summaryrefslogtreecommitdiffstats
path: root/src/plugins/kdb/db2
Commit message (Collapse)AuthorAgeFilesLines
* Include autoconf.h before system headersGreg Hudson2014-07-082-3/+3
| | | | | | | | | Include autoconf.h (either directly or via proxy) before system headers, so that feature test macros defined there can affect the system namespace. Where include order was changed, eliminate some redundant or unnecessary includes. ticket: 7961
* Use k5_setmsgGreg Hudson2014-06-051-6/+5
| | | | | | Replace most calls to krb5_set_error_message with k5_setmsg for brevity. Leave alone plugin sources where we don't include k5-int.h (mostly PKINIT).
* Assume <stdint.h> and fixed-width typesGreg Hudson2014-02-261-6/+0
| | | | | | | Make unconditional use of <stdint.h> and fixed-width types such as uint32_t. k5-plugin.h doesn't use any special integer types, so remove the conditional include block there. Nothing uses INT64_FMT/UINT64_FMT, so leave those out of k5-platform.h for now.
* Use system dictionary for db2 tests againGreg Hudson2014-02-191-4/+13
| | | | | | | | | | The built-in word list is not long enough for all of the libdb2 tests to run properly. Revert d21a86e47a7cda29225013e08d060095b94b2ee7 and go back to using the system dictionary if we find one. However, omit any lines from the chosen word list which contain non-alphabetical characters. ticket: 7860
* Use TAILQ macros instead of CIRCLEQ in libdb2Greg Hudson2014-02-192-27/+24
| | | | | | | | | The optimizer in gcc 4.8.1 (but not the current gcc head revision) breaks the queue.h CIRCLEQ macros, apparently due to an overzealous strict aliasing deduction. Use TAILQ macros in the libdb2 mpool code instead. ticket: 7860
* Don't use system dictionary files for DB2 testsGreg Hudson2014-02-111-8/+0
| | | | | | | | | The system dictionary may contain entries with punctuation, which can confuse the shell. It's more predictable to always use the word list from the source tree. ticket: 7860 status: open
* Remove mentions of krb5-send-prTom Yu2014-01-151-2/+1
| | | | | | | | | | | | | | Start the process of deprecating krb5-send-pr. In practice, it causes frustration for some users, and free-form email is good enough for most bug reports. Continue to install krb5-send-pr for now, but plan to remove it from the tree in the future, probably replaced by a script that instructs the user to send email manually. ticket: 5566 target_version: 1.12.1 tags: pullup
* Fix warnings in dbtest.cGilles Espinasse2013-05-311-20/+38
| | | | | | | | | Check return values of read() and write(). Avoid some unsigned comparisons. Cast a ptrdiff_t value to int for use with %d in a format string. [ghudson@mit.edu: rewrap long lines; fix one more warning; commit message]
* Link dbtest with libkrb5supportGreg Hudson2013-05-311-2/+2
| | | | | | | | In a static build, linking dbtest could fail on platforms where libdb2 depends on krb5support (platforms without a native mkstemp). Reported by Gilles Espinasse <g.esp@free.fr>. ticket: 7651
* Reduce boilerplate in makefilesGreg Hudson2013-05-163-19/+2
| | | | | | | | | Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH, SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make sure to use DEFINES for local defines (not DEFS). Remove some other unnecessary makefile content.
* Assume mutex locking cannot failGreg Hudson2013-05-142-18/+7
| | | | | | | | | | | | Locking and unlocking a non-recursive mutex is a simple memory operation and should not fail on any reasonable platform with correct usage. A pthread mutex can return EDEADLK on lock or EPERM on unlock, or EINVAL if the mutex is uninitialized, but all of these conditions would reflect serious bugs in the calling code. Change the k5_mutex_lock and k5_mutex_unlock wrappers to return void and adjust all call sites. Propagate this change through k5_cc_mutex_lock and k5_cc_mutex_unlock as well.
* Fix type mismatch in db2_exp.cGreg Hudson2013-05-101-1/+1
| | | | | | The locking wrapper for audit_as_req used the wrong function signature, which was harmless but produced a couple of warnings. Fix it.
* Init output parameter of krb5_decode_princ_entryGreg Hudson2013-03-281-0/+2
| | | | | For easier static analysis, make sure that krb5_decode_princ_entry always sets *entry_ptr to a valid entry or NULL.
* make dependGreg Hudson2013-03-241-22/+18
|
* Add missing .gitignore entries and clean rulesGreg Hudson2013-02-271-1/+1
| | | | ticket: 7585
* Add and use k5memdup, k5memdup0 helpersGreg Hudson2013-02-092-19/+11
| | | | | | Add k5-int.h static functions to duplicate byte ranges, optionally with a trailing zero byte, and set an error code like k5alloc does. Use them where they would shorten existing code.
* make dependGreg Hudson2013-01-106-6/+6
| | | | | Mostly this gets rid of the trailing space on line 2 after bb76891f5386526bdf91bc790c614fc9296cb5fa.
* Fix various result checksNickolai Zeldovich2013-01-071-1/+1
| | | | | | | | | | | Correct three cases where the wrong expression was checked to see if an allocation function returned null. [ghudson@mit.edu: commit message, patch splitting] ticket: 7534 target_version: 1.11.1 tags: pullup
* Avoid null dereference in BDB dbtree error caseGreg Hudson2012-12-201-3/+3
| | | | | | | | | An error case in __bt_first would deference a null pointer. This is an old upstream BDB bug. Use a separate variable to hold the result of mpool_get() until it has been checked. Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>. ticket: 7511
* Separate clpreauth and kdcpreauth interfacesGreg Hudson2012-12-191-12/+12
| | | | | | | Since there is no overlap between the clpreauth and kdcpreauth interface declarations, there's no particular reason to combine them into one header. For backward compatibility and convenience, leave behind a preauth_plugin.h which includes both.
* Use blocking locks for policy DBGreg Hudson2012-10-161-19/+6
| | | | | | | In the db2 kdb module, use blocking locks for the policy DB as well as the principal DB. ticket: 7359
* Remove osa_adb_rename_dbGreg Hudson2012-09-132-51/+0
| | | | | This function wasn't used anywhere. Also remove the declaration for osa_adb_close_policy(), which doesn't exist.
* Fix lock inconsistency in ctx_unlock()Nicolas Williams2012-09-121-4/+8
| | | | | | | | | | | | | | | | | | | | | The lock inconsistency fixed here is quite possibly the same as described in https://bugzilla.redhat.com/show_bug.cgi?id=586032 . The problem is that ctx_unlock() fails to unlock the principal DB if it fails to unlock the policy DB, and this happens when ctx_lock() fails to lock the policy DB (likely because the caller is racing against a kdb5_util load, which will be using a "permanent" lock, meaning that the lock file will be unlinked after acquiring the lock). The fix is to perform both unlock operations *then* handle any errors that either or both might have returned. Additionally, we don't really need or want to use non-blocking locks, and we certainly don't want to sleep(1) in krb5kdc (possibly several times, as there was a loop over this) when either of the principal or policy DB is locked. Some callers still request non-blocking locks, and ctx_lock() still honors this. ticket: 7360 (new)
* Use blocking locks in krb5kdc and libkadm5srvNicolas Williams2012-09-122-35/+19
| | | | | | | | | | We don't really need or want to use non-blocking locks, and we certainly don't want to sleep(1) in krb5kdc (possibly several times, as there was a loop over this) when either of the principal or policy DB is locked. Some callers still request non-blocking locks, and ctx_lock() still honors this. ticket: 7359 (new)
* Run "make depend"Tom Yu2012-08-231-8/+12
|
* Policy extensions + new policy: allowed ks typesNicolas Williams2012-07-302-49/+27
| | | | | | | | | | | | | | | | | This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new)
* Handle huge /bin directories in libdb2 testTom Yu2012-07-121-6/+7
| | | | | | | | | | | | The test suite for libdb2 uses /bin as a source of filenames and contents for insertion into databases. Fedora 17 (and possibly other OSes) have /bin symlinked to /usr/bin, which can vastly increase the number of files found, exceeding some limits of the test databases. Truncate this list of files at 100 to prevent this problem. ticket: 7201 (new) status: pullup target_version: 1.10.3
* Minor cleanups relating to size_t being unsignedBen Kaduk2012-07-031-1/+1
| | | | | | | | | | | In order to use -1 as a sentinel value, we should explicitly cast to make it clear what we are doing. It might be better to use a less convoluted sentinel value such as SIZE_T_MAX, though. Additionally, since size_t is unsigned and at least as wide as an int, a loop with int index variable that compares against a size_t for its termination check could become an infinite loop. Make the loop index size_t for consistency.
* Fix -DDEBUG compilation errorsHenry B. Hotz2012-06-041-0/+1
| | | | ticket: 7150
* Add missing $(LIBS) to some shared librariesTom Yu2012-05-171-1/+1
| | | | | | | | | | Add $(LIBS) to the $(SHLIB_EXPLIBS) for some shared libraries which did not previously include it, which prevented gcov from working properly in some cases. Patch from W. Trevor King. ticket: 7138
* Fix KDB iteration when callback does write callsGreg Hudson2012-03-011-4/+2
| | | | | | | | | | | | | | | | | | | kdb_db2's ctx_iterate makes an convenience alias to dbc->db in order to call more invoke call the DB's seq method. This alias may become invalidated if the callback writes to the DB, since ctx_lock() may re-open the DB in order to acquire a write lock. Fix the bug by getting rid of the convenience alias. Most KDB iteration operations in the code base do not write to the DB, but kdb5_util update_princ_encryption does. Bug discovered and diagnosed by will.fiveash@oracle.com. ticket: 7096 target_version: 1.10.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25723 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of fake-installGreg Hudson2011-11-041-1/+1
| | | | | | | | | Instead, use $(BUILDTOP)/plugins as the plugin base for tests. For each real plugin module, create a link in the parent directory if we're doing a shared-library build--so built KDB modules can be found in plugins/kdb, preauth modules in plugins/preauth, etc.. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25436 dc483132-0cff-0310-8789-dd5450dbe970
* SA-2011-006 KDC denial of service [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]Tom Yu2011-10-181-0/+12
| | | | | | | | | | | Fix null pointer dereference and assertion failure conditions that could cause a denial of service. ticket: 6981 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25368 dc483132-0cff-0310-8789-dd5450dbe970
* Create e_data as pa_data in KDC interfacesGreg Hudson2011-10-042-2/+2
| | | | | | | | | | | | All current known uses of e_data are encoded as pa-data or typed-data. FAST requires that e_data be expressed as pa-data. Change the DAL and kdcpreauth interfaces so that e_data is returned as a sequence of pa-data elements. Add a preauth module flag to indicate that the sequence should be encoded as typed-data in non-FAST errors. ticket: 6969 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25298 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize some more variablesKen Raeburn2011-09-051-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25151 dc483132-0cff-0310-8789-dd5450dbe970
* Fix "may be used uninitialized" warnings in db2 code, even though allKen Raeburn2011-09-056-9/+11
| | | | | | | such cases appear to be safe. This will permit making uninitialized-variable messages fatal. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25147 dc483132-0cff-0310-8789-dd5450dbe970
* Reindent per krb5-batch-reindent.el.Ken Raeburn2011-09-041-1/+1
| | | | | | | Some minor reformatting added in places to avoid exceeding 80 columns. Used Emacs 22.1 built-in C mode. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of variables triggering gcc's "defined but not used"Ken Raeburn2011-09-043-12/+0
| | | | | | complaints, almost entirely "rcsid" variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25141 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-101-2/+2
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-094-12/+7
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-251-24/+22
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-288-8/+8
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* After a failed kdb5_util load, make a subsequent load operation workGreg Hudson2010-11-062-631/+483
| | | | | | | | | | | by removing the remnant temporary files after obtaining a lock. To make this safe, the private contract for temporary DB creation and promotion had to be altered, along with many of the DB2 internal helper functions. ticket: 6814 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24511 dc483132-0cff-0310-8789-dd5450dbe970
* Further kdb_db2 code cleanup: make gen_dbsuffix return aGreg Hudson2010-11-042-55/+30
| | | | | | | krb5_error_code to simplify error handling in callers, and discard the db_lf_time field which was set but never used. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24510 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify kdb_db2's open_db() a little further, avoiding a suspiciousGreg Hudson2010-11-031-7/+11
| | | | | | switch fallthrough. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24508 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid running off the end of the spares array in db2's page_to_oaddr()Greg Hudson2010-11-031-1/+1
| | | | | | in unrealistically large databases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24507 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up the DB2 KDB module code a bit, making it more conformant withGreg Hudson2010-11-021-141/+96
| | | | | | | current coding practices. Mostly namespace changes, but also simplify krb5_db2_destroy(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24505 dc483132-0cff-0310-8789-dd5450dbe970
* Propagate modprinc -unlock from master to slave KDCsGreg Hudson2010-10-051-0/+15
| | | | | | | | | | | | Create a new tl-data type to hold the time of the last administrative unlock, and factor it into decisions about account lockout. Since tl-data values are propagated from master to slave, this will cause modprinc -unlock operations to reach slave KDCs on the next propagation. ticket: 6795 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24424 dc483132-0cff-0310-8789-dd5450dbe970
* Remove dead code from DAL and kdb pluginsSam Hartman2010-09-153-42/+0
| | | | | | kdb: remove get/set_mkey_list git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24315 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2010-09-081-30/+26
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24298 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 22:53:11 +0000