Ken Raeburn [Tue, 21 Jun 2005 00:45:08 +0000 (00:45 +0000)]
Update dependencies
N.B.: The version of gcc used this time ("gcc version 3.4.3 20041212
(Red Hat 3.4.3-9.EL4)") seems to emit some duplicate dependencies --
some header files get listed twice. This is annoying but shouldn't
cause any harm....
Ken Raeburn [Wed, 15 Jun 2005 23:17:15 +0000 (23:17 +0000)]
ksu keeps old ccache locked
ksu can keep the user's ccache (the old one, not the newly created
one) locked while the new shell is running. It's a read lock, which
prevents other processes from modifying the file (e.g., adding newly
acquired tickets); they just hang until ksu exits.
The problem is really a bug down in the ccache code, where the wrong
data pointer is pulled out of a linked list, and used. But ksu is one
of the few programs that manipulates multiple ccaches; most other
programs wouldn't show the problem, and it only shows up with ksu if
some other program is also being run that has to fetch new tickets.
Any other programs maintaining multiple file ccaches may be affected
as well.
* cc_file.c (dereference): Fix test is list-walking loop.
Ken Raeburn [Wed, 15 Jun 2005 01:13:34 +0000 (01:13 +0000)]
* k5-platform.h: Include endian.h if it's available, or machine/endian.h if
it's available. Include byteswap.h if available.
(K5_LE, K5_BE): Define based on endianness macros from header files, if
available. Only do the architecture tests if this fails.
(SWAP16, SWAP32, SWAP64): Define if byteswap.h and bswap_16 are available.
({load,store}_{16,32,64}_le): Disable building of little-endian versions, which
aren't currently used.
Ken Raeburn [Fri, 10 Jun 2005 01:47:29 +0000 (01:47 +0000)]
* sendto_kdc.c (service_fds): Don't create a select_state on the stack; take an
additional argument pointing to it.
(krb5int_sendto): Don't create a select_state on the stack; instead, allocate
two on the heap, passing the second as the new argument to service_fds.
Ken Raeburn [Thu, 9 Jun 2005 23:30:33 +0000 (23:30 +0000)]
Use GCC's packed-structure support to try to optimize unaligned loads and
stores of values. (E.g., on x86, gcc will emit a word load or store regardless
of alignment; on sparc or alpha, it will do aligned word accesses. The old C
code does byte operations and arithmetic, always.) Tested in crypto code on
x86, sparc, and amd64.
* k5-platform.h (load_*): Change argument type to point to const.
(K5_BE, K5_LE): New macros, defined based on architecture macros for certain
big-endian and little-endian platforms, respectively.
(PUT, GET) [__GNUC__]: New macros. Use GCC's packed-structure support to do
unaligned loads and stores.
(PUTSWAPPED, GETSWAPPED) [__GNUC__]: Similar, but invoke a SWAP<size> macro
(not defined yet) to swap the bytes of the value.
(store_*, load_*): Use these macros when using GCC, depending on endianness and
availability of the SWAP<size> macros.
Ken Raeburn [Tue, 7 Jun 2005 06:18:40 +0000 (06:18 +0000)]
don't always require support library when building with sun cc
By default, a non-GCC configuration will not optimize during the build. The
Solaris C compiler will always output functions defined as "inline", at least
when not optimizing, even if they're never used. With recent changes on the
trunk, k5_call_init_function will cause the support library to be required on
Solaris by every program that includes k5-platform.h. This patch should fix
that.
* k5-platform.h (MAYBE_DEFINE_CALLINIT_FUNCTION) [DELAY_INITIALIZER]: New
macro. If not __GNUC__, define k5_call_init_function in the expansion;
otherwise, do nothing.
(MAKE_INIT_FUNCTION) [DELAY_INITIALIZER]: Use it.
(k5_call_init_function): Don't define function form at top level.
Ken Raeburn [Mon, 6 Jun 2005 20:48:32 +0000 (20:48 +0000)]
* profile.swg (errcode_t* tcl8 argout typemap): Cast return value from
error_message to char* to silence Sun compiler warning.
(errcode_t tcl8 out typemap): Likewise.
* profile_tcl.c: Regenerated.
Ken Raeburn [Mon, 6 Jun 2005 20:37:22 +0000 (20:37 +0000)]
Fix gcc preprocessor warnings due to last change
* configure.in: Put #undef for the PACKAGE_* symbols at the start of
autoconf.h. Use a leading comment to hide the #undef from the autoconf
substitutions.
Ken Raeburn [Wed, 1 Jun 2005 00:56:01 +0000 (00:56 +0000)]
Add run-time determination of whether thread support is available in the
support library. Check lots of weak references, and call pthread_once a couple
of times, to distinguish a broken stub from the real thing.
