| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
spoofed preauth data. (Merely huge cpu time usage is probably still
possible.)
* aes_s2k.c (krb5int_aes_string_to_key): Return an error if the supplied
iteration count is really, really large.
ticket: 1418
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15349 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
* read_pwd.c (krb5_read_password): Always free temporary storage used for
verification version of password.
ticket: new
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15348 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Makefile.in: Use library build framework.
* configure.in: Add support for library build framework. Remove
old explicit checks for ranlib, etc.
ticket: new
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15341 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Back out requirement of autoconf-2.53, as MacOS X doesn't have it. To
compensate, place warning in util/reconf if autoconf-2.52 is
discovered.
ticket: new
status: open
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15339 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* kerberos.c (kerberos4_status): Always copy in username if
present. Patch from Nathan Neulinger to make "-a user" work.
* kerberos5.c (kerberos5_status): Always copy in username if
present. Patch from Nathan Neulinger to make "-a user" work.
ticket: 1362
tags: pullup
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15338 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
If a request contains no des-cbc-crc enctype bumt des-cbc-crc or
des-cbc-md5 existis in the database then an infinite loop is created.
Fix etype info handling to avoid this.
ticket: new
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15332 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
with krlogind.c.
ticket: 844
status: open
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15325 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
number only if a numeric service port was supplied.
ticket: 1392
status: open
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15324 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Don't install the in-tree libdb. This requires that libkdb,
etc. explicitly pull in the object files of the in-tree libdb if not
using the system libdb.
ticket: new
status: open
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15320 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(GET_HOST_BY_NAME) [_AIX]: New version for AIX version of gethostbyname_r.
(getaddrinfo) [NUMERIC_SERVICE_BROKEN]: Use "discard" as a dummy service name
instead of none at all. Don't check for unsigned value less than zero.
(getaddrinfo) [COPY_FIRST_CANONNAME]: Set any ai_canonname fields other than
the first one to null.
ticket: 1392
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15317 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
nothing has been put into the buffer yet.
ticket: 1397
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15314 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
ticket: 1397
status: open
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15312 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
cache is available, do not generate one.
ticket: 1400
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15311 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
configure scripts that NetBSD /bin/sh doesn't like.
ticket: 1384
status: open
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15310 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
looking for the mark, log out the last 10 lines of the kdc
logfile.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15309 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
Report port number in connection failure.
(setup_secondary_channel): Use socklen_t for socket address length.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15307 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
case we get NO_MATCHING_KEY later. This allows us to log a more
sane error if an incorrect password is used for encrypting the
enc-timestamp preauth.
ticket: 1324
status: open
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15306 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a few things broken by fix for MITKRB5-SA-2003-004, since kiniting
to a des3 TGT intentionally no longer works.
Remove code to set up kadmind srvtab, as it's not needed anymore.
ticket: new
status: open
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15303 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* xdr_mem.c (xdrmem_create): Perform some additional size checks.
(xdrmem_getlong, xdrmem_putlong, xdrmem_getbytes): Check x_handy
prior to decrementing it.
ticket: new
status: open
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15300 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
* keytab.c (krb5_ktkdb_get_entry): Do not perform the enctype
comparison if the requested enctype is a wildcard.
ticket: new
status: open
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15295 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
higher. When bind 9 is present, BIND_8_COMPAT needs to be defined to get bind 8 types
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15290 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
higher. When bind 9 is present, BIND_8_COMPAT needs to be defined to get bind 8 types
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15289 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15288 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15287 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reenable (-X) which prints a warning that you are creating a security
hole.
Remove support for generating krb4 tickets encrypted using 3DES
service keys as it is insecure. They are still accepted however.
The KDc is much more strict about accepting only tickets that it would
have issued in the current configuration. In particular if the KDC
would choose some enctype for writing a TGT, other enctypes will not
be accepted when using a TGT.
Ticket: 1385
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15286 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Our code does not currently support GSS_C_PROT_READY_FLAG so only
return that flag after context establishment. A potential future
addition is to support that flag and return GAP_TOKEN if the initiator
processes a message token before the final context token.
Ticket: 1352
Tags: pullup
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15280 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
followed by no unrecognized errors and then eof, report it as an unsupported
test.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15279 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
on make's command line if necessary. Still, only really useful
for building kerbsrc.zip, etc.
ticket: 1342
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15277 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
* cnv_tkt_skey.c (krb524_convert_tkt_skey): Extract source IP address in its
proper size, not as 'long'.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15275 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pointer variables for the returned data. Use the structure in the caller when
straightforward; in cases where macros use different but overlapping sets of
automatic scalar variables in one file, copy the values out of the structures
for now, until they can be analyzed more carefully.
* asn1_get.c (asn1_get_tag): Deleted.
(asn1_get_tag_2): Renamed from asn1_get_tag_indef, now uses a pointer to
taginfo rather than a bunch of pointer args.
(asn1_get_id, asn1_get_length): Folded into asn1_get_tag_2.
(asn1_get_sequence): Call asn1_get_tag_2.
* asn1_get.h (taginfo): New structure.
(asn1_get_tag_indef, asn1_get_tag, asn1_get_id, asn1_get_length): Declarations
deleted.
(asn1_get_tag_2): Declare.
* asn1_decode.c (setup): Declare only a taginfo variable.
(asn1class, construction, tagnum, length): New macros.
(tag): Call asn1_get_tag_2.
* asn1_k_decode.c (next_tag, get_eoc, apptag, end_sequence_of,
end_sequence_of_no_tagvars, asn1_decode_krb5_flags): Call asn1_get_tag_2; if no
error, copy out values into scalar variables.
(asn1_decode_ticket): Call asn1_get_tag_2.
* asn1buf.c (asn1buf_skiptail): Call asn1_get_tag_2.
* krb5_decode.c (check_apptag, next_tag, get_eoc): Call asn1_get_tag_2; if no
error, copy out values into scalar variables.
(decode_krb5_enc_kdc_rep_part): Call asn1_get_tag_2.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15274 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15272 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
otherwise define ANAME_SZ, INST_SZ and REALM_SZ.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15271 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
build, and hasn't broken the out-of-date case so far as I can tell, so far...
Added a bunch of comments describing the cases that need to be handled.
* Makefile.in ($(BUILDTOP)/include/gssapi/gssapi.h, generic/gssapi.h,
generic/gssapi_err_generic.h, krb5/gssapi_err_krb5.h): Comment out old rules
and dependencies; depend on all-recurse and supply a no-op rule.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15270 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15269 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
gss initializers
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15268 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
!USE_BUNDLE_ERROR_STRINGS so Darwin based builds get com_err style error tables
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15267 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
!USE_BUNDLE_ERROR_STRINGS so Darwin based builds get com_err style error tables
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15266 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
KADM5_CONFIG_ADMIN_KEYTAB.
(do_schpw): Use kdb keytab.
ticket: 1372
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15265 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
output of krb5_c_encrypt_length().
ticket: 1373
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15264 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15263 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15262 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
place
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15261 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15260 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
USE_CCAPI and not TARGET_OS_MAC so Darwin builds work. * init_os_ctx.c: Modified to use DEFAULT_SECURE_PROFILE_PATH and DEFAULT_PROFILE_PATH for KfM homedir-relative config files. * read_pwd.c: Cast to remove const warnings. * timeofday.c: Do the same thing on the Mac as on Unix
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15259 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
stuff on the Mac as on Unix. * preauth2.c: Added cast to fix warning
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15258 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15257 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
KerberosLoginPrivate.h
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15256 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
calls on USE_CCAPI so Darwin builds work
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15255 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
functions static. Removed unused CoreServices include. Changed TICKET_GRANTING_TICKET to new macro: KRB_TICKET_GRANTING_TICKET. * change_password.c: Added check of inputs to krb_change_password so we don't crash on bad inputs. Call des_string_to_key not mit_password_to_key on all platforms because we don't want to prompt for a password. * FSp-glue.c: Added prototypes for deprecated functions. Changed to use KfM's FSSpecToPOSIXPath which correctly handles FSSpecs where the file does not exist. * g_in_tkt.c: Added explanatory comments. Made TARGET_OS_MAC sections a little smaller and easier to read. * g_pw_in_tkt.c: Only prompt when we are not using the login library. This is so that Darwin builds do prompt but KfM builds don't. * g_svc_in_tkt.c, g_tkt_svc.c: Changed to use KRB_TICKET_GRANTING_TICKET. * kadm_net.c: Use autoconf variable krb5_sigtype instead of sigtype, which doesn't seem to be defined on Mac OS X. * krb4int.h, RealmsConfig-glue.c: Removed krb_get_stk(). * rd_req.c: Added #ifdef KRB4_USE_KEYTAB to avoid unused variable warning when KRB4_USE_KEYTAB is not defined. * sendauth.c: Fixed warnings with casts
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15254 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15253 dc483132-0cff-0310-8789-dd5450dbe970
|
