]>
git.ipfire.org Git - thirdparty/krb5.git/log
Luke Howard [Sat, 14 Nov 2009 01:08:10 +0000 (01:08 +0000)]
Fix another test error
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23159
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 13 Nov 2009 09:19:18 +0000 (09:19 +0000)]
fix ASN.1 test breakage
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23158
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 12 Nov 2009 23:45:25 +0000 (23:45 +0000)]
make unenc_authdata available to authdata plugins
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23156
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 12 Nov 2009 22:52:21 +0000 (22:52 +0000)]
remove duplicated assignment
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23155
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 8 Nov 2009 16:13:26 +0000 (16:13 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23143
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 3 Nov 2009 18:52:01 +0000 (18:52 +0000)]
merge r23067:23123 of trunk into s4u2proxy
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23124
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 27 Oct 2009 08:01:42 +0000 (08:01 +0000)]
merge r22975:23065 of trunk into s4u2proxy
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23066
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 27 Oct 2009 07:53:59 +0000 (07:53 +0000)]
don't issue AD-KDCIssued authdata in AS-REQ: it can be forged by client. Don't set a bad example!
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23065
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 27 Oct 2009 07:46:51 +0000 (07:46 +0000)]
add signedpath ASN.1 tests
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23064
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 27 Oct 2009 06:52:24 +0000 (06:52 +0000)]
ignore KDC issued authdata in AP-REQ
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23062
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sun, 25 Oct 2009 13:12:31 +0000 (13:12 +0000)]
always retrieve client for authdata plugins
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23035
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 22:14:09 +0000 (22:14 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23025
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 22:05:15 +0000 (22:05 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23024
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 20:33:58 +0000 (20:33 +0000)]
Fix ignored error code
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23023
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 19:30:49 +0000 (19:30 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23022
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 19:30:25 +0000 (19:30 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23021
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 19:26:37 +0000 (19:26 +0000)]
Cleanup logic: only if the Windows 2000 PAC is the only element in the
authorization data array is it safe to omit KRB5SignedPath. We could
always include KRB5SignedPath were it not for some interop issues with
earlier versions of Windows.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23020
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 17:47:01 +0000 (17:47 +0000)]
The Windows PAC fulfils the same role as the signed path
in the case that there is no other KDC issued auth data.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23019
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 17:32:55 +0000 (17:32 +0000)]
In constrained delegation, careful only to copy fields to the reply
ticket that have been protected by the TGS checksum. Previously we
were treating the evidence ticket as the header_enc_tkt, which could
have allowed a malicious server to forge the flags, times (apart from
endtime) and transited realms on the evidence ticket.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23018
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 16:35:43 +0000 (16:35 +0000)]
Fix previous commit OIDs
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23017
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 16:31:26 +0000 (16:31 +0000)]
reassign krbAllowedToDelegateTo under PADL arc
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23014
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 15:53:33 +0000 (15:53 +0000)]
fix off by one error in previous commit
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23011
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 15:52:45 +0000 (15:52 +0000)]
also sign authdata in KRB5_AUTHDATA_SIGNTICKET
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23010
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 24 Oct 2009 01:56:10 +0000 (01:56 +0000)]
explicitly check for keyed checksums when signing AD-KDCIssued and KRB5SignedPath
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23009
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 21:32:04 +0000 (21:32 +0000)]
revert unneeded changes to kdc_process_s4u2proxy_req
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23007
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 21:29:02 +0000 (21:29 +0000)]
revert unneeded changes to kdc_process_s4u2proxy_req
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23006
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 21:28:10 +0000 (21:28 +0000)]
revert handle_authdata reordering
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23005
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 21:15:09 +0000 (21:15 +0000)]
Replace oblique krb5_transited_service structure with an array
of krb5_principals
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@23000
