkt_lifetime, libdefaults/kdc_req_checksum_type,
libdefaults/ap_req_cksumtype, libdefaults/safe_checksumtype, and
libdefaults/kdc_default_options.

auth_con.h: Remove old cksumtype element, and replace it with
req_cksumtype and safe_cksumtype.

auth_con.c (krb5_auth_con_init): Initialize the req_cksumtype and
safe_cksumtype from the context's default req_cksumtype and
safe_cksumtype.  (krb5_auth_con_set_req_cksumtype,
krb5_auth_con_set_safe_cksumtype): New functions, to replace old
krb5_auth_con_setcksumtype

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8017 dc483132-0cff-0310-8789-dd5450dbe970

28 years agok5-int.h: Added new field values for ap_req_sumtype and safe_sumtype.
Theodore Tso [Tue, 14 May 1996 08:39:27 +0000 (08:39 +0000)]
k5-int.h: Added new field values for ap_req_sumtype and safe_sumtype.
Added new convenience function for verifying magic numbers:
KRB5_VERIFY_MAGIC.

krb5.hin (krb5_auth_con_set_req_cksumtype, rb5_auth_con_set_safe_cksumtype):
Added prototypes of new functions, to replace old
krb5_auth_con_setcksumtype.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8016 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoChange the default ticket lifetime to something reasonable (10 hours,
Theodore Tso [Tue, 14 May 1996 00:43:00 +0000 (00:43 +0000)]
Change the default ticket lifetime to something reasonable (10 hours,
instead of 10 minutes).  Also change the label of this parameter to be
tkt_lifetime.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8015 dc483132-0cff-0310-8789-dd5450dbe970

28 years ago * Makefile.in (SHLIB_LIBS): For shared library, add dependency on
Ezra Peisach [Mon, 13 May 1996 19:30:26 +0000 (19:30 +0000)]
* Makefile.in (SHLIB_LIBS): For shared library, add dependency on
libkrb5.so

* configure.in (CRYPTO_SH_VERS): Pass krb5 shared library version
to Makefile.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8014 dc483132-0cff-0310-8789-dd5450dbe970

28 years agoconfigure.in heuristic.c:
Richard Basch [Mon, 13 May 1996 11:54:07 +0000 (11:54 +0000)]
configure.in heuristic.c:
Change the euid before opening the source ccache, so we don't use
someone else's ccache.

authorization.c:
users only in /.k5login were not permitted to use the '-e cmd' feature.
The man page does not indicate that this should not be permitted...

Also, lots of indentation cleanup was done... I couldn't read the code before.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8013 dc483132-0cff-0310-8789-dd5450dbe970