summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix test rules for non-gmake make versionsGreg Hudson2009-05-241-2/+2
| | | | | | | | | | | | | The build rules for the new t_ad_fx_armor and t_authdata test programs used $<, which is only portable for implicit rules (but is valid in gmake for all rules). Stop using $< in those rules so that "make check" works with System V make. ticket: 6495 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22368 dc483132-0cff-0310-8789-dd5450dbe970
* Use printf format attribute only with gccKen Raeburn2009-05-222-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22363 dc483132-0cff-0310-8789-dd5450dbe970
* When using keyed checksum types with TGS subkeys, Microsoft AD 2003Greg Hudson2009-05-191-0/+2
| | | | | | | | | | | | | | | | verifies the checksum using the subkey, whereas MIT and Heimdal verify it using the TGS session key. (RFC 4120 is actually silent on which is correct; RFC 4757 specifies the TGS session key.) To sidestep this interop issue, don't use keyed checksum types with RC4 keys without explicit configuration in krb5.conf. Using keyed checksum types with AES is fine since, experimentally, AD 2008 accepts checksums keyed with the TGS session key. ticket: 6490 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22356 dc483132-0cff-0310-8789-dd5450dbe970
* In recvauth_common, convert a use of strcpy to strdupGreg Hudson2009-05-111-2/+2
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22343 dc483132-0cff-0310-8789-dd5450dbe970
* Try decrypting using session key if subkey fails in tgs rep handlingSam Hartman2009-05-072-7/+13
| | | | | | | | | | | | | | | | | | | | | | Heimdal at least up through 1.2 incorrectly encrypts the TGS response in the session key not the subkey when a subkey is supplied. See RFC 4120 page 35. Work around this by trying decryption using the session key after the subkey fails. * decode_kdc_rep.c: rename to krb5int_decode_tgs_rep; only used for TGS and now needs to take keyusage * gc_via_tkt: pass in session key and appropriate usage if subkey fails. Note that the dead code to process AS responses in decode_kdc_rep is not removed by this commit. That will be removed as FAST TGS client support is integrated post 1.7. ticket: 6484 Tags: pullup Target_Version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22325 dc483132-0cff-0310-8789-dd5450dbe970
* After consultation with kenh, remove a comment and if statement whichGreg Hudson2009-05-071-7/+0
| | | | | | should no longer apply to the pa_sam_2 code, fixing a memory leak. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22322 dc483132-0cff-0310-8789-dd5450dbe970
* Fix yet another memory leak in pa_samGreg Hudson2009-05-061-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22321 dc483132-0cff-0310-8789-dd5450dbe970
* Fix multiple memory leaks in obtain_sam_padataGreg Hudson2009-05-061-23/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22320 dc483132-0cff-0310-8789-dd5450dbe970
* In pa_sam, use the correct function to free sam_challenge in theGreg Hudson2009-05-061-1/+1
| | | | | | | | success path. ticket: 6210 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22319 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in pa_sam_2 where an outer data structure wasn'tGreg Hudson2009-05-061-0/+1
| | | | | | freed after the contents are coopted. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22318 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in pa_samGreg Hudson2009-05-051-2/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22317 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in krb5_obtain_padataGreg Hudson2009-05-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22316 dc483132-0cff-0310-8789-dd5450dbe970
* In pa_sam_2, free sc2 in an error-handling case where it was leakedGreg Hudson2009-05-051-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22315 dc483132-0cff-0310-8789-dd5450dbe970
* In pa_sam_2, free scratch in a couple of error-handling blocks whereGreg Hudson2009-05-051-0/+2
| | | | | | | | it was live and not freed. The function should be reorganized to use a cleanup handler, but (I believe) is not covered by the test suite and should not undergo such major surgery until it is. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22314 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5int_rd_setpw_rep, if we get an error result, set ap_rep.lengthGreg Hudson2009-05-051-0/+1
| | | | | | to 0 so that it is initialized for a check later in the function. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22313 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unnecessary null checks in krb5_get_in_tkt_with_passwordGreg Hudson2009-05-051-4/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22312 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unnecessary null checks in krb5_get_in_tkt_with_keytabGreg Hudson2009-05-051-4/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22311 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_get_in_tkt, free the whole encoded request (since theGreg Hudson2009-05-051-1/+1
