Ken Raeburn [Fri, 27 Jun 2003 20:36:24 +0000 (20:36 +0000)]
This change fixes the problem in the ss directory. It probably won't
get into our 1.3 release, but perhaps in a patch release afterwards.
I'll look and see where else things are getting needlessly rebuilt....
* Makefile.in (HDRS): Remove mit-sipb-copyright.h.
(includes): Depend on copied version of the headers, not local versions. Don't
do any copying; instead, move the copying commands to new targets for each
header.
($(HDRDIR)/timestamp): New target; create the directory here if needed.
(clean-unix): Remove the timestamp file.
Tom Yu [Wed, 25 Jun 2003 21:10:48 +0000 (21:10 +0000)]
clean up ftp client gss memory management
* ftp.c (do_auth): Call gss_release_buffer() on send_tok
immediately after sending it. Call gss_release_name() on
target_name at outer_loop instead of inside the loop.
Tom Yu [Tue, 24 Jun 2003 02:29:47 +0000 (02:29 +0000)]
apply patch from jaltman:
* ms2mit.c: Windows Credentials are addressless. Do not store the
credentials in the MIT cache with addresses since they do not
contain addresses in the encrypted portion of the credential.
Instead generate a valid empty address list.
Tom Yu [Fri, 20 Jun 2003 03:24:07 +0000 (03:24 +0000)]
Delete references to --with-system-db from README
* build.texinfo (HPUX): Fix typo.
(Options to Configure): Note that --with-system-db is unsupported,
concerning possible lossage with loading dumpfiles.
Tom Yu [Tue, 17 Jun 2003 01:00:45 +0000 (01:00 +0000)]
Update for krb5-1.3-beta4. Fix note on [999]. Move notes re
addressless tickets and NAT-friendliness to "major changes". Still
need to fill out the TODO for IPv6.
Ken Raeburn [Mon, 16 Jun 2003 19:02:01 +0000 (19:02 +0000)]
* ftp.c (recvrequest): Add new argument indicating whether "-" and "|..."
special treatment should be disabled.
* ftp_var.h (recvrequest): Update declaration.
* cmds.c (remglob, ls, mls): Pass 0 as the extra argument.
(mget): Pass 1.
(getit): Pass 1 iff only one filename was supplied.
Tom Yu [Fri, 13 Jun 2003 22:30:59 +0000 (22:30 +0000)]
* server_kdb.c (kdb_init_hist): Force history principal's key to
be of the same enctype as the master key, as searches for it later
on explicitly specify the enctype.
Tom Yu [Fri, 13 Jun 2003 21:43:07 +0000 (21:43 +0000)]
libgss leaks, UMRs
* init_sec_context.c (krb5_gss_init_sec_context): Free
default_enctypes to avoid leaking returned value from
krb5_get_tgs_ktypes.
* k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if
token.length == 0, to avoid spurious uninitialized memory
references when calling memcpy() with a zero length.
ticket: new
target_version: 1.3
tags: pullup
component: krb5-libs
cc: Kent_Wu@trendmicro.com
* error_table.h, et_c.awk, et_c.pl, et_h.awk, et_c.awk: Removed Mac OS support because it prevents darwin builds from getting com error strings via the initialize_*_error_table function
Ken Raeburn [Sat, 7 Jun 2003 00:45:41 +0000 (00:45 +0000)]
Checkpoint some working code.
A better solution is in the works, but may or may not make the deadline for
the next beta...
* RealmsConfig-glue.c: Include k5-int.h.
(dnscache): New variable.
(DNS_CACHE_TIMEOUT): New macro.
(krb_get_krbhst) [KRB5_DNS_LOOKUP]: If no krb.conf info is found, try DNS SRV
records for "kerberos-iv". Cache results in case they're immediately requested
again.
Ken Raeburn [Fri, 6 Jun 2003 23:07:55 +0000 (23:07 +0000)]
* locate_kdc.c (struct srv_dns_entry): Moved to k5-int.h.
(krb5int_make_srv_query_realm): Renamed from make_srv_query_realm.
(krb5int_free_srv_dns_data): New function.
(krb5_locate_srv_dns_1): Use it.
* accessor.c (krb5int_accessor): Fill in make_srv_query_realm and
free_srv_dns_data fields.
Tom Yu [Fri, 6 Jun 2003 14:44:33 +0000 (14:44 +0000)]
* g_cnffile.c (krb__get_srvtabname): Make retname be a static
array rather than a static pointer, to avoid callers' possible
retention of free()d pointers. Yes, this may cause difficulty
with making this function thread-safe.
Tom Yu [Thu, 5 Jun 2003 21:39:59 +0000 (21:39 +0000)]
document team procedures
* procedures.txt: New file. Draft of current procedures.
Currently mostly contains a few email messages from Sam. More
clarification should follow later.
Ken Raeburn [Thu, 5 Jun 2003 20:05:37 +0000 (20:05 +0000)]
* locate_kdc.c (make_srv_query_realm): Punt if strdup fails. Always return
what data we can, even if memory allocation or other problems prevent us from
returning more.
(krb5_locate_srv_dns_1): Always return what data we can. Fix memory leak.
Free up temporary storage as quickly as possible, while building up address
list to return.
Ken Raeburn [Wed, 4 Jun 2003 02:57:11 +0000 (02:57 +0000)]
Handle SRV RR target of "." by returning a new error code.
May have memory leaks -- needs checking before pullup.
* locate_kdc.c (struct srv_dns_entry): Move to top level.
(make_srv_query_realm): Separate from krb5_locate_srv_dns_1; just do query and
return results.
(krb5_locate_srv_dns_1): Call it, and build addlist entries. Check for one RR
with a target of ".", and return an error.
(krb5_locate_srv_dns): Deleted.
Tom Yu [Tue, 3 Jun 2003 03:18:41 +0000 (03:18 +0000)]
* change_password.c (krb_change_password): Explicitly zero the
session key. Zero the key derived from the new password.
* mk_req.c (krb_mk_req): Explicitly zero the session key.
(krb_mk_req_creds_prealm): Don't zero the session key, in case the
caller wants to make use of it.
ticket: 1546
status: open
target_version: 1.3
tags: pullup
Ken Raeburn [Sun, 1 Jun 2003 20:24:02 +0000 (20:24 +0000)]
* default.exp: Default RLOGIN_FLAGS to "-x".
(start_kerberos_daemons): Watch for "Cannot bind server socket" and log it.
Watch for "no sockets set up" and report an error.
(setup_root_shell): Watch for "Cannot assign requested address", log it and
give up.
Ken Raeburn [Sat, 31 May 2003 03:33:22 +0000 (03:33 +0000)]
* krb5.conf: Delete Athena KDC specifications. Delete Cygnus realm info.
Replace CLUB.CC.CMU.EDU info with ANDREW.CMU.EDU, which has SRV records and
thus doesn't need KDC specs. Provide a commented-out example of a [logging]
spec.
* get_in_tkt.c: (verify_as_reply) Only check the renewable lifetime of tickets whose request options included KDC_OPT_RENEWABLE_OK if those options did not also include KDC_OPT_RENEWABLE. Otherwise verify_as_reply() will fail for all renewable tickets
Ken Raeburn [Wed, 28 May 2003 02:16:30 +0000 (02:16 +0000)]
Rename interface to krb5_524_convert_creds, export it from krb5 library.
Provide old names as functions for UNIX/MacOS binary compatibility, and
deprecated macros for source code compatibility. (For Windows, we'll still
need a krb524.dll, and it can worry about providing the old names.) Enable
support on Windows always.
Ken Raeburn [Sat, 24 May 2003 04:51:38 +0000 (04:51 +0000)]
Big step towards integrating libkrb524 into libkrb5:
Move libkrb524 code, including error table, into libkrb5. Now libkrb5
initialization pulls in the krb524 error table, so krb524_init_ets is
gone; all calls deleted.
Move krb4 life/time conversion functions into libkrb5 under new names,
using accessor hooks to get at them from libkrb4.
Move declarations from krb524.h into krb5.h, k5-int.h, or krb524d.h;
the last doesn't get copied into the include directory. Changed
inclusions of krb524.h to the appropriate files, if any were needed.
Rebuilt dependencies in Makefiles.
These changes are likely to break the Windows build; I'll look into
that soon.
Ken Raeburn [Fri, 23 May 2003 23:55:12 +0000 (23:55 +0000)]
update descriptions of OS-specific configure options
* build.texinfo (HPUX, Solaris 2.X, Ultrix 4.2/3 [notdef]): Replace
descriptions of old --with- options with VAR=.
(Solaris 2.X): Suggest that defining _XOPEN_SOURCE and __EXTENSIONS__ might
help for 64-bit mode.
Sam Hartman [Fri, 23 May 2003 16:41:43 +0000 (16:41 +0000)]
use kdc_default_options
The documentation and context initialization supports an option called
kdc_default_options which is an integer that sets the default KDC
request flags. Make the code actually use the option.
projects / thirdparty / krb5.git / log
