The 64-bit integer support changed the logic for deciding when an
INTEGER should map to a signed or unsigned 32- or 64-bit integer
type. The upshot is that two places where we had {0, INT_MAX}
ranges needed to be changed to be {0, UINT_MAX}.
We need to tweak the integer type mapping logic to have a bias for
unsigned integer types. Unsigned is better.
ASN.1 INTEGERs will now compile to C int64_t or uint64_t, depending
on whether the constraint ranges include numbers that cannot be
represented in 32-bit ints and whether they include negative
numbers.
Template backend support included. check-template is now built with
--template, so we know we're testing it.
Tests included.
Included is a default plugin that searches a sorted text file where
every line is of the form:
<unparsed-principal>[<whitespace><username>]
If the username is missing in a matching line then an error is
returned. If a matching line is not found then the next plugin will
be allowed to run, if any.
We enable kadm5_chpass_principal_3() in the server side of the
library. The client kadm5 library calls will still return the
error KAMD5_KS_TUPLE_NO_SUPP.
Signed-off-by: Nicolas Williams <nico@cryptonector.com>
The code was generating a char ** of string representations of the
ks_tuple() array but it was not using it. We modify the code to:
1. extend the array returned by ks_tuple2str() to include
enough space for the trailing NULL and ensure that there
is a NULL at the end,
2. not free the array before exiting ks_tuple2str() as we
intend to use it in the caller,
3. re-organise the pointers in hdb_generate_key_set() to
make it more clear how we are to free things that have
been allocated.
4. free the char ** given us by ks_tuple2str() if it has
been allocated.
Signed-off-by: Nicolas Williams <nico@cryptonector.com>
Different ticket session key enctype selection options should
distinguish between target principal type (krbtgt vs. not), not
between KDC request types.
