Permalink
Commits on Jan 3, 2009
  1. On decrypt, the ivec should be chained from ciphertext

    not output
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21689 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 3, 2009
  2. Patch from Luke Howard:

    Confirm that copy succeeds before freeing ticket principal.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21688 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 3, 2009
  3. Luke Howard indicates that ser_sctx.c does not account for the size o…

    …f the context times.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21687 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 3, 2009
  4. Revert "integrate Novell patch to always try referrals - I have not r…

    …eviewed"
    
    Tom indicates he has a similar patch  that has been tested.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21686 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 3, 2009
  5. Remove merge issues list

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21685 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 3, 2009
  6. git-svn managed to generate a bogus commit or otherwise get into a st…

    …ate where it believed that changes had been merged onto the branch
    
    when they had in fact not been merged.
    This re-applies these changes.
    
    This reverts commit d2f51f02bac81d852f6f020373718d08b6abd02f.
    
    Conflicts:
    
    	src/lib/crypto/Makefile.in
    	src/lib/crypto/arcfour/Makefile.in
    	src/lib/crypto/des/Makefile.in
    	src/lib/crypto/enc_provider/Makefile.in
    	src/lib/crypto/keyhash_provider/Makefile.in
    	src/lib/krb5/krb/rd_req_dec.c
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21684 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 3, 2009
  7. fix merge error

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21680 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 3, 2009
  8. Make depend

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21679 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 3, 2009
  9. Merge trunk at 21659.

    Conflicts:
    
    	src/Makefile.in
    	src/kadmin/server/misc.h
    	src/kdc/do_as_req.c
    	src/kdc/do_tgs_req.c
    	src/kdc/kdc_util.c
    	src/kdc/kdc_util.h
    	src/lib/crypto/Makefile.in
    	src/lib/crypto/des/Makefile.in
    	src/lib/crypto/enc_provider/Makefile.in
    	src/lib/kdb/kdb5.c
    	src/lib/krb5/krb/chk_trans.c
    	src/lib/krb5/krb/walk_rtree.c
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21678 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 3, 2009
  10. krb5_rd_req: Don't set server to ticket->server

    krb5_rd_rec_decoded: change ticket->server to the principal we actually match from the keytab; this produces
        better application  behavior although is somewhat non-intuitive.
        Set up the replay cache here because we have the server principal
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21677 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 3, 2009
  11. If KRB5_PRINCIPAL_UNPARSE_NO_REALM is specified, don't escape the @

    symbol.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21676 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 3, 2009
Commits on Jan 2, 2009
  1. Indent fixup

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21675 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 2, 2009
  2. Cleanup

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21674 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 2, 2009
  3. Fix up comment to explain why the kdb keytab is not used in the tgs c…

    …ase any more
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21673 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 2, 2009
  4. Handle KDC_ERR_WRONG_REALM in krb5_get_in_tkt() - needs review, not

    completely tested yet
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21672 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 2, 2009
  5. cleanup

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21671 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 2, 2009
  6. Revert r21667, it breaks authorization data backends that need access to

    the KDC key to validate signatures
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21670 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 2, 2009
  7. Validate k_nprincs != 0 before passing a pointer to krbtgt

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21669 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 2, 2009
  8. Using the server name as a hint

    is inappropriate.  The server name is a security constraint.
    If set, it must constrain the principals
    that can be authenticated to; otherwise  applications may get behavior that breaks security policy.
    It is a goal that applications need to change to take advantage of any server search.
    
    Remove dead code
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21668 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 2, 2009
  9. Use kdb keytab

    to look up service principal
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21667 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 2, 2009
  10. KDC always assumes a server

    supports des-cbc-crc.
    Among other things, the test suite depends on this.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21666 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 2, 2009
  11. Don't register any services with portmap.

    Works around test instability problem
    but not desirable for iprop
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21665 dc483132-0cff-0310-8789-dd5450dbe970
    hartmans committed Jan 2, 2009
  12. Layer gss_sign() on top of gss_get_mic(), gss_verify() on top of

    gss_verify_mic(), rather than the other way around. Mechanisms should
    export a V2 interface.
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21664 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 2, 2009
  13. be sure to decode enc_padata

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21663 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 2, 2009
  14. Only allow the AS-REP server principal to be changed if we requested and

    received a TGT
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21662 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 2, 2009
  15. move common macros into int-proto.h

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21661 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 2, 2009
  16. In an AS-REP, only canonicalize the server name if we are returning a

    TGT, and the client requested one
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21660 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 2, 2009
Commits on Jan 1, 2009
  1. Set KRB5_KDB_FLAG_PKINIT flag, AD backends need this to return

    PAC_CREDENTIAL_DATA
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21658 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 1, 2009
  2. Refactor by adding find_pa_data() helper

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21657 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 1, 2009
  3. Use KRB5_PRINCIPAL_UNPARSE_NO_REALM for the logon name; cleanup

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21656 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 1, 2009
  4. Only add FD to sstate.rfds if add_XXX_fd() succeeds

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21655 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 1, 2009
  5. Keep krb5_gss_glue.c just for mechanism-specific API; move the rest into

    gssapi_krb5.c.
    
    That way, a vendor can build krb5_gss_glue.c as libgssapi_krb5.so, the
    mechglue as libgssapi.so, and the rest of the Kerberos mech as
    mech_krb5.so (this is essentially what Novell did).
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21654 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 1, 2009
  6. Back out r2164[78]; although the mech_invoke abstraction is superfluous

    when building mech_krb5 today, it will help anyone that wants to
    correctly build it dynamically.
    
    (By correctly, I mean that mechanism-specific API should go in
    libgssapi_krb5 and the mechanism itself in mech_krb5; one cannot assume
    that one can link against loadable modules on all platforms. I notice in
    OpenSolaris Sun link against mech_krb5 directly to get mech-specific
    API, but this won't work on Darwin.)
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21653 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 1, 2009
  7. remove superfluous comment

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21652 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 1, 2009
  8. remove cruft

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21651 dc483132-0cff-0310-8789-dd5450dbe970
    lhoward committed Jan 1, 2009