summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* explicitly initialize pointer fields after memset (for coverity)Ken Raeburn2009-02-021-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21861 dc483132-0cff-0310-8789-dd5450dbe970
* Default allow_weak_crypto=true for now. Default supported_enctypes toTom Yu2009-01-312-2/+2
| | | | | | | | | exclude single-DES enctypes. ticket: 6353 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21851 dc483132-0cff-0310-8789-dd5450dbe970
* handle freeing null keyblockKen Raeburn2009-01-311-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21846 dc483132-0cff-0310-8789-dd5450dbe970
* Master Key Migration ProjectWill Fiveash2009-01-3010-55/+1193
| | | | | | | | | | | | | | | Commit for the Master Key Migration Project. http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration This commit provides the ability to add a new master key (with an enctype differing from the current master key) to the master key principal and stash file and then migrate the encryption of existing principals long term keys to use the new master key. In addition deletion of master keys is provided. ticket: 6354 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_server_rcache had some dead (and incorrect) code for cleaningGreg Hudson2009-01-301-13/+5
| | | | | | up the rcache on failure. Fix the cleanup code and make use of it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21842 dc483132-0cff-0310-8789-dd5450dbe970
* Make output parameter value of krb5_rc_resolve_full well-defined onGreg Hudson2009-01-301-8/+13
| | | | | | error return. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21841 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_kdcrep2creds, call the correct free function when cleaning upGreg Hudson2009-01-301-2/+2
| | | | | | the keyblock, and clean up the keyblock if krb5_copy_data fails. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21840 dc483132-0cff-0310-8789-dd5450dbe970
* Changed the name match_config_pattern to krb5_match_config_pattern. Check ↵Zhanna Tsitkov2009-01-302-4/+4
| | | | | | strdup return code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21838 dc483132-0cff-0310-8789-dd5450dbe970
* Introduced match_config_pattern function to find a pattern in the config ↵Zhanna Tsitkov2009-01-292-24/+45
| | | | | | value strings git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21828 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2009-01-291-186/+185
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21826 dc483132-0cff-0310-8789-dd5450dbe970
* clear outbuf[0].data to unconfuse coverityKen Raeburn2009-01-291-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21825 dc483132-0cff-0310-8789-dd5450dbe970
* disable single-DES by defaultTom Yu2009-01-285-13/+62
| | | | | | | | | | Mark all single-DES enctypes as "weak", and create a new libdefaults variable "allow_weak_crypto", which defaults to "false". ticket: 6353 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21823 dc483132-0cff-0310-8789-dd5450dbe970
* Run a single expect statement to read from both client and server, toTom Yu2009-01-281-16/+9
| | | | | | avoid an apparent race condition on Darwin. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21814 dc483132-0cff-0310-8789-dd5450dbe970
* Start to phase out krb5_xfree macro, which just casts its argument toKen Raeburn2009-01-2871-394/+394
| | | | | | | | | | | char* and calls free. Replace most uses, outside of the LDAP KDB plugin, which doesn't build on my test system of the moment because of version dependencies. Add one explicit cast to make the change warning-neutral (under gcc 4.0.1 on Mac OS X 10.5.6). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21812 dc483132-0cff-0310-8789-dd5450dbe970
* "Coding practices" related fixesZhanna Tsitkov2009-01-272-594/+582
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21808 dc483132-0cff-0310-8789-dd5450dbe970
* In asn1_decode_pa_for_user(), ensure that user member is allocatedLuke Howard2009-01-261-0/+1
| | | | | | before assigning a value to it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21805 dc483132-0cff-0310-8789-dd5450dbe970
* gss_header|trailerlen should be unsigned intSam Hartman2009-01-261-9/+9
| | | | | | | | | The krb5_c_crypto_length API returns unsigned int per its design. so, use unsigned int not size_t for its output. ticket: 6351 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21799 dc483132-0cff-0310-8789-dd5450dbe970
* Use 16/32-bit big/little-endian store functions in more placesKen Raeburn2009-01-2620-143/+57
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21796 dc483132-0cff-0310-8789-dd5450dbe970
* Change 16/32/64-bit big-/little-endian/native unaligned load/storeKen Raeburn2009-01-242-3/+3
| | | | | | | | routines to take void pointers, so they can operate on both plain and unsigned char buffers, or other types. Remove some now-unneeded casts. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21793 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the need for the domain_realm mapping table on the client side by ↵Zhanna Tsitkov2009-01-235-2/+155
| | | | | | implementing minimal referral support in the KDC git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21792 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some null checks in cases where pointers can't be nullGreg Hudson2009-01-233-10/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21790 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_pac_get_buffer, check the correct value for null after callingGreg Hudson2009-01-231-1/+1
| | | | | | malloc. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21789 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_pac_parse, change the code around a bit to avoid harmlesslyGreg Hudson2009-01-231-7/+8
| | | | | | copying an uninitialized Buffers field of a PACTYPE structure. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21788 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize ds.magic in k5_md5_hmac_hash, to avoid harmlessly copyingGreg Hudson2009-01-231-0/+1
| | | | | | around its uninitialized value in krb5_hmac. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21787 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_get_init_creds, null out err_reply in a case where we free itGreg Hudson2009-01-231-0/+1
| | | | | | and do not necessarily exit the loop. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21785 dc483132-0cff-0310-8789-dd5450dbe970
* Always initialize the output parameter in krb5_parse_name and friendsGreg Hudson2009-01-231-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21784 dc483132-0cff-0310-8789-dd5450dbe970
* Add some output parameter initializations n order to eliminate someGreg Hudson2009-01-233-2/+9
| | | | | | spurious Coverity defects. (Far from a comprehensive pass.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21782 dc483132-0cff-0310-8789-dd5450dbe970
* Per coding standards, don't declare variables in inner scopes in newGreg Hudson2009-01-232-10/+6
| | | | | | | rcache code except when it really makes sense (option processing for t_replay). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21781 dc483132-0cff-0310-8789-dd5450dbe970
* Include cksumtypes.h from aead.h to get struct krb5_cksumtypes (movedKen Raeburn2009-01-239-23/+33
| | | | | | | | in rev 21753). Protect cksumtypes.h from multiple inclusions. Update dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21780 dc483132-0cff-0310-8789-dd5450dbe970
* fix trailing whitespaceTom Yu2009-01-2214-38/+33
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21779 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceTom Yu2009-01-2243-1762/+1762
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21778 dc483132-0cff-0310-8789-dd5450dbe970
* If USE_VALGRIND, check that source principal is defined before copying.Ken Raeburn2009-01-221-0/+8
| | | | | | Initialize magic number fields of allocated name components. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21775 dc483132-0cff-0310-8789-dd5450dbe970
* If USE_VALGRIND, check readability of byte string before copyingKen Raeburn2009-01-221-0/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21774 dc483132-0cff-0310-8789-dd5450dbe970
* Define valgrind macros as no-ops if not USE_VALGRIND, and use ↵Ken Raeburn2009-01-221-26/+3
| | | | | | unconditionally, per Danilo's suggestion git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21773 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Love: when opening an existing replay cache, check moreGreg Hudson2009-01-211-14/+40
| | | | | | thoroughly to prevent symlink attacks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21770 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Luke: fix error return of krb5_gss_use_kdc_contextGreg Hudson2009-01-211-1/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21768 dc483132-0cff-0310-8789-dd5450dbe970
* When encoding, and compiling with -DUSE_VALGRIND, explicitly get valgrind to ↵Ken Raeburn2009-01-201-0/+61
| | | | | | check the inputs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21766 dc483132-0cff-0310-8789-dd5450dbe970
* delete trailing whitespace, including insanely long 'blank' linesKen Raeburn2009-01-201-64/+62
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21764 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_rd_rep_dce, initialize repl to NULL to avoid using itsGreg Hudson2009-01-201-1/+1
| | | | | | initialized value when we take the first goto to clean_scratch. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21763 dc483132-0cff-0310-8789-dd5450dbe970
* If buffer length is 0, force pointer to NULL, to keep valgrind happier when ↵Ken Raeburn2009-01-171-2/+4
| | | | | | callers don't bother git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21762 dc483132-0cff-0310-8789-dd5450dbe970
* patch from Luke - minor cleanupKen Raeburn2009-01-173-10/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21761 dc483132-0cff-0310-8789-dd5450dbe970
* patch from Luke - fix enctype-nego enctype list setupKen Raeburn2009-01-171-16/+8
| | | | | | ticket: 6336 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21760 dc483132-0cff-0310-8789-dd5450dbe970
* patch from Luke - fix sign problemKen Raeburn2009-01-171-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21759 dc483132-0cff-0310-8789-dd5450dbe970
* Use valgrind in more cases if VALGRIND is setKen Raeburn2009-01-163-10/+53
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21754 dc483132-0cff-0310-8789-dd5450dbe970
* Make enctype and checksumtype name mapping table types private to theKen Raeburn2009-01-156-124/+120
| | | | | | | | crypto library. Add a field for aliases to the record type so that aliases don't have to be implemented by duplicating all the other information. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21753 dc483132-0cff-0310-8789-dd5450dbe970
* Fix an additional multiple-write case noted by John, where sendauthKen Raeburn2009-01-152-22/+51
| | | | | | | | | | | | calls write_message twice in a row. Add new function krb5int_write_messages, calls krb5_net_writev with multiple messages (currently only two at a time). Use it from krb5_write_message and krb5_sendauth. ticket: 6339 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21752 dc483132-0cff-0310-8789-dd5450dbe970
* Rework the replay cache extensions to make the hash extension recordsGreg Hudson2009-01-152-60/+224
| | | | | | | | | | | | stand alone. Otherwise, reordering of records during an expunge could cause the hash to be applied to the wrong record. Also add an "expunge" option to the t_replay program, and clean up some memory-handling inconsistencies. ticket: 1201 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21751 dc483132-0cff-0310-8789-dd5450dbe970
* updateKen Raeburn2009-01-151-0/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21750 dc483132-0cff-0310-8789-dd5450dbe970
* Add new routine krb5int_net_writev using scatter-gather source.Ken Raeburn2009-01-154-24/+49
| | | | | | | | | Use it from krb5_net_write to ensure testing and reduce duplication. Use it from krb5_write_message to avoid Nagle+DelayedAck problem. ticket: 6339 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21749 dc483132-0cff-0310-8789-dd5450dbe970
* Force tickets acquired by the kadm5 client library via passwordRuss Allbery2009-01-141-1/+5
| | | | | | | | | | | | | | | authentication to be non-forwardable and non-proxiable, overridding any [libdefaults] configuration. This may be necessary at sites that set forwardable to true by default in their krb5.conf files but disable forwardable tickets for privileged principals. Since the ticket cache acquired by the kadm5 client library is used only for kadmin operations, where forwardable is not useful or necessary, there is no reason to ever attempt to obtain forwardable or proxiable tickets here. Ticket: 6337 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21744 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-02 13:32:41 +0000