krb5.git
20 years ago* configure.in: Move test for setupterm back down below addition of
Ken Raeburn [Sun, 7 Mar 2004 09:26:48 +0000 (09:26 +0000)]
* configure.in: Move test for setupterm back down below addition of
termcap/curses libraries.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16155 dc483132-0cff-0310-8789-dd5450dbe970

20 years agomake depend
Ken Raeburn [Sat, 6 Mar 2004 03:17:53 +0000 (03:17 +0000)]
make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16154 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoFor keytab, ccache, and rcache type registries, use const more, and
Ken Raeburn [Sat, 6 Mar 2004 03:16:02 +0000 (03:16 +0000)]
For keytab, ccache, and rcache type registries, use const more, and
use a mutex to protect manipulation of the lists.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16153 dc483132-0cff-0310-8789-dd5450dbe970

20 years agofix debug initializer and copyright
Ken Raeburn [Sat, 6 Mar 2004 02:19:35 +0000 (02:19 +0000)]
fix debug initializer and copyright

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16152 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* reconf: Delete autom4te.cache directories after running autoreconf
Ken Raeburn [Sat, 6 Mar 2004 01:50:12 +0000 (01:50 +0000)]
* reconf: Delete autom4te.cache directories after running autoreconf

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16151 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* lock_file.c (krb5_lock_file): Initialize flock data on entry, but don't
Ken Raeburn [Sat, 6 Mar 2004 00:54:48 +0000 (00:54 +0000)]
* lock_file.c (krb5_lock_file): Initialize flock data on entry, but don't
bother with a static version to copy from.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16150 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoUse more const data in the keytab type registry
Ken Raeburn [Sat, 6 Mar 2004 00:45:33 +0000 (00:45 +0000)]
Use more const data in the keytab type registry

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16149 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* k5-thread.h: New file
Ken Raeburn [Sat, 6 Mar 2004 00:28:03 +0000 (00:28 +0000)]
* k5-thread.h: New file

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16148 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoMerge configuration of kdc, krb524, and slave directories into top
Ken Raeburn [Fri, 5 Mar 2004 21:13:22 +0000 (21:13 +0000)]
Merge configuration of kdc, krb524, and slave directories into top
level configure script.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16147 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* configure.in: Don't invoke macros for library build support. Don't look for awk
Ken Raeburn [Thu, 4 Mar 2004 11:21:28 +0000 (11:21 +0000)]
* configure.in: Don't invoke macros for library build support.  Don't look for awk

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16146 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* configure.in: Don't check for --enable-athena and don't define ATHENA_DES3_KLUDGE
Ken Raeburn [Thu, 4 Mar 2004 10:55:00 +0000 (10:55 +0000)]
* configure.in: Don't check for --enable-athena and don't define ATHENA_DES3_KLUDGE

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16145 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoConfigure telnet using one script instead of four
Ken Raeburn [Thu, 4 Mar 2004 10:25:12 +0000 (10:25 +0000)]
Configure telnet using one script instead of four

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16144 dc483132-0cff-0310-8789-dd5450dbe970

20 years agofix typo
Ken Raeburn [Wed, 3 Mar 2004 08:14:26 +0000 (08:14 +0000)]
fix typo

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16143 dc483132-0cff-0310-8789-dd5450dbe970

20 years agodon't get a krb5_context for the routines that don't need it
Ken Raeburn [Wed, 3 Mar 2004 08:13:20 +0000 (08:13 +0000)]
don't get a krb5_context for the routines that don't need it

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16142 dc483132-0cff-0310-8789-dd5450dbe970

20 years agominor formatting, mostly whitespace
Ken Raeburn [Wed, 3 Mar 2004 05:54:53 +0000 (05:54 +0000)]
minor formatting, mostly whitespace

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16141 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* rc_base.c: Delete unused and untested semaphore support
Ken Raeburn [Wed, 3 Mar 2004 05:48:40 +0000 (05:48 +0000)]
* rc_base.c: Delete unused and untested semaphore support

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16140 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* gic_pwd.c (krb5_get_in_tkt_with_password): Fix a case Jeff missed
Ken Raeburn [Sat, 28 Feb 2004 00:35:01 +0000 (00:35 +0000)]
* gic_pwd.c (krb5_get_in_tkt_with_password): Fix a case Jeff missed

ticket: 2296
version_fixed:

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16139 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* lib/helpers.exp (expect_kadm_ok): Check for eof and report a specific error
Ken Raeburn [Fri, 27 Feb 2004 21:48:32 +0000 (21:48 +0000)]
* lib/helpers.exp (expect_kadm_ok): Check for eof and report a specific error
for that case.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16138 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoAs discussed on the krbdev mailing list, krb5_get_init_creds_password()
Jeffrey Altman [Fri, 27 Feb 2004 05:24:39 +0000 (05:24 +0000)]
As discussed on the krbdev mailing list, krb5_get_init_creds_password()
suffered from a behavior in which it would unintentionally query a master
KDC twice if in fact the KDC queried when krb5int_sendto() was called
with use_master = 0 was in fact the master.  This resulted in more than
an additional protocol operation.  There were two negative side effects.
First, in the case of an incorrect password there would be two counts
against the max retry attempts.  Second, in the case of hardware pre-auth
and an expired password, the user would be asked to enter their expired
password twice before being told it was expired.

This has been fixed by changing the use_master parameter into an in/out
parameter and modifying krb5int_sendto() to indicate which KDC it received
the response from.  This allows the use_master parameter to be set to
indicate whether or not the response came from a master KDC regardless
of whether a master KDC was requested.

ticket: new
target_version: next
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16137 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago * gss-client.c: change if (this) if (that) => if (this && that)
Jeffrey Altman [Fri, 27 Feb 2004 05:04:59 +0000 (05:04 +0000)]
 * gss-client.c: change if (this) if (that) => if (this && that)

ticket: new
target_version: next
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16136 dc483132-0cff-0310-8789-dd5450dbe970

20 years agofix GET{SOCK,PEER}NAME_ARG{2,3}_TYPE lossage I created
Ken Raeburn [Thu, 26 Feb 2004 23:27:49 +0000 (23:27 +0000)]
fix GET{SOCK,PEER}NAME_ARG{2,3}_TYPE lossage I created

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16135 dc483132-0cff-0310-8789-dd5450dbe970

20 years agofix typos
Tom Yu [Thu, 26 Feb 2004 22:10:39 +0000 (22:10 +0000)]
fix typos

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16134 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoSet context flags after calling krb5_rd_req so that the replay cache is set up
Sam Hartman [Thu, 26 Feb 2004 21:52:00 +0000 (21:52 +0000)]
Set context flags after calling krb5_rd_req so that the replay cache is set up

Ticket: 2284
Status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16129 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoMove apputils dir from util to lib, to get its proper place in the
Ken Raeburn [Thu, 26 Feb 2004 05:16:02 +0000 (05:16 +0000)]
Move apputils dir from util to lib, to get its proper place in the
build process (after include).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16128 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* rcp.exp (stop_rsh_daemon): Check for any output before eof, causing any such
Ken Raeburn [Thu, 26 Feb 2004 04:35:09 +0000 (04:35 +0000)]
* rcp.exp (stop_rsh_daemon): Check for any output before eof, causing any such
info to be dumped into the debug log.
* rsh.exp (stop_rsh_daemon): Likewise.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16127 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* gssapi.exp (doit): Fix typo in log message
Ken Raeburn [Thu, 26 Feb 2004 04:20:43 +0000 (04:20 +0000)]
* gssapi.exp (doit): Fix typo in log message

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16126 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* default.exp (passes): Add "mode=udp" to existing pass specifications. Add a
Ken Raeburn [Thu, 26 Feb 2004 04:19:23 +0000 (04:19 +0000)]
* default.exp (passes): Add "mode=udp" to existing pass specifications.  Add a
new pass which does AES and "mode=tcp".
(setup_kerberos_files, setup_krb5_conf): Check global var "mode" and use it to
force UDP or TCP communication between client and KDC.  Also, have clients try
another random port where we don't expect anything to be listening.

