aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-11-19Add Camellia support to the NSS back end. (It was mostly alreadycamellia-cts-cmacGreg Hudson4-4/+96
there, but we needed a cbc-mac function.) git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-cts-cmac@24523 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-19Add known-value tests for checksums, encryptions, and derived keys.Greg Hudson9-17/+1235
Requires exporting a few more symbols from libk5crypto. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-cts-cmac@24522 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-17Change the default number of string-to-key iterations for CamelliaGreg Hudson1-5/+4
enctypes to 32768, up from the AES default of 4096. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-cts-cmac@24521 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-16Tweak derive_random_sp800_108_cmac to supply the bit length of theGreg Hudson2-26/+33
output to the PRF instead of the byte length, for better conformity to the NIST document. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-cts-cmac@24520 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-10On the camellia-cts-cmac branch, replace the Camellia CCM enctypesGreg Hudson37-1531/+1149
with enctypes using CTS and CMAC. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-cts-cmac@24514 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-10Create a branch for Camellia enctypes using CTS with CMACGreg Hudson0-0/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-cts-cmac@24513 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-09Include <openssl/des.h> in the OpenSSL back end's weak_key.c for theGreg Hudson1-0/+1
DES_is_weak_key prototype. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24512 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-06After a failed kdb5_util load, make a subsequent load operation workGreg Hudson4-665/+507
by removing the remnant temporary files after obtaining a lock. To make this safe, the private contract for temporary DB creation and promotion had to be altered, along with many of the DB2 internal helper functions. ticket: 6814 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24511 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-04Further kdb_db2 code cleanup: make gen_dbsuffix return aGreg Hudson2-55/+30
krb5_error_code to simplify error handling in callers, and discard the db_lf_time field which was set but never used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24510 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-04Remove a stray spawn_shell in the iprop dejagnu testsGreg Hudson1-1/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24509 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-03Simplify kdb_db2's open_db() a little further, avoiding a suspiciousGreg Hudson1-7/+11
switch fallthrough. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24508 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-03Avoid running off the end of the spares array in db2's page_to_oaddr()Greg Hudson1-1/+1
in unrealistically large databases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24507 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-03Use size_t to hold set counts in net-server.cGreg Hudson1-9/+9
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24506 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-02Clean up the DB2 KDB module code a bit, making it more conformant withGreg Hudson1-141/+96
current coding practices. Mostly namespace changes, but also simplify krb5_db2_destroy(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24505 dc483132-0cff-0310-8789-dd5450dbe970
2010-11-01krb5_get_error_message cannot return NULL, and returns "Success" onGreg Hudson6-53/+22
error code 0. Simplify some overly paranoid code accordingly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24489 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-27Don't fail out from krb5_get_credentials() if we can't store a ticketGreg Hudson1-10/+4
into the ccache. ticket: 6812 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24488 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-26FILE keytabs have been able to handle write operations since krb5 1.7,Greg Hudson3-41/+13
as an apparently unintended side effect of r20594. Clean up the code by combining the identical resolve functions for FILE and WRFILE, and removing the code to set up a WRFILE default keytab name in kadmin.c. Also fixes a slight display bug; k5test.py needs to be adjusted to expect the correct output. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24487 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-26Mark Camellia-CCM code as experimentalGreg Hudson1-0/+3
Add a comment noting that the Camellia-CCM code in 1.9 is experimental. ticket: 6811 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24486 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-26Add a kg_encrypt_inplace() utility function to the krb5 GSS mech, andGreg Hudson6-101/+108
use it where we do in-place encryption of checksums in the non-CFX seal tokens with raw DES enctypes. Avoids a harmless but incorrect in-place memcpy(). ticket: 6770 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24485 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-26Make k5-buf.h comments consistent with coding styleGreg Hudson1-44/+54
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24484 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-26Set *conf_state on successful return fromGreg Hudson1-0/+2
gss_krb5int_make_seal_token_v3_iov, fixing a case where it wasn't always set by gss_wrap_iov. Patch from aberry@likewise.com. ticket: 6809 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24483 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-25When we create a temporary memory ccache for use within aGreg Hudson5-3/+10
krb5_gss_cred_id_rec, set a flag to indicate that the ccache should be destroyed rather than closed. Patch from aberry@likewise.com. ticket: 6787 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24482 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-25Use safer output parameter handling inGreg Hudson1-2/+4
krb5_gss_acquire_cred_impersonate_name and its subsidiary helpers. ticket: 6796 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24481 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-25In acquire_init_cred in the GSS krb5 mech, don't intern cred->name,Greg Hudson1-4/+2
since it's not used as an output parameter. Fixes a memory leak. Reported by aberry@likewise.com. ticket: 6793 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24480 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-24WhitespaceGreg Hudson2-3/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24479 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-24WhitespaceGreg Hudson4-72/+61
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24478 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-23Fix adjustment of counterKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24477 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-23Declare xdr_purgekeys_argKen Raeburn1-0/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24476 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-23Declare kadmin_purgekeysKen Raeburn1-0/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24475 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-23Declare krb5_set_error_message_flKen Raeburn1-0/+7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24474 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-23Include k5-int.h for function declarationsKen Raeburn1-0/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24473 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-23In profile-reading performance test, print microseconds not millisecondsKen Raeburn1-4/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24472 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-23Try harder to retain the "brand" string in the shared libraryKen Raeburn2-5/+14
Make the brand array non-static, and actually use the value in (the infrequently-called) krb5_init_secure_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24471 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-23Better libk5crypto NSS fork safetyGreg Hudson4-10/+141
Use SECMOD_RestartModules() from the forthcoming NSS 3.12.9 release to make the libk5crypto back end work after a fork. Add a test program to exercise fork detection in the NSS back end. Add a configure-time version check to ensure that we're using NSS 3.12.9 or later. ticket: 6810 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24470 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-22Make it possible to override CRYPTO_IMPL_CFLAGS and CRYPTO_IMPL_LIBS atGreg Hudson9-9/+20
make time. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24469 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-19configure.in: don't force use of cacheSam Hartman1-7/+0
Back when hardware was slower and we had lots and lots of imakefile-like configure scripts, forcing the use of config.cache made sense for performance reasons. Now that we have one configure script and we build on modern hardware, config.cache just introduces errors as you are debugging changes to the configure script. This commit stops second guessing autoconf's cache handling. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24468 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-19SecurID build supportSam Hartman4-2/+30
Integrate SecurID into the build if libaceclnt is found. Add a README file with an example of how to build it. ticket: 6807 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24467 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-19securID error handling fixSam Hartman2-29/+29
In porting forward, I incorrectly used krb5_set_error_message instead of com_err. This commit reverts that change. ticket: 6806 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24466 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-19securID code fixesSam Hartman4-18/+36
Fixes to get securID preauth plugin working. A separate patch will address error handling and build issues. * Permit a preauth plugin to return KRB5KDC_ERR_PREAUTH_REQUIRED from the verify entry point. * If verify_securid2 fails, save the return value and return that rather than success after dealing with encoding the out_edata * Use the client key not the securid principal key for the sam checksum * indicate that securID is hardware authentication ticket: 6805 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24465 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-19Remove KDC replay cacheGreg Hudson8-134/+12
Now that SAM1 support has been removed, the KDC does not need a replay replay cache. Remove all code within USE_RCACHE and associated support. Rename --disable-kdc-replay-cache to --disable-kdc-lookaside-cache. ticket: 6804 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24464 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-18Adjust copyright.texinfo to fix some TeX output issues. Also do minorTom Yu2-861/+914
cleanup. ticket: 6802 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24462 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-14copyright notice updatesTom Yu8-482/+1541
Update copyright.texinfo. Move full copyright notices to appendices of documentation. New rules to generate top-level NOTICE file from copyright.texinfo. Regenerate NOTICE file. ticket: 6802 tags: pullup target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24455 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-13WhitespaceGreg Hudson1-5/+7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24454 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-13Adjust valgrind support to assume a modern valgrind that requires %p in log ↵Sam Hartman1-1/+1
files git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24453 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-13Fix leaks in get_init_creds interfaceSam Hartman1-3/+9
In Debian Bug 598032, Bastian Blank points out that there are two leaks in the get_init_creds interface: * Free ctx->request->padata after sending the KDC request so it is not overwritten the next time around the loop. * If options is NULL passed into krb5_get_init_creds_init, then set up a non-extended options structure so that krb5_get_init_creds_free will free the options. ticket: 6801 target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24452 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-11README and patchlevel to 1.10-prereleaseTom Yu2-6/+6
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24451 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-11Interim update of README and NOTICETom Yu2-14/+173
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24449 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-11When returning KRB5_KT_NOTFOUND from krb5_ktfile_get_entry, set anGreg Hudson1-1/+8
extended error message indicating which principal was not found. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24448 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-09Plug a memory leak in gss_indicate_mechsGreg Hudson1-1/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24447 dc483132-0cff-0310-8789-dd5450dbe970
2010-10-08Encoding cleanup: curly quotes to ASCII quotes, and some ISO-8859-1Tom Yu55-55/+55
files to UTF-8. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24446 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-08-15 02:56:22 +0000