krb5.git
13 years agoIn pkinit_crypto_openssl.c, modified pkinit_octetstring2key() to
Sam Hartman [Mon, 19 Sep 2011 00:34:48 +0000 (00:34 +0000)]
In pkinit_crypto_openssl.c, modified pkinit_octetstring2key() to
eliminate a possible memory leak in the error path, where the
key_block->length was set to zero but the key_block->contents were
not freed.  Also, changed calloc() call to a malloc() call to avoid
allocating up to 8 times as much buffer space as needed.

In keyblocks.c, modified kr5_free_keyblock_contents() to set the
key->length to zero after the key->contents have been freed.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25189 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoIn order for asn1_encode_oid to be called from DEFLENFNTYPE it needs
Sam Hartman [Mon, 19 Sep 2011 00:34:44 +0000 (00:34 +0000)]
In order for asn1_encode_oid to be called from DEFLENFNTYPE it needs
to take void * like all the other string encoders.

asn1_encode_oid: take void not asn1_octet

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25188 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoasn1_encode.{c,h}: support DEFOCTETWRAPTYPE
Sam Hartman [Mon, 19 Sep 2011 00:34:40 +0000 (00:34 +0000)]
asn1_encode.{c,h}: support DEFOCTETWRAPTYPE

Support a way of defining a type that indicates that the DER encoding
of some other type is wrapped inside an octet string in a produced
encoding.  To support this, support encoding of tagged things where
the class is not constructed; in this case it will be primitive.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25187 dc483132-0cff-0310-8789-dd5450dbe970

13 years agopkinit: client: Use SignedData for anonymous
Sam Hartman [Mon, 19 Sep 2011 00:34:36 +0000 (00:34 +0000)]
pkinit: client: Use SignedData for anonymous

Per RFc 6112 use SignedData not ContentInfo for anonymous when the KDC
offers support for PKINIT_KX padata.

ticket: 6962

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25186 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix pkinit warnings
Sam Hartman [Mon, 19 Sep 2011 00:34:31 +0000 (00:34 +0000)]
Fix pkinit warnings

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25185 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoSupport pkinit: SignedData with no signers (KDC)
Sam Hartman [Mon, 19 Sep 2011 00:34:25 +0000 (00:34 +0000)]
Support pkinit: SignedData with no signers (KDC)

For anonymous, MIT 1.9 sends
ContentInfo rather than SignedData. This violates RFc 6112. This patch accepts the RFC 6112 style encoding.

ticket: 6961

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25184 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoDrop code for finding top source directory among several
Ken Raeburn [Sun, 18 Sep 2011 09:43:33 +0000 (09:43 +0000)]
Drop code for finding top source directory among several
possibilities, since with only one configure script now, we know
exactly where it is.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25183 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoDon't check for memmove, inet_ntoa, inet_aton, pthread.h, or
Ken Raeburn [Sun, 18 Sep 2011 09:43:30 +0000 (09:43 +0000)]
Don't check for memmove, inet_ntoa, inet_aton, pthread.h, or
semaphore.h, since the results of the tests are never used.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25182 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd invocations of AC_LANG_SOURCE to deal with autoconf 2.68 warning
Ken Raeburn [Sun, 18 Sep 2011 09:43:25 +0000 (09:43 +0000)]
Add invocations of AC_LANG_SOURCE to deal with autoconf 2.68 warning
messages.  Verified to produce the same configure script (under
autoconf 2.68 on Mac OS X) as before.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25181 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix a typo in r25026
Greg Hudson [Thu, 15 Sep 2011 20:00:15 +0000 (20:00 +0000)]
Fix a typo in r25026

A stray "p" was added to krb5_init_context_profile() inside a _WIN32
block.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25180 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix terminate_workers() in the KDC
Greg Hudson [Wed, 14 Sep 2011 19:00:39 +0000 (19:00 +0000)]
Fix terminate_workers() in the KDC

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25179 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoSimplify terminate_workers() in the KDC
Greg Hudson [Wed, 14 Sep 2011 16:12:39 +0000 (16:12 +0000)]
Simplify terminate_workers() in the KDC

Fixes a bug where we wait for one too many workers to terminate after
one of them crashes.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25178 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoSet up monitor signal handlers before forking
Greg Hudson [Wed, 14 Sep 2011 16:12:36 +0000 (16:12 +0000)]
Set up monitor signal handlers before forking

This avoids a race condition where a child reports "starting..." and
begins to service requests before the monitor is ready to handle
termination signals.  Really only an issue for the test suite.  From
npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25177 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoSplit signal setup into loop_setup_signals()
Greg Hudson [Wed, 14 Sep 2011 16:12:33 +0000 (16:12 +0000)]
Split signal setup into loop_setup_signals()

In the KDC, set up signals in the worker process child after forking
from the monitor process.  From npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25176 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoReinitialize verto after creating worker child
Greg Hudson [Wed, 14 Sep 2011 16:12:29 +0000 (16:12 +0000)]
Reinitialize verto after creating worker child

Also mark fd events as reinitiable so they survive the fork.  From
npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25175 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUpdate verto sources to 2011-09-14 versions
Greg Hudson [Wed, 14 Sep 2011 16:12:25 +0000 (16:12 +0000)]
Update verto sources to 2011-09-14 versions

Also add verto_reinitialize to libverto exports (missed in the last
update).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25174 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix verto-k5ev.h dependencies for system libverto
Greg Hudson [Wed, 14 Sep 2011 15:22:11 +0000 (15:22 +0000)]
Fix verto-k5ev.h dependencies for system libverto

When we build with the internal verto, we include verto-k5ev.h in
order to create loops.  When we build with the system verto, we don't
include that header file.  Add depfix logic and pre.in variables to
avoid depending on verto-k5ev.h for a system verto build.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25173 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUpdate verto sources to 2011-09-10 versions
Greg Hudson [Mon, 12 Sep 2011 16:08:04 +0000 (16:08 +0000)]
Update verto sources to 2011-09-10 versions

Also update verto-k5ev.c to match changes to verto-libev.c.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25172 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoWait before killing daemons in interactive k5test
Greg Hudson [Sat, 10 Sep 2011 22:58:55 +0000 (22:58 +0000)]
Wait before killing daemons in interactive k5test

If k5test is invoked with any stop, wait, or debug options, wait for
input before killing daemons, in case a daemon is being debugged.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25171 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix verto.h dependencies for system libverto
Greg Hudson [Fri, 9 Sep 2011 21:02:55 +0000 (21:02 +0000)]
Fix verto.h dependencies for system libverto

When we have conditionally built bundled source, we need logic in
depfix.pl and variables in pre.in to avoid depending on the bundled
verto.h in generated dependencies.  Add that logic for verto.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25170 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFall back to EV_USE_SELECT
Tom Yu [Wed, 7 Sep 2011 21:31:48 +0000 (21:31 +0000)]
Fall back to EV_USE_SELECT

ev.c explicitly disables poll() on Mac and FreeBSD, which left our
standalone version without any working back ends on Mac OS X, for
example.  Fall back to using select() on these platforms.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25169 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix some error-handling bugs in cc_dir.c
Greg Hudson [Wed, 7 Sep 2011 19:10:25 +0000 (19:10 +0000)]
Fix some error-handling bugs in cc_dir.c

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25168 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoGo back to symlinks for liblinks
Greg Hudson [Tue, 6 Sep 2011 23:23:43 +0000 (23:23 +0000)]
Go back to symlinks for liblinks

Now that we're not using dynamic loading for libverto-k5ev, we don't
need to use hard links for liblinks, and using them would interfere
with an AFS build tree.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25167 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoChange how bundled libverto is linked
Greg Hudson [Tue, 6 Sep 2011 23:23:39 +0000 (23:23 +0000)]
Change how bundled libverto is linked

