summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Include <openssl/des.h> in the OpenSSL back end's weak_key.c for theGreg Hudson2010-11-091-0/+1
| | | | | | DES_is_weak_key prototype. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24512 dc483132-0cff-0310-8789-dd5450dbe970
* After a failed kdb5_util load, make a subsequent load operation workGreg Hudson2010-11-064-665/+507
| | | | | | | | | | | by removing the remnant temporary files after obtaining a lock. To make this safe, the private contract for temporary DB creation and promotion had to be altered, along with many of the DB2 internal helper functions. ticket: 6814 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24511 dc483132-0cff-0310-8789-dd5450dbe970
* Further kdb_db2 code cleanup: make gen_dbsuffix return aGreg Hudson2010-11-042-55/+30
| | | | | | | krb5_error_code to simplify error handling in callers, and discard the db_lf_time field which was set but never used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24510 dc483132-0cff-0310-8789-dd5450dbe970
* Remove a stray spawn_shell in the iprop dejagnu testsGreg Hudson2010-11-041-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24509 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify kdb_db2's open_db() a little further, avoiding a suspiciousGreg Hudson2010-11-031-7/+11
| | | | | | switch fallthrough. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24508 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid running off the end of the spares array in db2's page_to_oaddr()Greg Hudson2010-11-031-1/+1
| | | | | | in unrealistically large databases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24507 dc483132-0cff-0310-8789-dd5450dbe970
* Use size_t to hold set counts in net-server.cGreg Hudson2010-11-031-9/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24506 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up the DB2 KDB module code a bit, making it more conformant withGreg Hudson2010-11-021-141/+96
| | | | | | | current coding practices. Mostly namespace changes, but also simplify krb5_db2_destroy(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24505 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_error_message cannot return NULL, and returns "Success" onGreg Hudson2010-11-016-53/+22
| | | | | | error code 0. Simplify some overly paranoid code accordingly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24489 dc483132-0cff-0310-8789-dd5450dbe970
* Don't fail out from krb5_get_credentials() if we can't store a ticketGreg Hudson2010-10-271-10/+4
| | | | | | | | into the ccache. ticket: 6812 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24488 dc483132-0cff-0310-8789-dd5450dbe970
* FILE keytabs have been able to handle write operations since krb5 1.7,Greg Hudson2010-10-263-41/+13
| | | | | | | | | | as an apparently unintended side effect of r20594. Clean up the code by combining the identical resolve functions for FILE and WRFILE, and removing the code to set up a WRFILE default keytab name in kadmin.c. Also fixes a slight display bug; k5test.py needs to be adjusted to expect the correct output. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24487 dc483132-0cff-0310-8789-dd5450dbe970
* Mark Camellia-CCM code as experimentalGreg Hudson2010-10-261-0/+3
| | | | | | | | | | | Add a comment noting that the Camellia-CCM code in 1.9 is experimental. ticket: 6811 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24486 dc483132-0cff-0310-8789-dd5450dbe970
* Add a kg_encrypt_inplace() utility function to the krb5 GSS mech, andGreg Hudson2010-10-266-101/+108
| | | | | | | | | | use it where we do in-place encryption of checksums in the non-CFX seal tokens with raw DES enctypes. Avoids a harmless but incorrect in-place memcpy(). ticket: 6770 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24485 dc483132-0cff-0310-8789-dd5450dbe970
* Make k5-buf.h comments consistent with coding styleGreg Hudson2010-10-261-44/+54
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24484 dc483132-0cff-0310-8789-dd5450dbe970
* Set *conf_state on successful return fromGreg Hudson2010-10-261-0/+2
| | | | | | | | | | | gss_krb5int_make_seal_token_v3_iov, fixing a case where it wasn't always set by gss_wrap_iov. Patch from aberry@likewise.com. ticket: 6809 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24483 dc483132-0cff-0310-8789-dd5450dbe970
* When we create a temporary memory ccache for use within aGreg Hudson2010-10-255-3/+10
| | | | | | | | | | | krb5_gss_cred_id_rec, set a flag to indicate that the ccache should be destroyed rather than closed. Patch from aberry@likewise.com. ticket: 6787 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24482 dc483132-0cff-0310-8789-dd5450dbe970
* Use safer output parameter handling inGreg Hudson2010-10-251-2/+4
| | | | | | | | | | krb5_gss_acquire_cred_impersonate_name and its subsidiary helpers. ticket: 6796 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24481 dc483132-0cff-0310-8789-dd5450dbe970
* In acquire_init_cred in the GSS krb5 mech, don't intern cred->name,Greg Hudson2010-10-251-4/+2
| | | | | | | | | | | since it's not used as an output parameter. Fixes a memory leak. Reported by aberry@likewise.com. ticket: 6793 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24480 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-10-242-3/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24479 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-10-244-72/+61
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24478 dc483132-0cff-0310-8789-dd5450dbe970
* Fix adjustment of counterKen Raeburn2010-10-231-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24477 dc483132-0cff-0310-8789-dd5450dbe970
* Declare xdr_purgekeys_argKen Raeburn2010-10-231-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24476 dc483132-0cff-0310-8789-dd5450dbe970
* Declare kadmin_purgekeysKen Raeburn2010-10-231-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24475 dc483132-0cff-0310-8789-dd5450dbe970
* Declare krb5_set_error_message_flKen Raeburn2010-10-231-0/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24474 dc483132-0cff-0310-8789-dd5450dbe970
* Include k5-int.h for function declarationsKen Raeburn2010-10-231-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24473 dc483132-0cff-0310-8789-dd5450dbe970
* In profile-reading performance test, print microseconds not millisecondsKen Raeburn2010-10-231-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24472 dc483132-0cff-0310-8789-dd5450dbe970
* Try harder to retain the "brand" string in the shared libraryKen Raeburn2010-10-232-5/+14
| | | | | | | Make the brand array non-static, and actually use the value in (the infrequently-called) krb5_init_secure_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24471 dc483132-0cff-0310-8789-dd5450dbe970
* Better libk5crypto NSS fork safetyGreg Hudson2010-10-234-10/+141
| | | | | | | | | | | | | Use SECMOD_RestartModules() from the forthcoming NSS 3.12.9 release to make the libk5crypto back end work after a fork. Add a test program to exercise fork detection in the NSS back end. Add a configure-time version check to ensure that we're using NSS 3.12.9 or later. ticket: 6810 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24470 dc483132-0cff-0310-8789-dd5450dbe970
* Make it possible to override CRYPTO_IMPL_CFLAGS and CRYPTO_IMPL_LIBS atGreg Hudson2010-10-229-9/+20
| | | | | | make time. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24469 dc483132-0cff-0310-8789-dd5450dbe970
* configure.in: don't force use of cacheSam Hartman2010-10-191-7/+0
| | | | | | | | | | | | Back when hardware was slower and we had lots and lots of imakefile-like configure scripts, forcing the use of config.cache made sense for performance reasons. Now that we have one configure script and we build on modern hardware, config.cache just introduces errors as you are debugging changes to the configure script. This commit stops second guessing autoconf's cache handling. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24468 dc483132-0cff-0310-8789-dd5450dbe970
* SecurID build supportSam Hartman2010-10-194-2/+30
| | | | | | | | | | | Integrate SecurID into the build if libaceclnt is found. Add a README file with an example of how to build it. ticket: 6807 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24467 dc483132-0cff-0310-8789-dd5450dbe970
* securID error handling fixSam Hartman2010-10-192-29/+29
| | | | | | | | | | | In porting forward, I incorrectly used krb5_set_error_message instead of com_err. This commit reverts that change. ticket: 6806 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24466 dc483132-0cff-0310-8789-dd5450dbe970
* securID code fixesSam Hartman2010-10-194-18/+36
| | | | | | | | | | | | | | | | | | | | | | Fixes to get securID preauth plugin working. A separate patch will address error handling and build issues. * Permit a preauth plugin to return KRB5KDC_ERR_PREAUTH_REQUIRED from the verify entry point. * If verify_securid2 fails, save the return value and return that rather than success after dealing with encoding the out_edata * Use the client key not the securid principal key for the sam checksum * indicate that securID is hardware authentication ticket: 6805 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24465 dc483132-0cff-0310-8789-dd5450dbe970
