Richard Basch [Fri, 29 Mar 1996 01:26:56 +0000 (01:26 +0000)]
Added ENCTYPE_DES3_CBC_RAW (for gssapi)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7733
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Fri, 29 Mar 1996 01:21:10 +0000 (01:21 +0000)]
Added support for ENCTYPE_DES3_CBC_RAW (gssapi)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7732
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 28 Mar 1996 23:00:08 +0000 (23:00 +0000)]
Use new MacTCP Header files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7731
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 28 Mar 1996 22:59:21 +0000 (22:59 +0000)]
AddressXlation.h: Updated to use latest versions from the Apple's
MacTCP Universal Interface. (For PowerPC port).
MacTCP.h: New header file from Apple's Universal Interface
GetMyIPAddr.h, MacTCPCommonTypes.h, TCPPB.h, UDPPB.h: Removed old
MacTCP header files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7730
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 28 Mar 1996 22:56:46 +0000 (22:56 +0000)]
DNR.c: Replace eight-year-old version of this file with the latest
version from the Code Warrior MacTCP files.
macsock.c: Use new MacTCP header files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7729
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Wed, 27 Mar 1996 23:53:40 +0000 (23:53 +0000)]
Don't use "-model far" when linking on the Power PC. It has no
meaning.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7724
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Wed, 27 Mar 1996 23:52:26 +0000 (23:52 +0000)]
Use universal procedure pointers (UPP) which are necessary for the Mac
Power PC.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7723
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Wed, 27 Mar 1996 23:48:41 +0000 (23:48 +0000)]
Use universal procedure pointers (UPP), which are required on the Mac
Power PC.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7722
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Wed, 27 Mar 1996 22:56:38 +0000 (22:56 +0000)]
DES modes are now interoperable
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7721
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Wed, 27 Mar 1996 22:55:17 +0000 (22:55 +0000)]
* in_tkt_ktb.c (keytab_keyproc): Do not check to see that the
enctype of the key is identical; there are several equivalent
DES enctypes.
* in_tkt_ktb.c (krb5_get_in_tkt_with_keytab): Removed the fancy
logic to only request the keytypes that correspond to those in
the keytab. There were too many fencepost conditions that could
get you into trouble. Either it should be there and *fully*
functional, or not in there at all. Besides, there are too many
other components in Kerberos that expect the end-service to know
all its keys that this sanity check is overkill.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7720
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Wed, 27 Mar 1996 22:54:07 +0000 (22:54 +0000)]
Fixed an incorrect entry
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7719
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 27 Mar 1996 05:30:29 +0000 (05:30 +0000)]
* telnetd.c: remove inclusion of netdb.h; it's already in defs.h,
and #$%&* ultrix doesn't protect it from multiple
inclusions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7718
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Wed, 27 Mar 1996 05:08:52 +0000 (05:08 +0000)]
Don't include <sys/types.h> mechglue.h will take care of this by
including gssapi.h, which will include sys/types.h if necessary.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7717
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Wed, 27 Mar 1996 05:08:22 +0000 (05:08 +0000)]
Add #define of HAVE_STDLIB_H, since Macintoshes have it!
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7716
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Tue, 26 Mar 1996 19:49:46 +0000 (19:49 +0000)]
Added imap service to the conversion list (it is used by some off-the-shelf
imap mail packages).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7715
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 26 Mar 1996 05:43:20 +0000 (05:43 +0000)]
* default.exp (start_kerberos_daemons): New methodology for
starting KDC so that the KDC will not hang on a full
output buffer which is being ignored.
(setup_kerberos_files): Enable des3 encryption types.
The first problem was seen on Suns where I previously set the logging
for the kdc to stderr, and then ignored the output after the server was
running.
The second exercised the bug that sam just fixed in mixing in the des3
encryption types.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7712
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 25 Mar 1996 21:44:07 +0000 (21:44 +0000)]
Add a couple missing log entries for stuff Mark checked in
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7711
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Mon, 25 Mar 1996 16:19:38 +0000 (16:19 +0000)]
krshd.c: use the library routines to do v4 to v5 principal translation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7710
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Mon, 25 Mar 1996 15:24:01 +0000 (15:24 +0000)]
Backed out the patch for const pointer reassignments; it was legal ANSI
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7709
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 25 Mar 1996 03:01:48 +0000 (03:01 +0000)]
Changes to help streams work correctly on AIX 4.1.4 and HPUX 9.
