Tom Yu [Thu, 6 Mar 2003 01:36:51 +0000 (01:36 +0000)]
* acquire_cred.c (krb5_gss_register_acceptor_identity): New
function. Allows global override of default keytab for
gss_acquire_cred() purposes.
(acquire_accept_cred): Implement override.
* gssapi_krb5.h: Add krb5_gss_register_acceptor_identity.
ticket: 880
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15236
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Wed, 5 Mar 2003 23:49:36 +0000 (23:49 +0000)]
Remove kdb_dbm.h as it is unused
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15235
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Mar 2003 05:14:34 +0000 (05:14 +0000)]
* Makefile.in (WINMAKEFILES): Add lib\crypto\aes\Makefile.
(lib\crypto\aes\Makefile) [##DOS##]: New target.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15234
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Mar 2003 05:09:25 +0000 (05:09 +0000)]
* Makefile.in (OBJFILELIST, OBJFILEDEP) [##DOS]: Add aes.lst.
(all-windows, clean-windows, check-windows): Process aes directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15233
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Mar 2003 04:02:37 +0000 (04:02 +0000)]
* password_to_key.c (mit_passwd_to_key, afs_passwd_to_key): Comment out pragmas
not recognized by gcc or cl.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15232
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Mar 2003 04:00:09 +0000 (04:00 +0000)]
string_to_key.c (krb5_c_string_to_key_with_params): Declare before use
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15231
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Mar 2003 03:38:51 +0000 (03:38 +0000)]
Reduce local configure script's work by removing static defines and header and
function info available in krb5/autoconf.h.
* gethostname.c, getst.c, kadm_net.c, klog.c, kparse.c: Include
krb5/autoconf.h.
* kuserok.c, log.c, memcache.c, mk_preauth.c, netread.c: Ditto.
* netwrite.c, put_svc_key.c, recvauth.c, send_to_kdc.c: Ditto.
* tkt_string.c: Ditto.
* Makefile.in: Update dependencies.
(DEFINES): Define KRB4_USE_KEYTAB.
* configure.in: Don't define KRB4_USE_KEYTAB. Don't check for any headers or
functions; include/configure.in already does it. Don't invoke AC_C_CONST
explicitly; CONFIG_RULES does that.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15230
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Mar 2003 03:03:04 +0000 (03:03 +0000)]
Clean up PBKDF2 interface. Add s2k-params to string-to-key interface, except
no new decl in krb5.h yet; rename changed s2k functions to use krb5int_ prefix.
Add AES to etype table. Delete some unused declarations.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15229
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Mar 2003 02:58:51 +0000 (02:58 +0000)]
* aes.c (krb5int_aes_init_state): Implement.
* enc_provider.h (krb5int_enc_aes128, krb5int_enc_aes256): Declare.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15228
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Mar 2003 02:54:06 +0000 (02:54 +0000)]
* krb5_err.et (KRB5_ERR_BAD_S2K_PARAMS): New error code
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15227
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Mar 2003 02:40:23 +0000 (02:40 +0000)]
Add AES string-to-key function
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15226
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Mar 2003 02:35:00 +0000 (02:35 +0000)]
Delete some unused declarations from old-crypto API
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15225
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 5 Mar 2003 01:24:13 +0000 (01:24 +0000)]
* srv_rcache.c (krb5_get_server_rcache): Fix missed
isinvalidrcname -> isvalidrcname.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15224
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Mar 2003 01:20:50 +0000 (01:20 +0000)]
* compat_recv.c: Only include krb.h if KRB5_KRB4_COMPAT.
(krb_v4_recvauth, krb5_compat_recvauth, krb5_compat_recvauth_version): Define
only if KRB5_KRB4_COMPAT.
* krlogind.c: Include krb.h only if KRB5_KRB4_COMPAT.
(v4_kdata, v4_schedule): Define only if KRB5_KRB4_COMPAT.
(recvauth) [!KRB5_KRB4_COMPAT]: Skip v4 stuff and call krb5_recvauth_version.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15223
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Wed, 5 Mar 2003 00:47:51 +0000 (00:47 +0000)]
Fix rcache character test introduced in last commit
Ticket: 1370
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15222
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Mar 2003 00:26:14 +0000 (00:26 +0000)]
* configure.in: Default to --disable-fakeka
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15221
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 4 Mar 2003 20:55:19 +0000 (20:55 +0000)]
Don't call shutdown after finishing writing
to TCP socket as doing so causes interop problems.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15220
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 4 Mar 2003 20:50:39 +0000 (20:50 +0000)]
Do not expect sequence number in encrypted krb_cred
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15219
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 4 Mar 2003 20:45:32 +0000 (20:45 +0000)]
GSS_C_NO_CREDENTIAL should accept any principal
If a context is accepted with GSS_C_NO_CREDENTIAL or if a credential
is acquired with GSS_C_NO_NAME as the acceptor name then allow any
principal in the keytab to be used as the acceptor name.
