summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* This patch addresses the issues raised in this ticket and ticket 5936Jeffrey Altman2008-07-211-18/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (a) In the case where 'cred_handle' != 'verifier_cred_handle'[1] krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success case and the failure cases that result in returning from the function prior to reaching the end of the function. (b) The meaningful 'minor_status' return value is destroyed during the cleanup operations. The approach taken is to add a new 'exit:' label prior to the end of the function through which all function returns after reaching the 'fail:' label will goto. After 'exit:', the 'cred_handle' will be released and if there is a krb5_context 'context' to be freed, the error info will be saved and krb5_free_context() will be called. In the success case, the krb5_context is saved in the gss context and we now set 'context' to NULL to prevent it from being freed. In order to preserve the minor_status return code, a 'tmp_minor_status' variable is added that is used after the 'fail:' label in calls to krb5_gss_delete_sec_context() and krb5_gss_release_cred(). [1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to the value of 'verifier_cred_handle'. ticket: 5442 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20559 dc483132-0cff-0310-8789-dd5450dbe970
* kadm5_decrypt_key(). This patch prevents the returned keyblock's Jeffrey Altman2008-07-211-1/+2
| | | | | | | | | | enctype from being coerced to the requested 'ktype' if the requested 'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored". ticket: 5840 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20558 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_string_to_keysalts()Jeffrey Altman2008-07-211-1/+1
| | | | | | | | | Fix an infinite loop in the parsing of 'kp' ticket: 5839 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20557 dc483132-0cff-0310-8789-dd5450dbe970
* There are two mutex locking issues that Roland Dowdeswell noticed in Jeffrey Altman2008-07-211-0/+13
| | | | | | | | | | | | | the memory ccache. The first one is in cc_memory.c:krb5_mcc_initialize(). When it is free(3)ing the existing credentials it does not lock the data structures and hence two separate threads can run into issues. The same problem exists in cc_memory.c:krb5_mcc_destroy(). ticket: 5895 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20555 dc483132-0cff-0310-8789-dd5450dbe970
* An implementation of opendir() and friends for _WIN32Jeffrey Altman2008-07-211-6/+145
| | | | | | | | | plus an implementation of the plugin support that makes use of them. ticket: 3737 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20554 dc483132-0cff-0310-8789-dd5450dbe970
* Assign fixed ordinals to comerr32.dll exportsJeffrey Altman2008-07-211-7/+7
| | | | | | | | | | | | | | All of the other libraries on Windows have fixed assignments of ordinals to the exported functions. Assign the ordinals that were in use in the last public release, kfw 3.2.2, so that they will remain constant into the future in case additional exports are added to the library. ticket: new component: krb5-libs tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20553 dc483132-0cff-0310-8789-dd5450dbe970
* When reading from the routing socket, only provide enough space forKen Raeburn2008-07-211-30/+22
| | | | | | | the header and ignore the rest of the message. Don't complain about message size as long as we got the bits of the header we care about. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20552 dc483132-0cff-0310-8789-dd5450dbe970
* ccdefault.c:Jeffrey Altman2008-07-211-2/+4
| | | | | | | | | | | | | | | | | krb5_cc_default_name() is permitted to return a NULL pointer as a valid output. Passing a NULL pointer to strcmp() will result in an exception as NULL is not a valid input parameter to strcmp(). Save the output of krb5_cc_default_name() to a variable and modify the conditional to set the new default ccache name in the case where there is no existing default ccache name. ticket: 5080 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20551 dc483132-0cff-0310-8789-dd5450dbe970
* Don't set LOCAL_SUBDIRS in many places and SUBDIRS in a few andKen Raeburn2008-07-2025-25/+24
| | | | | | | default SUBDIRS to LOCAL_SUBDIRS via pre.in. Instead, just set SUBDIRS in each directory, and don't do anything in pre.in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20546 dc483132-0cff-0310-8789-dd5450dbe970
* Drop $(SUBDIRS_@srcdir@) hack, it's not being used any more, andKen Raeburn2008-07-201-3/+1
| | | | | | confuses some versions of make. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20545 dc483132-0cff-0310-8789-dd5450dbe970
* Use mkstemp(), and fstat() the file to make sure that the mkstemp()Tom Yu2008-07-181-19/+60
| | | | | | | | implementation is setting sane file modes. ticket: 6002 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20543 dc483132-0cff-0310-8789-dd5450dbe970
* Set non-blocking mode on incoming TCP connections.Ken Raeburn2008-07-181-3/+12
| | | | | | | Don't log EINTR error in select loop. Log when shutdown signal has been received and acted on. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20541 dc483132-0cff-0310-8789-dd5450dbe970
* On systems with struct rt_msghdr, open a routing socket and wait forKen Raeburn2008-07-182-4/+174
| | | | | | | | | | | | | | | | | | | | | | | messages; when they come in, if the types suggest a possibility of network interface reconfiguration, shut down the KDC's networking and bring it back up again, rescanning the interfaces in the process. Leaving the ticket open because it should be improved: * It should only close down sockets on addresses we no longer have, and bring up sockets only on new addresses. * If we have IPV6_PKTINFO support, it should only listen for IPv4 routing changes. * If we also have IP_PKTINFO support, it shouldn't be used at all. * If we build a KDC on a system with neither struct rt_msghdr nor IP_PKTINFO (do we have any such?), we'll need another solution. Thanks to Nico Williams for the routing socket suggestion, and Apple for the initial (signal-driven) reconfiguration code. ticket: 6019 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20540 dc483132-0cff-0310-8789-dd5450dbe970
* Rewrite krb5_db_open flag handling to avoid confusing emacs c-modeKen Raeburn2008-07-181-6/+6
| | | | | | indentation support. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20539 dc483132-0cff-0310-8789-dd5450dbe970
* Revert due to potential file modes race conditionTom Yu2008-07-181-18/+14
| | | | | | | ticket: 6002 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20538 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_rc_io_creat() use mkstempTom Yu2008-07-181-14/+18
| | | | | | ticket: 6002 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20537 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_rc_io_creat(), unlink any existing rcache file before tryingTom Yu2008-07-171-1/+2
| | | | | | | | | | | to create a new rcache. This allows better recovery from corrupt rcache files. ticket: 6018 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20536 dc483132-0cff-0310-8789-dd5450dbe970
* CCAPI side of the patchAlexandra Ellwood2008-07-171-23/+30
| | | | | | ticket: 6035 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20535 dc483132-0cff-0310-8789-dd5450dbe970
* Removed _t suffix from KIM typesAlexandra Ellwood2008-07-179-762/+762
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20534 dc483132-0cff-0310-8789-dd5450dbe970
* Removed _t suffix from all type namesAlexandra Ellwood2008-07-1728-1067/+1067
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20533 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Mark Phalan to correctly use progname instead ofTom Yu2008-07-1710-165/+152
| | | | | | | | | | argv[0]. ticket: 6030 tags: pullup target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20532 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Mark Phalan to initialize progname before useTom Yu2008-07-162-6/+11
| | | | | | | | ticket: 6028 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20531 dc483132-0cff-0310-8789-dd5450dbe970
* Fix indirection on assignment to minor statusTom Yu2008-07-161-4/+4
| | | | | | ticket: 5962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20530 dc483132-0cff-0310-8789-dd5450dbe970
* Check return value from k5_mutex_lock() to partially mitigate someTom Yu2008-07-163-11/+25
| | | | | | | | assertion failures when mutexes get destroyed out from under us. ticket: 5962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20529 dc483132-0cff-0310-8789-dd5450dbe970
* r1926@ken-wireless: raeburn | 2008-07-15 16:49:17 -0400Ken Raeburn2008-07-152-0/+72
| | | | | | | | | | | | ticket: 5947 status: open Add a test script for the walk_rtree code, and run some test cases that exercise the problem reported in RT ticket 5947. r1927@ken-wireless: raeburn | 2008-07-15 19:55:10 -0400 Some more test cases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20528 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_cred_via_tkt() should null out_cred on errorsTom Yu2008-07-151-0/+1
| | | | | | | | | | | | | Helper function krb5_kdcrep2creds(), called from krb5_get_cred_via_tkt(), should null its output pointer after freeing allocated memory, to avoid returning an invalid pointer. ticket: new tags: pullup target_version: 1.6.4 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20527 dc483132-0cff-0310-8789-dd5450dbe970
* Use RFC 3542's IPV6_RECVPKTINFO if available. (And IP_RECVPKTINFO too.)Ken Raeburn2008-07-141-2/+12
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20515 dc483132-0cff-0310-8789-dd5450dbe970
* In FREE_SET_DATA, reset the current count as wellKen Raeburn2008-07-121-1/+1
| | | | | | | ticket: 6019 state: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20514 dc483132-0cff-0310-8789-dd5450dbe970
* Use all local addresses except loopback addresses, even if a non-loopbackKen Raeburn2008-07-121-17/+26
| | | | | | | | | | | | address appears on a loopback interface. This might happen if that's how your VPN code makes your local address visible. Use a variant of Apple's patch, extended to handle the other variations of local address determination. ticket: 6017 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20513 dc483132-0cff-0310-8789-dd5450dbe970
* Add comment and <TargetConditionals.h> to previousTom Yu2008-07-101-0/+11
| | | | | | | ticket: 6010 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20512 dc483132-0cff-0310-8789-dd5450dbe970
* Use #pragma pop on the Mac to ensure that the krb5_gic_opt_extTom Yu2008-07-101-0/+8
| | | | | | | | | structure has the same layout as the public version. ticket: 6010 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20511 dc483132-0cff-0310-8789-dd5450dbe970
* CCacheServer crashes iterating over creds which have been destroyedAlexandra Ellwood2008-07-101-7/+4
| | | | | | | | | | | | ccs_list_release was trying to manually delete the iterators with a broken for loop which skipped iterators. Since the iterators were referenced by the client, when the client exited it would tell the iterators to release themselves. The orphaned itertors would attempt to remove themselves from their list (which had been released) resulting in a crash. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20510 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Apple to handle missing krb5.conf for zeroconfTom Yu2008-07-101-2/+5
| | | | | | | | situations. ticket: 5632 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20509 dc483132-0cff-0310-8789-dd5450dbe970
* Don't print spurious errors to debug logsAlexandra Ellwood2008-07-092-6/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20508 dc483132-0cff-0310-8789-dd5450dbe970
* Add macro so we don't print deprecated warnings while building KfMAlexandra Ellwood2008-07-092-3/+3
| | | | | | | | Macro is defined in Kerberos5Prefix.h ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20507 dc483132-0cff-0310-8789-dd5450dbe970
* Use autogenerated darwin.exports files for server frameworksAlexandra Ellwood2008-07-094-2/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20506 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use "ccache" in error string printed to userAlexandra Ellwood2008-07-091-1/+1
| | | | | | | | ccache is a confusing abbreviation of credentials cache ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20505 dc483132-0cff-0310-8789-dd5450dbe970
* Use -dead_strip when linking dynamic libraries on DarwinKen Raeburn2008-07-091-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20504 dc483132-0cff-0310-8789-dd5450dbe970
* add copyright to lib/crypto/enc_provider/aes.cTom Yu2008-07-091-0/+26
| | | | | | | | | | | | lib/crypto/enc_provider/aes.c was missing a copyright statement. Added. ticket: new tags: pullup component: krb5-libs target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20503 dc483132-0cff-0310-8789-dd5450dbe970
* Changes to krb5_kt_default_name changed the krb5 ABI. RevertedAlexandra Ellwood2008-07-082-2/+3
| | | | | | | | | API prototype change and added a temporary variable to avoid casting problems. ticket: 5432 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20502 dc483132-0cff-0310-8789-dd5450dbe970
* Add kerberos iconAlexandra Ellwood2008-07-081-0/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20501 dc483132-0cff-0310-8789-dd5450dbe970
* Add EnableTransactions launchd option to CCacheServerAlexandra Ellwood2008-07-071-0/+2
| | | | | | | | | This prevents the CCacheServer from being killed before it is done handling all the mach messages. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20500 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_gic_opte_copy should copy elements individuallyAlexandra Ellwood2008-07-071-2/+13
| | | | | | | | | | Since we are copying from one structure to another, copy elements. Using memcpy is fragile. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20499 dc483132-0cff-0310-8789-dd5450dbe970
* kdc does not compile with glibc 2.8 Ezra Peisach2008-07-061-2/+2
| | | | | | | | | | | | | | | | | | | On Fedora 9, glibc 2.8 is used. The kdc code conditionalizes IPV6_PKTINFO and HAVE_STRUCT_IN6_PKTINFO in a number of places = but misses two for the struct one. /usr/include/netinet/in.h conditionalizes struct in6_pktinfo on __USE_GNU - which I believe implies a gnu libc extension. People on the net have defined GNU_SOURCE for various things to compile, etc. I do note that /usr/include/linux/ipv6.h exists with the same definition. I believe that ipv6 support in the kdc will not work with these changes - but the tree compiles. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20498 dc483132-0cff-0310-8789-dd5450dbe970
* stop exporting a few symbols internal to aes implementationKen Raeburn2008-07-031-5/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20497 dc483132-0cff-0310-8789-dd5450dbe970
* Added type checking for 64-bit platformsAlexandra Ellwood2008-07-011-7/+10
| | | | | | ticket: 6001 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20495 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_error_message returns const char *Alexandra Ellwood2008-07-011-2/+2
| | | | | | | | Changed temporary variables to use const char * ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20494 dc483132-0cff-0310-8789-dd5450dbe970
* memcpy(NULL, ptr, 0) is invalid, so don't do itKen Raeburn2008-06-301-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20492 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2008-06-301-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20491 dc483132-0cff-0310-8789-dd5450dbe970
* Big endian stash file supportAlexandra Ellwood2008-06-271-2/+18
| | | | | | | | | | Added support for stash files with a consistent endianness (big endian) so that one can migrate a KDC from a machine with one endianess to a machine with the other endianess. Used by Kerberos for Macintosh. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20489 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-15 23:46:47 +0000