|
|
|
@ -1,519 +0,0 @@
|
|
|
|
|
Index: doc/admin.texinfo
|
|
|
|
|
===================================================================
|
|
|
|
|
--- doc/admin.texinfo.orig
|
|
|
|
|
+++ doc/admin.texinfo
|
|
|
|
|
@@ -516,13 +516,6 @@ DCE do not support the default cache as
|
|
|
|
|
Kerberos. Use a value of 1 on DCE 1.0.3a systems, and a value of 2 on
|
|
|
|
|
DCE 1.1 systems. The default value is @value{DefaultCcacheType}.
|
|
|
|
|
|
|
|
|
|
-@ignore
|
|
|
|
|
-@itemx tkt_lifetime
|
|
|
|
|
-The default lifetime of a ticket. The default is
|
|
|
|
|
-@value{DefaultTktLifetime}. This is currently not supported by the
|
|
|
|
|
-code.
|
|
|
|
|
-@end ignore
|
|
|
|
|
-
|
|
|
|
|
@itemx dns_lookup_kdc
|
|
|
|
|
Indicate whether DNS SRV records should be used to locate the KDCs and
|
|
|
|
|
other servers for a realm, if they are not listed in the information for
|
|
|
|
|
@@ -583,6 +576,11 @@ If this flag is set, then an attempt to
|
|
|
|
|
fail if the client machine does not have a keytab. The default for the
|
|
|
|
|
flag is @value{DefaultVerifyApReqNofail}.
|
|
|
|
|
|
|
|
|
|
+@itemx ticket_lifetime
|
|
|
|
|
+The value of this tag is the default lifetime for
|
|
|
|
|
+initial tickets. The default value for the tag is
|
|
|
|
|
+@value{DefaultTktLifetime}.
|
|
|
|
|
+
|
|
|
|
|
@itemx renew_lifetime
|
|
|
|
|
The value of this tag is the default renewable lifetime for
|
|
|
|
|
initial tickets. The default value for the tag is
|
|
|
|
|
Index: src/include/krb5/krb5.hin
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/include/krb5/krb5.hin.orig
|
|
|
|
|
+++ src/include/krb5/krb5.hin
|
|
|
|
|
@@ -1066,7 +1066,7 @@ krb5_verify_checksum(krb5_context contex
|
|
|
|
|
#define KRB5_AUTHDATA_SESAME 65
|
|
|
|
|
#define KRB5_AUTHDATA_WIN2K_PAC 128
|
|
|
|
|
#define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129 /* RFC 4537 */
|
|
|
|
|
-#define KRB5_AUTHDATA_SIGNTICKET 142
|
|
|
|
|
+#define KRB5_AUTHDATA_SIGNTICKET 512 /* formerly 142 in krb5 1.8 */
|
|
|
|
|
#define KRB5_AUTHDATA_FX_ARMOR 71
|
|
|
|
|
/* password change constants */
|
|
|
|
|
|
|
|
|
|
@@ -1184,6 +1184,19 @@ typedef struct _krb5_pa_data {
|
|
|
|
|
krb5_octet *contents;
|
|
|
|
|
} krb5_pa_data;
|
|
|
|
|
|
|
|
|
|
+/* typed data */
|
|
|
|
|
+/*
|
|
|
|
|
+ * The FAST error handling logic currently assumes that this structure and
|
|
|
|
|
+ * krb5_pa_data * can be safely cast to each other if this structure changes,
|
|
|
|
|
+ * that code needs to be updated to copy.
|
|
|
|
|
+ */
|
|
|
|
|
+typedef struct _krb5_typed_data {
|
|
|
|
|
+ krb5_magic magic;
|
|
|
|
|
+ krb5_int32 type;
|
|
|
|
|
+ unsigned int length;
|
|
|
|
|
+ krb5_octet *data;
|
|
|
|
|
+} krb5_typed_data;
|
|
|
|
|
+
|
|
|
|
|
typedef struct _krb5_kdc_req {
|
|
|
|
|
krb5_magic magic;
|
|
|
|
|
krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */
|
|
|
|
|
Index: src/include/k5-int-pkinit.h
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/include/k5-int-pkinit.h.orig
|
|
|
|
|
+++ src/include/k5-int-pkinit.h
|
|
|
|
|
@@ -101,17 +101,6 @@ typedef struct _krb5_trusted_ca {
|
|
|
|
|
} u;
|
|
|
|
|
} krb5_trusted_ca;
|
|
|
|
|
|
|
|
|
|
-/* typed data */
|
|
|
|
|
-/* The FAST error handling logic currently assumes that this structure and krb5_pa_data * can be safely cast to each other
|
|
|
|
|
- * if this structure changes, that code needs to be updated to copy.
|
|
|
|
|
- */
|
|
|
|
|
-typedef struct _krb5_typed_data {
|
|
|
|
|
- krb5_magic magic;
|
|
|
|
|
- krb5_int32 type;
|
|
|
|
|
- unsigned int length;
|
|
|
|
|
- krb5_octet *data;
|
|
|
|
|
-} krb5_typed_data;
|
|
|
|
|
-
|
|
|
|
|
/* PA-PK-AS-REQ (Draft 9 -- PA TYPE 14) */
|
|
|
|
|
typedef struct _krb5_pa_pk_as_req_draft9 {
|
|
|
|
|
krb5_octet_data signedAuthPack;
|
|
|
|
|
Index: src/kdc/kdc_authdata.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/kdc/kdc_authdata.c.orig
|
|
|
|
|
+++ src/kdc/kdc_authdata.c
|
|
|
|
|
@@ -934,8 +934,12 @@ verify_ad_signedpath(krb5_context contex
|
|
|
|
|
enc_sp.length = sp_authdata[0]->length;
|
|
|
|
|
|
|
|
|
|
code = decode_krb5_ad_signedpath(&enc_sp, &sp);
|
|
|
|
|
- if (code != 0)
|
|
|
|
|
+ if (code != 0) {
|
|
|
|
|
+ /* Treat an invalid signedpath authdata element as a missing one, since
|
|
|
|
|
+ * we believe MS is using the same number for something else. */
|
|
|
|
|
+ code = 0;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
|
|
code = verify_ad_signedpath_checksum(context,
|
|
|
|
|
krbtgt,
|
|
|
|
|
Index: src/kdc/do_tgs_req.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/kdc/do_tgs_req.c.orig
|
|
|
|
|
+++ src/kdc/do_tgs_req.c
|
|
|
|
|
@@ -1215,6 +1215,7 @@ prep_reprocess_req(krb5_kdc_req *request
|
|
|
|
|
strlcpy(comp1_str,comp1->data,comp1->length+1);
|
|
|
|
|
|
|
|
|
|
if ((krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_HST ||
|
|
|
|
|
+ krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_INST ||
|
|
|
|
|
(krb5_princ_type(kdc_context, request->server) == KRB5_NT_UNKNOWN &&
|
|
|
|
|
kdc_active_realm->realm_host_based_services != NULL &&
|
|
|
|
|
(krb5_match_config_pattern(kdc_active_realm->realm_host_based_services,
|
|
|
|
|
Index: src/clients/kpasswd/kpasswd.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/clients/kpasswd/kpasswd.c.orig
|
|
|
|
|
+++ src/clients/kpasswd/kpasswd.c
|
|
|
|
|
@@ -47,7 +47,7 @@ int main(int argc, char *argv[])
|
|
|
|
|
{
|
|
|
|
|
krb5_error_code ret;
|
|
|
|
|
krb5_context context;
|
|
|
|
|
- krb5_principal princ;
|
|
|
|
|
+ krb5_principal princ = NULL;
|
|
|
|
|
char *pname;
|
|
|
|
|
krb5_ccache ccache;
|
|
|
|
|
krb5_get_init_creds_opt *opts = NULL;
|
|
|
|
|
@@ -84,23 +84,27 @@ int main(int argc, char *argv[])
|
|
|
|
|
com_err(argv[0], ret, "parsing client name");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
- } else if ((ret = krb5_cc_default(context, &ccache)) != KRB5_CC_NOTFOUND) {
|
|
|
|
|
- if (ret) {
|
|
|
|
|
+ } else {
|
|
|
|
|
+ ret = krb5_cc_default(context, &ccache);
|
|
|
|
|
+ if (ret != 0) {
|
|
|
|
|
com_err(argv[0], ret, "opening default ccache");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- if ((ret = krb5_cc_get_principal(context, ccache, &princ))) {
|
|
|
|
|
+ ret = krb5_cc_get_principal(context, ccache, &princ);
|
|
|
|
|
+ if (ret != 0 && ret != KRB5_CC_NOTFOUND && ret != KRB5_FCC_NOFILE) {
|
|
|
|
|
com_err(argv[0], ret, "getting principal from ccache");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- if ((ret = krb5_cc_close(context, ccache))) {
|
|
|
|
|
+ ret = krb5_cc_close(context, ccache);
|
|
|
|
|
+ if (ret != 0) {
|
|
|
|
|
com_err(argv[0], ret, "closing ccache");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
- } else {
|
|
|
|
|
- get_name_from_passwd_file(argv[0], context, &princ);
|
|
|
|
|
+
|
|
|
|
|
+ if (princ == NULL)
|
|
|
|
|
+ get_name_from_passwd_file(argv[0], context, &princ);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((ret = krb5_get_init_creds_opt_alloc(context, &opts))) {
|
|
|
|
|
Index: src/config-files/krb5.conf.M
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/config-files/krb5.conf.M.orig
|
|
|
|
|
+++ src/config-files/krb5.conf.M
|
|
|
|
|
@@ -220,6 +220,10 @@ If this flag is set, then an attempt to
|
|
|
|
|
fail if the client machine does not have a keytab. The default for the
|
|
|
|
|
flag is false.
|
|
|
|
|
|
|
|
|
|
+.IP ticket_lifetime
|
|
|
|
|
+The value of this tag is the default lifetime for initial tickets. The
|
|
|
|
|
+default value for the tag is 1 day (1d).
|
|
|
|
|
+
|
|
|
|
|
.IP renew_lifetime
|
|
|
|
|
The value of this tag is the default renewable lifetime for initial
|
|
|
|
|
tickets. The default value for the tag is 0.
|
|
|
|
|
Index: src/lib/gssapi/spnego/spnego_mech.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/lib/gssapi/spnego/spnego_mech.c.orig
|
|
|
|
|
+++ src/lib/gssapi/spnego/spnego_mech.c
|
|
|
|
|
@@ -1687,6 +1687,7 @@ cleanup:
|
|
|
|
|
if (sc->internal_name != GSS_C_NO_NAME &&
|
|
|
|
|
src_name != NULL) {
|
|
|
|
|
*src_name = sc->internal_name;
|
|
|
|
|
+ sc->internal_name = GSS_C_NO_NAME;
|
|
|
|
|
}
|
|
|
|
|
release_spnego_ctx(&sc);
|
|
|
|
|
} else if (ret != GSS_S_CONTINUE_NEEDED) {
|
|
|
|
|
@@ -2572,6 +2573,8 @@ release_spnego_ctx(spnego_gss_ctx_id_t *
|
|
|
|
|
(void) generic_gss_release_oid(&minor_stat,
|
|
|
|
|
&context->internal_mech);
|
|
|
|
|
|
|
|
|
|
+ (void) gss_release_name(&minor_stat, &context->internal_name);
|
|
|
|
|
+
|
|
|
|
|
if (context->optionStr != NULL) {
|
|
|
|
|
free(context->optionStr);
|
|
|
|
|
context->optionStr = NULL;
|
|
|
|
|
Index: src/lib/kadm5/srv/svr_principal.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/lib/kadm5/srv/svr_principal.c.orig
|
|
|
|
|
+++ src/lib/kadm5/srv/svr_principal.c
|
|
|
|
|
@@ -858,8 +858,8 @@ kadm5_get_principal(void *server_handle,
|
|
|
|
|
if (! (mask & KADM5_MOD_TIME))
|
|
|
|
|
entry->mod_date = 0;
|
|
|
|
|
if (! (mask & KADM5_MOD_NAME)) {
|
|
|
|
|
- krb5_free_principal(handle->context, entry->principal);
|
|
|
|
|
- entry->principal = NULL;
|
|
|
|
|
+ krb5_free_principal(handle->context, entry->mod_name);
|
|
|
|
|
+ entry->mod_name = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -871,10 +871,12 @@ kadm5_get_principal(void *server_handle,
|
|
|
|
|
if (kdb.key_data[i].key_data_kvno > entry->kvno)
|
|
|
|
|
entry->kvno = kdb.key_data[i].key_data_kvno;
|
|
|
|
|
|
|
|
|
|
- ret = krb5_dbe_get_mkvno(handle->context, &kdb, master_keylist,
|
|
|
|
|
- &entry->mkvno);
|
|
|
|
|
- if (ret)
|
|
|
|
|
- goto done;
|
|
|
|
|
+ if (mask & KADM5_MKVNO) {
|
|
|
|
|
+ ret = krb5_dbe_get_mkvno(handle->context, &kdb, master_keylist,
|
|
|
|
|
+ &entry->mkvno);
|
|
|
|
|
+ if (ret)
|
|
|
|
|
+ goto done;
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
|
|
if (mask & KADM5_MAX_RLIFE)
|
|
|
|
|
entry->max_renewable_life = kdb.max_renewable_life;
|
|
|
|
|
Index: src/lib/krb5/os/changepw.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/lib/krb5/os/changepw.c.orig
|
|
|
|
|
+++ src/lib/krb5/os/changepw.c
|
|
|
|
|
@@ -65,20 +65,23 @@ locate_kpasswd(krb5_context context, con
|
|
|
|
|
int sockType = (useTcp ? SOCK_STREAM : SOCK_DGRAM);
|
|
|
|
|
|
|
|
|
|
code = krb5int_locate_server (context, realm, addrlist,
|
|
|
|
|
- locate_service_kpasswd, sockType, AF_INET);
|
|
|
|
|
+ locate_service_kpasswd, sockType, AF_UNSPEC);
|
|
|
|
|
|
|
|
|
|
if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) {
|
|
|
|
|
code = krb5int_locate_server (context, realm, addrlist,
|
|
|
|
|
locate_service_kadmin, SOCK_STREAM,
|
|
|
|
|
- AF_INET);
|
|
|
|
|
+ AF_UNSPEC);
|
|
|
|
|
if (!code) {
|
|
|
|
|
/* Success with admin_server but now we need to change the
|
|
|
|
|
port number to use DEFAULT_KPASSWD_PORT and the socktype. */
|
|
|
|
|
size_t i;
|
|
|
|
|
for (i=0; i<addrlist->naddrs; i++) {
|
|
|
|
|
struct addrinfo *a = addrlist->addrs[i].ai;
|
|
|
|
|
+ krb5_ui_2 kpasswd_port = htons(DEFAULT_KPASSWD_PORT);
|
|
|
|
|
if (a->ai_family == AF_INET)
|
|
|
|
|
- sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT);
|
|
|
|
|
+ sa2sin (a->ai_addr)->sin_port = kpasswd_port;
|
|
|
|
|
+ if (a->ai_family == AF_INET6)
|
|
|
|
|
+ sa2sin6 (a->ai_addr)->sin6_port = kpasswd_port;
|
|
|
|
|
if (sockType != SOCK_STREAM)
|
|
|
|
|
a->ai_socktype = sockType;
|
|
|
|
|
}
|
|
|
|
|
@@ -131,10 +134,16 @@ kpasswd_sendto_msg_callback(struct conn_
|
|
|
|
|
/* some brain-dead OS's don't return useful information from
|
|
|
|
|
* the getsockname call. Namely, windows and solaris. */
|
|
|
|
|
|
|
|
|
|
- if (ss2sin(&local_addr)->sin_addr.s_addr != 0) {
|
|
|
|
|
+ if (local_addr.ss_family == AF_INET &&
|
|
|
|
|
+ ss2sin(&local_addr)->sin_addr.s_addr != 0) {
|
|
|
|
|
local_kaddr.addrtype = ADDRTYPE_INET;
|
|
|
|
|
local_kaddr.length = sizeof(ss2sin(&local_addr)->sin_addr);
|
|
|
|
|
local_kaddr.contents = (krb5_octet *) &ss2sin(&local_addr)->sin_addr;
|
|
|
|
|
+ } else if (local_addr.ss_family == AF_INET6 &&
|
|
|
|
|
+ ss2sin6(&local_addr)->sin6_addr.s6_addr != 0) {
|
|
|
|
|
+ local_kaddr.addrtype = ADDRTYPE_INET6;
|
|
|
|
|
+ local_kaddr.length = sizeof(ss2sin6(&local_addr)->sin6_addr);
|
|
|
|
|
+ local_kaddr.contents = (krb5_octet *) &ss2sin6(&local_addr)->sin6_addr;
|
|
|
|
|
} else {
|
|
|
|
|
krb5_address **addrs;
|
|
|
|
|
|
|
|
|
|
@@ -290,9 +299,19 @@ change_set_password(krb5_context context
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- remote_kaddr.addrtype = ADDRTYPE_INET;
|
|
|
|
|
- remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
|
|
|
|
|
- remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr;
|
|
|
|
|
+ if (remote_addr.ss_family == AF_INET) {
|
|
|
|
|
+ remote_kaddr.addrtype = ADDRTYPE_INET;
|
|
|
|
|
+ remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
|
|
|
|
|
+ remote_kaddr.contents =
|
|
|
|
|
+ (krb5_octet *) &ss2sin(&remote_addr)->sin_addr;
|
|
|
|
|
+ } else if (remote_addr.ss_family == AF_INET6) {
|
|
|
|
|
+ remote_kaddr.addrtype = ADDRTYPE_INET6;
|
|
|
|
|
+ remote_kaddr.length = sizeof(ss2sin6(&remote_addr)->sin6_addr);
|
|
|
|
|
+ remote_kaddr.contents =
|
|
|
|
|
+ (krb5_octet *) &ss2sin6(&remote_addr)->sin6_addr;
|
|
|
|
|
+ } else {
|
|
|
|
|
+ break;
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
|
|
if ((code = krb5_auth_con_setaddrs(callback_ctx.context,
|
|
|
|
|
callback_ctx.auth_context,
|
|
|
|
|
Index: src/lib/krb5/krb/gic_pwd.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/lib/krb5/krb/gic_pwd.c.orig
|
|
|
|
|
+++ src/lib/krb5/krb/gic_pwd.c
|
|
|
|
|
@@ -218,7 +218,7 @@ krb5_get_init_creds_password(krb5_contex
|
|
|
|
|
* to prompt. Prompting is only disabled if the option has been set
|
|
|
|
|
* and the value has been set to false.
|
|
|
|
|
*/
|
|
|
|
|
- if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
|
|
|
|
|
+ if (options && !(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
|
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
|
|
/* ok, we have an expired password. Give the user a few chances
|
|
|
|
|
Index: src/lib/gssapi/krb5/import_sec_context.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/lib/gssapi/krb5/import_sec_context.c (Revision 23830)
|
|
|
|
|
+++ src/lib/gssapi/krb5/import_sec_context.c (Arbeitskopie)
|
|
|
|
|
@@ -106,12 +106,13 @@
|
|
|
|
|
ibp = (krb5_octet *) interprocess_token->value;
|
|
|
|
|
blen = (size_t) interprocess_token->length;
|
|
|
|
|
kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp, &blen);
|
|
|
|
|
- krb5_free_context(context);
|
|
|
|
|
if (kret) {
|
|
|
|
|
*minor_status = (OM_uint32) kret;
|
|
|
|
|
save_error_info(*minor_status, context);
|
|
|
|
|
+ krb5_free_context(context);
|
|
|
|
|
return(GSS_S_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
+ krb5_free_context(context);
|
|
|
|
|
|
|
|
|
|
/* intern the context handle */
|
|
|
|
|
if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) {
|
|
|
|
|
Index: src/lib/gssapi/mechglue/deps
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/lib/gssapi/mechglue/deps (Revision 23830)
|
|
|
|
|
+++ src/lib/gssapi/mechglue/deps (Arbeitskopie)
|
|
|
|
|
@@ -358,6 +358,14 @@
|
|
|
|
|
$(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
|
|
|
|
|
../generic/gssapi_err_generic.h g_set_name_attr.c mechglue.h \
|
|
|
|
|
mglueP.h
|
|
|
|
|
+g_set_neg_mechs.so g_set_neg_mechs.po $(OUTPRE)g_set_neg_mechs.$(OBJEXT): \
|
|
|
|
|
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
|
|
|
|
|
+ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
|
|
|
|
|
+ $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
|
|
|
|
|
+ $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
|
|
|
|
|
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
|
|
|
|
|
+ ../generic/gssapi_err_generic.h g_set_neg_mechs.c mechglue.h \
|
|
|
|
|
+ mglueP.h
|
|
|
|
|
g_sign.so g_sign.po $(OUTPRE)g_sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
|
|
|
|
|
$(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
|
|
|
|
|
$(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
|
|
|
|
|
Index: src/lib/krb5/krb/get_in_tkt.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/lib/krb5/krb/get_in_tkt.c (Revision 23830)
|
|
|
|
|
+++ src/lib/krb5/krb/get_in_tkt.c (Arbeitskopie)
|
|
|
|
|
@@ -1083,7 +1083,7 @@
|
|
|
|
|
&flags);
|
|
|
|
|
if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !tcp_only)
|
|
|
|
|
tcp_only = 1;
|
|
|
|
|
- else if (code != 0 || (flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE))
|
|
|
|
|
+ else if (code != 0 || (flags & 1) == 0)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
krb5_free_data_contents(context, &reply);
|
|
|
|
|
@@ -2065,7 +2065,7 @@
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- *flags = (ctx->flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE);
|
|
|
|
|
+ *flags = (ctx->flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE) ? 0 : 1;
|
|
|
|
|
|
|
|
|
|
return code;
|
|
|
|
|
}
|
|
|
|
|
Index: src/lib/krb5/krb/deps
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/lib/krb5/krb/deps (Revision 23830)
|
|
|
|
|
+++ src/lib/krb5/krb/deps (Arbeitskopie)
|
|
|
|
|
@@ -63,45 +63,10 @@
|
|
|
|
|
$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
|
|
|
|
|
$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
|
|
|
|
|
$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
