Greg Hudson [Sun, 25 Oct 2009 20:27:54 +0000 (20:27 +0000)]
Reformat function definition headers in gss-krb5's util_crypt.c to
meet coding standards.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23039
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 25 Oct 2009 16:55:12 +0000 (16:55 +0000)]
Account lockout
Merge Luke's users/lhoward/lockout2 branch to trunk. Implements
account lockout policies for preauth-using principals using existing
principal metadata fields and new policy fields. The kadmin API
version is bumped from 2 to 3 to compatibly extend the policy_ent_rec
structure.
ticket: 6577
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 25 Oct 2009 01:10:33 +0000 (01:10 +0000)]
Set up an INIT-CMD to set CRYPTO_IMPL in config.status so that
rebuilding Makefiles in lib/crypto works correctly.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23034
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 25 Oct 2009 00:15:11 +0000 (00:15 +0000)]
make depend
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23030
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 24 Oct 2009 23:50:23 +0000 (23:50 +0000)]
Resurrect deleted test files. Adjust Makefile.in files to correctly
define RUN_SETUP.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23029
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 21:18:47 +0000 (21:18 +0000)]
Comment out empty definition of krb5_gss_set_sec_context_option_ops and its
usage, because ISO C apparently forbids empty array initializers
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23002
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 21:16:20 +0000 (21:16 +0000)]
Remove #define DEBUG 1 that slipped in in S4U merge
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23001
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 23 Oct 2009 19:45:48 +0000 (19:45 +0000)]
Changed the crypto make system to add build flexibility. The update cancels the requirement for the dir structures to be identical in all crypto implementation and supports impl. dependent tests. Also, minor libk5crypto.exports list reduction ( from f_tables)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22995
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 21:00:19 +0000 (21:00 +0000)]
When iterating through the keytab in krb5_rd_req(), do not
return success if we did not find any matching keytab entries,
otherwise we will crash upon accessing ticket->enc_part2.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22974
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 20:58:37 +0000 (20:58 +0000)]
Ensure that a GSS_C_BOTH acquired for GSS_C_NO_NAME still passes
a NULL server principal to krb5_rd_req(). Without this the name
canonicalisation support in 1.7 was broken for GSS_C_BOTH
credentials, because cred->name would always be set.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22973
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 18:21:50 +0000 (18:21 +0000)]
Allow the constrained delegation authorization method to use the evidence ticket client name as input to the authorization decision
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22963
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 17:24:37 +0000 (17:24 +0000)]
simplify logic fix introduced in r22960 for S4U2Self
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22962
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 16:03:40 +0000 (16:03 +0000)]
remove some unneeded extensions from the Novell backend authdata SPI
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22961
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 16:00:08 +0000 (16:00 +0000)]
ensure that forwardable flag is propagated along S4U2Self referral path
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22960
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 00:53:47 +0000 (00:53 +0000)]
Increment authdata SPI to V2 (V1 was experimental) to account for additional
krbtgt key parameter.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22959
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 00:50:08 +0000 (00:50 +0000)]
Increment authdata SPI to V2 (V1 was experimental) to account
for additional krbtgt key parameter. This was at Sam's suggestion.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22958
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 20 Oct 2009 15:40:47 +0000 (15:40 +0000)]
For naming extensions draft compliance, s/mspac:/urn:mspac:/
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22957
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 20 Oct 2009 14:23:32 +0000 (14:23 +0000)]
Make some gss-krb5 utility functions take enctypes instead of keys,
and adjust callers. Fixes a bug where kg_arcfour_docrypt_iov was
passing a keyblock instead of a key to kg_translate_iov after the
enc-perf merge.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22956
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 20 Oct 2009 14:14:46 +0000 (14:14 +0000)]
use ANSI prototypes for acquire_XXX_cred, and fix cast to calling acquire_accept_cred()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22955
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 20 Oct 2009 13:51:40 +0000 (13:51 +0000)]
correct indirection of minor status code when calling displayStatus()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22954
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 20 Oct 2009 13:49:48 +0000 (13:49 +0000)]