ticket: 2285

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16125 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* network.c (setup_a_tcp_listener): Call setreuseaddr before calling bind.
Ken Raeburn [Thu, 26 Feb 2004 03:43:00 +0000 (03:43 +0000)]
* network.c (setup_a_tcp_listener): Call setreuseaddr before calling bind.
(setup_tcp_listener_ports): Don't call setreuseaddr.  Log info about socket
option IPV6_V6ONLY in unsupported and success cases.

ticket: 2285
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16124 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* sendto_kdc.c (start_connection): Close socket if connect() call fails for an
Ken Raeburn [Thu, 26 Feb 2004 00:38:01 +0000 (00:38 +0000)]
* sendto_kdc.c (start_connection): Close socket if connect() call fails for an
unexpected reason.

ticket: 2277
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16123 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoRemove ENCTYPE_LOCAL_DES3_HMAC_SHA1
Sam Hartman [Tue, 24 Feb 2004 21:07:22 +0000 (21:07 +0000)]
Remove ENCTYPE_LOCAL_DES3_HMAC_SHA1

Previously, MIT had support for a version of the des3 enctype with a
32-bit length prepended to encrypted data.  Remove that support.  This
is non-standard and is no longer needed even at MIT.

Ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16122 dc483132-0cff-0310-8789-dd5450dbe970

20 years agodependency updates
Ken Raeburn [Tue, 24 Feb 2004 20:01:08 +0000 (20:01 +0000)]
dependency updates

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16121 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoignore generated shared libraries
Ken Raeburn [Tue, 24 Feb 2004 19:46:02 +0000 (19:46 +0000)]
ignore generated shared libraries

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16120 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoignore some more generated files
Ken Raeburn [Tue, 24 Feb 2004 19:36:31 +0000 (19:36 +0000)]
ignore some more generated files

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16119 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoMove daemon.c into a new library of utility routines for linking our programs
Ken Raeburn [Tue, 24 Feb 2004 19:24:25 +0000 (19:24 +0000)]
Move daemon.c into a new library of utility routines for linking our programs
against but which we don't want to install as a separate library.

Change Kerberos and application servers to link against the library if they
might need the replacement daemon() function.

Add a dummy file to the library in case daemon() is not needed, so we don't
have an empty library, which we may not handle properly.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16118 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoignore fakedest dir
Ken Raeburn [Tue, 24 Feb 2004 17:49:03 +0000 (17:49 +0000)]
ignore fakedest dir

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16117 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoignore generated krb524 error table code
Ken Raeburn [Tue, 24 Feb 2004 17:48:45 +0000 (17:48 +0000)]
ignore generated krb524 error table code

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16116 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoignore files created during testing
Ken Raeburn [Tue, 24 Feb 2004 17:48:26 +0000 (17:48 +0000)]
ignore files created during testing

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16115 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoignore ksetpwd
Ken Raeburn [Tue, 24 Feb 2004 17:47:56 +0000 (17:47 +0000)]
ignore ksetpwd

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16114 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoupdate for krb5-1.3.2-beta5
Tom Yu [Mon, 23 Feb 2004 22:47:55 +0000 (22:47 +0000)]
update for krb5-1.3.2-beta5

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16110 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation for
Ken Raeburn [Mon, 23 Feb 2004 21:25:17 +0000 (21:25 +0000)]
* wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation for
confidential CFX tokens.

ticket: 2266
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16107 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoAdd missing ChangeLog entry
Tom Yu [Mon, 23 Feb 2004 21:25:07 +0000 (21:25 +0000)]
Add missing ChangeLog entry

ticket: 2258

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16106 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* prof_init.c (prof_int32): If long is 4 bytes and int is not, then use long,
Ken Raeburn [Thu, 19 Feb 2004 23:02:54 +0000 (23:02 +0000)]
* prof_init.c (prof_int32): If long is 4 bytes and int is not, then use long,
not int, for prof_int32.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16105 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoBug from David Thompson <thomas@cs.wisc.edu>. Bug originally introduced
Ken Hornstein [Thu, 19 Feb 2004 17:51:40 +0000 (17:51 +0000)]
Bug from David Thompson <thomas@cs.wisc.edu>.  Bug originally introduced
by me during conversion from bcopy() to memcpy().

