summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Implement s4u extensionsGreg Hudson2009-09-1371-576/+5306
| | | | | | | | | Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
* In the top-level configure.in, switch from dnl comments to # commentsGreg Hudson2009-09-111-180/+180
| | | | | | | as recommended by the autoconf documentation, for improved readability. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22735 dc483132-0cff-0310-8789-dd5450dbe970
* Fix parsing of GSS exported namesGreg Hudson2009-09-111-4/+18
| | | | | | | | | | Cherry-picked from Luke's authdata branch. ticket: 6559 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22732 dc483132-0cff-0310-8789-dd5450dbe970
* In ksetpwd (a program we don't yet install), don't display the newGreg Hudson2009-09-091-2/+0
| | | | | | | password to stderr. Cherry-picked from Luke's s4u branch since it's an unrelated change. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22719 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak in gss_krb5int_copy_ccacheGreg Hudson2009-09-091-1/+4
| | | | | | | | | | | gss_krb5int_copy_ccache was iterating over credentials in a ccache without freeing them. ticket: 6558 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22718 dc483132-0cff-0310-8789-dd5450dbe970
* Supply canonical name if present in LDAP iterationGreg Hudson2009-09-031-5/+6
| | | | | | | | | | | | | In the presence of aliases, LDAP iteration was supplying the first principal it found within the expected realm, which is not necessarily the same as the canonical name. If the entry has a canonical name field, use that in preference to any of the principal names. ticket: 6557 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22710 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj: OpemSSL crypto feed for ↵Zhanna Tsitkov2009-09-0325-12/+1371
| | | | | | | | hmac/md5/md4/sha1/rc4/des/des3(w/o iov) bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22709 dc483132-0cff-0310-8789-dd5450dbe970
* Supply LDAP service principal aliases to non-referrals clientsGreg Hudson2009-09-031-1/+25
| | | | | | | | | | | | In the LDAP back end, return aliases when the CLIENT_REFERRALS_ONLY flag isn't set (abusing that flag to recognize a client name lookup). Based on a patch from Luke Howard. ticket: 6556 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22708 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj: Move enc_provider into builtin dir. Adjust builtin ↵Zhanna Tsitkov2009-09-0221-168/+182
| | | | | | make system to handle new crypto implementations git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22707 dc483132-0cff-0310-8789-dd5450dbe970
* ldap master key migration test's input filesHaoQi Li2009-08-314-0/+60
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22692 dc483132-0cff-0310-8789-dd5450dbe970
* ldap master key migration stuffHaoQi Li2009-08-312-0/+974
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22691 dc483132-0cff-0310-8789-dd5450dbe970
* This time I actually added the filesHaoQi Li2009-08-315-0/+881
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22688 dc483132-0cff-0310-8789-dd5450dbe970
* use perror instead of error in kadm5 test suiteTom Yu2009-08-282-39/+39
| | | | | | | | | | | Use "perror" instead of "error" to ensure that framework error conditions actually cause "make check" to report failure. ticket: 6553 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22648 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up a little bit of test suite spew in env-setup: first, whenGreg Hudson2009-08-281-12/+6
| | | | | | | | using BSD options with ps, they should not be prefixed with a '-'; second, the Linux ps supports both BSD and System V options, so change the structure of the tests not to warn when both forms work. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22647 dc483132-0cff-0310-8789-dd5450dbe970
* Update a kadm5 testing library function which was callingGreg Hudson2009-08-281-1/+2
| | | | | | | | | | kadm5_get_principal without a mask argment. This was causing many lib/kadm5 tests to fail, but the failures weren't being recorded properly, so "make check" was still exiting successfully. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22646 dc483132-0cff-0310-8789-dd5450dbe970
* Remove bogus conditional from tcl_kadm5_randkey_principal(), which wasTom Yu2009-08-281-1/+1
| | | | | | | | | causing unparse_keyblocks() to get stack garbage as num_keys when num_var was "null", thus overrunning the end of the array. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22645 dc483132-0cff-0310-8789-dd5450dbe970
* Document kinit -C and -E optionsGreg Hudson2009-08-281-1/+9
| | | | | | | | | | | kinit -C (canonicalize name) and -E (enterprise principal name) weren't documented in the man page. ticket: 6552 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22644 dc483132-0cff-0310-8789-dd5450dbe970
* Disable the COPY_FIRST_CANONNAME workaround on Linux glibc 2.4 andGreg Hudson2009-08-281-5/+16
| | | | | | | | | | later, since it leaks memory on fixed glibc versions. We will still leak memory on glibc 2.3.4 through 2.3.6 (e.g. RHEL 4) but that's harder to detect. ticket: 6534 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22643 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak in spnego accept_sec_context error pathGreg Hudson2009-08-271-0/+7
| | | | | | | | | | | | | | | | | | | | If the underlying mechanism's accept_sec_context returns an error, the spnego accept_sec_context was leaving allocated data in *context_handle, which is incorrect for the first call according to RFC 2744. Fix this by mirroring some code from the spnego init_sec_context, which always cleans up the half-constructed context in case of error. This is allowed (though not encouraged) by RFC 2744 for second and subsequent calls; since we were already doing it in init_sec_context, it seems simpler to do that than keep track of whether this is a first call or not. ticket: 6551 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22636 dc483132-0cff-0310-8789-dd5450dbe970
* Rename db2 header files db.h and db-config.h in the source tree, soKen Raeburn2009-08-219-136/+92
| | | | | | | | | | | | | | | | | that there will always be only one version of each name in the include path (namely, the copy made in the build tree, or the generated db.h if not using the in-tree one). This should fix some minor problems with different dependency lists generated on different systems. Sort and uniquify dependency header names before doing substitutions, as well as after. Look for the db2 headers listed in sorted order. Don't copy db-ndbm.h into the build tree; let libdb2 find it from the source tree only. Update dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22572 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2009-08-213-21/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22571 dc483132-0cff-0310-8789-dd5450dbe970
* Use load_32_be processing length in TCP replyKen Raeburn2009-08-211-5/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22570 dc483132-0cff-0310-8789-dd5450dbe970
* Change "vague-errors" compile-time conditionals into run-timeKen Raeburn2009-08-213-18/+22
| | | | | | | | conditionals, based on a variable initialized based on the compile-time conditional (but probably eventually set from the config file or command line). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22569 dc483132-0cff-0310-8789-dd5450dbe970
* Use {load,store}_{16,32}_be for big-endian integersKen Raeburn2009-08-211-17/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22568 dc483132-0cff-0310-8789-dd5450dbe970
* Minor code cleanups in pkinit plugin, mostly around malloc/freeGreg Hudson2009-08-187-262/+166
| | | | | | invocations. No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22534 dc483132-0cff-0310-8789-dd5450dbe970
* Bump sonames of libkadm5 libraries, since r22527 changed their ABIsGreg Hudson2009-08-172-2/+2
| | | | | | ticket: 6547 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22528 dc483132-0cff-0310-8789-dd5450dbe970
* Modify kadm5 initializers to accept krb5 contextsGreg Hudson2009-08-1714-63/+75
| | | | | | | | | | Add krb5_context parameters to all kadm5 initialization functions. This allows extended error information to be retrieved by the caller when an error is returned. ticket: 6547 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22527 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unused variables resulting from r22521, and also remove theGreg Hudson2009-08-174-39/+0
| | | | | | | | unused file svr_misc_free.c. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22523 dc483132-0cff-0310-8789-dd5450dbe970
* Remove kadmin v1 API supportGreg Hudson2009-08-1379-13399/+382
| | | | | | | | | | | | | | | The kadmin v1 API and the even older ovsec_kadm_* API were legacy when kadmin was first incorporated in 1996, and compatibility with them is no longer believed to be necessary. The uninstalled kadmin/passwd has been removed (since it used the ovsec API). The test suite has been updated to use the v2 API where appropriate, and the parts specifically designed to test the old API have been excised. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22521 dc483132-0cff-0310-8789-dd5450dbe970
* Fix lib/crypto/krb/dk/Makefile.in mydir valueGreg Hudson2009-08-131-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22520 dc483132-0cff-0310-8789-dd5450dbe970
* Reply message ordering bug in ftpdGreg Hudson2009-08-121-3/+2
| | | | | | | | | | | | | | | user() was replying to the user command and then calling login(), which could send a continuation reply if it fails to chdir to the user's homedir. Continuation replies must come before the actual reply; the mis-ordering was causing ftp and ftpd to deadlock. To fix the bug, invoke login() before reply() so that the continuation reply comes first. ticket: 6543 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22519 dc483132-0cff-0310-8789-dd5450dbe970
* r22529@squish: raeburn | 2009-08-12 13:49:45 -0400Ken Raeburn2009-08-125-39/+99
| | | | | | | | | | | | | | | | | | | | | | . r22530@squish: raeburn | 2009-08-12 13:55:57 -0400 Change KRBCONF_KDC_MODIFIES_KDB to a mostly run-time option. Change all code conditionals to test a new global variable, the initial value of which is based on KRBCONF_KDC_MODIFIES_KDB. There is currently no way to alter the value from the command line; that will presumably be desired later. Change initialize_realms to store db_args in a global variable. In process_as_req, call db_open instead of the old set_name + init. Don't reopen if an error is reported by krb5_db_fini. Add a test of running kinit with an incorrect password, to trigger a kdb update if enabled. r22531@squish: raeburn | 2009-08-12 13:58:13 -0400 Fix trailing whitespace. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22518 dc483132-0cff-0310-8789-dd5450dbe970
* Correct the t_nfold build rules again. We don't have a simple way ofGreg Hudson2009-08-101-1/+4
| | | | | | | | plucking object files from other directories (we don't know for sure what extension to use), so build an nfold.o in this directory from the nfold.c in the ../krb source directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22517 dc483132-0cff-0310-8789-dd5450dbe970
* Check for null characters in pkinit cert fieldsGreg Hudson2009-08-101-0/+7
| | | | | | | | | | | When processing DNS names or MS UPNs in pkinit certs, disallow embedded null characters. ticket: 6542 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22516 dc483132-0cff-0310-8789-dd5450dbe970
* Narrow the contract of pkinit_client_profile by passing in the realmGreg Hudson2009-08-101-13/+14
| | | | | | instead of the whole request. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22515 dc483132-0cff-0310-8789-dd5450dbe970
* In pkinit_clnt.c, make private functions static. There and inGreg Hudson2009-08-102-118/+10
| | | | | | | | | pkinit_srv.c, only declare static functions when necessary for forward references (as is consistent with the other pkinit sources). Remove the empty functions pkinit_init_client_profile and pkinit_fini_client_profile. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22514 dc483132-0cff-0310-8789-dd5450dbe970
* Convert all uses of strtok() in libraries to strtok_r() for threadGreg Hudson2009-08-102-8/+9
| | | | | | safety. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22513 dc483132-0cff-0310-8789-dd5450dbe970
* Remove pkinit_identity_process_option, which wasn't doing anythingGreg Hudson2009-08-102-84/+19
| | | | | | | | besides picking a subsidiary function based on the (constant) input argument. Remove the associated constants from pkinit.h as well. No functional change. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22512 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the LDAP build, which was broken by the build reordering inGreg Hudson2009-08-072-4/+10
| | | | | | | | r22406. Build kdb5_util's getdate from the kadmin/cli getdate source, instead of borrowing the object file from the kadmin/cli build directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22501 dc483132-0cff-0310-8789-dd5450dbe970
* In crypto_tests: for t_nfold, link against an nfold object file in theGreg Hudson2009-08-031-3/+3
| | | | | | | | build directory, not the source directory. Remove the nfold object from the t_encrypt dependency list since we don't directly use it in the linking rule. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22489 dc483132-0cff-0310-8789-dd5450dbe970
* Be a little more verbose about errors from mit_des_key_sched(), andTom Yu2009-08-031-1/+2
| | | | | | remember to print newlines. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22488 dc483132-0cff-0310-8789-dd5450dbe970
* Fix deplibs for t_crcTom Yu2009-08-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22487 dc483132-0cff-0310-8789-dd5450dbe970
* Get "make depend" to work in an unbuilt source tree, since bad depsGreg Hudson2009-08-0312-5/+18
| | | | | | | | files can make it difficult to build the tree. To do this, make the depends target depend on generated header files and on header file copies or links into the main include directory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22486 dc483132-0cff-0310-8789-dd5450dbe970
* Re-run make depend. (I am not certain why the dependencies fromGreg Hudson2009-08-0317-697/+654
| | | | | | r22477 didn't work for me.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22482 dc483132-0cff-0310-8789-dd5450dbe970
* In the crypto-tests check target, refer to t_cf2.expected in theGreg Hudson2009-08-031-1/+1
| | | | | | source tree (where it lives) instead of the cwd. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22481 dc483132-0cff-0310-8789-dd5450dbe970
* In configure.in's list of Makefiles to generate, remove the trailingGreg Hudson2009-08-031-6/+6
| | | | | | | | slash from lib/crypto/krb as it breaks Makefile auto-regeneration. While here, wrap the list to fit within 80 columns and use tab indents to match the surrounding lines. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22480 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj: Separate files under crypto directory based on their ↵Zhanna Tsitkov2009-08-03245-1783/+1895
| | | | | | | | functionality. Move Kerberos specific files into krb subdir and MIT specific - into builtin subdir. Place all tests into crypto_tests subfolder. bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22477 dc483132-0cff-0310-8789-dd5450dbe970
* Fix of the test cleanup Zhanna Tsitkov2009-08-011-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22476 dc483132-0cff-0310-8789-dd5450dbe970
* Include <assert.h> in k5-platform.h, since we use assertions in someGreg Hudson2009-07-301-0/+1
| | | | | | | | | | | of the macros defined there, as well as in many source files which do not themselves include <assert.h>. Report and fix by Rainer Weikusat. ticket: 6533 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22475 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak in k5_pac_verify_server_checksumEzra Peisach2009-07-302-1/+5
| | | | | | | | | | k5_pac_verify_server_checksum was leaking memory when the checksum was valid. t_pac.c: Fix memory leak by forgetting to release memory. ticket: 6541 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22474 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-12 04:23:39 +0000