summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/krb5
Commit message (Collapse)AuthorAgeFilesLines
* Remove ChangeLog files from the source tree. From now on, theSam Hartman2006-04-111-2299/+0
| | | | | | | subversion commit log entry needs to include information that would have been in the changelog. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17893 dc483132-0cff-0310-8789-dd5450dbe970
* Remove .Sanitize and .rconf files, no longer usedKen Raeburn2006-04-111-74/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17888 dc483132-0cff-0310-8789-dd5450dbe970
* set DEFS empty in more placesKen Raeburn2006-04-042-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17838 dc483132-0cff-0310-8789-dd5450dbe970
* make depend, now with dependency sortingKen Raeburn2006-03-311-386/+391
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17811 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-03-271-180/+210
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17786 dc483132-0cff-0310-8789-dd5450dbe970
* Instead of arbitrary division of headers into include and include/krb5, withKen Raeburn2006-03-111-102/+102
| | | | | | | | | | | | include directives sometimes using krb5/foo.h and sometimes using foo.h, and -I options always given for both directories in both source and build trees, push include/krb5/* up a level and drop the krb5 directory (except, for the moment, the change log). Updated #include directives, -I options, and dependencies accordingly, and deleted one or two bits of old, unused code that was noticed in the process. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17730 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new recursive target "generated-files-mac", for producing theKen Raeburn2006-03-112-0/+6
| | | | | | | generated files that lxs wants to feed into the Mac build system. (First approximation, may want some fine tuning later.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17728 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-03-081-44/+88
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17708 dc483132-0cff-0310-8789-dd5450dbe970
* 2006-03-07 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2006-03-072-0/+14
| | | | | | | | | | | | * acquire_cred.c: (acquire_init_cred) If the leash32.dll is not available, fallback to opening the default credential cache even when the desired_name is provided. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17704 dc483132-0cff-0310-8789-dd5450dbe970
* make dependTom Yu2005-11-291-243/+294
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17505 dc483132-0cff-0310-8789-dd5450dbe970
* This commit ensures that all files in the library includeJeffrey Altman2005-11-152-1/+5
| | | | | | | | | | | k5-int.h before krb5.h is included either directly or indirectly. This is to allow Kerberos to use pre-processor symbols to choose configurations of C run time library headers without affecting third party applications. ticket: 3236 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17489 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (acquire_init_cred):Jeffrey Altman2005-10-312-12/+44
| | | | | | | | | | | | | | If a specific principal has been requested, attempt to acquire tickets and set the ccache name in the context to the ccache containing the tickets if obtained. (KFM/KFW) * ccdefault.c: (krb5int_cc_default) - add KFW support for multiple ccaches ticket: 3223 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17468 dc483132-0cff-0310-8789-dd5450dbe970
* When passed GSS_C_INITIATE and a non-NULL desired name, gss_acquire_cred Alexandra Ellwood2005-10-271-0/+36
| | | | | | | | | | | | should search the available credentials caches rather than simply failing if tickets for the desired client principal are not in the default ccache. (this is the KfM-specific portion of the patch -- still need KfW portion) ticket: 3223 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17466 dc483132-0cff-0310-8789-dd5450dbe970
* gssapi_krb5.hin: Add missing GSS_DLLIMP modifiers to all exportedJeffrey Altman2005-10-202-8/+12
| | | | | | | | | | data objects exported from the gssapi32.lib so that the applications that link to it know that it is there. ticket: 3189 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17439 dc483132-0cff-0310-8789-dd5450dbe970
* fix memory leaks in krb5_gss_import_name() and krb5_gss_inquire_cred()Tom Yu2005-09-223-2/+13
| | | | | | | | | | | | | | | | * import_name.c (krb5_gss_import_name): Add missing free of tmp in an error case to fix a memory leak. * inq_cred.c (krb5_gss_inquire_cred): Memory leak fixes: call krb5_gss_release_cred() with address of cred, not cred; add missing call to krb5_gss_release_cred() in an error case. ticket: new target_version: 1.4.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17386 dc483132-0cff-0310-8789-dd5450dbe970
* minor_status not cleared sometimes (gsstest nits)Tom Yu2005-09-213-4/+18
| | | | | | | | | | | | | * duplicate_name.c (krb5_gss_duplicate_name): * export_name.c (krb5_gss_export_name): Fix gsstest nit by clearing minor_status if no errors. ticket: new target_version: 1.4.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17385 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_gss_inquire_cred can copy out uninitialized pointerTom Yu2005-09-212-3/+15
| | | | | | | | | | | | | | | * inq_cred.c (krb5_gss_inquire_cred): Initialize ret_name to NULL. Only call kg_save_name() if ret_name is actually non-NULL. Return GSS_C_NO_NAME for now if no principal name in the cred. Reported by Christoph Weizen. ticket: new version_reported: 1.4.2 target_version: 1.4.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17384 dc483132-0cff-0310-8789-dd5450dbe970
* Delete .cvsignore files; contents have already been Sam Hartman2005-08-241-3/+0
| | | | | | set on svn:ignore properties. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17353 dc483132-0cff-0310-8789-dd5450dbe970
* consistently include stdio.h in lib/gssapi/krb5/import_name.cTom Yu2005-08-112-2/+6
| | | | | | | | | | | | * import_name.c: Include stdio.h regardless of presence of getpwuid_r(), to ensure definition of BUFSIZ. Reported by Vladimir Terziev. ticket: new target_version: 1.4.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17327 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2005-06-211-75/+99
| | | | | | | | | N.B.: The version of gcc used this time ("gcc version 3.4.3 20041212 (Red Hat 3.4.3-9.EL4)") seems to emit some duplicate dependencies -- some header files get listed twice. This is annoying but shouldn't cause any harm.... git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17256 dc483132-0cff-0310-8789-dd5450dbe970
* Work around Makefile quoting problemsTom Yu2005-04-072-1/+6
| | | | | | | ticket: 2992 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17170 dc483132-0cff-0310-8789-dd5450dbe970
* * import_name.c (krb5_gss_import_name): Use k5_getpwuid_rKen Raeburn2005-03-262-14/+6
| | | | | | | ticket: 2982 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17159 dc483132-0cff-0310-8789-dd5450dbe970
* correction to previous commit. do not call krb5_gss_release_cred()Jeffrey Altman2005-01-131-11/+46
| | | | | | | | | if the cred was not acquired. destroy each field of the cred one piece at a time based upon what was allocated. ticket: 2875 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17025 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the calls to krb5_gss_release_cred to pass in the correct type.Jeffrey Altman2005-01-133-41/+19
| | | | | | | | | This fixes a mutex leak. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17023 dc483132-0cff-0310-8789-dd5450dbe970
* run "make depend"Ken Raeburn2004-12-301-140/+175
| | | | | | | | In most library directories, this just affects where the line breaks are. In most other directories, it's just dropping a trailing blank line. One or two files really do have updated dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16987 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c (make_ap_req_v1): Free checksum dataTom Yu2004-08-283-4/+14
| | | | | | | | | allocated by make_gss_checksum() to avoid leak. * k5sealv3.c (gss_krb5int_unseal_token_v3): Free plain.data after checksum is verified, to avoid leak. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16696 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (krb5_gss_acquire_cred): Call gssint_initialize_library.Ken Raeburn2004-08-262-1/+13
| | | | | | Return correct error code on mutex initialization failure. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16687 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_ccache_name): Variable deleted.Ken Raeburn2004-07-302-3/+23
| | | | | | | (kg_sync_ccache_name, kg_get_ccache_name, kg_set_ccache_name): Get and set thread-specific values instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16632 dc483132-0cff-0310-8789-dd5450dbe970
* Add a mutex to the GSSAPI krb5 mechanism credential structure. Lock it whileKen Raeburn2004-07-2911-30/+146
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | frobbing the contents. Also added krb5_gss_validate_cred_1, which is like krb5_gss_validate_cred but for internal use. It lets the caller supply the krb5_context instead of creating yet another one locally, and leaves the new credential mutex locked on a successful return so that the caller doesn't have to reacquire it. More functions should be changed to use this internally, but it's a performance issue; I don't think it's a correctness or thread-safety issue. * gssapiP_krb5.h (struct _krb5_gss_cred_id_rec): Add a mutex. (krb5_gss_validate_cred_1): Declare. * accept_sec_context.c (rd_and_store_for_creds): Initialize mutex. * acquire_cred.c (krb5_gss_acquire_cred): Initialize mutex. * add_cred.c (krb5_gss_add_cred): Create the krb5 context earlier. Call krb5_gss_validate_cred_1. Make sure the mutex is locked. * copy_ccache.c (gss_krb5_copy_ccache): Lock the mutex in the source credential. * init_sec_context.c (get_credentials, new_connection): Check that the mutex is locked. (mutual_auth): Delete unused credential argument. (krb5_gss_init_sec_context): Lock the mutex. * inq_cred.c (krb5_gss_inquire_cred): Lock the mutex. * rel_cred.c (krb5_gss_release_cred): Destroy the mutex. * set_allowable_enctypes.c (gss_krb5_set_allowable_enctypes): Lock the mutex. * val_cred.c (krb5_gss_validate_cred_1): New function. (krb5_gss_validate_cred): Use it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16630 dc483132-0cff-0310-8789-dd5450dbe970
* * set_ccache.c (gss_krb5_ccache_name): Don't make a copy of the string returnedKen Raeburn2004-07-292-29/+13
| | | | | | | by kg_get_ccache_name. Simplify some calls using a temporary error code variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16629 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_get_ccache_name): Make the copy always, not justKen Raeburn2004-07-292-16/+22
| | | | | | in the local-context case. Check for errors in making the copy. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16628 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapi_krb5.c (kg_get_ccache_name): Make a copy of the default ccache name,Ken Raeburn2004-07-282-1/+8
| | | | | | because calling krb5_free_context will destroy it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16627 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2004-07-161-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16611 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of the global krb5 context used by the GSSAPI Kerberos mechanism. IKen Raeburn2004-07-156-48/+49
| | | | | | | | | | | | | | | | | | | | *think* I've gotten all the places where a ccache or keytab name that's been stored gets applied to whichever context needs it. * gssapi_krb5.c (kg_sync_ccache_name): Add context argument instead of calling kg_get_context. (kg_get_ccache_name): Use a locally created krb5 context instead of calling kg_get_context. (kg_get_context): Deleted. * acquire_cred.c (acquire_init_cred): Pass current context. (krb5_gss_acquire_cred): Use a locally created krb5 context instead of calling kg_get_context. * add_cred.c (krb5_gss_add_cred): Call kg_sync_ccache_name. * init_sec_context.c (krb5_gss_init_sec_context): Likewise. * gssapiP_krb5.h (kg_sync_ccache_name): Update prototype. (kg_get_context): Delete declaration. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16597 dc483132-0cff-0310-8789-dd5450dbe970
* * set_ccache.c (gss_krb5_ccache_name): Check thread-specific data for the savedKen Raeburn2004-07-142-5/+30
| | | | | | "old" name to free. Save the new old name in thread-specific data. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16594 dc483132-0cff-0310-8789-dd5450dbe970
* * gssapiP_krb5.h (gssint_krb5_keytab_lock): DeclareKen Raeburn2004-07-142-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16593 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c: Include gss_libinit.h.Ken Raeburn2004-07-142-8/+43
| | | | | | | | (gssint_krb5_keytab_lock): New mutex. (krb5_gss_register_acceptor_identity, acquire_accept_cred): Lock the mutex while manipulating krb5_gss_keytab. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16590 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (LOCALINCLUDES): Add $(srcdir)/.. to the listKen Raeburn2004-07-082-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16560 dc483132-0cff-0310-8789-dd5450dbe970
* * disp_status.c: Include gss_libinit.h.Ken Raeburn2004-07-072-8/+9
| | | | | | | | (init_et): Variable deleted. (krb5_gss_display_status): Don't use init_et; instead, call gssint_initialize_library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16558 dc483132-0cff-0310-8789-dd5450dbe970
* * import_name.c (krb5_gss_import_name) [HAVE_GETPWUID_R]: Use getpwuid_rKen Raeburn2004-07-072-5/+32
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16548 dc483132-0cff-0310-8789-dd5450dbe970
* ignore generated file gssapi_krb5.hKen Raeburn2004-06-191-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16496 dc483132-0cff-0310-8789-dd5450dbe970
* oops, forgot somethingTom Yu2004-06-172-3/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16479 dc483132-0cff-0310-8789-dd5450dbe970
* * ser_sctx.c (kg_ctx_size, kg_ctx_externalize): Adjust for newTom Yu2004-06-172-1/+10
| | | | | | field cred_rcache. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16477 dc483132-0cff-0310-8789-dd5450dbe970
* ok, let's try this again..Tom Yu2004-06-164-4/+21
| | | | | | | | | | | | | | | | | * accept_sec_context.c (krb5_gss_accept_sec_context): Only null out the auth_context's rcache if it was provided by acceptor creds; this prevents a leak. * delete_sec_context.c (krb5_gss_delete_sec_context): Only null out the auth_context's rcache if it was provided by acceptor creds; this prevents a leak. * gssapiP_krb5.h (krb5_gss_ctx_id_rec): Add cred_rcache to track whether acceptor creds provided an rcache. ticket: 2600 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16465 dc483132-0cff-0310-8789-dd5450dbe970
* don't leak rcaches in accept_sec_contextTom Yu2004-06-151-1/+5
| | | | | | | | | | | | * accept_sec_context.c (krb5_gss_accept_sec_context): Don't null out rcache of auth_context prior to free if rcache was temporarily allocated; this prevents leaking rcaches. ticket: new version_reported: 1.3.4 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16453 dc483132-0cff-0310-8789-dd5450dbe970
* * init_sec_context.c (krb5_gss_init_sec_context): Fix pointerTom Yu2004-06-142-1/+7
| | | | | | | assignment when retrieving k5_context from existing context_handle. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16440 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (gssapi_krb5.h): Add Windows version of generation ruleKen Raeburn2004-06-112-0/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16432 dc483132-0cff-0310-8789-dd5450dbe970
* Install gssapi_krb5.h from build dir not srcdirSam Hartman2004-06-102-1/+4
| | | | | | | ticket: 2587 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16428 dc483132-0cff-0310-8789-dd5450dbe970
* If channel bindings are supplied to server require them to be matchedSam Hartman2004-06-092-15/+11
| | | | | | | | | | | | | | | | | | Based on discussion on kerberos@mit.edu, the decision to allow null channel bindings from a client to match even when server channel bindings are supplied is flawed. This decision assumes that we cannot get server implementations to change even though we are able to deploy a new Kerberos implementation on the server. In practice the server implementations in question have actually changed and so the only part of revision 1.54 of accept_sec_context.c we actually need is the code to ignore channel bindings if null channel bindings are passed into the server. Thus the change to allow null channel bindings from the client to match against any channel bindings on the server is backed out. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16427 dc483132-0cff-0310-8789-dd5450dbe970
* Run make dependSam Hartman2004-06-081-0/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16424 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-04-03 19:24:30 +0000