summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb
Commit message (Collapse)AuthorAgeFilesLines
...
* Based on patch from lxs, with some changes:Ken Raeburn2008-08-277-10/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add several new gcc warning flags, used in the KfM build process. Put declarations before code. Fix a bunch of signed/unsigned type mixes, mostly by changing variable types to unsigned int. Fix constness in handling name of default ccache name. Make sure functions get declared with prototypes: krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get. Don't shadow global names: stat accept index open encrypt. Fix variable shadowing in LDAP ASN.1 support. Don't define unused krb5int_local_addresses. Don't export internal krb5_change_set_password. Fix error return indications from gssint_oid_to_mech. Create and use k5-gmt_mktime.h to provide one global declaration of krb5int_gmt_mktime, needed before we've generated krb5.h on some platforms. Not incorporated from initial patch: const changes in function signatures. ticket: 6096 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970
* Incorporate Apple's patchKen Raeburn2008-08-251-1/+28
| | | | | | | | | | | | | | | | | | | | | | Add a test authorization data scheme, in both built-in and plugin forms; built-in version is #ifdef'ed out. Update configury to create the build directory for the plugin, but don't build or install it by default. Create the new (and normally empty) authorization data plugin directory at install time. Add some (normally disabled) code to log authz data from rd_req. Fix up some comments that still refer to preauth plugins. Add some details in comments on the API, and why it's private for now. Make the plugin init context support work, by not passing null pointers. ticket: 5565 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20691 dc483132-0cff-0310-8789-dd5450dbe970
* Let walk_realm_tree tests fail for now, ignore them and keep goingKen Raeburn2008-08-221-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20687 dc483132-0cff-0310-8789-dd5450dbe970
* Use capaths unconditionally. Update copyrightKen Raeburn2008-08-221-12/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20686 dc483132-0cff-0310-8789-dd5450dbe970
* lean client changesZhanna Tsitkov2008-08-207-7/+29
| | | | | | | | | All changes are under LEAN_CLIENT macro. Application server functionality is disabled. Ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20680 dc483132-0cff-0310-8789-dd5450dbe970
* In copying a credential - if we run out memory - the cleanup code failed to ↵Ezra Peisach2008-08-161-3/+5
| | | | | | clear the second_ticket git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20666 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5int_copy_creds_contents - if we run out of memory, do notEzra Peisach2008-08-141-1/+2
| | | | | | release pointer to output creds structure that is passed in by caller. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20657 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up memory leak in krb5_build_principal if we run out of memoryEzra Peisach2008-08-141-0/+3
| | | | | | while building pricipal. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20656 dc483132-0cff-0310-8789-dd5450dbe970
* malloc+memset(,0,) -> callocKen Raeburn2008-08-0715-67/+36
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20630 dc483132-0cff-0310-8789-dd5450dbe970
* fix cleanup code in allocating preauth infoKen Raeburn2008-08-061-2/+2
| | | | | | | | | | | | After an allocation failure, free up the previously allocated array elements by counting back down to zero, not continuing to count up until we hit zero. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20608 dc483132-0cff-0310-8789-dd5450dbe970
* Use load/store_32/16_be/le functionsKen Raeburn2008-08-021-8/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20603 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out code to compute length of quoted name component and copy withKen Raeburn2008-08-021-78/+68
| | | | | | quoting into separate functions, to reduce code duplication. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20593 dc483132-0cff-0310-8789-dd5450dbe970
* r1926@ken-wireless: raeburn | 2008-07-15 16:49:17 -0400Ken Raeburn2008-07-152-0/+72
| | | | | | | | | | | | ticket: 5947 status: open Add a test script for the walk_rtree code, and run some test cases that exercise the problem reported in RT ticket 5947. r1927@ken-wireless: raeburn | 2008-07-15 19:55:10 -0400 Some more test cases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20528 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_cred_via_tkt() should null out_cred on errorsTom Yu2008-07-151-0/+1
| | | | | | | | | | | | | Helper function krb5_kdcrep2creds(), called from krb5_get_cred_via_tkt(), should null its output pointer after freeing allocated memory, to avoid returning an invalid pointer. ticket: new tags: pullup target_version: 1.6.4 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20527 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_gic_opte_copy should copy elements individuallyAlexandra Ellwood2008-07-071-2/+13
| | | | | | | | | | Since we are copying from one structure to another, copy elements. Using memcpy is fragile. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20499 dc483132-0cff-0310-8789-dd5450dbe970
* use-after-free bugsKen Raeburn2008-06-271-1/+1
| | | | | | | | | | | Fix some bugs with storage being used immediately after being freed. None look like anything an attacker can really manipulate AFAICT. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20485 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak, and possible freed-memory dereference, in an error (smallKen Raeburn2008-06-271-1/+1
| | | | | | | | allocation failure) path. ticket: 5997 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20482 dc483132-0cff-0310-8789-dd5450dbe970
* misc memory leaksKen Raeburn2008-06-274-9/+18
| | | | | | | | | | | | Fix various memory leaks that show up mostly in error cases (e.g., failure to allocate one small object, and then we forget to free another one). ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20481 dc483132-0cff-0310-8789-dd5450dbe970
* fix free of automatic storageKen Raeburn2008-06-271-4/+4
| | | | | | | | | | | Fix a possible free of automatic storage that can happen on an (unlikely) encoding failure. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20480 dc483132-0cff-0310-8789-dd5450dbe970
* Apple PKINIT LKDC supportAlexandra Ellwood2008-06-262-20/+86
| | | | | | | ticket: 5968 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20476 dc483132-0cff-0310-8789-dd5450dbe970
* Rolled back patch because tickets 4495 and 5124 fix this bugAlexandra Ellwood2008-06-251-4/+1
| | | | | | | | in a different way. ticket: 5991 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20474 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_do_preauth_tryagain should check for NULL padataAlexandra Ellwood2008-06-251-1/+4
| | | | | | | | | | Fixed so krb5_do_preauth_tryagain no longer crashes on NULL padata but instead returns an error. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20473 dc483132-0cff-0310-8789-dd5450dbe970
* This patch is derived from a patch originally submitted to RTJeffrey Altman2008-06-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | by: Nik Conwell <nik@bu.edu> krb5_set_real_time() accepts as input the time of the KDC or an application server as a combination of seconds and microseconds. Often it is the case that the time source does not provide the real time with less than one second granularity. Up until this patch such a caller would fill in the microseconds parameter as zero. krb5_set_real_time() would treat the zero microseconds as the actual reported time and compute a microsecond based offset. During a one second window subsequent calls to krb5_set_real_time() would have an ever increasing offset size until the number of seconds is incremented. This in turn produces a side effect in which the microseconds value of the local clock is effectively erased. If there are multiple processes or threads on the same machine each requesting service tickets using the same client principal for the same service principal where the number of seconds reported by the KDC are equivalent, then they will now all create authenticators with exactly the same timestamp. As a result, the authenticating service will detect a replay attack even though the authenticators are actually unique. The replay cache only maintains a tuple of client, server and timestamp. This patch modifies the interpretation of the microseconds parameter. If -1 is specified, the microseconds offset is ignored. ticket: 5924 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20413 dc483132-0cff-0310-8789-dd5450dbe970
* Change krb5_context.db_context to point to the real structure type,Ken Raeburn2008-06-022-8/+8
| | | | | | | | and change uses to not cast all the time. Also rename it from db_context to dal_handle, since one of the fields in the pointed-to structure is also called db_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20348 dc483132-0cff-0310-8789-dd5450dbe970
