Ezra Peisach [Thu, 6 Dec 2001 18:27:06 +0000 (18:27 +0000)]
* krcp.c, krlogin.c, krlogind.c, krsh.c, krshd.c, login.c,
setenv.c, v4rcp.c: Signed v.s unsigned int cleanup.
* defines.h: rcmd_stream_{read,write} take size_t as length argument.
* kcmd.c: Use GETSOCKNAME_ARG3_TYPE instead of assuming int. input
and output handler take size_t as length argument instead of
int. Other signed vs. unsigned fixes.
Danilo Almeida [Wed, 28 Nov 2001 21:20:38 +0000 (21:20 +0000)]
* ms2mit.c: Make sure we get a des-cbc-crc session key instead of
potentially getting whatever happens to be in the cache. Remove
unnecessary static variables. Make function headers use a
consistent format. Rename ShowLastError() to ShowWinError() and
ShowNTError() to ShowLsaError().
Sam Hartman [Mon, 26 Nov 2001 20:43:10 +0000 (20:43 +0000)]
2001-11-24 Sam Hartman <hartmans@mit.edu>
* fwd_tgt.c (krb5_fwd_tgt_creds): Get a session key for the
forwarded tgt that is the same as the session key for the
auth_context. This is an enctype we know the remote side
supports.
Ezra Peisach [Mon, 19 Nov 2001 18:41:24 +0000 (18:41 +0000)]
* kdb5_verify.c (main): Use krb5_free_unparsed_name() to free up
memory.
(check_princ): Use krb5_free_data_contents() and
krb5_free_principal() to cleanup memory leak.
Ezra Peisach [Mon, 19 Nov 2001 18:32:44 +0000 (18:32 +0000)]
* kadm_server.h: Update prototype for convert_kadm5_to_kadm
* admin_server.c (process_client): Do not assign negative value to
unsigned variable.
(convert_kadm5_to_kadm): Return krb5_int32 instead of krb5_ui_4 to
be compatible with error codes.
Ezra Peisach [Fri, 16 Nov 2001 19:24:55 +0000 (19:24 +0000)]
* init_ctx.c (DEFAULT_ETYPE_LIST): Ensure space present after
arcfour-hmac-md5 entry for when ANSI strings concatenated the
des-cbc-crc entry was dropped.
Sam Hartman [Fri, 16 Nov 2001 15:00:48 +0000 (15:00 +0000)]
* Link Yarrow into the build
* Use Yarrow as the PRNG with the compatibility API
* Write most of new PRNG entropy API
* Write but (currently) do not use PRNG test harness
* Fix Yarrow ciphers not to depend on libkrb5
Sam Hartman [Thu, 8 Nov 2001 21:54:31 +0000 (21:54 +0000)]
Remove OS-dependent files.
yseed contains some win32 code to seed based on system events etc.
We may want to look at this in the future, but I want to get things working
in a portable manner before I worry about OS-specific things.
ystate.c contains routines to save/load state.
We're not doing that now.
Sam Hartman [Thu, 8 Nov 2001 21:51:58 +0000 (21:51 +0000)]
Add Yarrow from http://www.zeroknowledge.com/
This is version 0.1 of their Yarrow implementation. I have flattened the distribution,
copying files in the src directory directly into this directory.
Sam Hartman [Wed, 7 Nov 2001 22:02:19 +0000 (22:02 +0000)]
2001-11-06 Sam Hartman <hartmans@mit.edu>
* kcmd.c: Define storage for our key usages
(rcmd_stream_init_krb5): Support c_init_state for non-des non-des3 enctypes
(v5_des_write v5_des_read): support variable keyusage
Sam Hartman [Tue, 6 Nov 2001 15:25:49 +0000 (15:25 +0000)]
* Add krb5_c_init_state and krb5_c_free_state functions
* Add init_state and free_state to enc_providers as operations that need to be filled in
* Implement generic free_state and des-specific init_state
* Implement arcfour-specific init_state
* Add functions to find enctype state functions and call them
* Add tests for above
Tom Yu [Fri, 2 Nov 2001 21:40:35 +0000 (21:40 +0000)]
* rsh.exp: Fix date grabbing code so we don't try to parse the
timezone-less date out of of a syslog message. expect eof in
places to drain pty buffers and avoid deadlock.
Tom Yu [Fri, 2 Nov 2001 20:03:00 +0000 (20:03 +0000)]
* v4gssftp.exp: Calling send_error from within a dejagnu test is
wrong. So is calling exit. Fix to not do these things. Expect
eof rather than "\r" so as to drain pty buffers and avoid
deadlock.
Tom Yu [Fri, 2 Nov 2001 19:06:52 +0000 (19:06 +0000)]
* gssftp.exp: Calling send_error from within a dejagnu test is
wrong. So is calling exit. Fix to not do these things. Expect
eof rather than "\r" so as to drain pty buffers and avoid
deadlock.
Tom Yu [Thu, 1 Nov 2001 00:09:14 +0000 (00:09 +0000)]
* default.exp (check_k5login, check_klogin): Error out if there is
a nonexistent .k5login or .klogin for root.
(setup_{kadmind_,}srvtab, add_{random,kerberos}_key): Notice
unmatched output to avoid timing out on certain errors. Look for
command echoes. Clear the expect_after list in places to avoid
problems with lingering expect_after clauses against invalid
spawn_ids. expect eof in places to avoid pty deadlock.
Ezra Peisach [Tue, 30 Oct 2001 18:12:26 +0000 (18:12 +0000)]
* k5unseal.c: Fix whitespace in copyright message
* k5seal.c (make_seal_token_v1): Cleanup code for mic
tokens. Essentially revert code to Sam's 10/25 code, with one
correction - allocation of data_ptr - use msglen and not tmsglen.
