From: Tom Yu Date: Thu, 21 Jan 2010 22:49:07 +0000 (+0000) Subject: pull up r23663 from trunk X-Git-Tag: krb5-1.8-beta1~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee9b493da43cb1e0faf7d676db56b012f5a6fff5;p=thirdparty%2Fkrb5.git pull up r23663 from trunk ------------------------------------------------------------------------ r23663 | ghudson | 2010-01-19 18:35:39 -0500 (Tue, 19 Jan 2010) | 9 lines ticket: 6645 subject: Add krb5_allow_weak_crypto API target_version: 1.8 tags: pullup Add an API to allow apps to override the profile setting of allow_weak_crypto, so that aklog can work with krb5 1.8 out of the box until OpenAFS finishes migrating away from DES. ticket: 6645 version_fixed: 1.8 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23665 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 09412738ac..63b69710af 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -2553,6 +2553,11 @@ krb5_pac_verify(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock *server, const krb5_keyblock *privsvr); +/* Allows the appplication to override the profile's allow_weak_crypto setting. + * Primarily for use by aklog. */ +krb5_error_code KRB5_CALLCONV +krb5_allow_weak_crypto(krb5_context context, krb5_boolean enable); + #if TARGET_OS_MAC # pragma pack(pop) #endif diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in index d7a4a2da47..abab3f0b4a 100644 --- a/src/lib/krb5/krb/Makefile.in +++ b/src/lib/krb5/krb/Makefile.in @@ -14,6 +14,7 @@ STLIBOBJS= \ addr_comp.o \ addr_order.o \ addr_srch.o \ + allow_weak.o \ appdefault.o \ auth_con.o \ authdata.o \ diff --git a/src/lib/krb5/krb/allow_weak.c b/src/lib/krb5/krb/allow_weak.c new file mode 100644 index 0000000000..1290d1f798 --- /dev/null +++ b/src/lib/krb5/krb/allow_weak.c @@ -0,0 +1,38 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * lib/krb5/krb/allow_weak.c + * + * Copyright (C) 2010 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Implements krb5_allow_weak_crypto. + */ + +#include "k5-int.h" + +krb5_error_code KRB5_CALLCONV +krb5_allow_weak_crypto(krb5_context context, krb5_boolean enable) +{ + context->allow_weak_crypto = (enable != FALSE); + return 0; +} diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index acfa2eaac5..8d1d9d3f5a 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -108,6 +108,7 @@ krb5_524_convert_creds krb5_address_compare krb5_address_order krb5_address_search +krb5_allow_weak_crypto krb5_aname_to_localname krb5_anonymous_principal krb5_anonymous_realm