Fixed bugs in command line change password support.
Removed low level change password functions from export list
because they require a UI context.
Added kim_ccache functions needed by klist to export list.
Renamed error handling files to reflect what they do now.
Moved GUI code into OS-specific directory.
Fixed bugs in cache collection iterator routines where it was mishandling
the magic empty ccache created when the cache collection is empty.
Added command line UI support.
Added change password and acquire credentials UI harness support.
API changes to the change password support to reflect these changes.
Removed callback prompter interfaces since there is now plugin support.
Updated documentation.
Ken Raeburn [Mon, 22 Sep 2008 18:17:38 +0000 (18:17 +0000)]
Merge three patches from Novell, with some updates related to work in
our tree since they were submitted, and reindenting for one source
file that got particularly ugly in the process.
From Savitha R on 2008-02-18 (yes, it was sitting in my queue a while):
Attached patches have fixes for some issues in LDAP backend.
1. patch-mem-pwd.txt
This patch clears the password in memory, fixes some memory leaks (in
common code) and a segfault in eDirectory specific code.
2. patch-princ-attrs.txt
This patch removes some eDirectory specific attributes from the common
code
3. patch-edir-rights.txt
This patch is specific to eDirectory code and fixes some rights issue.
It adds and deletes rights to service objects as required on the kerberos
attributes.
Justin Anderson [Mon, 22 Sep 2008 17:03:51 +0000 (17:03 +0000)]
Merge 1.7 work on auxiliary ccache functions necessary for KIM. Adds krb5_cc_lock/unlock, krb5_cccol_lock/unlock, krb5_cc_last_change_time, krb5_cccol_last_change_time, krb5_cc_move, and adds pertype cursor support to some cache types
Locking functions work the same as the CCAPI cc_ccache_lock / cc_context_lock functions, though not as read/write locks.
Added support for options in favorite identities.
Fixed KLL preference reading support to not read keys
from the wrong locations. Updated prompter function
prototype.
Removed favorite identities object from public API and merged functionality
into the preferences API to reduce function calls. Added options parameter
to favorite identities (Mac OS X support still needed for options though).
Use krb5 threading functions.
Remove use of ECODE since errors are no longer objects.
Fixed bug where bundle error strings were not returned when
homedir access was off.
Switched to using UTF8 unconditionally.
Ken Raeburn [Fri, 5 Sep 2008 20:39:19 +0000 (20:39 +0000)]
Whitespace changes, mostly horizontal, for consistency with current
style: indentation levels, spacing around if/else/for/while and
braces. Still plenty of inconsistency with current coding standards,
especially for when line breaks are to be used. Didn't touch
multi-line macro definitions, or .h function declarations.
Ken Raeburn [Wed, 27 Aug 2008 22:31:57 +0000 (22:31 +0000)]
compile-time flag to disable iprop
If DISABLE_IPROP is defined at compile time, don't listen for
connections and don't register the service. (Doesn't currently
disable compilation of all of the code.)
Ken Raeburn [Wed, 27 Aug 2008 16:36:00 +0000 (16:36 +0000)]
Based on patch from lxs, with some changes:
Add several new gcc warning flags, used in the KfM build process.
Put declarations before code.
Fix a bunch of signed/unsigned type mixes, mostly by changing variable
types to unsigned int.
Fix constness in handling name of default ccache name.
Make sure functions get declared with prototypes:
krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt
krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get.
Don't shadow global names: stat accept index open encrypt. Fix
variable shadowing in LDAP ASN.1 support.
Ken Raeburn [Mon, 25 Aug 2008 19:43:03 +0000 (19:43 +0000)]
Incorporate Apple's patch
Add a test authorization data scheme, in both built-in and plugin
forms; built-in version is #ifdef'ed out. Update configury to create
the build directory for the plugin, but don't build or install it by
default.
Create the new (and normally empty) authorization data plugin
directory at install time.
Add some (normally disabled) code to log authz data from rd_req.
Fix up some comments that still refer to preauth plugins. Add some
details in comments on the API, and why it's private for now.
Make the plugin init context support work, by not passing null
pointers.
Need to destroy the mach ports instead of deallocating because
we requested notifications on the port so just deallocating
won't actually destroy the port. Also deallocate any port
which was previously registered for notifications.
Ken Raeburn [Fri, 22 Aug 2008 15:56:32 +0000 (15:56 +0000)]
New macro for testing whether the compiler supports a given
command-line flag or not, and adding it to CFLAGS only if supported.
Use it for GCC flag -Wno-format-zero-length, which we were testing for
before, and for some additional flags: -Woverflow -Wstrict-overflow
-Wmissing-format-attribute -Werror=declaration-after-statement
-Wdeclaration-after-statement -Werror=variadic-macros
-Wvariadic-macros. (The last few are because we've had some code
contributions that assumed full C99 support, and our baseline is
currently C89+, so if possible we want certain newer constructs
flagged as errors.)
Ken Raeburn [Fri, 22 Aug 2008 01:20:23 +0000 (01:20 +0000)]
Check for struct sockaddr_storage only in top-level configure script, not
in code common to all. Use an existing AC_CHECK_TYPES invocation, not a
special-purpose test. Eliminate now-unused
KRB5_AC_CHECK_TYPE_WITH_HEADERS and KRB5_AC_CHECK_SOCKADDR_STORAGE macros.
Merge KRB5_AC_CHECK_INET6 into the one place where it gets used.
Modified hints APIs to be a single API that takes string keys.
Removed error object.
Changed error message API to use thread specific data.
Split out debugging API into separate files.
Ezra Peisach [Sun, 17 Aug 2008 23:34:41 +0000 (23:34 +0000)]
Using gcov, it was noted that the tests were never including authdata
in the test credential - and a segment of code was never tested. Add
some fake authdata to the test creds.
Ezra Peisach [Sat, 16 Aug 2008 13:03:30 +0000 (13:03 +0000)]
In parsing authorization data, if run out of memory, the authorization
data was released, but the pointer not zeroed. This resulted in
higher level code trying to free it again.
Ezra Peisach [Fri, 15 Aug 2008 18:46:12 +0000 (18:46 +0000)]
Move prototype for krb5int_random_string from k5-int.h to cc-int.h as
it is private to the ccache code. Include cc-int.h where needed, and
update Makefile.in dependencies.
Ken Raeburn [Thu, 14 Aug 2008 22:59:54 +0000 (22:59 +0000)]
Only add -Os for size optimizations if CFLAGS wasn't specified already. If
the configure-generated CFLAGS string is one of the usual ones with -O2,
replace -O2 rather than appending, since -Os will override previously
specified optimization levels anyways.
Ken Raeburn [Thu, 14 Aug 2008 21:32:58 +0000 (21:32 +0000)]
If the LDAP KDB back end is being built, define ENABLE_LDAP. If
ENABLE_LDAP is not defined, don't build the LDAP KDB ASN.1 encoding
and decoding functions, and use null pointers for them in the accessor
function table.
Ezra Peisach [Thu, 14 Aug 2008 05:09:12 +0000 (05:09 +0000)]
Error return from krb5int_random_string not tested in ccache code
krb5int_random_string should probably only fail on malloc
failure. Test for an error return from the function and cleanup
properly (release mutex, return error instead of using uninitialized
memory).
Ezra Peisach [Thu, 14 Aug 2008 04:55:14 +0000 (04:55 +0000)]
krb5_fcc_read_addrs returns pointer to released memory on malloc failre
In cleanup code on malloc failure, addresses are released including
pointer to the krb5_address * - but the freed value is returned to
caller. Clear pointer.
Ezra Peisach [Thu, 14 Aug 2008 04:44:44 +0000 (04:44 +0000)]
krb5_fcc_resolve file locking error on malloc failuer
In krb5_fcc_resolve, on malloc failure, the data->lock mutex needs to
be destroyed. Unfortunately, this is done with the mutex is still locked. When thread debugging code is enabled, this results in aeg fault.
Also - in krb5_fcc_generate_new, a strdup failure would result in the
krb5int_cc_file_mutex being unlocked twice.
[I have a modified version of valgrind in which I can signal after a
certain number of mallocs for it to fail - I vary the allocation
number from 1300 to 0 - and see what breaks - some memory leaks will
be fixed separately]
Ken Raeburn [Wed, 13 Aug 2008 23:32:11 +0000 (23:32 +0000)]
Don't build PKINIT ASN.1 support code if not building PKINIT plugin
If --disable-pkinit is given at configure time, don't build the PKINIT
plugin.
If the PKINIT plugin is not going to be built, define DISABLE_PKINIT.
If DISABLE_PKINIT is defined, don't build the PKINIT-related ASN.1
encoding and decoding routines, and fill their slots in the accessor
function table with null pointers.
Tweak the accessor table initialization to use conditionally-varying
macros rather than conditionally selecting between two blocks of
invocations of fixed macros.
Ken Raeburn [Tue, 12 Aug 2008 20:52:39 +0000 (20:52 +0000)]
Add a new directory, configured but not built by default, and never
installed, where we can build the main client libraries all together into
one library, and experiment with configuration changes for a client-only
library.
Ken Raeburn [Thu, 7 Aug 2008 03:29:52 +0000 (03:29 +0000)]
sequence_of_no_tagvars declared variables used only in
end_sequence_of_no_tagvars and only as unnecessary temporaries, so get
rid of them; also, push most of the work of the latter macro into a
helper function.
Ken Raeburn [Thu, 7 Aug 2008 03:06:50 +0000 (03:06 +0000)]
get_eoc() is always followed by next_tag(), so don't bother setting
the variables that it's about to clobber. Since we don't need any of
the tag info at the call site, push it down into the helper function.
projects / thirdparty / krb5.git / log