| | | | | | | | structure was allocated by encode_krb5_as_req), not just the contents. ticket: 6401 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22310 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a case in the krb5_rd_rep error handler (introduced in the lastGreg Hudson2009-05-051-2/+3
| | | | | | | commit) where scratch.data could be indirected through even if it wasn't allocated successfully. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22309 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify cleanup in obtain_sam_padata slightlyGreg Hudson2009-05-041-5/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22308 dc483132-0cff-0310-8789-dd5450dbe970
* Fix an error message memory leak in krb5_preauth_supply_preauth_dataGreg Hudson2009-05-041-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22307 dc483132-0cff-0310-8789-dd5450dbe970
* Fix some direct returns in krb5_get_cred_from_kdc_opt which would leakGreg Hudson2009-05-041-12/+25
| | | | | | memory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22306 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_rd_rep could leak memory through its output parameter on error.Greg Hudson2009-05-041-26/+34
| | | | | | | Adjust the flow control so that *repl is NULL on error and the memory allocated by decode_krb5_ap_rep_enc_part is freed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22305 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in krb5int_rd_chpw_rep in a block of code handlingGreg Hudson2009-05-021-4/+5
| | | | | | | | buggy MS KDC behavior. It's not entirely clear what should happen in the case where memory was leaked (error packet received containing e_data) so pick a conservative option. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22303 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak by reorganizing krb5_principal_internalize to useGreg Hudson2009-05-011-34/+34
| | | | | | | the recommended flow control for error handling. Also initialize the output parameter so that it is set in case of error. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22302 dc483132-0cff-0310-8789-dd5450dbe970
* Move an error check to an earlier location in krb5_524_conv_principalGreg Hudson2009-05-011-2/+3
| | | | | | to fix a memory leak. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22300 dc483132-0cff-0310-8789-dd5450dbe970
* make dependSam Hartman2009-04-301-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22299 dc483132-0cff-0310-8789-dd5450dbe970
* Add DEBUG_ERROR_LOCATIONS supportGreg Hudson2009-04-291-0/+23
| | | | | | | | | | | | If DEBUG_ERROR_LOCATIONS is defined, replace uses of krb5_set_error_message and krb5int_set_error with calls to the new _fl variants of those functions, and include filename and line number information in the calls. Requires C99-style variadic macros if defined. ticket: 6479 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22291 dc483132-0cff-0310-8789-dd5450dbe970
* Fix handling of RET_SEQUENCE flag in mk_priv/mk_ncredGreg Hudson2009-04-283-13/+6
| | | | | | | | | | | | | | | | | Regularize the handling of KRB5_AUTH_CONTEXT_RET_SEQUENCE in krb5_mk_safe, krb5_mk_priv, and krb5_mk_ncred, using krb5_mk_safe as a baseline. RET_SEQUENCE now implies DO_SEQUENCE for all three functions, the sequence number is always incremented if it is used, and outdata->seq is always set if RET_SEQUENCE is passed. Note that in the corresponding rd_ functions, RET_SEQUENCE and DO_SEQUENCE are independent flags, which is not consistent with the above. This compromise is intended to preserve compatibility with any working code which might exist using the RET_SEQUENCE flag. ticket: 6478 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22288 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a few memory leaks in krb5_mk_ncred. Also tighten up the errorGreg Hudson2009-04-271-16/+18
| | | | | | | | handling of the sequence number, only decreasing it if it was increased. The handling of DO_SEQUENCE and RET_SEQUENCE may still be flawed in some cases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22283 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_principal_compare_flags, improve clarity slightly by using aGreg Hudson2009-04-231-9/+8
| | | | | | | boolean temporary instead of an ordering temporary in the loop over the elements, since we only care about the boolean result. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22277 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_get_cred_via_tkt, strip the ok-as-delegate flag fromGreg Hudson2009-04-231-0/+18
| | | | | | | | | | credentials obtained using a foreign TGT, unless the TGT also has ok-as-delegate set. ticket: 6473 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22272 dc483132-0cff-0310-8789-dd5450dbe970
* In pa_sam, remove a gratuitous null check for etype which wasGreg Hudson2009-04-131-1/+1
| | | | | | immediately followed by dereferencing etype. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22199 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_get_in_tkt, r7002 introduced an unused local variableGreg Hudson2009-04-101-4/+1