Additionally, do not rely on malloc(0) being non-NULL.
Sam Hartman [Sat, 27 Oct 2001 04:22:08 +0000 (04:22 +0000)]
* Use right key usage for seal without encryption.
Now tested and working against win2k ldap server; wrap and unwrap
of encrypted and unencrypted data tested.
So far no test of getmic or verify_mic.
Ezra Peisach [Fri, 26 Oct 2001 22:14:31 +0000 (22:14 +0000)]
* k5seal.c (make_seal_token_v1): Correct errors in code
pertaining to case when signing message only. Fixes buffer
overflows as found by gssapi dejagnu testsuite.
Ezra Peisach [Fri, 26 Oct 2001 17:10:33 +0000 (17:10 +0000)]
* rcp.exp, rsh_exp (stop_rsh_daemon): Do not close a process and
then look for eof. Some versions of expect go through a full
timeout in this scenario and others return immediately. New order:
kill process, expect eof, close, and then wait.
Sam Hartman [Fri, 26 Oct 2001 05:50:25 +0000 (05:50 +0000)]
* Expose some rc4 crypto routines through the accessor mechanism; cleaner than raw enctype
* Deal with GSSAPI key usage in microsoft translation
* Add rc4 gssapi mechanism; works with itself, not tested against
* Windows yet
* Refactor large chunks of k5seal.c to make code more readable for
debugging
Tom Yu [Thu, 25 Oct 2001 20:25:32 +0000 (20:25 +0000)]
* do_as_req.c (process_as_req: Treat SUPPORT_DESMD5 as if it were
always cleared.
* do_tgs_req.c (process_tgs_req): Treat SUPPORT_DESMD5 as if it
were always cleared.
* kdc_util.c (select_session_keytype): Don't issue session key
enctype that is not in permitted_enctypes.
(dbentry_supports_enctype): For now, always treat SUPPORT_DESMD5
as if it were cleared.
Tom Yu [Thu, 25 Oct 2001 20:21:28 +0000 (20:21 +0000)]
* kdb_xdr.c (krb5_dbe_search_enctype): Filter out enctypes that
aren't in permitted_enctypes. This prevents the KDC from issuing
a ticket whose enctype that it won't accept.
* keytab.c (krb5_ktkdb_get_entry): For now, coerce enctype of
output keyblock in case we got a match on a similar enctype.
Ezra Peisach [Wed, 24 Oct 2001 18:34:04 +0000 (18:34 +0000)]
* t_encrypt.c: Argument to krb5_c_encrypt_length must be size_t
instead of int (which is the length in krb5_data) or unaligned
access occurs on Dec OSF machines.
Ezra Peisach [Wed, 24 Oct 2001 15:23:25 +0000 (15:23 +0000)]
* db-config.h.in: Remove unnecessary definitions for including
db.h header file. These include WORDS_BIGENDIAN, ssize_t, u_short,
int8_t, u_int8_t, int16_t, u_int16_t, int32_t.
Ezra Peisach [Wed, 24 Oct 2001 15:22:32 +0000 (15:22 +0000)]
* aclocal.m4: Require 2.13 of autoconf.
(DECLARE_SYS_ERRLIST, CHECK_SIGPROCMASK, CHECK_DIRENT,
CHECK_WAIT_TYPE, CHECK_SIGNALS, KRB5_SIGTYPE, KRB5_AC_CHECK_INET6,
HAVE_YYLINENO, KRB5_SOCKADDR_SA_LEN, AC_HEADER_STDARG,
KRB5_AC_NEED_LIBGEN, KRB5_AC_ENABLE_DNS): Use of AC_DEFINE
modified to provide comment for autoheader generated file.
* acconfig.h: Remove ANSI_STDIO, NO_YYLINENO, POSIX_FILE_LOCKS,
POSIX_SIGTYPE, POSIX_TERMIOS, USE_DIRENT_H, WAIT_USES_INT,
krb5_sigtype, HAVE_STDARG_H, HAVE_VARARGS_H, HAV_REGCOMP,
HAVE_SA_LEN, HAVE_SOCKLEN_T, KRB5_ATHENA_COMPAT, KRB5_KRB4_COMPAT,
KRB5_DNS_LOOKUP, KRB5_DNS_LOOKUP_KDC, KRB5_DNS_LOOKUP_REALM,
KRB5_USE_INET6, MEMMOVE, memmove, mkstemp and strerror. All
replaced by use of third argument to AC_DEFINE.
Mitchell Berger [Wed, 24 Oct 2001 09:08:01 +0000 (09:08 +0000)]
* kadmin.exp: Corrected a couple of unimportant typos. Added procedures
kadmin_addpol, kadmin_delpol, kadmin_listpols, kadmin_modpol, and
kadmin_showpol, which provide the tools with which to perform policy
tests. Added some basic policy operations to the tests of basic
kadmin functions. Added a test case to exercise the kadmind crash
that used to occur when the history number of a policy was decreased.
Tom Yu [Wed, 24 Oct 2001 04:10:53 +0000 (04:10 +0000)]
* default.exp: Add support for setting SUPPORT_DESMD5 flag on the
TGT principal. Add test pass des.md5-tgt for exercising enctype
similarity inconsistency. Add test pass des.no-kdc-md5 for
exercising failure to constrain session key issuance to
permitted_enctypes. Pepper the code with null calls to
expect_after to prevent misfiring of expect_after clauses.
(setup_srvtab): Look for some possible error cases to avoid timing
out.
(setup_root_shell): Restore timeout so we don't wait 5 minutes in
other places.