summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix a memory management bugKen Raeburn2008-11-171-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21133 dc483132-0cff-0310-8789-dd5450dbe970
* Lite Client - the following calls are server-side functions:Zhanna Tsitkov2008-11-176-4/+18
| | | | | | | | | | decode_krb5_authenticator, krb5_auth_con_getauthenticator, krb5_copy_authenticator, krb5_ser_authenticator_init Take them out for the Lite CLient. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21129 dc483132-0cff-0310-8789-dd5450dbe970
* PERF: Introduced a new function krb5_is_permitted_enctype_ext to replace ↵Zhanna Tsitkov2008-11-172-4/+75
| | | | | | multiple calls to krb5_is_permitted_enctype git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21128 dc483132-0cff-0310-8789-dd5450dbe970
* In pa_sam(), free the outer krb5_data structure returned byGreg Hudson2008-11-101-0/+2
| | | | | | | | encode_krb5_sam_response. ticket: 6211 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21063 dc483132-0cff-0310-8789-dd5450dbe970
* Properly free sam_challenge in pa_sam()Greg Hudson2008-11-101-8/+8
| | | | | | ticket: 6210 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21062 dc483132-0cff-0310-8789-dd5450dbe970
* Only look for IPv4 addresses for the kpasswd server. This is just aKen Raeburn2008-11-051-2/+3
| | | | | | | | | | workaround for other parts of the code failing to cope with IPv6 addresses, and won't work in an IPv6-only environment; the problem should still be fixed for real. ticket: 5595 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21004 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5int_buf_cstr to krb5int_buf_data, since k5bufs can be usedGreg Hudson2008-11-059-10/+10
| | | | | | | | | | | for binary data as well as C string data. The buffer will always have a null byte at krb5int_buf_len bytes regardless of whether it contains C string data. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21003 dc483132-0cff-0310-8789-dd5450dbe970
* Convert many uses of strcpy/strcat (and sometimes sprintf) to acceptedGreg Hudson2008-11-053-27/+24
| | | | | | | | | string-handling functions. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21001 dc483132-0cff-0310-8789-dd5450dbe970
* Check in Nalin's patch, and a test case for changing passwords via kinitKen Raeburn2008-11-042-1/+10
| | | | | | | | when +needchange is set. Update dependencies. ticket: 5867 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20966 dc483132-0cff-0310-8789-dd5450dbe970
* Don't build dependencies for v4rcp.c.Ken Raeburn2008-11-0435-2361/+2508
| | | | | | Rebuild dependencies for k5-buf.h, and without krb4 support. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20964 dc483132-0cff-0310-8789-dd5450dbe970
* Apply Apple patch to null out key->contents after freeing on failure,Greg Hudson2008-11-031-0/+2
| | | | | | | | eliminating the possibility that the pointer will be used after free. ticket: 6247 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20961 dc483132-0cff-0310-8789-dd5450dbe970
* Fix conditionals from last changeKen Raeburn2008-11-032-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20960 dc483132-0cff-0310-8789-dd5450dbe970
* Apply a patch from Apple to correct a few memory leaksGreg Hudson2008-11-031-2/+9
| | | | | | ticket: 6201 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20958 dc483132-0cff-0310-8789-dd5450dbe970
* If we're not making asn1buf_insert_octet an inline function, then makeKen Raeburn2008-11-034-29/+20
| | | | | | | | | | | | asn1buf_size, asn1buf_ensure_space, and asn1buf_expand static in asn1buf.c, for better optimization. Recode asn1buf_ensure_space to directly return the result of asn1buf_expand. Don't check for NULL before malloc/realloc in asn1buf_expand. Fix a couple minor signedness warnings. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20957 dc483132-0cff-0310-8789-dd5450dbe970
* Use the k5buf module instead of strcpy/strcat in several placesGreg Hudson2008-10-308-181/+82
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20941 dc483132-0cff-0310-8789-dd5450dbe970
* Only prompt automatically from GUI appsAlexandra Ellwood2008-10-292-6/+27
| | | | | | | | | | Direct callers such as kinit need command line prompts. Do not automatically prompt (via krb5 or gssapi calls) unless the caller has loaded GUI libraries. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20937 dc483132-0cff-0310-8789-dd5450dbe970
* partial rewrite of the ASN.1 encodersKen Raeburn2008-10-2514-2195/+2327
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of a pile of macros generating code, that have to be threaded together in just the right way to get a valid ASN.1 encoding, we now have a pile of macros for defining data structures describing the objects and the ASN.1 types they should be encoded as, which structures are interpreted by recursive invocations of an encoder engine; there should be somewhat less rope for accidentally creating invalid encodings. The new macros are commented in asn1_k_encode.c. Putting most of the work into the encoder engine also reduces the code size (in one configuration, including LDAP-KDB and PKINIT encoders, code size went from 37K to <16K, though 10K of tables were added, and the PKINIT encoders are still open-coded). Some encoder interfaces have been revised to be more regular -- all now take one pointer to const argument (no two-input encoders, no pointer-to-non-const-pointer-to-const). A few encoders were eliminated or disabled because they were neither used nor exported from the library. The LDAP-KDB encoder has been converted, but the PKINIT encoders have not as there are no regression tests for them currently. There is still plenty of room for improvement; some notes on specific ideas have been added. String encoding primitives have been combined to reduce code size. A primitive for encoding bit strings has been added. Some miscellaneous warnings in the decoders have been cleaned up. A new dejagnu test case is added that ensures that KRB-SAFE messages get exercised. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20923 dc483132-0cff-0310-8789-dd5450dbe970
* More regression tests for ASN.1 encodersKen Raeburn2008-10-251-0/+3
| | | | | | | | | Export encode_krb5_sam_response_2 and encode_krb5_enc_sam_response_enc_2 via accessor. Add encode tests for encode_krb5_sam_key, _enc_sam_response_enc, _predicted_sam_response, _sam_response_2, _enc_sam_response_enc_2. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20922 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_build_principal_ext walks off beginning of arrayAlexandra Ellwood2008-10-241-1/+1
| | | | | | | | | | | On error, krb5_build_principal_ext walks off the beginning of the array by using i-- in a conditional when it should be using --i (so that it actually compares the value of i that will be used below). ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20920 dc483132-0cff-0310-8789-dd5450dbe970
* Use strlcpy instead of strcpy in many placesGreg Hudson2008-10-2414-46/+33
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20919 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_build_principal_va does not allocate krb5_principalAlexandra Ellwood2008-10-242-64/+140
| | | | | | | | | | | | | | | | | krb5_build_principal_va does not allocate the outer krb5_principal, making it useless for generating krb5_principals which can be freed with krb5_free_principal. Added krb5_build_principal_alloc_va which allocates the krb5_principal. Added krb5int_build_principal_alloc_va which is used by KIM to avoid code duplication. KIM's kim_identity_create_from_components takes the first component as an argument because principals with no components cannot be represented with the KIM UI. Modified KIM to use this new API. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20918 dc483132-0cff-0310-8789-dd5450dbe970
* Use snprintf instead of strcpy/strcat in many placesGreg Hudson2008-10-237-57/+20
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20912 dc483132-0cff-0310-8789-dd5450dbe970
* Fix previous commit by adding "extern" to header declarations forTom Yu2008-10-221-2/+2
| | | | | | | | | | SPNEGO mechanism OID stuff. It was causing tentative definition issues on the Mac. (where there are constraints about common-block symbols) ticket: 6015 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20910 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_change_set_password should free chpw_rep contentsAlexandra Ellwood2008-10-211-0/+2
| | | | | | ticket: 6214 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20902 dc483132-0cff-0310-8789-dd5450dbe970
* Use asprintf instead of malloc/strcpy/strcat in many placesGreg Hudson2008-10-202-18/+3
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20901 dc483132-0cff-0310-8789-dd5450dbe970
* Apply adapted patch from http://bugs.debian.org/480434 to recurse intoTom Yu2008-10-201-0/+13
| | | | | | | | SPNEGO creds when attempting to retrieve a mechanism cred. ticket: 5807 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20900 dc483132-0cff-0310-8789-dd5450dbe970
* Apply (adapted) patch from Apple to check for SPNEGO mechanism inTom Yu2008-10-203-19/+48
| | | | | | | | export_lucid_sec_ctx. ticket: 6015 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20899 dc483132-0cff-0310-8789-dd5450dbe970
* Use strdup in place of malloc/strcpy in many placesGreg Hudson2008-10-2025-91/+35
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20898 dc483132-0cff-0310-8789-dd5450dbe970
* Include k5-platform.h for SIZE_MAXEzra Peisach2008-10-191-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20897 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_def_store_mkey(), mktemp was being invoked with a string WRFILE:....Ezra Peisach2008-10-191-9/+8
| | | | | | | | | | | | | | This returns an error - as it actually tries to open the file. Move some of the logic that points to the actual filename earlier - so mktemp works on the .... portion. Note that the netbsd linker gives a warning on using mktemp as it may be insecure - but there is no obvious way to avoid it. ticket: new subhect: netbsd mktemp actually tries to open file git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20896 dc483132-0cff-0310-8789-dd5450dbe970
* Adapted patch from Apple to work around SAMBA mech OID quirks and toTom Yu2008-10-171-39/+37
| | | | | | | | disable sending request flags. ticket: 6016 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20893 dc483132-0cff-0310-8789-dd5450dbe970
* Untabify. Normalize whitespace. Reindent. Fix some of the mostTom Yu2008-10-1566-8076/+8163
| | | | | | | egregious formatting quirks. Add emacs mode settings to flag untabified source files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20876 dc483132-0cff-0310-8789-dd5450dbe970
* handle stash file names with missing keytab type spec and colon in pathKen Raeburn2008-10-151-0/+5
| | | | | | | | | | | | | | | | | | | | Currently the keytab name resolution code will pass off any name with no colon to the default keytab type handler, which is the FILE handler. It will also check for Windows file names consisting of one letter followed by a colon, and treat them as FILE specs also. If a UNIX pathname contains a colon, however, and no type was explicitly specified, the leading part of the pathname gets treated as a type name and fails to match anything. It should instead treat type-less names starting with "/" as FILE specs also. Tweak the test suite to use such a name. Report and patch from Apple. rdar://problem/6179239 ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20872 dc483132-0cff-0310-8789-dd5450dbe970
* Change LDAP key-sequence encoder to use a single data structureKen Raeburn2008-10-061-7/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20829 dc483132-0cff-0310-8789-dd5450dbe970
* Increase the default RPC timeout for kadmin from 25 seconds to 120Greg Hudson2008-10-022-3/+3
| | | | | | | | seconds. Code changes from a patch submitted by umich. ticket: 6120 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20810 dc483132-0cff-0310-8789-dd5450dbe970
* In clntudp_call, fix a bug in the handling of an error case (it failedGreg Hudson2008-10-021-1/+0
| | | | | | | | to set the error status field and generated a dead code warning). ticket: 6121 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20809 dc483132-0cff-0310-8789-dd5450dbe970
* Make unset strings in kim_options and kim_selection_hintsAlexandra Ellwood2008-10-011-1/+1
| | | | | | | | | | | | be empty strings rather than NULL. This simplifies the stream code (and makes it easier to read and debug). In order to prevent copying tons of NUL bytes around, special case kim_string functions to use a special constant kim_empty_string. ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20804 dc483132-0cff-0310-8789-dd5450dbe970
* Finished KLL to KIM shim.Alexandra Ellwood2008-10-014-41/+62
| | | | | | | | Switched krb5 code to using it. ticket: 6134 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20796 dc483132-0cff-0310-8789-dd5450dbe970
* krb5 library-side changes for com_err based error stringsAlexandra Ellwood2008-09-302-8/+3
| | | | | | ticket: 6138 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20786 dc483132-0cff-0310-8789-dd5450dbe970
* Merge 1.7 work on auxiliary ccache functions necessary for KIM. Adds ↵Justin Anderson2008-09-229-181/+966
| | | | | | | | | | | krb5_cc_lock/unlock, krb5_cccol_lock/unlock, krb5_cc_last_change_time, krb5_cccol_last_change_time, krb5_cc_move, and adds pertype cursor support to some cache types Locking functions work the same as the CCAPI cc_ccache_lock / cc_context_lock functions, though not as read/write locks. ticket: 6124 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20743 dc483132-0cff-0310-8789-dd5450dbe970
* makedependKen Raeburn2008-09-1834-2050/+2250
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
* Untabify; trim trailing whitespace; add emacs local variables to avoid tabsKen Raeburn2008-09-0921-2285/+2306
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20711 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2008-09-081-176/+169
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20710 dc483132-0cff-0310-8789-dd5450dbe970
* Use braces to repair broken emacs indentation, caused by omission of aKen Raeburn2008-09-051-4/+6
| | | | | | semicolon, caused by use of macros that expand to compound statements. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20708 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace changes, mostly horizontal, for consistency with currentKen Raeburn2008-09-0512-3223/+3224
| | | | | | | | | style: indentation levels, spacing around if/else/for/while and braces. Still plenty of inconsistency with current coding standards, especially for when line breaks are to be used. Didn't touch multi-line macro definitions, or .h function declarations. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20707 dc483132-0cff-0310-8789-dd5450dbe970
* Use GSS_S_BAD_STATUS for unknown status codesKen Raeburn2008-09-031-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20704 dc483132-0cff-0310-8789-dd5450dbe970
* fix resource leak in USE_PASSWORD_SERVER codeKen Raeburn2008-08-281-34/+27
| | | | | | | | | Don't leak file descriptors in error cases. Remove limit from length of passwords. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20702 dc483132-0cff-0310-8789-dd5450dbe970
* Based on patch from lxs, with some changes:Ken Raeburn2008-08-2762-195/+189
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add several new gcc warning flags, used in the KfM build process. Put declarations before code. Fix a bunch of signed/unsigned type mixes, mostly by changing variable types to unsigned int. Fix constness in handling name of default ccache name. Make sure functions get declared with prototypes: krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get. Don't shadow global names: stat accept index open encrypt. Fix variable shadowing in LDAP ASN.1 support. Don't define unused krb5int_local_addresses. Don't export internal krb5_change_set_password. Fix error return indications from gssint_oid_to_mech. Create and use k5-gmt_mktime.h to provide one global declaration of krb5int_gmt_mktime, needed before we've generated krb5.h on some platforms. Not incorporated from initial patch: const changes in function signatures. ticket: 6096 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceTom Yu2008-08-261-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20694 dc483132-0cff-0310-8789-dd5450dbe970
* Incorporate Apple's patchKen Raeburn2008-08-251-1/+28
| | | | | | | | | | | | | | | | | | | | | | Add a test authorization data scheme, in both built-in and plugin forms; built-in version is #ifdef'ed out. Update configury to create the build directory for the plugin, but don't build or install it by default. Create the new (and normally empty) authorization data plugin directory at install time. Add some (normally disabled) code to log authz data from rd_req. Fix up some comments that still refer to preauth plugins. Add some details in comments on the API, and why it's private for now. Make the plugin init context support work, by not passing null pointers. ticket: 5565 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20691 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-22 13:10:32 +0000