Age | Commit message (Collapse) | Author | Files | Lines |
|
Cherry-picked from Luke's authdata branch.
ticket: 6559
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22732 dc483132-0cff-0310-8789-dd5450dbe970
|
|
password to stderr. Cherry-picked from Luke's s4u branch since it's
an unrelated change.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22719 dc483132-0cff-0310-8789-dd5450dbe970
|
|
gss_krb5int_copy_ccache was iterating over credentials in a ccache
without freeing them.
ticket: 6558
tags: pullup
target_version: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22718 dc483132-0cff-0310-8789-dd5450dbe970
|
|
In the presence of aliases, LDAP iteration was supplying the first
principal it found within the expected realm, which is not necessarily
the same as the canonical name. If the entry has a canonical name
field, use that in preference to any of the principal names.
ticket: 6557
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22710 dc483132-0cff-0310-8789-dd5450dbe970
|
|
hmac/md5/md4/sha1/rc4/des/des3(w/o iov)
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22709 dc483132-0cff-0310-8789-dd5450dbe970
|
|
In the LDAP back end, return aliases when the CLIENT_REFERRALS_ONLY
flag isn't set (abusing that flag to recognize a client name lookup).
Based on a patch from Luke Howard.
ticket: 6556
target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22708 dc483132-0cff-0310-8789-dd5450dbe970
|
|
make system to handle new crypto implementations
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22707 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22692 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22691 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22688 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22687 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Use "perror" instead of "error" to ensure that framework error
conditions actually cause "make check" to report failure.
ticket: 6553
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22648 dc483132-0cff-0310-8789-dd5450dbe970
|
|
using BSD options with ps, they should not be prefixed with a '-';
second, the Linux ps supports both BSD and System V options, so change
the structure of the tests not to warn when both forms work.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22647 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kadm5_get_principal without a mask argment. This was causing many
lib/kadm5 tests to fail, but the failures weren't being recorded
properly, so "make check" was still exiting successfully.
ticket: 6544
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22646 dc483132-0cff-0310-8789-dd5450dbe970
|
|
causing unparse_keyblocks() to get stack garbage as num_keys when
num_var was "null", thus overrunning the end of the array.
ticket: 6544
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22645 dc483132-0cff-0310-8789-dd5450dbe970
|
|
kinit -C (canonicalize name) and -E (enterprise principal name)
weren't documented in the man page.
ticket: 6552
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22644 dc483132-0cff-0310-8789-dd5450dbe970
|
|
later, since it leaks memory on fixed glibc versions. We will still
leak memory on glibc 2.3.4 through 2.3.6 (e.g. RHEL 4) but that's
harder to detect.
ticket: 6534
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22643 dc483132-0cff-0310-8789-dd5450dbe970
|
|
If the underlying mechanism's accept_sec_context returns an error, the
spnego accept_sec_context was leaving allocated data in
*context_handle, which is incorrect for the first call according to
RFC 2744.
Fix this by mirroring some code from the spnego init_sec_context,
which always cleans up the half-constructed context in case of error.
This is allowed (though not encouraged) by RFC 2744 for second and
subsequent calls; since we were already doing it in init_sec_context,
it seems simpler to do that than keep track of whether this is a first
call or not.
ticket: 6551
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22636 dc483132-0cff-0310-8789-dd5450dbe970
|
|
that there will always be only one version of each name in the include
path (namely, the copy made in the build tree, or the generated db.h
if not using the in-tree one). This should fix some minor problems
with different dependency lists generated on different systems.
Sort and uniquify dependency header names before doing substitutions,
as well as after. Look for the db2 headers listed in sorted order.
Don't copy db-ndbm.h into the build tree; let libdb2 find it from the
source tree only.
Update dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22572 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22571 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22570 dc483132-0cff-0310-8789-dd5450dbe970
|
|
conditionals, based on a variable initialized based on the
compile-time conditional (but probably eventually set from the config
file or command line).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22569 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22568 dc483132-0cff-0310-8789-dd5450dbe970
|
|
invocations. No functional changes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22534 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6547
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22528 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Add krb5_context parameters to all kadm5 initialization functions.
This allows extended error information to be retrieved by the caller
when an error is returned.
ticket: 6547
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22527 dc483132-0cff-0310-8789-dd5450dbe970
|
|
unused file svr_misc_free.c.
ticket: 6544
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22523 dc483132-0cff-0310-8789-dd5450dbe970
|
|
old one was removed in r22521.
ticket: 6544
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22522 dc483132-0cff-0310-8789-dd5450dbe970
|
|
The kadmin v1 API and the even older ovsec_kadm_* API were legacy when
kadmin was first incorporated in 1996, and compatibility with them is
no longer believed to be necessary.
The uninstalled kadmin/passwd has been removed (since it used the ovsec
API). The test suite has been updated to use the v2 API where
appropriate, and the parts specifically designed to test the old API
have been excised.
ticket: 6544
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22521 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22520 dc483132-0cff-0310-8789-dd5450dbe970
|
|
user() was replying to the user command and then calling login(),
which could send a continuation reply if it fails to chdir to the
user's homedir. Continuation replies must come before the actual
reply; the mis-ordering was causing ftp and ftpd to deadlock. To fix
the bug, invoke login() before reply() so that the continuation reply
comes first.
ticket: 6543
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22519 dc483132-0cff-0310-8789-dd5450dbe970
|
|
.
r22530@squish: raeburn | 2009-08-12 13:55:57 -0400
Change KRBCONF_KDC_MODIFIES_KDB to a mostly run-time option.
Change all code conditionals to test a new global variable, the
initial value of which is based on KRBCONF_KDC_MODIFIES_KDB. There is
currently no way to alter the value from the command line; that will
presumably be desired later.
Change initialize_realms to store db_args in a global variable. In
process_as_req, call db_open instead of the old set_name + init.
Don't reopen if an error is reported by krb5_db_fini.
Add a test of running kinit with an incorrect password, to trigger a
kdb update if enabled.
r22531@squish: raeburn | 2009-08-12 13:58:13 -0400
Fix trailing whitespace.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22518 dc483132-0cff-0310-8789-dd5450dbe970
|
|
plucking object files from other directories (we don't know for sure
what extension to use), so build an nfold.o in this directory from the
nfold.c in the ../krb source directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22517 dc483132-0cff-0310-8789-dd5450dbe970
|
|
When processing DNS names or MS UPNs in pkinit certs, disallow
embedded null characters.
ticket: 6542
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22516 dc483132-0cff-0310-8789-dd5450dbe970
|
|
instead of the whole request.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22515 dc483132-0cff-0310-8789-dd5450dbe970
|
|
pkinit_srv.c, only declare static functions when necessary for forward
references (as is consistent with the other pkinit sources). Remove
the empty functions pkinit_init_client_profile and
pkinit_fini_client_profile.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22514 dc483132-0cff-0310-8789-dd5450dbe970
|
|
safety.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22513 dc483132-0cff-0310-8789-dd5450dbe970
|
|
besides picking a subsidiary function based on the (constant) input
argument. Remove the associated constants from pkinit.h as well. No
functional change.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22512 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r22406. Build kdb5_util's getdate from the kadmin/cli getdate
source, instead of borrowing the object file from the kadmin/cli
build directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22501 dc483132-0cff-0310-8789-dd5450dbe970
|
|
build directory, not the source directory. Remove the nfold object
from the t_encrypt dependency list since we don't directly use it in
the linking rule.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22489 dc483132-0cff-0310-8789-dd5450dbe970
|
|
remember to print newlines.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22488 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22487 dc483132-0cff-0310-8789-dd5450dbe970
|
|
files can make it difficult to build the tree. To do this, make the
depends target depend on generated header files and on header file
copies or links into the main include directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22486 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r22477 didn't work for me.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22482 dc483132-0cff-0310-8789-dd5450dbe970
|
|
source tree (where it lives) instead of the cwd.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22481 dc483132-0cff-0310-8789-dd5450dbe970
|
|
slash from lib/crypto/krb as it breaks Makefile auto-regeneration.
While here, wrap the list to fit within 80 columns and use tab indents
to match the surrounding lines.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22480 dc483132-0cff-0310-8789-dd5450dbe970
|
|
functionality. Move Kerberos specific files into krb subdir and MIT specific - into builtin subdir. Place all tests into crypto_tests subfolder.
bigredbutton: whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22477 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22476 dc483132-0cff-0310-8789-dd5450dbe970
|
|
of the macros defined there, as well as in many source files which do
not themselves include <assert.h>. Report and fix by Rainer Weikusat.
ticket: 6533
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22475 dc483132-0cff-0310-8789-dd5450dbe970
|
|
k5_pac_verify_server_checksum was leaking memory when the checksum was valid.
t_pac.c: Fix memory leak by forgetting to release memory.
ticket: 6541
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22474 dc483132-0cff-0310-8789-dd5450dbe970
|