Ezra Peisach [Thu, 14 Aug 2008 16:25:29 +0000 (16:25 +0000)]
In krb5int_copy_creds_contents - if we run out of memory, do not
release pointer to output creds structure that is passed in by caller.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20657
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 14 Aug 2008 16:22:48 +0000 (16:22 +0000)]
Clean up memory leak in krb5_build_principal if we run out of memory
while building pricipal.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20656
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 14 Aug 2008 05:09:12 +0000 (05:09 +0000)]
Error return from krb5int_random_string not tested in ccache code
krb5int_random_string should probably only fail on malloc
failure. Test for an error return from the function and cleanup
properly (release mutex, return error instead of using uninitialized
memory).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20655
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 14 Aug 2008 04:55:14 +0000 (04:55 +0000)]
krb5_fcc_read_addrs returns pointer to released memory on malloc failre
In cleanup code on malloc failure, addresses are released including
pointer to the krb5_address * - but the freed value is returned to
caller. Clear pointer.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20654
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Thu, 14 Aug 2008 04:44:44 +0000 (04:44 +0000)]
krb5_fcc_resolve file locking error on malloc failuer
In krb5_fcc_resolve, on malloc failure, the data->lock mutex needs to
be destroyed. Unfortunately, this is done with the mutex is still locked. When thread debugging code is enabled, this results in aeg fault.
Also - in krb5_fcc_generate_new, a strdup failure would result in the
krb5int_cc_file_mutex being unlocked twice.
[I have a modified version of valgrind in which I can signal after a
certain number of mallocs for it to fail - I vary the allocation
number from 1300 to 0 - and see what breaks - some memory leaks will
be fixed separately]
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20653
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 13 Aug 2008 23:32:11 +0000 (23:32 +0000)]
Don't build PKINIT ASN.1 support code if not building PKINIT plugin
If --disable-pkinit is given at configure time, don't build the PKINIT
plugin.
If the PKINIT plugin is not going to be built, define DISABLE_PKINIT.
If DISABLE_PKINIT is defined, don't build the PKINIT-related ASN.1
encoding and decoding routines, and fill their slots in the accessor
function table with null pointers.
Tweak the accessor table initialization to use conditionally-varying
macros rather than conditionally selecting between two blocks of
invocations of fixed macros.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20652
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 13 Aug 2008 19:52:22 +0000 (19:52 +0000)]
Open log file for appending only, not also reading
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20651
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 13 Aug 2008 19:49:50 +0000 (19:49 +0000)]
Use a valid UTF8 password for randkey password
KfM RC4 string to key function expects password to be valid UTF8
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20650
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 22:14:39 +0000 (22:14 +0000)]
Rewrite the building of the ccache-type linked list to be linear
instead of branched, and thus a bit easier to follow and modify.
If NO_FILE_CCACHE is defined, leave the file cache out of the list,
and (if we're not using ccapi) use the memory cache as the default.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20649
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 21:28:30 +0000 (21:28 +0000)]
If CONFIG_SMALL_NO_CRYPTO is defined, turn off CONFIG_SMALL changes for crypto code only
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20648
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 21:10:50 +0000 (21:10 +0000)]
Shorter export list, dumping a bunch of stuff most clients probably would't need
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20647
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 20:52:39 +0000 (20:52 +0000)]
Add a new directory, configured but not built by default, and never
installed, where we can build the main client libraries all together into
one library, and experiment with configuration changes for a client-only
library.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20646
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 20:31:21 +0000 (20:31 +0000)]
Actually use the export list for Darwin libraries
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20645
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 20:21:29 +0000 (20:21 +0000)]
Disable caching on Mac for now
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20644
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 12 Aug 2008 20:20:41 +0000 (20:20 +0000)]
Always define krb5int_pthread_loaded, for consistency
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20643
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 12 Aug 2008 20:17:02 +0000 (20:17 +0000)]
Update copyright notices to reflect donation of DES implementation by
Dennis Ferguson.
ticket: 6070
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20642
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 8 Aug 2008 16:06:47 +0000 (16:06 +0000)]
If krb5int_pthread_loaded is a function and we're using gcc, give it 'const' attribute
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20637
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 21:46:34 +0000 (21:46 +0000)]
New config option to enable size optimizations
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20636
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 21:45:16 +0000 (21:45 +0000)]
Disable CONFIG_SMALL optimizations for now
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20635
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 18:37:27 +0000 (18:37 +0000)]
Don't use memcmp for comparing structures of values
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20634
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 15:54:35 +0000 (15:54 +0000)]
Don't leak attr_types storage on error
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20633
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 03:29:52 +0000 (03:29 +0000)]
sequence_of_no_tagvars declared variables used only in
end_sequence_of_no_tagvars and only as unnecessary temporaries, so get
rid of them; also, push most of the work of the latter macro into a
helper function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20632
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 03:06:50 +0000 (03:06 +0000)]
get_eoc() is always followed by next_tag(), so don't bother setting
the variables that it's about to clobber. Since we don't need any of
the tag info at the call site, push it down into the helper function.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20631
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 01:23:33 +0000 (01:23 +0000)]
malloc+memset(,0,) -> calloc
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20630
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 00:59:29 +0000 (00:59 +0000)]
Pull out EOC error checks into separate functions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20629
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 00:46:46 +0000 (00:46 +0000)]
Use bitfields for class and construction type
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20628
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 7 Aug 2008 00:13:58 +0000 (00:13 +0000)]
Rewrite tagnum-checking code to streamline normal path and push refined
error code selection into error path.
Don't expand asn1buf_insert_octet inline or define asn1buf_ensure_space
macro if CONFIG_SMALL.
Remove some null-before-free checks.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20626
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 22:12:16 +0000 (22:12 +0000)]
turn off thread-support debugging code
With one big known exception having to do with exiting processes, I
think we've shaken out most of the thread-related bugs that this code
is going to catch in the existing code. It adds a lot of runtime
code, so disable it for now, it can be enabled again for testing new
changes.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20625
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 18:47:06 +0000 (18:47 +0000)]
Check fstat result. Close fd on error
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20624
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 18:16:37 +0000 (18:16 +0000)]
If CONFIG_SMALL is defined, always use function calls for k5_mutex_lock
and _unlock. On ppc darwin builds with debug info, this makes
lib*.dylib a total of about 46K (~3%) smaller; "size" reports a
reduction in text and/or "other" sizes for libgssapi_krb5, libkdb5,
libkdb_ldap, and libkrb5.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20623
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 17:33:31 +0000 (17:33 +0000)]
Oops. Really delete the extra argument this time
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20622
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 17:28:52 +0000 (17:28 +0000)]
Remove some 'register' declarations
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20621
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 16:47:37 +0000 (16:47 +0000)]
Rewrite conditional test for update log processing to make static analysis simpler
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20620
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 16:46:52 +0000 (16:46 +0000)]
After freeing dbprinc, reset it to null
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20619
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 16:46:25 +0000 (16:46 +0000)]
In loop over entries, make local vars local to each iteration
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20618
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 16:43:44 +0000 (16:43 +0000)]
Fully initialize handle data on allocation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20617
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 16:43:04 +0000 (16:43 +0000)]
Don't coerce fgetc value to char before EOF check
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20616
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 16:41:50 +0000 (16:41 +0000)]
Check for malloc failure
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20615
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 16:19:56 +0000 (16:19 +0000)]
Removed unused (and unpassed) argument to process_k5beta7_policy
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20614
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 15:55:09 +0000 (15:55 +0000)]
cstatus() takes no arguments
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20613
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 15:54:44 +0000 (15:54 +0000)]
Fix test for accept failure
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20612
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 15:51:48 +0000 (15:51 +0000)]
bad free in kprop
Don't free automatic storage after sending database.
ticket: new
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20611
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 15:47:24 +0000 (15:47 +0000)]
Fix bug in array size calculation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20610
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 00:10:43 +0000 (00:10 +0000)]
Always use unsigned for one-bit fields
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20609
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 00:05:47 +0000 (00:05 +0000)]
fix cleanup code in allocating preauth info
After an allocation failure, free up the previously allocated array
elements by counting back down to zero, not continuing to count up
until we hit zero.
ticket: new
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20608
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 6 Aug 2008 00:01:37 +0000 (00:01 +0000)]
Fix possible locking protocol failure in error handling path
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20607
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 5 Aug 2008 22:15:34 +0000 (22:15 +0000)]
error in socket number range check in kdc
Fix off-by-one error in checking that socket file descriptor numbers
are in range suitable for an fd_set. Also, don't do the check if we
should someday happen to get compiled on Windows.
ticket: new
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20606
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 5 Aug 2008 20:52:57 +0000 (20:52 +0000)]
specify return type of 'harmless'
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20605
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 4 Aug 2008 21:39:10 +0000 (21:39 +0000)]
some comments from Love
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20604
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 2 Aug 2008 06:47:33 +0000 (06:47 +0000)]
Use load/store_32/16_be/le functions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20603
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 2 Aug 2008 06:46:17 +0000 (06:46 +0000)]
Pull out two copies of errno mapping into a common function
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20602
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 2 Aug 2008 06:44:08 +0000 (06:44 +0000)]
Use load_store_16/32_be
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20601
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 2 Aug 2008 06:39:29 +0000 (06:39 +0000)]
Use load/store_32_be instead of open-coding
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20600
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 2 Aug 2008 06:36:49 +0000 (06:36 +0000)]
Make more uses of load/store_32_be/le, which on x86 at least expands
to a single unaligned load/store instruction, instead of open-coding
the shifts and masks.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20599
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 2 Aug 2008 06:34:51 +0000 (06:34 +0000)]
Use GET_HALF_BLOCK to fetch new values instead of open-coding
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20598
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 2 Aug 2008 06:24:55 +0000 (06:24 +0000)]
Use krb5int_random_string, load_32_be, load_16_be, store_32_be, and
store_16_be. Change krb5_krcc_unparse_int32 to call
krb5_krc_unparse_ui_4 and reduce duplicated code.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20597
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 2 Aug 2008 06:21:08 +0000 (06:21 +0000)]
Rename and export random_string from cc_memory.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20596
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 2 Aug 2008 06:12:09 +0000 (06:12 +0000)]
Reduce code duplication: krb5_fcc_store_int32 vs krb5_fcc_store_ui_4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20595
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 2 Aug 2008 05:17:53 +0000 (05:17 +0000)]
Two versions of resolver code were almost identical, so unify them and reduce duplication.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20594
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 2 Aug 2008 04:28:19 +0000 (04:28 +0000)]
Pull out code to compute length of quoted name component and copy with
quoting into separate functions, to reduce code duplication.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20593
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 31 Jul 2008 13:42:49 +0000 (13:42 +0000)]
note lack of policy propagation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20592
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 31 Jul 2008 13:33:36 +0000 (13:33 +0000)]
Reuse more k5beta7 code for iprop
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20591
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Wed, 30 Jul 2008 20:52:12 +0000 (20:52 +0000)]
Additional implementation of the KerberosAgent
ticket: 6055
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20590
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 30 Jul 2008 10:32:59 +0000 (10:32 +0000)]
Delete decls for nonexistent functions, and an unused typedef
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20589
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 30 Jul 2008 10:02:32 +0000 (10:02 +0000)]
Remove unused file
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20588
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 25 Jul 2008 19:19:06 +0000 (19:19 +0000)]
fix possible uninit variable use in error path
Clear gss_client and gss_target before any possible branch to 'error',
where they can be used.
ticket: new
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20580
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 24 Jul 2008 21:26:14 +0000 (21:26 +0000)]
Return extended krb5 error strings
Use krb5_get_error_message instead of error_message for
detailed krb5 error strings. Also removed a few remaining
instances of types ending in _t and fixed up some
whitespace issues.
Recommend ignoring whitespace diff.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20579
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 23 Jul 2008 20:55:56 +0000 (20:55 +0000)]
In the gss rpc package, replace the type used for a
socket on Windows with SOCKET (instead of int) and
replace all calls to close() that are used to close
sockets with closesocket().
src/include/port-sockets.h includes the definitions
of SOCKET and closesocket() for non-Windows systems.
ticket: 6041
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20578
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 23 Jul 2008 17:06:56 +0000 (17:06 +0000)]
Fix one missed rename of "exit" label to "done"
ticket: 5442
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20575
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 23 Jul 2008 16:03:40 +0000 (16:03 +0000)]
replace "exit" label with "done"
ticket: 5442
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20574
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 23 Jul 2008 15:09:15 +0000 (15:09 +0000)]
The NIM error reporting functions (in src/windows/identity/kherr ) keep
track of the the error message with the highest severity level that was
reported for a specific error reporting context. However, if another
error message of the same severity is reported, the error message being
tracked will be updated to be the newly received error.
The user will often only be notified of the error message that was
tracked for a specific operation. Therefore, tracking the last message
with the highest priority has the unfortunate side-effect of not
reporting the cause of a failure.
This patch changes the condition for updating the tracked error message
to be the first message with the highest severity.
ticket: 6047
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20573
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 23 Jul 2008 15:04:26 +0000 (15:04 +0000)]
This patch modifies the NIM Kerberos v5 plug-in to use the
krb5_get_error_message() function to look up the error string
if the call to krb5_get_init_creds_password() fails. If the call
to krb5_get_error_message() fails, the caller will failover to
the previous method of looking up a suitable error message based
on the error code.
ticket: 5745
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20572
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 23 Jul 2008 14:44:50 +0000 (14:44 +0000)]
The /src/windows/identity/plugins/common/dynimport.{c,h} files are used
by the NIM Kerberos v5 plug-ins for run-time dynamic linking. They
currently do not declare or import the following functions:
krb5_get_error_message()
krb5_free_error_message()
krb5_clear_error_message()
This patch adds declarations and definitions required for locating these
functions. Relies on the addition of these functions to the prototype
list in the Pismere loadfuncs-krb5.h. See ticket 6045.
ticket: 6046
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20571
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 23 Jul 2008 14:38:27 +0000 (14:38 +0000)]
cw_handle_header_msg():
The behavior of the HDN_ENDTRACK notification has changed slightly on
Vista. HDM_GETITEMRECT, when used while handling HDN_ENDTRACK, returns
the item extents that were there prior to the user starting the resizing
operation. Earlier it would return the extents that resulted from the
resizing operation.
This resulted in a visual update problem on Windows Vista/2008
in the NIM Advanced View.
ticket: 5605
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20570
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 22 Jul 2008 19:56:09 +0000 (19:56 +0000)]
Add Apple Inc. to copyright lists
ticket: new
owner: tlyu
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20568
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 22 Jul 2008 19:34:24 +0000 (19:34 +0000)]
Catch a few more cases of unchecked k5_mutex_lock calls
ticket: 5962
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20567
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 22 Jul 2008 19:15:52 +0000 (19:15 +0000)]
A step towards ensuring we check mutex lock attempt results..
Always use inline function k5_mutex_lock_1 instead of gcc statement
expression, even under gcc.
Under gcc 4, declane k5_mutex_lock_1 and krb5int_mutex_lock with attribute
warn_unused_result.
In k5_mutex_destroy macro, only store destroy code source+line if we succeed
in temporarily locking the mutex.
ticket: 5962
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20566
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 21 Jul 2008 20:59:24 +0000 (20:59 +0000)]
Another check for null return from krb5_cc_default_name
ticket: 5980
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20561
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 21 Jul 2008 20:56:28 +0000 (20:56 +0000)]
Check for null name to krb5_cc_resolve, and return an error
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20560
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 21 Jul 2008 20:47:35 +0000 (20:47 +0000)]
This patch addresses the issues raised in this ticket and ticket 5936
(a) In the case where 'cred_handle' != 'verifier_cred_handle'[1]
krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success
case and the failure cases that result in returning from the function
prior to reaching the end of the function.
(b) The meaningful 'minor_status' return value is destroyed during the
cleanup operations.
The approach taken is to add a new 'exit:' label prior to the end of the
function through which all function returns after reaching the 'fail:'
label will goto. After 'exit:', the 'cred_handle' will be released and
if there is a krb5_context 'context' to be freed, the error info will be
saved and krb5_free_context() will be called.
In the success case, the krb5_context is saved in the gss context and we
now set 'context' to NULL to prevent it from being freed.
In order to preserve the minor_status return code, a 'tmp_minor_status'
variable is added that is used after the 'fail:' label in calls to
krb5_gss_delete_sec_context() and krb5_gss_release_cred().
[1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to
the value of 'verifier_cred_handle'.
ticket: 5442
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20559
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 21 Jul 2008 20:33:53 +0000 (20:33 +0000)]
kadm5_decrypt_key(). This patch prevents the returned keyblock's
enctype from being coerced to the requested 'ktype' if the requested
'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored".
ticket: 5840
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20558
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 21 Jul 2008 20:30:44 +0000 (20:30 +0000)]
krb5_string_to_keysalts()
Fix an infinite loop in the parsing of 'kp'
ticket: 5839
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20557
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 21 Jul 2008 19:43:21 +0000 (19:43 +0000)]
There are two mutex locking issues that Roland Dowdeswell noticed in
the memory ccache. The first one is in cc_memory.c:krb5_mcc_initialize().
When it is free(3)ing the existing credentials it does not lock the
data structures and hence two separate threads can run into issues.
The same problem exists in cc_memory.c:krb5_mcc_destroy().
ticket: 5895
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20555
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 21 Jul 2008 19:20:05 +0000 (19:20 +0000)]
An implementation of opendir() and friends for _WIN32
plus an implementation of the plugin support that makes
use of them.
ticket: 3737
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20554
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 21 Jul 2008 18:48:03 +0000 (18:48 +0000)]
Assign fixed ordinals to comerr32.dll exports
All of the other libraries on Windows have fixed assignments
of ordinals to the exported functions. Assign the ordinals
that were in use in the last public release, kfw 3.2.2, so
that they will remain constant into the future in case additional
exports are added to the library.
ticket: new
component: krb5-libs
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20553
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 21 Jul 2008 18:39:34 +0000 (18:39 +0000)]
When reading from the routing socket, only provide enough space for
the header and ignore the rest of the message. Don't complain about
message size as long as we got the bits of the header we care about.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20552
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 21 Jul 2008 17:44:43 +0000 (17:44 +0000)]
ccdefault.c:
krb5_cc_default_name() is permitted to return a NULL
pointer as a valid output. Passing a NULL pointer to
strcmp() will result in an exception as NULL is not
a valid input parameter to strcmp().
Save the output of krb5_cc_default_name() to a variable
and modify the conditional to set the new default ccache
name in the case where there is no existing default
ccache name.
ticket: 5080
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20551
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 20 Jul 2008 21:07:41 +0000 (21:07 +0000)]
Don't set LOCAL_SUBDIRS in many places and SUBDIRS in a few and
default SUBDIRS to LOCAL_SUBDIRS via pre.in. Instead, just set
SUBDIRS in each directory, and don't do anything in pre.in.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20546
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 20 Jul 2008 20:43:55 +0000 (20:43 +0000)]
Drop $(SUBDIRS_@srcdir@) hack, it's not being used any more, and
confuses some versions of make.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20545
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 18 Jul 2008 18:59:47 +0000 (18:59 +0000)]
Use mkstemp(), and fstat() the file to make sure that the mkstemp()
implementation is setting sane file modes.
ticket: 6002
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20543
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 18 Jul 2008 06:50:34 +0000 (06:50 +0000)]
Set non-blocking mode on incoming TCP connections.
Don't log EINTR error in select loop.
Log when shutdown signal has been received and acted on.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20541
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 18 Jul 2008 06:45:34 +0000 (06:45 +0000)]
On systems with struct rt_msghdr, open a routing socket and wait for
messages; when they come in, if the types suggest a possibility of
network interface reconfiguration, shut down the KDC's networking and
bring it back up again, rescanning the interfaces in the process.
Leaving the ticket open because it should be improved:
* It should only close down sockets on addresses we no longer have, and
bring up sockets only on new addresses.
* If we have IPV6_PKTINFO support, it should only listen for IPv4
routing changes.
* If we also have IP_PKTINFO support, it shouldn't be used at all.
* If we build a KDC on a system with neither struct rt_msghdr nor
IP_PKTINFO (do we have any such?), we'll need another solution.
Thanks to Nico Williams for the routing socket suggestion, and Apple
for the initial (signal-driven) reconfiguration code.
ticket: 6019
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20540
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 18 Jul 2008 06:00:10 +0000 (06:00 +0000)]
Rewrite krb5_db_open flag handling to avoid confusing emacs c-mode
indentation support.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20539
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 18 Jul 2008 03:08:38 +0000 (03:08 +0000)]
Revert due to potential file modes race condition
ticket: 6002
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20538
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 18 Jul 2008 00:18:23 +0000 (00:18 +0000)]
Make krb5_rc_io_creat() use mkstemp
ticket: 6002
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20537
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 17 Jul 2008 23:40:32 +0000 (23:40 +0000)]
In krb5_rc_io_creat(), unlink any existing rcache file before trying
to create a new rcache. This allows better recovery from corrupt
rcache files.
ticket: 6018
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20536
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 17 Jul 2008 19:04:34 +0000 (19:04 +0000)]
CCAPI side of the patch
ticket: 6035
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20535
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 17 Jul 2008 17:02:41 +0000 (17:02 +0000)]
Removed _t suffix from KIM types
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20534
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 17 Jul 2008 17:00:58 +0000 (17:00 +0000)]
Removed _t suffix from all type names
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20533
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 17 Jul 2008 15:44:43 +0000 (15:44 +0000)]
Apply patch from Mark Phalan to correctly use progname instead of
argv[0].
ticket: 6030
tags: pullup
target_version: 1.6.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20532
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / log