kfw-fixed.nsi: Add registry keys to allow KFW executables to access the
krb5.ini and other config files in the %WINDIR% directory
instead of the per-user WINDOWS directory created in the
user's profile
* cc_mslsa.c: When obtaining a TGT from the MSLSA, do not ignore the
cache when the requested enctype is the NULL enctype. This means to
accept any enctype.
* kfw-fixed.nsi: Microsoft did not place the AllowTGTSessionKey in
the same location within the registry on the XP client platform as
they did on the 2000 SP4 and 2003 Servers. Modify the installer to
set both locations.
Ken Raeburn [Wed, 7 Jul 2004 06:17:28 +0000 (06:17 +0000)]
* k5-thread.h [! HAVE_PTHREAD_H]: Don't explicitly disable thread support when
pthread.h is missing.
(k5_os_mutex, K5_OS_MUTEX_PARTIAL_INITIALIZER, k5_os_mutex_finish_init,
k5_os_mutex_init, k5_os_mutex_destroy, k5_os_mutex_lock, k5_os_mutex_unlock,
k5_os_mutex_assert_unlocked, k5_os_mutex_assert_locked) [_WIN32]: Define
Windows versions; still not enabled by default.
Ken Raeburn [Wed, 7 Jul 2004 00:34:49 +0000 (00:34 +0000)]
* k5-thread.h: Use K5_THREAD_H for multiple inclusion protection.
(k5_debug_mutex_stats, k5_mutex_init_stats, k5_mutex_finish_init_stats,
K5_MUTEX_STATS_INIT): Add some dummy support for recording statistics on how
long mutexes are held, etc. Incomplete implementation started, but code not
enabled.
(k5_mutex_t): Add statistics field.
(K5_MUTEX_PARTIAL_INITIALIZER, k5_mutex_init_1, k5_mutex_init): Initialize it.
Ken Raeburn [Fri, 2 Jul 2004 22:16:56 +0000 (22:16 +0000)]
* k5-thread.h: Restructured mutex code.
(k5_debug_loc): New type, may contain file/line info if DEBUG_THREADS_LOC is
defined.
(k5_os_nothread_*): Dummy implementation of mutex lock for a single-threded
process. Uses a flag and assert() if DEBUG_THREADS is defined, does nothing
interesting otherwise.
(k5_os_mutex*, k5_once*): General implementations, with dummy or POSIX or
POSIX-if-loaded-otherwise-dummy variants.
(k5_mutex_*): Combine OS-specific mutex implementation with optional file/line
tracking, and provide a place to instrument for other debugging or performance
data.
Ken Raeburn [Thu, 1 Jul 2004 01:22:47 +0000 (01:22 +0000)]
* k5-thread.h (K5_MUTEX_DEBUG_INITIALIZER): Use current file and line.
(k5_mutex_debug_finish_init, k5_mutex_debug_init, k5_mutex_debug_destroy): Save
current file and line.
(k5_mutex_debug_lock): Verify that the lock was unlocked before, and set the
state to locked.
(k5_mutex_debug_unlock): Verify that the mutex was locked before, and set the
state to unlocked.
(k5_debug_assert_locked, k5_debug_assert_unlocked): Use
k5_mutex_debug_check_init instead of checking initialized==1.
Ken Raeburn [Wed, 30 Jun 2004 23:24:42 +0000 (23:24 +0000)]
Thread-safety for file-based credentials caches
* cc_file.c (krb5_fcc_data): Added a mutex.
(krb5_fcc_read*, krb5_fcc_write, krb5_fcc_store_*, krb5_fcc_open_file,
krb5_fcc_skip_header, krb5_fcc_skip_principal): Verify that the mutex is
locked.
(MAYBE_OPEN): Verify that the mutex is locked; unlock it if returning an error.
(krb5_fcc_initialize, krb5_fcc_start_seq_get, krb5_fcc_get_principal,
krb5_fcc_store, krb5_fcc_set_flags): Lock and unlock the mutex.
(krb5_fcc_close): Likewise. Destroy the mutex when done.
(krb5_fcc_destroy): Merge stdio and non-stdio versions a little more. Destroy
the mutex when done.
(krb5_fcc_resolve): Initialize and lock the mutex.
(krb5_fcc_next_cred): Lock and unlock the mutex. Merge the stdio and non-stdio
branches a little more.
Ken Raeburn [Wed, 30 Jun 2004 21:21:56 +0000 (21:21 +0000)]
* k5-thread.h (k5_debug_assert_locked, k5_debug_assert_unlocked): New macros.
