summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* First cut at adding local caching to the getaddrinfo support. Still needs workKen Raeburn2003-08-212-81/+314
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * fake-addrinfo.h: Delete the unused WRAP_GETNAMEINFO support. (HAVE_GETADDRINFO) [__APPLE__ && __MACH__]: Don't undefine. (FAI_CACHE) [__APPLE__ && __MACH__]: Define. (system_getaddrinfo, system_freeaddrinfo, system_getnameinfo): New functions. (gaiptr, faiptr, gniptr): Variables deleted. Change references to use the system_* functions above. (getaddrinfo, freeaddrinfo) [FAI_CACHE]: Define as macros to the my_fake_* versions. (protoname, socktypename, familyname): Use caller-supplied buffers instead of local static buffers. (debug_dump_getaddrinfo_args): Provide a buffer. (NEED_FAKE_GETNAMEINFO): Define if HAVE_GETADDRINFO is not defined. (inline): Rework macros to test for C99 and IRIX. (NEED_FAKE_GETADDRINFO): Define if FAI_CACHE is defined. (fai_add_entry) [KRB5_USE_INET6]: Support IPv6. (CACHE_ENTRY_LIFETIME): New macro. (struct face, struct fac): New types. (fac): New static variable. (plant_face, find_face): New functions. (fai_add_hosts_by_name) [FAI_CACHE]: Check the cache before looking up the hostname. Add the looked-up host info to the cache. (fake_getaddrinfo): Call GET_SERV_BY_NAME instead of conditionally calling getservbyname or getservbyname_r. Don't pass AF_INET to fai_add_hosts_by_name. (fake_getnameinfo): Define only if NEED_FAKE_GETNAMEINFO is defined. (gai_strerror): Define if either HAVE_FAKE_GETADDRINFO or NEED_FAKE_GETNAMEINFO is defined. (getaddrinfo): Do define function if FAI_CACHE is defined. (getnameinfo): Define only if NEED_FAKE_GETNAMEINFO is defined. ticket: 1380 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15780 dc483132-0cff-0310-8789-dd5450dbe970
* Don't double free the encrypted credential partSam Hartman2003-08-192-5/+5
| | | | | | | Ticket: 1731 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15773 dc483132-0cff-0310-8789-dd5450dbe970
* krb_check_auth clears the return value for the schedule parameter with a ↵Alexandra Ellwood2003-08-152-1/+6
| | | | | | | | memset. This prevents callers from using the key schedule, which breaks code ticket: 1730 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15770 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Check for mode_tKen Raeburn2003-08-142-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15769 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Don't check for or replace vfprintf, vsprintf, strerror,Ken Raeburn2003-08-132-1/+6
| | | | | | memmove, or sscanf, all part of C 89. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15768 dc483132-0cff-0310-8789-dd5450dbe970
* use my mit changelog idKen Raeburn2003-08-131-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15767 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (OBJS, STLIBOBJS): Drop setenv.o.Ken Raeburn2003-08-134-197/+8
| | | | | | | * setenv.c: Deleted. * pos-obsolete.h: Deleted. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15766 dc483132-0cff-0310-8789-dd5450dbe970
* * cnv_tkt_skey.c (krb524_convert_tkt_skey): Call krb_create_ticketTom Yu2003-08-122-238/+34
| | | | | | | | | | | | | | | instead of local version. Remove local version of krb_create_ticket. This file no longer gets included into a krb524 library, so accessing internal functions isn't that big of an issue anymore. ticket: 1714 version_reported: 1.3.1 target_version: 1.3.2 tags: pullup component: krb5-kdc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15765 dc483132-0cff-0310-8789-dd5450dbe970
* get_init_creds_password: DNS SRV off causes bogus REALM_UNKNOWNTom Yu2003-08-082-1/+10
| | | | | | | | | | | | | | | * gic_pwd.c (krb5_get_init_creds_password): If DNS SRV support is turned off, the second call to get_init_creds() will fail with KRB5_REALM_UNKNOWN under certain circumstances. If that happens, return the error from the first call to get_init_creds(), which will be more useful to the user. ticket: new target_version: 1.3.2 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15761 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the target requirement for kadmind4 and v5passwddAlexandra Ellwood2003-08-081-2/+0
| | | | | | ticket: 1715 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15759 dc483132-0cff-0310-8789-dd5450dbe970
* configure.in: Don't assume all darwin boxes are powerpc. (eg: OpenDarwin/x86)Alexandra Ellwood2003-08-062-1/+6
| | | | | | ticket: 1718 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15757 dc483132-0cff-0310-8789-dd5450dbe970
* Do not install kadmin4 or v5passwdd on Mac OS X. Also, fixed broken goober ↵Alexandra Ellwood2003-08-061-12/+1
| | | | | | | | I accidentally checked in on the trunk. oops ticket: 1715 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15755 dc483132-0cff-0310-8789-dd5450dbe970
* * kinit.c (main): Apply patch from Stephen Grau to correctlyTom Yu2003-08-012-1/+7
| | | | | | | | | | return non-zero for certain error conditions. ticket: 1437 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15754 dc483132-0cff-0310-8789-dd5450dbe970
* add missing ChangeLog entryTom Yu2003-07-311-0/+7
| | | | | | | | ticket: 1702 tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15748 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_host_realm and krb5_free_host_realm should not be labeled as ↵Jeffrey Altman2003-07-311-1/+1
| | | | | | | | | | | KRB5_PRIVATE. They are required for many applications including OpenAFS and UMich's Kx509. 1.2.8 had them public but the change was never reflected on the trunk. Ticket: 1702 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15747 dc483132-0cff-0310-8789-dd5450dbe970
* KfM jam file paths should work from any project file the KerberosFramework ↵Alexandra Ellwood2003-07-283-28/+113
| | | | | | | | hierarchy ticket: 1693 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15741 dc483132-0cff-0310-8789-dd5450dbe970
* -s can return non-zero exit status if credentials are expiredSam Hartman2003-07-272-1/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15739 dc483132-0cff-0310-8789-dd5450dbe970
* use new config file tag for master KDCKen Raeburn2003-07-252-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | We want to avoid making extra attempts to contact the "master" KDC, in the case where the password appears to be incorrect according to one KDC but we think maybe the master KDC could have a newer password, if there isn't actually a master KDC. Currently the admin_server tag is overloaded for kadmin and password changing. So, don't use it as a filter on the KDC list; instead, look for master_kdc as an independent list. (See also ticket 1511 re contacting the master twice if it's first in the regular KDC list.) Doc updates still needed. * locate_kdc.c (krb5_locate_kdc): Always pass 0 to locate_server as the get_masters argument. Instead, if get_masters is set, look up "master_kdc" in the config file instead of "kdc". ticket: new target_version: 1.3.2 tags: pullup status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15736 dc483132-0cff-0310-8789-dd5450dbe970
* Added a little more buffer space than the supplied patch, and used sizeofKen Raeburn2003-07-242-2/+7
| | | | | | | | | | | * kadmin.c (strdate): Increase size of buffer to 40. Use sizeof for length passed to strftime. ticket: 1613 target_version: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15735 dc483132-0cff-0310-8789-dd5450dbe970
* Send generalstring not octetstring in etype_info2. Accept eitherSam Hartman2003-07-229-20/+86
| | | | | | | | | | | | form. Also, if a etype_info fails to decode, skip it rather than failing to process the AS reply. Ticket: 1681 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15723 dc483132-0cff-0310-8789-dd5450dbe970
* * README: Revert previous change, as it was in error; socklen_tTom Yu2003-07-222-3/+10
| | | | | | | | | | was introduced in Aug 2001 Platform SDK, and the actual problem reported was very probably a compilation environment misconfiguration. ticket: 1675 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15721 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use broken getaddrinfo on Mac OS XAlexandra Ellwood2003-07-222-0/+8
| | | | | | ticket: 1683 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15717 dc483132-0cff-0310-8789-dd5450dbe970
* Always register the file ccache in the set of registered ops. TheSam Hartman2003-07-222-2/+14
| | | | | | | | | | | resolve code may also find it as the default ops on some platforms, but this will not cause problems. ticket: 1684 owner: lxs status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15716 dc483132-0cff-0310-8789-dd5450dbe970
* Change crypto "provider" structures to hold numeric values instead of functionKen Raeburn2003-07-2243-235/+196
| | | | | | | pointers for key sizes, block sizes, etc., when the values are always constant for each encryption or hash mechanism. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15714 dc483132-0cff-0310-8789-dd5450dbe970
* * resolve.c (main): If gethostbyname fails, report the failing hostnameKen Raeburn2003-07-222-1/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15711 dc483132-0cff-0310-8789-dd5450dbe970
* Don't combine encrypt and decrypt code paths.Ken Raeburn2003-07-222-19/+45
| | | | | | | | | | | | | Zap key schedule when done. * des3.c (validate_and_schedule): Split out from old k5_des3_docrypt. (k5_des3_encrypt, k5_des3_decrypt): Call it, and krb5int_des3_cbc_encrypt or _decrypt, instead of k5_des3_docrypt. Zap key schedules before returning. ticket: 1404 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15710 dc483132-0cff-0310-8789-dd5450dbe970
* * k5-int.h (krb5int_zap_data, zap): New macros; call memset with volatile castKen Raeburn2003-07-222-0/+9
| | | | | | | | | for now. ticket: 1404 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15709 dc483132-0cff-0310-8789-dd5450dbe970
* crypto library has bogus dependence on com_errKen Raeburn2003-07-222-2/+4
| | | | | | | | | | | | Forgotten debugging code that was never removed... * pbkdf2.c (foo): Never call com_err. ticket: new target_version: 1.3.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15707 dc483132-0cff-0310-8789-dd5450dbe970
* * f_cbc.c (krb5int_des_cbc_decrypt): Move declarations that were afterKen Raeburn2003-07-223-4/+10
| | | | | | | statements after flattening blocks is previous change. * d3_cbc.c (krb5int_des3_cbc_decrypt): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15706 dc483132-0cff-0310-8789-dd5450dbe970
* Export krb5_principal2saltAlexandra Ellwood2003-07-214-1/+10
| | | | | | ticket: 1679 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15701 dc483132-0cff-0310-8789-dd5450dbe970
* * init_ets.c (krb5_init_ets): Only initialize error tables once -Ezra Peisach2003-07-192-5/+16
| | | | | | | | | | | | | | | so that init_conext/free_context loops do not result in memory leaks. I did not implement the remove error table functions - as a system installed com_err library might not support remove_error_table that exists in our trees com_err library. ticket: 1665 target_version: 1.3.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15700 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_gss_register_acceptor_identity does not allocate enough memory for ↵Ezra Peisach2003-07-192-1/+6
| | | | | | | | | | | | | | | | cached keytab * acquire_cred.c (krb5_gss_register_acceptor_identity): Allocate enough memory to include the null at the end of the keytab char *. Essentially off by one error. ticket: new target_version: 1.3.1 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15699 dc483132-0cff-0310-8789-dd5450dbe970
* Windows build needs Feb 2003 Platform SDKTom Yu2003-07-192-3/+8
| | | | | | | | | | | | | * README: Note requirement for Feb 2003 Platform SDK. Thanks to Doug Engert and Rodney Dyer. ticket: 1675 component: krb5-doc version_reported: 1.3 target_version: 1.3.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15698 dc483132-0cff-0310-8789-dd5450dbe970
* * ms2mit.c:Jeffrey Altman2003-07-182-75/+432
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Functional changes: (1) do not restrict ourselves to DES-CBC-CRC instead support any ticket with an enctype we support. as of this date (rev 1.3) this includes all but RC4-MD4. (2) do not accept invalid tickets (3) when attempting to retrieve tickets do not specify either the enctype or cache options (if possible). doing so will force a TGS request and prevent the results from being stored into the cache. (4) when the LSA cache contains a TGT which has expired Microsoft will not perform a new TGS request until the cache has been purged. Instead the expired ticket continues to be used along with its embedded authorization data. When PURGE_ENABLED is defined, if the tickets are expired, the cache will be purged before requesting new tickets, else we ignore the contents of the cache and force a new TGS request. (5) when the LSA cache is empty do not abort. On XP or 2003, use the SecurityLogonSessionData to determine the Realm (UserDnsDomain in MS-speak) and request an appropriate TGT. On 2000, check the Registry for the HKCU\"Volatile Environment":"USERDNSDOMAIN" instead. This will allow ms2mit to be used to repopulate the LSA cache. If the current session is not Kerberos authenticated an appropriate error message will be generated. Code changes: (1) several memory leaks plugged (2) several support functions copied from the Leashw32.dll sources (3) get_STRING_from_registry() uses the ANSI versions of the Registry functions and should at a later date be converted to use the Unicode versions. Notes: an ms2mit.exe based on the Leash_import() function should be considered. Leash_import() not only imports the TGT from the LSA but also performs the krb524 conversion and AFS token retrieval. Of course, that version of ms2mit.exe could not exist within the krb5 source tree. ticket: 1667 target_version: 1.3.1 tags: pullup owner: jaltman@mit.edu status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15696 dc483132-0cff-0310-8789-dd5450dbe970
* gssapi32.def: export the GSS_C_NT_xxxx constants as DATA. These are requiredJeffrey Altman2003-07-182-4/+15
| | | | | | | | | | | | by applications that wish to use the gss_nt_xxxx constants. ticket: 1666 target_version: 1.3.1 tags: pullup owner: jaltman@mit.edu status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15695 dc483132-0cff-0310-8789-dd5450dbe970
* Remove kg_release_defcred and caching of default credential. RewriteTom Yu2003-07-179-479/+625
| | | | | | | | | | | | krb5_gss_init_sec_context() while we're at it to make defcred-related changes easier, and as a side effect, fix some error condition memory leaks. ticket: 1365 target_version: 1.3.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15694 dc483132-0cff-0310-8789-dd5450dbe970
* Use the old DES encrypt function, not the split versions via macrosKen Raeburn2003-07-174-0/+9
| | | | | | | | * des.c (mit_des_cbc_encrypt): Undef before use. * enc_dec.c (mit_des_cbc_encrypt): Likewise. * mac_des_glue.c (mit_des3_cbc_encrypt): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15693 dc483132-0cff-0310-8789-dd5450dbe970
* Separate the DES encrypt and decrypt operations into separate functions,Ken Raeburn2003-07-174-254/+361
| | | | | | | | | | | | | | | | since they have almost no code in common. * f_cbc.c (krb5int_des_cbc_encrypt, krb5int_des_cbc_decrypt): New functions broken out from mit_des_cbc_encrypt. (mit_des_cbc_encrypt): Call them. * d3_cbc.c (krb5int_des3_cbc_encrypt, krb5int_des3_cbc_decrypt): New functions broken out from mit_des3_cbc_encrypt. (mit_des3_cbc_encrypt): Call them. * des_int.h (krb5int_des_cbc_encrypt, krb5int_des_cbc_decrypt, krb5int_des3_cbc_encrypt, krb5int_des3_cbc_decrypt): Declare. (mit_des_cbc_encrypt, mit_des3_cbc_encrypt): New macros. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15692 dc483132-0cff-0310-8789-dd5450dbe970
* delete ##WIN16## lines from makefilesKen Raeburn2003-07-1750-27/+101
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15691 dc483132-0cff-0310-8789-dd5450dbe970
* * krb5_libinit.c: Include autoconf.hKen Raeburn2003-07-152-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15690 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (STLIBOBJS, OBJS, T_SER_OBJS): Drop ser_eblk.oKen Raeburn2003-07-152-5/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15689 dc483132-0cff-0310-8789-dd5450dbe970
* * aclocal.m4 (extra_gcc_warn_opts): Don't turn on -pedantic on DarwinKen Raeburn2003-07-152-1/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15688 dc483132-0cff-0310-8789-dd5450dbe970
* * accept_sec_context.c (krb5_gss_accept_sec_context): CallTom Yu2003-07-152-4/+9
| | | | | | | | | | TREAD_STR with correct arguments. Patch from Emily Ratliff. ticket: 1015 tags: pullup target_version: 1.3.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15687 dc483132-0cff-0310-8789-dd5450dbe970
* Check for NULL realm argument and n not equal to 1. Fill in realm with an ↵Alexandra Ellwood2003-07-112-0/+14
| | | | | | | | empty string on error in case the caller doesn't check the return value ticket: 1657 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15684 dc483132-0cff-0310-8789-dd5450dbe970
* RealmsConfig-glue.c: Don't fail when krb5.conf is valid and krb.conf isn't. ↵Alexandra Ellwood2003-07-112-2/+8
| | | | | | | | Also, don't assert v4 realm is in profile unless that realm is a valid v4 realm ticket: 1657 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15683 dc483132-0cff-0310-8789-dd5450dbe970
* Rewrote krb_get_lrealm to correctly handle the v4 realms section in the ↵Alexandra Ellwood2003-07-112-66/+101
| | | | | | | | profile and to return KFAILURE in the absence of any config (instead of returning ATHENA.MIT.EDU) ticket: 1657 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15682 dc483132-0cff-0310-8789-dd5450dbe970
* * acquire_cred.c (acquire_init_cred): Close the ccache ifTom Yu2003-07-102-0/+8
| | | | | | | | | | | krb5_cc_set_flags() fails, as krb5int_cc_default succeeds even if the file is not there, but krb5_cc_set_flags will fail in turning off OPENCLOSE mode if the file can't be opened. Thanks to Kent Wu. ticket: 1656 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15680 dc483132-0cff-0310-8789-dd5450dbe970
* Export krb5_get_permitted_enctypes and krb5_set_real_time for SambaAlexandra Ellwood2003-07-099-4/+32
| | | | | | ticket: 1655 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15678 dc483132-0cff-0310-8789-dd5450dbe970
* This time, use the correct # of arguments for strcpyAlexandra Ellwood2003-07-081-1/+1
| | | | | | ticket: 1651 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15672 dc483132-0cff-0310-8789-dd5450dbe970
* krb_prof_get_nth() no longer assumes that its retlen argument is correct ↵Alexandra Ellwood2003-07-072-1/+9
| | | | | | | | (call strcpy instead of strncpy) because this argument is a guess for some callers (eg: krb_get_admhst()) ticket: 1651 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15671 dc483132-0cff-0310-8789-dd5450dbe970