Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | Refactor error handling slightly in get_tgt | 2009-08-27 | ||
| | | | | | (which coincidentally keeps us from reporting the wrong function with an error code) | |||
* | get_tgt() should not fail if built krb5-only and it can't find a des key | 2009-08-27 | ||
| | | | | Also clean up some indentation and add error logging. | |||
* | For now check incoming interrealm stuff with both keyusages because it | 2009-08-27 | ||
| | | | | turns out that derived-key stuff actually worked if you were using heimdal. | |||
* | krb5_init_keyblock is ugly and I'm not sure what it's doing there anyway | 2009-08-22 | ||
| | ||||
* | Fix a casefolding bug. [64-bit] | 2009-08-22 | ||
| | | | | | | | | | | | | | | In valid_utf8_p(), uc was improperly typed and never initialized. On 64-bit systems, this means that success is dependent on previous stack contents. If the upper 32 bits are not zero, the null terminator is not caught and the function continues reading past the end of the string until: 1) Invalid UTF-8 is encountered 2) An invalid unicode codepoint is encountered. 3) segfault 1 and 2 are much more likely, but 3 is a danger. | |||
* | ZCheckSrvAuthentication says "YES", "NO", or "FAILED" | 2009-08-10 | ||
| | ||||
* | it is the TWENTY-FIRST CENTURY, we can STOP USING K&R | 2009-08-09 | ||
| | ||||
* | change the prototype variable name "class" to match the actual function ↵ | 2009-08-09 | ||
| | | | | "class_name" | |||
* | if not HAVE_KRB5_C_DECRYPT, there's no krb5_enc_data type, and oh, look we ↵ | 2009-08-09 | ||
| | | | | don't use din anyway | |||
* | Factor out code that extacts a sockaddr_in from a notice (and stop using the | 2009-07-29 | ||
| | | | | | | | deprecated sender_addr macro.) Actually remove the code from realm.c:real_dispatch because nothing was using the result. Ran nuke-trailing-whitespace on all the files I touched, as usual. | |||
* | Refactor ZCheckRealmAuthentication into ZCheckSrvAuthentication. | 2009-07-27 | ||
| | | | | (also fiddle around with what krb4 checksums are available in krb5-only land) | |||
* | Refactor some gratuitously duplicated code in handle_packet | 2009-07-26 | ||
| | ||||
* | Remove the chock wedging things into DES mode and hopefully redo the ↵ | 2009-07-26 | ||
| | | | | | | keyusage stuff such that it actually works. | |||
* | Build on solaris | 2009-07-14 | ||
| | ||||
* | zephyr.h will pull in zephyr_err.h will pull in com_err.h without having to ↵ | 2009-07-13 | ||
| | | | | figure out where it is | |||
* | fix some conditional-compilation issues that trip -Wunreachable-code | 2009-04-30 | ||
| | ||||
* | use less oddball types | 2009-04-21 | ||
| | ||||
* | For now, host managers have IPv4 addresses. | 2009-04-19 | ||
| | | | | | | | Really, it almost terrifies me that servers have probably been sending shutdown messages to stack-garbage address families for the past two decades | |||
* | Clean up $Zephyr$s | 2009-04-14 | ||
| | ||||
* | add defs for datarootdir so configure will Shut Up | 2009-04-13 | ||
| | | | | | | | | | | Rearrange what libraries get pulled in where, so dpkg-shlibdeps doesn't whine (see a theme here?) (Also so that, say, znol, doesn't have to link with Everything.) This will break platforms that don't do shared-library dependencies. | |||
* | As in [2406], the C preprocessor has seen enough abuse; it is the | 2009-04-10 | ||
| | | | | | future, so we can abuse inline functions instead. | |||
* | The hash function should probably be unsigned. | 2009-04-10 | ||
| | | | | | | Also, the C preprocessor has seen enough abuse; it is the future, so we can abuse inline functions instead. | |||
* | kstuff.c: | 2009-04-10 | ||
| | | | | | | | | | Turn off the replay cache (at least with MIT krb5 1.6) All three authentication checks: Initialize cksum1_buf so gcc will shut up. | |||
* | This needs to be positive. (are you sure?) | 2009-04-08 | ||
| | ||||
* | krb5_data buffers are signed characters? Who knew? | 2009-04-08 | ||
| | ||||
* | embarrasing braino | 2009-04-08 | ||
| | ||||
* | be more paranoid about what fields we are checksumming | 2009-04-04 | ||
| | ||||
* | amd64 anecdotally cares about the difference between NULL and 0 in some contexts | 2009-04-03 | ||
| | ||||
* | fix yet another instance of the checksum computation | 2009-04-03 | ||
| | ||||
* | apple error table initialization for #41 | 2009-04-02 | ||
| | ||||
* | unused variable | 2009-04-01 | ||
| | ||||
* | keep zephyrd's ticket files in /var/run, not under /etc | 2009-03-31 | ||
| | ||||
* | updated paths in manpage | 2009-03-29 | ||
| | ||||
* | move variable definition out of too-restrictive #ifdef scope | 2009-03-24 | ||
| | ||||
* | don't set a nonexistent handler for SIGEMT | 2009-03-24 | ||
| | ||||
* | keep track of total # of incoming header fields, and cksum appropriately | 2009-03-24 | ||
| | ||||
* | Brain dumps used to stash the address of the client for which metadata | 2009-03-23 | ||
| | | | | | | | | | | | | was being sent in an extra header field. This worked about as well as you might expect. Fortunately we happened to be putting an address in header field 18 anyway, so backwards compatibility should be relatively painless. I don't know which approach is a more egregious hack, but this change at least nets us four less lines of code, which is obviously good, right? Oh, and while we're at it, if the sa_family isn't set on the sender address, just cringe and set it to AF_INET. | |||
* | notice->z_other_fields[notice->z_num_other_fields] is either going to | 2009-03-23 | ||
| | | | | | | | be NULL, something Wrong^TM, or off the end of z_other_fields. bad all around. | |||
* | make sure client is initialized to something false | 2009-03-22 | ||
| | ||||
* | unused static function unless DEBUG | 2009-03-22 | ||
| | ||||
* | there's no particular reason that the interrealm code on a krb5-only server | 2009-03-22 | ||
| | | | | | shouldn't be able to deal with incoming old-style packets | |||
* | 19 fields zephyrgrams | 2009-03-02 | ||
| | ||||
* | build everything successfully with -Wall -Werror | 2009-03-02 | ||
| | ||||
* | asedeno's UTF-8 downcasing patch | 2009-03-01 | ||
| | ||||
* | dead code | 2009-01-22 | ||
| | ||||
* | hack at traditional heimdal crypto | 2008-12-25 | ||
| | ||||
* | make this work^H^H^H^Hcompile with Heimdal | 2008-12-24 | ||
| | ||||
* | do it all with krb5 | 2008-12-24 | ||
| | ||||
* | allow des key brain dumps from transition servers to krb5-only servers | 2008-12-23 | ||
| | ||||
* | propagate consting of ZGetRealm | 2008-12-22 | ||
| |