summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi
Commit message (Collapse)AuthorAgeFilesLines
...
* Untabify. Normalize whitespace. Reindent. Fix some of the mostTom Yu2008-10-1566-8076/+8163
| | | | | | | egregious formatting quirks. Add emacs mode settings to flag untabified source files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20876 dc483132-0cff-0310-8789-dd5450dbe970
* Finished KLL to KIM shim.Alexandra Ellwood2008-10-011-17/+20
| | | | | | | | Switched krb5 code to using it. ticket: 6134 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20796 dc483132-0cff-0310-8789-dd5450dbe970
* krb5 library-side changes for com_err based error stringsAlexandra Ellwood2008-09-301-4/+2
| | | | | | ticket: 6138 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20786 dc483132-0cff-0310-8789-dd5450dbe970
* makedependKen Raeburn2008-09-183-326/+339
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
* Use GSS_S_BAD_STATUS for unknown status codesKen Raeburn2008-09-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20704 dc483132-0cff-0310-8789-dd5450dbe970
* Based on patch from lxs, with some changes:Ken Raeburn2008-08-2721-116/+105
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add several new gcc warning flags, used in the KfM build process. Put declarations before code. Fix a bunch of signed/unsigned type mixes, mostly by changing variable types to unsigned int. Fix constness in handling name of default ccache name. Make sure functions get declared with prototypes: krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get. Don't shadow global names: stat accept index open encrypt. Fix variable shadowing in LDAP ASN.1 support. Don't define unused krb5int_local_addresses. Don't export internal krb5_change_set_password. Fix error return indications from gssint_oid_to_mech. Create and use k5-gmt_mktime.h to provide one global declaration of krb5int_gmt_mktime, needed before we've generated krb5.h on some platforms. Not incorporated from initial patch: const changes in function signatures. ticket: 6096 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970
* lean client changesZhanna Tsitkov2008-08-2013-22/+136
| | | | | | | | | All changes are under LEAN_CLIENT macro. Application server functionality is disabled. Ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20680 dc483132-0cff-0310-8789-dd5450dbe970
* Use load_store_16/32_beKen Raeburn2008-08-022-10/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20601 dc483132-0cff-0310-8789-dd5450dbe970
* Fix one missed rename of "exit" label to "done"Tom Yu2008-07-231-1/+1
| | | | | | ticket: 5442 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20575 dc483132-0cff-0310-8789-dd5450dbe970
* replace "exit" label with "done"Jeffrey Altman2008-07-231-4/+4
| | | | | | ticket: 5442 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20574 dc483132-0cff-0310-8789-dd5450dbe970
* This patch addresses the issues raised in this ticket and ticket 5936Jeffrey Altman2008-07-211-18/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (a) In the case where 'cred_handle' != 'verifier_cred_handle'[1] krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success case and the failure cases that result in returning from the function prior to reaching the end of the function. (b) The meaningful 'minor_status' return value is destroyed during the cleanup operations. The approach taken is to add a new 'exit:' label prior to the end of the function through which all function returns after reaching the 'fail:' label will goto. After 'exit:', the 'cred_handle' will be released and if there is a krb5_context 'context' to be freed, the error info will be saved and krb5_free_context() will be called. In the success case, the krb5_context is saved in the gss context and we now set 'context' to NULL to prevent it from being freed. In order to preserve the minor_status return code, a 'tmp_minor_status' variable is added that is used after the 'fail:' label in calls to krb5_gss_delete_sec_context() and krb5_gss_release_cred(). [1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to the value of 'verifier_cred_handle'. ticket: 5442 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20559 dc483132-0cff-0310-8789-dd5450dbe970
* Don't set LOCAL_SUBDIRS in many places and SUBDIRS in a few andKen Raeburn2008-07-201-1/+1
| | | | | | | default SUBDIRS to LOCAL_SUBDIRS via pre.in. Instead, just set SUBDIRS in each directory, and don't do anything in pre.in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20546 dc483132-0cff-0310-8789-dd5450dbe970
* Fix indirection on assignment to minor statusTom Yu2008-07-161-4/+4
| | | | | | ticket: 5962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20530 dc483132-0cff-0310-8789-dd5450dbe970
* Check return value from k5_mutex_lock() to partially mitigate someTom Yu2008-07-161-9/+20
| | | | | | | | assertion failures when mutexes get destroyed out from under us. ticket: 5962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20529 dc483132-0cff-0310-8789-dd5450dbe970
* call kg_delete_lucidctx_id before freeing, not afterKen Raeburn2008-06-271-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20483 dc483132-0cff-0310-8789-dd5450dbe970
* misc memory leaksKen Raeburn2008-06-271-1/+3
