Luke Howard [Wed, 21 Oct 2009 16:00:08 +0000 (16:00 +0000)]
ensure that forwardable flag is propagated along S4U2Self referral path
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22960
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 00:53:47 +0000 (00:53 +0000)]
Increment authdata SPI to V2 (V1 was experimental) to account for additional
krbtgt key parameter.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22959
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 00:50:08 +0000 (00:50 +0000)]
Increment authdata SPI to V2 (V1 was experimental) to account
for additional krbtgt key parameter. This was at Sam's suggestion.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22958
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 20 Oct 2009 15:40:47 +0000 (15:40 +0000)]
For naming extensions draft compliance, s/mspac:/urn:mspac:/
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22957
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 20 Oct 2009 14:23:32 +0000 (14:23 +0000)]
Make some gss-krb5 utility functions take enctypes instead of keys,
and adjust callers. Fixes a bug where kg_arcfour_docrypt_iov was
passing a keyblock instead of a key to kg_translate_iov after the
enc-perf merge.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22956
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 20 Oct 2009 14:14:46 +0000 (14:14 +0000)]
use ANSI prototypes for acquire_XXX_cred, and fix cast to calling acquire_accept_cred()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22955
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 20 Oct 2009 13:51:40 +0000 (13:51 +0000)]
correct indirection of minor status code when calling displayStatus()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22954
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 20 Oct 2009 13:49:48 +0000 (13:49 +0000)]
In k5_hmac_md5_hash_iov, initialize keyblock.contents so that we don't
free it prior to initialization if krb5_hmac fails.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22953
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 20 Oct 2009 13:47:40 +0000 (13:47 +0000)]
In krb5_k_make_checksum, check for a null key passed with a keyed
checksum instead of just crashing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22952
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 20 Oct 2009 10:56:21 +0000 (10:56 +0000)]
Clean up memory leaks by releasing key at end
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22951
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 20 Oct 2009 10:21:01 +0000 (10:21 +0000)]
Include des_int.h for mit_des_fixup_key_parity prototype
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22950
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 20 Oct 2009 02:07:22 +0000 (02:07 +0000)]
Fix memory leaks in enc-perf work
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22949
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 20 Oct 2009 00:48:46 +0000 (00:48 +0000)]
fix some Coverity reported defects in naming extensions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22948
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 19 Oct 2009 20:04:21 +0000 (20:04 +0000)]
Implement new APIs to allow improved crypto performance
Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the
krb5_k_* APIs to use them, and caching of derived keys when krb5_k_*
functions are used. Updates the krb5 auth context and GSS id-rec to
use krb5_keys.
ticket: 6576
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 19 Oct 2009 18:14:35 +0000 (18:14 +0000)]
Update prototype files to conform with newer whitespace rules
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22937
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 18 Oct 2009 11:55:53 +0000 (11:55 +0000)]
Include des_int.h for mit_des_fixup_key_parity prototype. Adjust Makefile.in
to find the proper header.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22912
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 18 Oct 2009 11:22:22 +0000 (11:22 +0000)]
Remove adb.h as it is not used in the source tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22911
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 16 Oct 2009 17:32:15 +0000 (17:32 +0000)]
Properly handle ivec for chaining ops
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22906
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 16 Oct 2009 17:14:14 +0000 (17:14 +0000)]
Fix the value of ivec in aes_decrypt_iov
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22905
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 15 Oct 2009 19:57:29 +0000 (19:57 +0000)]
Enable t_cts test
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22902
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 15 Oct 2009 16:27:19 +0000 (16:27 +0000)]
Fixed aes to handle the input buffers of the various sizes
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22900
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 13 Oct 2009 19:43:17 +0000 (19:43 +0000)]
Fix preauth looping in krb5_get_init_creds
In 1.7, krb5_get_init_creds will continue attempting the same built-in
preauth mechanism (e.g. encrypted timestamp) until the loop counter
maxes out. Until the preauth framework can remember not to retry
built-in mechanisms, only continue with preauth after a PREAUTH_FAILED
error resulting from optimistic preauth.
ticket: 6573
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22890
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 13 Oct 2009 19:38:16 +0000 (19:38 +0000)]
Revert a small part of r22736 which incorrectly fixed a preauth
looping bug in krb5_get_init_creds. A more correct fix will follow.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22888
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 10 Oct 2009 11:33:01 +0000 (11:33 +0000)]
Fix memory leak and init those magic number fields to prevent compiler warning
when structure copied.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22879
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 10 Oct 2009 11:32:25 +0000 (11:32 +0000)]
Clean nfold.o on make clean
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22878
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 10 Oct 2009 03:57:45 +0000 (03:57 +0000)]
Move destest to builtin/des, because it depends on overriding some
internals.
