| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
ulog_get_entries does not access the KDB, only the ulog, so it does
not need a KDB lock; its read lock on the ulog is sufficient to
prevent logged updates from happening while it is running. There is
no reason to serialize against unlogged KDB updates such as those
performed by the KDC, as those do not affect the ulog.
|
|
|
|
|
|
|
| |
Always map the ulog with FKCOMMAND, not FKLOAD which reinitializes the
ulog. Don't reinitialize the ulog until just before calling
krb5_db_promote(). Get rid of FKLOAD since it isn't needed any more;
we can just call ulog_init_header() manually.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix code formatting issues. Use static scope when possible, and put
all helper functions before main so that forward declarations aren't
needed. Use GSS_KRB5_NT_PRINCIPAL_NAME instead of constructing it
with gss_str_to_oid, and get rid of display_status as that was the
only use. Replace large verbose function comments with concise ones.
Factor out main loop setup and KDB keytab setup into helper functions.
Create a helper function fail_to_start for logging and exiting on
initialization failures, and use it instead of the large cleanup
blocks in main.
Some initialization error messages have changed; no other functional
changes.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Don't use "extern" for kdb_log.h prototypes.
* Avoid passing structures by value.
* Avoid the need to cast the result of the INDEX macro, and use char *
instead of unsigned long for pointer arithmetic.
* Reorganize kdb_log.c so static helpers are at the top and don't use
the "ulog_" prefix.
* Get rid of ulog_finish_update_slave since it's more concise to
open-code it in ulog_replay.
* Get rid of ulog_delete_update. In krb5_db_delete_principal, just
call ulog_add_update with kdb_deleted set in upd.
* Modernize coding style of kproplog.c. Use k5memdup0 instead of
snprintf in print_str to convert a byte range to a C string.
Remove an unnecesary textdomain call; libkrb5 takes care of calling
bindtextdomain in the library initializer.
* Modernize coding style of kpropd.c and kprop.c.
No functional changes.
|
|
|
|
|
|
|
|
|
| |
A missing break in the switch statement caused kpropd -x to error out
with a usage message.
ticket: 7854 (new)
target_version: 1.12.2
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Revert the safety net added #7370. As written it only applied to the
master KDC, where a normal load sometimes makes sense. Even on a
slave, there are edge cases where it can make sense to do a normal
load.
ticket: 7850 (new)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a process terminates in the middle of a logged database update, it
will release its lock and leave the ulog in the KDB_UNSTABLE state.
kadmind should notice this when it calls ulog_get_entries, but right
now it only checks for the KDB_CORRUPT state (which is never set any
more) and does not recover. Check for any state other than KDB_STABLE
and recover by resetting the ulog and forcing full resyncs to slaves.
ticket: 7853 (new)
target_version: 1.12.2
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Add a unit test program named t_ulog. Make it map a ulog file, set up
header state where kdb_last_sno is the last serial number, and then
add an empty update. Check that the result is a ulog header with one
update at serial number 1.
ticket: 7839
|
|
|
|
|
|
|
|
|
|
|
| |
When we wrap the serial number, reinitialize the ulog so that kdb_num
starts counting from 1, instead of leaving the ulog in a weird state
where kdb_num == ulogentries but kdb_last_sno == 1 and the serial
numbers in the circular array aren't necessarily contiguous.
ticket: 7839 (new)
target_version: 1.12.2
tags: pullup
|
|
|
|
|
|
|
| |
Remove the GNATS-based krb5-send-pr script and replace it with a
script that instructs users to send email.
ticket: 7840 (new)
|
|
|
|
|
| |
Add a test program which compares gss_pseudo_random outputs against
expected values for each enctype.
|
|
|
|
|
|
|
|
|
| |
Nobody is likely to ever ask for zero bytes of output from
gss_pseudo_random, but if they do, just return an empty buffer without
allocating. Otherwise we leak memory because gss_release_buffer
doesn't do anything to buffers with length 0.
ticket: 7838 (new)
|
| |
|
|
|
|
|
|
|
|
|
| |
There is no reason to deny a zero-length cred store, so don't check
for it in val_acq_cred_args or val_add_cred_args.
ticket: 7836 (new)
target_version: 1.12.2
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
| |
r17942 added a call to get_thread_buffer in the first part of
error_message, prior to the call to com_err_initialize. This can
cause an assertion failure from k5_getspecific if error_message is
called on a system error before any other com_err functions are
called. Move the initialization call earlier to prevent this.
ticket: 7822 (new)
target_version: 1.12.2
tags: pullup
|
|
|
|
|
|
|
|
|
|
| |
The "rcache" cred store entry can specify a replay cache type and name
to be used with the credentials being acquired.
