Ken Raeburn [Mon, 21 Feb 2000 21:38:01 +0000 (21:38 +0000)]
from Bear Giles:
* alt_prof.c (krb5_read_realm_params): Permit realm supported enctypes to be
unspecified, letting the KDC produce defaults. Don't look up enctypes at all
if an error is to be returned.
Tom Yu [Sat, 19 Feb 2000 01:57:07 +0000 (01:57 +0000)]
* keytab.c (add_usage): Update usage message.
(kadmin_keytab_add): Update to deal with explicit keysalt lists.
(add_principal): Update to deal with explicit keysalt lists.
* kadmin.c (kadmin_cpw): Add support for new api.
(kadmin_parse_princ_args): Add support for new api, particularly
-keepold to keep old keys around and -e to explicitly specify
key-salt tuples.
(kadmin_addprinc_usage): Update usage accordingly.
(kadmin_addprinc): Add support for new api.
(kadmin_modprinc): Update to call new parse_princ_args reasonably.
Tom Yu [Thu, 17 Feb 2000 00:33:38 +0000 (00:33 +0000)]
* auth_gssapi.c (auth_gssapi_create): Free call_res because
xdr_authgssapi_init_res can potentially allocate memory. Perhaps
clnt_call should really deal with this, though. It is not at all
clear whether clnt_call or svc_getargs should actually end up
freeing allocated memory themselves.
* svc_auth_gssapi.c (_svcauth_gssapi): Call gssrpc_xdr_free() if
xdr_authgssapi_creds() or xdr_authgssapi_init_arg() fails.
* auth_gssapi_misc.c (xdr_authgssapi_creds):
(xdr_authgssapi_init_arg):
(xdr_authgssapi_init_res): Revert prior change. The caller should
be the one dealing. Additionally, it was probably wrong to
unconditionally free the object regardless of whether the mode is
XDR_DECODE.
(auth_gssapi_unwrap_data): Use temp_xdrs rather than in_xdrs to
force XDR_FREE operation.
Danilo Almeida [Wed, 16 Feb 2000 21:11:07 +0000 (21:11 +0000)]
* kinit.c: Nicer usage message. Better checking for illegal
options. Do not output error when doing Kerberos 4 if we will be
trying 524 afterwards. Add hooks for future support for
specifying the Kerberos 4 cache name. Fix GET_PROGNAME macro to
properly return program name under Win32. Re-indent, turning
spaces that should be tabs into tabs.
* kinit.M: Document new Kerberos 4 kinit behavior.
Ken Raeburn [Wed, 16 Feb 2000 18:29:50 +0000 (18:29 +0000)]
* preauth2.c (pa_sam): In send-encrypted-sad mode, check for magic salt length
and generate a salt from the principal name if found; use the password and salt
to generate a key. Provide timestamp if nonce is zero, regardless of preauth
mode. (Patch from Chas Williams.)
Ken Raeburn [Wed, 16 Feb 2000 08:35:46 +0000 (08:35 +0000)]
* localaddr.c (krb5_os_localaddr): Dynamically grow buffer used for SIOCGIFCONF
until it appears to have been big enough. Dynamically grow internal address
pointer array as needed.
Tom Yu [Tue, 15 Feb 2000 05:12:30 +0000 (05:12 +0000)]
* svc.c (xprt_register): Zero out xports after allocating
* auth_gssapi_misc.c (xdr_authgssapi_creds):
(xdr_authgssapi_init_arg):
(xdr_authgssapi_init_res):
(auth_gssapi_unwrap_data): If xdr_gss_buf or xdr_bytes fails, call
again with XDR_FREE set so that allocated memory doesn't leak.
Tom Yu [Mon, 14 Feb 2000 00:07:10 +0000 (00:07 +0000)]
Add client-side stubs and functions with additional capabilities to
take key_salt_tuples and optionally keep old keys around. Add
server-side functionality for setkey with key_salt_tuple and "keepold"
functionality. Update rpc stubs and xdr functions/headers
appropriately.
Tom Yu [Tue, 8 Feb 2000 05:28:12 +0000 (05:28 +0000)]
* api.1/lock.exp: Since a "wait" directive to the command list of
the lock_test procedures does not wait for any synchronization,
change lock9 to acquire and release a lock before the "wait"
directive in order to avoid a race condition where lock9 spawns
the ./lock-test but the program has not opened the database prior
to lock9_1 acquiring a permanent lock. This was causing
difficult-to-reproduce failures.
Tom Yu [Mon, 7 Feb 2000 23:51:13 +0000 (23:51 +0000)]
* config/unix.exp: Call send_error instead of fail to prevent
referencing variables not yet set up by the test framework.
* lib/helpers.exp: Call kinit and kdestroy with the -5 flag to
deal with new program behavior. Also call perror rather than
error to avoid spewing a stack trace.
Ken Raeburn [Mon, 7 Feb 2000 10:32:45 +0000 (10:32 +0000)]
* gic_pwd.c (krb5_get_as_key_password): If the as_key enctype is already set to
the correct type, do continue and ask for the password anyways. (Patch from
Chas Williams, PR krb5-libs/730.)