(k5_assert_locked, k5_assert_unlocked): New macros, may or may not call the
debug macros.
Jeffrey Altman [Wed, 30 Jun 2004 05:00:25 +0000 (05:00 +0000)]
* cc_mslsa.c:
- is_windows_2000() indicates the OS is Windows 2000 or higher
- is_windows_xp() indicates the OS is Windows XP or higher which
indicates that PKERB_QUERY_TKT_CACHE_EX_RESPONSE and
PKERB_TICKET_CACHE_INFO_EX are available.
- does_retrieve_ticket_cache_ticket() checks to see if a Microsoft
private fix is available which adds a new Cache Flag,
KERB_RETRIEVE_TICKET_CACHE_TICKET, which when set causes the
requested ticket to be stored in the LSA cache even when the
TicketFlags and EncType are not set to 0.
- KerbExternalTicketMatch() is a test to determine if two
Microsoft External Tickets are identical
+ use the KerbQueryTicketCacheExMessage LSA call on XP or higher
+ specify the KERB_RETRIEVE_TICKET_CACHE_TICKET flag when it is
available
= The combination of both + items will cause the ClientRealm
to be displayed properly for all cross realm tickets obtained
via the MSLSA
Ken Raeburn [Mon, 28 Jun 2004 19:02:51 +0000 (19:02 +0000)]
Missed some log data with last checkin:
* cc_memory.c (struct _krb5_mcc_data): Delete 'next' pointer. Add a mutex.
(krb5_mcc_*): Lock and unlock the mutex as appropriate.
(struct krb5_mcc_list_node): New type, separates the linked-list
container from the data for individual nodes.
(mcc_head): Now points to krb5_mcc_list_node.
Ken Raeburn [Fri, 25 Jun 2004 19:42:10 +0000 (19:42 +0000)]
* k5-platform.h (JOIN4, JOIN4_2, JOIN3, JOIN3_2): Unused macros deleted.
(JOIN__2, JOIN__2_2): Renamed from JOIN2 and JOIN2_2. Insert two underscores
between the tokens supplied. All uses changed to use new macros, and not use
identifiers with leading underscores.
Ken Raeburn [Thu, 24 Jun 2004 22:43:58 +0000 (22:43 +0000)]
* cc_file.c (krb5_fcc_read_data): Combine stdio and posix versions of code with
gratuitous minor differences.
(krb5_fcc_read_int32, krb5_fcc_next_cred): Likewise.
(krb5_fcc_read_addr): Likewise. Check that filled-in length field matches the
value we tried to store (i.e., that type conversion didn't throw away
information).
(krb5_fcc_read_authdatum): Likewise.
Ken Raeburn [Thu, 24 Jun 2004 22:30:16 +0000 (22:30 +0000)]
* threads.c: Reorganize code: One definition of each function, with
per-platform conditional tests inside, instead of per-platform definitions for
each function. Combine common aspects of each function across platforms.
Tom Yu [Thu, 24 Jun 2004 20:10:05 +0000 (20:10 +0000)]
use host-based service name for kadmin client
* kadmin.c (kadmin_startup): Use host-based service name from
kadm5_get_admin_service_name() for SEAM compatibility when old
AUTH_GSSAPI not requested.
Ken Raeburn [Tue, 22 Jun 2004 18:14:15 +0000 (18:14 +0000)]
Delete preprocessor tests for macintosh, __MWERKS__, applec, and THINK_C, all
part of the pre-Mac OS X support. (Except the bits in the Yarrow code, where
it was part of the upstream source.)
Jeffrey Altman [Tue, 22 Jun 2004 06:39:43 +0000 (06:39 +0000)]
cc_mslsa.c: Comment out calls to FormatMessage and do not terminate
the program on a failure to generate a message. The existing code fails
on non-English systems. We do not need this code in a library unless we
are logging to the Event Log which is currently not done. Ignore this
for the time being until such time as we decide Event Log entries are
important to us.
Ken Raeburn [Mon, 21 Jun 2004 20:58:34 +0000 (20:58 +0000)]
* threads.c (key_lock): Change to a k5_mutex_t.
(k5_key_register): Use k5_ lock routines.
(pthread_getspecific, pthread_setspecific, pthread_key_create,
pthread_key_delete) [HAVE_PRAGMA_WEAK_REF]: Declare weak.
(tsd_if_single) [HAVE_PRAGMA_WEAK_REF]: New variable.
(krb5int_thread_support_init): Do pthread key creation only if pthread code is
loaded.
(krb5int_thread_support_fini): Do pthread key deletion only if pthread code is
loaded.
(k5_key_register, k5_getspecific, k5_setspecific): Use tsd_if_single when
pthread code is not loaded.
Jeffrey Altman [Sat, 19 Jun 2004 04:40:58 +0000 (04:40 +0000)]
* cc_mslsa.c: Enforce acceptable enctypes by checking against
the default_tgs_enctypes list instead of the permitted_enctypes
list; only enforce the desired enctype when retrieving tickets
to deliver to an application. do not enforce when attempting
to determine the current principal name. this is important
because specifying an enctype results in a TGS_REQ being sent
to the KDC; close memory leak of krb5_cred objects in
krb5_lcc_retrieve().
Tom Yu [Sat, 19 Jun 2004 02:11:58 +0000 (02:11 +0000)]
fix some 64-bit bugs in RPCSEC_GSS
* auth_gss.h: Add prototype for xdr_rpc_gss_buf.
* authgss_prot.c (xdr_rpc_gss_buf): New function.
(xdr_rpc_gss_cred, xdr_rpc_gss_init_args, xdr_rpc_gss_init_res):
(xdr_rpc_gss_wrap_data, xdr_rpc_gss_unwrap_data): Use
xdr_rpc_gss_buf, to avoid passing a (size_t *) to a xdr_bytes(),
which expects (u_int *).
(xdr_rpc_gss_wrap_data): Use tmplen to avoid passing (size_t *) to
xdr_u_int.
Ken Raeburn [Sat, 19 Jun 2004 00:21:48 +0000 (00:21 +0000)]
* aclocal.m4 (WITH_CC): Use -Wl,-search_paths_first for linking on Darwin.
(KRB5_AC_ENABLE_THREADS): On AIX, add PTHREAD_LIBS to LIBS; don't do it on
other platforms. Override CC with PTHREAD_CC only if CC is not gcc. Don't add
PTHREAD_CFLAGS to CFLAGS; substitute PTHREAD_CFLAGS separately.
Ken Raeburn [Sat, 19 Jun 2004 00:19:03 +0000 (00:19 +0000)]
* shlib.conf (*-*-darwin*, *-*-rhapsody*): Don't set PICFLAGS or LDFLAGS.
Force static libraries only always, instead of just as the default.
(*-*-aix*): The initfini argument should be "-binitfini". Use -bernotok, not
-berok. Do use the INIT_FINI_PREP command in constructing MAKE_SHLIB_COMMAND.
Ken Raeburn [Sat, 19 Jun 2004 00:06:48 +0000 (00:06 +0000)]
* Makefile.in (all-windows): Make autoconf.h in include\krb5 before building
anything else.
(WINMAKEFILES): Add util\support\Makefile.
(util\support\Makefile) [DOS]: New target.
(CE): New variable.
($(CE)test1.h, $(CE)test2.h, $(CE)test1.c, $(CE)test2.c): New targets.
Ken Raeburn [Fri, 18 Jun 2004 23:43:47 +0000 (23:43 +0000)]
* k5-platform.h (MAKE_INIT_FUNCTION, CALL_INIT_FUNCTION, INITIALIZER_RAN): Use
the linker-driven version for Windows. The auxinit function definition needs
an argument list.
(MAKE_FINI_FUNCTION): Likewise.
Ken Raeburn [Fri, 18 Jun 2004 23:36:57 +0000 (23:36 +0000)]
* Makefile.in (SLIBS, SDEF, S_GLUE, COMERR_GLUE, PROF_GLUE, SGLUE): New
variables.
(NO_GLUE): Deleted.
(CGLUE, PGLUE): Use new separate glue files instead of no_glue.
(SRES) [WIN32]: New variable.
($(SRES), $(SLIB)) [WIN32]: New targets.
($(CLIB), $(PLIB), $(KLIB), $(GLIB)) [WIN32]: Depend on and link against
$(SLIB) too.
($(SDEF)): New target. Generate Windows export list from common symbol list.
($(COMERR_GLUE), $(PROF_GLUE), $(S_GLUE)): New targets.
* win_glue.c (control): Reference add/remove_error_table only if building for
krb4 library. Add calls to library init/fini functions for other libraries.
For support library, also call a hook function on DLL_THREAD_DETACH. If no
recognized library-specific macro is defined, don't compile.
(DllMain): Do call control() on DLL_THREAD_DETACH.
