summaryrefslogtreecommitdiffstats
path: root/src/lib/krb4
Commit message (Collapse)AuthorAgeFilesLines
* Remove krb524, lib/des425, lib/krb4, and include/kerberosIV.Greg Hudson2008-12-18102-19308/+0
| | | | | | | | | | Remove krb4 build system references and conditionals. Move des425 header stuff referenced by des_int.h into des_int.h. Remove krb4 test cases. ticket: 6303 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21544 dc483132-0cff-0310-8789-dd5450dbe970
* makedependKen Raeburn2008-09-181-46/+48
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a few incompatible-pointer warnings that aren't just about signednessKen Raeburn2008-06-021-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20351 dc483132-0cff-0310-8789-dd5450dbe970
* Set close-on-exec flag in most places where file descriptors areKen Raeburn2007-10-2213-16/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | opened in our libraries (in case another application thread spawns a new process) and in the KDC programs (in case a plugin library spawns a new process). Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup dup2 pipe. In: util lib plugins kdc kadmin/server krb524. The various programs are less critical than the libraries, as any well-written plugin that spawns a new process should close all file descriptors it doesn't need to communicate with the new process. This approach also isn't bulletproof, as the call to set the close-on-exec flag is necessarily a separate call from creating the file descriptor, and the fork call could happen in between them. So plugins should be careful regardless of this patch; it will only reduce the window of potential lossage should a plugin be poorly written. (AFAIK there are currently no plugins that spawn processes where this would be a problem.) Update dependencies. ticket: 5561 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-08-161-42/+46
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970
* Debugged version of patch worked up with LukeKen Raeburn2007-07-271-1/+1
| | | | | | | | | | | | Adds a callback to krb5int_sendto to examine the response and indicate whether to quit the loop or not. For sendto_kdc, keep going if the returned error is "service unavailable". Updated all other callers to pass a null function pointer, which means to always break out of the loop on any response (the old behavior). ticket: 3334 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19738 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-07-131-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19710 dc483132-0cff-0310-8789-dd5450dbe970
* Missed a sprintf->snprintf switchKen Raeburn2007-07-121-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19706 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid use of unchecked sprintf in libraries. Use asprintf if theKen Raeburn2007-07-126-14/+15
| | | | | | | output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
* Nuke disabled support for ancient .klogin syntaxKen Raeburn2007-07-124-871/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19702 dc483132-0cff-0310-8789-dd5450dbe970
* Attach format attributes to declarations of various message-formattingKen Raeburn2007-06-291-2/+6
| | | | | | | | | | | | | routines under gcc. In a couple of routines, hard-code the preference for using the vsnprintf paths instead of list-of-int-arguments hacks now that we're assuming vsnprintf is available in other places. Installed headers affected: com_err.h (com_err, com_err_va) ss.h (ss_error) krb5.h (krb5_set_error_message, krb5_vset_error_message) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19653 dc483132-0cff-0310-8789-dd5450dbe970
* Don't define KRB5_PRIVATE, since it's not tested any moreKen Raeburn2007-01-201-5/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19083 dc483132-0cff-0310-8789-dd5450dbe970
* * g_pw_in_tkt.c (passwd_to_key): Unused function deletedKen Raeburn2006-11-021-48/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18757 dc483132-0cff-0310-8789-dd5450dbe970
* Clear req_st buffer before filling it inKen Raeburn2006-10-151-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18706 dc483132-0cff-0310-8789-dd5450dbe970
* make dependTom Yu2006-10-061-14/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18652 dc483132-0cff-0310-8789-dd5450dbe970
* Merge Todd's TCP changepw support, with a few fixupsKen Raeburn2006-08-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * include/cm.h (state_strings, enum conn_states, struct incoming_krb5_message, struct conn_state): Moved here from lib/krb5/os/sendto_kdc.c. (stuct sendto_callback_info): New type. * lib/krb5/os/sendto_kdc.c (set_conn_state_msg_length): New function. (setup_connection): Deleted argument message_len_buf. Don't store message length; call set_conn_state_msg_length instead. (start_connection): New arguments callback_info and callback_buffer. Invoke callback function if any, and set message length on success. (maybe_send): New arguments callback_info and callback_buffer; pass them to start_connection. (krb5int_sendto): New arguments callback_info, remoteaddr, remoteaddrlen. If callback info is provided, allocate per-connection buffers, and pass them to maybe_send. On cleanup, invoke the cleanup callback function if any. (krb5_sendto_kdc): Update krb5int_sendto