summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* * Added new krb5_ccache type "MSLSA" for Windows only.Jeffrey Altman2003-12-1211-832/+1349
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new ccache type provides an interface for the MIT krb5_cc api functions to be used to access the contents of the MS Kerberos LSA cache. The ccache type is read-only because the MS Kerberos LSA does not allow third party applications to insert credentials into the cache. The primary motivation of this work was to encapsulate the complex operations necessary to manipulate the MS Kerberos LSA. The code was far from trivial and was often implemented incorrectly. Worse still was the fact that each version of Windows since W2K modified the use of the LSA API. The code which was originally donated in the form of ms2mit.c had many memory and handle leaks which were acceptable for a one time application such as ms2mit.c. Unfortunately, this code has started to appear in many other applications: KfW's Leash, the AFS Wake systray tool, and others. By using the new MSLSA ccache the implementation of ms2mit.c went from 890 lines to 50 lines of code and comments. All that is necessary is for the MSLSA ccache to be resolved and for its contents to be copied with krb5_cc_copy_creds to the default ccache. The MSLSA ccache implements all of the functions of a ccache except those which would be used to store data into the ccache. When a write attempt is performed the new error KRB5_CC_READONLY is returned. The residual portion of the MSLSA ccache name is current ignored but preserved. If you ask for ccache "MSLSA:myname" you will be given access to the LSA cache for the current Logon Session. If you later ask for the name of the ccache you will be returned the same name. In the future, the residual might be used to provide information necessary to identify a specific logon session whose cache it is desired to access. If this is ever done, the applications which use it will have to possess the SeTcbPrivilege privilege. Using KfW's Leash it is now possible to set the Krb5 credential cache to "MSLSA:" and use it to monitor the contents of the MS Kerberos LSA cache. As part of adding this functionality, krb5_32.dll is not linked against the "secur32.lib" library as the Lsa security sdk routines are stored in the SECUR32.DLL file. ticket: 2049 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15886 dc483132-0cff-0310-8789-dd5450dbe970
* Remove cvsignore filesSam Hartman2003-12-112-5/+0
| | | | | | Ticket: 2061 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15881 dc483132-0cff-0310-8789-dd5450dbe970
* Remove kadmind4 and v5passwddSam Hartman2003-12-1135-9626/+6
| | | | | | | | | Per email to kerberos-announce remove kadmind4 and v5passwdd from the distribution. Ticket: new Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15880 dc483132-0cff-0310-8789-dd5450dbe970
* Added kg_sync_ccache_name(), kg_get_ccache_name, and kg_set_ccache_name() ↵Alexandra Ellwood2003-12-115-33/+177
| | | | | | | | and rewrote gss_krb5_ccache_name() and added a call to kg_sync_ccache_name() to acquire_init_cred() to fix a bug where on systems with multiple ccaches that GSSAPI gets stuck on the ccache that was default when it launched ticket: 2060 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15879 dc483132-0cff-0310-8789-dd5450dbe970
* Note that krb4 expiration needs to be more conservative than krb5Sam Hartman2003-12-112-0/+18
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15878 dc483132-0cff-0310-8789-dd5450dbe970
* Add exports for functions exported by KfMJeffrey Altman2003-12-082-0/+34
| | | | | | | | ticket: 2051 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15871 dc483132-0cff-0310-8789-dd5450dbe970
* 2003-11-26 Jeffrey Altman <jaltman@mit.edu>Jeffrey Altman2003-12-082-0/+33
| | | | | | | | | | | * cc_default.c: Add support for Leash Kinit Dialog on Windows to krb5int_c_default() ticket: 2028 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15870 dc483132-0cff-0310-8789-dd5450dbe970
* Add support for conditional inclusion of flags when building as part ofJeffrey Altman2003-12-082-1/+11
| | | | | | | | | | | | KfW. The only flag defined at this time is USE_LEASH which is defined to allow GSSAPI32.DLL to enable the use of Leash Kinit dialogs when there are no tickets ticket: 2028 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15869 dc483132-0cff-0310-8789-dd5450dbe970
* work around Solaris 9 pty-close bugTom Yu2003-12-069-1/+105
| | | | | | | | | | | | Create a LD_PRELOAD object, exitsleep, that will sleep for a short time prior to calling the real exit() function. This attempts to work around a Solaris 9 kernel bug where output will get lost if it is written to a pty immediately prior to the pty close. ticket: new component: krb5-build git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15864 dc483132-0cff-0310-8789-dd5450dbe970
