summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/ccache
Commit message (Collapse)AuthorAgeFilesLines
...
* * cc_mslsa.c: Implement krb5_lcc_initialize()Jeffrey Altman2004-09-102-6/+35
| | | | | | | | | Remove all tickets from the cache which have a client principal that matches the input principal. ticket: 2705 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16737 dc483132-0cff-0310-8789-dd5450dbe970
* cc_mslsa.c: Correct test for KerbQueryTicketCacheEx2MessageJeffrey Altman2004-09-102-3/+6
| | | | | | ticket: 2705 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16736 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-09-10 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-09-102-8/+374
| | | | | | | | | | | | | | * cc_mslsa.c: The following functionality is being committed but commented out because it is not presently available in public Microsoft SDKs - support for KerbSubmitTicket which allows a KERB_CRED message to be forwarded to the LSA. (KERB_SUBMIT_TICKET) - support for the KerbQueryTicketCacheEx2Message which adds the Session Key Enctype to the contents of the response from KerbQueryTicketCacheExMessage. (HAVE_CACHE_INFO_EX2) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16735 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c:Jeffrey Altman2004-09-022-23/+246
| | | | | | | | | | | | | | | | | | | | | | | | | | - Fix MITPrincToMSPrinc to prevent writing to the output buffer if the input won't fit. - Add internal UnicodeStringToMITPrinc function - Rename internal MSPrincToMITPrinc to ExternalNameToMITPrinc - Rename internal PurgeMSTGT to PurgeAllTickets - Add internal PurgeTicket2000 - Add internal PurgeTicketXP - Since tickets can only be requested via KDC Opt Flags it is not possible to specifically request the Initial ticket. If more than one ticket exists which matching service names, enctypes, and ticket flags the initial ticket flag may not be set. If the caller requested the initial ticket, set the flag manually. - Add preliminary support for krb5_lcc_set_flags - Modify krb5_lcc_initialize to return success - Modify krb5_lcc_get_principal to support an LSA cache which does not contain a TGT when krb5_lcc_resolve is called. - Implement krb5_lcc_remove_cred ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16714 dc483132-0cff-0310-8789-dd5450dbe970
* Finally applied patch from Nalin Dahyabhai at Red Hat to fix 0/NULL bugs inKen Raeburn2004-08-272-2/+8
| | | | | | | | | variadic argument lists to krb5_build_principal{,_ext}. Skipped the stylistic patches that removed casts of NULL. tag: 1850 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16693 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c (struct _krb5_fcc_data): Add new mutex disk_file_lock and flagKen Raeburn2004-08-162-11/+70
| | | | | | | | | | | | | | file_is_locked. (krb5_fcc_close_file): Unlock the mutex and clear the flag. (krb5_fcc_open_file): Acquire the mutex before locking the file, and set the flag after. (krb5_fcc_resolve): Initialize the new mutex and flag. (krb5_fcc_generate_new): Initialize both mutexes and the flag. (dereference): Destroy the new mutex. Also, get rid of some unused variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16667 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c: Add buffering on reading.Ken Raeburn2004-08-152-12/+101
| | | | | | | | | | | | | | | (FCC_BUFSIZ): New macro. (struct _krb5_fcc_data): Add new fields buf, valid_bytes, cur_offset. (krb5_fcc_resolve, krb5_fcc_generate_new): Initialize valid_bytes. (invalidate_cache): New function. (krb5_fcc_write, krb5_fcc_open_file, krb5_fcc_destroy): Call invalidate_cache. (fcc_lseek): New function. (krb5_fcc_skip_header, krb5_fcc_destroy, krb5_fcc_start_seq_get, krb5_fcc_next_cred, krb5_fcc_store): Use fcc_lseek instead of lseek. (fcc_read): Use and maybe refill the buffer. (dereference): Zap the contents of the buffer before freeing it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16666 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c (dereference): Lock mutex around call to krb5_fcc_close_fileKen Raeburn2004-08-152-1/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16664 dc483132-0cff-0310-8789-dd5450dbe970
* Only open a credential cache file once, even if multiple krb5_ccache objectsKen Raeburn2004-08-134-77/+172
| | | | | | | | | | | | | | | | | | | | | | | | | refer to it. (This does NOT yet take care of the problem of multiple threads wanting to use OS-level advisory locks, which at least on UNIX are per-process and not per-thread.) * cc_file.c (krb5_fcc_close_file): Change first argument to be an fcc-data pointer, not a krb5_ccache. All calls changed. (struct fcc_set): Add a refcount member. (Definition accidentally introduced without comment in an earlier patch.) (krb5int_cc_file_mutex, fccs): New variables, for managing a global list of open credential cache files. (dereference): New function, with most of old close/destroy operations. Decrements reference count and only frees the object and removes it from the global list if the refcount hits zero. (krb5_fcc_close, krb5_fcc_destroy): Call dereference. (krb5_fcc_resolve): If a file cache is already open with the same file name, increment its reference count and don't create a new one. When a new one is created, add it to the global list. * cc-int.h (krb5int_cc_file_mutex): Declare. * ccbase.c (krb5int_cc_initialize): Initialize it. (krb5int_cc_finalize): Destroy it, and krb5int_mcc_mutex. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16662 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c: Remove USE_STDIO supportKen Raeburn2004-08-052-317/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16643 dc483132-0cff-0310-8789-dd5450dbe970
