b1375d5035
do not look at environment variables if issetugid() == 0.
...
use random number device file as the default value.
from openbsd.
2001-01-05 06:22:32 +00:00
f819878ce7
use more standard %ll_ in favour of %q_
2001-01-04 15:39:50 +00:00
650239ad74
fix error return (0 -> -1). sync with kame.
2001-01-04 06:16:38 +00:00
f2b75fc51d
sync with kame: NULL != 0
2001-01-02 05:08:43 +00:00
5a3fc2bdaa
PR 11715
...
- kerberos is in chapter 8, not 7
- ftp(1) is not kerberized.
2000-12-31 07:45:50 +00:00
3a0975845b
Enable TCP_NODELAY socket option also for interactive IPv6 connections.
...
TCP_NODELAY isn't IPv4 only.
2000-12-30 14:54:38 +00:00
1a9f8a405b
change pathname to netbsd-oriented
2000-12-29 03:12:59 +00:00
492d9092b5
merge fix-ups
2000-12-29 02:52:35 +00:00
69fd2e0f90
location of manpage
2000-12-29 02:32:42 +00:00
57ebd1b3c8
KAME racoon, 2000/12/29
2000-12-29 02:25:05 +00:00
349ac51600
KAME libipsec/libpfkey, 2000/12/29
2000-12-29 02:24:40 +00:00
8905d28796
was removed in krb4-1.0.5
2000-12-29 02:07:25 +00:00
a842a70c3c
merge
2000-12-29 01:52:14 +00:00
2d80b20be2
import krb4-1.0.5
2000-12-29 01:42:08 +00:00
be812c01d9
Remove redundant forward declaration of krb5_cache_data struct.
2000-12-24 12:17:21 +00:00
5389a2b390
cope with embedded KAME scopeid. getifaddrs() expose kernel internal format
...
to the userland.
2000-12-21 03:58:52 +00:00
1cc86f8ba4
Check the return value of krb5_init_context(), and bail out if it failed.
...
Also, when failing, don't try to use the non-initialized context value
to determine the error text.
This avoids dumping core in the following programs when /etc/krb5.conf is
missing or broken: klist, kdestroy, kpasswd, kadmin, kadmind, ktutil, kdc.
XXX Better error reporting in this failure case would be nice.
2000-12-19 21:31:11 +00:00
2eabd5aae0
(tf_create): remove the overwriting of the old ticket file
2000-12-09 00:53:52 +00:00
71d1fbbd25
(kdc_reply_cipher): fix buffer over-run
2000-12-09 00:53:21 +00:00
a32b774256
remove (obsolete) support for environment variables.
2000-12-09 00:51:46 +00:00
ecf24d1394
Use getifaddrs() if HAVE_GETIFADDRS is defined.
2000-12-03 20:21:03 +00:00
074a0c939d
In krb5_sendto(), try the send/recv *inside* the loop through the
...
addinfos, so that e.g. if we fail to connect with an IPv6 address,
we can fall back onto an IPv4 address.
2000-12-02 01:53:08 +00:00
c9366a8efe
Fix reversed test.
2000-11-20 14:08:12 +00:00
18a6237381
s/usefull/useful/
2000-11-20 06:42:05 +00:00
40ad5fc4c1
correct validation on X11 forwarding. from markus@openbsd
2000-11-13 02:30:38 +00:00
25f03b52f9
remove extra .Xc
2000-11-12 15:40:19 +00:00
d2b5345f10
When forwarding a connection, use the right descriptor to get IP options.
...
Fixes PR 11261 my Michael Eriksson, using his patch.
2000-11-07 16:06:24 +00:00
e22c13589c
Make gss_acquire_cred actually work. Add a ccache member to the id_t struct
...
to store alternate creds, retrieved from a keytab. Make gss_init_sec_context
work with creds != GSS_C_NO_CREDENTIAL. Free ccache in id_t in release_cred.
2000-11-06 15:06:51 +00:00
392621627b
always attempt to canonicalize hostnames, not only when the hostname
...
does not contain a dot.
2000-11-05 20:09:08 +00:00
43bcdca61e
Apply the following:
...
- static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
...so that large packets do not wrap "n".
2000-10-30 18:58:37 +00:00
923459b8ef
Print a newline after 'You entered the wrong passphrase.'
