summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/keytab
Commit message (Collapse)AuthorAgeFilesLines
* Two versions of resolver code were almost identical, so unify them and ↵Ken Raeburn2008-08-021-37/+11
| | | | | | reduce duplication. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20594 dc483132-0cff-0310-8789-dd5450dbe970
* Catch a few more cases of unchecked k5_mutex_lock callsKen Raeburn2008-07-221-1/+3
| | | | | | ticket: 5962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20567 dc483132-0cff-0310-8789-dd5450dbe970
* misc uninitialized-storage accessesKen Raeburn2008-06-271-0/+1
| | | | | | | | | Fix some miscellaneous uninitialized-storage uses, mainly in unlikely error paths. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20487 dc483132-0cff-0310-8789-dd5450dbe970
* Set close-on-exec flag in most places where file descriptors areKen Raeburn2007-10-222-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | opened in our libraries (in case another application thread spawns a new process) and in the KDC programs (in case a plugin library spawns a new process). Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup dup2 pipe. In: util lib plugins kdc kadmin/server krb524. The various programs are less critical than the libraries, as any well-written plugin that spawns a new process should close all file descriptors it doesn't need to communicate with the new process. This approach also isn't bulletproof, as the call to set the close-on-exec flag is necessarily a separate call from creating the file descriptor, and the fork call could happen in between them. So plugins should be careful regardless of this patch; it will only reduce the window of potential lossage should a plugin be poorly written. (AFAIK there are currently no plugins that spawn processes where this would be a problem.) Update dependencies. ticket: 5561 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
* Add enhanced error messages to new error return cases, explaining theKen Raeburn2007-10-101-0/+6
| | | | | | | | (fairly generic) errors codes. ticket: 5777 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20111 dc483132-0cff-0310-8789-dd5450dbe970
* kt_file.c: Support multiple iterators active simultaneously, using aKen Raeburn2007-10-092-18/+113
| | | | | | | | | | | | counter. In get_entry, if the file was already open, rewind it to just after the version number, and don't close it when done. Don't allow add or remove calls if any iterator is active. t_keytab.c: Test mixing two iterators with get_entry calls. ticket: 5777 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20109 dc483132-0cff-0310-8789-dd5450dbe970
* Make internal functions staticKen Raeburn2007-08-311-38/+38
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19900 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-08-161-58/+62
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970
* Free memory leak in do_test() from asprintf integrationEzra Peisach2007-08-141-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19821 dc483132-0cff-0310-8789-dd5450dbe970
* Set KTFILEP field to null any time we close the fileKen Raeburn2007-07-271-0/+3
| | | | | | | ticket: 3099 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19739 dc483132-0cff-0310-8789-dd5450dbe970
* Check for null file handle in get_next.Ken Raeburn2007-07-271-0/+4
| | | | | | | | Patch from Luke Howard. ticket: 5471 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19736 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid use of unchecked sprintf in libraries. Use asprintf if theKen Raeburn2007-07-121-7/+6
| | | | | | | output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
* In file-not-found case, report the filename soughtKen Raeburn2007-07-041-4/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19665 dc483132-0cff-0310-8789-dd5450dbe970
* provide asprintf functionality for internal useKen Raeburn2007-06-201-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I plan to use asprintf in some gssapi error-message management routines, so let's make sure we have the functionality available, implementing it locally if necessary. This implementation assumes vsnprintf is available, an assumption that the support library is already making at the moment. Since this implementation requires calling vsnprintf potentially multiple times with the same va_list, use va_copy if it's available, or provide a hack version (which should work okay if va_list is a scalar or array type that requires no other special handling, and if va_end does nothing interesting, which