krb5.git
14 years agoPerform the AES-CBC XOR operations 4 bytes at a time, using the helper
Ken Raeburn [Wed, 2 Dec 2009 23:09:33 +0000 (23:09 +0000)]
Perform the AES-CBC XOR operations 4 bytes at a time, using the helper
functions for loading and storing potentially-unaligned values.
Improves bulk AES encryption performance by 2% or so on 32-bit x86
with gcc 4.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23432 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoAdd store_{16,32,64}_n functions, for potentially-unaligned, native-order values
Ken Raeburn [Wed, 2 Dec 2009 23:09:29 +0000 (23:09 +0000)]
Add store_{16,32,64}_n functions, for potentially-unaligned, native-order values

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23431 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoSpeed up the per-block loops of AES, DES3, and DES IOV encryption by
Greg Hudson [Wed, 2 Dec 2009 22:37:16 +0000 (22:37 +0000)]
Speed up the per-block loops of AES, DES3, and DES IOV encryption by
avoiding function calls and copies in the case where the next block
is wholly contained within the current buffer.  To do this, introduce
two new inline functions in aead.h called iov_next_block and
iov_store_block.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23430 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoRemove t_kperf on make clean
Greg Hudson [Wed, 2 Dec 2009 20:13:26 +0000 (20:13 +0000)]
Remove t_kperf on make clean

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23429 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoClean up the AES enc_provider code a bit. Chiefly, work with unsigned
Greg Hudson [Wed, 2 Dec 2009 19:52:54 +0000 (19:52 +0000)]
Clean up the AES enc_provider code a bit.  Chiefly, work with unsigned
char blocks, casting input->data and output->data once each upon entry
to the non-IOV encrypt and decrypt functions, rather than casting our
working buffers each time we need to work with an outside function.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23428 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoIn t_kperf, generate a valid ciphertext when testing decryption
Greg Hudson [Wed, 2 Dec 2009 18:32:03 +0000 (18:32 +0000)]
In t_kperf, generate a valid ciphertext when testing decryption

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23427 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoFix an incorrect length in the new krb5int_c_decrypt_aead_compat
Greg Hudson [Wed, 2 Dec 2009 18:10:12 +0000 (18:10 +0000)]
Fix an incorrect length in the new krb5int_c_decrypt_aead_compat

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23426 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoFixed the conflicting type "static krb5_error_code KRB5_CALLCONV" of krb5_change_set...
Zhanna Tsitkov [Wed, 2 Dec 2009 18:06:19 +0000 (18:06 +0000)]
Fixed the conflicting type "static krb5_error_code KRB5_CALLCONV" of  krb5_change_set_password and some reindentation/reformating

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23425 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoReindent and removed krb5_ prefix from static func name
Zhanna Tsitkov [Tue, 1 Dec 2009 16:22:47 +0000 (16:22 +0000)]
Reindent and removed krb5_ prefix from static func name

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23398 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoFix AES IOV decryption of small messages
Greg Hudson [Tue, 1 Dec 2009 01:36:42 +0000 (01:36 +0000)]
Fix AES IOV decryption of small messages

AES messages never need to be padded because the confounder ensures
that the plaintext is at least one block long.  Remove a check in
krb5int_dk_decrypt_iov which was rejecting short AES messages because
it didn't count the header length.

ticket: 6589
tags: pullup
target_version: 1.7.1

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23397 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoMake krb5int_c_decrypt_aead_compat more efficient by building the
Greg Hudson [Tue, 1 Dec 2009 01:32:02 +0000 (01:32 +0000)]
Make krb5int_c_decrypt_aead_compat more efficient by building the
buffers explicitly rather than using stream decryption.  Sidesteps
some machinery and avoids copying the output.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23396 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoFix the usage fallback in krb5int_arcfour_decrypt_iov. Factor out IOV
Greg Hudson [Tue, 1 Dec 2009 00:40:54 +0000 (00:40 +0000)]
Fix the usage fallback in krb5int_arcfour_decrypt_iov.  Factor out IOV
encryption with a keyblock since this makes four uses of it in one
file.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23395 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoMark and reindent tests, with some exclusions
Tom Yu [Mon, 30 Nov 2009 23:09:36 +0000 (23:09 +0000)]
Mark and reindent tests, with some exclusions

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23394 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoReindent
Zhanna Tsitkov [Mon, 30 Nov 2009 22:29:48 +0000 (22:29 +0000)]
Reindent

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23393 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoMark and reindent util/support
Tom Yu [Mon, 30 Nov 2009 21:35:38 +0000 (21:35 +0000)]
Mark and reindent util/support

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23392 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoRemove some stray tabs
Greg Hudson [Mon, 30 Nov 2009 19:37:31 +0000 (19:37 +0000)]
Remove some stray tabs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23391 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoUse aead_dk instead of aead_old for des-hmac-sha1, since it uses
Greg Hudson [Mon, 30 Nov 2009 19:05:01 +0000 (19:05 +0000)]
Use aead_dk instead of aead_old for des-hmac-sha1, since it uses
dk_encrypt.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23390 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoFix ivec chaining for DES iov encryption
Greg Hudson [Mon, 30 Nov 2009 19:03:58 +0000 (19:03 +0000)]
Fix ivec chaining for DES iov encryption

krb5int_des_cbc_decrypt_iov was using a plaintext block to update the
ivec.  Fix it to use the last cipher block, borrowing from the
corresponding des3 function.  The impact of this bug is not serious
since ivec chaining is not typically used with IOV encryption in 1.7.

ticket: 6588
tags: pullup
target_version: 1.7.1

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23389 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoAdd an AEAD provider for enctypes which use krb5_old_encrypt and
Greg Hudson [Mon, 30 Nov 2009 16:19:24 +0000 (16:19 +0000)]
Add an AEAD provider for enctypes which use krb5_old_encrypt and
krb5_old_decrypt; this makes every enctype have an AEAD provider.  To
make this work, expose make_unkeyed_checksum_iov to other files (under
the name krb5int_hash_iov) and make krb5int_c_padding_length take into
account the header length.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23388 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoIn the des enc_provider decrypt_iov function, count header blocks as
Greg Hudson [Mon, 30 Nov 2009 16:13:50 +0000 (16:13 +0000)]
In the des enc_provider decrypt_iov function, count header blocks as
well as data and padding blocks when checking for correctly padded
input.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23387 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoMake the crc32 hash provider correctly chain multiple input buffers,
Greg Hudson [Mon, 30 Nov 2009 16:12:36 +0000 (16:12 +0000)]
Make the crc32 hash provider correctly chain multiple input buffers,
so that it returns the same result if you pass it one big buffer or
many small buffers containing the same data.  To do this, change the
contract of mit_crc32 so that the cksum parameter is in-out.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23386 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoStream decryption is handled in krb5_k_decrypt_iov; remove some
Greg Hudson [Mon, 30 Nov 2009 14:17:06 +0000 (14:17 +0000)]
Stream decryption is handled in krb5_k_decrypt_iov; remove some
lingering checks in the dk and raw aead providers from before that
was introduced.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23385 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoFix memory leak
Sam Hartman [Mon, 30 Nov 2009 14:14:47 +0000 (14:14 +0000)]
Fix memory leak

ticket: 6585

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23384 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoTerminate the loop in find_authdata_1 if we get an error in one of the
Greg Hudson [Mon, 30 Nov 2009 01:19:14 +0000 (01:19 +0000)]
Terminate the loop in find_authdata_1 if we get an error in one of the
iterations.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23382 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoRemove the non-iov entry point introduced in r23378, since it's easy
Greg Hudson [Sun, 29 Nov 2009 23:13:57 +0000 (23:13 +0000)]
Remove the non-iov entry point introduced in r23378, since it's easy
to use the iov entry point at both call sites.  Rename the iov entry
point to remove the "_iov" suffix since it's no longer needed to
disambiguate.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23381 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoAvoid using strncpy in the production of the arcfour salt because it
Greg Hudson [Sun, 29 Nov 2009 15:43:29 +0000 (15:43 +0000)]
Avoid using strncpy in the production of the arcfour salt because it
produces a (spurious) Coverity defect.  Fix a memory leak in
krb5int_arcfour_encrypt.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23380 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoAdd do-while(0) around multi-statement macros in f_tables.h for more
Greg Hudson [Sun, 29 Nov 2009 15:32:28 +0000 (15:32 +0000)]
Add do-while(0) around multi-statement macros in f_tables.h for more
consistent and elegant emacs auto-formatting.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23379 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoCreate functional internal interfaces to allow GSSAPI to perform
Greg Hudson [Sat, 28 Nov 2009 23:10:31 +0000 (23:10 +0000)]
Create functional internal interfaces to allow GSSAPI to perform
arcfour encryption of GSS tokens.  This factors out derivation of
the usage and encryption keys, and removes the need for the provider
structures to be visible to all of krb5 via k5-int.h.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23378 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoClean up the arcfour token encryption and decryption functions by
Greg Hudson [Sat, 28 Nov 2009 15:53:39 +0000 (15:53 +0000)]
Clean up the arcfour token encryption and decryption functions by
making use of newer convenience functions and by factoring out the
derivation of the usage and encryption keys.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23377 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoAdd a convenience inline function in k5-int.h to initialize a
Greg Hudson [Sat, 28 Nov 2009 15:51:45 +0000 (15:51 +0000)]
Add a convenience inline function in k5-int.h to initialize a
krb5_data structure with allocated memory.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23376 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoMark and reindent lib/crypto
Greg Hudson [Sat, 28 Nov 2009 00:43:34 +0000 (00:43 +0000)]
Mark and reindent lib/crypto

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23374 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoAdd krb5_key versions of the auth context key accessors, and use them
Greg Hudson [Fri, 27 Nov 2009 21:30:51 +0000 (21:30 +0000)]
Add krb5_key versions of the auth context key accessors, and use them
to simplify the gss-krb5 code a little bit.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23372 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoAllow null keys to be referenced (a no-op) for simpler "copying" of
Greg Hudson [Fri, 27 Nov 2009 21:15:53 +0000 (21:15 +0000)]
Allow null keys to be referenced (a no-op) for simpler "copying" of
keys which might or might not exist.  Consistent with allowing freeing
of null keys.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23371 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoExport krb5_k_reference_key since it's part of the public API
Greg Hudson [Fri, 27 Nov 2009 21:14:03 +0000 (21:14 +0000)]
Export krb5_k_reference_key since it's part of the public API

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23370 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoClean up the flow control in krb5int_send_tgs, and avoid setting the
Greg Hudson [Fri, 27 Nov 2009 20:38:28 +0000 (20:38 +0000)]
Clean up the flow control in krb5int_send_tgs, and avoid setting the
subkey output param when success is not guaranteed.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23369 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoIf krb5_init_creds_step is called on an already complete context,
Greg Hudson [Fri, 27 Nov 2009 19:30:29 +0000 (19:30 +0000)]
If krb5_init_creds_step is called on an already complete context,
return 0 rather than uninitialized stack garbage.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23368 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoMove the arcfour directory from the crypto module dirs into krb. This
Greg Hudson [Fri, 27 Nov 2009 09:15:50 +0000 (09:15 +0000)]
Move the arcfour directory from the crypto module dirs into krb.  This
directory contains the token encryption code (similar to dk, old, and
raw) which is Kerberos-specific.  The actual stream cipher lives in
enc_provider/rc4.c, which is still in the module dirs.

arcfour/arcfour-int.h contained the definitions of some structures
used only in enc_provider/rc4.c.  Move those definitions into that
source file so that everything in arcfour is at the right level of
abstraction to live in krb.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23367 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoMake depend
Greg Hudson [Fri, 27 Nov 2009 09:10:47 +0000 (09:10 +0000)]
Make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23366 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoAdd krb5_k_prf, the krb5_key version of krb5_c_prf
Greg Hudson [Fri, 27 Nov 2009 00:00:06 +0000 (00:00 +0000)]
Add krb5_k_prf, the krb5_key version of krb5_c_prf

ticket: 6576

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23365 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoClean up a few cases where krb5_get_in_tkt_with_keytab would leak the
Greg Hudson [Thu, 26 Nov 2009 23:23:11 +0000 (23:23 +0000)]
Clean up a few cases where krb5_get_in_tkt_with_keytab would leak the
options structure.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23363 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoPullup to 1.7-branch is only for the test case, as krb5-1.7 behaved
Tom Yu [Thu, 26 Nov 2009 03:54:59 +0000 (03:54 +0000)]
Pullup to 1.7-branch is only for the test case, as krb5-1.7 behaved
correctly for these checksums.

Fix regression in MD4-DES and MD5-DES keyed checksums.  The original
key was being used for the DES encryption, not the "xorkey".  (key
with each byte XORed with 0xf0)

Add a test case that will catch future regressions of this sort, by
including a verification of a "known-good" checksum (derived from a
known-to-be-interoperable version of the implementation).

ticket: 6584
target_version: 1.7.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23361 dc483132-0cff-0310-8789-dd5450dbe970

14 years agolibkrb5 support for non-blocking AS requests
Greg Hudson [Thu, 26 Nov 2009 00:05:08 +0000 (00:05 +0000)]
libkrb5 support for non-blocking AS requests

Merge Luke's iakerb-libkrb5-as-only branch into trunk with several bug
fixes.  Adds support for the krb5_init_creds APIs (same as Heimdal's)
which allow AS requests to be performed via a different transport than
the blocking send_to_kdc.

ticket: 6586

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23358 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoDefer the conversion of the gic options structure to the extended form
Greg Hudson [Wed, 25 Nov 2009 23:09:07 +0000 (23:09 +0000)]
Defer the conversion of the gic options structure to the extended form
until we reach krb5_get_init_creds.  Rename that function to
krb5int_get_init_creds since it isn't public.  Also stop exporting it.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23357 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoCoding Style related fixes
Zhanna Tsitkov [Wed, 25 Nov 2009 19:03:29 +0000 (19:03 +0000)]
Coding Style related fixes

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23356 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoIn krb5_db2_db_init, make a format string constant to make Coverity
Greg Hudson [Wed, 25 Nov 2009 14:36:05 +0000 (14:36 +0000)]
In krb5_db2_db_init, make a format string constant to make Coverity
happy.  (Previously it was a disjunction of two constants, which is
fine, but not as obviously safe to a static analysis tool.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23355 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoMark and reindent the pkinit plugin code, except for the header files
Greg Hudson [Wed, 25 Nov 2009 00:23:57 +0000 (00:23 +0000)]
Mark and reindent the pkinit plugin code, except for the header files
which are kind of difficult.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23354 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoMark and reindent plugins, except for pkinit, which needs a little
Greg Hudson [Tue, 24 Nov 2009 23:52:25 +0000 (23:52 +0000)]
Mark and reindent plugins, except for pkinit, which needs a little
cleanup first.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23353 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoRemove krb5_ prefix from the name of the static func get_as_key_keytab. Reindent
Zhanna Tsitkov [Tue, 24 Nov 2009 21:08:00 +0000 (21:08 +0000)]
Remove krb5_ prefix from the name of the static func get_as_key_keytab. Reindent

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23352 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoMark and reindent what's left of the appl directory
Greg Hudson [Tue, 24 Nov 2009 17:46:45 +0000 (17:46 +0000)]
Mark and reindent what's left of the appl directory

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23342 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoRemove appl man pages from the list of pages to convert in the doc
Greg Hudson [Tue, 24 Nov 2009 15:43:16 +0000 (15:43 +0000)]
Remove appl man pages from the list of pages to convert in the doc
build system.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23341 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoFix boilerplate in zap.c
Greg Hudson [Tue, 24 Nov 2009 03:11:22 +0000 (03:11 +0000)]
Fix boilerplate in zap.c

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23340 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoPunt the volatile cast in the non-gcc, non-Windows version of zap.
Greg Hudson [Tue, 24 Nov 2009 01:25:10 +0000 (01:25 +0000)]
Punt the volatile cast in the non-gcc, non-Windows version of zap.
Use a function call into libkrb5support instead, since that's hard to
inline.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23339 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoKDC MUST NOT accept ap-request armor in FAST TGS
Sam Hartman [Tue, 24 Nov 2009 01:05:30 +0000 (01:05 +0000)]
KDC MUST NOT accept ap-request armor in FAST TGS

Per the latest preauth framework spec, the working group has decided
to forbid ap-request armor in the TGS request because of security
problems with that armor type.

This commit was tested against an implementation of FAST TGS client to
confirm that if explicit armor is sent, the request is rejected.

ticket: 6585
target_version: 1.7.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23325 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoExpand comments around 'zap' code
Ken Raeburn [Tue, 24 Nov 2009 00:03:19 +0000 (00:03 +0000)]
Expand comments around 'zap' code

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23319 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoSimplify depfix.pl by assuming that all files outside of the source
Greg Hudson [Mon, 23 Nov 2009 20:52:16 +0000 (20:52 +0000)]
Simplify depfix.pl by assuming that all files outside of the source
and build directory (after substitutions) are external headers which
should not be tracked.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23314 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoCheck return value of gethostname in krb5_klog_init
Greg Hudson [Mon, 23 Nov 2009 19:24:42 +0000 (19:24 +0000)]
Check return value of gethostname in krb5_klog_init

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23313 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoMake zap() work with non-gcc C++ compilers.
Greg Hudson [Sun, 22 Nov 2009 19:11:53 +0000 (19:11 +0000)]
Make zap() work with non-gcc C++ compilers.
Eliminate the intermediate name krb5int_zap_data.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23311 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoRemove discussion of the unbundled applications from the install
Greg Hudson [Sun, 22 Nov 2009 18:44:46 +0000 (18:44 +0000)]
Remove discussion of the unbundled applications from the install
guide.

ticket: 6583

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23310 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoUpdate the build system documentation:
Greg Hudson [Sun, 22 Nov 2009 18:20:36 +0000 (18:20 +0000)]
Update the build system documentation:
  * The test suite no longer requires root.
  * appl no longer contains what it used to contain.
  * Mention --disable-rpath as an alternative for make check.

ticket: 6583
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23309 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoConsolidate Makefile variables now that we have only a single global
Greg Hudson [Sun, 22 Nov 2009 18:13:29 +0000 (18:13 +0000)]
Consolidate Makefile variables now that we have only a single global
configure script:
    $(SRCTOP) --> $(top_srcdir)
    $(srcdir)/$(thisconfigdir) --> $(top_srcdir)
    $(thisconfigdir) --> $(BUILDTOP)
    $(myfulldir) --> $(mydir)

ticket: 6583
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoRemove functions from aclocal.m4 which are no longer needed now that
Greg Hudson [Sun, 22 Nov 2009 17:00:45 +0000 (17:00 +0000)]
Remove functions from aclocal.m4 which are no longer needed now that
the applications are unbundled.

ticket: 6583
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23306 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoUnbundle applications into separate repository
Greg Hudson [Sun, 22 Nov 2009 14:58:54 +0000 (14:58 +0000)]
Unbundle applications into separate repository

Remove libpty, gssftp, telnet, and the bsd applications from the
source tree, build system, and tests.

Docs still need to be updated to remove mentions of the applications.
The build system should be simplified now that we're down to one
configure script and don't need some of the functionality currently in
aclocal.m4.

ticket: 6583
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23305 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoIn _kadm5_init_any on error - if we created a cache entry, destroy it
Ezra Peisach [Sun, 22 Nov 2009 04:54:47 +0000 (04:54 +0000)]
In _kadm5_init_any on error - if we created a cache entry, destroy it
(parallel to kadm5_destroy code). Also - free config_params.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23300 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoClean up some memory leaks by releasing context
Ezra Peisach [Sun, 22 Nov 2009 04:26:48 +0000 (04:26 +0000)]
Clean up some memory leaks by releasing context

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23299 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoFor the moment, test for nullity of pointers returned by k5alloc
Greg Hudson [Sat, 21 Nov 2009 23:08:03 +0000 (23:08 +0000)]
For the moment, test for nullity of pointers returned by k5alloc
instead of result codes, to make Coverity happy.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23298 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoMemory leak in _kadm5_init_any introduced with ipropd
Ezra Peisach [Sat, 21 Nov 2009 04:50:55 +0000 (04:50 +0000)]
Memory leak in _kadm5_init_any introduced with ipropd

Fix minor memory leak introduced by the ipropd integration.

ticket: 6582

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23296 dc483132-0cff-0310-8789-dd5450dbe970

14 years agoCorrect argument to kadm5_get_principal is a pointer to a struct - not
Ezra Peisach [Fri, 20 Nov 2009 20:55:34 +0000 (20:55 +0000)]
Correct argument to kadm5_get_principal is a pointer to a struct - not
a pointer to a pointer.... Does not really matter as the field is not used -
this test program expects a failer.

Clean up memory leaks by freeing principal and releasing context.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23295 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoThe size of kadm5_server_handle_rec differs between the client and
Ezra Peisach [Fri, 20 Nov 2009 03:42:40 +0000 (03:42 +0000)]
The size of kadm5_server_handle_rec differs between the client and
server code. Valgrind picked up on access past end of allocated
structure.  Include proper internal header in client/server test.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23294 dc483132-0cff-0310-8789-dd5450dbe970

15 years agokrb5_free_ad_signedpath must free outer structure
Luke Howard [Thu, 19 Nov 2009 21:59:23 +0000 (21:59 +0000)]
krb5_free_ad_signedpath must free outer structure

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23293 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoPut krb5_auth_con_set_req_cksumtype back in the public API, since it
Greg Hudson [Thu, 19 Nov 2009 16:27:47 +0000 (16:27 +0000)]
Put krb5_auth_con_set_req_cksumtype back in the public API, since it
is needed by the BSD applications which will be unbundled in 1.8.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23292 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoMinor reindent fix
Zhanna Tsitkov [Wed, 18 Nov 2009 16:38:24 +0000 (16:38 +0000)]
Minor reindent fix

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23287 dc483132-0cff-0310-8789-dd5450dbe970

15 years agominor reindent
Zhanna Tsitkov [Wed, 18 Nov 2009 15:55:02 +0000 (15:55 +0000)]
minor reindent

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23286 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoRework using "do { } while (0)" in macro bodies to avoid divergent
Tom Yu [Tue, 17 Nov 2009 01:21:31 +0000 (01:21 +0000)]
Rework using "do { } while (0)" in macro bodies to avoid divergent
emacs-22 vs emacs-23 indentation.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23252 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoClean up some open-parenthesis problems, and reindent
Tom Yu [Mon, 16 Nov 2009 22:32:40 +0000 (22:32 +0000)]
Clean up some open-parenthesis problems, and reindent

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23246 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoTypo fix
Zhanna Tsitkov [Mon, 16 Nov 2009 18:09:26 +0000 (18:09 +0000)]
Typo fix

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23238 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoRemove unreferred krb5int_keyhash_aescbc_xxx. Cleaner krb5int_keyhash_md5_hmac init
Zhanna Tsitkov [Mon, 16 Nov 2009 17:30:09 +0000 (17:30 +0000)]
Remove unreferred krb5int_keyhash_aescbc_xxx. Cleaner krb5int_keyhash_md5_hmac init

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23237 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoFix coding style in lib/krb5/asn.1, remove from exclusions, and
Tom Yu [Mon, 16 Nov 2009 16:48:37 +0000 (16:48 +0000)]
Fix coding style in lib/krb5/asn.1, remove from exclusions, and
reindent.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23236 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoMove prototypes for krb5int_send_tgs and krb5int_decode_tgs_rep to int-proto.h.
Ezra Peisach [Mon, 16 Nov 2009 01:49:21 +0000 (01:49 +0000)]
Move prototypes for krb5int_send_tgs and krb5int_decode_tgs_rep to int-proto.h.
These functions are not exported by the library.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23232 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoMove krb5int_get_fq_local_hostname to os-proto.h. Not exported
Ezra Peisach [Sun, 15 Nov 2009 01:38:41 +0000 (01:38 +0000)]
Move krb5int_get_fq_local_hostname to os-proto.h.  Not exported

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23188 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoMoved krb5int_sendto prototype to os-proto.h. This function is not exported
Ezra Peisach [Sun, 15 Nov 2009 00:51:21 +0000 (00:51 +0000)]
Moved krb5int_sendto prototype to os-proto.h.  This function is not exported
from libkrb5 - so the rest of the world does not need to see it.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23186 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoAdd an exception for include/iprop.h and revert its reformatting,
Greg Hudson [Sun, 15 Nov 2009 00:19:36 +0000 (00:19 +0000)]
Add an exception for include/iprop.h and revert its reformatting,
since it was generated with rpcgen.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23185 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoFix typos in previous
Tom Yu [Sat, 14 Nov 2009 19:24:39 +0000 (19:24 +0000)]
Fix typos in previous

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23182 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoReindent include directory, reformatting prototypes as necessary.
Greg Hudson [Sat, 14 Nov 2009 18:56:43 +0000 (18:56 +0000)]
Reindent include directory, reformatting prototypes as necessary.
Exclude include/gssrpc due to its Sun origin and k5-platform.h due to
macros too hairy for emacs c-mode to handle.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23180 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoRemove include/krb54proto.h as it is no longer used
Greg Hudson [Sat, 14 Nov 2009 15:24:56 +0000 (15:24 +0000)]
Remove include/krb54proto.h as it is no longer used

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23163 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoConstrained delegation without PAC support
Greg Hudson [Sat, 14 Nov 2009 04:46:30 +0000 (04:46 +0000)]
Constrained delegation without PAC support

Merge Luke's users/lhoward/s4u2proxy branch to trunk.  Implements a
Heimdal-compatible mechanism for allowing constrained delegation
without back-end support for PACs.  Back-end support exists in LDAP
only (via a new krbAllowedToDelegateTo attribute), not DB2.

ticket: 6580

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23160 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoIn lib/krb5/rcache, ensure that function definition headers put the
Greg Hudson [Fri, 13 Nov 2009 00:28:30 +0000 (00:28 +0000)]
In lib/krb5/rcache, ensure that function definition headers put the
function name at the beginning of the line.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23157 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoTypo fix
Zhanna Tsitkov [Thu, 12 Nov 2009 20:22:53 +0000 (20:22 +0000)]
Typo fix

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23154 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoPost-great-reindent check. Part II
Zhanna Tsitkov [Thu, 12 Nov 2009 20:17:34 +0000 (20:17 +0000)]
Post-great-reindent check. Part II

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23153 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoRestore the local variable type
Zhanna Tsitkov [Thu, 12 Nov 2009 19:31:33 +0000 (19:31 +0000)]
Restore the local variable type

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23152 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoPost-great-reindent check. Part I
Zhanna Tsitkov [Thu, 12 Nov 2009 19:12:51 +0000 (19:12 +0000)]
Post-great-reindent check. Part I

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23151 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoFor iprop test, reduce expected attribute change count to reflect the three
Luke Howard [Wed, 11 Nov 2009 12:04:27 +0000 (12:04 +0000)]
For iprop test, reduce expected attribute change count to reflect the three
non-replicated attributes: last_success, last_failed and fail_auth_count.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23149 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoIn lib/krb5/keytab, ensure that function definition headers have
Greg Hudson [Tue, 10 Nov 2009 19:59:39 +0000 (19:59 +0000)]
In lib/krb5/keytab, ensure that function definition headers have
function names at the beginning of lines, and avoid putting open
parentheses at the beginning of lines in function prototypes.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23148 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoRemove the unnecessary src/lib/glue4.c
Greg Hudson [Tue, 10 Nov 2009 18:40:10 +0000 (18:40 +0000)]
Remove the unnecessary src/lib/glue4.c

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23147 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoRemove src/lib/crypto/krb/enc_provider, which was accidentally
Greg Hudson [Tue, 10 Nov 2009 16:57:27 +0000 (16:57 +0000)]
Remove src/lib/crypto/krb/enc_provider, which was accidentally
resurrected (again) in r22875 when merging the authdata branch to the
trunk.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23146 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoRevise patch to avoid using changequote
Ken Raeburn [Mon, 9 Nov 2009 16:56:01 +0000 (16:56 +0000)]
Revise patch to avoid using changequote

ticket: 6579

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23145 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoquoting bug causes solaris pre-10 thread handling bugs
Ken Raeburn [Mon, 9 Nov 2009 06:13:34 +0000 (06:13 +0000)]
quoting bug causes solaris pre-10 thread handling bugs

Quoting problems in pattern matching on the OS name cause Solaris
versions up through 9 to not be properly recognized in the
thread-system configuration setup.  This causes our libraries to make
the erroneous assumption that valid thread support routines are
available on all Solaris systems, rather than just assuming it for
Solaris 10 and later.

The result is assertion failures like this one reported by Meraj
Mohammed and others:

  Assertion failed: k5int_i->did_run != 0, file krb5_libinit.c, line 63

Thanks to Tom Shaw for noticing the cause of the problem.

The bug may be present in the 1.6.x series as well.

ticket: 6579
target_version: 1.7.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23144 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoDon't flush stdout so much. Calculate and display some more averages
Ken Raeburn [Sat, 7 Nov 2009 00:14:37 +0000 (00:14 +0000)]
Don't flush stdout so much.  Calculate and display some more averages

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23142 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoDelay start of test until the start of a new second on the system
Ken Raeburn [Sat, 7 Nov 2009 00:14:33 +0000 (00:14 +0000)]
Delay start of test until the start of a new second on the system
clock.  Print per-thread stats only once.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23141 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoReformat some open-paren issues. Remove kprop.c and kpropd.c from
Tom Yu [Fri, 6 Nov 2009 23:29:12 +0000 (23:29 +0000)]
Reformat some open-paren issues.  Remove kprop.c and kpropd.c from
exclusions.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23140 dc483132-0cff-0310-8789-dd5450dbe970

15 years agoChange INIT_ONCE compile-time flag into a run-time option. Delete
Ken Raeburn [Fri, 6 Nov 2009 20:17:00 +0000 (20:17 +0000)]
Change INIT_ONCE compile-time flag into a run-time option.  Delete
DIRECT support; always create threads.  Allow setting of test interval
and number of threads via run-time options.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23139 dc483132-0cff-0310-8789-dd5450dbe970