git.ipfire.org Git - thirdparty/krb5.git/log

]> git.ipfire.org Git - thirdparty/krb5.git/log

Marc Horowitz [Wed, 5 Aug 1998 07:12:19 +0000 (07:12 +0000)]

don't call the nonexistent hash functions for a keyed hash

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10778 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Wed, 5 Aug 1998 07:11:39 +0000 (07:11 +0000)]

have the function allocate space, and add a free function

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10777 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Wed, 5 Aug 1998 06:04:55 +0000 (06:04 +0000)]

add code to implement a new krb5 v2 gssapi mechanism.
this implementation is complete and functional, but the draft
spec and the code do not yet completely match.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10776 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Mon, 3 Aug 1998 05:34:12 +0000 (05:34 +0000)]

add util_ctxsetup

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10771 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Mon, 3 Aug 1998 05:32:29 +0000 (05:32 +0000)]

Return G_WRONG_TOKID if the passed-in token id is different from the
id in the token.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10770 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Mon, 3 Aug 1998 05:30:14 +0000 (05:30 +0000)]

add new error codes

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10769 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Mon, 3 Aug 1998 05:29:47 +0000 (05:29 +0000)]

- print the token as ascii if the first chars are printable or whitespace
- don't leak an fd per accept

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10768 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Tom Yu [Fri, 31 Jul 1998 22:20:07 +0000 (22:20 +0000)]

changes to make kadmind4 build again

* kadm_ser_wrap.c (kadm_ser_init): Remove references to
master_encblock, as it's no longer needed in the new crypto API,
adjusting kdb calls accordingly. Also punt calls to use_enctype,
process_key, etc.

* admin_server.c (clear_secrets): Remove references to
master_encblock, due to new crypto API.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10767 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Sam Hartman [Thu, 30 Jul 1998 18:21:24 +0000 (18:21 +0000)]

Update major versions of libraries depending on libkrb5.
Also, fix typo in tf_util.c that prevents krb524init from working
and include test for sa_len so localaddr works on NetBSD.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10766 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 30 Jul 1998 07:10:03 +0000 (07:10 +0000)]

update changes from mainline 980730

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10759 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Sam Hartman [Mon, 27 Jul 1998 05:36:33 +0000 (05:36 +0000)]

Fix login so that it will properly handle forwarded creds;
it didn't destroy the ccache, so that copying into the new ccache failed. Also,
it didn't try to convert forwarded creds.
Remove marc's debugging printf in krlogin.c

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10751 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 26 Jul 1998 02:31:42 +0000 (02:31 +0000)]

remove a debugging printf which got checked in by accident

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10749 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 26 Jul 1998 01:55:04 +0000 (01:55 +0000)]

typo

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10748 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 26 Jul 1998 01:53:51 +0000 (01:53 +0000)]

don't skip a ks_tuple unless the enctype and salttype both match
something prior in the list.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10747 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:56:05 +0000 (22:56 +0000)]

fix the new crypto api stuff I missed before

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10746 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:52:34 +0000 (22:52 +0000)]

for keyed hashes, verify that the key enctype is compatible

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10745 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:50:42 +0000 (22:50 +0000)]

add etype field to cksum records for keyed cksums

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10744 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:49:26 +0000 (22:49 +0000)]

add krb5_c_num_keyed_checksum_types, krb5_c_keyed_checksum_types functions
add keyusages for krb5 gssapi v2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10743 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:46:24 +0000 (22:46 +0000)]

new file

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10742 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:45:43 +0000 (22:45 +0000)]

add keyed_checksum_types.c

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10741 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:40:22 +0000 (22:40 +0000)]

convert to new crypto api

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10740 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 20:51:08 +0000 (20:51 +0000)]

typo fix

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10739 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Sam Hartman [Sat, 25 Jul 1998 20:00:53 +0000 (20:00 +0000)]

