| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
| |
return the real error from the slave rather than the resolution error.
ticket: 1232
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14941 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
Other routines do not expect the null to be included in the length so
policy checks fail. Also, sending the null over the wire is wrong.
ticket: 1230
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14940 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
This widely-spread commit implements support for the so-called "new"
hardware preauth protocol, defined in the IETF internet-draft
draft-ietf-krb-wg-kerberos-sam-01.txt. Note that this code is client-side
only.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14939 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Fixing an omission; previous code didn't support a negative value for the
password expiration hint (which is legal). Pointed out by Ezra Peisach.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14938 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14937 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In kerberos-clarifications, a new last-req type (6) has been specified
that indicates when a principal's password will expire. This code implements
support for this last-req type. Note that the intent is that the last-req
type will only be included by the KDC when the time until password expiration
reaches some threshold (e.g, one week), so this code will display the
password expiration anytime the last-req type is included.
ticket: 1065
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14936 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
statements to be executed.
ticket: 1218
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14935 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
initialization of variable not bypassed by goto.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14934 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
header file existance - the header file must be compilable. This
will mean that if one header depends on another, it must be
included. Test for term.h using the optional fourth argument to
AC_CHECK_HEADERS to specify include files to test.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14933 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
read_password functions still need to be updated.
* api.2/init-v2.exp (test106): Make regexp more forgiving of
variant password prompts.
* api.0/init.exp (test7, test22, test225): Make regexp more
forgiving of variant password prompts.
ticket: 1217
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14932 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
since they're in system-wide shared directories.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14931 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
kadmind, since kadmind does IPv4 only.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14930 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
support MSVC 6 and 7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14929 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
* hst_realm.c (krb5_try_realm_txt_rr): Apply patch from Nalin
Dahyabhai to bounds-check return value from res_search().
* locate_kdc.c (krb5_locate_srv_dns_1): Apply patch from Nalin
Dahyabhai to bounds-check return value from res_search().
ticket: 1216
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14928 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
instead of falling off end of function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14927 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14926 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(KRB5_AC_FORCE_STATIC): New macro. Warn if invoked after KRB5_LIB_AUX.
(KRB5_BUILD_LIBRARY_STATIC): Require it.
(CHECK_SIGPROCMASK, AC_PROG_ARCHIVE, AC_PROG_ARCHIVE_ADD, CHECK_DIRENT,
CHECK_WAIT_TYPE, CHECK_SIGNALS, KRB5_SIGTYPE, CHECK_SETJMP, WITH_KRB4, ADD_DEF,
KRB_INCLUDE, K5_GEN_MAKEFILE, _K5_GEN_MAKEFILE, K5_GEN_FILE, K5_AC_OUTPUT,
V5_AC_OUTPUT_MAKEFILE, CHECK_UTMP, WITH_NETLIB, KRB5_BUILD_LIBRARY_STATIC):
Define using AC_DEFUN instead of define.
Doesn't change the generated configure scripts except for changing (mostly
deleting) whitespace.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14925 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
(WITH_CC): Require it, and AC_PROG_CC.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14924 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
of autoconf that we deleted.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14923 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes one incompatibility introduced when
krb5_read_password was reimplemented in terms of krb5_prompter_posix.
There is a remaining incompatibility, which is krb5_prompter_posix's
appending of the string ": " following a prompt. Callers of
krb5_read_password and of des_read_password don't expect this
behavior, which results in a double colon prompt, which breaks the
libkadm5 test suite.
* read_pwd.c (krb5_read_password): Restore name of size_return.
Set *size_return after successful call to krb5_prompter_posix,
since some callers were actually checking, e.g. kadm5.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14922 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
in terms of krb5_prompter_posix.
Change motivated by the desire for echo foo |kinit -4 bar to work in
test scripts, but having one implementation of password read functions on unix is good
anyway
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14921 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
(t_hmac$(EXEEXT), t_pkcs5$(EXEEXT), vectors$(EXEEXT)): New targets.
(check-unix): Depend on and run t_hmac and t_pkcs5.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14920 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
print some of the intermediate results.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14919 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14918 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14917 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14916 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thanks, the patch has been applied and will appear in a future release.
* misc.c (chpass_principal_wrapper_3): Renamed from
chpass_principal_wrapper; calls chpass_principal_3 now.
(randkey_principal_wrapper_3): Renamed from
randkey_principal_wrapper; calls randkey_principal_3 now. Patch
from Ben Cox.
* server_stubs.c (chpass_principal_1_svc)
(chpass_principal3_1_svc): Call chpass_principal_wrapper_3.
(chrand_principal_1_svc, chrand_principal3_1_svc): Call
randkey_principal_wrapper_3. Patch from Ben Cox.
ticket: 1207
version_reported: 1.2.6
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14915 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
libkadm5 should have a way to persistently lock the databases to avoid
wasting time on closing and reopening. These patches implement
persistent exclusive locks for local access only.
ticket: new
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14914 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* asn1_get.c (asn1_get_tag_indef): Stomp on asn1class,
construction, retlen, and indef, even if we've hit the end of the
buffer, to avoid passing uninitialized values around.
* asn1_k_decode.c: Reformat somewhat and add comments to demystify
things a little.
(opt_field): Fix to explicitly check for end of subbuf before
verifying the pre-fetched tag, which may have been stomped on by
asn1_get_tag_indef() encountering end-of-buffer.
* krb5_decode.c (opt_field, opt_lenfield): Fix to explicitly check
for end of subbuf before verifying the pre-fetched tag, which may
have been stomped on by asn1_get_tag_indef() encountering
end-of-buffer.
ticket: new
target_version: 1.3
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14913 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
probably called by setting DESTDIR.
ticket: 1208
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14912 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
that order. Avoids delivery of multiple signals (HUP+TERM) to KDC
daemons when shutting down.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14911 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
avoid leaking padata.
ticket: 1206
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14910 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14909 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
for "encrypted rsh" test, to avoid zombies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14908 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
check for setup messages from daemons; this avoids a few race
conditions.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14907 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14906 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
'^\(.*\)$'.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14905 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
Intial merge of KfM des library API.
Update krb.h to use offsets from krb_err.et constants as error codes.
Fix up definitions of KRB4_32, KRB_INT32, KRB_UINT32.
ticket: 1189
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14904 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove some debugging calls.
* network.c (struct connection): New field start_time.
(tcp_data_counter, max_tcp_data_connections): New variables.
(kill_tcp_connection): New function.
(process_tcp_connection): Use it. Log reason for rejecting connection if the
requested buffer size is too large.
(accept_tcp_connection): If there are too many TCP connections already, shut
down the oldest one.
(setup_network, listen_and_process, process_tcp_connection, service_conn):
Delete debugging code.
(process_packet): Use socklen_t where appropriate.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14903 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14902 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
to get GCC to shut up about alignment increasing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14901 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 1195
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14900 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously krb5.conf in config-files only allowed des-cbc-crc; really that's getting fairly old and we should allow
all the enctypes we support.
This has been updated and a comment added indicating that if the list is removed
all enctypes are allowed by the code.
Added club.cc.cmu.edu to distributed realms list per request
ticket: new
cc: leko@MIT.EDU
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14899 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
arguments to AC_OUTPUT. This allows for generation of a single Makefile.
config/post.in: When regenerating Makefiles, invoke config.status with
only the Makefile to generate.
This completes the changes.
ticket: 1188
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14898 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14897 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14896 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
by using temporary files; this makes them safe for use in parallel builds.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14895 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 1188
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14894 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
source tree
* aclocal.m4 (V5_SET_TOPDIR): When determining the location of the
top of the source tree, stop when reach the top and aclocal.m4
file is located instead of continuing up and out of the tree.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14893 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14890 dc483132-0cff-0310-8789-dd5450dbe970
|