From lxs at MIT.EDU Tue Jul 1 13:38:37 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Tue, 1 Jul 2008 13:38:37 -0400 (EDT) Subject: svn rev #20494: trunk/src/lib/kdb/ Message-ID: <200807011738.NAA25120@drugstore.mit.edu> Commit By: lxs Log Message: ticket: new subject: krb5_get_error_message returns const char * Changed temporary variables to use const char * Changed Files: U trunk/src/lib/kdb/kdb5.c From lxs at MIT.EDU Tue Jul 1 13:50:31 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Tue, 1 Jul 2008 13:50:31 -0400 (EDT) Subject: svn rev #20495: trunk/src/lib/kdb/ Message-ID: <200807011750.NAA25286@drugstore.mit.edu> Commit By: lxs Log Message: ticket: 6001 Added type checking for 64-bit platforms. Changed Files: U trunk/src/lib/kdb/kdb_default.c From kpkoch at MIT.EDU Thu Jul 3 09:21:14 2008 From: kpkoch at MIT.EDU (kpkoch@MIT.EDU) Date: Thu, 3 Jul 2008 09:21:14 -0400 (EDT) Subject: svn rev #20496: branches/kpkoch-ccapi/src/windows/build/ Message-ID: <200807031321.JAA18961@drugstore.mit.edu> Commit By: kpkoch Log Message: TargetVersion: 1.7 Component: windows Ticket: new Tags: pullup Subj: KfW Build Automation Only check for repository access utilities (cvs, svn, plink) if repository action is UPDATE or CHECKOUT, not SKIP. This allows builders who obtain sources from a distribution kit to be able to build without having to install these utilities. Changed Files: U branches/kpkoch-ccapi/src/windows/build/bkw.pl From raeburn at MIT.EDU Thu Jul 3 15:00:16 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 3 Jul 2008 15:00:16 -0400 (EDT) Subject: svn rev #20497: trunk/src/lib/crypto/ Message-ID: <200807031900.PAA21535@drugstore.mit.edu> Commit By: raeburn Log Message: stop exporting a few symbols internal to aes implementation Changed Files: U trunk/src/lib/crypto/libk5crypto.exports From epeisach at MIT.EDU Sat Jul 5 22:30:19 2008 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Sat, 5 Jul 2008 22:30:19 -0400 (EDT) Subject: svn rev #20498: trunk/src/kdc/ Message-ID: <200807060230.WAA17116@drugstore.mit.edu> Commit By: epeisach Log Message: ticket: new subject: kdc does not compile with glibc 2.8 On Fedora 9, glibc 2.8 is used. The kdc code conditionalizes IPV6_PKTINFO and HAVE_STRUCT_IN6_PKTINFO in a number of places = but misses two for the struct one. /usr/include/netinet/in.h conditionalizes struct in6_pktinfo on __USE_GNU - which I believe implies a gnu libc extension. People on the net have defined GNU_SOURCE for various things to compile, etc. I do note that /usr/include/linux/ipv6.h exists with the same definition. I believe that ipv6 support in the kdc will not work with these changes - but the tree compiles. Changed Files: U trunk/src/kdc/network.c From lxs at MIT.EDU Mon Jul 7 15:08:02 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Mon, 7 Jul 2008 15:08:02 -0400 (EDT) Subject: svn rev #20499: trunk/src/lib/krb5/krb/ Message-ID: <200807071908.PAA08734@drugstore.mit.edu> Commit By: lxs Log Message: ticket: new status: open subject: krb5int_gic_opte_copy should copy elements individually Since we are copying from one structure to another, copy elements. Using memcpy is fragile. Changed Files: U trunk/src/lib/krb5/krb/gic_opt.c From lxs at MIT.EDU Mon Jul 7 15:26:50 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Mon, 7 Jul 2008 15:26:50 -0400 (EDT) Subject: svn rev #20500: trunk/src/ccapi/server/mac/ Message-ID: <200807071926.PAA09833@drugstore.mit.edu> Commit By: lxs Log Message: ticket: new subject: Add EnableTransactions launchd option to CCacheServer This prevents the CCacheServer from being killed before it is done handling all the mach messages. Changed Files: U trunk/src/ccapi/server/mac/edu.mit.Kerberos.CCacheServer.plist From lxs at MIT.EDU Tue Jul 8 12:14:29 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Tue, 8 Jul 2008 12:14:29 -0400 (EDT) Subject: svn rev #20501: trunk/src/windows/gss/ Message-ID: <200807081614.MAA21381@drugstore.mit.edu> Commit By: lxs Log Message: Add kerberos icon. Changed Files: U trunk/src/windows/gss/gss.ico From lxs at MIT.EDU Tue Jul 8 13:07:09 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Tue, 8 Jul 2008 13:07:09 -0400 (EDT) Subject: svn rev #20502: trunk/src/ include/krb5/ lib/krb5/os/ Message-ID: <200807081707.NAA22005@drugstore.mit.edu> Commit By: lxs Log Message: ticket: 5432 Changes to krb5_kt_default_name changed the krb5 ABI. Reverted API prototype change and added a temporary variable to avoid casting problems. Changed Files: U trunk/src/include/krb5/krb5.hin U trunk/src/lib/krb5/os/ktdefname.c From tlyu at MIT.EDU Wed Jul 9 15:54:57 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 9 Jul 2008 15:54:57 -0400 (EDT) Subject: svn rev #20503: trunk/ src/lib/crypto/enc_provider/ Message-ID: <200807091954.PAA07374@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: new tags: pullup component: krb5-libs subject: add copyright to lib/crypto/enc_provider/aes.c target_version: 1.6.4 lib/crypto/enc_provider/aes.c was missing a copyright statement. Added. Changed Files: _U trunk/ U trunk/src/lib/crypto/enc_provider/aes.c From raeburn at MIT.EDU Wed Jul 9 16:48:49 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Wed, 9 Jul 2008 16:48:49 -0400 (EDT) Subject: svn rev #20504: trunk/src/config/ Message-ID: <200807092048.QAA08108@drugstore.mit.edu> Commit By: raeburn Log Message: Use -dead_strip when linking dynamic libraries on Darwin. Changed Files: U trunk/src/config/shlib.conf From lxs at MIT.EDU Wed Jul 9 17:16:02 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Wed, 9 Jul 2008 17:16:02 -0400 (EDT) Subject: svn rev #20505: trunk/src/kim/lib/ Message-ID: <200807092116.RAA08616@drugstore.mit.edu> Commit By: lxs Log Message: ticket: new subject: Don't use "ccache" in error string printed to user ccache is a confusing abbreviation of credentials cache Changed Files: U trunk/src/kim/lib/kim_error_code.et From lxs at MIT.EDU Wed Jul 9 17:17:07 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Wed, 9 Jul 2008 17:17:07 -0400 (EDT) Subject: svn rev #20506: trunk/src/lib/ kadm5/clnt/ kadm5/srv/ kdb/ rpc/ Message-ID: <200807092117.RAA08700@drugstore.mit.edu> Commit By: lxs Log Message: Use autogenerated darwin.exports files for server frameworks Changed Files: U trunk/src/lib/kadm5/clnt/Makefile.in U trunk/src/lib/kadm5/srv/Makefile.in U trunk/src/lib/kdb/Makefile.in U trunk/src/lib/rpc/Makefile.in From lxs at MIT.EDU Wed Jul 9 17:18:52 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Wed, 9 Jul 2008 17:18:52 -0400 (EDT) Subject: svn rev #20507: trunk/src/include/kerberosIV/ Message-ID: <200807092118.RAA08784@drugstore.mit.edu> Commit By: lxs Log Message: ticket: new subject: Add macro so we don't print deprecated warnings while building KfM Macro is defined in Kerberos5Prefix.h Changed Files: U trunk/src/include/kerberosIV/des.h U trunk/src/include/kerberosIV/krb.h From lxs at MIT.EDU Wed Jul 9 17:46:15 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Wed, 9 Jul 2008 17:46:15 -0400 (EDT) Subject: svn rev #20508: trunk/src/ccapi/server/ Message-ID: <200807092146.RAA09454@drugstore.mit.edu> Commit By: lxs Log Message: Don't print spurious errors to debug logs. Changed Files: U trunk/src/ccapi/server/ccs_ccache.c U trunk/src/ccapi/server/ccs_list_internal.c From tlyu at MIT.EDU Wed Jul 9 22:04:05 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 9 Jul 2008 22:04:05 -0400 (EDT) Subject: svn rev #20509: trunk/ src/util/profile/ Message-ID: <200807100204.WAA16031@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5632 Apply patch from Apple to handle missing krb5.conf for zeroconf situations. Changed Files: _U trunk/ U trunk/src/util/profile/prof_init.c From lxs at MIT.EDU Thu Jul 10 16:17:52 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Thu, 10 Jul 2008 16:17:52 -0400 (EDT) Subject: svn rev #20510: trunk/src/ccapi/server/ Message-ID: <200807102017.QAA03211@drugstore.mit.edu> Commit By: lxs Log Message: ticket: new subject: CCacheServer crashes iterating over creds which have been destroyed ccs_list_release was trying to manually delete the iterators with a broken for loop which skipped iterators. Since the iterators were referenced by the