summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Get t_ser to build again after the S4U authdata branch mergeGreg Hudson2010-05-271-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24105 dc483132-0cff-0310-8789-dd5450dbe970
* In testrealm.py, stash the passwords in testdir/passwords so that theyGreg Hudson2010-05-251-1/+6
| | | | | | can be retrieved after they've scrolled away. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24103 dc483132-0cff-0310-8789-dd5450dbe970
* FAST negotiation could erroneously succeedGreg Hudson2010-05-251-0/+1
| | | | | | | | | | | | | | When FAST negotiation is performed against an older KDC (rep->enc_part2->flags & TKT_FLG_ENC_PA_REP not set), krb5int_fast_verify_nego did not set the value of *fast_avail, causing stack garbage to be used in init_creds_step_reply. Initialize *fast_avail at the beginning of the function per coding practices. ticket: 6734 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24102 dc483132-0cff-0310-8789-dd5450dbe970
* Fix long lines and other formatting issues in fast.hGreg Hudson2010-05-241-25/+36
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24101 dc483132-0cff-0310-8789-dd5450dbe970
* Fix long lines and other formatting issues in fast.cGreg Hudson2010-05-241-56/+81
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24100 dc483132-0cff-0310-8789-dd5450dbe970
* Don't include nul characters in the text we send with krb-errorGreg Hudson2010-05-242-2/+2
| | | | | | responses from the KDC. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24097 dc483132-0cff-0310-8789-dd5450dbe970
* Make signedpath authdata visible via GSS naming extsGreg Hudson2010-05-235-2/+615
| | | | | | | | | | Merge users/lhoward/signedpath-naming-exts to trunk. Adds an authdata provider which makes non-PAC S4U2Proxy signedpath authdata visible to application servers via GSS naming extensions. ticket: 6733 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24094 dc483132-0cff-0310-8789-dd5450dbe970
* Remove a non-functional and unnecessary check in kdb5_util'sGreg Hudson2010-05-211-2/+0
| | | | | | | master_key_convert(). (key_data->key_data_length is an array, so its address is never null.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24085 dc483132-0cff-0310-8789-dd5450dbe970
* Fix an error case in kdb_util's dump.c where the dump file handle wasGreg Hudson2010-05-211-0/+1
| | | | | | leaked. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24084 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an unneeded conditional in the cleanup for kadmin's keytabGreg Hudson2010-05-211-5/+3
| | | | | | add_principal(), squashing a false-positive memory leak from Coverity. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24083 dc483132-0cff-0310-8789-dd5450dbe970
* In getdate.y, remove an error check from r19656 which couldn't everGreg Hudson2010-05-211-2/+0
| | | | | | trigger (Convert() does not use an error parameter). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24082 dc483132-0cff-0310-8789-dd5450dbe970
* Use ANSI-style function definitions in our copy of getdate.yGreg Hudson2010-05-211-37/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24081 dc483132-0cff-0310-8789-dd5450dbe970
* Document the disable_last_success and disable_lockout variables inGreg Hudson2010-05-211-0/+17
| | | | | | | | | krb5.conf.M. Also document database_name in krb5.conf.M and slightly adjust the wording in admin.texinfo. ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24078 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Arlene Berry to detect and ignore a duplicateTom Yu2010-05-201-0/+12
| | | | | | | | | | | mechanism token sent in the mechListMIC field, such as sent by Windows 2000 Server. ticket: 6726 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24075 dc483132-0cff-0310-8789-dd5450dbe970
* kdc_tcp_ports not documented in kdc.conf.MTom Yu2010-05-201-0/+20
| | | | | | | | | | | | | | The kdc.conf setting kdc_tcp_ports was not documented in kdc.conf.M, though it was documented in doc/admin.texinfo. Copy text from there for now. The setting defaults to an empty string at the moment, causing the KDC to not listen on TCP by default, confusing some users. Changing this behavior is a separate issue. ticket: 6730 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24074 dc483132-0cff-0310-8789-dd5450dbe970
* In gss_acquire_cred_with_password() and gss_add_cred_with_password(),Greg Hudson2010-05-201-38/+23
| | | | | | | require desired_name to be set, and always honor it. This is consistent with the Sun implementation and simplifies the code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24072 dc483132-0cff-0310-8789-dd5450dbe970
* CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)Tom Yu2010-05-191-0/+7
| | | | | | | | | | | Make krb5_gss_accept_sec_context() check for a null authenticator checksum pointer before attempting to dereference it. ticket: 6725 tags: pullup target_version: 1.8.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24056 dc483132-0cff-0310-8789-dd5450dbe970
