krb5.git
16 years agoAnnotate that 'protocol' in svc_register means an IPPROTO_ value
Ken Raeburn [Fri, 6 Jun 2008 21:26:51 +0000 (21:26 +0000)]
Annotate that 'protocol' in svc_register means an IPPROTO_ value

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20367 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoOn Mac OS X, try poking launchd to get the portmapper launched before
Ken Raeburn [Fri, 6 Jun 2008 17:30:28 +0000 (17:30 +0000)]
On Mac OS X, try poking launchd to get the portmapper launched before
we try to connect to it.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20364 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCheck for GSS_C_NO_CREDENTIAL before loop check
Ken Raeburn [Fri, 6 Jun 2008 17:27:50 +0000 (17:27 +0000)]
Check for GSS_C_NO_CREDENTIAL before loop check

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20363 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoWe're not using this makedepend implementation any more
Ken Raeburn [Wed, 4 Jun 2008 22:03:20 +0000 (22:03 +0000)]
We're not using this makedepend implementation any more

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20362 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRevert a few const specs to reduce warnings
Ken Raeburn [Tue, 3 Jun 2008 17:48:59 +0000 (17:48 +0000)]
Revert a few const specs to reduce warnings

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20358 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFix various minor format-string issues
Ken Raeburn [Tue, 3 Jun 2008 00:13:25 +0000 (00:13 +0000)]
Fix various minor format-string issues

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20356 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoPassing 0 to krb5_build_principal requires a cast
Ken Raeburn [Tue, 3 Jun 2008 00:07:43 +0000 (00:07 +0000)]
Passing 0 to krb5_build_principal requires a cast

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20355 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoDon't use 'log' as a global variable name
Ken Raeburn [Mon, 2 Jun 2008 23:46:17 +0000 (23:46 +0000)]
Don't use 'log' as a global variable name

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20354 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoExplicitly note number as unsigned to shut gcc up
Ken Raeburn [Mon, 2 Jun 2008 23:45:35 +0000 (23:45 +0000)]
Explicitly note number as unsigned to shut gcc up

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20353 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoPartial const-ification, as indicated by the modern Tcl API, except
Ken Raeburn [Mon, 2 Jun 2008 23:41:32 +0000 (23:41 +0000)]
Partial const-ification, as indicated by the modern Tcl API, except
for any bits that would require changing the admin APIs.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20352 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFix a few incompatible-pointer warnings that aren't just about signedness
Ken Raeburn [Mon, 2 Jun 2008 23:04:09 +0000 (23:04 +0000)]
Fix a few incompatible-pointer warnings that aren't just about signedness

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20351 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoChange krb5_context.db_context to point to the real structure type,
Ken Raeburn [Mon, 2 Jun 2008 19:45:16 +0000 (19:45 +0000)]
Change krb5_context.db_context to point to the real structure type,
and change uses to not cast all the time.  Also rename it from
db_context to dal_handle, since one of the fields in the pointed-to
structure is also called db_context.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20348 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdd header for kill() in USE_PASSWORD_SERVER case
Alexandra Ellwood [Fri, 30 May 2008 20:48:28 +0000 (20:48 +0000)]
Add header for kill() in USE_PASSWORD_SERVER case

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20347 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoApple PKINIT patch commit
Alexandra Ellwood [Fri, 30 May 2008 20:47:03 +0000 (20:47 +0000)]
Apple PKINIT patch commit

Commit of Apple PKINIT patches under "APPLE_PKINIT" preprocessor symbol.

Long term goal is to merge these patches with the pkinit preauth plugin which
does not currently have support for Mac OS X crypto libraries or the exported
functions used by Back To My Mac.

ticket: new
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20346 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoNo prototype when building kdb5_util without krb4 support
Alexandra Ellwood [Fri, 30 May 2008 19:35:56 +0000 (19:35 +0000)]
No prototype when building kdb5_util without krb4 support

Move stdio inclusion to the top of the file so there is a definition of
printf when building without v4 support.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20345 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoWarnings in server_stubs.c (signed vs unsigned errmsg, gcc printf)
Alexandra Ellwood [Fri, 30 May 2008 18:28:35 +0000 (18:28 +0000)]
Warnings in server_stubs.c (signed vs unsigned errmsg, gcc printf)

server_stubs.c uses char * for error messages which it gets from com_err,
throwing away the constness of the com_err output.  Made error message args
be const char * to remove warnings and prevent accidental modification of
com_err strings.

In calls to krb5_klog_syslog server_stubs.c passes void* into %s printf
formats and passes size_ts in for the field widths in %.*s formats.  After
verifying that the size_ts cannot be bigger than ints (which is ensured by
trunc_name) added casts to remove spurious warnings.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20344 dc483132-0cff-0310-8789-dd5450dbe970

16 years agosigned vs unsigned char * warnings in kdb_xdr.c
Alexandra Ellwood [Fri, 30 May 2008 18:01:09 +0000 (18:01 +0000)]
signed vs unsigned char * warnings in kdb_xdr.c

load and store functions in k5-platform.h take an unsigned char *, whereas
kdb_xdr.c was using a char * for decoding.  This resulted in pages of warnings
in the parsing code.  Switched to using an unsigned char * and cast in the
couple places where a char * is needed.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20343 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoProfile library should not call rw_access earlier than needed
Alexandra Ellwood [Tue, 27 May 2008 16:25:51 +0000 (16:25 +0000)]
Profile library should not call rw_access earlier than needed

Call rw_access lazily so we only call access just before we need to
write to the file to avoid calling access as often.  Deprecated bit in
profile structures to track writability.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20341 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUse $(DL_LIB) instead of explicit -ldl
Ken Raeburn [Mon, 19 May 2008 18:12:49 +0000 (18:12 +0000)]
Use $(DL_LIB) instead of explicit -ldl

ticket: 5899

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20325 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoForce hostname to lowercase before constructing kadmin principal name.
Ken Raeburn [Sat, 17 May 2008 01:11:42 +0000 (01:11 +0000)]
Force hostname to lowercase before constructing kadmin principal name.
Allocate space for the name dynamically.

ticket: 5943

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20323 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoMinor spelling & comment formatting
Ken Raeburn [Fri, 16 May 2008 22:52:49 +0000 (22:52 +0000)]
Minor spelling & comment formatting

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20322 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoMove auto var to outer scope, because its storage is used beyond the inner scope
Ken Raeburn [Thu, 15 May 2008 23:08:23 +0000 (23:08 +0000)]
Move auto var to outer scope, because its storage is used beyond the inner scope

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20320 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoDon't test error code when it's known to be 0
Ken Raeburn [Thu, 15 May 2008 23:06:12 +0000 (23:06 +0000)]
Don't test error code when it's known to be 0

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20319 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFix minor bug in kg_save_name failure cleanup code
Ken Raeburn [Thu, 15 May 2008 23:03:54 +0000 (23:03 +0000)]
Fix minor bug in kg_save_name failure cleanup code

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20318 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFree context after use, not before
Ken Raeburn [Thu, 15 May 2008 23:01:23 +0000 (23:01 +0000)]
Free context after use, not before

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20317 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFix a typo in krb5.conf: ldap_server should be ldap_servers, as the
Russ Allbery [Sun, 11 May 2008 03:54:41 +0000 (03:54 +0000)]
Fix a typo in krb5.conf: ldap_server should be ldap_servers, as the
latter is what the LDAP KDB plugin looks for.

Ticket: 5544
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20316 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdded kim documentation
Alexandra Ellwood [Wed, 7 May 2008 19:40:32 +0000 (19:40 +0000)]
Added kim documentation

ticket: 5960

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20315 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoMove KIM implementation to the krb5 repository
Alexandra Ellwood [Wed, 7 May 2008 19:30:12 +0000 (19:30 +0000)]
Move KIM implementation to the krb5 repository

Moved sources and headers.

ticket: new
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20314 dc483132-0cff-0310-8789-dd5450dbe970

16 years ago(more) After malloc/realloc/calloc/strdup/asprintf failures, use
Ken Raeburn [Wed, 30 Apr 2008 23:46:29 +0000 (23:46 +0000)]
(more) After malloc/realloc/calloc/strdup/asprintf failures, use
ENOMEM explicitly instead of reading it from errno.  This may make
static analysis tools less confused about when we return zero vs
nonzero values.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20313 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAfter malloc/realloc/calloc failures, return ENOMEM explicitly instead
Ken Raeburn [Wed, 30 Apr 2008 23:18:21 +0000 (23:18 +0000)]
After malloc/realloc/calloc failures, return ENOMEM explicitly instead
of reading it from errno.  This may make static analysis tools less
confused about when we return zero vs nonzero values.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20312 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoProperly escape - in kdb5_ldap_util man page
Russ Allbery [Mon, 28 Apr 2008 23:05:27 +0000 (23:05 +0000)]
Properly escape - in kdb5_ldap_util man page

The LDAP plugin introduced a new man page which has unescaped hyphens.
Unicode-aware groffs may convert those to real hyphens rather than
the intended ASCII hyphen.  This patch adds backslashes in front of
all the bare hyphens that I plus Debian's lintian program could find
to force interpretation as ASCII hyphens.

