summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* * hst_realm.c: provide definition for MAXDNAME ifJeffrey Altman2004-10-012-1/+11
| | | | | | | | KRB5_DNS_LOOKUP is not defined. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16795 dc483132-0cff-0310-8789-dd5450dbe970
* Make patchlevel.h be the master version fileTom Yu2004-09-253-8/+71
| | | | | | | ticket: 1345 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16790 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2004-09-241-7/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16785 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (T_STD_CONF_OBJS): Include dnsglue.oKen Raeburn2004-09-232-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16780 dc483132-0cff-0310-8789-dd5450dbe970
* Don't assume that presence of res_nsearch() means we have ns_initparse()Tom Yu2004-09-212-6/+15
| | | | | | ticket: 2710 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16773 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak in rd_cred.cTom Yu2004-09-212-1/+10
| | | | | | | | | * rd_cred.c (decrypt_credencdata): Clear and free ppart to avoid leak. Reported by Derrick Schommer. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16772 dc483132-0cff-0310-8789-dd5450dbe970
* Add DNS resolver glue layer. Use itTom Yu2004-09-216-327/+565
| | | | | | ticket: 2710 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16769 dc483132-0cff-0310-8789-dd5450dbe970
* Fix error code returned for empty sequences and check the errorJeffrey Altman2004-09-172-2/+10
| | | | | | | | | in krb5_lcc_initialize ticket: 2705 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16760 dc483132-0cff-0310-8789-dd5450dbe970
* * dnssrv.c:Tom Yu2004-09-144-0/+10
| | | | | | | | * hst_realm.c: * locate_kdc.c: Include netinet/in.h as a prerequisite for resolv.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16753 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: Implement krb5_lcc_initialize()Jeffrey Altman2004-09-102-6/+35
| | | | | | | | | Remove all tickets from the cache which have a client principal that matches the input principal. ticket: 2705 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16737 dc483132-0cff-0310-8789-dd5450dbe970
* cc_mslsa.c: Correct test for KerbQueryTicketCacheEx2MessageJeffrey Altman2004-09-102-3/+6
| | | | | | ticket: 2705 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16736 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-09-10 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-09-102-8/+374
| | | | | | | | | | | | | | * cc_mslsa.c: The following functionality is being committed but commented out because it is not presently available in public Microsoft SDKs - support for KerbSubmitTicket which allows a KERB_CRED message to be forwarded to the LSA. (KERB_SUBMIT_TICKET) - support for the KerbQueryTicketCacheEx2Message which adds the Session Key Enctype to the contents of the response from KerbQueryTicketCacheExMessage. (HAVE_CACHE_INFO_EX2) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16735 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c:Jeffrey Altman2004-09-022-23/+246
| | | | | | | | | | | | | | | | | | | | | | | | | | - Fix MITPrincToMSPrinc to prevent writing to the output buffer if the input won't fit. - Add internal UnicodeStringToMITPrinc function - Rename internal MSPrincToMITPrinc to ExternalNameToMITPrinc - Rename internal PurgeMSTGT to PurgeAllTickets - Add internal PurgeTicket2000 - Add internal PurgeTicketXP - Since tickets can only be requested via KDC Opt Flags it is not possible to specifically request the Initial ticket. If more than one ticket exists which matching service names, enctypes, and ticket flags the initial ticket flag may not be set. If the caller requested the initial ticket, set the flag manually. - Add preliminary support for krb5_lcc_set_flags - Modify krb5_lcc_initialize to return success - Modify krb5_lcc_get_principal to support an LSA cache which does not contain a TGT when krb5_lcc_resolve is called. - Implement krb5_lcc_remove_cred ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16714 dc483132-0cff-0310-8789-dd5450dbe970
* oops, forgot changelogTom Yu2004-08-311-0/+5
| | | | | | ticket: 2686 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16703 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2004-003Tom Yu2004-08-312-0/+4
| | | | | | | | | | Fix for ASN.1 decoder denial-of-service. [MITKRB5-SA-2004-003] ticket: new target_version: 1.3.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16702 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2004-002Tom Yu2004-08-315-2/+25
