summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/os
Commit message (Collapse)AuthorAgeFilesLines
* Revert last trace.c changeGreg Hudson2012-10-231-1/+1
| | | | The fencepost error was illusory.
* Print tilde characters as-is in trace outputGreg Hudson2012-10-231-1/+1
| | | | | | ticket: 7420 (new) target_version: 1.11 tags: pullup
* Add dependencies for some test programsGreg Hudson2012-10-212-2/+16
| | | | | | | | | | Some recently added test programs under lib/krb5 didn't have their source files added to the appropriate Makefile.in variables, and weren't getting dependencies as a result. ticket: 7418 (new) target_version: 1.11 tags: pullup
* Use hex escaping for non-printable trace dataNalin Dahyabhai2012-10-151-3/+42
| | | | | | When adding {str}, {lenstr}, or {data} to trace output, scan for bytes which might be non-printable, and add them as hex-escaped versions of themselves if any are found.
* Run "make depend"Tom Yu2012-08-231-9/+36
|
* Remove obsolete function krb5_secure_config_filesZhanna Tsitkov2012-08-142-26/+0
|
* Add %{username} token to path expansionGreg Hudson2012-08-012-2/+26
| | | | | | | | For Unix-like platforms, add %{username} to the path expansion facility, expanding to the result of getpwuid on the euid. Also, for manual testing convenience, make t_expand_path print the result if no second argument is given.
* Minor fixes to expand_path.cGreg Hudson2012-07-251-35/+24
| | | | | | | Corrections to stuff noticed by kaduk: * Eliminate a space before paren in a call to free(). * Use %lu for unsigned long in format strings. * Simplify the tokens table definition.
* Support changing the built-in ccache/keytab namesGreg Hudson2012-07-243-11/+4
| | | | | | | | | | | | | | * Add DEFCCNAME, DEFKTNAME, and DEFCKTNAME configure variables to change the built-in ccache and keytab names. * Add krb5-config options to display the built-in ccache and keytab names. * In the default build, use krb5-config to discover the system's built-in ccache and keytab names and use them (if not overridden). This can be controlled with the --with-krb5-config=PATH or --without-krb5-config configure options. * Make the built-in ccache name subject to parameter expansion. ticket: 7221 (new)
* Add default_ccache_name profile variableGreg Hudson2012-07-241-1/+10
| | | | | | | Like default_keytab_name and default_client_keytab_name, default_ccache_name is subject to parameter expansion. ticket: 7220 (new)
* Rearrange ccdefname.c slightlyGreg Hudson2012-07-241-91/+53
| | | | | | | | Eliminate the USE_CCAPI variant of get_from_os() which was only used in KfM. Make get_from_os() allocate its result (wrapping the Windows implementation so it can continue to use a fixed-size buffer). Simplify krb5_cc_set_default_name() and krb5_cc_default_name(). Make some minor style adjustments.
* Add token expansion for keytab namesGreg Hudson2012-07-241-56/+44
| | | | | | | Make the default_keytab_name and default_client_keytab_name variables subject to parameter expansion. ticket: 7219 (new)
* Add internal path expansion functionsGreg Hudson2012-07-244-4/+575
| | | | | | | | Add an adapted version of Heimdal's expand_path.c, defining k5_expand_path_tokens() and k5_expand_path_tokens_extra(). These functions allow template paths like %{TEMP}/krb5cc_%{uid} to be resolved. Also add a test program to exercise the path expansion code.
* Replace // comment in ccdefname.cGreg Hudson2012-07-131-1/+1
|
* Add krb5int_cc_user_set_default_nameKevin Wasserman2012-07-111-4/+54
| | | | | | | | | | | | | Set the default credential cache name for all processes for the current user. Currently implemented, for windows only, by setting HKEY_CURRENT_USER\Software\MIT\Kerberos5:ccname to the specified ccache name. This will not override the environment variable 'KRB5CCNAME'. It will override HKEY_LOCAL_MACHINE and 'indirect' registry values. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7199 (new) tags: pullup
* Fix typo in previous change to get_fq_hostnameTom Yu2012-07-031-1/+1
| | | | ticket: 7086
* Fix a minor memory leak in get_fq_hostnameArlene Berry2012-07-031-1/+3
| | | | ticket: 7086
* Resolve no-previous-prototype warning in os/cm.cBen Kaduk2012-07-021-0/+1
| | | | | | | | | | | | | | | The warning is ../../../../krb5/src/lib/krb5/os/cm.c:43: warning: no previous prototype for 'k5 _getcurtime' which occurs because int k5_getcurtime(struct timeval *tvp) is defined (and used) in cm.c but there is no forward declaration. Include the os-proto.h (internal) header which declares this function to eliminate the warning. k5_getcurtime() is the first declaration in cm.c, so there is not an ABI concern. The only other consumer of k5_getcurtime(), sendto_kdc.c, already includes os-proto.h, so this issue is purely cosmetic.
