summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/ccache
Commit message (Collapse)AuthorAgeFilesLines
* Test in_ccache and pa_types functionalityNalin Dahyabhai2012-10-161-6/+6
| | | | | | | | | * Add a krb5int_build_conf_principals() function to allow our get/set code to directly prune out duplicate config entries. * Verify that when we specify a pa_type, it affects whether or not we will use a particular preauth plugin. * Verify that we correctly save the KDC's preauth type number, that we tried to answer, to the out_ccache.
* Do not retrieve zero-length credsBen Kaduk2012-09-111-2/+4
| | | | | | | | | | | In the MSLSA cache, if we get back a zero-length ticket, don't accept it as success; continue on to try and get an acceptable ticket. ticket: 7349 (new) subject: SapGUI sometimes crashes on new session with MSLSA cache target_version: 1.10.4 tags: pullup
* Support kdc_timesync offsets in memory ccacheNate Rosenblum2012-08-311-0/+22
| | | | | | | | | | | | | When using v4 file credentials caches, client clock skew offsets obtained when running with the kdc_timesync option set are persisted in the ccache. This allows the offsets to be used across separate contexts, e.g. when obtaining credentials using krb5 interfaces and subsequently importing those credentials for use in gssapi. This patch adds similar support for memory credentials caches. [ghudson@mit.edu: Minor style corrections.] ticket: 7346 (new)
* Improve error translation for CCAPIv3 routinesBen Kaduk2012-08-291-8/+9
| | | | | | | | | We can't mix the KRB5 and CC error constants; standardize on the CC ones and translate appropriately. ticket: 7339 (new) target_version: 1.10.4 tags: pullup
* Set fCachesTicket=TRUE when no credentialsKevin Wasserman2012-08-241-1/+2
| | | | | | | | | | | | It is not really clear this is correct, but neither was the previous behavior. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7255 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Do not be over-restrictive in the presence of UACKevin Wasserman2012-08-241-39/+4
| | | | | | | | | | | | | | | | | | We used to explicitly check if a process was UAC-limited and deny all access to the TGT in that case; however, this makes the MSLSA cache effectively useless. Do not try to outsmart UAC, and let it do its own checking -- this allows UAC-limited access to the MSLSA ccache, which should mean read-write access to service tickets, and write-only access to the TGT. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> [kaduk@mit.edu: delete instead of comment out, move comment.] ticket: 7254 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Remove unused struct and switch_to stubsKevin Wasserman2012-08-231-11/+1
| | | | | | | | | | | Only one mslsa ccache is supported, so switch_to is not needed. Likewise, struct krb5int_lcc_iterator is unneccesary. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7236 (new) target_version: 1.10.4 tags: pullup
* krb5_stdccv3_get_principal error handling fixupKevin Wasserman2012-07-161-1/+3
| | | | | | | | | Don't treat an error returned by krb5_parse_name as a cc-internal error. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7214 (new) tags: pullup
* fix leak in cc_mslsa.cKevin Wasserman2012-07-161-0/+2
| | | | | | | | cc_name needs to be freed in krb5_lcc_close(). Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7213
* Fix macro redefinition warnings in cc_mslsa.cKevin Wasserman2012-07-161-1/+2
| | | | | | | | Include ntstatus.h and define WIN32_NO_STATUS before including winnt.h Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7213
* Implement cccol iterators for mslsaKevin Wasserman2012-07-161-7/+61
| | | | | | | | | Also implement switch_to stub Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7213 (new) tags: pullup
* MSLSA Don't use lstrcpy on ANSI stringsKevin Wasserman2012-07-161-11/+3
| | | | | | | | | Also change parameter types to eliminate casts. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7212 (new) tags: pullup
* Build lib/krb5/ccache/ccapi on Windows onlyKevin Wasserman2012-07-161-0/+1
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7209
* Define USE_CCAPI_V3 in krb5/ccache on windowsKevin Wasserman2012-07-162-1/+1
| | | | | | | | | USE_CCAPI_V3 provides cccol iteration support for ccapi. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7209 (new) tags: pullup
* Implement switch_to for ccapiv3Kevin Wasserman2012-07-112-0/+27
| | | | | | | | | | | krb5_stdccv3_switch_to() calls cc_ccache_set_default(). krb5_stdccv3_resolve() checks for NULL or empty residual and calls cc_context_get_default_ccache_name() in those cases. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7198 (new) tags: pullup
