krb5.git/src/kadmin, branch keyring MIT Kerberos patches Clean up the code to eliminate some clang warnings 2013-11-04T18:51:17+00:00 Ben Kaduk kaduk@mit.edu 2013-10-30T18:51:12+00:00 3a8eaa43045fb242739ad9729bb66f915be209b9 In ure.c, though k is a short, the literal 1 is of type 'int', and so the operation 'k + 1' is performed at the (32-bit) width of int, and therefore the "%d" format string is correct. In accept_sec_context.c, the 'length' field of krb5_data is an unsigned type, so checking for a negative value has no effect. In net-server.c, the helper routine rtm_type_name() is only used in code that is disabled with #if 0 conditionals; make the definition also disabled in the same way to avoid warnings of an unused function. In kdc_authdata.c, equality checks in double parentheses elicit a warning from clang. The double-parentheses idiom is normally used to indicate that an assignment is being performed, but the value of the assignment is also to be used as the value for the conditional. Since assignment and equality checking differ only by a single character, clang considers this worthy of a warning. Since the extra set of parentheses is redundant and against style, it is correct to remove them. In several places (sim_server.c, dump.c, kdb5_destroy.c, ovsec_kadmd.c), there are declarations of extern variables relating to getopt() functionality that are now unused in the code. Remove these unused variables. 
In ure.c, though k is a short, the literal 1 is of type 'int', and
so the operation 'k + 1' is performed at the (32-bit) width of int,
and therefore the "%d" format string is correct.

In accept_sec_context.c, the 'length' field of krb5_data is an
unsigned type, so checking for a negative value has no effect.

In net-server.c, the helper routine rtm_type_name() is only used
in code that is disabled with #if 0 conditionals; make the
definition also disabled in the same way to avoid warnings of an
unused function.

In kdc_authdata.c, equality checks in double parentheses elicit
a warning from clang.  The double-parentheses idiom is normally used
to indicate that an assignment is being performed, but the value of
the assignment is also to be used as the value for the conditional.
Since assignment and equality checking differ only by a single
character, clang considers this worthy of a warning.  Since the extra
set of parentheses is redundant and against style, it is correct to
remove them.

In several places (sim_server.c, dump.c, kdb5_destroy.c,
ovsec_kadmd.c), there are declarations of extern variables relating
to getopt() functionality that are now unused in the code.  Remove
these unused variables.
Use retval, not errno, when stashing master keys 2013-11-04T18:33:02+00:00 Ben Kaduk kaduk@mit.edu 2013-11-04T18:09:13+00:00 51b5cef8387da33c2a61e5ebbf69a8702eece1d5 The krb5_db_store_master_key{,_list} functions return a krb5_error_code, and do not necessarily set errno on failure. Use the correct variable while reporting errors with com_err(). 
The krb5_db_store_master_key{,_list} functions return a
krb5_error_code, and do not necessarily set errno on failure.
Use the correct variable while reporting errors with com_err().
Use correct default principal for kadmin -n 2013-10-30T16:31:00+00:00 Greg Hudson ghudson@mit.edu 2013-10-28T17:33:05+00:00 a30a82abc72c2a1a8d25948fe9cd1af49eaf62ec Use WELLKNOWN/ANONYMOUS@realm as the default principal for kadmin -n, just like we do for kinit -n. ticket: 7741 (new) target_version: 1.12 tags: pullup 
Use WELLKNOWN/ANONYMOUS@realm as the default principal for kadmin -n,
just like we do for kinit -n.

ticket: 7741 (new)
target_version: 1.12
tags: pullup
Accept anonymous GSS names in kadmind 2013-10-30T16:31:00+00:00 Greg Hudson ghudson@mit.edu 2013-10-28T17:09:15+00:00 664f0d779ddc0aaf54a118a98a21ce7d53d81e08 The krb5 implementation of gss_display_name() reports the name type as GSS_C_NT_ANONYMOUS if the client uses an anonymous principal. Accept this name type in gss_name_to_string and gss_to_krb5_name so that anonymous kadmin can work. Also improve code hygiene: call gss_name_to_string from gss_to_krb5_name to reduce code repetition; use gss_oid_equal instead of pointer comparison for name types; and don't assume that the gss_display_name result buffer is zero-terminated. ticket: 7740 (new) target_version: 1.12 tags: pullup 
The krb5 implementation of gss_display_name() reports the name type as
GSS_C_NT_ANONYMOUS if the client uses an anonymous principal.  Accept
this name type in gss_name_to_string and gss_to_krb5_name so that
anonymous kadmin can work.

Also improve code hygiene: call gss_name_to_string from
gss_to_krb5_name to reduce code repetition; use gss_oid_equal instead
of pointer comparison for name types; and don't assume that the
gss_display_name result buffer is zero-terminated.

ticket: 7740 (new)
target_version: 1.12
tags: pullup
Simplify kdb5_list_mkeys actkvno list retrieval 2013-10-25T15:36:12+00:00 Greg Hudson ghudson@mit.edu 2013-10-24T17:16:54+00:00 0db3c9a631feaf32420d03b76e1d720d64a707a9 After recent changes, krb5_dbe_lookup_actkvno cannot yield an empty list and cannot return KRB5_KDB_NOACTMASTERKEY. 
After recent changes, krb5_dbe_lookup_actkvno cannot yield an empty
list and cannot return KRB5_KDB_NOACTMASTERKEY.
Use active master key in update_princ_encryption 2013-10-25T15:36:11+00:00 Greg Hudson ghudson@mit.edu 2013-10-23T15:55:19+00:00 4ccc18bc3ddc49d0fd0d2de00ec91c0fa44c53a8 kdb5_util update_princ_encryption should update to the active master key version, not the most recent. ticket: 6507 target_version: 1.12 tags: pullup 
kdb5_util update_princ_encryption should update to the active master
key version, not the most recent.

ticket: 6507
target_version: 1.12
tags: pullup
Fix typos in kdb5_util master key command outputs 2013-10-25T15:36:11+00:00 Greg Hudson ghudson@mit.edu 2013-10-21T20:46:15+00:00 7fee58ccadf1b61eec9a8c62f47dac43986e2ad1 kdb5_util list_mkeys was beginning lines with "KNVO" instead of "KVNO". kdb5_util purge_mkeys was displaying "follwing" instead of "following" for both dry-run and normal cases. ticket: 7730 (new) target_version: 1.12 tags: pullup 
kdb5_util list_mkeys was beginning lines with "KNVO" instead of
"KVNO".  kdb5_util purge_mkeys was displaying "follwing" instead of
"following" for both dry-run and normal cases.

ticket: 7730 (new)
target_version: 1.12
tags: pullup
Err codes in KRB_ERROR protocol messages are < 128 2013-09-23T16:06:47+00:00 Zhanna Tsitkov tsitkova@mit.edu 2013-09-19T17:11:15+00:00 58ea3bdbfe6330225a2d58dfb00ccf1ad70617fe If the error code is out of [0,127] range, assign it to KRB_ERR_GENERIC. This fix is to correct the previous behavior with [0,128] range. For more information see krb5_err.et 
If the error code is out of [0,127] range, assign it to KRB_ERR_GENERIC.
This fix is to correct the previous behavior with [0,128] range.
For more information see  krb5_err.et
Clarify flag handling in dump.c 2013-08-27T16:23:12+00:00 Greg Hudson ghudson@mit.edu 2013-08-27T16:23:12+00:00 7e1ed6156c6aaa0159c0976a4d93b60a18dc6473 Get rid of "flags" bitfields and just use boolean values, to make the internal contracts for dump and load functions more precise. Rename "add_update" to "iprop_load" and reverse its sense. 
Get rid of "flags" bitfields and just use boolean values, to make the
internal contracts for dump and load functions more precise.  Rename
"add_update" to "iprop_load" and reverse its sense.
Update ulog state after promoting DB when loading 2013-08-27T15:44:18+00:00 Greg Hudson ghudson@mit.edu 2013-08-26T19:12:56+00:00 825fa2be6f119677a09acccb109ab976cfc601f8 If we are doing a full load, do not touch the ulog header until after we promote the temporary DB to live. This avoids the same bugs as the #7588 fix, but more robustly. Based on a patch from Richard Basch. ticket: 7695 
If we are doing a full load, do not touch the ulog header until after
we promote the temporary DB to live.  This avoids the same bugs as the
#7588 fix, but more robustly.  Based on a patch from Richard Basch.

ticket: 7695