6 years agorebase-lorikeet: Explicitly use bash. master
Jelmer Vernooij [Fri, 26 Oct 2012 14:34:47 +0000 (06:34 -0800)]
rebase-lorikeet: Explicitly use bash.

Standard sh doesn't have pushd/popd.

6 years agolib/krb5: windows KDCs always return the canoncalized server principal
Stefan Metzmacher [Mon, 25 Jul 2011 07:23:52 +0000 (09:23 +0200)]
lib/krb5: windows KDCs always return the canoncalized server principal

Is there a better way to handle this?


6 years agoHACK: Netbios Domain as Realm
Stefan Metzmacher [Fri, 22 Aug 2008 09:45:26 +0000 (11:45 +0200)]
HACK: Netbios Domain as Realm

This is really a ugly hack, to support using the Netbios Domain Name
as realm against windows KDC's, they always return the full realm
based on the DNS Name.


6 years agolorikeet-heimdal: Add a new script to help merging patches from Samba4 to heimdal
Andrew Tridgell [Wed, 1 Dec 2010 02:00:08 +0000 (13:00 +1100)]
lorikeet-heimdal: Add a new script to help merging patches from Samba4 to heimdal

6 years agolorikeet-heimdal: improve import-lorikeet.sh for the toplevel build
Stefan Metzmacher [Thu, 14 Jul 2011 14:24:37 +0000 (16:24 +0200)]
lorikeet-heimdal: improve import-lorikeet.sh for the toplevel build


6 years agolorikeet-heimdal: Improve the heimdal import scripts
Andrew Bartlett [Tue, 30 Nov 2010 23:54:49 +0000 (10:54 +1100)]
lorikeet-heimdal: Improve the heimdal import scripts

6 years agolorikeet-heimdal: add scipts to rebase and import the latest version into samba4
Stefan Metzmacher [Fri, 27 Mar 2009 06:31:11 +0000 (07:31 +0100)]
lorikeet-heimdal: add scipts to rebase and import the latest version into samba4

If you use this scripts, read them! :-)


6 years agolorikeet-heimdal: add wrap_ex_ntlm.diff from abartlet
Stefan Metzmacher [Fri, 22 Aug 2008 09:58:18 +0000 (11:58 +0200)]
lorikeet-heimdal: add wrap_ex_ntlm.diff from abartlet


6 years agolorikeet-heimdal: add HEIMDAL-LICENCE.txt
Stefan Metzmacher [Fri, 22 Aug 2008 09:57:06 +0000 (11:57 +0200)]
lorikeet-heimdal: add HEIMDAL-LICENCE.txt


6 years agolorikeet-heimdal: camellia-ntt GPLv2+ license
Stefan Metzmacher [Fri, 22 Aug 2008 09:43:50 +0000 (11:43 +0200)]
lorikeet-heimdal: camellia-ntt GPLv2+ license


6 years agolorikeet-heimdal: autogen.sh modifications
Stefan Metzmacher [Fri, 22 Aug 2008 09:42:21 +0000 (11:42 +0200)]
lorikeet-heimdal: autogen.sh modifications


6 years agoFix renewal/refresh logic when kinit is provided with a command.
Roland C. Dowdeswell [Tue, 16 Oct 2012 17:32:43 +0000 (01:32 +0800)]
Fix renewal/refresh logic when kinit is provided with a command.

1.  in ticket_lifetime() calculate the remaining lifetime
    of the ticket rather than the requested lifetime.

2.  in renew_func(), attempt to renew if the tickets are
    renewable rather than only if --renewable is specified.

3.  fix the call to renew_validate() in renew_func() to
    specify renewable tickets if the original tickets are
    renewable rather than only if --renewable is specified.

4.  stop printing constant warnings to the terminal about
    how tickets cannot be obtained if they expire, cannot
    be renewed and we can't non-interactively obtain fresh
    ones.  We limit it to a single warning.

5.  after the tickets expire, we backoff the requests to
    obtain fresh tickets exponentially.

6 years agoCapture return value from __sync_add_and_fetch in the test
Magnus Ahltorp [Mon, 15 Oct 2012 16:16:53 +0000 (09:16 -0700)]
Capture return value from __sync_add_and_fetch in the test

__sync_add_and_fetch is treated as a built in function by the compiler if the return value is not used (as in the autoconf test), but it is treated as a regular function when the return value is used

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
6 years agoMerge pull request #21 from hyc/mdb2
Love Hörnquist Åstrand [Mon, 8 Oct 2012 01:54:53 +0000 (18:54 -0700)]
Merge pull request #21 from hyc/mdb2

Add support for OpenLDAP libmdb

6 years agoAdd support for OpenLDAP libmdb
Howard Chu [Sun, 7 Oct 2012 23:44:33 +0000 (16:44 -0700)]
Add support for OpenLDAP libmdb

6 years agorename KRB5_PLUGIN_KUSEROK since kuserok is a little bit too common
Love Hornquist Astrand [Sun, 7 Oct 2012 18:28:28 +0000 (11:28 -0700)]
rename KRB5_PLUGIN_KUSEROK since kuserok is a little bit too common

6 years agorequire version >= 0
Love Hornquist Astrand [Sun, 7 Oct 2012 18:13:17 +0000 (11:13 -0700)]
require version >= 0

6 years agomake sure logs are truncated
Love Hornquist Astrand [Sun, 7 Oct 2012 18:11:17 +0000 (11:11 -0700)]
make sure logs are truncated

6 years agoscan whole logfile
Love Hornquist Astrand [Sun, 7 Oct 2012 18:06:29 +0000 (11:06 -0700)]
scan whole logfile

6 years agopass back an heim_error from hx509_cert_init
Love Hornquist Astrand [Sun, 7 Oct 2012 13:33:13 +0000 (06:33 -0700)]
pass back an heim_error from hx509_cert_init

6 years agorename mdb to mitdb
Love Hornquist Astrand [Sat, 6 Oct 2012 22:38:56 +0000 (15:38 -0700)]
rename mdb to mitdb

6 years agofixup error messages
Love Hornquist Astrand [Mon, 1 Oct 2012 16:54:13 +0000 (09:54 -0700)]
fixup error messages

6 years agodon't use free'd string
Love Hornquist Astrand [Mon, 1 Oct 2012 16:53:52 +0000 (09:53 -0700)]
don't use free'd string

6 years agouse configuration for db-dir
Love Hornquist Astrand [Mon, 1 Oct 2012 16:50:46 +0000 (09:50 -0700)]
use configuration for db-dir

6 years agoadd db-dir
Love Hornquist Astrand [Mon, 1 Oct 2012 16:50:32 +0000 (09:50 -0700)]
add db-dir

6 years agocatch better slave message now that iprop is more verbose
Love Hornquist Astrand [Mon, 1 Oct 2012 16:36:11 +0000 (09:36 -0700)]
catch better slave message now that iprop is more verbose

6 years agoDocument some GSS-API functions and fix some spelling errors. No code changes.
Marco Molteni [Tue, 25 Sep 2012 08:05:34 +0000 (10:05 +0200)]
Document some GSS-API functions and fix some spelling errors. No code changes.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
6 years agoAdd pkg-config files for krb5 libraries
Stef Walter [Thu, 27 Sep 2012 11:51:27 +0000 (13:51 +0200)]
Add pkg-config files for krb5 libraries

 * These can be used along side krb5-config

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
6 years agoguess some code for SUN_PROC_POINT
Love Hornquist Astrand [Tue, 25 Sep 2012 04:28:04 +0000 (21:28 -0700)]
guess some code for SUN_PROC_POINT

6 years agoinclude <stddef.h> so that we have a size_t
Love Hornquist Astrand [Sun, 23 Sep 2012 17:56:16 +0000 (10:56 -0700)]
include <stddef.h> so that we have a size_t

from metanest and https://github.com/heimdal/heimdal/issues/15

6 years agouse Getopt::Std, patch original from Leonardo <rnalrd@gmail.com>, updated by me
Love Hornquist Astrand [Sun, 23 Sep 2012 17:41:34 +0000 (10:41 -0700)]
use Getopt::Std, patch original from Leonardo <rnalrd@gmail.com>, updated by me

6 years agoalways produce a signature that is the size of the modulus
Love Hornquist Astrand [Wed, 12 Sep 2012 03:45:43 +0000 (20:45 -0700)]
always produce a signature that is the size of the modulus

6 years agodd include flags for test cases.
Philip Boulain [Mon, 10 Sep 2012 15:39:42 +0000 (08:39 -0700)]
dd include flags for test cases.

 When building with OpenSSL at a custom prefix, some test cases will fail
 to compile due to missing include path compiler options. This patch adds
 them, as well as defining CPPFLAGS and LDADD for test_expr.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
6 years agoMerge pull request #18 from meffie/master
Jeffrey Altman [Thu, 16 Aug 2012 19:55:20 +0000 (12:55 -0700)]
Merge pull request #18 from meffie/master

drop the __restrict keyword in roken to please old compilers.

6 years agodrop __restrict some more, to please old compilers
Michael Meffie [Thu, 16 Aug 2012 19:19:44 +0000 (15:19 -0400)]
drop __restrict some more, to please old compilers

Avoid the __restrict keyword in roken to appease older compilers.

6 years agoWindows doesn't support poll(2) or fcntl(2) so #ifdef it out in send_to_kdc.c.
Roland C. Dowdeswell [Tue, 14 Aug 2012 21:50:33 +0000 (22:50 +0100)]
Windows doesn't support poll(2) or fcntl(2) so #ifdef it out in send_to_kdc.c.

6 years agoRevert "generated files must #include config if supported"
Jeffrey Altman [Sun, 12 Aug 2012 20:05:04 +0000 (16:05 -0400)]
Revert "generated files must #include config if supported"

therefore #include config.h is not required.

This reverts commit 9be792055c8bef9d35b9d3e1412175dae18a5a97.

6 years agoMake concurrent builds work.
Roland C. Dowdeswell [Tue, 7 Aug 2012 23:04:04 +0000 (00:04 +0100)]
Make concurrent builds work.

To stop the errors when building concurrently, we make a number of

        1.  stop including generated files in *_SOURCES,

        2.  make *-protos.h and *-private.h depend on the *_SOURCES,

        3.  make all objects depend on *-{protos,private}.h,

        4.  in a few places change dir/header.h to $(srcdir)/dir/header.h,

This appears to work for me with make -j16 on a 4-way box.

6 years agoheimdal: fixed -Werror=format error in com_err
Andrew Tridgell [Thu, 2 Aug 2012 04:59:37 +0000 (14:59 +1000)]
heimdal: fixed -Werror=format error in com_err

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
6 years agoWindows: rk_wcsdup allocator
Jeffrey Altman [Fri, 20 Jul 2012 13:40:22 +0000 (09:40 -0400)]
Windows: rk_wcsdup allocator

patchset 3fe55728404c602884f16126e9cc60fc5a3d8f20 should have
replaced wcsdup().

Change-Id: Ib1e09477b430525267c6c930d7c4ab29858a68bb

6 years agoWindows: rk_strdup allocator
Jeffrey Altman [Fri, 20 Jul 2012 04:50:47 +0000 (00:50 -0400)]
Windows: rk_strdup allocator

patchset 3fe55728404c602884f16126e9cc60fc5a3d8f20 should have
replaced strdup().

Change-Id: I7af7b3e953e379fb23fccd9fa7a9e02c354c2dc4

6 years agoFix memory leak in hx509_context_init().
Roland C. Dowdeswell [Tue, 17 Jul 2012 18:38:46 +0000 (19:38 +0100)]
Fix memory leak in hx509_context_init().

OpenSSL_add_all_algorithms() should only be run once per application
or it will cause data structures to expand.  It's not a classic
memory leak as all of the memory will be free(3)d when EVP_cleanup()
is called but as we are a library we cannot call this.  We provide
a short term fix here which is using heim_base_once_f() to ensure
that we only call it once.

But the long term fix should be to stop using OpenSSL_add_all_algorithms()
entirely because it both has side effects outside our library and
the caller may destroy our OpenSSL global variables by calling
EVP_cleanup() on his own.  It is suboptimal to have potential
interactions between our library and other code in this way.

6 years agoFix Makefile.am issue with test_expand_toks
Nicolas Williams [Mon, 16 Jul 2012 23:24:10 +0000 (18:24 -0500)]
Fix Makefile.am issue with test_expand_toks

6 years agoFix bug in _krb5_expand_path_tokensv()
Nicolas Williams [Sun, 15 Jul 2012 06:28:47 +0000 (01:28 -0500)]
Fix bug in _krb5_expand_path_tokensv()

6 years agoMake test_store.c build w/o warnings and run
Nicolas Williams [Sun, 15 Jul 2012 05:42:43 +0000 (00:42 -0500)]
Make test_store.c build w/o warnings and run

6 years agoEnsure that timeouts apply to TCP socket connexions.
Roland C. Dowdeswell [Thu, 12 Jul 2012 00:00:23 +0000 (01:00 +0100)]
Ensure that timeouts apply to TCP socket connexions.

Currently the Heimdal code calls connect(2) on TCP connexions to
the KDC without setting O_NONBLOCK.  This code implements a
timed_connect() function which will in the case of SOCK_STREAM
sockets put the socket into non-blocking mode prior to calling
connect and use select(2) to apply the configured timeout to connect
completion.  This does not entirely solve the problem of potential
timeouts in the code as it is still possible to block while writing
to the socket.  A proper implementation would also likely start
new connexions after a short interval before timing out existing
connexions and return the results from the first KDC which successfully
responds but we did not do that yet.

This patch is from heimdal-1-5-branch patches:


Squashed together along with a quick shadowed variable warning fix
to allow it to compile with --enable-developer.

6 years agoTypo and separate formatting error in lib/com_err/com_err.3.
Roland C. Dowdeswell [Wed, 4 Jul 2012 20:53:36 +0000 (21:53 +0100)]
Typo and separate formatting error in lib/com_err/com_err.3.

Reported by jklowden@schemamania.org and jdf@NetBSD.org via NetBSD in:


6 years agoFix a typo: ai should have been a.
Roland C. Dowdeswell [Wed, 4 Jul 2012 19:07:45 +0000 (20:07 +0100)]
Fix a typo: ai should have been a.

6 years agokrb5_enomem to separate source file
Jeffrey Altman [Mon, 2 Jul 2012 15:33:18 +0000 (11:33 -0400)]
krb5_enomem to separate source file

krb5_enomem() is a wrapper around krb5_set_error_message() which
is used throughout the lib/krb5 sources.  Some of the lib/krb5
sources are imported into third party projects and those projects
must be able to pull in krb5_enomem() without other baggage.
Create a new source file lib/krb5/enomem.c.

Change-Id: Id109386d48e3e2988b705b82525adf4f1fa5ea98

6 years agoroken: Use a common allocator for all windows
Jeffrey Altman [Mon, 2 Jul 2012 02:03:32 +0000 (22:03 -0400)]
roken: Use a common allocator for all windows

Windows applications become very unhappy when memory is allocated
in one module (exe or dll) and deallocated in another.  This is
because each of the C run time library instances uses its own
heap.  Mixing allocating in one heap and deallocating in another
will lead to memory leaks and heap corruption.   For modules that
build against roken avoid this problem by sharing roken's allocator
with the module that uses it.

Change-Id: I31e35c600a78350b168a281811160696dc327544

6 years agohdb.h uses FILE * and so should #include <stdio.h>.
Roland C. Dowdeswell [Wed, 27 Jun 2012 00:58:19 +0000 (01:58 +0100)]
hdb.h uses FILE * and so should #include <stdio.h>.

6 years agoNot all make implementations define RM by default. So, we can't use it.
Roland C. Dowdeswell [Tue, 26 Jun 2012 21:25:42 +0000 (22:25 +0100)]
Not all make implementations define RM by default.  So, we can't use it.

6 years agoRemove unused function from lib/base/string.c as it breaks with -Werror.
Roland C. Dowdeswell [Tue, 26 Jun 2012 21:14:47 +0000 (22:14 +0100)]
Remove unused function from lib/base/string.c as it breaks with -Werror.

6 years agoRevert "do not include stdint.h unprotected"
Jeffrey Altman [Tue, 26 Jun 2012 21:03:08 +0000 (17:03 -0400)]
Revert "do not include stdint.h unprotected"

This reverts commit cb6f7ea40ecd8b1d26ba94f2ee0631f049a9a7cc.

stdint.h can be included everywhere now that the Windows
platform generates and installs a stdint.h when Visual
Studio does not provide one.

Change-Id: Ia3cab28d7f5806203cd45227765debda54ac7472

6 years agoMove base into lib
Nicolas Williams [Thu, 21 Jun 2012 00:31:14 +0000 (19:31 -0500)]
Move base into lib

    This involves reverting dd267e8fc3378b2021d30d643f8cde9f16a259f1,
    but that gets lost in the move.

    This builds on Ubuntu and Windows at this time.

6 years agoEliminate shadow variable in lib/ntlm/test_ntlm.c.
Roland C. Dowdeswell [Wed, 20 Jun 2012 15:12:57 +0000 (16:12 +0100)]
Eliminate shadow variable in lib/ntlm/test_ntlm.c.

6 years agoEncrypt keys in change password code even when !keepold
Nicolas Williams [Thu, 14 Jun 2012 17:55:36 +0000 (12:55 -0500)]
Encrypt keys in change password code even when !keepold

6 years agoMake check-authz run when objdir != srcdir
Nicolas Williams [Thu, 14 Jun 2012 16:53:17 +0000 (11:53 -0500)]
Make check-authz run when objdir != srcdir

6 years agoRemove krb5_425_xx and krb4 compat glue from exports
Jeffrey Altman [Tue, 12 Jun 2012 22:50:17 +0000 (18:50 -0400)]
Remove krb5_425_xx and krb4 compat glue from exports

The lib/krb5 export lists contained the following functions
that are no longer in the tree:


Change-Id: I1f73768de2f7e9243e4e7a623b54af282ec54641

6 years agoWindows: missing exports on Windows
Jeffrey Altman [Tue, 12 Jun 2012 21:37:08 +0000 (17:37 -0400)]
Windows: missing exports on Windows

synchronize the export lists on Windows and UNIX.
When new functions are exported on UNIX or Windows,
the "test" build target on Windows will verify if
the export lists are in sync.

Change-Id: I9df3607983b03ee8dc6fa7cd22f85b07a6cee784

6 years agoWindows: export krb5_storage_fsync
Jeffrey Altman [Tue, 12 Jun 2012 20:53:00 +0000 (16:53 -0400)]
Windows: export krb5_storage_fsync

df42274d961308586ccef3abd261cceefd45c6fd added krb5_storage_fsync
but failed to export it on Windows.

Change-Id: I325cef08cbbfd8e9d86a323ed0e03bb3282d4250

6 years agoWindows: link libhdb against heimbase
Jeffrey Altman [Tue, 12 Jun 2012 20:51:37 +0000 (16:51 -0400)]
Windows: link libhdb against heimbase

heim_abort and heim_assert are not exported from heimdal.dll.
must link against heimbase to use them.

Change-Id: I57a29b90360f9036723c114f03a95684a4802529

6 years agoheimdal:lib/asn1: try to fix the build on IRIX
Stefan Metzmacher [Sun, 10 Jun 2012 14:21:12 +0000 (16:21 +0200)]
heimdal:lib/asn1: try to fix the build on IRIX

cc-1028 cc: ERROR File = ../source4/heimdal/lib/asn1/gen_template.c, Line = 548
  The expression used must have a constant value.

  struct templatehead template = { 0L, &(template). tqh_first };
If this really fixes the IRIX build, we'll propose this for heimdal upstream.


Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
6 years agojust mark sig algs as weak instead of expiration date
Love Hornquist Astrand [Fri, 8 Jun 2012 16:08:23 +0000 (18:08 +0200)]
just mark sig algs as weak instead of expiration date

6 years agopull in <errno.h>
Love Hornquist Astrand [Fri, 8 Jun 2012 15:57:02 +0000 (17:57 +0200)]
pull in <errno.h>

6 years agomove windows compat errno constants to after <errno.h> is included
Love Hornquist Astrand [Fri, 8 Jun 2012 15:56:48 +0000 (17:56 +0200)]
move windows compat errno constants to after <errno.h> is included

6 years agorandkey_s.c must also clear requires_pwchange flag.
Roland C. Dowdeswell [Fri, 8 Jun 2012 15:09:55 +0000 (16:09 +0100)]
randkey_s.c must also clear requires_pwchange flag.