* Add krb5_kt_client_default APIGreg Hudson2012-07-021-0/+33
| | | | | | | | | | | | | | | | The default client keytab is intended to be used to automatically acquire initial credentials for client applications. The current hardcoded default is a placeholder, and will likely change before 1.11. Add test framework settings to ensure that a system default client keytab doesn't interfere with tests, and to allow tests to be written to deliberately use the default client keytab. Add documentation about keytabs to the concepts section of the RST docs, and describe the default client keytab there. ticket: 7188 (new)
* Remove orphaned KfM codeGreg Hudson2012-06-211-11/+0
|
* Remove krb5int_cc_os_default_nameGreg Hudson2012-06-111-19/+0
| | | | | krb5int_cc_os_default_name has been unused since #6955 removed the call to it in cccursor.c. Get rid of it.
* Clean up default_an_to_ln and fix a minor leakGreg Hudson2012-06-081-35/+23
| | | | | | | The default realm could be leaked if the principal had the wrong number of components. Reported by Russ Allbery. ticket: 7161
* Try to make t_trace.c output consistentGreg Hudson2012-06-063-16/+14
| | | | | | Attempt to choose tracing inputs in t_trace.c which will produce consistent output across platforms and logins. Re-enable the comparison against the reference file.
* Fix uninitialized memory errors in t_trace.cGreg Hudson2012-06-051-1/+4
|
* Disable trace test comparison for nowGreg Hudson2012-06-051-1/+2
| | | | | | The t_trace output isn't consistent from run to run. To fix "make check", disable the comparison against the reference file until we can make the output consistent.
* Fix trace log unit testGreg Hudson2012-06-042-1/+53
| | | | | | | Only use common denominator Bourne shell syntax for exporting environment variables. Don't rely on /dev/stdout working. Compare the output with a reference file to detect changes, instead of just sending it to stdout.
* Convert DEBUG_REFERRALS to TRACE_* frameworkW. Trevor King2012-05-233-47/+15
| | | | | | | | | The referrals debugging code under DEBUG_REFERRALS ceased building correctly at some point. Convert this debugging code to use the tracing framework instead, including adding new trace macros to k5-trace.h. ticket: 7151
* Add tests for trace.c formattingW. Trevor King2012-05-232-2/+259
| | | | | | This improves the previously minimal test coverage of "trace.c". ticket: 7151
* Add support for "{ptype}" trace format specifierW. Trevor King2012-05-231-0/+24
| | | | | | | Add the "{ptype}" trace format specifier, for principal name types. Also document the new option in the "k5-trace.h" comments. ticket: 7151
* Fix "(empty" typo in "{etypes}" handler in trace.cW. Trevor King2012-05-181-1/+1
| | | | ticket: 7137
* Fix "(null" typo in "{key}" handler in trace.cW. Trevor King2012-05-181-1/+1
| | | | ticket: 7134
* Correct the name of krb5int_trace in commentsTom Yu2012-05-171-4/+4
| | | | | | Patch from W. Trevor King. ticket: 7133
* Add missing newline to sn2princ debug messageGreg Hudson2012-05-141-1/+2
| | | | | | Patch from wking@tremily.us. ticket: 7131
* Improve display of error code 0 in trace outputGreg Hudson2012-05-081-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25853 dc483132-0cff-0310-8789-dd5450dbe970
* In sn2princ, getaddrinfo without AI_ADDRCONFIGGreg Hudson2012-05-031-1/+1
| | | | | | | | | | | | | | | | | | When canonicalizing a principal, use AI_CANONNAME alone in the hint flags for getaddrinfo, for two reasons. First, it works around a gnu libc bug where getaddrinfo does a PTR lookup for the canonical name (we tried to work around this in r24977 bug the addition of AI_ADDRCONFIG caused the same problem as the use of AF_INET). Second, an IPv4-only host should be able create a principal for an IPv6-only host even if it can't contact the host. This does result in extra AAAA queries in the common case (IPv4-only host contacting IPv4-only service), which is unfortunate. But we need to leave that optimization up to the platform at this point. ticket: 7124 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25844 dc483132-0cff-0310-8789-dd5450dbe970
* Allow preauth mechs to work with clock skewGreg Hudson2012-04-171-21/+33
| | | | | | | | | | | | | | | Add a clpreauth callback which gets the time of day using an offset determined by the preauth-required error, and use it in encrypted timestamp and encrypted challenge. This timestamp is not necessarily authenticated, but the security consequences for those preauth mechs are minor (and can be mitigated by turning off kdc_timesync on clients). Based on a patch from Stef Walter. ticket: 7114 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25808 dc483132-0cff-0310-8789-dd5450dbe970
* Require IPv6 supportKen Raeburn2012-02-285-19/+1