2000-10-29 08:55:59 +00:00
f3f11aec78
make version identification string conform to SSH version string format.
...
version format must be like:
SSH-[0-9]*.[0-9]*-[^-]*( .*)?
and previous string did not conform to the requirement (too many hyphens).
based on comment from markus@openbsd (openssh maintainer)
2000-10-28 13:41:55 +00:00
4b39e2fe3f
fix v4 fallback lifetime calculation
2000-10-27 14:44:08 +00:00
dc0fe34aa7
Reduce swap_bytes() to a non-alignment dependent implementation - some
...
calls to swap_bytes() do indeed have non-aligned sources and destinations.
Fixes unaligned access problems on alpha and probably some of our other
architectures.
2000-10-23 11:40:55 +00:00
968a585ab4
Fix formatting error.
2000-10-20 18:01:26 +00:00
6a12425bca
We have renamed the configuration file, adapt the documentation.
2000-10-20 12:40:34 +00:00
e33acbd7b7
Correct printf format (used with integers, not longs).
2000-10-19 15:10:33 +00:00
c011ac8db6
- Correct missing closedir(3) in SSL_add_dir_cert_subjects_to_stack().
...
This should be fix the bug that apache enabled SSL may exhaust its
file descriptors. Noted by TAKANO Yuji <takachan@running-dog.net>
on apache@ecc.u-tokyo.ac.jp, apache mailing list in Japanese.
He had already sent a bug report to openssl-dev@openssl.org , but it
wasn't fixed in openssl-0.9.6. :-(
2000-10-13 01:47:27 +00:00
b5c4933a2d
printf format pedant. (size_t -> u_long).
2000-10-10 13:14:55 +00:00
612e4c298a
define DES_LONG in time to be used by later header files.
2000-10-08 18:42:03 +00:00
7db764779b
Format string cleanup by sommerfeld.
2000-10-08 18:40:08 +00:00
a001cd4e77
exit 0 on success, 1 on error
2000-10-06 06:21:16 +00:00
dc3402136b
Constify variables containing format strings
2000-10-05 14:32:50 +00:00
37146bcc18
format checking for internal functions
2000-10-05 14:17:12 +00:00
29dec280ee
format checking for internal function
2000-10-05 14:16:10 +00:00
8b2d1fefd2
Miscellaneous format string safety improvements
2000-10-05 14:09:07 +00:00
6fe5a2b27e
Return failure in krb_get_lrealm() if no config files are found, rather
...
than then searching for a default realm.
Fixes PR lib/11010 from David Brownlee. Patch from Jason Thorpe.
2000-10-04 04:08:30 +00:00
37a8d23037
improve error message on rnd(4) failure. the old text made reference
...
to ssl(4), which is openssl specific (talks about plugin RSA library).
2000-10-04 03:43:57 +00:00
18e8d6decc
do not loop forever
2000-10-03 15:07:14 +00:00
42e4adfd95
make it useful as test (exit 0 if successful)
2000-10-03 14:45:36 +00:00
8e1c87ce80
- implement IgnoreRootRhosts. if set, ignores ~root/.[rs]hosts. defaults to
...
the value of IgnoreRhosts. with `IgnoreRhosts yes' and `IgnoreRootRhosts no'
you get similar behaviour to the `-l' flag on rshd(8). this is based on
similar modification i made which appeared in ssh 1.2.27 (?)
- document that IgnoreRhosts now doesn't apply to root.
- clarify that /etc/s?hosts.equiv doesn't apply to root (it didn't before
my modification either).
- crank the version to 20001003
2000-10-03 09:56:38 +00:00
0b86bc5a1c
nuke #define for changing variable size (affects ABI).
2000-10-03 04:00:19 +00:00
169eefc02f
move rc5/idea dummy functions from crypto/dist/openssl/crypto to lib/libcrypto.
...
they are not part of the openssl distribution.
suggested by thorpej.
2000-10-01 22:17:59 +00:00
9c7b3bf3d5
nuke all NO_<algorithm name> in header file. they change ABI due to
...
#ifdef in struct/union definitions, and are bad for us shipping library binary.
2000-10-01 22:13:14 +00:00
563bf184ad
improve abort message, when RC5/IDEA in libcrypto (dummy) is called.
2000-09-30 14:29:16 +00:00
e5e807d114
always compile RSA into libcrypto.
