Ken Raeburn [Sat, 31 May 2003 03:33:22 +0000 (03:33 +0000)]
* krb5.conf: Delete Athena KDC specifications. Delete Cygnus realm info.
Replace CLUB.CC.CMU.EDU info with ANDREW.CMU.EDU, which has SRV records and
thus doesn't need KDC specs. Provide a commented-out example of a [logging]
spec.
* get_in_tkt.c: (verify_as_reply) Only check the renewable lifetime of tickets whose request options included KDC_OPT_RENEWABLE_OK if those options did not also include KDC_OPT_RENEWABLE. Otherwise verify_as_reply() will fail for all renewable tickets
Ken Raeburn [Wed, 28 May 2003 02:16:30 +0000 (02:16 +0000)]
Rename interface to krb5_524_convert_creds, export it from krb5 library.
Provide old names as functions for UNIX/MacOS binary compatibility, and
deprecated macros for source code compatibility. (For Windows, we'll still
need a krb524.dll, and it can worry about providing the old names.) Enable
support on Windows always.
Ken Raeburn [Sat, 24 May 2003 04:51:38 +0000 (04:51 +0000)]
Big step towards integrating libkrb524 into libkrb5:
Move libkrb524 code, including error table, into libkrb5. Now libkrb5
initialization pulls in the krb524 error table, so krb524_init_ets is
gone; all calls deleted.
Move krb4 life/time conversion functions into libkrb5 under new names,
using accessor hooks to get at them from libkrb4.
Move declarations from krb524.h into krb5.h, k5-int.h, or krb524d.h;
the last doesn't get copied into the include directory. Changed
inclusions of krb524.h to the appropriate files, if any were needed.
Rebuilt dependencies in Makefiles.
These changes are likely to break the Windows build; I'll look into
that soon.
Ken Raeburn [Fri, 23 May 2003 23:55:12 +0000 (23:55 +0000)]
update descriptions of OS-specific configure options
* build.texinfo (HPUX, Solaris 2.X, Ultrix 4.2/3 [notdef]): Replace
descriptions of old --with- options with VAR=.
(Solaris 2.X): Suggest that defining _XOPEN_SOURCE and __EXTENSIONS__ might
help for 64-bit mode.
Sam Hartman [Fri, 23 May 2003 16:41:43 +0000 (16:41 +0000)]
use kdc_default_options
The documentation and context initialization supports an option called
kdc_default_options which is an integer that sets the default KDC
request flags. Make the code actually use the option.
Tom Yu [Wed, 21 May 2003 23:55:58 +0000 (23:55 +0000)]
Set length correctly in krb5_get_in_tkt_with_password if password is
actually passed in. Also, fix test suite to be more lenient about
password prompts, which changed under the previous patches for this
ticket.
Sam Hartman [Tue, 20 May 2003 21:22:48 +0000 (21:22 +0000)]
Implement krb5_get_in_tkt_with_password and
krb5_get_in_tkt_with_keytab in terms of krb5_get_init_creds.
It turns out that these do in fact need to use get_init_creds not
get_init_creds_{password,keytab} because of those functions do not
allow the AS request to be returned.
Sam Hartman [Mon, 19 May 2003 17:34:41 +0000 (17:34 +0000)]
Register writable keytabs by default
We have a customer requirement to support writable keytabs using the
public API in 1.3 Discussion on krbcore indicates there is no good
reason why these are not registered by default. So, they are now
registered by default.
Also adjust other code in the tree not to try and register them.
Ticket: new
Target_Version: 1.3
Component: krb5-libs
Tags: pullup
Tom Yu [Sun, 18 May 2003 05:16:05 +0000 (05:16 +0000)]
Sequence numbers are now unsigned. Implement lenient parser for
sequence numbers which folds received negative sequence numbers into
positive unsigned numbers. Constrain the space of initial sequence
numbers to facilitate backwards compatibility.
Ken Raeburn [Wed, 14 May 2003 20:48:22 +0000 (20:48 +0000)]
Be more friendly towards parallel builds
* Makefile.in ($(EHDRDIR)$(S)timestamp): New target, used for ensuring
$(EHDRDIR) exists.
(clean-unix): Delete the dummy file.
