Greg Hudson [Thu, 29 Oct 2009 23:00:13 +0000 (23:00 +0000)]
Add a couple of krb5_data convenience constructor functions, to
facilitate properly initializing krb5_data objects. Adjust formatting
of the existing krb5_data convenience functions and remove the #if 0
block.
Zhanna Tsitkov [Thu, 29 Oct 2009 18:46:52 +0000 (18:46 +0000)]
Files that were not picked up by svn rev #22995 commit:
Changed the crypto make system to add build flexibility. The update cancels the requirement for the dir structures to be identical in all crypto implementation and supports impl. dependent tests.
Greg Hudson [Thu, 29 Oct 2009 16:13:36 +0000 (16:13 +0000)]
Rename api.3 to api.current in the libkadm5 unit tests. This way the
main body of tests won't have to be moved every time the current API
version of libkadm5 changes.
Tom Yu [Wed, 28 Oct 2009 19:56:19 +0000 (19:56 +0000)]
New elisp file to mark C styles in files. New top-level Makefile
target "make mark-cstyle". The exception list is not final; it's just
a starting point for discussion.
Greg Hudson [Wed, 28 Oct 2009 19:17:35 +0000 (19:17 +0000)]
Bump the accessor version number since we made changes.
Take the opportunity to regularize accessor field names (no krb5 or
krb5int prefixes).
Fix a test program which was still using krb5_hmac.
Tom Yu [Tue, 27 Oct 2009 02:13:31 +0000 (02:13 +0000)]
Add "reindent" target to top-level Makefile.in. Add
krb5-batch-indent.el. These perform a batch reindent based upon the
Emacs file-local variable settings, taking care to distinguish between
files that are supposed to conform to the coding style versus those
that are marked as being exceptions. A later commit will explicitly
mark the files that we expect to conform to our coding standards.
Greg Hudson [Mon, 26 Oct 2009 02:56:34 +0000 (02:56 +0000)]
Remove the telnet-to-localhost sanity check in start_servers_local, as
the system telnet will not necessarily run correctly with
LD_LIBRARY_PATH pointing at the Kerberos libraries from the build
tree.
Greg Hudson [Sun, 25 Oct 2009 16:55:12 +0000 (16:55 +0000)]
Account lockout
Merge Luke's users/lhoward/lockout2 branch to trunk. Implements
account lockout policies for preauth-using principals using existing
principal metadata fields and new policy fields. The kadmin API
version is bumped from 2 to 3 to compatibly extend the policy_ent_rec
structure.
Zhanna Tsitkov [Fri, 23 Oct 2009 19:45:48 +0000 (19:45 +0000)]
Changed the crypto make system to add build flexibility. The update cancels the requirement for the dir structures to be identical in all crypto implementation and supports impl. dependent tests. Also, minor libk5crypto.exports list reduction ( from f_tables)
Luke Howard [Thu, 22 Oct 2009 21:00:19 +0000 (21:00 +0000)]
When iterating through the keytab in krb5_rd_req(), do not
return success if we did not find any matching keytab entries,
otherwise we will crash upon accessing ticket->enc_part2.
Luke Howard [Thu, 22 Oct 2009 20:58:37 +0000 (20:58 +0000)]
Ensure that a GSS_C_BOTH acquired for GSS_C_NO_NAME still passes
a NULL server principal to krb5_rd_req(). Without this the name
canonicalisation support in 1.7 was broken for GSS_C_BOTH
credentials, because cred->name would always be set.
Greg Hudson [Tue, 20 Oct 2009 14:23:32 +0000 (14:23 +0000)]
Make some gss-krb5 utility functions take enctypes instead of keys,
and adjust callers. Fixes a bug where kg_arcfour_docrypt_iov was
passing a keyblock instead of a key to kg_translate_iov after the
enc-perf merge.
Greg Hudson [Mon, 19 Oct 2009 20:04:21 +0000 (20:04 +0000)]
Implement new APIs to allow improved crypto performance
Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the
krb5_k_* APIs to use them, and caching of derived keys when krb5_k_*
functions are used. Updates the krb5 auth context and GSS id-rec to
use krb5_keys.
Greg Hudson [Tue, 13 Oct 2009 19:43:17 +0000 (19:43 +0000)]
Fix preauth looping in krb5_get_init_creds
In 1.7, krb5_get_init_creds will continue attempting the same built-in
preauth mechanism (e.g. encrypted timestamp) until the loop counter
maxes out. Until the preauth framework can remember not to retry
built-in mechanisms, only continue with preauth after a PREAUTH_FAILED
error resulting from optimistic preauth.
Greg Hudson [Thu, 8 Oct 2009 12:59:33 +0000 (12:59 +0000)]
In krb5_c_verify_checksum, avoid the structure copy of *data since we
don't care about data->magic. Squashes a bunch of unimportant
Coverity defects. (May not be the correct long-term solution.)
Greg Hudson [Thu, 8 Oct 2009 12:58:56 +0000 (12:58 +0000)]
In krb5_calculate_checksum (a compatibility routine), initialize
key.enctype to ENCTYPE_NULL. This will predictably fail to match a
keyed hash's enctype, which may not be the best behavior, but is
better than unpredictably failing to match it.
Greg Hudson [Sat, 3 Oct 2009 18:07:44 +0000 (18:07 +0000)]
Update the crypto derived key support code to conform to most of the
current coding practices (except lack of tabs). Use the helper
functions k5alloc, zapfree, and find_enctype to reduce code size.
Greg Hudson [Sat, 3 Oct 2009 16:03:15 +0000 (16:03 +0000)]
Update the crypto API glue to conform to most of the current coding
practices (except lack of tabs). Use the helper functions k5alloc,
zapfree, and find_enctype to reduce code size.
Zhanna Tsitkov [Thu, 1 Oct 2009 21:46:57 +0000 (21:46 +0000)]
Crypto modularity proj: Populate openssl/des dir.
To avoid breaking the export list some functions (mostly mit_xxx) are left in place with the disabled functionality.
Crypto modularity proj: SHS_INFO structure is defined differently for crypto impl's. Files hash_sha1.c and yhash.h are affected by this difference. Move hash_provider into the backend
The following bigredbutton is used to suppress svn complains about the trailing spaces in the moved/copied dirs.
bigredbutton: whitespace
Remove OBJS.ST from SUBDIROBJLISTS so that running make does not
rebuild shared library when running make from the top. (make
otherwise thinks that OBJS.ST depends on "all-recurse" - which does
not exist, and rebuilds it all the time.
Add keytab_local.c to the kadmin client SRCS variable, so that we
generate dependencies for its object file. This change causes
kadmin.local to be properly rebuilt when keytab.c changes.
Clean up krb5_get_credentials:
* Use the current coding practice for output parameters.
* Rename the helper function krb5_get_credentials_core to
krb5int_construct_matching_creds and document it.
* Don't fail out if we fail to cache intermediate tgts.
* Simplify conditional logic and variable handling. ncreds is now
always a temporary holder for the resulting credentials.
Improve the mechanism used for addprinc -randkey. In the kadmin
server, if the password is null when creating a principal, treat that
as a request for a random key. In the kadmin client, try using the
new method for random key creation and then fall back to the old one.
projects / thirdparty / krb5.git / log