Ken Raeburn [Fri, 18 Jun 2004 22:49:55 +0000 (22:49 +0000)]
* Makefile.in (BUILDTOP, LIBNAME, XTRA, OBJFILE): Define for Windows.
(LIBOBJS): Define.
($(BUILDTOP)/include/krb5/autoconf.h): Disable rule on Windows.
* threads.c (tls_idx, key_lock, destructors, destructors_set): New variables
for Windows.
(krb5int_thread_support_init, krb5int_thread_support_fini, k5_key_register,
k5_getspecific, k5_setspecific, k5_key_delete, krb5int_thread_detach_hook):
New functions for Windows. Some are just placeholders.
Ken Raeburn [Fri, 18 Jun 2004 22:47:27 +0000 (22:47 +0000)]
* Makefile.in ($(OUTPRE)test_et.exe): New target.
(check-windows): Build and run test_et.exe.
* error_message.c: Include autoconf.h.
(HAVE_STRERROR) [_WIN32]: Don't define.
(error_message) [_WIN32]: Check for range WSABASEERR+[0,1100) instead of
all values under 12000. Use k5_getspecific and k5_setspecific for local buffer.
* test_et.c (EXPORT_LIST): Define on Windows.
(main): Use add/remove_error_table, not the initialize_ routines.
(main) [EXPORT_LIST]: Don't test error_table_name, it's not in the export list.
Tom Yu [Wed, 16 Jun 2004 03:11:54 +0000 (03:11 +0000)]
This commit merges the RPCSEC_GSS integration branch onto the trunk.
Remaining work includes:
* Default to using kadmin/fqdn for SEAM compatibility
* Namespace cleanups and other API tweaks -- this API is not stable yet
* Fix lib/rpc/unit-test testsuite to test RPCSEC_GSS in addition to
AUTH_GSSAPI
Additional work will be tracked in separate tickets. This merge is
bracketed between the tags "tlyu-umich-rpc-merge-pre" and
"tlyu-umich-rpc-merge-post".
Tom Yu [Wed, 16 Jun 2004 02:37:23 +0000 (02:37 +0000)]
ok, let's try this again..
* accept_sec_context.c (krb5_gss_accept_sec_context): Only null
out the auth_context's rcache if it was provided by acceptor
creds; this prevents a leak.
* delete_sec_context.c (krb5_gss_delete_sec_context): Only null
out the auth_context's rcache if it was provided by acceptor
creds; this prevents a leak.
* gssapiP_krb5.h (krb5_gss_ctx_id_rec): Add cred_rcache to track
whether acceptor creds provided an rcache.
Ken Raeburn [Tue, 15 Jun 2004 19:06:13 +0000 (19:06 +0000)]
Localize the OS-specific bits of retrieving the current time a bit more.
** not yet tested on Windows **
* c_ustime.c: Include k5-thread.h.
(get_time_now): New function, holds system-dependent code.
(krb5int_us_time_mutex): New mutex.
(struct time_now): New type.
(last_time): New variable, replaces old last_tv, last_sec, last_usec.
(krb5_crypto_us_timeofday): Rewrite. Do locking around access to previously
returned value, and ensure that we don't return duplicate values.
* os-proto.h: Include k5-thread.h.
(krb5int_us_time_mutex): Declare.
Tom Yu [Tue, 15 Jun 2004 18:57:17 +0000 (18:57 +0000)]
don't leak rcaches in accept_sec_context
* accept_sec_context.c (krb5_gss_accept_sec_context): Don't null
out rcache of auth_context prior to free if rcache was temporarily
allocated; this prevents leaking rcaches.
ticket: new
version_reported: 1.3.4
component: krb5-libs
Ken Raeburn [Tue, 15 Jun 2004 17:52:23 +0000 (17:52 +0000)]
* rc_io.c (dir, dirlen): Top-level variables deleted.
(getdir): Now returns the pointer, doesn't set top-level variables.
(GETDIR): Set local variables dir and dirlen using the function's return value.
(krb5_rc_io_creat, krb5_rc_io_open_internal): Add the new local variables.
Ken Raeburn [Tue, 15 Jun 2004 17:45:55 +0000 (17:45 +0000)]
* Makefile.in (SHLIB_DIRS, SHLIB_EXPLIBS, SHLIB_EXPDEPLIBS): Set to depend on
the new support library.
(SHLIB_LIBS): Don't define.
* configure.in: Use BUILD_LIBRARY_WITH_DEPS instead of the no-deps version.
projects / thirdparty / krb5.git / log