* Apple PKINIT patch commitAlexandra Ellwood2008-05-308-4/+3189
| | | | | | | | | | | | | Commit of Apple PKINIT patches under "APPLE_PKINIT" preprocessor symbol. Long term goal is to merge these patches with the pkinit preauth plugin which does not currently have support for Mac OS X crypto libraries or the exported functions used by Back To My Mac. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20346 dc483132-0cff-0310-8789-dd5450dbe970
* fix possible buffer overrun in handling generic-error returnKen Raeburn2008-04-181-2/+3
| | | | | | | | | | | | | | | | | | | Jeff Altman reported this, based on a crash seen in KfW in the wild. The krb5_data handle used to describe the message field returned by the KDC is not null-terminated, but we use a "%s" format to incorporate it into an error message string. In the right circumstances, garbage bytes can be pulled into the string, or a memory fault may result. However, as this is in the error-reporting part of the client-side code for fetching new credentials, it's a relatively minor DoS attack only, not a serious security exposure. Should be fixed in the next releases, though. ticket: new target_version: 1.6.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20304 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize options for _alloc interface to same defaults as for _initKen Raeburn2007-10-011-1/+9
| | | | | | | ticket: 5800 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20064 dc483132-0cff-0310-8789-dd5450dbe970
* revert accidental commit of gc_frm_kdc.cTom Yu2007-09-041-181/+20
| | | | | | ticket: 5707 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19915 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-4000 modify_policy vulnerabilityTom Yu2007-09-041-20/+181
| | | | | | | | | | | In kadm5_modify_policy_internal, check for nonexistence of policy before doing anything with it, to avoid memory corruption. ticket: new target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19914 dc483132-0cff-0310-8789-dd5450dbe970
* t_ser should no longer use kdb librariesEzra Peisach2007-08-142-4/+2
| | | | | | | | | | Remove the call to krb5_db_fini() - as rest of the db code was pulled during DAL integration. This removes dependency on db libraries - alter Makefile.in. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19822 dc483132-0cff-0310-8789-dd5450dbe970
* Based on Apple's patch, during the referrals loop, check to see if theTom Yu2007-08-031-65/+95
| | | | | | | | | | | session key enctype of a returned credential for the final service is among the enctypes explicitly selected by the application, and retry with old_use_conf_ktypes if it is not. ticket: 4950 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19748 dc483132-0cff-0310-8789-dd5450dbe970
* Add internal prototype for krb5_preauth_supply_preauth_data(). Clean up Ezra Peisach2007-08-034-492/+521
| | | | | | | | some shadow variable warnings, make depend... ticket: 5617 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19746 dc483132-0cff-0310-8789-dd5450dbe970
* Add PKINIT supportKevin Coffman2007-08-011-21/+36
| | | | | | | | | | | | | | | | Pull up PKINIT support onto the trunk. Changes from the version in branch users/coffman/pkinit are: - Update the preauth plugin interface version to avoid conflict with any existing plugins. - Add a pkcs11.h locally to the pkinit code rather than depending on opensc being installed. ticket: new Target_Version: 1.6.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19745 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out code for looking up the current time, comparing the offset ofKen Raeburn2007-07-204-37/+19
| | | | | | | a supplied timestamp against the configured maximum clock skew, and possibly generating an error message, into a separate routine. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19722 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid use of unchecked sprintf in libraries. Use asprintf if theKen Raeburn2007-07-125-66/+75
| | | | | | | output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
* If error is KDC_ERR_S_PRINCIPAL_UNKNOWN, report the server nameKen Raeburn2007-07-041-0/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19666 dc483132-0cff-0310-8789-dd5450dbe970
* Define a localtime_r wrapper around localtime if the system doesn'tKen Raeburn2007-06-291-7/+17
| | | | | | | | provide localtime_r, instead of handling it in-line. Check for error indication from localtime_r. Call localtime_r only once instead of each time around the loop. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19655 dc483132-0cff-0310-8789-dd5450dbe970
* set svn:eol-style to native for *.[ch]Ken Raeburn2007-06-201-94/+94
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19596 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_walk_realm_tree leaks in capaths caseTom Yu2007-06-181-0/+3
| | | | | | | | | | | | | | | Markus Moeller reports a leak in krb5_get_credentials() which was then traced down to profile strings leaking from within krb5_walk_realm_tree(). A pointer to a profile string was getting overwritten without the string being freed when *cap_nodes[0] == '.'. Fix is to free the string prior to overwriting the pointer if the pointer is non-null. ticket: new target_version: 1.6.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19582 dc483132-0cff-0310-8789-dd5450dbe970
* Move CCAPI sources to krb5 repositoryAlexandra Ellwood2007-05-311-1/+1
| | | | | | | ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19564 dc483132-0cff-0310-8789-dd5450dbe970
* Change struct _krb5_context.os_context into a single element instead of array[1]Ken Raeburn2007-05-212-21/+18
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19554 dc483132-0cff-0310-8789-dd5450dbe970
* Define and use some inline helper functions for comparing data and authdata ↵Ken Raeburn2007-05-105-43/+20
| | | | | | | | structures, instead of open-coding checks of multiple fields everywhere. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19544 dc483132-0cff-0310-8789-dd5450dbe970
* k5-int.h, gic_opt.cJeffrey Altman2007-05-021-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The krb5_get_init_creds_password() and krb5_get_init_creds_keytab() functions permit the gic_opts parameter to be NULL. This is not taken into account when testing the value with the macros krb5_gic_opt_is_extended() and krb5_gic_opt_is_shadowed(). Nor is it taken into account within krb5int_gic_opte_copy() which is called by krb5int_gic_opt_to_opte() when the input parameter is not a krb5_gic_opt_ext structure. This commit makes two changes: (1) it modifies the macros to ensure that the value is non-NULL before evaluation. (2) it modifies krb5int_gic_opte_copy() to avoid copying the original values with memcpy() when the input is NULL. In addition, the code was audited to ensure that the flag KRB5_GET_INIT_CREDS_OPT_SHADOWED is properly set and that when it is set, that the allocated krb5_gic_opt_ext structure is freed by krb5_get_init_creds_password() and krb5_get_init_creds_keytab(). ticket: 5552 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19537 dc483132-0cff-0310-8789-dd5450dbe970
* rd_req_decoded needs to deal with referral realmsSam Hartman2007-04-291-5/+21
| | | | | | | | | | | * Fix handling of null realm in krb5_rd_req_decoded; now we treat a null realm as a default realm there, as we do in the keytab code. ticket: new Target_Version: 1.6.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19536 dc483132-0cff-0310-8789-dd5450dbe970
* race condition in referrals fallbackTom Yu2007-04-251-0/+1
| | | | | | | | | | | | | | | | | * src/lib/krb5/krb/gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): During referrals fallback, set *tgts to NULL after freeing. This avoids returning a pointer to freed memory when the first call to do_traversal() obtains some TGTs and the subsequent krb5_cc_retrieve_cred() of the final-hop TGT succeeds (due to some other thread or process storing that TGT into the ccache), causing second do_traversal() call (which would re-initialize *tgts) to not execute. Race condition found during KfW-3.2 testing. ticket: new target_version: 1.6.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19526 dc483132-0cff-0310-8789-dd5450dbe970
* Provide more detailed error message for 'client not found in kdb'Ken Raeburn2007-04-131-0/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19455 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unused scc_default_format field from krb5_contextKen Raeburn2007-03-262-13/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19287 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust type of 'stable' in krb5_register_serializer to reduce warningsKen Raeburn2007-03-251-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19283 dc483132-0cff-0310-8789-dd5450dbe970
* Change strnchr sought value to int to match passed valueKen Raeburn2007-03-251-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19282 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize values to avoid 'possibly uninitialized' compiler warningsKen Raeburn2007-03-251-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19281 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-01 13:49:05 +0000