Sam Hartman [Thu, 26 Feb 2004 21:52:00 +0000 (21:52 +0000)]
Set context flags after calling krb5_rd_req so that the replay cache is set up
Ticket: 2284
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16129
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 26 Feb 2004 05:16:02 +0000 (05:16 +0000)]
Move apputils dir from util to lib, to get its proper place in the
build process (after include).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16128
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 26 Feb 2004 04:35:09 +0000 (04:35 +0000)]
* rcp.exp (stop_rsh_daemon): Check for any output before eof, causing any such
info to be dumped into the debug log.
* rsh.exp (stop_rsh_daemon): Likewise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16127
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 26 Feb 2004 04:20:43 +0000 (04:20 +0000)]
* gssapi.exp (doit): Fix typo in log message
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16126
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 26 Feb 2004 04:19:23 +0000 (04:19 +0000)]
* default.exp (passes): Add "mode=udp" to existing pass specifications. Add a
new pass which does AES and "mode=tcp".
(setup_kerberos_files, setup_krb5_conf): Check global var "mode" and use it to
force UDP or TCP communication between client and KDC. Also, have clients try
another random port where we don't expect anything to be listening.
ticket: 2285
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16125
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 26 Feb 2004 03:43:00 +0000 (03:43 +0000)]
* network.c (setup_a_tcp_listener): Call setreuseaddr before calling bind.
(setup_tcp_listener_ports): Don't call setreuseaddr. Log info about socket
option IPV6_V6ONLY in unsupported and success cases.
ticket: 2285
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16124
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 26 Feb 2004 00:38:01 +0000 (00:38 +0000)]
* sendto_kdc.c (start_connection): Close socket if connect() call fails for an
unexpected reason.
ticket: 2277
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16123
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 24 Feb 2004 21:07:22 +0000 (21:07 +0000)]
Remove ENCTYPE_LOCAL_DES3_HMAC_SHA1
Previously, MIT had support for a version of the des3 enctype with a
32-bit length prepended to encrypted data. Remove that support. This
is non-standard and is no longer needed even at MIT.
Ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16122
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Feb 2004 20:01:08 +0000 (20:01 +0000)]
dependency updates
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16121
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Feb 2004 19:46:02 +0000 (19:46 +0000)]
ignore generated shared libraries
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16120
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Feb 2004 19:36:31 +0000 (19:36 +0000)]
ignore some more generated files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16119
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Feb 2004 19:24:25 +0000 (19:24 +0000)]
Move daemon.c into a new library of utility routines for linking our programs
against but which we don't want to install as a separate library.
Change Kerberos and application servers to link against the library if they
might need the replacement daemon() function.
Add a dummy file to the library in case daemon() is not needed, so we don't
have an empty library, which we may not handle properly.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16118
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Feb 2004 17:49:03 +0000 (17:49 +0000)]
ignore fakedest dir
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16117
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Feb 2004 17:48:45 +0000 (17:48 +0000)]
ignore generated krb524 error table code
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16116
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Feb 2004 17:48:26 +0000 (17:48 +0000)]
ignore files created during testing
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16115
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Feb 2004 17:47:56 +0000 (17:47 +0000)]
ignore ksetpwd
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16114
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 23 Feb 2004 22:47:55 +0000 (22:47 +0000)]
update for krb5-1.3.2-beta5
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16110
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 23 Feb 2004 21:25:17 +0000 (21:25 +0000)]
* wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation for
confidential CFX tokens.
ticket: 2266
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16107
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 23 Feb 2004 21:25:07 +0000 (21:25 +0000)]
Add missing ChangeLog entry
ticket: 2258
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16106
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Feb 2004 23:02:54 +0000 (23:02 +0000)]
* prof_init.c (prof_int32): If long is 4 bytes and int is not, then use long,
not int, for prof_int32.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16105
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Hornstein [Thu, 19 Feb 2004 17:51:40 +0000 (17:51 +0000)]
Bug from David Thompson <thomas@cs.wisc.edu>. Bug originally introduced
by me during conversion from bcopy() to memcpy().
ticket: 2258
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16104
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Feb 2004 02:47:11 +0000 (02:47 +0000)]
ignore some files generated during testing
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16103
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Feb 2004 02:46:30 +0000 (02:46 +0000)]
protoize
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16102
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Feb 2004 02:13:02 +0000 (02:13 +0000)]
ignore aes-gen program
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16101
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Feb 2004 01:37:27 +0000 (01:37 +0000)]
protoize
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16100
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Feb 2004 01:35:15 +0000 (01:35 +0000)]
Protoize
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16099
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Feb 2004 01:22:26 +0000 (01:22 +0000)]
delete some blank lines in fn defs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16098
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 18 Feb 2004 20:43:59 +0000 (20:43 +0000)]
use $(CC) rather than ld to build shared libs on tru64 and irix
* shlib.conf (alpha-*-dec-osf*, mips-sgi-irix*): Use $(CC) instead
of ld for building shared libraries.
ticket: new
component: krb5-build
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16097
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 18 Feb 2004 11:04:13 +0000 (11:04 +0000)]
* pcbc_encrypt.c (des_pcbc_encrypt): Don't pass a temporary variable to
DES_DO_ENCRYPT and _DECRYPT. Drop the temporary variable.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16096
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 17 Feb 2004 23:53:44 +0000 (23:53 +0000)]
* f_tables.h (DES_DO_ENCRYPT, DES_DO_DECRYPT): Allocate temporary variable
locally instead of taking the extra argument.
* d3_cbc.c (krb5int_des3_cbc_encrypt): Don't pass the extra argument, and
delete the automatic variable.
(krb5int_des3_cbc_decrypt): Likewise.
* f_cbc.c (krb5int_des_cbc_encrypt, krb5int_des_cbc_decrypt): Likewise.
* f_cksum.c (mit_des_cbc_cksum): Likewise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16095
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 17 Feb 2004 23:36:41 +0000 (23:36 +0000)]
* afsstring2key.c (krb5_afs_encrypt): Drop EDFLAG as an argument, make it local
instead, since we always pass 0.
(afs_crypt): Call changed.
(krb5_afs_crypt_setkey, krb5_afs_encrypt): Use memcpy.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16094
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 17 Feb 2004 21:58:30 +0000 (21:58 +0000)]
oops; add some acknowledgments to change list
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16088
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 17 Feb 2004 21:50:38 +0000 (21:50 +0000)]
update for krb5-1.3.2-beta4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16087
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 16 Feb 2004 06:28:44 +0000 (06:28 +0000)]
Add missing PRIOCNTL_HACK stuff here
ticket: new
target_version: 1.3.2
tags: pullup
component: krb5-build
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16085
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 14 Feb 2004 00:37:18 +0000 (00:37 +0000)]
Don't specify defaults for GET{PEER,SOCK}NAME_ARG{2,3}_TYPE macros
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16082
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 14 Feb 2004 00:34:15 +0000 (00:34 +0000)]
aclocal.m4 (WITH_CC): Add -fno-common to CFLAGS on Darwin, unless -fcommon or
-fno-common is already given.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16081
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 14 Feb 2004 00:31:35 +0000 (00:31 +0000)]
* aclocal.m4 (TRY_PEER_INT): Deleted.
(KRB5_GETPEERNAME_ARGS): Map the getpeername arg types to the corresponding
getsockname arg types.
(KRB5_GETSOCKNAME_ARGS): If nothing matches, assume struct sockaddr and
socklen_t.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16080
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 13 Feb 2004 23:40:08 +0000 (23:40 +0000)]
* t_encrypt.c (compare_results): New function.
(main): Use it to check decryption results against the original plaintext. When
testing with cipher state, encrypt and then decrypt (and verify) two messages.
* Makefile.in (t_encrypt$(EXEEXT)): Depend on CRYPTO_DEPLIB.
ticket: 2229
status: resolved
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16079
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 13 Feb 2004 23:39:59 +0000 (23:39 +0000)]
* build.texinfo (Solaris 9): Add section describing workaround for
Solaris 9 pty-close kernel bug.
ticket: 2195
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16078
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 13 Feb 2004 23:38:57 +0000 (23:38 +0000)]
* dk_decrypt.c (krb5_dk_decrypt_maybe_trunc_hmac): New argument IVEC_MODE. If
clear, same old behavior. If set, copy out next to last block for CTS.
(krb5_dk_decrypt, krb5int_aes_dk_decrypt): Pass extra argument.
* dk_encrypt.c (krb5int_aes_dk_encrypt): For IV, copy out next to last block for
CTS.
ticket: 2229
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16077
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 13 Feb 2004 20:52:40 +0000 (20:52 +0000)]
Change PRIOCNTL_HACK code to use "==" rather than "eq", as "eq" is not
available in tcl-8.3.
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16071
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 13 Feb 2004 04:20:56 +0000 (04:20 +0000)]
Fix logic error
Ticket: 2234
Target_Version: 1.3.2
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16070
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 13 Feb 2004 03:19:30 +0000 (03:19 +0000)]
priocntl workaround for Solaris 9 pty-close bug
Implement gross hack to use priocntl to work around the Solaris 9
pty-close bug. Run expect at a higher class "FX" priority than
spawned processes, which run at a lower class "FX" priority. "make
check" needs to start from a process which has FX priority >= 30 and
FX priority limit >= 30. Thanks to Bill Sommerfeld for the hints.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16069
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 12 Feb 2004 18:28:01 +0000 (18:28 +0000)]
Tru64 and Irix have RPATH issues for test suite
Implement hack for faking up _RLD_ROOT with a shadow of the directory
tree up to the installed "lib" directory. This helps with running
tests on Tru64 and Irix.
ticket: 1793
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16066
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 12 Feb 2004 13:52:56 +0000 (13:52 +0000)]
2004-02-12 Jeffrey Altman <jaltman@mit.edu>
* Fix libpath for krbcc32.lib (only affects KRB5_KFW_COMPILE builds)
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16065
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 11 Feb 2004 22:18:58 +0000 (22:18 +0000)]
Add missing file: gss-misc.h copied from src/appl/gss-sample
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16062
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 11 Feb 2004 19:03:19 +0000 (19:03 +0000)]
update for krb5-1.3.2-beta3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16058
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 11 Feb 2004 18:04:37 +0000 (18:04 +0000)]
update copyright notices on gss sample apps
update copyrights
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16056
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 11 Feb 2004 02:49:58 +0000 (02:49 +0000)]
update for krb5-1.3.2-beta3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16054
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Tue, 10 Feb 2004 19:35:49 +0000 (19:35 +0000)]
gss-client.c: remove extraneous parameters from client_establish_context()
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16052
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 10 Feb 2004 04:35:14 +0000 (04:35 +0000)]
* ser_sctx.c (kg_oid_externalize): Check for errors.
(kg_oid_internalize): Check for errors. Free allocated storage on error.
(kg_queue_externalize): Check for errorrs.
(kg_queue_internalize): Check for errors. Free allocated storage on error.
(kg_ctx_size): Update for new context data.
(kg_ctx_externalize): Update for new context data. Check for error storing
trailer.
(kg_ctx_internalize): Update for new context data. Check for errors in a few
more cases.
ticket: 2166
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16050
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 10 Feb 2004 04:28:28 +0000 (04:28 +0000)]
* gssapi.exp (doit): Run server with additional options to export and re-import
the GSSAPI context, and log info to a file in tmpdir.
ticket: 2166
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16049
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 9 Feb 2004 23:20:47 +0000 (23:20 +0000)]
Call htons for default port of password server
Ticket: 2171
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16047
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 9 Feb 2004 22:55:17 +0000 (22:55 +0000)]
* main.c (init_realm): Apply patch from Will Fiveash to use
correct TCP listening ports.
ticket: 2118
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16042
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 9 Feb 2004 22:54:04 +0000 (22:54 +0000)]
Update from autoconf 2.59
ticket: 2196
version_reported: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16041
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 9 Feb 2004 22:10:40 +0000 (22:10 +0000)]
* util_ordering.c (g_queue_externalize, g_queue_internalize): Check for
sufficient buffer space.
ticket: 2166
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16040
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 9 Feb 2004 22:08:09 +0000 (22:08 +0000)]
* t_cts.c (test_cts): Process encryption and decryption IVs separately, make
sure they match, and display the value.
ticket: 2223
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16039
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 9 Feb 2004 22:06:23 +0000 (22:06 +0000)]
* aes.c (krb5int_aes_encrypt, krb5int_aes_decrypt): Copy out value for new IV
ticket: 2223
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16038
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 9 Feb 2004 21:46:38 +0000 (21:46 +0000)]
* configure.in: Check for sys/time.h and time.h
ticket: 2224
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16034
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 8 Feb 2004 08:46:24 +0000 (08:46 +0000)]
no license on k5sealv3.c
Updated copyright notice to include standard license for release.
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16028
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 7 Feb 2004 19:44:24 +0000 (19:44 +0000)]
* update usage() for gss-client
ticket: 2212
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16027
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 6 Feb 2004 21:12:21 +0000 (21:12 +0000)]
Enable aes128-cts for client
Currently we support aes128-cts but do not enable it by default. It
looks like interoperability problems will be created by this decision.
So add aes128-cts to the default list of enctypes for client
configuration and for permitted_enctypes.
Ticket: new
Target_Version: 1.3.2
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16026
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 6 Feb 2004 21:10:15 +0000 (21:10 +0000)]
Do not consider TGS options to be critical; ignore unknown options
Ticket: 2189
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16025
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 6 Feb 2004 19:48:12 +0000 (19:48 +0000)]
2004-02-06 Jeffrey Altman <jaltman@mit.edu>
* Add new UI components to the gss.exe client
to support the use of GSS_C_SEQUENCE_FLAG or to
disable the use of either GSS_C_MUTUAL_FLAG or
GSS_C_REPLAY_FLAG
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16024
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 6 Feb 2004 19:05:47 +0000 (19:05 +0000)]
2004-02-06 Jeffrey Altman <jaltman@mit.edu>
* Add new command line switches to the gss-client
to support the use of GSS_C_SEQUENCE_FLAG or to
disable the use of either GSS_C_MUTUAL_FLAG or
GSS_C_REPLAY_FLAG
ticket: 2212
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16023
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 6 Feb 2004 07:00:51 +0000 (07:00 +0000)]
2004-02-05 Jeffrey Altman <jaltman@mit.edu>
* gssapiP_krb5.h: remove KG_IMPLFLAGS macro
* init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS
macro with previous macro definition
* accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS
macro with new definition. As per 1964 the INTEG and CONF flags
are supposed to indicate the availability of the services in
the client. By applying the previous definition of KG_IMPLFLAGS
the INTEG and CONF flags are always on. This can be a problem
because some clients such as Microsoft's Kerberos SSPI allow
CONF and INTEG to be used independently. By forcing the flags
on, we would end up with inconsist state with the client.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16022
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 5 Feb 2004 08:04:45 +0000 (08:04 +0000)]
Add support for specifying the credential cache to be used as well
as fix a few minor user interface bugs
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16021
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 4 Feb 2004 17:28:00 +0000 (17:28 +0000)]
Remove reference to the ntstatus.h header in cc_mslsa.c
This header is not present in the August 2001 Platform SDK which is
the current minimum SDK version.
ticket: new
tags: pullup
target_version: 1.3.2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16020
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 3 Feb 2004 13:08:57 +0000 (13:08 +0000)]
update for krb5-1.3.2-beta2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16015
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Tue, 3 Feb 2004 00:50:43 +0000 (00:50 +0000)]
2004-02-02 Jeffrey Altman <jaltman@mit.edu>
* cc_msla.c:
GetMSCacheTicketFromCacheInfo() uses the tktinfo->TicketFlags as the
value to assign to TicketRequest->TicketFlags. This field is blindly
inserted into the kdc-options[0] field of the TGS_REQ. If there are
bits such as TRANSIT_POLICY_CHECKED in the TicketFlags, this will result
in an unknown TGS_OPTION being processed by the KDC.
This has been fixed by mapping the Ticket Flags to KDC options.
We only map Forwardable, Forwarded, Proxiable, and Renewable. The others
should not be used.
ticket: 2190
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16013
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 2 Feb 2004 17:40:19 +0000 (17:40 +0000)]
* cc_mslsa.c: the MSLSA code was crashing on Pismere machines when
logging on with cross realm credentials. On these machines there are
8 tickets within the LSA cache from two different realms. One of the
krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but
a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe
processes. The attempt to access the ticket returns a SubStatus code
of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that
the logon attempt was invalid due to bad authentication information.
kerbtray has no problem listing this ticket. The other seven tickets
in the cache including the Initial Ticket are accessible. Modified
krb5_lcc_next_cred() to skip to the next ticket if an attempt to read
a single ticket fails.
ticket: 2184
tags: pullup
target_version: 1.3.2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15997
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 2 Feb 2004 16:05:12 +0000 (16:05 +0000)]
* Update README to describe the new PreserveInitialTicketIdentity
registry key.
ticket: 2139
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15996
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sun, 1 Feb 2004 05:46:56 +0000 (05:46 +0000)]
missing header
ticket: 2183
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15995
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sun, 1 Feb 2004 05:40:48 +0000 (05:40 +0000)]
* Do not perform ticket importing if the initial TGT is not available
from the MSLSA krb5_ccache. This will be the case if the session key
enctype is NULL. (AllowTGTSessionKey regkey = 0)
ticket: new
target: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15994
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sun, 1 Feb 2004 01:48:22 +0000 (01:48 +0000)]
* cc_mslsa.c: optimize the get_next logic by storing a handle to the
MS TGT in the lcc_cursor data structure
ticket:new
tags: pullup
target_version: 1.3.2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15993
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 31 Jan 2004 23:32:18 +0000 (23:32 +0000)]
* gss-misc.c: Include sys/time.h or time.h, to get struct timeval declaration
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15992
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 31 Jan 2004 09:29:13 +0000 (09:29 +0000)]
Do not export tickets from the LSA if they contain NULL session keys.
This is primarily to prevent unusable TGTs from being imported into the
MIT Credential Cache
ticket: 2153
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15991
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 31 Jan 2004 01:40:58 +0000 (01:40 +0000)]
2004-01-30 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: As per extensive conversations with Doug Engert we have
concluded that MS is not specifying a complete set of domain information
when it comes to service tickets other than the initial TGT. What happens
is the client principal domain cannot be derived from the fields they
export. Code has now been added to obtain the domain from the initial
TGT and use that when constructing the client principals for all tickets.
This behavior can be turned off by setting a registry either on a per-user
or a system-wide basis:
{HKCU,HKLM}\Software\MIT\Kerberos5
PreserveInitialTicketIdentity = 0x0 (DWORD)
ticket: 2139
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15990
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 31 Jan 2004 00:46:38 +0000 (00:46 +0000)]
Add support for Addressless Ticket Checkbox. Applied patch from Doug Engert
ticket: 982
tags: pullup
target_version: 1.3.2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15989
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 31 Jan 2004 00:31:33 +0000 (00:31 +0000)]
2004-01-30 Jeffrey Altman <jaltman@mit.edu>
Update the README file to include details on the new Windows registry
key necessary to access the TGT session key when importing from MSLSA.
Also, include compatibility details regarding the gss sample client and
the Microsoft Platform SDK distributed versions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15988
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 31 Jan 2004 00:00:51 +0000 (00:00 +0000)]
A near complete re-write of the gss sample client on windows. Supports the
current protocol implemented in the Unix gss sample applications as well as
a new User Interface making this one neat testing tool.
There are still many little kinks to get out in a future version. The sliders
for the Call Count and the Message Count do not have text strings indicating
their current value. They slide from 1 to 20. And the known Mechanism
strings should be accessible in the drop down list.
A documentation file on how to use the tool would be a good addition.
ticket: 2144
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15987
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 30 Jan 2004 23:52:07 +0000 (23:52 +0000)]
Address issues discovered while testing updated Windows gss sample client.
A Missing parameter to a sign_server call in gss-server.c and the need for
a select() call in read_all() to prevent blocking indefinitely.
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15986
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 30 Jan 2004 21:41:20 +0000 (21:41 +0000)]
prof-int.h should include pthread.h when USE_PTHREADS is defined
ticket: 2180
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15985
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 30 Jan 2004 21:33:16 +0000 (21:33 +0000)]
Updated for new source files in krb5
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15984
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 27 Jan 2004 06:41:26 +0000 (06:41 +0000)]
need more testing support for MS
This should allow use of the CFX_EXERCISE code to better check interoperability
of MS and MIT code with regard to future extensibility.
* init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't crash on null
pointer in debugging code.
(new_connection): Disable CFX_EXERCISE unknown-token-id case detection.
* accept_sec_context.c (krb5_gss_accept_sec_context) [CFX_EXERCISE]: Log to
/tmp/gsslog whether delegation or extra option bytes were present.
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15983
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 7 Jan 2004 23:24:54 +0000 (23:24 +0000)]
update for krb5-1.3.2-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15978
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 7 Jan 2004 00:07:14 +0000 (00:07 +0000)]
fix typos
ticket: 2106
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15975
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Tue, 6 Jan 2004 23:21:13 +0000 (23:21 +0000)]
Add stub function implementations to support krb5_cc_remove_cred() which
would cause a null pointer dereference if called. The new KRB5_CC_NOSUPP
error is returned to indicate the lack of implementation.
ticket: 2106
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15974
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 5 Jan 2004 21:42:34 +0000 (21:42 +0000)]
Only backdate the ticket that is created. The KDC reply must contain
the time from the client's request or the client will fail its
clockskew check if the request is backdated too far.
Ticket: 2058
Target_Version: 1.3.2
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15965
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 5 Jan 2004 21:12:23 +0000 (21:12 +0000)]
* init_sec_context.c: Include auth_con.h if CFX_EXERCISE is defined.
(make_gss_checksum) [CFX_EXERCISE]: If the key enctype is aes256, insert some
stuff after the delegation slot.
(new_connection) [CFX_EXERCISE]: Don't send messages with bogus token ids.
* accept_sec_context.c (krb5_gss_accept_sec_context): Don't discard the
delegation flag; only look for a delegation if the flag is set, and only look
for delegation, not other options. Ignore any other data there.
ticket: 2079
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15964
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 5 Jan 2004 03:39:53 +0000 (03:39 +0000)]
* win-mac.h: conditionally define strcasecmp/strncasecmp macros
only if they do not already exist.
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15963
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 28 Dec 2003 03:57:48 +0000 (03:57 +0000)]
* configure.in: Use AC_HELP_STRING for kdc-replay-cache option info
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15962
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 28 Dec 2003 03:51:47 +0000 (03:51 +0000)]
* Makefile.in (LOCAL_SUBDIRS): Fix typo in last (undocumented) change
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15961
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 24 Dec 2003 05:44:25 +0000 (05:44 +0000)]
move some basic header and function checks from lib/krb5 to include
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15960
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 22 Dec 2003 23:18:13 +0000 (23:18 +0000)]
* README: update requirements for compilation tools, DNS support
and describe new MSLSA: credential cache and how to configure
Windows to use it.
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15959
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 22 Dec 2003 18:24:41 +0000 (18:24 +0000)]
* dnssrv.c: wrap the entire module in #ifdef KRB5_DNS_LOOKUP to prevent
the dependency on the resolver library when DNS functionality is not
being compiled into the krb5 library.
ticket: new
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15958
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 20 Dec 2003 04:39:35 +0000 (04:39 +0000)]
* fake-addrinfo.h: Include stdio.h
ticket: 2016
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15957
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 20 Dec 2003 03:52:51 +0000 (03:52 +0000)]
* util_crypt.c (kg_encrypt, kg_decrypt): Input pointer now points to const.
* gssapiP_krb5.h: Declarations updated.
* util_seed.c (zeros): Now const.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15956
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 20 Dec 2003 03:51:00 +0000 (03:51 +0000)]
* gssapi_generic.c (const_oids): Renamed from oids, and now const.
(oids): New macro, casts const_oids to non-const pointer for use in initializers.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15955
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 20 Dec 2003 03:25:58 +0000 (03:25 +0000)]
* realm_iter.c (krb5_realm_iterator_create): Array NAMES is now const
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15954
dc483132-0cff-0310-8789-
dd5450dbe970