| | | | | | | | | | Fix double-free vulnerabilities [MITKRB5-SA-2004-002]. ticket: new target_version: 1.3.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16701 dc483132-0cff-0310-8789-dd5450dbe970
* move last patch down a little so it applies to tcp sockets as well as udpKen Raeburn2004-08-281-14/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16695 dc483132-0cff-0310-8789-dd5450dbe970
* * sendto_kdc.c (start_connection) [DEBUG]: Log the local socket addressKen Raeburn2004-08-282-0/+27
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16694 dc483132-0cff-0310-8789-dd5450dbe970
* Finally applied patch from Nalin Dahyabhai at Red Hat to fix 0/NULL bugs inKen Raeburn2004-08-274-3/+15
| | | | | | | | | variadic argument lists to krb5_build_principal{,_ext}. Skipped the stylistic patches that removed casts of NULL. tag: 1850 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16693 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c (struct _krb5_fcc_data): Add new mutex disk_file_lock and flagKen Raeburn2004-08-162-11/+70
| | | | | | | | | | | | | | file_is_locked. (krb5_fcc_close_file): Unlock the mutex and clear the flag. (krb5_fcc_open_file): Acquire the mutex before locking the file, and set the flag after. (krb5_fcc_resolve): Initialize the new mutex and flag. (krb5_fcc_generate_new): Initialize both mutexes and the flag. (dereference): Destroy the new mutex. Also, get rid of some unused variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16667 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c: Add buffering on reading.Ken Raeburn2004-08-152-12/+101
| | | | | | | | | | | | | | | (FCC_BUFSIZ): New macro. (struct _krb5_fcc_data): Add new fields buf, valid_bytes, cur_offset. (krb5_fcc_resolve, krb5_fcc_generate_new): Initialize valid_bytes. (invalidate_cache): New function. (krb5_fcc_write, krb5_fcc_open_file, krb5_fcc_destroy): Call invalidate_cache. (fcc_lseek): New function. (krb5_fcc_skip_header, krb5_fcc_destroy, krb5_fcc_start_seq_get, krb5_fcc_next_cred, krb5_fcc_store): Use fcc_lseek instead of lseek. (fcc_read): Use and maybe refill the buffer. (dereference): Zap the contents of the buffer before freeing it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16666 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c (dereference): Lock mutex around call to krb5_fcc_close_fileKen Raeburn2004-08-152-1/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16664 dc483132-0cff-0310-8789-dd5450dbe970
* Only open a credential cache file once, even if multiple krb5_ccache objectsKen Raeburn2004-08-134-77/+172
| | | | | | | | | | | | | | | | | | | | | | | | | refer to it. (This does NOT yet take care of the problem of multiple threads wanting to use OS-level advisory locks, which at least on UNIX are per-process and not per-thread.) * cc_file.c (krb5_fcc_close_file): Change first argument to be an fcc-data pointer, not a krb5_ccache. All calls changed. (struct fcc_set): Add a refcount member. (Definition accidentally introduced without comment in an earlier patch.) (krb5int_cc_file_mutex, fccs): New variables, for managing a global list of open credential cache files. (dereference): New function, with most of old close/destroy operations. Decrements reference count and only frees the object and removes it from the global list if the refcount hits zero. (krb5_fcc_close, krb5_fcc_destroy): Call dereference. (krb5_fcc_resolve): If a file cache is already open with the same file name, increment its reference count and don't create a new one. When a new one is created, add it to the global list. * cc-int.h (krb5int_cc_file_mutex): Declare. * ccbase.c (krb5int_cc_initialize): Initialize it. (krb5int_cc_finalize): Destroy it, and krb5int_mcc_mutex. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16662 dc483132-0cff-0310-8789-dd5450dbe970
* get_in_tkt.c (get_init_creds): Support ticket_lifetime libdefault. Made ↵Alexandra Ellwood2004-08-122-27/+69
| | | | | | | | | | aware of 32 bit min and max for times. Allow renew_until time < expiration time ticket: 2654 ticket: 2655 ticket: 2656 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16656 dc483132-0cff-0310-8789-dd5450dbe970
* ccdefname.c (krb5_cc_set_default_name, krb5_cc_default_name): Look up the ↵Alexandra Ellwood2004-08-122-41/+64
| | | | | | | | default ccache name in krb5_cc_default_name, not krb5_cc_set_default_name so that krb5_init_context doesn't have to do work it might never use ticket: 2657 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16655 dc483132-0cff-0310-8789-dd5450dbe970
* * libkrb5.exports: Remove memory ccache symbols except ops tableKen Raeburn2004-08-082-14/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16650 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c: Remove USE_STDIO supportKen Raeburn2004-08-052-317/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16643 dc483132-0cff-0310-8789-dd5450dbe970
* * srv_rcache.c (krb5_get_server_rcache): Call krb5_rc_recover_or_initializeKen Raeburn2004-08-042-7/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16641 dc483132-0cff-0310-8789-dd5450dbe970
* * rc-int.h (struct _krb5_rc_ops): Add new member, recover_or_init.Ken Raeburn2004-08-047-7/+59
| | | | | | | | | | | | | | * rc_dfl.c (krb5_rc_dfl_init_locked): New function, with most of the content of old krb5_rc_dfl_init. (krb5_rc_dfl_init): Call it. (krb5_rc_dfl_recover_or_init): New function. * rc_dfl.h (krb5_rc_dfl_recover_or_init): Declare. * rcdef.c (krb5_rc_dfl_ops): Initialize new field. * rc_none.c (krb5_rc_none_recover_or_init): New macro. (krb5_rc_none_ops): Initialize new field. * rcfns.c (krb5_rc_recover_or_initialize): New function. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16640 dc483132-0cff-0310-8789-dd5450dbe970
* Implement new replay cache type "none"Ken Raeburn2004-07-305-3/+108
| | | | | | | | | | * rc_none.c: New file. * Makefile.in (SRCS, STLIBOBJS, OBJS): Build it. * rc-int.h (krb5_rc_none_ops): Declare. * rc_base.c (none): New variable. (krb5_rc_typelist_dfl): Add it into the linked list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16634 dc483132-0cff-0310-8789-dd5450dbe970
* cc_mslsa.c: fix is_windows_xp not to return true for windows 2000Jeffrey Altman2004-07-262-1/+6
| | | | | | | ticket: 2645 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16624 dc483132-0cff-0310-8789-dd5450dbe970
* [needs the include/configure.in checkin of a few minutes ago, too]Ken Raeburn2004-07-222-2/+15
| | | | | | | | | * localaddr.c (get_lifconf): Define only if "struct lifconf" is available. (foreach_localaddr): Use get_lifconf only if "struct lifconf" is available. ticket: 2598 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16621 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_memory.c (krb5_mcc_store): When allocating krb5_mcc_linkEzra Peisach2004-07-182-1/+6
| | | | | | memory - allocate sizeof() - not sizeof(sizeof()). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16613 dc483132-0cff-0310-8789-dd5450dbe970
* zap remaining bits of macsock.h supportKen Raeburn2004-07-1710-7/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16612 dc483132-0cff-0310-8789-dd5450dbe970
* Remove use of client principal from krb5_context (default_ccprincipal) and ↵Alexandra Ellwood2004-07-155-79/+39
| | | | | | | | default principal from v4 CCAPI glue code ticket: 2634 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16602 dc483132-0cff-0310-8789-dd5450dbe970
* * t_cc.c (cc_test): Rename one of the "resolve" cases so the messages can beKen Raeburn2004-07-142-1/+6
| | | | | | distinguished. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16596 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: Fix thread safetyJeffrey Altman2004-07-082-3/+14
| | | | | | ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16562 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-07-07 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-07-072-0/+6
| | | | | | | | * cc_mslsa.c: When obtaining a TGT from the MSLSA, do not ignore the cache when the requested enctype is the NULL enctype. This means to accept any enctype. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16554 dc483132-0cff-0310-8789-dd5450dbe970
* * dnssrv.c (krb5int_make_srv_query_realm) [HAVE_RES_NSEARCH]: Use res_nsearchKen Raeburn2004-07-043-0/+63
| | | | | | | instead of res_search. * hst_realm.c (krb5_try_realm_txt_rr) [HAVE_RES_NSEARCH]: Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16541 dc483132-0cff-0310-8789-dd5450dbe970
* * an_to_ln.c: Include string.hKen Raeburn2004-07-022-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16538 dc483132-0cff-0310-8789-dd5450dbe970
* Thread-safety for file-based credentials cachesKen Raeburn2004-06-302-74/+195
| | | | | | | | | | | | | | | | | | * cc_file.c (krb5_fcc_data): Added a mutex. (krb5_fcc_read*, krb5_fcc_write, krb5_fcc_store_*, krb5_fcc_open_file, krb5_fcc_skip_header, krb5_fcc_skip_principal): Verify that the mutex is locked. (MAYBE_OPEN): Verify that the mutex is locked; unlock it if returning an error. (krb5_fcc_initialize, krb5_fcc_start_seq_get, krb5_fcc_get_principal, krb5_fcc_store, krb5_fcc_set_flags): Lock and unlock the mutex. (krb5_fcc_close): Likewise. Destroy the mutex when done. (krb5_fcc_destroy): Merge stdio and non-stdio versions a little more. Destroy the mutex when done. (krb5_fcc_resolve): Initialize and lock the mutex. (krb5_fcc_next_cred): Lock and unlock the mutex. Merge the stdio and non-stdio branches a little more. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16534 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c:Jeffrey Altman2004-06-302-63/+358
| | | | | | | | | | | | | | | | | | | | | | | | - is_windows_2000() indicates the OS is Windows 2000 or higher - is_windows_xp() indicates the OS is Windows XP or higher which indicates that PKERB_QUERY_TKT_CACHE_EX_RESPONSE and PKERB_TICKET_CACHE_INFO_EX are available. - does_retrieve_ticket_cache_ticket() checks to see if a Microsoft private fix is available which adds a new Cache Flag, KERB_RETRIEVE_TICKET_CACHE_TICKET, which when set causes the requested ticket to be stored in the LSA cache even when the TicketFlags and EncType are not set to 0. - KerbExternalTicketMatch() is a test to determine if two Microsoft External Tickets are identical + use the KerbQueryTicketCacheExMessage LSA call on XP or higher + specify the KERB_RETRIEVE_TICKET_CACHE_TICKET flag when it is available = The combination of both + items will cause the ClientRealm to be displayed properly for all cross realm tickets obtained via the MSLSA ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16528 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_memory.c (krb5_mcc_free): Don't free the mutex hereKen Raeburn2004-06-292-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16527 dc483132-0cff-0310-8789-dd5450dbe970
* Missed some log data with last checkin:Ken Raeburn2004-06-281-0/+5
| | | | | | | | | | * cc_memory.c (struct _krb5_mcc_data): Delete 'next' pointer. Add a mutex. (krb5_mcc_*): Lock and unlock the mutex as appropriate. (struct krb5_mcc_list_node): New type, separates the linked-list container from the data for individual nodes. (mcc_head): Now points to krb5_mcc_list_node. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16525 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_memory.c: Include k5-thread.h.Ken Raeburn2004-06-284-173/+231
| | | | | | | | | | | (krb5int_mcc_mutex): New lock. (krb5_mcc_store): Rewrite. (NEED_WINDOWS): Don't define. (krb5_mcc_*): All functions now static. * cc-int.h (krb5int_mcc_mutex): Declare. * ccbase.c (krb5int_cc_initialize): Initialize it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16524 dc483132-0cff-0310-8789-dd5450dbe970
* update copyright, fix comment typoKen Raeburn2004-06-241-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16514 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c (krb5_fcc_read_data): Combine stdio and posix versions of code withKen Raeburn2004-06-242-32/+24
| | | | | | | | | | | gratuitous minor differences. (krb5_fcc_read_int32, krb5_fcc_next_cred): Likewise. (krb5_fcc_read_addr): Likewise. Check that filled-in length field matches the value we tried to store (i.e., that type conversion didn't throw away information). (krb5_fcc_read_authdatum): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16513 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c (my_fopen): Function deleted.Ken Raeburn2004-06-222-9/+3
| | | | | | (krb5_fcc_open_file): Use fopen, not my_fopen. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16507 dc483132-0cff-0310-8789-dd5450dbe970
* Delete preprocessor tests for macintosh, __MWERKS__, applec, and THINK_C, allKen Raeburn2004-06-2220-79/+49
| | | | | | | part of the pre-Mac OS X support. (Except the bits in the Yarrow code, where it was part of the upstream source.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16506 dc483132-0cff-0310-8789-dd5450dbe970
* cc_mslsa.c: Comment out calls to FormatMessage and do not terminateJeffrey Altman2004-06-222-0/+17
| | | | | | | | | | | | the program on a failure to generate a message. The existing code fails on non-English systems. We do not need this code in a library unless we are logging to the Event Log which is currently not done. Ignore this for the time being until such time as we decide Event Log entries are important to us. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16503 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-02 12:31:07 +0000