* preauth2.c (pa_sam): If no sam_flags were set, return KRB5_PREAUTH_BAD_TYPE,
because we don't currently handle that case.
* preauth2.c (pa_sam): Remove unused variable use_sam_key.
(SAMDATA): Cast first result to int, which is what sprintf needs.
(pa_salt): Delete unused variable ret.
Ken Raeburn [Mon, 7 Feb 2000 10:22:58 +0000 (10:22 +0000)]
* kdc_preauth.c (get_preauth_hint_list): Log a message if preauth is required
but no preauth types are available.
(return_sam_data): Fix typo in figuring length of data to XOR when merging
keys.
Ken Raeburn [Mon, 7 Feb 2000 04:15:58 +0000 (04:15 +0000)]
Frank Cusack's patches, first two sets. Should be no incompatible changes,
except perhaps for a client talking to both a new and old KDC? Several
improvements to guard against replay attacks when hardware preauth is in use,
though they require re-enabling the USE_RCACHE code, which I haven't done yet.
Several changes of mine for silencing a few compiler warnings, and adding some
debugging log messages while I track what's going on with the preauth code.
Ken Raeburn [Mon, 7 Feb 2000 00:18:02 +0000 (00:18 +0000)]
Frank Cusack changes, set 1, diffs 1-3 of 4
Rename "sam_passcode" field to "sam_sad". Add data to predicted-sam-response
structure, in part to (prepare to) help with replay detection.
Fix some memory allocation problems.
Danilo Almeida [Fri, 4 Feb 2000 21:26:02 +0000 (21:26 +0000)]
* kinit.c: Major revamp to support Kerberos 4 compatibility. Code
restructured to allow changes to support Kerberos 4 or Kerberos 5
only operation depending on whether dynamic libraries are
avialable. Explicit documentation and support files to make it
easy to do this will be forthcoming.
* Makefile.in: On Windows, use getopt.lib instead of getopt.obj,
and add support for getopt_long.
Danilo Almeida [Fri, 4 Feb 2000 21:24:18 +0000 (21:24 +0000)]
* klist.c: Major revamp to support Kerberos 4 compatibility. Code
restructured to allow changes to support Kerberos 4 or Kerberos 5
only operation depending on whether dynamic libraries are
avialable. Explicit documentation and support files to make it
easy to do this will be forthcoming.
Danilo Almeida [Fri, 4 Feb 2000 21:23:59 +0000 (21:23 +0000)]
* kdestroy.c: Major revamp to support Kerberos 4 compatibility. Code
restructured to allow changes to support Kerberos 4 or Kerberos 5
only operation depending on whether dynamic libraries are
avialable. Explicit documentation and support files to make it
easy to do this will be forthcoming.
Danilo Almeida [Fri, 4 Feb 2000 20:14:56 +0000 (20:14 +0000)]
* getopt.c, getopt_long.c, getopt.h: Update to latest BSD code
found (from NetBSD).
* Makefile.in: Build getopt.lib which includes getopt.obj and
getopt_long.obj.
Danilo Almeida [Tue, 1 Feb 2000 20:49:25 +0000 (20:49 +0000)]
* gss-client.c, gss-server.c, gss-misc.c: Include Windows headers
instead of Unix headers under Windows.
* gss-server.c (usage): Fix usage info to reflect that service_name is
required.
* gss-misc.c (read_all, write_all): Change write to send and read
to recv for portability.
(gettimeofday): Add an implementation of gettimeofday() for
Windows.
Ezra Peisach [Sat, 29 Jan 2000 00:56:34 +0000 (00:56 +0000)]
* kts_g_ent.c, ktsrvtab.h (krb5_ktsrvtab_get_entry): Change the
third argument to krb5_const_principal (from krb5_principal) to
agree with krb5_kts_ops entries.
Ken Raeburn [Thu, 27 Jan 2000 22:02:58 +0000 (22:02 +0000)]
Don't use obsolete autoconf macros. Fix up output formatting a little.
Rewrote tcl config handling to extract info from installed tclConfig.sh.
Configure-time option to control IPv6 configuration.
Configure-time option to enable DNS lookups.
Ken Raeburn [Thu, 27 Jan 2000 00:56:27 +0000 (00:56 +0000)]
* k5-int.h [!NEED_SOCKETS]: Declare (but do not define) struct sockaddr if
SOCK_DGRAM hasn't been defined yet.
(krb5_locate_srv_conf, krb5_locate_srv_dns): Declare.
(struct krb5_keytypes, struct krb5_cksumtypes): enc, hash, and keyhash provider
structures pointed to are now const.
Ken Raeburn [Sat, 22 Jan 2000 03:49:56 +0000 (03:49 +0000)]
Various changes to:
* make most non-changing data const
* silence "gcc -Wall -Werror" complaints on sparc-solaris2.6
** delete unused functions and variables
** change if(a=b) ... to if((a=b)) or if((a=b)!=0) [yeah, kinda gratuitous]
** insert extra braces for 2-D arrays
* some basic thread safety checks
Not changing afsstring2key.c until I make sure I've got some tests for it.
Currently, prng.c and afsstring2key.c, at least, still aren't thread-safe.
projects / thirdparty / krb5.git / log
