summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* In the kdc5_hammer test program, simplify the cleanup logic ofGreg Hudson2010-04-211-19/+10
| | | | | | | | get_server_key. Fixes a memory leak where the result of krb5_get_credentials() didn't get freed if krb5_mk_req_extended() failed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23919 dc483132-0cff-0310-8789-dd5450dbe970
* Amend r23917 to correct some uses of *out_creds which should now useGreg Hudson2010-04-211-3/+2
| | | | | | the local variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23918 dc483132-0cff-0310-8789-dd5450dbe970
* In the get_credentials() helper of the gss-krb5 init_sec_context code,Greg Hudson2010-04-211-2/+8
| | | | | | ensure that *out_creds is only filled in on successful return. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23917 dc483132-0cff-0310-8789-dd5450dbe970
* In t_inetd, zero out l_inaddr before filling it in, as is relativelyGreg Hudson2010-04-211-0/+2
| | | | | | common in networking code. Silences a Coverity defect. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23916 dc483132-0cff-0310-8789-dd5450dbe970
* Only create runenv.py at BUILDTOP. Fix bugs in k5test.py relating toTom Yu2010-04-203-17/+32
| | | | | | environment initialization, also so that "make testrealm" works again. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23913 dc483132-0cff-0310-8789-dd5450dbe970
* Fix CVE-2010-1230 (MITKRB5-SA-2010-004) double-free in KDC triggeredTom Yu2010-04-203-0/+41
| | | | | | | | | | | | | | by ticket renewal. Add a test case. See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490 Thanks to Joel Johnson and Brian Almeida for the reports. ticket: 6702 target_version: 1.8.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23912 dc483132-0cff-0310-8789-dd5450dbe970
* When setting up to get a TGT for the service realm in the TGS code,Greg Hudson2010-04-201-5/+5
| | | | | | | | | | | | get the cached local TGT before setting up the realm path. Prior to this change, calling krb5_get_credentials() with an empty ccache would result in KRB5_CC_NOTFOUND for a foreign server principal, but would result in KRB5_NO_TKT_IN_REALM (generated by krb5_walk_realm_tree) for a local server principal. With this change, KRB5_CC_NOTFOUND is returned in both cases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23909 dc483132-0cff-0310-8789-dd5450dbe970
* Add KRB5_INIT_CREDS_STEP_FLAG_CONTINUE for parity with Heimdal.Greg Hudson2010-04-204-18/+17
| | | | | | | | Rename KRB5_TKT_CREDS_CONTINUE to KRB5_TKT_CREDS_STEP_FLAG_CONTINUE for consistency. Adjust init_creds context to be less confusing in light of the above. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23906 dc483132-0cff-0310-8789-dd5450dbe970
* Build runenv.py, holding environment variable settings required forTom Yu2010-04-166-22/+41
| | | | | | | | running programs out of the build tree during python-based tests. Also updates shilb.conf to set RUN_VARS to make it easier to generate this sort of thing. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23905 dc483132-0cff-0310-8789-dd5450dbe970
* Introduce new krb5_tkt_creds APIGreg Hudson2010-04-147-1495/+1206
| | | | | | | | | | | | Merged from branches/iakerb: add new asynchronous krb5_tkt_creds APIs, which allow a caller to take responsibility for transporting requests to the KDC and getting responses back. Rewrite the existing krb5_get_credentials API in terms of the new functions. Get rid of krb5_get_cred_from_kdc and friends, since they are no longer used. ticket: 6700 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23900 dc483132-0cff-0310-8789-dd5450dbe970
* Use krb5_get_credentials in ksu instead of krb5_get_cred_from_kdc, soGreg Hudson2010-04-141-28/+2
| | | | | | we can get rid of the latter. (Also simplifies the code.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23899 dc483132-0cff-0310-8789-dd5450dbe970
* Validate and renew should work on non-TGT credsGreg Hudson2010-04-133-151/+197
| | | | | | | | | | | | | The validate and renew APIs were using get_cred_from_kdc, which always presents a TGT to get credentials. Instead, they should present the ticket they are trying to validate or renew. This is most easily done with krb5_get_cred_via_tkt(). Move the relevant code into a new file since it now has nothing in common with the other APIs implemented in get_creds.c. ticket: 6699 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23891 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5int_send_tgs(); it is unused as of r23358Greg Hudson2010-04-083-90/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23881 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_cc_dup() to make it possible to copy ccache handlesGreg Hudson2010-04-082-0/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23874 dc483132-0cff-0310-8789-dd5450dbe970
* Assume lstat in Unix code, specifically clients/ksu/ccache.c. Fix badGreg Hudson2010-04-082-101/+93
| | | | | | indentation caused by an #ifdef HAVE_LSTAT block. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23870 dc483132-0cff-0310-8789-dd5450dbe970
* In testrealm.py, add ksu and kvno to the list of build directoriesGreg Hudson2010-04-041-1/+3
| | | | | | containing programs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23858 dc483132-0cff-0310-8789-dd5450dbe970
* Fix backwards flag output in krb5_init_creds_step()Greg Hudson2010-03-291-2/+2
| | | | | | | | | | | | krb5_init_creds_step() is taken from Heimdal, which sets *flags to 1 for "continue" and 0 for "stop". Unfortunately, we got it backwards in 1.8; fix it for 1.8.1. ticket: 6693 tags: pullup target_version: 1.8.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23844 dc483132-0cff-0310-8789-dd5450dbe970
* Always pass -W option to kdb5_util create in testingKen Raeburn2010-03-274-5/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23838 dc483132-0cff-0310-8789-dd5450dbe970
* In gc_frm_kdc.c, rename cur_kdc to cur_realm and nxt_kdc to nxt_realm,Greg Hudson2010-03-261-67/+70
| | | | | | | | | | to make it easier to distinguish them from cur_tgt and nxt_tgt. Make similar name changes to lst_kdc and kdc_list, as well as the function find_nxt_kdc(). No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23837 dc483132-0cff-0310-8789-dd5450dbe970
* Straighten the if-ladder in encrypted challenge's process_preauth,Greg Hudson2010-03-251-7/+6
| | | | | | | making it clearer that control drops through if one of the first couple of steps fails. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23836 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Arlene Berry to not use freed memory inTom Yu2010-03-231-1/+2
| | | | | | | | | | gss_import_sec_context in some error paths. ticket: 6678 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23834 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGOTom Yu2010-03-231-22/+16
| | | | | | | | | | | The SPNEGO implementation in krb5-1.7 and later could crash due to assertion failure when receiving some sorts of invalid GSS-API tokens. ticket: 6690 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23832 dc483132-0cff-0310-8789-dd5450dbe970
* Include t_spengno.o in list of OBJS so make clean will removeEzra Peisach2010-03-231-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23831 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_typed_data not castable to krb5_pa_data on 64-bit MacOSXTom Yu2010-03-232-11/+13
| | | | | | | | | | | | | Move krb5_typed_data to krb5.hin from k5-int-pkinit.h because krb5int_fast_process_error was assuming that it was safe to cast it to krb5_pa_data. It's not safe to do the cast on 64-bit MacOSX because krb5.hin uses #pragma pack on that platform. ticket: 6689 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23829 dc483132-0cff-0310-8789-dd5450dbe970
* Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512Greg Hudson2010-03-201-1/+1
| | | | | | | | | | | | | | | | | | | | KRB5_AUTHDATA_SIGNTICKET, originally a Heimdal authorization data type, was used to implement PAC-less constrained delegation in krb5 1.8. Unfortunately, it was found that Microsoft was using 142 for other purposes, which could result in a ticket issued by an MIT or Heimdal KDC being rejected by a Windows Server 2008 R2 application server. Because KRB5_AUTHDATA_SIGNTICKET is only used to communicate among a realm's KDCs, it is relatively easy to change the number, so MIT and Heimdal are both migrating to a new number. This change will cause a transitional interoperability issue when a realm mixes MIT krb5 1.8 (or Heimdal 1.3.1) KDCs with MIT krb5 1.8.1 (or Heimdal 1.3.2) KDCs, but only for constrained delegation evidence tickets. ticket: 6687 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23821 dc483132-0cff-0310-8789-dd5450dbe970
* Document the ticket_lifetime libdefaults setting (which was added inGreg Hudson2010-03-191-0/+4
| | | | | | | | | | r16656, #2656). Based on a patch from nalin@redhat.com. ticket: 6680 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23820 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the kpasswd fallback from the ccache principal name to theGreg Hudson2010-03-181-7/+11
| | | | | | | | | | username in the case where the ccache doesn't exist. ticket: 6683 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23819 dc483132-0cff-0310-8789-dd5450dbe970
* Include int-proto.h in mk_req_ext.c for krb5int_validate_timesGreg Hudson2010-03-181-0/+1
| | | | | | declaration. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23818 dc483132-0cff-0310-8789-dd5450dbe970
* UntabifyKen Raeburn2010-03-181-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23817 dc483132-0cff-0310-8789-dd5450dbe970
* Copyright noticeKen Raeburn2010-03-181-1/+29
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23816 dc483132-0cff-0310-8789-dd5450dbe970
* When checking for KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT, don'tGreg Hudson2010-03-171-1/+1
| | | | | | | | | | dereference options if it's NULL. ticket: 6681 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23815 dc483132-0cff-0310-8789-dd5450dbe970
* Add more verbosity when the -V option to kinit is specified. Based onGreg Hudson2010-03-171-0/+21
| | | | | | | | a patch from Jeff Blaine <jblaine@kickflop.net>. ticket: 6684 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23814 dc483132-0cff-0310-8789-dd5450dbe970
* Fix the Python version check to use constructs available in olderGreg Hudson2010-03-171-10/+4
| | | | | | versions of Python. (python --version was added in 2.5.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23813 dc483132-0cff-0310-8789-dd5450dbe970
* Add a version check to the Python test, so that we don't try to runGreg Hudson2010-03-171-2/+11
| | | | | | k5test in Python 2.3 or below. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23812 dc483132-0cff-0310-8789-dd5450dbe970
* Merge users/raeburn/branches/network-mergeKen Raeburn2010-03-1720-2066/+473
| | | | | | | | | | Re-integrates the forked versions of network.c in kdc and kadmin/server. Server-specific initialization and SIGHUP-reset code is moved into other source files; the more generic network-servicing code is merged and moved into apputils library already used by both programs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23811 dc483132-0cff-0310-8789-dd5450dbe970
* handle NT_SRV_INST in service principal referralsTom Yu2010-03-161-0/+1
| | | | | | | | | | | Handle NT_SRV_INST in service principal cross-realm referrals, as Windows apparently uses that instead of NT_SRV_HST for at least some service principals. ticket: 6685 target_version: 1.8.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23810 dc483132-0cff-0310-8789-dd5450dbe970
* Set up KRB5_RUN_ENV for pytests, so that Python-based tests can runTom Yu2010-03-153-2/+7
| | | | | | without first running "make install". git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23805 dc483132-0cff-0310-8789-dd5450dbe970
* Lazy history key creationGreg Hudson2010-03-112-60/+37
| | | | | | | | | | | Create kadmin/history lazily when we need it (i.e. when a password is changed on a principal with a policy) instead of whenever we open the database. Allows kadmin.local to be used as a read-only tool on non- kadmin-conformant database back ends such as the Samba bridge. ticket: 6679 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23799 dc483132-0cff-0310-8789-dd5450dbe970
* Use KRB5_CONF_ macros instead of strings in the source file for profile ↵Zhanna Tsitkov2010-03-102-6/+8
| | | | | | config attributes "default" and "logging" git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23798 dc483132-0cff-0310-8789-dd5450dbe970
* Remove vestigial include/spnego-asn1.hGreg Hudson2010-03-101-90/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23796 dc483132-0cff-0310-8789-dd5450dbe970
* Add a "make testrealm" target using the Python test framework. AsGreg Hudson2010-03-083-12/+92
| | | | | | | part of this, expose the environments in K5Realm as attributes so that test scripts can modify them. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23794 dc483132-0cff-0310-8789-dd5450dbe970
* Make python test start_in_inetd functionEzra Peisach2010-03-073-2/+5
| | | | | | | | | util/k5test.py: Fix incorrect variable used tests/dejagnu/t_inetd.c: Flush stdout after outputting "Ready!" tests/dejagnu/Makefile.in: Always compile t_inetd - even in runtest is not present git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23773 dc483132-0cff-0310-8789-dd5450dbe970
* Release the internal_name field of a SPNEGO context if it has not beenGreg Hudson2010-03-051-0/+3
| | | | | | | | | | claimed for a caller argument. ticket: 6674 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23772 dc483132-0cff-0310-8789-dd5450dbe970
* Add a Python test to run t_spnegoGreg Hudson2010-03-052-0/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23771 dc483132-0cff-0310-8789-dd5450dbe970
* In post.in, add a check-pytests intermediate target for Makefile.in toGreg Hudson2010-03-051-3/+8
| | | | | | add dependencies to, for test scripts which run C test programs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23770 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a double-free in the t_spnego test program resulting from overlyGreg Hudson2010-03-051-3/+0
| | | | | | careless cutting and pasting. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23769 dc483132-0cff-0310-8789-dd5450dbe970
* Add a message parameter to k5test's success(), to briefly indicate theGreg Hudson2010-03-053-9/+12
| | | | | | scope of test scripts. Only displayed when verbose is set. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23768 dc483132-0cff-0310-8789-dd5450dbe970
* Add IPv6 support to changepw.c (reverting r21004 since it is no longerGreg Hudson2010-03-051-7/+26
| | | | | | | | | | necessary). Patch from Submit Bose <sbose@redhat.com>. ticket: 6661 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23767 dc483132-0cff-0310-8789-dd5450dbe970
* Ignore improperly encoded signedpath AD elementsGreg Hudson2010-03-051-1/+5
| | | | | | | | | | | | | We have some reason to believe Microsoft and Heimdal are both using the authdata value 142 for different purposes, leading to failures in verify_ad_signedpath(). For better interoperability, treat such tickets as unsigned, rather than invalid. ticket: 6676 target_version: 1.8.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23766 dc483132-0cff-0310-8789-dd5450dbe970
* Error out if a Python test program failsGreg Hudson2010-03-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23765 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-05 08:35:24 +0000