From: no author Date: Thu, 27 Jan 2005 21:58:08 +0000 (+0000) Subject: This commit was manufactured by cvs2svn to create tag X-Git-Tag: krb5-1.4-final X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=d4a5e49795d7344cf154d7c8b86994b8c2f14e4b;p=krb5.git This commit was manufactured by cvs2svn to create tag 'krb5-1-4-final'. git-svn-id: svn://anonsvn.mit.edu/krb5/tags/krb5-1-4-final@17071 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/README b/README index 2bfe2473c..436ab4cff 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ - Kerberos Version 5, Release 1.3.5 + Kerberos Version 5, Release 1.4 Release Notes The MIT Kerberos Team @@ -6,21 +6,16 @@ Unpacking the Source Distribution --------------------------------- -The source distribution of Kerberos 5 comes in a gzipped tarfile, -krb5-1.3.5.tar.gz. Instructions on how to extract the entire -distribution follow. +The source distribution of Kerberos 5 comes in a tarfile, +krb5-1.4-signed.tar. The tarfile contains a gzipped tarfile, +krb5-1.4.tar.gz, and its corresponding PGP signature, +krb5-1.4.tar.gz.asc. -If you have the GNU tar program and gzip installed, you can simply do: +You will need the GNU gzip program, and preferably, the GNU tar +program, to extract the source distribution. - gtar zxpf krb5-1.3.5.tar.gz - -If you don't have GNU tar, you will need to get the FSF gzip -distribution and use gzcat: - - gzcat krb5-1.3.5.tar.gz | tar xpf - - -Both of these methods will extract the sources into krb5-1.3.5/src and -the documentation into krb5-1.3.5/doc. +The distribution will extract into a subdirectory "krb5-1.4" of the +current directory. Building and Installing Kerberos 5 ---------------------------------- @@ -59,940 +54,362 @@ http://krbdev.mit.edu/rt/ and logging in as "guest" with password "guest". -Major changes in 1.3.5 ----------------------- - -* [2682] Fix ftpd hang caused by empty PASS command. - -* [2686] Fix double-free errors. [MITKRB5-SA-2004-002] - -* [2687] Fix denial-of-service vulnerability in ASN.1 - decoder. [MITKRB5-SA-2004-003] - -Minor changes in 1.3.5 ----------------------- - -* [2016] Fix build problem in fake-addrinfo.h by including stdio.h so - that sprintf() gets prototyped where needed on some platforms. - -* [2353] Add missing prototype for gss_krb5int_unseal_token_v3(). - -* [2607] Fix enctype filtering and some memory leaks in MSLSA ccache. - -* [2608] Remove incorrect localization in MSLSA ccache which was - resulting in crashes. - -* [2619] Update MSLSA ccache to support new LSA flag. - -* [2623] Update MSLSA ccache to reflect differences in registry layout - between Windows client and server OSes. - -* [2624] Do not ignore the cache when obtaining TGTs from the MSLSA if - the requested enctype is the NULL enctype. - -* [2626] Add Terminal Server compatibility for KfW. - -* [2627] Fix cc_mslsa thread safety. - -* [2634] Remove the caching of the ccache principal name from - krb5_context. - -* [2643] Fix another problem with krb4 ticket backdating. - -* [2675] Add new WiX-based MSI installer for KfW. - -* [2677] Add "-c ccache" option to kvno; use consistent memory - management to avoid crashes on Windows. - -* [2689] Misc MSLSA ccache fixes. - -* [2691] Improve documentation of ANSI C requirement. - -Major changes in 1.3.4 ----------------------- - -* [2024, 2583, 2584] Fixed buffer overflows in - krb5_aname_to_localname(). [MITKRB-SA-2004-001] - -Minor changes in 1.3.4 ----------------------- - -* [957] The auth_to_local rules now allow for the client realm to be - examined. - -* [2527, 2528, 2531] Keytab file names lacking a "FILE:" prefix now work - under Windows. - -* [2533] Updated installer scripts for Windows. - -* [2534] Fixed memory leak for when an incorrect password is input to - krb5_get_init_creds_password(). - -* [2535] Added missing newline to dnssrv.c. - -* [2551, 2564] Use compile-time checks to determine endianness. - -* [2558] krb5_send_tgs() now correctly sets message_type after - receiving a KRB_ERROR message. - -* [2561, 2574] Fixed memory allocation errors in the MSLSA ccache. - -* [2562] The Windows installer works around cases where DLLs cannot be - unloaded. - -* [2585] Documentation correctly describes AES support in GSSAPI. - -Major changes in 1.3.3 ----------------------- - -* [2284] Fixed accept_sec_context to use a replay cache in the - GSS_C_NO_CREDENTIAL case. Reported by Cesar Garcia. - -* [2426] Fixed a spurious SIGPIPE that happened in the TCP sendto_kdc - code on AIX. Thanks to Bill Dodd. - -* [2430] Fixed a crash in the MSLSA ccache. - -* [2453] The AES string-to-key function no longer returns a pointer to - stack memory when given a password longer than 64 characters. - -Minor changes in 1.3.3 ----------------------- - -* [2277] In sendto_kdc, a socket leak on connection failure was fixed. - Thanks to Bill Dodd. - -* [2384] A memory leak in the TCP handling code in the KDC has been - fixed. Thanks to Will Fiveash. - -* [2521] The Windows NSIS installer scripts are in the source tree. - -* [2522] The MSLSA ccache now supports Windows 9x. - -Major changes in 1.3.2 ----------------------- - -* [2040, 1471, 2067, 2077, 2079, 2166, 2167, 2220, 2266] Support for - AES in GSSAPI has been implemented. This corresponds to the - in-progress work in the IETF (CFX). - -* [2049, 2139, 2148, 2153, 2182, 2183, 2184, 2190, 2202] Added a new - ccache type "MSLSA:" for read-only access to the MS Windows LSA - cache. - -* [982] On windows, krb5.exe now has a checkbox to request addressless - tickets. - -* [2189, 2234] To avoid compatibility problems, unrecognized TGS - options will now be ignored. Thanks to Wyllys Ingersoll for finding - a problem with a previous fix. - -* [2218] 128-bit AES has been added to the default enctypes. - -* [2223, 2229] AES cryptosystem now chains IVs. This WILL break - backwards compatibility for the kcmd applications, if they are using - AES session keys. Thanks to Wyllys Ingersoll for finding a problem - with a previous fix. - -Minor changes in 1.3.2 ----------------------- - -* [1437] Applied patch from Stephen Grau so kinit returns non-zero - status under certain failure conditions where it had previously - returned zero. - -* [1586] On Windows, the krb4 CREDENTIALS structure has been changed - to align with KfW's version of the structure. +Important notice regarding Kerberos 4 support +--------------------------------------------- + +In the past few years, several developments have shown the inadequacy +of the security of version 4 of the Kerberos protocol. These +developments have led the MIT Kerberos Team to begin the process of +ending support for version 4 of the Kerberos protocol. The plan +involves the eventual removal of Kerberos 4 support from the MIT +implementation of Kerberos. + +The Data Encryption Standard (DES) has reached the end of its useful +life. DES is the only encryption algorithm supported by Kerberos 4, +and the increasingly obvious inadequacy of DES motivates the +retirement of the Kerberos 4 protocol. The National Institute of +Standards and Technology (NIST), which had previously certified DES as +a US government encryption standard, has officially announced[1] its +intention to withdraw the specification of DES. -* [1613] Applied patch from Dave Shrimpton to avoid truncation of - dates output from the kadmin CLI when long time zone names are - used. +NIST's action reflects the long-held opinion of the cryptographic +community that DES has too small a key space to be secure. Breaking +DES encryption by an exhaustive search of its key space is within the +means of some individuals, many companies, and all major governments. +Consequently, DES cannot be considered secure for any long-term keys, +particularly the ticket-granting key that is central to Kerberos. -* [1622] krshd no longer calls syslog from inside a signal handler, in - an effort to avoid deadlocks on exit. +Serious protocol flaws[2] have been found in Kerberos 4. These flaws +permit attacks which require far less effort than an exhaustive search +of the DES key space. These flaws make Kerberos 4 cross-realm +authentication an unacceptable security risk and raise serious +questions about the security of the entire Kerberos 4 protocol. -* [1649] A com_err test program compiles properly on Darwin now. +The known insecurity of DES, combined with the recently discovered +protocol flaws, make it extremely inadvisable to rely on the security +of version 4 of the Kerberos protocol. These factors motivate the MIT +Kerberos Team to remove support for Kerberos version 4 from the MIT +implementation of Kerberos. -* [1692] A new configuration file tag "master_kdc" has been added to - allow master KDCs to be designated separately from admin servers. +The process of ending Kerberos 4 support began with release 1.3 of MIT +Kerberos 5. In release 1.3, the KDC support for version 4 of the +Kerberos protocol is disabled by default. Release 1.4 of MIT Kerberos +continues to include Kerberos 4 support (also disabled by default in +the KDC), but we intend to completely remove Kerberos 4 support from +some future release of MIT Kerberos, possibly as early as the 1.5 +release of MIT Kerberos. -* [1702] krb5_get_host_realm() and krb5_free_host_realm() are no - longer marked as KRB5_PRIVATE. +The MIT Kerberos Team has ended active development of Kerberos 4, +except for the eventual removal of all Kerberos 4 functionality. We +will continue to provide critical security fixes for Kerberos 4, but +routine bug fixes and feature enhancements are at an end. -* [1711] Applied patch from Harry McGavran Jr to allow fake-addrinfo.h - to compile on libc5 Linux platforms. +We recommend that any sites which have not already done so begin a +migration to Kerberos 5. Kerberos 5 provides significant advantages +over Kerberos 4, including support for strong encryption, +extensibility, improved cross-vendor interoperability, and ongoing +development and enhancement. -* [1712] Applied patch from Cesar Garcia to fix lifetime computation - in krb524 ticket conversion. +If you have questions or issues regarding migration to Kerberos 5, we +recommend discussing them on the kerberos@mit.edu mailing list. -* [1714] Fixed a 64-bit endianness bug in ticket starttime encoding in - krb524d. Found by Cesar Garcia. + References -* [1715] kadmind4 and v5passwdd are no longer installed on Mac OS X. +[1] National Institute of Standards and Technology. Announcing + Proposed Withdrawal of Federal Information Processing Standard + (FIPS) for the Data Encryption Standard (DES) and Request for + Comments. Federal Register 04-16894, 69 FR 44509-44510, 26 July + 2004. DOCID:fr26jy04-31. -* [1718] The krb4 library configure script now recognizes - OpenDarwin/x86. Bug found by Rob Braun. +[2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of + Unauthenticated Encryption: Kerberos Version 4. In Proceedings of + the Network and Distributed Systems Security Symposium. The + Internet Society, February 2004. + http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -* [1721] krb5_get_init_creds_password() no longer returns a spurious - KRB5_REALM_UNKNOWN if DNS SRV record support is turned off. +---------------------------------------------------------------------- -* [1730] krb_mk_auth() no longer overzealously clears the key - schedule. +Major changes in 1.4 +-------------------- -* [1731] A double-free related to reading forwarded credentials has - been fixed. Found by Joseph Galbraith. +* [841] Merged Athena telnetd changes for creating a new option for + requiring encryption. -* [1770] Applied patch from Maurice Massar to fix a foreachaddr() - problem that was causing the KDC to segfault on startup. +* [1349, 2578, 2601, 2606, 2613, 2743, 2775, 2778, 2877] Add + implementation of the RPCSEC_GSS authentication flavor to the RPC + library. Thanks to Kevin Coffman and the CITI group at the + University of Michigan. -* [1790] The Linux build uses $(CC) to create shared libraries, - avoiding a libgcc problem when building libdb. +* [2061] The kadmind4 backwards-compatibility admin server and the + v5passwdd backwards-compatibility password-changing server have been + removed. -* [1792] The lib/kadm5 unit tests now work around a Solaris 9 - pty-close bug. +* [1303, 2740, 2755, 2781, 2782, 2812, 2858, 2859, 2874, 2875, 2878, + 2879, 2884, 2893] Thread safety for krb5 libraries. -* [1793] The test suite works around some Tru64 and Irix RPATH - issues, which previously could prevent tests from running on a build - with shared libraries enabled. +* [2410] Yarrow code now uses AES. -* [1799] kadmind supports callouts to the Apple password server. +* [2678, 2802] New client commands kcpytkt and kdeltkt for Windows. -* [1893] KRB-SAFE messages from older releases can now be read - successfully. Prior 1.3.x releases did not save the encoded - KRB-SAFE message, and experienced problems when re-encoding. Found - by Scooter Morris. +* [2688] New command mit2ms on Windows. -* [1962] MS LSA tickets with short remaining lifetimes will be - rejected in favor of retrieving tickets bypassing the LSA cache. +* [2762] Merged Athena changes to allow ftpd to require encrypted + passwords. -* [1973] sendto_kdc.c now closes sockets with closesocket() instead of - close(), avoiding a descriptor leak on Windows. +* [2587] Incorporate gss_krb5_set_allowable_enctypes() and + gss_krb5_export_lucid_sec_context(), which are needed for NFSv4, + from Kevin Coffman. -* [1979] An erroneously short initial sequence number mask has been - fixed. +* [2841] Fix heap buffer overflow in password history + mechanism. [MITKRB5-SA-2004-004] -* [2028] KfW now displays a kinit dialog when GSS fails to find - tickets. +Minor changes in 1.4 +-------------------- -* [2051] Missing exports have been added to krb4_32.def on Windows. +Please see -* [2058] Some problems with krb4 ticket lifetime backdating have - fixed. +http://krbdev.mit.edu/rt/NoAuth/krb5-1.4/fixed-1.4.html -* [2060] GSSAPI's idea of the default ccache is less sticky now. +for a complete list. -* [2068] The profile library includes prof-int.h before conditionals - that rely on it. +* [249] Install example config files. -* [2084] The resolver library is no longer referenced by library code - if not building with DNS SRV record support. +* [427] PATH environment variable won't be overwritten by login.krb5 + if already set. -* [2085] Updated Windows README file to reflect current compilation - requirements, etc. +* [696] Sample KDC propagation script fixed. -* [2104] On Windows, only define strcasecmp and strncasecmp - replacement macros if said functions are missing. +* [868] Fixed search for res_search() and friends. -* [2106] Return an error for unimplemented ccache functions, rather - than calling through a null pointer. +* [927] Compilation on Tru64 now detects GNU linker and chooses + whether to use -oldstyle_liblookup accordingly. -* [2118] Applied patch from Will Fiveash to use correct parameter for - KDC TCP listening sockets. +* [1044] port-sockets.h explicitly declares h_errno if the declaration + is missing. -* [2144,2230] Memory management errors in the Windows gss.exe test - client have been fixed. +* [1210] KDC cleans up some per-listener state upon process + termination to avoid spurious memory leak indications. -* [2171] krb5_locate_kpasswd() now correctly calls htons() on the - kpasswd port number. Found by Arlene Berry. +* [1335] The server side of the Horowitz password-change protocol now + checks for minimum password life. -* [2180] The profile library now includes pthread.h when compiled with - USE_PTHREADS. +* [1345, 2730, 2757] patchlevel.h is now the master version file. -* [2181, 2224] A timeout has been added to gss-server, and a missing - parameter to sign_server() has been added. +* [1364] GNU sed is no longer required to make depend on Irix. -* [2196] config.{guess,sub} have been updated from autoconf-2.59. +* [1383] SRV record support now handles "." target and adds trailing + dots to avoid spurious multiple hostname queries. -* [2204] Windows gss.exe now has support for specifying credentials - cache, as well as some minor bugfixes. +* [1497] A memory leak in the krb5 context serializer has been fixed. -* [2210] GSSAPI accept_sec_context() no longer unconditionally sets - INTEG and CONF flags in contradiction to what the initiator sent. +* [1570] Some team procedures now documented. -* [2212] The GSS sample application has some additional options to - support testing of SSPI vs GSSAPI. +* [1588] Automatic rebuilding of configure scripts, etc. are only done + if --enable-maintainer-mode is passed to configure. -* [2217] Windows gss.exe has new UI elements to support more flag - settings. +* [1623] Memory management in the ftp client has been cleaned up. -* [2225] In the gss sample client, some extraneous parameters have - been removed from client_establish_context(). +* [1724] DNS SRV record lookup support is unconditionally built on + Unix. -* [2228] Copyright notices updated in GSS sample apps. +* [1791] Replacement for daemon() is compiled separately each time it + is needed, rather than ending up in the krb5 library. -* [2233] On Windows compiles with KRB5_KFW_COMPILE, the lib path for - krbcc32.lib is now correct. +* [1806] Default to building shared libraries on most platforms that + support them. -* [2195, 2236, 2241, 2245] The Solaris 9 pty-close bug, which was - affecting the test suite, has been worked around by hacking - scheduler priorities. See the installation notes for details. - Thanks to Bill Sommerfeld for some useful hints. +* [1847] Fixed daemon() replacement to build on Tru64. -* [2258] An incorrect memcpy() statement in fakeka has been fixed. - Reported by David Thompson. +* [1850] Fixed some 0 vs NULL issues. -Notes, Major Changes, and Known Bugs for 1.3.1 ----------------------------------------------- +* [2066] AES-only configuration now tested in test suite. -* [1681] The incorrect encoding of the ETYPE-INFO2 preauthentication - hint is no longer emitted, and the both the incorrect and the - correct encodings of ETYPE-INFO2 are now accepted. We STRONGLY - encourage deploying krb5-1.3.1 in preference to 1.3, especially on - client installations, as the 1.3 release did not conform to the - internet-draft for the revised Kerberos protocol in its encoding of - ETYPE-INFO2. +* [2219] Fixed memory leak in KDC preauth handling. -* [1683] The non-caching getaddrinfo() API on Mac OS X, which was - causing significant slowdowns under some circumstances, has been - worked around. +* [2256] Use $(CC) rather than ld to build shared libs on Tru64 and + Irix. -Minor changes in 1.3.1 ----------------------- - -* [1015] gss_accept_sec_context() now passes correct arguments to - TREAD_STR() when reading options beyond the forwarded credential - option. Thanks to Emily Ratliff. - -* [1365] The GSSAPI initiator credentials are no longer cached inside - the GSSAPI library. - -* [1651] A buffer overflow in krb_get_admhst() has been fixed. - -* [1655] krb5_get_permitted_enctypes() and krb5_set_real_time() are - now exported for use by Samba. - -* [1656] gss_init_sec_context() no longer leaks credentials under some - error conditions. - -* [1657] krb_get_lrealm() no longer returns "ATHENA.MIT.EDU" - inappropriately. - -* [1664] The crypto library no longer has bogus dependencies on - com_err. - -* [1665] krb5_init_context() no longer multiply registers error tables - when called more than once, preventing a memory leak. - -* [1666] The GSS_C_NT_* symbols are now exported from gssapi32.dll on - Windows. - -* [1667] ms2mit now imports any tickets with supported enctypes, and - does not import invalid tickets. - -* [1677] krb5_gss_register_acceptor_identity() no longer has an - off-by-one in its memory allocation. - -* [1679] krb5_principal2salt is now exported on all platforms. - -* [1684] The file credentials cache is now supported if USE_CCAPI is - defined, i.e., for KfM and KfW. - -* [1691] Documentation for the obsolete kdc_supported_enctypes config - variable has been removed. - -Notes, Major Changes, and Known Bugs for 1.3 --------------------------------------------- - -* We now install the compile_et program, so other packages can use the - installed com_err library with their own error tables. (If you use - our com_err code, that is; see below.) - -* The header files we install now assume ANSI/ISO C ('89, not '99). - We have stopped testing on SunOS 4, even with gcc. Some of our code - now has C89-based assumptions, like free(NULL) being well defined, - that will probably frustrate any attempts to run this code under SunOS - 4 or other pre-C89 systems. - -* Some new code, bug fixes, and cleanup for IPv6 support. Most of the - code should support IPv6 transparently now. The RPC code (and - therefore the admin system, which is based on it) does not yet - support IPv6. The support for Kerberos 4 may work with IPv6 in very - limited ways, if the address checking is turned off. The FTP client - and server do not have support for the new protocol messages needed - for IPv6 support (RFC 2428). - -* We have upgraded to autoconf 2.52 (or later), and the syntax for - specifying certain configuration options have changed. For example, - autoconf 2.52 configure scripts let you specify command-line options - like "configure CC=/some/path/foo-cc", so we have removed some of - our old options like --with-cc in favor of this approach. - -* The client libraries can now use TCP to connect to the KDC. This - may be necessary when talking to Microsoft KDCs (domain controllers), - if they issue you tickets with lots of PAC data. - -* If you have versions of the com_err or ss installed locally, you can - use the --with-system-et and --with-system-ss configure options to - use them rather than using the versions supplied here. Note that - the interfaces are assumed to be similar to those we supply; in - particular, some older, divergent versions of the com_err library - may not work with the krb5 sources. Many configure-time variables - can be used to help the compiler and linker find the installed - packages; see the build documentation for details. - -* The AES cryptosystem has been implemented. However, support in the - Kerberos GSSAPI mechanism has not been written (or even fully - specified), so it's not fully enabled. See the documentation for - details. - -Major changes listed by ticket ID ---------------------------------- - -* [492] PRNG breakage on 64-bit platforms no longer an issue due to - new PRNG implementation. - -* [523] Client library is now compatible with the RC4-based - cryptosystem used by Windows 2000. - -* [709] krb4 long lifetime support has been implemented. - -* [880] krb5_gss_register_acceptor_identity() implemented (is called - gsskrb5_register_acceptor_identity() by Heimdal). - -* [1087] ftpd no longer requires channel bindings, allowing easier use - of ftp from behind a NAT. - -* [1156, 1209] It is now possible to use the system com_err to build - this release. - -* [1174] TCP support added to client library. - -* [1175] TCP support added to the KDC, but is disabled by default. - -* [1176] autoconf-2.5x is now required by the build system. - -* [1184] It is now possible to use the system Berkeley/Sleepycat DB - library to build this release. - -* [1189, 1251] The KfM krb4 library source base has been merged. - -* [1190] The default KDC master key type is now triple-DES. KDCs - being updated may need their config files updated if they are not - already specifying the master key type. - -* [1190] The default ticket lifetime and default maximum renewable - ticket lifetime have been extended to one day and one week, - respectively. - -* [1191] A new script, k5srvutil, may be used to manipulate keytabs in - ways similar to the krb4 ksrvutil utility. - -* [1281] The "fakeka" program, which emulates the AFS kaserver, has - been integrated. Thanks to Ken Hornstein. - -* [1343] The KDC now defaults to not answering krb4 requests. - -* [1344] Addressless tickets are requested by default now. - -* [1372] There is no longer a need to create a special keytab for - kadmind. The legacy administration daemons "kadmind4" and - "v5passwdd" will still require a keytab, though. - -* [1377, 1442, 1443] The Microsoft set-password protocol has been - implemented. Thanks to Paul Nelson. - -* [1385, 1395, 1410] The krb4 protocol vulnerabilities - [MITKRB5-SA-2003-004] have been worked around. Note that this will - disable krb4 cross-realm functionality, as well as krb4 triple-DES - functionality. Please see doc/krb4-xrealm.txt for details of the - patch. - -* [1393] The xdrmem integer overflows [MITKRB5-SA-2003-003] have - been fixed. - -* [1397] The krb5_principal buffer bounds problems - [MITKRB5-SA-2003-005] have been fixed. Thanks to Nalin Dahyabhai. - -* [1415] Subsession key negotiation has been fixed to allow for - server-selected subsession keys in the future. - -* [1418, 1429, 1446, 1484, 1486, 1487, 1535, 1621] The AES - cryptosystem has been implemented. It is not usable for GSSAPI, - though. - -* [1491] The client-side functionality of the krb524 library has been - moved into the krb5 library. - -* [1550] SRV record support exists for Kerberos v4. - -* [1551] The heuristic for locating the Kerberos v4 KDC by prepending - "kerberos." to the realm name if no config file or DNS information - is available has been removed. - -* [1568, 1067] A krb524 stub library is built on Windows. - -Minor changes listed by ticket ID ---------------------------------- +* [2276] Support for the non-standard enctype + ENCTYPE_LOCAL_DES3_HMAC_SHA1 has been removed. -* [90] default_principal_flags documented. +* [2285] Test suite checks TCP access to KDC. -* [175] Docs refer to appropriate example domains/IPs now. +* [2295] Minor stylistic cleanup in gss-client. -* [299] kadmin no longer complains about missing kdc.conf parameters - when it really means krb5.conf parameters. +* [2296, 2370, 2424] krb5_get_init_creds() APIs avoid multiple queries + to master KDC. -* [318] Run-time load path for tcl is set now when linking test - programs. +* [2379] Remove _XOPEN_EXTENDED hack previously used for HP-UX. -* [443] --includedir honored now. +* [2432] Only sanity-check setutent() API if utmpx.h is not present, + as this was preventing recent NetBSD from configuring. -* [479] unused argument in try_krb4() in login.c deleted. +* [2525] kvno.exe installed on Windows. -* [590] The des_read_pw_string() function in libdes425 has been - aligned with the original krb4 and CNS APIs. +* [2529] Fix some internal type inconsistencies in gssapi library. -* [608] login.krb5 handles SIGHUP more sanely now and thus avoids - getting the session into a weird state w.r.t. job control. +* [2530] Fix KRB5_CALLCONV usage in krb5_cc_resolve(). -* [620] krb4 encrypted rcp should work a little better now. Thanks to - Greg Hudson. +* [2537] Apply fix from John Hascall to make krb5_get_in_tkt() + emulation actually honor the lifetimes in the input credentials. -* [647] libtelnet/kerberos5.c no longer uses internal include files. +* [2539] Create manpage for krb524d. -* [673] Weird echoing of admin password in kadmin client worked around - by not using buffered stdio calls to read passwords. +* [2573] The rcache code no longer attempts to close a negative file + descriptor from a failed open. -* [677] The build system has been reworked to allow the user to set - CFLAGS, LDFLAGS, CPPFLAGS, etc. reasonably. +* [2591] The gssapi library now requires that the initiator's channel + bindings match those provided by the acceptor, if the acceptor + provides them at all. -* [680] Related to [673], rewrite krb5_prompter_posix() to no longer - use longjmp(), thus avoiding some bugs relating to non-restoration - of terminal settings. +* [2592] Fix some HP-UX 11 compilation issues. -* [697] login.krb5 no longer zeroes out the terminal window size. +* [2598] Fix some HP-UX 11 foreachaddr() issues. -* [710] decomp_ticket() in libkrb4 now looks up the local realm name - more correctly. Thanks to Booker Bense. +* [2600] gss_accept_sec_context() no longer leaks rcaches. -* [771] .rconf files are excluded from the release now. +* [2603] Clean up some issues relating to use of reserved namespace in + k5-platform.h. -* [772] LOG_AUTHPRIV syslog facility is now usable for logging on - systems that support it. +* [2614] Rewrite handling of whitespace in profile library to better + handle whitespace around tag names. -* [844] krshd now syslogs using the LOG_AUTH facility. +* [2629] Fix double-negation of a preprocessor test in osconf.h. -* [850] Berekely DB build is better integrated into the krb5 library - build process. +* [2637] krb5int_zap_data() uses SecureZeroMemory on Windows instead + of memset(). -* [866] lib/krb5/os/localaddr.c and kdc/network.c use a common source - for local address enumeration now. +* [2654] krb5_get_init_creds() checks for overflow/underflow on 32-bit + timestamps. -* [882] gss-client now correctly deletes the context on error. +* [2655] krb5_get_init_creds() no longer issues requests where the + renew_until time precedes the expiration time. -* [919] kdc/network.c problems relating to SIOCGIFCONF have been - fixed. +* [2656] krb5_get_init_creds() supports ticket_lifetime libdefault. -* [922] An overflow in the string-to-time conversion routines has been - fixed. +* [2657] Default ccache name is evaluated more lazily. -* [933] krb524d now handles single-DES session keys other than of type - des-cbc-crc. +* [2661] Handle return of ai_canonname=NULL from getaddrinfo(). -* [935] des-cbc-md4 now included in default enctypes. +* [2665] Fix leak in cc_resolve, reported by Paul Moore. -* [939] A minor grammatical error has been fixed in a telnet client - error message. +* [2674] libkadm5 acl_init() API renamed to avoid conflict with MacOS + X acl API. -* [953] des3 no longer failing on Windows due to SHA1 implementation - problems. +* [2684, 2710, 2728] Use BIND 8 parsing API when available. -* [964] kdb_init_hist() no longer fails if master_key_enctype is not - in supported_enctypes. +* [2685] The profile library iterators no longer get confused when + modifications are made to the in-memory profile. -* [970] A minor inconsistency in ccache.tex has been fixed. +* [2694] The krb5-config script now has a manpage. -* [971] option parsing bugs rendered irrelevant by removal of unused - gss mechanism. +* [2704] New ccache API flag to request only information, not actual + credentials. -* [976] make install mentioned in build documentation. +* [2705] Support for upcoming read/write MSLSA ccache. -* [986] Related to [677], problems with the ordering of LDFLAGS - initialization rendered irrelevant by use of native autoconf - idioms. +* [2706] resolv.h is included when searching for res_search() and + friends, to account for symbol renaming. -* [992] Related to [677], quirks with --with-cc no longer relevant as - AC_PROG_CC is used instead now. +* [2715] The install-strip make target no longer attempts to strip + scripts. -* [999] The kdc_default_options configuration variable is now honored. - Thanks to Emily Ratliff. +* [2718] Fix memory leak in arcfour string_to_key. Reported by + Derrick Schommer. -* [1006] Client library, as well as KDC, now perform reasonable - sorting of ETYPE-INFO preauthentication data. +* [2719] Fix memory leak in rd_cred.c. Reported by Derrick Schommer. -* [1055] NULL pointer dereferences in code calling - krb5_change_password() have been fixed. +* [2725] Fix memory leak in mk_req_extended(). Reported by Derrick + Schommer. -* [1063] Initial credentials acquisition failures related to client - host having a large number of local network interfaces should be - fixed now. +* [2729] Add some new version strings for Windows. -* [1064] Incorrect option parsing in the gssapi library is no longer - relevant due to removal of the "v2" mechanism. +* [2734] The ticket_lifetime libdefault now uses units of seconds by + default, if no units are provided. -* [1065, 1225] krb5_get_init_creds_password() should properly warn about - password expiration. +* [2741] The profile library's error tables aren't loaded on MacOS X. -* [1066] printf() argument mismatches in rpc unit tests fixed. +* [2750] Calls to the profile library which set values no longer fail + if the file is not writable. -* [1085] The krb5.conf manpage has been re-synchronized with other - documentation. +* [2751] The profile library has a new API to detect whether the + default profile is writable. -* [1102] gssapi_generic.h should now work with C++. +* [2753] An initial C implementation of CCAPI has been done. -* [1135] The kadm5 ACL system is better documented. +* [2754] fake-addrinfo.h includes errno.h earlier. -* [1136] Some documentation for the setup of cross-realm - authentication has been added. +* [2756] The profile library calls stat() less frequently on files. -* [1164] krb5_auth_con_gen_addrs() now properly returns errno instead - of -1 if getpeername() fails. +* [2760, 2780] The keytab implementation checks for cases where + fopen() can return NULL without setting errno. Reported by Roland + Dowdeswell. -* [1173] Address-less forwardable tickets will remain address-less - when forwarded. +* [2770] com_err now creates valid prototypes for generated files. + Reported by Jeremy Allison. -* [1178, 1228, 1244, 1246, 1249] Test suite has been stabilized - somewhat. +* [2772, 2797] The krb4 library now honors the dns_fallback libdefault + setting. -* [1188] As part of the modernization of our usage of autoconf, - AC_CONFIG_FILES is now used instead of passing a list of files to - AC_OUTPUT. +* [2776, 2779] Solaris patches exist for the pty-close race condition + bug. We check for these patches now checked, and don't apply the + priocntl hack if they are present. -* [1194] configure will no longer recurse out of the top of the source - tree when attempting to locate the top of the source tree. +* [2783] ftpcmds.y unconditionally defines NBBY to 8. -* [1192] Documentation for the krb5 afs functionality of krb524d has - been written. +* [2793] locate_kdc.c can compile if KRB5_DNS_LOOKUP isn't defined, + though we removed the configure-time option for this. -* [1195] Example krb5.conf file modified to include all enctypes - supported by the release. +* [2795] Fixed some addrinfo problems that affected Irix. -* [1202] The KDC no longer rejects unrecognized flags. +* [2796, 2840] Calling conventions for some API functions for Windows + have been fixed. -* [1203] krb5_get_init_creds_keytab() no longer does a double-free. +* [2805] Windows NSIS installer script updated. -* [1211] The ASN.1 code no longer passes (harmless) uninitialized - values around. +* [2808] Support library renamed on Windows. -* [1212] libkadm5 now allows for persistent exclusive database locks. +* [2815] krb5-config updated to reference new support library. -* [1217] krb5_read_password() and des_read_password() are now - implemented via krb5_prompter_posix(). +* [2814, 2816] Some MSLSA ccache features depending on non-public SDK + features were backed out. -* [1224] For SAM challenges, omitted optional strings are no longer - encoded as zero-length strings. +* [2818] Don't create empty array for addresses in MSLSA ccache. -* [1226] Client-side support for SAM hardware-based preauth - implemented. +* [2832] Fix shared library build on sparc64-netbsd. -* [1229] The keytab search logic no longer fails prematurely if an - incorrect encryption type is found. Thanks to Wyllys Ingersoll. +* [2833, 2834, 2835] Add support for generating/installing debugging + symbols on Windows. -* [1232] If the master KDC cannot be resolved, but a slave is - reachable, the client library now returns the real error from the - slave rather than the resolution failure from the master. Thanks to - Ben Cox. +* [2838] Fix termination of incorrect string in telnetd. -* [1234] Assigned numbers for SAM preauth have been corrected. - sam-pk-for-sad implementation has been aligned. +* [2854] Fix memory leak in ccache. -* [1237] Profile-sharing optimizations from KfM have been merged. +* [2857] Fix memory leak in asn1_decode_generaltime(). -* [1240] Windows calling conventions for krb5int_c_combine_keys() have - been aligned. +* [2861] Minor documenation fixes. -* [1242] Build system incompatibilities with Debian's chimeric - autoconf installation have been worked around. +* [2864] Fix IPv6 support on Windows. -* [1256] Incorrect sizes passed to memset() in combine_keys() - operations have been corrected. +* [2865] New API function krb5_is_thread_safe() to test for thread + safety. -* [1260] Client credential lookup now gets new service tickets in - preference to attempting to use expired ticketes. Thanks to Ben - Cox. +* [2870, 2881] Fix crash in MSLSA ccache. -* [1262, 1572] Sequence numbers are now unsigned; negative sequence - numbers will be accepted for the purposes of backwards - compatibility. +* [2871] Handle read() returning -1 in prng.c. -* [1263] A heuristic for matching the incorrectly encoded sequence - numbers emitted by Heimdal implementations has been written. +* [2872] Fix memory leak in DNS lookup code. -* [1284] kshd accepts connections by IPv6 now. +* [2887] Fix null pointer dereference in krb5_unparse_name(). -* [1292] kvno manpage title fixed. +* [2892] Fix some gcc-4.0 compatibility problems. -* [1293] Source files no longer explicitly attempt to declare errno. - -* [1304] kadmind4 no longer leaves sa_flags uninitialized. - -* [1305] Expired tickets now cause KfM to pop up a password dialog. - -* [1309] krb5_send_tgs() no longer leaks the storage associated with - the TGS-REQ. - -* [1310] kadm5_get_either() no longer leaks regexp library memory. - -* [1311] Output from krb5-config no longer contains spurious uses of - $(PURE). - -* [1324] The KDC no longer logs an inappropriate "no matching key" - error when an encrypted timestamp preauth password is incorrect. - -* [1334] The KDC now returns a clockskew error when the timestamp in - the encrypted timestamp preauth is out of bounds, rather than just - returning a preauthentcation failure. - -* [1342] gawk is no longer required for building kerbsrc.zip for the - Windows build. - -* [1346] gss_krb5_ccache_name() no longer attempts to return a pointer - to freed memory. - -* [1351] The filename globbing vulnerability [CERT VU#258721] in the - ftp client's handling of filenames beginning with "|" or "-" - returned from the "mget" command has been fixed. - -* [1352] GSS_C_PROT_READY_FLAG is no longer asserted inappropriately - during GSSAPI context establishment. - -* [1356] krb5_gss_accept_sec_context() no longer attempts to validate - a null credential if one is passed in. - -* [1362] The "-a user" option to telnetd now does the right thing. - Thanks to Nathan Neulinger. - -* [1363] ksu no longer inappropriately syslogs to stderr. - -* [1357] krb__get_srvtab_name() no longer leaks memory. - -* [1370] GSS_C_NO_CREDENTIAL now accepts any principal in the keytab. - -* [1373] Handling of SAM preauth no longer attempts to stuff a size_t - into an unsigned int. - -* [1387] BIND versions later than 8 now supported. - -* [1392] The getaddrinfo() wrapper should work better on AIX. - -* [1400] If DO_TIME is not set in the auth_context, and no replay - cache is available, no replay cache will be used. - -* [1406, 1108] libdb is no longer installed. If you installed - krb5-1.3-alpha1, you should ensure that no spurious libdb is left in - your install tree. - -* [1412] ETYPE_INFO handling no longer goes into an infinite loop. - -* [1414] libtelnet is now built using the same library build framework - as the rest of the tree. - -* [1417] A minor memory leak in krb5_read_password() has been fixed. - -* [1419] A memory leak in asn1_decode_kdc_req_body() has been fixed. - -* [1435] inet_ntop() is now emulated when needed. - -* [1439] krb5_free_pwd_sequences() now correctly frees the entire - sequence of elements. - -* [1440] errno is no longer explicitly declared. - -* [1441] kadmind should now return useful errors if an unrecognized - version is received in a changepw request. - -* [1454, 1480, 1517, 1525] The etype-info2 preauth type is now - supported. - -* [1459] (KfM/KLL internal) config file resolution can now be - prevented from accessing the user's homedir. - -* [1463] Preauth handling in the KDC has been reorganized. - -* [1470] Double-free in client-side preauth code fixed. - -* [1473] Ticket forwarding when the TGS and the end service have - different enctypes should work somewhat better now. - -* [1474] ASN.1 testsuite memory management has been cleaned up a - little to allow for memory leak checking. - -* [1476] Documentation updated to reflect default krb4 mode. - -* [1482] RFC-1964 OIDs now provided using the suggested symbolic - names. - -* [1483, 1528] KRB5_DEPRECATED is now false by default on all - platforms. - -* [1488] The KDC will now return integrity errors if a decryption - error is responsible for preauthentication failure. - -* [1492] The autom4te.cache directories are now deleted from the - release tarfiles. - -* [1501] Writable keytabs are registered by default. - -* [1515] The check for cross-realm TGTs no longer reads past the end - of an array. - -* [1518] The kdc_default_options option is now actually honored. - -* [1519] The changepw protocol implementation in kadmind now logs - password changes. - -* [1520] Documentation of OS-specific build options has been updated. - -* [1536] A missing prototype for krb5_db_iterate_ext() has been - added. - -* [1537] An incorrect path to kdc.conf show in the kdc.conf manpage - has been fixed. - -* [1540] verify_as_reply() will only check the "renew-till" time - against the "till" time if the RENEWABLE is not set in the request. - -* [1547] gssftpd no longer uses vfork(), as this was causing problems - under RedHat 9. - -* [1549] SRV records with a value of "." are now interpreted as a lack - of support for the protocol. - -* [1553] The undocumented (and confusing!) kdc_supported_enctypes - kdc.conf variable is no longer used. - -* [1560] Some spurious double-colons in password prompts have been - fixed. - -* [1571] The test suite tries a little harder to get a root shell. - -* [1573] The KfM build process now sets localstatedir=/var/db. - -* [1576, 1575] The client library no longer requests RENEWABLE_OK if - the renew lifetime is greater than the ticket lifetime. - -* [1587] A more standard autoconf test to locate the C compiler allows - for gcc to be found by default without additional configuration - arguments. - -* [1593] Replay cache filenames are now escaped with hyphens, not - backslashes. - -* [1598] MacOS 9 support removed from in-tree com_err. - -* [1602] Fixed a memory leak in make_ap_req_v1(). Thanks to Kent Wu. - -* [1604] Fixed a memory leak in krb5_gss_init_sec_context(), and an - uninitialized memory reference in kg_unseal_v1(). Thanks to Kent - Wu. - -* [1607] kerberos-iv SRV records are now documented. - -* [1610] Fixed AES credential delegation under GSSAPI. - -* [1618] ms2mit no longer inserts local addresses into tickets - converted from the MS ccache if they began as addressless tickets. - -* [1619] etype_info parser (once again) accepts extra field emitted by - Heimdal. - -* [1643] Some typos in kdc.conf.M have been fixed. - -* [1648] For consistency, leading spaces before preprocessor - directives in profile.h have been removed. - ---[ DELETE BEFORE RELEASE ---changes to unreleased code, etc.--- ]-- - -* [1054] KRB-CRED messages for RC4 are encrypted now. - -* [1177] krb5-1-2-2-branch merged onto trunk. - -* [1193] Punted comment about reworking key storage architecture. - -* [1208] install-headers target implemented. - -* [1223] asn1_decode_oid, asn1_encode_oid implemented - -* [1248] RC4 is explicitly excluded from combine_keys. - -* [1276] Generated dependencies handle --without-krb4 properly now. - -* [1339] An inadvertent change to the krb4 get_adm_hst API (strcpy vs - strncpy etc.) has been fixed. - -* [1384, 1413] Use of autoconf-2.52 in util/reconf will now cause a - warning. - -* [1388] DNS support is turned on in KfM. - -* [1391] Fix kadmind startup failure with krb4 vuln patch. - -* [1409] get_ad_tkt() now prompts for password if there are no tickets - (in KfM). - -* [1447] vts_long() and vts_short() work now. - -* [1462] KfM adds exports of set_pw calls. - -* [1477] compile_et output not used in err_txt.c. - -* [1495] KfM now exports string_to_key_with_params. - -* [1512, 1522] afs_string_to_key now works with etype_info2. - -* [1514] krb5int_populate_gic_opt returns void now. - -* [1521] Using an afs3 salt for an AES key no longer causes - segfaults. - -* [1533] krb524.h no longer contains invalid Mac pragmas. - -* [1546] krb_mk_req_creds() no longer zeros the session key. - -* [1554] The krb4 string-to-key iteration now accounts correctly for - the decrypt-in-place semantics of libdes425. - -* [1557] KerberosLoginPrivate.h is now correctly included for the use - of __KLAllowHomeDirectoryAccess() in init_os_ctx.c (for KfM). - -* [1558] KfM exports the new krb524 interface. - -* [1563] krb__get_srvtaname() no longer returns a pointer that is - free()d upon a subsequent call. - -* [1569] A debug statement has been removed from krb524init. - -* [1592] Document possible file rename lossage when building against - system libdb. - -* [1594] Darwin gets an explicit dependency of err_txt.o on - krb_err.c. - -* [1596] Calling conventions, etc. tweaked for KfW build of - krb524.dll. - -* [1600] Minor tweaks to README to improve notes on IPv6, etc. - -* [1605] Fixed a leak of subkeys in krb5_rd_rep(). - -* [1630] krb5_get_in_tkt_with_keytab() works now; previously borken by - reimplementation in terms of krb5_get_init_creds(). - -* [1642] KfM build now inherits CFLAGS and LDFLAGS from parent project. +* [2891] lib/kdb/keytab.c no longer accesses an uninitialized variable. Copyright Notice and Legal Administrivia ---------------------------------------- -Copyright (C) 1985-2004 by the Massachusetts Institute of Technology. +Copyright (C) 1985-2005 by the Massachusetts Institute of Technology. All rights reserved. @@ -1130,49 +547,61 @@ src/lib/crypto/aes has the following copyright: in respect of any properties, including, but not limited to, correctness and fitness for purpose. - - -Acknowledgements ----------------- +---- The implementation of the RPCSEC_GSS authentication flavor in +src/lib/rpc has the following copyright: + + Copyright (c) 2000 The Regents of the University of Michigan. + All rights reserved. + + Copyright (c) 2000 Dug Song . + All rights reserved, all wrongs reversed. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Acknowledgments +--------------- Appreciation Time!!!! There are far too many people to try to thank them all; many people have contributed to the development of Kerberos V5. This is only a partial listing.... -Thanks to Paul Vixie and the Internet Software Consortium for funding -the work of Barry Jaspan. This funding was invaluable for the OV -administration server integration, as well as the 1.0 release -preparation process. +Thanks to Kevin Coffman and the CITI group at the University of +Michigan for providing patches for implementing RPCSEC_GSS +authentication in the RPC library. -Thanks to John Linn, Scott Foote, and all of the folks at OpenVision -Technologies, Inc., who donated their administration server for use in -the MIT release of Kerberos. +Thanks to Derrick Schommer for reporting multiple memory leaks. -Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken -Raeburn, and all of the folks at Cygnus Support, who provided -innumerable bug fixes and portability enhancements to the Kerberos V5 -tree. Thanks especially to Jeff Bigler, for the new user and system -administrator's documentation. +Thanks to Quanah Gibson-Mount of Stanford University for helping +exercise the thread support code. -Thanks to Doug Engert from ANL for providing many bug fixes, as well -as testing to ensure DCE interoperability. +Thanks to Michael Tautschnig for reporting the heap buffer overflow in +the password history mechanism. [MITKRB5-SA-2004-004] -Thanks to Ken Hornstein at NRL for providing many bug fixes and -suggestions, and for working on SAM preauthentication. - -Thanks to Matt Crawford at FNAL for bugfixes and enhancements. - -Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for -their many suggestions and bug fixes. - -Thanks to Nalin Dahyabhai of RedHat and Chris Evans for locating and -providing patches for numerous buffer overruns. - -Thanks to Christopher Thompson and Marcus Watts for discovering the -ftpd security bug. - -Thanks to Paul Nelson of Thursby Software Systems for implementing the -Microsoft set password protocol. +Thanks to Wyllys Ingersoll for finding a buffer-size problem in the +RPCSEC_GSS implementation. Thanks to the members of the Kerberos V5 development team at MIT, both past and present: Danilo Almeida, Jeffrey Altman, Jay Berkenbilt, @@ -1183,3 +612,10 @@ Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu. + +Very special thanks go to Marshall Vale, our departing team leader. +Over the past few years, Marshall has been extremely valuable to us as +mentor, advisor, manager, and friend. Marshall's devotion as a +champion of Kerberos has helped our team immensely through many trials +and hardships. We will miss him tremendously, and we wish him the +best in his future endeavors. diff --git a/doc/ChangeLog b/doc/ChangeLog index 985d2e067..6e27bd034 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,20 @@ +2005-01-03 Ken Raeburn + + * build.texinfo (The util Directory): Add the new support + library. + (Installing the Binaries): Discuss parallel builds under GNU + make. + + * implementor.texinfo (Host Address Lookup): Document Mac OS X + issues. + + * threads.txt, thread-safety.txt: Updates. + +2004-11-19 Tom Yu + + * build.texinfo (Solaris 9): Document Solaris patches for pty + close bug. + 2004-10-06 Ken Raeburn * implementor.texinfo, thread-safe.txt, threads.txt: Various diff --git a/doc/build.texinfo b/doc/build.texinfo index 4babbe7ea..fc60d7ab8 100644 --- a/doc/build.texinfo +++ b/doc/build.texinfo @@ -212,7 +212,8 @@ functions which parse the Kerberos configuration files (@code{krb5.conf} and @code{kdc.conf}). Also in this directory are the Kerberos error table library and utilities (@i{et}), the Sub-system library and utilities (@i{ss}), database utilities (@i{db2}), pseudo-terminal utilities -(@i{pty}), and bug-reporting program @code{send-pr}. +(@i{pty}), bug-reporting program @code{send-pr}, and a generic +support library @code{support} used by several of our other libraries. @node Build Requirements, Unpacking the Sources, Organization of the Source Directory, Building Kerberos V5 @section Build Requirements @@ -233,6 +234,8 @@ will need a @samp{make} program which supports @samp{VPATH}, or you will need to use a tool such as @samp{lndir} to produce a symbolic link tree for your build tree. +@c Library support... + @node Unpacking the Sources, Doing the Build, Build Requirements, Building Kerberos V5 @section Unpacking the Sources @@ -367,6 +370,11 @@ libraries into @code{DESTDIR/PREFIX/lib}, etc. Note that if you want to test the build (see @ref{Testing the Build}), you usually do not need to do a @code{make install} first. +Some implementations of @samp{make} allow multiple commands to be run in +parallel, for faster builds. We test our Makefiles in parallel builds with +GNU @samp{make} only; they may not be compatible with other parallel build +implementations. + @node Testing the Build, Options to Configure, Installing the Binaries, Building Kerberos V5 @section Testing the Build @@ -895,6 +903,12 @@ Run something like as root, where @code{nnnn} is the pid of the shell whose priority limit you wish to raise. +Sun has released kernel patches for this race condition. Apply patch +117171-11 for sparc, or patch 117172-11 for x86. Later revisions of +the patches should also work. It is not necessary to run ``make +check'' from a shell with elevated priority limits once the patch has +been applied. + @node SGI Irix 5.X, Ultrix 4.2/3, Solaris 9, OS Incompatibilities @subsection SGI Irix 5.X diff --git a/doc/implementor.texinfo b/doc/implementor.texinfo index d9e00a66b..660967620 100644 --- a/doc/implementor.texinfo +++ b/doc/implementor.texinfo @@ -395,6 +395,25 @@ is, both of which are wrong. No known bugs here, but as of IRIX 6.5.7, the version we're using at MIT, these functions had not been implemented. +@item Mac OS X +Two problems have been found with @code{getaddrinfo} on Mac OS X, at +least under version 10.3. First, while @code{gethostbyname} data is +cached to make multiple lookups of the same name (@i{e.g.}, by +different parts of the code that need to know about the same server +host), @code{getaddrinfo} results are not cached, so multiple queries +mean multiple DNS requests, which means more delays if the DNS servers +are not close by and fast to respond. We've implemented a cache of +our own to work around this, though it only applies to multiple +lookups in a short period of time within the same application process, +and it's only implemented for the Mac at the moment. + +Second, the Mac libraries will generate a DNS SRV RR query; as far as +I [Ken] can tell this is a bug, but Apple seems to consider it a +feature. (Call @code{getaddrinfo("example.com", "telnet", ...)} and +you get a SRV record query, but the spec on SRV records says you must +not use them unless the specification for the service in question says +to.) Yet more network traffic for each name to look up. + @item NetBSD As of NetBSD 1.5, this function is not thread-safe. In 1.5X (intermediate code snapshot between 1.5 and 1.6 releases), the diff --git a/doc/thread-safe.txt b/doc/thread-safe.txt index 9e3070681..0996b329a 100644 --- a/doc/thread-safe.txt +++ b/doc/thread-safe.txt @@ -140,10 +140,11 @@ Uses: ctype macros Uses: getaddrinfo, getnameinfo. According to current specifications, getaddrinfo should be thread-safe; some implementations are not, and -we're not attempting to figure out which ones. +we're not attempting to figure out which ones. NetBSD 1.6, for +example, had an unsafe implementation. Uses: res_ninit, res_nsearch. If these aren't available, the non-'n' -versions will be used, and they are not thread-safe. +versions will be used, and they are sometimes not thread-safe. Uses: mkstemp, mktemp -- Are these, or our uses of them, likely to be thread-safe? @@ -158,17 +159,24 @@ Uses: tcgetattr, tcsetattr. This is also in the password-prompting code. These are fine as long as no other threads are accessing the same terminal at the same time. +Uses: fopen. This is thread-safe, actually, but a multi-threaded +server is likely to be using lots of file descriptors. On 32-bit +Solaris platforms, fopen will not work if the next available file +descriptor number is 256 or higher. This can cause the keytab code to +fail. + Statics: prompter.c: interrupt flag Statics: ccdefops.c: default operations table pointer -Statics: ktdefname.c: variable to override default keytab name, NEEDS LOCKING +Statics: ktdefname.c: variable to override default keytab name, NO +LOCKING. DON'T TOUCH THESE VARIABLES, at least in threaded programs. Statics: conv_creds.c: debug variable Statics: sendto_kdc.c: debug variable, in export list for KDC -Statics: parse.c: default realm cache, NOT THREAD SAFE +Statics: parse.c: default realm cache, changed to not cache Statics: krb5_libinit.c: lib init aux data @@ -183,8 +191,6 @@ always increment" Statics: ktbase.c, ccbase.c, rc_base.c: type registries and mutexes. -Needs work: keytab locking - ---------------- libgssapi_krb5 diff --git a/doc/threads.txt b/doc/threads.txt index 1b655ea0c..b161dafbc 100644 --- a/doc/threads.txt +++ b/doc/threads.txt @@ -16,6 +16,16 @@ object while other threads may still be using it. (Any internal data modification in those objects will be protected by mutexes or other means, within the krb5 library.) +The simple, exposed data structures in krb5.h like krb5_principal are +not protected; they should not be used in one thread while another +thread might be modifying them. (TO DO: Build a list of which calls +keep references to supplied data or return references to +otherwise-referenced data, as opposed to everything making copies.) + + + +[ This part is a little outdated already. ] + // Between these two, we should be able to do pure compile-time // and pure run-time initialization. // POSIX: partial initializer is PTHREAD_MUTEX_INITIALIZER, @@ -57,6 +67,7 @@ means, within the krb5 library.) int k5_setspecific(k5_key_t, const void *); ... stuff to signal library termination ... +This is **NOT** an exported interface, and is subject to change. On many platforms with weak reference support, we can declare certain symbols to be weak, and test the addresses before calling them. The @@ -70,12 +81,21 @@ AIX 4.3.3 doesn't support weak references. However, it looks like calling dlsym(NULL) causes the pthread library to get loaded, so we're going to just go ahead and link against it anyways. +On Tru64 we also link against the thread library always. + For now, the basic model is: If weak references supported, use them. - Else, assume support is present. + Else, assume support is present; if that means explicitly pulling in + the thread library, so be it. + + +The locking described above may not be sufficient, at least for good +performance. At some point we may want to switch to read/write locks, +so multiple threads can grovel over a data structure at once as long +as they don't change it. See also notes in src/include/k5-thread.h. diff --git a/src/ChangeLog b/src/ChangeLog index fe47c6aeb..e053ae05d 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,25 @@ +2005-01-12 Tom Yu + + * aclocal.m4 (AC_LIBRARY_NET): Also check for res_ndestroy. + +2004-12-16 Ezra Peisach + + * krb5-config.in: Add krb5support library. + +2004-12-15 Jeffrey Altman + + * Makefile.in: build/clean/install/etc kcpytkt,kdeltkt,ms2mit + +2004-11-19 Tom Yu + + * aclocal.m4 (KRB5_AC_PRIOCNTL_HACK): Check for Solaris patch + 117171-11 (sparc) or 117172-11 (x86), which fixes the Solaris 9 + bug which can cause final pty output to be on close. + +2004-11-18 Tom Yu + + * Makefile.in (install-headers-mkdirs): Create KRB5_INCDIR/gssrpc. + 2004-10-06 Tom Yu * Makefile.in (INSTALLMKDIRS): Add EXAMPLEDIR. diff --git a/src/Makefile.in b/src/Makefile.in index 225868eb6..3a94a769e 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -74,6 +74,7 @@ install-mkdirs: install-headers-mkdirs: $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR) $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/gssapi + $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/gssrpc $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/kerberosIV install-headers-prerecurse: install-headers-mkdirs @@ -145,6 +146,7 @@ WINMAKEFILES=Makefile \ clients\Makefile clients\kdestroy\Makefile \ clients\kinit\Makefile clients\klist\Makefile \ clients\kpasswd\Makefile clients\kvno\Makefile \ + clients\kcpytkt\Makefile clients\kdeltkt\Makefile \ include\Makefile include\krb5\Makefile \ krb524\Makefile \ lib\Makefile lib\crypto\Makefile \ @@ -196,6 +198,10 @@ WINMAKEFILES=Makefile \ ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##clients\kvno\Makefile: clients\kvno\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ +##DOS##clients\kcpytkt\Makefile: clients\kcpytkt\Makefile.in $(MKFDEP) +##DOS## $(WCONFIG) config < $@.in > $@ +##DOS##clients\kdeltkt\Makefile: clients\kdeltkt\Makefile.in $(MKFDEP) +##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##include\Makefile: include\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##include\krb5\Makefile: include\krb5\Makefile.in $(MKFDEP) @@ -329,7 +335,7 @@ ren2long: ZIP=zip FILES= ./* \ clients/* clients/kdestroy/* clients/kinit/* clients/klist/* \ - clients/kpasswd/* \ + clients/kpasswd/* clients/kcpytkt/* clients/kdeltkt/* \ config/* include/* include/kerberosIV/* \ include/krb5/* include/krb5/stock/* include/sys/* krb524/* lib/* \ lib/crypto/* lib/crypto/crc32/* lib/crypto/des/* lib/crypto/dk/* \ @@ -533,11 +539,14 @@ install-windows:: $(CP) windows\gss\$(OUTPRE)gss.exe "$(KRB_INSTALL_DIR)\bin\." $(CP) appl\gss-sample\$(OUTPRE)gss-server.exe "$(KRB_INSTALL_DIR)\bin\." $(CP) appl\gss-sample\$(OUTPRE)gss-client.exe "$(KRB_INSTALL_DIR)\bin\." + $(CP) windows\ms2mit\$(OUTPRE)ms2mit.exe "$(KRB_INSTALL_DIR)\bin\." $(CP) appl\gssftp\ftp\$(OUTPRE)ftp.exe "$(KRB_INSTALL_DIR)\bin\." $(CP) clients\kvno\$(OUTPRE)kvno.exe "$(KRB_INSTALL_DIR)\bin\." $(CP) clients\klist\$(OUTPRE)klist.exe "$(KRB_INSTALL_DIR)\bin\." $(CP) clients\kinit\$(OUTPRE)kinit.exe "$(KRB_INSTALL_DIR)\bin\." $(CP) clients\kdestroy\$(OUTPRE)kdestroy.exe "$(KRB_INSTALL_DIR)\bin\." + $(CP) clients\kcpytkt\$(OUTPRE)kcpytkt.exe "$(KRB_INSTALL_DIR)\bin\." + $(CP) clients\kdeltkt\$(OUTPRE)kdeltkt.exe "$(KRB_INSTALL_DIR)\bin\." $(CP) clients\kpasswd\$(OUTPRE)kpasswd.exe "$(KRB_INSTALL_DIR)\bin\." @if exist "$(KRB_INSTALL_DIR)\bin\krb4_32.dll" del "$(KRB_INSTALL_DIR)\bin\krb4_32.dll" @if exist "$(KRB_INSTALL_DIR)\lib\krb4_32.lib" del "$(KRB_INSTALL_DIR)\lib\krb4_32.lib" diff --git a/src/aclocal.m4 b/src/aclocal.m4 index a060ac94f..d135d5c10 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -1379,7 +1379,7 @@ AC_DEFUN(AC_LIBRARY_NET, [ # This may get us a gethostby* that doesn't respect nsswitch. AC_CHECK_LIB(resolv, main) _KRB5_AC_CHECK_RES_FUNCS(res_nsearch res_search ns_initparse dnl -ns_name_uncompress dn_skipname) +ns_name_uncompress dn_skipname res_ndestroy) if test $krb5_cv_func_res_nsearch = no \ && test $krb5_cv_func_res_search = no; then # Attempt to link with res_search(), in case it's not prototyped. @@ -1636,14 +1636,37 @@ dnl KRB5_AC_PRIOCNTL_HACK dnl dnl AC_DEFUN([KRB5_AC_PRIOCNTL_HACK], +[AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([AC_LANG_COMPILER_REQUIRE])dnl +AC_CACHE_CHECK([whether to use priocntl hack], [krb5_cv_priocntl_hack], [case $krb5_cv_host in *-*-solaris2.9*) - PRIOCNTL_HACK=1 + if test "$cross_compiling" = yes; then + krb5_cv_priocntl_hack=yes + else + # Solaris patch 117171-11 (sparc) or 117172-11 (x86) + # fixes the Solaris 9 bug where final pty output + # gets lost on close. + if showrev -p | $AWK 'BEGIN { e = 1 } +/Patch: 11717[[12]]/ { x = index[]([$]2, "-"); +if (substr[]([$]2, x + 1, length([$]2) - x) >= 11) +{ e = 0 } else { e = 1 } } +END { exit e; }'; then + krb5_cv_priocntl_hack=no + else + krb5_cv_priocntl_hack=yes + fi + fi ;; *) - PRIOCNTL_HACK=0 + krb5_cv_priocntl_hack=no ;; -esac +esac]) +if test "$krb5_cv_priocntl_hack" = yes; then + PRIOCNTL_HACK=1 +else + PRIOCNTL_HACK=0 +fi AC_SUBST(PRIOCNTL_HACK)]) dnl dnl diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index 6ead450fc..281776833 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,24 @@ +2005-01-13 Ezra Peisach + + * ftpd.c: GCC 4.0 fixes... Move static declaration of gunique out + of function. + +2004-11-26 Sam Hartman + + * ftpcmd.y: nbby should be 8 for anything platform we care about. + The previous test broke on Debian BSD, so the test has been + removed. + +2004-11-03 Tom Yu + + * ftpcmd.y (getline): Merge Athena change to reject MICed + password. + + * ftpd.M: Document '-E'. + + * ftpd.c (main): Merge Athena's '-E' changes to prohibit + unencrypted passwords. + 2004-09-22 Tom Yu * Makefile.in (ftpd): Use UTIL_LIB. diff --git a/src/appl/gssftp/ftpd/Makefile.in b/src/appl/gssftp/ftpd/Makefile.in index 67e601e11..f2bc6553b 100644 --- a/src/appl/gssftp/ftpd/Makefile.in +++ b/src/appl/gssftp/ftpd/Makefile.in @@ -105,4 +105,5 @@ $(OUTPRE)secure.$(OBJEXT): $(srcdir)/../ftp/secure.c \ $(KRB_ERR_H_DEP) $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(srcdir)/../arpa/ftp.h $(OUTPRE)getdtablesize.$(OBJEXT): $(srcdir)/../../bsd/getdtablesize.c +$(OUTPRE)setenv.$(OBJEXT): $(srcdir)/../../bsd/setenv.c diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y index db50d5bfb..096014bd2 100644 --- a/src/appl/gssftp/ftpd/ftpcmd.y +++ b/src/appl/gssftp/ftpd/ftpcmd.y @@ -96,15 +96,8 @@ extern gss_ctx_id_t gcontext; #endif #ifndef NBBY -#ifdef linux #define NBBY 8 #endif -#ifdef __pyrsoft -#ifdef MIPSEB -#define NBBY 8 -#endif -#endif -#endif static struct sockaddr_in host_port; @@ -124,6 +117,7 @@ extern int ccc_ok; extern int timeout; extern int maxtimeout; extern int pdata; +extern int authlevel; extern char hostname[], remotehost[]; extern char proctitle[]; extern char *globerr; @@ -1150,6 +1144,18 @@ getline(s, n, iop) } #endif /* GSSAPI */ /* Other auth types go here ... */ + + /* A password should never be MICed, but the CNS ftp + * client and the pre-6/98 Krb5 client did this if you + * authenticated but didn't encrypt. + */ + if (authlevel && mic && !strncmp(s, "PASS", 4)) { + lreply(530, "There is a problem with your ftp client. Password refused."); + reply(530, "Enable encryption before logging in, or update your ftp program."); + *s = 0; + return s; + } + } #if defined KRB5_KRB4_COMPAT || defined GSSAPI /* or other auth types */ else { /* !auth_type */ diff --git a/src/appl/gssftp/ftpd/ftpd.M b/src/appl/gssftp/ftpd/ftpd.M index dc75e9b8d..b26a4bd94 100644 --- a/src/appl/gssftp/ftpd/ftpd.M +++ b/src/appl/gssftp/ftpd/ftpd.M @@ -36,8 +36,8 @@ ftpd \- DARPA Internet File Transfer Protocol server .SH SYNOPSIS .B ftpd -[\fB\-A \fP|\fB -a\fP] [\fB\-C\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB\-l\fP] -[\fB\-v\fP] [\fB\-T\fP \fImaxtimeout\fP] [\fB\-t\fP \fItimeout\fP] +[\fB\-A \fP|\fB -a\fP] [\fB\-C\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB-E\fP] +[\fB\-l\fP] [\fB\-v\fP] [\fB\-T\fP \fImaxtimeout\fP] [\fB\-t\fP \fItimeout\fP] [\fB\-p\fP \fIport\fP] [\fB\-U\fP \fIftpusers-file\fP] [\fB\-u\fP \fIumask\fP] [\fB\-r\fP \fIrealm-file\fP] [\fB\-s\fP \fIsrvtab\fP] [\fB\-w\fP{\fBip\fP|\fImaxhostlen\fP[\fB,\fP{\fBstriplocal\fP|\fBnostriplocal\fP}]}] @@ -77,6 +77,9 @@ less secure connections, and should probably only be used when debugging. .B \-d Debugging information is written to the syslog. (Identical to -v) .TP +.B \-E +Don't allow passwords to be typed across unencrypted connections. +.TP .B \-l Each .IR ftp (1) diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 6048278d7..6655e0d62 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -260,6 +260,7 @@ static void end_login(void); static int disallowed_user(char *); static int restricted_user(char *); static int checkuser(char *); +static char *gunique(char *); #ifdef SETPROCTITLE char **Argv = NULL; /* pointer to argument vector */ @@ -293,9 +294,9 @@ main(argc, argv, envp) extern char *optarg; extern int optopt; #ifdef KRB5_KRB4_COMPAT - char *option_string = "AaCcdlp:r:s:T:t:U:u:vw:"; + char *option_string = "AaCcdElp:r:s:T:t:U:u:vw:"; #else /* !KRB5_KRB4_COMPAT */ - char *option_string = "AaCcdlp:r:T:t:U:u:vw:"; + char *option_string = "AaCcdElp:r:T:t:U:u:vw:"; #endif /* KRB5_KRB4_COMPAT */ ftpusers = _PATH_FTPUSERS_DEFAULT; @@ -328,6 +329,11 @@ main(argc, argv, envp) debug = 1; break; + case 'E': + if (!authlevel) + authlevel = AUTHLEVEL_AUTHENTICATE; + break; + case 'l': logging ++; break; @@ -1274,7 +1280,6 @@ store_file(name, fmode, unique) FILE *fout, *din; struct stat st; int (*closefunc)(); - static char *gunique(); if (logging > 1) syslog(LOG_NOTICE, "put %s", path_expand(name)); diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog index 9e5c888d7..a02cd8d31 100644 --- a/src/appl/telnet/libtelnet/ChangeLog +++ b/src/appl/telnet/libtelnet/ChangeLog @@ -1,3 +1,13 @@ +2004-12-20 Tom Yu + + * kerberos.c (kerberos4_status): Null-terminate the correct + string. Reported by Marcin Garski. + +2004-11-15 Tom Yu + + * auth-proto.h, auth.c: Merge Athena changes for requiring + encrypted connections. + 2004-06-04 Ken Raeburn * Makefile.in (LIBBASE): Renamed from LIB. diff --git a/src/appl/telnet/libtelnet/auth-proto.h b/src/appl/telnet/libtelnet/auth-proto.h index 68cae7efc..6b4957032 100644 --- a/src/appl/telnet/libtelnet/auth-proto.h +++ b/src/appl/telnet/libtelnet/auth-proto.h @@ -67,7 +67,8 @@ void auth_send_retry (void); void auth_is (unsigned char *, int); void auth_reply (unsigned char *, int); void auth_finished (Authenticator *, int); -int auth_wait (char *); +void auth_wait (char *); +int auth_check (char *); int auth_must_encrypt (void); void auth_disable_name (char *); void auth_gen_printsub (unsigned char *, int, unsigned char *, unsigned int); diff --git a/src/appl/telnet/libtelnet/auth.c b/src/appl/telnet/libtelnet/auth.c index 9c1b0b0fc..28b8ae8d1 100644 --- a/src/appl/telnet/libtelnet/auth.c +++ b/src/appl/telnet/libtelnet/auth.c @@ -85,6 +85,7 @@ int auth_debug_mode = 0; int auth_has_failed = 0; int auth_enable_encrypt = 0; +int auth_client_non_unix = 0; static char *Name = "Noname"; static int Server = 0; static Authenticator *authenticated = 0; @@ -337,15 +338,28 @@ auth_request() authenticating = 1; while (ap->type) { if (i_support & ~i_wont_support & typemask(ap->type)) { - if (auth_debug_mode) { - printf(">>>%s: Sending type %d %d\r\n", - Name, ap->type, ap->way); + if (ap->type == AUTHTYPE_KERBEROS_V4 || + !auth_client_non_unix) { + if (auth_debug_mode) { + printf(">>>%s: Sending type %d %d\r\n", + Name, ap->type, ap->way); + } + *e++ = ap->type; + *e++ = ap->way; } - *e++ = ap->type; - *e++ = ap->way; } ++ap; } + if (auth_client_non_unix) { + ap = authenticators; + while (ap->type) { + if (i_support & ~i_wont_support & typemask(ap->type)) { + *e++ = ap->type; + *e++ = ap->way; + } + ++ap; + } + } *e++ = IAC; *e++ = SE; net_write(str_request, e - str_request); @@ -562,7 +576,7 @@ auth_intr(sig) auth_finished(0, AUTH_REJECT); } - int + void auth_wait(name) char *name; { @@ -570,7 +584,7 @@ auth_wait(name) printf(">>>%s: in auth_wait.\r\n", Name); if (Server && !authenticating) - return(0); + return; (void) signal(SIGALRM, auth_intr); alarm(30); @@ -579,7 +593,12 @@ auth_wait(name) break; alarm(0); (void) signal(SIGALRM, SIG_DFL); +} + int +auth_check(name) + char *name; +{ /* * Now check to see if the user is valid or not */ diff --git a/src/appl/telnet/libtelnet/kerberos.c b/src/appl/telnet/libtelnet/kerberos.c index 8d4c7f330..7e0d7360c 100644 --- a/src/appl/telnet/libtelnet/kerberos.c +++ b/src/appl/telnet/libtelnet/kerberos.c @@ -619,7 +619,7 @@ kerberos4_status(ap, kname, level) if (UserNameRequested) { /* the name buffer comes from telnetd/telnetd{-ktd}.c */ strncpy(kname, UserNameRequested, 255); - name[255] = '\0'; + kname[255] = '\0'; } if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog index 1902a32f7..760cbb23f 100644 --- a/src/appl/telnet/telnetd/ChangeLog +++ b/src/appl/telnet/telnetd/ChangeLog @@ -1,3 +1,15 @@ +2004-11-15 Tom Yu + + * ext.h: New variable "must_encrypt". + + * telnetd.8: Update for changed command-line options. + + * telnetd.c (getterminaltype): Merge Athena changes to require + encrypted connections. + + * utility.c (ttsuck): Merge Athena changes to work around some + client timing bugs. + 2004-09-22 Tom Yu * Makefile.in (telnetd): Use UTIL_LIB. diff --git a/src/appl/telnet/telnetd/ext.h b/src/appl/telnet/telnetd/ext.h index 9fe38ef8b..7b77a44b0 100644 --- a/src/appl/telnet/telnetd/ext.h +++ b/src/appl/telnet/telnetd/ext.h @@ -88,6 +88,10 @@ extern char *unptyip; /* pointer to remaining characters in buffer */ extern int pty, net; extern int SYNCHing; /* we are in TELNET SYNCH mode */ +#ifdef ENCRYPTION +extern int must_encrypt; +#endif + extern void _termstat (void), add_slc (int, int, int), diff --git a/src/appl/telnet/telnetd/telnetd.8 b/src/appl/telnet/telnetd/telnetd.8 index 9426a0c3b..78700cbed 100644 --- a/src/appl/telnet/telnetd/telnetd.8 +++ b/src/appl/telnet/telnetd/telnetd.8 @@ -39,7 +39,7 @@ protocol server .SH SYNOPSIS .B /usr/libexec/telnetd [\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP] -[\fB\-edebug\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP] +[\fB\-e\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP] [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] [\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP] [\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]] @@ -163,6 +163,9 @@ Displays the data stream received by .B ptydata Displays data written to the pty. .TP +.B encrypt +Enables encryption debugging code. +.TP .B exercise Has not been implemented yet. .RE @@ -175,12 +178,10 @@ Enables debugging on each socket created by in .IR socket (2)). .TP -.B \-edebug -If +.B \-e +This option causes .B telnetd -has been compiled with support for data encryption, then the -.B edebug -option may be used to enable encryption debugging code. +to refuse unencrypted connections. .TP .B \-h Disables the printing of host-specific information before login has been diff --git a/src/appl/telnet/telnetd/telnetd.c b/src/appl/telnet/telnetd/telnetd.c index 5633d5625..a90fa5c5c 100644 --- a/src/appl/telnet/telnetd/telnetd.c +++ b/src/appl/telnet/telnetd/telnetd.c @@ -173,7 +173,7 @@ char valid_opts[] = { 'D', ':', #endif #ifdef ENCRYPTION - 'e', ':', + 'e', #endif #if defined(CRAY) && defined(NEWINIT) 'I', ':', @@ -308,6 +308,9 @@ main(argc, argv) diagnostic |= TD_PTYDATA; } else if (!strcmp(optarg, "options")) { diagnostic |= TD_OPTIONS; + } else if (!strcmp(optarg, "encrypt")) { + extern int encrypt_debug_mode; + encrypt_debug_mode = 1; } else { usage(); /* NOT REACHED */ @@ -317,13 +320,7 @@ main(argc, argv) #ifdef ENCRYPTION case 'e': - if (strcmp(optarg, "debug") == 0) { - extern int encrypt_debug_mode; - encrypt_debug_mode = 1; - break; - } - usage(); - /* NOTREACHED */ + must_encrypt = 1; break; #endif /* ENCRYPTION */ @@ -694,8 +691,12 @@ usage() static void encrypt_failure() { - char *lerror_message = - "Encryption was not successfully negotiated. Goodbye.\r\n\r\n"; + char *lerror_message; + + if (auth_must_encrypt()) + lerror_message = "Encryption was not successfully negotiated. Goodbye.\r\n\r\n"; + else + lerror_message = "Unencrypted connection refused. Goodbye.\r\n\r\n"; netputs(lerror_message); netflush(); @@ -720,6 +721,7 @@ getterminaltype(name) settimer(baseline); #if defined(AUTHENTICATION) + ttsuck(); /* * Handle the Authentication option before we do anything else. */ @@ -727,7 +729,7 @@ getterminaltype(name) while (his_will_wont_is_changing(TELOPT_AUTHENTICATION)) ttloop(); if (his_state_is_will(TELOPT_AUTHENTICATION)) { - retval = auth_wait(name); + auth_wait(name); } #endif @@ -760,15 +762,25 @@ getterminaltype(name) if (his_state_is_will(TELOPT_ENCRYPT)) { encrypt_wait(); } - if (auth_must_encrypt()) { + if (must_encrypt || auth_must_encrypt()) { time_t timeout = time(0) + 60; if (my_state_is_dont(TELOPT_ENCRYPT) || - my_state_is_wont(TELOPT_ENCRYPT)) + my_state_is_wont(TELOPT_ENCRYPT) || + his_state_is_wont(TELOPT_AUTHENTICATION)) encrypt_failure(); - if (!EncryptStartInput() || !EncryptStartOutput()) - encrypt_failure(); + while (!EncryptStartInput()) { + if (time (0) > timeout) + encrypt_failure(); + ttloop(); + } + + while (!EncryptStartOutput()) { + if (time (0) > timeout) + encrypt_failure(); + ttloop(); + } while (!encrypt_is_encrypting()) { if (time(0) > timeout) @@ -865,7 +877,11 @@ getterminaltype(name) } } } - return(retval); +#ifdef AUTHENTICATION + return(auth_check(name)); +#else + return(-1); +#endif } /* end of getterminaltype */ static void diff --git a/src/appl/telnet/telnetd/utility.c b/src/appl/telnet/telnetd/utility.c index fc8ff7601..f4568ec28 100644 --- a/src/appl/telnet/telnetd/utility.c +++ b/src/appl/telnet/telnetd/utility.c @@ -90,6 +90,67 @@ read_again: } } /* end of ttloop */ +/* + * ttsuck - This is a horrible kludge to deal with a bug in + * HostExplorer. HostExplorer thinks it knows how to do krb5 auth, but + * it doesn't really. So if you offer it krb5 as an auth choice before + * krb4, it will sabotage the connection. So we peek ahead into the + * input stream to see if the client is a UNIX client, and then + * (later) offer krb5 first only if it is. Since no Mac/PC telnet + * clients do auto switching between krb4 and krb5 like the UNIX + * client does, it doesn't matter what order they see the choices in + * (except for HostExplorer). + * + * It is actually not possible to do this without looking ahead into + * the input stream: the client and server both try to begin + * auth/encryption negotiation as soon as possible, so if we let the + * server process things normally, it will already have sent the list + * of supported auth types before seeing the NEW-ENVIRON option. If + * you change the code to hold off sending the list of supported auth + * types until after it knows whether or not the remote side supports + * NEW-ENVIRON, then the auth negotiation and encryption negotiation + * race conditions won't interact properly, and encryption negotiation + * will reliably fail. + */ + + void +ttsuck() +{ + extern int auth_client_non_unix; + int nread; + struct timeval tv; + fd_set fds; + char *p, match[] = {IAC, WILL, TELOPT_NEW_ENVIRON}; + + if (nfrontp-nbackp) { + netflush(); + } + tv.tv_sec = 1; + tv.tv_usec = 0; + FD_SET(net, &fds); + + while (select(net + 1, &fds, NULL, NULL, &tv) == 1) + { + nread = read(net, netibuf + ncc, sizeof(netibuf) - ncc); + if (nread <= 0) + break; + ncc += nread; + } + + auth_client_non_unix = 1; + for (p = netibuf; p < netibuf + ncc; p++) + { + if (!memcmp(p, match, sizeof(match))) + { + auth_client_non_unix = 0; + break; + } + } + + if (ncc > 0) + telrcv(); +} + /* * Check a descriptor to see if out of band data exists on it. */ diff --git a/src/clients/ChangeLog b/src/clients/ChangeLog index 46669142c..643793638 100644 --- a/src/clients/ChangeLog +++ b/src/clients/ChangeLog @@ -1,3 +1,7 @@ +2004-12-15 Jeffrey Altman + + * Makefile.in: output status info for kcpytkt, kdeltkt + 2004-08-20 Jeffrey Altman * Add kcpytkt and kdeltkt directories diff --git a/src/clients/Makefile.in b/src/clients/Makefile.in index f68d6fffa..f1c8be6e2 100644 --- a/src/clients/Makefile.in +++ b/src/clients/Makefile.in @@ -22,8 +22,10 @@ all-windows:: @echo Making all in clients\kvno cd ..\kvno $(MAKE) -$(MFLAGS) + @echo Making all in clients\kcpytkt cd ..\kcpytkt $(MAKE) -$(MFLAGS) + @echo Making all in clients\kdeltkt cd ..\kdeltkt $(MAKE) -$(MFLAGS) cd .. @@ -44,8 +46,10 @@ clean-windows:: @echo Making clean in clients\kvno cd ..\kvno $(MAKE) -$(MFLAGS) clean + @echo Making clean in clients\kcpytkt cd ..\kcpytkt $(MAKE) -$(MFLAGS) clean + @echo Making clean in clients\kdeltkt cd ..\kdeltkt $(MAKE) -$(MFLAGS) clean cd .. diff --git a/src/clients/kdeltkt/ChangeLog b/src/clients/kdeltkt/ChangeLog index 19092315f..35a25951f 100644 --- a/src/clients/kdeltkt/ChangeLog +++ b/src/clients/kdeltkt/ChangeLog @@ -1,3 +1,7 @@ +2004-12-15 Jeffrey Altman + + * Makefile.in: correct the makefile to build kdeltkt, not kvno + 2004-08-19 Jeffrey Altman * kdeltkt.c, kdeltkt.M: Create a new application. diff --git a/src/clients/kdeltkt/Makefile.in b/src/clients/kdeltkt/Makefile.in index 09215940d..d7d371a79 100644 --- a/src/clients/kdeltkt/Makefile.in +++ b/src/clients/kdeltkt/Makefile.in @@ -1,26 +1,26 @@ thisconfigdir=./.. -myfulldir=clients/kvno +myfulldir=clients/kdeltkt mydir=kvno BUILDTOP=$(REL)..$(S).. PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) -all-unix:: kvno -all-windows:: $(OUTPRE)kvno.exe +all-unix:: kdeltkt +all-windows:: $(OUTPRE)kdeltkt.exe all-mac:: -kvno: kvno.o $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $@ kvno.o $(KRB4COMPAT_LIBS) +kdeltkt: kdeltkt.o $(KRB4COMPAT_DEPLIBS) + $(CC_LINK) -o $@ kdeltkt.o $(KRB4COMPAT_LIBS) -$(OUTPRE)kvno.exe: $(OUTPRE)kvno.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) +$(OUTPRE)kdeltkt.exe: $(OUTPRE)kdeltkt.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) link $(EXE_LINKOPTS) /out:$@ $** clean-unix:: - $(RM) kvno.o kvno + $(RM) kdeltkt.o kdeltkt install-unix:: - for f in kvno; do \ + for f in kdeltkt; do \ $(INSTALL_PROGRAM) $$f \ $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ $(INSTALL_DATA) $(srcdir)/$$f.M \ diff --git a/src/config/ChangeLog b/src/config/ChangeLog index 046123718..12e9786a3 100644 --- a/src/config/ChangeLog +++ b/src/config/ChangeLog @@ -1,3 +1,21 @@ +2004-12-17 Jeffrey Altman + + * win-pre.in: add -debug switch to LOPTS if DEBUG_SYMBOLS + +2004-12-17 Ken Raeburn + + * shlib.conf (*-*-netbsd*): Use -fPIC instead of -fpic, which + won't work on sparc64 at least. + +2004-12-15 Jeffrey Altman + + * win-pre.in; optionally build debug symbols for release builds + and rename krb5support_32.dll to k5sprt32.dll + +2004-11-19 Tom Yu + + * pre.in (KRB5_INCSUBDIRS): Add KRB5_INCDIR/gssrpc. + 2004-10-06 Tom Yu * pre.in (datadir, EXAMPLEDIR): Add directory for examples. diff --git a/src/config/pre.in b/src/config/pre.in index 7d3e7a0b5..fca306ddc 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -205,7 +205,8 @@ KRB5_SHLIBDIR = @libdir@$(SHLIB_TAIL_COMP) KRB5_INCDIR = @includedir@ KRB5_INCSUBDIRS = \ $(KRB5_INCDIR)/gssapi \ - $(KRB5_INCDIR)/kerberosIV + $(KRB5_INCDIR)/kerberosIV \ + $(KRB5_INCDIR)/gssrpc # # Macros used by the KADM5 (OV-based) unit test system. diff --git a/src/config/shlib.conf b/src/config/shlib.conf index 3205bb348..f5c6b8405 100644 --- a/src/config/shlib.conf +++ b/src/config/shlib.conf @@ -204,7 +204,7 @@ mips-*-netbsd*) ;; *-*-netbsd*) - PICFLAGS=-fpic + PICFLAGS=-fPIC SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' SHLIBEXT=.so LDCOMBINE='ld -Bshareable' diff --git a/src/config/win-pre.in b/src/config/win-pre.in index 37f22fd2b..73e7bea6a 100644 --- a/src/config/win-pre.in +++ b/src/config/win-pre.in @@ -142,6 +142,10 @@ LOPTS=-nologo -incremental:no # CCOPTS2 was for non-DLL compiles (EXEs, for example) # !ifdef NODEBUG +!ifdef DEBUG_SYMBOL +CCOPTS=/ZI $(CCOPTS) +LOPTS=$(LOPTS) -debug +!endif CCOPTS=/Os /MD $(CCOPTS) LOPTS=$(LOPTS) !else @@ -170,7 +174,7 @@ CLIB=$(BUILDTOP)\lib\$(OUTPRE)comerr32.lib PLIB=$(BUILDTOP)\lib\$(OUTPRE)xpprof32.lib KLIB=$(BUILDTOP)\lib\$(OUTPRE)krb5_32.lib K4LIB=$(BUILDTOP)\lib\$(OUTPRE)krb4_32.lib -SLIB=$(BUILDTOP)\lib\$(OUTPRE)krb5support_32.lib +SLIB=$(BUILDTOP)\lib\$(OUTPRE)k5sprt32.lib GLIB=$(BUILDTOP)\lib\$(OUTPRE)gssapi32.lib WLIB= diff --git a/src/include/ChangeLog b/src/include/ChangeLog index f3e2ae9e3..1f78907b7 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,59 @@ +2005-01-04 Jeffrey Altman + + * win-mac.h: define NEED_INSIXADDR_ANY for ipv6 symbol + +2005-01-21 Ezra Peisach + + * k5-thread.h (k5_os_mutex_lock): Under Irix, invoke + k5_pthread_mutex_lock() with the k5_os_mutex, not the + pthread_mutex_t. + (k5_pthread_assert_locked,unlocked): If DEBUG_THREADS not use, provide + correct prototype. Add missing close paren. + +2005-01-14 Ken Raeburn + + * k5-thread.h [HAVE_PTHREAD && HAVE_PRAGMA_WEAK_REF]: Mark + pthread_self and pthread_equal as weak references. + +2005-01-13 Ken Raeburn + + * k5-thread.h (k5_os_mutex) [pthread case]: Add new field "owner" + if DEBUG_THREADS. + (k5_pthread_mutex_lock, k5_pthread_mutex_unlock, + k5_pthread_assert_locked): New macros/functions; if DEBUG_THREADS, + and thread support loaded, set or check the owner field. + (K5_OS_MUTEX_PARTIAL_INITIALIZER) [pthread case && DEBUG_THREADS]: + Set the owner field. If PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP + is defined, use it. + (k5_os_mutex_lock, k5_os_mutex_unlock, k5_os_mutex_assert_locked) + [pthread case]: Use k5_pthread_ versions. + (k5_mutex_destroy): Update the location data with the mutex + locked, before destroying it. + (k5_mutex_unlock): Update the location data while the mutex is + still locked, and check the assertion that the mutex really is + locked. Convert inline function to macro. + + * k5-thread.h (krb5int_mutex_lock_update_stats, + krb5int_mutex_unlock_update_stats, krb5int_mutex_report_stats) + [!DEBUG_THREADS_STATS]: Declare KRB5_CALLCONV. + +2005-01-04 Jeffrey Altman + + * krb5.hin: add prototype for krb5_is_thread_safe + +2004-12-21 Tom Yu + + * krb5.hin: Flag krb5_principal2salt as KRB5_CALLCONV_WRONG. + +2004-12-08 Ken Raeburn + + * k5-int.h (KRB5INT_ACCESS_STRUCT_VERSION): Bump to 9. + (struct _krb5int_access): Add function pointer field use_dns_kdc. + +2004-10-29 Ken Raeburn + + * fake-addrinfo.h: Include errno.h earlier. + 2004-10-28 Ken Raeburn * k5-thread.h (return_after_yield, k5_mutex_lock) [__GNUC__]: Add diff --git a/src/include/fake-addrinfo.h b/src/include/fake-addrinfo.h index cc23a3f7d..9ed8d406e 100644 --- a/src/include/fake-addrinfo.h +++ b/src/include/fake-addrinfo.h @@ -105,6 +105,7 @@ #include "k5-thread.h" #include /* for sprintf */ +#include #ifdef S_SPLINT_S /*@-incondefs@*/ @@ -967,7 +968,6 @@ fake_getaddrinfo (const char *name, const char *serv, } #ifdef NEED_FAKE_GETNAMEINFO -#include static inline int fake_getnameinfo (const struct sockaddr *sa, socklen_t len, char *host, socklen_t hostlen, @@ -1058,7 +1058,6 @@ fake_getnameinfo (const struct sockaddr *sa, socklen_t len, } #endif -#include #if defined(HAVE_FAKE_GETADDRINFO) || defined(NEED_FAKE_GETNAMEINFO) static inline diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 3373a6516..8d2262ac9 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1672,7 +1672,7 @@ void krb5int_free_srv_dns_data(struct srv_dns_entry *); /* To keep happy libraries which are (for now) accessing internal stuff */ /* Make sure to increment by one when changing the struct */ -#define KRB5INT_ACCESS_STRUCT_VERSION 8 +#define KRB5INT_ACCESS_STRUCT_VERSION 9 #ifndef ANAME_SZ struct ktext; /* from krb.h, for krb524 support */ @@ -1704,6 +1704,7 @@ typedef struct _krb5int_access { const char *protocol, struct srv_dns_entry **answers); void (*free_srv_dns_data)(struct srv_dns_entry *); + int (*use_dns_kdc)(krb5_context); /* krb4 compatibility stuff -- may be null if not enabled */ krb5_int32 (*krb_life_to_time)(krb5_int32, int); diff --git a/src/include/k5-thread.h b/src/include/k5-thread.h index 5fecf0827..9ac5219f4 100644 --- a/src/include/k5-thread.h +++ b/src/include/k5-thread.h @@ -301,7 +301,7 @@ static inline int k5_os_nothread_mutex_unlock(k5_os_nothread_mutex *m) { return 0; } # define k5_os_nothread_mutex_assert_locked(M) ((void)0) -# define k5_os_nothread_mutex_assert_unlocked(M) ((void(0) +# define k5_os_nothread_mutex_assert_unlocked(M) ((void)0) #endif @@ -367,6 +367,8 @@ typedef k5_os_nothread_mutex k5_os_mutex; # pragma weak pthread_mutex_unlock # pragma weak pthread_mutex_destroy # pragma weak pthread_mutex_init +# pragma weak pthread_self +# pragma weak pthread_equal # ifdef HAVE_PTHREAD_MUTEXATTR_SETROBUST_NP_IN_THREAD_LIB # pragma weak pthread_mutexattr_setrobust_np # endif @@ -423,17 +425,53 @@ typedef pthread_once_t k5_once_t; typedef struct { pthread_mutex_t p; +#ifdef DEBUG_THREADS + pthread_t owner; +#endif #ifdef USE_PTHREAD_LOCK_ONLY_IF_LOADED k5_os_nothread_mutex n; #endif } k5_os_mutex; +#ifdef DEBUG_THREADS +# ifdef __GNUC__ +# define k5_pthread_mutex_lock(M) \ + ({ \ + k5_os_mutex *_m2 = (M); \ + int _r2 = pthread_mutex_lock(&_m2->p); \ + if (_r2 == 0) _m2->owner = pthread_self(); \ + _r2; \ + }) +# else +static inline int +k5_pthread_mutex_lock(k5_os_mutex *m) +{ + int r = pthread_mutex_lock(&m->p); + if (r) + return r; + m->owner = pthread_self(); + return 0; +} +# endif +# define k5_pthread_assert_locked(M) \ + (K5_PTHREADS_LOADED \ + ? assert(pthread_equal((M)->owner, pthread_self())) \ + : (void)0) +# define k5_pthread_mutex_unlock(M) \ + (k5_pthread_assert_locked(M), \ + (M)->owner = (pthread_t) 0, \ + pthread_mutex_unlock(&(M)->p)) +#else +# define k5_pthread_mutex_lock(M) pthread_mutex_lock(&(M)->p) +static inline void k5_pthread_assert_locked(k5_os_mutex *m) { } +# define k5_pthread_mutex_unlock(M) pthread_mutex_unlock(&(M)->p) +#endif + /* Define as functions to: (1) eliminate "statement with no effect" warnings for "0" (2) encourage type-checking in calling code */ static inline void k5_pthread_assert_unlocked(pthread_mutex_t *m) { } -static inline void k5_pthread_assert_locked(pthread_mutex_t *m) { } #if defined(DEBUG_THREADS_SLOW) && HAVE_SCHED_H && (HAVE_SCHED_YIELD || HAVE_PRAGMA_WEAK_REF) # include @@ -481,8 +519,18 @@ static inline int return_after_yield(int r) #ifdef USE_PTHREAD_LOCK_ONLY_IF_LOADED -# define K5_OS_MUTEX_PARTIAL_INITIALIZER \ +# if defined(PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP) && defined(DEBUG_THREADS) +# define K5_OS_MUTEX_PARTIAL_INITIALIZER \ + { PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP, (pthread_t) 0, \ + K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER } +# elif defined(DEBUG_THREADS) +# define K5_OS_MUTEX_PARTIAL_INITIALIZER \ + { PTHREAD_MUTEX_INITIALIZER, (pthread_t) 0, \ + K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER } +# else +# define K5_OS_MUTEX_PARTIAL_INITIALIZER \ { PTHREAD_MUTEX_INITIALIZER, K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER } +# endif # define k5_os_mutex_finish_init(M) \ k5_os_nothread_mutex_finish_init(&(M)->n) @@ -499,12 +547,12 @@ static inline int return_after_yield(int r) # define k5_os_mutex_lock(M) \ return_after_yield(K5_PTHREADS_LOADED \ - ? pthread_mutex_lock(&(M)->p) \ + ? k5_pthread_mutex_lock(M) \ : k5_os_nothread_mutex_lock(&(M)->n)) # define k5_os_mutex_unlock(M) \ (MAYBE_SCHED_YIELD(), \ (K5_PTHREADS_LOADED \ - ? pthread_mutex_unlock(&(M)->p) \ + ? k5_pthread_mutex_unlock(M) \ : k5_os_nothread_mutex_unlock(&(M)->n))) # define k5_os_mutex_assert_unlocked(M) \ @@ -513,22 +561,32 @@ static inline int return_after_yield(int r) : k5_os_nothread_mutex_assert_unlocked(&(M)->n)) # define k5_os_mutex_assert_locked(M) \ (K5_PTHREADS_LOADED \ - ? k5_pthread_assert_locked(&(M)->p) \ + ? k5_pthread_assert_locked(M) \ : k5_os_nothread_mutex_assert_locked(&(M)->n)) #else -# define K5_OS_MUTEX_PARTIAL_INITIALIZER \ +# ifdef DEBUG_THREADS +# ifdef PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP +# define K5_OS_MUTEX_PARTIAL_INITIALIZER \ + { PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP, (pthread_t) 0 } +# else +# define K5_OS_MUTEX_PARTIAL_INITIALIZER \ + { PTHREAD_MUTEX_INITIALIZER, (pthread_t) 0 } +# endif +# else +# define K5_OS_MUTEX_PARTIAL_INITIALIZER \ { PTHREAD_MUTEX_INITIALIZER } +# endif static inline int k5_os_mutex_finish_init(k5_os_mutex *m) { return 0; } # define k5_os_mutex_init(M) pthread_mutex_init(&(M)->p, 0) # define k5_os_mutex_destroy(M) pthread_mutex_destroy(&(M)->p) -# define k5_os_mutex_lock(M) return_after_yield(pthread_mutex_lock(&(M)->p)) -# define k5_os_mutex_unlock(M) (MAYBE_SCHED_YIELD(),pthread_mutex_unlock(&(M)->p)) +# define k5_os_mutex_lock(M) return_after_yield(k5_pthread_mutex_lock(M)) +# define k5_os_mutex_unlock(M) (MAYBE_SCHED_YIELD(),k5_pthread_mutex_unlock(M)) # define k5_os_mutex_assert_unlocked(M) k5_pthread_assert_unlocked(&(M)->p) -# define k5_os_mutex_assert_locked(M) k5_pthread_assert_locked(&(M)->p) +# define k5_os_mutex_assert_locked(M) k5_pthread_assert_locked(M) #endif /* is pthreads always available? */ @@ -614,7 +672,7 @@ static inline int k5_mutex_finish_init_1(k5_mutex_t *m, k5_debug_loc l) #define k5_mutex_finish_init(M) k5_mutex_finish_init_1((M), K5_DEBUG_LOC) #define k5_mutex_destroy(M) \ (k5_os_mutex_assert_unlocked(&(M)->os), \ - (M)->loc_last = K5_DEBUG_LOC, \ + k5_mutex_lock(M), (M)->loc_last = K5_DEBUG_LOC, k5_mutex_unlock(M), \ k5_os_mutex_destroy(&(M)->os)) #ifdef __GNUC__ #define k5_mutex_lock(M) \ @@ -637,16 +695,10 @@ static inline int k5_mutex_lock_1(k5_mutex_t *m, k5_debug_loc l) } #define k5_mutex_lock(M) k5_mutex_lock_1(M, K5_DEBUG_LOC) #endif -static inline int k5_mutex_unlock_1(k5_mutex_t *m, k5_debug_loc l) -{ - int err = 0; - err = k5_os_mutex_unlock(&m->os); - if (err) - return err; - m->loc_last = l; - return err; -} -#define k5_mutex_unlock(M) k5_mutex_unlock_1(M, K5_DEBUG_LOC) +#define k5_mutex_unlock(M) \ + (k5_mutex_assert_locked(M), \ + (M)->loc_last = K5_DEBUG_LOC, \ + k5_os_mutex_unlock(&(M)->os)) #define k5_mutex_assert_locked(M) k5_os_mutex_assert_locked(&(M)->os) #define k5_mutex_assert_unlocked(M) k5_os_mutex_assert_unlocked(&(M)->os) diff --git a/src/include/krb5.hin b/src/include/krb5.hin index 58fbfaa69..46f3a143d 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -1369,6 +1369,8 @@ krb5_boolean krb5_is_permitted_enctype (krb5_context, krb5_enctype); #endif +krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void); + /* libkrb.spec */ #if KRB5_PRIVATE krb5_error_code krb5_kdc_rep_decrypt_proc @@ -1656,7 +1658,7 @@ krb5_error_code KRB5_CALLCONV krb5_kt_add_entry (krb5_context, krb5_keytab, krb5_keytab_entry * ); -krb5_error_code krb5_principal2salt +krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt (krb5_context, krb5_const_principal, krb5_data *); #if KRB5_PRIVATE diff --git a/src/include/win-mac.h b/src/include/win-mac.h index 353d2beba..0b58a9c4d 100644 --- a/src/include/win-mac.h +++ b/src/include/win-mac.h @@ -77,6 +77,7 @@ typedef unsigned char u_char; /* if __STDC_VERSION__ >= 199901L this shouldn't be needed */ #define inline __inline #define KRB5_USE_INET6 +#define NEED_INSIXADDR_ANY #define ENABLE_THREADS #define WM_KERBEROS5_CHANGED "Kerberos5 Changed" diff --git a/src/krb5-config.in b/src/krb5-config.in index 5ae2410a9..b0d8c0c07 100644 --- a/src/krb5-config.in +++ b/src/krb5-config.in @@ -212,7 +212,7 @@ if test -n "$do_libs"; then fi if test $library = 'krb5'; then - lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $LIBS $GEN_LIB" + lib_flags="$lib_flags -lkrb5 -lk5crypto -lkrb5support -lcom_err $LIBS $GEN_LIB" fi echo $lib_flags diff --git a/src/lib/.cvsignore b/src/lib/.cvsignore index 31ed3b099..2a089b44b 100644 --- a/src/lib/.cvsignore +++ b/src/lib/.cvsignore @@ -1 +1 @@ -krb5support32.def +k5sprt32.def diff --git a/src/lib/ChangeLog b/src/lib/ChangeLog index d8ddd1970..10a156572 100644 --- a/src/lib/ChangeLog +++ b/src/lib/ChangeLog @@ -1,3 +1,16 @@ +2005-01-03 Jeffrey Altman + + * krb5_32.def: export krb5_is_thread_safe() + +2004-12-18 Jeffrey Altman + + * krb5_32.def: mark krb5_principal2salt as using the wrong + calling convention. + +2004-12-15 Jeffrey Altman + + *.cvsignore, Makefile.in: rename krb5support32.def to k5sprt32.def + 2004-09-24 Tom Yu * Makefile.in (RCFLAGS): Add -I$(SRCTOP) to get patchlevel.h. diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 909fadcb6..67867c777 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -28,7 +28,7 @@ clean-windows:: ##MIT##MITLIBS=$(VS_LIB) ##MIT##MITFLAGS=-I$(VS_INC) /DVERSERV=1 -SLIBS = $(BUILDTOP)\util\support\$(OUTPRE)krb5support_32.lib +SLIBS = $(BUILDTOP)\util\support\$(OUTPRE)k5sprt32.lib CLIBS = $(BUILDTOP)\util\et\$(OUTPRE)comerr.lib PLIBS = $(BUILDTOP)\util\profile\$(OUTPRE)profile.lib KLIBS = krb5\$(OUTPRE)krb5.lib crypto\$(OUTPRE)crypto.lib \ @@ -37,7 +37,7 @@ KLIBS = krb5\$(OUTPRE)krb5.lib crypto\$(OUTPRE)crypto.lib \ GLIBS = gssapi\$(OUTPRE)gssapi.lib K4LIBS = krb4\$(OUTPRE)krb4.lib -SDEF = krb5support32.def +SDEF = k5sprt32.def CDEF = comerr32.def PDEF = xpprof32.def KDEF = krb5_32.def diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index c28350461..feccaa791 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,36 @@ +2005-01-13 Ken Raeburn + + * prng.c (krb5int_prng_init): Incorporate do_yarrow_init body. + Don't check inited variable. + (inited): Variable deleted. + (krb5_c_random_make_octets, krb5int_prng_cleanup): Don't check + it. + (do_yarrow_init): Deleted. + +2005-01-12 Tom Yu + + * prng.c (read_entropy_from_device): Use ssize_t, not size_t, so + read() returning -1 doesn't cause trouble. + +2004-11-17 Ken Raeburn + + * prng.c (do_yarrow_init): Move mutex initialization here. + (krb5int_prng_init): Don't do it here. + +2004-11-15 Sam Hartman + + * t_prng.expected t_prng.reseedtest-expected : Update expected + PRNG test output and confirm that reseeds and gates happen correctly. + +2004-10-29 Ken Raeburn + + * prng.c (yarrow_lock): Rename to krb5int_yarrow_lock via macro, + and change to be non-static. + (krb5int_prng_init): Call do_yarrow_init here. + (krb5_c_random_add_entropy): Don't call it here. Don't lock the + mutex, either. + (krb5_c_random_make_octets): Don't lock the mutex. + 2004-06-16 Ken Raeburn * Makefile.in (MAC_SUBDIRS): Don't set. diff --git a/src/lib/crypto/prng.c b/src/lib/crypto/prng.c index f9ea8696d..54a68e067 100644 --- a/src/lib/crypto/prng.c +++ b/src/lib/crypto/prng.c @@ -30,8 +30,9 @@ #include "yarrow.h" static Yarrow_CTX y_ctx; -static int inited, init_error; -static k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER; +static int init_error; +#define yarrow_lock krb5int_yarrow_lock +k5_mutex_t yarrow_lock = K5_MUTEX_PARTIAL_INITIALIZER; /* Helper function to estimate entropy based on sample length * and where it comes from. @@ -57,31 +58,26 @@ return (0); } int krb5int_prng_init(void) -{ - return k5_mutex_finish_init(&yarrow_lock); -} - -static void do_yarrow_init(void) { unsigned i; int yerr; + yerr = k5_mutex_finish_init(&yarrow_lock); + if (yerr) + return yerr; + yerr = krb5int_yarrow_init (&y_ctx, NULL); - if ((yerr != YARROW_OK) && (yerr != YARROW_NOT_SEEDED)) { - init_error = yerr; - return; - } + if ((yerr != YARROW_OK) && (yerr != YARROW_NOT_SEEDED)) + return KRB5_CRYPTO_INTERNAL; for (i=0; i < KRB5_C_RANDSOURCE_MAX; i++ ) { unsigned source_id; - if (krb5int_yarrow_new_source (&y_ctx, &source_id) != YARROW_OK ) { - init_error = 17; - return; - } + if (krb5int_yarrow_new_source (&y_ctx, &source_id) != YARROW_OK ) + return KRB5_CRYPTO_INTERNAL; assert (source_id == i); } - inited=1; - init_error = 0; + + return 0; } krb5_error_code KRB5_CALLCONV @@ -95,21 +91,11 @@ krb5_c_random_add_entropy (krb5_context context, unsigned int randsource, if (yerr) return yerr; /* Now, finally, feed in the data. */ - yerr = k5_mutex_lock(&yarrow_lock); - if (yerr) - return yerr; - if (!inited) - do_yarrow_init(); - if (init_error) { - k5_mutex_unlock(&yarrow_lock); - return KRB5_CRYPTO_INTERNAL; - } yerr = krb5int_yarrow_input (&y_ctx, randsource, data->data, data->length, entropy_estimate (randsource, data->length)); - k5_mutex_unlock(&yarrow_lock); if (yerr != YARROW_OK) - return (KRB5_CRYPTO_INTERNAL); + return (KRB5_CRYPTO_INTERNAL); return (0); } @@ -123,17 +109,12 @@ krb5_error_code KRB5_CALLCONV krb5_c_random_make_octets(krb5_context context, krb5_data *data) { int yerr; - assert (inited); - yerr = k5_mutex_lock(&yarrow_lock); - if (yerr) - return yerr; yerr = krb5int_yarrow_output (&y_ctx, data->data, data->length); if (yerr == YARROW_NOT_SEEDED) { yerr = krb5int_yarrow_reseed (&y_ctx, YARROW_SLOW_POOL); if (yerr == YARROW_OK) yerr = krb5int_yarrow_output (&y_ctx, data->data, data->length); } - k5_mutex_unlock(&yarrow_lock); if ( yerr != YARROW_OK) return (KRB5_CRYPTO_INTERNAL); return(0); @@ -141,10 +122,8 @@ krb5_c_random_make_octets(krb5_context context, krb5_data *data) void krb5int_prng_cleanup (void) { - if (inited) - krb5int_yarrow_final (&y_ctx); + krb5int_yarrow_final (&y_ctx); k5_mutex_destroy(&yarrow_lock); - inited = 0; } @@ -195,7 +174,7 @@ read_entropy_from_device (krb5_context context, const char *device) return 0; } for (left = sizeof (buf); left > 0;) { - size_t count; + ssize_t count; count = read (fd, &buf, (unsigned) left); if (count <= 0) { close(fd); diff --git a/src/lib/crypto/t_prng.expected b/src/lib/crypto/t_prng.expected index 70b8b5ae4..f7f165051 100644 --- a/src/lib/crypto/t_prng.expected +++ b/src/lib/crypto/t_prng.expected @@ -1,4 +1,4 @@ -18086b1e91f730facb2d6e1b -c562653b24814eb3651b1e68301a3c14b96302bb -6d017f7aef74662ed8dd51eef14281eaad223298db370bfaca -30c04231cb3de404e4b8a5359a74066fd963291d7986be835834ab07870c097682a953bfff38784780eef844de47fb36c34f8e034c96cfa64d9cb5decee472138236e9fb79e9fe1fba6b7757b970f22477d167832206900473f09f3e8c822db6d9a8273340ed6743d99638d6cf192d821b6f33d23278b1a929f303a80865c426d01add11b2f2416babd13e70b44d8eeb731c09c7163af9d1a23cbe20ddb08b0f67ecaa2eed511263a67e9c12e59ef113f0b9e4e4e140b43896078a7571c61826ba099b3dd8c4b096a9785b4434e97ea99e662ba6fdb60a41547ccae4c67d3e1f3ef515198e91f009c75c9e80fda90d13ee29d8aad5d87cc2437ce60e6ce55700837fb0815bfd2495f8aa1a33fe67c1ae28a885506a78ca6257f5a5f2a8042e28680acc83b1aecb3a9cb51911126f2f0deaf14fcfa5f165e9a5c3f8f2d1c3f4683b2d75927a7bc802d63b680a5e22768cc0439854ccd49e58a002794f541bddd6ef6fbd4f9869843a72d0ae9d438c90353a46c0c9863a16b1de206c717ab7ce6ea6f648a38efa12b70bbe3388b35adec7a789ea98de217520d7d6ce699841e17e5946bf5a8b3c7a2c3e2d6767422baf3159ff08d913ec78011ab7d34bc24af26c24a8d46f7261c7705a7b270e27590c29583c659a0df8dada4e7a0532f115040165d18f74a55a4f39bb1dcfd865e94a488ca910cc447e121b2a19450239e75d24 +d2f8fbd707a8ece5cb11a02f +eb4cb6e06236ea1c0529f7acbfca8d78cb85bb1d +a244005ae870604342b0386025874ec4306c1dd483c118621b +63e6408afdf9fd225839a7afcc6da6ae494fb4f82bd21ea06bb17ca0848bdae8cea671f545aac52699951caba960c536024b4102f47d61d61fd7b17582a4cf50ba7d215062558f71483249e079689893f3bf25def7f45f9e852281269904d401d6719e3115f6410088c6c5171e878494362684d2116633bb9ea8d9ed5faec73cb076c44d5d639bc2c8ae3de54f0e1e092d5ea439e607e9cd73053bbdf40723f5b48f298fdeeef845e22e06f2f6362fc67fba366e638a7988999d456dcc3d53b23388d685620a7c446d28cd94b13049761b64779db5412e78ac4bab2aacf103fd1b9ceb7213d43710d6a46fd4223fa20e0a68d3e16a82cbadea650ba815dc9ee99b4eb8e2acdac866a05d90ab9de3246db0560fb4b36633bb642c3ea9bf358937dda743f9cef1148791c2cac58995b8eb8fdb1c0cce1686e04ebef5ae7aae36691faafbe8920d3c013f125b687eb019faefa70fc750c52e2e2e33f426824bf1da31268a9bb8d9501f2290375755f8bf77b46639346b4011b78ce9d81105c7791ec5991a2f1eab037488b604df1a21c5c4e36a7c76dca5884d36e30fe8d30d0e7d93fab72062219390655eace2b434b0e2cd21ec9c5a8aa13e783afadcdf386fc43b960c518acb38d7e3da2f67695c1c1c25c4f251b40f4c2e42e89f6f642c32e66159f6ce24aa910fb5d95e3a899a4de5efcf570996e1a662d14362b65d00524df79cd56be93bd572526e4dfd1cf9f7586bc021105cf5456b28c1f45a6d354d000a113e15f64aa0b5253830c07afc8fa47b58dbba8bbae1645b2093035f2387036229dec6f7141b444b8bb7d0382a742bd5c746ba2d7af3af1cadb2dd90bda87d5daed2d2eebd243c7b2d06955d0cc7fe1061d4cfa3b061aaeb97084d9f9a7ec9dbe9e642f4f090d57b5ea1bd8b393f00896d3dc7089e1fc4c2fed7336c2a8c6d119a682c6cc4ae1ccedd30292f2c5570bf4d6287ce8e20b8b34e7fc38e87273f588cd33b8c913defaee5f6bf8fdeda72531c845a6f97a84d5e9b9a6497d4c48614dee7693df35faedc008fded852be8d4bffd475476336e54ed48a827b99d3f0e39019a40d43aef5ae522ec6e280f6a8e7d2713f3c3188bed2476a84af5a5afefa0fa178ed07de0e073693e8790f8bbd0cf9183e48f140b556e723565c382cf7a4c186748189a14e603e4ac70e2b80c266334231207721d16d834a973b48cfec584620624686603cfd66d55dbf8dd8eccd99d85f041c624ec3a7bec314af95d2313afd43cc5cc19249cf85b7ab0b5a4530b597341e7477b249fef1a07eb0d8fa790e9bce752e8b2f7086e98ab44751e0a1b37f29682ce67c0de7a2fd036f26ed719fc343bbf49432aec651d884c99c24d5943c747f7ec3b48d4c2236a8cb6151794daeda073774cc88ff121fdd423b81ef2f34c8f281ca2e5366faee87ff7a623484f2937cc0680ed76ead32b43cb6c67a21f8089b435f38a404d267397c6435cfac16591a3573d9e92f8c4a8028719c22662b903ddb16e08ea7bb2d6b8938c06bdddb4d174c7f2c5d812ed3a34ba8859a1ae841b3b9d5522372018c9aa55b048df826f05a087f185808cb66899f320783a1c4aa2dcd5f2665405ba7e5726e122b67559a39da30956e49fe7711d1b2506e159c5ea42ce0a1ad497220ee3b3e5ebcb73db975bd08e8be56e5f4533b8295b10d4b0fef466de6540f8fe10530c9716d83a12f5ffbba5b4dbc50ed89388d04e7a15d3d9d251041ed5303efa2525bc62a5aeb821f7838676811784584534be8a7fc667f09c3fe1bbf7d0aad29324f562086ecb8326829413867 diff --git a/src/lib/crypto/t_prng.reseedtest-expected b/src/lib/crypto/t_prng.reseedtest-expected index af9b02b04..d7b50801e 100644 --- a/src/lib/crypto/t_prng.reseedtest-expected +++ b/src/lib/crypto/t_prng.reseedtest-expected @@ -1 +1 @@ -7a2f63cdd9b0bfae94b75ee554be49ff8e7bc82e +fd543f42aded9bd725c9b05682cd0f504c1b33d1 diff --git a/src/lib/crypto/t_prng.seed b/src/lib/crypto/t_prng.seed index 0b3c7033d..79f4f6458 100644 --- a/src/lib/crypto/t_prng.seed +++ b/src/lib/crypto/t_prng.seed @@ -22,4 +22,4 @@ de 7c f0 c5 6a 37 0b 34 f4 0c 3a 19 31 eb 66 f1 ae 5f c6 a3 64 3f 2e a9 76 e1 87 93 df b6 94 86 bd 96 57 3f 31 e6 88 8c -512 +1290 diff --git a/src/lib/crypto/yarrow/ChangeLog b/src/lib/crypto/yarrow/ChangeLog index 38d6fe7c6..cf08dc9ed 100644 --- a/src/lib/crypto/yarrow/ChangeLog +++ b/src/lib/crypto/yarrow/ChangeLog @@ -1,3 +1,47 @@ +2005-01-13 Ken Raeburn + + * yarrow.c (yarrow_reseed_locked): Renamed from + krb5int_yarrow_reseed and made static. + (Yarrow_detect_fork, yarrow_input_maybe_locking, + krb5int_yarrow_output_Block): Call it. + (krb5int_yarrow_reseed): New function, grabs lock and calls the + old version. + (krb5int_yarrow_final): Hold the lock until after clearing the + Yarrow context data. + +2005-01-13 Ezra Peisach + + * yarrow.c: Declare yarrow_gate_locked static before first use. + +2004-11-22 Ken Raeburn + + * yarrow.c (yarrow_input_maybe_locking): Renamed from + yarrow_input_maybe_locking, made static. New argument indicates + whether or not to do locking. + (krb5int_yarrow_input): New wrapper function. + (yarrow_input_locked): New wrapper function. + (Yarrow_detect_fork): Call yarrow_input_locked. + +2004-11-15 Sam Hartman + + * ycipher.h: Use AES256 not 3des + +2004-11-01 Ken Raeburn + + * yarrow.c (krb5int_yarrow_input, krb5int_yarrow_final): Don't + check for forking here. + (yarrow_output_locked): Split out from krb5int_yarrow_output, + without locking. + (krb5int_yarrow_output): Do locking and call yarrow_output_locked. + (yarrow_gate_locked): New function; uses yarrow_output_locked. + (krb5int_yarrow_output_Block): Use yarrow_gate_locked. + +2004-10-29 Ken Raeburn + + * ylock.h: Include k5-thread.h. + (krb5int_yarrow_lock): Declare. + (LOCK, UNLOCK): Define as macros using the k5_mutex_ macros. + 2004-06-04 Ken Raeburn * yarrow.c (yarrow_str_error): Now const. diff --git a/src/lib/crypto/yarrow/yarrow.c b/src/lib/crypto/yarrow/yarrow.c index c9f418896..29c10f79e 100644 --- a/src/lib/crypto/yarrow/yarrow.c +++ b/src/lib/crypto/yarrow/yarrow.c @@ -71,6 +71,8 @@ static int Yarrow_Load_State( Yarrow_CTX *y ); static int Yarrow_Save_State( Yarrow_CTX *y ); #endif +static int yarrow_gate_locked(Yarrow_CTX* y); + static const byte zero_block[CIPHER_BLOCK_SIZE] = { 0, }; static const char* const yarrow_str_error[] = { @@ -117,10 +119,17 @@ static void krb5int_yarrow_init_Limits(Yarrow_CTX* y) } } +static int yarrow_reseed_locked( Yarrow_CTX* y, int pool ); + /* if the program was forked, the child must not operate on the same PRNG state */ #ifdef YARROW_DETECT_FORK +static int +yarrow_input_locked( Yarrow_CTX* y, unsigned source_id, + const void *sample, + size_t size, size_t entropy_bits ); + static int Yarrow_detect_fork(Yarrow_CTX *y) { pid_t newpid; @@ -135,12 +144,12 @@ static int Yarrow_detect_fork(Yarrow_CTX *y) * Then we reseed. This doesn't really increase entropy, but does make the * streams distinct assuming we already have good entropy*/ y->pid = newpid; - TRY (krb5int_yarrow_input (y, 0, &newpid, - sizeof (newpid), 0)); - TRY (krb5int_yarrow_input (y, 0, &newpid, - sizeof (newpid), 0)); - TRY (krb5int_yarrow_reseed (y, YARROW_FAST_POOL)); - } + TRY (yarrow_input_locked (y, 0, &newpid, + sizeof (newpid), 0)); + TRY (yarrow_input_locked (y, 0, &newpid, + sizeof (newpid), 0)); + TRY (yarrow_reseed_locked (y, YARROW_FAST_POOL)); + } CATCH: EXCEP_RET; @@ -241,10 +250,11 @@ int krb5int_yarrow_init(Yarrow_CTX* y, const char *filename) EXCEP_RET; } -YARROW_DLL -int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, - const void* sample, - size_t size, size_t entropy_bits ) +static +int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id, + const void* sample, + size_t size, size_t entropy_bits, + int do_lock ) { EXCEP_DECL; int ret; @@ -254,7 +264,6 @@ int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, size_t estimate; if (!y) { THROW( YARROW_BAD_ARG ); } - TRY( Yarrow_detect_fork( y ) ); if (source_id >= y->num_sources) { THROW( YARROW_BAD_SOURCE ); } @@ -265,8 +274,10 @@ int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, THROW( YARROW_BAD_SOURCE ); } - TRY( LOCK() ); - locked = 1; + if (do_lock) { + TRY( LOCK() ); + locked = 1; + } /* hash in the sample */ @@ -295,7 +306,7 @@ int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, { if (source->entropy[YARROW_FAST_POOL] >= y->fast_thresh) { - ret = krb5int_yarrow_reseed(y, YARROW_FAST_POOL); + ret = yarrow_reseed_locked(y, YARROW_FAST_POOL); if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED ) { THROW( ret ); @@ -312,7 +323,7 @@ int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, if (y->slow_k_of_n >= y->slow_k_of_n_thresh) { y->slow_k_of_n = 0; - ret = krb5int_yarrow_reseed(y, YARROW_SLOW_POOL); + ret = yarrow_reseed_locked(y, YARROW_SLOW_POOL); if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED ) { THROW( ret ); @@ -331,6 +342,24 @@ int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, EXCEP_RET; } +YARROW_DLL +int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, + const void* sample, + size_t size, size_t entropy_bits ) +{ + return yarrow_input_maybe_locking(y, source_id, sample, size, + entropy_bits, 1); +} + +static int +yarrow_input_locked( Yarrow_CTX* y, unsigned source_id, + const void *sample, + size_t size, size_t entropy_bits ) +{ + return yarrow_input_maybe_locking(y, source_id, sample, size, + entropy_bits, 0); +} + YARROW_DLL int krb5int_yarrow_new_source(Yarrow_CTX* y, unsigned* source_id) { @@ -395,7 +424,7 @@ static int krb5int_yarrow_output_Block( Yarrow_CTX* y, void* out ) if (y->out_count >= y->Pg) { y->out_count = 0; - TRY( krb5int_yarrow_gate( y ) ); + TRY( yarrow_gate_locked( y ) ); /* require new seed after reaching gates_limit */ @@ -408,7 +437,7 @@ static int krb5int_yarrow_output_Block( Yarrow_CTX* y, void* out ) TRACE( printf( "OUTPUT LIMIT REACHED," ); ); - TRY( krb5int_yarrow_reseed( y, YARROW_SLOW_POOL ) ); + TRY( yarrow_reseed_locked( y, YARROW_SLOW_POOL ) ); } } @@ -478,11 +507,23 @@ int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id, EXCEP_RET; } +static int yarrow_output_locked(Yarrow_CTX*, void*, size_t); + YARROW_DLL int krb5int_yarrow_output( Yarrow_CTX* y, void* out, size_t size ) { EXCEP_DECL; - int locked = 0; + TRY( LOCK() ); + TRY( yarrow_output_locked(y, out, size)); +CATCH: + UNLOCK(); + EXCEP_RET; +} + +static +int yarrow_output_locked( Yarrow_CTX* y, void* out, size_t size ) +{ + EXCEP_DECL; size_t left; char* outp; size_t use; @@ -495,8 +536,6 @@ int krb5int_yarrow_output( Yarrow_CTX* y, void* out, size_t size ) left = size; outp = out; - TRY( LOCK() ); - if (y->out_left > 0) { use = min(left, y->out_left); @@ -521,8 +560,30 @@ int krb5int_yarrow_output( Yarrow_CTX* y, void* out, size_t size ) } CATCH: - if ( locked ) { TRY( UNLOCK() ); } + EXCEP_RET; +} + +static int yarrow_gate_locked(Yarrow_CTX* y) +{ + EXCEP_DECL; + byte new_K[CIPHER_KEY_SIZE]; + + if (!y) { THROW( YARROW_BAD_ARG ); } + TRACE( printf( "GATE[" ); ); + + /* K <- Next k bits of PRNG output */ + + TRY( yarrow_output_locked(y, new_K, CIPHER_KEY_SIZE) ); + mem_copy(y->K, new_K, CIPHER_KEY_SIZE); + + /* need to resetup the key schedule as the key has changed */ + + TRY (krb5int_yarrow_cipher_init(&y->cipher, y->K)); + + CATCH: + TRACE( printf( "]," ); ); + mem_zero(new_K, sizeof(new_K)); EXCEP_RET; } @@ -608,7 +669,7 @@ static int Yarrow_Save_State( Yarrow_CTX *y ) #endif -int krb5int_yarrow_reseed(Yarrow_CTX* y, int pool) +static int yarrow_reseed_locked(Yarrow_CTX* y, int pool) { EXCEP_DECL; HASH_CTX* fast_pool = &y->pool[YARROW_FAST_POOL]; @@ -755,6 +816,14 @@ int krb5int_yarrow_reseed(Yarrow_CTX* y, int pool) EXCEP_RET; } +int krb5int_yarrow_reseed(Yarrow_CTX* y, int pool) +{ + int r; + LOCK(); + r = yarrow_reseed_locked(y, pool); + UNLOCK(); + return r; +} int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_size) { @@ -837,7 +906,6 @@ int krb5int_yarrow_final(Yarrow_CTX* y) int locked = 0; if (!y) { THROW( YARROW_BAD_ARG ); } - TRY( Yarrow_detect_fork(y) ); TRY( LOCK() ); locked = 1; @@ -849,9 +917,9 @@ int krb5int_yarrow_final(Yarrow_CTX* y) #endif CATCH: - if ( locked ) { TRY( UNLOCK() ); } krb5int_yarrow_cipher_final(&y->cipher); mem_zero( y, sizeof(Yarrow_CTX) ); + if ( locked ) { TRY( UNLOCK() ); } EXCEP_RET; } diff --git a/src/lib/crypto/yarrow/ycipher.h b/src/lib/crypto/yarrow/ycipher.h index c858c6dd8..96999c0db 100644 --- a/src/lib/crypto/yarrow/ycipher.h +++ b/src/lib/crypto/yarrow/ycipher.h @@ -17,15 +17,15 @@ typedef struct * call the enc_provider function to get the info. */ -#define yarrow_enc_provider krb5int_enc_des3 +#define yarrow_enc_provider krb5int_enc_aes256 -#define CIPHER_BLOCK_SIZE 8 -#define CIPHER_KEY_SIZE 21 +#define CIPHER_BLOCK_SIZE 16 +#define CIPHER_KEY_SIZE 32 #if defined( YARROW_NO_MATHLIB ) /* see macros at end for functions evaluated */ -#define POW_CIPHER_KEY_SIZE 72057594037927936.0 -#define POW_CIPHER_BLOCK_SIZE 18446744073709551616.0 +#define POW_CIPHER_KEY_SIZE 115792089237316195423570985008687907853269984665640564039457584007913129639936.0 +#define POW_CIPHER_BLOCK_SIZE 340282366920938463463374607431768211456.0 #endif diff --git a/src/lib/crypto/yarrow/ylock.h b/src/lib/crypto/yarrow/ylock.h index 21d3911b7..9c032dc61 100644 --- a/src/lib/crypto/yarrow/ylock.h +++ b/src/lib/crypto/yarrow/ylock.h @@ -11,8 +11,14 @@ * and YARROW_LOCKING on failure */ - +#if 0 static int LOCK( void ) { return (YARROW_OK); } static int UNLOCK( void ) { return (YARROW_OK); } +#else +#include "k5-thread.h" +extern k5_mutex_t krb5int_yarrow_lock; +#define LOCK() (k5_mutex_lock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK) +#define UNLOCK() (k5_mutex_unlock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK) +#endif #endif /* YLOCK_H */ diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 3237548d3..e49be6ba3 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,9 @@ +2005-01-13 Jeffrey Altman + + * init_sec_context.c, acquire_cred.c: fix calls to + krb5_gss_release_cred() to pass in the correct type. + This fixes a mutex leak. + 2004-08-27 Tom Yu * init_sec_context.c (make_ap_req_v1): Free checksum data diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 12d2cacc0..56d6a473c 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -444,6 +444,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, if ((cred_usage != GSS_C_INITIATE) && (cred_usage != GSS_C_ACCEPT) && (cred_usage != GSS_C_BOTH)) { + k5_mutex_destroy(&cred->lock); xfree(cred); *minor_status = (OM_uint32) G_BAD_USAGE; krb5_free_context(context); @@ -460,7 +461,8 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, != GSS_S_COMPLETE) { if (cred->princ) krb5_free_principal(context, cred->princ); - xfree(cred); + k5_mutex_destroy(&cred->lock); + xfree(cred); /* minor_status set by acquire_accept_cred() */ krb5_free_context(context); return(ret); @@ -481,7 +483,8 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, krb5_kt_close(context, cred->keytab); if (cred->princ) krb5_free_principal(context, cred->princ); - xfree(cred); + k5_mutex_destroy(&cred->lock); + xfree(cred); /* minor_status set by acquire_init_cred() */ krb5_free_context(context); return(ret); @@ -496,7 +499,8 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, (void)krb5_cc_close(context, cred->ccache); if (cred->keytab) (void)krb5_kt_close(context, cred->keytab); - xfree(cred); + k5_mutex_destroy(&cred->lock); + xfree(cred); *minor_status = code; krb5_free_context(context); return(GSS_S_FAILURE); @@ -519,7 +523,8 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, (void)krb5_kt_close(context, cred->keytab); if (cred->princ) krb5_free_principal(context, cred->princ); - xfree(cred); + k5_mutex_destroy(&cred->lock); + xfree(cred); *minor_status = code; krb5_free_context(context); return(GSS_S_FAILURE); @@ -548,6 +553,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, (void)krb5_kt_close(context, cred->keytab); if (cred->princ) krb5_free_principal(context, cred->princ); + k5_mutex_destroy(&cred->lock); xfree(cred); /* *minor_status set above */ krb5_free_context(context); @@ -566,6 +572,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, (void)krb5_kt_close(context, cred->keytab); if (cred->princ) krb5_free_principal(context, cred->princ); + k5_mutex_destroy(&cred->lock); xfree(cred); *minor_status = (OM_uint32) G_VALIDATE_FAILED; krb5_free_context(context); diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 3ffb5154d..4f4055932 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -925,7 +925,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if (err) { k5_mutex_unlock(&cred->lock); if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) - krb5_gss_release_cred(minor_status, (gss_cred_id_t)cred); + krb5_gss_release_cred(minor_status, (gss_cred_id_t)&cred); *minor_status = 0; if (*context_handle == GSS_C_NO_CONTEXT) krb5_free_context(context); @@ -962,7 +962,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, } if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) - krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t)cred); + krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t)&cred); return(major_status); } diff --git a/src/lib/kadm5/srv/ChangeLog b/src/lib/kadm5/srv/ChangeLog index dcadace07..eeba8685c 100644 --- a/src/lib/kadm5/srv/ChangeLog +++ b/src/lib/kadm5/srv/ChangeLog @@ -1,3 +1,13 @@ +2004-12-20 Tom Yu + + * svr_principal.c (add_to_history): Rewrite somewhat, using + temporary variables to make things somewhat more readable. Fix + buffer overflow case where the next pointer points into + unallocated space but resizing wasn't done, i.e., when someone + decreases the policy history count to the exact "right" number. + Fix some memory leaks. To avoid losing entries, shift some + entries forward after growing the array. + 2004-08-21 Tom Yu * libkadm5srv.exports: Update for previous renaming. diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index c567f8369..7dc2d8f6b 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -989,35 +989,46 @@ void free_history_entry(krb5_context context, osa_pw_hist_ent *hist) * array where the next element should be written, and must be [0, * adb->old_key_len). */ -#define KADM_MOD(x) (x + adb->old_key_next) % adb->old_key_len static kadm5_ret_t add_to_history(krb5_context context, osa_princ_ent_t adb, kadm5_policy_ent_t pol, osa_pw_hist_ent *pw) { osa_pw_hist_ent *histp; - int i; + uint32_t nhist; + unsigned int i, knext, nkeys; + nhist = pol->pw_history_num; /* A history of 1 means just check the current password */ - if (pol->pw_history_num == 1) + if (nhist <= 1) return 0; + nkeys = adb->old_key_len; + knext = adb->old_key_next; /* resize the adb->old_keys array if necessary */ - if (adb->old_key_len < pol->pw_history_num-1) { + if (nkeys + 1 < nhist) { if (adb->old_keys == NULL) { adb->old_keys = (osa_pw_hist_ent *) - malloc((adb->old_key_len + 1) * sizeof (osa_pw_hist_ent)); + malloc((nkeys + 1) * sizeof (osa_pw_hist_ent)); } else { adb->old_keys = (osa_pw_hist_ent *) realloc(adb->old_keys, - (adb->old_key_len + 1) * sizeof (osa_pw_hist_ent)); + (nkeys + 1) * sizeof (osa_pw_hist_ent)); } if (adb->old_keys == NULL) return(ENOMEM); - memset(&adb->old_keys[adb->old_key_len],0,sizeof(osa_pw_hist_ent)); - adb->old_key_len++; - } else if (adb->old_key_len > pol->pw_history_num-1) { + memset(&adb->old_keys[nkeys], 0, sizeof(osa_pw_hist_ent)); + nkeys = ++adb->old_key_len; + /* + * To avoid losing old keys, shift forward each entry after + * knext. + */ + for (i = nkeys - 1; i > knext; i--) { + adb->old_keys[i] = adb->old_keys[i - 1]; + } + memset(&adb->old_keys[knext], 0, sizeof(osa_pw_hist_ent)); + } else if (nkeys + 1 > nhist) { /* * The policy must have changed! Shrink the array. * Can't simply realloc() down, since it might be wrapped. @@ -1027,46 +1038,64 @@ static kadm5_ret_t add_to_history(krb5_context context, * where N = pw_history_num - 1 is the length of the * shortened list. Matt Crawford, FNAL */ + /* + * M = adb->old_key_len, N = pol->pw_history_num - 1 + * + * tmp[0] .. tmp[N-1] = old[(knext-N)%M] .. old[(knext-1)%M] + */ int j; - histp = (osa_pw_hist_ent *) - malloc((pol->pw_history_num - 1) * sizeof (osa_pw_hist_ent)); - if (histp) { - for (i = 0; i < pol->pw_history_num - 1; i++) { - /* We need the number we use the modulus operator on to be - positive, so after subtracting pol->pw_history_num-1, we - add back adb->old_key_len. */ - j = KADM_MOD(i - (pol->pw_history_num - 1) + adb->old_key_len); - histp[i] = adb->old_keys[j]; + osa_pw_hist_t tmp; + + tmp = (osa_pw_hist_ent *) + malloc((nhist - 1) * sizeof (osa_pw_hist_ent)); + if (tmp == NULL) + return ENOMEM; + for (i = 0; i < nhist - 1; i++) { + /* + * Add nkeys once before taking remainder to avoid + * negative values. + */ + j = (i + nkeys + knext - (nhist - 1)) % nkeys; + tmp[i] = adb->old_keys[j]; + } + /* Now free the ones we don't keep (the oldest ones) */ + for (i = 0; i < nkeys - (nhist - 1); i++) { + j = (i + nkeys + knext) % nkeys; + histp = &adb->old_keys[j]; + for (j = 0; j < histp->n_key_data; j++) { + krb5_free_key_data_contents(context, &histp->key_data[j]); } - /* Now free the ones we don't keep (the oldest ones) */ - for (i = 0; i < adb->old_key_len - (pol->pw_history_num - 1); i++) - for (j = 0; j < adb->old_keys[KADM_MOD(i)].n_key_data; j++) - krb5_free_key_data_contents(context, - &adb->old_keys[KADM_MOD(i)].key_data[j]); - free((void *)adb->old_keys); - adb->old_keys = histp; - adb->old_key_len = pol->pw_history_num - 1; - adb->old_key_next = 0; - } else { - return(ENOMEM); + free(histp->key_data); } + free((void *)adb->old_keys); + adb->old_keys = tmp; + nkeys = adb->old_key_len = nhist - 1; + knext = adb->old_key_next = 0; } + /* + * If nhist decreased since the last password change, and nkeys+1 + * is less than the previous nhist, it is possible for knext to + * index into unallocated space. This condition would not be + * caught by the resizing code above. + */ + if (knext + 1 > nkeys) + knext = adb->old_key_next = 0; /* free the old pw history entry if it contains data */ - histp = &adb->old_keys[adb->old_key_next]; + histp = &adb->old_keys[knext]; for (i = 0; i < histp->n_key_data; i++) krb5_free_key_data_contents(context, &histp->key_data[i]); - + free(histp->key_data); + /* store the new entry */ - adb->old_keys[adb->old_key_next] = *pw; + adb->old_keys[knext] = *pw; /* update the next pointer */ - if (++adb->old_key_next == pol->pw_history_num-1) - adb->old_key_next = 0; + if (++adb->old_key_next == nhist - 1) + adb->old_key_next = 0; return(0); } -#undef KADM_MOD #ifdef USE_PASSWORD_SERVER diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index 63ef3ec97..b9258c750 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,8 @@ +2004-12-08 Ken Raeburn + + * RealmsConfig-glue.c (krb_get_krbhst): Check if DNS should be + used for getting KDC names before actually using it. + 2004-07-16 Ken Raeburn * macsock.c: Deleted. diff --git a/src/lib/krb4/RealmsConfig-glue.c b/src/lib/krb4/RealmsConfig-glue.c index 0635284c0..dbdfe54cd 100644 --- a/src/lib/krb4/RealmsConfig-glue.c +++ b/src/lib/krb4/RealmsConfig-glue.c @@ -536,21 +536,24 @@ krb_get_krbhst( if (err) break; - realmdat.data = realm; - realmdat.length = strlen(realm); - err = k5.make_srv_query_realm(&realmdat, "_kerberos-iv", "_udp", &srv); - if (err) - break; + if (k5.use_dns_kdc(krb5__krb4_context)) { + realmdat.data = realm; + realmdat.length = strlen(realm); + err = k5.make_srv_query_realm(&realmdat, "_kerberos-iv", "_udp", + &srv); + if (err) + break; - if (srv == 0) - break; + if (srv == 0) + break; - if (dnscache.srv) - k5.free_srv_dns_data(dnscache.srv); - dnscache.srv = srv; - strncpy(dnscache.realm, realm, REALM_SZ); - dnscache.when = now; - goto get_from_dnscache; + if (dnscache.srv) + k5.free_srv_dns_data(dnscache.srv); + dnscache.srv = srv; + strncpy(dnscache.realm, realm, REALM_SZ); + dnscache.when = now; + goto get_from_dnscache; + } } while (0); #endif return KFAILURE; diff --git a/src/lib/krb5/ChangeLog b/src/lib/krb5/ChangeLog index 050d9da78..ef206a9ba 100644 --- a/src/lib/krb5/ChangeLog +++ b/src/lib/krb5/ChangeLog @@ -1,3 +1,7 @@ +2005-01-04 Jeffrey Altman + + * libkrb5.exports: add krb5_is_thread_safe + 2004-08-08 Ken Raeburn * libkrb5.exports: Remove memory ccache symbols except ops table. diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index e7ea80367..4baf064f2 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,8 @@ +2004-12-28 Ezra Peisach + + * asn1_decode.c (asn1_decode_generaltime): Fix memory leak when + time sent is "19700101000000Z". + 2004-08-31 Tom Yu * asn1buf.c: Fix denial-of-service bug. diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c index 60ae08802..d31ce3e3b 100644 --- a/src/lib/krb5/asn.1/asn1_decode.c +++ b/src/lib/krb5/asn.1/asn1_decode.c @@ -238,6 +238,7 @@ asn1_error_code asn1_decode_generaltime(asn1buf *buf, time_t *val) } if(s[0] == '1' && !memcmp("19700101000000Z", s, 15)) { t = 0; + free(s); goto done; } #define c2i(c) ((c)-'0') diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index 757ce389c..47e675928 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,42 @@ +2005-01-13 Ken Raeburn + + * cc_file.c (struct _krb5_fcc_data): Fields disk_file_lock, + file_is_locked deleted. + (krb5_fcc_open_file, krb5_fcc_close_file, dereference, + krb5_fcc_resolve, krb5_fcc_generate_new, krb5_fcc_set_flags): + Don't set or check them. + +2005-01-11 Jeffrey Altman + + * cc_mslsa.c: + - do not free krb5_creds if krb5_copy_creds fails + - cause MSTicketToMITTicket to return failure if + krb5_copy_data fails + +2004-12-25 Ezra Peisach + + * cc_file.c (krb5_fcc_close): Free the cache id. + (dereference): When removing fcc_set entry from list, free the + pointer as well. + +2004-12-16 Jeffrey Altman + * cc_mslsa.c: + Temporarily deactivate support for KerbSubmitTicketMessage + and KerbQueryTicketCacheEx2Message until the new Platform SDK + becomes publicly available. + +2004-12-15 Jeffrey Altman + + * cc_mslsa.c: + - Activate support for KerbSubmitTicketMessage + - Activate support for KerbQueryTicketCacheEx2Message + - Add locale support for regions which use MultiByte characters + +2004-11-19 Ken Raeburn + + * cc_mslsa.c (MSCredToMITCred): Don't create an empty array for + addresses, just use a null pointer now. + 2004-10-07 Jeffrey Altman * cc_mslsa.c: Fix the forced setting of the Initial Ticket Flag on Win2000 and add it to XP and 2003 SP1 diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index f247c425d..0529e4b21 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -264,10 +264,6 @@ typedef struct _krb5_fcc_data { that can be changed. (Filename is fixed after initialization.) */ k5_mutex_t lock; - /* Grab this one before trying to get an advisory lock on the disk - file, since the facility is per-process, not per-thread. */ - k5_mutex_t disk_file_lock; - int file_is_locked; int file; krb5_flags flags; int mode; /* needed for locking code */ @@ -1172,9 +1168,7 @@ krb5_fcc_close_file (krb5_context context, krb5_fcc_data *data) return KRB5_FCC_INTERNAL; retval = krb5_unlock_file(context, data->file); - k5_mutex_unlock(&data->disk_file_lock); ret = close (data->file); - data->file_is_locked = 0; data->file = NO_FILE; if (retval) return retval; @@ -1212,11 +1206,7 @@ krb5_fcc_open_file (krb5_context context, krb5_ccache id, int mode) if (data->file != NO_FILE) { /* Don't know what state it's in; shut down and start anew. */ - if (data->file_is_locked) { - (void) krb5_unlock_file(context, data->file); - k5_mutex_unlock(&data->disk_file_lock); - data->file_is_locked = 0; - } + (void) krb5_unlock_file(context, data->file); (void) close (data->file); data->file = NO_FILE; } @@ -1245,17 +1235,10 @@ krb5_fcc_open_file (krb5_context context, krb5_ccache id, int mode) lock_flag = KRB5_LOCKMODE_SHARED; else lock_flag = KRB5_LOCKMODE_EXCLUSIVE; - retval = k5_mutex_lock(&data->disk_file_lock); - if (retval) { - close(f); - return retval; - } if ((retval = krb5_lock_file(context, f, lock_flag))) { - k5_mutex_unlock(&data->disk_file_lock); (void) close(f); return retval; } - data->file_is_locked = 1; if (mode == FCC_OPEN_AND_ERASE) { /* write the version number */ @@ -1378,8 +1361,6 @@ done: if (retval) { data->file = -1; (void) krb5_unlock_file(context, f); - (void) k5_mutex_unlock(&data->disk_file_lock); - data->file_is_locked = 0; (void) close(f); } return retval; @@ -1486,9 +1467,13 @@ static krb5_error_code dereference(krb5_context context, krb5_fcc_data *data) assert(*fccsp != NULL); (*fccsp)->refcount--; if ((*fccsp)->refcount == 0) { + struct fcc_set *temp; data = (*fccsp)->data; + temp = *fccsp; *fccsp = (*fccsp)->next; + free(temp); k5_mutex_unlock(&krb5int_cc_file_mutex); + k5_mutex_assert_unlocked(&data->lock); free(data->filename); zap(data->buf, sizeof(data->buf)); if (data->file >= 0) { @@ -1496,9 +1481,7 @@ static krb5_error_code dereference(krb5_context context, krb5_fcc_data *data) krb5_fcc_close_file(context, data); k5_mutex_unlock(&data->lock); } - k5_mutex_assert_unlocked(&data->lock); k5_mutex_destroy(&data->lock); - k5_mutex_destroy(&data->disk_file_lock); free(data); } else k5_mutex_unlock(&krb5int_cc_file_mutex); @@ -1517,6 +1500,7 @@ static krb5_error_code KRB5_CALLCONV krb5_fcc_close(krb5_context context, krb5_ccache id) { dereference(context, (krb5_fcc_data *) id->data); + krb5_xfree(id); return KRB5_OK; } @@ -1730,25 +1714,14 @@ krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) free(data); return kret; } - kret = k5_mutex_init(&data->disk_file_lock); - if (kret) { - k5_mutex_unlock(&krb5int_cc_file_mutex); - k5_mutex_unlock(&data->lock); - k5_mutex_destroy(&data->lock); - free(data->filename); - free(data); - return kret; - } /* data->version,mode filled in for real later */ data->version = data->mode = 0; - data->file_is_locked = 0; data->flags = KRB5_TC_OPENCLOSE; data->file = -1; data->valid_bytes = 0; setptr = malloc(sizeof(struct fcc_set)); if (setptr == NULL) { k5_mutex_unlock(&krb5int_cc_file_mutex); - k5_mutex_destroy(&data->disk_file_lock); k5_mutex_destroy(&data->lock); free(data->filename); free(data); @@ -2010,12 +1983,6 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id) retcode = k5_mutex_init(&data->lock); if (retcode) goto err_out; - retcode = k5_mutex_init(&data->disk_file_lock); - if (retcode) { - k5_mutex_destroy(&data->lock); - goto err_out; - } - data->file_is_locked = 0; /* Set up the filename */ strcpy(((krb5_fcc_data *) lid->data)->filename, scratch); @@ -2233,7 +2200,9 @@ krb5_fcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) /* XXX This should check for illegal combinations, if any.. */ if (flags & KRB5_TC_OPENCLOSE) { /* asking to turn on OPENCLOSE mode */ - if (!OPENCLOSE(id)) + if (!OPENCLOSE(id) + /* XXX Is this test necessary? */ + && ((krb5_fcc_data *) id->data)->file != NO_FILE) (void) krb5_fcc_close_file (context, ((krb5_fcc_data *) id->data)); } else { /* asking to turn off OPENCLOSE mode, meaning it must be diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c index c12f5817e..fdd3f108b 100644 --- a/src/lib/krb5/ccache/cc_mslsa.c +++ b/src/lib/krb5/ccache/cc_mslsa.c @@ -44,7 +44,7 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * - * Implementation of microsoft windows lsa credentials cache + * Implementation of microsoft windows lsa read-only credentials cache */ #ifdef _WIN32 @@ -69,11 +69,11 @@ #define MAX_MSPRINC_SIZE 1024 /* THREAD SAFETY - * The functions is_windows_2000(), is_windows_xp(), - * does_retrieve_ticket_cache_ticket() and does_query_ticket_cache_ex2() - * contain static variables to cache the responses of the tests being - * performed. There is no harm in the test being performed more than - * once since the result will always be the same. + * The functions is_windows_2000(), is_windows_xp(), and + * does_retrieve_ticket_cache_ticket() contain static variables to cache + * the responses of the tests being performed. There is no harm in the + * test being performed more than once since the result will always be the + * same. */ static BOOL @@ -189,9 +189,18 @@ UnicodeToANSI(LPTSTR lpInputString, LPSTR lpszOutputString, int nOutStringLen) GetCPInfo(CP_ACP, &CodePageInfo); - if (CodePageInfo.MaxCharSize > 1) + if (CodePageInfo.MaxCharSize > 1) { // Only supporting non-Unicode strings - return FALSE; + int reqLen = WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) lpInputString, -1, + NULL, 0, NULL, NULL); + if ( reqLen > nOutStringLen) + { + return FALSE; + } else { + WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) lpInputString, -1, + lpszOutputString, nOutStringLen, NULL, NULL); + } + } else if (((LPBYTE) lpInputString)[1] == '\0') { // Looks like unicode, better translate it @@ -200,12 +209,13 @@ UnicodeToANSI(LPTSTR lpInputString, LPSTR lpszOutputString, int nOutStringLen) } else lstrcpyA(lpszOutputString, (LPSTR) lpInputString); + return TRUE; } // UnicodeToANSI static VOID WINAPI -ANSIToUnicode(LPSTR lpInputString, LPTSTR lpszOutputString, int nOutStringLen) +ANSIToUnicode(LPSTR lpInputString, LPTSTR lpszOutputString, int nOutStringLen) { CPINFO CodePageInfo; @@ -214,12 +224,9 @@ ANSIToUnicode(LPSTR lpInputString, LPTSTR lpszOutputString, int nOutStringLen) GetCPInfo(CP_ACP, &CodePageInfo); - if (CodePageInfo.MaxCharSize > 1) - // It must already be a Unicode string - return; - else if (((LPBYTE) lpInputString)[1] != '\0') + if (CodePageInfo.MaxCharSize > 1 || ((LPBYTE) lpInputString)[1] != '\0') { - // Looks like ANSI, better translate it + // Looks like ANSI or MultiByte, better translate it MultiByteToWideChar(CP_ACP, 0, (LPCSTR) lpInputString, -1, (LPWSTR) lpszOutputString, nOutStringLen); } @@ -243,9 +250,9 @@ MITPrincToMSPrinc(krb5_context context, krb5_principal principal, UNICODE_STRING } } -static void +static BOOL UnicodeStringToMITPrinc(UNICODE_STRING *service, WCHAR *realm, krb5_context context, - krb5_principal *principal) + krb5_principal *principal) { WCHAR princbuf[512]; char aname[512]; @@ -255,14 +262,17 @@ UnicodeStringToMITPrinc(UNICODE_STRING *service, WCHAR *realm, krb5_context cont princbuf[service->Length/sizeof(WCHAR)]=0; wcscat(princbuf, L"@"); wcscat(princbuf, realm); - UnicodeToANSI(princbuf, aname, sizeof(aname)); - krb5_parse_name(context, aname, principal); + if (UnicodeToANSI(princbuf, aname, sizeof(aname))) { + krb5_parse_name(context, aname, principal); + return TRUE; + } + return FALSE; } -static void +static BOOL KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_context context, - krb5_principal *principal) + krb5_principal *principal) { WCHAR princbuf[512],tmpbuf[128]; char aname[512]; @@ -278,8 +288,11 @@ KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_conte } wcscat(princbuf, L"@"); wcscat(princbuf, realm); - UnicodeToANSI(princbuf, aname, sizeof(aname)); - krb5_parse_name(context, aname, principal); + if (UnicodeToANSI(princbuf, aname, sizeof(aname))) { + krb5_parse_name(context, aname, principal); + return TRUE; + } + return FALSE; } static time_t @@ -320,18 +333,25 @@ MSFlagsToMITFlags(ULONG msflags, ULONG *mitflags) *mitflags=msflags; } -static void +static BOOL MSTicketToMITTicket(KERB_EXTERNAL_TICKET *msticket, krb5_context context, krb5_data *ticket) { - krb5_data tmpdata, *newdata; + krb5_data tmpdata, *newdata = 0; + krb5_error_code rc; + tmpdata.magic=KV5M_DATA; tmpdata.length=msticket->EncodedTicketSize; tmpdata.data=msticket->EncodedTicket; // this is ugly and will break krb5_free_data() // now that this is being done within the library it won't break krb5_free_data() - krb5_copy_data(context, &tmpdata, &newdata); + rc = krb5_copy_data(context, &tmpdata, &newdata); + if (rc) + return FALSE; + memcpy(ticket, newdata, sizeof(krb5_data)); + krb5_xfree(newdata); + return TRUE; } /* @@ -376,7 +396,7 @@ PreserveInitialTicketIdentity(void) } -static void +static BOOL MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm, krb5_context context, krb5_creds *creds) { @@ -387,65 +407,25 @@ MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm, // construct Client Principal wcsncpy(wrealm, ClientRealm.Buffer, ClientRealm.Length/sizeof(WCHAR)); wrealm[ClientRealm.Length/sizeof(WCHAR)]=0; - KerbExternalNameToMITPrinc(msticket->ClientName, wrealm, context, &creds->client); + if (!KerbExternalNameToMITPrinc(msticket->ClientName, wrealm, context, &creds->client)) + return FALSE; // construct Service Principal wcsncpy(wrealm, msticket->DomainName.Buffer, msticket->DomainName.Length/sizeof(WCHAR)); wrealm[msticket->DomainName.Length/sizeof(WCHAR)]=0; - KerbExternalNameToMITPrinc(msticket->ServiceName, wrealm, context, &creds->server); + if (!KerbExternalNameToMITPrinc(msticket->ServiceName, wrealm, context, &creds->server)) + return FALSE; MSSessionKeyToMITKeyblock(&msticket->SessionKey, context, &creds->keyblock); MSFlagsToMITFlags(msticket->TicketFlags, &creds->ticket_flags); creds->times.starttime=FileTimeToUnixTime(&msticket->StartTime); creds->times.endtime=FileTimeToUnixTime(&msticket->EndTime); creds->times.renew_till=FileTimeToUnixTime(&msticket->RenewUntil); + creds->addresses = NULL; - /* MS Tickets are addressless. MIT requires an empty address - * not a NULL list of addresses. - */ - creds->addresses = (krb5_address **)malloc(sizeof(krb5_address *)); - memset(creds->addresses, 0, sizeof(krb5_address *)); - - MSTicketToMITTicket(msticket, context, &creds->ticket); -} - -#ifdef HAVE_CACHE_INFO_EX2 -/* CacheInfoEx2ToMITCred is used when we do not need the real ticket */ -static void -CacheInfoEx2ToMITCred(KERB_TICKET_CACHE_INFO_EX2 *info, - krb5_context context, krb5_creds *creds) -{ - WCHAR wrealm[128]; - ZeroMemory(creds, sizeof(krb5_creds)); - creds->magic=KV5M_CREDS; - - // construct Client Principal - wcsncpy(wrealm, info->ClientRealm.Buffer, info->ClientRealm.Length/sizeof(WCHAR)); - wrealm[info->ClientRealm.Length/sizeof(WCHAR)]=0; - UnicodeStringToMITPrinc(&info->ClientName, wrealm, context, &creds->client); - - // construct Service Principal - wcsncpy(wrealm, info->ServerRealm.Buffer, - info->ServerRealm.Length/sizeof(WCHAR)); - wrealm[info->ServerRealm.Length/sizeof(WCHAR)]=0; - UnicodeStringToMITPrinc(&info->ServerName, wrealm, context, &creds->server); - - creds->keyblock.magic = KV5M_KEYBLOCK; - creds->keyblock.enctype = info->SessionKeyType; - creds->ticket_flags = info->TicketFlags; - MSFlagsToMITFlags(info->TicketFlags, &creds->ticket_flags); - creds->times.starttime=FileTimeToUnixTime(&info->StartTime); - creds->times.endtime=FileTimeToUnixTime(&info->EndTime); - creds->times.renew_till=FileTimeToUnixTime(&info->RenewTime); - - /* MS Tickets are addressless. MIT requires an empty address - * not a NULL list of addresses. - */ - creds->addresses = (krb5_address **)malloc(sizeof(krb5_address *)); - memset(creds->addresses, 0, sizeof(krb5_address *)); + return MSTicketToMITTicket(msticket, context, &creds->ticket); } -#endif /* HAVE_CACHE_INFO_EX2 */ static BOOL PackageConnectLookup(HANDLE *pLogonHandle, ULONG *pPackageId) @@ -547,62 +527,6 @@ does_retrieve_ticket_cache_ticket (void) return fCachesTicket; } -#ifdef HAVE_CACHE_INFO_EX2 -static BOOL -does_query_ticket_cache_ex2 (void) -{ - static BOOL fChecked = FALSE; - static BOOL fEx2Response = FALSE; - - if (!fChecked) - { - NTSTATUS Status = 0; - NTSTATUS SubStatus = 0; - HANDLE LogonHandle; - ULONG PackageId; - ULONG RequestSize; - PKERB_QUERY_TKT_CACHE_REQUEST pCacheRequest = NULL; - PKERB_QUERY_TKT_CACHE_EX2_RESPONSE pCacheResponse = NULL; - ULONG ResponseSize; - - RequestSize = sizeof(*pCacheRequest) + 1; - - if (!PackageConnectLookup(&LogonHandle, &PackageId)) - return FALSE; - - pCacheRequest = (PKERB_QUERY_TKT_CACHE_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize); - if (!pCacheRequest) { - CloseHandle(LogonHandle); - return FALSE; - } - - pCacheRequest->MessageType = KerbQueryTicketCacheEx2Message; - pCacheRequest->LogonId.LowPart = 0; - pCacheRequest->LogonId.HighPart = 0; - - Status = LsaCallAuthenticationPackage( LogonHandle, - PackageId, - pCacheRequest, - RequestSize, - &pCacheResponse, - &ResponseSize, - &SubStatus - ); - - LocalFree(pCacheRequest); - CloseHandle(LogonHandle); - - if (!(FAILED(Status) || FAILED(SubStatus))) { - LsaFreeReturnBuffer(pCacheResponse); - fEx2Response = TRUE; - } - fChecked = TRUE; - } - - return fEx2Response; -} -#endif /* HAVE_CACHE_INFO_EX2 */ - static DWORD ConcatenateUnicodeStrings(UNICODE_STRING *pTarget, UNICODE_STRING Source1, UNICODE_STRING Source2) { @@ -942,117 +866,6 @@ PurgeTicketXP( HANDLE LogonHandle, ULONG PackageId, return TRUE; } -#ifdef KERB_SUBMIT_TICKET -static BOOL -KerbSubmitTicket( HANDLE LogonHandle, ULONG PackageId, - krb5_context context, krb5_creds *cred) -{ - NTSTATUS Status = 0; - NTSTATUS SubStatus = 0; - KERB_SUBMIT_TKT_REQUEST * pSubmitRequest; - DWORD dwRequestLen; - krb5_auth_context auth_context; - krb5_keyblock * keyblock = 0; - krb5_replay_data replaydata; - krb5_data * krb_cred = 0; - krb5_error_code rc; - - if (krb5_auth_con_init(context, &auth_context)) { - return FALSE; - } - - if (krb5_auth_con_setflags(context, auth_context, - KRB5_AUTH_CONTEXT_RET_TIME)) { - return FALSE; - } - - krb5_auth_con_getsendsubkey(context, auth_context, &keyblock); - if (keyblock == NULL) - krb5_auth_con_getkey(context, auth_context, &keyblock); -#ifdef TESTING - /* do not use this code unless testing the LSA */ - if (keyblock == NULL) { - keyblock = (krb5_keyblock *)malloc(sizeof(krb5_keyblock)); - keyblock->enctype = ENCTYPE_ARCFOUR_HMAC; - keyblock->length = 16; - keyblock->contents = (krb5_octet *)malloc(16); - keyblock->contents[0] = 0xde; - keyblock->contents[1] = 0xad; - keyblock->contents[2] = 0xbe; - keyblock->contents[3] = 0xef; - keyblock->contents[4] = 0xfe; - keyblock->contents[5] = 0xed; - keyblock->contents[6] = 0xf0; - keyblock->contents[7] = 0xd; - keyblock->contents[8] = 0xde; - keyblock->contents[9] = 0xad; - keyblock->contents[10] = 0xbe; - keyblock->contents[11] = 0xef; - keyblock->contents[12] = 0xfe; - keyblock->contents[13] = 0xed; - keyblock->contents[14] = 0xf0; - keyblock->contents[15] = 0xd; - krb5_auth_con_setsendsubkey(context, auth_context, keyblock); - } -#endif - rc = krb5_mk_1cred(context, auth_context, cred, &krb_cred, &replaydata); - if (rc) { - krb5_auth_con_free(context, auth_context); - if (keyblock) - krb5_free_keyblock(context, keyblock); - if (krb_cred) - krb5_free_data(context, krb_cred); - return FALSE; - } - - dwRequestLen = sizeof(KERB_SUBMIT_TKT_REQUEST) + krb_cred->length + (keyblock ? keyblock->length : 0); - - pSubmitRequest = (PKERB_SUBMIT_TKT_REQUEST)malloc(dwRequestLen); - memset(pSubmitRequest, 0, dwRequestLen); - - pSubmitRequest->MessageType = KerbSubmitTicketMessage; - pSubmitRequest->LogonId.LowPart = 0; - pSubmitRequest->LogonId.HighPart = 0; - pSubmitRequest->Flags = 0; - - if (keyblock) { - pSubmitRequest->Key.KeyType = keyblock->enctype; - pSubmitRequest->Key.Length = keyblock->length; - pSubmitRequest->Key.Offset = sizeof(KERB_SUBMIT_TKT_REQUEST)+krb_cred->length; - } else { - pSubmitRequest->Key.KeyType = ENCTYPE_NULL; - pSubmitRequest->Key.Length = 0; - pSubmitRequest->Key.Offset = 0; - } - pSubmitRequest->KerbCredSize = krb_cred->length; - pSubmitRequest->KerbCredOffset = sizeof(KERB_SUBMIT_TKT_REQUEST); - memcpy(((CHAR *)pSubmitRequest)+sizeof(KERB_SUBMIT_TKT_REQUEST), - krb_cred->data, krb_cred->length); - if (keyblock) - memcpy(((CHAR *)pSubmitRequest)+sizeof(KERB_SUBMIT_TKT_REQUEST)+krb_cred->length, - keyblock->contents, keyblock->length); - krb5_free_data(context, krb_cred); - - Status = LsaCallAuthenticationPackage( LogonHandle, - PackageId, - pSubmitRequest, - dwRequestLen, - NULL, - NULL, - &SubStatus - ); - free(pSubmitRequest); - if (keyblock) - krb5_free_keyblock(context, keyblock); - krb5_auth_con_free(context, auth_context); - - if (FAILED(Status) || FAILED(SubStatus)) { - return FALSE; - } - return TRUE; -} -#endif /* KERB_SUBMIT_TICKET */ - /* * A simple function to determine if there is an exact match between two tickets * We rely on the fact that the external tickets contain the raw Kerberos ticket. @@ -1474,41 +1287,6 @@ GetQueryTktCacheResponseXP( HANDLE LogonHandle, ULONG PackageId, return FALSE; } -#ifdef HAVE_CACHE_INFO_EX2 -static BOOL -GetQueryTktCacheResponseEX2( HANDLE LogonHandle, ULONG PackageId, - PKERB_QUERY_TKT_CACHE_EX2_RESPONSE * ppResponse) -{ - NTSTATUS Status = 0; - NTSTATUS SubStatus = 0; - - KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; - PKERB_QUERY_TKT_CACHE_EX2_RESPONSE pQueryResponse = NULL; - ULONG ResponseSize; - - CacheRequest.MessageType = KerbQueryTicketCacheEx2Message; - CacheRequest.LogonId.LowPart = 0; - CacheRequest.LogonId.HighPart = 0; - - Status = LsaCallAuthenticationPackage( - LogonHandle, - PackageId, - &CacheRequest, - sizeof(CacheRequest), - &pQueryResponse, - &ResponseSize, - &SubStatus - ); - - if ( !(FAILED(Status) || FAILED(SubStatus)) ) { - *ppResponse = pQueryResponse; - return TRUE; - } - - return FALSE; -} -#endif /* HAVE_CACHE_INFO_EX2 */ - static BOOL GetMSCacheTicketFromMITCred( HANDLE LogonHandle, ULONG PackageId, krb5_context context, krb5_creds *creds, @@ -1622,8 +1400,8 @@ GetMSCacheTicketFromCacheInfoW2K( HANDLE LogonHandle, ULONG PackageId, */ if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial ) (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial; - return(TRUE); + return(TRUE); } static BOOL @@ -1674,72 +1452,6 @@ GetMSCacheTicketFromCacheInfoXP( HANDLE LogonHandle, ULONG PackageId, LocalFree(pTicketRequest); - if (FAILED(Status) || FAILED(SubStatus)) - return(FALSE); - - /* otherwise return ticket */ - *ticket = &(pTicketResponse->Ticket); - - /* set the initial flag if we were attempting to retrieve one - * because Windows won't necessarily return the initial ticket - * to us. - */ - if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial ) - (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial; - - return(TRUE); - -} - -#ifdef HAVE_CACHE_INFO_EX2 -static BOOL -GetMSCacheTicketFromCacheInfoEX2( HANDLE LogonHandle, ULONG PackageId, - PKERB_TICKET_CACHE_INFO_EX2 tktinfo, PKERB_EXTERNAL_TICKET *ticket) -{ - NTSTATUS Status = 0; - NTSTATUS SubStatus = 0; - ULONG RequestSize; - PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; - PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL; - ULONG ResponseSize; - - RequestSize = sizeof(*pTicketRequest) + tktinfo->ServerName.Length; - - pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize); - if (!pTicketRequest) - return FALSE; - - pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage; - pTicketRequest->LogonId.LowPart = 0; - pTicketRequest->LogonId.HighPart = 0; - pTicketRequest->TargetName.Length = tktinfo->ServerName.Length; - pTicketRequest->TargetName.MaximumLength = tktinfo->ServerName.Length; - pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1); - memcpy(pTicketRequest->TargetName.Buffer,tktinfo->ServerName.Buffer, tktinfo->ServerName.Length); - pTicketRequest->CacheOptions = KERB_RETRIEVE_TICKET_CACHE_TICKET; - pTicketRequest->EncryptionType = tktinfo->SessionKeyType; - pTicketRequest->TicketFlags = 0; - if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_forwardable ) - pTicketRequest->TicketFlags |= KDC_OPT_FORWARDABLE; - if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_forwarded ) - pTicketRequest->TicketFlags |= KDC_OPT_FORWARDED; - if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_proxiable ) - pTicketRequest->TicketFlags |= KDC_OPT_PROXIABLE; - if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_renewable ) - pTicketRequest->TicketFlags |= KDC_OPT_RENEWABLE; - - Status = LsaCallAuthenticationPackage( - LogonHandle, - PackageId, - pTicketRequest, - RequestSize, - &pTicketResponse, - &ResponseSize, - &SubStatus - ); - - LocalFree(pTicketRequest); - if (FAILED(Status) || FAILED(SubStatus)) return(FALSE); @@ -1755,7 +1467,6 @@ GetMSCacheTicketFromCacheInfoEX2( HANDLE LogonHandle, ULONG PackageId, return(TRUE); } -#endif /* HAVE_CACHE_INFO_EX2 */ static krb5_error_code KRB5_CALLCONV krb5_lcc_close (krb5_context, krb5_ccache id); @@ -1819,9 +1530,6 @@ typedef struct _krb5_lcc_cursor { union { PKERB_QUERY_TKT_CACHE_RESPONSE w2k; PKERB_QUERY_TKT_CACHE_EX_RESPONSE xp; -#ifdef HAVE_CACHE_INFO_EX2 - PKERB_QUERY_TKT_CACHE_EX2_RESPONSE ex2; -#endif /* HAVE_CACHE_INFO_EX2 */ } response; unsigned int index; PKERB_EXTERNAL_TICKET mstgt; @@ -1856,22 +1564,11 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) HANDLE LogonHandle; ULONG PackageId; KERB_EXTERNAL_TICKET *msticket; + krb5_error_code retval = KRB5_OK; if (!is_windows_2000()) return KRB5_FCC_NOFILE; -#ifdef COMMENT - /* In at least one case on Win2003 it appears that it is possible - * for the logon session to be authenticated via NTLM and yet for - * there to be Kerberos credentials obtained by the LSA on behalf - * of the logged in user. Therefore, we are removing this test - * which was meant to avoid the need to perform GetMSTGT() when - * there was no possibility of credentials being found. - */ - if (!IsKerberosLogon()) - return KRB5_FCC_NOFILE; -#endif - if (!PackageConnectLookup(&LogonHandle, &PackageId)) return KRB5_FCC_NOFILE; @@ -1911,10 +1608,12 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) if (GetMSTGT(context, data->LogonHandle, data->PackageId, &msticket, FALSE)) { /* convert the ticket */ krb5_creds creds; - MSCredToMITCred(msticket, msticket->DomainName, context, &creds); + if (!MSCredToMITCred(msticket, msticket->DomainName, context, &creds)) + retval = KRB5_FCC_INTERNAL; LsaFreeReturnBuffer(msticket); - krb5_copy_principal(context, creds.client, &data->princ); + if (retval == KRB5_OK) + krb5_copy_principal(context, creds.client, &data->princ); krb5_free_cred_contents(context,&creds); } else if (!does_retrieve_ticket_cache_ticket()) { krb5_xfree(data->cc_name); @@ -1929,7 +1628,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) * if cache is non-existent/unusable */ *id = lid; - return KRB5_OK; + return retval; } /* @@ -2021,8 +1720,8 @@ krb5_lcc_destroy(krb5_context context, krb5_ccache id) if (id) { data = (krb5_lcc_data *) id->data; - return PurgeAllTickets(data->LogonHandle, data->PackageId) ? KRB5_OK : KRB5_FCC_INTERNAL; - } + return PurgeAllTickets(data->LogonHandle, data->PackageId) ? KRB5_OK : KRB5_FCC_INTERNAL; + } return KRB5_FCC_INTERNAL; } @@ -2063,16 +1762,6 @@ krb5_lcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cur return KRB5_CC_NOTFOUND; } -#ifdef HAVE_CACHE_INFO_EX2 - if ( does_query_ticket_cache_ex2() ) { - if ( !GetQueryTktCacheResponseEX2(data->LogonHandle, data->PackageId, &lcursor->response.ex2) ) { - LsaFreeReturnBuffer(lcursor->mstgt); - free(lcursor); - *cursor = 0; - return KRB5_FCC_INTERNAL; - } - } else -#endif /* HAVE_CACHE_INFO_EX2 */ if ( is_windows_xp() ) { if ( !GetQueryTktCacheResponseXP(data->LogonHandle, data->PackageId, &lcursor->response.xp) ) { LsaFreeReturnBuffer(lcursor->mstgt); @@ -2125,33 +1814,6 @@ krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, data = (krb5_lcc_data *)id->data; next_cred: -#ifdef HAVE_CACHE_INFO_EX2 - if ( does_query_ticket_cache_ex2() ) { - if ( lcursor->index >= lcursor->response.ex2->CountOfTickets ) { - if (retval == KRB5_OK) - return KRB5_CC_END; - else { - LsaFreeReturnBuffer(lcursor->mstgt); - LsaFreeReturnBuffer(lcursor->response.ex2); - free(*cursor); - *cursor = 0; - return retval; - } - } - - if ( data->flags & KRB5_TC_NOTICKET ) { - CacheInfoEx2ToMITCred( &lcursor->response.ex2->Tickets[lcursor->index++], - context, creds); - return KRB5_OK; - } else { - if (!GetMSCacheTicketFromCacheInfoEX2(data->LogonHandle, data->PackageId, - &lcursor->response.ex2->Tickets[lcursor->index++],&msticket)) { - retval = KRB5_FCC_INTERNAL; - goto next_cred; - } - } - } else -#endif /* HAVE_CACHE_INFO_EX2 */ if ( is_windows_xp() ) { if ( lcursor->index >= lcursor->response.xp->CountOfTickets ) { if (retval == KRB5_OK) @@ -2197,18 +1859,15 @@ krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, } /* convert the ticket */ -#ifdef HAVE_CACHE_INFO_EX2 - if ( does_query_ticket_cache_ex2() ) { - MSCredToMITCred(msticket, lcursor->response.ex2->Tickets[lcursor->index-1].ClientRealm, context, creds); - } else -#endif /* HAVE_CACHE_INFO_EX2 */ if ( is_windows_xp() ) { - MSCredToMITCred(msticket, lcursor->response.xp->Tickets[lcursor->index-1].ClientRealm, context, creds); + if (!MSCredToMITCred(msticket, lcursor->response.xp->Tickets[lcursor->index-1].ClientRealm, context, creds)) + retval = KRB5_FCC_INTERNAL; } else { - MSCredToMITCred(msticket, lcursor->mstgt->DomainName, context, creds); + if (!MSCredToMITCred(msticket, lcursor->mstgt->DomainName, context, creds)) + retval = KRB5_FCC_INTERNAL; } LsaFreeReturnBuffer(msticket); - return KRB5_OK; + return retval; } /* @@ -2234,11 +1893,6 @@ krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso if ( lcursor ) { LsaFreeReturnBuffer(lcursor->mstgt); -#ifdef HAVE_CACHE_INFO_EX2 - if ( does_query_ticket_cache_ex2() ) - LsaFreeReturnBuffer(lcursor->response.ex2); - else -#endif /* HAVE_CACHE_INFO_EX2 */ if ( is_windows_xp() ) LsaFreeReturnBuffer(lcursor->response.xp); else @@ -2301,7 +1955,6 @@ static krb5_error_code KRB5_CALLCONV krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ) { krb5_lcc_data *data = (krb5_lcc_data *)id->data; - krb5_error_code kret = KRB5_OK; if (!is_windows_2000()) return KRB5_FCC_NOFILE; @@ -2317,7 +1970,11 @@ krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *pri if (GetMSTGT(context, data->LogonHandle, data->PackageId, &msticket, FALSE)) { /* convert the ticket */ krb5_creds creds; - MSCredToMITCred(msticket, msticket->DomainName, context, &creds); + if (!MSCredToMITCred(msticket, msticket->DomainName, context, &creds)) + { + LsaFreeReturnBuffer(msticket); + return KRB5_FCC_INTERNAL; + } LsaFreeReturnBuffer(msticket); krb5_copy_principal(context, creds.client, &data->princ); @@ -2336,7 +1993,7 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_error_code kret = KRB5_OK; krb5_lcc_data *data = (krb5_lcc_data *)id->data; KERB_EXTERNAL_TICKET *msticket = 0, *mstgt = 0, *mstmp = 0; - krb5_creds * mcreds_noflags; + krb5_creds * mcreds_noflags = 0; krb5_creds fetchcreds; if (!is_windows_2000()) @@ -2350,7 +2007,9 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, return KRB5_OK; /* if not, we must try to get a ticket without specifying any flags or etypes */ - krb5_copy_creds(context, mcreds, &mcreds_noflags); + kret = krb5_copy_creds(context, mcreds, &mcreds_noflags); + if (kret) + goto cleanup; mcreds_noflags->ticket_flags = 0; mcreds_noflags->keyblock.enctype = 0; @@ -2364,8 +2023,6 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, if ( !kret ) goto cleanup; - - /* if not, obtain a ticket using the request flags and enctype even though it may not * be stored in the LSA cache for future use. */ @@ -2384,7 +2041,11 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, if ( PreserveInitialTicketIdentity() ) GetMSTGT(context, data->LogonHandle, data->PackageId, &mstgt, FALSE); - MSCredToMITCred(msticket, mstgt ? mstgt->DomainName : msticket->DomainName, context, &fetchcreds); + if (!MSCredToMITCred(msticket, mstgt ? mstgt->DomainName : msticket->DomainName, context, &fetchcreds)) + { + kret = KRB5_FCC_INTERNAL; + goto cleanup; + } } else { /* We can obtain the correct client realm for a ticket by walking the * cache contents until we find the matching service ticket. @@ -2410,7 +2071,12 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, mstmp = 0; } - MSCredToMITCred(msticket, mstmp ? pResponse->Tickets[i].ClientRealm : msticket->DomainName, context, &fetchcreds); + if (!MSCredToMITCred(msticket, mstmp ? pResponse->Tickets[i].ClientRealm : msticket->DomainName, context, &fetchcreds)) + { + LsaFreeReturnBuffer(pResponse); + kret = KRB5_FCC_INTERNAL; + goto cleanup; + } LsaFreeReturnBuffer(pResponse); } @@ -2452,26 +2118,22 @@ krb5_lcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds) krb5_error_code kret = KRB5_OK; krb5_lcc_data *data = (krb5_lcc_data *)id->data; KERB_EXTERNAL_TICKET *msticket = 0, *msticket2 = 0; - krb5_creds * creds_noflags; + krb5_creds * creds_noflags = 0; if (!is_windows_2000()) return KRB5_FCC_NOFILE; -#ifdef KERB_SUBMIT_TICKET - /* we can use the new KerbSubmitTicketMessage to store the ticket */ - if (KerbSubmitTicket( data->LogonHandle, data->PackageId, context, creds )) - return KRB5_OK; -#endif /* KERB_SUBMIT_TICKET */ - /* If not, lets try to obtain a matching ticket from the KDC */ if ( creds->ticket_flags != 0 && creds->keyblock.enctype != 0 ) { /* if not, we must try to get a ticket without specifying any flags or etypes */ - krb5_copy_creds(context, creds, &creds_noflags); - creds_noflags->ticket_flags = 0; - creds_noflags->keyblock.enctype = 0; + kret = krb5_copy_creds(context, creds, &creds_noflags); + if (kret == 0) { + creds_noflags->ticket_flags = 0; + creds_noflags->keyblock.enctype = 0; - GetMSCacheTicketFromMITCred(data->LogonHandle, data->PackageId, context, creds_noflags, &msticket2); - krb5_free_creds(context, creds_noflags); + GetMSCacheTicketFromMITCred(data->LogonHandle, data->PackageId, context, creds_noflags, &msticket2); + krb5_free_creds(context, creds_noflags); + } } GetMSCacheTicketFromMITCred(data->LogonHandle, data->PackageId, context, creds, &msticket); diff --git a/src/lib/krb5/keytab/ChangeLog b/src/lib/krb5/keytab/ChangeLog index 75363971b..7907333e0 100644 --- a/src/lib/krb5/keytab/ChangeLog +++ b/src/lib/krb5/keytab/ChangeLog @@ -1,3 +1,34 @@ +2004-11-26 Ken Raeburn + + * kt_file.c (krb5_ktfile_wresolve): Initialize mutex here too. + +2004-11-23 Ken Raeburn + + * kt_file.c (struct _krb5_ktfile_data): Add mutex and buffer. + (KTFILEBUFP, KTLOCK, KTUNLOCK, KTCHECKLOCK): New macros. + (krb5_ktfile_resolve): Initialize mutex. + (krb5_ktfile_close): Zap data buffer before freeing. + (krb5_ktfile_get_entry, krb5_ktfile_start_seq_get, + krb5_ktfile_get_next, krb5_ktfile_end_get, krb5_ktfile_add, + krb5_ktfile_remove): Lock and unlock the mutex. + (krb5_ktfileint_open): Check that the mutex is locked. Set the + stdio buffer to the new buffer in the ktfile data. + (krb5_ktfileint_write_entry, krb5_ktfileint_find_slot): Check that + the mutex is locked. Don't call setbuf. Flush the stdio buffer + after writing. + +2004-11-23 Tom Yu + + * kt_file.c (krb5_ktfileint_open): Update previous change by + explicitly setting errno=0 prior to calling fopen(). Also, return + EMFILE, not ENFILE, for compatibility with Solaris 8, which does + set errno when out of file descriptors. + +2004-11-19 Tom Yu + + * kt_file.c (krb5_ktfileint_open): Patch from Roland Dowdeswell to + return ENFILE when fopen() returns NULL but doesn't set errno. + 2004-06-22 Ken Raeburn * kt_file.c (krb5_ktf_keytab_externalize, diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index c6f94f2e7..6fb9f7b36 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -52,7 +52,9 @@ typedef struct _krb5_ktfile_data { char *name; /* Name of the file */ FILE *openf; /* open file, if any. */ + char iobuf[BUFSIZ]; /* so we can zap it later */ int version; /* Version number of keytab */ + k5_mutex_t lock; /* Protect openf, version */ } krb5_ktfile_data; /* @@ -61,7 +63,11 @@ typedef struct _krb5_ktfile_data { #define KTPRIVATE(id) ((krb5_ktfile_data *)(id)->data) #define KTFILENAME(id) (((krb5_ktfile_data *)(id)->data)->name) #define KTFILEP(id) (((krb5_ktfile_data *)(id)->data)->openf) +#define KTFILEBUFP(id) (((krb5_ktfile_data *)(id)->data)->iobuf) #define KTVERSION(id) (((krb5_ktfile_data *)(id)->data)->version) +#define KTLOCK(id) k5_mutex_lock(&((krb5_ktfile_data *)(id)->data)->lock) +#define KTUNLOCK(id) k5_mutex_unlock(&((krb5_ktfile_data *)(id)->data)->lock) +#define KTCHECKLOCK(id) k5_mutex_assert_locked(&((krb5_ktfile_data *)(id)->data)->lock) extern const struct _krb5_kt_ops krb5_ktf_ops; extern const struct _krb5_kt_ops krb5_ktf_writable_ops; @@ -175,6 +181,7 @@ krb5_error_code KRB5_CALLCONV krb5_ktfile_resolve(krb5_context context, const char *name, krb5_keytab *id) { krb5_ktfile_data *data; + krb5_error_code err; if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL) return(ENOMEM); @@ -185,7 +192,14 @@ krb5_ktfile_resolve(krb5_context context, const char *name, krb5_keytab *id) return(ENOMEM); } + err = k5_mutex_init(&data->lock); + if (err) { + krb5_xfree(*id); + return err; + } + if ((data->name = (char *)calloc(strlen(name) + 1, sizeof(char))) == NULL) { + k5_mutex_destroy(&data->lock); krb5_xfree(data); krb5_xfree(*id); return(ENOMEM); @@ -217,6 +231,8 @@ krb5_ktfile_close(krb5_context context, krb5_keytab id) */ { krb5_xfree(KTFILENAME(id)); + zap(KTFILEBUFP(id), BUFSIZ); + k5_mutex_destroy(&((krb5_ktfile_data *)id->data)->lock); krb5_xfree(id->data); id->ops = 0; krb5_xfree(id); @@ -230,7 +246,9 @@ krb5_ktfile_close(krb5_context context, krb5_keytab id) */ krb5_error_code KRB5_CALLCONV -krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal principal, krb5_kvno kvno, krb5_enctype enctype, krb5_keytab_entry *entry) +krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, + krb5_const_principal principal, krb5_kvno kvno, + krb5_enctype enctype, krb5_keytab_entry *entry) { krb5_keytab_entry cur_entry, new_entry; krb5_error_code kerror = 0; @@ -238,9 +256,15 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal krb5_boolean similar; int kvno_offset = 0; + kerror = KTLOCK(id); + if (kerror) + return kerror; + /* Open the keyfile for reading */ - if ((kerror = krb5_ktfileint_openr(context, id))) + if ((kerror = krb5_ktfileint_openr(context, id))) { + KTUNLOCK(id); return(kerror); + } /* * For efficiency and simplicity, we'll use a while true that @@ -347,13 +371,16 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal } if (kerror) { (void) krb5_ktfileint_close(context, id); + KTUNLOCK(id); krb5_kt_free_entry(context, &cur_entry); return kerror; } if ((kerror = krb5_ktfileint_close(context, id)) != 0) { + KTUNLOCK(id); krb5_kt_free_entry(context, &cur_entry); return kerror; } + KTUNLOCK(id); *entry = cur_entry; return 0; } @@ -399,15 +426,23 @@ krb5_ktfile_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor * krb5_error_code retval; long *fileoff; - if ((retval = krb5_ktfileint_openr(context, id))) + retval = KTLOCK(id); + if (retval) return retval; + if ((retval = krb5_ktfileint_openr(context, id))) { + KTUNLOCK(id); + return retval; + } + if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) { krb5_ktfileint_close(context, id); + KTUNLOCK(id); return ENOMEM; } *fileoff = ftell(KTFILEP(id)); *cursorp = (krb5_kt_cursor)fileoff; + KTUNLOCK(id); return 0; } @@ -423,12 +458,20 @@ krb5_ktfile_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *en krb5_keytab_entry cur_entry; krb5_error_code kerror; - if (fseek(KTFILEP(id), *fileoff, 0) == -1) + kerror = KTLOCK(id); + if (kerror) + return kerror; + if (fseek(KTFILEP(id), *fileoff, 0) == -1) { + KTUNLOCK(id); return KRB5_KT_END; - if ((kerror = krb5_ktfileint_read_entry(context, id, &cur_entry))) + } + if ((kerror = krb5_ktfileint_read_entry(context, id, &cur_entry))) { + KTUNLOCK(id); return kerror; + } *fileoff = ftell(KTFILEP(id)); *entry = cur_entry; + KTUNLOCK(id); return 0; } @@ -439,8 +482,13 @@ krb5_ktfile_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *en krb5_error_code KRB5_CALLCONV krb5_ktfile_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { + krb5_error_code kerror; + krb5_xfree(*cursor); - return krb5_ktfileint_close(context, id); + KTLOCK(id); + kerror = krb5_ktfileint_close(context, id); + KTUNLOCK(id); + return kerror; } /* @@ -745,6 +793,7 @@ krb5_error_code KRB5_CALLCONV krb5_ktfile_wresolve(krb5_context context, const char *name, krb5_keytab *id) { krb5_ktfile_data *data; + krb5_error_code err; if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL) return(ENOMEM); @@ -755,7 +804,14 @@ krb5_ktfile_wresolve(krb5_context context, const char *name, krb5_keytab *id) return(ENOMEM); } + err = k5_mutex_init(&data->lock); + if (err) { + krb5_xfree(*id); + return err; + } + if ((data->name = (char *)calloc(strlen(name) + 1, sizeof(char))) == NULL) { + k5_mutex_destroy(&data->lock); krb5_xfree(data); krb5_xfree(*id); return(ENOMEM); @@ -780,12 +836,20 @@ krb5_ktfile_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { krb5_error_code retval; - if ((retval = krb5_ktfileint_openw(context, id))) + retval = KTLOCK(id); + if (retval) return retval; - if (fseek(KTFILEP(id), 0, 2) == -1) + if ((retval = krb5_ktfileint_openw(context, id))) { + KTUNLOCK(id); + return retval; + } + if (fseek(KTFILEP(id), 0, 2) == -1) { + KTUNLOCK(id); return KRB5_KT_END; + } retval = krb5_ktfileint_write_entry(context, id, entry); krb5_ktfileint_close(context, id); + KTUNLOCK(id); return retval; } @@ -800,7 +864,12 @@ krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entr krb5_error_code kerror; krb5_int32 delete_point; + kerror = KTLOCK(id); + if (kerror) + return kerror; + if ((kerror = krb5_ktfileint_openw(context, id))) { + KTUNLOCK(id); return kerror; } @@ -829,6 +898,7 @@ krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entr if (kerror) { (void) krb5_ktfileint_close(context, id); + KTUNLOCK(id); return kerror; } @@ -839,7 +909,7 @@ krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entr } else { kerror = krb5_ktfileint_close(context, id); } - + KTUNLOCK(id); return kerror; } @@ -999,6 +1069,8 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) krb5_kt_vno kt_vno; int writevno = 0; + KTCHECKLOCK(id); + errno = 0; KTFILEP(id) = fopen(KTFILENAME(id), (mode == KRB5_LOCKMODE_EXCLUSIVE) ? fopen_mode_rbplus : fopen_mode_rb); @@ -1006,12 +1078,13 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) { /* try making it first time around */ krb5_create_secure_file(context, KTFILENAME(id)); + errno = 0; KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus); if (!KTFILEP(id)) - return errno; + return errno ? errno : EMFILE; writevno = 1; } else /* some other error */ - return errno; + return errno ? errno : EMFILE; } if ((kerror = krb5_lock_file(context, fileno(KTFILEP(id)), mode))) { (void) fclose(KTFILEP(id)); @@ -1019,7 +1092,7 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) return kerror; } /* assume ANSI or BSD-style stdio */ - setbuf(KTFILEP(id), NULL); + setbuf(KTFILEP(id), KTFILEBUFP(id)); /* get the vno and verify it */ if (writevno) { @@ -1067,6 +1140,7 @@ krb5_ktfileint_close(krb5_context context, krb5_keytab id) { krb5_error_code kerror; + KTCHECKLOCK(id); if (!KTFILEP(id)) return 0; kerror = krb5_unlock_file(context, fileno(KTFILEP(id))); @@ -1082,6 +1156,7 @@ krb5_ktfileint_delete_entry(krb5_context context, krb5_keytab id, krb5_int32 del krb5_int32 len; char iobuf[BUFSIZ]; + KTCHECKLOCK(id); if (fseek(KTFILEP(id), delete_point, SEEK_SET)) { return errno; } @@ -1140,6 +1215,7 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke char *tmpdata; krb5_data *princ; + KTCHECKLOCK(id); memset(ret_entry, 0, sizeof(krb5_keytab_entry)); ret_entry->magic = KV5M_KEYTAB_ENTRY; @@ -1356,8 +1432,8 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent krb5_int32 size_needed; krb5_int32 commit_point; int i; - char iobuf[BUFSIZ]; + KTCHECKLOCK(id); retval = krb5_ktfileint_size_entry(context, entry, &size_needed); if (retval) return retval; @@ -1365,10 +1441,8 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent if (retval) return retval; - setbuf(KTFILEP(id), iobuf); - /* fseek to synchronise buffered I/O on the key table. */ - + /* XXX Without the weird setbuf crock, can we get rid of this now? */ if (fseek(KTFILEP(id), 0L, SEEK_CUR) < 0) { return errno; @@ -1382,7 +1456,6 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent if (!xfwrite(&count, sizeof(count), 1, KTFILEP(id))) { abend: - setbuf(KTFILEP(id), 0); return KRB5_KT_IOERR; } size = krb5_princ_realm(context, entry->principal)->length; @@ -1457,14 +1530,13 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent } if (!xfwrite(entry->key.contents, sizeof(krb5_octet), entry->key.length, KTFILEP(id))) { - memset(iobuf, 0, sizeof(iobuf)); - setbuf(KTFILEP(id), 0); - return KRB5_KT_IOERR; + goto abend; } + if (fflush(KTFILEP(id))) + goto abend; + retval = krb5_sync_disk_file(context, KTFILEP(id)); - (void) memset(iobuf, 0, sizeof(iobuf)); - setbuf(KTFILEP(id), 0); if (retval) { return retval; @@ -1478,6 +1550,8 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent if (!xfwrite(&size_needed, sizeof(size_needed), 1, KTFILEP(id))) { goto abend; } + if (fflush(KTFILEP(id))) + goto abend; retval = krb5_sync_disk_file(context, KTFILEP(id)); return retval; @@ -1536,6 +1610,7 @@ krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_ krb5_boolean found = FALSE; char iobuf[BUFSIZ]; + KTCHECKLOCK(id); /* * Skip over file version number */ @@ -1552,11 +1627,10 @@ krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_ /* * Hit the end of file, reserve this slot. */ - setbuf(KTFILEP(id), 0); size = 0; /* fseek to synchronise buffered I/O on the key table. */ - + /* XXX Without the weird setbuf hack, can we nuke this now? */ if (fseek(KTFILEP(id), 0L, SEEK_CUR) < 0) { return errno; @@ -1607,7 +1681,6 @@ krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_ * Make sure we zero any trailing data. */ zero_point = ftell(KTFILEP(id)); - setbuf(KTFILEP(id), iobuf); while ((size = xfread(iobuf, 1, sizeof(iobuf), KTFILEP(id)))) { if (size != sizeof(iobuf)) { remainder = size % sizeof(krb5_int32); @@ -1623,6 +1696,7 @@ krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_ memset(iobuf, 0, (size_t) size); xfwrite(iobuf, 1, (size_t) size, KTFILEP(id)); + fflush(KTFILEP(id)); if (feof(KTFILEP(id))) { break; } @@ -1633,7 +1707,6 @@ krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_ } } - setbuf(KTFILEP(id), 0); if (fseek(KTFILEP(id), zero_point, SEEK_SET)) { return errno; } diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 46483aca3..4280ec761 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,20 @@ +2005-01-17 Jeffrey Altman + * unparse.c: krb5_unparse_name, krb5_unparse_name_ext() + prevent null pointer dereferencing if either 'name' or 'size' + are NULL. + +2005-01-15 Jeffrey Altman + + * cp_key_cnt.c, copy_princ.c: + prevent krb5_copy_principal() and krb5_copy_keyblock() from + calling malloc(0). On platforms in which malloc(0) returns + NULL, these functions will return an ENOMEM error the way + they were written. + +2005-01-03 Ken Raeburn + + * parse.c (krb5_parse_name): Don't cache the default realm name. + 2004-10-26 Tom Yu * mk_req_ext.c (krb5_mk_req_extended): Free keyblock before diff --git a/src/lib/krb5/krb/copy_princ.c b/src/lib/krb5/krb/copy_princ.c index 569e55b90..f62323695 100644 --- a/src/lib/krb5/krb/copy_princ.c +++ b/src/lib/krb5/krb/copy_princ.c @@ -60,32 +60,36 @@ krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pri for (i = 0; i < nelems; i++) { unsigned int len = krb5_princ_component(context, inprinc, i)->length; krb5_princ_component(context, tempprinc, i)->length = len; - if (((krb5_princ_component(context, tempprinc, i)->data = - malloc(len)) == 0) && len) { - while (--i >= 0) - free(krb5_princ_component(context, tempprinc, i)->data); - free (tempprinc->data); - free (tempprinc); - return ENOMEM; - } - if (len) + if (len) { + if (((krb5_princ_component(context, tempprinc, i)->data = + malloc(len)) == 0)) { + while (--i >= 0) + free(krb5_princ_component(context, tempprinc, i)->data); + free (tempprinc->data); + free (tempprinc); + return ENOMEM; + } memcpy(krb5_princ_component(context, tempprinc, i)->data, krb5_princ_component(context, inprinc, i)->data, len); + } else + krb5_princ_component(context, tempprinc, i)->data = 0; } - tempprinc->realm.data = + if (tempprinc->realm.length) { + tempprinc->realm.data = malloc(tempprinc->realm.length = inprinc->realm.length); - if (!tempprinc->realm.data && tempprinc->realm.length) { + if (!tempprinc->realm.data) { for (i = 0; i < nelems; i++) - free(krb5_princ_component(context, tempprinc, i)->data); + free(krb5_princ_component(context, tempprinc, i)->data); free(tempprinc->data); free(tempprinc); return ENOMEM; - } - if (tempprinc->realm.length) + } memcpy(tempprinc->realm.data, inprinc->realm.data, inprinc->realm.length); - + } else + tempprinc->realm.data = 0; + *outprinc = tempprinc; return 0; } diff --git a/src/lib/krb5/krb/cp_key_cnt.c b/src/lib/krb5/krb/cp_key_cnt.c index b39a6a98a..150be0a57 100644 --- a/src/lib/krb5/krb/cp_key_cnt.c +++ b/src/lib/krb5/krb/cp_key_cnt.c @@ -36,9 +36,12 @@ krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to) { *to = *from; - to->contents = (krb5_octet *)malloc(to->length); - if (!to->contents) - return ENOMEM; - memcpy((char *)to->contents, (char *)from->contents, to->length); + if (to->length) { + to->contents = (krb5_octet *)malloc(to->length); + if (!to->contents) + return ENOMEM; + memcpy((char *)to->contents, (char *)from->contents, to->length); + } else + to->contents = 0; return 0; } diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c index 50f7b225b..cd23d14d1 100644 --- a/src/lib/krb5/krb/parse.c +++ b/src/lib/krb5/krb/parse.c @@ -73,8 +73,8 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip const char *parsed_realm = NULL; int fcompsize[FCOMPNUM]; unsigned int realmsize = 0; - static char *default_realm = NULL; - static int default_realm_size = 0; + char *default_realm = NULL; + int default_realm_size = 0; char *tmpdata; krb5_principal principal; krb5_error_code retval; @@ -211,6 +211,7 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip if (tmpdata == 0) { krb5_xfree(principal->data); krb5_xfree(principal); + krb5_xfree(default_realm); return ENOMEM; } krb5_princ_set_realm_length(context, principal, realmsize); @@ -224,6 +225,7 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip krb5_xfree(krb5_princ_realm(context, principal)->data); krb5_xfree(principal->data); krb5_xfree(principal); + krb5_xfree(default_realm); return(ENOMEM); } krb5_princ_component(context, principal, i)->data = tmpdata2; @@ -276,6 +278,7 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip principal->magic = KV5M_PRINCIPAL; principal->realm.magic = KV5M_DATA; *nprincipal = principal; + krb5_xfree(default_realm); return(0); } diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c index 6f1a3c9e8..badb5bf97 100644 --- a/src/lib/krb5/krb/unparse.c +++ b/src/lib/krb5/krb/unparse.c @@ -26,7 +26,7 @@ * * krb5_unparse_name() routine * - * Rewritten by Theodore Ts'o to propoerly unparse principal names + * Rewritten by Theodore Ts'o to properly unparse principal names * which have the component or realm separator as part of one of their * components. */ @@ -66,7 +66,7 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi krb5_int32 nelem; register unsigned int totalsize = 0; - if (!principal) + if (!principal || !name) return KRB5_PARSE_MALFORMED; cp = krb5_princ_realm(context, principal)->data; @@ -99,17 +99,17 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi * We need only n-1 seperators for n components, but we need * an extra byte for the NULL at the end. */ - if (*name) { - if (*size < (totalsize)) { - *size = totalsize; - *name = realloc(*name, totalsize); - } - } else { - *name = malloc(totalsize); - if (size) - *size = totalsize; - } - + if (size) { + if (*name && (*size < totalsize)) { + *name = realloc(*name, totalsize); + } else { + *name = malloc(totalsize); + } + *size = totalsize; + } else { + *name = malloc(totalsize); + } + if (!*name) return ENOMEM; @@ -191,7 +191,8 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, regi krb5_error_code KRB5_CALLCONV krb5_unparse_name(krb5_context context, krb5_const_principal principal, register char **name) { - *name = NULL; + if (name) /* name == NULL will return error from _ext */ + *name = NULL; return(krb5_unparse_name_ext(context, principal, name, NULL)); } diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 204296aa3..f16b45cf8 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -458,6 +458,7 @@ krb5_init_keyblock krb5_init_secure_context krb5_internalize_opaque krb5_is_permitted_enctype +krb5_is_thread_safe krb5_kdc_rep_decrypt_proc krb5_kt_add_entry krb5_kt_close diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog index ea1a5a757..469bdacf3 100644 --- a/src/lib/krb5/os/ChangeLog +++ b/src/lib/krb5/os/ChangeLog @@ -1,3 +1,36 @@ +2005-01-12 Tom Yu + + * dnsglue.c (krb5int_dns_fini): Reorder to make more correct. + (krb5int_dns_init): Rework error handling. Call res_ndestroy() or + res_nclose() as appropriate to avoid leaking resources allocated + by res_ninit(). + +2005-01-03 Jeffrey Altman + + * thread_safe.c: (new file) krb5_is_thread_safe() + +2004-12-08 Ken Raeburn + + * accessor.c (krb5int_accessor): Set new field use_dns_kdc. + +2004-12-06 Tom Yu + + * locate_kdc.c (krb5_locate_srv_dns_1): Don't compile if + KRB5_DNS_LOOKUP is not defined. + +2004-11-19 Ken Raeburn + + * locate_kdc.c (krb5int_add_host_to_list): If debugging, log the + requested family and socket type. If AI_NUMERICSERV is defined, + set it in ai_flags. If getaddrinfo returns an error with + debugging enabled, log the error. + (krb5_locate_srv_conf_1): When logging an error from + add_host_to_list, include the corresponding error string. + + * t_locate_kdc.c: Include port-sockets.h, instead of sys/socket.h, + netdb.h, netinet/in.h, and arpa/inet.h. + * Makefile.in ($(OUTPRE)t_locate_kdc.exe): New target. + 2004-10-20 Ken Raeburn * locate_kdc.c: Include stdarg.h. diff --git a/src/lib/krb5/os/Makefile.in b/src/lib/krb5/os/Makefile.in index 66d0dcdfd..3a0706b14 100644 --- a/src/lib/krb5/os/Makefile.in +++ b/src/lib/krb5/os/Makefile.in @@ -49,6 +49,7 @@ STLIBOBJS= \ send524.o \ sendto_kdc.o \ sn2princ.o \ + thread_safe.o \ timeofday.o \ toffset.o \ unlck_file.o \ @@ -94,6 +95,7 @@ OBJS= \ $(OUTPRE)send524.$(OBJEXT) \ $(OUTPRE)sendto_kdc.$(OBJEXT) \ $(OUTPRE)sn2princ.$(OBJEXT) \ + $(OUTPRE)thread_safe.$(OBJEXT) \ $(OUTPRE)timeofday.$(OBJEXT) \ $(OUTPRE)toffset.$(OBJEXT) \ $(OUTPRE)unlck_file.$(OBJEXT) \ @@ -139,6 +141,7 @@ SRCS= \ $(srcdir)/send524.c \ $(srcdir)/sendto_kdc.c \ $(srcdir)/sn2princ.c \ + $(srcdir)/thread_safe.c \ $(srcdir)/timeofday.c \ $(srcdir)/toffset.c \ $(srcdir)/unlck_file.c \ @@ -185,6 +188,10 @@ t_locate_kdc: t_locate_kdc.o $(CC_LINK) $(ALL_CFLAGS) -o t_locate_kdc t_locate_kdc.o \ $(KRB5_BASE_LIBS) t_locate_kdc.o: t_locate_kdc.c locate_kdc.c +$(OUTPRE)t_locate_kdc.exe: $(OUTPRE)t_locate_kdc.obj \ + $(OUTPRE)dnssrv.obj $(OUTPRE)dnsglue.obj \ + $(KLIB) $(PLIB) $(CLIB) $(SLIB) + link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib $(DNSLIBS) LCLINT=lclint LCLINTOPTS= -warnposix \ @@ -477,6 +484,12 @@ sn2princ.so sn2princ.po $(OUTPRE)sn2princ.$(OBJEXT): sn2princ.c $(SRCTOP)/includ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/fake-addrinfo.h +thread_safe.so thread_safe.po $(OUTPRE)thread_safe.$(OBJEXT): thread_safe.c $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/krb5/kdb.h timeofday.so timeofday.po $(OUTPRE)timeofday.$(OBJEXT): timeofday.c $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ @@ -510,9 +523,9 @@ write_msg.so write_msg.po $(OUTPRE)write_msg.$(OBJEXT): write_msg.c $(SRCTOP)/in t_an_to_ln.so t_an_to_ln.po $(OUTPRE)t_an_to_ln.$(OBJEXT): t_an_to_ln.c $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) t_gifconf.so t_gifconf.po $(OUTPRE)t_gifconf.$(OBJEXT): t_gifconf.c -t_locate_kdc.so t_locate_kdc.po $(OUTPRE)t_locate_kdc.$(OBJEXT): t_locate_kdc.c $(COM_ERR_DEPS) \ - locate_kdc.c $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ +t_locate_kdc.so t_locate_kdc.po $(OUTPRE)t_locate_kdc.$(OBJEXT): t_locate_kdc.c $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(COM_ERR_DEPS) \ + locate_kdc.c $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5.h $(BUILDTOP)/include/profile.h \ diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c index 4e907b1c4..078e036fe 100644 --- a/src/lib/krb5/os/accessor.c +++ b/src/lib/krb5/os/accessor.c @@ -45,9 +45,11 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) #ifdef KRB5_DNS_LOOKUP internals_temp.make_srv_query_realm = krb5int_make_srv_query_realm; internals_temp.free_srv_dns_data = krb5int_free_srv_dns_data; + internals_temp.use_dns_kdc = _krb5_use_dns_kdc; #else internals_temp.make_srv_query_realm = 0; internals_temp.free_srv_dns_data = 0; + internals_temp.use_dns_kdc = 0; #endif #ifdef KRB5_KRB4_COMPAT internals_temp.krb_life_to_time = krb5int_krb_life_to_time; diff --git a/src/lib/krb5/os/dnsglue.c b/src/lib/krb5/os/dnsglue.c index dba1b869c..5d2db3695 100644 --- a/src/lib/krb5/os/dnsglue.c +++ b/src/lib/krb5/os/dnsglue.c @@ -65,7 +65,7 @@ krb5int_dns_init(struct krb5int_dns_state **dsp, struct __res_state statbuf; #endif struct krb5int_dns_state *ds; - int len; + int len, ret; size_t nextincr, maxincr; unsigned char *p; @@ -73,6 +73,7 @@ krb5int_dns_init(struct krb5int_dns_state **dsp, if (ds == NULL) return -1; + ret = -1; ds->nclass = nclass; ds->ntype = ntype; ds->ansp = NULL; @@ -86,8 +87,8 @@ krb5int_dns_init(struct krb5int_dns_state **dsp, #endif #if HAVE_RES_NSEARCH - len = res_ninit(&statbuf); - if (len < 0) + ret = res_ninit(&statbuf); + if (ret < 0) return -1; #endif @@ -96,8 +97,8 @@ krb5int_dns_init(struct krb5int_dns_state **dsp, ? malloc(nextincr) : realloc(ds->ansp, nextincr); if (p == NULL && ds->ansp != NULL) { - free(ds->ansp); - return -1; + ret = -1; + goto errout; } ds->ansp = p; ds->ansmax = nextincr; @@ -109,28 +110,45 @@ krb5int_dns_init(struct krb5int_dns_state **dsp, len = res_search(host, ds->nclass, ds->ntype, ds->ansp, ds->ansmax); #endif - if (len > maxincr) - return -1; + if (len > maxincr) { + ret = -1; + goto errout; + } while (nextincr < len) nextincr *= 2; if (len < 0 || nextincr > maxincr) { - free(ds->ansp); - return -1; + ret = -1; + goto errout; } } while (len > ds->ansmax); ds->anslen = len; #if HAVE_NS_INITPARSE - len = ns_initparse(ds->ansp, ds->anslen, &ds->msg); + ret = ns_initparse(ds->ansp, ds->anslen, &ds->msg); #else - len = initparse(ds); + ret = initparse(ds); #endif - if (len < 0) { - free(ds->ansp); - return -1; + if (ret < 0) + goto errout; + + ret = 0; + +errout: +#if HAVE_RES_NSEARCH +#if HAVE_RES_NDESTROY + res_ndestroy(&statbuf); +#else + res_nclose(&statbuf); +#endif +#endif + if (ret < 0) { + if (ds->ansp != NULL) { + free(ds->ansp); + ds->ansp = NULL; + } } - return 0; + return ret; } #if HAVE_NS_INITPARSE @@ -190,10 +208,11 @@ int krb5int_dns_expand(struct krb5int_dns_state *ds, void krb5int_dns_fini(struct krb5int_dns_state *ds) { + if (ds == NULL) + return; if (ds->ansp != NULL) free(ds->ansp); - if (ds != NULL) - free(ds); + free(ds); } /* diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index 25334ddb9..1fafbcaa9 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -260,17 +260,24 @@ krb5int_add_host_to_list (struct addrlist *lp, const char *hostname, int err; char portbuf[10], secportbuf[10]; - Tprintf ("adding hostname %s, ports %d,%d\n", hostname, - ntohs (port), ntohs (secport)); + Tprintf ("adding hostname %s, ports %d,%d, family %d, socktype %d\n", + hostname, ntohs (port), ntohs (secport), + family, socktype); memset(&hint, 0, sizeof(hint)); hint.ai_family = family; hint.ai_socktype = socktype; +#ifdef AI_NUMERICSERV + hint.ai_flags = AI_NUMERICSERV; +#endif sprintf(portbuf, "%d", ntohs(port)); sprintf(secportbuf, "%d", ntohs(secport)); err = getaddrinfo (hostname, portbuf, &hint, &addrs); - if (err) + if (err) { + Tprintf ("\tgetaddrinfo(\"%s\", \"%s\", ...)\n\treturns %d: %s\n", + hostname, portbuf, err, gai_strerror (err)); return translate_ai_error (err); + } anext = 0; for (a = addrs; a != 0 && err == 0; a = anext) { anext = a->ai_next; @@ -460,7 +467,8 @@ krb5_locate_srv_conf_1(krb5_context context, const krb5_data *realm, SOCK_STREAM, family); } if (code) { - Tprintf ("error %d returned from add_host_to_list\n", code); + Tprintf ("error %d (%s) returned from add_host_to_list\n", code, + error_message (code)); if (hostlist) profile_free_list (hostlist); if (masterlist) @@ -495,6 +503,7 @@ krb5_locate_srv_conf(krb5_context context, const krb5_data *realm, } #endif +#ifdef KRB5_DNS_LOOKUP static krb5_error_code krb5_locate_srv_dns_1 (const krb5_data *realm, const char *service, @@ -534,8 +543,9 @@ krb5_locate_srv_dns_1 (const krb5_data *realm, (strcmp("_tcp", protocol) ? SOCK_DGRAM : SOCK_STREAM), family); - if (code) + if (code) { break; + } if (entry == head) { free(entry->host); free(entry); @@ -548,6 +558,7 @@ krb5_locate_srv_dns_1 (const krb5_data *realm, krb5int_free_srv_dns_data(head); return code; } +#endif /* * Wrapper function for the two backends diff --git a/src/lib/krb5/os/t_locate_kdc.c b/src/lib/krb5/os/t_locate_kdc.c index 03dac07ef..7d5d554fa 100644 --- a/src/lib/krb5/os/t_locate_kdc.c +++ b/src/lib/krb5/os/t_locate_kdc.c @@ -1,11 +1,7 @@ #include #include #include -#include -#include -#include -#include - +#include "port-sockets.h" #include #define TEST diff --git a/src/lib/krb5/os/thread_safe.c b/src/lib/krb5/os/thread_safe.c new file mode 100644 index 000000000..faac234f9 --- /dev/null +++ b/src/lib/krb5/os/thread_safe.c @@ -0,0 +1,40 @@ +/* + * lib/krb5/os/thread_safec + * + * Copyright 2005 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * krb5_is_thread_safe() function. + */ + +#include "k5-int.h" + +krb5_boolean KRB5_CALLCONV +krb5_is_thread_safe(void) +{ +#if defined(ENABLE_THREADS) + return 1; +#else + return 0; +#endif +} diff --git a/src/lib/krb5/rcache/ChangeLog b/src/lib/krb5/rcache/ChangeLog index 24b04b015..597ce15e6 100644 --- a/src/lib/krb5/rcache/ChangeLog +++ b/src/lib/krb5/rcache/ChangeLog @@ -1,3 +1,8 @@ +2005-01-15 Jeffrey Altman + + * rc_dfl.c: Move the extraction of the struct dfl_data + from the krb5_rcache after obtaining the lock, not before. + 2004-08-03 Ken Raeburn * rc-int.h (struct _krb5_rc_ops): Add new member, diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c index 586716a3d..a334002e0 100644 --- a/src/lib/krb5/rcache/rc_dfl.c +++ b/src/lib/krb5/rcache/rc_dfl.c @@ -182,10 +182,10 @@ krb5_rc_dfl_get_span(krb5_context context, krb5_rcache id, krb5_error_code err; struct dfl_data *t; - t = (struct dfl_data *) id->data; err = k5_mutex_lock(&id->lock); if (err) return err; + t = (struct dfl_data *) id->data; *lifespan = t->lifespan; k5_mutex_unlock(&id->lock); return 0; @@ -514,7 +514,6 @@ krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover_or_init(krb5_context context, krb5_rcache id, krb5_deltat lifespan) { - struct dfl_data *t = (struct dfl_data *)id->data; krb5_error_code retval; retval = k5_mutex_lock(&id->lock); @@ -561,7 +560,7 @@ krb5_error_code KRB5_CALLCONV krb5_rc_dfl_store(krb5_context context, krb5_rcache id, krb5_donot_replay *rep) { krb5_error_code ret; - struct dfl_data *t = (struct dfl_data *)id->data; + struct dfl_data *t; krb5_int32 now; ret = krb5_timeofday(context, &now); @@ -582,6 +581,7 @@ krb5_rc_dfl_store(krb5_context context, krb5_rcache id, krb5_donot_replay *rep) case 0: break; default: /* wtf? */ ; } + t = (struct dfl_data *)id->data; #ifndef NOIOSTUFF ret = krb5_rc_io_store(context, t, rep); if (ret) { diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def index 58b4390df..0125d2630 100644 --- a/src/lib/krb5_32.def +++ b/src/lib/krb5_32.def @@ -168,6 +168,7 @@ krb5_c_string_to_key_with_params krb5_init_keyblock krb5_init_random_key krb5_init_secure_context + krb5_is_thread_safe krb5_kt_add_entry krb5_kt_close krb5_kt_default @@ -193,7 +194,7 @@ krb5_c_string_to_key_with_params krb5_os_localaddr krb5_parse_name krb5_principal_compare - krb5_principal2salt + krb5_principal2salt ; KRB5_CALLCONV_WRONG krb5_process_key krb5_prompter_posix krb5_random_key @@ -211,8 +212,8 @@ krb5_c_string_to_key_with_params krb5_sendauth krb5_set_default_realm krb5_set_default_tgs_enctypes -krb5_set_password -krb5_set_password_using_ccache + krb5_set_password + krb5_set_password_using_ccache krb5_set_principal_realm krb5_set_real_time krb5_sname_to_principal diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog index d3070b4b7..def5183a3 100644 --- a/src/lib/rpc/ChangeLog +++ b/src/lib/rpc/ChangeLog @@ -1,3 +1,22 @@ +2005-01-14 Tom Yu + + * xdr.c (xdr_bytes): Revert previous; the problem was actually in + xdr_rpc_gss_buf. + + * authgss_prot.c (xdr_rpc_gss_wrap_data): Use xdr_alloc to avoid + size limit issues. Use (unsigned int)-1 instead of MAX_NETOBJ_SZ. + (xdr_rpc_gss_unwrap_data): Use (unsigned int)-1 instead of + MAX_NETOBJ_SZ. + (xdr_rpc_gss_buf): Set tmplen even if doing XDR_FREE. + + * xdr.c (xdr_bytes): Don't assign from *sizep if XDR_FREE, since + it'll be uninitialized then. Shuts up Purify. + +2004-11-18 Tom Yu + + * Makefile.in (install-unix): Install into KRB5_INCDIR/gssrpc, + rather than just KRB5_INCDIR. + 2004-10-25 Tom Yu * auth_gss.c (authgss_get_private_data): New function. diff --git a/src/lib/rpc/Makefile.in b/src/lib/rpc/Makefile.in index b303bb313..b9bd4c676 100644 --- a/src/lib/rpc/Makefile.in +++ b/src/lib/rpc/Makefile.in @@ -191,10 +191,10 @@ install-unix:: install-libs install-unix:: for i in $(SRC_HDRS); do \ - (set -x; $(INSTALL_DATA) $(srcdir)/$$i $(DESTDIR)$(KRB5_INCDIR)$(S)$$i) ; \ + (set -x; $(INSTALL_DATA) $(srcdir)/$$i $(DESTDIR)$(KRB5_INCDIR)$(S)gssrpc$(S)$$i) ; \ done for i in $(BUILD_HDRS); do \ - (set -x; $(INSTALL_DATA) $$i $(DESTDIR)$(KRB5_INCDIR)$(S)$$i) ; \ + (set -x; $(INSTALL_DATA) $$i $(DESTDIR)$(KRB5_INCDIR)$(S)gssrpc$(S)$$i) ; \ done BUILD_HDRS = types.h diff --git a/src/lib/rpc/authgss_prot.c b/src/lib/rpc/authgss_prot.c index 0e8029abd..ab6e7fea0 100644 --- a/src/lib/rpc/authgss_prot.c +++ b/src/lib/rpc/authgss_prot.c @@ -52,7 +52,7 @@ xdr_rpc_gss_buf(XDR *xdrs, gss_buffer_t buf, u_int maxsize) bool_t xdr_stat; u_int tmplen; - if (xdrs->x_op == XDR_ENCODE) { + if (xdrs->x_op != XDR_DECODE) { if (buf->length > UINT_MAX) return (FALSE); else @@ -129,54 +129,37 @@ xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop, rpc_gss_svc_t svc, uint32_t seq) { + XDR tmpxdrs; gss_buffer_desc databuf, wrapbuf; OM_uint32 maj_stat, min_stat; - u_int start, end; int conf_state; bool_t xdr_stat; - u_int tmplen; - /* Skip databody length. */ - start = XDR_GETPOS(xdrs); - if (start > UINT_MAX - 4) - return (FALSE); - XDR_SETPOS(xdrs, start + 4); + xdralloc_create(&tmpxdrs, XDR_ENCODE); + + xdr_stat = FALSE; /* Marshal rpc_gss_data_t (sequence number + arguments). */ - if (!xdr_u_int32(xdrs, &seq) || !(*xdr_func)(xdrs, xdr_ptr)) - return (FALSE); - end = XDR_GETPOS(xdrs); - if (end < start + 4) - return (FALSE); + if (!xdr_u_int32(&tmpxdrs, &seq) || !(*xdr_func)(&tmpxdrs, xdr_ptr)) + goto errout; /* Set databuf to marshalled rpc_gss_data_t. */ - databuf.length = end - start - 4; - XDR_SETPOS(xdrs, start + 4); - databuf.value = XDR_INLINE(xdrs, (int)databuf.length); + databuf.length = xdr_getpos(&tmpxdrs); + databuf.value = xdralloc_getdata(&tmpxdrs); - xdr_stat = FALSE; - if (svc == RPCSEC_GSS_SVC_INTEGRITY) { - /* Marshal databody_integ length. */ - XDR_SETPOS(xdrs, start); - if (databuf.length > UINT_MAX) - return (FALSE); - else - tmplen = databuf.length; + if (!xdr_rpc_gss_buf(xdrs, &databuf, (unsigned int)-1)) + goto errout; - if (!xdr_u_int(xdrs, &tmplen)) - return (FALSE); - /* Checksum rpc_gss_data_t. */ maj_stat = gss_get_mic(&min_stat, ctx, qop, &databuf, &wrapbuf); if (maj_stat != GSS_S_COMPLETE) { log_debug("gss_get_mic failed"); - return (FALSE); + goto errout; } /* Marshal checksum. */ - XDR_SETPOS(xdrs, end); - xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, MAX_NETOBJ_SZ); + xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1); gss_release_buffer(&min_stat, &wrapbuf); } else if (svc == RPCSEC_GSS_SVC_PRIVACY) { @@ -185,13 +168,14 @@ xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, &conf_state, &wrapbuf); if (maj_stat != GSS_S_COMPLETE) { log_status("gss_wrap", maj_stat, min_stat); - return (FALSE); + goto errout; } /* Marshal databody_priv. */ - XDR_SETPOS(xdrs, start); - xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, MAX_NETOBJ_SZ); + xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1); gss_release_buffer(&min_stat, &wrapbuf); } +errout: + xdr_destroy(&tmpxdrs); return (xdr_stat); } @@ -216,12 +200,12 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, if (svc == RPCSEC_GSS_SVC_INTEGRITY) { /* Decode databody_integ. */ - if (!xdr_rpc_gss_buf(xdrs, &databuf, MAX_NETOBJ_SZ)) { + if (!xdr_rpc_gss_buf(xdrs, &databuf, (unsigned int)-1)) { log_debug("xdr decode databody_integ failed"); return (FALSE); } /* Decode checksum. */ - if (!xdr_rpc_gss_buf(xdrs, &wrapbuf, MAX_NETOBJ_SZ)) { + if (!xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1)) { gss_release_buffer(&min_stat, &databuf); log_debug("xdr decode checksum failed"); return (FALSE); @@ -239,7 +223,7 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, } else if (svc == RPCSEC_GSS_SVC_PRIVACY) { /* Decode databody_priv. */ - if (!xdr_rpc_gss_buf(xdrs, &wrapbuf, MAX_NETOBJ_SZ)) { + if (!xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1)) { log_debug("xdr decode databody_priv failed"); return (FALSE); } diff --git a/src/mac/MacOSX/Projects/GSS.pbexp b/src/mac/MacOSX/Projects/GSS.pbexp index e61e856e7..6c2e4137a 100644 --- a/src/mac/MacOSX/Projects/GSS.pbexp +++ b/src/mac/MacOSX/Projects/GSS.pbexp @@ -94,3 +94,17 @@ _gss_nt_exported_name # _GSS_KRB5_NT_PRINCIPAL_NAME + +# +# GSS-API krb5 symbols from gssapi_krb5.h +# + +_gss_mech_krb5 +_gss_mech_krb5_old +_gss_mech_set_krb5 +_gss_mech_set_krb5_both +_gss_mech_set_krb5_old + +_gss_nt_krb5_name +_gss_nt_krb5_principal +_krb5_gss_oid_array diff --git a/src/mac/MacOSX/Projects/Kerberos5.pbproj/project.pbxproj b/src/mac/MacOSX/Projects/Kerberos5.pbproj/project.pbxproj index 66c6311a8..853af0e53 100644 --- a/src/mac/MacOSX/Projects/Kerberos5.pbproj/project.pbxproj +++ b/src/mac/MacOSX/Projects/Kerberos5.pbproj/project.pbxproj @@ -1755,6 +1755,12 @@ refType = 4; sourceTree = ""; }; + A14E78E90725B12A00A025E3 = { + fileRef = F517327003F1B65901120114; + isa = PBXBuildFile; + settings = { + }; + }; A166BCC3040D36F8004AA618 = { fileEncoding = 4; isa = PBXFileReference; @@ -3201,7 +3207,7 @@ DYLIB_CURRENT_VERSION = 1; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h; - HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include"; + HEADER_SEARCH_PATHS = "$(SRCROOT)/../Sources/lib/crypto/des $(SRCROOT)/../Sources/include $(SRCROOT)/../Sources/include/krb5 $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include/krb5"; LIBRARY_STYLE = STATIC; PRODUCT_NAME = KerberosDES; REZ_EXECUTABLE = YES; @@ -3226,6 +3232,7 @@ buildActionMask = 2147483647; files = ( A1AB1DEF05DDC40100526345, + A14E78E90725B12A00A025E3, ); isa = PBXHeadersBuildPhase; runOnlyForDeploymentPostprocessing = 0; @@ -3377,7 +3384,7 @@ DYLIB_CURRENT_VERSION = 1; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h; - HEADER_SEARCH_PATHS = "$(SRCROOT)/../../Common/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include"; + HEADER_SEARCH_PATHS = "$(SRCROOT)/../../Common/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(SRCROOT)/../Sources/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include/krb5"; LIBRARY_STYLE = STATIC; PRODUCT_NAME = KerberosProfile; REZ_EXECUTABLE = YES; @@ -3524,7 +3531,7 @@ DYLIB_CURRENT_VERSION = 1; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h; - HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/ErrorTables $(SRCROOT)/../../Common/Headers $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosDebug/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(SRCROOT)/../../CredentialsCache/Headers $(SRCROOT)/../../CredentialsCache/Headers/Kerberos $(SRCROOT)/../../KerberosLogin/Headers $(SRCROOT)/../../KerberosLogin/Headers/Kerberos"; + HEADER_SEARCH_PATHS = "$(SRCROOT)/../Sources/include $(SRCROOT)/../Sources/include/krb5 $(SRCROOT)/../Sources/include/kerberosIV $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include/krb5 $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/ErrorTables $(SRCROOT)/../../Common/Headers $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosDebug/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(SRCROOT)/../../CredentialsCache/Headers $(SRCROOT)/../../CredentialsCache/Headers/Kerberos $(SRCROOT)/../../KerberosLogin/Headers $(SRCROOT)/../../KerberosLogin/Headers/Kerberos"; LIBRARY_STYLE = STATIC; PRODUCT_NAME = Kerberos4; REZ_EXECUTABLE = YES; @@ -3985,7 +3992,7 @@ DYLIB_CURRENT_VERSION = 1; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h; - HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(SRCROOT)/../Sources/include $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(SRCROOT)/../../CredentialsCache/Headers $(SRCROOT)/../../CredentialsCache/Headers/Kerberos $(SRCROOT)/../../KerberosLogin/Headers $(SRCROOT)/../../KerberosLogin/Headers/Kerberos"; + HEADER_SEARCH_PATHS = "$(SRCROOT)/../Sources/ $(SRCROOT)/../Sources/include $(SRCROOT)/../Sources/include/krb5 $(SRCROOT)/../Sources/lib/crypto/aes $(SRCROOT)/../Sources/lib/crypto $(SRCROOT)/../Sources/lib/crypto/arcfour $(SRCROOT)/../Sources/lib/crypto/enc_provider $(SRCROOT)/../Sources/lib/crypto/crc32 $(SRCROOT)/../Sources/lib/crypto/des $(SRCROOT)/../Sources/lib/crypto/dk $(SRCROOT)/../Sources/lib/crypto/hash_provider $(SRCROOT)/../Sources/lib/crypto/keyhash_provider $(SRCROOT)/../Sources/lib/crypto/md4 $(SRCROOT)/../Sources/lib/crypto/md5 $(SRCROOT)/../Sources/lib/crypto/old $(SRCROOT)/../Sources/lib/crypto/raw $(SRCROOT)/../Sources/lib/crypto/sha1 $(SRCROOT)/../Sources/lib/crypto/yarrow $(SRCROOT)/../Sources/lib/krb5/os $(SRCROOT)/../Sources/lib/krb5/keytab $(SRCROOT)/../Sources/lib/krb5/rcache $(SRCROOT)/../Sources/lib/krb5/ccache $(SRCROOT)/../Sources/lib/krb5/ccache/ccapi $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include/krb5 $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/ErrorTables $(SRCROOT)/../Sources/include $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(SRCROOT)/../../CredentialsCache/Headers $(SRCROOT)/../../CredentialsCache/Headers/Kerberos $(SRCROOT)/../../KerberosLogin/Headers $(SRCROOT)/../../KerberosLogin/Headers/Kerberos"; LIBRARY_STYLE = STATIC; PRODUCT_NAME = Kerberos5; REZ_EXECUTABLE = YES; @@ -6138,7 +6145,7 @@ DYLIB_CURRENT_VERSION = 1; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h; - HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos"; + HEADER_SEARCH_PATHS = "$(SRCROOT)/../Sources/include $(SRCROOT)/../Sources/include/krb5 $(SRCROOT)/../Sources/lib/gssapi $(SRCROOT)/../Sources/lib/gssapi/krb5 $(SRCROOT)/../Sources/lib/gssapi/generic $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/ErrorTables $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include/krb5 $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include/gssapi $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos"; LIBRARY_STYLE = STATIC; PRODUCT_NAME = GSS; REZ_EXECUTABLE = YES; diff --git a/src/mac/MacOSX/Projects/KerberosProfile.pbexp b/src/mac/MacOSX/Projects/KerberosProfile.pbexp index 9033b54ea..d6fc152af 100644 --- a/src/mac/MacOSX/Projects/KerberosProfile.pbexp +++ b/src/mac/MacOSX/Projects/KerberosProfile.pbexp @@ -7,7 +7,12 @@ _profile_init _profile_init_path _FSp_profile_init _FSp_profile_init_path +_profile_is_writable +_profile_is_modified _profile_flush +_profile_flush_to_file +_profile_flush_to_buffer +_profile_free_buffer _profile_abandon _profile_release _profile_get_values diff --git a/src/patchlevel.h b/src/patchlevel.h index a5206281a..b082557fd 100644 --- a/src/patchlevel.h +++ b/src/patchlevel.h @@ -53,6 +53,6 @@ #define KRB5_MAJOR_RELEASE 1 #define KRB5_MINOR_RELEASE 4 #define KRB5_PATCHLEVEL 0 -#define KRB5_RELTAIL "prerelease" +/* #undef KRB5_RELTAIL */ /* #undef KRB5_RELDATE */ -/* #undef KRB5_RELTAG */ +#define KRB5_RELTAG "krb5-1-4-final" diff --git a/src/tests/dejagnu/krb-root/ChangeLog b/src/tests/dejagnu/krb-root/ChangeLog index df5650558..328a26cfd 100644 --- a/src/tests/dejagnu/krb-root/ChangeLog +++ b/src/tests/dejagnu/krb-root/ChangeLog @@ -1,3 +1,10 @@ +2004-11-15 Tom Yu + + * telnet.exp (telnet_test): Work around possible race condition + with client's resetting of terminal mode when returning from + interactive command mode. Test whether requiring encryption + works. + 2004-03-14 Ken Raeburn * rlogin.exp (start_rlogin_daemon, rlogin_test): Use portbase to diff --git a/src/tests/dejagnu/krb-root/telnet.exp b/src/tests/dejagnu/krb-root/telnet.exp index 17ca35e3c..03bdb7910 100644 --- a/src/tests/dejagnu/krb-root/telnet.exp +++ b/src/tests/dejagnu/krb-root/telnet.exp @@ -50,7 +50,7 @@ if {![get_hostname] \ # A procedure to start up the telnet daemon. -proc start_telnet_daemon { } { +proc start_telnet_daemon { args } { global REALMNAME global TELNETD global LOGINKRB5 @@ -70,7 +70,7 @@ proc start_telnet_daemon { } { # we don't need to use inetd. The portbase+8 is the port to listen at. # Note that tmppwd here is a shell variable, which is set in # setup_root_shell, not a TCL variable. - send -i $rlogin_spawn_id "sh -c \"$TELNETD -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap -X KERBEROS_V4 [expr 8 + $portbase]\" &\r" + send -i $rlogin_spawn_id "sh -c \"$TELNETD $args -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap -X KERBEROS_V4 [expr 8 + $portbase]\" &\r" expect { -i $rlogin_spawn_id -re "$ROOT_PROMPT" { } @@ -174,7 +174,7 @@ proc telnet_test { } { set testname "simple telnet" expect { - "ogin:" { + "ogin: " { pass $testname } } @@ -184,7 +184,7 @@ proc telnet_test { } { set testname "telnet command mode" send "\035" expect { - "telnet>" { + "telnet> " { pass $testname } } @@ -200,9 +200,16 @@ proc telnet_test { } { } set testname "back to command mode" + + # For some reason, the telnet client doesn't necessarily reset the + # terminal mode back to raw after exiting command mode. + # Kick it somewhat by sending a CR. + send "\r" + expect "ogin: " + send "\035" expect { - "telnet>" { + "telnet> " { pass $testname } } @@ -299,6 +306,7 @@ proc telnet_test { } { } expect_after + catch "expect eof" # We can't use check_exit_status, because we expect an exit status # of 1. @@ -355,7 +363,7 @@ proc telnet_test { } { # Move back to telnet command mode and check the encryption status. set testname "encryption status" send "\035" - expect "telnet>" + expect "telnet> " send "status\r" expect { -re "Currently encrypting output with DES_CFB64.*Currently decrypting input with DES_CFB64" { @@ -368,6 +376,7 @@ proc telnet_test { } { expect "Connection closed by foreign host.\r" expect_after + catch "expect eof" # We can't use check_exit_status, because we expect an exit status # of 1. @@ -384,6 +393,38 @@ proc telnet_test { } { # The telnet daemon should have stopped, but we have no easy way # of checking whether it actually did. Kill it just in case. stop_telnet_daemon + + set testname "reject unencrypted telnet" + # Check rejection of unencrypted client when encryption is required + start_telnet_daemon -e + + # unencrypted, unauthenticated + spawn $TELNET -- $hostname -[expr 8 + $portbase] + expect_after { + timeout { + fail $testname + catch "expect_after" + return + } + eof { + fail $testname + catch "expect_after" + return + } + } + + expect { + -re "Unencrypted connection refused.*\n" { + pass $testname + } + } + catch "expect_after" + catch "expect eof" + catch wait + + # The telnet daemon should have stopped, but we have no easy way + # of checking whether it actually did. Kill it just in case. + stop_telnet_daemon } # Run the test. Logging in sometimes takes a while, so increase the diff --git a/src/tests/dejagnu/krb-standalone/ChangeLog b/src/tests/dejagnu/krb-standalone/ChangeLog index bba583b62..873c34b30 100644 --- a/src/tests/dejagnu/krb-standalone/ChangeLog +++ b/src/tests/dejagnu/krb-standalone/ChangeLog @@ -1,3 +1,17 @@ +2005-01-14 Tom Yu + + * kadmin.exp (kadmin_list): Check for communication failure. + (kadmin_test): Create a large number of principals, then attempt + to list, in order to check for fixed-size buffer problems in + RPCSEC_GSS. + +2004-12-20 Tom Yu + + * pwhist.exp: New file. Perform some sanity checking on password + history mechanism, including erroneous loss of history when + growing the history array. Also tries to trigger some known + buffer overflows and memory leaks. + 2004-03-14 Ken Raeburn * gssapi.exp (run_client, doit): Use portbase to compute all port diff --git a/src/tests/dejagnu/krb-standalone/kadmin.exp b/src/tests/dejagnu/krb-standalone/kadmin.exp index ded386d3d..c72548114 100644 --- a/src/tests/dejagnu/krb-standalone/kadmin.exp +++ b/src/tests/dejagnu/krb-standalone/kadmin.exp @@ -402,6 +402,11 @@ proc kadmin_list { } { catch "expect_after" return 0 } + "Communication failure" { + fail "kadmin ldb got RPC error" + catch "expect_after" + return 0 + } timeout { fail "kadmin ldb" catch "expect_after" @@ -416,7 +421,7 @@ proc kadmin_list { } { expect -re "assword\[^\r\n\]*: *" { send "adminpass$KEY\r" } - expect -re "\(.*@$REALMNAME\r\n\)*" + expect -re "\(.*@$REALMNAME\r\n\)+" expect_after expect eof set k_stat [wait -i $spawn_id] @@ -1033,6 +1038,17 @@ proc kadmin_test { } { return } + # test retrieval of large number of principals + # bug [2877] + for { set i 0 } { $i < 200 } { incr i } { + if { ![kadmin_add "foo$i" foopass] } { + return + } + } + + if { ![kadmin_list] } { + return + } verbose "kadmin_test succeeded" } diff --git a/src/tests/dejagnu/krb-standalone/pwhist.exp b/src/tests/dejagnu/krb-standalone/pwhist.exp new file mode 100644 index 000000000..f9938e091 --- /dev/null +++ b/src/tests/dejagnu/krb-standalone/pwhist.exp @@ -0,0 +1,215 @@ +# password history tests + +# one *non-interactive* kadmin.local request +proc onerq { rq pname str {flags ""} } { + global REALMNAME + global KADMIN_LOCAL + + spawn $KADMIN_LOCAL -r $REALMNAME -q "$rq $flags $pname" + expect_after { + timeout { + verbose "kadmin.local $rq $flags $pname timed out" + catch expect_after + kill [exp_pid] + close + expect eof + wait + return 0 + } eof { + verbose "kadmin.local $rq $flags $pname got EOF" + catch expect_after + wait + return 0 + } + } + expect $str + expect_after + expect eof + wait + return 1 +} + +proc addprinc { pname pw } { + global REALMNAME + + return [onerq addprinc $pname \ + "Principal \"$pname@$REALMNAME\" created." "-pw $pw"] +} + +proc delprinc { pname } { + global REALMNAME + return [onerq delprinc $pname \ + "Principal \"$pname@$REALMNAME\" deleted." "-force"] +} + +proc cpw { pname pw } { + global REALMNAME + + return [onerq cpw $pname \ + "Password for \"$pname@$REALMNAME\" changed." "-pw $pw"] +} + +proc modprinc { pname flags } { + global REALMNAME + + return [onerq modprinc $pname \ + "Principal \"$pname@$REALMNAME\" modified." $flags] +} + +proc addpol { pname } { + if ![onerq addpol $pname ""] { + return 0 + } + return [onerq getpol $pname "Policy: $pname"] +} + +proc delpol { pname } { + onerq delpol $pname "" -force + return [onerq getpol $pname \ + "Policy does not exist while retrieving policy \"$pname\"."] +} + +proc modpol { pname flags } { + return [onerq modpol $pname "" $flags] +} + +# Mandatory command must return true. +# Issues a break in its parent on failure. +proc mustrun { cmd } { + if ![eval $cmd] { + perror "mandatory command failed: $cmd" + uplevel break + } +} + +# Fail test if command fails. +# Issues a break in its parent on failure. +proc chkpass { cmd } { + upvar test test + if ![eval $cmd] { + verbose "unexpected failure: $cmd" + fail $test + uplevel break + } +} + +# Fail test if command succeeds. +# Issues a break in its parent on failure. +proc chkfail { cmd } { + upvar test test + if [eval $cmd] { + verbose "unexpected success: $cmd" + fail $test + uplevel break + } +} + +# wrapper to run command (actually usually sequence of commands) +# +# If any part of CMD throws an exception, set failall, otherwise pass. +# If failall is already true, report unresolved. +proc wraptest { test cmd } { + upvar failall failall + if $failall { + unresolved $test + return + } + if [catch $cmd] { + set failall 1 + } else { + pass $test + } +} + +# Set up the kerberos database. +if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + return +} + +set failall 0 +wraptest "nkeys=1, nhist=3" { + mustrun { addpol crashpol } + mustrun { modpol crashpol "-history 3"} + mustrun { addprinc crash 1111 } + mustrun { modprinc crash "-policy crashpol" } + chkpass { cpw crash 2222 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } +} +verbose {old_keys [ 1111 ->[] ]} + +# The following will result in reading/writing past array bounds if +# add_to_history() is not patched. +# +# NOTE: A pass from this test does not mean the bug isn't present; +# check with Purify, valgrind, etc. +wraptest "array bounds ok on nkeys=1, nhist 3->2" { + mustrun { modpol crashpol "-history 2" } + chkpass { cpw crash 3333 } +} +verbose {old_keys [ ->2222 ]} + +wraptest "verify nhist=2" { + mustrun { delprinc crash } + mustrun { addprinc crash 1111 } + mustrun { modprinc crash "-policy crashpol" } + chkpass { cpw crash 2222 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } +} +verbose {old_keys [ ->1111 ]} + +# The following will fail if growing the history array causes an extra +# key to be lost due to failure to shift entries. +wraptest "grow nhist 2->3" { + mustrun { modpol crashpol "-history 3" } + chkpass { cpw crash 3333 } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } +} +verbose {old_keys [ 2222 ->1111 ]} + +wraptest "grow nhist 3->4" { + mustrun { modpol crashpol "-history 4" } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + chkpass { cpw crash 4444 } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } +} +verbose {old_keys [ 2222 3333 ->1111 ]} +wraptest "shrink nhist 4->3" { + mustrun { modpol crashpol "-history 3" } + chkfail { cpw crash 4444 } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + chkpass { cpw crash 5555 } +} +verbose {old_keys [ 4444 ->3333 ]} +wraptest "verify nhist=3" { + chkfail { cpw crash 5555 } + chkfail { cpw crash 4444 } + chkfail { cpw crash 3333 } + chkpass { cpw crash 2222 } +} +verbose {old_keys [ ->4444 5555 ]} +wraptest "shrink nhist 3->2" { + mustrun { modpol crashpol "-history 2" } + chkfail { cpw crash 2222 } + chkfail { cpw crash 5555 } + chkfail { cpw crash 4444 } + chkpass { cpw crash 3333 } +} +verbose {old_keys [ ->2222 ]} + +delprinc crash +delpol crashpol + +stop_kerberos_daemons diff --git a/src/util/ChangeLog b/src/util/ChangeLog index 990ca78cf..5e792c8ac 100644 --- a/src/util/ChangeLog +++ b/src/util/ChangeLog @@ -1,3 +1,13 @@ +2004-12-21 Tom Yu + + * def-check.pl: Check for PRIVATE or INTERNAL annotations in defs + file. + +2004-10-31 Tom Yu + + * mkrel: Rework quoting for RELTAIL check. Don't check RELTAIL if + doing a "-current" snapshot. + 2004-09-24 Tom Yu * mkrel: Rework somewhat to handle patchlevel.h being the new diff --git a/src/util/def-check.pl b/src/util/def-check.pl index 9b7aee15e..447421e8e 100644 --- a/src/util/def-check.pl +++ b/src/util/def-check.pl @@ -219,7 +219,9 @@ while (! $d->eof()) { } s/[ \t]*//g; my($xconv); - if (/!CALLCONV/ || /KRB5_CALLCONV_WRONG/) { + if (/PRIVATE/ || /INTERNAL/) { + $xconv = "PRIVATE"; + } elsif (/!CALLCONV/ || /KRB5_CALLCONV_WRONG/) { $xconv = "KRB5_CALLCONV_WRONG"; } elsif ($vararg{$_}) { $xconv = "KRB5_CALLCONV_C"; @@ -227,6 +229,11 @@ while (! $d->eof()) { $xconv = "KRB5_CALLCONV"; } s/;.*$//; + + if ($xconv eq "PRIVATE") { + print "\t private $_\n"; + next LINE2; + } if (!defined($conv{$_})) { print "No calling convention specified for $_!\n"; } elsif (! ($conv{$_} eq $xconv)) { diff --git a/src/util/et/ChangeLog b/src/util/et/ChangeLog index 934983400..eeec13ebd 100644 --- a/src/util/et/ChangeLog +++ b/src/util/et/ChangeLog @@ -1,3 +1,14 @@ +2005-01-13 Ken Raeburn + + * error_message.c (com_err_terminate): Lock the list mutex before + walking through it; unlock and destroy it afterwards. + +2004-11-05 Ken Raeburn + + * et_h.awk: Declare initialize_*_error_table as taking no + arguments. + * et_h.pl: Regenerated. + 2004-10-07 Tom Yu * et_c.awk, et_h.awk: Fix off-by-one error. diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c index 42c230051..8bef6804d 100644 --- a/src/util/et/error_message.c +++ b/src/util/et/error_message.c @@ -62,11 +62,13 @@ void com_err_terminate(void) struct dynamic_et_list *e, *enext; if (! INITIALIZER_RAN(com_err_initialize) || PROGRAM_EXITING()) return; - k5_mutex_destroy(&et_list_lock); + k5_mutex_lock(&et_list_lock); for (e = et_list_dynamic; e; e = enext) { enext = e->next; free(e); } + k5_mutex_unlock(&et_list_lock); + k5_mutex_destroy(&et_list_lock); terminated = 1; } diff --git a/src/util/et/et_h.awk b/src/util/et/et_h.awk index e3d9fa4c7..65c6c453f 100644 --- a/src/util/et/et_h.awk +++ b/src/util/et/et_h.awk @@ -155,7 +155,7 @@ END { print "" > outfile print "#if !defined(_WIN32)" > outfile print "/* for compatibility with older versions... */" > outfile - print "extern void initialize_" table_name "_error_table () /*@modifies internalState@*/;" > outfile + print "extern void initialize_" table_name "_error_table (void) /*@modifies internalState@*/;" > outfile print "#else" > outfile print "#define initialize_" table_name "_error_table()" > outfile print "#endif" > outfile diff --git a/src/util/et/et_h.pl b/src/util/et/et_h.pl index e0965de4d..5ab8e8b46 100644 --- a/src/util/et/et_h.pl +++ b/src/util/et/et_h.pl @@ -203,7 +203,7 @@ else { &Pick('>', $outfile) && (print $fh 'extern void initialize_' . $table_name . - '_error_table () /*@modifies internalState@*/;'); + '_error_table (void) /*@modifies internalState@*/;'); &Pick('>', $outfile) && (print $fh '#else'); &Pick('>', $outfile) && diff --git a/src/util/mkrel b/src/util/mkrel index 97a08d126..804dd5f90 100644 --- a/src/util/mkrel +++ b/src/util/mkrel @@ -120,10 +120,11 @@ if test $newstyle = t; then if test "$KRB5_RELTAG" != $reltag; then echo "WARNING: patchlevel.h '$KRB5_RELTAG' != $reltag" fi - if test "$KRB5_MAJOR_RELEASE" != $relmajor || \ - test "$KRB5_MINOR_RELEASE" != $relminor || \ - test "$KRB5_PATCHLEVEL" != $relpatch || \ - test "$KRB5_RELTAIL" != $reltail; then + if test "$KRB5_MAJOR_RELEASE" != "$relmajor" || \ + test "$KRB5_MINOR_RELEASE" != "$relminor" || \ + test "$KRB5_PATCHLEVEL" != "$relpatch" || \ + ( test -n "$reltail" && \ + test "$KRB5_RELTAIL" != "$reltail" ); then echo "WARNING: patchlevel.h $KRB5_MAJOR_RELEASE.$KRB5_MINOR_RELEASE.$KRB5_PATCHLEVEL${KRB5_RELTAIL+-$KRB5_RELTAIL} != $relmajor.$relminor.$relpatch${reltail+-$reltail}" fi diff --git a/src/util/profile/ChangeLog b/src/util/profile/ChangeLog index 1366bd4d1..2247776e6 100644 --- a/src/util/profile/ChangeLog +++ b/src/util/profile/ChangeLog @@ -1,3 +1,37 @@ +2005-01-13 Ken Raeburn + + * prof_file.c (profile_free_file_data): Destroy mutex before + freeing containing structure. + +2004-12-14 Ken Raeburn + + * prof_tree.c (profile_node_iterator): When the iterator has a + current file, lock it, and unlock it before changing it or + returning. + +2004-11-04 Alexandra Ellwood + + * prof_init.c, profile.hin: added profile_is_modified + and profile_is_writable so that callers can check to see + if profile_release() will fail before calling it. + +2004-11-04 Alexandra Ellwood + + * prof_set.c: profile calls which set values should not fail + if file is not writable. You can now write to a different + file with profile_flush_to_file() or buffer with + profile_flush_to_buffer(). + +2004-10-30 Ken Raeburn + + * prof_int.h (STAT_ONCE_PER_SECOND): Define. + (struct _prf_data_t) [STAT_ONCE_PER_SECOND]: New field LAST_STAT. + * prof_file.c (scan_shared_trees_locked, + scan_shared_trees_unlocked): Redefine to do nothing for now. + (profile_update_file_data) [STAT_ONCE_PER_SECOND]: If the current + time is the same time as the last stat of the file, just return; + otherwise, save away the current time. + 2004-10-26 Ken Raeburn Permit exporting profile file data into a buffer. diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c index f47e5404b..9b0048c9c 100644 --- a/src/util/profile/prof_file.c +++ b/src/util/profile/prof_file.c @@ -66,6 +66,8 @@ void profile_library_finalizer(void) static void profile_free_file_data(prf_data_t); +#if 0 + #define scan_shared_trees_locked() \ { \ prf_data_t d; \ @@ -89,6 +91,13 @@ static void profile_free_file_data(prf_data_t); k5_mutex_unlock(&g_shared_trees_mutex); \ } +#else + +#define scan_shared_trees_locked() { ; } +#define scan_shared_trees_unlocked() { ; } + +#endif + static int rw_access(const_profile_filespec_t filespec) { #ifdef HAVE_ACCESS @@ -263,7 +272,8 @@ errcode_t profile_open_file(const_profile_filespec_t filespec, retval = k5_mutex_init(&data->lock); if (retval) { - profile_close_file(prf); + free(data); + free(prf); return retval; } @@ -295,6 +305,9 @@ errcode_t profile_update_file_data(prf_data_t data) errcode_t retval; #ifdef HAVE_STAT struct stat st; +#ifdef STAT_ONCE_PER_SECOND + time_t now; +#endif #endif FILE *f; @@ -303,11 +316,21 @@ errcode_t profile_update_file_data(prf_data_t data) return retval; #ifdef HAVE_STAT +#ifdef STAT_ONCE_PER_SECOND + now = time(0); + if (now == data->last_stat) { + k5_mutex_unlock(&data->lock); + return 0; + } +#endif if (stat(data->filespec, &st)) { retval = errno; k5_mutex_unlock(&data->lock); return retval; } +#ifdef STAT_ONCE_PER_SECOND + data->last_stat = now; +#endif if (st.st_mtime == data->timestamp) { k5_mutex_unlock(&data->lock); return 0; @@ -556,12 +579,13 @@ static void profile_free_file_data(prf_data_t data) } } } - if (data->root) - profile_free_node(data->root); - if (data->comment) - free(data->comment); - data->magic = 0; - free(data); + if (data->root) + profile_free_node(data->root); + if (data->comment) + free(data->comment); + data->magic = 0; + k5_mutex_destroy(&data->lock); + free(data); scan_shared_trees_locked(); } diff --git a/src/util/profile/prof_init.c b/src/util/profile/prof_init.c index 02d61ee1f..0be2a0e53 100644 --- a/src/util/profile/prof_init.c +++ b/src/util/profile/prof_init.c @@ -120,6 +120,36 @@ profile_init_path(const_profile_filespec_list_t filepath, return retval; } +errcode_t KRB5_CALLCONV +profile_is_writable(profile_t profile, int *writable) +{ + if (!profile || profile->magic != PROF_MAGIC_PROFILE) + return PROF_MAGIC_PROFILE; + + if (!writable) + return EINVAL; + + if (profile->first_file) + *writable = (profile->first_file->data->flags & PROFILE_FILE_RW); + + return 0; +} + +errcode_t KRB5_CALLCONV +profile_is_modified(profile_t profile, int *modified) +{ + if (!profile || profile->magic != PROF_MAGIC_PROFILE) + return PROF_MAGIC_PROFILE; + + if (!modified) + return EINVAL; + + if (profile->first_file) + *modified = (profile->first_file->data->flags & PROFILE_FILE_DIRTY); + + return 0; +} + errcode_t KRB5_CALLCONV profile_flush(profile_t profile) { diff --git a/src/util/profile/prof_int.h b/src/util/profile/prof_int.h index d2761228c..b7c90961e 100644 --- a/src/util/profile/prof_int.h +++ b/src/util/profile/prof_int.h @@ -14,6 +14,8 @@ #include "com_err.h" #include "profile.h" +#define STAT_ONCE_PER_SECOND + #if defined(_WIN32) #define SIZEOF_INT 4 #define SIZEOF_SHORT 2 @@ -36,6 +38,9 @@ struct _prf_data_t { k5_mutex_t lock; char *comment; struct profile_node *root; +#ifdef STAT_ONCE_PER_SECOND + time_t last_stat; +#endif time_t timestamp; /* time tree was last updated from file */ int flags; /* r/w, dirty */ int upd_serial; /* incremented when data changes */ diff --git a/src/util/profile/prof_set.c b/src/util/profile/prof_set.c index 67274c23f..85f228630 100644 --- a/src/util/profile/prof_set.c +++ b/src/util/profile/prof_set.c @@ -33,9 +33,6 @@ static errcode_t rw_setup(profile_t profile) file = profile->first_file; - if (!(file->data->flags & PROFILE_FILE_RW)) - return PROF_READ_ONLY; - retval = profile_lock_global(); if (retval) return retval; diff --git a/src/util/profile/prof_tree.c b/src/util/profile/prof_tree.c index 1d96ffbb8..eea34f60b 100644 --- a/src/util/profile/prof_tree.c +++ b/src/util/profile/prof_tree.c @@ -466,17 +466,27 @@ errcode_t profile_node_iterator(void **iter_p, struct profile_node **ret_node, * If the file has changed, then the node pointer is invalid, * so we'll have search the file again looking for it. */ + if (iter->file) { + retval = k5_mutex_lock(&iter->file->data->lock); + if (retval) + return retval; + } if (iter->node && (iter->file->data->upd_serial != iter->file_serial)) { iter->flags &= ~PROFILE_ITER_FINAL_SEEN; skip_num = iter->num; iter->node = 0; } - if (iter->node && iter->node->magic != PROF_MAGIC_NODE) + if (iter->node && iter->node->magic != PROF_MAGIC_NODE) { + if (iter->file) + k5_mutex_unlock(&iter->file->data->lock); return PROF_MAGIC_NODE; + } get_new_file: if (iter->node == 0) { if (iter->file == 0 || (iter->flags & PROFILE_ITER_FINAL_SEEN)) { + if (iter->file) + k5_mutex_unlock(&iter->file->data->lock); profile_node_iterator_free(iter_p); if (ret_node) *ret_node = 0; @@ -486,10 +496,18 @@ get_new_file: *ret_value =0; return 0; } + k5_mutex_unlock(&iter->file->data->lock); if ((retval = profile_update_file(iter->file))) { if (retval == ENOENT || retval == EACCES) { /* XXX memory leak? */ iter->file = iter->file->next; + if (iter->file) { + retval = k5_mutex_lock(&iter->file->data->lock); + if (retval) { + profile_node_iterator_free(iter_p); + return retval; + } + } skip_num = 0; retval = 0; goto get_new_file; @@ -498,6 +516,11 @@ get_new_file: return retval; } } + retval = k5_mutex_lock(&iter->file->data->lock); + if (retval) { + profile_node_iterator_free(iter_p); + return retval; + } iter->file_serial = iter->file->data->upd_serial; /* * Find the section to list if we are a LIST_SECTION, @@ -518,7 +541,15 @@ get_new_file: iter->flags |= PROFILE_ITER_FINAL_SEEN; } if (!section) { + k5_mutex_unlock(&iter->file->data->lock); iter->file = iter->file->next; + if (iter->file) { + retval = k5_mutex_lock(&iter->file->data->lock); + if (retval) { + profile_node_iterator_free(iter_p); + return retval; + } + } skip_num = 0; goto get_new_file; } @@ -546,11 +577,20 @@ get_new_file: } iter->num++; if (!p) { + k5_mutex_unlock(&iter->file->data->lock); iter->file = iter->file->next; + if (iter->file) { + retval = k5_mutex_lock(&iter->file->data->lock); + if (retval) { + profile_node_iterator_free(iter_p); + return retval; + } + } iter->node = 0; skip_num = 0; goto get_new_file; } + k5_mutex_unlock(&iter->file->data->lock); if ((iter->node = p->next) == NULL) iter->file = iter->file->next; if (ret_node) diff --git a/src/util/profile/profile.hin b/src/util/profile/profile.hin index ec822ca8b..10abe725a 100644 --- a/src/util/profile/profile.hin +++ b/src/util/profile/profile.hin @@ -54,6 +54,11 @@ long KRB5_CALLCONV profile_flush_to_buffer void KRB5_CALLCONV profile_free_buffer (profile_t profile, char *buf); +long KRB5_CALLCONV profile_is_writable + (profile_t profile, int *writable); +long KRB5_CALLCONV profile_is_modified + (profile_t profile, int *modified); + void KRB5_CALLCONV profile_abandon (profile_t profile); diff --git a/src/util/support/ChangeLog b/src/util/support/ChangeLog index 2ee4dd930..5db19b86e 100644 --- a/src/util/support/ChangeLog +++ b/src/util/support/ChangeLog @@ -1,3 +1,7 @@ +2004-12-15 Jeffrey Altman + + * Makefile.in: rename krb5support_32.dll to k5sprt32.dll + 2004-10-25 Ken Raeburn * libkrb5support.exports: Export krb5int_fac, _lock_fac, diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in index 034bade41..af3648a10 100644 --- a/src/util/support/Makefile.in +++ b/src/util/support/Makefile.in @@ -5,9 +5,9 @@ BUILDTOP=$(REL)..$(S).. RELDIR=../util/support ##DOS##BUILDTOP = ..\.. -##DOS##LIBNAME=$(OUTPRE)krb5support_32.lib +##DOS##LIBNAME=$(OUTPRE)k5sprt32.lib ##DOS##XTRA= -##DOS##OBJFILE=$(OUTPRE)krb5support_32.lst +##DOS##OBJFILE=$(OUTPRE)k5sprt32.lst SED = sed diff --git a/src/windows/ChangeLog b/src/windows/ChangeLog index e2f888f35..c1165b6f3 100644 --- a/src/windows/ChangeLog +++ b/src/windows/ChangeLog @@ -1,3 +1,7 @@ +2004-12-15 Jeffrey Altman + + * version.rc: rename krb5support.dll to k5sprt32.dll + 2004-09-30 Jeffrey Altman * version.rc: Add pismere condition resource strings diff --git a/src/windows/installer/nsis/ChangeLog b/src/windows/installer/nsis/ChangeLog index 40d5e1ea3..12a463e68 100644 --- a/src/windows/installer/nsis/ChangeLog +++ b/src/windows/installer/nsis/ChangeLog @@ -1,3 +1,14 @@ +2004-12-18 Jeffrey Altman + +* kfw-fixed.nsi: + Add "Debug Symbols" as a new category. It defaults to on + in debug builds and off in release builds. + +2004-12-15 Jeffrey Altman + +* kfw-fixed.nsi + Add kcpytkt.exe, kdeltkt.exe, k5sprt32.dll, mit2ms.exe + 2004-09-17 Jeffrey Altman * kfw-fixed.nsi: diff --git a/src/windows/installer/nsis/kfw-fixed.nsi b/src/windows/installer/nsis/kfw-fixed.nsi index 6847c82ce..aacf5b7ca 100644 --- a/src/windows/installer/nsis/kfw-fixed.nsi +++ b/src/windows/installer/nsis/kfw-fixed.nsi @@ -118,6 +118,8 @@ VIAddVersionKey "PrivateBuild" "Checked/Debug" LangString DESC_secClient ${LANG_ENGLISH} "Client: Allows you to utilize MIT Kerberos from your Windows PC." + LangString DESC_secDebug ${LANG_ENGLISH} "Debug Symbols: Used for debugging problems with MIT Kerberos for Windows" + LangString DESC_secSDK ${LANG_ENGLISH} "SDK: Allows you to build MIT Kerberos aware applications." LangString DESC_secDocs ${LANG_ENGLISH} "Documentation: Release Notes and User Manuals." @@ -197,6 +199,7 @@ Section "KfW Client" secClient !insertmacro ReplaceDLL "${KFW_BIN_DIR}\kpasswd.exe" "$INSTDIR\bin\kpasswd.exe" "$INSTDIR" !insertmacro ReplaceDLL "${KFW_BIN_DIR}\kvno.exe" "$INSTDIR\bin\kvno.exe" "$INSTDIR" !insertmacro ReplaceDLL "${KFW_BIN_DIR}\krb5_32.dll" "$INSTDIR\bin\krb5_32.dll" "$INSTDIR" + !insertmacro ReplaceDLL "${KFW_BIN_DIR}\k5sprt32.dll" "$INSTDIR\bin\k5sprt32.dll" "$INSTDIR" !insertmacro ReplaceDLL "${KFW_BIN_DIR}\krb524.dll" "$INSTDIR\bin\krb524.dll" "$INSTDIR" !insertmacro ReplaceDLL "${KFW_BIN_DIR}\krbcc32.dll" "$INSTDIR\bin\krbcc32.dll" "$INSTDIR" !insertmacro ReplaceDLL "${KFW_BIN_DIR}\krbcc32s.exe" "$INSTDIR\bin\krbcc32s.exe" "$INSTDIR" @@ -209,41 +212,17 @@ Section "KfW Client" secClient !endif !insertmacro ReplaceDLL "${KFW_BIN_DIR}\leashw32.dll" "$INSTDIR\bin\leashw32.dll" "$INSTDIR" !insertmacro ReplaceDLL "${KFW_BIN_DIR}\ms2mit.exe" "$INSTDIR\bin\ms2mit.exe" "$INSTDIR" + !insertmacro ReplaceDLL "${KFW_BIN_DIR}\mit2ms.exe" "$INSTDIR\bin\mit2ms.exe" "$INSTDIR" + !insertmacro ReplaceDLL "${KFW_BIN_DIR}\kcpytkt.exe" "$INSTDIR\bin\kcpytkt.exe" "$INSTDIR" + !insertmacro ReplaceDLL "${KFW_BIN_DIR}\kdeltkt.exe" "$INSTDIR\bin\kdeltkt.exe" "$INSTDIR" !insertmacro ReplaceDLL "${KFW_BIN_DIR}\wshelp32.dll" "$INSTDIR\bin\wshelp32.dll" "$INSTDIR" !insertmacro ReplaceDLL "${KFW_BIN_DIR}\xpprof32.dll" "$INSTDIR\bin\xpprof32.dll" "$INSTDIR" !ifdef DEBUG - File "${KFW_BIN_DIR}\aklog.pdb" - File "${KFW_BIN_DIR}\comerr32.pdb" - File "${KFW_BIN_DIR}\gss.pdb" - File "${KFW_BIN_DIR}\gss-client.pdb" - File "${KFW_BIN_DIR}\gss-server.pdb" - File "${KFW_BIN_DIR}\gssapi32.pdb" - File "${KFW_BIN_DIR}\k524init.pdb" - File "${KFW_BIN_DIR}\kclnt32.pdb" - File "${KFW_BIN_DIR}\kdestroy.pdb" - File "${KFW_BIN_DIR}\kinit.pdb" - File "${KFW_BIN_DIR}\klist.pdb" - File "${KFW_BIN_DIR}\kpasswd.pdb" - File "${KFW_BIN_DIR}\kvno.pdb" - File "${KFW_BIN_DIR}\krb5_32.pdb" - File "${KFW_BIN_DIR}\krb524.pdb" - File "${KFW_BIN_DIR}\krbcc32.pdb" - File "${KFW_BIN_DIR}\krbcc32s.pdb" - File "${KFW_BIN_DIR}\krbv4w32.pdb" - File "${KFW_BIN_DIR}\leashw32.pdb" - File "${KFW_BIN_DIR}\leash32.pdb" - File "${KFW_BIN_DIR}\ms2mit.pdb" - File "${KFW_BIN_DIR}\wshelp32.pdb" - File "${KFW_BIN_DIR}\xpprof32.pdb" - !IFDEF CL_1400 !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcr80d.dll" "$INSTDIR\bin\msvcr80d.dll" "$INSTDIR" - File "${SYSTEMDIR}\msvcr80d.pdb" !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcp80d.dll" "$INSTDIR\bin\msvcp80d.dll" "$INSTDIR" - File "${SYSTEMDIR}\msvcp80d.pdb" !insertmacro ReplaceDLL "${SYSTEMDIR}\mfc80d.dll" "$INSTDIR\bin\mfc80d.dll" "$INSTDIR" - File "${SYSTEMDIR}\mfc80d.pdb" !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC80CHS.DLL" "$INSTDIR\bin\MFC80CHS.DLL" "$INSTDIR" !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC80CHT.DLL" "$INSTDIR\bin\MFC80CHT.DLL" "$INSTDIR" !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC80DEU.DLL" "$INSTDIR\bin\MFC80DEU.DLL" "$INSTDIR" @@ -256,11 +235,8 @@ Section "KfW Client" secClient !ELSE !IFDEF CL_1310 !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcr71d.dll" "$INSTDIR\bin\msvcr71d.dll" "$INSTDIR" - File "${SYSTEMDIR}\msvcr71d.pdb" !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcp71d.dll" "$INSTDIR\bin\msvcp71d.dll" "$INSTDIR" - File "${SYSTEMDIR}\msvcp71d.pdb" !insertmacro ReplaceDLL "${SYSTEMDIR}\mfc71d.dll" "$INSTDIR\bin\mfc71d.dll" "$INSTDIR" - File "${SYSTEMDIR}\mfc71d.pdb" !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71CHS.DLL" "$INSTDIR\bin\MFC71CHS.DLL" "$INSTDIR" !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71CHT.DLL" "$INSTDIR\bin\MFC71CHT.DLL" "$INSTDIR" !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC71DEU.DLL" "$INSTDIR\bin\MFC71DEU.DLL" "$INSTDIR" @@ -273,11 +249,8 @@ Section "KfW Client" secClient !ELSE !IFDEF CL_1300 !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcr70d.dll" "$INSTDIR\bin\msvcr70d.dll" "$INSTDIR" - File "${SYSTEMDIR}\msvcr70d.pdb" !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcp70d.dll" "$INSTDIR\bin\msvcp70d.dll" "$INSTDIR" - File "${SYSTEMDIR}\msvcp70d.pdb" !insertmacro ReplaceDLL "${SYSTEMDIR}\mfc70d.dll" "$INSTDIR\bin\mfc70d.dll" "$INSTDIR" - File "${SYSTEMDIR}\mfc70d.pdb" !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70CHS.DLL" "$INSTDIR\bin\MFC70CHS.DLL" "$INSTDIR" !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70CHT.DLL" "$INSTDIR\bin\MFC70CHT.DLL" "$INSTDIR" !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70DEU.DLL" "$INSTDIR\bin\MFC70DEU.DLL" "$INSTDIR" @@ -289,11 +262,8 @@ Section "KfW Client" secClient !insertmacro ReplaceDLL "${SYSTEMDIR}\MFC70KOR.DLL" "$INSTDIR\bin\MFC70KOR.DLL" "$INSTDIR" !ELSE !insertmacro ReplaceDLL "${SYSTEMDIR}\mfc42d.dll" "$INSTDIR\bin\mfc42d.dll" "$INSTDIR" - File "${SYSTEMDIR}\mfc42d.pdb" !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcp60d.dll" "$INSTDIR\bin\msvcp60d.dll" "$INSTDIR" - File "${SYSTEMDIR}\msvcp60d.pdb" !insertmacro ReplaceDLL "${SYSTEMDIR}\msvcrtd.dll" "$INSTDIR\bin\msvcrtd.dll" "$INSTDIR" - File "${SYSTEMDIR}\msvcrtd.pdb" !ENDIF !ENDIF !ENDIF @@ -461,6 +431,7 @@ skipAllowTgtKey: WriteRegDWORD HKLM "Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kvno" "Flags" 0x408 WriteRegDWORD HKLM "Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\ms2mit" "Flags" 0x408 WriteRegDWORD HKLM "Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\mit2ms" "Flags" 0x408 + WriteRegDWORD HKLM "Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\mit2ms" "Flags" 0x408 WriteRegDWORD HKLM "Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kcpytkt" "Flags" 0x408 WriteRegDWORD HKLM "Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kdeltkt" "Flags" 0x408 WriteRegDWORD HKLM "Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\k95" "Flags" 0x408 @@ -468,6 +439,63 @@ skipAllowTgtKey: SectionEnd +Section "Debug Symbols" secDebug + + SetOutPath "$INSTDIR\bin" + File "${KFW_BIN_DIR}\aklog.pdb" + File "${KFW_BIN_DIR}\comerr32.pdb" + File "${KFW_BIN_DIR}\gss.pdb" + File "${KFW_BIN_DIR}\gss-client.pdb" + File "${KFW_BIN_DIR}\gss-server.pdb" + File "${KFW_BIN_DIR}\gssapi32.pdb" + File "${KFW_BIN_DIR}\k524init.pdb" + File "${KFW_BIN_DIR}\kclnt32.pdb" + File "${KFW_BIN_DIR}\kdestroy.pdb" + File "${KFW_BIN_DIR}\kinit.pdb" + File "${KFW_BIN_DIR}\klist.pdb" + File "${KFW_BIN_DIR}\kpasswd.pdb" + File "${KFW_BIN_DIR}\kvno.pdb" + File "${KFW_BIN_DIR}\krb5_32.pdb" + File "${KFW_BIN_DIR}\k5sprt32.pdb" + File "${KFW_BIN_DIR}\krb524.pdb" + File "${KFW_BIN_DIR}\krbcc32.pdb" + File "${KFW_BIN_DIR}\krbcc32s.pdb" + File "${KFW_BIN_DIR}\krbv4w32.pdb" + File "${KFW_BIN_DIR}\leashw32.pdb" + File "${KFW_BIN_DIR}\leash32.pdb" + File "${KFW_BIN_DIR}\ms2mit.pdb" + File "${KFW_BIN_DIR}\mit2ms.pdb" + File "${KFW_BIN_DIR}\kcpytkt.pdb" + File "${KFW_BIN_DIR}\kdeltkt.pdb" + File "${KFW_BIN_DIR}\wshelp32.pdb" + File "${KFW_BIN_DIR}\xpprof32.pdb" + +!IFDEF DEBUG +!IFDEF CL_1400 + File "${SYSTEMDIR}\msvcr80d.pdb" + File "${SYSTEMDIR}\msvcp80d.pdb" + File "${SYSTEMDIR}\mfc80d.pdb" +!ELSE +!IFDEF CL_1310 + File "${SYSTEMDIR}\msvcr71d.pdb" + File "${SYSTEMDIR}\msvcp71d.pdb" + File "${SYSTEMDIR}\mfc71d.pdb" +!ELSE +!IFDEF CL_1300 + File "${SYSTEMDIR}\msvcr70d.pdb" + File "${SYSTEMDIR}\msvcp70d.pdb" + File "${SYSTEMDIR}\mfc70d.pdb" +!ELSE + File "${SYSTEMDIR}\mfc42d.pdb" + File "${SYSTEMDIR}\msvcp60d.pdb" + File "${SYSTEMDIR}\msvcrtd.pdb" +!ENDIF +!ENDIF +!ENDIF +!ENDIF + +SectionEnd + ;---------------------- ; Kerberos for Windows SDK Section "KfW SDK" secSDK @@ -806,6 +834,17 @@ DoNotRestart: no_remove_uninstaller: contInstall: + ; Never install debug symbols unless explicitly selected, except in DEBUG mode +!IFNDEF DEBUG + SectionGetFlags ${secDebug} $0 + IntOp $0 $0 & ${SECTION_OFF} + SectionSetFlags ${secDebug} $0 +!ELSE + SectionGetFlags ${secDebug} $0 + IntOp $0 $0 | ${SF_SELECTED} + SectionSetFlags ${secDebug} $0 +!ENDIF + ; Our logic should be like this. ; 1) If no KfW components are installed, we do a clean install with default options. (Client/Docs) ; 2) If existing modules are installed, we keep them selected @@ -1019,6 +1058,7 @@ FunctionEnd !insertmacro MUI_DESCRIPTION_TEXT ${secClient} $(DESC_secClient) !insertmacro MUI_DESCRIPTION_TEXT ${secSDK} $(DESC_secSDK) !insertmacro MUI_DESCRIPTION_TEXT ${secDocs} $(DESC_secDocs) + !insertmacro MUI_DESCRIPTION_TEXT ${secDebug} $(DESC_secDebug) !insertmacro MUI_FUNCTION_DESCRIPTION_END ;-------------------------------- @@ -1060,6 +1100,7 @@ StartRemove: Delete /REBOOTOK "$INSTDIR\bin\kpasswd.exe" Delete /REBOOTOK "$INSTDIR\bin\kvno.exe" Delete /REBOOTOK "$INSTDIR\bin\krb5_32.dll" + Delete /REBOOTOK "$INSTDIR\bin\k5sprt32.dll" Delete /REBOOTOK "$INSTDIR\bin\krb524.dll" Delete /REBOOTOK "$INSTDIR\bin\krbcc32.dll" Delete /REBOOTOK "$INSTDIR\bin\krbcc32s.exe" @@ -1072,10 +1113,12 @@ StartRemove: !endif Delete /REBOOTOK "$INSTDIR\bin\leashw32.dll" Delete /REBOOTOK "$INSTDIR\bin\ms2mit.exe" + Delete /REBOOTOK "$INSTDIR\bin\mit2ms.exe" + Delete /REBOOTOK "$INSTDIR\bin\kcpytkt.exe" + Delete /REBOOTOK "$INSTDIR\bin\kdeltkt.exe" Delete /REBOOTOK "$INSTDIR\bin\wshelp32.dll" Delete /REBOOTOK "$INSTDIR\bin\xpprof32.dll" -!IFDEF DEBUG Delete /REBOOTOK "$INSTDIR\bin\aklog.pdb" Delete /REBOOTOK "$INSTDIR\bin\comerr32.pdb" Delete /REBOOTOK "$INSTDIR\bin\gss.pdb" @@ -1090,15 +1133,20 @@ StartRemove: Delete /REBOOTOK "$INSTDIR\bin\kpasswd.pdb" Delete /REBOOTOK "$INSTDIR\bin\kvno.pdb" Delete /REBOOTOK "$INSTDIR\bin\krb5_32.pdb" + Delete /REBOOTOK "$INSTDIR\bin\k5sprt32.pdb" Delete /REBOOTOK "$INSTDIR\bin\krb524.pdb" Delete /REBOOTOK "$INSTDIR\bin\krbcc32.pdb" Delete /REBOOTOK "$INSTDIR\bin\krbcc32s.pdb" Delete /REBOOTOK "$INSTDIR\bin\krbv4w32.pdb" Delete /REBOOTOK "$INSTDIR\bin\leashw32.pdb" Delete /REBOOTOK "$INSTDIR\bin\ms2mit.pdb" + Delete /REBOOTOK "$INSTDIR\bin\mit2ms.pdb" + Delete /REBOOTOK "$INSTDIR\bin\kcpytkt.pdb" + Delete /REBOOTOK "$INSTDIR\bin\kdeltkt.pdb" Delete /REBOOTOK "$INSTDIR\bin\wshelp32.pdb" Delete /REBOOTOK "$INSTDIR\bin\xpprof32.pdb" +!IFDEF DEBUG !IFDEF CL_1400 Delete /REBOOTOK "$INSTDIR\bin\msvcr80d.dll" Delete /REBOOTOK "$INSTDIR\bin\msvcr80d.pdb" diff --git a/src/windows/installer/wix/ChangeLog b/src/windows/installer/wix/ChangeLog index 42b069d8e..fe818ac8c 100644 --- a/src/windows/installer/wix/ChangeLog +++ b/src/windows/installer/wix/ChangeLog @@ -1,3 +1,14 @@ +2004-12-18 Jeffrey Altman + + Add Debug Symbols as an optional install feature for + release builds of KFW + +2004-12-15 Jeffrey Altman + + Add kcpytkt.exe, kdeltkt.exe, k5sprt32.dll mit2ms.exe + + Update to Wix 2.1 installer + 2004-09-16 Jeffrey Altman Remove trailing slash from PATH diff --git a/src/windows/installer/wix/config.wxi b/src/windows/installer/wix/config.wxi index f3f5afcf7..8c361eb1f 100644 --- a/src/windows/installer/wix/config.wxi +++ b/src/windows/installer/wix/config.wxi @@ -52,6 +52,19 @@ + + + + + + + + + + + + + diff --git a/src/windows/installer/wix/features.wxi b/src/windows/installer/wix/features.wxi index e9e3d87e1..12e25c9cb 100644 --- a/src/windows/installer/wix/features.wxi +++ b/src/windows/installer/wix/features.wxi @@ -39,9 +39,21 @@ Description="$(loc.KerberosClientDesc)" InstallDefault="local" Title="$(loc.KerberosClientTitle)" - FollowParent="yes" Level="30"> + + + + + + @@ -51,11 +63,14 @@ + + + @@ -106,13 +121,10 @@ + - - - - diff --git a/src/windows/installer/wix/files.wxi b/src/windows/installer/wix/files.wxi index ac581cf51..386402ce7 100644 --- a/src/windows/installer/wix/files.wxi +++ b/src/windows/installer/wix/files.wxi @@ -102,6 +102,16 @@ + + + + + + + + + + @@ -126,6 +136,9 @@ + + + @@ -268,6 +281,11 @@ + + + + + @@ -287,11 +305,14 @@ + + + @@ -299,6 +320,7 @@ + @@ -696,7 +718,7 @@ - + diff --git a/src/windows/installer/wix/lang/ChangeLog b/src/windows/installer/wix/lang/ChangeLog index f8aa27c9a..23a6add21 100644 --- a/src/windows/installer/wix/lang/ChangeLog +++ b/src/windows/installer/wix/lang/ChangeLog @@ -1,3 +1,12 @@ +2004-12-18 Jeffrey Altman + + Add Debug Symbols as an optional install feature for + release builds of KFW2004-08-20 Jeffrey Altman + +2004-12-15 Jeffrey Altman + + Update for WiX 2.1 installer + 2004-08-20 Asanka Herath New WiX 2.0 MSI for KFW \ No newline at end of file diff --git a/src/windows/installer/wix/lang/strings_1033.wxl b/src/windows/installer/wix/lang/strings_1033.wxl index 324831d92..41067361a 100644 --- a/src/windows/installer/wix/lang/strings_1033.wxl +++ b/src/windows/installer/wix/lang/strings_1033.wxl @@ -26,7 +26,7 @@ --> Kerberos for Windows - Kerberos + KFW MIT Debug/Checked Beta @@ -39,6 +39,9 @@ Client Kerberos client utilities, libraries and documentation + Debug symbols + Debugging symbols for Kerberos for Windows components. + SDK Libraries and header files for developing software with Kerberos @@ -51,5 +54,5 @@ Kerberos for Windows requires Microsoft Internet Explorer version 5.01 or higher. Please resolve this and run the installer again. Build of - + \ No newline at end of file diff --git a/src/windows/installer/wix/site-local.wxi b/src/windows/installer/wix/site-local.wxi index 074492e31..e0081309d 100644 --- a/src/windows/installer/wix/site-local.wxi +++ b/src/windows/installer/wix/site-local.wxi @@ -6,13 +6,13 @@ - + - + - - - + + + + + + - + @@ -69,7 +72,7 @@ - + diff --git a/src/windows/version.rc b/src/windows/version.rc index c1b50f295..05dba755d 100644 --- a/src/windows/version.rc +++ b/src/windows/version.rc @@ -59,7 +59,7 @@ #if !defined(_WIN32) #error not win32?? #else -#define K5_ORIGINAL_NAME "krb5support32.dll\0" +#define K5_ORIGINAL_NAME "k5sprt32.dll\0" #endif #endif /* support */