cc_context_get_version was part of the original CCAPI v3 documentation but was
never actually implemented. Now that it has been removed from the documentation
we should remove the test.
cc_set_principal should return error on bad cred version
When the caller passes in a version different than the one the ccache
was opened with, cc_set_principal should return CC_ERR_CRED_VERSION
because "cred_vers is used as a double check".
cc_seq_fetch_NCs_end incorrectly casts from CCAPI v2 to CCAPI v3 types.
Cleaned up cc_seq_fetch_creds_end at the same time (it was correct but
difficult to read).
CCAPI v2 support crash when client or server strings are NULL
The CCAPI v2 support will crash if passed in a krb5 credential with
the client or server principal strings set to NULL. Since CCAPI v3+
support checks for this we should check in CCAPI v2.
Kevin Koch [Fri, 29 Feb 2008 19:08:06 +0000 (19:08 +0000)]
lib/win/Makefile.in: Added
ccutils.c, ccapi_os_ipc.cxx, ccs_reply_proc.c, ccs_os_server.cpp, ccs_reply_proc.c, ccs_win_pipe.c: comment out some debug messages.
test/Makefile.in: change which tests are built.
test/test_ccapi_context.c: API version 2 is now expected to pass.
test/test_ccapi_iterators.c: Add progress indicator for long tests.
krb5int_arcfour_string_to_key does not support utf-8 strings
krb5int_arcfour_string_to_key converts C strings to UTF-16 before passing
them to the string to key function. Currently the UTF-16 conversion assumes
the input string is ASCII only.
Added support to convert UTF-8 strings to UTF-16 on Mac OS X. Leaving the
bug open until we discuss if we want to have implementations for Unix and
Windows platforms.
Kevin Koch [Tue, 19 Feb 2008 15:22:13 +0000 (15:22 +0000)]
Changes to integrate the CCAPI build into the build structure, build the test suite and fixes to random problems discovered along the way
Since no platform other than windows builds CCAPI using the build system, some conditionalizing may be necessary when other platforms use the makefiles.
src/Makefile.in: Add CPPFLAGS that seemed to be missing; run wconfig for ccapi/(lib, server, test).
config/win-pre.in: DEBUGOPT /ZI doesn't seem to provide enough debugging information under VS2005; /Zi does.
windows/build/bkw.pl: Fix -no<switch> so that -nonodebug will work. Otherwise, can't do debug build.
Move Get/PutTspData out of dllmain; add tlsindex argument.
Russ Allbery [Tue, 19 Feb 2008 04:49:11 +0000 (04:49 +0000)]
man page macro and hyphen fixes
Fix various unescaped hyphens, lines starting with . that shouldn't be
macros, undefined strings, and misspelled macros in the man pages.
Found via man --warnings on a current Debian unstable system.
ticket: new
component: krb5-doc
Version_Reported: 1.6.3
Target_Version: 1.6.4
Tags: pullup
Tom Yu [Thu, 7 Feb 2008 07:07:06 +0000 (07:07 +0000)]
more tests for libdb btree page split on zero index
Enhance btree debugging output somewhat to limit key printout to the
key length if the key is not null-terminated.
Add additional test case for the zero-index page split bug; test case
can create a corrupted btree database with records unreachable by
random access but reachable by sequential access. Requires
recompiling with CPPFLAGS='-DDEBUG -DDEBUG_IDX0SPLIT' to correctly
model mpool page reuse that would be present in production conditions.
(CPPFLAGS=-DDEBUG would otherwise explicitly overwrite the contents of
reused pages.)
ticket: new
target_version: 1.6.4
tags: pullup
component: krb5-kdc
Tom Yu [Fri, 1 Feb 2008 01:03:11 +0000 (01:03 +0000)]
libdb btree page split on zero index corrupts db
Splitting a btree page on index 0 can corrupt the database if the key
length plus data length is exactly a certain value. This certain size
causes the item to get the left page to itself, and causes the right
page to contain an erroneous additional index "hole" having an
uninitialized value. This bug may be one of the remaining causes of
unexplained database corruption reported over the years. Shawn Emery
provided useful data from actual instances of this corruption.
