| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Use a helper function add_policy_mods() in
krb5_ldap_create_password_policy() and krb5_ldap_put_password_policy()
to avoid duplicating code for each field.
|
| |
|
|
|
| |
r18750 refactored some policy fetching code into populate_policy(),
and left the old code in #if 0 blocks. Get rid of those blocks now.
|
| |
|
|
|
|
|
| |
Corrections to stuff noticed by kaduk:
* Eliminate a space before paren in a call to free().
* Use %lu for unsigned long in format strings.
* Simplify the tokens table definition.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add DEFCCNAME, DEFKTNAME, and DEFCKTNAME configure variables to
change the built-in ccache and keytab names.
* Add krb5-config options to display the built-in ccache and keytab
names.
* In the default build, use krb5-config to discover the system's
built-in ccache and keytab names and use them (if not overridden).
This can be controlled with the --with-krb5-config=PATH or
--without-krb5-config configure options.
* Make the built-in ccache name subject to parameter expansion.
ticket: 7221 (new)
|
| |
|
|
|
|
|
| |
Like default_keytab_name and default_client_keytab_name,
default_ccache_name is subject to parameter expansion.
ticket: 7220 (new)
|
| |
|
|
|
|
|
| |
Generalize the ccache collection tests in t_cccol.py to multiple kinds
of ccache tests, and rename it to avoid confusion with the lower-level
lib/krb5/ccache/t_cccol.py. Move a test from t_general.py into
t_ccache.py.
|
| |
|
|
|
|
|
|
| |
Eliminate the USE_CCAPI variant of get_from_os() which was only used
in KfM. Make get_from_os() allocate its result (wrapping the Windows
implementation so it can continue to use a fixed-size buffer).
Simplify krb5_cc_set_default_name() and krb5_cc_default_name(). Make
some minor style adjustments.
|
| |
|
|
|
|
|
| |
Make the default_keytab_name and default_client_keytab_name variables
subject to parameter expansion.
ticket: 7219 (new)
|
| |
|
|
|
|
|
|
| |
Add an adapted version of Heimdal's expand_path.c, defining
k5_expand_path_tokens() and k5_expand_path_tokens_extra(). These
functions allow template paths like %{TEMP}/krb5cc_%{uid} to be
resolved. Also add a test program to exercise the path expansion
code.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Add new APIs gss_acquire_cred_from, gss_add_cred_from, and
gss_store_cred_into, which take additional argments to specify the
location of the credential storage using a key-value map, where keys
are interpreted by the mechanisms.
ticket: 7217 (new)
|
| |
|
|
|
| |
In the end the internal one is called in all cases, but it seem
cleaner to use the internal one instead of relying on the redirection.
|
| |
|
|
| |
The code that used it is no longer in this file.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
In combination with -k, -i will cause kinit or klist to use the
default client keytab instead of the default acceptor keytab. This
gives an easy way to figure out what default client keytab name is in
use and to get credentials using it.
ticket: 7216 (new)
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7215 (new)
tags: pullup
|
| |
|
|
|
|
|
|
|
| |
Don't treat an error returned by krb5_parse_name as a cc-internal error.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7214 (new)
tags: pullup
|
| |
|
|
|
|
|
|
| |
cc_name needs to be freed in krb5_lcc_close().
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7213
|
| |
|
|
|
|
|
|
| |
Include ntstatus.h and define WIN32_NO_STATUS before including winnt.h
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7213
|
| |
|
|
|
|
|
|
|
| |
Also implement switch_to stub
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7213 (new)
tags: pullup
|
| |
|
|
|
|
|
|
|
| |
Also change parameter types to eliminate casts.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7212 (new)
tags: pullup
|
| |
|
|
|
|
|
|
| |
Easier to disable for testing.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7211 (new)
|
| |
|
|
|
|
|
|
|
|
|
| |
wshelper is clearly not intended to use unicode:
wprintf is used extensively and exclusively to write to char[] buffers and
fields in dns structs are used as explicitly ASCII text.
Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
ticket: 7210 (new)
tags: pullup
|
| |
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7209
|
| |
|
|
|
|
|
|
|
| |
USE_CCAPI_V3 provides cccol iteration support for ccapi.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7209 (new)
tags: pullup
|
| |
|
|
|
|
|
|
|
| |
For MSVC compatibility
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7208 (new)
tags: pullup
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7207 (new)
tags: pullup
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7206 (new)
tags: pullup
|
| |
|
|
|
|
|
|
|
| |
MSVC memory tracking tools do '#define free(p) _dbg_free(...)'.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7205 (new)
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kfw: add int16_t, uint16_t typedefs to win-mac.h
uint16_t is used in chpw.c
include stdlib.h, crtdbg.h in win-mac.h
Allows leak-tracking using built-in msvc tools on windows.
crtdbg.h needs to come _after_ stdlib.h, but _before_ checking for
strdup. Define DEBUG and CRTDBG_MAP_ALLOC for full tracking.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7204 (new)
tags: pullup
|
| |
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7203 (new)
tags: pullup
|
| |
|
|
|
| |
The most recent change could leak memory when trying to parse an
invalid principal because of a failure to use the cleanup handler.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The test suite for libdb2 uses /bin as a source of filenames and
contents for insertion into databases. Fedora 17 (and possibly other
OSes) have /bin symlinked to /usr/bin, which can vastly increase the
number of files found, exceeding some limits of the test databases.
Truncate this list of files at 100 to prevent this problem.
ticket: 7201 (new)
status: pullup
target_version: 1.10.3
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The dejagnu tests create some persistent acl files containing
hostname-derived principal names. These can get out of date if the
host has changed names since the last time the dejagnu tests were run,
causing failures (notably in iprop.exp). To avoid this problem,
change the dejagnu tests to always create new acl files for each test
run.
ticket: 7200 (new)
tags: pullup
target_version: 1.10.3
|
| |
|
|
|
| |
The KDC doesn't obviously call make_toolong_error(), but some code in
net-server.c (which is linked into the KDC) does. Document this fact.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Set the default credential cache name for all processes for the current
user. Currently implemented, for windows only, by setting
HKEY_CURRENT_USER\Software\MIT\Kerberos5:ccname to the specified
ccache name. This will not override the environment variable 'KRB5CCNAME'.
It will override HKEY_LOCAL_MACHINE and 'indirect' registry values.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7199 (new)
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
| |
krb5_stdccv3_switch_to() calls cc_ccache_set_default().
krb5_stdccv3_resolve() checks for NULL or empty residual and calls
cc_context_get_default_ccache_name() in those cases.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7198 (new)
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MSVC 2010 defines both Posix and WinSock error values so we can no longer
simply #define the Posix error values to be their WinSock counterpart.
This patch explicitly #includes <errno.h> in port-sockets.h and still
conditionally defines the Posix error values for compatibility with older
MSVC but also translates WinSock errors to Posix for MSVC 2010
compatibility.
The downside to this approach is that there are some Posix errors we
do not currently detect (e.g. EADDRINUSE) that are neither #defined nor
translated. If we use one of those in the future but fail to update
TranslateWSAGetLastError() we'll once again be in the situation that the
windows build will compile but fail to work, possibly only when some rare
error condition occurs.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7197 (new)
tags: pullup
|
| | |
|
| |
|
|
|
|
|
|
| |
If the directory for a DIR ccache doesn't exist yet, try to create it
(but not its parents) with mode 700. Exercise this in test scripts by
not pre-creating directories.
ticket: 7196 (new)
|
| |
|
|
|
|
|
|
|
| |
In gssint_import_internal_name, don't map the minor code from
mech->gss_duplicate_name if it returned successfully. Fixes an
"unexpected non-zero minor status" error reported by SAP's gsstest
when it invokes gss_canonicalize_name().
ticket: 7194 (new)
|
| |
|
|
|
|
| |
Commit f609e5caff410cc8f71db7d95b4da219541437db accidentally omitted
the check for extra realm separators, leading to an assertion error
when parsing x@y@z or similar. Restore the check.
|
