summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix errno hygiene in kadmind write_pid_fileGreg Hudson2013-03-291-3/+3
| | | | | | fclose() might overwrite the errno value from fprintf, causing us to return success when we shouldn't. Record the errno value at the time of the fprintf failure.
* Simplify krb5_ldap_readpasswordGreg Hudson2013-03-291-19/+2
| | | | | | There's no need to check whether the file exists and is readable before opening it, and setting an extended error message which is just strerror_r() of the errno value isn't useful.
* Using k5-int.h data helpers for some functionsGreg Hudson2013-03-293-21/+14
| | | | | | Use empty_data(), alloc_data(), and make_data() in some appropriate places. This has the side effect of initializing the krb5_data magic field, which can placate debugging tools.
* Clean up cksum handling in CMAC token functionsGreg Hudson2013-03-291-3/+1
| | | | | | In krb5int_dk_cmac_encrypt, cksum wasn't used. In krb5int_dk_cmac_decrypt, cksum needs to be initialized since we clean it up.
* Fix kdb_ldap_create_principal cleanupGreg Hudson2013-03-281-2/+2
| | | | entry must be initialized before all code which can jump to cleanup.
* Fix more password_policy cleanup codeGreg Hudson2013-03-281-11/+6
| | | | | Initialize policy_dn in krb5_ldap_create_password_policy; free values unconditionally in all ldap_pwd_policy.c cleanup handlers.
* Get rid of krb5_xfreeGreg Hudson2013-03-284-30/+27
|
* Fix krb5_ldap_put_password_policy cleanupGreg Hudson2013-03-281-3/+2
| | | | | Initialize policy_dn since we clean it up. Also free it unconditionally.
* Init output parameter of krb5_decode_princ_entryGreg Hudson2013-03-281-0/+2
| | | | | For easier static analysis, make sure that krb5_decode_princ_entry always sets *entry_ptr to a valid entry or NULL.
* Fix unused assignment in mechglue loadConfigFileGreg Hudson2013-03-281-1/+1
|
* Fix an error case in krb5int_fcc_new_uniqueGreg Hudson2013-03-281-1/+0
| | | | | If we fail to allocate setptr, don't close ret, since we've already done so.
* Fix an error case in krb5_sendauthGreg Hudson2013-03-281-3/+1
| | | | | If we fail to get the client principal when constructing the stack-allocated creds structure, don't double-free creds.server.
* Fix minor KDC memory leaksGreg Hudson2013-03-263-17/+13
| | | | | Fix some small memory leaks which happen only in rare failure conditions. Reported by Will Fiveash <will.fiveash@oracle.com>.
* Fix a trivial file leak writing kadmind pid fileGreg Hudson2013-03-261-3/+4
| | | | | | | If we fail to write the pid to the pid file, we should still close the file before returning from write_pid_file(). The consequences of this bug are trivial because kadmin is just going to exit regardless. Reported by Will Fiveash <will.fiveash@oracle.com>.
* Export verto_set_flags from libvertoGreg Hudson2013-03-261-0/+1
| | | | | | | | | | When the bundled libverto was updated from 0.2.2 to 0.2.5, verto_set_flags should have been added to libverto.exports along with the other new functions. ticket: 7594 (new) target_version: 1.11.2 tags: pullup
* Replace "First introduced" with concise "New"Zhanna Tsitkov2013-03-256-50/+47
|
* Fix import_sec_context with interposersSimo Sorce2013-03-241-21/+14
| | | | | | | | | | | | | | | | | | The code was correctly selecting the mechanism to execute, but it was improperly setting the mechanism type of the internal context when the selected mechanism was that of an interposer and vice versa. When an interposer is involved the internal context is that of the interposer, so the mechanism type of the context needs to be the interposer oid. Conversely, when an interposer re-enters gssapi and presents a token with a special oid, the mechanism called is the real mechanism, and the context returned is a real mechanism context. In this case the mechanism type of the context needs to be that of the real mechanism. ticket: 7592 target_version: 1.11.2 tags: pullup
* make dependGreg Hudson2013-03-2451-1744/+1515
|
* Move a bunch of stuff out of k5-int.hGreg Hudson2013-03-2460-728/+455
| | | | | | | | | Move internal declarations from k5-int.h to more localized headers (like int-proto.h) where appropriate. Rename many symbols whose prototypes were moved to use the k5_ prefix instead of krb5int_. Remove some unused declarations or move them to the single source file they were needed in. Remove krb5_creds_compare since it isn't used any more.