* cc_mslsa.c: fix is_windows_xp not to return true for windows 2000Jeffrey Altman2004-07-262-1/+6
| | | | | | | ticket: 2645 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16624 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_memory.c (krb5_mcc_store): When allocating krb5_mcc_linkEzra Peisach2004-07-182-1/+6
| | | | | | memory - allocate sizeof() - not sizeof(sizeof()). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16613 dc483132-0cff-0310-8789-dd5450dbe970
* zap remaining bits of macsock.h supportKen Raeburn2004-07-172-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16612 dc483132-0cff-0310-8789-dd5450dbe970
* Remove use of client principal from krb5_context (default_ccprincipal) and ↵Alexandra Ellwood2004-07-152-66/+33
| | | | | | | | default principal from v4 CCAPI glue code ticket: 2634 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16602 dc483132-0cff-0310-8789-dd5450dbe970
* * t_cc.c (cc_test): Rename one of the "resolve" cases so the messages can beKen Raeburn2004-07-142-1/+6
| | | | | | distinguished. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16596 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: Fix thread safetyJeffrey Altman2004-07-082-3/+14
| | | | | | ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16562 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-07-07 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-07-072-0/+6
| | | | | | | | * cc_mslsa.c: When obtaining a TGT from the MSLSA, do not ignore the cache when the requested enctype is the NULL enctype. This means to accept any enctype. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16554 dc483132-0cff-0310-8789-dd5450dbe970
* Thread-safety for file-based credentials cachesKen Raeburn2004-06-302-74/+195
| | | | | | | | | | | | | | | | | | * cc_file.c (krb5_fcc_data): Added a mutex. (krb5_fcc_read*, krb5_fcc_write, krb5_fcc_store_*, krb5_fcc_open_file, krb5_fcc_skip_header, krb5_fcc_skip_principal): Verify that the mutex is locked. (MAYBE_OPEN): Verify that the mutex is locked; unlock it if returning an error. (krb5_fcc_initialize, krb5_fcc_start_seq_get, krb5_fcc_get_principal, krb5_fcc_store, krb5_fcc_set_flags): Lock and unlock the mutex. (krb5_fcc_close): Likewise. Destroy the mutex when done. (krb5_fcc_destroy): Merge stdio and non-stdio versions a little more. Destroy the mutex when done. (krb5_fcc_resolve): Initialize and lock the mutex. (krb5_fcc_next_cred): Lock and unlock the mutex. Merge the stdio and non-stdio branches a little more. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16534 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c:Jeffrey Altman2004-06-302-63/+358
| | | | | | | | | | | | | | | | | | | | | | | | - is_windows_2000() indicates the OS is Windows 2000 or higher - is_windows_xp() indicates the OS is Windows XP or higher which indicates that PKERB_QUERY_TKT_CACHE_EX_RESPONSE and PKERB_TICKET_CACHE_INFO_EX are available. - does_retrieve_ticket_cache_ticket() checks to see if a Microsoft private fix is available which adds a new Cache Flag, KERB_RETRIEVE_TICKET_CACHE_TICKET, which when set causes the requested ticket to be stored in the LSA cache even when the TicketFlags and EncType are not set to 0. - KerbExternalTicketMatch() is a test to determine if two Microsoft External Tickets are identical + use the KerbQueryTicketCacheExMessage LSA call on XP or higher + specify the KERB_RETRIEVE_TICKET_CACHE_TICKET flag when it is available = The combination of both + items will cause the ClientRealm to be displayed properly for all cross realm tickets obtained via the MSLSA ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16528 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_memory.c (krb5_mcc_free): Don't free the mutex hereKen Raeburn2004-06-292-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16527 dc483132-0cff-0310-8789-dd5450dbe970
* Missed some log data with last checkin:Ken Raeburn2004-06-281-0/+5
| | | | | | | | | | * cc_memory.c (struct _krb5_mcc_data): Delete 'next' pointer. Add a mutex. (krb5_mcc_*): Lock and unlock the mutex as appropriate. (struct krb5_mcc_list_node): New type, separates the linked-list container from the data for individual nodes. (mcc_head): Now points to krb5_mcc_list_node. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16525 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_memory.c: Include k5-thread.h.Ken Raeburn2004-06-284-173/+231
