summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* 64-bit Windows krb5int_cc_default calls to LeashJeffrey Altman2007-09-051-1/+6
| | | | | | | | AMD64 builds must load leashw64.dll not leashw32.dll ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19929 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_fcc_generate_new is non-functionalEzra Peisach2007-09-052-49/+104
| | | | | | | | | | | | | File locking was non-existant in this code and fccs chained list was not used at all. This resulted in an assertion failure when closing the cache. Code has been reorganized to parallel the code in krb5_fcc_resolve for easier maintenence. Commented out test in t_cc.c has been updated to actually test this code. ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19920 dc483132-0cff-0310-8789-dd5450dbe970
* revert accidental commit of gc_frm_kdc.cTom Yu2007-09-041-181/+20
| | | | | | ticket: 5707 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19915 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-4000 modify_policy vulnerabilityTom Yu2007-09-041-20/+181
| | | | | | | | | | | In kadm5_modify_policy_internal, check for nonexistence of policy before doing anything with it, to avoid memory corruption. ticket: new target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19914 dc483132-0cff-0310-8789-dd5450dbe970
* Bail out if encoded "ticket" doesn't decode correctly. This allowsTom Yu2007-09-041-1/+2
| | | | | | | | t_cc test case to pass and allows non-tickets to be stored (for now). ticket: 5697 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19910 dc483132-0cff-0310-8789-dd5450dbe970
* Make internal functions staticKen Raeburn2007-08-311-38/+38
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19900 dc483132-0cff-0310-8789-dd5450dbe970
* Don't export file keytab implementation functionsKen Raeburn2007-08-311-20/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19899 dc483132-0cff-0310-8789-dd5450dbe970
* Make ccache handle referrals better by storing both server principalTom Yu2007-08-291-3/+40
| | | | | | | | | | | | names if they differ between the creds structure and the encoded ticket and by looking up the server principal using the client's realm if not found and server's realm was initially the referral (empty) realm. ticket: 5697 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19898 dc483132-0cff-0310-8789-dd5450dbe970
* Windows 64-bit CCAPI DLL nameJeffrey Altman2007-08-291-0/+4
| | | | | | | | | The 64-bit CCAPI DLL name is krbcc64.dll not krbcc32.dll. Conditionalize it on _WIN64. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19892 dc483132-0cff-0310-8789-dd5450dbe970
* Change use of choice_pa_pk_as_rep_UNKNOWN toEzra Peisach2007-08-261-1/+1
| | | | | | | | | choice_pa_pk_as_rep_draft9_UNKNOWN to cleanup warning... Value of enum same in both cases... ticket: 5617 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19880 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_free_addrlist needed tooKen Raeburn2007-08-251-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19877 dc483132-0cff-0310-8789-dd5450dbe970
* Oops, _krb5_conf_boolean is needed by a test programKen Raeburn2007-08-251-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19876 dc483132-0cff-0310-8789-dd5450dbe970
* Remove from export list several encode_* and decode_* symbols that areKen Raeburn2007-08-241-13/+0
| | | | | | | | | not used outside the krb5 library. (In some cases, the only use is in our own test programs, which means two things: The test programs should probably be changed to use the accessor interface, and some of the newer encoder/decoder functions aren't being unit-tested.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19875 dc483132-0cff-0310-8789-dd5450dbe970
* Stop exporting _krb5_* (note leading underscore) and asn1* symbolsKen Raeburn2007-08-241-158/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19874 dc483132-0cff-0310-8789-dd5450dbe970
* Missed oneKen Raeburn2007-08-241-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19873 dc483132-0cff-0310-8789-dd5450dbe970
* Remove os_get_default_config_files, and the krb5int_* functions notKen Raeburn2007-08-241-24/+0
| | | | | | | actually called directly from outside the library, from the export list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19872 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-08-166-469/+500
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970
* sprintf conversion to snprintf in r19703 introduced some signed/unsignedEzra Peisach2007-08-152-4/+4
| | | | | | warnings. Cleanup. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19823 dc483132-0cff-0310-8789-dd5450dbe970
* t_ser should no longer use kdb librariesEzra Peisach2007-08-142-4/+2
| | | | | | | | | | Remove the call to krb5_db_fini() - as rest of the db code was pulled during DAL integration. This removes dependency on db libraries - alter Makefile.in. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19822 dc483132-0cff-0310-8789-dd5450dbe970
* Free memory leak in do_test() from asprintf integrationEzra Peisach2007-08-141-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19821 dc483132-0cff-0310-8789-dd5450dbe970
* missing commaJeffrey Altman2007-08-061-2/+3
| | | | | | | | | | The pkinit additions in revision 18973 left out a comma after the last function in the list. This caused builds that did not define DESIGNATED_INITIALIZERS to break. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19755 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_fcc_generate_new() doesn't work with mkstemp()Tom Yu2007-08-041-46/+44
| | | | | | | | | | | | | | If mkstemp() is available, the new ccache file gets created but the subsequent open(O_CREAT|O_EXCL) call fails because the file was already created by mkstemp(). Apply patch from Apple to keep the file descriptor open. ticket: new tags: pullup target_version: 1.6.3 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19749 dc483132-0cff-0310-8789-dd5450dbe970
* Based on Apple's patch, during the referrals loop, check to see if theTom Yu2007-08-031-65/+95
| | | | | | | | | | | session key enctype of a returned credential for the final service is among the enctypes explicitly selected by the application, and retry with old_use_conf_ktypes if it is not. ticket: 4950 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19748 dc483132-0cff-0310-8789-dd5450dbe970
* Add internal prototype for krb5_preauth_supply_preauth_data(). Clean up Ezra Peisach2007-08-034-492/+521
| | | | | | | | some shadow variable warnings, make depend... ticket: 5617 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19746 dc483132-0cff-0310-8789-dd5450dbe970
* Add PKINIT supportKevin Coffman2007-08-018-22/+1335
| | | | | | | | | | | | | | | | Pull up PKINIT support onto the trunk. Changes from the version in branch users/coffman/pkinit are: - Update the preauth plugin interface version to avoid conflict with any existing plugins. - Add a pkcs11.h locally to the pkinit code rather than depending on opensc being installed. ticket: new Target_Version: 1.6.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19745 dc483132-0cff-0310-8789-dd5450dbe970
* Set KTFILEP field to null any time we close the fileKen Raeburn2007-07-271-0/+3
| | | | | | | ticket: 3099 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19739 dc483132-0cff-0310-8789-dd5450dbe970
* Debugged version of patch worked up with LukeKen Raeburn2007-07-274-17/+69
| | | | | | | | | | | | Adds a callback to krb5int_sendto to examine the response and indicate whether to quit the loop or not. For sendto_kdc, keep going if the returned error is "service unavailable". Updated all other callers to pass a null function pointer, which means to always break out of the loop on any response (the old behavior). ticket: 3334 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19738 dc483132-0cff-0310-8789-dd5450dbe970
* Check for null file handle in get_next.Ken Raeburn2007-07-271-0/+4
| | | | | | | | Patch from Luke Howard. ticket: 5471 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19736 dc483132-0cff-0310-8789-dd5450dbe970
* If no salt is included with the key data, set the salt length field to 0.Ken Raeburn2007-07-271-1/+2
| | | | | | | | Bug report and patch from Nalin Dahyabhai. ticket: 5545 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19733 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out code for looking up the current time, comparing the offset ofKen Raeburn2007-07-204-37/+19
| | | | | | | a supplied timestamp against the configured maximum clock skew, and possibly generating an error message, into a separate routine. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19722 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid use of unchecked sprintf in libraries. Use asprintf if theKen Raeburn2007-07-1219-141/+153
| | | | | | | output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
* If error is KDC_ERR_S_PRINCIPAL_UNKNOWN, report the server nameKen Raeburn2007-07-041-0/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19666 dc483132-0cff-0310-8789-dd5450dbe970
* In file-not-found case, report the filename soughtKen Raeburn2007-07-041-4/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19665 dc483132-0cff-0310-8789-dd5450dbe970
* Remove debugging message accidentally left inKen Raeburn2007-07-041-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19664 dc483132-0cff-0310-8789-dd5450dbe970
* Save a detailed message for FCC_NOFILE including the file nameKen Raeburn2007-07-041-2/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19663 dc483132-0cff-0310-8789-dd5450dbe970
* Define a localtime_r wrapper around localtime if the system doesn'tKen Raeburn2007-06-291-7/+17
| | | | | | | | provide localtime_r, instead of handling it in-line. Check for error indication from localtime_r. Call localtime_r only once instead of each time around the loop. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19655 dc483132-0cff-0310-8789-dd5450dbe970
* Move (BSD-licensed) mkstemp from libdb2 to libkrb5support, and renameKen Raeburn2007-06-201-4/+0
| | | | | | | | | | | | | the function to krb5int_mkstemp. Generate the symbol export list for libkrb5support at build time. Declare krb5int_mkstemp in k5-platform.h. Change cc_file.c to use mkstemp unconditionally. Make libdb2.so (built for testing only) link against the libkrb5support, and use krb5int_mkstemp if mkstemp is not available. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19600 dc483132-0cff-0310-8789-dd5450dbe970
* set svn:eol-style to native for *.[ch]Ken Raeburn2007-06-201-94/+94
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19596 dc483132-0cff-0310-8789-dd5450dbe970
