Ezra Peisach [Sun, 12 Mar 2000 19:18:52 +0000 (19:18 +0000)]
* kdb_xdr.c (krb5_dbe_lookup_mod_princ_data): In casting argument
to krb5_parse_name, use krb5_const not const.
Under ultrix, krb5_const is not the same as const
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12100
dc483132-0cff-0310-8789-
dd5450dbe970
Miro Jurisic [Sun, 12 Mar 2000 01:38:10 +0000 (01:38 +0000)]
Updated for 3.0d3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12098
dc483132-0cff-0310-8789-
dd5450dbe970
Miro Jurisic [Fri, 10 Mar 2000 21:16:28 +0000 (21:16 +0000)]
get_in_tkt.c (krb5_get_init_creds): Always initialize local_as_reply to avoid returning garbage on error returns
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12097
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 1 Mar 2000 12:51:11 +0000 (12:51 +0000)]
* aclocal.m4: Tweak the HPUX shared lib build some more. Don't
use $(INSTALL_PROGRAM) for shared libs, since it strips them! We
should fix this at some point.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12096
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 1 Mar 2000 11:33:47 +0000 (11:33 +0000)]
Tweak build system to deal somewhat better with HPUX shared libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12095
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 1 Mar 2000 11:26:20 +0000 (11:26 +0000)]
* kadmin.c (kadmin_cpw): Initialize ks_tuple to NULL
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12094
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 1 Mar 2000 10:42:16 +0000 (10:42 +0000)]
* main.c: Move kdc_initialize_rcache() to kdc_util.c
* kdc_util.c (kdc_initialize_rcache): Move kdc_initialize_rcache()
back here since it's needed for rtest to work. process_tgs_req()
which is called from rtest needs to call kdc_intiialize_rcache()
and we can't very well link rtest with main.o
* kdc_preauth.c (verify_sam_response): Ooops. Get rc_lifetime
from kdc_util, since it's actually declared there.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12093
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 1 Mar 2000 10:07:26 +0000 (10:07 +0000)]
* configure.in: Fix --enable-kdc-replay-cache to actually default
to "yes".
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12092
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 1 Mar 2000 05:15:31 +0000 (05:15 +0000)]
* kdc_preauth.c (verify_sam_response): Declare and set rc_lifetime
for real.
* dispatch.c: Include some more net-related headers.
(dispatch): Fix ifndef HAVE_INET_NTOP branch.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12091
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 28 Feb 2000 22:10:17 +0000 (22:10 +0000)]
new --enable/--disable-kdc-replay-cache configure hooks
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12090
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 28 Feb 2000 22:03:07 +0000 (22:03 +0000)]
* Makefile.in (com_err.o): Depends on com_err.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12089
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 28 Feb 2000 21:54:26 +0000 (21:54 +0000)]
* krlogin.c (main): Don't output debugging messages if debugging wasn't turned on
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12088
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 28 Feb 2000 16:32:47 +0000 (16:32 +0000)]
* proto_serv.c (proto_serv): For error return,strdup the returned
value from error_message to maintain its const status.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12087
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Mon, 28 Feb 2000 16:24:02 +0000 (16:24 +0000)]
* aclocal.m4: Define DES425_LIB and DES425_DEPLIB all the time. We
build the des425 library all the time and these need to be define
for "make check."
This is required when compiling --without-krb4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12086
dc483132-0cff-0310-8789-
dd5450dbe970
Miro Jurisic [Mon, 28 Feb 2000 02:46:07 +0000 (02:46 +0000)]
Updated for 3.0d2
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12084
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 27 Feb 2000 22:22:49 +0000 (22:22 +0000)]
Update client and server to reflect removal of keepold argument from
create_principal_3.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12083
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 27 Feb 2000 22:18:16 +0000 (22:18 +0000)]
Remove keepold argument from create_principal_3, since it is rather
useless. Update library version numbers, xdr functions,
etc. accordingly.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12082
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 26 Feb 2000 03:44:56 +0000 (03:44 +0000)]
* server_acl.c (acl_get_line): Patch from Matt Crawford to permit line continuation by ending a line with a backslash
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12081
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 26 Feb 2000 03:24:44 +0000 (03:24 +0000)]
* kadmin.c (kadmin_modprinc): Complain if -pw option is given,
since it's ignored. Patch from Matt Crawford.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12080
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 26 Feb 2000 03:07:56 +0000 (03:07 +0000)]
main() returns int - not void. Also cleanup unused variables
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12079
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 26 Feb 2000 02:17:14 +0000 (02:17 +0000)]
comment out doc on non-existent fn
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12078
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 26 Feb 2000 01:31:26 +0000 (01:31 +0000)]
* preauth2.c (krb5_do_preauth): Check paorder[h] not h for PA_REAL. Fix from Matt Crawford
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12077
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 26 Feb 2000 01:25:45 +0000 (01:25 +0000)]
fix email addr
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12076
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 26 Feb 2000 01:25:19 +0000 (01:25 +0000)]
forgot room for null pointer at end of local addr array
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12075
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 25 Feb 2000 22:11:12 +0000 (22:11 +0000)]
* configure.in: Check for sys/sockio.h
* network.c: Conditionally include sys/sockio.h for SIOC* if
necessary.
