Alexandra Ellwood [Wed, 24 Sep 2008 22:11:20 +0000 (22:11 +0000)]
Fixed bugs in command line change password support.
Removed low level change password functions from export list
because they require a UI context.
Added kim_ccache functions needed by klist to export list.
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20749
dc483132-0cff-0310-8789-
dd5450dbe970
Justin Anderson [Tue, 23 Sep 2008 22:20:04 +0000 (22:20 +0000)]
KIM Identity selection dialog work. Updated to match changes to KIM API
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20748
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 23 Sep 2008 21:46:12 +0000 (21:46 +0000)]
Renamed error handling files to reflect what they do now.
Moved GUI code into OS-specific directory.
Fixed bugs in cache collection iterator routines where it was mishandling
the magic empty ccache created when the cache collection is empty.
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20747
dc483132-0cff-0310-8789-
dd5450dbe970
Justin Anderson [Tue, 23 Sep 2008 19:40:52 +0000 (19:40 +0000)]
kim_ccache_get_display_name was calling kim_ccache_create_resolve_name with its parameters in the wrong order
kim_ccache_iterator_next wasn't handling the end of iteration correctly.
ticket:6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20746
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 22 Sep 2008 22:13:06 +0000 (22:13 +0000)]
Added command line UI support.
Added change password and acquire credentials UI harness support.
API changes to the change password support to reflect these changes.
Removed callback prompter interfaces since there is now plugin support.
Updated documentation.
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20745
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 22 Sep 2008 18:17:38 +0000 (18:17 +0000)]
Merge three patches from Novell, with some updates related to work in
our tree since they were submitted, and reindenting for one source
file that got particularly ugly in the process.
From Savitha R on 2008-02-18 (yes, it was sitting in my queue a while):
Attached patches have fixes for some issues in LDAP backend.
1. patch-mem-pwd.txt
This patch clears the password in memory, fixes some memory leaks (in
common code) and a segfault in eDirectory specific code.
2. patch-princ-attrs.txt
This patch removes some eDirectory specific attributes from the common
code
3. patch-edir-rights.txt
This patch is specific to eDirectory code and fixes some rights issue.
It adds and deletes rights to service objects as required on the kerberos
attributes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20744
dc483132-0cff-0310-8789-
dd5450dbe970
Justin Anderson [Mon, 22 Sep 2008 17:03:51 +0000 (17:03 +0000)]
Merge 1.7 work on auxiliary ccache functions necessary for KIM. Adds krb5_cc_lock/unlock, krb5_cccol_lock/unlock, krb5_cc_last_change_time, krb5_cccol_last_change_time, krb5_cc_move, and adds pertype cursor support to some cache types
Locking functions work the same as the CCAPI cc_ccache_lock / cc_context_lock functions, though not as read/write locks.
ticket: 6124
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20743
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 22 Sep 2008 16:01:03 +0000 (16:01 +0000)]
Missed some changes for db_context->dal_handle renaming
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20742
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 19 Sep 2008 21:51:03 +0000 (21:51 +0000)]
KIM ui plugin support and gui selection harness
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20740
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 19 Sep 2008 21:03:11 +0000 (21:03 +0000)]
Remove kim_identity_get_gss_name from the export lists
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20739
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 18 Sep 2008 18:57:01 +0000 (18:57 +0000)]
Added functions to save and get password from keychain
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20732
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 18 Sep 2008 15:57:27 +0000 (15:57 +0000)]
makedepend
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20731
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 18 Sep 2008 15:42:34 +0000 (15:42 +0000)]
If unset env(KRB5CCNAME) doesn't work, skip the tests that depend on it
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20730
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 18 Sep 2008 14:56:49 +0000 (14:56 +0000)]
Removed kim_identity_get_gss_name and updated documentation
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20729
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 17 Sep 2008 21:30:54 +0000 (21:30 +0000)]
Added tentative plugin API for KIM UI
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20728
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 17 Sep 2008 21:29:35 +0000 (21:29 +0000)]
Added support for options in favorite identities.
