summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* In the resolve function - ensure on memory allocation error - Ezra Peisach2007-02-121-3/+6
| | | | | | | | | | deref of null pointer does not happen. Also include kt-int.h for prototypes. ticket: 5411 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19153 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_kt_default_name should take an unsized lengthEzra Peisach2007-02-051-5/+5
| | | | | | | | | | The internal code to krb5_kt_default_name was casting the length to size_t. Change prototype to take an unsigned - which makes sense in how the code uses it. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19144 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_kt_get_type should return const char *. Ezra Peisach2007-02-053-4/+4
| | | | | | | | | | | | The code returns a pointer to static structures. Just to enforce the assumption that users can not change the returned data. Change prototype of krb5_kt_get_type to return const char *. The other changes are to clean up warnings - no change in code - usage assumed const. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19143 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new program to perform various tests on the WRFILE: and MEMORY: keytabsEzra Peisach2007-02-042-8/+461
| | | | | | | | | | I developed this program to test functionality of the MEMORY keytab - which resulted in the numerous fixes that have been committed recently. Tests all functioanlity of keytabs except for krb5_kt_default() and krb5_kt_read_service_key() - although essential functionality tested. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19142 dc483132-0cff-0310-8789-dd5450dbe970
* MEMORY keytab krb5_kt_get_entry sets enctype to 0 if unspecifiedEzra Peisach2007-02-041-10/+10
| | | | | | | | | | | | | If one invokes krb5_kt_get_entry() for a memory keytab w/ an unspecified enctype (i.e. 0) - the returned keytab has it's enctype set to 0 as well. Also - in copying out the found keytab_entry - when a kvno is unspecified, the last match found is used - not the one with the highest vno. This was caused by copying out the variable "entry" and not "match". Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19141 dc483132-0cff-0310-8789-dd5450dbe970
* MEMORY keytab does not copy keytab_entry keyblock contentsEzra Peisach2007-02-041-3/+21
| | | | | | | | | | | | | | | | | In krb5_kt_add_entry: The MEMORY keytab does not make a copy of the keytab_entry keyblock contents - but instead retains a pointer to the incomming one. In krb5_kt_get_entry and krb5_kt_get_next - a pointer to internal keyblock contents memory is returned to the caller - which is subsequently freed when tht caller invokes krb5_free_keytab_entry_contents. Solution is to use krb5_copy_keyblock_contents() instead of simply copying the structure. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19140 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak in new memory keytabEzra Peisach2007-02-031-0/+2
| | | | | | | | | | The memory keytab introduced in ticket 5411 suffers from a memory leak in the Heimdal compatible kt_close() handling and thread destructor in which the cursor->entry is not freed. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19138 dc483132-0cff-0310-8789-dd5450dbe970
* buffer overflow in krb5_kt_get_nameEzra Peisach2007-02-013-3/+3
| | | | | | | | | | | | | | | | | | | | | krb5_kt_get_name() allows the called to specify the size of the buffer to copy the name into. The size must be big enough for the tailing nul character. If one specified a buffer length that is precisely the strlen w/o allowing for the nul - the functions would copy one past the end of the buffer. No code in our tree would be subject this problem - as buffers in use are 1024 or BUFSIZ.... The logic failure was: strlen(p+1) vs. strlen(p)+1 The code is essentially duplicated in the three changed files. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19137 dc483132-0cff-0310-8789-dd5450dbe970
* Don't need to initialize error tablesKen Raeburn2007-02-011-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19133 dc483132-0cff-0310-8789-dd5450dbe970
* Don't need to register WRFILE: keytab type, it's already in the compiled-inKen Raeburn2007-02-011-7/+1
| | | | | | list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19132 dc483132-0cff-0310-8789-dd5450dbe970
* Fix merge botches:Tom Yu2007-01-312-12/+30
| | | | | | | | | | | | restore krb5_get_init_creds_opt_set_change_password_prompt() undo accidental reversion of preauth_tryagain change to krb5_get_init_creds() ticket: 5420 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19131 dc483132-0cff-0310-8789-dd5450dbe970
* remove krb5_get_init_creds_opt_set_pkinit() for nowTom Yu2007-01-312-64/+0
| | | | | | | ticket: 5420 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19130 dc483132-0cff-0310-8789-dd5450dbe970
* sort, remove duplicatesKen Raeburn2007-01-301-7/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19129 dc483132-0cff-0310-8789-dd5450dbe970
* get_init_creds_opt extensibilityTom Yu2007-01-307-63/+590
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r18922@cathode-dark-space: coffman | 2006-12-04 18:30:15 -0500 First cut at making the get_init_creds_opt structure extendable and adding library functions to set options for preauthentication plugins. This does *not* include a compatibility function to work like Heimdal's krb5_get_init_creds_opt_set_pkinit() function. Hopefully, the test code that doesn't belong in kinit.c is obvious. r18929@cathode-dark-space: coffman | 2006-12-07 10:01:20 -0500 Remove extra "user_id" parameter. Add function which duplicates the Heimdal interface (if we can agree on what the matching attribute names should be). r18934@cathode-dark-space: coffman | 2006-12-08 15:28:03 -0500 Update to use the simplified interface for krb5_get_init_creds_opt_set_pa() Add code in kinit to process "-X" options as preauth options and pass them along. r18936@cathode-dark-space: coffman | 2006-12-11 12:04:26 -0500 Move prototypes for get_init_creds_opt_get_pa() and krb5_get_init_creds_opt_free_pa() into the preauth_plugin.h header rather than krb5.hin. ticket: new status: open component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19127 dc483132-0cff-0310-8789-dd5450dbe970
* This commit adds a thread safe MEMORY keytab implementation Jeffrey Altman2007-01-305-11/+720
| | | | | | | | | | | | | | | that is compatible with Heimdal 0.7. Each successful resolve returns a handle to a keytab and increases the internal reference count. Each close invalidates the handle and decreases the reference count. When the reference count hits zero, the keytab is destroyed. When a kt_destroy function is added, the automatic destruction after close behavior will be removed. ticket: 5411 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19126 dc483132-0cff-0310-8789-dd5450dbe970
* sortKen Raeburn2007-01-271-9/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19119 dc483132-0cff-0310-8789-dd5450dbe970
* sortKen Raeburn2007-01-271-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19114 dc483132-0cff-0310-8789-dd5450dbe970
* Add const to variable to cleanup warningsEzra Peisach2007-01-231-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19108 dc483132-0cff-0310-8789-dd5450dbe970
* Include k5-int.h for krb5_cc_register() prototype. Remove defintion ofEzra Peisach2007-01-231-2/+1
| | | | | | krb5_cc_dfl_ops - as k5-int.h defines. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19107 dc483132-0cff-0310-8789-dd5450dbe970
* Change second argument to krb5_cc_register to take a const krb5_cc_ops *. MakesEzra Peisach2007-01-231-1/+2
| | | | | | | sense - when krb5_Xcc_ops currently defined as such - and assignment of value assumes same. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19106 dc483132-0cff-0310-8789-dd5450dbe970
* gss_krb5int_unseal_token_v3() - change bodysize argument to unsigned -Ezra Peisach2007-01-232-2/+3
| | | | | | | which is consistent with how it is invoked and used. Cleans up two signed/unsigned warnings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19105 dc483132-0cff-0310-8789-dd5450dbe970
* kt_file.c memory leak on error in krb5_kt_resolve / krb5_kt_wresolveJeffrey Altman2007-01-231-0/+2
| | | | | | | | | | The krb5_kt_resolve and krb5_kt_wresolve functions leak the 'data' memory allocation if the lock cannot be initialized. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19104 dc483132-0cff-0310-8789-dd5450dbe970
* Include fake-addrinfo.h before krb5.h to get proper structure declarationsEzra Peisach2007-01-221-3/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19103 dc483132-0cff-0310-8789-dd5450dbe970
* Only declare cc_fcc_entry if USE_KEYRING_CCACHE is not definedEzra Peisach2007-01-211-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19102 dc483132-0cff-0310-8789-dd5450dbe970
* Don't copy headers to .../includeKen Raeburn2007-01-201-8/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19097 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-01-202-11/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19096 dc483132-0cff-0310-8789-dd5450dbe970
* Don't explicitly include error table headers that are also in krb5.hKen Raeburn2007-01-202-5/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19094 dc483132-0cff-0310-8789-dd5450dbe970
* Remove varargs.h paths, always use stdarg.hKen Raeburn2007-01-201-4/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19088 dc483132-0cff-0310-8789-dd5450dbe970
* Don't define KRB5_PRIVATE, since it's not tested any moreKen Raeburn2007-01-201-5/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19083 dc483132-0cff-0310-8789-dd5450dbe970
* Delete t_cccursor on cleanup. Add t_cc and t_cccursor to dependenciesKen Raeburn2007-01-201-1/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19076 dc483132-0cff-0310-8789-dd5450dbe970
* Add t_cccursor to UNIX testsKen Raeburn2007-01-201-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19075 dc483132-0cff-0310-8789-dd5450dbe970
* Added KDC timesyncing support to the CCAPI ccache backend for CCAPI v5 andAlexandra Ellwood2007-01-181-10/+72
| | | | | | | | | later. v5 is the first version of the CCAPI to support the kdc timesyncing API. ticket: 5403 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19071 dc483132-0cff-0310-8789-dd5450dbe970
* In addition to setting the kpasswd port afterJeffrey Altman2007-01-181-1/+3
| | | | | | | | | | searching for kadmind host addresses we must also set the socket type according to the request. ticket: 5393 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19070 dc483132-0cff-0310-8789-dd5450dbe970
* sendto_kdc.c: use of a variable index into a dynamically Jeffrey Altman2007-01-181-2/+2
| | | | | | | | | | | | | | | | allocated array to determine the sizeof() an object makes it unclear what type of object is involved. It also requires a runtime check instead of a compile time replacement. Not to mention that it could lead to the evaluation of an uninitialized variable as was done in this case. Replace sizeof(array index variable) with sizeof(type). memset() the correct data structure. ticket: 5394 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19065 dc483132-0cff-0310-8789-dd5450dbe970
* * t_cccursor.c (do_chk): Reverse sense of test of do_chk_one return valueKen Raeburn2007-01-171-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19064 dc483132-0cff-0310-8789-dd5450dbe970
* This commit adds two new functions, krb5_server_decrypt_ticket_keyblock Jeffrey Altman2007-01-164-0/+107
| | | | | | | | | | | | | | | | | (private) and krb5_server_decrypt_ticket_keytab (public). These functions take a krb5_ticket as input and decrypt it using the provided key data. The public function is useful for higher level application protocols such a TLS-KRB5 and AFS RX-KRB5 which exchange a service but do not use the AP-REQ/AP-REP messages. This commit also adds new functionality to kvno which permits kvno when provided a keytab as input to verify whether or not the keytab contains a key that can successfully decrypt the obtains service ticket. ticket: 5349 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19062 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2006-003: mechglue argument handling too laxTom Yu2007-01-0924-277/+827
| | | | | | | | | | | | | | | Fix mechglue argument checks so that output pointers are always initialized regardless of whether the other arguments fail to validate for some reason. This avoids freeing of uninitialized pointers. Initialize the gss_buffer_descs in ovsec_kadmd.c. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19043 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2006-002: svctcp_destroy() can call uninitialized function pointerTom Yu2007-01-091-0/+5
| | | | | | | | | | | | | | | Explicitly null out xprt->xp_auth when AUTH_GSSAPI is being used, so that svctcp_destroy() will not call through an uninitialized function pointer after code in svc_auth_gssapi.c has destroyed expired state structures. We can't unconditionally null it because the RPCSEC_GSS implementation needs it to retrieve state. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19042 dc483132-0cff-0310-8789-dd5450dbe970
* If gss_krb5int_unseal_token_v3() unwraps a message of length 0 - freeEzra Peisach2006-12-301-0/+4
| | | | | | | | | | | memory and return in message_buffer a NULL pointer for value. This is consistant with gss_release_buffer in the mechglue implementation in which memory is only freed if the buffer length != 0. ticket: 5233 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19022 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak if defective header present in gss_krb5int_unseal_token_v3Ezra Peisach2006-12-301-1/+3
| | | | | | | | | | If after unsealing the message, the TOK_ID is not 05 04, free memory before returning a defective token error. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19021 dc483132-0cff-0310-8789-dd5450dbe970
* * copy_data.c (krb5_copy_data): Use krb5int_copy_data_contentsKen Raeburn2006-12-281-10/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19019 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_memory.c (krb5_mcc_next_cred): Use krb5int_copy_creds_contentsKen Raeburn2006-12-281-45/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19018 dc483132-0cff-0310-8789-dd5450dbe970
* * lib/krb5/krb/copy_creds.c (krb5int_copy_creds_contents): New function, splitKen Raeburn2006-12-281-2/+21
| | | | | | | | out from krb5_copy_creds. (krb5_copy_creds): Call it. * include/k5-int.h (krb5int_copy_creds_contents): Declare. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19017 dc483132-0cff-0310-8789-dd5450dbe970
* comment the various data structuresKen Raeburn2006-12-281-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19016 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): FixTom Yu2006-12-221-3/+4
| | | | | | | | ordering bug in previous patch. ticket: 5123 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19007 dc483132-0cff-0310-8789-dd5450dbe970
* use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC in preauth2.cTom Yu2006-12-191-3/+3
| | | | | | | | | | | | * src/lib/krb5/krb/preauth2.c (krb5_do_preauth_tryagain): Use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18977 dc483132-0cff-0310-8789-dd5450dbe970
* don't pass null pointer to krb5_do_preauth_tryagain()Tom Yu2006-12-191-17/+24
| | | | | | | | | | | | | * src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): If the error isn't PREAUTH_NEEDED and preauth_to_use is null, return the error in err_reply, rather than attempting to pass a null pointer to krb5_do_preauth_tryagain(). ticket: new status: open target_version: 1.6 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18976 dc483132-0cff-0310-8789-dd5450dbe970
* ktfns.c (krb5_kt_get_entry): If the supplied server principal has an emptyKen Raeburn2006-12-191-1/+18
| | | | | | | | | realm name, replace it with the default realm, in a private copy. ticket: 5121 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18975 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_is_referral_realm now takes a pointer to const krb5_data, since it doesn'tKen Raeburn2006-12-191-1/+1
| | | | | | | | | modify it. ticket: 5121 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18974 dc483132-0cff-0310-8789-dd5450dbe970
* Use __extension__ if initializing by field name and using GCC in pre-C99 modeKen Raeburn2006-12-191-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18973 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-16 21:32:35 +0000