krb5.git/src/lib/krb5, branch gss_cs MIT Kerberos patches make depend 2013-12-21T04:13:57+00:00 Greg Hudson ghudson@mit.edu 2013-12-21T04:13:57+00:00 f5d5fa24c6c58b54349351beaea8220f5ca0f3ef 






Avoid keyctl purge in keyring ccache tests
2013-12-21T04:10:03+00:00

Greg Hudson
ghudson@mit.edu

2013-12-20T20:19:06+00:00

94da4584645475272abec6259d1666e34bd59594

keyctl purge was added in keyutils 1.5 (released in March 2011).  Use
keyctl unlink to clean up keys instead, as it is more universal.

ticket: 7810
target_version: 1.12.1
tags: pullup





keyctl purge was added in keyutils 1.5 (released in March 2011).  Use
keyctl unlink to clean up keys instead, as it is more universal.

ticket: 7810
target_version: 1.12.1
tags: pullup







Set an error message when keyring get_princ fails
2013-12-21T04:10:03+00:00

Nalin Dahyabhai
nalin@dahyabhai.net

2013-12-05T18:54:09+00:00

c25fc42e8eac7350209df61e4a7b9960d17755ca

When attempting to use a keyring cache that doesn't exist, set an error
message when we fail to read a principal name, as we do when we return
the same error code when using a file ccache.

[ghudson: removed unnecessary check for d->name nullity.]

ticket: 7809
target_version: 1.12.1
tags: pullup





When attempting to use a keyring cache that doesn't exist, set an error
message when we fail to read a principal name, as we do when we return
the same error code when using a file ccache.

[ghudson: removed unnecessary check for d->name nullity.]

ticket: 7809
target_version: 1.12.1
tags: pullup







Fix typo that broke 'make clean'
2013-12-20T16:06:19+00:00

Zhanna Tsitkov
tsitkova@mit.edu

2013-12-20T16:06:19+00:00

28633f186a943721b6948875ca85a4a34bc87da4

Missing $





Missing $







Add a test program for krb5_copy_context
2013-12-18T21:56:52+00:00

Greg Hudson
ghudson@mit.edu

2013-12-18T18:08:25+00:00

b78c3c8c5025aec870d20472f80d4a652062f921

This test program isn't completely proof against the kind of mistakes
we've made with krb5_copy_context in the past, but it at least
exercises krb5_copy_context and can detect some kinds of bugs.

ticket: 7807





This test program isn't completely proof against the kind of mistakes
we've made with krb5_copy_context in the past, but it at least
exercises krb5_copy_context and can detect some kinds of bugs.

ticket: 7807







Fix krb5_copy_context
2013-12-18T21:56:52+00:00

Greg Hudson
ghudson@mit.edu

2013-12-18T20:03:03+00:00

c452644d91d57d8b05ef396a029e34d0c7a48920

krb5_copy_context has been broken since 1.8 (it broke in r22456)
because k5_copy_etypes crashes on null enctype lists.  Subsequent
additions to the context structure were not reflected in
krb5_copy_context, creating double-free bugs.  Make k5_copy_etypes
handle null input and account for all new fields in krb5_copy_context.
Reported by Arran Cudbard-Bell.

ticket: 7807 (new)
target_version: 1.12.1
tags: pullup





krb5_copy_context has been broken since 1.8 (it broke in r22456)
because k5_copy_etypes crashes on null enctype lists.  Subsequent
additions to the context structure were not reflected in
krb5_copy_context, creating double-free bugs.  Make k5_copy_etypes
handle null input and account for all new fields in krb5_copy_context.
Reported by Arran Cudbard-Bell.

ticket: 7807 (new)
target_version: 1.12.1
tags: pullup







Remove unused krb5_context fields
2013-12-18T17:16:23+00:00

Greg Hudson
ghudson@mit.edu

2013-12-18T16:59:56+00:00

c91f2a285e77e71bd283483d583c68e76eb3a0dd

The vtbl and locate_fptrs fields were ostensibly related to the locate
pluggable interface, but weren't actually used.





The vtbl and locate_fptrs fields were ostensibly related to the locate
pluggable interface, but weren't actually used.







Don't require krb5.conf without KRB5_DNS_LOOKUP
2013-12-16T22:09:00+00:00

Greg Hudson
ghudson@mit.edu

2013-12-16T22:09:00+00:00

f7f6403626f26ff7fe7ec1dc5691e5923c8fea93

For a long time we have allowed krb5 contexts to be initialized in the
absence of krb5.conf--but only if KRB5_DNS_LOOKUP is defined,
presumably on the theory that no KDCs could be contacted without
either DNS support or profile configuration.  But locate plugins could
provide the ability to find KDCs, and some libkrb5 operations (such as
IAKERB initiation) could succeed without needing to locate KDCs.

Also get rid of the profile_in_memory context flag, since we don't use
it any more.





For a long time we have allowed krb5 contexts to be initialized in the
absence of krb5.conf--but only if KRB5_DNS_LOOKUP is defined,
presumably on the theory that no KDCs could be contacted without
either DNS support or profile configuration.  But locate plugins could
provide the ability to find KDCs, and some libkrb5 operations (such as
IAKERB initiation) could succeed without needing to locate KDCs.

Also get rid of the profile_in_memory context flag, since we don't use
it any more.







Allow ":port" suffixes in sn2princ hostnames
2013-12-12T04:56:35+00:00

Greg Hudson
ghudson@mit.edu

2013-12-08T23:05:26+00:00

23a2a3d2f2c5f3ba3393aeca4908d2b2cb0bbe65

MSSQLSvc principal names can contain a ":port" or ":instance" trailer
on the hostname part.  If we see that in the hostname argument of
krb5_sname_to_principal(), remove it before canonicalizing the
hostname and put it back on afterwards.

ticket: 7795 (new)





MSSQLSvc principal names can contain a ":port" or ":instance" trailer
on the hostname part.  If we see that in the hostname argument of
krb5_sname_to_principal(), remove it before canonicalizing the
hostname and put it back on afterwards.

ticket: 7795 (new)







Modernize sn2princ.c
2013-12-12T04:56:34+00:00

Greg Hudson
ghudson@mit.edu

2013-12-03T21:19:35+00:00

1f728b9333401fd4b8c8a9bbb63cb125d53cd5c8

Refactor and edit sn2princ.c to match current coding style.  No
behavior changes, except to be less chatty in trace logs.





Refactor and edit sn2princ.c to match current coding style.  No
behavior changes, except to be less chatty in trace logs.