Kevin Koch [Fri, 18 Jul 2008 14:05:58 +0000 (14:05 +0000)]
This change is for both tickets 5817 and 5819 - changes for 64 bit builds
New substitution variables %WL% (word length [32 | 64]) and %cpu% [i386 | AMD64] are implemented in the various files where they make sense.
Copylist entries have a new attribute - the component [base | i386 | AMD64 | leash | krb4].
The cpu and components can be specified on the command line. Multiple components must be in a space delimited quoted string.
kfw-fixed.nsi must now be preprocessed in the same fashion as site-local-tagged.nsi; kfw-fixed.nsi is deleted.
A number of makefiles assumed there could be only one build in the build tree at once, so make clean failed when there is more than one. [There can be four (i386/rel, i386/dbg, amd64/rel, amd64/dbg).] The makefiles have been updated. additional make clean problems in the new ccapi windows were cleaned up.
In some places, the compiler was set to VS2003, not VS2005.
32/64 bit differences added to ccapi makefiles.
Component: windows
TargetVersion: 1.7
Ticket: 5817 5819
Kevin Koch [Thu, 3 Jul 2008 13:21:12 +0000 (13:21 +0000)]
Only check for repository access utilities (cvs, svn, plink) if repository action is UPDATE or CHECKOUT, not SKIP. This allows builders who obtain sources from a distribution kit to be able to build without having to install these utilities
TargetVersion: 1.7
Component: windows
Ticket: new
Tags: pullup
Subj: KfW Build Automation
Ken Raeburn [Tue, 18 Mar 2008 18:55:26 +0000 (18:55 +0000)]
MITKRB5-SA-2008-002
Fix MITKRB5-SA-2008-002: array overrun in libgssrpc.
Don't update the internally-tracked maximum file descriptor value if
the new one is FD_SETSIZE (or NOFILE) or above. Reject TCP file
descriptors of FD_SETSIZE (NOFILE) or above.
cc_ccache_iterator_release, cc_credentials_iterator leak server memory
cc_ccache_iterator_release and cc_credentials_iterator leak memory on the
CCacheServer because they do not send an ipc message to the server telling it
to free up resources associated with the iterator.
Note: this issue does not track needing to be able to free up these same
resources when the client crashes.
Invalid assignment while trying to set input to NULL
cc_seq_fetch_NCs_end and cc_seq_fetch_creds_end should try to set their
iterator inputs to NULL. Fixed code to assign the inputs to NULL rather
than the temporary variables. (Not sure why the previous code was
even compiling on the Mac.)
cc_context_get_version was part of the original CCAPI v3 documentation but was
never actually implemented. Now that it has been removed from the documentation
we should remove the test.
cc_set_principal should return error on bad cred version
When the caller passes in a version different than the one the ccache
was opened with, cc_set_principal should return CC_ERR_CRED_VERSION
because "cred_vers is used as a double check".
cc_seq_fetch_NCs_end incorrectly casts from CCAPI v2 to CCAPI v3 types.
Cleaned up cc_seq_fetch_creds_end at the same time (it was correct but
difficult to read).
CCAPI v2 support crash when client or server strings are NULL
The CCAPI v2 support will crash if passed in a krb5 credential with
the client or server principal strings set to NULL. Since CCAPI v3+
support checks for this we should check in CCAPI v2.
Kevin Koch [Fri, 29 Feb 2008 19:08:06 +0000 (19:08 +0000)]
lib/win/Makefile.in: Added
ccutils.c, ccapi_os_ipc.cxx, ccs_reply_proc.c, ccs_os_server.cpp, ccs_reply_proc.c, ccs_win_pipe.c: comment out some debug messages.
test/Makefile.in: change which tests are built.
test/test_ccapi_context.c: API version 2 is now expected to pass.
test/test_ccapi_iterators.c: Add progress indicator for long tests.
krb5int_arcfour_string_to_key does not support utf-8 strings
krb5int_arcfour_string_to_key converts C strings to UTF-16 before passing
them to the string to key function. Currently the UTF-16 conversion assumes
the input string is ASCII only.
Added support to convert UTF-8 strings to UTF-16 on Mac OS X. Leaving the
bug open until we discuss if we want to have implementations for Unix and
Windows platforms.
Kevin Koch [Tue, 19 Feb 2008 15:22:13 +0000 (15:22 +0000)]
Changes to integrate the CCAPI build into the build structure, build the test suite and fixes to random problems discovered along the way
Since no platform other than windows builds CCAPI using the build system, some conditionalizing may be necessary when other platforms use the makefiles.
src/Makefile.in: Add CPPFLAGS that seemed to be missing; run wconfig for ccapi/(lib, server, test).
config/win-pre.in: DEBUGOPT /ZI doesn't seem to provide enough debugging information under VS2005; /Zi does.
windows/build/bkw.pl: Fix -no<switch> so that -nonodebug will work. Otherwise, can't do debug build.
Move Get/PutTspData out of dllmain; add tlsindex argument.
Russ Allbery [Tue, 19 Feb 2008 04:49:11 +0000 (04:49 +0000)]
man page macro and hyphen fixes
Fix various unescaped hyphens, lines starting with . that shouldn't be
macros, undefined strings, and misspelled macros in the man pages.
Found via man --warnings on a current Debian unstable system.
ticket: new
component: krb5-doc
Version_Reported: 1.6.3
Target_Version: 1.6.4
Tags: pullup
Tom Yu [Thu, 7 Feb 2008 07:07:06 +0000 (07:07 +0000)]
more tests for libdb btree page split on zero index
Enhance btree debugging output somewhat to limit key printout to the
key length if the key is not null-terminated.
Add additional test case for the zero-index page split bug; test case
can create a corrupted btree database with records unreachable by
random access but reachable by sequential access. Requires
recompiling with CPPFLAGS='-DDEBUG -DDEBUG_IDX0SPLIT' to correctly
model mpool page reuse that would be present in production conditions.
(CPPFLAGS=-DDEBUG would otherwise explicitly overwrite the contents of
reused pages.)
ticket: new
target_version: 1.6.4
tags: pullup
component: krb5-kdc
Tom Yu [Fri, 1 Feb 2008 01:03:11 +0000 (01:03 +0000)]
libdb btree page split on zero index corrupts db
Splitting a btree page on index 0 can corrupt the database if the key
length plus data length is exactly a certain value. This certain size
causes the item to get the left page to itself, and causes the right
page to contain an erroneous additional index "hole" having an
uninitialized value. This bug may be one of the remaining causes of
unexplained database corruption reported over the years. Shawn Emery
provided useful data from actual instances of this corruption.
Add a test case for this bug. (Raw libdb test rather than kdb; the
latter would be much harder.)
ticket: new
target_version: 1.6.4
tags: pullup
component: krb5-kdc
Jeffrey Altman [Wed, 23 Jan 2008 22:10:56 +0000 (22:10 +0000)]
Windows: avoid use of cygwin mkdir and rmdir commands
Microsoft's nmake versions 8.x and 9.x prefer executables over
internal shell commands. This is a change from previous versions.
Cygwin's mkdir and rmdir commands do not have the same semantics
as the cmd.exe shell versions.
Change the definitions of MKDIR and RMDIR to use 'md' and 'rd'
in order to avoid the use of the cygwin versions.
Kevin Koch [Tue, 22 Jan 2008 16:34:31 +0000 (16:34 +0000)]
Make windows debug message line endings match the Mac endings.
Windows needs k5-platform helper function declared explicitly.
Change definition of ccs_pipe_t for windows.
#define strdup -- it's now deprecated on windows.
Russ Allbery [Sun, 30 Dec 2007 06:39:22 +0000 (06:39 +0000)]
improve debugging of ticket verification in ksu
When ksu is built with debugging support and -D is used, print out the
principals being compared before doing the verification rather than
afterwards so that the principals will be printed when the verification
fails.
ticket: new
Component: krb5-appl
Version_Reported: 1.6.2
Ken Raeburn [Sat, 22 Dec 2007 03:12:50 +0000 (03:12 +0000)]
Wrap krb5_db_get_principal function with get_principal (which will
eventually release the global lock and reacquire it) and
get_principal_locked (which will retain the global lock), and change
callers to use the wrappers, so we can simplify some ugliness at the call
sites.
Jeffrey Altman [Wed, 14 Nov 2007 22:34:53 +0000 (22:34 +0000)]
The khm_show_main_window() function is no longer called
at startup with khm_nCmdShow == SW_SHOWMINIMIZED in order to
hide the main application by calling khm_hide_main_window().
Instead, the main application window is simply never shown.
As a result, khm_show_main_window() needs to respond to
khm_nCmdShow == SW_SHOWMINIMIZED not by hiding the window
but by changing the khm_nCmdShow state to SW_SHOW and then
calling ShowWindow().
This change will address the problem whereby "Show NIM Window"
had to be triggered twice by the user when the process
was started in a minimized state.
Ken Raeburn [Thu, 1 Nov 2007 08:08:32 +0000 (08:08 +0000)]
Conditionalize "#pragma mark" on TARGET_OS_MAC.
Don't use "#pragma warning" when not on Windows. (In fact, the just-added uses
shouldn't be needed if the above conditional is done right, so one of them was
deleted.)
Ken Raeburn [Wed, 31 Oct 2007 06:07:44 +0000 (06:07 +0000)]
Set CXX_LINK, CXX_LINK_STATIC, and CXX_LINK_SHARED, parallel to CC_ versions.
Assumes for now that libpath, rpath, ldflags, pthread flags and such
apply to both C and C++ compilers.
projects / thirdparty / krb5.git / log
