summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Factor out a common socket creation sequence in net-server.c, whichGreg Hudson2010-06-301-116/+67
| | | | | | happens to coincide with what setup_a_rpc_listener does. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24153 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate warnings in net-server.cGreg Hudson2010-06-301-8/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24152 dc483132-0cff-0310-8789-dd5450dbe970
* Improve coding style conformance in net-server.cGreg Hudson2010-06-301-131/+155
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24151 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a bug in r24147 where svctcp_create() was passing the wrong lengthGreg Hudson2010-06-261-1/+1
| | | | | | | | argument to bind(), causing it to fail on Solaris. ticket: 6746 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24148 dc483132-0cff-0310-8789-dd5450dbe970
* Make kadmin work over IPv6Greg Hudson2010-06-267-45/+147
| | | | | | | | | | | | | | | | | | | | | | | | Make gssrpc work over IPv6 TCP sockets provided that the client creates and connects/binds the sockets and doesn't query their addresses or use bindresvport(). Make kadmin work within those constraints and handle IPv6. Specific changes: * Make svctcp_create() able to extract the port from an IPv6 socket, using a new helper function getport(). * Make clnttcp_create() handle a null raddr value if *sockp is set. * Make kadm5_get_service_name() use getaddrinfo() to canonicalize the admin server name. * Make libkadm5clnt's init_any() responsible for connecting its socket using a new helper function connect_to_server(), which uses getaddrinfo instead of gethostbyname. Pass a null address to clnttcp_create(). * Make libapputil's net-server.c set up IPv6 as well as IPv4 listener ports for RPC connections. * Adjust the error code expected in a libkadm5 unit test. ticket: 6746 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24147 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust function names and declarations in libkadm5's client_init.c; inGreg Hudson2010-06-251-149/+95
| | | | | | | particular, avoid the use of library namespace prefixes for static helper functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24146 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify the iprop conditionalization of _kadm5_init_any()Greg Hudson2010-06-251-25/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24145 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some dead code in kdb5_stash() left behind by r24142Greg Hudson2010-06-221-9/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24144 dc483132-0cff-0310-8789-dd5450dbe970
* In kprop's sockaddr2krbaddr(), fill in addr.magic to avoid copyingGreg Hudson2010-06-221-0/+1
| | | | | | around uninitialized values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24143 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate a bunch of duplicated code in kdb5_stash() by usingGreg Hudson2010-06-211-41/+3
| | | | | | util_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24142 dc483132-0cff-0310-8789-dd5450dbe970
* kdb5_stash() contains its own kdb5_db_open() call (because it doesn'tGreg Hudson2010-06-211-1/+1
| | | | | | | | | | | | | use util_context for some reason), which didn't work with the LDAP back end because LDAP doesn't recognize KRB5_KDB_SRV_TYPE_OTHER. As a minimal fix, change that to KRB5_KDB_SRV_TYPE_ADMIN to be consistent with open_db_and_mkey()--see also r18736. ticket: 6345 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24141 dc483132-0cff-0310-8789-dd5450dbe970
* Make OFFLINE!=no work againTom Yu2010-06-211-6/+9
| | | | | | ticket: 6744 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24140 dc483132-0cff-0310-8789-dd5450dbe970
* Add correct error table when initializing gss-krb5Greg Hudson2010-06-211-1/+1
| | | | | | | | | | | | | | | gss_krb5int_lib_init was adding the generic GSS error table (again) instead of the krb5 error table, which could lead to crashes on library unload. This bug was introduced in krb5 1.7; the fix is also applicable there. Patch from Leonardo Chiquitto <leonardo.lists@gmail.com>. ticket: 6745 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24139 dc483132-0cff-0310-8789-dd5450dbe970
* only test t_locate_kdc if known-good DNS name is presentTom Yu2010-06-182-6/+25
| | | | | | | | | | | | | | | | Running "make check" while offline or on a firewalled network may result in failure in lib/krb5/os because the invocation of t_locate_kdc requires that the DNS servers for ATHENA.MIT.EDU be reachable. Autodetect DNS utilities "dig" and "nslookup", and use them to check for existence of the known-good DNS name. Also parameterize the test so that the known-good DNS name can be overridden on the make command line. ticket: 6744 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24138 dc483132-0cff-0310-8789-dd5450dbe970
* In PKINIT, notice if DH_compute_key() returns a value less than theGreg Hudson2010-06-141-2/+18
| | | | | | | | | | buffer size, and pad it on the left if so. ticket: 6738 target_version: 1.8.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24137 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust the PKINIT DH debugging code:Greg Hudson2010-06-141-7/+8
| | | | | | | | | | * Use %p and void * for pointers instead of %x and int * Don't call the computed symmetric key the "secret key" since that's easily confused with the private key g^x. * Print the private key when printing DH parameters, instead of the q value (not even sure what they is). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24136 dc483132-0cff-0310-8789-dd5450dbe970
* Use getaddrinfo() in kprop and kpropd, and recognize IPv6 addressesGreg Hudson2010-06-115-162/+191
| | | | | | | | | | | | | when setting up krb5_address structures. kpropd still only binds to one socket to avoid the need for a select() loop, so we turn off IPV6_V6ONLY on that socket to ensure that IPv4 connections will still be accepted. Based on a patch from Michael Stapelberg <michael@stapelberg.de>. ticket: 6686 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24134 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the code for krb5_append_addresses(), which was never used andGreg Hudson2010-06-111-58/+0
| | | | | | was ifdef'd out fifteen years ago in r5464. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24133 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate actx_copy_addr in auth_con.c; use krb5_copy_addr insteadGreg Hudson2010-06-111-23/+6
| | | | | | (it's exactly the same). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24132 dc483132-0cff-0310-8789-dd5450dbe970
* In yarrow.c, undefine k5-trace.h's TRACE before defining it to avoid aGreg Hudson2010-06-101-0/+1
| | | | | | conflict. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24126 dc483132-0cff-0310-8789-dd5450dbe970
* Remove some unused (as of yet) trace macro definitionsGreg Hudson2010-06-101-10/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24125 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a couple of minor defects in trace.cGreg Hudson2010-06-101-3/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24124 dc483132-0cff-0310-8789-dd5450dbe970
* kadmin ktadd may display wrong name of default keytabGreg Hudson2010-06-082-4/+7
| | | | | | | | | | | | | | kadmin's ktadd (and ktrem) displays WRFILE:/etc/krb5.keytab whenever it uses the default keytab, even if the default has been overridden (e.g. by KRB5_KTNAME). Use krb5_kt_get_name to get the correct name of the default cache instead of displaying the string we think was used to open it. ticket: 6740 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24123 dc483132-0cff-0310-8789-dd5450dbe970
* When we display enctypes, display the input name rather than theGreg Hudson2010-06-086-9/+10
| | | | | | | | | description. Affects klist -e, kdb5_util list_mkeys, kdb5_util stash (error message), kadmin getprinc, kadmin ktadd, and ktutil list -e. ticket: 5014 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24122 dc483132-0cff-0310-8789-dd5450dbe970
* Stop checking the current time against the context expiration time inGreg Hudson2010-06-083-29/+3
| | | | | | | | | | | | | | | | the message wrap/unwrap functions in the krb5 GSS mech. Heimdal doesn't do it, and it generally results in poor app behavior when a ticket expires. In exchange, it doesn't provide much security benefit since it's not enforced across the board--for example, ssh sessions can persist beyond ticket expiration time since they don't use GSS to wrap payload data. (This is a continuation of r24120, which should have contained the changes to all four files.) ticket: 6739 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24121 dc483132-0cff-0310-8789-dd5450dbe970
* Stop checking the current time against the context expiration time inGreg Hudson2010-06-081-14/+0
| | | | | | | | | | | | | | | the message wrap/unwrap functions in the krb5 GSS mech. Heimdal doesn't do it, and it generally results in poor app behavior when a ticket expires. In exchange, it doesn't provide much security benefit since it's not enforced across the board--for example, ssh sessions can persist beyond ticket expiration time since they don't use GSS to wrap payload data. ticket: 6739 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24120 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-06-0754-1996/+2181
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24119 dc483132-0cff-0310-8789-dd5450dbe970
* Trace loggingGreg Hudson2010-06-0724-89/+965
| | | | | | | | | | | | | | | | Add trace logging infrastructure code, enabled by the KRB5_TRACE environment variable or the API functions krb5_set_trace_callback() or krb5_set_trace_filename(). As a start, add tracing events for: * AS-REQ client code, including FAST and preauth * TGS-REQ client code * AP-REQ and AP-REP code (client and server) * sendto_kdc * Selected ccache operations * Selected keytab operations ticket: 6737 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24118 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_enctype_to_name() APIGreg Hudson2010-06-044-3/+32
| | | | | | | | | | Add an API to return the input name, or optionally the shortest alias, of an enctype. Similar to krb5_enctype_to_string() which returns a description. ticket: 6736 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24117 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_cc_set_config, don't call krb5_cc_remove_cred; it's redundantGreg Hudson2010-05-281-4/+0
| | | | | | with the krb5_cc_remove_cred call in krb5_cc_store_cred. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24110 dc483132-0cff-0310-8789-dd5450dbe970
* make dependGreg Hudson2010-05-282-15/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24109 dc483132-0cff-0310-8789-dd5450dbe970
* From Luke: make copies of S4U2Proxy authdata modules work when thereGreg Hudson2010-05-281-1/+1
| | | | | | is no S4U2Proxy authdata. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24107 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the get_masters logic in locate_srv_conf_1 which was orphanedGreg Hudson2010-05-272-63/+11
| | | | | | by r15736 when we added the master_kdc profile variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24106 dc483132-0cff-0310-8789-dd5450dbe970
* Get t_ser to build again after the S4U authdata branch mergeGreg Hudson2010-05-271-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24105 dc483132-0cff-0310-8789-dd5450dbe970
* In testrealm.py, stash the passwords in testdir/passwords so that theyGreg Hudson2010-05-251-1/+6
| | | | | | can be retrieved after they've scrolled away. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24103 dc483132-0cff-0310-8789-dd5450dbe970
* FAST negotiation could erroneously succeedGreg Hudson2010-05-251-0/+1
| | | | | | | | | | | | | | When FAST negotiation is performed against an older KDC (rep->enc_part2->flags & TKT_FLG_ENC_PA_REP not set), krb5int_fast_verify_nego did not set the value of *fast_avail, causing stack garbage to be used in init_creds_step_reply. Initialize *fast_avail at the beginning of the function per coding practices. ticket: 6734 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24102 dc483132-0cff-0310-8789-dd5450dbe970
* Fix long lines and other formatting issues in fast.hGreg Hudson2010-05-241-25/+36
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24101 dc483132-0cff-0310-8789-dd5450dbe970
* Fix long lines and other formatting issues in fast.cGreg Hudson2010-05-241-56/+81
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24100 dc483132-0cff-0310-8789-dd5450dbe970
* Don't include nul characters in the text we send with krb-errorGreg Hudson2010-05-242-2/+2
| | | | | | responses from the KDC. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24097 dc483132-0cff-0310-8789-dd5450dbe970
* Make signedpath authdata visible via GSS naming extsGreg Hudson2010-05-235-2/+615
| | | | | | | | | | Merge users/lhoward/signedpath-naming-exts to trunk. Adds an authdata provider which makes non-PAC S4U2Proxy signedpath authdata visible to application servers via GSS naming extensions. ticket: 6733 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24094 dc483132-0cff-0310-8789-dd5450dbe970
* Remove a non-functional and unnecessary check in kdb5_util'sGreg Hudson2010-05-211-2/+0
| | | | | | | master_key_convert(). (key_data->key_data_length is an array, so its address is never null.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24085 dc483132-0cff-0310-8789-dd5450dbe970
* Fix an error case in kdb_util's dump.c where the dump file handle wasGreg Hudson2010-05-211-0/+1
| | | | | | leaked. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24084 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an unneeded conditional in the cleanup for kadmin's keytabGreg Hudson2010-05-211-5/+3
| | | | | | add_principal(), squashing a false-positive memory leak from Coverity. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24083 dc483132-0cff-0310-8789-dd5450dbe970
* In getdate.y, remove an error check from r19656 which couldn't everGreg Hudson2010-05-211-2/+0
| | | | | | trigger (Convert() does not use an error parameter). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24082 dc483132-0cff-0310-8789-dd5450dbe970
* Use ANSI-style function definitions in our copy of getdate.yGreg Hudson2010-05-211-37/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24081 dc483132-0cff-0310-8789-dd5450dbe970
* Document the disable_last_success and disable_lockout variables inGreg Hudson2010-05-211-0/+17
| | | | | | | | | krb5.conf.M. Also document database_name in krb5.conf.M and slightly adjust the wording in admin.texinfo. ticket: 6719 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24078 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Arlene Berry to detect and ignore a duplicateTom Yu2010-05-201-0/+12
| | | | | | | | | | | mechanism token sent in the mechListMIC field, such as sent by Windows 2000 Server. ticket: 6726 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24075 dc483132-0cff-0310-8789-dd5450dbe970
* kdc_tcp_ports not documented in kdc.conf.MTom Yu2010-05-201-0/+20
| | | | | | | | | | | | | | The kdc.conf setting kdc_tcp_ports was not documented in kdc.conf.M, though it was documented in doc/admin.texinfo. Copy text from there for now. The setting defaults to an empty string at the moment, causing the KDC to not listen on TCP by default, confusing some users. Changing this behavior is a separate issue. ticket: 6730 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24074 dc483132-0cff-0310-8789-dd5450dbe970
* In gss_acquire_cred_with_password() and gss_add_cred_with_password(),Greg Hudson2010-05-201-38/+23
| | | | | | | require desired_name to be set, and always honor it. This is consistent with the Sun implementation and simplifies the code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24072 dc483132-0cff-0310-8789-dd5450dbe970
* CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)Tom Yu2010-05-191-0/+7
| | | | | | | | | | | Make krb5_gss_accept_sec_context() check for a null authenticator checksum pointer before attempting to dereference it. ticket: 6725 tags: pullup target_version: 1.8.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24056 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-05 01:07:00 +0000