summaryrefslogtreecommitdiffstats
path: root/src/kadmin
Commit message (Collapse)AuthorAgeFilesLines
...
* Use strlcpy instead of strcpy in many placesGreg Hudson2008-10-243-22/+34
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20919 dc483132-0cff-0310-8789-dd5450dbe970
* Use snprintf instead of strcpy/strcat in many placesGreg Hudson2008-10-231-3/+3
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20912 dc483132-0cff-0310-8789-dd5450dbe970
* Use asprintf instead of malloc/strcpy/strcat in many placesGreg Hudson2008-10-204-49/+13
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20901 dc483132-0cff-0310-8789-dd5450dbe970
* Use strdup in place of malloc/strcpy in many placesGreg Hudson2008-10-202-4/+2
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20898 dc483132-0cff-0310-8789-dd5450dbe970
* Finished KLL to KIM shim.Alexandra Ellwood2008-10-011-5/+6
| | | | | | | | Switched krb5 code to using it. ticket: 6134 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20796 dc483132-0cff-0310-8789-dd5450dbe970
* makedependKen Raeburn2008-09-184-86/+91
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
* If unset env(KRB5CCNAME) doesn't work, skip the tests that depend on itKen Raeburn2008-09-181-8/+35
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20730 dc483132-0cff-0310-8789-dd5450dbe970
* compile-time flag to disable ipropKen Raeburn2008-08-271-3/+12
| | | | | | | | | | If DISABLE_IPROP is defined at compile time, don't listen for connections and don't register the service. (Doesn't currently disable compilation of all of the code.) ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20699 dc483132-0cff-0310-8789-dd5450dbe970
* a stash file is not a keytabWill Fiveash2008-08-155-28/+108
| | | | | | | | | Note, this is the commit for the associated Krb Consortium project: Projects/Masterkey Keytab Stash ticket: 194 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20661 dc483132-0cff-0310-8789-dd5450dbe970
* Use a valid UTF8 password for randkey passwordAlexandra Ellwood2008-08-131-5/+9
| | | | | | | | KfM RC4 string to key function expects password to be valid UTF8 ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20650 dc483132-0cff-0310-8789-dd5450dbe970
* Oops. Really delete the extra argument this timeKen Raeburn2008-08-061-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20622 dc483132-0cff-0310-8789-dd5450dbe970
* Check for malloc failureKen Raeburn2008-08-061-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20615 dc483132-0cff-0310-8789-dd5450dbe970
* Removed unused (and unpassed) argument to process_k5beta7_policyKen Raeburn2008-08-061-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20614 dc483132-0cff-0310-8789-dd5450dbe970
* Reuse more k5beta7 code for ipropKen Raeburn2008-07-311-61/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20591 dc483132-0cff-0310-8789-dd5450dbe970
* Don't set LOCAL_SUBDIRS in many places and SUBDIRS in a few andKen Raeburn2008-07-203-3/+3
| | | | | | | default SUBDIRS to LOCAL_SUBDIRS via pre.in. Instead, just set SUBDIRS in each directory, and don't do anything in pre.in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20546 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Mark Phalan to correctly use progname instead ofTom Yu2008-07-175-80/+65
| | | | | | | | | | argv[0]. ticket: 6030 tags: pullup target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20532 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Mark Phalan to initialize progname before useTom Yu2008-07-161-4/+6
| | | | | | | | ticket: 6028 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20531 dc483132-0cff-0310-8789-dd5450dbe970
* misc uninitialized-storage accessesKen Raeburn2008-06-271-1/+1
| | | | | | | | | Fix some miscellaneous uninitialized-storage uses, mainly in unlikely error paths. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20487 dc483132-0cff-0310-8789-dd5450dbe970
* fix ktutil listing with timestampKen Raeburn2008-06-271-1/+2
| | | | | | | | | | ktutil's "list -t" option is supposed to show the timestamp stored in the keytab file. Instead, it shows some random (uninitialized) value, interpreted as a timestamp. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20486 dc483132-0cff-0310-8789-dd5450dbe970
* use-after-free bugsKen Raeburn2008-06-271-1/+1
| | | | | | | | | | | Fix some bugs with storage being used immediately after being freed. None look like anything an attacker can really manipulate AFAICT. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20485 dc483132-0cff-0310-8789-dd5450dbe970
* Merge from branch sun-ipropKen Raeburn2008-06-2416-78/+1198
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20465 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use private copy of syslog.h. Rebuild dependenciesKen Raeburn2008-06-101-9/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20386 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of handling of set-but-unused kadm5_config_params.admin_dbnameKen Raeburn2008-06-101-5/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20383 dc483132-0cff-0310-8789-dd5450dbe970
* Remove documentation for no-longer-supported admin_dbname argumentKen Raeburn2008-06-101-6/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20382 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of handling of set-but-unused kadm5_config_params.admin_lockfileKen Raeburn2008-06-101-5/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20381 dc483132-0cff-0310-8789-dd5450dbe970
* Revert a few const specs to reduce warningsKen Raeburn2008-06-031-5/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20358 dc483132-0cff-0310-8789-dd5450dbe970
* Fix various minor format-string issuesKen Raeburn2008-06-036-20/+23
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20356 dc483132-0cff-0310-8789-dd5450dbe970
* Partial const-ification, as indicated by the modern Tcl API, exceptKen Raeburn2008-06-022-93/+104
| | | | | | for any bits that would require changing the admin APIs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20352 dc483132-0cff-0310-8789-dd5450dbe970
* Apple PKINIT patch commitAlexandra Ellwood2008-05-301-6/+89
| | | | | | | | | | | | | Commit of Apple PKINIT patches under "APPLE_PKINIT" preprocessor symbol. Long term goal is to merge these patches with the pkinit preauth plugin which does not currently have support for Mac OS X crypto libraries or the exported functions used by Back To My Mac. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20346 dc483132-0cff-0310-8789-dd5450dbe970
* No prototype when building kdb5_util without krb4 supportAlexandra Ellwood2008-05-301-1/+2
