summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb
Commit message (Collapse)AuthorAgeFilesLines
* * Makefile.in (BISONFLAGS): Drop -v.Ken Raeburn2005-04-133-23/+27
| | | | | | | | | ($(srcdir)/deltat.c): Change to source directory before rebuilding, so path to source tree doesn't get inserted. (deltat.c rebuilt) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17178 dc483132-0cff-0310-8789-dd5450dbe970
* Delete definitions of unused macros NEED_SOCKETS and NEED_LOWLEVEL_IOKen Raeburn2005-04-134-3/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17177 dc483132-0cff-0310-8789-dd5450dbe970
* * x-deltat.y (wsnum): Add missing semicolon following YYERROR,Tom Yu2005-03-232-1/+5
| | | | | | | | | | | | which was preventing bison-1.75 from producing compilable C output. ticket: new version_reported: 1.4 target_version: 1.4.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17140 dc483132-0cff-0310-8789-dd5450dbe970
* * gic_keytab.c (krb5_get_init_creds_keytab): When callingTom Yu2005-03-222-1/+11
| | | | | | | | | | | | krb5_get_init_creds() for the second time (with use_master=1), also accept KRB5_REALM_UNKNOWN as a soft error, and use the result from the first call to krb5_get_init_creds(). This can happen when no master KDC is configured. ticket: 2974 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17132 dc483132-0cff-0310-8789-dd5450dbe970
* The current wconfig.c does not treat @MAINT@ as a comment. Until weJeffrey Altman2005-03-152-1/+9
| | | | | | | | have one that does, override the use of @MAINT@ on Windows. ticket: 2962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17128 dc483132-0cff-0310-8789-dd5450dbe970
* time-delta parser doesn't work on HP-UX 10Ken Raeburn2005-03-034-703/+1035
| | | | | | | | | | | | | | | | | | | | A build on Lenny's machine (built with gcc 2.7, thread support disabled, static libraries only) is failing tests because the HP header files define "WS" as a macro that expands to 2, while the delta-t grammar uses "WS" as the name of a terminal symbol (which under bison turns into a C macro). Renaming the terminal in the grammar (and custom lexer) fixes the problem. * x-deltat.y (tok_WS): Renamed terminal from "WS", which conflicts with HP-UX 10 header files. Updated all productions. (mylex): Updated. * Makefile.in ($(srcdir)/deltat.c): Enable dependencies in maintainer mode. * deltat.c: Updated. ticket: new target_version: 1.4.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17110 dc483132-0cff-0310-8789-dd5450dbe970
* * init_ctx.c (init_common): Delete redundant library initialization call thatKen Raeburn2005-02-162-4/+22
| | | | | | | was run only on UNIX. Test assertion that krb5_ui_8 really did get a proper 64-bit type. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17103 dc483132-0cff-0310-8789-dd5450dbe970
* * gic_pwd.c (krb5_get_init_creds_password): Fix so empty passwordTom Yu2005-02-102-1/+7
| | | | | | | | | | | string causes prompting and doesn't cause truncation of password to zero characters. ticket: 2918 target_version: 1.4.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17098 dc483132-0cff-0310-8789-dd5450dbe970
* * t_walk_rtree.c (main): Free context at end to allow searchingEzra Peisach2005-01-282-0/+6
| | | | | | for memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17072 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_unparse_name(), krb5_unparse_name_ext():Jeffrey Altman2005-01-172-14/+20
| | | | | | | | | | prevent dereferencing of pointer if 'name' or 'size' are NULL ticket: new tags: pullup target_version: 1.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17049 dc483132-0cff-0310-8789-dd5450dbe970
* * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): More memory leaksEzra Peisach2005-01-172-30/+54
| | | | | | | | | | | | | | fixed as introduced in ticket #2541. Do not rely on knowledge that upon failure from krb5_cc_retrieve_cred, returned credential data is untouched. Testsuite passes all tests, but would like another set of eyes to look over code before closing ticket. ticket: 2885 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17048 dc483132-0cff-0310-8789-dd5450dbe970
* subject; krb5_do_preauth could attempt to free NULL pointerEzra Peisach2005-01-172-1/+8
| | | | | | | | | | | | | | | | * preauth2.c (krb5_do_preauth): Upon error in decoding krb5_type_info{,2}, on failure, do not call krb5_free_type_info with a null pointer. The only way to reach this code is to set a preauth list requesting for ETYPE_INFO or ETYPE_INFO2 in a call to krb5_get_in_tkt_with_password. Before sending the request, krb5_do_preauth tries to parse a NULL length asn1 buffer, fails and tries to free a null pointer. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17047 dc483132-0cff-0310-8789-dd5450dbe970
* * cp_key_cnt.c, copy_princ.c:Jeffrey Altman2005-01-153-19/+34
| | | | | | | | | | | | prevent krb5_copy_principal() and krb5_copy_keyblock() from calling malloc(0). On platforms in which malloc(0) returns NULL, these functions will return an ENOMEM error the way they were written. ticket: 2881 target_version: 1.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17045 dc483132-0cff-0310-8789-dd5450dbe970
* * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Free credentials retrieved fromKen Raeburn2005-01-122-276/+331
| | | | | | | | | | | ccache before returning. Based on patch from fumihiko kakuma <kakuma@valinux.co.jp>. Also whitespace changes for readability. ticket: 2541 tags: pullup target_version: 1.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17014 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_parse_name not thread-safe, not responsive to environment changesKen Raeburn2005-01-032-2/+9
| | | | | | | | | | | | | | | | | | | | As Ezra noted, krb5_parse_name saves away the default realm the first time it looks it up, and will never look it up again, even if the config file has changed, the context isn't the same one, etc. It also used a static variable which wasn't thread-safe. With this patch, we still won't catch changes in the config file specification after the default realm has been looked up for a given krb5_context, because it's cached in the context too, but this will at least be more responsive, and thread safe. * parse.c (krb5_parse_name): Don't cache the default realm name. ticket: new target_version: 1.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16988 dc483132-0cff-0310-8789-dd5450dbe970
* run "make depend"Ken Raeburn2004-12-301-523/+553
| | | | | | | | In most library directories, this just affects where the line breaks are. In most other directories, it's just dropping a trailing blank line. One or two files really do have updated dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16987 dc483132-0cff-0310-8789-dd5450dbe970
* oops, bad updateKen Raeburn2004-11-161-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16877 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2004-11-161-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16876 dc483132-0cff-0310-8789-dd5450dbe970
* * mk_req_ext.c (krb5_mk_req_extended): Free keyblock beforeTom Yu2004-10-262-0/+10
| | | | | | | | | copying new one in. ticket: 2725 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16837 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2004-10-191-2/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16828 dc483132-0cff-0310-8789-dd5450dbe970
* * t_deltat.c (main): Unadorned integer no longer fails now that weTom Yu2004-10-142-1/+6
| | | | | | | | default to seconds. ticket: 2734 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16819 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_string_to_deltat should default to seconds if no unit is provided. If ↵Alexandra Ellwood2004-10-133-721/+534
| | | | | | | | the format is invalid, it should return a distinct error (KRB5_DELTAT_BADFORMAT, not EINVAL) ticket: 2734 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16816 dc483132-0cff-0310-8789-dd5450dbe970
* Make patchlevel.h be the master version fileTom Yu2004-09-253-8/+71
| | | | | | | ticket: 1345 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16790 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak in rd_cred.cTom Yu2004-09-212-1/+10
| | | | | | | | | * rd_cred.c (decrypt_credencdata): Clear and free ppart to avoid leak. Reported by Derrick Schommer. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16772 dc483132-0cff-0310-8789-dd5450dbe970
* oops, forgot changelogTom Yu2004-08-311-0/+5
| | | | | | ticket: 2686 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16703 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2004-002Tom Yu2004-08-312-0/+6
| | | | | | | | | | Fix double-free vulnerabilities [MITKRB5-SA-2004-002]. ticket: new target_version: 1.3.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16701 dc483132-0cff-0310-8789-dd5450dbe970
* Finally applied patch from Nalin Dahyabhai at Red Hat to fix 0/NULL bugs inKen Raeburn2004-08-272-1/+7
| | | | | | | | | variadic argument lists to krb5_build_principal{,_ext}. Skipped the stylistic patches that removed casts of NULL. tag: 1850 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16693 dc483132-0cff-0310-8789-dd5450dbe970
* get_in_tkt.c (get_init_creds): Support ticket_lifetime libdefault. Made ↵Alexandra Ellwood2004-08-122-27/+69
| | | | | | | | | | aware of 32 bit min and max for times. Allow renew_until time < expiration time ticket: 2654 ticket: 2655 ticket: 2656 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16656 dc483132-0cff-0310-8789-dd5450dbe970
* * srv_rcache.c (krb5_get_server_rcache): Call krb5_rc_recover_or_initializeKen Raeburn2004-08-042-7/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16641 dc483132-0cff-0310-8789-dd5450dbe970
* Delete preprocessor tests for macintosh, __MWERKS__, applec, and THINK_C, allKen Raeburn2004-06-222-1/+5
| | | | | | | part of the pre-Mac OS X support. (Except the bits in the Yarrow code, where it was part of the upstream source.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16506 dc483132-0cff-0310-8789-dd5450dbe970
* * str_conv.c (krb5_string_to_timestamp): Use localtime_r if available.Ken Raeburn2004-06-042-2/+21
| | | | | | (krb5_timestamp_to_string, krb5_timestamp_to_sfstring): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16413 dc483132-0cff-0310-8789-dd5450dbe970
* * parse.c (krb5_parse_name): Use assert and abort, not exitKen Raeburn2004-06-042-5/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16412 dc483132-0cff-0310-8789-dd5450dbe970
* OopsKen Raeburn2004-06-042-1/+9
| | | | | | | * srv_rcache.c (krb5_get_server_rcache): Don't forget to actually include the cache type in the cache name, after looking it up. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16410 dc483132-0cff-0310-8789-dd5450dbe970
* Add/remove error tables in library initialization/termination, not per context.Ken Raeburn2004-06-022-3/+6
| | | | | | | | | | | | | | Use only one library initialization scheme, and install the error tables in only one place. * krb5_libinit.c (initialized): Variable deleted, all references removed. (krb5int_lib_init): Initialize error tables here. (krb5int_initialize_library): Don't do it here. * error_tables/Makefile.in (STLIBOBJS, OBJS, SRCS): Drop init_ets code. * krb/init_ctx.c (init_common): Don't call krb5_init_ets. (krb5_free_context): Don't call krb5_free_ets. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16388 dc483132-0cff-0310-8789-dd5450dbe970
* * srv_rcache.c (krb5_get_server_rcache): Use krb5_rc_resolve_full instead ofKen Raeburn2004-06-022-13/+13
| | | | | | constructing an rcache object locally. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16387 dc483132-0cff-0310-8789-dd5450dbe970
* * conv_creds.c (krb5int_encode_v4tkt): Unsigned vs signed warning fixEzra Peisach2004-05-252-1/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16360 dc483132-0cff-0310-8789-dd5450dbe970
* * t_ser.c (ser_keytab_test): Cleanup memory leak of forgetting toEzra Peisach2004-05-243-6/+13
| | | | | | | | close keytab. * chpw.c: Add parenthesis around assignments in conditionals. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16356 dc483132-0cff-0310-8789-dd5450dbe970
* * send_tgs.c: krb5_send_tgs() was broken in the case of a KRB_ERRORJeffrey Altman2004-05-132-0/+9
| | | | | | | | | | | message. The krb5_response message_type field was never set resulting in stack garbage being used instead. This would break code which used transitive cross-realm to obtain service tickets. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16331 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2004-04-241-297/+353
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16273 dc483132-0cff-0310-8789-dd5450dbe970
* * conv_creds.c (krb524_init_ets, krb524_convert_creds_kdc): Add forward ↵Ken Raeburn2004-04-242-1/+12
| | | | | | declarations to silence gcc warnings git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16271 dc483132-0cff-0310-8789-dd5450dbe970
* Added support for library initialization and finalization, and verificationKen Raeburn2004-04-242-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | that the initializer completed successfully. Delay initialization on POSIX until the first "verification" call. Currently specific to a few platforms, but should still build on others without thread support enabled. Use it to finish creating (if necessary) and destroy mutexes, and free some other storage "permanently" allocated by libraries (currently, libkrb5 cache/keytab type registries only). Change initialization of static mutexes to a two-step operation, a static "partial" initializer and a "finish_init" routine called from a thread-safe environment like library initialization is assumed to be. POSIX will use the former, Windows will use the latter, and the debug support will check that *both* have been used. Added init/fini functions to com_err, profile, krb5, and gssapi libraries. (The profile library one may need to be removed later.) The existing ones, not thread-safe, are still around. Use weak symbol support if available to figure out if the pthread library has been linked in, and avoid calling certain routines if the C library stubs are known not to exist or work. Stub declarations for thread-specific data. Minor bugfixes, whitespace changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16268 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_in_tkt ignores lifetimeSam Hartman2004-04-163-5/+17
| | | | | | | | | | John Hascall reports that the emulation of krb5_get_in_tkt is incomplete and does not handle lifetimes set in the input credentials. He provided a patch to fix this. Ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16258 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak when not sending to master KDC inSam Hartman2004-04-152-0/+9
| | | | | | | | | | get_init_creds_password path. Ticket: 2534 Tags: pullup Target_Version: 1.3.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16255 dc483132-0cff-0310-8789-dd5450dbe970
* Fix missing case for get_init_creds API changeKen Hornstein2004-03-092-1/+7
| | | | | | | | Fix a case I missed in my original patch for the krb5_get_init_creds API change. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16162 dc483132-0cff-0310-8789-dd5450dbe970
* * gic_pwd.c (krb5_get_in_tkt_with_password): Fix a case Jeff missedKen Raeburn2004-02-282-1/+7
| | | | | | | ticket: 2296 version_fixed: git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16139 dc483132-0cff-0310-8789-dd5450dbe970
* As discussed on the krbdev mailing list, krb5_get_init_creds_password()Jeffrey Altman2004-02-275-11/+23
| | | | | | | | | | | | | | | | | | | | | | | suffered from a behavior in which it would unintentionally query a master KDC twice if in fact the KDC queried when krb5int_sendto() was called with use_master = 0 was in fact the master. This resulted in more than an additional protocol operation. There were two negative side effects. First, in the case of an incorrect password there would be two counts against the max retry attempts. Second, in the case of hardware pre-auth and an expired password, the user would be asked to enter their expired password twice before being told it was expired. This has been fixed by changing the use_master parameter into an in/out parameter and modifying krb5int_sendto() to indicate which KDC it received the response from. This allows the use_master parameter to be set to indicate whether or not the response came from a master KDC regardless of whether a master KDC was requested. ticket: new target_version: next tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16137 dc483132-0cff-0310-8789-dd5450dbe970
* Don't specify defaults for GET{PEER,SOCK}NAME_ARG{2,3}_TYPE macrosKen Raeburn2004-02-142-13/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16082 dc483132-0cff-0310-8789-dd5450dbe970
* Enable aes128-cts for clientSam Hartman2004-02-062-0/+5
| | | | | | | | | | | | | Currently we support aes128-cts but do not enable it by default. It looks like interoperability problems will be created by this decision. So add aes128-cts to the default list of enctypes for client configuration and for permitted_enctypes. Ticket: new Target_Version: 1.3.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16026 dc483132-0cff-0310-8789-dd5450dbe970
* * get_in_tkt.c (get_in_tkt_enctypes): Now constKen Raeburn2003-12-202-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15948 dc483132-0cff-0310-8789-dd5450dbe970
* * conv_creds.c (krb5int_encode_v4tkt): Zero out unused parts of ticket. Use aKen Raeburn2003-12-162-4/+18
| | | | | | | temorary in case krb5_int32 isn't "int". (decode_v4tkt): Use a temorary in case krb5_int32 isn't "int". git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15936 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-09-23 01:24:54 +0000