Skip to content
Commits on Dec 28, 2009
  1. Branch r23518 of the trunk for NTT Camellia CTS implementation.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-cts@23529 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 28, 2009
Commits on Dec 23, 2009
  1. Code modularity related updates.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23484 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Dec 23, 2009
Commits on Dec 22, 2009
  1. Remove krb5_ prefix from some static func names

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23483 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Dec 22, 2009
Commits on Dec 21, 2009
  1. ticket: 6594

    target_version: 1.7.1
    tags: pullup
    
    Add a set_cred_option handler for SPNEGO which forwards to the
    underlying mechanism.  Fixes SPNEGO credential delegation in 1.7 and
    copying of SPNEGO initiator creds in both 1.7 and trunk.  Patch
    provided by nalin@redhat.com.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23482 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 21, 2009
Commits on Dec 17, 2009
  1. Fix a cleanup handler in the store_creds code; krb5_cc_close doesn't

    handle NULL arguments, so we have to check.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23480 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 17, 2009
  2. ticket: 6597

    subject: Add GSS extensions to store credentials, generate random bits
    
    Merge /users/lhoward/gssextras-no-cqa to trunk.  Adds
    gss_pseudo_random and gss_store_cred.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23479 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 17, 2009
Commits on Dec 16, 2009
  1. Whitespace fixes.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23477 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 16, 2009
Commits on Dec 15, 2009
  1. On Luke's advice, remove krb5_init_creds_store_creds. It is not a

    Heimdal API and its functionality is covered by
    krb5_get_init_creds_opt_set_out_ccache.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23469 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 15, 2009
  2. Get rid of the requirement of defining MAX_ENCTYPE in

    krb5int_parse_enctype_list, at the cost of making repeated realloc()
    calls during parsing.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23468 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 15, 2009
  3. Formatining enhancement

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23467 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Dec 15, 2009
Commits on Dec 14, 2009
  1. Subject: fast negotiation projec

    ticket: 6595
    Tags: enhancement
    
    Merge branches/fast-negotiate into trunk.
    This implements http://k5wiki.kerberos.org/wiki/Projects/Fast_negotiation
    
    Additional changes:
    * krb5_c_make_checksum with checksum type 0 uses mandatory checksum for given key enctype
    
    Conflicts:
    	src/lib/crypto/krb/make_checksum.c
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23465 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Dec 14, 2009
Commits on Dec 10, 2009
  1. Don't use sizeof(pointertype) to get the length of an allocated array.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23464 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Dec 10, 2009
  2. Add comments to make it slightly clearer how

    krb5int_confounder_checksum works.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23463 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 10, 2009
  3. Restructure the crypto checksum implementation to minimize

    dependencies on the internals of modules.
    
    * Keyhash providers are gone.
    * The cksumtypes table contains checksum and verify functions,
      similar to the etypes encrypt and decrypt functions.  New checksum
      functions parallel the old keyhash providers, and there are also
      functions for unkeyed and derived-key HMAC checksums.
    * The flags field is now used to indicate whether a checksum is
      unkeyed, but not whether it is a derived-key HMAC checksum.
    * The descbc checksum is handled through a new enc_provider function
      which calculates a CBC MAC.
    
    The OpenSSL module does not implement the CBC MAC function (it didn't
    implement descbc before).  builtin/des could probably get rid of
    f_cksum.c (the old DES CBC routine) with some alterations to
    string2key.c.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23462 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 10, 2009
Commits on Dec 9, 2009
  1. Change file holder for krb5int_check_clockskew. Minor Style changes p…

    …er code practices.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23460 dc483132-0cff-0310-8789-dd5450dbe970
    tsitkova committed Dec 9, 2009
Commits on Dec 8, 2009
  1. ticket: 6593

    subject: Remove dependency on /bin/csh in test suite
    
    The libdb2 test suite would fail if /bin/csh was not present.  The
    tests did not execute /bin/csh - but used the contents as data to put
    into the test database.  Iterate over a few "known" files until one is found
    that could be used for it... Tests for /bin/csh, /bin/cat, /usr/bin/cat, 
    /bin/ls, /usr/bin/ls.  If none of these exist - then fail.
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23458 dc483132-0cff-0310-8789-dd5450dbe970
    epeisach committed Dec 8, 2009
  2. Mark and reindent lib/gssapi, with some exceptions.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23457 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Dec 8, 2009
Commits on Dec 7, 2009
  1. Mark lib/apputils.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23456 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Dec 7, 2009
  2. Mark and reindent util, with some exceptions.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23455 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Dec 7, 2009
  3. ticket: 6592

    subject: handle negative enctypes better
    status: open
    
    krb5_dbe_def_search_enctype and krb5int_parse_enctype_list were making
    assumptions that enctype numbers are positive.  Potentially more code
    makes this assumption, but these appear to be the major ones.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23454 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Dec 7, 2009
Commits on Dec 6, 2009
  1. Initialize ihash_iov in case fall through to cleanup handler and try

    to free garbarge.
    
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23453 dc483132-0cff-0310-8789-dd5450dbe970
    epeisach committed Dec 6, 2009
  2. Remove the ivec parameters from the keyhash provider functions, as

    they are never used by callers.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23452 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 6, 2009
  3. Make depend.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23451 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 6, 2009
  4. Make the libk5crypto hash_provider interface take crypto_iov lists

    instead of lists of krb5_data.  Make the base HMAC APIs take
    crypto_iov lists and drop the _iov variants.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23450 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 6, 2009
  5. In the built-in des3 provider, remove the unused version of

    validate_and_schedule, and drop the _iov suffix from the one we do
    use.  (Cleanup from r23444.)
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23449 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 6, 2009
Commits on Dec 5, 2009
  1. Make the alloc_data and k5alloc convenience functions work if the

    caller requests zero bytes, by allocating one byte instead.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23448 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 5, 2009
  2. Remove tests for sched.h, kdb_db.h, kdc.c. None of these are used in …

    …the tree.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23447 dc483132-0cff-0310-8789-dd5450dbe970
    epeisach committed Dec 5, 2009
Commits on Dec 4, 2009
  1. Remove some code paths in crypto-length which are dead now that the

    internal interface can't return an error.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23446 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 4, 2009
  2. Remove CRC32_SHIFT4 code as we are unlikely to ever need it.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23445 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 4, 2009
  3. Consolidate the IOV and non-IOV encryption/decryption code paths, and

    drop the _iov suffix from most encryption- and decryption-related
    functions.  The enc_provider encrypt and decrypt functions take IOVs,
    as do the enctype entries in etypes.c, and there are no separate
    encrypt_iov or decrypt_iov functions.
    
    aead_provider is gone.  Enctype functions now take pointers to the
    enctype entry instead of pointers to the enc/hash/aead providers; this
    allows dk_encrypt and dk_decrypt to be polymorphic in the length
    function they use now that AES and DES3 can't differentiate by aead
    provider.
    
    aes_string_to_key needed to be moved into the krb/ fold for this since
    it's an enctype function; it was duplicated between builtin/ and
    openssl/ before.  This leaves openssl/aes empty; the build system
    currently demands that all modules have the same directory structure,
    so the directory and Makefile will stick around for now.
    
    Three separate copies of the derive_random logic are also now
    consolidated into one.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
    ghudson committed Dec 4, 2009
Commits on Dec 3, 2009
  1. Revert r23442. Revert r23436 changes unrelated to comment reformatting.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23443 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Dec 3, 2009
  2. Update export list to reflect changes in r23436.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23442 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Dec 3, 2009
  3. Reformat new comments.

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23441 dc483132-0cff-0310-8789-dd5450dbe970
    raeburn committed Dec 3, 2009
  4. ticket: 6591

    subject: fix slow behavior on Mac OS X with link-local addresses
    
    When using my previous patch, if a local hostname like "foobar.local"
    is looked up, you may get back a link-local IPv6 address.  However,
    the KDC seems to be unable to respond from that address, resulting in
    a ~1s delay for each KDC exchange while waiting for the client to fail
    over to another address (in my case, another IPv6 address).
    
    Create a new object for holding whatever auxiliary information might
    be needed to properly transmit the response to the client.  Currently,
    that only means the interface index number under IPv6.  Fill it in on
    receipt, always; copy it back to the pktinfo structure when
    transmitting, ONLY if the local source address is link-local.
    
    If an error occurs while transmitting the reply, print both the remote
    destination address and the local source address.  Use getnameinfo
    instead of inet_ntop.
    
    Apply the same changes to kadmind, to keep the versions of network.c
    more or less in sync.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23440 dc483132-0cff-0310-8789-dd5450dbe970
    raeburn committed Dec 3, 2009
  5. ticket: 6590

    subject: allow testing even if name->addr->name mapping doesn't work
    
    Many of the tests are set up to fail if the local hostname can't be
    mapped to an address and back to a name again.  If the name results in
    an address, and we can get a fully-qualified name or something that
    looks like it, though, we should be able to just go ahead and run some
    tests.
    
    This is also closer to the current behavior of sname_to_principal when
    reverse DNS is enabled.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23439 dc483132-0cff-0310-8789-dd5450dbe970
    raeburn committed Dec 3, 2009
Something went wrong with that request. Please try again.