summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* FreeBSD compiler errors out on an error "zero or negative size array"Ezra Peisach2009-01-131-0/+8
| | | | | | | | | | | | after setting up an array with no elements. ifdef out array declarations and code that uses it until there are entries. Affects: krb5_gss_inquire_cred_by_oid_ops and krb5_gss_set_sec_context_option_ops which would return an error in any case as here are no entries in the arrays. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21740 dc483132-0cff-0310-8789-dd5450dbe970
* Remove gss_export_name_object and gss_import_name_object.Sam Hartman2009-01-121-2/+0
| | | | | | | | These are not standard interfaces, are not used by our tree and were added because they might be useful but ended up not being used. The stubs in gssapi.hin remain as they were shipped with previous releases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21728 dc483132-0cff-0310-8789-dd5450dbe970
* Remove conflict marker; restore broken copyright lineKen Raeburn2009-01-091-2/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21719 dc483132-0cff-0310-8789-dd5450dbe970
* move generated dependencies out of Makefile.inKen Raeburn2009-01-052-659/+657
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Move automatically-generated dependencies into separate files in the source tree, and take the data out of Makefile.in. Keep the "make depend" rules for stripping out the dependencies from Makefile.in, in case some optional directories were missed, but everything that builds on my UNIX build has been converted. (Converting a directory just requires creating an empty "deps" file so that config.status can build the makefile, and then later running "make depend" in that directory to get the correct content for it.) Change configure scripts to incorporate the "deps" file when building each Makefile. This change requires the existence of a file "deps" in each source directory where we build a makefile, even if there are no sources for which to compute dependencies; a switch to GNU make would let us conditionalize that, but we can assess that later. Update dependencies for the generate Makefile itself to list the deps file. This will also require some minor tweaking of the Windows build, to make it incorporate the new deps file. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-0339-2038/+5097
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* Release default credentials before exiting krb5_gss_init_sec_context routineZhanna Tsitkov2008-12-091-1/+3
| | | | | | Ticket: 6294 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21298 dc483132-0cff-0310-8789-dd5450dbe970
* Don't build dependencies for v4rcp.c.Ken Raeburn2008-11-041-328/+361
| | | | | | Rebuild dependencies for k5-buf.h, and without krb4 support. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20964 dc483132-0cff-0310-8789-dd5450dbe970
* Only prompt automatically from GUI appsAlexandra Ellwood2008-10-291-5/+25
| | | | | | | | | | Direct callers such as kinit need command line prompts. Do not automatically prompt (via krb5 or gssapi calls) unless the caller has loaded GUI libraries. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20937 dc483132-0cff-0310-8789-dd5450dbe970
* Apply (adapted) patch from Apple to check for SPNEGO mechanism inTom Yu2008-10-201-9/+34
| | | | | | | | export_lucid_sec_ctx. ticket: 6015 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20899 dc483132-0cff-0310-8789-dd5450dbe970
* Use strdup in place of malloc/strcpy in many placesGreg Hudson2008-10-201-2/+1
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20898 dc483132-0cff-0310-8789-dd5450dbe970
* Untabify. Normalize whitespace. Reindent. Fix some of the mostTom Yu2008-10-1546-6643/+6708
| | | | | | | egregious formatting quirks. Add emacs mode settings to flag untabified source files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20876 dc483132-0cff-0310-8789-dd5450dbe970
* Finished KLL to KIM shim.Alexandra Ellwood2008-10-011-17/+20
| | | | | | | | Switched krb5 code to using it. ticket: 6134 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20796 dc483132-0cff-0310-8789-dd5450dbe970
* makedependKen Raeburn2008-09-181-308/+319
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
* Based on patch from lxs, with some changes:Ken Raeburn2008-08-279-38/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add several new gcc warning flags, used in the KfM build process. Put declarations before code. Fix a bunch of signed/unsigned type mixes, mostly by changing variable types to unsigned int. Fix constness in handling name of default ccache name. Make sure functions get declared with prototypes: krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get. Don't shadow global names: stat accept index open encrypt. Fix variable shadowing in LDAP ASN.1 support. Don't define unused krb5int_local_addresses. Don't export internal krb5_change_set_password. Fix error return indications from gssint_oid_to_mech. Create and use k5-gmt_mktime.h to provide one global declaration of krb5int_gmt_mktime, needed before we've generated krb5.h on some platforms. Not incorporated from initial patch: const changes in function signatures. ticket: 6096 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970