(process_packet): Bracket AF_INET6 branch of a switch statement
with an ifdef.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12074
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Feb 2000 22:05:02 +0000 (22:05 +0000)]
fix udp_port_fds allocation bug; partial ipv6 support
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12073
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Feb 2000 20:52:17 +0000 (20:52 +0000)]
oops, update changelog for bug fix
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12072
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Feb 2000 20:51:59 +0000 (20:51 +0000)]
Fix off-by-one error in previous code, spotted at the last minute.
This is why things weren't working without the loopback addresses,
which showed up last in the list, after the address my client was
trying to use, thus hiding the error.
(I tried to abort the previous checkin, but cvs went ahead with it
despite the "editor session failed" report...hm.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12071
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Feb 2000 20:46:35 +0000 (20:46 +0000)]
Patches from Alec Peterson, plus some work of my own, to let a multihomed
KDC respond to requests from the same IP address that the requests were sent
to.
**N.B. This will perform worse in the case of addresses dynamically added
and removed after the KDC has started, since it will be incapable of using
any new addresses.
I'm unclear on why the loopback interface address needs to be included in
the list of addresses. Apparently, on NetBSD-current, if it's not, packets
sent to other local addresses but over the loopback interface are queued but
not received?? Needs further investigation; could just be a NetBSD bug.
* configure.in: Invoke KRB5_SOCKADDR_SA_LEN.
* network.c: Include <sys/ioctl.h>, <syslog.h>, <net/if.h>.
(foreach_localaddr): New function, copied from
lib/krb5/os/localaddr.c. Tweaked to not exclude loopback
interface.
(NEED_SOCKETS): Define before including k5-int.h.
(n_sockets): New variable.
(setup_port): New function; creates listening udp ports given an
address.
(setup_network): Call foreach_localaddr to set up listening
sockets on each local address, so we can always respond from the
receiving address.
(listen_and_process): Use n_sockets as upper bound of loop.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12070
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Feb 2000 20:27:43 +0000 (20:27 +0000)]
Separate interface address processing from Kerberos-related functions.
* localaddr.c (foreach_localaddr): Broken out from old krb5_os_localaddr.
Iterates over all active interface addresses, invoking callback functions;
knows nothing about Kerberos.
(count_addrs, allocate, add_addr): New callback functions.
(krb5_os_localaddr): Use the above.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12069
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 25 Feb 2000 17:04:16 +0000 (17:04 +0000)]
* t_verify.c: Add "const" to casts in calls to mit_des_cbc_encrypt()
* destest.c: Declare zeroblock as krb5_octet * instead of char * as
argument to mit_des_cbc_encrypt.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12068
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Feb 2000 00:00:50 +0000 (00:00 +0000)]
* kerberos_v4.c (v4_klog): Don't treat the formatted text as a format string
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12067
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 24 Feb 2000 21:18:45 +0000 (21:18 +0000)]
* configure.in: Remove dependency on libdes425 when krb4 support
is not compiled in.