Make depend.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 10 Oct 2009 01:49:38 +0000 (01:49 +0000)]
Remove krb5.conf, bigendian.o, and bigendian on make clean
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22876
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 9 Oct 2009 18:29:34 +0000 (18:29 +0000)]
Implement GSS naming extensions and authdata verification
Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming
extensions and verification of authorization data.
ticket: 6572
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 9 Oct 2009 17:18:50 +0000 (17:18 +0000)]
Get aes-gen to build again (for the default back end, at least)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22873
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 9 Oct 2009 14:21:04 +0000 (14:21 +0000)]
In asn1_decode_enc_kdc_rep_part, don't leak the enc_padata field on
invalid representations.
ticket: 6571
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22872
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 8 Oct 2009 16:11:01 +0000 (16:11 +0000)]
In anticipation of a new version of OpenSSL 1.0.0, support renamed API: EVP_PKEY_decrypt -> EVP_PKEY_decrypt_old
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22871
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 8 Oct 2009 12:59:33 +0000 (12:59 +0000)]
In krb5_c_verify_checksum, avoid the structure copy of *data since we
don't care about data->magic. Squashes a bunch of unimportant
Coverity defects. (May not be the correct long-term solution.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22868
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 8 Oct 2009 12:58:56 +0000 (12:58 +0000)]
In krb5_calculate_checksum (a compatibility routine), initialize
key.enctype to ENCTYPE_NULL. This will predictably fail to match a
keyed hash's enctype, which may not be the best behavior, but is
better than unpredictably failing to match it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22867
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 7 Oct 2009 18:14:49 +0000 (18:14 +0000)]
In krb5_c_make_checksum, avoid the structure copy of *input since we
don't care about input->magic. Squashes a bunch of unimportant
Coverity defects.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22866
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 7 Oct 2009 18:13:29 +0000 (18:13 +0000)]
Fix krb5_c_weak_enctype in the case of invalid enctypes; r22839
simplified it a bit too much.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22865
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 7 Oct 2009 16:39:54 +0000 (16:39 +0000)]
Remove an outdated parenthetical comment about master_kdc; we actually
do check if the response came from the master KDC now.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22864
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 6 Oct 2009 16:36:34 +0000 (16:36 +0000)]
In krb5_encrypt_helper, return ENOMEM instead of 0 if we can't
allocate the ciphertext buffer.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22860
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 6 Oct 2009 16:20:19 +0000 (16:20 +0000)]
Crypto modularity proj: Populate openssl/aes dir
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22859
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 6 Oct 2009 15:54:50 +0000 (15:54 +0000)]
Slightly more comprehensible message for KRB5_RC_IO
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22857
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 6 Oct 2009 15:47:04 +0000 (15:47 +0000)]
Fix object file path
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22856
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Sun, 4 Oct 2009 18:37:09 +0000 (18:37 +0000)]
Impl. krb5int_aes_enc/decrypt_iov. Passes t_encrypt test
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22843
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 3 Oct 2009 18:07:44 +0000 (18:07 +0000)]
Update the crypto derived key support code to conform to most of the
current coding practices (except lack of tabs). Use the helper
functions k5alloc, zapfree, and find_enctype to reduce code size.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22840
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 3 Oct 2009 16:03:15 +0000 (16:03 +0000)]
Update the crypto API glue to conform to most of the current coding
practices (except lack of tabs). Use the helper functions k5alloc,
zapfree, and find_enctype to reduce code size.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22839
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 3 Oct 2009 14:46:54 +0000 (14:46 +0000)]
Add convenience functions zapfree (test for null, zap, free) and
k5alloc (allocate memory, set a krb5_error_code result) to k5-int.h.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22838
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 1 Oct 2009 22:54:27 +0000 (22:54 +0000)]
Crypto modularity proj: Populae openssl/arcfour dir
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22825
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 1 Oct 2009 21:46:57 +0000 (21:46 +0000)]
Crypto modularity proj: Populate openssl/des dir.
To avoid breaking the export list some functions (mostly mit_xxx) are left in place with the disabled functionality.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22821
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 1 Oct 2009 21:18:05 +0000 (21:18 +0000)]
Crypto modulrity proj: Basic AES crypto for openssl impl
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22820
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 1 Oct 2009 18:39:42 +0000 (18:39 +0000)]
Cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22819
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 30 Sep 2009 22:33:41 +0000 (22:33 +0000)]
Crypto modularity proj: SHS_INFO structure is defined differently for crypto impl's. Files hash_sha1.c and yhash.h are affected by this difference. Move hash_provider into the backend
The following bigredbutton is used to suppress svn complains about the trailing spaces in the moved/copied dirs.
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22815
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 29 Sep 2009 14:38:51 +0000 (14:38 +0000)]
Fix include path to pick up the correct headers
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22814
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 29 Sep 2009 00:31:54 +0000 (00:31 +0000)]
Remove OBJS.ST from SUBDIROBJLISTS so that running make does not
rebuild shared library when running make from the top. (make
otherwise thinks that OBJS.ST depends on "all-recurse" - which does
not exist, and rebuilds it all the time.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22806
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 28 Sep 2009 04:00:27 +0000 (04:00 +0000)]
Fix a braino in r22790
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22791
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 28 Sep 2009 01:47:32 +0000 (01:47 +0000)]
Fix a few problems introduced by r22787
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22790
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Sep 2009 16:57:22 +0000 (16:57 +0000)]
Add keytab_local.c to the kadmin client SRCS variable, so that we
generate dependencies for its object file. This change causes
kadmin.local to be properly rebuilt when keytab.c changes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22789
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Sep 2009 16:31:40 +0000 (16:31 +0000)]
Fix a few bugs in kadmin's keytab.c from r22785
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22788
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Sep 2009 15:20:19 +0000 (15:20 +0000)]
Clean up krb5_get_credentials:
* Use the current coding practice for output parameters.
* Rename the helper function krb5_get_credentials_core to
krb5int_construct_matching_creds and document it.
* Don't fail out if we fail to cache intermediate tgts.
* Simplify conditional logic and variable handling. ncreds is now
always a temporary holder for the resulting credentials.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22787
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 25 Sep 2009 15:12:27 +0000 (15:12 +0000)]
Crypto modularity proj: Updated IOV crypto
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22786
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Sep 2009 16:48:57 +0000 (16:48 +0000)]
Update the kadmin client code to most current coding practices
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22785
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Sep 2009 15:40:26 +0000 (15:40 +0000)]
Fix kadm5 unit test modified in r22782
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22784
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 22 Sep 2009 16:46:06 +0000 (16:46 +0000)]
Fix a braino in r22782: we don't use strcpy even safely; use strlcpy
instead.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22783
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 21 Sep 2009 18:40:02 +0000 (18:40 +0000)]
Improve the mechanism used for addprinc -randkey. In the kadmin
server, if the password is null when creating a principal, treat that
as a request for a random key. In the kadmin client, try using the
new method for random key creation and then fall back to the old one.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22782
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 21 Sep 2009 16:11:26 +0000 (16:11 +0000)]
Fix addprinc -randkey when policy requires multiple character classes
The fix for ticket #6074 (r20650) caused a partial regression of
ticket #115 (r9210) because the dummy password contained only one
character class. As a minimal 1.7 fix, use all five character classes
in the dummy password.
ticket: 6568
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22781
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 21 Sep 2009 15:53:47 +0000 (15:53 +0000)]
Fix a few bugs in r22736. Cherry-picked from Luke's authdata branch
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22780
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 20 Sep 2009 22:23:52 +0000 (22:23 +0000)]
Clean up warnings of unused variables that have crept into the source tree..
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22779
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 18 Sep 2009 19:10:48 +0000 (19:10 +0000)]
Use enc_provider for des hash routines. Also needed by Crypto modularity proj
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22778
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Sep 2009 22:58:01 +0000 (22:58 +0000)]
Remove krb5_decode_leak test program on "make clean"
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22777
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Sep 2009 22:54:59 +0000 (22:54 +0000)]
Remove autoconf.h on "make distclean".
Check for the presence of a build in the src tree for "make depend".
Suggest "make distclean" when "make depend" detects a build in the
src tree or an attempt to make depend in the src tree.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22776
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Sep 2009 20:51:50 +0000 (20:51 +0000)]
Re-run make depend without autoconf.h in the source tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Sep 2009 20:51:17 +0000 (20:51 +0000)]
Create DB headers before recursing for "make depend" in
plugins/kdb/db2/libdb2, to restore the r22486 functionality ("make
depend" in an unbuilt source tree) after r22572 (predictable "make
depend" output for DB headers).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22774
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 16 Sep 2009 17:58:58 +0000 (17:58 +0000)]
Fix return value of krb5int_des_make_key from rev 22769
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22770
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 16 Sep 2009 16:51:13 +0000 (16:51 +0000)]
Crypto modularity proj.: Move prf and random-to-key ops from backend to krb
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 15 Sep 2009 19:28:31 +0000 (19:28 +0000)]
Fix stupid logic bug in last version
ticket: 6565
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22766
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 15 Sep 2009 16:28:15 +0000 (16:28 +0000)]
Add t_unal.c to SRCS and generate dependencies..
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22765
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 15 Sep 2009 06:19:32 +0000 (06:19 +0000)]
Test byte ordering determination and unaligned access
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22762
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 15 Sep 2009 06:17:17 +0000 (06:17 +0000)]
Check __BIG_ENDIAN__ and __LITTLE_ENDIAN__ to determine endianness.
In fallback code, check ia64 platforms for hpux vs everything else;
HP-UX uses big-endian mode.
ticket: 6565
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22761
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 14 Sep 2009 02:03:28 +0000 (02:03 +0000)]
Initialize several variables - so that on error cleanup - we do not try to free
bogus memory.
The ticket is still open as the kproplog test is failing - but no coredump.
ticket: 6564
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22750
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Sep 2009 14:23:37 +0000 (14:23 +0000)]
Remove src/lib/crypto/krb/enc_provider, which was accidentally
resurrected in the S4U merge after being moved into the back-end
directories in r22707.
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22744
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Sep 2009 02:52:23 +0000 (02:52 +0000)]
Implement s4u extensions
Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self
and S4U2Proxy extensions.
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Sep 2009 22:28:42 +0000 (22:28 +0000)]
In the top-level configure.in, switch from dnl comments to # comments
as recommended by the autoconf documentation, for improved
readability.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22735
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Sep 2009 17:30:51 +0000 (17:30 +0000)]
Fix parsing of GSS exported names
Cherry-picked from Luke's authdata branch.
ticket: 6559
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22732
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Sep 2009 18:44:23 +0000 (18:44 +0000)]
In ksetpwd (a program we don't yet install), don't display the new
password to stderr. Cherry-picked from Luke's s4u branch since it's
an unrelated change.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22719
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Sep 2009 15:17:09 +0000 (15:17 +0000)]
Fix memory leak in gss_krb5int_copy_ccache
gss_krb5int_copy_ccache was iterating over credentials in a ccache
without freeing them.
ticket: 6558
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22718
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 3 Sep 2009 20:41:56 +0000 (20:41 +0000)]
Supply canonical name if present in LDAP iteration
In the presence of aliases, LDAP iteration was supplying the first
principal it found within the expected realm, which is not necessarily
the same as the canonical name. If the entry has a canonical name
field, use that in preference to any of the principal names.
ticket: 6557
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22710
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 3 Sep 2009 18:33:13 +0000 (18:33 +0000)]
Crypto modularity proj: OpemSSL crypto feed for hmac/md5/md4/sha1/rc4/des/des3(w/o iov)
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22709
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 3 Sep 2009 17:39:50 +0000 (17:39 +0000)]
Supply LDAP service principal aliases to non-referrals clients
In the LDAP back end, return aliases when the CLIENT_REFERRALS_ONLY
flag isn't set (abusing that flag to recognize a client name lookup).
Based on a patch from Luke Howard.
ticket: 6556
target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22708
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 2 Sep 2009 20:21:36 +0000 (20:21 +0000)]
Crypto modularity proj: Move enc_provider into builtin dir. Adjust builtin make system to handle new crypto implementations
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22707
dc483132-0cff-0310-8789-
dd5450dbe970
HaoQi Li [Mon, 31 Aug 2009 22:44:15 +0000 (22:44 +0000)]
ldap master key migration test's input files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22692
dc483132-0cff-0310-8789-
dd5450dbe970
HaoQi Li [Mon, 31 Aug 2009 22:42:08 +0000 (22:42 +0000)]
ldap master key migration stuff
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22691
dc483132-0cff-0310-8789-
dd5450dbe970
HaoQi Li [Mon, 31 Aug 2009 20:57:41 +0000 (20:57 +0000)]
This time I actually added the files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22688
dc483132-0cff-0310-8789-
dd5450dbe970
HaoQi Li [Mon, 31 Aug 2009 20:06:03 +0000 (20:06 +0000)]
Added Master Key Migration db2 backend stuff
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22687
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Aug 2009 21:36:28 +0000 (21:36 +0000)]
use perror instead of error in kadm5 test suite
Use "perror" instead of "error" to ensure that framework error
conditions actually cause "make check" to report failure.
ticket: 6553
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22648
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 28 Aug 2009 21:22:10 +0000 (21:22 +0000)]
Clean up a little bit of test suite spew in env-setup: first, when
using BSD options with ps, they should not be prefixed with a '-';
second, the Linux ps supports both BSD and System V options, so change
the structure of the tests not to warn when both forms work.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22647
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 28 Aug 2009 21:02:51 +0000 (21:02 +0000)]
Update a kadm5 testing library function which was calling
kadm5_get_principal without a mask argment. This was causing many
lib/kadm5 tests to fail, but the failures weren't being recorded
properly, so "make check" was still exiting successfully.
ticket: 6544
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22646
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Aug 2009 20:29:24 +0000 (20:29 +0000)]
Remove bogus conditional from tcl_kadm5_randkey_principal(), which was
causing unparse_keyblocks() to get stack garbage as num_keys when
num_var was "null", thus overrunning the end of the array.
ticket: 6544
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22645
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 28 Aug 2009 17:23:20 +0000 (17:23 +0000)]
Document kinit -C and -E options
kinit -C (canonicalize name) and -E (enterprise principal name)
weren't documented in the man page.
ticket: 6552
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22644
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 28 Aug 2009 16:00:54 +0000 (16:00 +0000)]
Disable the COPY_FIRST_CANONNAME workaround on Linux glibc 2.4 and
later, since it leaks memory on fixed glibc versions. We will still
leak memory on glibc 2.3.4 through 2.3.6 (e.g. RHEL 4) but that's
harder to detect.
ticket: 6534
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22643
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 27 Aug 2009 13:40:50 +0000 (13:40 +0000)]
Memory leak in spnego accept_sec_context error path
If the underlying mechanism's accept_sec_context returns an error, the
spnego accept_sec_context was leaving allocated data in
*context_handle, which is incorrect for the first call according to
RFC 2744.
Fix this by mirroring some code from the spnego init_sec_context,
which always cleans up the half-constructed context in case of error.
This is allowed (though not encouraged) by RFC 2744 for second and
subsequent calls; since we were already doing it in init_sec_context,
it seems simpler to do that than keep track of whether this is a first
call or not.
ticket: 6551
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22636
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 21 Aug 2009 22:37:55 +0000 (22:37 +0000)]
Rename db2 header files db.h and db-config.h in the source tree, so
that there will always be only one version of each name in the include
path (namely, the copy made in the build tree, or the generated db.h
if not using the in-tree one). This should fix some minor problems
with different dependency lists generated on different systems.
Sort and uniquify dependency header names before doing substitutions,
as well as after. Look for the db2 headers listed in sorted order.
Don't copy db-ndbm.h into the build tree; let libdb2 find it from the
source tree only.
Update dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22572
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 21 Aug 2009 22:30:43 +0000 (22:30 +0000)]
update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22571
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 21 Aug 2009 18:32:53 +0000 (18:32 +0000)]
Use load_32_be processing length in TCP reply
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22570
dc483132-0cff-0310-8789-
dd5450dbe970