Alexandra Ellwood [Tue, 2 Sep 2003 18:37:12 +0000 (18:37 +0000)]
kill() might overwrite errno. Save it beforehand
ticket: 1799
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15806
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 2 Sep 2003 18:14:37 +0000 (18:14 +0000)]
Fixed handling of krb5_net_write() failing (need to call waitpid() on child even if we kill it)
ticket: 1799
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15805
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 2 Sep 2003 15:43:10 +0000 (15:43 +0000)]
Fixed comment (part of adding Apple Password Server support)
ticket: 1799
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15804
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 2 Sep 2003 15:32:50 +0000 (15:32 +0000)]
Added Apple password server support
ticket: 1799
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15803
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 30 Aug 2003 01:55:40 +0000 (01:55 +0000)]
While libc5 isn't one of our supported configurations, this is a simple enough
change. It should be in the 1.4 release. (Next 1.3.x release? I don't know.)
* fake-addrinfo.h (WRAP_GETADDRINFO, COPY_FIRST_CANONNAME): Don't define on
Linux unless HAVE_GETADDRINFO is defined, for libc5 compatibility.
ticket: 1711
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15802
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 30 Aug 2003 01:09:41 +0000 (01:09 +0000)]
Copy and build daemon.c in whatever directories need it, instead of building it
into the krb5 library.
* aclocal.m4 (KRB5_AC_NEED_DAEMON): New macro.
* appl/bsd/configure.in, kadmin/configure.in, kdc/configure.in,
krb524/configure.in, slave/configure.in: Use it. Don't directly check if
prototype for daemon() is needed.
* kadmin/server/Makefile.in (OBJS), kadmin/v5passwdd/Makefile.in (SERV_OBJS),
kdc/Makefile.in (OBJS, fakeka), krb524/Makefile.in (SERVER_OBJS),
slave/Makefile.in (SERVEROBJS): Use LIBOBJS.
* config/post.in (daemon.c): New rule for copying daemon.c locally
from lib/krb5/posix.
ticket: 1791
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15801
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 29 Aug 2003 07:09:48 +0000 (07:09 +0000)]
krshd hangs in linux nightly testing
A typical stack trace:
#0 0xffffe002 in ?? ()
#1 0x420da75f in syslog () from /lib/tls/libc.so.6
#2 0x0804ad06 in cleanup (signumber=15) at krshd.c:567
#3 <signal handler called>
#4 0xffffe000 in ?? ()
#5 0x4202774e in sigaction () from /lib/tls/libc.so.6
#6 0x0804ac82 in cleanup (signumber=1) at krshd.c:548
#7 <signal handler called>
#8 0xffffe002 in ?? ()
#9 0x4202774e in sigaction () from /lib/tls/libc.so.6
#10 0x420daa21 in vsyslog () from /lib/tls/libc.so.6
#11 0x420da75f in syslog () from /lib/tls/libc.so.6
#12 0x0804b670 in doit (f=3, fromp=0xbfffda50) at krshd.c:1313
#13 0x0804ab87 in main (argc=11, argv=0xbfffdb34) at krshd.c:459
#14 0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6
Yes, we're calling syslog from inside a signal handler. Yes, this is
bad. And from some poking about that I did earlier, it appears that
there's some locking code in vsyslog which may be deadlocking in the
nested call. And this usually seems to happen when logging the "shell
process completed" message.
This is a quick patch to switch off the signal handlers before logging
that message. I suspect the breakage happens earlier, though, so this
might not fix the bug, just maybe move it around a little.
* krshd.c (ignore_signals): Split out from cleanup().
(doit): Call it when the shell process has completed, before calling syslog.
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15800
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 27 Aug 2003 01:10:56 +0000 (01:10 +0000)]
In my tests (2GHz P4 Linux, 5 minutes, no pre-existing replay cache), this gets
about a 10% speedup adding entries to an already open replay cache.
* rc_dfl.c (alive): Take a timestamp argument instead of the context, and don't
check the current time here. All callers changed to pass in the current time.
(rc_store): Take a timestamp argument. All callers changed to pass in the
current time.
ticket: 1784
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15799
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 26 Aug 2003 22:20:16 +0000 (22:20 +0000)]
* krb5.hin (struct _krb5_donot_replay, krb5_rc_default, krb5_rc_resolve_type)
(krb5_rc_resolve_full, krb5_rc_get_type, krb5_rc_default_type)
(krb5_rc_default_name, krb5_auth_to_rep): Private declarations moved...
* k5-int.h: ...to here.
ticket: 1784
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15798
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 26 Aug 2003 20:34:46 +0000 (20:34 +0000)]
* cc_file.c (krb5_fcc_store_int32, krb5_fcc_store_ui_4, krb5_fcc_store_ui_2)
(krb5_fcc_store_octet): Remove gratuitous conditionalizing of casts on
USE_STDIO, left over from merge.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15797
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 26 Aug 2003 20:23:58 +0000 (20:23 +0000)]
* configure.in: Don't test for labs, memmove or bcopy.
* k5-int.h (labs, HAVE_LABS): Never define.
* win-mac.h (HAVE_LABS): Don't define.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15796
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 26 Aug 2003 20:21:19 +0000 (20:21 +0000)]
* getdate.y (bcopy): Don't bother with HAVE_BCOPY and HAVE_MEMCPY tests; always
define the macro if it's not already defined.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15795
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 26 Aug 2003 20:03:19 +0000 (20:03 +0000)]
* configure.in: Check for some C99 headers and types
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15794
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 26 Aug 2003 19:50:31 +0000 (19:50 +0000)]
* k5-config.h: Unused file deleted
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15793
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 26 Aug 2003 17:09:54 +0000 (17:09 +0000)]
* aclocal.m4 (KRB5_AC_ENABLE_DNS): Drop --enable-dns and --enable-dns-for-kdc
options; turn them on always.
ticket: 1724
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15792
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 26 Aug 2003 17:00:37 +0000 (17:00 +0000)]
* fake-addrinfo.h (inline): Supported by Sun Forte Developer 7 compiler
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15791
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 26 Aug 2003 16:57:32 +0000 (16:57 +0000)]
* foreachaddr.c (foreach_localaddr) [HAVE_IFADDRS_H]: Skip over any returned
data structure with a NULL ifa_addr field.
ticket: 1770
version_reported: 1.3
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15790
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 26 Aug 2003 16:27:55 +0000 (16:27 +0000)]
* aclocal.m4 (WITH_CCOPTS, WITH_CPPOPTS, WITH_LINKER, WITH_LDOPTS,
KRB5_INIT_CCOPTS, WITH_CC_DEPRECATED_ARG): Deleted.
(CONFIG_RULES): Do the non-useless parts directly here.
(V5_SET_TOPDIR): Work quietly.
(WITH_KRB4): Use AC_MSG_NOTICE.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15789
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 21 Aug 2003 08:29:20 +0000 (08:29 +0000)]
make depend
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15788
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 21 Aug 2003 08:28:48 +0000 (08:28 +0000)]
* dnssrv.c: New file; split out DNS SRV RR query support...
* locate_kdc.c: ...from here. Always compile in the calls.
* Makefile.in (STLIBOBJS, OBJS, SRCS): Add it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15787
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 21 Aug 2003 07:46:13 +0000 (07:46 +0000)]
* configure.in: Don't substitute LIBOBJS, newer autoconfs don't like it
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15786
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 21 Aug 2003 07:43:59 +0000 (07:43 +0000)]
* Makefile.in (STLIBOBJS, OBJS): Empty
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15785
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 21 Aug 2003 07:25:45 +0000 (07:25 +0000)]
* fake-addrinfo.h (getnameinfo): Define to my_fake_getnameinfo only if
HAVE_GETADDRINFO is defined.
ticket: 1380
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15784
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 21 Aug 2003 03:55:53 +0000 (03:55 +0000)]
Make things work on IRIX again
* fake-addrinfo.h (inline): Move definitions further up, before first use. Do
use __inline__ for gcc without c99 support.
(GET_SERV_BY_NAME) [!GETSERVBYNAME_R_RETURNS_INT]: Fix invocation for IRIX
definition.
* socket-utils.h: Include port-sockets.h to get a definition for struct
sockaddr_storage.
ticket: 1380
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15783
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 21 Aug 2003 02:52:07 +0000 (02:52 +0000)]
Oops. Include errno.h even if gai_strerror isn't being defined
ticket: 1380
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15782
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 21 Aug 2003 02:49:49 +0000 (02:49 +0000)]
* configure.in: Don't replace any missing system functions. Just set LIBOBJS
empty for now and substitute it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15781
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 21 Aug 2003 01:50:02 +0000 (01:50 +0000)]
First cut at adding local caching to the getaddrinfo support. Still needs work
* fake-addrinfo.h: Delete the unused WRAP_GETNAMEINFO support.
(HAVE_GETADDRINFO) [__APPLE__ && __MACH__]: Don't undefine.
(FAI_CACHE) [__APPLE__ && __MACH__]: Define.
(system_getaddrinfo, system_freeaddrinfo, system_getnameinfo): New functions.
(gaiptr, faiptr, gniptr): Variables deleted. Change references to use the
system_* functions above.
(getaddrinfo, freeaddrinfo) [FAI_CACHE]: Define as macros to the my_fake_*
versions.
(protoname, socktypename, familyname): Use caller-supplied buffers instead of
local static buffers.
(debug_dump_getaddrinfo_args): Provide a buffer.
(NEED_FAKE_GETNAMEINFO): Define if HAVE_GETADDRINFO is not defined.
(inline): Rework macros to test for C99 and IRIX.
(NEED_FAKE_GETADDRINFO): Define if FAI_CACHE is defined.
(fai_add_entry) [KRB5_USE_INET6]: Support IPv6.
(CACHE_ENTRY_LIFETIME): New macro.
(struct face, struct fac): New types.
(fac): New static variable.
(plant_face, find_face): New functions.
(fai_add_hosts_by_name) [FAI_CACHE]: Check the cache before looking up the
hostname. Add the looked-up host info to the cache.
(fake_getaddrinfo): Call GET_SERV_BY_NAME instead of conditionally calling
getservbyname or getservbyname_r. Don't pass AF_INET to
fai_add_hosts_by_name.
(fake_getnameinfo): Define only if NEED_FAKE_GETNAMEINFO is defined.
(gai_strerror): Define if either HAVE_FAKE_GETADDRINFO or NEED_FAKE_GETNAMEINFO
is defined.
(getaddrinfo): Do define function if FAI_CACHE is defined.
(getnameinfo): Define only if NEED_FAKE_GETNAMEINFO is defined.
ticket: 1380
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15780
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 19 Aug 2003 20:32:43 +0000 (20:32 +0000)]
Don't double free the encrypted credential part
Ticket: 1731
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15773
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 15 Aug 2003 19:54:14 +0000 (19:54 +0000)]
krb_check_auth clears the return value for the schedule parameter with a memset. This prevents callers from using the key schedule, which breaks code
ticket: 1730
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15770
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 14 Aug 2003 04:07:10 +0000 (04:07 +0000)]
* configure.in: Check for mode_t
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15769
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 13 Aug 2003 08:28:38 +0000 (08:28 +0000)]
* configure.in: Don't check for or replace vfprintf, vsprintf, strerror,
memmove, or sscanf, all part of C 89.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15768
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 13 Aug 2003 08:27:07 +0000 (08:27 +0000)]
use my mit changelog id
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15767
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 13 Aug 2003 08:26:19 +0000 (08:26 +0000)]
* Makefile.in (OBJS, STLIBOBJS): Drop setenv.o.
* setenv.c: Deleted.