[ghudson@mit.edu: split up, simplified, and altered to fit preparatory
commits]
ticket: 7819 (new)
|
|
|
|
|
|
|
|
|
| |
The error handler in acquire_cred_context didn't release the rcache,
which would cause it to leak if we failed after acquire_accept_cred.
ticket: 7818 (new)
target_version: 1.12.2
tags: pullup
|
|
|
|
|
|
| |
Use a cleanup handler instead of releasing kt in multiple error
clauses. Wrap a long line and fix a comment with a missing word.
Rewrap the function arguments to use fewer lines.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Move the time offset lookup from krb5_krcc_resolve to make_cache, so
that we fetch time offsets for caches created by
krb5_krcc_ptcursor_next.
ticket: 7820
target_version: 1.12.2
tags: pullup
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
The list of input files for msgfmt was unsorted find output, resulting
in excessively large changes when running "make update-po".
ticket: 7821 (new)
target_version: 1.12.1
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Start the process of deprecating krb5-send-pr. In practice, it causes
frustration for some users, and free-form email is good enough for
most bug reports.
Continue to install krb5-send-pr for now, but plan to remove it from
the tree in the future, probably replaced by a script that instructs
the user to send email manually.
ticket: 5566
target_version: 1.12.1
tags: pullup
|
|
|
|
|
|
|
|
|
|
| |
Some versions of the sphinx manpage writer have a typo in the name
'reStructuredText' written into the comments. Add a sed command to
fix this.
ticket: 7817 (new)
target_version: 1.12.1
tags: pullup
|
|
|
|
|
|
|
|
|
| |
RFCs 2743 and 4121 recommend that implementations produce empty tokens
from gss_delete_sec_context, and trying to produce one can cause
gss_delete_sec_context to fail on a partially established context.
Patch from Tomas Kuthan.
ticket: 7816 (new)
|
|
|
|
|
|
|
|
|
|
|
| |
Since we explicitly specify the ELF object format when building
iaesx86.s or iaesx64.s, we need to restrict it to operating systems we
know to be ELF platforms. Otherwise we can break the build on OS X,
which uses the Mach-O object format.
ticket: 7812
target_version: 1.12.1
tags: pullup
|
|
|
|
|
| |
Items in .data other than shuffle_mask are unused; delete them.
Delete the unused macro load_and_inc4. Move shuffle_mask to .rodata.
|
|
|
|
|
|
|
|
|
|
| |
Use PC-relative addressing to avoid runtime text relocations on i386.
Adapted patch from Nalin Dahyabhai.
ticket: 7815
target_version: 1.12.1
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
If the session keyring matches the user session keyring, write
explicitly to the user session keyring. Otherwise the kernel might
create a new session keyring for the process, making the resulting
cache collection invisible to other processes.
ticket: 7814
target_version: 1.12.1
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Use various standard C library functions rather than rolling our own.
Previous code spent many lines reimplementing realloc(), strpbrk(),
strtok_r(), etc.
Make a separate string_to_keysalt() parser for an individual keysalt
pair, which for now is private and destructive.
|
|
|
|
| |
ticket: 884
|
|
|
|
|
|
|
|
|
|
| |
Make krb5_string_to_keysalts() default to only ":" as a key:salt
separator character. Change most of its callers to pass NULL so they
get the default separators.
Adapted from a patch proposed by Jon Looney.
ticket: 884
|
|
|
|
|
|
|
|
| |
krb5_string_to_keysalts() treats an empty salt field as -1 ("ignore"),
rather than as the normal salttype. Default to normal instead, so
that omitting a salttype works as expected.
ticket: 6042
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some Linux systems now come with facilities to mark the stack as
non-executable, making it more difficult to exploit buffer overrun
bugs. For this to work, object files built from assembly need a
section added to note whether they require an executable stack.
Patch from Dhiru Kholia with comments added. More information at:
https://bugzilla.redhat.com/show_bug.cgi?id=1045699
https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
ticket: 7813
target_version: 1.12.1
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
Send encodings that are invalid KDC-REQs, but pass krb5_is_as_req()
and krb5_is_tgs_req(), to make sure that the KDC recovers correctly
from failures in decode_krb5_as_req() and decode_krb5_tgs_req(). Also
send an encoding that isn't a valid KDC-REQ.
ticket: 7811 (new)
target_version: 1.12.1
tags: pullup
|
|
|
|
|
|
|
| |
My rework of the do_tgs_req.c patch introduced a null deref if
decode_krb5_tgs_req() failed.
ticket: 7802
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Under some error conditions, the KDC would log "<unknown server>" for
the service principal because service principal information is not yet
available to the logging functions. Set the appropriate variables
earlier.
do_as_req.c: After unparsing the client, immediately unparse the
server before searching for the client principal in the KDB.
do_tgs_req.c: Save a pointer to the client-requested service
principal, to make sure it gets logged if an error happens before
search_sprinc() successfully completes.
[tlyu@mit.edu: commit message; fix TGS to catch more error cases]
ticket: 7802
target_version: 1.12.1
tags: pullup
|
|
|
|
| |
ticket: 7800
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, if you passed a service name with a realm part to a
kadm5_init function, you would get a KRB5_PARSE_MALFORMED error
because the code would internally append its own '@realm' suffix
before parsing the name. Fix this as follows:
Change gic_iter so instead of producing a full service name, it
produces a krb5_principal which is taken from the cred it acquires.
Pass the client and full service name around as principals, rather
than strings, and use the gss_nt_krb5_principal name type to import
them in setup_gss(). Don't append a realm to the input service name;
instead, pass the input service name directly to the gic functions
(which do not need a realm in the service name and will ignore the
realm if one is present). For the INIT_CREDS case, parse the input
service name with KRB5_PRINCIPAL_PARSE_IGNORE_REALM and then set the
realm.
ticket: 7800
|
|
|
|
|
|
|
|
|
|
|
| |
The "realm" variable in init_any is used only to fill in the realm of
the service principal in gic_iter(). The service principal realm
should always be the realm we looked up config parameters for, so we
can supply that realm to get_init_creds() unconditionally and
eliminate the case where we use the client principal realm.
Also get rid of an outdated comment and an #if 0 block we will never
need again, and use SNPRINTF_OVERFLOW to check the snprintf result.
|
| |
|
|
|
|
|
| |
A tree configured to use the system libverto will be missing
$(VERTO_DEPS) in dependencies, so disallow make depend.
|
|
|
|
|
|
|
|
|
| |
keyctl purge was added in keyutils 1.5 (released in March 2011). Use
keyctl unlink to clean up keys instead, as it is more universal.
ticket: 7810
target_version: 1.12.1
tags: pullup
|
|
|
|
|
|
|
|
|
|
| |
Add an adapted version of extended_com_err_fn from kinit to klist and
use it. In do_ccache(), rely on the ccache type to set a reasonable
message if krb5_cc_set_flags() or krb5_cc_get_principal() fails due to
a nonexistent or unreadable ccache, and don't confuse the user with
the name of the ccache operation that failed.
ticket: 7809
|
|
|
|
|
|
|
|
|
|
|
|
| |
When attempting to use a keyring cache that doesn't exist, set an error
message when we fail to read a principal name, as we do when we return
the same error code when using a file ccache.
[ghudson: removed unnecessary check for d->name nullity.]
ticket: 7809
target_version: 1.12.1
tags: pullup
|
|
|
|
|
|
|
|
|
|
| |
libkrad relies on verto_set_flags, which was added to libverto in
release 0.2.4. Make sure the system libverto has this function before
choosing it over the built-in version.
ticket: 7808 (new)
target_version: 1.12.1
tags: pullup
|
|
|
|
|
| |
Their previous location - kdc_util.c - seems to be overloaded with
various helper functions. No code changes.
|
|
|
|
| |
Missing $
|
|
|
|
|
|
|
|
| |
This test program isn't completely proof against the kind of mistakes
we've made with krb5_copy_context in the past, but it at least
exercises krb5_copy_context and can detect some kinds of bugs.
ticket: 7807
|