Tom Yu [Fri, 13 Jun 2003 22:30:59 +0000 (22:30 +0000)]
* server_kdb.c (kdb_init_hist): Force history principal's key to
be of the same enctype as the master key, as searches for it later
on explicitly specify the enctype.
ticket: 964
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15621
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 13 Jun 2003 21:45:30 +0000 (21:45 +0000)]
krb5_rd_rep leaks subkeys
* rd_rep.c (krb5_rd_rep): Free subkeys before replacing them, if
needed. This avoids a memory leak.
ticket: new
target_version: 1.3
component: krb5-libs
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15620
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 13 Jun 2003 21:43:07 +0000 (21:43 +0000)]
libgss leaks, UMRs
* init_sec_context.c (krb5_gss_init_sec_context): Free
default_enctypes to avoid leaking returned value from
krb5_get_tgs_ktypes.
* k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if
token.length == 0, to avoid spurious uninitialized memory
references when calling memcpy() with a zero length.
ticket: new
target_version: 1.3
tags: pullup
component: krb5-libs
cc: Kent_Wu@trendmicro.com
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15619
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 13 Jun 2003 05:17:41 +0000 (05:17 +0000)]
make_ap_req_v1 leaks memory
* init_sec_context.c (make_ap_req_v1): Free checksum_data if
needed, to avoid leaking memory. Found by Kent Wu.
ticket: new
target_version: 1.3
tags: pullup
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15618
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 12 Jun 2003 21:48:52 +0000 (21:48 +0000)]
* krb5.hin: krb524_init_ets() takes one argument
* krb524.c (krb524_convert_creds_kdc, krb524_init_ets): Mark as
KRB5_CALLCONV_WRONG.
(krb524_init_ets): Takes a krb5_context.
ticket: 1596
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15615
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 12 Jun 2003 21:15:52 +0000 (21:15 +0000)]
* error_table.h, et_c.awk, et_c.pl, et_h.awk, et_c.awk: Removed Mac OS support because it prevents darwin builds from getting com error strings via the initialize_*_error_table function
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15613
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 12 Jun 2003 19:51:38 +0000 (19:51 +0000)]
Removed Mac OS 9 support because it prevents darwin builds from getting com error strings via the initialize_*_error_table function
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15612
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 11 Jun 2003 21:19:43 +0000 (21:19 +0000)]
Darwin libkrb4/err_txt.o needs dependency on krb_err.c
* Makefile.in (KRB_ERR_C): New variable; Darwin needs err_txt.o to
have a dependency on krb_err.c so that krb_err.c will be generated
first.
* configure.in: Set KRB_ERR_C to krb_err.c on Darwin.
ticket: new
target_version: 1.3
tags: pullup
component: krb5-build
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15610
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 11 Jun 2003 20:32:22 +0000 (20:32 +0000)]
Don't escape rcache filename characters with backslash
* srv_rcache.c (krb5_get_server_rcache): Octal escapes begin with
hyphen now, since backslash is a pathname separator on DOS.
ticket: new
target_version: 1.3
component: krb5-libs
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15609
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 9 Jun 2003 22:40:08 +0000 (22:40 +0000)]
update for krb5-1.3-beta3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15605
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 9 Jun 2003 20:36:17 +0000 (20:36 +0000)]
oops, fix up ChangeLog attribution
ticket: 1568
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15601
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 9 Jun 2003 20:31:56 +0000 (20:31 +0000)]
* krb524.c: Fix copyright notice
ticket: 1568
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15600
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 9 Jun 2003 19:19:46 +0000 (19:19 +0000)]
fix bug: would return krb.conf entries plus dns info
* RealmsConfig-glue.c (krb_get_krbhst): Don't fall back to DNS if entries were
found in krb.conf, and just not enough to fill the request.
ticket: 1550
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15599
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 7 Jun 2003 00:45:41 +0000 (00:45 +0000)]
Checkpoint some working code.
A better solution is in the works, but may or may not make the deadline for
the next beta...
* RealmsConfig-glue.c: Include k5-int.h.
(dnscache): New variable.
(DNS_CACHE_TIMEOUT): New macro.
