krb5.git
29 years agoThe BSD application suite only understands using 1-DES as a session key type
Richard Basch [Tue, 5 Dec 1995 03:34:22 +0000 (03:34 +0000)]
The BSD application suite only understands using 1-DES as a session key type

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7163 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoUse symbolic names for the encryption types.
Richard Basch [Tue, 5 Dec 1995 03:32:11 +0000 (03:32 +0000)]
Use symbolic names for the encryption types.
Support 3-DES, too.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7162 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoThe wrong encryption system was being initialized. The response to the mk_req
Richard Basch [Tue, 5 Dec 1995 03:30:58 +0000 (03:30 +0000)]
The wrong encryption system was being initialized.  The response to the mk_req
should be done using the session key and its encryption system, not the
ticket's encryption system.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7161 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoThere is no longer a dependency on libkadm
Richard Basch [Tue, 5 Dec 1995 03:27:55 +0000 (03:27 +0000)]
There is no longer a dependency on libkadm

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7160 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoMoved most string-type conversion routines from libkadm to libkrb5 to
Richard Basch [Tue, 5 Dec 1995 03:24:44 +0000 (03:24 +0000)]
Moved most string-type conversion routines from libkadm to libkrb5 to
reduce the dependencies on libkadm and for better support of multiple
encryption type lookup in krb5.conf.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7159 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoMoved most string-type conversion routines from libkadm to libkrb5 to
Richard Basch [Tue, 5 Dec 1995 03:13:14 +0000 (03:13 +0000)]
Moved most string-type conversion routines from libkadm to libkrb5 to
reduce the dependencies on libkadm and for better support of multiple
encryption type lookup in krb5.conf.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7158 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoFixed the description of the algorithm in the comment
Richard Basch [Sat, 2 Dec 1995 16:35:47 +0000 (16:35 +0000)]
Fixed the description of the algorithm in the comment

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7157 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoXOR the last byte of weak keys with 0xf0, according to spec
Richard Basch [Sat, 2 Dec 1995 16:33:40 +0000 (16:33 +0000)]
XOR the last byte of weak keys with 0xf0, according to spec

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7156 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoXOR the last octet with 0xf0, not the first, analagous to 1-DES
Richard Basch [Sat, 2 Dec 1995 16:30:09 +0000 (16:30 +0000)]
XOR the last octet with 0xf0, not the first, analagous to 1-DES

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7155 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoApplied patch from Scott Schwartz <schwartz@galapagos.cse.psu.edu>
Theodore Tso [Fri, 1 Dec 1995 22:35:35 +0000 (22:35 +0000)]
Applied patch from Scott Schwartz <schwartz@galapagos.cse.psu.edu>

Under SunOS, and maybe other systems, there is a a problem with
krlogind.c and a similar problem with login.c as distributed with
K5.5.

The bug is that rlogind forks a child but retains a controlling tty.
If the child is in the same process group as the parent, which is will
if you don't use a job control shell (chsh /bin/rc), keyboard signals
will kill the daemon.  telnetd dissociates itself properly, but then
login.krb5 waits for the shell to finish, but login.krb5 has the same
ctty as the shell and is in the same process group, so it has the same
problem.

In BSD you used to be able to give up your ctty at will, but SunOS
seems to have setsid as the only mechanism to perform that action, and
setsid can only succeed in limited circumstances.  Rlogind ought to be
fixed to behave more like telnetd, but independent of that, login.krb5
needs to be patched if kerberos is to work properly under SunOS.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7154 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdd rule for building shared object files
Theodore Tso [Fri, 1 Dec 1995 22:28:06 +0000 (22:28 +0000)]
Add rule for building shared object files

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7153 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdded Changelog file
Theodore Tso [Fri, 1 Dec 1995 22:24:32 +0000 (22:24 +0000)]
Added Changelog file