client, when the client exited it would tell the iterators to release themselves. The orphaned itertors would attempt to remove themselves from their list (which had been released) resulting in a crash. Changed Files: U trunk/src/ccapi/server/ccs_list_internal.c From tlyu at MIT.EDU Thu Jul 10 18:34:24 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Thu, 10 Jul 2008 18:34:24 -0400 (EDT) Subject: svn rev #20511: trunk/ src/include/ Message-ID: <200807102234.SAA04635@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6010 status: open Use #pragma pop on the Mac to ensure that the krb5_gic_opt_ext structure has the same layout as the public version. Changed Files: _U trunk/ U trunk/src/include/k5-int.h From tlyu at MIT.EDU Thu Jul 10 18:34:40 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Thu, 10 Jul 2008 18:34:40 -0400 (EDT) Subject: svn rev #20512: trunk/ src/include/ Message-ID: <200807102234.SAA04719@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6010 status: open Add comment and to previous. Changed Files: _U trunk/ U trunk/src/include/k5-int.h From raeburn at MIT.EDU Fri Jul 11 20:55:20 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Fri, 11 Jul 2008 20:55:20 -0400 (EDT) Subject: svn rev #20513: trunk/src/lib/krb5/os/ Message-ID: <200807120055.UAA20654@drugstore.mit.edu> Commit By: raeburn Log Message: ticket: 6017 Use all local addresses except loopback addresses, even if a non-loopback address appears on a loopback interface. This might happen if that's how your VPN code makes your local address visible. Use a variant of Apple's patch, extended to handle the other variations of local address determination. Changed Files: U trunk/src/lib/krb5/os/localaddr.c From raeburn at MIT.EDU Fri Jul 11 21:15:26 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Fri, 11 Jul 2008 21:15:26 -0400 (EDT) Subject: svn rev #20514: trunk/src/kdc/ Message-ID: <200807120115.VAA20864@drugstore.mit.edu> Commit By: raeburn Log Message: ticket: 6019 state: open In FREE_SET_DATA, reset the current count as well. Changed Files: U trunk/src/kdc/network.c From raeburn at MIT.EDU Mon Jul 14 11:19:26 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 14 Jul 2008 11:19:26 -0400 (EDT) Subject: svn rev #20515: trunk/src/kdc/ Message-ID: <200807141519.LAA23253@drugstore.mit.edu> Commit By: raeburn Log Message: Use RFC 3542's IPV6_RECVPKTINFO if available. (And IP_RECVPKTINFO too.) Changed Files: U trunk/src/kdc/network.c From tlyu at MIT.EDU Mon Jul 14 18:11:12 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 14 Jul 2008 18:11:12 -0400 (EDT) Subject: svn rev #20516: branches/krb5-1-6/ src/config-files/ Message-ID: <200807142211.SAA28199@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5544 version_fixed: 1.6.4 pull up r20316 from trunk r20316 at cathode-dark-space: rra | 2008-05-10 23:54:41 -0400 Ticket: 5544 Tags: pullup Fix a typo in krb5.conf: ldap_server should be ldap_servers, as the latter is what the LDAP KDB plugin looks for. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/config-files/krb5.conf.M From tlyu at MIT.EDU Mon Jul 14 18:11:34 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 14 Jul 2008 18:11:34 -0400 (EDT) Subject: svn rev #20517: branches/krb5-1-6/ src/plugins/kdb/ldap/ldap_util/ Message-ID: <200807142211.SAA28286@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5953 version_fixed: 1.6.4 pull up r20311 from trunk r20311 at cathode-dark-space: rra | 2008-04-28 19:05:27 -0400 Ticket: new Subject: Properly escape - in kdb5_ldap_util man page Component: krb5-doc Version_Reported: 1.6.3 Target_Version: 1.6.4 Tags: pullup The LDAP plugin introduced a new man page which has unescaped hyphens. Unicode-aware groffs may convert those to real hyphens rather than the intended ASCII hyphen. This patch adds backslashes in front of all the bare hyphens that I plus Debian's lintian program could find to force interpretation as ASCII hyphens. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M From tlyu at MIT.EDU Mon Jul 14 18:11:50 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 14 Jul 2008 18:11:50 -0400 (EDT) Subject: svn rev #20518: branches/krb5-1-6/ src/util/profile/ Message-ID: <200807142211.SAA28370@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5632 version_fixed: 1.6.4 pull up r20509 from trunk r20509 at cathode-dark-space: tlyu | 2008-07-09 22:04:03 -0400 ticket: 5632 Apply patch from Apple to handle missing krb5.conf for zeroconf situations. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/util/profile/prof_init.c From tlyu at MIT.EDU Mon Jul 14 18:12:22 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 14 Jul 2008 18:12:22 -0400 (EDT) Subject: svn rev #20520: branches/krb5-1-6/ src/kdc/ Message-ID: <200807142212.SAA28538@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5933 version_fixed: 1.6.4 pull up r20296 from trunk r20296 at cathode-dark-space: raeburn | 2008-03-28 21:09:00 -0400 ticket: new subject: Coverity CID 101: Fix minor bounds check error. target_version: 1.6.4 tags: pullup Coverity CID 101: Fix minor bounds check error. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/kdc/kerberos_v4.c From tlyu at MIT.EDU Mon Jul 14 18:12:06 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 14 Jul 2008 18:12:06 -0400 (EDT) Subject: svn rev #20519: branches/krb5-1-6/ src/lib/krb5/krb/ src/lib/krb5/os/ Message-ID: <200807142212.SAA28454@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5924 version_fixed: 1.6.4 pull up r20413 from trunk r20413 at cathode-dark-space: jaltman | 2008-06-18 15:36:49 -0400 ticket: 5924 tags: pullup This patch is derived from a patch originally submitted to RT by: Nik Conwell krb5_set_real_time() accepts as input the time of the KDC or an application server as a combination of seconds and microseconds. Often it is the case that the time source does not provide the real time with less than one second granularity. Up until this patch such a caller would fill in the microseconds parameter as zero. krb5_set_real_time() would treat the zero microseconds as the actual reported time and compute a microsecond based offset. During a one second window subsequent calls to krb5_set_real_time() would have an ever increasing offset size until the number of seconds is incremented. This in turn produces a side effect in which the microseconds value of the local clock is effectively erased. If there are multiple processes or threads on the same machine each requesting service tickets using the same client principal for the same service principal where the number of seconds reported by the KDC are equivalent, then they will now all create authenticators with exactly the same timestamp. As a result, the authenticating service will detect a replay attack even though the authenticators are actually unique. The replay cache only maintains a tuple of client, server and timestamp. This patch modifies the interpretation of the microseconds parameter. If -1 is specified, the microseconds offset is ignored. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/krb5/krb/get_in_tkt.c U branches/krb5-1-6/src/lib/krb5/os/toffset.c From tlyu at MIT.EDU Mon Jul 14 18:12:38 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 14 Jul 2008 18:12:38 -0400 (EDT) Subject: svn rev #20521: branches/krb5-1-6/ src/lib/krb5/krb/ Message-ID: <200807142212.SAA28623@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5944 version_fixed: 1.6.4 pull up r20304 from trunk r20304 at cathode-dark-space: raeburn | 2008-04-18 15:31:47 -0400 ticket: new subject: fix possible buffer overrun in handling generic-error return target_version: 1.6.5 tags: pullup Jeff Altman reported this, based on a crash seen in KfW in the wild. The krb5_data handle used to describe the message field returned by the KDC is not null-terminated, but we use a "%s" format to incorporate it into an error message string. In the right circumstances, garbage bytes can be pulled into the string, or a memory fault may result. However, as this is in the error-reporting part of the client-side code for fetching new credentials, it's a relatively minor DoS attack only, not a serious security exposure. Should be fixed in the next releases, though. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/krb5/krb/gc_via_tkt.c From tlyu at MIT.EDU Mon Jul 14 18:12:54 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 14 Jul 2008 18:12:54 -0400 (EDT) Subject: svn rev #20522: branches/krb5-1-6/ src/lib/rpc/ Message-ID: <200807142212.SAA28714@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5994 version_fixed: 1.6.4 pull up r20477 from trunk r20477 at cathode-dark-space: raeburn | 2008-06-26 20:20:33 -0400 ticket: new target_version: 1.6.4 Fix possible null pointer deref, possible uninit ptr use, possible leak in unlikely small-allocation failure case. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/rpc/auth_gssapi.c From tlyu at MIT.EDU Mon Jul 14 18:13:20 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 14 Jul 2008 18:13:20 -0400 (EDT) Subject: svn rev #20523: branches/krb5-1-6/ src/lib/krb5/krb/ Message-ID: <200807142213.SAA28798@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5996 version_fixed: 1.6.4 pull up r20480 from trunk r20480 at cathode-dark-space: raeburn | 2008-06-26 21:26:08 -0400 ticket: new subject: fix free of automatic storage target_version: 1.6.4 tags: pullup Fix a possible free of automatic storage that can happen on an (unlikely) encoding failure. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/krb5/krb/rd_safe.c From tlyu at MIT.EDU Mon Jul 14 19:23:14 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 14 Jul 2008 19:23:14 -0400 (EDT) Subject: svn rev #20524: branches/krb5-1-6/ src/lib/crypto/enc_provider/ Message-ID: <200807142323.TAA29512@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6022 version_fixed: 1.6.4 pull up r20503 from trunk r20503 at cathode-dark-space: tlyu | 2008-07-09 15:54:56 -0400 ticket: new tags: pullup component: krb5-libs subject: add copyright to lib/crypto/enc_provider/aes.c target_version: 1.6.4 lib/crypto/enc_provider/aes.c was missing a copyright statement. Added. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/crypto/enc_provider/aes.c From wfiveash at MIT.EDU Tue Jul 15 14:24:46 2008 From: wfiveash at MIT.EDU (wfiveash@MIT.EDU) Date: Tue, 15 Jul 2008 14:24:46 -0400 (EDT) Subject: svn rev #20525: branches/mkey_keytab/src/ kadmin/dbutil/ lib/kadm5/srv/ lib/kdb/ Message-ID: <200807151824.OAA10664@drugstore.mit.edu> Commit By: wfiveash Log Message: Files updated as a result of code review from Ken Raeburn. Changed Files: U branches/mkey_keytab/src/kadmin/dbutil/dump.c U branches/mkey_keytab/src/lib/kadm5/srv/server_kdb.c U branches/mkey_keytab/src/lib/kdb/kdb5.c U branches/mkey_keytab/src/lib/kdb/kdb5.h U branches/mkey_keytab/src/lib/kdb/kdb_default.c From tlyu at MIT.EDU Tue Jul 15 15:57:49 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 15 Jul 2008 15:57:49 -0400 (EDT) Subject: svn rev #20526: branches/commit-handler-test/ Message-ID: <200807151957.PAA11490@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: new subject: test commit handler change This ticket should end up in the "review" status. Changed Files: A branches/commit-handler-test/bbb/ From tlyu at MIT.EDU Tue Jul 15 17:43:36 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 15 Jul 2008 17:43:36 -0400 (EDT) Subject: svn rev #20527: trunk/ src/lib/krb5/krb/ Message-ID: <200807152143.RAA12428@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: new subject: krb5_get_cred_via_tkt() should null out_cred on errors tags: pullup target_version: 1.6.4 component: krb5-libs Helper function krb5_kdcrep2creds(), called from krb5_get_cred_via_tkt(), should null its output pointer after freeing allocated memory, to avoid returning an invalid pointer. Changed Files: _U trunk/ U trunk/src/lib/krb5/krb/gc_via_tkt.c From raeburn at MIT.EDU Tue Jul 15 19:57:05 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 15 Jul 2008 19:57:05 -0400 (EDT) Subject: svn rev #20528: trunk/ src/lib/krb5/krb/ Message-ID: <200807152357.TAA13694@drugstore.mit.edu> Commit By: raeburn Log Message: r1926 at ken-wireless: raeburn | 2008-07-15 16:49:17 -0400 ticket: 5947 status: open Add a test script for the walk_rtree code, and run some test cases that exercise the problem reported in RT ticket 5947. r1927 at ken-wireless: raeburn | 2008-07-15 19:55:10 -0400 Some more test cases. Changed Files: _U trunk/ U trunk/src/lib/krb5/krb/Makefile.in A trunk/src/lib/krb5/krb/walktree-tests From tlyu at MIT.EDU Wed Jul 16 18:35:22 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 16 Jul 2008 18:35:22 -0400 (EDT) Subject: svn rev #20529: trunk/ src/lib/gssapi/mechglue/ src/lib/krb5/ccache/ src/util/et/ Message-ID: <200807162235.SAA25644@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5962 Check return value from k5_mutex_lock() to partially mitigate some assertion failures when mutexes get destroyed out from under us. Changed Files: _U trunk/ U trunk/src/lib/gssapi/mechglue/g_initialize.c U trunk/src/lib/krb5/ccache/cc_file.c U trunk/src/util/et/error_message.c From tlyu at MIT.EDU Wed Jul 16 19:01:43 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 16 Jul 2008 19:01:43 -0400 (EDT) Subject: svn rev #20530: trunk/ src/lib/gssapi/mechglue/ Message-ID: <200807162301.TAA25883@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5962 Fix indirection on assignment to minor status. Changed Files: _U trunk/ U trunk/src/lib/gssapi/mechglue/g_initialize.c From tlyu at MIT.EDU Wed Jul 16 19:01:54 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 16 Jul 2008 19:01:54 -0400 (EDT) Subject: svn rev #20531: trunk/ src/kadmin/dbutil/ src/plugins/kdb/ldap/ldap_util/ Message-ID: <200807162301.TAA25967@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6028 target_version: 1.6.4 tags: pullup Apply patch from Mark Phalan to initialize progname before use. Changed Files: _U trunk/ U trunk/src/kadmin/dbutil/kdb5_util.c U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c From tlyu at MIT.EDU Thu Jul 17 11:44:45 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Thu, 17 Jul 2008 11:44:45 -0400 (EDT) Subject: svn rev #20532: trunk/ src/kadmin/dbutil/ src/plugins/kdb/ldap/ldap_util/ Message-ID: <200807171544.LAA06118@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6030 tags: pullup target_version: 1.6.4 Apply patch from Mark Phalan to correctly use progname instead of argv[0]. Changed Files: _U trunk/ U trunk/src/kadmin/dbutil/dump.c U trunk/src/kadmin/dbutil/kdb5_create.c U trunk/src/kadmin/dbutil/kdb5_destroy.c U trunk/src/kadmin/dbutil/kdb5_stash.c U trunk/src/kadmin/dbutil/kdb5_util.c U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h From lxs at MIT.EDU Thu Jul 17 13:00:59 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Thu, 17 Jul 2008 13:00:59 -0400 (EDT) Subject: svn rev #20533: trunk/src/kim/ lib/ lib/mac/ test/ Message-ID: <200807171700.NAA06696@drugstore.mit.edu> Commit By: lxs Log Message: Removed _t suffix from all type names. Changed Files: U trunk/src/kim/lib/kim_ccache.c U trunk/src/kim/lib/kim_ccache_private.h U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_error.c U trunk/src/kim/lib/kim_error_private.h U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_identity_private.h U trunk/src/kim/lib/kim_library.c U trunk/src/kim/lib/kim_library_private.h U trunk/src/kim/lib/kim_options.c U trunk/src/kim/lib/kim_options_private.h U trunk/src/kim/lib/kim_preferences.c U trunk/src/kim/lib/kim_preferences_private.h U trunk/src/kim/lib/kim_selection_hints.c U trunk/src/kim/lib/kim_selection_hints_private.h U trunk/src/kim/lib/kim_string.c U trunk/src/kim/lib/kim_string_private.h U trunk/src/kim/lib/mac/kim_os_identity.c U trunk/src/kim/lib/mac/kim_os_library.c U trunk/src/kim/lib/mac/kim_os_preferences.c U trunk/src/kim/lib/mac/kim_os_private.h U trunk/src/kim/lib/mac/kim_os_selection_hints.c U trunk/src/kim/lib/mac/kim_os_string.c U trunk/src/kim/test/test_kim_common.c U trunk/src/kim/test/test_kim_common.h U trunk/src/kim/test/test_kim_identity.c U trunk/src/kim/test/test_kim_preferences.c U trunk/src/kim/test/test_kim_selection_hints.c From lxs at MIT.EDU Thu Jul 17 13:02:42 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Thu, 17 Jul 2008 13:02:42 -0400 (EDT) Subject: svn rev #20534: trunk/src/include/kim/ Message-ID: <200807171702.NAA06789@drugstore.mit.edu> Commit