Jeffrey Altman [Mon, 13 Sep 2004 01:48:56 +0000 (01:48 +0000)]
Updates to WiX to satisfy the needs of MIT SWRT
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16743
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 11 Sep 2004 05:35:16 +0000 (05:35 +0000)]
utils.nsi: Fix RestartRequired function to actually determine
if a restart is required
kfw-fixed.nsi:
- Add support for compiler version 1400
- Fix terminal server key deletions
- Delete leash32.exe on uninstall
- Correct the logic of the call of RestartRequired
ticket: 2702
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16742
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 10 Sep 2004 23:01:11 +0000 (23:01 +0000)]
Support building on x86_64
Include resolv.h when looking for res_nsearch and res_search.
Ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16741
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 10 Sep 2004 22:37:07 +0000 (22:37 +0000)]
* port-sockets.h: Remove _XOPEN_SOURCE_EXTENDED hack for netdb.h,
as it can cause inconsistencies between headers. It significantly
broke HP-UX 10.20 anyway.
ticket: 2379
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16740
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 10 Sep 2004 19:33:39 +0000 (19:33 +0000)]
* cc_mslsa.c: Implement krb5_lcc_initialize()
Remove all tickets from the cache which have a client
principal that matches the input principal.
ticket: 2705
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16737
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 10 Sep 2004 17:34:31 +0000 (17:34 +0000)]
cc_mslsa.c: Correct test for KerbQueryTicketCacheEx2Message
ticket: 2705
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16736
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 10 Sep 2004 16:52:59 +0000 (16:52 +0000)]
2004-09-10 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: The following functionality is being committed
but commented out because it is not presently
available in public Microsoft SDKs
- support for KerbSubmitTicket which allows a KERB_CRED
message to be forwarded to the LSA. (KERB_SUBMIT_TICKET)
- support for the KerbQueryTicketCacheEx2Message which
adds the Session Key Enctype to the contents of the
response from KerbQueryTicketCacheExMessage.
(HAVE_CACHE_INFO_EX2)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16735
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 9 Sep 2004 23:28:50 +0000 (23:28 +0000)]
krb5.hin: add new krb5_ccache flag, KRB5_TC_NOTICKET
when set, a krb5_ccache does not have to return a ticket
within the returned credential
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16734
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 9 Sep 2004 23:25:56 +0000 (23:25 +0000)]
ms2mit.c: Apply KRB5_TC_NOTICKET to MSLSA: while searching for the
presence of an initial ticket to copy to the MIT cache
ticket: 2688
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16733
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 8 Sep 2004 20:23:02 +0000 (20:23 +0000)]
* login.c (main): Don't overwrite "PATH" environment variable if
it's already set.
ticket: 427
version_reported: 1.0.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16731
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 8 Sep 2004 19:31:49 +0000 (19:31 +0000)]
* Makefile.in (install-unix): Install krb524d manpage
ticket: 2539
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16730
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 8 Sep 2004 19:30:59 +0000 (19:30 +0000)]
* Makefile.in: Install krb5-config manpage
ticket: 2694
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16729
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 8 Sep 2004 15:58:45 +0000 (15:58 +0000)]
Added man pages for krb524d and krb5-config
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16728
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 8 Sep 2004 15:56:31 +0000 (15:56 +0000)]
Added a man page for krb5-config
ticket: 2694
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16727
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 8 Sep 2004 15:53:25 +0000 (15:53 +0000)]
Added man page for krb524d
ticket: 2539
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16726
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 7 Sep 2004 23:28:18 +0000 (23:28 +0000)]
comment
ticket: 696
version_fixed: 1.4
* install.texinfo (Propagate the Database to Each Slave KDC):
Remove spurious "-R" flag from kdb5_util invocation.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16725
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Tue, 7 Sep 2004 18:03:23 +0000 (18:03 +0000)]
Include all subdirectories of KFW_INSTALL_DIR in the SDK
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16723
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 3 Sep 2004 17:17:58 +0000 (17:17 +0000)]
update for krb5-1.3.5-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16719
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 3 Sep 2004 01:19:44 +0000 (01:19 +0000)]
improve documentation of ANSI C requirement
* build.texinfo: Fix some typos.
(Build Requirements): Note ANSI C (c89) requirement.
(Alpha OSF/1 V4.0): Document "-std0" vs "-std" cc behavior.
ticket: new
target_version: 1.3.5
component: krb5-doc
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16717
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 2 Sep 2004 02:31:52 +0000 (02:31 +0000)]
* cc_mslsa.c:
- Fix MITPrincToMSPrinc to prevent writing to the output
buffer if the input won't fit.
- Add internal UnicodeStringToMITPrinc function
- Rename internal MSPrincToMITPrinc to ExternalNameToMITPrinc
- Rename internal PurgeMSTGT to PurgeAllTickets
- Add internal PurgeTicket2000
- Add internal PurgeTicketXP
- Since tickets can only be requested via KDC Opt Flags it is
not possible to specifically request the Initial ticket. If
more than one ticket exists which matching service names,
enctypes, and ticket flags the initial ticket flag may not be
set. If the caller requested the initial ticket, set the flag
manually.
- Add preliminary support for krb5_lcc_set_flags
- Modify krb5_lcc_initialize to return success
- Modify krb5_lcc_get_principal to support an LSA cache
which does not contain a TGT when krb5_lcc_resolve is
called.
- Implement krb5_lcc_remove_cred
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16714
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 2 Sep 2004 00:42:50 +0000 (00:42 +0000)]
* ms2mit.c: add -c ccache command line option
* mit2ms.c: new command. Copies contents of the mit ccache
to the MSLSA: ccache
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16713
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 31 Aug 2004 22:06:26 +0000 (22:06 +0000)]
* kvno.M: Update usage
* kvno.c (xusage): Update usage message.
ticket: 2677
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16709
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 31 Aug 2004 19:02:06 +0000 (19:02 +0000)]
oops, forgot changelog
ticket: 2686
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16703
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 31 Aug 2004 18:55:18 +0000 (18:55 +0000)]
fix MITKRB5-SA-2004-003
Fix for ASN.1 decoder denial-of-service. [MITKRB5-SA-2004-003]
ticket: new
target_version: 1.3.5
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16702
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 31 Aug 2004 18:52:26 +0000 (18:52 +0000)]
fix MITKRB5-SA-2004-002
Fix double-free vulnerabilities [MITKRB5-SA-2004-002].
ticket: new
target_version: 1.3.5
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16701
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 30 Aug 2004 22:22:59 +0000 (22:22 +0000)]
added private apple pkinit sources
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16699
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 28 Aug 2004 16:35:58 +0000 (16:35 +0000)]
* prof_file.c (profile_open_file): If an error occurs while updating from the
input file, destroy the mutex only if we're not sharing file data.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16698
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 28 Aug 2004 02:05:39 +0000 (02:05 +0000)]
* prof_parse.c (parse_std_line): Rewrite handling of whitespace in and after
tag, to strip trailing whitespace (per current locale, not just ASCII space
characters), and prohibit any internal space characters in tag names.
(This is not the patch supplied in the bug report; that patch changed the tag
handling to allow spaces in tag names, which we haven't previously allowed. On
the other hand, we haven't specifically disallowed internal tabs or other
whitespace, either, and this patch does so.)
ticket: 2614
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16697
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 28 Aug 2004 01:23:19 +0000 (01:23 +0000)]
* init_sec_context.c (make_ap_req_v1): Free checksum data
allocated by make_gss_checksum() to avoid leak.
* k5sealv3.c (gss_krb5int_unseal_token_v3): Free plain.data after
checksum is verified, to avoid leak.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16696
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 28 Aug 2004 00:25:24 +0000 (00:25 +0000)]
move last patch down a little so it applies to tcp sockets as well as udp
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16695
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 28 Aug 2004 00:00:53 +0000 (00:00 +0000)]
* sendto_kdc.c (start_connection) [DEBUG]: Log the local socket address
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16694
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Aug 2004 23:01:56 +0000 (23:01 +0000)]
Finally applied patch from Nalin Dahyabhai at Red Hat to fix 0/NULL bugs in
variadic argument lists to krb5_build_principal{,_ext}. Skipped the stylistic
patches that removed casts of NULL.
tag: 1850
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16693
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Aug 2004 20:23:30 +0000 (20:23 +0000)]
* profile_tcl.c: New file, generated from profile.swg, but checked in to avoid
requiring swig in order to generate the test program.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16692
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Aug 2004 20:22:37 +0000 (20:22 +0000)]
* profile.swg: New file.
* configure.in: Look for Tcl.
* Makefile.in (profile_tcl, profile_tcl.c, profile_tcl.o): New targets, not
built by default.
(PROG_LIBPATH, PROG_RPATH, LOCALINCLUDES): Add Tcl options.
(DEFINES): Define.
(clean-unix): Delete profile_tcl.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16691
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Aug 2004 19:45:46 +0000 (19:45 +0000)]
* run.test (getnwords): Run data through "cat -v", because at least one version
of Debian Linux has an English dictionary with Latin-1 characters and a "rev"
that seems to default to some sort of Unicode.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16690
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 27 Aug 2004 19:41:53 +0000 (19:41 +0000)]
* prof_int.h (struct _prf_data_t): Add a mutex.
* prof_file.c (profile_open_file): Initialize data mutex.
(profile_update_file_data, profile_flush_file_data): Lock it while manipulating
file data.
(profile_lock_global, profile_unlock_global): New functions.
* prof_set.c (rw_setup): Acquire global lock while checking flags and adjusting
ref count.
(profile_update_relation, profile_rename_section, profile_add_relation): Lock
data mutex while manipulating profile data.
* prof_tree.c (profile_node_iterator): Do more magic number tests.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16689
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Fri, 27 Aug 2004 19:12:13 +0000 (19:12 +0000)]
Patch from Garry Zacheiss to use krb5_get_init_creds_password in ftpd
not krb5_get_in_tkt_password in order to avoid the prompter being
called.
Ticket: 2682
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16688
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 26 Aug 2004 23:34:26 +0000 (23:34 +0000)]
* acquire_cred.c (krb5_gss_acquire_cred): Call gssint_initialize_library.
Return correct error code on mutex initialization failure.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16687
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 26 Aug 2004 23:13:46 +0000 (23:13 +0000)]
* configure.in: Look for uint32_t, not int32_t, since some BSD-ish
sys/types.h headers have int32_t and u_int32_t, but only have
uint32_t in stdint.h.
* types.hin: Change int32_t checks to uint32_t checks.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16686
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Aug 2004 15:49:51 +0000 (15:49 +0000)]
* configure.in: Don't test for pthread_rwlock_init
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16685
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 24 Aug 2004 15:49:01 +0000 (15:49 +0000)]
* aclocal.m4 (KRB5_AC_PRAGMA_WEAK_REF): Fix to work with AIX compiler when optimizing
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16684
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 23 Aug 2004 20:41:35 +0000 (20:41 +0000)]
* addrinfo-test.c: New file
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16683
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 23 Aug 2004 20:31:31 +0000 (20:31 +0000)]
* fake-addrinfo.h (fai_add_hosts_by_name): Handle case where returned ai_canonname is null
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16682
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 21 Aug 2004 17:28:14 +0000 (17:28 +0000)]
New commands: kcpytkt and kdeltkt
kcpytkt: copies one or more tickets between credential caches
kdeltkt: deletes one or mote tickets from a credential cache
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16681
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 21 Aug 2004 17:25:29 +0000 (17:25 +0000)]
kvno: add -c ccache command line parameter
call krb5_free_unparsed_name() instead of free() to prevent
crashes on Windows.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16680
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 21 Aug 2004 16:59:47 +0000 (16:59 +0000)]
* libkadm5srv.exports: Update for previous renaming
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16679
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 21 Aug 2004 02:31:10 +0000 (02:31 +0000)]
Fix no-auth test to use a config mask flag to ask for no-auth, to
avoid the icky repeated build of client_init.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16678
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 21 Aug 2004 02:16:53 +0000 (02:16 +0000)]
whitespace
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16677
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 20 Aug 2004 23:46:39 +0000 (23:46 +0000)]
ChangeLogs for WiX MSI installer
ticket: 2675
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16676
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 20 Aug 2004 23:42:59 +0000 (23:42 +0000)]
New WiX based MSI installer for KFW
Requires WiX 2.0.1927.1 patched by Asanka.
http://prdownloads.sourceforge.net/wix/sources-2.0.1927.1.zip
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16675
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 20 Aug 2004 18:45:30 +0000 (18:45 +0000)]
renamed acl_* functions to kadm5int_acl_*
ticket: 2674
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16673
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 20 Aug 2004 18:38:00 +0000 (18:38 +0000)]
Added kadmin code to project to make searches easier
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16672
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 19 Aug 2004 20:04:49 +0000 (20:04 +0000)]
* shlib.conf: Add support for gnu hurd and for BSD kernels with
glibc; use the Linux shared library procedure
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16671
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 19 Aug 2004 00:56:53 +0000 (00:56 +0000)]
* aclocal.m4 (KRB5_AC_ENABLE_THREADS): Check for pthread_rwlock_init, with and
without the thread library.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16670
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 17 Aug 2004 23:57:16 +0000 (23:57 +0000)]
* svc.c (svc_getreqset): Allocate cred and verf memory to
temporary pointers, and free the temporary pointers on exit.
Freeing the actual cred and verf pointers can cause corruption
because auth mechanisms can reassign the pointers.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16669
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 17 Aug 2004 01:14:58 +0000 (01:14 +0000)]
* svc_auth_gss.c (gssrpc__svcauth_gss): Add some debug messages
* svc.c (svc_getreqset): Don't allocate either raw or cooked
credentials on the stack using the cred_area char array; use
mem_alloc() instead. This avoids alignment problems.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16668
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 16 Aug 2004 01:27:41 +0000 (01:27 +0000)]
* cc_file.c (struct _krb5_fcc_data): Add new mutex disk_file_lock and flag
file_is_locked.
(krb5_fcc_close_file): Unlock the mutex and clear the flag.
(krb5_fcc_open_file): Acquire the mutex before locking the file, and set the
flag after.
(krb5_fcc_resolve): Initialize the new mutex and flag.
(krb5_fcc_generate_new): Initialize both mutexes and the flag.
(dereference): Destroy the new mutex.
Also, get rid of some unused variables.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16667
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 15 Aug 2004 23:56:00 +0000 (23:56 +0000)]
* cc_file.c: Add buffering on reading.
(FCC_BUFSIZ): New macro.
(struct _krb5_fcc_data): Add new fields buf, valid_bytes, cur_offset.
(krb5_fcc_resolve, krb5_fcc_generate_new): Initialize valid_bytes.
(invalidate_cache): New function.
(krb5_fcc_write, krb5_fcc_open_file, krb5_fcc_destroy): Call invalidate_cache.
(fcc_lseek): New function.
(krb5_fcc_skip_header, krb5_fcc_destroy, krb5_fcc_start_seq_get,
krb5_fcc_next_cred, krb5_fcc_store): Use fcc_lseek instead of lseek.
(fcc_read): Use and maybe refill the buffer.
(dereference): Zap the contents of the buffer before freeing it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16666
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 15 Aug 2004 23:18:24 +0000 (23:18 +0000)]
* run.test (getnwords): Rewrite to drop blank lines before counting lines, not after
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16665
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 15 Aug 2004 23:10:35 +0000 (23:10 +0000)]
* cc_file.c (dereference): Lock mutex around call to krb5_fcc_close_file
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16664
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 15 Aug 2004 03:37:24 +0000 (03:37 +0000)]
Fix Tru64 build:
* k5-thread.h (k5_os_nothread_mutex_assert_locked,
k5_os_nothread_mutex_assert_unlocked, k5_os_mutex_assert_locked,
k5_os_mutex_assert_unlocked): Assertion macros should always have type void.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16663
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 13 Aug 2004 04:02:35 +0000 (04:02 +0000)]
Only open a credential cache file once, even if multiple krb5_ccache objects
refer to it. (This does NOT yet take care of the problem of multiple threads
wanting to use OS-level advisory locks, which at least on UNIX are per-process
and not per-thread.)
* cc_file.c (krb5_fcc_close_file): Change first argument to be an fcc-data
pointer, not a krb5_ccache. All calls changed.
(struct fcc_set): Add a refcount member. (Definition accidentally introduced
without comment in an earlier patch.)
(krb5int_cc_file_mutex, fccs): New variables, for managing a global list of
open credential cache files.
(dereference): New function, with most of old close/destroy operations.
Decrements reference count and only frees the object and removes it from the
global list if the refcount hits zero.
(krb5_fcc_close, krb5_fcc_destroy): Call dereference.
(krb5_fcc_resolve): If a file cache is already open with the same file name,
increment its reference count and don't create a new one. When a new one is
created, add it to the global list.
* cc-int.h (krb5int_cc_file_mutex): Declare.
* ccbase.c (krb5int_cc_initialize): Initialize it.
(krb5int_cc_finalize): Destroy it, and krb5int_mcc_mutex.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16662
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 13 Aug 2004 02:41:34 +0000 (02:41 +0000)]
* k5-thread.h (k5_os_nothread_mutex_finish_init, k5_os_nothread_mutex_init,
k5_os_nothread_mutex_destroy, k5_os_nothread_mutex_lock,
k5_os_nothread_mutex_unlock) [!DEBUG_THREADS]: Replace macros with inline
functions, to gain type checking and eliminate gratuitous compiler warnings.
(k5_pthread_assert_unlocked, k5_pthread_assert_locked): Likewise.
(k5_os_mutex_finish_init) [HAVE_PTHREAD && !USE_PTHREAD_LOCK_ONLY_IF_LOADED]:
Likewise.
(return_after_yield): New inline function.
(k5_os_mutex_lock) [HAVE_PTHREAD]: Change back to a macro, calling
return_after_yield.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16661
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 12 Aug 2004 23:00:20 +0000 (23:00 +0000)]
* run.test (getnwords): New function. Uses sed to get N words from $DICT as
other functions did before, but discards blank lines.
(test1, test2, test12, test13, test20): Call getnwords.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16660
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 12 Aug 2004 19:10:54 +0000 (19:10 +0000)]
get_in_tkt.c (get_init_creds): Support ticket_lifetime libdefault. Made aware of 32 bit min and max for times. Allow renew_until time < expiration time
ticket: 2654
ticket: 2655
ticket: 2656
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16656
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 12 Aug 2004 18:57:38 +0000 (18:57 +0000)]
ccdefname.c (krb5_cc_set_default_name, krb5_cc_default_name): Look up the default ccache name in krb5_cc_default_name, not krb5_cc_set_default_name so that krb5_init_context doesn't have to do work it might never use
ticket: 2657
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16655
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 10 Aug 2004 00:47:14 +0000 (00:47 +0000)]
* configure.in: Solaris getpwnam_r returns struct passwd*, not
struct pwd*.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16654
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 9 Aug 2004 00:20:05 +0000 (00:20 +0000)]
* ftpd.c (main): Use socklen_t for the size of the address from accept
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16653
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 9 Aug 2004 00:18:22 +0000 (00:18 +0000)]
* krb524d.c (do_connection): Use socklen_t for the size of the address from recvfrom
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16652
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 8 Aug 2004 22:53:20 +0000 (22:53 +0000)]
* aclocal.m4 (WITH_CC): Log messages when adding AIX compiler options
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16651
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 8 Aug 2004 22:38:07 +0000 (22:38 +0000)]
* libkrb5.exports: Remove memory ccache symbols except ops table
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16650
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 8 Aug 2004 22:35:02 +0000 (22:35 +0000)]
* aclocal.m4 (KRB5_AC_ENABLE_THREADS): Clear PTHREAD_CFLAGS and PTHREAD_LIBS
after adding them to CFLAGS and LIBS respectively, to avoid duplicating the
options later.
(WITH_CC): Add -O on AIX also. Don't add options if similar options are
already present.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16649
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 8 Aug 2004 21:22:41 +0000 (21:22 +0000)]
* threads.c (GET_NO_PTHREAD_TSD) [!HAVE_PRAGMA_WEAK_REF]: Macro result type
should be pointer to tsd_block.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16648
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 8 Aug 2004 21:10:46 +0000 (21:10 +0000)]
* configure.in: If getpwnam_r is available, determine its return type
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16647
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 8 Aug 2004 21:09:38 +0000 (21:09 +0000)]
* aclocal.m4 (KRB5_AC_ENABLE_THREADS): On AIX and OSF/1, always add
$PTHREAD_CFLAGS to CFLAGS for use in later tests.
(WITH_CC): If on AIX and not using gcc, add -qhalt=e to CFLAGS.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16646
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 7 Aug 2004 15:52:52 +0000 (15:52 +0000)]
* configure.in: Look for sched.h and sched_yield.
* k5-thread.h: Only include sched.h if it's available.
(MAYBE_SCHED_YIELD): Only use sched_yield if sched.h and sched_yield are
available; if weak references are supported and sched_yield isn't available by
default, check for it at run time.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16645
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 6 Aug 2004 20:41:13 +0000 (20:41 +0000)]
updated for new files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16644
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 5 Aug 2004 20:26:42 +0000 (20:26 +0000)]
* cc_file.c: Remove USE_STDIO support
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16643
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 5 Aug 2004 07:42:46 +0000 (07:42 +0000)]
* k5-thread.h [HAVE_PTHREAD]: Include sched.h if DEBUG_THREADS_SLOW is defined.
(MAYBE_SCHED_YIELD) [HAVE_PTHREAD]: Define, to call sched_yield or not,
depending on DEBUG_THREADS_SLOW.
(k5_os_mutex_lock, k5_os_mutex_unlock) [HAVE_PTHREAD]: Use MAYBE_SCHED_YIELD.
(DEBUG_THREADS_SLOW): Define.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16642
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 4 Aug 2004 06:59:37 +0000 (06:59 +0000)]
* srv_rcache.c (krb5_get_server_rcache): Call krb5_rc_recover_or_initialize
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16641
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 4 Aug 2004 06:58:17 +0000 (06:58 +0000)]
* rc-int.h (struct _krb5_rc_ops): Add new member, recover_or_init.
* rc_dfl.c (krb5_rc_dfl_init_locked): New function, with most of the content of
old krb5_rc_dfl_init.
(krb5_rc_dfl_init): Call it.
(krb5_rc_dfl_recover_or_init): New function.
* rc_dfl.h (krb5_rc_dfl_recover_or_init): Declare.
* rcdef.c (krb5_rc_dfl_ops): Initialize new field.
* rc_none.c (krb5_rc_none_recover_or_init): New macro.
(krb5_rc_none_ops): Initialize new field.
* rcfns.c (krb5_rc_recover_or_initialize): New function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16640
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 4 Aug 2004 06:53:03 +0000 (06:53 +0000)]
* k5-int.h (krb5_rc_recover_or_initialize): Declare
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16639
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 4 Aug 2004 06:46:15 +0000 (06:46 +0000)]
* configure.in: Actually check for pthread_mutex_lock
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16638
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 3 Aug 2004 20:56:25 +0000 (20:56 +0000)]
* configure.in: Build makefile for new "threads" subdirectory
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16637
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 3 Aug 2004 20:55:32 +0000 (20:55 +0000)]
* Makefile.in, t_rcache.c: New files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16636
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 31 Jul 2004 08:34:16 +0000 (08:34 +0000)]
* threads.c (krb5int_thread_support_init): Do finish initialization after key creation in POSIX case
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16635
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 Jul 2004 21:10:45 +0000 (21:10 +0000)]
Implement new replay cache type "none"
* rc_none.c: New file.
* Makefile.in (SRCS, STLIBOBJS, OBJS): Build it.
* rc-int.h (krb5_rc_none_ops): Declare.
* rc_base.c (none): New variable.
(krb5_rc_typelist_dfl): Add it into the linked list.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16634
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Jul 2004 19:52:36 +0000 (19:52 +0000)]
* configure.in: Only sanity-check setutent() API if there is no
utmpx.h, since some setutent() implementations aren't sysV-derived,
e.g., NetBSD.
ticket: 2432
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16633
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 30 Jul 2004 03:55:07 +0000 (03:55 +0000)]
* gssapi_krb5.c (kg_ccache_name): Variable deleted.
(kg_sync_ccache_name, kg_get_ccache_name, kg_set_ccache_name): Get and set
thread-specific values instead.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16632
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Thu, 29 Jul 2004 15:29:21 +0000 (15:29 +0000)]
Export lucid context functions and gss_krb5_set_allowable_enctypes
Ticket: 2587
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16631
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 29 Jul 2004 02:26:43 +0000 (02:26 +0000)]
Add a mutex to the GSSAPI krb5 mechanism credential structure. Lock it while
frobbing the contents.
Also added krb5_gss_validate_cred_1, which is like krb5_gss_validate_cred but
for internal use. It lets the caller supply the krb5_context instead of
creating yet another one locally, and leaves the new credential mutex locked on
a successful return so that the caller doesn't have to reacquire it. More
functions should be changed to use this internally, but it's a performance
issue; I don't think it's a correctness or thread-safety issue.
* gssapiP_krb5.h (struct _krb5_gss_cred_id_rec): Add a mutex.
(krb5_gss_validate_cred_1): Declare.
* accept_sec_context.c (rd_and_store_for_creds): Initialize mutex.
* acquire_cred.c (krb5_gss_acquire_cred): Initialize mutex.
* add_cred.c (krb5_gss_add_cred): Create the krb5 context earlier. Call
krb5_gss_validate_cred_1. Make sure the mutex is locked.
* copy_ccache.c (gss_krb5_copy_ccache): Lock the mutex in the source
credential.
* init_sec_context.c (get_credentials, new_connection): Check that the mutex is
locked.
(mutual_auth): Delete unused credential argument.
(krb5_gss_init_sec_context): Lock the mutex.
* inq_cred.c (krb5_gss_inquire_cred): Lock the mutex.
* rel_cred.c (krb5_gss_release_cred): Destroy the mutex.
* set_allowable_enctypes.c (gss_krb5_set_allowable_enctypes): Lock the mutex.
* val_cred.c (krb5_gss_validate_cred_1): New function.
(krb5_gss_validate_cred): Use it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16630
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 29 Jul 2004 01:50:02 +0000 (01:50 +0000)]
* set_ccache.c (gss_krb5_ccache_name): Don't make a copy of the string returned
by kg_get_ccache_name. Simplify some calls using a temporary error code
variable.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16629
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 29 Jul 2004 01:48:05 +0000 (01:48 +0000)]
* gssapi_krb5.c (kg_get_ccache_name): Make the copy always, not just
in the local-context case. Check for errors in making the copy.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16628
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 28 Jul 2004 23:48:05 +0000 (23:48 +0000)]
* gssapi_krb5.c (kg_get_ccache_name): Make a copy of the default ccache name,
because calling krb5_free_context will destroy it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16627
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 28 Jul 2004 23:45:27 +0000 (23:45 +0000)]
* tcl_kadm5.c (parse_flags, parse_keysalts, parse_key_data, parse_tl_data,
parse_principal_ent, parse_policy_ent): Use Tcl_Free, not free, to release
storage allocated by Tcl_SplitList.
* tcl_ovsec_kadm.c (parse_flags, parse_principal_ent, parse_policy_ent):
Likewise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16626
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 28 Jul 2004 23:38:54 +0000 (23:38 +0000)]
* k5-thread.h [HAVE_PRAGMA_WEAK_REF]: Declare the pthread mutex functions as
weak.
(USE_PTHREAD_LOCK_ONLY_IF_LOADED): Define if pthread_mutex_lock isn't available
by default.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16625
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 26 Jul 2004 07:04:18 +0000 (07:04 +0000)]
cc_mslsa.c: fix is_windows_xp not to return true for windows 2000
ticket: 2645
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16624
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 24 Jul 2004 00:40:18 +0000 (00:40 +0000)]
another krb4 ticket backdating fix
* kerberos_v4.c (kerberos_v4): Duplicate backdating fix for
APPL_REQUEST as well. Fix comments.
ticket: new
version_reported: 1.3.3
target_version: 1.3.5
tags: pullup
component: krb5-kdc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16623
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 23 Jul 2004 15:29:53 +0000 (15:29 +0000)]
Add a mutex to protect the per-process fake-getaddrinfo data cache.
Currently it gets locked while a name lookup is in progress, which is not very
efficient. That should be changed, after the code is fixed up so that the
cache works on other platforms.
* include/fake-addrinfo.h: Include k5-thread.h.
(struct fac): Add a mutex.
(plant_face, find_face): Check that mutex is already locked.
(krb5int_lock_fac, krb5int_unlock_fac): Declare.
(fai_add_hosts_by_name): Use them to lock and unlock the mutex.
* util/support/fake-addrinfo.c (krb5int_fac): Initialize the mutex.
(krb5int_init_fac, krb5int_fini_fac): New functions; finish initializing or
destroy the mutex.
(krb5int_lock_fac, krb5int_unlock_fac): New functions; lock the mutex after
calling krb5int_call_thread_support_init, or unlock it.
* util/support/threads.c (krb5int_call_thread_support_init): New function.
(krb5int_init_fac, krb5int_fini_fac): Declare.
(krb5int_thread_support_init, krb5int_thread_support_fini): Call them.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16622
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 22 Jul 2004 22:03:52 +0000 (22:03 +0000)]
[needs the include/configure.in checkin of a few minutes ago, too]
* localaddr.c (get_lifconf): Define only if "struct lifconf" is available.
(foreach_localaddr): Use get_lifconf only if "struct lifconf" is available.
ticket: 2598
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16621
dc483132-0cff-0310-8789-
dd5450dbe970