Tom Yu [Wed, 22 Apr 2009 18:09:31 +0000 (18:09 +0000)]
tag krb5-1.7-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/tags/krb5-1-7-beta1@22270
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 22 Apr 2009 18:08:46 +0000 (18:08 +0000)]
README and patchlevel for krb5-1.7-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22269
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 22 Apr 2009 16:20:49 +0000 (16:20 +0000)]
pull up r22267 from trunk
------------------------------------------------------------------------
r22267 | hartmans | 2009-04-22 09:30:00 -0400 (Wed, 22 Apr 2009) | 7 lines
Changed paths:
M /trunk/src/kadmin/cli/Makefile.in
M /trunk/src/kadmin/ktutil/Makefile.in
Ticket: 6474
Subject: move kadmin, ktutil, k5srvutil man pages to man1
Target_Version: 1.7
Tags: pullup
These binaries have been moved to /usr/bin so their manpages should
move from man8 to man1.
ticket: 6474
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22268
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 17 Apr 2009 21:28:37 +0000 (21:28 +0000)]
pull up r22264 from trunk
------------------------------------------------------------------------
r22264 | ghudson | 2009-04-16 12:46:33 -0400 (Thu, 16 Apr 2009) | 12 lines
Changed paths:
M /trunk/src/kdc/kdc_preauth.c
M /trunk/src/kdc/kdc_util.c
ticket: 6470
subject: Send explicit salt for SALTTYPE_NORMAL keys
target_version: 1.7
tags: pullup
Change the signature of _make_etype_info_entry to take the canonical
client principal instead of the request structure. Also fixes the salt
we compute for SALTTYPE_NOREALM keys.
Sending an explicit salt for SALTTYPE_NORMAL keys is believed to be
necessary for some preauth scenarios involving aliases.
ticket: 6470
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22265
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 21:07:09 +0000 (21:07 +0000)]
make depend
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22263
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 21:00:34 +0000 (21:00 +0000)]
pull up r22210 from trunk
------------------------------------------------------------------------
r22210 | hartmans | 2009-04-14 11:35:12 -0400 (Tue, 14 Apr 2009) | 6 lines
Changed paths:
M /trunk/src/kdc/fast_util.c
ticket: 6461
Subject: Require fast_req checksum to be keyed
Target_Version: 1.7
Tags: pullup
Since the fast_req checksum is unencrypted, a keyed checksum type needs to be used.
ticket: 6461
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22262
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 21:00:31 +0000 (21:00 +0000)]
pull up r22209 from trunk
------------------------------------------------------------------------
r22209 | hartmans | 2009-04-14 11:05:21 -0400 (Tue, 14 Apr 2009) | 6 lines
Changed paths:
M /trunk/src/clients/kinit/kinit.M
M /trunk/src/clients/kinit/kinit.c
ticket: 6460
subject: Implement kinit option for FAST armor ccache
Target_version: 1.7
tags: pullup
Implement the -T option to kinit to specify the FAST armor ccache.
ticket: 6460
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22261
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 21:00:28 +0000 (21:00 +0000)]
pull up r22208 from trunk
------------------------------------------------------------------------
r22208 | wfiveash | 2009-04-13 18:15:05 -0400 (Mon, 13 Apr 2009) | 11 lines
Changed paths:
M /trunk/src/kadmin/dbutil/kdb5_util.M
Ticket: 6459
Subject: Update kdb5_util man page with missing purge_mkeys command
Version_Reported: 1.7
Target_Version: 1.7
Tags: pullup
While previously updating the kdb5_util command man page to include
documentation on new subcommands added as a result of the Master Key
Migration project I missed the purge_mkeys command. I've added that
with this commit.
ticket: 6459
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22260
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 21:00:24 +0000 (21:00 +0000)]
fcc_generate_new destroys locked mutex on error
pull up r22200 from trunk
------------------------------------------------------------------------
r22200 | ghudson | 2009-04-13 15:29:14 -0400 (Mon, 13 Apr 2009) | 3 lines
Changed paths:
M /trunk/src/lib/krb5/ccache/cc_file.c
krb5_fcc_generate_new was destroying a locked mutex in the err_out
label, which is used for I/O failures. Unlock the mutex first.
ticket: 6469
tags: pullup
target_version: 1.7
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22259
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:55 +0000 (20:07 +0000)]
pull up r22188 from trunk
------------------------------------------------------------------------
r22188 | ghudson | 2009-04-10 12:09:19 -0400 (Fri, 10 Apr 2009) | 8 lines
Changed paths:
M /trunk/doc/admin.texinfo
M /trunk/doc/support-enc.texinfo
ticket: 6452
subject: Document allow_weak_crypto
tags: pullup
target_version: 1.7
Also document which cryptosystems are defined to be weak, and add some
enctype entries which weren't in the documentation.
ticket: 6452
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22258
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:53 +0000 (20:07 +0000)]
pull up r22187 from trunk
------------------------------------------------------------------------
r22187 | ghudson | 2009-04-09 13:57:03 -0400 (Thu, 09 Apr 2009) | 9 lines
Changed paths:
M /trunk/doc/definitions.texinfo
ticket: 6451
subject: Update defaults in documentation
tags: pullup
target_version: 1.7
doc/definitions.texinfo had, predictably, fallen out of date with
respect to the code. Update a few of the out of date comments and
defaults, particularly the default enctype lists.
ticket: 6451
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22257
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:51 +0000 (20:07 +0000)]
pull up r22186 from trunk
------------------------------------------------------------------------
r22186 | epeisach | 2009-04-09 07:53:27 -0400 (Thu, 09 Apr 2009) | 7 lines
Changed paths:
M /trunk/src/kdc/main.c
ticket: 6450
subject: kdc: handle_referral_params does not return ENOMEM errors
tags: pullup
retval was set but never returned.
ticket: 6450
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22256
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:48 +0000 (20:07 +0000)]
pull up r22185 from trunk
------------------------------------------------------------------------
r22185 | ghudson | 2009-04-08 12:39:33 -0400 (Wed, 08 Apr 2009) | 8 lines
Changed paths:
M /trunk/src/lib/gssapi/generic/gssapi.hin
M /trunk/src/lib/gssapi/krb5/init_sec_context.c
ticket: 6203
tags: pullup
target_version: 1.7
Using a patch from Apple, add support for GSS_C_DELEG_POLICY_FLAG,
which requests delegation only if the ok-as-delegate ticket flag is
set.
ticket: 6203
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22255
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:45 +0000 (20:07 +0000)]
pull up r22184 from trunk
------------------------------------------------------------------------
r22184 | ghudson | 2009-04-08 11:58:24 -0400 (Wed, 08 Apr 2009) | 7 lines
Changed paths:
M /trunk/src/lib/krb5/error_tables/krb5_err.et
M /trunk/src/lib/krb5/krb/mk_priv.c
M /trunk/src/lib/krb5/krb/mk_safe.c
M /trunk/src/lib/krb5/krb/rd_priv.c
M /trunk/src/lib/krb5/krb/rd_safe.c
ticket: 1165
mk_safe and mk_priv require the local address to be set in the auth
context; rd_safe and rd_priv require the remote address to be set.
Create error codes for both kinds of missing addresses and stop trying
futilely to handle the cases where they are not set.
ticket: 1165
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22254
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:42 +0000 (20:07 +0000)]
pull up r22183 from trunk
------------------------------------------------------------------------
r22183 | epeisach | 2009-04-08 11:25:43 -0400 (Wed, 08 Apr 2009) | 11 lines
Changed paths:
M /trunk/src/kdc/do_as_req.c
ticket: 6449
subject: Fall through on error return
If decoding the encoded_req_body fails, proceed goto errout instead of falling
through to fast handling.
Looks like a merge error.
Reindented code.
ticket: 6449
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22253
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:40 +0000 (20:07 +0000)]
pull up r22182 from trunk
------------------------------------------------------------------------
r22182 | ghudson | 2009-04-08 11:22:17 -0400 (Wed, 08 Apr 2009) | 9 lines
Changed paths:
M /trunk/src/lib/krb5/krb/gic_pwd.c
ticket: 6108
tags: pullup
target_version: 1.7
When getting initial credentials with a password, try the master if
preauth fails on a slave, since preauth can fail due to an out-of-date
key. This removes a snippet added in r14939 which was considering
only hardware preauth.
ticket: 6108
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22252
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:37 +0000 (20:07 +0000)]
k5_utf8s_to_ucs2s could deref NULL pointer..
pull up r22177 from trunk
------------------------------------------------------------------------
r22177 | epeisach | 2009-04-07 19:59:25 -0400 (Tue, 07 Apr 2009) | 10 lines
Changed paths:
M /trunk/src/util/support/utf8_conv.c
ticket:
Subject k5_utf8s_to_ucs2s could deref NULL pointer...
