aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-08-07Add test case to test that new mkey stash code is backward compat with old ↵mkey_keytabWill Fiveash6-2/+68
format stash file git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20627 dc483132-0cff-0310-8789-dd5450dbe970
2008-07-15Files updated as a result of code review from Ken RaeburnWill Fiveash5-79/+79
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20525 dc483132-0cff-0310-8789-dd5450dbe970
2008-07-01Talked with MIT people and decided to revert the logic of Will Fiveash4-72/+34
krb5_db_def_fetch_mkey_keytab() so that it does use the mkey princ arg to locate the masterkey in the keytab stash. Also changed the error reporting done by krb5_db_def_fetch_mkey() to call error_message() on the return code of the keytab stash fetch and the old format stash fetch and set the error message to include both of those since this is an ambiguous situation. And test case 108 in src/kerberos/mit/svn/branches/mkey_keytab/src/lib/kadm5/unit-test/api.2/init-v2.exp was modified to expect KRB5_KDB_CANTREAD_STORED instead of KDB_NOMASTERKEY. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20493 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-27The logic of the krb5_db_def_fetch_mkey_keytab() was off a bit when checking ↵Will Fiveash1-3/+5
the keys against specified kvno and enctypes. The code now correctly check for either kvno, enctype or both if specified git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20490 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-25Masterkey Keytab StashWill Fiveash6-23/+27
This ticket is to track code changes for the Masterkey Keytab Stash project. The Krb Consortium page is: http://k5wiki.kerberos.org/wiki/Projects/Masterkey_Keytab_Stash ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20475 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-25All relevant tests in local src tree passWill Fiveash2-47/+55
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20467 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-24fixed a few more bugs, most tests are passing but may have some more work to doWill Fiveash2-24/+35
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20464 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-19second commit to backup files, tweaked some logic to better support ↵Will Fiveash11-67/+139
kdb5_util dump -mkey_convert git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20430 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-06first commit to backup my changesWill Fiveash22-108/+349
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20369 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-06Branch for the changes to stash the master key in a keytab instead of the ↵Will Fiveash0-0/+0
old format stash file git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_keytab@20368 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-06Annotate that 'protocol' in svc_register means an IPPROTO_ valueKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20367 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-06On Mac OS X, try poking launchd to get the portmapper launched beforeKen Raeburn1-3/+55
we try to connect to it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20364 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-06Check for GSS_C_NO_CREDENTIAL before loop checkKen Raeburn1-3/+3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20363 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-04We're not using this makedepend implementation any moreKen Raeburn10-3026/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20362 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-03Revert a few const specs to reduce warningsKen Raeburn1-5/+5
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20358 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-03Fix various minor format-string issuesKen Raeburn7-22/+25
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20356 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-03Passing 0 to krb5_build_principal requires a castKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20355 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-02Don't use 'log' as a global variable nameKen Raeburn1-40/+40
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20354 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-02Explicitly note number as unsigned to shut gcc upKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20353 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-02Partial const-ification, as indicated by the modern Tcl API, exceptKen Raeburn2-93/+104
for any bits that would require changing the admin APIs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20352 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-02Fix a few incompatible-pointer warnings that aren't just about signednessKen Raeburn5-13/+17
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20351 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-02Change krb5_context.db_context to point to the real structure type,Ken Raeburn16-142/+142
and change uses to not cast all the time. Also rename it from db_context to dal_handle, since one of the fields in the pointed-to structure is also called db_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20348 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-30Add header for kill() in USE_PASSWORD_SERVER caseAlexandra Ellwood1-0/+2
ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20347 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-30Apple PKINIT patch commitAlexandra Ellwood20-10/+4912
Commit of Apple PKINIT patches under "APPLE_PKINIT" preprocessor symbol. Long term goal is to merge these patches with the pkinit preauth plugin which does not currently have support for Mac OS X crypto libraries or the exported functions used by Back To My Mac. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20346 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-30No prototype when building kdb5_util without krb4 supportAlexandra Ellwood1-1/+2
Move stdio inclusion to the top of the file so there is a definition of printf when building without v4 support. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20345 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-30Warnings in server_stubs.c (signed vs unsigned errmsg, gcc printf)Alexandra Ellwood1-39/+44
server_stubs.c uses char * for error messages which it gets from com_err, throwing away the constness of the com_err output. Made error message args be const char * to remove warnings and prevent accidental modification of com_err strings. In calls to krb5_klog_syslog server_stubs.c passes void* into %s printf formats and passes size_ts in for the field widths in %.*s formats. After verifying that the size_ts cannot be bigger than ints (which is ensured by trunc_name) added casts to remove spurious warnings. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20344 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-30signed vs unsigned char * warnings in kdb_xdr.cAlexandra Ellwood1-6/+6
load and store functions in k5-platform.h take an unsigned char *, whereas kdb_xdr.c was using a char * for decoding. This resulted in pages of warnings in the parsing code. Switched to using an unsigned char * and cast in the couple places where a char * is needed. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20343 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-27Profile library should not call rw_access earlier than neededAlexandra Ellwood3-9/+20
Call rw_access lazily so we only call access just before we need to write to the file to avoid calling access as often. Deprecated bit in profile structures to track writability. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20341 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-19Use $(DL_LIB) instead of explicit -ldlKen Raeburn1-1/+1
ticket: 5899 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20325 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-17Force hostname to lowercase before constructing kadmin principal name.Ken Raeburn1-2/+22
Allocate space for the name dynamically. ticket: 5943 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20323 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-16Minor spelling & comment formattingKen Raeburn1-13/+19
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20322 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-15Move auto var to outer scope, because its storage is used beyond the inner scopeKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20320 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-15Don't test error code when it's known to be 0Ken Raeburn1-3/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20319 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-15Fix minor bug in kg_save_name failure cleanup codeKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20318 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-15Free context after use, not beforeKen Raeburn1-2/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20317 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-11Fix a typo in krb5.conf: ldap_server should be ldap_servers, as theRuss Allbery1-2/+2
latter is what the LDAP KDB plugin looks for. Ticket: 5544 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20316 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-07Added kim documentationAlexandra Ellwood30-0/+8143
ticket: 5960 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20315 dc483132-0cff-0310-8789-dd5450dbe970
2008-05-07Move KIM implementation to the krb5 repositoryAlexandra Ellwood56-0/+20880
Moved sources and headers. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20314 dc483132-0cff-0310-8789-dd5450dbe970
2008-04-30(more) After malloc/realloc/calloc/strdup/asprintf failures, useKen Raeburn10-31/+31
ENOMEM explicitly instead of reading it from errno. This may make static analysis tools less confused about when we return zero vs nonzero values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20313 dc483132-0cff-0310-8789-dd5450dbe970
2008-04-30After malloc/realloc/calloc failures, return ENOMEM explicitly insteadKen Raeburn21-51/+51
of reading it from errno. This may make static analysis tools less confused about when we return zero vs nonzero values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20312 dc483132-0cff-0310-8789-dd5450dbe970
2008-04-28Properly escape - in kdb5_ldap_util man pageRuss Allbery1-55/+55
The LDAP plugin introduced a new man page which has unescaped hyphens. Unicode-aware groffs may convert those to real hyphens rather than the intended ASCII hyphen. This patch adds backslashes in front of all the bare hyphens that I plus Debian's lintian program could find to force interpretation as ASCII hyphens. Ticket: new Component: krb5-doc Version_Reported: 1.6.3 Target_Version: 1.6.4 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20311 dc483132-0cff-0310-8789-dd5450dbe970
2008-04-25Left-shifting all the way in signed math is undefined, use unsignedKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20310 dc483132-0cff-0310-8789-dd5450dbe970
2008-04-25Multiple assignments without sequence points invoke undefinedKen Raeburn1-6/+12
behavior, even if the assignments all compute and store the same value. Don't put an assignment in the argument to macro ff(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20309 dc483132-0cff-0310-8789-dd5450dbe970
2008-04-25Generate a large enough array to hold all the base/extension pairs.Alexandra Ellwood1-11/+17
Store pairs without overlapping. ticket: 5948 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20308 dc483132-0cff-0310-8789-dd5450dbe970
2008-04-24Remove sched_yield usesKen Raeburn1-56/+10
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20307 dc483132-0cff-0310-8789-dd5450dbe970
2008-04-24Don't do UTF-8 bits (and include Apple headers) when just rebuilding ↵Ken Raeburn1-2/+2
dependencies git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20306 dc483132-0cff-0310-8789-dd5450dbe970
2008-04-18fix possible buffer overrun in handling generic-error returnKen Raeburn1-2/+3
Jeff Altman reported this, based on a crash seen in KfW in the wild. The krb5_data handle used to describe the message field returned by the KDC is not null-terminated, but we use a "%s" format to incorporate it into an error message string. In the right circumstances, garbage bytes can be pulled into the string, or a memory fault may result. However, as this is in the error-reporting part of the client-side code for fetching new credentials, it's a relatively minor DoS attack only, not a serious security exposure. Should be fixed in the next releases, though. ticket: new target_version: 1.6.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20304 dc483132-0cff-0310-8789-dd5450dbe970
2008-04-03Pull out generic array expansion code from array_append macro into aKen Raeburn1-7/+22
separate function. Add some range checks, and don't bother separating malloc vs realloc depending on previous pointer value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20302 dc483132-0cff-0310-8789-dd5450dbe970
2008-03-29Coverity CID 220: NULL check of "buf" after dereferenceKen Raeburn1-1/+3
All call sites have previously dereferenced the pointer, but to keep the interface simple, keep the null check, and move the dereference to after it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20300 dc483132-0cff-0310-8789-dd5450dbe970
2008-03-29Coverity CID 46: mech_type will always have the address of anKen Raeburn1-3/+0
automatic variable, so can never be null (GSS_C_NULL_OID). Delete null check and unreachable conditional code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20299 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-09-17 17:36:39 +0000