| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
When the bundled libverto was updated from 0.2.2 to 0.2.5,
verto_set_flags should have been added to libverto.exports along with
the other new functions.
ticket: 7594 (new)
target_version: 1.11.2
tags: pullup
|
| | |
|
| |
|
|
| |
ticket: 7585
|
| |
|
|
|
|
| |
Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity. Reformat some k5buf implementation code to match current
practices.
|
| |
|
|
|
|
| |
Add a template-based array constructor for convenient marshalling of
structured values as JSON array values. Use it to simplify
export_cred.c.
|
| |
|
|
|
|
|
|
|
| |
Return error codes (0, ENOMEM, or EINVAL) from JSON support functions
instead of returning results directly. This makes error handling
simpler for functions which assemble JSON objects and then return a
krb5_error_code values. Adjust all callers. Use shims in
export_cred.c to minimize changes there; it will be redesigned
internally in a subsequent commit.
|
| |
|
|
|
|
| |
Create a K5Realm.kprop_port method so test scripts can invoke kprop
usefully, and create a simple Python test script exercising the same
kprop functionality as the dejagnu suite's kprop.exp.
|
| |
|
|
|
|
|
|
|
|
|
| |
In fake-addrinfo.c, the COPY_FIRST_CANONNAME logic erroneously assumes
that h_name is the same as h_aliases[0]. Look at h_name before
h_aliases for an FQDN, since h_name is normally the
forward-canonicalized name and h_aliases are not.
[ghudson@mit.edu: rewrote commit message]
ticket: 7556 (new)
|
| |
|
|
|
|
|
| |
In k5test.py, allow run_kadminl to take an environment argument. In
t_iprop.py, perform some queries on the slaves after each propagation
to spot-check that it got modifications from master. Use a helper
function to check serial numbers for conciseness.
|
| |
|
|
|
|
| |
Accept environment parameters in the K5Realm start_kdc and
start_kadmind methods, so that krb5kdc or kadmind can be started or
restarted with a modified configuration.
|
| |
|
|
|
| |
Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.
|
| |
|
|
|
|
|
|
| |
Signed overflow must be checked before it happens, since modern
versions of gcc will optimize out checks of the result. Reported by
Nickolai Zeldovich <nickolai@csail.mit.edu>.
ticket: 7511
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial k5test.py design, copied from the dejagnu suite, is to
create config files and environments for four expected roles: client,
server, master, and slave. This approach exaggerates the complexity
of the common case, where the configurations don't need to vary, and
limits us to having just one slave for kprop/iprop tests.
Instead, create just one configuration by default, and add a
special_env() method which sets up a differently configured
environment for the few test cases which need one. The run_as_*()
methods are collapsed into just run(), which accepts an optional
argument for the environment returned by special_env().
|
| |
|
|
|
|
|
|
| |
All of our deps files have a trailing space in the first line,
originating from depfix.pl. This space triggers the whitespace
checker when generating a new deps file. Get rid of the trailing
whitespace in the script; the change will be reflected in the deps
files the next time they are regenerated.
|
| |
|
|
|
|
|
| |
Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header. For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.
|
| |
|
|
|
|
| |
Eliminate the scratch_buf field of struct error_info and just return a
non-localized constant error message if we can't allocate a copy of
the real one. Also rely on a conformant strerror().
|
| |
|
|
|
|
|
| |
Fix style issues in kerrs.c and errors.c. Rename error handling
functions to use shorter k5_ prefix. Eliminate an inoperable
krb5int_set_error() call in gic_opte_alloc and convert the other
call to use krb5_set_error_message().
|
| |
|
|
|
|
|
|
|
| |
Update mkrel so that it will explicitly set SPHINX_ARGS=-W to make
warnings fatal and so that it will work in an unconfigured tree.
ticket: 7497 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7453 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new tests kdbtest.c and t_kdb.py. Together these exercise most of
the code in the LDAP back end. kdbtest is also run against the DB2
module, which is mostly redundant with other tests, but does exercise
the lockout logic a little more thoroughly than t_lockout.py can.
To test the LDAP back end, we look for slapd and ldapadd binaries in
the path. The system slapd is sometimes constrained by AppArmor or
the like, which we can typically work around by making a copy of the
binary. slapd detaches before listening on its server socket (this
got better in 2.4.27 but still isn't perfect), so we unfortunately
have to use a one-second sleep in the slapd setup.
|
| |
|
|
|
|
|
|
|
|
| |
Add an internal json function to make it easier to detect if an object
is empty, and use it to avoid creating a ccache config entry for
preauth module config data if there isn't any to save.
ticket: 7427 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
| |
* Avoid space-before-paren false positives on some function pointer
declarations by checking the identifier for simple type names.
* Check for space before close parenthesis.
* Check (carefully) for asymmetric spaces around binary operators.
* Handle nesting when checking for 2+ line flow control bodies.
* Check for asymmetric bracing around else statements.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Catch SIGUSR1 in iprop-mode kpropd so that we can use it to interrupt
sleeps and make kpropd do an iprop request immediately.
In k5test.py, add prod_kpropd and read_from_kpropd methods to allow
test scripts to send a SIGUSR1 to kpropd and to read its stdout/stderr
output; also allow the test script to specify additional arguments
when starting kpropd.
In t_iprop.py, start kpropd with -d and, instead of sleeping, read
kpropd output until we see an indication that kpropd is in sync with
the master. To avoid delays, prod kpropd before waiting for sync and
after a completed full prop.
|
| |
|
|
|
|
|
| |
In check_cast, we want to match cast operators with or without spaces
after the closing paren, and then check for spaces after we match.
