summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb
Commit message (Collapse)AuthorAgeFilesLines
...
* Add support for referral null realms and use the default realm as ↵Sam Hartman2009-01-061-2/+10
| | | | | | | | krb5_rd_req_extended does ticket: 5954 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21716 dc483132-0cff-0310-8789-dd5450dbe970
* fix missed var renameKen Raeburn2009-01-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21704 dc483132-0cff-0310-8789-dd5450dbe970
* move generated dependencies out of Makefile.inKen Raeburn2009-01-052-914/+912
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Move automatically-generated dependencies into separate files in the source tree, and take the data out of Makefile.in. Keep the "make depend" rules for stripping out the dependencies from Makefile.in, in case some optional directories were missed, but everything that builds on my UNIX build has been converted. (Converting a directory just requires creating an empty "deps" file so that config.status can build the makefile, and then later running "make depend" in that directory to get the correct content for it.) Change configure scripts to incorporate the "deps" file when building each Makefile. This change requires the existence of a file "deps" in each source directory where we build a makefile, even if there are no sources for which to compute dependencies; a switch to GNU make would let us conditionalize that, but we can assess that later. Update dependencies for the generate Makefile itself to list the deps file. This will also require some minor tweaking of the Windows build, to make it incorporate the new deps file. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
* Merge mskrb-integ onto trunkSam Hartman2009-01-0327-281/+2152
| | | | | | | | | | | | | | | | | | | | | | | | The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
* Rewrite walk_rtree.c to handle hierarchical traversal better and to beTom Yu2009-01-023-309/+468
| | | | | | | | less convoluted. Update test cases. ticket: 5947 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21659 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r21589, and export krb5_get_fallback_host_realm insteadGreg Hudson2008-12-291-7/+8
| | | | | | | | | | | | | | Rationale: Zephyr and AFS both use the Kerberos realm name as the name of the service realm (AFS realm or Zephyr galaxy). AFS can grab the Kerberos realm from the ticket being aklogged, but Zephyr is not necessarily getting credentials at all (you could be sending an unauthenticated message), and currently finds its answer by looking up the realm of the server host. Although we can't currently provide an accurate result for this lookup in the presence of referrals, we do need to provide enough tools to get as good of an answer as libzephyr could have gotten before referrals went in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21631 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up krb5_get_fallback_host_realm in two respects:Greg Hudson2008-12-241-8/+7
| | | | | | | | | | | | 1. It isn't exported from libkrb5 (and no one seems to complain about that). So give it a krb5int_ name and move its declaration to k5-int.h. Also stop exporting it from the collected client lib. 2. It returned a list of realms, but its only caller assumes that the list contains exactly one realm. So just make it return a single realm. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21589 dc483132-0cff-0310-8789-dd5450dbe970
* Signed/unsigned fix. The function is called with a sizeof - so unsigned isEzra Peisach2008-12-191-1/+1
| | | | | | fine. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21553 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb524, lib/des425, lib/krb4, and include/kerberosIV.Greg Hudson2008-12-181-5/+0
| | | | | | | | | | Remove krb4 build system references and conditionals. Move des425 header stuff referenced by des_int.h into des_int.h. Remove krb4 test cases. ticket: 6303 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21544 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb4 code in libkrb5Greg Hudson2008-12-153-397/+1
| | | | | | | ticket: 6303 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21452 dc483132-0cff-0310-8789-dd5450dbe970
* Convert many uses of sprintf to snprintf or asprintfGreg Hudson2008-12-013-7/+5
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21258 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak caught by valgrindKen Raeburn2008-11-241-23/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21179 dc483132-0cff-0310-8789-dd5450dbe970
* Lite Client - the following calls are server-side functions:Zhanna Tsitkov2008-11-175-4/+16
| | | | | | | | | | decode_krb5_authenticator, krb5_auth_con_getauthenticator, krb5_copy_authenticator, krb5_ser_authenticator_init Take them out for the Lite CLient. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21129 dc483132-0cff-0310-8789-dd5450dbe970
* PERF: Introduced a new function krb5_is_permitted_enctype_ext to replace ↵Zhanna Tsitkov2008-11-172-4/+75
| | | | | | multiple calls to krb5_is_permitted_enctype git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21128 dc483132-0cff-0310-8789-dd5450dbe970
* In pa_sam(), free the outer krb5_data structure returned byGreg Hudson2008-11-101-0/+2
| | | | | | | | encode_krb5_sam_response. ticket: 6211 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21063 dc483132-0cff-0310-8789-dd5450dbe970
* Properly free sam_challenge in pa_sam()Greg Hudson2008-11-101-8/+8
| | | | | | ticket: 6210 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21062 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5int_buf_cstr to krb5int_buf_data, since k5bufs can be usedGreg Hudson2008-11-052-2/+2
| | | | | | | | | | | for binary data as well as C string data. The buffer will always have a null byte at krb5int_buf_len bytes regardless of whether it contains C string data. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21003 dc483132-0cff-0310-8789-dd5450dbe970
* Convert many uses of strcpy/strcat (and sometimes sprintf) to acceptedGreg Hudson2008-11-051-1/+1
| | | | | | | | | string-handling functions. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21001 dc483132-0cff-0310-8789-dd5450dbe970
* Don't build dependencies for v4rcp.c.Ken Raeburn2008-11-041-545/+563
| | | | | | Rebuild dependencies for k5-buf.h, and without krb4 support. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20964 dc483132-0cff-0310-8789-dd5450dbe970
* Use the k5buf module instead of strcpy/strcat in several placesGreg Hudson2008-10-302-63/+22
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20941 dc483132-0cff-0310-8789-dd5450dbe970
* partial rewrite of the ASN.1 encodersKen Raeburn2008-10-253-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of a pile of macros generating code, that have to be threaded together in just the right way to get a valid ASN.1 encoding, we now have a pile of macros for defining data structures describing the objects and the ASN.1 types they should be encoded as, which structures are interpreted by recursive invocations of an encoder engine; there should be somewhat less rope for accidentally creating invalid encodings. The new macros are commented in asn1_k_encode.c. Putting most of the work into the encoder engine also reduces the code size (in one configuration, including LDAP-KDB and PKINIT encoders, code size went from 37K to <16K, though 10K of tables were added, and the PKINIT encoders are still open-coded). Some encoder interfaces have been revised to be more regular -- all now take one pointer to const argument (no two-input encoders, no pointer-to-non-const-pointer-to-const). A few encoders were eliminated or disabled because they were neither used nor exported from the library. The LDAP-KDB encoder has been converted, but the PKINIT encoders have not as there are no regression tests for them currently. There is still plenty of room for improvement; some notes on specific ideas have been added. String encoding primitives have been combined to reduce code size. A primitive for encoding bit strings has been added. Some miscellaneous warnings in the decoders have been cleaned up. A new dejagnu test case is added that ensures that KRB-SAFE messages get exercised. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20923 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_build_principal_ext walks off beginning of arrayAlexandra Ellwood2008-10-241-1/+1
| | | | | | | | | | | On error, krb5_build_principal_ext walks off the beginning of the array by using i-- in a conditional when it should be using --i (so that it actually compares the value of i that will be used below). ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20920 dc483132-0cff-0310-8789-dd5450dbe970
* Use strlcpy instead of strcpy in many placesGreg Hudson2008-10-243-12/+10
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20919 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_build_principal_va does not allocate krb5_principalAlexandra Ellwood2008-10-241-64/+139
| | | | | | | | | | | | | | | | | krb5_build_principal_va does not allocate the outer krb5_principal, making it useless for generating krb5_principals which can be freed with krb5_free_principal. Added krb5_build_principal_alloc_va which allocates the krb5_principal. Added krb5int_build_principal_alloc_va which is used by KIM to avoid code duplication. KIM's kim_identity_create_from_components takes the first component as an argument because principals with no components cannot be represented with the KIM UI. Modified KIM to use this new API. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20918 dc483132-0cff-0310-8789-dd5450dbe970
* Use snprintf instead of strcpy/strcat in many placesGreg Hudson2008-10-231-4/+1
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20912 dc483132-0cff-0310-8789-dd5450dbe970
* Use strdup in place of malloc/strcpy in many placesGreg Hudson2008-10-202-5/+2
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20898 dc483132-0cff-0310-8789-dd5450dbe970
* Finished KLL to KIM shim.Alexandra Ellwood2008-10-011-1/+1
| | | | | | | | Switched krb5 code to using it. ticket: 6134 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20796 dc483132-0cff-0310-8789-dd5450dbe970
* makedependKen Raeburn2008-09-181-486/+555
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2008-09-081-176/+169
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20710 dc483132-0cff-0310-8789-dd5450dbe970
* Based on patch from lxs, with some changes:Ken Raeburn2008-08-277-10/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add several new gcc warning flags, used in the KfM build process. Put declarations before code. Fix a bunch of signed/unsigned type mixes, mostly by changing variable types to unsigned int. Fix constness in handling name of default ccache name. Make sure functions get declared with prototypes: krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get. Don't shadow global names: stat accept index open encrypt. Fix variable shadowing in LDAP ASN.1 support. Don't define unused krb5int_local_addresses. Don't export internal krb5_change_set_password. Fix error return indications from gssint_oid_to_mech. Create and use k5-gmt_mktime.h to provide one global declaration of krb5int_gmt_mktime, needed before we've generated krb5.h on some platforms. Not incorporated from initial patch: const changes in function signatures. ticket: 6096 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970
* Incorporate Apple's patchKen Raeburn2008-08-251-1/+28
