krb5.git/src/kadmin/dbutil, branch keyring MIT Kerberos patches Clean up the code to eliminate some clang warnings 2013-11-04T18:51:17+00:00 Ben Kaduk kaduk@mit.edu 2013-10-30T18:51:12+00:00 3a8eaa43045fb242739ad9729bb66f915be209b9 In ure.c, though k is a short, the literal 1 is of type 'int', and so the operation 'k + 1' is performed at the (32-bit) width of int, and therefore the "%d" format string is correct. In accept_sec_context.c, the 'length' field of krb5_data is an unsigned type, so checking for a negative value has no effect. In net-server.c, the helper routine rtm_type_name() is only used in code that is disabled with #if 0 conditionals; make the definition also disabled in the same way to avoid warnings of an unused function. In kdc_authdata.c, equality checks in double parentheses elicit a warning from clang. The double-parentheses idiom is normally used to indicate that an assignment is being performed, but the value of the assignment is also to be used as the value for the conditional. Since assignment and equality checking differ only by a single character, clang considers this worthy of a warning. Since the extra set of parentheses is redundant and against style, it is correct to remove them. In several places (sim_server.c, dump.c, kdb5_destroy.c, ovsec_kadmd.c), there are declarations of extern variables relating to getopt() functionality that are now unused in the code. Remove these unused variables. 
In ure.c, though k is a short, the literal 1 is of type 'int', and
so the operation 'k + 1' is performed at the (32-bit) width of int,
and therefore the "%d" format string is correct.

In accept_sec_context.c, the 'length' field of krb5_data is an
unsigned type, so checking for a negative value has no effect.

In net-server.c, the helper routine rtm_type_name() is only used
in code that is disabled with #if 0 conditionals; make the
definition also disabled in the same way to avoid warnings of an
unused function.

In kdc_authdata.c, equality checks in double parentheses elicit
a warning from clang.  The double-parentheses idiom is normally used
to indicate that an assignment is being performed, but the value of
the assignment is also to be used as the value for the conditional.
Since assignment and equality checking differ only by a single
character, clang considers this worthy of a warning.  Since the extra
set of parentheses is redundant and against style, it is correct to
remove them.

In several places (sim_server.c, dump.c, kdb5_destroy.c,
ovsec_kadmd.c), there are declarations of extern variables relating
to getopt() functionality that are now unused in the code.  Remove
these unused variables.
Use retval, not errno, when stashing master keys 2013-11-04T18:33:02+00:00 Ben Kaduk kaduk@mit.edu 2013-11-04T18:09:13+00:00 51b5cef8387da33c2a61e5ebbf69a8702eece1d5 The krb5_db_store_master_key{,_list} functions return a krb5_error_code, and do not necessarily set errno on failure. Use the correct variable while reporting errors with com_err(). 
The krb5_db_store_master_key{,_list} functions return a
krb5_error_code, and do not necessarily set errno on failure.
Use the correct variable while reporting errors with com_err().
Simplify kdb5_list_mkeys actkvno list retrieval 2013-10-25T15:36:12+00:00 Greg Hudson ghudson@mit.edu 2013-10-24T17:16:54+00:00 0db3c9a631feaf32420d03b76e1d720d64a707a9 After recent changes, krb5_dbe_lookup_actkvno cannot yield an empty list and cannot return KRB5_KDB_NOACTMASTERKEY. 
After recent changes, krb5_dbe_lookup_actkvno cannot yield an empty
list and cannot return KRB5_KDB_NOACTMASTERKEY.
Use active master key in update_princ_encryption 2013-10-25T15:36:11+00:00 Greg Hudson ghudson@mit.edu 2013-10-23T15:55:19+00:00 4ccc18bc3ddc49d0fd0d2de00ec91c0fa44c53a8 kdb5_util update_princ_encryption should update to the active master key version, not the most recent. ticket: 6507 target_version: 1.12 tags: pullup 
kdb5_util update_princ_encryption should update to the active master
key version, not the most recent.

ticket: 6507
target_version: 1.12
tags: pullup
Fix typos in kdb5_util master key command outputs 2013-10-25T15:36:11+00:00 Greg Hudson ghudson@mit.edu 2013-10-21T20:46:15+00:00 7fee58ccadf1b61eec9a8c62f47dac43986e2ad1 kdb5_util list_mkeys was beginning lines with "KNVO" instead of "KVNO". kdb5_util purge_mkeys was displaying "follwing" instead of "following" for both dry-run and normal cases. ticket: 7730 (new) target_version: 1.12 tags: pullup 
kdb5_util list_mkeys was beginning lines with "KNVO" instead of
"KVNO".  kdb5_util purge_mkeys was displaying "follwing" instead of
"following" for both dry-run and normal cases.

ticket: 7730 (new)
target_version: 1.12
tags: pullup
Clarify flag handling in dump.c 2013-08-27T16:23:12+00:00 Greg Hudson ghudson@mit.edu 2013-08-27T16:23:12+00:00 7e1ed6156c6aaa0159c0976a4d93b60a18dc6473 Get rid of "flags" bitfields and just use boolean values, to make the internal contracts for dump and load functions more precise. Rename "add_update" to "iprop_load" and reverse its sense. 
Get rid of "flags" bitfields and just use boolean values, to make the
internal contracts for dump and load functions more precise.  Rename
"add_update" to "iprop_load" and reverse its sense.
Update ulog state after promoting DB when loading 2013-08-27T15:44:18+00:00 Greg Hudson ghudson@mit.edu 2013-08-26T19:12:56+00:00 825fa2be6f119677a09acccb109ab976cfc601f8 If we are doing a full load, do not touch the ulog header until after we promote the temporary DB to live. This avoids the same bugs as the #7588 fix, but more robustly. Based on a patch from Richard Basch. ticket: 7695 
If we are doing a full load, do not touch the ulog header until after
we promote the temporary DB to live.  This avoids the same bugs as the
#7588 fix, but more robustly.  Based on a patch from Richard Basch.

ticket: 7695
Don't reopen the KDB in update_princ_encryption 2013-07-31T22:49:13+00:00 Greg Hudson ghudson@mit.edu 2013-07-31T22:49:13+00:00 1c65092f874edc41c02f328608e2e44a93a6fb89 kdb5_util update_princ_encryption iterates over the KDB and writes modified entries. With the DB2 back end, the first write operation has to upgrade the lock and reopen the DB, which resets the cursor state. Take out an explicit write lock before iterating to avoid this step. ticket: 7684 (new) 
kdb5_util update_princ_encryption iterates over the KDB and writes
modified entries.  With the DB2 back end, the first write operation
has to upgrade the lock and reopen the DB, which resets the cursor
state.  Take out an explicit write lock before iterating to avoid this
step.

ticket: 7684 (new)
Fix various warnings 2013-06-07T19:19:37+00:00 Greg Hudson ghudson@mit.edu 2013-06-07T19:17:31+00:00 e51c089b745161dd6e1d64998e99d065fc22377e 






Reduce boilerplate in makefiles
2013-05-17T00:09:27+00:00

Greg Hudson
ghudson@mit.edu

2013-05-16T18:21:12+00:00

4b0985f8573840838bcfa8ec1df3dcd39a3dbf15

Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.





Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.