krb5.git
16 years agoFully initialize handle data on allocation
Ken Raeburn [Wed, 6 Aug 2008 16:43:44 +0000 (16:43 +0000)]
Fully initialize handle data on allocation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20617 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoDon't coerce fgetc value to char before EOF check
Ken Raeburn [Wed, 6 Aug 2008 16:43:04 +0000 (16:43 +0000)]
Don't coerce fgetc value to char before EOF check

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20616 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCheck for malloc failure
Ken Raeburn [Wed, 6 Aug 2008 16:41:50 +0000 (16:41 +0000)]
Check for malloc failure

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20615 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRemoved unused (and unpassed) argument to process_k5beta7_policy
Ken Raeburn [Wed, 6 Aug 2008 16:19:56 +0000 (16:19 +0000)]
Removed unused (and unpassed) argument to process_k5beta7_policy

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20614 dc483132-0cff-0310-8789-dd5450dbe970

16 years agocstatus() takes no arguments
Ken Raeburn [Wed, 6 Aug 2008 15:55:09 +0000 (15:55 +0000)]
cstatus() takes no arguments

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20613 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFix test for accept failure
Ken Raeburn [Wed, 6 Aug 2008 15:54:44 +0000 (15:54 +0000)]
Fix test for accept failure

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20612 dc483132-0cff-0310-8789-dd5450dbe970

16 years agobad free in kprop
Ken Raeburn [Wed, 6 Aug 2008 15:51:48 +0000 (15:51 +0000)]
bad free in kprop

Don't free automatic storage after sending database.

ticket: new
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20611 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFix bug in array size calculation
Ken Raeburn [Wed, 6 Aug 2008 15:47:24 +0000 (15:47 +0000)]
Fix bug in array size calculation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20610 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAlways use unsigned for one-bit fields
Ken Raeburn [Wed, 6 Aug 2008 00:10:43 +0000 (00:10 +0000)]
Always use unsigned for one-bit fields

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20609 dc483132-0cff-0310-8789-dd5450dbe970

16 years agofix cleanup code in allocating preauth info
Ken Raeburn [Wed, 6 Aug 2008 00:05:47 +0000 (00:05 +0000)]
fix cleanup code in allocating preauth info

After an allocation failure, free up the previously allocated array
elements by counting back down to zero, not continuing to count up
until we hit zero.

ticket: new
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20608 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFix possible locking protocol failure in error handling path
Ken Raeburn [Wed, 6 Aug 2008 00:01:37 +0000 (00:01 +0000)]
Fix possible locking protocol failure in error handling path

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20607 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoerror in socket number range check in kdc
Ken Raeburn [Tue, 5 Aug 2008 22:15:34 +0000 (22:15 +0000)]
error in socket number range check in kdc

Fix off-by-one error in checking that socket file descriptor numbers
are in range suitable for an fd_set.  Also, don't do the check if we
should someday happen to get compiled on Windows.

ticket: new
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20606 dc483132-0cff-0310-8789-dd5450dbe970

16 years agospecify return type of 'harmless'
Ken Raeburn [Tue, 5 Aug 2008 20:52:57 +0000 (20:52 +0000)]
specify return type of 'harmless'

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20605 dc483132-0cff-0310-8789-dd5450dbe970

16 years agosome comments from Love
Ken Raeburn [Mon, 4 Aug 2008 21:39:10 +0000 (21:39 +0000)]
some comments from Love

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20604 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUse load/store_32/16_be/le functions
Ken Raeburn [Sat, 2 Aug 2008 06:47:33 +0000 (06:47 +0000)]
Use load/store_32/16_be/le functions

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20603 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoPull out two copies of errno mapping into a common function
Ken Raeburn [Sat, 2 Aug 2008 06:46:17 +0000 (06:46 +0000)]
Pull out two copies of errno mapping into a common function

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20602 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUse load_store_16/32_be
Ken Raeburn [Sat, 2 Aug 2008 06:44:08 +0000 (06:44 +0000)]
Use load_store_16/32_be

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20601 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUse load/store_32_be instead of open-coding
Ken Raeburn [Sat, 2 Aug 2008 06:39:29 +0000 (06:39 +0000)]
Use load/store_32_be instead of open-coding