* provide asprintf functionality for internal useKen Raeburn2007-06-201-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I plan to use asprintf in some gssapi error-message management routines, so let's make sure we have the functionality available, implementing it locally if necessary. This implementation assumes vsnprintf is available, an assumption that the support library is already making at the moment. Since this implementation requires calling vsnprintf potentially multiple times with the same va_list, use va_copy if it's available, or provide a hack version (which should work okay if va_list is a scalar or array type that requires no other special handling, and if va_end does nothing interesting, which is usually the case) if the compiler doesn't provide it. I also changed a couple bits of code to use asprintf, to make sure we exercise our implementation in testing. (C99 requires vsnprintf and va_copy; vasprintf is a GNU/BSD extension, but an oh so useful one....) * configure.in: Check for va_copy, or if va_list objects can be simply assigned. Define HAS_VA_COPY and CAN_COPY_VA_LIST as appropriate. * include/k5-platform.h: Define a va_copy macro if the compiler doesn't provide it. * include/k5-platform.h: If vsnprintf isn't available from the OS, abort compilation. If vasprintf isn't available from the OS, provide k5_{v,}asprintf based on vsnprintf and define {v,}asprintf macros. * lib/krb5/keytab/t_keytab.c (do_test): Use asprintf. * util/support/errors.c (krb5int_vset_error): Use asprintf unconditionally. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19595 dc483132-0cff-0310-8789-dd5450dbe970
* set eol-style and mime-type propertiesKen Raeburn2007-06-191-677/+677
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19594 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_walk_realm_tree leaks in capaths caseTom Yu2007-06-181-0/+3
| | | | | | | | | | | | | | | Markus Moeller reports a leak in krb5_get_credentials() which was then traced down to profile strings leaking from within krb5_walk_realm_tree(). A pointer to a profile string was getting overwritten without the string being freed when *cap_nodes[0] == '.'. Fix is to free the string prior to overwriting the pointer if the pointer is non-null. ticket: new target_version: 1.6.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19582 dc483132-0cff-0310-8789-dd5450dbe970
* Move CCAPI sources to krb5 repositoryAlexandra Ellwood2007-05-312-3/+3
| | | | | | | ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19564 dc483132-0cff-0310-8789-dd5450dbe970
* don't check for readability resolving SRVTAB: keytabKen Raeburn2007-05-311-7/+0
| | | | | | | | | | | Greg Hudson has pointed out that the FILE: and SRVTAB: keytab types differ in when they report errors for files not existing. The implementations of ANY: floating around cope better if they consistently accept names of files that aren't present, and report the error later when fetching information. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19563 dc483132-0cff-0310-8789-dd5450dbe970
* Change struct _krb5_context.os_context into a single element instead of array[1]Ken Raeburn2007-05-2110-43/+40
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19554 dc483132-0cff-0310-8789-dd5450dbe970
* Fix various gcc warnings about pointer target signedness and qualifiersKen Raeburn2007-05-101-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19548 dc483132-0cff-0310-8789-dd5450dbe970
* Define and use some inline helper functions for comparing data and authdata ↵Ken Raeburn2007-05-107-65/+27
| | | | | | | | structures, instead of open-coding checks of multiple fields everywhere. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19544 dc483132-0cff-0310-8789-dd5450dbe970
* k5-int.h, gic_opt.cJeffrey Altman2007-05-021-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The krb5_get_init_creds_password() and krb5_get_init_creds_keytab() functions permit the gic_opts parameter to be NULL. This is not taken into account when testing the value with the macros krb5_gic_opt_is_extended() and krb5_gic_opt_is_shadowed(). Nor is it taken into account within krb5int_gic_opte_copy() which is called by krb5int_gic_opt_to_opte() when the input parameter is not a krb5_gic_opt_ext structure. This commit makes two changes: (1) it modifies the macros to ensure that the value is non-NULL before evaluation. (2) it modifies krb5int_gic_opte_copy() to avoid copying the original values with memcpy() when the input is NULL. In addition, the code was audited to ensure that the flag KRB5_GET_INIT_CREDS_OPT_SHADOWED is properly set and that when it is set, that the allocated krb5_gic_opt_ext structure is freed by krb5_get_init_creds_password() and krb5_get_init_creds_keytab(). ticket: 5552 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19537 dc483132-0cff-0310-8789-dd5450dbe970
* rd_req_decoded needs to deal with referral realmsSam Hartman2007-04-291-5/+21
| | | | | | | | | | | * Fix handling of null realm in krb5_rd_req_decoded; now we treat a null realm as a default realm there, as we do in the keytab code. ticket: new Target_Version: 1.6.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19536 dc483132-0cff-0310-8789-dd5450dbe970
* race condition in referrals fallbackTom Yu2007-04-251-0/+1
| | | | | | | | | | | | | | | | | * src/lib/krb5/krb/gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): During referrals fallback, set *tgts to NULL after freeing. This avoids returning a pointer to freed memory when the first call to do_traversal() obtains some TGTs and the subsequent krb5_cc_retrieve_cred() of the final-hop TGT succeeds (due to some other thread or process storing that TGT into the ccache), causing second do_traversal() call (which would re-initialize *tgts) to not execute. Race condition found during KfW-3.2 testing. ticket: new target_version: 1.6.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19526 dc483132-0cff-0310-8789-dd5450dbe970
* Revert previous change; krb5int_cm_call_select is used by the KDC, and shouldKen Raeburn2007-04-131-7/+8
| | | | | | | | | return when interrupted by a signal. Instead, check for EINTR in service_fds and call krb5int_cm_call_select again. ticket: 5440 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19457 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-30 07:53:25 +0000