summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* export krb5_get_init_creds_opt_set_change_password_promptTom Yu2006-12-191-0/+1
| | | | | | ticket: 5090 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18970 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_rc_io_open_internal on error will call close(-1)Ezra Peisach2006-12-181-1/+3
| | | | | | | | | | | If there is an error in opening the replay cache - memory is freed, but close() is invoked with -1 (failure from open()). While technically, close() will return EBADF in such a case, and nothing bad will happen, valgrind picks up on this and provides an error... ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18961 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_init_creds_opt_set_change_password_promptJeffrey Altman2006-12-143-2/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | krb5_get_init_creds_opt_set_change_password_prompt is a new gic option that permits the prompter code to be skipped when the password has expired. This option is meant to be used by credential managers such as NetIDMgr and Kerberos.app that have their own built in password change dialogs. This patch adds the new function, exports it on Windows, and makes use of it within the Krb5 identity provider for NetIDMgr. The patch is written to ensure that no changes to the krb5_get_init_creds_opt structure are required and to ensure that the default behavior, prompting, is maintained. The export lists for UNIX and KFM must still be updated. The function prototype was committed as part of ticket 3642. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18954 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-12-124-52/+56
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18940 dc483132-0cff-0310-8789-dd5450dbe970
* Don't leak padata when looping for krb5_do_preauth_tryagain()Kevin Coffman2006-12-081-4/+4
| | | | | | | | | | | | | | * src/lib/krb5/krb/get_in_tkt.c: krb5_get_init_creds() Free any existing request.padata at the top of the loop calling krb5_do_preauth() and krb5_do_preauth_tryagain(). ticket: new component: krb5-libs Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18935 dc483132-0cff-0310-8789-dd5450dbe970
* build the trunk on Windows (again)Jeffrey Altman2006-12-083-10/+12
| | | | | | | | | | This revision corrects a number of missing or extraneous KRB5_CALLCONV symbols; exposes symbols for _WIN32; and avoids including headers that don't exist ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18932 dc483132-0cff-0310-8789-dd5450dbe970
* Undo revision 18930 which was not supposed to include thisJeffrey Altman2006-12-071-11/+1
| | | | | | | | file. ticket: 3642 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18931 dc483132-0cff-0310-8789-dd5450dbe970
* Modifications to support the generation and embedding Jeffrey Altman2006-12-072-1/+17
| | | | | | | | | | | | of library manifests into generated EXEs and DLLs. Manifests are required for Windows XP and above when applications are built with Microsoft Visual Studio 2005 (aka VS8) or above. ticket: 3642 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18930 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_cc_remove should work for the CCAPIAlexandra Ellwood2006-12-055-111/+195
| | | | | | | | | | | | | | Implemented a working krb5_cc_remove for the CCAPI cache type. Added a private support function krb5_creds_compare() which checks if two krb5_creds are identical. This function should be needed by implementations of krb5_cc_remove for other ccache types. ticket: new owner: tlyu target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18923 dc483132-0cff-0310-8789-dd5450dbe970
* Make clean in lib/krb5/os does not clean test objsEzra Peisach2006-12-031-1/+1
| | | | | | | | | make clean failed to remove t_locate_kdc.o ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18915 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/ccache/cc_file.c: Adapted patch from RolandTom Yu2006-12-011-8/+24
| | | | | | | | | | | | Dowdeswell to avoid possible double-free conditions on certain errors. ticket: 4788 tags: pullup target_version: 1.6 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18897 dc483132-0cff-0310-8789-dd5450dbe970
* send a new request with the new padata returned by krb5_do_preauth_tryagain()Kevin Coffman2006-12-012-5/+4
| | | | | | | | | | | | | | | | | | | | | | Send another request containing the padata obtained from tryagain. * src/include/k5-int.h Update prototype * src/lib/krb5/krb/get_in_tkt.c Send pointer to the request.padata so krb5_do_preauth_tryagain() can update the request to be sent. * src/lib/krb5/krb/preauth2.c If a module returns modified padata, add it to the return_padata and return. ticket: new Component: krb5-libs Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18896 dc483132-0cff-0310-8789-dd5450dbe970
* bump minor versions due to API additionsTom Yu2006-12-012-2/+2
| | | | | | | ticket: 4689 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18894 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/vfy_increds.c (krb5_verify_init_creds): UseTom Yu2006-11-302-23/+5
| | | | | | | | | | | | | krb5_cc_new_unique(). * src/lib/gssapi/krb5/accept_sec_context.c: (rd_and_store_for_creds): Use krb5_cc_new_unique(). ticket: 4805 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18887 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/gc_via_tkt.c (check_reply_server): New functionTom Yu2006-11-301-20/+62
| | | | | | | | | | | | | | | to check server principal in reply. Ensures that the reply is self-consistent, allows rewrites if canonicalization is requested, and allows limited rewrites of TGS principals if canonicalization is not requested. (krb5_get_cred_via_tkt): Move server principal checks into check_reply_server(). ticket: 3322 target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18879 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/gc_frm_kdc.c: Also do style cleanup.Tom Yu2006-11-301-81/+124
| | | | | | | | | | | | | | | | | (krb5_get_cred_from_kdc_opt): If server principal was rewritten, fall back unless it was rewritten to a TGS principal. This fixes a bug when a MS AD rewrites the service principal into a single-component NETBIOS-style name. If we get a referral back to the immediately preceding realm, fall back to non-referral handling. This fixes the changepw failure. To prevent memory leaks, when falling back to non-referral handling, free any tgts previously obtained by the initial non-referral do_traversal() call. ticket: 4955 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18878 dc483132-0cff-0310-8789-dd5450dbe970
* Implemented CCAPI v3 specific ccache collection cursorJustin Anderson2006-11-293-3/+152
| | | | | | | | | | | | * src/lib/krb5/ccache/ccbase.c: Added CCAPI v3 entry to list of type cursors * src/lib/krb5/ccache/ccapi/stdcc.h: * src/lib/krb5/ccache/ccapi/stdcc.c: Implemented CCAPI v3 cursor functionality. ticket: 4739 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18877 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_copy_data_contents shouldn't free memory it didn't allocateTom Yu2006-11-281-2/+0
| | | | | | | | | | | | * src/lib/krb5/krb/copy_data.c (krb5int_copy_data_contents): Don't free outdata on malloc failure; we didn't allocate outdata. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18865 dc483132-0cff-0310-8789-dd5450dbe970
* fix debug messagesKevin Coffman2006-11-221-7/+7
| | | | | | | | | | | Change debugging messages so they print salt value correctly and clean up warnings when compiling with DEBUG. ticket: new Tags: pullup Target_Version: 1.6 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18859 dc483132-0cff-0310-8789-dd5450dbe970
* free error message when freeing contextKevin Coffman2006-11-211-0/+2
| | | | | | | | | | | | | | | Call krb5_clear_error_message() to free any allocated error message before freeing the context. The condition that triggered this was a plugin library which fails to load because of unresolved references. It appears dlopen() on Linux leaks four bytes for each failing library in this situation. ticket: new Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18858 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/ccache/ccbase.c (krb5int_cc_getops): InternalTom Yu2006-11-183-11/+63
| | | | | | | | | | | | | | | | function to fetch ops vector given ccache prefix string. (krb5_cc_new_unique): New function to generate a new unique ccache of a given type. * src/include/krb5/krb5.hin: Prototype for krb5_cc_new_unique(). * src/lib/krb5/libkrb5.exports: * src/lib/krb5_32.def: Add krb5_cc_new_unique(). ticket: 3091 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18857 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_init_creds_password:Jeffrey Altman2006-11-171-8/+0
| | | | | | | | remove unintentionally committed code not meant for 1.4 branch ticket: 4802 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18842 dc483132-0cff-0310-8789-dd5450dbe970
* reset use_master flag when master_kdc cannot be found Jeffrey Altman2006-11-171-1/+11
| | | | | | | | | | | | | | krb5_get_init_creds_password: if the master_kdc cannot be identified reset the use_master flag. otherwise, the krb5_get_init_creds("kadmin/changepw") call will attempt to communicate with the master_kdc that cannot be reached. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18840 dc483132-0cff-0310-8789-dd5450dbe970
* use krb5_c_valid_enctype, not valid_enctypeKen Raeburn2006-11-171-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18839 dc483132-0cff-0310-8789-dd5450dbe970
* update krb5_c_keylength function, create krb5_c_random_to_key functionKevin Coffman2006-11-174-10/+103