| | | | | | | | | | | | | | The configure-time options to enable and disable IPv6 support have been deprecated for some time, but the checks for OS support were kept. This removes those checks, and unconditionally compiles in the IPv6 support. There was a configure-time test to see if the macro INET6 needed to be defined in order to enable (visibility of) OS support for IPv6, which was needed on an IRIX system we tested with. That check is retained, but the revised code is untested on IRIX. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25719 dc483132-0cff-0310-8789-dd5450dbe970
* Minimize draft9 PKINIT code by removing dead codeGreg Hudson2012-02-111-1/+0
| | | | | | | | | | | | | | | | The PKINIT client code doesn't use decode_krb5_pa_pk_as_rep_draft9, which is fortunate because it doesn't work (see issue #7072). Instead, it passes both kinds of PKINIT replies through decode_krb5_pa_pk_as_rep, then decodes the un-enveloped CMS data in alternative 1 (encKeyPack) as either an RFC or draft9 ReplyKeyPack. So, remove the unused broken pa_pk_as_rep_draft9 decoder. For pa_pk_as_req_draft9, we only use two of the fields on encode and only one of those on decode. So, get rid of the unused fields and the krb5_trusted_ca structure, and reduce the encoder and decoder sequences to the minimum necessary fields. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25689 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unneeded accessor fieldsGreg Hudson2012-01-071-7/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25620 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unused functions (older API residue) krb5_realm_iterator* and ↵Zhanna Tsitkov2012-01-044-128/+1
| | | | | | krb5_free_realm_string git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25606 dc483132-0cff-0310-8789-dd5450dbe970
* Stop using krb5_typed_data structure typeGreg Hudson2011-12-211-2/+0
| | | | | | | | | | | | Use the krb5_pa_data structure type when encoding or decoding TYPED-DATA. Leave the krb5_typed_data structure definition in krb5.h with a comment saying not to use it. Remove krb5_free_typed_data (which was never declared in krb5.h). Remove some vestigial accessor stuff related to PKINIT encoding and decoding TYPED-DATA, which was unneeded since r25483. Bump the accessor structure version to 19 accordingly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25601 dc483132-0cff-0310-8789-dd5450dbe970
* kfw: use _WIN64 names where appropriateTom Yu2011-12-121-0/+4
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25571 dc483132-0cff-0310-8789-dd5450dbe970
* Added support for loading of Krb5.ini from Windows APPDATASam Hartman2011-12-021-8/+77
| | | | | | | | | | Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com> ticket: 7038 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25500 dc483132-0cff-0310-8789-dd5450dbe970
* Fix free ofuninitialized memory in sname_to_princSam Hartman2011-12-021-2/+3
| | | | | | | | | | | Fix free of uninitialized memory in error case introduced in 1.10 development cycle. ticket: 7036 tags: pullup Target_Version: 1.10 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25498 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_check_clockskew publicGreg Hudson2011-10-311-2/+2
| | | | | | | | | | | | Rename krb5int_check_clockskew to krb5_check_clockskew and make it public, in order to give kdcpreauth plugins a way to check timestamps against the configured clock skew. ticket: 6996 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25424 dc483132-0cff-0310-8789-dd5450dbe970
* Make reindentTom Yu2011-10-171-1/+1
| | | | | | | Also fix pkinit_crypto_nss.c struct initializers and add parens to a ternary operator in do_as_req.c for better indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970
* RFC 4120 says that we should not canonicalize using DNS. We cannot getSam Hartman2011-10-171-4/+3
| | | | | | | | | | | | | | that far today, but there's no reason we should fail to use a perfectly good principal name just because DNS is failing. For some services there isn't even a requirement they be in DNS. With AI_ADDRCONFIG there's no reason that Kerberos canonicalization should fail simply because a v6 address is not present, for example. So, if getaddrinfo fails in krb5_sname_to_principal simply use the input hostname uncanonicalized. sn2princ: On getaddrinfo failure use the input git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25357 dc483132-0cff-0310-8789-dd5450dbe970
* Removed unused macrosZhanna Tsitkov2011-10-141-3/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25328 dc483132-0cff-0310-8789-dd5450dbe970
* Windows fixes: add KRB5_CALLCONV where neededSam Hartman2011-09-281-1/+1
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25269 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use accessor in encrypted challengeGreg Hudson2011-09-241-7/+0
| | | | | | | Now that the encrypted challenge code is linked into libkrb5 and the KDC, it's unnecessary to use the accessor there. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25229 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 05:51:47 +0000