Alexandra Ellwood [Tue, 8 Jul 2008 16:14:28 +0000 (16:14 +0000)]
Add kerberos icon
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20501
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 7 Jul 2008 19:26:50 +0000 (19:26 +0000)]
Add EnableTransactions launchd option to CCacheServer
This prevents the CCacheServer from being killed before it is
done handling all the mach messages.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20500
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 7 Jul 2008 19:08:01 +0000 (19:08 +0000)]
krb5int_gic_opte_copy should copy elements individually
Since we are copying from one structure to another, copy elements.
Using memcpy is fragile.
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20499
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Jul 2008 02:30:17 +0000 (02:30 +0000)]
kdc does not compile with glibc 2.8
On Fedora 9, glibc 2.8 is used. The kdc code conditionalizes
IPV6_PKTINFO and HAVE_STRUCT_IN6_PKTINFO in a number of places = but
misses two for the struct one.
/usr/include/netinet/in.h conditionalizes struct in6_pktinfo on
__USE_GNU - which I believe implies a gnu libc extension. People on
the net have defined GNU_SOURCE for various things to compile, etc.
I do note that /usr/include/linux/ipv6.h exists with the same definition.
I believe that ipv6 support in the kdc will not work with these changes - but
the tree compiles.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20498
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 3 Jul 2008 19:00:16 +0000 (19:00 +0000)]
stop exporting a few symbols internal to aes implementation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20497
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 1 Jul 2008 17:50:30 +0000 (17:50 +0000)]
Added type checking for 64-bit platforms
ticket: 6001
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20495
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 1 Jul 2008 17:38:36 +0000 (17:38 +0000)]
krb5_get_error_message returns const char *
Changed temporary variables to use const char *
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20494
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 30 Jun 2008 22:07:06 +0000 (22:07 +0000)]
memcpy(NULL, ptr, 0) is invalid, so don't do it
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20492
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 30 Jun 2008 22:03:49 +0000 (22:03 +0000)]
make depend
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20491
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 27 Jun 2008 19:46:33 +0000 (19:46 +0000)]
Big endian stash file support
Added support for stash files with a consistent endianness (big endian)
so that one can migrate a KDC from a machine with one endianess to
a machine with the other endianess. Used by Kerberos for Macintosh.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20489
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2008 05:41:26 +0000 (05:41 +0000)]
Check for strdup failure. Fix a memory leak in one failure case
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20488
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2008 04:47:23 +0000 (04:47 +0000)]
misc uninitialized-storage accesses
Fix some miscellaneous uninitialized-storage uses, mainly in unlikely error
paths.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20487
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2008 04:18:38 +0000 (04:18 +0000)]
fix ktutil listing with timestamp
ktutil's "list -t" option is supposed to show the timestamp stored in
the keytab file. Instead, it shows some random (uninitialized) value,
interpreted as a timestamp.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20486
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2008 03:33:14 +0000 (03:33 +0000)]
use-after-free bugs
Fix some bugs with storage being used immediately after being freed.
None look like anything an attacker can really manipulate AFAICT.
ticket: new
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20485
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2008 03:20:48 +0000 (03:20 +0000)]
When returning an error, don't also pass back an invalid pointer
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20484
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2008 03:14:39 +0000 (03:14 +0000)]
call kg_delete_lucidctx_id before freeing, not after
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20483
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2008 02:51:09 +0000 (02:51 +0000)]
Memory leak, and possible freed-memory dereference, in an error (small
allocation failure) path.
ticket: 5997
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20482
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2008 02:47:06 +0000 (02:47 +0000)]
misc memory leaks
Fix various memory leaks that show up mostly in error cases (e.g.,
failure to allocate one small object, and then we forget to free
another one).
ticket: new
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20481
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2008 01:26:08 +0000 (01:26 +0000)]
fix free of automatic storage
Fix a possible free of automatic storage that can happen on an
(unlikely) encoding failure.
ticket: new
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20480
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2008 00:31:59 +0000 (00:31 +0000)]
Don't do FD_SETSIZE check on Windows.
Also, for form's sake, use closesocket instead of close inside the check.
