| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a kdb5_util load gets killed between rename()ing the new KDB file
into place and resetting the iprop ulog then the ulog can reflect the
pre-load state, which will almost certainly be incorrect.
This matters because we want to impose a timeout on full resyncs in
kpropd when iprop dictates that a full resync is needed, and the
simplest timeout scheme involves signaling the kdb5_util load process.
But also, we want no such races in general.
The fix is simple: re-initialize the ulog before renaming the new KDB
file into place, then proceed as usual. If the ulog is not properly
updated at the end of the load it will at least always result in
subsequent iprop get updates operations always indicating that a full
resync is required.
ticket: 7399
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently kadmind allows slaves to poll for updates as often as they
like, but not within 10s of the last update. This means that iprop will
appear to fail to synchronize the KDC at any site whose master KDC
processes at least one write transaction every 10 seconds consistently.
The original intention must have been to throttle iprop clients (slave
KDCs) that poll too often. But UPDATE_BUSY as implemented is not that,
and implementing a throttle would be difficult (requires keeping state
in a table) and mostly useless (admins can manage their poll timers just
fine without a throttle in kadmind).
ticket: 7369
|
|
|
|
|
|
|
|
|
|
|
| |
If a master KDC uses only a 64-bit libkadm5srv then there is no reason
to impose any limit on ulog size: the practical maximum will be given by
the filesystem and available storage space.
Even when using a 32-bit libkadm5srv the maximum practical ulog size
will be found easily enough when mmap() fails.
ticket: 7368
|
|
|
|
| |
ticket: 7375
|
|
|
|
| |
ticket: 7384
|
|
|
|
| |
[ghudson@mit.edu: split out from previous commit]
|
|
|
|
| |
ticket: 7370
|
|
|
|
| |
ticket: 7376
|
|
|
|
| |
ticket: 7379
|
|
|
|
|
|
|
|
|
|
|
|
| |
New options:
-p path-to-kdb5_util
-K path-to-kprop
-F dump-file
These are needed for testing without first having to install.
ticket: 7372
|
|
|
|
| |
Make DPRINT a varargs macro and add some new debug prints.
|
|
|
|
| |
ticket: 7377
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a global dump (the default dump file) for full syncs for iprop.
When a slave asks for a fullsync we kprop the existing global dump to it
if that is good enough, else we dump the DB and send the new global
dump.
Before this change kadmind would run kdb5_util dump -i... each time a
slave asked for a full dump. This was done in a sub-process,
thankfully, but it was still a waste of time and storage (e.g., if one
has a huge KDB).
Also, long dump times might cause a slave to give up (the timeout for
this is now configurable). But since iprop dumps bear a serial number
and timestamp and since slaves will resync from that point forward, it
doesn't matter if the dump we send a slave is fresh as long as it is
fresh enough (i.e., that its sno and timestamp are in the ulog).
Also:
- Rename dumps into place instead of unlink, create, write (but we
still keep the dump ok files as lock files and as a method of
signaling to kprop that the dump is complete).
ticket: 7371
|
|
|
|
|
|
|
| |
Add additional debug output and syslogs. Remove "kpropd:" from
syslogs. Always call openlog(). Clean up C style of a few messages.
[ghudson@mit.edu: split and combine commits; commit message]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Make kpropd in iprop mode fork a child to listen for kprops from the
master. The child writes progress and outcome reports to the parent
for each kprop. This fixes a race between asking for a full resync
and setting up a listener socket for it.
- Add runonce (-t) for kpropd do_standalone() too.
- Add a new iprop parameter: iprop_resync_timeout. kpropd will keep
asking for incremental updates while waiting for a full resync to
finish, and will re-request a full resync if kadmind continues to
indicate that one is needed after this timeout passes since the
previous full resync was requested.
- Allow polling intervals less than 10 seconds.
[ghudson@mit.edu: split out debug output changes; note polling interval
change in commit message]
ticket: 7373
|
|
|
|
|
|
|
|
|
|
|
| |
util/cstyle-file.py checks a file for C style issues and displays
line-by-line output. It is not terribly sophisticated, and can
probably be improved upon (e.g. by doing an emacs batch-reindent of
the file and checking for differences in indentation).
util/cstyle.py produces diffs using git, runs the file checker on each
modified C source file in each diff, and displays the output lines
attribute to the diff.
|
|
|
|
|
|
|
|
|
|
|
| |
RFC 6680 requires that gss_export_name_composite begin the output
token with 04 02. So we must produce a composite token even if the
name has no authdata, and be able to consume a composite token with no
authdata attributes.
[ghudson@mit.edu: expanded commit message]
ticket: 7400 (new)
|
|
|
|
|
|
|
|
|
|
| |
An interposer mech needs to be able to handle multiple mechanisms.
When importing a mech token for a name, cred, or context, the
interposer mech needs to know the mech type of the token being
imported. To make this work, add SPI calls which accept a mech type
argument.
[ghudson@mit.edu: Stylistic changes, commit squashing, commit message]
|
|
|
|
|
|
|
|
|
|
| |
Wherever a GSSAPI mechglue function accepts a mech OID from the
caller, use gssint_select_mech_type() to choose the mechanism to use.
Wherever a mechglue function outputs a mech OID to the caller, use
gssint_get_public_oid() or gssint_make_public_oid_set() to expose the
public mech OID.
[ghudson@mit.edu: Stylistic changes, commit squashing, commit message]
|
|
|
|
|
|
|
|
|
|
| |
Add gssint_select_mechanism() to determine what mechanism to use for a
caller-specified OID, gssint_get_public_oid() to determine what
mechanism to expose to the caller, and gssint_make_public_oid_set to
translate an array of mech OIDs into a set of public OIDs. In
gssint_get_mechanism(), match interposed OIDs as well as real ones.
[ghudson@mit.edu: Stylistic changes, commit squashing, commit message]
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extend the syntax of the gss mech config file to allow a module type
delimited by triangle brackets. If the module type is "interposer",
flag the mechanism entry as being an interposer mechanism. A module
marked as an interposer is loaded immediately (so it can interpose a
built-in mechanism) and produces a list of OIDs to interpose.
Interposer mechanisms are not exposed to applications.
[ghudson@mit.edu: Stylistic changes, commit squashing, commit
message]
|
|
|
|
|
|
|
|
|
|
| |
Changes in r25660 inadvertently failed to insert TGS-REPs into the
lookaside cache. Call finish_dispatch_cache() at the end of
dispatch() to handle this case.
ticket: 7388 (new)
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Executables and shared libraries should have a file version, so
that the upgrade process works as expected.
ticket: 7386 (new)
tags: pullup
target_version: 1.10.4
|
|
|
|
|
|
|
|
|
|
| |
Actually expand the OUTPRE variable instead of just using a literal
string.
ticket: 7387 (new)
subject: Windows build leaves (OUTPRE)/krb5ccNN.res in ccapi/lib/win/srctmp
tags: pullup
target_version: 1.10.4
|
|
|
|
|
| |
FILES is unused in util/{ss,et}/Makefile.in; some other unused
variables were nearby.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It has been unloved and broken repeatedly for many years, requiring
updating of several variables whenever new directories are added
and similar tedia. It was originally intended to avoid the need
for Unix utilities on Windows, but Microsoft provides the Utilities
and SDK for UNIX-based Applications which is enough rope to do a
native build.
Leave behind a warning message to anyone who does try to build the
target.
Clean up some now-unused infrastructure in the build system.
ticket: 7367 (new)
|
|
|
|
|
|
| |
NT is long-gone; we don't need to keep a special-case error message
around telling people not to use it.
Clean out the unneeded code from the Makefile.in
|
|
|
|
|
|
|
| |
It's been a long time since systems were limited to 8.3 format
for file names. No one should be thinking to try and build this
target, and if they do, we don't need a custom error message anymore.
Clean out the unneeded code from the Makefile.in.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note that windows/wshelper/* was removed from the list, as it doesn't
exist.
The kerbsrc.zip target is slated for removal, but attempt to make it
more correct before removing it should it need to be revived.
Submitted by: Blaine Elzey blaine.elzey at alcatel-lucent.com
ticket: 7364 (new)
|
|
|
|
|
|
| |
windows/leashdll/include contains only a krb4 directory.
We have a dubious need for the latter through AFSroutines.c,
but the former can be eliminated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The build instructions have changed somewhat, as have the requirements
for a build environment.
The default behavior for KRB5_CONFIG and KRB5CCNAME has also changed.
Attempt to remove mention of overly specific Windows versions that
are now quite old when the behavior persists in newer versions of Windows.
Document the usage of DNS by default and the reduced need for a large
krb5.ini file.
Talk a little more about the LSA cache.
The kerbsrc.win target is no longer supported.
ticket: 7363 (new)
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
| |
Unlike most GSS test programs, t_s4u2proxy_krb5 uses a cleanup
handler, so we have to be careful to initialize everything we clean
up--particularly service2_name, which is initialized after a possible
goto. Also, remember to release acceptor_name.
|
| |
|
|
|
|
|
| |
krb5_rc_resolve_full, krb5_rc_resolve_get_name, and
krb5_rc_resolve_get_type are also now used in the krb5 mech.
|
|
|
|
|
|
| |
krb5_rc_recover_or_initialize is not a public function, but is now
used by the krb5 mechanism when importing a credential. Mark it as
PRIVATE GSSAPI in the export list.
|
|
|
|
|
|
|
|
|
|
| |
It might have been safe to access the krb5 verifier cred without a
lock before constrained delegation, but it is less likely to be safe
now that we might access both the initiator and acceptor parts of the
cred. Hold a lock on the cred for the full accept_sec_context
operation.
ticket: 7366 (new)
|
|
|
|
|
|
|
|
|
| |
If the verifier cred handle is of type GSS_C_BOTH, we need to resolve
the initiator part of it in order to create a s4u2proxy delegated
credential handle. (If it's of type GSS_C_ACCEPT, kg_resolve_cred
won't do anything beyond locking and validating the credential.)
ticket: 7356
|
|
|
|
|
|
|
|
|
|
|
|
| |
The NSIS installer appears to have only ever existed as a 32-bit
software. As such, unconditionally check the 32-bit registry tree
for an uninstall string; the architecture of the current package
being installed is not relevant to what was previously installed.
ticket: 7362 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
| |
Use helper functions to shorten and clarify loadConfigFile.
|
|
|
|
|
|
|
| |
Get rid of gssint_get_mechanisms, gssint_mech_to_oid, and
gssint_oid_to_mech, which constructed a list of mechanism names and
mapped between mech names and OIDs. These functions were only used by
gss_inquire_mechs_for_name, which now uses gss_indicate_mechs instead.
|
|
|
|
|
|
|
|
|
| |
Use gss_indicate_mechs instead of gssint_get_mechanisms and
gssint_mech_to_oid to iterate over the list of mechanism OIDs. Use a
static helper to determine whether a mech supports a name type,
avoiding most of the work done in the for loop. Use a cleanup
handler. Don't leave partial results in the output parameter on
error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Failure handling during the postprocessing of
mech->gss_accept_sec_context was inconsistent. In one case we delete
the output token but leave the partly-constructed context present in
*context_handle (violating RFC 2744 if this is the first call); in
other cases we leave the output token in the caller's buffer but do
destroy the partly-constructed context. Make this more consistent by
always destroying the output token and partly-constructed context.
(RFC 2744 prefers, but does not require, leaving the
partly-constructed context present on error if it was present on
entry. At the moment we are ignoring that preference.)
[ghudson@mit.edu: Rewrote commit message with more details]
|
|
|
|
|
|
| |
Declarations of gss_OID_desc mech_krb5, etc. in tests/gssapi/common.h
can result in multiple definitions when the test programs are linked.
Prefix the declarations with "extern" to prevent this.
|
|
|
|
|
| |
This function wasn't used anywhere. Also remove the declaration for
osa_adb_close_policy(), which doesn't exist.
|
|
|
|
|
|
|
|
| |
Factor out some common functions used by multiple test programs. Use
a common argument format for importing names (p:princname,
h:hostbasedname, or u:username) and adjust the Python tests to match
it. Use more consistent conventions in test programs and fix some
coding style issues. Normalize how the test programs are built.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This installer option determines whether the -autoinit argument
is passed to the MIT Kerberos executable.
On startup, if this argument is passed, and if there are no tickets
in the default cache, and if no useful tickets can be imported from
the LSA cache, MIT Kerberos will open the get ticket dialog and prompt
for a password; this option does not appear to have any other effect.
ticket: 7357 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
| |
|
|
|
|
|
|
| |
Test the fix for https://bugzilla.redhat.com/show_bug.cgi?id=586032 .
Also test that krb5kdc can return svc unavailable
|