Greg Hudson [Mon, 28 Sep 2009 01:47:32 +0000 (01:47 +0000)]
Fix a few problems introduced by r22787
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22790
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Sep 2009 16:57:22 +0000 (16:57 +0000)]
Add keytab_local.c to the kadmin client SRCS variable, so that we
generate dependencies for its object file. This change causes
kadmin.local to be properly rebuilt when keytab.c changes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22789
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Sep 2009 16:31:40 +0000 (16:31 +0000)]
Fix a few bugs in kadmin's keytab.c from r22785
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22788
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Sep 2009 15:20:19 +0000 (15:20 +0000)]
Clean up krb5_get_credentials:
* Use the current coding practice for output parameters.
* Rename the helper function krb5_get_credentials_core to
krb5int_construct_matching_creds and document it.
* Don't fail out if we fail to cache intermediate tgts.
* Simplify conditional logic and variable handling. ncreds is now
always a temporary holder for the resulting credentials.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22787
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 25 Sep 2009 15:12:27 +0000 (15:12 +0000)]
Crypto modularity proj: Updated IOV crypto
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22786
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Sep 2009 16:48:57 +0000 (16:48 +0000)]
Update the kadmin client code to most current coding practices
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22785
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Sep 2009 15:40:26 +0000 (15:40 +0000)]
Fix kadm5 unit test modified in r22782
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22784
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 22 Sep 2009 16:46:06 +0000 (16:46 +0000)]
Fix a braino in r22782: we don't use strcpy even safely; use strlcpy
instead.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22783
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 21 Sep 2009 18:40:02 +0000 (18:40 +0000)]
Improve the mechanism used for addprinc -randkey. In the kadmin
server, if the password is null when creating a principal, treat that
as a request for a random key. In the kadmin client, try using the
new method for random key creation and then fall back to the old one.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22782
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 21 Sep 2009 16:11:26 +0000 (16:11 +0000)]
Fix addprinc -randkey when policy requires multiple character classes
The fix for ticket #6074 (r20650) caused a partial regression of
ticket #115 (r9210) because the dummy password contained only one
character class. As a minimal 1.7 fix, use all five character classes
in the dummy password.
ticket: 6568
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22781
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 21 Sep 2009 15:53:47 +0000 (15:53 +0000)]
Fix a few bugs in r22736. Cherry-picked from Luke's authdata branch
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22780
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 20 Sep 2009 22:23:52 +0000 (22:23 +0000)]
Clean up warnings of unused variables that have crept into the source tree..
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22779
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 18 Sep 2009 19:10:48 +0000 (19:10 +0000)]
Use enc_provider for des hash routines. Also needed by Crypto modularity proj
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22778
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Sep 2009 22:58:01 +0000 (22:58 +0000)]
Remove krb5_decode_leak test program on "make clean"
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22777
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Sep 2009 22:54:59 +0000 (22:54 +0000)]
Remove autoconf.h on "make distclean".
Check for the presence of a build in the src tree for "make depend".
Suggest "make distclean" when "make depend" detects a build in the
src tree or an attempt to make depend in the src tree.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22776
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Sep 2009 20:51:50 +0000 (20:51 +0000)]
Re-run make depend without autoconf.h in the source tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Sep 2009 20:51:17 +0000 (20:51 +0000)]
Create DB headers before recursing for "make depend" in
plugins/kdb/db2/libdb2, to restore the r22486 functionality ("make
depend" in an unbuilt source tree) after r22572 (predictable "make
depend" output for DB headers).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22774
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 16 Sep 2009 17:58:58 +0000 (17:58 +0000)]
Fix return value of krb5int_des_make_key from rev 22769
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22770
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 16 Sep 2009 16:51:13 +0000 (16:51 +0000)]
Crypto modularity proj.: Move prf and random-to-key ops from backend to krb
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 15 Sep 2009 19:28:31 +0000 (19:28 +0000)]
Fix stupid logic bug in last version
ticket: 6565
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22766
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 15 Sep 2009 16:28:15 +0000 (16:28 +0000)]
Add t_unal.c to SRCS and generate dependencies..
