summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* Produce a more informative error message for KDC_UNREACH with KDC not respondingKen Raeburn2007-04-131-2/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19456 dc483132-0cff-0310-8789-dd5450dbe970
* Provide more detailed error message for 'client not found in kdb'Ken Raeburn2007-04-131-0/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19455 dc483132-0cff-0310-8789-dd5450dbe970
* If select returns EINTR, recompute the expiration time and call it againKen Raeburn2007-04-131-1/+5
| | | | | | | ticket: 5440 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19452 dc483132-0cff-0310-8789-dd5450dbe970
* EAI_NODATA deprecated, not always definedKen Raeburn2007-04-092-2/+11
| | | | | | | | | | | | | | | | Brian Kantor reports (on the kerberos@mit list today) that krb5-1.6 doesn't build on FreeBSD 6.1 because they've done away with EAI_NODATA, which was removed from the getaddrinfo API in RFC 3943. This patch conditionalizes two tests for EAI_NODATA on the macro being defined, and also adds handling for EAI_OVERFLOW, a new error code added in RFC 3943. ticket: new tags: pullup target_version: 1.6.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19410 dc483132-0cff-0310-8789-dd5450dbe970
* service location plugin returning no addresses handled incorrectlyKen Raeburn2007-04-051-18/+18
| | | | | | | | | | | | | | If a locate plugin (e.g., the Python sample plugin and script, when given realm BOBO.MIT.EDU) returns no error but no addresses, the library won't report an error, but will try to make contact, and eventually crash with a null pointer dereference. Fix: If a plugin returns a value other than PLUGIN_NO_HANDLE, including success, continue into the code that checks for an empty address list. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19399 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unused scc_default_format field from krb5_contextKen Raeburn2007-03-262-13/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19287 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize 'now' to avoid compiler warningKen Raeburn2007-03-251-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19285 dc483132-0cff-0310-8789-dd5450dbe970
* MAX_FORMAT_BUFFER should be type size_t to reduce warningsKen Raeburn2007-03-251-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19284 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust type of 'stable' in krb5_register_serializer to reduce warningsKen Raeburn2007-03-251-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19283 dc483132-0cff-0310-8789-dd5450dbe970
* Change strnchr sought value to int to match passed valueKen Raeburn2007-03-251-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19282 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize values to avoid 'possibly uninitialized' compiler warningsKen Raeburn2007-03-251-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19281 dc483132-0cff-0310-8789-dd5450dbe970
* Convert keyblock or padata types to krb5_data without compiler warnings.Ken Raeburn2007-03-253-7/+33
| | | | | | (Added inline functions, with appropriate casts, for data conversion.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19280 dc483132-0cff-0310-8789-dd5450dbe970
* Use memset to silence some 'may be used uninitialized' warningsKen Raeburn2007-03-252-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19279 dc483132-0cff-0310-8789-dd5450dbe970
* whitespace (mostly wrapping long lines produced by protoize)Ken Raeburn2007-03-2513-36/+74
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19278 dc483132-0cff-0310-8789-dd5450dbe970
* krb5 library uses kdc.conf when it shouldn'tKen Raeburn2007-03-211-1/+1
| | | | | | | | | Don't add kdc.conf to the list of config files to use unless it's actually requested. Reported by Will Fiveash. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19239 dc483132-0cff-0310-8789-dd5450dbe970
* Enable Vista support for MSLSAJeffrey Altman2007-03-201-9/+99
| | | | | | | | | | | | | | | | | The MSLSA: ccache type when used on Windows Vista can take advantage of an ability to write tickets to the LSA credential cache for the current logon session. This is possible due to the addition of the KERB_SUBMIT_TICKET interface. Also new to Vista is the CACHE_INFO_EX2 interface which permits a much more efficient method of enumerating the contents of the LSA credential cache. The code to take advantage of these features has been present for more than a year. However, due to the lack of a public SDK that included the necessary data structures the functionality has been disabled. As of this commit, the functionality will be enabled if the version of NTSecAPI.h includes TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS. This is a preprocessor symbol that is new to the Vista SDK. In order to build with the new Vista functionality when using the XP SP2 SDK, the NTSecAPI.h file from the Vista SDK must be used in place of the version from the XP SP2 SDK. This commit also addresses the issues associated with the inability to read session keys from a UAC limited process. When UAC limitation is detected by examining the process token elevation level all access to the MSLSA contents is disabled. At some point in the future we can implement an elevated COM service in order to obtain access to the session keys. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19237 dc483132-0cff-0310-8789-dd5450dbe970
* * include/k5-platform.h: Add load_{16,32,64}_n for loading values fromKen Raeburn2007-03-141-2/+15
| | | | | | | | | | | (possibly unaligned) memory in native order. * lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): Fetch four random bytes from the crypto library and generate a 31-bit (non-negative) nonce, instead of using the timestamp. ticket: 5425 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19223 dc483132-0cff-0310-8789-dd5450dbe970
* * sendto_kdc.c (default_debug_handler): If writing to a log file, keepKen Raeburn2007-03-141-8/+22
| | | | | | | | it open and unbuffered instead of always opening and closing. When the format string has characters to be copied literally to the output, write them all at once instead of individually. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19222 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2007-03-022-3/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19199 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_cred_from_kdc fails to null terminate the tgt listJeffrey Altman2007-03-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | if the next tgt in a cross-realm traversal cannot be obtained find_nxt_kdc() was calling krb5_free_creds() on the last tgt in the list but was failing to nullify the pointer to the cred that was just freed. if there were no additional tgts obtained, krb5_get_cred_from_kdc() would return a non-NULL terminated cred list to the caller. This would result in a crash when attempting to manipulate the non-existent cred past the end of the list. This commit nullifies the credential pointer in find_nxt_kdc() after the call to krb5_free_creds() ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19195 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure consistancy between prototypes and functionsEzra Peisach2007-02-195-24/+17
| | | | | | | | | | | | I am using an older compiler that is complaining that prototypes do not match the functions they reference. The issue is that a number of prototypes are using "const int foo" while the function is "int foo". From a caller sense it makes no difference - but the compiler is correct they are different. All is now consistant. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19169 dc483132-0cff-0310-8789-dd5450dbe970
* Conditionalize some ipv6 bitsKen Raeburn2007-02-161-1/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19168 dc483132-0cff-0310-8789-dd5450dbe970
* rename krb5_server_decrypt_ticket_keyblock() toTom Yu2007-02-131-4/+5
| | | | | | | | krb5int_server_decrypt_ticket_keyblock() ticket: 5349 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19159 dc483132-0cff-0310-8789-dd5450dbe970
* hack to permit GetEnvironmentVariable usage without requiring getenv() ↵Jeffrey Altman2007-02-121-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | conversion Windows has a major flaw when it comes to the use of getenv/putenv. getenv/putenv do not modify the actual environment of the process. Instead, they modify a copy of the environment block at the time the C Runtime Library was initialized for the current module. In other words, the C Runtime Library environment block for the executable is not the same as the C Runtime Library environment block for the krb5_32.dll library, etc. This results in problems when a process wants to set the default ccache name outside the krb5_context. The krb5_context default ccname disappears when the context is destroyed. gss_acquire_cred() suffers from the creation and destruction of krb5_contexts and therefore the krb5_context default ccname cannot be used to set a default ccname. Instead, the process environment must be used. In order to modify the process environment, SetEnvironmentVariable() must be used. However, this does not result in the C Runtime Library environment blocks being updated. putenv() does not see the definition of "KRB5CCNAME". This patch modifies get_os_ccname() for Windows to check GetEnvironmentVariable() before checking the registry. This hack will work as long as there is no "KRB5CCNAME" variable in the C Runtime Library environment block. The long term solution is to replace all calls to getenv and putenv with GetEnvironmentVariable/SetEnvironmentVariable for Windows. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19154 dc483132-0cff-0310-8789-dd5450dbe970
