summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* For naming extensions draft compliance, s/mspac:/urn:mspac:/Luke Howard2009-10-201-12/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22957 dc483132-0cff-0310-8789-dd5450dbe970
* fix some Coverity reported defects in naming extensionsLuke Howard2009-10-204-25/+27
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22948 dc483132-0cff-0310-8789-dd5450dbe970
* Implement new APIs to allow improved crypto performanceGreg Hudson2009-10-1917-204/+218
| | | | | | | | | | | Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the krb5_k_* APIs to use them, and caching of derived keys when krb5_k_* functions are used. Updates the krb5 auth context and GSS id-rec to use krb5_keys. ticket: 6576 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944 dc483132-0cff-0310-8789-dd5450dbe970
* Fix preauth looping in krb5_get_init_credsGreg Hudson2009-10-131-2/+16
| | | | | | | | | | | | | | In 1.7, krb5_get_init_creds will continue attempting the same built-in preauth mechanism (e.g. encrypted timestamp) until the loop counter maxes out. Until the preauth framework can remember not to retry built-in mechanisms, only continue with preauth after a PREAUTH_FAILED error resulting from optimistic preauth. ticket: 6573 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22890 dc483132-0cff-0310-8789-dd5450dbe970
* Revert a small part of r22736 which incorrectly fixed a preauthGreg Hudson2009-10-131-4/+2
| | | | | | looping bug in krb5_get_init_creds. A more correct fix will follow. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22888 dc483132-0cff-0310-8789-dd5450dbe970
* Move destest to builtin/des, because it depends on overriding someTom Yu2009-10-108-573/+710
| | | | | | | | internals. Make depend. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22877 dc483132-0cff-0310-8789-dd5450dbe970
* Implement GSS naming extensions and authdata verificationGreg Hudson2009-10-0924-86/+2396
| | | | | | | | | Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming extensions and verification of authorization data. ticket: 6572 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
* In asn1_decode_enc_kdc_rep_part, don't leak the enc_padata field onGreg Hudson2009-10-091-0/+1
| | | | | | | | | | invalid representations. ticket: 6571 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22872 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_encrypt_helper, return ENOMEM instead of 0 if we can'tGreg Hudson2009-10-061-1/+1
| | | | | | allocate the ciphertext buffer. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22860 dc483132-0cff-0310-8789-dd5450dbe970
* Slightly more comprehensible message for KRB5_RC_IOKen Raeburn2009-10-061-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22857 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a braino in r22790Greg Hudson2009-09-281-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22791 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a few problems introduced by r22787Greg Hudson2009-09-282-9/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22790 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up krb5_get_credentials:Greg Hudson2009-09-253-65/+59
| | | | | | | | | | | * Use the current coding practice for output parameters. * Rename the helper function krb5_get_credentials_core to krb5int_construct_matching_creds and document it. * Don't fail out if we fail to cache intermediate tgts. * Simplify conditional logic and variable handling. ncreds is now always a temporary holder for the resulting credentials. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22787 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a few bugs in r22736. Cherry-picked from Luke's authdata branchGreg Hudson2009-09-211-5/+5
| | | | | | ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22780 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up warnings of unused variables that have crept into the source tree..Ezra Peisach2009-09-202-3/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22779 dc483132-0cff-0310-8789-dd5450dbe970
* Re-run make depend without autoconf.h in the source treeGreg Hudson2009-09-168-1246/+1119
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj.: Move prf and random-to-key ops from backend to krbZhanna Tsitkov2009-09-168-1109/+1246
| | | | | | bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769 dc483132-0cff-0310-8789-dd5450dbe970
* Implement s4u extensionsGreg Hudson2009-09-1317-138/+1422
| | | | | | | | | Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
* Use load_32_be processing length in TCP replyKen Raeburn2009-08-211-5/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22570 dc483132-0cff-0310-8789-dd5450dbe970
* Use {load,store}_{16,32}_be for big-endian integersKen Raeburn2009-08-211-17/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22568 dc483132-0cff-0310-8789-dd5450dbe970
* Re-run make depend. (I am not certain why the dependencies fromGreg Hudson2009-08-031-0/+10
| | | | | | r22477 didn't work for me.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22482 dc483132-0cff-0310-8789-dd5450dbe970
* Fix of the test cleanup Zhanna Tsitkov2009-08-011-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22476 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak in k5_pac_verify_server_checksumEzra Peisach2009-07-302-1/+5
| | | | | | | | | | k5_pac_verify_server_checksum was leaking memory when the checksum was valid. t_pac.c: Fix memory leak by forgetting to release memory. ticket: 6541 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22474 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak in test code t_authdataEzra Peisach2009-07-301-0/+1
| | | | | | | | Free the krb5_context at the end to release memory. ticket: 6540 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22473 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak by release context at end of test codeEzra Peisach2009-07-301-0/+3
| | | | | | ticket: 6539 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22470 dc483132-0cff-0310-8789-dd5450dbe970
* Enctype list configuration enhancementsGreg Hudson2009-07-293-78/+334
| | | | | | | | | | | In the processing code for enctype lists, add support for "DEFAULT" to indicate the default list, for families (des/des3/aes/rc4), and for removing entries from the current list (-foo). Also add unit tests and document. ticket: 6539 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22469 dc483132-0cff-0310-8789-dd5450dbe970
* Use zero-terminated enctype lists in the context structure instead ofGreg Hudson2009-07-273-169/+148
| | | | | | counted lists, to reduce impedance mismatches. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22456 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_copy_error_message, pass correct pointer toGreg Hudson2009-06-271-1/+1
| | | | | | | | | | krb5int_clear_error. ticket: 6519 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22424 dc483132-0cff-0310-8789-dd5450dbe970
* Update comments to reflect reality and the fact that this is not a file basedEzra Peisach2009-06-211-20/+28
| | | | | | cache. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22419 dc483132-0cff-0310-8789-dd5450dbe970
* minor memory leak in 'none' replay cache typeKen Raeburn2009-06-181-2/+8
| | | | | | | | | | | | | | | | The replay cache type implementations are responsible for freeing the main rcache structure when the cache handle is closed. The 'none' rcache type wasn't doing this, resulting in a small memory leak each time such a cache was opened and closed. Not a big deal for a server process servicing a single client, but it could accumulate (very very slowly) for a long-running server. ticket: 6514 tags: pullup target_version: 1.7.1 version_reported: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22417 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_rd_chpw_rep could call krb5_free_error with random valueEzra Peisach2009-06-101-1/+1
| | | | | | | | | | clang picked up on a path in which krberror is not set and passed as an argument to krb5_free_error(). Essentially if the clearresult length < 2 but everything decodes - you can hit this path... ticket: 6511 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22409 dc483132-0cff-0310-8789-dd5450dbe970
* Fix test rules for non-gmake make versionsGreg Hudson2009-05-241-2/+2
| | | | | | | | | | | | | The build rules for the new t_ad_fx_armor and t_authdata test programs used $<, which is only portable for implicit rules (but is valid in gmake for all rules). Stop using $< in those rules so that "make check" works with System V make. ticket: 6495 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22368 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_ktfileint_write_entry, add a no-op fseek in between readingGreg Hudson2009-05-231-0/+3
| | | | | | | | EOF and writing the placeholder length field. Otherwise we can run into an apparent bug in the Solaris 10 stdio library which causes the next no-op fseek after the fwrite to fail with EINVAL. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22367 dc483132-0cff-0310-8789-dd5450dbe970
* Use printf format attribute only with gccKen Raeburn2009-05-222-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22363 dc483132-0cff-0310-8789-dd5450dbe970
* make prompt string vars point to constKen Raeburn2009-05-221-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22362 dc483132-0cff-0310-8789-dd5450dbe970
* When using keyed checksum types with TGS subkeys, Microsoft AD 2003Greg Hudson2009-05-191-0/+2
| | | | | | | | | | | | | | | | verifies the checksum using the subkey, whereas MIT and Heimdal verify it using the TGS session key. (RFC 4120 is actually silent on which is correct; RFC 4757 specifies the TGS session key.) To sidestep this interop issue, don't use keyed checksum types with RC4 keys without explicit configuration in krb5.conf. Using keyed checksum types with AES is fine since, experimentally, AD 2008 accepts checksums keyed with the TGS session key. ticket: 6490 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22356 dc483132-0cff-0310-8789-dd5450dbe970
* UCS2 support doesn't handle upper half of BMPGreg Hudson2009-05-141-4/+2
| | | | | | | | | | | | Make krb5_ucs2 an unsigned type. Eliminate the need for distinguished values for ucs2 and ucs4 characters by changing the API of the single- character conversion routines. ticket: 6489 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22350 dc483132-0cff-0310-8789-dd5450dbe970
* remove some old code for debugging the debugging codeKen Raeburn2009-05-141-7/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22349 dc483132-0cff-0310-8789-dd5450dbe970
* reduce character-class table entry size (40%) based on limited data ranges; ↵Ken Raeburn2009-05-111-4/+4
| | | | | | make table const git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22344 dc483132-0cff-0310-8789-dd5450dbe970
* In recvauth_common, convert a use of strcpy to strdupGreg Hudson2009-05-111-2/+2
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22343 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor rule_an_to_ln, creating a new helper function to handle theGreg Hudson2009-05-112-125/+104
| | | | | | | | selection string specifier. Eliminate two (safe) uses of sscanf in the process. Add a test case including literal text in the selection string specifier. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22326 dc483132-0cff-0310-8789-dd5450dbe970
* Try decrypting using session key if subkey fails in tgs rep handlingSam Hartman2009-05-073-8/+13
| | | | | | | | | | | | | | | | | | | | | | Heimdal at least up through 1.2 incorrectly encrypts the TGS response in the session key not the subkey when a subkey is supplied. See RFC 4120 page 35. Work around this by trying decryption using the session key after the subkey fails. * decode_kdc_rep.c: rename to krb5int_decode_tgs_rep; only used for TGS and now needs to take keyusage * gc_via_tkt: pass in session key and appropriate usage if subkey fails. Note that the dead code to process AS responses in decode_kdc_rep is not removed by this commit. That will be removed as FAST TGS client support is integrated post 1.7. ticket: 6484 Tags: pullup Target_Version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22325 dc483132-0cff-0310-8789-dd5450dbe970
* After consultation with kenh, remove a comment and if statement whichGreg Hudson2009-05-071-7/+0
| | | | | | should no longer apply to the pa_sam_2 code, fixing a memory leak. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22322 dc483132-0cff-0310-8789-dd5450dbe970
* Fix yet another memory leak in pa_samGreg Hudson2009-05-061-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22321 dc483132-0cff-0310-8789-dd5450dbe970
* Fix multiple memory leaks in obtain_sam_padataGreg Hudson2009-05-061-23/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22320 dc483132-0cff-0310-8789-dd5450dbe970
* In pa_sam, use the correct function to free sam_challenge in theGreg Hudson2009-05-061-1/+1
| | | | | | | | success path. ticket: 6210 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22319 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in pa_sam_2 where an outer data structure wasn'tGreg Hudson2009-05-061-0/+1
| | | | | | freed after the contents are coopted. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22318 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in pa_samGreg Hudson2009-05-051-2/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22317 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in krb5_obtain_padataGreg Hudson2009-05-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22316 dc483132-0cff-0310-8789-dd5450dbe970
* In pa_sam_2, free sc2 in an error-handling case where it was leakedGreg Hudson2009-05-051-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22315 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 08:50:57 +0000