Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: krbldap
Commits on Jan 7, 2012
  1. Remove SAM encoders and structures

    ghudson authored
    r24403 removed the old SAM support, but left behind the structures,
    free functions, and ASN.1 encoders/decoders.  Remove those now.
    (SAM-2 support is still present.)
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25618 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 6, 2012
  1. Convert all remaining macro-coded ASN.1 encoders

    ghudson authored
    Use data-driven encoders for all of the remaining types which still
    used macros (primarily PKINIT types), and get rid of the macros.  Do
    not change any encoding behavior, but add some comments where behavior
    differs from the spec.
    
    DEFFNTYPE is now unused except for the kdc_req_body hack.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25617 dc483132-0cff-0310-8789-dd5450dbe970
  2. Add support for CHOICE in ASN.1 encoder

    ghudson authored
    Add a new field type where the length offset indicates a distinguisher
    and the data offset indicates a union address.  The field's type is an
    atype_choice containing a seq_info indexed by the distinguisher.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25616 dc483132-0cff-0310-8789-dd5450dbe970
  3. Factor out length retrieval in ASN.1 encoder

    ghudson authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25615 dc483132-0cff-0310-8789-dd5450dbe970
  4. Support implicit context tags in ASN.1 fields

    ghudson authored
    Add a field_info bit (the 32nd bit of the bitfields) indicating whether
    the context tag is implicit, and support it in encode_a_field.  Adjust
    all field-generating macros and invocations to include the new bit
    (always 0 for the moment).
    
    For atype_tagged_thing, narrow the construction field to six bits and
    add an implicit bit.  We could remove the construction field if it
    weren't for DEFOCTETWRAPPEDTYPE abusing atype_tagged_thing a little
    bit, since (normal) explicit tags are always constructed and implicit
    tag construction is computed from the base type.
    
    Given how rarely implicit tagging is used, it might be nice to have
    separate _IMPLICIT macros rather than an extra argument to every
    field.  But we already have separate _OPT macros for optional fields
    and FIELDOF_STRING vs. FIELDOF_STRINGL, so we start to get a
    combinatoric explosion in the number of macros.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25614 dc483132-0cff-0310-8789-dd5450dbe970
  5. Support ASN.1 encoding without the outer tag

    ghudson authored
    In order to support implicit tagging, make it possible to ASN.1-encode
    a value without its outer tag, instead remembering the construction
    bit of the omitted tag.
    
    A cleaner design would be to have separate functions for encoding a
    value's contents and its tag.  However, we can't do that for atype_fn
    or atype_opaque, and the possible indirections between types and
    fields mean we want to stay at the "encode everything" level for as
    long as possible to allow implicit tagging of the largest possible
    subset of types.  If we can get rid of atype_fn, we may be able to
    switch to the cleaner design with some adjustments to atype_opaque.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25613 dc483132-0cff-0310-8789-dd5450dbe970
  6. Use content-only ASN.1 primitives

    ghudson authored
    As part of implicit tag support, rework ASN.1 encoding primitives so
    that they encode only content, not tags.  Combine primitives which
    become identical with this change.  The new atype_primitive type
    invokes a primitive encoder and adds a tag.  atype_fn_len is split
    into atype_string and atype_opaque, both of which are hardcoded to
    use asn1_encode_bytestring.
    
    For the encoders still using macros, create asn1_addprimitive,
    asn1_addinteger, and asn1_addstring macros which call the primitive
    encoder function and add a tag.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25612 dc483132-0cff-0310-8789-dd5450dbe970
  7. Make ASN.1 struct atype_info more extensible

    ghudson authored
    Instead of including all of the possible type fields in struct
    atype_info, use a pointer to a type-specific structure.  This might
    save a little space, but more importantly, if we get to the point of
    exposing this stuff across plugin APIs, it allows ASN.1 type
    information to be extensible via defining new atype_type values.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25611 dc483132-0cff-0310-8789-dd5450dbe970
  8. Add missing test cases for ASN.1 types

    ghudson authored
    Add test cases for ASN.1 types which didn't previously have them.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25610 dc483132-0cff-0310-8789-dd5450dbe970
  9. Add test cases for PKINIT ASN.1 encoders

    ghudson authored
    Do not add decode tests, because those would trip some bugs in the
    decoders, and we can't safely fix some of those bugs without interop
    testing.  Encode tests are sufficient to detect when we
    unintentionally change the output of the encoders.
    
    Fix trval2() not to use the context shortcut on primitive context
    tags.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25609 dc483132-0cff-0310-8789-dd5450dbe970
  10. Simplify and reformat ASN.1 test code

    ghudson authored
    Use abort-on-error memory allocation to reduce failure handling.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25608 dc483132-0cff-0310-8789-dd5450dbe970
  11. Fix asn1_encode_subject_pk_info without params

    ghudson authored
    r20923 inadvertently broke asn1_encode_subject_pk_info in the case
    where algorithm.parameters.length == 0.  Fortunately this case never
    happens, but fix it anyway.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25607 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jan 4, 2012
  1. Remove unused functions (older API residue) krb5_realm_iterator* and …

    tsitkova authored
    …krb5_free_realm_string
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25606 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Dec 28, 2011
  1. ticket: 7057

    ghudson authored
    Fix implicit declaration in ksu for some builds
    
    ksu's setenv implementation needs to include <string.h> for memcpy.
    Patch from basch@alum.mit.edu.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25605 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Dec 27, 2011
  1. ticket: 6936

    ghudson authored
    Fix an unlikely memory leak in r25591
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25604 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Dec 26, 2011
Commits on Dec 22, 2011
  1. Updated env variable sections, formating and other corrections

    tsitkova authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25602 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Dec 21, 2011
  1. Stop using krb5_typed_data structure type

    ghudson authored
    Use the krb5_pa_data structure type when encoding or decoding
    TYPED-DATA.  Leave the krb5_typed_data structure definition in krb5.h
    with a comment saying not to use it.  Remove krb5_free_typed_data
    (which was never declared in krb5.h).  Remove some vestigial accessor
    stuff related to PKINIT encoding and decoding TYPED-DATA, which was
    unneeded since r25483.  Bump the accessor structure version to 19
    accordingly.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25601 dc483132-0cff-0310-8789-dd5450dbe970
  2. Stop using krb5_octet_data

    ghudson authored
    For consistency with the rest of the code base, make PKINIT use
    krb5_data as a pointer/length container.  Leave krb5_octet_data and
    krb5_free_octet_data behind for API compatibility.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25600 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Dec 20, 2011
  1. Remove MITKC logo from the tree.

    tsitkova authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25599 dc483132-0cff-0310-8789-dd5450dbe970
  2. Table of Contents.hhc -> Table_of_Contents.hhc

    ghudson authored
    Avoid using spaces in filenames as it makes searching the source
    tree less convenient on Unix.
    
    Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25598 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Dec 19, 2011
  1. Correct typos and formating.

    tsitkova authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25594 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Dec 18, 2011
  1. Add missing enclosing ifdef

    authored
Commits on Dec 17, 2011
  1. Create KrbLDAP defines.

    authored
  2. Fix make depend in unbuilt build tree

    ghudson authored
    Add dependency rules so that "make depend" succeeds from a fresh build
    tree.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25593 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 7054

    ghudson authored
    Avoid using itertools.permutations in k5test
    
    k5test is only supposed to require Python 2.4, but cross_realms uses
    itertools.permutations which is new in 2.6.  Use a list display
    instead.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25592 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Dec 16, 2011
  1. ticket: 6936

    ghudson authored
    target_version: 1.10
    tags: pullup
    
    Do mech fallback for first SPNEGO context token
    
    When producing the first SPNEGO security context token, if the first
    mechanism's init_sec_context fails, fall back to a later mechanism.
    
    This fixes a regression in 1.10 for SPNEGO initiators using non-krb5
    credentials.  The identity selection work causes errors to be deferred
    from krb5's acquire_cred in some cases, which means SPNEGO doesn't see
    an error until it tries the krb5 init_sec_context.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25591 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 7053

    ghudson authored
    subject: Verify acceptor's mech in SPNEGO initiator
    target_version: 1.10
    tags: pullup
    
    In spnego_gss_ctx_id_rec, store the set of negotiable mechanisms as
    well as the currently selected internal_mech, which becomes an alias
    into mech_set.  In init_ctx_reselect, locate the acceptor's counter-
    proposal in sc->mech_set and consider the token defective if it is not
    found.
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25590 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Dec 15, 2011
  1. Formating

    tsitkova authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25589 dc483132-0cff-0310-8789-dd5450dbe970
Something went wrong with that request. Please try again.