summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* memory leak in test code t_authdataEzra Peisach2009-07-301-0/+1
| | | | | | | | Free the krb5_context at the end to release memory. ticket: 6540 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22473 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak by release context at end of test codeEzra Peisach2009-07-301-0/+3
| | | | | | ticket: 6539 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22470 dc483132-0cff-0310-8789-dd5450dbe970
* Enctype list configuration enhancementsGreg Hudson2009-07-294-78/+338
| | | | | | | | | | | In the processing code for enctype lists, add support for "DEFAULT" to indicate the default list, for families (des/des3/aes/rc4), and for removing entries from the current list (-foo). Also add unit tests and document. ticket: 6539 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22469 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto Modularity proj: Added an option --with-crypto-impl to configure.in ↵Zhanna Tsitkov2009-07-281-0/+10
| | | | | | to specify crypto impl git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22460 dc483132-0cff-0310-8789-dd5450dbe970
* Use zero-terminated enctype lists in the context structure instead ofGreg Hudson2009-07-274-173/+150
| | | | | | counted lists, to reduce impedance mismatches. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22456 dc483132-0cff-0310-8789-dd5450dbe970
* include win-mac.h in gssftp/ftp/cmds.c for HAVE_STDLIB_HTom Yu2009-07-171-0/+4
| | | | | | | | | | | gssftp/ftp/cmds.c had a preprocessor conditional on HAVE_STDLIB_H that will not evaluate correctly on WIN32 unless win-mac.h is included first. ticket: 6531 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22443 dc483132-0cff-0310-8789-dd5450dbe970
* check for slogin failure in setup_root_shellTom Yu2009-07-101-1/+1
| | | | | | | | | | | | Add a check for a slogin message that indicates an unknown public key fingerprint, as rlogin looks like it points to slogin by default on Debian Lenny. ticket: 6530 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22435 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new '-W' option to kadmind and kdb5_util create to allow readingTom Yu2009-07-104-5/+14
| | | | | | | | | | | weak random numbers on startup, to avoid long delays in testing situations. Use only for testing. Update testing scripts accordingly. ticket: 1233 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22434 dc483132-0cff-0310-8789-dd5450dbe970
* In the dejagnu test suite, remove the no-longer-used check_kloginGreg Hudson2009-07-101-31/+0
| | | | | | function. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22433 dc483132-0cff-0310-8789-dd5450dbe970
* Make datetest buildable againTom Yu2009-07-092-3/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22432 dc483132-0cff-0310-8789-dd5450dbe970
* In tests/dejagnu/Makefile.in, remove a --srcdir option which wasGreg Hudson2009-07-091-1/+1
| | | | | | redundant with the one in pre.in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22431 dc483132-0cff-0310-8789-dd5450dbe970
* In pre.in, remove some variable expansions in the definition ofGreg Hudson2009-07-091-2/+1
| | | | | | DEJAFLAGS which aren't used anywhere in the tree. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22430 dc483132-0cff-0310-8789-dd5450dbe970
* k5-platform.h no longer takes responsibility for making "staticGreg Hudson2009-07-011-1/+0
| | | | | | inline" work, so remove the comment which says it does. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22425 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_copy_error_message, pass correct pointer toGreg Hudson2009-06-271-1/+1
| | | | | | | | | | krb5int_clear_error. ticket: 6519 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22424 dc483132-0cff-0310-8789-dd5450dbe970
* Add test case omitted in last commitTom Yu2009-06-261-0/+105
| | | | | | ticket: 6428 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22423 dc483132-0cff-0310-8789-dd5450dbe970
* Check for principal expiration prior to checking for passwordTom Yu2009-06-261-16/+16
| | | | | | | | | | | expiration. Reported by Phil Pishioneri. ticket: 6428 version_reported: 1.7 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22422 dc483132-0cff-0310-8789-dd5450dbe970
* syms.c doesn't exist; update clean target and dependenciesKen Raeburn2009-06-232-9/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22421 dc483132-0cff-0310-8789-dd5450dbe970
* GSSAPI init/accept_sec_context performance testing programKen Raeburn2009-06-232-0/+457
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22420 dc483132-0cff-0310-8789-dd5450dbe970
* Update comments to reflect reality and the fact that this is not a file basedEzra Peisach2009-06-211-20/+28
| | | | | | cache. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22419 dc483132-0cff-0310-8789-dd5450dbe970
* reduce some mutex performance problems in profile libraryKen Raeburn2009-06-183-21/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In profile_node_iterator we unlock a mutex in order to call profile_update_file_data, which wants to lock that mutex itself, and then when it returns we re-lock the mutex. (We don't use recursive mutexes, and I would continue to argue that we shouldn't.) On the Mac, when running multiple threads, it appears that this results in very poor peformance, and much system and user CPU time is spent working with the locks. (Linux doesn't seem to suffer as much.) So: Split profile_update_file_data into a locking wrapper, and an inner routine that does the real work but requires that the lock be held on entry. Call the latter from profile_node_iterator *without* unlocking first, and only unlock if there's an error. This doesn't move any significant amount of work into the locking region; it pretty much just joins locking regions that were disjoint for no good reason. On my tests on an 8-core Mac, in a test program running gss_init_sec_context in a loop in 6 threads, this brought CPU usage per call down by 40%, and improved wall-clock time even more. Single-threaded performance improved very slightly, probably in the noise. Linux showed modest improvement (5% or less) in CPU usage in a 3-thread test on a 4-core system. Similar tests with gss_accept_sec_context showed similar contention around the profile-library mutexes, but I haven't analyzed the performance changes there from this patch. More work is needed, but this will help. ticket: 6515 tags: pullup target_version: 1.7.1 version_reported: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22418 dc483132-0cff-0310-8789-dd5450dbe970
* minor memory leak in 'none' replay cache typeKen Raeburn2009-06-181-2/+8
| | | | | | | | | | | | | | | | The replay cache type implementations are responsible for freeing the main rcache structure when the cache handle is closed. The 'none' rcache type wasn't doing this, resulting in a small memory leak each time such a cache was opened and closed. Not a big deal for a server process servicing a single client, but it could accumulate (very very slowly) for a long-running server. ticket: 6514 tags: pullup target_version: 1.7.1 version_reported: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22417 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the new configure option --enable-static-only, and insteadGreg Hudson2009-06-181-16/+9
| | | | | | | | | | | require --enable-static --disable-shared for the same effect. Error out if only one of those two is specified. While here, remove an unnecessary clause in the --disable-rpath block, and make the notices consistent when using shared and static libraries. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22416 dc483132-0cff-0310-8789-dd5450dbe970
* In default.exp, revert an unintended part of the last commitGreg Hudson2009-06-181-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22415 dc483132-0cff-0310-8789-dd5450dbe970
* In default.exp, import RLOGIN_FLAGS from the environment, as isGreg Hudson2009-06-181-2/+2
| | | | | | apparently intended. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22414 dc483132-0cff-0310-8789-dd5450dbe970
* In the previous patch - I neglected a potential NULL deref in the callEzra Peisach2009-06-171-1/+3
| | | | | | | | to krb5int_yarrow_cipher_final. Trivial fix. ticket: 6512 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22413 dc483132-0cff-0310-8789-dd5450dbe970
* In ldap_create.c, remove four incorrect uses of krb5_set_error_messageGreg Hudson2009-06-171-10/+3
| | | | | | which resulted in obscured and confusing error diagnostics. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22412 dc483132-0cff-0310-8789-dd5450dbe970
* Use ticket forwarding in the GSSAPI test cases to exerciseGreg Hudson2009-06-111-2/+2
| | | | | | mk_cred/rd_cred etc. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22411 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_yarrow_final could deref NULL if out of memoryEzra Peisach2009-06-111-1/+2
| | | | | | | | | | | krb5int_yarrow_final tests if the Yarrow_CTX* is valid (not NULL) - and if not - signals and error for return - but still invokes mem_zero (memset) with it as an argument. This will only happen in an out-of-memory situation. ticket: 6512 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22410 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_rd_chpw_rep could call krb5_free_error with random valueEzra Peisach2009-06-101-1/+1
| | | | | | | | | | clang picked up on a path in which krberror is not set and passed as an argument to krb5_free_error(). Essentially if the clearresult length < 2 but everything decodes - you can hit this path... ticket: 6511 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22409 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up and simplify kdb5.c; no functional changesGreg Hudson2009-06-081-707/+311
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22408 dc483132-0cff-0310-8789-dd5450dbe970
* In kdb5.c, remove calls to the locking macros which were stubbed outGreg Hudson2009-06-081-258/+1
| | | | | | in r17612. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22407 dc483132-0cff-0310-8789-dd5450dbe970
* Restore limited support for static linkingGreg Hudson2009-06-0817-118/+153
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add enough static linking support to run the test suite without shared libraries, to facilitate gcov and other kinds of instrumentation. The necessary changes include: * Undo some of the changes which removed static linking support, and cannibalize the defunct krb5_force_static conditional block in aclocal.m4. * Add --enable-static-only configure option. * For plugins, use a different symbol name for static and dynamic builds, via a macro in k5plugin.h. * Add build machinery for building static libraries for plugins (somewhat grotty due to the difference in names). * Move plugin subdirs earlier in SUBDIRS in src/Makefile.in. * Make the in-tree KDB5 plugins dependencies of libkdb5 in a static build (aclocal.m4 has to know what they are). * In kdb5.c, cannibalize the broken _KDB5_STATIC_LINK support to allow "loading" of statically linked plugin libraries. Preauth, authdata, locate, and GSSAPI plugins are not handled by this change, as they are not currently necessary to the test suite. Supporting GSSAPI plugins may be a bit tricky but the others should be straightforward if they become needed. $(STLIBEXT) changes from .a-nobuild to .a in a normal shared build as a result of these changes (except on AIX where aclocal.m4 changes it). This does not seem to be important as we avoid selecting the static library for building via other means. ticket: 6510 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22406 dc483132-0cff-0310-8789-dd5450dbe970
* libkdb5 now depends on libgssrpc. So when linking kpropd, specifyGreg Hudson2009-06-081-2/+2
| | | | | | | | $(KDB5_LIB) before $(KADMCLNT_LIBS) to get the link order right. Unimportant for dynamic linking in most environments, but relevant for static linking. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22405 dc483132-0cff-0310-8789-dd5450dbe970
* Don't build the kadm5/unit-test test programs during "make all"; buildGreg Hudson2009-06-081-4/+0
| | | | | | | | them during "make check" via test dependencies for consistency with the way we handle other test programs. (Also means we don't need libraries to be linkable until later in the build process.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22404 dc483132-0cff-0310-8789-dd5450dbe970
* kadmind is parsing acls good deref NULL pointer on errorEzra Peisach2009-06-061-13/+17
| | | | | | | | | | | | In kadm5int_acl_parse_line, if you setup an acl w/ restrictions (i.e. the four argument acl format) - but have an error parsing the first few fields, acle is NULLed out, and is then derefed. This adds a conditional and indents according to the krb5 c-style... ticket: 6509 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22403 dc483132-0cff-0310-8789-dd5450dbe970
* kadm5int_acl_parse_restrictions could ref uninitialized variableEzra Peisach2009-06-061-1/+1
| | | | | | | | | | The variable sp is never initialized. If the first argument to the function is null, the code falls through to freeing sp if valid. However, sp is never set. ticket: 6508 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22402 dc483132-0cff-0310-8789-dd5450dbe970
* Make results of krb5_db_def_fetch_mkey more predictableGreg Hudson2009-06-011-25/+16
| | | | | | | | | | | | | | | | | | | | krb5_db_def_fetch_mkey tries the stash file as a keytab, then falls back to the old stash file format. If the stash file was in keytab format, but didn't contain the desired master key, we would try to read a keytab file as a stash file. This could succeed or fail depending on byte order and other unpredictable factors. The upshot was that one of the libkadm5 unit tests (init 108) was getting a different error code on different platforms. To fix this, only try the stash file format if we get KRB5_KEYTAB_BADVNO trying the keytab format. This requires reworking the error handling logic. ticket: 6506 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22397 dc483132-0cff-0310-8789-dd5450dbe970
* Fix minor bug in r21269 - wrong field nameKen Raeburn2009-05-301-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22395 dc483132-0cff-0310-8789-dd5450dbe970
* Revert last changeKen Raeburn2009-05-271-7/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22394 dc483132-0cff-0310-8789-dd5450dbe970
* Don't re-run test programs to recreate output every time 'check' is builtKen Raeburn2009-05-271-5/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22393 dc483132-0cff-0310-8789-dd5450dbe970
* fix t_prf test code properlyKen Raeburn2009-05-271-6/+8
| | | | | | | | | | | | | Correction to patch in r22364: "i" was used in two places, one of which required an int-sized value and the other of which required a size_t. Instead of changing the type, split the two uses into separate variables. ticket: 6505 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22392 dc483132-0cff-0310-8789-dd5450dbe970
* On error getting forwarded creds, actually print out the errorKen Raeburn2009-05-251-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22384 dc483132-0cff-0310-8789-dd5450dbe970
* Check for 'encoding ### bytes' message consistently, accepting full base64 ↵Ken Raeburn2009-05-251-1/+1
| | | | | | encoding git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22383 dc483132-0cff-0310-8789-dd5450dbe970
* Fix up kinit -T documentationGreg Hudson2009-05-252-3/+6
| | | | | | | | ticket: 6497 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22382 dc483132-0cff-0310-8789-dd5450dbe970
* Temporarily disable FAST PKINIT for 1.7 releaseGreg Hudson2009-05-252-0/+35
| | | | | | | | | | | | | There are protocol issues and implementation defects surrounding the combination of FAST an PKINIT currently. To avoid impacting the 1.7 scheduled and to avoid creating interoperability problems later, disable the combination until the problems are resolved. ticket: 6501 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22381 dc483132-0cff-0310-8789-dd5450dbe970
* If --enable-pkinit is explicitly given, and OpenSSL is too old, error out ↵Ken Raeburn2009-05-241-3/+5
| | | | | | | | instead of ignoring the option and disabling pkinit. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22370 dc483132-0cff-0310-8789-dd5450dbe970
* Fix vector initialization error in KDC preauth codeGreg Hudson2009-05-241-3/+2
| | | | | | | | | | | | | | In the KDC, get_preauth_hint_list had two bugs initializing the preauth array. It was allocating 21 extra entries instead of two due to a typo (harmless), and it was only zeroing up through one extra entry (harmful). Adjust the code to use calloc to avoid further disagreements of this nature. ticket: 6496 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22369 dc483132-0cff-0310-8789-dd5450dbe970
* Fix test rules for non-gmake make versionsGreg Hudson2009-05-241-2/+2
| | | | | | | | | | | | | The build rules for the new t_ad_fx_armor and t_authdata test programs used $<, which is only portable for implicit rules (but is valid in gmake for all rules). Stop using $< in those rules so that "make check" works with System V make. ticket: 6495 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22368 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_ktfileint_write_entry, add a no-op fseek in between readingGreg Hudson2009-05-231-0/+3
| | | | | | | | EOF and writing the placeholder length field. Otherwise we can run into an apparent bug in the Solaris 10 stdio library which causes the next no-op fseek after the fwrite to fail with EINVAL. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22367 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2009-05-221-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22366 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-12 13:16:53 +0000