krb5.git
13 years agoFix typo in pkinit_kdf_test error message
Sam Hartman [Wed, 21 Sep 2011 18:40:33 +0000 (18:40 +0000)]
Fix typo in pkinit_kdf_test error message

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25220 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd newlines to end of status messages
Sam Hartman [Wed, 21 Sep 2011 18:40:23 +0000 (18:40 +0000)]
Add newlines to end of status messages

Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25219 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoIf the client offers the alg agility KDF, use it
Sam Hartman [Wed, 21 Sep 2011 18:40:16 +0000 (18:40 +0000)]
If the client offers the alg agility KDF, use it

Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
pkinit:  changes to call alg-agility KDF

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25218 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoReordered pkinit_server_return_padata(), so that the alg-agility
Sam Hartman [Wed, 21 Sep 2011 18:40:09 +0000 (18:40 +0000)]
Reordered pkinit_server_return_padata(), so that the alg-agility
KDF can be called after the reply is encoded, as it needs the
encoded reply as one of its arguments.
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25217 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd stubs for new pkinit encoders
Greg Hudson [Wed, 21 Sep 2011 17:46:27 +0000 (17:46 +0000)]
Add stubs for new pkinit encoders

The new pkinit encoders for hash agility are in the library export
list (whereas older encoders are invoked via the accessor), so we need
to provide stubs for them if we're building without pkinit support.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25216 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd kadmin functionality for string attributes
Greg Hudson [Wed, 21 Sep 2011 16:29:00 +0000 (16:29 +0000)]
Add kadmin functionality for string attributes

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25215 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd KRB5_TL_STRING_ATTRS and libkdb5 accessors
Greg Hudson [Wed, 21 Sep 2011 16:28:54 +0000 (16:28 +0000)]
Add KRB5_TL_STRING_ATTRS and libkdb5 accessors

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25214 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix asn.1 encoder build without PKINIT support
Greg Hudson [Wed, 21 Sep 2011 04:40:49 +0000 (04:40 +0000)]
Fix asn.1 encoder build without PKINIT support

Move all of the added PKINIT hash agility stuff inside the #ifndef
DISABLE_PKINIT block.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25213 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix Openssl 1.0 function capitalization in pkinit
Sam Hartman [Tue, 20 Sep 2011 12:39:02 +0000 (12:39 +0000)]
Fix Openssl 1.0 function capitalization in pkinit

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25212 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoMake ASN.1 code build without PKINIT support
Greg Hudson [Mon, 19 Sep 2011 14:52:16 +0000 (14:52 +0000)]
Make ASN.1 code build without PKINIT support

Move asn1_decode_kdf_alg_id and asn1_decode_sequence_of_kdf_alg_id
inside the #ifndef DISABLE_PKINIT block; otherwise they reference a
nonexistent asn1_decode_kdf_alg_id_ptr when PKINIT is disabled.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25211 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoMake pkinit_kdf_test.c compile
Greg Hudson [Mon, 19 Sep 2011 05:34:22 +0000 (05:34 +0000)]
Make pkinit_kdf_test.c compile

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25210 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFormatting fixes
Greg Hudson [Mon, 19 Sep 2011 05:34:17 +0000 (05:34 +0000)]
Formatting fixes

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25209 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoreindent
Sam Hartman [Mon, 19 Sep 2011 01:00:56 +0000 (01:00 +0000)]
reindent

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25208 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix x64 compile issues: remove bufferoverflowu.lib; this is obsolete
Sam Hartman [Mon, 19 Sep 2011 00:59:29 +0000 (00:59 +0000)]
Fix x64 compile issues: remove bufferoverflowu.lib; this is obsolete
as of VS2005SP1. Use undecorated _DllMainCRTStartup as entry point
instead of _DllMainCRTStartup@12

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25207 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUse closesocket() instead of close() for sockets on Windows
Sam Hartman [Mon, 19 Sep 2011 00:59:24 +0000 (00:59 +0000)]
Use closesocket() instead of close() for sockets on Windows

Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25206 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFixed some warnings on Windows
Sam Hartman [Mon, 19 Sep 2011 00:59:20 +0000 (00:59 +0000)]
Fixed some warnings on Windows

Windows VC compiler complains about comparison between signed and unsigned
int types, unused variables

Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25205 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdded util\profile\testmod\Makefile to the list of Makefiles generated on Windows
Sam Hartman [Mon, 19 Sep 2011 00:59:14 +0000 (00:59 +0000)]
Added util\profile\testmod\Makefile to the list of Makefiles generated on Windows

Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25204 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd KRB5_CALLCONV to krb5_init_context_profile definition in init_ctx.c Remove extran...
Sam Hartman [Mon, 19 Sep 2011 00:59:08 +0000 (00:59 +0000)]
Add KRB5_CALLCONV to krb5_init_context_profile definition in init_ctx.c Remove extraneous 'p'

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25203 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUpdated copyright year in a Windows version resource
Sam Hartman [Mon, 19 Sep 2011 00:59:02 +0000 (00:59 +0000)]
Updated copyright year in a Windows version resource

Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25202 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUpdated command line utilities not to complain about missing getopt() definition
Sam Hartman [Mon, 19 Sep 2011 00:58:58 +0000 (00:58 +0000)]
Updated command line utilities not to complain about missing getopt() definition

Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25201 dc483132-0cff-0310-8789-dd5450dbe970

13 years ago__func__ -> __FUNCTION__ in #ifdef DEBUG blocks in util_errmap.c
Sam Hartman [Mon, 19 Sep 2011 00:58:52 +0000 (00:58 +0000)]
__func__ -> __FUNCTION__ in #ifdef DEBUG blocks in util_errmap.c

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25200 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoProtect autoconf #defines (HAVE_FOO, et al) in win-mac.h with #ifdef KRB5_PRIVATE...
Sam Hartman [Mon, 19 Sep 2011 00:58:48 +0000 (00:58 +0000)]
Protect autoconf #defines (HAVE_FOO, et al) in win-mac.h with #ifdef KRB5_PRIVATE add -DKRB5_PRIVATE to CPPFLAGS in win-pre.in and to ALL_CXXFLAGS and ALL_CFLAGS in pre.in

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25199 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoOn Windows, parse mechanism info from Registry instead of mech file
Sam Hartman [Mon, 19 Sep 2011 00:58:43 +0000 (00:58 +0000)]
On Windows, parse mechanism info from Registry instead of mech file

Currently the code parses @sysconfdir@/gss/mech as a set of GSS
mechanisms to dynamically load.  On Windows this should come from the
registry.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25198 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemove the ticket from the pkinit-alg-agility KDF function, to match
Sam Hartman [Mon, 19 Sep 2011 00:58:38 +0000 (00:58 +0000)]
Remove the ticket from the pkinit-alg-agility KDF function, to match
agreed changes to the IETF specification.  Includes removing a parameter from
the KDF function, removing the ticket from the ASN.1 encoder, and updating
the test code.
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25197 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAsn1_encode: indicate DER compressed form without tag or length as input
Sam Hartman [Mon, 19 Sep 2011 00:54:11 +0000 (00:54 +0000)]
Asn1_encode: indicate DER compressed form without tag or length as input

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25196 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoImplement encoding and decoding for supportedKDFs and kdfID
Sam Hartman [Mon, 19 Sep 2011 00:51:39 +0000 (00:51 +0000)]
Implement encoding and decoding for supportedKDFs and kdfID

pkinit: ASN.1 encoders and decoders for new KDF

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25195 dc483132-0cff-0310-8789-dd5450dbe970

13 years ago* Extend auth_pack
Sam Hartman [Mon, 19 Sep 2011 00:35:10 +0000 (00:35 +0000)]
* Extend auth_pack
* extend dh_rep
* add krb5_free_octet_data
* extend pkinit free functions

pkinit: add supportedKDFs and kdfID to structures

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25194 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRefactor to use oid instead of algorithm_id in KDF interface
Sam Hartman [Mon, 19 Sep 2011 00:35:06 +0000 (00:35 +0000)]
Refactor to use oid instead of algorithm_id in KDF interface

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25193 dc483132-0cff-0310-8789-dd5450dbe970

13 years agopkinit_crypto_openssl: fix signed vs unsigned comparison
Sam Hartman [Mon, 19 Sep 2011 00:35:01 +0000 (00:35 +0000)]
pkinit_crypto_openssl: fix signed vs unsigned comparison

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25192 dc483132-0cff-0310-8789-dd5450dbe970

13 years ago implementation of new function and test program for pkinit agility.
Sam Hartman [Mon, 19 Sep 2011 00:34:57 +0000 (00:34 +0000)]
 implementation of new function and test program for pkinit agility.
Implementation of pkinit_alg_agility_kdf() function to implement the
key derivation function defined in draft-ietf-krb-wg-pkinit-alg-agility-04,
and implementation of pkinit_kdf_test program to test the new KDF
against the test vector in the draft.

Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25191 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdded underlying ASN.1 structures for pkinit algorithm agility
Sam Hartman [Mon, 19 Sep 2011 00:34:52 +0000 (00:34 +0000)]
Added underlying ASN.1 structures for pkinit algorithm agility

Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
tested-by: Sam Hartman <hartmans@debian.org>
fixes-from: Sam Hartman <hartmans@debian.org>

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25190 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoIn pkinit_crypto_openssl.c, modified pkinit_octetstring2key() to
Sam Hartman [Mon, 19 Sep 2011 00:34:48 +0000 (00:34 +0000)]
In pkinit_crypto_openssl.c, modified pkinit_octetstring2key() to
eliminate a possible memory leak in the error path, where the
key_block->length was set to zero but the key_block->contents were
not freed.  Also, changed calloc() call to a malloc() call to avoid
allocating up to 8 times as much buffer space as needed.

In keyblocks.c, modified kr5_free_keyblock_contents() to set the
key->length to zero after the key->contents have been freed.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25189 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoIn order for asn1_encode_oid to be called from DEFLENFNTYPE it needs
Sam Hartman [Mon, 19 Sep 2011 00:34:44 +0000 (00:34 +0000)]
In order for asn1_encode_oid to be called from DEFLENFNTYPE it needs
to take void * like all the other string encoders.

asn1_encode_oid: take void not asn1_octet

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25188 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoasn1_encode.{c,h}: support DEFOCTETWRAPTYPE
Sam Hartman [Mon, 19 Sep 2011 00:34:40 +0000 (00:34 +0000)]
asn1_encode.{c,h}: support DEFOCTETWRAPTYPE

Support a way of defining a type that indicates that the DER encoding
of some other type is wrapped inside an octet string in a produced
encoding.  To support this, support encoding of tagged things where
the class is not constructed; in this case it will be primitive.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25187 dc483132-0cff-0310-8789-dd5450dbe970

13 years agopkinit: client: Use SignedData for anonymous
Sam Hartman [Mon, 19 Sep 2011 00:34:36 +0000 (00:34 +0000)]
pkinit: client: Use SignedData for anonymous

Per RFc 6112 use SignedData not ContentInfo for anonymous when the KDC
offers support for PKINIT_KX padata.

ticket: 6962

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25186 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix pkinit warnings
Sam Hartman [Mon, 19 Sep 2011 00:34:31 +0000 (00:34 +0000)]
Fix pkinit warnings

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25185 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoSupport pkinit: SignedData with no signers (KDC)
Sam Hartman [Mon, 19 Sep 2011 00:34:25 +0000 (00:34 +0000)]
Support pkinit: SignedData with no signers (KDC)

For anonymous, MIT 1.9 sends
ContentInfo rather than SignedData. This violates RFc 6112. This patch accepts the RFC 6112 style encoding.

ticket: 6961

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25184 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoDrop code for finding top source directory among several
Ken Raeburn [Sun, 18 Sep 2011 09:43:33 +0000 (09:43 +0000)]
Drop code for finding top source directory among several
possibilities, since with only one configure script now, we know
exactly where it is.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25183 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoDon't check for memmove, inet_ntoa, inet_aton, pthread.h, or
Ken Raeburn [Sun, 18 Sep 2011 09:43:30 +0000 (09:43 +0000)]
Don't check for memmove, inet_ntoa, inet_aton, pthread.h, or
semaphore.h, since the results of the tests are never used.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25182 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd invocations of AC_LANG_SOURCE to deal with autoconf 2.68 warning
Ken Raeburn [Sun, 18 Sep 2011 09:43:25 +0000 (09:43 +0000)]
Add invocations of AC_LANG_SOURCE to deal with autoconf 2.68 warning
messages.  Verified to produce the same configure script (under
autoconf 2.68 on Mac OS X) as before.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25181 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix a typo in r25026
Greg Hudson [Thu, 15 Sep 2011 20:00:15 +0000 (20:00 +0000)]
Fix a typo in r25026

A stray "p" was added to krb5_init_context_profile() inside a _WIN32
block.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25180 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix terminate_workers() in the KDC
Greg Hudson [Wed, 14 Sep 2011 19:00:39 +0000 (19:00 +0000)]
Fix terminate_workers() in the KDC

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25179 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoSimplify terminate_workers() in the KDC
Greg Hudson [Wed, 14 Sep 2011 16:12:39 +0000 (16:12 +0000)]
Simplify terminate_workers() in the KDC

Fixes a bug where we wait for one too many workers to terminate after
one of them crashes.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25178 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoSet up monitor signal handlers before forking
Greg Hudson [Wed, 14 Sep 2011 16:12:36 +0000 (16:12 +0000)]
Set up monitor signal handlers before forking

This avoids a race condition where a child reports "starting..." and
begins to service requests before the monitor is ready to handle
termination signals.  Really only an issue for the test suite.  From
npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25177 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoSplit signal setup into loop_setup_signals()
Greg Hudson [Wed, 14 Sep 2011 16:12:33 +0000 (16:12 +0000)]
Split signal setup into loop_setup_signals()

In the KDC, set up signals in the worker process child after forking
from the monitor process.  From npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25176 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoReinitialize verto after creating worker child
Greg Hudson [Wed, 14 Sep 2011 16:12:29 +0000 (16:12 +0000)]
Reinitialize verto after creating worker child

Also mark fd events as reinitiable so they survive the fork.  From
npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25175 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUpdate verto sources to 2011-09-14 versions
Greg Hudson [Wed, 14 Sep 2011 16:12:25 +0000 (16:12 +0000)]
Update verto sources to 2011-09-14 versions

Also add verto_reinitialize to libverto exports (missed in the last
update).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25174 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix verto-k5ev.h dependencies for system libverto
Greg Hudson [Wed, 14 Sep 2011 15:22:11 +0000 (15:22 +0000)]
Fix verto-k5ev.h dependencies for system libverto

When we build with the internal verto, we include verto-k5ev.h in
order to create loops.  When we build with the system verto, we don't
include that header file.  Add depfix logic and pre.in variables to
avoid depending on verto-k5ev.h for a system verto build.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25173 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUpdate verto sources to 2011-09-10 versions
Greg Hudson [Mon, 12 Sep 2011 16:08:04 +0000 (16:08 +0000)]
Update verto sources to 2011-09-10 versions

Also update verto-k5ev.c to match changes to verto-libev.c.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25172 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoWait before killing daemons in interactive k5test
Greg Hudson [Sat, 10 Sep 2011 22:58:55 +0000 (22:58 +0000)]
Wait before killing daemons in interactive k5test

If k5test is invoked with any stop, wait, or debug options, wait for
input before killing daemons, in case a daemon is being debugged.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25171 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix verto.h dependencies for system libverto
Greg Hudson [Fri, 9 Sep 2011 21:02:55 +0000 (21:02 +0000)]
Fix verto.h dependencies for system libverto

When we have conditionally built bundled source, we need logic in
depfix.pl and variables in pre.in to avoid depending on the bundled
verto.h in generated dependencies.  Add that logic for verto.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25170 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFall back to EV_USE_SELECT
Tom Yu [Wed, 7 Sep 2011 21:31:48 +0000 (21:31 +0000)]
Fall back to EV_USE_SELECT

ev.c explicitly disables poll() on Mac and FreeBSD, which left our
standalone version without any working back ends on Mac OS X, for
example.  Fall back to using select() on these platforms.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25169 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix some error-handling bugs in cc_dir.c
Greg Hudson [Wed, 7 Sep 2011 19:10:25 +0000 (19:10 +0000)]
Fix some error-handling bugs in cc_dir.c

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25168 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoGo back to symlinks for liblinks
Greg Hudson [Tue, 6 Sep 2011 23:23:43 +0000 (23:23 +0000)]
Go back to symlinks for liblinks

Now that we're not using dynamic loading for libverto-k5ev, we don't
need to use hard links for liblinks, and using them would interfere
with an AFS build tree.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25167 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoChange how bundled libverto is linked
Greg Hudson [Tue, 6 Sep 2011 23:23:39 +0000 (23:23 +0000)]
Change how bundled libverto is linked

Give libverto-k5ev a header file.  When using the internal verto
library, link against -lverto-k5ev and use verto_default_k5ev()
instead of verto_default(), bypassing the module loading logic and
making static builds possible.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25166 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix t_ccselect bugs
Greg Hudson [Tue, 6 Sep 2011 16:03:37 +0000 (16:03 +0000)]
Fix t_ccselect bugs

initiator_cred wasn't initialized if no second arg was given.
t_ccselect wasn't removed on make clean.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25165 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix several bugs in gss-krb5 inq_cred
Greg Hudson [Tue, 6 Sep 2011 15:14:10 +0000 (15:14 +0000)]
Fix several bugs in gss-krb5 inq_cred

cred could be used uninitialized if krb5_timeofday() failed.  defcred
had the wrong type.  kg_cred_resolve() should be used instead of
krb5_gss_validate_cred() to do delayed name/ccache resolution and get
a lock.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25164 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoNewer GCCs optimizer catches a variable used without initialization
Ezra Peisach [Tue, 6 Sep 2011 11:34:32 +0000 (11:34 +0000)]
Newer GCCs optimizer catches a variable used without initialization
in the bison library code. Use a GCC pragma to suppress.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25163 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUpdate kerberos man page
Greg Hudson [Mon, 5 Sep 2011 16:37:13 +0000 (16:37 +0000)]
Update kerberos man page

Remove references to the unbundled applications.  Add documentation of
environment variables.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25162 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUse a .so redirect for .k5login.5
Greg Hudson [Mon, 5 Sep 2011 16:36:44 +0000 (16:36 +0000)]
Use a .so redirect for .k5login.5

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25161 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoMake gss-krb5 use cache collection
Greg Hudson [Mon, 5 Sep 2011 16:35:40 +0000 (16:35 +0000)]
Make gss-krb5 use cache collection

For default credentials, defer ccache resolution until we need the
information.  If this happens in init_sec_context when we have the
target principal in hand, use krb5_cc_select() to pick a cache.  If
the target principal is not known, use the default cache.

For credentials with a specified principal, use krb5_cc_cache_match()
to find the cache.  If no cache is found and a password is specified,
create a new cache within the collection to hold the new credentials,
if the default cache type supports a collection.

ticket: 6958

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25160 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRefactor gss-krb5 acquire_init_cred
Greg Hudson [Mon, 5 Sep 2011 16:34:35 +0000 (16:34 +0000)]
Refactor gss-krb5 acquire_init_cred

These changes have no functional impact, but will allow the GSSAPI
changes for credential selection to be made with a minimum of code
movement.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25159 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd krb5_cc_select() API and pluggable interface
Greg Hudson [Mon, 5 Sep 2011 16:33:49 +0000 (16:33 +0000)]
Add krb5_cc_select() API and pluggable interface

The interface has two built-in modules.  The realm module guesses a
cache based on the server realm if it is known.  The k5identity module
(Unix only) chooses a client principal based on rules in a .k5identity
file in the user's homedir.

ticket: 6957

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25158 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd ccache collection support to tools
Greg Hudson [Mon, 5 Sep 2011 16:26:48 +0000 (16:26 +0000)]
Add ccache collection support to tools

* "kdestroy -A" destroys all caches in collection.
* "kinit princ" searches the collection for a matching cache and
  overwrites it, or creates a new cache in the collection, if the
  type of the default cache is collection-enabled.  The chosen cache
  also becomes the primary cache for the collection.
* "klist -l" lists (in summary form) the caches in the collection.
* "klist -A" lists the content of all of the caches in the collection.
* "kswitch -c cache" (new command) makes cache the primary cache.
* "kswitch -p princ" makes the cache for princ the primary cache.

ticket: 6956

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25157 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemove unneeded cccol behaviors
Greg Hudson [Mon, 5 Sep 2011 16:26:43 +0000 (16:26 +0000)]
Remove unneeded cccol behaviors

Do not yield any default caches in the top level cccol implementation.
In the FILE type, yield the default cache if it exists and is of type
FILE, instead of yielding the set of open file caches.

ticket: 6955

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25156 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd new cache collection APIs
Greg Hudson [Mon, 5 Sep 2011 16:26:37 +0000 (16:26 +0000)]
Add new cache collection APIs

* krb5_cc_get_full_name retrieves the full type:name of a cache.
* krb5_cc_switch makes a cache the primary cache.
* krb5_cc_cache_match searches the collection for a client principal.
* krb5_free_string releases a string (for the krb5_cc_get_full_name
  result).

All of these are from Heimdal except for krb5_free_string (Heimdal uses
krb5_xfree).

ticket: 6954

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25155 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd the DIR ccache type
Greg Hudson [Mon, 5 Sep 2011 16:26:30 +0000 (16:26 +0000)]
Add the DIR ccache type

The DIR ccache type supports a collection of credential caches within
a private directory (which must be created out of band).  One cache is
designated as primary at any given time.  Setting the default cache
name to DIR:dirname will cause caches within dirname to be present in
the global cache collection.

ticket: 6953

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25154 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd fnmatch support to libkrb5support
Greg Hudson [Mon, 5 Sep 2011 16:26:25 +0000 (16:26 +0000)]
Add fnmatch support to libkrb5support

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25153 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoEliminate the mechglue union cred auxinfo field
Greg Hudson [Mon, 5 Sep 2011 16:07:48 +0000 (16:07 +0000)]
Eliminate the mechglue union cred auxinfo field

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25152 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoInitialize some more variables
Ken Raeburn [Mon, 5 Sep 2011 09:45:49 +0000 (09:45 +0000)]
Initialize some more variables

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25151 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUse hard links for LIBLINKS
Greg Hudson [Mon, 5 Sep 2011 03:13:07 +0000 (03:13 +0000)]
Use hard links for LIBLINKS

verto uses dladdr() to figure out where it should look for modules,
and dladdr may or may not follow symlinks.  Hard links ensure that it
always looks in the directory where liblinks are, allowing it to find
the verto-k5ev module.

Make symlinks within the lib directory for .so and .so.X instead of
symlinking those back to the library build directory.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25150 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoEnable -Werror=uninitialized if supported
Ken Raeburn [Mon, 5 Sep 2011 01:58:53 +0000 (01:58 +0000)]
Enable -Werror=uninitialized if supported

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25149 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoInstead of passing a 0 to add_new_mkey for kvno and leaving
Ken Raeburn [Mon, 5 Sep 2011 01:58:48 +0000 (01:58 +0000)]
Instead of passing a 0 to add_new_mkey for kvno and leaving
new_mkey_kvno (used when stashing) uninitialized, use get_next_kvno to
set the latter to the only non-zero value that add_new_mkey will
accept.

ticket: 6617

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25148 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix "may be used uninitialized" warnings in db2 code, even though all
Ken Raeburn [Mon, 5 Sep 2011 01:22:03 +0000 (01:22 +0000)]
Fix "may be used uninitialized" warnings in db2 code, even though all
such cases appear to be safe.  This will permit making
uninitialized-variable messages fatal.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25147 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoSilence various "may be used uninitialized" warnings from GCC caused
Ken Raeburn [Mon, 5 Sep 2011 01:21:55 +0000 (01:21 +0000)]
Silence various "may be used uninitialized" warnings from GCC caused
by it not figuring out the control flow (initialization and use both
tied to some other variable).

DB2 code not included.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25146 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoChange output type of pkinit_init_kdc_req_context so as not to require
Ken Raeburn [Mon, 5 Sep 2011 01:21:50 +0000 (01:21 +0000)]
Change output type of pkinit_init_kdc_req_context so as not to require
gratuitous casting.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25145 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoReindent per krb5-batch-reindent.el.
Ken Raeburn [Sun, 4 Sep 2011 23:52:34 +0000 (23:52 +0000)]
Reindent per krb5-batch-reindent.el.
Some minor reformatting added in places to avoid exceeding 80 columns.
Used Emacs 22.1 built-in C mode.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoReindent per krb5-batch-reindent.el.
Ken Raeburn [Sun, 4 Sep 2011 23:52:25 +0000 (23:52 +0000)]
Reindent per krb5-batch-reindent.el.
Mostly changes column choice for backslashes.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25143 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoSkip redundant inclusion of iprop.h
Ken Raeburn [Sun, 4 Sep 2011 23:52:21 +0000 (23:52 +0000)]
Skip redundant inclusion of iprop.h

Suppress GCC's unused-variable diagnostic for purely generated code
using outside tools, known to have that issue but not ours to fix.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25142 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoGet rid of variables triggering gcc's "defined but not used"
Ken Raeburn [Sun, 4 Sep 2011 23:52:11 +0000 (23:52 +0000)]
Get rid of variables triggering gcc's "defined but not used"
complaints, almost entirely "rcsid" variables.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25141 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUntabify some files mistakenly created with tabs
Greg Hudson [Sun, 4 Sep 2011 22:13:30 +0000 (22:13 +0000)]
Untabify some files mistakenly created with tabs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25140 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoExclude some new outside sources from mark-cstyle
Greg Hudson [Sun, 4 Sep 2011 22:13:27 +0000 (22:13 +0000)]
Exclude some new outside sources from mark-cstyle

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25139 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoPrevent verto-k5ev from using clock_gettime
Greg Hudson [Sun, 4 Sep 2011 21:57:28 +0000 (21:57 +0000)]
Prevent verto-k5ev from using clock_gettime

Also remove k5ev.c, which shouldn't have been committed.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25138 dc483132-0cff-0310-8789-dd5450dbe970

13 years agomake depend
Ken Raeburn [Sun, 4 Sep 2011 04:29:47 +0000 (04:29 +0000)]
make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25137 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRename local variable "socket" to avoid the one shadowed-declaration
Ken Raeburn [Sun, 4 Sep 2011 04:29:43 +0000 (04:29 +0000)]
Rename local variable "socket" to avoid the one shadowed-declaration
warning I get in a simple GNU/Linux build.  Solaris may have others.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25136 dc483132-0cff-0310-8789-dd5450dbe970

13 years agodeclarations before code
Ken Raeburn [Sun, 4 Sep 2011 04:29:40 +0000 (04:29 +0000)]
declarations before code

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25135 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix pointer type in net-server.c:make_event()
Greg Hudson [Sun, 4 Sep 2011 04:03:44 +0000 (04:03 +0000)]
Fix pointer type in net-server.c:make_event()

We use void pointers as temporaries in other uses of ADD(), so do so
here as well.  The type-safe type would be verto_ev **.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25134 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix arg list for dummy version of setup_udp_pktinfo_ports
Ken Raeburn [Sun, 4 Sep 2011 03:33:35 +0000 (03:33 +0000)]
Fix arg list for dummy version of setup_udp_pktinfo_ports

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25133 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoMigrate net-server loop to use libverto
Greg Hudson [Fri, 2 Sep 2011 17:07:59 +0000 (17:07 +0000)]
Migrate net-server loop to use libverto

From npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25132 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemove vestigial reset_db() in kadmind
Greg Hudson [Fri, 2 Sep 2011 17:07:57 +0000 (17:07 +0000)]
Remove vestigial reset_db() in kadmind

From npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25131 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemove ancient Purify support in kadmind
Greg Hudson [Fri, 2 Sep 2011 17:07:55 +0000 (17:07 +0000)]
Remove ancient Purify support in kadmind

From npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25130 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoDon't bother logging SIGPIPE in kadmind
Greg Hudson [Fri, 2 Sep 2011 17:07:52 +0000 (17:07 +0000)]
Don't bother logging SIGPIPE in kadmind

From npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25129 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd a loop_ prefix to net-server.c functions
Greg Hudson [Fri, 2 Sep 2011 17:07:49 +0000 (17:07 +0000)]
Add a loop_ prefix to net-server.c functions

From npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25128 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoCreate k5ev verto module from libev sources
Greg Hudson [Fri, 2 Sep 2011 17:07:45 +0000 (17:07 +0000)]
Create k5ev verto module from libev sources

Add configure and build support for libverto and the libverto-k5ev
module.  Fix the version script rules to work for libraries with
hyphens in their names.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25127 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd libev 4.04 sources in util/k5ev
Greg Hudson [Fri, 2 Sep 2011 17:07:40 +0000 (17:07 +0000)]
Add libev 4.04 sources in util/k5ev

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25126 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd libverto sources in util/verto
Greg Hudson [Fri, 2 Sep 2011 17:07:35 +0000 (17:07 +0000)]
Add libverto sources in util/verto

These are from the source repository as of 2011-08-24, since there are
no formal releases yet.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25125 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoMake dejagnu tests work with non-FQDN hostname
Greg Hudson [Thu, 1 Sep 2011 22:02:32 +0000 (22:02 +0000)]
Make dejagnu tests work with non-FQDN hostname

By making an entry for $hostname in [domain_realm], we can relax the
requirement that the canonicalized local hostname must have a parent
domain.  This makes the test suite work more easily on Fedora.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25124 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix a klist example in the user guide
Greg Hudson [Thu, 1 Sep 2011 19:18:59 +0000 (19:18 +0000)]
Fix a klist example in the user guide

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25123 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoGet local hostname more precisely in k5test.py
Greg Hudson [Thu, 1 Sep 2011 17:33:11 +0000 (17:33 +0000)]
Get local hostname more precisely in k5test.py

socket.getfqdn() tries to produce a result containing a period, so it
may disagree with krb5_sname_to_principal's result--for example, in
Fedora's default DHCP configuration.  Use getaddrinfo and getnameinfo
calls mirroring krb5_sname_to_principal's logic instead.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25122 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix cross-realm traversal TGT requests
Greg Hudson [Thu, 1 Sep 2011 16:21:25 +0000 (16:21 +0000)]
Fix cross-realm traversal TGT requests

When requesting a cross-realm TGT, use the KDC instance of the current
TGT (the second data component), not the realm which the TGT came
from.

ticket: 6952
target_version: 1.9.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25121 dc483132-0cff-0310-8789-dd5450dbe970