git.tremily.us Git - krb5.git/log

update krb5_c_keylength function, create krb5_c_random_to_key function

Modify the keylength function to return both keybytes and keylength.
Change the name of the function and source file to reflect this.

Add a function, krb5_c_random_to_key() that takes random input data
of the right length (keybytes) and produce a valid key for a given
enctype.

ticket: new
Target_Version: 1.6
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18836 dc483132-0cff-0310-8789-dd5450dbe970

commits for KFW 3.1 Beta 4

     KfW 3.1 beta 4 (NetIDMgr 1.1.6.0)

     nidmgr32.dll (1.1.6.0)

     - Fix a race condition where the initialization process might be
       flagged as complete even if the identity provider hasn't finished
       initialization yet.

     krb5cred.dll (1.1.6.0)

     - When assigning the default credentials cache for each identity,
       favor API and FILE caches over MSLSA if they exist.

     - When renewing an identity which was the result of importing
       credentials from the MSLSA cache, attempt to re-import the
       credentials from MSLSA instead of renewing the imported credentials.

     - Prevent possible crash if a Kerberos 5 context could not be obtained
       during the renewal operation.

     - Prevent memory leak in the credentials destroy handler due to the
       failure to free a Kerberos 5 context.

     - Properly match principals and realms when importing credentials from
       the MSLSA cache.

     - Determine the correct credentials cache to place imported
       credentials in by checking the configuration for preferred cache
       name.

     - Keep track of identities where credentials imports have occurred.

     - When setting the default identity, ignore the KRB5CCNAME environment
       variable.

     - Do not re-compute the credentials cache and timestamps when updating
       an identity.  The cache and timestamp information is computed when
       listing credentials and do not change between listing and identity
       update.

     - When refreshing the default identity, also handle the case where the
       default credentials cache does not contain a principal, but the name
       of the cache can be used to infer the principal name.

     - Invoke a listing of credentials after a successful import.

     - Do not free a Kerberos 5 context prematurely during plug-in
       initialization.

     netidmgr.exe (1.1.6.0)

     - Fix the UI context logic to handle layouts which aren't based around
       identities.

     - Don't try to show a property sheet when there are no property pages
       supplied for the corresponding UI context.

     - Use consistent context menus.

     - Bring a modal dialog box to the foreground when it should be active.

     - Do not accept action triggers when the application is not ready to
       process actions yet.

     - Do not force the new credentials dialog to the top if there's
       already a modal dialog box showing.

     - Change the default per-identity layout to also group by location.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18828 dc483132-0cff-0310-8789-dd5450dbe970

krb5_stdccv3_generate_new returns NULL ccache

Fixed krb5_stdccv3_generate_new so it no longer returns a NULL ccache.

ticket: new
target_version: 1.6
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18820 dc483132-0cff-0310-8789-dd5450dbe970

* rd_req_dec.c: Whitespace changes in function headers.
(krb5_rd_req_decoded_opt): Include more info in error text for AP_WRONG_PRINC
and NOPERM_ETYPE errors.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18817 dc483132-0cff-0310-8789-dd5450dbe970

include realm in "can't resolve KDC" error message

* locate_kdc.c (krb5int_locate_server): Store an error message for
REALM_CANT_RESOLVE error that lists the realm.

ticket: new
target_version: 1.6
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18816 dc483132-0cff-0310-8789-dd5450dbe970

avoid double frees in ccache manipulation around gen_new

* krb5/krb/vfy_increds.c (krb5_verify_init_creds): If krb5_cc_gen_new fails,
don't both close and destroy the template ccache.
* gssapi/krb5/accept_sec_context.c (rd_and_store_for_creds): Likewise.

