summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Update ccapi tests to work at new location in krb5 tree. Also, test for ↵Justin Anderson2007-09-259-12/+14
| | | | | | | | platform when compiling so that KfM and KfW can use this ticket: 5459 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19979 dc483132-0cff-0310-8789-dd5450dbe970
* Document use of KRB5_CCH_CCNAME for ccache name lengthJeffrey Altman2007-09-251-4/+4
| | | | | | ticket: 5772 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19978 dc483132-0cff-0310-8789-dd5450dbe970
* change all MAX_PATH ccname buffer lengths to KRB5_CCH_CCNAME and Jeffrey Altman2007-09-251-8/+8
| | | | | | | | document the use of KRB5_CCH_CCNAME. ticket: 5772 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19977 dc483132-0cff-0310-8789-dd5450dbe970
* NIM: BUG: KMM: miscellaneous fixesJeffrey Altman2007-09-253-13/+17
| | | | | | | | | | | | | | | | | | | kmm_reg.c: Allocate enough memory to hold the entire PluginList multi-string plus an extra NUL if the registry value was not properly terminated. kmm_registrar.c: Do not record an error loading a module if there was no configuration for it. kmmmain.c: Avoid a race condition by sending the thread quit message instead of posting it. Do so outside of the critical section to avoid a deadlock. ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19976 dc483132-0cff-0310-8789-dd5450dbe970
* NIM: BUG: KRB5: cleanup krb5funcsJeffrey Altman2007-09-251-2/+3
| | | | | | | | | | | | | | | | (1) remove an extraneous backslash from the generated FILE: ccache name. GetTempPath() always returns paths terminated with a backslash. (2) increase the max ccache name length to KRB5_CCH_CCNAME from MAX_PATH. These changes have dependencies on revisions 19891 and 19897. ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19975 dc483132-0cff-0310-8789-dd5450dbe970
* More consolidation of the computation of the default ccache nameJeffrey Altman2007-09-251-29/+2
| | | | | | ticket: 5691 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19974 dc483132-0cff-0310-8789-dd5450dbe970
* cc_ccache_set_principal always returns error 227Alexandra Ellwood2007-09-251-1/+1
| | | | | | | | | Was attempting to read the new name from the reply stream. ticket: new target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19973 dc483132-0cff-0310-8789-dd5450dbe970
* Set svn:eol-style on a bunch of text-looking files that didn't have itKen Raeburn2007-09-24115-11761/+11761
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19972 dc483132-0cff-0310-8789-dd5450dbe970
* we're not using changelog files any moreKen Raeburn2007-09-242-49/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19971 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the broken optimization from UnicodeToANSI() that attemptedJeffrey Altman2007-09-241-5/+3
| | | | | | | | | | | | | | | | | | | | | in a stupid way to avoid to WideCharToMultiByte() call by testing to see if the second byte (not wchar) was NUL. This test works for Latin1 but not for anything more interesting. Always call WideCharToMultiByte(). I commented out the use of WC_NO_BEST_FIT_CHARS in order to provide compatibility with Windows. Windows converts the user name without that option. With the current code a principal name consisting of a single component equivalent to the Greek character Sigma and a realm name will be converted to S@REALM exactly as the "WhoAmI" command does. If WC_NO_BEST_FIT_CHARS was specified, this string would be converted to "?@REALM". ticket: 5766 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19970 dc483132-0cff-0310-8789-dd5450dbe970
* MSLSA krb5_cc module fails to check success of UNICODE string conversionsJeffrey Altman2007-09-241-13/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The MSLSA krb5_cc module was written with an assumption that probably does not hold true anymore. It assumed that all Kerberos strings although stored in wide character data structures could in fact be represented in the application's ANSI code page and that such conversions would not fail. The UnicodeToANSI() function did not check the result of WideCharToMultiByte() for success. If the conversion failed, this could result in the caller believing the contents of the output string buffer were a valid string when instead they were simply stack garbage. The UnicodeStringToMITPrinc() and KerbExternalNameToMITPrinc() functions did not check the return value of krb5_parse_name() for success. If krb5_parse_name() was passed a pointer to garbage on the stack instead of an actual principal name, this could result in the caller believing the output krb5_principal * was valid when instead it was NULL. The function CacheInfoEx2ToMITCred() is dependent on the success or failure of UnicodeStringToMITPrinc() assumed it could not fail and did not return a success or failure indication to its caller. If Microsoft a formatted ticket contains a Unicode string that can not be represented in the application's ANSI code page, this could result in a NULL pointer dereference during a call to krb5_cc_resolve("MSLSA:") or krb5_cc_retrieve(), or krb5_cc_get_principal(). With the changes in this commit, tickets containing principal names that cannot be represented in the application's ANSI code page will be hidden from the application. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19969 dc483132-0cff-0310-8789-dd5450dbe970
* NIM: BUG: Restore Copyright removed in revision 19855Jeffrey Altman2007-09-241-0/+1
| | | | | | | | | Restore MIT Copyright removed in revision 19855. ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19968 dc483132-0cff-0310-8789-dd5450dbe970
* NIM: BUG: khm_krb5_initialize() failed to return error codeJeffrey Altman2007-09-241-4/+4
| | | | | | | | | | | | | | | | khm_krb5_initialize() is called in the krb5cred.dll and krb4cred.dll credential providers in order to ensure that the caller has references to a valid krb5_context and a valid krb5_ccache. If the krb5_cc_resolve() call failed, the error code was not being returned to the caller. Instead, success was returned which in turn would result in the caller believing the NULL krb5_ccache pointer was in fact valid. This fix resolves Microsoft's WER Event ID 432405961. ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19967 dc483132-0cff-0310-8789-dd5450dbe970
* Move the removal of the vc70.pdb and vc80.pdb files to the Jeffrey Altman2007-09-2213-23/+9
| | | | | | | | | global clean rule in config/Makefile.w32. No need to replicate them in each individual Makefile. ticket: 5756 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19966 dc483132-0cff-0310-8789-dd5450dbe970
* stdint.h should only be accessed if HAVE_STDINT_H definedJeffrey Altman2007-09-221-1/+3
| | | | | | | | | stdint.h does not exist on Windows. Conditionally include it based upon HAVE_STDINT_H ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19965 dc483132-0cff-0310-8789-dd5450dbe970
* NIM: APP: BUG: restore HideWatermark functionalityJeffrey Altman2007-09-211-1/+6
| | | | | | | | | | Restore the HideWatermark functionality that was accidently removed from ui/credwnd.c ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19964 dc483132-0cff-0310-8789-dd5450dbe970
* Removed extra newlineAlexandra Ellwood2007-09-211-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19963 dc483132-0cff-0310-8789-dd5450dbe970
* Ignore dependency lines beginning with '#' to deal with gccTom Yu2007-09-191-0/+1
| | | | | | | | | | -fworking-directory output during make depend. ticket: 5752 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19961 dc483132-0cff-0310-8789-dd5450dbe970
* Fixed bug where the lock list was getting corrupted when upgrading or Alexandra Ellwood2007-09-182-46/+87
| | | | | | | | | | downgrading a lock. Also fixed a bug where we were double-replying to the client when adding a lock that could be immediately granted. ticket: 4644 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19956 dc483132-0cff-0310-8789-dd5450dbe970
* Windows\Identity Makefile "clean" moreJeffrey Altman2007-09-1813-11/+46
| | | | | | | | | | make sure that we clean up vc70.pdb, vc80.pdb, and temporary files generated during the build process. ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19955 dc483132-0cff-0310-8789-dd5450dbe970
* use ccs_callback_release() to free ccs_callback_tAlexandra Ellwood2007-09-181-1/+1
| | | | | | | ticket: 4644 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19953 dc483132-0cff-0310-8789-dd5450dbe970
* Added sanity checking so we can't dereference NULL trying to call a callbackAlexandra Ellwood2007-09-181-2/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19952 dc483132-0cff-0310-8789-dd5450dbe970
* Added additional debugging error checkingAlexandra Ellwood2007-09-181-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19951 dc483132-0cff-0310-8789-dd5450dbe970
* cci_array_move should work when the source and dest positions are equalAlexandra Ellwood2007-09-181-1/+2
| | | | | | | | Fixed so it does nothing when moving an element to its own index. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19950 dc483132-0cff-0310-8789-dd5450dbe970
* Make config.status itself update the timestamp file associated withKen Raeburn2007-09-172-2/+2
| | | | | | | autoconf.h, so that we don't need a redundant invocation of config.status during the first build. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19937 dc483132-0cff-0310-8789-dd5450dbe970
* wix installer - permit administrative installsJeffrey Altman2007-09-141-32/+3
| | | | | | | | | remove the registration requirement for administrative installs. ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19936 dc483132-0cff-0310-8789-dd5450dbe970
* In the pkinit decoders, set up things properly so that asn1buf_sync()Tom Yu2007-09-131-3/+22
| | | | | | | | | behaves correctly and isn't acting on uninitialized variables. ticket: 5704 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19935 dc483132-0cff-0310-8789-dd5450dbe970
* Before the error-message tests, make sure the host principal exists,Ken Raeburn2007-09-111-3/+5
| | | | | | | so we get consistent errors. Expect the "keytab not found" error, rather than the "principal doesn't exist" error. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19931 dc483132-0cff-0310-8789-dd5450dbe970
* Fixed macro for cc_ccache_unlock and updated documentationAlexandra Ellwood2007-09-101-2/+2
| | | | | | ticket: 4644 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19930 dc483132-0cff-0310-8789-dd5450dbe970
* 64-bit Windows krb5int_cc_default calls to LeashJeffrey Altman2007-09-051-1/+6
| | | | | | | | AMD64 builds must load leashw64.dll not leashw32.dll ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19929 dc483132-0cff-0310-8789-dd5450dbe970
* Revise patch to avoid 32-byte overflow which remained after theTom Yu2007-09-051-2/+10
| | | | | | | | | | | initial patch. Memory written to by the IXDR macro calls had not been accounted for. Thanks to Kevin Coffman, Will Fiveash, and Nico Williams for discovering this bug and assisting with patch development. ticket: 5706 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19923 dc483132-0cff-0310-8789-dd5450dbe970
* MSI installer for 64-bit AMD64Jeffrey Altman2007-09-059-314/+687
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for building 64-bit AMD64 MSI install packages in addition to 32-bit i386 MSI install packages. Differences between 32-bit MSI and 64-bit MSI include: * no krb4 binaries and libraries * no kclient binaries and libraries * no krb524 binaries and libraries * no leash32.exe * new AMD64 UpgradeCode permits parallel installation with 32-bit MSI * support for Visual Studio 2005 (VS8, CL1400) merge modules Open Issues: * 32-bit MSI installs kfwlogon.dll on AMD64 systems * 32-bit and 64-bit NetIDMgr.exe as startup. Need to decide which should be executed by default. Only one can run at a time. * Need to make sure that src/windows/build properly configures the site-local.wxi file for Visual Studio 2005 and platform. ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19922 dc483132-0cff-0310-8789-dd5450dbe970
* 64-bit Windows gss.exe (gui version of gss-client.exe)Jeffrey Altman2007-09-052-3/+5
| | | | | | | | | | Now that krbcc64.lib exists we can build the gss.exe gss-api test client. ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19921 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_fcc_generate_new is non-functionalEzra Peisach2007-09-052-49/+104
| | | | | | | | | | | | | File locking was non-existant in this code and fccs chained list was not used at all. This resulted in an assertion failure when closing the cache. Code has been reorganized to parallel the code in krb5_fcc_resolve for easier maintenence. Commented out test in t_cc.c has been updated to actually test this code. ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19920 dc483132-0cff-0310-8789-dd5450dbe970
* Rework error-mapping code to preserve status code values when returnedKen Raeburn2007-09-055-84/+179
| | | | | | | | | | | | | | | by only one mechanism. Revert RPC code to relying on this. Build error-mapping code on a bidirectional map instead of a simple array. When a status code is returned but has been seen returned from a different mechanism already, generate a new number, starting at 100,000. Use gssrpcint_printf for some more debugging code. ticket: 5654 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19919 dc483132-0cff-0310-8789-dd5450dbe970
* Bidirectional map template codeKen Raeburn2007-09-041-0/+194
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19918 dc483132-0cff-0310-8789-dd5450dbe970
* Fix bug in clearing of new storageKen Raeburn2007-09-041-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19917 dc483132-0cff-0310-8789-dd5450dbe970
* Support using valgrind on test programsKen Raeburn2007-09-042-1/+44
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19916 dc483132-0cff-0310-8789-dd5450dbe970
* revert accidental commit of gc_frm_kdc.cTom Yu2007-09-041-181/+20
| | | | | | ticket: 5707 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19915 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-4000 modify_policy vulnerabilityTom Yu2007-09-042-22/+184
| | | | | | | | | | | In kadm5_modify_policy_internal, check for nonexistence of policy before doing anything with it, to avoid memory corruption. ticket: new target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19914 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-3999 svc_auth_gss.c buffer overflowTom Yu2007-09-041-1/+1
| | | | | | | | | | | | Make sure svcauth_gss_validate adequately checks oa->oa_length prior to copying into rpcbuf. ticket: new target_version: 1.6.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19913 dc483132-0cff-0310-8789-dd5450dbe970
* bump accessor version numberTom Yu2007-09-041-1/+1
| | | | | | ticket: 3334 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19911 dc483132-0cff-0310-8789-dd5450dbe970
* Bail out if encoded "ticket" doesn't decode correctly. This allowsTom Yu2007-09-041-1/+2
| | | | | | | | t_cc test case to pass and allows non-tickets to be stored (for now). ticket: 5697 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19910 dc483132-0cff-0310-8789-dd5450dbe970
* GSS-API Win64 support Jeffrey Altman2007-09-021-1/+6
| | | | | | | | The name of the Leash API DLL on Win64 is "leashw64.dll". ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19909 dc483132-0cff-0310-8789-dd5450dbe970
* Make internal functions staticKen Raeburn2007-08-311-38/+38
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19900 dc483132-0cff-0310-8789-dd5450dbe970
* Don't export file keytab implementation functionsKen Raeburn2007-08-311-20/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19899 dc483132-0cff-0310-8789-dd5450dbe970
* Make ccache handle referrals better by storing both server principalTom Yu2007-08-291-3/+40
| | | | | | | | | | | | names if they differ between the creds structure and the encoded ticket and by looking up the server principal using the client's realm if not found and server's realm was initially the referral (empty) realm. ticket: 5697 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19898 dc483132-0cff-0310-8789-dd5450dbe970
* NIM file ccache support improvementsJeffrey Altman2007-08-294-60/+163
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NIM supports the ability of the user to specify an explicit ccache name for use with an identity. If this ccache is a FILE ccache, we need to be able to store credentials into the ccache. krb5cred.dll did not previously specify the KRB5_TC_OPENCLOSE flag on the ccache when setting other flags such as KRB5_TC_NOTICKET (which is used with MSLSA ccaches). As a result, open/close mode was turned off, the ccache file would be opened in read-only mode and attempts to store credentials into the ccache would fail. This is fixed by specifying KRB5_TC_OPENCLOSE when setting the ccache flags. When a CCAPI implementation is unavailable, we need to automatically generate the FILE ccache name if one has not already been specified. We default to a file stored in the user's Local Settings\Temp directory. The generated ccache is then added to the file ccache watch list. Finally, some users have complained about the behavior of Microsoft Vista's UAC mode and how it makes the CCAPI cache useless for storing credentials that must be used in conjunction with processes that do not have restricted privileges since those processes run in a separate logon session. For these users we have added a "DefaultToFileCache" registry value that can be specified to force the use of FILE ccaches in preference to CCAPI ccaches when there is no explicit ccache specified for a given identity. Unlike CCAPI ccaches, the FILE ccaches are accessible from both restricted and unrestricted processes when UAC is active. ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19897 dc483132-0cff-0310-8789-dd5450dbe970
* NIM - a small readability changeJeffrey Altman2007-08-291-1/+1
| | | | | | | | | | Instead of testing for NOT the machine key, test for is the user key. ticket: new component: windows/identity/kconfig/api.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19896 dc483132-0cff-0310-8789-dd5450dbe970
* NIM: remove unused symbolsJeffrey Altman2007-08-291-2/+0
| | | | | | | | | | Remove unused preprocessor symbols automatically added by Visual Studio's dialog editor. ticket: new component: windows/identity/ui/resource.h git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19895 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-16 09:07:18 +0000