aboutsummaryrefslogtreecommitdiff
path: root/src/lib/rpc
AgeCommit message (Collapse)AuthorFilesLines
2009-11-22Consolidate Makefile variables now that we have only a single globalGreg Hudson4-247/+244
configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
2009-11-02Clean up a bunch of signed/unsigned comparison warningsGreg Hudson3-5/+6
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23120 dc483132-0cff-0310-8789-dd5450dbe970
2009-10-31make mark-cstyleTom Yu54-715/+705
make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
2009-09-16Re-run make depend without autoconf.h in the source treeGreg Hudson2-40/+37
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
2009-09-16Crypto modularity proj.: Move prf and random-to-key ops from backend to krbZhanna Tsitkov2-37/+40
bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769 dc483132-0cff-0310-8789-dd5450dbe970
2009-08-13Remove kadmin v1 API supportGreg Hudson2-15/+15
The kadmin v1 API and the even older ovsec_kadm_* API were legacy when kadmin was first incorporated in 1996, and compatibility with them is no longer believed to be necessary. The uninstalled kadmin/passwd has been removed (since it used the ovsec API). The test suite has been updated to use the v2 API where appropriate, and the parts specifically designed to test the old API have been excised. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22521 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-06Cleanup some warnings due to getsockname's third argument is sometimesEzra Peisach3-4/+15
unsigned. Use GETSOCKNAME_ARG3_TYPE and fallback to int if not defined. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21904 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-05Detect failure to register with rpcbind/portmap due to securityEzra Peisach4-3/+28
restrictons and not bomb out in tests. ticket: 6349 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21895 dc483132-0cff-0310-8789-dd5450dbe970
2009-02-02Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn7-14/+14
unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-28Run a single expect statement to read from both client and server, toTom Yu1-16/+9
avoid an apparent race condition on Darwin. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21814 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-22Define valgrind macros as no-ops if not USE_VALGRIND, and use ↵Ken Raeburn1-26/+3
unconditionally, per Danilo's suggestion git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21773 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-20When encoding, and compiling with -DUSE_VALGRIND, explicitly get valgrind to ↵Ken Raeburn1-0/+61
check the inputs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21766 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-16Use valgrind in more cases if VALGRIND is setKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21754 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-05move generated dependencies out of Makefile.inKen Raeburn4-362/+358
Move automatically-generated dependencies into separate files in the source tree, and take the data out of Makefile.in. Keep the "make depend" rules for stripping out the dependencies from Makefile.in, in case some optional directories were missed, but everything that builds on my UNIX build has been converted. (Converting a directory just requires creating an empty "deps" file so that config.status can build the makefile, and then later running "make depend" in that directory to get the correct content for it.) Change configure scripts to incorporate the "deps" file when building each Makefile. This change requires the existence of a file "deps" in each source directory where we build a makefile, even if there are no sources for which to compute dependencies; a switch to GNU make would let us conditionalize that, but we can assess that later. Update dependencies for the generate Makefile itself to list the deps file. This will also require some minor tweaking of the Windows build, to make it incorporate the new deps file. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
2009-01-03Merge mskrb-integ onto trunkSam Hartman1-9/+10
The mskrb-integ branch includes support for the following projects: Projects/Aliases * Projects/PAC and principal APIs * Projects/AEAD encryption API * Projects/GSSAPI DCE * Projects/RFC 3244 In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions. In the KDC it includes support for protocol transition, constrained delegation and a new authorization data interface. The old authorization data interface is also supported. This commit merges the mskrb-integ branch on to the trunk. Additional review and testing is required. Merge commit 'mskrb-integ' into trunk ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
2008-12-30Signed/unsigned fixesEzra Peisach2-3/+5
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21639 dc483132-0cff-0310-8789-dd5450dbe970
2008-12-29Add gssrpcint.h to contain prototype for gssrpcint_printf. IncludeEzra Peisach5-6/+51
gcc printf attribute if supported. Include header file and fix up some of the debugging printf arguments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21632 dc483132-0cff-0310-8789-dd5450dbe970
2008-12-02make dependSam Hartman1-1/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21266 dc483132-0cff-0310-8789-dd5450dbe970
2008-12-02add k5-platform.h for asprintfTom Yu1-0/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21260 dc483132-0cff-0310-8789-dd5450dbe970
2008-12-01Convert many uses of sprintf to snprintf or asprintfGreg Hudson2-3/+2
ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21258 dc483132-0cff-0310-8789-dd5450dbe970
2008-11-04Don't build dependencies for v4rcp.c.Ken Raeburn1-8/+9
Rebuild dependencies for k5-buf.h, and without krb4 support. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20964 dc483132-0cff-0310-8789-dd5450dbe970
2008-10-19Include k5-platform.h for SIZE_MAXEzra Peisach1-0/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20897 dc483132-0cff-0310-8789-dd5450dbe970
2008-10-02Increase the default RPC timeout for kadmin from 25 seconds to 120Greg Hudson1-2/+2
seconds. Code changes from a patch submitted by umich. ticket: 6120 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20810 dc483132-0cff-0310-8789-dd5450dbe970
2008-10-02In clntudp_call, fix a bug in the handling of an error case (it failedGreg Hudson1-1/+0
to set the error status field and generated a dead code warning). ticket: 6121 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20809 dc483132-0cff-0310-8789-dd5450dbe970
2008-09-18makedependKen Raeburn1-18/+21
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731 dc483132-0cff-0310-8789-dd5450dbe970
2008-08-05specify return type of 'harmless'Ken Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20605 dc483132-0cff-0310-8789-dd5450dbe970
2008-07-23In the gss rpc package, replace the type used for a Jeffrey Altman6-29/+32
socket on Windows with SOCKET (instead of int) and replace all calls to close() that are used to close sockets with closesocket(). src/include/port-sockets.h includes the definitions of SOCKET and closesocket() for non-Windows systems. ticket: 6041 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20578 dc483132-0cff-0310-8789-dd5450dbe970
2008-07-09Use autogenerated darwin.exports files for server frameworksAlexandra Ellwood1-0/+2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20506 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-27misc memory leaksKen Raeburn1-0/+1
Fix various memory leaks that show up mostly in error cases (e.g., failure to allocate one small object, and then we forget to free another one). ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20481 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-27Fix possible null pointer deref, possible uninit ptr use, possibleKen Raeburn1-6/+13
leak in unlikely small-allocation failure case. ticket: new target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20477 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-25Bump minor version number. Update dependenciesKen Raeburn1-1/+4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20470 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-25Pull in xdr_sizeof from tirpc2.3 (which has the same license as our current ↵Ken Raeburn3-0/+167
rpc code) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20468 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-10Don't use private copy of syslog.h. Rebuild dependenciesKen Raeburn1-2/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20386 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-06On Mac OS X, try poking launchd to get the portmapper launched beforeKen Raeburn1-3/+55
we try to connect to it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20364 dc483132-0cff-0310-8789-dd5450dbe970
2008-06-02Fix a few incompatible-pointer warnings that aren't just about signednessKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20351 dc483132-0cff-0310-8789-dd5450dbe970
2008-04-25Left-shifting all the way in signed math is undefined, use unsignedKen Raeburn1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20310 dc483132-0cff-0310-8789-dd5450dbe970
2008-03-18MITKRB5-SA-2008-002Ken Raeburn2-2/+29
Fix MITKRB5-SA-2008-002: array overrun in libgssrpc. Don't update the internally-tracked maximum file descriptor value if the new one is FD_SETSIZE (or NOFILE) or above. Reject TCP file descriptors of FD_SETSIZE (NOFILE) or above. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20278 dc483132-0cff-0310-8789-dd5450dbe970
2007-12-14fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal()Tom Yu1-1/+1
ticket: 5855 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20181 dc483132-0cff-0310-8789-dd5450dbe970
2007-10-22Set close-on-exec flag in most places where file descriptors areKen Raeburn6-12/+29
opened in our libraries (in case another application thread spawns a new process) and in the KDC programs (in case a plugin library spawns a new process). Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup dup2 pipe. In: util lib plugins kdc kadmin/server krb524. The various programs are less critical than the libraries, as any well-written plugin that spawns a new process should close all file descriptors it doesn't need to communicate with the new process. This approach also isn't bulletproof, as the call to set the close-on-exec flag is necessarily a separate call from creating the file descriptor, and the fork call could happen in between them. So plugins should be careful regardless of this patch; it will only reduce the window of potential lossage should a plugin be poorly written. (AFAIK there are currently no plugins that spawn processes where this would be a problem.) Update dependencies. ticket: 5561 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
2007-09-05Revise patch to avoid 32-byte overflow which remained after theTom Yu1-2/+10
initial patch. Memory written to by the IXDR macro calls had not been accounted for. Thanks to Kevin Coffman, Will Fiveash, and Nico Williams for discovering this bug and assisting with patch development. ticket: 5706 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19923 dc483132-0cff-0310-8789-dd5450dbe970
2007-09-05Rework error-mapping code to preserve status code values when returnedKen Raeburn2-9/+6
by only one mechanism. Revert RPC code to relying on this. Build error-mapping code on a bidirectional map instead of a simple array. When a status code is returned but has been seen returned from a different mechanism already, generate a new number, starting at 100,000. Use gssrpcint_printf for some more debugging code. ticket: 5654 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19919 dc483132-0cff-0310-8789-dd5450dbe970
2007-09-04Support using valgrind on test programsKen Raeburn2-1/+44
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19916 dc483132-0cff-0310-8789-dd5450dbe970
2007-09-04fix CVE-2007-3999 svc_auth_gss.c buffer overflowTom Yu1-1/+1
Make sure svcauth_gss_validate adequately checks oa->oa_length prior to copying into rpcbuf. ticket: new target_version: 1.6.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19913 dc483132-0cff-0310-8789-dd5450dbe970
2007-08-16remap mechanism-specific status codes in mechglue/spnegoKen Raeburn2-2/+31
This patch creates a mapping in the mechglue/spnego code to modify mechanism status codes when passing them back to the application, so that mechglue's display_status dispatcher can determine the correct mechanism to dispatch to. This is part of the "get enhanced error messages from gssapi applications" project; ticket 5590 has updates to the Kerberos 5 mechanism to extract enhanced error messages (when there are any) from the Kerberos library. util/gen.pl, util/t_*.pm: New code generation script and templates. lib/gssapi/generic: Add a new, global mapping that enumerates the {mechOID,status} pairs as they're seen, allowing a magic mechOID value to indicate com_err error codes from mechglue and spnego, and reserving status code 0 for unknown errors. Preload the Kerberos "wrong principal" error code once for each mechanism OID used for Kerberos, so the entries get fixed positions (1-3) in the table. lib/gssapi/gss_libinit.c: Call the initializer and destructor functions. lib/gssapi/mechglue, lib/gssapi/spnego: Enter all mechanism-generated or locally-generated status codes into the mapping table, and return the table index to the application. Do the reverse in display_status, to get the messages from the mechanism.. lib/rpc: Define new function gssrpcint_printf to use for debugging instead of printf, to redirect output away from dejagnu; add a couple more debugging calls. Check for minor status codes 1-3 now instead of KRB5KRB_AP_WRONG_PRINC. tests/dejagnu/krb-standalone/gssftp.exp: Test getting more detailed error messages back, by having the ftp client attempt to authenticate to a non-existent service, and examining the error message for the service principal name. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19831 dc483132-0cff-0310-8789-dd5450dbe970
2007-07-12Avoid use of unchecked sprintf in libraries. Use asprintf if theKen Raeburn1-25/+30
output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
2007-06-26fix MITKRB5-SA-2007-004 [CVE-2007-2442/VU#356961, CVE-2007-2443/VU#365313]Tom Yu2-5/+8
CVE-2007-2442/VU#356961: The RPC library can free an uninitialized pointer. This may lead to execution of arbitrary code. CVE-2007-2443/VU#365313: The RPC library can write past the end of a stack buffer. This may (but is unlikely to) lead to execution of arbitrary code. ticket: new target_version: 1.6.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19636 dc483132-0cff-0310-8789-dd5450dbe970
2007-01-09MITKRB5-SA-2006-002: svctcp_destroy() can call uninitialized function pointerTom Yu1-0/+5
Explicitly null out xprt->xp_auth when AUTH_GSSAPI is being used, so that svctcp_destroy() will not call through an uninitialized function pointer after code in svc_auth_gssapi.c has destroyed expired state structures. We can't unconditionally null it because the RPCSEC_GSS implementation needs it to retrieve state. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19042 dc483132-0cff-0310-8789-dd5450dbe970
2006-11-02* svc_auth_gss.c (svcauth_gss_import_name): Unused function deletedKen Raeburn1-26/+0
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18758 dc483132-0cff-0310-8789-dd5450dbe970
2006-10-16Include time.h for time() prototypeEzra Peisach1-0/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18719 dc483132-0cff-0310-8789-dd5450dbe970
2006-10-15Remove all unused variable warnings from treeEzra Peisach1-1/+1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18712 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit v1.1 at 2024-09-08 05:58:37 +0000