Greg Hudson [Sat, 14 Nov 2009 18:56:43 +0000 (18:56 +0000)]
Reindent include directory, reformatting prototypes as necessary.
Exclude include/gssrpc due to its Sun origin and k5-platform.h due to
macros too hairy for emacs c-mode to handle.
Greg Hudson [Sat, 14 Nov 2009 04:46:30 +0000 (04:46 +0000)]
Constrained delegation without PAC support
Merge Luke's users/lhoward/s4u2proxy branch to trunk. Implements a
Heimdal-compatible mechanism for allowing constrained delegation
without back-end support for PACs. Back-end support exists in LDAP
only (via a new krbAllowedToDelegateTo attribute), not DB2.
Greg Hudson [Tue, 10 Nov 2009 19:59:39 +0000 (19:59 +0000)]
In lib/krb5/keytab, ensure that function definition headers have
function names at the beginning of lines, and avoid putting open
parentheses at the beginning of lines in function prototypes.
Ken Raeburn [Mon, 9 Nov 2009 06:13:34 +0000 (06:13 +0000)]
quoting bug causes solaris pre-10 thread handling bugs
Quoting problems in pattern matching on the OS name cause Solaris
versions up through 9 to not be properly recognized in the
thread-system configuration setup. This causes our libraries to make
the erroneous assumption that valid thread support routines are
available on all Solaris systems, rather than just assuming it for
Solaris 10 and later.
The result is assertion failures like this one reported by Meraj
Mohammed and others:
Assertion failed: k5int_i->did_run != 0, file krb5_libinit.c, line 63
Thanks to Tom Shaw for noticing the cause of the problem.
The bug may be present in the 1.6.x series as well.
Ken Raeburn [Fri, 6 Nov 2009 20:17:00 +0000 (20:17 +0000)]
Change INIT_ONCE compile-time flag into a run-time option. Delete
DIRECT support; always create threads. Allow setting of test interval
and number of threads via run-time options.
Ken Raeburn [Fri, 6 Nov 2009 20:16:57 +0000 (20:16 +0000)]
Don't start by attempting to unlink replay caches by guessing
pathnames specific to my uid on MIT Athena systems. Instead, create a
replay cache object and then destroy it through the library. Tweak
the rcache-init-error messages to be specific to the instance that
failed.
Greg Hudson [Wed, 4 Nov 2009 20:16:13 +0000 (20:16 +0000)]
Remove cast-qual from the gcc warnings set; it is too common for us to
have to explicitly override const in order to implement strchr-like
functions or place pointers into read-only krb5_data objects.
Greg Hudson [Wed, 4 Nov 2009 16:31:41 +0000 (16:31 +0000)]
Restore the krb5 1.6 behavior of not retrying AS requests after
PREAUTH_FAILED errors. Among other things, this change causes
krb5_get_init_creds_opt_set_pa to act (mostly) as a constraint rather
than simply as an optimistic set of preauth types, which is the
behavior apps had been seeing prior to 1.7.
Tom Yu [Wed, 4 Nov 2009 00:21:35 +0000 (00:21 +0000)]
Correct regexps for matching emacs and cc-mode versions. In reindent
targets, chdir to SRCTOP to avoid excessive references to $(SRCTOP) in
the find script. Define new variables to avoid errors when creating
exception lists for find scripts.
Use a python script instead of elisp to mark files.
Tom Yu [Tue, 3 Nov 2009 03:14:41 +0000 (03:14 +0000)]
Monkey patch for the cc-mode that comes with emacs-23.x; that version
of cc-mode has a bug that causes incorrect indentation of case labels
containing character constants. Already fixed upstream in unreleased
cc-mode sources.
Greg Hudson [Sun, 1 Nov 2009 21:51:26 +0000 (21:51 +0000)]
Un-constify struct errinfo's msg field because it is the owner of that
memory (even though the memory is intended to be immutable during its
lifetime).
Greg Hudson [Sun, 1 Nov 2009 14:13:32 +0000 (14:13 +0000)]
Memory leak fix: in obtain_sam_padata, after claiming the contents of
the scratch data object, free the outer structure before nulling the
pointer to it.
Greg Hudson [Sun, 1 Nov 2009 02:47:58 +0000 (02:47 +0000)]
Move the implementations of four deprecated crypto functions to
old_api_glue.c. Move the prototypes of seven deprecated crypto
functions to old_api_glue.c instead of k5-int.h, since we don't use
those functions internally.
Greg Hudson [Sun, 1 Nov 2009 02:46:36 +0000 (02:46 +0000)]
Stop using deprecated krb5_encrypt_data in preauth code. Use
krb5_encrypt_helper instead. (encrypt_helper takes a key usage
instead of an ivec, but that's okay since the invocations were using
null ivecs anyway.)
Greg Hudson [Thu, 29 Oct 2009 23:00:13 +0000 (23:00 +0000)]
Add a couple of krb5_data convenience constructor functions, to
facilitate properly initializing krb5_data objects. Adjust formatting
of the existing krb5_data convenience functions and remove the #if 0
block.
Zhanna Tsitkov [Thu, 29 Oct 2009 18:46:52 +0000 (18:46 +0000)]
Files that were not picked up by svn rev #22995 commit:
Changed the crypto make system to add build flexibility. The update cancels the requirement for the dir structures to be identical in all crypto implementation and supports impl. dependent tests.
Greg Hudson [Thu, 29 Oct 2009 16:13:36 +0000 (16:13 +0000)]
Rename api.3 to api.current in the libkadm5 unit tests. This way the
main body of tests won't have to be moved every time the current API
version of libkadm5 changes.
Tom Yu [Wed, 28 Oct 2009 19:56:19 +0000 (19:56 +0000)]
New elisp file to mark C styles in files. New top-level Makefile
target "make mark-cstyle". The exception list is not final; it's just
a starting point for discussion.
Greg Hudson [Wed, 28 Oct 2009 19:17:35 +0000 (19:17 +0000)]
Bump the accessor version number since we made changes.
Take the opportunity to regularize accessor field names (no krb5 or
krb5int prefixes).
Fix a test program which was still using krb5_hmac.
Tom Yu [Tue, 27 Oct 2009 02:13:31 +0000 (02:13 +0000)]
Add "reindent" target to top-level Makefile.in. Add
krb5-batch-indent.el. These perform a batch reindent based upon the
Emacs file-local variable settings, taking care to distinguish between
files that are supposed to conform to the coding style versus those
that are marked as being exceptions. A later commit will explicitly
mark the files that we expect to conform to our coding standards.
Greg Hudson [Mon, 26 Oct 2009 02:56:34 +0000 (02:56 +0000)]
Remove the telnet-to-localhost sanity check in start_servers_local, as
the system telnet will not necessarily run correctly with
LD_LIBRARY_PATH pointing at the Kerberos libraries from the build
tree.
Greg Hudson [Sun, 25 Oct 2009 16:55:12 +0000 (16:55 +0000)]
Account lockout
Merge Luke's users/lhoward/lockout2 branch to trunk. Implements
account lockout policies for preauth-using principals using existing
principal metadata fields and new policy fields. The kadmin API
version is bumped from 2 to 3 to compatibly extend the policy_ent_rec
structure.
Zhanna Tsitkov [Fri, 23 Oct 2009 19:45:48 +0000 (19:45 +0000)]
Changed the crypto make system to add build flexibility. The update cancels the requirement for the dir structures to be identical in all crypto implementation and supports impl. dependent tests. Also, minor libk5crypto.exports list reduction ( from f_tables)
Luke Howard [Thu, 22 Oct 2009 21:00:19 +0000 (21:00 +0000)]
When iterating through the keytab in krb5_rd_req(), do not
return success if we did not find any matching keytab entries,
otherwise we will crash upon accessing ticket->enc_part2.
Luke Howard [Thu, 22 Oct 2009 20:58:37 +0000 (20:58 +0000)]
Ensure that a GSS_C_BOTH acquired for GSS_C_NO_NAME still passes
a NULL server principal to krb5_rd_req(). Without this the name
canonicalisation support in 1.7 was broken for GSS_C_BOTH
credentials, because cred->name would always be set.
projects / thirdparty / krb5.git / log
