krb5.git/src/lib/gssapi/krb5, branch master Unnamed repository; edit this file 'description' to name the repository. Fix install rule for gssapi_krb5.h 2014-02-28T20:38:27+00:00 Greg Hudson ghudson@mit.edu 2014-02-28T05:30:05+00:00 4d239e933681785acc7fea48ab9b2d5441136e77 Revert r16428 now that gssapi_krb5.h is in the source tree. 
Revert r16428 now that gssapi_krb5.h is in the source tree.
Eliminate internal fixed-width type wrappers 2014-02-26T21:15:20+00:00 Greg Hudson ghudson@mit.edu 2014-02-01T21:26:51+00:00 1041af9f85e4be342339475cf5c8878fef1de10d Directly use stdint.h names for integer types in preference to the various internal names we have made up for them. 
Directly use stdint.h names for integer types in preference to the
various internal names we have made up for them.
Stop generating gssapi_krb5.h 2014-02-26T21:15:20+00:00 Greg Hudson ghudson@mit.edu 2014-02-01T20:59:21+00:00 a7a2c02b618aea40ebd4f597ec956eaf0fe210f5 We started generating gssapi_krb5.h from gssapi_krb5.hin when we needed to use a 64-bit type for lucid contexts. Since we can now assume a standard name for 64-bit types, we can stop generating the header. 
We started generating gssapi_krb5.h from gssapi_krb5.hin when we
needed to use a 64-bit type for lucid contexts.  Since we can now
assume a standard name for 64-bit types, we can stop generating the
header.
Assume <stdint.h> and fixed-width types 2014-02-26T21:15:19+00:00 Greg Hudson ghudson@mit.edu 2014-02-01T20:20:08+00:00 17e205070745e4712d40eed32d92d02edb47009f Make unconditional use of <stdint.h> and fixed-width types such as uint32_t. k5-plugin.h doesn't use any special integer types, so remove the conditional include block there. Nothing uses INT64_FMT/UINT64_FMT, so leave those out of k5-platform.h for now. 
Make unconditional use of <stdint.h> and fixed-width types such as
uint32_t.  k5-plugin.h doesn't use any special integer types, so
remove the conditional include block there.  Nothing uses
INT64_FMT/UINT64_FMT, so leave those out of k5-platform.h for now.
Fix gss_pseudo_random leak on zero length output 2014-01-18T18:03:32+00:00 Greg Hudson ghudson@mit.edu 2014-01-18T18:03:32+00:00 a44945dfa6502d4cd99943b2448ada389bc22b73 Nobody is likely to ever ask for zero bytes of output from gss_pseudo_random, but if they do, just return an empty buffer without allocating. Otherwise we leak memory because gss_release_buffer doesn't do anything to buffers with length 0. ticket: 7838 (new) 
Nobody is likely to ever ask for zero bytes of output from
gss_pseudo_random, but if they do, just return an empty buffer without
allocating.  Otherwise we leak memory because gss_release_buffer
doesn't do anything to buffers with length 0.

ticket: 7838 (new)
Add rcache feature to gss_acquire_cred_from 2014-01-17T20:58:08+00:00 Simo Sorce simo@redhat.com 2013-12-27T00:05:34+00:00 7dad0bee30fbbde8cfc0eacd2d1487c198a004a1 The "rcache" cred store entry can specify a replay cache type and name to be used with the credentials being acquired. [ghudson@mit.edu: split up, simplified, and altered to fit preparatory commits] ticket: 7819 (new) 
The "rcache" cred store entry can specify a replay cache type and name
to be used with the credentials being acquired.

[ghudson@mit.edu: split up, simplified, and altered to fit preparatory
commits]

ticket: 7819 (new)
Clean up rcache if GSS krb5 acquire_cred fails 2014-01-17T20:58:08+00:00 Greg Hudson ghudson@mit.edu 2014-01-15T19:41:54+00:00 9df0c4bdce6b88a01af51e4bbb9a365db00256d5 The error handler in acquire_cred_context didn't release the rcache, which would cause it to leak if we failed after acquire_accept_cred. ticket: 7818 (new) target_version: 1.12.2 tags: pullup 
The error handler in acquire_cred_context didn't release the rcache,
which would cause it to leak if we failed after acquire_accept_cred.

ticket: 7818 (new)
target_version: 1.12.2
tags: pullup
Clean up GSS krb5 acquire_accept_cred 2014-01-17T20:58:08+00:00 Greg Hudson ghudson@mit.edu 2014-01-15T17:51:42+00:00 ef8e19af863158e4c1abc15fc710aa8cfad38406 Use a cleanup handler instead of releasing kt in multiple error clauses. Wrap a long line and fix a comment with a missing word. Rewrap the function arguments to use fewer lines. 
Use a cleanup handler instead of releasing kt in multiple error
clauses.  Wrap a long line and fix a comment with a missing word.
Rewrap the function arguments to use fewer lines.
Don't produce context deletion token in krb5 mech 2014-01-13T17:02:09+00:00 Greg Hudson ghudson@mit.edu 2014-01-13T17:02:09+00:00 1687f4a0763944c2cc94e8334a7865af5d588eb5 RFCs 2743 and 4121 recommend that implementations produce empty tokens from gss_delete_sec_context, and trying to produce one can cause gss_delete_sec_context to fail on a partially established context. Patch from Tomas Kuthan. ticket: 7816 (new) 
RFCs 2743 and 4121 recommend that implementations produce empty tokens
from gss_delete_sec_context, and trying to produce one can cause
gss_delete_sec_context to fail on a partially established context.
Patch from Tomas Kuthan.

ticket: 7816 (new)
Fix GSS krb5 acceptor acquire_cred error handling 2013-12-16T20:40:51+00:00 Greg Hudson ghudson@mit.edu 2013-12-16T20:37:56+00:00 decccbcb5075f8fbc28a535a9b337afc84a15dee When acquiring acceptor creds with a specified name, if we fail to open a replay cache, we leak the keytab handle. If there is no specified name and we discover that there is no content in the keytab, we leak the keytab handle and return the wrong major code. Memory leak reported by Andrea Campi. ticket: 7805 target_version: 1.12.1 tags: pullup 
When acquiring acceptor creds with a specified name, if we fail to
open a replay cache, we leak the keytab handle.  If there is no
specified name and we discover that there is no content in the keytab,
we leak the keytab handle and return the wrong major code.  Memory
leak reported by Andrea Campi.

ticket: 7805
target_version: 1.12.1
tags: pullup