Tom Yu [Sat, 9 Nov 2002 01:39:45 +0000 (01:39 +0000)]
tests/dejagnu leaks ptys
* default.exp: Add (disabled) debugging code for catching leaking
ptys. expect eof from the correct spawn_ids when killing kdc and
kadmind to avoid leaking ptys.
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14984
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 9 Nov 2002 01:35:21 +0000 (01:35 +0000)]
* main.c (makeargv): Report an error if parsed arguments won't fit in margv
array.
* ftp_var.h (line, argbuf): Extend to 500 bytes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14983
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 8 Nov 2002 22:33:59 +0000 (22:33 +0000)]
* pre.in (.et.h, .et.c): Drop "set -x"
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14982
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 7 Nov 2002 22:43:46 +0000 (22:43 +0000)]
rpc unit tests can fail due to race condition
The rpc unit tests can fail in fullrun.exp due to a failure to drain
output from the server in expire.exp. This commit works around the
problem by calling flush_server, but a real synchronization method
should probably be implemented, perhaps by having the server log when
a client disconnects.
* rpc_test.0/expire.exp (overlap): Add another call to
flush_server to make a race condition a little less likely. There
really should be better synchronization, as this test suite is
just full of race conditions waiting to happen.
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14979
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 7 Nov 2002 21:40:15 +0000 (21:40 +0000)]
Thanks, patch applied
* svr_principal.c (kadm5_setkey_principal_3): Apply patch from
Emily Ratliff to allow n_ks_tuple to be zero, which is the case if
being called from kadmind answering a client's setkey_principal
request.
ticket: 1008
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14978
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 7 Nov 2002 20:14:19 +0000 (20:14 +0000)]
* conv_princ.c (strnchr): Make length argument unsigned int
* preauth2.c: Add parentheses around assignment used as truth
value. Cleanup unused variable.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14976
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 7 Nov 2002 20:09:02 +0000 (20:09 +0000)]
* asn1_k_encode.c (asn1_encode_sam_challenge_2): Test for error
returned from asn1buf_insert_oxtetstring and cleanup strctures
properly.
* asn1_k_decode.c (asn1_decode_sam_challenge_2_body): Change
sequence_of/end_sequence_of to use
sequence_of_no_tagvars/end_sequence_of_no_tagravs to avoid
shadowing variables.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14975
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 7 Nov 2002 17:01:34 +0000 (17:01 +0000)]
For sam_challenge do not encode optional strings if string not present.
Previously, a string of length zero was transmitted.
ticket: 1224
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14974
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Wed, 6 Nov 2002 19:41:13 +0000 (19:41 +0000)]
New file to define SPNEGO structures
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14973
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 6 Nov 2002 00:42:57 +0000 (00:42 +0000)]
This commit fixes up the in-tree callers of krb5_read_password() and
des_read_password(). We should perhaps tighten up the test suite now.
ticket: 1217
status: open
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14972
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 5 Nov 2002 21:54:47 +0000 (21:54 +0000)]
* asn1_encode.h (asn1_encode_oid):
* asn1_encode.c (asn1_encode_oid): New function.
* asn1_decode.h (asn1_decode_oid):
* asn1_decode.c (asn1_decode_oid): New function.
ticket: 1223
target_version: 1.3
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14971
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 5 Nov 2002 04:52:24 +0000 (04:52 +0000)]
New Makefile variable RPATH_FLAG, possibly used even when we're not
building shared libs. TCL_MAYBE_RPATH gets used to account for
linking a shared tcl lib when we're not building shared libs.
ticket: 1228
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14969
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 4 Nov 2002 02:20:51 +0000 (02:20 +0000)]
* do_as_req.c (process_as_req): Fix previous patch; it caused an
uninitialized pointer to be dereferenced under certain error
conditions.
ticket: 1206
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14964
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Hornstein [Sun, 3 Nov 2002 20:31:33 +0000 (20:31 +0000)]
Calling convention for krb5int_c_combine_keys does not match prototype
The Windows calling convention for krb5int_c_combine_keys does not match the
prototype in k5-int.h. I missed this during the initial commit since I
neglected to test out the build of this code on Windows.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14962
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 2 Nov 2002 18:27:11 +0000 (18:27 +0000)]
This fixes some test suite password prompt checks that were missed
earlier.
