* cc_mslsa.c: The following functionality is being committed
but commented out because it is not presently
available in public Microsoft SDKs
- support for KerbSubmitTicket which allows a KERB_CRED
message to be forwarded to the LSA. (KERB_SUBMIT_TICKET)
- support for the KerbQueryTicketCacheEx2Message which
adds the Session Key Enctype to the contents of the
response from KerbQueryTicketCacheExMessage.
(HAVE_CACHE_INFO_EX2)
* cc_mslsa.c:
- Fix MITPrincToMSPrinc to prevent writing to the output
buffer if the input won't fit.
- Add internal UnicodeStringToMITPrinc function
- Rename internal MSPrincToMITPrinc to ExternalNameToMITPrinc
- Rename internal PurgeMSTGT to PurgeAllTickets
- Add internal PurgeTicket2000
- Add internal PurgeTicketXP
- Since tickets can only be requested via KDC Opt Flags it is
not possible to specifically request the Initial ticket. If
more than one ticket exists which matching service names,
enctypes, and ticket flags the initial ticket flag may not be
set. If the caller requested the initial ticket, set the flag
manually.
- Add preliminary support for krb5_lcc_set_flags
- Modify krb5_lcc_initialize to return success
- Modify krb5_lcc_get_principal to support an LSA cache
which does not contain a TGT when krb5_lcc_resolve is
called.
- Implement krb5_lcc_remove_cred
Ken Raeburn [Sat, 28 Aug 2004 02:05:39 +0000 (02:05 +0000)]
* prof_parse.c (parse_std_line): Rewrite handling of whitespace in and after
tag, to strip trailing whitespace (per current locale, not just ASCII space
characters), and prohibit any internal space characters in tag names.
(This is not the patch supplied in the bug report; that patch changed the tag
handling to allow spaces in tag names, which we haven't previously allowed. On
the other hand, we haven't specifically disallowed internal tabs or other
whitespace, either, and this patch does so.)
Ken Raeburn [Fri, 27 Aug 2004 23:01:56 +0000 (23:01 +0000)]
Finally applied patch from Nalin Dahyabhai at Red Hat to fix 0/NULL bugs in
variadic argument lists to krb5_build_principal{,_ext}. Skipped the stylistic
patches that removed casts of NULL.
Ken Raeburn [Fri, 27 Aug 2004 19:45:46 +0000 (19:45 +0000)]
* run.test (getnwords): Run data through "cat -v", because at least one version
of Debian Linux has an English dictionary with Latin-1 characters and a "rev"
that seems to default to some sort of Unicode.
Ken Raeburn [Fri, 27 Aug 2004 19:41:53 +0000 (19:41 +0000)]
* prof_int.h (struct _prf_data_t): Add a mutex.
* prof_file.c (profile_open_file): Initialize data mutex.
(profile_update_file_data, profile_flush_file_data): Lock it while manipulating
file data.
(profile_lock_global, profile_unlock_global): New functions.
* prof_set.c (rw_setup): Acquire global lock while checking flags and adjusting
ref count.
(profile_update_relation, profile_rename_section, profile_add_relation): Lock
data mutex while manipulating profile data.
* prof_tree.c (profile_node_iterator): Do more magic number tests.
Tom Yu [Tue, 17 Aug 2004 23:57:16 +0000 (23:57 +0000)]
* svc.c (svc_getreqset): Allocate cred and verf memory to
temporary pointers, and free the temporary pointers on exit.
Freeing the actual cred and verf pointers can cause corruption
because auth mechanisms can reassign the pointers.
Tom Yu [Tue, 17 Aug 2004 01:14:58 +0000 (01:14 +0000)]
* svc_auth_gss.c (gssrpc__svcauth_gss): Add some debug messages
* svc.c (svc_getreqset): Don't allocate either raw or cooked
credentials on the stack using the cred_area char array; use
mem_alloc() instead. This avoids alignment problems.
Ken Raeburn [Mon, 16 Aug 2004 01:27:41 +0000 (01:27 +0000)]
* cc_file.c (struct _krb5_fcc_data): Add new mutex disk_file_lock and flag
file_is_locked.
(krb5_fcc_close_file): Unlock the mutex and clear the flag.
(krb5_fcc_open_file): Acquire the mutex before locking the file, and set the
flag after.
(krb5_fcc_resolve): Initialize the new mutex and flag.
(krb5_fcc_generate_new): Initialize both mutexes and the flag.
(dereference): Destroy the new mutex.
Ken Raeburn [Sun, 15 Aug 2004 23:56:00 +0000 (23:56 +0000)]
* cc_file.c: Add buffering on reading.
(FCC_BUFSIZ): New macro.
(struct _krb5_fcc_data): Add new fields buf, valid_bytes, cur_offset.
(krb5_fcc_resolve, krb5_fcc_generate_new): Initialize valid_bytes.
(invalidate_cache): New function.
(krb5_fcc_write, krb5_fcc_open_file, krb5_fcc_destroy): Call invalidate_cache.
(fcc_lseek): New function.
(krb5_fcc_skip_header, krb5_fcc_destroy, krb5_fcc_start_seq_get,
krb5_fcc_next_cred, krb5_fcc_store): Use fcc_lseek instead of lseek.
(fcc_read): Use and maybe refill the buffer.
(dereference): Zap the contents of the buffer before freeing it.
Ken Raeburn [Fri, 13 Aug 2004 04:02:35 +0000 (04:02 +0000)]
Only open a credential cache file once, even if multiple krb5_ccache objects
refer to it. (This does NOT yet take care of the problem of multiple threads
wanting to use OS-level advisory locks, which at least on UNIX are per-process
and not per-thread.)
* cc_file.c (krb5_fcc_close_file): Change first argument to be an fcc-data
pointer, not a krb5_ccache. All calls changed.
(struct fcc_set): Add a refcount member. (Definition accidentally introduced
without comment in an earlier patch.)
(krb5int_cc_file_mutex, fccs): New variables, for managing a global list of
open credential cache files.
(dereference): New function, with most of old close/destroy operations.
Decrements reference count and only frees the object and removes it from the
global list if the refcount hits zero.
(krb5_fcc_close, krb5_fcc_destroy): Call dereference.
(krb5_fcc_resolve): If a file cache is already open with the same file name,
increment its reference count and don't create a new one. When a new one is
created, add it to the global list.
* cc-int.h (krb5int_cc_file_mutex): Declare.
* ccbase.c (krb5int_cc_initialize): Initialize it.
(krb5int_cc_finalize): Destroy it, and krb5int_mcc_mutex.
Ken Raeburn [Fri, 13 Aug 2004 02:41:34 +0000 (02:41 +0000)]
* k5-thread.h (k5_os_nothread_mutex_finish_init, k5_os_nothread_mutex_init,
k5_os_nothread_mutex_destroy, k5_os_nothread_mutex_lock,
k5_os_nothread_mutex_unlock) [!DEBUG_THREADS]: Replace macros with inline
functions, to gain type checking and eliminate gratuitous compiler warnings.
(k5_pthread_assert_unlocked, k5_pthread_assert_locked): Likewise.
(k5_os_mutex_finish_init) [HAVE_PTHREAD && !USE_PTHREAD_LOCK_ONLY_IF_LOADED]:
Likewise.
(return_after_yield): New inline function.
(k5_os_mutex_lock) [HAVE_PTHREAD]: Change back to a macro, calling
return_after_yield.
Ken Raeburn [Thu, 12 Aug 2004 23:00:20 +0000 (23:00 +0000)]
* run.test (getnwords): New function. Uses sed to get N words from $DICT as
other functions did before, but discards blank lines.
(test1, test2, test12, test13, test20): Call getnwords.
get_in_tkt.c (get_init_creds): Support ticket_lifetime libdefault. Made aware of 32 bit min and max for times. Allow renew_until time < expiration time
ccdefname.c (krb5_cc_set_default_name, krb5_cc_default_name): Look up the default ccache name in krb5_cc_default_name, not krb5_cc_set_default_name so that krb5_init_context doesn't have to do work it might never use
Ken Raeburn [Sun, 8 Aug 2004 22:35:02 +0000 (22:35 +0000)]
* aclocal.m4 (KRB5_AC_ENABLE_THREADS): Clear PTHREAD_CFLAGS and PTHREAD_LIBS
after adding them to CFLAGS and LIBS respectively, to avoid duplicating the
options later.
(WITH_CC): Add -O on AIX also. Don't add options if similar options are
already present.
Ken Raeburn [Sun, 8 Aug 2004 21:09:38 +0000 (21:09 +0000)]
* aclocal.m4 (KRB5_AC_ENABLE_THREADS): On AIX and OSF/1, always add
$PTHREAD_CFLAGS to CFLAGS for use in later tests.
(WITH_CC): If on AIX and not using gcc, add -qhalt=e to CFLAGS.
Ken Raeburn [Sat, 7 Aug 2004 15:52:52 +0000 (15:52 +0000)]
* configure.in: Look for sched.h and sched_yield.
* k5-thread.h: Only include sched.h if it's available.
(MAYBE_SCHED_YIELD): Only use sched_yield if sched.h and sched_yield are
available; if weak references are supported and sched_yield isn't available by
default, check for it at run time.
Ken Raeburn [Thu, 5 Aug 2004 07:42:46 +0000 (07:42 +0000)]
* k5-thread.h [HAVE_PTHREAD]: Include sched.h if DEBUG_THREADS_SLOW is defined.
(MAYBE_SCHED_YIELD) [HAVE_PTHREAD]: Define, to call sched_yield or not,
depending on DEBUG_THREADS_SLOW.
(k5_os_mutex_lock, k5_os_mutex_unlock) [HAVE_PTHREAD]: Use MAYBE_SCHED_YIELD.
(DEBUG_THREADS_SLOW): Define.
Ken Raeburn [Wed, 4 Aug 2004 06:58:17 +0000 (06:58 +0000)]
* rc-int.h (struct _krb5_rc_ops): Add new member, recover_or_init.
* rc_dfl.c (krb5_rc_dfl_init_locked): New function, with most of the content of
old krb5_rc_dfl_init.
(krb5_rc_dfl_init): Call it.
(krb5_rc_dfl_recover_or_init): New function.
* rc_dfl.h (krb5_rc_dfl_recover_or_init): Declare.
* rcdef.c (krb5_rc_dfl_ops): Initialize new field.
* rc_none.c (krb5_rc_none_recover_or_init): New macro.
(krb5_rc_none_ops): Initialize new field.
* rcfns.c (krb5_rc_recover_or_initialize): New function.
Ken Raeburn [Fri, 30 Jul 2004 21:10:45 +0000 (21:10 +0000)]
Implement new replay cache type "none"
* rc_none.c: New file.
* Makefile.in (SRCS, STLIBOBJS, OBJS): Build it.
* rc-int.h (krb5_rc_none_ops): Declare.
* rc_base.c (none): New variable.
(krb5_rc_typelist_dfl): Add it into the linked list.
Ken Raeburn [Fri, 30 Jul 2004 03:55:07 +0000 (03:55 +0000)]
* gssapi_krb5.c (kg_ccache_name): Variable deleted.
(kg_sync_ccache_name, kg_get_ccache_name, kg_set_ccache_name): Get and set
thread-specific values instead.
Ken Raeburn [Thu, 29 Jul 2004 02:26:43 +0000 (02:26 +0000)]
Add a mutex to the GSSAPI krb5 mechanism credential structure. Lock it while
frobbing the contents.
Also added krb5_gss_validate_cred_1, which is like krb5_gss_validate_cred but
for internal use. It lets the caller supply the krb5_context instead of
creating yet another one locally, and leaves the new credential mutex locked on
a successful return so that the caller doesn't have to reacquire it. More
functions should be changed to use this internally, but it's a performance
issue; I don't think it's a correctness or thread-safety issue.
* gssapiP_krb5.h (struct _krb5_gss_cred_id_rec): Add a mutex.
(krb5_gss_validate_cred_1): Declare.
* accept_sec_context.c (rd_and_store_for_creds): Initialize mutex.
* acquire_cred.c (krb5_gss_acquire_cred): Initialize mutex.
* add_cred.c (krb5_gss_add_cred): Create the krb5 context earlier. Call
krb5_gss_validate_cred_1. Make sure the mutex is locked.
* copy_ccache.c (gss_krb5_copy_ccache): Lock the mutex in the source
credential.
* init_sec_context.c (get_credentials, new_connection): Check that the mutex is
locked.
(mutual_auth): Delete unused credential argument.
(krb5_gss_init_sec_context): Lock the mutex.
* inq_cred.c (krb5_gss_inquire_cred): Lock the mutex.
* rel_cred.c (krb5_gss_release_cred): Destroy the mutex.
* set_allowable_enctypes.c (gss_krb5_set_allowable_enctypes): Lock the mutex.
* val_cred.c (krb5_gss_validate_cred_1): New function.
(krb5_gss_validate_cred): Use it.
Ken Raeburn [Thu, 29 Jul 2004 01:50:02 +0000 (01:50 +0000)]
* set_ccache.c (gss_krb5_ccache_name): Don't make a copy of the string returned
by kg_get_ccache_name. Simplify some calls using a temporary error code
variable.
Ken Raeburn [Wed, 28 Jul 2004 23:38:54 +0000 (23:38 +0000)]
* k5-thread.h [HAVE_PRAGMA_WEAK_REF]: Declare the pthread mutex functions as
weak.
(USE_PTHREAD_LOCK_ONLY_IF_LOADED): Define if pthread_mutex_lock isn't available
by default.
Ken Raeburn [Fri, 23 Jul 2004 15:29:53 +0000 (15:29 +0000)]
Add a mutex to protect the per-process fake-getaddrinfo data cache.
Currently it gets locked while a name lookup is in progress, which is not very
efficient. That should be changed, after the code is fixed up so that the
cache works on other platforms.
* include/fake-addrinfo.h: Include k5-thread.h.
(struct fac): Add a mutex.
(plant_face, find_face): Check that mutex is already locked.
(krb5int_lock_fac, krb5int_unlock_fac): Declare.
(fai_add_hosts_by_name): Use them to lock and unlock the mutex.
* util/support/fake-addrinfo.c (krb5int_fac): Initialize the mutex.
(krb5int_init_fac, krb5int_fini_fac): New functions; finish initializing or
destroy the mutex.
(krb5int_lock_fac, krb5int_unlock_fac): New functions; lock the mutex after
calling krb5int_call_thread_support_init, or unlock it.
* util/support/threads.c (krb5int_call_thread_support_init): New function.
(krb5int_init_fac, krb5int_fini_fac): Declare.
(krb5int_thread_support_init, krb5int_thread_support_fini): Call them.
projects / thirdparty / krb5.git / log