* Remove KDC replay cacheGreg Hudson2010-10-197-129/+9
| | | | | | | | | | | | Now that SAM1 support has been removed, the KDC does not need a replay replay cache. Remove all code within USE_RCACHE and associated support. Rename --disable-kdc-replay-cache to --disable-kdc-lookaside-cache. ticket: 6804 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24464 dc483132-0cff-0310-8789-dd5450dbe970
* WhitespaceGreg Hudson2010-10-131-5/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24454 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust valgrind support to assume a modern valgrind that requires %p in log ↵Sam Hartman2010-10-131-1/+1
| | | | | | files git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24453 dc483132-0cff-0310-8789-dd5450dbe970
* Fix leaks in get_init_creds interfaceSam Hartman2010-10-131-3/+9
| | | | | | | | | | | | | | | | | In Debian Bug 598032, Bastian Blank points out that there are two leaks in the get_init_creds interface: * Free ctx->request->padata after sending the KDC request so it is not overwritten the next time around the loop. * If options is NULL passed into krb5_get_init_creds_init, then set up a non-extended options structure so that krb5_get_init_creds_free will free the options. ticket: 6801 target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24452 dc483132-0cff-0310-8789-dd5450dbe970
* README and patchlevel to 1.10-prereleaseTom Yu2010-10-111-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24451 dc483132-0cff-0310-8789-dd5450dbe970
* When returning KRB5_KT_NOTFOUND from krb5_ktfile_get_entry, set anGreg Hudson2010-10-111-1/+8
| | | | | | extended error message indicating which principal was not found. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24448 dc483132-0cff-0310-8789-dd5450dbe970
* Plug a memory leak in gss_indicate_mechsGreg Hudson2010-10-091-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24447 dc483132-0cff-0310-8789-dd5450dbe970
* Encoding cleanup: curly quotes to ASCII quotes, and some ISO-8859-1Tom Yu2010-10-0854-54/+54
| | | | | | files to UTF-8. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24446 dc483132-0cff-0310-8789-dd5450dbe970
* In gss_indicate_mechs, avoid setting the output pointer until successGreg Hudson2010-10-081-17/+17
| | | | | | is guaranteed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24445 dc483132-0cff-0310-8789-dd5450dbe970
* In gss_inquire_attrs_for_mech, remove the assumption that mech_attrsGreg Hudson2010-10-081-1/+2
| | | | | | != NULL in a particular error case. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24444 dc483132-0cff-0310-8789-dd5450dbe970
* Remove duplicate code block in spnego_gss_set_cred_option()Greg Hudson2010-10-081-17/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24443 dc483132-0cff-0310-8789-dd5450dbe970
* Add a kadm5 RPC for purging old keys from the KDB (e.g., fromTom Yu2010-10-0814-9/+263
| | | | | | | | | | | | | | | change_password -keepold), and add a kadmin CLI command for it. Keeping ticket open because an automated test needs to be added. Long-term future work includes start/expire dates on keys, or not-yet-valid flags. ticket: 1219 status: open target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24442 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a typo in kerberos.ldif. Reported by nalin@redhat.comGreg Hudson2010-10-071-1/+1
| | | | | | | | ticket: 6701 target_version: 1.8.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24441 dc483132-0cff-0310-8789-dd5450dbe970
* Performance issue in LDAP policy fetchGreg Hudson2010-10-073-10/+19
| | | | | | | | | | Instead of performing a tree search to fill in the refcnt field of a policy object whenever a policy is fetched, set the refcnt to 0 and perform a check when policies are deleted. ticket: 6799 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24440 dc483132-0cff-0310-8789-dd5450dbe970
* set NT-SRV-INST on TGS principal namesTom Yu2010-10-061-1/+12
| | | | | | | | | | | | | | Set NT-SRV-INST on TGS principal names in get_in_tkt.c:build_in_tkt_name because Windows Server 2008 R2 RODC insists on it. Thanks to Bill Fellows for reporting this problem. ticket: 6798 tags: pullup target_version: 1.8.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24438 dc483132-0cff-0310-8789-dd5450dbe970
* Correct a miscarriage of justice committed by the style policeGreg Hudson2010-10-061-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24437 dc483132-0cff-0310-8789-dd5450dbe970
* Merge users/lhoward/sasl-gs2 to trunkGreg Hudson2010-10-0617-14/+1407
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24436 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-03 05:06:02 +0000