* Updated project to reflect changes in source filesAlexandra Ellwood2003-11-251-0/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15850 dc483132-0cff-0310-8789-dd5450dbe970
* initial sequence number mask short by 4 bitsTom Yu2003-10-302-1/+6
| | | | | | | | | | | | | * gen_seqnum.c (krb5_generate_seq_number): Fix mask; was short by 4 bits. ticket: new version_reported: 1.3.1 target_version: 1.3.2 component: krb5-libs tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15849 dc483132-0cff-0310-8789-dd5450dbe970
* * sendto_kdc.c: Sockets must be closed with closesocket() insteadJeffrey Altman2003-10-272-1/+7
| | | | | | | | | | | | of close() for proper socket deallocation on systems which do not use file descriptors for sockets. i.e., Windows. ticket: 1973 target_version: 1.3.2 tags: pullup status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15844 dc483132-0cff-0310-8789-dd5450dbe970
* Because of the failure of Windows 2000 and Windows XP to perform properJeffrey Altman2003-10-212-2/+28
| | | | | | | | | | | | | | | | | | | | ticket expiration time management, the MS Kerberos LSA will return tickets to a calling application with lifetimes as short as one second. Tickets with lifetimes less than five minutes can cause problems for most apps. Tickets with lifetimes less than 20 minutes will trigger the Leash ticket lifetime warnings. Instead of accepting whatever tickets are returned by MS LSA from the cache, if the ticket lifetime is less than 20 minutes force a retrieval operation bypassing the LSA ticket cache. ticket: 1962 target_version: 1.3.2 tags: pullup owner: jaltman@mit.edu status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15843 dc483132-0cff-0310-8789-dd5450dbe970
* removed deleted files from projectAlexandra Ellwood2003-10-211-31/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15842 dc483132-0cff-0310-8789-dd5450dbe970
* Updated to work with XcodeAlexandra Ellwood2003-10-171-1270/+2003
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15841 dc483132-0cff-0310-8789-dd5450dbe970
* * api.1/lock.exp: Work around a race condition in the Solaris 9Tom Yu2003-10-172-18/+56
| | | | | | | | | | | | | | | pty implementation: output sent to a pty slave immediately before last close/exit can get lost on the way to the master. This is Sun bug #4927647. The workaround consists of changing the tests to always make lock-test wait to read a character prior to exiting, so any output prior to the "wait" directive will not get lost. ticket: 1792 tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15840 dc483132-0cff-0310-8789-dd5450dbe970
* Save encoded KRB-SAFE-BODY to avoid problems caused by re-encoding it.Tom Yu2003-10-089-5/+145
| | | | | | | | | | Also, handle correctly implemented RFC 1510 KRB-SAFE i.e., checksummed over KRB-SAFE-BODY only. ticket: 1893 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15831 dc483132-0cff-0310-8789-dd5450dbe970
* Add missing ChangeLog entry for krb.h:1.51Tom Yu2003-09-291-0/+5
| | | | | | ticket: 1586 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15829 dc483132-0cff-0310-8789-dd5450dbe970
* Add --enable-maintainer-mode option to configure, and prevent rebuilding ofKen Raeburn2003-09-276-2/+40
| | | | | | | | | | | | | | | | | include/krb5/autoconf.h.in and */configure if it's not enabled. Anything else we should only rebuild in maintainer mode? * aclocal.m4 (KRB5_AC_MAINTAINER_MODE): New macro. (CONFIG_RULES): Invoke it. * config/post.in (configure): Make configure depend on configure.in and aclocal.m4 only if maintainer mode is enabled. * include/Makefile.in ($(srcdir)/krb5/autoconf.h.in): Depend on autoconf.stmp only if maintainer mode is enabled. ticket: 1588 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15825 dc483132-0cff-0310-8789-dd5450dbe970
* Modify the declaration of the CREDENTIALS structure to support the additionalJeffrey Altman2003-09-231-0/+4
| | | | | | | | | | | | address field used on Windows. ticket: 1586 status: open owner: jaltman@mit.edu target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15820 dc483132-0cff-0310-8789-dd5450dbe970
* Oops, naughty naughty. Use $(CC), not gccKen Raeburn2003-09-132-3/+3
| | | | | | ticket: 1790 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15819 dc483132-0cff-0310-8789-dd5450dbe970
* * shlib.conf (*-*-linux*): Use gcc for linking shared libraries, and -Wl toKen Raeburn2003-09-132-8/+20
| | | | | | | | | pass linker flags in, so gcc can supply the necessary support libraries. ticket: 1790 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15818 dc483132-0cff-0310-8789-dd5450dbe970
* Alpha OSF build fails because daemon() tries to call setpgrp becauseKen Raeburn2003-09-132-2/+6
| | | | | | | | | | | it doesn't know setsid is available. It's using autoconf.h, but no longer using the defines set in lib/krb5/posix/Makefile. * configure.in: Check for setsid() and <paths.h>. ticket: 1847 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15817 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Cesar Garcia to fix lifetime computation in 524Tom Yu2003-09-024-2/+12
| | | | | | | | | | | ticket conversion. ticket: 1712 tags: pullup version_reported: 1.3.1 target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15808 dc483132-0cff-0310-8789-dd5450dbe970
* kill() might overwrite errno. Save it beforehandAlexandra Ellwood2003-09-021-1/+1
| | | | | | ticket: 1799 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15806 dc483132-0cff-0310-8789-dd5450dbe970
* Fixed handling of krb5_net_write() failing (need to call waitpid() on child ↵Alexandra Ellwood2003-09-021-14/+8
| | | | | | | | even if we kill it) ticket: 1799 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15805 dc483132-0cff-0310-8789-dd5450dbe970
* Fixed comment (part of adding Apple Password Server support)Alexandra Ellwood2003-09-021-2/+1
| | | | | | ticket: 1799 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15804 dc483132-0cff-0310-8789-dd5450dbe970
* Added Apple password server supportAlexandra Ellwood2003-09-025-2/+166
| | | | | | ticket: 1799 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15803 dc483132-0cff-0310-8789-dd5450dbe970
* While libc5 isn't one of our supported configurations, this is a simple enoughKen Raeburn2003-08-302-3/+11
| | | | | | | | | | | | change. It should be in the 1.4 release. (Next 1.3.x release? I don't know.) * fake-addrinfo.h (WRAP_GETADDRINFO, COPY_FIRST_CANONNAME): Don't define on Linux unless HAVE_GETADDRINFO is defined, for libc5 compatibility. ticket: 1711 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15802 dc483132-0cff-0310-8789-dd5450dbe970
* Copy and build daemon.c in whatever directories need it, instead of building itKen Raeburn2003-08-3021-21/+69
| | | | | | | | | | | | | | | | | | into the krb5 library. * aclocal.m4 (KRB5_AC_NEED_DAEMON): New macro. * appl/bsd/configure.in, kadmin/configure.in, kdc/configure.in, krb524/configure.in, slave/configure.in: Use it. Don't directly check if prototype for daemon() is needed. * kadmin/server/Makefile.in (OBJS), kadmin/v5passwdd/Makefile.in (SERV_OBJS), kdc/Makefile.in (OBJS, fakeka), krb524/Makefile.in (SERVER_OBJS), slave/Makefile.in (SERVEROBJS): Use LIBOBJS. * config/post.in (daemon.c): New rule for copying daemon.c locally from lib/krb5/posix. ticket: 1791 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15801 dc483132-0cff-0310-8789-dd5450dbe970
* krshd hangs in linux nightly testingKen Raeburn2003-08-292-5/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A typical stack trace: #0 0xffffe002 in ?? () #1 0x420da75f in syslog () from /lib/tls/libc.so.6 #2 0x0804ad06 in cleanup (signumber=15) at krshd.c:567 #3 <signal handler called> #4 0xffffe000 in ?? () #5 0x4202774e in sigaction () from /lib/tls/libc.so.6 #6 0x0804ac82 in cleanup (signumber=1) at krshd.c:548 #7 <signal handler called> #8 0xffffe002 in ?? () #9 0x4202774e in sigaction () from /lib/tls/libc.so.6 #10 0x420daa21 in vsyslog () from /lib/tls/libc.so.6 #11 0x420da75f in syslog () from /lib/tls/libc.so.6 #12 0x0804b670 in doit (f=3, fromp=0xbfffda50) at krshd.c:1313 #13 0x0804ab87 in main (argc=11, argv=0xbfffdb34) at krshd.c:459 #14 0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6 Yes, we're calling syslog from inside a signal handler. Yes, this is bad. And from some poking about that I did earlier, it appears that there's some locking code in vsyslog which may be deadlocking in the nested call. And this usually seems to happen when logging the "shell process completed" message. This is a quick patch to switch off the signal handlers before logging that message. I suspect the breakage happens earlier, though, so this might not fix the bug, just maybe move it around a little. * krshd.c (ignore_signals): Split out from cleanup(). (doit): Call it when the shell process has completed, before calling syslog. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15800 dc483132-0cff-0310-8789-dd5450dbe970
* In my tests (2GHz P4 Linux, 5 minutes, no pre-existing replay cache), this getsKen Raeburn2003-08-272-10/+30
| | | | | | | | | | | | | | about a 10% speedup adding entries to an already open replay cache. * rc_dfl.c (alive): Take a timestamp argument instead of the context, and don't check the current time here. All callers changed to pass in the current time. (rc_store): Take a timestamp argument. All callers changed to pass in the current time. ticket: 1784 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15799 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5.hin (struct _krb5_donot_replay, krb5_rc_default, krb5_rc_resolve_type)Ken Raeburn2003-08-263-50/+56
| | | | | | | | | | | (krb5_rc_resolve_full, krb5_rc_get_type, krb5_rc_default_type) (krb5_rc_default_name, krb5_auth_to_rep): Private declarations moved... * k5-int.h: ...to here. ticket: 1784 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15798 dc483132-0cff-0310-8789-dd5450dbe970
* * cc_file.c (krb5_fcc_store_int32, krb5_fcc_store_ui_4, krb5_fcc_store_ui_2)Ken Raeburn2003-08-262-51/+6
| | | | | | | (krb5_fcc_store_octet): Remove gratuitous conditionalizing of casts on USE_STDIO, left over from merge. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15797 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Don't test for labs, memmove or bcopy.Ken Raeburn2003-08-264-9/+5
| | | | | | | * k5-int.h (labs, HAVE_LABS): Never define. * win-mac.h (HAVE_LABS): Don't define. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15796 dc483132-0cff-0310-8789-dd5450dbe970
* * getdate.y (bcopy): Don't bother with HAVE_BCOPY and HAVE_MEMCPY tests; alwaysKen Raeburn2003-08-262-1/+6
| | | | | | define the macro if it's not already defined. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15795 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Check for some C99 headers and typesKen Raeburn2003-08-262-0/+13
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15794 dc483132-0cff-0310-8789-dd5450dbe970
* * k5-config.h: Unused file deletedKen Raeburn2003-08-262-311/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15793 dc483132-0cff-0310-8789-dd5450dbe970
* * aclocal.m4 (KRB5_AC_ENABLE_DNS): Drop --enable-dns and --enable-dns-for-kdcKen Raeburn2003-08-262-37/+7
| | | | | | | | options; turn them on always. ticket: 1724 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15792 dc483132-0cff-0310-8789-dd5450dbe970
* * fake-addrinfo.h (inline): Supported by Sun Forte Developer 7 compilerKen Raeburn2003-08-262-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15791 dc483132-0cff-0310-8789-dd5450dbe970
* * foreachaddr.c (foreach_localaddr) [HAVE_IFADDRS_H]: Skip over any returnedKen Raeburn2003-08-262-0/+19
| | | | | | | | | | | data structure with a NULL ifa_addr field. ticket: 1770 version_reported: 1.3 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15790 dc483132-0cff-0310-8789-dd5450dbe970
* * aclocal.m4 (WITH_CCOPTS, WITH_CPPOPTS, WITH_LINKER, WITH_LDOPTS,Ken Raeburn2003-08-262-49/+16
| | | | | | | | | KRB5_INIT_CCOPTS, WITH_CC_DEPRECATED_ARG): Deleted. (CONFIG_RULES): Do the non-useless parts directly here. (V5_SET_TOPDIR): Work quietly. (WITH_KRB4): Use AC_MSG_NOTICE. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15789 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2003-08-211-1/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15788 dc483132-0cff-0310-8789-dd5450dbe970
* * dnssrv.c: New file; split out DNS SRV RR query support...Ken Raeburn2003-08-214-225/+281
| | | | | | | * locate_kdc.c: ...from here. Always compile in the calls. * Makefile.in (STLIBOBJS, OBJS, SRCS): Add it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15787 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Don't substitute LIBOBJS, newer autoconfs don't like itKen Raeburn2003-08-212-4/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15786 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (STLIBOBJS, OBJS): EmptyKen Raeburn2003-08-212-2/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15785 dc483132-0cff-0310-8789-dd5450dbe970
* * fake-addrinfo.h (getnameinfo): Define to my_fake_getnameinfo only ifKen Raeburn2003-08-212-10/+21
| | | | | | | | | HAVE_GETADDRINFO is defined. ticket: 1380 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15784 dc483132-0cff-0310-8789-dd5450dbe970
* Make things work on IRIX againKen Raeburn2003-08-213-14/+24
| | | | | | | | | | | | | | * fake-addrinfo.h (inline): Move definitions further up, before first use. Do use __inline__ for gcc without c99 support. (GET_SERV_BY_NAME) [!GETSERVBYNAME_R_RETURNS_INT]: Fix invocation for IRIX definition. * socket-utils.h: Include port-sockets.h to get a definition for struct sockaddr_storage. ticket: 1380 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15783 dc483132-0cff-0310-8789-dd5450dbe970
* Oops. Include errno.h even if gai_strerror isn't being definedKen Raeburn2003-08-211-1/+1
| | | | | | | ticket: 1380 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15782 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Don't replace any missing system functions. Just set LIBOBJSKen Raeburn2003-08-212-1/+10
| | | | | | empty for now and substitute it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15781 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-03-24 14:12:02 +0000