(krb_get_krbhst) [KRB5_DNS_LOOKUP]: If no krb.conf info is found, try DNS SRV
records for "kerberos-iv". Cache results in case they're immediately requested
again.
ticket: 1550
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15598
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 6 Jun 2003 23:07:55 +0000 (23:07 +0000)]
* locate_kdc.c (struct srv_dns_entry): Moved to k5-int.h.
(krb5int_make_srv_query_realm): Renamed from make_srv_query_realm.
(krb5int_free_srv_dns_data): New function.
(krb5_locate_srv_dns_1): Use it.
* accessor.c (krb5int_accessor): Fill in make_srv_query_realm and
free_srv_dns_data fields.
ticket: 1550
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15596
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 6 Jun 2003 22:48:34 +0000 (22:48 +0000)]
Export hooks for looking up SRV records, so we can avoid duplicating the code
* k5-int.h (struct srv_dns_entry): Declare.
(krb5int_make_srv_query_realm, krb5int_free_srv_dns_data): Declare.
(struct _krb5int_access): Add make_srv_query_realm and free_srv_dns_data fields.
ticket: 1550
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15595
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 6 Jun 2003 19:30:40 +0000 (19:30 +0000)]
Don't allow renewable_ok to be set if the renew liftime is greater
than the ticket lifetime.
Ticket: 1576
Tags: pullup
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15590
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 6 Jun 2003 14:44:33 +0000 (14:44 +0000)]
* g_cnffile.c (krb__get_srvtabname): Make retname be a static
array rather than a static pointer, to avoid callers' possible
retention of free()d pointers. Yes, this may cause difficulty
with making this function thread-safe.
ticket: 1563
target_version: 1.3
version_fixed: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15589
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 6 Jun 2003 14:34:17 +0000 (14:34 +0000)]
--localstatedir=/var/db for KfM builds
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15586
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 6 Jun 2003 06:06:01 +0000 (06:06 +0000)]
Static function krb5_generate_authenticator should take unsigned sequence number argument
* mk_req_ext.c (krb5_generate_authenticator): Sequence numbers are
unsigned now.
Ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15585
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 5 Jun 2003 23:43:30 +0000 (23:43 +0000)]
be more flexible in handling failures getting root access in test suite
* default.exp (setup_root_shell): Check for "not authorized". Map eof to
unsupported.
ticket: new
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15582
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 5 Jun 2003 23:17:23 +0000 (23:17 +0000)]
Use fork not vfork in ftp
Ticket: 1547
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15581
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 5 Jun 2003 22:01:16 +0000 (22:01 +0000)]
pullup of changes previously committed to branch first
ticket: 1568
version_fixed: 1.3
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15578
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 5 Jun 2003 21:39:59 +0000 (21:39 +0000)]
document team procedures
* procedures.txt: New file. Draft of current procedures.
Currently mostly contains a few email messages from Sam. More
clarification should follow later.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15577
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 5 Jun 2003 20:14:11 +0000 (20:14 +0000)]
If krb5_c_string_to_key is
called with an afs3 salt length for a non-DES enctype, return
KRB5_CRYPTO_INTERNAL.
Ticket: 1521
Status: open
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15576
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 5 Jun 2003 20:12:27 +0000 (20:12 +0000)]
remove debugging printf accidentally left in krb524init
* k524init.c (main): Remove debugging printf.
ticket: new
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15575
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 5 Jun 2003 20:05:37 +0000 (20:05 +0000)]
* locate_kdc.c (make_srv_query_realm): Punt if strdup fails. Always return
what data we can, even if memory allocation or other problems prevent us from
returning more.
(krb5_locate_srv_dns_1): Always return what data we can. Fix memory leak.
Free up temporary storage as quickly as possible, while building up address
list to return.
ticket: 1549
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15574
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 5 Jun 2003 00:20:28 +0000 (00:20 +0000)]
* password_to_key.c (mit_passwd_to_key, afs_passwd_to_key): Delete
spurious space from prompt.
ticket: 1560
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15569
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 4 Jun 2003 15:22:52 +0000 (15:22 +0000)]
* default.exp (setup_root_shell): Don't try to use the procedure
"-" when handling error messages from rlogin.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15563
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 4 Jun 2003 04:19:04 +0000 (04:19 +0000)]
* Makefile.in (kdb_check): Remove uses of "dump -old", etc., since
it doesn't work anymore given the new default for triple-DES
master keys.
