Ken Raeburn [Thu, 23 Sep 2004 00:25:30 +0000 (00:25 +0000)]
* lib.in (binutils.versions, osf1.exports): New file targets.
(clean-libs): Delete them.
* pre.in (SHLIB_EXPORT_FILE_DEP): Use @SHLIB_EXPORT_FILE_DEP@.
* shlib.conf: Set it to $(SHLIB_EXPORT_FILE) by default.
(alpha*-dec-osf*): Use osf1.exports instead of adding commands to generate a
temporary file.
(*-*-linux*, *-*-gnu*, *-*-k*bsd*-gnu): Use binutils.versions.
Ken Raeburn [Thu, 23 Sep 2004 00:21:34 +0000 (00:21 +0000)]
* aclocal.m4 (AC_KRB5_TCL_FIND_CONFIG): If the config info set by tclConfig.sh
doesn't produce a working executable, set TCL_LIBS to be empty explicitly.
(KRB5_BUILD_LIBRARY_WITH_DEPS): Substitute SHLIB_EXPORT_FILE_DEP.
Sam Hartman [Tue, 21 Sep 2004 20:39:19 +0000 (20:39 +0000)]
memory leak in arcfour string_to_key
Derrick Schommer reports that arcfour's string_to_key function leaks
memory. This is true; it copies the password to convert to utf16 and
never frees the copy. It does memset the copy to 0 when done.
Tom Yu [Fri, 17 Sep 2004 17:02:53 +0000 (17:02 +0000)]
* aclocal.m4 (AC_LIBRARY_NET): Look for res_search() prototype,
then for symbol in library, in case there's symbol renaming
happening in the headers. Clean up some style nits.
* kfw-fixed.nsi:
The version of MSIEXEC which ships with Windows 2000 does
not accept the /passive and /promptreboot command line
options. On Windows 2000 only, do not specify them.
Tom Yu [Tue, 14 Sep 2004 22:25:07 +0000 (22:25 +0000)]
* aclocal.m4 (AC_LIBRARY_NET): Require the BIND_8_COMPAT check
prior to looking for prototypes, as BIND 9 (at least on Panther)
turns off some prototypes and typedefs if BIND_8_COMPAT is
defined.
utils.nsi: Fix RestartRequired function to actually determine
if a restart is required
kfw-fixed.nsi:
- Add support for compiler version 1400
- Fix terminal server key deletions
- Delete leash32.exe on uninstall
- Correct the logic of the call of RestartRequired
Tom Yu [Fri, 10 Sep 2004 22:37:07 +0000 (22:37 +0000)]
* port-sockets.h: Remove _XOPEN_SOURCE_EXTENDED hack for netdb.h,
as it can cause inconsistencies between headers. It significantly
broke HP-UX 10.20 anyway.
* cc_mslsa.c: The following functionality is being committed
but commented out because it is not presently
available in public Microsoft SDKs
- support for KerbSubmitTicket which allows a KERB_CRED
message to be forwarded to the LSA. (KERB_SUBMIT_TICKET)
- support for the KerbQueryTicketCacheEx2Message which
adds the Session Key Enctype to the contents of the
response from KerbQueryTicketCacheExMessage.
(HAVE_CACHE_INFO_EX2)
* cc_mslsa.c:
- Fix MITPrincToMSPrinc to prevent writing to the output
buffer if the input won't fit.
- Add internal UnicodeStringToMITPrinc function
- Rename internal MSPrincToMITPrinc to ExternalNameToMITPrinc
- Rename internal PurgeMSTGT to PurgeAllTickets
- Add internal PurgeTicket2000
- Add internal PurgeTicketXP
- Since tickets can only be requested via KDC Opt Flags it is
not possible to specifically request the Initial ticket. If
more than one ticket exists which matching service names,
enctypes, and ticket flags the initial ticket flag may not be
set. If the caller requested the initial ticket, set the flag
manually.
- Add preliminary support for krb5_lcc_set_flags
- Modify krb5_lcc_initialize to return success
- Modify krb5_lcc_get_principal to support an LSA cache
which does not contain a TGT when krb5_lcc_resolve is
called.
- Implement krb5_lcc_remove_cred
Ken Raeburn [Sat, 28 Aug 2004 02:05:39 +0000 (02:05 +0000)]
* prof_parse.c (parse_std_line): Rewrite handling of whitespace in and after
tag, to strip trailing whitespace (per current locale, not just ASCII space
characters), and prohibit any internal space characters in tag names.
(This is not the patch supplied in the bug report; that patch changed the tag
handling to allow spaces in tag names, which we haven't previously allowed. On
the other hand, we haven't specifically disallowed internal tabs or other
whitespace, either, and this patch does so.)
Ken Raeburn [Fri, 27 Aug 2004 23:01:56 +0000 (23:01 +0000)]
Finally applied patch from Nalin Dahyabhai at Red Hat to fix 0/NULL bugs in
variadic argument lists to krb5_build_principal{,_ext}. Skipped the stylistic
patches that removed casts of NULL.
Ken Raeburn [Fri, 27 Aug 2004 19:45:46 +0000 (19:45 +0000)]
* run.test (getnwords): Run data through "cat -v", because at least one version
of Debian Linux has an English dictionary with Latin-1 characters and a "rev"
that seems to default to some sort of Unicode.
Ken Raeburn [Fri, 27 Aug 2004 19:41:53 +0000 (19:41 +0000)]
* prof_int.h (struct _prf_data_t): Add a mutex.
* prof_file.c (profile_open_file): Initialize data mutex.
(profile_update_file_data, profile_flush_file_data): Lock it while manipulating
file data.
(profile_lock_global, profile_unlock_global): New functions.
* prof_set.c (rw_setup): Acquire global lock while checking flags and adjusting
ref count.
(profile_update_relation, profile_rename_section, profile_add_relation): Lock
data mutex while manipulating profile data.
* prof_tree.c (profile_node_iterator): Do more magic number tests.
Tom Yu [Tue, 17 Aug 2004 23:57:16 +0000 (23:57 +0000)]
* svc.c (svc_getreqset): Allocate cred and verf memory to
temporary pointers, and free the temporary pointers on exit.
Freeing the actual cred and verf pointers can cause corruption
because auth mechanisms can reassign the pointers.
Tom Yu [Tue, 17 Aug 2004 01:14:58 +0000 (01:14 +0000)]
* svc_auth_gss.c (gssrpc__svcauth_gss): Add some debug messages
* svc.c (svc_getreqset): Don't allocate either raw or cooked
credentials on the stack using the cred_area char array; use
mem_alloc() instead. This avoids alignment problems.
Ken Raeburn [Mon, 16 Aug 2004 01:27:41 +0000 (01:27 +0000)]
* cc_file.c (struct _krb5_fcc_data): Add new mutex disk_file_lock and flag
file_is_locked.
(krb5_fcc_close_file): Unlock the mutex and clear the flag.
(krb5_fcc_open_file): Acquire the mutex before locking the file, and set the
flag after.
(krb5_fcc_resolve): Initialize the new mutex and flag.
(krb5_fcc_generate_new): Initialize both mutexes and the flag.
(dereference): Destroy the new mutex.
Ken Raeburn [Sun, 15 Aug 2004 23:56:00 +0000 (23:56 +0000)]
* cc_file.c: Add buffering on reading.
(FCC_BUFSIZ): New macro.
(struct _krb5_fcc_data): Add new fields buf, valid_bytes, cur_offset.
(krb5_fcc_resolve, krb5_fcc_generate_new): Initialize valid_bytes.
(invalidate_cache): New function.
(krb5_fcc_write, krb5_fcc_open_file, krb5_fcc_destroy): Call invalidate_cache.
(fcc_lseek): New function.
(krb5_fcc_skip_header, krb5_fcc_destroy, krb5_fcc_start_seq_get,
krb5_fcc_next_cred, krb5_fcc_store): Use fcc_lseek instead of lseek.
(fcc_read): Use and maybe refill the buffer.
(dereference): Zap the contents of the buffer before freeing it.
Ken Raeburn [Fri, 13 Aug 2004 04:02:35 +0000 (04:02 +0000)]
Only open a credential cache file once, even if multiple krb5_ccache objects
refer to it. (This does NOT yet take care of the problem of multiple threads
wanting to use OS-level advisory locks, which at least on UNIX are per-process
and not per-thread.)
* cc_file.c (krb5_fcc_close_file): Change first argument to be an fcc-data
pointer, not a krb5_ccache. All calls changed.
(struct fcc_set): Add a refcount member. (Definition accidentally introduced
without comment in an earlier patch.)
(krb5int_cc_file_mutex, fccs): New variables, for managing a global list of
open credential cache files.
(dereference): New function, with most of old close/destroy operations.
Decrements reference count and only frees the object and removes it from the
global list if the refcount hits zero.
(krb5_fcc_close, krb5_fcc_destroy): Call dereference.
(krb5_fcc_resolve): If a file cache is already open with the same file name,
increment its reference count and don't create a new one. When a new one is
created, add it to the global list.
* cc-int.h (krb5int_cc_file_mutex): Declare.
* ccbase.c (krb5int_cc_initialize): Initialize it.
(krb5int_cc_finalize): Destroy it, and krb5int_mcc_mutex.
Ken Raeburn [Fri, 13 Aug 2004 02:41:34 +0000 (02:41 +0000)]
* k5-thread.h (k5_os_nothread_mutex_finish_init, k5_os_nothread_mutex_init,
k5_os_nothread_mutex_destroy, k5_os_nothread_mutex_lock,
k5_os_nothread_mutex_unlock) [!DEBUG_THREADS]: Replace macros with inline
functions, to gain type checking and eliminate gratuitous compiler warnings.
(k5_pthread_assert_unlocked, k5_pthread_assert_locked): Likewise.
(k5_os_mutex_finish_init) [HAVE_PTHREAD && !USE_PTHREAD_LOCK_ONLY_IF_LOADED]:
Likewise.
(return_after_yield): New inline function.
(k5_os_mutex_lock) [HAVE_PTHREAD]: Change back to a macro, calling
return_after_yield.
Ken Raeburn [Thu, 12 Aug 2004 23:00:20 +0000 (23:00 +0000)]
* run.test (getnwords): New function. Uses sed to get N words from $DICT as
other functions did before, but discards blank lines.
(test1, test2, test12, test13, test20): Call getnwords.
get_in_tkt.c (get_init_creds): Support ticket_lifetime libdefault. Made aware of 32 bit min and max for times. Allow renew_until time < expiration time
ccdefname.c (krb5_cc_set_default_name, krb5_cc_default_name): Look up the default ccache name in krb5_cc_default_name, not krb5_cc_set_default_name so that krb5_init_context doesn't have to do work it might never use
Ken Raeburn [Sun, 8 Aug 2004 22:35:02 +0000 (22:35 +0000)]
* aclocal.m4 (KRB5_AC_ENABLE_THREADS): Clear PTHREAD_CFLAGS and PTHREAD_LIBS
after adding them to CFLAGS and LIBS respectively, to avoid duplicating the
options later.
(WITH_CC): Add -O on AIX also. Don't add options if similar options are
already present.
projects / thirdparty / krb5.git / log
