Age | Commit message (Collapse) | Author | Files | Lines |
|
format stash file
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20627 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20525 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_db_def_fetch_mkey_keytab() so that it does use the mkey princ arg to locate the masterkey in the keytab stash. Also changed the error reporting done by krb5_db_def_fetch_mkey() to call error_message() on the return code of the keytab stash fetch and the old format stash fetch and set the error message to include both of those since this is an ambiguous situation. And test case 108 in src/kerberos/mit/svn/branches/mkey_keytab/src/lib/kadm5/unit-test/api.2/init-v2.exp was modified to expect KRB5_KDB_CANTREAD_STORED instead of KDB_NOMASTERKEY.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20493 dc483132-0cff-0310-8789-dd5450dbe970
|
|
the keys against specified kvno and enctypes. The code now correctly check for either kvno, enctype or both if specified
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20490 dc483132-0cff-0310-8789-dd5450dbe970
|
|
This ticket is to track code changes for the Masterkey Keytab Stash project. The Krb Consortium page is:
http://k5wiki.kerberos.org/wiki/Projects/Masterkey_Keytab_Stash
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20475 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20467 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20464 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kdb5_util dump -mkey_convert
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20430 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20369 dc483132-0cff-0310-8789-dd5450dbe970
|
|
old format stash file
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20368 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20367 dc483132-0cff-0310-8789-dd5450dbe970
|
|
we try to connect to it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20364 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20363 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20362 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20358 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20356 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20355 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20354 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20353 dc483132-0cff-0310-8789-dd5450dbe970
|
|
for any bits that would require changing the admin APIs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20352 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20351 dc483132-0cff-0310-8789-dd5450dbe970
|
|
and change uses to not cast all the time. Also rename it from
db_context to dal_handle, since one of the fields in the pointed-to
structure is also called db_context.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20348 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20347 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Commit of Apple PKINIT patches under "APPLE_PKINIT" preprocessor symbol.
Long term goal is to merge these patches with the pkinit preauth plugin which
does not currently have support for Mac OS X crypto libraries or the exported
functions used by Back To My Mac.
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20346 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Move stdio inclusion to the top of the file so there is a definition of
printf when building without v4 support.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20345 dc483132-0cff-0310-8789-dd5450dbe970
|
|
server_stubs.c uses char * for error messages which it gets from com_err,
throwing away the constness of the com_err output. Made error message args
be const char * to remove warnings and prevent accidental modification of
com_err strings.
In calls to krb5_klog_syslog server_stubs.c passes void* into %s printf
formats and passes size_ts in for the field widths in %.*s formats. After
verifying that the size_ts cannot be bigger than ints (which is ensured by
trunc_name) added casts to remove spurious warnings.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20344 dc483132-0cff-0310-8789-dd5450dbe970
|
|
load and store functions in k5-platform.h take an unsigned char *, whereas
kdb_xdr.c was using a char * for decoding. This resulted in pages of warnings
in the parsing code. Switched to using an unsigned char * and cast in the
couple places where a char * is needed.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20343 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Call rw_access lazily so we only call access just before we need to
write to the file to avoid calling access as often. Deprecated bit in
profile structures to track writability.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20341 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 5899
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20325 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Allocate space for the name dynamically.
ticket: 5943
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20323 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20322 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20320 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20319 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20318 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20317 dc483132-0cff-0310-8789-dd5450dbe970
|
|
latter is what the LDAP KDB plugin looks for.
Ticket: 5544
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20316 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 5960
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20315 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Moved sources and headers.
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20314 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ENOMEM explicitly instead of reading it from errno. This may make
static analysis tools less confused about when we return zero vs
nonzero values.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20313 dc483132-0cff-0310-8789-dd5450dbe970
|
|
of reading it from errno. This may make static analysis tools less
confused about when we return zero vs nonzero values.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20312 dc483132-0cff-0310-8789-dd5450dbe970
|
|
The LDAP plugin introduced a new man page which has unescaped hyphens.
Unicode-aware groffs may convert those to real hyphens rather than
the intended ASCII hyphen. This patch adds backslashes in front of
all the bare hyphens that I plus Debian's lintian program could find
to force interpretation as ASCII hyphens.
Ticket: new
Component: krb5-doc
Version_Reported: 1.6.3
Target_Version: 1.6.4
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20311 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20310 dc483132-0cff-0310-8789-dd5450dbe970
|
|
behavior, even if the assignments all compute and store the same
value. Don't put an assignment in the argument to macro ff().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20309 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Store pairs without overlapping.
ticket: 5948
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20308 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20307 dc483132-0cff-0310-8789-dd5450dbe970
|
|
dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20306 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Jeff Altman reported this, based on a crash seen in KfW in the wild.
The krb5_data handle used to describe the message field returned by the KDC is
not null-terminated, but we use a "%s" format to incorporate it into an error
message string. In the right circumstances, garbage bytes can be pulled into
the string, or a memory fault may result.
However, as this is in the error-reporting part of the client-side code for
fetching new credentials, it's a relatively minor DoS attack only, not a
serious security exposure. Should be fixed in the next releases, though.
ticket: new
target_version: 1.6.5
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20304 dc483132-0cff-0310-8789-dd5450dbe970
|
|
separate function. Add some range checks, and don't bother separating
malloc vs realloc depending on previous pointer value.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20302 dc483132-0cff-0310-8789-dd5450dbe970
|
|
All call sites have previously dereferenced the pointer, but to keep
the interface simple, keep the null check, and move the dereference to
after it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20300 dc483132-0cff-0310-8789-dd5450dbe970
|
|
automatic variable, so can never be null (GSS_C_NULL_OID).
Delete null check and unreachable conditional code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20299 dc483132-0cff-0310-8789-dd5450dbe970
|