| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self
and S4U2Proxy extensions.
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22275 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
The asn1_decode_generaltime() function can free an uninitialized
pointer if asn1buf_remove_charstring() fails.
ticket: 6445
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22176 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
asn1buf_imbed() can perform pointer arithmetic that causes the "bound"
pointer of the subbuffer to be less than the "next" pointer. This can
lead to malloc() failure or crash.
In asn1buf_imbed(), check the length before doing arithmetic to set
subbuf->bound. In asn1buf_remove_octetstring() and
asn1buf_remove_charstring(), check for invalid buffer pointers before
executing an unsigned length check against a (casted to size_t)
negative number.
ticket: 6444
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22175 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 6436
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22167 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 6436
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22153 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge fast branch at 22146 onto trunk
Implement the kerberos pre-authentication framework FAST feature per
Projects/FAST on the wiki.
ticket: 6436
Target_Version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22149 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
In asn1_k_decode.c, check the return value of
end_sequence_of_no_tagvars_helper.
ticket: 6427
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22107 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
decoder functions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22004 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21983 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
values well-defined on error. Clean up memory handling and an unused
variable in asn1_do_full_encode.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21981 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
parameters to NULL and not set them to the real values until a
successful return is guaranteed. Also fix get_eoc which was returning
without clean_return.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21940 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
krb5_encode.c functions, make *code well-defined in case of error,
and clean up some memory leaks.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21928 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
It belongs to the caller.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21927 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
unicode, windows code
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
before assigning a value to it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21805 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21779 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21778 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21774 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move automatically-generated dependencies into separate files in the
source tree, and take the data out of Makefile.in.
Keep the "make depend" rules for stripping out the dependencies from
Makefile.in, in case some optional directories were missed, but
everything that builds on my UNIX build has been converted.
(Converting a directory just requires creating an empty "deps" file so
that config.status can build the makefile, and then later running
"make depend" in that directory to get the correct content for it.)
Change configure scripts to incorporate the "deps" file when building
each Makefile. This change requires the existence of a file "deps" in
each source directory where we build a makefile, even if there are no
sources for which to compute dependencies; a switch to GNU make would
let us conditionalize that, but we can assess that later.
Update dependencies for the generate Makefile itself to list the deps
file.
This will also require some minor tweaking of the Windows build, to
make it incorporate the new deps file.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21293 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
decode_krb5_authenticator,
krb5_auth_con_getauthenticator,
krb5_copy_authenticator,
krb5_ser_authenticator_init
Take them out for the Lite CLient.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21129 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Rebuild dependencies for k5-buf.h, and without krb4 support.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20964 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20960 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
asn1buf_size, asn1buf_ensure_space, and asn1buf_expand static in
asn1buf.c, for better optimization.
Recode asn1buf_ensure_space to directly return the result of asn1buf_expand.
Don't check for NULL before malloc/realloc in asn1buf_expand.
Fix a couple minor signedness warnings.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20957 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of a pile of macros generating code, that have to be threaded
together in just the right way to get a valid ASN.1 encoding, we now
have a pile of macros for defining data structures describing the
objects and the ASN.1 types they should be encoded as, which
structures are interpreted by recursive invocations of an encoder
engine; there should be somewhat less rope for accidentally creating
invalid encodings. The new macros are commented in asn1_k_encode.c.
Putting most of the work into the encoder engine also reduces the code
size (in one configuration, including LDAP-KDB and PKINIT encoders,
code size went from 37K to <16K, though 10K of tables were added, and
the PKINIT encoders are still open-coded).
Some encoder interfaces have been revised to be more regular -- all
now take one pointer to const argument (no two-input encoders, no
pointer-to-non-const-pointer-to-const). A few encoders were
eliminated or disabled because they were neither used nor exported
from the library.
The LDAP-KDB encoder has been converted, but the PKINIT encoders have
not as there are no regression tests for them currently.
There is still plenty of room for improvement; some notes on specific
ideas have been added.
String encoding primitives have been combined to reduce code size. A
primitive for encoding bit strings has been added.
Some miscellaneous warnings in the decoders have been cleaned up.
A new dejagnu test case is added that ensures that KRB-SAFE messages
get exercised.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20923 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
ticket: 6200
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20898 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20829 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20711 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
semicolon, caused by use of macros that expand to compound statements.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20708 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
style: indentation levels, spacing around if/else/for/while and
braces. Still plenty of inconsistency with current coding standards,
especially for when line breaks are to be used. Didn't touch
multi-line macro definitions, or .h function declarations.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20707 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add several new gcc warning flags, used in the KfM build process.
Put declarations before code.
Fix a bunch of signed/unsigned type mixes, mostly by changing variable
types to unsigned int.
Fix constness in handling name of default ccache name.
Make sure functions get declared with prototypes:
krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt
krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get.
Don't shadow global names: stat accept index open encrypt. Fix
variable shadowing in LDAP ASN.1 support.
Don't define unused krb5int_local_addresses.
Don't export internal krb5_change_set_password.
Fix error return indications from gssint_oid_to_mech.
Create and use k5-gmt_mktime.h to provide one global declaration of
krb5int_gmt_mktime, needed before we've generated krb5.h on some
platforms.
Not incorporated from initial patch: const changes in function
signatures.
ticket: 6096
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
missed last time.
ticket: 6076
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20675 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
ENABLE_LDAP is not defined, don't build the LDAP KDB ASN.1 encoding
and decoding functions, and use null pointers for them in the accessor
function table.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20659 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If --disable-pkinit is given at configure time, don't build the PKINIT
plugin.
If the PKINIT plugin is not going to be built, define DISABLE_PKINIT.
If DISABLE_PKINIT is defined, don't build the PKINIT-related ASN.1
encoding and decoding routines, and fill their slots in the accessor
function table with null pointers.
Tweak the accessor table initialization to use conditionally-varying
macros rather than conditionally selecting between two blocks of
invocations of fixed macros.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20652 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
end_sequence_of_no_tagvars and only as unnecessary temporaries, so get
rid of them; also, push most of the work of the latter macro into a
helper function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20632 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
the variables that it's about to clobber. Since we don't need any of
the tag info at the call site, push it down into the helper function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20631 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20629 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20628 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
error code selection into error path.
Don't expand asn1buf_insert_octet inline or define asn1buf_ensure_space
macro if CONFIG_SMALL.
Remove some null-before-free checks.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20626 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
separate function. Add some range checks, and don't bother separating
malloc vs realloc depending on previous pointer value.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20302 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
behaves correctly and isn't acting on uninitialized variables.
ticket: 5704
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19935 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
choice_pa_pk_as_rep_draft9_UNKNOWN to cleanup warning... Value of enum
same in both cases...
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19880 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pull up PKINIT support onto the trunk.
Changes from the version in branch users/coffman/pkinit are:
- Update the preauth plugin interface version to avoid
conflict with any existing plugins.
- Add a pkcs11.h locally to the pkinit code rather than
depending on opensc being installed.
ticket: new
Target_Version: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19745 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Bug report and patch from Nalin Dahyabhai.
ticket: 5545
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19733 dc483132-0cff-0310-8789-dd5450dbe970
|