git.ipfire.org Git - thirdparty/krb5.git/log

]> git.ipfire.org Git - thirdparty/krb5.git/log

Marc Horowitz [Sun, 16 Aug 1998 03:44:06 +0000 (03:44 +0000)]

rearrange the code a bit to make it more clear that the logic is
correct.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10830 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 16 Aug 1998 03:39:17 +0000 (03:39 +0000)]

don't free the returned ctype array

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10829 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 16 Aug 1998 03:38:41 +0000 (03:38 +0000)]

rearrange a structure to match the comments

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10828 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 16 Aug 1998 03:37:10 +0000 (03:37 +0000)]

nastybad fencepost error if the input size is [60,63] mod 64

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10827 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Fri, 14 Aug 1998 05:41:10 +0000 (05:41 +0000)]

there is code in the tree (notably, the admin server code) which uses
globals to set the keytab which will be used by gssapi.  this is
gross, and we need a better answer.  However, even that didn't work if
there was an env var or krb5.conf variable, since those override
krb5_defkeyname.  Add a new global, krb5_overridekeyname, which really
does override all the other keytab locators.  While I'm at it, make the buffer overflow checks sane.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10823 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Fri, 14 Aug 1998 05:39:35 +0000 (05:39 +0000)]

fix a typo
don't return conf_state if the pointer is NULL

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10822 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Fri, 14 Aug 1998 05:38:33 +0000 (05:38 +0000)]

don't free the tokens before returning them

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10821 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Fri, 14 Aug 1998 05:38:12 +0000 (05:38 +0000)]

the ints are 32-bit, not 16-bit. keep enough space

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10820 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 13 Aug 1998 03:24:12 +0000 (03:24 +0000)]

don't assume a nul-terminated client string. just print out the
number of chars received.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10815 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 13 Aug 1998 03:23:13 +0000 (03:23 +0000)]

- don't add the final NUL to a command-line string
- read_file() was dealing improperly with incomplete reads. Since
only normal files are really supported, and incomplete reads are
impossible with normal files, rip the incorrect incomplete read code
out.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10814 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 13 Aug 1998 03:20:57 +0000 (03:20 +0000)]

- make the tmsglen size check not a strict inequality, since the old
cksumtypes can return padded data.
- plug a memory leak
- reorder some stuff for clarity

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10813 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 13 Aug 1998 03:18:05 +0000 (03:18 +0000)]

don't stomp the minor status when a call to another gss function
returns an error

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10812 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 13 Aug 1998 03:17:03 +0000 (03:17 +0000)]

remove the input bounds check
fix the stupid brainos.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10811 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 6 Aug 1998 23:23:58 +0000 (23:23 +0000)]

make krb5_c_keyed_checksum_types() prototype conform with reality

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10781 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Wed, 5 Aug 1998 08:03:55 +0000 (08:03 +0000)]

misc fixes

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10780 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Wed, 5 Aug 1998 07:13:18 +0000 (07:13 +0000)]

add function to free checksum contents, as filled in by
krb5_c_make_checksum. (Should this be in libcrypto?)

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10779 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Wed, 5 Aug 1998 07:12:19 +0000 (07:12 +0000)]

don't call the nonexistent hash functions for a keyed hash

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10778 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Wed, 5 Aug 1998 07:11:39 +0000 (07:11 +0000)]

have the function allocate space, and add a free function

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10777 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Wed, 5 Aug 1998 06:04:55 +0000 (06:04 +0000)]

add code to implement a new krb5 v2 gssapi mechanism.
this implementation is complete and functional, but the draft
spec and the code do not yet completely match.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10776 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Mon, 3 Aug 1998 05:34:12 +0000 (05:34 +0000)]

add util_ctxsetup

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10771 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Mon, 3 Aug 1998 05:32:29 +0000 (05:32 +0000)]

Return G_WRONG_TOKID if the passed-in token id is different from the
id in the token.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10770 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Mon, 3 Aug 1998 05:30:14 +0000 (05:30 +0000)]

add new error codes

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10769 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Mon, 3 Aug 1998 05:29:47 +0000 (05:29 +0000)]

- print the token as ascii if the first chars are printable or whitespace
- don't leak an fd per accept

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10768 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Tom Yu [Fri, 31 Jul 1998 22:20:07 +0000 (22:20 +0000)]

changes to make kadmind4 build again

* kadm_ser_wrap.c (kadm_ser_init): Remove references to
master_encblock, as it's no longer needed in the new crypto API,
adjusting kdb calls accordingly. Also punt calls to use_enctype,
process_key, etc.

* admin_server.c (clear_secrets): Remove references to
master_encblock, due to new crypto API.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10767 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Sam Hartman [Thu, 30 Jul 1998 18:21:24 +0000 (18:21 +0000)]

Update major versions of libraries depending on libkrb5.
Also, fix typo in tf_util.c that prevents krb524init from working
and include test for sa_len so localaddr works on NetBSD.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10766 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 30 Jul 1998 07:10:03 +0000 (07:10 +0000)]

update changes from mainline 980730

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10759 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Sam Hartman [Mon, 27 Jul 1998 05:36:33 +0000 (05:36 +0000)]

Fix login so that it will properly handle forwarded creds;
it didn't destroy the ccache, so that copying into the new ccache failed. Also,
it didn't try to convert forwarded creds.
Remove marc's debugging printf in krlogin.c

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10751 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 26 Jul 1998 02:31:42 +0000 (02:31 +0000)]

remove a debugging printf which got checked in by accident

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10749 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 26 Jul 1998 01:55:04 +0000 (01:55 +0000)]

typo

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10748 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 26 Jul 1998 01:53:51 +0000 (01:53 +0000)]

don't skip a ks_tuple unless the enctype and salttype both match
something prior in the list.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10747 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:56:05 +0000 (22:56 +0000)]

fix the new crypto api stuff I missed before

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10746 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:52:34 +0000 (22:52 +0000)]

for keyed hashes, verify that the key enctype is compatible

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10745 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:50:42 +0000 (22:50 +0000)]

add etype field to cksum records for keyed cksums

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10744 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:49:26 +0000 (22:49 +0000)]

add krb5_c_num_keyed_checksum_types, krb5_c_keyed_checksum_types functions
add keyusages for krb5 gssapi v2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10743 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:46:24 +0000 (22:46 +0000)]

new file

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10742 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:45:43 +0000 (22:45 +0000)]

add keyed_checksum_types.c

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10741 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 22:40:22 +0000 (22:40 +0000)]

convert to new crypto api

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10740 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 25 Jul 1998 20:51:08 +0000 (20:51 +0000)]

typo fix

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10739 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Sam Hartman [Sat, 25 Jul 1998 20:00:53 +0000 (20:00 +0000)]

Add kvno

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10738 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Fri, 24 Jul 1998 22:45:23 +0000 (22:45 +0000)]

add a new app to acquire a ticket for a service and print out the kvno

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10735 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Fri, 24 Jul 1998 22:44:44 +0000 (22:44 +0000)]

add kvno directory

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10734 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Fri, 24 Jul 1998 06:46:10 +0000 (06:46 +0000)]

convert gssapi to new crypto api

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10733 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Fri, 24 Jul 1998 06:30:45 +0000 (06:30 +0000)]

typo

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10732 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 23 Jul 1998 18:28:45 +0000 (18:28 +0000)]

typo

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10719 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 23 Jul 1998 04:51:05 +0000 (04:51 +0000)]

incorrect use of static string return. penalty 10 megabytes

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10718 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 23 Jul 1998 03:52:17 +0000 (03:52 +0000)]

merge mainline as of roughly 7/20 onto the branch

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10717 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 23 Jul 1998 02:58:15 +0000 (02:58 +0000)]

in the alloced case, the confounder and hash were incorrectly copied
to the output.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10716 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Thu, 23 Jul 1998 02:53:54 +0000 (02:53 +0000)]

fix the length sanity check. the data returned could be padded

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10715 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:50:51 +0000 (01:50 +0000)]

initial test stub for krb5_nfold

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10708 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:28:24 +0000 (01:28 +0000)]

remove stuff no longer needed from the old crypto library

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10707 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:27:44 +0000 (01:27 +0000)]

update file list

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10706 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:19:16 +0000 (01:19 +0000)]

raw encryption decryption, checksum, and string-to-key implementation

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10705 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:18:48 +0000 (01:18 +0000)]

old-style des encryption decryption, checksum, and string-to-key implementation

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10704 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:17:35 +0000 (01:17 +0000)]

remove stuff no longer needed from the old crypto library

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10703 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:17:10 +0000 (01:17 +0000)]

update file list

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10702 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:14:33 +0000 (01:14 +0000)]

descbc, krb-specific des-md4 and md5 keyed hash providers

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10701 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:13:38 +0000 (01:13 +0000)]

crc32, md4, md5, sha1 hash providers

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10700 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:12:36 +0000 (01:12 +0000)]

des and des3 encryption providers

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10699 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:11:43 +0000 (01:11 +0000)]

generic derived key encryption, decryption, and checksum implementation

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10698 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:09:19 +0000 (01:09 +0000)]

stop making calls to the krb5 api. the dir should be standalone

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10697 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:04:31 +0000 (01:04 +0000)]

update afsstring2key not to use eblock; the enctype is now implied by
the key

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10696 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:02:47 +0000 (01:02 +0000)]

remove stuff no longer needed from the old crypto library

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10695 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 01:00:20 +0000 (01:00 +0000)]

update api not to use eblock; the enctype is now implied by the key

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10694 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:59:41 +0000 (00:59 +0000)]

update file list

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10693 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:55:52 +0000 (00:55 +0000)]

include prototype for mit_crc32

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10692 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:54:06 +0000 (00:54 +0000)]

crc32 hash implementation (from old crypto lib)

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10691 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:52:36 +0000 (00:52 +0000)]

update file list

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10690 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:50:08 +0000 (00:50 +0000)]

update file and directory list

the configure options for enabling and disabling etypes and cksumtypes
are now gone.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10689 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:48:36 +0000 (00:48 +0000)]

update file and directory list

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10688 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:46:25 +0000 (00:46 +0000)]

remove stuff no longer needed from the old crypto library

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10687 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:39:29 +0000 (00:39 +0000)]

glue to implement the old api on top of the new one

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10686 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:39:13 +0000 (00:39 +0000)]

cksumtype table

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10685 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:38:51 +0000 (00:38 +0000)]

enctype table

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10684 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:36:05 +0000 (00:36 +0000)]

hmac keyed hash generator algorithm

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10683 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:35:45 +0000 (00:35 +0000)]

n-fold algorithm for string-to-key and key derivation

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10682 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:33:09 +0000 (00:33 +0000)]

implementations for the new crypto api exported functions

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10681 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:20:32 +0000 (00:20 +0000)]

sha1 hash implementation (from old crypto/sha dir)

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10680 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sun, 19 Jul 1998 00:00:09 +0000 (00:00 +0000)]

kdc/do_as_req.c, kdc/do_tgs_req.c, kdc/kdc_preauth.c,
lib/kdb/decrypt_key.c, lib/kdb/encrypt_key.c, kdc/kdc_util.c,
kdc/kerberos_v4.c, kdc/main.c, lib/kadm5/srv/server_kdb.c,
lib/krb5/krb/decrypt_tk.c, lib/krb5/krb/decode_kdc.c,
lib/krb5/krb/encode_kdc.c, lib/krb5/krb/encrypt_tk.c,
lib/krb5/krb/gen_seqnum.c, lib/krb5/krb/gen_subkey.c,
lib/krb5/krb/gic_pwd.c, lib/krb5/krb/in_tkt_pwd.c,
lib/krb5/krb/kdc_rep_dc.c, lib/krb5/krb/mk_cred.c,
lib/krb5/krb/mk_priv.c, lib/krb5/krb/mk_rep.c,
lib/krb5/krb/mk_req_ext.c, lib/krb5/krb/mk_safe.c,
lib/krb5/krb/preauth.c, lib/krb5/krb/preauth2.c,
lib/krb5/krb/rd_cred.c, lib/krb5/krb/rd_priv.c, lib/krb5/krb/rd_rep.c,
lib/krb5/krb/rd_safe.c, lib/krb5/krb/send_tgs.c,
lib/krb5/krb/auth_con.c, lib/krb5/krb/auth_con.h,
lib/krb5/krb/rd_req_dec.c, lib/krb5/krb/ser_actx.c:
convert to the new api. This also includes specifying the
keyusage where needed.

this file is really ugly, because the SAM code wants to use
raw crypto. this all needs to be tested. There were also
existing memory leaks, some of which I probably missed.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10679 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:55:40 +0000 (23:55 +0000)]

add c_ustime.c. this was in the crypto library, but it didn't
belong there.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10678 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:54:59 +0000 (23:54 +0000)]

add a list of permitted enctypes to the auth_context for
rd_req to check, and create accessor functions for this list.

kdc/do_as_req.c, kdc/do_tgs_req.c, kdc/kdc_preauth.c,
lib/kdb/decrypt_key.c, lib/kdb/encrypt_key.c, kdc/kdc_util.c,
kdc/kerberos_v4.c, kdc/main.c, lib/kadm5/srv/server_kdb.c,
lib/krb5/krb/decrypt_tk.c, lib/krb5/krb/decode_kdc.c,
lib/krb5/krb/encode_kdc.c, lib/krb5/krb/encrypt_tk.c,
lib/krb5/krb/gen_seqnum.c, lib/krb5/krb/gen_subkey.c,
lib/krb5/krb/gic_pwd.c, lib/krb5/krb/in_tkt_pwd.c,
lib/krb5/krb/kdc_rep_dc.c, lib/krb5/krb/mk_cred.c,
lib/krb5/krb/mk_priv.c, lib/krb5/krb/mk_rep.c,
lib/krb5/krb/mk_req_ext.c, lib/krb5/krb/mk_safe.c,
lib/krb5/krb/preauth.c, lib/krb5/krb/preauth2.c,
lib/krb5/krb/rd_cred.c, lib/krb5/krb/rd_priv.c, lib/krb5/krb/rd_rep.c,
lib/krb5/krb/rd_safe.c, lib/krb5/krb/send_tgs.c,
lib/krb5/krb/auth_con.c, lib/krb5/krb/auth_con.h,
lib/krb5/krb/rd_req_dec.c, lib/krb5/krb/ser_actx.c:
convert to the new api. This also includes specifying the
keyusage where needed.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10677 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:53:53 +0000 (23:53 +0000)]

add enc_helper.c. This provides a wrapper around the
conventional way the library encrypts and wraps encoded asn.1
structures, so the code isn't repeated in a dozen places.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10676 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:53:15 +0000 (23:53 +0000)]

make the v4 compat random key code use the krb5 crypto
interface, instead of the des implementation internals.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10675 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:52:16 +0000 (23:52 +0000)]

kdc/do_as_req.c, kdc/do_tgs_req.c, kdc/kdc_preauth.c,
lib/kdb/decrypt_key.c, lib/kdb/encrypt_key.c, kdc/kdc_util.c,
kdc/kerberos_v4.c, kdc/main.c, lib/kadm5/srv/server_kdb.c,
lib/krb5/krb/decrypt_tk.c, lib/krb5/krb/decode_kdc.c,
lib/krb5/krb/encode_kdc.c, lib/krb5/krb/encrypt_tk.c,
lib/krb5/krb/gen_seqnum.c, lib/krb5/krb/gen_subkey.c,
lib/krb5/krb/gic_pwd.c, lib/krb5/krb/in_tkt_pwd.c,
lib/krb5/krb/kdc_rep_dc.c, lib/krb5/krb/mk_cred.c,
lib/krb5/krb/mk_priv.c, lib/krb5/krb/mk_rep.c,
lib/krb5/krb/mk_req_ext.c, lib/krb5/krb/mk_safe.c,
lib/krb5/krb/preauth.c, lib/krb5/krb/preauth2.c,
lib/krb5/krb/rd_cred.c, lib/krb5/krb/rd_priv.c, lib/krb5/krb/rd_rep.c,
lib/krb5/krb/rd_safe.c, lib/krb5/krb/send_tgs.c,
lib/krb5/krb/auth_con.c, lib/krb5/krb/auth_con.h,
lib/krb5/krb/rd_req_dec.c, lib/krb5/krb/ser_actx.c:
convert to the new api. This also includes specifying the
keyusage where needed.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10674 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:50:00 +0000 (23:50 +0000)]

kdc/do_as_req.c, kdc/do_tgs_req.c, kdc/kdc_preauth.c,
lib/kdb/decrypt_key.c, lib/kdb/encrypt_key.c, kdc/kdc_util.c,
kdc/kerberos_v4.c, kdc/main.c, lib/kadm5/srv/server_kdb.c,
lib/krb5/krb/decrypt_tk.c, lib/krb5/krb/decode_kdc.c,
lib/krb5/krb/encode_kdc.c, lib/krb5/krb/encrypt_tk.c,
lib/krb5/krb/gen_seqnum.c, lib/krb5/krb/gen_subkey.c,
lib/krb5/krb/gic_pwd.c, lib/krb5/krb/in_tkt_pwd.c,
lib/krb5/krb/kdc_rep_dc.c, lib/krb5/krb/mk_cred.c,
lib/krb5/krb/mk_priv.c, lib/krb5/krb/mk_rep.c,
lib/krb5/krb/mk_req_ext.c, lib/krb5/krb/mk_safe.c,
lib/krb5/krb/preauth.c, lib/krb5/krb/preauth2.c,
lib/krb5/krb/rd_cred.c, lib/krb5/krb/rd_priv.c, lib/krb5/krb/rd_rep.c,
lib/krb5/krb/rd_safe.c, lib/krb5/krb/send_tgs.c,
lib/krb5/krb/auth_con.c, lib/krb5/krb/auth_con.h,
lib/krb5/krb/rd_req_dec.c, lib/krb5/krb/ser_actx.c:
convert to the new api. This also includes specifying the
keyusage where needed.

