summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* make dependKen Raeburn2004-09-241-7/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16785 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in: Delete @SHARED_RULE@ line.Ken Raeburn2004-09-232-3/+6
| | | | | | (thisconfigdir): Fix. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16781 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (T_STD_CONF_OBJS): Include dnsglue.oKen Raeburn2004-09-232-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16780 dc483132-0cff-0310-8789-dd5450dbe970
* * libgssrpc.exports: Export svc_maxfdTom Yu2004-09-222-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16775 dc483132-0cff-0310-8789-dd5450dbe970
* Don't assume that presence of res_nsearch() means we have ns_initparse()Tom Yu2004-09-212-6/+15
| | | | | | ticket: 2710 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16773 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak in rd_cred.cTom Yu2004-09-212-1/+10
| | | | | | | | | * rd_cred.c (decrypt_credencdata): Clear and free ppart to avoid leak. Reported by Derrick Schommer. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16772 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak in arcfour string_to_keySam Hartman2004-09-212-0/+6
| | | | | | | | | | | Derrick Schommer reports that arcfour's string_to_key function leaks memory. This is true; it copies the password to convert to utf16 and never frees the copy. It does memset the copy to 0 when done. ticket: new requestors: schommer@gmail.com git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16771 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Check for sockaddr_in.sin_len andTom Yu2004-09-2113-117/+186
| | | | | | | | | | | | | | | | | | | | | | sockaddr.sa_len. Check for sys/param.h in case we need NBBY somewhere. * auth.h, svc_auth.h: Namespace cleanup. * svc.h, rpc_commondata.c: New global svc_maxfd. * svc.c (svc_getreqset): Break inner part of loop out into local function svc_do_xprt(). Don't use rpc_dtablesize(); instead, use svc_maxfd. * svc_run.c: Don't use rpc_dtablesize(). * clnt_generic.c, clnt_simple.c, getrpcport.c: * svc_tcp.c, svc_udp.c: Set sockaddr_in.sin_len when available. * ovsec_kadmd.c (kadm_svc_run): Don't use rpc_dtablesize(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16770 dc483132-0cff-0310-8789-dd5450dbe970
* Add DNS resolver glue layer. Use itTom Yu2004-09-216-327/+565
| | | | | | ticket: 2710 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16769 dc483132-0cff-0310-8789-dd5450dbe970
* * libgssrpc.exports: Don't export internalsTom Yu2004-09-1743-912/+697
| | | | | | | | | | | | | | | | | | | | | | | * svc.c (svc_getreqset): * svc_tcp.c (readtcp): Don't intersperse preprocessor conditionals with braces. * auth_gssapi.c, auth_gssapi_misc.c, auth_none.c: * auth_unix.c, authunix_prot.c, bindresvport.c: * clnt_generic.c, clnt_perror.c, clnt_raw.c * clnt_simple.c, clnt_tcp.c, clnt_udp.c, get_myaddress.c: * getrpcent.c, getrpcport.c, pmap_clnt.c: * pmap_getmaps.c, pmap_getport.c, pmap_prot.c, pmap_prot2.c: * pmap_rmt.c, rpc_callmsg.c, rpc_prot.c: * svc.c, svc_auth.c, svc_auth_gss.c: * svc_auth_gssapi.c, svc_auth_unix.c, svc_raw.c: * svc_run.c, svc_simple.c, svc_tcp.c: * svc_udp.c, xdr.c, xdr_alloc.c, xdr_array.c: * xdr_float.c, xdr_mem.c, xdr_rec.c, xdr_reference.c: * xdr_stdio.c: Protoize, to avoid potential problems when fixed-width types are not ints on some platforms. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16768 dc483132-0cff-0310-8789-dd5450dbe970
* Fix error code returned for empty sequences and check the errorJeffrey Altman2004-09-172-2/+10
| | | | | | | | | in krb5_lcc_initialize ticket: 2705 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16760 dc483132-0cff-0310-8789-dd5450dbe970
* * dnssrv.c:Tom Yu2004-09-144-0/+10
| | | | | | | | * hst_realm.c: * locate_kdc.c: Include netinet/in.h as a prerequisite for resolv.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16753 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c: Implement krb5_lcc_initialize()Jeffrey Altman2004-09-102-6/+35
| | | | | | | | | Remove all tickets from the cache which have a client principal that matches the input principal. ticket: 2705 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16737 dc483132-0cff-0310-8789-dd5450dbe970
* cc_mslsa.c: Correct test for KerbQueryTicketCacheEx2MessageJeffrey Altman2004-09-102-3/+6
| | | | | | ticket: 2705 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16736 dc483132-0cff-0310-8789-dd5450dbe970
* 2004-09-10 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2004-09-102-8/+374
| | | | | | | | | | | | | | * cc_mslsa.c: The following functionality is being committed but commented out because it is not presently available in public Microsoft SDKs - support for KerbSubmitTicket which allows a KERB_CRED message to be forwarded to the LSA. (KERB_SUBMIT_TICKET) - support for the KerbQueryTicketCacheEx2Message which adds the Session Key Enctype to the contents of the response from KerbQueryTicketCacheExMessage. (HAVE_CACHE_INFO_EX2) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16735 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_mslsa.c:Jeffrey Altman2004-09-022-23/+246
| | | | | | | | | | | | | | | | | | | | | | | | | | - Fix MITPrincToMSPrinc to prevent writing to the output buffer if the input won't fit. - Add internal UnicodeStringToMITPrinc function - Rename internal MSPrincToMITPrinc to ExternalNameToMITPrinc - Rename internal PurgeMSTGT to PurgeAllTickets - Add internal PurgeTicket2000 - Add internal PurgeTicketXP - Since tickets can only be requested via KDC Opt Flags it is not possible to specifically request the Initial ticket. If more than one ticket exists which matching service names, enctypes, and ticket flags the initial ticket flag may not be set. If the caller requested the initial ticket, set the flag manually. - Add preliminary support for krb5_lcc_set_flags - Modify krb5_lcc_initialize to return success - Modify krb5_lcc_get_principal to support an LSA cache which does not contain a TGT when krb5_lcc_resolve is called. - Implement krb5_lcc_remove_cred ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16714 dc483132-0cff-0310-8789-dd5450dbe970
* oops, forgot changelogTom Yu2004-08-311-0/+5
| | | | | | ticket: 2686 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16703 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2004-003Tom Yu2004-08-312-0/+4
| | | | | | | | | | Fix for ASN.1 decoder denial-of-service. [MITKRB5-SA-2004-003] ticket: new target_version: 1.3.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16702 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2004-002Tom Yu2004-08-315-2/+25
| | | | | | | | | | Fix double-free vulnerabilities [MITKRB5-SA-2004-002]. ticket: new target_version: 1.3.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16701 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c (make_ap_req_v1): Free checksum dataTom Yu2004-08-283-4/+14
| | | | | | | | | allocated by make_gss_checksum() to avoid leak. * k5sealv3.c (gss_krb5int_unseal_token_v3): Free plain.data after checksum is verified, to avoid leak. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16696 dc483132-0cff-0310-8789-dd5450dbe970
* move last patch down a little so it applies to tcp sockets as well as udpKen Raeburn2004-08-281-14/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16695 dc483132-0cff-0310-8789-dd5450dbe970
* * sendto_kdc.c (start_connection) [DEBUG]: Log the local socket addressKen Raeburn2004-08-282-0/+27
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16694 dc483132-0cff-0310-8789-dd5450dbe970
* Finally applied patch from Nalin Dahyabhai at Red Hat to fix 0/NULL bugs inKen Raeburn2004-08-274-3/+15
| | | | | | | | | variadic argument lists to krb5_build_principal{,_ext}. Skipped the stylistic patches that removed casts of NULL. tag: 1850 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16693 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (krb5_gss_acquire_cred): Call gssint_initialize_library.Ken Raeburn2004-08-262-1/+13
| | | | | | Return correct error code on mutex initialization failure. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16687 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Look for uint32_t, not int32_t, since some BSD-ishTom Yu2004-08-263-27/+35
| | | | | | | | | sys/types.h headers have int32_t and u_int32_t, but only have uint32_t in stdint.h. * types.hin: Change int32_t checks to uint32_t checks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16686 dc483132-0cff-0310-8789-dd5450dbe970
* * libkadm5srv.exports: Update for previous renamingTom Yu2004-08-212-4/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16679 dc483132-0cff-0310-8789-dd5450dbe970
* Fix no-auth test to use a config mask flag to ask for no-auth, toTom Yu2004-08-217-25/+38
| | | | | | avoid the icky repeated build of client_init.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16678 dc483132-0cff-0310-8789-dd5450dbe970
* renamed acl_* functions to kadm5int_acl_*Alexandra Ellwood2004-08-203-59/+63
| | | | | | ticket: 2674 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16673 dc483132-0cff-0310-8789-dd5450dbe970
* * svc.c (svc_getreqset): Allocate cred and verf memory toTom Yu2004-08-172-6/+21
| | | | | | | | temporary pointers, and free the temporary pointers on exit. Freeing the actual cred and verf pointers can cause corruption because auth mechanisms can reassign the pointers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16669 dc483132-0cff-0310-8789-dd5450dbe970