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7152 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdded temporary definition of KRB5_ADM_M_EXTRADATA so that we have a
Theodore Tso [Fri, 1 Dec 1995 22:16:42 +0000 (22:16 +0000)]
Added temporary definition of KRB5_ADM_M_EXTRADATA so that we have a
tree which (mostly) compiles.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7151 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoIn case of permission problems, don't unlink the old replay cache;
Theodore Tso [Fri, 1 Dec 1995 22:15:32 +0000 (22:15 +0000)]
In case of permission problems, don't unlink the old replay cache;
make it a hard (repeatable) error.  This also reduces the chance we
accidentally delete valuable data.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7150 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoInitialize rcache to zero, so that on cleanup we don't try to free
Theodore Tso [Fri, 1 Dec 1995 22:14:52 +0000 (22:14 +0000)]
Initialize rcache to zero, so that on cleanup we don't try to free
stack garbage.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7149 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoChanged token ID for KG_TOK_WRAP_MSG to match KG_TOK_SEAL_MSG both
Theodore Tso [Fri, 1 Dec 1995 22:14:10 +0000 (22:14 +0000)]
Changed token ID for KG_TOK_WRAP_MSG to match KG_TOK_SEAL_MSG both
should be 0x0201.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7148 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* krb5_gss_glue.c (gss_inquire_names_for_mech): Added new context
Theodore Tso [Fri, 1 Dec 1995 22:13:07 +0000 (22:13 +0000)]
* krb5_gss_glue.c (gss_inquire_names_for_mech): Added new context
argument to the call of krb5_gss_inquire_names_for_mech().

* inq_names.c (krb5_gss_inquire_names_for_mech): Added new context
argument to the arg list.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7147 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoDescription of 3-DES algorithms
Richard Basch [Fri, 1 Dec 1995 21:25:08 +0000 (21:25 +0000)]
Description of 3-DES algorithms

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7146 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoCorrected algorithm description at beginning.
Richard Basch [Fri, 1 Dec 1995 19:21:07 +0000 (19:21 +0000)]
Corrected algorithm description at beginning.
Fold input into 168 bits and then expand the result to include odd parity,
so as to avoid potentially weakening the key.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7145 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdded 3-DES string translation
Richard Basch [Fri, 1 Dec 1995 19:10:04 +0000 (19:10 +0000)]
Added 3-DES string translation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7144 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * kdc_preauth.c: #@&^(!! Ultrix cc sucks. Typedef to function
Tom Yu [Fri, 1 Dec 1995 02:00:33 +0000 (02:00 +0000)]
* kdc_preauth.c: #@&^(!! Ultrix cc sucks.  Typedef to function
pointer rather than function prototype to avoid lossage.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7143 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoRemoved extra eblock argument from call to krb5_encode_kdc_rep
Theodore Tso [Wed, 29 Nov 1995 18:32:37 +0000 (18:32 +0000)]
Removed extra eblock argument from call to krb5_encode_kdc_rep

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7142 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoCorrected a bug in the wrap-around carry (found bug by comparing test results
Richard Basch [Wed, 29 Nov 1995 06:08:41 +0000 (06:08 +0000)]
Corrected a bug in the wrap-around carry (found bug by comparing test results
with another implementation).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7141 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoMake sure that each DES key is strong. If not, xor first byte with 0xf0
Richard Basch [Tue, 28 Nov 1995 20:08:53 +0000 (20:08 +0000)]
Make sure that each DES key is strong.  If not, xor first byte with 0xf0

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7140 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoCorrected bit rotation to match documented algorithm
Richard Basch [Tue, 28 Nov 1995 19:50:53 +0000 (19:50 +0000)]
Corrected bit rotation to match documented algorithm

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7139 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoRemoved debugging assert() statement
Richard Basch [Tue, 28 Nov 1995 16:38:53 +0000 (16:38 +0000)]
Removed debugging assert() statement

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7138 dc483132-0cff-0310-8789-dd5450dbe970

29 years agof_ecb.c, des_int.h (mit_des_ecb_encrypt): Add const declaration to input
Ezra Peisach [Tue, 28 Nov 1995 16:35:30 +0000 (16:35 +0000)]
f_ecb.c, des_int.h (mit_des_ecb_encrypt): Add const declaration to input
cblock.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7137 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoThe output block of n-fold should not be a "const"
Richard Basch [Tue, 28 Nov 1995 13:18:57 +0000 (13:18 +0000)]
The output block of n-fold should not be a "const"

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7136 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdded 3-DES MD5 mode constants
Richard Basch [Tue, 28 Nov 1995 01:25:49 +0000 (01:25 +0000)]
Added 3-DES MD5 mode constants

