summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Make dependGreg Hudson2011-04-054-18/+48
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24844 dc483132-0cff-0310-8789-dd5450dbe970
* gss_duplicate_name SPI for SPNEGOGreg Hudson2011-04-058-46/+109
| | | | | | | | | | Preserve attributes when duplicating a name, using the mechanism's implementation of gss_duplicate_name if present, or a loop over the attributes if not. ticket: 6895 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24843 dc483132-0cff-0310-8789-dd5450dbe970
* More sensical mech selection for gss_acquire_cred/accept_sec_contextGreg Hudson2011-04-042-49/+44
| | | | | | | | | | | | | | If a caller passes an empty mech set to gss_acquire_cred, get a cred for all mechs instead of just the krb5 mech, as we don't know what mechanism the cred is going to be used with (particularly in the acceptor case). As a related fix, if a caller passes a credential to gss_accept_sec_context and it does not contain a mech-specific cred for the token's mech, error out instead of using the default cred with the token's mechanism. ticket: 6894 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24840 dc483132-0cff-0310-8789-dd5450dbe970
* r24838 accidentally added a gss_duplicate_name line toGreg Hudson2011-04-041-1/+0
| | | | | | | | | build_dynamicMech(), breaking the build (since gss_duplicate_name isn't in gss_mechanism yet). Revert that part of the change. ticket: 6892 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24839 dc483132-0cff-0310-8789-dd5450dbe970
* Prevent bleed-through of mechglue symbols into loaded mechsGreg Hudson2011-04-041-54/+67
| | | | | | | | | | | When loading a mech's symbols individually, make sure the symbol we got wasn't just a mechglue symbol showing through because the mech was linked against the mechglue. From r24719 in users/lhoward/moonshot-mechglue-fixes. ticket: 6892 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24838 dc483132-0cff-0310-8789-dd5450dbe970
* Add gss_userok and gss_pname_to_uid to dynamic mech loading table.Greg Hudson2011-04-041-0/+2
| | | | | | | | From r24711 in users/lhoward/moonshot-mechglue-fixes. ticket: 6891 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24837 dc483132-0cff-0310-8789-dd5450dbe970
* Add gss_userok and gss_pname_to_uidGreg Hudson2011-04-0410-70/+428
| | | | | | | | | | | | | | | Resurrect gss_userok and gss_pname_to_uid in the mechglue. Add krb5 mech implementations using krb5_kuserok and krb5_aname_to_localname, as well as mechanism-independent implementations based on name attributes. From r24710, r24715, r24717, r24731, r24732, r24733, r24734, r24735, r24747, r24816, and r24819 in users/lhoward/moonshot-mechglue-fixes, with minor edits. ticket: 6891 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24836 dc483132-0cff-0310-8789-dd5450dbe970
* Documentation updatesZhanna Tsitkov2011-04-041-201/+276
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24835 dc483132-0cff-0310-8789-dd5450dbe970
* CoreFoundation is no longer used for UCS2 conversionsKen Raeburn2011-04-033-10/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24834 dc483132-0cff-0310-8789-dd5450dbe970
* Drop some redundant autoconf testsKen Raeburn2011-04-031-5/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24833 dc483132-0cff-0310-8789-dd5450dbe970
* Don't check for stdarg.hKen Raeburn2011-04-032-46/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24832 dc483132-0cff-0310-8789-dd5450dbe970
* Don't test HAVE_STDARG_H, just assume itKen Raeburn2011-04-031-18/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24831 dc483132-0cff-0310-8789-dd5450dbe970
* In t_fortuna.c, use a static buffer in head_tail_test, and use %f forGreg Hudson2011-04-031-2/+3
| | | | | | a double argument, not %lf. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24830 dc483132-0cff-0310-8789-dd5450dbe970
* Don't allocate over 2MB on the stack; sparc-netbsd3.0 default stackKen Raeburn2011-04-031-1/+1
| | | | | | limit is 2MB. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24829 dc483132-0cff-0310-8789-dd5450dbe970
* Include krb5_libinit.h always, since we call krb5int_initialize_library alwaysKen Raeburn2011-04-031-3/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24828 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r24815 and the RTLD_NODELETE part of r24744, which wasGreg Hudson2011-04-031-10/+2
| | | | | | committed by accident. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24827 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid using crypto_int.h in t_nfold.c for convenience on Solaris; justGreg Hudson2011-04-031-1/+3
| | | | | | prototype krb5int_nfold instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24826 dc483132-0cff-0310-8789-dd5450dbe970
* destest.c no longer needs crypto_int.hGreg Hudson2011-04-031-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24825 dc483132-0cff-0310-8789-dd5450dbe970
* Use RFC 5587 const types for draft-josefsson-gss-capsulate APIsLuke Howard2011-04-034-13/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24821 dc483132-0cff-0310-8789-dd5450dbe970
* Only use RTLD_NODELETE if it's availableKen Raeburn2011-04-031-3/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24815 dc483132-0cff-0310-8789-dd5450dbe970
* Factor out the address checks in krb5_rd_safe and krb5_rd_priv intoGreg Hudson2011-04-024-171/+105
| | | | | | a new function k5_privsafe_check_addrs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24806 dc483132-0cff-0310-8789-dd5450dbe970
* In libkrb5, move krb5int_auth_con_chkseqnum to a new file privsafe.c,Greg Hudson2011-04-027-173/+203
| | | | | | | renamed to k5_privsafe_check_seqnum. Declare it in int-proto.h rather than k5-int.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24805 dc483132-0cff-0310-8789-dd5450dbe970
* When doing S4U2Self for the anon principal, use the server realmLuke Howard2011-04-021-4/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24793 dc483132-0cff-0310-8789-dd5450dbe970
* typo fixLuke Howard2011-04-021-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24792 dc483132-0cff-0310-8789-dd5450dbe970
* Allow absolute paths for mechglue libraries. From r24736 inGreg Hudson2011-04-011-1/+5
| | | | | | users/lhoward/moonshot-mechglue/fixes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24781 dc483132-0cff-0310-8789-dd5450dbe970
* Implement draft-josefsson-gss-capsulateGreg Hudson2011-04-016-0/+169
| | | | | | | | | | | Add gss_encapsulate_token(), gss_decapsulate_token(), and gss_oid_equal() APIs, which are already present in Heimdal and Shishi. From r24737, r24738, and r24740 in users/lhoward/moonshot-mechglue-fixes. ticket: 6890 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24780 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a potential uninitialized free in prepare_error_as()Greg Hudson2011-04-011-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24779 dc483132-0cff-0310-8789-dd5450dbe970
* only reset greeting if provided attribute is urn:greet:greetingLuke Howard2011-04-011-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24776 dc483132-0cff-0310-8789-dd5450dbe970
* s4u2proxy_set_attribute should only return EPERM for its own attributeLuke Howard2011-04-011-8/+2
| | | | | | Failure to do this breaks other attribute providers' set_attribute() git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24775 dc483132-0cff-0310-8789-dd5450dbe970
* In r21175 (on the mskrb branch, merged in r21690) the result codes forGreg Hudson2011-03-291-2/+3
| | | | | | | | | | | | | | password quality and other errors were accidentally reversed. Fix them so that password quality errors generate a "soft" failure and other errors generate a "hard" failure, as Heimdal and Microsoft do. Also recognize KADM5_PASS_Q_GENERIC (added in 1.9) as a password quality error. ticket: 6888 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24755 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_cc_move if something went wrong, free the dst credential cacheZhanna Tsitkov2011-03-292-3/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24754 dc483132-0cff-0310-8789-dd5450dbe970
* If the new configuration data that is passed to krb5_cc_set_config is NULL, ↵Zhanna Tsitkov2011-03-292-57/+56
| | | | | | | | just remove the old configuration. Moved short krb5_cc_set_config usage example from krb5.hin into the separate file. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24753 dc483132-0cff-0310-8789-dd5450dbe970
* Updated the documentation for the krb5_ error_message function family. Zhanna Tsitkov2011-03-292-94/+97
| | | | | | | Created the directory doc/doxy_examples/ to hold examples used in the doxygen documentation. Added usage example for the krb5_get/set/free_error_message functions git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24752 dc483132-0cff-0310-8789-dd5450dbe970
* Static function names should not have krb5_ prefixZhanna Tsitkov2011-03-291-12/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24751 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the weak key checks from the builtin rc4 enc provider. ThereGreg Hudson2011-03-281-17/+0