* When parsing a KDC or admin server string, allow the name or addressGreg Hudson2010-05-182-40/+55
| | | | | | | | | to be enclosed in brackets so that IPv6 addresses can be represented. (IPv6 addresses contain colons, which look like port separators.) ticket: 6562 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24055 dc483132-0cff-0310-8789-dd5450dbe970
* Improve the error message from kadmin when hostname resolution failsGreg Hudson2010-05-183-4/+7
| | | | | | | for the admin server. (The extended message won't be displayed by kadmin currently; that's a separate issue.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24054 dc483132-0cff-0310-8789-dd5450dbe970
* If gss_inquire_cred is called with a null credential, acquire aGreg Hudson2010-05-171-44/+13
| | | | | | | | default initiator credential and process it normally, instead of using a completely different code path (the default mechanism's inquire_cred handler). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24052 dc483132-0cff-0310-8789-dd5450dbe970
* The mechglue always passes null for desired_mechs and actual_mechsGreg Hudson2010-05-177-244/+30
| | | | | | | when invoking gss_acquire_cred and friends. Eliminate a lot of unused and untestable logic in the krb5 mech which processed those arguments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24051 dc483132-0cff-0310-8789-dd5450dbe970
* The mechglue never invokes a mech's gss_add_cred function. Remove theGreg Hudson2010-05-174-411/+1
| | | | | | | | krb5 mech's add_cred implementation and null it out in the table. (This has the effect of removing the IAKERB add_cred implementation. SPNEGO already had it nulled out.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24050 dc483132-0cff-0310-8789-dd5450dbe970
* Reformat with shorter linesKen Raeburn2010-05-161-15/+23
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24043 dc483132-0cff-0310-8789-dd5450dbe970
* Delete an old pre-Yarrow itemKen Raeburn2010-05-161-4/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24042 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-05-165-38/+54
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24041 dc483132-0cff-0310-8789-dd5450dbe970
* Stop exporting some profile symbols that aren't either published inKen Raeburn2010-05-162-54/+0
| | | | | | the header or known serialization functions used by the krb5 library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24040 dc483132-0cff-0310-8789-dd5450dbe970
* Force hostname to lower-case for use in principal namesKen Raeburn2010-05-161-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24039 dc483132-0cff-0310-8789-dd5450dbe970
* Negative enctypes improperly read from ccachesGreg Hudson2010-05-131-1/+2
| | | | | | | | | When reading enctypes from ccaches, we need to sign-extend the 16-bit value we read in order to properly read negative enctypes. ticket: 6723 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24021 dc483132-0cff-0310-8789-dd5450dbe970
* Error handling bug in krb5_init_creds_init()Greg Hudson2010-05-131-4/+5
| | | | | | | | | | | Fix a bug in krb5_init_creds_init() where a freed context could be returned to the caller in certain error cases. ticket: 6722 tags: pullup target_version: 1.8.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24020 dc483132-0cff-0310-8789-dd5450dbe970
* Negative enctypes improperly read from keytabsGreg Hudson2010-05-131-3/+2
| | | | | | | | | | When reading enctypes from keytabs, we need to ntohs() the 16-bit value we read in before sign-extending it to a 32-bit value in the keyblock, or we run the risk of extending the wrong sign. ticket: 6720 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24016 dc483132-0cff-0310-8789-dd5450dbe970
* Make k5test.py work for builds in the source dirGreg Hudson2010-05-131-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24015 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5_get_in_tktTom Yu2010-05-121-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24013 dc483132-0cff-0310-8789-dd5450dbe970
* Reimplement krb5_get_in_tkt_with_skey in terms of krb5_get_init_creds,Greg Hudson2010-05-127-1170/+53
| | | | | | | | | | | | | | similar to how the password and keytab equivalents were done. Eliminate krb5_get_in_tkt. It's been very hard to use since we made krb5_kdc_rep_decrypt_proc private (in krb5 1.7 the prototype was taken out of krb5.h altogether), and it's unlikely that anything would have used it directly in the first place. Remove and/or simplify a lot of code depended on by krb_get_in_tkt, including all of preauth.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24012 dc483132-0cff-0310-8789-dd5450dbe970
* Add lockout-related performance tuning variablesGreg Hudson2010-05-107-39/+126