| | | | | | | | | | | | Fix various memory leaks that show up mostly in error cases (e.g., failure to allocate one small object, and then we forget to free another one). ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20481 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use private copy of syslog.h. Rebuild dependenciesKen Raeburn2008-06-101-4/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20386 dc483132-0cff-0310-8789-dd5450dbe970
* Check for GSS_C_NO_CREDENTIAL before loop checkKen Raeburn2008-06-061-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20363 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a few incompatible-pointer warnings that aren't just about signednessKen Raeburn2008-06-022-7/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20351 dc483132-0cff-0310-8789-dd5450dbe970
* Move auto var to outer scope, because its storage is used beyond the inner scopeKen Raeburn2008-05-151-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20320 dc483132-0cff-0310-8789-dd5450dbe970
* Don't test error code when it's known to be 0Ken Raeburn2008-05-151-3/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20319 dc483132-0cff-0310-8789-dd5450dbe970
* Fix minor bug in kg_save_name failure cleanup codeKen Raeburn2008-05-151-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20318 dc483132-0cff-0310-8789-dd5450dbe970
* Free context after use, not beforeKen Raeburn2008-05-151-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20317 dc483132-0cff-0310-8789-dd5450dbe970
* (more) After malloc/realloc/calloc/strdup/asprintf failures, useKen Raeburn2008-04-301-2/+2
| | | | | | | | ENOMEM explicitly instead of reading it from errno. This may make static analysis tools less confused about when we return zero vs nonzero values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20313 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 220: NULL check of "buf" after dereferenceKen Raeburn2008-03-291-1/+3
| | | | | | | | All call sites have previously dereferenced the pointer, but to keep the interface simple, keep the null check, and move the dereference to after it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20300 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 46: mech_type will always have the address of anKen Raeburn2008-03-291-3/+0
| | | | | | | | automatic variable, so can never be null (GSS_C_NULL_OID). Delete null check and unreachable conditional code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20299 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 47: Unreachable codeKen Raeburn2008-03-291-6/+0
| | | | | | Delete redundant "status" check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20298 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 91: Context is tested for null, and then unconditionallyKen Raeburn2008-03-291-1/+1
| | | | | | | | dereferenced. Remove unneeded null check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20297 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 228: Possible use of uninitialized variable time_req inKen Raeburn2008-03-292-1/+30
| | | | | | | | | | gss_add_cred if cred_usage has an invalid value. (Also flagged by GCC.) Changed validation routines for gss_add_cred, gss_acquire_cred, and gss_store_cred to check the cred_usage value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20295 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-5971: double-free in gss_krb5int_make_seal_token_v3()Tom Yu2007-12-141-1/+0
| | | | | | | | ticket: 5856 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20180 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-5971: free of non-heap pointer in gss_indicate_mechs()Tom Yu2007-12-141-1/+1
| | | | | | | | ticket: 5856 tags: pullup target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20178 dc483132-0cff-0310-8789-dd5450dbe970
* copy correct key for lucid context acceptor_subkeyKevin Coffman2007-12-121-1/+1
| | | | | | | | | | Copy the correct key (acceptor_subkey) to lucid context's acceptor_subkey. ticket: new component: krb5-libs Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20175 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Nalin Dahyabhai to correctly handle delegatedTom Yu2007-10-031-2/+5
| | | | | | | | | | credentials if ret_flags is null. ticket: 5802 target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20082 dc483132-0cff-0310-8789-dd5450dbe970
* Rework error-mapping code to preserve status code values when returnedKen Raeburn2007-09-053-75/+173
| | | | | | | | | | | | | | | by only one mechanism. Revert RPC code to relying on this. Build error-mapping code on a bidirectional map instead of a simple array. When a status code is returned but has been seen returned from a different mechanism already, generate a new number, starting at 100,000. Use gssrpcint_printf for some more debugging code. ticket: 5654 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19919 dc483132-0cff-0310-8789-dd5450dbe970
* GSS-API Win64 support Jeffrey Altman2007-09-021-1/+6
| | | | | | | | The name of the Leash API DLL on Win64 is "leashw64.dll". ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19909 dc483132-0cff-0310-8789-dd5450dbe970
* pullup to trunkAlexandra Ellwood2007-08-241-2/+2
| | | | | | | ticket: 5643 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19871 dc483132-0cff-0310-8789-dd5450dbe970