| | | | | | | | | | | | | | | Modify the keylength function to return both keybytes and keylength. Change the name of the function and source file to reflect this. Add a function, krb5_c_random_to_key() that takes random input data of the right length (keybytes) and produce a valid key for a given enctype. ticket: new Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18836 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_stdccv3_generate_new returns NULL ccacheAlexandra Ellwood2006-11-161-3/+3
| | | | | | | | | | Fixed krb5_stdccv3_generate_new so it no longer returns a NULL ccache. ticket: new target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18820 dc483132-0cff-0310-8789-dd5450dbe970
* * rd_req_dec.c: Whitespace changes in function headers.Ken Raeburn2006-11-161-9/+53
| | | | | | | (krb5_rd_req_decoded_opt): Include more info in error text for AP_WRONG_PRINC and NOPERM_ETYPE errors. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18817 dc483132-0cff-0310-8789-dd5450dbe970
* include realm in "can't resolve KDC" error messageKen Raeburn2006-11-161-0/+4
| | | | | | | | | | | * locate_kdc.c (krb5int_locate_server): Store an error message for REALM_CANT_RESOLVE error that lists the realm. ticket: new target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18816 dc483132-0cff-0310-8789-dd5450dbe970
* avoid double frees in ccache manipulation around gen_newKen Raeburn2006-11-162-4/+7
| | | | | | | | | | | | * krb5/krb/vfy_increds.c (krb5_verify_init_creds): If krb5_cc_gen_new fails, don't both close and destroy the template ccache. * gssapi/krb5/accept_sec_context.c (rd_and_store_for_creds): Likewise. ticket: new target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18815 dc483132-0cff-0310-8789-dd5450dbe970
* correct client preauth plugin request_contextKevin Coffman2006-11-131-6/+17
| | | | | | | | | | | | Correctly share the same request_context between all modules within a single client preauth plugin. ticket: new Component: krb5-libs Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18800 dc483132-0cff-0310-8789-dd5450dbe970
* more Novell ldap patches from Nov 6 and Fix for wrong password policy ↵Will Fiveash2006-11-131-4/+6
| | | | | | | | | | | | | | | | | | | | | reference count This commit is to update the code with the following Novell patches from Nov 6, 2006: patch-ldap-kadm5-macro.diff patch-ldap-fixes.diff patch-ldap-key-seq-salt.diff patch-ldap-misc.diff And this patch from Nov 8: patch-ldap-pwd-policy.c ticket: new Target_Version: krb5-1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18799 dc483132-0cff-0310-8789-dd5450dbe970
* Add "get_data" function to the client preauth plugin interfaceKevin Coffman2006-11-092-5/+81
| | | | | | | | | | | Modify the client preauth plugin interface to pass in a function pointer and data pointer so the plugin may request information otherwise unavailable. ticket: new Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18790 dc483132-0cff-0310-8789-dd5450dbe970
* Add public function to get keylenth associated with an enctypeKevin Coffman2006-11-093-0/+67
| | | | | | | | | | Add a new function, krb5_c_keylength, to libk5crypto to obtain the keylength associated with an enctype. ticket: new Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18789 dc483132-0cff-0310-8789-dd5450dbe970
* krb5.h not C++-safe due to "struct krb5_cccol_cursor"Alexandra Ellwood2006-11-071-1/+1
| | | | | | | | | | | | | Fixed definition of "struct krb5_cccol_cursor" in krb5.h to be C++ safe. In C++ the struct name is also a type so there can't be a typedef of the same name, in this case "typedef struct krb5_cccol_cursor *krb5_cccol_cursor;". ticket: new status: open target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18765 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_init_creds_password does not consistently prompt for password changingJeffrey Altman2006-11-061-6/+4
| | | | | | | | | | | | | | | | | | | | krb5_get_init_creds_password() previously did not consistently handle KRB5KDC_ERR_KEY_EXP errors. If there is a "master_kdc" entry for the realm and the KDC is reachable, then the function will prompt the user for a password change. Otherwise, it will return the error code to the caller. If the caller is a ticket manager, it will prompt the user for a password change with a dialog that is different from the one generated by the prompter function passed to krb5_get_init_creds_password. With this change krb5_get_init_creds_password() will always prompt the user if it would return KRB5KDC_ERR_KEY_EXP unless the function is compiled with USE_LOGIN_LIBRARY. (KFM) ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18764 dc483132-0cff-0310-8789-dd5450dbe970
* Make clean in lib/kdb leaves error table filesEzra Peisach2006-11-051-0/+1
| | | | | | | | | Remove adb_err.c and adb_err.h on make clean. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18763 dc483132-0cff-0310-8789-dd5450dbe970
* Make clean does not remove lib/crypto/t_prfEzra Peisach2006-11-051-1/+1
| | | | | | | | | Remove t_prf and t_prf.o on make clean. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18762 dc483132-0cff-0310-8789-dd5450dbe970
* * svr_principal.c (kadm5_use_password_server): Define only if ↵Ken Raeburn2006-11-021-0/+2
| | | | | | USE_PASSWORD_SERVER git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18759 dc483132-0cff-0310-8789-dd5450dbe970
* * svc_auth_gss.c (svcauth_gss_import_name): Unused function deletedKen Raeburn2006-11-021-26/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18758 dc483132-0cff-0310-8789-dd5450dbe970
* * g_pw_in_tkt.c (passwd_to_key): Unused function deletedKen Raeburn2006-11-021-48/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18757 dc483132-0cff-0310-8789-dd5450dbe970
* * prng.c (init_error): Unused variable deletedKen Raeburn2006-11-021-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18756 dc483132-0cff-0310-8789-dd5450dbe970
* Modify the preath plugin interface so that a plugin's context isKevin Coffman2006-11-014-150/+153
| | | | | | | | | | | | | | | | | | | | | | | | | | global to all the modules within a plugin. Also, change the client-side interface so that the preauth plugin context (once created) lives the lifetime of a krb5_context. This will allow future changes that can set plugin parameters. The client side request context lives the lifetime of a call to krb5_get_init_creds(). Make the sample preauth plugins buildable outside the source tree. Fix minor memory leak in sort_krb5_padata_sequence(). Add a prototype for krb5_do_preauth_tryagain() and change the plugin interface. Incorporates fixes from Nalin Dahyabhai <nalin@redhat.com> for leaks of the function table pointers (rt #4566) and fix KDC crash (rt #4567) ticket: 4566 ticket: 4567 ticket: 4587 Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18754 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-11-013-7/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18753 dc483132-0cff-0310-8789-dd5450dbe970
* * conv_princ.c (krb5_425_conv_principal): Fix silly typo in arrays' sizes inKen Raeburn2006-10-311-2/+4
| | | | | | | | previous change. ticket: 4534 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18751 dc483132-0cff-0310-8789-dd5450dbe970
* latest Novell ldap patches and kdb5_util dump support for ldapWill Fiveash2006-10-301-7/+18
| | | | | | | | | | | | I've applied Novell's latest patches for their LDAP KDB plugin. I've also implemented and tested support for kdb5_util dump using the LDAP KDB plugin. I also added a Sun copyright on files that I've modified. ticket: new Target_Version: krb5-1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18750 dc483132-0cff-0310-8789-dd5450dbe970
* don't confuse profile iterator in 425 princ conversionKen Raeburn2006-10-281-5/+5
| | | | | | | | | | | | | | | | The profile iterator code hangs onto and uses the list of names passed in. The krb5_425_conv_principal code reuses that array when the iterator may still be used. * conv_princ.c (krb5_425_conv_principal): Use separate name arrays for the iterator and the v4_realm lookup that may be done inside the iteration loop. ticket: new target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18748 dc483132-0cff-0310-8789-dd5450dbe970
* fix invalid access found by valgrindKevin Coffman2006-10-231-1/+1
| | | | | | | | | | | | Valgrind found that we were reading past the end of the preferred padata string. p is manually updated within the loop and there is no need for the increment. It was causing the null terminator to be skipped over, rather than properly terminating the loop. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18735 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid segfault in krb5_do_preauth_tryagainKevin Coffman2006-10-231-1/+1
| | | | | | | | | Check pointer is non-null before using it. Avoids segfault in krb5_do_preauth_tryagain(). ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18734 dc483132-0cff-0310-8789-dd5450dbe970
* Delete src/lib/ccapi.Sam Hartman2006-10-2160-14200/+0
| | | | | | | | The ccapi shipped in 1.6 will not be based off this code and will live in src/ccapi. It will be copied onto the trunk and branch when ready, but this code is being removed before the branch cut. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18731 dc483132-0cff-0310-8789-dd5450dbe970
* enabling LDAP mix-in support for kdb5_util loadWill Fiveash2006-10-211-0/+3
| | | | | | | | | | | | | | | | I now have mix-in working for the kdb5_util load. If the krbSubTrees realm attr contains a base DN where non-krb entries live the load/krb5_ldap_put_principal() code will modify those entries whose krbPrincipalName attr matches that of the dump princ record being loaded otherwise a standalone krbprinc entry will be created under the realm container. I also fixed a small bug in krb5_ldap_policydn_to_name() for the version that uses ldap_explode_dn(). ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18729 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-11 15:00:01 +0000