Ken Raeburn [Sat, 24 May 2003 04:51:38 +0000 (04:51 +0000)]
Big step towards integrating libkrb524 into libkrb5:
Move libkrb524 code, including error table, into libkrb5. Now libkrb5
initialization pulls in the krb524 error table, so krb524_init_ets is
gone; all calls deleted.
Move krb4 life/time conversion functions into libkrb5 under new names,
using accessor hooks to get at them from libkrb4.
Move declarations from krb524.h into krb5.h, k5-int.h, or krb524d.h;
the last doesn't get copied into the include directory. Changed
inclusions of krb524.h to the appropriate files, if any were needed.
Rebuilt dependencies in Makefiles.
These changes are likely to break the Windows build; I'll look into
that soon.
Ken Raeburn [Fri, 23 May 2003 23:55:12 +0000 (23:55 +0000)]
update descriptions of OS-specific configure options
* build.texinfo (HPUX, Solaris 2.X, Ultrix 4.2/3 [notdef]): Replace
descriptions of old --with- options with VAR=.
(Solaris 2.X): Suggest that defining _XOPEN_SOURCE and __EXTENSIONS__ might
help for 64-bit mode.
Sam Hartman [Fri, 23 May 2003 16:41:43 +0000 (16:41 +0000)]
use kdc_default_options
The documentation and context initialization supports an option called
kdc_default_options which is an integer that sets the default KDC
request flags. Make the code actually use the option.
Tom Yu [Wed, 21 May 2003 23:55:58 +0000 (23:55 +0000)]
Set length correctly in krb5_get_in_tkt_with_password if password is
actually passed in. Also, fix test suite to be more lenient about
password prompts, which changed under the previous patches for this
ticket.
Sam Hartman [Tue, 20 May 2003 21:22:48 +0000 (21:22 +0000)]
Implement krb5_get_in_tkt_with_password and
krb5_get_in_tkt_with_keytab in terms of krb5_get_init_creds.
It turns out that these do in fact need to use get_init_creds not
get_init_creds_{password,keytab} because of those functions do not
allow the AS request to be returned.
Sam Hartman [Mon, 19 May 2003 17:34:41 +0000 (17:34 +0000)]
Register writable keytabs by default
We have a customer requirement to support writable keytabs using the
public API in 1.3 Discussion on krbcore indicates there is no good
reason why these are not registered by default. So, they are now
registered by default.
Also adjust other code in the tree not to try and register them.
Ticket: new
Target_Version: 1.3
Component: krb5-libs
Tags: pullup
Tom Yu [Sun, 18 May 2003 05:16:05 +0000 (05:16 +0000)]
Sequence numbers are now unsigned. Implement lenient parser for
sequence numbers which folds received negative sequence numbers into
positive unsigned numbers. Constrain the space of initial sequence
numbers to facilitate backwards compatibility.
Ken Raeburn [Wed, 14 May 2003 20:48:22 +0000 (20:48 +0000)]
Be more friendly towards parallel builds
* Makefile.in ($(EHDRDIR)$(S)timestamp): New target, used for ensuring
$(EHDRDIR) exists.
(clean-unix): Delete the dummy file.
($(EHDRDIR)$(S)gssapi.h): Depend on it, instead of creating the directory here.
($(EHDRDIR)$(S)gssapi_generic.h): Likewise.
Sam Hartman [Mon, 12 May 2003 18:04:31 +0000 (18:04 +0000)]
Don't #include compile_et .c files
At least the e2fsprogs compile_et produces .c files that duplicate
definitions found in com_err.h and so you need to avoid including
those .c files in other files.
In order to do this we duplicate the string tables.
Ezra Peisach [Mon, 12 May 2003 09:29:46 +0000 (09:29 +0000)]
Cleanup memory in asn.1 testsuite to allow for leak checking
* krb5_decode_test.c: Modify decode_run macro to take a cleanup
handler to free allocated memory. Add static handlers to free
krb5_alt_method, passwd_phrase_element and krb5_enc_data as the
krb5 library does not handle at this time.
* krb5_encode_test.c: Free krb5_context at end. Utilize the many
ktest_empty and detroy functions to cleanup memory.
* ktest.h, ktest.c: Add many ktest free and empty functions to
cleanup allocated structures in tests.
Sam Hartman [Mon, 12 May 2003 02:59:06 +0000 (02:59 +0000)]
* IMplement etype_info in KDC. If the request contains any new
enctypes (currently AES but anything not explicitly listed as old)
then only etype_info2 is sent back in response. Send back etype_info2
all the time. Also send back etype_info2 to provide salt and
s2kparams with AS reply not just for preauth errors.
* Expose interface for getting string2key with parameters (previously
implemented but not exported)
* IN the client (at least for get_init_creds interface) prfer
etype_info2 to etype_info and pw_salt. Pass s2kparams and use
string2key_with_params.
Ken Raeburn [Sat, 10 May 2003 02:09:34 +0000 (02:09 +0000)]
Add a new krb5_context field for the config-file tgs_enctypes, which
applications cannot override, and use it for ticket-granting tickets needed to
acquire some desired service ticket.
Tom Yu [Sat, 10 May 2003 00:01:04 +0000 (00:01 +0000)]
Rename the local_subkey and remote_subkey fields in the auth_context
to send_subkey and recv_subkey, respectively. Add new APIs to query
and set these fields. Change the behavior of mk_req_ext, rd_req_dec,
and rd_rep to set both subkeys. Applications wanting to set
unidirectional subkeys may still do so by saving the values of subkeys
and doing overrides. Cause mk_cred, mk_priv, and mk_safe to never use
the recv_subkey. Cause rd_cred, rd_priv, and rd_safe to never use the
send_subkey.
ticket: 1415
status: open
tags: pullup
target_version: 1.3
Added option to search paths correctly with new tools and to include TargetConditionals.h so that TARGET_OS_MAC is defined for all files in the build system, not just those that include krb5.h
Sam Hartman [Wed, 7 May 2003 21:15:06 +0000 (21:15 +0000)]
Reorganize kdc_preauth enctype handling
Patch from Sun to reorganize and better abstract kdc_preauth.c's
enctype info handling. This will make it easier to implement
etype_info2 so I'm committing it.
* init_os_ctx.c: Added support for KLL's __KLAllowHomeDirectoryAccess() function so that krb4, krb5 and gssapi will not access the user's homedir if the application forbids it
Added krb5_set_password, krb5_set_password_using_ccache, krb5_c_random_os_entropy, krb5_c_random_add_entropy, krb5_c_init_state, and krb5_c_free_state to the export file for KfM. (RT bug #1462)
* kadm_stream.c: Fixed vts_long() and vts_short() so they return a pointer to the beginning of the memory they allocate and place their data at the end of the buffer which was passed in
Sam Hartman [Mon, 28 Apr 2003 21:38:02 +0000 (21:38 +0000)]
set-change password breaks kpasswd
In some cases a null realm argument was passed into the function for
locating the kpasswd server. This ended up causing segfaults in
kpasswd. Fix to use the right realm.
Sam Hartman [Sun, 27 Apr 2003 21:07:21 +0000 (21:07 +0000)]
krb5_setpw_result_string should be internal
Make krb5_setpw_result_string a krb5int_ function prototyped in
k5-int.h. The prototype was already there, but the code did not match
the function name.
This needs to be pulled up to the release branch to fix Windows build because of a KRB5_CALLCONV issue.
Ken Raeburn [Fri, 25 Apr 2003 03:09:57 +0000 (03:09 +0000)]
Require only autoconf 2.52. Try --include argument to autoconf and autoheader,
and if the command fails, try it again with --localdir; don't tie it to some
previously used version of autoconf.
Ken Raeburn [Thu, 24 Apr 2003 02:33:04 +0000 (02:33 +0000)]
Simplify autoconf compatibility by requiring that we always have a version that
supports --include, instead of assuming that whether the autoconf to be run
supports it is the same as whether the autoconf used to generate the current
configure scripts supported it.
* aclocal.m4: Require autoconf 2.53.
(CONFIG_RULES): Always set AUTOCONFINCFLAGS to --include.
* kfree.c (krb5_free_pwd_sequences): Actually free the entire
sequence of passwd_phase_elements and not just the first one.
In our tree, this code is only used by krb5_free_pwd_data() which is
subsequently not used anywhere else. Perhaps all code pertaining to pwd
data (asn.1 decoders, encoders, etc. should be removed)
ticket: new
component: krb5-libs
target_version: 1.3
tags: pullup
Ken Raeburn [Fri, 18 Apr 2003 10:08:30 +0000 (10:08 +0000)]
Test AES. ** Not all tests pass at present. **
* default.exp: Add passes for testing AES.
(start_kerberos_daemons): Add a small delay between starting the "tail -f"
processes and appending the markers to their files.
(spawn_xterm): Add RLOGIN, RLOGIND, FTP, and FTPD to the list of variables to
export to the environment. Check that variables are defined before exporting
them.
* g_ad_tkt.c: Added support for login library to get_ad_tkt. Support is copied from Mac Kerberos4 library and conditionalized for USE_LOGIN_LIBRARY to avoid changing get_ad_tkt's behavior for non-Kerberos Login Library builds
projects / thirdparty / krb5.git / log
