Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: tags/KfM_6.0fc1
Commits on Feb 16, 2007
  1. Tagging for KfM 6.0fc1

    lxs authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/tags/KfM_6.0fc1@19166 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Feb 13, 2007
  1. ticket: 5349

    tlyu authored
    back-port k5-int.h change to krb5.hin
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19163 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 5349

    tlyu authored
    pull up r19159 from trunk
    
     r19159@cathode-dark-space:  tlyu | 2007-02-12 19:35:48 -0500
     ticket: 5349
     
     rename krb5_server_decrypt_ticket_keyblock() to
     krb5int_server_decrypt_ticket_keyblock()
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19162 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 5349

    tlyu authored
    pull up r19063 from trunk
    
     r19063@cathode-dark-space:  raeburn | 2007-01-16 18:29:46 -0500
     ticket: 5349
     
     Fix typo in checked-in version.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19161 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 5349

    tlyu authored
    pull up r19062 from trunk
    
     r19062@cathode-dark-space:  jaltman | 2007-01-15 23:18:02 -0500
     ticket: 5349
     tags: pullup
     
       This commit adds two new functions, krb5_server_decrypt_ticket_keyblock 
       (private) and krb5_server_decrypt_ticket_keytab (public).  These
       functions take a krb5_ticket as input and decrypt it using the provided
       key data.  The public function is useful for higher level application
       protocols such a TLS-KRB5 and AFS RX-KRB5 which exchange a service 
       but do not use the AP-REQ/AP-REP messages.  
     
       This commit also adds new functionality to kvno which permits kvno 
       when provided a keytab as input to verify whether or not the keytab
       contains a key that can successfully decrypt the obtains service ticket.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19160 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Feb 5, 2007
  1. ticket: 5420

    tlyu authored
    Delete krb5_get_init_creds_opt_set_pkinit, somehow missed in merges.
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19151 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 5420

    tlyu authored
    pull up r19085 from trunk
    
    This is needed to deal with changes to the def-check run required by
    the API changes.
    
     r19085@cathode-dark-space:  raeburn | 2007-01-20 07:13:15 -0500
     Handle function names immediately preceded by "*", like "*strdup"
     in k5-int.h+krb5.h.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19150 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 5420

    tlyu authored
    version_fixed: 1.6.1
    
    pull up r19131 from trunk
    
     r19131@cathode-dark-space:  tlyu | 2007-01-30 19:53:11 -0500
     ticket: 5420
     status: open
     
     Fix merge botches:
     
     restore krb5_get_init_creds_opt_set_change_password_prompt()
     
     undo accidental reversion of preauth_tryagain change to
     krb5_get_init_creds()
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19149 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 5420

    tlyu authored
    status: open
    
    pull up r19130 from trunk
    
     r19130@cathode-dark-space:  tlyu | 2007-01-30 19:52:59 -0500
     ticket: 5420
     status: open
     
     remove krb5_get_init_creds_opt_set_pkinit() for now
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19148 dc483132-0cff-0310-8789-dd5450dbe970
  5. krb5-1.6-postrelease

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19147 dc483132-0cff-0310-8789-dd5450dbe970
  6. ticket: 5420

    tlyu authored
    status: open
    
    pull up r19128 from trunk
    
     r19128@cathode-dark-space:  tlyu | 2007-01-30 16:40:20 -0500
     ticket: 5420
     status: open
     
     update def-check to look at preauth_plugin.h
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19146 dc483132-0cff-0310-8789-dd5450dbe970
  7. ticket: 5420

    tlyu authored
    status: open
    
    pull up r19127 from trunk
    
     r19127@cathode-dark-space:  tlyu | 2007-01-30 16:38:47 -0500
     ticket: new
     status: open
     subject: get_init_creds_opt extensibility
     component: krb5-libs
     
      r18922@cathode-dark-space:  coffman | 2006-12-04 18:30:15 -0500
      First cut at making the get_init_creds_opt structure extendable
      and adding library functions to set options for preauthentication
      plugins.
      
      This does *not* include a compatibility function to work like
      Heimdal's krb5_get_init_creds_opt_set_pkinit() function.
      
      Hopefully, the test code that doesn't belong in kinit.c is
      obvious.
      
      
      r18929@cathode-dark-space:  coffman | 2006-12-07 10:01:20 -0500
      Remove extra "user_id" parameter.
      
      Add function which duplicates the Heimdal interface (if we can agree on
      what the matching attribute names should be).
      
      r18934@cathode-dark-space:  coffman | 2006-12-08 15:28:03 -0500
      Update to use the simplified interface for krb5_get_init_creds_opt_set_pa()
      
      Add code in kinit to process "-X" options as preauth options and pass
      them along.
      
      
      
      r18936@cathode-dark-space:  coffman | 2006-12-11 12:04:26 -0500
      Move prototypes for get_init_creds_opt_get_pa() and
      krb5_get_init_creds_opt_free_pa() into the
      preauth_plugin.h header rather than krb5.hin.
      
      
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19145 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 27, 2007
  1. ticket: 5410

    tlyu authored
    version_fixed: 1.6.1
    
    pull up r19104 from trunk
    
     r19104@cathode-dark-space:  jaltman | 2007-01-22 20:18:17 -0500
     ticket: new
     subject: kt_file.c memory leak on error in krb5_kt_resolve / krb5_kt_wresolve
     tags: pullup
     
     	The krb5_kt_resolve and krb5_kt_wresolve functions leak the 'data' 
     	memory allocation if the lock cannot be initialized.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19113 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 26, 2007
  1. ticket: 5393

    tlyu authored
    version_fixed: 1.6.1
    
    pull up r19070 from trunk
    
     r19070@cathode-dark-space:  jaltman | 2007-01-18 10:28:07 -0500
     ticket: 5393
     tags: pullup
     
     	In addition to setting the kpasswd port after
     	searching for kadmind host addresses we must also
     	set the socket type according to the request.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19112 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 24, 2007
  1. ticket: 5394

    tlyu authored
    version_fixed: 1.6.1
    
    pull up r19065 from trunk
    
     r19065@cathode-dark-space:  jaltman | 2007-01-18 06:35:33 -0500
     ticket: 5394
     tags: pullup
     
       	sendto_kdc.c: use of a variable index into a dynamically 
     	allocated array to determine the sizeof() an object makes
     	it unclear what type of object is involved.  It also requires
     	a runtime check instead of a compile time replacement.  
     	Not to mention that it could lead to the evaluation of an 
     	uninitialized variable as was done in this case.  Replace
     	sizeof(array index variable) with sizeof(type). 
     
     	memset() the correct data structure.  
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19111 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 20, 2007
  1. ticket: 5233

    tlyu authored
    version_fixed: 1.6.1
    
    pull up r19022 from trunk
    
     r19022@cathode-dark-space:  epeisach | 2006-12-30 01:09:25 -0500
     ticket: 5233
     tags: pullup
     
     If gss_krb5int_unseal_token_v3() unwraps a message of length 0 - free
     memory and return in message_buffer a NULL pointer for value.  This
     is consistant with gss_release_buffer in the mechglue implementation in which
     memory is only freed if the buffer length != 0.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19074 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 5238

    tlyu authored
    version_fixed: 1.6.1
    
    pull up r19021 from trunk
    
     r19021@cathode-dark-space:  epeisach | 2006-12-30 01:05:12 -0500
     subject: memory leak if defective header present in gss_krb5int_unseal_token_v3
     ticket: new
     tags: pullup
     
     If after unsealing the message, the TOK_ID is not 05 04, free memory 
     before returning a defective token error.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19073 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 18, 2007
  1. ticket: 5403

    lxs authored
    Pullup from trunk.
    
       r19071 | lxs | 2007-01-18 18:24:13 -0500 (Thu, 18 Jan 2007) | 6 lines
    
       ticket: 5403
    
       Added KDC timesyncing support to the CCAPI ccache backend for CCAPI v5 
       and later.  v5 is the first version of the CCAPI to support the kdc 
       timesyncing API.
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19072 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 9, 2007
  1. fix typo

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19047 dc483132-0cff-0310-8789-dd5450dbe970
  2. README and patchlevel.h for krb5-1.6

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19046 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 5302

    tlyu authored
    version_fixed: 1.6
    
    pull up r19043 from trunk
    
     r19043@cathode-dark-space:  tlyu | 2007-01-09 14:45:25 -0500
     ticket: new
     target_version: 1.6
     tags: pullup
     subject: MITKRB5-SA-2006-003: mechglue argument handling too lax
     component: krb5-libs
     
     Fix mechglue argument checks so that output pointers are always
     initialized regardless of whether the other arguments fail to validate
     for some reason.  This avoids freeing of uninitialized pointers.
     
     Initialize the gss_buffer_descs in ovsec_kadmd.c.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19045 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 5301

    tlyu authored
    version_fixed: 1.6
    
    pull up r19042 from trunk
    
     r19042@cathode-dark-space:  tlyu | 2007-01-09 14:45:10 -0500
     ticket: new
     target_version: 1.6
     tags: pullup
     subject: MITKRB5-SA-2006-002: svctcp_destroy() can call uninitialized function pointer
     component: krb5-libs
     
     Explicitly null out xprt->xp_auth when AUTH_GSSAPI is being used, so
     that svctcp_destroy() will not call through an uninitialized function
     pointer after code in svc_auth_gssapi.c has destroyed expired state
     structures.  We can't unconditionally null it because the RPCSEC_GSS
     implementation needs it to retrieve state.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19044 dc483132-0cff-0310-8789-dd5450dbe970
  5. ticket: 5279

    tlyu authored
    version_fixed: 1.6
    
    pull up r19036 from trunk
    
     r19036@cathode-dark-space:  rra | 2007-01-05 16:42:38 -0500
     Ticket: 5279
     Subject: Document what the kadmind ACL is for
     Component: krb5-doc
     Version_Reported: 1.5.1
     Target_Version: 1.6
     Tags: pullup
     
     Add a sentence documenting the purpose of the kadmind ACL to the node
     explaining how to create it.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19041 dc483132-0cff-0310-8789-dd5450dbe970
  6. ticket: 5271

    tlyu authored
    version_fixed: 1.6
    
    pull up r19035 from trunk
    
     r19035@cathode-dark-space:  rra | 2007-01-04 17:32:41 -0500
     ticket: new
     Subject: Document KDC behavior without stash file
     Component: krb5-doc
     Version_Reported: 1.5.1
     Target_Version: 1.6
     Tags: pullup
     
     After the discussion of the optional stash file, document the effects of
     not creating a stash file.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19040 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 4, 2007
  1. ticket: 5260

    tlyu authored
    version_fixed: 1.6
    
    pull up r19031 from trunk
    
     r19031@cathode-dark-space:  raeburn | 2007-01-03 18:54:25 -0500
     ticket: 5260
     
     * ldap_principal.c (attributes_set): Swap first two elements.
     
     Also add comments indicating that this array and the KDB_*_ATTR macros
     need to be in sync.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19034 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 5265

    tlyu authored
    version_fixed: 1.6
    
    pull up r19030 from trunk
    
     r19030@cathode-dark-space:  raeburn | 2007-01-03 18:15:55 -0500
     ticket: new
     subject: update ldap/Makefile.in for newer autoconf substitution requirements
     target_version: 1.6
     tags: pullup
     
     The other makefile.in files have had the makefile-fragment
     substitution lines updated to not have "#" at the front, because some
     recent versions of autoconf require that the @-pattern start at the
     beginning of the line.  We missed plugins/kdb/ldap/Makefile.in at the
     time.
     
     Patch from Michael Calmer.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19033 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 3906

    tlyu authored
    version_fixed: 1.6
    
    pull up r19029 from trunk
    
     r19029@cathode-dark-space:  raeburn | 2007-01-03 17:53:33 -0500
     ticket: 3906
     tags: pullup
     
     * Makefile.in (install): Install kdb5_ldap_util.M.  Based on patch from
     Michael Calmer.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19032 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 3, 2007
  1. ticket: 5245

    tlyu authored
    version_fixed: 1.6
    
    pull up r19023 from trunk
    
     r19023@cathode-dark-space:  jaltman | 2006-12-31 11:24:54 -0500
     ticket: new
     subject: Repair broken links in NetIdMgr Help 
     tags: pullup
     
     
       A small number of links contained the wrong root directory.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19028 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 5223

    tlyu authored
    version_fixed: 1.6
    
    pull up r19020 from trunk
    
     r19020@cathode-dark-space:  rra | 2006-12-28 13:05:28 -0500
     Ticket: new
     Subject: Fix typo in user-guide.texinfo
     Component: krb5-doc
     Version_Reported: 1.4.4
     Target_Version: 1.6
     Tags: pullup
     
     Typo fix (network instead of netword).  Thanks, Matt Zagrabelny.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19027 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Dec 22, 2006
  1. krb5-1.6-beta2-postrelease

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19015 dc483132-0cff-0310-8789-dd5450dbe970
  2. patchlevel.h for krb5-1.6-beta2

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19013 dc483132-0cff-0310-8789-dd5450dbe970
  3. update for krb5-1.6-beta2

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19012 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 4453

    tlyu authored
    version_fixed: 1.6
    
    pull up r19009 from trunk
    
     r19009@cathode-dark-space:  raeburn | 2006-12-21 20:26:59 -0500
     ticket: 4453
     target_version: 1.6
     tags: pullup
     
     Some related changes were already in, and I found a couple more to make:
     
     * ldap_realm.c (ldap_filter_correct): Change string argument to char *.  Delete
     length argument, which was always strlen of the string argument, and compute
     it locally, using size_t instead of (unsigned) int for length-related values.
     Update all calls.
     
     * ldap_realm.h (ldap_filter_correct): Updated declaration.
     
     * ldap_misc.c (remove_overlapping_subtrees): Add forward declaration.  Make
     static.
     (is_principal_in_realm): Change local variable defrealmlen to size_t.
     (store_tl_data): Change local variable curr to point to unsigned char, since
     that's what the tl_data_contents array is declared as, and what the STORE16_INT
     macro is happier with.
     (krb5_ldap_get_reference_count): Make local variable i unsigned.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19010 dc483132-0cff-0310-8789-dd5450dbe970
  5. ticket: 5123

    tlyu authored
    pull up r19007 from trunk
    
     r19007@cathode-dark-space:  tlyu | 2006-12-21 20:19:55 -0500
     ticket: 5123
     
     	* src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): Fix
     	ordering bug in previous patch.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19008 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Dec 21, 2006
  1. ticket: 5123

    tlyu authored
    version_fixed: 1.6
    
    pull up r18976 from trunk
    
     r18976@cathode-dark-space:  tlyu | 2006-12-18 23:16:22 -0500
     ticket: new
     status: open
     target_version: 1.6
     subject: don't pass null pointer to krb5_do_preauth_tryagain()
     
     	* src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): If
     	the error isn't PREAUTH_NEEDED and preauth_to_use is null, return
     	the error in err_reply, rather than attempting to pass a null
     	pointer to krb5_do_preauth_tryagain().
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19006 dc483132-0cff-0310-8789-dd5450dbe970
Something went wrong with that request. Please try again.