summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Delete t_cccursor on cleanup. Add t_cc and t_cccursor to dependenciesKen Raeburn2007-01-201-1/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19076 dc483132-0cff-0310-8789-dd5450dbe970
* Add t_cccursor to UNIX testsKen Raeburn2007-01-201-2/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19075 dc483132-0cff-0310-8789-dd5450dbe970
* Added KDC timesyncing support to the CCAPI ccache backend for CCAPI v5 andAlexandra Ellwood2007-01-181-10/+72
| | | | | | | | | later. v5 is the first version of the CCAPI to support the kdc timesyncing API. ticket: 5403 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19071 dc483132-0cff-0310-8789-dd5450dbe970
* In addition to setting the kpasswd port afterJeffrey Altman2007-01-181-1/+3
| | | | | | | | | | searching for kadmind host addresses we must also set the socket type according to the request. ticket: 5393 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19070 dc483132-0cff-0310-8789-dd5450dbe970
* NIM Kerberos 5 Provider correctionsJeffrey Altman2007-01-183-17/+17
| | | | | | | | | | | | | | | | | | | | | | When validating a Kerberos 5 principal name, the request to the KDC should not request forwardable, renewable, or proxiable options as these may be blocked by policy and will result in the return of an error. Always treat the Kerberos 5 principal name as valid unless the KDC returns an error that clearly indicates that the principal name does not exist. Use a MEMORY: ccache for temporary storage instead of an API: ccache. Initialize pointer values with NULL instead of 0. ticket: new tags: pullup component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19069 dc483132-0cff-0310-8789-dd5450dbe970
* NIM Correct Visual Identity Expiration StatusJeffrey Altman2007-01-181-33/+34
| | | | | | | | | | | | | | | | | | | | | The visual status for the identities in NIM 1.1 was based upon the highest alert status of any credential that was associated with the identity. The correct behavior that is now implemented is that the identity status should be based solely upon the expiration state of the credentials obtained by the identity provider. For example, the Kerberos v5 identity provider will based the identity expiration status on the initial TGT. Service tickets with short lifetimes that expire do not prevent the acquisition of additional service tickets. Therefore, the identity should not be listed as expired. ticket: new tags: pullup component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19068 dc483132-0cff-0310-8789-dd5450dbe970
* NIM Kerberos v4 configuration dialog Jeffrey Altman2007-01-181-105/+152
| | | | | | | | | | | The Kerberos v4 options for individual identities was never wired. The controls were visible but they did not do anything. Implement them now for NIM 1.2. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19067 dc483132-0cff-0310-8789-dd5450dbe970
* NIM string tablesJeffrey Altman2007-01-187-85/+85
| | | | | | | | | | | | Update the string tables for NIM so that they are consistent. Always use "Kerberos v5" or "Kerberos v4". Refer to credentials instead of tickets. Do not abbreviate "Network Identity Manager". Etc. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19066 dc483132-0cff-0310-8789-dd5450dbe970
* sendto_kdc.c: use of a variable index into a dynamically Jeffrey Altman2007-01-181-2/+2
| | | | | | | | | | | | | | | | allocated array to determine the sizeof() an object makes it unclear what type of object is involved. It also requires a runtime check instead of a compile time replacement. Not to mention that it could lead to the evaluation of an uninitialized variable as was done in this case. Replace sizeof(array index variable) with sizeof(type). memset() the correct data structure. ticket: 5394 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19065 dc483132-0cff-0310-8789-dd5450dbe970
* * t_cccursor.c (do_chk): Reverse sense of test of do_chk_one return valueKen Raeburn2007-01-171-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19064 dc483132-0cff-0310-8789-dd5450dbe970
* Fix typo in checked-in versionKen Raeburn2007-01-161-1/+1
| | | | | | ticket: 5349 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19063 dc483132-0cff-0310-8789-dd5450dbe970
* This commit adds two new functions, krb5_server_decrypt_ticket_keyblock Jeffrey Altman2007-01-166-11/+160
| | | | | | | | | | | | | | | | | (private) and krb5_server_decrypt_ticket_keytab (public). These functions take a krb5_ticket as input and decrypt it using the provided key data. The public function is useful for higher level application protocols such a TLS-KRB5 and AFS RX-KRB5 which exchange a service but do not use the AP-REQ/AP-REP messages. This commit also adds new functionality to kvno which permits kvno when provided a keytab as input to verify whether or not the keytab contains a key that can successfully decrypt the obtains service ticket. ticket: 5349 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19062 dc483132-0cff-0310-8789-dd5450dbe970
* kfw wix installer - memory overwrite errorJeffrey Altman2007-01-141-1/+3
| | | | | | | | | | | | The custom handler allocates a buffer that is smaller than is required to hold the input. Allocate the correct sized buffer. ticket: new tags: pullup component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19061 dc483132-0cff-0310-8789-dd5450dbe970
* Update to KFW NSIS installerJeffrey Altman2007-01-131-1/+7
| | | | | | | | | | | Update copyright date, samples directory, and shortcut to NetIDMgr documentation ticket: new component: windows tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19060 dc483132-0cff-0310-8789-dd5450dbe970
* updated Windows READMEJeffrey Altman2007-01-131-8/+5
| | | | | | | | | | | Revise the readme text for Windows. Remove references to old beta SDKs. ticket: new tags: pullup component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19059 dc483132-0cff-0310-8789-dd5450dbe970
* krb5-1.7-prereleaseTom Yu2007-01-111-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19056 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2006-003: mechglue argument handling too laxTom Yu2007-01-0925-277/+832
| | | | | | | | | | | | | | | Fix mechglue argument checks so that output pointers are always initialized regardless of whether the other arguments fail to validate for some reason. This avoids freeing of uninitialized pointers. Initialize the gss_buffer_descs in ovsec_kadmd.c. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19043 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2006-002: svctcp_destroy() can call uninitialized function pointerTom Yu2007-01-091-0/+5
| | | | | | | | | | | | | | | Explicitly null out xprt->xp_auth when AUTH_GSSAPI is being used, so that svctcp_destroy() will not call through an uninitialized function pointer after code in svc_auth_gssapi.c has destroyed expired state structures. We can't unconditionally null it because the RPCSEC_GSS implementation needs it to retrieve state. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19042 dc483132-0cff-0310-8789-dd5450dbe970
* create KDC database directoryKen Raeburn2007-01-081-0/+1
| | | | | | | | | | | | | The default directory for the KDC database files doesn't exist after a normal "make install". Reported by Jeff Blaine. * Makefile.in (INSTALLMKDIRS): Add var (really localstatedir) and var/krb5kdc to directories to be created at "make install" time, even though it'll be empty on most machines (since most probably aren't KDCs). ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19039 dc483132-0cff-0310-8789-dd5450dbe970
* crash creating db2 database in non-existent directoryKen Raeburn2007-01-081-18/+15
| | | | | | | | | | | | * kdb_db2.c (krb5_db2_db_create): If the creation of the first database file fails, return the error, instead of attempting to create the second (and using a null pointer as an input string in formatting a filename). Reported by Jeff Blaine. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19038 dc483132-0cff-0310-8789-dd5450dbe970
* * lib.in (clean-libs): Delete darwin.exports and hpux10.exports.Ken Raeburn2007-01-062-3/+3
| | | | | | | * libnover.in (clean-libs): Use $(DYNOBJEXT) instead of $(SHLIBEXT) for extension on object to delete. Also delete darwin.exports and hpux10.exports. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19037 dc483132-0cff-0310-8789-dd5450dbe970
* * ldap_principal.c (attributes_set): Swap first two elementsKen Raeburn2007-01-032-2/+4
| | | | | | | | | Also add comments indicating that this array and the KDB_*_ATTR macros need to be in sync. ticket: 5260 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19031 dc483132-0cff-0310-8789-dd5450dbe970
* update ldap/Makefile.in for newer autoconf substitution requirementsKen Raeburn2007-01-031-2/+2
| | | | | | | | | | | | | | | | The other makefile.in files have had the makefile-fragment substitution lines updated to not have "#" at the front, because some recent versions of autoconf require that the @-pattern start at the beginning of the line. We missed plugins/kdb/ldap/Makefile.in at the time. Patch from Michael Calmer. ticket: new target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19030 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (install): Install kdb5_ldap_util.M. Based on patch fromKen Raeburn2007-01-031-0/+1
| | | | | | | | | Michael Calmer. ticket: 3906 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19029 dc483132-0cff-0310-8789-dd5450dbe970
* * kdc_util.h (CONVERT_INTO_DB, CONVERT_OUTOF_DB): Unused macros deletedKen Raeburn2007-01-021-4/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19025 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak in tests/gssapi/t_imp_name.cEzra Peisach2006-12-311-1/+3
| | | | | | | | | Memory leak by not releasing name_oid from gss_display_name(). (conditional on GSSAPI_V2 being defined). ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19024 dc483132-0cff-0310-8789-dd5450dbe970
* Repair broken links in NetIdMgr Help Jeffrey Altman2006-12-314-6/+6
| | | | | | | | | A small number of links contained the wrong root directory. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19023 dc483132-0cff-0310-8789-dd5450dbe970
* If gss_krb5int_unseal_token_v3() unwraps a message of length 0 - freeEzra Peisach2006-12-301-0/+4
| | | | | | | | | | | memory and return in message_buffer a NULL pointer for value. This is consistant with gss_release_buffer in the mechglue implementation in which memory is only freed if the buffer length != 0. ticket: 5233 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19022 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak if defective header present in gss_krb5int_unseal_token_v3Ezra Peisach2006-12-301-1/+3
| | | | | | | | | | If after unsealing the message, the TOK_ID is not 05 04, free memory before returning a defective token error. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19021 dc483132-0cff-0310-8789-dd5450dbe970
* * copy_data.c (krb5_copy_data): Use krb5int_copy_data_contentsKen Raeburn2006-12-281-10/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19019 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_memory.c (krb5_mcc_next_cred): Use krb5int_copy_creds_contentsKen Raeburn2006-12-281-45/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19018 dc483132-0cff-0310-8789-dd5450dbe970
* * lib/krb5/krb/copy_creds.c (krb5int_copy_creds_contents): New function, splitKen Raeburn2006-12-282-2/+24
| | | | | | | | out from krb5_copy_creds. (krb5_copy_creds): Call it. * include/k5-int.h (krb5int_copy_creds_contents): Declare. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19017 dc483132-0cff-0310-8789-dd5450dbe970
* comment the various data structuresKen Raeburn2006-12-281-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19016 dc483132-0cff-0310-8789-dd5450dbe970
* Some related changes were already in, and I found a couple more to make:Ken Raeburn2006-12-223-13/+18
| | | | | | | | | | | | | | | | | | | | | | | * ldap_realm.c (ldap_filter_correct): Change string argument to char *. Delete length argument, which was always strlen of the string argument, and compute it locally, using size_t instead of (unsigned) int for length-related values. Update all calls. * ldap_realm.h (ldap_filter_correct): Updated declaration. * ldap_misc.c (remove_overlapping_subtrees): Add forward declaration. Make static. (is_principal_in_realm): Change local variable defrealmlen to size_t. (store_tl_data): Change local variable curr to point to unsigned char, since that's what the tl_data_contents array is declared as, and what the STORE16_INT macro is happier with. (krb5_ldap_get_reference_count): Make local variable i unsigned. ticket: 4453 target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19009 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): FixTom Yu2006-12-221-3/+4
| | | | | | | | ordering bug in previous patch. ticket: 5123 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19007 dc483132-0cff-0310-8789-dd5450dbe970
* Merge r18962 to trunk, with minor tweaks; ready to merge to 1.6 branchKen Raeburn2006-12-204-59/+52
| | | | | | | | | Changes fix up some sample names used, remove some options described from certain commands, and fix filling in man pages. ticket: 5116 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19000 dc483132-0cff-0310-8789-dd5450dbe970
* use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC in preauth2.cTom Yu2006-12-191-3/+3
| | | | | | | | | | | | * src/lib/krb5/krb/preauth2.c (krb5_do_preauth_tryagain): Use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18977 dc483132-0cff-0310-8789-dd5450dbe970
* don't pass null pointer to krb5_do_preauth_tryagain()Tom Yu2006-12-191-17/+24
| | | | | | | | | | | | | * src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): If the error isn't PREAUTH_NEEDED and preauth_to_use is null, return the error in err_reply, rather than attempting to pass a null pointer to krb5_do_preauth_tryagain(). ticket: new status: open target_version: 1.6 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18976 dc483132-0cff-0310-8789-dd5450dbe970
* ktfns.c (krb5_kt_get_entry): If the supplied server principal has an emptyKen Raeburn2006-12-191-1/+18
| | | | | | | | | realm name, replace it with the default realm, in a private copy. ticket: 5121 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18975 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_is_referral_realm now takes a pointer to const krb5_data, since it doesn'tKen Raeburn2006-12-192-2/+2
| | | | | | | | | modify it. ticket: 5121 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18974 dc483132-0cff-0310-8789-dd5450dbe970
* Use __extension__ if initializing by field name and using GCC in pre-C99 modeKen Raeburn2006-12-191-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18973 dc483132-0cff-0310-8789-dd5450dbe970
* (k5_mutex_lock_update_stats) [!DEBUG_THREADS_STATS && __GNUC__]: DeclareKen Raeburn2006-12-191-2/+3
| | | | | | | arguments with "unused" attribute. (k5_pthread_mutex_lock) [DEBUG_THREADS && __GNUC__]: Use __extension__. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18972 dc483132-0cff-0310-8789-dd5450dbe970
* export krb5_get_init_creds_opt_set_change_password_promptTom Yu2006-12-191-0/+1
| | | | | | ticket: 5090 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18970 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_rc_io_open_internal on error will call close(-1)Ezra Peisach2006-12-181-1/+3
| | | | | | | | | | | If there is an error in opening the replay cache - memory is freed, but close() is invoked with -1 (failure from open()). While technically, close() will return EBADF in such a case, and nothing bad will happen, valgrind picks up on this and provides an error... ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18961 dc483132-0cff-0310-8789-dd5450dbe970
* Inovke krb5_rc_close to shutdown cache - and check for memory leaksEzra Peisach2006-12-181-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18960 dc483132-0cff-0310-8789-dd5450dbe970
* Add -clearpolicy to kadmin addprinc usageRuss Allbery2006-12-161-1/+1
| | | | | | | | | | | | | Add -clearpolicy to the usage message returned by kadmin when one types addprinc without any arguments. ticket: new Component: krb5-admin Version_Reported: 1.4.4 Target_Version: 1.6 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18955 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_init_creds_opt_set_change_password_promptJeffrey Altman2006-12-146-2/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | krb5_get_init_creds_opt_set_change_password_prompt is a new gic option that permits the prompter code to be skipped when the password has expired. This option is meant to be used by credential managers such as NetIDMgr and Kerberos.app that have their own built in password change dialogs. This patch adds the new function, exports it on Windows, and makes use of it within the Krb5 identity provider for NetIDMgr. The patch is written to ensure that no changes to the krb5_get_init_creds_opt structure are required and to ensure that the default behavior, prompting, is maintained. The export lists for UNIX and KFM must still be updated. The function prototype was committed as part of ticket 3642. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18954 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-12-131-17/+25
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18949 dc483132-0cff-0310-8789-dd5450dbe970
* Pull r18927 up to trunk, and tweak check for "history" principal nameKen Raeburn2006-12-131-165/+257
| | | | | | | | | | | to be a little more precise. Ready for pullup to 1.6 branch; make depend should be run. ticket: 5009 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18948 dc483132-0cff-0310-8789-dd5450dbe970
* set AUTOCONF_HEADERKen Raeburn2006-12-137-0/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18947 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-24 03:03:33 +0000