In k5_hmac_md5_hash_iov, initialize keyblock.contents so that we don't
free it prior to initialization if krb5_hmac fails.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22953
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 20 Oct 2009 13:47:40 +0000 (13:47 +0000)]
In krb5_k_make_checksum, check for a null key passed with a keyed
checksum instead of just crashing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22952
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 20 Oct 2009 10:56:21 +0000 (10:56 +0000)]
Clean up memory leaks by releasing key at end
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22951
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 20 Oct 2009 10:21:01 +0000 (10:21 +0000)]
Include des_int.h for mit_des_fixup_key_parity prototype
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22950
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 20 Oct 2009 02:07:22 +0000 (02:07 +0000)]
Fix memory leaks in enc-perf work
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22949
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 20 Oct 2009 00:48:46 +0000 (00:48 +0000)]
fix some Coverity reported defects in naming extensions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22948
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 19 Oct 2009 20:04:21 +0000 (20:04 +0000)]
Implement new APIs to allow improved crypto performance
Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the
krb5_k_* APIs to use them, and caching of derived keys when krb5_k_*
functions are used. Updates the krb5 auth context and GSS id-rec to
use krb5_keys.
ticket: 6576
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 19 Oct 2009 18:14:35 +0000 (18:14 +0000)]
Update prototype files to conform with newer whitespace rules
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22937
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 18 Oct 2009 11:55:53 +0000 (11:55 +0000)]
Include des_int.h for mit_des_fixup_key_parity prototype. Adjust Makefile.in
to find the proper header.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22912
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 18 Oct 2009 11:22:22 +0000 (11:22 +0000)]
Remove adb.h as it is not used in the source tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22911
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 16 Oct 2009 17:32:15 +0000 (17:32 +0000)]
Properly handle ivec for chaining ops
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22906
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 16 Oct 2009 17:14:14 +0000 (17:14 +0000)]
Fix the value of ivec in aes_decrypt_iov
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22905
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 15 Oct 2009 19:57:29 +0000 (19:57 +0000)]
Enable t_cts test
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22902
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 15 Oct 2009 16:27:19 +0000 (16:27 +0000)]
Fixed aes to handle the input buffers of the various sizes
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22900
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 13 Oct 2009 19:43:17 +0000 (19:43 +0000)]
Fix preauth looping in krb5_get_init_creds
In 1.7, krb5_get_init_creds will continue attempting the same built-in
preauth mechanism (e.g. encrypted timestamp) until the loop counter
maxes out. Until the preauth framework can remember not to retry
built-in mechanisms, only continue with preauth after a PREAUTH_FAILED
error resulting from optimistic preauth.
ticket: 6573
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22890
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 13 Oct 2009 19:38:16 +0000 (19:38 +0000)]
Revert a small part of r22736 which incorrectly fixed a preauth
looping bug in krb5_get_init_creds. A more correct fix will follow.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22888
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 10 Oct 2009 11:33:01 +0000 (11:33 +0000)]
Fix memory leak and init those magic number fields to prevent compiler warning
when structure copied.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22879
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 10 Oct 2009 11:32:25 +0000 (11:32 +0000)]
Clean nfold.o on make clean
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22878
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 10 Oct 2009 03:57:45 +0000 (03:57 +0000)]
Move destest to builtin/des, because it depends on overriding some
internals.
Make depend.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 10 Oct 2009 01:49:38 +0000 (01:49 +0000)]
Remove krb5.conf, bigendian.o, and bigendian on make clean
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22876
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 9 Oct 2009 18:29:34 +0000 (18:29 +0000)]
Implement GSS naming extensions and authdata verification
Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming
extensions and verification of authorization data.
ticket: 6572
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 9 Oct 2009 17:18:50 +0000 (17:18 +0000)]
Get aes-gen to build again (for the default back end, at least)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22873
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 9 Oct 2009 14:21:04 +0000 (14:21 +0000)]
In asn1_decode_enc_kdc_rep_part, don't leak the enc_padata field on
invalid representations.
ticket: 6571
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22872
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 8 Oct 2009 16:11:01 +0000 (16:11 +0000)]
In anticipation of a new version of OpenSSL 1.0.0, support renamed API: EVP_PKEY_decrypt -> EVP_PKEY_decrypt_old
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22871
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 8 Oct 2009 12:59:33 +0000 (12:59 +0000)]
In krb5_c_verify_checksum, avoid the structure copy of *data since we
don't care about data->magic. Squashes a bunch of unimportant
Coverity defects. (May not be the correct long-term solution.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22868
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 8 Oct 2009 12:58:56 +0000 (12:58 +0000)]
In krb5_calculate_checksum (a compatibility routine), initialize
key.enctype to ENCTYPE_NULL. This will predictably fail to match a
keyed hash's enctype, which may not be the best behavior, but is
better than unpredictably failing to match it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22867
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 7 Oct 2009 18:14:49 +0000 (18:14 +0000)]
In krb5_c_make_checksum, avoid the structure copy of *input since we
don't care about input->magic. Squashes a bunch of unimportant
Coverity defects.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22866
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 7 Oct 2009 18:13:29 +0000 (18:13 +0000)]
Fix krb5_c_weak_enctype in the case of invalid enctypes; r22839
simplified it a bit too much.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22865
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 7 Oct 2009 16:39:54 +0000 (16:39 +0000)]
Remove an outdated parenthetical comment about master_kdc; we actually
do check if the response came from the master KDC now.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22864
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 6 Oct 2009 16:36:34 +0000 (16:36 +0000)]
In krb5_encrypt_helper, return ENOMEM instead of 0 if we can't
allocate the ciphertext buffer.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22860
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 6 Oct 2009 16:20:19 +0000 (16:20 +0000)]
Crypto modularity proj: Populate openssl/aes dir
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22859
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 6 Oct 2009 15:54:50 +0000 (15:54 +0000)]
Slightly more comprehensible message for KRB5_RC_IO
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22857
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 6 Oct 2009 15:47:04 +0000 (15:47 +0000)]
Fix object file path
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22856
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Sun, 4 Oct 2009 18:37:09 +0000 (18:37 +0000)]
Impl. krb5int_aes_enc/decrypt_iov. Passes t_encrypt test
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22843
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 3 Oct 2009 18:07:44 +0000 (18:07 +0000)]
Update the crypto derived key support code to conform to most of the
current coding practices (except lack of tabs). Use the helper
functions k5alloc, zapfree, and find_enctype to reduce code size.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22840
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 3 Oct 2009 16:03:15 +0000 (16:03 +0000)]
Update the crypto API glue to conform to most of the current coding
practices (except lack of tabs). Use the helper functions k5alloc,
zapfree, and find_enctype to reduce code size.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22839
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 3 Oct 2009 14:46:54 +0000 (14:46 +0000)]
Add convenience functions zapfree (test for null, zap, free) and
k5alloc (allocate memory, set a krb5_error_code result) to k5-int.h.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22838
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 1 Oct 2009 22:54:27 +0000 (22:54 +0000)]
Crypto modularity proj: Populae openssl/arcfour dir
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22825
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 1 Oct 2009 21:46:57 +0000 (21:46 +0000)]
Crypto modularity proj: Populate openssl/des dir.
To avoid breaking the export list some functions (mostly mit_xxx) are left in place with the disabled functionality.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22821
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 1 Oct 2009 21:18:05 +0000 (21:18 +0000)]
Crypto modulrity proj: Basic AES crypto for openssl impl
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22820
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 1 Oct 2009 18:39:42 +0000 (18:39 +0000)]
Cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22819
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 30 Sep 2009 22:33:41 +0000 (22:33 +0000)]
Crypto modularity proj: SHS_INFO structure is defined differently for crypto impl's. Files hash_sha1.c and yhash.h are affected by this difference. Move hash_provider into the backend
The following bigredbutton is used to suppress svn complains about the trailing spaces in the moved/copied dirs.
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22815
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 29 Sep 2009 14:38:51 +0000 (14:38 +0000)]
Fix include path to pick up the correct headers
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22814
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 29 Sep 2009 00:31:54 +0000 (00:31 +0000)]
Remove OBJS.ST from SUBDIROBJLISTS so that running make does not
rebuild shared library when running make from the top. (make
otherwise thinks that OBJS.ST depends on "all-recurse" - which does
not exist, and rebuilds it all the time.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22806
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 28 Sep 2009 04:00:27 +0000 (04:00 +0000)]
Fix a braino in r22790
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22791
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 28 Sep 2009 01:47:32 +0000 (01:47 +0000)]
Fix a few problems introduced by r22787
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22790
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Sep 2009 16:57:22 +0000 (16:57 +0000)]
Add keytab_local.c to the kadmin client SRCS variable, so that we
generate dependencies for its object file. This change causes
kadmin.local to be properly rebuilt when keytab.c changes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22789
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Sep 2009 16:31:40 +0000 (16:31 +0000)]
Fix a few bugs in kadmin's keytab.c from r22785
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22788
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Sep 2009 15:20:19 +0000 (15:20 +0000)]
Clean up krb5_get_credentials:
* Use the current coding practice for output parameters.
* Rename the helper function krb5_get_credentials_core to
krb5int_construct_matching_creds and document it.
* Don't fail out if we fail to cache intermediate tgts.
* Simplify conditional logic and variable handling. ncreds is now
always a temporary holder for the resulting credentials.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22787
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 25 Sep 2009 15:12:27 +0000 (15:12 +0000)]
Crypto modularity proj: Updated IOV crypto
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22786
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Sep 2009 16:48:57 +0000 (16:48 +0000)]
Update the kadmin client code to most current coding practices
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22785
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Sep 2009 15:40:26 +0000 (15:40 +0000)]
Fix kadm5 unit test modified in r22782
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22784
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 22 Sep 2009 16:46:06 +0000 (16:46 +0000)]
Fix a braino in r22782: we don't use strcpy even safely; use strlcpy
instead.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22783
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 21 Sep 2009 18:40:02 +0000 (18:40 +0000)]
Improve the mechanism used for addprinc -randkey. In the kadmin
server, if the password is null when creating a principal, treat that
as a request for a random key. In the kadmin client, try using the
new method for random key creation and then fall back to the old one.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22782
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 21 Sep 2009 16:11:26 +0000 (16:11 +0000)]
Fix addprinc -randkey when policy requires multiple character classes
The fix for ticket #6074 (r20650) caused a partial regression of
ticket #115 (r9210) because the dummy password contained only one
character class. As a minimal 1.7 fix, use all five character classes
in the dummy password.
ticket: 6568
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22781
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 21 Sep 2009 15:53:47 +0000 (15:53 +0000)]
Fix a few bugs in r22736. Cherry-picked from Luke's authdata branch
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22780
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 20 Sep 2009 22:23:52 +0000 (22:23 +0000)]
Clean up warnings of unused variables that have crept into the source tree..
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22779
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 18 Sep 2009 19:10:48 +0000 (19:10 +0000)]
Use enc_provider for des hash routines. Also needed by Crypto modularity proj
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22778
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Sep 2009 22:58:01 +0000 (22:58 +0000)]
Remove krb5_decode_leak test program on "make clean"
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22777
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Sep 2009 22:54:59 +0000 (22:54 +0000)]
Remove autoconf.h on "make distclean".
Check for the presence of a build in the src tree for "make depend".
Suggest "make distclean" when "make depend" detects a build in the
src tree or an attempt to make depend in the src tree.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22776
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Sep 2009 20:51:50 +0000 (20:51 +0000)]
Re-run make depend without autoconf.h in the source tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Sep 2009 20:51:17 +0000 (20:51 +0000)]
Create DB headers before recursing for "make depend" in
plugins/kdb/db2/libdb2, to restore the r22486 functionality ("make
depend" in an unbuilt source tree) after r22572 (predictable "make
depend" output for DB headers).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22774
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 16 Sep 2009 17:58:58 +0000 (17:58 +0000)]
Fix return value of krb5int_des_make_key from rev 22769
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22770
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 16 Sep 2009 16:51:13 +0000 (16:51 +0000)]
Crypto modularity proj.: Move prf and random-to-key ops from backend to krb
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 15 Sep 2009 19:28:31 +0000 (19:28 +0000)]
Fix stupid logic bug in last version
ticket: 6565
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22766
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 15 Sep 2009 16:28:15 +0000 (16:28 +0000)]
Add t_unal.c to SRCS and generate dependencies..
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22765
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 15 Sep 2009 06:19:32 +0000 (06:19 +0000)]
Test byte ordering determination and unaligned access
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22762
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 15 Sep 2009 06:17:17 +0000 (06:17 +0000)]
Check __BIG_ENDIAN__ and __LITTLE_ENDIAN__ to determine endianness.
In fallback code, check ia64 platforms for hpux vs everything else;
HP-UX uses big-endian mode.
ticket: 6565
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22761
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 14 Sep 2009 02:03:28 +0000 (02:03 +0000)]
Initialize several variables - so that on error cleanup - we do not try to free
bogus memory.
The ticket is still open as the kproplog test is failing - but no coredump.
ticket: 6564
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22750
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Sep 2009 14:23:37 +0000 (14:23 +0000)]
Remove src/lib/crypto/krb/enc_provider, which was accidentally
resurrected in the S4U merge after being moved into the back-end
directories in r22707.
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22744
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Sep 2009 02:52:23 +0000 (02:52 +0000)]
Implement s4u extensions
Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self
and S4U2Proxy extensions.
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Sep 2009 22:28:42 +0000 (22:28 +0000)]
In the top-level configure.in, switch from dnl comments to # comments
as recommended by the autoconf documentation, for improved
readability.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22735
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Sep 2009 17:30:51 +0000 (17:30 +0000)]
Fix parsing of GSS exported names
Cherry-picked from Luke's authdata branch.
ticket: 6559
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22732
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Sep 2009 18:44:23 +0000 (18:44 +0000)]
In ksetpwd (a program we don't yet install), don't display the new
password to stderr. Cherry-picked from Luke's s4u branch since it's
an unrelated change.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22719
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Sep 2009 15:17:09 +0000 (15:17 +0000)]
Fix memory leak in gss_krb5int_copy_ccache
gss_krb5int_copy_ccache was iterating over credentials in a ccache
without freeing them.
ticket: 6558
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22718
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 3 Sep 2009 20:41:56 +0000 (20:41 +0000)]
Supply canonical name if present in LDAP iteration
In the presence of aliases, LDAP iteration was supplying the first
principal it found within the expected realm, which is not necessarily
the same as the canonical name. If the entry has a canonical name
field, use that in preference to any of the principal names.
ticket: 6557
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22710
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 3 Sep 2009 18:33:13 +0000 (18:33 +0000)]
Crypto modularity proj: OpemSSL crypto feed for hmac/md5/md4/sha1/rc4/des/des3(w/o iov)
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22709
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 3 Sep 2009 17:39:50 +0000 (17:39 +0000)]
Supply LDAP service principal aliases to non-referrals clients
In the LDAP back end, return aliases when the CLIENT_REFERRALS_ONLY
flag isn't set (abusing that flag to recognize a client name lookup).
Based on a patch from Luke Howard.
ticket: 6556
target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22708
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 2 Sep 2009 20:21:36 +0000 (20:21 +0000)]
Crypto modularity proj: Move enc_provider into builtin dir. Adjust builtin make system to handle new crypto implementations
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22707
dc483132-0cff-0310-8789-
dd5450dbe970
HaoQi Li [Mon, 31 Aug 2009 22:44:15 +0000 (22:44 +0000)]
ldap master key migration test's input files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22692
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / log