summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Only store master mey list in DAL handleGreg Hudson2012-03-2118-151/+118
| | | | | | | | | | | | | | r24314 (#6778) created a hybrid owernship model for the master key list, with one virtual copy stored in the DAL handle and one provided to the caller of krb5_db_fetch_mkey_list. Replace this with a model where only the DAL handle owns the list, and a caller can get access to an alias pointer with a new function krb5_db_mkey_list_alias(). Functions which previously accepted the master key list as an input parameter now expect to find it in the DAL handle. Patch by Will Fiveash <will.fiveash@oracle.com>. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25781 dc483132-0cff-0310-8789-dd5450dbe970
* Make localedir work in build with autoconf 2.5xGreg Hudson2012-03-191-0/+6
| | | | | | | | | | | autoconf 2.5x does not define localedir, so we have to detect that and do it ourselves. ticket: 7095 target_version: 1.10.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25777 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid side effects in assert expressionsGreg Hudson2012-03-093-6/+14
| | | | | | | | | | | | asserts may be compiled out with -DNDEBUG, so it's wrong to use an assert expression with an important side effect. (We also have scores of side-effecting asserts in test programs, but those are less important and can be dealt with separately.) ticket: 7105 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25760 dc483132-0cff-0310-8789-dd5450dbe970
* Properly decode etype-info2 with no saltGreg Hudson2012-03-082-1/+42
| | | | | | | | | | | The data-driven decoder for etype-info2 was neglecting to call init_no_salt() when no salt is present in the encoding. Add in the missing call. Also add decode test cases for etype-info2, which would have caught this if they weren't missing. ticket: 7100 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25744 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify some ASN.1 array encoder testsGreg Hudson2012-03-083-67/+19
| | | | | | Use encode_run() for pa_data and etype_info tests. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25743 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unused arg from encode_run in ASN.1 testsGreg Hudson2012-03-081-93/+91
| | | | | | | Reformat call sites according to current coding conventions, since we're touching them all anyway. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25742 dc483132-0cff-0310-8789-dd5450dbe970
* Use GETSOCKNAME_ARG3_TYPE to prevent warning in type incompatibility.Ezra Peisach2012-03-061-2/+6
| | | | | | Fix a cast to prvent signed/unsigned warning. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25735 dc483132-0cff-0310-8789-dd5450dbe970
* Fix spurious password expiry warningGreg Hudson2012-03-051-0/+4
| | | | | | | | | | | | | | | | | | r24241 (#6755) introduced a bug where if the KDC sends a LastReq entry containing an account expiry time, we send a prompter warning for password expiry even if there was no entry containing a password expiry time. Typically, this results in the message "Warning: Your password will expire in less than one hour on Thu Jan 1 12:00:00 1970". Fix this by explicitly checking for pw_exp == 0 in warn_pw_expiry() after we've gotten past the conditional for invoking the callback. ticket: 7098 target_version: 1.9.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25730 dc483132-0cff-0310-8789-dd5450dbe970
* Remove admin_keytab references in code and docsGreg Hudson2012-03-0415-76/+3
| | | | | | | | | The admin keytab hasn't been needed or used by kadmind since 1.4 (except possibly by legacy admin daemons which we no longer ship). Eliminate remaining references to it in code, test cases, and documentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25729 dc483132-0cff-0310-8789-dd5450dbe970
* Add test cases for Windows RODC kvno compatibilityTom Yu2012-03-024-0/+26
| | | | | | ticket: 7092 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25725 dc483132-0cff-0310-8789-dd5450dbe970
* Fix KDB iteration when callback does write callsGreg Hudson2012-03-011-4/+2
