summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Change default client keytab nameGreg Hudson2012-08-023-2/+163
| | | | | | | Change the default client keytab name, if not overridden at build time, to FILE:$localstatedir/krb5/user/%{euid}/client.keytab. Introduce a second file from the autoconf archives in order to recursively expand $localstatedir within configure.in.
* Fix default substitution of ccache/keytab namesGreg Hudson2012-08-021-0/+6
| | | | | | | | | Tie up some loose ends in substitution of the default ccache/keytab names after 688a2702d2045abf5f99acfb59f3f372391e5be4: * Fix the substhtml target in src/doc/Makefile.in * Don't add FILE: when substituting the default keytab and client keytab names, as the defaults already have it.
* Explain memory allocation policy in oid_ops.cGreg Hudson2012-08-011-0/+7
|
* Add %{username} token to path expansionGreg Hudson2012-08-012-2/+26
| | | | | | | | For Unix-like platforms, add %{username} to the path expansion facility, expanding to the result of getpwuid on the euid. Also, for manual testing convenience, make t_expand_path print the result if no second argument is given.
* Fix KDC heap corruption vuln [CVE-2012-1015]Tom Yu2012-08-013-1/+6
| | | | | | | | | | | | | | | | | | | | Fix KDC heap corruption vulnerability [MITKRB5-SA-2012-001 CVE-2012-1015]. The cleanup code in kdc_handle_protected_negotiation() in kdc_util.c could free an uninitialized pointer in some error conditions involving "similar" enctypes and a failure in krb5_c_make_checksum(). Additionally, adjust the handling of "similar" enctypes to avoid advertising enctypes that could lead to inadvertent triggering of this vulnerability (possibly in unpatched KDCs). Note that CVE-2012-1014 (also described in MITKRB5-SA-2012-001) only applies to the krb5-1.10 branch and doesn't affect the master branch or releases prior to krb5-1.10. ticket: 7225 (new) target_version: 1.9.5 tags: pullup
* Fix edge-case bugs in kdb5_util loadGreg Hudson2012-07-312-16/+25
| | | | | | | | | | | * fscanf field widths must be less than the buffer size, not equal to it. * Check for negative values of lengths we're going to allocate. * Eliminate a warning in the comparison of the regexp end offset. * process_r1_8 policy doesn't actually ignore additional values, so get rid of the comment and inequality test suggesting that it does. ticket: 7224 (new)
* Revert an out-of-scope change in policy extensionsGreg Hudson2012-07-311-1/+1
|
* Add LDAP back end support for policy extensionsGreg Hudson2012-07-303-2/+127
| | | | ticket: 7223
* Constify krb5_string_to_keysalts()'s string argNicolas Williams2012-07-304-15/+17
|
* Policy extensions + new policy: allowed ks typesNicolas Williams2012-07-3033-220/+973
| | | | | | | | | | | | | | | | | This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new)
* Fix ugly ladder in src/kadmin/cli/kadmin.cNicolas Williams2012-07-301-144/+112
|
* De-indent process_k5beta6_record()Nicolas Williams2012-07-301-247/+210
|
* Remove eDirectory support code in LDAP KDB moduleGreg Hudson2012-07-2919-5150/+23
|
* Factor out LDAP policy marshallingGreg Hudson2012-07-261-32/+55
| | | | | | Use a helper function add_policy_mods() in krb5_ldap_create_password_policy() and krb5_ldap_put_password_policy() to avoid duplicating code for each field.
* Remove obsolete code in ldap_pwd_policy.cGreg Hudson2012-07-261-36/+0
| | | | | r18750 refactored some policy fetching code into populate_policy(), and left the old code in #if 0 blocks. Get rid of those blocks now.
* Minor fixes to expand_path.cGreg Hudson2012-07-251-35/+24
| | | | | | | Corrections to stuff noticed by kaduk: * Eliminate a space before paren in a call to free(). * Use %lu for unsigned long in format strings. * Simplify the tokens table definition.