|
|
|
|
|
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
|
|
|
|
|
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
|
|
|
|
|
- $(top_srcdir)/include/socket-utils.h auth_con.h authdata.c \
|
|
|
|
|
- authdata.h int-proto.h
|
|
|
|
|
-authdata_exp.so authdata_exp.po $(OUTPRE)authdata_exp.$(OBJEXT): \
|
|
|
|
|
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
|
|
|
|
|
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
|
|
|
|
|
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
|
|
|
|
|
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
|
|
|
|
|
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
|
|
|
|
|
- $(top_srcdir)/include/socket-utils.h auth_con.h authdata.h \
|
|
|
|
|
- authdata_exp.c int-proto.h
|
|
|
|
|
-authdata_enc.so authdata_enc.po $(OUTPRE)authdata_enc.$(OBJEXT): \
|
|
|
|
|
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
|
|
|
|
|
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
|
|
|
|
|
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
|
|
|
|
|
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
|
|
|
|
|
$(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
|
|
|
|
|
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
|
|
|
|
|
- authdata_enc.c
|
|
|
|
|
-authdata_dec.so authdata_dec.po $(OUTPRE)authdata_dec.$(OBJEXT): \
|
|
|
|
|
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
|
|
|
|
|
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
|
|
|
|
|
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
|
|
|
|
|
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
|
|
|
|
|
- $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
|
|
|
|
|
- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
|
|
|
|
|
- authdata_dec.c int-proto.h
|
|
|
|
|
+ auth_con.h authdata.c authdata.h int-proto.h
|
|
|
|
|
bld_pr_ext.so bld_pr_ext.po $(OUTPRE)bld_pr_ext.$(OBJEXT): \
|
|
|
|
|
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
|
|
|
|
|
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
|
|
|
|
|
@@ -190,7 +155,7 @@
|
|
|
|
|
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
|
|
|
|
|
$(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
|
|
|
|
|
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
|
|
|
|
|
- copy_auth.c int-proto.h
|
|
|
|
|
+ copy_auth.c
|
|
|
|
|
copy_athctr.so copy_athctr.po $(OUTPRE)copy_athctr.$(OBJEXT): \
|
|
|
|
|
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
|
|
|
|
|
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
|
|
|
|
|
@@ -201,7 +166,7 @@
|
|
|
|
|
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
|
|
|
|
|
$(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
|
|
|
|
|
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
|
|
|
|
|
- auth_con.h copy_athctr.c
|
|
|
|
|
+ copy_athctr.c
|
|
|
|
|
copy_cksum.so copy_cksum.po $(OUTPRE)copy_cksum.$(OBJEXT): \
|
|
|
|
|
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
|
|
|
|
|
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
|
|
|
|
|
@@ -669,17 +634,6 @@
|
|
|
|
|
$(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
|
|
|
|
|
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
|
|
|
|
|
authdata.h pac.c
|
|
|
|
|
-pac_sign.so pac_sign.po $(OUTPRE)pac_sign.$(OBJEXT): \
|
|
|
|
|
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
|
|
|
|
|
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
|
|
|
|
|
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
|
|
|
|
|
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
|
|
|
|
|
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
|
|
|
|
|
- $(top_srcdir)/include/socket-utils.h authdata.h pac_sign.c
|
|
|
|
|
parse.so parse.po $(OUTPRE)parse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
|
|
|
|
|
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
|
|
|
|
|
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
|
|
|
|
|
@@ -722,17 +676,6 @@
|
|
|
|
|
$(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
|
|
|
|
|
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
|
|
|
|
|
fast.h int-proto.h preauth2.c
|
|
|
|
|
-gic_opt_set_pa.so gic_opt_set_pa.po $(OUTPRE)gic_opt_set_pa.$(OBJEXT): \
|
|
|
|
|
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
|
|
|
|
|
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
|
|
|
|
|
- $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
|
|
|
|
|
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
|
|
|
|
|
- $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
|
|
|
|
|
- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
|
|
|
|
|
- gic_opt_set_pa.c int-proto.h
|
|
|
|
|
princ_comp.so princ_comp.po $(OUTPRE)princ_comp.$(OBJEXT): \
|
|
|
|
|
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
|
|
|
|
|
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
|
|
|
|
|
@@ -805,11 +748,10 @@
|
|
|
|
|
$(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
|
|
|
|
|
$(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
|
|
|
|
|
$(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
|
|
|
|
|
- $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
|
|
|
|
|
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
|
|
|
|
|
- $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
|
|
|
|
|
- $(top_srcdir)/include/socket-utils.h auth_con.h authdata.h \
|
|
|
|
|
- int-proto.h rd_req_dec.c
|
|
|
|
|
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
|
|
|
|
|
+ $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
|
|
|
|
|
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
|
|
|
|
|
+ auth_con.h authdata.h int-proto.h rd_req_dec.c
|
|
|
|
|
rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
|
|
|
|
|
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
|
|
|
|
|
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
|
|
|
|
|
@@ -1038,7 +980,7 @@
|
|
|
|
|
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
|
|
|
|
|
$(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
|
|
|
|
|
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
|
|
|
|
|
- int-proto.h valid_times.c
|
|
|
|
|
+ valid_times.c
|
|
|
|
|
vfy_increds.so vfy_increds.po $(OUTPRE)vfy_increds.$(OBJEXT): \
|
|
|
|
|
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
|
|
|
|
|
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
|
|
|
|
|
Index: src/util/ss/deps
|
|
|
|
|
===================================================================
|
|
|
|
|
--- src/util/ss/deps (Revision 23830)
|
|
|
|
|
+++ src/util/ss/deps (Arbeitskopie)
|
|
|
|
|
@@ -63,7 +63,7 @@
|
|
|
|
|
ss_internal.h utils.c
|
|
|
|
|
options.so options.po $(OUTPRE)options.$(OBJEXT): $(BUILDTOP)/include/ss/ss_err.h \
|
|
|
|
|
$(COM_ERR_DEPS) copyright.h options.c ss.h
|
|
|
|
|
-cmd_tbl.lex.o: cmd_tbl.lex.c
|
|
|
|
|
+cmd_tbl.lex.o: cmd_tbl.lex.c ct.tab.h
|
|
|
|
|
ct.tab.o: $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) \
|
|
|
|
|
ct.tab.c ss.h
|
|
|
|
|
ss_err.so ss_err.po $(OUTPRE)ss_err.$(OBJEXT): $(COM_ERR_DEPS) \
|
|
|
|
|
|