...
MKCRYPTO disables the whole crypto tree, and in that case,
we will not have RSA (nor libcrypto) with us.
2000-09-30 12:21:51 +00:00
bc22f284e4
we always build idea/rc5 (dummy, though).
2000-09-30 00:30:25 +00:00
8d26d03189
repair openssl (libcrypto) for non-32bit architecture.
...
don't use unsigned long where 32bit unsigned variable is asked for.
use u_int32_t. (not sure if uint32_t is better or not, but anyway,
u_int32_t <-> uint32_t should not raise binary compatibility issue)
PR10921.
TODO: have arch-dependent Makefiles where we supply -DFOO for optimization.
(do not change size of variable though)
XXX: we should actually nuke all other #ifdef in /usr/include/openssl/*.h,
however, that needs a lot of work and will make future openssl upgrade harder.
remove RC5 and IDEA by default. build them separately as
libcrypto_{rc5,idea}.a. put dummy function, which is "warning to stderr
and exit(1)". NOCRYPTO_{RC5,IDEA} are obsoleted.
PR10883.
2000-09-30 00:23:28 +00:00
49a55a1d58
Import NetBSD Secure Shell. This is based on OpenSSH, but modified
...
somewhat.
2000-09-28 22:09:28 +00:00
fb9657047a
Add support for running kpasswdd from inetd. Active if INETD_SUPPORT
...
is defined. In either case, kpasswdd will continue to work from
the commandline as usual.
2000-09-13 11:29:26 +00:00
7bc28b6591
add manpage for kadmin
2000-09-10 19:45:04 +00:00
5ab344e414
add a, somewhat terse, kerberos overview manpage
2000-09-10 19:34:49 +00:00
0acd5e96a9
move config and log files out of /var/heimdal
2000-09-10 19:29:44 +00:00
38f9bead65
fix bad mdoc markup. closed PR/10854
2000-08-20 10:36:40 +00:00
d2cc354307
Fix example: lib_defaults -> libdefaults, default_domain -> default_realm
2000-08-15 17:22:45 +00:00
dafbb1e2ea
- Reference count MCC IDs, and garbage-collect them in destroy if
...
the ref count is 0, and in close if the ref count is 0 and the
ID is dead (i.e. has been previously destroyed).
- Don't use temp files to generate unique MCC names; use ASCII
representations of pointers to the malloc'd IDs, which is
unique enough for our purposes.
- Dead IDs cause an ENOENT error, as would a dead FCC ID.
Per discussion w/ Johan Danielsson <joda@pdc.kth.se>.
2000-08-10 18:58:59 +00:00
7dd4170cf5
Fix typos in some #if 0'd code.
2000-08-10 16:18:00 +00:00
4ffaedfcde
Fix the semantics of krb5_cc_close() and krb5_cc_destroy() for
...
the MCC. They now match the semantics of the MIT krb5
implementation.
2000-08-10 15:51:20 +00:00
bae9616e91
Add support for multiple Memory Credendial Caches, like MIT has.
...
This fleshes out mcc_get_name(), mcc_resolve(), mcc_destroy().
2000-08-10 02:23:07 +00:00
24ceace29d
Add krb5_princ_type() and krb5_princ_size() that appear in the MIT
...
API but not in Heimdal, and add commented out empty versions of
krb5_princ_set_realm_length(), krb5_princ_set_realm_data(),
krb5_princ_name(), and krb5_princ_component(), which also appear
in the MIT API, but which cannot be implemented in Heimdal until
a change is made to how some data is represented internally (as
these API functions expose that, as foolish as that is, but
that's how MIT did it, and some applications use it).
2000-08-09 23:27:19 +00:00
1435d15e40
Cause the kdc to write a pidfile in /var/run/kdc.pid and to
...
detach from the tty by default. Add a [-D | --no-detach]
option to restore the old behavior (which is useful for
debugging).
2000-08-06 18:42:19 +00:00
e80d60fa71
Catch krb5_init_context() failure.
2000-08-06 17:59:15 +00:00
a240003d0c
Plug a small memory leak.
2000-08-06 17:58:53 +00:00
e59093f4f7
Use socklen_t as appropriate, so that this compiles on LP64
...
systems.
2000-08-06 06:48:50 +00:00
de3878349f
this was removed from the source
2000-08-03 03:39:02 +00:00
9949e16264
merge back some hacks
2000-08-03 03:38:25 +00:00
f8815e6596
merge in 0.3a
2000-08-02 20:08:33 +00:00
7f5f475a8b
import of heimdal 0.3a
2000-08-02 19:57:59 +00:00
5c4fddaabe
In krb_get_default_realm(), before assuming our guessed default
...
realm is correct, check to see if we can find a KDC for it. If
not, it can't possibly be the default realm, and we should return
the NO.DEFAULT.REALM error condition.
Per a discussion w/ Thor Simon <tls@netbsd.org>.
2000-08-02 05:24:37 +00:00
e90fd304b7
Removed #ifndef's so this file can be included by compile_et and
...
asn1_compile when building host-tools on machines that don't have those
functions.
2000-08-02 02:44:06 +00:00
de40c8191d
Return failure if there is no Kerberos 5 configuration file.
2000-07-16 18:27:53 +00:00
206c5781b6
des_random_key() returns void.
2000-07-16 09:57:53 +00:00
11e7166667
back out part of previous; des_random_key() returns void again.
2000-07-16 09:50:33 +00:00
542954c318
delete removed files.
2000-07-16 05:57:01 +00:00
8c7937883e
merge cornflakes.
2000-07-16 05:55:10 +00:00
2429f6a29f
OpenSSL 0.9.5a import.
2000-07-16 05:03:53 +00:00
c752ee0a92
Fix a thinko in previous that prevented libroken from getting
...
both version strings.
2000-07-15 17:02:17 +00:00
39c394bb18
Define __KRB4_VERSION to get krb4 version strings.
2000-07-15 00:40:37 +00:00
1a7d02624b
Change the USELESS_CRYPTO check to MKCRYPTO_{IDEA,RC5,RSA}.
2000-07-05 13:57:15 +00:00
231c9cbcf7
add man-pages for kf and kfd
2000-07-02 07:39:39 +00:00
14d0802975
Dt -> Dd for date, otherwise this manpage looked unlike a manpage.
2000-06-26 23:28:46 +00:00
f3b213ec53
Do previous slightly differently, i.e. commit the change that I
...
had made to add the prototypes, but forgot to commit. This version
more closely matches the crypto-us version it was derived from.
2000-06-22 13:59:13 +00:00
61cad8ca49
Add missing prototypes for:
...
des_set_random_generator_seed, des_new_random_key and des_init_random_number_generator
This fix the compile problems in lib/libtelnet.
2000-06-22 09:01:42 +00:00
63748d6387
Add two telnet-related items.
2000-06-22 07:15:02 +00:00
8dd0fdd69b
Fix printf formats on LP64.
2000-06-21 06:05:01 +00:00
4696f48761
Remove pre-genereated info files.
2000-06-20 22:02:22 +00:00
b914f28687
Remove formatted manpages.
2000-06-20 22:00:14 +00:00
4e81b0f0e5
One off the list.
2000-06-20 21:57:46 +00:00
0fa81d1574
...and a couple more.
2000-06-20 06:02:37 +00:00
efbc580022
One more.
2000-06-20 05:12:07 +00:00
8b8fb98e91
Add an initial TODO list. This is based solely on things I encountered
...
while doing the Heimdal+KTH merge.
2000-06-20 05:03:04 +00:00
fddd47312e
Version string is const.
2000-06-19 22:40:17 +00:00
c4dc11daa0
Const poison the version strings.
2000-06-19 20:51:53 +00:00
f6880b854b
Import KTH Kerberos 4 from cryptosrc-intl.
2000-06-16 18:45:32 +00:00
1af8b95994
Import Heimdal Kerberos 5 from cryptosrc-intl.
2000-06-16 18:31:35 +00:00
b50999826e
Fixup the OpenSSL library builds.
2000-06-16 06:16:37 +00:00
21b1800004
The pieces of OpenSSL missing from netbsd-cryptosrc-intl.
2000-06-16 05:28:49 +00:00
c3b6f3938c
Common OpenSSL Makefile goo, from cryptosrc-intl.
2000-06-16 04:16:02 +00:00
1dc0dc5fb1
Import OpenSSL 0.9.4 from netbsd-cryptosrc-intl.
2000-06-14 22:44:19 +00:00
itojun