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7135 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoCompile 3-DES MD5 routine
Richard Basch [Tue, 28 Nov 1995 01:19:37 +0000 (01:19 +0000)]
Compile 3-DES MD5 routine

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7134 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdded 3-DES MD5 checksum mode switch
Richard Basch [Tue, 28 Nov 1995 01:18:05 +0000 (01:18 +0000)]
Added 3-DES MD5 checksum mode switch

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7133 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdded 3-DES MD5 checksum mode
Richard Basch [Tue, 28 Nov 1995 01:17:10 +0000 (01:17 +0000)]
Added 3-DES MD5 checksum mode

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7132 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdded Triple-DES function prototypes and structures
Richard Basch [Tue, 28 Nov 1995 01:15:23 +0000 (01:15 +0000)]
Added Triple-DES function prototypes and structures

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7131 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoCompile in Triple-DES routines
Richard Basch [Tue, 28 Nov 1995 01:14:53 +0000 (01:14 +0000)]
Compile in Triple-DES routines

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7130 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoTriple DES shares the same random key initialization routine
Richard Basch [Tue, 28 Nov 1995 01:12:41 +0000 (01:12 +0000)]
Triple DES shares the same random key initialization routine

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7129 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoTriple DES support routines
Richard Basch [Tue, 28 Nov 1995 01:09:46 +0000 (01:09 +0000)]
Triple DES support routines

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7128 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoTriple-DES support routines
Richard Basch [Tue, 28 Nov 1995 01:09:19 +0000 (01:09 +0000)]
Triple-DES support routines

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7127 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * state.c: use P properly so it won't break non-ansi compilers
Tom Yu [Mon, 27 Nov 1995 21:00:40 +0000 (21:00 +0000)]
* state.c: use P properly so it won't break non-ansi compilers

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7126 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * rc_dfl.c (krb5_rc_dfl_init): default lifespan to
Tom Yu [Mon, 27 Nov 1995 20:51:53 +0000 (20:51 +0000)]
* rc_dfl.c (krb5_rc_dfl_init): default lifespan to
context->clockskew in case some app can't get at the
internals of the context struct.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7125 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * k5-int.h: Ultrix is broken. Hacked around by redefining the
Tom Yu [Mon, 27 Nov 1995 00:37:13 +0000 (00:37 +0000)]
* k5-int.h: Ultrix is broken.  Hacked around by redefining the
typedefs of preauth_obtain_data_proc and
preauth_process_proc to be pointers to the functions
rather than the functions themselves.  Also made some
things KRB5_NPROTOTYPE.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7124 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * preauth.c: Ultrix is broken. Prototype obtain_enc_ts_padata()
Tom Yu [Mon, 27 Nov 1995 00:36:33 +0000 (00:36 +0000)]
* preauth.c: Ultrix is broken.  Prototype obtain_enc_ts_padata()
and process_pw_salt() explicitly rather than using the
typedef in k5-int.h becaus that typedef is to a function
pointer now.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7123 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdded missing prototype for krb5_encode_kdc
Theodore Tso [Sat, 18 Nov 1995 03:42:55 +0000 (03:42 +0000)]
Added missing prototype for krb5_encode_kdc

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7121 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoRemoved extra eblock argument from call to krb5_encode_kdc_rep
Theodore Tso [Sat, 18 Nov 1995 03:42:22 +0000 (03:42 +0000)]
Removed extra eblock argument from call to krb5_encode_kdc_rep

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7120 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoMoved prototype of krb5_encode_kdc to k5-int.h
Theodore Tso [Sat, 18 Nov 1995 03:41:21 +0000 (03:41 +0000)]
Moved prototype of krb5_encode_kdc to k5-int.h

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7119 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoMoved prototype for encode_kdc_rep to k5-int.h, and remove the eblock
Theodore Tso [Sat, 18 Nov 1995 03:40:03 +0000 (03:40 +0000)]
Moved prototype for encode_kdc_rep to k5-int.h, and remove the eblock
argument.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7118 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoget_in_tkt.c (decrypt_as_reply):
Theodore Tso [Sat, 18 Nov 1995 03:39:15 +0000 (03:39 +0000)]
get_in_tkt.c (decrypt_as_reply):
preauth.c (process_pw_salt): When fetching the key to decrypting the
encrypted kdc reply, use the etype associated with the etype
reply, not the etype associated with the included ticket.