| | | | | | | | | | | | | | | | | | | | | | Add a test authorization data scheme, in both built-in and plugin forms; built-in version is #ifdef'ed out. Update configury to create the build directory for the plugin, but don't build or install it by default. Create the new (and normally empty) authorization data plugin directory at install time. Add some (normally disabled) code to log authz data from rd_req. Fix up some comments that still refer to preauth plugins. Add some details in comments on the API, and why it's private for now. Make the plugin init context support work, by not passing null pointers. ticket: 5565 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20691 dc483132-0cff-0310-8789-dd5450dbe970
* Let walk_realm_tree tests fail for now, ignore them and keep goingKen Raeburn2008-08-221-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20687 dc483132-0cff-0310-8789-dd5450dbe970
* Use capaths unconditionally. Update copyrightKen Raeburn2008-08-221-12/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20686 dc483132-0cff-0310-8789-dd5450dbe970
* lean client changesZhanna Tsitkov2008-08-207-7/+29
| | | | | | | | | All changes are under LEAN_CLIENT macro. Application server functionality is disabled. Ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20680 dc483132-0cff-0310-8789-dd5450dbe970
* In copying a credential - if we run out memory - the cleanup code failed to ↵Ezra Peisach2008-08-161-3/+5
| | | | | | clear the second_ticket git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20666 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5int_copy_creds_contents - if we run out of memory, do notEzra Peisach2008-08-141-1/+2
| | | | | | release pointer to output creds structure that is passed in by caller. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20657 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up memory leak in krb5_build_principal if we run out of memoryEzra Peisach2008-08-141-0/+3
| | | | | | while building pricipal. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20656 dc483132-0cff-0310-8789-dd5450dbe970
* malloc+memset(,0,) -> callocKen Raeburn2008-08-0715-67/+36
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20630 dc483132-0cff-0310-8789-dd5450dbe970
* fix cleanup code in allocating preauth infoKen Raeburn2008-08-061-2/+2
| | | | | | | | | | | | After an allocation failure, free up the previously allocated array elements by counting back down to zero, not continuing to count up until we hit zero. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20608 dc483132-0cff-0310-8789-dd5450dbe970
* Use load/store_32/16_be/le functionsKen Raeburn2008-08-021-8/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20603 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out code to compute length of quoted name component and copy withKen Raeburn2008-08-021-78/+68
| | | | | | quoting into separate functions, to reduce code duplication. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20593 dc483132-0cff-0310-8789-dd5450dbe970
* r1926@ken-wireless: raeburn | 2008-07-15 16:49:17 -0400Ken Raeburn2008-07-152-0/+72
| | | | | | | | | | | | ticket: 5947 status: open Add a test script for the walk_rtree code, and run some test cases that exercise the problem reported in RT ticket 5947. r1927@ken-wireless: raeburn | 2008-07-15 19:55:10 -0400 Some more test cases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20528 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_cred_via_tkt() should null out_cred on errorsTom Yu2008-07-151-0/+1
| | | | | | | | | | | | | Helper function krb5_kdcrep2creds(), called from krb5_get_cred_via_tkt(), should null its output pointer after freeing allocated memory, to avoid returning an invalid pointer. ticket: new tags: pullup target_version: 1.6.4 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20527 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_gic_opte_copy should copy elements individuallyAlexandra Ellwood2008-07-071-2/+13
| | | | | | | | | | Since we are copying from one structure to another, copy elements. Using memcpy is fragile. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20499 dc483132-0cff-0310-8789-dd5450dbe970
* use-after-free bugsKen Raeburn2008-06-271-1/+1
| | | | | | | | | | | Fix some bugs with storage being used immediately after being freed. None look like anything an attacker can really manipulate AFAICT. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20485 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak, and possible freed-memory dereference, in an error (smallKen Raeburn2008-06-271-1/+1
| | | | | | | | allocation failure) path. ticket: 5997 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20482 dc483132-0cff-0310-8789-dd5450dbe970
* misc memory leaksKen Raeburn2008-06-274-9/+18
| | | | | | | | | | | | Fix various memory leaks that show up mostly in error cases (e.g., failure to allocate one small object, and then we forget to free another one). ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20481 dc483132-0cff-0310-8789-dd5450dbe970
* fix free of automatic storageKen Raeburn2008-06-271-4/+4
| | | | | | | | | | | Fix a possible free of automatic storage that can happen on an (unlikely) encoding failure. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20480 dc483132-0cff-0310-8789-dd5450dbe970
* Apple PKINIT LKDC supportAlexandra Ellwood2008-06-262-20/+86
| | | | | | | ticket: 5968 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20476 dc483132-0cff-0310-8789-dd5450dbe970
* Rolled back patch because tickets 4495 and 5124 fix this bugAlexandra Ellwood2008-06-251-4/+1
| | | | | | | | in a different way. ticket: 5991 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20474 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-29 00:55:14 +0000