Add kvno

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10738 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Fri, 24 Jul 1998 22:45:23 +0000 (22:45 +0000)]

add a new app to acquire a ticket for a service and print out the kvno

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10735 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Fri, 24 Jul 1998 22:44:44 +0000 (22:44 +0000)]

add kvno directory

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10734 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Fri, 24 Jul 1998 06:46:10 +0000 (06:46 +0000)]

convert gssapi to new crypto api

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10733 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Fri, 24 Jul 1998 06:30:45 +0000 (06:30 +0000)]

typo

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10732 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 23 Jul 1998 18:28:45 +0000 (18:28 +0000)]

typo

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10719 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 23 Jul 1998 04:51:05 +0000 (04:51 +0000)]

incorrect use of static string return. penalty 10 megabytes

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10718 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 23 Jul 1998 03:52:17 +0000 (03:52 +0000)]

merge mainline as of roughly 7/20 onto the branch

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10717 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 23 Jul 1998 02:58:15 +0000 (02:58 +0000)]

in the alloced case, the confounder and hash were incorrectly copied
to the output.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10716 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 23 Jul 1998 02:53:54 +0000 (02:53 +0000)]

fix the length sanity check. the data returned could be padded

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10715 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:50:51 +0000 (01:50 +0000)]

initial test stub for krb5_nfold

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10708 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:28:24 +0000 (01:28 +0000)]

remove stuff no longer needed from the old crypto library

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10707 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:27:44 +0000 (01:27 +0000)]

update file list

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10706 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:19:16 +0000 (01:19 +0000)]

raw encryption decryption, checksum, and string-to-key implementation

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10705 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:18:48 +0000 (01:18 +0000)]

old-style des encryption decryption, checksum, and string-to-key implementation

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10704 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:17:35 +0000 (01:17 +0000)]

remove stuff no longer needed from the old crypto library

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10703 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:17:10 +0000 (01:17 +0000)]

update file list

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10702 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:14:33 +0000 (01:14 +0000)]

descbc, krb-specific des-md4 and md5 keyed hash providers

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10701 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:13:38 +0000 (01:13 +0000)]

crc32, md4, md5, sha1 hash providers

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10700 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:12:36 +0000 (01:12 +0000)]

des and des3 encryption providers

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10699 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:11:43 +0000 (01:11 +0000)]

generic derived key encryption, decryption, and checksum implementation

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10698 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:09:19 +0000 (01:09 +0000)]

stop making calls to the krb5 api. the dir should be standalone

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10697 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:04:31 +0000 (01:04 +0000)]

update afsstring2key not to use eblock; the enctype is now implied by
the key

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10696 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:02:47 +0000 (01:02 +0000)]

remove stuff no longer needed from the old crypto library

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10695 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:00:20 +0000 (01:00 +0000)]

update api not to use eblock; the enctype is now implied by the key

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10694 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:59:41 +0000 (00:59 +0000)]

update file list

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10693 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:55:52 +0000 (00:55 +0000)]

include prototype for mit_crc32

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10692 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:54:06 +0000 (00:54 +0000)]

crc32 hash implementation (from old crypto lib)

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10691 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:52:36 +0000 (00:52 +0000)]

update file list

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10690 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:50:08 +0000 (00:50 +0000)]

update file and directory list

the configure options for enabling and disabling etypes and cksumtypes
are now gone.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10689 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:48:36 +0000 (00:48 +0000)]

update file and directory list

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10688 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:46:25 +0000 (00:46 +0000)]

remove stuff no longer needed from the old crypto library

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10687 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:39:29 +0000 (00:39 +0000)]

glue to implement the old api on top of the new one

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10686 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:39:13 +0000 (00:39 +0000)]

cksumtype table

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10685 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:38:51 +0000 (00:38 +0000)]

enctype table

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10684 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:36:05 +0000 (00:36 +0000)]

hmac keyed hash generator algorithm

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10683 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:35:45 +0000 (00:35 +0000)]

n-fold algorithm for string-to-key and key derivation

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10682 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:33:09 +0000 (00:33 +0000)]

implementations for the new crypto api exported functions

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10681 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:20:32 +0000 (00:20 +0000)]

sha1 hash implementation (from old crypto/sha dir)

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10680 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:00:09 +0000 (00:00 +0000)]

kdc/do_as_req.c, kdc/do_tgs_req.c, kdc/kdc_preauth.c,
lib/kdb/decrypt_key.c, lib/kdb/encrypt_key.c, kdc/kdc_util.c,
kdc/kerberos_v4.c, kdc/main.c, lib/kadm5/srv/server_kdb.c,
lib/krb5/krb/decrypt_tk.c, lib/krb5/krb/decode_kdc.c,
lib/krb5/krb/encode_kdc.c, lib/krb5/krb/encrypt_tk.c,
lib/krb5/krb/gen_seqnum.c, lib/krb5/krb/gen_subkey.c,
lib/krb5/krb/gic_pwd.c, lib/krb5/krb/in_tkt_pwd.c,
lib/krb5/krb/kdc_rep_dc.c, lib/krb5/krb/mk_cred.c,
lib/krb5/krb/mk_priv.c, lib/krb5/krb/mk_rep.c,
lib/krb5/krb/mk_req_ext.c, lib/krb5/krb/mk_safe.c,
lib/krb5/krb/preauth.c, lib/krb5/krb/preauth2.c,
lib/krb5/krb/rd_cred.c, lib/krb5/krb/rd_priv.c, lib/krb5/krb/rd_rep.c,
lib/krb5/krb/rd_safe.c, lib/krb5/krb/send_tgs.c,
lib/krb5/krb/auth_con.c, lib/krb5/krb/auth_con.h,
lib/krb5/krb/rd_req_dec.c, lib/krb5/krb/ser_actx.c:
convert to the new api. This also includes specifying the
keyusage where needed.

this file is really ugly, because the SAM code wants to use
raw crypto. this all needs to be tested. There were also
existing memory leaks, some of which I probably missed.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10679 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:55:40 +0000 (23:55 +0000)]

add c_ustime.c. this was in the crypto library, but it didn't
belong there.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10678 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:54:59 +0000 (23:54 +0000)]

add a list of permitted enctypes to the auth_context for
rd_req to check, and create accessor functions for this list.

kdc/do_as_req.c, kdc/do_tgs_req.c, kdc/kdc_preauth.c,
lib/kdb/decrypt_key.c, lib/kdb/encrypt_key.c, kdc/kdc_util.c,
kdc/kerberos_v4.c, kdc/main.c, lib/kadm5/srv/server_kdb.c,
lib/krb5/krb/decrypt_tk.c, lib/krb5/krb/decode_kdc.c,
lib/krb5/krb/encode_kdc.c, lib/krb5/krb/encrypt_tk.c,
lib/krb5/krb/gen_seqnum.c, lib/krb5/krb/gen_subkey.c,
lib/krb5/krb/gic_pwd.c, lib/krb5/krb/in_tkt_pwd.c,
lib/krb5/krb/kdc_rep_dc.c, lib/krb5/krb/mk_cred.c,
lib/krb5/krb/mk_priv.c, lib/krb5/krb/mk_rep.c,
lib/krb5/krb/mk_req_ext.c, lib/krb5/krb/mk_safe.c,
lib/krb5/krb/preauth.c, lib/krb5/krb/preauth2.c,
lib/krb5/krb/rd_cred.c, lib/krb5/krb/rd_priv.c, lib/krb5/krb/rd_rep.c,
lib/krb5/krb/rd_safe.c, lib/krb5/krb/send_tgs.c,
lib/krb5/krb/auth_con.c, lib/krb5/krb/auth_con.h,
lib/krb5/krb/rd_req_dec.c, lib/krb5/krb/ser_actx.c:
convert to the new api. This also includes specifying the
keyusage where needed.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10677 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:53:53 +0000 (23:53 +0000)]

add enc_helper.c. This provides a wrapper around the
conventional way the library encrypts and wraps encoded asn.1
structures, so the code isn't repeated in a dozen places.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10676 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:53:15 +0000 (23:53 +0000)]

make the v4 compat random key code use the krb5 crypto
interface, instead of the des implementation internals.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10675 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:52:16 +0000 (23:52 +0000)]

kdc/do_as_req.c, kdc/do_tgs_req.c, kdc/kdc_preauth.c,
lib/kdb/decrypt_key.c, lib/kdb/encrypt_key.c, kdc/kdc_util.c,
kdc/kerberos_v4.c, kdc/main.c, lib/kadm5/srv/server_kdb.c,
lib/krb5/krb/decrypt_tk.c, lib/krb5/krb/decode_kdc.c,
lib/krb5/krb/encode_kdc.c, lib/krb5/krb/encrypt_tk.c,
lib/krb5/krb/gen_seqnum.c, lib/krb5/krb/gen_subkey.c,
lib/krb5/krb/gic_pwd.c, lib/krb5/krb/in_tkt_pwd.c,
lib/krb5/krb/kdc_rep_dc.c, lib/krb5/krb/mk_cred.c,
lib/krb5/krb/mk_priv.c, lib/krb5/krb/mk_rep.c,
lib/krb5/krb/mk_req_ext.c, lib/krb5/krb/mk_safe.c,
lib/krb5/krb/preauth.c, lib/krb5/krb/preauth2.c,
lib/krb5/krb/rd_cred.c, lib/krb5/krb/rd_priv.c, lib/krb5/krb/rd_rep.c,
lib/krb5/krb/rd_safe.c, lib/krb5/krb/send_tgs.c,
lib/krb5/krb/auth_con.c, lib/krb5/krb/auth_con.h,
lib/krb5/krb/rd_req_dec.c, lib/krb5/krb/ser_actx.c:
convert to the new api. This also includes specifying the
keyusage where needed.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10674 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:50:00 +0000 (23:50 +0000)]

