From 1ff3e2653da2f73ab3cc4c4f220d7781b43c9362 Mon Sep 17 00:00:00 2001
From: Ken Raeburn <raeburn@mit.edu>
Date: Sat, 1 Jul 2000 03:48:01 +0000
Subject: pullup from 1.2.1 release

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12502 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/krb5/ChangeLog          |  7 +++++++
 src/lib/gssapi/krb5/init_sec_context.c | 20 +++++++++++++++++++-
 src/lib/krb5/krb/ChangeLog             |  8 ++++++++
 src/lib/krb5/krb/conv_princ.c          |  8 ++++++++
 src/lib/rpc/ChangeLog                  |  5 +++++
 src/lib/rpc/svc_auth_gssapi.c          |  2 +-
 src/lib/rpc/unit-test/ChangeLog        |  5 +++++
 src/lib/rpc/unit-test/server.c         |  1 +
 8 files changed, 54 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 087104e70..6f764457e 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,10 @@
+2000-06-27  Tom Yu  <tlyu@mit.edu>
+
+	* init_sec_context.c (get_credentials): Add initial iteration of
+	krb5_get_credentials in order to differentiate between an actual
+	missing credential and merely a bad match based on enctype.  This
+	was causing problems with kadmin.
+
 2000-06-09  Tom Yu  <tlyu@mit.edu>
 	    Ken Raeburn  <raeburn@mit.edu>
 
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 13a971ffa..acac47184 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -77,6 +77,10 @@
 #include <stdlib.h>
 #include <assert.h>
 
+/*
+ * $Id$
+ */
+
 /* XXX This is for debugging only!!!  Should become a real bitfield
    at some point */
 int krb5_gss_dbg_client_expcreds = 0;
@@ -109,11 +113,25 @@ static krb5_error_code get_credentials(context, cred, server, now,
 
     in_creds.keyblock.enctype = 0;
 
+    /*
+     * Initial iteration is necessary to catch a non-matching
+     * credential prior to looping through the GSSAPI-supported
+     * enctypes, since an enctype mismatch in the loop below will
+     * return KRB5_CC_NOTFOUND rather than one of the other error
+     * codes.
+     */
+    code = krb5_get_credentials(context, 0, cred->ccache,
+				&in_creds, out_creds);
+    if (code)
+	goto cleanup;
+    krb5_free_creds(context, *out_creds);
+    *out_creds = NULL;
     for (i = 0; enctypes[i]; i++) {
 	in_creds.keyblock.enctype = enctypes[i];
 	code = krb5_get_credentials(context, 0, cred->ccache, 
 				    &in_creds, out_creds);
-	if (code != KRB5_CC_NOT_KTYPE && code != KRB5KDC_ERR_ETYPE_NOSUPP)
+	if (code != KRB5_CC_NOT_KTYPE && code != KRB5_CC_NOTFOUND
+	    && code != KRB5KDC_ERR_ETYPE_NOSUPP)
 	    break;
     }
     if (enctypes[i] == 0) {
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index dfdf646c7..2d4546f3a 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,11 @@
+2000-06-30  Tom Yu  <tlyu@mit.edu>
+
+	* conv_princ.c (krb5_425_conv_principal): NULL, not nil.
+
+2000-06-30  Miro Jurisic  <meeroh@mit.edu>
+
+	* conv_princ.c (krb5_425_conv_principal): Fixed a memory leak
+
 2000-06-29  Ezra Peisach  <epeisach@engrailed.mit.edu>
 
 	* t_walk_rtree.c (main): Declare as returning int.
diff --git a/src/lib/krb5/krb/conv_princ.c b/src/lib/krb5/krb/conv_princ.c
index b2df0c60e..f0d3d3d31 100644
--- a/src/lib/krb5/krb/conv_princ.c
+++ b/src/lib/krb5/krb/conv_princ.c
@@ -272,6 +272,14 @@ krb5_425_conv_principal(context, name, instance, realm, princ)
      	} else if ((retval == 0) && (realm_name == NULL)) {
      		break;
      	}
+     	if (realm_name != NULL) {
+     		profile_release_string (realm_name);
+     		realm_name = NULL;
+     	}
+     	if (dummy_value != NULL) {
+     		profile_release_string (dummy_value);
+     		dummy_value = NULL;
+     	}
      }
      
      if (instance) {
diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog
index 7d0aa318a..1f0a2779d 100644
--- a/src/lib/rpc/ChangeLog
+++ b/src/lib/rpc/ChangeLog
@@ -1,3 +1,8 @@
+2000-06-21  Tom Yu  <tlyu@mit.edu>
+
+	* svc_auth_gssapi.c (_svcauth_gssapi): Missed a rename.  From
+	Nathan Neulinger.
+
 2000-05-31  Ken Raeburn  <raeburn@mit.edu>
 
 	* pmap_rmt.c (GIFCONF_BUFSIZE): New macro.
diff --git a/src/lib/rpc/svc_auth_gssapi.c b/src/lib/rpc/svc_auth_gssapi.c
index 34ee0ef11..9d831ad0d 100644
--- a/src/lib/rpc/svc_auth_gssapi.c
+++ b/src/lib/rpc/svc_auth_gssapi.c
@@ -548,7 +548,7 @@ enum auth_stat _svcauth_gssapi(rqst, msg, no_dispatch)
 				      &call_arg)) {
 			 PRINTF(("svcauth_gssapi: cannot decode args\n"));
 			 LOG_MISCERR("protocol error in call arguments");
-			 xdr_free(xdr_authgssapi_init_arg, &call_arg);
+			 gssrpc_xdr_free(xdr_authgssapi_init_arg, &call_arg);
 			 ret = AUTH_BADCRED;
 			 goto error;
 		    }
diff --git a/src/lib/rpc/unit-test/ChangeLog b/src/lib/rpc/unit-test/ChangeLog
index b41a59d78..a4b859b08 100644
--- a/src/lib/rpc/unit-test/ChangeLog
+++ b/src/lib/rpc/unit-test/ChangeLog
@@ -1,3 +1,8 @@
+2000-06-30  Tom Yu  <tlyu@mit.edu>
+
+	* server.c: Include gssrpc/pmap_clnt.h in order to get renaming of
+	pmap_unset().  From Nathan Neulinger.
+
 2000-06-30  Ken Raeburn  <raeburn@mit.edu>
 
 	* rpc_test_setup.sh: Error out if server_handle doesn't get set in
diff --git a/src/lib/rpc/unit-test/server.c b/src/lib/rpc/unit-test/server.c
index 7270ea40d..32f5de349 100644
--- a/src/lib/rpc/unit-test/server.c
+++ b/src/lib/rpc/unit-test/server.c
@@ -14,6 +14,7 @@ static char *rcsid = "$Header$";
 #include <string.h>
 #include <signal.h>
 #include <gssrpc/rpc.h>
+#include <gssrpc/pmap_clnt.h>
 #include <arpa/inet.h>  /* inet_ntoa */
 #include <gssapi/gssapi.h>
 #include <gssapi/gssapi_generic.h>
-- 
cgit