| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
glibc does not declare a number of common, useful extensions such as
asprintf unless _GNU_SOURCE is defined. Define it early in the
configure process so that it is available for autoconf tests.
Defining _GNU_SOURCE unfortunately causes glibc to use the non-POSIX
version of strerror_r, which we now handle using the k5-platform.h
wrapper.
ticket: 7961
|
|
|
|
|
|
|
|
| |
On systems where strerror_r is not the POSIX version, define it to
k5_strerror_r. Implement k5_strerror_r in libkrb5support using
strerror_s, strerror, or the GNU strerror_r as appropriate.
ticket: 7961
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for the new anchor names persistent, user, and session.
The persistent anchor attempts to use a persistent keyring for a
specified uid, and falls back to the user keyring if it cannot; the
collection is stored at a fixed name within the persistent or user
keyring. The session anchor uses the session keyring without legacy
semantics.
For all keyring types except legacy, attempt to use the "big_key" key
type on systems which have keyctl_get_persistent. (They are
essentially unrelated features, but were added at the same time.)
This key type is stored in a kernel tmpfs and can store larger
tickets.
Since kernel commit 96b5c8fea6c0861621051290d705ec2e971963f1, new keys
created by add_key() only have VIEW permission for the user, and the
rest of the permissions require "possession," which means there is a
path from the thread, process, or session keyring to the key. For the
user and persistent anchor types, we link the collection into the
process keyring to ensure that we have a possession rights on the
collection.
Adapted from a patch by simo@redhat.com.
ticket: 7711
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It has been unconditionally activated by all supported build systems
for almost two years, and no complaints or issues have been reported.
In particular, aclocal.m4 has had an unconditional AC_DEFINE() since
3d708e55 in 2003, and win-pre.in has unconditionally set KRB5_USE_DNS_KDC
since 17ffebf7 in 2011.
While here, simplify some other DNS conditionals in win-pre.in where
only one branch was ever taken.
ticket: 7691 (new)
|
|
|
|
|
| |
Our portability assumptions now allow the use of variadic macros, so
don't warn or error on them.
|
|
|
|
|
|
|
| |
Remove a reference to eDirectory that persisted after support for
eDirectory was removed. Almost certainly harmless anyway.
[ghudson@mit.edu: also quote $with_ldap]
|
|
|
|
|
|
| |
Add -Werror=pointer-arith to the gcc warning flags. The equivalent
was added to the Solaris compiler flags in
2dc1ef4078acd7ca463a8eee2ef20de54e672f37 (r21886).
|
|
|
|
|
|
|
| |
Change the default client keytab name, if not overridden at build
time, to FILE:$localstatedir/krb5/user/%{euid}/client.keytab.
Introduce a second file from the autoconf archives in order to
recursively expand $localstatedir within configure.in.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configure-time options to enable and disable IPv6 support have
been deprecated for some time, but the checks for OS support were
kept. This removes those checks, and unconditionally compiles in the
IPv6 support.
There was a configure-time test to see if the macro INET6 needed to be
defined in order to enable (visibility of) OS support for IPv6, which
was needed on an IRIX system we tested with. That check is retained,
but the revised code is untested on IRIX.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25719 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Fail during configure time if the configure script can't locate the
"ar" program, instead of producing a delayed failure during build time
by running the "false" command. Some Solaris releases have ar in
/usr/ccs/bin, which is not in the default path for some users.
ticket: 7094
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25711 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Instead, use $(BUILDTOP)/plugins as the plugin base for tests. For
each real plugin module, create a link in the parent directory if
we're doing a shared-library build--so built KDB modules can be found
in plugins/kdb, preauth modules in plugins/preauth, etc..
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25436 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
possibilities, since with only one configure script now, we know
exactly where it is.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25183 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25149 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Static linking (#6510) broke when lockout support was added because
the DB2 plugin became dependent on libkadm5srv_mit for XDR functions.
Also, static linking was extensively broken in combination with LDAP
support. Fix these problems.
Afer these fixes, the test suite fails in the FAST tests because
there's no static build support for dynamic preauth plugins, which
means there's no encrypted challenge. (And unlike the pkinit tests,
the test suite doesn't conditionalize on the presence of the encrypted
challenge plugin, because we always build it.) This will fix itself
if and when encrypted challenge becomes linked into the consumers, or
static build support is added for preauth plugins.
ticket: 6914
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24996 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add compile_et arguments --textdomain and --localedir.
* Store text domain and localedir at the end of error tables.
* error_message() calls dgettext if the table has a text domain.
* add_error_table() calls bindtextdomain if the table has a localedir.
* Define N_() as no-op in generated source and mark up error messages.
* When using system compile_et, test for --textdomain support.
* Use --textdomain option when available.
* Run xgettext over generated sources in compile_et rule.
* Translate com_err results in krb5int_get_error() if com_err won't.
ticket: 6918
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24960 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24832 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Sun compiler.
Change the cache variable name construction to distinguish "=" from
"-" in option names. Prefer -Werror-implicit-function-declaration
over -Werror=implicit-function-declaration since in some versions of
GCC only the former works properly.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24409 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
running programs out of the build tree during python-based tests.
Also updates shilb.conf to set RUN_VARS to make it easier to generate
this sort of thing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23905 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
the applications are unbundled.
ticket: 6583
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23306 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 6579
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23145 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Quoting problems in pattern matching on the OS name cause Solaris
versions up through 9 to not be properly recognized in the
thread-system configuration setup. This causes our libraries to make
the erroneous assumption that valid thread support routines are
available on all Solaris systems, rather than just assuming it for
Solaris 10 and later.
The result is assertion failures like this one reported by Meraj
Mohammed and others:
Assertion failed: k5int_i->did_run != 0, file krb5_libinit.c, line 63
Thanks to Tom Shaw for noticing the cause of the problem.
The bug may be present in the 1.6.x series as well.
ticket: 6579
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23144 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
have to explicitly override const in order to implement strchr-like
functions or place pointers into read-only krb5_data objects.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23130 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
require --enable-static --disable-shared for the same effect. Error
out if only one of those two is specified.
While here, remove an unnecessary clause in the --disable-rpath block,
and make the notices consistent when using shared and static
libraries.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22416 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add enough static linking support to run the test suite without shared
libraries, to facilitate gcov and other kinds of instrumentation. The
necessary changes include:
* Undo some of the changes which removed static linking support,
and cannibalize the defunct krb5_force_static conditional block
in aclocal.m4.
* Add --enable-static-only configure option.
* For plugins, use a different symbol name for static and dynamic
builds, via a macro in k5plugin.h.
* Add build machinery for building static libraries for plugins
(somewhat grotty due to the difference in names).
* Move plugin subdirs earlier in SUBDIRS in src/Makefile.in.
* Make the in-tree KDB5 plugins dependencies of libkdb5 in a static
build (aclocal.m4 has to know what they are).
* In kdb5.c, cannibalize the broken _KDB5_STATIC_LINK support to
allow "loading" of statically linked plugin libraries.
Preauth, authdata, locate, and GSSAPI plugins are not handled by this
change, as they are not currently necessary to the test suite.
Supporting GSSAPI plugins may be a bit tricky but the others should be
straightforward if they become needed.
$(STLIBEXT) changes from .a-nobuild to .a in a normal shared build as
a result of these changes (except on AIX where aclocal.m4 changes it).
This does not seem to be important as we avoid selecting the static
library for building via other means.
ticket: 6510
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22406 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22365 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
AC_ARG_ENABLE returns its value in enableval not withval. --disable-rpath
was not working - or dependent on some previous setting...
ticket: 6390
tags: pullup
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21968 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21916 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21913 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a pointer argument passed where an integer is needed.
Update Sun compiler options to make that an error. (The options we're
currently using make it an error for assignment but not for argument passing.)
ticket: 6363
target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21887 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
Fix one file in gssapi where we compute offsets from a void* without casting.
Change options used with Sun compiler to make such expressions an error.
ticket: 6362
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21886 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move automatically-generated dependencies into separate files in the
source tree, and take the data out of Makefile.in.
Keep the "make depend" rules for stripping out the dependencies from
Makefile.in, in case some optional directories were missed, but
everything that builds on my UNIX build has been converted.
(Converting a directory just requires creating an empty "deps" file so
that config.status can build the makefile, and then later running
"make depend" in that directory to get the correct content for it.)
Change configure scripts to incorporate the "deps" file when building
each Makefile. This change requires the existence of a file "deps" in
each source directory where we build a makefile, even if there are no
sources for which to compute dependencies; a switch to GNU make would
let us conditionalize that, but we can assess that later.
Update dependencies for the generate Makefile itself to list the deps
file.
This will also require some minor tweaking of the Windows build, to
make it incorporate the new deps file.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21701 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21682 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
| |
Remove krb4 build system references and conditionals.
Move des425 header stuff referenced by des_int.h into des_int.h.
Remove krb4 test cases.
ticket: 6303
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21544 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
and make int/ptr mixups a fatal error that will be noticed at build or
"make check" time. Tested in a 32-bit build.
ticket: 6297
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21325 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
link lines. Useful for OS distributors and for builds which will
only be used to run the test suite.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21297 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
that users can override the debugging and optimization flags
independently of the warning flags.
Remove -Wconversion from the standard set of warning flags since it
warns excessively on perfectly good code, and is designed to aid in
conversion of code from K&R to ANSI C rather than to maintain code
quality.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21273 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20826 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add several new gcc warning flags, used in the KfM build process.
Put declarations before code.
Fix a bunch of signed/unsigned type mixes, mostly by changing variable
types to unsigned int.
Fix constness in handling name of default ccache name.
Make sure functions get declared with prototypes:
krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt
krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get.
Don't shadow global names: stat accept index open encrypt. Fix
variable shadowing in LDAP ASN.1 support.
Don't define unused krb5int_local_addresses.
Don't export internal krb5_change_set_password.
Fix error return indications from gssint_oid_to_mech.
Create and use k5-gmt_mktime.h to provide one global declaration of
krb5int_gmt_mktime, needed before we've generated krb5.h on some
platforms.
Not incorporated from initial patch: const changes in function
signatures.
ticket: 6096
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
command-line flag or not, and adding it to CFLAGS only if supported.
Use it for GCC flag -Wno-format-zero-length, which we were testing for
before, and for some additional flags: -Woverflow -Wstrict-overflow
-Wmissing-format-attribute -Werror=declaration-after-statement
-Wdeclaration-after-statement -Werror=variadic-macros
-Wvariadic-macros. (The last few are because we've had some code
contributions that assumed full C99 support, and our baseline is
currently C89+, so if possible we want certain newer constructs
flagged as errors.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20685 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
in code common to all. Use an existing AC_CHECK_TYPES invocation, not a
special-purpose test. Eliminate now-unused
KRB5_AC_CHECK_TYPE_WITH_HEADERS and KRB5_AC_CHECK_SOCKADDR_STORAGE macros.
Merge KRB5_AC_CHECK_INET6 into the one place where it gets used.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20681 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20672 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
the configure-generated CFLAGS string is one of the usual ones with -O2,
replace -O2 rather than appending, since -Os will override previously
specified optimization levels anyways.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20660 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20636 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
in CXXFLAGS that G++ doesn't support.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20159 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Assumes for now that libpath, rpath, ldflags, pthread flags and such
apply to both C and C++ compilers.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20155 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20154 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19848 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19762 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
defined, skip the weak and conditional references in k5-thread.h and always
use the real pthread functions.
ticket: 5560
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19556 dc483132-0cff-0310-8789-dd5450dbe970
|