Fixed KLL preference reading support to not read keys
from the wrong locations. Updated prompter function
prototype.
Updated tests to reflect these changes.
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20727
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 12 Sep 2008 22:38:21 +0000 (22:38 +0000)]
Fixed KIM export list for KerberosLite (forgot there were two)
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20713
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 11 Sep 2008 21:30:10 +0000 (21:30 +0000)]
Removed favorite identities object from public API and merged functionality
into the preferences API to reduce function calls. Added options parameter
to favorite identities (Mac OS X support still needed for options though).
Updated test cases to reflect these changes.
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20712
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 9 Sep 2008 21:23:35 +0000 (21:23 +0000)]
Untabify; trim trailing whitespace; add emacs local variables to avoid tabs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20711
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 8 Sep 2008 21:53:21 +0000 (21:53 +0000)]
whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20710
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 8 Sep 2008 21:21:51 +0000 (21:21 +0000)]
Use krb5 threading functions.
Remove use of ECODE since errors are no longer objects.
Fixed bug where bundle error strings were not returned when
homedir access was off.
Switched to using UTF8 unconditionally.
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20709
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 5 Sep 2008 20:46:44 +0000 (20:46 +0000)]
Use braces to repair broken emacs indentation, caused by omission of a
semicolon, caused by use of macros that expand to compound statements.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20708
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 5 Sep 2008 20:39:19 +0000 (20:39 +0000)]
Whitespace changes, mostly horizontal, for consistency with current
style: indentation levels, spacing around if/else/for/while and
braces. Still plenty of inconsistency with current coding standards,
especially for when line breaks are to be used. Didn't touch
multi-line macro definitions, or .h function declarations.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20707
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 4 Sep 2008 18:43:14 +0000 (18:43 +0000)]
CCAPI should only use one pthread key
Use k5 thread functions. Also add destructors so if we ever have a way
to detect application exit that the pthread key is destroyed.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20705
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 3 Sep 2008 17:22:58 +0000 (17:22 +0000)]
Use GSS_S_BAD_STATUS for unknown status codes
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20704
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 29 Aug 2008 17:42:20 +0000 (17:42 +0000)]
Fix vasprintf signed/unsigned mix; separate out duplicated error paths; pull success return path out of guts of loop
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20703
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 28 Aug 2008 18:11:50 +0000 (18:11 +0000)]
fix resource leak in USE_PASSWORD_SERVER code
Don't leak file descriptors in error cases.
Remove limit from length of passwords.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20702
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 28 Aug 2008 17:17:51 +0000 (17:17 +0000)]
Fix resource leak
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20701
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 28 Aug 2008 16:37:34 +0000 (16:37 +0000)]
Additional code for KerberosAgent. Checking in so Justin can work on it
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20700
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 27 Aug 2008 22:31:57 +0000 (22:31 +0000)]
compile-time flag to disable iprop
If DISABLE_IPROP is defined at compile time, don't listen for
connections and don't register the service. (Doesn't currently
disable compilation of all of the code.)
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20699
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 27 Aug 2008 16:45:55 +0000 (16:45 +0000)]
Some helper rules for running Coverity Prevent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20698
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 27 Aug 2008 16:36:00 +0000 (16:36 +0000)]
Based on patch from lxs, with some changes:
Add several new gcc warning flags, used in the KfM build process.
Put declarations before code.
Fix a bunch of signed/unsigned type mixes, mostly by changing variable
types to unsigned int.
Fix constness in handling name of default ccache name.
Make sure functions get declared with prototypes:
krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt
krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get.
Don't shadow global names: stat accept index open encrypt. Fix
variable shadowing in LDAP ASN.1 support.
Don't define unused krb5int_local_addresses.
Don't export internal krb5_change_set_password.
Fix error return indications from gssint_oid_to_mech.
Create and use k5-gmt_mktime.h to provide one global declaration of
krb5int_gmt_mktime, needed before we've generated krb5.h on some
platforms.
Not incorporated from initial patch: const changes in function
signatures.
ticket: 6096
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 27 Aug 2008 00:21:53 +0000 (00:21 +0000)]
r820@NOME-KING: raeburn | 2008-08-26 18:37:41 -0400
x
r821@NOME-KING: raeburn | 2008-08-26 18:51:10 -0400
Remove disabled statistics gathering support.
r822@NOME-KING: raeburn | 2008-08-26 18:57:20 -0400
Remove source location tracking.
r823@NOME-KING: raeburn | 2008-08-26 19:05:35 -0400
Delete DEBUG_THREADS code.
r824@NOME-KING: raeburn | 2008-08-26 19:18:59 -0400
Remove now-no-op assertion checks.
r825@NOME-KING: raeburn | 2008-08-26 19:29:49 -0400
Simplify some wrappers.
r826@NOME-KING: raeburn | 2008-08-26 19:38:23 -0400
Remove redundant comment.
r827@NOME-KING: raeburn | 2008-08-26 19:49:20 -0400
When pthreads must be checked for at run time, don't include the no-op _nothread_mutex stuff too.
r828@NOME-KING: raeburn | 2008-08-26 19:54:05 -0400
Remove remaining DEBUG_THREADS bits.
r829@NOME-KING: raeburn | 2008-08-26 20:00:22 -0400
fix up initializer
r830@NOME-KING: raeburn | 2008-08-26 20:10:37 -0400
Flatten a couple of structs wrapping single elements.
r831@NOME-KING: raeburn | 2008-08-26 20:14:01 -0400
Remove k5_pthread_mutex_*lock macros.
r832@NOME-KING: raeburn | 2008-08-26 20:19:14 -0400
Update comments a bit for lack of debug support.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20696
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 26 Aug 2008 19:34:18 +0000 (19:34 +0000)]
Change non-debug version of k5_debug_log to int to silence some
compiler warnings.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20695
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 26 Aug 2008 18:05:52 +0000 (18:05 +0000)]
whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20694
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 25 Aug 2008 23:08:16 +0000 (23:08 +0000)]
Fix PROG_LIBPATH so in-tree tests work
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20693
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 25 Aug 2008 20:11:19 +0000 (20:11 +0000)]
Update description of -k option: From the code it appears the default
is des-cbc-crc, and it applies to entering passwords with -m.
ticket: 5565
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20692
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 25 Aug 2008 19:43:03 +0000 (19:43 +0000)]
Incorporate Apple's patch
Add a test authorization data scheme, in both built-in and plugin
forms; built-in version is #ifdef'ed out. Update configury to create
the build directory for the plugin, but don't build or install it by
default.
Create the new (and normally empty) authorization data plugin
directory at install time.
Add some (normally disabled) code to log authz data from rd_req.
Fix up some comments that still refer to preauth plugins. Add some
details in comments on the API, and why it's private for now.
Make the plugin init context support work, by not passing null
pointers.
ticket: 5565
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20691
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 25 Aug 2008 17:40:58 +0000 (17:40 +0000)]
Fix sense of test of lock call preparing to update debug info in
k5_mutex_destroy.
Thanks, Ezra.
ticket: 6090
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20690
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 22 Aug 2008 16:44:22 +0000 (16:44 +0000)]
CCAPI is leaking mach ports
Need to destroy the mach ports instead of deallocating because
we requested notifications on the port so just deallocating
won't actually destroy the port. Also deallocate any port
which was previously registered for notifications.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20688
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 22 Aug 2008 16:26:28 +0000 (16:26 +0000)]
Let walk_realm_tree tests fail for now, ignore them and keep going
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20687
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 22 Aug 2008 16:25:27 +0000 (16:25 +0000)]
Use capaths unconditionally. Update copyright
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20686
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 22 Aug 2008 15:56:32 +0000 (15:56 +0000)]
New macro for testing whether the compiler supports a given
command-line flag or not, and adding it to CFLAGS only if supported.
Use it for GCC flag -Wno-format-zero-length, which we were testing for
before, and for some additional flags: -Woverflow -Wstrict-overflow
-Wmissing-format-attribute -Werror=declaration-after-statement
-Wdeclaration-after-statement -Werror=variadic-macros
-Wvariadic-macros. (The last few are because we've had some code
contributions that assumed full C99 support, and our baseline is
currently C89+, so if possible we want certain newer constructs
flagged as errors.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20685
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 22 Aug 2008 15:36:33 +0000 (15:36 +0000)]
KIM should not provide keytab functions when building lite framework
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20684
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 22 Aug 2008 15:34:46 +0000 (15:34 +0000)]
Updated documentation to be more specific about TLS impact
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20683
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 22 Aug 2008 15:34:20 +0000 (15:34 +0000)]
Removed warnings of unused variable
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20682
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 22 Aug 2008 01:20:23 +0000 (01:20 +0000)]
Check for struct sockaddr_storage only in top-level configure script, not
in code common to all. Use an existing AC_CHECK_TYPES invocation, not a
special-purpose test. Eliminate now-unused
KRB5_AC_CHECK_TYPE_WITH_HEADERS and KRB5_AC_CHECK_SOCKADDR_STORAGE macros.
Merge KRB5_AC_CHECK_INET6 into the one place where it gets used.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20681
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 20 Aug 2008 21:09:14 +0000 (21:09 +0000)]
lean client changes
All changes are under LEAN_CLIENT macro. Application server functionality is disabled.
Ticket:new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20680
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 20 Aug 2008 18:58:04 +0000 (18:58 +0000)]
Add support to send CFNotifications on ccache and cache collection changes
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20679
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 20 Aug 2008 18:46:46 +0000 (18:46 +0000)]
Notify clients on ccache deletion
Clients watching a ccache or the cache collection
should get a notification when the ccache is destroyed.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20678
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 20 Aug 2008 17:58:07 +0000 (17:58 +0000)]
Added some carriage returns to decrease line length
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20677
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 19 Aug 2008 23:14:41 +0000 (23:14 +0000)]
Update krb4 test to use aclocal.m4 macro and default to disabled
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20676
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 19 Aug 2008 23:07:11 +0000 (23:07 +0000)]
Fix broken build -- conditionalize some stuff on DISABLE_PKINIT that I
missed last time.
ticket: 6076
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20675
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 19 Aug 2008 21:04:56 +0000 (21:04 +0000)]
profile write code should only quote empty strings
Assigned to Ken for review.
ticket: new
owner: raeburn
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20674
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 19 Aug 2008 20:09:22 +0000 (20:09 +0000)]
Get KerberosAgent building again after KIM changes
ticket: 6055
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20673
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 19 Aug 2008 19:37:16 +0000 (19:37 +0000)]
Default to not building krb4 support
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20672
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 19 Aug 2008 16:49:18 +0000 (16:49 +0000)]
Fixed export list for new hints functions
and fixed calls to set error message.
ticket: 6055
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20671
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 19 Aug 2008 16:43:17 +0000 (16:43 +0000)]
Modified hints APIs to be a single API that takes string keys.
Removed error object.
Changed error message API to use thread specific data.
Split out debugging API into separate files.
ticket: 6055
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20670
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 18 Aug 2008 17:08:28 +0000 (17:08 +0000)]
Updated bindings. Incomplete but commiting to avoid losing changes
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20669
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 17 Aug 2008 23:34:41 +0000 (23:34 +0000)]
Using gcov, it was noted that the tests were never including authdata
in the test credential - and a segment of code was never tested. Add
some fake authdata to the test creds.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20668
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 16 Aug 2008 13:03:30 +0000 (13:03 +0000)]
In parsing authorization data, if run out of memory, the authorization
data was released, but the pointer not zeroed. This resulted in
higher level code trying to free it again.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20667
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 16 Aug 2008 13:01:40 +0000 (13:01 +0000)]
In copying a credential - if we run out memory - the cleanup code failed to clear the second_ticket
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20666
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 16 Aug 2008 01:14:58 +0000 (01:14 +0000)]
Move internal cccursor structures/prototypes to the ccache private include
file. Functions are not exported from library.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20665
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 15 Aug 2008 22:19:01 +0000 (22:19 +0000)]
Conditionalize building of CCAPI ccache type on USE_CCAPI
Still refer to Windows by OS macro because KfW builds do not set
USE_CCAPI.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20664
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 15 Aug 2008 22:17:09 +0000 (22:17 +0000)]
mac port of kim should not depend on kipc
kipc is not necessarily built
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20663
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 15 Aug 2008 18:46:12 +0000 (18:46 +0000)]
Move prototype for krb5int_random_string from k5-int.h to cc-int.h as
it is private to the ccache code. Include cc-int.h where needed, and
update Makefile.in dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20662
dc483132-0cff-0310-8789-
dd5450dbe970
Will Fiveash [Fri, 15 Aug 2008 00:38:41 +0000 (00:38 +0000)]
a stash file is not a keytab
Note, this is the commit for the associated Krb Consortium project:
Projects/Masterkey Keytab Stash
ticket: 194
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20661
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 14 Aug 2008 22:59:54 +0000 (22:59 +0000)]
Only add -Os for size optimizations if CFLAGS wasn't specified already. If
the configure-generated CFLAGS string is one of the usual ones with -O2,
replace -O2 rather than appending, since -Os will override previously
specified optimization levels anyways.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20660
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 14 Aug 2008 21:32:58 +0000 (21:32 +0000)]
If the LDAP KDB back end is being built, define ENABLE_LDAP. If
ENABLE_LDAP is not defined, don't build the LDAP KDB ASN.1 encoding
and decoding functions, and use null pointers for them in the accessor
function table.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20659
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 14 Aug 2008 16:40:07 +0000 (16:40 +0000)]
In parsing principal - if run out memory - clean up after ourselves.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20658
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 14 Aug 2008 16:25:29 +0000 (16:25 +0000)]
In krb5int_copy_creds_contents - if we run out of memory, do not
release pointer to output creds structure that is passed in by caller.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20657
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 14 Aug 2008 16:22:48 +0000 (16:22 +0000)]
Clean up memory leak in krb5_build_principal if we run out of memory
while building pricipal.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20656
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 14 Aug 2008 05:09:12 +0000 (05:09 +0000)]
Error return from krb5int_random_string not tested in ccache code
krb5int_random_string should probably only fail on malloc
failure. Test for an error return from the function and cleanup
properly (release mutex, return error instead of using uninitialized
memory).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20655
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 14 Aug 2008 04:55:14 +0000 (04:55 +0000)]
krb5_fcc_read_addrs returns pointer to released memory on malloc failre
In cleanup code on malloc failure, addresses are released including
pointer to the krb5_address * - but the freed value is returned to
caller. Clear pointer.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20654
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 14 Aug 2008 04:44:44 +0000 (04:44 +0000)]
krb5_fcc_resolve file locking error on malloc failuer
In krb5_fcc_resolve, on malloc failure, the data->lock mutex needs to
be destroyed. Unfortunately, this is done with the mutex is still locked. When thread debugging code is enabled, this results in aeg fault.
Also - in krb5_fcc_generate_new, a strdup failure would result in the
krb5int_cc_file_mutex being unlocked twice.
[I have a modified version of valgrind in which I can signal after a
certain number of mallocs for it to fail - I vary the allocation
number from 1300 to 0 - and see what breaks - some memory leaks will
be fixed separately]
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20653
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 13 Aug 2008 23:32:11 +0000 (23:32 +0000)]
Don't build PKINIT ASN.1 support code if not building PKINIT plugin
If --disable-pkinit is given at configure time, don't build the PKINIT
plugin.
If the PKINIT plugin is not going to be built, define DISABLE_PKINIT.
If DISABLE_PKINIT is defined, don't build the PKINIT-related ASN.1
encoding and decoding routines, and fill their slots in the accessor
function table with null pointers.
Tweak the accessor table initialization to use conditionally-varying
macros rather than conditionally selecting between two blocks of
invocations of fixed macros.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20652
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 13 Aug 2008 19:52:22 +0000 (19:52 +0000)]
Open log file for appending only, not also reading
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20651
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 13 Aug 2008 19:49:50 +0000 (19:49 +0000)]
Use a valid UTF8 password for randkey password
KfM RC4 string to key function expects password to be valid UTF8
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20650
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 22:14:39 +0000 (22:14 +0000)]
Rewrite the building of the ccache-type linked list to be linear
instead of branched, and thus a bit easier to follow and modify.
If NO_FILE_CCACHE is defined, leave the file cache out of the list,
and (if we're not using ccapi) use the memory cache as the default.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20649
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 21:28:30 +0000 (21:28 +0000)]
If CONFIG_SMALL_NO_CRYPTO is defined, turn off CONFIG_SMALL changes for crypto code only
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20648
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 21:10:50 +0000 (21:10 +0000)]
Shorter export list, dumping a bunch of stuff most clients probably would't need
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20647
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 20:52:39 +0000 (20:52 +0000)]
Add a new directory, configured but not built by default, and never
installed, where we can build the main client libraries all together into
one library, and experiment with configuration changes for a client-only
library.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20646
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 20:31:21 +0000 (20:31 +0000)]
Actually use the export list for Darwin libraries
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20645
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 20:21:29 +0000 (20:21 +0000)]
Disable caching on Mac for now
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20644
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 20:20:41 +0000 (20:20 +0000)]
Always define krb5int_pthread_loaded, for consistency
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20643
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 12 Aug 2008 20:17:02 +0000 (20:17 +0000)]
Update copyright notices to reflect donation of DES implementation by
Dennis Ferguson.
ticket: 6070
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20642
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 8 Aug 2008 16:06:47 +0000 (16:06 +0000)]
If krb5int_pthread_loaded is a function and we're using gcc, give it 'const' attribute
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20637
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 21:46:34 +0000 (21:46 +0000)]
New config option to enable size optimizations
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20636
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 21:45:16 +0000 (21:45 +0000)]
Disable CONFIG_SMALL optimizations for now
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20635
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 18:37:27 +0000 (18:37 +0000)]
Don't use memcmp for comparing structures of values
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20634
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 15:54:35 +0000 (15:54 +0000)]
Don't leak attr_types storage on error
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20633
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 03:29:52 +0000 (03:29 +0000)]
sequence_of_no_tagvars declared variables used only in
end_sequence_of_no_tagvars and only as unnecessary temporaries, so get
rid of them; also, push most of the work of the latter macro into a
helper function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20632
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 03:06:50 +0000 (03:06 +0000)]
get_eoc() is always followed by next_tag(), so don't bother setting
the variables that it's about to clobber. Since we don't need any of
the tag info at the call site, push it down into the helper function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20631
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 01:23:33 +0000 (01:23 +0000)]
malloc+memset(,0,) -> calloc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20630
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 00:59:29 +0000 (00:59 +0000)]
Pull out EOC error checks into separate functions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20629
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 00:46:46 +0000 (00:46 +0000)]
Use bitfields for class and construction type
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20628
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 00:13:58 +0000 (00:13 +0000)]
Rewrite tagnum-checking code to streamline normal path and push refined
error code selection into error path.
Don't expand asn1buf_insert_octet inline or define asn1buf_ensure_space
macro if CONFIG_SMALL.
Remove some null-before-free checks.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20626
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 22:12:16 +0000 (22:12 +0000)]
turn off thread-support debugging code
With one big known exception having to do with exiting processes, I
think we've shaken out most of the thread-related bugs that this code
is going to catch in the existing code. It adds a lot of runtime
code, so disable it for now, it can be enabled again for testing new
changes.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20625
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 18:47:06 +0000 (18:47 +0000)]
Check fstat result. Close fd on error
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20624
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 18:16:37 +0000 (18:16 +0000)]
If CONFIG_SMALL is defined, always use function calls for k5_mutex_lock
and _unlock. On ppc darwin builds with debug info, this makes
lib*.dylib a total of about 46K (~3%) smaller; "size" reports a
reduction in text and/or "other" sizes for libgssapi_krb5, libkdb5,
libkdb_ldap, and libkrb5.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20623
dc483132-0cff-0310-8789-
dd5450dbe970