| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15490 dc483132-0cff-0310-8789-dd5450dbe970
|
|
communicate the type if the key has afs3 salt.
If such s2kparams are received by the client, use the afs string2key
function to process the key.
Ticket: 1512
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15489 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* kdc_preauth.c (return_etype_info2): After encoding the
etype_info2 and copying the pointers to the pa_data, free the
krb5_data pointer.
Ticket: new
Target_Version: 1.3
Tags: pickup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15483 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15468 dc483132-0cff-0310-8789-dd5450dbe970
|
|
rather than disallowing all unknown options.
Ticket: 1202
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15467 dc483132-0cff-0310-8789-dd5450dbe970
|
|
failure. This will be translated by the client into password
incorrect.
Ticket: 1488
Target_Version: 1.3
Tags: pullup
Component: krb5-kdc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15439 dc483132-0cff-0310-8789-dd5450dbe970
|
|
enctypes (currently AES but anything not explicitly listed as old)
then only etype_info2 is sent back in response. Send back etype_info2
all the time. Also send back etype_info2 to provide salt and
s2kparams with AS reply not just for preauth errors.
* Expose interface for getting string2key with parameters (previously
implemented but not exported)
* IN the client (at least for get_init_creds interface) prfer
etype_info2 to etype_info and pw_salt. Pass s2kparams and use
string2key_with_params.
Ticket: 1454
Status: open
Target_Version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15412 dc483132-0cff-0310-8789-dd5450dbe970
|
|
to send_subkey and recv_subkey, respectively. Add new APIs to query
and set these fields. Change the behavior of mk_req_ext, rd_req_dec,
and rd_rep to set both subkeys. Applications wanting to set
unidirectional subkeys may still do so by saving the values of subkeys
and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use
the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the
send_subkey.
ticket: 1415
status: open
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15407 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Patch from Sun to reorganize and better abstract kdc_preauth.c's
enctype info handling. This will make it easier to implement
etype_info2 so I'm committing it.
Ticket: new
Target_Version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15400 dc483132-0cff-0310-8789-dd5450dbe970
|
|
If a request contains no des-cbc-crc enctype bumt des-cbc-crc or
des-cbc-md5 existis in the database then an infinite loop is created.
Fix etype info handling to avoid this.
ticket: new
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15332 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 1397
status: open
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15312 dc483132-0cff-0310-8789-dd5450dbe970
|
|
case we get NO_MATCHING_KEY later. This allows us to log a more
sane error if an incorrect password is used for encrypting the
enc-timestamp preauth.
ticket: 1324
status: open
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15306 dc483132-0cff-0310-8789-dd5450dbe970
|
|
reenable (-X) which prints a warning that you are creating a security
hole.
Remove support for generating krb4 tickets encrypted using 3DES
service keys as it is insecure. They are still accepted however.
The KDc is much more strict about accepting only tickets that it would
have issued in the current configuration. In particular if the KDC
would choose some enctype for writing a TGT, other enctypes will not
be accepted when using a TGT.
Ticket: 1385
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15286 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kadmind previously required a file-based keytab to support its use of
gssapi. For ease of administration, a kdb-based keytab would be
beneficial.
This commit includes changes to the kdb library to support this goal,
as well as actual changes in the kadmind itself.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15237 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15221 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Ticket: 1006
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15195 dc483132-0cff-0310-8789-dd5450dbe970
|
|
enctypes that it requested or that are similar to ones it requested
first.
The KDC only includes enctypes in etype_info if they were requested by
the client.
ticket: 1006
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15191 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15161 dc483132-0cff-0310-8789-dd5450dbe970
|
|
into the MIT distribution. It's compilation is enabled with --enable-fakeka.
ticket: 1281
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15158 dc483132-0cff-0310-8789-dd5450dbe970
|
|
By default, we disable krb4 in the KDC. This means that -4 none is
the default mode.
Krb4 is reenabled for the dejagnu tests.
ticket: new
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15149 dc483132-0cff-0310-8789-dd5450dbe970
|
|
When the user supplies the correct password, but has a timestamp that
is out of bounds, the server should reply with a clock skew error
rather than a preauth required error.
ticket: new
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15130 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kdc_free_lookaside() instead of per realm one - which has been
freed by time invoked.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15113 dc483132-0cff-0310-8789-dd5450dbe970
|
|
realm_tcp_ports data, kdc_realmlist, close the replay cache, and
free the lookaside cache.
* network.c (FREE_SET_DATA): Do not free a NULL pointer.
