summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb
Commit message (Collapse)AuthorAgeFilesLines
...
* Make patchlevel.h be the master version fileTom Yu2004-09-253-8/+71
| | | | | | | ticket: 1345 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16790 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak in rd_cred.cTom Yu2004-09-212-1/+10
| | | | | | | | | * rd_cred.c (decrypt_credencdata): Clear and free ppart to avoid leak. Reported by Derrick Schommer. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16772 dc483132-0cff-0310-8789-dd5450dbe970
* oops, forgot changelogTom Yu2004-08-311-0/+5
| | | | | | ticket: 2686 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16703 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2004-002Tom Yu2004-08-312-0/+6
| | | | | | | | | | Fix double-free vulnerabilities [MITKRB5-SA-2004-002]. ticket: new target_version: 1.3.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16701 dc483132-0cff-0310-8789-dd5450dbe970
* Finally applied patch from Nalin Dahyabhai at Red Hat to fix 0/NULL bugs inKen Raeburn2004-08-272-1/+7
| | | | | | | | | variadic argument lists to krb5_build_principal{,_ext}. Skipped the stylistic patches that removed casts of NULL. tag: 1850 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16693 dc483132-0cff-0310-8789-dd5450dbe970
* get_in_tkt.c (get_init_creds): Support ticket_lifetime libdefault. Made ↵Alexandra Ellwood2004-08-122-27/+69
| | | | | | | | | | aware of 32 bit min and max for times. Allow renew_until time < expiration time ticket: 2654 ticket: 2655 ticket: 2656 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16656 dc483132-0cff-0310-8789-dd5450dbe970
* * srv_rcache.c (krb5_get_server_rcache): Call krb5_rc_recover_or_initializeKen Raeburn2004-08-042-7/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16641 dc483132-0cff-0310-8789-dd5450dbe970
* Delete preprocessor tests for macintosh, __MWERKS__, applec, and THINK_C, allKen Raeburn2004-06-222-1/+5
| | | | | | | part of the pre-Mac OS X support. (Except the bits in the Yarrow code, where it was part of the upstream source.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16506 dc483132-0cff-0310-8789-dd5450dbe970
* * str_conv.c (krb5_string_to_timestamp): Use localtime_r if available.Ken Raeburn2004-06-042-2/+21
| | | | | | (krb5_timestamp_to_string, krb5_timestamp_to_sfstring): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16413 dc483132-0cff-0310-8789-dd5450dbe970
* * parse.c (krb5_parse_name): Use assert and abort, not exitKen Raeburn2004-06-042-5/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16412 dc483132-0cff-0310-8789-dd5450dbe970
* OopsKen Raeburn2004-06-042-1/+9
| | | | | | | * srv_rcache.c (krb5_get_server_rcache): Don't forget to actually include the cache type in the cache name, after looking it up. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16410 dc483132-0cff-0310-8789-dd5450dbe970
* Add/remove error tables in library initialization/termination, not per context.Ken Raeburn2004-06-022-3/+6
| | | | | | | | | | | | | | Use only one library initialization scheme, and install the error tables in only one place. * krb5_libinit.c (initialized): Variable deleted, all references removed. (krb5int_lib_init): Initialize error tables here. (krb5int_initialize_library): Don't do it here. * error_tables/Makefile.in (STLIBOBJS, OBJS, SRCS): Drop init_ets code. * krb/init_ctx.c (init_common): Don't call krb5_init_ets. (krb5_free_context): Don't call krb5_free_ets. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16388 dc483132-0cff-0310-8789-dd5450dbe970
* * srv_rcache.c (krb5_get_server_rcache): Use krb5_rc_resolve_full instead ofKen Raeburn2004-06-022-13/+13
| | | | | | constructing an rcache object locally. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16387 dc483132-0cff-0310-8789-dd5450dbe970
* * conv_creds.c (krb5int_encode_v4tkt): Unsigned vs signed warning fixEzra Peisach2004-05-252-1/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16360 dc483132-0cff-0310-8789-dd5450dbe970
* * t_ser.c (ser_keytab_test): Cleanup memory leak of forgetting toEzra Peisach2004-05-243-6/+13
| | | | | | | | close keytab. * chpw.c: Add parenthesis around assignments in conditionals. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16356 dc483132-0cff-0310-8789-dd5450dbe970
* * send_tgs.c: krb5_send_tgs() was broken in the case of a KRB_ERRORJeffrey Altman2004-05-132-0/+9
| | | | | | | | | | | message. The krb5_response message_type field was never set resulting in stack garbage being used instead. This would break code which used transitive cross-realm to obtain service tickets. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16331 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2004-04-241-297/+353
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16273 dc483132-0cff-0310-8789-dd5450dbe970
* * conv_creds.c (krb524_init_ets, krb524_convert_creds_kdc): Add forward ↵Ken Raeburn2004-04-242-1/+12
| | | | | | declarations to silence gcc warnings git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16271 dc483132-0cff-0310-8789-dd5450dbe970
* Added support for library initialization and finalization, and verificationKen Raeburn2004-04-242-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | that the initializer completed successfully. Delay initialization on POSIX until the first "verification" call. Currently specific to a few platforms, but should still build on others without thread support enabled. Use it to finish creating (if necessary) and destroy mutexes, and free some other storage "permanently" allocated by libraries (currently, libkrb5 cache/keytab type registries only). Change initialization of static mutexes to a two-step operation, a static "partial" initializer and a "finish_init" routine called from a thread-safe environment like library initialization is assumed to be. POSIX will use the former, Windows will use the latter, and the debug support will check that *both* have been used. Added init/fini functions to com_err, profile, krb5, and gssapi libraries. (The profile library one may need to be removed later.) The existing ones, not thread-safe, are still around. Use weak symbol support if available to figure out if the pthread library has been linked in, and avoid calling certain routines if the C library stubs are known not to exist or work. Stub declarations for thread-specific data. Minor bugfixes, whitespace changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16268 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_in_tkt ignores lifetimeSam Hartman2004-04-163-5/+17
| | | | | | | | | | John Hascall reports that the emulation of krb5_get_in_tkt is incomplete and does not handle lifetimes set in the input credentials. He provided a patch to fix this. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16258 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak when not sending to master KDC inSam Hartman2004-04-152-0/+9
| | | | | | | | | | get_init_creds_password path. Ticket: 2534 Tags: pullup Target_Version: 1.3.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16255 dc483132-0cff-0310-8789-dd5450dbe970
* Fix missing case for get_init_creds API changeKen Hornstein2004-03-092-1/+7
| | | | | | | | Fix a case I missed in my original patch for the krb5_get_init_creds API change. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16162 dc483132-0cff-0310-8789-dd5450dbe970
* * gic_pwd.c (krb5_get_in_tkt_with_password): Fix a case Jeff missedKen Raeburn2004-02-282-1/+7
| | | | | | | ticket: 2296 version_fixed: git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16139 dc483132-0cff-0310-8789-dd5450dbe970
* As discussed on the krbdev mailing list, krb5_get_init_creds_password()Jeffrey Altman2004-02-275-11/+23
| | | | | | | | | | | | | | | | | | | | | | | suffered from a behavior in which it would unintentionally query a master KDC twice if in fact the KDC queried when krb5int_sendto() was called with use_master = 0 was in fact the master. This resulted in more than an additional protocol operation. There were two negative side effects. First, in the case of an incorrect password there would be two counts against the max retry attempts. Second, in the case of hardware pre-auth and an expired password, the user would be asked to enter their expired password twice before being told it was expired. This has been fixed by changing the use_master parameter into an in/out parameter and modifying krb5int_sendto() to indicate which KDC it received the response from. This allows the use_master parameter to be set to indicate whether or not the response came from a master KDC regardless of whether a master KDC was requested. ticket: new target_version: next tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16137 dc483132-0cff-0310-8789-dd5450dbe970