call. * include/k5-int.h (struct sendto_callback_info): Add forward declaration. (krb5int_sendto, struct _krb5int_access.sendto_udp): Update for new signature. * lib/krb5/os/send524 (krb5int_524_sendto_kdc): Update krb5int_sendto call. * lib/krb4/send_to_kdc.c (krb5int_send_to_kdc_addr): Update sendto_udp call. * lib/krb5/os/changepw.c (struct sendto_callback_context): New type. (krb5_locate_kpasswd): New argument useTcp, used to select socket type in krb5int_locate_server call. (kpasswd_sendto_msg_cleanup, kpasswd_sendto_msg_callback): New functions. (krb5_change_set_password): Call krb5int_sendto with callbacks, instead of managing the exchange here. On RESPONSE_TOO_BIG error, try again with TCP only. * lib/krb5/krb/chpw.c (krb5int_rd_chpw_rep): If length is wrong, check if a buggy server sent a KRB_ERROR. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18518 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilitiesTom Yu2006-08-081-2/+4
| | | | | | | | | | | | | | | | | | | * src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive): * src/appl/bsd/v4rcp.c (main): * src/appl/bsd/krcp.c (main): * src/appl/bsd/krshd.c (doit): * src/appl/bsd/login.c (main): * src/clients/ksu/main.c (sweep_up): * src/lib/krb4/kuserok.c (kuserok): Check return values from setuid() and related functions to avoid privilege escalation vulnerabilities. Fixes MITKRB5-SA-2006-001. [CVE-2006-3083, VU#580124, CVE-2006-3084, VU#401660] ticket: new target_version: 1.5.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18420 dc483132-0cff-0310-8789-dd5450dbe970
* autoconf 2.60 compatibilityKen Raeburn2006-06-281-2/+2
| | | | | | | | | | | Change all file substitutions so that @-patterns start at the beginning of their lines, as now required by autoconf 2.60 (released Monday). ticket: new target_version: 1.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18249 dc483132-0cff-0310-8789-dd5450dbe970
* Change a bunch of calls to ctype macros (those cited by Jeff, and aKen Raeburn2006-06-161-2/+2
| | | | | | | | few others) to cast the character values to unsigned char. ticket: 3445 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18156 dc483132-0cff-0310-8789-dd5450dbe970
* When NULL is passed into krb_get_in_pw_tkt, we only want to prompt onceRuss Allbery2006-06-142-0/+26
| | | | | | | | | | | | | | | for the password rather than passing NULL along to each string to key function causing each to prompt independently. Modify krb_get_in_pw_tkt to call des_read_pw_string directly and then pass the resulting password into each string to key function as needed. Add a prototype of des_read_pw_string to krb4int.h since it's an exported function of libdes425 but isn't prototyped in des.h. Ticket: 2648 Version_Reported: 1.3.3 Component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18129 dc483132-0cff-0310-8789-dd5450dbe970
* Updated CCAPI version of krb4int_save_credentials_addr toAlexandra Ellwood2006-06-061-1/+1
| | | | | | | | | match the prototype in the headers. ticket: new target-version: 1.5 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18084 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Alejandro R. Sedeno and Jeffrey Hutzelman to allow krb4 toSam Hartman2006-06-024-16/+326
| | | | | | | | | | | | | | | read 32-bit and 64-bit ticket files on 32-bit and 64-bit systems. Previously the ticket file format depended on the ABI. Significant backward compatibility is maintained; the patch works by writing alignment records that are valid (but meaningless) ticket file entries but that allow systems to get realigned. As a consequence an old library will see additional meaningless ticket file entries when it reads a ticket file produced by the new code. These entries are harmless and will be ignored. ticket: 1288 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18076 dc483132-0cff-0310-8789-dd5450dbe970
* Build lib/krb4 makefile at top levelKen Raeburn2006-05-262-25/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18046 dc483132-0cff-0310-8789-dd5450dbe970
* Rename locate.h to locate_plugin.h. Change references, update dependenciesKen Raeburn2006-05-241-6/+6
| | | | | | ticket: 3784 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18037 dc483132-0cff-0310-8789-dd5450dbe970
* install headers into include/krb5Ken Raeburn2006-05-231-49/+54
| | | | | | | | | | | Create include/krb5 directory, and put krb5.h and (k5-)locate.h there in the build tree. Stub krb5.h in main include directory just includes krb5/krb5.h. Update dependencies, and add dependencies in a couple Makefiles that didn't have them. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18030 dc483132-0cff-0310-8789-dd5450dbe970
* krb_get_tf_realm(): cc_int32 is an integer type and should be Alexandra Ellwood2006-04-241-1/+1
| | | | | | | | | initialized to 0 not NULL. ticket: new target_version: 1.5 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17949 dc483132-0cff-0310-8789-dd5450dbe970
* Don't include kdb.h from k5-int.h; instead, include it in the handfulKen Raeburn2006-04-131-24/+20
| | | | | | of places where it's actually needed. Update dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17898 dc483132-0cff-0310-8789-dd5450dbe970
* Remove ChangeLog files from the source tree. From now on, theSam Hartman2006-04-111-2926/+0