6 years agochpass_s.c must set KADM5_ATTRIBUTES when writing the log entry...
Roland C. Dowdeswell [Fri, 8 Jun 2012 15:08:25 +0000 (16:08 +0100)]
chpass_s.c must set KADM5_ATTRIBUTES when writing the log entry...

...because we may have cleared the requires_pwchange flag.

6 years agoWindows EAFNOSUPPORT defined by VS2010
Jeffrey Altman [Fri, 8 Jun 2012 03:16:05 +0000 (23:16 -0400)]
Windows EAFNOSUPPORT defined by VS2010

EAFNOSUPPORT is defined by VS2010 errno.h.   Use the VS2010
value instead of WSAEAFNOSUPPORT if EAFNOSUPPORT is not defined.

Change-Id: Ie641fd8f212ea1be11811dbb2e0def9fdbac795f

6 years agoAdditional changes to make -Wshadow build on Ubuntu 10.04.
Roland C. Dowdeswell [Thu, 7 Jun 2012 15:59:01 +0000 (16:59 +0100)]
Additional changes to make -Wshadow build on Ubuntu 10.04.

Looks like they defined basename() in string.h and ntohs/htonl are
implemented in terms of __bswap16() which is a macro with tmp
variables and so one cannot embed one call to ntohs/htons in another.
Not good but we workaround this limitation in glibc.

6 years agoMove #undef ENABLE_PTHREAD_SUPPORT lower in appl/gssmask/common.h
Roland C. Dowdeswell [Thu, 7 Jun 2012 15:57:51 +0000 (16:57 +0100)]
Move #undef ENABLE_PTHREAD_SUPPORT lower in appl/gssmask/common.h

This wasn't having the intended effect because after we #include
config.h and #undef ENABLE_PTHREAD_SUPPORT we then #include other
headers that also #include config.h.  I've moved this lower so that
it has the effect that appears to be intended but the correct answer
may be to make it work but this will require #including pthread.h
as the build fails with -Werror when pthread functions are called.

6 years agoFix issue where master HDB can be locked while waiting for network I/O.
Roland C. Dowdeswell [Wed, 6 Jun 2012 21:29:03 +0000 (22:29 +0100)]
Fix issue where master HDB can be locked while waiting for network I/O.

We should not hold locks on the master's database while waiting
for network I/O which may take a terribly long time to complete as
this will block out all writers and could therefore be slightly
problematic.  ipropd-master was holding a shared lock on the database
while sending a complete propation to slaves which are out of sync
with the log file.  We fix this by writing what we intend to send
in record format into a file hdb_db_dir()/ipropd.dumpfile while
holding a shared lock on the database and then we send the contents
of the file after releasing the lock.  We also save and re-use the file
that we generated during future complete propagation events as long
as the log is long enough to get us back to the state previously

6 years agoFix ASN.1 template compiler bug and add test cases more likely to trip on similar...
Viktor Dukhovni [Sun, 27 May 2012 08:07:28 +0000 (08:07 +0000)]
Fix ASN.1 template compiler bug and add test cases more likely to trip on similar (structure size/type) errors

Signed-off-by: Roland C. Dowdeswell <elric@imrryr.org>
6 years agokrb5_kt_have_content have always really returned a krb5_error_code, pointed out by...
Love Hörnquist Åstrand [Mon, 4 Jun 2012 08:47:12 +0000 (10:47 +0200)]
krb5_kt_have_content have always really returned a krb5_error_code, pointed out by Gred Hudson

6 years agokadm5_log_reinit() needs to obtain its lock before truncating the file.
Roland C. Dowdeswell [Thu, 31 May 2012 16:30:29 +0000 (17:30 +0100)]
kadm5_log_reinit() needs to obtain its lock before truncating the file.

We can't use O_TRUNC on open because (without O_EXLOCK which is
not portable) we would be modifying the file without an exclusive
lock.  So, we drop the use of O_TRUNC and use ftruncate(2) after
obtaining the lock via flock(2).

6 years agoBetter character classes and wording
Harald Barth [Wed, 30 May 2012 13:52:57 +0000 (15:52 +0200)]
Better character classes and wording

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
6 years agorequire automake 1.11
Love Hornquist Astrand [Wed, 30 May 2012 14:36:04 +0000 (16:36 +0200)]
require automake 1.11

6 years agoFix broken qop.5 man page generation
Eray Aslan [Wed, 23 May 2012 08:08:09 +0000 (11:08 +0300)]
Fix broken qop.5 man page generation

$base should not include sub directories.  Filter them out.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
6 years agoDB_CURSOR_BULK requires DB 4.8 or later
Viktor Dukhovni [Tue, 29 May 2012 17:39:40 +0000 (17:39 +0000)]
DB_CURSOR_BULK requires DB 4.8 or later

6 years agoDon't forget to sleep in 3DES del_enctype test.
Viktor Dukhovni [Sun, 27 May 2012 22:20:58 +0000 (22:20 +0000)]
Don't forget to sleep in 3DES del_enctype test.

On NetBSD /bin/sh with vfork() is noticeably faster than /bin/bash,
and in particular the reader manages to read the the database before
slave replication completes.

6 years agoFix memory leak in krb5_ret_data() on error/eof.
Roland C. Dowdeswell [Mon, 28 May 2012 14:10:09 +0000 (15:10 +0100)]
Fix memory leak in krb5_ret_data() on error/eof.

6 years agoAdd krb5_storage_fsync().
Roland C. Dowdeswell [Mon, 28 May 2012 12:14:55 +0000 (13:14 +0100)]
Add krb5_storage_fsync().

We add a function to cause krb5_storage's to be sync'd to their backing
store.  For memory backed storages, this is a NOP.  For files, it calls
fsync on the file descriptor.

6 years agoipropd_slave.c: init data to zero or we free a random ptr.
Roland C. Dowdeswell [Mon, 28 May 2012 11:43:29 +0000 (12:43 +0100)]
ipropd_slave.c: init data to zero or we free a random ptr.

6 years agoFormatting: unnecessary lines and trailing whitespace.
Roland C. Dowdeswell [Tue, 22 May 2012 22:08:18 +0000 (23:08 +0100)]
Formatting: unnecessary lines and trailing whitespace.

6 years agoOpen cursor for bulk retrieval
Viktor Dukhovni [Thu, 17 May 2012 19:21:01 +0000 (19:21 +0000)]
Open cursor for bulk retrieval

6 years agoDon't clobber errno during error cleanup in krb5_storage_from_fd().
Roland C. Dowdeswell [Tue, 22 May 2012 10:07:19 +0000 (11:07 +0100)]
Don't clobber errno during error cleanup in krb5_storage_from_fd().

6 years agoFix a typo in a comment.
Roland C. Dowdeswell [Mon, 21 May 2012 16:12:16 +0000 (17:12 +0100)]
Fix a typo in a comment.

6 years agoEliminate unused variable warning.
Roland C. Dowdeswell [Mon, 21 May 2012 12:33:42 +0000 (13:33 +0100)]
Eliminate unused variable warning.

6 years agoFix segfault in MIT dump entry parsing code
Nicolas Williams [Fri, 18 May 2012 22:29:12 +0000 (17:29 -0500)]
Fix segfault in MIT dump entry parsing code

6 years agokadm5_s_get_principals() is a read only operation, so open the HDB in r/o mode.
Roland C. Dowdeswell [Fri, 18 May 2012 16:13:30 +0000 (17:13 +0100)]
kadm5_s_get_principals() is a read only operation, so open the HDB in r/o mode.

6 years agoFix locking issues in DB3 HDB backend.
Roland C. Dowdeswell [Fri, 18 May 2012 12:03:23 +0000 (13:03 +0100)]
Fix locking issues in DB3 HDB backend.

Multiple concurrent writers would cause the HDB to become corrupted
as the locking was not sufficient to prevent these sorts of issues
from occurring.  We fix this in a similar way to the prior DB1 patch.

6 years agoFix locking issues in DB1 HDB backend.
Roland C. Dowdeswell [Fri, 18 May 2012 11:39:08 +0000 (12:39 +0100)]
Fix locking issues in DB1 HDB backend.

Multiple concurrent writers would cause the HDB to become corrupted
as the locking was not sufficient to prevent these sorts of issues
from occurring.  We have changed the locking to obtain the appropriate
kind of lock on database open and to hold that lock until the
database closes.  We need to do this as Berkeley DB 1.85 will cache
information from the database in memory and if if this information
is updated without our knowledge then our later writes will corrupt
the database.  We speculate that there would be issues with a single
writer and reader but did not reproduce them.

6 years agoAdd comments to tcp_server.c, to make it easier for a newcomer to understand the...
Marco Molteni [Tue, 8 May 2012 09:54:24 +0000 (11:54 +0200)]
Add comments to tcp_server.c, to make it easier for a newcomer to understand the krb5 API usage.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
6 years agoAdd doxygen and source comments to some functions of the krb5 API
Marco Molteni [Tue, 8 May 2012 09:51:54 +0000 (11:51 +0200)]
Add doxygen and source comments to some functions of the krb5 API

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
6 years agoUpdate KDB in tests/kdc so check-hdb-mitdb passes
Nicolas Williams [Wed, 2 May 2012 23:21:33 +0000 (18:21 -0500)]
Update KDB in tests/kdc so check-hdb-mitdb passes

6 years agoUpdate kadmin.8
Nicolas Williams [Wed, 2 May 2012 22:55:30 +0000 (17:55 -0500)]
Update kadmin.8

6 years agoUpdate MIT<->Heimdal migration documentation
Nicolas Williams [Wed, 2 May 2012 22:43:26 +0000 (17:43 -0500)]
Update MIT<->Heimdal migration documentation

6 years agoAdd support for writing to KDB and dumping HDB to MIT KDB dump format
Nicolas Williams [Mon, 30 Apr 2012 08:28:00 +0000 (03:28 -0500)]
Add support for writing to KDB and dumping HDB to MIT KDB dump format

    Before this change Heimdal could read KDBs.  Now it can write to
    them too.

    Heimdal can now also dump HDBs (including KDBs) in MIT format, which
    can then be imported with kdb5_util load.

    This is intended to help in migrations from MIT to Heimdal by
    allowing migrations from Heimdal to MIT so that it is possible
    to rollback from Heimdal to MIT should there be any issues.  The
    idea is to allow a) running Heimdal kdc/kadmind with a KDB, or
    b) running Heimdal with an HDB converted from a KDB and then
    rollback by dumping the HDB and loading a KDB.

    Note that not all TL data types are supported, only two: last
    password change and modify-by.  This is the minimum necessary.
    PKINIT users may need to add support for KRB5_TL_USER_CERTIFICATE,
    and for databases with K/M history we may need to add KRB5_TL_MKVNO

    Support for additional TL data types can be added in
    lib/hdb/hdb-mitdb.c:_hdb_mdb_value2entry() and

6 years agoFix incorrect usage message in ktutil del
Viktor Dukhovni [Fri, 27 Apr 2012 18:35:38 +0000 (18:35 +0000)]
Fix incorrect usage message in ktutil del

Usage: remove [-h] [--principal=principal] [-p principal] [--kvno=enctype]
   [-V enctype] [--enctype=enctype] [-e enctype] [--help]
-p principal, --principal=principal principal to remove
-V enctype, --kvno=enctype          key version to remove
-e enctype, --enctype=enctype       enctype to remove

6 years agoVerify the existence of the keytab for tcp_server, gssapi_server
Marco Molteni [Tue, 1 May 2012 21:01:19 +0000 (23:01 +0200)]
Verify the existence of the keytab for tcp_server, gssapi_server

appl/test/tcp_server and gssapi_server try to open the keytab file only when processing a connection.

This patch verifies the existence of the keytab file on program startup, so that troubleshooting is easier. In addition it adds some comments.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>