ticket: new
target_version: 1.6
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18815 dc483132-0cff-0310-8789-dd5450dbe970

fix warning in preauth_plugin.h header

* preauth_plugin.h (enum krb5plugin_preauth_client_request_type): Omit trailing
comma.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18814 dc483132-0cff-0310-8789-dd5450dbe970

fix some warnings in ldap code

* libkdb_ldap/ldap_realm.c (ignore_duplicates, compare): Unused functions deleted.
(krb5_ldap_modify_realm, krb5_ldap_read_realm_params): Conditionalize declarations of
automatic variables that are only used for eDirectory.
* libkdb_ldap/ldap_service_stash.c (tohex): Use one sprintf call instead of two.
(dec_password): Use an unsigned type to fetch values with %x.
* libkdb_ldap/ldap_realm.h (ldap_filter_correct): Declare.
* libkdb_dlap/ldap_misc.c (my_strndup): Only define if HAVE_LDAP_STR2DN.
(populate_krb5_db_entry): Remove unused automatic variable.
* ldap_util/kdb5_ldap_util.c (cmd_table): Fix typo in preprocessing conditional.
* ldap_util/kdb5_ldap_realm.c (get_ticket_policy): Declarations first, then code.
* ldap_util/kdb5_ldap_services.c (kdb5_ldap_stash_service_password): On error, increment
exit_status; don't return a value.
* ldap_util/kdb5_ldap_services.h (kdb5_ldap_stash_service_password): Update decl.

ticket: new
target_version: 1.6
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18813 dc483132-0cff-0310-8789-dd5450dbe970

LDAP patch from Novell, 2006-10-13

Patch from 13 November from Savitha R:
> Fix for delpol deleting ticket policies
> Removed references to old schema
> Moved some unused code under #ifdef HAVE_EDIRECTORY

ticket: new
target_version: 1.6
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18812 dc483132-0cff-0310-8789-dd5450dbe970

Add macros for __attribute__((deprecated)) for krb4 and des APIs

Added KRB5INT_KRB4_DEPRECATED and KRB5INT_DES_DEPRECATED.

ticket: new
target_version: 1.6
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18811 dc483132-0cff-0310-8789-dd5450dbe970

update copyrights and acknowledgments

Update copyrights and acknowledgments for 1.6.

ticket: new
target_version: 1.6
component: krb5-doc
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18805 dc483132-0cff-0310-8789-dd5450dbe970

allow server preauth plugin verify_padata function to return e-data

Change server-side preauth plugin interface to allow the plugin's
verify_padata function to return e-data to be returned to the client.
(Patch from Nalin Dahyabhai <nalin@redhat.com>)

Update sample plugins to return e-data to exercise the code.

Fix memory leak in the wpse plugin.

ticket: new
Component: krb5-kdc
Target_Version: 1.6
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18801 dc483132-0cff-0310-8789-dd5450dbe970

correct client preauth plugin request_context

Correctly share the same request_context between all modules
within a single client preauth plugin.

ticket: new
Component: krb5-libs
Target_Version: 1.6
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18800 dc483132-0cff-0310-8789-dd5450dbe970

more Novell ldap patches from Nov 6 and Fix for wrong password policy reference count

This commit is to update the code with the following Novell patches from
Nov 6, 2006:

patch-ldap-kadm5-macro.diff
patch-ldap-fixes.diff
patch-ldap-key-seq-salt.diff
patch-ldap-misc.diff

And this patch from Nov 8:
patch-ldap-pwd-policy.c

ticket: new
Target_Version: krb5-1.6
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18799 dc483132-0cff-0310-8789-dd5450dbe970

Delay kadmind random number initialization until after fork

Target_Version 1.6
Tags: pullup

Delay initialization of the random number generator in kadmind until
after the fork and backgrounding of the process. Otherwise, a lack of
sufficient entropy during the system boot process will delay system
boot on systems that run each init script in series and that start
kadmind via an init script.

ticket: new
Component: krb5-admin
Version_Reported: 1.4.4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18793 dc483132-0cff-0310-8789-dd5450dbe970

Document how to change the krbtgt key for a realm

ticket: new
Componet: krb5-doc
Version_Reported: 1.4.4
Target_Version: 1.6
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18792 dc483132-0cff-0310-8789-dd5450dbe970