is usually the case) if the compiler doesn't provide it. I also changed a couple bits of code to use asprintf, to make sure we exercise our implementation in testing. (C99 requires vsnprintf and va_copy; vasprintf is a GNU/BSD extension, but an oh so useful one....) * configure.in: Check for va_copy, or if va_list objects can be simply assigned. Define HAS_VA_COPY and CAN_COPY_VA_LIST as appropriate. * include/k5-platform.h: Define a va_copy macro if the compiler doesn't provide it. * include/k5-platform.h: If vsnprintf isn't available from the OS, abort compilation. If vasprintf isn't available from the OS, provide k5_{v,}asprintf based on vsnprintf and define {v,}asprintf macros. * lib/krb5/keytab/t_keytab.c (do_test): Use asprintf. * util/support/errors.c (krb5int_vset_error): Use asprintf unconditionally. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19595 dc483132-0cff-0310-8789-dd5450dbe970
* set eol-style and mime-type propertiesKen Raeburn2007-06-191-677/+677
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19594 dc483132-0cff-0310-8789-dd5450dbe970
* don't check for readability resolving SRVTAB: keytabKen Raeburn2007-05-311-7/+0
| | | | | | | | | | | Greg Hudson has pointed out that the FILE: and SRVTAB: keytab types differ in when they report errors for files not existing. The implementations of ANY: floating around cope better if they consistently accept names of files that aren't present, and report the error later when fetching information. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19563 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2007-03-021-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19199 dc483132-0cff-0310-8789-dd5450dbe970
* In the resolve function - ensure on memory allocation error - Ezra Peisach2007-02-121-3/+6
| | | | | | | | | | deref of null pointer does not happen. Also include kt-int.h for prototypes. ticket: 5411 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19153 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_kt_get_type should return const char *. Ezra Peisach2007-02-052-2/+2
| | | | | | | | | | | | The code returns a pointer to static structures. Just to enforce the assumption that users can not change the returned data. Change prototype of krb5_kt_get_type to return const char *. The other changes are to clean up warnings - no change in code - usage assumed const. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19143 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new program to perform various tests on the WRFILE: and MEMORY: keytabsEzra Peisach2007-02-042-8/+461
| | | | | | | | | | I developed this program to test functionality of the MEMORY keytab - which resulted in the numerous fixes that have been committed recently. Tests all functioanlity of keytabs except for krb5_kt_default() and krb5_kt_read_service_key() - although essential functionality tested. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19142 dc483132-0cff-0310-8789-dd5450dbe970
* MEMORY keytab krb5_kt_get_entry sets enctype to 0 if unspecifiedEzra Peisach2007-02-041-10/+10
| | | | | | | | | | | | | If one invokes krb5_kt_get_entry() for a memory keytab w/ an unspecified enctype (i.e. 0) - the returned keytab has it's enctype set to 0 as well. Also - in copying out the found keytab_entry - when a kvno is unspecified, the last match found is used - not the one with the highest vno. This was caused by copying out the variable "entry" and not "match". Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19141 dc483132-0cff-0310-8789-dd5450dbe970
* MEMORY keytab does not copy keytab_entry keyblock contentsEzra Peisach2007-02-041-3/+21
| | | | | | | | | | | | | | | | | In krb5_kt_add_entry: The MEMORY keytab does not make a copy of the keytab_entry keyblock contents - but instead retains a pointer to the incomming one. In krb5_kt_get_entry and krb5_kt_get_next - a pointer to internal keyblock contents memory is returned to the caller - which is subsequently freed when tht caller invokes krb5_free_keytab_entry_contents. Solution is to use krb5_copy_keyblock_contents() instead of simply copying the structure. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19140 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak in new memory keytabEzra Peisach2007-02-031-0/+2
| | | | | | | | | | The memory keytab introduced in ticket 5411 suffers from a memory leak in the Heimdal compatible kt_close() handling and thread destructor in which the cursor->entry is not freed. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19138 dc483132-0cff-0310-8789-dd5450dbe970
