git.ipfire.org Git - thirdparty/krb5.git/log

]> git.ipfire.org Git - thirdparty/krb5.git/log

Luke Howard [Sat, 9 Apr 2011 03:40:43 +0000 (03:40 +0000)]

fix regression in mech SPI availability check

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24868 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sat, 9 Apr 2011 03:38:07 +0000 (03:38 +0000)]

remove user_ok outparam from gss_authorize_localname

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24867 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sat, 9 Apr 2011 03:03:24 +0000 (03:03 +0000)]

return GSS_S_NAME_NOT_MN if name not mechname

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24866 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sat, 9 Apr 2011 01:34:09 +0000 (01:34 +0000)]

Merge branch 'master' into users/lhoward/moonshot-mechglue-fixes

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24865 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sat, 9 Apr 2011 01:30:03 +0000 (01:30 +0000)]

in gss_userok, import name as GSS_C_NT_USER_NAME

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24864 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sat, 9 Apr 2011 01:27:10 +0000 (01:27 +0000)]

update for new authorize_localname SPI

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24863 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sat, 9 Apr 2011 01:26:55 +0000 (01:26 +0000)]

Cleanup, add mech type to authorize_localname SPI

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24862 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Fri, 8 Apr 2011 00:39:21 +0000 (00:39 +0000)]

remove redundant import_name call

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24858 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Fri, 8 Apr 2011 00:39:08 +0000 (00:39 +0000)]

make SPI entrypoint for authorize_localname gssspi_authorize_localname
to avoid prototype conflicts in mechanism implementations

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24857 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 7 Apr 2011 23:22:40 +0000 (23:22 +0000)]

implement gss_authorize_localname

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24855 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 7 Apr 2011 23:22:23 +0000 (23:22 +0000)]

Merge branch 'master' into users/lhoward/moonshot-mechglue-fixes

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24854 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Wed, 6 Apr 2011 00:13:35 +0000 (00:13 +0000)]

Merge branch 'master' into users/lhoward/moonshot-mechglue-fixes

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24845 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Mon, 4 Apr 2011 23:53:25 +0000 (23:53 +0000)]

Merge branch 'master' into users/lhoward/moonshot-mechglue-fixes

Conflicts:
src/appl/gss-sample/gss-server.c
src/lib/gssapi/mechglue/Makefile.in
src/lib/gssapi/mechglue/g_acquire_cred.c
src/lib/gssapi/mechglue/g_initialize.c

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24841 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sun, 3 Apr 2011 07:28:12 +0000 (07:28 +0000)]

allow empty names when importing GSS_C_NT_ANONYMOUS

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24820 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sun, 3 Apr 2011 07:27:59 +0000 (07:27 +0000)]

make const_attrs buffer static

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24819 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sun, 3 Apr 2011 06:53:02 +0000 (06:53 +0000)]

add a symbolic name, GSS_C_ATTR_LOCAL_LOGIN_USER, for local-login-user attribute

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24816 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sun, 3 Apr 2011 06:45:53 +0000 (06:45 +0000)]

Merge branch 'master' into users/lhoward/moonshot-mechglue-fixes

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24813 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sat, 2 Apr 2011 06:43:42 +0000 (06:43 +0000)]

Determine which authdata sources to interrogate based on the
module's usage. This is important if the authdata is signed
by the KDC with the TGT key (as the user can forge that in
the AP-REQ).

