| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Since we no longer prefix an "#include <stdint.h>" in the gssapi.h
preamble at build time, include it in gssapi.hin.
Update util/gss/kernel-lib/Makefile.in to account for gssapi_krb5.h
being in the source tree.
|
|
|
|
|
| |
Directly use stdint.h names for integer types in preference to the
various internal names we have made up for them.
|
|
|
|
|
|
|
| |
Make unconditional use of <stdint.h> and fixed-width types such as
uint32_t. k5-plugin.h doesn't use any special integer types, so
remove the conditional include block there. Nothing uses
INT64_FMT/UINT64_FMT, so leave those out of k5-platform.h for now.
|
|
|
|
|
|
|
| |
Remove the GNATS-based krb5-send-pr script and replace it with a
script that instructs users to send email.
ticket: 7840 (new)
|
|
|
|
|
|
|
|
|
|
|
|
| |
r17942 added a call to get_thread_buffer in the first part of
error_message, prior to the call to com_err_initialize. This can
cause an assertion failure from k5_getspecific if error_message is
called on a system error before any other com_err functions are
called. Move the initialization call earlier to prevent this.
ticket: 7822 (new)
target_version: 1.12.2
tags: pullup
|
| |
|
|
|
|
|
|
| |
$(BUILDTOP)/include/profile.h was being updated by two different
rules, which could collide with make -j. Use a dependency from
includes instead of a redundant rule.
|
|
|
|
|
|
|
| |
k5_bcmp acts similarly to the deprecated Unix bcmp() function,
returning zero if two memory regions are equal and nonzero if they are
not. It is implemented such that it should take the same amount of
time regardless of how many bytes are equal within the memory regions.
|
|
|
|
|
| |
Add a utility function in k5test.py to look for a command in the
executable path, and remove it from t_kdb.py.
|
|
|
|
| |
Avoid using "magic numbers" for better maintainability.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a long-standing documentation bug where we claimed that
a domain_realm mapping for a host name would not affect entries
under that domain name. The code has always had the behavior where
a host name mapping implies the corresponding domain name mapping,
since the 1.0 release.
While here, replace media-lab with csail in example files, as the
media lab realm is no longer in use. Also strip port 88 from KDC
specifications, and drop the harmful default_{tgs,tkt}_enctypes
lines from src/util/profile/krb5.conf.
Further cleanup on these files to remove defunct realms may be in order.
ticket: 7690 (new)
tags: pullup
target_version: 1.11.4
|
|
|
|
|
| |
This was previously not an issue because nothing outside of
libkrb5support used them.
|
|
|
|
|
| |
Document that k5_json_object_set can be used to overwrite an existing
key, and make it possible to remove a key by setting it to NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The internal UTF-8 to UCS-2 conversion functions did not properly
respect their length arguments, instead assuming that the input string
is terminated with a zero bytes. As a result,
krb5int_arcfour_string_to_key could fail on unterminated inputs. Fix
the underlying support functions to read their inputs only up to the
specified length.
ticket: 7643 (new)
|
|
|
|
|
|
|
|
|
| |
Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make
sure to use DEFINES for local defines (not DEFS). Remove some other
unnecessary makefile content.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Locking and unlocking a non-recursive mutex is a simple memory
operation and should not fail on any reasonable platform with correct
usage. A pthread mutex can return EDEADLK on lock or EPERM on unlock,
or EINVAL if the mutex is uninitialized, but all of these conditions
would reflect serious bugs in the calling code.
Change the k5_mutex_lock and k5_mutex_unlock wrappers to return void
and adjust all call sites. Propagate this change through
k5_cc_mutex_lock and k5_cc_mutex_unlock as well.
|
|
|
|
|
|
| |
Reported by Arlene Berry.
ticket: 7629
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By a strict reading of the C standard, memcpy and memcmp have
undefined behavior if their pointer arguments aren't valid object
pointers, even if the length argument is 0. Compilers are becoming
more aggressive about breaking code with undefined behavior, so we
should try to avoid it when possible.
In a krb5_data object, we frequently use NULL as the data value when
the length is 0. Accordingly, we should avoid copying from or
comparing the data field of a length-0 krb5_data object. Add checks
to our wrapper functions (like data_eq and k5_memdup) and to code
which works with possibly-empty krb5_data objects. In a few places,
use wrapper functions to simplify the code rather than adding checks.
|
|
|
|
|
| |
Get rid of unnecessary null checks before freeing values in
libkrb5support's plugin code.
|
|
|
|
|
|
|
|
|
|
| |
When the bundled libverto was updated from 0.2.2 to 0.2.5,
verto_set_flags should have been added to libverto.exports along with
the other new functions.
ticket: 7594 (new)
target_version: 1.11.2
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7585
|
|
|
|
|
|
| |
Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity. Reformat some k5buf implementation code to match current
practices.
|
|
|
|
|
|
| |
Add a template-based array constructor for convenient marshalling of
structured values as JSON array values. Use it to simplify
export_cred.c.
|
|
|
|
|
|
|
|
|
| |
Return error codes (0, ENOMEM, or EINVAL) from JSON support functions
instead of returning results directly. This makes error handling
simpler for functions which assemble JSON objects and then return a
krb5_error_code values. Adjust all callers. Use shims in
export_cred.c to minimize changes there; it will be redesigned
internally in a subsequent commit.
|
|
|
|
|
|
| |
Create a K5Realm.kprop_port method so test scripts can invoke kprop
usefully, and create a simple Python test script exercising the same
kprop functionality as the dejagnu suite's kprop.exp.
|
|
|
|
|
|
|
|
|
|
|
| |
In fake-addrinfo.c, the COPY_FIRST_CANONNAME logic erroneously assumes
that h_name is the same as h_aliases[0]. Look at h_name before
h_aliases for an FQDN, since h_name is normally the
forward-canonicalized name and h_aliases are not.
[ghudson@mit.edu: rewrote commit message]
ticket: 7556 (new)
|
|
|
|
|
|
|
| |
In k5test.py, allow run_kadminl to take an environment argument. In
t_iprop.py, perform some queries on the slaves after each propagation
to spot-check that it got modifications from master. Use a helper
function to check serial numbers for conciseness.
|
|
|
|
|
|
| |
Accept environment parameters in the K5Realm start_kdc and
start_kadmind methods, so that krb5kdc or kadmind can be started or
restarted with a modified configuration.
|
|
|
|
|
| |
Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.
|
|
|
|
|
|
|
|
| |
Signed overflow must be checked before it happens, since modern
versions of gcc will optimize out checks of the result. Reported by
Nickolai Zeldovich <nickolai@csail.mit.edu>.
ticket: 7511
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial k5test.py design, copied from the dejagnu suite, is to
create config files and environments for four expected roles: client,
server, master, and slave. This approach exaggerates the complexity
of the common case, where the configurations don't need to vary, and
limits us to having just one slave for kprop/iprop tests.
Instead, create just one configuration by default, and add a
special_env() method which sets up a differently configured
environment for the few test cases which need one. The run_as_*()
methods are collapsed into just run(), which accepts an optional
argument for the environment returned by special_env().
|
|
|
|
|
|
|
|
| |
All of our deps files have a trailing space in the first line,
originating from depfix.pl. This space triggers the whitespace
checker when generating a new deps file. Get rid of the trailing
whitespace in the script; the change will be reflected in the deps
files the next time they are regenerated.
|
|
|
|
|
|
|
| |
Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header. For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.
|
|
|
|
|
|
| |
Eliminate the scratch_buf field of struct error_info and just return a
non-localized constant error message if we can't allocate a copy of
the real one. Also rely on a conformant strerror().
|
|
|
|
|
|
|
| |
Fix style issues in kerrs.c and errors.c. Rename error handling
functions to use shorter k5_ prefix. Eliminate an inoperable
krb5int_set_error() call in gic_opte_alloc and convert the other
call to use krb5_set_error_message().
|
|
|
|
|
|
|
|
|
| |
Update mkrel so that it will explicitly set SPHINX_ARGS=-W to make
warnings fatal and so that it will work in an unconfigured tree.
ticket: 7497 (new)
target_version: 1.11
tags: pullup
|
|
|
|
|
|
| |
ticket: 7453 (new)
target_version: 1.11
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new tests kdbtest.c and t_kdb.py. Together these exercise most of
the code in the LDAP back end. kdbtest is also run against the DB2
module, which is mostly redundant with other tests, but does exercise
the lockout logic a little more thoroughly than t_lockout.py can.
To test the LDAP back end, we look for slapd and ldapadd binaries in
the path. The system slapd is sometimes constrained by AppArmor or
the like, which we can typically work around by making a copy of the
binary. slapd detaches before listening on its server socket (this
got better in 2.4.27 but still isn't perfect), so we unfortunately
have to use a one-second sleep in the slapd setup.
|
|
|
|
|
|
|
|
|
|
| |
Add an internal json function to make it easier to detect if an object
is empty, and use it to avoid creating a ccache config entry for
preauth module config data if there isn't any to save.
ticket: 7427 (new)
target_version: 1.11
tags: pullup
|
|
|
|
|
|
|
|
|
| |
* Avoid space-before-paren false positives on some function pointer
declarations by checking the identifier for simple type names.
* Check for space before close parenthesis.
* Check (carefully) for asymmetric spaces around binary operators.
* Handle nesting when checking for 2+ line flow control bodies.
* Check for asymmetric bracing around else statements.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Catch SIGUSR1 in iprop-mode kpropd so that we can use it to interrupt
sleeps and make kpropd do an iprop request immediately.
In k5test.py, add prod_kpropd and read_from_kpropd methods to allow
test scripts to send a SIGUSR1 to kpropd and to read its stdout/stderr
output; also allow the test script to specify additional arguments
when starting kpropd.
In t_iprop.py, start kpropd with -d and, instead of sleeping, read
kpropd output until we see an indication that kpropd is in sync with
the master. To avoid delays, prod kpropd before waiting for sync and
after a completed full prop.
|
|
|
|
|
|
|
| |
In check_cast, we want to match cast operators with or without spaces
after the closing paren, and then check for spaces after we match.
Also, per the comment, we want to match potential cast operators
followed by an open paren.
|
|
|
|
|
|
|
|
|
|
| |
The Camellia enctypes and cksumtypes have received IANA assignments.
Add #defines using those assignments to krb5.h, remove the CAMELLIA
conditional, and enable testing code as appropriate.
The Camellia draft has not received an RFC number yet, so there is no
Doxygen markup for the enctype and cksumtype #defines. That can be
added once the RFC number is known.
|
|
|
|
|
|
|
| |
Add a start_kpropd() method to K5Realm and make start_kadmind() use the
kadmind -p, -K, and -F options.
ticket: 7378
|
|
|
|
|
|
|
|
|
|
|
| |
util/cstyle-file.py checks a file for C style issues and displays
line-by-line output. It is not terribly sophisticated, and can
probably be improved upon (e.g. by doing an emacs batch-reindent of
the file and checking for differences in indentation).
util/cstyle.py produces diffs using git, runs the file checker on each
modified C source file in each diff, and displays the output lines
attribute to the diff.
|
|
|
|
|
| |
FILES is unused in util/{ss,et}/Makefile.in; some other unused
variables were nearby.
|
| |
|
| |
|