]>
git.ipfire.org Git - thirdparty/krb5.git/log
Luke Howard [Mon, 11 Apr 2011 09:01:30 +0000 (09:01 +0000)]
Merge branch 'master' into users/lhoward/saml2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24873
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 11 Apr 2011 09:01:20 +0000 (09:01 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24872
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 11 Apr 2011 09:01:07 +0000 (09:01 +0000)]
Merge branch 'master' into users/lhoward/saml2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24871
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 7 Apr 2011 23:23:24 +0000 (23:23 +0000)]
Merge branch 'master' into users/lhoward/saml2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24856
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 6 Apr 2011 14:37:01 +0000 (14:37 +0000)]
set xs:string/xs:base64Binary depending on LDAP syntax
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24850
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 6 Apr 2011 14:36:47 +0000 (14:36 +0000)]
correctly format radius config continuation lines
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24849
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 6 Apr 2011 14:36:30 +0000 (14:36 +0000)]
Revert "use global server_creds for impersonator cred handle"
This reverts commit
d83bf6672602e18db2ba141214ee167ffe54a8b4 .
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24848
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 6 Apr 2011 14:36:16 +0000 (14:36 +0000)]
fix merge error
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24847
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 6 Apr 2011 00:16:23 +0000 (00:16 +0000)]
Merge branch 'master' into users/lhoward/saml2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24846
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Mon, 4 Apr 2011 23:57:18 +0000 (23:57 +0000)]
Merge branch 'master' into users/lhoward/saml2
Conflicts:
src/appl/gss-sample/gss-server.c
src/lib/gssapi/generic/gssapi_ext.h
src/lib/gssapi/generic/gssapi_generic.c
src/lib/gssapi/libgssapi_krb5.exports
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24842
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 3 Apr 2011 08:52:25 +0000 (08:52 +0000)]
use global server_creds for impersonator cred handle
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24824
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 3 Apr 2011 08:05:17 +0000 (08:05 +0000)]
Merge branch 'master' into users/lhoward/saml2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24823
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 3 Apr 2011 08:05:02 +0000 (08:05 +0000)]
allow zero-valued attributes
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24822
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 3 Apr 2011 07:13:42 +0000 (07:13 +0000)]
remove trailing whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24818
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 3 Apr 2011 07:13:29 +0000 (07:13 +0000)]
fix regression: 't log "Accepted" message to stdout
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24817
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 3 Apr 2011 06:46:19 +0000 (06:46 +0000)]
Merge branch 'master' into users/lhoward/saml2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24814
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 3 Apr 2011 04:28:21 +0000 (04:28 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24812
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 3 Apr 2011 04:28:08 +0000 (04:28 +0000)]
parameterize constrained deleg target name
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24811
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 3 Apr 2011 04:27:55 +0000 (04:27 +0000)]
Add an option to saml_sign for generating RADIUS AAA configuration
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24810
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 3 Apr 2011 04:27:42 +0000 (04:27 +0000)]
If we failed to verify the assertion, and we have information
about the client, create a new one.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24809
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 3 Apr 2011 04:27:30 +0000 (04:27 +0000)]
add PADL copyrights, this work is not sponsored by MIT
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24808
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 3 Apr 2011 04:27:15 +0000 (04:27 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24807
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 12:55:25 +0000 (12:55 +0000)]
relax subject/authtime confirmation
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24803
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 12:55:12 +0000 (12:55 +0000)]
add saml_sign app
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24802
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 12:54:58 +0000 (12:54 +0000)]
fixes for constrained delegation
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24801
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 08:59:33 +0000 (08:59 +0000)]
refactor krb5 plugin to use GSS_C_ATTR_SAML_ASSERTION
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24800
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 08:59:20 +0000 (08:59 +0000)]
add GSS_C_ATTR_SAML_ASSERTION constant
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24799
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 08:59:06 +0000 (08:59 +0000)]
pass GSS_C_NT_ANONYMOUS for anonymous name type
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24798
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 08:58:54 +0000 (08:58 +0000)]
allow empty names when importing GSS_C_NT_ANONYMOUS
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24797
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 08:58:40 +0000 (08:58 +0000)]
add some comments
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24796
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 08:58:27 +0000 (08:58 +0000)]
Don't include unverified assertions in TGTs, because we
may trust them implicitly.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24795
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 06:38:38 +0000 (06:38 +0000)]
Merge branch 'master' into users/lhoward/saml2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24791
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 06:38:24 +0000 (06:38 +0000)]
Determine which authdata sources to interrogate based on the
module's usage. This is important if the authdata is signed
by the KDC with the TGT key (as the user can forge that in
the AP-REQ).
