krb5.git/src/plugins/kdb/db2, branch proxymech MIT Kerberos patches make depend 2013-03-24T05:30:33+00:00 Greg Hudson ghudson@mit.edu 2013-03-24T05:30:33+00:00 24c8bacbccc854dc30fd6baee49cdd2bf2557e47 






Add missing .gitignore entries and clean rules
2013-02-27T21:33:50+00:00

Greg Hudson
ghudson@mit.edu

2013-02-27T21:33:28+00:00

f09c97320e683a2ad0e42df63aeedd16b78c9ad2

ticket: 7585





ticket: 7585







Add and use k5memdup, k5memdup0 helpers
2013-02-09T05:43:35+00:00

Greg Hudson
ghudson@mit.edu

2013-02-09T05:43:35+00:00

7905cd6a2eddbf264242bb2a85f811878b2da7ab

Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.





Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.







make depend
2013-01-10T17:46:26+00:00

Greg Hudson
ghudson@mit.edu

2013-01-10T17:46:26+00:00

2807e8e1e1dc89b3d482de7c73d13d19187fdb38

Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.





Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.







Fix various result checks
2013-01-07T06:37:19+00:00

Nickolai Zeldovich
nickolai@csail.mit.edu

2013-01-07T06:37:19+00:00

a9ee4a040eeacab1d410ff9e4c862484b531c401

Correct three cases where the wrong expression was checked to see if
an allocation function returned null.

[ghudson@mit.edu: commit message, patch splitting]

ticket: 7534
target_version: 1.11.1
tags: pullup





Correct three cases where the wrong expression was checked to see if
an allocation function returned null.

[ghudson@mit.edu: commit message, patch splitting]

ticket: 7534
target_version: 1.11.1
tags: pullup







Avoid null dereference in BDB dbtree error case
2012-12-20T19:28:04+00:00

Greg Hudson
ghudson@mit.edu

2012-12-20T19:17:45+00:00

f5345bba2a993066f9b886dae491d211ed9be057

An error case in __bt_first would deference a null pointer.  This is
an old upstream BDB bug.  Use a separate variable to hold the result
of mpool_get() until it has been checked.  Reported by Nickolai
Zeldovich <nickolai@csail.mit.edu>.

ticket: 7511





An error case in __bt_first would deference a null pointer.  This is
an old upstream BDB bug.  Use a separate variable to hold the result
of mpool_get() until it has been checked.  Reported by Nickolai
Zeldovich <nickolai@csail.mit.edu>.

ticket: 7511







Separate clpreauth and kdcpreauth interfaces
2012-12-19T19:24:21+00:00

Greg Hudson
ghudson@mit.edu

2012-10-21T23:37:14+00:00

f0794cba6a406fc834434eb6dc794bf29eda4a13

Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header.  For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.





Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header.  For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.







Use blocking locks for policy DB
2012-10-17T00:09:51+00:00

Greg Hudson
ghudson@mit.edu

2012-10-17T00:09:51+00:00

e03a59074017dde6e0c524efcba9476aec064d17

In the db2 kdb module, use blocking locks for the policy DB as well as
the principal DB.

ticket: 7359





In the db2 kdb module, use blocking locks for the policy DB as well as
the principal DB.

ticket: 7359







Remove osa_adb_rename_db
2012-09-13T17:00:15+00:00

Greg Hudson
ghudson@mit.edu

2012-09-13T17:00:15+00:00

7f8f693a439810569bd869c7b3975f9dd03f4d43

This function wasn't used anywhere.  Also remove the declaration for
osa_adb_close_policy(), which doesn't exist.





This function wasn't used anywhere.  Also remove the declaration for
osa_adb_close_policy(), which doesn't exist.







Fix lock inconsistency in ctx_unlock()
2012-09-12T18:49:25+00:00

Nicolas Williams
nico@cryptonector.com

2012-09-12T16:36:54+00:00

29ee39baa919361ae08e26caab896890d5cb3eb4

The lock inconsistency fixed here is quite possibly the same as
described in https://bugzilla.redhat.com/show_bug.cgi?id=586032 .

The problem is that ctx_unlock() fails to unlock the principal DB if
it fails to unlock the policy DB, and this happens when ctx_lock()
fails to lock the policy DB (likely because the caller is racing
against a kdb5_util load, which will be using a "permanent" lock,
meaning that the lock file will be unlinked after acquiring the
lock).  The fix is to perform both unlock operations *then* handle
any errors that either or both might have returned.

Additionally, we don't really need or want to use non-blocking locks,
and we certainly don't want to sleep(1) in krb5kdc (possibly several
times, as there was a loop over this) when either of the principal or
policy DB is locked.  Some callers still request non-blocking locks,
and ctx_lock() still honors this.

ticket: 7360 (new)





The lock inconsistency fixed here is quite possibly the same as
described in https://bugzilla.redhat.com/show_bug.cgi?id=586032 .

The problem is that ctx_unlock() fails to unlock the principal DB if
it fails to unlock the policy DB, and this happens when ctx_lock()
fails to lock the policy DB (likely because the caller is racing
against a kdb5_util load, which will be using a "permanent" lock,
meaning that the lock file will be unlinked after acquiring the
lock).  The fix is to perform both unlock operations *then* handle
any errors that either or both might have returned.

Additionally, we don't really need or want to use non-blocking locks,
and we certainly don't want to sleep(1) in krb5kdc (possibly several
times, as there was a loop over this) when either of the principal or
policy DB is locked.  Some callers still request non-blocking locks,
and ctx_lock() still honors this.

ticket: 7360 (new)