summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* Adjust the logic in rule_an_to_ln to avoid a "can't happen" case ofGreg Hudson2009-04-031-5/+7
| | | | | | | strchr returning null when searching for a character we know is there. Also properly return ENOMEM if we fail to allocate selstring. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22169 dc483132-0cff-0310-8789-dd5450dbe970
* Merge fast branch at 22166 onto trunkSam Hartman2009-04-039-36/+142
| | | | | | ticket: 6436 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22167 dc483132-0cff-0310-8789-dd5450dbe970
* Unfortunately, pre-1.7 krshd fails to support keyed checksums becauseSam Hartman2009-04-032-1/+3
| | | | | | | | | | | | | | | | it uses the wrong API and wrong key usage. So, if the auth_context has an explicit checksum type set, then respect that. kcmd sets such a checksum type. Also, because other applications may have the same problem, allow the config file variable if set to override the default checksum. * kcmd.c: Force use of rsa_md5 * init_ctx.c: do not default to md5 * mk_req_ext.c: allow auth_context to override ticket: 1624 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22160 dc483132-0cff-0310-8789-dd5450dbe970
* Use the preferred checksum for non-DES keys in the kdc_req path andSam Hartman2009-04-012-3/+20
| | | | | | | | | | | | all the time in the ap_req checksum path. This breaks code to support DCE versions prior to 1.1 but uses the correct checksum for protocol compatibility. ticket: 1624 Target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22154 dc483132-0cff-0310-8789-dd5450dbe970
* Make FAST changes build when pkinit is disabledTom Yu2009-03-314-19/+23
| | | | | | ticket: 6436 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22153 dc483132-0cff-0310-8789-dd5450dbe970
* make dependSam Hartman2009-03-311-2/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22150 dc483132-0cff-0310-8789-dd5450dbe970
* Implement FAST from draft-ietf-krb-wg-preauth-frameworkSam Hartman2009-03-3115-21/+1013
| | | | | | | | | | | | Merge fast branch at 22146 onto trunk Implement the kerberos pre-authentication framework FAST feature per Projects/FAST on the wiki. ticket: 6436 Target_Version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22149 dc483132-0cff-0310-8789-dd5450dbe970
* in send_tgs.c:Sam Hartman2009-03-311-1/+1
| | | | | | | | Encrypt using local_subkey not *subkey ticket: 6393 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22148 dc483132-0cff-0310-8789-dd5450dbe970
* Add PAC and principal parsing test casesGreg Hudson2009-03-304-2/+756
| | | | | | | | From Heimdal, ported by Luke, further modified by me. ticket: 6435 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22147 dc483132-0cff-0310-8789-dd5450dbe970
* Fix error handling issue in ASN.1 decoderGreg Hudson2009-03-171-1/+2
| | | | | | | | | | | In asn1_k_decode.c, check the return value of end_sequence_of_no_tagvars_helper. ticket: 6427 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22107 dc483132-0cff-0310-8789-dd5450dbe970
* Implement tests for authdata functionsSam Hartman2009-03-162-2/+109
| | | | | | | | | Implement some test cases for krb5_merge_authdata and krb5int_find_authdata ticket: 6422 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22097 dc483132-0cff-0310-8789-dd5450dbe970
* Implement krb5int_find_authdataSam Hartman2009-03-161-0/+89
| | | | | | | | | Implement a function to find all instances of a particular ad_type in ticket or authenticator authdata. ticket: 6422 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22096 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_auth_con_free should support freeing a null auth_context without segfaultSam Hartman2009-03-161-0/+2
| | | | | | | | If the input auth_con is NULL, return success. ticket: 6423 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22092 dc483132-0cff-0310-8789-dd5450dbe970
* Use correct salt for canonicalized principalsGreg Hudson2009-03-131-1/+23
| | | | | | | | | | | | In cases where the salt is derived from the client principal, use the canonicalized principal received from the KDC to determine the salt. Further changes are probably required for some preauth cases. ticket: 6415 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22083 dc483132-0cff-0310-8789-dd5450dbe970
* Make a working krb5_copy_error_messageGreg Hudson2009-03-112-0/+15
| | | | | | | | | | | | The krb5_copy_error_state macro wasn't used, didn't work, and didn't need to be a macro. Replace it with an exported API function named krb5_copy_error_message. ticket: 6407 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22078 dc483132-0cff-0310-8789-dd5450dbe970
* send_as_req re-encodes the requestSam Hartman2009-03-061-19/+12
| | | | | | | | | | | | | | | | krb5_get_init_creds calls encode_krb5_as_req to produce an encoding for the preauth plugins, then passes the unencoded request structure into the static function send_as_req. That function re-encodes the request. This is an unnecessary call to the encoder. In addition, for the FAST project, it is desirable to encapsulate the unencoded outer request so that krb5_get_init_creds does not need it. * send_as_req is modified to take an encoded request and realm * Remove unused logic to fill in request nonce from send_as_req ticket: 6401 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22067 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_merge_authdata should initialize output on failureSam Hartman2009-02-261-0/+1
| | | | | | ticket: 6400 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22057 dc483132-0cff-0310-8789-dd5450dbe970
* Include authenticator and ticket authdata in gss-apiSam Hartman2009-02-262-11/+36
| | | | | | | | | | | | | | | Currently, the GSS-API routines for handling authdata only extract the authorization data from the ticket, not that from the authenticator. This is incorrect. Introduce a new function krb5_merge_authadata to merge two authdata arrays into a newly allocated result array. Use this function in accept_sec_context.c to include both sets of authdata. ticket: 6400 Target_version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22056 dc483132-0cff-0310-8789-dd5450dbe970
* Check return code of encode_krb5_ap_req. Also, tabs vs whitespaceZhanna Tsitkov2009-02-231-134/+135
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22050 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5int_generate_and_save_subkey, check the return value ofGreg Hudson2009-02-231-4/+5
| | | | | | | | krb5_crypto_us_timeofday. It can't really fail in practice, but if it did we'd be passing stack garbage to krb5_c_random_add_entropy. That's harmless, but poor form. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22049 dc483132-0cff-0310-8789-dd5450dbe970
* Check the return value of fseek in two places in kt_file.cGreg Hudson2009-02-231-2/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22047 dc483132-0cff-0310-8789-dd5450dbe970
* Kill an odd (but harmless) use of strncpy inGreg Hudson2009-02-231-7/+4
| | | | | | | krb5_get_in_tkt_with_password, by using the construction from krb5_get_init_creds_password. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22045 dc483132-0cff-0310-8789-dd5450dbe970
* send_tgs.c:Sam Hartman2009-02-231-30/+33
| | | | | | | | | | | | | | * Move generation of subkey into krb5int_send_tgs from construct_authenticator so that it is available for encrypting authorization data. * Initialize rep->message_type and note that rep is touched on unsuccessful calls (this has always been true). * Do not set *subkey until successful return. Thanks to Greg Hudson for pointing out these problems. Ticket: 6393 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22044 dc483132-0cff-0310-8789-dd5450dbe970
* Some fixups and stubs for building ccapi on UNIX, and dependencies.Ken Raeburn2009-02-184-4/+27
| | | | | | | | | (Doesn't make a complete working implementation, but it mostly compiles.) Does *not* include the changes to actually cause the ccapi code to get built in normal UNIX builds. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22023 dc483132-0cff-0310-8789-dd5450dbe970
* Revert the fopen part of the previous krb5_kuserok change, but keepGreg Hudson2009-02-171-5/+4
| | | | | | | the string-handling change. It introduced an unwanted behavior change when .k5login was detectable but unreadable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22011 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_kuserok, just try opening .k5login; don't check ahead of timeGreg Hudson2009-02-171-9/+11
| | | | | | | whether it looks accessible. Also rewrite the construction of the .k5login filename to use snprintf instead of strnpy/strncat. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22010 dc483132-0cff-0310-8789-dd5450dbe970
* Correct numerous memory leaks on error conditions in the ASN.1Greg Hudson2009-02-133-299/+1030
| | | | | | decoder functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22004 dc483132-0cff-0310-8789-dd5450dbe970
* In tgs_construct_tgsreq, free scratch even if scratch->data is NULL.Greg Hudson2009-02-131-2/+2
| | | | | | | (Which probably can't happen, but static analyzers don't know that.) Also protect scratch from being freed before initialization. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22002 dc483132-0cff-0310-8789-dd5450dbe970
* Implement TGS authenticator subkey usageSam Hartman2009-02-134-35/+52
| | | | | | | | | | | | | | | | | Implement support for use of a subkey in the TGS req. This is needed by FAST TGS support. The interface to krb5_send_tgs changed in order to gain a subkey output parameter. Since this is a private interface it was renamed to krb5int_send_tgs and removed from the export list. * send_tgs.c: generate a subkey and return to caller * decode_kdc_rep.c: Use subkey keyusage * gc_via_tkt.c: pass in subkey to decode_kdc_rep * send_tgs.c: use subkey for encrypting authorization data ticket: 6393 tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21993 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_get_in_tkt_with_password, free opte before returning the errorGreg Hudson2009-02-121-1/+1
| | | | | | from krb5_unparse_name, not after. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21985 dc483132-0cff-0310-8789-dd5450dbe970
* Make output parameter of krb5_generate_subkey_extended well-defined onGreg Hudson2009-02-121-7/+15
| | | | | | error, and reformat function to fit coding standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21984 dc483132-0cff-0310-8789-dd5450dbe970
* Remove useless unsigned >=0 testsKen Raeburn2009-02-121-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21983 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_rc_io_open_internal, d->fn is always set for the cleanupGreg Hudson2009-02-121-6/+4
| | | | | | handler, so do not check it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21982 dc483132-0cff-0310-8789-dd5450dbe970
* Modify asn12krb5_buf and asn1_do_full_encode to make output parameterGreg Hudson2009-02-122-18/+27
| | | | | | | values well-defined on error. Clean up memory handling and an unused variable in asn1_do_full_encode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21981 dc483132-0cff-0310-8789-dd5450dbe970
* Fix allocation failure check in walk_rtreeGreg Hudson2009-02-121-1/+1
| | | | | | | | | | | Check the correct variable for null after allocating the server string in rtree_capath_vals. ticket: 6392 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21980 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure we have a free function for every data type we have an ASN.1Greg Hudson2009-02-112-7/+44
| | | | | | | | | decoder for. Export the new free functions, but only declare them in k5-int.h since they shouldn't be needed by applications. Also export a couple of encoder and decoder functions not previously exported. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21969 dc483132-0cff-0310-8789-dd5450dbe970
* Add test for krb5_cc_get_principal and ensure returned value correctEzra Peisach2009-02-111-1/+22
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21967 dc483132-0cff-0310-8789-dd5450dbe970
* pull in unicode stuff on windowsKen Raeburn2009-02-111-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21961 dc483132-0cff-0310-8789-dd5450dbe970
* hide stat buf init on windowsKen Raeburn2009-02-111-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21960 dc483132-0cff-0310-8789-dd5450dbe970
* make build on windows, in current makefile frameworkKen Raeburn2009-02-112-5/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21959 dc483132-0cff-0310-8789-dd5450dbe970
* Windows version of 'copy a bunch of files around'Ken Raeburn2009-02-111-0/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21958 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_ccache_internalize: fix resource leaks, fix several casesGreg Hudson2009-02-101-25/+46
| | | | | | | | where success could be returned on failure, validate the length of the ccache name, make the value of *argp well-defined on failure, and lay out the function in a linear style with a cleanup handler. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21952 dc483132-0cff-0310-8789-dd5450dbe970
* In the ccache serialization code, remove some unnecessary checks forGreg Hudson2009-02-101-4/+3
| | | | | | | nullity of ccache->ops; we assume a valid ops pointer in neighboring parts of the code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21951 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak (unlikely to happen in practice) in krb5_mcc_store;Greg Hudson2009-02-101-5/+6
| | | | | | use a cleanup handler for robustness. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21950 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust the structure of krb5_decode.c functions to initialize outputGreg Hudson2009-02-101-375/+432
| | | | | | | | parameters to NULL and not set them to the real values until a successful return is guaranteed. Also fix get_eoc which was returning without clean_return. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21940 dc483132-0cff-0310-8789-dd5450dbe970
* Make asn1buf_destroy return void, since it's a free function. InGreg Hudson2009-02-093-23/+23
| | | | | | | krb5_encode.c functions, make *code well-defined in case of error, and clean up some memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21928 dc483132-0cff-0310-8789-dd5450dbe970
* In asn1_k_encode.c, stop inconsistently destroying buf on some errors.Greg Hudson2009-02-091-23/+7
| | | | | | It belongs to the caller. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21927 dc483132-0cff-0310-8789-dd5450dbe970
* Fix one more case of an explicit null check before calling a freeKen Raeburn2009-02-091-7/+2
| | | | | | | | | | | function that does the null check. Also, use krb5_free_keyblock_contents instead of open-coding all the work (and not trying hard enough to clear the memory). ticket: 6377 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21926 dc483132-0cff-0310-8789-dd5450dbe970
* Check if mem allocation was successfulZhanna Tsitkov2009-02-091-127/+115
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21925 dc483132-0cff-0310-8789-dd5450dbe970
* Fix possible free of uninitialized value in walk_rtreeGreg Hudson2009-02-091-1/+1
| | | | | | | | | | | | | In rtree_hier_realms, if the first rtree_hier_tweens call failed, the cleanup handler would free stweens which had not been initialized. Initialize ctweens and stweens to NULL in the variable declarations to make the cleanup handler safe. ticket: 6379 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21924 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 20:20:33 +0000