krb5.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Remove last uses of "possibly-insecure" mktemp(3)	Ben Kaduk	2013-11-04	1	-0/+9
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Many libc implementations include notations to the linker to generate warnings upon references to mktemp(3), due to its potential for insecure operation. This has been the case for quite some time, as was noted in RT #6199. Our usage of the function has decreased with time, but has not yet disappeared entirely. This commit removes the last few instances from our tree. kprop's credentials never need to hit the disk, so a MEMORY ccache is sufficient (and does not need randomization). store_master_key_list is explicitly putting keys on disk so as to do an atomic rename of the stash file, but since the stash file should be in a root-only directory, we can just use a fixed name for the temporary file. When using this fixed name, we must detect (and error out) if the temporary file already exists; add a test to confirm that we do so. ticket: 1794
*	Add master key rollover tests in k5test framework	Greg Hudson	2013-10-25	1	-0/+307
	Add a new script t_mkey.py using the k5test framework. Test the fixes for #6507, #7685, and #7686 as well as basic functionality and old-stashfile compatibility. dump.16 was created by running "kdb5_util create -s -P footes" and "kdb5_util dump dumpfile" with krb5 1.6. The key from the resulting stash file was extracted and placed in the struct.pack() call in the new test script.