summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Use #pragma pop on the Mac to ensure that the krb5_gic_opt_extTom Yu2008-07-101-0/+8
| | | | | | | | | structure has the same layout as the public version. ticket: 6010 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20511 dc483132-0cff-0310-8789-dd5450dbe970
* CCacheServer crashes iterating over creds which have been destroyedAlexandra Ellwood2008-07-101-7/+4
| | | | | | | | | | | | ccs_list_release was trying to manually delete the iterators with a broken for loop which skipped iterators. Since the iterators were referenced by the client, when the client exited it would tell the iterators to release themselves. The orphaned itertors would attempt to remove themselves from their list (which had been released) resulting in a crash. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20510 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Apple to handle missing krb5.conf for zeroconfTom Yu2008-07-101-2/+5
| | | | | | | | situations. ticket: 5632 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20509 dc483132-0cff-0310-8789-dd5450dbe970
* Don't print spurious errors to debug logsAlexandra Ellwood2008-07-092-6/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20508 dc483132-0cff-0310-8789-dd5450dbe970
* Add macro so we don't print deprecated warnings while building KfMAlexandra Ellwood2008-07-092-3/+3
| | | | | | | | Macro is defined in Kerberos5Prefix.h ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20507 dc483132-0cff-0310-8789-dd5450dbe970
* Use autogenerated darwin.exports files for server frameworksAlexandra Ellwood2008-07-094-2/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20506 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use "ccache" in error string printed to userAlexandra Ellwood2008-07-091-1/+1
| | | | | | | | ccache is a confusing abbreviation of credentials cache ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20505 dc483132-0cff-0310-8789-dd5450dbe970
* Use -dead_strip when linking dynamic libraries on DarwinKen Raeburn2008-07-091-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20504 dc483132-0cff-0310-8789-dd5450dbe970
* add copyright to lib/crypto/enc_provider/aes.cTom Yu2008-07-091-0/+26
| | | | | | | | | | | | lib/crypto/enc_provider/aes.c was missing a copyright statement. Added. ticket: new tags: pullup component: krb5-libs target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20503 dc483132-0cff-0310-8789-dd5450dbe970
* Changes to krb5_kt_default_name changed the krb5 ABI. RevertedAlexandra Ellwood2008-07-082-2/+3
| | | | | | | | | API prototype change and added a temporary variable to avoid casting problems. ticket: 5432 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20502 dc483132-0cff-0310-8789-dd5450dbe970
* Add kerberos iconAlexandra Ellwood2008-07-081-0/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20501 dc483132-0cff-0310-8789-dd5450dbe970
* Add EnableTransactions launchd option to CCacheServerAlexandra Ellwood2008-07-071-0/+2
| | | | | | | | | This prevents the CCacheServer from being killed before it is done handling all the mach messages. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20500 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_gic_opte_copy should copy elements individuallyAlexandra Ellwood2008-07-071-2/+13
| | | | | | | | | | Since we are copying from one structure to another, copy elements. Using memcpy is fragile. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20499 dc483132-0cff-0310-8789-dd5450dbe970
* kdc does not compile with glibc 2.8 Ezra Peisach2008-07-061-2/+2
| | | | | | | | | | | | | | | | | | | On Fedora 9, glibc 2.8 is used. The kdc code conditionalizes IPV6_PKTINFO and HAVE_STRUCT_IN6_PKTINFO in a number of places = but misses two for the struct one. /usr/include/netinet/in.h conditionalizes struct in6_pktinfo on __USE_GNU - which I believe implies a gnu libc extension. People on the net have defined GNU_SOURCE for various things to compile, etc. I do note that /usr/include/linux/ipv6.h exists with the same definition. I believe that ipv6 support in the kdc will not work with these changes - but the tree compiles. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20498 dc483132-0cff-0310-8789-dd5450dbe970
* stop exporting a few symbols internal to aes implementationKen Raeburn2008-07-031-5/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20497 dc483132-0cff-0310-8789-dd5450dbe970
* Added type checking for 64-bit platformsAlexandra Ellwood2008-07-011-7/+10
| | | | | | ticket: 6001 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20495 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_error_message returns const char *Alexandra Ellwood2008-07-011-2/+2
| | | | | | | | Changed temporary variables to use const char * ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20494 dc483132-0cff-0310-8789-dd5450dbe970
* memcpy(NULL, ptr, 0) is invalid, so don't do itKen Raeburn2008-06-301-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20492 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2008-06-301-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20491 dc483132-0cff-0310-8789-dd5450dbe970
* Big endian stash file supportAlexandra Ellwood2008-06-271-2/+18
| | | | | | | | | | Added support for stash files with a consistent endianness (big endian) so that one can migrate a KDC from a machine with one endianess to a machine with the other endianess. Used by Kerberos for Macintosh. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20489 dc483132-0cff-0310-8789-dd5450dbe970
* Check for strdup failure. Fix a memory leak in one failure caseKen Raeburn2008-06-271-0/+32
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20488 dc483132-0cff-0310-8789-dd5450dbe970
* misc uninitialized-storage accessesKen Raeburn2008-06-273-3/+5
| | | | | | | | | Fix some miscellaneous uninitialized-storage uses, mainly in unlikely error paths. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20487 dc483132-0cff-0310-8789-dd5450dbe970
* fix ktutil listing with timestampKen Raeburn2008-06-271-1/+2
| | | | | | | | | | ktutil's "list -t" option is supposed to show the timestamp stored in the keytab file. Instead, it shows some random (uninitialized) value, interpreted as a timestamp. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20486 dc483132-0cff-0310-8789-dd5450dbe970
* use-after-free bugsKen Raeburn2008-06-274-6/+4
| | | | | | | | | | | Fix some bugs with storage being used immediately after being freed. None look like anything an attacker can really manipulate AFAICT. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20485 dc483132-0cff-0310-8789-dd5450dbe970
* When returning an error, don't also pass back an invalid pointerKen Raeburn2008-06-271-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20484 dc483132-0cff-0310-8789-dd5450dbe970
* call kg_delete_lucidctx_id before freeing, not afterKen Raeburn2008-06-271-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20483 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak, and possible freed-memory dereference, in an error (smallKen Raeburn2008-06-271-1/+1
| | | | | | | | allocation failure) path. ticket: 5997 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20482 dc483132-0cff-0310-8789-dd5450dbe970
* misc memory leaksKen Raeburn2008-06-2710-16/+39
| | | | | | | | | | | | Fix various memory leaks that show up mostly in error cases (e.g., failure to allocate one small object, and then we forget to free another one). ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20481 dc483132-0cff-0310-8789-dd5450dbe970
* fix free of automatic storageKen Raeburn2008-06-271-4/+4
| | | | | | | | | | | Fix a possible free of automatic storage that can happen on an (unlikely) encoding failure. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20480 dc483132-0cff-0310-8789-dd5450dbe970
* Don't do FD_SETSIZE check on Windows.Ken Raeburn2008-06-271-1/+3
| | | | | | | | | | | Also, for form's sake, use closesocket instead of close inside the check. Kevin or Jeff, could you please verify that the code works again? ticket: 5925 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20479 dc483132-0cff-0310-8789-dd5450dbe970
* Fix off-by-one error in range check on file descriptor numberKen Raeburn2008-06-271-1/+1
| | | | | | | ticket: new target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20478 dc483132-0cff-0310-8789-dd5450dbe970
* Fix possible null pointer deref, possible uninit ptr use, possibleKen Raeburn2008-06-271-6/+13
| | | | | | | | | leak in unlikely small-allocation failure case. ticket: new target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20477 dc483132-0cff-0310-8789-dd5450dbe970
* Apple PKINIT LKDC supportAlexandra Ellwood2008-06-263-21/+96
| | | | | | | ticket: 5968 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20476 dc483132-0cff-0310-8789-dd5450dbe970
* Rolled back patch because tickets 4495 and 5124 fix this bugAlexandra Ellwood2008-06-251-4/+1
| | | | | | | | in a different way. ticket: 5991 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20474 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_do_preauth_tryagain should check for NULL padataAlexandra Ellwood2008-06-251-1/+4
| | | | | | | | | | Fixed so krb5_do_preauth_tryagain no longer crashes on NULL padata but instead returns an error. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20473 dc483132-0cff-0310-8789-dd5450dbe970
* kadm5_setkey_principal_3 not copying key_data_ver and key_data_kvnoAlexandra Ellwood2008-06-251-0/+2
| | | | | | | | | Added lines to copy these fields. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20472 dc483132-0cff-0310-8789-dd5450dbe970
* Add new launchd flags to CCacheServer plist fileAlexandra Ellwood2008-06-251-0/+9
| | | | | | | | | | | | | | | | Added LimitLoadToSessionType "Background" to launch the CCacheServer once per user rather than only for GUI sessions. Added ThrottleInterval key to allow the CCacheServer to relaunch frequently. Set CFFIXED_USER_HOME environment variable to prevent the CCacheServer from accessing the user's home directory. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20471 dc483132-0cff-0310-8789-dd5450dbe970
* Bump minor version number. Update dependenciesKen Raeburn2008-06-251-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20470 dc483132-0cff-0310-8789-dd5450dbe970
* kdb library now depends on gssrpc; add it to link commandsKen Raeburn2008-06-251-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20469 dc483132-0cff-0310-8789-dd5450dbe970
* Pull in xdr_sizeof from tirpc2.3 (which has the same license as our current ↵Ken Raeburn2008-06-255-0/+171
| | | | | | rpc code) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20468 dc483132-0cff-0310-8789-dd5450dbe970
* Include kdb_log.h for missing prototypes. Declare conv_princ_2db &Ezra Peisach2008-06-241-2/+3
| | | | | | conv_princ_2ulog as static as they are not exported or used outside this file. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20466 dc483132-0cff-0310-8789-dd5450dbe970
* Merge from branch sun-ipropKen Raeburn2008-06-2448-188/+5843
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20465 dc483132-0cff-0310-8789-dd5450dbe970
* Suppress some glibc issues found on x86_64Ken Raeburn2008-06-201-0/+69
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20445 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unused fileKen Raeburn2008-06-201-86/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20434 dc483132-0cff-0310-8789-dd5450dbe970
* Remove test115 for 'bad client params', no longer appropriateKen Raeburn2008-06-191-104/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20429 dc483132-0cff-0310-8789-dd5450dbe970
* This patch is derived from a patch originally submitted to RTJeffrey Altman2008-06-182-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | by: Nik Conwell <nik@bu.edu> krb5_set_real_time() accepts as input the time of the KDC or an application server as a combination of seconds and microseconds. Often it is the case that the time source does not provide the real time with less than one second granularity. Up until this patch such a caller would fill in the microseconds parameter as zero. krb5_set_real_time() would treat the zero microseconds as the actual reported time and compute a microsecond based offset. During a one second window subsequent calls to krb5_set_real_time() would have an ever increasing offset size until the number of seconds is incremented. This in turn produces a side effect in which the microseconds value of the local clock is effectively erased. If there are multiple processes or threads on the same machine each requesting service tickets using the same client principal for the same service principal where the number of seconds reported by the KDC are equivalent, then they will now all create authenticators with exactly the same timestamp. As a result, the authenticating service will detect a replay attack even though the authenticators are actually unique. The replay cache only maintains a tuple of client, server and timestamp. This patch modifies the interpretation of the microseconds parameter. If -1 is specified, the microseconds offset is ignored. ticket: 5924 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20413 dc483132-0cff-0310-8789-dd5450dbe970
* Disable check for invalid client-side admin config parameters in theKen Raeburn2008-06-181-1/+5
| | | | | | | config file. Since KDC configuration parameters can now be put in krb5.conf, this doesn't make sense any more. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20411 dc483132-0cff-0310-8789-dd5450dbe970
* cci_credentials_iterator_release using wrong message IDAlexandra Ellwood2008-06-181-1/+1
| | | | | | ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20410 dc483132-0cff-0310-8789-dd5450dbe970
* Factor out repeated code for looking up string, port, or deltat config paramsKen Raeburn2008-06-111-150/+144
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20395 dc483132-0cff-0310-8789-dd5450dbe970
* Don't build spx.o, since we never enable SPXKen Raeburn2008-06-111-4/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20392 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-15 16:42:38 +0000