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15562
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 4 Jun 2003 03:06:29 +0000 (03:06 +0000)]
Put krb5int_locate_server back in the accessor "export" list
ticket: 1549
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15561
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 4 Jun 2003 02:57:11 +0000 (02:57 +0000)]
Handle SRV RR target of "." by returning a new error code.
May have memory leaks -- needs checking before pullup.
* locate_kdc.c (struct srv_dns_entry): Move to top level.
(make_srv_query_realm): Separate from krb5_locate_srv_dns_1; just do query and
return results.
(krb5_locate_srv_dns_1): Call it, and build addlist entries. Check for one RR
with a target of ".", and return an error.
(krb5_locate_srv_dns): Deleted.
ticket: 1549
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15560
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 4 Jun 2003 02:55:47 +0000 (02:55 +0000)]
* t_locate_kdc.c (main): Call krb5_locate_srv_dns_1
ticket: 1549
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15559
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 4 Jun 2003 02:43:46 +0000 (02:43 +0000)]
* locate_kdc.c (get_port): Revert last change
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15558
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 4 Jun 2003 02:40:26 +0000 (02:40 +0000)]
* changepw.c (krb5_locate_kpasswd): Check specifically for certain errors
before using fallback heuristics.
ticket: 1549
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15557
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 4 Jun 2003 02:38:41 +0000 (02:38 +0000)]
* krb5_err.et (KRB5_ERR_NO_SERVICE): New error code
ticket: 1549
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15556
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 3 Jun 2003 23:27:01 +0000 (23:27 +0000)]
* default.exp (start_kerberos_daemons): "cannont" => "cannot"
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15555
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 3 Jun 2003 23:21:17 +0000 (23:21 +0000)]
* locate_kdc.c (get_port): Replace function with macro
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15554
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 3 Jun 2003 22:55:52 +0000 (22:55 +0000)]
* RealmsConfig-glue.c (get_krbhst_default): Deleted.
(krb_get_krbhst): Don't call it.
ticket: 1551
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15553
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 3 Jun 2003 21:45:03 +0000 (21:45 +0000)]
Yet more double colon password prompts
More places in the code with password prompts needing fixing to not
include colon.
Ticket: new
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15552
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 3 Jun 2003 21:36:00 +0000 (21:36 +0000)]
Save a copy of the ciphertext from the kdc rather than trying to
decrypt the already decrypted text each time through the loop.
Ticket: 1554
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15551
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 3 Jun 2003 17:46:20 +0000 (17:46 +0000)]
Moved krb524_convert_creds_kdc into libkrb5 and krb5.h. Also export new krb5_524_convert_creds
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15549
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 3 Jun 2003 17:27:30 +0000 (17:27 +0000)]
* init_os_ctx.c: Included header to get __KLAllowHomeDirectoryAccess()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15547
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 3 Jun 2003 12:50:59 +0000 (12:50 +0000)]
* default.exp (setup_root_shell): Handle error messages indicating "-x" isn't
supported.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15545
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 3 Jun 2003 04:32:41 +0000 (04:32 +0000)]
Drop default_kdc_enctypes and all related code
ticket: 1553
target_version: 1.3
status: open
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15544
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 3 Jun 2003 03:18:41 +0000 (03:18 +0000)]
* change_password.c (krb_change_password): Explicitly zero the
session key. Zero the key derived from the new password.
* mk_req.c (krb_mk_req): Explicitly zero the session key.
(krb_mk_req_creds_prealm): Don't zero the session key, in case the
caller wants to make use of it.
ticket: 1546
status: open
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15543
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 2 Jun 2003 05:49:05 +0000 (05:49 +0000)]
* api.2/init-v2.exp (test117): Update lifetime expected for new defaults
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15542
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 1 Jun 2003 20:24:02 +0000 (20:24 +0000)]
* default.exp: Default RLOGIN_FLAGS to "-x".
(start_kerberos_daemons): Watch for "Cannot bind server socket" and log it.
Watch for "no sockets set up" and report an error.
(setup_root_shell): Watch for "Cannot assign requested address", log it and
give up.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15541
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 31 May 2003 04:06:02 +0000 (04:06 +0000)]
More visible notes on incompleteness of AES support.
Note master key type change.
Note default lifetime changes.
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15540
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 31 May 2003 03:56:54 +0000 (03:56 +0000)]
* alt_prof.c (kadm5_get_config_params): Change default max_life to one day
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15539
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 31 May 2003 03:35:42 +0000 (03:35 +0000)]
* kdc.conf: Delete supported and master key type specs
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15538
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 31 May 2003 03:34:24 +0000 (03:34 +0000)]
* krb5.conf: Delete commented-out enctype specs
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15537
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 31 May 2003 03:33:22 +0000 (03:33 +0000)]
* krb5.conf: Delete Athena KDC specifications. Delete Cygnus realm info.
Replace CLUB.CC.CMU.EDU info with ANDREW.CMU.EDU, which has SRV records and
thus doesn't need KDC specs. Provide a commented-out example of a [logging]
spec.
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15536
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 31 May 2003 03:29:59 +0000 (03:29 +0000)]
* krb5.conf.M: Remove "kdc =" lines from "realms" section example, and
recommend not using it unless DNS info isn't available.
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15535
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:58:13 +0000 (23:58 +0000)]
* definitions.texinfo (DefaultTktLifetime): Updated for code changes
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15534
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:56:57 +0000 (23:56 +0000)]
* get_in_tkt.c (krb5_get_init_creds): Change hardcoded default ticket lifetime
from 10 hours to 24 hours.
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15533
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:53:16 +0000 (23:53 +0000)]
* main.c (init_realm): Use KRB5_KDB_MAX_RLIFE, not KRB5_KDB_MAX_LIFE, as
default for realm's max renewable lifetime.
(KRB5_KDB_MAX_RLIFE is currently one week)
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15532
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:41:08 +0000 (23:41 +0000)]
* definitions.texinfo (DefaultCcacheType, DefaultKDCTimesync,
DefaultMasterKeyType): Updated for code changes.
(DefaultCcacheTypeMac, DefaultKDCTimesyncMac): Deleted.
* admin.texinfo (libdefaults): Update kdc_timesync and ccache_type descriptions
to not separate Mac case.
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15531
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:39:19 +0000 (23:39 +0000)]
* definitions.texinfo (DefaultCcacheType, DefaultKDCTimesync,
DefaultTktLifetime, DefaultMasterKeyType): Updated for code changes.
(DefaultCcacheTypeMac, DefaultKDCTimesyncMac): Deleted.
* admin.texinfo (libdefaults): Update kdc_timesync and ccache_type descriptions
to not separate Mac case.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15530
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:36:00 +0000 (23:36 +0000)]
* init_ctx.c (DEFAULT_KDC_TIMESYNC): Define as 1 always.
(DEFAULT_CCACHE_TYPE): Define as 4 always.
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15529
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:35:00 +0000 (23:35 +0000)]
* osconf.h (DEFAULT_KDC_ENCTYPE): Default to des3 now
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15528
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 23:31:40 +0000 (23:31 +0000)]
update kinit krb4 fallback lifetime default
* kinit.c (KRB4_BACKUP_DEFAULT_LIFE_SECS): Update to one day.
ticket: 1190
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15527
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 30 May 2003 20:01:31 +0000 (20:01 +0000)]
Document that we support AES and the constraints on that support
Ticket: 1535
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15526
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 30 May 2003 18:55:28 +0000 (18:55 +0000)]
* get_in_tkt.c: (verify_as_reply) Only check the renewable lifetime of tickets whose request options included KDC_OPT_RENEWABLE_OK if those options did not also include KDC_OPT_RENEWABLE. Otherwise verify_as_reply() will fail for all renewable tickets
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15524
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 May 2003 01:50:38 +0000 (01:50 +0000)]
update path for kdc.conf in man page
The man page puts kdc.conf in lib/krb5kdc, but it should be var/krb5kdc.
(It's also hardcoded as being in /usr/local, but that's another bug...)
* kdc.conf.M (FILES): Refer to correct location for kdc.conf in the default
installation path.
ticket: new
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15523
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 29 May 2003 16:42:31 +0000 (16:42 +0000)]
krb524d.h: removed invalid Mac pragmas [RT 1533]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15520
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 28 May 2003 04:07:45 +0000 (04:07 +0000)]
update for krb5-1.3-beta2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15516
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 28 May 2003 02:16:30 +0000 (02:16 +0000)]
Rename interface to krb5_524_convert_creds, export it from krb5 library.
Provide old names as functions for UNIX/MacOS binary compatibility, and
deprecated macros for source code compatibility. (For Windows, we'll still
need a krb524.dll, and it can worry about providing the old names.) Enable
support on Windows always.
ticket: 1491
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15513
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 27 May 2003 23:20:25 +0000 (23:20 +0000)]
Docs for admin keytab changes... only this one change need pullup
* admin.texinfo (realms (kdc.conf)): Update to reflect that
kadm5.keytab is only used by legacy admin daemons.
* install.texinfo (Create a kadmind Keytab (optional)): Update to
reflect that kadm5.keytab is only used by legacy admin daemons.
ticket: 1372
version_fixed: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15510
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 27 May 2003 22:20:41 +0000 (22:20 +0000)]
* build.texinfo (HPUX): Make HPUX compiler flags simpler
ticket: 1520
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15508
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 27 May 2003 21:15:19 +0000 (21:15 +0000)]
* schpw.c (process_chpw_request): Log chpw requests
ticket: 1519
tags: pullup
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15502
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 27 May 2003 20:57:03 +0000 (20:57 +0000)]
* win-pre.in (CPPFLAGS): Define KRB5_DEPRECATED=1
ticket: 1528
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15500
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 27 May 2003 20:02:50 +0000 (20:02 +0000)]
Avoid memory leak of server and client principal in
krb5_get_in_tkt_with{_password,_keytab}
Ticket: 1525
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15498
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 27 May 2003 16:40:55 +0000 (16:40 +0000)]
* Makefile.in (KRBHDEP): Add krb524_err header
ticket: 1491
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15497
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 27 May 2003 16:32:09 +0000 (16:32 +0000)]
* Makefile.in (clean-windows): Remove new "timestamp" file when
cleaning up.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15496
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 25 May 2003 12:01:27 +0000 (12:01 +0000)]
* krb5.hin: Sequence number of krb5_replay_data should be unsigned
ticket: 1262
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15493
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 25 May 2003 11:54:03 +0000 (11:54 +0000)]
Missing prototype for krb5_db_iterate_ext
* kdb.h: Add prototype for krb5_db_iterate_ext.
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15492
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 24 May 2003 04:51:38 +0000 (04:51 +0000)]
Big step towards integrating libkrb524 into libkrb5:
Move libkrb524 code, including error table, into libkrb5. Now libkrb5
initialization pulls in the krb524 error table, so krb524_init_ets is
gone; all calls deleted.
Move krb4 life/time conversion functions into libkrb5 under new names,
using accessor hooks to get at them from libkrb4.
Move declarations from krb524.h into krb5.h, k5-int.h, or krb524d.h;
the last doesn't get copied into the include directory. Changed
inclusions of krb524.h to the appropriate files, if any were needed.
Rebuilt dependencies in Makefiles.
These changes are likely to break the Windows build; I'll look into
that soon.
ticket: 1491
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15491
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 24 May 2003 01:33:03 +0000 (01:33 +0000)]
make-depend updates
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15490
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sat, 24 May 2003 01:03:30 +0000 (01:03 +0000)]
When generating etype_info2 for DES style keys, use s2kparams to
communicate the type if the key has afs3 salt.
If such s2kparams are received by the client, use the afs string2key
function to process the key.
Ticket: 1512
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15489
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sat, 24 May 2003 00:59:25 +0000 (00:59 +0000)]
Populate etype_info_entry.s2kparams.data
The ASN.1 decoder for etype_info_entry accidentally throws away the
pointer to s2kparams data. Don't Correctly store the pointer.
Ticket: new
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15488
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 23 May 2003 23:55:12 +0000 (23:55 +0000)]
update descriptions of OS-specific configure options
* build.texinfo (HPUX, Solaris 2.X, Ultrix 4.2/3 [notdef]): Replace
descriptions of old --with- options with VAR=.
(Solaris 2.X): Suggest that defining _XOPEN_SOURCE and __EXTENSIONS__ might
help for 64-bit mode.
ticket: new
target_version: 1.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15487
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 23 May 2003 23:01:45 +0000 (23:01 +0000)]
* admin.texinfo (appdefaults): Clarify afs_krb5 slightly
ticket: 1192
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15486
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 23 May 2003 16:41:43 +0000 (16:41 +0000)]
use kdc_default_options
The documentation and context initialization supports an option called
kdc_default_options which is an integer that sets the default KDC
request flags. Make the code actually use the option.
Ticket: new
Component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15485
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 23 May 2003 16:33:58 +0000 (16:33 +0000)]
Document afs_krb5 appdefaults section
Ticket: 1192
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15484
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 23 May 2003 06:55:39 +0000 (06:55 +0000)]
Memory leak in kdc etype_info2 preauth
* kdc_preauth.c (return_etype_info2): After encoding the
etype_info2 and copying the pointers to the pa_data, free the
krb5_data pointer.
Ticket: new
Target_Version: 1.3
Tags: pickup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15483
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 23 May 2003 04:07:00 +0000 (04:07 +0000)]
* gen_seqnum.c (krb5_generate_seq_number): Fix think-o on sequence
number mask.
ticket: 1262
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15480
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 23 May 2003 03:37:59 +0000 (03:37 +0000)]
Implement heuristic for matching broken Heimdal sequence number encodings
ticket: 1263
target_version: 1.3
tags: pullup
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15479
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 22 May 2003 23:13:49 +0000 (23:13 +0000)]
* kt_file.c (krb5_ktfile_get_entry): Check principal name prior to
checking enctype. Suggested by Wyllys Ingersoll.
ticket: 1229
status: open
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15470
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 22 May 2003 22:25:03 +0000 (22:25 +0000)]
Default KRB5_DEPRECATED to 0, but force it to 1 for in-tree stuff
ticket: 1483
tags: pullup
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15469
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 22 May 2003 20:28:21 +0000 (20:28 +0000)]
Log transited checkd not done as info not error
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15468
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 22 May 2003 20:26:59 +0000 (20:26 +0000)]
Provide an explicit list of options not to be allowed in AS requests
rather than disallowing all unknown options.
Ticket: 1202
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15467
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 22 May 2003 17:31:57 +0000 (17:31 +0000)]
Cross realm checks can check beyond end of buffer
* keytab.c (is_xrealm_tgt): Use strncmp instead of strcmp - as
principal and realm name do not need to be null terminated.
ticket: new
tags: pullup
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15466
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 22 May 2003 17:09:52 +0000 (17:09 +0000)]
krb5int_populate_gic_opt should return void
Since none of the functions it calls can return an error, this should
return void.
Ticket: new
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15465
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 22 May 2003 15:46:27 +0000 (15:46 +0000)]
* kdb5_mkdums.c (main): When attempting to register writable
keytab, do not fail if error is KRB5_KT_TYPE_EXISTS.
Ticket: 1501
Target_Version: 1.3
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15464
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 21 May 2003 23:55:58 +0000 (23:55 +0000)]
Set length correctly in krb5_get_in_tkt_with_password if password is
actually passed in. Also, fix test suite to be more lenient about
password prompts, which changed under the previous patches for this
ticket.
ticket: 1480
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15463
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 20 May 2003 22:29:57 +0000 (22:29 +0000)]
krb5_get_in_tkt now only supports old (non-etype-info2) enctypes
Ticket: 1480
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15462
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 20 May 2003 21:22:48 +0000 (21:22 +0000)]
Implement krb5_get_in_tkt_with_password and
krb5_get_in_tkt_with_keytab in terms of krb5_get_init_creds.
It turns out that these do in fact need to use get_init_creds not
get_init_creds_{password,keytab} because of those functions do not
allow the AS request to be returned.
Ticket: 1480
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15461
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 20 May 2003 14:34:53 +0000 (14:34 +0000)]
* asn1_k_encode.c (asn1_encode_krb_safe_body): Use
asn1_encode_unsigned_integer for sequence number.
* asn1_k_decode.c (asn1_decode_krb_safe_body): Use
asn1_decode_seqnum to decode sequence number.
ticket: 1262
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15460
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 19 May 2003 17:34:41 +0000 (17:34 +0000)]
Register writable keytabs by default
We have a customer requirement to support writable keytabs using the
public API in 1.3 Discussion on krbcore indicates there is no good
reason why these are not registered by default. So, they are now
registered by default.
Also adjust other code in the tree not to try and register them.
Ticket: new
Target_Version: 1.3
Component: krb5-libs
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15459
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / log