Temporarily copied KerberosIPC libary from the KfM repository for
testing purposes. Note that this will be removed when the CCAPI
branch is merged onto the trunk.
Ken Raeburn [Thu, 18 May 2006 04:22:15 +0000 (04:22 +0000)]
* configure.in: Set and substitute KSU_LIBS, SETENVOBJ, DO_TCL. Generate
makefiles for util/et, util/profile, lib/kdb, clients and those clients
subdirectories built on UNIX, rather than running configure there.
Deleted configure.in scripts for those directories, and changed
Makefile.in definitions of thisconfigdir and mydir.
Ken Raeburn [Tue, 16 May 2006 02:56:59 +0000 (02:56 +0000)]
Don't look for pthread_mutexattr_setrobust_np
Apparently Red Hat's Fedora Core 5 defines it but doesn't declare it,
so we'd have to declare it before testing the address. While it was
once useful for checking whether the pthread code had been loaded, I
think the other tests done now are more effective and this isn't
needed any more.
Ken Raeburn [Tue, 16 May 2006 01:45:00 +0000 (01:45 +0000)]
* lib/kadm5/alt_prof.c (kadm5_get_config_params): Replace filename and
envvar arguments with a flag indicating whether KDC config data should
be used. Prototype and all callers changed.
(krb5_read_realm_params): Delete config file and env var arguments.
Prototype and all callers changed.
* lib/kadm5/admin.h (KADM5_CONFIG_PROFILE): Commented out.
(struct _kadm5_config_params): Delete field PROFILE.
* lib/kadm5/alt_prof.c (kadm5_get_config_params): Don't look at it.
(kadm5_free_config_params): Don't free it.
* kadmin/testing/tcl/util.t: Remove profile data from config params.
* kadmin/testing/util/tcl_kadm5.c (config_mask_flags): Deleted
KADM5_CONFIG_PROFILE entry.
(parse_config_params): Changed to require 20 parameters instead of 21.
* lib/kadm5/unit-test/api.2/init-v2.exp (test100): Deleted.
* lib/kadm5/alt_prof.c (krb5_aprof_init): Fetch the list of config files from
the library and add the caller-indicated config file to the front of the list.
* lib/krb5/os/init_os_ctx.c (add_kdc_config_file): New function.
(os_init_paths): Add new argument KDC; call add_kdc_config_file if true.
* lib/krb5/krb/init_ctx.c (krb5int_init_context_kdc): New function.
(init_common): Add new argument KDC, passed to krb5_os_init_context.
* lib/krb5/libkrb5.exports: Export krb5int_init_context_kdc.
* k5-int.h (krb5_os_init_context): Update decl.
* lib/kadm5/srv/server_init.c (kadm5_init): Call krb5int_init_context_kdc.
* krb524/krb524d.c (main): Likewise.
* lib/kadm5/unit-test/api.2/init-v2.exp: Don't run test 154 for error for
$KRB5_KDC_PROFILE file not present.
* lib/krb5/os/init_os_ctx.c (os_get_default_config_files): Rewrite KLL test so
as not to confuse Emacs indentation support.
* lib/gssapi/krb5/init_sec_context.c (kg_kdc_flag_mutex, kdc_flag): New
variables.
(krb5_gss_init_context, krb5_gss_use_kdc_context): New functions.
* lib/gssapi/krb5/gssapiP_krb5.h (kg_kdc_flag_mutex): Declare.
(krb5_gss_init_context, krb5_gss_use_kdc_context): Declare.
(krb5_init_context): Define as macro to invoke krb5_gss_init_context for now.
* lib/gssapi/gss_libinit.c (gssint_lib_init): Initialize the mutex.
(gssint_lib_fini): Destroy it.
* lib/gssapi/libgssapi_krb5.exports: Export krb5_gss_use_kdc_context.
* lib/kadm5/srv/server_init.c (kadm5_init): Don't complain if the config files
specify an admin server, since we now look at krb5.conf as well.
* lib/kadm5/unit-test/api.2/init-v2.exp: Delete test test114 for bad server
params.
Fixed the krb5_cc_gen_new memory ccache implementation and updated
krb5_verify_init_creds() and rd_and_store_for_creds() to use the
API properly (possible now that it's been fixed).
Jeffrey Altman [Tue, 9 May 2006 21:03:07 +0000 (21:03 +0000)]
plugins support requires a Windows equivalent to opendir and friends
This patch simply allows krb5 to build once again on Windows.
Windows does not have opendir() and friends. Instead Win32 API
functions must be used as described in
Ezra Peisach [Mon, 8 May 2006 18:05:47 +0000 (18:05 +0000)]
kdb_load_library(): SGI compiler requires that when initializing arrays
at declaration - only constants be used. [filebases]. Code was introduced with
17975 revision.
Need to export "kadm5_set_use_password_server" because it is used by
krb5kdc when USE_PASSWORD_SERVER is defined. Since the Mac builds this
way we need it in the export list. Unfortunately export lists don't get
preprocessed. Note that I only added this one function. The rest of the
password server functionality is still conditionalized around
USE_PASSWORD_SERVER.
Hopefully we can rip all this code out when Apple starts using the db plugin
interface for their password server integration.
Changed to krb5int_open_plugin_dirs/krb5int_close_plugin_dirs which
takes a list of filebases and directories rather than a list of full paths
so the caller doesn't have to generate the possibilities themselves.
krb5int_open_plugin_dirs will append the possible suffixes for that platform
(including no suffix in case there already is one on the file base).
Modified the kdb and locate kdc interfaces to use the new API.
Removed the unnecessary and incorrect (due to operator precedence) "== MPOOL_INUSE".
The previous code actually ended up checking if MPOOL_DIRTY (0x01) is set.
Ken Raeburn [Sat, 29 Apr 2006 07:06:34 +0000 (07:06 +0000)]
ipv4+ipv6 messages can trip up KDC replay detection
The replay lookaside cache includes the sending address, but the krb5
library replay cache does not. So, if the same message arrives from
two different source addresses, it is considered a replay by the KDC.
If the client isn't receiving the replies for some reason, and the
client has multiple addresses it uses to contact different addresses
on the KDC (and trying to reach the KDC via both IPv4 and IPv6 is an
obvious such case), this can cause errors to be returned by the KDC.
Ken Raeburn [Tue, 25 Apr 2006 07:21:19 +0000 (07:21 +0000)]
Change kdb plugin code to use the new plugin support instead of
directly calling dlopen and friends. Change the test config files to
refer to "db2.so" instead of "db2".
Ken Raeburn [Tue, 25 Apr 2006 06:27:07 +0000 (06:27 +0000)]
Update internal plugin interface to add an errinfo structure to "open"
and "get" routines, so that more detailed error information (e.g.,
from dlerror()) may be returned to the caller.
Ken Raeburn [Tue, 25 Apr 2006 05:09:48 +0000 (05:09 +0000)]
Change name of kdb function-table symbol from being derived from the
name of the library file (which may not be acceptable as a C symbol
name anyways) to "kdb_function_table" always.
Ken Raeburn [Tue, 25 Apr 2006 02:36:31 +0000 (02:36 +0000)]
Tweak configure script generation to check that all symbols produced
via AC_DEFINE are also present in the applicable configure-generated
header file, and error out otherwise. Currently doesn't apply in appl
and test trees.
* util/check-ac-syms: New script.
* config/post.in (.acsyms_okay): New target; runs check-ac-syms, unless we're
in the appl or tests trees.
(configure): Depend on .acsyms_okay.
* config/pre.in (AUTOCONF_HEADER): New variable.
* plugins/kdb/db2/libdb2/Makefile.in (AUTOCONF_HEADER): New variable.
Added CoreFoundation bundle plugin support to support library bundle plugin
code. Also modified plugin types so they allocate a list of pointers rather
than a list of structs so that we can reuse the code that generates the
pointer types. (Basically now krb5int_open_plugin_dir() can call
krb5int_open_plugin() rather than doing nearly the same thing.)
unsigned/signed int warnings in krb5_context variables
Change in_tkt_ktype_count, tgs_ktype_count and conf_tgs_ktypes_count in context to
unsigned int. Change get_profile_etype_list() to expect unsigned int as well.
Update shsUpdate to take an unsigned int length instead of signed.
The code already assumes that it is an integer >= 0. This change
cleans up a number of signed/unsigned warnings.
sha1/shs.h, shs.c, t_shs.c: change ints to unsigned int
dk/dk_encrypt.c: static function trunc_hmac change a signed int to unsigned
hash_provider/hash_sha1.c: Remove cast in argument to shsUpdate
Ken Raeburn [Wed, 19 Apr 2006 20:23:46 +0000 (20:23 +0000)]
* errors.c (krb5int_get_error): Try strerror_r if available before strerror.
* plugins.c (ERRSTR): New macro, tries strerror_r and uses strerror only if it
fails or isn't available.
(krb5int_open_plugin_dir): Use it.
When krb5_c_prf was added in r17219 to implement RFC 3961 PRF, the
prototype for krb5_c_prf has the incomming krb5_data not flagged as const.
The implementation usage in the dk_prf.c declare as const. Make everything
consistent.
Ken Raeburn [Tue, 18 Apr 2006 23:28:07 +0000 (23:28 +0000)]
* error_table.h (ET_EBUFSIZ): Increase to 1k.
* error_message.c (get_thread_buffer): New function, split out from
error_message.
(error_message): Call it. Also try strerror_r with the per-thread buffer, if
both are available, before trying strerror.
Ken Raeburn [Fri, 14 Apr 2006 22:38:00 +0000 (22:38 +0000)]
Move gmt_mktime.c from lib/krb5/os to util/support, and rename the function.
Stop exporting gmt_mktime from libkrb5, and export krb5int_gmt_mktime from
libkrb5support. Updated the one caller, asn1_decode.c.
identity/plugins/common/dynimport.c:
During the interop session we concluded that the ccapi32.dll should
not be required for netidmgr to operate. netidmgr should work with
only FILE: ccaches. After the interop the removal of the error
check post-load was not removed.
identity/doc/Makefile:
The 'clean' rules failed to specify the /Q switch which silently
removes the directory tree. As a result, during the build the
user was prompted.
Ken Raeburn [Thu, 13 Apr 2006 18:58:56 +0000 (18:58 +0000)]
Partial merge from Novell LDAP integration branch, not including the
actual LDAP bits:
* include/kdb.h (krb5_db_entry_new): Add MASK field indicating what's
changed.
(KRB5_KDB_SRV_TYPE_*): New macros indicating which type of service is
accessing the database.
* lib/kadm5/srv/svr_principal.c: Set mask field.
* lib/kadm5/srv/server_misc.c, server_init.c: Pass service type to
krb5_db_open.
* kadmin/dbutil/kdb5_stash.c (kdb5_stash): Pass service type to
krb5_db_open.
* kadmin/dbutil/kdb5_util.c (open_db_and_mkey): Pass service type to
krb5_db_open.
* kdc/main.c (init_realm): Pass service type to krb5_db_open.
* lib/kadm5/srv/svr_principal.c: Set mask field.
* kadmin/dbutil/dump.c (load_db): Pass service type to krb5_db_open.
* lib/kdb/kdb5.h (KRB5_KDB_SRV_TYPE_*): New macros.
* lib/kdb/err_handle.{c,h}: Deleted.
* lib/kadm5/clnt/err_handle.{c,h}: Deleted.
(krb5_db_clr_error): Declaration deleted.
* lib/kdb/Makefile.in, lib/kadm5/clnt/Makefile.in: Don't build them.
* lib/kdb/kdb5.c, lib/kadm5/clnt, lib/kadm5/srv: Use new error-message API.
* kdc/do_tgs_req.c (process_tgs_req): Use new error-message API.
* kdc/kdc_preauth.c (check_padata)
* kdc/do_as_req.c (process_as_req):
* kdc/main.c (init_realm):
* kadmin/server/ovsec_kadmd.c (main, do_schpw):
* schpw.c (process_chpw_request):
* kadmin/server/server_stubs.c:
* kadmin/cli/kadmin.c (extended_com_err_fn): New function.
(kadmin_startup): Tell com_err library to use it, for kadmin.local.
* lib/kdb/libkdb5.exports: Don't export krb5_db_clr_error.
* lib/kdb/Makefile.in: (SRCS, STLIBOBJS): Don't build err_handle.c.
* lib/kdb/kdb5.c (kdb_load_library): Don't pass argument to init_library.
(krb5_db_clr_error): Function deleted.
* lib/kdb/kdb5.h (struct _kdb_vftabl): Remove argument from init_library field.
* lib/kadm5/logger.c (krb5_klog_init): Save the krb5_context pointer.
(klog_com_err_proc): Use it, and call new error-message API.
* lib/kadm5/srv/svr_principal.c: Use new error-message API.
* kadmin/dbutil/kdb5_util.c (extended_com_err_fn): New function.
(main): Tell com_err library to use it.
* plugins/kdb/db2: Use new error-message APIs and updated DAL
interface.
* lib/kadm5/kadm_rpc.h: Delete err_str fields.
* lib/kadm5/kadm_rpc_xdr.c: Don't process them.
* kadmin/server/server_stubs.c: Don't use ret.err_str field.
Sam Hartman [Tue, 11 Apr 2006 21:28:48 +0000 (21:28 +0000)]
Remove ChangeLog files from the source tree. From now on, the
subversion commit log entry needs to include information that would
have been in the changelog.
projects / thirdparty / krb5.git / log