* Automatically create DIR ccache directoriesGreg Hudson2012-07-112-2/+3
| | | | | | | | If the directory for a DIR ccache doesn't exist yet, try to create it (but not its parents) with mode 700. Exercise this in test scripts by not pre-creating directories. ticket: 7196 (new)
* Fix crash on invalid DIR ccache primary fileGreg Hudson2012-06-251-2/+2
| | | | | | | | | | If read_primary_file() fails with an error other than ENOENT, abort cache resolution rather than dereferencing a null pointer. Reported by Oliver Loch. ticket: 7185 target_version: 1.10.3 tags: pullup
* Fix config check in krb5_cccol_have_contentGreg Hudson2012-06-221-1/+1
| | | | | | | krb5_is_config_principal should be invoked on creds.server, not creds.client. ticket: 7173
* Remove orphaned KfM codeGreg Hudson2012-06-211-45/+1
|
* Add krb5_cccol_have_content APIGreg Hudson2012-06-153-2/+49
| | | | | | | Add a new API to determine whether any krb5 credentials are available in the ccache collection. Add tests to t_cccol.py. ticket: 7173 (new)
* Rename and add to etype utility functionsGreg Hudson2012-06-071-1/+1
| | | | | | | Rename krb5int_count_etypes and krb5int_copy_etypes to have k5_ prefixes, and make them available outside of libkrb5 (but not part of the public API). Add k5_etypes_contains to search an etype list, and use it in krb5_is_permitted_enctype.
* Flip the default of start_kadmind in k5test.pyGreg Hudson2012-04-261-1/+1
| | | | | | | Very few Python tests need kadmind, so it makes more sense to have to turn it on than to have to turn it off. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25825 dc483132-0cff-0310-8789-dd5450dbe970
* Use LsaDeregisterLogonProcess(), not CloseHandle()Sam Hartman2011-12-021-9/+9
| | | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7037 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25499 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_lcc_store() now ignores config credentialsSam Hartman2011-12-021-0/+9
| | | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7035 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25497 dc483132-0cff-0310-8789-dd5450dbe970
* Use POSIX constants instead of S_IREAD/S_IWRITEGreg Hudson2011-11-221-2/+2
| | | | | | | | S_IREAD and S_IWRITE are ancient names for S_IRUSR and S_IWUSR, and are not defined on some modern platforms (such as Android). Use the POSIX names instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25485 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of periods in Python test success messagesGreg Hudson2011-11-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25432 dc483132-0cff-0310-8789-dd5450dbe970
* Fix krb5_cc_set_configGreg Hudson2011-10-201-8/+6
| | | | | | | | | | | | | | | krb5_cc_set_config has been non-functional since r24753 on cache types which don't support removal of credential entries. Fix it by only calling krb5_cc_remove_cred if data is NULL, since krb5_cc_store_cred will do it anyway in the positive case. Also fix an old memory leak in an uncommon error case. ticket: 6987 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25384 dc483132-0cff-0310-8789-dd5450dbe970
* Make reindentTom Yu2011-10-171-1/+1
| | | | | | | Also fix pkinit_crypto_nss.c struct initializers and add parens to a ternary operator in do_as_req.c for better indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970
* Windows fixes: add KRB5_CALLCONV where neededSam Hartman2011-09-281-1/+1
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25269 dc483132-0cff-0310-8789-dd5450dbe970
* Fix some error-handling bugs in cc_dir.cGreg Hudson2011-09-071-4/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25168 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_cc_select() API and pluggable interfaceGreg Hudson2011-09-056-1/+558
| | | | | | | | | | | The interface has two built-in modules. The realm module guesses a cache based on the server realm if it is known. The k5identity module (Unix only) chooses a client principal based on rules in a .k5identity file in the user's homedir. ticket: 6957 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25158 dc483132-0cff-0310-8789-dd5450dbe970
* Add ccache collection support to toolsGreg Hudson2011-09-051-1/+1
| | | | | | | | | | | | | | | | * "kdestroy -A" destroys all caches in collection. * "kinit princ" searches the collection for a matching cache and overwrites it, or creates a new cache in the collection, if the type of the default cache is collection-enabled. The chosen cache also becomes the primary cache for the collection. * "klist -l" lists (in summary form) the caches in the collection. * "klist -A" lists the content of all of the caches in the collection. * "kswitch -c cache" (new command) makes cache the primary cache. * "kswitch -p princ" makes the cache for princ the primary cache. ticket: 6956 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25157 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unneeded cccol behaviorsGreg Hudson2011-09-055-499/+146
| | | | | | | | | | Do not yield any default caches in the top level cccol implementation. In the FILE type, yield the default cache if it exists and is of type FILE, instead of yielding the set of open file caches. ticket: 6955 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25156 dc483132-0cff-0310-8789-dd5450dbe970
* Add new cache collection APIsGreg Hudson2011-09-058-0/+107
| | | | | | | | | | | | | | | * krb5_cc_get_full_name retrieves the full type:name of a cache. * krb5_cc_switch makes a cache the primary cache. * krb5_cc_cache_match searches the collection for a client principal. * krb5_free_string releases a string (for the krb5_cc_get_full_name result). All of these are from Heimdal except for krb5_free_string (Heimdal uses krb5_xfree). ticket: 6954 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25155 dc483132-0cff-0310-8789-dd5450dbe970
* Add the DIR ccache typeGreg Hudson2011-09-056-27/+754
| | | | | | | | | | | | The DIR ccache type supports a collection of credential caches within a private directory (which must be created out of band). One cache is designated as primary at any given time. Setting the default cache name to DIR:dirname will cause caches within dirname to be present in the global cache collection. ticket: 6953 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25154 dc483132-0cff-0310-8789-dd5450dbe970
* Fix signed/unsigned warnings in testsEzra Peisach2011-08-241-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25113 dc483132-0cff-0310-8789-dd5450dbe970
* Don't destroy dst on error in krb5_cc_moveGreg Hudson2011-06-231-2/+0
| | | | | | | | Although destroying any partial contents of dst on error isn't a bad idea, invalidating the handle would be an incompatible change. So revert that part of r24754. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24988 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-101-3/+3
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_cc_move if something went wrong, free the dst credential cacheZhanna Tsitkov2011-03-291-2/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24754 dc483132-0cff-0310-8789-dd5450dbe970
* If the new configuration data that is passed to krb5_cc_set_config is NULL, ↵Zhanna Tsitkov2011-03-291-45/+51
| | | | | | | | just remove the old configuration. Moved short krb5_cc_set_config usage example from krb5.hin into the separate file. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24753 dc483132-0cff-0310-8789-dd5450dbe970
* Move doxygen comments from source to header. Updated comments and added some ↵Zhanna Tsitkov2011-03-181-42/+2
| | | | | | | | usage examples. Affected functions: krb5_cc_get_config, krb5_cc_set_config, krb5_is_config_principal git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24728 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-0919-89/+46
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-251-43/+36
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-282-2/+2
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-081-30/+37
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-071-49/+54
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Trace loggingGreg Hudson2010-06-072-0/+14
| | | | | | | | | | | | | | | | Add trace logging infrastructure code, enabled by the KRB5_TRACE environment variable or the API functions krb5_set_trace_callback() or krb5_set_trace_filename(). As a start, add tracing events for: * AS-REQ client code, including FAST and preauth * TGS-REQ client code * AP-REQ and AP-REP code (client and server) * sendto_kdc * Selected ccache operations * Selected keytab operations ticket: 6737 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24118 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_cc_set_config, don't call krb5_cc_remove_cred; it's redundantGreg Hudson2010-05-281-4/+0
| | | | | | with the krb5_cc_remove_cred call in krb5_cc_store_cred. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24110 dc483132-0cff-0310-8789-dd5450dbe970
* Negative enctypes improperly read from ccachesGreg Hudson2010-05-131-1/+2
| | | | | | | | | When reading enctypes from ccaches, we need to sign-extend the 16-bit value we read in order to properly read negative enctypes. ticket: 6723 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24021 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_cc_dup() to make it possible to copy ccache handlesGreg Hudson2010-04-081-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23874 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 06:43:58 +0000