* buffer overflow in krb5_kt_get_nameEzra Peisach2007-02-013-3/+3
| | | | | | | | | | | | | | | | | | | | | krb5_kt_get_name() allows the called to specify the size of the buffer to copy the name into. The size must be big enough for the tailing nul character. If one specified a buffer length that is precisely the strlen w/o allowing for the nul - the functions would copy one past the end of the buffer. No code in our tree would be subject this problem - as buffers in use are 1024 or BUFSIZ.... The logic failure was: strlen(p+1) vs. strlen(p)+1 The code is essentially duplicated in the three changed files. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19137 dc483132-0cff-0310-8789-dd5450dbe970
* This commit adds a thread safe MEMORY keytab implementation Jeffrey Altman2007-01-305-11/+720
| | | | | | | | | | | | | | | that is compatible with Heimdal 0.7. Each successful resolve returns a handle to a keytab and increases the internal reference count. Each close invalidates the handle and decreases the reference count. When the reference count hits zero, the keytab is destroyed. When a kt_destroy function is added, the automatic destruction after close behavior will be removed. ticket: 5411 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19126 dc483132-0cff-0310-8789-dd5450dbe970
* kt_file.c memory leak on error in krb5_kt_resolve / krb5_kt_wresolveJeffrey Altman2007-01-231-0/+2
| | | | | | | | | | The krb5_kt_resolve and krb5_kt_wresolve functions leak the 'data' memory allocation if the lock cannot be initialized. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19104 dc483132-0cff-0310-8789-dd5450dbe970
* ktfns.c (krb5_kt_get_entry): If the supplied server principal has an emptyKen Raeburn2006-12-191-1/+18
| | | | | | | | | realm name, replace it with the default realm, in a private copy. ticket: 5121 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18975 dc483132-0cff-0310-8789-dd5450dbe970
* make dependTom Yu2006-10-061-18/+23
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18652 dc483132-0cff-0310-8789-dd5450dbe970
* windows ccache and keytab file paths without a prefix Jeffrey Altman2006-09-051-2/+2
| | | | | | | | | | | ktbase.c, ccbase.c: When a file path is specified without the prefix we must infer the use of the "FILE" prefix. However, we were setting the prefix including the colon separator when the separator should have been ignored. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18561 dc483132-0cff-0310-8789-dd5450dbe970
* autoconf 2.60 compatibilityKen Raeburn2006-06-281-1/+1
| | | | | | | | | | | Change all file substitutions so that @-patterns start at the beginning of their lines, as now required by autoconf 2.60 (released Monday). ticket: new target_version: 1.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18249 dc483132-0cff-0310-8789-dd5450dbe970
* Change a bunch of calls to ctype macros (those cited by Jeff, and aKen Raeburn2006-06-161-1/+1
| | | | | | | | few others) to cast the character values to unsigned char. ticket: 3445 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18156 dc483132-0cff-0310-8789-dd5450dbe970
* Prevent a library double-free and crash when a keytab is zero-length.Russ Allbery2006-06-131-1/+4
| | | | | | | | | | Based on a patch from Rainer Weikusat. Ticket: 3549 Version_Reported: 1.4.3 Component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18120 dc483132-0cff-0310-8789-dd5450dbe970
* Merge about 1/3 of the remaining configure scripts into the top level. ThisKen Raeburn2006-05-311-2/+2
| | | | | | still leaves out appl and tests, and static library and plugin directories. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18068 dc483132-0cff-0310-8789-dd5450dbe970
* Rename locate.h to locate_plugin.h. Change references, update dependenciesKen Raeburn2006-05-241-9/+9
| | | | | | ticket: 3784 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18037 dc483132-0cff-0310-8789-dd5450dbe970
* install headers into include/krb5Ken Raeburn2006-05-231-45/+49
| | | | | | | | | | | Create include/krb5 directory, and put krb5.h and (k5-)locate.h there in the build tree. Stub krb5.h in main include directory just includes krb5/krb5.h. Update dependencies, and add dependencies in a couple Makefiles that didn't have them. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18030 dc483132-0cff-0310-8789-dd5450dbe970
* Don't include kdb.h from k5-int.h; instead, include it in the handfulKen Raeburn2006-04-131-22/+18
| | | | | | of places where it's actually needed. Update dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17898 dc483132-0cff-0310-8789-dd5450dbe970
* Remove ChangeLog files from the source tree. From now on, theSam Hartman2006-04-111-686/+0
| | | | | | | subversion commit log entry needs to include information that would have been in the changelog. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17893 dc483132-0cff-0310-8789-dd5450dbe970
* Remove .Sanitize and .rconf files, no longer usedKen Raeburn2006-04-111-45/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17888 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (DEFS): Make emptyKen Raeburn2006-04-022-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17833 dc483132-0cff-0310-8789-dd5450dbe970
* * kt_file.c (krb5_ktf_keytab_externalize, krb5_ktf_keytab_internalize): ReadKen Raeburn2006-03-312-21/+13
| | | | | | | and write file position as 64 bits rather than trying to figure out size of long. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17817 dc483132-0cff-0310-8789-dd5450dbe970
* make depend, now with dependency sortingKen Raeburn2006-03-311-67/+67
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17811 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-03-271-19/+27
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17786 dc483132-0cff-0310-8789-dd5450dbe970
* Instead of arbitrary division of headers into include and include/krb5, withKen Raeburn2006-03-111-27/+27
| | | | | | | | | | | | include directives sometimes using krb5/foo.h and sometimes using foo.h, and -I options always given for both directories in both source and build trees, push include/krb5/* up a level and drop the krb5 directory (except, for the moment, the change log). Updated #include directives, -I options, and dependencies accordingly, and deleted one or two bits of old, unused code that was noticed in the process. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17730 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-03-081-9/+18
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17708 dc483132-0cff-0310-8789-dd5450dbe970
* make dependTom Yu2005-11-291-28/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17505 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2005-06-211-19/+28
| | | | | | | | | N.B.: The version of gcc used this time ("gcc version 3.4.3 20041212 (Red Hat 3.4.3-9.EL4)") seems to emit some duplicate dependencies -- some header files get listed twice. This is annoying but shouldn't cause any harm.... git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17256 dc483132-0cff-0310-8789-dd5450dbe970
* Delete definitions of unused macros NEED_SOCKETS and NEED_LOWLEVEL_IOKen Raeburn2005-04-133-2/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17177 dc483132-0cff-0310-8789-dd5450dbe970
* run "make depend"Ken Raeburn2004-12-301-55/+55
| | | | | | | | In most library directories, this just affects where the line breaks are. In most other directories, it's just dropping a trailing blank line. One or two files really do have updated dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16987 dc483132-0cff-0310-8789-dd5450dbe970
* fix missing mutex initialization in keytab file codeKen Raeburn2004-11-262-0/+12
| | | | | | | | | | | | Missed a case in the checked-in (and pulled-up) fix to 2781. * kt_file.c (krb5_ktfile_wresolve): Initialize mutex here too. ticket: new status: open target_version: 1.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16908 dc483132-0cff-0310-8789-dd5450dbe970
* fix missing locking in keytab; fix stdio handling tooKen Raeburn2004-11-242-24/+102
| | | | | | | | | | | | | | | | | | | | | | | | The keytab type list lock was implemented, but I missed the per-keytab lock. Since I was in there, I ripped out the bogus stdio buffer mangling that the code was doing, and set up a buffer to be used that we can sanitize later. * kt_file.c (struct _krb5_ktfile_data): Add mutex and buffer. (KTFILEBUFP, KTLOCK, KTUNLOCK, KTCHECKLOCK): New macros. (krb5_ktfile_resolve): Initialize mutex. (krb5_ktfile_close): Zap data buffer before freeing. (krb5_ktfile_get_entry, krb5_ktfile_start_seq_get, krb5_ktfile_get_next, krb5_ktfile_end_get, krb5_ktfile_add, krb5_ktfile_remove): Lock and unlock the mutex. (krb5_ktfileint_open): Check that the mutex is locked. Set the stdio buffer to the new buffer in the ktfile data. (krb5_ktfileint_write_entry, krb5_ktfileint_find_slot): Check that the mutex is locked. Don't call setbuf. Flush the stdio buffer after writing. ticket: new target_version: 1.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16905 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-10-05 21:34:57 +0000