| | | | | | | | | | | (krb5int_mcc_mutex): New lock. (krb5_mcc_store): Rewrite. (NEED_WINDOWS): Don't define. (krb5_mcc_*): All functions now static. * cc-int.h (krb5int_mcc_mutex): Declare. * ccbase.c (krb5int_cc_initialize): Initialize it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16524 dc483132-0cff-0310-8789-dd5450dbe970
* update copyright, fix comment typoKen Raeburn2004-06-241-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16514 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c (krb5_fcc_read_data): Combine stdio and posix versions of code withKen Raeburn2004-06-242-32/+24
| | | | | | | | | | | gratuitous minor differences. (krb5_fcc_read_int32, krb5_fcc_next_cred): Likewise. (krb5_fcc_read_addr): Likewise. Check that filled-in length field matches the value we tried to store (i.e., that type conversion didn't throw away information). (krb5_fcc_read_authdatum): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16513 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c (my_fopen): Function deleted.Ken Raeburn2004-06-222-9/+3
| | | | | | (krb5_fcc_open_file): Use fopen, not my_fopen. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16507 dc483132-0cff-0310-8789-dd5450dbe970
* Delete preprocessor tests for macintosh, __MWERKS__, applec, and THINK_C, allKen Raeburn2004-06-224-58/+8
| | | | | | | part of the pre-Mac OS X support. (Except the bits in the Yarrow code, where it was part of the upstream source.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16506 dc483132-0cff-0310-8789-dd5450dbe970
* cc_mslsa.c: Comment out calls to FormatMessage and do not terminateJeffrey Altman2004-06-222-0/+17
| | | | | | | | | | | | the program on a failure to generate a message. The existing code fails on non-English systems. We do not need this code in a library unless we are logging to the Event Log which is currently not done. Ignore this for the time being until such time as we decide Event Log entries are important to us. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16503 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: Enforce acceptable enctypes by checking againstJeffrey Altman2004-06-192-56/+121
| | | | | | | | | | | | | | the default_tgs_enctypes list instead of the permitted_enctypes list; only enforce the desired enctype when retrieving tickets to deliver to an application. do not enforce when attempting to determine the current principal name. this is important because specifying an enctype results in a TGS_REQ being sent to the KDC; close memory leak of krb5_cred objects in krb5_lcc_retrieve(). ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16500 dc483132-0cff-0310-8789-dd5450dbe970
* Purge make targets and variables (and a few files) relating to the old,Ken Raeburn2004-06-172-2/+4
| | | | | | unmaintained Mac OS 9 (and earlier) support. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16473 dc483132-0cff-0310-8789-dd5450dbe970
* Add prototypes for library init and fini functions. Makefile dependenciesEzra Peisach2004-05-284-1/+16
| | | | | | updated. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16371 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: GetMSTGT(). Add krb5_contextJeffrey Altman2004-05-262-32/+26
| | | | | | | | | | | parameter to allow krb5_get_permitted_enctype() to be called instead of using a hardcoded list of enctypes which may change in the future. krb5_lcc_get_name(): fix return value if Kerberos is not supported. ticket: 2574 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16364 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: GetMSTGT() Initialize pTicketRequest to NULL to preventJeffrey Altman2004-05-262-1/+6
| | | | | | | | inadvertant deallocation. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16363 dc483132-0cff-0310-8789-dd5450dbe970
* * t_cc.c (cc_test): Clean up memory leaks in testsEzra Peisach2004-05-242-0/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16355 dc483132-0cff-0310-8789-dd5450dbe970
* The memory allocated by ConstructTicketRequest is not LSA memoryJeffrey Altman2004-05-152-2/+3
| | | | | | | | and must be freed with LocalFree(). ticket: 2561 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16339 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-05-15 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-05-152-13/+20
| | | | | | | | | | | * cc_mslsa.c: Do not use the FAILED() macro to test the result of ConstructTicketRequest(). ConstructTicketRequest() returns positive errors and FAILED() only considers negative values to be a failure condition. Also, close potential memory leak of LSA allocated memory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16338 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2004-04-241-30/+36
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16273 dc483132-0cff-0310-8789-dd5450dbe970
* Added support for library initialization and finalization, and verificationKen Raeburn2004-04-242-1/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | that the initializer completed successfully. Delay initialization on POSIX until the first "verification" call. Currently specific to a few platforms, but should still build on others without thread support enabled. Use it to finish creating (if necessary) and destroy mutexes, and free some other storage "permanently" allocated by libraries (currently, libkrb5 cache/keytab type registries only). Change initialization of static mutexes to a two-step operation, a static "partial" initializer and a "finish_init" routine called from a thread-safe environment like library initialization is assumed to be. POSIX will use the former, Windows will use the latter, and the debug support will check that *both* have been used. Added init/fini functions to com_err, profile, krb5, and gssapi libraries. (The profile library one may need to be removed later.) The existing ones, not thread-safe, are still around. Use weak symbol support if available to figure out if the pthread library has been linked in, and avoid calling certain routines if the C library stubs are known not to exist or work. Stub declarations for thread-specific data. Minor bugfixes, whitespace changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16268 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2004-04-231-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16261 dc483132-0cff-0310-8789-dd5450dbe970
* Since we must reserve the single letter prefixes on all platformsJeffrey Altman2004-04-132-4/+6
| | | | | | | | anyway, make the mapping apply on all platforms ticket: 2531 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16247 dc483132-0cff-0310-8789-dd5450dbe970
* Treat keytab and ccache names without prefixes as type FILE:Jeffrey Altman2004-04-132-6/+27
| | | | | | | | | | on Windows if there is a drive letter found at the beginning of the name. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16246 dc483132-0cff-0310-8789-dd5450dbe970
* * ccbase.c: the krb5_cc_resolve() function pointer ccresolverJeffrey Altman2004-04-132-3/+11
| | | | | | | | must be of type KRB5_CALLCONV ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16245 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c:Jeffrey Altman2004-04-062-0/+20
| | | | | | | | | | | | | | | | In at least one case on Win2003 it appears that it is possible for the logon session to be authenticated via NTLM and yet for there to be Kerberos credentials obtained by the LSA on behalf of the logged in user. Therefore, we are removing the test for IsKerberosLogon() within krb5_lcc_resolve() which was meant to avoid the need to perform GetMSTGT() when there was no possibility of credentials being found. ticket: new tags: pullup target_version: next git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16235 dc483132-0cff-0310-8789-dd5450dbe970
* Delay load the ADVAPI32.DLL and SECUR32.DLL libraries within KRB5_32.DLLJeffrey Altman2004-03-312-8/+97
| | | | | | | | | | | | | Then modify the MSLSA implementation to ensure that none of the APIs loaded from those DLLs are executed on Windows platforms prior to Windows 2000. This ensures that the DLLs will never be loaded enabling KRB5_32.DLL to continue to be used on Windows 9x. ticket: new target_version: 1.3.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16217 dc483132-0cff-0310-8789-dd5450dbe970
* Remove t_file.c as it is mostly redundant, does not build and cannotSam Hartman2004-03-264-229/+7
| | | | | | | | be made to build because functions it depends on are now static. Remove duplication between cc_file.c and fcc.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16215 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_fcc_generate_new should use mkstempSam Hartman2004-03-262-2/+12
| | | | | | | | | Change krb5_fcc_generate_new to use mkstemp rather than mktemp. Ticket: new Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16214 dc483132-0cff-0310-8789-dd5450dbe970
* Return ERROR_FCC_NOFILE when the principal cannot be determined duringJeffrey Altman2004-03-192-0/+8
| | | | | | | | calls to krb5_lcc_resolve() ticket: 2430 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16186 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c:Jeffrey Altman2004-03-194-2/+53
| | | | | | | | | | | | | | | Add missing return statements in krb5_lcc_start_seq_get() * cc-int.h: New file - Add prototypes for cc internal functions * cc_retr.c - include cc-int.h ticket: new target_version: 1.3.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16185 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2004-03-061-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16154 dc483132-0cff-0310-8789-dd5450dbe970
* For keytab, ccache, and rcache type registries, use const more, andKen Raeburn2004-03-062-9/+38
| | | | | | use a mutex to protect manipulation of the lists. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16153 dc483132-0cff-0310-8789-dd5450dbe970
* Remove reference to the ntstatus.h header in cc_mslsa.cJeffrey Altman2004-02-042-1/+6
| | | | | | | | | | | This header is not present in the August 2001 Platform SDK which is the current minimum SDK version. ticket: new tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16020 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 14:44:05 +0000