| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
($(srcdir)/deltat.c): Change to source directory before rebuilding, so path to
source tree doesn't get inserted.
(deltat.c rebuilt)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17178 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17177 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
which was preventing bison-1.75 from producing compilable C
output.
ticket: new
version_reported: 1.4
target_version: 1.4.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17140 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_get_init_creds() for the second time (with use_master=1),
also accept KRB5_REALM_UNKNOWN as a soft error, and use the result
from the first call to krb5_get_init_creds(). This can happen
when no master KDC is configured.
ticket: 2974
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17132 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
have one that does, override the use of @MAINT@ on Windows.
ticket: 2962
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17128 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A build on Lenny's machine (built with gcc 2.7, thread support disabled, static
libraries only) is failing tests because the HP header files define "WS" as a
macro that expands to 2, while the delta-t grammar uses "WS" as the name of a
terminal symbol (which under bison turns into a C macro).
Renaming the terminal in the grammar (and custom lexer) fixes the problem.
* x-deltat.y (tok_WS): Renamed terminal from "WS", which conflicts with HP-UX
10 header files. Updated all productions.
(mylex): Updated.
* Makefile.in ($(srcdir)/deltat.c): Enable dependencies in maintainer mode.
* deltat.c: Updated.
ticket: new
target_version: 1.4.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17110 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
was run only on UNIX. Test assertion that krb5_ui_8 really did get a proper
64-bit type.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17103 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
string causes prompting and doesn't cause truncation of password
to zero characters.
ticket: 2918
target_version: 1.4.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17098 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
for memory leaks.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17072 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
prevent dereferencing of pointer if 'name' or 'size' are NULL
ticket: new
tags: pullup
target_version: 1.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17049 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fixed as introduced in ticket #2541. Do not rely on knowledge that
upon failure from krb5_cc_retrieve_cred, returned credential data
is untouched.
Testsuite passes all tests, but would like another set of eyes to look over code
before closing ticket.
ticket: 2885
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17048 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* preauth2.c (krb5_do_preauth): Upon error in decoding
krb5_type_info{,2}, on failure, do not call krb5_free_type_info
with a null pointer.
The only way to reach this code is to set a preauth list requesting for ETYPE_INFO
or ETYPE_INFO2 in a call to krb5_get_in_tkt_with_password.
Before sending the request, krb5_do_preauth tries to parse a NULL length asn1 buffer,
fails and tries to free a null pointer.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17047 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
prevent krb5_copy_principal() and krb5_copy_keyblock() from
calling malloc(0). On platforms in which malloc(0) returns
NULL, these functions will return an ENOMEM error the way
they were written.
ticket: 2881
target_version: 1.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17045 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
ccache before returning. Based on patch from fumihiko kakuma
<kakuma@valinux.co.jp>. Also whitespace changes for readability.
ticket: 2541
tags: pullup
target_version: 1.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17014 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As Ezra noted, krb5_parse_name saves away the default realm the first
time it looks it up, and will never look it up again, even if the
config file has changed, the context isn't the same one, etc. It also
used a static variable which wasn't thread-safe.
With this patch, we still won't catch changes in the config file
specification after the default realm has been looked up for a given
krb5_context, because it's cached in the context too, but this will at
least be more responsive, and thread safe.
* parse.c (krb5_parse_name): Don't cache the default realm name.
ticket: new
target_version: 1.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16988 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
In most library directories, this just affects where the line breaks
are. In most other directories, it's just dropping a trailing blank
line. One or two files really do have updated dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16987 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16877 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16876 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
copying new one in.
ticket: 2725
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16837 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16828 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
default to seconds.
ticket: 2734
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16819 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
the format is invalid, it should return a distinct error (KRB5_DELTAT_BADFORMAT, not EINVAL)
ticket: 2734
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16816 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
ticket: 1345
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16790 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
* rd_cred.c (decrypt_credencdata): Clear and free ppart to avoid
leak. Reported by Derrick Schommer.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16772 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 2686
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16703 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
Fix double-free vulnerabilities [MITKRB5-SA-2004-002].
ticket: new
target_version: 1.3.5
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16701 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
variadic argument lists to krb5_build_principal{,_ext}. Skipped the stylistic
patches that removed casts of NULL.
tag: 1850
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16693 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
aware of 32 bit min and max for times. Allow renew_until time < expiration time
ticket: 2654
ticket: 2655
ticket: 2656
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16656 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16641 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
part of the pre-Mac OS X support. (Except the bits in the Yarrow code, where
it was part of the upstream source.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16506 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
(krb5_timestamp_to_string, krb5_timestamp_to_sfstring): Likewise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16413 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16412 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
* srv_rcache.c (krb5_get_server_rcache): Don't forget to actually include the
cache type in the cache name, after looking it up.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16410 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use only one library initialization scheme, and install the error tables in
only one place.
* krb5_libinit.c (initialized): Variable deleted, all references removed.
(krb5int_lib_init): Initialize error tables here.
(krb5int_initialize_library): Don't do it here.
* error_tables/Makefile.in (STLIBOBJS, OBJS, SRCS): Drop init_ets code.
* krb/init_ctx.c (init_common): Don't call krb5_init_ets.
(krb5_free_context): Don't call krb5_free_ets.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16388 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
constructing an rcache object locally.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16387 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16360 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
close keytab.
* chpw.c: Add parenthesis around assignments in conditionals.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16356 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
message. The krb5_response message_type field was never set
resulting in stack garbage being used instead. This would
break code which used transitive cross-realm to obtain service
tickets.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16331 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16273 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
declarations to silence gcc warnings
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16271 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that the initializer completed successfully. Delay initialization on POSIX
until the first "verification" call. Currently specific to a few platforms,
but should still build on others without thread support enabled.
Use it to finish creating (if necessary) and destroy mutexes, and free some
other storage "permanently" allocated by libraries (currently, libkrb5
cache/keytab type registries only). Change initialization of static mutexes to
a two-step operation, a static "partial" initializer and a "finish_init"
routine called from a thread-safe environment like library initialization is
assumed to be. POSIX will use the former, Windows will use the latter, and the
debug support will check that *both* have been used.
Added init/fini functions to com_err, profile, krb5, and gssapi libraries.
(The profile library one may need to be removed later.) The existing ones, not
thread-safe, are still around.
Use weak symbol support if available to figure out if the pthread library has
been linked in, and avoid calling certain routines if the C library stubs are
known not to exist or work.
Stub declarations for thread-specific data.
Minor bugfixes, whitespace changes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16268 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
John Hascall reports that the emulation of krb5_get_in_tkt is
incomplete and does not handle lifetimes set in the input credentials.
He provided a patch to fix this.
Ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16258 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
get_init_creds_password path.
Ticket: 2534
Tags: pullup
Target_Version: 1.3.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16255 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Fix a case I missed in my original patch for the krb5_get_init_creds API change.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16162 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
ticket: 2296
version_fixed:
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16139 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
suffered from a behavior in which it would unintentionally query a master
KDC twice if in fact the KDC queried when krb5int_sendto() was called
with use_master = 0 was in fact the master. This resulted in more than
an additional protocol operation. There were two negative side effects.
First, in the case of an incorrect password there would be two counts
against the max retry attempts. Second, in the case of hardware pre-auth
and an expired password, the user would be asked to enter their expired
password twice before being told it was expired.
This has been fixed by changing the use_master parameter into an in/out
parameter and modifying krb5int_sendto() to indicate which KDC it received
the response from. This allows the use_master parameter to be set to
indicate whether or not the response came from a master KDC regardless
of whether a master KDC was requested.
ticket: new
target_version: next
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16137 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16082 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we support aes128-cts but do not enable it by default. It
looks like interoperability problems will be created by this decision.
So add aes128-cts to the default list of enctypes for client
configuration and for permitted_enctypes.
Ticket: new
Target_Version: 1.3.2
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16026 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15948 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
temorary in case krb5_int32 isn't "int".
(decode_v4tkt): Use a temorary in case krb5_int32 isn't "int".
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15936 dc483132-0cff-0310-8789-dd5450dbe970
|