encode_kdc.c: Remove eblock argument from krb5_encode_kdc_rep;
set the eblock type from the client_key's enctype.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7117 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoMakefile.in, ChangeLog: Add support to compile shared libraries
Theodore Tso [Sat, 18 Nov 1995 03:22:58 +0000 (03:22 +0000)]
Makefile.in, ChangeLog: Add support to compile shared libraries

gssapi.h: Include sys/types.h, since that's where POSIX says size_t is
defined.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7116 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoFixed token type numbers so they conform with the protocol spec. Paul
Theodore Tso [Sat, 18 Nov 1995 03:20:15 +0000 (03:20 +0000)]
Fixed token type numbers so they conform with the protocol spec.  Paul
Park didn't realize that he wasn't allowed to change these
willy-nilly...

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7115 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoRenamed filenames so they would be unique in an 8.3 filesystem. Added
Theodore Tso [Sat, 18 Nov 1995 03:11:26 +0000 (03:11 +0000)]
Renamed filenames so they would be unique in an 8.3 filesystem.  Added
GSSAPI V2 functions to mechglueP.h (now mglueP.h)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7114 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoFix bogus duplication of code
Sam Hartman [Fri, 17 Nov 1995 02:31:57 +0000 (02:31 +0000)]
Fix bogus duplication of code

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7112 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago Add IEXTEN to lflags
Sam Hartman [Fri, 17 Nov 1995 02:28:36 +0000 (02:28 +0000)]
Add IEXTEN to lflags

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7111 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago(krb5_get_server_rcache): Use krb5_rc_default_type instead of assuming
Ezra Peisach [Fri, 17 Nov 1995 01:30:40 +0000 (01:30 +0000)]
(krb5_get_server_rcache): Use krb5_rc_default_type instead of assuming
default rcache type is "dfl".

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7110 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * *.c (*): initialize lock_arg to a copy of a static
Mark Eichin [Thu, 16 Nov 1995 03:08:18 +0000 (03:08 +0000)]
* *.c (*): initialize lock_arg to a copy of a static
  (thus zero) struct flock, to avoid panic'ing sunos 4.1.4.

If you call fcntl F_SETLKW with l_type == F_UNLCK and l_xxx == 15
(GRANT_LOCK_FLAG) you'll panic sunos 4.1.4 with
assertion failed: ld->l_xxx != GRANT_LOCK_FLAG, file: ../../ufs/ufs_lockf.c, line: 995

Since automatic structs like these have random values in uninitialized
fields, we initialize from a static struct (since using memset in this
case is abhorrent, and naming l_xxx is non POSIX.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7109 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * ktest_equal.c (ktest_equal_krb5_etype_info_entry()) :
Chris Provenzano [Wed, 15 Nov 1995 20:29:59 +0000 (20:29 +0000)]
* ktest_equal.c (ktest_equal_krb5_etype_info_entry()) :
Only do emecmp() if ref->length > 0

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7108 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoInitial checkin of Sun's (Derek's) multi-mechanism GSSAPI support
Theodore Tso [Wed, 15 Nov 1995 16:21:13 +0000 (16:21 +0000)]
Initial checkin of Sun's (Derek's) multi-mechanism GSSAPI support

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7107 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdded ANL changes to support configuration authentication paths
Theodore Tso [Wed, 15 Nov 1995 15:24:43 +0000 (15:24 +0000)]
Added ANL changes to support configuration authentication paths

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7106 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* kdc_util.h: Added new prototypes for return_padata() and check_padata()
Theodore Tso [Tue, 14 Nov 1995 00:47:37 +0000 (00:47 +0000)]
* kdc_util.h: Added new prototypes for return_padata() and check_padata()

* kdc_preauth.c (return_padata): New function which calls out to each preauth
 type to see if it is necessary to return preauth data or not.
(return_pw_salt): New function responsible for returning the
KRB5_PW_SALT preauth information.

