Greg Hudson [Fri, 2 Sep 2011 17:07:59 +0000 (17:07 +0000)]
Migrate net-server loop to use libverto
From npmccallum@redhat.com.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25132
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 2 Sep 2011 17:07:57 +0000 (17:07 +0000)]
Remove vestigial reset_db() in kadmind
From npmccallum@redhat.com.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25131
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 2 Sep 2011 17:07:55 +0000 (17:07 +0000)]
Remove ancient Purify support in kadmind
From npmccallum@redhat.com.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25130
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 2 Sep 2011 17:07:52 +0000 (17:07 +0000)]
Don't bother logging SIGPIPE in kadmind
From npmccallum@redhat.com.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25129
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 2 Sep 2011 17:07:49 +0000 (17:07 +0000)]
Add a loop_ prefix to net-server.c functions
From npmccallum@redhat.com.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25128
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 2 Sep 2011 17:07:45 +0000 (17:07 +0000)]
Create k5ev verto module from libev sources
Add configure and build support for libverto and the libverto-k5ev
module. Fix the version script rules to work for libraries with
hyphens in their names.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25127
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 2 Sep 2011 17:07:40 +0000 (17:07 +0000)]
Add libev 4.04 sources in util/k5ev
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25126
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 2 Sep 2011 17:07:35 +0000 (17:07 +0000)]
Add libverto sources in util/verto
These are from the source repository as of 2011-08-24, since there are
no formal releases yet.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25125
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 1 Sep 2011 22:02:32 +0000 (22:02 +0000)]
Make dejagnu tests work with non-FQDN hostname
By making an entry for $hostname in [domain_realm], we can relax the
requirement that the canonicalized local hostname must have a parent
domain. This makes the test suite work more easily on Fedora.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25124
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 1 Sep 2011 19:18:59 +0000 (19:18 +0000)]
Fix a klist example in the user guide
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25123
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 1 Sep 2011 17:33:11 +0000 (17:33 +0000)]
Get local hostname more precisely in k5test.py
socket.getfqdn() tries to produce a result containing a period, so it
may disagree with krb5_sname_to_principal's result--for example, in
Fedora's default DHCP configuration. Use getaddrinfo and getnameinfo
calls mirroring krb5_sname_to_principal's logic instead.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25122
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 1 Sep 2011 16:21:25 +0000 (16:21 +0000)]
Fix cross-realm traversal TGT requests
When requesting a cross-realm TGT, use the KDC instance of the current
TGT (the second data component), not the realm which the TGT came
from.
ticket: 6952
target_version: 1.9.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25121
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 1 Sep 2011 03:36:29 +0000 (03:36 +0000)]
Fix connection termination bug in sendto_kdc
When terminating a connection, close and invalidate conn->fd so that
we don't look for it in selstate on the next select or poll
invocation. Looking for such an fd is harmless when using select, but
results in an assertion failure when using poll.
ticket: 6951
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25120
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 30 Aug 2011 21:30:11 +0000 (21:30 +0000)]
Have kinit, klist and klist_keytab in k5test.realm take keyword args
Apply patch from Linus Nordberg.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25119
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 29 Aug 2011 23:08:33 +0000 (23:08 +0000)]
Fix a display bug in t_kgss_user
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25118
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 29 Aug 2011 21:03:02 +0000 (21:03 +0000)]
Update config.guess and config.status
Copy in the latest config.guess and config.status from upstream git
master as of 2011-08-23. Our previous version didn't recognize
Android.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25117
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 29 Aug 2011 17:20:37 +0000 (17:20 +0000)]
Fix style issues in r25087
* Function names should be at the beginning of lines in definitions.
* Changes should not create lines >79 characters.
* Continuation lines should align after left parens when appropriate.
Also, krb5_gss_accept_sec_context_ext and acquire_accept_cred are
not gss mechanism functions and should not have been tagged.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25116
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 26 Aug 2011 17:56:44 +0000 (17:56 +0000)]
Remember and close the kadmin socket we opened
Prior to ticket #6746, the RPC library opened the kadmin socket and
took responsibility for closing. When we added IPv6 support, the
calling code became the owner of the socket but wasn't closing it,
resulting in a file descriptor leak.
ticket: 6949
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25115
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 24 Aug 2011 21:33:47 +0000 (21:33 +0000)]
Update profile.swg to remove compilation warnings. profile_tcl.c
modified to remove spaces and tabs at end of line.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25114
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 24 Aug 2011 20:04:49 +0000 (20:04 +0000)]
Fix signed/unsigned warnings in tests
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25113
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 24 Aug 2011 02:48:07 +0000 (02:48 +0000)]
Only build the po subdir if i18n is enabled
Also clean the built message catalogs in "make clean".
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25112
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 23 Aug 2011 15:45:29 +0000 (15:45 +0000)]
Updated "Ticket Policy operations" and eDir sections in "Operations on the LDAP database" documentation to reference kdb5_ldap_util subtopics
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25111
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 22 Aug 2011 20:24:07 +0000 (20:24 +0000)]
Minor reformating of kdb5_ldap_util documentation. Also, removed duplicates from ldap_operations documentation by referencing to kdb5_ldap_util documentation subsections
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25110
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 22 Aug 2011 16:54:20 +0000 (16:54 +0000)]
Removed repetitive text from "Operations on the Kerberos database" sub-section of database administration section. Reference to kdb5_util commands documentation instead
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25109
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 20 Aug 2011 20:26:09 +0000 (20:26 +0000)]
make-depend
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25108
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 19 Aug 2011 21:24:09 +0000 (21:24 +0000)]
Updated documentation for ktadd/ktremove commands.
Added usage example to ktutil document.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25107
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 19 Aug 2011 02:39:18 +0000 (02:39 +0000)]
Remove setting a variable that is never used
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25106
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 19 Aug 2011 02:38:31 +0000 (02:38 +0000)]
Remove variable set but unused
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25105
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 19 Aug 2011 02:37:37 +0000 (02:37 +0000)]
Remove an unused variable
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25104
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 17 Aug 2011 17:27:30 +0000 (17:27 +0000)]
Removed some text from the Database Administration section as it duplicated kadmin(1). Instead, used references to kadmin(1) sub-sections
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25103
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 16 Aug 2011 14:31:06 +0000 (14:31 +0000)]
Generate man pages for krb5.conf and kdc.conf. For clearer reference in the man pages, rename the x-ref label name in Supported Enc Types
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25102
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 15 Aug 2011 20:29:07 +0000 (20:29 +0000)]
Make data_eq_string work with const strings
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25101
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Sat, 13 Aug 2011 02:39:24 +0000 (02:39 +0000)]
Added missing configuration options
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25100
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 12 Aug 2011 18:18:00 +0000 (18:18 +0000)]
Removed unused "db_modules" and "preauth_module_dir" configuration options
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25099
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 11 Aug 2011 16:37:55 +0000 (16:37 +0000)]
Fix call to gss_inquire_cred from spnego_gss_acquire_cred_impersonate_name
If desired_mechs is NULL (this should never happen when invoked from
the MIT mechglue), we call gss_inquire_cred to get a list of mechs.
This call needs to pass a union cred handle, not the SPNEGO handle we
got as input. Reported by aberry@likewise.com.
ticket: 6945
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25098
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 11 Aug 2011 15:13:52 +0000 (15:13 +0000)]
Fix major status handling in gss_acquire_cred
If we have at least one cred element after the mech loop, reset major
before continuing on, or we could mistakenly return a failure status
from the last mech (and free the returned creds). Reported by
aberry@likewise.com.
ticket: 6944
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25097
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 11 Aug 2011 15:03:28 +0000 (15:03 +0000)]
Correctly dereference cred_handle when assigning to spcred in
spnego_gss_set_cred_option. Reported by aberry@likewise.com.
ticket: 6943
target_version: 1.9.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25096
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 11 Aug 2011 14:53:58 +0000 (14:53 +0000)]
Untabify k5_path test program
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25095
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 11 Aug 2011 14:27:32 +0000 (14:27 +0000)]
Cleanup memory leak in test
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25094
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 10 Aug 2011 21:19:48 +0000 (21:19 +0000)]
Alphabetically arranged tags. Removed [login] section. Added missing db_module_dir and pkinit_longhorn tags
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25093
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 10 Aug 2011 17:10:37 +0000 (17:10 +0000)]
Clean up some ldap #define's
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25092
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 9 Aug 2011 21:09:30 +0000 (21:09 +0000)]
Whitespace
Also remove the erroneously added gssapi_err_krb5 error table sources.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25091
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Aug 2011 20:07:43 +0000 (20:07 +0000)]
call gssint_mecherrmap_init() from gssint_mechglue_init()
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25090
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Aug 2011 20:07:39 +0000 (20:07 +0000)]
Windows fixes for gss-client.c
close(s) -> closesocket(s)
#include "port-sockets.h" (for closesocket())
#include "winsock.h" -> #include "winsock2.h" for consistency with port-sockets.h
call WSAStartup() before using sockets functions on Windows
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25089
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Aug 2011 20:07:34 +0000 (20:07 +0000)]
Fix rare duplicate time issue On systems with imprecise clocks
(e.g. windows), there was as issue where microsecond rollover could
conceivably cause the same time to be reported twice. Also document
potential performance improvement by using thread-local storage for
last_time and eliminating the mutex.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25088
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Aug 2011 20:07:23 +0000 (20:07 +0000)]
Use KRB5_CALLCONV for all gss mechanism functions. Also wrap #include <unistd.h> with #ifdef HAVE_UNISTD_H in g_authorize_localname.c
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25087
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Aug 2011 20:07:16 +0000 (20:07 +0000)]
Added functions to export tables krb5_32:
krb5int_c_mandatory_cksumtype, krb5int_arcfour_gsscrypt gssapi32:
gss_pname_to_uid
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25086
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Aug 2011 20:00:32 +0000 (20:00 +0000)]
Add 'const' to fix mismatched parameter warnings
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25085
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Aug 2011 20:00:27 +0000 (20:00 +0000)]
Compile fix for WIN32 implementation of k5_get_os_entropy: declare HCRYPTPROV provider
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25084
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Aug 2011 20:00:21 +0000 (20:00 +0000)]
Updated OBJS and SRCS in lib/crypto/krb/Makefile.in
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25083
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Aug 2011 20:00:16 +0000 (20:00 +0000)]
Removed references to deleted subdirectories from FILES and WINMAKEFILES lists
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25082
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Aug 2011 20:00:13 +0000 (20:00 +0000)]
Fixed typo in des OBJS: des_keys.c. -> des_keys
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25081
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Aug 2011 20:00:07 +0000 (20:00 +0000)]
In last-resort fallback va_copy change 'memcmp' to 'memcpy'
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25080
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 9 Aug 2011 19:26:32 +0000 (19:26 +0000)]
Fix name of krb5_init_context_profile in krb5_32.def
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25079
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 9 Aug 2011 18:39:37 +0000 (18:39 +0000)]
Added kdb5_ldap_util manual page to the Sphinx doc tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25078
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 9 Aug 2011 02:00:48 +0000 (02:00 +0000)]
Updated kdc.conf documentation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25077
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 8 Aug 2011 18:27:15 +0000 (18:27 +0000)]
Fix accidental KDC use of replay cache
r24464 (ticket #6804) intended to remove the KDC replay cache by
eliminating all of the USE_RCACHE code, but it had the unintended side
effect of causing krb5_rd_req_decoded to use the default server
rcache. Using this cache is much less efficient because it is opened
and re-read for each request.
Set appropriate flags on the auth context to disable replay cache use
for TGS requests altogether.
ticket: 6941
target_version: 1.9.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25076
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 7 Aug 2011 01:17:16 +0000 (01:17 +0000)]
Use portable path functions when loading plugins
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25075
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 7 Aug 2011 01:12:28 +0000 (01:12 +0000)]
Add internal APIs for portable path manipulation
k5_path_split separates a path into dirname and basename.
k5_path_join joins two paths.
k5_path_isabs determines if a path is absolute.
All three functions follow the Python path function semantics.
Currently the test module doesn't run in the Windows build, but the
Windows path semantics are tested in the Unix build using specially
built objects.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25074
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 5 Aug 2011 16:59:52 +0000 (16:59 +0000)]
Added .k5login, k5srvutil, ktutil, kadmind manual documnets to Sphins doc tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25073
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 5 Aug 2011 13:10:33 +0000 (13:10 +0000)]
Added kdb5_util man page to the Sphinx doc tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25072
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 4 Aug 2011 15:01:51 +0000 (15:01 +0000)]
Added kpropd and kproplog man pages to Sphinx doc tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25071
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 3 Aug 2011 18:21:23 +0000 (18:21 +0000)]
Added kprop document to Sphinx doc tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25070
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 3 Aug 2011 17:50:23 +0000 (17:50 +0000)]
Added kadmin_local and krb5kdc admin programs to Sphinx doc tree.
Changed the reference labels in krb5/kdc.conf files for them to appear properly in the man pages.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25069
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 3 Aug 2011 03:41:35 +0000 (03:41 +0000)]
Fix several krb5.conf doc inconsistencies
ldap_servers was incorrectly documented as ldap_server in the admin
guide. realm_try_domains and preferred_preauth_types were documented
in the man page but not the admin guide.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25068
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 2 Aug 2011 20:59:19 +0000 (20:59 +0000)]
Document some variables in the right section
database_name, disable_last_success, and disable_lockout should be
under dbmodules, not dbdefaults.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25067
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 1 Aug 2011 20:09:44 +0000 (20:09 +0000)]
Added ksu and kvno man pages documentation to Sphinx doc tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25066
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 1 Aug 2011 15:18:21 +0000 (15:18 +0000)]
Option to add API documentation to the Sphinx doc tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25065
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 1 Aug 2011 15:14:30 +0000 (15:14 +0000)]
Minor comment correction
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25064
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 29 Jul 2011 22:21:55 +0000 (22:21 +0000)]
Added kpasswd, klist and kdestroy to Sphinx docs. Updated Sphinx configuration to build man pages for them
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25063
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 29 Jul 2011 19:40:39 +0000 (19:40 +0000)]
Start building man pages from Sphinx documentation.
Added kinit document to Sphinx docs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25062
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 27 Jul 2011 15:43:36 +0000 (15:43 +0000)]
Fix profile test module on Solaris
The test module uses k5-platform.h and therefore implicitly
libkrb5support (in this case, krb5int_asprintf), so make it depend on
that.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25061
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 27 Jul 2011 02:13:15 +0000 (02:13 +0000)]
Update test vtable functions to match proper function prototypes.
Also - add return values when appropriate.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25060
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 26 Jul 2011 21:57:20 +0000 (21:57 +0000)]
Legacy checksum APIs usually fail
krb5_calculate_checksum() and krb5_verify_checksum(), both deprecated,
construct invalid keyblocks and pass them to the real functions, which
used to work but now doesn't. Try harder to construct valid keyblocks
or pass NULL if there's no key.
ticket: 6939
target_version: 1.9.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25059
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 26 Jul 2011 17:35:19 +0000 (17:35 +0000)]
Added #define processing
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25058
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 26 Jul 2011 11:37:24 +0000 (11:37 +0000)]
Ensure profile_iterator always sets output params
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25057
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 26 Jul 2011 11:28:13 +0000 (11:28 +0000)]
Document klist -V in the man page
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25056
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 26 Jul 2011 11:28:08 +0000 (11:28 +0000)]
Define KRB5_TL_DB_ARGS unconditionally in kdb.h
Due to an apparent merge bug, KRB5_TL_DB_ARGS was defined in a
SECURID conditional block, and several source files worked around the
problem by defining the constant themselves or defining SECURID. Move
the definition and remove the workarounds.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25055
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 26 Jul 2011 10:46:50 +0000 (10:46 +0000)]
For GCC compiles, use an attribute to suppress the variable set but
not used warnings. Due to the nested macros, it would get very ugly
to try and remove the variables.
Removes ~75 warnings from the build.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25054
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 26 Jul 2011 00:05:06 +0000 (00:05 +0000)]
Remove t_vfyincreds on make clean
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25053
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 25 Jul 2011 23:57:32 +0000 (23:57 +0000)]
Remove declaration of static function that no longer exists
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25052
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 25 Jul 2011 19:25:23 +0000 (19:25 +0000)]
Better x-ref for simple macro's in doxygen comments
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25051
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 25 Jul 2011 17:54:43 +0000 (17:54 +0000)]
PAC_CLIENT_INFO principal names do not contain a realm, so parse them
with the KRB5_PRINCIPAL_PARSE_NO_REALM flag. Otherwise we'll wind up
using the default realm (and then ignoring it) which fails if one
isn't configured.
ticket: 6934
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25050
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 25 Jul 2011 16:31:44 +0000 (16:31 +0000)]
Added documentation for the encrypt/decrypt API functions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25049
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 25 Jul 2011 16:00:06 +0000 (16:00 +0000)]
In rare circumstances, such as checksum errors, some network stacks
can flag an fd for reading in select() and still block when the fd is
read. Set all sockets non-blocking to prevent hangs when this occurs.
(We don't actually handle the resulting EWOULDBLOCK or EAGAIN errors,
so the rare cases will appear as communication failures and we will
close the socket. This is already the case for TCP sockets and
probably isn't a big deal.)
ticket: 6933
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25048
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 25 Jul 2011 15:54:39 +0000 (15:54 +0000)]
Never return profile on error opening file
If profile_open_file() discovers a shared tree for the file, but
encounters an error when updating it, dereference the data and return
a null profile rather than returning an error and a newly broken file
object. Otherwise we'd leak the returned file object in
profile_init().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25047
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 25 Jul 2011 15:54:36 +0000 (15:54 +0000)]
Fix a premature free in ss_listen()
The readline support change freed input just after ss_execute_line(),
but input can be used in the error block immediately following. Free
input after the error block instead.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25046
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 25 Jul 2011 15:54:33 +0000 (15:54 +0000)]
Rewrite set_results() in prof_get.c
The new implementation should be more friendly to static analyzers.
Coverity was getting confused into thinking that profile_iterator()
had the effect of returning a freed name pointer.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25045
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 25 Jul 2011 15:54:30 +0000 (15:54 +0000)]
Restore accessor behavior on null profiles
Prior to the pluggable configuration work, profile_get_values() and
friends would return PROF_NO_PROFILE if called with a null profile.
Restore that behavior.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25044
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 25 Jul 2011 15:54:26 +0000 (15:54 +0000)]
Simplify KDC realm initialization slightly
krb5_aprof_init() can no longer return 0 with a null profile, so we
can call krb5_aprof_finish() unconditionally.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25043
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 25 Jul 2011 13:46:53 +0000 (13:46 +0000)]
Fix build without KRB5_DNS_LOOKUP
Define MAX_DNS_NAMELEN unconditionally in k5-int.h as we use it
unconditionally in kdc_util.c. Don't define it in locate_kdc.c.
Conditionalize dns_locate_server() in locate_kdc.c as its only call
site (in k5_locate_server) and its helper function (locate_srv_dns_1)
are conditional.
From Chris Hecker with minor changes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25042
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 24 Jul 2011 12:17:13 +0000 (12:17 +0000)]
Clean up a number of variables set but not used warnings
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25041
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 23 Jul 2011 13:15:09 +0000 (13:15 +0000)]
Clean up the lock in gss_krb5int_import_cred
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25040
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 22 Jul 2011 18:59:08 +0000 (18:59 +0000)]
Don't include <editline/history.h>
editline puts all of its readline compatibility declarations in
editline/readline.h, and some versions apparently don't have the
history.h symlink.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25039
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 22 Jul 2011 16:58:35 +0000 (16:58 +0000)]
Rename "ivec" to "cipher_state" in encrypt/decrypt
This makes the implementations match up with the prototypes, and is
more correct for enctypes like RC4 where the cipher state is not an
ivec.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25038
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 22 Jul 2011 16:56:36 +0000 (16:56 +0000)]
Fix gss_set_cred_option cred creation with no name
When creating a cred in the mechglue with gss_acquire_cred, the
mechanism is allowed to return no name from gss_inquire_cred. But in
the analagous operation in gss_set_cred_option, that would result in
an error from gss_display_name. Make the call to gss_display_name
conditional on the mechanism name being set. Reported by Andrew
Bartlett.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25037
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 22 Jul 2011 16:37:00 +0000 (16:37 +0000)]
Fix configure logic when libedit isn't present
The configure script was correctly detecting that libedit was absent,
but was setting RL_CFLAGS to garbage in the process.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25036
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 22 Jul 2011 00:26:56 +0000 (00:26 +0000)]
Add libedit/readline support to ss
By default, look for libedit (using pkg-config) and use it in libss.
Alternatively, the builder can explicitly ask for GNU Readline, but
using it will break the dejagnu test suite and will also add a GPL
dependency to libss and the programs using it.
ticket: 6931
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25035
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 21 Jul 2011 21:04:24 +0000 (21:04 +0000)]
Better workaround for profile test module
Ken pointed out that we have a libnodeps.in for just this case, so use
it instead of a dummy SHLIB_RDIRS.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25034
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 21 Jul 2011 20:41:20 +0000 (20:41 +0000)]
Set SHLIB_RDIRS in profile test module build
The test module has no dependencies, but SHLIB_RDIRS must be set or
the commands in shlib.conf can produce syntax errors.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25033
dc483132-0cff-0310-8789-
dd5450dbe970