* In clean-windows, replace spaces with tabEzra Peisach2007-08-241-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19870 dc483132-0cff-0310-8789-dd5450dbe970
* no unistd.h on WindowsJeffrey Altman2007-08-241-0/+2
| | | | | | | | do not include unistd.h on Windows because it doesn't exist ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19851 dc483132-0cff-0310-8789-dd5450dbe970
* cleanup src/lib/gssapi/krb5/error_map.h on WindowsJeffrey Altman2007-08-241-0/+2
| | | | | | | | during 'clean' delete the generated file error_map.h ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19850 dc483132-0cff-0310-8789-dd5450dbe970
* Added errmap.h to the generate-files-mac targetAlexandra Ellwood2007-08-201-1/+1
| | | | | | ticket: 5654 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19846 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-08-164-305/+340
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970
* remap mechanism-specific status codes in mechglue/spnegoKen Raeburn2007-08-1635-93/+565
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch creates a mapping in the mechglue/spnego code to modify mechanism status codes when passing them back to the application, so that mechglue's display_status dispatcher can determine the correct mechanism to dispatch to. This is part of the "get enhanced error messages from gssapi applications" project; ticket 5590 has updates to the Kerberos 5 mechanism to extract enhanced error messages (when there are any) from the Kerberos library. util/gen.pl, util/t_*.pm: New code generation script and templates. lib/gssapi/generic: Add a new, global mapping that enumerates the {mechOID,status} pairs as they're seen, allowing a magic mechOID value to indicate com_err error codes from mechglue and spnego, and reserving status code 0 for unknown errors. Preload the Kerberos "wrong principal" error code once for each mechanism OID used for Kerberos, so the entries get fixed positions (1-3) in the table. lib/gssapi/gss_libinit.c: Call the initializer and destructor functions. lib/gssapi/mechglue, lib/gssapi/spnego: Enter all mechanism-generated or locally-generated status codes into the mapping table, and return the table index to the application. Do the reverse in display_status, to get the messages from the mechanism.. lib/rpc: Define new function gssrpcint_printf to use for debugging instead of printf, to redirect output away from dejagnu; add a couple more debugging calls. Check for minor status codes 1-3 now instead of KRB5KRB_AP_WRONG_PRINC. tests/dejagnu/krb-standalone/gssftp.exp: Test getting more detailed error messages back, by having the ftp client attempt to authenticate to a non-existent service, and examining the error message for the service principal name. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19831 dc483132-0cff-0310-8789-dd5450dbe970
* (krb5_gss_internal_release_oid): Always clear *minor_statusKen Raeburn2007-08-161-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19830 dc483132-0cff-0310-8789-dd5450dbe970
* Change prototype for g_token_size to match function declaration laterEzra Peisach2007-08-161-1/+1
| | | | | | | | | | in file. (OM_Uint32 changed to unsigned int). On a 64 bit architecture, they are different. ticket: 5581 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19828 dc483132-0cff-0310-8789-dd5450dbe970
* compilation failure with IRIX native compilerEzra Peisach2007-08-161-1/+1
| | | | | | | | | gss_release_buffer takes OM_uint32* as an argument, not OM_uint32. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19827 dc483132-0cff-0310-8789-dd5450dbe970
* Release mechtok_out in spnego_gss_init_sec_context.Tom Yu2007-08-071-0/+1
| | | | | | | | | | | Reported by Markus Moeller. ticket: 5629 version_reported: 1.6.1 target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19757 dc483132-0cff-0310-8789-dd5450dbe970
* Added new autogenerated file to generate-files-mac targetAlexandra Ellwood2007-07-191-1/+1
| | | | | | ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19718 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid use of unchecked sprintf in libraries. Use asprintf if theKen Raeburn2007-07-122-11/+8
| | | | | | | output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
* Make error_map.h depend on ktemplate.pm tooKen Raeburn2007-07-041-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19675 dc483132-0cff-0310-8789-dd5450dbe970
* gss krb5 mech enhanced error messagesKen Raeburn2007-07-0425-48/+260
| | | | | | | | | | | | | | | | | | | | | | Save detailed error messages (usually from the krb5 library) in per-thread storage, mapping each error code to the most recently produced message for it. Return the message from display_status. Currently not implemented for a few cases where the krb5 mechanism returns a minor status code of 0, or another value different from the libkrb5 error code. Other functions are available to store a generic string or formatted message, but aren't used much at present. Tested with these errors in context establishment: * missing ccache (libkrb5 shows pathname if FILE: type) * missing keytab (libkrb5 shows pathname if FILE: type) * server principal unknown (libkrb5 shows server principal) ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19672 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 07:00:42 +0000