| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20897 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
seconds. Code changes from a patch submitted by umich.
ticket: 6120
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20810 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
to set the error status field and generated a dead code warning).
ticket: 6121
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20809 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20605 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
socket on Windows with SOCKET (instead of int) and
replace all calls to close() that are used to close
sockets with closesocket().
src/include/port-sockets.h includes the definitions
of SOCKET and closesocket() for non-Windows systems.
ticket: 6041
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20578 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20506 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix various memory leaks that show up mostly in error cases (e.g.,
failure to allocate one small object, and then we forget to free
another one).
ticket: new
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20481 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
leak in unlikely small-allocation failure case.
ticket: new
target_version: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20477 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20470 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
rpc code)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20468 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20386 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
we try to connect to it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20364 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20351 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20310 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix MITKRB5-SA-2008-002: array overrun in libgssrpc.
Don't update the internally-tracked maximum file descriptor value if
the new one is FD_SETSIZE (or NOFILE) or above. Reject TCP file
descriptors of FD_SETSIZE (NOFILE) or above.
ticket: new
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20278 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
ticket: 5855
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20181 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
opened in our libraries (in case another application thread spawns a
new process) and in the KDC programs (in case a plugin library spawns
a new process).
Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup
dup2 pipe. In: util lib plugins kdc kadmin/server krb524.
The various programs are less critical than the libraries, as any
well-written plugin that spawns a new process should close all file
descriptors it doesn't need to communicate with the new process.
This approach also isn't bulletproof, as the call to set the
close-on-exec flag is necessarily a separate call from creating the
file descriptor, and the fork call could happen in between them. So
plugins should be careful regardless of this patch; it will only
reduce the window of potential lossage should a plugin be poorly
written. (AFAIK there are currently no plugins that spawn processes
where this would be a problem.)
Update dependencies.
ticket: 5561
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
initial patch. Memory written to by the IXDR macro calls had not been
accounted for. Thanks to Kevin Coffman, Will Fiveash, and Nico
Williams for discovering this bug and assisting with patch
development.
ticket: 5706
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19923 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
by only one mechanism. Revert RPC code to relying on this.
Build error-mapping code on a bidirectional map instead of a simple
array. When a status code is returned but has been seen returned from
a different mechanism already, generate a new number, starting at
100,000.
Use gssrpcint_printf for some more debugging code.
ticket: 5654
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19919 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19916 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure svcauth_gss_validate adequately checks oa->oa_length prior
to copying into rpcbuf.
ticket: new
target_version: 1.6.3
tags: pullup
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19913 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch creates a mapping in the mechglue/spnego code to modify
mechanism status codes when passing them back to the application, so
that mechglue's display_status dispatcher can determine the correct
mechanism to dispatch to.
This is part of the "get enhanced error messages from gssapi
applications" project; ticket 5590 has updates to the Kerberos 5
mechanism to extract enhanced error messages (when there are any) from
the Kerberos library.
util/gen.pl, util/t_*.pm: New code generation script and templates.
lib/gssapi/generic: Add a new, global mapping that enumerates the
{mechOID,status} pairs as they're seen, allowing a magic mechOID value
to indicate com_err error codes from mechglue and spnego, and
reserving status code 0 for unknown errors. Preload the Kerberos
"wrong principal" error code once for each mechanism OID used for
Kerberos, so the entries get fixed positions (1-3) in the table.
lib/gssapi/gss_libinit.c: Call the initializer and destructor
functions.
lib/gssapi/mechglue, lib/gssapi/spnego: Enter all mechanism-generated
or locally-generated status codes into the mapping table, and return
the table index to the application. Do the reverse in display_status,
to get the messages from the mechanism..
lib/rpc: Define new function gssrpcint_printf to use for debugging
instead of printf, to redirect output away from dejagnu; add a couple
more debugging calls. Check for minor status codes 1-3 now instead of
KRB5KRB_AP_WRONG_PRINC.
tests/dejagnu/krb-standalone/gssftp.exp: Test getting more detailed
error messages back, by having the ftp client attempt to authenticate
to a non-existent service, and examining the error message for the
service principal name.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19831 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
output buffer is allocated according to the size of data to be
written, or snprintf otherwise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2007-2442/VU#356961: The RPC library can free an uninitialized
pointer. This may lead to execution of arbitrary code.
CVE-2007-2443/VU#365313: The RPC library can write past the end of a
stack buffer. This may (but is unlikely to) lead to execution of
arbitrary code.
ticket: new
target_version: 1.6.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19636 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Explicitly null out xprt->xp_auth when AUTH_GSSAPI is being used, so
that svctcp_destroy() will not call through an uninitialized function
pointer after code in svc_auth_gssapi.c has destroyed expired state
structures. We can't unconditionally null it because the RPCSEC_GSS
implementation needs it to retrieve state.
ticket: new
target_version: 1.6
tags: pullup
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19042 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18758 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18719 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18712 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18647 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
build time, and which is the only place we use them from anyways.
Update Makefile references and dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18589 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
instead of NULL with gss_init_sec_context to increase readbility.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18337 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Change all file substitutions so that @-patterns start at the beginning
of their lines, as now required by autoconf 2.60 (released Monday).
ticket: new
target_version: 1.5
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18249 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mechglue and SPNEGO implementations. Additional changes outside of
src/lib/gssapi:
* src/configure.in: Add lib/gssapi/mechglue and lib/gssapi/spnego
to list of directories to output Makefile in.
* src/lib/rpc/unit-test/rpc_test.0/expire.exp (expired): Update
regexp for mechglue.
* src/tests/dejagnu/krb-standalone/v4gssftp.exp (v4ftp_test):
Update "Miscellaneous failure" regexp for mechglue.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18131 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
still leaves out appl and tests, and static library and plugin directories.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18068 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Create include/krb5 directory, and put krb5.h and (k5-)locate.h there in the
build tree. Stub krb5.h in main include directory just includes krb5/krb5.h.
Update dependencies, and add dependencies in a couple Makefiles that didn't
have them.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18030 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18011 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
ticket: new
target_version: 1.5
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17952 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
subversion commit log entry needs to include information that would
have been in the changelog.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17893 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17885 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17838 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17826 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
currently depending on command-line macro settings.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17825 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17811 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
(HAVE_MEMMOVE): Don't define.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17807 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17792 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
include directives sometimes using krb5/foo.h and sometimes using foo.h, and
-I options always given for both directories in both source and build trees,
push include/krb5/* up a level and drop the krb5 directory (except, for the
moment, the change log).
Updated #include directives, -I options, and dependencies accordingly, and
deleted one or two bits of old, unused code that was noticed in the process.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17730 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
Fix some more executable permissions missing from import.
ticket: new
tags: pullup
target_version: 1.4.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17357 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
set on svn:ignore properties.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17353 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17342 dc483132-0cff-0310-8789-dd5450dbe970
|