| | | | | | | subversion commit log entry needs to include information that would have been in the changelog. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17893 dc483132-0cff-0310-8789-dd5450dbe970
* Remove .Sanitize and .rconf files, no longer usedKen Raeburn2006-04-111-131/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17888 dc483132-0cff-0310-8789-dd5450dbe970
* * kadm_net.c (kadm_cli_send): Use 0, not NULL, when checking numericKen Raeburn2006-04-082-2/+5
| | | | | | | | | error codes. (Removes the two occurrences of "comparison between pointer and integer" in the build.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17872 dc483132-0cff-0310-8789-dd5450dbe970
* * fakeenv.c: Unused file deletedKen Raeburn2006-04-082-88/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17867 dc483132-0cff-0310-8789-dd5450dbe970
* set DEFS empty in more placesKen Raeburn2006-04-042-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17838 dc483132-0cff-0310-8789-dd5450dbe970
* Include autoconf.h (or include it earlier) in a bunch of files that areKen Raeburn2006-04-012-0/+5
| | | | | | currently depending on command-line macro settings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17825 dc483132-0cff-0310-8789-dd5450dbe970
* make depend, now with dependency sortingKen Raeburn2006-03-311-320/+332
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17811 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-03-271-14/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17786 dc483132-0cff-0310-8789-dd5450dbe970
* Instead of arbitrary division of headers into include and include/krb5, withKen Raeburn2006-03-1117-87/+94
| | | | | | | | | | | | include directives sometimes using krb5/foo.h and sometimes using foo.h, and -I options always given for both directories in both source and build trees, push include/krb5/* up a level and drop the krb5 directory (except, for the moment, the change log). Updated #include directives, -I options, and dependencies accordingly, and deleted one or two bits of old, unused code that was noticed in the process. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17730 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-03-081-45/+74
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17716 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-03-081-6/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17708 dc483132-0cff-0310-8789-dd5450dbe970
* make dependTom Yu2005-11-291-88/+65
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17505 dc483132-0cff-0310-8789-dd5450dbe970
* fix more executable permissionsTom Yu2005-08-255-0/+0
| | | | | | | | | | Fix some more executable permissions missing from import. ticket: new tags: pullup target_version: 1.4.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17357 dc483132-0cff-0310-8789-dd5450dbe970
* Delete .cvsignore files; contents have already been Sam Hartman2005-08-241-6/+0
| | | | | | set on svn:ignore properties. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17353 dc483132-0cff-0310-8789-dd5450dbe970
* All configure.in scripts: Use K5_AC_INIT instead of AC_INITKen Raeburn2005-08-202-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17342 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2005-06-211-65/+88
| | | | | | | | | N.B.: The version of gcc used this time ("gcc version 3.4.3 20041212 (Red Hat 3.4.3-9.EL4)") seems to emit some duplicate dependencies -- some header files get listed twice. This is annoying but shouldn't cause any harm.... git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17256 dc483132-0cff-0310-8789-dd5450dbe970
* * err_txt.c: Don't include krb_err.c if DEPEND is definedKen Raeburn2005-05-132-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17215 dc483132-0cff-0310-8789-dd5450dbe970
* updated dependencies for socket-utils.h changeKen Raeburn2005-04-281-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17205 dc483132-0cff-0310-8789-dd5450dbe970
* run "make depend"Ken Raeburn2004-12-301-229/+268
| | | | | | | | In most library directories, this just affects where the line breaks are. In most other directories, it's just dropping a trailing blank line. One or two files really do have updated dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16987 dc483132-0cff-0310-8789-dd5450dbe970
* * include/k5-int.h (struct _krb5int_access): Add function pointer fieldKen Raeburn2004-12-082-13/+21
| | | | | | | | | | | use_dns_kdc. * lib/krb5/os/accessor.c (krb5int_accessor): Set new field use_dns_kdc. * lib/krb4/RealmsConfig-glue.c (krb_get_krbhst): Check if DNS should be used for getting KDC names before actually using it. ticket: 2772 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16920 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2004-11-161-4/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16875 dc483132-0cff-0310-8789-dd5450dbe970
* zap remaining bits of macsock.h supportKen Raeburn2004-07-173-492/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16612 dc483132-0cff-0310-8789-dd5450dbe970
* Remove use of client principal from krb5_context (default_ccprincipal) and ↵Alexandra Ellwood2004-07-152-42/+11
| | | | | | | | default principal from v4 CCAPI glue code ticket: 2634 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16602 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-16 18:36:34 +0000