Based on usage of this static function, this will never happen as
results are always malloced (and checked) by caller. However, the
function is already coded to handle the first argument being null - so
be consistent throughout.
ticket: 6468
version_fixed: 1.7
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22251
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:34 +0000 (20:07 +0000)]
pull up r22176 from trunk
------------------------------------------------------------------------
r22176 | tlyu | 2009-04-07 17:22:23 -0400 (Tue, 07 Apr 2009) | 7 lines
Changed paths:
M /trunk/src/lib/krb5/asn.1/asn1_decode.c
M /trunk/src/tests/asn.1/krb5_decode_test.c
ticket: 6445
subject: CVE-2009-0846 asn1_decode_generaltime can free uninitialized pointer
tags: pullup
target_version: 1.7
The asn1_decode_generaltime() function can free an uninitialized
pointer if asn1buf_remove_charstring() fails.
ticket: 6445
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22250
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:32 +0000 (20:07 +0000)]
pull up r22175 from trunk
------------------------------------------------------------------------
r22175 | tlyu | 2009-04-07 17:22:20 -0400 (Tue, 07 Apr 2009) | 14 lines
Changed paths:
M /trunk/src/lib/krb5/asn.1/asn1buf.c
ticket: 6444
subject: CVE-2009-0847 asn1buf_imbed incorrect length validation
tags: pullup
target_version: 1.7
asn1buf_imbed() can perform pointer arithmetic that causes the "bound"
pointer of the subbuffer to be less than the "next" pointer. This can
lead to malloc() failure or crash.
In asn1buf_imbed(), check the length before doing arithmetic to set
subbuf->bound. In asn1buf_remove_octetstring() and
asn1buf_remove_charstring(), check for invalid buffer pointers before
executing an unsigned length check against a (casted to size_t)
negative number.
ticket: 6444
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22249
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:30 +0000 (20:07 +0000)]
pull up r22174 from trunk
------------------------------------------------------------------------
r22174 | tlyu | 2009-04-07 17:22:17 -0400 (Tue, 07 Apr 2009) | 11 lines
Changed paths:
M /trunk/src/lib/gssapi/spnego/spnego_mech.c
ticket: 6443
subject: CVE-2009-0844 SPNEGO can read beyond buffer end
tags: pullup
target_version: 1.7
SPNEGO can read beyond the end of a buffer if the claimed DER length
exceeds the number of bytes in the input buffer. This can lead to
crash or information disclosure.
Thanks to Apple for reporting this vulnerability and providing
patches.
ticket: 6443
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22248
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:26 +0000 (20:07 +0000)]
pull up r22172 from trunk
------------------------------------------------------------------------
r22172 | epeisach | 2009-04-07 13:57:56 -0400 (Tue, 07 Apr 2009) | 9 lines
Changed paths:
M /trunk/src/util/ss/help.c
ticket: 6442
subject: Null pointer defref in adding info
Clearly the code is broken - and we either never use it - or callers never pass
NULL...
Detected by clang static checker.
ticket: 6442
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22247
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:24 +0000 (20:07 +0000)]
pull up r22171 from trunk
------------------------------------------------------------------------
r22171 | hartmans | 2009-04-05 17:11:26 -0400 (Sun, 05 Apr 2009) | 7 lines
Changed paths:
M /trunk/src/kdc/do_tgs_req.c
ticket: 6439
Subject: Implement KDC side of TGS FAST
target_version: 1.7
tags: pullup
Most of the KDC side of TGS FAST was already present. This adds
correct generation of the reply key.
ticket: 6439
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22246
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:21 +0000 (20:07 +0000)]
pull up r22167, r22170 from trunk
------------------------------------------------------------------------
r22170 | hartmans | 2009-04-03 23:03:04 -0400 (Fri, 03 Apr 2009) | 3 lines
Changed paths:
M /trunk/src/kdc/fast_util.c
M /trunk/src/lib/krb5/krb/get_in_tkt.c
ticket: 6436
fix logic errors
------------------------------------------------------------------------
r22167 | hartmans | 2009-04-03 00:03:45 -0400 (Fri, 03 Apr 2009) | 3 lines
Changed paths:
M /trunk/src/include/k5-int.h
M /trunk/src/kdc/do_as_req.c
M /trunk/src/kdc/do_tgs_req.c
M /trunk/src/kdc/fast_util.c
M /trunk/src/kdc/kdc_preauth.c
M /trunk/src/kdc/kdc_util.c
M /trunk/src/kdc/kdc_util.h
M /trunk/src/lib/crypto/arcfour/arcfour.c
M /trunk/src/lib/crypto/arcfour/arcfour.h
M /trunk/src/lib/crypto/etypes.c
M /trunk/src/lib/krb5/asn.1/asn1_k_encode.c
M /trunk/src/lib/krb5/asn.1/krb5_decode.c
M /trunk/src/lib/krb5/krb/Makefile.in
M /trunk/src/lib/krb5/krb/fast.c
M /trunk/src/lib/krb5/krb/fast.h
M /trunk/src/lib/krb5/krb/get_in_tkt.c
M /trunk/src/lib/krb5/krb/kfree.c
M /trunk/src/lib/krb5/krb/preauth2.c
A /trunk/src/lib/krb5/krb/t_ad_fx_armor.c
M /trunk/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
ticket: 6436
Merge fast branch at 22166 onto trunk
ticket: 6436
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22245
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:18 +0000 (20:07 +0000)]
pull up r22168 from trunk
------------------------------------------------------------------------
r22168 | hartmans | 2009-04-03 01:36:25 -0400 (Fri, 03 Apr 2009) | 8 lines
Changed paths:
M /trunk/src/kdc/kdc_authdata.c
ticket: 6438
Subject: Handle authdata encrypted in subkey
target_version: 1.7
tags: pullup
RFC 4120 requires that if a subkey is present in the TGS request that
authorization data be encrypted in the subkey. Our KDC did not handle
this correctly.
ticket: 6438
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22244
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:15 +0000 (20:07 +0000)]
pull up r22154, r22159, r22160 from trunk
------------------------------------------------------------------------
r22160 | hartmans | 2009-04-02 23:33:01 -0400 (Thu, 02 Apr 2009) | 12 lines
Changed paths:
M /trunk/doc/admin.texinfo
M /trunk/src/appl/bsd/kcmd.c
M /trunk/src/config-files/krb5.conf.M
M /trunk/src/lib/krb5/krb/init_ctx.c
M /trunk/src/lib/krb5/krb/mk_req_ext.c
ticket: 1624
Unfortunately, pre-1.7 krshd fails to support keyed checksums because
it uses the wrong API and wrong key usage. So, if the auth_context
has an explicit checksum type set, then respect that. kcmd sets such
a checksum type. Also, because other applications may have the same
problem, allow the config file variable if set to override the default
checksum.
* kcmd.c: Force use of rsa_md5
* init_ctx.c: do not default to md5
* mk_req_ext.c: allow auth_context to override
------------------------------------------------------------------------
r22159 | tlyu | 2009-04-02 19:30:28 -0400 (Thu, 02 Apr 2009) | 3 lines
Changed paths:
M /trunk/src/appl/bsd/krlogind.c
M /trunk/src/appl/bsd/krshd.c
ticket: 1624
Fix krshd and krlogind to use krb5_c_verify_checksum.
------------------------------------------------------------------------
r22154 | hartmans | 2009-04-01 14:25:02 -0400 (Wed, 01 Apr 2009) | 8 lines
Changed paths:
M /trunk/doc/admin.texinfo
M /trunk/src/config-files/krb5.conf.M
M /trunk/src/lib/krb5/krb/mk_req_ext.c
M /trunk/src/lib/krb5/krb/send_tgs.c
ticket: 1624
Target_version: 1.7
tags: pullup
Use the preferred checksum for non-DES keys in the kdc_req path and
all the time in the ap_req checksum path. This breaks code to support
DCE versions prior to 1.1 but uses the correct checksum for protocol
compatibility.
ticket: 1624
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22243
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:12 +0000 (20:07 +0000)]
pull up r22152 from trunk
------------------------------------------------------------------------
r22152 | hartmans | 2009-03-31 18:36:03 -0400 (Tue, 31 Mar 2009) | 6 lines
Changed paths:
M /trunk/src/lib/crypto/etypes.c
ticket: 6437
target_version: 1.7
tags: pullup
Subject: mark export grade RC4 as weak
Set the weak enctype flag on the 40-bit RC4.
ticket: 6437
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22242
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:07:03 +0000 (20:07 +0000)]
pull up r22149, r22151, r22153 from trunk
------------------------------------------------------------------------
r22153 | tlyu | 2009-03-31 19:51:48 -0400 (Tue, 31 Mar 2009) | 3 lines
Changed paths:
M /trunk/src/lib/krb5/asn.1/asn1_k_decode.c
M /trunk/src/lib/krb5/asn.1/asn1_k_encode.c
M /trunk/src/lib/krb5/asn.1/krb5_decode.c
M /trunk/src/lib/krb5/asn.1/krb5_encode.c
ticket: 6436
Make FAST changes build when pkinit is disabled.
------------------------------------------------------------------------
r22151 | hartmans | 2009-03-31 18:35:59 -0400 (Tue, 31 Mar 2009) | 3 lines
Changed paths:
M /trunk/src/kdc/do_tgs_req.c
ticket: 6436
Initialize request state in the TGS path.