($(EHDRDIR)$(S)gssapi.h): Depend on it, instead of creating the directory here.
($(EHDRDIR)$(S)gssapi_generic.h): Likewise.
Sam Hartman [Mon, 12 May 2003 18:04:31 +0000 (18:04 +0000)]
Don't #include compile_et .c files
At least the e2fsprogs compile_et produces .c files that duplicate
definitions found in com_err.h and so you need to avoid including
those .c files in other files.
In order to do this we duplicate the string tables.
Ezra Peisach [Mon, 12 May 2003 09:29:46 +0000 (09:29 +0000)]
Cleanup memory in asn.1 testsuite to allow for leak checking
* krb5_decode_test.c: Modify decode_run macro to take a cleanup
handler to free allocated memory. Add static handlers to free
krb5_alt_method, passwd_phrase_element and krb5_enc_data as the
krb5 library does not handle at this time.
* krb5_encode_test.c: Free krb5_context at end. Utilize the many
ktest_empty and detroy functions to cleanup memory.
* ktest.h, ktest.c: Add many ktest free and empty functions to
cleanup allocated structures in tests.
Sam Hartman [Mon, 12 May 2003 02:59:06 +0000 (02:59 +0000)]
* IMplement etype_info in KDC. If the request contains any new
enctypes (currently AES but anything not explicitly listed as old)
then only etype_info2 is sent back in response. Send back etype_info2
all the time. Also send back etype_info2 to provide salt and
s2kparams with AS reply not just for preauth errors.
* Expose interface for getting string2key with parameters (previously
implemented but not exported)
* IN the client (at least for get_init_creds interface) prfer
etype_info2 to etype_info and pw_salt. Pass s2kparams and use
string2key_with_params.
Ken Raeburn [Sat, 10 May 2003 02:09:34 +0000 (02:09 +0000)]
Add a new krb5_context field for the config-file tgs_enctypes, which
applications cannot override, and use it for ticket-granting tickets needed to
acquire some desired service ticket.
Tom Yu [Sat, 10 May 2003 00:01:04 +0000 (00:01 +0000)]
Rename the local_subkey and remote_subkey fields in the auth_context
to send_subkey and recv_subkey, respectively. Add new APIs to query
and set these fields. Change the behavior of mk_req_ext, rd_req_dec,
and rd_rep to set both subkeys. Applications wanting to set
unidirectional subkeys may still do so by saving the values of subkeys
and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use
the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the
send_subkey.
ticket: 1415
status: open
tags: pullup
target_version: 1.3
Added option to search paths correctly with new tools and to include TargetConditionals.h so that TARGET_OS_MAC is defined for all files in the build system, not just those that include krb5.h
Sam Hartman [Wed, 7 May 2003 21:15:06 +0000 (21:15 +0000)]
Reorganize kdc_preauth enctype handling
Patch from Sun to reorganize and better abstract kdc_preauth.c's
enctype info handling. This will make it easier to implement
etype_info2 so I'm committing it.
* init_os_ctx.c: Added support for KLL's __KLAllowHomeDirectoryAccess() function so that krb4, krb5 and gssapi will not access the user's homedir if the application forbids it
Added krb5_set_password, krb5_set_password_using_ccache, krb5_c_random_os_entropy, krb5_c_random_add_entropy, krb5_c_init_state, and krb5_c_free_state to the export file for KfM. (RT bug #1462)
* kadm_stream.c: Fixed vts_long() and vts_short() so they return a pointer to the beginning of the memory they allocate and place their data at the end of the buffer which was passed in
Sam Hartman [Mon, 28 Apr 2003 21:38:02 +0000 (21:38 +0000)]
set-change password breaks kpasswd
In some cases a null realm argument was passed into the function for
locating the kpasswd server. This ended up causing segfaults in
kpasswd. Fix to use the right realm.
Sam Hartman [Sun, 27 Apr 2003 21:07:21 +0000 (21:07 +0000)]
krb5_setpw_result_string should be internal
Make krb5_setpw_result_string a krb5int_ function prototyped in
k5-int.h. The prototype was already there, but the code did not match
the function name.
This needs to be pulled up to the release branch to fix Windows build because of a KRB5_CALLCONV issue.
projects / thirdparty / krb5.git / log
