summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/keytab
Commit message (Collapse)AuthorAgeFilesLines
* Add krb5_kt_client_default APIGreg Hudson2012-07-021-0/+14
| | | | | | | | | | | | | | | | The default client keytab is intended to be used to automatically acquire initial credentials for client applications. The current hardcoded default is a placeholder, and will likely change before 1.11. Add test framework settings to ensure that a system default client keytab doesn't interfere with tests, and to allow tests to be written to deliberately use the default client keytab. Add documentation about keytabs to the concepts section of the RST docs, and describe the default client keytab there. ticket: 7188 (new)
* Improve error message from krb5_kt_have_contentGreg Hudson2012-06-031-2/+10
|
* Add krb5_kt_have_content APIGreg Hudson2012-06-022-0/+29
| | | | | | | | | | | | | Add the krb5_kt_have_content API from Heimdal, which can be used to test whether a keytab exists and contains entries. Add tests to t_keytab.c. There is a deviation from Heimdal in the function signature. Heimdal's signature returns a krb5_boolean at the moment, because the Heimdal implementation actually returns a krb5_error_code. These are generally the same type anyway (int). ticket: 7158 (new)
* Tighten up error checking in t_keytab.cGreg Hudson2012-06-021-29/+16
| | | | | | | When checking for specific error codes, using CHECK() meant that we wouldn't properly fail if we got error code 0. Define and use a CHECK_ERR() to test for a specific error code, and define CHECK() in terms of it.
* Mark up strings for translationGreg Hudson2011-06-101-5/+8
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Correctly recognize non-iterable keytabs in k5_kt_get_principal()Greg Hudson2011-04-081-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24860 dc483132-0cff-0310-8789-dd5450dbe970
* Add k5_kt_get_principal, an internal krb5 interface to try to get aGreg Hudson2011-04-081-0/+32
| | | | | | | | principal name from a keytab. Used currently by vfy_increds.c (in place of its static helper); will also be used when querying the name of the default gss-krb5 acceptor cred. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24859 dc483132-0cff-0310-8789-dd5450dbe970
* Static function names should not have krb5_ prefixZhanna Tsitkov2011-03-291-12/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24751 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-0912-108/+81
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-251-40/+33
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-281-1/+1
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* Fix Windows buildGreg Hudson2010-11-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Repair the Windows build. Tested with the prepare-on-Unix method. Some specific changes include: * Removed the IPC finalizer (no longer used after r20787) from ccapi/lib/ccapi_ipc.c, as it was creating a difficult dependency chain for the pingtest build in ccapi/test. Also updated pingtest to use the k5_ipc_stream interfaces since cci_stream is gone. * Reverted the apparently non-functional r20277. * klist -V prints just "Kerberos for Windows", since it has no access to PACKAGE_NAME and PACKAGE_VERSION from autoconf. This should be addressed correctly. * krb5, telnet, gssftp, and NIM are removed from the build. * Some files had CRLFs; these were replaced with LFs and the svn:eol-style property set on the files. Otherwise the CRLFs became CRCRLFs after the zip transfer. * Windows does not have opendir/readdir, so added Windows code to prof_parse.c for includedir. Probable fodder for a libkrb5support portability shim. ticket: 6826 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24533 dc483132-0cff-0310-8789-dd5450dbe970
* FILE keytabs have been able to handle write operations since krb5 1.7,Greg Hudson2010-10-261-31/+12
| | | | | | | | | | as an apparently unintended side effect of r20594. Clean up the code by combining the identical resolve functions for FILE and WRFILE, and removing the code to set up a WRFILE default keytab name in kadmin.c. Also fixes a slight display bug; k5test.py needs to be adjusted to expect the correct output. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24487 dc483132-0cff-0310-8789-dd5450dbe970
* When returning KRB5_KT_NOTFOUND from krb5_ktfile_get_entry, set anGreg Hudson2010-10-111-1/+8
| | | | | | extended error message indicating which principal was not found. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24448 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-081-26/+33
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-071-44/+48
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Trace loggingGreg Hudson2010-06-071-0/+1
| | | | | | | | | | | | | | | | Add trace logging infrastructure code, enabled by the KRB5_TRACE environment variable or the API functions krb5_set_trace_callback() or krb5_set_trace_filename(). As a start, add tracing events for: * AS-REQ client code, including FAST and preauth * TGS-REQ client code * AP-REQ and AP-REP code (client and server) * sendto_kdc * Selected ccache operations * Selected keytab operations ticket: 6737 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24118 dc483132-0cff-0310-8789-dd5450dbe970
* Negative enctypes improperly read from keytabsGreg Hudson2010-05-131-3/+2
| | | | | | | | | | When reading enctypes from keytabs, we need to ntohs() the 16-bit value we read in before sign-extending it to a 32-bit value in the keyblock, or we run the risk of extending the wrong sign. ticket: 6720 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24016 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-222-83/+81
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* In lib/krb5/keytab, ensure that function definition headers haveGreg Hudson2009-11-104-206/+139
| | | | | | | function names at the beginning of lines, and avoid putting open parentheses at the beginning of lines in function prototypes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23148 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-3112-1558/+1560
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Move destest to builtin/des, because it depends on overriding someTom Yu2009-10-101-33/+40
| | | | | | | | internals. Make depend. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
* Re-run make depend without autoconf.h in the source treeGreg Hudson2009-09-161-71/+64
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj.: Move prf and random-to-key ops from backend to krbZhanna Tsitkov2009-09-161-64/+71
| | | | | | bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_ktfileint_write_entry, add a no-op fseek in between readingGreg Hudson2009-05-231-0/+3
| | | | | | | | EOF and writing the placeholder length field. Otherwise we can run into an apparent bug in the Solaris 10 stdio library which causes the next no-op fseek after the fwrite to fail with EINVAL. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22367 dc483132-0cff-0310-8789-dd5450dbe970
* Check return value of ftell() in krb5_ktfileint_find_slotGreg Hudson2009-05-011-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22301 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_kt_resolve, ensure that the output parameter is set to NULL onGreg Hudson2009-04-301-5/+9
| | | | | | failure even if the underlying resolver doesn't do that properly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22297 dc483132-0cff-0310-8789-dd5450dbe970
* In ktfile_common_resolve, set the output pointer to NULL on error, andGreg Hudson2009-04-301-25/+29
| | | | | | | use a cleanup label instead of freeing the same resources in multiple error handling blocks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22296 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak by reorganizing krb5_ktf_keytab_internalize to useGreg Hudson2009-04-301-80/+70
| | | | | | | | | the recommended exception-handling flow control. Eliminate the check for ktdata being null after resolution because that's not possible. Add a check for the resolved keytab being of a different type, since that would result in data structure corruption. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22295 dc483132-0cff-0310-8789-dd5450dbe970
* Fix an unchecked use of fwrite in krb5_ktfileint_delete_entryGreg Hudson2009-04-271-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22282 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify and shorten krb5_ktfileint_find_slot, and properly handle theGreg Hudson2009-04-241-99/+40
| | | | | | | | commit_point output parameter. ticket: 6475 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22279 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_ktfileint_find_slot, don't continue the loop when we find aGreg Hudson2009-04-241-0/+1
| | | | | | | | | | | | final zero-length buffer. This is a minimal fix intended to be pulled up to the 1.7 branch; a code cleanup commit will follow. ticket: 6475 status: open tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22278 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_mkt_resolve error handling workGreg Hudson2009-04-131-69/+77
| | | | | | | | | | | | Very little is likely to go wrong inside krb5_mkt_resolve (it just allocates memory and plays with mutexes), but if anything did, the handling was almost always wrong. Reorganize the function to handle errors properly, using a helper create_list_node function to simplify the task. ticket: 6454 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22198 dc483132-0cff-0310-8789-dd5450dbe970
* More dead code elimination. When asprintf was used the varaible namelen wasEzra Peisach2009-04-121-5/+0
| | | | | | | | | no longer necessary. ticket: 6453 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22196 dc483132-0cff-0310-8789-dd5450dbe970
* Check the return value of fseek in two places in kt_file.cGreg Hudson2009-02-231-2/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22047 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_ktfileint_find_slot, check for an error return from ftell.Greg Hudson2009-02-051-0/+3
| | | | | | | (Such an error will never happen in any reasonable stdio implementation but it's more correct to check.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21892 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in krb5_kt_resolve when we fail to lockGreg Hudson2009-02-051-6/+9
| | | | | | | | | | kt_typehead_lock. ticket: 6367 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21890 dc483132-0cff-0310-8789-dd5450dbe970
* Remove xfread/xfwrite macros. Casting the first argument to char * isGreg Hudson2009-02-041-36/+33
| | | | | | | | unnecessary (fread's first argument is void *, which does not require a cast) and confuses Coverity's UNINIT checker; casting the third argument to unsigned is not necessary for our current set of warnings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21883 dc483132-0cff-0310-8789-dd5450dbe970
* Start to phase out krb5_xfree macro, which just casts its argument toKen Raeburn2009-01-284-52/+52
| | | | | | | | | | | char* and calls free. Replace most uses, outside of the LDAP KDB plugin, which doesn't build on my test system of the moment because of version dependencies. Add one explicit cast to make the change warning-neutral (under gcc 4.0.1 on Mac OS X 10.5.6). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21812 dc483132-0cff-0310-8789-dd5450dbe970
* move generated dependencies out of Makefile.inKen Raeburn2009-01-052-115/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Move automatically-generated dependencies into separate files in the source tree, and take the data out of Makefile.in. Keep the "make depend" rules for stripping out the dependencies from Makefile.in, in case some optional directories were missed, but everything that builds on my UNIX build has been converted. (Converting a directory just requires creating an empty "deps" file so that config.status can build the makefile, and then later running "make depend" in that directory to get the correct content for it.) Change configure scripts to incorporate the "deps" file when building each Makefile. This change requires the existence of a file "deps" in each source directory where we build a makefile, even if there are no sources for which to compute dependencies; a switch to GNU make would let us conditionalize that, but we can assess that later. Update dependencies for the generate Makefile itself to list the deps file. This will also require some minor tweaking of the Windows build, to make it incorporate the new deps file. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
* Don't build dependencies for v4rcp.c.Ken Raeburn2008-11-041-64/+68
| | | | | | Rebuild dependencies for k5-buf.h, and without krb4 support. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20964 dc483132-0cff-0310-8789-dd5450dbe970
* Use snprintf instead of strcpy/strcat in many placesGreg Hudson2008-10-233-39/+12
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20912 dc483132-0cff-0310-8789-dd5450dbe970
* Use strdup in place of malloc/strcpy in many placesGreg Hudson2008-10-203-7/+3
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20898 dc483132-0cff-0310-8789-dd5450dbe970
* handle stash file names with missing keytab type spec and colon in pathKen Raeburn2008-10-151-0/+5
| | | | | | | | | | | | | | | | | | | | Currently the keytab name resolution code will pass off any name with no colon to the default keytab type handler, which is the FILE handler. It will also check for Windows file names consisting of one letter followed by a colon, and treat them as FILE specs also. If a UNIX pathname contains a colon, however, and no type was explicitly specified, the leading part of the pathname gets treated as a type name and fails to match anything. It should instead treat type-less names starting with "/" as FILE specs also. Tweak the test suite to use such a name. Report and patch from Apple. rdar://problem/6179239 ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20872 dc483132-0cff-0310-8789-dd5450dbe970
* makedependKen Raeburn2008-09-181-58/+65
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
* lean client changesZhanna Tsitkov2008-08-2010-10/+44
| | | | | | | | | All changes are under LEAN_CLIENT macro. Application server functionality is disabled. Ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20680 dc483132-0cff-0310-8789-dd5450dbe970
* a stash file is not a keytabWill Fiveash2008-08-153-6/+0
| | | | | | | | | Note, this is the commit for the associated Krb Consortium project: Projects/Masterkey Keytab Stash ticket: 194 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20661 dc483132-0cff-0310-8789-dd5450dbe970
* Two versions of resolver code were almost identical, so unify them and ↵Ken Raeburn2008-08-021-37/+11
| | | | | | reduce duplication. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20594 dc483132-0cff-0310-8789-dd5450dbe970
* Catch a few more cases of unchecked k5_mutex_lock callsKen Raeburn2008-07-221-1/+3
| | | | | | ticket: 5962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20567 dc483132-0cff-0310-8789-dd5450dbe970
* misc uninitialized-storage accessesKen Raeburn2008-06-271-0/+1
| | | | | | | | | Fix some miscellaneous uninitialized-storage uses, mainly in unlikely error paths. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20487 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 01:21:44 +0000