| | | | | | | | | | | | | | | The account lockout feature of krb5 1.8 came at a cost in database accesses for principals requiring preauth, even if lockout is not used. Add dbmodules variables disable_last_success and disable_lockout for the DB2 and LDAP back ends, allowing the admin to recover the lost performance at the cost of new functionality. (Unrelated documentation fix: document database_name as a DB2-specific dbmodules variable instead of the realm variable it used to be.) ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24003 dc483132-0cff-0310-8789-dd5450dbe970
* Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAPGreg Hudson2010-05-101-22/+29
| | | | | | | | | | | | | | | | | In krb5_ldap_put_principal, use krb5_get_attributes_mask to determine whether krbLoginFailedCount existed on the entry when it was retrieved. If it didn't exist, don't try to use LDAP_MOD_INCREMENT, and don't assert an old value when not using LDAP_MOD_INCREMENT. Also, create the krbLoginFailedCount attribute when creating new entries. This allows us to use LDAP_MOD_INCREMENT during the first failed login (if the server supports it), avoiding a race condition. ticket: 6718 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24002 dc483132-0cff-0310-8789-dd5450dbe970
* General code consistency pass in kdb_db2.c.Greg Hudson2010-05-051-136/+56
| | | | | | | Removes some pointless null checks. Frees the DB context when a DB is finalized. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23973 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust for removal of krb5_ldap_set_option in r23965Tom Yu2010-05-041-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23972 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of some kdb5_util load code which is no longer useful afterGreg Hudson2010-05-041-32/+1
| | | | | | the introduction of the DAL. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23971 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unused format string definitions from kdb5_util's dump.cGreg Hudson2010-05-041-14/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23970 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unused fields from kadm5_config_params. Bump the clientGreg Hudson2010-05-044-10/+2
| | | | | | and server sonames. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23969 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the unused realm_dbname field from krb5_realm_paramsGreg Hudson2010-05-045-10/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23968 dc483132-0cff-0310-8789-dd5450dbe970
* Remove a stray comment from r23966Greg Hudson2010-05-041-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23967 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor the kdb_db2.c code which processes db_args and profileGreg Hudson2010-05-042-305/+134
| | | | | | | variables to configure a DB context, to avoid repeating that code three times in open/create/destroy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23966 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5_db_set_option and the associated DAL entry. It was notGreg Hudson2010-05-048-93/+0
| | | | | | used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23965 dc483132-0cff-0310-8789-dd5450dbe970
* Correct the DAL documentation for db_createGreg Hudson2010-05-031-3/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23964 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate some uses of variables as format strings. Based on a patchGreg Hudson2010-05-036-14/+7
| | | | | | | | from Guillaume Rousse <Guillaume.Rousse@inria.fr>. ticket: 6714 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23963 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the use of variables for format strings in kdb5_util. ManyGreg Hudson2010-05-038-140/+8
| | | | | | | | | | | were unused, and localization will probably be done through _() macros, not collecting all the strings together. Elminates a number of format-security static analysis defects. ticket: 6714 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23962 dc483132-0cff-0310-8789-dd5450dbe970
* Fix some bugs in the IAKERB code discovered by Coverity. Also trimGreg Hudson2010-05-013-28/+18
| | | | | | | down iakerb_initiator_step() a little using krb5_data constructors and avoiding vertical function arguments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23961 dc483132-0cff-0310-8789-dd5450dbe970
* Add IAKERB mechanism and gss_acquire_cred_with_passwordGreg Hudson2010-04-3043-318/+2850
| | | | | | | | | | | | | | Merge branches/iakerb to trunk. Includes the following: * New IAKERB mechanism. * New gss_acquire_cred_with_password mechglue function. * ASN.1 encoders and decoders for IAKERB structures (with tests). * New shortcuts in gss-sample client and server. * Tests to exercise SPNEGO and IAKERB using gss-sample application. ticket: 6712 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23960 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak in process_tgs_req in r23724Tom Yu2010-04-301-1/+3
| | | | | | | | | | | Fix a KDC memory leak that was introduced by r23724 that could leak the decoded request. ticket: 6711 tags: pullup target_version: 1.8.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23959 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-03 07:05:37 +0000