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 20:53:21 +0000 (20:53 +0000)]
Update KRB5SignedPath to match latest Heimdal
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22999
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 19:31:48 +0000 (19:31 +0000)]
reject KRB5_AUTHDATA_MANDATORY_FOR_KDC top-level authdata
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22992
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 17:22:59 +0000 (17:22 +0000)]
KRB5_AUTHDATA_SIGNTICKET value is now 142
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22991
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 04:37:09 +0000 (04:37 +0000)]
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22986
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 04:22:07 +0000 (04:22 +0000)]
don't allocate more than necessary for delegated path
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22985
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 02:09:32 +0000 (02:09 +0000)]
plug leak
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22984
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 01:41:12 +0000 (01:41 +0000)]
update copyright
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22983
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 01:40:19 +0000 (01:40 +0000)]
update schema for krbAllowedToDelegateTo
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22982
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 01:34:16 +0000 (01:34 +0000)]
refactor, improve code readability
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22981
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 00:32:14 +0000 (00:32 +0000)]
Change is_kdc_issued_authdatum() to use new krb5int_get_authdata_containee_types() API
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22980
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 23 Oct 2009 00:26:27 +0000 (00:26 +0000)]
Add krb5int_get_authdata_containee_types() API for peeking into
authdata containers
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22979
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 22:51:36 +0000 (22:51 +0000)]
Separate propagation of TGT issued authorization data from KDB
managed authorization data: they are logically distinct. They
were previously combined because we didn't have the ability to
filter out KDC issued authorization data.
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22978
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 21:01:51 +0000 (21:01 +0000)]
merge 22964:22974 into s4u2proxy branch
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22975
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 16:36:13 +0000 (16:36 +0000)]
s/delegatee/transited_service/g
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22972
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 16:18:31 +0000 (16:18 +0000)]
refactor
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22971
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 15:36:23 +0000 (15:36 +0000)]
cleanup greet authdata plugin not to clobber authdata
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22970
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 15:35:53 +0000 (15:35 +0000)]
Fix a logic error
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22969
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 15:10:55 +0000 (15:10 +0000)]
add sample constrained delegation ACL backend for LDAP
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22968
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 14:54:20 +0000 (14:54 +0000)]
filter KDC-issued authdata
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22967
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 14:53:57 +0000 (14:53 +0000)]
Workaround for ASN.1 library difficulties
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22966
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 03:56:05 +0000 (03:56 +0000)]
some very preliminary work on PAC-less constrained delegation
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22965
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Thu, 22 Oct 2009 01:17:53 +0000 (01:17 +0000)]
Creating a branch for PAC-less constrained delegation implementation
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u2proxy@22964
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 18:21:50 +0000 (18:21 +0000)]
Allow the constrained delegation authorization method to use the evidence ticket client name as input to the authorization decision
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22963
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 17:24:37 +0000 (17:24 +0000)]
simplify logic fix introduced in r22960 for S4U2Self
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22962
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 16:03:40 +0000 (16:03 +0000)]
remove some unneeded extensions from the Novell backend authdata SPI
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22961
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 16:00:08 +0000 (16:00 +0000)]
ensure that forwardable flag is propagated along S4U2Self referral path
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22960
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 00:53:47 +0000 (00:53 +0000)]
Increment authdata SPI to V2 (V1 was experimental) to account for additional
krbtgt key parameter.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22959
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Wed, 21 Oct 2009 00:50:08 +0000 (00:50 +0000)]
Increment authdata SPI to V2 (V1 was experimental) to account
for additional krbtgt key parameter. This was at Sam's suggestion.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22958
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 20 Oct 2009 15:40:47 +0000 (15:40 +0000)]
For naming extensions draft compliance, s/mspac:/urn:mspac:/
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22957
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 20 Oct 2009 14:23:32 +0000 (14:23 +0000)]
Make some gss-krb5 utility functions take enctypes instead of keys,
and adjust callers. Fixes a bug where kg_arcfour_docrypt_iov was
passing a keyblock instead of a key to kg_translate_iov after the
enc-perf merge.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22956
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 20 Oct 2009 14:14:46 +0000 (14:14 +0000)]
use ANSI prototypes for acquire_XXX_cred, and fix cast to calling acquire_accept_cred()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22955
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 20 Oct 2009 13:51:40 +0000 (13:51 +0000)]
correct indirection of minor status code when calling displayStatus()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22954
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 20 Oct 2009 13:49:48 +0000 (13:49 +0000)]
In k5_hmac_md5_hash_iov, initialize keyblock.contents so that we don't
free it prior to initialization if krb5_hmac fails.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22953
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 20 Oct 2009 13:47:40 +0000 (13:47 +0000)]
In krb5_k_make_checksum, check for a null key passed with a keyed
checksum instead of just crashing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22952
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 20 Oct 2009 10:56:21 +0000 (10:56 +0000)]
Clean up memory leaks by releasing key at end
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22951
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 20 Oct 2009 10:21:01 +0000 (10:21 +0000)]
Include des_int.h for mit_des_fixup_key_parity prototype
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22950
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 20 Oct 2009 02:07:22 +0000 (02:07 +0000)]
Fix memory leaks in enc-perf work
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22949
dc483132 -0cff-0310-8789-
dd5450dbe970
Luke Howard [Tue, 20 Oct 2009 00:48:46 +0000 (00:48 +0000)]
fix some Coverity reported defects in naming extensions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22948
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 19 Oct 2009 20:04:21 +0000 (20:04 +0000)]
Implement new APIs to allow improved crypto performance
Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the
krb5_k_* APIs to use them, and caching of derived keys when krb5_k_*
functions are used. Updates the krb5 auth context and GSS id-rec to
use krb5_keys.
ticket: 6576
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944
dc483132 -0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 19 Oct 2009 18:14:35 +0000 (18:14 +0000)]
Update prototype files to conform with newer whitespace rules
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22937
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 18 Oct 2009 11:55:53 +0000 (11:55 +0000)]
Include des_int.h for mit_des_fixup_key_parity prototype. Adjust Makefile.in
to find the proper header.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22912
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 18 Oct 2009 11:22:22 +0000 (11:22 +0000)]
Remove adb.h as it is not used in the source tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22911
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 16 Oct 2009 17:32:15 +0000 (17:32 +0000)]
Properly handle ivec for chaining ops
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22906
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 16 Oct 2009 17:14:14 +0000 (17:14 +0000)]
Fix the value of ivec in aes_decrypt_iov
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22905
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 15 Oct 2009 19:57:29 +0000 (19:57 +0000)]
Enable t_cts test
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22902
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 15 Oct 2009 16:27:19 +0000 (16:27 +0000)]
Fixed aes to handle the input buffers of the various sizes
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22900
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 13 Oct 2009 19:43:17 +0000 (19:43 +0000)]
Fix preauth looping in krb5_get_init_creds
In 1.7, krb5_get_init_creds will continue attempting the same built-in
preauth mechanism (e.g. encrypted timestamp) until the loop counter
maxes out. Until the preauth framework can remember not to retry
built-in mechanisms, only continue with preauth after a PREAUTH_FAILED
error resulting from optimistic preauth.
ticket: 6573
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22890
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 13 Oct 2009 19:38:16 +0000 (19:38 +0000)]
Revert a small part of r22736 which incorrectly fixed a preauth
looping bug in krb5_get_init_creds. A more correct fix will follow.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22888
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 10 Oct 2009 11:33:01 +0000 (11:33 +0000)]
Fix memory leak and init those magic number fields to prevent compiler warning
when structure copied.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22879
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 10 Oct 2009 11:32:25 +0000 (11:32 +0000)]
Clean nfold.o on make clean
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22878
dc483132 -0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 10 Oct 2009 03:57:45 +0000 (03:57 +0000)]
Move destest to builtin/des, because it depends on overriding some
internals.
Make depend.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877
dc483132 -0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 10 Oct 2009 01:49:38 +0000 (01:49 +0000)]
Remove krb5.conf, bigendian.o, and bigendian on make clean
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22876
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 9 Oct 2009 18:29:34 +0000 (18:29 +0000)]
Implement GSS naming extensions and authdata verification
Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming
extensions and verification of authorization data.
ticket: 6572
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 9 Oct 2009 17:18:50 +0000 (17:18 +0000)]
Get aes-gen to build again (for the default back end, at least)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22873
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 9 Oct 2009 14:21:04 +0000 (14:21 +0000)]
In asn1_decode_enc_kdc_rep_part, don't leak the enc_padata field on
invalid representations.
ticket: 6571
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22872
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 8 Oct 2009 16:11:01 +0000 (16:11 +0000)]
In anticipation of a new version of OpenSSL 1.0.0, support renamed API: EVP_PKEY_decrypt -> EVP_PKEY_decrypt_old
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22871
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 8 Oct 2009 12:59:33 +0000 (12:59 +0000)]
In krb5_c_verify_checksum, avoid the structure copy of *data since we
don't care about data->magic. Squashes a bunch of unimportant
Coverity defects. (May not be the correct long-term solution.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22868
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 8 Oct 2009 12:58:56 +0000 (12:58 +0000)]
In krb5_calculate_checksum (a compatibility routine), initialize
key.enctype to ENCTYPE_NULL. This will predictably fail to match a
keyed hash's enctype, which may not be the best behavior, but is
better than unpredictably failing to match it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22867
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 7 Oct 2009 18:14:49 +0000 (18:14 +0000)]
In krb5_c_make_checksum, avoid the structure copy of *input since we
don't care about input->magic. Squashes a bunch of unimportant
Coverity defects.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22866
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 7 Oct 2009 18:13:29 +0000 (18:13 +0000)]
Fix krb5_c_weak_enctype in the case of invalid enctypes; r22839
simplified it a bit too much.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22865
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 7 Oct 2009 16:39:54 +0000 (16:39 +0000)]
Remove an outdated parenthetical comment about master_kdc; we actually
do check if the response came from the master KDC now.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22864
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 6 Oct 2009 16:36:34 +0000 (16:36 +0000)]
In krb5_encrypt_helper, return ENOMEM instead of 0 if we can't
allocate the ciphertext buffer.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22860
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 6 Oct 2009 16:20:19 +0000 (16:20 +0000)]
Crypto modularity proj: Populate openssl/aes dir
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22859
dc483132 -0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 6 Oct 2009 15:54:50 +0000 (15:54 +0000)]
Slightly more comprehensible message for KRB5_RC_IO
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22857
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 6 Oct 2009 15:47:04 +0000 (15:47 +0000)]
Fix object file path
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22856
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Sun, 4 Oct 2009 18:37:09 +0000 (18:37 +0000)]
Impl. krb5int_aes_enc/decrypt_iov. Passes t_encrypt test
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22843
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 3 Oct 2009 18:07:44 +0000 (18:07 +0000)]
Update the crypto derived key support code to conform to most of the
current coding practices (except lack of tabs). Use the helper
functions k5alloc, zapfree, and find_enctype to reduce code size.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22840
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 3 Oct 2009 16:03:15 +0000 (16:03 +0000)]
Update the crypto API glue to conform to most of the current coding
practices (except lack of tabs). Use the helper functions k5alloc,
zapfree, and find_enctype to reduce code size.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22839
dc483132 -0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 3 Oct 2009 14:46:54 +0000 (14:46 +0000)]
Add convenience functions zapfree (test for null, zap, free) and
k5alloc (allocate memory, set a krb5_error_code result) to k5-int.h.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22838
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 1 Oct 2009 22:54:27 +0000 (22:54 +0000)]
Crypto modularity proj: Populae openssl/arcfour dir
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22825
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 1 Oct 2009 21:46:57 +0000 (21:46 +0000)]
Crypto modularity proj: Populate openssl/des dir.
To avoid breaking the export list some functions (mostly mit_xxx) are left in place with the disabled functionality.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22821
dc483132 -0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 1 Oct 2009 21:18:05 +0000 (21:18 +0000)]
Crypto modulrity proj: Basic AES crypto for openssl impl
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22820
dc483132 -0cff-0310-8789-
dd5450dbe970
projects / thirdparty / krb5.git / log