* In the resolve function - ensure on memory allocation error - Ezra Peisach2007-02-121-3/+6
| | | | | | | | | | deref of null pointer does not happen. Also include kt-int.h for prototypes. ticket: 5411 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19153 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_kt_default_name should take an unsized lengthEzra Peisach2007-02-051-5/+5
| | | | | | | | | | The internal code to krb5_kt_default_name was casting the length to size_t. Change prototype to take an unsigned - which makes sense in how the code uses it. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19144 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_kt_get_type should return const char *. Ezra Peisach2007-02-052-2/+2
| | | | | | | | | | | | The code returns a pointer to static structures. Just to enforce the assumption that users can not change the returned data. Change prototype of krb5_kt_get_type to return const char *. The other changes are to clean up warnings - no change in code - usage assumed const. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19143 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new program to perform various tests on the WRFILE: and MEMORY: keytabsEzra Peisach2007-02-042-8/+461
| | | | | | | | | | I developed this program to test functionality of the MEMORY keytab - which resulted in the numerous fixes that have been committed recently. Tests all functioanlity of keytabs except for krb5_kt_default() and krb5_kt_read_service_key() - although essential functionality tested. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19142 dc483132-0cff-0310-8789-dd5450dbe970
* MEMORY keytab krb5_kt_get_entry sets enctype to 0 if unspecifiedEzra Peisach2007-02-041-10/+10
| | | | | | | | | | | | | If one invokes krb5_kt_get_entry() for a memory keytab w/ an unspecified enctype (i.e. 0) - the returned keytab has it's enctype set to 0 as well. Also - in copying out the found keytab_entry - when a kvno is unspecified, the last match found is used - not the one with the highest vno. This was caused by copying out the variable "entry" and not "match". Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19141 dc483132-0cff-0310-8789-dd5450dbe970
* MEMORY keytab does not copy keytab_entry keyblock contentsEzra Peisach2007-02-041-3/+21
| | | | | | | | | | | | | | | | | In krb5_kt_add_entry: The MEMORY keytab does not make a copy of the keytab_entry keyblock contents - but instead retains a pointer to the incomming one. In krb5_kt_get_entry and krb5_kt_get_next - a pointer to internal keyblock contents memory is returned to the caller - which is subsequently freed when tht caller invokes krb5_free_keytab_entry_contents. Solution is to use krb5_copy_keyblock_contents() instead of simply copying the structure. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19140 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak in new memory keytabEzra Peisach2007-02-031-0/+2
| | | | | | | | | | The memory keytab introduced in ticket 5411 suffers from a memory leak in the Heimdal compatible kt_close() handling and thread destructor in which the cursor->entry is not freed. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19138 dc483132-0cff-0310-8789-dd5450dbe970
* buffer overflow in krb5_kt_get_nameEzra Peisach2007-02-013-3/+3
| | | | | | | | | | | | | | | | | | | | | krb5_kt_get_name() allows the called to specify the size of the buffer to copy the name into. The size must be big enough for the tailing nul character. If one specified a buffer length that is precisely the strlen w/o allowing for the nul - the functions would copy one past the end of the buffer. No code in our tree would be subject this problem - as buffers in use are 1024 or BUFSIZ.... The logic failure was: strlen(p+1) vs. strlen(p)+1 The code is essentially duplicated in the three changed files. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19137 dc483132-0cff-0310-8789-dd5450dbe970
* Don't need to initialize error tablesKen Raeburn2007-02-011-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19133 dc483132-0cff-0310-8789-dd5450dbe970
* Don't need to register WRFILE: keytab type, it's already in the compiled-inKen Raeburn2007-02-011-7/+1
| | | | | | list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19132 dc483132-0cff-0310-8789-dd5450dbe970
* Fix merge botches:Tom Yu2007-01-312-12/+30
