krb5.git/src/lib/gssapi/generic, branch keyring MIT Kerberos patches Add GSSAPI IOV MIC functions 2013-09-18T22:22:16+00:00 Greg Hudson ghudson@mit.edu 2013-09-08T01:13:48+00:00 d750ef3130b76dd079e863ed395eb3620a37386b Add gss_get_mic_iov, gss_get_mic_iov_length, and gss_verify_mic_iov functions, which work similarly to the corresponding IOV wrap functions. Add a new buffer type GSS_IOV_BUFFER_TYPE_MIC_TOKEN for the destination buffer. Most of the internal code for this was already present, and just needed to be fixed up and adjusted to use the new buffer type for the MIC token. ticket: 7705 (new) 
Add gss_get_mic_iov, gss_get_mic_iov_length, and gss_verify_mic_iov
functions, which work similarly to the corresponding IOV wrap
functions.  Add a new buffer type GSS_IOV_BUFFER_TYPE_MIC_TOKEN for
the destination buffer.

Most of the internal code for this was already present, and just
needed to be fixed up and adjusted to use the new buffer type for the
MIC token.

ticket: 7705 (new)
Get rid of G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE 2013-09-08T18:18:26+00:00 Greg Hudson ghudson@mit.edu 2013-09-08T18:10:37+00:00 daf42938a262c3a88164b07972f2a2e6e8552620 This flag was introduced in the mskrb-integ merge but is not actually used after r21742--while kg_unseal_iov_token sets it in vfyflags for DCE-style contexts, it doesn't actually pass vfyflags to g_verify_token_header or otherwise use it. Moreover, the flag is not necessary there; we correctly set input_length to the header length (without data, padding, or trailer) for v1 tokens in a DCE-style context. 
This flag was introduced in the mskrb-integ merge but is not actually
used after r21742--while kg_unseal_iov_token sets it in vfyflags for
DCE-style contexts, it doesn't actually pass vfyflags to
g_verify_token_header or otherwise use it.  Moreover, the flag is not
necessary there; we correctly set input_length to the header length
(without data, padding, or trailer) for v1 tokens in a DCE-style
context.
Reduce boilerplate in makefiles 2013-05-17T00:09:27+00:00 Greg Hudson ghudson@mit.edu 2013-05-16T18:21:12+00:00 4b0985f8573840838bcfa8ec1df3dcd39a3dbf15 Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH, SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make sure to use DEFINES for local defines (not DEFS). Remove some other unnecessary makefile content. 
Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.
Assume mutex locking cannot fail 2013-05-14T17:31:41+00:00 Greg Hudson ghudson@mit.edu 2013-05-10T18:01:48+00:00 6350fd0c909d84c00200885e722cc902049ada05 Locking and unlocking a non-recursive mutex is a simple memory operation and should not fail on any reasonable platform with correct usage. A pthread mutex can return EDEADLK on lock or EPERM on unlock, or EINVAL if the mutex is uninitialized, but all of these conditions would reflect serious bugs in the calling code. Change the k5_mutex_lock and k5_mutex_unlock wrappers to return void and adjust all call sites. Propagate this change through k5_cc_mutex_lock and k5_cc_mutex_unlock as well. 
Locking and unlocking a non-recursive mutex is a simple memory
operation and should not fail on any reasonable platform with correct
usage.  A pthread mutex can return EDEADLK on lock or EPERM on unlock,
or EINVAL if the mutex is uninitialized, but all of these conditions
would reflect serious bugs in the calling code.

Change the k5_mutex_lock and k5_mutex_unlock wrappers to return void
and adjust all call sites.  Propagate this change through
k5_cc_mutex_lock and k5_cc_mutex_unlock as well.
Add missing .gitignore entries and clean rules 2013-02-27T21:33:50+00:00 Greg Hudson ghudson@mit.edu 2013-02-27T21:33:28+00:00 f09c97320e683a2ad0e42df63aeedd16b78c9ad2 ticket: 7585 
ticket: 7585
Modernize k5buf 2013-02-14T16:42:28+00:00 Greg Hudson ghudson@mit.edu 2013-02-14T16:41:10+00:00 6dda284554a869f7fa1e6d2a035df06c97f103ef Rename the krb5int_buf_ family of functions to use the k5_ prefix for brevity. Reformat some k5buf implementation code to match current practices. 
Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity.  Reformat some k5buf implementation code to match current
practices.
Fix RFC 5587 const pointer typedefs 2013-02-12T02:13:15+00:00 Greg Hudson ghudson@mit.edu 2013-02-12T02:13:15+00:00 884e040c0478c94585395a03dfbb0bbdee7c5ed4 gss_const_ctx_id_t, gss_const_cred_id_t, and gss_const_name_t are supposed to be const pointers to the appropriate structures, not the structures themselves. These are not used by any prototypes yet, and no application would have any reason to use them as they are, so it should be safe to change them within the public header. ticket: 7567 (new) target_version: 1.11.1 tags: pullup 
gss_const_ctx_id_t, gss_const_cred_id_t, and gss_const_name_t are
supposed to be const pointers to the appropriate structures, not the
structures themselves.  These are not used by any prototypes yet, and
no application would have any reason to use them as they are, so it
should be safe to change them within the public header.

ticket: 7567 (new)
target_version: 1.11.1
tags: pullup
make depend 2013-01-10T17:46:26+00:00 Greg Hudson ghudson@mit.edu 2013-01-10T17:46:26+00:00 2807e8e1e1dc89b3d482de7c73d13d19187fdb38 Mostly this gets rid of the trailing space on line 2 after bb76891f5386526bdf91bc790c614fc9296cb5fa. 
Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.
Fix void pointer arithmetic in oid_ops.c 2013-01-09T15:08:21+00:00 Greg Hudson ghudson@mit.edu 2013-01-09T15:07:27+00:00 fc20ae13f18260930433d6239554f24bb50312a3 When asserting that out has advanced the expected number of bytes in generic_gss_str_to_oid, avoid adding to oid->elements, which is a void pointer. Instead subtract from out and compare. ticket: 7524 
When asserting that out has advanced the expected number of bytes in
generic_gss_str_to_oid, avoid adding to oid->elements, which is a void
pointer.  Instead subtract from out and compare.

ticket: 7524
Fix gss_str_to_oid and gss_oid_to_str edge cases 2013-01-01T22:41:49+00:00 Greg Hudson ghudson@mit.edu 2013-01-01T05:23:43+00:00 9b702abe222d4b279d5869f96f09074452478b1e Neither function correctly handled OIDs whose second arc exceeds 47 (theoretically possible if the first arc is 2). gss_str_to_oid had additional problems: it used scanf, it didn't consistently protect against read overrun if the input buffer wasn't null-terminated, and it could get confused by + or - characters in the first two arcs. Fix gss_oid_to_str and rewrite gss_str_to_oid. Also add a test program. ticket: 7524 (new) 
Neither function correctly handled OIDs whose second arc exceeds 47
(theoretically possible if the first arc is 2).  gss_str_to_oid had
additional problems: it used scanf, it didn't consistently protect
against read overrun if the input buffer wasn't null-terminated, and
it could get confused by + or - characters in the first two arcs.  Fix
gss_oid_to_str and rewrite gss_str_to_oid.

Also add a test program.

ticket: 7524 (new)