Kevin or Jeff, could you please verify that the code works again?
ticket: 5925
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20479
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2008 00:22:43 +0000 (00:22 +0000)]
Fix off-by-one error in range check on file descriptor number
ticket: new
target_version: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20478
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2008 00:20:33 +0000 (00:20 +0000)]
Fix possible null pointer deref, possible uninit ptr use, possible
leak in unlikely small-allocation failure case.
ticket: new
target_version: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20477
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 26 Jun 2008 18:07:47 +0000 (18:07 +0000)]
Apple PKINIT LKDC support
ticket: 5968
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20476
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 25 Jun 2008 21:21:56 +0000 (21:21 +0000)]
Rolled back patch because tickets 4495 and 5124 fix this bug
in a different way.
ticket: 5991
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20474
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 25 Jun 2008 20:01:01 +0000 (20:01 +0000)]
krb5_do_preauth_tryagain should check for NULL padata
Fixed so krb5_do_preauth_tryagain no longer crashes on NULL padata but
instead returns an error.
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20473
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 25 Jun 2008 19:50:11 +0000 (19:50 +0000)]
kadm5_setkey_principal_3 not copying key_data_ver and key_data_kvno
Added lines to copy these fields.
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20472
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 25 Jun 2008 19:14:07 +0000 (19:14 +0000)]
Add new launchd flags to CCacheServer plist file
Added LimitLoadToSessionType "Background" to launch the
CCacheServer once per user rather than only for GUI
sessions.
Added ThrottleInterval key to allow the CCacheServer to
relaunch frequently.
Set CFFIXED_USER_HOME environment variable to prevent the
CCacheServer from accessing the user's home directory.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20471
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 25 Jun 2008 18:30:25 +0000 (18:30 +0000)]
Bump minor version number. Update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20470
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 25 Jun 2008 18:05:08 +0000 (18:05 +0000)]
kdb library now depends on gssrpc; add it to link commands
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20469
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 25 Jun 2008 18:00:39 +0000 (18:00 +0000)]
Pull in xdr_sizeof from tirpc2.3 (which has the same license as our current rpc code)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20468
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 24 Jun 2008 17:51:09 +0000 (17:51 +0000)]
Include kdb_log.h for missing prototypes. Declare conv_princ_2db &
conv_princ_2ulog as static as they are not exported or used outside this file.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20466
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Jun 2008 05:04:29 +0000 (05:04 +0000)]
Merge from branch sun-iprop
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20465
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 20 Jun 2008 17:09:36 +0000 (17:09 +0000)]
Suppress some glibc issues found on x86_64
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20445
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 20 Jun 2008 00:11:26 +0000 (00:11 +0000)]
Remove unused file
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20434
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Jun 2008 21:01:10 +0000 (21:01 +0000)]
Remove test115 for 'bad client params', no longer appropriate
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20429
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 18 Jun 2008 19:36:49 +0000 (19:36 +0000)]
This patch is derived from a patch originally submitted to RT
by: Nik Conwell <nik@bu.edu>
krb5_set_real_time() accepts as input the time of the KDC
or an application server as a combination of seconds and
microseconds. Often it is the case that the time source
does not provide the real time with less than one second
granularity. Up until this patch such a caller would fill
in the microseconds parameter as zero. krb5_set_real_time()
would treat the zero microseconds as the actual reported
time and compute a microsecond based offset.
During a one second window subsequent calls to
krb5_set_real_time() would have an ever increasing offset
size until the number of seconds is incremented. This
in turn produces a side effect in which the microseconds
value of the local clock is effectively erased.
If there are multiple processes or threads on the same
machine each requesting service tickets using the same
client principal for the same service principal where
the number of seconds reported by the KDC are equivalent,
then they will now all create authenticators with
exactly the same timestamp. As a result, the authenticating
service will detect a replay attack even though the
authenticators are actually unique. The replay cache
only maintains a tuple of client, server and timestamp.
This patch modifies the interpretation of the microseconds
parameter. If -1 is specified, the microseconds offset is
ignored.