| | | | | | | | | | | | | | | | | | | kdb_db2's ctx_iterate makes an convenience alias to dbc->db in order to call more invoke call the DB's seq method. This alias may become invalidated if the callback writes to the DB, since ctx_lock() may re-open the DB in order to acquire a write lock. Fix the bug by getting rid of the convenience alias. Most KDB iteration operations in the code base do not write to the DB, but kdb5_util update_princ_encryption does. Bug discovered and diagnosed by will.fiveash@oracle.com. ticket: 7096 target_version: 1.10.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25723 dc483132-0cff-0310-8789-dd5450dbe970
* Require IPv6 supportKen Raeburn2012-02-2815-101/+9
| | | | | | | | | | | | | | The configure-time options to enable and disable IPv6 support have been deprecated for some time, but the checks for OS support were kept. This removes those checks, and unconditionally compiles in the IPv6 support. There was a configure-time test to see if the macro INET6 needed to be defined in order to enable (visibility of) OS support for IPv6, which was needed on an IRIX system we tested with. That check is retained, but the revised code is untested on IRIX. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25719 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Richard Basch to work around Solaris 8 lacking isblank()Tom Yu2012-02-272-2/+8
| | | | | | | | ticket: 7074 target_version: 1.10.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25716 dc483132-0cff-0310-8789-dd5450dbe970
* Fail during configure if unable to find arTom Yu2012-02-221-0/+3
| | | | | | | | | | | Fail during configure time if the configure script can't locate the "ar" program, instead of producing a delayed failure during build time by running the "false" command. Some Solaris releases have ar in /usr/ccs/bin, which is not in the default path for some users. ticket: 7094 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25711 dc483132-0cff-0310-8789-dd5450dbe970
* Correct fix for #7092Greg Hudson2012-02-221-1/+13
| | | | | | ticket: 7092 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25706 dc483132-0cff-0310-8789-dd5450dbe970
* Revert broken #7092 fixGreg Hudson2012-02-221-9/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25705 dc483132-0cff-0310-8789-dd5450dbe970
* Access controls for string RPCs [CVE-2012-1012]Greg Hudson2012-02-211-8/+11
| | | | | | | | | | | | | | | | | | In the kadmin protocol, make the access controls for get_strings/set_string mirror those of get_principal/modify_principal. Previously, anyone with global list privileges could get or modify string attributes on any principal. The impact of this depends on how generous the kadmind acl is with list permission and whether string attributes are used in a deployment (nothing in the core code uses them yet). CVSSv2 vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:H/RL:O/RC:C ticket: 7093 target_version: 1.10.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25704 dc483132-0cff-0310-8789-dd5450dbe970
* kvno ASN.1 encoding interop with Windows RODCsGreg Hudson2012-02-211-1/+9
| | | | | | | | | | | | | | | | | | RFC 4120 defines the EncryptedData kvno field as an integer in the range of unsigned 32-bit numbers. Windows encodes and decodes the field as a signed 32-bit integer. Historically we do the same in our encoder in 1.6 and prior, and in our decoder through 1.10. (Actually, our decoder through 1.10 decoded the value as a long and then cast the result to unsigned int, so it would accept positive values >= 2^31 on 64-bit platforms but not on 32-bit platforms.) kvno values that large (or negative) are only likely to appear in the context of Windows read-only domain controllers. So do what Windows does instead of what RFC 4120 says. ticket: 7092 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25703 dc483132-0cff-0310-8789-dd5450dbe970
* In kadmin_getprivs replace the non-existing "GET" privilege by "INQUIRE". Zhanna Tsitkov2012-02-151-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25702 dc483132-0cff-0310-8789-dd5450dbe970
* Fix void pointer arithmetic in ASN.1 decoderGreg Hudson2012-02-141-4/+4
| | | | | | | | An expression in decode_sequence_of was incorrectly parenthesized, resulting in addition to a void pointer. Also avoid repeating the expression. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25701 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize gss_get_name_attribute output buffersGreg Hudson2012-02-141-0/+8
| | | | | | | | | | | | GSS functions which accept gss_buffer_t output arguments should initialize those buffers to empty on startup (see gss_wrap, for instance). Do so for gss_get_name_attribute in the mechglue. ticket: 7089 target_version: 1.10.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25700 dc483132-0cff-0310-8789-dd5450dbe970
* Add explanatory README for ASN.1 infrastructureGreg Hudson2012-02-131-0/+560
| | | | | | | | Since we're not yet at the point of having an ASN.1 compiler for our ASN.1 encoder, create a document explaining how to write macro invocations for type descriptors from an ASN.1 module. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25699 dc483132-0cff-0310-8789-dd5450dbe970
* Separate tag info and length in ASN.1 encoderGreg Hudson2012-02-123-52/+54
| | | | | | | Remove the length field of taginfo, and change the internal ASN.1 encoder interfaces to return length separately from tag info. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25698 dc483132-0cff-0310-8789-dd5450dbe970
* Fix ASN.1 buildGreg Hudson2012-02-121-4/+2
| | | | | | | r25695 left behind a dangling reference to the asn1_make object; get rid of it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25697 dc483132-0cff-0310-8789-dd5450dbe970
* Update ASN.1 TODO fileGreg Hudson2012-02-121-22/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25696 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unneeded ASN.1 codeGreg Hudson2012-02-1223-5634/+24
| | | | | | | | | | Get rid of a whole bunch of ASN.1 decoder infrastructure now that we're using the data-driven decoder for everything. Define taginfo in asn1_encode.h since asn1_get.h is going away. Rewrite split_der() to use get_tag() since it still had an unintended dependency on the previous generation of decoder infrastructure. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25695 dc483132-0cff-0310-8789-dd5450dbe970
* Convert utility functions to new decoderGreg Hudson2012-02-123-9/+58
| | | | | | | | | Create a special type to plug authdata types from authdata and make krb5int_get_authdata_containee_types use it. Add a test case for it as well. Move krb5_decode_ticket (a trivial wrapper) into asn1_k_encode.c so that krb5_decode.c is empty. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25694 dc483132-0cff-0310-8789-dd5450dbe970
* Data-driven ASN.1 decoderGreg Hudson2012-02-1112-221/+1650
| | | | | | | | | | | | | | | | | | Add a general ASN.1 decoder implementation in asn1_encode.c using the same data structures as the encoder (augmented where necessary), and use it to define decoder functions in asn1_k_encode.c. Add a boolean type to atype_info, as it is needed for the pa_pac_req decoder. For the moment, just #if out the old decoder functions; they and their support code can be cleaned up later after a a few remaining utility functions are addressed. Changes to encoder and decoder interfaces are minimized, but there are two small ones. ldap_seqof_key_data has a kvno field added, and some of the decoder logic is pushed up into the caller. The safe_with_body decoder now outputs an allocated krb5_data * instead of a krb5_data with aliases into the input buffer. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25693 dc483132-0cff-0310-8789-dd5450dbe970
* Change optional handling in ASN.1 encoderGreg Hudson2012-02-115-641/+343
| | | | | | | | | | | Create a new atype_optional with a function pointer to decide whether the type is present in the C object. For simple cases, sequences just reference the optional version of a type. For more complex cases (such as when the presence of the usec field of a sequence depends on whether the timestamp is set), we define a predicate on the structure object and nest the field type inside the optional type. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25692 dc483132-0cff-0310-8789-dd5450dbe970
* Style and naming changes to ASN.1 encoderGreg Hudson2012-02-114-523/+444
| | | | | | | Make style changes in preparation for the table-driven decoder. No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25691 dc483132-0cff-0310-8789-dd5450dbe970
* Use size_t for lengths in ASN.1 encoderGreg Hudson2012-02-113-67/+54
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25690 dc483132-0cff-0310-8789-dd5450dbe970
* Minimize draft9 PKINIT code by removing dead codeGreg Hudson2012-02-1122-563/+22
| | | | | | | | | | | | | | | | The PKINIT client code doesn't use decode_krb5_pa_pk_as_rep_draft9, which is fortunate because it doesn't work (see issue #7072). Instead, it passes both kinds of PKINIT replies through decode_krb5_pa_pk_as_rep, then decodes the un-enveloped CMS data in alternative 1 (encKeyPack) as either an RFC or draft9 ReplyKeyPack. So, remove the unused broken pa_pk_as_rep_draft9 decoder. For pa_pk_as_req_draft9, we only use two of the fields on encode and only one of those on decode. So, get rid of the unused fields and the krb5_trusted_ca structure, and reduce the encoder and decoder sequences to the minimum necessary fields. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25689 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate some unused ASN.1 encoding primitivesGreg Hudson2012-02-117-329/+71
| | | | | | | | asn1_make.c contained a variety of utility functions, most of which we no longer needed. Fold make_tag into asn1_encode.c and get rid of asn1_make.c and asn1_make.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25688 dc483132-0cff-0310-8789-dd5450dbe970
* Fold atype_primitive into atype_fnGreg Hudson2012-02-113-58/+16
| | | | | | | | atype_primitive is used for only two types (KerberosTime and KerberosFlags), which doesn't justify the machinery. Turn those types into atype_fn types and get rid of atype_primitive. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25687 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify ASN.1 choice type definitionsGreg Hudson2012-02-111-16/+7
| | | | | | | Union fields always have an offset of 0 relative to the union base, so we just need tag types for them, not DEFFIELDs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25686 dc483132-0cff-0310-8789-dd5450dbe970
* Add ASN.1 decoder test for krb5_pa_pac_reqGreg Hudson2012-02-111-0/+30
| | | | | | | Also, if decode_krb5_ap_rep_enc_part doesn't return the expected error code in krb5_decode_test, exit with nonzero status. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25685 dc483132-0cff-0310-8789-dd5450dbe970
* Correct a fencepost in ASN.1 encode_cntypeGreg Hudson2012-02-111-1/+1
| | | | | | For cntype_choice, count must be less than choice->n_options. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25684 dc483132-0cff-0310-8789-dd5450dbe970
* Fix uninitialized variable warning in trval.cGreg Hudson2012-02-071-1/+1
| | | | | | | | | | | | gcc -O3 is agressive enough to detect that do_cons() doesn't always set the value of rlen2, so trval2() gets a maybe-uninitialized warning. Squash it by initializing rlen2. ticket: 7088 target_version: 1.10.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25679 dc483132-0cff-0310-8789-dd5450dbe970
* Set display_value in krb5_gss_get_name_attributeGreg Hudson2012-02-061-1/+1
| | | | | | | | | | | | | | | | | | | | A backwards conditional in r25358 caused krb5_gss_get_name_attribute not to set display_value on success. Fix the sense of the conditional. We still don't quite correctly handle the cases where data_to_gss() fails, but those should be rare and the problem in those cases isn't severe, so it can be fixed separately. Also, value and display_value should probably be initialized to null buffers on failure, as is common with GSS interfaces. ticket: 7087 status: open target_version: 1.10.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25674 dc483132-0cff-0310-8789-dd5450dbe970
* Source code license to 2-clause BSDTom Yu2012-02-062-36/+48
| | | | | | | Change overall souce code license to 2-clause BSD. Also change example license in src/prototype to 2-clause BSD. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25671 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r25669 pending clarification of goals and API reviewTom Yu2012-02-036-233/+70
| | | | | | | New APIs of this sort should be discussed, and the goals motivating the change clarified. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25670 dc483132-0cff-0310-8789-dd5450dbe970
* Added a new trace logging message TRACE_PROFILE_ERR to improve the ↵Zhanna Tsitkov2012-02-036-70/+233
| | | | | | | | | | diagnostics of the potential misconfiguration. Added profile_get_(string/integer/boolean)_nodef functions to the profile library to get the typed values from the configuration files (without setting these values to the defaults). Used TRACE_PROFILE_ERR for the configuration diagnostics in krb5_init_context_profile API. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25669 dc483132-0cff-0310-8789-dd5450dbe970
* Better short/long descs in gss_display_mech_attrGreg Hudson2012-02-031-1/+34
| | | | | | | | | | | | | | | RFC 5587 defines an "arc name" and a "purpose" for each mechanism attribute. gss_display_mech_attr was returning the purpose (which isn't very short) in short_desc and a null buffer in long_desc (which isn't necessarily conformant to the spec). Instead, output the arc name as the short_desc and the purpose as the long_desc. This is more useful and also more consistent with Heimdal, which outputs the arc name as short_desc and either the purpose string or an empty string for long_desc. ticket: 7085 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25668 dc483132-0cff-0310-8789-dd5450dbe970
* Dump attributes differently in t_saslnameGreg Hudson2012-02-031-10/+32
| | | | | | | | Dump the known attributes only once, before iterating over the mechanisms, and display the short and long desc as well as the names when doing so. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25667 dc483132-0cff-0310-8789-dd5450dbe970
* Don't check mech in krb5_gss_inquire_cred_by_mechGreg Hudson2012-01-311-10/+0
| | | | | | | | | | | | | | | krb5_gss_inquire_cred_by_mech checks its mech argument against two of the four mechs a krb5 cred might have (the krb5 mech and the old krb5 mech, but not the wrong Microsoft mech or the IAKERB mech), so would spuriously fail for the other two mechs. There is no reason to check the mechanism if we assume a reasonable mechglue is interpreting application gss_inquire_cred_by_mech calls, so just remove the check. ticket: 7084 target_version: 1.10.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25666 dc483132-0cff-0310-8789-dd5450dbe970
* Suppress maybe-uninitialized warning in x-deltat.yGreg Hudson2012-01-272-23/+25
| | | | | | | | | | Recent versions of gcc can generate a maybe-uninitialized warning from bison output instead of a regular uninitialized warning. Suppress both. Fix from nalin@redhat.com. ticket: 7080 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25665 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up dispatch lookaside code slightlyGreg Hudson2012-01-261-17/+14
| | | | | | | | | | | | | Always log when we get a lookaside cache hit, eliminating a confusing conditional. This is a slight behavior change because we never used to log a lookaside cache hit when we can't deliver the response via UDP, but that was never really deliberate or important--we log all sorts of stuff about responses which might turn out to be too big. Also eliminate a signed/unsigned comparison warning in finish_dispatch. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25661 dc483132-0cff-0310-8789-dd5450dbe970
* Various lookaside cache fixesGreg Hudson2012-01-261-18/+22
| | | | | | | | | | | | | | | | | | | | | | | | | Don't touch the lookaside cache if we're responding with a lookaside cache entry. Also, leave the null entry behind if we're deliberately dropping a request (a rare case) so that we don't have to process it again. Fixes several lookaside problems in 1.10: * When dropping a request because it was already being processed, we were erroneously removing the null entry, causing us to process the request again upon a second retransmit. * When responding to a finished request with a lookaside entry, we were removing and re-adding the entry to the cache, resetting its time and performing unnecessary work. * We were not caching responses we couldn't deliver because they were too big for UDP, causing us to re-process the request when it came in again via TCP instead of simply delivering the cached response. ticket: 7082 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25660 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use stack variable address in as_req stateGreg Hudson2012-01-261-5/+5
| | | | | | | | | | | | | The KDC's process_as_req was storing the address of a stack variable (client_princ), which fails if the request is not immediately serviced. Move that variable to the state structure so its address remains valid for the lifetime of the request. ticket: 7081 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25659 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid sizeof(void) in ASN.1 encoderGreg Hudson2012-01-241-1/+1
| | | | | | | | | | We were computing sizeof(void) when referencing atype_int_immediate types in other types (primarily atype_tagged_thing). gcc gives this a pass but the Solaris compiler does not. Use "int" as the dummy type instead. (The type is unimportant since int-immediates aren't used by offset or sequence-of types.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25658 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 14:12:04 +0000