kdc/do_as_req.c, kdc/do_tgs_req.c, kdc/kdc_preauth.c,
lib/kdb/decrypt_key.c, lib/kdb/encrypt_key.c, kdc/kdc_util.c,
kdc/kerberos_v4.c, kdc/main.c, lib/kadm5/srv/server_kdb.c,
lib/krb5/krb/decrypt_tk.c, lib/krb5/krb/decode_kdc.c,
lib/krb5/krb/encode_kdc.c, lib/krb5/krb/encrypt_tk.c,
lib/krb5/krb/gen_seqnum.c, lib/krb5/krb/gen_subkey.c,
lib/krb5/krb/gic_pwd.c, lib/krb5/krb/in_tkt_pwd.c,
lib/krb5/krb/kdc_rep_dc.c, lib/krb5/krb/mk_cred.c,
lib/krb5/krb/mk_priv.c, lib/krb5/krb/mk_rep.c,
lib/krb5/krb/mk_req_ext.c, lib/krb5/krb/mk_safe.c,
lib/krb5/krb/preauth.c, lib/krb5/krb/preauth2.c,
lib/krb5/krb/rd_cred.c, lib/krb5/krb/rd_priv.c, lib/krb5/krb/rd_rep.c,
lib/krb5/krb/rd_safe.c, lib/krb5/krb/send_tgs.c,
lib/krb5/krb/auth_con.c, lib/krb5/krb/auth_con.h,
lib/krb5/krb/rd_req_dec.c, lib/krb5/krb/ser_actx.c:
convert to the new api. This also includes specifying the
keyusage where needed.

include/k5-int.h, kdc/do_tgs_req.c:
add using_subkey variable to krb5_encode_kdc_rep, for choosing
the keyusage

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10673 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:49:13 +0000 (23:49 +0000)]

include/krb5/kdb.h, kdc/extern.h, lib/kdb/decrypt_key.c,
lib/kdb/encrypt_key.c, lib/kdb/fetch_mkey.c,
lib/kdb/kdb_db2.c, lib/kdb/kdb_db2.h, include/krb5/kdb_dbc.h,
lib/kdb/kdb_dbm.c, lib/kdb/keytab.c, lib/kdb/verify_mky.c,
lib/kadm5/srv/svr_principal.c, lib/kdb/kdb_cpw.c:
change or remove all the places krb5_encrypt_block was used
(this is mostly relevant to kdb manipulations).  It was
usually used to specify an enctype (which is now implied by
the keyblock), or to store or pass in a processed key (now the
api just takes a key directly, so these structures and
functions do, too).  The kdb key manuipulation functions also
need to be made to use the new api.

lib/kadm5/srv/svr_principal.c, lib/kdb/kdb_cpw.c, lib/kdb/kdb_xdr.c:
remove the special knowledge of ENCTYPE string-to-key
equivalances.  the crypto api has a function for this now.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10672 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:48:07 +0000 (23:48 +0000)]

include/krb5/kdb.h, kdc/extern.h, lib/kdb/decrypt_key.c,
lib/kdb/encrypt_key.c, lib/kdb/fetch_mkey.c,
lib/kdb/kdb_db2.c, lib/kdb/kdb_db2.h, include/krb5/kdb_dbc.h,
lib/kdb/kdb_dbm.c, lib/kdb/keytab.c, lib/kdb/verify_mky.c,
lib/kadm5/srv/svr_principal.c, lib/kdb/kdb_cpw.c:
change or remove all the places krb5_encrypt_block was used
(this is mostly relevant to kdb manipulations). It was
usually used to specify an enctype (which is now implied by
the keyblock), or to store or pass in a processed key (now the
api just takes a key directly, so these structures and
functions do, too). The kdb key manuipulation functions also
need to be made to use the new api.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10671 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:46:28 +0000 (23:46 +0000)]

make etype_string use krb5_enctype_to_string

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10670 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:45:01 +0000 (23:45 +0000)]

make the acl file contain etypes, and use that in the
authorization process.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10669 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:44:47 +0000 (23:44 +0000)]

this was in libcrypto, but it didn't belong there. move it here

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10668 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:44:34 +0000 (23:44 +0000)]

remove enctype and cksumtype string converstions. They're in the
crypto library now, since the information drops right into the
enctype table.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10667 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:44:04 +0000 (23:44 +0000)]

ifdef the whole file out, since it's not used anywhere. it
should probably be deleted, but I'm not sure about
backward-compatibility issues yet.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10666 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:43:41 +0000 (23:43 +0000)]

kdc/do_as_req.c, kdc/do_tgs_req.c, kdc/kdc_preauth.c,
lib/kdb/decrypt_key.c, lib/kdb/encrypt_key.c, kdc/kdc_util.c,
kdc/kerberos_v4.c, kdc/main.c, lib/kadm5/srv/server_kdb.c,
lib/krb5/krb/decrypt_tk.c, lib/krb5/krb/decode_kdc.c,
lib/krb5/krb/encode_kdc.c, lib/krb5/krb/encrypt_tk.c,
lib/krb5/krb/gen_seqnum.c, lib/krb5/krb/gen_subkey.c,
lib/krb5/krb/gic_pwd.c, lib/krb5/krb/in_tkt_pwd.c,
lib/krb5/krb/kdc_rep_dc.c, lib/krb5/krb/mk_cred.c,
lib/krb5/krb/mk_priv.c, lib/krb5/krb/mk_rep.c,
lib/krb5/krb/mk_req_ext.c, lib/krb5/krb/mk_safe.c,
lib/krb5/krb/preauth.c, lib/krb5/krb/preauth2.c,
lib/krb5/krb/rd_cred.c, lib/krb5/krb/rd_priv.c, lib/krb5/krb/rd_rep.c,
lib/krb5/krb/rd_safe.c, lib/krb5/krb/send_tgs.c,
lib/krb5/krb/auth_con.c, lib/krb5/krb/auth_con.h,
lib/krb5/krb/rd_req_dec.c, lib/krb5/krb/ser_actx.c:
convert to the new api. This also includes specifying the
keyusage where needed.

don't encode the encblock, because it's not there anymore.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10665 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:43:22 +0000 (23:43 +0000)]

kdc/do_as_req.c, kdc/do_tgs_req.c, kdc/kdc_preauth.c,
lib/kdb/decrypt_key.c, lib/kdb/encrypt_key.c, kdc/kdc_util.c,
kdc/kerberos_v4.c, kdc/main.c, lib/kadm5/srv/server_kdb.c,
lib/krb5/krb/decrypt_tk.c, lib/krb5/krb/decode_kdc.c,
lib/krb5/krb/encode_kdc.c, lib/krb5/krb/encrypt_tk.c,
lib/krb5/krb/gen_seqnum.c, lib/krb5/krb/gen_subkey.c,
lib/krb5/krb/gic_pwd.c, lib/krb5/krb/in_tkt_pwd.c,
lib/krb5/krb/kdc_rep_dc.c, lib/krb5/krb/mk_cred.c,
lib/krb5/krb/mk_priv.c, lib/krb5/krb/mk_rep.c,
lib/krb5/krb/mk_req_ext.c, lib/krb5/krb/mk_safe.c,
lib/krb5/krb/preauth.c, lib/krb5/krb/preauth2.c,
lib/krb5/krb/rd_cred.c, lib/krb5/krb/rd_priv.c, lib/krb5/krb/rd_rep.c,
lib/krb5/krb/rd_safe.c, lib/krb5/krb/send_tgs.c,
lib/krb5/krb/auth_con.c, lib/krb5/krb/auth_con.h,
lib/krb5/krb/rd_req_dec.c, lib/krb5/krb/ser_actx.c:
convert to the new api. This also includes specifying the
keyusage where needed.

check the auth_context permit-all flag and permitted_enctypes
list, and reject the request if the policy check fails.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10664 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:43:02 +0000 (23:43 +0000)]

add code to initialize the prng. It's not great, but can be
improved, and the prng is reseeded when new keys are
processed.

read permitted_enctypes from the krb5.conf file, and provide
accessor functions for it. Make the various etype list
parsers share code as a side effect.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10663 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:42:48 +0000 (23:42 +0000)]

add krb5_get_{validat,renew}ed_creds functions, which are part
of the new init_creds api. The prototypes were already in,
krb5.hin but there was no implementing code.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10662 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:42:33 +0000 (23:42 +0000)]

Add a new error code for "Encryption type not permitted"

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10661 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:42:21 +0000 (23:42 +0000)]

interoperation testing against heimdal revealed a bug. if
extra fields are present in a SEQUENCE, they are not ignored
and skipped. This caused the decoder to get out of sync.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10660 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:42:00 +0000 (23:42 +0000)]

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:41:40 +0000 (23:41 +0000)]

lib/kadm5/srv/svr_principal.c, lib/kdb/kdb_cpw.c, lib/kdb/kdb_xdr.c:
remove the special knowledge of ENCTYPE string-to-key
equivalances. the crypto api has a function for this now.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10658 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:35:24 +0000 (23:35 +0000)]

add krb5_keyusage typedef

change krb5_encrypt_block so that backward source compatibility
will work without depending on a type which no longer exists

add new ENCTYPEs

add prototypes for new crypto api

add KEYUSAGE values

add new AUTH_CONTEXT flag to turn off permitted_enctypes checking

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10657 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:30:15 +0000 (23:30 +0000)]

add new provider api, keytype and cksum type table structures,
krb5_nfold and krb5_hmac prototypes.

remove old extern global variables which no longer exist

add new krb5_encrypt_helper prototype

include/k5-int.h, kdc/do_tgs_req.c:
add using_subkey variable to krb5_encode_kdc_rep, for choosing
the keyusage

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10656 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:29:52 +0000 (23:29 +0000)]

convert to init_creds api, in order to be able to use verify_creds,
for the new multi-etype semantics. still needs testing.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10655 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

no author [Sat, 18 Jul 1998 23:29:52 +0000 (23:29 +0000)]

This commit was manufactured by cvs2svn to create branch 'marc-3des'

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10654 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Sat, 9 May 1998 03:19:46 +0000 (03:19 +0000)]

str_conv.c (krb5_string_to_timestamp, strptime): Fix routines to be
able to properly parse Y2K dates.

t_kerb.c: Add ability to test krb5_string_to_timestamp

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10559 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Sat, 9 May 1998 00:04:39 +0000 (00:04 +0000)]

stime.c (krb_stime):
log.c (krb_new_log, krb_log):
klog.c (klog): Print the year using 4 digits to avoid Y2K issues.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10558 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Fri, 8 May 1998 23:55:43 +0000 (23:55 +0000)]

Print the year as 4 digits to avoid Y2K problems

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10557 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Fri, 8 May 1998 23:52:49 +0000 (23:52 +0000)]

* kadm_server.c (krb_log): Print the year using 4 digit to avoid
Y2K issues.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10556 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Fri, 8 May 1998 22:48:16 +0000 (22:48 +0000)]

Print 4 digit years in Krb4 log entries to avoid Y2K issues

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10555 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Fri, 8 May 1998 22:15:18 +0000 (22:15 +0000)]

ftpcmd.y (cmd): Fix Y2K problem in the MDTM command

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10554 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Wed, 6 May 1998 20:40:44 +0000 (20:40 +0000)]

Add a check for the header file krb4-proto.h. Replace file existence
tests for /etc/environment and /etc/TIMEZONE with K5_AC_CHECK_FILES.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10553 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Wed, 6 May 1998 20:35:03 +0000 (20:35 +0000)]

POSIX states that getopt returns -1 when it is done parsing options,
not EOF.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10552 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Wed, 6 May 1998 20:34:37 +0000 (20:34 +0000)]

Add support for generic file existence tests (used to simplify some
configure.in files.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10551 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Wed, 6 May 1998 20:24:10 +0000 (20:24 +0000)]

POSIX states that getopt returns -1 when it is done parsing options,
not EOF.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10550 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Wed, 6 May 1998 20:21:28 +0000 (20:21 +0000)]

t_ser.c (main): POSIX states that getopt returns -1 when it is done
parsing options, not EOF.

get_in_tkt.c (krb5_get_init_creds): If libdefaults/{REALM}/noaddresses
is true, then don't put any addresses in the ticket request.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10549 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Wed, 6 May 1998 20:01:28 +0000 (20:01 +0000)]

POSIX states that getopt returns -1 when it is done parsing options,
not EOF.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10548 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Theodore Tso [Wed, 6 May 1998 18:58:24 +0000 (18:58 +0000)]

POSIX states that getopt returns -1 when it is done parsing options,
not EOF.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10547 dc483132-0cff-0310-8789-dd5450dbe970

Mirror of https://github.com/krb5/krb5.git

RSS Atom