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22765
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 15 Sep 2009 06:19:32 +0000 (06:19 +0000)]
Test byte ordering determination and unaligned access
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22762
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 15 Sep 2009 06:17:17 +0000 (06:17 +0000)]
Check __BIG_ENDIAN__ and __LITTLE_ENDIAN__ to determine endianness.
In fallback code, check ia64 platforms for hpux vs everything else;
HP-UX uses big-endian mode.
ticket: 6565
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22761
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 14 Sep 2009 02:03:28 +0000 (02:03 +0000)]
Initialize several variables - so that on error cleanup - we do not try to free
bogus memory.
The ticket is still open as the kproplog test is failing - but no coredump.
ticket: 6564
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22750
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Sep 2009 14:23:37 +0000 (14:23 +0000)]
Remove src/lib/crypto/krb/enc_provider, which was accidentally
resurrected in the S4U merge after being moved into the back-end
directories in r22707.
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22744
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Sep 2009 02:52:23 +0000 (02:52 +0000)]
Implement s4u extensions
Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self
and S4U2Proxy extensions.
ticket: 6563
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Sep 2009 22:28:42 +0000 (22:28 +0000)]
In the top-level configure.in, switch from dnl comments to # comments
as recommended by the autoconf documentation, for improved
readability.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22735
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Sep 2009 17:30:51 +0000 (17:30 +0000)]
Fix parsing of GSS exported names
Cherry-picked from Luke's authdata branch.
ticket: 6559
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22732
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Sep 2009 18:44:23 +0000 (18:44 +0000)]
In ksetpwd (a program we don't yet install), don't display the new
password to stderr. Cherry-picked from Luke's s4u branch since it's
an unrelated change.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22719
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Sep 2009 15:17:09 +0000 (15:17 +0000)]
Fix memory leak in gss_krb5int_copy_ccache
gss_krb5int_copy_ccache was iterating over credentials in a ccache
without freeing them.
ticket: 6558
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22718
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 3 Sep 2009 20:41:56 +0000 (20:41 +0000)]
Supply canonical name if present in LDAP iteration
In the presence of aliases, LDAP iteration was supplying the first
principal it found within the expected realm, which is not necessarily
the same as the canonical name. If the entry has a canonical name
field, use that in preference to any of the principal names.
ticket: 6557
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22710
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 3 Sep 2009 18:33:13 +0000 (18:33 +0000)]
Crypto modularity proj: OpemSSL crypto feed for hmac/md5/md4/sha1/rc4/des/des3(w/o iov)
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22709
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 3 Sep 2009 17:39:50 +0000 (17:39 +0000)]
Supply LDAP service principal aliases to non-referrals clients
In the LDAP back end, return aliases when the CLIENT_REFERRALS_ONLY
flag isn't set (abusing that flag to recognize a client name lookup).
Based on a patch from Luke Howard.
ticket: 6556
target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22708
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 2 Sep 2009 20:21:36 +0000 (20:21 +0000)]
Crypto modularity proj: Move enc_provider into builtin dir. Adjust builtin make system to handle new crypto implementations
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22707
dc483132-0cff-0310-8789-
dd5450dbe970
HaoQi Li [Mon, 31 Aug 2009 22:44:15 +0000 (22:44 +0000)]
ldap master key migration test's input files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22692
dc483132-0cff-0310-8789-
dd5450dbe970
HaoQi Li [Mon, 31 Aug 2009 22:42:08 +0000 (22:42 +0000)]
ldap master key migration stuff
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22691
dc483132-0cff-0310-8789-
dd5450dbe970
HaoQi Li [Mon, 31 Aug 2009 20:57:41 +0000 (20:57 +0000)]
This time I actually added the files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22688
dc483132-0cff-0310-8789-
dd5450dbe970
HaoQi Li [Mon, 31 Aug 2009 20:06:03 +0000 (20:06 +0000)]
Added Master Key Migration db2 backend stuff
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22687
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Aug 2009 21:36:28 +0000 (21:36 +0000)]
use perror instead of error in kadm5 test suite
Use "perror" instead of "error" to ensure that framework error
conditions actually cause "make check" to report failure.
ticket: 6553
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22648
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 28 Aug 2009 21:22:10 +0000 (21:22 +0000)]
Clean up a little bit of test suite spew in env-setup: first, when
using BSD options with ps, they should not be prefixed with a '-';
second, the Linux ps supports both BSD and System V options, so change
the structure of the tests not to warn when both forms work.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22647
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 28 Aug 2009 21:02:51 +0000 (21:02 +0000)]
Update a kadm5 testing library function which was calling
kadm5_get_principal without a mask argment. This was causing many
lib/kadm5 tests to fail, but the failures weren't being recorded
properly, so "make check" was still exiting successfully.
ticket: 6544
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22646
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Aug 2009 20:29:24 +0000 (20:29 +0000)]
Remove bogus conditional from tcl_kadm5_randkey_principal(), which was
causing unparse_keyblocks() to get stack garbage as num_keys when
num_var was "null", thus overrunning the end of the array.
ticket: 6544
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22645
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 28 Aug 2009 17:23:20 +0000 (17:23 +0000)]
Document kinit -C and -E options
kinit -C (canonicalize name) and -E (enterprise principal name)
weren't documented in the man page.
ticket: 6552
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22644
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 28 Aug 2009 16:00:54 +0000 (16:00 +0000)]
Disable the COPY_FIRST_CANONNAME workaround on Linux glibc 2.4 and
later, since it leaks memory on fixed glibc versions. We will still
leak memory on glibc 2.3.4 through 2.3.6 (e.g. RHEL 4) but that's
harder to detect.
ticket: 6534
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22643
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 27 Aug 2009 13:40:50 +0000 (13:40 +0000)]
Memory leak in spnego accept_sec_context error path
If the underlying mechanism's accept_sec_context returns an error, the
spnego accept_sec_context was leaving allocated data in
*context_handle, which is incorrect for the first call according to
RFC 2744.
Fix this by mirroring some code from the spnego init_sec_context,
which always cleans up the half-constructed context in case of error.
This is allowed (though not encouraged) by RFC 2744 for second and
subsequent calls; since we were already doing it in init_sec_context,
it seems simpler to do that than keep track of whether this is a first
call or not.
ticket: 6551
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22636
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 21 Aug 2009 22:37:55 +0000 (22:37 +0000)]
Rename db2 header files db.h and db-config.h in the source tree, so
that there will always be only one version of each name in the include
path (namely, the copy made in the build tree, or the generated db.h
if not using the in-tree one). This should fix some minor problems
with different dependency lists generated on different systems.
Sort and uniquify dependency header names before doing substitutions,
as well as after. Look for the db2 headers listed in sorted order.
Don't copy db-ndbm.h into the build tree; let libdb2 find it from the
source tree only.
Update dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22572
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 21 Aug 2009 22:30:43 +0000 (22:30 +0000)]
update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22571
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 21 Aug 2009 18:32:53 +0000 (18:32 +0000)]
Use load_32_be processing length in TCP reply
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22570
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 21 Aug 2009 18:32:50 +0000 (18:32 +0000)]
Change "vague-errors" compile-time conditionals into run-time
conditionals, based on a variable initialized based on the
compile-time conditional (but probably eventually set from the config
file or command line).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22569
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 21 Aug 2009 18:32:46 +0000 (18:32 +0000)]
Use {load,store}_{16,32}_be for big-endian integers
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22568
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 18 Aug 2009 03:05:16 +0000 (03:05 +0000)]
Minor code cleanups in pkinit plugin, mostly around malloc/free
invocations. No functional changes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22534
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 17 Aug 2009 20:07:21 +0000 (20:07 +0000)]
Bump sonames of libkadm5 libraries, since r22527 changed their ABIs
ticket: 6547
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22528
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 17 Aug 2009 19:40:48 +0000 (19:40 +0000)]
Modify kadm5 initializers to accept krb5 contexts
Add krb5_context parameters to all kadm5 initialization functions.
This allows extended error information to be retrieved by the caller
when an error is returned.
ticket: 6547
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22527
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 17 Aug 2009 14:39:44 +0000 (14:39 +0000)]
Remove unused variables resulting from r22521, and also remove the
unused file svr_misc_free.c.
ticket: 6544
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22523
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 14 Aug 2009 16:24:36 +0000 (16:24 +0000)]
In doc/Makefile, specify the new location of the kpasswd man page (the
old one was removed in r22521.
ticket: 6544
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22522
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 13 Aug 2009 21:25:54 +0000 (21:25 +0000)]
Remove kadmin v1 API support
The kadmin v1 API and the even older ovsec_kadm_* API were legacy when
kadmin was first incorporated in 1996, and compatibility with them is
no longer believed to be necessary.
The uninstalled kadmin/passwd has been removed (since it used the ovsec
API). The test suite has been updated to use the v2 API where
appropriate, and the parts specifically designed to test the old API
have been excised.
ticket: 6544
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22521
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 13 Aug 2009 18:48:46 +0000 (18:48 +0000)]
Fix lib/crypto/krb/dk/Makefile.in mydir value
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22520
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 12 Aug 2009 18:53:47 +0000 (18:53 +0000)]
Reply message ordering bug in ftpd
user() was replying to the user command and then calling login(),
which could send a continuation reply if it fails to chdir to the
user's homedir. Continuation replies must come before the actual
reply; the mis-ordering was causing ftp and ftpd to deadlock. To fix
the bug, invoke login() before reply() so that the continuation reply
comes first.
ticket: 6543
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22519
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 12 Aug 2009 17:58:24 +0000 (17:58 +0000)]
r22529@squish: raeburn | 2009-08-12 13:49:45 -0400
.
r22530@squish: raeburn | 2009-08-12 13:55:57 -0400
Change KRBCONF_KDC_MODIFIES_KDB to a mostly run-time option.
Change all code conditionals to test a new global variable, the
initial value of which is based on KRBCONF_KDC_MODIFIES_KDB. There is
currently no way to alter the value from the command line; that will
presumably be desired later.
Change initialize_realms to store db_args in a global variable. In
process_as_req, call db_open instead of the old set_name + init.
Don't reopen if an error is reported by krb5_db_fini.
Add a test of running kinit with an incorrect password, to trigger a
kdb update if enabled.
r22531@squish: raeburn | 2009-08-12 13:58:13 -0400
Fix trailing whitespace.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22518
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 10 Aug 2009 19:35:34 +0000 (19:35 +0000)]
Correct the t_nfold build rules again. We don't have a simple way of
plucking object files from other directories (we don't know for sure
what extension to use), so build an nfold.o in this directory from the
nfold.c in the ../krb source directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22517
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 10 Aug 2009 19:12:47 +0000 (19:12 +0000)]
Check for null characters in pkinit cert fields
When processing DNS names or MS UPNs in pkinit certs, disallow
embedded null characters.
ticket: 6542
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22516
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 10 Aug 2009 05:26:05 +0000 (05:26 +0000)]
Narrow the contract of pkinit_client_profile by passing in the realm
instead of the whole request.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22515
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 10 Aug 2009 05:16:24 +0000 (05:16 +0000)]
In pkinit_clnt.c, make private functions static. There and in
pkinit_srv.c, only declare static functions when necessary for forward
references (as is consistent with the other pkinit sources). Remove
the empty functions pkinit_init_client_profile and
pkinit_fini_client_profile.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22514
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 10 Aug 2009 05:02:43 +0000 (05:02 +0000)]
Convert all uses of strtok() in libraries to strtok_r() for thread
safety.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22513
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 10 Aug 2009 04:42:44 +0000 (04:42 +0000)]
Remove pkinit_identity_process_option, which wasn't doing anything
besides picking a subsidiary function based on the (constant) input
argument. Remove the associated constants from pkinit.h as well. No
functional change.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22512
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 7 Aug 2009 19:17:57 +0000 (19:17 +0000)]
Fix the LDAP build, which was broken by the build reordering in
r22406. Build kdb5_util's getdate from the kadmin/cli getdate
source, instead of borrowing the object file from the kadmin/cli
build directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22501
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 3 Aug 2009 23:18:42 +0000 (23:18 +0000)]
In crypto_tests: for t_nfold, link against an nfold object file in the
build directory, not the source directory. Remove the nfold object
from the t_encrypt dependency list since we don't directly use it in
the linking rule.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22489
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 3 Aug 2009 21:58:15 +0000 (21:58 +0000)]
Be a little more verbose about errors from mit_des_key_sched(), and
remember to print newlines.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22488
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 3 Aug 2009 21:19:46 +0000 (21:19 +0000)]
Fix deplibs for t_crc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22487
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 3 Aug 2009 20:27:03 +0000 (20:27 +0000)]
Get "make depend" to work in an unbuilt source tree, since bad deps
files can make it difficult to build the tree. To do this, make the
depends target depend on generated header files and on header file
copies or links into the main include directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22486
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 3 Aug 2009 18:40:22 +0000 (18:40 +0000)]
Re-run make depend. (I am not certain why the dependencies from
r22477 didn't work for me.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22482
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 3 Aug 2009 18:00:18 +0000 (18:00 +0000)]
In the crypto-tests check target, refer to t_cf2.expected in the
source tree (where it lives) instead of the cwd.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22481
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 3 Aug 2009 17:57:05 +0000 (17:57 +0000)]
In configure.in's list of Makefiles to generate, remove the trailing
slash from lib/crypto/krb as it breaks Makefile auto-regeneration.
While here, wrap the list to fit within 80 columns and use tab indents
to match the surrounding lines.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22480
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 3 Aug 2009 14:19:16 +0000 (14:19 +0000)]
Crypto modularity proj: Separate files under crypto directory based on their functionality. Move Kerberos specific files into krb subdir and MIT specific - into builtin subdir. Place all tests into crypto_tests subfolder.
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22477
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Sat, 1 Aug 2009 02:25:56 +0000 (02:25 +0000)]
Fix of the test cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22476
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 30 Jul 2009 19:06:37 +0000 (19:06 +0000)]
Include <assert.h> in k5-platform.h, since we use assertions in some
of the macros defined there, as well as in many source files which do
not themselves include <assert.h>. Report and fix by Rainer Weikusat.
ticket: 6533
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22475
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 30 Jul 2009 17:22:28 +0000 (17:22 +0000)]
Fix memory leak in k5_pac_verify_server_checksum
k5_pac_verify_server_checksum was leaking memory when the checksum was valid.
t_pac.c: Fix memory leak by forgetting to release memory.
ticket: 6541
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22474
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 30 Jul 2009 17:12:20 +0000 (17:12 +0000)]
memory leak in test code t_authdata
Free the krb5_context at the end to release memory.
ticket: 6540
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22473
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 30 Jul 2009 01:07:03 +0000 (01:07 +0000)]
Fix memory leak by release context at end of test code
ticket: 6539
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22470
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 29 Jul 2009 16:10:32 +0000 (16:10 +0000)]
Enctype list configuration enhancements
In the processing code for enctype lists, add support for "DEFAULT"
to indicate the default list, for families (des/des3/aes/rc4), and
for removing entries from the current list (-foo). Also add unit
tests and document.
ticket: 6539
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22469
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 28 Jul 2009 16:21:19 +0000 (16:21 +0000)]
Crypto Modularity proj: Added an option --with-crypto-impl to configure.in to specify crypto impl
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22460
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 27 Jul 2009 17:41:19 +0000 (17:41 +0000)]
Use zero-terminated enctype lists in the context structure instead of
counted lists, to reduce impedance mismatches.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22456
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 17 Jul 2009 01:35:58 +0000 (01:35 +0000)]
include win-mac.h in gssftp/ftp/cmds.c for HAVE_STDLIB_H
gssftp/ftp/cmds.c had a preprocessor conditional on HAVE_STDLIB_H that
will not evaluate correctly on WIN32 unless win-mac.h is included first.
ticket: 6531
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22443
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 10 Jul 2009 19:46:20 +0000 (19:46 +0000)]
check for slogin failure in setup_root_shell
Add a check for a slogin message that indicates an unknown public key
fingerprint, as rlogin looks like it points to slogin by default on
Debian Lenny.
ticket: 6530
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22435
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 10 Jul 2009 19:20:26 +0000 (19:20 +0000)]
Add a new '-W' option to kadmind and kdb5_util create to allow reading
weak random numbers on startup, to avoid long delays in testing
situations. Use only for testing.
Update testing scripts accordingly.
ticket: 1233
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22434
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 10 Jul 2009 19:13:17 +0000 (19:13 +0000)]
In the dejagnu test suite, remove the no-longer-used check_klogin
function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22433
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Jul 2009 22:08:57 +0000 (22:08 +0000)]
Make datetest buildable again
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22432
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 9 Jul 2009 19:10:57 +0000 (19:10 +0000)]
In tests/dejagnu/Makefile.in, remove a --srcdir option which was
redundant with the one in pre.in.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22431
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 9 Jul 2009 19:07:30 +0000 (19:07 +0000)]
In pre.in, remove some variable expansions in the definition of
DEJAFLAGS which aren't used anywhere in the tree.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22430
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 1 Jul 2009 16:23:25 +0000 (16:23 +0000)]
k5-platform.h no longer takes responsibility for making "static
inline" work, so remove the comment which says it does.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22425
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 27 Jun 2009 01:00:05 +0000 (01:00 +0000)]
In krb5_copy_error_message, pass correct pointer to
krb5int_clear_error.
ticket: 6519
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22424
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 26 Jun 2009 02:44:41 +0000 (02:44 +0000)]
Add test case omitted in last commit
ticket: 6428
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22423
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 26 Jun 2009 02:43:21 +0000 (02:43 +0000)]
Check for principal expiration prior to checking for password
expiration. Reported by Phil Pishioneri.
ticket: 6428
version_reported: 1.7
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22422
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 23 Jun 2009 04:26:14 +0000 (04:26 +0000)]
syms.c doesn't exist; update clean target and dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22421
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 23 Jun 2009 04:21:40 +0000 (04:21 +0000)]
GSSAPI init/accept_sec_context performance testing program
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22420
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 21 Jun 2009 11:43:18 +0000 (11:43 +0000)]
Update comments to reflect reality and the fact that this is not a file based
cache.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22419
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 18 Jun 2009 23:25:25 +0000 (23:25 +0000)]
reduce some mutex performance problems in profile library
In profile_node_iterator we unlock a mutex in order to call
profile_update_file_data, which wants to lock that mutex itself, and
then when it returns we re-lock the mutex. (We don't use recursive
mutexes, and I would continue to argue that we shouldn't.) On the
Mac, when running multiple threads, it appears that this results in
very poor peformance, and much system and user CPU time is spent
working with the locks. (Linux doesn't seem to suffer as much.)
So: Split profile_update_file_data into a locking wrapper, and an
inner routine that does the real work but requires that the lock be
held on entry. Call the latter from profile_node_iterator *without*
unlocking first, and only unlock if there's an error. This doesn't
move any significant amount of work into the locking region; it pretty
much just joins locking regions that were disjoint for no good reason.
On my tests on an 8-core Mac, in a test program running
gss_init_sec_context in a loop in 6 threads, this brought CPU usage
per call down by 40%, and improved wall-clock time even more.
Single-threaded performance improved very slightly, probably in the
noise.
Linux showed modest improvement (5% or less) in CPU usage in a
3-thread test on a 4-core system.
Similar tests with gss_accept_sec_context showed similar contention
around the profile-library mutexes, but I haven't analyzed the
performance changes there from this patch.
More work is needed, but this will help.
ticket: 6515
tags: pullup
target_version: 1.7.1
version_reported: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22418
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 18 Jun 2009 21:56:48 +0000 (21:56 +0000)]
minor memory leak in 'none' replay cache type
The replay cache type implementations are responsible for freeing the
main rcache structure when the cache handle is closed. The 'none'
rcache type wasn't doing this, resulting in a small memory leak each
time such a cache was opened and closed. Not a big deal for a server
process servicing a single client, but it could accumulate (very very
slowly) for a long-running server.
ticket: 6514
tags: pullup
target_version: 1.7.1
version_reported: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22417
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 18 Jun 2009 17:34:17 +0000 (17:34 +0000)]
Remove the new configure option --enable-static-only, and instead
require --enable-static --disable-shared for the same effect. Error
out if only one of those two is specified.
While here, remove an unnecessary clause in the --disable-rpath block,
and make the notices consistent when using shared and static
libraries.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22416
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 18 Jun 2009 04:34:47 +0000 (04:34 +0000)]
In default.exp, revert an unintended part of the last commit
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22415
dc483132-0cff-0310-8789-
dd5450dbe970