Ticket: new
Component: krb5-doc
Version_Reported: 1.6.3
Target_Version: 1.6.4
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20311 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoLeft-shifting all the way in signed math is undefined, use unsigned
Ken Raeburn [Fri, 25 Apr 2008 18:38:52 +0000 (18:38 +0000)]
Left-shifting all the way in signed math is undefined, use unsigned

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20310 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoMultiple assignments without sequence points invoke undefined
Ken Raeburn [Fri, 25 Apr 2008 18:17:29 +0000 (18:17 +0000)]
Multiple assignments without sequence points invoke undefined
behavior, even if the assignments all compute and store the same
value.  Don't put an assignment in the argument to macro ff().

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20309 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoGenerate a large enough array to hold all the base/extension pairs.
Alexandra Ellwood [Fri, 25 Apr 2008 17:16:21 +0000 (17:16 +0000)]
Generate a large enough array to hold all the base/extension pairs.
Store pairs without overlapping.

ticket: 5948

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20308 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRemove sched_yield uses
Ken Raeburn [Thu, 24 Apr 2008 18:03:05 +0000 (18:03 +0000)]
Remove sched_yield uses

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20307 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoDon't do UTF-8 bits (and include Apple headers) when just rebuilding dependencies
Ken Raeburn [Thu, 24 Apr 2008 17:12:28 +0000 (17:12 +0000)]
Don't do UTF-8 bits (and include Apple headers) when just rebuilding dependencies

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20306 dc483132-0cff-0310-8789-dd5450dbe970

16 years agofix possible buffer overrun in handling generic-error return
Ken Raeburn [Fri, 18 Apr 2008 19:31:47 +0000 (19:31 +0000)]
fix possible buffer overrun in handling generic-error return

Jeff Altman reported this, based on a crash seen in KfW in the wild.

The krb5_data handle used to describe the message field returned by the KDC is
not null-terminated, but we use a "%s" format to incorporate it into an error
message string.  In the right circumstances, garbage bytes can be pulled into
the string, or a memory fault may result.

However, as this is in the error-reporting part of the client-side code for
fetching new credentials, it's a relatively minor DoS attack only, not a
serious security exposure.  Should be fixed in the next releases, though.

ticket: new
target_version: 1.6.5
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20304 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoPull out generic array expansion code from array_append macro into a
Ken Raeburn [Thu, 3 Apr 2008 18:00:38 +0000 (18:00 +0000)]
Pull out generic array expansion code from array_append macro into a
separate function.  Add some range checks, and don't bother separating
malloc vs realloc depending on previous pointer value.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20302 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCoverity CID 220: NULL check of "buf" after dereference
Ken Raeburn [Sat, 29 Mar 2008 01:10:30 +0000 (01:10 +0000)]
Coverity CID 220: NULL check of "buf" after dereference

All call sites have previously dereferenced the pointer, but to keep
the interface simple, keep the null check, and move the dereference to
after it.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20300 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCoverity CID 46: mech_type will always have the address of an
Ken Raeburn [Sat, 29 Mar 2008 01:10:04 +0000 (01:10 +0000)]
Coverity CID 46: mech_type will always have the address of an
automatic variable, so can never be null (GSS_C_NULL_OID).

Delete null check and unreachable conditional code.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20299 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCoverity CID 47: Unreachable code
Ken Raeburn [Sat, 29 Mar 2008 01:09:49 +0000 (01:09 +0000)]
Coverity CID 47: Unreachable code

Delete redundant "status" check.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20298 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCoverity CID 91: Context is tested for null, and then unconditionally
Ken Raeburn [Sat, 29 Mar 2008 01:09:26 +0000 (01:09 +0000)]
Coverity CID 91: Context is tested for null, and then unconditionally
dereferenced.

Remove unneeded null check.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20297 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCoverity CID 101: Fix minor bounds check error
Ken Raeburn [Sat, 29 Mar 2008 01:09:00 +0000 (01:09 +0000)]
Coverity CID 101: Fix minor bounds check error

Coverity CID 101: Fix minor bounds check error.

ticket: new
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20296 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCoverity CID 228: Possible use of uninitialized variable time_req in
Ken Raeburn [Sat, 29 Mar 2008 01:08:31 +0000 (01:08 +0000)]
Coverity CID 228: Possible use of uninitialized variable time_req in
gss_add_cred if cred_usage has an invalid value.  (Also flagged by
GCC.)

Changed validation routines for gss_add_cred, gss_acquire_cred, and
gss_store_cred to check the cred_usage value.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20295 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoProtect CFBundle calls with mutexes
Alexandra Ellwood [Fri, 21 Mar 2008 19:04:40 +0000 (19:04 +0000)]
Protect CFBundle calls with mutexes

CFBundles are refcounted and the recounts are not threadsafe.
Protect CFBundles used for loading bundled plugins with a
mutex to prevent crashes when multiple threads are loading
and unloading the same plugin.

As part of this we use thread-safe dlopen/dlsym/dlclose
for the actual loading and unloading and just use CFBundle
to get the path to the actual executable.  This reduces
the number of places we need to wrap CFBundles with mutexes
and the amount of Mac-specific code in the plugin code.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20285 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoGenerate ccapi.def export list from V2, V3, debug lists. It is no longer a file...
Kevin Koch [Thu, 20 Mar 2008 15:28:11 +0000 (15:28 +0000)]
Generate ccapi.def export list from V2, V3, debug lists.  It is no longer a file in the repository

Update test Makefile.in to use file ccapi_string.c.

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594
Tags:  pullup
Subj: Work on compiling the CCAPI test suite on Windows.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20284 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFix MITKRB5-SA-2008-001 on trunk. Patch differs from the released one
Ken Raeburn [Tue, 18 Mar 2008 20:07:14 +0000 (20:07 +0000)]
Fix MITKRB5-SA-2008-001 on trunk.  Patch differs from the released one
for 1.6 because of code divergence.

ticket: 5919

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20280 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCCacheServer should track client iterators
Alexandra Ellwood [Tue, 18 Mar 2008 19:25:16 +0000 (19:25 +0000)]
CCacheServer should track client iterators

The CCacheServer needs to track client iterators so that if
a client crashes while iterating the resources on the server
for that iterator are freed.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20279 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoMITKRB5-SA-2008-002
Ken Raeburn [Tue, 18 Mar 2008 18:55:26 +0000 (18:55 +0000)]
MITKRB5-SA-2008-002

Fix MITKRB5-SA-2008-002: array overrun in libgssrpc.

Don't update the internally-tracked maximum file descriptor value if
the new one is FD_SETSIZE (or NOFILE) or above.  Reject TCP file
descriptors of FD_SETSIZE (NOFILE) or above.

ticket: new
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20278 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoDetect if the Vista version of ntsecapi.h is present
Kevin Koch [Tue, 18 Mar 2008 17:40:04 +0000 (17:40 +0000)]
Detect if the Vista version of ntsecapi.h is present

TargetVersion: 1.7
Component: krb5-libs
Ticket: 19569
tAGS:  PULLUP
Subj: Tweaks for 1.7 build on Windows.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20277 dc483132-0cff-0310-8789-dd5450dbe970

16 years agocc_ccache_iterator_release, cc_credentials_iterator leak server memory
Alexandra Ellwood [Fri, 14 Mar 2008 18:47:32 +0000 (18:47 +0000)]
cc_ccache_iterator_release, cc_credentials_iterator leak server memory

cc_ccache_iterator_release and cc_credentials_iterator leak memory on the
CCacheServer because they do not send an ipc message to the server telling it
to free up resources associated with the iterator.

Note: this issue does not track needing to be able to free up these same
resources when the client crashes.

ticket: new
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20276 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoInclude .h files and move all declarations above all code, for Windows C compilation
Kevin Koch [Thu, 13 Mar 2008 19:30:49 +0000 (19:30 +0000)]
Include .h files and move all declarations above all code, for Windows C compilation

Update makefiles to include new modules.

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594
Tags:  pullup
Subj: Work on compiling the CCAPI test suite on Windows.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20275 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoInvalid assignment while trying to set input to NULL
Alexandra Ellwood [Thu, 13 Mar 2008 17:51:09 +0000 (17:51 +0000)]
Invalid assignment while trying to set input to NULL

cc_seq_fetch_NCs_end and cc_seq_fetch_creds_end should try to set their
iterator inputs to NULL.  Fixed code to assign the inputs to NULL rather
than the temporary variables.  (Not sure why the previous code was
even compiling on the Mac.)

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20274 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoremoved unused header file inclusion CoreFoundation.h
Alexandra Ellwood [Thu, 13 Mar 2008 17:44:22 +0000 (17:44 +0000)]
removed unused header file inclusion CoreFoundation.h

Was there for a workaround to a bug in AppleConnect.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20273 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAccidentally added file with wrong name. Removed
Alexandra Ellwood [Wed, 12 Mar 2008 16:52:23 +0000 (16:52 +0000)]
Accidentally added file with wrong name.  Removed

ticket: 5909

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20272 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAccidentally added empty file. Removed
Alexandra Ellwood [Wed, 12 Mar 2008 16:51:25 +0000 (16:51 +0000)]
Accidentally added empty file.  Removed

ticket: 5909

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20271 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdded tests for iterators and NC info. Added test programs for
Alexandra Ellwood [Wed, 12 Mar 2008 16:50:21 +0000 (16:50 +0000)]
Added tests for iterators and NC info.  Added test programs for
each test.  Cleaned up portability issues introduced by Windows
testing.

ticket: 5909

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20270 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdd CCAPI v2 tests
Alexandra Ellwood [Mon, 10 Mar 2008 21:55:44 +0000 (21:55 +0000)]
Add CCAPI v2 tests

First pass at CCAPI v2 tests.  More commits to this bug will follow.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20269 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRemove C warnings
Alexandra Ellwood [Mon, 10 Mar 2008 21:51:49 +0000 (21:51 +0000)]
Remove C warnings

Some C++ conventions in the CCAPI tests were producing warnings
on C compilers.  Fixed code to stop producing warnings.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20268 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRemoved script to run cc_context_get_version test
Alexandra Ellwood [Mon, 10 Mar 2008 21:48:08 +0000 (21:48 +0000)]
Removed script to run cc_context_get_version test

ticket: 5907

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20267 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRemoved tests for check_cc_context_get_version
Alexandra Ellwood [Mon, 10 Mar 2008 21:41:50 +0000 (21:41 +0000)]
Removed tests for check_cc_context_get_version

cc_context_get_version was part of the original CCAPI v3 documentation but was
never actually implemented.  Now that it has been removed from the documentation
we should remove the test.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20266 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFixed error code remapping
Alexandra Ellwood [Mon, 10 Mar 2008 21:37:56 +0000 (21:37 +0000)]
Fixed error code remapping

Modified error code remapping to be consistent with CCAPI v2 documentation.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20265 dc483132-0cff-0310-8789-dd5450dbe970

16 years agocc_remove_cred should only remove one cred
Alexandra Ellwood [Mon, 10 Mar 2008 21:27:30 +0000 (21:27 +0000)]
cc_remove_cred should only remove one cred

Fixed cc_remove_cred so it only removes the first matching
cred.  Also fixed the error handling so it returns errors
other than CC_NOTFOUND.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20264 dc483132-0cff-0310-8789-dd5450dbe970

16 years agocc_set_principal should return error on bad cred version
Alexandra Ellwood [Mon, 10 Mar 2008 19:32:47 +0000 (19:32 +0000)]
cc_set_principal should return error on bad cred version

When the caller passes in a version different than the one the ccache
was opened with, cc_set_principal should return CC_ERR_CRED_VERSION
because "cred_vers is used as a double check".

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20263 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFix pointer cast in cc_seq_fetch_NCs_end
Alexandra Ellwood [Mon, 10 Mar 2008 19:24:18 +0000 (19:24 +0000)]
Fix pointer cast in cc_seq_fetch_NCs_end

cc_seq_fetch_NCs_end incorrectly casts from CCAPI v2 to CCAPI v3 types.
Cleaned up cc_seq_fetch_creds_end at the same time (it was correct but
difficult to read).