include/k5-int.h, kdc/do_tgs_req.c:
add using_subkey variable to krb5_encode_kdc_rep, for choosing
the keyusage

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10673 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:49:13 +0000 (23:49 +0000)]

include/krb5/kdb.h, kdc/extern.h, lib/kdb/decrypt_key.c,
lib/kdb/encrypt_key.c, lib/kdb/fetch_mkey.c,
lib/kdb/kdb_db2.c, lib/kdb/kdb_db2.h, include/krb5/kdb_dbc.h,
lib/kdb/kdb_dbm.c, lib/kdb/keytab.c, lib/kdb/verify_mky.c,
lib/kadm5/srv/svr_principal.c, lib/kdb/kdb_cpw.c:
change or remove all the places krb5_encrypt_block was used
(this is mostly relevant to kdb manipulations).  It was
usually used to specify an enctype (which is now implied by
the keyblock), or to store or pass in a processed key (now the
api just takes a key directly, so these structures and
functions do, too).  The kdb key manuipulation functions also
need to be made to use the new api.

lib/kadm5/srv/svr_principal.c, lib/kdb/kdb_cpw.c, lib/kdb/kdb_xdr.c:
remove the special knowledge of ENCTYPE string-to-key
equivalances.  the crypto api has a function for this now.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10672 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:48:07 +0000 (23:48 +0000)]

include/krb5/kdb.h, kdc/extern.h, lib/kdb/decrypt_key.c,
lib/kdb/encrypt_key.c, lib/kdb/fetch_mkey.c,
lib/kdb/kdb_db2.c, lib/kdb/kdb_db2.h, include/krb5/kdb_dbc.h,
lib/kdb/kdb_dbm.c, lib/kdb/keytab.c, lib/kdb/verify_mky.c,
lib/kadm5/srv/svr_principal.c, lib/kdb/kdb_cpw.c:
change or remove all the places krb5_encrypt_block was used
(this is mostly relevant to kdb manipulations). It was
usually used to specify an enctype (which is now implied by
the keyblock), or to store or pass in a processed key (now the
api just takes a key directly, so these structures and
functions do, too). The kdb key manuipulation functions also
need to be made to use the new api.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10671 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:46:28 +0000 (23:46 +0000)]

make etype_string use krb5_enctype_to_string

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10670 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:45:01 +0000 (23:45 +0000)]

make the acl file contain etypes, and use that in the
authorization process.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10669 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:44:47 +0000 (23:44 +0000)]

this was in libcrypto, but it didn't belong there. move it here

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10668 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:44:34 +0000 (23:44 +0000)]

remove enctype and cksumtype string converstions. They're in the
crypto library now, since the information drops right into the
enctype table.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10667 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:44:04 +0000 (23:44 +0000)]

ifdef the whole file out, since it's not used anywhere. it
should probably be deleted, but I'm not sure about
backward-compatibility issues yet.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10666 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:43:41 +0000 (23:43 +0000)]

kdc/do_as_req.c, kdc/do_tgs_req.c, kdc/kdc_preauth.c,
lib/kdb/decrypt_key.c, lib/kdb/encrypt_key.c, kdc/kdc_util.c,
kdc/kerberos_v4.c, kdc/main.c, lib/kadm5/srv/server_kdb.c,
lib/krb5/krb/decrypt_tk.c, lib/krb5/krb/decode_kdc.c,
lib/krb5/krb/encode_kdc.c, lib/krb5/krb/encrypt_tk.c,
lib/krb5/krb/gen_seqnum.c, lib/krb5/krb/gen_subkey.c,
lib/krb5/krb/gic_pwd.c, lib/krb5/krb/in_tkt_pwd.c,
lib/krb5/krb/kdc_rep_dc.c, lib/krb5/krb/mk_cred.c,
lib/krb5/krb/mk_priv.c, lib/krb5/krb/mk_rep.c,
lib/krb5/krb/mk_req_ext.c, lib/krb5/krb/mk_safe.c,
lib/krb5/krb/preauth.c, lib/krb5/krb/preauth2.c,
lib/krb5/krb/rd_cred.c, lib/krb5/krb/rd_priv.c, lib/krb5/krb/rd_rep.c,
lib/krb5/krb/rd_safe.c, lib/krb5/krb/send_tgs.c,
lib/krb5/krb/auth_con.c, lib/krb5/krb/auth_con.h,
lib/krb5/krb/rd_req_dec.c, lib/krb5/krb/ser_actx.c:
convert to the new api. This also includes specifying the
keyusage where needed.

don't encode the encblock, because it's not there anymore.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10665 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:43:22 +0000 (23:43 +0000)]

kdc/do_as_req.c, kdc/do_tgs_req.c, kdc/kdc_preauth.c,
lib/kdb/decrypt_key.c, lib/kdb/encrypt_key.c, kdc/kdc_util.c,
kdc/kerberos_v4.c, kdc/main.c, lib/kadm5/srv/server_kdb.c,
lib/krb5/krb/decrypt_tk.c, lib/krb5/krb/decode_kdc.c,
lib/krb5/krb/encode_kdc.c, lib/krb5/krb/encrypt_tk.c,
lib/krb5/krb/gen_seqnum.c, lib/krb5/krb/gen_subkey.c,
lib/krb5/krb/gic_pwd.c, lib/krb5/krb/in_tkt_pwd.c,
lib/krb5/krb/kdc_rep_dc.c, lib/krb5/krb/mk_cred.c,
lib/krb5/krb/mk_priv.c, lib/krb5/krb/mk_rep.c,
lib/krb5/krb/mk_req_ext.c, lib/krb5/krb/mk_safe.c,
lib/krb5/krb/preauth.c, lib/krb5/krb/preauth2.c,
lib/krb5/krb/rd_cred.c, lib/krb5/krb/rd_priv.c, lib/krb5/krb/rd_rep.c,
lib/krb5/krb/rd_safe.c, lib/krb5/krb/send_tgs.c,
lib/krb5/krb/auth_con.c, lib/krb5/krb/auth_con.h,
lib/krb5/krb/rd_req_dec.c, lib/krb5/krb/ser_actx.c:
convert to the new api. This also includes specifying the
keyusage where needed.

check the auth_context permit-all flag and permitted_enctypes
list, and reject the request if the policy check fails.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10664 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:43:02 +0000 (23:43 +0000)]

add code to initialize the prng. It's not great, but can be
improved, and the prng is reseeded when new keys are
processed.

read permitted_enctypes from the krb5.conf file, and provide
accessor functions for it. Make the various etype list
parsers share code as a side effect.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10663 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:42:48 +0000 (23:42 +0000)]

add krb5_get_{validat,renew}ed_creds functions, which are part
of the new init_creds api. The prototypes were already in,
krb5.hin but there was no implementing code.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10662 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:42:33 +0000 (23:42 +0000)]

Add a new error code for "Encryption type not permitted"

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10661 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:42:21 +0000 (23:42 +0000)]

interoperation testing against heimdal revealed a bug. if
extra fields are present in a SEQUENCE, they are not ignored
and skipped. This caused the decoder to get out of sync.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10660 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:42:00 +0000 (23:42 +0000)]

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:41:40 +0000 (23:41 +0000)]

lib/kadm5/srv/svr_principal.c, lib/kdb/kdb_cpw.c, lib/kdb/kdb_xdr.c:
remove the special knowledge of ENCTYPE string-to-key
equivalances. the crypto api has a function for this now.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10658 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Marc Horowitz [Sat, 18 Jul 1998 23:35:24 +0000 (23:35 +0000)]

add krb5_keyusage typedef

change krb5_encrypt_block so that backward source compatibility
will work without depending on a type which no longer exists

add new ENCTYPEs

add prototypes for new crypto api

add KEYUSAGE values

add new AUTH_CONTEXT flag to turn off permitted_enctypes checking

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10657 dc483132-0cff-0310-8789-dd5450dbe970

Mirror of https://github.com/krb5/krb5.git

RSS Atom