Ezra Peisach [Mon, 8 May 2006 18:05:47 +0000 (18:05 +0000)]
kdb_load_library(): SGI compiler requires that when initializing arrays
at declaration - only constants be used. [filebases]. Code was introduced with
17975 revision.
Need to export "kadm5_set_use_password_server" because it is used by
krb5kdc when USE_PASSWORD_SERVER is defined. Since the Mac builds this
way we need it in the export list. Unfortunately export lists don't get
preprocessed. Note that I only added this one function. The rest of the
password server functionality is still conditionalized around
USE_PASSWORD_SERVER.
Hopefully we can rip all this code out when Apple starts using the db plugin
interface for their password server integration.
Changed to krb5int_open_plugin_dirs/krb5int_close_plugin_dirs which
takes a list of filebases and directories rather than a list of full paths
so the caller doesn't have to generate the possibilities themselves.
krb5int_open_plugin_dirs will append the possible suffixes for that platform
(including no suffix in case there already is one on the file base).
Modified the kdb and locate kdc interfaces to use the new API.
Removed the unnecessary and incorrect (due to operator precedence) "== MPOOL_INUSE".
The previous code actually ended up checking if MPOOL_DIRTY (0x01) is set.
Ken Raeburn [Sat, 29 Apr 2006 07:06:34 +0000 (07:06 +0000)]
ipv4+ipv6 messages can trip up KDC replay detection
The replay lookaside cache includes the sending address, but the krb5
library replay cache does not. So, if the same message arrives from
two different source addresses, it is considered a replay by the KDC.
If the client isn't receiving the replies for some reason, and the
client has multiple addresses it uses to contact different addresses
on the KDC (and trying to reach the KDC via both IPv4 and IPv6 is an
obvious such case), this can cause errors to be returned by the KDC.
Ken Raeburn [Tue, 25 Apr 2006 07:21:19 +0000 (07:21 +0000)]
Change kdb plugin code to use the new plugin support instead of
directly calling dlopen and friends. Change the test config files to
refer to "db2.so" instead of "db2".
Ken Raeburn [Tue, 25 Apr 2006 06:27:07 +0000 (06:27 +0000)]
Update internal plugin interface to add an errinfo structure to "open"
and "get" routines, so that more detailed error information (e.g.,
from dlerror()) may be returned to the caller.
Ken Raeburn [Tue, 25 Apr 2006 05:09:48 +0000 (05:09 +0000)]
Change name of kdb function-table symbol from being derived from the
name of the library file (which may not be acceptable as a C symbol
name anyways) to "kdb_function_table" always.
Ken Raeburn [Tue, 25 Apr 2006 02:36:31 +0000 (02:36 +0000)]
Tweak configure script generation to check that all symbols produced
via AC_DEFINE are also present in the applicable configure-generated
header file, and error out otherwise. Currently doesn't apply in appl
and test trees.
* util/check-ac-syms: New script.
* config/post.in (.acsyms_okay): New target; runs check-ac-syms, unless we're
in the appl or tests trees.
(configure): Depend on .acsyms_okay.
* config/pre.in (AUTOCONF_HEADER): New variable.
* plugins/kdb/db2/libdb2/Makefile.in (AUTOCONF_HEADER): New variable.
Added CoreFoundation bundle plugin support to support library bundle plugin
code. Also modified plugin types so they allocate a list of pointers rather
than a list of structs so that we can reuse the code that generates the
pointer types. (Basically now krb5int_open_plugin_dir() can call
krb5int_open_plugin() rather than doing nearly the same thing.)
unsigned/signed int warnings in krb5_context variables
Change in_tkt_ktype_count, tgs_ktype_count and conf_tgs_ktypes_count in context to
unsigned int. Change get_profile_etype_list() to expect unsigned int as well.
Update shsUpdate to take an unsigned int length instead of signed.
The code already assumes that it is an integer >= 0. This change
cleans up a number of signed/unsigned warnings.
sha1/shs.h, shs.c, t_shs.c: change ints to unsigned int
dk/dk_encrypt.c: static function trunc_hmac change a signed int to unsigned
hash_provider/hash_sha1.c: Remove cast in argument to shsUpdate
Ken Raeburn [Wed, 19 Apr 2006 20:23:46 +0000 (20:23 +0000)]
* errors.c (krb5int_get_error): Try strerror_r if available before strerror.
* plugins.c (ERRSTR): New macro, tries strerror_r and uses strerror only if it
fails or isn't available.
(krb5int_open_plugin_dir): Use it.
When krb5_c_prf was added in r17219 to implement RFC 3961 PRF, the
prototype for krb5_c_prf has the incomming krb5_data not flagged as const.
The implementation usage in the dk_prf.c declare as const. Make everything
consistent.
Ken Raeburn [Tue, 18 Apr 2006 23:28:07 +0000 (23:28 +0000)]
* error_table.h (ET_EBUFSIZ): Increase to 1k.
* error_message.c (get_thread_buffer): New function, split out from
error_message.
(error_message): Call it. Also try strerror_r with the per-thread buffer, if
both are available, before trying strerror.
Ken Raeburn [Fri, 14 Apr 2006 22:38:00 +0000 (22:38 +0000)]
Move gmt_mktime.c from lib/krb5/os to util/support, and rename the function.
Stop exporting gmt_mktime from libkrb5, and export krb5int_gmt_mktime from
libkrb5support. Updated the one caller, asn1_decode.c.
identity/plugins/common/dynimport.c:
During the interop session we concluded that the ccapi32.dll should
not be required for netidmgr to operate. netidmgr should work with
only FILE: ccaches. After the interop the removal of the error
check post-load was not removed.
identity/doc/Makefile:
The 'clean' rules failed to specify the /Q switch which silently
removes the directory tree. As a result, during the build the
user was prompted.
Ken Raeburn [Thu, 13 Apr 2006 18:58:56 +0000 (18:58 +0000)]
Partial merge from Novell LDAP integration branch, not including the
actual LDAP bits:
* include/kdb.h (krb5_db_entry_new): Add MASK field indicating what's
changed.
(KRB5_KDB_SRV_TYPE_*): New macros indicating which type of service is
accessing the database.
* lib/kadm5/srv/svr_principal.c: Set mask field.
* lib/kadm5/srv/server_misc.c, server_init.c: Pass service type to
krb5_db_open.
* kadmin/dbutil/kdb5_stash.c (kdb5_stash): Pass service type to
krb5_db_open.
* kadmin/dbutil/kdb5_util.c (open_db_and_mkey): Pass service type to
krb5_db_open.
* kdc/main.c (init_realm): Pass service type to krb5_db_open.
* lib/kadm5/srv/svr_principal.c: Set mask field.
* kadmin/dbutil/dump.c (load_db): Pass service type to krb5_db_open.
* lib/kdb/kdb5.h (KRB5_KDB_SRV_TYPE_*): New macros.
* lib/kdb/err_handle.{c,h}: Deleted.
* lib/kadm5/clnt/err_handle.{c,h}: Deleted.
(krb5_db_clr_error): Declaration deleted.
* lib/kdb/Makefile.in, lib/kadm5/clnt/Makefile.in: Don't build them.
* lib/kdb/kdb5.c, lib/kadm5/clnt, lib/kadm5/srv: Use new error-message API.
* kdc/do_tgs_req.c (process_tgs_req): Use new error-message API.
* kdc/kdc_preauth.c (check_padata)
* kdc/do_as_req.c (process_as_req):
* kdc/main.c (init_realm):
* kadmin/server/ovsec_kadmd.c (main, do_schpw):
* schpw.c (process_chpw_request):
* kadmin/server/server_stubs.c:
* kadmin/cli/kadmin.c (extended_com_err_fn): New function.
(kadmin_startup): Tell com_err library to use it, for kadmin.local.
* lib/kdb/libkdb5.exports: Don't export krb5_db_clr_error.
* lib/kdb/Makefile.in: (SRCS, STLIBOBJS): Don't build err_handle.c.
* lib/kdb/kdb5.c (kdb_load_library): Don't pass argument to init_library.
(krb5_db_clr_error): Function deleted.
* lib/kdb/kdb5.h (struct _kdb_vftabl): Remove argument from init_library field.
* lib/kadm5/logger.c (krb5_klog_init): Save the krb5_context pointer.
(klog_com_err_proc): Use it, and call new error-message API.
* lib/kadm5/srv/svr_principal.c: Use new error-message API.
* kadmin/dbutil/kdb5_util.c (extended_com_err_fn): New function.
(main): Tell com_err library to use it.
* plugins/kdb/db2: Use new error-message APIs and updated DAL
interface.
* lib/kadm5/kadm_rpc.h: Delete err_str fields.
* lib/kadm5/kadm_rpc_xdr.c: Don't process them.
* kadmin/server/server_stubs.c: Don't use ret.err_str field.
Sam Hartman [Tue, 11 Apr 2006 21:28:48 +0000 (21:28 +0000)]
Remove ChangeLog files from the source tree. From now on, the
subversion commit log entry needs to include information that would
have been in the changelog.
- work without kerberos 4 libraries including krb524
- add a mechanism to add and remove identities from
the options dialog. This allows a configuration
to be specified using a separate file based ccache
for each identity
- work without availability of ccapi
- force a renew of credentials on startup to support
the case when MSLSA is the only credential cache
Ken Raeburn [Sat, 1 Apr 2006 01:26:39 +0000 (01:26 +0000)]
* configure.in: Check for access, ftime, getcwd, srand48, srand, srandom, stat,
strchr, strerror, strstr, timezone, umask, waitpid, sem_init, sem_trywait,
daemon, alloca.h, dlfcn.h, limits.h, pthread.h, semaphore.h, krb_db.h, kdc.h,
sockaddr.sa_len, sockaddr_in.sin_len, stat.st_mtimensec,
stat.st_mtimespec.tv_nsec, and stat.st_mtim.tv_nsec. Invoke
KRB5_AC_REGEX_FUNCS, AC_TYPE_OFF_T, CHECK_WAIT_TYPE, CHECK_SIGPROCMASK,
AC_TYPE_GETGROUPS, CHECK_SETJMP, and DECLARE_SYS_ERRLIST. Add checks for
perror declaration, strptime prototype, setrpcent and endrpcent return types
from configure.in scripts in subdirectories.
With this patch, nearly every -D option used to compile a file that we care
about for KfM should now be duplicated in include/autoconf.h. There are still
other -D options not represented here (e.g., in appl/, util/pty, and the python
sample plugin).
Ken Raeburn [Fri, 31 Mar 2006 20:08:46 +0000 (20:08 +0000)]
* kt_file.c (krb5_ktf_keytab_externalize, krb5_ktf_keytab_internalize): Read
and write file position as 64 bits rather than trying to figure out size of
long.
Ken Raeburn [Fri, 31 Mar 2006 02:10:57 +0000 (02:10 +0000)]
* secure.c: Include autoconf.h. Include stdint.h and inttypes.h if available.
(ftp_uint32, ftp_int32): Always define as [u]int32_t instead of testing
configure-time type size macros.
Ken Raeburn [Fri, 31 Mar 2006 01:55:36 +0000 (01:55 +0000)]
Stop checking sizeof(type) at configure time.
Pull stdint.h and inttypes.h into gssapi.h if available.
Don't use size/limit tests for choosing gss_[u]int32; just use [u]int32_t.
Ken Raeburn [Fri, 31 Mar 2006 01:34:38 +0000 (01:34 +0000)]
* util_token.c: Include limits.h.
(der_length_size, der_write_length): Test INT_MAX instead of SIZEOF_INT.
(der_read_length): Test sizeof(int) instead of SIZEOF_INT.
projects / thirdparty / krb5.git / log
