summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* whitespaceKen Raeburn2006-09-131-38/+30
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18584 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-09-121-292/+285
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18583 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-09-121-18/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18582 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (krb5/krb5.h): Wrap the content in macro test forKen Raeburn2006-09-071-0/+3
| | | | | | | | multiple-inclusion protection. ticket: 3522 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18571 dc483132-0cff-0310-8789-dd5450dbe970
* Make database plugin responsible for releasing the error-message string, soKen Raeburn2006-09-065-1/+12
| | | | | | | | | | | that we can use the krb5_get_error_message interface internally. * kdb5.h: Add release_errcode_string field to the interface. * db2_exp.c, ldap_exp.c: Initialize it. * ldap_misc.c: Use krb5_get/free_error_message for error message strings. * kdb_ldap.h: Declare krb5_ldap_release_errcode_string. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18565 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-09-061-111/+113
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18564 dc483132-0cff-0310-8789-dd5450dbe970
* comment formatting for 80 columnsKen Raeburn2006-09-061-88/+132
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18563 dc483132-0cff-0310-8789-dd5450dbe970
* (prof_get_integer_def, prof_get_string_def): New functions: check specifiedKen Raeburn2006-09-051-109/+100
| | | | | | | | | config section in the profile, then the default section, then fall back to passed default value (for integer only). Set error string on error. (krb5_ldap_read_server_params): Use them, instead of explicitly doubling each profile_get call. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18562 dc483132-0cff-0310-8789-dd5450dbe970
* windows ccache and keytab file paths without a prefix Jeffrey Altman2006-09-052-4/+4
| | | | | | | | | | | ktbase.c, ccbase.c: When a file path is specified without the prefix we must infer the use of the "FILE" prefix. However, we were setting the prefix including the colon separator when the separator should have been ignored. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18561 dc483132-0cff-0310-8789-dd5450dbe970
* Reject old OpenLDAP versions with bugs tickled by this code.Ken Raeburn2006-09-012-6/+21
| | | | | | | | | | | | | | | Clean up some warnings during the build. * ldap_misc.c (strptime) [NEED_STRPTIME_PROTO]: Declare, conditionally. (krb5_ldap_errcode_2_string): Return string, not error code, to fit with DAL interface spec. * kdb_ldap.h: Error out for OpenLDAP versions before 2.2.24. (LDAP_DEPRECATED): Define; openldap-2.3.27 defaults to undefined. (krb5_ldap_lib_init): Prototype. (krb5_get_policydn): Declare. (krb5_ldap_errcode_2_string): Fix return type. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18558 dc483132-0cff-0310-8789-dd5450dbe970
* (krb5_ldap_destroy_policy): krb5_ldap_delete_policy takes a mask arg, not ↵Ken Raeburn2006-08-311-1/+1
| | | | | | pointer-to git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18557 dc483132-0cff-0310-8789-dd5450dbe970
* Declare get_date() used from kadmin cli code.Ken Raeburn2006-08-312-9/+8
| | | | | | In calls, delete the second argument that get_date doesn't take. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18556 dc483132-0cff-0310-8789-dd5450dbe970
* Remove or conditionalize unused variablesKen Raeburn2006-08-311-11/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18555 dc483132-0cff-0310-8789-dd5450dbe970
* Patches from Will Fiveash to allow for configuration and building onKen Raeburn2006-08-314-11/+55
| | | | | | | Solaris. Tested (configured & built) on RHEL 4 and Solaris 10. One minor bugfix added. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18554 dc483132-0cff-0310-8789-dd5450dbe970
* * shlib.conf (*-*-linux*): Use LDFLAGS in LDCOMBINEKen Raeburn2006-08-301-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18553 dc483132-0cff-0310-8789-dd5450dbe970
* Some mechanical changes (mostly whitespace, like indentation levels)Ken Raeburn2006-08-307-3042/+2911
| | | | | | to match up better with MIT coding style. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18552 dc483132-0cff-0310-8789-dd5450dbe970
* Some mechanical changes (mainly whitespace) to match up better withKen Raeburn2006-08-2918-1988/+1911
| | | | | | MIT coding style. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18551 dc483132-0cff-0310-8789-dd5450dbe970
* Rename KRB5_KDB_PLUGIN_OP_NOTSUPP to KRB5_PLUGIN_OP_NOTSUPP and move to krb5 ↵Ken Raeburn2006-08-294-9/+9
| | | | | | table git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18550 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-08-291-5/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18549 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Savitha R:Ken Raeburn2006-08-2917-495/+204
| | | | | | | | | | | | | | | | | | | | | | ldap_util 1. Kdb5_ldap_util interface Removed supp enctypes, suppsalttypes from create realm and modify realm since they are currently not used 2. memset passwd strings to zero when not used any more 3. Using krb5_sname_to_principal in place of gethostbyname while creating the kadmin principal with hostname. libkdb_ldap 1. Added mandatory functions which were missing in the LDAP plug-in 2. Error handling changes - Setting the error message in the kerberos context when decryption of the service passwd fails or connection to the LDAP server fails during initialization. Additional changes: libkdb_ldap: Link against com_err library, to provide error_message(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18548 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-08-231-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18519 dc483132-0cff-0310-8789-dd5450dbe970
* Merge Todd's TCP changepw support, with a few fixupsKen Raeburn2006-08-237-336/+444
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * include/cm.h (state_strings, enum conn_states, struct incoming_krb5_message, struct conn_state): Moved here from lib/krb5/os/sendto_kdc.c. (stuct sendto_callback_info): New type. * lib/krb5/os/sendto_kdc.c (set_conn_state_msg_length): New function. (setup_connection): Deleted argument message_len_buf. Don't store message length; call set_conn_state_msg_length instead. (start_connection): New arguments callback_info and callback_buffer. Invoke callback function if any, and set message length on success. (maybe_send): New arguments callback_info and callback_buffer; pass them to start_connection. (krb5int_sendto): New arguments callback_info, remoteaddr, remoteaddrlen. If callback info is provided, allocate per-connection buffers, and pass them to maybe_send. On cleanup, invoke the cleanup callback function if any. (krb5_sendto_kdc): Update krb5int_sendto call. * include/k5-int.h (struct sendto_callback_info): Add forward declaration. (krb5int_sendto, struct _krb5int_access.sendto_udp): Update for new signature. * lib/krb5/os/send524 (krb5int_524_sendto_kdc): Update krb5int_sendto call. * lib/krb4/send_to_kdc.c (krb5int_send_to_kdc_addr): Update sendto_udp call. * lib/krb5/os/changepw.c (struct sendto_callback_context): New type. (krb5_locate_kpasswd): New argument useTcp, used to select socket type in krb5int_locate_server call. (kpasswd_sendto_msg_cleanup, kpasswd_sendto_msg_callback): New functions. (krb5_change_set_password): Call krb5int_sendto with callbacks, instead of managing the exchange here. On RESPONSE_TOO_BIG error, try again with TCP only. * lib/krb5/krb/chpw.c (krb5int_rd_chpw_rep): If length is wrong, check if a buggy server sent a KRB_ERROR. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18518 dc483132-0cff-0310-8789-dd5450dbe970
* Update auxiliary version number for NetIDMgrJeffrey Altman2006-08-232-4/+4
| | | | | | ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18499 dc483132-0cff-0310-8789-dd5450dbe970
* * install NetIDMgr plug-in sample as part of SDKJeffrey Altman2006-08-233-3/+59
| | | | | | | | * install netidmgr.exe (win2000 version) ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18498 dc483132-0cff-0310-8789-dd5450dbe970
* * newcredwnd.c - erase the password field on errorJeffrey Altman2006-08-231-1/+27
| | | | | | | | during new credential acquisition ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18497 dc483132-0cff-0310-8789-dd5450dbe970
* * Fix auto-registration of plug-in modules Jeffrey Altman2006-08-231-2/+17
| | | | | | | | if there is no plug-in list specified ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18496 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile - do not etag the Win2000 version of Jeffrey Altman2006-08-231-1/+2
| | | | | | | | the NetIDMgr.exe ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18495 dc483132-0cff-0310-8789-dd5450dbe970
* improvements to netidmgr dialogsJeffrey Altman2006-08-229-119/+197
| | | | | | | | | | | | | | | * ensure that buttons are disabled while actions are in process * allow plug-ins to specify italic text * fix some documentation * reformat langres.rc ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18494 dc483132-0cff-0310-8789-dd5450dbe970
* clean up mkrel patchlevel.h editing etcTom Yu2006-08-211-2/+3
| | | | | | | | | | | * src/util/mkrel: Be more careful editing KRB5_RELDATE. Delete '$ac_config_fragdir' autoconf droppings. ticket: new tags: pullup target_version: 1.5.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18475 dc483132-0cff-0310-8789-dd5450dbe970
* NetIDMgr Credential Provider Sample Code and DocumentationJeffrey Altman2006-08-1715-0/+2418
| | | | | | | | | | | | | | | This commit provides a template for a Network Identity Manager Credential Provider. It doesn't provide any real functionality but it does provide all of the functions that need to be specified and filled in as part of the process of producing a NetIdMgr plug-in. This code should be pulled up to 1.4.x for inclusion in the KFW 3.1 SDK as well as to 1.5.x. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18464 dc483132-0cff-0310-8789-dd5450dbe970
* cc_err_xlate: Updated error mappings to generate the same errors as ccapiv2.Alexandra Ellwood2006-08-161-8/+14
| | | | | | | | | | stdccv3_setup: Don't translate errors since cc_err_xlate isn't idempotent. krb5_stdccv3_resolve: Don't fail if we can't open the ccache. ticket: 3936 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18458 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb5_ldap_realm.c (kdb5_ldap_create): In assertion test of hardcoded charKen Raeburn2006-08-151-1/+1
| | | | | | array sizes, test against the size we actually need. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18449 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_default.c (krb5_def_store_mkey): If the file can't be opened, constructKen Raeburn2006-08-151-0/+3
| | | | | | an error message that includes the file's name. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18448 dc483132-0cff-0310-8789-dd5450dbe970
* Set datarootdir in each Makefile to make Autoconf 2.60 happierRuss Allbery2006-08-151-0/+1
| | | | | | | | | | Ticket: 3965 Component: krb5-build Version_Reported: 1.5 Tags: pullup Target_Version: 1.5.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18444 dc483132-0cff-0310-8789-dd5450dbe970
* * src/clients/ksu/main.c (sweep_up): Don't check return value ofTom Yu2006-08-151-2/+3
| | | | | | | | | krb5_seteuid(0), as it is not harmful for it to fail, and it will fail after setuid(target_user). Correct error message. ticket: 4137 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18438 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilitiesTom Yu2006-08-087-17/+51
| | | | | | | | | | | | | | | | | | | * src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive): * src/appl/bsd/v4rcp.c (main): * src/appl/bsd/krcp.c (main): * src/appl/bsd/krshd.c (doit): * src/appl/bsd/login.c (main): * src/clients/ksu/main.c (sweep_up): * src/lib/krb4/kuserok.c (kuserok): Check return values from setuid() and related functions to avoid privilege escalation vulnerabilities. Fixes MITKRB5-SA-2006-001. [CVE-2006-3083, VU#580124, CVE-2006-3084, VU#401660] ticket: new target_version: 1.5.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18420 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/gssapi/mechglue/mglueP.h: Add loopback field to opaqueTom Yu2006-08-0711-1/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | structs of gss_ctx_id_t, gss_name_t, gss_cred_id_t to catch some application programming errors. Add new macro GSSINT_CHK_LOOP() which returns non-zero if loopback field doesn't point to itself. * src/lib/gssapi/mechglue/g_accept_sec_context.c (gss_accept_sec_context): * src/lib/gssapi/mechglue/g_acquire_cred.c (gss_add_cred) (gss_acquire_cred): * src/lib/gssapi/mechglue/g_delete_sec_context.c (gss_delete_sec_context): * src/lib/gssapi/mechglue/g_glue.c (gssint_convert_name_to_union_name): * src/lib/gssapi/mechglue/g_imp_name.c (gss_import_name): * src/lib/gssapi/mechglue/g_imp_sec_context.c (gss_import_sec_context): * src/lib/gssapi/mechglue/g_init_sec_context.c (gss_init_sec_context): Set loopback pointers. * src/lib/gssapi/mechglue/g_delete_sec_context.c (gss_delete_sec_context): * src/lib/gssapi/mechglue/g_rel_cred.c (gss_release_cred): * src/lib/gssapi/mechglue/g_rel_name.c (gss_release_name): Call GSSINT_CHK_LOOP() to validate loopback pointer. ticket: 4063 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18417 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Michael Calmer to fix some uninitialized variablesTom Yu2006-08-025-1/+10
| | | | | | | | | | | | | | | | | | | | | | * src/appl/gssftp/ftpd/ftpd.c (auth_data): Initialize stat_maj, accept_maj, acquire_maj. * src/appl/telnet/libtelnet/kerberos5.c (kerberos5_send): Intialize rdata. * src/kdc/do_tgs_req.c (process_tgs_req): Initialize magic and tr_contents.magic. * src/lib/krb5/asn.1/krb5_decode.c (decode_krb5_safe_with_body): Initialize tmpbody.magic. * src/plugins/kdb/db2/libdb2/hash/dbm.c (kdb2_fetch) (kdb2_firstkey, kdb2_nextkey): Initialize dsize. ticket: 3904 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18404 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/gssapi/mechglue/g_initialize.c (gss_release_oid): CallTom Yu2006-08-011-0/+3
| | | | | | | | | gssint_initialize_library to ensure mutex is initialized. ticket: 4088 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18397 dc483132-0cff-0310-8789-dd5450dbe970
* Changed GSSAPI opaque types (gss_name_t, gss_cred_id_t, gss_ctx_id_t) fromAlexandra Ellwood2006-07-2513-42/+49
| | | | | | | | | | | | | | void* to pointers to opaque structs. This change removed some casts and introduced or changed a bunch of other casts to suppress warnings. krb5_gss_accept_sec_context(): Fixed a bug found by the above changes where krb5_gss_release_cred() was being called with the wrong argument 2 (gss_cred_id_t instead of gss_cred_id_t*). ticket: 4057 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18396 dc483132-0cff-0310-8789-dd5450dbe970
* gss_canonicalize_name(): Added parens to removeAlexandra Ellwood2006-07-251-4/+4
| | | | | | | | warning from if statement. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18395 dc483132-0cff-0310-8789-dd5450dbe970
* Removed unused Metrowerks compiler support.Alexandra Ellwood2006-07-251-4/+0
| | | | | | | | | (Since there's no universal binary support for CodeWarrior there's no point in having this here.) ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18394 dc483132-0cff-0310-8789-dd5450dbe970
* Switched from "#pragma options align" to "#pragma pack". Alexandra Ellwood2006-07-253-8/+8
| | | | | | | Removed Metrowerks "#pragma import" since other framework headers don't specify it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18392 dc483132-0cff-0310-8789-dd5450dbe970
* Windows - fix kfwlogon for Windows 2000Jeffrey Altman2006-07-252-31/+80
| | | | | | | | | | | | Windows 2000 does not support the ability to generate SIDs from symbolic names. Add more debugging and error condition checks. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18387 dc483132-0cff-0310-8789-dd5450dbe970
* commit again without using patch to apply the diffJeffrey Altman2006-07-245-55/+206
| | | | | | ticket: 4048 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18382 dc483132-0cff-0310-8789-dd5450dbe970
* undo previous commit due to EOL issuesJeffrey Altman2006-07-245-206/+55
| | | | | | ticket: 4048 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18381 dc483132-0cff-0310-8789-dd5450dbe970
* Switched from "#pragma options align" to "#pragma pack". Alexandra Ellwood2006-07-242-4/+4
| | | | | | | Removed Metrowerks "#pragma import" since other framework headers don't specify it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18380 dc483132-0cff-0310-8789-dd5450dbe970
* Windows Integrated Login Fixes for KFW 3.1Jeffrey Altman2006-07-245-55/+206
| | | | | | | | | | | | | | | | | | | | | | | | | KFW integrated login was failing when the user is not a power user or administrator. This was occurring because the temporary file ccache was being created in a directory the user could not read. While fixing this it was noticed that the ACLs on the ccache were too broad. Instead of applying a fix to the FILE: krb5_ccache implementation it was decided that simply applying a new set of ACLs (SYSTEM and "user" with no inheritance) to the file immediately after the krb5_cc_initialize() call would close the broadest security issues. The file is initially created in the SYSTEM %TEMP% directory with "SYSTEM" ACL only. Then it is moved to the user's %TEMP% directory with "SYSTEM" and "user" ACLs. Finally, after copying the credentials to the API: ccache, the file is deleted. ticket: new tags: pullup component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18379 dc483132-0cff-0310-8789-dd5450dbe970
* * aclocal.m4 (KRB5_LIB_AUX): Disallow --enable-profiled and --disable-sharedKen Raeburn2006-07-211-6/+15
| | | | | | | | options as well. Don't generate help messages for these options. ticket: 4036 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18352 dc483132-0cff-0310-8789-dd5450dbe970
* * ldap_service_stash.c (krb5_ldap_readpassword): Don't require strerror_r, fallKen Raeburn2006-07-211-0/+5
| | | | | | back to strerror if needed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18351 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 04:32:32 +0000