Adapted loosly from 1837 in krb5-bugs, although I ended up not using
any of Doug's code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7708
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sun, 24 Mar 1996 20:31:55 +0000 (20:31 +0000)]
Implement _getpty handling for the SGI
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7707
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sun, 24 Mar 1996 20:28:37 +0000 (20:28 +0000)]
* krshd no longer does non-blocking IO. It never really needed it
* krcp works correctly even if not all data is written in a single
request.
* Implement temporary patch to make sure des_outbuf is big enough.
Proven should be sending the Cygnus patch once he decides how to
handle this permanently.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7706
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sun, 24 Mar 1996 20:23:45 +0000 (20:23 +0000)]
* Apply patch from Ken Raeburn to get telnetd compiling on the SGI
* Force telnetd not to use streams on the SGI; it doesn't support
pushing modules onto a pty.
* Remove old utmpx crud from sys_term.c because it was getting called
inadvertently, didn't compile on the SGI, and libpty already does
something reasonable with utmpx.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7705
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sun, 24 Mar 1996 20:19:29 +0000 (20:19 +0000)]
Fix multiple enctype bug: the enctype for the eblock used to encrypt
the kdc request used the enctype of the tgt, not of the session key.
Considering that the request is encrypted in the session key of the
tgt, this is incorrect.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7704
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Fri, 22 Mar 1996 04:56:45 +0000 (04:56 +0000)]
do not bother building the old kadmin server (kadmin.old)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7703
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Fri, 22 Mar 1996 04:55:58 +0000 (04:55 +0000)]
krb5_get_in_tkt_with_keytab(): only request keytypes that have corresponding
entries in the keytab.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7702
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Fri, 22 Mar 1996 04:53:25 +0000 (04:53 +0000)]
all des enctypes are equivalent (interim checkin until I create a function
to check the key equivalency of two enctypes).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7701
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Fri, 22 Mar 1996 04:52:13 +0000 (04:52 +0000)]
bullet-proofing the code -- if the data contents are NULL, it would coredump
(I discovered this one because of another bug)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7700
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Fri, 22 Mar 1996 04:50:48 +0000 (04:50 +0000)]
new principals were being created with two keys, one of which the
key_data_ver=0 and had no valid data
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7699
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Fri, 22 Mar 1996 04:49:59 +0000 (04:49 +0000)]
use the library routines to do the v4 to v5 principal translation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7698
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 21 Mar 1996 05:18:00 +0000 (05:18 +0000)]
g_imp_sec_context.c (gss_import_sec_context):
g_exp_sec_context.c (gss_export_sec_context): Fix 16bit vs 32bit lint flame.
g_glue.c, g_initialize.c: Add include of string.h, as it is needed.
g_acquire_cred.c, g_inq_cred.c: Add include of time.h
g_rel_oid_set.c (gss_release_oid_set): Removed unused variable.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7695
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 21 Mar 1996 04:39:12 +0000 (04:39 +0000)]
Don't compile this procedure, since it's not used. The mechanism glue
layer uses the krb5_gss_internal_relase_oid() function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7694
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 21 Mar 1996 04:20:14 +0000 (04:20 +0000)]
walk_rtree.c (krb5_walk_realm_tree): Fix 16bit vs. 32bit error.
(cap_code should been a krb5_error_code, not an int!)
mk_cred.c (krb5_mk_ncred_basic): Fix windows lint flame.
get_in_tkt.c (krb5_get_in_tkt): Fix 16bit vs. 32bit error. (do_more
should not have been an int!)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7693
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 21 Mar 1996 04:19:30 +0000 (04:19 +0000)]
Change type of pa_type field in krb5_pa_data to be krb5_preauthtype,
for consistency's sake.
Added prototype for krb5_copy_addr().
Change type of etype in krb5_etype_info_entry to be krb5_enctype, for
consistency's sake.
(More cleanup of windows 16bit vs. 32bit)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7692
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 21 Mar 1996 04:17:29 +0000 (04:17 +0000)]
Decode pa_type in the krb5_pa_data structure as a krb5_int32, since it
is now type krb5_preauthtype.
Decode etype in the krb5_etype_info_entry as krb5_enctype.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7691
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 21 Mar 1996 03:51:25 +0000 (03:51 +0000)]
Added prototype of krb5_scc_skip_header to fix Windows lint flames
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7690
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 21 Mar 1996 03:50:58 +0000 (03:50 +0000)]
Added prototype of krb5_fcc_skip_header to fix Windows lint flames
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7689
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 21 Mar 1996 03:44:10 +0000 (03:44 +0000)]
Fix 16 bit vs. 32bit error in the encoded timestamp structure
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7688
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 21 Mar 1996 03:40:28 +0000 (03:40 +0000)]
Fix Windows lint flames. (16bit vs. 32bit issues)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7687
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 21 Mar 1996 01:36:03 +0000 (01:36 +0000)]
Comment out #ident line. This causes the Macintosh C compiler
indigestion. Remove #include of gssapi/gssapi.h, since that gets
included by gssapiP_generic.h.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7686
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Thu, 21 Mar 1996 01:35:02 +0000 (01:35 +0000)]
mechglue.h: Don't include <sys/types.h>; it's included if necessary in
gssapi/gssapi.h. On a Macintosh, #include gssapi.h instead of
gssapi/gssapi.h.
g_accept_sec_context.c, g_acquire_cred.c, g_compare_name.c,
g_context_time.c, g_delete_sec_context.c, g_dsp_name.c,
g_dsp_status.c, g_exp_sec_context.c, g_glue.c, g_imp_name.c,
g_imp_sec_context.c, g_indicate_mechs.c, g_init_sec_context.c,
g_initialize.c, g_inq_context.c, g_inq_cred.c, g_inq_names.c,
g_process_context.c, g_rel_buffer.c, g_rel_cred.c, g_rel_name.c,
g_rel_oid_set.c, g_seal.c, g_sign.c, g_unseal.c, g_verify.c,
gssd_pname_to_uid.c, mechglue.h, mglueP.h: Comment out #ident line.
This causes the Macintosh C compiler indigestion.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7685
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 20 Mar 1996 20:16:26 +0000 (20:16 +0000)]
* Makefile (clean): Remove *.info-? now
* install.texi: Changes to allow emacs M-X texinfo-format-buffer
to work. (The problem was @item used within @enumerate).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7684
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Wed, 20 Mar 1996 05:19:49 +0000 (05:19 +0000)]
Fix SRCS definition so that it doesn't fool the Macintosh macfiles.sh
Makefile generation script.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7682
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Wed, 20 Mar 1996 05:18:11 +0000 (05:18 +0000)]
macfiles.sh: Improved matching of the SRCS declaration. It must not
be commented out; it must start on the first column of the line.
Makefile.tmpl (KH): Fix typos in Dan's original template.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7681
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 20 Mar 1996 04:11:57 +0000 (04:11 +0000)]
Add kdc_preauth.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7680
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 20 Mar 1996 04:08:46 +0000 (04:08 +0000)]
Remove no longer relevant ksu.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7679
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 20 Mar 1996 02:24:01 +0000 (02:24 +0000)]
* des_crc.c (mit_des_crc_decrypt_func): Add const to pointer
cast for suncc warning.
Update .Saintize as well to reflect reality
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7678
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 20 Mar 1996 02:22:22 +0000 (02:22 +0000)]
* new_rn_key.c (mit_des_generate_random_block): Add const keywrod
to cast for suncc warning.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7677
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 20 Mar 1996 02:17:26 +0000 (02:17 +0000)]
ustime.c was renamed to c_ustime.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7676
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 20 Mar 1996 02:15:05 +0000 (02:15 +0000)]
Add keytab.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7675
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 20 Mar 1996 02:13:09 +0000 (02:13 +0000)]
Add new .Sanitize file
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7674
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 20 Mar 1996 02:12:55 +0000 (02:12 +0000)]
Synchronize .Sanitize with current reality
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7673
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Wed, 20 Mar 1996 01:14:10 +0000 (01:14 +0000)]
* kcmd.c (ruserok): declare the function as taking const char *
instead of char * (Solaris 2.5 refuses to compile it, otherwise).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7672
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Wed, 20 Mar 1996 01:02:57 +0000 (01:02 +0000)]
* conv_creds.c (krb524_convert_creds_plain):
if the v5 lifetime is greater than the max v4 lifetime, use the max
v4 lifetime (0xff), rather than masking it with 0xff.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7671
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Wed, 20 Mar 1996 01:02:32 +0000 (01:02 +0000)]
* kadm_funcs.c: changed all references of des-cbc-md5 to des-cbc-crc
(which is what v4 really uses); also, fixed uninitialized variable.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7670
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Wed, 20 Mar 1996 01:02:02 +0000 (01:02 +0000)]
* ktutil_funcs.c (ktutil_write_srvtab): use any type of des key
in the keytab to create a v4 srvtab
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7669
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Wed, 20 Mar 1996 01:01:24 +0000 (01:01 +0000)]
* kdb5_edit.c (extract_v4_srvtab): do not test to make sure we
fetched a key of enctype 1 (des-cbc-crc), since we may have gotten
another des key from the database, which is just as useful in a
v4 srvtab
* dumpv4.c (dump_v4_iterator): use krb5_524_conv_principal to do the
v5 to v4 principal translation, instead of having yet another
hard-coded table.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7668
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 19 Mar 1996 16:27:56 +0000 (16:27 +0000)]
* tf_util.c (tf_get_cred): Issue date is written out as a long,
read back in as same.
I have kept the size as a long to be compatible with the Cygnus V4
distribution. The problem was introduced when we changed the include/kerberosIV
structures to use 32 bit ints for timestamps. So, under OSF/1, tf_util would
write out a 64 bit issue date, and then try reading back in a 32 bit one. Since
Cygnus uses sizeof(long) we will too.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7667
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 19 Mar 1996 15:06:08 +0000 (15:06 +0000)]
Put back in the encrypted telnet tests
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7666
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 19 Mar 1996 03:03:57 +0000 (03:03 +0000)]
* configure.in: Add KRB5_RUN_FLAGS
* Makefile.in: Use the run flags.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7665
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 19 Mar 1996 02:58:27 +0000 (02:58 +0000)]
* aclocal.m4 (KRB5_RUN_FLAGS): Allows for setting of proper paths
for executing programs in the build tree with proper
overriding of potentially installed libraries.
* configure.in: Setup for KRB5_RUN_FLAGS
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7664
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Tue, 19 Mar 1996 02:39:45 +0000 (02:39 +0000)]
Makefile.in: Added flags which turn on the encryption option
telnetd.c (getterminaltype): If the authentication option which was
negotiated requires that encryption be turned on, then enforce this
here.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7663
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Tue, 19 Mar 1996 02:38:56 +0000 (02:38 +0000)]
Makefile.in: Added flags to turn on the encryption option
authenc.c (telnet_spin): Implemented the telnet spin function, which
works by calling the Scheduler with the tty_lockout flag set.
main.c (main): If the -x option is given, set the autologin,
wantencryption, and auth_enable_encrypt flag. They enable
authentication, enforcement of the encryption option, and a flag to
the auth layer to negotiate authentication with mandatory encryption
option.
telnet.c (telnet): If the wantencryption flag is set (because the user
has given the -x option, then we enforce that encryption must be
turned on. The user will not be able to type to the network stream
until encryption is enabled, and if encryption is refused, the client
will print an error message.
(Scheduler): If the tty_lockout flag is set, then don't process
keyboard read events. This prevents the user from typing over the
network until encryption is enabled.
utilities.c (printsub): Added print support for the authentication
must-encrypt option.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7662
dc483132-0cff-0310-8789-
dd5450dbe970
Theodore Tso [Tue, 19 Mar 1996 02:33:21 +0000 (02:33 +0000)]
Mon Mar 18 20:56:37 1996 Theodore Y. Ts'o <tytso@dcl>
* kerberos5.c (kerberos5_send): Send in as input the
authentication type pair (ap->type, ap->way) to be
checksumed in the authenticator.
(kerberos5_is): If the checksum is present in the
authenticator, then validate the authentication type pair
against the checksum.
(kerberos5_reply): If we didn't do mutual authentication,
and we receive a KRB_ACCEPT, then stash away the session
key anyway. This way we have a chance of doing encryption
even if mutual authentication wasn't done.
* encrypt.c (EncryptStartInput, EncryptStartOutput): Added
conditional around printf so that these two functions can
be called by the server.
(encrypt_is_encrypting): New function which returns true
only if both sides of the telnet stream is encrypted.
Fri Mar 15 18:19:44 1996 Theodore Y. Ts'o <tytso@dcl>
* auth.c: Added new authentication scheme for Krb5 mutual
authentication with mandatory encryption.
(auth_send, auth_send_retry): Split auth_send() so that
the functionality done by auth_send_retry() is separate.
This avoids a really dodgy pointer comparison which was
caused by auth_send() being used for two purposes.
If the client has not requested encryption, then don't
use the authentication systems which require encryption.
(auth_must_encrypt): New function which returns whether
or not encryption must be negotiated.
* auth-proto.h: Added prototype for new option
auth_must_encrypt().
* Makefile.in (ENCRYPTION, DES_ENCRYPTION): Added defines to turn
on encryption and des encryption.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7661
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 19 Mar 1996 02:10:12 +0000 (02:10 +0000)]
Use AC_HEADER_STDARG and use that test to set STDARG.
The old test assumed that either STDARG was defined or __STDC__ - which
is not sufficient.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7660
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 19 Mar 1996 02:08:17 +0000 (02:08 +0000)]
Back out last change and use a cast to avoid warnings.
Richard has indicated that come compilers get upset if you try to
reassign a const char *.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7659
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 18 Mar 1996 22:33:36 +0000 (22:33 +0000)]
* sn2princ.c (krb5_sname_to_principal): Do not assign a const char *
to a non-const char *.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7658
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Mon, 18 Mar 1996 19:21:13 +0000 (19:21 +0000)]
Do not try to reassign "const" variables
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7657
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Mon, 18 Mar 1996 05:32:26 +0000 (05:32 +0000)]
detect kadmin failures that are *really* kdc failures
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7656
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Mon, 18 Mar 1996 05:22:00 +0000 (05:22 +0000)]
changelogs entries from cygnus changes
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7655
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Mon, 18 Mar 1996 02:46:10 +0000 (02:46 +0000)]
malloc the new length, not the old, esp. since we just check that the
old length was zero
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7654
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Mon, 18 Mar 1996 02:39:51 +0000 (02:39 +0000)]
fixes ticket-forwarding crashes on linux..
* copy_addrs.c (krb5_copy_addr): make non-static so we can use it
in mk_cred.
* mk_cred.c (krb5_mk_ncred_basic): copy local_addr and remote_addr
instead of just aliasing them, so we can safely free them ourselves.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7653
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 18 Mar 1996 02:00:35 +0000 (02:00 +0000)]
* configure.in: Change WITH_KDB_DB to USE_KDB5_LIBRARIES and add
KRB5_LIBRARIES.
* Makefile.in: Use libraries as specified by configure. Set
LD_LIBRARY_PATH for tests.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7652
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 18 Mar 1996 01:47:02 +0000 (01:47 +0000)]
configure.in: Add USE_ANAME and KRB5_LIBRARIES
Makefile.in: Change to properly use the libraries as specified by configure
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7651
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 18 Mar 1996 01:40:52 +0000 (01:40 +0000)]
configure.in: Add USE_ANAME and add proper aclocal.m4 functions to properly
tell the makefile which libraries to link to.
Makefile.in: Get the list of libraries to link from configure. Removes a
dependency on layout of build tree and allows for configure to specify
other libraries (as in aname conversion databases..)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7650
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 18 Mar 1996 01:38:20 +0000 (01:38 +0000)]
Add USE_ANAME for aname conversion db
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7649
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 18 Mar 1996 01:20:52 +0000 (01:20 +0000)]
Add USE_ANAME for proper DB
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7648
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 16 Mar 1996 02:40:56 +0000 (02:40 +0000)]
Remove declaration of krb5_kdc_default_options
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7647
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 15 Mar 1996 20:22:26 +0000 (20:22 +0000)]
CLEANLIBS - cleanup libkrb5util.a and libgssapi.a
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7646
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 15 Mar 1996 20:12:08 +0000 (20:12 +0000)]
Add new tests for GSS-API ftp programs
Note: This is using the ftp/$hostname key. If
ftp/ftpd is changed to not allow this service, this
file will need to be changed as well.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7645
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Fri, 15 Mar 1996 19:35:51 +0000 (19:35 +0000)]
Corrected several memory leaks and unreferenced memory access conditions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7644
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Fri, 15 Mar 1996 19:31:37 +0000 (19:31 +0000)]
Close the keytab if we opened it, not if the caller opened it
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7643
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 15 Mar 1996 19:18:24 +0000 (19:18 +0000)]
* ftpd.c (auth_data): Do not fail if last gss_service is not
present in keytab. If no services present, return a useful
minor error status.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7642
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 15 Mar 1996 06:50:19 +0000 (06:50 +0000)]
* aclocal.m4 (V5_OUTPUT_MAKEFILE): nuke some redundant sed rules
and also make sure that SRCTOP doesn't get a leading "./".
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7641
dc483132-0cff-0310-8789-
dd5450dbe970
Richard Basch [Fri, 15 Mar 1996 06:28:23 +0000 (06:28 +0000)]
Added shadow password support
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7640
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 14 Mar 1996 07:14:45 +0000 (07:14 +0000)]
* aclocal.m4 (V5_OUTPUT_MAKEFILE): most seds don't deal with
"s/\(regex\)*/foo/", so use a loop instead to get rid of
extraneous "./" occurences. Do we want srctop and
buildtop to have leading "./"s? They do currently. Is
this a bug?
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7639
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Thu, 14 Mar 1996 05:36:12 +0000 (05:36 +0000)]
more specific check for kadmin failure message
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7638
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Thu, 14 Mar 1996 04:02:52 +0000 (04:02 +0000)]
include missing entry for earlier fix
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7637
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Thu, 14 Mar 1996 00:44:34 +0000 (00:44 +0000)]
fix some whitespace
clear use_master and use_keytab on failures that don't leave the
relevant bits initialized
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7636
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Thu, 14 Mar 1996 00:42:43 +0000 (00:42 +0000)]
nuke RCS cruft
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7635
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Thu, 14 Mar 1996 00:41:51 +0000 (00:41 +0000)]
clean up whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7634
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Thu, 14 Mar 1996 00:40:54 +0000 (00:40 +0000)]
print an error when dsize test fails
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7633
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Thu, 14 Mar 1996 00:40:13 +0000 (00:40 +0000)]
nuke rcs cruft
fix typo in copyright
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7632
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Thu, 14 Mar 1996 00:38:50 +0000 (00:38 +0000)]
fix some of the names..
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7631
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Thu, 14 Mar 1996 00:38:11 +0000 (00:38 +0000)]
telnet needs USE_ANAME because libtelnet/kerberos.c isn't split
if setupterm is in curses, grab it
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7630
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 13 Mar 1996 22:48:00 +0000 (22:48 +0000)]
use AC_HEADER_STDARG
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7629
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 13 Mar 1996 22:38:20 +0000 (22:38 +0000)]
use AC_HEADER_STDARG
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7628
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 13 Mar 1996 22:23:36 +0000 (22:23 +0000)]
use AC_HEADER_STDARG
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7627
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 13 Mar 1996 22:19:37 +0000 (22:19 +0000)]
use PROTOTYPE macro in mechglue.h
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7626
dc483132-0cff-0310-8789-
dd5450dbe970
Mark Eichin [Wed, 13 Mar 1996 21:09:29 +0000 (21:09 +0000)]
replace KRBTEST.COM with $REALMNAME. Now you can change the realm name the
tests use by "runtest --tool krb --srcdir whatever REALMNAME=WHITEHOUSE.GOV"
also added -- to kadmin tests so they work with any getopt
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7625
dc483132-0cff-0310-8789-
dd5450dbe970