krb5.git/src/include, branch master MIT Kerberos patches Define k5-platform.h wrapper for strerror_r 2014-07-08T23:19:24+00:00 Greg Hudson ghudson@mit.edu 2014-07-05T14:14:34+00:00 6351586a771e9a99e1e946cc9a0b6a87bbb14094 On systems where strerror_r is not the POSIX version, define it to k5_strerror_r. Implement k5_strerror_r in libkrb5support using strerror_s, strerror, or the GNU strerror_r as appropriate. ticket: 7961 
On systems where strerror_r is not the POSIX version, define it to
k5_strerror_r.  Implement k5_strerror_r in libkrb5support using
strerror_s, strerror, or the GNU strerror_r as appropriate.

ticket: 7961
Don't depend on sa_len sockaddr field 2014-07-04T19:14:02+00:00 Greg Hudson ghudson@mit.edu 2014-07-03T16:17:25+00:00 1fde9a67030845d3cae0661595f5737a4db8b9dd In socket-utils.h, replace the socklen macro with an inline function sa_socklen which always uses the address family, even on platforms with the sa_len sockaddr field. This removes the need to set sa_len in socket addresses we construct. 
In socket-utils.h, replace the socklen macro with an inline function
sa_socklen which always uses the address family, even on platforms
with the sa_len sockaddr field.  This removes the need to set sa_len
in socket addresses we construct.
Add a family-independent bindresvport_sa function 2014-06-27T23:36:40+00:00 Andreas Schneider asn@samba.org 2014-05-27T17:47:22+00:00 0d04b60d159ab83b943e43802b1449a3b074bc83 This functions allows you to pass IPv4 and IPv6 addresses. If no address is given, t will determine the family by checking the socket with getsockname. [ghudson@mit.edu: clarified commit message, split out setport helper, squashed with next commit, minimized code changes from old bindresvport, used socket-utils.h helpers] ticket: 7935 (new) 
This functions allows you to pass IPv4 and IPv6 addresses.  If no
address is given, t will determine the family by checking the socket
with getsockname.

[ghudson@mit.edu: clarified commit message, split out setport helper,
squashed with next commit, minimized code changes from old
bindresvport, used socket-utils.h helpers]

ticket: 7935 (new)
Add socket-utils.h helpers for ports 2014-06-27T23:36:39+00:00 Greg Hudson ghudson@mit.edu 2014-06-07T19:16:23+00:00 ddc1c61566cc5ececc5678088f0761ce2da61ee4 Add sa_setport, sa_getport, and sa_is_inet helpers for conveniently manipulating port numbers on IPv4 and IPv6 socket addresses. 
Add sa_setport, sa_getport, and sa_is_inet helpers for conveniently
manipulating port numbers on IPv4 and IPv6 socket addresses.
Tidy up k5-int.h variable name constants 2014-06-16T22:40:21+00:00 Greg Hudson ghudson@mit.edu 2014-06-13T17:52:55+00:00 d4332d0f778b55ccd5ddb05a4cd0b96354da9f39 Fix three mismatched constant names, and properly alphabetize and columnize the lists of definitions. No functional changes. 
Fix three mismatched constant names, and properly alphabetize and
columnize the lists of definitions.  No functional changes.
Define k5_setmsg internal alias 2014-06-05T15:21:17+00:00 Greg Hudson ghudson@mit.edu 2014-05-24T15:38:42+00:00 06b91d1e2341601e5bdc70a15737187545d68196 This is just a shorter internal name for krb5_set_error_message. The full name is so long that we have to wrap error messages more than we'd like. 
This is just a shorter internal name for krb5_set_error_message.  The
full name is so long that we have to wrap error messages more than
we'd like.
Remove DEBUG_ERROR_LOCATIONS support 2014-06-05T15:21:16+00:00 Greg Hudson ghudson@mit.edu 2014-05-24T15:35:30+00:00 ba2879ca8f8ba84d2431a9a40de4ac7ee1e758f8 It wasn't being used and it added too much complexity to the error-handling functions. 
It wasn't being used and it added too much complexity to the
error-handling functions.
Check names in the server's cert when using KKDCP 2014-06-02T22:38:54+00:00 Nalin Dahyabhai nalin@dahyabhai.net 2014-04-17T21:19:03+00:00 f7825e81b1ebf533c1dba9f84ae9ad36073a89cf When we connect to a KDC using an HTTPS proxy, check that the naming information in the certificate matches the name or address which we extracted from the server URL in the configuration. ticket: 7929 
When we connect to a KDC using an HTTPS proxy, check that the naming
information in the certificate matches the name or address which we
extracted from the server URL in the configuration.

ticket: 7929
Load custom anchors when using KKDCP 2014-06-02T22:09:47+00:00 Nalin Dahyabhai nalin@dahyabhai.net 2014-04-17T21:17:13+00:00 f220067c2969aab107bd1300ad1cb8d4855389a7 Add an http_anchors per-realm setting which we'll apply when using an HTTPS proxy, more or less mimicking the syntax of its similarly-named PKINIT counterpart. We only check the [realms] section, though. ticket: 7929 
Add an http_anchors per-realm setting which we'll apply when using an
HTTPS proxy, more or less mimicking the syntax of its similarly-named
PKINIT counterpart.  We only check the [realms] section, though.

ticket: 7929
HTTPS transport (Microsoft KKDCPP implementation) 2014-06-02T21:59:14+00:00 Nalin Dahyabhai nalin@dahyabhai.net 2014-04-24T20:30:56+00:00 d950809ff49e3e7603594186d77135a09ab6b1b2 Add an 'HTTPS' transport type which connects to an [MS-KKDCP] proxy server using HTTPS to communicate with a KDC. The KDC's name should take the form of an HTTPS URL (e.g. "https://proxybox/KdcProxy"). An HTTPS connection's encryption layer can be reading and writing when the application layer is expecting to write and read, so the HTTPS callbacks have to handle being called multiple times. [nalin@redhat.com: use cleanup labels, make sure we always send the realm name, keep a copy of the URI on-hand, move most of the conditionally-compiled sections into their own conditionally-built functions, break out HTTPS request formatting into a helper function, handle the MS-KKDCP length bytes, update comments to mention specific versions of the MS-KKDCP spec, differentiate TCP and HTTP trace messages, trace unparseable responses] ticket: 7929 
Add an 'HTTPS' transport type which connects to an [MS-KKDCP] proxy
server using HTTPS to communicate with a KDC.  The KDC's name should
take the form of an HTTPS URL (e.g. "https://proxybox/KdcProxy").

An HTTPS connection's encryption layer can be reading and writing when
the application layer is expecting to write and read, so the HTTPS
callbacks have to handle being called multiple times.

[nalin@redhat.com: use cleanup labels, make sure we always send the
 realm name, keep a copy of the URI on-hand, move most of the
 conditionally-compiled sections into their own conditionally-built
 functions, break out HTTPS request formatting into a helper function,
 handle the MS-KKDCP length bytes, update comments to mention specific
 versions of the MS-KKDCP spec, differentiate TCP and HTTP trace
 messages, trace unparseable responses]

ticket: 7929