| Commit message (Collapse) | Author | Age | Files | Lines |
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fake-addrinfo.h: Delete the unused WRAP_GETNAMEINFO support.
(HAVE_GETADDRINFO) [__APPLE__ && __MACH__]: Don't undefine.
(FAI_CACHE) [__APPLE__ && __MACH__]: Define.
(system_getaddrinfo, system_freeaddrinfo, system_getnameinfo): New functions.
(gaiptr, faiptr, gniptr): Variables deleted. Change references to use the
system_* functions above.
(getaddrinfo, freeaddrinfo) [FAI_CACHE]: Define as macros to the my_fake_*
versions.
(protoname, socktypename, familyname): Use caller-supplied buffers instead of
local static buffers.
(debug_dump_getaddrinfo_args): Provide a buffer.
(NEED_FAKE_GETNAMEINFO): Define if HAVE_GETADDRINFO is not defined.
(inline): Rework macros to test for C99 and IRIX.
(NEED_FAKE_GETADDRINFO): Define if FAI_CACHE is defined.
(fai_add_entry) [KRB5_USE_INET6]: Support IPv6.
(CACHE_ENTRY_LIFETIME): New macro.
(struct face, struct fac): New types.
(fac): New static variable.
(plant_face, find_face): New functions.
(fai_add_hosts_by_name) [FAI_CACHE]: Check the cache before looking up the
hostname. Add the looked-up host info to the cache.
(fake_getaddrinfo): Call GET_SERV_BY_NAME instead of conditionally calling
getservbyname or getservbyname_r. Don't pass AF_INET to
fai_add_hosts_by_name.
(fake_getnameinfo): Define only if NEED_FAKE_GETNAMEINFO is defined.
(gai_strerror): Define if either HAVE_FAKE_GETADDRINFO or NEED_FAKE_GETNAMEINFO
is defined.
(getaddrinfo): Do define function if FAI_CACHE is defined.
(getnameinfo): Define only if NEED_FAKE_GETNAMEINFO is defined.
ticket: 1380
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15780 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
Ticket: 1731
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15773 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
memset. This prevents callers from using the key schedule, which breaks code
ticket: 1730
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15770 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15769 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
memmove, or sscanf, all part of C 89.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15768 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15767 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
* setenv.c: Deleted.
* pos-obsolete.h: Deleted.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15766 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
instead of local version. Remove local version of
krb_create_ticket. This file no longer gets included into a
krb524 library, so accessing internal functions isn't that big of
an issue anymore.
ticket: 1714
version_reported: 1.3.1
target_version: 1.3.2
tags: pullup
component: krb5-kdc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15765 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gic_pwd.c (krb5_get_init_creds_password): If DNS SRV support is
turned off, the second call to get_init_creds() will fail with
KRB5_REALM_UNKNOWN under certain circumstances. If that happens,
return the error from the first call to get_init_creds(), which
will be more useful to the user.
ticket: new
target_version: 1.3.2
tags: pullup
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15761 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 1715
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15759 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 1718
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15757 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
I accidentally checked in on the trunk. oops
ticket: 1715
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15755 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
return non-zero for certain error conditions.
ticket: 1437
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15754 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
ticket: 1702
tags: pullup
target_version: 1.3.2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15748 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
KRB5_PRIVATE.
They are required for many applications including OpenAFS and UMich's Kx509. 1.2.8
had them public but the change was never reflected on the trunk.
Ticket: 1702
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15747 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
hierarchy
ticket: 1693
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15741 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15739 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to avoid making extra attempts to contact the "master" KDC, in the case
where the password appears to be incorrect according to one KDC but we think
maybe the master KDC could have a newer password, if there isn't actually a
master KDC. Currently the admin_server tag is overloaded for kadmin and
password changing. So, don't use it as a filter on the KDC list; instead, look
for master_kdc as an independent list.
(See also ticket 1511 re contacting the master twice if it's first in the
regular KDC list.)
Doc updates still needed.
* locate_kdc.c (krb5_locate_kdc): Always pass 0 to locate_server as the
get_masters argument. Instead, if get_masters is set, look up "master_kdc" in
the config file instead of "kdc".
ticket: new
target_version: 1.3.2
tags: pullup
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15736 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
* kadmin.c (strdate): Increase size of buffer to 40. Use sizeof for
length passed to strftime.
ticket: 1613
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15735 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
form.
Also, if a etype_info fails to decode, skip it rather than failing to
process the AS reply.
Ticket: 1681
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15723 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
was introduced in Aug 2001 Platform SDK, and the actual problem
reported was very probably a compilation environment
misconfiguration.
ticket: 1675
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15721 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 1683
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15717 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
resolve code may also find it as the default ops on some platforms,
but this will not cause problems.
ticket: 1684
owner: lxs
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15716 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
pointers for key sizes, block sizes, etc., when the values are always constant
for each encryption or hash mechanism.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15714 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15711 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Zap key schedule when done.
* des3.c (validate_and_schedule): Split out from old k5_des3_docrypt.
(k5_des3_encrypt, k5_des3_decrypt): Call it, and krb5int_des3_cbc_encrypt or
_decrypt, instead of k5_des3_docrypt. Zap key schedules before returning.
ticket: 1404
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15710 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
for now.
ticket: 1404
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15709 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Forgotten debugging code that was never removed...
* pbkdf2.c (foo): Never call com_err.
ticket: new
target_version: 1.3.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15707 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
statements after flattening blocks is previous change.
* d3_cbc.c (krb5int_des3_cbc_decrypt): Likewise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15706 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 1679
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15701 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
so that init_conext/free_context loops do not result in memory
leaks.
I did not implement the remove error table functions - as a system
installed com_err library might not support remove_error_table that
exists in our trees com_err library.
ticket: 1665
target_version: 1.3.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15700 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cached keytab
* acquire_cred.c (krb5_gss_register_acceptor_identity): Allocate
enough memory to include the null at the end of the keytab char *.
Essentially off by one error.
ticket: new
target_version: 1.3.1
tags: pullup
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15699 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* README: Note requirement for Feb 2003 Platform SDK. Thanks to
Doug Engert and Rodney Dyer.
ticket: 1675
component: krb5-doc
version_reported: 1.3
target_version: 1.3.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15698 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Functional changes:
(1) do not restrict ourselves to DES-CBC-CRC instead support any
ticket with an enctype we support. as of this date (rev 1.3)
this includes all but RC4-MD4.
(2) do not accept invalid tickets
(3) when attempting to retrieve tickets do not specify either the
enctype or cache options (if possible). doing so will force a
TGS request and prevent the results from being stored into the
cache.
(4) when the LSA cache contains a TGT which has expired Microsoft will
not perform a new TGS request until the cache has been purged.
Instead the expired ticket continues to be used along with its
embedded authorization data. When PURGE_ENABLED is defined, if the
tickets are expired, the cache will be purged before requesting
new tickets, else we ignore the contents of the cache and force
a new TGS request.
(5) when the LSA cache is empty do not abort. On XP or 2003, use
the SecurityLogonSessionData to determine the Realm (UserDnsDomain
in MS-speak) and request an appropriate TGT. On 2000, check the
Registry for the HKCU\"Volatile Environment":"USERDNSDOMAIN"
instead. This will allow ms2mit to be used to repopulate the
LSA cache. If the current session is not Kerberos authenticated
an appropriate error message will be generated.
Code changes:
(1) several memory leaks plugged
(2) several support functions copied from the Leashw32.dll sources
(3) get_STRING_from_registry() uses the ANSI versions of the Registry
functions and should at a later date be converted to use the
Unicode versions.
Notes: an ms2mit.exe based on the Leash_import() function
should be considered. Leash_import() not only imports the TGT from
the LSA but also performs the krb524 conversion and AFS token retrieval.
Of course, that version of ms2mit.exe could not exist within the krb5
source tree.
ticket: 1667
target_version: 1.3.1
tags: pullup
owner: jaltman@mit.edu
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15696 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
by applications that wish to use the gss_nt_xxxx constants.
ticket: 1666
target_version: 1.3.1
tags: pullup
owner: jaltman@mit.edu
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15695 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
krb5_gss_init_sec_context() while we're at it to make defcred-related
changes easier, and as a side effect, fix some error condition memory
leaks.
ticket: 1365
target_version: 1.3.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15694 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
* des.c (mit_des_cbc_encrypt): Undef before use.
* enc_dec.c (mit_des_cbc_encrypt): Likewise.
* mac_des_glue.c (mit_des3_cbc_encrypt): Likewise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15693 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
since they have almost no code in common.
* f_cbc.c (krb5int_des_cbc_encrypt, krb5int_des_cbc_decrypt): New functions
broken out from mit_des_cbc_encrypt.
(mit_des_cbc_encrypt): Call them.
* d3_cbc.c (krb5int_des3_cbc_encrypt, krb5int_des3_cbc_decrypt): New functions
broken out from mit_des3_cbc_encrypt.
(mit_des3_cbc_encrypt): Call them.
* des_int.h (krb5int_des_cbc_encrypt, krb5int_des_cbc_decrypt,
krb5int_des3_cbc_encrypt, krb5int_des3_cbc_decrypt): Declare.
(mit_des_cbc_encrypt, mit_des3_cbc_encrypt): New macros.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15692 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15691 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15690 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15689 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15688 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
TREAD_STR with correct arguments. Patch from Emily Ratliff.
ticket: 1015
tags: pullup
target_version: 1.3.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15687 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
empty string on error in case the caller doesn't check the return value
ticket: 1657
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15684 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
Also, don't assert v4 realm is in profile unless that realm is a valid v4 realm
ticket: 1657
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15683 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
profile and to return KFAILURE in the absence of any config (instead of returning ATHENA.MIT.EDU)
ticket: 1657
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15682 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
krb5_cc_set_flags() fails, as krb5int_cc_default succeeds even if
the file is not there, but krb5_cc_set_flags will fail in turning
off OPENCLOSE mode if the file can't be opened. Thanks to Kent Wu.
ticket: 1656
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15680 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 1655
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15678 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 1651
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15672 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
(call strcpy instead of strncpy) because this argument is a guess for some callers (eg: krb_get_admhst())
ticket: 1651
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15671 dc483132-0cff-0310-8789-dd5450dbe970
|