Give libverto-k5ev a header file.  When using the internal verto
library, link against -lverto-k5ev and use verto_default_k5ev()
instead of verto_default(), bypassing the module loading logic and
making static builds possible.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25166 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix t_ccselect bugs
Greg Hudson [Tue, 6 Sep 2011 16:03:37 +0000 (16:03 +0000)]
Fix t_ccselect bugs

initiator_cred wasn't initialized if no second arg was given.
t_ccselect wasn't removed on make clean.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25165 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix several bugs in gss-krb5 inq_cred
Greg Hudson [Tue, 6 Sep 2011 15:14:10 +0000 (15:14 +0000)]
Fix several bugs in gss-krb5 inq_cred

cred could be used uninitialized if krb5_timeofday() failed.  defcred
had the wrong type.  kg_cred_resolve() should be used instead of
krb5_gss_validate_cred() to do delayed name/ccache resolution and get
a lock.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25164 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoNewer GCCs optimizer catches a variable used without initialization
Ezra Peisach [Tue, 6 Sep 2011 11:34:32 +0000 (11:34 +0000)]
Newer GCCs optimizer catches a variable used without initialization
in the bison library code. Use a GCC pragma to suppress.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25163 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUpdate kerberos man page
Greg Hudson [Mon, 5 Sep 2011 16:37:13 +0000 (16:37 +0000)]
Update kerberos man page

Remove references to the unbundled applications.  Add documentation of
environment variables.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25162 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUse a .so redirect for .k5login.5
Greg Hudson [Mon, 5 Sep 2011 16:36:44 +0000 (16:36 +0000)]
Use a .so redirect for .k5login.5

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25161 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoMake gss-krb5 use cache collection
Greg Hudson [Mon, 5 Sep 2011 16:35:40 +0000 (16:35 +0000)]
Make gss-krb5 use cache collection

For default credentials, defer ccache resolution until we need the
information.  If this happens in init_sec_context when we have the
target principal in hand, use krb5_cc_select() to pick a cache.  If
the target principal is not known, use the default cache.

For credentials with a specified principal, use krb5_cc_cache_match()
to find the cache.  If no cache is found and a password is specified,
create a new cache within the collection to hold the new credentials,
if the default cache type supports a collection.

ticket: 6958

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25160 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRefactor gss-krb5 acquire_init_cred
Greg Hudson [Mon, 5 Sep 2011 16:34:35 +0000 (16:34 +0000)]
Refactor gss-krb5 acquire_init_cred

These changes have no functional impact, but will allow the GSSAPI
changes for credential selection to be made with a minimum of code
movement.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25159 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd krb5_cc_select() API and pluggable interface
Greg Hudson [Mon, 5 Sep 2011 16:33:49 +0000 (16:33 +0000)]
Add krb5_cc_select() API and pluggable interface

The interface has two built-in modules.  The realm module guesses a
cache based on the server realm if it is known.  The k5identity module
(Unix only) chooses a client principal based on rules in a .k5identity
file in the user's homedir.

ticket: 6957

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25158 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd ccache collection support to tools
Greg Hudson [Mon, 5 Sep 2011 16:26:48 +0000 (16:26 +0000)]
Add ccache collection support to tools

* "kdestroy -A" destroys all caches in collection.
* "kinit princ" searches the collection for a matching cache and
  overwrites it, or creates a new cache in the collection, if the
  type of the default cache is collection-enabled.  The chosen cache
  also becomes the primary cache for the collection.
* "klist -l" lists (in summary form) the caches in the collection.
* "klist -A" lists the content of all of the caches in the collection.
* "kswitch -c cache" (new command) makes cache the primary cache.
* "kswitch -p princ" makes the cache for princ the primary cache.

ticket: 6956

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25157 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemove unneeded cccol behaviors
Greg Hudson [Mon, 5 Sep 2011 16:26:43 +0000 (16:26 +0000)]
Remove unneeded cccol behaviors

Do not yield any default caches in the top level cccol implementation.
In the FILE type, yield the default cache if it exists and is of type
FILE, instead of yielding the set of open file caches.

ticket: 6955

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25156 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd new cache collection APIs
Greg Hudson [Mon, 5 Sep 2011 16:26:37 +0000 (16:26 +0000)]
Add new cache collection APIs

* krb5_cc_get_full_name retrieves the full type:name of a cache.
* krb5_cc_switch makes a cache the primary cache.
* krb5_cc_cache_match searches the collection for a client principal.
* krb5_free_string releases a string (for the krb5_cc_get_full_name
  result).

All of these are from Heimdal except for krb5_free_string (Heimdal uses
krb5_xfree).

ticket: 6954

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25155 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd the DIR ccache type
Greg Hudson [Mon, 5 Sep 2011 16:26:30 +0000 (16:26 +0000)]
Add the DIR ccache type

The DIR ccache type supports a collection of credential caches within
a private directory (which must be created out of band).  One cache is
designated as primary at any given time.  Setting the default cache
name to DIR:dirname will cause caches within dirname to be present in
the global cache collection.

ticket: 6953

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25154 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd fnmatch support to libkrb5support
Greg Hudson [Mon, 5 Sep 2011 16:26:25 +0000 (16:26 +0000)]
Add fnmatch support to libkrb5support

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25153 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoEliminate the mechglue union cred auxinfo field
Greg Hudson [Mon, 5 Sep 2011 16:07:48 +0000 (16:07 +0000)]
Eliminate the mechglue union cred auxinfo field

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25152 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoInitialize some more variables
Ken Raeburn [Mon, 5 Sep 2011 09:45:49 +0000 (09:45 +0000)]
Initialize some more variables

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25151 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUse hard links for LIBLINKS
Greg Hudson [Mon, 5 Sep 2011 03:13:07 +0000 (03:13 +0000)]
Use hard links for LIBLINKS

verto uses dladdr() to figure out where it should look for modules,
and dladdr may or may not follow symlinks.  Hard links ensure that it
always looks in the directory where liblinks are, allowing it to find
the verto-k5ev module.

Make symlinks within the lib directory for .so and .so.X instead of
symlinking those back to the library build directory.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25150 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoEnable -Werror=uninitialized if supported
Ken Raeburn [Mon, 5 Sep 2011 01:58:53 +0000 (01:58 +0000)]
Enable -Werror=uninitialized if supported

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25149 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoInstead of passing a 0 to add_new_mkey for kvno and leaving
Ken Raeburn [Mon, 5 Sep 2011 01:58:48 +0000 (01:58 +0000)]
Instead of passing a 0 to add_new_mkey for kvno and leaving
new_mkey_kvno (used when stashing) uninitialized, use get_next_kvno to
set the latter to the only non-zero value that add_new_mkey will
accept.

ticket: 6617

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25148 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix "may be used uninitialized" warnings in db2 code, even though all
Ken Raeburn [Mon, 5 Sep 2011 01:22:03 +0000 (01:22 +0000)]
Fix "may be used uninitialized" warnings in db2 code, even though all
such cases appear to be safe.  This will permit making
uninitialized-variable messages fatal.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25147 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoSilence various "may be used uninitialized" warnings from GCC caused
Ken Raeburn [Mon, 5 Sep 2011 01:21:55 +0000 (01:21 +0000)]
Silence various "may be used uninitialized" warnings from GCC caused
by it not figuring out the control flow (initialization and use both
tied to some other variable).

DB2 code not included.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25146 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoChange output type of pkinit_init_kdc_req_context so as not to require
Ken Raeburn [Mon, 5 Sep 2011 01:21:50 +0000 (01:21 +0000)]
Change output type of pkinit_init_kdc_req_context so as not to require
gratuitous casting.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25145 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoReindent per krb5-batch-reindent.el.
Ken Raeburn [Sun, 4 Sep 2011 23:52:34 +0000 (23:52 +0000)]
Reindent per krb5-batch-reindent.el.
Some minor reformatting added in places to avoid exceeding 80 columns.
Used Emacs 22.1 built-in C mode.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoReindent per krb5-batch-reindent.el.
Ken Raeburn [Sun, 4 Sep 2011 23:52:25 +0000 (23:52 +0000)]
Reindent per krb5-batch-reindent.el.
Mostly changes column choice for backslashes.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25143 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoSkip redundant inclusion of iprop.h
Ken Raeburn [Sun, 4 Sep 2011 23:52:21 +0000 (23:52 +0000)]
Skip redundant inclusion of iprop.h

Suppress GCC's unused-variable diagnostic for purely generated code
using outside tools, known to have that issue but not ours to fix.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25142 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoGet rid of variables triggering gcc's "defined but not used"
Ken Raeburn [Sun, 4 Sep 2011 23:52:11 +0000 (23:52 +0000)]
Get rid of variables triggering gcc's "defined but not used"
complaints, almost entirely "rcsid" variables.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25141 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUntabify some files mistakenly created with tabs
Greg Hudson [Sun, 4 Sep 2011 22:13:30 +0000 (22:13 +0000)]
Untabify some files mistakenly created with tabs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25140 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoExclude some new outside sources from mark-cstyle
Greg Hudson [Sun, 4 Sep 2011 22:13:27 +0000 (22:13 +0000)]
Exclude some new outside sources from mark-cstyle

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25139 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoPrevent verto-k5ev from using clock_gettime
Greg Hudson [Sun, 4 Sep 2011 21:57:28 +0000 (21:57 +0000)]
Prevent verto-k5ev from using clock_gettime

Also remove k5ev.c, which shouldn't have been committed.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25138 dc483132-0cff-0310-8789-dd5450dbe970

13 years agomake depend
Ken Raeburn [Sun, 4 Sep 2011 04:29:47 +0000 (04:29 +0000)]
make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25137 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRename local variable "socket" to avoid the one shadowed-declaration
Ken Raeburn [Sun, 4 Sep 2011 04:29:43 +0000 (04:29 +0000)]
Rename local variable "socket" to avoid the one shadowed-declaration
warning I get in a simple GNU/Linux build.  Solaris may have others.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25136 dc483132-0cff-0310-8789-dd5450dbe970

13 years agodeclarations before code
Ken Raeburn [Sun, 4 Sep 2011 04:29:40 +0000 (04:29 +0000)]
declarations before code

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25135 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix pointer type in net-server.c:make_event()
Greg Hudson [Sun, 4 Sep 2011 04:03:44 +0000 (04:03 +0000)]
Fix pointer type in net-server.c:make_event()

We use void pointers as temporaries in other uses of ADD(), so do so
here as well.  The type-safe type would be verto_ev **.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25134 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix arg list for dummy version of setup_udp_pktinfo_ports
Ken Raeburn [Sun, 4 Sep 2011 03:33:35 +0000 (03:33 +0000)]
Fix arg list for dummy version of setup_udp_pktinfo_ports

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25133 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoMigrate net-server loop to use libverto
Greg Hudson [Fri, 2 Sep 2011 17:07:59 +0000 (17:07 +0000)]
Migrate net-server loop to use libverto

From npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25132 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemove vestigial reset_db() in kadmind
Greg Hudson [Fri, 2 Sep 2011 17:07:57 +0000 (17:07 +0000)]
Remove vestigial reset_db() in kadmind

From npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25131 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemove ancient Purify support in kadmind
Greg Hudson [Fri, 2 Sep 2011 17:07:55 +0000 (17:07 +0000)]
Remove ancient Purify support in kadmind

From npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25130 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoDon't bother logging SIGPIPE in kadmind
Greg Hudson [Fri, 2 Sep 2011 17:07:52 +0000 (17:07 +0000)]
Don't bother logging SIGPIPE in kadmind

From npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25129 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd a loop_ prefix to net-server.c functions
Greg Hudson [Fri, 2 Sep 2011 17:07:49 +0000 (17:07 +0000)]
Add a loop_ prefix to net-server.c functions

From npmccallum@redhat.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25128 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoCreate k5ev verto module from libev sources
Greg Hudson [Fri, 2 Sep 2011 17:07:45 +0000 (17:07 +0000)]
Create k5ev verto module from libev sources

Add configure and build support for libverto and the libverto-k5ev
module.  Fix the version script rules to work for libraries with
hyphens in their names.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25127 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd libev 4.04 sources in util/k5ev
Greg Hudson [Fri, 2 Sep 2011 17:07:40 +0000 (17:07 +0000)]
Add libev 4.04 sources in util/k5ev

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25126 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdd libverto sources in util/verto
Greg Hudson [Fri, 2 Sep 2011 17:07:35 +0000 (17:07 +0000)]
Add libverto sources in util/verto

These are from the source repository as of 2011-08-24, since there are
no formal releases yet.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25125 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoMake dejagnu tests work with non-FQDN hostname
Greg Hudson [Thu, 1 Sep 2011 22:02:32 +0000 (22:02 +0000)]
Make dejagnu tests work with non-FQDN hostname

By making an entry for $hostname in [domain_realm], we can relax the
requirement that the canonicalized local hostname must have a parent
domain.  This makes the test suite work more easily on Fedora.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25124 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix a klist example in the user guide
Greg Hudson [Thu, 1 Sep 2011 19:18:59 +0000 (19:18 +0000)]
Fix a klist example in the user guide

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25123 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoGet local hostname more precisely in k5test.py
Greg Hudson [Thu, 1 Sep 2011 17:33:11 +0000 (17:33 +0000)]
Get local hostname more precisely in k5test.py

socket.getfqdn() tries to produce a result containing a period, so it
may disagree with krb5_sname_to_principal's result--for example, in
Fedora's default DHCP configuration.  Use getaddrinfo and getnameinfo
calls mirroring krb5_sname_to_principal's logic instead.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25122 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix cross-realm traversal TGT requests
Greg Hudson [Thu, 1 Sep 2011 16:21:25 +0000 (16:21 +0000)]
Fix cross-realm traversal TGT requests

When requesting a cross-realm TGT, use the KDC instance of the current
TGT (the second data component), not the realm which the TGT came
from.

ticket: 6952
target_version: 1.9.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25121 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix connection termination bug in sendto_kdc
Greg Hudson [Thu, 1 Sep 2011 03:36:29 +0000 (03:36 +0000)]
Fix connection termination bug in sendto_kdc

When terminating a connection, close and invalidate conn->fd so that
we don't look for it in selstate on the next select or poll
invocation.  Looking for such an fd is harmless when using select, but
results in an assertion failure when using poll.

ticket: 6951

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25120 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoHave kinit, klist and klist_keytab in k5test.realm take keyword args
Tom Yu [Tue, 30 Aug 2011 21:30:11 +0000 (21:30 +0000)]
Have kinit, klist and klist_keytab in k5test.realm take keyword args

Apply patch from Linus Nordberg.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25119 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix a display bug in t_kgss_user
Greg Hudson [Mon, 29 Aug 2011 23:08:33 +0000 (23:08 +0000)]
Fix a display bug in t_kgss_user

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25118 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUpdate config.guess and config.status
Tom Yu [Mon, 29 Aug 2011 21:03:02 +0000 (21:03 +0000)]
Update config.guess and config.status

Copy in the latest config.guess and config.status from upstream git
master as of 2011-08-23.  Our previous version didn't recognize
Android.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25117 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix style issues in r25087
Greg Hudson [Mon, 29 Aug 2011 17:20:37 +0000 (17:20 +0000)]
Fix style issues in r25087

* Function names should be at the beginning of lines in definitions.
* Changes should not create lines >79 characters.
* Continuation lines should align after left parens when appropriate.

Also, krb5_gss_accept_sec_context_ext and acquire_accept_cred are
not gss mechanism functions and should not have been tagged.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25116 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemember and close the kadmin socket we opened
Greg Hudson [Fri, 26 Aug 2011 17:56:44 +0000 (17:56 +0000)]
Remember and close the kadmin socket we opened

Prior to ticket #6746, the RPC library opened the kadmin socket and
took responsibility for closing.  When we added IPv6 support, the
calling code became the owner of the socket but wasn't closing it,
resulting in a file descriptor leak.

ticket: 6949

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25115 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUpdate profile.swg to remove compilation warnings. profile_tcl.c
Ezra Peisach [Wed, 24 Aug 2011 21:33:47 +0000 (21:33 +0000)]
Update profile.swg to remove compilation warnings. profile_tcl.c
modified to remove spaces and tabs at end of line.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25114 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix signed/unsigned warnings in tests
Ezra Peisach [Wed, 24 Aug 2011 20:04:49 +0000 (20:04 +0000)]
Fix signed/unsigned warnings in tests

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25113 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoOnly build the po subdir if i18n is enabled
Greg Hudson [Wed, 24 Aug 2011 02:48:07 +0000 (02:48 +0000)]
Only build the po subdir if i18n is enabled

Also clean the built message catalogs in "make clean".

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25112 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUpdated "Ticket Policy operations" and eDir sections in "Operations on the LDAP datab...
Zhanna Tsitkov [Tue, 23 Aug 2011 15:45:29 +0000 (15:45 +0000)]
Updated "Ticket Policy operations" and eDir sections in "Operations on the LDAP database" documentation to reference kdb5_ldap_util subtopics

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25111 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoMinor reformating of kdb5_ldap_util documentation. Also, removed duplicates from...
Zhanna Tsitkov [Mon, 22 Aug 2011 20:24:07 +0000 (20:24 +0000)]
Minor reformating of kdb5_ldap_util documentation. Also, removed duplicates from ldap_operations documentation by referencing to kdb5_ldap_util documentation subsections

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25110 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemoved repetitive text from "Operations on the Kerberos database" sub-section of...
Zhanna Tsitkov [Mon, 22 Aug 2011 16:54:20 +0000 (16:54 +0000)]
Removed repetitive text from "Operations on the Kerberos database" sub-section of database administration section. Reference to kdb5_util commands documentation instead

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25109 dc483132-0cff-0310-8789-dd5450dbe970

13 years agomake-depend
Ken Raeburn [Sat, 20 Aug 2011 20:26:09 +0000 (20:26 +0000)]
make-depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25108 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUpdated documentation for ktadd/ktremove commands.
Zhanna Tsitkov [Fri, 19 Aug 2011 21:24:09 +0000 (21:24 +0000)]
Updated documentation for ktadd/ktremove commands.
Added usage example to  ktutil document.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25107 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemove setting a variable that is never used
Ezra Peisach [Fri, 19 Aug 2011 02:39:18 +0000 (02:39 +0000)]
Remove setting a variable that is never used

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25106 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemove variable set but unused
Ezra Peisach [Fri, 19 Aug 2011 02:38:31 +0000 (02:38 +0000)]
Remove variable set but unused

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25105 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemove an unused variable
Ezra Peisach [Fri, 19 Aug 2011 02:37:37 +0000 (02:37 +0000)]
Remove an unused variable

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25104 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemoved some text from the Database Administration section as it duplicated kadmin...
Zhanna Tsitkov [Wed, 17 Aug 2011 17:27:30 +0000 (17:27 +0000)]
Removed some text from the Database Administration section as it duplicated kadmin(1). Instead, used references to kadmin(1) sub-sections

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25103 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoGenerate man pages for krb5.conf and kdc.conf. For clearer reference in the man pages...
Zhanna Tsitkov [Tue, 16 Aug 2011 14:31:06 +0000 (14:31 +0000)]
Generate man pages for krb5.conf and kdc.conf. For clearer reference in the man pages, rename the x-ref label name in Supported Enc Types

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25102 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoMake data_eq_string work with const strings
Greg Hudson [Mon, 15 Aug 2011 20:29:07 +0000 (20:29 +0000)]
Make data_eq_string work with const strings

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25101 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAdded missing configuration options
Zhanna Tsitkov [Sat, 13 Aug 2011 02:39:24 +0000 (02:39 +0000)]
Added missing configuration options

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25100 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoRemoved unused "db_modules" and "preauth_module_dir" configuration options
Zhanna Tsitkov [Fri, 12 Aug 2011 18:18:00 +0000 (18:18 +0000)]
Removed unused  "db_modules" and "preauth_module_dir" configuration options

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25099 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix call to gss_inquire_cred from spnego_gss_acquire_cred_impersonate_name
Greg Hudson [Thu, 11 Aug 2011 16:37:55 +0000 (16:37 +0000)]
Fix call to gss_inquire_cred from spnego_gss_acquire_cred_impersonate_name

If desired_mechs is NULL (this should never happen when invoked from
the MIT mechglue), we call gss_inquire_cred to get a list of mechs.
This call needs to pass a union cred handle, not the SPNEGO handle we
got as input.  Reported by aberry@likewise.com.

ticket: 6945

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25098 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoFix major status handling in gss_acquire_cred
Greg Hudson [Thu, 11 Aug 2011 15:13:52 +0000 (15:13 +0000)]
Fix major status handling in gss_acquire_cred

If we have at least one cred element after the mech loop, reset major
before continuing on, or we could mistakenly return a failure status
from the last mech (and free the returned creds).  Reported by
aberry@likewise.com.

ticket: 6944

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25097 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoCorrectly dereference cred_handle when assigning to spcred in
Greg Hudson [Thu, 11 Aug 2011 15:03:28 +0000 (15:03 +0000)]
Correctly dereference cred_handle when assigning to spcred in
spnego_gss_set_cred_option.  Reported by aberry@likewise.com.

ticket: 6943
target_version: 1.9.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25096 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoUntabify k5_path test program
Greg Hudson [Thu, 11 Aug 2011 14:53:58 +0000 (14:53 +0000)]
Untabify k5_path test program

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25095 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoCleanup memory leak in test
Ezra Peisach [Thu, 11 Aug 2011 14:27:32 +0000 (14:27 +0000)]
Cleanup memory leak in test

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25094 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoAlphabetically arranged tags. Removed [login] section. Added missing db_module_dir...
Zhanna Tsitkov [Wed, 10 Aug 2011 21:19:48 +0000 (21:19 +0000)]
Alphabetically arranged tags. Removed [login] section. Added missing db_module_dir and pkinit_longhorn tags

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25093 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoClean up some ldap #define's
Zhanna Tsitkov [Wed, 10 Aug 2011 17:10:37 +0000 (17:10 +0000)]
Clean up some ldap #define's

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25092 dc483132-0cff-0310-8789-dd5450dbe970

13 years agoWhitespace
Greg Hudson [Tue, 9 Aug 2011 21:09:30 +0000 (21:09 +0000)]
Whitespace

Also remove the erroneously added gssapi_err_krb5 error table sources.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25091 dc483132-0cff-0310-8789-dd5450dbe970

13 years agocall gssint_mecherrmap_init() from gssint_mechglue_init()
Sam Hartman [Tue, 9 Aug 2011 20:07:43 +0000 (20:07 +0000)]
call gssint_mecherrmap_init() from gssint_mechglue_init()

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
Signed-off-by: Sam Hartman <hartmans@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25090 dc483132-0cff-0310-8789-dd5450dbe970