* pos-obsolete.h: Deleted.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15766
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 12 Aug 2003 02:18:55 +0000 (02:18 +0000)]
* cnv_tkt_skey.c (krb524_convert_tkt_skey): Call krb_create_ticket
instead of local version. Remove local version of
krb_create_ticket. This file no longer gets included into a
krb524 library, so accessing internal functions isn't that big of
an issue anymore.
ticket: 1714
version_reported: 1.3.1
target_version: 1.3.2
tags: pullup
component: krb5-kdc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15765
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 8 Aug 2003 20:38:55 +0000 (20:38 +0000)]
get_init_creds_password: DNS SRV off causes bogus REALM_UNKNOWN
* gic_pwd.c (krb5_get_init_creds_password): If DNS SRV support is
turned off, the second call to get_init_creds() will fail with
KRB5_REALM_UNKNOWN under certain circumstances. If that happens,
return the error from the first call to get_init_creds(), which
will be more useful to the user.
ticket: new
target_version: 1.3.2
tags: pullup
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15761
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 8 Aug 2003 15:02:15 +0000 (15:02 +0000)]
Remove the target requirement for kadmind4 and v5passwdd
ticket: 1715
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15759
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 6 Aug 2003 20:17:18 +0000 (20:17 +0000)]
configure.in: Don't assume all darwin boxes are powerpc. (eg: OpenDarwin/x86)
ticket: 1718
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15757
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 6 Aug 2003 17:50:59 +0000 (17:50 +0000)]
Do not install kadmin4 or v5passwdd on Mac OS X. Also, fixed broken goober I accidentally checked in on the trunk. oops
ticket: 1715
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15755
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 1 Aug 2003 21:05:35 +0000 (21:05 +0000)]
* kinit.c (main): Apply patch from Stephen Grau to correctly
return non-zero for certain error conditions.
ticket: 1437
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15754
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 31 Jul 2003 19:20:01 +0000 (19:20 +0000)]
add missing ChangeLog entry
ticket: 1702
tags: pullup
target_version: 1.3.2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15748
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 31 Jul 2003 19:06:31 +0000 (19:06 +0000)]
krb5_get_host_realm and krb5_free_host_realm should not be labeled as KRB5_PRIVATE.
They are required for many applications including OpenAFS and UMich's Kx509. 1.2.8
had them public but the change was never reflected on the trunk.
Ticket: 1702
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15747
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 31 Jul 2003 03:05:25 +0000 (03:05 +0000)]
update for krb5-1.3.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15743
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 28 Jul 2003 18:40:13 +0000 (18:40 +0000)]
KfM jam file paths should work from any project file the KerberosFramework hierarchy
ticket: 1693
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15741
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sun, 27 Jul 2003 05:30:54 +0000 (05:30 +0000)]
-s can return non-zero exit status if credentials are expired
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15739
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Jul 2003 20:43:58 +0000 (20:43 +0000)]
* admin.texinfo (realms (krb5.conf)): Add description of master_kdc tag.
(Sample krb5.conf File): Add it to the example.
ticket: 1692
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15737
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Jul 2003 15:37:57 +0000 (15:37 +0000)]
use new config file tag for master KDC
We want to avoid making extra attempts to contact the "master" KDC, in the case
where the password appears to be incorrect according to one KDC but we think
maybe the master KDC could have a newer password, if there isn't actually a
master KDC. Currently the admin_server tag is overloaded for kadmin and
password changing. So, don't use it as a filter on the KDC list; instead, look
for master_kdc as an independent list.
(See also ticket 1511 re contacting the master twice if it's first in the
regular KDC list.)
Doc updates still needed.
* locate_kdc.c (krb5_locate_kdc): Always pass 0 to locate_server as the
get_masters argument. Instead, if get_masters is set, look up "master_kdc" in
the config file instead of "kdc".
ticket: new
target_version: 1.3.2
tags: pullup
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15736
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 24 Jul 2003 21:12:50 +0000 (21:12 +0000)]
Added a little more buffer space than the supplied patch, and used sizeof
* kadmin.c (strdate): Increase size of buffer to 40. Use sizeof for
length passed to strftime.
ticket: 1613
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15735
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 24 Jul 2003 20:35:17 +0000 (20:35 +0000)]
Don't document kdc_supported_enctypes
Since the code for kdc_supported_enctypes was removed, the docs should
be as well.
Ticket: new
Target_Version: 1.3.1
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15734
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 23 Jul 2003 02:28:36 +0000 (02:28 +0000)]
krb5-1.3.1-beta1, again
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15729
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 23 Jul 2003 00:30:24 +0000 (00:30 +0000)]
update for krb5-1.3.1-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15726
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 22 Jul 2003 22:27:34 +0000 (22:27 +0000)]
Send generalstring not octetstring in etype_info2. Accept either
form.
Also, if a etype_info fails to decode, skip it rather than failing to
process the AS reply.
Ticket: 1681
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15723
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 22 Jul 2003 22:22:39 +0000 (22:22 +0000)]
* README: Revert previous change, as it was in error; socklen_t
was introduced in Aug 2001 Platform SDK, and the actual problem
reported was very probably a compilation environment
misconfiguration.
ticket: 1675
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15721
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 22 Jul 2003 21:51:59 +0000 (21:51 +0000)]
Don't use broken getaddrinfo on Mac OS X
ticket: 1683
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15717
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 22 Jul 2003 21:34:57 +0000 (21:34 +0000)]
Always register the file ccache in the set of registered ops. The
resolve code may also find it as the default ops on some platforms,
but this will not cause problems.
ticket: 1684
owner: lxs
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15716
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 22 Jul 2003 19:09:32 +0000 (19:09 +0000)]
Change crypto "provider" structures to hold numeric values instead of function
pointers for key sizes, block sizes, etc., when the values are always constant
for each encryption or hash mechanism.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15714
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 22 Jul 2003 18:02:34 +0000 (18:02 +0000)]
* resolve.c (main): If gethostbyname fails, report the failing hostname
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15711
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 22 Jul 2003 17:53:10 +0000 (17:53 +0000)]
Don't combine encrypt and decrypt code paths.
Zap key schedule when done.
* des3.c (validate_and_schedule): Split out from old k5_des3_docrypt.
(k5_des3_encrypt, k5_des3_decrypt): Call it, and krb5int_des3_cbc_encrypt or
_decrypt, instead of k5_des3_docrypt. Zap key schedules before returning.
ticket: 1404
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15710
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 22 Jul 2003 17:44:39 +0000 (17:44 +0000)]
* k5-int.h (krb5int_zap_data, zap): New macros; call memset with volatile cast
for now.
ticket: 1404
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15709
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 22 Jul 2003 16:50:24 +0000 (16:50 +0000)]
crypto library has bogus dependence on com_err
Forgotten debugging code that was never removed...
* pbkdf2.c (foo): Never call com_err.
ticket: new
target_version: 1.3.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15707
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 22 Jul 2003 15:19:55 +0000 (15:19 +0000)]
* f_cbc.c (krb5int_des_cbc_decrypt): Move declarations that were after
statements after flattening blocks is previous change.
* d3_cbc.c (krb5int_des3_cbc_decrypt): Likewise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15706
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 21 Jul 2003 18:37:38 +0000 (18:37 +0000)]
Export krb5_principal2salt
ticket: 1679
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15701
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 19 Jul 2003 20:07:18 +0000 (20:07 +0000)]
* init_ets.c (krb5_init_ets): Only initialize error tables once -
so that init_conext/free_context loops do not result in memory
leaks.
I did not implement the remove error table functions - as a system
installed com_err library might not support remove_error_table that
exists in our trees com_err library.
ticket: 1665
target_version: 1.3.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15700
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 19 Jul 2003 20:03:10 +0000 (20:03 +0000)]
krb5_gss_register_acceptor_identity does not allocate enough memory for cached keytab
* acquire_cred.c (krb5_gss_register_acceptor_identity): Allocate
enough memory to include the null at the end of the keytab char *.
Essentially off by one error.
ticket: new
target_version: 1.3.1
tags: pullup
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15699
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 19 Jul 2003 00:54:14 +0000 (00:54 +0000)]
Windows build needs Feb 2003 Platform SDK
* README: Note requirement for Feb 2003 Platform SDK. Thanks to
Doug Engert and Rodney Dyer.
ticket: 1675
component: krb5-doc
version_reported: 1.3
target_version: 1.3.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15698
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 19 Jul 2003 00:09:22 +0000 (00:09 +0000)]
Fix incorrect RFC number for FTP IPv6 support
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15697
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 18 Jul 2003 13:17:47 +0000 (13:17 +0000)]
* ms2mit.c:
Functional changes:
(1) do not restrict ourselves to DES-CBC-CRC instead support any
ticket with an enctype we support. as of this date (rev 1.3)
this includes all but RC4-MD4.
(2) do not accept invalid tickets
(3) when attempting to retrieve tickets do not specify either the
enctype or cache options (if possible). doing so will force a
TGS request and prevent the results from being stored into the
cache.
(4) when the LSA cache contains a TGT which has expired Microsoft will
not perform a new TGS request until the cache has been purged.
Instead the expired ticket continues to be used along with its
embedded authorization data. When PURGE_ENABLED is defined, if the
tickets are expired, the cache will be purged before requesting
new tickets, else we ignore the contents of the cache and force
a new TGS request.
(5) when the LSA cache is empty do not abort. On XP or 2003, use
the SecurityLogonSessionData to determine the Realm (UserDnsDomain
in MS-speak) and request an appropriate TGT. On 2000, check the
Registry for the HKCU\"Volatile Environment":"USERDNSDOMAIN"
instead. This will allow ms2mit to be used to repopulate the
LSA cache. If the current session is not Kerberos authenticated
an appropriate error message will be generated.
Code changes:
(1) several memory leaks plugged
(2) several support functions copied from the Leashw32.dll sources
(3) get_STRING_from_registry() uses the ANSI versions of the Registry
functions and should at a later date be converted to use the
Unicode versions.
Notes: an ms2mit.exe based on the Leash_import() function
should be considered. Leash_import() not only imports the TGT from
the LSA but also performs the krb524 conversion and AFS token retrieval.
Of course, that version of ms2mit.exe could not exist within the krb5
source tree.
ticket: 1667
target_version: 1.3.1
tags: pullup
owner: jaltman@mit.edu
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15696
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 18 Jul 2003 12:53:34 +0000 (12:53 +0000)]
gssapi32.def: export the GSS_C_NT_xxxx constants as DATA. These are required
by applications that wish to use the gss_nt_xxxx constants.
ticket: 1666
target_version: 1.3.1
tags: pullup
owner: jaltman@mit.edu
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15695
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 17 Jul 2003 20:50:36 +0000 (20:50 +0000)]
Remove kg_release_defcred and caching of default credential. Rewrite
krb5_gss_init_sec_context() while we're at it to make defcred-related
changes easier, and as a side effect, fix some error condition memory
leaks.
ticket: 1365
target_version: 1.3.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15694
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 17 Jul 2003 12:31:31 +0000 (12:31 +0000)]
Use the old DES encrypt function, not the split versions via macros
* des.c (mit_des_cbc_encrypt): Undef before use.
* enc_dec.c (mit_des_cbc_encrypt): Likewise.
* mac_des_glue.c (mit_des3_cbc_encrypt): Likewise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15693
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 17 Jul 2003 12:18:21 +0000 (12:18 +0000)]
Separate the DES encrypt and decrypt operations into separate functions,
since they have almost no code in common.
* f_cbc.c (krb5int_des_cbc_encrypt, krb5int_des_cbc_decrypt): New functions
broken out from mit_des_cbc_encrypt.
(mit_des_cbc_encrypt): Call them.
* d3_cbc.c (krb5int_des3_cbc_encrypt, krb5int_des3_cbc_decrypt): New functions
broken out from mit_des3_cbc_encrypt.
(mit_des3_cbc_encrypt): Call them.
* des_int.h (krb5int_des_cbc_encrypt, krb5int_des_cbc_decrypt,
krb5int_des3_cbc_encrypt, krb5int_des3_cbc_decrypt): Declare.
(mit_des_cbc_encrypt, mit_des3_cbc_encrypt): New macros.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15692
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 17 Jul 2003 10:36:21 +0000 (10:36 +0000)]
delete ##WIN16## lines from makefiles
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15691
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 15 Jul 2003 14:31:40 +0000 (14:31 +0000)]
* krb5_libinit.c: Include autoconf.h
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15690
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 15 Jul 2003 14:28:37 +0000 (14:28 +0000)]
* Makefile.in (STLIBOBJS, OBJS, T_SER_OBJS): Drop ser_eblk.o
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15689
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 15 Jul 2003 14:23:15 +0000 (14:23 +0000)]
* aclocal.m4 (extra_gcc_warn_opts): Don't turn on -pedantic on Darwin
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15688
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 15 Jul 2003 00:12:01 +0000 (00:12 +0000)]
* accept_sec_context.c (krb5_gss_accept_sec_context): Call
TREAD_STR with correct arguments. Patch from Emily Ratliff.
ticket: 1015
tags: pullup
target_version: 1.3.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15687
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 11 Jul 2003 22:12:32 +0000 (22:12 +0000)]
Check for NULL realm argument and n not equal to 1. Fill in realm with an empty string on error in case the caller doesn't check the return value
ticket: 1657
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15684
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 11 Jul 2003 21:25:48 +0000 (21:25 +0000)]
RealmsConfig-glue.c: Don't fail when krb5.conf is valid and krb.conf isn't. Also, don't assert v4 realm is in profile unless that realm is a valid v4 realm
ticket: 1657
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15683
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 11 Jul 2003 15:03:59 +0000 (15:03 +0000)]
Rewrote krb_get_lrealm to correctly handle the v4 realms section in the profile and to return KFAILURE in the absence of any config (instead of returning ATHENA.MIT.EDU)
ticket: 1657
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15682
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 10 Jul 2003 22:53:02 +0000 (22:53 +0000)]
* acquire_cred.c (acquire_init_cred): Close the ccache if
krb5_cc_set_flags() fails, as krb5int_cc_default succeeds even if
the file is not there, but krb5_cc_set_flags will fail in turning
off OPENCLOSE mode if the file can't be opened. Thanks to Kent Wu.
ticket: 1656
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15680
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 9 Jul 2003 19:34:17 +0000 (19:34 +0000)]
Export krb5_get_permitted_enctypes and krb5_set_real_time for Samba
ticket: 1655
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15678
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 8 Jul 2003 21:09:11 +0000 (21:09 +0000)]
update for krb5-1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15673
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 8 Jul 2003 15:51:33 +0000 (15:51 +0000)]
This time, use the correct # of arguments for strcpy
ticket: 1651
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15672
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 7 Jul 2003 18:21:57 +0000 (18:21 +0000)]
krb_prof_get_nth() no longer assumes that its retlen argument is correct (call strcpy instead of strncpy) because this argument is a guess for some callers (eg: krb_get_admhst())
ticket: 1651
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15671
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 4 Jul 2003 20:49:06 +0000 (20:49 +0000)]
darwin build can't compile util/et test program
The autoconf tests correctly determine that sys_nerr exists, and that
no declaration is needed. The test_et.c code checks the wrong condition,
though, and the system header declaration of sys_nerr conflicts with the
one in that source file. (The native one is const.)
* test_et.c: Conditionalize sys_nerr declaration on NEED_SYS_ERRLIST, not
HAVE_SYS_ERRLIST.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15670
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 3 Jul 2003 19:46:49 +0000 (19:46 +0000)]
Remove leading spaces in #define and #include in public headers to support K&R C compilers
ticket: 1648
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15667
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 2 Jul 2003 18:04:35 +0000 (18:04 +0000)]
KfM build should inherit CFLAGS and LDFLAGS from parent project
ticket: 1642
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15662
dc483132-0cff-0310-8789-
dd5450dbe970
Jen Selby [Fri, 27 Jun 2003 23:38:43 +0000 (23:38 +0000)]
Fixed filename substitution typos. @LOCALSTATEDIR -> /usr/local/var
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15661
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 27 Jun 2003 23:25:49 +0000 (23:25 +0000)]
update for krb5-1.3-beta5
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15657
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Jun 2003 20:36:24 +0000 (20:36 +0000)]
This change fixes the problem in the ss directory. It probably won't
get into our 1.3 release, but perhaps in a patch release afterwards.
I'll look and see where else things are getting needlessly rebuilt....
* Makefile.in (HDRS): Remove mit-sipb-copyright.h.
(includes): Depend on copied version of the headers, not local versions. Don't
do any copying; instead, move the copying commands to new targets for each
header.
($(HDRDIR)/timestamp): New target; create the directory here if needed.
(clean-unix): Remove the timestamp file.
ticket: 1631
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15654
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 27 Jun 2003 17:53:42 +0000 (17:53 +0000)]
* gic_keytab.c (krb5_get_in_tkt_with_keytab): Pass (void*)keytab,
not &keytab, to get_init_creds. Thanks to Herb Lewis.
ticket: 1630
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15653
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 26 Jun 2003 00:48:07 +0000 (00:48 +0000)]
With this patch, things seem to work with a Heimdal client and MIT KDC
* checksum_length.c (krb5_c_checksum_length): Handle trunc_size.
ticket: 1621
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15652
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 25 Jun 2003 21:10:48 +0000 (21:10 +0000)]
clean up ftp client gss memory management
* ftp.c (do_auth): Call gss_release_buffer() on send_tok
immediately after sending it. Call gss_release_name() on
target_name at outer_loop instead of inside the loop.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15651
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Jun 2003 02:41:07 +0000 (02:41 +0000)]
* cksumtypes.c (krb5_cksumtypes_list): Add aes128/256 hmacs, with new
trunc_size field.
* make_checksum.c (krb5_c_make_checksum): If trunc_size is specified, shrink
the computed checksum down to the indicated size.
ticket: 1621
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15650
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 24 Jun 2003 02:29:47 +0000 (02:29 +0000)]
apply patch from jaltman:
* ms2mit.c: Windows Credentials are addressless. Do not store the
credentials in the MIT cache with addresses since they do not
contain addresses in the encrypted portion of the credential.
Instead generate a valid empty address list.
ticket: 1618
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15648
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Jun 2003 02:10:55 +0000 (02:10 +0000)]
* k5-int.h (struct krb5_cksumtypes): Add new field trunc_size
ticket: 1621
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15647
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 20 Jun 2003 21:14:56 +0000 (21:14 +0000)]
* krb5.conf.M: Sync with doc/krb5conf.texinfo
ticket: 1085
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15641
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 20 Jun 2003 20:20:14 +0000 (20:20 +0000)]
* build.texinfo (Installing the Binaries): New node; describe
basic "make install", along with "DESTDIR=...".
ticket: 976
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15639
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 20 Jun 2003 16:47:04 +0000 (16:47 +0000)]
Split out etype_info2 decoder from etype_info decoder. In the
etype_info decoder ignore Heimdal's tag 2.
Ticket: 1619
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15638
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 20 Jun 2003 03:24:07 +0000 (03:24 +0000)]
Delete references to --with-system-db from README
* build.texinfo (HPUX): Fix typo.
(Options to Configure): Note that --with-system-db is unsupported,
concerning possible lossage with loading dumpfiles.
ticket: 1592
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15637
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 20 Jun 2003 01:28:49 +0000 (01:28 +0000)]
Put in some IPv6 details.
Mention db4 compatibility is untested.
ticket: 1600
status: open
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15636
dc483132-0cff-0310-8789-
dd5450dbe970