* lean client changesZhanna Tsitkov2008-08-207-15/+102
| | | | | | | | | All changes are under LEAN_CLIENT macro. Application server functionality is disabled. Ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20680 dc483132-0cff-0310-8789-dd5450dbe970
* Use load_store_16/32_beKen Raeburn2008-08-021-6/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20601 dc483132-0cff-0310-8789-dd5450dbe970
* Fix one missed rename of "exit" label to "done"Tom Yu2008-07-231-1/+1
| | | | | | ticket: 5442 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20575 dc483132-0cff-0310-8789-dd5450dbe970
* replace "exit" label with "done"Jeffrey Altman2008-07-231-4/+4
| | | | | | ticket: 5442 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20574 dc483132-0cff-0310-8789-dd5450dbe970
* This patch addresses the issues raised in this ticket and ticket 5936Jeffrey Altman2008-07-211-18/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (a) In the case where 'cred_handle' != 'verifier_cred_handle'[1] krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success case and the failure cases that result in returning from the function prior to reaching the end of the function. (b) The meaningful 'minor_status' return value is destroyed during the cleanup operations. The approach taken is to add a new 'exit:' label prior to the end of the function through which all function returns after reaching the 'fail:' label will goto. After 'exit:', the 'cred_handle' will be released and if there is a krb5_context 'context' to be freed, the error info will be saved and krb5_free_context() will be called. In the success case, the krb5_context is saved in the gss context and we now set 'context' to NULL to prevent it from being freed. In order to preserve the minor_status return code, a 'tmp_minor_status' variable is added that is used after the 'fail:' label in calls to krb5_gss_delete_sec_context() and krb5_gss_release_cred(). [1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to the value of 'verifier_cred_handle'. ticket: 5442 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20559 dc483132-0cff-0310-8789-dd5450dbe970
* call kg_delete_lucidctx_id before freeing, not afterKen Raeburn2008-06-271-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20483 dc483132-0cff-0310-8789-dd5450dbe970
* misc memory leaksKen Raeburn2008-06-271-1/+3
| | | | | | | | | | | | Fix various memory leaks that show up mostly in error cases (e.g., failure to allocate one small object, and then we forget to free another one). ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20481 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a few incompatible-pointer warnings that aren't just about signednessKen Raeburn2008-06-021-5/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20351 dc483132-0cff-0310-8789-dd5450dbe970
* Don't test error code when it's known to be 0Ken Raeburn2008-05-151-3/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20319 dc483132-0cff-0310-8789-dd5450dbe970
* Fix minor bug in kg_save_name failure cleanup codeKen Raeburn2008-05-151-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20318 dc483132-0cff-0310-8789-dd5450dbe970
* Free context after use, not beforeKen Raeburn2008-05-151-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20317 dc483132-0cff-0310-8789-dd5450dbe970
* (more) After malloc/realloc/calloc/strdup/asprintf failures, useKen Raeburn2008-04-301-2/+2
| | | | | | | | ENOMEM explicitly instead of reading it from errno. This may make static analysis tools less confused about when we return zero vs nonzero values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20313 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 91: Context is tested for null, and then unconditionallyKen Raeburn2008-03-291-1/+1
| | | | | | | | dereferenced. Remove unneeded null check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20297 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-5971: double-free in gss_krb5int_make_seal_token_v3()Tom Yu2007-12-141-1/+0
| | | | | | | | ticket: 5856 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20180 dc483132-0cff-0310-8789-dd5450dbe970
* copy correct key for lucid context acceptor_subkeyKevin Coffman2007-12-121-1/+1
| | | | | | | | | | Copy the correct key (acceptor_subkey) to lucid context's acceptor_subkey. ticket: new component: krb5-libs Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20175 dc483132-0cff-0310-8789-dd5450dbe970
* GSS-API Win64 support Jeffrey Altman2007-09-021-1/+6
| | | | | | | | The name of the Leash API DLL on Win64 is "leashw64.dll". ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19909 dc483132-0cff-0310-8789-dd5450dbe970
* In clean-windows, replace spaces with tabEzra Peisach2007-08-241-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19870 dc483132-0cff-0310-8789-dd5450dbe970
* cleanup src/lib/gssapi/krb5/error_map.h on WindowsJeffrey Altman2007-08-241-0/+2
| | | | | | | | during 'clean' delete the generated file error_map.h ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19850 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-08-161-286/+319
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970
* (krb5_gss_internal_release_oid): Always clear *minor_statusKen Raeburn2007-08-161-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19830 dc483132-0cff-0310-8789-dd5450dbe970
* Added new autogenerated file to generate-files-mac targetAlexandra Ellwood2007-07-191-1/+1
| | | | | | ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19718 dc483132-0cff-0310-8789-dd5450dbe970
* Make error_map.h depend on ktemplate.pm tooKen Raeburn2007-07-041-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19675 dc483132-0cff-0310-8789-dd5450dbe970
* gss krb5 mech enhanced error messagesKen Raeburn2007-07-0424-48/+256
| | | | | | | | | | | | | | | | | | | | | | Save detailed error messages (usually from the krb5 library) in per-thread storage, mapping each error code to the most recently produced message for it. Return the message from display_status. Currently not implemented for a few cases where the krb5 mechanism returns a minor status code of 0, or another value different from the libkrb5 error code. Other functions are available to store a generic string or formatted message, but aren't used much at present. Tested with these errors in context establishment: * missing ccache (libkrb5 shows pathname if FILE: type) * missing keytab (libkrb5 shows pathname if FILE: type) * server principal unknown (libkrb5 shows server principal) ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19672 dc483132-0cff-0310-8789-dd5450dbe970
* Tell Emacs to use C mode for this fileKen Raeburn2007-07-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19660 dc483132-0cff-0310-8789-dd5450dbe970
* If a reflection is detected, zap the message buffer pointer outputKen Raeburn2007-02-241-1/+4
| | | | | | | | | | argument as well as actually freeing the buffer. (Found while using the gsstest option to exercise error conditions.) ticket: 5445 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19171 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure consistancy between prototypes and functionsEzra Peisach2007-02-191-1/+1
| | | | | | | | | | | | I am using an older compiler that is complaining that prototypes do not match the functions they reference. The issue is that a number of prototypes are using "const int foo" while the function is "int foo". From a caller sense it makes no difference - but the compiler is correct they are different. All is now consistant. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19169 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_kt_get_type should return const char *. Ezra Peisach2007-02-051-2/+2
| | | | | | | | | | | | The code returns a pointer to static structures. Just to enforce the assumption that users can not change the returned data. Change prototype of krb5_kt_get_type to return const char *. The other changes are to clean up warnings - no change in code - usage assumed const. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19143 dc483132-0cff-0310-8789-dd5450dbe970
* gss_krb5int_unseal_token_v3() - change bodysize argument to unsigned -Ezra Peisach2007-01-232-2/+3
| | | | | | | which is consistent with how it is invoked and used. Cleans up two signed/unsigned warnings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19105 dc483132-0cff-0310-8789-dd5450dbe970
* If gss_krb5int_unseal_token_v3() unwraps a message of length 0 - freeEzra Peisach2006-12-301-0/+4
| | | | | | | | | | | memory and return in message_buffer a NULL pointer for value. This is consistant with gss_release_buffer in the mechglue implementation in which memory is only freed if the buffer length != 0. ticket: 5233 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19022 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak if defective header present in gss_krb5int_unseal_token_v3Ezra Peisach2006-12-301-1/+3
| | | | | | | | | | If after unsealing the message, the TOK_ID is not 05 04, free memory before returning a defective token error. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19021 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-12-121-32/+32
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18940 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/vfy_increds.c (krb5_verify_init_creds): UseTom Yu2006-11-301-13/+2
| | | | | | | | | | | | | krb5_cc_new_unique(). * src/lib/gssapi/krb5/accept_sec_context.c: (rd_and_store_for_creds): Use krb5_cc_new_unique(). ticket: 4805 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18887 dc483132-0cff-0310-8789-dd5450dbe970
* avoid double frees in ccache manipulation around gen_newKen Raeburn2006-11-161-1/+3
| | | | | | | | | | | | * krb5/krb/vfy_increds.c (krb5_verify_init_creds): If krb5_cc_gen_new fails, don't both close and destroy the template ccache. * gssapi/krb5/accept_sec_context.c (rd_and_store_for_creds): Likewise. ticket: new target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18815 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-11-011-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18753 dc483132-0cff-0310-8789-dd5450dbe970
* Include gss_libinit.h for gssint_initialize_library() prototypeEzra Peisach2006-10-162-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18721 dc483132-0cff-0310-8789-dd5450dbe970
* Remove all unused variable warnings from treeEzra Peisach2006-10-151-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18712 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 16:09:28 +0000