ticket: 2258

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16104 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoignore some files generated during testing
Ken Raeburn [Thu, 19 Feb 2004 02:47:11 +0000 (02:47 +0000)]
ignore some files generated during testing

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16103 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoprotoize
Ken Raeburn [Thu, 19 Feb 2004 02:46:30 +0000 (02:46 +0000)]
protoize

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16102 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoignore aes-gen program
Ken Raeburn [Thu, 19 Feb 2004 02:13:02 +0000 (02:13 +0000)]
ignore aes-gen program

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16101 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoprotoize
Ken Raeburn [Thu, 19 Feb 2004 01:37:27 +0000 (01:37 +0000)]
protoize

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16100 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoProtoize
Ken Raeburn [Thu, 19 Feb 2004 01:35:15 +0000 (01:35 +0000)]
Protoize

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16099 dc483132-0cff-0310-8789-dd5450dbe970

20 years agodelete some blank lines in fn defs
Ken Raeburn [Thu, 19 Feb 2004 01:22:26 +0000 (01:22 +0000)]
delete some blank lines in fn defs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16098 dc483132-0cff-0310-8789-dd5450dbe970

20 years agouse $(CC) rather than ld to build shared libs on tru64 and irix
Tom Yu [Wed, 18 Feb 2004 20:43:59 +0000 (20:43 +0000)]
use $(CC) rather than ld to build shared libs on tru64 and irix

* shlib.conf (alpha-*-dec-osf*, mips-sgi-irix*): Use $(CC) instead
of ld for building shared libraries.

ticket: new
component: krb5-build

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16097 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* pcbc_encrypt.c (des_pcbc_encrypt): Don't pass a temporary variable to
Ken Raeburn [Wed, 18 Feb 2004 11:04:13 +0000 (11:04 +0000)]
* pcbc_encrypt.c (des_pcbc_encrypt): Don't pass a temporary variable to
DES_DO_ENCRYPT and _DECRYPT.  Drop the temporary variable.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16096 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* f_tables.h (DES_DO_ENCRYPT, DES_DO_DECRYPT): Allocate temporary variable
Ken Raeburn [Tue, 17 Feb 2004 23:53:44 +0000 (23:53 +0000)]
* f_tables.h (DES_DO_ENCRYPT, DES_DO_DECRYPT): Allocate temporary variable
locally instead of taking the extra argument.
* d3_cbc.c (krb5int_des3_cbc_encrypt): Don't pass the extra argument, and
delete the automatic variable.
(krb5int_des3_cbc_decrypt): Likewise.
* f_cbc.c (krb5int_des_cbc_encrypt, krb5int_des_cbc_decrypt): Likewise.
* f_cksum.c (mit_des_cbc_cksum): Likewise.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16095 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* afsstring2key.c (krb5_afs_encrypt): Drop EDFLAG as an argument, make it local
Ken Raeburn [Tue, 17 Feb 2004 23:36:41 +0000 (23:36 +0000)]
* afsstring2key.c (krb5_afs_encrypt): Drop EDFLAG as an argument, make it local
instead, since we always pass 0.
(afs_crypt): Call changed.
(krb5_afs_crypt_setkey, krb5_afs_encrypt): Use memcpy.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16094 dc483132-0cff-0310-8789-dd5450dbe970

20 years agooops; add some acknowledgments to change list
Tom Yu [Tue, 17 Feb 2004 21:58:30 +0000 (21:58 +0000)]
oops; add some acknowledgments to change list

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16088 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoupdate for krb5-1.3.2-beta4
Tom Yu [Tue, 17 Feb 2004 21:50:38 +0000 (21:50 +0000)]
update for krb5-1.3.2-beta4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16087 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoAdd missing PRIOCNTL_HACK stuff here
Tom Yu [Mon, 16 Feb 2004 06:28:44 +0000 (06:28 +0000)]
Add missing PRIOCNTL_HACK stuff here

ticket: new
target_version: 1.3.2
tags: pullup
component: krb5-build

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16085 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoDon't specify defaults for GET{PEER,SOCK}NAME_ARG{2,3}_TYPE macros
Ken Raeburn [Sat, 14 Feb 2004 00:37:18 +0000 (00:37 +0000)]
Don't specify defaults for GET{PEER,SOCK}NAME_ARG{2,3}_TYPE macros

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16082 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoaclocal.m4 (WITH_CC): Add -fno-common to CFLAGS on Darwin, unless -fcommon or
Ken Raeburn [Sat, 14 Feb 2004 00:34:15 +0000 (00:34 +0000)]
aclocal.m4 (WITH_CC): Add -fno-common to CFLAGS on Darwin, unless -fcommon or
-fno-common is already given.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16081 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* aclocal.m4 (TRY_PEER_INT): Deleted.
Ken Raeburn [Sat, 14 Feb 2004 00:31:35 +0000 (00:31 +0000)]
* aclocal.m4 (TRY_PEER_INT): Deleted.
(KRB5_GETPEERNAME_ARGS): Map the getpeername arg types to the corresponding
getsockname arg types.
(KRB5_GETSOCKNAME_ARGS): If nothing matches, assume struct sockaddr and
socklen_t.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16080 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* t_encrypt.c (compare_results): New function.
Ken Raeburn [Fri, 13 Feb 2004 23:40:08 +0000 (23:40 +0000)]
* t_encrypt.c (compare_results): New function.
(main): Use it to check decryption results against the original plaintext.  When
testing with cipher state, encrypt and then decrypt (and verify) two messages.
* Makefile.in (t_encrypt$(EXEEXT)): Depend on CRYPTO_DEPLIB.

ticket: 2229
status: resolved
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16079 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago * build.texinfo (Solaris 9): Add section describing workaround for
Tom Yu [Fri, 13 Feb 2004 23:39:59 +0000 (23:39 +0000)]
* build.texinfo (Solaris 9): Add section describing workaround for
Solaris 9 pty-close kernel bug.

ticket: 2195
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16078 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* dk_decrypt.c (krb5_dk_decrypt_maybe_trunc_hmac): New argument IVEC_MODE. If
Ken Raeburn [Fri, 13 Feb 2004 23:38:57 +0000 (23:38 +0000)]
* dk_decrypt.c (krb5_dk_decrypt_maybe_trunc_hmac): New argument IVEC_MODE.  If
clear, same old behavior.  If set, copy out next to last block for CTS.
(krb5_dk_decrypt, krb5int_aes_dk_decrypt): Pass extra argument.
* dk_encrypt.c (krb5int_aes_dk_encrypt): For IV, copy out next to last block for
CTS.

ticket: 2229
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16077 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoChange PRIOCNTL_HACK code to use "==" rather than "eq", as "eq" is not
Tom Yu [Fri, 13 Feb 2004 20:52:40 +0000 (20:52 +0000)]
Change PRIOCNTL_HACK code to use "==" rather than "eq", as "eq" is not
available in tcl-8.3.

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16071 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoFix logic error
Sam Hartman [Fri, 13 Feb 2004 04:20:56 +0000 (04:20 +0000)]
Fix logic error

Ticket: 2234
Target_Version: 1.3.2
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16070 dc483132-0cff-0310-8789-dd5450dbe970

20 years agopriocntl workaround for Solaris 9 pty-close bug
Tom Yu [Fri, 13 Feb 2004 03:19:30 +0000 (03:19 +0000)]
priocntl workaround for Solaris 9 pty-close bug

Implement gross hack to use priocntl to work around the Solaris 9
pty-close bug.  Run expect at a higher class "FX" priority than
spawned processes, which run at a lower class "FX" priority.  "make
check" needs to start from a process which has FX priority >= 30 and
FX priority limit >= 30.  Thanks to Bill Sommerfeld for the hints.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16069 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoTru64 and Irix have RPATH issues for test suite
Tom Yu [Thu, 12 Feb 2004 18:28:01 +0000 (18:28 +0000)]
Tru64 and Irix have RPATH issues for test suite

Implement hack for faking up _RLD_ROOT with a shadow of the directory
tree up to the installed "lib" directory.  This helps with running
tests on Tru64 and Irix.

ticket: 1793

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16066 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-02-12 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Thu, 12 Feb 2004 13:52:56 +0000 (13:52 +0000)]
2004-02-12  Jeffrey Altman <jaltman@mit.edu>

    * Fix libpath for krbcc32.lib (only affects KRB5_KFW_COMPILE builds)

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16065 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoAdd missing file: gss-misc.h copied from src/appl/gss-sample
Jeffrey Altman [Wed, 11 Feb 2004 22:18:58 +0000 (22:18 +0000)]
Add missing file:  gss-misc.h  copied from src/appl/gss-sample

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16062 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoupdate for krb5-1.3.2-beta3
Tom Yu [Wed, 11 Feb 2004 19:03:19 +0000 (19:03 +0000)]
update for krb5-1.3.2-beta3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16058 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoupdate copyright notices on gss sample apps
Tom Yu [Wed, 11 Feb 2004 18:04:37 +0000 (18:04 +0000)]
update copyright notices on gss sample apps

update copyrights

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16056 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoupdate for krb5-1.3.2-beta3
Tom Yu [Wed, 11 Feb 2004 02:49:58 +0000 (02:49 +0000)]
update for krb5-1.3.2-beta3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16054 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago gss-client.c: remove extraneous parameters from client_establish_context()
Jeffrey Altman [Tue, 10 Feb 2004 19:35:49 +0000 (19:35 +0000)]
 gss-client.c: remove extraneous parameters from client_establish_context()

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16052 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* ser_sctx.c (kg_oid_externalize): Check for errors.
Ken Raeburn [Tue, 10 Feb 2004 04:35:14 +0000 (04:35 +0000)]
* ser_sctx.c (kg_oid_externalize): Check for errors.
(kg_oid_internalize): Check for errors.  Free allocated storage on error.
(kg_queue_externalize): Check for errorrs.
(kg_queue_internalize): Check for errors.  Free allocated storage on error.
(kg_ctx_size): Update for new context data.
(kg_ctx_externalize): Update for new context data.  Check for error storing
trailer.
(kg_ctx_internalize): Update for new context data.  Check for errors in a few
more cases.

ticket: 2166
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16050 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* gssapi.exp (doit): Run server with additional options to export and re-import
Ken Raeburn [Tue, 10 Feb 2004 04:28:28 +0000 (04:28 +0000)]
* gssapi.exp (doit): Run server with additional options to export and re-import
the GSSAPI context, and log info to a file in tmpdir.

ticket: 2166
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16049 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoCall htons for default port of password server
Sam Hartman [Mon, 9 Feb 2004 23:20:47 +0000 (23:20 +0000)]
Call htons for default port of password server

Ticket: 2171
Status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16047 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago * main.c (init_realm): Apply patch from Will Fiveash to use
Tom Yu [Mon, 9 Feb 2004 22:55:17 +0000 (22:55 +0000)]
* main.c (init_realm): Apply patch from Will Fiveash to use
correct TCP listening ports.

ticket: 2118
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16042 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoUpdate from autoconf 2.59
Tom Yu [Mon, 9 Feb 2004 22:54:04 +0000 (22:54 +0000)]
Update from autoconf 2.59

ticket: 2196
version_reported: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16041 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* util_ordering.c (g_queue_externalize, g_queue_internalize): Check for
Ken Raeburn [Mon, 9 Feb 2004 22:10:40 +0000 (22:10 +0000)]
* util_ordering.c (g_queue_externalize, g_queue_internalize): Check for
sufficient buffer space.

ticket: 2166
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16040 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* t_cts.c (test_cts): Process encryption and decryption IVs separately, make
Ken Raeburn [Mon, 9 Feb 2004 22:08:09 +0000 (22:08 +0000)]
* t_cts.c (test_cts): Process encryption and decryption IVs separately, make
sure they match, and display the value.

ticket: 2223
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16039 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* aes.c (krb5int_aes_encrypt, krb5int_aes_decrypt): Copy out value for new IV
Ken Raeburn [Mon, 9 Feb 2004 22:06:23 +0000 (22:06 +0000)]
* aes.c (krb5int_aes_encrypt, krb5int_aes_decrypt): Copy out value for new IV

ticket: 2223
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16038 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* configure.in: Check for sys/time.h and time.h
Ken Raeburn [Mon, 9 Feb 2004 21:46:38 +0000 (21:46 +0000)]
* configure.in: Check for sys/time.h and time.h

ticket: 2224
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16034 dc483132-0cff-0310-8789-dd5450dbe970

20 years agono license on k5sealv3.c
Ken Raeburn [Sun, 8 Feb 2004 08:46:24 +0000 (08:46 +0000)]
no license on k5sealv3.c

Updated copyright notice to include standard license for release.

