Ken Raeburn [Fri, 30 May 2003 23:53:16 +0000 (23:53 +0000)]
* main.c (init_realm): Use KRB5_KDB_MAX_RLIFE, not KRB5_KDB_MAX_LIFE, as
default for realm's max renewable lifetime.
(KRB5_KDB_MAX_RLIFE is currently one week)
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15532
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:41:08 +0000 (23:41 +0000)]
* definitions.texinfo (DefaultCcacheType, DefaultKDCTimesync,
DefaultMasterKeyType): Updated for code changes.
(DefaultCcacheTypeMac, DefaultKDCTimesyncMac): Deleted.
* admin.texinfo (libdefaults): Update kdc_timesync and ccache_type descriptions
to not separate Mac case.
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15531
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:39:19 +0000 (23:39 +0000)]
* definitions.texinfo (DefaultCcacheType, DefaultKDCTimesync,
DefaultTktLifetime, DefaultMasterKeyType): Updated for code changes.
(DefaultCcacheTypeMac, DefaultKDCTimesyncMac): Deleted.
* admin.texinfo (libdefaults): Update kdc_timesync and ccache_type descriptions
to not separate Mac case.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15530
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:36:00 +0000 (23:36 +0000)]
* init_ctx.c (DEFAULT_KDC_TIMESYNC): Define as 1 always.
(DEFAULT_CCACHE_TYPE): Define as 4 always.
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15529
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:35:00 +0000 (23:35 +0000)]
* osconf.h (DEFAULT_KDC_ENCTYPE): Default to des3 now
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15528
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:31:40 +0000 (23:31 +0000)]
update kinit krb4 fallback lifetime default
* kinit.c (KRB4_BACKUP_DEFAULT_LIFE_SECS): Update to one day.
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15527
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 30 May 2003 20:01:31 +0000 (20:01 +0000)]
Document that we support AES and the constraints on that support
Ticket: 1535
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15526
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 30 May 2003 18:55:28 +0000 (18:55 +0000)]
* get_in_tkt.c: (verify_as_reply) Only check the renewable lifetime of tickets whose request options included KDC_OPT_RENEWABLE_OK if those options did not also include KDC_OPT_RENEWABLE. Otherwise verify_as_reply() will fail for all renewable tickets
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15524
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 01:50:38 +0000 (01:50 +0000)]
update path for kdc.conf in man page
The man page puts kdc.conf in lib/krb5kdc, but it should be var/krb5kdc.
(It's also hardcoded as being in /usr/local, but that's another bug...)
* kdc.conf.M (FILES): Refer to correct location for kdc.conf in the default
installation path.
ticket: new
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15523
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 29 May 2003 16:42:31 +0000 (16:42 +0000)]
krb524d.h: removed invalid Mac pragmas [RT 1533]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15520
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 28 May 2003 04:07:45 +0000 (04:07 +0000)]
update for krb5-1.3-beta2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15516
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 28 May 2003 02:16:30 +0000 (02:16 +0000)]
Rename interface to krb5_524_convert_creds, export it from krb5 library.
Provide old names as functions for UNIX/MacOS binary compatibility, and
deprecated macros for source code compatibility. (For Windows, we'll still
need a krb524.dll, and it can worry about providing the old names.) Enable
support on Windows always.
ticket: 1491
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15513
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 27 May 2003 23:20:25 +0000 (23:20 +0000)]
Docs for admin keytab changes... only this one change need pullup
* admin.texinfo (realms (kdc.conf)): Update to reflect that
kadm5.keytab is only used by legacy admin daemons.
* install.texinfo (Create a kadmind Keytab (optional)): Update to
reflect that kadm5.keytab is only used by legacy admin daemons.
ticket: 1372
version_fixed: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15510
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 27 May 2003 22:20:41 +0000 (22:20 +0000)]
* build.texinfo (HPUX): Make HPUX compiler flags simpler
ticket: 1520
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15508
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 27 May 2003 21:15:19 +0000 (21:15 +0000)]
* schpw.c (process_chpw_request): Log chpw requests
ticket: 1519
tags: pullup
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15502
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 27 May 2003 20:57:03 +0000 (20:57 +0000)]
* win-pre.in (CPPFLAGS): Define KRB5_DEPRECATED=1
ticket: 1528
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15500
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 27 May 2003 20:02:50 +0000 (20:02 +0000)]
Avoid memory leak of server and client principal in
krb5_get_in_tkt_with{_password,_keytab}
Ticket: 1525
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15498
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 27 May 2003 16:40:55 +0000 (16:40 +0000)]
* Makefile.in (KRBHDEP): Add krb524_err header
ticket: 1491
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15497
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 27 May 2003 16:32:09 +0000 (16:32 +0000)]
* Makefile.in (clean-windows): Remove new "timestamp" file when
cleaning up.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15496
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 25 May 2003 12:01:27 +0000 (12:01 +0000)]
* krb5.hin: Sequence number of krb5_replay_data should be unsigned
ticket: 1262
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15493
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 25 May 2003 11:54:03 +0000 (11:54 +0000)]
Missing prototype for krb5_db_iterate_ext
* kdb.h: Add prototype for krb5_db_iterate_ext.
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15492
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 24 May 2003 04:51:38 +0000 (04:51 +0000)]
Big step towards integrating libkrb524 into libkrb5:
Move libkrb524 code, including error table, into libkrb5. Now libkrb5
initialization pulls in the krb524 error table, so krb524_init_ets is
gone; all calls deleted.
Move krb4 life/time conversion functions into libkrb5 under new names,
using accessor hooks to get at them from libkrb4.
Move declarations from krb524.h into krb5.h, k5-int.h, or krb524d.h;
the last doesn't get copied into the include directory. Changed
inclusions of krb524.h to the appropriate files, if any were needed.
Rebuilt dependencies in Makefiles.
These changes are likely to break the Windows build; I'll look into
that soon.
ticket: 1491
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15491
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 24 May 2003 01:33:03 +0000 (01:33 +0000)]
make-depend updates
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15490
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sat, 24 May 2003 01:03:30 +0000 (01:03 +0000)]
When generating etype_info2 for DES style keys, use s2kparams to
communicate the type if the key has afs3 salt.
If such s2kparams are received by the client, use the afs string2key
function to process the key.
Ticket: 1512
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15489
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sat, 24 May 2003 00:59:25 +0000 (00:59 +0000)]
Populate etype_info_entry.s2kparams.data
The ASN.1 decoder for etype_info_entry accidentally throws away the
pointer to s2kparams data. Don't Correctly store the pointer.
Ticket: new
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15488
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 23 May 2003 23:55:12 +0000 (23:55 +0000)]
update descriptions of OS-specific configure options
* build.texinfo (HPUX, Solaris 2.X, Ultrix 4.2/3 [notdef]): Replace
descriptions of old --with- options with VAR=.
(Solaris 2.X): Suggest that defining _XOPEN_SOURCE and __EXTENSIONS__ might
help for 64-bit mode.
ticket: new
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15487
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 23 May 2003 23:01:45 +0000 (23:01 +0000)]
* admin.texinfo (appdefaults): Clarify afs_krb5 slightly
ticket: 1192
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15486
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 23 May 2003 16:41:43 +0000 (16:41 +0000)]
use kdc_default_options
The documentation and context initialization supports an option called
kdc_default_options which is an integer that sets the default KDC
request flags. Make the code actually use the option.
Ticket: new
Component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15485
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 23 May 2003 16:33:58 +0000 (16:33 +0000)]
Document afs_krb5 appdefaults section
Ticket: 1192
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15484
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 23 May 2003 06:55:39 +0000 (06:55 +0000)]
Memory leak in kdc etype_info2 preauth
* kdc_preauth.c (return_etype_info2): After encoding the
etype_info2 and copying the pointers to the pa_data, free the
krb5_data pointer.
Ticket: new
Target_Version: 1.3
Tags: pickup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15483
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 23 May 2003 04:07:00 +0000 (04:07 +0000)]
* gen_seqnum.c (krb5_generate_seq_number): Fix think-o on sequence
number mask.
ticket: 1262
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15480
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 23 May 2003 03:37:59 +0000 (03:37 +0000)]
Implement heuristic for matching broken Heimdal sequence number encodings
ticket: 1263
target_version: 1.3
tags: pullup
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15479
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 22 May 2003 23:13:49 +0000 (23:13 +0000)]
* kt_file.c (krb5_ktfile_get_entry): Check principal name prior to
checking enctype. Suggested by Wyllys Ingersoll.
ticket: 1229
status: open
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15470
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 22 May 2003 22:25:03 +0000 (22:25 +0000)]
Default KRB5_DEPRECATED to 0, but force it to 1 for in-tree stuff
ticket: 1483
tags: pullup
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15469
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 22 May 2003 20:28:21 +0000 (20:28 +0000)]
Log transited checkd not done as info not error
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15468
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 22 May 2003 20:26:59 +0000 (20:26 +0000)]
Provide an explicit list of options not to be allowed in AS requests
rather than disallowing all unknown options.
Ticket: 1202
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15467
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 22 May 2003 17:31:57 +0000 (17:31 +0000)]
Cross realm checks can check beyond end of buffer
* keytab.c (is_xrealm_tgt): Use strncmp instead of strcmp - as
principal and realm name do not need to be null terminated.
ticket: new
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15466
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 22 May 2003 17:09:52 +0000 (17:09 +0000)]
krb5int_populate_gic_opt should return void
Since none of the functions it calls can return an error, this should
return void.
Ticket: new
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15465
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 22 May 2003 15:46:27 +0000 (15:46 +0000)]
* kdb5_mkdums.c (main): When attempting to register writable
keytab, do not fail if error is KRB5_KT_TYPE_EXISTS.
Ticket: 1501
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15464
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 21 May 2003 23:55:58 +0000 (23:55 +0000)]
Set length correctly in krb5_get_in_tkt_with_password if password is
actually passed in. Also, fix test suite to be more lenient about
password prompts, which changed under the previous patches for this
ticket.
ticket: 1480
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15463
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 20 May 2003 22:29:57 +0000 (22:29 +0000)]
krb5_get_in_tkt now only supports old (non-etype-info2) enctypes
Ticket: 1480
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15462
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 20 May 2003 21:22:48 +0000 (21:22 +0000)]
Implement krb5_get_in_tkt_with_password and
krb5_get_in_tkt_with_keytab in terms of krb5_get_init_creds.
It turns out that these do in fact need to use get_init_creds not
get_init_creds_{password,keytab} because of those functions do not
allow the AS request to be returned.
Ticket: 1480
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15461
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 20 May 2003 14:34:53 +0000 (14:34 +0000)]
* asn1_k_encode.c (asn1_encode_krb_safe_body): Use
asn1_encode_unsigned_integer for sequence number.
* asn1_k_decode.c (asn1_decode_krb_safe_body): Use
asn1_decode_seqnum to decode sequence number.
ticket: 1262
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15460
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 19 May 2003 17:34:41 +0000 (17:34 +0000)]
Register writable keytabs by default
We have a customer requirement to support writable keytabs using the
public API in 1.3 Discussion on krbcore indicates there is no good
reason why these are not registered by default. So, they are now
registered by default.
Also adjust other code in the tree not to try and register them.
Ticket: new
Target_Version: 1.3
Component: krb5-libs
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15459
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 18 May 2003 09:01:47 +0000 (09:01 +0000)]
* depgen.sed: Put print command on separate lines from substitution commands,
instead of using s///p form.
ticket: 1364
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15458
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 18 May 2003 05:16:05 +0000 (05:16 +0000)]
Sequence numbers are now unsigned. Implement lenient parser for
sequence numbers which folds received negative sequence numbers into
positive unsigned numbers. Constrain the space of initial sequence
numbers to facilitate backwards compatibility.
ticket: 1262
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15457
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 17 May 2003 01:57:43 +0000 (01:57 +0000)]
* schpw.c (process_chpw_request): Return KRB5_KPASSWD_BAD_VERSION if the
version number isn't 1.
ticket: 1441
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15456
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 17 May 2003 01:56:10 +0000 (01:56 +0000)]
* chpw.c (krb5int_rd_chpw_rep): Allow new kpasswd error codes up through
_INITIAL_FLAG_NEEDED.
ticket: 1441
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15455
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 17 May 2003 01:55:28 +0000 (01:55 +0000)]
Define the new error codes
* krb5.hin (KRB5_KPASSWD_ACCESSDENIED): New macro.
(KRB5_KPASSWD_BAD_VERSION, KRB5_KPASSWD_INITIAL_FLAG_NEEDED): New macros.
ticket: 1441
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15454
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 17 May 2003 01:51:53 +0000 (01:51 +0000)]
* ser_ctx.c (krb5_context_internalize): Copy read-in OS context data into
krb5_context and free up the newly allocated OS context.
ticket: 1497
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15453
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 17 May 2003 01:48:44 +0000 (01:48 +0000)]
* default.exp (spawn_xterm): Add KPASSWD and REALMNAME to the list of exported
variables.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15452
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 15 May 2003 23:42:21 +0000 (23:42 +0000)]
* mkrel: Remote autom4te.cache files
ticket: 1492
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15449
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 15 May 2003 20:20:46 +0000 (20:20 +0000)]
Only allow combine_keys to work on des and 3des enctypes. It is not
supported for rc4 or AES until we implement the crypto framework PRF.
Ticket: 1248
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15448
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 15 May 2003 18:55:12 +0000 (18:55 +0000)]
KfM should export krb5_c_string_to_key_with_params
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15446
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 14 May 2003 20:48:22 +0000 (20:48 +0000)]
Be more friendly towards parallel builds
* Makefile.in ($(EHDRDIR)$(S)timestamp): New target, used for ensuring
$(EHDRDIR) exists.
(clean-unix): Delete the dummy file.
($(EHDRDIR)$(S)gssapi.h): Depend on it, instead of creating the directory here.
($(EHDRDIR)$(S)gssapi_generic.h): Likewise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15443
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 14 May 2003 19:32:45 +0000 (19:32 +0000)]
Update for krb5-1.3-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15440
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Wed, 14 May 2003 19:28:48 +0000 (19:28 +0000)]
Allow the KDC to return bad integrity errors to the client on preauth
failure. This will be translated by the client into password
incorrect.
Ticket: 1488
Target_Version: 1.3
Tags: pullup
Component: krb5-kdc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15439
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 14 May 2003 00:26:17 +0000 (00:26 +0000)]
* start_servers_local: Set KRB5RCACHEDIR.
* stop_servers_local: Set KRB5RCACHEDIR. Use the correct filename when
deleting the replay cache file.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15434
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 13 May 2003 23:24:36 +0000 (23:24 +0000)]
provide shorthand aliases for AES enctypes
* etypes.c (krb5_enctypes_list): Add names aes128-cts and aes256-cts as
aliases.
ticket: new
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15433
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 13 May 2003 21:53:59 +0000 (21:53 +0000)]
Try forwarding with no enctype restriction if forwarding with an
enctype restriction fails. This is sufficient for 1.3.
Ticket: 1473
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15431
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 13 May 2003 21:04:33 +0000 (21:04 +0000)]
* gssapi_krb5.h: Remove check for GSS_RFC_COMPLIANT_OIDS
ticket: 1482
status: open
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15429
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 13 May 2003 21:01:09 +0000 (21:01 +0000)]
AES shouldn't be in KDC default enctype list
Until all services including GSS-based ones can support AES, we don't
want it in the default supported enctypes list on the KDC.
ticket: new
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15428
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 13 May 2003 20:24:57 +0000 (20:24 +0000)]
reduce AES string-to-key iteration count to 4096
* aes_s2k.c (DEFAULT_ITERATION_COUNT): New macro; define to 4096.
(MAX_ITERATION_COUNT): New macro.
(krb5int_aes_string_to_key): Use them.
Also added a proper copyright notice.
ticket: new
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15427
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 13 May 2003 17:56:20 +0000 (17:56 +0000)]
Fix minor error in previous commit that broke v4 salts
Ticket: 1470
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15426
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 13 May 2003 17:05:27 +0000 (17:05 +0000)]
Fix memory leaks and double frees in preauth2.c
Ticket: 1470
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15425
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 13 May 2003 16:22:21 +0000 (16:22 +0000)]
Add AES enctypes to t_encrypt
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15424
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 12 May 2003 22:33:42 +0000 (22:33 +0000)]
* Makefile.in: Add setting of KRB_ERR on Windows
ticket: 1477
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15419
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 12 May 2003 18:04:31 +0000 (18:04 +0000)]
Don't #include compile_et .c files
At least the e2fsprogs compile_et produces .c files that duplicate
definitions found in com_err.h and so you need to avoid including
those .c files in other files.
In order to do this we duplicate the string tables.
Ticket: new
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15415
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 12 May 2003 17:57:20 +0000 (17:57 +0000)]
Docs should reflect default krb4 mode
The KDC now defaults to no krb4 enabled; the docs should reflect this.
Ticket: new
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15414
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 12 May 2003 09:29:46 +0000 (09:29 +0000)]
Cleanup memory in asn.1 testsuite to allow for leak checking
* krb5_decode_test.c: Modify decode_run macro to take a cleanup
handler to free allocated memory. Add static handlers to free
krb5_alt_method, passwd_phrase_element and krb5_enc_data as the
krb5 library does not handle at this time.
* krb5_encode_test.c: Free krb5_context at end. Utilize the many
ktest_empty and detroy functions to cleanup memory.
* ktest.h, ktest.c: Add many ktest free and empty functions to
cleanup allocated structures in tests.
* utility.c (krb5_data_hex_parse): Free temporary data.
With these changes, one can then test for memory leaks in the
asn.1 and krb5_free functions.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15413
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 12 May 2003 02:59:06 +0000 (02:59 +0000)]
* IMplement etype_info in KDC. If the request contains any new
enctypes (currently AES but anything not explicitly listed as old)
then only etype_info2 is sent back in response. Send back etype_info2
all the time. Also send back etype_info2 to provide salt and
s2kparams with AS reply not just for preauth errors.
* Expose interface for getting string2key with parameters (previously
implemented but not exported)
* IN the client (at least for get_init_creds interface) prfer
etype_info2 to etype_info and pw_salt. Pass s2kparams and use
string2key_with_params.
Ticket: 1454
Status: open
Target_Version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15412
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 10 May 2003 02:09:34 +0000 (02:09 +0000)]
Add a new krb5_context field for the config-file tgs_enctypes, which
applications cannot override, and use it for ticket-granting tickets needed to
acquire some desired service ticket.
ticket: 1429
tags: pullup
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15411
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 10 May 2003 01:27:15 +0000 (01:27 +0000)]
punt leftover conflict markers
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15410
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 10 May 2003 01:11:22 +0000 (01:11 +0000)]
missed note for an old change
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15409
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 10 May 2003 00:02:05 +0000 (00:02 +0000)]
* krb5.tex: Update subkey-related information to match code
ticket: 1415
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15408
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 10 May 2003 00:01:04 +0000 (00:01 +0000)]
Rename the local_subkey and remote_subkey fields in the auth_context
to send_subkey and recv_subkey, respectively. Add new APIs to query
and set these fields. Change the behavior of mk_req_ext, rd_req_dec,
and rd_rep to set both subkeys. Applications wanting to set
unidirectional subkeys may still do so by saving the values of subkeys
and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use
the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the
send_subkey.
ticket: 1415
status: open
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 9 May 2003 12:51:58 +0000 (12:51 +0000)]
* kpasswd.0/changing.exp: Replace ovpasswd with kpasswd
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15406
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 8 May 2003 17:24:19 +0000 (17:24 +0000)]
Added option to search paths correctly with new tools and to include TargetConditionals.h so that TARGET_OS_MAC is defined for all files in the build system, not just those that include krb5.h
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15403
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 7 May 2003 21:50:31 +0000 (21:50 +0000)]
Needed for com_err library testing
* test_et.c [HAVE_SYS_ERRLIST]: Do declare sys_nerr.
ticket: 1440
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15401
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Wed, 7 May 2003 21:15:06 +0000 (21:15 +0000)]
Reorganize kdc_preauth enctype handling
Patch from Sun to reorganize and better abstract kdc_preauth.c's
enctype info handling. This will make it easier to implement
etype_info2 so I'm committing it.
Ticket: new
Target_Version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15400
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 7 May 2003 21:08:17 +0000 (21:08 +0000)]
* init_os_ctx.c: Added support for KLL's __KLAllowHomeDirectoryAccess() function so that krb4, krb5 and gssapi will not access the user's homedir if the application forbids it
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15398
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 7 May 2003 20:50:36 +0000 (20:50 +0000)]
Added krb5_set_password, krb5_set_password_using_ccache, krb5_c_random_os_entropy, krb5_c_random_add_entropy, krb5_c_init_state, and krb5_c_free_state to the export file for KfM. (RT bug #1462)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15396
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 6 May 2003 19:00:02 +0000 (19:00 +0000)]
Fix typo
Ticket: 1454
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15394
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 6 May 2003 18:46:46 +0000 (18:46 +0000)]
Implement encoders for etype_info2 and add support to s2kparams for
decoders.
Ticket: 1454
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15393
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sun, 4 May 2003 19:52:50 +0000 (19:52 +0000)]
Replace ovpasswd with kpasswd
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15392
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 2 May 2003 08:05:23 +0000 (08:05 +0000)]
* port-sockets.h (inet_ntop) [!_WIN32 && !HAVE_MACSOCK_H]: Define as a macro if
not provided by the OS.
ticket: 1435
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15391
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 1 May 2003 17:03:25 +0000 (17:03 +0000)]
* kadm_stream.c: Fixed vts_long() and vts_short() so they return a pointer to the beginning of the memory they allocate and place their data at the end of the buffer which was passed in
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15388
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 29 Apr 2003 23:43:31 +0000 (23:43 +0000)]
update for 1.3a3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15384
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 29 Apr 2003 20:46:14 +0000 (20:46 +0000)]
AES code shouldn't define uint32_t etc if the system provides them
Use inttypes.h if available.
ticket: new
status: open
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15383
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 28 Apr 2003 21:38:02 +0000 (21:38 +0000)]
set-change password breaks kpasswd
In some cases a null realm argument was passed into the function for
locating the kpasswd server. This ended up causing segfaults in
kpasswd. Fix to use the right realm.
ticket: new
Tags: pullup
Target_Version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15379
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 28 Apr 2003 18:51:35 +0000 (18:51 +0000)]
Incorporate krb5_os_context directly into krb5_context, since they're always
allocated and freed at the same time, even if in different files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15378
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 28 Apr 2003 18:26:16 +0000 (18:26 +0000)]
* ksetpwd.c (init_creds): Let's use C comments for C code, shall we?
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15377
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 28 Apr 2003 16:06:38 +0000 (16:06 +0000)]
* prof_file.c (r_access): Static function. Only include if
SHARE_TREE_DATA defined.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15376
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sun, 27 Apr 2003 21:07:21 +0000 (21:07 +0000)]
krb5_setpw_result_string should be internal
Make krb5_setpw_result_string a krb5int_ function prototyped in
k5-int.h. The prototype was already there, but the code did not match
the function name.
This needs to be pulled up to the release branch to fix Windows build because of a KRB5_CALLCONV issue.
ticket: new
Tags: pullup
Target_Version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15375
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 25 Apr 2003 18:50:04 +0000 (18:50 +0000)]
Build ksetpw, a client for the Microsoft set password protocol. Not
of release quality yet, so don't actually install.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15374
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 25 Apr 2003 18:46:22 +0000 (18:46 +0000)]
Implementation of Microsoft set password client library code provided
by Paul Nelson.
Ticket: 1377
Status: open
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15373
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Apr 2003 03:13:32 +0000 (03:13 +0000)]
* reconf: Restore support for 2.52; reject older versions
ticket: 1242
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15371
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Apr 2003 03:09:57 +0000 (03:09 +0000)]
Require only autoconf 2.52. Try --include argument to autoconf and autoheader,
and if the command fails, try it again with --localdir; don't tie it to some
previously used version of autoconf.
ticket: 1242
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15370
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 24 Apr 2003 17:37:56 +0000 (17:37 +0000)]
* kfree.c (krb5_free_pwd_sequences): Correction to previous
fix. Free contents of krb5_data - not just the pointer.
ticket: 1439
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15369
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 24 Apr 2003 03:28:00 +0000 (03:28 +0000)]
errno should never be explicitly declared
Remove explicit declarations of errno; include errno.h as needed.
(Also, errmsg in krb4, and malloc in compile_et.)
ticket: new
target_version: 1.3
tags: pullup
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15368
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / log