summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* * g_ad_tkt.c: Added support for login library to get_ad_tkt. Support is ↵Alexandra Ellwood2003-04-142-0/+16
| | | | | | copied from Mac Kerberos4 library and conditionalized for USE_LOGIN_LIBRARY to avoid changing get_ad_tkt's behavior for non-Kerberos Login Library builds git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15352 dc483132-0cff-0310-8789-dd5450dbe970
* Finish implementation of CBC+CTS decryption and truncated HMAC for AES.Ken Raeburn2003-04-139-36/+348
| | | | | | | | | Fix memory management bugs. ticket: 1418 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15351 dc483132-0cff-0310-8789-dd5450dbe970
* Obscure memory leak in asn1_decode_kdc_req_bodyEzra Peisach2003-04-132-1/+20
| | | | | | | | | | | | * asn1_k_decode.c (asn1_decode_kdc_req_body): Fix memory leak if optional server field is lacking, ticket: new component: krb5-libs target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15350 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid really, really huge cpu time usage caused by iteration count inKen Raeburn2003-04-132-0/+11
| | | | | | | | | | | | | spoofed preauth data. (Merely huge cpu time usage is probably still possible.) * aes_s2k.c (krb5int_aes_string_to_key): Return an error if the supplied iteration count is really, really large. ticket: 1418 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15349 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak in krb5_read_passwordKen Raeburn2003-04-132-6/+8
| | | | | | | | | | | * read_pwd.c (krb5_read_password): Always free temporary storage used for verification version of password. ticket: new target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15348 dc483132-0cff-0310-8789-dd5450dbe970
* don't install in-tree libdbTom Yu2003-04-024-12/+27
| | | | | | | | | | | | | Don't install the in-tree libdb. This requires that libkdb, etc. explicitly pull in the object files of the in-tree libdb if not using the system libdb. ticket: new status: open target_version: 1.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15320 dc483132-0cff-0310-8789-dd5450dbe970
* * unparse.c (krb5_unparse_name_ext): Don't move buffer pointer backwards ifKen Raeburn2003-04-012-1/+5
| | | | | | | | nothing has been put into the buffer yet. ticket: 1397 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15314 dc483132-0cff-0310-8789-dd5450dbe970
* Red Hat's krb5_princ_size fixesKen Raeburn2003-04-016-9/+35
| | | | | | | | ticket: 1397 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15312 dc483132-0cff-0310-8789-dd5450dbe970
* If the auth context does not have the DO_TIME flag set and no replaySam Hartman2003-04-012-1/+8
| | | | | | | | | cache is available, do not generate one. ticket: 1400 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15311 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2003-003: xdrmem int overflowsTom Yu2003-03-242-6/+21
| | | | | | | | | | | | | * xdr_mem.c (xdrmem_create): Perform some additional size checks. (xdrmem_getlong, xdrmem_putlong, xdrmem_getbytes): Check x_handy prior to decrementing it. ticket: new status: open tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15300 dc483132-0cff-0310-8789-dd5450dbe970
* fix kadmind startup failure with krb4 vuln patchTom Yu2003-03-192-8/+15
| | | | | | | | | | | * keytab.c (krb5_ktkdb_get_entry): Do not perform the enctype comparison if the requested enctype is a wildcard. ticket: new status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15295 dc483132-0cff-0310-8789-dd5450dbe970
* Disable krb4 cross-realm in krb524d and krb5kdc. Provide an option toSam Hartman2003-03-172-1/+54
| | | | | | | | | | | | | | | | | | | reenable (-X) which prints a warning that you are creating a security hole. Remove support for generating krb4 tickets encrypted using 3DES service keys as it is insecure. They are still accepted however. The KDc is much more strict about accepting only tickets that it would have issued in the current configuration. In particular if the KDC would choose some enctype for writing a TGT, other enctypes will not be accepted when using a TGT. Ticket: 1385 Target_Version: 1.3 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15286 dc483132-0cff-0310-8789-dd5450dbe970
* Do not claim GSS_C_PROT_READY_FLAG since we don't support itSam Hartman2003-03-144-1/+14
| | | | | | | | | | | | | Our code does not currently support GSS_C_PROT_READY_FLAG so only return that flag after context establishment. A potential future addition is to support that flag and return GAP_TOKEN if the initiator processes a message token before the final context token. Ticket: 1352 Tags: pullup Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15280 dc483132-0cff-0310-8789-dd5450dbe970
* Rewrite asn1_get_tag interface to use a structure pointer rather than severalKen Raeburn2003-03-127-203/+246
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pointer variables for the returned data. Use the structure in the caller when straightforward; in cases where macros use different but overlapping sets of automatic scalar variables in one file, copy the values out of the structures for now, until they can be analyzed more carefully. * asn1_get.c (asn1_get_tag): Deleted. (asn1_get_tag_2): Renamed from asn1_get_tag_indef, now uses a pointer to taginfo rather than a bunch of pointer args. (asn1_get_id, asn1_get_length): Folded into asn1_get_tag_2. (asn1_get_sequence): Call asn1_get_tag_2. * asn1_get.h (taginfo): New structure. (asn1_get_tag_indef, asn1_get_tag, asn1_get_id, asn1_get_length): Declarations deleted. (asn1_get_tag_2): Declare. * asn1_decode.c (setup): Declare only a taginfo variable. (asn1class, construction, tagnum, length): New macros. (tag): Call asn1_get_tag_2. * asn1_k_decode.c (next_tag, get_eoc, apptag, end_sequence_of, end_sequence_of_no_tagvars, asn1_decode_krb5_flags): Call asn1_get_tag_2; if no error, copy out values into scalar variables. (asn1_decode_ticket): Call asn1_get_tag_2. * asn1buf.c (asn1buf_skiptail): Call asn1_get_tag_2. * krb5_decode.c (check_apptag, next_tag, get_eoc): Call asn1_get_tag_2; if no error, copy out values into scalar variables. (decode_krb5_enc_kdc_rep_part): Call asn1_get_tag_2. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15274 dc483132-0cff-0310-8789-dd5450dbe970
* * t_kerb.c: Only include krb.h if krb4 support compiled in,Ezra Peisach2003-03-092-0/+12
| | | | | | otherwise define ANAME_SZ, INST_SZ and REALM_SZ. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15271 dc483132-0cff-0310-8789-dd5450dbe970
* Yet another attempt at cross-directory dependencies. Seems to fix the parallelKen Raeburn2003-03-082-8/+46
| | | | | | | | | | | build, and hasn't broken the out-of-date case so far as I can tell, so far... Added a bunch of comments describing the cases that need to be handled. * Makefile.in ($(BUILDTOP)/include/gssapi/gssapi.h, generic/gssapi.h, generic/gssapi_err_generic.h, krb5/gssapi_err_krb5.h): Comment out old rules and dependencies; depend on all-recurse and supply a no-op rule. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15270 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5_libinit.c: Changed USE_HARDCODED_FALLBACK_ERROR_TABLES macro to ↵Alexandra Ellwood2003-03-072-2/+8
| | | | | | !USE_BUNDLE_ERROR_STRINGS so Darwin based builds get com_err style error tables git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15267 dc483132-0cff-0310-8789-dd5450dbe970
* * gss_libinit.c: Changed USE_HARDCODED_FALLBACK_ERROR_TABLES macro to ↵Alexandra Ellwood2003-03-072-2/+8
| | | | | | !USE_BUNDLE_ERROR_STRINGS so Darwin based builds get com_err style error tables git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15266 dc483132-0cff-0310-8789-dd5450dbe970
* * preauth2.c (pa_sam_2): Add intermediate size_t variable to holdTom Yu2003-03-062-1/+8
| | | | | | | | output of krb5_c_encrypt_length(). ticket: 1373 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15264 dc483132-0cff-0310-8789-dd5450dbe970
* * c_ustime.c: Removed Mac OS 9 code. * ccdefname.c: Conditionalize on ↵Alexandra Ellwood2003-03-066-123/+29
| | | | | | USE_CCAPI and not TARGET_OS_MAC so Darwin builds work. * init_os_ctx.c: Modified to use DEFAULT_SECURE_PROFILE_PATH and DEFAULT_PROFILE_PATH for KfM homedir-relative config files. * read_pwd.c: Cast to remove const warnings. * timeofday.c: Do the same thing on the Mac as on Unix git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15259 dc483132-0cff-0310-8789-dd5450dbe970
* * appdefault.c: Fix constness to avoid warning. * init_ctx.c: Do the same ↵Alexandra Ellwood2003-03-064-3/+11
| | | | | | stuff on the Mac as on Unix. * preauth2.c: Added cast to fix warning git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15258 dc483132-0cff-0310-8789-dd5450dbe970
* * stdcc.h, stdcc_util.h: Removed Mac header gooberAlexandra Ellwood2003-03-063-4/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15257 dc483132-0cff-0310-8789-dd5450dbe970
* * ccdefault.c: Remove Mac header goober and include k5-int.h after ↵Alexandra Ellwood2003-03-062-2/+8
| | | | | | KerberosLoginPrivate.h git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15256 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5_libinit.c: Removed Mac OS X header goober. Conditionalize CCAPI ↵Alexandra Ellwood2003-03-062-5/+12
| | | | | | calls on USE_CCAPI so Darwin builds work git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15255 dc483132-0cff-0310-8789-dd5450dbe970
* * CCache-glue.c: Added prototypes for deprecated functions. Made internal ↵Alexandra Ellwood2003-03-0613-145/+94
| | | | | | functions static. Removed unused CoreServices include. Changed TICKET_GRANTING_TICKET to new macro: KRB_TICKET_GRANTING_TICKET. * change_password.c: Added check of inputs to krb_change_password so we don't crash on bad inputs. Call des_string_to_key not mit_password_to_key on all platforms because we don't want to prompt for a password. * FSp-glue.c: Added prototypes for deprecated functions. Changed to use KfM's FSSpecToPOSIXPath which correctly handles FSSpecs where the file does not exist. * g_in_tkt.c: Added explanatory comments. Made TARGET_OS_MAC sections a little smaller and easier to read. * g_pw_in_tkt.c: Only prompt when we are not using the login library. This is so that Darwin builds do prompt but KfM builds don't. * g_svc_in_tkt.c, g_tkt_svc.c: Changed to use KRB_TICKET_GRANTING_TICKET. * kadm_net.c: Use autoconf variable krb5_sigtype instead of sigtype, which doesn't seem to be defined on Mac OS X. * krb4int.h, RealmsConfig-glue.c: Removed krb_get_stk(). * rd_req.c: Added #ifdef KRB4_USE_KEYTAB to avoid unused variable warning when KRB4_USE_KEYTAB is not defined. * sendauth.c: Fixed warnings with casts git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15254 dc483132-0cff-0310-8789-dd5450dbe970
* * disp_status.c, gssapi_krb5.h, gssapiP_krb5.h: Removed Mac header gooberAlexandra Ellwood2003-03-064-20/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15253 dc483132-0cff-0310-8789-dd5450dbe970
* * disp_com_err_status.c, gssapi_generic.h: Removed Mac header goober. * ↵Alexandra Ellwood2003-03-065-19/+12
| | | | | | gssapiP_generic.h, gssapi.hin: Removed macintosh check because we don't build on OS 9 anymore. * gssapi.hin: Removed enumsalwaysint because there are no typed enums in this header. Removed duplicate CFM-68K magic git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15252 dc483132-0cff-0310-8789-dd5450dbe970
* * gss_libinit.c: Removed Mac header goober. Fixed ↵Alexandra Ellwood2003-03-063-8/+13
| | | | | | USE_HARDCODED_FALLBACK_ERROR_TABLES macro used by KfM. * gss_libinit.h: do not use the same multiple include protection macro as krb5_libinit.h. Changed to GSSAPI_LIBINIT_H git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15251 dc483132-0cff-0310-8789-dd5450dbe970
* * mac_des_glue.c, des.c, enc_dec.c, key_sched.c, str_to_key.c: Move KfM des ↵Alexandra Ellwood2003-03-068-78/+113
| | | | | | functions into their own file. They are all deprecated on KfM and shouldn't even get built on stock krb5 builds. * read_passwd.c: Added warning comment that des_read_pw_string is an exported function on KfM, so we should not change its ABI git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15250 dc483132-0cff-0310-8789-dd5450dbe970
* * prng.c: use Unix randomness sources on Mac OS XAlexandra Ellwood2003-03-062-4/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15249 dc483132-0cff-0310-8789-dd5450dbe970
* * des_int.h: Added prototype for mit_afs_crypt which is used by the ↵Alexandra Ellwood2003-03-062-0/+7
| | | | | | deprecated KfM des_crypt function git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15248 dc483132-0cff-0310-8789-dd5450dbe970
* use kdb keytab for kadmindTom Yu2003-03-064-8/+49
| | | | | | | | | | | | | kadmind previously required a file-based keytab to support its use of gssapi. For ease of administration, a kdb-based keytab would be beneficial. This commit includes changes to the kdb library to support this goal, as well as actual changes in the kadmind itself. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15237 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (krb5_gss_register_acceptor_identity): NewTom Yu2003-03-063-19/+61
| | | | | | | | | | | | function. Allows global override of default keytab for gss_acquire_cred() purposes. (acquire_accept_cred): Implement override. * gssapi_krb5.h: Add krb5_gss_register_acceptor_identity. ticket: 880 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15236 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (OBJFILELIST, OBJFILEDEP) [##DOS]: Add aes.lst.Ken Raeburn2003-03-052-2/+17
| | | | | | (all-windows, clean-windows, check-windows): Process aes directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15233 dc483132-0cff-0310-8789-dd5450dbe970
* * password_to_key.c (mit_passwd_to_key, afs_passwd_to_key): Comment out pragmasKen Raeburn2003-03-052-0/+7
| | | | | | not recognized by gcc or cl. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15232 dc483132-0cff-0310-8789-dd5450dbe970
* string_to_key.c (krb5_c_string_to_key_with_params): Declare before useKen Raeburn2003-03-052-1/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15231 dc483132-0cff-0310-8789-dd5450dbe970
* Reduce local configure script's work by removing static defines and header andKen Raeburn2003-03-0518-29/+48
| | | | | | | | | | | | | | | | | function info available in krb5/autoconf.h. * gethostname.c, getst.c, kadm_net.c, klog.c, kparse.c: Include krb5/autoconf.h. * kuserok.c, log.c, memcache.c, mk_preauth.c, netread.c: Ditto. * netwrite.c, put_svc_key.c, recvauth.c, send_to_kdc.c: Ditto. * tkt_string.c: Ditto. * Makefile.in: Update dependencies. (DEFINES): Define KRB4_USE_KEYTAB. * configure.in: Don't define KRB4_USE_KEYTAB. Don't check for any headers or functions; include/configure.in already does it. Don't invoke AC_C_CONST explicitly; CONFIG_RULES does that. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15230 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up PBKDF2 interface. Add s2k-params to string-to-key interface, exceptKen Raeburn2003-03-0516-76/+114
| | | | | | | no new decl in krb5.h yet; rename changed s2k functions to use krb5int_ prefix. Add AES to etype table. Delete some unused declarations. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15229 dc483132-0cff-0310-8789-dd5450dbe970
* * aes.c (krb5int_aes_init_state): Implement.Ken Raeburn2003-03-053-3/+14
| | | | | | * enc_provider.h (krb5int_enc_aes128, krb5int_enc_aes256): Declare. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15228 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5_err.et (KRB5_ERR_BAD_S2K_PARAMS): New error codeKen Raeburn2003-03-052-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15227 dc483132-0cff-0310-8789-dd5450dbe970
* Add AES string-to-key functionKen Raeburn2003-03-054-9/+84
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15226 dc483132-0cff-0310-8789-dd5450dbe970
* Delete some unused declarations from old-crypto APIKen Raeburn2003-03-058-21/+22
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15225 dc483132-0cff-0310-8789-dd5450dbe970
* * srv_rcache.c (krb5_get_server_rcache): Fix missedTom Yu2003-03-052-1/+6
| | | | | | isinvalidrcname -> isvalidrcname. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15224 dc483132-0cff-0310-8789-dd5450dbe970
* Fix rcache character test introduced in last commitSam Hartman2003-03-051-2/+2
| | | | | | Ticket: 1370 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15222 dc483132-0cff-0310-8789-dd5450dbe970
* Don't call shutdown after finishing writingSam Hartman2003-03-042-1/+6
| | | | | | to TCP socket as doing so causes interop problems. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15220 dc483132-0cff-0310-8789-dd5450dbe970
* Do not expect sequence number in encrypted krb_credSam Hartman2003-03-042-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15219 dc483132-0cff-0310-8789-dd5450dbe970
* GSS_C_NO_CREDENTIAL should accept any principalSam Hartman2003-03-048-42/+75
| | | | | | | | | | | | | | | | If a context is accepted with GSS_C_NO_CREDENTIAL or if a credential is acquired with GSS_C_NO_NAME as the acceptor name then allow any principal in the keytab to be used as the acceptor name. This means that gss_inquire_cred can return GSS_C_NO_NAME from a credential. ticket: new Tags: enhancement cc: nicolas.williams@sun.com cc: krbdev@mit.edu git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15218 dc483132-0cff-0310-8789-dd5450dbe970
* * pbkdf2.c (F): Now takes krb5_data for password and salt.Ken Raeburn2003-03-033-42/+53
| | | | | | | | | (krb5int_pbkdf2, krb5int_pbkdf2_hmac_sha1, krb5int_pbkdf2_hmac_sha1_128, krb5int_pbkdf2_hmac_sha1_256): Likewise, and for output also. * vectors.c (test_pbkdf2): Calls updated. (main): Run pbkdf2 tests. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15216 dc483132-0cff-0310-8789-dd5450dbe970
* * g_cnffile.c (krb__get_srvtabname): Keep strdup()ed string in aTom Yu2003-03-032-1/+11
| | | | | | | | | static variable and free it called again; this prevents a memory leak. ticket: 1357 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15215 dc483132-0cff-0310-8789-dd5450dbe970
* Use com_err_deplib rather than an explicit path so we do not have ourSam Hartman2003-03-025-5/+5
| | | | | | | shared libraries depend at a make level on com_err if we use the system com_err library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15212 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-13 21:13:47 +0000