Ken Raeburn [Tue, 4 May 2004 19:38:18 +0000 (19:38 +0000)]
Make com_err tests exercise the shared-library support
* configure.in: Invoke KRB5_BUILD_PROGRAM and KRB5_RUN_FLAGS.
* Makefile.in (PROG_RPATH, PROG_LIBPATH, RUN_SETUP): New variables.
(test_et, t_com_err): Use the built library, even if shared.
(check-unix): Set up the environment properly to load shared libraries when
running the test programs.
Ken Raeburn [Tue, 4 May 2004 19:22:53 +0000 (19:22 +0000)]
* shlib.conf (alpha*-dec-osf*): Do remember to set use_linker_init_option and
use_linker_fini_option.
(mips-sgi-irix*): Set LDCOMBINE_TAIL only if not using gcc.
Ken Raeburn [Sat, 1 May 2004 01:43:15 +0000 (01:43 +0000)]
Use the new mutex in the replay cache structure
Rather coarse at the moment: While one thread is blocking waiting for data to
be flushed to disk, another thread is unnecessarily prevented from scanning the
in-memory data.
* rc_base.c (krb5_rc_resolve_type): Initialize the mutex in the replay cache
structure.
(krb5_rc_default, krb5_rc_resolve_full): Destroy it if creation of the replay
cache fails.
* rc_dfl.c (krb5_rc_dfl_get_span, krb5_rc_dfl_init): Lock the mutex while
operating on the replay cache object.
(krb5_rc_dfl_expunge_locked): Renamed from krb5_rc_dfl_expunge and made static.
Call krb5_rc_dfl_recover_locked.
(krb5_rc_dfl_expunge): New wrapper function, locks the mutex.
(krb5_rc_dfl_recover_locked): Renamed from krb5_rc_dfl_recover and made static.
Call krb5_rc_dfl_expunge_locked.
(krb5_rc_dfl_recover): New wrapper function, locks the mutex.
(krb5_rc_dfl_store): Lock the mutex. Call _expunge_locked.
Ken Raeburn [Sat, 1 May 2004 01:29:44 +0000 (01:29 +0000)]
Update mutex debug code to be somewhat compatible with multi-threaded
execution. It won't be as useful in single-threaded programs for detecting
bugs in the mutex handling for now, though.
* k5-thread.h (k5_mutex_debug_check_init, k5_mutex_debug_update_loc): New
macros.
(k5_mutex_debug_lock, k5_mutex_debug_unlock): Use them.
(k5_mutex_lock, k5_mutex_unlock) [ENABLE_THREADS && DEBUG_THREADS]: Use them
instead of k5_mutex_debug_lock and k5_mutex_debug_unlock.
(enum k5_mutex_debug_states): New enum.
(K5_MUTEX_DEBUG_LOCKED, K5_MUTEX_DEBUG_UNLOCKED): Change to enumerator values.
(k5_mutex_debug_info): Use the enum type. Reorder fields.
(K5_MUTEX_DEBUG_INITIALIZER): Update for new field order.
Ken Raeburn [Sat, 1 May 2004 00:00:02 +0000 (00:00 +0000)]
Add a mutex for the shared static storage used by Yarrow
* crypto_libinit.c (initialized): Variable deleted.
(cryptoint_initialize_library, cryptoint_cleanup_library): Use new macros for
automatic shared library init/fini functions.
(prng_cleanup): Declaration deleted.
(krb5int_prng_init, krb5int_prng_cleanup): Declare.
(cryptoint_initialize_library): Call krb5int_prng_init.
(krb5int_crypto_init): New function, checks that cryptoint_initialize_library
was called successfully.
(cryptoint_cleanup_library): Call krb5int_prng_cleanup only if the initializer
ran.
* crypto_libinit.h: Deleted.
* prng.c: Include k5-thread.h.
(init_once, init_error, yarrow_lock): New variables.
(krb5int_prng_init): New function; finish initializing the mutex lock.
(do_yarrow_init): New function.
(krb5_c_random_add_entropy): Call it once only. Lock the mutex before
processing the input.
(krb5_c_random_make_octets): Lock the mutex before extracting random bytes.
Ken Raeburn [Fri, 30 Apr 2004 00:59:37 +0000 (00:59 +0000)]
* shlib.conf (alpha*-dec-osf*): Add support for export list, using a temporary
file, and init/fini functions.
(mips-sgi-irix*): Previous support should not be used with gcc.
Ken Raeburn [Thu, 29 Apr 2004 06:54:23 +0000 (06:54 +0000)]
* k5-platform.h (DELAY_INITIALIZER): Don't define.
(CONSTRUCTOR_ATTR_WORKS, DESTRUCTOR_ATTR_WORKS): Don't define.
(USE_LINKER_FINI_OPTION): Don't define.
(MAYBE_DUMMY_INIT): New macro, to optionally produce a dummy initializer for
the linker to reference in the case where other options indicate we don't want
to use it.
(MAKE_INIT_FUNCTION): Use it in some versions. Set the exported function name
to have a __auxinit suffix.
(MAKE_FINI_FUNCTION) [!SHARED]: Declare the function static, and do nothing to
try to cause it to get invoked.
Ken Raeburn [Thu, 29 Apr 2004 06:50:17 +0000 (06:50 +0000)]
* shlib.conf: Initialize use_linker_init_option and use_linker_fini_option to
no.
(mips-sgi-irix*): Add link-time support for library initialization and
finalization.
(*-*-solaris*): Likewise, for native compiler. Change "pic" mode to "PIC",
libkrb5 seems to need it now.
Ken Raeburn [Thu, 29 Apr 2004 06:46:00 +0000 (06:46 +0000)]
* aclocal.m4 (CONFIG_RULES): Invoke KRB5_LIB_PARAMS and KRB5_AC_INITFINI.
(KRB5_AC_INITFINI): New macro. Define delayed-initialization config option,
test for gcc constructor/destructor attribute support, and test whether
shlib.conf indicates support for link-time options.
(KRB5_AC_GCC_ATTRS): Implement.
Ken Raeburn [Mon, 26 Apr 2004 05:36:49 +0000 (05:36 +0000)]
* shlib.conf (INIT_FINI_PREP): New variable. Default to a no-op, but let each
platform set setup routines to process initialization and finalization options
for the default MAKE_SHLIB_COMMAND value.
(case mips-sgi-irix*): Define LDCOMBINE_TAIL to use the library's export list.
Ken Raeburn [Sat, 24 Apr 2004 22:38:30 +0000 (22:38 +0000)]
Handle the somewhat common fixed case of time value 0 more efficiently
* asn1_decode.c (asn1_decode_generaltime): If the input string is the magic
UNIX time zero, bypass all the arithmetic and return 0.
* asn1_encode.c (asn1_encode_generaltime): If the input time value is the UNIX
epoch, use a hardcoded string instead of doing the math.
Ken Raeburn [Sat, 24 Apr 2004 21:09:44 +0000 (21:09 +0000)]
Added support for library initialization and finalization, and verification
that the initializer completed successfully. Delay initialization on POSIX
until the first "verification" call. Currently specific to a few platforms,
but should still build on others without thread support enabled.
Use it to finish creating (if necessary) and destroy mutexes, and free some
other storage "permanently" allocated by libraries (currently, libkrb5
cache/keytab type registries only). Change initialization of static mutexes to
a two-step operation, a static "partial" initializer and a "finish_init"
routine called from a thread-safe environment like library initialization is
assumed to be. POSIX will use the former, Windows will use the latter, and the
debug support will check that *both* have been used.
Added init/fini functions to com_err, profile, krb5, and gssapi libraries.
(The profile library one may need to be removed later.) The existing ones, not
thread-safe, are still around.
Use weak symbol support if available to figure out if the pthread library has
been linked in, and avoid calling certain routines if the C library stubs are
known not to exist or work.
Stub declarations for thread-specific data.
Minor bugfixes, whitespace changes.
Ken Raeburn [Sat, 24 Apr 2004 20:22:31 +0000 (20:22 +0000)]
* gssapi_krb5.c (kg_get_ccache_name): Don't test err while it's still known to
be 0.
(kg_set_ccache_name): Likewise. Return after an error rather than continuing.
Ken Raeburn [Sat, 24 Apr 2004 04:44:02 +0000 (04:44 +0000)]
Start depending on perl for builds
* aclocal.m4 (KRB5_BUILD_LIBRARY_WITH_DEPS): Look for perl.
* config/pre.in (PERL): New variable.