* threads.c [HAVE_PRAGMA_WEAK_REF]: Declare pthread_{g,s}etspecific,
pthread_key_{create,delete}, pthread_{create,join} as weak references.
(krb5int_pthread_loaded, loaded_test_aux) [HAVE_PRAGMA_WEAK_REF]: New
functions.
(flag_pthread_loaded, loaded_test_once) [HAVE_PRAGMA_WEAK_REF]: New variables.
* libkrb5support.exports: Add krb5int_pthread_loaded.
Sam Hartman [Fri, 20 May 2005 02:05:24 +0000 (02:05 +0000)]
Implement RFC 3961 PRF
Add krb5_c_prf, a function that implements the RFC 3961 PRF.
As part of this change, the krb5_init_keyblock and krb5 free routines
move to libk5crypto. Public stubs remain in libkrb5, but the actual
implementation is an internal interface in libk5crypto
Ken Raeburn [Fri, 13 May 2005 06:38:13 +0000 (06:38 +0000)]
* configure.in: Merged content from include/configure.in. Don't configure
include directory any more; build its makefiles and autoconf.h directly.
Provide comment template when defining C macros.
* include/configure.in: Deleted, content merged into ../configure.in.
* include/Makefile.in (thisconfigdir, mydir): Updated for configure change.
($(srcdir)/krb5/autoconf.stmp): Use $(thisconfigdir) when locating
configure.in and autom4te.cache.
* include/kerberosIV/Makefile.in (thisconfigdir, mydir): Updated for configure
change.
* include/krb5/Makefile.in (thisconfigdir, mydir): Updated for configure
change.
Ken Raeburn [Fri, 13 May 2005 06:32:50 +0000 (06:32 +0000)]
* aclocal.m4 (AC_KRB5_TCL_FIND_CONFIG): Provide comment template when defining
C macros.
(KRB5_GETPEERNAME_ARGS): Likewise.
(KRB5_GETSOCKNAME_ARGS): Likewise. Only define the macros in one place.
Ken Raeburn [Wed, 4 May 2005 00:57:17 +0000 (00:57 +0000)]
build failure on sparc64-solaris
Mike Friedman at Berkeley reports (on kerberos@mit) that the build
fails linking the aes-gen program if the tree is configured with
CC=gcc and CFLAGS=-m64.
* Makefile.in (aes-gen): Use CC_LINK. Reported by Mike Friedman.
Ken Raeburn [Thu, 28 Apr 2005 21:37:18 +0000 (21:37 +0000)]
* yarrow.c: Delete old macintosh support.
(yarrow_input_maybe_locking): Do the optional locking, and verify that the
mutex is locked, before doing anything else.
(yarrow_reseed_locked): Verify that the global mutex is locked before doing
anything else.
Ken Raeburn [Thu, 28 Apr 2005 09:39:43 +0000 (09:39 +0000)]
* port-sockets.h: On PalmOS, include autoconf.h and netdb.h, and define
socklen_t.
* socket-utils.h: Include k5-platform.h.
(sa2sin, sa2sin6, ss2sa, ss2sin, ss2sin6): Always use inline function form, and
use "inline" instead of "__inline__".
the purpose of the krb5_get_credentials call is to
obtain a set of credentials for the caller. the
krb5_cc_store_cred() call is to optimize performance
for future calls. Ignore any errors, since the credentials
are still valid even if we fail to store them in the cache.
Move WSAStartup/WSACleanup from DllMain to krb5_init_ctx/krb5_free_ctx
WSAStartup/WSACleanup cannot be called from DllMain without risking
a deadlock when FreeLibrary().
Ken Raeburn [Thu, 21 Apr 2005 23:16:26 +0000 (23:16 +0000)]
* implementor.texinfo (Local Addresses): Drop Mac OS 9, add Solaris 9, HP-UX
11.
(IPv6 Support, Host Address Lookup): Update for fake getaddrinfo code moved to
support library.
(Thread System Requirements): Use @code when listing function names. Add a
couple notes about some problematic routines.
(Internal Thread API): Update k5_mutex_t description to indicate there's always
non-OS data included. Describe case where thread support is disabled.
(Advanced Shared Library Requirements): Describe recently raised Windows
DllMain issues. Describe finalization code. Multiple init/fini functions are
now allowed in a library. Describe LIBINITFUNC and LIBFINIFUNC makefile
variables. Mention lib.in can have rules for generating temporary files for
dealing with export lists.
Ken Raeburn [Thu, 21 Apr 2005 21:44:37 +0000 (21:44 +0000)]
Stop generating per-directory sed scripts, and use perl to compute the patterns
on the fly instead. (Next step, someday, integrate this script and depfix.sed,
so we only have to run one script.)
* config/post.in (depend-dependencies): Use (and depend on) depfix2.pl instead
of .depfix2.sed.
(.depfix2.sed): Target deleted.
(DEPTARGETS): Delete .depfix2.sed and .depfix2.tmp.
* util/depgen.sed: Deleted.
* util/depfix2.pl: New file.
Ken Raeburn [Wed, 20 Apr 2005 03:10:12 +0000 (03:10 +0000)]
Compute reltopdir at autoconf time instead of at configure time. This has the
happy side effect of stopping autoreconf from creating directories named
"$ac_config_fragdir" all over the source tree.
* aclocal.m4 (fileexists, K5_TOPDIR): New macros.
(V5_SET_TOPDIR): Don't test for AC_LOCALDIR any more. Use K5_TOPDIR computed
at autoconf time, but still verify that the contents are what we expect. Don't
use shell variables in the argument to AC_CONFIG_AUX_DIR.
Ken Raeburn [Wed, 13 Apr 2005 20:38:36 +0000 (20:38 +0000)]
Allow compile-time specification that small code space is desired
* d3_cbc.c (krb5int_des3_cbc_encrypt, krb5int_des3_cbc_decrypt): Don't declare
left and right variables as registers.
* f_cksum.c (mit_des_cbc_cksum): Likewise.
* f_cbc.c (krb5int_des_cbc_encrypt, krb5int_des_cbc_decrypt): Likewise.
(krb5int_des_cbc_encrypt): For full blocks, use GET_HALF_BLOCK to read and then
xor, instead of processing each byte individually.
(krb5int_des_do_encrypt_2, krb5int_des_do_decrypt_2) [CONFIG_SMALL]: New
functions, wrapping large macros with the DES inner loops.
* f_tables.h (DES_DO_ENCRYPT_1, DES_DO_DECRYPT_1): Renamed from non-_1 names.
(krb5int_des_do_encrypt_2, krb5int_des_do_decrypt_2): Declare if CONFIG_SMALL
is defined.
(DES_DO_ENCRYPT, DES_DO_DECRYPT): Expand to _1 macros or _2 function calls
depending on whether CONFIG_SMALL is defined.
With CONFIG_SMALL defined, on x86/gcc/glibc, this drops about 5K (25%) of the
code/table space.
Ken Raeburn [Wed, 13 Apr 2005 20:19:31 +0000 (20:19 +0000)]
* aesopt.h: On PalmOS, include FloatMgr.h to get endianness flag.
(ENC_UNROLL, DEC_UNROLL, ENC_ROUND, LAST_ENC_ROUND, DEC_ROUND, LAST_DEC_ROUND,
KEY_SCHED): If CONFIG_SMALL is defined, set to NONE or NO_TABLES as
appropriate.
(Latter change drops about 40K -- over 85% -- from AES code/table size in
shared libraries on x86/glibc/gcc.)
Ken Raeburn [Sat, 26 Mar 2005 02:02:40 +0000 (02:02 +0000)]
* configure.in: Don't check for getpwnam_r and getpwuid_r in the thread-safety
warnings. The tests done elsewhere in the tree are stricter and may not
agree.
Ken Raeburn [Sat, 26 Mar 2005 02:00:47 +0000 (02:00 +0000)]
This patch tightens up our determination of whether we can use
getpw{nam,uid}_r, and using the set flags, creates macros providing a
consistent API, and if possible thread safety.
* configure.in: Don't check for getpwnam_r and getpwuid_r with AC_CHECK_FUNCS;
use AC_CHECK_FUNC, and only set shell variables. Run stricter tests on return
types and numbers of arguments, and only define the C macros if these
parameters can actually be determined.
* k5-platform.h (k5_getpwnam_r, k5_getpwuid_r): New macros.
Ken Raeburn [Fri, 25 Mar 2005 21:36:55 +0000 (21:36 +0000)]
shared library support for HP-UX 10
Our somewhat outdated HP-UX support (which was targeted at HP-UX 10, not 11)
does not have support for shared library initialization and finalization
functions, nor for shared library export lists. The former was causing
compilation failures unless shared library support was disabled.
* include/k5-platform.h: Expand on init/fini comments some more.
(MAKE_FINI_FUNCTION): Add an HP-UX specific variant that defines an auxiliary
function fitting the signature of HP-UX 10 library combined
initializer/finalizer functions.
* config/lib.in (hpux10.exports): New target, constructed similar to
osf1.exports but with HP-UX 10.x linker options, no initializers, and "errno"
explicitly added to the export list.
* shlib.conf (*-*-hpux*): Combine PICFLAGS setting with SHLIB_EXPFLAGS and
LDCOMBINE setting. Add linker option "-c hpux10.exports" to LDCOMBINE. Set
SHLIB_EXPORT_FILE_DEP to hpux10.exports. Set use_linker_fini_option.
Ken Raeburn [Fri, 25 Mar 2005 21:28:30 +0000 (21:28 +0000)]
threaded test program built even with thread support disabled
* Makefile.in (all-unix): Use @THREAD_SUPPORT@ and helper targets to build
programs only if thread support is enabled.
(all-unix-0, all-unix-1): New helper targets.
Tom Yu [Tue, 22 Mar 2005 22:49:11 +0000 (22:49 +0000)]
* gic_keytab.c (krb5_get_init_creds_keytab): When calling
krb5_get_init_creds() for the second time (with use_master=1),
also accept KRB5_REALM_UNKNOWN as a soft error, and use the result
from the first call to krb5_get_init_creds(). This can happen
when no master KDC is configured.
threads.c (thread_termination): Free array of pointers to thread-specific data (t) on thread termination. Use existing mutex to prevent the deletion of the array from interfering with the global list of thread specific data (used for library termination)
Jeffrey Altman [Tue, 15 Mar 2005 06:32:39 +0000 (06:32 +0000)]
krb5_c_is_keyed_cksum() is a boolean function. It cannot safely return
an error value. Change the error condition to return False (0) instead
of 0xFFFFFFFF.
Ken Raeburn [Sun, 13 Mar 2005 07:34:23 +0000 (07:34 +0000)]
profile library should check high-resolution timestamps if available
With the current profile code, it's possible for a file to be read when
partially written, with the writing of the new file contents being completed
within the same 1-second clock value, causing the profile code not to re-read
the contents. Using a higher-resolution timestamp, available on many systems
now, should help reduce that window. (Checking file sizes should also,
consider doing that separately.)
* configure.in: Check struct stat for fields st_mtimensec,
st_mtimespec.tv_nsec, and st_mtim.tv_usec.
* prof_file.c (profile_update_file_data): If one of them is found, use it as
the fractional part of the timestamp. Do re-read the file if the fractional
parts don't match.
* prof_int.h (struct _prf_data_t): Add new field frac_ts.
Jeffrey Altman [Sun, 6 Mar 2005 00:18:30 +0000 (00:18 +0000)]
* sn2princ.c (krb5_sname_to_principal):
conditionalize the use of reverse dns lookups. The default
is to use the existing behavior. rdns can be disabled by
specifying [libdefaults] rdns=false
Ken Raeburn [Sat, 5 Mar 2005 00:12:44 +0000 (00:12 +0000)]
I think the hpux change here should prevent it from overriding the
user-specified options, but still add in the necessary flags.
* aclocal.m4 (KRB5_AC_ENABLE_THREADS): Expand on error message if failing.
Substitute THREAD_SUPPORT -> 0 or 1 in makefiles. For HP-UX, set
PTHREAD_CFLAGS, not CFLAGS.
Ken Raeburn [Fri, 4 Mar 2005 23:50:45 +0000 (23:50 +0000)]
hpux10 has gmtime_r with wrong return type, breaking asn.1 encoder
The hpux10 gmtime_r returns int (0 means success), whereas the POSIX
gmtime_r returns a pointer (NULL means failure).
* configure.in: Check return type of gmtime_r, and define GMTIME_R_RETURNS_INT
if it returns int. If the return type can't be determined, pretend the
function isn't there.
Ken Raeburn [Fri, 4 Mar 2005 00:05:08 +0000 (00:05 +0000)]
profile_clear_relation doesn't work, iterator still sees deleted nodes
The "deleted" flag was being checked when writing out the file, but
not when iterating through using the profile handle being used to do
the deletions.
* prof_tree.c (profile_node_iterator): After checking skip_num counter, also
skip over deleted nodes.
* prof_test1 (test3): New proc.
(top level): Run it.
Ken Raeburn [Thu, 3 Mar 2005 23:25:32 +0000 (23:25 +0000)]
time-delta parser doesn't work on HP-UX 10
A build on Lenny's machine (built with gcc 2.7, thread support disabled, static
libraries only) is failing tests because the HP header files define "WS" as a
macro that expands to 2, while the delta-t grammar uses "WS" as the name of a
terminal symbol (which under bison turns into a C macro).
Renaming the terminal in the grammar (and custom lexer) fixes the problem.
* x-deltat.y (tok_WS): Renamed terminal from "WS", which conflicts with HP-UX
10 header files. Updated all productions.
(mylex): Updated.
* Makefile.in ($(srcdir)/deltat.c): Enable dependencies in maintainer mode.
* deltat.c: Updated.