summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Declare krb5_mcc_get_flags static - it is not exported or used outside of fileEzra Peisach2006-10-181-5/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18723 dc483132-0cff-0310-8789-dd5450dbe970
* Unsigned/signed warning fixEzra Peisach2006-10-181-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18722 dc483132-0cff-0310-8789-dd5450dbe970
* Include gss_libinit.h for gssint_initialize_library() prototypeEzra Peisach2006-10-165-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18721 dc483132-0cff-0310-8789-dd5450dbe970
* Include string.h for memcmp prototypeEzra Peisach2006-10-161-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18720 dc483132-0cff-0310-8789-dd5450dbe970
* Include time.h for time() prototypeEzra Peisach2006-10-161-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18719 dc483132-0cff-0310-8789-dd5450dbe970
* Tag krb5_rc_dfl_init_locked as static - not used outside fileEzra Peisach2006-10-161-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18716 dc483132-0cff-0310-8789-dd5450dbe970
* Cleanup unused variable warning during make checkEzra Peisach2006-10-151-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18713 dc483132-0cff-0310-8789-dd5450dbe970
* Remove all unused variable warnings from treeEzra Peisach2006-10-155-6/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18712 dc483132-0cff-0310-8789-dd5450dbe970
* Clear req_st buffer before filling it inKen Raeburn2006-10-151-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18706 dc483132-0cff-0310-8789-dd5450dbe970
* Use $(VALGRIND) when running programs using $(KRB5_RUN_ENV) orKen Raeburn2006-10-1312-35/+35
| | | | | | | | | | | | | | | | | | $(RUN_SETUP). Replaces old hack with MAYBE_VALGRIND added to RUN_ENV in a way that would break in some of the tests. Set VALGRIND in site.exp in tests/dejagnu. (Not used yet.) Runs some shell scripts under valgrind, rather than changing them to run only the executables under valgrind; this is mostly okay, just creates lots of extra log data, and requires --trace-children=yes. This should work for any instrumentation program invocation that gets followed immediately by the name and argument list for the program being instrumented. For example, VALGRIND="env LD_PRELOAD=..." should work, though I haven't tested it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18699 dc483132-0cff-0310-8789-dd5450dbe970
* Add prototype for krb5int_debug_fprint to os-proto.h. Include os-proto.h inEzra Peisach2006-10-132-2/+3
| | | | | | sn2princ.c. Cleans up warning for function definition w/o prototype. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18694 dc483132-0cff-0310-8789-dd5450dbe970
* Patch to split client plugin from server pluginSam Hartman2006-10-131-20/+16
| | | | | | | ticket: 4377 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18693 dc483132-0cff-0310-8789-dd5450dbe970
* Another patch from Will Fiveash, to make "kdb5_util load <dumpfile>"Ken Raeburn2006-10-121-4/+4
| | | | | | | work with the LDAP KDB back end, in simple cases (all entries stored under the krbcontainer entry). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18690 dc483132-0cff-0310-8789-dd5450dbe970
* Check for allocation failure. Caught by Will FiveashKen Raeburn2006-10-101-2/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18672 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize buffer before calling res_ninitRuss Allbery2006-10-081-0/+1
| | | | | | | | | | | | | | | Per Paul Vixie: It is necessary to zero out the statbuf before calling res_ninit(), or else res_vinit() will call res_nclose() and res_ndestroy() with stack trash as a statbuf, and they will call free() with stack trash, and programs will dump core. Ticket: new Component: krb5-libs Version_Reported: 1.5.1 Target_Version: 1.5.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18669 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize accessor fields at compile time, under C99 and GCCKen Raeburn2006-10-071-30/+49
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18667 dc483132-0cff-0310-8789-dd5450dbe970
* Move ASN.1 routines for KDB LDAP plugin into main krb5 library,Ken Raeburn2006-10-073-0/+480
| | | | | | accessed via krb5int_access. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18666 dc483132-0cff-0310-8789-dd5450dbe970
* Use const pointers for error messages.Ken Raeburn2006-10-071-2/+40
| | | | | | Add some debugging hooks in the libkrb5 support. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18661 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/ccache/t_cccursor.c: Bugfixes from Ezra to clean upTom Yu2006-10-061-1/+32
| | | | | | | | | memory leaks. ticket: 4389 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18654 dc483132-0cff-0310-8789-dd5450dbe970
* update export listsTom Yu2006-10-062-0/+6
| | | | | | | ticket: 4389 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18653 dc483132-0cff-0310-8789-dd5450dbe970
* make dependTom Yu2006-10-0633-827/+1019
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18652 dc483132-0cff-0310-8789-dd5450dbe970
* cursor for iterating over ccachesTom Yu2006-10-059-3/+798
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some ccache back ends need per-type cursors implemented. * src/include/k5-int.h: Declare krb5_cc_ptcursor. Update krb5_cc_ops vector to include functions for ptcursor and some not-yet-implemented functionality. * src/include/krb5/krb5.hin: Prototype krb5_cccol_cursor_new, krb5_cccol_cursor_next, krb5_cccol_cursor_free. * src/lib/krb5/ccache/Makefile.in: Compile cccursor.c. Build t_cccursor. * src/lib/krb5/ccache/cccursor.c: Implementation of cursor for iterating over ccaches. * src/lib/krb5/ccache/ccbase.c: Add typecursor functionality for iteration over registered ccache types. * src/lib/krb5/ccache/cc_memory.c: Implmement per-type ccache cursor functionality. * src/lib/krb5/ccache/cc_mslsa.c: * src/lib/krb5/ccache/cc_file.c: * src/lib/krb5/ccache/ccapi/stdcc.c: Add place-holder ops vector entries. * src/lib/krb5/ccache/t_cccursor.c: New test of ccache cursor functionality. * src/lib/krb5/os/ccdefname.c (krb5int_cc_os_default_name): New function to return the OS-specific default ccache name. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18651 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Kevin Coffman:Ken Raeburn2006-10-051-44/+35
| | | | | | | | | - adds a function to get ccache keycount - uses it in two places - fixes free problem if next_cred fails - simplifies the clearcache function by using keyctl_clear git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18649 dc483132-0cff-0310-8789-dd5450dbe970
* fix dependence on config.status to use correct dirKen Raeburn2006-10-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18647 dc483132-0cff-0310-8789-dd5450dbe970
* array before test for pointing at entry with the principal. AvoidsEzra Peisach2006-10-041-4/+8
| | | | | | | | | | buffer overflow for end of list. Detected with a hacked up version of valgrind to handle keyring syscalls. krb5_krcc_next_cred: Move initial test if pointing past end of key git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18643 dc483132-0cff-0310-8789-dd5450dbe970
* The keyring code introduced in r18638 also included tests of the KEYRING:Ezra Peisach2006-10-041-1/+37
| | | | | | | | regardless of whether the type is registered or not in the library. Test to see if KEYRING: is registered - and if so - run the tests on it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18642 dc483132-0cff-0310-8789-dd5450dbe970
* Preauthentication Plugin FrameworkSam Hartman2006-10-036-91/+750
| | | | | | | | | | | | | Patch from Nalin Dahyabhai at Redhat to implement a preauthentication framework based on the plugin architecture. Currently. the API is considered internal and the header is not installed. See src/include/krb5/preauth_plugin.h for the interface. ticket: new Tags: enhancement Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18641 dc483132-0cff-0310-8789-dd5450dbe970
* Merge Kevin Coffman's keyring ccache branch for Linux, with some modifications:Ken Raeburn2006-10-025-4/+2119
| | | | | | | | | | | | | | | | | | | | | aclocal.m4: Enable keyring ccache if the header and library are available; no configure-time option. No error if it's not found. ccdefname.c: Keep old default of FILE: cache, at least for now. libkrb5.exports: Don't export krb5_krcc_ops. ccbase.c: Only initialize krb5int_krcc_mutex if USE_KEYRING_CCACHE; destroy it in finalization. Define INITIAL_TYPEHEAD macro (for file vs keyring), and use it for initialization and in krb5int_cc_finalize. Re-enable freeing of additional registered-type structures. cc_keyring.c: Avoid calls to com_err from within library. cc_file.c: Punt change; generate_new is badly broken, and we expect to replace it with a new API anyways. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18638 dc483132-0cff-0310-8789-dd5450dbe970
* Nuke old Saber-related stuffKen Raeburn2006-10-021-294/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18637 dc483132-0cff-0310-8789-dd5450dbe970
* Update expected results for krb5_get_host_realm with referral patchesKen Raeburn2006-09-301-2/+2
| | | | | | installed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18634 dc483132-0cff-0310-8789-dd5450dbe970
* (get_errmsg): Check for errcode_2_string and release_errcode_stringKen Raeburn2006-09-291-1/+4
| | | | | | being null function pointers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18633 dc483132-0cff-0310-8789-dd5450dbe970
* Set the canonicalize flag in TGS requests and accept cross-realm referral ↵Sam Hartman2006-09-2110-120/+608
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tickets. We do not yet accept tickets in which the server name changes. * krb5_sname_to_principal: If there is no domain realm mapping return null realm *krb5_get_cred_via_tkt: New behavior as described below 1) the referrals case: - check for TGT for initial realm - if a remote realm was specified (which must have happened via a domain_realm mapping), obtain a TGT for it the standard way and start with that. - use client realm for server if not specified - iterate through this loop: - request ticket with referrals turned on - if that fails: - if this was the first request, punt to non-referrals case - otherwise, retry once without referrals turned on then terminate either way - if it works, either use the service ticket or follow the referral path - if loop count exceeded, hardfail 2) the nonreferrals case - this is mostly the old walk_realm_tree TGT-finding (which allows limited shortcut referrals per 4120) followed by a standard tgs-req. - originally requested principal is used for this, although if we were handed something without a realm, determine a fallback realm based on DNS TXT records or a truncation of the domain name. ticket: 2652 Owner: amb git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18598 dc483132-0cff-0310-8789-dd5450dbe970
* Bad loop logic in krb5_mcc_generate_newAlexandra Ellwood2006-09-191-10/+8
| | | | | | | | | krb5_mcc_generate_new() Error in loop caused first item in the list to not get checked the second time through scanning for duplicates. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18594 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb5.c (kdb_load_library): Make error message a little more accurate.Ken Raeburn2006-09-161-29/+47
| | | | | | | | | | (get_errmsg): New function. Uses errcode_2_string and release_errcode_string functions to copy out an error message from the plugin and store it locally, if the error code supplied is nonzero. Changed other uses of plugin functions to call get_errmsg on returning. (krb5_db_errcode2string): Deleted. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18591 dc483132-0cff-0310-8789-dd5450dbe970
* Move RPC header files to include/gssrpc, which we copy to them atKen Raeburn2006-09-1622-3333/+469
| | | | | | | build time, and which is the only place we use them from anyways. Update Makefile references and dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18589 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-09-131-38/+30
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18584 dc483132-0cff-0310-8789-dd5450dbe970
* Make database plugin responsible for releasing the error-message string, soKen Raeburn2006-09-061-0/+1
| | | | | | | | | | | that we can use the krb5_get_error_message interface internally. * kdb5.h: Add release_errcode_string field to the interface. * db2_exp.c, ldap_exp.c: Initialize it. * ldap_misc.c: Use krb5_get/free_error_message for error message strings. * kdb_ldap.h: Declare krb5_ldap_release_errcode_string. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18565 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-09-061-111/+113
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18564 dc483132-0cff-0310-8789-dd5450dbe970
* windows ccache and keytab file paths without a prefix Jeffrey Altman2006-09-052-4/+4
| | | | | | | | | | | ktbase.c, ccbase.c: When a file path is specified without the prefix we must infer the use of the "FILE" prefix. However, we were setting the prefix including the colon separator when the separator should have been ignored. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18561 dc483132-0cff-0310-8789-dd5450dbe970
* Rename KRB5_KDB_PLUGIN_OP_NOTSUPP to KRB5_PLUGIN_OP_NOTSUPP and move to krb5 ↵Ken Raeburn2006-08-292-1/+1
| | | | | | table git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18550 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Savitha R:Ken Raeburn2006-08-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | ldap_util 1. Kdb5_ldap_util interface Removed supp enctypes, suppsalttypes from create realm and modify realm since they are currently not used 2. memset passwd strings to zero when not used any more 3. Using krb5_sname_to_principal in place of gethostbyname while creating the kadmin principal with hostname. libkdb_ldap 1. Added mandatory functions which were missing in the LDAP plug-in 2. Error handling changes - Setting the error message in the kerberos context when decryption of the service passwd fails or connection to the LDAP server fails during initialization. Additional changes: libkdb_ldap: Link against com_err library, to provide error_message(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18548 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-08-231-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18519 dc483132-0cff-0310-8789-dd5450dbe970
* Merge Todd's TCP changepw support, with a few fixupsKen Raeburn2006-08-235-330/+391
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * include/cm.h (state_strings, enum conn_states, struct incoming_krb5_message, struct conn_state): Moved here from lib/krb5/os/sendto_kdc.c. (stuct sendto_callback_info): New type. * lib/krb5/os/sendto_kdc.c (set_conn_state_msg_length): New function. (setup_connection): Deleted argument message_len_buf. Don't store message length; call set_conn_state_msg_length instead. (start_connection): New arguments callback_info and callback_buffer. Invoke callback function if any, and set message length on success. (maybe_send): New arguments callback_info and callback_buffer; pass them to start_connection. (krb5int_sendto): New arguments callback_info, remoteaddr, remoteaddrlen. If callback info is provided, allocate per-connection buffers, and pass them to maybe_send. On cleanup, invoke the cleanup callback function if any. (krb5_sendto_kdc): Update krb5int_sendto call. * include/k5-int.h (struct sendto_callback_info): Add forward declaration. (krb5int_sendto, struct _krb5int_access.sendto_udp): Update for new signature. * lib/krb5/os/send524 (krb5int_524_sendto_kdc): Update krb5int_sendto call. * lib/krb4/send_to_kdc.c (krb5int_send_to_kdc_addr): Update sendto_udp call. * lib/krb5/os/changepw.c (struct sendto_callback_context): New type. (krb5_locate_kpasswd): New argument useTcp, used to select socket type in krb5int_locate_server call. (kpasswd_sendto_msg_cleanup, kpasswd_sendto_msg_callback): New functions. (krb5_change_set_password): Call krb5int_sendto with callbacks, instead of managing the exchange here. On RESPONSE_TOO_BIG error, try again with TCP only. * lib/krb5/krb/chpw.c (krb5int_rd_chpw_rep): If length is wrong, check if a buggy server sent a KRB_ERROR. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18518 dc483132-0cff-0310-8789-dd5450dbe970
* cc_err_xlate: Updated error mappings to generate the same errors as ccapiv2.Alexandra Ellwood2006-08-161-8/+14
| | | | | | | | | | stdccv3_setup: Don't translate errors since cc_err_xlate isn't idempotent. krb5_stdccv3_resolve: Don't fail if we can't open the ccache. ticket: 3936 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18458 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_default.c (krb5_def_store_mkey): If the file can't be opened, constructKen Raeburn2006-08-151-0/+3
| | | | | | an error message that includes the file's name. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18448 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilitiesTom Yu2006-08-081-2/+4
| | | | | | | | | | | | | | | | | | | * src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive): * src/appl/bsd/v4rcp.c (main): * src/appl/bsd/krcp.c (main): * src/appl/bsd/krshd.c (doit): * src/appl/bsd/login.c (main): * src/clients/ksu/main.c (sweep_up): * src/lib/krb4/kuserok.c (kuserok): Check return values from setuid() and related functions to avoid privilege escalation vulnerabilities. Fixes MITKRB5-SA-2006-001. [CVE-2006-3083, VU#580124, CVE-2006-3084, VU#401660] ticket: new target_version: 1.5.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18420 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/gssapi/mechglue/mglueP.h: Add loopback field to opaqueTom Yu2006-08-0711-1/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | structs of gss_ctx_id_t, gss_name_t, gss_cred_id_t to catch some application programming errors. Add new macro GSSINT_CHK_LOOP() which returns non-zero if loopback field doesn't point to itself. * src/lib/gssapi/mechglue/g_accept_sec_context.c (gss_accept_sec_context): * src/lib/gssapi/mechglue/g_acquire_cred.c (gss_add_cred) (gss_acquire_cred): * src/lib/gssapi/mechglue/g_delete_sec_context.c (gss_delete_sec_context): * src/lib/gssapi/mechglue/g_glue.c (gssint_convert_name_to_union_name): * src/lib/gssapi/mechglue/g_imp_name.c (gss_import_name): * src/lib/gssapi/mechglue/g_imp_sec_context.c (gss_import_sec_context): * src/lib/gssapi/mechglue/g_init_sec_context.c (gss_init_sec_context): Set loopback pointers. * src/lib/gssapi/mechglue/g_delete_sec_context.c (gss_delete_sec_context): * src/lib/gssapi/mechglue/g_rel_cred.c (gss_release_cred): * src/lib/gssapi/mechglue/g_rel_name.c (gss_release_name): Call GSSINT_CHK_LOOP() to validate loopback pointer. ticket: 4063 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18417 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Michael Calmer to fix some uninitialized variablesTom Yu2006-08-021-0/+1
| | | | | | | | | | | | | | | | | | | | | | * src/appl/gssftp/ftpd/ftpd.c (auth_data): Initialize stat_maj, accept_maj, acquire_maj. * src/appl/telnet/libtelnet/kerberos5.c (kerberos5_send): Intialize rdata. * src/kdc/do_tgs_req.c (process_tgs_req): Initialize magic and tr_contents.magic. * src/lib/krb5/asn.1/krb5_decode.c (decode_krb5_safe_with_body): Initialize tmpbody.magic. * src/plugins/kdb/db2/libdb2/hash/dbm.c (kdb2_fetch) (kdb2_firstkey, kdb2_nextkey): Initialize dsize. ticket: 3904 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18404 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/gssapi/mechglue/g_initialize.c (gss_release_oid): CallTom Yu2006-08-011-0/+3
| | | | | | | | | gssint_initialize_library to ensure mutex is initialized. ticket: 4088 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18397 dc483132-0cff-0310-8789-dd5450dbe970
* Changed GSSAPI opaque types (gss_name_t, gss_cred_id_t, gss_ctx_id_t) fromAlexandra Ellwood2006-07-2513-42/+49
| | | | | | | | | | | | | | void* to pointers to opaque structs. This change removed some casts and introduced or changed a bunch of other casts to suppress warnings. krb5_gss_accept_sec_context(): Fixed a bug found by the above changes where krb5_gss_release_cred() was being called with the wrong argument 2 (gss_cred_id_t instead of gss_cred_id_t*). ticket: 4057 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18396 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-12 02:21:25 +0000