| | | | | | | | | | | | restore krb5_get_init_creds_opt_set_change_password_prompt() undo accidental reversion of preauth_tryagain change to krb5_get_init_creds() ticket: 5420 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19131 dc483132-0cff-0310-8789-dd5450dbe970
* remove krb5_get_init_creds_opt_set_pkinit() for nowTom Yu2007-01-312-64/+0
| | | | | | | ticket: 5420 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19130 dc483132-0cff-0310-8789-dd5450dbe970
* sort, remove duplicatesKen Raeburn2007-01-301-7/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19129 dc483132-0cff-0310-8789-dd5450dbe970
* get_init_creds_opt extensibilityTom Yu2007-01-306-63/+585
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r18922@cathode-dark-space: coffman | 2006-12-04 18:30:15 -0500 First cut at making the get_init_creds_opt structure extendable and adding library functions to set options for preauthentication plugins. This does *not* include a compatibility function to work like Heimdal's krb5_get_init_creds_opt_set_pkinit() function. Hopefully, the test code that doesn't belong in kinit.c is obvious. r18929@cathode-dark-space: coffman | 2006-12-07 10:01:20 -0500 Remove extra "user_id" parameter. Add function which duplicates the Heimdal interface (if we can agree on what the matching attribute names should be). r18934@cathode-dark-space: coffman | 2006-12-08 15:28:03 -0500 Update to use the simplified interface for krb5_get_init_creds_opt_set_pa() Add code in kinit to process "-X" options as preauth options and pass them along. r18936@cathode-dark-space: coffman | 2006-12-11 12:04:26 -0500 Move prototypes for get_init_creds_opt_get_pa() and krb5_get_init_creds_opt_free_pa() into the preauth_plugin.h header rather than krb5.hin. ticket: new status: open component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19127 dc483132-0cff-0310-8789-dd5450dbe970
* This commit adds a thread safe MEMORY keytab implementation Jeffrey Altman2007-01-305-11/+720
| | | | | | | | | | | | | | | that is compatible with Heimdal 0.7. Each successful resolve returns a handle to a keytab and increases the internal reference count. Each close invalidates the handle and decreases the reference count. When the reference count hits zero, the keytab is destroyed. When a kt_destroy function is added, the automatic destruction after close behavior will be removed. ticket: 5411 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19126 dc483132-0cff-0310-8789-dd5450dbe970
* sortKen Raeburn2007-01-271-9/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19119 dc483132-0cff-0310-8789-dd5450dbe970
* Add const to variable to cleanup warningsEzra Peisach2007-01-231-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19108 dc483132-0cff-0310-8789-dd5450dbe970
* Include k5-int.h for krb5_cc_register() prototype. Remove defintion ofEzra Peisach2007-01-231-2/+1
| | | | | | krb5_cc_dfl_ops - as k5-int.h defines. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19107 dc483132-0cff-0310-8789-dd5450dbe970
* Change second argument to krb5_cc_register to take a const krb5_cc_ops *. MakesEzra Peisach2007-01-231-1/+2
| | | | | | | sense - when krb5_Xcc_ops currently defined as such - and assignment of value assumes same. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19106 dc483132-0cff-0310-8789-dd5450dbe970
* kt_file.c memory leak on error in krb5_kt_resolve / krb5_kt_wresolveJeffrey Altman2007-01-231-0/+2
| | | | | | | | | | The krb5_kt_resolve and krb5_kt_wresolve functions leak the 'data' memory allocation if the lock cannot be initialized. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19104 dc483132-0cff-0310-8789-dd5450dbe970
* Include fake-addrinfo.h before krb5.h to get proper structure declarationsEzra Peisach2007-01-221-3/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19103 dc483132-0cff-0310-8789-dd5450dbe970
* Only declare cc_fcc_entry if USE_KEYRING_CCACHE is not definedEzra Peisach2007-01-211-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19102 dc483132-0cff-0310-8789-dd5450dbe970
* Don't copy headers to .../includeKen Raeburn2007-01-201-8/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19097 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-01-202-11/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19096 dc483132-0cff-0310-8789-dd5450dbe970
* Don't explicitly include error table headers that are also in krb5.hKen Raeburn2007-01-202-5/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19094 dc483132-0cff-0310-8789-dd5450dbe970
* Delete t_cccursor on cleanup. Add t_cc and t_cccursor to dependenciesKen Raeburn2007-01-201-1/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19076 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-30 19:43:49 +0000