* Get rid of krb5_{get,free}_krbhstGreg Hudson2013-03-228-212/+9
| | | | | These functions were always internal. They haven't been used since v5passwdd was eliminated in krb5 1.4.
* Get rid of osconfig.cGreg Hudson2013-03-226-53/+2
| | | | | These variables were marked as internal in 1996. Two are unused and the other is easily replaced with the macro it is initialized from.
* Rebuild NOTICE for 2013Ben Kaduk2013-03-212-3/+3
| | | | | | Also exclude copyright.rst from the notice.txt build, as maintainer-mode builds error out due to the "document isn't included in any toctree" warning otherwise produced.
* Clean up getclhoststr in ipropd_svc.cGreg Hudson2013-03-211-17/+9
| | | | Based on a patch from Xi Wang <xi@mit.edu>.
* Documentation Copyrights notice dates: 1985-2013Zhanna Tsitkov2013-03-203-3/+3
|
* Update shlib.conf for FreeBSDBen Kaduk2013-03-181-14/+11
| | | | | | | | | | | FreeBSD has not emitted a.out binaries by default for a very long time; elf is the standard. Take sparc64 conditional for PICFLAGS from downstream. Enable "new" dtags (supported since FreeBSD 5.0) -- this prevents rpath entries in libraries from taking precedence over LD_LIBRARY_PATH, useful for testing.
* Reset ulog header if iprop load failsGreg Hudson2013-03-151-0/+2
| | | | | | | | | | | If an iprop slave tries to load a dump from the master and it fails, reset the ulog header so we take another full dump, instead of reporting that the slave is current when it isn't. Reported by Richard Basch <basch@alum.mit.edu>. ticket: 7588 target_version: 1.11.2 tags: pullup
* Add PEM password prompter callback in PKINITNalin Dahyabhai2013-03-151-3/+45
| | | | | | | | | | Supply a callack to PEM_read_bio_PrivateKey() using the prompter to request a password for encrypted PEM data. Otherwise OpenSSL will use the controlling terminal. [ghudson@mit.edu: minor style cleanup, commit message] ticket: 7590
* Eliminate unused variablesGreg Hudson2013-03-152-2/+1
|
* Fix argument type in kg_unseal_v1Greg Hudson2013-03-151-1/+1
| | | | | | The caller of kg_unseal_v1 passes a gss_qop_t * for the qop_state parameter, so make it use that type instead of an int *. Noted by David Benjamin <davidben@mit.edu>.
* Fix kadmin_getpol format stringGreg Hudson2013-03-151-2/+2
| | | | | | | Commit 0780e46fc13dbafa177525164997cd204cc50b51 matched a %ld format string with the integer 0, which is an int rather than a long. Just put 0 in the format string instead. Noted by David Benjamin <davidben@mit.edu>.
* Fix condition with empty bodyDavid Benjamin2013-03-151-2/+2
| | | | | | | | Found by clang's warnings. ticket: 7591 (new) target_version: 1.11.2 tags: pullup
* Allocate space for NUL byte in test codeDavid Benjamin2013-03-151-1/+1
| | | | Caught by ASan.
* Fix use-before-init in two test programsGreg Hudson2013-03-152-2/+2
| | | | | | If krb5_init_context fails, use a null context for getting the error message, not a context we haven't yet initialized. Observed by David Benjamin <davidben@mit.edu> using clang.
* Initialize status in krb5_ldap_parse_db_paramsGreg Hudson2013-03-111-1/+1
| | | | | | | | If db_args is non-null but empty, status could be returned without being initialized; gcc with optimization correctly warns about this, causing a build failure. (This bug was introduced by 0b1dc2f93da4c860dd27f1ac997617b712dff383 which was pushed after the 1.11 release branch, so it isn't in any release.)
* Add support for k5srvutil -e keysaltsAlex Dehnert2013-03-112-3/+12
| | | | | | | | | | | k5srvutil is a little more convenient to use for rolling keys than kadmin is. When migrating off 1DES, though, it may be desirable to explicitly specify the desired keysalts. This adds an option, -e, to k5srvutil to specify desired keysalts. [ghudson@mit.edu: style fix; make whitespace in keysalt list work] ticket: 7589 (new)
* Remove stray include in localauth_plugin.hGreg Hudson2013-03-113-91/+41
| | | | | This unnecessary include was causing build failures on some systems by making libkrb5 sources depend on gssapi.h.
* Document localauth interfaceGreg Hudson2013-03-093-0/+79
| | | | ticket: 7583
* Add tests for localauth interfaceGreg Hudson2013-03-0910-4/+450
| | | | | | | | Create a test module, program, and script to exercise the krb5_aname_to_localname and krb5_k5userok functions as well as the localauth pluggable interface. ticket: 7583
* Add localauth pluggable interfaceGreg Hudson2013-03-0915-1071/+1426
| | | | | | | | Add a new pluggable interface for local authorization, and replace the existing krb5_aname_to_localname and krb5_kuserok implementations with implementations based on the pluggable interface. ticket: 7583 (new)
* Fix dependencies in tests/gssapiNickolai Zeldovich2013-03-031-3/+3
| | | | | | | | | Use $(COMMON_DEPS) instead of $(COMMON_DEPLIBS) for dependencies; the latter appears to be a typo. Fixes build when using "make -j". ticket: 7587 (new) target_version: 1.11.2 tags: pullup
* Simplify and clarify lookup_etypes_for_keytabGreg Hudson2013-03-011-27/+21
|
* Fix a memory leak in krb5_get_init_creds_keytabGreg Hudson2013-02-281-3/+11
| | | | | | | | | lookup_etypes_for_keytab was not freeing the keytab entries it iterated over. Reported by nalin@redhat.com. ticket: 7586 target_version: 1.11.2 tags: pullup
* Add krb5_free_enctypes APIGreg Hudson2013-02-277-8/+22
| | | | | | | Rename krb5_free_ktypes to krb5_free_enctypes and add it to the public API. ticket: 7584
* Add missing .gitignore entries and clean rulesGreg Hudson2013-02-278-7/+22
| | | | ticket: 7585
* Fix windows buildBen Kaduk2013-02-252-2/+2
| | | | | | | | | | Catch up to the split of preauth_plugin.h into client and kdc specific portions. While here, use copy's /y flag to suppress an override-confirmation prompt (though we do not list any dependencies for this target at the moment, so no such prompt will be generated). Do not disable library finalizers for windows, erroneously disabled in 4538146e1452e0966164119cefb0804993ce6bbb.
* Update acknowledgments in READMETom Yu2013-02-211-1/+5
| | | | Also update copyright years.
* Fix fd leak in DIR ccache cursor functionGreg Hudson2013-02-211-1/+1
| | | | | | | | | | If dcc_ptcursor_next reached the end of a directory, it called free() on the directory handle instead of closedir(), causing the directory fd to be leaked. Call closedir() instead. ticket: 7573 target_version: 1.11.1 tags: pullup
* Fix memory leak closing DIR ccachesGreg Hudson2013-02-201-0/+1
| | | | | | | | | | | A ccache type's close function is supposed to free the cache container as well as the type-specific data. dcc_close was not doing so, causing a small memory leak each time a ccache is created or destroyed. ticket: 7574 (new) target_version: 1.11.1 tags: pullup
* Allow multi-hop SAM-2 exchangesGreg Hudson2013-02-191-0/+5
| | | | | | | | | | | | Prior to 1.11, it was possible to do SAM-2 preauth exchanges with multiple hops by sending repeated preauth-required errors with different challenges (which is not the way multi-hop exchanges are described in RFC 6113, but it can still work). This stopped working when SAM-2 was converted to a built-in module. Make it work again. ticket: 7571 (new) target_version: 1.11.1 tags: pullup
* Cleaner fix for #7570Ben Kaduk2013-02-151-4/+2
| | | | Remove variables and labels which are no longer needed.
generated by cgit (git 2.34.1) at 2025-09-25 07:26:30 +0000