Modified hints APIs to be a single API that takes string keys.
Removed error object.
Changed error message API to use thread specific data.
Split out debugging API into separate files.
Ezra Peisach [Sun, 17 Aug 2008 23:34:41 +0000 (23:34 +0000)]
Using gcov, it was noted that the tests were never including authdata
in the test credential - and a segment of code was never tested. Add
some fake authdata to the test creds.
Ezra Peisach [Sat, 16 Aug 2008 13:03:30 +0000 (13:03 +0000)]
In parsing authorization data, if run out of memory, the authorization
data was released, but the pointer not zeroed. This resulted in
higher level code trying to free it again.
Ezra Peisach [Fri, 15 Aug 2008 18:46:12 +0000 (18:46 +0000)]
Move prototype for krb5int_random_string from k5-int.h to cc-int.h as
it is private to the ccache code. Include cc-int.h where needed, and
update Makefile.in dependencies.
Ken Raeburn [Thu, 14 Aug 2008 22:59:54 +0000 (22:59 +0000)]
Only add -Os for size optimizations if CFLAGS wasn't specified already. If
the configure-generated CFLAGS string is one of the usual ones with -O2,
replace -O2 rather than appending, since -Os will override previously
specified optimization levels anyways.
Ken Raeburn [Thu, 14 Aug 2008 21:32:58 +0000 (21:32 +0000)]
If the LDAP KDB back end is being built, define ENABLE_LDAP. If
ENABLE_LDAP is not defined, don't build the LDAP KDB ASN.1 encoding
and decoding functions, and use null pointers for them in the accessor
function table.
Ezra Peisach [Thu, 14 Aug 2008 05:09:12 +0000 (05:09 +0000)]
Error return from krb5int_random_string not tested in ccache code
krb5int_random_string should probably only fail on malloc
failure. Test for an error return from the function and cleanup
properly (release mutex, return error instead of using uninitialized
memory).
Ezra Peisach [Thu, 14 Aug 2008 04:55:14 +0000 (04:55 +0000)]
krb5_fcc_read_addrs returns pointer to released memory on malloc failre
In cleanup code on malloc failure, addresses are released including
pointer to the krb5_address * - but the freed value is returned to
caller. Clear pointer.
Ezra Peisach [Thu, 14 Aug 2008 04:44:44 +0000 (04:44 +0000)]
krb5_fcc_resolve file locking error on malloc failuer
In krb5_fcc_resolve, on malloc failure, the data->lock mutex needs to
be destroyed. Unfortunately, this is done with the mutex is still locked. When thread debugging code is enabled, this results in aeg fault.
Also - in krb5_fcc_generate_new, a strdup failure would result in the
krb5int_cc_file_mutex being unlocked twice.
[I have a modified version of valgrind in which I can signal after a
certain number of mallocs for it to fail - I vary the allocation
number from 1300 to 0 - and see what breaks - some memory leaks will
be fixed separately]
Ken Raeburn [Wed, 13 Aug 2008 23:32:11 +0000 (23:32 +0000)]
Don't build PKINIT ASN.1 support code if not building PKINIT plugin
If --disable-pkinit is given at configure time, don't build the PKINIT
plugin.
If the PKINIT plugin is not going to be built, define DISABLE_PKINIT.
If DISABLE_PKINIT is defined, don't build the PKINIT-related ASN.1
encoding and decoding routines, and fill their slots in the accessor
function table with null pointers.
Tweak the accessor table initialization to use conditionally-varying
macros rather than conditionally selecting between two blocks of
invocations of fixed macros.
Ken Raeburn [Tue, 12 Aug 2008 20:52:39 +0000 (20:52 +0000)]
Add a new directory, configured but not built by default, and never
installed, where we can build the main client libraries all together into
one library, and experiment with configuration changes for a client-only
library.
Ken Raeburn [Thu, 7 Aug 2008 03:29:52 +0000 (03:29 +0000)]
sequence_of_no_tagvars declared variables used only in
end_sequence_of_no_tagvars and only as unnecessary temporaries, so get
rid of them; also, push most of the work of the latter macro into a
helper function.
Ken Raeburn [Thu, 7 Aug 2008 03:06:50 +0000 (03:06 +0000)]
get_eoc() is always followed by next_tag(), so don't bother setting
the variables that it's about to clobber. Since we don't need any of
the tag info at the call site, push it down into the helper function.
Ken Raeburn [Wed, 6 Aug 2008 22:12:16 +0000 (22:12 +0000)]
turn off thread-support debugging code
With one big known exception having to do with exiting processes, I
think we've shaken out most of the thread-related bugs that this code
is going to catch in the existing code. It adds a lot of runtime
code, so disable it for now, it can be enabled again for testing new
changes.
Ken Raeburn [Wed, 6 Aug 2008 18:16:37 +0000 (18:16 +0000)]
If CONFIG_SMALL is defined, always use function calls for k5_mutex_lock
and _unlock. On ppc darwin builds with debug info, this makes
lib*.dylib a total of about 46K (~3%) smaller; "size" reports a
reduction in text and/or "other" sizes for libgssapi_krb5, libkdb5,
libkdb_ldap, and libkrb5.
Ken Raeburn [Wed, 6 Aug 2008 00:05:47 +0000 (00:05 +0000)]
fix cleanup code in allocating preauth info
After an allocation failure, free up the previously allocated array
elements by counting back down to zero, not continuing to count up
until we hit zero.
Ken Raeburn [Tue, 5 Aug 2008 22:15:34 +0000 (22:15 +0000)]
error in socket number range check in kdc
Fix off-by-one error in checking that socket file descriptor numbers
are in range suitable for an fd_set. Also, don't do the check if we
should someday happen to get compiled on Windows.
Ken Raeburn [Sat, 2 Aug 2008 06:36:49 +0000 (06:36 +0000)]
Make more uses of load/store_32_be/le, which on x86 at least expands
to a single unaligned load/store instruction, instead of open-coding
the shifts and masks.
Ken Raeburn [Sat, 2 Aug 2008 06:24:55 +0000 (06:24 +0000)]
Use krb5int_random_string, load_32_be, load_16_be, store_32_be, and
store_16_be. Change krb5_krcc_unparse_int32 to call
krb5_krc_unparse_ui_4 and reduce duplicated code.
Use krb5_get_error_message instead of error_message for
detailed krb5 error strings. Also removed a few remaining
instances of types ending in _t and fixed up some
whitespace issues.
In the gss rpc package, replace the type used for a
socket on Windows with SOCKET (instead of int) and
replace all calls to close() that are used to close
sockets with closesocket().
src/include/port-sockets.h includes the definitions
of SOCKET and closesocket() for non-Windows systems.
The NIM error reporting functions (in src/windows/identity/kherr ) keep
track of the the error message with the highest severity level that was
reported for a specific error reporting context. However, if another
error message of the same severity is reported, the error message being
tracked will be updated to be the newly received error.
The user will often only be notified of the error message that was
tracked for a specific operation. Therefore, tracking the last message
with the highest priority has the unfortunate side-effect of not
reporting the cause of a failure.
This patch changes the condition for updating the tracked error message
to be the first message with the highest severity.
This patch modifies the NIM Kerberos v5 plug-in to use the
krb5_get_error_message() function to look up the error string
if the call to krb5_get_init_creds_password() fails. If the call
to krb5_get_error_message() fails, the caller will failover to
the previous method of looking up a suitable error message based
on the error code.
The /src/windows/identity/plugins/common/dynimport.{c,h} files are used
by the NIM Kerberos v5 plug-ins for run-time dynamic linking. They
currently do not declare or import the following functions:
This patch adds declarations and definitions required for locating these
functions. Relies on the addition of these functions to the prototype
list in the Pismere loadfuncs-krb5.h. See ticket 6045.
The behavior of the HDN_ENDTRACK notification has changed slightly on
Vista. HDM_GETITEMRECT, when used while handling HDN_ENDTRACK, returns
the item extents that were there prior to the user starting the resizing
operation. Earlier it would return the extents that resulted from the
resizing operation.
This resulted in a visual update problem on Windows Vista/2008
in the NIM Advanced View.
This patch addresses the issues raised in this ticket and ticket 5936
(a) In the case where 'cred_handle' != 'verifier_cred_handle'[1]
krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success
case and the failure cases that result in returning from the function
prior to reaching the end of the function.
(b) The meaningful 'minor_status' return value is destroyed during the
cleanup operations.
The approach taken is to add a new 'exit:' label prior to the end of the
function through which all function returns after reaching the 'fail:'
label will goto. After 'exit:', the 'cred_handle' will be released and
if there is a krb5_context 'context' to be freed, the error info will be
saved and krb5_free_context() will be called.
In the success case, the krb5_context is saved in the gss context and we
now set 'context' to NULL to prevent it from being freed.
In order to preserve the minor_status return code, a 'tmp_minor_status'
variable is added that is used after the 'fail:' label in calls to
krb5_gss_delete_sec_context() and krb5_gss_release_cred().
[1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to
the value of 'verifier_cred_handle'.
kadm5_decrypt_key(). This patch prevents the returned keyblock's
enctype from being coerced to the requested 'ktype' if the requested
'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored".
There are two mutex locking issues that Roland Dowdeswell noticed in
the memory ccache. The first one is in cc_memory.c:krb5_mcc_initialize().
When it is free(3)ing the existing credentials it does not lock the
data structures and hence two separate threads can run into issues.
The same problem exists in cc_memory.c:krb5_mcc_destroy().
projects / thirdparty / krb5.git / log