* kpasswd.0/changing.exp:
* lib/helpers.exp: Make checks for password prompts more lenient.
ticket: 1217
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14961
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 1 Nov 2002 22:13:57 +0000 (22:13 +0000)]
MITKRB5-SA-2002-002 buffer overflow in kadmind4
* kadm_ser_wrap.c (kadm_ser_in): Apply fix for MITKRB5-SA-2002-002
buffer overflow.
ticket: new
status: open
version_reported: 1.2.6
target_version: 1.2.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14959
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 31 Oct 2002 23:29:48 +0000 (23:29 +0000)]
* Makefile.in (check-unix): Don't run t_pkcs5
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14956
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 31 Oct 2002 23:03:47 +0000 (23:03 +0000)]
* xdr_alloc.c (xdralloc_putlong): Coerce value pointed to by argument to 32
bits, rather than reading only 32 bits from the supplied address.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14954
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 31 Oct 2002 22:54:00 +0000 (22:54 +0000)]
* k5-int.h (krb5_ser_handle): Now points to const.
(krb5_kt_dfl_ops): Now const.
(struct _krb5_kt_ops): Field serializer now points to const krb5_ser_entry
instead of void.
* krb5.hin (struct _krb5_kt): Field ops now points to const.
* kt_file.c (krb5_ktf_ops, krb5_ktf_writable_ops): Now const. Drop cast of
serializer entry initializer.
(fopen_mode_rbplus, fopen_mode_rb): Now const.
* kt_srvtab.c (krb5_kts_ops): Now const.
* ktbase.c (krb5_ktf_ops, krb5_kts_ops): Update declarations.
(struct krb5_kt_typelist): Field ops now points to const.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14953
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 31 Oct 2002 21:44:04 +0000 (21:44 +0000)]
* aclocal.m4 (AC_KRB5_TCL_FIND_CONFIG): Use 'eval' when setting TCL_LIBS to
force variable substitutions to take place.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14952
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 31 Oct 2002 18:36:29 +0000 (18:36 +0000)]
ticket: new
owner: tlyu
status: open
Fix typo in debugging printf introduced in null
handling
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14951
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 30 Oct 2002 23:35:51 +0000 (23:35 +0000)]
* chk_trans.c (krb5_check_transited_list): Style nit: check
character against '\0' not NULL.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14949
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 30 Oct 2002 23:07:23 +0000 (23:07 +0000)]
* start_servers_local: If $USER isn't set, use $LOGNAME. If ovsec_kadm_srv_tcl
invocation to do some initialization fails, exit rather than continuing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14948
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Wed, 30 Oct 2002 20:10:40 +0000 (20:10 +0000)]
ticket: 1230
owner: tlyu
status: open
Ignore trailing nulls on incoming tr encoding to be compatible
with bug in previous versions of krb5
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14946
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Hornstein [Wed, 30 Oct 2002 18:41:24 +0000 (18:41 +0000)]
Wrong ASN.1 definition and padata type for new hardware preauth
It turned out that early in the development cycle, one of our developers
picked the "next" PADATA type in krb5.hin, and we said, "We've got to
fix that when we get the real one assigned" ... and we never did. Noticed
by Ezra Peisach.
Also, the definition for sam-pk-for-sad was changed to OCTET STRING from
EncryptionKey in the draft and the code, but we never updated the ASN.1
definition. Also noticed by Ezra Peisach.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14945
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 28 Oct 2002 22:11:57 +0000 (22:11 +0000)]
* localaddr.c (print_addr) [TEST]: Don't mix size_t and socklen_t, just assume
socklen macro will return a socklen_t value. Cast buffer size to socklen_t in
getnameinfo call.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14944
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 28 Oct 2002 22:07:58 +0000 (22:07 +0000)]
* get_in_tkt.c (conf_yes, conf_no): Now const. References updated.
* preauth.c (preauth_systems): Now const. References updated.
* preauth2.c (pa_types): Now const.
(krb5_do_preauth): Local array paorder now const.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14943
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 28 Oct 2002 21:20:50 +0000 (21:20 +0000)]
* aclocal.m4 (AC_KRB5_TCL): If --with-tcl is given, failure to find a library
we can use is now an error.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14942
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 28 Oct 2002 21:05:48 +0000 (21:05 +0000)]
If we get cannot resolve KDC for master but find a slave
return the real error from the slave rather than the resolution error.
ticket: 1232
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14941
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 28 Oct 2002 02:28:41 +0000 (02:28 +0000)]
Don't include trailing null in the transited encoding produced by the KDC.
Other routines do not expect the null to be included in the length so
policy checks fail. Also, sending the null over the wire is wrong.
ticket: 1230
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14940
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Hornstein [Thu, 24 Oct 2002 06:49:59 +0000 (06:49 +0000)]
Client code lacks support for draft-ietf-krb-wg-kerberos-sam-01.txt
This widely-spread commit implements support for the so-called "new"
hardware preauth protocol, defined in the IETF internet-draft
draft-ietf-krb-wg-kerberos-sam-01.txt. Note that this code is client-side
only.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14939
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Hornstein [Thu, 24 Oct 2002 02:03:15 +0000 (02:03 +0000)]
No support for negative password expiration last-req hint
Fixing an omission; previous code didn't support a negative value for the
password expiration hint (which is legal). Pointed out by Ezra Peisach.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14938
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Wed, 23 Oct 2002 20:15:59 +0000 (20:15 +0000)]
Implement asn1_encode_enumerated
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14937
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Hornstein [Wed, 23 Oct 2002 20:08:04 +0000 (20:08 +0000)]
gic_pwd doesn't support password expiration notification via last_req hint
In kerberos-clarifications, a new last-req type (6) has been specified
that indicates when a principal's password will expire. This code implements
support for this last-req type. Note that the intent is that the last-req
type will only be included by the KDC when the time until password expiration
reaches some threshold (e.g, one week), so this code will display the
password expiration anytime the last-req type is included.
ticket: 1065
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14936
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 23 Oct 2002 15:00:23 +0000 (15:00 +0000)]
* ftpcmd.y: Bison 1.75 cleanup. Essentially remove `=' before
statements to be executed.
ticket: 1218
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14935
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 22 Oct 2002 18:56:14 +0000 (18:56 +0000)]
* sendto_kdc.c (service_tcp_fd): If DEBUG defined, ensure that
initialization of variable not bypassed by goto.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14934
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 22 Oct 2002 18:53:10 +0000 (18:53 +0000)]
* configure.in: Autoconf 2.55 will not simply use cpp to test for
header file existance - the header file must be compilable. This
will mean that if one header depends on another, it must be
included. Test for term.h using the optional fourth argument to
AC_CHECK_HEADERS to specify include files to test.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14933
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 19 Oct 2002 01:22:31 +0000 (01:22 +0000)]
This commit fixes the test suite aspects. Callers of the various
read_password functions still need to be updated.
* api.2/init-v2.exp (test106): Make regexp more forgiving of
variant password prompts.
* api.0/init.exp (test7, test22, test225): Make regexp more
forgiving of variant password prompts.
ticket: 1217
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14932
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 18 Oct 2002 02:35:34 +0000 (02:35 +0000)]
* start_servers_local: Set names of replay cache and log files to be per-user,
since they're in system-wide shared directories.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14931
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 16 Oct 2002 18:53:59 +0000 (18:53 +0000)]
* start_servers_local: Telnet to 127.0.0.1, not "localhost", to probe for
kadmind, since kadmind does IPv4 only.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14930
dc483132-0cff-0310-8789-
dd5450dbe970
Paul Hill [Wed, 16 Oct 2002 17:13:48 +0000 (17:13 +0000)]
ver.h to winver.h ver.h has become depricated by MS. Using winver.h will support MSVC 6 and 7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14929
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 15 Oct 2002 22:51:50 +0000 (22:51 +0000)]
Thanks, (corrected) patch applied
* hst_realm.c (krb5_try_realm_txt_rr): Apply patch from Nalin
Dahyabhai to bounds-check return value from res_search().
* locate_kdc.c (krb5_locate_srv_dns_1): Apply patch from Nalin
Dahyabhai to bounds-check return value from res_search().
ticket: 1216
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14928
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 15 Oct 2002 15:40:49 +0000 (15:40 +0000)]
* server_init.c (kadm5_lock, kadm5_unlock): Return KADM5_OK
instead of falling off end of function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14927
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 12 Oct 2002 01:41:12 +0000 (01:41 +0000)]
* aclocal.m4 (CONFIG_RULES): Define using AC_DEFUN
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14926
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 12 Oct 2002 00:48:26 +0000 (00:48 +0000)]
* aclocal.m4: Use dnl after all AC_REQUIRE invocations.
(KRB5_AC_FORCE_STATIC): New macro. Warn if invoked after KRB5_LIB_AUX.
(KRB5_BUILD_LIBRARY_STATIC): Require it.
(CHECK_SIGPROCMASK, AC_PROG_ARCHIVE, AC_PROG_ARCHIVE_ADD, CHECK_DIRENT,
CHECK_WAIT_TYPE, CHECK_SIGNALS, KRB5_SIGTYPE, CHECK_SETJMP, WITH_KRB4, ADD_DEF,
KRB_INCLUDE, K5_GEN_MAKEFILE, _K5_GEN_MAKEFILE, K5_GEN_FILE, K5_AC_OUTPUT,
V5_AC_OUTPUT_MAKEFILE, CHECK_UTMP, WITH_NETLIB, KRB5_BUILD_LIBRARY_STATIC):
Define using AC_DEFUN instead of define.
Doesn't change the generated configure scripts except for changing (mostly
deleting) whitespace.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14925
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 11 Oct 2002 23:16:44 +0000 (23:16 +0000)]
* aclocal.m4 (WITH_CC_DEPRECATED_ARG): New macro.
(WITH_CC): Require it, and AC_PROG_CC.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14924
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 11 Oct 2002 22:50:10 +0000 (22:50 +0000)]
* aclocal.m4 (CONFIG_RULES): Comment out code looking for the in-tree version
of autoconf that we deleted.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14923
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 11 Oct 2002 06:05:09 +0000 (06:05 +0000)]
implement krb5_read_password, des_read_password via krb5_prompter_posix
This commit fixes one incompatibility introduced when
krb5_read_password was reimplemented in terms of krb5_prompter_posix.
There is a remaining incompatibility, which is krb5_prompter_posix's
appending of the string ": " following a prompt. Callers of
krb5_read_password and of des_read_password don't expect this
behavior, which results in a double colon prompt, which breaks the
libkadm5 test suite.
* read_pwd.c (krb5_read_password): Restore name of size_return.
Set *size_return after successful call to krb5_prompter_posix,
since some callers were actually checking, e.g. kadm5.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14922
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 10 Oct 2002 22:06:02 +0000 (22:06 +0000)]
Implement krb5_read_password an des_read_pw_string
in terms of krb5_prompter_posix.
Change motivated by the desire for echo foo |kinit -4 bar to work in
test scripts, but having one implementation of password read functions on unix is good
anyway
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14921
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 10 Oct 2002 03:00:27 +0000 (03:00 +0000)]
* Makefile.in (EXTRADEPSRCS): New variable.
(t_hmac$(EXEEXT), t_pkcs5$(EXEEXT), vectors$(EXEEXT)): New targets.
(check-unix): Depend on and run t_hmac and t_pkcs5.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14920
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 10 Oct 2002 02:58:23 +0000 (02:58 +0000)]
* string2key.c (mit_des_string_to_key_int): If PRINT_TEST_VECTORS is defined,
print some of the intermediate results.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14919
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 10 Oct 2002 02:52:51 +0000 (02:52 +0000)]
* Makefile.in (t_cksum4, t_cksum5): Include com_err library when linking
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14918
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 10 Oct 2002 02:52:00 +0000 (02:52 +0000)]
whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14917
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 10 Oct 2002 02:41:52 +0000 (02:41 +0000)]
* pbkdf2.c, t_hmac.c, t_pkcs5.c: New files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14916
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 8 Oct 2002 20:53:29 +0000 (20:53 +0000)]
principal can't specify ks_tuples changing own passwd
Thanks, the patch has been applied and will appear in a future release.
* misc.c (chpass_principal_wrapper_3): Renamed from
chpass_principal_wrapper; calls chpass_principal_3 now.
(randkey_principal_wrapper_3): Renamed from
randkey_principal_wrapper; calls randkey_principal_3 now. Patch
from Ben Cox.
* server_stubs.c (chpass_principal_1_svc)
(chpass_principal3_1_svc): Call chpass_principal_wrapper_3.
(chrand_principal_1_svc, chrand_principal3_1_svc): Call
randkey_principal_wrapper_3. Patch from Ben Cox.
ticket: 1207
version_reported: 1.2.6
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14915
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 8 Oct 2002 20:20:29 +0000 (20:20 +0000)]
libkadm5 should allow persistent locks
libkadm5 should have a way to persistently lock the databases to avoid
wasting time on closing and reopening. These patches implement
persistent exclusive locks for local access only.
ticket: new
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14914
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 8 Oct 2002 02:27:39 +0000 (02:27 +0000)]
ASN.1 code passes uninitialized values around
* asn1_get.c (asn1_get_tag_indef): Stomp on asn1class,
construction, retlen, and indef, even if we've hit the end of the
buffer, to avoid passing uninitialized values around.
* asn1_k_decode.c: Reformat somewhat and add comments to demystify
things a little.
(opt_field): Fix to explicitly check for end of subbuf before
verifying the pre-fetched tag, which may have been stomped on by
asn1_get_tag_indef() encountering end-of-buffer.
* krb5_decode.c (opt_field, opt_lenfield): Fix to explicitly check
for end of subbuf before verifying the pre-fetched tag, which may
have been stomped on by asn1_get_tag_indef() encountering
end-of-buffer.
ticket: new
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14913
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 7 Oct 2002 21:51:49 +0000 (21:51 +0000)]
Implement an install-headers target to install public headers into KRB5_INCDIR;
probably called by setting DESTDIR.
ticket: 1208
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14912
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 7 Oct 2002 20:42:51 +0000 (20:42 +0000)]
* default.exp (stop_kerberos_daemons): Kill, expect eof, wait, in
that order. Avoids delivery of multiple signals (HUP+TERM) to KDC
daemons when shutting down.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14911
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 6 Oct 2002 01:44:27 +0000 (01:44 +0000)]
* do_as_req.c (process_as_req): Apply fix from Kevin Coffman to
avoid leaking padata.
ticket: 1206
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14910
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 3 Oct 2002 22:07:11 +0000 (22:07 +0000)]
Move test_* from all to check target
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14909
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 30 Sep 2002 04:21:10 +0000 (04:21 +0000)]
* rsh.exp (rsh_test): Explicitly call stop_rsh_daemon upon pass
for "encrypted rsh" test, to avoid zombies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14908
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 29 Sep 2002 21:00:31 +0000 (21:00 +0000)]
* default.exp (start_kerberos_daemons): Fix to use "tail -f" to
check for setup messages from daemons; this avoids a few race
conditions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14907
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 28 Sep 2002 00:03:03 +0000 (00:03 +0000)]
update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14906
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 27 Sep 2002 23:58:05 +0000 (23:58 +0000)]
* depgen.sed: Solaris sed doesn't like '\(^.*$\)'; replace it with
'^\(.*\)$'.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14905
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 27 Sep 2002 04:26:59 +0000 (04:26 +0000)]
Fix DES_INT32 definition
Intial merge of KfM des library API.
Update krb.h to use offsets from krb_err.et constants as error codes.
Fix up definitions of KRB4_32, KRB_INT32, KRB_UINT32.
ticket: 1189
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14904
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Sep 2002 03:38:33 +0000 (03:38 +0000)]
Limit the number of TCP connections that will be handled at one time.
Remove some debugging calls.
* network.c (struct connection): New field start_time.
(tcp_data_counter, max_tcp_data_connections): New variables.
(kill_tcp_connection): New function.
(process_tcp_connection): Use it. Log reason for rejecting connection if the
requested buffer size is too large.
(accept_tcp_connection): If there are too many TCP connections already, shut
down the oldest one.
(setup_network, listen_and_process, process_tcp_connection, service_conn):
Delete debugging code.
(process_packet): Use socklen_t where appropriate.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14903
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Sep 2002 02:28:30 +0000 (02:28 +0000)]
* sendto_kdc.c (krb5int_cm_call_select): Fix last change
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14902
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 27 Sep 2002 01:08:05 +0000 (01:08 +0000)]
* socket-utils.h (sa2sin, sa2sin6): Add redundant cast to (void *)
to get GCC to shut up about alignment increasing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14901
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 24 Sep 2002 20:27:44 +0000 (20:27 +0000)]
Actually commit krb5.conf
ticket: 1195
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14900
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 24 Sep 2002 20:24:11 +0000 (20:24 +0000)]
Update enctypes in krb5.conf
Previously krb5.conf in config-files only allowed des-cbc-crc; really that's getting fairly old and we should allow
all the enctypes we support.
This has been updated and a comment added indicating that if the list is removed
all enctypes are allowed by the code.
Added club.cc.cmu.edu to distributed realms list per request
ticket: new
cc: leko@MIT.EDU
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14899
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 24 Sep 2002 19:47:34 +0000 (19:47 +0000)]
Makefile.in, configure.in, aclocal.m4: Use AC_CONFIG_FILES instead of
arguments to AC_OUTPUT. This allows for generation of a single Makefile.
config/post.in: When regenerating Makefiles, invoke config.status with
only the Makefile to generate.
This completes the changes.
ticket: 1188
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14898
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Sep 2002 18:34:13 +0000 (18:34 +0000)]
Add some dependencies on phony build targets to help with cross-directory dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14897
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Sep 2002 18:00:25 +0000 (18:00 +0000)]
* Makefile.in (EXTRADEPSRCS): New variable
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14896
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Sep 2002 17:58:33 +0000 (17:58 +0000)]
* pre.in (.et.c, .et.h): Change rules to only update the desired target file,
by using temporary files; this makes them safe for use in parallel builds.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14895
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 24 Sep 2002 15:44:30 +0000 (15:44 +0000)]
* Makefile.in (mydir): Add missing mydir lines
ticket: 1188
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14894
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 23 Sep 2002 17:56:36 +0000 (17:56 +0000)]
configure fails (autoconf 2.52) if aclocal.m4 located in directory above source tree
* aclocal.m4 (V5_SET_TOPDIR): When determining the location of the
top of the source tree, stop when reach the top and aclocal.m4
file is located instead of continuing up and out of the tree.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14893
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 20 Sep 2002 20:47:43 +0000 (20:47 +0000)]
* admin.texinfo, dnssrv.texinfo: Documented config file variables and SRV
records to use for Kerberos TCP service, if it's enabled, which it isn't by
default. Removed UDP port 750 from the DNS SRV recommendations.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14892
dc483132-0cff-0310-8789-
dd5450dbe970
Jen Selby [Fri, 20 Sep 2002 17:35:28 +0000 (17:35 +0000)]
* Makefile: made the list of manpages a variable
* admin.texinfo: took out second inclusion of copyright notice,
changed some section names, updated initial synopsis of file,
added explanation of encryption types and the [login] section of
krb5.conf, added documentation on various tags in the configuration
files, added some more examples, fixed some typos, updated usage
statements for various kadmin and kdb5_util commands, updated the
sample output from the commands, updated the infotex for use with
makeinfo --html, added a section about getting shared-realm keys,
updated the error codes
* build.texinfo: added a section describing the structure of the
source code tree, updated documentation of options to configure
script, added information about defaults for various variable
settings, updated information about shared library support,
added discussion of valid kerberos principals
* definitions.texinfo: added some new default variables,
corrected some pathnames of default values
* dnssrv.texinfo: made the information about default port numbers
reference a variable
* glossary.texinfo: updated definition of principal
* install.texinfo: fixed typos and formatting errors, removed old
sample config files from appendix (samples are in the sections about
the config files), added information about supporting RC4 keys
* kadm5.acl: new file. describes the kadm5.acl file. included by
both admin.texinfo and install.texinfo. text is made up mostly of
text that was split between those two documents. documentation
of backreferences was added
* kdcconf.texinfo: made defaults reference variables
* krb425.texinfo: deleted second inclusion of copyright info,
made defaults reference variable, fixed typos, took out redundant
part about editing inetd.conf and replaced it with reference to
install guide
* krb5conf.texinfo: documented the "final variable" feature,
added mention of the [login] section,
* send-pr.texinfo: minor change in wording for clarity
* user-guide.texinfo: made various minor wording changes, updated
some of the sample output, updated documention of command options
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14891
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Sep 2002 22:39:01 +0000 (22:39 +0000)]
* port-sockets.h: Include sys/filio.h if available
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14890
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Sep 2002 22:11:51 +0000 (22:11 +0000)]
updated dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14889
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Sep 2002 22:08:03 +0000 (22:08 +0000)]
* network.c: Include sys/filio.h if available
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14888
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Sep 2002 21:19:34 +0000 (21:19 +0000)]
update comments
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14887
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 19 Sep 2002 20:58:51 +0000 (20:58 +0000)]
Put back in the V5_OUTPUT_MAKEFILE. Revert the config.status invocation
until this code can be rewriten to use AC_CONFIG_FILES.
ticket: 1188
state: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14886
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Sep 2002 19:53:23 +0000 (19:53 +0000)]
Add TCP support to the KDC, turned off by default, and using separate
config file entries to indicate port numbers.
Checkpointing a working version; debug code needs cleanup, doc needs writing.
ticket: 1175
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14885
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Sep 2002 19:49:16 +0000 (19:49 +0000)]
* sendto_kdc.c (krb5int_cm_call_select): If timeout value has tv_sec==0, treat
it as meaning "no timeout".
(krb5int_debug_fprint): Handle null timeval pointer.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14884
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 19 Sep 2002 18:37:47 +0000 (18:37 +0000)]
Use AC_CONFIG_FILES for each Makefile generated instead of passing
list of files to AC_OUTPUT.
Also, only generate an individual Makefile when invoking config.status
ticket: 1188
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14883
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Sep 2002 18:22:00 +0000 (18:22 +0000)]
* post.in ($(srcdir)/$(thisconfigdir)/configure): Delete autom4te.cache directory
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14882
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Sep 2002 18:19:38 +0000 (18:19 +0000)]
* aclocal.m4 (KRB5_AC_CHOOSE_SS): Check that the indicated system ss package
can actually be linked against and will produce programs that run.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14881
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Sep 2002 17:56:06 +0000 (17:56 +0000)]
* main.c (DEFAULT_KDC_PORTLIST): Define as DEFAULT_KDC_UDP_PORTLIST
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14880
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 18 Sep 2002 21:17:36 +0000 (21:17 +0000)]
update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14879
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 18 Sep 2002 20:45:36 +0000 (20:45 +0000)]
Support reading a list of TCP port numbers from the KDC config file; default
to none for now.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14878
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 18 Sep 2002 20:44:13 +0000 (20:44 +0000)]
protoize
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14877
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 18 Sep 2002 20:40:25 +0000 (20:40 +0000)]
* client_init.c (_kadm5_init_any): If creating a new ccache, put it in memory
instead of on disk.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14876
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 18 Sep 2002 20:38:02 +0000 (20:38 +0000)]
* sendto_kdc.c: Include cm.h.
(struct select_state, SSF_READ, SSF_WRITE, SSF_EXCEPTION): Moved to cm.h.
(DEBUG): Define.
(krb5int_debug_sendto_kdc): Initialize to zero.
(default_debug_handler, put, putstr): New functions.
(krb5int_sendtokdc_debug_handler): New variable.
(krb5int_debug_fprint): Don't write to stderr; instead, pass strings to the
debug output handlers above.
(struct incoming_krb5_message): Broken out from struct conn_state.
(krb5int_cm_call_select): Renamed from call_select; callers updated. Now
extern. Display max fd number in debugging call, not nfds.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14875
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 18 Sep 2002 20:35:51 +0000 (20:35 +0000)]
* cm.h: New file
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14874
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 18 Sep 2002 20:34:30 +0000 (20:34 +0000)]
* configure.in: Check for sys/filio.h
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14873
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 18 Sep 2002 20:33:20 +0000 (20:33 +0000)]
* krb.h: Add extern "C" markers in case a C++ compiler is used
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14872
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 17 Sep 2002 20:08:12 +0000 (20:08 +0000)]
Return errno not retval from getpeername failure
ticket: 1164
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14871
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 16 Sep 2002 03:35:41 +0000 (03:35 +0000)]
* lib/helpers.exp (setup_database): Use "!=" instead of "ne" for string comparisons
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14870
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / log