The application manifests for Heimdal can't be built until the
libraries are built. Since tools depend on application manifests, we
need to build them separately.
During a test run, cross check the Windows exports list against the
version-script files. For the test to pass, all symbols on either
list should be accounted for.
If there are symbols that are specific to Windows or symbols that are
not included on Windows, they should be annotated in the .def file as
follows:
;! non_windows_symbol
common_symbol
windows_only_symbol ;!
Once DLLs and EXEs are built, they need to have their manifests
processed and signed. These steps are encapsulated in the EXEPREP and
DLLPREP Makefile macros. Use them instead of invoking each processing
macro individually.
The output from this print is considered an error message which makes
kpasswdd reject a password even though "APPROVED" is printed afterwards.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Kpasswdd supplies the principal name as an argument to the external
script which makes <> try to read from a file with that name.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
When kadm5_add_passwd_quality_verifier is called with a NULL
check_library parameter and [password_quality].policy_libraries
is set, the function calls add_verifier() for each string in the
policy_libraries section and then falls through to the non-NULL
case and calls add_verifier() a final time with a NULL argument.
This leads to dlopening the running executable and then failing
since it contains no password quality verifier.
If the check_library argument is NULL, only call add_verifier()
for the configured policy_libraries and do not fall through to
the non-NULL case.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Be clearer in the info documentation that the part of the policy
name before the colon is the name of the module, not the static
string "module". State explicitly that "builtin" can be used as the
module name to identify built-in policies.
Use the same terminology in kadm5_pwcheck(3) as the info documentation,
changing test-name to policy-name and vendor to module-name. State
explicitly how the module name and policy name are used to select which
policies to run.
Rephrase a few sentences, add a paragraph break, and fix a few typos
for clarity.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Pass the path to the external password quality program as the first
argument to the program and the principal as the second argument, as is
conventional, rather than passing only the principal.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
* h-github/master: (64 commits)
refix socket wrappers with rk_
Patch from Secure Endpoints/Asanka Herath for windows support
unset KRB5CCNAME
its really just LIBADD more most of them
correct quoting
Use -lpthread for modern freebsd instead
clean KRB5CCNAME and KRB5_CONFIG, require test to reset them
more up ${env_setup}
use PTHREADS_LIBADD for freebsd6 and newer
add PTHREAD_LIBADD
add PTHREAD_LIBADD
add PTHREAD_LIBADD
switch to PTHREADS_LIBADD
log what the error string say too
More debug logging
sprinkle more 'echo "test failed"'
sprinkle 'echo "test failed"'
use calloc(), indent more prettier
in sh, equal compare is really = for strings, not ==
Check for duplicates, already loaded mechs
...
Conflicts (resolved):
lib/krb5/auth_context.c
lib/krb5/changepw.c
lib/krb5/context.c
lib/krb5/error_string.c
lib/krb5/kuserok.c
lib/krb5/libkrb5-exports.def.in
lib/krb5/net_write.c
lib/krb5/store_fd.c
lib/krb5/test_cc.c
lib/roken/strerror_r.c
Johan Gadsjö did a awesome analysis of the LDAP access pattens
and sent us a patch that reduced the calls the ldap server by 4
times as many. The patch was adopted and change to avoid compile
time depencies and make the determination runtime instead. Thanks!
Love Hornquist Astrand