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24790
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 06:38:10 +0000 (06:38 +0000)]
Revert "merge old SAML branch GSS stuff"
This reverts commit
85b2da0b0c3df3ee63262795f7a6af587d2ca041 .
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24789
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 06:37:55 +0000 (06:37 +0000)]
always confirm anonymous principals
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24788
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 06:37:42 +0000 (06:37 +0000)]
add anonymous S4U test to gss-server
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24787
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 06:37:29 +0000 (06:37 +0000)]
When doing S4U2Self for the anon principal, use the server realm
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24786
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 05:16:36 +0000 (05:16 +0000)]
typo fix
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24784
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 05:16:23 +0000 (05:16 +0000)]
Some work on validating third-party signed assertions
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24783
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 05:16:06 +0000 (05:16 +0000)]
Merge branch 'master' into users/lhoward/saml2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24782
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:52:14 +0000 (05:52 +0000)]
Support for transiting attributes between mechanisms
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24774
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:52:01 +0000 (05:52 +0000)]
add Kerberos S4U test to gss-server
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24773
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:51:49 +0000 (05:51 +0000)]
only reset greeting if provided attribute is urn:greet:greeting
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24772
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:51:35 +0000 (05:51 +0000)]
some fixes for SAML protocol transition
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24771
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:51:22 +0000 (05:51 +0000)]
verify desired and actual mech OIDs are equal before trying gss_duplicate_name
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24770
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:51:09 +0000 (05:51 +0000)]
test SAML S4U impersonation
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24769
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:50:56 +0000 (05:50 +0000)]
Don't treat SAML authdata as KDC-issueda in KDC
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24768
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:50:43 +0000 (05:50 +0000)]
allow unsigned assertions
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24767
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:50:30 +0000 (05:50 +0000)]
allow assertion to be NULL
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24766
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:50:17 +0000 (05:50 +0000)]
s4u2proxy_set_attribute should only return EPERM for its own attribute
Failure to do this breaks other attribute providers' set_attribute()
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24765
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:50:02 +0000 (05:50 +0000)]
allow mechanisms to export a gss_duplicate_name SPI that supports
composite name copies (i.e. copying attributes). this was a bug.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24764
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:49:44 +0000 (05:49 +0000)]
expose raw SAML assertion via naming extensions
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24763
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 31 Mar 2011 12:23:53 +0000 (12:23 +0000)]
private interface for exporting LDAP entry data
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24761
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 31 Mar 2011 12:23:39 +0000 (12:23 +0000)]
get shibboleth resolver working
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24760
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 31 Mar 2011 12:23:21 +0000 (12:23 +0000)]
merge old SAML branch GSS stuff
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24759
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 30 Mar 2011 10:54:50 +0000 (10:54 +0000)]
forward-port saml branch
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24758
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 30 Mar 2011 10:54:31 +0000 (10:54 +0000)]
port SAML authdata plugin to Shibboleth resolver
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24757
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 30 Mar 2011 01:21:57 +0000 (01:21 +0000)]
Create branch saml2
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24756
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Mar 2011 15:50:06 +0000 (15:50 +0000)]
Fix a precedence error in g_make_token_header() which caused it to
write the wrong length when no token type is passed.
(From r24739 in users/lhoward/moonshot-mechglue-fixes.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24745
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Mar 2011 15:46:03 +0000 (15:46 +0000)]
Set better error messages when plugins fail to load.
(From r24741 in users/lhowards/moonshot-mechglue-fixes.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24744
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Mar 2011 01:24:42 +0000 (01:24 +0000)]
Fix DAL documentation to recommend using krb5_db_get_context() and
krb5_db_set_context() instead of directly accessing
context->dal_handle->db_context (which requires internal headers).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24743
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 19 Mar 2011 15:06:21 +0000 (15:06 +0000)]
Update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24730
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 18 Mar 2011 21:29:23 +0000 (21:29 +0000)]
Minor clean-up in krb5.hin
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24729
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 18 Mar 2011 20:48:06 +0000 (20:48 +0000)]
Move doxygen comments from source to header. Updated comments and added some usage examples.
Affected functions: krb5_cc_get_config, krb5_cc_set_config, krb5_is_config_principal
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24728
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 18 Mar 2011 19:12:33 +0000 (19:12 +0000)]
Reinstate the line wrapping of the copyright notice in krb5.hin, and
fix the format of the header comment.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24727
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 18 Mar 2011 18:16:32 +0000 (18:16 +0000)]
Added usage examples to the krb5_build_principal function family
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24726
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 18 Mar 2011 00:04:22 +0000 (00:04 +0000)]
Use a helper function to clarify prepare_error_as() in the KDC
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24725
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 17 Mar 2011 22:10:44 +0000 (22:10 +0000)]
KDC memory leak of reply padata for FAST replies
kdc_fast_response_handle_padata() replaces rep->padata, causing the
old value to be leaked. As a minimal fix, free the old value of
rep->padata before replacing it.
ticket: 6885
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24724
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 17 Mar 2011 22:08:22 +0000 (22:08 +0000)]
Don't leak the default realm name when initializing the default realm
in the KDC.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24723
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 17 Mar 2011 20:02:01 +0000 (20:02 +0000)]
KDC memory leak in FAST error path
When kdc_fast_handle_error() produces a FAST-encoded error, it puts it
into err->e_data and it never gets freed (since in the non-FAST case,
err->e_data contains aliased pointers). Fix this by storing the
encoded error in an output variable which is placed into the error's
e_data by the caller and then freed.
ticket: 6884
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24722
dc483132 -0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 15 Mar 2011 21:47:19 +0000 (21:47 +0000)]
KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
Fix a double-free condition in the KDC that can occur during an
AS-REQ when PKINIT is enabled.
ticket: 6881
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24705
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 15 Mar 2011 19:02:32 +0000 (19:02 +0000)]
Remove the Yarrow copyright notice since the code is gone
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24704
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 14 Mar 2011 20:34:59 +0000 (20:34 +0000)]
Resolve a few miscellaneous warnings
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24703
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 14 Mar 2011 19:12:18 +0000 (19:12 +0000)]
Remove two headers accidentally left behind in r24677
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24702
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Mar 2011 17:53:18 +0000 (17:53 +0000)]
Although it can't actually happen, make it more explicit that we won't
dereference a null mech in the cleanup handler of the mechglue's
gss_accept_sec_context.
ticket: 6813
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24701
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Mar 2011 17:47:21 +0000 (17:47 +0000)]
Fix NSS PBKDF2 in the v4 salt (i.e. empty salt) case
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24700
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Mar 2011 04:20:17 +0000 (04:20 +0000)]
Move the des and AFS string-to-key implementations into lib/crypto/krb,
since they aren't standard crypto primitives. Revise the module SPI
accordingly. Add tests for AFS string-to-key to t_str2key.c to replace
the ones in the (now defunct) t_afss2k.c.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24699
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Mar 2011 04:17:42 +0000 (04:17 +0000)]
Fix a couple of key import modes in the NSS module, although they don't
seem to matter a lot.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24698
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Mar 2011 21:50:47 +0000 (21:50 +0000)]
Remove ser_eblk.c, which has been unused since r11001 (October 1998)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24697
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Mar 2011 21:47:51 +0000 (21:47 +0000)]
Add one-line descriptions in the filename comments to prototype.[ch]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24696
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Mar 2011 21:46:07 +0000 (21:46 +0000)]
Adjust most C source files to match the new standards for copyright
and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Mar 2011 21:42:08 +0000 (21:42 +0000)]
Add a script and Makefile target to check for violations of the
recently added standards for copyright and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24694
dc483132 -0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 8 Mar 2011 20:53:55 +0000 (20:53 +0000)]
Fix a memory leak independently found by Tim Pozdeev and Arlene Berry
This change should be pulled up to the 1.8 and 1.7 branches as well.
ticket: 6844
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24693
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 8 Mar 2011 19:34:31 +0000 (19:34 +0000)]
SPNEGO's accept_sec_context and init_sec_context produce a null context
on error, so it needs to silently succeed when deleting a null context.
It was instead passing the null context along to the mechglue which
would produce an error, causing a leak of the mechglue's union context
wrapper. Reported by aberry@likewise.com.
ticket: 6863
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24692
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 8 Mar 2011 17:22:20 +0000 (17:22 +0000)]
prototype/getopt.c hasn't been updated in quite some time and we don't
really need it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24691
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Mar 2011 16:33:47 +0000 (16:33 +0000)]
Update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24690
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Mar 2011 13:30:35 +0000 (13:30 +0000)]
Fix up signed/unsigned warnings in this directory. There are still
a few more - but these were the obvious ones.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24689
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Mar 2011 13:29:54 +0000 (13:29 +0000)]
Clean up memory leaks at end of program. No leaks now on success
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24688
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Mar 2011 13:29:05 +0000 (13:29 +0000)]
On make clean remove test programs and object files. In lib/krb5/krb
make depend as a test program was missed from the source list.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24687
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 19:16:28 +0000 (19:16 +0000)]
Add test vectors from RFC 3961 for DES and DES3 to t_str2key.c. Fix
OpenSSL module handling of salts in its DES string-to-key.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24686
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 5 Mar 2011 17:37:21 +0000 (17:37 +0000)]
Add test script for user2user programs
Simple test programs to make sure that user2user functions.
ticket: 6878
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24685
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 5 Mar 2011 15:56:33 +0000 (15:56 +0000)]
Include crypto_int.h for mit_des_fixup_key_parity prototype
Cleanup signed/unsigned warnings.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24684
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 14:33:37 +0000 (14:33 +0000)]
Fix a conceptual (but not practical) type mismatch in the OpenSSL
module's mit_des_fixup_key_parity resulting from r24677.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24683
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 14:00:38 +0000 (14:00 +0000)]
Make enc provider free_state function return void
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24682
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 13:51:00 +0000 (13:51 +0000)]
Remove the init_state and free_state enctype functions and go back to
always delegating state to the enc provider. (We needed enctype-
specific state initialization for CCM enctypes when we had them.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24681
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 13:36:53 +0000 (13:36 +0000)]
Move t_cf2 from lib/crypto/builtin to lib/crypto/crypto_tests, as it
is not specific to the builtin module.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24680
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 13:31:02 +0000 (13:31 +0000)]
Flatten lib/crypto/krb, as its seven subdirectories only contained a
few source file each (often only 1-2).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24679
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 3 Mar 2011 15:21:11 +0000 (15:21 +0000)]
Fix SHA-256 on big-endian platforms
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24678
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 2 Mar 2011 05:29:29 +0000 (05:29 +0000)]
Consolidate almost all lib/crypto/krb headers into a single
crypto_int.h. In that header, define and document responsibilities
for crypto modules, some of which are satisfied through a
module-specific crypto_mod.h. In the OpenSSL and NSS modules, remove
many of the headers and sources providing functionality which isn't
needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and
SHA-1 hashing, as well as DES weak key testing). Change most
Makefile.ins to only include headers from lib/crypto/krb and
lib/crypto/$(CRYPTO_IMPL), instead of from many different directories.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24677
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 2 Mar 2011 01:48:10 +0000 (01:48 +0000)]
Remove some declarations from kdc_preauth.c which are no longer needed
after r24403.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24676
dc483132 -0cff-0310-8789-
dd5450dbe970
projects / thirdparty / krb5.git / log
