summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix a typo in krb5.conf: ldap_server should be ldap_servers, as theRuss Allbery2008-05-111-2/+2
| | | | | | | | | latter is what the LDAP KDB plugin looks for. Ticket: 5544 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20316 dc483132-0cff-0310-8789-dd5450dbe970
* Move KIM implementation to the krb5 repositoryAlexandra Ellwood2008-05-0756-0/+20880
| | | | | | | | | Moved sources and headers. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20314 dc483132-0cff-0310-8789-dd5450dbe970
* (more) After malloc/realloc/calloc/strdup/asprintf failures, useKen Raeburn2008-04-3010-31/+31
| | | | | | | | ENOMEM explicitly instead of reading it from errno. This may make static analysis tools less confused about when we return zero vs nonzero values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20313 dc483132-0cff-0310-8789-dd5450dbe970
* After malloc/realloc/calloc failures, return ENOMEM explicitly insteadKen Raeburn2008-04-3021-51/+51
| | | | | | | of reading it from errno. This may make static analysis tools less confused about when we return zero vs nonzero values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20312 dc483132-0cff-0310-8789-dd5450dbe970
* Properly escape - in kdb5_ldap_util man pageRuss Allbery2008-04-281-55/+55
| | | | | | | | | | | | | | | | The LDAP plugin introduced a new man page which has unescaped hyphens. Unicode-aware groffs may convert those to real hyphens rather than the intended ASCII hyphen. This patch adds backslashes in front of all the bare hyphens that I plus Debian's lintian program could find to force interpretation as ASCII hyphens. Ticket: new Component: krb5-doc Version_Reported: 1.6.3 Target_Version: 1.6.4 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20311 dc483132-0cff-0310-8789-dd5450dbe970
* Left-shifting all the way in signed math is undefined, use unsignedKen Raeburn2008-04-251-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20310 dc483132-0cff-0310-8789-dd5450dbe970
* Multiple assignments without sequence points invoke undefinedKen Raeburn2008-04-251-6/+12
| | | | | | | behavior, even if the assignments all compute and store the same value. Don't put an assignment in the argument to macro ff(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20309 dc483132-0cff-0310-8789-dd5450dbe970
* Generate a large enough array to hold all the base/extension pairs.Alexandra Ellwood2008-04-251-11/+17
| | | | | | | | Store pairs without overlapping. ticket: 5948 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20308 dc483132-0cff-0310-8789-dd5450dbe970
* Remove sched_yield usesKen Raeburn2008-04-241-56/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20307 dc483132-0cff-0310-8789-dd5450dbe970
* Don't do UTF-8 bits (and include Apple headers) when just rebuilding ↵Ken Raeburn2008-04-241-2/+2
| | | | | | dependencies git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20306 dc483132-0cff-0310-8789-dd5450dbe970
* fix possible buffer overrun in handling generic-error returnKen Raeburn2008-04-181-2/+3
| | | | | | | | | | | | | | | | | | | Jeff Altman reported this, based on a crash seen in KfW in the wild. The krb5_data handle used to describe the message field returned by the KDC is not null-terminated, but we use a "%s" format to incorporate it into an error message string. In the right circumstances, garbage bytes can be pulled into the string, or a memory fault may result. However, as this is in the error-reporting part of the client-side code for fetching new credentials, it's a relatively minor DoS attack only, not a serious security exposure. Should be fixed in the next releases, though. ticket: new target_version: 1.6.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20304 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out generic array expansion code from array_append macro into aKen Raeburn2008-04-031-7/+22
| | | | | | | separate function. Add some range checks, and don't bother separating malloc vs realloc depending on previous pointer value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20302 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 220: NULL check of "buf" after dereferenceKen Raeburn2008-03-291-1/+3
| | | | | | | | All call sites have previously dereferenced the pointer, but to keep the interface simple, keep the null check, and move the dereference to after it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20300 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 46: mech_type will always have the address of anKen Raeburn2008-03-291-3/+0
| | | | | | | | automatic variable, so can never be null (GSS_C_NULL_OID). Delete null check and unreachable conditional code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20299 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 47: Unreachable codeKen Raeburn2008-03-291-6/+0
| | | | | | Delete redundant "status" check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20298 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 91: Context is tested for null, and then unconditionallyKen Raeburn2008-03-291-1/+1
| | | | | | | | dereferenced. Remove unneeded null check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20297 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 101: Fix minor bounds check errorKen Raeburn2008-03-291-1/+1
| | | | | | | | | | Coverity CID 101: Fix minor bounds check error. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20296 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 228: Possible use of uninitialized variable time_req inKen Raeburn2008-03-292-1/+30
| | | | | | | | | | gss_add_cred if cred_usage has an invalid value. (Also flagged by GCC.) Changed validation routines for gss_add_cred, gss_acquire_cred, and gss_store_cred to check the cred_usage value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20295 dc483132-0cff-0310-8789-dd5450dbe970
* Protect CFBundle calls with mutexesAlexandra Ellwood2008-03-211-81/+84
| | | | | | | | | | | | | | | | | CFBundles are refcounted and the recounts are not threadsafe. Protect CFBundles used for loading bundled plugins with a mutex to prevent crashes when multiple threads are loading and unloading the same plugin. As part of this we use thread-safe dlopen/dlsym/dlclose for the actual loading and unloading and just use CFBundle to get the path to the actual executable. This reduces the number of places we need to wrap CFBundles with mutexes and the amount of Mac-specific code in the plugin code. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20285 dc483132-0cff-0310-8789-dd5450dbe970
* Generate ccapi.def export list from V2, V3, debug lists. It is no longer a ↵Kevin Koch2008-03-204-40/+27
| | | | | | | | | | | | | | file in the repository Update test Makefile.in to use file ccapi_string.c. TargetVersion: 1.7 Component: krb5-libs Ticket: 5594 Tags: pullup Subj: Work on compiling the CCAPI test suite on Windows. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20284 dc483132-0cff-0310-8789-dd5450dbe970
* Fix MITKRB5-SA-2008-001 on trunk. Patch differs from the released oneKen Raeburn2008-03-183-55/+48
| | | | | | | | for 1.6 because of code divergence. ticket: 5919 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20280 dc483132-0cff-0310-8789-dd5450dbe970
* CCacheServer should track client iteratorsAlexandra Ellwood2008-03-1812-31/+279
| | | | | | | | | | The CCacheServer needs to track client iterators so that if a client crashes while iterating the resources on the server for that iterator are freed. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20279 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2008-002Ken Raeburn2008-03-182-2/+29
| | | | | | | | | | | | | | Fix MITKRB5-SA-2008-002: array overrun in libgssrpc. Don't update the internally-tracked maximum file descriptor value if the new one is FD_SETSIZE (or NOFILE) or above. Reject TCP file descriptors of FD_SETSIZE (NOFILE) or above. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20278 dc483132-0cff-0310-8789-dd5450dbe970
* Detect if the Vista version of ntsecapi.h is presentKevin Koch2008-03-184-2/+42
| | | | | | | | | | TargetVersion: 1.7 Component: krb5-libs Ticket: 19569 tAGS: PULLUP Subj: Tweaks for 1.7 build on Windows. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20277 dc483132-0cff-0310-8789-dd5450dbe970
* cc_ccache_iterator_release, cc_credentials_iterator leak server memoryAlexandra Ellwood2008-03-142-0/+31
| | | | | | | | | | | | | | cc_ccache_iterator_release and cc_credentials_iterator leak memory on the CCacheServer because they do not send an ipc message to the server telling it to free up resources associated with the iterator. Note: this issue does not track needing to be able to free up these same resources when the client crashes. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20276 dc483132-0cff-0310-8789-dd5450dbe970
* Include .h files and move all declarations above all code, for Windows C ↵Kevin Koch2008-03-137-347/+51
| | | | | | | | | | | | | | compilation Update makefiles to include new modules. TargetVersion: 1.7 Component: krb5-libs Ticket: 5594 Tags: pullup Subj: Work on compiling the CCAPI test suite on Windows. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20275 dc483132-0cff-0310-8789-dd5450dbe970
* Invalid assignment while trying to set input to NULLAlexandra Ellwood2008-03-131-1/+5
| | | | | | | | | | | cc_seq_fetch_NCs_end and cc_seq_fetch_creds_end should try to set their iterator inputs to NULL. Fixed code to assign the inputs to NULL rather than the temporary variables. (Not sure why the previous code was even compiling on the Mac.) ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20274 dc483132-0cff-0310-8789-dd5450dbe970
* removed unused header file inclusion CoreFoundation.hAlexandra Ellwood2008-03-131-5/+0
| | | | | | | | Was there for a workaround to a bug in AppleConnect. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20273 dc483132-0cff-0310-8789-dd5450dbe970
* Accidentally added file with wrong name. RemovedAlexandra Ellwood2008-03-121-0/+0
| | | | | | ticket: 5909 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20272 dc483132-0cff-0310-8789-dd5450dbe970
* Accidentally added empty file. RemovedAlexandra Ellwood2008-03-121-0/+0
| | | | | | ticket: 5909 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20271 dc483132-0cff-0310-8789-dd5450dbe970
* Added tests for iterators and NC info. Added test programs forAlexandra Ellwood2008-03-1231-64/+930
| | | | | | | | | each test. Cleaned up portability issues introduced by Windows testing. ticket: 5909 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20270 dc483132-0cff-0310-8789-dd5450dbe970
* Add CCAPI v2 testsAlexandra Ellwood2008-03-104-4/+1434
| | | | | | | | First pass at CCAPI v2 tests. More commits to this bug will follow. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20269 dc483132-0cff-0310-8789-dd5450dbe970
* Remove C warningsAlexandra Ellwood2008-03-1010-31/+31
| | | | | | | | | Some C++ conventions in the CCAPI tests were producing warnings on C compilers. Fixed code to stop producing warnings. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20268 dc483132-0cff-0310-8789-dd5450dbe970
* Removed script to run cc_context_get_version testAlexandra Ellwood2008-03-102-17/+0
| | | | | | ticket: 5907 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20267 dc483132-0cff-0310-8789-dd5450dbe970
* Removed tests for check_cc_context_get_versionAlexandra Ellwood2008-03-103-108/+24
| | | | | | | | | | cc_context_get_version was part of the original CCAPI v3 documentation but was never actually implemented. Now that it has been removed from the documentation we should remove the test. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20266 dc483132-0cff-0310-8789-dd5450dbe970
* Fixed error code remappingAlexandra Ellwood2008-03-101-5/+29
| | | | | | | | Modified error code remapping to be consistent with CCAPI v2 documentation. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20265 dc483132-0cff-0310-8789-dd5450dbe970
* cc_remove_cred should only remove one credAlexandra Ellwood2008-03-101-8/+8
| | | | | | | | | | Fixed cc_remove_cred so it only removes the first matching cred. Also fixed the error handling so it returns errors other than CC_NOTFOUND. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20264 dc483132-0cff-0310-8789-dd5450dbe970
* cc_set_principal should return error on bad cred versionAlexandra Ellwood2008-03-101-0/+9
| | | | | | | | | | When the caller passes in a version different than the one the ccache was opened with, cc_set_principal should return CC_ERR_CRED_VERSION because "cred_vers is used as a double check". ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20263 dc483132-0cff-0310-8789-dd5450dbe970
* Fix pointer cast in cc_seq_fetch_NCs_endAlexandra Ellwood2008-03-101-3/+3
| | | | | | | | | | cc_seq_fetch_NCs_end incorrectly casts from CCAPI v2 to CCAPI v3 types. Cleaned up cc_seq_fetch_creds_end at the same time (it was correct but difficult to read). ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20262 dc483132-0cff-0310-8789-dd5450dbe970
* cci_cred_union_compare_to_credentials_union doesn't work for v5 credsAlexandra Ellwood2008-03-101-1/+1
| | | | | | | | | Fixed a bug in cci_cred_union_compare_to_credentials_union where it always returned an error when comparing v5 creds. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20261 dc483132-0cff-0310-8789-dd5450dbe970
* CCAPI v2 support crash when client or server strings are NULLAlexandra Ellwood2008-03-101-9/+25
| | | | | | | | | | The CCAPI v2 support will crash if passed in a krb5 credential with the client or server principal strings set to NULL. Since CCAPI v3+ support checks for this we should check in CCAPI v2. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20260 dc483132-0cff-0310-8789-dd5450dbe970
* ccs_ccache_reset should check all arguments for NULLAlexandra Ellwood2008-03-101-1/+3
| | | | | | ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20259 dc483132-0cff-0310-8789-dd5450dbe970
* Include signal.h before ftp_var.h to silence my_sig_t redefinition problemKen Raeburn2008-03-042-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20256 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak by delaying instantiation of lid until it's neededJustin Anderson2008-03-041-7/+6
| | | | | | | ticket: 5897 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20254 dc483132-0cff-0310-8789-dd5450dbe970
* Add "-framework CoreFoundation" to crypto library link command in darwin-modeKen Raeburn2008-03-042-1/+8
| | | | | | | | | build on mac. ticket: 5894 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20253 dc483132-0cff-0310-8789-dd5450dbe970
* lib/win/Makefile.in: AddedKevin Koch2008-02-2911-35/+268
| | | | | | | | | | | | | | | ccutils.c, ccapi_os_ipc.cxx, ccs_reply_proc.c, ccs_os_server.cpp, ccs_reply_proc.c, ccs_win_pipe.c: comment out some debug messages. test/Makefile.in: change which tests are built. test/test_ccapi_context.c: API version 2 is now expected to pass. test/test_ccapi_iterators.c: Add progress indicator for long tests. TargetVersion: 1.7 Component: krb5-libs Ticket: 5594 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20244 dc483132-0cff-0310-8789-dd5450dbe970
* Make a NUL-terminated copy of realm name before passing to a pluginTom Yu2008-02-291-1/+16
| | | | | | | | | | interface that takes a C string rather than krb5_data. ticket: 5893 tags: pullup target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20243 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_arcfour_string_to_key does not support utf-8 stringsAlexandra Ellwood2008-02-261-9/+47
| | | | | | | | | | | | | | | | krb5int_arcfour_string_to_key converts C strings to UTF-16 before passing them to the string to key function. Currently the UTF-16 conversion assumes the input string is ASCII only. Added support to convert UTF-8 strings to UTF-16 on Mac OS X. Leaving the bug open until we discuss if we want to have implementations for Unix and Windows platforms. ticket: new status: open target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20242 dc483132-0cff-0310-8789-dd5450dbe970
* Remove stop-here target that stops the buildKevin Koch2008-02-191-1/+1
| | | | | | | | | TargetVersion: 1.7 Component: krb5-libs Ticket: 5594 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20234 dc483132-0cff-0310-8789-dd5450dbe970
* Changes to integrate the CCAPI build into the build structure, build the ↵Kevin Koch2008-02-1922-143/+367
| | | | | | | | | | | | | | | | | | | | | | | test suite and fixes to random problems discovered along the way Since no platform other than windows builds CCAPI using the build system, some conditionalizing may be necessary when other platforms use the makefiles. src/Makefile.in: Add CPPFLAGS that seemed to be missing; run wconfig for ccapi/(lib, server, test). config/win-pre.in: DEBUGOPT /ZI doesn't seem to provide enough debugging information under VS2005; /Zi does. windows/build/bkw.pl: Fix -no<switch> so that -nonodebug will work. Otherwise, can't do debug build. Move Get/PutTspData out of dllmain; add tlsindex argument. Comment out some debug messages. TargetVersion: 1.7 Component: krb5-libs Ticket: 5594 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20229 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-15 21:14:11 +0000