summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/krb5/ChangeLog
Commit message (Collapse)AuthorAgeFilesLines
* Remove ChangeLog files from the source tree. From now on, theSam Hartman2006-04-111-2299/+0
| | | | | | | subversion commit log entry needs to include information that would have been in the changelog. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17893 dc483132-0cff-0310-8789-dd5450dbe970
* set DEFS empty in more placesKen Raeburn2006-04-041-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17838 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new recursive target "generated-files-mac", for producing theKen Raeburn2006-03-111-0/+4
| | | | | | | generated files that lxs wants to feed into the Mac build system. (First approximation, may want some fine tuning later.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17728 dc483132-0cff-0310-8789-dd5450dbe970
* 2006-03-07 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2006-03-071-0/+7
| | | | | | | | | | | | * acquire_cred.c: (acquire_init_cred) If the leash32.dll is not available, fallback to opening the default credential cache even when the desired_name is provided. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17704 dc483132-0cff-0310-8789-dd5450dbe970
* This commit ensures that all files in the library includeJeffrey Altman2005-11-151-0/+4
| | | | | | | | | | | k5-int.h before krb5.h is included either directly or indirectly. This is to allow Kerberos to use pre-processor symbols to choose configurations of C run time library headers without affecting third party applications. ticket: 3236 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17489 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (acquire_init_cred):Jeffrey Altman2005-10-311-0/+7
| | | | | | | | | | | | | | If a specific principal has been requested, attempt to acquire tickets and set the ccache name in the context to the ccache containing the tickets if obtained. (KFM/KFW) * ccdefault.c: (krb5int_cc_default) - add KFW support for multiple ccaches ticket: 3223 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17468 dc483132-0cff-0310-8789-dd5450dbe970
* gssapi_krb5.hin: Add missing GSS_DLLIMP modifiers to all exportedJeffrey Altman2005-10-201-0/+4
| | | | | | | | | | data objects exported from the gssapi32.lib so that the applications that link to it know that it is there. ticket: 3189 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17439 dc483132-0cff-0310-8789-dd5450dbe970
* fix memory leaks in krb5_gss_import_name() and krb5_gss_inquire_cred()Tom Yu2005-09-221-0/+7
| | | | | | | | | | | | | | | | * import_name.c (krb5_gss_import_name): Add missing free of tmp in an error case to fix a memory leak. * inq_cred.c (krb5_gss_inquire_cred): Memory leak fixes: call krb5_gss_release_cred() with address of cred, not cred; add missing call to krb5_gss_release_cred() in an error case. ticket: new target_version: 1.4.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17386 dc483132-0cff-0310-8789-dd5450dbe970
* minor_status not cleared sometimes (gsstest nits)Tom Yu2005-09-211-0/+4
| | | | | | | | | | | | | * duplicate_name.c (krb5_gss_duplicate_name): * export_name.c (krb5_gss_export_name): Fix gsstest nit by clearing minor_status if no errors. ticket: new target_version: 1.4.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17385 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_gss_inquire_cred can copy out uninitialized pointerTom Yu2005-09-211-0/+7
| | | | | | | | | | | | | | | * inq_cred.c (krb5_gss_inquire_cred): Initialize ret_name to NULL. Only call kg_save_name() if ret_name is actually non-NULL. Return GSS_C_NO_NAME for now if no principal name in the cred. Reported by Christoph Weizen. ticket: new version_reported: 1.4.2 target_version: 1.4.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17384 dc483132-0cff-0310-8789-dd5450dbe970
* consistently include stdio.h in lib/gssapi/krb5/import_name.cTom Yu2005-08-111-0/+6
| | | | | | | | | | | | * import_name.c: Include stdio.h regardless of presence of getpwuid_r(), to ensure definition of BUFSIZ. Reported by Vladimir Terziev. ticket: new target_version: 1.4.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17327 dc483132-0cff-0310-8789-dd5450dbe970
* Work around Makefile quoting problemsTom Yu2005-04-071-0/+5
| | | | | | | ticket: 2992 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17170 dc483132-0cff-0310-8789-dd5450dbe970
* * import_name.c (krb5_gss_import_name): Use k5_getpwuid_rKen Raeburn2005-03-261-0/+4
| | | | | | | ticket: 2982 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17159 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the calls to krb5_gss_release_cred to pass in the correct type.Jeffrey Altman2005-01-131-0/+6
| | | | | | | | | This fixes a mutex leak. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17023 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c (make_ap_req_v1): Free checksum dataTom Yu2004-08-281-0/+8
| | | | | | | | | allocated by make_gss_checksum() to avoid leak. * k5sealv3.c (gss_krb5int_unseal_token_v3): Free plain.data after checksum is verified, to avoid leak. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16696 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (krb5_gss_acquire_cred): Call gssint_initialize_library.Ken Raeburn2004-08-261-0/+6
| | | | | | Return correct error code on mutex initialization failure. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16687 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_ccache_name): Variable deleted.Ken Raeburn2004-07-301-0/+6
| | | | | | | (kg_sync_ccache_name, kg_get_ccache_name, kg_set_ccache_name): Get and set thread-specific values instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16632 dc483132-0cff-0310-8789-dd5450dbe970
* Add a mutex to the GSSAPI krb5 mechanism credential structure. Lock it whileKen Raeburn2004-07-291-0/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | frobbing the contents. Also added krb5_gss_validate_cred_1, which is like krb5_gss_validate_cred but for internal use. It lets the caller supply the krb5_context instead of creating yet another one locally, and leaves the new credential mutex locked on a successful return so that the caller doesn't have to reacquire it. More functions should be changed to use this internally, but it's a performance issue; I don't think it's a correctness or thread-safety issue. * gssapiP_krb5.h (struct _krb5_gss_cred_id_rec): Add a mutex. (krb5_gss_validate_cred_1): Declare. * accept_sec_context.c (rd_and_store_for_creds): Initialize mutex. * acquire_cred.c (krb5_gss_acquire_cred): Initialize mutex. * add_cred.c (krb5_gss_add_cred): Create the krb5 context earlier. Call krb5_gss_validate_cred_1. Make sure the mutex is locked. * copy_ccache.c (gss_krb5_copy_ccache): Lock the mutex in the source credential. * init_sec_context.c (get_credentials, new_connection): Check that the mutex is locked. (mutual_auth): Delete unused credential argument. (krb5_gss_init_sec_context): Lock the mutex. * inq_cred.c (krb5_gss_inquire_cred): Lock the mutex. * rel_cred.c (krb5_gss_release_cred): Destroy the mutex. * set_allowable_enctypes.c (gss_krb5_set_allowable_enctypes): Lock the mutex. * val_cred.c (krb5_gss_validate_cred_1): New function. (krb5_gss_validate_cred): Use it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16630 dc483132-0cff-0310-8789-dd5450dbe970
* * set_ccache.c (gss_krb5_ccache_name): Don't make a copy of the string returnedKen Raeburn2004-07-291-0/+4
| | | | | | | by kg_get_ccache_name. Simplify some calls using a temporary error code variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16629 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_get_ccache_name): Make the copy always, not justKen Raeburn2004-07-291-0/+2
| | | | | | in the local-context case. Check for errors in making the copy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16628 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_get_ccache_name): Make a copy of the default ccache name,Ken Raeburn2004-07-281-0/+5
| | | | | | because calling krb5_free_context will destroy it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16627 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of the global krb5 context used by the GSSAPI Kerberos mechanism. IKen Raeburn2004-07-151-0/+15
| | | | | | | | | | | | | | | | | | | | *think* I've gotten all the places where a ccache or keytab name that's been stored gets applied to whichever context needs it. * gssapi_krb5.c (kg_sync_ccache_name): Add context argument instead of calling kg_get_context. (kg_get_ccache_name): Use a locally created krb5 context instead of calling kg_get_context. (kg_get_context): Deleted. * acquire_cred.c (acquire_init_cred): Pass current context. (krb5_gss_acquire_cred): Use a locally created krb5 context instead of calling kg_get_context. * add_cred.c (krb5_gss_add_cred): Call kg_sync_ccache_name. * init_sec_context.c (krb5_gss_init_sec_context): Likewise. * gssapiP_krb5.h (kg_sync_ccache_name): Update prototype. (kg_get_context): Delete declaration. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16597 dc483132-0cff-0310-8789-dd5450dbe970
* * set_ccache.c (gss_krb5_ccache_name): Check thread-specific data for the savedKen Raeburn2004-07-141-0/+4
| | | | | | "old" name to free. Save the new old name in thread-specific data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16594 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapiP_krb5.h (gssint_krb5_keytab_lock): DeclareKen Raeburn2004-07-141-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16593 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c: Include gss_libinit.h.Ken Raeburn2004-07-141-0/+7
| | | | | | | | (gssint_krb5_keytab_lock): New mutex. (krb5_gss_register_acceptor_identity, acquire_accept_cred): Lock the mutex while manipulating krb5_gss_keytab. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16590 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (LOCALINCLUDES): Add $(srcdir)/.. to the listKen Raeburn2004-07-081-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16560 dc483132-0cff-0310-8789-dd5450dbe970
* * disp_status.c: Include gss_libinit.h.Ken Raeburn2004-07-071-0/+7
| | | | | | | | (init_et): Variable deleted. (krb5_gss_display_status): Don't use init_et; instead, call gssint_initialize_library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16558 dc483132-0cff-0310-8789-dd5450dbe970
* * import_name.c (krb5_gss_import_name) [HAVE_GETPWUID_R]: Use getpwuid_rKen Raeburn2004-07-071-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16548 dc483132-0cff-0310-8789-dd5450dbe970
* oops, forgot somethingTom Yu2004-06-171-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16479 dc483132-0cff-0310-8789-dd5450dbe970
* * ser_sctx.c (kg_ctx_size, kg_ctx_externalize): Adjust for newTom Yu2004-06-171-0/+5
| | | | | | field cred_rcache. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16477 dc483132-0cff-0310-8789-dd5450dbe970
* ok, let's try this again..Tom Yu2004-06-161-0/+13
| | | | | | | | | | | | | | | | | * accept_sec_context.c (krb5_gss_accept_sec_context): Only null out the auth_context's rcache if it was provided by acceptor creds; this prevents a leak. * delete_sec_context.c (krb5_gss_delete_sec_context): Only null out the auth_context's rcache if it was provided by acceptor creds; this prevents a leak. * gssapiP_krb5.h (krb5_gss_ctx_id_rec): Add cred_rcache to track whether acceptor creds provided an rcache. ticket: 2600 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16465 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c (krb5_gss_init_sec_context): Fix pointerTom Yu2004-06-141-0/+6
| | | | | | | assignment when retrieving k5_context from existing context_handle. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16440 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (gssapi_krb5.h): Add Windows version of generation ruleKen Raeburn2004-06-111-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16432 dc483132-0cff-0310-8789-dd5450dbe970
* Install gssapi_krb5.h from build dir not srcdirSam Hartman2004-06-101-0/+3
| | | | | | | ticket: 2587 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16428 dc483132-0cff-0310-8789-dd5450dbe970
* If channel bindings are supplied to server require them to be matchedSam Hartman2004-06-091-0/+7
| | | | | | | | | | | | | | | | | | Based on discussion on kerberos@mit.edu, the decision to allow null channel bindings from a client to match even when server channel bindings are supplied is flawed. This decision assumes that we cannot get server implementations to change even though we are able to deploy a new Kerberos implementation on the server. In practice the server implementations in question have actually changed and so the only part of revision 1.54 of accept_sec_context.c we actually need is the code to ignore channel bindings if null channel bindings are passed into the server. Thus the change to allow null channel bindings from the client to match against any channel bindings on the server is backed out. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16427 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from kwc@citi.umich.edu to supportSam Hartman2004-06-081-0/+10
| | | | | | | | | | | | gss_krb5_export_lucid_sec_context and other facilities for NFSv4 implementations. In order to apply this patch gss_krb5.h needs to be auto-generated so we can expose a 64-bit type for sequence numbers. Ticket: 2587 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16423 dc483132-0cff-0310-8789-dd5450dbe970
* Added support for library initialization and finalization, and verificationKen Raeburn2004-04-241-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | that the initializer completed successfully. Delay initialization on POSIX until the first "verification" call. Currently specific to a few platforms, but should still build on others without thread support enabled. Use it to finish creating (if necessary) and destroy mutexes, and free some other storage "permanently" allocated by libraries (currently, libkrb5 cache/keytab type registries only). Change initialization of static mutexes to a two-step operation, a static "partial" initializer and a "finish_init" routine called from a thread-safe environment like library initialization is assumed to be. POSIX will use the former, Windows will use the latter, and the debug support will check that *both* have been used. Added init/fini functions to com_err, profile, krb5, and gssapi libraries. (The profile library one may need to be removed later.) The existing ones, not thread-safe, are still around. Use weak symbol support if available to figure out if the pthread library has been linked in, and avoid calling certain routines if the C library stubs are known not to exist or work. Stub declarations for thread-specific data. Minor bugfixes, whitespace changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16268 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_get_ccache_name): Don't test err while it's still known toKen Raeburn2004-04-241-0/+7
| | | | | | | be 0. (kg_set_ccache_name): Likewise. Return after an error rather than continuing. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16267 dc483132-0cff-0310-8789-dd5450dbe970
* * k5unseal.c: gss_krb5int_unseal_token_v3() takes a pointer toJeffrey Altman2004-04-131-0/+8
| | | | | | | | | | | krb5_context * import_sec_context.c: krb5_gss_ser_init() contains a function pointer table. this table must use pointers to functions of type KRB5_CALLCONV. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16244 dc483132-0cff-0310-8789-dd5450dbe970
* * rel_cred.c (krb5_gss_release_cred): Create and destroy a local krb5 context.Ken Raeburn2004-03-211-0/+7
| | | | | | | * rel_name.c (krb5_gss_release_name): Likewise. * val_cred.c (krb5_gss_validate_cred): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16196 dc483132-0cff-0310-8789-dd5450dbe970
* log for export/import_name changes I accidentally checked in with another changeKen Raeburn2004-03-191-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16194 dc483132-0cff-0310-8789-dd5450dbe970
* acquire_cred.c: revert previous change, it breaks the test suiteKen Raeburn2004-03-191-3/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16192 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (krb5_gss_acquire_cred): Create and destroy a local krb5Ken Raeburn2004-03-191-0/+14
| | | | | | | | | | | | | | | context. * add_cred.c (krb5_gss_add_cred): Likewise. * compare_name.c (krb5_gss_compare_name): Likewise. * copy_ccache.c (gss_krb5_copy_ccache): Likewise. * disp_name.c (krb5_gss_display_name): Likewise. * duplicate_name.c (krb5_gss_duplicate_name): Likewise. * inq_cred.c (krb5_gss_inquire_cred): Likewise. * context_time.c (krb5_gss_context_time): Use the krb5 context in the GSS security context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16187 dc483132-0cff-0310-8789-dd5450dbe970
* * k5seal.c (kg_seal): Extract the krb5 context from the security contextKen Raeburn2004-03-151-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | instead of requiring it be passed in as an argument. * k5unseal.c (kg_unseal): Likewise. * gssapiP_krb5.h (kg_seal, kg_unseal): Declarations updated. * delete_sec_context.c, process_context_token.c, seal.c, sign.c, unseal.c, verify.c: Callers changed. * inq_context.c (krb5_gss_inquire_context): Use krb5 context contained in security context instead of calling kg_get_context. * wrap_size_limit.c (krb5_gss_wrap_size_limit): Likewise. * import_sec_context.c (krb5_gss_ser_init): New function. (krb5_gss_import_sec_context): Create a krb5 context locally to use for the import. * export_sec_context.c (krb5_gss_export_sec_context): Use the krb5 context in the security context. * gssapiP_krb5.h (krb5_gss_ser_init): Declare. * gssapi_krb5.c (kg_get_context): Don't call krb5 serialization initialization code here. * accept_sec_context.c (krb5_gss_accept_sec_context): Free the new krb5 context in an error case not caught before. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16171 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Add a krb5 context object.Ken Raeburn2004-03-151-0/+12
| | | | | | | | | | | | * init_sec_context.c (krb5_gss_init_sec_context): Create a new krb5 context, and store it in the security context if successful. If there's already a security context, use the krb5 context in it. * accept_sec_context.c (krb5_gss_accept_sec_context): Create a new krb5 context, and store it in the security context if successful. * delete_sec_context.c (krb5_gss_delete_sec_context): If the security context has a krb5 context, free it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16170 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Delete fields init_token andKen Raeburn2004-03-141-0/+8
| | | | | | | | | | testing_unknown_tokid. * init_sec_context.c (new_connection): Drop support (already inside "#if 0") for them. (krb5_gss_init_sec_context): Drop support for testing_unknown_tokid. (mutual_auth): Don't let major_status be used uninitialized. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16168 dc483132-0cff-0310-8789-dd5450dbe970
* Make the set type separate from the set-element (linked list node) typeKen Raeburn2004-03-141-0/+5
| | | | | | | | | | | | | | | | | * generic/gssapiP_generic.h (g_set): New struct type. (G_SET_INIT): New macro. * generic/util_validate.c (g_save, g_validate, g_delete): Change first argument to take a g_set * rather than void **; use the address of the void pointer from the structure. (g_save_name, g_save_cred_id, g_save_ctx_id, g_validate_name, g_validate_cred_id, g_validate_ctx_id, g_delete_name, g_delete_cred_id, g_delete_ctx_id): Updated first argument type. * genericgssapiP_generic.h: Declarations updated. * krb5/gssapi_krb5.c (kg_vdb): Change type to g_set and initialize. * krb5/gssapiP_krb5.h (kg_vdb): Declaration updated. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16166 dc483132-0cff-0310-8789-dd5450dbe970
* Missing prototype for gss_krb5int_unseal_token_v3Ezra Peisach2004-03-081-0/+4
| | | | | | | | | gssapiP_krb5.h: Add prototype for gss_krb5int_unseal_token_v3. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16159 dc483132-0cff-0310-8789-dd5450dbe970
* fix typoKen Raeburn2004-03-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16143 dc483132-0cff-0310-8789-dd5450dbe970
* don't get a krb5_context for the routines that don't need itKen Raeburn2004-03-031-0/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16142 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-08 19:55:24 +0000