summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Patches from Will Fiveash to allow for configuration and building onKen Raeburn2006-08-314-11/+55
| | | | | | | Solaris. Tested (configured & built) on RHEL 4 and Solaris 10. One minor bugfix added. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18554 dc483132-0cff-0310-8789-dd5450dbe970
* * shlib.conf (*-*-linux*): Use LDFLAGS in LDCOMBINEKen Raeburn2006-08-301-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18553 dc483132-0cff-0310-8789-dd5450dbe970
* Some mechanical changes (mostly whitespace, like indentation levels)Ken Raeburn2006-08-307-3042/+2911
| | | | | | to match up better with MIT coding style. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18552 dc483132-0cff-0310-8789-dd5450dbe970
* Some mechanical changes (mainly whitespace) to match up better withKen Raeburn2006-08-2918-1988/+1911
| | | | | | MIT coding style. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18551 dc483132-0cff-0310-8789-dd5450dbe970
* Rename KRB5_KDB_PLUGIN_OP_NOTSUPP to KRB5_PLUGIN_OP_NOTSUPP and move to krb5 ↵Ken Raeburn2006-08-294-9/+9
| | | | | | table git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18550 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-08-291-5/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18549 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Savitha R:Ken Raeburn2006-08-2917-495/+204
| | | | | | | | | | | | | | | | | | | | | | ldap_util 1. Kdb5_ldap_util interface Removed supp enctypes, suppsalttypes from create realm and modify realm since they are currently not used 2. memset passwd strings to zero when not used any more 3. Using krb5_sname_to_principal in place of gethostbyname while creating the kadmin principal with hostname. libkdb_ldap 1. Added mandatory functions which were missing in the LDAP plug-in 2. Error handling changes - Setting the error message in the kerberos context when decryption of the service passwd fails or connection to the LDAP server fails during initialization. Additional changes: libkdb_ldap: Link against com_err library, to provide error_message(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18548 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-08-231-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18519 dc483132-0cff-0310-8789-dd5450dbe970
* Merge Todd's TCP changepw support, with a few fixupsKen Raeburn2006-08-237-336/+444
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * include/cm.h (state_strings, enum conn_states, struct incoming_krb5_message, struct conn_state): Moved here from lib/krb5/os/sendto_kdc.c. (stuct sendto_callback_info): New type. * lib/krb5/os/sendto_kdc.c (set_conn_state_msg_length): New function. (setup_connection): Deleted argument message_len_buf. Don't store message length; call set_conn_state_msg_length instead. (start_connection): New arguments callback_info and callback_buffer. Invoke callback function if any, and set message length on success. (maybe_send): New arguments callback_info and callback_buffer; pass them to start_connection. (krb5int_sendto): New arguments callback_info, remoteaddr, remoteaddrlen. If callback info is provided, allocate per-connection buffers, and pass them to maybe_send. On cleanup, invoke the cleanup callback function if any. (krb5_sendto_kdc): Update krb5int_sendto call. * include/k5-int.h (struct sendto_callback_info): Add forward declaration. (krb5int_sendto, struct _krb5int_access.sendto_udp): Update for new signature. * lib/krb5/os/send524 (krb5int_524_sendto_kdc): Update krb5int_sendto call. * lib/krb4/send_to_kdc.c (krb5int_send_to_kdc_addr): Update sendto_udp call. * lib/krb5/os/changepw.c (struct sendto_callback_context): New type. (krb5_locate_kpasswd): New argument useTcp, used to select socket type in krb5int_locate_server call. (kpasswd_sendto_msg_cleanup, kpasswd_sendto_msg_callback): New functions. (krb5_change_set_password): Call krb5int_sendto with callbacks, instead of managing the exchange here. On RESPONSE_TOO_BIG error, try again with TCP only. * lib/krb5/krb/chpw.c (krb5int_rd_chpw_rep): If length is wrong, check if a buggy server sent a KRB_ERROR. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18518 dc483132-0cff-0310-8789-dd5450dbe970
* Update auxiliary version number for NetIDMgrJeffrey Altman2006-08-232-4/+4
| | | | | | ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18499 dc483132-0cff-0310-8789-dd5450dbe970
* * install NetIDMgr plug-in sample as part of SDKJeffrey Altman2006-08-233-3/+59
| | | | | | | | * install netidmgr.exe (win2000 version) ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18498 dc483132-0cff-0310-8789-dd5450dbe970
* * newcredwnd.c - erase the password field on errorJeffrey Altman2006-08-231-1/+27
| | | | | | | | during new credential acquisition ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18497 dc483132-0cff-0310-8789-dd5450dbe970
* * Fix auto-registration of plug-in modules Jeffrey Altman2006-08-231-2/+17
| | | | | | | | if there is no plug-in list specified ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18496 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile - do not etag the Win2000 version of Jeffrey Altman2006-08-231-1/+2
| | | | | | | | the NetIDMgr.exe ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18495 dc483132-0cff-0310-8789-dd5450dbe970
* improvements to netidmgr dialogsJeffrey Altman2006-08-229-119/+197
| | | | | | | | | | | | | | | * ensure that buttons are disabled while actions are in process * allow plug-ins to specify italic text * fix some documentation * reformat langres.rc ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18494 dc483132-0cff-0310-8789-dd5450dbe970
* clean up mkrel patchlevel.h editing etcTom Yu2006-08-211-2/+3
| | | | | | | | | | | * src/util/mkrel: Be more careful editing KRB5_RELDATE. Delete '$ac_config_fragdir' autoconf droppings. ticket: new tags: pullup target_version: 1.5.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18475 dc483132-0cff-0310-8789-dd5450dbe970
* NetIDMgr Credential Provider Sample Code and DocumentationJeffrey Altman2006-08-1715-0/+2418
| | | | | | | | | | | | | | | This commit provides a template for a Network Identity Manager Credential Provider. It doesn't provide any real functionality but it does provide all of the functions that need to be specified and filled in as part of the process of producing a NetIdMgr plug-in. This code should be pulled up to 1.4.x for inclusion in the KFW 3.1 SDK as well as to 1.5.x. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18464 dc483132-0cff-0310-8789-dd5450dbe970
* cc_err_xlate: Updated error mappings to generate the same errors as ccapiv2.Alexandra Ellwood2006-08-161-8/+14
| | | | | | | | | | stdccv3_setup: Don't translate errors since cc_err_xlate isn't idempotent. krb5_stdccv3_resolve: Don't fail if we can't open the ccache. ticket: 3936 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18458 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb5_ldap_realm.c (kdb5_ldap_create): In assertion test of hardcoded charKen Raeburn2006-08-151-1/+1
| | | | | | array sizes, test against the size we actually need. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18449 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_default.c (krb5_def_store_mkey): If the file can't be opened, constructKen Raeburn2006-08-151-0/+3
| | | | | | an error message that includes the file's name. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18448 dc483132-0cff-0310-8789-dd5450dbe970
* Set datarootdir in each Makefile to make Autoconf 2.60 happierRuss Allbery2006-08-151-0/+1
| | | | | | | | | | Ticket: 3965 Component: krb5-build Version_Reported: 1.5 Tags: pullup Target_Version: 1.5.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18444 dc483132-0cff-0310-8789-dd5450dbe970
* * src/clients/ksu/main.c (sweep_up): Don't check return value ofTom Yu2006-08-151-2/+3
| | | | | | | | | krb5_seteuid(0), as it is not harmful for it to fail, and it will fail after setuid(target_user). Correct error message. ticket: 4137 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18438 dc483132-0cff-0310-8789-dd5450dbe970
* fix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilitiesTom Yu2006-08-087-17/+51
| | | | | | | | | | | | | | | | | | | * src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive): * src/appl/bsd/v4rcp.c (main): * src/appl/bsd/krcp.c (main): * src/appl/bsd/krshd.c (doit): * src/appl/bsd/login.c (main): * src/clients/ksu/main.c (sweep_up): * src/lib/krb4/kuserok.c (kuserok): Check return values from setuid() and related functions to avoid privilege escalation vulnerabilities. Fixes MITKRB5-SA-2006-001. [CVE-2006-3083, VU#580124, CVE-2006-3084, VU#401660] ticket: new target_version: 1.5.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18420 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/gssapi/mechglue/mglueP.h: Add loopback field to opaqueTom Yu2006-08-0711-1/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | structs of gss_ctx_id_t, gss_name_t, gss_cred_id_t to catch some application programming errors. Add new macro GSSINT_CHK_LOOP() which returns non-zero if loopback field doesn't point to itself. * src/lib/gssapi/mechglue/g_accept_sec_context.c (gss_accept_sec_context): * src/lib/gssapi/mechglue/g_acquire_cred.c (gss_add_cred) (gss_acquire_cred): * src/lib/gssapi/mechglue/g_delete_sec_context.c (gss_delete_sec_context): * src/lib/gssapi/mechglue/g_glue.c (gssint_convert_name_to_union_name): * src/lib/gssapi/mechglue/g_imp_name.c (gss_import_name): * src/lib/gssapi/mechglue/g_imp_sec_context.c (gss_import_sec_context): * src/lib/gssapi/mechglue/g_init_sec_context.c (gss_init_sec_context): Set loopback pointers. * src/lib/gssapi/mechglue/g_delete_sec_context.c (gss_delete_sec_context): * src/lib/gssapi/mechglue/g_rel_cred.c (gss_release_cred): * src/lib/gssapi/mechglue/g_rel_name.c (gss_release_name): Call GSSINT_CHK_LOOP() to validate loopback pointer. ticket: 4063 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18417 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Michael Calmer to fix some uninitialized variablesTom Yu2006-08-025-1/+10
| | | | | | | | | | | | | | | | | | | | | | * src/appl/gssftp/ftpd/ftpd.c (auth_data): Initialize stat_maj, accept_maj, acquire_maj. * src/appl/telnet/libtelnet/kerberos5.c (kerberos5_send): Intialize rdata. * src/kdc/do_tgs_req.c (process_tgs_req): Initialize magic and tr_contents.magic. * src/lib/krb5/asn.1/krb5_decode.c (decode_krb5_safe_with_body): Initialize tmpbody.magic. * src/plugins/kdb/db2/libdb2/hash/dbm.c (kdb2_fetch) (kdb2_firstkey, kdb2_nextkey): Initialize dsize. ticket: 3904 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18404 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/gssapi/mechglue/g_initialize.c (gss_release_oid): CallTom Yu2006-08-011-0/+3
| | | | | | | | | gssint_initialize_library to ensure mutex is initialized. ticket: 4088 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18397 dc483132-0cff-0310-8789-dd5450dbe970
* Changed GSSAPI opaque types (gss_name_t, gss_cred_id_t, gss_ctx_id_t) fromAlexandra Ellwood2006-07-2513-42/+49
| | | | | | | | | | | | | | void* to pointers to opaque structs. This change removed some casts and introduced or changed a bunch of other casts to suppress warnings. krb5_gss_accept_sec_context(): Fixed a bug found by the above changes where krb5_gss_release_cred() was being called with the wrong argument 2 (gss_cred_id_t instead of gss_cred_id_t*). ticket: 4057 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18396 dc483132-0cff-0310-8789-dd5450dbe970
* gss_canonicalize_name(): Added parens to removeAlexandra Ellwood2006-07-251-4/+4
| | | | | | | | warning from if statement. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18395 dc483132-0cff-0310-8789-dd5450dbe970
* Removed unused Metrowerks compiler support.Alexandra Ellwood2006-07-251-4/+0
| | | | | | | | | (Since there's no universal binary support for CodeWarrior there's no point in having this here.) ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18394 dc483132-0cff-0310-8789-dd5450dbe970
* Switched from "#pragma options align" to "#pragma pack". Alexandra Ellwood2006-07-253-8/+8
| | | | | | | Removed Metrowerks "#pragma import" since other framework headers don't specify it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18392 dc483132-0cff-0310-8789-dd5450dbe970
* Windows - fix kfwlogon for Windows 2000Jeffrey Altman2006-07-252-31/+80
| | | | | | | | | | | | Windows 2000 does not support the ability to generate SIDs from symbolic names. Add more debugging and error condition checks. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18387 dc483132-0cff-0310-8789-dd5450dbe970
* commit again without using patch to apply the diffJeffrey Altman2006-07-245-55/+206
| | | | | | ticket: 4048 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18382 dc483132-0cff-0310-8789-dd5450dbe970
* undo previous commit due to EOL issuesJeffrey Altman2006-07-245-206/+55
| | | | | | ticket: 4048 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18381 dc483132-0cff-0310-8789-dd5450dbe970
* Switched from "#pragma options align" to "#pragma pack". Alexandra Ellwood2006-07-242-4/+4
| | | | | | | Removed Metrowerks "#pragma import" since other framework headers don't specify it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18380 dc483132-0cff-0310-8789-dd5450dbe970
* Windows Integrated Login Fixes for KFW 3.1Jeffrey Altman2006-07-245-55/+206
| | | | | | | | | | | | | | | | | | | | | | | | | KFW integrated login was failing when the user is not a power user or administrator. This was occurring because the temporary file ccache was being created in a directory the user could not read. While fixing this it was noticed that the ACLs on the ccache were too broad. Instead of applying a fix to the FILE: krb5_ccache implementation it was decided that simply applying a new set of ACLs (SYSTEM and "user" with no inheritance) to the file immediately after the krb5_cc_initialize() call would close the broadest security issues. The file is initially created in the SYSTEM %TEMP% directory with "SYSTEM" ACL only. Then it is moved to the user's %TEMP% directory with "SYSTEM" and "user" ACLs. Finally, after copying the credentials to the API: ccache, the file is deleted. ticket: new tags: pullup component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18379 dc483132-0cff-0310-8789-dd5450dbe970
* * aclocal.m4 (KRB5_LIB_AUX): Disallow --enable-profiled and --disable-sharedKen Raeburn2006-07-211-6/+15
| | | | | | | | options as well. Don't generate help messages for these options. ticket: 4036 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18352 dc483132-0cff-0310-8789-dd5450dbe970
* * ldap_service_stash.c (krb5_ldap_readpassword): Don't require strerror_r, fallKen Raeburn2006-07-211-0/+5
| | | | | | back to strerror if needed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18351 dc483132-0cff-0310-8789-dd5450dbe970
* respect LDFLAGS in NetBSD buildKen Raeburn2006-07-211-1/+14
| | | | | | | | | | | | An LDFLAGS setting at configure time is ignored in parts of the build. * shlib.conf (*-*-netbsd*): Use $(CC) for LDCOMBINE, and include $(LDFLAGS). ticket: new target: 1.5.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18350 dc483132-0cff-0310-8789-dd5450dbe970
* reject configure option for static librariesKen Raeburn2006-07-211-0/+4
| | | | | | | | | | | | | We shouldn't accept --enable-static at configure time when we know it's not going to work at build time. * aclocal.m4 (KRB5_LIB_AUX): Error out if --enable-static. ticket: new target_version: 1.5.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18348 dc483132-0cff-0310-8789-dd5450dbe970
* Windows - kfw 3.1 msi deployment guide updatesJeffrey Altman2006-07-211-6/+298
| | | | | | | | documentation updates for the kfw 3.1 msi deployment guide. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18346 dc483132-0cff-0310-8789-dd5450dbe970
* Windows NetIDMgr documentationJeffrey Altman2006-07-212-0/+0
| | | | | | | | NetIDMgr 1.1 documentation for KFW 3.1 release ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18345 dc483132-0cff-0310-8789-dd5450dbe970
* Windows NetIDMgr post-1.5 branch commitsJeffrey Altman2006-07-1939-545/+959
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following patch updates the NetIDMgr: * allow plug-ins to be marked "do not unload" in order to support DLLs that create threads that are not properly cleaned up as part of library unload. * allow plug-ins to be marked "disabled" * Additional changes to deal with Microsoft's efforts to deprecate all of the str C runtime functions. * Improvements to Manifest processing in the build system * Addition of Tooltip support to the Toolbar. Dragging the mouse over toolbar buttons displays textual descriptions. * Correct the behavior of the New Credentials Dialog to disable the "Ok" button after it has been pressed. * Add support to allow plugin configuration data to be distributed as part of transforms to the MSI installer. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18344 dc483132-0cff-0310-8789-dd5450dbe970
* acquire_cred(), kg_caller_provided_ccache_name(): On further reflection Alexandra Ellwood2006-07-193-13/+32
| | | | | | | | | | | | | and testing the correct thing appears to be to have gss_krb5_ccache_name() stop gss_acquire_cred() from searching for the desired name in the cache collection. If the caller sets the ccache name then gss_acquire_cred will only look in that ccache. Added kg_caller_provided_ccache_name() to tell whether or not the caller has actually set the ccache. This should fix the problem for both Mac OS X and Windows. ticket: 4024 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18343 dc483132-0cff-0310-8789-dd5450dbe970
* need to look harder for tclConfig.shKen Raeburn2006-07-191-0/+8
| | | | | | | | | | | | Our current scheme doesn't find tclConfig.sh as installed by NetBSD's pkg system, even if it finds tclsh and gets the library pathname from it. The problem is that tclConfig.sh is one directory up. * aclocal.m4 (AC_KRB5_TCL_FIND_CONFIG): Check $tcl_dir/.. for tclConfig.sh. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18342 dc483132-0cff-0310-8789-dd5450dbe970
* acquire_cred(): Realized that my previous patch now basically favors theAlexandra Ellwood2006-07-191-6/+6
| | | | | | | | | | ccache over the desired name. Added a KLL function to search for the desired name, favoring the default ccache. ticket: 4024 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18341 dc483132-0cff-0310-8789-dd5450dbe970
* acquire_cred(): Fixed KLL support to try the default ccache first ifAlexandra Ellwood2006-07-181-13/+19
| | | | | | | | | it is set. ticket: 4024 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18340 dc483132-0cff-0310-8789-dd5450dbe970
* kadmin_startup(): Turn off KLL automatic prompting support in kadminAlexandra Ellwood2006-07-181-0/+13
| | | | | | ticket: 4023 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18339 dc483132-0cff-0310-8789-dd5450dbe970
* Project cleanup:Alexandra Ellwood2006-07-181-50/+0
| | | | | | Removed kipc APIs and deleted files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18338 dc483132-0cff-0310-8789-dd5450dbe970
* authgss_refresh(): Use GSS_C_NO_CHANNEL_BINDINGS macro Alexandra Ellwood2006-07-181-1/+1
| | | | | | | | instead of NULL with gss_init_sec_context to increase readbility. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18337 dc483132-0cff-0310-8789-dd5450dbe970
* Windows: NSIS updates for 2.18 releaseJeffrey Altman2006-07-184-11/+11
| | | | | | | | | This commit corrects errors in the NSIS installer scripts that prevent installer builds using NSIS 2.18. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18336 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-20 02:33:56 +0000