This means that gss_inquire_cred can return GSS_C_NO_NAME from a
credential.
ticket: new
Tags: enhancement
cc: nicolas.williams@sun.com
cc: krbdev@mit.edu
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15218
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 3 Mar 2003 22:33:56 +0000 (22:33 +0000)]
* krb5-config.in (lib_flags): Prune out CFLAGS
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15217
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 3 Mar 2003 22:00:30 +0000 (22:00 +0000)]
* pbkdf2.c (F): Now takes krb5_data for password and salt.
(krb5int_pbkdf2, krb5int_pbkdf2_hmac_sha1, krb5int_pbkdf2_hmac_sha1_128,
krb5int_pbkdf2_hmac_sha1_256): Likewise, and for output also.
* vectors.c (test_pbkdf2): Calls updated.
(main): Run pbkdf2 tests.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15216
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 3 Mar 2003 07:49:34 +0000 (07:49 +0000)]
* g_cnffile.c (krb__get_srvtabname): Keep strdup()ed string in a
static variable and free it called again; this prevents a memory
leak.
ticket: 1357
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15215
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 3 Mar 2003 07:09:46 +0000 (07:09 +0000)]
Remove ADD_DEF and uses thereof, and move the appropriate symbols to
AC_DEFINE'ed things or to Makefile.in files. Remove explicit settings
of CPPFLAGS. These allow CPPFLAGS to be a user parameter. Also, add
CFLAGS to the CC_LINK variables, so they can control usage of the
compiler to link programs.
ticket: 677
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15214
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sun, 2 Mar 2003 22:00:11 +0000 (22:00 +0000)]
Substitute DEPLIBEXT for library builds
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15213
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sun, 2 Mar 2003 21:40:49 +0000 (21:40 +0000)]
Use com_err_deplib rather than an explicit path so we do not have our
shared libraries depend at a make level on com_err if we use the
system com_err library.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15212
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 1 Mar 2003 22:15:22 +0000 (22:15 +0000)]
There isn't really a point to validating cred_handle if it was just
acquired by acquire_cred(), so instead of the suggested patch,
validate verifier_cred_handle only if we didn't acquire_cred().
* accept_sec_context.c (krb5_gss_accept_sec_context): Don't
validate verifier_cred_handle if GSS_C_NO_CREDENTIAL is passed in.
ticket: 1356
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15211
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 28 Feb 2003 23:10:49 +0000 (23:10 +0000)]
Ignore krb_err_txt.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15210
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 28 Feb 2003 19:42:59 +0000 (19:42 +0000)]
* Makefile.in (clean-unix): Remove krb_err_txt.c on clean. Update
dependencies
* g_pw_in_tkt.c: Include krb4int.h for krb_get_keyprocs() prototype.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15209
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 28 Feb 2003 19:05:42 +0000 (19:05 +0000)]
* Makefile.in (clean): Cleanup testing objects and outputs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15208
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 27 Feb 2003 02:02:09 +0000 (02:02 +0000)]
* configure.in: Set and substitute maybe_kerberosIV.
* Makefile.in (MY_SUBDIRS): Use it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15207
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 26 Feb 2003 04:43:09 +0000 (04:43 +0000)]
remove wrong comment
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15206
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 25 Feb 2003 23:55:50 +0000 (23:55 +0000)]
Thanks, similar patch applied
* set_ccache.c (gss_krb5_ccache_name): Don't return a pointer to
freed memory.
ticket: 1346
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15205
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 25 Feb 2003 23:14:40 +0000 (23:14 +0000)]
Handle NULL result_string->data returned from error in
krb5_change_password(). The SAMDATA() macro in
lib/krb5/krb/preauth2.c seems to already be fixed.
KfM's kpasswd equivalent still needs to be dealt with.
ticket: 1055
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15204
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 25 Feb 2003 20:53:45 +0000 (20:53 +0000)]
* in_tkt.c: Include k5-util.h.
(do_seteuid): Define as krb5_seteuid instead of testing system characteristics
here.
* dest_tkt.c: Likewise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15203
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 25 Feb 2003 20:46:48 +0000 (20:46 +0000)]
* change_password.c (krb_change_password): Use int, not KRB_INT32, for krb4
error codes. Check for malloc failure allocating sendStream.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15202
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 24 Feb 2003 22:36:30 +0000 (22:36 +0000)]
* gssapi_krb5.c (kg_get_defcred): Revert previous; it's probably
not appropriate for inquire_cred() to cause new credentials to be
fetched.
* init_sec_context.c (krb5_gss_init_sec_context): Explicitly
release default cred in the NO_CREDENTIAL case, so it is always
refreshed.
ticket: 1305
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15201
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 24 Feb 2003 17:50:52 +0000 (17:50 +0000)]
Fix typo pointed out by jenselby in doc pass
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15200
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 21 Feb 2003 23:14:50 +0000 (23:14 +0000)]
This should fix things, but I don't have an easy way to test
* gssapi_krb5.c (kg_get_defcred): Check for invalid or expired
defcred if it exists, and call acquire_cred() again if necessary.
ticket: 1305
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15199
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 21 Feb 2003 21:42:49 +0000 (21:42 +0000)]
Fri Feb 21 16:30:00 2003 Alexandra Ellwood <lxs@mit.edu> * Removed Mac OS 9 files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15198
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 21 Feb 2003 21:37:02 +0000 (21:37 +0000)]
Fri Feb 21 16:30:00 2003 Alexandra Ellwood <lxs@mit.edu> * Removed Mac OS 9 files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15197
dc483132-0cff-0310-8789-
dd5450dbe970
Jen Selby [Fri, 21 Feb 2003 03:09:36 +0000 (03:09 +0000)]
default for noaddresses was wrong
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15196
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 21 Feb 2003 01:35:09 +0000 (01:35 +0000)]
Fix typo that caused infinite loop in previous patch
Ticket: 1006
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15195
dc483132-0cff-0310-8789-
dd5450dbe970
Jen Selby [Thu, 20 Feb 2003 23:20:52 +0000 (23:20 +0000)]
Added a few more tags in libdefaults
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15194
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 20 Feb 2003 00:04:06 +0000 (00:04 +0000)]
* krb5.hin (krb5_princ_component): Return NULL if going off the end of the array
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15193
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 20 Feb 2003 00:00:11 +0000 (00:00 +0000)]
* configure.in: Check for sys/select.h and time.h
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15192
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Sat, 15 Feb 2003 01:15:10 +0000 (01:15 +0000)]
The client sorts the enctype list returned by etype_info ordering
enctypes that it requested or that are similar to ones it requested
first.
The KDC only includes enctypes in etype_info if they were requested by
the client.
ticket: 1006
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15191
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 14 Feb 2003 04:19:34 +0000 (04:19 +0000)]
* Makefile.in (ETOUT): Replace $(S) with "/"
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15190
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 14 Feb 2003 00:01:25 +0000 (00:01 +0000)]
* Makefile.in ($(GSSAPI_KRB5_HDR)): Use $(S) to avoid problems on
windows.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15189
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 13 Feb 2003 20:09:21 +0000 (20:09 +0000)]
Fix double free of AS key
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15188
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 13 Feb 2003 02:44:16 +0000 (02:44 +0000)]
* Makefile.in (krb_err.h, kadm_err.h): Rebuild by going to lib/krb4 and
building "includes".
(clean-unix): Don't need to delete copies of .et files any more.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15187
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 13 Feb 2003 00:51:43 +0000 (00:51 +0000)]
Oops, add $(GSSAPI_KRB5_HDR) to all-unix
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15186
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 13 Feb 2003 00:23:45 +0000 (00:23 +0000)]
More tweaks to deal with parallel builds
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15185
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 12 Feb 2003 16:21:09 +0000 (16:21 +0000)]
* post.in (.dtmp): Use -DDEPEND to allow source files to exclude
inclusions from dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15184
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 12 Feb 2003 16:20:00 +0000 (16:20 +0000)]
* Makefile.in: Update dependencies.
(KRB_ERR_TXT): Set by configure to be either empty
(on Darwin) or krb_err_txt.c (on other platforms). This avoids
building krb_err_txt.c on Darwin, as the type of krb_err_txt is a
pointer there, so we don't need another copy of the array.
(DEFINES): Remove. It wasn't doing anything useful and was
cluttering up the compile command line.
* configure.in: On Darwin, don't use krb_err_txt.c.