* * svc_auth_gss.c (gssrpc__svcauth_gss): Add some debug messagesTom Yu2004-08-173-5/+21
| | | | | | | | * svc.c (svc_getreqset): Don't allocate either raw or cooked credentials on the stack using the cred_area char array; use mem_alloc() instead. This avoids alignment problems. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16668 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c (struct _krb5_fcc_data): Add new mutex disk_file_lock and flagKen Raeburn2004-08-162-11/+70
| | | | | | | | | | | | | | file_is_locked. (krb5_fcc_close_file): Unlock the mutex and clear the flag. (krb5_fcc_open_file): Acquire the mutex before locking the file, and set the flag after. (krb5_fcc_resolve): Initialize the new mutex and flag. (krb5_fcc_generate_new): Initialize both mutexes and the flag. (dereference): Destroy the new mutex. Also, get rid of some unused variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16667 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c: Add buffering on reading.Ken Raeburn2004-08-152-12/+101
| | | | | | | | | | | | | | | (FCC_BUFSIZ): New macro. (struct _krb5_fcc_data): Add new fields buf, valid_bytes, cur_offset. (krb5_fcc_resolve, krb5_fcc_generate_new): Initialize valid_bytes. (invalidate_cache): New function. (krb5_fcc_write, krb5_fcc_open_file, krb5_fcc_destroy): Call invalidate_cache. (fcc_lseek): New function. (krb5_fcc_skip_header, krb5_fcc_destroy, krb5_fcc_start_seq_get, krb5_fcc_next_cred, krb5_fcc_store): Use fcc_lseek instead of lseek. (fcc_read): Use and maybe refill the buffer. (dereference): Zap the contents of the buffer before freeing it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16666 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c (dereference): Lock mutex around call to krb5_fcc_close_fileKen Raeburn2004-08-152-1/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16664 dc483132-0cff-0310-8789-dd5450dbe970
* Only open a credential cache file once, even if multiple krb5_ccache objectsKen Raeburn2004-08-134-77/+172
| | | | | | | | | | | | | | | | | | | | | | | | | refer to it. (This does NOT yet take care of the problem of multiple threads wanting to use OS-level advisory locks, which at least on UNIX are per-process and not per-thread.) * cc_file.c (krb5_fcc_close_file): Change first argument to be an fcc-data pointer, not a krb5_ccache. All calls changed. (struct fcc_set): Add a refcount member. (Definition accidentally introduced without comment in an earlier patch.) (krb5int_cc_file_mutex, fccs): New variables, for managing a global list of open credential cache files. (dereference): New function, with most of old close/destroy operations. Decrements reference count and only frees the object and removes it from the global list if the refcount hits zero. (krb5_fcc_close, krb5_fcc_destroy): Call dereference. (krb5_fcc_resolve): If a file cache is already open with the same file name, increment its reference count and don't create a new one. When a new one is created, add it to the global list. * cc-int.h (krb5int_cc_file_mutex): Declare. * ccbase.c (krb5int_cc_initialize): Initialize it. (krb5int_cc_finalize): Destroy it, and krb5int_mcc_mutex. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16662 dc483132-0cff-0310-8789-dd5450dbe970
* get_in_tkt.c (get_init_creds): Support ticket_lifetime libdefault. Made ↵Alexandra Ellwood2004-08-122-27/+69
| | | | | | | | | | aware of 32 bit min and max for times. Allow renew_until time < expiration time ticket: 2654 ticket: 2655 ticket: 2656 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16656 dc483132-0cff-0310-8789-dd5450dbe970
* ccdefname.c (krb5_cc_set_default_name, krb5_cc_default_name): Look up the ↵Alexandra Ellwood2004-08-122-41/+64
| | | | | | | | default ccache name in krb5_cc_default_name, not krb5_cc_set_default_name so that krb5_init_context doesn't have to do work it might never use ticket: 2657 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16655 dc483132-0cff-0310-8789-dd5450dbe970
* * libkrb5.exports: Remove memory ccache symbols except ops tableKen Raeburn2004-08-082-14/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16650 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c: Remove USE_STDIO supportKen Raeburn2004-08-052-317/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16643 dc483132-0cff-0310-8789-dd5450dbe970
* * srv_rcache.c (krb5_get_server_rcache): Call krb5_rc_recover_or_initializeKen Raeburn2004-08-042-7/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16641 dc483132-0cff-0310-8789-dd5450dbe970
* * rc-int.h (struct _krb5_rc_ops): Add new member, recover_or_init.Ken Raeburn2004-08-047-7/+59
| | | | | | | | | | | | | | * rc_dfl.c (krb5_rc_dfl_init_locked): New function, with most of the content of old krb5_rc_dfl_init. (krb5_rc_dfl_init): Call it. (krb5_rc_dfl_recover_or_init): New function. * rc_dfl.h (krb5_rc_dfl_recover_or_init): Declare. * rcdef.c (krb5_rc_dfl_ops): Initialize new field. * rc_none.c (krb5_rc_none_recover_or_init): New macro. (krb5_rc_none_ops): Initialize new field. * rcfns.c (krb5_rc_recover_or_initialize): New function. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16640 dc483132-0cff-0310-8789-dd5450dbe970
* Implement new replay cache type "none"Ken Raeburn2004-07-305-3/+108
| | | | | | | | | | * rc_none.c: New file. * Makefile.in (SRCS, STLIBOBJS, OBJS): Build it. * rc-int.h (krb5_rc_none_ops): Declare. * rc_base.c (none): New variable. (krb5_rc_typelist_dfl): Add it into the linked list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16634 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_ccache_name): Variable deleted.Ken Raeburn2004-07-302-3/+23
| | | | | | | (kg_sync_ccache_name, kg_get_ccache_name, kg_set_ccache_name): Get and set thread-specific values instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16632 dc483132-0cff-0310-8789-dd5450dbe970
* Export lucid context functions and gss_krb5_set_allowable_enctypesSam Hartman2004-07-292-0/+7
| | | | | | Ticket: 2587 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16631 dc483132-0cff-0310-8789-dd5450dbe970
* Add a mutex to the GSSAPI krb5 mechanism credential structure. Lock it whileKen Raeburn2004-07-2911-30/+146
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | frobbing the contents. Also added krb5_gss_validate_cred_1, which is like krb5_gss_validate_cred but for internal use. It lets the caller supply the krb5_context instead of creating yet another one locally, and leaves the new credential mutex locked on a successful return so that the caller doesn't have to reacquire it. More functions should be changed to use this internally, but it's a performance issue; I don't think it's a correctness or thread-safety issue. * gssapiP_krb5.h (struct _krb5_gss_cred_id_rec): Add a mutex. (krb5_gss_validate_cred_1): Declare. * accept_sec_context.c (rd_and_store_for_creds): Initialize mutex. * acquire_cred.c (krb5_gss_acquire_cred): Initialize mutex. * add_cred.c (krb5_gss_add_cred): Create the krb5 context earlier. Call krb5_gss_validate_cred_1. Make sure the mutex is locked. * copy_ccache.c (gss_krb5_copy_ccache): Lock the mutex in the source credential. * init_sec_context.c (get_credentials, new_connection): Check that the mutex is locked. (mutual_auth): Delete unused credential argument. (krb5_gss_init_sec_context): Lock the mutex. * inq_cred.c (krb5_gss_inquire_cred): Lock the mutex. * rel_cred.c (krb5_gss_release_cred): Destroy the mutex. * set_allowable_enctypes.c (gss_krb5_set_allowable_enctypes): Lock the mutex. * val_cred.c (krb5_gss_validate_cred_1): New function. (krb5_gss_validate_cred): Use it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16630 dc483132-0cff-0310-8789-dd5450dbe970
* * set_ccache.c (gss_krb5_ccache_name): Don't make a copy of the string returnedKen Raeburn2004-07-292-29/+13
| | | | | | | by kg_get_ccache_name. Simplify some calls using a temporary error code variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16629 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_get_ccache_name): Make the copy always, not justKen Raeburn2004-07-292-16/+22
| | | | | | in the local-context case. Check for errors in making the copy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16628 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_get_ccache_name): Make a copy of the default ccache name,Ken Raeburn2004-07-282-1/+8
| | | | | | because calling krb5_free_context will destroy it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16627 dc483132-0cff-0310-8789-dd5450dbe970
* cc_mslsa.c: fix is_windows_xp not to return true for windows 2000Jeffrey Altman2004-07-262-1/+6
| | | | | | | ticket: 2645 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16624 dc483132-0cff-0310-8789-dd5450dbe970
* [needs the include/configure.in checkin of a few minutes ago, too]Ken Raeburn2004-07-222-2/+15
| | | | | | | | | * localaddr.c (get_lifconf): Define only if "struct lifconf" is available. (foreach_localaddr): Use get_lifconf only if "struct lifconf" is available. ticket: 2598 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16621 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_memory.c (krb5_mcc_store): When allocating krb5_mcc_linkEzra Peisach2004-07-182-1/+6
| | | | | | memory - allocate sizeof() - not sizeof(sizeof()). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16613 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-12 10:08:03 +0000