* Don't specify defaults for GET{PEER,SOCK}NAME_ARG{2,3}_TYPE macrosKen Raeburn2004-02-142-13/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16082 dc483132-0cff-0310-8789-dd5450dbe970
* Enable aes128-cts for clientSam Hartman2004-02-062-0/+5
| | | | | | | | | | | | | Currently we support aes128-cts but do not enable it by default. It looks like interoperability problems will be created by this decision. So add aes128-cts to the default list of enctypes for client configuration and for permitted_enctypes. Ticket: new Target_Version: 1.3.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16026 dc483132-0cff-0310-8789-dd5450dbe970
* * get_in_tkt.c (get_in_tkt_enctypes): Now constKen Raeburn2003-12-202-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15948 dc483132-0cff-0310-8789-dd5450dbe970
* * conv_creds.c (krb5int_encode_v4tkt): Zero out unused parts of ticket. Use aKen Raeburn2003-12-162-4/+18
| | | | | | | temorary in case krb5_int32 isn't "int". (decode_v4tkt): Use a temorary in case krb5_int32 isn't "int". git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15936 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2003-12-151-265/+297
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15928 dc483132-0cff-0310-8789-dd5450dbe970
* Add platform-dependent 64-bit and inline-function support via new headerKen Raeburn2003-12-134-24/+89
| | | | | | | | | | | | | | | k5-platform.h. Add 64-bit serializer support. [Not needed for ticket 1471, but needed for 2040 and annoying to check in separately.] Add to (internal for now) crypto API a function to get the mandatory checksum type associated with an enctype. New support for server-generated subkey, selected via an auth_context flag. ticket: 1471 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15908 dc483132-0cff-0310-8789-dd5450dbe970
* initial sequence number mask short by 4 bitsTom Yu2003-10-302-1/+6
| | | | | | | | | | | | | * gen_seqnum.c (krb5_generate_seq_number): Fix mask; was short by 4 bits. ticket: new version_reported: 1.3.1 target_version: 1.3.2 component: krb5-libs tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15849 dc483132-0cff-0310-8789-dd5450dbe970
* Save encoded KRB-SAFE-BODY to avoid problems caused by re-encoding it.Tom Yu2003-10-082-4/+21
| | | | | | | | | | Also, handle correctly implemented RFC 1510 KRB-SAFE i.e., checksummed over KRB-SAFE-BODY only. ticket: 1893 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15831 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Cesar Garcia to fix lifetime computation in 524Tom Yu2003-09-022-1/+6
| | | | | | | | | | | ticket conversion. ticket: 1712 tags: pullup version_reported: 1.3.1 target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15808 dc483132-0cff-0310-8789-dd5450dbe970
* Don't double free the encrypted credential partSam Hartman2003-08-192-5/+5
| | | | | | | Ticket: 1731 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15773 dc483132-0cff-0310-8789-dd5450dbe970
* get_init_creds_password: DNS SRV off causes bogus REALM_UNKNOWNTom Yu2003-08-082-1/+10
| | | | | | | | | | | | | | | * gic_pwd.c (krb5_get_init_creds_password): If DNS SRV support is turned off, the second call to get_init_creds() will fail with KRB5_REALM_UNKNOWN under certain circumstances. If that happens, return the error from the first call to get_init_creds(), which will be more useful to the user. ticket: new target_version: 1.3.2 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15761 dc483132-0cff-0310-8789-dd5450dbe970
* Send generalstring not octetstring in etype_info2. Accept eitherSam Hartman2003-07-222-4/+15
| | | | | | | | | | | | form. Also, if a etype_info fails to decode, skip it rather than failing to process the AS reply. Ticket: 1681 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15723 dc483132-0cff-0310-8789-dd5450dbe970
* delete ##WIN16## lines from makefilesKen Raeburn2003-07-172-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15691 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (STLIBOBJS, OBJS, T_SER_OBJS): Drop ser_eblk.oKen Raeburn2003-07-152-5/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15689 dc483132-0cff-0310-8789-dd5450dbe970
* Export krb5_get_permitted_enctypes and krb5_set_real_time for SambaAlexandra Ellwood2003-07-092-1/+5
| | | | | | ticket: 1655 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15678 dc483132-0cff-0310-8789-dd5450dbe970
* * gic_keytab.c (krb5_get_in_tkt_with_keytab): Pass (void*)keytab,Tom Yu2003-06-272-1/+6
| | | | | | | | | not &keytab, to get_init_creds. Thanks to Herb Lewis. ticket: 1630 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15653 dc483132-0cff-0310-8789-dd5450dbe970
* Set use_conf_ktypes to 1 while looking up the tgt to use forSam Hartman2003-06-162-0/+7
| | | | | | | | | forwarding. Ticket: 1610 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15627 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_rd_rep leaks subkeysTom Yu2003-06-132-0/+13
| | | | | | | | | | | | * rd_rep.c (krb5_rd_rep): Free subkeys before replacing them, if needed. This avoids a memory leak. ticket: new target_version: 1.3 component: krb5-libs tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15620 dc483132-0cff-0310-8789-dd5450dbe970
* Don't escape rcache filename characters with backslashTom Yu2003-06-112-5/+10
| | | | | | | | | | | | * srv_rcache.c (krb5_get_server_rcache): Octal escapes begin with hyphen now, since backslash is a pathname separator on DOS. ticket: new target_version: 1.3 component: krb5-libs tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15609 dc483132-0cff-0310-8789-dd5450dbe970
* Don't allow renewable_ok to be set if the renew liftime is greaterSam Hartman2003-06-062-0/+7
| | | | | | | | | | than the ticket lifetime. Ticket: 1576 Tags: pullup Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15590 dc483132-0cff-0310-8789-dd5450dbe970
* Static function krb5_generate_authenticator should take unsigned sequence ↵Ezra Peisach2003-06-062-2/+7
| | | | | | | | | | | | number argument * mk_req_ext.c (krb5_generate_authenticator): Sequence numbers are unsigned now. Ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15585 dc483132-0cff-0310-8789-dd5450dbe970
* * get_in_tkt.c (krb5_get_init_creds): Change hardcoded default ticket lifetimeKen Raeburn2003-05-302-1/+4
| | | | | | | | | from 10 hours to 24 hours. ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15533 dc483132-0cff-0310-8789-dd5450dbe970
* * init_ctx.c (DEFAULT_KDC_TIMESYNC): Define as 1 always.Ken Raeburn2003-05-302-8/+5
| | | | | | | | | (DEFAULT_CCACHE_TYPE): Define as 4 always. ticket: 1190 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15529 dc483132-0cff-0310-8789-dd5450dbe970
* * get_in_tkt.c: (verify_as_reply) Only check the renewable lifetime of ↵Alexandra Ellwood2003-05-302-0/+8
| | | | | | tickets whose request options included KDC_OPT_RENEWABLE_OK if those options did not also include KDC_OPT_RENEWABLE. Otherwise verify_as_reply() will fail for all renewable tickets git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15524 dc483132-0cff-0310-8789-dd5450dbe970
* Rename interface to krb5_524_convert_creds, export it from krb5 library.Ken Raeburn2003-05-282-6/+30
| | | | | | | | | | | | Provide old names as functions for UNIX/MacOS binary compatibility, and deprecated macros for source code compatibility. (For Windows, we'll still need a krb524.dll, and it can worry about providing the old names.) Enable support on Windows always. ticket: 1491 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15513 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid memory leak of server and client principal inSam Hartman2003-05-273-1/+52
| | | | | | | | | krb5_get_in_tkt_with{_password,_keytab} Ticket: 1525 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15498 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-29 23:02:39 +0000