* replay.c, kdc_util.h: Add kdc_free_lookaside() to clear the lookaside
cache on shutdown - to search for memory leaks.
* rtest.c (main): Do not allocate or free a NULL pointer.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15080 dc483132-0cff-0310-8789-dd5450dbe970
|
|
instead of an incorrect pointer cast.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15072 dc483132-0cff-0310-8789-dd5450dbe970
|
|
variables, to allow correct behavior when krb4 is disabled.
ticket: 1276
owner: tlyu
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15070 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Create new file FSp-glue.c including KfM functions that had previously
been scattered through various other files.
Port RealmsConfig-glue.c from KfM, including old Unix-ish krb4
configuration code as fallback. Remove other files containing old
realm/config file support.
Add KRB5_CALLCONV to krb_get_in_tkt_creds.
Fix various functions to take const char* as arguments now that
tkt_string() returns const.
Assorted minor cleanup.
Implement krb_get_err_text in terms of com_err. Implement gross
kludge to force krb_err_txt to remain in sync with com_err.
ticket: 1189
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15046 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Implement *_in_tkt_creds, mk_req_creds, and rd_req_int functions.
Implement KfM krb4 kadm password changing, mostly by pulling in the
client side of the kadm library into the krb4 library.
Do some more header file cleanup of des.h and krb.h.
Remove some ancient krb4 dead weight.
Some Mac-specific functionality still needs to be merged.
ticket: 1189
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15014 dc483132-0cff-0310-8789-dd5450dbe970
|
|
uninitialized pointer to be dereferenced under certain error
conditions.
ticket: 1206
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14964 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Other routines do not expect the null to be included in the length so
policy checks fail. Also, sending the null over the wire is wrong.
ticket: 1230
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14940 dc483132-0cff-0310-8789-dd5450dbe970
|
|
avoid leaking padata.
ticket: 1206
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14910 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Remove some debugging calls.
* network.c (struct connection): New field start_time.
(tcp_data_counter, max_tcp_data_connections): New variables.
(kill_tcp_connection): New function.
(process_tcp_connection): Use it. Log reason for rejecting connection if the
requested buffer size is too large.
(accept_tcp_connection): If there are too many TCP connections already, shut
down the oldest one.
(setup_network, listen_and_process, process_tcp_connection, service_conn):
Delete debugging code.
(process_packet): Use socklen_t where appropriate.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14903 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14889 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14888 dc483132-0cff-0310-8789-dd5450dbe970
|
|
config file entries to indicate port numbers.
Checkpointing a working version; debug code needs cleanup, doc needs writing.
ticket: 1175
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14885 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14880 dc483132-0cff-0310-8789-dd5450dbe970
|
|
of arguments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14869 dc483132-0cff-0310-8789-dd5450dbe970
|
|
(v4_klog): Always declare and define stdarg version.
(krb4_stime): Deleted.
(check_princ): Use strftime instead.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14865 dc483132-0cff-0310-8789-dd5450dbe970
|
|
a key.
(v4_klog): Include explicit do-nothing default case in switch statement.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14849 dc483132-0cff-0310-8789-dd5450dbe970
|
|
be initialized
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14848 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14841 dc483132-0cff-0310-8789-dd5450dbe970
|
|
e-text)" for out-of-range codes where we haven't explicitly decided to return a
vague error message.
* do_as_req.c (prepare_error_as): New argument, the error message text as
determined *before* possibly replacing the error code with "generic error".
(process_as_req): Fill it in based on 'status', or the error message
corresponding to the error code to be returned.
* do_tgs_req.c (prepare_error_tgs): New argument, the error message text as
determined *before* possibly replacing the error code with "generic error".
(process_tgs_req): Fill it in based on 'status', or the error message
corresponding to the error code to be returned.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14835 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* sock2p.c: Deleted.
* Makefile.in (SRCS, OBJS): Drop it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14834 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14791 dc483132-0cff-0310-8789-dd5450dbe970
|
|
those covered by CVSROOT/cvsignore patterns. Static UNIX build only, at the
moment, may need updates for other configurations.
(Second try; this time, deal with the cases where "cvs add"/"cvs ci" choked on
previously deleted versions numbered 5.x.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14785 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14761 dc483132-0cff-0310-8789-dd5450dbe970
|
|
and DISALLOW_SVR when looking up services.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14726 dc483132-0cff-0310-8789-dd5450dbe970
|
|
if unrecognized.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14687 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14611 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14608 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14604 dc483132-0cff-0310-8789-dd5450dbe970
|