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20600 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoMake more uses of load/store_32_be/le, which on x86 at least expands
Ken Raeburn [Sat, 2 Aug 2008 06:36:49 +0000 (06:36 +0000)]
Make more uses of load/store_32_be/le, which on x86 at least expands
to a single unaligned load/store instruction, instead of open-coding
the shifts and masks.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20599 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUse GET_HALF_BLOCK to fetch new values instead of open-coding
Ken Raeburn [Sat, 2 Aug 2008 06:34:51 +0000 (06:34 +0000)]
Use GET_HALF_BLOCK to fetch new values instead of open-coding

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20598 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUse krb5int_random_string, load_32_be, load_16_be, store_32_be, and
Ken Raeburn [Sat, 2 Aug 2008 06:24:55 +0000 (06:24 +0000)]
Use krb5int_random_string, load_32_be, load_16_be, store_32_be, and
store_16_be.  Change krb5_krcc_unparse_int32 to call
krb5_krc_unparse_ui_4 and reduce duplicated code.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20597 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRename and export random_string from cc_memory.c
Ken Raeburn [Sat, 2 Aug 2008 06:21:08 +0000 (06:21 +0000)]
Rename and export random_string from cc_memory.c

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20596 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoReduce code duplication: krb5_fcc_store_int32 vs krb5_fcc_store_ui_4
Ken Raeburn [Sat, 2 Aug 2008 06:12:09 +0000 (06:12 +0000)]
Reduce code duplication: krb5_fcc_store_int32 vs krb5_fcc_store_ui_4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20595 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoTwo versions of resolver code were almost identical, so unify them and reduce duplica...
Ken Raeburn [Sat, 2 Aug 2008 05:17:53 +0000 (05:17 +0000)]
Two versions of resolver code were almost identical, so unify them and reduce duplication.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20594 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoPull out code to compute length of quoted name component and copy with
Ken Raeburn [Sat, 2 Aug 2008 04:28:19 +0000 (04:28 +0000)]
Pull out code to compute length of quoted name component and copy with
quoting into separate functions, to reduce code duplication.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20593 dc483132-0cff-0310-8789-dd5450dbe970

16 years agonote lack of policy propagation
Ken Raeburn [Thu, 31 Jul 2008 13:42:49 +0000 (13:42 +0000)]
note lack of policy propagation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20592 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoReuse more k5beta7 code for iprop
Ken Raeburn [Thu, 31 Jul 2008 13:33:36 +0000 (13:33 +0000)]
Reuse more k5beta7 code for iprop

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20591 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdditional implementation of the KerberosAgent
Alexandra Ellwood [Wed, 30 Jul 2008 20:52:12 +0000 (20:52 +0000)]
Additional implementation of the KerberosAgent

ticket: 6055
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20590 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoDelete decls for nonexistent functions, and an unused typedef
Ken Raeburn [Wed, 30 Jul 2008 10:32:59 +0000 (10:32 +0000)]
Delete decls for nonexistent functions, and an unused typedef

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20589 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRemove unused file
Ken Raeburn [Wed, 30 Jul 2008 10:02:32 +0000 (10:02 +0000)]
Remove unused file

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20588 dc483132-0cff-0310-8789-dd5450dbe970

16 years agofix possible uninit variable use in error path
Ken Raeburn [Fri, 25 Jul 2008 19:19:06 +0000 (19:19 +0000)]
fix possible uninit variable use in error path

Clear gss_client and gss_target before any possible branch to 'error',
where they can be used.

ticket: new
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20580 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoReturn extended krb5 error strings
Alexandra Ellwood [Thu, 24 Jul 2008 21:26:14 +0000 (21:26 +0000)]
Return extended krb5 error strings

Use krb5_get_error_message instead of error_message for
detailed krb5 error strings.  Also removed a few remaining
instances of types ending in _t and fixed up some
whitespace issues.

Recommend ignoring whitespace diff.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20579 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoIn the gss rpc package, replace the type used for a
Jeffrey Altman [Wed, 23 Jul 2008 20:55:56 +0000 (20:55 +0000)]
In the gss rpc package, replace the type used for a
socket on Windows with SOCKET (instead of int) and
replace all calls to close() that are used to close
sockets with closesocket().

src/include/port-sockets.h includes the definitions
of SOCKET and closesocket() for non-Windows systems.

ticket: 6041
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20578 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFix one missed rename of "exit" label to "done"
Tom Yu [Wed, 23 Jul 2008 17:06:56 +0000 (17:06 +0000)]
Fix one missed rename of "exit" label to "done"

ticket: 5442

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20575 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoreplace "exit" label with "done"
Jeffrey Altman [Wed, 23 Jul 2008 16:03:40 +0000 (16:03 +0000)]
replace "exit" label with "done"

ticket: 5442

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20574 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoThe NIM error reporting functions (in src/windows/identity/kherr ) keep
Jeffrey Altman [Wed, 23 Jul 2008 15:09:15 +0000 (15:09 +0000)]
The NIM error reporting functions (in src/windows/identity/kherr ) keep
track of the the error message with the highest severity level that was
reported for a specific error reporting context.  However, if another
error message of the same severity is reported, the error message being
tracked will be updated to be the newly received error.

The user will often only be notified of the error message that was
tracked for a specific operation.  Therefore, tracking the last message
with the highest priority has the unfortunate side-effect of not
reporting the cause of a failure.

This patch changes the condition for updating the tracked error message
to be the first message with the highest severity.

ticket: 6047
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20573 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoThis patch modifies the NIM Kerberos v5 plug-in to use the
Jeffrey Altman [Wed, 23 Jul 2008 15:04:26 +0000 (15:04 +0000)]
This patch modifies the NIM Kerberos v5 plug-in to use the
krb5_get_error_message() function to look up the error string
if the call to krb5_get_init_creds_password() fails. If the call
to krb5_get_error_message() fails, the caller will failover to
the previous method of looking up a suitable error message based
on the error code.

ticket: 5745
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20572 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoThe /src/windows/identity/plugins/common/dynimport.{c,h} files are used
Jeffrey Altman [Wed, 23 Jul 2008 14:44:50 +0000 (14:44 +0000)]
The /src/windows/identity/plugins/common/dynimport.{c,h} files are used
by the NIM Kerberos v5 plug-ins for run-time dynamic linking.  They
currently do not declare or import the following functions:

krb5_get_error_message()
krb5_free_error_message()
krb5_clear_error_message()

This patch adds declarations and definitions required for locating these
functions.  Relies on the addition of these functions to the prototype
list in the Pismere loadfuncs-krb5.h.  See ticket 6045.

ticket: 6046
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20571 dc483132-0cff-0310-8789-dd5450dbe970

16 years agocw_handle_header_msg():
Jeffrey Altman [Wed, 23 Jul 2008 14:38:27 +0000 (14:38 +0000)]
cw_handle_header_msg():

The behavior of the HDN_ENDTRACK notification has changed slightly on
Vista.  HDM_GETITEMRECT, when used while handling HDN_ENDTRACK, returns
the item extents that were there prior to the user starting the resizing
operation.  Earlier it would return the extents that resulted from the
resizing operation.

This resulted in a visual update problem on Windows Vista/2008
in the NIM Advanced View.

ticket: 5605
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20570 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdd Apple Inc. to copyright lists
Alexandra Ellwood [Tue, 22 Jul 2008 19:56:09 +0000 (19:56 +0000)]
Add Apple Inc. to copyright lists

ticket: new
owner: tlyu

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20568 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCatch a few more cases of unchecked k5_mutex_lock calls
Ken Raeburn [Tue, 22 Jul 2008 19:34:24 +0000 (19:34 +0000)]
Catch a few more cases of unchecked k5_mutex_lock calls

ticket: 5962

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20567 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoA step towards ensuring we check mutex lock attempt results..
Ken Raeburn [Tue, 22 Jul 2008 19:15:52 +0000 (19:15 +0000)]
A step towards ensuring we check mutex lock attempt results..

Always use inline function k5_mutex_lock_1 instead of gcc statement
expression, even under gcc.

Under gcc 4, declane k5_mutex_lock_1 and krb5int_mutex_lock with attribute
warn_unused_result.