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16028 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* update usage() for gss-client
Jeffrey Altman [Sat, 7 Feb 2004 19:44:24 +0000 (19:44 +0000)]
* update usage() for gss-client

ticket: 2212

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16027 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoEnable aes128-cts for client
Sam Hartman [Fri, 6 Feb 2004 21:12:21 +0000 (21:12 +0000)]
Enable aes128-cts for client

Currently we support aes128-cts but do not enable it by default.  It
looks like interoperability problems will be created by this decision.
So add aes128-cts to the default list of enctypes for client
configuration and for permitted_enctypes.

Ticket: new
Target_Version: 1.3.2
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16026 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoDo not consider TGS options to be critical; ignore unknown options
Sam Hartman [Fri, 6 Feb 2004 21:10:15 +0000 (21:10 +0000)]
Do not consider TGS options to be critical; ignore unknown options

Ticket: 2189
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16025 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-02-06 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Fri, 6 Feb 2004 19:48:12 +0000 (19:48 +0000)]
2004-02-06  Jeffrey Altman <jaltman@mit.edu>

    * Add new UI components to the gss.exe client
      to support the use of GSS_C_SEQUENCE_FLAG or to
      disable the use of either GSS_C_MUTUAL_FLAG or
      GSS_C_REPLAY_FLAG

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16024 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-02-06 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Fri, 6 Feb 2004 19:05:47 +0000 (19:05 +0000)]
2004-02-06  Jeffrey Altman <jaltman@mit.edu>

    * Add new command line switches to the gss-client
      to support the use of GSS_C_SEQUENCE_FLAG or to
      disable the use of either GSS_C_MUTUAL_FLAG or
      GSS_C_REPLAY_FLAG

ticket: 2212

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16023 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-02-05 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Fri, 6 Feb 2004 07:00:51 +0000 (07:00 +0000)]
2004-02-05  Jeffrey Altman <jaltman@mit.edu>

    * gssapiP_krb5.h:  remove KG_IMPLFLAGS macro

    * init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS
      macro with previous macro definition

    * accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS
      macro with new definition.  As per 1964 the INTEG and CONF flags
      are supposed to indicate the availability of the services in
      the client.  By applying the previous definition of KG_IMPLFLAGS
      the INTEG and CONF flags are always on.  This can be a problem
      because some clients such as Microsoft's Kerberos SSPI allow
      CONF and INTEG to be used independently.  By forcing the flags
      on, we would end up with inconsist state with the client.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16022 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoAdd support for specifying the credential cache to be used as well
Jeffrey Altman [Thu, 5 Feb 2004 08:04:45 +0000 (08:04 +0000)]
Add support for specifying the credential cache to be used as well
as fix a few minor user interface bugs

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16021 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoRemove reference to the ntstatus.h header in cc_mslsa.c
Jeffrey Altman [Wed, 4 Feb 2004 17:28:00 +0000 (17:28 +0000)]
Remove reference to the ntstatus.h header in cc_mslsa.c
This header is not present in the August 2001 Platform SDK which is
the current minimum SDK version.

ticket: new
tags: pullup
target_version: 1.3.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16020 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoupdate for krb5-1.3.2-beta2
Tom Yu [Tue, 3 Feb 2004 13:08:57 +0000 (13:08 +0000)]
update for krb5-1.3.2-beta2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16015 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-02-02 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Tue, 3 Feb 2004 00:50:43 +0000 (00:50 +0000)]
2004-02-02  Jeffrey Altman <jaltman@mit.edu>

   * cc_msla.c:
     GetMSCacheTicketFromCacheInfo() uses the tktinfo->TicketFlags as the
     value to assign to TicketRequest->TicketFlags.  This field is blindly
     inserted into the kdc-options[0] field of the TGS_REQ.  If there are
     bits such as TRANSIT_POLICY_CHECKED in the TicketFlags, this will result
     in an unknown TGS_OPTION being processed by the KDC.

     This has been fixed by mapping the Ticket Flags to KDC options.
     We only map Forwardable, Forwarded, Proxiable, and Renewable.  The others
     should not be used.

ticket: 2190
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16013 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago * cc_mslsa.c: the MSLSA code was crashing on Pismere machines when
Jeffrey Altman [Mon, 2 Feb 2004 17:40:19 +0000 (17:40 +0000)]
   * cc_mslsa.c: the MSLSA code was crashing on Pismere machines when
     logging on with cross realm credentials.  On these machines there are
     8 tickets within the LSA cache from two different realms.  One of the
     krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but
     a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe
     processes.  The attempt to access the ticket returns a SubStatus code
     of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that
     the logon attempt was invalid due to bad authentication information.
     kerbtray has no problem listing this ticket.  The other seven tickets
     in the cache including the Initial Ticket are accessible.  Modified
     krb5_lcc_next_cred() to skip to the next ticket if an attempt to read
     a single ticket fails.

ticket: 2184
tags: pullup
target_version: 1.3.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15997 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* Update README to describe the new PreserveInitialTicketIdentity
Jeffrey Altman [Mon, 2 Feb 2004 16:05:12 +0000 (16:05 +0000)]
* Update README to describe the new PreserveInitialTicketIdentity
  registry key.

ticket: 2139

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15996 dc483132-0cff-0310-8789-dd5450dbe970

20 years agomissing header
Jeffrey Altman [Sun, 1 Feb 2004 05:46:56 +0000 (05:46 +0000)]
missing header

ticket: 2183

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15995 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago * Do not perform ticket importing if the initial TGT is not available
Jeffrey Altman [Sun, 1 Feb 2004 05:40:48 +0000 (05:40 +0000)]
 * Do not perform ticket importing if the initial TGT is not available
   from the MSLSA krb5_ccache.  This will be the case if the session key
   enctype is NULL.  (AllowTGTSessionKey regkey = 0)

ticket: new
target: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15994 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* cc_mslsa.c: optimize the get_next logic by storing a handle to the
Jeffrey Altman [Sun, 1 Feb 2004 01:48:22 +0000 (01:48 +0000)]
* cc_mslsa.c: optimize the get_next logic by storing a handle to the
  MS TGT in the lcc_cursor data structure

ticket:new
tags: pullup
target_version: 1.3.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15993 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* gss-misc.c: Include sys/time.h or time.h, to get struct timeval declaration
Ken Raeburn [Sat, 31 Jan 2004 23:32:18 +0000 (23:32 +0000)]
* gss-misc.c: Include sys/time.h or time.h, to get struct timeval declaration

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15992 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoDo not export tickets from the LSA if they contain NULL session keys.
Jeffrey Altman [Sat, 31 Jan 2004 09:29:13 +0000 (09:29 +0000)]
Do not export tickets from the LSA if they contain NULL session keys.
This is primarily to prevent unusable TGTs from being imported into the
MIT Credential Cache

ticket: 2153
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15991 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-01-30 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Sat, 31 Jan 2004 01:40:58 +0000 (01:40 +0000)]
2004-01-30  Jeffrey Altman <jaltman@mit.edu>

   * cc_mslsa.c: As per extensive conversations with Doug Engert we have
     concluded that MS is not specifying a complete set of domain information
     when it comes to service tickets other than the initial TGT.  What happens
     is the client principal domain cannot be derived from the fields they
     export.  Code has now been added to obtain the domain from the initial
     TGT and use that when constructing the client principals for all tickets.

     This behavior can be turned off by setting a registry either on a per-user
     or a system-wide basis:

        {HKCU,HKLM}\Software\MIT\Kerberos5
            PreserveInitialTicketIdentity = 0x0 (DWORD)

ticket: 2139
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15990 dc483132-0cff-0310-8789-dd5450dbe970