summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* Add files containing the export lists used on UNIX, in each directoryKen Raeburn2004-04-222-0/+750
| | | | | | | | | | | | | | where we build a shared library, whether or not it gets installed. These should match the complete AIX export lists for a full build including krb4 support, and will eventually be used on other UNIX platforms, and cut down to just the symbols we actually want to export. We'll also have to add additional information, eventually, for versioning and such, but currently this is just a list of C symbol names. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16259 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_in_tkt ignores lifetimeSam Hartman2004-04-163-5/+17
| | | | | | | | | | John Hascall reports that the emulation of krb5_get_in_tkt is incomplete and does not handle lifetimes set in the input credentials. He provided a patch to fix this. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16258 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak when not sending to master KDC inSam Hartman2004-04-152-0/+9
| | | | | | | | | | get_init_creds_password path. Ticket: 2534 Tags: pullup Target_Version: 1.3.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16255 dc483132-0cff-0310-8789-dd5450dbe970
* Since we must reserve the single letter prefixes on all platformsJeffrey Altman2004-04-134-8/+12
| | | | | | | | anyway, make the mapping apply on all platforms ticket: 2531 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16247 dc483132-0cff-0310-8789-dd5450dbe970
* Treat keytab and ccache names without prefixes as type FILE:Jeffrey Altman2004-04-134-17/+50
| | | | | | | | | | on Windows if there is a drive letter found at the beginning of the name. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16246 dc483132-0cff-0310-8789-dd5450dbe970
* * ccbase.c: the krb5_cc_resolve() function pointer ccresolverJeffrey Altman2004-04-132-3/+11
| | | | | | | | must be of type KRB5_CALLCONV ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16245 dc483132-0cff-0310-8789-dd5450dbe970
* ktbase.c - restore the thread safety changes which were accidentlyJeffrey Altman2004-04-082-16/+44
| | | | | | | | removed in revision 5.29 ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16241 dc483132-0cff-0310-8789-dd5450dbe970
* On Windows, a single letter followed by colon is used to identifyJeffrey Altman2004-04-082-36/+27
| | | | | | | | | | a drive. Therefore, do not assume that finding a colon in a string indicates that we have found a keytab prefix label unless the length of the potential prefix is not equal to one. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16240 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c:Jeffrey Altman2004-04-062-0/+20
| | | | | | | | | | | | | | | | In at least one case on Win2003 it appears that it is possible for the logon session to be authenticated via NTLM and yet for there to be Kerberos credentials obtained by the LSA on behalf of the logged in user. Therefore, we are removing the test for IsKerberosLogon() within krb5_lcc_resolve() which was meant to avoid the need to perform GetMSTGT() when there was no possibility of credentials being found. ticket: new tags: pullup target_version: next git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16235 dc483132-0cff-0310-8789-dd5450dbe970
* Delay load the ADVAPI32.DLL and SECUR32.DLL libraries within KRB5_32.DLLJeffrey Altman2004-03-312-8/+97
| | | | | | | | | | | | | Then modify the MSLSA implementation to ensure that none of the APIs loaded from those DLLs are executed on Windows platforms prior to Windows 2000. This ensures that the DLLs will never be loaded enabling KRB5_32.DLL to continue to be used on Windows 9x. ticket: new target_version: 1.3.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16217 dc483132-0cff-0310-8789-dd5450dbe970
* Remove t_file.c as it is mostly redundant, does not build and cannotSam Hartman2004-03-264-229/+7
| | | | | | | | be made to build because functions it depends on are now static. Remove duplication between cc_file.c and fcc.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16215 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_fcc_generate_new should use mkstempSam Hartman2004-03-262-2/+12
| | | | | | | | | Change krb5_fcc_generate_new to use mkstemp rather than mktemp. Ticket: new Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16214 dc483132-0cff-0310-8789-dd5450dbe970
* * sendto_kdc.c (get_so_error): New function.Ken Raeburn2004-03-222-21/+36
| | | | | | | | | (service_tcp_fd): Call it for write fds as well as exception fds. ticket: 2426 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16199 dc483132-0cff-0310-8789-dd5450dbe970
* * sendto_kdc.c (krb5int_sendto): Initialize select_state.end_timeKen Raeburn2004-03-222-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16198 dc483132-0cff-0310-8789-dd5450dbe970
* Return ERROR_FCC_NOFILE when the principal cannot be determined duringJeffrey Altman2004-03-192-0/+8
| | | | | | | | calls to krb5_lcc_resolve() ticket: 2430 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16186 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c:Jeffrey Altman2004-03-194-2/+53
| | | | | | | | | | | | | | | Add missing return statements in krb5_lcc_start_seq_get() * cc-int.h: New file - Add prototypes for cc internal functions * cc_retr.c - include cc-int.h ticket: new target_version: 1.3.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16185 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_sendto_kdc passing improper argument to krb5_locate_kdcEzra Peisach2004-03-182-1/+6
| | | | | | | | | | | | | * sendto_kdc.c (krb5_sendto_kdc): Change passing pointer to value of use_master parameter to krb5_locate_kdc. Error was introduced in 2/26 code change. ticket: new tags: pullup target_version: next git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16184 dc483132-0cff-0310-8789-dd5450dbe970
* Fix missing case for get_init_creds API changeKen Hornstein2004-03-092-1/+7
| | | | | | | | Fix a case I missed in my original patch for the krb5_get_init_creds API change. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16162 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2004-03-063-3/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16154 dc483132-0cff-0310-8789-dd5450dbe970
* For keytab, ccache, and rcache type registries, use const more, andKen Raeburn2004-03-066-21/+101
| | | | | | use a mutex to protect manipulation of the lists. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16153 dc483132-0cff-0310-8789-dd5450dbe970
* * lock_file.c (krb5_lock_file): Initialize flock data on entry, but don'tKen Raeburn2004-03-062-4/+6
| | | | | | bother with a static version to copy from. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16150 dc483132-0cff-0310-8789-dd5450dbe970
* Use more const data in the keytab type registryKen Raeburn2004-03-062-6/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16149 dc483132-0cff-0310-8789-dd5450dbe970
* minor formatting, mostly whitespaceKen Raeburn2004-03-031-37/+38
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16141 dc483132-0cff-0310-8789-dd5450dbe970
* * rc_base.c: Delete unused and untested semaphore supportKen Raeburn2004-03-033-29/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16140 dc483132-0cff-0310-8789-dd5450dbe970
* * gic_pwd.c (krb5_get_in_tkt_with_password): Fix a case Jeff missedKen Raeburn2004-02-282-1/+7
| | | | | | | ticket: 2296 version_fixed: git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16139 dc483132-0cff-0310-8789-dd5450dbe970
* As discussed on the krbdev mailing list, krb5_get_init_creds_password()Jeffrey Altman2004-02-278-23/+76
| | | | | | | | | | | | | | | | | | | | | | | suffered from a behavior in which it would unintentionally query a master KDC twice if in fact the KDC queried when krb5int_sendto() was called with use_master = 0 was in fact the master. This resulted in more than an additional protocol operation. There were two negative side effects. First, in the case of an incorrect password there would be two counts against the max retry attempts. Second, in the case of hardware pre-auth and an expired password, the user would be asked to enter their expired password twice before being told it was expired. This has been fixed by changing the use_master parameter into an in/out parameter and modifying krb5int_sendto() to indicate which KDC it received the response from. This allows the use_master parameter to be set to indicate whether or not the response came from a master KDC regardless of whether a master KDC was requested. ticket: new target_version: next tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16137 dc483132-0cff-0310-8789-dd5450dbe970
* * sendto_kdc.c (start_connection): Close socket if connect() call fails for anKen Raeburn2004-02-262-0/+6
| | | | | | | | | unexpected reason. ticket: 2277 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16123 dc483132-0cff-0310-8789-dd5450dbe970
* ignore generated shared librariesKen Raeburn2004-02-241-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16120 dc483132-0cff-0310-8789-dd5450dbe970
* Move daemon.c into a new library of utility routines for linking our programsKen Raeburn2004-02-242-95/+4
| | | | | | | | | | | | against but which we don't want to install as a separate library. Change Kerberos and application servers to link against the library if they might need the replacement daemon() function. Add a dummy file to the library in case daemon() is not needed, so we don't have an empty library, which we may not handle properly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16118 dc483132-0cff-0310-8789-dd5450dbe970
* ignore generated krb524 error table codeKen Raeburn2004-02-241-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16116 dc483132-0cff-0310-8789-dd5450dbe970
* Don't specify defaults for GET{PEER,SOCK}NAME_ARG{2,3}_TYPE macrosKen Raeburn2004-02-144-26/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16082 dc483132-0cff-0310-8789-dd5450dbe970
* Call htons for default port of password serverSam Hartman2004-02-092-1/+5
| | | | | | | Ticket: 2171 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16047 dc483132-0cff-0310-8789-dd5450dbe970
* Enable aes128-cts for clientSam Hartman2004-02-062-0/+5
| | | | | | | | | | | | | Currently we support aes128-cts but do not enable it by default. It looks like interoperability problems will be created by this decision. So add aes128-cts to the default list of enctypes for client configuration and for permitted_enctypes. Ticket: new Target_Version: 1.3.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16026 dc483132-0cff-0310-8789-dd5450dbe970
* Remove reference to the ntstatus.h header in cc_mslsa.cJeffrey Altman2004-02-042-1/+6
| | | | | | | | | | | This header is not present in the August 2001 Platform SDK which is the current minimum SDK version. ticket: new tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16020 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-02-02 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-02-032-1/+22
| | | | | | | | | | | | | | | | | | * cc_msla.c: GetMSCacheTicketFromCacheInfo() uses the tktinfo->TicketFlags as the value to assign to TicketRequest->TicketFlags. This field is blindly inserted into the kdc-options[0] field of the TGS_REQ. If there are bits such as TRANSIT_POLICY_CHECKED in the TicketFlags, this will result in an unknown TGS_OPTION being processed by the KDC. This has been fixed by mapping the Ticket Flags to KDC options. We only map Forwardable, Forwarded, Proxiable, and Renewable. The others should not be used. ticket: 2190 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16013 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: the MSLSA code was crashing on Pismere machines whenJeffrey Altman2004-02-022-10/+36
| | | | | | | | | | | | | | | | | | | | logging on with cross realm credentials. On these machines there are 8 tickets within the LSA cache from two different realms. One of the krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe processes. The attempt to access the ticket returns a SubStatus code of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that the logon attempt was invalid due to bad authentication information. kerbtray has no problem listing this ticket. The other seven tickets in the cache including the Initial Ticket are accessible. Modified krb5_lcc_next_cred() to skip to the next ticket if an attempt to read a single ticket fails. ticket: 2184 tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15997 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: optimize the get_next logic by storing a handle to theJeffrey Altman2004-02-012-18/+30
| | | | | | | | | | MS TGT in the lcc_cursor data structure ticket:new tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15993 dc483132-0cff-0310-8789-dd5450dbe970
* Do not export tickets from the LSA if they contain NULL session keys.Jeffrey Altman2004-01-312-6/+19
| | | | | | | | | | This is primarily to prevent unusable TGTs from being imported into the MIT Credential Cache ticket: 2153 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15991 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-01-30 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-01-312-20/+98
| | | | | | | | | | | | | | | | | | | | * cc_mslsa.c: As per extensive conversations with Doug Engert we have concluded that MS is not specifying a complete set of domain information when it comes to service tickets other than the initial TGT. What happens is the client principal domain cannot be derived from the fields they export. Code has now been added to obtain the domain from the initial TGT and use that when constructing the client principals for all tickets. This behavior can be turned off by setting a registry either on a per-user or a system-wide basis: {HKCU,HKLM}\Software\MIT\Kerberos5 PreserveInitialTicketIdentity = 0x0 (DWORD) ticket: 2139 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15990 dc483132-0cff-0310-8789-dd5450dbe970
* fix typosJeffrey Altman2004-01-073-5/+5
| | | | | | | ticket: 2106 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15975 dc483132-0cff-0310-8789-dd5450dbe970
* Add stub function implementations to support krb5_cc_remove_cred() whichJeffrey Altman2004-01-066-5/+57
| | | | | | | | | | | would cause a null pointer dereference if called. The new KRB5_CC_NOSUPP error is returned to indicate the lack of implementation. ticket: 2106 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15974 dc483132-0cff-0310-8789-dd5450dbe970
* move some basic header and function checks from lib/krb5 to includeKen Raeburn2003-12-242-4/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15960 dc483132-0cff-0310-8789-dd5450dbe970
* * dnssrv.c: wrap the entire module in #ifdef KRB5_DNS_LOOKUP to preventJeffrey Altman2003-12-222-0/+7
| | | | | | | | | | | the dependency on the resolver library when DNS functionality is not being compiled into the krb5 library. ticket: new target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15958 dc483132-0cff-0310-8789-dd5450dbe970
* * realm_iter.c (krb5_realm_iterator_create): Array NAMES is now constKen Raeburn2003-12-202-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15954 dc483132-0cff-0310-8789-dd5450dbe970
* * prompter.c (catch_signals, restore_signals): Take pointer to old signalKen Raeburn2003-12-202-28/+37
| | | | | | | | | | | | handler info as new argument. (osiginfo): New typedef. (setup_tty, restore_tty): Take pointer to old signal handler info and old termios settings as new arguments. (krb5_prompter_posix): Pass the extra arguments, addresses of new automatic variables. (osigint, saveparm): Variables deleted. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15952 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (STLIBOBJS, OBJS, SRCS): Don't build promptusr.cKen Raeburn2003-12-202-8/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15951 dc483132-0cff-0310-8789-dd5450dbe970
* oops. actually do the #undef DEBUGKen Raeburn2003-12-201-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15950 dc483132-0cff-0310-8789-dd5450dbe970
* * sendto_kdc.c (default_debug_handler, put, putstr): Define only if DEBUG isKen Raeburn2003-12-202-1/+11
| | | | | | | | defined. (DEBUG): Don't define. (krb5int_sendtokdc_debug_handler): Initialize to null if DEBUG is not defined. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15949 dc483132-0cff-0310-8789-dd5450dbe970
* * get_in_tkt.c (get_in_tkt_enctypes): Now constKen Raeburn2003-12-202-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15948 dc483132-0cff-0310-8789-dd5450dbe970
* ticket 2049Jeffrey Altman2003-12-192-5/+12
| | | | | | fix an incorrect level of indirection for a krb5_creds data structure. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15942 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-03 17:59:35 +0000