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20262 dc483132-0cff-0310-8789-dd5450dbe970

16 years agocci_cred_union_compare_to_credentials_union doesn't work for v5 creds
Alexandra Ellwood [Mon, 10 Mar 2008 19:15:39 +0000 (19:15 +0000)]
cci_cred_union_compare_to_credentials_union doesn't work for v5 creds

Fixed a bug in cci_cred_union_compare_to_credentials_union where it always
returned an error when comparing v5 creds.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20261 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCCAPI v2 support crash when client or server strings are NULL
Alexandra Ellwood [Mon, 10 Mar 2008 19:13:07 +0000 (19:13 +0000)]
CCAPI v2 support crash when client or server strings are NULL

The CCAPI v2 support will crash if passed in a krb5 credential with
the client or server principal strings set to NULL.  Since CCAPI v3+
support checks for this we should check in CCAPI v2.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20260 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoccs_ccache_reset should check all arguments for NULL
Alexandra Ellwood [Mon, 10 Mar 2008 19:07:54 +0000 (19:07 +0000)]
ccs_ccache_reset should check all arguments for NULL

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20259 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoInclude signal.h before ftp_var.h to silence my_sig_t redefinition problem
Ken Raeburn [Tue, 4 Mar 2008 23:29:30 +0000 (23:29 +0000)]
Include signal.h before ftp_var.h to silence my_sig_t redefinition problem

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20256 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFix memory leak by delaying instantiation of lid until it's needed
Justin Anderson [Tue, 4 Mar 2008 20:27:19 +0000 (20:27 +0000)]
Fix memory leak by delaying instantiation of lid until it's needed

ticket: 5897
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20254 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdd "-framework CoreFoundation" to crypto library link command in darwin-mode
Ken Raeburn [Tue, 4 Mar 2008 19:25:12 +0000 (19:25 +0000)]
Add "-framework CoreFoundation" to crypto library link command in darwin-mode
build on mac.

ticket: 5894
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20253 dc483132-0cff-0310-8789-dd5450dbe970

16 years agolib/win/Makefile.in: Added
Kevin Koch [Fri, 29 Feb 2008 19:08:06 +0000 (19:08 +0000)]
lib/win/Makefile.in:  Added

ccutils.c, ccapi_os_ipc.cxx, ccs_reply_proc.c, ccs_os_server.cpp, ccs_reply_proc.c, ccs_win_pipe.c:  comment out some debug messages.

test/Makefile.in: change which tests are built.
test/test_ccapi_context.c: API version 2 is now expected to pass.
test/test_ccapi_iterators.c:  Add progress indicator for long tests.

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594
Tags:  pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20244 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoMake a NUL-terminated copy of realm name before passing to a plugin
Tom Yu [Fri, 29 Feb 2008 05:23:56 +0000 (05:23 +0000)]
Make a NUL-terminated copy of realm name before passing to a plugin
interface that takes a C string rather than krb5_data.

ticket: 5893
tags: pullup
target_version: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20243 dc483132-0cff-0310-8789-dd5450dbe970

16 years agokrb5int_arcfour_string_to_key does not support utf-8 strings
Alexandra Ellwood [Tue, 26 Feb 2008 22:18:15 +0000 (22:18 +0000)]
krb5int_arcfour_string_to_key does not support utf-8 strings

krb5int_arcfour_string_to_key converts C strings to UTF-16 before passing
them to the string to key function.  Currently the UTF-16 conversion assumes
the input string is ASCII only.

Added support to convert UTF-8 strings to UTF-16 on Mac OS X.  Leaving the
bug open until we discuss if we want to have implementations for Unix and
Windows platforms.

ticket: new
status: open
target_version: 1.7

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20242 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdd some ignored files, for in-tree builds
Ken Raeburn [Sun, 24 Feb 2008 12:42:25 +0000 (12:42 +0000)]
Add some ignored files, for in-tree builds

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20238 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRemove stop-here target that stops the build
Kevin Koch [Tue, 19 Feb 2008 18:36:06 +0000 (18:36 +0000)]
Remove stop-here target that stops the build

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594
Tags:  pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20234 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoChanges to integrate the CCAPI build into the build structure, build the test suite...
Kevin Koch [Tue, 19 Feb 2008 15:22:13 +0000 (15:22 +0000)]
Changes to integrate the CCAPI build into the build structure, build the test suite and fixes to random problems discovered along the way

Since no platform other than windows builds CCAPI using the build system, some conditionalizing may be necessary when other platforms use the makefiles.

src/Makefile.in:  Add CPPFLAGS that seemed to be missing; run wconfig for ccapi/(lib, server, test).

config/win-pre.in:  DEBUGOPT /ZI doesn't seem to provide enough debugging information under VS2005; /Zi does.

windows/build/bkw.pl:  Fix -no<switch> so that -nonodebug will work.  Otherwise, can't do debug build.

Move Get/PutTspData out of dllmain; add tlsindex argument.

Comment out some debug messages.

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594
Tags:  pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20229 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoman page macro and hyphen fixes
Russ Allbery [Tue, 19 Feb 2008 04:49:11 +0000 (04:49 +0000)]
man page macro and hyphen fixes

Fix various unescaped hyphens, lines starting with . that shouldn't be
macros, undefined strings, and misspelled macros in the man pages.
Found via man --warnings on a current Debian unstable system.

ticket: new
component: krb5-doc
Version_Reported: 1.6.3
Target_Version: 1.6.4
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20228 dc483132-0cff-0310-8789-dd5450dbe970

16 years agomore tests for libdb btree page split on zero index
Tom Yu [Thu, 7 Feb 2008 07:07:06 +0000 (07:07 +0000)]
more tests for libdb btree page split on zero index

Enhance btree debugging output somewhat to limit key printout to the
key length if the key is not null-terminated.

Add additional test case for the zero-index page split bug; test case
can create a corrupted btree database with records unreachable by
random access but reachable by sequential access.  Requires
recompiling with CPPFLAGS='-DDEBUG -DDEBUG_IDX0SPLIT' to correctly
model mpool page reuse that would be present in production conditions.
(CPPFLAGS=-DDEBUG would otherwise explicitly overwrite the contents of
reused pages.)

ticket: new
target_version: 1.6.4
tags: pullup
component: krb5-kdc

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20222 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRemove AppleConnect workaround
Alexandra Ellwood [Wed, 6 Feb 2008 20:24:19 +0000 (20:24 +0000)]
Remove AppleConnect workaround

AppleConnect fixed their bug and this workaround can be removed.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20221 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoNeed CCAPI v2 support for Windows
Alexandra Ellwood [Wed, 6 Feb 2008 20:22:32 +0000 (20:22 +0000)]
Need CCAPI v2 support for Windows

Added initial checkin of CCAPI v2 shim layer.

ticket: new
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20220 dc483132-0cff-0310-8789-dd5450dbe970

16 years agotools for svn:eol-style fixups
Ken Raeburn [Tue, 5 Feb 2008 18:34:10 +0000 (18:34 +0000)]
tools for svn:eol-style fixups

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20219 dc483132-0cff-0310-8789-dd5450dbe970

16 years agomore eol-style
Ken Raeburn [Tue, 5 Feb 2008 18:33:20 +0000 (18:33 +0000)]
more eol-style

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20218 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoset eol-style
Ken Raeburn [Tue, 5 Feb 2008 18:25:28 +0000 (18:25 +0000)]
set eol-style

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20217 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoSet EOL style
Alexandra Ellwood [Tue, 5 Feb 2008 18:18:41 +0000 (18:18 +0000)]
Set EOL style

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20216 dc483132-0cff-0310-8789-dd5450dbe970

16 years agolibdb btree page split on zero index corrupts db
Tom Yu [Fri, 1 Feb 2008 01:03:11 +0000 (01:03 +0000)]
libdb btree page split on zero index corrupts db

Splitting a btree page on index 0 can corrupt the database if the key
length plus data length is exactly a certain value.  This certain size
causes the item to get the left page to itself, and causes the right
page to contain an erroneous additional index "hole" having an
uninitialized value.  This bug may be one of the remaining causes of
unexplained database corruption reported over the years.  Shawn Emery
provided useful data from actual instances of this corruption.

Add a test case for this bug.  (Raw libdb test rather than kdb; the
latter would be much harder.)

ticket: new
target_version: 1.6.4
tags: pullup
component: krb5-kdc

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20214 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoActually pass the nmake arguments to nmake
Kevin Koch [Thu, 31 Jan 2008 15:51:18 +0000 (15:51 +0000)]
Actually pass the nmake arguments to nmake

TargetVersion: 1.7
Component: windows
Ticket: new
Subj: Build automation
Tags:  pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20213 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCCAPI changes to the mac-specific code to use new kipc changes
Alexandra Ellwood [Tue, 29 Jan 2008 22:39:25 +0000 (22:39 +0000)]
CCAPI changes to the mac-specific code to use new kipc changes

ticket: 5878
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20212 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoWindows: avoid use of cygwin mkdir and rmdir commands
Jeffrey Altman [Wed, 23 Jan 2008 22:10:56 +0000 (22:10 +0000)]
Windows: avoid use of cygwin mkdir and rmdir commands

Microsoft's nmake versions 8.x and 9.x prefer executables over
internal shell commands.  This is a change from previous versions.
Cygwin's mkdir and rmdir commands do not have the same semantics
as the cmd.exe shell versions.

Change the definitions of MKDIR and RMDIR to use 'md' and 'rd'
in order to avoid the use of the cygwin versions.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20211 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUpdate build instructions to indicate PATH ordering; add troubleshooting tip about...
Kevin Koch [Wed, 23 Jan 2008 21:26:49 +0000 (21:26 +0000)]
Update build instructions to indicate PATH ordering; add troubleshooting tip about nmake versions

Target_Version: 1.7
Ticket: 5859
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20210 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCorrect makefile so pingtest builds
Kevin Koch [Tue, 22 Jan 2008 20:41:48 +0000 (20:41 +0000)]
Correct makefile so pingtest builds

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20204 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoWindows CCAPI snapshot. Should build & pass ping test
Kevin Koch [Tue, 22 Jan 2008 19:14:04 +0000 (19:14 +0000)]
Windows CCAPI snapshot.  Should build & pass ping test

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20203 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoWindows debug message line endings were already correct; revert cci_debugging.c.
Kevin Koch [Tue, 22 Jan 2008 18:34:26 +0000 (18:34 +0000)]
Windows debug message line endings were already correct; revert cci_debugging.c.
Declare cci_thread_init__auxinit instead of defining a new function.

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20202 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoMake windows debug message line endings match the Mac endings.
Kevin Koch [Tue, 22 Jan 2008 16:34:31 +0000 (16:34 +0000)]
Make windows debug message line endings match the Mac endings.
Windows needs k5-platform helper function declared explicitly.
Change definition of ccs_pipe_t for windows.
#define strdup -- it's now deprecated on windows.

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20201 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdd ccs_pipe_compare
Alexandra Ellwood [Tue, 15 Jan 2008 22:13:27 +0000 (22:13 +0000)]
Add ccs_pipe_compare

Added a pipe comparison function.  Forgot it when I was adding
support for non-integer pipe types (such as used by Windows).

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20200 dc483132-0cff-0310-8789-dd5450dbe970

17 years agoimprove debugging of ticket verification in ksu
Russ Allbery [Sun, 30 Dec 2007 06:39:22 +0000 (06:39 +0000)]
improve debugging of ticket verification in ksu

When ksu is built with debugging support and -D is used, print out the
principals being compared before doing the verification rather than
afterwards so that the principals will be printed when the verification
fails.

ticket: new
Component: krb5-appl
Version_Reported: 1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20196 dc483132-0cff-0310-8789-dd5450dbe970

17 years agoWrap krb5_db_get_principal function with get_principal (which will
Ken Raeburn [Sat, 22 Dec 2007 03:12:50 +0000 (03:12 +0000)]
Wrap krb5_db_get_principal function with get_principal (which will
eventually release the global lock and reacquire it) and
get_principal_locked (which will retain the global lock), and change
callers to use the wrappers, so we can simplify some ugliness at the call
sites.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20195 dc483132-0cff-0310-8789-dd5450dbe970

17 years agoImplement SWAP16 for Mac without compiler warning
Ken Raeburn [Sat, 22 Dec 2007 02:21:15 +0000 (02:21 +0000)]
Implement SWAP16 for Mac without compiler warning

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20194 dc483132-0cff-0310-8789-dd5450dbe970

17 years agoRename krb4_sendto to set_response since that's what it does
Ken Raeburn [Wed, 19 Dec 2007 22:33:46 +0000 (22:33 +0000)]
Rename krb4_sendto to set_response since that's what it does

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20193 dc483132-0cff-0310-8789-dd5450dbe970

17 years agoRemove unused args to krb4_sendto and unused global. Use byte-order macros defined...
Ken Raeburn [Wed, 19 Dec 2007 01:41:26 +0000 (01:41 +0000)]
Remove unused args to krb4_sendto and unused global.  Use byte-order macros defined elsewhere

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20192 dc483132-0cff-0310-8789-dd5450dbe970