| | | | | | | | | "padata". It was accidentally used in r18641 instead of preauth_to_use when sorting the received padata sequence, causing the sort to be a no-op. Sort the correct sequence and eliminate the unused local variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22193 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify the coupling of problem to response code in recvauth_common,Greg Hudson2009-04-101-29/+9
| | | | | | eliminating a big switch statement with a dead-code default block. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22192 dc483132-0cff-0310-8789-dd5450dbe970
* Check the return value of krb5_timeofday in krb5int_populate_gic_opt.Greg Hudson2009-04-101-1/+7
| | | | | | Also initialize krb5int_populate_gic_opt's output variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22190 dc483132-0cff-0310-8789-dd5450dbe970
* Check return value of krb5int_copy_data_contents in preauth2.c'sGreg Hudson2009-04-101-1/+4
| | | | | | pa_salt. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22189 dc483132-0cff-0310-8789-dd5450dbe970
* mk_safe and mk_priv require the local address to be set in the authGreg Hudson2009-04-084-54/+57
| | | | | | | | | | context; rd_safe and rd_priv require the remote address to be set. Create error codes for both kinds of missing addresses and stop trying futilely to handle the cases where they are not set. ticket: 1165 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22184 dc483132-0cff-0310-8789-dd5450dbe970
* When getting initial credentials with a password, try the master ifGreg Hudson2009-04-081-2/+1
| | | | | | | | | | | | preauth fails on a slave, since preauth can fail due to an out-of-date key. This removes a snippet added in r14939 which was considering only hardware preauth. ticket: 6108 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22182 dc483132-0cff-0310-8789-dd5450dbe970
* fix logic errorsSam Hartman2009-04-041-1/+1
| | | | | | ticket: 6436 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22170 dc483132-0cff-0310-8789-dd5450dbe970
* Merge fast branch at 22166 onto trunkSam Hartman2009-04-037-30/+136
| | | | | | ticket: 6436 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22167 dc483132-0cff-0310-8789-dd5450dbe970
* Unfortunately, pre-1.7 krshd fails to support keyed checksums becauseSam Hartman2009-04-032-1/+3
| | | | | | | | | | | | | | | | it uses the wrong API and wrong key usage. So, if the auth_context has an explicit checksum type set, then respect that. kcmd sets such a checksum type. Also, because other applications may have the same problem, allow the config file variable if set to override the default checksum. * kcmd.c: Force use of rsa_md5 * init_ctx.c: do not default to md5 * mk_req_ext.c: allow auth_context to override ticket: 1624 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22160 dc483132-0cff-0310-8789-dd5450dbe970
* Use the preferred checksum for non-DES keys in the kdc_req path andSam Hartman2009-04-012-3/+20
| | | | | | | | | | | | all the time in the ap_req checksum path. This breaks code to support DCE versions prior to 1.1 but uses the correct checksum for protocol compatibility. ticket: 1624 Target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22154 dc483132-0cff-0310-8789-dd5450dbe970
* make dependSam Hartman2009-03-311-2/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22150 dc483132-0cff-0310-8789-dd5450dbe970
* Implement FAST from draft-ietf-krb-wg-preauth-frameworkSam Hartman2009-03-317-17/+748
| | | | | | | | | | | | Merge fast branch at 22146 onto trunk Implement the kerberos pre-authentication framework FAST feature per Projects/FAST on the wiki. ticket: 6436 Target_Version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22149 dc483132-0cff-0310-8789-dd5450dbe970
* in send_tgs.c:Sam Hartman2009-03-311-1/+1
| | | | | | | | Encrypt using local_subkey not *subkey ticket: 6393 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22148 dc483132-0cff-0310-8789-dd5450dbe970
* Add PAC and principal parsing test casesGreg Hudson2009-03-304-2/+756
| | | | | | | | From Heimdal, ported by Luke, further modified by me. ticket: 6435 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22147 dc483132-0cff-0310-8789-dd5450dbe970
* Implement tests for authdata functionsSam Hartman2009-03-162-2/+109
| | | | | | | | | Implement some test cases for krb5_merge_authdata and krb5int_find_authdata ticket: 6422 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22097 dc483132-0cff-0310-8789-dd5450dbe970
* Implement krb5int_find_authdataSam Hartman2009-03-161-0/+89
| | | | | | | | | Implement a function to find all instances of a particular ad_type in ticket or authenticator authdata. ticket: 6422 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22096 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_auth_con_free should support freeing a null auth_context without segfaultSam Hartman2009-03-161-0/+2
| | | | | | | | If the input auth_con is NULL, return success. ticket: 6423 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22092 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 10:22:22 +0000