* Support changing the built-in ccache/keytab namesGreg Hudson2012-07-2410-18/+92
| | | | | | | | | | | | | | * Add DEFCCNAME, DEFKTNAME, and DEFCKTNAME configure variables to change the built-in ccache and keytab names. * Add krb5-config options to display the built-in ccache and keytab names. * In the default build, use krb5-config to discover the system's built-in ccache and keytab names and use them (if not overridden). This can be controlled with the --with-krb5-config=PATH or --without-krb5-config configure options. * Make the built-in ccache name subject to parameter expansion. ticket: 7221 (new)
* Add default_ccache_name profile variableGreg Hudson2012-07-243-1/+22
| | | | | | | Like default_keytab_name and default_client_keytab_name, default_ccache_name is subject to parameter expansion. ticket: 7220 (new)
* Rename tests/t_cccol.py to t_ccache.pyGreg Hudson2012-07-243-12/+11
| | | | | | | Generalize the ccache collection tests in t_cccol.py to multiple kinds of ccache tests, and rename it to avoid confusion with the lower-level lib/krb5/ccache/t_cccol.py. Move a test from t_general.py into t_ccache.py.
* Rearrange ccdefname.c slightlyGreg Hudson2012-07-241-91/+53
| | | | | | | | Eliminate the USE_CCAPI variant of get_from_os() which was only used in KfM. Make get_from_os() allocate its result (wrapping the Windows implementation so it can continue to use a fixed-size buffer). Simplify krb5_cc_set_default_name() and krb5_cc_default_name(). Make some minor style adjustments.
* Add token expansion for keytab namesGreg Hudson2012-07-243-58/+62
| | | | | | | Make the default_keytab_name and default_client_keytab_name variables subject to parameter expansion. ticket: 7219 (new)
* Add internal path expansion functionsGreg Hudson2012-07-245-4/+577
| | | | | | | | Add an adapted version of Heimdal's expand_path.c, defining k5_expand_path_tokens() and k5_expand_path_tokens_extra(). These functions allow template paths like %{TEMP}/krb5cc_%{uid} to be resolved. Also add a test program to exercise the path expansion code.
* Remove outdated file migration.docZhanna Tsitkov2012-07-201-59/+0
|
* Add basic test for credstore extentionsSimo Sorce2012-07-203-3/+175
|
* Implement credential store support in spnegoSimo Sorce2012-07-202-15/+55
|
* Implement credential store support for krb5 mechSimo Sorce2012-07-206-27/+263
|
* Introduce credential store extensionsSimo Sorce2012-07-205-32/+269
| | | | | | | | | Add new APIs gss_acquire_cred_from, gss_add_cred_from, and gss_store_cred_into, which take additional argments to specify the location of the credential storage using a key-value map, where keys are interpreted by the mechanisms. ticket: 7217 (new)
* Use internal release function in oid_ops.cSimo Sorce2012-07-181-1/+1
| | | | | In the end the internal one is called in all cases, but it seem cleaner to use the internal one instead of relying on the redirection.
* In g_oid_ops.c, remove an unneeded declarationSimo Sorce2012-07-181-3/+0
| | | | The code that used it is no longer in this file.
* Doc introduced version for krb5_kt_client_defaultZhanna Tsitkov2012-07-161-0/+2
|
* Add kinit/klist -i options to use client keytabGreg Hudson2012-07-163-5/+33
| | | | | | | | | In combination with -k, -i will cause kinit or klist to use the default client keytab instead of the default acceptor keytab. This gives an easy way to figure out what default client keytab name is in use and to get credentials using it. ticket: 7216 (new)
* Remove DISABLE_TRACING from windows buildKevin Wasserman2012-07-161-1/+0
| | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7215 (new) tags: pullup
* krb5_stdccv3_get_principal error handling fixupKevin Wasserman2012-07-161-1/+3
| | | | | | | | | Don't treat an error returned by krb5_parse_name as a cc-internal error. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7214 (new) tags: pullup
* fix leak in cc_mslsa.cKevin Wasserman2012-07-161-0/+2
| | | | | | | | cc_name needs to be freed in krb5_lcc_close(). Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7213
* Fix macro redefinition warnings in cc_mslsa.cKevin Wasserman2012-07-161-1/+2
| | | | | | | | Include ntstatus.h and define WIN32_NO_STATUS before including winnt.h Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7213
* Implement cccol iterators for mslsaKevin Wasserman2012-07-161-7/+61
| | | | | | | | | Also implement switch_to stub Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7213 (new) tags: pullup
* MSLSA Don't use lstrcpy on ANSI stringsKevin Wasserman2012-07-161-11/+3
| | | | | | | | | Also change parameter types to eliminate casts. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7212 (new) tags: pullup
* define USE_HEAPALLOC in gssapi_alloc.hKevin Wasserman2012-07-161-4/+7
| | | | | | | | Easier to disable for testing. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7211 (new)
* Remove the UNICODE defines from wshelperAlexey Melnikov2012-07-161-1/+1
| | | | | | | | | | | wshelper is clearly not intended to use unicode: wprintf is used extensively and exclusively to write to char[] buffers and fields in dns structs are used as explicitly ASCII text. Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com> ticket: 7210 (new) tags: pullup
* Build lib/krb5/ccache/ccapi on Windows onlyKevin Wasserman2012-07-161-0/+1
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7209
* Define USE_CCAPI_V3 in krb5/ccache on windowsKevin Wasserman2012-07-162-1/+1
| | | | | | | | | USE_CCAPI_V3 provides cccol iteration support for ccapi. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7209 (new) tags: pullup
* __func__ -> __FUNCTION__ in disp_status.cKevin Wasserman2012-07-161-4/+4
| | | | | | | | | For MSVC compatibility Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7208 (new) tags: pullup
* Don't use syslog / LOG_DEBUG when they don't existKevin Wasserman2012-07-161-1/+1
| | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7207 (new) tags: pullup
* Use %i, not %s to Tprintf GetLastError()Kevin Wasserman2012-07-161-1/+1
| | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7206 (new) tags: pullup
* Rename 'free' -> 'free_func' in asn1_encode.c/.hKevin Wasserman2012-07-162-3/+3
| | | | | | | | | MSVC memory tracking tools do '#define free(p) _dbg_free(...)'. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7205 (new) tags: pullup
* KFW win-mac.h fixesKevin Wasserman2012-07-161-0/+6
| | | | | | | | | | | | | | | | kfw: add int16_t, uint16_t typedefs to win-mac.h uint16_t is used in chpw.c include stdlib.h, crtdbg.h in win-mac.h Allows leak-tracking using built-in msvc tools on windows. crtdbg.h needs to come _after_ stdlib.h, but _before_ checking for strdup. Define DEBUG and CRTDBG_MAP_ALLOC for full tracking. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7204 (new) tags: pullup
* kfw add preauth_sam2 to OBJS for windows buildKevin Wasserman2012-07-161-0/+1
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7203 (new) tags: pullup
* Fix error handling in allocate_princ()Greg Hudson2012-07-131-2/+4
| | | | | The most recent change could leak memory when trying to parse an invalid principal because of a failure to use the cleanup handler.
* Replace // comment in ccdefname.cGreg Hudson2012-07-131-1/+1
|
* Handle huge /bin directories in libdb2 testTom Yu2012-07-121-6/+7
| | | | | | | | | | | | The test suite for libdb2 uses /bin as a source of filenames and contents for insertion into databases. Fedora 17 (and possibly other OSes) have /bin symlinked to /usr/bin, which can vastly increase the number of files found, exceeding some limits of the test databases. Truncate this list of files at 100 to prevent this problem. ticket: 7201 (new) status: pullup target_version: 1.10.3
generated by cgit (git 2.34.1) at 2025-09-26 13:24:36 +0000