Add a test case for this bug. (Raw libdb test rather than kdb; the
latter would be much harder.)
ticket: new
target_version: 1.6.4
tags: pullup
component: krb5-kdc
Jeffrey Altman [Wed, 23 Jan 2008 22:10:56 +0000 (22:10 +0000)]
Windows: avoid use of cygwin mkdir and rmdir commands
Microsoft's nmake versions 8.x and 9.x prefer executables over
internal shell commands. This is a change from previous versions.
Cygwin's mkdir and rmdir commands do not have the same semantics
as the cmd.exe shell versions.
Change the definitions of MKDIR and RMDIR to use 'md' and 'rd'
in order to avoid the use of the cygwin versions.
Kevin Koch [Tue, 22 Jan 2008 16:34:31 +0000 (16:34 +0000)]
Make windows debug message line endings match the Mac endings.
Windows needs k5-platform helper function declared explicitly.
Change definition of ccs_pipe_t for windows.
#define strdup -- it's now deprecated on windows.
Russ Allbery [Sun, 30 Dec 2007 06:39:22 +0000 (06:39 +0000)]
improve debugging of ticket verification in ksu
When ksu is built with debugging support and -D is used, print out the
principals being compared before doing the verification rather than
afterwards so that the principals will be printed when the verification
fails.
ticket: new
Component: krb5-appl
Version_Reported: 1.6.2
Ken Raeburn [Sat, 22 Dec 2007 03:12:50 +0000 (03:12 +0000)]
Wrap krb5_db_get_principal function with get_principal (which will
eventually release the global lock and reacquire it) and
get_principal_locked (which will retain the global lock), and change
callers to use the wrappers, so we can simplify some ugliness at the call
sites.
Jeffrey Altman [Wed, 14 Nov 2007 22:34:53 +0000 (22:34 +0000)]
The khm_show_main_window() function is no longer called
at startup with khm_nCmdShow == SW_SHOWMINIMIZED in order to
hide the main application by calling khm_hide_main_window().
Instead, the main application window is simply never shown.
As a result, khm_show_main_window() needs to respond to
khm_nCmdShow == SW_SHOWMINIMIZED not by hiding the window
but by changing the khm_nCmdShow state to SW_SHOW and then
calling ShowWindow().
This change will address the problem whereby "Show NIM Window"
had to be triggered twice by the user when the process
was started in a minimized state.
Ken Raeburn [Thu, 1 Nov 2007 08:08:32 +0000 (08:08 +0000)]
Conditionalize "#pragma mark" on TARGET_OS_MAC.
Don't use "#pragma warning" when not on Windows. (In fact, the just-added uses
shouldn't be needed if the above conditional is done right, so one of them was
deleted.)
Ken Raeburn [Wed, 31 Oct 2007 06:07:44 +0000 (06:07 +0000)]
Set CXX_LINK, CXX_LINK_STATIC, and CXX_LINK_SHARED, parallel to CC_ versions.
Assumes for now that libpath, rpath, ldflags, pthread flags and such
apply to both C and C++ compilers.
Ken Raeburn [Mon, 22 Oct 2007 19:18:53 +0000 (19:18 +0000)]
Set close-on-exec flag in most places where file descriptors are
opened in our libraries (in case another application thread spawns a
new process) and in the KDC programs (in case a plugin library spawns
a new process).
Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup
dup2 pipe. In: util lib plugins kdc kadmin/server krb524.
The various programs are less critical than the libraries, as any
well-written plugin that spawns a new process should close all file
descriptors it doesn't need to communicate with the new process.
This approach also isn't bulletproof, as the call to set the
close-on-exec flag is necessarily a separate call from creating the
file descriptor, and the fork call could happen in between them. So
plugins should be careful regardless of this patch; it will only
reduce the window of potential lossage should a plugin be poorly
written. (AFAIK there are currently no plugins that spawn processes
where this would be a problem.)
Jeffrey Altman [Thu, 18 Oct 2007 15:22:43 +0000 (15:22 +0000)]
KFW: BUG: WIX: Beta value hard coded
The beta variable value was inadvertantly committed as part of
ticket 5820 (Revision 20117). The build script needs to
export this value when appropriate.
ticket: new
component: windows
tags: pullup
target: 1.6.3
Jeffrey Altman [Fri, 12 Oct 2007 23:08:30 +0000 (23:08 +0000)]
There appears to be a bug either in the WiX engine or the Windows Installer 3.1.
The "File" type on the Registry Search property is supposed to provide the full
path name. Instead, we are being given just the directory as if it were being
processed with the "Directory" type.
We can avoid this for a REG_SZ value by using the "Raw" type because we are
sure that the string is not going to begin with a '#' character.
Because the full path was not being obtained for the UPGRADENSIS property, the
Uninstall routine was unable to CreateProcess() the uninstall program.
This commit also includes addition debugging in the NSIS Uninstall custom
handler to report the path and the GetLastError() value when the uninstall
fails. This will be logged in the msiexec log file and displayed in a
MessageBox.
Jeffrey Altman [Fri, 12 Oct 2007 19:01:38 +0000 (19:01 +0000)]
KFW: BUG: WIX: Improve Usability of multiple architecture MSI installations, remove non-unique GUID component identifiers, and include Beta ID in the package name
The WiX installation package suffered from several problems:
* The Beta ID was not being included in the package name.
Fixed this by swapping the priority of "Release" and "Beta".
"Beta" is an official release that has a beta value.
A non-release has a datestamp as part of the package name.
* There were duplicate GUID values being used for registry components.
This would prevent proper removal of the components on uninstall.
* 64-bit Installers were being constructed with the 32-bit installer
schema. This prevented side-by-side installation of the 64-bit and
32-bit versions. This also permitted 64-bit installers to be
installed on 32-bit systems.
* The 64-bit and 32-bit installers had the same package name.
64-bit and 32-bit are now identified in the package name.
* 64-bit files were being installed to the WOW64 environment.
ticket: new
component: windows
tags: pullup
target_version: 1.6.3
ccs_lock_status_grant_lock sometimes tries to grant the wrong lock
because it is not keeping track of where it got moved to. Reorganized
code so it is easier to read and doesn't look up the lock twice.
Ken Raeburn [Wed, 10 Oct 2007 17:54:49 +0000 (17:54 +0000)]
Run the script to verify all Windows-exported krb5 functions have the
right calling convention markers in the header files, on Windows.
Always, for lack of a separate "maintainer mode" like we have on UNIX.
Ken Raeburn [Tue, 9 Oct 2007 04:03:59 +0000 (04:03 +0000)]
kt_file.c: Support multiple iterators active simultaneously, using a
counter. In get_entry, if the file was already open, rewind it to
just after the version number, and don't close it when done. Don't
allow add or remove calls if any iterator is active.
t_keytab.c: Test mixing two iterators with get_entry calls.
Jeffrey Altman [Fri, 5 Oct 2007 15:23:53 +0000 (15:23 +0000)]
NIM: BUG: APP: New edit controls should be marked ES_AUTOHSCROLL
The EDIT controls used to accept input from the user must be set to
support automatic horizontal scrolling. Otherwise, the number of input
characters is arbitrarily restricted based upon the font selected by
the user as part of the active Windows theme.
Horizontal scrolling is enabled with the ES_AUTOHSCROLL flag during
control construction.
Kevin Koch [Fri, 5 Oct 2007 01:26:34 +0000 (01:26 +0000)]
KfW Build: add new installer build files to copyfiles.xml
Files were added to the installer build area. They also need to be added to the copylist, so that they are copied to the staging area, where the installer is built.
projects / thirdparty / krb5.git / log