ticket: 5924
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20413
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 18 Jun 2008 18:14:55 +0000 (18:14 +0000)]
Disable check for invalid client-side admin config parameters in the
config file. Since KDC configuration parameters can now be put in
krb5.conf, this doesn't make sense any more.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20411
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 18 Jun 2008 15:37:27 +0000 (15:37 +0000)]
cci_credentials_iterator_release using wrong message ID
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20410
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 11 Jun 2008 22:53:22 +0000 (22:53 +0000)]
Factor out repeated code for looking up string, port, or deltat config params
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20395
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 11 Jun 2008 17:46:35 +0000 (17:46 +0000)]
Don't build spx.o, since we never enable SPX
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20392
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 11 Jun 2008 17:42:56 +0000 (17:42 +0000)]
New target 'undepend' for temporarily removing generated dependency info
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20390
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 10 Jun 2008 22:46:53 +0000 (22:46 +0000)]
Don't use private copy of syslog.h. Rebuild dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20386
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 10 Jun 2008 22:15:25 +0000 (22:15 +0000)]
Warn against new uses of kadm5_config_params.dbname field
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20384
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 10 Jun 2008 22:03:01 +0000 (22:03 +0000)]
Get rid of handling of set-but-unused kadm5_config_params.admin_dbname
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20383
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 10 Jun 2008 21:49:55 +0000 (21:49 +0000)]
Remove documentation for no-longer-supported admin_dbname argument
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20382
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 10 Jun 2008 21:43:41 +0000 (21:43 +0000)]
Get rid of handling of set-but-unused kadm5_config_params.admin_lockfile
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20381
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 9 Jun 2008 22:15:23 +0000 (22:15 +0000)]
Don't check for NULL before calling free or krb5_xfree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20379
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 8 Jun 2008 05:22:25 +0000 (05:22 +0000)]
Report file name in detailed cache creation error
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20371
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 8 Jun 2008 05:19:50 +0000 (05:19 +0000)]
Do hash stuff with unsigned math
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20370
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 6 Jun 2008 21:26:51 +0000 (21:26 +0000)]
Annotate that 'protocol' in svc_register means an IPPROTO_ value
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20367
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 6 Jun 2008 17:30:28 +0000 (17:30 +0000)]
On Mac OS X, try poking launchd to get the portmapper launched before
we try to connect to it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20364
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 6 Jun 2008 17:27:50 +0000 (17:27 +0000)]
Check for GSS_C_NO_CREDENTIAL before loop check
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20363
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 4 Jun 2008 22:03:20 +0000 (22:03 +0000)]
We're not using this makedepend implementation any more
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20362
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 3 Jun 2008 17:48:59 +0000 (17:48 +0000)]
Revert a few const specs to reduce warnings
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20358
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 3 Jun 2008 00:13:25 +0000 (00:13 +0000)]
Fix various minor format-string issues
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20356
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 3 Jun 2008 00:07:43 +0000 (00:07 +0000)]
Passing 0 to krb5_build_principal requires a cast
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20355
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 2 Jun 2008 23:46:17 +0000 (23:46 +0000)]
Don't use 'log' as a global variable name
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20354
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 2 Jun 2008 23:45:35 +0000 (23:45 +0000)]
Explicitly note number as unsigned to shut gcc up
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20353
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 2 Jun 2008 23:41:32 +0000 (23:41 +0000)]
Partial const-ification, as indicated by the modern Tcl API, except
for any bits that would require changing the admin APIs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20352
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 2 Jun 2008 23:04:09 +0000 (23:04 +0000)]
Fix a few incompatible-pointer warnings that aren't just about signedness
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20351
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 2 Jun 2008 19:45:16 +0000 (19:45 +0000)]
Change krb5_context.db_context to point to the real structure type,
and change uses to not cast all the time. Also rename it from
db_context to dal_handle, since one of the fields in the pointed-to
structure is also called db_context.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20348
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 30 May 2008 20:48:28 +0000 (20:48 +0000)]
Add header for kill() in USE_PASSWORD_SERVER case
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20347
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 30 May 2008 20:47:03 +0000 (20:47 +0000)]
Apple PKINIT patch commit
Commit of Apple PKINIT patches under "APPLE_PKINIT" preprocessor symbol.
Long term goal is to merge these patches with the pkinit preauth plugin which
does not currently have support for Mac OS X crypto libraries or the exported
functions used by Back To My Mac.
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20346
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 30 May 2008 19:35:56 +0000 (19:35 +0000)]
No prototype when building kdb5_util without krb4 support
Move stdio inclusion to the top of the file so there is a definition of
printf when building without v4 support.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20345
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 30 May 2008 18:28:35 +0000 (18:28 +0000)]
Warnings in server_stubs.c (signed vs unsigned errmsg, gcc printf)
server_stubs.c uses char * for error messages which it gets from com_err,
throwing away the constness of the com_err output. Made error message args
be const char * to remove warnings and prevent accidental modification of
com_err strings.
In calls to krb5_klog_syslog server_stubs.c passes void* into %s printf
formats and passes size_ts in for the field widths in %.*s formats. After
verifying that the size_ts cannot be bigger than ints (which is ensured by
trunc_name) added casts to remove spurious warnings.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20344
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 30 May 2008 18:01:09 +0000 (18:01 +0000)]
signed vs unsigned char * warnings in kdb_xdr.c
load and store functions in k5-platform.h take an unsigned char *, whereas
kdb_xdr.c was using a char * for decoding. This resulted in pages of warnings
in the parsing code. Switched to using an unsigned char * and cast in the
couple places where a char * is needed.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20343
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 27 May 2008 16:25:51 +0000 (16:25 +0000)]
Profile library should not call rw_access earlier than needed
Call rw_access lazily so we only call access just before we need to
write to the file to avoid calling access as often. Deprecated bit in
profile structures to track writability.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20341
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 19 May 2008 18:12:49 +0000 (18:12 +0000)]
Use $(DL_LIB) instead of explicit -ldl
ticket: 5899
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20325
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 17 May 2008 01:11:42 +0000 (01:11 +0000)]
Force hostname to lowercase before constructing kadmin principal name.
Allocate space for the name dynamically.
ticket: 5943
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20323
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 16 May 2008 22:52:49 +0000 (22:52 +0000)]
Minor spelling & comment formatting
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20322
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 15 May 2008 23:08:23 +0000 (23:08 +0000)]
Move auto var to outer scope, because its storage is used beyond the inner scope
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20320
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 15 May 2008 23:06:12 +0000 (23:06 +0000)]
Don't test error code when it's known to be 0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20319
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 15 May 2008 23:03:54 +0000 (23:03 +0000)]
Fix minor bug in kg_save_name failure cleanup code
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20318
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 15 May 2008 23:01:23 +0000 (23:01 +0000)]
Free context after use, not before
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20317
dc483132-0cff-0310-8789-
dd5450dbe970
Russ Allbery [Sun, 11 May 2008 03:54:41 +0000 (03:54 +0000)]
Fix a typo in krb5.conf: ldap_server should be ldap_servers, as the
latter is what the LDAP KDB plugin looks for.
Ticket: 5544
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20316
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 7 May 2008 19:40:32 +0000 (19:40 +0000)]
Added kim documentation
ticket: 5960
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20315
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 7 May 2008 19:30:12 +0000 (19:30 +0000)]
Move KIM implementation to the krb5 repository
Moved sources and headers.
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20314
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 30 Apr 2008 23:46:29 +0000 (23:46 +0000)]
(more) After malloc/realloc/calloc/strdup/asprintf failures, use
ENOMEM explicitly instead of reading it from errno. This may make
static analysis tools less confused about when we return zero vs
nonzero values.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20313
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 30 Apr 2008 23:18:21 +0000 (23:18 +0000)]
After malloc/realloc/calloc failures, return ENOMEM explicitly instead
of reading it from errno. This may make static analysis tools less
confused about when we return zero vs nonzero values.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20312
dc483132-0cff-0310-8789-
dd5450dbe970
Russ Allbery [Mon, 28 Apr 2008 23:05:27 +0000 (23:05 +0000)]
Properly escape - in kdb5_ldap_util man page
The LDAP plugin introduced a new man page which has unescaped hyphens.
Unicode-aware groffs may convert those to real hyphens rather than
the intended ASCII hyphen. This patch adds backslashes in front of
all the bare hyphens that I plus Debian's lintian program could find
to force interpretation as ASCII hyphens.
Ticket: new
Component: krb5-doc
Version_Reported: 1.6.3
Target_Version: 1.6.4
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20311
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Apr 2008 18:38:52 +0000 (18:38 +0000)]
Left-shifting all the way in signed math is undefined, use unsigned
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20310
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Apr 2008 18:17:29 +0000 (18:17 +0000)]
Multiple assignments without sequence points invoke undefined
behavior, even if the assignments all compute and store the same
value. Don't put an assignment in the argument to macro ff().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20309
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 25 Apr 2008 17:16:21 +0000 (17:16 +0000)]
Generate a large enough array to hold all the base/extension pairs.
Store pairs without overlapping.
ticket: 5948
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20308
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 24 Apr 2008 18:03:05 +0000 (18:03 +0000)]
Remove sched_yield uses
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20307
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 24 Apr 2008 17:12:28 +0000 (17:12 +0000)]
Don't do UTF-8 bits (and include Apple headers) when just rebuilding dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20306
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 18 Apr 2008 19:31:47 +0000 (19:31 +0000)]
fix possible buffer overrun in handling generic-error return
Jeff Altman reported this, based on a crash seen in KfW in the wild.
The krb5_data handle used to describe the message field returned by the KDC is
not null-terminated, but we use a "%s" format to incorporate it into an error
message string. In the right circumstances, garbage bytes can be pulled into
the string, or a memory fault may result.
However, as this is in the error-reporting part of the client-side code for
fetching new credentials, it's a relatively minor DoS attack only, not a
serious security exposure. Should be fixed in the next releases, though.
ticket: new
target_version: 1.6.5
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20304
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 3 Apr 2008 18:00:38 +0000 (18:00 +0000)]
Pull out generic array expansion code from array_append macro into a
separate function. Add some range checks, and don't bother separating
malloc vs realloc depending on previous pointer value.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20302
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 29 Mar 2008 01:10:30 +0000 (01:10 +0000)]
Coverity CID 220: NULL check of "buf" after dereference
All call sites have previously dereferenced the pointer, but to keep
the interface simple, keep the null check, and move the dereference to
after it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20300
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 29 Mar 2008 01:10:04 +0000 (01:10 +0000)]
Coverity CID 46: mech_type will always have the address of an
automatic variable, so can never be null (GSS_C_NULL_OID).
Delete null check and unreachable conditional code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20299
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 29 Mar 2008 01:09:49 +0000 (01:09 +0000)]
Coverity CID 47: Unreachable code
Delete redundant "status" check.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20298
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 29 Mar 2008 01:09:26 +0000 (01:09 +0000)]
Coverity CID 91: Context is tested for null, and then unconditionally
dereferenced.
Remove unneeded null check.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20297
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 29 Mar 2008 01:09:00 +0000 (01:09 +0000)]
Coverity CID 101: Fix minor bounds check error
Coverity CID 101: Fix minor bounds check error.
ticket: new
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20296
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 29 Mar 2008 01:08:31 +0000 (01:08 +0000)]
Coverity CID 228: Possible use of uninitialized variable time_req in
gss_add_cred if cred_usage has an invalid value. (Also flagged by
GCC.)
Changed validation routines for gss_add_cred, gss_acquire_cred, and
gss_store_cred to check the cred_usage value.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20295
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 21 Mar 2008 19:04:40 +0000 (19:04 +0000)]
Protect CFBundle calls with mutexes
CFBundles are refcounted and the recounts are not threadsafe.
Protect CFBundles used for loading bundled plugins with a
mutex to prevent crashes when multiple threads are loading
and unloading the same plugin.
As part of this we use thread-safe dlopen/dlsym/dlclose
for the actual loading and unloading and just use CFBundle
to get the path to the actual executable. This reduces
the number of places we need to wrap CFBundles with mutexes
and the amount of Mac-specific code in the plugin code.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20285
dc483132-0cff-0310-8789-
dd5450dbe970
Kevin Koch [Thu, 20 Mar 2008 15:28:11 +0000 (15:28 +0000)]
Generate ccapi.def export list from V2, V3, debug lists. It is no longer a file in the repository
Update test Makefile.in to use file ccapi_string.c.
TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594
Tags: pullup
Subj: Work on compiling the CCAPI test suite on Windows.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20284
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 18 Mar 2008 20:07:14 +0000 (20:07 +0000)]
Fix MITKRB5-SA-2008-001 on trunk. Patch differs from the released one
for 1.6 because of code divergence.
ticket: 5919
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20280
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 18 Mar 2008 19:25:16 +0000 (19:25 +0000)]
CCacheServer should track client iterators
The CCacheServer needs to track client iterators so that if
a client crashes while iterating the resources on the server
for that iterator are freed.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20279
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 18 Mar 2008 18:55:26 +0000 (18:55 +0000)]
MITKRB5-SA-2008-002
Fix MITKRB5-SA-2008-002: array overrun in libgssrpc.
Don't update the internally-tracked maximum file descriptor value if
the new one is FD_SETSIZE (or NOFILE) or above. Reject TCP file
descriptors of FD_SETSIZE (NOFILE) or above.
ticket: new
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20278
dc483132-0cff-0310-8789-
dd5450dbe970
Kevin Koch [Tue, 18 Mar 2008 17:40:04 +0000 (17:40 +0000)]
Detect if the Vista version of ntsecapi.h is present
TargetVersion: 1.7
Component: krb5-libs
Ticket: 19569
tAGS: PULLUP
Subj: Tweaks for 1.7 build on Windows.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20277
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 14 Mar 2008 18:47:32 +0000 (18:47 +0000)]
cc_ccache_iterator_release, cc_credentials_iterator leak server memory
cc_ccache_iterator_release and cc_credentials_iterator leak memory on the
CCacheServer because they do not send an ipc message to the server telling it
to free up resources associated with the iterator.
Note: this issue does not track needing to be able to free up these same
resources when the client crashes.
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20276
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / log