Jeffrey Altman [Wed, 30 Nov 2005 16:06:00 +0000 (16:06 +0000)]
Remove the case sensitive comparisions of registry entry
and schema strings. Microsoft uses HKLM\"SOFTWARE" and
HKCU\"Software". This means the encoding schema that was
selected does not work and the conflict in case prevents
plugins from being loaded.
Better to enable plugins to work than to allow two realms
that differ only by case on the same platform during the
beta.
Jeffrey Altman [Tue, 29 Nov 2005 22:22:43 +0000 (22:22 +0000)]
KFW Logon Network Provider
The Logon Network Provider works like the OpenAFS Integrated
Logon. It uses the username entered by the user and the
default realm obtained from krb5.ini and the user entered
password. If possible, tickets are obtained and imported
into the user's CCAPI credential cache.
ticket: new
component: windows
target_version: 1.4.4
status: resolved
tags: pullup
Ken Raeburn [Tue, 29 Nov 2005 07:38:45 +0000 (07:38 +0000)]
Tru64 compilation fails after k5-int.h/krb5.h changes
Due to some silliness in db-config.h and the Tru64 system header files, an
accidental change in the order of inclusion of certain headers caused the build
to fail.
With this patch, "make all" succeeds, but "make check" fails partway through;
I'm still investigating, and don't know at this point if there are additional
compilation problems.
* policy_db.h: Include db.h after gssrpc/types.h, to fix compilation on Tru64.
Ken Raeburn [Tue, 29 Nov 2005 04:31:03 +0000 (04:31 +0000)]
* shlib.conf (*-*-solaris*): Include $(CFLAGS) in LDCOMBINE. Don't use
compiler command-line options for initializers for Solaris 7 and earlier native
compilers.
Ken Raeburn [Fri, 18 Nov 2005 01:22:06 +0000 (01:22 +0000)]
Fix additional cases where krb5.h is included before k5-int.h. In most cases,
it suffices to remove the inclusion of k5-int.h, sometimes including errno.h or
another header. In a couple cases, include order has been changed, or k5-int.h
has been included instead of krb5.h.
Jeffrey Altman [Tue, 15 Nov 2005 00:31:41 +0000 (00:31 +0000)]
This commit ensures that all files in the library include
k5-int.h before krb5.h is included either directly or
indirectly. This is to allow Kerberos to use pre-processor
symbols to choose configurations of C run time library headers
without affecting third party applications.
Jeffrey Altman [Tue, 15 Nov 2005 00:16:17 +0000 (00:16 +0000)]
* Correct function prototypes that should have been using
krb5_timestamp in order to prevent type conflicts if
krb5_timestamp ever becomes a 64-bit value
* Force the use of 32-bit time_t with Microsoft's VS 2005
compiler on 32-bit platforms
Jeffrey Altman [Tue, 1 Nov 2005 04:23:52 +0000 (04:23 +0000)]
For KFW 3.0 Beta 1
- supports Network Identity Manager framework
- moves leash32.exe to a new disabled component
- auto-generates a new product id with each build
Jeffrey Altman [Mon, 31 Oct 2005 19:23:19 +0000 (19:23 +0000)]
* acquire_cred.c (acquire_init_cred):
If a specific principal has been requested, attempt to acquire
tickets and set the ccache name in the context to the ccache
containing the tickets if obtained. (KFM/KFW)
* ccdefault.c:
(krb5int_cc_default) - add KFW support for multiple ccaches
When passed GSS_C_INITIATE and a non-NULL desired name, gss_acquire_cred
should search the available credentials caches rather than simply failing
if tickets for the desired client principal are not in the default ccache.
(this is the KfM-specific portion of the patch -- still need KfW portion)
Ken Raeburn [Thu, 27 Oct 2005 09:38:05 +0000 (09:38 +0000)]
If configure scripts set build_dynobj=yes, force build of shared objects and
not static objects; set it in the db2 directories. Fix up some bugs in Mac
support just checked in for building plugin modules.
Ken Raeburn [Thu, 27 Oct 2005 06:59:22 +0000 (06:59 +0000)]
Roll all the "make depend" transformations into one perl script
* util/depfix2.pl: Incorporate all substitutions from depfix.sed.
* util/depfix.sed: Deleted.
* config/post.in (.depend): Don't run sed, just use perl.
Ken Raeburn [Thu, 27 Oct 2005 05:19:45 +0000 (05:19 +0000)]
Allow dynamic-object dependencies and build flags to be specified as distinct from
shared-library dependencies and flags. Define them for the Mac, default to same as
shared-library versions on other platforms.
* config/shlib.conf: Set DYNOBJ_EXPDEPS and DYNOBJ_EXPFLAGS.
(*-*-darwin*): Change MAKE_DYNOBJ_COMMAND definition to use DYNOBJ_EXPFLAGS and
DYNOBJ_LOADER_PROG instead of SHLIB_EXPFLAGS and a hardcoded pathname to the KDC binary,
respectively.
* config/pre.in (DYNOBJ_EXPDEPS, DYNOBJ_EXPFLAGS): New variables.
* config/libnover.in ($(LIBBASE)$(DYNOBJEXT)): Use DYNOBJ_EXPDEPS instead of SHLIB_EXPDEPS
in dependencies.
* aclocal.m4 (KRB5_BUILD_LIBRARY_WITH_DEPS): Substitute DYNOBJ_EXPDEPS and DYNOBJ_EXPFLAGS.
* modules/kdb/db2/Makefile.in (DYNOBJ_LOADER_PROG, DYNOBJ_EXPFLAGS_WITH_LOADER,
DYNOBJ_EXPDEPS_WITH_LOADER): New variables.
Ken Raeburn [Fri, 21 Oct 2005 01:17:20 +0000 (01:17 +0000)]
Jeff's patches for a multi-threaded gss-sample suite, modified to not break the
single-threaded UNIX case. (Tested on Linux/x86.) Needs stylistic cleanup at
some point.
Jeffrey Altman [Thu, 20 Oct 2005 20:03:03 +0000 (20:03 +0000)]
gssapi_krb5.hin: Add missing GSS_DLLIMP modifiers to all exported
data objects exported from the gssapi32.lib so that the applications
that link to it know that it is there.
Tom Yu [Thu, 13 Oct 2005 22:42:26 +0000 (22:42 +0000)]
* kdc_preauth.c (etype_info_as_rep_helper): New function; shared
code for handling ETYPE-INFO and ETYPE-INFO2. Checks request for
"newer" enctypes and does not return an ETYPE-INFO if any "newer"
enctypes are present in the request. Reported by Will Fiveash.
(return_etype_info2, return_etype_info): Implement in terms of
etype_info_as_rep_helper.
Tom Yu [Wed, 12 Oct 2005 19:56:41 +0000 (19:56 +0000)]
* kdc_preauth.c (return_etype_info2): Apply patch from Will
Fiveash to use reply key's enctype, not the long-term key's
enctype, to avoid some enctype similarity problems.
Ken Raeburn [Thu, 6 Oct 2005 21:17:33 +0000 (21:17 +0000)]
Reduce work done on a second "make" pass over the tree, by not regenerating
lots of makefiles in the process of creating autoconf.h. I think the autoconf
bug that was being worked around in 1996 has since been fixed.
* Makefile.in (autoconf.stamp): When running config.status, only rebuild
autoconf.h.
* config/libnover.in (darwin.exports): New target.
($(LIBBASE)$(DYNOBJEXT)): New target, instead of $(LIBBASE)$(SHLIBVEXT).
(all-libs): Build $(LIBBASE)$(DYNOBJEXT).
(install-shared): Use DYNOBJEXT.
* config/pre.in (DYNOBJEXT, MAKE_DYNOBJ_COMMAND): New variables.
* config/shlib.conf: Set DYNOBJEXT, MAKE_DYNOBJ_COMMAND to the SHLIB versions.
For Darwin, set them to create a .so bundle, and set SHLIB_EXPORT_FILE_DEP to
darwin.exports.
* config/pre.in (DB_DEPLIB, DB_DEPLIB-k5, DB_DEPLIB-sys, DB_VERSION, DB_DEPS,
DB_DEPS-sys, DB_DEPS-k5, DB_DEPS-redirect, DB_LIB, KDB5_DB_LIB): Variables
deleted.
(KDB5_LIBS): Set to just $(KDB5_LIB).
* modules/kdb/db2/Makefile.in (DB_VERSION, DB_DEPS, DB_DEPS-sys, DB_DEPS-k5,
DB_DEPS-redirect, DB_LIB, KDB5_DB_LIB, DB_DEPLIB, DB_DEPLIB-k5, DB_DEPLIB-sys):
Variable definitions moved here from config/pre.in.
(SHLIB_EXPLIBS): Only use gssrpc and KDB5_DB_LIB.
* modules/kdb/db2/libdb2/test/Makefile.in (DB_LIB, DB_DEPLIB): Define here now.
Ken Raeburn [Tue, 4 Oct 2005 20:27:33 +0000 (20:27 +0000)]
* kdb5.c (kdb_get_conf_section): If the default realm is null, return null.
(krb5_db_open): Don't pass null pointer to sprintf if default_realm is null.
Ken Raeburn [Tue, 4 Oct 2005 20:24:14 +0000 (20:24 +0000)]
* create/kdb5_mkdums.c (set_dbname_help): Set default realm and construct an
argument vector describing the database pathname, before calling krb5_db_open.
* verify/kdb5_verify.c (set_dbname_help): Likewise.
Tom Yu [Thu, 22 Sep 2005 16:44:20 +0000 (16:44 +0000)]
fix krb5_mk_rep subkey leaks
* mk_req_ext.c (krb5int_generate_and_save_subkey): Check for and
free pre-existing subkeys before clobbering the pointers. This
fixes some memory leaks.
ticket: new
target_version: 1.4.3
tags: pullup
component: krb5-libs
Tom Yu [Thu, 22 Sep 2005 02:48:09 +0000 (02:48 +0000)]
fix memory leaks in krb5_gss_import_name() and krb5_gss_inquire_cred()
* import_name.c (krb5_gss_import_name): Add missing free of tmp in
an error case to fix a memory leak.
* inq_cred.c (krb5_gss_inquire_cred): Memory leak fixes: call
krb5_gss_release_cred() with address of cred, not cred; add
missing call to krb5_gss_release_cred() in an error case.
ticket: new
target_version: 1.4.3
tags: pullup
component: krb5-libs
Tom Yu [Wed, 21 Sep 2005 22:58:07 +0000 (22:58 +0000)]
krb5_gss_inquire_cred can copy out uninitialized pointer
* inq_cred.c (krb5_gss_inquire_cred): Initialize ret_name to
NULL. Only call kg_save_name() if ret_name is actually non-NULL.
Return GSS_C_NO_NAME for now if no principal name in the cred.
Reported by Christoph Weizen.
ticket: new
version_reported: 1.4.2
target_version: 1.4.3
tags: pullup
component: krb5-libs
Ken Raeburn [Fri, 9 Sep 2005 21:30:38 +0000 (21:30 +0000)]
mine:
* fake-addrinfo-test.c: New file.
* Makefile.in (check): Do pass arguments to addrinfo-test invocation added by
Marc's patch.
(fake-addrinfo-test): New target.
(all): Depend on it.
(SRCS): Fix typo in last change. Add fake-addrinfo-test.c.
(OBJS): Add fake-addrinfo-test.o.
from Marc Aurele La France:
* Makefile.in: Build addrinfo-test.
* addrinfo-test.c (main): 'numeric' -> 'numerichost'; Add -n option to set
AI_NUMERICSERV (if available); print usage message when no arguments are
given.
Ken Raeburn [Fri, 9 Sep 2005 21:22:18 +0000 (21:22 +0000)]
patch from Marc Aurele La France:
* shlib.conf (case *-*-aix5.3*): Generate proper shared libraries acceptable
to dlopen(3) (as in mechglue, for example). Allows for building both shared
and static libraries in one run. Only done for AIX 5.3, but probably should be
done for earlier versions.
Ken Raeburn [Thu, 8 Sep 2005 01:44:53 +0000 (01:44 +0000)]
* default.exp: Initialize can_get_root to yes.
(setup_root_shell): If can_get_root is "no", log a message and return, without
making another attempt. On failing attempts, set can_get_root to "no".
projects / thirdparty / krb5.git / log
