Skip to content
Commits on Jan 29, 2012
Commits on Jan 27, 2012
  1. ticket: 7080

    ghudson committed Jan 27, 2012
    Suppress maybe-uninitialized warning in x-deltat.y
    
    Recent versions of gcc can generate a maybe-uninitialized warning from
    bison output instead of a regular uninitialized warning.  Suppress
    both.  Fix from nalin@redhat.com.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25665 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 26, 2012
  1. Clean up dispatch lookaside code slightly

    ghudson committed Jan 26, 2012
    Always log when we get a lookaside cache hit, eliminating a confusing
    conditional.  This is a slight behavior change because we never used
    to log a lookaside cache hit when we can't deliver the response via
    UDP, but that was never really deliberate or important--we log all
    sorts of stuff about responses which might turn out to be too big.
    
    Also eliminate a signed/unsigned comparison warning in
    finish_dispatch.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25661 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 7082

    ghudson committed Jan 26, 2012
    subject: Various lookaside cache fixes
    target_version: 1.10
    tags: pullup
    
    Don't touch the lookaside cache if we're responding with a lookaside
    cache entry.  Also, leave the null entry behind if we're deliberately
    dropping a request (a rare case) so that we don't have to process it
    again.  Fixes several lookaside problems in 1.10:
    
    * When dropping a request because it was already being processed, we
      were erroneously removing the null entry, causing us to process the
      request again upon a second retransmit.
    
    * When responding to a finished request with a lookaside entry, we
      were removing and re-adding the entry to the cache, resetting its
      time and performing unnecessary work.
    
    * We were not caching responses we couldn't deliver because they were
      too big for UDP, causing us to re-process the request when it came
      in again via TCP instead of simply delivering the cached response.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25660 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 7081

    ghudson committed Jan 26, 2012
    subject: Don't use stack variable address in as_req state
    target_version: 1.10
    tags: pullup
    
    The KDC's process_as_req was storing the address of a stack variable
    (client_princ), which fails if the request is not immediately
    serviced.  Move that variable to the state structure so its address
    remains valid for the lifetime of the request.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25659 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 24, 2012
  1. Avoid sizeof(void) in ASN.1 encoder

    ghudson committed Jan 24, 2012
    We were computing sizeof(void) when referencing atype_int_immediate
    types in other types (primarily atype_tagged_thing).  gcc gives this a
    pass but the Solaris compiler does not.  Use "int" as the dummy type
    instead.  (The type is unimportant since int-immediates aren't used by
    offset or sequence-of types.)
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25658 dc483132-0cff-0310-8789-dd5450dbe970
  2. Redesign ASN.1 encoder engine, removing field_info

    ghudson committed Jan 24, 2012
    Replace the "field" half of the ASN.1 encoder machinery with several
    new struct atype_info types (offset, counted, and int_immediate) and a
    new counted_type machinery used exclusively for object/integer pairs.
    This change eliminates the two-way entanglement between atypes and
    fields, and makes the encoder more independent of RFC 4120 ASN.1
    conventions.
    
    Defining sequences with the preprocessor macros is now slightly more
    cumbersome; we need to define a type for each field and then string
    them together with an array of struct atype_info *.  But it's not so
    bad, and hopefully we can auto-generate some of this soon.
    
    *_optional functions now return a bitmask of sequence field offsets
    not present in the C type.  This will need some more attention before
    we add decoding support to the engine, since it means sequence fields
    no longer know whether they are optional or not.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25657 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 22, 2012
  1. Return proper malloc-ed result data and use the provided servers arra…

    committed Jan 22, 2012
    …y in krbldap_sendto().
Commits on Jan 15, 2012
Commits on Jan 13, 2012
  1. ticket: 7073

    hartmans committed Jan 13, 2012
    Subject: kadmin.local.8 belongs in ADMIN_mandir
    tags: pullup
    target_version: 1.10
    
    Install kadmin.local.8 in ADMIN_MANDIR not CLIENT_MANDIR
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25654 dc483132-0cff-0310-8789-dd5450dbe970
  2. Add shadow manpages for k5login.5 and k5identity.5

    tlyu committed Jan 13, 2012
    Add shadow manpages dot.k5login and dot.k5identity for k5login.5 and
    k5identity.5.  Stop generating .k5login.5 and .k5identity.5 from
    sphinx (these will be taken care of by make install in src/man).  Add
    generated k5identity.5.
    
