summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Add enhanced error messages to new error return cases, explaining theKen Raeburn2007-10-101-0/+6
| | | | | | | | (fairly generic) errors codes. ticket: 5777 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20111 dc483132-0cff-0310-8789-dd5450dbe970
* kt_file.c: Support multiple iterators active simultaneously, using aKen Raeburn2007-10-092-18/+113
| | | | | | | | | | | | counter. In get_entry, if the file was already open, rewind it to just after the version number, and don't close it when done. Don't allow add or remove calls if any iterator is active. t_keytab.c: Test mixing two iterators with get_entry calls. ticket: 5777 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20109 dc483132-0cff-0310-8789-dd5450dbe970
* Removed NOP line of code from krb5_fcc_next_cred()Alexandra Ellwood2007-10-031-1/+0
| | | | | | | | | | | | | | | | | | | | | | cursor = (krb5_cc_cursor *) fcursor; does nothing for a function with a prototype krb5_fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) The correct line of code would be: *cursor = (krb5_cc_cursor) fcursor; Except it isn't necessary because fcursor isn't modified by krb5_fcc_next_cred(). Looks like code was copied from krb5_fcc_start_seq_get() and since the line was a NOP no one noticed it. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20085 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Nalin Dahyabhai to correctly handle delegatedTom Yu2007-10-031-2/+5
| | | | | | | | | | credentials if ret_flags is null. ticket: 5802 target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20082 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize options for _alloc interface to same defaults as for _initKen Raeburn2007-10-011-1/+9
| | | | | | | ticket: 5800 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20064 dc483132-0cff-0310-8789-dd5450dbe970
* Add static ordinals to DLL exportsJeffrey Altman2007-09-303-354/+356
| | | | | | | | | | | | | | | Add static ordinals to DLL exports in krb5_32.def, xpprof32.def gssapi32.def, and krb524.def. Not added to k5sprt32.def as all of the functions are private. Not added to krb4_32.def as the library is not supported as part of KFW. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20024 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the broken optimization from UnicodeToANSI() that attemptedJeffrey Altman2007-09-241-5/+3
| | | | | | | | | | | | | | | | | | | | | in a stupid way to avoid to WideCharToMultiByte() call by testing to see if the second byte (not wchar) was NUL. This test works for Latin1 but not for anything more interesting. Always call WideCharToMultiByte(). I commented out the use of WC_NO_BEST_FIT_CHARS in order to provide compatibility with Windows. Windows converts the user name without that option. With the current code a principal name consisting of a single component equivalent to the Greek character Sigma and a realm name will be converted to S@REALM exactly as the "WhoAmI" command does. If WC_NO_BEST_FIT_CHARS was specified, this string would be converted to "?@REALM". ticket: 5766 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19970 dc483132-0cff-0310-8789-dd5450dbe970
* MSLSA krb5_cc module fails to check success of UNICODE string conversionsJeffrey Altman2007-09-241-13/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The MSLSA krb5_cc module was written with an assumption that probably does not hold true anymore. It assumed that all Kerberos strings although stored in wide character data structures could in fact be represented in the application's ANSI code page and that such conversions would not fail. The UnicodeToANSI() function did not check the result of WideCharToMultiByte() for success. If the conversion failed, this could result in the caller believing the contents of the output string buffer were a valid string when instead they were simply stack garbage. The UnicodeStringToMITPrinc() and KerbExternalNameToMITPrinc() functions did not check the return value of krb5_parse_name() for success. If krb5_parse_name() was passed a pointer to garbage on the stack instead of an actual principal name, this could result in the caller believing the output krb5_principal * was valid when instead it was NULL. The function CacheInfoEx2ToMITCred() is dependent on the success or failure of UnicodeStringToMITPrinc() assumed it could not fail and did not return a success or failure indication to its caller. If Microsoft a formatted ticket contains a Unicode string that can not be represented in the application's ANSI code page, this could result in a NULL pointer dereference during a call to krb5_cc_resolve("MSLSA:") or krb5_cc_retrieve(), or krb5_cc_get_principal(). With the changes in this commit, tickets containing principal names that cannot be represented in the application's ANSI code page will be hidden from the application. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19969 dc483132-0cff-0310-8789-dd5450dbe970
* In the pkinit decoders, set up things properly so that asn1buf_sync()Tom Yu2007-09-131-3/+22
| | | | | | | | | behaves correctly and isn't acting on uninitialized variables. ticket: 5704 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19935 dc483132-0cff-0310-8789-dd5450dbe970
* 64-bit Windows krb5int_cc_default calls to LeashJeffrey Altman2007-09-051-1/+6
| | | | | | | | AMD64 builds must load leashw64.dll not leashw32.dll ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19929 dc483132-0cff-0310-8789-dd5450dbe970
* Revise patch to avoid 32-byte overflow which remained after theTom Yu2007-09-051-2/+10
| | | | | | | | | | | initial patch. Memory written to by the IXDR macro calls had not been accounted for. Thanks to Kevin Coffman, Will Fiveash, and Nico Williams for discovering this bug and assisting with patch development. ticket: 5706 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19923 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_fcc_generate_new is non-functionalEzra Peisach2007-09-052-49/+104
| | | | | | | | | | | | | File locking was non-existant in this code and fccs chained list was not used at all. This resulted in an assertion failure when closing the cache. Code has been reorganized to parallel the code in krb5_fcc_resolve for easier maintenence. Commented out test in t_cc.c has been updated to actually test this code. ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19920 dc483132-0cff-0310-8789-dd5450dbe970
* Rework error-mapping code to preserve status code values when returnedKen Raeburn2007-09-055-84/+179
| | | | | | | | | | | | | | | by only one mechanism. Revert RPC code to relying on this. Build error-mapping code on a bidirectional map instead of a simple array. When a status code is returned but has been seen returned from a different mechanism already, generate a new number, starting at 100,000. Use gssrpcint_printf for some more debugging code. ticket: 5654 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19919 dc483132-0cff-0310-8789-dd5450dbe970
* Support using valgrind on test programsKen Raeburn2007-09-042-1/+44
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19916 dc483132-0cff-0310-8789-dd5450dbe970
* revert accidental commit of gc_frm_kdc.cTom Yu2007-09-041-181/+20
| | | | | | ticket: 5707 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19915 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-4000 modify_policy vulnerabilityTom Yu2007-09-042-22/+184
| | | | | | | | | | | In kadm5_modify_policy_internal, check for nonexistence of policy before doing anything with it, to avoid memory corruption. ticket: new target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19914 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-3999 svc_auth_gss.c buffer overflowTom Yu2007-09-041-1/+1
| | | | | | | | | | | | Make sure svcauth_gss_validate adequately checks oa->oa_length prior to copying into rpcbuf. ticket: new target_version: 1.6.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19913 dc483132-0cff-0310-8789-dd5450dbe970
* Bail out if encoded "ticket" doesn't decode correctly. This allowsTom Yu2007-09-041-1/+2
| | | | | | | | t_cc test case to pass and allows non-tickets to be stored (for now). ticket: 5697 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19910 dc483132-0cff-0310-8789-dd5450dbe970
* GSS-API Win64 support Jeffrey Altman2007-09-021-1/+6
| | | | | | | | The name of the Leash API DLL on Win64 is "leashw64.dll". ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19909 dc483132-0cff-0310-8789-dd5450dbe970
* Make internal functions staticKen Raeburn2007-08-311-38/+38
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19900 dc483132-0cff-0310-8789-dd5450dbe970
* Don't export file keytab implementation functionsKen Raeburn2007-08-311-20/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19899 dc483132-0cff-0310-8789-dd5450dbe970
* Make ccache handle referrals better by storing both server principalTom Yu2007-08-291-3/+40
| | | | | | | | | | | | names if they differ between the creds structure and the encoded ticket and by looking up the server principal using the client's realm if not found and server's realm was initially the referral (empty) realm. ticket: 5697 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19898 dc483132-0cff-0310-8789-dd5450dbe970
* Windows 64-bit CCAPI DLL nameJeffrey Altman2007-08-291-0/+4
| | | | | | | | | The 64-bit CCAPI DLL name is krbcc64.dll not krbcc32.dll. Conditionalize it on _WIN64. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19892 dc483132-0cff-0310-8789-dd5450dbe970
* Change use of choice_pa_pk_as_rep_UNKNOWN toEzra Peisach2007-08-261-1/+1
| | | | | | | | | choice_pa_pk_as_rep_draft9_UNKNOWN to cleanup warning... Value of enum same in both cases... ticket: 5617 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19880 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_free_addrlist needed tooKen Raeburn2007-08-251-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19877 dc483132-0cff-0310-8789-dd5450dbe970
* Oops, _krb5_conf_boolean is needed by a test programKen Raeburn2007-08-251-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19876 dc483132-0cff-0310-8789-dd5450dbe970
* Remove from export list several encode_* and decode_* symbols that areKen Raeburn2007-08-241-13/+0
| | | | | | | | | not used outside the krb5 library. (In some cases, the only use is in our own test programs, which means two things: The test programs should probably be changed to use the accessor interface, and some of the newer encoder/decoder functions aren't being unit-tested.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19875 dc483132-0cff-0310-8789-dd5450dbe970
* Stop exporting _krb5_* (note leading underscore) and asn1* symbolsKen Raeburn2007-08-241-158/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19874 dc483132-0cff-0310-8789-dd5450dbe970
* Missed oneKen Raeburn2007-08-241-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19873 dc483132-0cff-0310-8789-dd5450dbe970
* Remove os_get_default_config_files, and the krb5int_* functions notKen Raeburn2007-08-241-24/+0
| | | | | | | actually called directly from outside the library, from the export list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19872 dc483132-0cff-0310-8789-dd5450dbe970
* pullup to trunkAlexandra Ellwood2007-08-241-2/+2
| | | | | | | ticket: 5643 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19871 dc483132-0cff-0310-8789-dd5450dbe970
* In clean-windows, replace spaces with tabEzra Peisach2007-08-241-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19870 dc483132-0cff-0310-8789-dd5450dbe970
* no unistd.h on WindowsJeffrey Altman2007-08-241-0/+2
| | | | | | | | do not include unistd.h on Windows because it doesn't exist ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19851 dc483132-0cff-0310-8789-dd5450dbe970
* cleanup src/lib/gssapi/krb5/error_map.h on WindowsJeffrey Altman2007-08-241-0/+2
| | | | | | | | during 'clean' delete the generated file error_map.h ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19850 dc483132-0cff-0310-8789-dd5450dbe970
* Added errmap.h to the generate-files-mac targetAlexandra Ellwood2007-08-201-1/+1
| | | | | | ticket: 5654 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19846 dc483132-0cff-0310-8789-dd5450dbe970
* read_entropy_from_device on partial read will not fill bufferEzra Peisach2007-08-201-4/+6
| | | | | | | | | | | | | | | read_entropy_from_device() will loop in read until the desired number of bytes are read from the device (/dev/random, /dev/urandom). I have observed that for /dev/random, if there is not enough bits available for reading - it will return a partial read. The code would loop in this case, but never advance the location to place the new bytes - hence the start of the buffer would be filled again - leaving the tail end as stack garbage. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19845 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-08-1633-1449/+1580
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970
* remap mechanism-specific status codes in mechglue/spnegoKen Raeburn2007-08-1637-95/+596
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch creates a mapping in the mechglue/spnego code to modify mechanism status codes when passing them back to the application, so that mechglue's display_status dispatcher can determine the correct mechanism to dispatch to. This is part of the "get enhanced error messages from gssapi applications" project; ticket 5590 has updates to the Kerberos 5 mechanism to extract enhanced error messages (when there are any) from the Kerberos library. util/gen.pl, util/t_*.pm: New code generation script and templates. lib/gssapi/generic: Add a new, global mapping that enumerates the {mechOID,status} pairs as they're seen, allowing a magic mechOID value to indicate com_err error codes from mechglue and spnego, and reserving status code 0 for unknown errors. Preload the Kerberos "wrong principal" error code once for each mechanism OID used for Kerberos, so the entries get fixed positions (1-3) in the table. lib/gssapi/gss_libinit.c: Call the initializer and destructor functions. lib/gssapi/mechglue, lib/gssapi/spnego: Enter all mechanism-generated or locally-generated status codes into the mapping table, and return the table index to the application. Do the reverse in display_status, to get the messages from the mechanism.. lib/rpc: Define new function gssrpcint_printf to use for debugging instead of printf, to redirect output away from dejagnu; add a couple more debugging calls. Check for minor status codes 1-3 now instead of KRB5KRB_AP_WRONG_PRINC. tests/dejagnu/krb-standalone/gssftp.exp: Test getting more detailed error messages back, by having the ftp client attempt to authenticate to a non-existent service, and examining the error message for the service principal name. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19831 dc483132-0cff-0310-8789-dd5450dbe970
* (krb5_gss_internal_release_oid): Always clear *minor_statusKen Raeburn2007-08-161-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19830 dc483132-0cff-0310-8789-dd5450dbe970
* Change prototype for g_token_size to match function declaration laterEzra Peisach2007-08-161-1/+1
| | | | | | | | | | in file. (OM_Uint32 changed to unsigned int). On a 64 bit architecture, they are different. ticket: 5581 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19828 dc483132-0cff-0310-8789-dd5450dbe970
* compilation failure with IRIX native compilerEzra Peisach2007-08-161-1/+1
| | | | | | | | | gss_release_buffer takes OM_uint32* as an argument, not OM_uint32. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19827 dc483132-0cff-0310-8789-dd5450dbe970
* sprintf conversion to snprintf in r19703 introduced some signed/unsignedEzra Peisach2007-08-152-4/+4
| | | | | | warnings. Cleanup. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19823 dc483132-0cff-0310-8789-dd5450dbe970
* t_ser should no longer use kdb librariesEzra Peisach2007-08-142-4/+2
| | | | | | | | | | Remove the call to krb5_db_fini() - as rest of the db code was pulled during DAL integration. This removes dependency on db libraries - alter Makefile.in. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19822 dc483132-0cff-0310-8789-dd5450dbe970
* Free memory leak in do_test() from asprintf integrationEzra Peisach2007-08-141-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19821 dc483132-0cff-0310-8789-dd5450dbe970
* remove inadvertent commit of symbols temporarily exported in Jeffrey Altman2007-08-141-9/+0
| | | | | | | | a sandbox to permit building of pkinit code on Windows. ticket: 5645 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19819 dc483132-0cff-0310-8789-dd5450dbe970
* export krb5_get_profileJeffrey Altman2007-08-111-2/+10
| | | | | | | | | | Export krb5_get_profile. Remove comment saying it should be added and just do it. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19818 dc483132-0cff-0310-8789-dd5450dbe970
* Release mechtok_out in spnego_gss_init_sec_context.Tom Yu2007-08-071-0/+1
| | | | | | | | | | | Reported by Markus Moeller. ticket: 5629 version_reported: 1.6.1 target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19757 dc483132-0cff-0310-8789-dd5450dbe970
* missing commaJeffrey Altman2007-08-061-2/+3
| | | | | | | | | | The pkinit additions in revision 18973 left out a comma after the last function in the list. This caused builds that did not define DESIGNATED_INITIALIZERS to break. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19755 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_fcc_generate_new() doesn't work with mkstemp()Tom Yu2007-08-041-46/+44
| | | | | | | | | | | | | | If mkstemp() is available, the new ccache file gets created but the subsequent open(O_CREAT|O_EXCL) call fails because the file was already created by mkstemp(). Apply patch from Apple to keep the file descriptor open. ticket: new tags: pullup target_version: 1.6.3 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19749 dc483132-0cff-0310-8789-dd5450dbe970
* Based on Apple's patch, during the referrals loop, check to see if theTom Yu2007-08-031-65/+95
| | | | | | | | | | | session key enctype of a returned credential for the final service is among the enctypes explicitly selected by the application, and retry with old_use_conf_ktypes if it is not. ticket: 4950 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19748 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-17 16:20:22 +0000