summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Define valgrind macros as no-ops if not USE_VALGRIND, and use ↵Ken Raeburn2009-01-221-26/+3
| | | | | | unconditionally, per Danilo's suggestion git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21773 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Love: when opening an existing replay cache, check moreGreg Hudson2009-01-211-14/+40
| | | | | | thoroughly to prevent symlink attacks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21770 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke: fix error return of krb5_gss_use_kdc_contextGreg Hudson2009-01-211-1/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21768 dc483132-0cff-0310-8789-dd5450dbe970
* When encoding, and compiling with -DUSE_VALGRIND, explicitly get valgrind to ↵Ken Raeburn2009-01-201-0/+61
| | | | | | check the inputs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21766 dc483132-0cff-0310-8789-dd5450dbe970
* delete trailing whitespace, including insanely long 'blank' linesKen Raeburn2009-01-201-64/+62
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21764 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_rd_rep_dce, initialize repl to NULL to avoid using itsGreg Hudson2009-01-201-1/+1
| | | | | | initialized value when we take the first goto to clean_scratch. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21763 dc483132-0cff-0310-8789-dd5450dbe970
* If buffer length is 0, force pointer to NULL, to keep valgrind happier when ↵Ken Raeburn2009-01-171-2/+4
| | | | | | callers don't bother git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21762 dc483132-0cff-0310-8789-dd5450dbe970
* patch from Luke - minor cleanupKen Raeburn2009-01-173-10/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21761 dc483132-0cff-0310-8789-dd5450dbe970
* patch from Luke - fix enctype-nego enctype list setupKen Raeburn2009-01-171-16/+8
| | | | | | ticket: 6336 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21760 dc483132-0cff-0310-8789-dd5450dbe970
* patch from Luke - fix sign problemKen Raeburn2009-01-171-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21759 dc483132-0cff-0310-8789-dd5450dbe970
* include dependencies for decoder testKen Raeburn2009-01-162-1/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21758 dc483132-0cff-0310-8789-dd5450dbe970
* Use valgrind in more cases if VALGRIND is setKen Raeburn2009-01-165-12/+96
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21754 dc483132-0cff-0310-8789-dd5450dbe970
* Make enctype and checksumtype name mapping table types private to theKen Raeburn2009-01-157-187/+120
| | | | | | | | crypto library. Add a field for aliases to the record type so that aliases don't have to be implemented by duplicating all the other information. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21753 dc483132-0cff-0310-8789-dd5450dbe970
* Fix an additional multiple-write case noted by John, where sendauthKen Raeburn2009-01-153-23/+53
| | | | | | | | | | | | calls write_message twice in a row. Add new function krb5int_write_messages, calls krb5_net_writev with multiple messages (currently only two at a time). Use it from krb5_write_message and krb5_sendauth. ticket: 6339 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21752 dc483132-0cff-0310-8789-dd5450dbe970
* Rework the replay cache extensions to make the hash extension recordsGreg Hudson2009-01-152-60/+224
| | | | | | | | | | | | stand alone. Otherwise, reordering of records during an expunge could cause the hash to be applied to the wrong record. Also add an "expunge" option to the t_replay program, and clean up some memory-handling inconsistencies. ticket: 1201 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21751 dc483132-0cff-0310-8789-dd5450dbe970
* updateKen Raeburn2009-01-151-0/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21750 dc483132-0cff-0310-8789-dd5450dbe970
* Add new routine krb5int_net_writev using scatter-gather source.Ken Raeburn2009-01-154-24/+49
| | | | | | | | | Use it from krb5_net_write to ensure testing and reduce duplication. Use it from krb5_write_message to avoid Nagle+DelayedAck problem. ticket: 6339 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21749 dc483132-0cff-0310-8789-dd5450dbe970
* If we have a local UDP socket without the PKTINFO option set, it'sKen Raeburn2009-01-141-0/+11
| | | | | | | | | bound to a local address, so use getsockname to extract the local (destination) address. ticket: 6335 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21748 dc483132-0cff-0310-8789-dd5450dbe970
* If recv_from_to is passed a buffer for the local endpoint address,Ken Raeburn2009-01-142-2/+19
| | | | | | | clobber it before doing anything else, just in case we can't retrieve the address and the caller blindly uses the buffer anyways. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21747 dc483132-0cff-0310-8789-dd5450dbe970
* Merge some very simple points of divergence in the two copies of network.c ↵Ken Raeburn2009-01-142-27/+18
| | | | | | | | -- enum ordering, whitespace, duplicate macro definitions, unused code, 0 vs NULL... git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21746 dc483132-0cff-0310-8789-dd5450dbe970
* Pass s4u name and c_flags to log_tgs_req. If values are supplied, logKen Raeburn2009-01-143-5/+23
| | | | | | | | an additional message to record the name and s4u mode. Untested for lack of code to invoke these code paths. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21745 dc483132-0cff-0310-8789-dd5450dbe970
* Force tickets acquired by the kadm5 client library via passwordRuss Allbery2009-01-141-1/+5
| | | | | | | | | | | | | | | authentication to be non-forwardable and non-proxiable, overridding any [libdefaults] configuration. This may be necessary at sites that set forwardable to true by default in their krb5.conf files but disable forwardable tickets for privileged principals. Since the ticket cache acquired by the kadm5 client library is used only for kadmin operations, where forwardable is not useful or necessary, there is no reason to ever attempt to obtain forwardable or proxiable tickets here. Ticket: 6337 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21744 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke Howard to:Sam Hartman2009-01-1310-62/+198
| | | | | | | | | | * Accept both CFX and non-CFX tokens all the time on acceptor * Only produce an acceptor subkey if you are using cfx or dce or negotiating up to cfx Additional changes from Sam Hartman: * do not assume that the ticket key type (server key) is a valid target for negotiation: the client may not support it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21742 dc483132-0cff-0310-8789-dd5450dbe970
* /tmp/3Ken Raeburn2009-01-133-91/+39
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21741 dc483132-0cff-0310-8789-dd5450dbe970
* FreeBSD compiler errors out on an error "zero or negative size array"Ezra Peisach2009-01-131-0/+8
| | | | | | | | | | | | after setting up an array with no elements. ifdef out array declarations and code that uses it until there are entries. Affects: krb5_gss_inquire_cred_by_oid_ops and krb5_gss_set_sec_context_option_ops which would return an error in any case as here are no entries in the arrays. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21740 dc483132-0cff-0310-8789-dd5450dbe970
* Add a call to limit_string that appears to have been accidentally removedSam Hartman2009-01-121-0/+1
| | | | | | somewhere along the mskrb-integ branch git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21729 dc483132-0cff-0310-8789-dd5450dbe970
* Remove gss_export_name_object and gss_import_name_object.Sam Hartman2009-01-129-243/+0
| | | | | | | | These are not standard interfaces, are not used by our tree and were added because they might be useful but ended up not being used. The stubs in gssapi.hin remain as they were shipped with previous releases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21728 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke Howard:Sam Hartman2009-01-123-7/+30
| | | | | | | | | Previously when using the kdb keytab, there was a check to confirm that the server was supported as a server and that attackers could not force an enctype downgrade. Add these to kdc_get_server_key git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21727 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke HowardSam Hartman2009-01-121-5/+2
| | | | | | There's a superfluous check in kdc_util.c; ad_entry is always non NULL git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21726 dc483132-0cff-0310-8789-dd5450dbe970
* Restore behavior of returning KRB5APP_ERR_BAD_INTEGRITY fromSam Hartman2009-01-121-1/+1
| | | | | | | | preauth methods. This creates a problem for Windows clients, but not doing it creates a problem for MIT clients. Today our KDC is more likely to be used with MIT clients, but we need to examine this issues in more detail. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21725 dc483132-0cff-0310-8789-dd5450dbe970
* Check the return code from krb5int_clean_hostname as the sanity ↵Zhanna Tsitkov2009-01-121-3/+7
| | | | | | verification of the hostname might fail git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21724 dc483132-0cff-0310-8789-dd5450dbe970
* Add message hash support to the replay interface, using extensionGreg Hudson2009-01-1215-43/+384
| | | | | | | | | | | | | | records (with an empty client string) to retain compatibility with old code. For rd_req, the ciphertext of the authenticator (with no ASN.1 wrapping) is hashed; for other uses of the replay cache, no message hash is used at this time. This commit adds a command-line tool for testing the replay cache but does not add any automated tests. ticket: 1201 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21723 dc483132-0cff-0310-8789-dd5450dbe970
* Follow "off-path" TGT referralsTom Yu2009-01-091-21/+189
| | | | | | | ticket: 5627 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21720 dc483132-0cff-0310-8789-dd5450dbe970
* Remove conflict marker; restore broken copyright lineKen Raeburn2009-01-091-2/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21719 dc483132-0cff-0310-8789-dd5450dbe970
* kdb/keytab.c: map KRB5_KDB_NO_MATCHING_KEY to KRB5_KT_KVNONOTFOUND.Sam Hartman2009-01-071-0/+2
| | | | | | | At least in cases other than tgts, this code handles its own enctype matching, so kvno not found is the only thing that produces the no matching key error. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21718 dc483132-0cff-0310-8789-dd5450dbe970
* Don't create include/kerberosIV on installationKen Raeburn2009-01-072-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21717 dc483132-0cff-0310-8789-dd5450dbe970
* Add support for referral null realms and use the default realm as ↵Sam Hartman2009-01-061-2/+10
| | | | | | | | krb5_rd_req_extended does ticket: 5954 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21716 dc483132-0cff-0310-8789-dd5450dbe970
* Remove ksu's own implementation of krb5_verify_init_creds now that it is not ↵Sam Hartman2009-01-061-122/+0
| | | | | | | | | used ticket: 5954 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21715 dc483132-0cff-0310-8789-dd5450dbe970
* Ksu should call krb5_verify_init_creds instead of using its own function.Sam Hartman2009-01-061-7/+13
| | | | | | | | | This was prompted by a desire for ksu to work without a domain_realm mapping for the local server, but the duplication of code is bad anyway. ticket: 5954 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21714 dc483132-0cff-0310-8789-dd5450dbe970
* Set RELTAIL back to "trunk"Tom Yu2009-01-061-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21713 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke HowardSam Hartman2009-01-062-39/+30
| | | | | | to make an explicit call to check the ACL for s4u delegations rather than relying on tl-data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21712 dc483132-0cff-0310-8789-dd5450dbe970
* be a little looser in checking for tail outputKen Raeburn2009-01-061-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21711 dc483132-0cff-0310-8789-dd5450dbe970
* remove unused fileKen Raeburn2009-01-061-190/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21710 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up many error-condition leaks of the server handle in theGreg Hudson2009-01-061-83/+46
| | | | | | kadmind server stubs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21709 dc483132-0cff-0310-8789-dd5450dbe970
* In kadmin, remove a bunch of checks for handle being NULL (some old,Greg Hudson2009-01-061-41/+41
| | | | | | | some introduced by the last rev) when it is known from context that handle is not NULL. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21708 dc483132-0cff-0310-8789-dd5450dbe970
* Fix capitalizationSam Hartman2009-01-062-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21707 dc483132-0cff-0310-8789-dd5450dbe970
* Oops. Don't include openssl install paths from my local machine.Ken Raeburn2009-01-051-19/+3
| | | | | | | | Thanks to Ezra for noticing so quickly. ticket: 6315 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21706 dc483132-0cff-0310-8789-dd5450dbe970
* include string.hKen Raeburn2009-01-051-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21705 dc483132-0cff-0310-8789-dd5450dbe970
* fix missed var renameKen Raeburn2009-01-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21704 dc483132-0cff-0310-8789-dd5450dbe970
* Define SWAP16 if not already definedKen Raeburn2009-01-051-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21703 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-02-06 10:05:38 +0000