krb5.git/src/lib/krb5/os, branch gss_cs MIT Kerberos patches Remove unused krb5_context fields 2013-12-18T17:16:23+00:00 Greg Hudson ghudson@mit.edu 2013-12-18T16:59:56+00:00 c91f2a285e77e71bd283483d583c68e76eb3a0dd The vtbl and locate_fptrs fields were ostensibly related to the locate pluggable interface, but weren't actually used. 
The vtbl and locate_fptrs fields were ostensibly related to the locate
pluggable interface, but weren't actually used.
Don't require krb5.conf without KRB5_DNS_LOOKUP 2013-12-16T22:09:00+00:00 Greg Hudson ghudson@mit.edu 2013-12-16T22:09:00+00:00 f7f6403626f26ff7fe7ec1dc5691e5923c8fea93 For a long time we have allowed krb5 contexts to be initialized in the absence of krb5.conf--but only if KRB5_DNS_LOOKUP is defined, presumably on the theory that no KDCs could be contacted without either DNS support or profile configuration. But locate plugins could provide the ability to find KDCs, and some libkrb5 operations (such as IAKERB initiation) could succeed without needing to locate KDCs. Also get rid of the profile_in_memory context flag, since we don't use it any more. 
For a long time we have allowed krb5 contexts to be initialized in the
absence of krb5.conf--but only if KRB5_DNS_LOOKUP is defined,
presumably on the theory that no KDCs could be contacted without
either DNS support or profile configuration.  But locate plugins could
provide the ability to find KDCs, and some libkrb5 operations (such as
IAKERB initiation) could succeed without needing to locate KDCs.

Also get rid of the profile_in_memory context flag, since we don't use
it any more.
Allow ":port" suffixes in sn2princ hostnames 2013-12-12T04:56:35+00:00 Greg Hudson ghudson@mit.edu 2013-12-08T23:05:26+00:00 23a2a3d2f2c5f3ba3393aeca4908d2b2cb0bbe65 MSSQLSvc principal names can contain a ":port" or ":instance" trailer on the hostname part. If we see that in the hostname argument of krb5_sname_to_principal(), remove it before canonicalizing the hostname and put it back on afterwards. ticket: 7795 (new) 
MSSQLSvc principal names can contain a ":port" or ":instance" trailer
on the hostname part.  If we see that in the hostname argument of
krb5_sname_to_principal(), remove it before canonicalizing the
hostname and put it back on afterwards.

ticket: 7795 (new)
Modernize sn2princ.c 2013-12-12T04:56:34+00:00 Greg Hudson ghudson@mit.edu 2013-12-03T21:19:35+00:00 1f728b9333401fd4b8c8a9bbb63cb125d53cd5c8 Refactor and edit sn2princ.c to match current coding style. No behavior changes, except to be less chatty in trace logs. 
Refactor and edit sn2princ.c to match current coding style.  No
behavior changes, except to be less chatty in trace logs.
Add a flag to prevent all host canonicalization 2013-09-06T05:02:28+00:00 Greg Hudson ghudson@mit.edu 2013-09-05T22:30:02+00:00 60edb321af64081e3eb597da0256faf117c9c441 If dns_canonicalize_hostname is set to false in [libdefaults], krb5_sname_to_principal will not canonicalize the hostname using either forward or reverse lookups. ticket: 7703 (new) 
If dns_canonicalize_hostname is set to false in [libdefaults],
krb5_sname_to_principal will not canonicalize the hostname using
either forward or reverse lookups.

ticket: 7703 (new)
Move utility functions to hostrealm.c 2013-08-15T16:39:58+00:00 Greg Hudson ghudson@mit.edu 2013-08-05T20:05:27+00:00 4f7f1fce6edca17db625d76c1f81ea098f29c313 Move the remaining internal functions from hst_realm.c to hostrealm.c, and get rid of hst_realm.c. ticket: 7687 
Move the remaining internal functions from hst_realm.c to hostrealm.c,
and get rid of hst_realm.c.

ticket: 7687
Use hostrealm interface for realm mapping 2013-08-15T16:39:57+00:00 Greg Hudson ghudson@mit.edu 2013-08-05T19:57:29+00:00 db21244a069e581a392dff5b320e758e06a28e4d Reimplement krb5_get_host_realm, krb5_get_fallback_host_realm, and krb5_get_default_realm in terms of the hostrealm interface. Three built-in modules (dns, domain, and profile) implement the current behavior. ticket: 7687 
Reimplement krb5_get_host_realm, krb5_get_fallback_host_realm, and
krb5_get_default_realm in terms of the hostrealm interface.  Three
built-in modules (dns, domain, and profile) implement the current
behavior.

ticket: 7687
Remove KRB5_DNS_LOOKUP_KDC 2013-08-14T21:31:55+00:00 Ben Kaduk kaduk@mit.edu 2013-08-14T19:47:03+00:00 e7b3a8cad4dcd6f52d094e81595aa4aee817e898 It has been unconditionally activated by all supported build systems for almost two years, and no complaints or issues have been reported. In particular, aclocal.m4 has had an unconditional AC_DEFINE() since 3d708e55 in 2003, and win-pre.in has unconditionally set KRB5_USE_DNS_KDC since 17ffebf7 in 2011. While here, simplify some other DNS conditionals in win-pre.in where only one branch was ever taken. ticket: 7691 (new) 
It has been unconditionally activated by all supported build systems
for almost two years, and no complaints or issues have been reported.
In particular, aclocal.m4 has had an unconditional AC_DEFINE() since
3d708e55 in 2003, and win-pre.in has unconditionally set KRB5_USE_DNS_KDC
since 17ffebf7 in 2011.

While here, simplify some other DNS conditionals in win-pre.in where
only one branch was ever taken.

ticket: 7691 (new)
Fix localauth memory leak 2013-08-12T19:26:21+00:00 Greg Hudson ghudson@mit.edu 2013-08-12T19:17:20+00:00 37eb601a1294244b179cb0e6e6cfb4a16709ccfa localauth modules were not freed by krb5_free_context(), causing a memory leak. 
localauth modules were not freed by krb5_free_context(), causing a
memory leak.
Add trace logging for TXT lookups 2013-08-12T18:29:28+00:00 Greg Hudson ghudson@mit.edu 2013-08-12T18:29:28+00:00 161fec8b48c82d19b04ebdace6ea214a84ce8027 Rename krb5_try_realm_txt_rr (an internal function despite the name) and add a context parameter. Generate trace logs when we successfully look up a record and when a record is not found. 
Rename krb5_try_realm_txt_rr (an internal function despite the name)
and add a context parameter.  Generate trace logs when we successfully
look up a record and when a record is not found.