* config/lib.in (lib$(LIB)$(SHLIBVEXT)): Use one perl invocation rather than
n+1 sed invocations.
Ken Raeburn [Fri, 23 Apr 2004 00:43:15 +0000 (00:43 +0000)]
Use more flexible command substitution for shared library generation, so we can
dump makeshlib.sh. Use the new saved export list files for AIX.
* aclocal.m4 (KRB5_BUILD_LIBRARY_WITH_DEPS): Substitute MAKE_SHLIB_COMMAND, not
LDCOMBINE and LDCOMBINE_TAIL.
* pre.in (DO_MAKE_SHLIB, SHLIB_STATIC_TARGET, LDCOMBINE, LDCOMBINE_TAIL):
Delete unused variables.
(SHLIB_EXPORT_FILE, SHLIB_EXPORT_FILE_DEP, MAKE_SHLIB_COMMAND): New variables.
* config/lib.in (lib$(LIB)$(SHLIBVEXT)): Set objlist to the list of object
files before invoking MAKE_SHLIB_COMMAND, instead of wrapping the list with
LDCOMBINE and LDCOMBINE_TAIL. Depend on SHLIB_EXPORT_FILE_DEP.
* config/shlib.conf: Set MAKE_SHLIB_COMMAND, using LDCOMBINE and LDCOMBINE_TAIL
in the common case.
(case *-*-aix*): Specify new commands, taken from makeshlib.sh, but assume the
export list is provided externally.
Ken Raeburn [Thu, 22 Apr 2004 23:55:57 +0000 (23:55 +0000)]
Add files containing the export lists used on UNIX, in each directory
where we build a shared library, whether or not it gets installed.
These should match the complete AIX export lists for a full build
including krb4 support, and will eventually be used on other UNIX
platforms, and cut down to just the symbols we actually want to
export.
We'll also have to add additional information, eventually, for
versioning and such, but currently this is just a list of C symbol
names.
Sam Hartman [Fri, 16 Apr 2004 19:10:24 +0000 (19:10 +0000)]
krb5_get_in_tkt ignores lifetime
John Hascall reports that the emulation of krb5_get_in_tkt is
incomplete and does not handle lifetimes set in the input credentials.
He provided a patch to fix this.
Changes to the NSIS installer for Windows to support KFW 2.6.1
Adds kvno.exe, gss-client.exe, and gss-server.exe to the distribution
Increments the version number of the installer
* k5unseal.c: gss_krb5int_unseal_token_v3() takes a pointer to
krb5_context
* import_sec_context.c: krb5_gss_ser_init() contains a function
pointer table. this table must use pointers to functions of
type KRB5_CALLCONV.
On Windows, a single letter followed by colon is used to identify
a drive. Therefore, do not assume that finding a colon in a string
indicates that we have found a keytab prefix label unless the length
of the potential prefix is not equal to one.
* cc_mslsa.c:
In at least one case on Win2003 it appears that it is possible
for the logon session to be authenticated via NTLM and yet for
there to be Kerberos credentials obtained by the LSA on behalf
of the logged in user. Therefore, we are removing the test
for IsKerberosLogon() within krb5_lcc_resolve()
which was meant to avoid the need to perform GetMSTGT() when
there was no possibility of credentials being found.
Ken Raeburn [Sat, 3 Apr 2004 01:52:46 +0000 (01:52 +0000)]
* network.c (setup_a_tcp_listener): Try to turn the IPV6_V6ONLY socket option
on, not off, and do it before calling bind.
(setup_tcp_listener_ports): Don't do it here any more.
(setup_udp_port): Ignore AF_DLI addresses.
Jeffrey Altman [Wed, 31 Mar 2004 21:22:25 +0000 (21:22 +0000)]
Delay load the ADVAPI32.DLL and SECUR32.DLL libraries within KRB5_32.DLL
Then modify the MSLSA implementation to ensure that none of the APIs loaded
from those DLLs are executed on Windows platforms prior to Windows 2000.
This ensures that the DLLs will never be loaded enabling KRB5_32.DLL to
continue to be used on Windows 9x.
Ken Raeburn [Wed, 24 Mar 2004 01:42:54 +0000 (01:42 +0000)]
* aclocal.m4 (KRB5_LIB_AUX): Use default_shared and default_static from
shlib.conf to decide whether to build shared and static libraries by default.
Update messages to indicate shared libraries are the default for most platforms
now. Use AC_MSG_NOTICE and AC_MSG_WARN instead of AC_MSG_RESULT when there's
no "checking" message.
Ken Raeburn [Wed, 24 Mar 2004 01:12:15 +0000 (01:12 +0000)]
* aclocal.m4 (KRB5_AC_MAINTAINER_MODE, KRB5_AC_ENABLE_THREADS, KRB5_AC_INET6,
WITH_HESIOD, KRB5_LIB_AUX, KRB5_AC_CHOOSE_SS, KRB5_AC_CHOOSE_DB): Express
defaults more consistently with other configure output. Use AC_HELP_STRING.
Shorten up some messages, drop some options that are defaults and obvious
counterparts to other documented options.
* configure.in: Likewise.
Ken Raeburn [Mon, 22 Mar 2004 22:00:02 +0000 (22:00 +0000)]
* network.c (delete_fd): Free pointed-to data after removing it from the
connection set.
(kill_tcp_connection): Move delete_fd call to the end.
(accept_tcp_connection): Decrement connection counter again if we drop the
incoming connection for lack of buffer space.
Ken Raeburn [Sun, 21 Mar 2004 01:56:39 +0000 (01:56 +0000)]
One less kg_get_context call..
* ovsec_kadmd.c (main): Use any handy krb5 context to register the KDB keytab
type, we don't need to pluck it out of the GSSAPI krb5 mechanism.
(gctx): Variable deleted.
Ken Raeburn [Thu, 18 Mar 2004 03:07:22 +0000 (03:07 +0000)]
Thread-safe manipulation of registered error-table list
* error_message.c: Include k5-thread.h.
(_et_list): Now always static.
(et_list_lock): New mutex.
(error_message): Lock it while manipulating the table lists.
(add_error_table, remove_error_table): Likewise.
Ken Raeburn [Thu, 18 Mar 2004 02:55:48 +0000 (02:55 +0000)]
* ac-archive: New directory.
* ac-archive/README: New file.
* ac-archive/acx_pthread.m4: New file, data taken from autoconf macro archive
at sourceforge.
Ken Raeburn [Mon, 15 Mar 2004 17:45:01 +0000 (17:45 +0000)]
* k5seal.c (kg_seal): Extract the krb5 context from the security context
instead of requiring it be passed in as an argument.
* k5unseal.c (kg_unseal): Likewise.
* gssapiP_krb5.h (kg_seal, kg_unseal): Declarations updated.
* delete_sec_context.c, process_context_token.c, seal.c, sign.c, unseal.c,
verify.c: Callers changed.
* inq_context.c (krb5_gss_inquire_context): Use krb5 context contained in
security context instead of calling kg_get_context.
* wrap_size_limit.c (krb5_gss_wrap_size_limit): Likewise.
* import_sec_context.c (krb5_gss_ser_init): New function.
(krb5_gss_import_sec_context): Create a krb5 context locally to use for the
import.
* export_sec_context.c (krb5_gss_export_sec_context): Use the krb5 context in
the security context.
* gssapiP_krb5.h (krb5_gss_ser_init): Declare.
* gssapi_krb5.c (kg_get_context): Don't call krb5 serialization initialization
code here.
* accept_sec_context.c (krb5_gss_accept_sec_context): Free the new krb5 context
in an error case not caught before.
Ken Raeburn [Mon, 15 Mar 2004 02:05:11 +0000 (02:05 +0000)]
* gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Add a krb5 context object.
* init_sec_context.c (krb5_gss_init_sec_context): Create a new krb5 context,
and store it in the security context if successful. If there's already a
security context, use the krb5 context in it.
* accept_sec_context.c (krb5_gss_accept_sec_context): Create a new krb5
context, and store it in the security context if successful.
* delete_sec_context.c (krb5_gss_delete_sec_context): If the security context
has a krb5 context, free it.
Ken Raeburn [Sun, 14 Mar 2004 08:14:51 +0000 (08:14 +0000)]
* gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Delete fields init_token and
testing_unknown_tokid.
* init_sec_context.c (new_connection): Drop support (already inside "#if 0")
for them.
(krb5_gss_init_sec_context): Drop support for testing_unknown_tokid.
(mutual_auth): Don't let major_status be used uninitialized.
projects / thirdparty / krb5.git / log