Linking with des425 is not required when krb4 is not compiled in. This
cleans up the configure.in as we use WITH_KRB4 already
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12066
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 24 Feb 2000 14:19:25 +0000 (14:19 +0000)]
Test for <arpa/inet.h> for possible inet_ntop prototype
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12065
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 23 Feb 2000 05:18:48 +0000 (05:18 +0000)]
* kpasswd.0/changing.exp: Add a sleep to avoid a race with the
setup script. If this isn't here, it is possible that the initial
change of pol2's password may happen too soon.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12064
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 22 Feb 2000 21:15:46 +0000 (21:15 +0000)]
fix for vpath and du4.0 make
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12063
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 22 Feb 2000 15:24:36 +0000 (15:24 +0000)]
Makefile.in (clean-unix): Add clean-libobjs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12062
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 21 Feb 2000 21:39:11 +0000 (21:39 +0000)]
from Bear Giles:
* fetch_mkey.c (krb5_db_fetch_mkey): Don't attempt to override type of key read
from stash file.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12061
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 21 Feb 2000 21:38:01 +0000 (21:38 +0000)]
from Bear Giles:
* alt_prof.c (krb5_read_realm_params): Permit realm supported enctypes to be
unspecified, letting the KDC produce defaults. Don't look up enctypes at all
if an error is to be returned.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12060
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 21 Feb 2000 21:36:53 +0000 (21:36 +0000)]
From Bear Giles:
* telnetd.c (doit): Provide a more useful error message than
"authentication failed" if no authentication was even attempted.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12059
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 19 Feb 2000 02:34:19 +0000 (02:34 +0000)]
Volatile decls as needed.
Format attribute declarations for gcc.
Deleting some unused variables.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12058
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 19 Feb 2000 02:05:53 +0000 (02:05 +0000)]
* kadm_rpc_svc.c (kadm_1): Update to include new api functions
* ovsec_kadmd.c (log_badverf): Update proc_names.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12057
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 19 Feb 2000 01:57:07 +0000 (01:57 +0000)]
* keytab.c (add_usage): Update usage message.
(kadmin_keytab_add): Update to deal with explicit keysalt lists.
(add_principal): Update to deal with explicit keysalt lists.
* kadmin.c (kadmin_cpw): Add support for new api.
(kadmin_parse_princ_args): Add support for new api, particularly
-keepold to keep old keys around and -e to explicitly specify
key-salt tuples.
(kadmin_addprinc_usage): Update usage accordingly.
(kadmin_addprinc): Add support for new api.
(kadmin_modprinc): Update to call new parse_princ_args reasonably.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12056
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 19 Feb 2000 01:50:53 +0000 (01:50 +0000)]
* kadm_rpc_xdr.c (xdr_chpass3_arg):
(xdr_chrand3_arg): Fix up calls to xdr_array.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12055
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 19 Feb 2000 01:49:31 +0000 (01:49 +0000)]
* kdb_cpw.c (krb5_dbe_crk):
(krb5_dbe_cpw): Fix to actually save old keys.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12054
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 18 Feb 2000 01:07:54 +0000 (01:07 +0000)]
* server_stubs.c: Add create_principal3_1, chpass_principal3_1,
setkey_principal3_1, and chrand_principal3_1 to do the obvious
things.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12053
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 18 Feb 2000 00:14:12 +0000 (00:14 +0000)]
* svc_auth_gssapi.c (_svcauth_gssapi): Don't explicitly free
call_arg on error, since svc_getargs should do that now.
* svc_udp.c (svcudp_getargs): Free args on xdr decode error to
avoid leaks.
* svc_tcp.c (svctcp_getargs): Free args on xdr decode error to
avoid leaks.
* svc_raw.c (svcraw_getargs): Free args on xdr decode error to
avoid leaks.
* auth_gssapi.c (auth_gssapi_create): Don't explicitly free
call_res anymore, since clnt_call should deal now.
* clnt_udp.c (clntudp_call): Free stuff on error from
xdr_replymsg() to prevent leaking.
* clnt_tcp.c (clnttcp_call): Free stuff on error from
xdr_replymsg() to avoid leaking.
* clnt_raw.c (clntraw_call): Free stuff on error from
xdr_replymsg() to avoid leaking.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12052
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 17 Feb 2000 00:33:38 +0000 (00:33 +0000)]
* auth_gssapi.c (auth_gssapi_create): Free call_res because
xdr_authgssapi_init_res can potentially allocate memory. Perhaps
clnt_call should really deal with this, though. It is not at all
clear whether clnt_call or svc_getargs should actually end up
freeing allocated memory themselves.
* svc_auth_gssapi.c (_svcauth_gssapi): Call gssrpc_xdr_free() if
xdr_authgssapi_creds() or xdr_authgssapi_init_arg() fails.
* auth_gssapi_misc.c (xdr_authgssapi_creds):
(xdr_authgssapi_init_arg):
(xdr_authgssapi_init_res): Revert prior change. The caller should
be the one dealing. Additionally, it was probably wrong to
unconditionally free the object regardless of whether the mode is
XDR_DECODE.
(auth_gssapi_unwrap_data): Use temp_xdrs rather than in_xdrs to
force XDR_FREE operation.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12051
dc483132-0cff-0310-8789-
dd5450dbe970
Danilo Almeida [Wed, 16 Feb 2000 21:16:43 +0000 (21:16 +0000)]
Document that -s is not applicable to Kerberos 4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12050
dc483132-0cff-0310-8789-
dd5450dbe970
Danilo Almeida [Wed, 16 Feb 2000 21:11:07 +0000 (21:11 +0000)]
* kinit.c: Nicer usage message. Better checking for illegal
options. Do not output error when doing Kerberos 4 if we will be
trying 524 afterwards. Add hooks for future support for
specifying the Kerberos 4 cache name. Fix GET_PROGNAME macro to
properly return program name under Win32. Re-indent, turning
spaces that should be tabs into tabs.
* kinit.M: Document new Kerberos 4 kinit behavior.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12049
dc483132-0cff-0310-8789-
dd5450dbe970
Danilo Almeida [Wed, 16 Feb 2000 21:10:34 +0000 (21:10 +0000)]
* kdestroy.c: Fix GET_PROGNAME macro to properly return program
name under Win32. Re-indent, turning spaces that should be tabs
into tabs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12048
dc483132-0cff-0310-8789-
dd5450dbe970
Danilo Almeida [Wed, 16 Feb 2000 21:10:15 +0000 (21:10 +0000)]
* klist.c: Fix GET_PROGNAME macro to properly return program name
under Win32. Re-indent, turning spaces that should be tabs into
tabs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12047
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 16 Feb 2000 20:11:03 +0000 (20:11 +0000)]
Move include of libtelnet/auth.h earlier to provide
prototype for auth_cmd()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12046
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 16 Feb 2000 18:29:50 +0000 (18:29 +0000)]
* preauth2.c (pa_sam): In send-encrypted-sad mode, check for magic salt length
and generate a salt from the principal name if found; use the password and salt
to generate a key. Provide timestamp if nonce is zero, regardless of preauth
mode. (Patch from Chas Williams.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12045
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 16 Feb 2000 08:35:46 +0000 (08:35 +0000)]
* localaddr.c (krb5_os_localaddr): Dynamically grow buffer used for SIOCGIFCONF
until it appears to have been big enough. Dynamically grow internal address
pointer array as needed.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12044
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 15 Feb 2000 05:14:28 +0000 (05:14 +0000)]
* libobj.in: Fix up .c.so and .c.po rules to include $(CFLAGS),
which were previously missing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12043
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 15 Feb 2000 05:13:30 +0000 (05:13 +0000)]
* server.c: Add code to set a signal handler for SIGHUP and a few
others so that purify will actually generate memory leak reports.
* configure.in: Add CHECK_SIGNALS.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12042
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 15 Feb 2000 05:12:30 +0000 (05:12 +0000)]
* svc.c (xprt_register): Zero out xports after allocating
* auth_gssapi_misc.c (xdr_authgssapi_creds):
(xdr_authgssapi_init_arg):
(xdr_authgssapi_init_res):
(auth_gssapi_unwrap_data): If xdr_gss_buf or xdr_bytes fails, call
again with XDR_FREE set so that allocated memory doesn't leak.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12041
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 14 Feb 2000 00:07:10 +0000 (00:07 +0000)]
Add client-side stubs and functions with additional capabilities to
take key_salt_tuples and optionally keep old keys around. Add
server-side functionality for setkey with key_salt_tuple and "keepold"
functionality. Update rpc stubs and xdr functions/headers
appropriately.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12040
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 11 Feb 2000 23:06:47 +0000 (23:06 +0000)]
* README, gss-client.c, gss-misc.c, gss-misc.h, gss-server.c:
Patches from jik to make gss-sample more versatile.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12039
dc483132-0cff-0310-8789-
dd5450dbe970
Marshall Vale [Fri, 11 Feb 2000 20:51:00 +0000 (20:51 +0000)]
Added "Kerberos Preferences" as valid config file on Mac OS. Others will be removed at a later date
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12037
dc483132-0cff-0310-8789-
dd5450dbe970
Marshall Vale [Fri, 11 Feb 2000 20:50:58 +0000 (20:50 +0000)]
* init_os_ctx.c: Added "Kerberos Preferences" as valid config file on Mac OS
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12036
dc483132-0cff-0310-8789-
dd5450dbe970
Miro Jurisic [Fri, 11 Feb 2000 01:57:36 +0000 (01:57 +0000)]
Fixed lxs' fix: strlen (x) + 1 instead of strlen (x+1)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12035
dc483132-0cff-0310-8789-
dd5450dbe970
Miro Jurisic [Fri, 11 Feb 2000 01:57:12 +0000 (01:57 +0000)]
Added comments to remove some calls in the next releas
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12034
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 10 Feb 2000 20:04:44 +0000 (20:04 +0000)]
changelog updated for stdcc_util.c change
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12033
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 10 Feb 2000 20:02:36 +0000 (20:02 +0000)]
Added +1 to strlens so that null terminator will fit in the buffer ;-P
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12032
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 10 Feb 2000 09:31:45 +0000 (09:31 +0000)]
* login.c (main): Only destroy xtra_creds if non-null. (Patch from Richard Basch.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12031
dc483132-0cff-0310-8789-
dd5450dbe970
Miro Jurisic [Thu, 10 Feb 2000 01:53:10 +0000 (01:53 +0000)]
Updated for 3.0d1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12030
dc483132-0cff-0310-8789-
dd5450dbe970
Marshall Vale [Tue, 8 Feb 2000 23:21:27 +0000 (23:21 +0000)]
* init_os_ctx.c: Added changes for the Mac for limited support of Application Support folder as a location for the krb5 configuration file
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12027
dc483132-0cff-0310-8789-
dd5450dbe970
Marshall Vale [Tue, 8 Feb 2000 23:02:47 +0000 (23:02 +0000)]
Limited support for Applicaiton Support folder as location for krb5.ini on the Mac added
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12026
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 8 Feb 2000 05:28:12 +0000 (05:28 +0000)]
* api.1/lock.exp: Since a "wait" directive to the command list of
the lock_test procedures does not wait for any synchronization,
change lock9 to acquire and release a lock before the "wait"
directive in order to avoid a race condition where lock9 spawns
the ./lock-test but the program has not opened the database prior
to lock9_1 acquiring a permanent lock. This was causing
difficult-to-reproduce failures.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12025
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 8 Feb 2000 01:18:04 +0000 (01:18 +0000)]
* aclocal.m4: Kludge in the old test for tcl so that we have some
prayer of pulling in tcl from the funky installation that goes
along with dejagnu.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12024
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 8 Feb 2000 00:17:59 +0000 (00:17 +0000)]
* lib/helpers.exp: Fix to call kinit and kdestroy with the -5 flag
to accomodate new program behavior.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12023
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 8 Feb 2000 00:09:43 +0000 (00:09 +0000)]
* lib/lib.t: Call kinit and kdestroy with -5 flag to accomodate
new behavior.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12022
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 7 Feb 2000 23:51:13 +0000 (23:51 +0000)]
* config/unix.exp: Call send_error instead of fail to prevent
referencing variables not yet set up by the test framework.
* lib/helpers.exp: Call kinit and kdestroy with the -5 flag to
deal with new program behavior. Also call perror rather than
error to avoid spewing a stack trace.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12021
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 7 Feb 2000 21:53:04 +0000 (21:53 +0000)]
* kadmin.exp: Use $KDESTROY -5 to deal with changed behavior
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12020
dc483132-0cff-0310-8789-
dd5450dbe970
Scott McGuire [Mon, 7 Feb 2000 21:36:32 +0000 (21:36 +0000)]
changepw.c (krb5_locate_kpasswd): fixed memory trashing caused by incorrect pointer arithmetic when assigning DEFAULT_KPASSWD_PORT in DNS code
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12019
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 7 Feb 2000 16:25:53 +0000 (16:25 +0000)]
* default.exp: Remove default_tgs_enctypes for now as it was
causing tests to fail when the tgt is DES3. Need to investigate
further.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12018
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 7 Feb 2000 16:25:47 +0000 (16:25 +0000)]
* aclocal.m4 (AC_KRB5_TCL_FIND_CONFIG): Change test syntax a little to keep bash happy
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12017
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 7 Feb 2000 11:33:57 +0000 (11:33 +0000)]
* configure.in: Check for inet_ntop and getipnodebyaddr, both used in klist
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12016
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 7 Feb 2000 11:23:16 +0000 (11:23 +0000)]
* kdc_preauth.c (return_sam_data): Just return 0 if no input preauth data is available
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12015
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 7 Feb 2000 11:21:26 +0000 (11:21 +0000)]
* kinit.c (try_convert524): Avoid duplicate free calls
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12014
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 7 Feb 2000 10:33:31 +0000 (10:33 +0000)]
fix my email address in log header
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12013
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 7 Feb 2000 10:32:45 +0000 (10:32 +0000)]
* gic_pwd.c (krb5_get_as_key_password): If the as_key enctype is already set to
the correct type, do continue and ask for the password anyways. (Patch from
Chas Williams, PR krb5-libs/730.)
* preauth2.c (pa_sam): If no sam_flags were set, return KRB5_PREAUTH_BAD_TYPE,
because we don't currently handle that case.
* preauth2.c (pa_sam): Remove unused variable use_sam_key.
(SAMDATA): Cast first result to int, which is what sprintf needs.
(pa_salt): Delete unused variable ret.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12012
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 7 Feb 2000 10:22:58 +0000 (10:22 +0000)]
* kdc_preauth.c (get_preauth_hint_list): Log a message if preauth is required
but no preauth types are available.
(return_sam_data): Fix typo in figuring length of data to XOR when merging
keys.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12011
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 7 Feb 2000 04:15:58 +0000 (04:15 +0000)]
Frank Cusack's patches, first two sets. Should be no incompatible changes,
except perhaps for a client talking to both a new and old KDC? Several
improvements to guard against replay attacks when hardware preauth is in use,
though they require re-enabling the USE_RCACHE code, which I haven't done yet.
Several changes of mine for silencing a few compiler warnings, and adding some
debugging log messages while I track what's going on with the preauth code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12010
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 7 Feb 2000 03:55:12 +0000 (03:55 +0000)]
updated some comments (fcusack)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12009
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 7 Feb 2000 03:54:51 +0000 (03:54 +0000)]
added flags field to predicted_sam_response (fcusack)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12008
dc483132-0cff-0310-8789-
dd5450dbe970
Danilo Almeida [Mon, 7 Feb 2000 03:16:55 +0000 (03:16 +0000)]
Add documentation about debug vs. release builds
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12007
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 7 Feb 2000 00:26:40 +0000 (00:26 +0000)]
more fcusack changes - rest of first set
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12006
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 7 Feb 2000 00:18:02 +0000 (00:18 +0000)]
Frank Cusack changes, set 1, diffs 1-3 of 4
Rename "sam_passcode" field to "sam_sad". Add data to predicted-sam-response
structure, in part to (prepare to) help with replay detection.
Fix some memory allocation problems.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12005
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 6 Feb 2000 23:04:52 +0000 (23:04 +0000)]
* standalone.exp: Use $KLIST -5 and $KDESTROY -5 to deal with
changed behavior in these programs. Wait for eof in some cases to
avoid hanging.
* rsh.exp: Wait for eof to prevent hanging.
* gssapi.exp: Use $KINIT -5 to deal with new kinit behavior.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12004
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 6 Feb 2000 23:02:43 +0000 (23:02 +0000)]
* default.exp: Use $KINIT -5 to deal with modified kinit
behavior.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12003
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 6 Feb 2000 21:57:32 +0000 (21:57 +0000)]
* login.c (main): Reorder some control flow to avoid security hole
if KRB4_GET_TICKETS is not defined.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12001
dc483132-0cff-0310-8789-
dd5450dbe970
Danilo Almeida [Fri, 4 Feb 2000 23:55:21 +0000 (23:55 +0000)]
* kinit.c: Only free stuff if it's not NULL. (Note: The krb5_free_*
routines probably should be fixed check for NULL pointers...)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12000
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 4 Feb 2000 22:42:39 +0000 (22:42 +0000)]
* Makefile.in (klist): Fix to build under Unix again
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11999
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 4 Feb 2000 22:42:02 +0000 (22:42 +0000)]
* Makefile.in (kinit): Fix to build on Unix again
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11998
dc483132-0cff-0310-8789-
dd5450dbe970
Scott McGuire [Fri, 4 Feb 2000 22:41:21 +0000 (22:41 +0000)]
(krb5_locate_kpasswd): fixed memory trashing caused by incorrect pointer arithmetic when assigning DEFAULT_KPASSWD_PORT in non-DNS code
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11997
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 4 Feb 2000 22:40:43 +0000 (22:40 +0000)]
* aclocal.m4: Add support to substitute KRB524_LIB in places
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11996
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 4 Feb 2000 22:40:35 +0000 (22:40 +0000)]
* pre.in: Add KRB524_DEPLIB and KRB524_LIB
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11995
dc483132-0cff-0310-8789-
dd5450dbe970