------------------------------------------------------------------------
r22149 | hartmans | 2009-03-31 13:00:41 -0400 (Tue, 31 Mar 2009) | 8 lines
Changed paths:
M /trunk/src/Makefile.in
M /trunk/src/configure.in
M /trunk/src/include/k5-int-pkinit.h
M /trunk/src/include/k5-int.h
M /trunk/src/include/krb5/krb5.hin
M /trunk/src/include/krb5/preauth_plugin.h
M /trunk/src/kdc/Makefile.in
M /trunk/src/kdc/dispatch.c
M /trunk/src/kdc/do_as_req.c
M /trunk/src/kdc/do_tgs_req.c
A /trunk/src/kdc/fast_util.c
M /trunk/src/kdc/kdc_preauth.c
M /trunk/src/kdc/kdc_util.c
M /trunk/src/kdc/kdc_util.h
M /trunk/src/lib/krb5/asn.1/asn1_k_decode.c
M /trunk/src/lib/krb5/asn.1/asn1_k_decode.h
M /trunk/src/lib/krb5/asn.1/asn1_k_encode.c
M /trunk/src/lib/krb5/asn.1/krb5_decode.c
M /trunk/src/lib/krb5/error_tables/krb5_err.et
M /trunk/src/lib/krb5/error_tables/kv5m_err.et
M /trunk/src/lib/krb5/krb/Makefile.in
A /trunk/src/lib/krb5/krb/fast.c
A /trunk/src/lib/krb5/krb/fast.h
M /trunk/src/lib/krb5/krb/get_in_tkt.c
M /trunk/src/lib/krb5/krb/gic_opt.c
M /trunk/src/lib/krb5/krb/kfree.c
M /trunk/src/lib/krb5/krb/preauth2.c
M /trunk/src/lib/krb5/libkrb5.exports
M /trunk/src/lib/krb5/os/accessor.c
A /trunk/src/plugins/preauth/encrypted_challenge
A /trunk/src/plugins/preauth/encrypted_challenge/Makefile.in (from /trunk/src/plugins/preauth/cksum_body/Makefile.in:22148)
A /trunk/src/plugins/preauth/encrypted_challenge/deps (from /trunk/src/ccapi/test/deps:22148)
A /trunk/src/plugins/preauth/encrypted_challenge/encrypted_challenge.exports (from /trunk/src/plugins/preauth/pkinit/pkinit.exports:22148)
A /trunk/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
A /trunk/src/plugins/preauth/fast_factor.h
ticket: 6436
subject: Implement FAST from draft-ietf-krb-wg-preauth-framework
Target_Version: 1.7
Merge fast branch at 22146 onto trunk
Implement the kerberos pre-authentication framework FAST feature per
Projects/FAST on the wiki.
ticket: 6436
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22241
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:06:58 +0000 (20:06 +0000)]
new copy_data_contents variant that null-terminates
pull up r21893 from trunk
------------------------------------------------------------------------
r21893 | raeburn | 2009-02-05 13:42:10 -0500 (Thu, 05 Feb 2009) | 4 lines
Changed paths:
M /trunk/src/include/k5-int.h
M /trunk/src/lib/kdb/kdb_cpw.c
M /trunk/src/lib/krb5/krb/bld_pr_ext.c
M /trunk/src/lib/krb5/krb/copy_data.c
M /trunk/src/lib/krb5/krb/copy_princ.c
M /trunk/src/lib/krb5/libkrb5.exports
Create and use (in several places) a variant of
krb5int_copy_data_contents that adds a trailing '\0' so the result can
be used as a C string.
ticket: 6467
version_fixed: 1.7
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22240
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:06:55 +0000 (20:06 +0000)]
pull up r22148 from trunk
------------------------------------------------------------------------
r22148 | hartmans | 2009-03-31 12:50:25 -0400 (Tue, 31 Mar 2009) | 4 lines
Changed paths:
M /trunk/src/lib/krb5/krb/send_tgs.c
ticket: 6393
in send_tgs.c:
Encrypt using local_subkey not *subkey
ticket: 6393
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22239
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:06:52 +0000 (20:06 +0000)]
check encode_krb5_ap_req return in send_tgs.c
pull up r22050 from trunk
------------------------------------------------------------------------
r22050 | tsitkova | 2009-02-23 16:26:29 -0500 (Mon, 23 Feb 2009) | 2 lines
Changed paths:
M /trunk/src/lib/krb5/krb/send_tgs.c
Check return code of encode_krb5_ap_req. Also, tabs vs whitespace.
ticket: 6466
tags: pullup
target_version: 1.7
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22238
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:06:49 +0000 (20:06 +0000)]
send_tgs.c static analyzer friendliness
pull up r22002 from trunk
------------------------------------------------------------------------
r22002 | ghudson | 2009-02-13 17:00:47 -0500 (Fri, 13 Feb 2009) | 4 lines
Changed paths:
M /trunk/src/lib/krb5/krb/send_tgs.c
In tgs_construct_tgsreq, free scratch even if scratch->data is NULL.
(Which probably can't happen, but static analyzers don't know that.)
Also protect scratch from being freed before initialization.
ticket: 6465
tags: pullup
target_version: 1.7
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22237
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:06:47 +0000 (20:06 +0000)]
pull up r22044 from trunk
------------------------------------------------------------------------
r22044 | hartmans | 2009-02-23 11:22:47 -0500 (Mon, 23 Feb 2009) | 10 lines
Changed paths:
M /trunk/src/lib/krb5/krb/send_tgs.c
Ticket: 6393
send_tgs.c:
* Move generation of subkey into krb5int_send_tgs from construct_authenticator so that it is available for encrypting authorization data.
* Initialize rep->message_type and note that rep is touched on
unsuccessful calls (this has always been true).
* Do not set *subkey until successful return.
Thanks to Greg Hudson for pointing out these problems.
ticket: 6393
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22236
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:06:44 +0000 (20:06 +0000)]
pull up r22147 from trunk
------------------------------------------------------------------------
r22147 | ghudson | 2009-03-29 22:43:51 -0400 (Sun, 29 Mar 2009) | 5 lines
Changed paths:
M /trunk/README
M /trunk/src/lib/krb5/krb/Makefile.in
M /trunk/src/lib/krb5/krb/deps
A /trunk/src/lib/krb5/krb/t_pac.c
A /trunk/src/lib/krb5/krb/t_princ.c
ticket: 6435
subject: Add PAC and principal parsing test cases
From Heimdal, ported by Luke, further modified by me.
ticket: 6435
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22235
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:06:41 +0000 (20:06 +0000)]
pull up r22114 from trunk
------------------------------------------------------------------------
r22114 | wfiveash | 2009-03-25 17:12:58 -0400 (Wed, 25 Mar 2009) | 9 lines
Changed paths:
M /trunk/src/kadmin/dbutil/kdb5_util.M
Ticket: 6432
Subject: Update kdb5_util man page for mkey migration project
Version_Reported: 1.7
Target_Version: 1.7
Tags: pullup
Updated the kdb5_util command man page to include documentation on new
subcommands added as a result of the Master Key Migration project.
ticket: 6432
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22234
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:06:38 +0000 (20:06 +0000)]
pull up r22113 from trunk
------------------------------------------------------------------------
r22113 | ghudson | 2009-03-24 13:24:31 -0400 (Tue, 24 Mar 2009) | 5 lines
Changed paths:
M /trunk/src/include/k5-int.h
M /trunk/src/plugins/preauth/pkinit/pkinit.h
M /trunk/src/plugins/preauth/pkinit/pkinit_clnt.c
M /trunk/src/plugins/preauth/pkinit/pkinit_matching.c
M /trunk/src/plugins/preauth/pkinit/pkinit_srv.c
Revert r21880 which included k5-int.h in several pkinit source files.
Instead, move the pkinit-specific KRB5_CONF macros to pkinit.h, and
add duplicate definitions of the non-pkinit-specific macros used by
the pkinit code.
ticket: 6397
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22233
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:06:35 +0000 (20:06 +0000)]
pull up r22112 from trunk
------------------------------------------------------------------------
r22112 | ghudson | 2009-03-20 14:09:19 -0400 (Fri, 20 Mar 2009) | 11 lines
Changed paths:
M /trunk/src/config/pre.in
M /trunk/src/include/Makefile.in
M /trunk/src/include/kdb.h
M /trunk/src/lib/kadm5/Makefile.in
M /trunk/src/lib/kadm5/admin.h
ticket: 6431
subject: Install kadmin and kdb headers
tags: pullup
target_version: 1.7
Add disclaimers to the kadmin and kdb headers about the weaker
stability commitments we make for their APIs, and install them for the
benefit of users who can tolerate such instability. (The kadmin
interface is the real goal here, but the kadmin header includes kdb.h
so we need to install both.)
ticket: 6431
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22232
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Apr 2009 20:06:29 +0000 (20:06 +0000)]
pull up r22107 from trunk
------------------------------------------------------------------------
r22107 | ghudson | 2009-03-17 17:54:51 -0400 (Tue, 17 Mar 2009) | 8 lines
Changed paths:
M /trunk/src/lib/krb5/asn.1/asn1_k_decode.c
ticket: 6427
subject: Fix error handling issue in ASN.1 decoder
tags: pullup
target_version: 1.7
In asn1_k_decode.c, check the return value of
end_sequence_of_no_tagvars_helper.
ticket: 6427
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22231
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:49 +0000 (21:07 +0000)]
verify return code from krb5_db_set_mkey_list
pull up r22100 from trunk
------------------------------------------------------------------------
r22100 | tsitkova | 2009-03-16 14:00:06 -0400 (Mon, 16 Mar 2009) | 2 lines
Changed paths:
M /trunk/src/kdc/kdc_util.c
M /trunk/src/kdc/main.c
Verify return code from krb5_db_set_mkey_list.
ticket: 6464
tags: pullup
target_version: 1.7
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22230
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:46 +0000 (21:07 +0000)]
pull up r22096, r22097 from trunk
------------------------------------------------------------------------
r22097 | hartmans | 2009-03-16 12:50:30 -0400 (Mon, 16 Mar 2009) | 6 lines
Changed paths:
M /trunk/src/include/k5-int.h
M /trunk/src/lib/krb5/krb/Makefile.in
A /trunk/src/lib/krb5/krb/t_authdata.c
ticket: 6422
Implement tests for authdata functions
Implement some test cases for krb5_merge_authdata and
krb5int_find_authdata
------------------------------------------------------------------------
r22096 | hartmans | 2009-03-16 12:50:26 -0400 (Mon, 16 Mar 2009) | 5 lines
Changed paths:
M /trunk/src/lib/krb5/krb/copy_auth.c
subject: Implement krb5int_find_authdata
ticket: 6422
Implement a function to find all instances of a particular ad_type in
ticket or authenticator authdata.
ticket: 6422
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22229
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:42 +0000 (21:07 +0000)]
pull up r22094, r22095 from trunk
------------------------------------------------------------------------
r22095 | hartmans | 2009-03-16 12:50:23 -0400 (Mon, 16 Mar 2009) | 7 lines
Changed paths:
M /trunk/src/lib/crypto/Makefile.in
A /trunk/src/lib/crypto/t_cf2.c
A /trunk/src/lib/crypto/t_cf2.comments
A /trunk/src/lib/crypto/t_cf2.expected
A /trunk/src/lib/crypto/t_cf2.in
A /trunk/src/lib/crypto/t_prf.comments
A /trunk/src/lib/crypto/t_prf.expected
A /trunk/src/lib/crypto/t_prf.in
ticket: 6421
Implement test cases for CF2
Implement a simple program to call KRB-FX-CF2 and print the resulting
keys. Add to regression tests. Also, use the PRF testing application
to confirm that CF2 generates consistent keys if called by hand.
------------------------------------------------------------------------
r22094 | hartmans | 2009-03-16 12:50:09 -0400 (Mon, 16 Mar 2009) | 6 lines
Changed paths:
M /trunk/src/include/krb5/krb5.hin
M /trunk/src/lib/crypto/Makefile.in
A /trunk/src/lib/crypto/cf2.c
M /trunk/src/lib/crypto/etypes.h
M /trunk/src/lib/crypto/libk5crypto.exports
ticket: 6421
Subject: Implement KRB-FX_CF2
Draft-ietf-krb-wg-preauth-framework defines a function KRB-FX-CF2 that
combines two keys of arbitrary enctype. Implement this function as an
exported API.
ticket: 6421
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22228
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:39 +0000 (21:07 +0000)]
pull up r22093 from trunk
------------------------------------------------------------------------
r22093 | hartmans | 2009-03-16 12:50:04 -0400 (Mon, 16 Mar 2009) | 7 lines
Changed paths:
M /trunk/src/kdc/kdc_util.c
M /trunk/src/kdc/main.c
ticket: 6424
Subject: Call kdb_set_mkey_list from the KDC
Target_version: 1.7
tags: pullup
In order for the kdb keytab to be used from within the KDC, the KDC
needs to set the master key list in the context.
ticket: 6424
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22227
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:37 +0000 (21:07 +0000)]
pull up r22092 from trunk
------------------------------------------------------------------------
r22092 | hartmans | 2009-03-16 12:49:59 -0400 (Mon, 16 Mar 2009) | 4 lines
Changed paths:
M /trunk/src/lib/krb5/krb/auth_con.c
ticket: 6423
Subject: krb5_auth_con_free should support freeing a null auth_context without segfault.
If the input auth_con is NULL, return success.
ticket: 6423
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22226
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:34 +0000 (21:07 +0000)]
pull up r22090 from trunk
------------------------------------------------------------------------
r22090 | ghudson | 2009-03-15 00:21:12 -0400 (Sun, 15 Mar 2009) | 10 lines
Changed paths:
M /trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
M /trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
M /trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
M /trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
ticket: 6420
subject: Add LDAP back end support for canonical name attribute
tags: pullup
target_version: 1.7
Add a krbCanonicalName attribute to the schema. When looking up a
principal, if the canonical name is set and does not match the
requested name, then return the entry only if canonicalization was
requested, and use the entry's canonical name.
ticket: 6420
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22225
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:31 +0000 (21:07 +0000)]
pull up r22089 from trunk
------------------------------------------------------------------------
r22089 | ghudson | 2009-03-15 00:15:16 -0400 (Sun, 15 Mar 2009) | 9 lines
Changed paths:
M /trunk/doc/admin.texinfo
ticket: 6419
subject: Document alias support in LDAP back end
tags: pullup
target_version: 1.7
Add a few paragraphs to the LDAP instructions on creating aliases
through direct manipulation of the LDAP data, and briefly explain when
aliases will be used.
ticket: 6419
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22224
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:28 +0000 (21:07 +0000)]
pull up r22088 from trunk
------------------------------------------------------------------------
r22088 | ghudson | 2009-03-14 01:46:18 -0400 (Sat, 14 Mar 2009) | 15 lines
Changed paths:
M /trunk/doc/admin.texinfo
ticket: 6418
subject: Improve LDAP admin documentation
target_version: 1.7
tags: pullup
Use dc=example,dc=com as the example base DN instead of more archaic
forms. Provide a little more cross-referencing of concepts and
mechanisms. Add additional steps in the OpenLDAP setup instructions
for choosing DNs for the Kerberos container, KDC service, and kadmin
service. Explain a little bit about what the Kerberos container and
realm container are. Be clearer that using separate subtrees from the
realm container for principals is an option, not a necessity, and
don't use the base DN as an example of a separate subtree (it's
confusing).
ticket: 6418
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22223
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:26 +0000 (21:07 +0000)]
pull up r22173 from trunk
------------------------------------------------------------------------
r22173 | tlyu | 2009-04-07 17:22:13 -0400 (Tue, 07 Apr 2009) | 4 lines
Changed paths:
M /trunk/src/lib/gssapi/spnego/spnego_mech.c
ticket: 6417
Apply revised patch from Apple that ensures that a REJECT token is
sent on error.
ticket: 6417
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22222
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:24 +0000 (21:07 +0000)]
pull up r22083 from trunk
------------------------------------------------------------------------
r22083 | ghudson | 2009-03-12 23:10:12 -0400 (Thu, 12 Mar 2009) | 9 lines
Changed paths:
M /trunk/src/lib/krb5/krb/get_in_tkt.c
ticket: 6415
subject: Use correct salt for canonicalized principals
target_version: 1.7
tags: pullup
In cases where the salt is derived from the client principal, use the
canonicalized principal received from the KDC to determine the salt.
Further changes are probably required for some preauth cases.
ticket: 6415
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22221
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:21 +0000 (21:07 +0000)]
pull up r22081, r22082 from trunk
------------------------------------------------------------------------
r22082 | raeburn | 2009-03-12 18:06:35 -0400 (Thu, 12 Mar 2009) | 6 lines
Changed paths:
M /trunk/src/lib/gssapi/krb5/k5sealv3iov.c
ticket: 6412
tags: pullup
Better fix: Delay setting 'outbuf' until after the header buffer might
have been allocated locally, and set it in both code paths instead of
just the confidentiality-requested code path.
------------------------------------------------------------------------
r22081 | raeburn | 2009-03-12 12:48:15 -0400 (Thu, 12 Mar 2009) | 7 lines
Changed paths:
M /trunk/src/lib/gssapi/krb5/k5sealv3iov.c
ticket: 6412
subject: crash using library-allocated storage for header in wrap_iov
target_version: 1.7
tags: pullup
When allocating storage for the header buffer, update the internal
output buffer pointer as well.
ticket: 6412
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22220
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:18 +0000 (21:07 +0000)]
pull up r22079 from trunk
------------------------------------------------------------------------
r22079 | ghudson | 2009-03-11 18:14:24 -0400 (Wed, 11 Mar 2009) | 13 lines
Changed paths:
M /trunk/src/kdc/do_tgs_req.c
M /trunk/src/kdc/kdc_preauth.c
M /trunk/src/kdc/kdc_util.h
M /trunk/src/kdc/main.c
M /trunk/src/kdc/network.c
ticket: 6408
subject: Report verbose error messages from KDC
target_version: 1.7
tags: pullup
We were losing verbose error messages when logging from the KDC because
the context passed to krb5_klog_init did not match the realm-specific
context used for most library function calls. Introduce a wrapper
function kdc_err which copies the error state from the call context
to the log context. The wrapper function also knows the program name,
which removes the need to pass argv[0] around everywhere or make up
program names.
ticket: 6408
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22219
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:15 +0000 (21:07 +0000)]
pull up r22078 from trunk
------------------------------------------------------------------------
r22078 | ghudson | 2009-03-11 18:11:06 -0400 (Wed, 11 Mar 2009) | 9 lines
Changed paths:
M /trunk/src/include/k5-int.h
M /trunk/src/include/krb5/krb5.hin
M /trunk/src/lib/krb5/krb/kerrs.c
M /trunk/src/lib/krb5/libkrb5.exports
ticket: 6407
subject: Make a working krb5_copy_error_message
target_version: 1.7
tags: pullup
The krb5_copy_error_state macro wasn't used, didn't work, and didn't
need to be a macro. Replace it with an exported API function named
krb5_copy_error_message.
ticket: 6407
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22218
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:13 +0000 (21:07 +0000)]
pull up r22073 from trunk
------------------------------------------------------------------------
r22073 | wfiveash | 2009-03-10 16:26:24 -0400 (Tue, 10 Mar 2009) | 5 lines
Changed paths:
M /trunk/src/kadmin/dbutil/kdb5_mkey.c
M /trunk/src/lib/kdb/kdb5.c
M /trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
ticket: 6405
Tags: pullup
Several small fixes to enable the migrate mkey commands to work properly with a LDAP KDB. See the ticket for more details.
ticket: 6405
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22217
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 21:07:09 +0000 (21:07 +0000)]
pull up r22071 from trunk
------------------------------------------------------------------------
r22071 | ghudson | 2009-03-09 21:28:12 -0400 (Mon, 09 Mar 2009) | 10 lines
Changed paths:
M /trunk/src/include/kdb.h
M /trunk/src/lib/kdb/kdb5.c
M /trunk/src/lib/kdb/libkdb5.exports
M /trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
ticket: 6403
Rename kdb_setup_lib_handle to krb5_db_setup_lib_handle and export it.
Make kdb5_ldap_util work again by calling this function to set up
dal_handle instead of using one with an uninitialized lib_handle.
It is likely that kdb5_ldap_util will only function given a krb5.conf
which specifies a realm with an LDAP database module as the default
realm. Not sure if that was the case before.
ticket: 6403
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22216
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 19:53:59 +0000 (19:53 +0000)]
realm referral test cases forcing KRB5_NT_UNKNOWN
------------------------------------------------------------------------
r22072 | tsitkova | 2009-03-10 10:49:43 -0400 (Tue, 10 Mar 2009) | 2 lines
Changed paths:
A /trunk/src/tests/kdc_realm/input_conf/test_KDCs_1.conf
M /trunk/src/tests/kdc_realm/input_conf/test_setup.conf
M /trunk/src/tests/kdc_realm/kdcref.py
Added test for KRB5_NT_UNKNOWN princ type
------------------------------------------------------------------------
r22069 | tsitkova | 2009-03-09 10:21:20 -0400 (Mon, 09 Mar 2009) | 2 lines
Changed paths:
M /trunk/src/clients/kvno/kvno.c
Introduced '-u' option to kvno to enforce KRB5_NT_UNKNOWN princ type.
------------------------------------------------------------------------
ticket: 6463
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22215
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 19:53:56 +0000 (19:53 +0000)]
pull up r22068 from trunk
------------------------------------------------------------------------
r22068 | raeburn | 2009-03-06 18:57:10 -0500 (Fri, 06 Mar 2009) | 6 lines
Changed paths:
M /trunk/src/clients/klist/klist.c
ticket: 4241
target_version: 1.7
tags: pullup
Add "-V" option to klist to print the package name and version, and exit.
ticket: 4241
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22214
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 19:53:53 +0000 (19:53 +0000)]
pull up r22067 from trunk
------------------------------------------------------------------------
r22067 | hartmans | 2009-03-06 12:26:29 -0500 (Fri, 06 Mar 2009) | 12 lines
Changed paths:
M /trunk/src/lib/krb5/krb/get_in_tkt.c
ticket: 6401
Subject: send_as_req re-encodes the request
krb5_get_init_creds calls encode_krb5_as_req to produce an encoding
for the preauth plugins, then passes the unencoded request structure
into the static function send_as_req. That function re-encodes the
request. This is an unnecessary call to the encoder. In addition,
for the FAST project, it is desirable to encapsulate the unencoded
outer request so that krb5_get_init_creds does not need it.
* send_as_req is modified to take an encoded request and realm
* Remove unused logic to fill in request nonce from send_as_req
------------------------------------------------------------------------
ticket: 6401
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22213
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 19:53:49 +0000 (19:53 +0000)]
pull up r22056, r22057 from trunk
------------------------------------------------------------------------
r22057 | hartmans | 2009-02-26 15:32:35 -0500 (Thu, 26 Feb 2009) | 3 lines
Changed paths:
M /trunk/src/lib/krb5/krb/copy_auth.c
ticket: 6400
krb5_merge_authdata should initialize output on failure.
------------------------------------------------------------------------
r22056 | hartmans | 2009-02-26 15:07:05 -0500 (Thu, 26 Feb 2009) | 11 lines
Changed paths:
M /trunk/src/include/krb5/krb5.hin
M /trunk/src/lib/gssapi/krb5/accept_sec_context.c
M /trunk/src/lib/krb5/krb/copy_auth.c
M /trunk/src/lib/krb5/libkrb5.exports
Subject: Include authenticator and ticket authdata in gss-api
ticket: 6400
Target_version: 1.7
Tags: pullup
Currently, the GSS-API routines for handling authdata only extract the
authorization data from the ticket, not that from the authenticator.
This is incorrect. Introduce a new function krb5_merge_authadata to
merge two authdata arrays into a newly allocated result array. Use
this function in accept_sec_context.c to include both sets of
authdata.
------------------------------------------------------------------------
ticket: 6400
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22212
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Apr 2009 18:33:27 +0000 (18:33 +0000)]
clean up KDC realm referrals error handling
pull up r22046, r22070 from trunk
------------------------------------------------------------------------
r22070 | tsitkova | 2009-03-09 10:23:31 -0400 (Mon, 09 Mar 2009) | 2 lines
Changed paths:
M /trunk/src/kdc/do_tgs_req.c
Removed unneeded printf's
------------------------------------------------------------------------
r22046 | tsitkova | 2009-02-23 13:47:28 -0500 (Mon, 23 Feb 2009) | 2 lines
Changed paths:
M /trunk/src/kdc/do_tgs_req.c
Correct the return code.
------------------------------------------------------------------------
Removed unneeded printf's
ticket: 6462
tags: pullup
target_version: 1.7
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22211
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 13 Apr 2009 20:26:35 +0000 (20:26 +0000)]
pull up r21927, r21928, r21940, r21969, r21981, r22004 from trunk
------------------------------------------------------------------------
r22004 | ghudson | 2009-02-13 17:05:48 -0500 (Fri, 13 Feb 2009) | 3 lines
Changed paths:
M /trunk/src/lib/krb5/asn.1/asn1_k_decode.c
M /trunk/src/lib/krb5/asn.1/asn1_k_decode.h
M /trunk/src/lib/krb5/asn.1/krb5_decode.c
Correct numerous memory leaks on error conditions in the ASN.1
decoder functions.
------------------------------------------------------------------------
r21981 | ghudson | 2009-02-12 13:21:33 -0500 (Thu, 12 Feb 2009) | 4 lines
Changed paths:
M /trunk/src/lib/krb5/asn.1/asn1_encode.c
M /trunk/src/lib/krb5/asn.1/asn1buf.c
Modify asn12krb5_buf and asn1_do_full_encode to make output parameter
values well-defined on error. Clean up memory handling and an unused
variable in asn1_do_full_encode.
------------------------------------------------------------------------
r21969 | ghudson | 2009-02-11 15:18:43 -0500 (Wed, 11 Feb 2009) | 6 lines
Changed paths:
M /trunk/src/include/k5-int.h
M /trunk/src/lib/krb5/krb/kfree.c
M /trunk/src/lib/krb5/libkrb5.exports
Ensure we have a free function for every data type we have an ASN.1
decoder for. Export the new free functions, but only declare them
in k5-int.h since they shouldn't be needed by applications. Also
export a couple of encoder and decoder functions not previously
exported.
------------------------------------------------------------------------
r21940 | ghudson | 2009-02-09 21:01:58 -0500 (Mon, 09 Feb 2009) | 5 lines
Changed paths:
M /trunk/src/lib/krb5/asn.1/krb5_decode.c
Adjust the structure of krb5_decode.c functions to initialize output
parameters to NULL and not set them to the real values until a
successful return is guaranteed. Also fix get_eoc which was returning
without clean_return.
------------------------------------------------------------------------
r21928 | ghudson | 2009-02-09 16:25:53 -0500 (Mon, 09 Feb 2009) | 4 lines
Changed paths:
M /trunk/src/lib/krb5/asn.1/asn1buf.c
M /trunk/src/lib/krb5/asn.1/asn1buf.h
M /trunk/src/lib/krb5/asn.1/krb5_encode.c
Make asn1buf_destroy return void, since it's a free function. In
krb5_encode.c functions, make *code well-defined in case of error,
and clean up some memory leaks.
------------------------------------------------------------------------
r21927 | ghudson | 2009-02-09 16:23:00 -0500 (Mon, 09 Feb 2009) | 3 lines
Changed paths:
M /trunk/src/lib/krb5/asn.1/asn1_k_encode.c
In asn1_k_encode.c, stop inconsistently destroying buf on some errors.
It belongs to the caller.
ticket: 6425
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22207
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 13 Apr 2009 20:26:33 +0000 (20:26 +0000)]
pull up r21966, r22042 from trunk
------------------------------------------------------------------------
r22042 | rra | 2009-02-20 13:48:26 -0500 (Fri, 20 Feb 2009) | 5 lines
Changed paths:
M /trunk/src/kadmin/cli/Makefile.in
Ticket: 6348
Tags: pullup
Also install k5srvutil into PREFIX/bin instead of PREFIX/sbin.
------------------------------------------------------------------------
r21966 | rra | 2009-02-11 00:00:24 -0500 (Wed, 11 Feb 2009) | 6 lines
Changed paths:
M /trunk/src/kadmin/cli/Makefile.in
M /trunk/src/kadmin/ktutil/Makefile.in
Ticket: 6348
Tags: pullup
Install ktutil and kadmin into CLIENT_BINDIR instead of ADMIN_BINDIR
since both are useful for users other than the system administrator.
------------------------------------------------------------------------
ticket: 6348
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22206
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 13 Apr 2009 20:26:30 +0000 (20:26 +0000)]
use isflagset correctly in TGS referrals
pull up r22041 from trunk
Adjust to the return value of isflagset routine.
ticket: 6458
version_fixed: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22205
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 13 Apr 2009 20:26:27 +0000 (20:26 +0000)]
KDC realm referral test
pull up r22040 from trunk
KDC realm referral test
ticket: 6457
version_fixed: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22204
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 13 Apr 2009 20:26:24 +0000 (20:26 +0000)]
fix memory management in handle_referral_params
pull up r22037 from trunk
Fix in handle_referral_params
ticket: 6456
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22203
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 13 Apr 2009 20:26:22 +0000 (20:26 +0000)]
pull up r22038 from trunk
ticket: 6398
subject: remove obsolete GNU.ORG realm info
target_version: 1.7
tags: pullup
Our sample krb5.conf has obsolete info on the GNU.ORG realm; the DNS
entries named don't exist, and AFAIK this hasn't been accurate in
years. (I don't even know if they're currently running a Kerberos
realm.)
ticket: 6398
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22202
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 13 Apr 2009 20:26:18 +0000 (20:26 +0000)]
pull up 21993 from trunk
Subject: Implement TGS authenticator subkey usage
ticket: 6393
tags: enhancement
Implement support for use of a subkey in the TGS req. This is needed
by FAST TGS support. The interface to krb5_send_tgs changed in order
to gain a subkey output parameter. Since this is a private interface
it was renamed to krb5int_send_tgs and removed from the export list.
* send_tgs.c: generate a subkey and return to caller
* decode_kdc_rep.c: Use subkey keyusage
* gc_via_tkt.c: pass in subkey to decode_kdc_rep
* send_tgs.c: use subkey for encrypting authorization data
ticket: 6393
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22201
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 16 Mar 2009 17:58:53 +0000 (17:58 +0000)]
pull up r22084 from trunk
acc_ctx_new() can return an error condition without establishing a
SPNEGO context structure. This can cause a null pointer dereference
in cleanup code in spnego_gss_accept_sec_context().
ticket: 6402
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22099
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 25 Feb 2009 16:47:43 +0000 (16:47 +0000)]
Fix accidental omission in "major changes": incremental propagation.
Add some missing acknowledgments.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22054
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 19 Feb 2009 00:38:27 +0000 (00:38 +0000)]
pull up r21980 from trunk
------------------------------------------------------------------------
r21980 | ghudson | 2009-02-12 12:51:45 -0500 (Thu, 12 Feb 2009) | 8 lines
Changed paths:
M /trunk/src/lib/krb5/krb/walk_rtree.c
ticket: 6392
subject: Fix allocation failure check in walk_rtree
tags: pullup
target_version: 1.7
Check the correct variable for null after allocating the server string
in rtree_capath_vals.
------------------------------------------------------------------------
ticket: 6392
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22036
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 19 Feb 2009 00:38:17 +0000 (00:38 +0000)]
pull up r21968 from trunk
------------------------------------------------------------------------
r21968 | epeisach | 2009-02-11 08:01:11 -0500 (Wed, 11 Feb 2009) | 9 lines
Changed paths:
M /trunk/src/aclocal.m4
ticket: 6390
subject: --disable-rpath is not working
tags: pullup
target_version: 1.7
AC_ARG_ENABLE returns its value in enableval not withval. --disable-rpath
was not working - or dependent on some previous setting...
------------------------------------------------------------------------
ticket: 6390
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22035
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 19 Feb 2009 00:38:09 +0000 (00:38 +0000)]
pull up r21924 from trunk
------------------------------------------------------------------------
r21924 | ghudson | 2009-02-09 13:52:40 -0500 (Mon, 09 Feb 2009) | 10 lines
Changed paths:
M /trunk/src/lib/krb5/krb/walk_rtree.c
ticket: 6379
subject: Fix possible free of uninitialized value in walk_rtree
tags: pullup
target_version: 1.7
In rtree_hier_realms, if the first rtree_hier_tweens call failed, the
cleanup handler would free stweens which had not been initialized.
Initialize ctweens and stweens to NULL in the variable declarations to
make the cleanup handler safe.
------------------------------------------------------------------------
ticket: 6379
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22034
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 19 Feb 2009 00:37:45 +0000 (00:37 +0000)]
pull up r21923 from trunk
------------------------------------------------------------------------
r21923 | ghudson | 2009-02-09 13:35:19 -0500 (Mon, 09 Feb 2009) | 9 lines
Changed paths:
M /trunk/src/include/k5-unicode.h
M /trunk/src/lib/krb5/error_tables/krb5_err.et
M /trunk/src/lib/krb5/unicode/ucstr.c
ticket: 6378
subject: Change contract of krb5int_utf8_normalize and fix memory leaks
tags: pullup
target_version: 1.7
Make krb5int_utf8_normalize return a krb5_error_code and always allocate
a structure to be placed in the output parameter. Adjust the function
structure to use a cleanup handler, fixing many memory leaks.
------------------------------------------------------------------------
ticket: 6378
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22033
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 19 Feb 2009 00:37:16 +0000 (00:37 +0000)]
pull up r21920, r21922, r21926 from trunk
------------------------------------------------------------------------
r21926 | raeburn | 2009-02-09 15:39:54 -0500 (Mon, 09 Feb 2009) | 7 lines
Changed paths:
M /trunk/src/lib/krb5/krb/kfree.c
ticket: 6377
Fix one more case of an explicit null check before calling a free
function that does the null check.
Also, use krb5_free_keyblock_contents instead of open-coding all the
work (and not trying hard enough to clear the memory).
------------------------------------------------------------------------
r21922 | raeburn | 2009-02-09 13:13:08 -0500 (Mon, 09 Feb 2009) | 3 lines
Changed paths:
M /trunk/src/lib/krb5/os/free_krbhs.c
ticket: 6377
Provide omitted return value in last change.
------------------------------------------------------------------------
r21920 | raeburn | 2009-02-09 12:53:21 -0500 (Mon, 09 Feb 2009) | 8 lines
Changed paths:
M /trunk/src/lib/krb5/krb/free_rtree.c
M /trunk/src/lib/krb5/krb/init_ctx.c
M /trunk/src/lib/krb5/krb/kfree.c
M /trunk/src/lib/krb5/krb/preauth2.c
M /trunk/src/lib/krb5/os/free_krbhs.c
M /trunk/src/lib/krb5/os/promptusr.c
ticket: 6377
subject: make krb5_free_* functions ignore NULL
This makes them safer to call in various contexts where NULL may leak
through, and makes analysis easier.
Also, remove some checks for NULL before calling a free routine that
will also check for NULL.
------------------------------------------------------------------------
ticket: 6377
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22032
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 19 Feb 2009 00:37:02 +0000 (00:37 +0000)]
pull up r21912 from trunk
------------------------------------------------------------------------
r21912 | ghudson | 2009-02-06 15:43:44 -0500 (Fri, 06 Feb 2009) | 10 lines
Changed paths:
M /trunk/src/lib/krb5/krb/walk_rtree.c
ticket: 6376
subject: Memory handling fixes in walk_rtree
tags: pullup
target_version: 1.7
In walk_rtree's rtree_hier_tree, don't leak the result of
rtree_hier_realms. In rtree_hier_realms, avoid freeing one too many
krb5_data contents on allocation failure, and use the recommend
pattern to ensure well-defined output parameter values.
------------------------------------------------------------------------
ticket: 6376
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22031
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 19 Feb 2009 00:36:51 +0000 (00:36 +0000)]
pull up r21909 from trunk
------------------------------------------------------------------------
r21909 | ghudson | 2009-02-06 13:40:04 -0500 (Fri, 06 Feb 2009) | 9 lines
Changed paths:
M /trunk/src/lib/krb5/krb/walk_rtree.c
ticket: 6375
subject: Fix error handling in krb5_walk_realm_tree
tags: pullup
target_version: 1.7
rtree_hier_realms was forgetting to assign the return value of
krb5int_copy_data_contents to retval, which would cause a failure to
notice out-of-memory conditions.
------------------------------------------------------------------------
ticket: 6375
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22030
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 19 Feb 2009 00:36:31 +0000 (00:36 +0000)]
pull up r21906 from trunk
------------------------------------------------------------------------
r21906 | epeisach | 2009-02-06 00:22:34 -0500 (Fri, 06 Feb 2009) | 12 lines
Changed paths:
M /trunk/src/lib/kadm5/kadm_rpc_xdr.c
ticket: 6374
subject: Do not assume sizeof(bool_t) == sizeof(krb5_boolean)
bool_t is defined as int, krb5_boolean as unsigned int. These are
similar size but someone someday might change the krb5_boolean.
Instead of passing a krb5_boolean * to xdr_bool, implement xdr_krb5_boolean
which keeps the different types separate.
This cleans up a number of warnings.
------------------------------------------------------------------------
ticket: 6374
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22029
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 19 Feb 2009 00:36:22 +0000 (00:36 +0000)]
pull up r21903 from trunk
------------------------------------------------------------------------
r21903 | raeburn | 2009-02-05 20:07:32 -0500 (Thu, 05 Feb 2009) | 7 lines
Changed paths:
M /trunk/src/lib/gssapi/krb5/krb5_gss_glue.c
ticket: 6373
subject: remove some redundant or useless qualifiers
target_version: 1.7
tags: pullup
Remove some redundant qualifiers specified redundantly multiple times more than once in variable declarations.
Also remove some useless qualifiers in casts and function argument declarations.
------------------------------------------------------------------------
ticket: 6373
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22028
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 19 Feb 2009 00:36:07 +0000 (00:36 +0000)]
pull up r21901 from trunk
------------------------------------------------------------------------
r21901 | ghudson | 2009-02-05 16:27:54 -0500 (Thu, 05 Feb 2009) | 8 lines
Changed paths:
M /trunk/src/lib/krb5/krb/mk_req_ext.c
ticket: 6372
subject: Fix memory handling bug in mk_req_ext
tags: pullup
target_version: 1.7
In make_etype_list, assign *authdata before we have a chance to fail,
since we may have invalidated the previous value with realloc.
------------------------------------------------------------------------
ticket: 6372
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22027
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 19 Feb 2009 00:35:56 +0000 (00:35 +0000)]
pull up r21900 from trunk
------------------------------------------------------------------------
r21900 | wfiveash | 2009-02-05 15:57:09 -0500 (Thu, 05 Feb 2009) | 10 lines
Changed paths:
M /trunk/src/kadmin/dbutil/kdb5_mkey.c
M /trunk/src/lib/kdb/kdb5.c
M /trunk/src/lib/kdb/kdb_default.c
ticket: 6371
subject: deal with memleaks in migrate mkey project
Version_Reported: 1.7
Target_Version: 1.7
Tags: pullup
Ken R. told me that Coverity found several potential memleaks introduced
by the mkey migration project. This addresses those leaks and tweaks
the code formatting in a few places.
------------------------------------------------------------------------
ticket: 6371
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22026
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 19 Feb 2009 00:35:36 +0000 (00:35 +0000)]
pull up r21899 from trunk
------------------------------------------------------------------------
r21899 | ghudson | 2009-02-05 15:07:45 -0500 (Thu, 05 Feb 2009) | 3 lines
Changed paths:
M /trunk/src/lib/krb5/krb/gc_frm_kdc.c
In gc_frm_kdc.c's do_traversal(), fix an assert which was doing an
assignment instead of a compare.
------------------------------------------------------------------------
ticket: 6370
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22025
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 18 Feb 2009 18:19:18 +0000 (18:19 +0000)]
pull up r21895 from trunk
------------------------------------------------------------------------
r21895 | epeisach | 2009-02-05 14:02:29 -0500 (Thu, 05 Feb 2009) | 7 lines
Changed paths:
M /trunk/src/lib/rpc/unit-test/config/unix.exp
M /trunk/src/lib/rpc/unit-test/rpc_test.0/expire.exp
M /trunk/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp
M /trunk/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp
ticket: 6349
Detect failure to register with rpcbind/portmap due to security
restrictons and not bomb out in tests.
------------------------------------------------------------------------
ticket: 6349
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22022
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 18 Feb 2009 18:19:10 +0000 (18:19 +0000)]
pull up r21894 from trunk
------------------------------------------------------------------------
r21894 | ghudson | 2009-02-05 13:43:08 -0500 (Thu, 05 Feb 2009) | 7 lines
Changed paths:
M /trunk/src/lib/krb5/krb/chpw.c
ticket: 6368
tags: pullup
target_version: 1.7
Add a missing break in the switch statement of
krb5int_setpw_result_code_string.
------------------------------------------------------------------------
ticket: 6368
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22021
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 18 Feb 2009 18:18:56 +0000 (18:18 +0000)]
pull up r21890 from trunk
------------------------------------------------------------------------
r21890 | ghudson | 2009-02-05 13:19:23 -0500 (Thu, 05 Feb 2009) | 7 lines
Changed paths:
M /trunk/src/lib/krb5/keytab/ktbase.c
ticket: 6367
tags: pullup
target_version: 1.7
Fix a memory leak in krb5_kt_resolve when we fail to lock
kt_typehead_lock.
------------------------------------------------------------------------
ticket: 6367
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22020
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 18 Feb 2009 18:18:28 +0000 (18:18 +0000)]
pull up r21889 from trunk
------------------------------------------------------------------------
r21889 | raeburn | 2009-02-04 21:59:08 -0500 (Wed, 04 Feb 2009) | 7 lines
Changed paths:
M /trunk/src/kadmin/server/kadm_rpc_svc.c
M /trunk/src/lib/kadm5/chpass_util.c
M /trunk/src/plugins/kdb/db2/pol_xdr.c
ticket: 6365
subject: include omitted system header string.h
target_version: 1.7
tags: pullup
Sun cc warns about some of the string functions being undeclared in
several source files. So, include string.h there.
------------------------------------------------------------------------
ticket: 6365
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22019
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 18 Feb 2009 18:18:21 +0000 (18:18 +0000)]
pull up r21888 from trunk
------------------------------------------------------------------------
r21888 | raeburn | 2009-02-04 21:16:22 -0500 (Wed, 04 Feb 2009) | 11 lines
Changed paths:
M /trunk/src/include/k5-platform.h
ticket: 6364
subject: declare replacement [v]asprintf functions
target_version: 1.7
tags: pullup
If HAVE_VASPRINTF is not defined, make sure krb5int_{,v}asprintf
functions always get declared, applying the preprocessor conditional
test only to the GCC format attribute. If HAVE_VASPRINTF is defined,
don't declare them at all.
This fixes a bunch of function-not-declared warnings under Sun cc.
------------------------------------------------------------------------
ticket: 6364
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22018
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 18 Feb 2009 18:18:14 +0000 (18:18 +0000)]
pull up r21887 from trunk
------------------------------------------------------------------------
r21887 | raeburn | 2009-02-04 20:49:21 -0500 (Wed, 04 Feb 2009) | 8 lines
Changed paths:
M /trunk/src/aclocal.m4
M /trunk/src/lib/gssapi/krb5/k5seal.c
ticket: 6363
subject: int/ptr bug in gssapi code
target_version: 1.7
tags: pullup
Fix a pointer argument passed where an integer is needed.
Update Sun compiler options to make that an error. (The options we're
currently using make it an error for assignment but not for argument passing.)
------------------------------------------------------------------------
ticket: 6363
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22017
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 18 Feb 2009 18:17:54 +0000 (18:17 +0000)]
pull up r21886 from trunk
------------------------------------------------------------------------
r21886 | raeburn | 2009-02-04 18:28:09 -0500 (Wed, 04 Feb 2009) | 5 lines
Changed paths:
M /trunk/src/aclocal.m4
M /trunk/src/lib/gssapi/generic/oid_ops.c
ticket: 6362
subject: don't do arithmetic on void pointers
Fix one file in gssapi where we compute offsets from a void* without casting.
Change options used with Sun compiler to make such expressions an error.
------------------------------------------------------------------------
ticket: 6362
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22016
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 18 Feb 2009 18:17:47 +0000 (18:17 +0000)]
pull up r21884 from trunk
------------------------------------------------------------------------
r21884 | wfiveash | 2009-02-04 17:29:44 -0500 (Wed, 04 Feb 2009) | 7 lines
Changed paths:
M /trunk/src/kadmin/dbutil/kdb5_mkey.c
M /trunk/src/lib/kdb/kdb5.c
ticket: 6361
new multi-masterkey support doesn't work well when system clock is set
back
The ticket contains the details.
------------------------------------------------------------------------
ticket: 6361
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22015
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 18 Feb 2009 18:17:40 +0000 (18:17 +0000)]
pull up r21881 from trunk
------------------------------------------------------------------------
r21881 | ghudson | 2009-02-04 14:25:51 -0500 (Wed, 04 Feb 2009) | 7 lines
Changed paths:
M /trunk/src/util/support/utf8_conv.c
ticket: 6360
tags: pullup
target_version: 1.7
In krb5int_utf8s_to_ucs2les, free the correct value on error, instead
of the caller-supplied result pointer.
------------------------------------------------------------------------
ticket: 6360
status: resolved
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22014
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 18 Feb 2009 18:14:48 +0000 (18:14 +0000)]
pull up r21871, r21872, r21873, r21879, r21880 from trunk
------------------------------------------------------------------------
r21880 | ghudson | 2009-02-04 14:15:13 -0500 (Wed, 04 Feb 2009) | 3 lines
Changed paths:
M /trunk/src/plugins/preauth/pkinit/pkinit_clnt.c
M /trunk/src/plugins/preauth/pkinit/pkinit_matching.c
M /trunk/src/plugins/preauth/pkinit/pkinit_srv.c
Include k5-int.h in several pkinit source files, in order to define
the KRB5_CONFIG symbols now used by those files.
------------------------------------------------------------------------
r21879 | tsitkova | 2009-02-04 12:08:44 -0500 (Wed, 04 Feb 2009) | 2 lines
Changed paths:
M /trunk/src/include/k5-int.h
M /trunk/src/kdc/do_tgs_req.c
M /trunk/src/kdc/main.c
M /trunk/src/lib/kadm5/alt_prof.c
M /trunk/src/lib/kdb/kdb5.c
M /trunk/src/lib/krb5/krb/conv_princ.c
M /trunk/src/lib/krb5/krb/get_in_tkt.c
M /trunk/src/lib/krb5/krb/init_ctx.c
M /trunk/src/lib/krb5/krb/vfy_increds.c
M /trunk/src/lib/krb5/os/an_to_ln.c
M /trunk/src/lib/krb5/os/def_realm.c
M /trunk/src/lib/krb5/os/get_krbhst.c
M /trunk/src/lib/krb5/os/hst_realm.c
M /trunk/src/lib/krb5/os/ktdefname.c
M /trunk/src/lib/krb5/os/localaddr.c
M /trunk/src/lib/krb5/os/locate_kdc.c
M /trunk/src/lib/krb5/os/realm_dom.c
M /trunk/src/lib/krb5/os/sendto_kdc.c
M /trunk/src/lib/krb5/os/sn2princ.c
M /trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
M /trunk/src/plugins/preauth/pkinit/pkinit_clnt.c
M /trunk/src/plugins/preauth/pkinit/pkinit_matching.c
M /trunk/src/plugins/preauth/pkinit/pkinit_profile.c
M /trunk/src/plugins/preauth/pkinit/pkinit_srv.c
Use macros for config parameters.
------------------------------------------------------------------------
r21873 | ghudson | 2009-02-02 16:55:13 -0500 (Mon, 02 Feb 2009) | 3 lines
Changed paths:
M /trunk/src/include/k5-int.h
Fix a whitespace error introduced when fixing a typo in the defines
added to k5-int.h.
------------------------------------------------------------------------
r21872 | ghudson | 2009-02-02 16:53:16 -0500 (Mon, 02 Feb 2009) | 2 lines
Changed paths:
M /trunk/src/include/k5-int.h
Fix a typo in the defines added to k5-int.h.
------------------------------------------------------------------------
r21871 | tsitkova | 2009-02-02 16:34:19 -0500 (Mon, 02 Feb 2009) | 2 lines
Changed paths:
M /trunk/src/include/k5-int.h
Introduces macros for config parameters.
------------------------------------------------------------------------
ticket: 6397
status: resolved
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22013
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 17 Feb 2009 16:11:49 +0000 (16:11 +0000)]
pull up r21867, r21868 from trunk
------------------------------------------------------------------------
r21868 | raeburn | 2009-02-02 15:37:41 -0500 (Mon, 02 Feb 2009) | 6 lines
Changed paths:
M /trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp
M /trunk/src/kadmin/testing/scripts/init_db
ticket: 6358
Revise last change to better resemble the original test, keeping the
min-lifetime test code collected together. Change policy to have a
minimum password lifetime of 10s instead of 30s, and reduce the test
delays accordingly.
------------------------------------------------------------------------
r21867 | raeburn | 2009-02-02 14:29:52 -0500 (Mon, 02 Feb 2009) | 10 lines
Changed paths:
M /trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp
ticket: 6358
subject: speed up kpasswd tests
Reorder some tests and tune delays, so that we don't need to run for
much more than twice the min-password-life interval when testing that
functionality. (This could be made faster if we can assume that
init_db will always have been run immediately before the tests start.)
In my tests, this cuts something like 11 seconds off the run time (now
down to about 65 seconds).
------------------------------------------------------------------------
ticket: 6358
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22009
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 17 Feb 2009 16:10:53 +0000 (16:10 +0000)]
pull up r21865, r21866 from trunk
------------------------------------------------------------------------
r21866 | raeburn | 2009-02-02 13:42:06 -0500 (Mon, 02 Feb 2009) | 8 lines
Changed paths:
M /trunk/src/lib/kadm5/unit-test/api.0/mod-principal.exp
M /trunk/src/lib/kadm5/unit-test/api.2/mod-principal.exp
ticket: 6357
subject: address lib/kadm5 test suite slowness
target_version: 1.7
In mod-principal tests for clearing the principal's policy, instead of
just testing to see if the wrong string is output and timing out
looking for it, check also for the new expected value. Cuts test
suite run time by about two minutes for each pass (client vs server).
------------------------------------------------------------------------
r21865 | raeburn | 2009-02-02 13:29:28 -0500 (Mon, 02 Feb 2009) | 1 line
Changed paths:
M /trunk/src/kadmin/testing/scripts/start_servers_local
don't delay so long while waiting for daemon startup
------------------------------------------------------------------------
ticket: 6357
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22008
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 17 Feb 2009 16:10:21 +0000 (16:10 +0000)]
pull up r21860 from trunk
------------------------------------------------------------------------
r21860 | raeburn | 2009-02-02 11:54:38 -0500 (Mon, 02 Feb 2009) | 7 lines
Changed paths:
M /trunk/src/kdc/main.c
ticket: 6356
subject: small storage leak in KDC startup
target_version: 1.7
tags: pullup
Remove duplicate strdup call.
------------------------------------------------------------------------
ticket: 6356
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22007
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 17 Feb 2009 16:10:11 +0000 (16:10 +0000)]
pull up r21855 from trunk
------------------------------------------------------------------------
r21855 | raeburn | 2009-01-30 23:39:34 -0500 (Fri, 30 Jan 2009) | 28 lines
Changed paths:
M /trunk/src/tests/dejagnu/krb-standalone/rcp.exp
M /trunk/src/tests/dejagnu/krb-standalone/rsh.exp
M /trunk/src/tests/dejagnu/krb-standalone/sample.exp
M /trunk/src/tests/dejagnu/t_inetd.c
ticket: 6355
subject: use t_inetd with a ready message and avoid waiting a lot in non-root tests
target_version: 1.7
tags: pullup
Change t_inetd to print a ready message when it has started listening
on the indicated port number.
Look for this message in sample.exp rather than waiting an arbitrary
(and usually excessive) 2s each time for the inetd-mode tests. Use
run_once to perform the standalone-mode test only once per test suite
invocation.
Change rsh and rcp tests to start the servers via t_inetd and avoid
excessive waiting at startup.
In some of my tests, this reduces the tests/dejagnu tests from taking
over 6 minutes to taking around 2 minutes.
(This does mean the server process will no longer have started up
before we launch the client, so it may be slower to respond, but it'll
still be faster than the 2s delay we used before even trying to
connect.)
We can probably eliminate the -D option code from krshd.c now.
The tests run as root (rlogin, telnet) still need updating.
------------------------------------------------------------------------
ticket: 6355
version_fixed: 1.7
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22006
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 1 Feb 2009 03:39:10 +0000 (03:39 +0000)]
krb5-1.7-alpha1-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@21859
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 1 Feb 2009 03:37:41 +0000 (03:37 +0000)]
patchlevel.h for krb5-1.7-alpha1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@21857
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 1 Feb 2009 03:05:56 +0000 (03:05 +0000)]
Update README with changes by ticket ID
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@21856
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 31 Jan 2009 04:03:11 +0000 (04:03 +0000)]
release branch for krb5-1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@21853
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 31 Jan 2009 04:00:10 +0000 (04:00 +0000)]
README and patchlevel.h for 1.7 release branch
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21852
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 31 Jan 2009 03:57:20 +0000 (03:57 +0000)]
Default allow_weak_crypto=true for now. Default supported_enctypes to
exclude single-DES enctypes.
ticket: 6353
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21851
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 31 Jan 2009 02:55:25 +0000 (02:55 +0000)]
export new functions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21850
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 31 Jan 2009 01:50:37 +0000 (01:50 +0000)]
fix resource leak
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21849
dc483132-0cff-0310-8789-
dd5450dbe970