* err_txt.c: On Darwin, actually use the array generated by
compile_et, and assign it to krb_err_txt, which is a pointer, not
an array, on that platform.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15183
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 12 Feb 2003 00:06:37 +0000 (00:06 +0000)]
* CCache-glue.c: Delete in_tkt()
* change_password.c: Fix incorrect filename in comment.
* g_in_tkt.c (krb_get_in_tkt_preauth): Call krb_in_tkt() rather
than in_tkt().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15182
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 11 Feb 2003 23:11:24 +0000 (23:11 +0000)]
Support credentials encrypted in the session key rather than
the subsession key.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15181
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 11 Feb 2003 19:50:18 +0000 (19:50 +0000)]
* CCache-glue.c (krb_in_tkt): Rename from in_tkt().
(in_tkt): Implement in terms of krb_in_tkt() to match existing
Unix and Windows API. This shouldn't be a problem because it
appears to be considered an internal API on Mac.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15180
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 11 Feb 2003 17:19:00 +0000 (17:19 +0000)]
Fix recursion-forcing rules to be more friendly to parallel builds
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15179
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 11 Feb 2003 05:13:49 +0000 (05:13 +0000)]
* Makefile.in: Another attempt... turns our that the "copy"
command on Windows preserves modtimes, so spurious rebuilds were
happening even with the stamp file, since the target in $(EHDRDIR)
is always out of date with respect to the stamp file.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15178
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 11 Feb 2003 03:53:18 +0000 (03:53 +0000)]
Fix some things to avoid spurious rebuilds of header files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15177
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 11 Feb 2003 03:08:37 +0000 (03:08 +0000)]
* Makefile.in (K4LIBS): Revert previous
* krb5_32.def: Add afs_string_to_key, which is now needed by the
krb4 library.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15176
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 11 Feb 2003 03:08:21 +0000 (03:08 +0000)]
* password_to_key.c (krb5_passwd_to_key): Replace snprintf() call
with explicit length checking.
* memcache.c (krb4int_save_credentials_addr): Renamed from
krb_save_credentials().
(krb_save_credentials): Implement in terms of
krb4int_save_credentials_addr().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15175
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 11 Feb 2003 02:20:12 +0000 (02:20 +0000)]
Various fixes to Windows build of krb4 library. Fix up KRB5_CALLCONV
on some new krb4 library functions. Fix up library generation to
refer to des425.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15174
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 11 Feb 2003 01:35:32 +0000 (01:35 +0000)]
Fix lots of things to compile on Unix. Fix some typos
By means of carrying through local addresses in many places, eliminate
or reduce sections of code depending on TARGET_OS_MAC conditionals.
Conditionalize some prototypes in krb.h with KRB_PRIVATE, to avoid
leakage on Mac.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15173
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 10 Feb 2003 22:11:35 +0000 (22:11 +0000)]
Note: these checkins are partial progress for Tom Yu. They probably don't build; Tom is expecting that. *** CCache-glue.c: Removed copying of the string_to_key type in krb_save_credentials. Saving the string_to_key type is unnecessary and was just for display purposes. Will be removed for KfM 5.0. Updated to use KRB5_CALLCONV instead of INTERFACE and include the krb5's krb4 headers instead of the KfM ones. *** change-password.c: Removed include of CredentialsCache.h and code that switches between string to key types. This doesn't make sense for password changing because the krb4 protocol for password changing implemented here only supports mit's string to key. Bug was in KfM and got ported forward. Should the code call mit_password_to_key for all platforms? *** FSp-glue.c: Removed dependency on MoreFiles and replaced it with code to use FSRefs now that we are Carbon-only. *** g_in_tkt.c: Added loop which calls password to key functions trying each one. This technique was imported from KTH-KRB into KfM. This code still needs to have the TARGET_OS_MAC code made more Unix friendly for Darwin builds. The behavior differences (store the address or not) should be deferred until the very last moment to avoid excessive #ifdefs. *** g_pw_in_tkt.c: Added loop which calls password to key functions trying each one. This technique was imported from KTH-KRB into KfM. *** krb4int.h: Added password-to-key.c functions so they can be used by g_in_tkt.c and g_pw_in_tkt.c. *** password-to-key.c: Removed dependence on the CCAPI so this code can be used on all platforms to implement looping over the password to key functions. *** RealmsConfig-glue.c: Changed to use #ifdef USE_CCAPI like is used elsewhere in the krb5 sources. This is just for consistency in krb5
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15172
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 9 Feb 2003 15:20:24 +0000 (15:20 +0000)]
Have g_token_size return unsigned int for signed/unsigned cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15171
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 8 Feb 2003 09:51:01 +0000 (09:51 +0000)]
* prompter.c (krb5_prompter_posix): Kill echo before printing
prompt to avoid possible race conditions in test suite.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15170
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 8 Feb 2003 08:25:28 +0000 (08:25 +0000)]
Thanks; equivalent patch applied
* admin_server.c (kadm_listen): Zero sa_flags to avoid wonkiness.
ticket: 1304
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15169
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 8 Feb 2003 08:12:46 +0000 (08:12 +0000)]
Change comments to remove the note that we're going to redesign key
storage architecture for 1.3.
ticket: 1193
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15168
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 7 Feb 2003 22:15:59 +0000 (22:15 +0000)]
* Makefile.in (all-unix): Remove kerberosIV/krb_err.h, as it was
causing spurious rebuilds of lots of stuff because it was
depending on all-recurse, which is always out of date.
(install-headers-unix): Also, no need to depend on
kerberosIV/krb_err.h here, since the kerberosIV subdirectory takes
care of it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15167
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 7 Feb 2003 21:41:20 +0000 (21:41 +0000)]
* Makefile.in (install): Fix typo in k5srvutil.M install rule
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15166
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 7 Feb 2003 21:39:44 +0000 (21:39 +0000)]
Fix ABI divergence between Unix and Mac krb4 libraries in declaration
of krb_err_txt by means of a gross hack.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15165
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 7 Feb 2003 04:15:22 +0000 (04:15 +0000)]
* prompter.c (krb5_prompter_posix, setup_tty, restore_tty): Fix to
use the actual file descriptor we dup()'ed to in case tcsetattr()
doesn't actually change the underlying device modes and instead
only affects the specific file descriptor.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15164
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 7 Feb 2003 01:11:32 +0000 (01:11 +0000)]
Add AES copyright and license
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15163
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 7 Feb 2003 01:10:51 +0000 (01:10 +0000)]
Add Yarrow, AES licenses
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15162
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Hornstein [Thu, 6 Feb 2003 23:45:55 +0000 (23:45 +0000)]
Sorry, forgot this ChangeLog on the last commit
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15161
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 6 Feb 2003 23:13:07 +0000 (23:13 +0000)]
* locate_kdc.c (translate_ai_error): Handle EAI_ADDRFAMILY like EAI_NONAME.
(krb5int_add_host_to_list): Translate errors returned from the second
getaddrinfo call.
ticket: 1339
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15160
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 6 Feb 2003 20:05:41 +0000 (20:05 +0000)]
Add k5srvutil
Add a script called k5srvutil that allows easy manipulation of keytabs
for common tasks such as changing keys and deleting outdated keys.
ticket: 1191
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15159
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Hornstein [Thu, 6 Feb 2003 19:58:18 +0000 (19:58 +0000)]
This is the integration of "fakeka" (a program to emulate a kaserver)
into the MIT distribution. It's compilation is enabled with --enable-fakeka.
ticket: 1281
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15158
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 6 Feb 2003 00:51:42 +0000 (00:51 +0000)]
* Makefile.in (std_rqs.c): Depend on ct_c.sed and ct_c.awk
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15157
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 5 Feb 2003 21:39:33 +0000 (21:39 +0000)]
* login.c (main): Don't zero out terminal window size
ticket: 697
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15156
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 5 Feb 2003 20:05:17 +0000 (20:05 +0000)]
* Makefile.in (run-aes-test): Add $(RUN_SETUP) so that if
compiling only shared libraries, LD_LIBRARY_PATH is set for test.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15155
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 5 Feb 2003 19:35:48 +0000 (19:35 +0000)]
* mkrel: Exclude .rconf files
ticket: 771
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15154
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 5 Feb 2003 04:57:46 +0000 (04:57 +0000)]
comment
* decomp_tkt.c (dcmp_tkt_int): Patch from Booker Bense to use
krb_get_lrealm() instead of copying KRB_REALM into prealm.
ticket: 710
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15153
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 5 Feb 2003 04:02:05 +0000 (04:02 +0000)]
* default.exp (start_kerberos_daemons): Use correct argument to
"-4" flag.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15152
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 5 Feb 2003 03:57:22 +0000 (03:57 +0000)]
* prompter.c (krb5_prompter_posix): Rewrite to no longer use
longjmp(), as well as to get a non-buffered stdio stream on stdin
to avoid passwords staying around in stdio buffers. This does
have the side effect of possibly losing pre-buffered input from an
application that reads from stdin using stdio functions prior to
calling the prompter, but hopefully those are rare.
ticket: 673
ticket: 680
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15151
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 4 Feb 2003 22:12:00 +0000 (22:12 +0000)]
Get addressless tickets by default
By default Kerberos obtains addressless tickets.
ticket: new
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15150
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 4 Feb 2003 22:07:38 +0000 (22:07 +0000)]
disable krb4 by default
By default, we disable krb4 in the KDC. This means that -4 none is
the default mode.
Krb4 is reenabled for the dejagnu tests.
ticket: new
Tags: enhancement
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15149
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 4 Feb 2003 03:48:55 +0000 (03:48 +0000)]
* login.c (dofork): Don't dissociate from controlling tty in the
parent, since the parent needs to remain the session leader so it
can tell when the tty gets hung up. Make the child wait for the
parent to set up a SIGHUP handler to ensure that cleanup happens
properly.
ticket: 608
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15148
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 3 Feb 2003 22:13:26 +0000 (22:13 +0000)]
update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15147
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 3 Feb 2003 22:12:34 +0000 (22:12 +0000)]
*** empty log message ***
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15146
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 3 Feb 2003 22:12:18 +0000 (22:12 +0000)]
Remove placeholder file that shouldn't have been checked in
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15145
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 3 Feb 2003 22:09:09 +0000 (22:09 +0000)]
Build and link in AES crypto code (but don't define the enctype yet).
Build and link in PBKDF2 function.
Add ciphertext stealing tests.
Update various tests to correspond with IETF crypto draft.
* aes: New directory, containing AES implementation from Brian Gladstone,
tweaked a little for the krb5 build system.
* configure.in: Build its makefile.
* Makefile.in (LOCAL_SUBDIRS, LOCALINCLUDES, STOBJLISTS, SUBDIROBJLISTS): Add
aes entries.
* t_cts.c: New test file.
* Makefile.in (EXTRADEPSRCS): Add t_cts.
(t_cts$(EXEEXT)): New rule.
* Makefile.in (SRCS, OBJS, STLIBOBJS): Add pbkdf2.
(EXTRADEPSRCS): Remove pbkdf2.c.
(t_pkcs5$(EXEEXT)): Don't list pbkdf2.$(OBJEXT).
* t_nfold.c (fold_kerberos): New function.
(main): Call it with different lengths.
* vectors.c: Include ctype.h and hash_provider.h.
(test_nfold, test_mit_des_s2k, test_s2k, test_dr_dk): Test case data now static
and const.
(test_nfold): Add "Q" and "ba" tests from Simon Josefsson.
(GCLEF): New macro.
(test_mit_des_s2k): Add GCLEF test case. Fill in "key" at run time, not as
initialization.
(test_s2k): Added GCLEF test case.
(krb5int_enc_aes128, krb5int_enc_aes256): Declare.
(combine_keys, test_des3_combine, k5_des3_make_key): Functions deleted.
(whoami): New variable.
(printd, printk): New functions.
(test_pbkdf2): New function.
(main): Initialize whoami. Test nfold only for now.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15144
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 3 Feb 2003 21:53:59 +0000 (21:53 +0000)]
* aes.c: New file.
* Makefile.in (STLIBOBJS, OBJS, SRCS): Include it.
(LOCALINCLUDE): Add aes source dir.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15143
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 3 Feb 2003 21:38:06 +0000 (21:38 +0000)]
Make l40 static
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15142
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 3 Feb 2003 21:10:25 +0000 (21:10 +0000)]
AES implementation by Briad Gladman; tweaked for krb5 tree
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15141
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 1 Feb 2003 00:35:08 +0000 (00:35 +0000)]
* Makefile.in (clean-windows): Remove $(GENS).
(krb524_err.c): Depend on krb524_err.et.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15140
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 31 Jan 2003 05:50:29 +0000 (05:50 +0000)]
* kcmd.c (v4_des_write): Apply patch from ghudson to fix
non-right-justification case.
ticket: 620
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15139
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 31 Jan 2003 00:43:50 +0000 (00:43 +0000)]
* login.c (main): Initialize 'hostname'
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15138
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 31 Jan 2003 00:41:17 +0000 (00:41 +0000)]
* login.c (try_krb4): Delete unused krb5 principal name argument.
(main): Don't pass it.
ticket: 479
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15137
dc483132-0cff-0310-8789-
dd5450dbe970