summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Implement tests for authdata functionsSam Hartman2009-03-163-2/+114
| | | | | | | | | Implement some test cases for krb5_merge_authdata and krb5int_find_authdata ticket: 6422 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22097 dc483132-0cff-0310-8789-dd5450dbe970
* Implement krb5int_find_authdataSam Hartman2009-03-161-0/+89
| | | | | | | | | Implement a function to find all instances of a particular ad_type in ticket or authenticator authdata. ticket: 6422 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22096 dc483132-0cff-0310-8789-dd5450dbe970
* Implement test cases for CF2Sam Hartman2009-03-168-2/+147
| | | | | | | | | | Implement a simple program to call KRB-FX-CF2 and print the resulting keys. Add to regression tests. Also, use the PRF testing application to confirm that CF2 generates consistent keys if called by hand. ticket: 6421 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22095 dc483132-0cff-0310-8789-dd5450dbe970
* Implement KRB-FX_CF2Sam Hartman2009-03-165-0/+187
| | | | | | | | | | Draft-ietf-krb-wg-preauth-framework defines a function KRB-FX-CF2 that combines two keys of arbitrary enctype. Implement this function as an exported API. ticket: 6421 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22094 dc483132-0cff-0310-8789-dd5450dbe970
* Call kdb_set_mkey_list from the KDCSam Hartman2009-03-162-1/+2
| | | | | | | | | | | In order for the kdb keytab to be used from within the KDC, the KDC needs to set the master key list in the context. ticket: 6424 Target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22093 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_auth_con_free should support freeing a null auth_context without segfaultSam Hartman2009-03-161-0/+2
| | | | | | | | If the input auth_con is NULL, return success. ticket: 6423 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22092 dc483132-0cff-0310-8789-dd5450dbe970
* Add LDAP back end support for canonical name attributeGreg Hudson2009-03-154-7/+78
| | | | | | | | | | | | | Add a krbCanonicalName attribute to the schema. When looking up a principal, if the canonical name is set and does not match the requested name, then return the entry only if canonicalization was requested, and use the entry's canonical name. ticket: 6420 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22090 dc483132-0cff-0310-8789-dd5450dbe970
* CVE-2009-0845 SPNEGO can dereference a null pointerTom Yu2009-03-131-1/+2
| | | | | | | | | | | | acc_ctx_new() can return an error condition without establishing a SPNEGO context structure. This can cause a null pointer dereference in cleanup code in spnego_gss_accept_sec_context(). ticket: 6417 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22084 dc483132-0cff-0310-8789-dd5450dbe970
* Use correct salt for canonicalized principalsGreg Hudson2009-03-131-1/+23
| | | | | | | | | | | | In cases where the salt is derived from the client principal, use the canonicalized principal received from the KDC to determine the salt. Further changes are probably required for some preauth cases. ticket: 6415 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22083 dc483132-0cff-0310-8789-dd5450dbe970
* Better fix: Delay setting 'outbuf' until after the header buffer mightKen Raeburn2009-03-121-3/+2
| | | | | | | | | | have been allocated locally, and set it in both code paths instead of just the confidentiality-requested code path. ticket: 6412 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22082 dc483132-0cff-0310-8789-dd5450dbe970
* crash using library-allocated storage for header in wrap_iovKen Raeburn2009-03-121-2/+3
| | | | | | | | | | | When allocating storage for the header buffer, update the internal output buffer pointer as well. ticket: 6412 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22081 dc483132-0cff-0310-8789-dd5450dbe970
* Report verbose error messages from KDCGreg Hudson2009-03-115-128/+142
| | | | | | | | | | | | | | | | We were losing verbose error messages when logging from the KDC because the context passed to krb5_klog_init did not match the realm-specific context used for most library function calls. Introduce a wrapper function kdc_err which copies the error state from the call context to the log context. The wrapper function also knows the program name, which removes the need to pass argv[0] around everywhere or make up program names. ticket: 6408 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22079 dc483132-0cff-0310-8789-dd5450dbe970
* Make a working krb5_copy_error_messageGreg Hudson2009-03-114-3/+18
| | | | | | | | | | | | The krb5_copy_error_state macro wasn't used, didn't work, and didn't need to be a macro. Replace it with an exported API function named krb5_copy_error_message. ticket: 6407 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22078 dc483132-0cff-0310-8789-dd5450dbe970
* Make Lite Client lib link againZhanna Tsitkov2009-03-111-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22077 dc483132-0cff-0310-8789-dd5450dbe970
* Make it link againZhanna Tsitkov2009-03-111-2/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22076 dc483132-0cff-0310-8789-dd5450dbe970
* Several small fixes to enable the migrate mkey commands to work properly ↵Will Fiveash2009-03-103-46/+6
| | | | | | | | | with a LDAP KDB. See the ticket for more details ticket: 6405 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22073 dc483132-0cff-0310-8789-dd5450dbe970
* Added test for KRB5_NT_UNKNOWN princ typeZhanna Tsitkov2009-03-103-11/+31
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22072 dc483132-0cff-0310-8789-dd5450dbe970
* Rename kdb_setup_lib_handle to krb5_db_setup_lib_handle and export it.Greg Hudson2009-03-104-48/+48
| | | | | | | | | | | | | Make kdb5_ldap_util work again by calling this function to set up dal_handle instead of using one with an uninitialized lib_handle. It is likely that kdb5_ldap_util will only function given a krb5.conf which specifies a realm with an LDAP database module as the default realm. Not sure if that was the case before. ticket: 6403 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22071 dc483132-0cff-0310-8789-dd5450dbe970
* Removed unneeded printf'sZhanna Tsitkov2009-03-091-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22070 dc483132-0cff-0310-8789-dd5450dbe970
* Introduced '-u' option to kvno to enforce KRB5_NT_UNKNOWN princ typeZhanna Tsitkov2009-03-091-6/+20
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22069 dc483132-0cff-0310-8789-dd5450dbe970
* Add "-V" option to klist to print the package name and version, and exitKen Raeburn2009-03-061-3/+13
| | | | | | | | ticket: 4241 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22068 dc483132-0cff-0310-8789-dd5450dbe970
* send_as_req re-encodes the requestSam Hartman2009-03-061-19/+12
| | | | | | | | | | | | | | | | krb5_get_init_creds calls encode_krb5_as_req to produce an encoding for the preauth plugins, then passes the unencoded request structure into the static function send_as_req. That function re-encodes the request. This is an unnecessary call to the encoder. In addition, for the FAST project, it is desirable to encapsulate the unencoded outer request so that krb5_get_init_creds does not need it. * send_as_req is modified to take an encoded request and realm * Remove unused logic to fill in request nonce from send_as_req ticket: 6401 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22067 dc483132-0cff-0310-8789-dd5450dbe970
* Take out of the loop unchangeble assignments. TabulationZhanna Tsitkov2009-03-051-27/+26
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22065 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_merge_authdata should initialize output on failureSam Hartman2009-02-261-0/+1
| | | | | | ticket: 6400 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22057 dc483132-0cff-0310-8789-dd5450dbe970
* Include authenticator and ticket authdata in gss-apiSam Hartman2009-02-264-13/+46
| | | | | | | | | | | | | | | Currently, the GSS-API routines for handling authdata only extract the authorization data from the ticket, not that from the authenticator. This is incorrect. Introduce a new function krb5_merge_authadata to merge two authdata arrays into a newly allocated result array. Use this function in accept_sec_context.c to include both sets of authdata. ticket: 6400 Target_version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22056 dc483132-0cff-0310-8789-dd5450dbe970
* Check return code of encode_krb5_ap_req. Also, tabs vs whitespaceZhanna Tsitkov2009-02-231-134/+135
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22050 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5int_generate_and_save_subkey, check the return value ofGreg Hudson2009-02-231-4/+5
| | | | | | | | krb5_crypto_us_timeofday. It can't really fail in practice, but if it did we'd be passing stack garbage to krb5_c_random_add_entropy. That's harmless, but poor form. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22049 dc483132-0cff-0310-8789-dd5450dbe970
* Check the return value of fseek in two places in kt_file.cGreg Hudson2009-02-231-2/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22047 dc483132-0cff-0310-8789-dd5450dbe970
* Correct the return codeZhanna Tsitkov2009-02-231-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22046 dc483132-0cff-0310-8789-dd5450dbe970
* Kill an odd (but harmless) use of strncpy inGreg Hudson2009-02-231-7/+4
| | | | | | | krb5_get_in_tkt_with_password, by using the construction from krb5_get_init_creds_password. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22045 dc483132-0cff-0310-8789-dd5450dbe970
* send_tgs.c:Sam Hartman2009-02-231-30/+33
| | | | | | | | | | | | | | * Move generation of subkey into krb5int_send_tgs from construct_authenticator so that it is available for encrypting authorization data. * Initialize rep->message_type and note that rep is touched on unsuccessful calls (this has always been true). * Do not set *subkey until successful return. Thanks to Greg Hudson for pointing out these problems. Ticket: 6393 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22044 dc483132-0cff-0310-8789-dd5450dbe970
* In krcp, check the return value when closing the output file afterGreg Hudson2009-02-201-1/+2
| | | | | | | | successfully writing it. close cannot return an error status on most local filesystems, but can on some network filesystems such as AFS or NFS. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22043 dc483132-0cff-0310-8789-dd5450dbe970
* Also install k5srvutil into PREFIX/bin instead of PREFIX/sbinRuss Allbery2009-02-201-1/+1
| | | | | | | Ticket: 6348 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22042 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust to the return value of isflagset routineZhanna Tsitkov2009-02-201-2/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22041 dc483132-0cff-0310-8789-dd5450dbe970
* KDC realm referral testZhanna Tsitkov2009-02-2017-0/+701
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22040 dc483132-0cff-0310-8789-dd5450dbe970
* remove obsolete GNU.ORG realm infoKen Raeburn2009-02-191-6/+1
| | | | | | | | | | | | | Our sample krb5.conf has obsolete info on the GNU.ORG realm; the DNS entries named don't exist, and AFAIK this hasn't been accurate in years. (I don't even know if they're currently running a Kerberos realm.) ticket: 6398 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22038 dc483132-0cff-0310-8789-dd5450dbe970
* Fix in handle_referral_paramsZhanna Tsitkov2009-02-191-9/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22037 dc483132-0cff-0310-8789-dd5450dbe970
* Some fixups and stubs for building ccapi on UNIX, and dependencies.Ken Raeburn2009-02-1818-16/+309
| | | | | | | | | (Doesn't make a complete working implementation, but it mostly compiles.) Does *not* include the changes to actually cause the ccapi code to get built in normal UNIX builds. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22023 dc483132-0cff-0310-8789-dd5450dbe970
* Revert the fopen part of the previous krb5_kuserok change, but keepGreg Hudson2009-02-171-5/+4
| | | | | | | the string-handling change. It introduced an unwanted behavior change when .k5login was detectable but unreadable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22011 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_kuserok, just try opening .k5login; don't check ahead of timeGreg Hudson2009-02-171-9/+11
| | | | | | | whether it looks accessible. Also rewrite the construction of the .k5login filename to use snprintf instead of strnpy/strncat. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22010 dc483132-0cff-0310-8789-dd5450dbe970
* Be less verbose about routing-socket messagesKen Raeburn2009-02-131-4/+15
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22005 dc483132-0cff-0310-8789-dd5450dbe970
* Correct numerous memory leaks on error conditions in the ASN.1Greg Hudson2009-02-133-299/+1030
| | | | | | decoder functions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22004 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_decode_leak.c, work around the oddity thatGreg Hudson2009-02-131-2/+16
| | | | | | krb5_free_cred_enc_part is a contents-only free function. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22003 dc483132-0cff-0310-8789-dd5450dbe970
* In tgs_construct_tgsreq, free scratch even if scratch->data is NULL.Greg Hudson2009-02-131-2/+2
| | | | | | | (Which probably can't happen, but static analyzers don't know that.) Also protect scratch from being freed before initialization. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22002 dc483132-0cff-0310-8789-dd5450dbe970
* Implement TGS authenticator subkey usageSam Hartman2009-02-135-38/+60
| | | | | | | | | | | | | | | | | Implement support for use of a subkey in the TGS req. This is needed by FAST TGS support. The interface to krb5_send_tgs changed in order to gain a subkey output parameter. Since this is a private interface it was renamed to krb5int_send_tgs and removed from the export list. * send_tgs.c: generate a subkey and return to caller * decode_kdc_rep.c: Use subkey keyusage * gc_via_tkt.c: pass in subkey to decode_kdc_rep * send_tgs.c: use subkey for encrypting authorization data ticket: 6393 tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21993 dc483132-0cff-0310-8789-dd5450dbe970
* Don't pass negative numbers to strerrorKen Raeburn2009-02-121-0/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21988 dc483132-0cff-0310-8789-dd5450dbe970
* Don't apply 'const' twice. Make kg_arcfour_l40 staticKen Raeburn2009-02-121-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21987 dc483132-0cff-0310-8789-dd5450dbe970
* Don't apply 'const' twiceKen Raeburn2009-02-121-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21986 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_get_in_tkt_with_password, free opte before returning the errorGreg Hudson2009-02-121-1/+1
| | | | | | from krb5_unparse_name, not after. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21985 dc483132-0cff-0310-8789-dd5450dbe970
* Make output parameter of krb5_generate_subkey_extended well-defined onGreg Hudson2009-02-121-7/+15
| | | | | | error, and reformat function to fit coding standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21984 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-09 19:09:16 +0000