Ken Raeburn [Mon, 26 Jun 2006 23:47:03 +0000 (23:47 +0000)]
* kdc/network.c (make_toolong_error): New function.
(process_tcp_connection): If the specified length exceeds the internal limit,
stop reading and send back a FIELD_TOOLONG error.
* tests/dejagnu/krb-standalone/standalone.exp (doit): When testing TCP mode,
connect to the KDC and send a length of -1, and check that it sends back a
non-empty message.
Jeffrey Altman [Sun, 25 Jun 2006 19:21:41 +0000 (19:21 +0000)]
NetIDMgr updates
* add scrollbars to option tree pane in configuration dialog
* convert to using Microsoft's safe string library both to ensure
safe string manipulation and to avoid deprecation warnings
* disable deprecation warnings for Platform SDK header shlwapi.h
which cannot otherwise be compiled
* add kerberos 5 kvno property to tickets. display in properties
dialog and main window if column selected by user
* improve manifest handling in order to support both manifests
generated by the compiler and those hand crafted in order to
specify the correct versions of the custom control libraries.
* update khimaira message types and credential acquisition
documentation
Ken Raeburn [Sat, 24 Jun 2006 02:39:52 +0000 (02:39 +0000)]
Fix krb5_get_profile to create a new profile duplicating the list of
files from the one in the provided context, instead of constructing
and checking the file list from scratch. Uses a new function in the
profile library, not put into the public API yet.
* util/profile/prof_init.c (profile_copy): New function.
* util/profile/prof_int.h (profile_copy): Declare it.
* lib/krb5/os/Makefile.in (LOCALINCLUDES): Look in the profile source dir.
* lib/krb5/os/init_os_ctx.c (krb5_get_profile): Replace all the previous code
with a call to profile_copy.
Tom Yu [Thu, 22 Jun 2006 22:23:02 +0000 (22:23 +0000)]
* src/lib/krb5/krb/srv_rcache.c (krb5_get_server_rcache): Apply
patch from Rainer Weikusat to avoid double-free when
rc_resolve_full() fails due to misconfiguration.
Tom Yu [Thu, 22 Jun 2006 21:31:15 +0000 (21:31 +0000)]
* src/lib/kadm5/ovsec_glue.c:
* src/lib/kadm5/unit-test/init-test.c:
* src/lib/kadm5/unit-test/iter-test.c:
* src/lib/kadm5/unit-test/lock-test.c: Include string.h to avoid
implicit definitions. Patch from Michael Calmer.
Ken Raeburn [Thu, 22 Jun 2006 19:18:19 +0000 (19:18 +0000)]
(clean-unix): Use DEPTARGETS_CLEAN instead of DEPTARGETS.
(DEPTARGETS_CLEAN, DEPTARGETS_@top_srcdir@_.): New targets; define so that
DEPTARGETS_CLEAN has the DEP_VERIFY targets only at the top level.
Sam Hartman [Thu, 22 Jun 2006 18:43:20 +0000 (18:43 +0000)]
r18022@luminous: jaltman | 2006-05-19 05:18:37 -0400
Updates of portable CCAPI sources. All code compiles.
r18025@luminous: jaltman | 2006-05-20 23:48:39 -0400
Construct an outline of a sample platform specific main.c
Add ccs_serv_cleanup() routine. Currently does nothing.
Correct field names used within the authorization check.
r18026@luminous: jaltman | 2006-05-22 02:25:43 -0400
More byte order conversions in the server operations code.
r18027@luminous: jaltman | 2006-05-22 13:12:49 -0400
Source files containing common routines used by both
the client and the server.
r18028@luminous: jaltman | 2006-05-22 13:17:07 -0400
Move msg.c and marshall.c to common library.
Add dllmain.c which contains the Windows DllMain() entry
point. This must be moved later to a Windows specific
directory.
Cleanup type usage and function name references.
All that is missing now from the client DLL is a definition
of cci_perform_rpc() which is the entry point to the IPC
routine.
r18029@luminous: jaltman | 2006-05-22 13:18:27 -0400
Move generic list functions to common/generic_lists.c
so they can be used by both the client dll and the server.
r18094@luminous: jaltman | 2006-06-09 10:42:04 -0400
* corrections to windows rpc layer
* corrections to network byte order conversions
r18095@luminous: lxs | 2006-06-09 17:46:24 -0400
cci_msg_retrieve_blob(): changed argument 4 from void** to char**
to suppress the warnings from gcc.
r18096@luminous: lxs | 2006-06-09 17:55:32 -0400
moved enum cc_list_type to generic_lists.h to avoid "incomplete enum"
warnings when compiling generic_lists.c
r18097@luminous: lxs | 2006-06-09 17:56:15 -0400
Removed ancient Metrowerks tests from public headers.
r18098@luminous: lxs | 2006-06-09 17:57:20 -0400
Include string.h to get memcpy, strlen, etc on BSD OSes.
r18099@luminous: lxs | 2006-06-09 17:59:36 -0400
Added Mac OS X project file and Mach-IPC support code
r18193@luminous: jaltman | 2006-06-22 12:57:14 -0400
This commit updates lib/krb5/ccache/ccapi to support CCAPI Version 3
and above. Specify -DUSE_CCAPI_V3=1 when compiling to use CCAPI Version 3
r18194@luminous: jaltman | 2006-06-22 12:58:37 -0400
Fix parameter name in cc_credentials_iterator_t next()
Tom Yu [Wed, 21 Jun 2006 21:08:31 +0000 (21:08 +0000)]
cease export of krb5_gss_*
* src/lib/gssapi/libgssapi_krb5.exports: Cease export of krb5
mechanism entry points which were once equivalent to GSS-API entry
points. These were never public interfaces, and calling them
directly now can cause problems. Also, cease export of some
other internal symbols.
ticket: new
target_version: 1.5
tags: pullup
component: krb5-libs
Ken Raeburn [Wed, 21 Jun 2006 00:28:21 +0000 (00:28 +0000)]
(GET_HOST_BY_NAME, GET_HOST_BY_ADDR) [GETHOSTBYNAME_RETURNS_INT]: Test
the output hostent pointer as an additional way of checking for errors.
Original patch from Nalin Dahyabhai, needed some tweaking to fit in
current sources, especially as updated in ticket 3911.
Ken Raeburn [Tue, 20 Jun 2006 23:59:11 +0000 (23:59 +0000)]
getaddrinfo code uses vars outside of storage duration
The calls to gethostbyname_r and friends were wrapped in macros that declared
automatic variables for the auxiliary storage needed, but the pointers returned
by the functions would be used outside of that scope, when the storage would no
longer be valid.
Changed the macro interfaces to define new types for the auxiliary storage, and
add a new argument to the macros referring to that storage. Changed call sites
accordingly.
Ken Raeburn [Tue, 20 Jun 2006 23:27:01 +0000 (23:27 +0000)]
(kadmin_cpw): Don't crash if principal name is not given. Based on a
patch from S Rahul.
(extended_com_err_fn): If error code is zero, don't fetch an error message.
Russ Allbery [Tue, 20 Jun 2006 21:45:16 +0000 (21:45 +0000)]
In verify_krb_v4_tgt, use an unsigned KRB4_32 to store an address rather
than an unsigned long to avoid memcpying past the end of a structure on
64-bit platforms.
Russ Allbery [Mon, 19 Jun 2006 23:37:09 +0000 (23:37 +0000)]
Pass in the correct value for the first argument of select (one larger
than the largest file number in the select set) rather than some multiple
of sizeof some struct. The latter is large enough accidentally work, but
breaks on AIX.
Map IPv4-mapped IPv6 addresses back to IPv4 in krshd for the purposes of
connecting back to the remote system on AIX, since on AIX getnameinfo
returns such addresses but connect won't accept them.
Jeffrey Altman [Mon, 19 Jun 2006 17:33:36 +0000 (17:33 +0000)]
Export krb5_gss_register_acceptor_identity in KFW
krb5_gss_register_acceptor_identity is a gss krb5 extension that is
part of the public ABI. It does not have a gss_krb5_* name due to
historical reasons. Instead there is a gss_krb5_register_acceptor_identity
macro that uses this export.
Ken Raeburn [Fri, 16 Jun 2006 00:26:49 +0000 (00:26 +0000)]
Remove -lkrb5support, which should be for internal use only, from the displayed
list of libraries. This means the output is not suitable for linking against
static libraries built from the tree, but prevents us from committing to
keeping libkrb5support.1 in all future Mac shared-library builds (in addition
to the libkrb5support.0 we're stuck with for non-Mac UNIXy shared-library
builds).
Ken Raeburn [Fri, 16 Jun 2006 00:10:08 +0000 (00:10 +0000)]
ftpd's getline conflicts with current glibc headers
Reported by Ubaidul Khan on kerberos@mit this date.
GNU libc includes a function getline with an incompatible prototype.
It hasn't caused problems for MIT on RHEL 4 (glibc 2.3.4), but
apparently FC5 has a newer set of headers in which it does.
* ftpcmd.y (getline): Renamed to ftpd_getline. Declarations and callers
changed.
* ftpd.c (getline): Remove duplicate declaration.
Ken Raeburn [Thu, 15 Jun 2006 22:01:57 +0000 (22:01 +0000)]
(kadmin_startup): Properly skip "\@" and "\/" sequences when
processing principal name, rather than going into an infinite loop.
Suggested by Mark Phalan at Sun.
Ken Raeburn [Wed, 14 Jun 2006 23:44:48 +0000 (23:44 +0000)]
Some simple transformations:
Use ANSI C function definitions instead of old K&R style.
Rename local variable "res" to "clnt_res".
Cast clnt_call arguments to xdrproc_t and caddr_t.
This brings the code more in line with what current (RHEL) rpcgen would do.
Russ Allbery [Wed, 14 Jun 2006 20:31:52 +0000 (20:31 +0000)]
When NULL is passed into krb_get_in_pw_tkt, we only want to prompt once
for the password rather than passing NULL along to each string to key
function causing each to prompt independently. Modify krb_get_in_pw_tkt
to call des_read_pw_string directly and then pass the resulting password
into each string to key function as needed. Add a prototype of
des_read_pw_string to krb4int.h since it's an exported function of
libdes425 but isn't prototyped in des.h.
Russ Allbery [Tue, 13 Jun 2006 16:03:12 +0000 (16:03 +0000)]
telnet help should telnet to a host named help, not display a usage
message. Only support ?, not help, to request help with the open
command. The same change was made in netkit's telnet.
Russ Allbery [Tue, 13 Jun 2006 15:18:04 +0000 (15:18 +0000)]
POSIX allows getpwnam_r and getpwuid_r to return 0 (success) even if the
username or UID could not be found, in which case OUT will be set to
NULL. Elsewhere, code assumes that if k5_getpwnam_r or k5_getpwuid_r
returns 0, OUT is non-NULL. Check whether OUT is NULL and adjust the
return value accordingly in the k5_getpw{nam,uid}_r wrappers.
Russ Allbery [Mon, 12 Jun 2006 19:59:35 +0000 (19:59 +0000)]
Always include sys/ioctl.h in the telnet and telnetd code, even if
sys/filio.h is available. GNU/kFreeBSD has sys/filio.h but still
requires sys/ioctl.h, and sys/ioctl.h is included unconditionally
elsewhere in the code. Patch from Petr Salinger.
Russ Allbery [Mon, 12 Jun 2006 19:47:52 +0000 (19:47 +0000)]
Never return -I/usr/include from --cflags. It's already in the default
compiler search path, causes gcc warnings, and can cause obscure failures
with gcc by including system headers before gcc's internal headers.
Russ Allbery [Mon, 12 Jun 2006 18:58:01 +0000 (18:58 +0000)]
Always initialize the output token in gss_init_sec_context as required
by RFC 2744 section 5.19. The krb5 code did this but the generic code
didn't, causing a double-free in OpenSSH.
Russ Allbery [Mon, 12 Jun 2006 18:35:03 +0000 (18:35 +0000)]
If krb5_gss_canonicalize_name is given GSS_C_NULL_OID as the mechanism,
assume krb5 using similar logic as other library functions rather than
failing. Patch provided by Daniel Kahn Gillmor.
Russ Allbery [Mon, 12 Jun 2006 18:19:26 +0000 (18:19 +0000)]
Document the authorization logic used in the absence of .k5login files.
Remove all remaining references to .rhosts authentication; the code to
implement this was already removed.
Ken Raeburn [Sat, 10 Jun 2006 01:05:40 +0000 (01:05 +0000)]
Since it appears we don't actually set the conf_tgs_ktypes field except in this
initial allocation of zero elements, it can be deleted, along with
conf_tgs_ktypes_count and the associated code...
Temporarily copied KerberosIPC libary from the KfM repository for
testing purposes. Note that this will be removed when the CCAPI
branch is merged onto the trunk.
projects / thirdparty / krb5.git / log