    Add SYNOPSIS sections to k5login.5 and k5identity.5 to make it more
    clear that the filenames start with a dot.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25653 dc483132-0cff-0310-8789-dd5450dbe970
  3. Reverted reference to klogind. Minor reformating.

    tsitkova committed Jan 13, 2012
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25652 dc483132-0cff-0310-8789-dd5450dbe970
  4. Simplify integer loading in ASN.1 encoding

    ghudson committed Jan 13, 2012
    Instead of defining an auxiliary load function for each integer
    type, just use its size and signedness to decide how to load it.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25651 dc483132-0cff-0310-8789-dd5450dbe970
  5. Add PKINIT decoder tests

    ghudson committed Jan 13, 2012
    Add tests to krb5_decode_test.c for PKINIT types.  Where the decoders
    do not match the encoders, include comments and hand-generated
    encodings which work with the decoder.
    
    Add a comment to asn1_k_encode.c documenting inconsistencies between
    the draft 9 PA-PK-AS-REQ spec and our encoder results.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25650 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 12, 2012
  1. Updated domain_realm section of krb5.conf. Reformated files.

    tsitkova committed Jan 12, 2012
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25649 dc483132-0cff-0310-8789-dd5450dbe970
  2. Added k5identity doc in RST format.

    tsitkova committed Jan 12, 2012
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25648 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 11, 2012
  1. ticket: 7063

    ghudson committed Jan 11, 2012
    Fix spurious clock skew caused by gak_fct delay
    
    In get_in_tkt.c, a time offset is computed between the KDC's auth_time
    and the current system time after the reply is decrypted.  Time may
    have elapsed between these events because of a gak_fct invocation
    which blocks on user input.  The resulting spurious time offset can
    cause subsequent TGS-REQs to fail and can also cause the end time of
    the next AS request to be in the past (issue #889) in cases where the
    old ccache is opened to find the default principal.
    
    Use the system time, without offset, for the request time of an AS
    request, for more predictable kinit behavior.  Use this request time,
    rather than the current time, when computing the clock skew after the
    reply is decrypted.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25644 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 10, 2012
  1. Fix an allocation size bug in ASN.1 tests

    ghudson committed Jan 10, 2012
    ktest_make_sample_pa_pk_as_req_draft9 was allocating the wrong
    size of objects for the trustedCertifiers array.  Fix it.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25638 dc483132-0cff-0310-8789-dd5450dbe970
  2. Use DEFTAGGEDTYPE for FAST choice types

    ghudson committed Jan 10, 2012
    pa_fx_fast_request and pa_fx_fast_reply are defined in RFC 6113 as
    extensible choice types with only one choice, which means they encode
    as another type with a [0] tag wrapper.  Use DEFTAGGEDTYPE to add
    this wrapper instead of DEFFIELDTYPE/FIELDOF_ENCODEAS, and add a
    comment describing why.
    
    After this change, all uses of DEFFIELDYPE are for dataptr/lenptr
    types or just simple offset transformations on the base pointer.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25635 dc483132-0cff-0310-8789-dd5450dbe970
  3. Simplify asn1_decode_kdc_dh_key_info

    ghudson committed Jan 10, 2012
    Due to some lingering confusion, the last commit changing
    asn1_decode_kdc_dh_key_info was correct but overly complicated (and
    contained an incorrect comment).  Change it to just use get_lenfield
    for subjectPublicKey.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25634 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 7067

    tlyu committed Jan 10, 2012
    subject: documentation license to CC-BY-SA 3.0 Unported
    target_version: 1.10
    tags: pullup
    
    Update documentation license to Creative Commons
    Attribution-ShareAlike 3.0 Unported.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25633 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 9, 2012
  1. Added documentation for sserver, sclient and krb5-send-pr in RST format

    tsitkova committed Jan 9, 2012
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25632 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 7065

    tlyu committed Jan 9, 2012
    subject: delete duplicate NOTICE file
    status: open
    
    Delete the duplicate NOTICE file, as it is checked into the tree and
    relative include paths work for sphinx.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25631 dc483132-0cff-0310-8789-dd5450dbe970
  3. Make dh_key_info encoder and decoder symmetric

    ghudson committed Jan 9, 2012
    The dh_key_info encoder expects subjectPublicKey to contain the
    contents of a bit string, but the decoder outputs the DER encoding of
    the bit string including tag.  The PKINIT client code expects this, so
    everything works, but the encoder and decoder should be symmetric.
    Change the decoder to process the bit string (adding a bit string
    decoding primitive) and modify the PKINIT client code to expect only
    the bit string contents.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25626 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 7064

    tlyu committed Jan 9, 2012
    subject: install sphinx-generated manpages
    status: open
    
    Install sphinx-generated manpages.  Original nroff manpages remain for
    reference until proofreading is complete.  Modify
    doc/rst_source/conf.py to better deal with shadow manpages -- sphinx
    will now build k5login.5 instead of .k5login.5, and kadmin.1 instead
    of both kadmin.1 and kadmin.local.8.
    
    Proofreaders should ensure that the original nroff manpages (and
    associated Makefile rules) are deleted once their reST format
    equivalents have been proofread.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25625 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 8, 2012
  1. Remove unneeded kdcRealm field in PKINIT structure

    ghudson committed Jan 8, 2012
    krb5_pk_authenticator_draft9 had a kdcRealm field which was set by the
    client code but never encoded or decoded.  Remove it.  Eliminating this
    field exposed a bug in auth_pack_draft9_optional; fix that.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25624 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 7061

    ghudson committed Jan 8, 2012
    subject: Fix PKINIT serverDHNonce encoding
    
    Use an explicit tag for serverDHNonce, as specified in RFC 4556,
    rather than the implicit tag we historically used.  This bug had no
    practical effect (and creates no interoperability issues) because we
    never generate a serverDHNonce.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25623 dc483132-0cff-0310-8789-dd5450dbe970
  3. Clean up the asn1 encoder design

    ghudson committed Jan 8, 2012
    Now that the PKINIT types have been converted and atype_fn has only
    one use, we can more easily modify the encoder so that any object can
    be encoded without its tag, which makes for a cleaner design.  The
    basic building block is now krb5int_asn1_encode_type, which encodes
    the contents of a function and returns its tag information to the
    caller.
    
    atype_fn now has its own structure, and the encoder function it
    references follows the semantics of krb5int_asn1_encode_type.
    atype_opaque is now atype_der and goes with a new corresponding field
    type (field_der); stored DER encodings are parsed to separate the tag
    from the content.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25622 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 7, 2012
  1. ticket: 7060

    ghudson committed Jan 7, 2012
    subject: Convert securid module edata method
    target_version: 1.10
    tags: pullup
    
    r25348 made modified the edata method of the kdcpreauth interface to
    be async-capable, but neglected to convert the securid_sam2 module's
    edata function.  Do that now.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25621 dc483132-0cff-0310-8789-dd5450dbe970
  2. Remove some unneeded accessor fields

    ghudson committed Jan 7, 2012
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25620 dc483132-0cff-0310-8789-dd5450dbe970
  3. Remove some unused structures and encoders

    ghudson committed Jan 7, 2012
    krb5_alt_method was added in r6604 but never supported.  krb5_pwd_data
    became unused when the Sandia kadmin system was replaced.
    krb5_pa_server_referral_data and krb5_pa_svr_referral_data were added
    in r21690 with internally-visible encoders which nothing uses.
    
    Leave behind structure declarations in krb5.hin for API compatibility.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25619 dc483132-0cff-0310-8789-dd5450dbe970
Something went wrong with that request. Please try again.