Ken Raeburn [Sun, 15 Oct 2006 08:31:48 +0000 (08:31 +0000)]
Zap automatic structures before filling in
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18707
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 15 Oct 2006 07:51:30 +0000 (07:51 +0000)]
Clear req_st buffer before filling it in
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18706
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 15 Oct 2006 07:50:54 +0000 (07:50 +0000)]
Initialize some values before use, silence some warnings
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18705
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 15 Oct 2006 07:50:16 +0000 (07:50 +0000)]
Fix logic bug in string allocation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18704
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 15 Oct 2006 07:49:35 +0000 (07:49 +0000)]
Use memmove for overlapping regions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18703
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 14 Oct 2006 01:01:00 +0000 (01:01 +0000)]
Free v4mode when done with it
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18702
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 14 Oct 2006 01:00:40 +0000 (01:00 +0000)]
Don't strncpy a string to itself
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18701
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 14 Oct 2006 00:17:48 +0000 (00:17 +0000)]
Call fileno and krb5_lock_file before calling fclose, rather than after.
Caught by valgrind.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18700
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 13 Oct 2006 23:54:24 +0000 (23:54 +0000)]
Use $(VALGRIND) when running programs using $(KRB5_RUN_ENV) or
$(RUN_SETUP). Replaces old hack with MAYBE_VALGRIND added to RUN_ENV
in a way that would break in some of the tests.
Set VALGRIND in site.exp in tests/dejagnu. (Not used yet.)
Runs some shell scripts under valgrind, rather than changing them to
run only the executables under valgrind; this is mostly okay, just
creates lots of extra log data, and requires --trace-children=yes.
This should work for any instrumentation program invocation that gets
followed immediately by the name and argument list for the program
being instrumented. For example, VALGRIND="env LD_PRELOAD=..." should
work, though I haven't tested it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18699
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 13 Oct 2006 23:19:57 +0000 (23:19 +0000)]
Always zap newly allocated pages, intead of conditional on PURIFY.
Minor performance penalty; c'est la vie. Better to be able to run
purify or valgrind or whatever on the binaries we actually use.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18698
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 13 Oct 2006 21:08:07 +0000 (21:08 +0000)]
Use 'const' with krb5_get_error_message
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18697
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 13 Oct 2006 20:58:14 +0000 (20:58 +0000)]
Eliminate some warnings: missing "const", unused variables, success
case in load_preauth_plugins was missing a return value (which isn't
checked anyways).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18696
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 13 Oct 2006 19:15:17 +0000 (19:15 +0000)]
* preauth_plugin.h: Don't use an enum in a public api
* kdc_preauth.c (get_etype_info): Rename get_entry_data to avoid shadowing
(get_etype_info2): likewise
(return_etype_info): likewise
(return_pw_salt): likewise
(get_entry_data): Update prototype not to use enum in a API
ticket: 4377
tatus: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18695
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 13 Oct 2006 19:05:05 +0000 (19:05 +0000)]
Add prototype for krb5int_debug_fprint to os-proto.h. Include os-proto.h in
sn2princ.c. Cleans up warning for function definition w/o prototype.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18694
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 13 Oct 2006 18:50:40 +0000 (18:50 +0000)]
Patch to split client plugin from server plugin
ticket: 4377
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18693
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 12 Oct 2006 03:50:15 +0000 (03:50 +0000)]
(krb5_db2_db_init): When creating a temporary database, use the suffix
"~.kadm5" for the policy database filename.
ticket: 4354
version_reported: 1.5
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18692
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 12 Oct 2006 03:47:05 +0000 (03:47 +0000)]
Add a policy to the database, then after the dump and restore, check
that it's still there.
ticket: 4355
tags: pullup
target_version: 1.5.2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18691
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 12 Oct 2006 02:39:14 +0000 (02:39 +0000)]
Another patch from Will Fiveash, to make "kdb5_util load <dumpfile>"
work with the LDAP KDB back end, in simple cases (all entries stored
under the krbcontainer entry).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18690
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 12 Oct 2006 01:18:35 +0000 (01:18 +0000)]
more debugging printfs for nightly testing
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18689
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 12 Oct 2006 00:33:12 +0000 (00:33 +0000)]
(add_to_transited): Change the current logic to keep all array references
in bounds, assuming that what would've been next[-1] would not be '.'. I
haven't fully reexamined the logic, but this seems consistent with the
actual current behavior, and the existing test cases.
Also, factored out code for copying a string from a krb5_data to a char*.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18688
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 11 Oct 2006 05:17:16 +0000 (05:17 +0000)]
some (more) debugging code to track down nightly test failures
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18680
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 11 Oct 2006 05:15:54 +0000 (05:15 +0000)]
some debugging code to track down nightly test failures
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18679
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 11 Oct 2006 05:08:02 +0000 (05:08 +0000)]
skip over verbose (protocol trace) debugging output
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18678
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 11 Oct 2006 04:54:00 +0000 (04:54 +0000)]
Add bounds-checking assertions before automatic array reference
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18677
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 10 Oct 2006 23:59:46 +0000 (23:59 +0000)]
Keep just 10/6 version of schema files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18674
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 10 Oct 2006 23:56:46 +0000 (23:56 +0000)]
Memory management and Solaris porting fixes from Will Fiveash
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18673
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 10 Oct 2006 23:40:55 +0000 (23:40 +0000)]
Check for allocation failure. Caught by Will Fiveash
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18672
dc483132-0cff-0310-8789-
dd5450dbe970
Kevin Coffman [Tue, 10 Oct 2006 20:52:34 +0000 (20:52 +0000)]
Don't segfault if a preauth plugin module fails to load
Move the zeroing of the errinfo struct before the call to
krb5int_open_plugin_dirs() to prevent segfault in the case
where a plugin fails to load. (For example if there are
unresolved symbols.)
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18671
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 9 Oct 2006 18:08:10 +0000 (18:08 +0000)]
final commits for KFW 3.1 Beta 2
krb5cred.dll (1.1.2.0)
- Fix the control logic so that if the password is expired for an
identity, the krb5 credentials provider will initiate a change
password request. Once the password is successfully changed, the
new password will be used to obtain new credentials.
- Fix an incorrect condition which caused the new credentials dialog
to refresh custom prompts unnecessarily.
- Removing an identity from the list of NetIDMgr identities now causes
the corresponding principal to be removed from the LRU principals
list.
- Properly handle KMSG_CRED_PROCESS message when the user is
cancelling out.
- Add more debug output
- Do not renew Kerberos tickets which are not initial tickets.
- Fix whitespace in source code.
- When providing identity selection controls, disable the realm
selector when the user specifies the realm in the username control.
- k5_ident_valiate_name() will refuse principal names with empty or
unspecified realms.
- When updating identity properties, the identity provider will
correctly set the properties for identities that were destroyed.
This fixes a problem where the values may be incorrect if an
identity has two or more credential caches and one of them is
destroyed.
nidmgr32.dll (1.1.2.0)
- Send out a separate notification if the configuration information
associated with an identity is removed.
- If an identity is being removed from the NetIDMgr identity list in
the configuration panel, do not send out APPLY notifications to the
subpanels after the configuration information has been removed.
Otherwise this causes the configuration information to be reinstated
and prevent the identity from being removed.
- Properly initialize the new credentials blob including the UI
context structure.
netidmgr.exe (1.1.2.0)
- When suppressing error messages, make sure that the final
KMSG_CRED_END notification is sent. Otherwise the new credentials
acquisition operation will not be cleaned up.
- Autoinit option now checks to see if there are identity credentials
for the default identity and triggers the new credentials dialog if
there aren't any.
- Properly synchronize the configuration node list when applying
changes (e.g.: when removing or adding an identity).
- Fix a handle leak when removing an identity from the NetIDMgr
identity list.
- Refresh the properties for the active identities before calculating
the renewal and expiration timers. Otherwise the timestamps being
used might be incorrect.
- Add Identity dialog (in the configuration panel) now uses the
identity selection controls provided by the identity provider.
- Improve type safety when handling timer refreshes.
- When getting the expiration times and issue times for an identity,
the timer refresh code may fail over to the expiration and issue
times for the credential it is currently looking at. Now the code
makes sure that both the issue and expiration times come from the
identity or the credential but not mixed.
- Not being able to get the time of issue of a credential now does not
result in the credential being skipped from the timer refresh pass.
However, not having a time of issue will result in the half-life
algorithm not being applied for the renew timer.
- Fix a bug which caused a credential to be abandoned from the timer
refresh pass if the reamining lifetime of the credential is less
than the renewal threshold.
- Fix a bug where the vertical scroll bars for the hypertext window
would not appear when the contents of the window changed.
- Trigger a refresh of the configuration nodes when adding or removing
an identity.
source for (1.1.2.0)
- Explicitly include <prsht.h> so that the SDK can be used in build
environments that define WIN32_LEAN_AND_MEAN.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18670
dc483132-0cff-0310-8789-
dd5450dbe970
Russ Allbery [Sun, 8 Oct 2006 03:22:48 +0000 (03:22 +0000)]
Initialize buffer before calling res_ninit
Per Paul Vixie: It is necessary to zero out the statbuf before calling
res_ninit(), or else res_vinit() will call res_nclose() and res_ndestroy()
with stack trash as a statbuf, and they will call free() with stack trash,
and programs will dump core.
Ticket: new
Component: krb5-libs
Version_Reported: 1.5.1
Target_Version: 1.5.2
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18669
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 7 Oct 2006 08:02:41 +0000 (08:02 +0000)]
fix dependencies properly this time
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18668
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 7 Oct 2006 07:51:48 +0000 (07:51 +0000)]
Initialize accessor fields at compile time, under C99 and GCC
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18667
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 7 Oct 2006 07:39:24 +0000 (07:39 +0000)]
Move ASN.1 routines for KDB LDAP plugin into main krb5 library,
accessed via krb5int_access.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18666
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 7 Oct 2006 06:10:27 +0000 (06:10 +0000)]
Check for ldap_initialize and other functions that Solaris (Mozilla-based)
LDAP does not provide, and define versions a couple of them if needed.
Based on patches from and discussions with Will Fiveash.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18665
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 7 Oct 2006 05:25:54 +0000 (05:25 +0000)]
10/3 patch from Savitha R, part 3, patch-manpages-schema.diff
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18664
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 7 Oct 2006 01:38:12 +0000 (01:38 +0000)]
whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18663
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 7 Oct 2006 01:36:50 +0000 (01:36 +0000)]
whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18662
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 7 Oct 2006 01:30:59 +0000 (01:30 +0000)]
Use const pointers for error messages.
Add some debugging hooks in the libkrb5 support.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18661
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 7 Oct 2006 01:04:01 +0000 (01:04 +0000)]
drop comma at end of enum list
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18660
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 7 Oct 2006 01:02:08 +0000 (01:02 +0000)]
Eliminate some warnings and non-gcc build problems:
- nested function
- bogus pointer casts
- C++-style comments
- unused variables
- variables of same name in nested scopes
- if condition syntax
- unused function
- use of GNU-only strndup() function
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18659
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 6 Oct 2006 23:58:43 +0000 (23:58 +0000)]
10/3 patch from Savitha R, part 2, patch-krb-schema.diff
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18658
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 6 Oct 2006 23:53:38 +0000 (23:53 +0000)]
10/3 patch from Savitha R, part 1, patch-ldap-schema.diff
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18657
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 6 Oct 2006 23:29:29 +0000 (23:29 +0000)]
schema info
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18656
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 6 Oct 2006 23:28:50 +0000 (23:28 +0000)]
remove old changelog
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18655
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 6 Oct 2006 21:43:02 +0000 (21:43 +0000)]
* src/lib/krb5/ccache/t_cccursor.c: Bugfixes from Ezra to clean up
memory leaks.
ticket: 4389
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18654
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 6 Oct 2006 21:35:50 +0000 (21:35 +0000)]
update export lists
ticket: 4389
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18653
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 6 Oct 2006 21:17:56 +0000 (21:17 +0000)]
make depend
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18652
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 5 Oct 2006 22:58:41 +0000 (22:58 +0000)]
cursor for iterating over ccaches
Some ccache back ends need per-type cursors implemented.
* src/include/k5-int.h: Declare krb5_cc_ptcursor. Update
krb5_cc_ops vector to include functions for ptcursor and some
not-yet-implemented functionality.
* src/include/krb5/krb5.hin: Prototype krb5_cccol_cursor_new,
krb5_cccol_cursor_next, krb5_cccol_cursor_free.
* src/lib/krb5/ccache/Makefile.in: Compile cccursor.c. Build
t_cccursor.
* src/lib/krb5/ccache/cccursor.c: Implementation of cursor for
iterating over ccaches.
* src/lib/krb5/ccache/ccbase.c: Add typecursor functionality for
iteration over registered ccache types.
* src/lib/krb5/ccache/cc_memory.c: Implmement per-type ccache
cursor functionality.
* src/lib/krb5/ccache/cc_mslsa.c:
* src/lib/krb5/ccache/cc_file.c:
* src/lib/krb5/ccache/ccapi/stdcc.c: Add place-holder ops vector
entries.
* src/lib/krb5/ccache/t_cccursor.c: New test of ccache cursor
functionality.
* src/lib/krb5/os/ccdefname.c (krb5int_cc_os_default_name): New
function to return the OS-specific default ccache name.
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18651
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 5 Oct 2006 21:28:58 +0000 (21:28 +0000)]
* kdc_preauth.c (return_padata): Allocate a padata context if not
already allocated. In the preauth_required path check will not be
called to set up the context first.
ticket: 4377
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18650
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 5 Oct 2006 19:45:52 +0000 (19:45 +0000)]
Patch from Kevin Coffman:
- adds a function to get ccache keycount
- uses it in two places
- fixes free problem if next_cred fails
- simplifies the clearcache function by using keyctl_clear
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18649
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 5 Oct 2006 14:08:06 +0000 (14:08 +0000)]
ignore generated source-tree files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18648
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 5 Oct 2006 14:05:40 +0000 (14:05 +0000)]
fix dependence on config.status to use correct dir
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18647
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 5 Oct 2006 13:17:59 +0000 (13:17 +0000)]
Add decode_tagged_unsigned_integer, and try to fix signed/unsigned and
long/int/int32 mixups in ASN.1 decoding. Add comments describing encoding
of key data. Don't always parenthesize safe_syncbuf arguments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18646
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 5 Oct 2006 13:15:31 +0000 (13:15 +0000)]
set a more meaningful error message in asn1 decode failure case
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18645
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 5 Oct 2006 13:15:00 +0000 (13:15 +0000)]
export krb5_ldap_create
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18644
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 4 Oct 2006 18:40:53 +0000 (18:40 +0000)]
array before test for pointing at entry with the principal. Avoids
buffer overflow for end of list.
Detected with a hacked up version of valgrind to handle keyring syscalls.
krb5_krcc_next_cred: Move initial test if pointing past end of key
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18643
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 4 Oct 2006 10:44:28 +0000 (10:44 +0000)]
The keyring code introduced in r18638 also included tests of the KEYRING:
regardless of whether the type is registered or not in the library.
Test to see if KEYRING: is registered - and if so - run the tests on it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18642
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 3 Oct 2006 19:07:17 +0000 (19:07 +0000)]
Preauthentication Plugin Framework
Patch from Nalin Dahyabhai at Redhat to implement a preauthentication
framework based on the plugin architecture. Currently. the API is
considered internal and the header is not installed.
See src/include/krb5/preauth_plugin.h for the interface.
ticket: new
Tags: enhancement
Status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18641
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 2 Oct 2006 23:14:59 +0000 (23:14 +0000)]
configure: Depend on $(AUTOCONF_HEADER) so check-ac-syms will be happier
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18640
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 2 Oct 2006 23:14:17 +0000 (23:14 +0000)]
(AUTOCONF_HEADER): Change to match file's target name
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18639
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 2 Oct 2006 22:50:10 +0000 (22:50 +0000)]
Merge Kevin Coffman's keyring ccache branch for Linux, with some modifications:
aclocal.m4: Enable keyring ccache if the header and library are available; no
configure-time option. No error if it's not found.
ccdefname.c: Keep old default of FILE: cache, at least for now.
libkrb5.exports: Don't export krb5_krcc_ops.
ccbase.c: Only initialize krb5int_krcc_mutex if USE_KEYRING_CCACHE; destroy it
in finalization. Define INITIAL_TYPEHEAD macro (for file vs keyring), and use
it for initialization and in krb5int_cc_finalize. Re-enable freeing of
additional registered-type structures.
cc_keyring.c: Avoid calls to com_err from within library.
cc_file.c: Punt change; generate_new is badly broken, and we expect to replace
it with a new API anyways.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18638
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 2 Oct 2006 21:39:48 +0000 (21:39 +0000)]
Nuke old Saber-related stuff
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18637
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 1 Oct 2006 12:05:20 +0000 (12:05 +0000)]
kdc: make_toolong_error does not initialize all fields for krb5_mk_error
network.c: make_too_long_error() fails to set the ctime and cusec elements of
the krb5_error structure. Valgrind detects errors in the asn.1 encoding
handlers in reading an unitialized value. Initialize to 0.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18635
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 30 Sep 2006 00:54:14 +0000 (00:54 +0000)]
Update expected results for krb5_get_host_realm with referral patches
installed.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18634
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 29 Sep 2006 23:07:19 +0000 (23:07 +0000)]
(get_errmsg): Check for errcode_2_string and release_errcode_string
being null function pointers.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18633
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 28 Sep 2006 19:07:19 +0000 (19:07 +0000)]
Fix AIX version of GET_HOST_BY_NAME to use TMP.ent for the result, not
the no-longer-defined my_h_ent.
ticket: 4256
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18632
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 25 Sep 2006 21:17:42 +0000 (21:17 +0000)]
Patch from Will Fiveash for "kdb5_util create" support in LDAP, modified to
drop separate port-number spec so it'll build with current sources. Not
tested because of a bug in the recent Novell patch. :-(
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18616
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sun, 24 Sep 2006 14:30:29 +0000 (14:30 +0000)]
Implement renew credential functionality which was inadvertently
left out.
ticket: 4312
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18609
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 22 Sep 2006 21:19:16 +0000 (21:19 +0000)]
Remove now-unused 'port' fields
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18608
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 22 Sep 2006 20:57:22 +0000 (20:57 +0000)]
Misc cleanup:
Include header instead of duplicating public decls.
Don't use C99-style "//" comments.
Reformat a bit to krb5 tree normal style.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18607
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 22 Sep 2006 20:29:24 +0000 (20:29 +0000)]
New patch from Savitha, for new principal key storage format in LDAP
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18606
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 22 Sep 2006 19:24:44 +0000 (19:24 +0000)]
no c++-style comments
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18605
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 21 Sep 2006 21:49:41 +0000 (21:49 +0000)]
KFW 3.1 Beta 2 NetIDMgr Changes
source for (1.1.0.1)
- Updated documentation with additional information and fixed errors.
nidmgr32.dll (1.1.0.1)
- Fixed a deadlock in the configuration provider that may cause
NetIDMgr to deadlock on load.
- Prevent the configuration provider handle list from getting
corrupted in the event of a plug-in freeing a handle twice.
- Add more parameter validation for the configuration provider.
- If a plug-in is only partially registered (only some of the entries
were set in the registry), the completion of the registration didn't
complete successfully, leaving the plug-in in an unusable state.
This has been fixed. Plug-ins will now successfully complete
registration once they are loaded for the first time, assuming the
correct resources are present in the module.
- Fixed notifications for setting a default identity. Notifications
were not being properly sent out resulting in the credentials window
not being updated when the default identity changed.
- Changes to the API for type safety.
- Handling of binary data fields was changed to support validation and
comparison.
- Data types that do not support KCDB_CBSIZE_AUTO now check for and
report an error if it is specified.
- Password fields in the new credentials dialog will trim leading and
trailing whitespace before using a user-entered value.
- Change password action will no longer be disabled if no identity is
selected. An identity selection control is present in the dialog
making this restriction unnecessary.
- When renewing credentials, error messages will be suppressed if the
renewal was for an identity and the identity does not have any
identity credentials associated with it.
- Error messages that are related to credentials acquisition or
password changes will now display the name of the identity that the
error applies to.
- Automatic renewals now renews all identities that have credentials
associated with them instead of just the default identity.
- Fixed a bug where error messages did not have a default button which
can be invoked with the return key or the space bar.
- The new credentials window will force itself to the top. This can
be disabled via a registry setting, but is on by default.
- Fixed the sort order in the new credentials tabs to respect sort
hints provided by plug-ins.
- If a new credentials operation fails, the password fields will be
cleared.
- Once a new credentials operation starts, the controls for specifying
the identity and password and any other custom prompts will be
disabled until the operation completes.
- Notifications during the new credentials operation now supply a
handle to the proper data structures as documented.
- Hyperlinks in the new credentials dialog now support markup that
will prevent the dialog from switching to the credentials type panel
when the link is activated.
- If there are too many buttons added by plug-ins in the new
credentials dialog, they will be resized to accomodate all of them.
- The options button in the new credentials dialog will be disabled
while a new credentials operation is in progress.
- The 'about' dialog retains the original copyright strings included
in the resource.
- Multiple modal dialogs are now supported. Only the topmost one will
be active. Once it is closed, the other dialogs will gain focus in
turn. This allows for error messages to be displayed from other
modal dialogs.
- The hypertext window supports italics.
krb4cred.dll (1.1.0.1)
- Fixed a bug where the plug-in would attempt to free a handle twice.
- Fixed a handle leak.
- Changed the facility name used for event reporting to match the
credentials type name.
krb5cred.dll (1.1.0.1)
- Fixed handling of expired passwords. If the password for an
identity is found to have expired at the time a new credentials
acquisition is in progress, the user will be given an opportunity to
change the password. If this is successful, the new credentials
operation will continue with the new password.
- Prevent the new credentials dialog from switching to the Kerberos 5
credentials panel during a password change.
- Prompts that were cached indefinitely will now have a limited
lifetime. Prompt caches that were created using prior versions of
the plug-in will automatically expire.
- Multistrings in the resource files were converted to CSV to protect
them against a bug in Visual Studio 2005 which corrupted
multistrings.
- Added handling of and reporting WinSock errors that are returned
from the Kerberos 5 libraries.
- Fixed uninitialized variables.
- The username and realm that is entered when selecting an identity
will be trimmed of leading and trailing whitespace.
- Changed the facility name used for event reporting to match the
credentials type name.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18604
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 21 Sep 2006 16:18:26 +0000 (16:18 +0000)]
NSIS installer - update for Win2K NetIDMgr
Install the Win2K specific binaries for NetIDMgr on Win2K
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18603
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 21 Sep 2006 15:54:05 +0000 (15:54 +0000)]
oops, make sure we install from the correct source file
on Windows 2000
ticket: 4309
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18602
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 21 Sep 2006 14:58:40 +0000 (14:58 +0000)]
wix installer - win2k compatibility for netidmgr
Install the special win2k version of nidmgr32.dll
on Windows 2000 systems.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18601
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 21 Sep 2006 02:43:12 +0000 (02:43 +0000)]
windows thread support frees thread local storage after TlsSetValue
threads.c: The return value of TlsSetValue is non-zero on
success. As a result of misinterpreting the
return value, the memory set in TLS is then freed.
A subsequent call to TlsGetValue returns the
invalid pointer.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18600
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 21 Sep 2006 01:48:50 +0000 (01:48 +0000)]
Set the canonicalize flag in TGS requests and accept cross-realm referral tickets.
We do not yet accept tickets in which the server name changes.
* krb5_sname_to_principal: If there is no domain realm mapping return null realm
*krb5_get_cred_via_tkt: New behavior as described below
1) the referrals case:
- check for TGT for initial realm
- if a remote realm was specified (which must have happened via a
domain_realm mapping), obtain a TGT for it the standard way and
start with that.
- use client realm for server if not specified
- iterate through this loop:
- request ticket with referrals turned on
- if that fails:
- if this was the first request, punt to non-referrals case
- otherwise, retry once without referrals turned on then terminate
either way
- if it works, either use the service ticket or follow the referral path
- if loop count exceeded, hardfail
2) the nonreferrals case
- this is mostly the old walk_realm_tree TGT-finding (which allows
limited shortcut referrals per 4120) followed by a standard tgs-req.
- originally requested principal is used for this, although if we were
handed something without a realm, determine a fallback realm based on
DNS TXT records or a truncation of the domain name.
ticket: 2652
Owner: amb
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18598
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 20 Sep 2006 01:30:25 +0000 (01:30 +0000)]
* kdb_ldap.h: If BUILD_WITH_BROKEN_LDAP is defined, skip version checks
ticket: 4292
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18595
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 19 Sep 2006 22:40:09 +0000 (22:40 +0000)]
Bad loop logic in krb5_mcc_generate_new
krb5_mcc_generate_new() Error in loop caused first item in the list to not
get checked the second time through scanning for duplicates.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18594
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 18 Sep 2006 23:58:56 +0000 (23:58 +0000)]
whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18593
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 18 Sep 2006 23:51:50 +0000 (23:51 +0000)]
Savitha's patches for:
- LDAP URI support for specifying server and port
- support for ldapi interface
- updated to newer LDAP APIs
- updated documentation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18592
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 16 Sep 2006 01:59:15 +0000 (01:59 +0000)]
* kdb5.c (kdb_load_library): Make error message a little more accurate.
(get_errmsg): New function. Uses errcode_2_string and release_errcode_string
functions to copy out an error message from the plugin and store it locally,
if the error code supplied is nonzero. Changed other uses of plugin functions
to call get_errmsg on returning.
(krb5_db_errcode2string): Deleted.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18591
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 16 Sep 2006 01:49:52 +0000 (01:49 +0000)]
Update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18590
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 16 Sep 2006 01:32:40 +0000 (01:32 +0000)]
Move RPC header files to include/gssrpc, which we copy to them at
build time, and which is the only place we use them from anyways.
Update Makefile references and dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18589
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 16 Sep 2006 01:25:12 +0000 (01:25 +0000)]
Export krb5_ldap_release_errcode_string
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18588
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 15 Sep 2006 22:57:09 +0000 (22:57 +0000)]
Make it easier to ignore additional directories, like, oh, say, local
install paths for OpenLDAP.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18587
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 13 Sep 2006 20:30:23 +0000 (20:30 +0000)]
whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18584
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Sep 2006 00:25:34 +0000 (00:25 +0000)]
whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18583
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Sep 2006 00:20:01 +0000 (00:20 +0000)]
whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18582
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Sep 2006 22:16:45 +0000 (22:16 +0000)]
* Makefile.in (krb5/krb5.h): Wrap the content in macro test for
multiple-inclusion protection.
ticket: 3522
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18571
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Sep 2006 20:31:54 +0000 (20:31 +0000)]
Make database plugin responsible for releasing the error-message string, so
that we can use the krb5_get_error_message interface internally.
* kdb5.h: Add release_errcode_string field to the interface.
* db2_exp.c, ldap_exp.c: Initialize it.
* ldap_misc.c: Use krb5_get/free_error_message for error message strings.
* kdb_ldap.h: Declare krb5_ldap_release_errcode_string.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18565
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Sep 2006 19:54:06 +0000 (19:54 +0000)]
whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18564
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Sep 2006 17:15:12 +0000 (17:15 +0000)]
comment formatting for 80 columns
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18563
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 5 Sep 2006 21:54:47 +0000 (21:54 +0000)]
(prof_get_integer_def, prof_get_string_def): New functions: check specified
config section in the profile, then the default section, then fall back to
passed default value (for integer only). Set error string on error.
(krb5_ldap_read_server_params): Use them, instead of explicitly doubling each
profile_get call.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18562
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Tue, 5 Sep 2006 18:47:29 +0000 (18:47 +0000)]
windows ccache and keytab file paths without a prefix
ktbase.c, ccbase.c: When a file path is specified without
the prefix we must infer the use of the "FILE" prefix.
However, we were setting the prefix including the colon
separator when the separator should have been ignored.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18561
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 1 Sep 2006 02:51:38 +0000 (02:51 +0000)]
Reject old OpenLDAP versions with bugs tickled by this code.
Clean up some warnings during the build.
* ldap_misc.c (strptime) [NEED_STRPTIME_PROTO]: Declare, conditionally.
(krb5_ldap_errcode_2_string): Return string, not error code, to fit with DAL
interface spec.
* kdb_ldap.h: Error out for OpenLDAP versions before 2.2.24.
(LDAP_DEPRECATED): Define; openldap-2.3.27 defaults to undefined.
(krb5_ldap_lib_init): Prototype.
(krb5_get_policydn): Declare.
(krb5_ldap_errcode_2_string): Fix return type.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18558
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 31 Aug 2006 22:12:36 +0000 (22:12 +0000)]
(krb5_ldap_destroy_policy): krb5_ldap_delete_policy takes a mask arg, not pointer-to
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18557
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 31 Aug 2006 22:08:45 +0000 (22:08 +0000)]
Declare get_date() used from kadmin cli code.
In calls, delete the second argument that get_date doesn't take.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18556
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 31 Aug 2006 21:30:30 +0000 (21:30 +0000)]
Remove or conditionalize unused variables
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18555
dc483132-0cff-0310-8789-
dd5450dbe970