In k5_mutex_destroy macro, only store destroy code source+line if we succeed
in temporarily locking the mutex.

ticket: 5962
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20566 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAnother check for null return from krb5_cc_default_name
Ken Raeburn [Mon, 21 Jul 2008 20:59:24 +0000 (20:59 +0000)]
Another check for null return from krb5_cc_default_name

ticket: 5980

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20561 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCheck for null name to krb5_cc_resolve, and return an error
Ken Raeburn [Mon, 21 Jul 2008 20:56:28 +0000 (20:56 +0000)]
Check for null name to krb5_cc_resolve, and return an error

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20560 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoThis patch addresses the issues raised in this ticket and ticket 5936
Jeffrey Altman [Mon, 21 Jul 2008 20:47:35 +0000 (20:47 +0000)]
This patch addresses the issues raised in this ticket and ticket 5936

(a) In the case where 'cred_handle' != 'verifier_cred_handle'[1]
krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success
case and the failure cases that result in returning from the function
prior to reaching the end of the function.

(b) The meaningful 'minor_status' return value is destroyed during the
cleanup operations.

The approach taken is to add a new 'exit:' label prior to the end of the
function through which all function returns after reaching the 'fail:'
label will goto.  After 'exit:', the 'cred_handle' will be released and
if there is a krb5_context 'context' to be freed, the error info will be
saved and krb5_free_context() will be called.

In the success case, the krb5_context is saved in the gss context and we
now set 'context' to NULL to prevent it from being freed.

In order to preserve the minor_status return code, a 'tmp_minor_status'
variable is added that is used after the 'fail:' label in calls to
krb5_gss_delete_sec_context() and krb5_gss_release_cred().

[1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to
the value of 'verifier_cred_handle'.

ticket: 5442
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20559 dc483132-0cff-0310-8789-dd5450dbe970

16 years agokadm5_decrypt_key(). This patch prevents the returned keyblock's
Jeffrey Altman [Mon, 21 Jul 2008 20:33:53 +0000 (20:33 +0000)]
kadm5_decrypt_key(). This patch prevents the returned keyblock's
enctype from being coerced to the requested 'ktype' if the requested
'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored".

ticket: 5840
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20558 dc483132-0cff-0310-8789-dd5450dbe970

16 years agokrb5_string_to_keysalts()
Jeffrey Altman [Mon, 21 Jul 2008 20:30:44 +0000 (20:30 +0000)]
krb5_string_to_keysalts()
  Fix an infinite loop in the parsing of 'kp'

ticket: 5839
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20557 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoThere are two mutex locking issues that Roland Dowdeswell noticed in
Jeffrey Altman [Mon, 21 Jul 2008 19:43:21 +0000 (19:43 +0000)]
There are two mutex locking issues that Roland Dowdeswell noticed in
the memory ccache.  The first one is in cc_memory.c:krb5_mcc_initialize().
When it is free(3)ing the existing credentials it does not lock the
data structures and hence two separate threads can run into issues.

The same problem exists in cc_memory.c:krb5_mcc_destroy().

ticket: 5895
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20555 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAn implementation of opendir() and friends for _WIN32
Jeffrey Altman [Mon, 21 Jul 2008 19:20:05 +0000 (19:20 +0000)]
An implementation of opendir() and friends for _WIN32
plus an implementation of the plugin support that makes
use of them.

ticket: 3737

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20554 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAssign fixed ordinals to comerr32.dll exports
Jeffrey Altman [Mon, 21 Jul 2008 18:48:03 +0000 (18:48 +0000)]
Assign fixed ordinals to comerr32.dll exports

All of the other libraries on Windows have fixed assignments
of ordinals to the exported functions.  Assign the ordinals
that were in use in the last public release, kfw 3.2.2, so
that they will remain constant into the future in case additional
exports are added to the library.

ticket: new
component: krb5-libs
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20553 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoWhen reading from the routing socket, only provide enough space for
Ken Raeburn [Mon, 21 Jul 2008 18:39:34 +0000 (18:39 +0000)]
When reading from the routing socket, only provide enough space for
the header and ignore the rest of the message.  Don't complain about
message size as long as we got the bits of the header we care about.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20552 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoccdefault.c:
Jeffrey Altman [Mon, 21 Jul 2008 17:44:43 +0000 (17:44 +0000)]
ccdefault.c:
krb5_cc_default_name() is permitted to return a NULL
pointer as a valid output.  Passing a NULL pointer to
strcmp() will result in an exception as NULL is not
a valid input parameter to strcmp().

Save the output of krb5_cc_default_name() to a variable
and modify the conditional to set the new default ccache
name in the case where there is no existing default
ccache name.

ticket: 5080
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20551 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoDon't set LOCAL_SUBDIRS in many places and SUBDIRS in a few and
Ken Raeburn [Sun, 20 Jul 2008 21:07:41 +0000 (21:07 +0000)]
Don't set LOCAL_SUBDIRS in many places and SUBDIRS in a few and
default SUBDIRS to LOCAL_SUBDIRS via pre.in.  Instead, just set
SUBDIRS in each directory, and don't do anything in pre.in.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20546 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoDrop $(SUBDIRS_@srcdir@) hack, it's not being used any more, and
Ken Raeburn [Sun, 20 Jul 2008 20:43:55 +0000 (20:43 +0000)]
Drop $(SUBDIRS_@srcdir@) hack, it's not being used any more, and
confuses some versions of make.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20545 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUse mkstemp(), and fstat() the file to make sure that the mkstemp()
Tom Yu [Fri, 18 Jul 2008 18:59:47 +0000 (18:59 +0000)]
Use mkstemp(), and fstat() the file to make sure that the mkstemp()
implementation is setting sane file modes.

ticket: 6002

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20543 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoSet non-blocking mode on incoming TCP connections.
Ken Raeburn [Fri, 18 Jul 2008 06:50:34 +0000 (06:50 +0000)]
Set non-blocking mode on incoming TCP connections.
Don't log EINTR error in select loop.
Log when shutdown signal has been received and acted on.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20541 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoOn systems with struct rt_msghdr, open a routing socket and wait for
Ken Raeburn [Fri, 18 Jul 2008 06:45:34 +0000 (06:45 +0000)]
On systems with struct rt_msghdr, open a routing socket and wait for
messages; when they come in, if the types suggest a possibility of
network interface reconfiguration, shut down the KDC's networking and
bring it back up again, rescanning the interfaces in the process.

Leaving the ticket open because it should be improved:
 * It should only close down sockets on addresses we no longer have, and
   bring up sockets only on new addresses.
 * If we have IPV6_PKTINFO support, it should only listen for IPv4
   routing changes.
 * If we also have IP_PKTINFO support, it shouldn't be used at all.
 * If we build a KDC on a system with neither struct rt_msghdr nor
   IP_PKTINFO (do we have any such?), we'll need another solution.

Thanks to Nico Williams for the routing socket suggestion, and Apple
for the initial (signal-driven) reconfiguration code.

ticket: 6019
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20540 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRewrite krb5_db_open flag handling to avoid confusing emacs c-mode
Ken Raeburn [Fri, 18 Jul 2008 06:00:10 +0000 (06:00 +0000)]
Rewrite krb5_db_open flag handling to avoid confusing emacs c-mode
indentation support.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20539 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRevert due to potential file modes race condition
Tom Yu [Fri, 18 Jul 2008 03:08:38 +0000 (03:08 +0000)]
Revert due to potential file modes race condition

ticket: 6002
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20538 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoMake krb5_rc_io_creat() use mkstemp
Tom Yu [Fri, 18 Jul 2008 00:18:23 +0000 (00:18 +0000)]
Make krb5_rc_io_creat() use mkstemp

ticket: 6002

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20537 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoIn krb5_rc_io_creat(), unlink any existing rcache file before trying
Tom Yu [Thu, 17 Jul 2008 23:40:32 +0000 (23:40 +0000)]
In krb5_rc_io_creat(), unlink any existing rcache file before trying
to create a new rcache.  This allows better recovery from corrupt
rcache files.

ticket: 6018
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20536 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCCAPI side of the patch
Alexandra Ellwood [Thu, 17 Jul 2008 19:04:34 +0000 (19:04 +0000)]
CCAPI side of the patch

ticket: 6035

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20535 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRemoved _t suffix from KIM types
Alexandra Ellwood [Thu, 17 Jul 2008 17:02:41 +0000 (17:02 +0000)]
Removed _t suffix from KIM types

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20534 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoRemoved _t suffix from all type names
Alexandra Ellwood [Thu, 17 Jul 2008 17:00:58 +0000 (17:00 +0000)]
Removed _t suffix from all type names

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20533 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoApply patch from Mark Phalan to correctly use progname instead of
Tom Yu [Thu, 17 Jul 2008 15:44:43 +0000 (15:44 +0000)]
Apply patch from Mark Phalan to correctly use progname instead of
argv[0].

ticket: 6030
tags: pullup
target_version: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20532 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoApply patch from Mark Phalan to initialize progname before use
Tom Yu [Wed, 16 Jul 2008 23:01:54 +0000 (23:01 +0000)]
Apply patch from Mark Phalan to initialize progname before use

ticket: 6028
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20531 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoFix indirection on assignment to minor status
Tom Yu [Wed, 16 Jul 2008 23:01:43 +0000 (23:01 +0000)]
Fix indirection on assignment to minor status

ticket: 5962

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20530 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCheck return value from k5_mutex_lock() to partially mitigate some
Tom Yu [Wed, 16 Jul 2008 22:35:21 +0000 (22:35 +0000)]
Check return value from k5_mutex_lock() to partially mitigate some
assertion failures when mutexes get destroyed out from under us.

ticket: 5962

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20529 dc483132-0cff-0310-8789-dd5450dbe970

16 years ago r1926@ken-wireless: raeburn | 2008-07-15 16:49:17 -0400
Ken Raeburn [Tue, 15 Jul 2008 23:57:03 +0000 (23:57 +0000)]
 r1926@ken-wireless:  raeburn | 2008-07-15 16:49:17 -0400
 ticket: 5947
 status: open

 Add a test script for the walk_rtree code, and run some test cases
 that exercise the problem reported in RT ticket 5947.
 r1927@ken-wireless:  raeburn | 2008-07-15 19:55:10 -0400
 Some more test cases.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20528 dc483132-0cff-0310-8789-dd5450dbe970

16 years agokrb5_get_cred_via_tkt() should null out_cred on errors
Tom Yu [Tue, 15 Jul 2008 21:43:35 +0000 (21:43 +0000)]
krb5_get_cred_via_tkt() should null out_cred on errors

Helper function krb5_kdcrep2creds(), called from
krb5_get_cred_via_tkt(), should null its output pointer after freeing
allocated memory, to avoid returning an invalid pointer.

ticket: new
tags: pullup
target_version: 1.6.4
component: krb5-libs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20527 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUse RFC 3542's IPV6_RECVPKTINFO if available. (And IP_RECVPKTINFO too.)
Ken Raeburn [Mon, 14 Jul 2008 15:19:25 +0000 (15:19 +0000)]
Use RFC 3542's IPV6_RECVPKTINFO if available.  (And IP_RECVPKTINFO too.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20515 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoIn FREE_SET_DATA, reset the current count as well
Ken Raeburn [Sat, 12 Jul 2008 01:15:25 +0000 (01:15 +0000)]
In FREE_SET_DATA, reset the current count as well

ticket: 6019
state: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20514 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUse all local addresses except loopback addresses, even if a non-loopback
Ken Raeburn [Sat, 12 Jul 2008 00:55:18 +0000 (00:55 +0000)]
Use all local addresses except loopback addresses, even if a non-loopback
address appears on a loopback interface.  This might happen if that's how
your VPN code makes your local address visible.

Use a variant of Apple's patch, extended to handle the other variations of
local address determination.

ticket: 6017

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20513 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdd comment and <TargetConditionals.h> to previous
Tom Yu [Thu, 10 Jul 2008 22:34:39 +0000 (22:34 +0000)]
Add comment and <TargetConditionals.h> to previous

ticket: 6010
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20512 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUse #pragma pop on the Mac to ensure that the krb5_gic_opt_ext
Tom Yu [Thu, 10 Jul 2008 22:34:21 +0000 (22:34 +0000)]
Use #pragma pop on the Mac to ensure that the krb5_gic_opt_ext
structure has the same layout as the public version.

ticket: 6010
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20511 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCCacheServer crashes iterating over creds which have been destroyed
Alexandra Ellwood [Thu, 10 Jul 2008 20:17:51 +0000 (20:17 +0000)]
CCacheServer crashes iterating over creds which have been destroyed

ccs_list_release was trying to manually delete the iterators with a
broken for loop which skipped iterators.  Since the iterators were referenced
by the client, when the client exited it would tell the iterators to release
themselves.  The orphaned itertors would attempt to remove themselves from
their list (which had been released) resulting in a crash.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20510 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoApply patch from Apple to handle missing krb5.conf for zeroconf
Tom Yu [Thu, 10 Jul 2008 02:04:03 +0000 (02:04 +0000)]
Apply patch from Apple to handle missing krb5.conf for zeroconf
situations.

ticket: 5632

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20509 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoDon't print spurious errors to debug logs
Alexandra Ellwood [Wed, 9 Jul 2008 21:46:14 +0000 (21:46 +0000)]
Don't print spurious errors to debug logs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20508 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdd macro so we don't print deprecated warnings while building KfM
Alexandra Ellwood [Wed, 9 Jul 2008 21:18:51 +0000 (21:18 +0000)]
Add macro so we don't print deprecated warnings while building KfM

Macro is defined in Kerberos5Prefix.h

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20507 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUse autogenerated darwin.exports files for server frameworks
Alexandra Ellwood [Wed, 9 Jul 2008 21:17:06 +0000 (21:17 +0000)]
Use autogenerated darwin.exports files for server frameworks

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20506 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoDon't use "ccache" in error string printed to user
Alexandra Ellwood [Wed, 9 Jul 2008 21:16:01 +0000 (21:16 +0000)]
Don't use "ccache" in error string printed to user

ccache is a confusing abbreviation of credentials cache

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20505 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoUse -dead_strip when linking dynamic libraries on Darwin
Ken Raeburn [Wed, 9 Jul 2008 20:48:48 +0000 (20:48 +0000)]
Use -dead_strip when linking dynamic libraries on Darwin

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20504 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoadd copyright to lib/crypto/enc_provider/aes.c
Tom Yu [Wed, 9 Jul 2008 19:54:56 +0000 (19:54 +0000)]
add copyright to lib/crypto/enc_provider/aes.c

lib/crypto/enc_provider/aes.c was missing a copyright statement.
Added.

ticket: new
tags: pullup
component: krb5-libs
target_version: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20503 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoChanges to krb5_kt_default_name changed the krb5 ABI. Reverted
Alexandra Ellwood [Tue, 8 Jul 2008 17:07:08 +0000 (17:07 +0000)]
Changes to krb5_kt_default_name changed the krb5 ABI.  Reverted
API prototype change and added a temporary variable to avoid casting
problems.

ticket: 5432

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20502 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdd kerberos icon
Alexandra Ellwood [Tue, 8 Jul 2008 16:14:28 +0000 (16:14 +0000)]
Add kerberos icon

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20501 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdd EnableTransactions launchd option to CCacheServer
Alexandra Ellwood [Mon, 7 Jul 2008 19:26:50 +0000 (19:26 +0000)]
Add EnableTransactions launchd option to CCacheServer

This prevents the CCacheServer from being killed before it is
done handling all the mach messages.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20500 dc483132-0cff-0310-8789-dd5450dbe970

16 years agokrb5int_gic_opte_copy should copy elements individually
Alexandra Ellwood [Mon, 7 Jul 2008 19:08:01 +0000 (19:08 +0000)]
krb5int_gic_opte_copy should copy elements individually

Since we are copying from one structure to another, copy elements.
Using memcpy is fragile.

ticket: new
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20499 dc483132-0cff-0310-8789-dd5450dbe970

16 years agokdc does not compile with glibc 2.8
Ezra Peisach [Sun, 6 Jul 2008 02:30:17 +0000 (02:30 +0000)]
kdc does not compile with glibc 2.8

On Fedora 9, glibc 2.8 is used.  The kdc code conditionalizes
IPV6_PKTINFO and HAVE_STRUCT_IN6_PKTINFO in a number of places = but
misses two for the struct one.

/usr/include/netinet/in.h conditionalizes struct in6_pktinfo on
__USE_GNU - which I believe implies a gnu libc extension.  People on
the net have defined GNU_SOURCE for various things to compile, etc.

I do note that /usr/include/linux/ipv6.h exists with the same definition.

I believe that ipv6 support in the kdc will not work with these changes - but
the tree compiles.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20498 dc483132-0cff-0310-8789-dd5450dbe970

16 years agostop exporting a few symbols internal to aes implementation
Ken Raeburn [Thu, 3 Jul 2008 19:00:16 +0000 (19:00 +0000)]
stop exporting a few symbols internal to aes implementation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20497 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoAdded type checking for 64-bit platforms
Alexandra Ellwood [Tue, 1 Jul 2008 17:50:30 +0000 (17:50 +0000)]
Added type checking for 64-bit platforms

ticket: 6001

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20495 dc483132-0cff-0310-8789-dd5450dbe970

16 years agokrb5_get_error_message returns const char *
Alexandra Ellwood [Tue, 1 Jul 2008 17:38:36 +0000 (17:38 +0000)]
krb5_get_error_message returns const char *

Changed temporary variables to use const char *

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20494 dc483132-0cff-0310-8789-dd5450dbe970

16 years agomemcpy(NULL, ptr, 0) is invalid, so don't do it
Ken Raeburn [Mon, 30 Jun 2008 22:07:06 +0000 (22:07 +0000)]
memcpy(NULL, ptr, 0) is invalid, so don't do it

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20492 dc483132-0cff-0310-8789-dd5450dbe970

16 years agomake depend
Ken Raeburn [Mon, 30 Jun 2008 22:03:49 +0000 (22:03 +0000)]
make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20491 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoBig endian stash file support
Alexandra Ellwood [Fri, 27 Jun 2008 19:46:33 +0000 (19:46 +0000)]
Big endian stash file support

Added support for stash files with a consistent endianness (big endian)
so that one can migrate a KDC from a machine with one endianess to
a machine with the other endianess.  Used by Kerberos for Macintosh.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20489 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoCheck for strdup failure. Fix a memory leak in one failure case
Ken Raeburn [Fri, 27 Jun 2008 05:41:26 +0000 (05:41 +0000)]
Check for strdup failure.  Fix a memory leak in one failure case

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20488 dc483132-0cff-0310-8789-dd5450dbe970

16 years agomisc uninitialized-storage accesses
Ken Raeburn [Fri, 27 Jun 2008 04:47:23 +0000 (04:47 +0000)]
misc uninitialized-storage accesses

Fix some miscellaneous uninitialized-storage uses, mainly in unlikely error
paths.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20487 dc483132-0cff-0310-8789-dd5450dbe970

16 years agofix ktutil listing with timestamp
Ken Raeburn [Fri, 27 Jun 2008 04:18:38 +0000 (04:18 +0000)]
fix ktutil listing with timestamp

ktutil's "list -t" option is supposed to show the timestamp stored in
the keytab file.  Instead, it shows some random (uninitialized) value,
interpreted as a timestamp.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20486 dc483132-0cff-0310-8789-dd5450dbe970

16 years agouse-after-free bugs
Ken Raeburn [Fri, 27 Jun 2008 03:33:14 +0000 (03:33 +0000)]
use-after-free bugs

Fix some bugs with storage being used immediately after being freed.
None look like anything an attacker can really manipulate AFAICT.

ticket: new
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20485 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoWhen returning an error, don't also pass back an invalid pointer
Ken Raeburn [Fri, 27 Jun 2008 03:20:48 +0000 (03:20 +0000)]
When returning an error, don't also pass back an invalid pointer

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20484 dc483132-0cff-0310-8789-dd5450dbe970

16 years agocall kg_delete_lucidctx_id before freeing, not after
Ken Raeburn [Fri, 27 Jun 2008 03:14:39 +0000 (03:14 +0000)]
call kg_delete_lucidctx_id before freeing, not after

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20483 dc483132-0cff-0310-8789-dd5450dbe970