krb5.git/src/lib/kadm5/clnt, branch master MIT Kerberos patches Include autoconf.h before system headers 2014-07-08T23:19:24+00:00 Greg Hudson ghudson@mit.edu 2014-07-05T15:50:58+00:00 02a1123cf44381690c28f18ab2c4ba8036200539 Include autoconf.h (either directly or via proxy) before system headers, so that feature test macros defined there can affect the system namespace. Where include order was changed, eliminate some redundant or unnecessary includes. ticket: 7961 
Include autoconf.h (either directly or via proxy) before system
headers, so that feature test macros defined there can affect the
system namespace.  Where include order was changed, eliminate some
redundant or unnecessary includes.

ticket: 7961
Don't free cred handle used in kadm5 server handle 2014-03-27T15:42:11+00:00 Tomas Kuthan tkuthan@gmail.com 2014-03-26T16:04:30+00:00 b24c362f0589a6212f2f544263bdb76e0988c582 At the end of setup_gss(), gss_client_creds is released, but an alias to the credential handle is saved in kadm5_server_handle_t in handle->clnt->cl_auth->(struct rpc_gss_data *)ah_private->sec.cred. Accessing these credentials (by authgss_refresh) can result in use after free. This fix stores credential reference in server handle and releases the credentials in kadm5_destroy. [ghudson@mit.edu: initialize handle->cred to correct constant; get rid of gss_client_creds variable; clarify commit message slightly] ticket: 7891 (new) 
At the end of setup_gss(), gss_client_creds is released, but an alias
to the credential handle is saved in kadm5_server_handle_t in
handle->clnt->cl_auth->(struct rpc_gss_data *)ah_private->sec.cred.
Accessing these credentials (by authgss_refresh) can result in use
after free.

This fix stores credential reference in server handle and releases
the credentials in kadm5_destroy.

[ghudson@mit.edu: initialize handle->cred to correct constant; get rid
of gss_client_creds variable; clarify commit message slightly]

ticket: 7891 (new)
Fix uninitialized warning in client_init.c 2013-12-21T15:08:06+00:00 Greg Hudson ghudson@mit.edu 2013-12-21T15:08:06+00:00 815565f918f2c64c59561dbe37efc251ddb67c22 ticket: 7800 
ticket: 7800
Allow realm in kadm5_init service names 2013-12-21T05:06:22+00:00 Greg Hudson ghudson@mit.edu 2013-12-19T18:33:33+00:00 5341cfde2b3e607e294bb0d057dc3540172a8b1b Previously, if you passed a service name with a realm part to a kadm5_init function, you would get a KRB5_PARSE_MALFORMED error because the code would internally append its own '@realm' suffix before parsing the name. Fix this as follows: Change gic_iter so instead of producing a full service name, it produces a krb5_principal which is taken from the cred it acquires. Pass the client and full service name around as principals, rather than strings, and use the gss_nt_krb5_principal name type to import them in setup_gss(). Don't append a realm to the input service name; instead, pass the input service name directly to the gic functions (which do not need a realm in the service name and will ignore the realm if one is present). For the INIT_CREDS case, parse the input service name with KRB5_PRINCIPAL_PARSE_IGNORE_REALM and then set the realm. ticket: 7800 
Previously, if you passed a service name with a realm part to a
kadm5_init function, you would get a KRB5_PARSE_MALFORMED error
because the code would internally append its own '@realm' suffix
before parsing the name.  Fix this as follows:

Change gic_iter so instead of producing a full service name, it
produces a krb5_principal which is taken from the cred it acquires.
Pass the client and full service name around as principals, rather
than strings, and use the gss_nt_krb5_principal name type to import
them in setup_gss().  Don't append a realm to the input service name;
instead, pass the input service name directly to the gic functions
(which do not need a realm in the service name and will ignore the
realm if one is present).  For the INIT_CREDS case, parse the input
service name with KRB5_PRINCIPAL_PARSE_IGNORE_REALM and then set the
realm.

ticket: 7800
Simplify libkadm5 client realm initialization 2013-12-21T05:06:22+00:00 Greg Hudson ghudson@mit.edu 2013-12-19T17:22:47+00:00 33b06596be92f7d8458ac6b136f092e235dec834 The "realm" variable in init_any is used only to fill in the realm of the service principal in gic_iter(). The service principal realm should always be the realm we looked up config parameters for, so we can supply that realm to get_init_creds() unconditionally and eliminate the case where we use the client principal realm. Also get rid of an outdated comment and an #if 0 block we will never need again, and use SNPRINTF_OVERFLOW to check the snprintf result. 
The "realm" variable in init_any is used only to fill in the realm of
the service principal in gic_iter().  The service principal realm
should always be the realm we looked up config parameters for, so we
can supply that realm to get_init_creds() unconditionally and
eliminate the case where we use the client principal realm.

Also get rid of an outdated comment and an #if 0 block we will never
need again, and use SNPRINTF_OVERFLOW to check the snprintf result.
Fix various warnings 2013-06-07T19:19:37+00:00 Greg Hudson ghudson@mit.edu 2013-06-07T19:17:31+00:00 e51c089b745161dd6e1d64998e99d065fc22377e 






Reduce boilerplate in makefiles
2013-05-17T00:09:27+00:00

Greg Hudson
ghudson@mit.edu

2013-05-16T18:21:12+00:00

4b0985f8573840838bcfa8ec1df3dcd39a3dbf15

Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.





Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.







make depend
2013-03-24T05:30:33+00:00

Greg Hudson
ghudson@mit.edu

2013-03-24T05:30:33+00:00

24c8bacbccc854dc30fd6baee49cdd2bf2557e47












Get rid of krb5_read_realm_params
2013-01-16T16:38:55+00:00

Greg Hudson
ghudson@mit.edu

2013-01-16T16:38:55+00:00

1078f5bf8049ab95322e7daf37c06f94623cdb74

Read realm parameters directly from the profile in the KDC's
init_realm(), getting rid of the intermediate krb5_realm_params
structure.  Then get rid of krb5_realm_params and
krb5_read_realm_params, since nothing else uses it.





Read realm parameters directly from the profile in the KDC's
init_realm(), getting rid of the intermediate krb5_realm_params
structure.  Then get rid of krb5_realm_params and
krb5_read_realm_params, since nothing else uses it.







make depend
2013-01-10T17:46:26+00:00

Greg Hudson
ghudson@mit.edu

2013-01-10T17:46:26+00:00

2807e8e1e1dc89b3d482de7c73d13d19187fdb38

Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.





Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.