* do_as_req.c (process_as_req):  Move creation of the PW_SALT
preauthentication step into kdc_preauth.c.  Call return_pdata()
which is responsible for all padata info which is returned by
the KDC in the KRB_AS_REP message.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7103 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* preauth.c (krb5_process_padata): Added generalized processing for
Theodore Tso [Mon, 13 Nov 1995 18:01:26 +0000 (18:01 +0000)]
* preauth.c (krb5_process_padata): Added generalized processing for
preauth information which is returned by the KDC.  This should be
general enough to support the AFS3_SALT preauth type, the SNK4
preauth type, and the public-key mods to Kerberos.
(process_pw_salt): New function for processing the KRB5_PW_SALT
preauthentication type.

* get_in_tkt.c (decrypt_as_reply): Removed temporary kludge for
processing the PW_SALT preauth type; that's now done in preauth.c
(krb5_get_in_tkt): Call krb5_process_padata with new arguments so that
the preauth code can set the decryption_key if necessary.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7102 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdded typedef for krb5_preauth_proces_proc, and changed the prototype
Theodore Tso [Mon, 13 Nov 1995 17:57:00 +0000 (17:57 +0000)]
Added typedef for krb5_preauth_proces_proc, and changed the prototype
of krb5_process_padata() to take additional arguments for returning
the decryption key to use for decrypting the as_reply, as well as
passing in the decrypt_proc procedure in case some preauth types want
to call decrypt_proc themselves.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7101 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* encrypt_data.c (krb5_encrypt_data): New file. A generic routine
Theodore Tso [Mon, 13 Nov 1995 16:53:23 +0000 (16:53 +0000)]
* encrypt_data.c (krb5_encrypt_data): New file.  A generic routine
for encrypting data in a krb5_data structure.  Fills in a
krb5_enc_data structure.

* decrypt_data.c (krb5_decrypt_data): New file.  A generic routine
for decrypting data in a krb5_enc_data structure.  Fills
in a krb5_data structure.

* Makefile.in (SRCS): Added decrypt_data.c and encrypt_data.c to
list of files to be compiled.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7100 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdd prototypes for krb5_encrypt_data(), krb5_decrypt_data()
Theodore Tso [Mon, 13 Nov 1995 16:51:54 +0000 (16:51 +0000)]
Add prototypes for krb5_encrypt_data(), krb5_decrypt_data()

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7099 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdd prototypes for krb5_encrypt_data(), krb5_decrypt_data()
Theodore Tso [Mon, 13 Nov 1995 16:51:37 +0000 (16:51 +0000)]
Add prototypes for krb5_encrypt_data(), krb5_decrypt_data()

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7098 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * def_realm.c (krb5_get_default_realm): check for PROF_NO_PROFILE
Mark Eichin [Mon, 13 Nov 1995 01:41:07 +0000 (01:41 +0000)]
* def_realm.c (krb5_get_default_realm): check for PROF_NO_PROFILE
and return KRB5_CONFIG_CANTOPEN instead of BADFORMAT so that the
user in the end knows what is going on.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7097 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * g_cnffile.c (krb__get_srvtabname): new function, looks up
Mark Eichin [Mon, 13 Nov 1995 01:40:31 +0000 (01:40 +0000)]
* g_cnffile.c (krb__get_srvtabname): new function, looks up
[libdefaults]krb4_srvtab for use where KEYFILE used to be.
* g_cnffile.c (krb__v5_get_file): new function, looks up argument
in [libdefaults] and tries to open it as a filename. Returns
filehandle (or NULL, if fopen failed.)
(krb__get_cnffile, krb__get_realmsfile): use krb__v5_get_file to
look up "krb4_config" or "krb4_realms" respectively. Also add
$KRB_REALMS override for realms file.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7096 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * conv_creds.c (krb524_convert_creds_kdc): loop through all of the
Mark Eichin [Mon, 13 Nov 1995 01:39:39 +0000 (01:39 +0000)]
* conv_creds.c (krb524_convert_creds_kdc): loop through all of the
addresses returned by krb5_locate_kdc, don't just try the first one.
* krb524d.c (do_connection): check for particular failures of
decode_krb5_ticket, as well as for messages that are one int long
(which will eliminate our own error replies.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7095 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * krb.h (KEYFILE): change to call krb__get_srvtabname with a
Mark Eichin [Mon, 13 Nov 1995 01:39:04 +0000 (01:39 +0000)]
* krb.h (KEYFILE): change to call krb__get_srvtabname with a
default of the old hardcoded value "/etc/srvtab".

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7094 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * krb5.conf[libdefaults]: add krb4_config, krb4_realms
Mark Eichin [Mon, 13 Nov 1995 01:38:24 +0000 (01:38 +0000)]
* krb5.conf[libdefaults]: add krb4_config, krb4_realms

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7093 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * telnetd.8: source tmac.doc for correct parsing
Mark Eichin [Mon, 13 Nov 1995 01:37:23 +0000 (01:37 +0000)]
* telnetd.8: source tmac.doc for correct parsing

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7092 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * main.c: initialize line (to avoid splitting up forward.c.)
Mark Eichin [Mon, 13 Nov 1995 01:35:44 +0000 (01:35 +0000)]
* main.c: initialize line (to avoid splitting up forward.c.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7091 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * forward.c: set KRB5_DEFAULT_LIFE to 10 hours, not 8.
Mark Eichin [Mon, 13 Nov 1995 01:26:12 +0000 (01:26 +0000)]
* forward.c: set KRB5_DEFAULT_LIFE to 10 hours, not 8.
* forward.c (rd_and_store_for_creds): construct correct cache name
for forwarded tickets (based on tty name if available) and drop it
into the environment so login notices it.

also, fix typo in comment in kerberos5.c

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7090 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * krshd.c (doit): drag TZ= from parent environment into envinit to
Mark Eichin [Mon, 13 Nov 1995 01:24:25 +0000 (01:24 +0000)]
* krshd.c (doit): drag TZ= from parent environment into envinit to
pass to child.
(envinit, TZENV): add one more slot for optional TZ, and mark it.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7089 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * Makefile.in (install-mkdirs): bash needs a semicolon between fi
Mark Eichin [Mon, 13 Nov 1995 01:23:22 +0000 (01:23 +0000)]
* Makefile.in (install-mkdirs): bash needs a semicolon between fi
and done.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7088 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoComment out encrypted telnet tests
Ezra Peisach [Sat, 11 Nov 1995 02:16:11 +0000 (02:16 +0000)]
Comment out encrypted telnet tests

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7087 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * TODO : Remove krb5_enctype argument from string_to_key() is done
Chris Provenzano [Thu, 9 Nov 1995 22:27:36 +0000 (22:27 +0000)]
* TODO : Remove krb5_enctype argument from string_to_key() is done

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7086 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * t_cksum.c : Remove krb5_enctype from krb5_string_to_key() args
Chris Provenzano [Thu, 9 Nov 1995 22:27:02 +0000 (22:27 +0000)]
    * t_cksum.c : Remove krb5_enctype from krb5_string_to_key() args

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7085 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * string2key.c : Remove krb5_enctype from krb5_string_to_key() args.
Chris Provenzano [Thu, 9 Nov 1995 22:26:40 +0000 (22:26 +0000)]
    * string2key.c : Remove krb5_enctype from krb5_string_to_key() args.
* string2key.c, des_int.h : Remove krb5_enctype from
mit_des_string_to_key() args.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7084 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * fetch_mkey.c, kdb_cpw.c, t_kdb.c :
Chris Provenzano [Thu, 9 Nov 1995 22:26:01 +0000 (22:26 +0000)]
    * fetch_mkey.c, kdb_cpw.c, t_kdb.c :
Remove krb5_enctype from krb5_string_to_key() args.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7083 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * in_tkt_pwd.c : Remove krb5_enctype from krb5_string_to_key() args
Chris Provenzano [Thu, 9 Nov 1995 22:25:29 +0000 (22:25 +0000)]
    * in_tkt_pwd.c : Remove krb5_enctype from krb5_string_to_key() args

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7082 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * kdb5_verify.c : Remove krb5_enctype from krb5_string_to_key() args
Chris Provenzano [Thu, 9 Nov 1995 22:24:52 +0000 (22:24 +0000)]
    * kdb5_verify.c : Remove krb5_enctype from krb5_string_to_key() args

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7081 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * kdc5_hammer.c : Remove krb5_enctype from krb5_string_to_key() args
Chris Provenzano [Thu, 9 Nov 1995 22:24:34 +0000 (22:24 +0000)]
    * kdc5_hammer.c : Remove krb5_enctype from krb5_string_to_key() args

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7080 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * kdb5_mkdums.c : Remove krb5_enctype from krb5_string_to_key() args
Chris Provenzano [Thu, 9 Nov 1995 22:24:16 +0000 (22:24 +0000)]
    * kdb5_mkdums.c : Remove krb5_enctype from krb5_string_to_key() args

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7079 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * krb5.hin : Remove krb5_enctype from krb5_string_to_key() args
Chris Provenzano [Thu, 9 Nov 1995 22:23:27 +0000 (22:23 +0000)]
    * krb5.hin : Remove krb5_enctype from krb5_string_to_key() args

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7078 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * kdb5_edit.c : Remove krb5_enctype from krb5_string_to_key() args
Chris Provenzano [Thu, 9 Nov 1995 22:22:54 +0000 (22:22 +0000)]
    * kdb5_edit.c : Remove krb5_enctype from krb5_string_to_key() args

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7077 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago * kdb5_create.c : Remove krb5_enctype from krb5_string_to_key() args
Chris Provenzano [Thu, 9 Nov 1995 22:22:34 +0000 (22:22 +0000)]
* kdb5_create.c : Remove krb5_enctype from krb5_string_to_key() args

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7076 dc483132-0cff-0310-8789-dd5450dbe970

29 years agosim_client.c (main): Use krb5_get_server_rcache instead of duplicating
Ezra Peisach [Thu, 9 Nov 1995 14:39:34 +0000 (14:39 +0000)]
sim_client.c (main): Use krb5_get_server_rcache instead of duplicating
code. Remove use of krb5_clockskew variable.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7074 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* kdc_preauth.c (get_etype_info): Added function to return the
Theodore Tso [Thu, 9 Nov 1995 05:08:09 +0000 (05:08 +0000)]
* kdc_preauth.c (get_etype_info): Added function to return the
etype_info preauth hint to the client.

* kdc_util.c (get_salt_from_key): Added new function which determines
the salting information from the krb5_key_data structure.

* main.c (kdc_initialize_rcache): Replace use of krb5_clockskew with
context->clockskew.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7073 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoRemove etype_info from the argument list of krb5_obtain_padata
Theodore Tso [Thu, 9 Nov 1995 05:05:28 +0000 (05:05 +0000)]
Remove etype_info from the argument list of krb5_obtain_padata

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7072 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* get_in_tkt.c (krb5_get_in_tkt): Remove the etype_info argument from
Theodore Tso [Thu, 9 Nov 1995 05:04:28 +0000 (05:04 +0000)]
* get_in_tkt.c (krb5_get_in_tkt): Remove the etype_info argument from
the call to krb5_obtain_padata.

* preauth.c (krb5_obtain_padata): Use the PADATA_ETYPE_INFO preauth,
if it exists, to determine which salt type to use when encrypting the
preauthentication data.  Remove the etype_info argument.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7071 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoDon't require val->salt to be non-zero if val->lenth is zero
Theodore Tso [Thu, 9 Nov 1995 05:02:13 +0000 (05:02 +0000)]
Don't require val->salt to be non-zero if val->lenth is zero

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7070 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoFix stupid typo when creating function
Theodore Tso [Thu, 9 Nov 1995 02:53:04 +0000 (02:53 +0000)]
Fix stupid typo when creating function

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7069 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* krb5_encode_test.c (main): In case of an error in the encoding
Theodore Tso [Thu, 9 Nov 1995 01:05:57 +0000 (01:05 +0000)]
* krb5_encode_test.c (main): In case of an error in the encoding
routines, exit.  Otherwise, calling the print routines will often
lead to a coredump.

* ktest.c (ktest_make_sample_etype_info): Set etype.length to -1 to
mean that the optional salt string is missing.  (This is change in
the convention used by the ASN.1 encoder and decoder for this ASN.1
structure.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7068 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* asn1_k_decode.c (asn1_decode_etype_info_entry): If the optional
Theodore Tso [Thu, 9 Nov 1995 01:03:32 +0000 (01:03 +0000)]
* asn1_k_decode.c (asn1_decode_etype_info_entry): If the optional
salt element is not present, set etype.length to -1.

* asn1_k_encode.c (asn1_encode_etype_info_entry): When encoding
the etype_info_entry structure, use length == -1 to mean
that the optional salt structure should not be sent.  (It
used to be if length == -1.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7067 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* krb5.hin: Add preauthentication type KRB5_PADATA_ETYPE_INFO
Theodore Tso [Wed, 8 Nov 1995 22:57:07 +0000 (22:57 +0000)]
* krb5.hin: Add preauthentication type KRB5_PADATA_ETYPE_INFO

* k5-int.h: Add declaration for krb5_free_etype_info.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7066 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoAdded new function to free a krb5_etype_info structure
Theodore Tso [Wed, 8 Nov 1995 22:55:41 +0000 (22:55 +0000)]
Added new function to free a krb5_etype_info structure

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7065 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoChange use of krb5_clockskew to be context->clockskew
Theodore Tso [Wed, 8 Nov 1995 22:54:58 +0000 (22:54 +0000)]
Change use of krb5_clockskew to be context->clockskew

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7064 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* krbconfig.c: Removed the krb5_clockskew variable
Theodore Tso [Wed, 8 Nov 1995 21:59:00 +0000 (21:59 +0000)]
* krbconfig.c: Removed the krb5_clockskew variable

* srv_rcache.c (krb5_get_server_rcache):
* rd_safe.c (krb5_rd_safe):
* rd_req_dec.c (krb5_rd_req_decoded):
* rd_priv.c (krb5_rd_priv):
* rd_cred.c (krb5_rd_cred):
* gc_via_tkt.c (krb5_get_cred_via_tkt):
* get_in_tkt.c (verify_as_reply): Replace use of krb5_clockskew with
context->clockskew.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7063 dc483132-0cff-0310-8789-dd5450dbe970

29 years agoUpdated reference files for the new structures now supported by the ASN.1
Theodore Tso [Wed, 8 Nov 1995 20:08:41 +0000 (20:08 +0000)]
Updated reference files for the new structures now supported by the ASN.1
encoders and decoders.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7062 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* kdc_util.c (): Added new helper functions
Theodore Tso [Wed, 8 Nov 1995 08:03:31 +0000 (08:03 +0000)]
* kdc_util.c (): Added new helper functions
dbentry_has_key_for_enctype(), dbentry_supports_enctype(), and
select_session_keytype().

* kdc_preauth.c: Added support for the ENC_TIMESTAMP preauthentication
scheme.

* do_tgs_req.c (process_tgs_req): Fixed the keytype/enctype selection
criteria for the server key, and the ticket session key.

* do_as_req.c (process_as_req): Added calls to the kdc preauthentication
verification routines.  Fixed the keytype/enctype selection
criteria for the client key, the server key, and the ticket
session key.

* main.c (finish_realm): Make sure all parts of the realm structure are
freed properly.
(main): Free the kcontext krb5_context.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7058 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* krb5.hin: Removed internal functions krb5_encrypt_tkt_part,
Theodore Tso [Wed, 8 Nov 1995 07:55:51 +0000 (07:55 +0000)]
* krb5.hin: Removed internal functions krb5_encrypt_tkt_part,
krb5_verify_padta, and krb5_obtain_padata from the public header
file.

* k5-int.h: Removed old preauthentication declarations and added new
ones.  Changed function prototype of krb5_encrypt_tkt_part.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7057 dc483132-0cff-0310-8789-dd5450dbe970

29 years ago* encrypt_tk.c (cleanup_scratch): Changed interface to no longer require
Theodore Tso [Wed, 8 Nov 1995 07:52:57 +0000 (07:52 +0000)]
* encrypt_tk.c (cleanup_scratch): Changed interface to no longer require
an eblock; we can use our own and figure out the enctype
from the passed-in key.

* get_in_tkt.c (krb5_get_in_tkt): Added calls to krb5_obtain_padata().

* preauth.c: Completely restructured file to support preauthentication.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7056 dc483132-0cff-0310-8789-dd5450dbe970