summaryrefslogtreecommitdiffstats
path: root/src/lib/krb4/kuserok.c
Commit message (Collapse)AuthorAgeFilesLines
* Remove krb524, lib/des425, lib/krb4, and include/kerberosIV.Greg Hudson2008-12-181-190/+0
| | | | | | | | | | Remove krb4 build system references and conditionals. Move des425 header stuff referenced by des_int.h into des_int.h. Remove krb4 test cases. ticket: 6303 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21544 dc483132-0cff-0310-8789-dd5450dbe970
* Set close-on-exec flag in most places where file descriptors areKen Raeburn2007-10-221-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | opened in our libraries (in case another application thread spawns a new process) and in the KDC programs (in case a plugin library spawns a new process). Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup dup2 pipe. In: util lib plugins kdc kadmin/server krb524. The various programs are less critical than the libraries, as any well-written plugin that spawns a new process should close all file descriptors it doesn't need to communicate with the new process. This approach also isn't bulletproof, as the call to set the close-on-exec flag is necessarily a separate call from creating the file descriptor, and the fork call could happen in between them. So plugins should be careful regardless of this patch; it will only reduce the window of potential lossage should a plugin be poorly written. (AFAIK there are currently no plugins that spawn processes where this would be a problem.) Update dependencies. ticket: 5561 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
* Nuke disabled support for ancient .klogin syntaxKen Raeburn2007-07-121-72/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19702 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilitiesTom Yu2006-08-081-2/+4
| | | | | | | | | | | | | | | | | | | * src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive): * src/appl/bsd/v4rcp.c (main): * src/appl/bsd/krcp.c (main): * src/appl/bsd/krshd.c (doit): * src/appl/bsd/login.c (main): * src/clients/ksu/main.c (sweep_up): * src/lib/krb4/kuserok.c (kuserok): Check return values from setuid() and related functions to avoid privilege escalation vulnerabilities. Fixes MITKRB5-SA-2006-001. [CVE-2006-3083, VU#580124, CVE-2006-3084, VU#401660] ticket: new target_version: 1.5.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18420 dc483132-0cff-0310-8789-dd5450dbe970
* Instead of arbitrary division of headers into include and include/krb5, withKen Raeburn2006-03-111-1/+1
| | | | | | | | | | | | include directives sometimes using krb5/foo.h and sometimes using foo.h, and -I options always given for both directories in both source and build trees, push include/krb5/* up a level and drop the krb5 directory (except, for the moment, the change log). Updated #include directives, -I options, and dependencies accordingly, and deleted one or two bits of old, unused code that was noticed in the process. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17730 dc483132-0cff-0310-8789-dd5450dbe970
* Reduce local configure script's work by removing static defines and header andKen Raeburn2003-03-051-0/+1
| | | | | | | | | | | | | | | | | function info available in krb5/autoconf.h. * gethostname.c, getst.c, kadm_net.c, klog.c, kparse.c: Include krb5/autoconf.h. * kuserok.c, log.c, memcache.c, mk_preauth.c, netread.c: Ditto. * netwrite.c, put_svc_key.c, recvauth.c, send_to_kdc.c: Ditto. * tkt_string.c: Ditto. * Makefile.in: Update dependencies. (DEFINES): Define KRB4_USE_KEYTAB. * configure.in: Don't define KRB4_USE_KEYTAB. Don't check for any headers or functions; include/configure.in already does it. Don't invoke AC_C_CONST explicitly; CONFIG_RULES does that. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15230 dc483132-0cff-0310-8789-dd5450dbe970
* * ad_print.c, g_in_tkt.c, g_pw_in_tkt.c, kadm_net.c, klog.c:Tom Yu2002-12-141-5/+21
| | | | | | | | | | * kuserok.c, log.c, memcache.c, netread.c, netwrite.c: * password_to_key.c, recvauth.c, stime.c, tkt_string.c: Change _WINDOWS to _WIN32 in many places. Update copyright notices. Remove _WINDOWS handling completely in a few places where it's not needed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15048 dc483132-0cff-0310-8789-dd5450dbe970
* Danilo also says we can get rid of _MSDOS (Win16) tests, and explicit ↵Ken Raeburn2001-10-061-2/+2
| | | | | | FAR/NEAR specs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13786 dc483132-0cff-0310-8789-dd5450dbe970
* Danilo says we can get rid of the DLLIMP stuff nowKen Raeburn2001-10-041-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13775 dc483132-0cff-0310-8789-dd5450dbe970
* * g_krbrlm.c: Remove unused static variable krb_confEzra Peisach2001-06-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g_svc_in_tkt.c (krb_svc_init, krb_svc_init_preauth): Declare as returning int. * gethostname.c: Include unistd.h for gethostname() prototype. * getst.c: Include unistd.h for read() prototype. * in_tkt.c (in_tkt): Cast arguments to debugging printf to int from uid_t to match format statement. * kname_parse.c: Declare k_isname() and k_isinst() as returning int. Cleanup assigments in conditionals. * kuserok.c (kuserok): Cleanup assignment in conditional. * log.c (krb_set_logfile): Declare function as void. * klog.c (kset_logfile): Likewise. * pkt_clen.c (pkt_clen): Declare as returning int. * kntoln.c (krb_kntoln): Likewise. * fgetst.c (fgetst): Likewise. * rd_req.c: Declare local variable only if KRB_CRYPT_DEBUG defined. * recvauth.c: Include stdlib.h and unistd.h for read() and atoi() prototypes. * send_to_kdc.c: Include unistd.h for close() prototype. * sendauth.c (krb_sendauth): Clean up assignment in conditional. * tkt_string.c (tkt_string): Likewise git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13256 dc483132-0cff-0310-8789-dd5450dbe970
* pullup from 1.2 branchKen Raeburn2000-06-271-2/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12442 dc483132-0cff-0310-8789-dd5450dbe970
* Remove KRB5_USE_INET, HAS_UNISTD_H, HAS_SETVBUF, and replaceTom Yu1997-09-261-1/+1
| | | | | | | with appropriate autoconf-style symbols. See individual ChangeLogs for details. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10202 dc483132-0cff-0310-8789-dd5450dbe970
* Build krb4 compatibility library for win16/win32Richard Basch1997-02-181-3/+8
| | | | | | (including application server routines, such as krb_rd_req) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9883 dc483132-0cff-0310-8789-dd5450dbe970
* * kuserok.c: use HAVE_SETEUID and HAVE_SETRESUID to figure out howMark Eichin1996-01-271-1/+3
| | | | | | | | to emulate seteuid instead of assuming hpux. * configure.in: test for seteuid as well; fold some tests into a single AC_HAVE_FUNCS. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7401 dc483132-0cff-0310-8789-dd5450dbe970
* * kuserok.c: HAS_UNISTD_H instead of USE_.Mark Eichin1995-04-281-1/+1
| | | | | | * configure.in: test for HAVE_STRSAVE (for kparse.c). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5597 dc483132-0cff-0310-8789-dd5450dbe970
* add CNS V4 library to tree for compatibility use. Installs as libkrb4.aMark Eichin1995-04-271-0/+231
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5537 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-02-16 11:49:42 +0000