Install gssapi.h in includedir that includes gssapi/gssapi.h so that either
form of #include will work. Provides better compatibility with Heimdal.

ticket: 2240
Component: krb5-libs
Version_Reported: 1.3.2
Target_Version: 1.6
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18791 dc483132-0cff-0310-8789-dd5450dbe970

Add "get_data" function to the client preauth plugin interface

Modify the client preauth plugin interface to pass in a function
pointer and data pointer so the plugin may request information
otherwise unavailable.

ticket: new
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18790 dc483132-0cff-0310-8789-dd5450dbe970

Add public function to get keylenth associated with an enctype

Add a new function, krb5_c_keylength, to libk5crypto to obtain the
keylength associated with an enctype.

ticket: new
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18789 dc483132-0cff-0310-8789-dd5450dbe970

Remove obsolete/conflicting prototype for krb524_convert_princs

After krb524_convert_princs() was made static, the prototype in krb524d.h
no longer matches the actual function declaration and is no longer needed.

ticket: new
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18787 dc483132-0cff-0310-8789-dd5450dbe970

commit for KFW 3.1 beta 3 (part two)

remove prototype for removed function

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18781 dc483132-0cff-0310-8789-dd5450dbe970

commits for KFW 3.1 Beta 3

     KfW 3.1 beta 3 (NetIDMgr 1.1.4.0)

     source for 1.1.4.0

     - Eliminate unused commented out code.

     nidmgr32.dll (1.1.4.0)

     - The configuration provider was incorrectly handling the case where a
       configuration value also specifies a configuration path, resulting
       in the configuration value not being found.  Fixed.

     - Fix a race condition when refreshing identities where removing an
       identity during a refresh cycle may a crash.

     - Fix a bug which would cause an assertion to fail if an item was
       removed from one of the system defined menus.

     - When creating an indirect UI context, khui_context_create() will
       correctly fill up a credential set using the selected credentials.

     krb5cred.dll (1.1.4.0)

     - Fix a race condition during new credentials acquisition which may
       cause the Krb5 plug-in to abandon a call to
       krb5_get_init_creds_password() and make another call unnecessarily.

     - If krb5_get_init_creds_password() KRB5KDC_ERR_KEY_EXP, the new
       credentials dialog will automatically prompt for a password change
       instead of notifying the user that the password needs to be changed.

     - When handling WMNC_DIALOG_PREPROCESS messages, the plug-in thread
       would only be notified of any changes to option if the user
       confirmed the new credentials operation instead of cancelling it.

     - Additional debug output for the DEBUG build.

     - Reset the sync flag when reloading new credentials options for an
       identity.  Earlier, the flag was not being reset, which can result
       in the new credentials dialog not obtaining credentials using the
       new options.

     - Handle the case where the new credentials dialog maybe closed during
       the plug-in thread is processing a request.

     - Fix a condition which would cause the Krb5 plug-in to clear the
       custom prompts even if Krb5 was not the identity provider.

     - Once a password is changed, use the new password to obtain new
       credentials for the identity.

     netidmgr.exe (1.1.4.0)

     - Fix a redraw issue which left areas of the credentials window
       unupdated if another window was dragged across it.

     - Handle WM_PRINTCLIENT messages so that the NetIDMgr window will
       support window animation and other features that require a valid
       WM_PRINTCLIENT handler.

     - During window repaints, NetIDMgr will no longer invoke the default
       window procedure.

     - Add support for properly activating and bringing the NetIDMgr window
       to the foreground when necessary.  If the window cannot be brought
       to the foreground, it will flash the window to notify the user that
       she needs to manually activate the NetIDMgr window.

     - When a new credentials dialog is launched as a result of an external
       application requesting credentials, if the NetIDMgr application is
       not minimized, it will be brought to the foreground before the new
       credentials dialog is brought to the foreground.  Earlier, the new
       credentials dialog may remain hidden behind other windows in some
       circumstances.

     - When displaying custom prompts for the new credentials dialog, align
       the input controls on the right.

ticket:new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18767 dc483132-0cff-0310-8789-dd5450dbe970

krb5.h not C++-safe due to "struct krb5_cccol_cursor"

Fixed definition of "struct krb5_cccol_cursor" in krb5.h to be C++ safe.
In C++ the struct name is also a type so there can't be a typedef of the same
name, in this case "typedef struct krb5_cccol_cursor *krb5_cccol_cursor;".

ticket: new
status: open
target_version: 1.6
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18765 dc483132-0cff-0310-8789-dd5450dbe970

krb5_get_init_creds_password does not consistently prompt for password changing

krb5_get_init_creds_password() previously did not consistently
handle KRB5KDC_ERR_KEY_EXP errors.  If there is a "master_kdc"
entry for the realm and the KDC is reachable, then the function
will prompt the user for a password change.  Otherwise, it will
return the error code to the caller.  If the caller is a ticket
manager, it will prompt the user for a password change with a
dialog that is different from the one generated by the prompter
function passed to krb5_get_init_creds_password.

With this change krb5_get_init_creds_password() will always
prompt the user if it would return KRB5KDC_ERR_KEY_EXP unless
the function is compiled with USE_LOGIN_LIBRARY.  (KFM)

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18764 dc483132-0cff-0310-8789-dd5450dbe970

Make clean in lib/kdb leaves error table files

Remove adb_err.c and adb_err.h on make clean.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18763 dc483132-0cff-0310-8789-dd5450dbe970

Make clean does not remove lib/crypto/t_prf

Remove t_prf and t_prf.o on make clean.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18762 dc483132-0cff-0310-8789-dd5450dbe970

* tcl_kadm5.c (parse_principal_ent, parse_policy_ent): Don't pass back an
uninitialized pointer in error case.
* tcl_ovsec_kadm.c (parse_principal_ent, parse_policy_ent): Likewise.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18761 dc483132-0cff-0310-8789-dd5450dbe970

* secure.c (secure_putbuf): Initialize automatic variable LENGTH to 0.
* ftp.c (gss_trials, n_gss_trials): Make static and const.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18760 dc483132-0cff-0310-8789-dd5450dbe970

* svr_principal.c (kadm5_use_password_server): Define only if USE_PASSWORD_SERVER

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18759 dc483132-0cff-0310-8789-dd5450dbe970

* svc_auth_gss.c (svcauth_gss_import_name): Unused function deleted

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18758 dc483132-0cff-0310-8789-dd5450dbe970

* g_pw_in_tkt.c (passwd_to_key): Unused function deleted

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18757 dc483132-0cff-0310-8789-dd5450dbe970

* prng.c (init_error): Unused variable deleted

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18756 dc483132-0cff-0310-8789-dd5450dbe970

* fake-addrinfo.c (krb5int_lock_fac, krb5int_unlock_fac): Define only if FAI_CACHE

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18755 dc483132-0cff-0310-8789-dd5450dbe970

Modify the preath plugin interface so that a plugin's context is
global to all the modules within a plugin.  Also, change the
client-side interface so that the preauth plugin context (once
created) lives the lifetime of a krb5_context.  This will allow
future changes that can set plugin parameters.  The client side
request context lives the lifetime of a call to krb5_get_init_creds().

Make the sample preauth plugins buildable outside the source tree.

Fix minor memory leak in sort_krb5_padata_sequence().

Add a prototype for krb5_do_preauth_tryagain() and change the plugin
interface.

Incorporates fixes from Nalin Dahyabhai <nalin@redhat.com> for leaks
of the function table pointers (rt #4566) and fix KDC crash (rt #4567)

ticket: 4566
ticket: 4567
ticket: 4587
Target_Version: 1.6
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18754 dc483132-0cff-0310-8789-dd5450dbe970

make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18753 dc483132-0cff-0310-8789-dd5450dbe970

* cnv_tkt_skey.c (krb524_convert_princs): Move here, make static.
* conv_princ.c: Deleted.
* Makefile.in (SRCS, SERVER_OBJS): Updated accordingly.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18752 dc483132-0cff-0310-8789-dd5450dbe970

* conv_princ.c (krb5_425_conv_principal): Fix silly typo in arrays' sizes in
previous change.

ticket: 4534

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18751 dc483132-0cff-0310-8789-dd5450dbe970

latest Novell ldap patches and kdb5_util dump support for ldap

I've applied Novell's latest patches for their LDAP KDB plugin. I've
also implemented and tested support for kdb5_util dump using the LDAP
KDB plugin. I also added a Sun copyright on files that I've modified.

ticket: new
Target_Version: krb5-1.6
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18750 dc483132-0cff-0310-8789-dd5450dbe970

don't confuse profile iterator in 425 princ conversion

The profile iterator code hangs onto and uses the list of names passed
in. The krb5_425_conv_principal code reuses that array when the
iterator may still be used.

* conv_princ.c (krb5_425_conv_principal): Use separate name arrays for
the iterator and the v4_realm lookup that may be done inside the
iteration loop.

ticket: new
target_version: 1.6
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18748 dc483132-0cff-0310-8789-dd5450dbe970

use strdup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18747 dc483132-0cff-0310-8789-dd5450dbe970

more copyright fixes pre-1.6

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18744 dc483132-0cff-0310-8789-dd5450dbe970

Synchronise copyright notices. Preliminary update of README for 1.6

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18743 dc483132-0cff-0310-8789-dd5450dbe970

fix krb5_ldap_iterate to handle NULL match_expr and open_db_and_mkey to use KRB5_KDB_SRV_TYPE_ADMIN

When I ran kdb5_util dump I had two initial problems.  First, the LDAP
plugin was not finding the bind DN because open_db_and_mkey() was
passing KRB5_KDB_SRV_TYPE_OTHER to krb5_db_open().  When I change this
to KRB5_KDB_SRV_TYPE_ADMIN then the ldap_kadmind_dn parameter is used
from krb5.conf and a valid bind DN is found.  Second,
krb5_ldap_iterate() will core dump when it is called withy a NULL
match_expr arg.  This is how dump_db calls krb5_db_iterate().  I updated
krb5_ldap_iterate() to use a default_match_expr of "*" if match_expr ==
NULL.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18736 dc483132-0cff-0310-8789-dd5450dbe970

fix invalid access found by valgrind

Valgrind found that we were reading past the end of the
preferred padata string. p is manually updated within
the loop and there is no need for the increment. It was
causing the null terminator to be skipped over, rather
than properly terminating the loop.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18735 dc483132-0cff-0310-8789-dd5450dbe970

Avoid segfault in krb5_do_preauth_tryagain

Check pointer is non-null before using it. Avoids segfault in
krb5_do_preauth_tryagain().

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18734 dc483132-0cff-0310-8789-dd5450dbe970

For Irix - determine if using gcc and gnu ld - set compiler flags properly

ticket: 4455

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18733 dc483132-0cff-0310-8789-dd5450dbe970

osf1 -oldstyle_liblookup typo

Not really relevant anymore - as we do not support static linking now.
But in ticket 927 (r16776) - a test was added to determine if gnu ld
was in use and change the linker flags accordingly. The variable in
aclocal.m4 was krb5_cv_prog_gnu_ld and this was testing for
krb5_cv_gnu_ld.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18732 dc483132-0cff-0310-8789-dd5450dbe970

Delete src/lib/ccapi.
The ccapi shipped in 1.6 will not be based off this code
and will live in src/ccapi.
It will be copied onto the trunk and branch when ready, but this code is being removed before the branch cut.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18731 dc483132-0cff-0310-8789-dd5450dbe970

Update protocol rfcs to the versions we actually implement

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18730 dc483132-0cff-0310-8789-dd5450dbe970

enabling LDAP mix-in support for kdb5_util load

I now have mix-in working for the kdb5_util load. If the krbSubTrees
realm attr contains a base DN where non-krb entries live the
load/krb5_ldap_put_principal() code will modify those entries whose
krbPrincipalName attr matches that of the dump princ record being loaded
otherwise a standalone krbprinc entry will be created under the realm
container.

I also fixed a small bug in krb5_ldap_policydn_to_name() for the version
that uses ldap_explode_dn().

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18729 dc483132-0cff-0310-8789-dd5450dbe970

Add supp-int.h to provide prototypes for declared internal functions.
*.x: Include this header
Makefile.in: Update dependencies

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18728 dc483132-0cff-0310-8789-dd5450dbe970

Memory leak fixes on exit

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18727 dc483132-0cff-0310-8789-dd5450dbe970

Free allocated memory when no longer used

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18726 dc483132-0cff-0310-8789-dd5450dbe970

Invoke krb5_free_principal to remove memory leak

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18725 dc483132-0cff-0310-8789-dd5450dbe970

Call freeaddrinfo at end - memory leak

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18724 dc483132-0cff-0310-8789-dd5450dbe970

Declare krb5_mcc_get_flags static - it is not exported or used outside of file

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18723 dc483132-0cff-0310-8789-dd5450dbe970

Unsigned/signed warning fix

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18722 dc483132-0cff-0310-8789-dd5450dbe970

Include gss_libinit.h for gssint_initialize_library() prototype

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18721 dc483132-0cff-0310-8789-dd5450dbe970

Include string.h for memcmp prototype

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18720 dc483132-0cff-0310-8789-dd5450dbe970

Include time.h for time() prototype

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18719 dc483132-0cff-0310-8789-dd5450dbe970

Add prototype for krb5int_init_context_kdc

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18718 dc483132-0cff-0310-8789-dd5450dbe970

Add prototype for krb5_aprof_get_boolean

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18717 dc483132-0cff-0310-8789-dd5450dbe970

Tag krb5_rc_dfl_init_locked as static - not used outside file

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18716 dc483132-0cff-0310-8789-dd5450dbe970

Cleanup some warnings on missing prototypes

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18715 dc483132-0cff-0310-8789-dd5450dbe970

fix typo in make var ref

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18714 dc483132-0cff-0310-8789-dd5450dbe970

Cleanup unused variable warning during make check

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18713 dc483132-0cff-0310-8789-dd5450dbe970

Remove all unused variable warnings from tree

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18712 dc483132-0cff-0310-8789-dd5450dbe970

typo

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18711 dc483132-0cff-0310-8789-dd5450dbe970

Pass VALGRIND in to runtest. When it's set, redefine spawn to use it for
most commands starting with "/" but not "/bin/sh" and certain others.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18710 dc483132-0cff-0310-8789-dd5450dbe970

Suppress some uninteresting glibc warnings on RHEL4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18709 dc483132-0cff-0310-8789-dd5450dbe970

Define VALGRIND1 as an invocation of valgrind that could be used for VALGRIND

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18708 dc483132-0cff-0310-8789-dd5450dbe970

Zap automatic structures before filling in

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18707 dc483132-0cff-0310-8789-dd5450dbe970

Clear req_st buffer before filling it in

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18706 dc483132-0cff-0310-8789-dd5450dbe970

Initialize some values before use, silence some warnings

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18705 dc483132-0cff-0310-8789-dd5450dbe970

Fix logic bug in string allocation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18704 dc483132-0cff-0310-8789-dd5450dbe970

Use memmove for overlapping regions

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18703 dc483132-0cff-0310-8789-dd5450dbe970

Free v4mode when done with it

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18702 dc483132-0cff-0310-8789-dd5450dbe970

Don't strncpy a string to itself

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18701 dc483132-0cff-0310-8789-dd5450dbe970

Call fileno and krb5_lock_file before calling fclose, rather than after.
Caught by valgrind.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18700 dc483132-0cff-0310-8789-dd5450dbe970

Use $(VALGRIND) when running programs using $(KRB5_RUN_ENV) or
$(RUN_SETUP).  Replaces old hack with MAYBE_VALGRIND added to RUN_ENV
in a way that would break in some of the tests.

