summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* kt_file.c memory leak on error in krb5_kt_resolve / krb5_kt_wresolveJeffrey Altman2007-01-231-0/+2
| | | | | | | | | | The krb5_kt_resolve and krb5_kt_wresolve functions leak the 'data' memory allocation if the lock cannot be initialized. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19104 dc483132-0cff-0310-8789-dd5450dbe970
* Include fake-addrinfo.h before krb5.h to get proper structure declarationsEzra Peisach2007-01-221-3/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19103 dc483132-0cff-0310-8789-dd5450dbe970
* Only declare cc_fcc_entry if USE_KEYRING_CCACHE is not definedEzra Peisach2007-01-211-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19102 dc483132-0cff-0310-8789-dd5450dbe970
* Don't copy headers to .../includeKen Raeburn2007-01-201-8/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19097 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-01-202-11/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19096 dc483132-0cff-0310-8789-dd5450dbe970
* Don't explicitly include error table headers that are also in krb5.hKen Raeburn2007-01-202-5/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19094 dc483132-0cff-0310-8789-dd5450dbe970
* Remove varargs.h paths, always use stdarg.hKen Raeburn2007-01-201-4/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19088 dc483132-0cff-0310-8789-dd5450dbe970
* Don't define KRB5_PRIVATE, since it's not tested any moreKen Raeburn2007-01-201-5/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19083 dc483132-0cff-0310-8789-dd5450dbe970
* Delete t_cccursor on cleanup. Add t_cc and t_cccursor to dependenciesKen Raeburn2007-01-201-1/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19076 dc483132-0cff-0310-8789-dd5450dbe970
* Add t_cccursor to UNIX testsKen Raeburn2007-01-201-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19075 dc483132-0cff-0310-8789-dd5450dbe970
* Added KDC timesyncing support to the CCAPI ccache backend for CCAPI v5 andAlexandra Ellwood2007-01-181-10/+72
| | | | | | | | | later. v5 is the first version of the CCAPI to support the kdc timesyncing API. ticket: 5403 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19071 dc483132-0cff-0310-8789-dd5450dbe970
* In addition to setting the kpasswd port afterJeffrey Altman2007-01-181-1/+3
| | | | | | | | | | searching for kadmind host addresses we must also set the socket type according to the request. ticket: 5393 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19070 dc483132-0cff-0310-8789-dd5450dbe970
* sendto_kdc.c: use of a variable index into a dynamically Jeffrey Altman2007-01-181-2/+2
| | | | | | | | | | | | | | | | allocated array to determine the sizeof() an object makes it unclear what type of object is involved. It also requires a runtime check instead of a compile time replacement. Not to mention that it could lead to the evaluation of an uninitialized variable as was done in this case. Replace sizeof(array index variable) with sizeof(type). memset() the correct data structure. ticket: 5394 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19065 dc483132-0cff-0310-8789-dd5450dbe970
* * t_cccursor.c (do_chk): Reverse sense of test of do_chk_one return valueKen Raeburn2007-01-171-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19064 dc483132-0cff-0310-8789-dd5450dbe970
* This commit adds two new functions, krb5_server_decrypt_ticket_keyblock Jeffrey Altman2007-01-164-0/+107
| | | | | | | | | | | | | | | | | (private) and krb5_server_decrypt_ticket_keytab (public). These functions take a krb5_ticket as input and decrypt it using the provided key data. The public function is useful for higher level application protocols such a TLS-KRB5 and AFS RX-KRB5 which exchange a service but do not use the AP-REQ/AP-REP messages. This commit also adds new functionality to kvno which permits kvno when provided a keytab as input to verify whether or not the keytab contains a key that can successfully decrypt the obtains service ticket. ticket: 5349 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19062 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2006-003: mechglue argument handling too laxTom Yu2007-01-0924-277/+827
| | | | | | | | | | | | | | | Fix mechglue argument checks so that output pointers are always initialized regardless of whether the other arguments fail to validate for some reason. This avoids freeing of uninitialized pointers. Initialize the gss_buffer_descs in ovsec_kadmd.c. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19043 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2006-002: svctcp_destroy() can call uninitialized function pointerTom Yu2007-01-091-0/+5
| | | | | | | | | | | | | | | Explicitly null out xprt->xp_auth when AUTH_GSSAPI is being used, so that svctcp_destroy() will not call through an uninitialized function pointer after code in svc_auth_gssapi.c has destroyed expired state structures. We can't unconditionally null it because the RPCSEC_GSS implementation needs it to retrieve state. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19042 dc483132-0cff-0310-8789-dd5450dbe970
* If gss_krb5int_unseal_token_v3() unwraps a message of length 0 - freeEzra Peisach2006-12-301-0/+4
| | | | | | | | | | | memory and return in message_buffer a NULL pointer for value. This is consistant with gss_release_buffer in the mechglue implementation in which memory is only freed if the buffer length != 0. ticket: 5233 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19022 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak if defective header present in gss_krb5int_unseal_token_v3Ezra Peisach2006-12-301-1/+3
| | | | | | | | | | If after unsealing the message, the TOK_ID is not 05 04, free memory before returning a defective token error. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19021 dc483132-0cff-0310-8789-dd5450dbe970
* * copy_data.c (krb5_copy_data): Use krb5int_copy_data_contentsKen Raeburn2006-12-281-10/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19019 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_memory.c (krb5_mcc_next_cred): Use krb5int_copy_creds_contentsKen Raeburn2006-12-281-45/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19018 dc483132-0cff-0310-8789-dd5450dbe970
* * lib/krb5/krb/copy_creds.c (krb5int_copy_creds_contents): New function, splitKen Raeburn2006-12-281-2/+21
| | | | | | | | out from krb5_copy_creds. (krb5_copy_creds): Call it. * include/k5-int.h (krb5int_copy_creds_contents): Declare. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19017 dc483132-0cff-0310-8789-dd5450dbe970
* comment the various data structuresKen Raeburn2006-12-281-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19016 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): FixTom Yu2006-12-221-3/+4
| | | | | | | | ordering bug in previous patch. ticket: 5123 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19007 dc483132-0cff-0310-8789-dd5450dbe970
* use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC in preauth2.cTom Yu2006-12-191-3/+3
| | | | | | | | | | | | * src/lib/krb5/krb/preauth2.c (krb5_do_preauth_tryagain): Use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18977 dc483132-0cff-0310-8789-dd5450dbe970
* don't pass null pointer to krb5_do_preauth_tryagain()Tom Yu2006-12-191-17/+24
| | | | | | | | | | | | | * src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): If the error isn't PREAUTH_NEEDED and preauth_to_use is null, return the error in err_reply, rather than attempting to pass a null pointer to krb5_do_preauth_tryagain(). ticket: new status: open target_version: 1.6 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18976 dc483132-0cff-0310-8789-dd5450dbe970
* ktfns.c (krb5_kt_get_entry): If the supplied server principal has an emptyKen Raeburn2006-12-191-1/+18
| | | | | | | | | realm name, replace it with the default realm, in a private copy. ticket: 5121 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18975 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_is_referral_realm now takes a pointer to const krb5_data, since it doesn'tKen Raeburn2006-12-191-1/+1
| | | | | | | | | modify it. ticket: 5121 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18974 dc483132-0cff-0310-8789-dd5450dbe970
* Use __extension__ if initializing by field name and using GCC in pre-C99 modeKen Raeburn2006-12-191-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18973 dc483132-0cff-0310-8789-dd5450dbe970
* export krb5_get_init_creds_opt_set_change_password_promptTom Yu2006-12-191-0/+1
| | | | | | ticket: 5090 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18970 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_rc_io_open_internal on error will call close(-1)Ezra Peisach2006-12-181-1/+3
| | | | | | | | | | | If there is an error in opening the replay cache - memory is freed, but close() is invoked with -1 (failure from open()). While technically, close() will return EBADF in such a case, and nothing bad will happen, valgrind picks up on this and provides an error... ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18961 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_init_creds_opt_set_change_password_promptJeffrey Altman2006-12-143-2/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | krb5_get_init_creds_opt_set_change_password_prompt is a new gic option that permits the prompter code to be skipped when the password has expired. This option is meant to be used by credential managers such as NetIDMgr and Kerberos.app that have their own built in password change dialogs. This patch adds the new function, exports it on Windows, and makes use of it within the Krb5 identity provider for NetIDMgr. The patch is written to ensure that no changes to the krb5_get_init_creds_opt structure are required and to ensure that the default behavior, prompting, is maintained. The export lists for UNIX and KFM must still be updated. The function prototype was committed as part of ticket 3642. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18954 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-12-124-52/+56
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18940 dc483132-0cff-0310-8789-dd5450dbe970
* Don't leak padata when looping for krb5_do_preauth_tryagain()Kevin Coffman2006-12-081-4/+4
| | | | | | | | | | | | | | * src/lib/krb5/krb/get_in_tkt.c: krb5_get_init_creds() Free any existing request.padata at the top of the loop calling krb5_do_preauth() and krb5_do_preauth_tryagain(). ticket: new component: krb5-libs Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18935 dc483132-0cff-0310-8789-dd5450dbe970
* build the trunk on Windows (again)Jeffrey Altman2006-12-083-10/+12
| | | | | | | | | | This revision corrects a number of missing or extraneous KRB5_CALLCONV symbols; exposes symbols for _WIN32; and avoids including headers that don't exist ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18932 dc483132-0cff-0310-8789-dd5450dbe970
* Undo revision 18930 which was not supposed to include thisJeffrey Altman2006-12-071-11/+1
| | | | | | | | file. ticket: 3642 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18931 dc483132-0cff-0310-8789-dd5450dbe970
* Modifications to support the generation and embedding Jeffrey Altman2006-12-072-1/+17
| | | | | | | | | | | | of library manifests into generated EXEs and DLLs. Manifests are required for Windows XP and above when applications are built with Microsoft Visual Studio 2005 (aka VS8) or above. ticket: 3642 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18930 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_cc_remove should work for the CCAPIAlexandra Ellwood2006-12-055-111/+195
| | | | | | | | | | | | | | Implemented a working krb5_cc_remove for the CCAPI cache type. Added a private support function krb5_creds_compare() which checks if two krb5_creds are identical. This function should be needed by implementations of krb5_cc_remove for other ccache types. ticket: new owner: tlyu target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18923 dc483132-0cff-0310-8789-dd5450dbe970
* Make clean in lib/krb5/os does not clean test objsEzra Peisach2006-12-031-1/+1
| | | | | | | | | make clean failed to remove t_locate_kdc.o ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18915 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/ccache/cc_file.c: Adapted patch from RolandTom Yu2006-12-011-8/+24
| | | | | | | | | | | | Dowdeswell to avoid possible double-free conditions on certain errors. ticket: 4788 tags: pullup target_version: 1.6 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18897 dc483132-0cff-0310-8789-dd5450dbe970
* send a new request with the new padata returned by krb5_do_preauth_tryagain()Kevin Coffman2006-12-012-5/+4
| | | | | | | | | | | | | | | | | | | | | | Send another request containing the padata obtained from tryagain. * src/include/k5-int.h Update prototype * src/lib/krb5/krb/get_in_tkt.c Send pointer to the request.padata so krb5_do_preauth_tryagain() can update the request to be sent. * src/lib/krb5/krb/preauth2.c If a module returns modified padata, add it to the return_padata and return. ticket: new Component: krb5-libs Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18896 dc483132-0cff-0310-8789-dd5450dbe970
* bump minor versions due to API additionsTom Yu2006-12-012-2/+2
| | | | | | | ticket: 4689 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18894 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/vfy_increds.c (krb5_verify_init_creds): UseTom Yu2006-11-302-23/+5
| | | | | | | | | | | | | krb5_cc_new_unique(). * src/lib/gssapi/krb5/accept_sec_context.c: (rd_and_store_for_creds): Use krb5_cc_new_unique(). ticket: 4805 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18887 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/gc_via_tkt.c (check_reply_server): New functionTom Yu2006-11-301-20/+62
| | | | | | | | | | | | | | | to check server principal in reply. Ensures that the reply is self-consistent, allows rewrites if canonicalization is requested, and allows limited rewrites of TGS principals if canonicalization is not requested. (krb5_get_cred_via_tkt): Move server principal checks into check_reply_server(). ticket: 3322 target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18879 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/gc_frm_kdc.c: Also do style cleanup.Tom Yu2006-11-301-81/+124
| | | | | | | | | | | | | | | | | (krb5_get_cred_from_kdc_opt): If server principal was rewritten, fall back unless it was rewritten to a TGS principal. This fixes a bug when a MS AD rewrites the service principal into a single-component NETBIOS-style name. If we get a referral back to the immediately preceding realm, fall back to non-referral handling. This fixes the changepw failure. To prevent memory leaks, when falling back to non-referral handling, free any tgts previously obtained by the initial non-referral do_traversal() call. ticket: 4955 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18878 dc483132-0cff-0310-8789-dd5450dbe970
* Implemented CCAPI v3 specific ccache collection cursorJustin Anderson2006-11-293-3/+152
| | | | | | | | | | | | * src/lib/krb5/ccache/ccbase.c: Added CCAPI v3 entry to list of type cursors * src/lib/krb5/ccache/ccapi/stdcc.h: * src/lib/krb5/ccache/ccapi/stdcc.c: Implemented CCAPI v3 cursor functionality. ticket: 4739 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18877 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_copy_data_contents shouldn't free memory it didn't allocateTom Yu2006-11-281-2/+0
| | | | | | | | | | | | * src/lib/krb5/krb/copy_data.c (krb5int_copy_data_contents): Don't free outdata on malloc failure; we didn't allocate outdata. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18865 dc483132-0cff-0310-8789-dd5450dbe970
* fix debug messagesKevin Coffman2006-11-221-7/+7
| | | | | | | | | | | Change debugging messages so they print salt value correctly and clean up warnings when compiling with DEBUG. ticket: new Tags: pullup Target_Version: 1.6 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18859 dc483132-0cff-0310-8789-dd5450dbe970
* free error message when freeing contextKevin Coffman2006-11-211-0/+2
| | | | | | | | | | | | | | | Call krb5_clear_error_message() to free any allocated error message before freeing the context. The condition that triggered this was a plugin library which fails to load because of unresolved references. It appears dlopen() on Linux leaks four bytes for each failing library in this situation. ticket: new Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18858 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/ccache/ccbase.c (krb5int_cc_getops): InternalTom Yu2006-11-183-11/+63
| | | | | | | | | | | | | | | | function to fetch ops vector given ccache prefix string. (krb5_cc_new_unique): New function to generate a new unique ccache of a given type. * src/include/krb5/krb5.hin: Prototype for krb5_cc_new_unique(). * src/lib/krb5/libkrb5.exports: * src/lib/krb5_32.def: Add krb5_cc_new_unique(). ticket: 3091 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18857 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-22 19:35:18 +0000