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24794 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sat, 2 Apr 2011 06:34:46 +0000 (06:34 +0000)]

Merge branch 'master' into users/lhoward/moonshot-mechglue-fixes

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24785 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Fri, 1 Apr 2011 05:57:58 +0000 (05:57 +0000)]

Merge branch 'master' into users/lhoward/moonshot-mechglue-fixes

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24778 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Fri, 1 Apr 2011 05:57:40 +0000 (05:57 +0000)]

Support for transiting attributes between mechanisms

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24777 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Fri, 1 Apr 2011 00:26:22 +0000 (00:26 +0000)]

verify desired and actual mech OIDs are equal before trying gss_duplicate_name

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24762 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Mon, 28 Mar 2011 12:55:23 +0000 (12:55 +0000)]

gss_userok() naming extensions wrapper need not check for complete

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24747 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sun, 27 Mar 2011 07:50:49 +0000 (07:50 +0000)]

Merge branch 'master' into users/lhoward/moonshot-mechglue-fixes

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24746 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Tue, 22 Mar 2011 04:41:10 +0000 (04:41 +0000)]

log plugin load errors to stderr

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24742 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Tue, 22 Mar 2011 04:38:37 +0000 (04:38 +0000)]

better debugging of plugin load failures

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24741 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Tue, 22 Mar 2011 01:44:20 +0000 (01:44 +0000)]

compesenate for missing TOK_ID when calculating encap size

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24740 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Tue, 22 Mar 2011 01:44:00 +0000 (01:44 +0000)]

Fix order of operations bug in token size calculation

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24739 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Tue, 22 Mar 2011 01:20:07 +0000 (01:20 +0000)]

fix a couple of nits in draft-josefsson-gss-capsulate-01

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24738 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Tue, 22 Mar 2011 00:39:42 +0000 (00:39 +0000)]

Implement draft-josefsson-gss-capsulate-01

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24737 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Mon, 21 Mar 2011 03:36:57 +0000 (03:36 +0000)]

Allow absolute paths for mechglue libraries

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24736 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Mon, 21 Mar 2011 01:03:02 +0000 (01:03 +0000)]

add gss_pname_to_uid test to gss-server

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24735 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Mon, 21 Mar 2011 00:54:24 +0000 (00:54 +0000)]

return GSS_S_UNAVAILABLE on localname lookup error

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24734 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Mon, 21 Mar 2011 00:44:18 +0000 (00:44 +0000)]

add attribute-based implementation of gssd_pname_to_uid

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24733 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sun, 20 Mar 2011 12:29:22 +0000 (12:29 +0000)]

set minor_status to KRB5_NO_LOCALNAME if pname_to_uid fails

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24732 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Sun, 20 Mar 2011 07:53:46 +0000 (07:53 +0000)]

Use PADL rather than MIT copyright for userok extensions (work
not performed under MIT contract and may be reused for other
projects)

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24731 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 14:14:12 +0000 (14:14 +0000)]

allow mechanisms to export a gss_duplicate_name SPI that supports
composite name copies (i.e. copying attributes). this was a bug.

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24721 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 14:13:07 +0000 (14:13 +0000)]

really revert RTLD_FIRST fix

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24720 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 13:45:03 +0000 (13:45 +0000)]

Use pointer test to avoid mechglue symbol loopback

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24719 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 13:44:44 +0000 (13:44 +0000)]

revert RTLD_FIRST check

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24718 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 12:44:43 +0000 (12:44 +0000)]

implement attribute-based userok authorisation logic as suggested
by Sam Hartman

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24717 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 05:59:40 +0000 (05:59 +0000)]

use RTLD_FIRST to avoid pulling in dependent symbols

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24716 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 05:52:17 +0000 (05:52 +0000)]

avoid unnecessary call to gssint_get_mechanism() in case of error path

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24715 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 05:37:50 +0000 (05:37 +0000)]

plug introduced leak in gss_acquire_cred

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24714 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 05:30:11 +0000 (05:30 +0000)]

If calling gss_accept_sec_context with non-NULL credentials, ensure
that you have credentials for the mechanism being accepted.

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24713 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 05:25:02 +0000 (05:25 +0000)]

make gss_acquire_cred(GSS_C_NO_OID_SET) acquire credentials for all
mechanisms rather than just the default mechanism.

