summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Make Sun cc error out on unknown attributesKen Raeburn2009-05-221-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22365 dc483132-0cff-0310-8789-dd5450dbe970
* Use correct type for krb5_c_prf_length length argKen Raeburn2009-05-221-8/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22364 dc483132-0cff-0310-8789-dd5450dbe970
* Use printf format attribute only with gccKen Raeburn2009-05-222-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22363 dc483132-0cff-0310-8789-dd5450dbe970
* make prompt string vars point to constKen Raeburn2009-05-221-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22362 dc483132-0cff-0310-8789-dd5450dbe970
* fix minor syntax errorKen Raeburn2009-05-221-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22361 dc483132-0cff-0310-8789-dd5450dbe970
* Remove spurious assertion in handle_authdataGreg Hudson2009-05-221-1/+0
| | | | | | | | | | | | | In handle_authdata in the KDC, remove a spurious assertion (added in r21566 on the mskrb-integ branch) that authdata starts out empty. authdata can be legitimately added by check_padata, which precedes handle_authdata, and this happens with pkinit. ticket: 6492 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22360 dc483132-0cff-0310-8789-dd5450dbe970
* Include regression test for krb-fx-cf2 for RC4 enctypeSam Hartman2009-05-203-0/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22359 dc483132-0cff-0310-8789-dd5450dbe970
* Add a comment to the r22168 change since it's not obvious why we'reGreg Hudson2009-05-201-0/+11
| | | | | | decrypting authdata that way. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22358 dc483132-0cff-0310-8789-dd5450dbe970
* Restore compatibility with KDCs using key usage 8 to encrypt TGSGreg Hudson2009-05-202-39/+74
| | | | | | | | | replies in a subkey, by implementing a fallback in krb5_arcfour_decrypt. ticket: 6490 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22357 dc483132-0cff-0310-8789-dd5450dbe970
* When using keyed checksum types with TGS subkeys, Microsoft AD 2003Greg Hudson2009-05-191-0/+2
| | | | | | | | | | | | | | | | verifies the checksum using the subkey, whereas MIT and Heimdal verify it using the TGS session key. (RFC 4120 is actually silent on which is correct; RFC 4757 specifies the TGS session key.) To sidestep this interop issue, don't use keyed checksum types with RC4 keys without explicit configuration in krb5.conf. Using keyed checksum types with AES is fine since, experimentally, AD 2008 accepts checksums keyed with the TGS session key. ticket: 6490 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22356 dc483132-0cff-0310-8789-dd5450dbe970
* In practice, key usage 9 requires no translationSam Hartman2009-05-181-1/+1
| | | | | | | ticket: 6490 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22355 dc483132-0cff-0310-8789-dd5450dbe970
* Copy the sequence key rather than the subkey for lucid contexts in RFCSam Hartman2009-05-181-1/+1
| | | | | | | | | | | 1964 mode, so that we map to raw des enctypes rather than say des-cbc-crc. ticket: 6488 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22354 dc483132-0cff-0310-8789-dd5450dbe970
* Document use of key fields in GSS contextSam Hartman2009-05-181-6/+11
| | | | | | | | The addition of etype negotiation has made the meanings of the various keys in the GSS-API context structure more complicated. Document them to aid in code understanding. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22353 dc483132-0cff-0310-8789-dd5450dbe970
* Add IOV_SHIM_EXERCISE_WRAP and IOV_SHIM_EXERCISE_UNWRAP conditionalsTom Yu2009-05-141-2/+5
| | | | | | | | | to allow finer-grained testing. ticket: 6487 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22352 dc483132-0cff-0310-8789-dd5450dbe970
* gss_krb5int_export_lucid_sec_context was erroneously copying the firstGreg Hudson2009-05-141-1/+1
| | | | | | | | | | | | sizeof(void *) bytes of the context into data_set, instead of the pointer to the context. ticket: 6488 status: open tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22351 dc483132-0cff-0310-8789-dd5450dbe970
* UCS2 support doesn't handle upper half of BMPGreg Hudson2009-05-143-40/+43
| | | | | | | | | | | | Make krb5_ucs2 an unsigned type. Eliminate the need for distinguished values for ucs2 and ucs4 characters by changing the API of the single- character conversion routines. ticket: 6489 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22350 dc483132-0cff-0310-8789-dd5450dbe970
* remove some old code for debugging the debugging codeKen Raeburn2009-05-141-7/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22349 dc483132-0cff-0310-8789-dd5450dbe970
* In util/support/utf8_conv.c, the SWAP16 macro is invoked with anTom Yu2009-05-131-6/+4
| | | | | | | | | | | | | | | | argument that has side effects. On platforms where SWAP16 can evaluate its argument twice (including platforms where utf8_conv.c creates a fallback definition for the SWAP16 macro), this can cause a read overrun by a factor of two. Rearrange the data flow to avoid calling SWAP16 with an argument that has side effects. ticket: 6486 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22348 dc483132-0cff-0310-8789-dd5450dbe970
* reduce character-class table entry size (40%) based on limited data ranges; ↵Ken Raeburn2009-05-111-4/+4
| | | | | | make table const git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22344 dc483132-0cff-0310-8789-dd5450dbe970
* In recvauth_common, convert a use of strcpy to strdupGreg Hudson2009-05-111-2/+2
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22343 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor rule_an_to_ln, creating a new helper function to handle theGreg Hudson2009-05-112-125/+104
| | | | | | | | selection string specifier. Eliminate two (safe) uses of sscanf in the process. Add a test case including literal text in the selection string specifier. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22326 dc483132-0cff-0310-8789-dd5450dbe970
* Try decrypting using session key if subkey fails in tgs rep handlingSam Hartman2009-05-074-10/+15
| | | | | | | | | | | | | | | | | | | | | | Heimdal at least up through 1.2 incorrectly encrypts the TGS response in the session key not the subkey when a subkey is supplied. See RFC 4120 page 35. Work around this by trying decryption using the session key after the subkey fails. * decode_kdc_rep.c: rename to krb5int_decode_tgs_rep; only used for TGS and now needs to take keyusage * gc_via_tkt: pass in session key and appropriate usage if subkey fails. Note that the dead code to process AS responses in decode_kdc_rep is not removed by this commit. That will be removed as FAST TGS client support is integrated post 1.7. ticket: 6484 Tags: pullup Target_Version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22325 dc483132-0cff-0310-8789-dd5450dbe970
* man1 in title header for man1 manpagesSam Hartman2009-05-074-4/+4
| | | | | | | | | | | | A previous ticket moved kadmin, kadmin.local, ktutil and k5srvutil man pages to man1 from man8. This updates the section within the man page. ticket: 6483 Target_Version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22324 dc483132-0cff-0310-8789-dd5450dbe970
* Allow more than 10 past keys to be stored by a policyGreg Hudson2009-05-073-75/+2
| | | | | | | | | | | Remove the arbitrary limit of 10 past keys in policies. We were not taking advantage of that limit in any other code. ticket: 6482 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22323 dc483132-0cff-0310-8789-dd5450dbe970
* After consultation with kenh, remove a comment and if statement whichGreg Hudson2009-05-071-7/+0
| | | | | | should no longer apply to the pa_sam_2 code, fixing a memory leak. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22322 dc483132-0cff-0310-8789-dd5450dbe970
* Fix yet another memory leak in pa_samGreg Hudson2009-05-061-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22321 dc483132-0cff-0310-8789-dd5450dbe970
* Fix multiple memory leaks in obtain_sam_padataGreg Hudson2009-05-061-23/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22320 dc483132-0cff-0310-8789-dd5450dbe970
* In pa_sam, use the correct function to free sam_challenge in theGreg Hudson2009-05-061-1/+1
| | | | | | | | success path. ticket: 6210 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22319 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in pa_sam_2 where an outer data structure wasn'tGreg Hudson2009-05-061-0/+1
| | | | | | freed after the contents are coopted. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22318 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in pa_samGreg Hudson2009-05-051-2/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22317 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in krb5_obtain_padataGreg Hudson2009-05-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22316 dc483132-0cff-0310-8789-dd5450dbe970
* In pa_sam_2, free sc2 in an error-handling case where it was leakedGreg Hudson2009-05-051-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22315 dc483132-0cff-0310-8789-dd5450dbe970
* In pa_sam_2, free scratch in a couple of error-handling blocks whereGreg Hudson2009-05-051-0/+2
| | | | | | | | it was live and not freed. The function should be reorganized to use a cleanup handler, but (I believe) is not covered by the test suite and should not undergo such major surgery until it is. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22314 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5int_rd_setpw_rep, if we get an error result, set ap_rep.lengthGreg Hudson2009-05-051-0/+1
| | | | | | to 0 so that it is initialized for a check later in the function. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22313 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unnecessary null checks in krb5_get_in_tkt_with_passwordGreg Hudson2009-05-051-4/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22312 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unnecessary null checks in krb5_get_in_tkt_with_keytabGreg Hudson2009-05-051-4/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22311 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_get_in_tkt, free the whole encoded request (since theGreg Hudson2009-05-051-1/+1
| | | | | | | | structure was allocated by encode_krb5_as_req), not just the contents. ticket: 6401 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22310 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a case in the krb5_rd_rep error handler (introduced in the lastGreg Hudson2009-05-051-2/+3
| | | | | | | commit) where scratch.data could be indirected through even if it wasn't allocated successfully. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22309 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify cleanup in obtain_sam_padata slightlyGreg Hudson2009-05-041-5/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22308 dc483132-0cff-0310-8789-dd5450dbe970
* Fix an error message memory leak in krb5_preauth_supply_preauth_dataGreg Hudson2009-05-041-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22307 dc483132-0cff-0310-8789-dd5450dbe970
* Fix some direct returns in krb5_get_cred_from_kdc_opt which would leakGreg Hudson2009-05-041-12/+25
| | | | | | memory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22306 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_rd_rep could leak memory through its output parameter on error.Greg Hudson2009-05-041-26/+34
| | | | | | | Adjust the flow control so that *repl is NULL on error and the memory allocated by decode_krb5_ap_rep_enc_part is freed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22305 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in krb5int_rd_chpw_rep in a block of code handlingGreg Hudson2009-05-021-4/+5
| | | | | | | | buggy MS KDC behavior. It's not entirely clear what should happen in the case where memory was leaked (error packet received containing e_data) so pick a conservative option. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22303 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak by reorganizing krb5_principal_internalize to useGreg Hudson2009-05-011-34/+34
| | | | | | | the recommended flow control for error handling. Also initialize the output parameter so that it is set in case of error. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22302 dc483132-0cff-0310-8789-dd5450dbe970
* Check return value of ftell() in krb5_ktfileint_find_slotGreg Hudson2009-05-011-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22301 dc483132-0cff-0310-8789-dd5450dbe970
* Move an error check to an earlier location in krb5_524_conv_principalGreg Hudson2009-05-011-2/+3
| | | | | | to fix a memory leak. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22300 dc483132-0cff-0310-8789-dd5450dbe970
* make dependSam Hartman2009-04-304-2/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22299 dc483132-0cff-0310-8789-dd5450dbe970
* Implement DES and 3DES PRF. Patch fromKAMADA Ken'ichiSam Hartman2009-04-307-12/+88
| | | | | | | | | | | | | Currently the DES and 3DES PRF output 16-byte results. This is consistent with RFC 3961, but we need to confirm it is consistent with Heimdal and WG decisions. See IETF 74 minutes for some discussion of the concern as it applies to AES and thus possibly all simplified profile enctypes. ticket: 5587 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22298 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_kt_resolve, ensure that the output parameter is set to NULL onGreg Hudson2009-04-301-5/+9
| | | | | | failure even if the underlying resolver doesn't do that properly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22297 dc483132-0cff-0310-8789-dd5450dbe970
* In ktfile_common_resolve, set the output pointer to NULL on error, andGreg Hudson2009-04-301-25/+29
| | | | | | | use a cleanup label instead of freeing the same resources in multiple error handling blocks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22296 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-12 17:23:45 +0000