2005-05-07 Love Hörnquist Åstrand <lha@it.su.se>
* lib/krb5/addr_families.c (krb5_print_address): catch when the
- unknown adress don't fit. From Björn Sandell <biorn@dce.chalmers.se>
+ unknown address don't fit. From Björn Sandell <biorn@dce.chalmers.se>
2005-05-05 Dave Love <d.love@dl.ac.uk>
* lib/krb5/pac.c: Almost enough code to do PAC parsing and
verification, missing in the unix2NTTIME and ucs2 corner. The
- later will be adressed by finally adding libwind.
+ later will be addressed by finally adding libwind.
* lib/krb5/krb5_init_context.3: document krb5_[gs]et_max_time_skew
* lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION
* lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE
- failes to produce the matching lenghts.
+ failes to produce the matching lengths.
2006-01-27 Love Hörnquist Åstrand <lha@it.su.se>
2007-06-28 Love Hörnquist Åstrand <lha@it.su.se>
- * kdc/digest.c: On success, print username, not ip-adress.
+ * kdc/digest.c: On success, print username, not ip-address.
2007-06-26 Love Hörnquist Åstrand <lha@it.su.se>
#!/unix
-* kernel extentions used to get the pag
+* kernel extensions used to get the pag
kafs_syscall syscall
/*
* dpagaix.c
- * On AIX we need to get the kernel extentions
+ * On AIX we need to get the kernel extensions
* with the DFS kafs_syscall in it.
* We might be running on a system
* where DFS is not active.
if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then
CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files"
fi
-if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no; then
+if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no && test -n "$ac_cv_sys_file_offset_bits"; then
CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits"
fi
])
subjectAltName otherName using OID id-pkinit-san (1.3.6.1.5.2.2) in
the type field and a DER encoded KRB5PrincipalName that matches the
name of the TGS of the target realm. Also, if the certificate has a
-nameConstraints extension with a Generalname with dNSName or iPAdress,
-it must match the hostname or adress of the KDC.
+nameConstraints extension with a Generalname with dNSName or iPAddress,
+it must match the hostname or address of the KDC.
The client is not required by the standard to check the server
certificate for this information if the client has external
krb5_warnx(context, "some keys for %s are corrupted in the HDB",
unparsed);
}
- keys = calloc(sizeof(*keys), princ.n_key_data);
+ keys = calloc(princ.n_key_data, sizeof(*keys));
if (keys == NULL) {
ret = krb5_enomem(context);
goto out;
if (ret)
goto out;
- keys = calloc(sizeof(*keys), n_k);
+ keys = calloc(n_k, sizeof(*keys));
if (keys == NULL) {
ret = krb5_enomem(context);
goto out;
krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
{
#ifdef PKINIT
+ if (config->enable_pkinit) {
#ifdef __APPLE__
- config->enable_pkinit = 1;
-
- if (config->pkinit_kdc_identity == NULL) {
- if (config->pkinit_kdc_friendly_name == NULL)
- config->pkinit_kdc_friendly_name =
- strdup("O=System Identity,CN=com.apple.kerberos.kdc");
- config->pkinit_kdc_identity = strdup("KEYCHAIN:");
- }
- if (config->pkinit_kdc_anchors == NULL)
- config->pkinit_kdc_anchors = strdup("KEYCHAIN:");
-
+ if (config->pkinit_kdc_identity == NULL) {
+ if (config->pkinit_kdc_friendly_name == NULL)
+ config->pkinit_kdc_friendly_name =
+ strdup("O=System Identity,CN=com.apple.kerberos.kdc");
+ config->pkinit_kdc_identity = strdup("KEYCHAIN:");
+ }
+ if (config->pkinit_kdc_anchors == NULL)
+ config->pkinit_kdc_anchors = strdup("KEYCHAIN:");
#endif /* __APPLE__ */
- if (config->enable_pkinit) {
if (config->pkinit_kdc_identity == NULL)
krb5_errx(context, 1, "pkinit enabled but no identity");
goto out;
}
free_EncryptedData(&enc_data);
+ if (ret) {
+ goto out;
+ }
ret = decode_PA_ENC_TS_ENC(ts_data.data,
ts_data.length,
&p,
unsigned int i;
int claim = 0;
- r = calloc(sizeof(*r), 1);
+ r = calloc(1, sizeof(*r));
if (!r)
return krb5_enomem(context);
return process_request(context, config, 0, buf, len, reply, prependlength,
from, addr, datagram_reply);
}
-
+
/*
* handle the request in `buf, len', from `addr' (or `from' as a string),
* sending a reply in `reply'.
* gen.c: Add struct units; as a forward declaration. Pointed out
by Marcus Watts.
- * rfc2459.asn1: Netscape extentions
+ * rfc2459.asn1: Netscape extensions
* Makefile.am: add U.S. Federal PKI Common Policy Framework
typedef LONG heim_base_once_t;
#define HEIM_BASE_ONCE_INIT 0
#elif defined(HAVE_DISPATCH_DISPATCH_H)
-typedef long heim_base_once_t; /* XXX arch dependant */
+typedef long heim_base_once_t; /* XXX arch dependent */
#define HEIM_BASE_ONCE_INIT 0
#elif defined(ENABLE_PTHREAD_SUPPORT)
typedef pthread_once_t heim_base_once_t;
#define HEIM_BASE_ONCE_INIT PTHREAD_ONCE_INIT
#else
-typedef long heim_base_once_t; /* XXX arch dependant */
+typedef long heim_base_once_t; /* XXX arch dependent */
#define HEIM_BASE_ONCE_INIT 0
#endif
memcpy (output_name_buffer->value, buf, len);
((char *)output_name_buffer->value)[len] = '\0';
free (buf);
- if (output_name_type)
- *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
+ if (output_name_type) {
+ if (krb5_principal_is_anonymous(context, name, 0))
+ *output_name_type = GSS_C_NT_ANONYMOUS;
+ else
+ *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
+ }
*minor_status = 0;
return GSS_S_COMPLETE;
}
_mg_buffer_zero(output_token);
if (!*context_handle) {
- ctx = calloc(sizeof(*ctx), 1);
+ ctx = calloc(1, sizeof(*ctx));
if (!ctx) {
*minor_status = ENOMEM;
return (GSS_S_DEFECTIVE_TOKEN);
/*
* If we get here, then we have a complete token. Please note
* that we may have a major_status of GSS_S_DEFECTIVE_TOKEN. This
- *
+ *
*/
initial = ctx->gc_initial;
mech_ret_flags &=
~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG);
} else if ((m->gm_flags & GM_USE_MG_CRED) != 0) {
- /*
+ /*
* If credential is uses mechglue cred, assume it
* returns one too.
*/
struct _gss_name *name2 = (struct _gss_name *) name2_arg;
/*
- * First check the implementation-independant name if both
+ * First check the implementation-independent name if both
* names have one. Otherwise, try to find common mechanism
* names and compare them.
*/
# * Confirmed by SU's erstwhile registrar, Leif Johansson <leifj at sunet.se>,
# * as well as by SU's current registrar (through Leif), as:
# *
-# * 1.2.752.43.13 Namn Heimdal GSS-API extentions
+# * 1.2.752.43.13 Namn Heimdal GSS-API extensions
# * Beskrivning OIDar för användning av Heimdal projektet
# * 1.2.752.43.14 Namn Heimdal GSS-API mechs
# * Beskrivning OIDar för användning av Heimdal projektet
number == 654321
\end{alltt}
-\subsection{Long Constants - platform dependant}
+\subsection{Long Constants - platform dependent}
\index{mp\_set\_l} \index{mp\_set\_ul}
\begin{alltt}
This will return the least significant bits of the mp\_int $a$ that fit into a ``long''.
-\subsection{Long Long Constants - platform dependant}
+\subsection{Long Long Constants - platform dependent}
\index{mp\_set\_ll} \index{mp\_set\_ull}
\begin{alltt}
* hx509_err.et: Add HX509_CRL_UNKNOWN_EXTENSION.
- * revoke.c: Check for unknown extentions in CRLs and CRLEntries.
+ * revoke.c: Check for unknown extensions in CRLs and CRLEntries.
* test_nist.in: Parse new format to handle CRL info.
* version-script.map: version script fro kadm5 server libary.
- * log.c: only free the orignal entries extentions if there was
+ * log.c: only free the orignal entries extensions if there was
any. Bug reported by Peter Meinecke.
* add configuration for signal file and acl file, let user select
version from kafs_settoken to kafs_settoken_rxkad
(_kafs_fixup_viceid): move the fixup the timestamp to make client
happy code here.
- (_kafs_v4_to_kt): move all the kerberos 4 dependant parts from
+ (_kafs_v4_to_kt): move all the kerberos 4 dependent parts from
kafs_settoken here.
(*): adapt to kafs_token
* kafs_locl.h: include krb5-v4compat.h if needed, define an
internal structure struct kafs_token that carries around for rxkad
- data that is independant of kerberos version
+ data that is independent of kerberos version
2003-02-18 Love Hörnquist Åstrand <lha@it.su.se>
* HPUX 10.10 /opt/dce/include/dcedfs/syscall.h
* Solaris 2.5 /opt/dcelocal/share/include/dcedfs/syscall.h
* AIX 4.2 - needs some funny games with load and kafs_syscall
- * to get the kernel extentions. There should be a better way!
+ * to get the kernel extensions. There should be a better way!
*
* DEE 5/27/97
*
}
/**
- * Variable containing the API based credential cache implemention.
+ * Variable containing the API based credential cache implementation.
*
* @ingroup krb5_ccache
*/
* @param context a Keberos context
* @param af address family
* @param sa sockaddr
- * @param sa_size lenght of sa.
+ * @param sa_size length of sa.
* @param port for to fill into sa.
*
* @return Return an error code or 0.
*
* @param context a Keberos context
* @param dest destination of copy operation
- * @param source adresses that are going to be added to dest
+ * @param source addresses that are going to be added to dest
*
* @return Return an error code or 0.
*
* the client's address list when communicating with the KDC.
*
* @param context Kerberos 5 context.
- * @param addresses addreses to add
+ * @param addresses addresses to add
*
* @return Returns 0 to indicate success. Otherwise an kerberos et
* error code is returned, see krb5_get_error_message().
* the client's address list when communicating with the KDC.
*
* @param context Kerberos 5 context.
- * @param addresses addreses to set
+ * @param addresses addresses to set
*
* @return Returns 0 to indicate success. Otherwise an kerberos et
* error code is returned, see krb5_get_error_message().
* the client's address list when communicating with the KDC.
*
* @param context Kerberos 5 context.
- * @param addresses addreses to set
+ * @param addresses addresses to set
*
* @return Returns 0 to indicate success. Otherwise an kerberos et
* error code is returned, see krb5_get_error_message().
* underlaying operating system.
*
* @param context Kerberos 5 context.
- * @param addresses addreses to ignore
+ * @param addresses addresses to ignore
*
* @return Returns 0 to indicate success. Otherwise an kerberos et
* error code is returned, see krb5_get_error_message().
* underlaying operating system.
*
* @param context Kerberos 5 context.
- * @param addresses addreses to ignore
+ * @param addresses addresses to ignore
*
* @return Returns 0 to indicate success. Otherwise an kerberos et
* error code is returned, see krb5_get_error_message().
* underlaying operating system.
*
* @param context Kerberos 5 context.
- * @param addresses list addreses ignored
+ * @param addresses list addresses ignored
*
* @return Returns 0 to indicate success. Otherwise an kerberos et
* error code is returned, see krb5_get_error_message().
/**
- * Variable containing the DIR based credential cache implemention.
+ * Variable containing the DIR based credential cache implementation.
*
* @ingroup krb5_ccache
*/
* database has expired''.
*
* This is a great improvement compared to just getting one of the unix
- * error-codes back. However, Heimdal have an extention to pass back
+ * error-codes back. However, Heimdal have an extension to pass back
* customised errors messages. Instead of getting ``Key table entry not
* found'', the user might back ``failed to find
* host/host.example.com\@EXAMLE.COM(kvno 3) in keytab /etc/krb5.keytab
* The last field of the keytab_entry structure is optional. If the size of
* the keytab_entry indicates that there are at least 4 bytes remaining,
* a 32 bit value representing the key version number is present. This
- * value supersedes the 8 bit vno8 value preceeding the keyblock.
+ * value supersedes the 8 bit vno8 value preceding the keyblock.
*
* Older keytabs with a file_format_version of 0x501 are different in
* three ways:
* Max renew time of ticket [integer optional]
* Flags [hdb flags]
* Generation number [generation optional]
- * Extensions [extentions optional]
+ * Extensions [extensions optional]
* @endcode
*
* Fields following these silently are ignored.
/**
- * Variable containing the FILE based credential cache implemention.
+ * Variable containing the FILE based credential cache implementation.
*
* @ingroup krb5_ccache
*/
krb5_data_zero(&data);
/*
- * If we are using LKDC, lets pull out the addreses from the
+ * If we are using LKDC, lets pull out the addresses from the
* ticket and use that.
*/
* out the address to forward the ticket too. This since this might
* use DNS, its insecure and also doesn't represent configured all
* addresses of the host. For example, the host might have two
- * adresses, one IPv4 and one IPv6 address where the later is not
+ * addresses, one IPv4 and one IPv6 address where the later is not
* published in DNS. This IPv6 address might be used communications
* and thus the resulting ticket useless.
*
}
/**
- * Variable containing the KCM based credential cache implemention.
+ * Variable containing the KCM based credential cache implementation.
*
* @ingroup krb5_ccache
*/
if (p[0] == '[' && (q = strchr(p, ']')) != NULL) {
/* if address looks like [foo:bar] or [foo:bar]: its a ipv6
- adress, strip of [] */
+ address, strip of [] */
memcpy(hi->hostname, &p[1], q - p - 1);
hi->hostname[q - p - 1] = '\0';
p = q + 1;
/**
- * Variable containing the MEMORY based credential cache implemention.
+ * Variable containing the MEMORY based credential cache implementation.
*
* @ingroup krb5_ccache
*/
}
/**
- * Variable containing the SCC based credential cache implemention.
+ * Variable containing the SCC based credential cache implementation.
*
* @ingroup krb5_ccache
*/
/**
* Store a data to the storage. The data is stored with an int32 as
- * lenght plus the data (not padded).
+ * length plus the data (not padded).
*
* @param sp the storage buffer to write to
* @param data the buffer to store.
return *(short *) addr == 0x25ff ? TRUE : FALSE;\r
}\r
\r
-/* Return adress from the import address table (iat),\r
+/* Return address from the import address table (iat),\r
* if the original address points to a thunk table entry.\r
*/\r
static void *get_address_from_import_address_table( void *iat, DWORD iat_size, void *addr )\r
static int master;
static int slave;
+#if defined(HAVE_OPENPTY) || defined(__osf__) || defined(STREAMSPTY)
static char line[256] = { 0 };
+#endif
static void
caught_signal(int signo)
size_t l1 = strlen(s1), l2 = strlen(s2), i, j;
int *row0, *row1, *row2, *tmp, cost;
- row0 = calloc(sizeof(int), l2 + 1);
- row1 = calloc(sizeof(int), l2 + 1);
- row2 = calloc(sizeof(int), l2 + 1);
+ row0 = calloc(l2 + 1, sizeof(int));
+ row1 = calloc(l2 + 1, sizeof(int));
+ row2 = calloc(l2 + 1, sizeof(int));
for (j = 0; j < l2 + 1; j++)
row1[j] = j;
for (j = 0; j < l2; j++) {
row2[j + 1] = row1[j] + (s1[i] != s2[j]); /* substitute */
-
+
if (row2[j + 1] > row1[j + 1] + 1) /* delete */
row2[j + 1] = row1[j + 1] + 1;
if (row2[j + 1] > row2[j] + 1) /* insert */
* Add partial support for LDAP-prep Insignificant Character Handling
* normalize.c: use generated constant for length, check for
- overruns, dont use gcc/c99 extentions
+ overruns, dont use gcc/c99 extensions
* gen-normalize.py, test-normalize.c: use generated constant for length
projects / thirdparty / samba.git / commitdiff