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24712 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 05:06:26 +0000 (05:06 +0000)]

look for gss_{wrap_size_limit,pname_to_uid} when dynamically loading mechs by symbol

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24711 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 04:46:47 +0000 (04:46 +0000)]

Reinstate gss_userok and gss_pname_to_uid

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24710 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Luke Howard [Thu, 17 Mar 2011 04:10:20 +0000 (04:10 +0000)]

create branch for Moonshot work

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/moonshot-mechglue-fixes@24709 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Tom Yu [Tue, 15 Mar 2011 21:47:19 +0000 (21:47 +0000)]

KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]

Fix a double-free condition in the KDC that can occur during an
AS-REQ when PKINIT is enabled.

ticket: 6881
tags: pullup
target_version: 1.9.1

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24705 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Tue, 15 Mar 2011 19:02:32 +0000 (19:02 +0000)]

Remove the Yarrow copyright notice since the code is gone

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24704 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Mon, 14 Mar 2011 20:34:59 +0000 (20:34 +0000)]

Resolve a few miscellaneous warnings

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24703 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Mon, 14 Mar 2011 19:12:18 +0000 (19:12 +0000)]

Remove two headers accidentally left behind in r24677

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24702 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 11 Mar 2011 17:53:18 +0000 (17:53 +0000)]

Although it can't actually happen, make it more explicit that we won't
dereference a null mech in the cleanup handler of the mechglue's
gss_accept_sec_context.

ticket: 6813

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24701 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 11 Mar 2011 17:47:21 +0000 (17:47 +0000)]

Fix NSS PBKDF2 in the v4 salt (i.e. empty salt) case

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24700 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 11 Mar 2011 04:20:17 +0000 (04:20 +0000)]

Move the des and AFS string-to-key implementations into lib/crypto/krb,
since they aren't standard crypto primitives. Revise the module SPI
accordingly. Add tests for AFS string-to-key to t_str2key.c to replace
the ones in the (now defunct) t_afss2k.c.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24699 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 11 Mar 2011 04:17:42 +0000 (04:17 +0000)]

Fix a couple of key import modes in the NSS module, although they don't
seem to matter a lot.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24698 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Wed, 9 Mar 2011 21:50:47 +0000 (21:50 +0000)]

Remove ser_eblk.c, which has been unused since r11001 (October 1998)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24697 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Wed, 9 Mar 2011 21:47:51 +0000 (21:47 +0000)]

Add one-line descriptions in the filename comments to prototype.[ch]

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24696 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Wed, 9 Mar 2011 21:46:07 +0000 (21:46 +0000)]

Adjust most C source files to match the new standards for copyright
and license comments.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Wed, 9 Mar 2011 21:42:08 +0000 (21:42 +0000)]

Add a script and Makefile target to check for violations of the
recently added standards for copyright and license comments.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24694 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Tom Yu [Tue, 8 Mar 2011 20:53:55 +0000 (20:53 +0000)]

Fix a memory leak independently found by Tim Pozdeev and Arlene Berry

This change should be pulled up to the 1.8 and 1.7 branches as well.

ticket: 6844
tags: pullup
target_version: 1.9.1

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24693 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Tue, 8 Mar 2011 19:34:31 +0000 (19:34 +0000)]

SPNEGO's accept_sec_context and init_sec_context produce a null context
on error, so it needs to silently succeed when deleting a null context.
It was instead passing the null context along to the mechglue which
would produce an error, causing a leak of the mechglue's union context
wrapper. Reported by aberry@likewise.com.

ticket: 6863

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24692 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Tue, 8 Mar 2011 17:22:20 +0000 (17:22 +0000)]

prototype/getopt.c hasn't been updated in quite some time and we don't
really need it.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24691 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Ezra Peisach [Sun, 6 Mar 2011 16:33:47 +0000 (16:33 +0000)]

Update dependencies

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24690 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Ezra Peisach [Sun, 6 Mar 2011 13:30:35 +0000 (13:30 +0000)]

Fix up signed/unsigned warnings in this directory. There are still
a few more - but these were the obvious ones.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24689 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Ezra Peisach [Sun, 6 Mar 2011 13:29:54 +0000 (13:29 +0000)]

Clean up memory leaks at end of program. No leaks now on success

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24688 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Ezra Peisach [Sun, 6 Mar 2011 13:29:05 +0000 (13:29 +0000)]

On make clean remove test programs and object files. In lib/krb5/krb
make depend as a test program was missed from the source list.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24687 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Sat, 5 Mar 2011 19:16:28 +0000 (19:16 +0000)]

Add test vectors from RFC 3961 for DES and DES3 to t_str2key.c. Fix
OpenSSL module handling of salts in its DES string-to-key.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24686 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Ezra Peisach [Sat, 5 Mar 2011 17:37:21 +0000 (17:37 +0000)]

Add test script for user2user programs

Simple test programs to make sure that user2user functions.

ticket: 6878

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24685 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Ezra Peisach [Sat, 5 Mar 2011 15:56:33 +0000 (15:56 +0000)]

Include crypto_int.h for mit_des_fixup_key_parity prototype

Cleanup signed/unsigned warnings.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24684 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Sat, 5 Mar 2011 14:33:37 +0000 (14:33 +0000)]

Fix a conceptual (but not practical) type mismatch in the OpenSSL
module's mit_des_fixup_key_parity resulting from r24677.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24683 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Sat, 5 Mar 2011 14:00:38 +0000 (14:00 +0000)]

Make enc provider free_state function return void

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24682 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Sat, 5 Mar 2011 13:51:00 +0000 (13:51 +0000)]

Remove the init_state and free_state enctype functions and go back to
always delegating state to the enc provider. (We needed enctype-
specific state initialization for CCM enctypes when we had them.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24681 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Sat, 5 Mar 2011 13:36:53 +0000 (13:36 +0000)]

Move t_cf2 from lib/crypto/builtin to lib/crypto/crypto_tests, as it
is not specific to the builtin module.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24680 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Sat, 5 Mar 2011 13:31:02 +0000 (13:31 +0000)]

Flatten lib/crypto/krb, as its seven subdirectories only contained a
few source file each (often only 1-2).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24679 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Thu, 3 Mar 2011 15:21:11 +0000 (15:21 +0000)]

Fix SHA-256 on big-endian platforms

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24678 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Wed, 2 Mar 2011 05:29:29 +0000 (05:29 +0000)]

Consolidate almost all lib/crypto/krb headers into a single
crypto_int.h.  In that header, define and document responsibilities
for crypto modules, some of which are satisfied through a
module-specific crypto_mod.h.  In the OpenSSL and NSS modules, remove
many of the headers and sources providing functionality which isn't
needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and
SHA-1 hashing, as well as DES weak key testing).  Change most
Makefile.ins to only include headers from lib/crypto/krb and
lib/crypto/$(CRYPTO_IMPL), instead of from many different directories.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24677 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Wed, 2 Mar 2011 01:48:10 +0000 (01:48 +0000)]

Remove some declarations from kdc_preauth.c which are no longer needed
after r24403.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24676 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Wed, 2 Mar 2011 00:08:14 +0000 (00:08 +0000)]

In export-check.pl, display a better error if there are duplicate
symbols in the export list.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24675 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Mon, 28 Feb 2011 23:57:56 +0000 (23:57 +0000)]

Simplify lib/crypto/krb/arcfour in the wake of r23444. Move the
contents of arcfour_aead.c into arcfour.c, turn the key derivation
helper functions into static functions, and eliminate arcfour-int.h.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24673 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Mon, 28 Feb 2011 20:56:02 +0000 (20:56 +0000)]

Use the hash provider interface in krb5int_arcfour_string_to_key so
that we don't need a direct interface to MD4 in the crypto modules.
Also clean up the code a bit.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24672 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Sun, 27 Feb 2011 19:08:14 +0000 (19:08 +0000)]

Reference random-to-key handlers through the enctype instead of the
enc_provider, for consistency with string-to-key and the place of
implementation (other enc_provider functions are implemented in the
back end, but random-to-key handlers are in krb). Use a single
handler for non-DES/DES3 enctypes since it's always just directly
copying the bits. Collapse the three implementations (des, des3, and
direct) into random_to_key.c, as they're very short, and eliminate the
lib/crypto/krb/rand2key directory.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24669 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Sun, 27 Feb 2011 18:57:14 +0000 (18:57 +0000)]

Remove nonexistent aes_ctr from object and source file lists in
lib/crypto/openssl/enc_provider/Makefile.in.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24668 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Sun, 27 Feb 2011 02:35:04 +0000 (02:35 +0000)]

Make sure ulog_map() is invoked whenever we open the database in
kdb5_util. Fixes all of the master key rollover commands in the
presence of iprop. Reported by kacarstensen@csupomona.edu.

ticket: 6875
tags: pullup
target_version: 1.9.1

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24667 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 25 Feb 2011 19:53:04 +0000 (19:53 +0000)]

Namespace-protect SHA-256 symbols. Build SHA-256 code independently of
whether Fortuna was selected.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24666 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 25 Feb 2011 19:51:44 +0000 (19:51 +0000)]

Add Fortuna test program to file list for dependency generation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24665 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 25 Feb 2011 19:29:23 +0000 (19:29 +0000)]

Add a non-default PRNG module which just retrieves entropy from
/dev/urandom without any cryptographic post-processing.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24664 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 25 Feb 2011 19:28:13 +0000 (19:28 +0000)]

Remove some unnecessary includes from prng_fortuna.c

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24663 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 25 Feb 2011 17:30:37 +0000 (17:30 +0000)]

Make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 25 Feb 2011 17:23:54 +0000 (17:23 +0000)]

Now that all PRNG modules fit nicely into a single source file,
simplify the PRNG abstraction, flattening the implementations into
crypto/krb and removing the indirection through function pointers.
Move the guts of the NSS PRNG implementation into the nss subdir so
that crypto/krb doesn't need to be built with CRYPTO_IMPL_CFLAGS.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24661 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 25 Feb 2011 15:05:38 +0000 (15:05 +0000)]

Remove Yarrow PRNG implementation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24660 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 25 Feb 2011 15:04:49 +0000 (15:04 +0000)]

A couple more Windows build system adjustments for Fortuna as default
PRNG.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24659 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 25 Feb 2011 14:28:20 +0000 (14:28 +0000)]

Add a stubs file missing from r24656

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24658 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Fri, 25 Feb 2011 14:27:06 +0000 (14:27 +0000)]

Make Fortuna the default PRNG for the Windows build

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24657 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Thu, 24 Feb 2011 18:18:11 +0000 (18:18 +0000)]

Unbreak the OpenSSL and NSS crypto builds in the wake of r24652
(Fortuna as default PRNG), and remove some unnecessary related files.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24656 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Thu, 24 Feb 2011 16:13:58 +0000 (16:13 +0000)]

Fix dangling Makefile reference after r24652

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24655 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Thu, 24 Feb 2011 10:00:12 +0000 (10:00 +0000)]

Make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24654 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Thu, 24 Feb 2011 09:59:22 +0000 (09:59 +0000)]

Make Fortuna the default PRNG algorithm

ticket: 6874

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24653 dc483132-0cff-0310-8789-dd5450dbe970

commit | commitdiff | tree

Greg Hudson [Thu, 24 Feb 2011 09:58:45 +0000 (09:58 +0000)]

Fortuna as default PRNG

Rewrite prng_fortuna.c to much more closely match the description of
Fortuna in chapter 9 of Cryptography Engineering. Add a facility to
get OS entropy and implement it for Unix and Windows (not yet tested
on Windows) to replace prng/fortuna/entropy.c. Rewrite the test
harness to always ensure stable output and perform a statistical test
on the predictable internal state resulting from the stable-output
tests.

ticket: 6874

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24652 dc483132-0cff-0310-8789-dd5450dbe970

Mirror of https://github.com/krb5/krb5.git

RSS Atom