Also, per the comment, we want to match potential cast operators
followed by an open paren.
|
| |
|
|
|
|
|
|
|
|
| |
The Camellia enctypes and cksumtypes have received IANA assignments.
Add #defines using those assignments to krb5.h, remove the CAMELLIA
conditional, and enable testing code as appropriate.
The Camellia draft has not received an RFC number yet, so there is no
Doxygen markup for the enctype and cksumtype #defines. That can be
added once the RFC number is known.
|
| |
|
|
|
|
|
| |
Add a start_kpropd() method to K5Realm and make start_kadmind() use the
kadmind -p, -K, and -F options.
ticket: 7378
|
| |
|
|
|
|
|
|
|
|
|
| |
util/cstyle-file.py checks a file for C style issues and displays
line-by-line output. It is not terribly sophisticated, and can
probably be improved upon (e.g. by doing an emacs batch-reindent of
the file and checking for differences in indentation).
util/cstyle.py produces diffs using git, runs the file checker on each
modified C source file in each diff, and displays the output lines
attribute to the diff.
|
| |
|
|
|
| |
FILES is unused in util/{ss,et}/Makefile.in; some other unused
variables were nearby.
|
| | |
|
| | |
|
| |
|
|
| |
Add JSON support based loosely on Heimdal's heimbase code.
|
| |
|
|
| |
Add base64 support based on Heimdal's libroken base64 code.
|
| |
|
|
|
|
|
| |
When the rules from util/k5ev/Makefile.in were moved to
util/verto/Makefile.in, the rule to make rename.h was broken on
non-gmake makes because the definition of SED wasn't carried over.
Define it now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream libverto depends on dynamic loading and in particular on
dladdr(), which is not universal. To avoid this dependency, stub out
support for module loading (by replacing module.c) and instead
integrate the k5ev module directly into the bundled verto library.
This change removes the need to link, include, and invoke libverto
differently depending on whether we're using the bundled library; we
can always just link with -lverto and call verto_default().
bigredbutton: whitespace
ticket: 7351 (new)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We already define EV_USE_REALTIME to 0 to avoid the use of
clock_gettime() (to avoid depending on librt). But in some build
environments libev can detect support for a monotonic clock, which
also results in using clock_gettime(). Define EV_USE_MONOTONIC to 0
as well to prevent this.
ticket: 7350 (new)
target_version: 1.10.4
tags: pullup
|
| |
|
|
|
|
|
| |
Use free() instead of gss_release_buffer() when freeing the locally
allocated context_token in the sample gss-server program. Use
gssalloc_free() instead of free when freeing buffers in
t_kgss_kernel.c (where we can't use gss_release_buffer).
|
| |
|
|
|
|
|
|
|
|
|
| |
wshelper is clearly not intended to use unicode:
wprintf is used extensively and exclusively to write to char[] buffers and
fields in dns structs are used as explicitly ASCII text.
Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
ticket: 7210 (new)
tags: pullup
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7206 (new)
tags: pullup
|
| | |
|
| |
|
|
|
|
| |
We need them if any headers we depend on are not in the default
search path (e.g., gettext.h). These files are built for
'make check' but not for the normal build.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bite the bullet and pass LC_ALL to setlocale() instead of just
LC_MESSAGES. Calls to setlocale() itself were introduced in
fabbf9e443459e8c0161c84563690ed70c7f6a61 for ticket 6918, but
only for LC_MESSAGES since only localized strings were needed
and that was the most conservative option.
However, klist, kadmin, and kinit (and perhaps others) would benefit
from localized formats for times (i.e., LC_TIME). If potentially
localized data is being sent on the wire, that is a bug that should
be fixed. No such bugs are found with the current test suite, so we
are comfortable enabling LC_ALL at this time.
ticket: 7192
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default client keytab is intended to be used to automatically
acquire initial credentials for client applications. The current
hardcoded default is a placeholder, and will likely change before
1.11.
Add test framework settings to ensure that a system default client
keytab doesn't interfere with tests, and to allow tests to be written
to deliberately use the default client keytab.
Add documentation about keytabs to the concepts section of the RST
docs, and describe the default client keytab there.
ticket: 7188 (new)
|
| | |
|
| |
|
|
|
|
|
|
| |
The big_endian flag in krb5_gss_ctx_id_rec is there for
interoperability with a really ancient implementation which we believe
is no longer in use. Get rid of it and the code to handle it.
ticket: 7166 (new)
|
| |
|
|
|
|
|
| |
Allow --debug to be used for commands which start daemons, to make it
easier to debug startup issues. After debugging a daemon, the script
will exit, since the daemon won't be running after the debugging
session is over.
|
| |
|
|
|
|
|
|
|
|
| |
r25844 (#7124) stopped using AI_ADDRCONFIG when canonicalizing
hostnames in sn2princ. So we need to also stop using it in k5test.c's
_get_hostname() or we could come up with a different result on a
system where forward and reverse resolution via IPv4 and IPv6 produce
different results. That in turn causes a t_gssapi.py test (the one
using the un-canonicalized hostname) to fail, because libkrb5 looks
for a different host principal than k5test.py put in the keytab.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Add $(LIBS) to the $(SHLIB_EXPLIBS) for some shared libraries which
did not previously include it, which prevented gcov from working
properly in some cases.
Patch from W. Trevor King.
ticket: 7138
|
| |
|
|
|
|
| |
Appending "--" to the git checkout arguments appears to prevent it
from automatically creating a local branch from the remote. Also
correct the default git URL and clean up a spurious find warning.
|
