Theodore Tso [Wed, 10 Jan 1996 03:56:23 +0000 (03:56 +0000)]
forward.c (get_for_creds): Removed no longer used function
kerberos5.c (kerberos5_forward): Convert from using get_for_creds()
from forward.c to using the official library routine,
krb5_fwd_tgt_creds(). Misc. lint cleanups.
Theodore Tso [Fri, 5 Jan 1996 03:24:36 +0000 (03:24 +0000)]
hostaddr.c (krb5_os_hostaddr): New function which takes a hostname and
returns a list of krb5 addresses. (This is basically a glue routine
that converts the result of gethostbyname() to krb5 addresses.)
Richard Basch [Thu, 4 Jan 1996 05:33:35 +0000 (05:33 +0000)]
* aclocal.m4, acconfig.h
Removed sys/fcntl.h checking (always use fcntl.h instead)
* TODO
Documented that sys/fcntl.h checks have been removed.
Added a KDC bug that needs to be investigated.
Theodore Tso [Thu, 4 Jan 1996 03:00:07 +0000 (03:00 +0000)]
* gss-client.c (main, client_establish_context): If the -d flag is
given to the client, then try to delegate credentials when
establishing the context.
Theodore Tso [Thu, 4 Jan 1996 02:44:21 +0000 (02:44 +0000)]
* rd_cred.c (krb5_rd_cred_basic): When the keyblock is NULL, assume
we're being called from the gssapi code, which doesn't have access to
the sender or receive address information, don't check the sender
address, since it won't be available.
* rd_cred.c (decrypt_credencdata): When calling krb5_rd_credd(), if
the keyblock is null, just copy the encoded structure from the
"ciphertext" part of the structure and decode it.
* mk_cred.c (encrypt_credencpart): When calling krb5_mk_cred(), if the
keyblock is NULL, don't encrypt it; just encode it and leave it in the
ciphertext area of the structure.
Theodore Tso [Thu, 21 Dec 1995 23:50:16 +0000 (23:50 +0000)]
Changed KRB5_SENDAUTH_MUTUAL_FAILED to KRB5_MUTUAL_FAILED (since the
error code is no longer used in sendauth). Added KRB5_CC_FORMAT for
indicating a problem in the credentials cache format.
Theodore Tso [Thu, 21 Dec 1995 23:39:45 +0000 (23:39 +0000)]
In the case of SCC_OPEN_AND_ERASE, unlink the filename first, in case
there's a symbolic link lurking about. (We should do an exclusive
open then, but there's no such thing in stdio.)
Theodore Tso [Thu, 21 Dec 1995 23:25:19 +0000 (23:25 +0000)]
* configure.in: Check for the stat call, since profile_update_file
needs to know whether it exists. (It doesn't on the Mac.)
* prof_file.c (profile_update_file): Change use of HAS_STAT to
HAVE_STAT, to confirm with autoconf test. If the stat() call does not
exist, assume that our in-core memory image is correct, and never
re-read the profile file unless we explicitly close it.
Theodore Tso [Thu, 21 Dec 1995 23:19:13 +0000 (23:19 +0000)]
* Makefile.in (t_an_to_ln): Use $(LD) instead of $(CC) to link final
executables, so that we can more easily use purify.
* hst_realm.c (krb5_get_host_realm): Eliminate memory leak; realm was
already being allocated by the profile library; no reason to
reallocate it again.
Ezra Peisach [Mon, 18 Dec 1995 00:57:37 +0000 (00:57 +0000)]
Add a blank line to work around a misfeature in DecUnix 3.2's fgrep where
there is a line limit. autoheader (which is only used by developers)
tries to put together a very long line with is then parsed - but due
to fgreps line length limitation this breaks. By adding the blank line
autoheader divides the work into multiple sections and wins.
Richard Basch [Tue, 12 Dec 1995 19:45:13 +0000 (19:45 +0000)]
* fetch_mkey: Changed krb5_db_fetch_mkey() such that it will only try
to set the enctype of the keyblock if the keyblock had it
set to ENCTYPE_UNKNOWN.
Richard Basch [Tue, 12 Dec 1995 19:32:56 +0000 (19:32 +0000)]
* d3_str2ky.c: Updated to include some of the randomness throughout
the entire key. The second 3-DES CBC encryption of the block
should use an ivec of the last cipher block.
Richard Basch [Tue, 12 Dec 1995 19:32:45 +0000 (19:32 +0000)]
* 3-des.txt: Updated to include some of the randomness throughout
the entire key. The second 3-DES CBC encryption of the block
should use an ivec of the last cipher block.
Chris Provenzano [Tue, 12 Dec 1995 06:30:11 +0000 (06:30 +0000)]
New directory for the kdb keytab functions. Currently there is only get and
resolve but these are sufficient to remove the ugly hack where the key is
passed to krb5_rd_req() in the user-to-user field of the auth_context.
These functions do NOT need to be built on the Macintosh or Windows systems.
Chris Provenzano [Tue, 12 Dec 1995 06:24:26 +0000 (06:24 +0000)]
* kdb_dbm.c : Move the krb5_db_context to include/krb5/kdb_dbc.h.
* kdb_dbm.c krb5_dbm_db_set_mkey(), krb5_dbm_db_get_mkey():
Functions for associating a master key (krb5_encrypt_block *)
to a krb5_db_context. Currently it associates it to the
krb5_context and will be fixed once the krb5_db_context
is better defined (Post 1.0).
Chris Provenzano [Tue, 12 Dec 1995 06:18:53 +0000 (06:18 +0000)]
* extern.h: Added a krb5_keytab to the realm context. The keytab
should be associated with a krb5_db_context which will
make having a krb5_context unnecessary in the realm context.
* kdc_util.c kdc_process_tgs_req(): Use the realm keytab instead
of faking up a user-to-user key to pass to krb5_rd_req_decode().
* main.c: Added code to use the new database keytab routines.
Chris Provenzano [Tue, 12 Dec 1995 06:09:05 +0000 (06:09 +0000)]
* adm.h: Added principal flag keywords KRB5_ADM_KW_SETFLAGS and
KRB5_ADM_KW_UNSETFLAGS because relative flag modification
is just a good idea.
* kdb.h: typedef kdb5_dispatch_table so prototypes that need it
compile even if KDB5_DISPATCH isn't defined.
* kdb_dbc.h: The start of the database context, which should be
removed from the krb5_context.
Ezra Peisach [Sun, 10 Dec 1995 16:19:38 +0000 (16:19 +0000)]
Add new routine krb5_input_flag_to_string to allow an application to
loop over the input flag strings for displaying help messages (i.e.
modent in krb5_edit).
Richard Basch [Tue, 5 Dec 1995 03:45:06 +0000 (03:45 +0000)]
Added two new routines for multiple encryption type support:
krb5_set_default_tgs_ktypes(context, ktypes)
This routine sets the default application session key types to be used.
krb5_get_tgs_ktypes(context, principal, &ktypes)
This routine gets the session key types to be used with "principal".
At the moment, this only uses the krb5_set_default_tgs_ktypes values
or those specified in libdefaults/default_tgs_enctypes (krb5.conf).
It is envisioned that this may later support per-host/per-realm lookup.
Richard Basch [Tue, 5 Dec 1995 03:41:31 +0000 (03:41 +0000)]
Added prototypes for two new routines:
krb5_set_default_tgs_ktypes - sets default app. session key types.
krb5_get_tgs_ktypes - gets app. session key types.
Also added a new flag for testing credential matches (match supported keytype)
Richard Basch [Tue, 5 Dec 1995 03:30:58 +0000 (03:30 +0000)]
The wrong encryption system was being initialized. The response to the mk_req
should be done using the session key and its encryption system, not the
ticket's encryption system.
Richard Basch [Tue, 5 Dec 1995 03:24:44 +0000 (03:24 +0000)]
Moved most string-type conversion routines from libkadm to libkrb5 to
reduce the dependencies on libkadm and for better support of multiple
encryption type lookup in krb5.conf.