| | | | | | | | | | | | | | is no standards support for avoiding RC4 weak keys, so rejecting them causes periodic failures. Heimdal and Microsoft do not check for weak keys. Attacks based on these weak keys are probably thwarted by the use of a confounder, and even if not, the reduction in work factor is not terribly significant for 128-bit keys. ticket: 6886 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24750 dc483132-0cff-0310-8789-dd5450dbe970
* Use first principal in keytab when verifying credsGreg Hudson2011-03-284-25/+171
| | | | | | | | | | In krb5_verify_init_creds(), use the first principal in the keytab to verify the credentials instead of the result of krb5_sname_to_principal(). Also add tests. ticket: 6887 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24749 dc483132-0cff-0310-8789-dd5450dbe970
* Documentation update. Mostly related to _kt_ and _cc_ routinesZhanna Tsitkov2011-03-281-118/+162
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24748 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a precedence error in g_make_token_header() which caused it toGreg Hudson2011-03-251-2/+2
| | | | | | | | write the wrong length when no token type is passed. (From r24739 in users/lhoward/moonshot-mechglue-fixes.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24745 dc483132-0cff-0310-8789-dd5450dbe970
* Set better error messages when plugins fail to load.Greg Hudson2011-03-251-4/+8
| | | | | | (From r24741 in users/lhowards/moonshot-mechglue-fixes.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24744 dc483132-0cff-0310-8789-dd5450dbe970
* Fix DAL documentation to recommend using krb5_db_get_context() andGreg Hudson2011-03-241-2/+2
| | | | | | | krb5_db_set_context() instead of directly accessing context->dal_handle->db_context (which requires internal headers). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24743 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesEzra Peisach2011-03-191-39/+22
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24730 dc483132-0cff-0310-8789-dd5450dbe970
* Minor clean-up in krb5.hinZhanna Tsitkov2011-03-181-44/+20
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24729 dc483132-0cff-0310-8789-dd5450dbe970
* Move doxygen comments from source to header. Updated comments and added some ↵Zhanna Tsitkov2011-03-182-46/+55
| | | | | | | | usage examples. Affected functions: krb5_cc_get_config, krb5_cc_set_config, krb5_is_config_principal git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24728 dc483132-0cff-0310-8789-dd5450dbe970
* Reinstate the line wrapping of the copyright notice in krb5.hin, andGreg Hudson2011-03-181-3/+3
| | | | | | fix the format of the header comment. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24727 dc483132-0cff-0310-8789-dd5450dbe970
* Added usage examples to the krb5_build_principal function familyZhanna Tsitkov2011-03-181-24/+56
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24726 dc483132-0cff-0310-8789-dd5450dbe970
* Use a helper function to clarify prepare_error_as() in the KDCGreg Hudson2011-03-181-63/+82
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24725 dc483132-0cff-0310-8789-dd5450dbe970
* KDC memory leak of reply padata for FAST repliesGreg Hudson2011-03-171-0/+1
| | | | | | | | | | | | kdc_fast_response_handle_padata() replaces rep->padata, causing the old value to be leaked. As a minimal fix, free the old value of rep->padata before replacing it. ticket: 6885 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24724 dc483132-0cff-0310-8789-dd5450dbe970
* Don't leak the default realm name when initializing the default realmGreg Hudson2011-03-171-1/+8
| | | | | | in the KDC. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24723 dc483132-0cff-0310-8789-dd5450dbe970
* KDC memory leak in FAST error pathGreg Hudson2011-03-174-20/+23
| | | | | | | | | | | | | | When kdc_fast_handle_error() produces a FAST-encoded error, it puts it into err->e_data and it never gets freed (since in the non-FAST case, err->e_data contains aliased pointers). Fix this by storing the encoded error in an output variable which is placed into the error's e_data by the caller and then freed. ticket: 6884 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24722 dc483132-0cff-0310-8789-dd5450dbe970
* KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]Tom Yu2011-03-151-0/+2
| | | | | | | | | | | Fix a double-free condition in the KDC that can occur during an AS-REQ when PKINIT is enabled. ticket: 6881 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24705 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-30 09:20:55 +0000