Ken Raeburn [Thu, 15 Jun 2006 22:01:57 +0000 (22:01 +0000)]
(kadmin_startup): Properly skip "\@" and "\/" sequences when
processing principal name, rather than going into an infinite loop.
Suggested by Mark Phalan at Sun.
Ken Raeburn [Wed, 14 Jun 2006 23:44:48 +0000 (23:44 +0000)]
Some simple transformations:
Use ANSI C function definitions instead of old K&R style.
Rename local variable "res" to "clnt_res".
Cast clnt_call arguments to xdrproc_t and caddr_t.
This brings the code more in line with what current (RHEL) rpcgen would do.
Russ Allbery [Wed, 14 Jun 2006 20:31:52 +0000 (20:31 +0000)]
When NULL is passed into krb_get_in_pw_tkt, we only want to prompt once
for the password rather than passing NULL along to each string to key
function causing each to prompt independently. Modify krb_get_in_pw_tkt
to call des_read_pw_string directly and then pass the resulting password
into each string to key function as needed. Add a prototype of
des_read_pw_string to krb4int.h since it's an exported function of
libdes425 but isn't prototyped in des.h.
Russ Allbery [Tue, 13 Jun 2006 16:03:12 +0000 (16:03 +0000)]
telnet help should telnet to a host named help, not display a usage
message. Only support ?, not help, to request help with the open
command. The same change was made in netkit's telnet.
Russ Allbery [Tue, 13 Jun 2006 15:18:04 +0000 (15:18 +0000)]
POSIX allows getpwnam_r and getpwuid_r to return 0 (success) even if the
username or UID could not be found, in which case OUT will be set to
NULL. Elsewhere, code assumes that if k5_getpwnam_r or k5_getpwuid_r
returns 0, OUT is non-NULL. Check whether OUT is NULL and adjust the
return value accordingly in the k5_getpw{nam,uid}_r wrappers.
Russ Allbery [Mon, 12 Jun 2006 19:59:35 +0000 (19:59 +0000)]
Always include sys/ioctl.h in the telnet and telnetd code, even if
sys/filio.h is available. GNU/kFreeBSD has sys/filio.h but still
requires sys/ioctl.h, and sys/ioctl.h is included unconditionally
elsewhere in the code. Patch from Petr Salinger.
Russ Allbery [Mon, 12 Jun 2006 19:47:52 +0000 (19:47 +0000)]
Never return -I/usr/include from --cflags. It's already in the default
compiler search path, causes gcc warnings, and can cause obscure failures
with gcc by including system headers before gcc's internal headers.
Russ Allbery [Mon, 12 Jun 2006 18:58:01 +0000 (18:58 +0000)]
Always initialize the output token in gss_init_sec_context as required
by RFC 2744 section 5.19. The krb5 code did this but the generic code
didn't, causing a double-free in OpenSSH.
Russ Allbery [Mon, 12 Jun 2006 18:35:03 +0000 (18:35 +0000)]
If krb5_gss_canonicalize_name is given GSS_C_NULL_OID as the mechanism,
assume krb5 using similar logic as other library functions rather than
failing. Patch provided by Daniel Kahn Gillmor.
Russ Allbery [Mon, 12 Jun 2006 18:19:26 +0000 (18:19 +0000)]
Document the authorization logic used in the absence of .k5login files.
Remove all remaining references to .rhosts authentication; the code to
implement this was already removed.
Ken Raeburn [Sat, 10 Jun 2006 01:05:40 +0000 (01:05 +0000)]
Since it appears we don't actually set the conf_tgs_ktypes field except in this
initial allocation of zero elements, it can be deleted, along with
conf_tgs_ktypes_count and the associated code...
Ken Raeburn [Thu, 8 Jun 2006 20:23:17 +0000 (20:23 +0000)]
Fixed by having krb5_fcc_interpret call krb5_set_error_message to incorporate
the lower-level error message into the message displayed by kinit, which has
already been changed to use krb5_get_error_message. For example, "kinit(v5):
Credentials cache I/O operation failed (No space left on device) when
initializing cache".
Ken Raeburn [Fri, 2 Jun 2006 23:21:12 +0000 (23:21 +0000)]
No longer ignore configure, autom4te.cache, config.status, config.log
in directories that no longer have configure.in files. (And prune
blank lines previously accidentally added to the svn:ignore property
while we're editing them anyways.)
Sam Hartman [Fri, 2 Jun 2006 21:14:35 +0000 (21:14 +0000)]
Patch from Alejandro R. Sedeno and Jeffrey Hutzelman to allow krb4 to
read 32-bit and 64-bit ticket files on 32-bit and 64-bit systems.
Previously the ticket file format depended on the ABI. Significant
backward compatibility is maintained; the patch works by writing
alignment records that are valid (but meaningless) ticket file entries
but that allow systems to get realigned. As a consequence an old
library will see additional meaningless ticket file entries when it
reads a ticket file produced by the new code. These entries are
harmless and will be ignored.
Ken Raeburn [Wed, 31 May 2006 00:09:31 +0000 (00:09 +0000)]
Merge about 1/3 of the remaining configure scripts into the top level. This
still leaves out appl and tests, and static library and plugin directories.
Ken Raeburn [Wed, 24 May 2006 16:18:53 +0000 (16:18 +0000)]
Drop major version number from service-locator function table structure.
Add a typedef name for the structure. Change multiple-inclusion macro name.
Add a comment indicating desired symbol name.
Ken Raeburn [Tue, 23 May 2006 00:37:46 +0000 (00:37 +0000)]
Mention the python plugin stuff in configure.in, but inside an "if false"
block, so reconf will build a configure script and it'll be easy to enable
for testing.
Ken Raeburn [Tue, 23 May 2006 00:03:06 +0000 (00:03 +0000)]
install headers into include/krb5
Create include/krb5 directory, and put krb5.h and (k5-)locate.h there in the
build tree. Stub krb5.h in main include directory just includes krb5/krb5.h.
Update dependencies, and add dependencies in a couple Makefiles that didn't
have them.
Ken Raeburn [Thu, 18 May 2006 04:22:15 +0000 (04:22 +0000)]
* configure.in: Set and substitute KSU_LIBS, SETENVOBJ, DO_TCL. Generate
makefiles for util/et, util/profile, lib/kdb, clients and those clients
subdirectories built on UNIX, rather than running configure there.
Deleted configure.in scripts for those directories, and changed
Makefile.in definitions of thisconfigdir and mydir.
Ken Raeburn [Tue, 16 May 2006 02:56:59 +0000 (02:56 +0000)]
Don't look for pthread_mutexattr_setrobust_np
Apparently Red Hat's Fedora Core 5 defines it but doesn't declare it,
so we'd have to declare it before testing the address. While it was
once useful for checking whether the pthread code had been loaded, I
think the other tests done now are more effective and this isn't
needed any more.
Ken Raeburn [Tue, 16 May 2006 01:45:00 +0000 (01:45 +0000)]
* lib/kadm5/alt_prof.c (kadm5_get_config_params): Replace filename and
envvar arguments with a flag indicating whether KDC config data should
be used. Prototype and all callers changed.
(krb5_read_realm_params): Delete config file and env var arguments.
Prototype and all callers changed.
* lib/kadm5/admin.h (KADM5_CONFIG_PROFILE): Commented out.
(struct _kadm5_config_params): Delete field PROFILE.
* lib/kadm5/alt_prof.c (kadm5_get_config_params): Don't look at it.
(kadm5_free_config_params): Don't free it.
* kadmin/testing/tcl/util.t: Remove profile data from config params.
* kadmin/testing/util/tcl_kadm5.c (config_mask_flags): Deleted
KADM5_CONFIG_PROFILE entry.
(parse_config_params): Changed to require 20 parameters instead of 21.
* lib/kadm5/unit-test/api.2/init-v2.exp (test100): Deleted.
* lib/kadm5/alt_prof.c (krb5_aprof_init): Fetch the list of config files from
the library and add the caller-indicated config file to the front of the list.
* lib/krb5/os/init_os_ctx.c (add_kdc_config_file): New function.
(os_init_paths): Add new argument KDC; call add_kdc_config_file if true.
* lib/krb5/krb/init_ctx.c (krb5int_init_context_kdc): New function.
(init_common): Add new argument KDC, passed to krb5_os_init_context.
* lib/krb5/libkrb5.exports: Export krb5int_init_context_kdc.
* k5-int.h (krb5_os_init_context): Update decl.
* lib/kadm5/srv/server_init.c (kadm5_init): Call krb5int_init_context_kdc.
* krb524/krb524d.c (main): Likewise.
* lib/kadm5/unit-test/api.2/init-v2.exp: Don't run test 154 for error for
$KRB5_KDC_PROFILE file not present.
* lib/krb5/os/init_os_ctx.c (os_get_default_config_files): Rewrite KLL test so
as not to confuse Emacs indentation support.
* lib/gssapi/krb5/init_sec_context.c (kg_kdc_flag_mutex, kdc_flag): New
variables.
(krb5_gss_init_context, krb5_gss_use_kdc_context): New functions.
* lib/gssapi/krb5/gssapiP_krb5.h (kg_kdc_flag_mutex): Declare.
(krb5_gss_init_context, krb5_gss_use_kdc_context): Declare.
(krb5_init_context): Define as macro to invoke krb5_gss_init_context for now.
* lib/gssapi/gss_libinit.c (gssint_lib_init): Initialize the mutex.
(gssint_lib_fini): Destroy it.
* lib/gssapi/libgssapi_krb5.exports: Export krb5_gss_use_kdc_context.
* lib/kadm5/srv/server_init.c (kadm5_init): Don't complain if the config files
specify an admin server, since we now look at krb5.conf as well.
* lib/kadm5/unit-test/api.2/init-v2.exp: Delete test test114 for bad server
params.
Fixed the krb5_cc_gen_new memory ccache implementation and updated
krb5_verify_init_creds() and rd_and_store_for_creds() to use the
API properly (possible now that it's been fixed).
Jeffrey Altman [Tue, 9 May 2006 21:03:07 +0000 (21:03 +0000)]
plugins support requires a Windows equivalent to opendir and friends
This patch simply allows krb5 to build once again on Windows.
Windows does not have opendir() and friends. Instead Win32 API
functions must be used as described in
Ezra Peisach [Mon, 8 May 2006 18:05:47 +0000 (18:05 +0000)]
kdb_load_library(): SGI compiler requires that when initializing arrays
at declaration - only constants be used. [filebases]. Code was introduced with
17975 revision.
Need to export "kadm5_set_use_password_server" because it is used by
krb5kdc when USE_PASSWORD_SERVER is defined. Since the Mac builds this
way we need it in the export list. Unfortunately export lists don't get
preprocessed. Note that I only added this one function. The rest of the
password server functionality is still conditionalized around
USE_PASSWORD_SERVER.
Hopefully we can rip all this code out when Apple starts using the db plugin
interface for their password server integration.
Changed to krb5int_open_plugin_dirs/krb5int_close_plugin_dirs which
takes a list of filebases and directories rather than a list of full paths
so the caller doesn't have to generate the possibilities themselves.
krb5int_open_plugin_dirs will append the possible suffixes for that platform
(including no suffix in case there already is one on the file base).
Modified the kdb and locate kdc interfaces to use the new API.
projects / thirdparty / krb5.git / log
