As kerberos(8) provides a brief outline of this network authentication
system I would suggest extending SEE ALSO to include a few section 8
commands. I have excluded kadmind(8) and kpasswdd(8) as these servers
can be easily reachable from kadmin(8) and kpasswd(8) manual pages
respectively.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
There is no fchmod() implementation on Windows. For now prevent its
use on Windows with #ifndef _WIN32 but in the future set_default_cache()
should be updated to set ownership permissions for the cache file.
Change-Id: I57214dfecbd25d7b337a568fa5e522c0a22dbb76
If the registry type is NONE and the string is all numeric or
if the type is DWORD, the string is converted to a DWORD and then
stored into the registry as a REG_DWORD using RegSetValueEx().
The input parameter should be a pointer to the DWORD variable not
its value.
Change-Id: I9ff12121c6c17eb5afb2ea89adf8bb9cc6aa3a89
- KRB5_PRINCIPAL_PARSE_IGNORE_REALM: MIT compatible
- KRB5_PRINCIPAL_PARSE_NO_DEF_REALM: Don't default the realm
The first ignores the realm if present.
The second does not impute the default realm if no realm is given and
leaves the realm NULL. This will be used in kinit to determine whether
the user provided a realm or not, and if not we may use the user_realm,
or find the realm via the keytab.
Set the realm argument to NULL to get the usual default realm.
The krb5_parse_name_flags() function is now a wrapper around
krb5_parse_name_flags_realm().
Also, we were stopping as soon as one registered plugin returned
something other than KRB5_PLUGIN_NO_HANDLE, but we weren't doing the
same for discovered plugins. Add KRB5_PLUGIN_INVOKE_ALL flag to deal
with this; by default we'll stop at the first plugin that returns
anything other than KRB5_PLUGIN_NO_HANDLE.
Other buglets fixed as in c1423a8.
o implement add1() using 32 bit ints, this makes _krb5_n_fold()
about 5% faster on an amd64 platform. 64 bit ints yield a
further improvement but we would need to test the platform
to see if they are natively supported. This should yield
better performance improvements on big endian machines as
we have to byte swap on little endian boxen.
o fix two cases where a malloc(3)d pointer may be dereferenced
before we test that it is not NULL.
All in lib/krb5/n-fold.c:
1. eliminate malloc/free from rr13() because it is always a
buffer of the same size called in a tight loop.
2. eliminate memcpy(3) from rr13() by bouncing back and forth
between two buffers buf1, buf2 instead of performing the
calculation into a tmp buffer and memcpy(3)ing the result
back into buf.
3. eliminate code cases from rr13() that I can visually determine
will never occur but I'm guessing that the compiler can't, i.e.
i. now that we're no longer using malloc(3), rr13()
cannot fail, so make it void and avoid the if in
the calling routine checking its error code. In
case you ask, yes, this made the tests run a little
faster,
ii. rr13() has code for being passed a number of bits
not divisble by 8 but _krb5_n_fold() only passes
an int * 8. So, we eliminate this conditional and
the associated code.
4. we make rr13() take 2 destination buffers and copy the results
into both of them, we use this to eliminate another memcpy(3)
from the calling routine. This appears to make it a bit faster
as well.