| | | | | | | | | Move stdio inclusion to the top of the file so there is a definition of printf when building without v4 support. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20345 dc483132-0cff-0310-8789-dd5450dbe970
* Warnings in server_stubs.c (signed vs unsigned errmsg, gcc printf)Alexandra Ellwood2008-05-301-39/+44
| | | | | | | | | | | | | | | | server_stubs.c uses char * for error messages which it gets from com_err, throwing away the constness of the com_err output. Made error message args be const char * to remove warnings and prevent accidental modification of com_err strings. In calls to krb5_klog_syslog server_stubs.c passes void* into %s printf formats and passes size_ts in for the field widths in %.*s formats. After verifying that the size_ts cannot be bigger than ints (which is ensured by trunc_name) added casts to remove spurious warnings. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20344 dc483132-0cff-0310-8789-dd5450dbe970
* Force hostname to lowercase before constructing kadmin principal name.Ken Raeburn2008-05-171-2/+22
| | | | | | | | Allocate space for the name dynamically. ticket: 5943 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20323 dc483132-0cff-0310-8789-dd5450dbe970
* man page macro and hyphen fixesRuss Allbery2008-02-191-4/+4
| | | | | | | | | | | | | | Fix various unescaped hyphens, lines starting with . that shouldn't be macros, undefined strings, and misspelled macros in the man pages. Found via man --warnings on a current Debian unstable system. ticket: new component: krb5-doc Version_Reported: 1.6.3 Target_Version: 1.6.4 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20228 dc483132-0cff-0310-8789-dd5450dbe970
* Set close-on-exec flag in most places where file descriptors areKen Raeburn2007-10-221-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | opened in our libraries (in case another application thread spawns a new process) and in the KDC programs (in case a plugin library spawns a new process). Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup dup2 pipe. In: util lib plugins kdc kadmin/server krb524. The various programs are less critical than the libraries, as any well-written plugin that spawns a new process should close all file descriptors it doesn't need to communicate with the new process. This approach also isn't bulletproof, as the call to set the close-on-exec flag is necessarily a separate call from creating the file descriptor, and the fork call could happen in between them. So plugins should be careful regardless of this patch; it will only reduce the window of potential lossage should a plugin be poorly written. (AFAIK there are currently no plugins that spawn processes where this would be a problem.) Update dependencies. ticket: 5561 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
* fixed mispelling in kadmin error messageAlexandra Ellwood2007-10-161-1/+1
| | | | | | ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20126 dc483132-0cff-0310-8789-dd5450dbe970
* Will Fiveash and Mark Phalan report that kadmin's unlock command callsTom Yu2007-10-041-1/+1
| | | | | | | | | | kadm5_lock() instead of of kadm5_unlock(). Apply the obvious fix. ticket: 4136 target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20094 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unused codesKen Raeburn2007-08-271-4/+0
| | | | | | ticket: 5642 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19885 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unused PLURAL macroKen Raeburn2007-08-271-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19884 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-08-164-57/+63
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970
* Use [v]snprintf or asprintf instead of unchecked sprintf and separate ↵Ken Raeburn2007-07-121-9/+5
| | | | | | allocation size calculations git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19709 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid unchecked sprintf in some KDC-side programsKen Raeburn2007-07-123-12/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19705 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of .o files when cleaningKen Raeburn2007-07-101-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19687 dc483132-0cff-0310-8789-dd5450dbe970
* Check for error indication from localtime.Ken Raeburn2007-06-291-11/+51
| | | | | | | | | | In a few cases this means changing internal function signatures to allow for passing back the error indication up the call stack. Thanks to Domagoj Babic for pointing out the possible null pointer dereferences that would result if localtime fails. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19656 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2007-005 [CVE-2007-2798/VU#554257]Tom Yu2007-06-261-6/+28
| | | | | | | | | | | Truncate the principal names when logging a rename operation to avoid a stack buffer overflow. ticket: new target_version: 1.6.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19637 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unused filesKen Raeburn2007-05-182-340/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19551 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unused fileKen Raeburn2007-05-181-241/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19550 dc483132-0cff-0310-8789-dd5450dbe970
* Add the new kadm5srv function krb5_get_principal_keys to the export listRuss Allbery2007-04-162-5/+16
| | | | | | | | | | Build a separate copy of kadmin/cli/keytab.c for kadmin.local that exposes the -norandkey flag in a way that doesn't require the compiler support -c and -o at the same time. Ticket: 914 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19475 dc483132-0cff-0310-8789-dd5450dbe970
* Add support for extracting existing keys from the KDC with kadmin.local.Russ Allbery2007-04-162-2/+47
| | | | | | | | | | Adds a -norandkey option to the ktadd command only in kadmin.local, and adds a new function to the libkadm5srv library that kadmin.local can call. There is no protocol or network access to this function. Ticket: 914 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19474 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslogTom Yu2007-04-036-166/+201
| | | | | | | | | | | | | | | | Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog. * src/lib/krb5/krb/get_in_tkt.c (krb5_klog_syslog): Use vsnprintf if available. Everything else: use precision fields on "%s" specifiers to truncate logged strings, in case someone doesn't have vsnprintf. ticket: new target_version: 1.6.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19395 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-03-281-9/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19301 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 00:16:52 +0000