UI should lazy init so that init and fini are only called if one
of the UI calls is called. The problem is that when you call
krb5_get_init_creds_* you don't know if it will call the prompter
or not. (It won't if the password is saved in the keychain or
if pkinit succeeds.)
Create common stream and ipc layer for CCAPI and KIM.
Will switch CCAPI to this new code later though, so as
not to destabilize KfM and the Windows builds.
Renamed kim_identity_get_components to kim_identity_get_components_string
to better reflect what it does (a string of everything but the realm, not
an array of components like the old name might imply).
Added private functions which will be used by KLL to shim on top of KIM.
Private functions also reduce memory allocations inside of KIM.
Initial checkin of Mac OS X ipc support.
Also moved "set application name" functionality to kim_library_
because most applications do not need to call it and their name
doesn't usually change over time or per thread By putting it
in a global setting apps that do need to call it only have to
call it once instead of every time they want to authenticate.
Fixed bugs in command line change password support.
Removed low level change password functions from export list
because they require a UI context.
Added kim_ccache functions needed by klist to export list.
Renamed error handling files to reflect what they do now.
Moved GUI code into OS-specific directory.
Fixed bugs in cache collection iterator routines where it was mishandling
the magic empty ccache created when the cache collection is empty.
Added command line UI support.
Added change password and acquire credentials UI harness support.
API changes to the change password support to reflect these changes.
Removed callback prompter interfaces since there is now plugin support.
Updated documentation.
Ken Raeburn [Mon, 22 Sep 2008 18:17:38 +0000 (18:17 +0000)]
Merge three patches from Novell, with some updates related to work in
our tree since they were submitted, and reindenting for one source
file that got particularly ugly in the process.
From Savitha R on 2008-02-18 (yes, it was sitting in my queue a while):
Attached patches have fixes for some issues in LDAP backend.
1. patch-mem-pwd.txt
This patch clears the password in memory, fixes some memory leaks (in
common code) and a segfault in eDirectory specific code.
2. patch-princ-attrs.txt
This patch removes some eDirectory specific attributes from the common
code
3. patch-edir-rights.txt
This patch is specific to eDirectory code and fixes some rights issue.
It adds and deletes rights to service objects as required on the kerberos
attributes.
Justin Anderson [Mon, 22 Sep 2008 17:03:51 +0000 (17:03 +0000)]
Merge 1.7 work on auxiliary ccache functions necessary for KIM. Adds krb5_cc_lock/unlock, krb5_cccol_lock/unlock, krb5_cc_last_change_time, krb5_cccol_last_change_time, krb5_cc_move, and adds pertype cursor support to some cache types
Locking functions work the same as the CCAPI cc_ccache_lock / cc_context_lock functions, though not as read/write locks.
Added support for options in favorite identities.
Fixed KLL preference reading support to not read keys
from the wrong locations. Updated prompter function
prototype.
Removed favorite identities object from public API and merged functionality
into the preferences API to reduce function calls. Added options parameter
to favorite identities (Mac OS X support still needed for options though).
Use krb5 threading functions.
Remove use of ECODE since errors are no longer objects.
Fixed bug where bundle error strings were not returned when
homedir access was off.
Switched to using UTF8 unconditionally.
Ken Raeburn [Fri, 5 Sep 2008 20:39:19 +0000 (20:39 +0000)]
Whitespace changes, mostly horizontal, for consistency with current
style: indentation levels, spacing around if/else/for/while and
braces. Still plenty of inconsistency with current coding standards,
especially for when line breaks are to be used. Didn't touch
multi-line macro definitions, or .h function declarations.
Ken Raeburn [Wed, 27 Aug 2008 22:31:57 +0000 (22:31 +0000)]
compile-time flag to disable iprop
If DISABLE_IPROP is defined at compile time, don't listen for
connections and don't register the service. (Doesn't currently
disable compilation of all of the code.)
Ken Raeburn [Wed, 27 Aug 2008 16:36:00 +0000 (16:36 +0000)]
Based on patch from lxs, with some changes:
Add several new gcc warning flags, used in the KfM build process.
Put declarations before code.
Fix a bunch of signed/unsigned type mixes, mostly by changing variable
types to unsigned int.
Fix constness in handling name of default ccache name.
Make sure functions get declared with prototypes:
krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt
krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get.
Don't shadow global names: stat accept index open encrypt. Fix
variable shadowing in LDAP ASN.1 support.
Ken Raeburn [Mon, 25 Aug 2008 19:43:03 +0000 (19:43 +0000)]
Incorporate Apple's patch
Add a test authorization data scheme, in both built-in and plugin
forms; built-in version is #ifdef'ed out. Update configury to create
the build directory for the plugin, but don't build or install it by
default.
Create the new (and normally empty) authorization data plugin
directory at install time.
Add some (normally disabled) code to log authz data from rd_req.
Fix up some comments that still refer to preauth plugins. Add some
details in comments on the API, and why it's private for now.
Make the plugin init context support work, by not passing null
pointers.
Need to destroy the mach ports instead of deallocating because
we requested notifications on the port so just deallocating
won't actually destroy the port. Also deallocate any port
which was previously registered for notifications.
Ken Raeburn [Fri, 22 Aug 2008 15:56:32 +0000 (15:56 +0000)]
New macro for testing whether the compiler supports a given
command-line flag or not, and adding it to CFLAGS only if supported.
Use it for GCC flag -Wno-format-zero-length, which we were testing for
before, and for some additional flags: -Woverflow -Wstrict-overflow
-Wmissing-format-attribute -Werror=declaration-after-statement
-Wdeclaration-after-statement -Werror=variadic-macros
-Wvariadic-macros. (The last few are because we've had some code
contributions that assumed full C99 support, and our baseline is
currently C89+, so if possible we want certain newer constructs
flagged as errors.)
Ken Raeburn [Fri, 22 Aug 2008 01:20:23 +0000 (01:20 +0000)]
Check for struct sockaddr_storage only in top-level configure script, not
in code common to all. Use an existing AC_CHECK_TYPES invocation, not a
special-purpose test. Eliminate now-unused
KRB5_AC_CHECK_TYPE_WITH_HEADERS and KRB5_AC_CHECK_SOCKADDR_STORAGE macros.
Merge KRB5_AC_CHECK_INET6 into the one place where it gets used.
Modified hints APIs to be a single API that takes string keys.
Removed error object.
Changed error message API to use thread specific data.
Split out debugging API into separate files.
Ezra Peisach [Sun, 17 Aug 2008 23:34:41 +0000 (23:34 +0000)]
Using gcov, it was noted that the tests were never including authdata
in the test credential - and a segment of code was never tested. Add
some fake authdata to the test creds.
Ezra Peisach [Sat, 16 Aug 2008 13:03:30 +0000 (13:03 +0000)]
In parsing authorization data, if run out of memory, the authorization
data was released, but the pointer not zeroed. This resulted in
higher level code trying to free it again.
Ezra Peisach [Fri, 15 Aug 2008 18:46:12 +0000 (18:46 +0000)]
Move prototype for krb5int_random_string from k5-int.h to cc-int.h as
it is private to the ccache code. Include cc-int.h where needed, and
update Makefile.in dependencies.
Ken Raeburn [Thu, 14 Aug 2008 22:59:54 +0000 (22:59 +0000)]
Only add -Os for size optimizations if CFLAGS wasn't specified already. If
the configure-generated CFLAGS string is one of the usual ones with -O2,
replace -O2 rather than appending, since -Os will override previously
specified optimization levels anyways.
projects / thirdparty / krb5.git / log