By: lxs Log Message: Removed _t suffix from KIM types. Changed Files: U trunk/src/include/kim/kim_ccache.h U trunk/src/include/kim/kim_credential.h U trunk/src/include/kim/kim_error.h U trunk/src/include/kim/kim_identity.h U trunk/src/include/kim/kim_options.h U trunk/src/include/kim/kim_preferences.h U trunk/src/include/kim/kim_selection_hints.h U trunk/src/include/kim/kim_string.h U trunk/src/include/kim/kim_types.h From lxs at MIT.EDU Thu Jul 17 15:04:35 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Thu, 17 Jul 2008 15:04:35 -0400 (EDT) Subject: svn rev #20535: trunk/src/ccapi/server/mac/ Message-ID: <200807171904.PAA08183@drugstore.mit.edu> Commit By: lxs Log Message: ticket: 6035 CCAPI side of the patch Changed Files: U trunk/src/ccapi/server/mac/edu.mit.Kerberos.CCacheServer.plist From tlyu at MIT.EDU Thu Jul 17 19:40:34 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Thu, 17 Jul 2008 19:40:34 -0400 (EDT) Subject: svn rev #20536: trunk/ src/lib/krb5/rcache/ Message-ID: <200807172340.TAA10658@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6018 target_version: 1.6.4 tags: pullup In krb5_rc_io_creat(), unlink any existing rcache file before trying to create a new rcache. This allows better recovery from corrupt rcache files. Changed Files: _U trunk/ U trunk/src/lib/krb5/rcache/rc_io.c From tlyu at MIT.EDU Thu Jul 17 20:18:23 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Thu, 17 Jul 2008 20:18:23 -0400 (EDT) Subject: svn rev #20537: trunk/ src/lib/krb5/rcache/ Message-ID: <200807180018.UAA10971@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6002 Make krb5_rc_io_creat() use mkstemp. Changed Files: _U trunk/ U trunk/src/lib/krb5/rcache/rc_io.c From tlyu at MIT.EDU Thu Jul 17 23:08:38 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Thu, 17 Jul 2008 23:08:38 -0400 (EDT) Subject: svn rev #20538: trunk/ src/lib/krb5/rcache/ Message-ID: <200807180308.XAA12280@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6002 status: open Revert due to potential file modes race condition. Changed Files: _U trunk/ U trunk/src/lib/krb5/rcache/rc_io.c From raeburn at MIT.EDU Fri Jul 18 02:00:11 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Fri, 18 Jul 2008 02:00:11 -0400 (EDT) Subject: svn rev #20539: trunk/src/kdc/ Message-ID: <200807180600.CAA13603@drugstore.mit.edu> Commit By: raeburn Log Message: Rewrite krb5_db_open flag handling to avoid confusing emacs c-mode indentation support. Changed Files: U trunk/src/kdc/main.c From raeburn at MIT.EDU Fri Jul 18 02:45:34 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Fri, 18 Jul 2008 02:45:34 -0400 (EDT) Subject: svn rev #20540: trunk/src/ kdc/ Message-ID: <200807180645.CAA13964@drugstore.mit.edu> Commit By: raeburn Log Message: ticket: 6019 status: open On systems with struct rt_msghdr, open a routing socket and wait for messages; when they come in, if the types suggest a possibility of network interface reconfiguration, shut down the KDC's networking and bring it back up again, rescanning the interfaces in the process. Leaving the ticket open because it should be improved: * It should only close down sockets on addresses we no longer have, and bring up sockets only on new addresses. * If we have IPV6_PKTINFO support, it should only listen for IPv4 routing changes. * If we also have IP_PKTINFO support, it shouldn't be used at all. * If we build a KDC on a system with neither struct rt_msghdr nor IP_PKTINFO (do we have any such?), we'll need another solution. Thanks to Nico Williams for the routing socket suggestion, and Apple for the initial (signal-driven) reconfiguration code. Changed Files: U trunk/src/configure.in U trunk/src/kdc/network.c From raeburn at MIT.EDU Fri Jul 18 02:50:34 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Fri, 18 Jul 2008 02:50:34 -0400 (EDT) Subject: svn rev #20541: trunk/src/kdc/ Message-ID: <200807180650.CAA14084@drugstore.mit.edu> Commit By: raeburn Log Message: Set non-blocking mode on incoming TCP connections. Don't log EINTR error in select loop. Log when shutdown signal has been received and acted on. Changed Files: U trunk/src/kdc/network.c From kpkoch at MIT.EDU Fri Jul 18 10:06:00 2008 From: kpkoch at MIT.EDU (kpkoch@MIT.EDU) Date: Fri, 18 Jul 2008 10:06:00 -0400 (EDT) Subject: svn rev #20542: branches/kpkoch-ccapi/src/ ccapi/lib/win/ ccapi/server/win/ ... Message-ID: <200807181406.KAA18421@drugstore.mit.edu> Commit By: kpkoch Log Message: Component: windows TargetVersion: 1.7 Ticket: 5817 5819 This change is for both tickets 5817 and 5819 - changes for 64 bit builds. New substitution variables %WL% (word length [32 | 64]) and %cpu% [i386 | AMD64] are implemented in the various files where they make sense. Copylist entries have a new attribute - the component [base | i386 | AMD64 | leash | krb4]. The cpu and components can be specified on the command line. Multiple components must be in a space delimited quoted string. kfw-fixed.nsi must now be preprocessed in the same fashion as site-local-tagged.nsi; kfw-fixed.nsi is deleted. A number of makefiles assumed there could be only one build in the build tree at once, so make clean failed when there is more than one. [There can be four (i386/rel, i386/dbg, amd64/rel, amd64/dbg).] The makefiles have been updated. additional make clean problems in the new ccapi windows were cleaned up. In some places, the compiler was set to VS2003, not VS2005. 32/64 bit differences added to ccapi makefiles. Changed Files: U branches/kpkoch-ccapi/src/Makefile.in U branches/kpkoch-ccapi/src/ccapi/lib/win/Makefile.in U branches/kpkoch-ccapi/src/ccapi/server/win/Makefile.in U branches/kpkoch-ccapi/src/ccapi/test/Makefile.in U branches/kpkoch-ccapi/src/windows/build/BKWconfig.xml U branches/kpkoch-ccapi/src/windows/build/bkw-automation.html U branches/kpkoch-ccapi/src/windows/build/bkw.pl U branches/kpkoch-ccapi/src/windows/build/copyfiles.pl U branches/kpkoch-ccapi/src/windows/build/copyfiles.xml U branches/kpkoch-ccapi/src/windows/build/corebinaryfiles.xml U branches/kpkoch-ccapi/src/windows/build/sdkfiles.xml U branches/kpkoch-ccapi/src/windows/identity/help/Makefile U branches/kpkoch-ccapi/src/windows/identity/kcreddb/Makefile U branches/kpkoch-ccapi/src/windows/identity/kherr/Makefile U branches/kpkoch-ccapi/src/windows/identity/kmm/Makefile U branches/kpkoch-ccapi/src/windows/identity/kmq/Makefile U branches/kpkoch-ccapi/src/windows/identity/util/Makefile A branches/kpkoch-ccapi/src/windows/installer/nsis/kfw-fixed-tagged.nsi D branches/kpkoch-ccapi/src/windows/installer/nsis/kfw-fixed.nsi U branches/kpkoch-ccapi/src/windows/installer/nsis/nsi-includes-tagged.nsi U branches/kpkoch-ccapi/src/windows/installer/nsis/site-local-tagged.nsi From tlyu at MIT.EDU Fri Jul 18 14:59:48 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 18 Jul 2008 14:59:48 -0400 (EDT) Subject: svn rev #20543: trunk/ src/lib/krb5/rcache/ Message-ID: <200807181859.OAA21547@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6002 Use mkstemp(), and fstat() the file to make sure that the mkstemp() implementation is setting sane file modes. Changed Files: _U trunk/ U trunk/src/lib/krb5/rcache/rc_io.c From lxs at MIT.EDU Fri Jul 18 15:39:04 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Fri, 18 Jul 2008 15:39:04 -0400 (EDT) Subject: svn rev #20544: tags/ Message-ID: <200807181939.PAA22113@drugstore.mit.edu> Commit By: lxs Log Message: Tagging for KfM 6.5a3 Changed Files: A tags/KfM_6.5a3/ From raeburn at MIT.EDU Sun Jul 20 16:43:56 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Sun, 20 Jul 2008 16:43:56 -0400 (EDT) Subject: svn rev #20545: trunk/src/config/ Message-ID: <200807202043.QAA15317@drugstore.mit.edu> Commit By: raeburn Log Message: Drop $(SUBDIRS_ at srcdir@) hack, it's not being used any more, and confuses some versions of make. Changed Files: U trunk/src/config/pre.in From raeburn at MIT.EDU Sun Jul 20 17:07:45 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Sun, 20 Jul 2008 17:07:45 -0400 (EDT) Subject: svn rev #20546: trunk/src/ appl/ appl/gssftp/ appl/sample/ appl/simple/ appl/telnet/ ... Message-ID: <200807202107.RAA15607@drugstore.mit.edu> Commit By: raeburn Log Message: Don't set LOCAL_SUBDIRS in many places and SUBDIRS in a few and default SUBDIRS to LOCAL_SUBDIRS via pre.in. Instead, just set SUBDIRS in each directory, and don't do anything in pre.in. Changed Files: U trunk/src/appl/Makefile.in U trunk/src/appl/gssftp/Makefile.in U trunk/src/appl/sample/Makefile.in U trunk/src/appl/simple/Makefile.in U trunk/src/appl/telnet/Makefile.in U trunk/src/ccapi/Makefile.in U trunk/src/ccapi/common/Makefile.in U trunk/src/ccapi/lib/Makefile.in U trunk/src/ccapi/server/Makefile.in U trunk/src/clients/Makefile.in U trunk/src/config/pre.in U trunk/src/include/Makefile.in U trunk/src/kadmin/Makefile.in U trunk/src/kadmin/passwd/Makefile.in U trunk/src/kadmin/testing/Makefile.in U trunk/src/lib/Makefile.in U trunk/src/lib/crypto/Makefile.in U trunk/src/lib/gssapi/Makefile.in U trunk/src/lib/kadm5/Makefile.in U trunk/src/lib/krb5/Makefile.in U trunk/src/lib/krb5/ccache/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/Makefile.in U trunk/src/plugins/kdb/ldap/Makefile.in U trunk/src/tests/Makefile.in U trunk/src/util/Makefile.in From tlyu at MIT.EDU Mon Jul 21 12:08:06 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 21 Jul 2008 12:08:06 -0400 (EDT) Subject: svn rev #20548: branches/krb5-1-6/ src/kadmin/dbutil/ src/plugins/kdb/ldap/ldap_util/ Message-ID: <200807211608.MAA25424@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6028 status: resolved version_fixed: 1.6.4 pull up r20531 from trunk r20531 at cathode-dark-space: tlyu | 2008-07-16 19:01:54 -0400 ticket: 6028 target_version: 1.6.4 tags: pullup Apply patch from Mark Phalan to initialize progname before use. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/kadmin/dbutil/kdb5_util.c U branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c From tlyu at MIT.EDU Mon Jul 21 12:07:48 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 21 Jul 2008 12:07:48 -0400 (EDT) Subject: svn rev #20547: branches/krb5-1-6/ src/lib/krb5/rcache/ Message-ID: <200807211607.MAA25340@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6018 status: resolved version_fixed: 1.6.4 pull up r20536 from trunk r20536 at cathode-dark-space: tlyu | 2008-07-17 19:40:32 -0400 ticket: 6018 target_version: 1.6.4 tags: pullup In krb5_rc_io_creat(), unlink any existing rcache file before trying to create a new rcache. This allows better recovery from corrupt rcache files. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/krb5/rcache/rc_io.c From tlyu at MIT.EDU Mon Jul 21 12:08:19 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 21 Jul 2008 12:08:19 -0400 (EDT) Subject: svn rev #20549: branches/krb5-1-6/ src/kadmin/dbutil/ src/plugins/kdb/ldap/ldap_util/ Message-ID: <200807211608.MAA25508@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6030 status: resolved version_fixed: 1.6.4 pull up r20532 from trunk r20532 at cathode-dark-space: tlyu | 2008-07-17 11:44:43 -0400 ticket: 6030 tags: pullup target_version: 1.6.4 Apply patch from Mark Phalan to correctly use progname instead of argv[0]. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/kadmin/dbutil/dump.c U branches/krb5-1-6/src/kadmin/dbutil/kdb5_create.c U branches/krb5-1-6/src/kadmin/dbutil/kdb5_destroy.c U branches/krb5-1-6/src/kadmin/dbutil/kdb5_stash.c U branches/krb5-1-6/src/kadmin/dbutil/kdb5_util.c U branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c U branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c U branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c U branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c U branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h From tlyu at MIT.EDU Mon Jul 21 12:08:33 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 21 Jul 2008 12:08:33 -0400 (EDT) Subject: svn rev #20550: branches/krb5-1-6/ src/lib/krb5/krb/ Message-ID: <200807211608.MAA25592@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6033 status: resolved version_fixed: 1.6.4 pull up r20527 from trunk r20527 at cathode-dark-space: tlyu | 2008-07-15 17:43:35 -0400 ticket: new subject: krb5_get_cred_via_tkt() should null out_cred on errors tags: pullup target_version: 1.6.4 component: krb5-libs Helper function krb5_kdcrep2creds(), called from krb5_get_cred_via_tkt(), should null its output pointer after freeing allocated memory, to avoid returning an invalid pointer. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/krb5/krb/gc_via_tkt.c From jaltman at MIT.EDU Mon Jul 21 13:44:43 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Mon, 21 Jul 2008 13:44:43 -0400 (EDT) Subject: svn rev #20551: trunk/src/lib/krb5/ccache/ Message-ID: <200807211744.NAA26572@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: 5080 tags: pullup ccdefault.c: krb5_cc_default_name() is permitted to return a NULL pointer as a valid output. Passing a NULL pointer to strcmp() will result in an exception as NULL is not a valid input parameter to strcmp(). Save the output of krb5_cc_default_name() to a variable and modify the conditional to set the new default ccache name in the case where there is no existing default ccache name. Changed Files: U trunk/src/lib/krb5/ccache/ccdefault.c From raeburn at MIT.EDU Mon Jul 21 14:39:34 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 21 Jul 2008 14:39:34 -0400 (EDT) Subject: svn rev #20552: trunk/src/kdc/ Message-ID: <200807211839.OAA27271@drugstore.mit.edu> Commit By: raeburn Log Message: When reading from the routing socket, only provide enough space for the header and ignore the rest of the message. Don't complain about message size as long as we got the bits of the header we care about. Changed Files: U trunk/src/kdc/network.c From jaltman at MIT.EDU Mon Jul 21 14:48:03 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Mon, 21 Jul 2008 14:48:03 -0400 (EDT) Subject: svn rev #20553: trunk/src/lib/ Message-ID: <200807211848.OAA27448@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: new subject: Assign fixed ordinals to comerr32.dll exports component: krb5-libs tags: pullup All of the other libraries on Windows have fixed assignments of ordinals to the exported functions. Assign the ordinals that were in use in the last public release, kfw 3.2.2, so that they will remain constant into the future in case additional exports are added to the library. Changed Files: U trunk/src/lib/comerr32.def From jaltman at MIT.EDU Mon Jul 21 15:20:06 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Mon, 21 Jul 2008 15:20:06 -0400 (EDT) Subject: svn rev #20554: trunk/src/util/support/ Message-ID: <200807211920.PAA28047@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: 3737 An implementation of opendir() and friends for _WIN32 plus an implementation of the plugin support that makes use of them. Changed Files: U trunk/src/util/support/plugins.c From jaltman at MIT.EDU Mon Jul 21 15:43:21 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Mon, 21 Jul 2008 15:43:21 -0400 (EDT) Subject: svn rev #20555: trunk/src/lib/krb5/ccache/ Message-ID: <200807211943.PAA28962@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: 5895 tags: pullup There are two mutex locking issues that Roland Dowdeswell noticed in the memory ccache. The first one is in cc_memory.c:krb5_mcc_initialize(). When it is free(3)ing the existing credentials it does not lock the data structures and hence two separate threads can run into issues. The same problem exists in cc_memory.c:krb5_mcc_destroy(). Changed Files: U trunk/src/lib/krb5/ccache/cc_memory.c From raeburn at MIT.EDU Mon Jul 21 16:13:58 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 21 Jul 2008 16:13:58 -0400 (EDT) Subject: svn rev #20556: branches/mt-kdc/src/kdc/ Message-ID: <200807212013.QAA29784@drugstore.mit.edu> Commit By: raeburn Log Message: Fix from Savitha R, 2008-01-31 for bug: Segfault in KDC when dispatch function returs an error (network.c). Changed Files: U branches/mt-kdc/src/kdc/network.c From jaltman at MIT.EDU Mon Jul 21 16:30:45 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Mon, 21 Jul 2008 16:30:45 -0400 (EDT) Subject: svn rev #20557: trunk/src/lib/kadm5/ Message-ID: <200807212030.QAA00377@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: 5839 tags: pullup krb5_string_to_keysalts() Fix an infinite loop in the parsing of 'kp' Changed Files: U trunk/src/lib/kadm5/str_conv.c From jaltman at MIT.EDU Mon Jul 21 16:33:54 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Mon, 21 Jul 2008 16:33:54 -0400 (EDT) Subject: svn rev #20558: trunk/src/lib/kadm5/srv/ Message-ID: <200807212033.QAA00488@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: 5840 tags: pullup kadm5_decrypt_key(). This patch prevents the returned keyblock's enctype from being coerced to the requested 'ktype' if the requested 'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored". Changed Files: U trunk/src/lib/kadm5/srv/svr_principal.c From jaltman at MIT.EDU Mon Jul 21 16:47:36 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Mon, 21 Jul 2008 16:47:36 -0400 (EDT) Subject: svn rev #20559: trunk/src/lib/gssapi/krb5/ Message-ID: <200807212047.QAA00700@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: 5442 tags: pullup This patch addresses the issues raised in this ticket and ticket 5936. (a) In the case where 'cred_handle' != 'verifier_cred_handle'[1] krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success case and the failure cases that result in returning from the function prior to reaching the end of the function. (b) The meaningful 'minor_status' return value is destroyed during the cleanup operations. The approach taken is to add a new 'exit:' label prior to the end of the function through which all function returns after reaching the 'fail:' label will goto. After 'exit:', the 'cred_handle' will be released and if there is a krb5_context 'context' to be freed, the error info will be saved and krb5_free_context() will be called. In the success case, the krb5_context is saved in the gss context and we now set 'context' to NULL to prevent it from being freed. In order to preserve the minor_status return code, a 'tmp_minor_status' variable is added that is used after the 'fail:' label in calls to krb5_gss_delete_sec_context() and krb5_gss_release_cred(). [1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to the value of 'verifier_cred_handle'. Changed Files: U trunk/src/lib/gssapi/krb5/accept_sec_context.c From raeburn at MIT.EDU Mon Jul 21 16:56:28 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 21 Jul 2008 16:56:28 -0400 (EDT) Subject: svn rev #20560: trunk/src/lib/krb5/ccache/ Message-ID: <200807212056.QAA00907@drugstore.mit.edu> Commit By: raeburn Log Message: Check for null name to krb5_cc_resolve, and return an error. Changed Files: U trunk/src/lib/krb5/ccache/ccbase.c From raeburn at MIT.EDU Mon Jul 21 16:59:24 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 21 Jul 2008 16:59:24 -0400 (EDT) Subject: svn rev #20561: trunk/src/lib/krb5/ccache/ Message-ID: <200807212059.QAA01015@drugstore.mit.edu> Commit By: raeburn Log Message: ticket: 5980 Another check for null return from krb5_cc_default_name. Changed Files: U trunk/src/lib/krb5/ccache/ccdefault.c From tlyu at MIT.EDU Mon Jul 21 18:59:02 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 21 Jul 2008 18:59:02 -0400 (EDT) Subject: svn rev #20562: branches/krb5-1-6/ src/lib/krb5/ccache/ Message-ID: <200807212259.SAA02033@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5895 status: resolved version_fixed: 1.6.4 pull up r20555 from trunk r20555 at cathode-dark-space: jaltman | 2008-07-21 15:43:21 -0400 ticket: 5895 tags: pullup There are two mutex locking issues that Roland Dowdeswell noticed in the memory ccache. The first one is in cc_memory.c:krb5_mcc_initialize(). When it is free(3)ing the existing credentials it does not lock the data structures and hence two separate threads can run into issues. The same problem exists in cc_memory.c:krb5_mcc_destroy(). Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/krb5/ccache/cc_memory.c From tlyu at MIT.EDU Mon Jul 21 18:59:40 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 21 Jul 2008 18:59:40 -0400 (EDT) Subject: svn rev #20565: branches/krb5-1-6/ src/lib/krb5/ccache/ Message-ID: <200807212259.SAA02292@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5980 version_fixed: 1.6.4 status: resolved pull up r20561 from trunk (includes unrelated cleanup of dead assignment) r20561 at cathode-dark-space: raeburn | 2008-07-21 16:59:24 -0400 ticket: 5980 Another check for null return from krb5_cc_default_name. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/krb5/ccache/ccdefault.c From tlyu at MIT.EDU Mon Jul 21 18:59:16 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 21 Jul 2008 18:59:16 -0400 (EDT) Subject: svn rev #20563: branches/krb5-1-6/ src/lib/kadm5/ Message-ID: <200807212259.SAA02117@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5839 status: resolved version_fixed: 1.6.4 pull up r20557 from trunk r20557 at cathode-dark-space: jaltman | 2008-07-21 16:30:44 -0400 ticket: 5839 tags: pullup krb5_string_to_keysalts() Fix an infinite loop in the parsing of 'kp' Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/kadm5/str_conv.c From tlyu at MIT.EDU Mon Jul 21 18:59:28 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 21 Jul 2008 18:59:28 -0400 (EDT) Subject: svn rev #20564: branches/krb5-1-6/ src/lib/krb5/ccache/ Message-ID: <200807212259.SAA02205@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5980 pull up r20551 from trunk r20551 at cathode-dark-space: jaltman | 2008-07-21 13:44:43 -0400 ticket: 5080 tags: pullup ccdefault.c: krb5_cc_default_name() is permitted to return a NULL pointer as a valid output. Passing a NULL pointer to strcmp() will result in an exception as NULL is not a valid input parameter to strcmp(). Save the output of krb5_cc_default_name() to a variable and modify the conditional to set the new default ccache name in the case where there is no existing default ccache name. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/krb5/ccache/ccdefault.c From raeburn at MIT.EDU Tue Jul 22 15:15:53 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 22 Jul 2008 15:15:53 -0400 (EDT) Subject: svn rev #20566: trunk/src/include/ Message-ID: <200807221915.PAA11681@drugstore.mit.edu> Commit By: raeburn Log Message: ticket: 5962 status: open A step towards ensuring we check mutex lock attempt results... Always use inline function k5_mutex_lock_1 instead of gcc statement expression, even under gcc. Under gcc 4, declane k5_mutex_lock_1 and krb5int_mutex_lock with attribute warn_unused_result. In k5_mutex_destroy macro, only store destroy code source+line if we succeed in temporarily locking the mutex. Changed Files: U trunk/src/include/k5-thread.h From raeburn at MIT.EDU Tue Jul 22 15:34:25 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 22 Jul 2008 15:34:25 -0400 (EDT) Subject: svn rev #20567: trunk/src/ lib/krb5/keytab/ plugins/kdb/ldap/libkdb_ldap/ util/support/ Message-ID: <200807221934.PAA11999@drugstore.mit.edu> Commit By: raeburn Log Message: ticket: 5962 Catch a few more cases of unchecked k5_mutex_lock calls. Changed Files: U trunk/src/lib/krb5/keytab/kt_file.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c U trunk/src/util/support/errors.c From lxs at MIT.EDU Tue Jul 22 15:56:11 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Tue, 22 Jul 2008 15:56:11 -0400 (EDT) Subject: svn rev #20568: trunk/ doc/ Message-ID: <200807221956.PAA12325@drugstore.mit.edu> Commit By: lxs Log Message: ticket: new owner: tlyu subject: Add Apple Inc. to copyright lists. Changed Files: U trunk/README U trunk/doc/copyright.texinfo From kpkoch at MIT.EDU Tue Jul 22 16:13:29 2008 From: kpkoch at MIT.EDU (kpkoch@MIT.EDU) Date: Tue, 22 Jul 2008 16:13:29 -0400 (EDT) Subject: svn rev #20569: branches/kpkoch-ccapi/src/windows/ build/ installer/nsis/ Message-ID: <200807222013.QAA12608@drugstore.mit.edu> Commit By: kpkoch Log Message: Component: windows TargetVersion: 1.7 Ticket: 5817 5819 More changes for 64 bit builds. Add %cpu% substitution; write the file with perl print instead of echo. Echo will substitute %cpu% ;-). Replicate CopyList Config section into each CopyList. Add component attribute to all CopyLists. Change more xxx32xxx to xxx%WL% and xxxi386xxx to xxx%cpu%xxx. Changed Files: U branches/kpkoch-ccapi/src/windows/build/BKWconfig.xml U branches/kpkoch-ccapi/src/windows/build/bkw.pl U branches/kpkoch-ccapi/src/windows/build/corebinaryfiles.xml U branches/kpkoch-ccapi/src/windows/build/sdkfiles.xml U branches/kpkoch-ccapi/src/windows/installer/nsis/kfw-fixed-tagged.nsi From jaltman at MIT.EDU Wed Jul 23 10:38:28 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Wed, 23 Jul 2008 10:38:28 -0400 (EDT) Subject: svn rev #20570: trunk/src/windows/identity/ui/ Message-ID: <200807231438.KAA21461@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: 5605 tags: pullup cw_handle_header_msg(): The behavior of the HDN_ENDTRACK notification has changed slightly on Vista. HDM_GETITEMRECT, when used while handling HDN_ENDTRACK, returns the item extents that were there prior to the user starting the resizing operation. Earlier it would return the extents that resulted from the resizing operation. This resulted in a visual update problem on Windows Vista/2008 in the NIM Advanced View. Changed Files: U trunk/src/windows/identity/ui/credwnd.c From jaltman at MIT.EDU Wed Jul 23 10:44:51 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Wed, 23 Jul 2008 10:44:51 -0400 (EDT) Subject: svn rev #20571: trunk/src/windows/identity/plugins/common/ Message-ID: <200807231444.KAA21583@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: 6046 tags: pullup The /src/windows/identity/plugins/common/dynimport.{c,h} files are used by the NIM Kerberos v5 plug-ins for run-time dynamic linking. They currently do not declare or import the following functions: krb5_get_error_message() krb5_free_error_message() krb5_clear_error_message() This patch adds declarations and definitions required for locating these functions. Relies on the addition of these functions to the prototype list in the Pismere loadfuncs-krb5.h. See ticket 6045. Changed Files: U trunk/src/windows/identity/plugins/common/dynimport.c U trunk/src/windows/identity/plugins/common/dynimport.h From jaltman at MIT.EDU Wed Jul 23 11:04:27 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Wed, 23 Jul 2008 11:04:27 -0400 (EDT) Subject: svn rev #20572: trunk/src/windows/identity/plugins/krb5/ Message-ID: <200807231504.LAA21804@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: 5745 tags: pullup This patch modifies the NIM Kerberos v5 plug-in to use the krb5_get_error_message() function to look up the error string if the call to krb5_get_init_creds_password() fails. If the call to krb5_get_error_message() fails, the caller will failover to the previous method of looking up a suitable error message based on the error code. Changed Files: U trunk/src/windows/identity/plugins/krb5/krb5funcs.c U trunk/src/windows/identity/plugins/krb5/krb5funcs.h U trunk/src/windows/identity/plugins/krb5/krb5newcreds.c U trunk/src/windows/identity/plugins/krb5/krbcred.h From jaltman at MIT.EDU Wed Jul 23 11:09:16 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Wed, 23 Jul 2008 11:09:16 -0400 (EDT) Subject: svn rev #20573: trunk/src/windows/identity/kherr/ Message-ID: <200807231509.LAA21916@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: 6047 tags: pullup The NIM error reporting functions (in src/windows/identity/kherr ) keep track of the the error message with the highest severity level that was reported for a specific error reporting context. However, if another error message of the same severity is reported, the error message being tracked will be updated to be the newly received error. The user will often only be notified of the error message that was tracked for a specific operation. Therefore, tracking the last message with the highest priority has the unfortunate side-effect of not reporting the cause of a failure. This patch changes the condition for updating the tracked error message to be the first message with the highest severity. Changed Files: U trunk/src/windows/identity/kherr/kherr.c From jaltman at MIT.EDU Wed Jul 23 12:03:40 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Wed, 23 Jul 2008 12:03:40 -0400 (EDT) Subject: svn rev #20574: trunk/src/lib/gssapi/krb5/ Message-ID: <200807231603.MAA23009@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: 5442 replace "exit" label with "done" Changed Files: U trunk/src/lib/gssapi/krb5/accept_sec_context.c From tlyu at MIT.EDU Wed Jul 23 13:06:56 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 23 Jul 2008 13:06:56 -0400 (EDT) Subject: svn rev #20575: trunk/ src/lib/gssapi/krb5/ Message-ID: <200807231706.NAA23686@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5442 Fix one missed rename of "exit" label to "done". Changed Files: _U trunk/ U trunk/src/lib/gssapi/krb5/accept_sec_context.c From kpkoch at MIT.EDU Wed Jul 23 14:37:07 2008 From: kpkoch at MIT.EDU (kpkoch@MIT.EDU) Date: Wed, 23 Jul 2008 14:37:07 -0400 (EDT) Subject: svn rev #20576: branches/kpkoch-ccapi/src/windows/build/ Message-ID: <200807231837.OAA24962@drugstore.mit.edu> Commit By: kpkoch Log Message: Component: windows TargetVersion: 1.7 Ticket: 5817 5819 More changes for 64 bit builds. Remove debug messages. Add components to copylist elements. Change some more xxx32xxx to xxx%WL%xxx. Changed Files: U branches/kpkoch-ccapi/src/windows/build/bkw.pl U branches/kpkoch-ccapi/src/windows/build/copyfiles.pl U branches/kpkoch-ccapi/src/windows/build/corebinaryfiles.xml From kpkoch at MIT.EDU Wed Jul 23 14:42:30 2008 From: kpkoch at MIT.EDU (kpkoch@MIT.EDU) Date: Wed, 23 Jul 2008 14:42:30 -0400 (EDT) Subject: svn rev #20577: branches/kpkoch-ccapi/src/ccapi/lib/win/OldCC/ Message-ID: <200807231842.OAA25116@drugstore.mit.edu> Commit By: kpkoch Log Message: TargetVersion: 1.7 Component: krb5-libs Ticket: 5594 Don't show window when spawning server. Changed Files: U branches/kpkoch-ccapi/src/ccapi/lib/win/OldCC/client.cxx From jaltman at MIT.EDU Wed Jul 23 16:55:57 2008 From: jaltman at MIT.EDU (jaltman@MIT.EDU) Date: Wed, 23 Jul 2008 16:55:57 -0400 (EDT) Subject: svn rev #20578: trunk/src/ include/gssrpc/ lib/rpc/ Message-ID: <200807232055.QAA28249@drugstore.mit.edu> Commit By: jaltman Log Message: ticket: 6041 tags: pullup In the gss rpc package, replace the type used for a socket on Windows with SOCKET (instead of int) and replace all calls to close() that are used to close sockets with closesocket(). src/include/port-sockets.h includes the definitions of SOCKET and closesocket() for non-Windows systems. Changed Files: U trunk/src/include/gssrpc/svc.h U trunk/src/lib/rpc/clnt_simple.c U trunk/src/lib/rpc/clnt_tcp.c U trunk/src/lib/rpc/clnt_udp.c U trunk/src/lib/rpc/pmap_rmt.c U trunk/src/lib/rpc/svc_tcp.c U trunk/src/lib/rpc/svc_udp.c From lxs at MIT.EDU Thu Jul 24 17:26:16 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Thu, 24 Jul 2008 17:26:16 -0400 (EDT) Subject: svn rev #20579: trunk/src/ include/kim/ kim/lib/ kim/lib/mac/ Message-ID: <200807242126.RAA12178@drugstore.mit.edu> Commit By: lxs Log Message: ticket: new subject: Return extended krb5 error strings Use krb5_get_error_message instead of error_message for detailed krb5 error strings. Also removed a few remaining instances of types ending in _t and fixed up some whitespace issues. Recommend ignoring whitespace diff. Changed Files: U trunk/src/include/kim/kim_options.h U trunk/src/kim/lib/kim_ccache.c U trunk/src/kim/lib/kim_ccache_private.h U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_error.c U trunk/src/kim/lib/kim_error_private.h U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_identity_private.h U trunk/src/kim/lib/kim_options.c U trunk/src/kim/lib/kim_options_private.h U trunk/src/kim/lib/kim_preferences.c U trunk/src/kim/lib/kim_preferences_private.h U trunk/src/kim/lib/kim_selection_hints_private.h U trunk/src/kim/lib/kim_string.c U trunk/src/kim/lib/kim_string_private.h U trunk/src/kim/lib/mac/kim_os_preferences.c U trunk/src/kim/lib/mac/kim_os_private.h U trunk/src/kim/lib/mac/kim_os_selection_hints.c U trunk/src/kim/lib/mac/kim_os_string.c From raeburn at MIT.EDU Fri Jul 25 15:19:07 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Fri, 25 Jul 2008 15:19:07 -0400 (EDT) Subject: svn rev #20580: trunk/src/lib/kadm5/clnt/ Message-ID: <200807251919.PAA23837@drugstore.mit.edu> Commit By: raeburn Log Message: ticket: new target_version: 1.6.4 tags: pullup subject: fix possible uninit variable use in error path Clear gss_client and gss_target before any possible branch to 'error', where they can be used. Changed Files: U trunk/src/lib/kadm5/clnt/client_init.c From tlyu at MIT.EDU Fri Jul 25 16:32:56 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 25 Jul 2008 16:32:56 -0400 (EDT) Subject: svn rev #20581: branches/krb5-1-6/ src/lib/gssapi/krb5/ Message-ID: <200807252032.QAA24536@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5442 pull up r20559 from trunk r20559 at cathode-dark-space: jaltman | 2008-07-21 16:47:35 -0400 ticket: 5442 tags: pullup This patch addresses the issues raised in this ticket and ticket 5936. (a) In the case where 'cred_handle' != 'verifier_cred_handle'[1] krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success case and the failure cases that result in returning from the function prior to reaching the end of the function. (b) The meaningful 'minor_status' return value is destroyed during the cleanup operations. The approach taken is to add a new 'exit:' label prior to the end of the function through which all function returns after reaching the 'fail:' label will goto. After 'exit:', the 'cred_handle' will be released and if there is a krb5_context 'context' to be freed, the error info will be saved and krb5_free_context() will be called. In the success case, the krb5_context is saved in the gss context and we now set 'context' to NULL to prevent it from being freed. In order to preserve the minor_status return code, a 'tmp_minor_status' variable is added that is used after the 'fail:' label in calls to krb5_gss_delete_sec_context() and krb5_gss_release_cred(). [1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to the value of 'verifier_cred_handle'. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/gssapi/krb5/accept_sec_context.c From tlyu at MIT.EDU Fri Jul 25 16:33:32 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 25 Jul 2008 16:33:32 -0400 (EDT) Subject: svn rev #20583: branches/krb5-1-6/ src/lib/gssapi/krb5/ Message-ID: <200807252033.QAA24707@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5442 version_fixed: 1.6.4 status: resolved r20575 at cathode-dark-space: tlyu | 2008-07-23 13:06:56 -0400 ticket: 5442 Fix one missed rename of "exit" label to "done". Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/gssapi/krb5/accept_sec_context.c From tlyu at MIT.EDU Fri Jul 25 16:33:18 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 25 Jul 2008 16:33:18 -0400 (EDT) Subject: svn rev #20582: branches/krb5-1-6/ src/lib/gssapi/krb5/ Message-ID: <200807252033.QAA24623@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5442 pull up r20574 from trunk r20574 at cathode-dark-space: jaltman | 2008-07-23 12:03:40 -0400 ticket: 5442 replace "exit" label with "done" Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/gssapi/krb5/accept_sec_context.c From tlyu at MIT.EDU Fri Jul 25 17:07:57 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 25 Jul 2008 17:07:57 -0400 (EDT) Subject: svn rev #20584: branches/krb5-1-6/ src/lib/kadm5/srv/ Message-ID: <200807252107.RAA25039@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5840 version_fixed: 1.6.4 status: resolved pull up r20558 from trunk r20558 at cathode-dark-space: jaltman | 2008-07-21 16:33:53 -0400 ticket: 5840 tags: pullup kadm5_decrypt_key(). This patch prevents the returned keyblock's enctype from being coerced to the requested 'ktype' if the requested 'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored". Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/kadm5/srv/svr_principal.c From tlyu at MIT.EDU Fri Jul 25 17:47:03 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 25 Jul 2008 17:47:03 -0400 (EDT) Subject: svn rev #20585: branches/krb5-1-6/ src/lib/ Message-ID: <200807252147.RAA25380@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 6040 version_fixed: 1.6.4 status: resolved pull up r20553 from trunk r20553 at cathode-dark-space: jaltman | 2008-07-21 14:48:03 -0400 ticket: new subject: Assign fixed ordinals to comerr32.dll exports component: krb5-libs tags: pullup All of the other libraries on Windows have fixed assignments of ordinals to the exported functions. Assign the ordinals that were in use in the last public release, kfw 3.2.2, so that they will remain constant into the future in case additional exports are added to the library. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/comerr32.def From tlyu at MIT.EDU Fri Jul 25 18:39:02 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 25 Jul 2008 18:39:02 -0400 (EDT) Subject: svn rev #20586: branches/krb5-1-6/ src/kdc/ src/lib/krb5/os/ Message-ID: <200807252239.SAA25814@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5995 pull up r20127 from trunk r20127 at cathode-dark-space: raeburn | 2007-10-17 20:14:01 -0400 Reject socket fds > FD_SETSIZE. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/kdc/network.c U branches/krb5-1-6/src/lib/krb5/os/sendto_kdc.c From tlyu at MIT.EDU Fri Jul 25 18:39:29 2008 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 25 Jul 2008 18:39:29 -0400 (EDT) Subject: svn rev #20587: branches/krb5-1-6/ src/lib/krb5/os/ Message-ID: <200807252239.SAA25898@drugstore.mit.edu> Commit By: tlyu Log Message: ticket: 5995 version_fixed: 1.6.4 status: resolved pull up r20478 from trunk r20478 at cathode-dark-space: raeburn | 2008-06-26 20:22:43 -0400 ticket: new target_version: 1.6.4 Fix off-by-one error in range check on file descriptor number. Changed Files: _U branches/krb5-1-6/ U branches/krb5-1-6/src/lib/krb5/os/sendto_kdc.c From raeburn at MIT.EDU Wed Jul 30 06:02:34 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Wed, 30 Jul 2008 06:02:34 -0400 (EDT) Subject: svn rev #20588: trunk/src/include/ Message-ID: <200807301002.GAA28148@drugstore.mit.edu> Commit By: raeburn Log Message: Remove unused file. Changed Files: D trunk/src/include/adm_defs.h From raeburn at MIT.EDU Wed Jul 30 06:32:59 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Wed, 30 Jul 2008 06:32:59 -0400 (EDT) Subject: svn rev #20589: trunk/src/lib/kadm5/ Message-ID: <200807301032.GAA28419@drugstore.mit.edu> Commit By: raeburn Log Message: Delete decls for nonexistent functions, and an unused typedef. Changed Files: U trunk/src/lib/kadm5/adb.h From lxs at MIT.EDU Wed Jul 30 16:52:13 2008 From: lxs at MIT.EDU (lxs@MIT.EDU) Date: Wed, 30 Jul 2008 16:52:13 -0400 (EDT) Subject: svn rev #20590: trunk/src/ include/kim/ kim/agent/mac/ kim/agent/mac/resources/English.lproj/ ... Message-ID: <200807302052.QAA03561@drugstore.mit.edu> Commit By: lxs Log Message: ticket: 6055 status: open Additional implementation of the KerberosAgent. Changed Files: U trunk/src/include/kim/kim_ccache.h U trunk/src/include/kim/kim_error.h A trunk/src/kim/agent/mac/BadgedImageView.h A trunk/src/kim/agent/mac/BadgedImageView.m A trunk/src/kim/agent/mac/Identities.h A trunk/src/kim/agent/mac/Identities.m A trunk/src/kim/agent/mac/KerberosAgentController.h A trunk/src/kim/agent/mac/KerberosAgentController.m A trunk/src/kim/agent/mac/PopupButton.h A trunk/src/kim/agent/mac/PopupButton.m A trunk/src/kim/agent/mac/SelectIdentityController.h A trunk/src/kim/agent/mac/SelectIdentityController.m U trunk/src/kim/agent/mac/resources/English.lproj/Authentication.xib U trunk/src/kim/agent/mac/resources/English.lproj/MainMenu.xib A trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib U trunk/src/kim/lib/kim.exports U trunk/src/kim/lib/kim_ccache.c U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_error.c From raeburn at MIT.EDU Thu Jul 31 09:33:37 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 31 Jul 2008 09:33:37 -0400 (EDT) Subject: svn rev #20591: trunk/src/kadmin/dbutil/ Message-ID: <200807311333.JAA14400@drugstore.mit.edu> Commit By: raeburn Log Message: Reuse more k5beta7 code for iprop. Changed Files: U trunk/src/kadmin/dbutil/dump.c From raeburn at MIT.EDU Thu Jul 31 09:42:49 2008 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 31 Jul 2008 09:42:49 -0400 (EDT) Subject: svn rev #20592: trunk/doc/ Message-ID: <200807311342.JAA14547@drugstore.mit.edu> Commit By: raeburn Log Message: note lack of policy propagation Changed Files: U trunk/doc/iprop-notes.txt