Set VALGRIND in site.exp in tests/dejagnu.  (Not used yet.)

Runs some shell scripts under valgrind, rather than changing them to
run only the executables under valgrind; this is mostly okay, just
creates lots of extra log data, and requires --trace-children=yes.

This should work for any instrumentation program invocation that gets
followed immediately by the name and argument list for the program
being instrumented.  For example, VALGRIND="env LD_PRELOAD=..." should
work, though I haven't tested it.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18699 dc483132-0cff-0310-8789-dd5450dbe970

Always zap newly allocated pages, intead of conditional on PURIFY.
Minor performance penalty; c'est la vie. Better to be able to run
purify or valgrind or whatever on the binaries we actually use.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18698 dc483132-0cff-0310-8789-dd5450dbe970

Use 'const' with krb5_get_error_message

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18697 dc483132-0cff-0310-8789-dd5450dbe970

Eliminate some warnings: missing "const", unused variables, success
case in load_preauth_plugins was missing a return value (which isn't
checked anyways).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18696 dc483132-0cff-0310-8789-dd5450dbe970

* preauth_plugin.h: Don't use an enum in a public api

* kdc_preauth.c (get_etype_info): Rename get_entry_data to avoid shadowing
(get_etype_info2): likewise
(return_etype_info): likewise
(return_pw_salt): likewise
(get_entry_data): Update prototype not to use enum in a API

ticket: 4377
tatus: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18695 dc483132-0cff-0310-8789-dd5450dbe970

Add prototype for krb5int_debug_fprint to os-proto.h. Include os-proto.h in
sn2princ.c. Cleans up warning for function definition w/o prototype.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18694 dc483132-0cff-0310-8789-dd5450dbe970

Patch to split client plugin from server plugin

ticket: 4377
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18693 dc483132-0cff-0310-8789-dd5450dbe970

(krb5_db2_db_init): When creating a temporary database, use the suffix
"~.kadm5" for the policy database filename.

ticket: 4354
version_reported: 1.5
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18692 dc483132-0cff-0310-8789-dd5450dbe970

Add a policy to the database, then after the dump and restore, check
that it's still there.

ticket: 4355
tags: pullup
target_version: 1.5.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18691 dc483132-0cff-0310-8789-dd5450dbe970

Another patch from Will Fiveash, to make "kdb5_util load <dumpfile>"
work with the LDAP KDB back end, in simple cases (all entries stored
under the krbcontainer entry).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18690 dc483132-0cff-0310-8789-dd5450dbe970

more debugging printfs for nightly testing

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18689 dc483132-0cff-0310-8789-dd5450dbe970

(add_to_transited): Change the current logic to keep all array references
in bounds, assuming that what would've been next[-1] would not be '.'. I
haven't fully reexamined the logic, but this seems consistent with the
actual current behavior, and the existing test cases.

Also, factored out code for copying a string from a krb5_data to a char*.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18688 dc483132-0cff-0310-8789-dd5450dbe970

some (more) debugging code to track down nightly test failures

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18680 dc483132-0cff-0310-8789-dd5450dbe970

some debugging code to track down nightly test failures

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18679 dc483132-0cff-0310-8789-dd5450dbe970

skip over verbose (protocol trace) debugging output

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18678 dc483132-0cff-0310-8789-dd5450dbe970

Add bounds-checking assertions before automatic array reference

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18677 dc483132-0cff-0310-8789-dd5450dbe970

Keep just 10/6 version of schema files

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18674 dc483132-0cff-0310-8789-dd5450dbe970

Memory management and Solaris porting fixes from Will Fiveash

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18673 dc483132-0cff-0310-8789-dd5450dbe970

Check for allocation failure. Caught by Will Fiveash

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18672 dc483132-0cff-0310-8789-dd5450dbe970

Don't segfault if a preauth plugin module fails to load

Move the zeroing of the errinfo struct before the call to
krb5int_open_plugin_dirs() to prevent segfault in the case
where a plugin fails to load. (For example if there are
unresolved symbols.)

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18671 dc483132-0cff-0310-8789-dd5450dbe970

final commits for KFW 3.1 Beta 2

  krb5cred.dll (1.1.2.0)

  - Fix the control logic so that if the password is expired for an
    identity, the krb5 credentials provider will initiate a change
    password request.  Once the password is successfully changed, the
    new password will be used to obtain new credentials.

  - Fix an incorrect condition which caused the new credentials dialog
    to refresh custom prompts unnecessarily.

  - Removing an identity from the list of NetIDMgr identities now causes
    the corresponding principal to be removed from the LRU principals
    list.

  - Properly handle KMSG_CRED_PROCESS message when the user is
    cancelling out.

  - Add more debug output

  - Do not renew Kerberos tickets which are not initial tickets.

  - Fix whitespace in source code.

  - When providing identity selection controls, disable the realm
    selector when the user specifies the realm in the username control.

  - k5_ident_valiate_name() will refuse principal names with empty or
    unspecified realms.

  - When updating identity properties, the identity provider will
    correctly set the properties for identities that were destroyed.
    This fixes a problem where the values may be incorrect if an
    identity has two or more credential caches and one of them is
    destroyed.

  nidmgr32.dll (1.1.2.0)

  - Send out a separate notification if the configuration information
    associated with an identity is removed.

  - If an identity is being removed from the NetIDMgr identity list in
    the configuration panel, do not send out APPLY notifications to the
    subpanels after the configuration information has been removed.
    Otherwise this causes the configuration information to be reinstated
    and prevent the identity from being removed.

  - Properly initialize the new credentials blob including the UI
    context structure.

  netidmgr.exe (1.1.2.0)

  - When suppressing error messages, make sure that the final
    KMSG_CRED_END notification is sent.  Otherwise the new credentials
    acquisition operation will not be cleaned up.

  - Autoinit option now checks to see if there are identity credentials
    for the default identity and triggers the new credentials dialog if
    there aren't any.

  - Properly synchronize the configuration node list when applying
    changes (e.g.: when removing or adding an identity).

  - Fix a handle leak when removing an identity from the NetIDMgr
    identity list.

  - Refresh the properties for the active identities before calculating
    the renewal and expiration timers.  Otherwise the timestamps being
    used might be incorrect.

  - Add Identity dialog (in the configuration panel) now uses the
    identity selection controls provided by the identity provider.

  - Improve type safety when handling timer refreshes.

  - When getting the expiration times and issue times for an identity,
    the timer refresh code may fail over to the expiration and issue
    times for the credential it is currently looking at.  Now the code
    makes sure that both the issue and expiration times come from the
    identity or the credential but not mixed.

  - Not being able to get the time of issue of a credential now does not
    result in the credential being skipped from the timer refresh pass.
    However, not having a time of issue will result in the half-life
    algorithm not being applied for the renew timer.

  - Fix a bug which caused a credential to be abandoned from the timer
    refresh pass if the reamining lifetime of the credential is less
    than the renewal threshold.

  - Fix a bug where the vertical scroll bars for the hypertext window
    would not appear when the contents of the window changed.

  - Trigger a refresh of the configuration nodes when adding or removing
    an identity.

  source for (1.1.2.0)

  - Explicitly include <prsht.h> so that the SDK can be used in build
    environments that define WIN32_LEAN_AND_MEAN.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18670 dc483132-0cff-0310-8789-dd5450dbe970