summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* pullup to trunkAlexandra Ellwood2007-08-241-2/+2
| | | | | | | ticket: 5643 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19871 dc483132-0cff-0310-8789-dd5450dbe970
* In clean-windows, replace spaces with tabEzra Peisach2007-08-241-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19870 dc483132-0cff-0310-8789-dd5450dbe970
* no unistd.h on WindowsJeffrey Altman2007-08-241-0/+2
| | | | | | | | do not include unistd.h on Windows because it doesn't exist ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19851 dc483132-0cff-0310-8789-dd5450dbe970
* cleanup src/lib/gssapi/krb5/error_map.h on WindowsJeffrey Altman2007-08-241-0/+2
| | | | | | | | during 'clean' delete the generated file error_map.h ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19850 dc483132-0cff-0310-8789-dd5450dbe970
* Added errmap.h to the generate-files-mac targetAlexandra Ellwood2007-08-201-1/+1
| | | | | | ticket: 5654 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19846 dc483132-0cff-0310-8789-dd5450dbe970
* read_entropy_from_device on partial read will not fill bufferEzra Peisach2007-08-201-4/+6
| | | | | | | | | | | | | | | read_entropy_from_device() will loop in read until the desired number of bytes are read from the device (/dev/random, /dev/urandom). I have observed that for /dev/random, if there is not enough bits available for reading - it will return a partial read. The code would loop in this case, but never advance the location to place the new bytes - hence the start of the buffer would be filled again - leaving the tail end as stack garbage. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19845 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-08-1633-1449/+1580
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970
* remap mechanism-specific status codes in mechglue/spnegoKen Raeburn2007-08-1637-95/+596
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch creates a mapping in the mechglue/spnego code to modify mechanism status codes when passing them back to the application, so that mechglue's display_status dispatcher can determine the correct mechanism to dispatch to. This is part of the "get enhanced error messages from gssapi applications" project; ticket 5590 has updates to the Kerberos 5 mechanism to extract enhanced error messages (when there are any) from the Kerberos library. util/gen.pl, util/t_*.pm: New code generation script and templates. lib/gssapi/generic: Add a new, global mapping that enumerates the {mechOID,status} pairs as they're seen, allowing a magic mechOID value to indicate com_err error codes from mechglue and spnego, and reserving status code 0 for unknown errors. Preload the Kerberos "wrong principal" error code once for each mechanism OID used for Kerberos, so the entries get fixed positions (1-3) in the table. lib/gssapi/gss_libinit.c: Call the initializer and destructor functions. lib/gssapi/mechglue, lib/gssapi/spnego: Enter all mechanism-generated or locally-generated status codes into the mapping table, and return the table index to the application. Do the reverse in display_status, to get the messages from the mechanism.. lib/rpc: Define new function gssrpcint_printf to use for debugging instead of printf, to redirect output away from dejagnu; add a couple more debugging calls. Check for minor status codes 1-3 now instead of KRB5KRB_AP_WRONG_PRINC. tests/dejagnu/krb-standalone/gssftp.exp: Test getting more detailed error messages back, by having the ftp client attempt to authenticate to a non-existent service, and examining the error message for the service principal name. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19831 dc483132-0cff-0310-8789-dd5450dbe970
* (krb5_gss_internal_release_oid): Always clear *minor_statusKen Raeburn2007-08-161-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19830 dc483132-0cff-0310-8789-dd5450dbe970
* Change prototype for g_token_size to match function declaration laterEzra Peisach2007-08-161-1/+1
| | | | | | | | | | in file. (OM_Uint32 changed to unsigned int). On a 64 bit architecture, they are different. ticket: 5581 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19828 dc483132-0cff-0310-8789-dd5450dbe970
* compilation failure with IRIX native compilerEzra Peisach2007-08-161-1/+1
| | | | | | | | | gss_release_buffer takes OM_uint32* as an argument, not OM_uint32. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19827 dc483132-0cff-0310-8789-dd5450dbe970
* sprintf conversion to snprintf in r19703 introduced some signed/unsignedEzra Peisach2007-08-152-4/+4
| | | | | | warnings. Cleanup. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19823 dc483132-0cff-0310-8789-dd5450dbe970
* t_ser should no longer use kdb librariesEzra Peisach2007-08-142-4/+2
| | | | | | | | | | Remove the call to krb5_db_fini() - as rest of the db code was pulled during DAL integration. This removes dependency on db libraries - alter Makefile.in. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19822 dc483132-0cff-0310-8789-dd5450dbe970
* Free memory leak in do_test() from asprintf integrationEzra Peisach2007-08-141-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19821 dc483132-0cff-0310-8789-dd5450dbe970
* remove inadvertent commit of symbols temporarily exported in Jeffrey Altman2007-08-141-9/+0
| | | | | | | | a sandbox to permit building of pkinit code on Windows. ticket: 5645 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19819 dc483132-0cff-0310-8789-dd5450dbe970
* export krb5_get_profileJeffrey Altman2007-08-111-2/+10
| | | | | | | | | | Export krb5_get_profile. Remove comment saying it should be added and just do it. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19818 dc483132-0cff-0310-8789-dd5450dbe970
* Release mechtok_out in spnego_gss_init_sec_context.Tom Yu2007-08-071-0/+1
| | | | | | | | | | | Reported by Markus Moeller. ticket: 5629 version_reported: 1.6.1 target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19757 dc483132-0cff-0310-8789-dd5450dbe970
* missing commaJeffrey Altman2007-08-061-2/+3
| | | | | | | | | | The pkinit additions in revision 18973 left out a comma after the last function in the list. This caused builds that did not define DESIGNATED_INITIALIZERS to break. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19755 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_fcc_generate_new() doesn't work with mkstemp()Tom Yu2007-08-041-46/+44
| | | | | | | | | | | | | | If mkstemp() is available, the new ccache file gets created but the subsequent open(O_CREAT|O_EXCL) call fails because the file was already created by mkstemp(). Apply patch from Apple to keep the file descriptor open. ticket: new tags: pullup target_version: 1.6.3 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19749 dc483132-0cff-0310-8789-dd5450dbe970
* Based on Apple's patch, during the referrals loop, check to see if theTom Yu2007-08-031-65/+95
| | | | | | | | | | | session key enctype of a returned credential for the final service is among the enctypes explicitly selected by the application, and retry with old_use_conf_ktypes if it is not. ticket: 4950 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19748 dc483132-0cff-0310-8789-dd5450dbe970
* Add internal prototype for krb5_preauth_supply_preauth_data(). Clean up Ezra Peisach2007-08-034-492/+521
| | | | | | | | some shadow variable warnings, make depend... ticket: 5617 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19746 dc483132-0cff-0310-8789-dd5450dbe970
* Add PKINIT supportKevin Coffman2007-08-018-22/+1335
| | | | | | | | | | | | | | | | Pull up PKINIT support onto the trunk. Changes from the version in branch users/coffman/pkinit are: - Update the preauth plugin interface version to avoid conflict with any existing plugins. - Add a pkcs11.h locally to the pkinit code rather than depending on opensc being installed. ticket: new Target_Version: 1.6.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19745 dc483132-0cff-0310-8789-dd5450dbe970
* Set KTFILEP field to null any time we close the fileKen Raeburn2007-07-271-0/+3
| | | | | | | ticket: 3099 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19739 dc483132-0cff-0310-8789-dd5450dbe970
* Debugged version of patch worked up with LukeKen Raeburn2007-07-275-18/+70
| | | | | | | | | | | | Adds a callback to krb5int_sendto to examine the response and indicate whether to quit the loop or not. For sendto_kdc, keep going if the returned error is "service unavailable". Updated all other callers to pass a null function pointer, which means to always break out of the loop on any response (the old behavior). ticket: 3334 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19738 dc483132-0cff-0310-8789-dd5450dbe970
* Check for null file handle in get_next.Ken Raeburn2007-07-271-0/+4
| | | | | | | | Patch from Luke Howard. ticket: 5471 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19736 dc483132-0cff-0310-8789-dd5450dbe970
* If no salt is included with the key data, set the salt length field to 0.Ken Raeburn2007-07-271-1/+2
| | | | | | | | Bug report and patch from Nalin Dahyabhai. ticket: 5545 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19733 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out code for looking up the current time, comparing the offset ofKen Raeburn2007-07-204-37/+19
| | | | | | | a supplied timestamp against the configured maximum clock skew, and possibly generating an error message, into a separate routine. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19722 dc483132-0cff-0310-8789-dd5450dbe970
* Added new autogenerated file to generate-files-mac targetAlexandra Ellwood2007-07-191-1/+1
| | | | | | ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19718 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-07-131-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19710 dc483132-0cff-0310-8789-dd5450dbe970
* Missed a sprintf->snprintf switchKen Raeburn2007-07-121-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19706 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid use of unchecked sprintf in libraries. Use asprintf if theKen Raeburn2007-07-1234-273/+284
| | | | | | | output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
* Nuke disabled support for ancient .klogin syntaxKen Raeburn2007-07-124-871/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19702 dc483132-0cff-0310-8789-dd5450dbe970
* Make error_map.h depend on ktemplate.pm tooKen Raeburn2007-07-041-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19675 dc483132-0cff-0310-8789-dd5450dbe970
* gss krb5 mech enhanced error messagesKen Raeburn2007-07-0425-48/+260
| | | | | | | | | | | | | | | | | | | | | | Save detailed error messages (usually from the krb5 library) in per-thread storage, mapping each error code to the most recently produced message for it. Return the message from display_status. Currently not implemented for a few cases where the krb5 mechanism returns a minor status code of 0, or another value different from the libkrb5 error code. Other functions are available to store a generic string or formatted message, but aren't used much at present. Tested with these errors in context establishment: * missing ccache (libkrb5 shows pathname if FILE: type) * missing keytab (libkrb5 shows pathname if FILE: type) * server principal unknown (libkrb5 shows server principal) ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19672 dc483132-0cff-0310-8789-dd5450dbe970
* Use strdupKen Raeburn2007-07-041-3/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19671 dc483132-0cff-0310-8789-dd5450dbe970
* Some handy debugging code for gssapi errors in credential acquisition; ↵Ken Raeburn2007-07-041-0/+44
| | | | | | currently disabled git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19667 dc483132-0cff-0310-8789-dd5450dbe970
* If error is KDC_ERR_S_PRINCIPAL_UNKNOWN, report the server nameKen Raeburn2007-07-041-0/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19666 dc483132-0cff-0310-8789-dd5450dbe970
* In file-not-found case, report the filename soughtKen Raeburn2007-07-041-4/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19665 dc483132-0cff-0310-8789-dd5450dbe970
* Remove debugging message accidentally left inKen Raeburn2007-07-041-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19664 dc483132-0cff-0310-8789-dd5450dbe970
* Save a detailed message for FCC_NOFILE including the file nameKen Raeburn2007-07-041-2/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19663 dc483132-0cff-0310-8789-dd5450dbe970
* Tell Emacs to use C mode for this fileKen Raeburn2007-07-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19660 dc483132-0cff-0310-8789-dd5450dbe970
* Define a localtime_r wrapper around localtime if the system doesn'tKen Raeburn2007-06-291-7/+17
| | | | | | | | provide localtime_r, instead of handling it in-line. Check for error indication from localtime_r. Call localtime_r only once instead of each time around the loop. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19655 dc483132-0cff-0310-8789-dd5450dbe970
* Attach format attributes to declarations of various message-formattingKen Raeburn2007-06-292-20/+23
| | | | | | | | | | | | | routines under gcc. In a couple of routines, hard-code the preference for using the vsnprintf paths instead of list-of-int-arguments hacks now that we're assuming vsnprintf is available in other places. Installed headers affected: com_err.h (com_err, com_err_va) ss.h (ss_error) krb5.h (krb5_set_error_message, krb5_vset_error_message) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19653 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2007-004 [CVE-2007-2442/VU#356961, CVE-2007-2443/VU#365313]Tom Yu2007-06-262-5/+8
| | | | | | | | | | | | | | | CVE-2007-2442/VU#356961: The RPC library can free an uninitialized pointer. This may lead to execution of arbitrary code. CVE-2007-2443/VU#365313: The RPC library can write past the end of a stack buffer. This may (but is unlikely to) lead to execution of arbitrary code. ticket: new target_version: 1.6.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19636 dc483132-0cff-0310-8789-dd5450dbe970
* Move (BSD-licensed) mkstemp from libdb2 to libkrb5support, and renameKen Raeburn2007-06-201-4/+0
| | | | | | | | | | | | | the function to krb5int_mkstemp. Generate the symbol export list for libkrb5support at build time. Declare krb5int_mkstemp in k5-platform.h. Change cc_file.c to use mkstemp unconditionally. Make libdb2.so (built for testing only) link against the libkrb5support, and use krb5int_mkstemp if mkstemp is not available. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19600 dc483132-0cff-0310-8789-dd5450dbe970
* set svn:eol-style to native for *.[ch]Ken Raeburn2007-06-201-94/+94
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19596 dc483132-0cff-0310-8789-dd5450dbe970
* provide asprintf functionality for internal useKen Raeburn2007-06-201-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I plan to use asprintf in some gssapi error-message management routines, so let's make sure we have the functionality available, implementing it locally if necessary. This implementation assumes vsnprintf is available, an assumption that the support library is already making at the moment. Since this implementation requires calling vsnprintf potentially multiple times with the same va_list, use va_copy if it's available, or provide a hack version (which should work okay if va_list is a scalar or array type that requires no other special handling, and if va_end does nothing interesting, which is usually the case) if the compiler doesn't provide it. I also changed a couple bits of code to use asprintf, to make sure we exercise our implementation in testing. (C99 requires vsnprintf and va_copy; vasprintf is a GNU/BSD extension, but an oh so useful one....) * configure.in: Check for va_copy, or if va_list objects can be simply assigned. Define HAS_VA_COPY and CAN_COPY_VA_LIST as appropriate. * include/k5-platform.h: Define a va_copy macro if the compiler doesn't provide it. * include/k5-platform.h: If vsnprintf isn't available from the OS, abort compilation. If vasprintf isn't available from the OS, provide k5_{v,}asprintf based on vsnprintf and define {v,}asprintf macros. * lib/krb5/keytab/t_keytab.c (do_test): Use asprintf. * util/support/errors.c (krb5int_vset_error): Use asprintf unconditionally. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19595 dc483132-0cff-0310-8789-dd5450dbe970
* set eol-style and mime-type propertiesKen Raeburn2007-06-191-677/+677
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19594 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_walk_realm_tree leaks in capaths caseTom Yu2007-06-181-0/+3
| | | | | | | | | | | | | | | Markus Moeller reports a leak in krb5_get_credentials() which was then traced down to profile strings leaking from within krb5_walk_realm_tree(). A pointer to a profile string was getting overwritten without the string being freed when *cap_nodes[0] == '.'. Fix is to free the string prior to overwriting the pointer if the pointer is non-null. ticket: new target_version: 1.6.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19582 dc483132-0cff-0310-8789-dd5450dbe970
* Move CCAPI sources to krb5 repositoryAlexandra Ellwood2007-05-312-3/+3
| | | | | | | ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19564 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-03 23:12:48 +0000