From raeburn at MIT.EDU Mon Feb 2 11:54:45 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 11:54:45 -0500 (EST) Subject: svn rev #21860: trunk/src/kdc/ Message-ID: <200902021654.LAA04946@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21860 Commit By: raeburn Log Message: ticket: 6356 subject: small storage leak in KDC startup target_version: 1.7 tags: pullup Remove duplicate strdup call. Changed Files: U trunk/src/kdc/main.c Modified: trunk/src/kdc/main.c =================================================================== --- trunk/src/kdc/main.c 2009-02-01 03:39:10 UTC (rev 21859) +++ trunk/src/kdc/main.c 2009-02-02 16:54:38 UTC (rev 21860) @@ -585,7 +585,6 @@ } } if (default_tcp_ports == 0) { - default_tcp_ports = strdup(DEFAULT_KDC_TCP_PORTLIST); default_tcp_ports = strdup(DEFAULT_KDC_TCP_PORTLIST); if (default_tcp_ports == 0) { fprintf(stderr," KDC cannot initialize. Not enough memory\n"); From raeburn at MIT.EDU Mon Feb 2 12:40:01 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 12:40:01 -0500 (EST) Subject: svn rev #21861: trunk/src/lib/gssapi/krb5/ Message-ID: <200902021740.MAA05694@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21861 Commit By: raeburn Log Message: explicitly initialize pointer fields after memset (for coverity) Changed Files: U trunk/src/lib/gssapi/krb5/init_sec_context.c Modified: trunk/src/lib/gssapi/krb5/init_sec_context.c =================================================================== --- trunk/src/lib/gssapi/krb5/init_sec_context.c 2009-02-02 16:54:38 UTC (rev 21860) +++ trunk/src/lib/gssapi/krb5/init_sec_context.c 2009-02-02 17:39:59 UTC (rev 21861) @@ -132,6 +132,7 @@ k5_mutex_assert_locked(&cred->lock); memset((char *) &in_creds, 0, sizeof(krb5_creds)); + in_creds.client = in_creds.server = NULL; if ((code = krb5_copy_principal(context, cred->princ, &in_creds.client))) goto cleanup; From raeburn at MIT.EDU Mon Feb 2 13:10:34 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 13:10:34 -0500 (EST) Subject: svn rev #21862: trunk/src/kdc/ Message-ID: <200902021810.NAA06249@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21862 Commit By: raeburn Log Message: reapply memchr patch Changed Files: U trunk/src/kdc/do_tgs_req.c Modified: trunk/src/kdc/do_tgs_req.c =================================================================== --- trunk/src/kdc/do_tgs_req.c 2009-02-02 17:39:59 UTC (rev 21861) +++ trunk/src/kdc/do_tgs_req.c 2009-02-02 18:10:30 UTC (rev 21862) @@ -1068,7 +1068,6 @@ prep_reprocess_req(krb5_kdc_req *request, krb5_principal *krbtgt_princ) { krb5_error_code retval = KRB5KRB_AP_ERR_BADMATCH; - size_t len = 0; char **realms, **cpp, *temp_buf=NULL; krb5_data *comp1 = NULL, *comp2 = NULL; char *comp1_str = NULL; @@ -1110,11 +1109,8 @@ (krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, "*") == FALSE && krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, comp1_str) == FALSE))) { - for (len=0; len < comp2->length; len++) { - if (comp2->data[len] == '.') break; - } - if (len == comp2->length) - goto cleanup; + if (memchr(comp2->data, '.', comp2->length) == NULL) + goto cleanup; temp_buf = calloc(1, comp2->length+1); if (!temp_buf){ retval = ENOMEM; From raeburn at MIT.EDU Mon Feb 2 13:13:00 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 13:13:00 -0500 (EST) Subject: svn rev #21863: trunk/src/lib/crypto/ Message-ID: <200902021813.NAA06353@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21863 Commit By: raeburn Log Message: comment whitespace Changed Files: U trunk/src/lib/crypto/t_prng.c Modified: trunk/src/lib/crypto/t_prng.c =================================================================== --- trunk/src/lib/crypto/t_prng.c 2009-02-02 18:10:30 UTC (rev 21862) +++ trunk/src/lib/crypto/t_prng.c 2009-02-02 18:12:57 UTC (rev 21863) @@ -24,17 +24,17 @@ * or implied warranty. * * This file contains tests for the PRNG code in Kerberos. IT reads - *an input file, and writes an output file. It is assumed that the - *output file will be diffed against expected output to see whether - *regression tests pass. The input file is very primitive format. It - *is composed of alternating seeds and outputs. The first line in - *the file is an integer source Id from the krb5_c_randsource enum in - *krb5.h. Then an integer seed length is be - *read. Then that many bytes (encoded in hex) is read; whitspace or - *newlines may be inserted between bytes. Then after the seed data is - *a integer describing how many bytes of output should be written. - *Then another source ID and seed length is read. If the seed length - *is 0, the source id is ignored and the seed is not seeded. + * an input file, and writes an output file. It is assumed that the + * output file will be diffed against expected output to see whether + * regression tests pass. The input file is very primitive format. It + * is composed of alternating seeds and outputs. The first line in + * the file is an integer source Id from the krb5_c_randsource enum in + * krb5.h. Then an integer seed length is be + * read. Then that many bytes (encoded in hex) is read; whitspace or + * newlines may be inserted between bytes. Then after the seed data is + * an integer describing how many bytes of output should be written. + * Then another source ID and seed length is read. If the seed length + * is 0, the source id is ignored and the seed is not seeded. */ #include "k5-int.h" From raeburn at MIT.EDU Mon Feb 2 13:14:52 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 13:14:52 -0500 (EST) Subject: svn rev #21864: trunk/src/lib/crypto/ Message-ID: <200902021814.NAA06462@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21864 Commit By: raeburn Log Message: comment needed some grammatical/typographical fixes too Changed Files: U trunk/src/lib/crypto/t_prng.c Modified: trunk/src/lib/crypto/t_prng.c =================================================================== --- trunk/src/lib/crypto/t_prng.c 2009-02-02 18:12:57 UTC (rev 21863) +++ trunk/src/lib/crypto/t_prng.c 2009-02-02 18:14:50 UTC (rev 21864) @@ -23,18 +23,18 @@ * this software for any purpose. It is provided "as is" without express * or implied warranty. * - * This file contains tests for the PRNG code in Kerberos. IT reads + * This file contains tests for the PRNG code in Kerberos. It reads * an input file, and writes an output file. It is assumed that the - * output file will be diffed against expected output to see whether - * regression tests pass. The input file is very primitive format. It - * is composed of alternating seeds and outputs. The first line in - * the file is an integer source Id from the krb5_c_randsource enum in - * krb5.h. Then an integer seed length is be - * read. Then that many bytes (encoded in hex) is read; whitspace or - * newlines may be inserted between bytes. Then after the seed data is - * an integer describing how many bytes of output should be written. - * Then another source ID and seed length is read. If the seed length - * is 0, the source id is ignored and the seed is not seeded. + * output file will be diffed against expected output to see whether + * regression tests pass. The input file has a very primitive format. + * It is composed of alternating seeds and outputs. The first line in + * the file is an integer source id from the krb5_c_randsource enum in + * krb5.h. Then an integer seed length is read. Then that many bytes + * (encoded in hex) are read; whitespace or newlines may be inserted + * between bytes. Then after the seed data is an integer describing + * how many bytes of output should be written. Then another source ID + * and seed length is read. If the seed length is 0, the source id is + * ignored and the seed is not seeded. */ #include "k5-int.h" From raeburn at MIT.EDU Mon Feb 2 13:29:30 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 13:29:30 -0500 (EST) Subject: svn rev #21865: trunk/src/kadmin/testing/scripts/ Message-ID: <200902021829.NAA06728@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21865 Commit By: raeburn Log Message: don't delay so long while waiting for daemon startup Changed Files: U trunk/src/kadmin/testing/scripts/start_servers_local Modified: trunk/src/kadmin/testing/scripts/start_servers_local =================================================================== --- trunk/src/kadmin/testing/scripts/start_servers_local 2009-02-02 18:14:50 UTC (rev 21864) +++ trunk/src/kadmin/testing/scripts/start_servers_local 2009-02-02 18:29:28 UTC (rev 21865) @@ -132,7 +132,7 @@ (trap "" 2; cd $TOP/../kdc; ./krb5kdc $kdc_args; touch $kdc_start_file) \ < /dev/null > $usrtmp/kdc-log.$USER 2>&1 & -s=10 +s=1 max_s=60 sofar_s=0 timewait_s=300 @@ -140,7 +140,7 @@ while true; do rm -f $adm_start_file - (sleep 5; cd $TOP/server; ./kadmind $ovadm_args; \ + (sleep 1; cd $TOP/server; ./kadmind $ovadm_args; \ touch $adm_start_file) < /dev/null > $usrtmp/kadm-log.$USER 2>&1 & # wait until they start From raeburn at MIT.EDU Mon Feb 2 13:42:18 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 13:42:18 -0500 (EST) Subject: svn rev #21866: trunk/src/lib/kadm5/unit-test/ api.0/ api.2/ Message-ID: <200902021842.NAA07050@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21866 Commit By: raeburn Log Message: ticket: 6357 subject: address lib/kadm5 test suite slowness target_version: 1.7 In mod-principal tests for clearing the principal's policy, instead of just testing to see if the wrong string is output and timing out looking for it, check also for the new expected value. Cuts test suite run time by about two minutes for each pass (client vs server). Changed Files: U trunk/src/lib/kadm5/unit-test/api.0/mod-principal.exp U trunk/src/lib/kadm5/unit-test/api.2/mod-principal.exp Modified: trunk/src/lib/kadm5/unit-test/api.0/mod-principal.exp =================================================================== --- trunk/src/lib/kadm5/unit-test/api.0/mod-principal.exp 2009-02-02 18:29:28 UTC (rev 21865) +++ trunk/src/lib/kadm5/unit-test/api.0/mod-principal.exp 2009-02-02 18:42:06 UTC (rev 21866) @@ -598,6 +598,7 @@ send "lindex \$principal 10\n" expect { -re "test-pol\n$prompt$" { fail "$test" } + -re "null\n$prompt$" { pass "$test" } timeout { pass "$test" } } send "lindex \$p1 6\n" Modified: trunk/src/lib/kadm5/unit-test/api.2/mod-principal.exp =================================================================== --- trunk/src/lib/kadm5/unit-test/api.2/mod-principal.exp 2009-02-02 18:29:28 UTC (rev 21865) +++ trunk/src/lib/kadm5/unit-test/api.2/mod-principal.exp 2009-02-02 18:42:06 UTC (rev 21866) @@ -598,6 +598,7 @@ send "lindex \$principal 10\n" expect { -re "test-pol\n$prompt$" { fail "$test" } + -re "null\n$prompt$" { pass "$test" } timeout { pass "$test" } } send "lindex \$p1 6\n" From raeburn at MIT.EDU Mon Feb 2 14:29:55 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 14:29:55 -0500 (EST) Subject: svn rev #21867: trunk/src/kadmin/passwd/unit-test/kpasswd.0/ Message-ID: <200902021929.OAA07943@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21867 Commit By: raeburn Log Message: ticket: 6358 subject: speed up kpasswd tests Reorder some tests and tune delays, so that we don't need to run for much more than twice the min-password-life interval when testing that functionality. (This could be made faster if we can assume that init_db will always have been run immediately before the tests start.) In my tests, this cuts something like 11 seconds off the run time (now down to about 65 seconds). Changed Files: U trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp Modified: trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp =================================================================== --- trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp 2009-02-02 18:42:06 UTC (rev 21866) +++ trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp 2009-02-02 19:29:52 UTC (rev 21867) @@ -12,6 +12,23 @@ # Here are the tests # +# Under "make check", init_db will just have been run and we could +# jump right into the too-soon test. But if someone is working with +# the test suite manually, init_db may have been run a while ago. +# So, force some known state, first. +verbose "(sleeping 30 seconds so pol2 password can be changed)" +sleep 30 + +test_win {pol2} {successful change} pol2 pol222222 polbbbbbb + +set pol2_time [expr 31 + [timestamp]] + +test_3pass {pol2} {D.15: too soon to change password} pol2 \ + polbbbbbb pol333333 pol333333 \ + 4 {Password cannot be changed because it was changed too recently. Please wait until .*[12][0-9][0-9][0-9] before you change it. If you need to change your password before then, contact your system security administrator.} + +# + test_3pass {test2} {D.5: different new passwords} test2 test2 test2 foobar \ 4 {New passwords do not match - password not changed.} @@ -89,17 +106,11 @@ test_win {pol1} {successful change} pol1 polBBBBBB polCCCCCC test_win {pol1} {successful change} pol1 polCCCCCC pol111111 -verbose "(sleeping 30 seconds)" -catch "exec sleep 30" +# Now delay a little longer (if needed) and try changing pol2's +# password again. +set delay [expr $pol2_time - [timestamp]] +verbose "(sleeping $delay seconds)" +sleep $delay -test_win {pol2} {successful change} pol2 pol222222 polbbbbbb +test_win {pol2} {password min life passed} pol2 polbbbbbb pol333333 -test_3pass {pol2} {D.15: too soon to change password} pol2 \ - polbbbbbb pol222222 pol222222 \ - 4 {Password cannot be changed because it was changed too recently. Please wait until .*[12][0-9][0-9][0-9] before you change it. If you need to change your password before then, contact your system security administrator.} - -verbose "(sleeping 30 seconds)" -catch "exec sleep 30" - -test_win {pol2} {password min life passed} pol2 polbbbbbb pol222222 - From raeburn at MIT.EDU Mon Feb 2 15:37:43 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 15:37:43 -0500 (EST) Subject: svn rev #21868: trunk/src/kadmin/ passwd/unit-test/kpasswd.0/ testing/scripts/ Message-ID: <200902022037.PAA09220@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21868 Commit By: raeburn Log Message: ticket: 6358 Revise last change to better resemble the original test, keeping the min-lifetime test code collected together. Change policy to have a minimum password lifetime of 10s instead of 30s, and reduce the test delays accordingly. Changed Files: U trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp U trunk/src/kadmin/testing/scripts/init_db Modified: trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp =================================================================== --- trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp 2009-02-02 19:29:52 UTC (rev 21867) +++ trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp 2009-02-02 20:37:41 UTC (rev 21868) @@ -12,23 +12,8 @@ # Here are the tests # -# Under "make check", init_db will just have been run and we could -# jump right into the too-soon test. But if someone is working with -# the test suite manually, init_db may have been run a while ago. -# So, force some known state, first. -verbose "(sleeping 30 seconds so pol2 password can be changed)" -sleep 30 +set pol2_time [timestamp] -test_win {pol2} {successful change} pol2 pol222222 polbbbbbb - -set pol2_time [expr 31 + [timestamp]] - -test_3pass {pol2} {D.15: too soon to change password} pol2 \ - polbbbbbb pol333333 pol333333 \ - 4 {Password cannot be changed because it was changed too recently. Please wait until .*[12][0-9][0-9][0-9] before you change it. If you need to change your password before then, contact your system security administrator.} - -# - test_3pass {test2} {D.5: different new passwords} test2 test2 test2 foobar \ 4 {New passwords do not match - password not changed.} @@ -106,11 +91,23 @@ test_win {pol1} {successful change} pol1 polBBBBBB polCCCCCC test_win {pol1} {successful change} pol1 polCCCCCC pol111111 -# Now delay a little longer (if needed) and try changing pol2's -# password again. -set delay [expr $pol2_time - [timestamp]] -verbose "(sleeping $delay seconds)" +# Under "make check", init_db will just have been run and we could +# jump right into the too-soon test. But if someone is working with +# the test suite manually, init_db may have been run a while ago. +# So, force some known state, first. +set delay [expr $pol2_time + 11 - [timestamp]] +verbose "(sleeping $delay seconds so pol2 password can be changed)" sleep $delay -test_win {pol2} {password min life passed} pol2 polbbbbbb pol333333 +test_win {pol2} {successful change} pol2 pol222222 polbbbbbb +test_3pass {pol2} {D.15: too soon to change password} pol2 \ + polbbbbbb pol222222 pol222222 \ + 4 {Password cannot be changed because it was changed too recently. Please wait until .*[12][0-9][0-9][0-9] before you change it. If you need to change your password before then, contact your system security administrator.} + +# Now delay a little longer (if needed) and try changing pol2's +# password again. +verbose "(sleeping 10 seconds)" +sleep 10 + +test_win {pol2} {password min life passed} pol2 polbbbbbb pol222222 Modified: trunk/src/kadmin/testing/scripts/init_db =================================================================== --- trunk/src/kadmin/testing/scripts/init_db 2009-02-02 19:29:52 UTC (rev 21867) +++ trunk/src/kadmin/testing/scripts/init_db 2009-02-02 20:37:41 UTC (rev 21868) @@ -106,7 +106,7 @@ {ovsec_kadm_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \ {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LENGTH OVSEC_KADM_PW_MIN_CLASSES OVSEC_KADM_PW_MAX_LIFE OVSEC_KADM_PW_HISTORY_NUM}} - {ovsec_kadm_create_policy $server_handle "once-a-min 30 0 0 0 0 0" \ + {ovsec_kadm_create_policy $server_handle "once-a-min 10 0 0 0 0 0" \ {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LIFE}} {ovsec_kadm_create_policy $server_handle "dict-only 0 0 0 0 0 0" \ {OVSEC_KADM_POLICY}} From raeburn at MIT.EDU Mon Feb 2 15:56:20 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 15:56:20 -0500 (EST) Subject: svn rev #21869: trunk/src/include/ Message-ID: <200902022056.PAA09639@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21869 Commit By: raeburn Log Message: Collect hairy parts of krb5_is_ macros into one helper macro. Changed Files: U trunk/src/include/k5-int.h Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-02-02 20:37:41 UTC (rev 21868) +++ trunk/src/include/k5-int.h 2009-02-02 20:56:18 UTC (rev 21869) @@ -1302,57 +1302,26 @@ */ /* allow either constructed or primitive encoding, so check for bit 6 set or reset */ -#define krb5_is_krb_ticket(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x61 ||\ - (dat)->data[0] == 0x41)) -#define krb5_is_krb_authenticator(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x62 ||\ - (dat)->data[0] == 0x42)) -#define krb5_is_as_req(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x6a ||\ - (dat)->data[0] == 0x4a)) -#define krb5_is_as_rep(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x6b ||\ - (dat)->data[0] == 0x4b)) -#define krb5_is_tgs_req(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x6c ||\ - (dat)->data[0] == 0x4c)) -#define krb5_is_tgs_rep(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x6d ||\ - (dat)->data[0] == 0x4d)) -#define krb5_is_ap_req(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x6e ||\ - (dat)->data[0] == 0x4e)) -#define krb5_is_ap_rep(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x6f ||\ - (dat)->data[0] == 0x4f)) -#define krb5_is_krb_safe(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x74 ||\ - (dat)->data[0] == 0x54)) -#define krb5_is_krb_priv(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x75 ||\ - (dat)->data[0] == 0x55)) -#define krb5_is_krb_cred(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x76 ||\ - (dat)->data[0] == 0x56)) -#define krb5_is_krb_enc_as_rep_part(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x79 ||\ - (dat)->data[0] == 0x59)) -#define krb5_is_krb_enc_tgs_rep_part(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x7a ||\ - (dat)->data[0] == 0x5a)) -#define krb5_is_krb_enc_ap_rep_part(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x7b ||\ - (dat)->data[0] == 0x5b)) -#define krb5_is_krb_enc_krb_priv_part(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x7c ||\ - (dat)->data[0] == 0x5c)) -#define krb5_is_krb_enc_krb_cred_part(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x7d ||\ - (dat)->data[0] == 0x5d)) -#define krb5_is_krb_error(dat)\ - ((dat) && (dat)->length && ((dat)->data[0] == 0x7e ||\ - (dat)->data[0] == 0x5e)) +#define krb5int_is_app_tag(dat,tag)\ + ((dat) && (dat)->length && \ + ((((dat)->data[0] & ~0x20) == ((tag) | 0x40)))) +#define krb5_is_krb_ticket(dat) krb5int_is_app_tag(dat, 1) +#define krb5_is_krb_authenticator(dat) krb5int_is_app_tag(dat, 2) +#define krb5_is_as_req(dat) krb5int_is_app_tag(dat, 10) +#define krb5_is_as_rep(dat) krb5int_is_app_tag(dat, 11) +#define krb5_is_tgs_req(dat) krb5int_is_app_tag(dat, 12) +#define krb5_is_tgs_rep(dat) krb5int_is_app_tag(dat, 13) +#define krb5_is_ap_req(dat) krb5int_is_app_tag(dat, 14) +#define krb5_is_ap_rep(dat) krb5int_is_app_tag(dat, 15) +#define krb5_is_krb_safe(dat) krb5int_is_app_tag(dat, 20) +#define krb5_is_krb_priv(dat) krb5int_is_app_tag(dat, 21) +#define krb5_is_krb_cred(dat) krb5int_is_app_tag(dat, 22) +#define krb5_is_krb_enc_as_rep_part(dat) krb5int_is_app_tag(dat, 25) +#define krb5_is_krb_enc_tgs_rep_part(dat) krb5int_is_app_tag(dat, 26) +#define krb5_is_krb_enc_ap_rep_part(dat) krb5int_is_app_tag(dat, 27) +#define krb5_is_krb_enc_krb_priv_part(dat) krb5int_is_app_tag(dat, 28) +#define krb5_is_krb_enc_krb_cred_part(dat) krb5int_is_app_tag(dat, 29) +#define krb5_is_krb_error(dat) krb5int_is_app_tag(dat, 30) /************************************************************************* * Prototypes for krb5_encode.c From raeburn at MIT.EDU Mon Feb 2 16:13:46 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 16:13:46 -0500 (EST) Subject: svn rev #21870: trunk/src/ appl/gssftp/ftp/ appl/gssftp/ftpd/ kadmin/ktutil/ ... Message-ID: <200902022113.QAA10117@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21870 Commit By: raeburn Log Message: Get rid of casts of free() argument to char*, except where it's casting away const (so as to make this change warning-neutral), and in unicode source (which we may want to keep in sync with another source), and krb5_xfree macro (to be handled separately). Changed Files: U trunk/src/appl/gssftp/ftp/cmds.c U trunk/src/appl/gssftp/ftpd/ftpcmd.y U trunk/src/appl/gssftp/ftpd/popen.c U trunk/src/kadmin/ktutil/ktutil_funcs.c U trunk/src/kdc/kdc_util.c U trunk/src/lib/krb5/ccache/cc_file.c U trunk/src/lib/krb5/ccache/cc_keyring.c U trunk/src/lib/krb5/krb/copy_princ.c U trunk/src/lib/krb5/krb/parse.c U trunk/src/lib/krb5/rcache/rc_base.c U trunk/src/lib/krb5/rcache/rc_conv.c U trunk/src/lib/krb5/rcache/rc_io.c U trunk/src/tests/verify/kdb5_verify.c U trunk/src/util/ss/invocation.c Modified: trunk/src/appl/gssftp/ftp/cmds.c =================================================================== --- trunk/src/appl/gssftp/ftp/cmds.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/appl/gssftp/ftp/cmds.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -796,7 +796,7 @@ printf("%s\n", globerr); if (gargs) { blkfree(gargs); - free((char *)gargs); + free(gargs); } continue; } @@ -818,7 +818,7 @@ } if (gargs != NULL) { blkfree(gargs); - free((char *)gargs); + free(gargs); } } (void) signal(SIGINT, oldintr); @@ -1959,7 +1959,7 @@ printf("%s: %s\n", *cpp, globerr); if (globbed) { blkfree(globbed); - free((char *)globbed); + free(globbed); } return (0); } @@ -1969,7 +1969,7 @@ /* don't waste too much memory */ if (*globbed) { blkfree(globbed1); - free((char *)globbed); + free(globbed); } } return (1); Modified: trunk/src/appl/gssftp/ftpd/ftpcmd.y =================================================================== --- trunk/src/appl/gssftp/ftpd/ftpcmd.y 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/appl/gssftp/ftpd/ftpcmd.y 2009-02-02 21:13:42 UTC (rev 21870) @@ -200,12 +200,12 @@ cmd: USER SP username CRLF { user((char *) $3); - free((char *) $3); + free($3); } | PASS SP password CRLF { pass((char *) $3); - free((char *) $3); + free($3); } | PORT SP host_port CRLF { @@ -349,21 +349,21 @@ if ($2 && $4 != NULL) retrieve((char *) 0, (char *) $4); if ($4 != NULL) - free((char *) $4); + free($4); } | STOR check_login SP pathname CRLF { if ($2 && $4 != NULL) store_file((char *) $4, "w", 0); if ($4 != NULL) - free((char *) $4); + free($4); } | APPE check_login SP pathname CRLF { if ($2 && $4 != NULL) store_file((char *) $4, "a", 0); if ($4 != NULL) - free((char *) $4); + free($4); } | NLST check_login CRLF { @@ -375,7 +375,7 @@ if ($2 && $4 != NULL) send_file_list((char *) $4); if ($4 != NULL) - free((char *) $4); + free($4); } | LIST check_login CRLF { @@ -387,14 +387,14 @@ if ($2 && $4 != NULL) retrieve("/bin/ls -lgA %s", (char *) $4); if ($4 != NULL) - free((char *) $4); + free($4); } | STAT check_login SP pathname CRLF { if ($2 && $4 != NULL) statfilecmd((char *) $4); if ($4 != NULL) - free((char *) $4); + free($4); } | STAT CRLF { @@ -405,7 +405,7 @@ if ($2 && $4 != NULL) delete_file((char *) $4); if ($4 != NULL) - free((char *) $4); + free($4); } | RNTO SP pathname CRLF { @@ -416,7 +416,7 @@ } else { reply(503, "Bad sequence of commands."); } - free((char *) $3); + free($3); } | ABOR CRLF { @@ -432,7 +432,7 @@ if ($2 && $4 != NULL) cwd((char *) $4); if ($4 != NULL) - free((char *) $4); + free($4); } | HELP CRLF { @@ -462,14 +462,14 @@ if ($2 && $4 != NULL) makedir((char *) $4); if ($4 != NULL) - free((char *) $4); + free($4); } | RMD nonguest SP pathname CRLF { if ($2 && $4 != NULL) removedir((char *) $4); if ($4 != NULL) - free((char *) $4); + free($4); } | PWD check_login CRLF { @@ -526,7 +526,7 @@ reply(200, "CHMOD command successful."); } if ($8 != NULL) - free((char *) $8); + free($8); } | SITE SP IDLE CRLF { @@ -553,7 +553,7 @@ if ($2 && $4 != NULL) store_file((char *) $4, "w", 1); if ($4 != NULL) - free((char *) $4); + free($4); } | SYST CRLF { @@ -584,7 +584,7 @@ if ($2 && $4 != NULL) sizecmd((char *) $4); if ($4 != NULL) - free((char *) $4); + free($4); } /* @@ -617,7 +617,7 @@ } } if ($4 != NULL) - free((char *) $4); + free($4); } | AUTH SP STRING CRLF { @@ -626,7 +626,7 @@ | ADAT SP STRING CRLF { auth_data((char *) $3); - free((char *) $3); + free($3); } | QUIT CRLF { @@ -644,7 +644,7 @@ if ($2 && $4) { fromname = renamefrom((char *) $4); if (fromname == (char *) 0 && $4) { - free((char *) $4); + free($4); } } } @@ -803,10 +803,10 @@ $$ = $1; else { reply(550, "%s", globerr); - free((char *) $1); + free($1); } } else - free((char *) $1); + free($1); } else $$ = $1; } Modified: trunk/src/appl/gssftp/ftpd/popen.c =================================================================== --- trunk/src/appl/gssftp/ftpd/popen.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/appl/gssftp/ftpd/popen.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -142,7 +142,7 @@ pfree: for (argc = 1; argv[argc] != NULL; argc++) { blkfree((char **)argv[argc]); - free((char *)argv[argc]); + free(argv[argc]); } return(iop); } Modified: trunk/src/kadmin/ktutil/ktutil_funcs.c =================================================================== --- trunk/src/kadmin/ktutil/ktutil_funcs.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/kadmin/ktutil/ktutil_funcs.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -43,12 +43,12 @@ for (lp = list; lp;) { retval = krb5_kt_free_entry(context, lp->entry); - free((char *)lp->entry); + free(lp->entry); if (retval) break; prev = lp; lp = lp->next; - free((char *)prev); + free(prev); } return retval; } @@ -283,7 +283,7 @@ lp->entry = entry; } if (entry) - free((char *)entry); + free(entry); if (retval) { if (retval == KRB5_KT_END) retval = 0; Modified: trunk/src/kdc/kdc_util.c =================================================================== --- trunk/src/kdc/kdc_util.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/kdc/kdc_util.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -145,7 +145,7 @@ *retdata[i] = **ptr; if (!(retdata[i]->contents = (krb5_octet *)malloc(retdata[i]->length))) { - free((char *)retdata[i]); + free(retdata[i]); retdata[i] = 0; krb5_free_authdata(kdc_context, retdata); return ENOMEM; Modified: trunk/src/lib/krb5/ccache/cc_file.c =================================================================== --- trunk/src/lib/krb5/ccache/cc_file.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/lib/krb5/ccache/cc_file.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -506,7 +506,7 @@ } tmpprinc->data = ALLOC (msize, krb5_data); if (tmpprinc->data == 0) { - free((char *)tmpprinc); + free(tmpprinc); return KRB5_CC_NOMEM; } } else @@ -531,8 +531,8 @@ while(--i >= 0) free(krb5_princ_component(context, tmpprinc, i)->data); free(krb5_princ_realm(context, tmpprinc)->data); - free((char *)tmpprinc->data); - free((char *)tmpprinc); + free(tmpprinc->data); + free(tmpprinc); return kret; } Modified: trunk/src/lib/krb5/ccache/cc_keyring.c =================================================================== --- trunk/src/lib/krb5/ccache/cc_keyring.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/lib/krb5/ccache/cc_keyring.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -1388,7 +1388,7 @@ } tmpprinc->data = ALLOC(msize, krb5_data); if (tmpprinc->data == 0) { - free((char *) tmpprinc); + free(tmpprinc); return KRB5_CC_NOMEM; } } else @@ -1415,8 +1415,8 @@ while (--i >= 0) free(krb5_princ_component(context, tmpprinc, i)->data); free(krb5_princ_realm(context, tmpprinc)->data); - free((char *) tmpprinc->data); - free((char *) tmpprinc); + free(tmpprinc->data); + free(tmpprinc); return kret; } Modified: trunk/src/lib/krb5/krb/copy_princ.c =================================================================== --- trunk/src/lib/krb5/krb/copy_princ.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/lib/krb5/krb/copy_princ.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -49,7 +49,7 @@ tempprinc->data = malloc(nelems * sizeof(krb5_data)); if (tempprinc->data == 0) { - free((char *)tempprinc); + free(tempprinc); return ENOMEM; } Modified: trunk/src/lib/krb5/krb/parse.c =================================================================== --- trunk/src/lib/krb5/krb/parse.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/lib/krb5/krb/parse.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -148,7 +148,7 @@ } principal->data = (krb5_data *) malloc(sizeof(krb5_data) * components); if (principal->data == NULL) { - free((char *)principal); + free(principal); return ENOMEM; } principal->length = components; @@ -170,7 +170,7 @@ retval = krb5_get_default_realm(context, &default_realm); if (retval) { free(principal->data); - free((char *)principal); + free(principal); return(retval); } default_realm_size = strlen(default_realm); Modified: trunk/src/lib/krb5/rcache/rc_base.c =================================================================== --- trunk/src/lib/krb5/rcache/rc_base.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/lib/krb5/rcache/rc_base.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -15,8 +15,6 @@ #include "rc-int.h" #include "k5-thread.h" -#define FREE(x) ((void) free((char *) (x))) - struct krb5_rc_typelist { const krb5_rc_ops *ops; struct krb5_rc_typelist *next; @@ -119,13 +117,13 @@ if ((retval = krb5_rc_resolve_type(context, id, krb5_rc_default_type(context)))) { - FREE(*id); + free(*id); return retval; } if ((retval = krb5_rc_resolve(context, *id, krb5_rc_default_name(context)))) { k5_mutex_destroy(&(*id)->lock); - FREE(*id); + free(*id); return retval; } (*id)->magic = KV5M_RCACHE; @@ -154,19 +152,19 @@ type[residual - string_name] = '\0'; if (!(id = (krb5_rcache) malloc(sizeof(*id)))) { - FREE(type); + free(type); return KRB5_RC_MALLOC; } if ((retval = krb5_rc_resolve_type(context, &id,type))) { - FREE(type); - FREE(id); + free(type); + free(id); return retval; } - FREE(type); + free(type); if ((retval = krb5_rc_resolve(context, id,residual + 1))) { k5_mutex_destroy(&id->lock); - FREE(id); + free(id); return retval; } id->magic = KV5M_RCACHE; Modified: trunk/src/lib/krb5/rcache/rc_conv.c =================================================================== --- trunk/src/lib/krb5/rcache/rc_conv.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/lib/krb5/rcache/rc_conv.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -11,8 +11,6 @@ * An implementation for the default replay cache type. */ -#define FREE(x) ((void) free((char *) (x))) - #include "rc_base.h" /* @@ -31,7 +29,7 @@ return retval; /* shouldn't happen */ if ((retval = krb5_unparse_name(context, auth->authenticator->client, &rep->client))) { - FREE(rep->server); + free(rep->server); return retval; /* shouldn't happen. */ } return 0; Modified: trunk/src/lib/krb5/rcache/rc_io.c =================================================================== --- trunk/src/lib/krb5/rcache/rc_io.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/lib/krb5/rcache/rc_io.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -40,7 +40,6 @@ #error find some way to use net-byte-order file version numbers. #endif -#define FREE(x) ((void) free((char *) (x))) #define UNIQUE getpid() /* hopefully unique number */ #define GETDIR (dir = getdir(), dirlen = strlen(dir) + sizeof(PATH_SEPARATOR) - 1) @@ -205,7 +204,7 @@ if (d->fn) { if (!do_not_unlink) (void) unlink(d->fn); - FREE(d->fn); + free(d->fn); d->fn = NULL; } if (d->fd != -1) { @@ -299,7 +298,7 @@ if (d->fn) { if (!do_not_unlink) (void) unlink(d->fn); - FREE(d->fn); + free(d->fn); d->fn = NULL; } if (d->fd >= 0) @@ -470,7 +469,7 @@ krb5_rc_io_close(krb5_context context, krb5_rc_iostuff *d) { if (d->fn != NULL) { - FREE(d->fn); + free(d->fn); d->fn = NULL; } if (d->fd != -1) { Modified: trunk/src/tests/verify/kdb5_verify.c =================================================================== --- trunk/src/tests/verify/kdb5_verify.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/tests/verify/kdb5_verify.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -303,8 +303,8 @@ } } - free((char *)pwd_key.contents); - free((char *)db_key.contents); + free(pwd_key.contents); + free(db_key.contents); if (kdbe.key_data[0].key_data_kvno != 1) { fprintf(stderr,"\tkvno did not match stored value for %s.\n", princ_name); Modified: trunk/src/util/ss/invocation.c =================================================================== --- trunk/src/util/ss/invocation.c 2009-02-02 20:56:18 UTC (rev 21869) +++ trunk/src/util/ss/invocation.c 2009-02-02 21:13:42 UTC (rev 21870) @@ -125,6 +125,6 @@ free(t->rqt_tables); while(t->info_dirs[0] != (char *)NULL) ss_delete_info_dir(sci_idx, t->info_dirs[0], &ignored_code); - free((char *)t->info_dirs); - free((char *)t); + free(t->info_dirs); + free(t); } From tsitkova at MIT.EDU Mon Feb 2 16:34:20 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Mon, 2 Feb 2009 16:34:20 -0500 (EST) Subject: svn rev #21871: trunk/src/include/ Message-ID: <200902022134.QAA10571@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21871 Commit By: tsitkova Log Message: Introduces macros for config parameters. Changed Files: U trunk/src/include/k5-int.h Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-02-02 21:13:42 UTC (rev 21870) +++ trunk/src/include/k5-int.h 2009-02-02 21:34:19 UTC (rev 21871) @@ -179,6 +179,83 @@ /* Get string buffer support. */ #include "k5-buf.h" +/* cofiguration variables */ +#define KRB5_CONF_ACL_FILE "acl_file" +#define KRB5_CONF_ADMIN_KEYTAB "admin_keytab" +#define KRB5_CONF_ADMIN_SERVER "admin_server" +#define KRB5_CONF_ALLOW_WEAK_CRYPTO "allow_weak_crypto" +#define KRB5_CONF_AP_REQ_CHECKSUM_TYPE "ap_req_checksum_type" +#define KRB5_CONF_CCACHE_TYPE "ccache_type" +#define KRB5_CONF_CLOCKSKEW "clockskew" +#define KRB5_CONF_DATABASE_NAME "database_name" +#define KRB5_CONF_DB_MODULE_DIR "db_module_dir" +#define KRB5_CONF_DB_MODULES "db_modules" +#define KRB5_CONF_DOMAIN_REALM "domain_realm" +#define KRB5_CONF_DEFAULT_REALM "default_realm" +#define KRB5_CONF_DEFAULT_TKT_ENCTYPES "default_tkt_enctypes" +#define KRB5_CONF_DEFAULT_TGS_ENCTYPES "default_tgs_enctypes" +#define KRB5_CONF_DEFAULT_KEYTAB_NAME "default_keytab_name" +#define KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION "default_principal_expiration" +#define KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS "default_principal_flags" +#define KRB5_CONF_DICT_FILE "dict_file" +#define KRB5_CONF_DNS_LOOKUP_KDC "dns_lookup_kdc" +#define KRB5_CONF_DNS_LOOKUP_REALM "dns_lookup_realm" +#define KRB5_CONF_DNS_FALLBACK "dns_fallback" +#edefine KRB5_CONF_EXTRA_ADDRESSES "extra_addresses" +#define KRB5_CONF_HOST_BASED_SERVICES "host_based_services" +#define KRB5_CONF_IPROP_ENABLE "iprop_enable" +#define KRB5_CONF_IPROP_MASTER_ULOGSIZE "iprop_master_ulogsize" +#define KRB5_CONF_IPROP_PORT "iprop_port" +#define KRB5_CONF_IPROP_SLAVE_POLL "iprop_slave_poll" +#define KRB5_CONF_IPROP_LOGFILE "iprop_logfile" +#define KRB5_CONF_KADMIND_PORT "kadmind_port" +#define KRB5_CONF_KRB524_SERVER "krb524_server" +#define KRB5_CONF_KDC "kdc" +#define KRB5_CONF_KDCDEFAULTS "kdcdefaults" +#define KRB5_CONF_KDC_PORTS "kdc_ports" +#define KRB5_CONF_TCP_PORTS "kdc_tcp_ports" +#define KRB5_CONF_MAX_DGRAM_REPLY_SIZE "kdc_max_dgram_reply_size" +#define KRB5_CONF_KDC_DEFAULT_OPTIONS "kdc_default_options" +#define KRB5_CONF_KDC_TIMESYNC "kdc_timesync" +#define KRB5_CONF_KDC_REQ_CHECKSUM_TYPE "kdc_req_checksum_type" +#define KRB5_CONF_KEY_STASH_FILE "key_stash_file" +#define KRB5_CONF_KPASSWD_PORT "kpasswd_port" +#define KRB5_CONF_KPASSWD_SERVER "kpasswd_server" +#define KRB5_CONF_LIBDEFAULTS "libdefaults" +#define KRB5_CONF_LDAP_KDC_DN "ldap_kdc_dn" +#define KRB5_CONF_LDAP_KADMIN_DN "ldap_kadmind_dn" +#define KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE "ldap_service_password_file" +#define KRB5_CONF_LDAP_SERVERS "ldap_servers" +#define KRB5_CONF_LDAP_CONNS_PER_SERVER "ldap_conns_per_server" +#define KRB5_CONF_NO_HOST_REFERRAL "no_host_referral" +#define KRB5_CONF_MASTER_KEY_NAME "master_key_name" +#define KRB5_CONF_MASTER_KEY_TYPE "master_key_type" +#define KRB5_CONF_MASTER_KDC "master_kdc" +#define KRB5_CONF_MAX_LIFE "max_life" +#define KRB5_CONF_MAX_RENEWABLE_LIFE "max_renewable_life" +#define KRB5_CONF_NOADDRESS "noaddresses" +#define KRB5_CONF_PERMITTED_ENCTYPES "permitted_enctypes" +#define KRB5_CONF_PKINIT_ANCHORS "pkinit_anchors" +#define KRB5_CONF_PKINIT_IDENTITY "pkinit_identity" +#define KRB5_CONF_PKINIT_KDC_OCSP "pkinit_kdc_ocsp" +#define KRB5_CONF_PKINIT_POOL "pkinit_pool" +#define KRB5_CONF_PKINIT_REVOKE "pkinit_revoke" +#define KRB5_CONF_PKINIT_MAPPING_FILE "pkinit_mappings_file" +#define KRB5_CONF_PKINIT_DH_MIN_BITS "pkinit_dh_min_bits" +#define KRB5_CONF_PKINIT_ALLOW_UPN "pkinit_allow_upn" +#define KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING "pkinit_require_crl_checking" +#define KRB5_CONF_PKINIT_EKU_CHECKING "pkinit_eku_checking" +#define KRB5_CONF_RDNS "rdns" +#define KRB5_CONF_REALMS "realms" +#define KRB5_CONF_REALM_TRY_DOMAINS "realm_try_domains" +#define KRB5_CONF_REJECT_BAD_TRANSIT "reject_bad_transit" +#define KRB5_CONF_SAFE_CHECKSUM_TYPE "safe_checksum_type" +#define KRB5_CONF_SUPPORTED_ENCTYPES "supported_enctypes" +#define KRB5_CONF_UDP_PREFERENCE_LIMIT "udp_preference_limit" +#define KRB5_CONF_V4_INSTANCE_CONVERT "v4_instance_convert" +#define KRB5_CONF_V4_REALM "v4_realm" +#define KRB5_CONF_ASTERISK "*" + /* Error codes used in KRB_ERROR protocol messages. Return values of library routines are based on a different error table (which allows non-ambiguous error codes between subsystems) */ From ghudson at MIT.EDU Mon Feb 2 16:53:17 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 2 Feb 2009 16:53:17 -0500 (EST) Subject: svn rev #21872: trunk/src/include/ Message-ID: <200902022153.QAA11098@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21872 Commit By: ghudson Log Message: Fix a typo in the defines added to k5-int.h. Changed Files: U trunk/src/include/k5-int.h Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-02-02 21:34:19 UTC (rev 21871) +++ trunk/src/include/k5-int.h 2009-02-02 21:53:16 UTC (rev 21872) @@ -201,7 +201,7 @@ #define KRB5_CONF_DNS_LOOKUP_KDC "dns_lookup_kdc" #define KRB5_CONF_DNS_LOOKUP_REALM "dns_lookup_realm" #define KRB5_CONF_DNS_FALLBACK "dns_fallback" -#edefine KRB5_CONF_EXTRA_ADDRESSES "extra_addresses" +#define KRB5_CONF_EXTRA_ADDRESSES "extra_addresses" #define KRB5_CONF_HOST_BASED_SERVICES "host_based_services" #define KRB5_CONF_IPROP_ENABLE "iprop_enable" #define KRB5_CONF_IPROP_MASTER_ULOGSIZE "iprop_master_ulogsize" From ghudson at MIT.EDU Mon Feb 2 16:55:14 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 2 Feb 2009 16:55:14 -0500 (EST) Subject: svn rev #21873: trunk/src/include/ Message-ID: <200902022155.QAA11216@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21873 Commit By: ghudson Log Message: Fix a whitespace error introduced when fixing a typo in the defines added to k5-int.h. Changed Files: U trunk/src/include/k5-int.h Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-02-02 21:53:16 UTC (rev 21872) +++ trunk/src/include/k5-int.h 2009-02-02 21:55:13 UTC (rev 21873) @@ -201,7 +201,7 @@ #define KRB5_CONF_DNS_LOOKUP_KDC "dns_lookup_kdc" #define KRB5_CONF_DNS_LOOKUP_REALM "dns_lookup_realm" #define KRB5_CONF_DNS_FALLBACK "dns_fallback" -#define KRB5_CONF_EXTRA_ADDRESSES "extra_addresses" +#define KRB5_CONF_EXTRA_ADDRESSES "extra_addresses" #define KRB5_CONF_HOST_BASED_SERVICES "host_based_services" #define KRB5_CONF_IPROP_ENABLE "iprop_enable" #define KRB5_CONF_IPROP_MASTER_ULOGSIZE "iprop_master_ulogsize" From raeburn at MIT.EDU Mon Feb 2 17:28:35 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 17:28:35 -0500 (EST) Subject: svn rev #21874: trunk/src/lib/gssapi/krb5/ Message-ID: <200902022228.RAA11831@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21874 Commit By: raeburn Log Message: TWRITE_STR casts second argument; don't add redundant casting. Changed Files: U trunk/src/lib/gssapi/krb5/init_sec_context.c Modified: trunk/src/lib/gssapi/krb5/init_sec_context.c =================================================================== --- trunk/src/lib/gssapi/krb5/init_sec_context.c 2009-02-02 21:55:13 UTC (rev 21873) +++ trunk/src/lib/gssapi/krb5/init_sec_context.c 2009-02-02 22:28:34 UTC (rev 21874) @@ -252,7 +252,7 @@ ptr = (unsigned char *)data->checksum_data.data; TWRITE_INT(ptr, data->md5.length, 0); - TWRITE_STR(ptr, (unsigned char *) data->md5.contents, data->md5.length); + TWRITE_STR(ptr, data->md5.contents, data->md5.length); TWRITE_INT(ptr, data->ctx->gss_flags, 0); /* done with this, free it */ @@ -261,7 +261,7 @@ if (credmsg.data) { TWRITE_INT16(ptr, KRB5_GSS_FOR_CREDS_OPTION, 0); TWRITE_INT16(ptr, credmsg.length, 0); - TWRITE_STR(ptr, (unsigned char *) credmsg.data, credmsg.length); + TWRITE_STR(ptr, credmsg.data, credmsg.length); /* free credmsg data */ krb5_free_data_contents(context, &credmsg); @@ -365,7 +365,7 @@ g_make_token_header(mech_type, ap_req.length, &ptr, KG_TOK_CTX_AP_REQ); - TWRITE_STR(ptr, (unsigned char *) ap_req.data, ap_req.length); + TWRITE_STR(ptr, ap_req.data, ap_req.length); /* pass it back */ From raeburn at MIT.EDU Mon Feb 2 18:41:55 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 2 Feb 2009 18:41:55 -0500 (EST) Subject: svn rev #21875: trunk/src/ appl/bsd/ appl/gss-sample/ appl/gssftp/ftp/ appl/gssftp/ftpd/ ... Message-ID: <200902022341.SAA14199@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21875 Commit By: raeburn Log Message: Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except unicode, windows code. Changed Files: U trunk/src/appl/bsd/krcp.c U trunk/src/appl/bsd/krlogind.c U trunk/src/appl/bsd/krshd.c U trunk/src/appl/gss-sample/gss-client.c U trunk/src/appl/gssftp/ftp/ftp.c U trunk/src/appl/gssftp/ftpd/ftpd.c U trunk/src/appl/gssftp/ftpd/popen.c U trunk/src/appl/simple/client/sim_client.c U trunk/src/appl/simple/server/sim_server.c U trunk/src/appl/telnet/libtelnet/auth.c U trunk/src/appl/telnet/libtelnet/enc_des.c U trunk/src/appl/telnet/libtelnet/kerberos5.c U trunk/src/appl/telnet/telnet/commands.c U trunk/src/appl/telnet/telnet/general.h U trunk/src/appl/telnet/telnet/ring.c U trunk/src/appl/telnet/telnetd/sys_term.c U trunk/src/appl/telnet/telnetd/telnetd-ktd.c U trunk/src/appl/telnet/telnetd/telnetd.c U trunk/src/appl/telnet/telnetd/termstat.c U trunk/src/appl/user_user/client.c U trunk/src/appl/user_user/server.c U trunk/src/clients/ksu/ccache.c U trunk/src/clients/ksu/heuristic.c U trunk/src/clients/ksu/krb_auth_su.c U trunk/src/kadmin/cli/kadmin.c U trunk/src/kadmin/cli/keytab.c U trunk/src/kadmin/dbutil/dump.c U trunk/src/kadmin/dbutil/kdb5_create.c U trunk/src/kadmin/dbutil/kdb5_mkey.c U trunk/src/kadmin/dbutil/kdb5_util.c U trunk/src/kadmin/ktutil/ktutil_funcs.c U trunk/src/kadmin/server/ipropd_svc.c U trunk/src/kadmin/server/kadm_rpc_svc.c U trunk/src/kadmin/server/ovsec_kadmd.c U trunk/src/kdc/kdc_util.c U trunk/src/kdc/main.c U trunk/src/lib/crypto/des/afsstring2key.c U trunk/src/lib/gssapi/generic/gssapiP_generic.h U trunk/src/lib/gssapi/krb5/init_sec_context.c U trunk/src/lib/gssapi/krb5/util_crypt.c U trunk/src/lib/gssapi/spnego/spnego_mech.c U trunk/src/lib/kadm5/alt_prof.c U trunk/src/lib/kadm5/clnt/client_init.c U trunk/src/lib/kadm5/clnt/client_rpc.c U trunk/src/lib/kadm5/kadm_rpc_xdr.c U trunk/src/lib/kadm5/srv/server_acl.c U trunk/src/lib/kadm5/srv/server_init.c U trunk/src/lib/kadm5/srv/svr_principal.c U trunk/src/lib/kadm5/unit-test/setkey-test.c U trunk/src/lib/kdb/kdb_cpw.c U trunk/src/lib/kdb/kdb_default.c U trunk/src/lib/krb5/asn.1/asn1glue.h U trunk/src/lib/krb5/ccache/cc_file.c U trunk/src/lib/krb5/krb/auth_con.c U trunk/src/lib/krb5/krb/copy_addrs.c U trunk/src/lib/krb5/krb/copy_auth.c U trunk/src/lib/krb5/krb/copy_cksum.c U trunk/src/lib/krb5/krb/copy_data.c U trunk/src/lib/krb5/krb/copy_key.c U trunk/src/lib/krb5/krb/copy_tick.c U trunk/src/lib/krb5/krb/cp_key_cnt.c U trunk/src/lib/krb5/krb/fwd_tgt.c U trunk/src/lib/krb5/krb/get_creds.c U trunk/src/lib/krb5/krb/get_in_tkt.c U trunk/src/lib/krb5/krb/kfree.c U trunk/src/lib/krb5/krb/mk_priv.c U trunk/src/lib/krb5/krb/mk_req.c U trunk/src/lib/krb5/krb/mk_safe.c U trunk/src/lib/krb5/krb/rd_safe.c U trunk/src/lib/krb5/krb/recvauth.c U trunk/src/lib/krb5/krb/send_tgs.c U trunk/src/lib/krb5/krb/sendauth.c U trunk/src/lib/krb5/krb/t_ser.c U trunk/src/lib/krb5/os/full_ipadr.c U trunk/src/lib/krb5/os/gen_port.c U trunk/src/lib/krb5/os/mk_faddr.c U trunk/src/lib/krb5/os/port2ip.c U trunk/src/lib/rpc/auth_gssapi.c U trunk/src/lib/rpc/get_myaddress.c U trunk/src/lib/rpc/svc_auth_gssapi.c U trunk/src/lib/rpc/svc_tcp.c U trunk/src/lib/rpc/svc_udp.c U trunk/src/lib/rpc/unit-test/rpc_test_clnt.c U trunk/src/lib/rpc/unit-test/rpc_test_svc.c U trunk/src/plugins/kdb/db2/kdb_db2.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c U trunk/src/slave/kprop.c U trunk/src/slave/kpropd.c U trunk/src/slave/kpropd_rpc.c U trunk/src/slave/kproplog.c U trunk/src/tests/create/kdb5_mkdums.c U trunk/src/tests/gss-threads/gss-client.c U trunk/src/tests/hammer/kdc5_hammer.c U trunk/src/tests/misc/test_getsockname.c U trunk/src/tests/verify/kdb5_verify.c Modified: trunk/src/appl/bsd/krcp.c =================================================================== --- trunk/src/appl/bsd/krcp.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/bsd/krcp.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -1300,7 +1300,7 @@ exit(1); } - memset ((char*)&creds, 0, sizeof(creds)); + memset (&creds, 0, sizeof(creds)); if ((status = krb5_read_message(bsd_context, (krb5_pointer)&rem, &pname_data))) Modified: trunk/src/appl/bsd/krlogind.c =================================================================== --- trunk/src/appl/bsd/krlogind.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/bsd/krlogind.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -469,7 +469,7 @@ fprintf(stderr, "Error in socket: %s\n", strerror(errno)); exit(2); } - memset((char *) &sock_in, 0,sizeof(sock_in)); + memset(&sock_in, 0,sizeof(sock_in)); sock_in.sin_family = AF_INET; sock_in.sin_port = htons(debug_port); sock_in.sin_addr.s_addr = INADDR_ANY; @@ -920,7 +920,7 @@ return (0); #ifdef TIOCSWINSZ oobdata[0] &= ~TIOCPKT_WINDOW; /* we know he heard */ - memcpy((char *)&w,cp+4, sizeof(w)); + memcpy(&w, cp+4, sizeof(w)); w.ws_row = ntohs(w.ws_row); w.ws_col = ntohs(w.ws_col); w.ws_xpixel = ntohs(w.ws_xpixel); Modified: trunk/src/appl/bsd/krshd.c =================================================================== --- trunk/src/appl/bsd/krshd.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/bsd/krshd.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -1950,7 +1950,7 @@ exit(2); } - memset((char *) &sock_in6, 0,sizeof(sock_in6)); + memset(&sock_in6, 0,sizeof(sock_in6)); sock_in6.sin6_family = AF_INET6; sock_in6.sin6_port = htons(debug_port); sock_in6.sin6_addr = in6addr_any; @@ -1982,7 +1982,7 @@ exit(2); } - memset((char *) &sock_in, 0,sizeof(sock_in)); + memset(&sock_in, 0,sizeof(sock_in)); sock_in.sin_family = AF_INET; sock_in.sin_port = htons(debug_port); sock_in.sin_addr.s_addr = INADDR_ANY; Modified: trunk/src/appl/gss-sample/gss-client.c =================================================================== --- trunk/src/appl/gss-sample/gss-client.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/gss-sample/gss-client.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -114,7 +114,7 @@ } saddr.sin_family = hp->h_addrtype; - memcpy((char *) &saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr)); + memcpy(&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr)); saddr.sin_port = htons(port); if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { Modified: trunk/src/appl/gssftp/ftp/ftp.c =================================================================== --- trunk/src/appl/gssftp/ftp/ftp.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/gssftp/ftp/ftp.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -196,7 +196,7 @@ #endif static char hostnamebuf[80]; - memset((char *)&hisctladdr, 0, sizeof (hisctladdr)); + memset(&hisctladdr, 0, sizeof (hisctladdr)); hisctladdr.sin_addr.s_addr = inet_addr(host); if (hisctladdr.sin_addr.s_addr != -1) { hisctladdr.sin_family = AF_INET; Modified: trunk/src/appl/gssftp/ftpd/ftpd.c =================================================================== --- trunk/src/appl/gssftp/ftpd/ftpd.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/gssftp/ftpd/ftpd.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -869,7 +869,7 @@ char ccname[MAXPATHLEN]; #ifdef GSSAPI - memset((char *)&my_creds, 0, sizeof(my_creds)); + memset(&my_creds, 0, sizeof(my_creds)); if (krb5_parse_name(kcontext, name, &me)) return 0; my_creds.client = me; Modified: trunk/src/appl/gssftp/ftpd/popen.c =================================================================== --- trunk/src/appl/gssftp/ftpd/popen.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/gssftp/ftpd/popen.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -78,7 +78,7 @@ return(NULL); if ((pids = (int *)malloc((u_int)(fds * sizeof(int)))) == NULL) return(NULL); - memset((char *)pids, 0, fds * sizeof(int)); + memset(pids, 0, fds * sizeof(int)); } if (pipe(pdes) < 0) return(NULL); Modified: trunk/src/appl/simple/client/sim_client.c =================================================================== --- trunk/src/appl/simple/client/sim_client.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/simple/client/sim_client.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -161,9 +161,9 @@ *cp = tolower((int) *cp); /* Set server's address */ - (void) memset((char *)&s_sock, 0, sizeof(s_sock)); + (void) memset(&s_sock, 0, sizeof(s_sock)); - memcpy((char *)&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); + memcpy(&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); #ifdef DEBUG printf("s_sock.sin_addr is %s\n", inet_ntoa(s_sock.sin_addr)); #endif @@ -186,7 +186,7 @@ exit(1); } - memset((char *)&c_sock, 0, sizeof(c_sock)); + memset(&c_sock, 0, sizeof(c_sock)); c_sock.sin_family = AF_INET; #ifdef BROKEN_STREAMS_SOCKETS if (gethostname(my_hostname, sizeof(my_hostname)) < 0) { @@ -198,7 +198,7 @@ fprintf(stderr, "%s: unknown host\n", hostname); exit(1); } - memcpy((char *)&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr)); + memcpy(&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr)); #endif @@ -243,7 +243,7 @@ /* PREPARE KRB_SAFE MESSAGE */ /* Get my address */ - memset((char *) &c_sock, 0, sizeof(c_sock)); + memset(&c_sock, 0, sizeof(c_sock)); len = sizeof(c_sock); if (getsockname(sock, (struct sockaddr *)&c_sock, &len) < 0) { com_err(progname, errno, "while getting socket name"); Modified: trunk/src/appl/simple/server/sim_server.c =================================================================== --- trunk/src/appl/simple/server/sim_server.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/simple/server/sim_server.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -132,7 +132,7 @@ } /* Set up server address */ - memset((char *)&s_sock, 0, sizeof(s_sock)); + memset(&s_sock, 0, sizeof(s_sock)); s_sock.sin_family = AF_INET; if (port == 0) { @@ -155,7 +155,7 @@ fprintf(stderr, "%s: host unknown\n", full_hname); exit(1); } - memcpy((char *)&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); + memcpy(&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); /* Open socket */ if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { Modified: trunk/src/appl/telnet/libtelnet/auth.c =================================================================== --- trunk/src/appl/telnet/libtelnet/auth.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/telnet/libtelnet/auth.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -383,8 +383,7 @@ auth_send_cnt = cnt; if (auth_send_cnt > sizeof(_auth_send_data)) auth_send_cnt = sizeof(_auth_send_data); - memcpy((void *)_auth_send_data, (void *)data, - (unsigned) auth_send_cnt); + memcpy(_auth_send_data, data, (unsigned) auth_send_cnt); auth_send_data = _auth_send_data; auth_send_retry(); @@ -510,7 +509,7 @@ Name, cnt, (int) sizeof(savename)-1); return; } - memcpy((void *)savename, (void *)data, (unsigned) cnt); + memcpy(savename, data, (unsigned) cnt); savename[cnt] = '\0'; /* Null terminate */ if (auth_debug_mode) printf(">>>%s: Got NAME [%s]\r\n", Name, savename); Modified: trunk/src/appl/telnet/libtelnet/enc_des.c =================================================================== --- trunk/src/appl/telnet/libtelnet/enc_des.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/telnet/libtelnet/enc_des.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -199,7 +199,7 @@ fb64_init(fbp) register struct fb *fbp; { - memset((void *)fbp, 0, sizeof(*fbp)); + memset(fbp, 0, sizeof(*fbp)); fbp->state[0] = fbp->state[1] = FAILED; fbp->fb_feed[0] = IAC; fbp->fb_feed[1] = SB; @@ -600,8 +600,8 @@ Block seed; register struct stinfo *stp; { - memcpy((void *)stp->str_iv, (void *)seed, sizeof(Block)); - memcpy((void *)stp->str_output, (void *)seed, sizeof(Block)); + memcpy(stp->str_iv, seed, sizeof(Block)); + memcpy(stp->str_output, seed, sizeof(Block)); stp->str_index = sizeof(Block); } @@ -611,7 +611,7 @@ Block key; register struct stinfo *stp; { - memcpy((void *)stp->str_keybytes, (void *)key, sizeof(Block)); + memcpy(stp->str_keybytes, key, sizeof(Block)); stp->str_key.length = 8; stp->str_key.contents = stp->str_keybytes; /* the original version of this code uses des ecb mode, but @@ -619,7 +619,7 @@ is identical */ stp->str_key.enctype = ENCTYPE_DES_CBC_RAW; - memcpy((void *)stp->str_output, (void *)stp->str_iv, sizeof(Block)); + memcpy(stp->str_output, stp->str_iv, sizeof(Block)); stp->str_index = sizeof(Block); } @@ -659,7 +659,7 @@ if (idx == sizeof(Block)) { Block b; ecb_encrypt(stp, stp->str_output, b); - memcpy((void *)stp->str_feed,(void *)b,sizeof(Block)); + memcpy(stp->str_feed,b,sizeof(Block)); idx = 0; } @@ -693,7 +693,7 @@ if (idx == sizeof(Block)) { Block b; ecb_encrypt(stp, stp->str_output, b); - memcpy((void *)stp->str_feed, (void *)b, sizeof(Block)); + memcpy(stp->str_feed, b, sizeof(Block)); stp->str_index = 1; /* Next time will be 1 */ idx = 0; /* But now use 0 */ } @@ -735,7 +735,7 @@ if (idx == sizeof(Block)) { Block b; ecb_encrypt(stp, stp->str_feed, b); - memcpy((void *)stp->str_feed,(void *)b,sizeof(Block)); + memcpy(stp->str_feed,b,sizeof(Block)); idx = 0; } *s++ ^= stp->str_feed[idx]; @@ -766,7 +766,7 @@ if (idx == sizeof(Block)) { Block b; ecb_encrypt(stp, stp->str_feed, b); - memcpy((void *)stp->str_feed, (void *)b, sizeof(Block)); + memcpy(stp->str_feed, b, sizeof(Block)); stp->str_index = 1; /* Next time will be 1 */ idx = 0; /* But now use 0 */ } Modified: trunk/src/appl/telnet/libtelnet/kerberos5.c =================================================================== --- trunk/src/appl/telnet/libtelnet/kerberos5.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/telnet/libtelnet/kerberos5.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -249,7 +249,7 @@ return(0); } - memset((char *)&creds, 0, sizeof(creds)); + memset(&creds, 0, sizeof(creds)); if (auth_debug_mode) printf("telnet: calling krb5_sname_to_principal\n"); if ((r = krb5_sname_to_principal(telnet_context, RemoteHostName, Modified: trunk/src/appl/telnet/telnet/commands.c =================================================================== --- trunk/src/appl/telnet/telnet/commands.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/telnet/telnet/commands.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -3144,17 +3144,16 @@ sin_addr.s_addr = tmp; } else if ((host = gethostbyname(cp))) { #if defined(h_addr) - memcpy((caddr_t)&sin_addr, - host->h_addr_list[0], sizeof(sin_addr)); + memcpy(&sin_addr, + host->h_addr_list[0], sizeof(sin_addr)); #else - memcpy((caddr_t)&sin_addr, host->h_addr, - sizeof(sin_addr)); + memcpy(&sin_addr, host->h_addr, sizeof(sin_addr)); #endif } else { *cpp = cp; return(0); } - memcpy(lsrp, (char *)&sin_addr, 4); + memcpy(lsrp, &sin_addr, 4); lsrp += 4; if (cp2) cp = cp2; Modified: trunk/src/appl/telnet/telnet/general.h =================================================================== --- trunk/src/appl/telnet/telnet/general.h 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/telnet/telnet/general.h 2009-02-02 23:41:40 UTC (rev 21875) @@ -41,5 +41,5 @@ #define numberof(x) (sizeof x/sizeof x[0]) #define highestof(x) (numberof(x)-1) -#define ClearElement(x) memset((char *)&x, 0, sizeof x) -#define ClearArray(x) memset((char *)x, 0, sizeof x) +#define ClearElement(x) memset(&x, 0, sizeof x) +#define ClearArray(x) memset(x, 0, sizeof x) Modified: trunk/src/appl/telnet/telnet/ring.c =================================================================== --- trunk/src/appl/telnet/telnet/ring.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/telnet/telnet/ring.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -109,7 +109,7 @@ unsigned char *buffer; int count; { - memset((char *)ring, 0, sizeof *ring); + memset(ring, 0, sizeof *ring); ring->size = count; Modified: trunk/src/appl/telnet/telnetd/sys_term.c =================================================================== --- trunk/src/appl/telnet/telnetd/sys_term.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/telnet/telnetd/sys_term.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -235,7 +235,7 @@ { if (len > sizeof(termbuf)) len = sizeof(termbuf); - memcpy((char *)&termbuf, cp, len); + memcpy(&termbuf, cp, len); termbuf2 = termbuf; } #endif /* defined(LINEMODE) && defined(TIOCPKT_IOCTL) */ @@ -956,7 +956,7 @@ init_termbuf(); # ifdef TIOCGWINSZ if (def_row || def_col) { - memset((char *)&ws, 0, sizeof(ws)); + memset(&ws, 0, sizeof(ws)); ws.ws_col = def_col; ws.ws_row = def_row; (void)ioctl(t, TIOCSWINSZ, (char *)&ws); @@ -1137,7 +1137,7 @@ INIT_FIFO); fatalperror(net, tbuf); } - memset((char *)&request, 0, sizeof(request)); + memset(&request, 0, sizeof(request)); request.magic = INIT_MAGIC; SCPYN(request.gen_id, gen_id); SCPYN(request.tty_id, &line[8]); Modified: trunk/src/appl/telnet/telnetd/telnetd-ktd.c =================================================================== --- trunk/src/appl/telnet/telnetd/telnetd-ktd.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/telnet/telnetd/telnetd-ktd.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -395,7 +395,7 @@ if (secflag) { int sz = sizeof(ss); - memset((char *)&dv, 0, sizeof(dv)); + memset(&dv, 0, sizeof(dv)); if (getsysv(&sysv, sizeof(struct sysv)) != 0) { perror("getsysv"); Modified: trunk/src/appl/telnet/telnetd/telnetd.c =================================================================== --- trunk/src/appl/telnet/telnetd/telnetd.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/telnet/telnetd/telnetd.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -564,7 +564,7 @@ int szi = sizeof(int); #endif /* SO_SEC_MULTI */ - memset((char *)&dv, 0, sizeof(dv)); + memset(&dv, 0, sizeof(dv)); if (getsysv(&sysv, sizeof(struct sysv)) != 0) { perror("getsysv"); Modified: trunk/src/appl/telnet/telnetd/termstat.c =================================================================== --- trunk/src/appl/telnet/telnetd/termstat.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/telnet/telnetd/termstat.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -624,7 +624,7 @@ if (def_col || def_row) { struct winsize ws; - memset((char *)&ws, 0, sizeof(ws)); + memset(&ws, 0, sizeof(ws)); ws.ws_col = def_col; ws.ws_row = def_row; (void) ioctl(pty, TIOCSWINSZ, (char *)&ws); Modified: trunk/src/appl/user_user/client.c =================================================================== --- trunk/src/appl/user_user/client.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/user_user/client.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -120,7 +120,7 @@ return 5; } - memcpy ((char *)&serv_net_addr.sin_addr, host->h_addr_list[i++], + memcpy (&serv_net_addr.sin_addr, host->h_addr_list[i++], sizeof(serv_net_addr.sin_addr)); if (connect(s, (struct sockaddr *)&serv_net_addr, @@ -139,7 +139,7 @@ return 6; } - memset ((char*)&creds, 0, sizeof(creds)); + memset (&creds, 0, sizeof(creds)); retval = krb5_cc_get_principal(context, cc, &creds.client); if (retval) { Modified: trunk/src/appl/user_user/server.c =================================================================== --- trunk/src/appl/user_user/server.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/appl/user_user/server.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -125,7 +125,7 @@ return 4; } - memset ((char*)&creds, 0, sizeof(creds)); + memset (&creds, 0, sizeof(creds)); retval = krb5_cc_get_principal(context, cc, &creds.client); if (retval) { com_err("uu-client", retval, "getting principal name"); Modified: trunk/src/clients/ksu/ccache.c =================================================================== --- trunk/src/clients/ksu/ccache.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/clients/ksu/ccache.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -230,9 +230,9 @@ } - memset((char *) &temp_tktq, 0, sizeof(temp_tktq)); - memset((char *) &temp_tkt, 0, sizeof(temp_tkt)); - memset((char *) &creds, 0, sizeof(creds)); + memset(&temp_tktq, 0, sizeof(temp_tktq)); + memset(&temp_tkt, 0, sizeof(temp_tkt)); + memset(&creds, 0, sizeof(creds)); /* initialize the cursor */ if ((retval = krb5_cc_start_seq_get(context, cc, &cur))) { Modified: trunk/src/clients/ksu/heuristic.c =================================================================== --- trunk/src/clients/ksu/heuristic.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/clients/ksu/heuristic.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -449,8 +449,8 @@ *found = FALSE; - memset((char *) &tgtq, 0, sizeof(tgtq)); - memset((char *) &tgt, 0, sizeof(tgt)); + memset(&tgtq, 0, sizeof(tgtq)); + memset(&tgt, 0, sizeof(tgt)); retval= krb5_copy_principal(context, client, &tgtq.client); if (retval) Modified: trunk/src/clients/ksu/krb_auth_su.c =================================================================== --- trunk/src/clients/ksu/krb_auth_su.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/clients/ksu/krb_auth_su.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -59,9 +59,9 @@ krb5_boolean zero_password; *path_passwd = 0; - memset((char *) &tgtq, 0, sizeof(tgtq)); - memset((char *) &tgt, 0, sizeof(tgt)); - memset((char *) &in_creds, 0, sizeof(krb5_creds)); + memset(&tgtq, 0, sizeof(tgtq)); + memset(&tgt, 0, sizeof(tgt)); + memset(&in_creds, 0, sizeof(krb5_creds)); if ((retval= krb5_copy_principal(context, client_pname, &client))){ @@ -241,8 +241,8 @@ krb5_verify_init_creds_opt vfy_opts; krb5_error_code retval; - memset((char *) &tgtq, 0, sizeof(tgtq)); - memset((char *) &tgt, 0, sizeof(tgt)); + memset(&tgtq, 0, sizeof(tgtq)); + memset(&tgt, 0, sizeof(tgt)); if ((retval= krb5_copy_principal(context, client, &tgtq.client))){ com_err(prog_name, retval,"while copying client principal"); @@ -300,7 +300,7 @@ return (FALSE); } - memset((char *)&my_creds, 0, sizeof(my_creds)); + memset(&my_creds, 0, sizeof(my_creds)); if ((code = krb5_copy_principal(context, client, &my_creds.client))){ com_err (prog_name, code, "while copying principal"); Modified: trunk/src/kadmin/cli/kadmin.c =================================================================== --- trunk/src/kadmin/cli/kadmin.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/kadmin/cli/kadmin.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -216,7 +216,7 @@ char *db_name = NULL; char *svcname; - memset((char *) ¶ms, 0, sizeof(params)); + memset(¶ms, 0, sizeof(params)); #if defined(USE_KIM) /* Turn off all password prompting from the KLL */ Modified: trunk/src/kadmin/cli/keytab.c =================================================================== --- trunk/src/kadmin/cli/keytab.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/kadmin/cli/keytab.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -266,7 +266,7 @@ krb5_keyblock *keys; int code, nkeys, i; - (void) memset((char *)&princ_rec, 0, sizeof(princ_rec)); + (void) memset(&princ_rec, 0, sizeof(princ_rec)); princ = NULL; keys = NULL; @@ -309,7 +309,7 @@ } for (i = 0; i < nkeys; i++) { - memset((char *) &new_entry, 0, sizeof(new_entry)); + memset(&new_entry, 0, sizeof(new_entry)); new_entry.principal = princ; new_entry.key = keys[i]; new_entry.vno = princ_rec.kvno; Modified: trunk/src/kadmin/dbutil/dump.c =================================================================== --- trunk/src/kadmin/dbutil/dump.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/kadmin/dbutil/dump.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -1493,7 +1493,7 @@ try2read = (char *) NULL; (*linenop)++; retval = 1; - memset((char *)&dbent, 0, sizeof(dbent)); + memset(&dbent, 0, sizeof(dbent)); /* Make sure we've got key_data entries */ if (krb5_dbe_create_key_data(kcontext, &dbent) || @@ -1794,7 +1794,7 @@ const char *try2read; try2read = (char *) NULL; - memset((char *) &dbentry, 0, sizeof(dbentry)); + memset(&dbentry, 0, sizeof(dbentry)); (*linenop)++; retval = 1; name = (char *) NULL; Modified: trunk/src/kadmin/dbutil/kdb5_create.c =================================================================== --- trunk/src/kadmin/dbutil/kdb5_create.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/kadmin/dbutil/kdb5_create.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -349,7 +349,7 @@ } /* clean up */ (void) krb5_db_fini(util_context); - memset((char *)master_keyblock.contents, 0, master_keyblock.length); + memset(master_keyblock.contents, 0, master_keyblock.length); free(master_keyblock.contents); if (pw_str) { memset(pw_str, 0, pw_size); @@ -426,7 +426,7 @@ int nentries = 1; krb5_actkvno_node actkvno; - memset((char *) &entry, 0, sizeof(entry)); + memset(&entry, 0, sizeof(entry)); entry.len = KRB5_KDB_V1_BASE_LENGTH; entry.attributes = pblock->flags; @@ -449,7 +449,7 @@ if ((entry.key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data))) == NULL) goto error_out; - memset((char *) entry.key_data, 0, sizeof(krb5_key_data)); + memset(entry.key_data, 0, sizeof(krb5_key_data)); entry.n_key_data = 1; if (global_params.mask & KADM5_CONFIG_KVNO) Modified: trunk/src/kadmin/dbutil/kdb5_mkey.c =================================================================== --- trunk/src/kadmin/dbutil/kdb5_mkey.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/kadmin/dbutil/kdb5_mkey.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -99,7 +99,7 @@ if (master_entry->key_data == NULL) return (ENOMEM); - memset((char *) master_entry->key_data, 0, + memset(master_entry->key_data, 0, sizeof(krb5_key_data) * (old_key_data_count + 1)); master_entry->n_key_data = old_key_data_count + 1; @@ -1308,7 +1308,7 @@ exit_status++; return; } - memset((char *) master_entry.key_data, 0, sizeof(krb5_key_data) * num_kvnos_inuse); + memset(master_entry.key_data, 0, sizeof(krb5_key_data) * num_kvnos_inuse); master_entry.n_key_data = num_kvnos_inuse; /* there's only 1 mkey per kvno */ /* Modified: trunk/src/kadmin/dbutil/kdb5_util.c =================================================================== --- trunk/src/kadmin/dbutil/kdb5_util.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/kadmin/dbutil/kdb5_util.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -519,7 +519,7 @@ if ((retval = krb5_c_random_seed(util_context, &seed))) { com_err(progname, retval, "while seeding random number generator"); exit_status++; - memset((char *)master_keyblock.contents, 0, master_keyblock.length); + memset(master_keyblock.contents, 0, master_keyblock.length); krb5_free_keyblock_contents(util_context, &master_keyblock); krb5_db_free_mkey_list(util_context, master_keylist); return(1); @@ -544,7 +544,7 @@ return 0; krb5_db_free_mkey_list(util_context, master_keylist); retval = krb5_db_fini(util_context); - memset((char *)master_keyblock.contents, 0, master_keyblock.length); + memset(master_keyblock.contents, 0, master_keyblock.length); finished = TRUE; if (retval && retval != KRB5_KDB_DBNOTINITED) { com_err(progname, retval, "while closing database"); Modified: trunk/src/kadmin/ktutil/ktutil_funcs.c =================================================================== --- trunk/src/kadmin/ktutil/ktutil_funcs.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/kadmin/ktutil/ktutil_funcs.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -131,7 +131,7 @@ if (!entry) { return ENOMEM; } - memset((char *) entry, 0, sizeof(*entry)); + memset(entry, 0, sizeof(*entry)); if (!lp) { /* if list is empty, start one */ lp = (krb5_kt_list) malloc(sizeof(*lp)); @@ -258,7 +258,7 @@ retval = ENOMEM; break; } - memset((char *)entry, 0, sizeof (*entry)); + memset(entry, 0, sizeof (*entry)); retval = krb5_kt_next_entry(context, kt, entry, &cursor); if (retval) break; Modified: trunk/src/kadmin/server/ipropd_svc.c =================================================================== --- trunk/src/kadmin/server/ipropd_svc.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/kadmin/server/ipropd_svc.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -542,7 +542,7 @@ svcerr_noproc(transp); return; } - (void) memset((char *)&argument, 0, sizeof (argument)); + (void) memset(&argument, 0, sizeof (argument)); if (!svc_getargs(transp, _xdr_argument, (caddr_t)&argument)) { krb5_klog_syslog(LOG_ERR, _("RPC svc_getargs failed (%s)"), Modified: trunk/src/kadmin/server/kadm_rpc_svc.c =================================================================== --- trunk/src/kadmin/server/kadm_rpc_svc.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/kadmin/server/kadm_rpc_svc.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -217,7 +217,7 @@ svcerr_noproc(transp); return; } - memset((char *)&argument, 0, sizeof(argument)); + memset(&argument, 0, sizeof(argument)); if (!svc_getargs(transp, xdr_argument, &argument)) { svcerr_decode(transp); return; Modified: trunk/src/kadmin/server/ovsec_kadmd.c =================================================================== --- trunk/src/kadmin/server/ovsec_kadmd.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/kadmin/server/ovsec_kadmd.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -248,7 +248,7 @@ nofork = 0; - memset((char *) ¶ms, 0, sizeof(params)); + memset(¶ms, 0, sizeof(params)); argc--; argv++; while (argc) { Modified: trunk/src/kdc/kdc_util.c =================================================================== --- trunk/src/kdc/kdc_util.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/kdc/kdc_util.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -150,9 +150,7 @@ krb5_free_authdata(kdc_context, retdata); return ENOMEM; } - memcpy((char *) retdata[i]->contents, - (char *)(*ptr)->contents, - retdata[i]->length); + memcpy(retdata[i]->contents, (*ptr)->contents, retdata[i]->length); ptr++; i++; Modified: trunk/src/kdc/main.c =================================================================== --- trunk/src/kdc/main.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/kdc/main.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -165,7 +165,7 @@ krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc); krb5_free_context(rdp->realm_context); } - memset((char *) rdp, 0, sizeof(*rdp)); + memset(rdp, 0, sizeof(*rdp)); free(rdp); } @@ -247,7 +247,7 @@ int kdb_open_flags; krb5_kvno mkvno = IGNORE_VNO; - memset((char *) rdp, 0, sizeof(kdc_realm_t)); + memset(rdp, 0, sizeof(kdc_realm_t)); if (!realm) { kret = EINVAL; goto whoops; @@ -814,7 +814,7 @@ fprintf(stderr, "%s: cannot get memory for realm list\n", argv[0]); exit(1); } - memset((char *) kdc_realmlist, 0, + memset(kdc_realmlist, 0, (size_t) (sizeof(kdc_realm_t *) * KRB5_KDC_MAX_REALMS)); /* Modified: trunk/src/lib/crypto/des/afsstring2key.c =================================================================== --- trunk/src/lib/crypto/des/afsstring2key.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/crypto/des/afsstring2key.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -142,7 +142,7 @@ (void) mit_des_cbc_cksum (password, key, i, key_sked, ikey); /* erase key_sked */ - memset((char *)key_sked, 0,sizeof(key_sked)); + memset(key_sked, 0,sizeof(key_sked)); /* now fix up key parity again */ mit_des_fixup_key_parity(key); Modified: trunk/src/lib/gssapi/generic/gssapiP_generic.h =================================================================== --- trunk/src/lib/gssapi/generic/gssapiP_generic.h 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/gssapi/generic/gssapiP_generic.h 2009-02-02 23:41:40 UTC (rev 21875) @@ -75,7 +75,7 @@ (ptr) += 2; #define TWRITE_STR(ptr, str, len) \ - memcpy((ptr), (char *) (str), (len)); \ + memcpy((ptr), (str), (len)); \ (ptr) += (len); #define TREAD_STR(ptr, str, len) \ Modified: trunk/src/lib/gssapi/krb5/init_sec_context.c =================================================================== --- trunk/src/lib/gssapi/krb5/init_sec_context.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/gssapi/krb5/init_sec_context.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -131,7 +131,7 @@ krb5_creds in_creds; k5_mutex_assert_locked(&cred->lock); - memset((char *) &in_creds, 0, sizeof(krb5_creds)); + memset(&in_creds, 0, sizeof(krb5_creds)); in_creds.client = in_creds.server = NULL; if ((code = krb5_copy_principal(context, cred->princ, &in_creds.client))) Modified: trunk/src/lib/gssapi/krb5/util_crypt.c =================================================================== --- trunk/src/lib/gssapi/krb5/util_crypt.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/gssapi/krb5/util_crypt.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -345,10 +345,10 @@ &seq_enc_key, 0, &input, &output)); cleanup_arcfour: - memset ((void *) seq_enc_key.contents, 0, seq_enc_key.length); - memset ((void *) usage_key.contents, 0, usage_key.length); - free ((void *) usage_key.contents); - free ((void *) seq_enc_key.contents); + memset (seq_enc_key.contents, 0, seq_enc_key.length); + memset (usage_key.contents, 0, usage_key.length); + free (usage_key.contents); + free (seq_enc_key.contents); return (code); } @@ -713,10 +713,10 @@ &seq_enc_key, 0, kiov, kiov_count)); cleanup_arcfour: - memset ((void *) seq_enc_key.contents, 0, seq_enc_key.length); - memset ((void *) usage_key.contents, 0, usage_key.length); - free ((void *) usage_key.contents); - free ((void *) seq_enc_key.contents); + memset (seq_enc_key.contents, 0, seq_enc_key.length); + memset (usage_key.contents, 0, usage_key.length); + free (usage_key.contents); + free (seq_enc_key.contents); if (kiov != NULL) free(kiov); return (code); Modified: trunk/src/lib/gssapi/spnego/spnego_mech.c =================================================================== --- trunk/src/lib/gssapi/spnego/spnego_mech.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/gssapi/spnego/spnego_mech.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -2374,7 +2374,7 @@ return (-1); *(*buf_out)++ = MECH_OID; *(*buf_out)++ = (unsigned char) mech->length; - memcpy((void *)(*buf_out), mech->elements, mech->length); + memcpy(*buf_out, mech->elements, mech->length); *buf_out += mech->length; return (0); } Modified: trunk/src/lib/kadm5/alt_prof.c =================================================================== --- trunk/src/lib/kadm5/alt_prof.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/kadm5/alt_prof.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -525,8 +525,8 @@ krb5_error_code kret = 0; - memset((char *) ¶ms, 0, sizeof(params)); - memset((char *) &empty_params, 0, sizeof(empty_params)); + memset(¶ms, 0, sizeof(params)); + memset(&empty_params, 0, sizeof(empty_params)); if (params_in == NULL) params_in = &empty_params; @@ -952,7 +952,7 @@ } /* Initialize realm parameters */ - memset((char *) rparams, 0, sizeof(krb5_realm_params)); + memset(rparams, 0, sizeof(krb5_realm_params)); /* Get the value for the database */ hierarchy[0] = "realms"; Modified: trunk/src/lib/kadm5/clnt/client_init.c =================================================================== --- trunk/src/lib/kadm5/clnt/client_init.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/kadm5/clnt/client_init.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -230,7 +230,7 @@ * of params_in. So use that realm, make params_in contain an * empty mask, and behave like version 2. */ - memset((char *) ¶ms_local, 0, sizeof(params_local)); + memset(¶ms_local, 0, sizeof(params_local)); if (api_version == KADM5_API_VERSION_1) { realm = params_local.realm = (char *) params_in; if (params_in) @@ -319,8 +319,7 @@ memset(&addr, 0, sizeof(addr)); addr.sin_family = hp->h_addrtype; - (void) memcpy((char *) &addr.sin_addr, (char *) hp->h_addr, - sizeof(addr.sin_addr)); + (void) memcpy(&addr.sin_addr, hp->h_addr, sizeof(addr.sin_addr)); if (iprop_enable) addr.sin_port = htons((u_short) handle->params.iprop_port); else Modified: trunk/src/lib/kadm5/clnt/client_rpc.c =================================================================== --- trunk/src/lib/kadm5/clnt/client_rpc.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/kadm5/clnt/client_rpc.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -16,7 +16,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, CREATE_PRINCIPAL, (xdrproc_t) xdr_cprinc_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -31,7 +31,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, CREATE_PRINCIPAL3, (xdrproc_t) xdr_cprinc3_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -46,7 +46,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, DELETE_PRINCIPAL, (xdrproc_t) xdr_dprinc_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -61,7 +61,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, MODIFY_PRINCIPAL, (xdrproc_t) xdr_mprinc_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -76,7 +76,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, RENAME_PRINCIPAL, (xdrproc_t) xdr_rprinc_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -91,7 +91,7 @@ { static gprinc_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, GET_PRINCIPAL, (xdrproc_t) xdr_gprinc_arg, (caddr_t) argp, (xdrproc_t) xdr_gprinc_ret, (caddr_t) &clnt_res, @@ -106,7 +106,7 @@ { static gprincs_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, GET_PRINCS, (xdrproc_t) xdr_gprincs_arg, (caddr_t) argp, (xdrproc_t) xdr_gprincs_ret, (caddr_t) &clnt_res, @@ -121,7 +121,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, CHPASS_PRINCIPAL, (xdrproc_t) xdr_chpass_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -136,7 +136,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, CHPASS_PRINCIPAL3, (xdrproc_t) xdr_chpass3_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -151,7 +151,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, SETV4KEY_PRINCIPAL, (xdrproc_t) xdr_setv4key_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -166,7 +166,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, SETKEY_PRINCIPAL, (xdrproc_t) xdr_setkey_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -181,7 +181,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, SETKEY_PRINCIPAL3, (xdrproc_t) xdr_setkey3_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -196,7 +196,7 @@ { static chrand_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, CHRAND_PRINCIPAL, (xdrproc_t) xdr_chrand_arg, (caddr_t) argp, (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res, @@ -211,7 +211,7 @@ { static chrand_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, CHRAND_PRINCIPAL3, (xdrproc_t) xdr_chrand3_arg, (caddr_t) argp, (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res, @@ -226,7 +226,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, CREATE_POLICY, (xdrproc_t) xdr_cpol_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -241,7 +241,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, DELETE_POLICY, (xdrproc_t) xdr_dpol_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -256,7 +256,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, MODIFY_POLICY, (xdrproc_t) xdr_mpol_arg, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, @@ -271,7 +271,7 @@ { static gpol_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, GET_POLICY, (xdrproc_t) xdr_gpol_arg, (caddr_t) argp, (xdrproc_t) xdr_gpol_ret, (caddr_t) &clnt_res, @@ -286,7 +286,7 @@ { static gpols_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, GET_POLS, (xdrproc_t) xdr_gpols_arg, (caddr_t) argp, (xdrproc_t) xdr_gpols_ret, (caddr_t) &clnt_res, @@ -301,7 +301,7 @@ { static getprivs_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, GET_PRIVS, (xdrproc_t) xdr_u_int32, (caddr_t) argp, (xdrproc_t) xdr_getprivs_ret, (caddr_t) &clnt_res, @@ -316,7 +316,7 @@ { static generic_ret clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call(clnt, INIT, (xdrproc_t) xdr_u_int32, (caddr_t) argp, (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res, Modified: trunk/src/lib/kadm5/kadm_rpc_xdr.c =================================================================== --- trunk/src/lib/kadm5/kadm_rpc_xdr.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/kadm5/kadm_rpc_xdr.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -230,7 +230,7 @@ unsigned int tmp; if (xdrs->x_op == XDR_DECODE) - memset((char *) objp, 0, sizeof(krb5_key_data)); + memset(objp, 0, sizeof(krb5_key_data)); if (!xdr_krb5_int16(xdrs, &objp->key_data_ver)) { return (FALSE); @@ -322,7 +322,7 @@ tl2 = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)); if (tl2 == NULL) return FALSE; - memset((char *) tl2, 0, sizeof(krb5_tl_data)); + memset(tl2, 0, sizeof(krb5_tl_data)); if (!xdr_krb5_int16(xdrs, &tl2->tl_data_type)) return FALSE; if (!xdr_bytes(xdrs, (char **)&tl2->tl_data_contents, &len, ~0)) Modified: trunk/src/lib/kadm5/srv/server_acl.c =================================================================== --- trunk/src/lib/kadm5/srv/server_acl.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/kadm5/srv/server_acl.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -607,7 +607,7 @@ wildstate_t state; DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_find_entry()\n")); - memset((char *)&state, 0, sizeof state); + memset(&state, 0, sizeof state); for (entry=acl_list_head; entry; entry = entry->ae_next) { if (entry->ae_name_bad) continue; Modified: trunk/src/lib/kadm5/srv/server_init.c =================================================================== --- trunk/src/lib/kadm5/srv/server_init.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/kadm5/srv/server_init.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -210,7 +210,7 @@ * of params_in. So use that realm, make params_in contain an * empty mask, and behave like version 2. */ - memset((char *) ¶ms_local, 0, sizeof(params_local)); + memset(¶ms_local, 0, sizeof(params_local)); if (api_version == KADM5_API_VERSION_1) { params_local.realm = (char *) params_in; if (params_in) Modified: trunk/src/lib/kadm5/srv/svr_principal.c =================================================================== --- trunk/src/lib/kadm5/srv/svr_principal.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/kadm5/srv/svr_principal.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -764,7 +764,7 @@ mask = in_mask; } - memset((char *) entry, 0, sizeof(*entry)); + memset(entry, 0, sizeof(*entry)); if (principal == NULL) return EINVAL; @@ -1184,7 +1184,7 @@ } free(histp->key_data); } - free((void *)adb->old_keys); + free(adb->old_keys); adb->old_keys = tmp; nkeys = adb->old_key_len = nhist - 1; knext = adb->old_key_next = 0; @@ -2155,7 +2155,7 @@ keys = (krb5_keyblock *) malloc(n_key_data*sizeof(krb5_keyblock)); if (keys == NULL) return ENOMEM; - memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock)); + memset(keys, 0, n_key_data*sizeof(krb5_keyblock)); for (i = 0; i < n_key_data; i++) { ret = krb5_dbekd_decrypt_key_data(context, mkey, @@ -2169,7 +2169,7 @@ } } - memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock)); + memset(keys, 0, n_key_data*sizeof(krb5_keyblock)); free(keys); return ret; } Modified: trunk/src/lib/kadm5/unit-test/setkey-test.c =================================================================== --- trunk/src/lib/kadm5/unit-test/setkey-test.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/kadm5/unit-test/setkey-test.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -84,7 +84,7 @@ * to kadm5 server. */ - memset((char *) &context, 0, sizeof(context)); + memset(&context, 0, sizeof(context)); kadm5_init_krb5_context(&context); ret = krb5_parse_name(context, principal, &princ); @@ -174,7 +174,7 @@ for (encnum = 0; testp[encnum].magic != -1; encnum++) { printf("+ enctype %d\n", testp[encnum].enctype); - memset((char *) &ktent, 0, sizeof(ktent)); + memset(&ktent, 0, sizeof(ktent)); ktent.principal = princ; ktent.key = testp[encnum]; ktent.vno = princ_ent.kvno; @@ -185,7 +185,7 @@ exit(1); } - memset((char *)&my_creds, 0, sizeof(my_creds)); + memset(&my_creds, 0, sizeof(my_creds)); my_creds.client = princ; my_creds.server = server; Modified: trunk/src/lib/kdb/kdb_cpw.c =================================================================== --- trunk/src/lib/kdb/kdb_cpw.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/kdb/kdb_cpw.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -449,8 +449,8 @@ if(!(key_salt.data.data = (char *) malloc(slen+1))) return ENOMEM; key_salt.data.data[slen] = 0; - memcpy((char *)key_salt.data.data, - (char *)(*krb5_princ_realm(context,db_entry->princ)).data, + memcpy(key_salt.data.data, + (*krb5_princ_realm(context,db_entry->princ)).data, slen); key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/ #endif Modified: trunk/src/lib/kdb/kdb_default.c =================================================================== --- trunk/src/lib/kdb/kdb_default.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/kdb/kdb_default.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -204,7 +204,7 @@ goto out; while (keylist && !retval) { - memset((char *) &new_entry, 0, sizeof(new_entry)); + memset(&new_entry, 0, sizeof(new_entry)); new_entry.principal = mname; new_entry.key = keylist->keyblock; new_entry.vno = keylist->kvno; Modified: trunk/src/lib/krb5/asn.1/asn1glue.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1glue.h 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/asn.1/asn1glue.h 2009-02-02 23:41:40 UTC (rev 21875) @@ -40,7 +40,6 @@ #define KRB5_APOptions2krb5_apoptions(val, err) KRB5_TicketFlags2krb5_flags((struct type_KRB5_APOptions *) (val), err) /* to keep lint happy */ -#define xbcopy(src,dst,size) memcpy((char *)(dst), (char *)(src), size) #define xmalloc(n) malloc((unsigned) (n)) #define xcalloc(n,s) calloc((unsigned)(n), (unsigned)(s)) Modified: trunk/src/lib/krb5/ccache/cc_file.c =================================================================== --- trunk/src/lib/krb5/ccache/cc_file.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/ccache/cc_file.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -1891,7 +1891,7 @@ if (kret) return kret; - memset((char *)creds, 0, sizeof(*creds)); + memset(creds, 0, sizeof(*creds)); MAYBE_OPEN(context, id, FCC_OPEN_RDONLY); fcursor = (krb5_fcc_cursor *) *cursor; Modified: trunk/src/lib/krb5/krb/auth_con.c =================================================================== --- trunk/src/lib/krb5/krb/auth_con.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/auth_con.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -15,7 +15,7 @@ free(tmpad); return ENOMEM; } - memcpy((char *)tmpad->contents, (char *)inad->contents, inad->length); + memcpy(tmpad->contents, inad->contents, inad->length); *outad = tmpad; return 0; } Modified: trunk/src/lib/krb5/krb/copy_addrs.c =================================================================== --- trunk/src/lib/krb5/krb/copy_addrs.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/copy_addrs.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -41,7 +41,7 @@ free(tmpad); return ENOMEM; } - memcpy((char *)tmpad->contents, (char *)inad->contents, inad->length); + memcpy(tmpad->contents, inad->contents, inad->length); *outad = tmpad; return 0; } Modified: trunk/src/lib/krb5/krb/copy_auth.c =================================================================== --- trunk/src/lib/krb5/krb/copy_auth.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/copy_auth.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -68,7 +68,7 @@ free(tmpad); return ENOMEM; } - memcpy((char *)tmpad->contents, (char *)inad->contents, inad->length); + memcpy(tmpad->contents, inad->contents, inad->length); *outad = tmpad; return 0; } Modified: trunk/src/lib/krb5/krb/copy_cksum.c =================================================================== --- trunk/src/lib/krb5/krb/copy_cksum.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/copy_cksum.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -38,13 +38,11 @@ return ENOMEM; *tempto = *ckfrom; - if (!(tempto->contents = - (krb5_octet *)malloc(tempto->length))) { + if (!(tempto->contents = (krb5_octet *)malloc(tempto->length))) { free(tempto); return ENOMEM; } - memcpy((char *) tempto->contents, (char *) ckfrom->contents, - ckfrom->length); + memcpy(tempto->contents, ckfrom->contents, ckfrom->length); *ckto = tempto; return 0; Modified: trunk/src/lib/krb5/krb/copy_data.c =================================================================== --- trunk/src/lib/krb5/krb/copy_data.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/copy_data.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -68,7 +68,7 @@ if (!(outdata->data = malloc(outdata->length))) { return ENOMEM; } - memcpy((char *)outdata->data, (char *)indata->data, outdata->length); + memcpy(outdata->data, indata->data, outdata->length); } else outdata->data = 0; outdata->magic = KV5M_DATA; Modified: trunk/src/lib/krb5/krb/copy_key.c =================================================================== --- trunk/src/lib/krb5/krb/copy_key.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/copy_key.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -44,8 +44,7 @@ free(new_key); return(ENOMEM); } - memcpy((char *)new_key->contents, (char *)from->contents, - new_key->length); + memcpy(new_key->contents, from->contents, new_key->length); *to = new_key; return 0; } Modified: trunk/src/lib/krb5/krb/copy_tick.c =================================================================== --- trunk/src/lib/krb5/krb/copy_tick.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/copy_tick.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -62,7 +62,7 @@ free(tempto); return ENOMEM; } - memcpy((char *)tempto->transited.tr_contents.data, + memcpy(tempto->transited.tr_contents.data, (char *)partfrom->transited.tr_contents.data, partfrom->transited.tr_contents.length); } Modified: trunk/src/lib/krb5/krb/cp_key_cnt.c =================================================================== --- trunk/src/lib/krb5/krb/cp_key_cnt.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/cp_key_cnt.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -40,7 +40,7 @@ to->contents = (krb5_octet *)malloc(to->length); if (!to->contents) return ENOMEM; - memcpy((char *)to->contents, (char *)from->contents, to->length); + memcpy(to->contents, from->contents, to->length); } else to->contents = 0; return 0; Modified: trunk/src/lib/krb5/krb/fwd_tgt.c =================================================================== --- trunk/src/lib/krb5/krb/fwd_tgt.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/fwd_tgt.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -57,8 +57,8 @@ krb5_keyblock *session_key; krb5_boolean old_use_conf_ktypes = context->use_conf_ktypes; - memset((char *)&creds, 0, sizeof(creds)); - memset((char *)&tgt, 0, sizeof(creds)); + memset(&creds, 0, sizeof(creds)); + memset(&tgt, 0, sizeof(creds)); if (cc == 0) { if ((retval = krb5int_cc_default(context, &cc))) Modified: trunk/src/lib/krb5/krb/get_creds.c =================================================================== --- trunk/src/lib/krb5/krb/get_creds.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/get_creds.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -54,7 +54,7 @@ if (!in_creds || !in_creds->server || !in_creds->client) return EINVAL; - memset((char *)mcreds, 0, sizeof(krb5_creds)); + memset(mcreds, 0, sizeof(krb5_creds)); mcreds->magic = KV5M_CREDS; if (in_creds->times.endtime != 0) { mcreds->times.endtime = in_creds->times.endtime; @@ -122,7 +122,7 @@ if ((ncreds = (krb5_creds *)malloc(sizeof(krb5_creds))) == NULL) return ENOMEM; - memset((char *)ncreds, 0, sizeof(krb5_creds)); + memset(ncreds, 0, sizeof(krb5_creds)); ncreds->magic = KV5M_CREDS; /* The caller is now responsible for cleaning up in_creds */ @@ -261,7 +261,7 @@ krb5_creds *out_creds = 0; /* for check before dereferencing below */ krb5_creds **tgts; - memset((char *)&in_creds, 0, sizeof(krb5_creds)); + memset(&in_creds, 0, sizeof(krb5_creds)); in_creds.server = NULL; tgts = NULL; Modified: trunk/src/lib/krb5/krb/get_in_tkt.c =================================================================== --- trunk/src/lib/krb5/krb/get_in_tkt.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/get_in_tkt.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -428,7 +428,7 @@ if (server) krb5_free_principal(context, server); if (creds->keyblock.contents) { - memset((char *)creds->keyblock.contents, 0, + memset(creds->keyblock.contents, 0, creds->keyblock.length); free(creds->keyblock.contents); creds->keyblock.contents = 0; Modified: trunk/src/lib/krb5/krb/kfree.c =================================================================== --- trunk/src/lib/krb5/krb/kfree.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/kfree.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -187,7 +187,7 @@ val->server = 0; } if (val->keyblock.contents) { - memset((char *)val->keyblock.contents, 0, val->keyblock.length); + memset(val->keyblock.contents, 0, val->keyblock.length); free(val->keyblock.contents); val->keyblock.contents = 0; } Modified: trunk/src/lib/krb5/krb/mk_priv.c =================================================================== --- trunk/src/lib/krb5/krb/mk_priv.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/mk_priv.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -119,7 +119,7 @@ krb5_replay_data replaydata; /* Clear replaydata block */ - memset((char *) &replaydata, 0, sizeof(krb5_replay_data)); + memset(&replaydata, 0, sizeof(krb5_replay_data)); /* Get keyblock */ if ((keyblock = auth_context->send_subkey) == NULL) Modified: trunk/src/lib/krb5/krb/mk_req.c =================================================================== --- trunk/src/lib/krb5/krb/mk_req.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/mk_req.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -65,7 +65,7 @@ return retval; /* obtain ticket & session key */ - memset((char *)&creds, 0, sizeof(creds)); + memset(&creds, 0, sizeof(creds)); if ((retval = krb5_copy_principal(context, server, &creds.server))) goto cleanup_princ; Modified: trunk/src/lib/krb5/krb/mk_safe.c =================================================================== --- trunk/src/lib/krb5/krb/mk_safe.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/mk_safe.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -104,7 +104,7 @@ cleanup_checksum: free(safe_checksum.contents); - memset((char *)scratch1->data, 0, scratch1->length); + memset(scratch1->data, 0, scratch1->length); krb5_free_data(context, scratch1); return retval; } @@ -119,7 +119,7 @@ krb5_replay_data replaydata; /* Clear replaydata block */ - memset((char *) &replaydata, 0, sizeof(krb5_replay_data)); + memset(&replaydata, 0, sizeof(krb5_replay_data)); /* Get keyblock */ if ((keyblock = auth_context->send_subkey) == NULL) Modified: trunk/src/lib/krb5/krb/rd_safe.c =================================================================== --- trunk/src/lib/krb5/krb/rd_safe.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/rd_safe.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -128,7 +128,7 @@ KRB5_KEYUSAGE_KRB_SAFE_CKSUM, scratch, his_cksum, &valid); - (void) memset((char *)scratch->data, 0, scratch->length); + (void) memset(scratch->data, 0, scratch->length); krb5_free_data(context, scratch); if (!valid) { Modified: trunk/src/lib/krb5/krb/recvauth.c =================================================================== --- trunk/src/lib/krb5/krb/recvauth.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/recvauth.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -177,7 +177,7 @@ krb5_error error; const char *message; - memset((char *)&error, 0, sizeof(error)); + memset(&error, 0, sizeof(error)); krb5_us_timeofday(context, &error.stime, &error.susec); if(server) error.server = server; Modified: trunk/src/lib/krb5/krb/send_tgs.c =================================================================== --- trunk/src/lib/krb5/krb/send_tgs.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/send_tgs.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -147,7 +147,7 @@ if (!in_cred->ticket.length) return(KRB5_NO_TKT_SUPPLIED); - memset((char *)&tgsreq, 0, sizeof(tgsreq)); + memset(&tgsreq, 0, sizeof(tgsreq)); tgsreq.kdc_options = kdcoptions; tgsreq.server = (krb5_principal) sname; Modified: trunk/src/lib/krb5/krb/sendauth.c =================================================================== --- trunk/src/lib/krb5/krb/sendauth.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/sendauth.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -91,7 +91,7 @@ * If no credentials were provided, try getting it from the * credentials cache. */ - memset((char *)&creds, 0, sizeof(creds)); + memset(&creds, 0, sizeof(creds)); /* * See if we need to access the credentials cache Modified: trunk/src/lib/krb5/krb/t_ser.c =================================================================== --- trunk/src/lib/krb5/krb/t_ser.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/krb/t_ser.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -562,7 +562,7 @@ checksum.checksum_type = 123; checksum.length = sizeof(ckdata); checksum.contents = ckdata; - memcpy(ckdata, (char *) &stuff, sizeof(ckdata)); + memcpy(ckdata, &stuff, sizeof(ckdata)); if (!(kret = ser_data(verbose, "> checksum with data", (krb5_pointer) &checksum, KV5M_CHECKSUM))) { if (verbose) Modified: trunk/src/lib/krb5/os/full_ipadr.c =================================================================== --- trunk/src/lib/krb5/os/full_ipadr.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/os/full_ipadr.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -59,25 +59,25 @@ marshal = retaddr->contents; temptype = htons(ADDRTYPE_INET); - (void) memcpy((char *)marshal, (char *)&temptype, sizeof(temptype)); + (void) memcpy(marshal, &temptype, sizeof(temptype)); marshal += sizeof(temptype); templength = htonl(sizeof(smushaddr)); - (void) memcpy((char *)marshal, (char *)&templength, sizeof(templength)); + (void) memcpy(marshal, &templength, sizeof(templength)); marshal += sizeof(templength); - (void) memcpy((char *)marshal, (char *)&smushaddr, sizeof(smushaddr)); + (void) memcpy(marshal, &smushaddr, sizeof(smushaddr)); marshal += sizeof(smushaddr); temptype = htons(ADDRTYPE_IPPORT); - (void) memcpy((char *)marshal, (char *)&temptype, sizeof(temptype)); + (void) memcpy(marshal, &temptype, sizeof(temptype)); marshal += sizeof(temptype); templength = htonl(sizeof(smushport)); - (void) memcpy((char *)marshal, (char *)&templength, sizeof(templength)); + (void) memcpy(marshal, &templength, sizeof(templength)); marshal += sizeof(templength); - (void) memcpy((char *)marshal, (char *)&smushport, sizeof(smushport)); + (void) memcpy(marshal, &smushport, sizeof(smushport)); marshal += sizeof(smushport); *outaddr = retaddr; Modified: trunk/src/lib/krb5/os/gen_port.c =================================================================== --- trunk/src/lib/krb5/os/gen_port.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/os/gen_port.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -41,7 +41,7 @@ return KRB5_PROG_ATYPE_NOSUPP; port = *(const krb5_int16 *)ptr; - memcpy((char *)&adr, (char *)addr->contents, sizeof(adr)); + memcpy(&adr, addr->contents, sizeof(adr)); return krb5_make_full_ipaddr(context, adr, port, outaddr); #else return KRB5_PROG_ATYPE_NOSUPP; Modified: trunk/src/lib/krb5/os/mk_faddr.c =================================================================== --- trunk/src/lib/krb5/os/mk_faddr.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/os/mk_faddr.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -64,7 +64,7 @@ store_32_le(tmp32, marshal); marshal += 4; - (void) memcpy((char *)marshal, (char *)(kaddr->contents), kaddr->length); + (void) memcpy(marshal, kaddr->contents, kaddr->length); marshal += kaddr->length; tmp16 = kport->addrtype; @@ -77,7 +77,7 @@ store_32_le(tmp32, marshal); marshal += 4; - (void) memcpy((char *)marshal, (char *)(kport->contents), kport->length); + (void) memcpy(marshal, kport->contents, kport->length); marshal += kport->length; return 0; } Modified: trunk/src/lib/krb5/os/port2ip.c =================================================================== --- trunk/src/lib/krb5/os/port2ip.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/krb5/os/port2ip.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -50,31 +50,31 @@ marshal = inaddr->contents; - (void) memcpy((char *)&temptype, (char *)marshal, sizeof(temptype)); + (void) memcpy(&temptype, marshal, sizeof(temptype)); marshal += sizeof(temptype); if (temptype != htons(ADDRTYPE_INET)) return KRB5_PROG_ATYPE_NOSUPP; - (void) memcpy((char *)&templength, (char *)marshal, sizeof(templength)); + (void) memcpy(&templength, marshal, sizeof(templength)); marshal += sizeof(templength); if (templength != htonl(sizeof(smushaddr))) return KRB5_PROG_ATYPE_NOSUPP; - (void) memcpy((char *)&smushaddr, (char *)marshal, sizeof(smushaddr)); + (void) memcpy(&smushaddr, marshal, sizeof(smushaddr)); /* leave in net order */ marshal += sizeof(smushaddr); - (void) memcpy((char *)&temptype, (char *)marshal, sizeof(temptype)); + (void) memcpy(&temptype, marshal, sizeof(temptype)); marshal += sizeof(temptype); if (temptype != htons(ADDRTYPE_IPPORT)) return KRB5_PROG_ATYPE_NOSUPP; - (void) memcpy((char *)&templength, (char *)marshal, sizeof(templength)); + (void) memcpy(&templength, marshal, sizeof(templength)); marshal += sizeof(templength); if (templength != htonl(sizeof(smushport))) return KRB5_PROG_ATYPE_NOSUPP; - (void) memcpy((char *)&smushport, (char *)marshal, sizeof(smushport)); + (void) memcpy(&smushport, marshal, sizeof(smushport)); /* leave in net order */ *adr = (krb5_int32) smushaddr; Modified: trunk/src/lib/rpc/auth_gssapi.c =================================================================== --- trunk/src/lib/rpc/auth_gssapi.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/rpc/auth_gssapi.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -176,8 +176,8 @@ rpc_createerr.cf_error.re_errno = ENOMEM; goto cleanup; } - memset((char *) auth, 0, sizeof(*auth)); - memset((char *) pdata, 0, sizeof(*pdata)); + memset(auth, 0, sizeof(*auth)); + memset(pdata, 0, sizeof(*pdata)); auth->ah_ops = &auth_gssapi_ops; auth->ah_private = (caddr_t) pdata; @@ -246,7 +246,7 @@ bindp = NULL; } - memset((char *) &call_res, 0, sizeof(call_res)); + memset(&call_res, 0, sizeof(call_res)); next_token: *gssstat = gss_init_sec_context(minor_stat, @@ -283,7 +283,7 @@ PRINTF(("gssapi_create: calling GSSAPI_INIT (%d)\n", init_func)); - memset((char *) &call_res, 0, sizeof(call_res)); + memset(&call_res, 0, sizeof(call_res)); callstat = clnt_call(clnt, init_func, xdr_authgssapi_init_arg, &call_arg, xdr_authgssapi_init_res, &call_res, Modified: trunk/src/lib/rpc/get_myaddress.c =================================================================== --- trunk/src/lib/rpc/get_myaddress.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/rpc/get_myaddress.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -52,7 +52,7 @@ int get_myaddress(struct sockaddr_in *addr) { - memset((void *) addr, 0, sizeof(*addr)); + memset(addr, 0, sizeof(*addr)); addr->sin_family = AF_INET; addr->sin_port = htons(PMAPPORT); addr->sin_addr.s_addr = htonl(INADDR_LOOPBACK); Modified: trunk/src/lib/rpc/svc_auth_gssapi.c =================================================================== --- trunk/src/lib/rpc/svc_auth_gssapi.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/rpc/svc_auth_gssapi.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -169,7 +169,7 @@ /* use AUTH_NONE until there is a client_handle */ rqst->rq_xprt->xp_auth = &svc_auth_none; - memset((char *) &call_res, 0, sizeof(call_res)); + memset(&call_res, 0, sizeof(call_res)); creds.client_handle.length = 0; creds.client_handle.value = NULL; @@ -185,7 +185,7 @@ PRINTF(("svcauth_gssapi: decoding credentials\n")); xdrmem_create(&xdrs, cred->oa_base, cred->oa_length, XDR_DECODE); - memset((char *) &creds, 0, sizeof(creds)); + memset(&creds, 0, sizeof(creds)); if (! xdr_authgssapi_creds(&xdrs, &creds)) { PRINTF(("svcauth_gssapi: failed decoding creds\n")); LOG_MISCERR("protocol error in client credentials"); @@ -691,7 +691,7 @@ client_data = (svc_auth_gssapi_data *) malloc(sizeof(*client_data)); if (client_data == NULL) return NULL; - memset((char *) client_data, 0, sizeof(*client_data)); + memset(client_data, 0, sizeof(*client_data)); L_PRINTF(2, ("create_client: new client_data = %p\n", (void *) client_data)); Modified: trunk/src/lib/rpc/svc_tcp.c =================================================================== --- trunk/src/lib/rpc/svc_tcp.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/rpc/svc_tcp.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -156,7 +156,7 @@ set_cloexec_fd(sock); madesock = TRUE; } - memset((char *)&addr, 0, sizeof (addr)); + memset(&addr, 0, sizeof (addr)); #if HAVE_STRUCT_SOCKADDR_IN_SIN_LEN addr.sin_len = sizeof(addr); #endif Modified: trunk/src/lib/rpc/svc_udp.c =================================================================== --- trunk/src/lib/rpc/svc_udp.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/rpc/svc_udp.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -123,7 +123,7 @@ set_cloexec_fd(sock); madesock = TRUE; } - memset((char *)&addr, 0, sizeof (addr)); + memset(&addr, 0, sizeof (addr)); #if HAVE_STRUCT_SOCKADDR_IN_SIN_LEN addr.sin_len = sizeof(addr); #endif @@ -194,7 +194,7 @@ uint32_t replylen; again: - memset((char *) &dummy, 0, sizeof(dummy)); + memset(&dummy, 0, sizeof(dummy)); dummy_iov[0].iov_base = rpc_buffer(xprt); dummy_iov[0].iov_len = (int) su->su_iosz; dummy.msg_iov = dummy_iov; @@ -337,7 +337,7 @@ (type *) mem_alloc((unsigned) (sizeof(type) * (size))) #define BZERO(addr, type, size) \ - memset((char *) addr, 0, sizeof(type) * (int) (size)) + memset(addr, 0, sizeof(type) * (int) (size)) /* * An entry in the cache Modified: trunk/src/lib/rpc/unit-test/rpc_test_clnt.c =================================================================== --- trunk/src/lib/rpc/unit-test/rpc_test_clnt.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/rpc/unit-test/rpc_test_clnt.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -11,7 +11,7 @@ { static char *clnt_res; - memset((char *)&clnt_res, 0, sizeof (clnt_res)); + memset(&clnt_res, 0, sizeof (clnt_res)); if (clnt_call(clnt, RPC_TEST_ECHO, (xdrproc_t) xdr_wrapstring, (caddr_t) argp, (xdrproc_t) xdr_wrapstring, (caddr_t) &clnt_res, Modified: trunk/src/lib/rpc/unit-test/rpc_test_svc.c =================================================================== --- trunk/src/lib/rpc/unit-test/rpc_test_svc.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/lib/rpc/unit-test/rpc_test_svc.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -53,7 +53,7 @@ _rpcsvcstate = _SERVED; return; } - (void) memset((char *)&argument, 0, sizeof (argument)); + (void) memset(&argument, 0, sizeof (argument)); if (!svc_getargs(transp, xdr_argument, &argument)) { svcerr_decode(transp); _rpcsvccount--; Modified: trunk/src/plugins/kdb/db2/kdb_db2.c =================================================================== --- trunk/src/plugins/kdb/db2/kdb_db2.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/plugins/kdb/db2/kdb_db2.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -180,7 +180,7 @@ /* * Clear the structure and reset the defaults. */ - memset((char *) dbctx, 0, sizeof(krb5_db2_context)); + memset(dbctx, 0, sizeof(krb5_db2_context)); dbctx->db_name = default_db_name; dbctx->db_nb_locks = FALSE; dbctx->tempdb = FALSE; @@ -199,7 +199,7 @@ if (db_ctx == NULL) return ENOMEM; else { - memset((char *) db_ctx, 0, sizeof(krb5_db2_context)); + memset(db_ctx, 0, sizeof(krb5_db2_context)); k5db2_clear_context((krb5_db2_context *) db_ctx); dal_handle->db_context = (void *) db_ctx; } @@ -1113,7 +1113,7 @@ case 0: ; } - memset((char *) &entry, 0, sizeof(entry)); + memset(&entry, 0, sizeof(entry)); contdata.data = contents.data; contdata.length = contents.size; retval = krb5_decode_princ_contents(context, &contdata, &entry); @@ -1124,7 +1124,7 @@ /* Clear encrypted key contents */ for (i = 0; i < entry.n_key_data; i++) { if (entry.key_data[i].key_data_length[0]) { - memset((char *) entry.key_data[i].key_data_contents[0], 0, + memset(entry.key_data[i].key_data_contents[0], 0, (unsigned) entry.key_data[i].key_data_length[0]); } } Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c =================================================================== --- trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -121,8 +121,8 @@ || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) { kadm5_config_params params_in, params_out; - memset((char *) ¶ms_in, 0, sizeof(params_in)); - memset((char *) ¶ms_out, 0, sizeof(params_out)); + memset(¶ms_in, 0, sizeof(params_in)); + memset(¶ms_out, 0, sizeof(params_out)); retval = kadm5_get_config_params(context, 1, ¶ms_in, ¶ms_out); if (retval) { Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c =================================================================== --- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -86,7 +86,7 @@ cparams =(krb5_ldap_krbcontainer_params *) malloc(sizeof(krb5_ldap_krbcontainer_params)); CHECK_NULL(cparams); - memset((char *) cparams, 0, sizeof(krb5_ldap_krbcontainer_params)); + memset(cparams, 0, sizeof(krb5_ldap_krbcontainer_params)); /* read kerberos containter location from [dbmodules] section of krb5.conf file */ if (ldap_context->conf_section) { Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c =================================================================== --- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -1224,7 +1224,7 @@ /* Initialize realm container structure */ rlparams =(krb5_ldap_realm_params *) malloc(sizeof(krb5_ldap_realm_params)); CHECK_NULL(rlparams); - memset((char *) rlparams, 0, sizeof(krb5_ldap_realm_params)); + memset(rlparams, 0, sizeof(krb5_ldap_realm_params)); /* allocate tl_data structure to store MASK information */ rlparams->tl_data = malloc (sizeof(krb5_tl_data)); @@ -1232,7 +1232,7 @@ st = ENOMEM; goto cleanup; } - memset((char *) rlparams->tl_data, 0, sizeof(krb5_tl_data)); + memset(rlparams->tl_data, 0, sizeof(krb5_tl_data)); rlparams->tl_data->tl_data_type = KDB_TL_USER_INFO; /* set the mask parameter to 0 */ Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c =================================================================== --- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -132,7 +132,7 @@ st = ENOMEM; goto rp_exit; } - memcpy((char *)(*password), start, len); + memcpy(*password, start, len); (*password)[len] = '\0'; (*password)[len + 1] = '\0'; goto got_password; Modified: trunk/src/slave/kprop.c =================================================================== --- trunk/src/slave/kprop.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/slave/kprop.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -262,7 +262,7 @@ * * Construct the principal name for the slave host. */ - memset((char *)&creds, 0, sizeof(creds)); + memset(&creds, 0, sizeof(creds)); retval = krb5_sname_to_principal(context, slave_host, KPROP_SERVICE_NAME, KRB5_NT_SRV_HST, &creds.server); @@ -342,7 +342,7 @@ return(0); } my_sin.sin_family = hp->h_addrtype; - memcpy((char *)&my_sin.sin_addr, hp->h_addr, sizeof(my_sin.sin_addr)); + memcpy(&my_sin.sin_addr, hp->h_addr, sizeof(my_sin.sin_addr)); if(!port) { sp = getservbyname(KPROP_SERVICE, "tcp"); if (sp == 0) { @@ -372,7 +372,7 @@ receiver_addr.addrtype = ADDRTYPE_INET; receiver_addr.length = sizeof(my_sin.sin_addr); receiver_addr.contents = (krb5_octet *) malloc(sizeof(my_sin.sin_addr)); - memcpy((char *) receiver_addr.contents, (char *) &my_sin.sin_addr, + memcpy(receiver_addr.contents, &my_sin.sin_addr, sizeof(my_sin.sin_addr)); socket_length = sizeof(my_sin); @@ -385,7 +385,7 @@ sender_addr.addrtype = ADDRTYPE_INET; sender_addr.length = sizeof(my_sin.sin_addr); sender_addr.contents = (krb5_octet *) malloc(sizeof(my_sin.sin_addr)); - memcpy((char *) sender_addr.contents, (char *) &my_sin.sin_addr, + memcpy(sender_addr.contents, &my_sin.sin_addr, sizeof(my_sin.sin_addr)); return(0); @@ -672,7 +672,7 @@ exit(1); } - memcpy((char *)&send_size, outbuf.data, sizeof(send_size)); + memcpy(&send_size, outbuf.data, sizeof(send_size)); send_size = ntohl(send_size); if (send_size != database_size) { com_err(progname, 0, @@ -696,7 +696,7 @@ const char *text; krb5_data outbuf; - memset((char *)&error, 0, sizeof(error)); + memset(&error, 0, sizeof(error)); krb5_us_timeofday(context, &error.ctime, &error.cusec); error.server = my_creds->server; error.client = my_principal; Modified: trunk/src/slave/kpropd.c =================================================================== --- trunk/src/slave/kpropd.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/slave/kpropd.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -276,7 +276,7 @@ com_err(progname, errno, "while obtaining socket"); exit(1); } - memset((char *) &my_sin,0, sizeof(my_sin)); + memset(&my_sin,0, sizeof(my_sin)); if(!port) { sp = getservbyname(KPROP_SERVICE, "tcp"); if (sp == NULL) { @@ -361,7 +361,7 @@ int child_pid; int status; - memset((char *)&frominet, 0, sizeof(frominet)); + memset(&frominet, 0, sizeof(frominet)); fromlen = sizeof(frominet); if (debug) fprintf(stderr, "waiting for a kprop connection\n"); @@ -1019,7 +1019,7 @@ static const char tmp[] = ".temp"; kdb_log_context *log_ctx; - (void) memset((char *)¶ms, 0, sizeof (params)); + (void) memset(¶ms, 0, sizeof (params)); retval = krb5_init_context(&kpropd_context); if (retval) { @@ -1221,7 +1221,7 @@ sender_addr.addrtype = ADDRTYPE_INET; sender_addr.length = sizeof(my_sin.sin_addr); sender_addr.contents = (krb5_octet *) malloc(sizeof(my_sin.sin_addr)); - memcpy((char *) sender_addr.contents, (char *) &my_sin.sin_addr, + memcpy(sender_addr.contents, &my_sin.sin_addr, sizeof(my_sin.sin_addr)); sin_length = sizeof(r_sin); @@ -1233,7 +1233,7 @@ receiver_addr.addrtype = ADDRTYPE_INET; receiver_addr.length = sizeof(r_sin.sin_addr); receiver_addr.contents = (krb5_octet *) malloc(sizeof(r_sin.sin_addr)); - memcpy((char *) receiver_addr.contents, (char *) &r_sin.sin_addr, + memcpy(receiver_addr.contents, &r_sin.sin_addr, sizeof(r_sin.sin_addr)); if (debug) { @@ -1410,7 +1410,7 @@ "while decoding database size from client"); exit(1); } - memcpy((char *) &database_size, outbuf.data, sizeof(database_size)); + memcpy(&database_size, outbuf.data, sizeof(database_size)); krb5_free_data_contents(context, &inbuf); krb5_free_data_contents(context, &outbuf); database_size = ntohl(database_size); @@ -1508,7 +1508,7 @@ krb5_data outbuf; char buf[1024]; - memset((char *)&error, 0, sizeof(error)); + memset(&error, 0, sizeof(error)); krb5_us_timeofday(context, &error.stime, &error.susec); error.server = server; error.client = client; Modified: trunk/src/slave/kpropd_rpc.c =================================================================== --- trunk/src/slave/kpropd_rpc.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/slave/kpropd_rpc.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -14,7 +14,7 @@ { static char clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call (clnt, IPROP_NULL, (xdrproc_t) xdr_void, (caddr_t) argp, (xdrproc_t) xdr_void, (caddr_t) &clnt_res, @@ -29,7 +29,7 @@ { static kdb_incr_result_t clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call (clnt, IPROP_GET_UPDATES, (xdrproc_t) xdr_kdb_last_t, (caddr_t) argp, (xdrproc_t) xdr_kdb_incr_result_t, (caddr_t) &clnt_res, @@ -44,7 +44,7 @@ { static kdb_fullresync_result_t clnt_res; - memset((char *)&clnt_res, 0, sizeof(clnt_res)); + memset(&clnt_res, 0, sizeof(clnt_res)); if (clnt_call (clnt, IPROP_FULL_RESYNC, (xdrproc_t) xdr_void, (caddr_t) argp, (xdrproc_t) xdr_kdb_fullresync_result_t, (caddr_t) &clnt_res, Modified: trunk/src/slave/kproplog.c =================================================================== --- trunk/src/slave/kproplog.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/slave/kproplog.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -397,7 +397,7 @@ exit(1); } - (void) memset((char *)&upd, 0, sizeof (kdb_incr_update_t)); + (void) memset(&upd, 0, sizeof (kdb_incr_update_t)); xdrmem_create(&xdrs, (char *)indx_log->entry_data, indx_log->kdb_entry_size, XDR_DECODE); if (!xdr_kdb_incr_update_t(&xdrs, &upd)) { @@ -498,7 +498,7 @@ exit(1); } - (void) memset((char *)¶ms, 0, sizeof (params)); + (void) memset(¶ms, 0, sizeof (params)); if (kadm5_get_config_params(context, 1, ¶ms, ¶ms)) { (void) fprintf(stderr, Modified: trunk/src/tests/create/kdb5_mkdums.c =================================================================== --- trunk/src/tests/create/kdb5_mkdums.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/tests/create/kdb5_mkdums.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -195,7 +195,7 @@ } retval = krb5_db_fini(test_context); - memset((char *)master_keyblock.contents, 0, + memset(master_keyblock.contents, 0, (size_t) master_keyblock.length); if (retval && retval != KRB5_KDB_DBNOTINITED) { com_err(progname, retval, "while closing database"); @@ -218,7 +218,7 @@ krb5_db_entry newentry; char princ_name[4096]; - memset((char *)&newentry, 0, sizeof(newentry)); + memset(&newentry, 0, sizeof(newentry)); snprintf(princ_name, sizeof(princ_name), "%s@%s", str_newprinc, cur_realm); if ((retval = krb5_parse_name(context, princ_name, &newprinc))) { com_err(progname, retval, "while parsing '%s'", princ_name); Modified: trunk/src/tests/gss-threads/gss-client.c =================================================================== --- trunk/src/tests/gss-threads/gss-client.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/tests/gss-threads/gss-client.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -112,7 +112,7 @@ } saddr.sin_family = hp->h_addrtype; - memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr)); + memcpy(&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr)); saddr.sin_port = htons(port); return 0; } Modified: trunk/src/tests/hammer/kdc5_hammer.c =================================================================== --- trunk/src/tests/hammer/kdc5_hammer.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/tests/hammer/kdc5_hammer.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -340,7 +340,7 @@ service); /* Initialize variables */ - memset((char *)&creds, 0, sizeof(creds)); + memset(&creds, 0, sizeof(creds)); /* Do client side */ if (asprintf(&sname, "%s@%s", service, hostname) >= 0) { @@ -466,7 +466,7 @@ return(-1); } - memset((char *)&my_creds, 0, sizeof(my_creds)); + memset(&my_creds, 0, sizeof(my_creds)); if ((code = krb5_parse_name (context, p_client_str, p_client))) { com_err (prog, code, "when parsing name %s", p_client_str); Modified: trunk/src/tests/misc/test_getsockname.c =================================================================== --- trunk/src/tests/misc/test_getsockname.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/tests/misc/test_getsockname.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -46,9 +46,9 @@ } /* Set server's address */ - (void) memset((char *)&s_sock, 0, sizeof(s_sock)); + (void) memset(&s_sock, 0, sizeof(s_sock)); - memcpy((char *)&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); + memcpy(&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); #ifdef DEBUG printf("s_sock.sin_addr is %s\n", inet_ntoa(s_sock.sin_addr)); #endif @@ -61,7 +61,7 @@ exit(1); } - memset((char *)&c_sock, 0, sizeof(c_sock)); + memset(&c_sock, 0, sizeof(c_sock)); c_sock.sin_family = AF_INET; /* Bind it to set the address; kernel will fill in port # */ @@ -78,7 +78,7 @@ } /* Get my address */ - memset((char *) &c_sock, 0, sizeof(c_sock)); + memset(&c_sock, 0, sizeof(c_sock)); i = sizeof(c_sock); if (getsockname(sock, (struct sockaddr *)&c_sock, &i) < 0) { perror("getsockname"); Modified: trunk/src/tests/verify/kdb5_verify.c =================================================================== --- trunk/src/tests/verify/kdb5_verify.c 2009-02-02 22:28:34 UTC (rev 21874) +++ trunk/src/tests/verify/kdb5_verify.c 2009-02-02 23:41:40 UTC (rev 21875) @@ -209,7 +209,7 @@ krb5_finish_key(context, &master_encblock); retval = krb5_db_fini(context); - memset((char *)master_keyblock.contents, 0, (size_t) master_keyblock.length); + memset(master_keyblock.contents, 0, (size_t) master_keyblock.length); if (retval && retval != KRB5_KDB_DBNOTINITED) { com_err(progname, retval, "while closing database"); exit(1); From raeburn at MIT.EDU Tue Feb 3 11:38:38 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 3 Feb 2009 11:38:38 -0500 (EST) Subject: svn rev #21876: trunk/src/ appl/bsd/ kadmin/ktutil/ lib/crypto/arcfour/ lib/gssapi/mechglue/ ... Message-ID: <200902031638.LAA04956@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21876 Commit By: raeburn Log Message: prefer structure assignment to memcpy Changed Files: U trunk/src/appl/bsd/krlogin.c U trunk/src/kadmin/ktutil/ktutil_funcs.c U trunk/src/lib/crypto/arcfour/arcfour.c U trunk/src/lib/gssapi/mechglue/g_initialize.c U trunk/src/lib/kadm5/srv/svr_principal.c U trunk/src/lib/krb5/krb/serialize.c Modified: trunk/src/appl/bsd/krlogin.c =================================================================== --- trunk/src/appl/bsd/krlogin.c 2009-02-02 23:41:40 UTC (rev 21875) +++ trunk/src/appl/bsd/krlogin.c 2009-02-03 16:38:34 UTC (rev 21876) @@ -1663,8 +1663,7 @@ ** copy the initial modes we saved into sb; this is ** for restoring to the initial state */ - (void)memcpy(&sb, &defmodes, sizeof(defmodes)); - + sb = defmodes; #else sb.sg_flags &= ~(CBREAK|RAW|TBDELAY); sb.sg_flags |= defflags|tabflag; Modified: trunk/src/kadmin/ktutil/ktutil_funcs.c =================================================================== --- trunk/src/kadmin/ktutil/ktutil_funcs.c 2009-02-02 23:41:40 UTC (rev 21875) +++ trunk/src/kadmin/ktutil/ktutil_funcs.c 2009-02-03 16:38:34 UTC (rev 21876) @@ -172,7 +172,7 @@ goto cleanup; memset(password.data, 0, password.length); password.length = 0; - memcpy(&lp->entry->key, &key, sizeof(krb5_keyblock)); + lp->entry->key = key; } else { printf("Key for %s (hex): ", princ_str); fgets(buf, BUFSIZ, stdin); Modified: trunk/src/lib/crypto/arcfour/arcfour.c =================================================================== --- trunk/src/lib/crypto/arcfour/arcfour.c 2009-02-02 23:41:40 UTC (rev 21875) +++ trunk/src/lib/crypto/arcfour/arcfour.c 2009-02-03 16:38:34 UTC (rev 21876) @@ -81,7 +81,7 @@ d1.data=malloc(d1.length); if (d1.data == NULL) return (ENOMEM); - memcpy(&k1, key, sizeof (krb5_keyblock)); + k1 = *key; k1.length=d1.length; k1.contents= (void *) d1.data; @@ -91,7 +91,7 @@ free(d1.data); return (ENOMEM); } - memcpy(&k2, key, sizeof (krb5_keyblock)); + k2 = *key; k2.length=d2.length; k2.contents=(void *) d2.data; @@ -102,7 +102,7 @@ free(d2.data); return (ENOMEM); } - memcpy(&k3, key, sizeof (krb5_keyblock)); + k3 = *key; k3.length=d3.length; k3.contents= (void *) d3.data; @@ -201,7 +201,7 @@ d1.data=malloc(d1.length); if (d1.data == NULL) return (ENOMEM); - memcpy(&k1, key, sizeof (krb5_keyblock)); + k1 = *key; k1.length=d1.length; k1.contents= (void *) d1.data; @@ -211,7 +211,7 @@ free(d1.data); return (ENOMEM); } - memcpy(&k2, key, sizeof(krb5_keyblock)); + k2 = *key; k2.length=d2.length; k2.contents= (void *) d2.data; @@ -222,7 +222,7 @@ free(d2.data); return (ENOMEM); } - memcpy(&k3, key, sizeof(krb5_keyblock)); + k3 = *key; k3.length=d3.length; k3.contents= (void *) d3.data; Modified: trunk/src/lib/gssapi/mechglue/g_initialize.c =================================================================== --- trunk/src/lib/gssapi/mechglue/g_initialize.c 2009-02-02 23:41:40 UTC (rev 21875) +++ trunk/src/lib/gssapi/mechglue/g_initialize.c 2009-02-03 16:38:34 UTC (rev 21876) @@ -638,7 +638,7 @@ releaseMechInfo(&new_cf); return ENOMEM; } - memcpy(new_cf->mech, template->mech, sizeof(struct gss_config)); + *new_cf->mech = *template->mech; if (template->mech_type != NULL) new_cf->mech->mech_type = *(template->mech_type); new_cf->mech_type = &new_cf->mech->mech_type; Modified: trunk/src/lib/kadm5/srv/svr_principal.c =================================================================== --- trunk/src/lib/kadm5/srv/svr_principal.c 2009-02-02 23:41:40 UTC (rev 21875) +++ trunk/src/lib/kadm5/srv/svr_principal.c 2009-02-03 16:38:34 UTC (rev 21876) @@ -56,7 +56,7 @@ return ENOMEM; VALGRIND_CHECK_DEFINED(*inprinc); - memcpy(tempprinc, inprinc, sizeof(krb5_principal_data)); + *tempprinc = *inprinc; nelems = (int) krb5_princ_size(context, inprinc); tempprinc->data = krb5_db_alloc(context, NULL, nelems * sizeof(krb5_data)); Modified: trunk/src/lib/krb5/krb/serialize.c =================================================================== --- trunk/src/lib/krb5/krb/serialize.c 2009-02-02 23:41:40 UTC (rev 21875) +++ trunk/src/lib/krb5/krb/serialize.c 2009-02-03 16:38:34 UTC (rev 21876) @@ -84,7 +84,7 @@ kret = ENOMEM; } else - memcpy(stable, entry, sizeof(krb5_ser_entry)); + *stable = *entry; return(kret); } From raeburn at MIT.EDU Tue Feb 3 21:41:27 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 3 Feb 2009 21:41:27 -0500 (EST) Subject: svn rev #21877: trunk/src/tests/dejagnu/config/ Message-ID: <200902040241.VAA18959@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21877 Commit By: raeburn Log Message: don't create or delete krb.conf, krb.realms Changed Files: U trunk/src/tests/dejagnu/config/default.exp Modified: trunk/src/tests/dejagnu/config/default.exp =================================================================== --- trunk/src/tests/dejagnu/config/default.exp 2009-02-03 16:38:34 UTC (rev 21876) +++ trunk/src/tests/dejagnu/config/default.exp 2009-02-04 02:41:24 UTC (rev 21877) @@ -409,7 +409,6 @@ # We can't use them now because we don't know the right KEY. # krb5.conf might change if running tests on another host file delete $tmppwd/krb5.conf $tmppwd/kdc.conf $tmppwd/slave.conf \ - $tmppwd/krb.realms $tmppwd/krb.conf \ $tmppwd/krb5.client.conf $tmppwd/krb5.server.conf \ $tmppwd/krb5.kdc.conf $tmppwd/krb5.slave.conf @@ -969,22 +968,6 @@ close $aclfile } - # Create krb.conf file - if ![file exists $tmppwd/krb.conf] { - set conffile [open $tmppwd/krb.conf w] - puts $conffile "$REALMNAME" - puts $conffile "$REALMNAME $hostname:[expr 1 + $portbase] admin server" - close $conffile - } - - # Create krb.realms file - if ![file exists $tmppwd/krb.realms] { - set conffile [open $tmppwd/krb.realms w] - puts $conffile ".[string toupper $domain] $REALMNAME" - puts $conffile "[string toupper $domain]. $REALMNAME" - close $conffile - } - # Create dictfile file. if ![file exists $tmppwd/dictfile] { set dictfile [open $tmppwd/dictfile w] From raeburn at MIT.EDU Tue Feb 3 22:18:06 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 3 Feb 2009 22:18:06 -0500 (EST) Subject: svn rev #21878: trunk/src/ config/ kadmin/testing/scripts/ Message-ID: <200902040318.WAA19627@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21878 Commit By: raeburn Log Message: remove some krb4 testing hooks Changed Files: U trunk/src/config/pre.in U trunk/src/kadmin/testing/scripts/Makefile.in U trunk/src/kadmin/testing/scripts/env-setup.shin D trunk/src/kadmin/testing/scripts/fixup-conf-files.plin D trunk/src/kadmin/testing/scripts/save_files.sh U trunk/src/kadmin/testing/scripts/start_servers U trunk/src/kadmin/testing/scripts/start_servers_local U trunk/src/kadmin/testing/scripts/stop_servers U trunk/src/kadmin/testing/scripts/stop_servers_local Modified: trunk/src/config/pre.in =================================================================== --- trunk/src/config/pre.in 2009-02-04 02:41:24 UTC (rev 21877) +++ trunk/src/config/pre.in 2009-02-04 03:18:04 UTC (rev 21878) @@ -230,12 +230,9 @@ TESTDIR = $(BUILDTOP)/kadmin/testing STESTDIR = $(SRCTOP)/kadmin/testing COMPARE_DUMP = $(TESTDIR)/scripts/compare_dump.pl -FIX_CONF_FILES = $(TESTDIR)/scripts/fixup-conf-files.pl INITDB = $(STESTDIR)/scripts/init_db MAKE_KEYTAB = $(TESTDIR)/scripts/make-host-keytab.pl LOCAL_MAKE_KEYTAB= $(TESTDIR)/scripts/make-host-keytab.pl -RESTORE_FILES = $(STESTDIR)/scripts/restore_files.sh -SAVE_FILES = $(STESTDIR)/scripts/save_files.sh ENV_SETUP = $(TESTDIR)/scripts/env-setup.sh CLNTTCL = $(TESTDIR)/util/ovsec_kadm_clnt_tcl SRVTCL = $(TESTDIR)/util/ovsec_kadm_srv_tcl Modified: trunk/src/kadmin/testing/scripts/Makefile.in =================================================================== --- trunk/src/kadmin/testing/scripts/Makefile.in 2009-02-04 02:41:24 UTC (rev 21877) +++ trunk/src/kadmin/testing/scripts/Makefile.in 2009-02-04 03:18:04 UTC (rev 21878) @@ -6,10 +6,10 @@ .SUFFIXES: .plin .pl -GEN_SCRIPTS = compare_dump.pl fixup-conf-files.pl make-host-keytab.pl \ +GEN_SCRIPTS = compare_dump.pl make-host-keytab.pl \ simple_dump.pl verify_xrunner_report.pl qualname.pl -all:: env-setup.sh $(GEN_SCRIPTS) restore_files.sh +all:: env-setup.sh $(GEN_SCRIPTS) # Should only rebuild env_setup.sh here (use CONFIG_FILES=), but the weird krb5 # makefile post-processing is unconditional and would trash the makefile. @@ -22,10 +22,6 @@ chmod +x env-setup.sh touch env-setup.stamp -restore_files.sh: - rm -f restore_files.sh - ln -s $(srcdir)/save_files.sh restore_files.sh - .plin.pl: -rm -f $@.tmp echo "#!$(PERL_PATH)" > $@.tmp @@ -34,4 +30,4 @@ mv $@.tmp $@ clean:: - -rm -f $(GEN_SCRIPTS) *.tmp env-setup.sh env-setup.stamp restore_files.sh + -rm -f $(GEN_SCRIPTS) *.tmp env-setup.sh env-setup.stamp Modified: trunk/src/kadmin/testing/scripts/env-setup.shin =================================================================== --- trunk/src/kadmin/testing/scripts/env-setup.shin 2009-02-04 02:41:24 UTC (rev 21877) +++ trunk/src/kadmin/testing/scripts/env-setup.shin 2009-02-04 03:18:04 UTC (rev 21878) @@ -66,14 +66,10 @@ fi COMPARE_DUMP=$TESTDIR/scripts/compare_dump.pl; export COMPARE_DUMP -FIX_CONF_FILES=$TESTDIR/scripts/fixup-conf-files.pl -export FIX_CONF_FILES INITDB=$STESTDIR/scripts/init_db; export INITDB MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl; export MAKE_KEYTAB LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl export LOCAL_MAKE_KEYTAB -RESTORE_FILES=$TESTDIR/scripts/restore_files.sh; export RESTORE_FILES -SAVE_FILES=$STESTDIR/scripts/save_files.sh; export SAVE_FILES SIMPLE_DUMP=$TESTDIR/scripts/simple_dump.pl; export SIMPLE_DUMP QUALNAME=$TESTDIR/scripts/qualname.pl; export QUALNAME TCLUTIL=$STESTDIR/tcl/util.t; export TCLUTIL Deleted: trunk/src/kadmin/testing/scripts/fixup-conf-files.plin Deleted: trunk/src/kadmin/testing/scripts/save_files.sh Modified: trunk/src/kadmin/testing/scripts/start_servers =================================================================== --- trunk/src/kadmin/testing/scripts/start_servers 2009-02-04 02:41:24 UTC (rev 21877) +++ trunk/src/kadmin/testing/scripts/start_servers 2009-02-04 03:18:04 UTC (rev 21878) @@ -11,8 +11,6 @@ DUMMY=${TESTDIR=$TOP/testing} DUMMY=${STESTDIR=$STOP/testing} -DUMMY=${SAVE_FILES=$STESTDIR/scripts/save_files.sh} -DUMMY=${FIX_CONF_FILES=$TESTDIR/scripts/fixup-conf-files.pl} DUMMY=${START_SERVERS_LOCAL=$STESTDIR/scripts/start_servers_local} # This'll be wrong sometimes DUMMY=${RSH_CMD=rsh} Modified: trunk/src/kadmin/testing/scripts/start_servers_local =================================================================== --- trunk/src/kadmin/testing/scripts/start_servers_local 2009-02-04 02:41:24 UTC (rev 21877) +++ trunk/src/kadmin/testing/scripts/start_servers_local 2009-02-04 03:18:04 UTC (rev 21878) @@ -2,8 +2,6 @@ DUMMY=${TESTDIR=$TOP/testing} DUMMY=${STESTDIR=$STOP/testing} -DUMMY=${SAVE_FILES=$STESTDIR/scripts/save_files.sh} -DUMMY=${FIX_CONF_FILES=$TESTDIR/scripts/fixup-conf-files.pl} DUMMY=${INITDB=$STESTDIR/scripts/init_db} DUMMY=${SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl}; export SRVTCL DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl} @@ -24,7 +22,6 @@ REDIRECT='>/dev/null' fi -v4files=false while :; do case $1 in -keysalt) @@ -43,13 +40,6 @@ break fi ;; - -v4files) - if [ "`whoami`" != "root" ]; then - echo "You must be root to use -v4files!" 1>&2 - exit 1 - fi - v4files=true - ;; *) break ;; @@ -65,12 +55,6 @@ export TOP fi -# fixup the system config files -if $v4files; then - $SAVE_FILES || exit 1 - $FIX_CONF_FILES || exit 1 -fi - # create a fresh db $INITDB "$keysalts" || exit 1 Modified: trunk/src/kadmin/testing/scripts/stop_servers =================================================================== --- trunk/src/kadmin/testing/scripts/stop_servers 2009-02-04 02:41:24 UTC (rev 21877) +++ trunk/src/kadmin/testing/scripts/stop_servers 2009-02-04 03:18:04 UTC (rev 21878) @@ -11,11 +11,9 @@ DUMMY=${TESTDIR=$TOP/testing} DUMMY=${STESTDIR=$STOP/testing} -DUMMY=${FIX_CONF_FILES=$TESTDIR/scripts/fixup-conf-files.pl} DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local} # This'll be wrong sometimes DUMMY=${RSH_CMD=rsh} -DUMMY=${RESTORE_FILES=$TESTDIR/scripts/restore_files.sh} local=1 Modified: trunk/src/kadmin/testing/scripts/stop_servers_local =================================================================== --- trunk/src/kadmin/testing/scripts/stop_servers_local 2009-02-04 02:41:24 UTC (rev 21877) +++ trunk/src/kadmin/testing/scripts/stop_servers_local 2009-02-04 03:18:04 UTC (rev 21878) @@ -1,18 +1,13 @@ #!/bin/sh DUMMY=${TESTDIR=$TOP/testing} -DUMMY=${RESTORE_FILES=$TESTDIR/scripts/restore_files.sh} DUMMY=${KRB5RCACHEDIR=$TESTDIR} -v4files=false while [ $# -gt 0 ] ; do case $1 in -start_servers) start_servers=$1 ;; - -v4files) - v4files=true - ;; *) TOP=$1 export TOP @@ -46,8 +41,4 @@ fi rm -f $KRB5RCACHEDIR/krb5kdc_rcache.$USER -# restore saved system config files -if $v4files; then - $RESTORE_FILES $start_servers -fi exit 0 From tsitkova at MIT.EDU Wed Feb 4 12:08:51 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Wed, 4 Feb 2009 12:08:51 -0500 (EST) Subject: svn rev #21879: trunk/src/ include/ kdc/ lib/kadm5/ lib/kdb/ lib/krb5/krb/ lib/krb5/os/ ... Message-ID: <200902041708.MAA06069@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21879 Commit By: tsitkova Log Message: Use macros for config parameters. Changed Files: U trunk/src/include/k5-int.h U trunk/src/kdc/do_tgs_req.c U trunk/src/kdc/main.c U trunk/src/lib/kadm5/alt_prof.c U trunk/src/lib/kdb/kdb5.c U trunk/src/lib/krb5/krb/conv_princ.c U trunk/src/lib/krb5/krb/get_in_tkt.c U trunk/src/lib/krb5/krb/init_ctx.c U trunk/src/lib/krb5/krb/vfy_increds.c U trunk/src/lib/krb5/os/an_to_ln.c U trunk/src/lib/krb5/os/def_realm.c U trunk/src/lib/krb5/os/get_krbhst.c U trunk/src/lib/krb5/os/hst_realm.c U trunk/src/lib/krb5/os/ktdefname.c U trunk/src/lib/krb5/os/localaddr.c U trunk/src/lib/krb5/os/locate_kdc.c U trunk/src/lib/krb5/os/realm_dom.c U trunk/src/lib/krb5/os/sendto_kdc.c U trunk/src/lib/krb5/os/sn2princ.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c U trunk/src/plugins/preauth/pkinit/pkinit_clnt.c U trunk/src/plugins/preauth/pkinit/pkinit_matching.c U trunk/src/plugins/preauth/pkinit/pkinit_profile.c U trunk/src/plugins/preauth/pkinit/pkinit_srv.c Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/include/k5-int.h 2009-02-04 17:08:44 UTC (rev 21879) @@ -185,6 +185,9 @@ #define KRB5_CONF_ADMIN_SERVER "admin_server" #define KRB5_CONF_ALLOW_WEAK_CRYPTO "allow_weak_crypto" #define KRB5_CONF_AP_REQ_CHECKSUM_TYPE "ap_req_checksum_type" +#define KRB5_CONF_AUTH_TO_LOCAL "auth_to_local" +#define KRB5_CONF_AUTH_TO_LOCAL_NAMES "auth_to_local_names" +#define KRB5_CONF_CANONICALIZE "canonicalize" #define KRB5_CONF_CCACHE_TYPE "ccache_type" #define KRB5_CONF_CLOCKSKEW "clockskew" #define KRB5_CONF_DATABASE_NAME "database_name" @@ -192,6 +195,7 @@ #define KRB5_CONF_DB_MODULES "db_modules" #define KRB5_CONF_DOMAIN_REALM "domain_realm" #define KRB5_CONF_DEFAULT_REALM "default_realm" +#define KRB5_CONF_DEFAULT_DOMAIN "default_domain" #define KRB5_CONF_DEFAULT_TKT_ENCTYPES "default_tkt_enctypes" #define KRB5_CONF_DEFAULT_TGS_ENCTYPES "default_tgs_enctypes" #define KRB5_CONF_DEFAULT_KEYTAB_NAME "default_keytab_name" @@ -202,6 +206,7 @@ #define KRB5_CONF_DNS_LOOKUP_REALM "dns_lookup_realm" #define KRB5_CONF_DNS_FALLBACK "dns_fallback" #define KRB5_CONF_EXTRA_ADDRESSES "extra_addresses" +#define KRB5_CONF_FORWARDABLE "forwardable" #define KRB5_CONF_HOST_BASED_SERVICES "host_based_services" #define KRB5_CONF_IPROP_ENABLE "iprop_enable" #define KRB5_CONF_IPROP_MASTER_ULOGSIZE "iprop_master_ulogsize" @@ -213,7 +218,7 @@ #define KRB5_CONF_KDC "kdc" #define KRB5_CONF_KDCDEFAULTS "kdcdefaults" #define KRB5_CONF_KDC_PORTS "kdc_ports" -#define KRB5_CONF_TCP_PORTS "kdc_tcp_ports" +#define KRB5_CONF_KDC_TCP_PORTS "kdc_tcp_ports" #define KRB5_CONF_MAX_DGRAM_REPLY_SIZE "kdc_max_dgram_reply_size" #define KRB5_CONF_KDC_DEFAULT_OPTIONS "kdc_default_options" #define KRB5_CONF_KDC_TIMESYNC "kdc_timesync" @@ -225,6 +230,7 @@ #define KRB5_CONF_LDAP_KDC_DN "ldap_kdc_dn" #define KRB5_CONF_LDAP_KADMIN_DN "ldap_kadmind_dn" #define KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE "ldap_service_password_file" +#define KRB5_CONF_LDAP_ROOT_CERTIFICATE_FILE "ldap_root_certificate_file" #define KRB5_CONF_LDAP_SERVERS "ldap_servers" #define KRB5_CONF_LDAP_CONNS_PER_SERVER "ldap_conns_per_server" #define KRB5_CONF_NO_HOST_REFERRAL "no_host_referral" @@ -233,25 +239,36 @@ #define KRB5_CONF_MASTER_KDC "master_kdc" #define KRB5_CONF_MAX_LIFE "max_life" #define KRB5_CONF_MAX_RENEWABLE_LIFE "max_renewable_life" -#define KRB5_CONF_NOADDRESS "noaddresses" +#define KRB5_CONF_NOADDRESSES "noaddresses" #define KRB5_CONF_PERMITTED_ENCTYPES "permitted_enctypes" +#define KRB5_CONF_PKINIT_ALLOW_UPN "pkinit_allow_upn" #define KRB5_CONF_PKINIT_ANCHORS "pkinit_anchors" +#define KRB5_CONF_PKINIT_CERT_MATCH "pkinit_cert_match" +#define KRB5_CONF_PKINIT_DH_MIN_BITS "pkinit_dh_min_bits" +#define KRB5_CONF_PKINIT_EKU_CHECKING "pkinit_eku_checking" #define KRB5_CONF_PKINIT_IDENTITY "pkinit_identity" +#define KRB5_CONF_PKINIT_IDENTITIES "pkinit_identities" +#define KRB5_CONF_PKINIT_KDC_HOSTNAME "pkinit_kdc_hostname" #define KRB5_CONF_PKINIT_KDC_OCSP "pkinit_kdc_ocsp" +#define KRB5_CONF_PKINIT_LONGHORN "pkinit_longhorn" +#define KRB5_CONF_PKINIT_MAPPING_FILE "pkinit_mappings_file" #define KRB5_CONF_PKINIT_POOL "pkinit_pool" #define KRB5_CONF_PKINIT_REVOKE "pkinit_revoke" -#define KRB5_CONF_PKINIT_MAPPING_FILE "pkinit_mappings_file" -#define KRB5_CONF_PKINIT_DH_MIN_BITS "pkinit_dh_min_bits" -#define KRB5_CONF_PKINIT_ALLOW_UPN "pkinit_allow_upn" #define KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING "pkinit_require_crl_checking" -#define KRB5_CONF_PKINIT_EKU_CHECKING "pkinit_eku_checking" +#define KRB5_CONF_PKINIT_WIN2K "pkinit_win2k" +#define KRB5_CONF_PKINIT_WIN2K_REQUIRE_BINDING "pkinit_win2k_require_binding" +#define KRB5_CONF_PREFERRED_PREAUTH_TYPES "preferred_preauth_types" +#define KRB5_CONF_PROXIABLE "proxiable" #define KRB5_CONF_RDNS "rdns" #define KRB5_CONF_REALMS "realms" #define KRB5_CONF_REALM_TRY_DOMAINS "realm_try_domains" #define KRB5_CONF_REJECT_BAD_TRANSIT "reject_bad_transit" +#define KRB5_CONF_RENEW_LIFETIME "renew_lifetime" #define KRB5_CONF_SAFE_CHECKSUM_TYPE "safe_checksum_type" #define KRB5_CONF_SUPPORTED_ENCTYPES "supported_enctypes" +#define KRB5_CONF_TICKET_LIFETIME "ticket_lifetime" #define KRB5_CONF_UDP_PREFERENCE_LIMIT "udp_preference_limit" +#define KRB5_CONF_VERIFY_AP_REQ_NOFAIL "verify_ap_req_nofail" #define KRB5_CONF_V4_INSTANCE_CONVERT "v4_instance_convert" #define KRB5_CONF_V4_REALM "v4_realm" #define KRB5_CONF_ASTERISK "*" Modified: trunk/src/kdc/do_tgs_req.c =================================================================== --- trunk/src/kdc/do_tgs_req.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/kdc/do_tgs_req.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -1104,9 +1104,9 @@ (krb5_princ_type(kdc_context, request->server) == KRB5_NT_UNKNOWN && kdc_active_realm->realm_host_based_services != NULL && (krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, comp1_str) == TRUE || - krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, "*") == TRUE))) && + krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE))) && (kdc_active_realm->realm_no_host_referral == NULL || - (krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, "*") == FALSE && + (krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, KRB5_CONF_ASTERISK) == FALSE && krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, comp1_str) == FALSE))) { if (memchr(comp2->data, '.', comp2->length) == NULL) Modified: trunk/src/kdc/main.c =================================================================== --- trunk/src/kdc/main.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/kdc/main.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -176,14 +176,14 @@ { krb5_error_code retval = 0; - if (no_refrls && krb5_match_config_pattern(no_refrls, "*") == TRUE) { - rdp->realm_no_host_referral = strdup("*"); + if (no_refrls && krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == TRUE) { + rdp->realm_no_host_referral = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_no_host_referral) retval = ENOMEM; } else { if (rparams && rparams->realm_no_host_referral) { - if (krb5_match_config_pattern(rparams->realm_no_host_referral, "*") == TRUE) { - rdp->realm_no_host_referral = strdup("*"); + if (krb5_match_config_pattern(rparams->realm_no_host_referral, KRB5_CONF_ASTERISK) == TRUE) { + rdp->realm_no_host_referral = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_no_host_referral) retval = ENOMEM; } else if (no_refrls && (asprintf(&(rdp->realm_no_host_referral), "%s%s%s%s%s", @@ -198,19 +198,19 @@ rdp->realm_no_host_referral = NULL; } - if (rdp->realm_no_host_referral && krb5_match_config_pattern(rdp->realm_no_host_referral, "*") == TRUE) { + if (rdp->realm_no_host_referral && krb5_match_config_pattern(rdp->realm_no_host_referral, KRB5_CONF_ASTERISK) == TRUE) { rdp->realm_host_based_services = NULL; return 0; } - if (host_based_srvcs && (krb5_match_config_pattern(host_based_srvcs, "*") == TRUE)) { - rdp->realm_host_based_services = strdup("*"); + if (host_based_srvcs && (krb5_match_config_pattern(host_based_srvcs, KRB5_CONF_ASTERISK) == TRUE)) { + rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_host_based_services) retval = ENOMEM; } else { if (rparams && rparams->realm_host_based_services) { - if (krb5_match_config_pattern(rparams->realm_host_based_services, "*") == TRUE) { - rdp->realm_host_based_services = strdup("*"); + if (krb5_match_config_pattern(rparams->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE) { + rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_host_based_services) retval = ENOMEM; } else if (host_based_srvcs && asprintf(&(rdp->realm_host_based_services), "%s%s%s%s%s", @@ -552,22 +552,22 @@ extern char *optarg; if (!krb5_aprof_init(DEFAULT_KDC_PROFILE, KDC_PROFILE_ENV, &aprof)) { - hierarchy[0] = "kdcdefaults"; - hierarchy[1] = "kdc_ports"; + hierarchy[0] = KRB5_CONF_KDCDEFAULTS; + hierarchy[1] = KRB5_CONF_KDC_PORTS; hierarchy[2] = (char *) NULL; if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_udp_ports)) default_udp_ports = 0; - hierarchy[1] = "kdc_tcp_ports"; + hierarchy[1] = KRB5_CONF_KDC_TCP_PORTS; if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_tcp_ports)) default_tcp_ports = 0; - hierarchy[1] = "kdc_max_dgram_reply_size"; + hierarchy[1] = KRB5_CONF_MAX_DGRAM_REPLY_SIZE; if (krb5_aprof_get_int32(aprof, hierarchy, TRUE, &max_dgram_reply_size)) max_dgram_reply_size = MAX_DGRAM_SIZE; - hierarchy[1] = "no_host_referral"; + hierarchy[1] = KRB5_CONF_NO_HOST_REFERRAL; if (krb5_aprof_get_string_all(aprof, hierarchy, &no_refrls)) no_refrls = 0; - if (!no_refrls || krb5_match_config_pattern(no_refrls, "*") == FALSE) { - hierarchy[1] = "host_based_services"; + if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) { + hierarchy[1] = KRB5_CONF_HOST_BASED_SERVICES; if (krb5_aprof_get_string_all(aprof, hierarchy, &host_based_srvcs)) host_based_srvcs = 0; } Modified: trunk/src/lib/kadm5/alt_prof.c =================================================================== --- trunk/src/lib/kadm5/alt_prof.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/kadm5/alt_prof.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -566,7 +566,7 @@ goto cleanup; /* Initialize realm parameters */ - hierarchy[0] = "realms"; + hierarchy[0] = KRB5_CONF_REALMS; hierarchy[1] = lrealm; hierarchy[3] = (char *) NULL; @@ -576,7 +576,7 @@ aprofile, hierarchy, CONFTAG, DEFAULT) /* Get the value for the admin server */ - GET_STRING_PARAM(admin_server, KADM5_CONFIG_ADMIN_SERVER, "admin_server", + GET_STRING_PARAM(admin_server, KADM5_CONFIG_ADMIN_SERVER, KRB5_CONF_ADMIN_SERVER, NULL); if (params.mask & KADM5_CONFIG_ADMIN_SERVER) { @@ -590,7 +590,7 @@ } /* Get the value for the database */ - GET_STRING_PARAM(dbname, KADM5_CONFIG_DBNAME, "database_name", + GET_STRING_PARAM(dbname, KADM5_CONFIG_DBNAME, KRB5_CONF_DATABASE_NAME, DEFAULT_KDB_FILE); params.admin_dbname_was_here = NULL; @@ -599,7 +599,7 @@ /* Get the value for the admin (policy) database lock file*/ if (!GET_STRING_PARAM(admin_keytab, KADM5_CONFIG_ADMIN_KEYTAB, - "admin_keytab", NULL)) { + KRB5_CONF_ADMIN_KEYTAB, NULL)) { const char *s = getenv("KRB5_KTNAME"); if (s == NULL) s = DEFAULT_KADM5_KEYTAB; @@ -609,11 +609,11 @@ } /* Get the name of the acl file */ - GET_STRING_PARAM(acl_file, KADM5_CONFIG_ACL_FILE, "acl_file", + GET_STRING_PARAM(acl_file, KADM5_CONFIG_ACL_FILE, KRB5_CONF_ACL_FILE, DEFAULT_KADM5_ACL_FILE); /* Get the name of the dict file */ - GET_STRING_PARAM(dict_file, KADM5_CONFIG_DICT_FILE, "dict_file", NULL); + GET_STRING_PARAM(dict_file, KADM5_CONFIG_DICT_FILE, KRB5_CONF_DICT_FILE, NULL); #define GET_PORT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ get_port_param(¶ms.FIELD, params_in->FIELD, \ @@ -621,18 +621,18 @@ aprofile, hierarchy, CONFTAG, DEFAULT) /* Get the value for the kadmind port */ GET_PORT_PARAM(kadmind_port, KADM5_CONFIG_KADMIND_PORT, - "kadmind_port", DEFAULT_KADM5_PORT); + KRB5_CONF_KADMIND_PORT, DEFAULT_KADM5_PORT); /* Get the value for the kpasswd port */ GET_PORT_PARAM(kpasswd_port, KADM5_CONFIG_KPASSWD_PORT, - "kpasswd_port", DEFAULT_KPASSWD_PORT); + KRB5_CONF_KPASSWD_PORT, DEFAULT_KPASSWD_PORT); /* Get the value for the master key name */ GET_STRING_PARAM(mkey_name, KADM5_CONFIG_MKEY_NAME, - "master_key_name", NULL); + KRB5_CONF_MASTER_KEY_NAME, NULL); /* Get the value for the master key type */ - hierarchy[2] = "master_key_type"; + hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE; if (params_in->mask & KADM5_CONFIG_ENCTYPE) { params.mask |= KADM5_CONFIG_ENCTYPE; params.enctype = params_in->enctype; @@ -655,7 +655,7 @@ /* Get the value for the stashfile */ GET_STRING_PARAM(stash_file, KADM5_CONFIG_STASH_FILE, - "key_stash_file", NULL); + KRB5_CONF_KEY_STASH_FILE, NULL); /* Get the value for maximum ticket lifetime. */ #define GET_DELTAT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ @@ -663,15 +663,15 @@ ¶ms.mask, params_in->mask, BIT, \ aprofile, hierarchy, CONFTAG, DEFAULT) - GET_DELTAT_PARAM(max_life, KADM5_CONFIG_MAX_LIFE, "max_life", + GET_DELTAT_PARAM(max_life, KADM5_CONFIG_MAX_LIFE, KRB5_CONF_MAX_LIFE, 24 * 60 * 60); /* 1 day */ /* Get the value for maximum renewable ticket lifetime. */ - GET_DELTAT_PARAM(max_rlife, KADM5_CONFIG_MAX_RLIFE, "max_renewable_life", + GET_DELTAT_PARAM(max_rlife, KADM5_CONFIG_MAX_RLIFE, KRB5_CONF_MAX_RENEWABLE_LIFE, 0); /* Get the value for the default principal expiration */ - hierarchy[2] = "default_principal_expiration"; + hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION; if (params_in->mask & KADM5_CONFIG_EXPIRATION) { params.mask |= KADM5_CONFIG_EXPIRATION; params.expiration = params_in->expiration; @@ -687,7 +687,7 @@ } /* Get the value for the default principal flags */ - hierarchy[2] = "default_principal_flags"; + hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS; if (params_in->mask & KADM5_CONFIG_FLAGS) { params.mask |= KADM5_CONFIG_FLAGS; params.flags = params_in->flags; @@ -729,7 +729,7 @@ } /* Get the value for the supported enctype/salttype matrix */ - hierarchy[2] = "supported_enctypes"; + hierarchy[2] = KRB5_CONF_SUPPORTED_ENCTYPES; if (params_in->mask & KADM5_CONFIG_ENCTYPES) { /* The following scenario is when the input keysalts are !NULL */ if(params_in->keysalts) { @@ -765,7 +765,7 @@ free(svalue); } - hierarchy[2] = "iprop_enable"; + hierarchy[2] = KRB5_CONF_IPROP_ENABLE; params.iprop_enabled = FALSE; params.mask |= KADM5_CONFIG_IPROP_ENABLED; @@ -783,7 +783,7 @@ } if (!GET_STRING_PARAM(iprop_logfile, KADM5_CONFIG_IPROP_LOGFILE, - "iprop_logfile", NULL)) { + KRB5_CONF_IPROP_LOGFILE, NULL)) { if (params.mask & KADM5_CONFIG_DBNAME) { if (asprintf(¶ms.iprop_logfile, "%s.ulog", params.dbname) >= 0) { params.mask |= KADM5_CONFIG_IPROP_LOGFILE; @@ -792,9 +792,9 @@ } GET_PORT_PARAM(iprop_port, KADM5_CONFIG_IPROP_PORT, - "iprop_port", 0); + KRB5_CONF_IPROP_PORT, 0); - hierarchy[2] = "iprop_master_ulogsize"; + hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE; params.iprop_ulogsize = DEF_ULOGENTRIES; params.mask |= KADM5_CONFIG_ULOG_SIZE; @@ -816,7 +816,7 @@ } GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME, - "iprop_slave_poll", 2 * 60); /* 2m */ + KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); /* 2m */ *params_out = params; @@ -955,40 +955,40 @@ memset(rparams, 0, sizeof(krb5_realm_params)); /* Get the value for the database */ - hierarchy[0] = "realms"; + hierarchy[0] = KRB5_CONF_REALMS; hierarchy[1] = lrealm; - hierarchy[2] = "database_name"; + hierarchy[2] = KRB5_CONF_DATABASE_NAME; hierarchy[3] = (char *) NULL; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_dbname = svalue; /* Get the value for the KDC port list */ - hierarchy[2] = "kdc_ports"; + hierarchy[2] = KRB5_CONF_KDC_PORTS; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_kdc_ports = svalue; - hierarchy[2] = "kdc_tcp_ports"; + hierarchy[2] = KRB5_CONF_KDC_TCP_PORTS; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_kdc_tcp_ports = svalue; /* Get the name of the acl file */ - hierarchy[2] = "acl_file"; + hierarchy[2] = KRB5_CONF_ACL_FILE; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_acl_file = svalue; /* Get the value for the kadmind port */ - hierarchy[2] = "kadmind_port"; + hierarchy[2] = KRB5_CONF_KADMIND_PORT; if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) { rparams->realm_kadmind_port = ivalue; rparams->realm_kadmind_port_valid = 1; } /* Get the value for the master key name */ - hierarchy[2] = "master_key_name"; + hierarchy[2] = KRB5_CONF_MASTER_KEY_NAME; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_mkey_name = svalue; /* Get the value for the master key type */ - hierarchy[2] = "master_key_type"; + hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype)) rparams->realm_enctype_valid = 1; @@ -996,26 +996,26 @@ } /* Get the value for the stashfile */ - hierarchy[2] = "key_stash_file"; + hierarchy[2] = KRB5_CONF_KEY_STASH_FILE; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_stash_file = svalue; /* Get the value for maximum ticket lifetime. */ - hierarchy[2] = "max_life"; + hierarchy[2] = KRB5_CONF_MAX_LIFE; if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { rparams->realm_max_life = dtvalue; rparams->realm_max_life_valid = 1; } /* Get the value for maximum renewable ticket lifetime. */ - hierarchy[2] = "max_renewable_life"; + hierarchy[2] = KRB5_CONF_MAX_RENEWABLE_LIFE; if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { rparams->realm_max_rlife = dtvalue; rparams->realm_max_rlife_valid = 1; } /* Get the value for the default principal expiration */ - hierarchy[2] = "default_principal_expiration"; + hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { if (!krb5_string_to_timestamp(svalue, &rparams->realm_expiration)) @@ -1023,20 +1023,20 @@ free(svalue); } - hierarchy[2] = "reject_bad_transit"; + hierarchy[2] = KRB5_CONF_REJECT_BAD_TRANSIT; if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) { rparams->realm_reject_bad_transit = bvalue; rparams->realm_reject_bad_transit_valid = 1; } - hierarchy[2] = "no_host_referral"; + hierarchy[2] = KRB5_CONF_NO_HOST_REFERRAL; if (!krb5_aprof_get_string_all(aprofile, hierarchy, &no_refrls)) rparams->realm_no_host_referral = no_refrls; else no_refrls = 0; - if (!no_refrls || krb5_match_config_pattern(no_refrls, "*") == FALSE) { - hierarchy[2] = "host_based_services"; + if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) { + hierarchy[2] = KRB5_CONF_HOST_BASED_SERVICES; if (!krb5_aprof_get_string_all(aprofile, hierarchy, &host_based_srvcs)) rparams->realm_host_based_services = host_based_srvcs; else @@ -1044,7 +1044,7 @@ } /* Get the value for the default principal flags */ - hierarchy[2] = "default_principal_flags"; + hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { char *sp, *ep, *tp; Modified: trunk/src/lib/kdb/kdb5.c =================================================================== --- trunk/src/lib/kdb/kdb5.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/kdb/kdb5.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -413,7 +413,7 @@ When it's static, it goes into ".picdata", which is read-write. */ static const char *const dbpath_names[] = { - KDB_MODULE_SECTION, "db_module_dir", NULL, + KDB_MODULE_SECTION, KRB5_CONF_DB_MODULE_DIR, NULL, }; const char *filebases[2]; char **profpath = NULL; Modified: trunk/src/lib/krb5/krb/conv_princ.c =================================================================== --- trunk/src/lib/krb5/krb/conv_princ.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/krb/conv_princ.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -220,8 +220,8 @@ if (context->profile == 0) return KRB5_CONFIG_CANTOPEN; - retval = profile_get_string(context->profile, "realms", - tmp_prealm, "v4_realm", 0, + retval = profile_get_string(context->profile, KRB5_CONF_REALMS, + tmp_prealm, KRB5_CONF_V4_REALM, 0, &tmp_realm); free(tmp_prealm); if (retval) { @@ -263,15 +263,15 @@ /* First, convert the realm, since the v4 realm is not necessarily the same as the v5 realm To do that, iterate over all the realms in the config file, looking for a matching v4_realm line */ - names2 [0] = "realms"; + names2 [0] = KRB5_CONF_REALMS; names2 [1] = NULL; retval = profile_iterator_create (context -> profile, names2, PROFILE_ITER_LIST_SECTION | PROFILE_ITER_SECTIONS_ONLY, &iterator); while (retval == 0) { retval = profile_iterator (&iterator, &realm_name, &dummy_value); if ((retval == 0) && (realm_name != NULL)) { - names [0] = "realms"; + names [0] = KRB5_CONF_REALMS; names [1] = realm_name; - names [2] = "v4_realm"; + names [2] = KRB5_CONF_V4_REALM; names [3] = NULL; retval = profile_get_values (context -> profile, names, &v4realms); @@ -314,9 +314,9 @@ } name = p->v5_str; if ((p->flags & DO_REALM_CONVERSION) && !strchr(instance, '.')) { - names[0] = "realms"; + names[0] = KRB5_CONF_REALMS; names[1] = realm; - names[2] = "v4_instance_convert"; + names[2] = KRB5_CONF_V4_INSTANCE_CONVERT; names[3] = instance; names[4] = 0; retval = profile_get_values(context->profile, names, &full_name); Modified: trunk/src/lib/krb5/krb/get_in_tkt.c =================================================================== --- trunk/src/lib/krb5/krb/get_in_tkt.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/krb/get_in_tkt.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -800,7 +800,7 @@ profile = context->profile; - names[0] = "libdefaults"; + names[0] = KRB5_CONF_LIBDEFAULTS; /* * Try number one: @@ -887,7 +887,7 @@ return 0; } - ret = krb5_libdefault_string(context, realm, "preferred_preauth_types", + ret = krb5_libdefault_string(context, realm, KRB5_CONF_PREFERRED_PREAUTH_TYPES, &preauth_types); if ((ret != 0) || (preauth_types == NULL)) { /* Try to use PKINIT first. */ @@ -1022,7 +1022,7 @@ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)) tempint = options->forwardable; else if ((ret = krb5_libdefault_boolean(context, &client->realm, - "forwardable", &tempint)) == 0) + KRB5_CONF_FORWARDABLE, &tempint)) == 0) ; else tempint = 0; @@ -1034,7 +1034,7 @@ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)) tempint = options->proxiable; else if ((ret = krb5_libdefault_boolean(context, &client->realm, - "proxiable", &tempint)) == 0) + KRB5_CONF_PROXIABLE, &tempint)) == 0) ; else tempint = 0; @@ -1045,7 +1045,7 @@ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_CANONICALIZE)) tempint = 1; else if ((ret = krb5_libdefault_boolean(context, &client->realm, - "canonicalize", &tempint)) == 0) + KRB5_CONF_CANONICALIZE, &tempint)) == 0) ; else tempint = 0; @@ -1066,7 +1066,7 @@ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)) { tkt_life = options->tkt_life; } else if ((ret = krb5_libdefault_string(context, &client->realm, - "ticket_lifetime", &tempstr)) + KRB5_CONF_TICKET_LIFETIME, &tempstr)) == 0) { ret = krb5_string_to_deltat(tempstr, &tkt_life); free(tempstr); @@ -1084,7 +1084,7 @@ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)) { renew_life = options->renew_life; } else if ((ret = krb5_libdefault_string(context, &client->realm, - "renew_lifetime", &tempstr)) + KRB5_CONF_RENEW_LIFETIME, &tempstr)) == 0) { ret = krb5_string_to_deltat(tempstr, &renew_life); free(tempstr); @@ -1178,7 +1178,7 @@ /* it would be nice if this parsed out an address list, but that would be work. */ else if (((ret = krb5_libdefault_boolean(context, &client->realm, - "noaddresses", &tempint)) != 0) + KRB5_CONF_NOADDRESSES, &tempint)) != 0) || (tempint == 1)) { ; } else { Modified: trunk/src/lib/krb5/krb/init_ctx.c =================================================================== --- trunk/src/lib/krb5/krb/init_ctx.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/krb/init_ctx.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -1,7 +1,7 @@ /* * lib/krb5/krb/init_ctx.c * - * Copyright 1994,1999,2000, 2002, 2003, 2007, 2008 by the Massachusetts Institute of Technology. + * Copyright 1994,1999,2000, 2002, 2003, 2007, 2008, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -171,8 +171,8 @@ if ((retval = krb5_os_init_context(ctx, kdc))) goto cleanup; - retval = profile_get_boolean(ctx->profile, "libdefaults", - "allow_weak_crypto", NULL, 1, &tmp); + retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_ALLOW_WEAK_CRYPTO, NULL, 1, &tmp); if (retval) goto cleanup; ctx->allow_weak_crypto = tmp; @@ -189,41 +189,41 @@ goto cleanup; ctx->default_realm = 0; - profile_get_integer(ctx->profile, "libdefaults", "clockskew", + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CLOCKSKEW, 0, 5 * 60, &tmp); ctx->clockskew = tmp; #if 0 /* Default ticket lifetime is currently not supported */ - profile_get_integer(ctx->profile, "libdefaults", "tkt_lifetime", + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, "tkt_lifetime", 0, 10 * 60 * 60, &tmp); ctx->tkt_lifetime = tmp; #endif /* DCE 1.1 and below only support CKSUMTYPE_RSA_MD4 (2) */ /* DCE add kdc_req_checksum_type = 2 to krb5.conf */ - profile_get_integer(ctx->profile, "libdefaults", - "kdc_req_checksum_type", 0, CKSUMTYPE_RSA_MD5, + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_KDC_REQ_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5, &tmp); ctx->kdc_req_sumtype = tmp; - profile_get_integer(ctx->profile, "libdefaults", - "ap_req_checksum_type", 0, CKSUMTYPE_RSA_MD5, + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_AP_REQ_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5, &tmp); ctx->default_ap_req_sumtype = tmp; - profile_get_integer(ctx->profile, "libdefaults", - "safe_checksum_type", 0, + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_SAFE_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5_DES, &tmp); ctx->default_safe_sumtype = tmp; - profile_get_integer(ctx->profile, "libdefaults", - "kdc_default_options", 0, + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_KDC_DEFAULT_OPTIONS, 0, KDC_OPT_RENEWABLE_OK, &tmp); ctx->kdc_default_options = tmp; #define DEFAULT_KDC_TIMESYNC 1 - profile_get_integer(ctx->profile, "libdefaults", - "kdc_timesync", 0, DEFAULT_KDC_TIMESYNC, + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_KDC_TIMESYNC, 0, DEFAULT_KDC_TIMESYNC, &tmp); ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0; @@ -236,7 +236,7 @@ * DCE 1.1 supports a cache type of 2. */ #define DEFAULT_CCACHE_TYPE 4 - profile_get_integer(ctx->profile, "libdefaults", "ccache_type", + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CCACHE_TYPE, 0, DEFAULT_CCACHE_TYPE, &tmp); ctx->fcc_default_format = tmp + 0x0500; ctx->prompt_types = 0; @@ -341,12 +341,12 @@ session key types. */ - char *retval; - char *sp, *ep; + char *retval = NULL; + char *sp = NULL, *ep = NULL; int i, j, count; krb5_error_code code; - code = profile_get_string(context->profile, "libdefaults", profstr, + code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, profstr, NULL, DEFAULT_ETYPE_LIST, &retval); if (code) return code; @@ -406,7 +406,7 @@ krb5_error_code krb5_get_default_in_tkt_ktypes(krb5_context context, krb5_enctype **ktypes) { - return(get_profile_etype_list(context, ktypes, "default_tkt_enctypes", + return(get_profile_etype_list(context, ktypes, KRB5_CONF_DEFAULT_TKT_ENCTYPES, context->in_tkt_ktype_count, context->in_tkt_ktypes)); } @@ -464,10 +464,10 @@ if (context->use_conf_ktypes) /* This one is set *only* by reading the config file; it's not set by the application. */ - return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes", + return(get_profile_etype_list(context, ktypes, KRB5_CONF_DEFAULT_TKT_ENCTYPES, 0, NULL)); else - return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes", + return(get_profile_etype_list(context, ktypes, KRB5_CONF_DEFAULT_TGS_ENCTYPES, context->tgs_ktype_count, context->tgs_ktypes)); } @@ -475,7 +475,7 @@ krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes(krb5_context context, krb5_enctype **ktypes) { - return(get_profile_etype_list(context, ktypes, "permitted_enctypes", + return(get_profile_etype_list(context, ktypes, KRB5_CONF_PERMITTED_ENCTYPES, context->tgs_ktype_count, context->tgs_ktypes)); } Modified: trunk/src/lib/krb5/krb/vfy_increds.c =================================================================== --- trunk/src/lib/krb5/krb/vfy_increds.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/krb/vfy_increds.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -115,7 +115,7 @@ goto cleanup; } else if (krb5_libdefault_boolean(context, &creds->client->realm, - "verify_ap_req_nofail", + KRB5_CONF_VERIFY_AP_REQ_NOFAIL, &nofail) == 0) { if (nofail) Modified: trunk/src/lib/krb5/os/an_to_ln.c =================================================================== --- trunk/src/lib/krb5/os/an_to_ln.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/os/an_to_ln.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -703,9 +703,9 @@ * * [realms]->realm->"auth_to_local_names"->mapping_name */ - hierarchy[0] = "realms"; + hierarchy[0] = KRB5_CONF_REALMS; hierarchy[1] = realm; - hierarchy[2] = "auth_to_local_names"; + hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL_NAMES; hierarchy[3] = mname; hierarchy[4] = (char *) NULL; if (!(kret = profile_get_values(context->profile, @@ -747,9 +747,9 @@ * DEFAULT - Use default rule. * The first rule to find a match is used. */ - hierarchy[0] = "realms"; + hierarchy[0] = KRB5_CONF_REALMS; hierarchy[1] = realm; - hierarchy[2] = "auth_to_local"; + hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL; hierarchy[3] = (char *) NULL; if (!(kret = profile_get_values(context->profile, hierarchy, Modified: trunk/src/lib/krb5/os/def_realm.c =================================================================== --- trunk/src/lib/krb5/os/def_realm.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/os/def_realm.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -84,8 +84,8 @@ */ context->default_realm = 0; if (context->profile != 0) { - retval = profile_get_string(context->profile, "libdefaults", - "default_realm", 0, 0, + retval = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_DEFAULT_REALM, 0, 0, &realm); if (!retval && realm) { @@ -210,7 +210,7 @@ realm = (char *)NULL; temp_realm = 0; while (cp ) { - retval = profile_get_string(context->profile, "domain_realm", cp, + retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp, 0, (char *)NULL, &temp_realm); if (retval) return retval; Modified: trunk/src/lib/krb5/os/get_krbhst.c =================================================================== --- trunk/src/lib/krb5/os/get_krbhst.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/os/get_krbhst.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -68,9 +68,9 @@ rethosts = 0; - realm_kdc_names[0] = "realms"; + realm_kdc_names[0] = KRB5_CONF_REALMS; realm_kdc_names[1] = realm->data; - realm_kdc_names[2] = "kdc"; + realm_kdc_names[2] = KRB5_CONF_KDC; realm_kdc_names[3] = 0; if (context->profile == 0) Modified: trunk/src/lib/krb5/os/hst_realm.c =================================================================== --- trunk/src/lib/krb5/os/hst_realm.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/os/hst_realm.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -234,7 +234,7 @@ #ifdef DEBUG_REFERRALS printf(" trying to look up %s in the domain_realm map\n",cp); #endif - retval = profile_get_string(context->profile, "domain_realm", cp, + retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp, 0, (char *)NULL, &temp_realm); if (retval) return retval; @@ -385,8 +385,8 @@ int limit; errcode_t code; - code = profile_get_integer(context->profile, "libdefaults", - "realm_try_domains", 0, -1, &limit); + code = profile_get_integer(context->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_REALM_TRY_DOMAINS, 0, -1, &limit); if (code == 0) { retval = domain_heuristic(context, local_host, &realm, limit); if (retval) Modified: trunk/src/lib/krb5/os/ktdefname.c =================================================================== --- trunk/src/lib/krb5/os/ktdefname.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/os/ktdefname.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -51,8 +51,8 @@ if (strlcpy(name, cp, namesize) >= namesize) return KRB5_CONFIG_NOTENUFSPACE; } else if ((profile_get_string(context->profile, - "libdefaults", - "default_keytab_name", NULL, + KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_DEFAULT_KEYTAB_NAME, NULL, NULL, &retval) == 0) && retval) { if (strlcpy(name, retval, namesize) >= namesize) Modified: trunk/src/lib/krb5/os/localaddr.c =================================================================== --- trunk/src/lib/krb5/os/localaddr.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/os/localaddr.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -1247,7 +1247,7 @@ { krb5_error_code err; static const char *const profile_name[] = { - "libdefaults", "extra_addresses", 0 + KRB5_CONF_LIBDEFAULTS, KRB5_CONF_EXTRA_ADDRESSES, 0 }; char **values; char **iter; Modified: trunk/src/lib/krb5/os/locate_kdc.c =================================================================== --- trunk/src/lib/krb5/os/locate_kdc.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/os/locate_kdc.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -70,11 +70,11 @@ char * value = NULL; int use_dns = 0; - code = profile_get_string(context->profile, "libdefaults", + code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, name, 0, 0, &value); if (value == 0 && code == 0) - code = profile_get_string(context->profile, "libdefaults", - "dns_fallback", 0, 0, &value); + code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_DNS_FALLBACK, 0, 0, &value); if (code) return defalt; @@ -89,13 +89,13 @@ int _krb5_use_dns_kdc(krb5_context context) { - return maybe_use_dns (context, "dns_lookup_kdc", DEFAULT_LOOKUP_KDC); + return maybe_use_dns (context, KRB5_CONF_DNS_LOOKUP_KDC, DEFAULT_LOOKUP_KDC); } int _krb5_use_dns_realm(krb5_context context) { - return maybe_use_dns (context, "dns_lookup_realm", DEFAULT_LOOKUP_REALM); + return maybe_use_dns (context, KRB5_CONF_DNS_LOOKUP_REALM, DEFAULT_LOOKUP_REALM); } #endif /* KRB5_DNS_LOOKUP */ @@ -325,7 +325,7 @@ masterlist = NULL; - realm_srv_names[0] = "realms"; + realm_srv_names[0] = KRB5_CONF_REALMS; realm_srv_names[1] = host; realm_srv_names[2] = name; realm_srv_names[3] = 0; @@ -354,9 +354,9 @@ } if (get_masters) { - realm_srv_names[0] = "realms"; + realm_srv_names[0] = KRB5_CONF_REALMS; realm_srv_names[1] = host; - realm_srv_names[2] = "admin_server"; + realm_srv_names[2] = KRB5_CONF_ADMIN_SERVER; realm_srv_names[3] = 0; code = profile_get_values(context->profile, realm_srv_names, @@ -712,7 +712,7 @@ switch (svc) { case locate_service_kdc: - profname = "kdc"; + profname = KRB5_CONF_KDC; /* We used to use /etc/services for these, but enough systems have old, crufty, wrong settings that this is probably better. */ @@ -721,19 +721,19 @@ dflport2 = htons(KRB5_DEFAULT_SEC_PORT); break; case locate_service_master_kdc: - profname = "master_kdc"; + profname = KRB5_CONF_MASTER_KDC; goto kdc_ports; case locate_service_kadmin: - profname = "admin_server"; + profname = KRB5_CONF_ADMIN_SERVER; dflport1 = htons(DEFAULT_KADM5_PORT); break; case locate_service_krb524: - profname = "krb524_server"; + profname = KRB5_CONF_KRB524_SERVER; serv = getservbyname(KRB524_SERVICE, "udp"); dflport1 = serv ? serv->s_port : htons (KRB524_PORT); break; case locate_service_kpasswd: - profname = "kpasswd_server"; + profname = KRB5_CONF_KPASSWD_SERVER; dflport1 = htons(DEFAULT_KPASSWD_PORT); break; default: Modified: trunk/src/lib/krb5/os/realm_dom.c =================================================================== --- trunk/src/lib/krb5/os/realm_dom.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/os/realm_dom.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -51,8 +51,8 @@ krb5_error_code retval; char *temp_domain = 0; - retval = profile_get_string(context->profile, "realms", realm, - "default_domain", realm, &temp_domain); + retval = profile_get_string(context->profile, KRB5_CONF_REALMS, realm, + KRB5_CONF_DEFAULT_DOMAIN, realm, &temp_domain); if (!retval && temp_domain) { *domain = strdup(temp_domain); Modified: trunk/src/lib/krb5/os/sendto_kdc.c =================================================================== --- trunk/src/lib/krb5/os/sendto_kdc.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/os/sendto_kdc.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -377,7 +377,7 @@ if (!tcp_only && context->udp_pref_limit < 0) { int tmp; retval = profile_get_integer(context->profile, - "libdefaults", "udp_preference_limit", 0, + KRB5_CONF_LIBDEFAULTS, KRB5_CONF_UDP_PREFERENCE_LIMIT, 0, DEFAULT_UDP_PREF_LIMIT, &tmp); if (retval) return retval; Modified: trunk/src/lib/krb5/os/sn2princ.c =================================================================== --- trunk/src/lib/krb5/os/sn2princ.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/lib/krb5/os/sn2princ.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -47,8 +47,8 @@ char * value = NULL; int use_rdns = 0; - code = profile_get_string(context->profile, "libdefaults", - "rdns", 0, 0, &value); + code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_RDNS, 0, 0, &value); if (code) return defalt; Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c =================================================================== --- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -185,7 +185,7 @@ */ if (ldap_context->max_server_conns == 0) { st = prof_get_integer_def (context, conf_section, - "ldap_conns_per_server", + KRB5_CONF_LDAP_CONNS_PER_SERVER, DEFAULT_CONNS_PER_SERVER, &ldap_context->max_server_conns); if (st) @@ -208,9 +208,9 @@ if (ldap_context->bind_dn == NULL) { char *name = 0; if (srv_type == KRB5_KDB_SRV_TYPE_KDC) - name = "ldap_kdc_dn"; + name = KRB5_CONF_LDAP_KDC_DN; else if (srv_type == KRB5_KDB_SRV_TYPE_ADMIN) - name = "ldap_kadmind_dn"; + name = KRB5_CONF_LDAP_KADMIN_DN; else if (srv_type == KRB5_KDB_SRV_TYPE_PASSWD) name = "ldap_kpasswdd_dn"; @@ -229,7 +229,7 @@ */ if (ldap_context->service_password_file == NULL) { st = prof_get_string_def (context, conf_section, - "ldap_service_password_file", + KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE, &ldap_context->service_password_file); if (st) goto cleanup; @@ -243,7 +243,7 @@ */ if (ldap_context->root_certificate_file == NULL) { st = prof_get_string_def (context, conf_section, - "ldap_root_certificate_file", + KRB5_CONF_LDAP_ROOT_CERTIFICATE_FILE, &ldap_context->root_certificate_file); if (st) goto cleanup; @@ -268,7 +268,7 @@ } if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section, - "ldap_servers", NULL, &tempval)) != 0) { + KRB5_CONF_LDAP_SERVERS, NULL, &tempval)) != 0) { krb5_set_error_message (context, st, "Error reading 'ldap_servers' attribute"); goto cleanup; } Modified: trunk/src/plugins/preauth/pkinit/pkinit_clnt.c =================================================================== --- trunk/src/plugins/preauth/pkinit/pkinit_clnt.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/plugins/preauth/pkinit/pkinit_clnt.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -548,7 +548,7 @@ retval = pkinit_libdefault_strings(context, krb5_princ_realm(context, kdcprinc), - "pkinit_kdc_hostname", + KRB5_CONF_PKINIT_KDC_HOSTNAME, &cfghosts); if (retval || cfghosts == NULL) { pkiDebug("%s: No pkinit_kdc_hostname values found in config file\n", @@ -936,19 +936,19 @@ context, plgctx, reqctx, request); pkinit_libdefault_boolean(context, &request->server->realm, - "pkinit_win2k", + KRB5_CONF_PKINIT_WIN2K, reqctx->opts->win2k_target, &reqctx->opts->win2k_target); pkinit_libdefault_boolean(context, &request->server->realm, - "pkinit_win2k_require_binding", + KRB5_CONF_PKINIT_WIN2K_REQUIRE_BINDING, reqctx->opts->win2k_require_cksum, &reqctx->opts->win2k_require_cksum); pkinit_libdefault_boolean(context, &request->server->realm, - "pkinit_require_crl_checking", + KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING, reqctx->opts->require_crl_checking, &reqctx->opts->require_crl_checking); pkinit_libdefault_integer(context, &request->server->realm, - "pkinit_dh_min_bits", + KRB5_CONF_PKINIT_DH_MIN_BITS, reqctx->opts->dh_size, &reqctx->opts->dh_size); if (reqctx->opts->dh_size != 1024 && reqctx->opts->dh_size != 2048 @@ -959,7 +959,7 @@ reqctx->opts->dh_size = PKINIT_DEFAULT_DH_MIN_BITS; } pkinit_libdefault_string(context, &request->server->realm, - "pkinit_eku_checking", + KRB5_CONF_PKINIT_EKU_CHECKING, &eku_string); if (eku_string != NULL) { if (strcasecmp(eku_string, "kpKDC") == 0) { @@ -980,7 +980,7 @@ #ifdef LONGHORN_BETA_COMPAT /* Temporarily just set global flag from config file */ pkinit_libdefault_boolean(context, &request->server->realm, - "pkinit_longhorn", + KRB5_CONF_PKINIT_LONGHORN, 0, &longhorn); #endif @@ -988,16 +988,16 @@ /* Only process anchors here if they were not specified on command line */ if (reqctx->idopts->anchors == NULL) pkinit_libdefault_strings(context, &request->server->realm, - "pkinit_anchors", + KRB5_CONF_PKINIT_ANCHORS, &reqctx->idopts->anchors); pkinit_libdefault_strings(context, &request->server->realm, - "pkinit_pool", + KRB5_CONF_PKINIT_POOL, &reqctx->idopts->intermediates); pkinit_libdefault_strings(context, &request->server->realm, - "pkinit_revoke", + KRB5_CONF_PKINIT_REVOKE, &reqctx->idopts->crls); pkinit_libdefault_strings(context, &request->server->realm, - "pkinit_identities", + KRB5_CONF_PKINIT_IDENTITIES, &reqctx->idopts->identity_alt); } Modified: trunk/src/plugins/preauth/pkinit/pkinit_matching.c =================================================================== --- trunk/src/plugins/preauth/pkinit/pkinit_matching.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/plugins/preauth/pkinit/pkinit_matching.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -746,7 +746,7 @@ /* If no matching rules, select the default cert and we're done */ pkinit_libdefault_strings(context, krb5_princ_realm(context, princ), - "pkinit_cert_match", &rules); + KRB5_CONF_PKINIT_CERT_MATCH, &rules); if (rules == NULL) { pkiDebug("%s: no matching rules found in config file\n", __FUNCTION__); retval = crypto_cert_select_default(context, plg_cryptoctx, Modified: trunk/src/plugins/preauth/pkinit/pkinit_profile.c =================================================================== --- trunk/src/plugins/preauth/pkinit/pkinit_profile.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/plugins/preauth/pkinit/pkinit_profile.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -114,7 +114,7 @@ * } */ - names[0] = "realms"; + names[0] = KRB5_CONF_REALMS; names[1] = realmname; names[2] = option; names[3] = 0; @@ -130,7 +130,7 @@ * option = */ - names[0] = "kdcdefaults"; + names[0] = KRB5_CONF_KDCDEFAULTS; names[1] = option; names[2] = 0; retval = profile_get_values(profile, names, &values); @@ -256,7 +256,7 @@ * } */ - names[0] = "libdefaults"; + names[0] = KRB5_CONF_LIBDEFAULTS; names[1] = realmstr; names[2] = option; names[3] = 0; @@ -273,7 +273,7 @@ * } */ - names[0] = "realms"; + names[0] = KRB5_CONF_REALMS; names[1] = realmstr; names[2] = option; names[3] = 0; @@ -289,7 +289,7 @@ * option = */ - names[0] = "libdefaults"; + names[0] = KRB5_CONF_LIBDEFAULTS; names[1] = option; names[2] = 0; retval = profile_get_values(profile, names, &values); Modified: trunk/src/plugins/preauth/pkinit/pkinit_srv.c =================================================================== --- trunk/src/plugins/preauth/pkinit/pkinit_srv.c 2009-02-04 03:18:04 UTC (rev 21878) +++ trunk/src/plugins/preauth/pkinit/pkinit_srv.c 2009-02-04 17:08:44 UTC (rev 21879) @@ -1092,7 +1092,7 @@ pkiDebug("%s: entered for realm %s\n", __FUNCTION__, plgctx->realmname); retval = pkinit_kdcdefault_string(context, plgctx->realmname, - "pkinit_identity", + KRB5_CONF_PKINIT_IDENTITY, &plgctx->idopts->identity); if (retval != 0 || NULL == plgctx->idopts->identity) { retval = EINVAL; @@ -1103,7 +1103,7 @@ } retval = pkinit_kdcdefault_strings(context, plgctx->realmname, - "pkinit_anchors", + KRB5_CONF_PKINIT_ANCHORS, &plgctx->idopts->anchors); if (retval != 0 || NULL == plgctx->idopts->anchors) { retval = EINVAL; @@ -1114,26 +1114,26 @@ } pkinit_kdcdefault_strings(context, plgctx->realmname, - "pkinit_pool", + KRB5_CONF_PKINIT_POOL, &plgctx->idopts->intermediates); pkinit_kdcdefault_strings(context, plgctx->realmname, - "pkinit_revoke", + KRB5_CONF_PKINIT_REVOKE, &plgctx->idopts->crls); pkinit_kdcdefault_string(context, plgctx->realmname, - "pkinit_kdc_ocsp", + KRB5_CONF_PKINIT_KDC_OCSP, &plgctx->idopts->ocsp); pkinit_kdcdefault_string(context, plgctx->realmname, - "pkinit_mappings_file", + KRB5_CONF_PKINIT_MAPPING_FILE, &plgctx->idopts->dn_mapping_file); pkinit_kdcdefault_integer(context, plgctx->realmname, - "pkinit_dh_min_bits", + KRB5_CONF_PKINIT_DH_MIN_BITS, PKINIT_DEFAULT_DH_MIN_BITS, &plgctx->opts->dh_min_bits); - if (plgctx->opts->dh_min_bits < 1024) { + if (plgctx->opts->dh_min_bits < PKINIT_DEFAULT_DH_MIN_BITS) { pkiDebug("%s: invalid value (%d) for pkinit_dh_min_bits, " "using default value (%d) instead\n", __FUNCTION__, plgctx->opts->dh_min_bits, PKINIT_DEFAULT_DH_MIN_BITS); @@ -1141,15 +1141,15 @@ } pkinit_kdcdefault_boolean(context, plgctx->realmname, - "pkinit_allow_upn", + KRB5_CONF_PKINIT_ALLOW_UPN, 0, &plgctx->opts->allow_upn); pkinit_kdcdefault_boolean(context, plgctx->realmname, - "pkinit_require_crl_checking", + KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING, 0, &plgctx->opts->require_crl_checking); pkinit_kdcdefault_string(context, plgctx->realmname, - "pkinit_eku_checking", + KRB5_CONF_PKINIT_EKU_CHECKING, &eku_string); if (eku_string != NULL) { if (strcasecmp(eku_string, "kpClientAuth") == 0) { From ghudson at MIT.EDU Wed Feb 4 14:15:15 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Wed, 4 Feb 2009 14:15:15 -0500 (EST) Subject: svn rev #21880: trunk/src/plugins/preauth/pkinit/ Message-ID: <200902041915.OAA09745@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21880 Commit By: ghudson Log Message: Include k5-int.h in several pkinit source files, in order to define the KRB5_CONFIG symbols now used by those files. Changed Files: U trunk/src/plugins/preauth/pkinit/pkinit_clnt.c U trunk/src/plugins/preauth/pkinit/pkinit_matching.c U trunk/src/plugins/preauth/pkinit/pkinit_srv.c Modified: trunk/src/plugins/preauth/pkinit/pkinit_clnt.c =================================================================== --- trunk/src/plugins/preauth/pkinit/pkinit_clnt.c 2009-02-04 17:08:44 UTC (rev 21879) +++ trunk/src/plugins/preauth/pkinit/pkinit_clnt.c 2009-02-04 19:15:13 UTC (rev 21880) @@ -38,6 +38,7 @@ #include #include +#include "k5-int.h" #include "pkinit.h" #ifdef LONGHORN_BETA_COMPAT Modified: trunk/src/plugins/preauth/pkinit/pkinit_matching.c =================================================================== --- trunk/src/plugins/preauth/pkinit/pkinit_matching.c 2009-02-04 17:08:44 UTC (rev 21879) +++ trunk/src/plugins/preauth/pkinit/pkinit_matching.c 2009-02-04 19:15:13 UTC (rev 21880) @@ -34,7 +34,7 @@ #include #include #include -#include +#include "k5-int.h" #include "pkinit.h" typedef struct _pkinit_cert_info pkinit_cert_info; Modified: trunk/src/plugins/preauth/pkinit/pkinit_srv.c =================================================================== --- trunk/src/plugins/preauth/pkinit/pkinit_srv.c 2009-02-04 17:08:44 UTC (rev 21879) +++ trunk/src/plugins/preauth/pkinit/pkinit_srv.c 2009-02-04 19:15:13 UTC (rev 21880) @@ -33,6 +33,7 @@ #include #include +#include "k5-int.h" #include "pkinit.h" static krb5_error_code From ghudson at MIT.EDU Wed Feb 4 14:25:54 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Wed, 4 Feb 2009 14:25:54 -0500 (EST) Subject: svn rev #21881: trunk/src/util/support/ Message-ID: <200902041925.OAA10033@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21881 Commit By: ghudson Log Message: ticket: 6360 tags: pullup target_version: 1.7 In krb5int_utf8s_to_ucs2les, free the correct value on error, instead of the caller-supplied result pointer. Changed Files: U trunk/src/util/support/utf8_conv.c Modified: trunk/src/util/support/utf8_conv.c =================================================================== --- trunk/src/util/support/utf8_conv.c 2009-02-04 19:15:13 UTC (rev 21880) +++ trunk/src/util/support/utf8_conv.c 2009-02-04 19:25:51 UTC (rev 21881) @@ -199,7 +199,7 @@ len = k5_utf8s_to_ucs2s((krb5_ucs2 *)*ucs2les, utf8s, chars + 1, 1); if (len < 0) { - free(ucs2les); + free(*ucs2les); *ucs2les = NULL; return EINVAL; } From ghudson at MIT.EDU Wed Feb 4 14:31:35 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Wed, 4 Feb 2009 14:31:35 -0500 (EST) Subject: svn rev #21882: trunk/src/kadmin/testing/util/ Message-ID: <200902041931.OAA10168@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21882 Commit By: ghudson Log Message: In tcl_ovsec_kadm_get_policy, initialize ent since (at least in theory) there's a code path which gets through to the finalizers without setting it. Changed Files: U trunk/src/kadmin/testing/util/tcl_ovsec_kadm.c Modified: trunk/src/kadmin/testing/util/tcl_ovsec_kadm.c =================================================================== --- trunk/src/kadmin/testing/util/tcl_ovsec_kadm.c 2009-02-04 19:25:51 UTC (rev 21881) +++ trunk/src/kadmin/testing/util/tcl_ovsec_kadm.c 2009-02-04 19:31:33 UTC (rev 21882) @@ -1742,7 +1742,7 @@ Tcl_Interp *interp, int argc, const char *argv[]) { - ovsec_kadm_policy_ent_t ent; + ovsec_kadm_policy_ent_t ent = NULL; Tcl_DString *ent_dstring = 0; char *policy; char *ent_var; From ghudson at MIT.EDU Wed Feb 4 15:32:09 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Wed, 4 Feb 2009 15:32:09 -0500 (EST) Subject: svn rev #21883: trunk/src/lib/krb5/keytab/ Message-ID: <200902042032.PAA11975@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21883 Commit By: ghudson Log Message: Remove xfread/xfwrite macros. Casting the first argument to char * is unnecessary (fread's first argument is void *, which does not require a cast) and confuses Coverity's UNINIT checker; casting the third argument to unsigned is not necessary for our current set of warnings. Changed Files: U trunk/src/lib/krb5/keytab/kt_file.c Modified: trunk/src/lib/krb5/keytab/kt_file.c =================================================================== --- trunk/src/lib/krb5/keytab/kt_file.c 2009-02-04 19:31:33 UTC (rev 21882) +++ trunk/src/lib/krb5/keytab/kt_file.c 2009-02-04 20:32:05 UTC (rev 21883) @@ -1074,9 +1074,6 @@ #define krb5_kt_default_vno ((krb5_kt_vno)KRB5_KT_DEFAULT_VNO) -#define xfwrite(a, b, c, d) fwrite((char *)a, b, (unsigned) c, d) -#define xfread(a, b, c, d) fread((char *)a, b, (unsigned) c, d) - #ifdef ANSI_STDIO static char *const fopen_mode_rbplus= "rb+"; static char *const fopen_mode_rb = "rb"; @@ -1135,7 +1132,7 @@ if (writevno) { kt_vno = htons(krb5_kt_default_vno); KTVERSION(id) = krb5_kt_default_vno; - if (!xfwrite(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { + if (!fwrite(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { kerror = errno; (void) krb5_unlock_file(context, fileno(KTFILEP(id))); (void) fclose(KTFILEP(id)); @@ -1144,7 +1141,7 @@ } } else { /* gotta verify it instead... */ - if (!xfread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { + if (!fread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { if (feof(KTFILEP(id))) kerror = KRB5_KEYTAB_BADVNO; else @@ -1204,7 +1201,7 @@ if (fseek(KTFILEP(id), delete_point, SEEK_SET)) { return errno; } - if (!xfread(&size, sizeof(size), 1, KTFILEP(id))) { + if (!fread(&size, sizeof(size), 1, KTFILEP(id))) { return KRB5_KT_END; } if (KTVERSION(id) != KRB5_KT_VNO_1) @@ -1219,7 +1216,7 @@ return errno; } - if (!xfwrite(&minus_size, sizeof(minus_size), 1, KTFILEP(id))) { + if (!fwrite(&minus_size, sizeof(minus_size), 1, KTFILEP(id))) { return KRB5_KT_IOERR; } @@ -1231,7 +1228,7 @@ memset(iobuf, 0, (size_t) len); while (size > 0) { - xfwrite(iobuf, 1, (size_t) len, KTFILEP(id)); + fwrite(iobuf, 1, (size_t) len, KTFILEP(id)); size -= len; if (size < len) { len = size; @@ -1272,7 +1269,7 @@ do { *delete_point = ftell(KTFILEP(id)); - if (!xfread(&size, sizeof(size), 1, KTFILEP(id))) { + if (!fread(&size, sizeof(size), 1, KTFILEP(id))) { return KRB5_KT_END; } if (KTVERSION(id) != KRB5_KT_VNO_1) @@ -1294,7 +1291,7 @@ /* deal with guts of parsing... */ /* first, int16 with #princ components */ - if (!xfread(&count, sizeof(count), 1, KTFILEP(id))) + if (!fread(&count, sizeof(count), 1, KTFILEP(id))) return KRB5_KT_END; if (KTVERSION(id) == KRB5_KT_VNO_1) { count -= 1; /* V1 includes the realm in the count */ @@ -1319,7 +1316,7 @@ } /* Now, get the realm data */ - if (!xfread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) { + if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) { error = KRB5_KT_END; goto fail; } @@ -1349,7 +1346,7 @@ for (i = 0; i < count; i++) { princ = krb5_princ_component(context, ret_entry->principal, i); - if (!xfread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) { + if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) { error = KRB5_KT_END; goto fail; } @@ -1367,7 +1364,7 @@ error = ENOMEM; goto fail; } - if (!xfread(princ->data, sizeof(char), u_princ_size, KTFILEP(id))) { + if (!fread(princ->data, sizeof(char), u_princ_size, KTFILEP(id))) { error = KRB5_KT_END; goto fail; } @@ -1376,7 +1373,7 @@ /* read in the principal type, if we can get it */ if (KTVERSION(id) != KRB5_KT_VNO_1) { - if (!xfread(&ret_entry->principal->type, + if (!fread(&ret_entry->principal->type, sizeof(ret_entry->principal->type), 1, KTFILEP(id))) { error = KRB5_KT_END; goto fail; @@ -1385,7 +1382,7 @@ } /* read in the timestamp */ - if (!xfread(&ret_entry->timestamp, sizeof(ret_entry->timestamp), 1, KTFILEP(id))) { + if (!fread(&ret_entry->timestamp, sizeof(ret_entry->timestamp), 1, KTFILEP(id))) { error = KRB5_KT_END; goto fail; } @@ -1393,14 +1390,14 @@ ret_entry->timestamp = ntohl(ret_entry->timestamp); /* read in the version number */ - if (!xfread(&vno, sizeof(vno), 1, KTFILEP(id))) { + if (!fread(&vno, sizeof(vno), 1, KTFILEP(id))) { error = KRB5_KT_END; goto fail; } ret_entry->vno = (krb5_kvno)vno; /* key type */ - if (!xfread(&enctype, sizeof(enctype), 1, KTFILEP(id))) { + if (!fread(&enctype, sizeof(enctype), 1, KTFILEP(id))) { error = KRB5_KT_END; goto fail; } @@ -1412,7 +1409,7 @@ /* key contents */ ret_entry->key.magic = KV5M_KEYBLOCK; - if (!xfread(&count, sizeof(count), 1, KTFILEP(id))) { + if (!fread(&count, sizeof(count), 1, KTFILEP(id))) { error = KRB5_KT_END; goto fail; } @@ -1431,7 +1428,7 @@ error = ENOMEM; goto fail; } - if (!xfread(ret_entry->key.contents, sizeof(krb5_octet), count, + if (!fread(ret_entry->key.contents, sizeof(krb5_octet), count, KTFILEP(id))) { error = KRB5_KT_END; goto fail; @@ -1498,17 +1495,17 @@ count = htons((u_short) krb5_princ_size(context, entry->principal)); } - if (!xfwrite(&count, sizeof(count), 1, KTFILEP(id))) { + if (!fwrite(&count, sizeof(count), 1, KTFILEP(id))) { abend: return KRB5_KT_IOERR; } size = krb5_princ_realm(context, entry->principal)->length; if (KTVERSION(id) != KRB5_KT_VNO_1) size = htons(size); - if (!xfwrite(&size, sizeof(size), 1, KTFILEP(id))) { + if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { goto abend; } - if (!xfwrite(krb5_princ_realm(context, entry->principal)->data, sizeof(char), + if (!fwrite(krb5_princ_realm(context, entry->principal)->data, sizeof(char), krb5_princ_realm(context, entry->principal)->length, KTFILEP(id))) { goto abend; } @@ -1519,10 +1516,10 @@ size = princ->length; if (KTVERSION(id) != KRB5_KT_VNO_1) size = htons(size); - if (!xfwrite(&size, sizeof(size), 1, KTFILEP(id))) { + if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { goto abend; } - if (!xfwrite(princ->data, sizeof(char), princ->length, KTFILEP(id))) { + if (!fwrite(princ->data, sizeof(char), princ->length, KTFILEP(id))) { goto abend; } } @@ -1532,7 +1529,7 @@ */ if (KTVERSION(id) != KRB5_KT_VNO_1) { princ_type = htonl(krb5_princ_type(context, entry->principal)); - if (!xfwrite(&princ_type, sizeof(princ_type), 1, KTFILEP(id))) { + if (!fwrite(&princ_type, sizeof(princ_type), 1, KTFILEP(id))) { goto abend; } } @@ -1547,13 +1544,13 @@ timestamp = entry->timestamp; else timestamp = htonl(entry->timestamp); - if (!xfwrite(×tamp, sizeof(timestamp), 1, KTFILEP(id))) { + if (!fwrite(×tamp, sizeof(timestamp), 1, KTFILEP(id))) { goto abend; } /* key version number */ vno = (krb5_octet)entry->vno; - if (!xfwrite(&vno, sizeof(vno), 1, KTFILEP(id))) { + if (!fwrite(&vno, sizeof(vno), 1, KTFILEP(id))) { goto abend; } /* key type */ @@ -1561,7 +1558,7 @@ enctype = entry->key.enctype; else enctype = htons(entry->key.enctype); - if (!xfwrite(&enctype, sizeof(enctype), 1, KTFILEP(id))) { + if (!fwrite(&enctype, sizeof(enctype), 1, KTFILEP(id))) { goto abend; } /* key length */ @@ -1569,10 +1566,10 @@ size = entry->key.length; else size = htons(entry->key.length); - if (!xfwrite(&size, sizeof(size), 1, KTFILEP(id))) { + if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { goto abend; } - if (!xfwrite(entry->key.contents, sizeof(krb5_octet), + if (!fwrite(entry->key.contents, sizeof(krb5_octet), entry->key.length, KTFILEP(id))) { goto abend; } @@ -1591,7 +1588,7 @@ } if (KTVERSION(id) != KRB5_KT_VNO_1) size_needed = htonl(size_needed); - if (!xfwrite(&size_needed, sizeof(size_needed), 1, KTFILEP(id))) { + if (!fwrite(&size_needed, sizeof(size_needed), 1, KTFILEP(id))) { goto abend; } if (fflush(KTFILEP(id))) @@ -1661,13 +1658,13 @@ if (fseek(KTFILEP(id), 0, SEEK_SET)) { return errno; } - if (!xfread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { + if (!fread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) { return KRB5_KT_IOERR; } while (!found) { *commit_point = ftell(KTFILEP(id)); - if (!xfread(&size, sizeof(size), 1, KTFILEP(id))) { + if (!fread(&size, sizeof(size), 1, KTFILEP(id))) { /* * Hit the end of file, reserve this slot. */ @@ -1686,7 +1683,7 @@ size = htonl(size); #endif - if (!xfwrite(&size, sizeof(size), 1, KTFILEP(id))) { + if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) { return KRB5_KT_IOERR; } found = TRUE; @@ -1725,7 +1722,7 @@ * Make sure we zero any trailing data. */ zero_point = ftell(KTFILEP(id)); - while ((size = xfread(iobuf, 1, sizeof(iobuf), KTFILEP(id)))) { + while ((size = fread(iobuf, 1, sizeof(iobuf), KTFILEP(id)))) { if (size != sizeof(iobuf)) { remainder = size % sizeof(krb5_int32); if (remainder) { @@ -1739,7 +1736,7 @@ } memset(iobuf, 0, (size_t) size); - xfwrite(iobuf, 1, (size_t) size, KTFILEP(id)); + fwrite(iobuf, 1, (size_t) size, KTFILEP(id)); fflush(KTFILEP(id)); if (feof(KTFILEP(id))) { break; From wfiveash at MIT.EDU Wed Feb 4 17:29:46 2009 From: wfiveash at MIT.EDU (wfiveash@MIT.EDU) Date: Wed, 4 Feb 2009 17:29:46 -0500 (EST) Subject: svn rev #21884: trunk/src/ kadmin/dbutil/ lib/kdb/ Message-ID: <200902042229.RAA14123@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21884 Commit By: wfiveash Log Message: ticket: 6361 new multi-masterkey support doesn't work well when system clock is set back The ticket contains the details. Changed Files: U trunk/src/kadmin/dbutil/kdb5_mkey.c U trunk/src/lib/kdb/kdb5.c Modified: trunk/src/kadmin/dbutil/kdb5_mkey.c =================================================================== --- trunk/src/kadmin/dbutil/kdb5_mkey.c 2009-02-04 20:32:05 UTC (rev 21883) +++ trunk/src/kadmin/dbutil/kdb5_mkey.c 2009-02-04 22:29:44 UTC (rev 21884) @@ -372,12 +372,13 @@ char *mkey_fullname; krb5_kvno use_kvno; krb5_timestamp now, start_time; - krb5_actkvno_node *actkvno_list, *new_actkvno_list_head, *new_actkvno, + krb5_actkvno_node *actkvno_list, *new_actkvno, *prev_actkvno, *cur_actkvno; krb5_db_entry master_entry; int nentries = 0; krb5_boolean more = 0, found; krb5_keylist_node *keylist_node; + krb5_boolean inserted = FALSE; if (argc < 2 || argc > 3) { /* usage calls exit */ @@ -413,7 +414,7 @@ if (argc == 3) { time_t t = get_date(argv[2]); - if (t == -1) { + if (t == -1) { com_err(progname, 0, "could not parse date-time string '%s'", argv[2]); exit_status++; @@ -474,37 +475,58 @@ return; } - /* alloc enough space to hold new and existing key_data */ - new_actkvno = (krb5_actkvno_node *) malloc(sizeof(krb5_actkvno_node)); - if (new_actkvno == NULL) { - com_err(progname, ENOMEM, "while adding new master key"); - exit_status++; - return; + /* + * If an entry already exists with the same kvno either delete it or if it's + * the only entry, just set its active time. + */ + for (prev_actkvno = NULL, cur_actkvno = actkvno_list; + cur_actkvno != NULL; + prev_actkvno = cur_actkvno, cur_actkvno = cur_actkvno->next) { + + if (cur_actkvno->act_kvno == use_kvno) { + /* delete it */ + if (prev_actkvno) { + prev_actkvno->next = cur_actkvno->next; + cur_actkvno->next = NULL; + krb5_dbe_free_actkvno_list(util_context, cur_actkvno); + } else { + if (cur_actkvno->next) { + /* delete it from front of list */ + actkvno_list = cur_actkvno->next; + cur_actkvno->next = NULL; + krb5_dbe_free_actkvno_list(util_context, cur_actkvno); + } else { + /* There's only one entry, go ahead and change the time */ + cur_actkvno->act_time = start_time; + inserted = TRUE; + } + } + break; + } } - memset(new_actkvno, 0, sizeof(krb5_actkvno_node)); - new_actkvno->act_kvno = use_kvno; - new_actkvno->act_time = start_time; + if (!inserted) { + /* alloc enough space to hold new and existing key_data */ + new_actkvno = (krb5_actkvno_node *) malloc(sizeof(krb5_actkvno_node)); + if (new_actkvno == NULL) { + com_err(progname, ENOMEM, "while adding new master key"); + exit_status++; + return; + } + memset(new_actkvno, 0, sizeof(krb5_actkvno_node)); + new_actkvno->act_kvno = use_kvno; + new_actkvno->act_time = start_time; - /* - * determine which nodes to delete and where to insert new act kvno node - */ + /* insert new act kvno node */ - if (actkvno_list == NULL) { - /* new actkvno is the list */ - new_actkvno_list_head = new_actkvno; - } else { - krb5_boolean inserted = FALSE, trimed = FALSE; + if (actkvno_list == NULL) { + /* new actkvno is the list */ + actkvno_list = new_actkvno; + } else { + for (prev_actkvno = NULL, cur_actkvno = actkvno_list; + cur_actkvno != NULL; + prev_actkvno = cur_actkvno, cur_actkvno = cur_actkvno->next) { - for (prev_actkvno = NULL, cur_actkvno = actkvno_list; - cur_actkvno != NULL; - prev_actkvno = cur_actkvno, cur_actkvno = cur_actkvno->next) { - - if (cur_actkvno->act_kvno == use_kvno) { - cur_actkvno->act_time = start_time; - inserted = TRUE; /* fake it */ - } - if (!inserted) { if (new_actkvno->act_time < cur_actkvno->act_time) { if (prev_actkvno) { prev_actkvno->next = new_actkvno; @@ -513,42 +535,32 @@ new_actkvno->next = actkvno_list; actkvno_list = new_actkvno; } - inserted = TRUE; + break; } else if (cur_actkvno->next == NULL) { /* end of line, just add new node to end of list */ cur_actkvno->next = new_actkvno; - inserted = TRUE; + break; } } - if (!trimed) { - /* trim entries in past that are superceded */ - if (cur_actkvno->act_time > now) { - if (prev_actkvno) { - new_actkvno_list_head = prev_actkvno; - } else { - new_actkvno_list_head = actkvno_list; - } - trimed = TRUE; - } else if (cur_actkvno->next == NULL) { - /* XXX this is buggy, fix soon. */ - new_actkvno_list_head = cur_actkvno; - trimed = TRUE; - } - } - if (trimed && inserted) - break; } } - if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry, - new_actkvno_list_head))) { - com_err(progname, retval, "while updating actkvno data for master principal entry"); + if (actkvno_list->act_time > now) { + com_err(progname, EINVAL, "there must be one master key currently active"); exit_status++; return; } + if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry, + /* new_actkvno_list_head))) { */ + actkvno_list))) { + com_err(progname, retval, "while updating actkvno data for master principal entry"); + exit_status++; + return; + } + if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry, - now, master_princ))) { + now, master_princ))) { com_err(progname, retval, "while updating the master key principal modification time"); exit_status++; return; @@ -658,7 +670,7 @@ } if (actkvno_list != NULL) { - act_time = 0; + act_time = -1; /* assume actkvno entry not found */ for (cur_actkvno = actkvno_list; cur_actkvno != NULL; cur_actkvno = cur_actkvno->next) { if (cur_actkvno->act_kvno == cur_kb_node->kvno) { @@ -683,7 +695,7 @@ retval = asprintf(&output_str, "KNVO: %d, Enctype: %s, Active on: %s *\n", cur_kb_node->kvno, enctype, strdate(act_time)); } else { - if (act_time) { + if (act_time != -1) { retval = asprintf(&output_str, "KNVO: %d, Enctype: %s, Active on: %s\n", cur_kb_node->kvno, enctype, strdate(act_time)); } else { Modified: trunk/src/lib/kdb/kdb5.c =================================================================== --- trunk/src/lib/kdb/kdb5.c 2009-02-04 20:32:05 UTC (rev 21883) +++ trunk/src/lib/kdb/kdb5.c 2009-02-04 22:29:44 UTC (rev 21884) @@ -1878,8 +1878,10 @@ if (nprinc != 1) { if (nprinc) { krb5_db_free_principal(context, &entry, nprinc); + return (KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); + } else { + return(KRB5_KDB_NOMASTERKEY); } - return(KRB5_KDB_NOMASTERKEY); } else if (more) { krb5_db_free_principal(context, &entry, nprinc); return (KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); @@ -1888,24 +1890,19 @@ retval = krb5_dbe_lookup_actkvno(context, &entry, act_key_list); if (*act_key_list == NULL) { - krb5_actkvno_node *tmp_actkvno; - krb5_timestamp now; + krb5_actkvno_node *tmp_actkvno; /* * for mkey princ entries without KRB5_TL_ACTKVNO data provide a default */ - if ((retval = krb5_timeofday(context, &now))) - return (retval); - tmp_actkvno = (krb5_actkvno_node *) malloc(sizeof(krb5_actkvno_node)); if (tmp_actkvno == NULL) return (ENOMEM); memset(tmp_actkvno, 0, sizeof(krb5_actkvno_node)); - tmp_actkvno->act_time = now; + tmp_actkvno->act_time = 0; /* earliest time possible */ /* use most current key */ tmp_actkvno->act_kvno = entry.key_data[0].key_data_kvno; - *act_key_list = tmp_actkvno; } @@ -1915,7 +1912,7 @@ /* * Locates the "active" mkey used when encrypting a princ's keys. Note, the - * caller must not free the output act_mkey. + * caller must NOT free the output act_mkey. */ krb5_error_code @@ -1937,10 +1934,20 @@ /* * The list should be sorted in time, early to later so if the first entry - * is later than now, this is a problem + * is later than now, this is a problem. The fallback in this case is to + * return the earlist activation entry. */ if (act_mkey_list->act_time > now) { - return (KRB5_KDB_NOACTMASTERKEY); + while (cur_keyblock && cur_keyblock->kvno != act_mkey_list->act_kvno) + cur_keyblock = cur_keyblock->next; + if (cur_keyblock) { + *act_mkey = &cur_keyblock->keyblock; + if (act_kvno != NULL) + *act_kvno = cur_keyblock->kvno; + return (0); + } else { + return (KRB5_KDB_NOACTMASTERKEY); + } } /* find the most current entry <= now */ From raeburn at MIT.EDU Wed Feb 4 18:06:14 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Wed, 4 Feb 2009 18:06:14 -0500 (EST) Subject: svn rev #21885: trunk/src/ kadmin/dbutil/ kdc/ tests/gss-threads/ Message-ID: <200902042306.SAA15224@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21885 Commit By: raeburn Log Message: regenerate Changed Files: U trunk/src/kadmin/dbutil/deps U trunk/src/kdc/deps U trunk/src/tests/gss-threads/deps Modified: trunk/src/kadmin/dbutil/deps =================================================================== --- trunk/src/kadmin/dbutil/deps 2009-02-04 22:29:44 UTC (rev 21884) +++ trunk/src/kadmin/dbutil/deps 2009-02-04 23:06:12 UTC (rev 21885) @@ -145,3 +145,24 @@ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h import_err.h kdb5_util.h \ nstrtok.h ovload.c +$(OUTPRE)kdb5_mkey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ + $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + kdb5_mkey.c kdb5_util.h Modified: trunk/src/kdc/deps =================================================================== --- trunk/src/kdc/deps 2009-02-04 22:29:44 UTC (rev 21884) +++ trunk/src/kdc/deps 2009-02-04 23:06:12 UTC (rev 21885) @@ -105,10 +105,10 @@ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - extern.c extern.h + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h extern.c extern.h $(OUTPRE)replay.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ Modified: trunk/src/tests/gss-threads/deps =================================================================== --- trunk/src/tests/gss-threads/deps 2009-02-04 22:29:44 UTC (rev 21884) +++ trunk/src/tests/gss-threads/deps 2009-02-04 23:06:12 UTC (rev 21885) @@ -8,6 +8,7 @@ $(SRCTOP)/include/socket-utils.h gss-client.c gss-misc.h $(OUTPRE)gss-misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ gss-misc.c gss-misc.h $(OUTPRE)gss-server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ From raeburn at MIT.EDU Wed Feb 4 18:28:13 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Wed, 4 Feb 2009 18:28:13 -0500 (EST) Subject: svn rev #21886: trunk/src/ lib/gssapi/generic/ Message-ID: <200902042328.SAA15664@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21886 Commit By: raeburn Log Message: ticket: 6362 subject: don't do arithmetic on void pointers Fix one file in gssapi where we compute offsets from a void* without casting. Change options used with Sun compiler to make such expressions an error. Changed Files: U trunk/src/aclocal.m4 U trunk/src/lib/gssapi/generic/oid_ops.c Modified: trunk/src/aclocal.m4 =================================================================== --- trunk/src/aclocal.m4 2009-02-04 23:06:12 UTC (rev 21885) +++ trunk/src/aclocal.m4 2009-02-04 23:28:09 UTC (rev 21886) @@ -664,7 +664,7 @@ # works, but it also means that declaration-in-code warnings won't # be issued. # -v -fd -errwarn=E_DECLARATION_IN_CODE ... - WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION" + WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION -errwarn=E_PTR_TO_VOID_IN_ARITHMETIC" WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64" fi fi Modified: trunk/src/lib/gssapi/generic/oid_ops.c =================================================================== --- trunk/src/lib/gssapi/generic/oid_ops.c 2009-02-04 23:06:12 UTC (rev 21885) +++ trunk/src/lib/gssapi/generic/oid_ops.c 2009-02-04 23:28:09 UTC (rev 21886) @@ -440,7 +440,7 @@ return GSS_S_FAILURE; } - op = oid->elements + prefix_len + nbytes; + op = (unsigned char *) oid->elements + prefix_len + nbytes; i = -1; while (suffix) { op[i] = (unsigned char)suffix & 0x7f; @@ -472,7 +472,7 @@ return GSS_S_BAD_MECH; } - op = oid->elements + prefix_len; + op = (unsigned char *) oid->elements + prefix_len; *suffix = 0; From raeburn at MIT.EDU Wed Feb 4 20:49:27 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Wed, 4 Feb 2009 20:49:27 -0500 (EST) Subject: svn rev #21887: trunk/src/ lib/gssapi/krb5/ Message-ID: <200902050149.UAA18005@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21887 Commit By: raeburn Log Message: ticket: 6363 subject: int/ptr bug in gssapi code target_version: 1.7 tags: pullup Fix a pointer argument passed where an integer is needed. Update Sun compiler options to make that an error. (The options we're currently using make it an error for assignment but not for argument passing.) Changed Files: U trunk/src/aclocal.m4 U trunk/src/lib/gssapi/krb5/k5seal.c Modified: trunk/src/aclocal.m4 =================================================================== --- trunk/src/aclocal.m4 2009-02-04 23:28:09 UTC (rev 21886) +++ trunk/src/aclocal.m4 2009-02-05 01:49:21 UTC (rev 21887) @@ -664,7 +664,7 @@ # works, but it also means that declaration-in-code warnings won't # be issued. # -v -fd -errwarn=E_DECLARATION_IN_CODE ... - WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION -errwarn=E_PTR_TO_VOID_IN_ARITHMETIC" + WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION -errwarn=E_BAD_PTR_INT_COMB_ARG -errwarn=E_PTR_TO_VOID_IN_ARITHMETIC" WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64" fi fi Modified: trunk/src/lib/gssapi/krb5/k5seal.c =================================================================== --- trunk/src/lib/gssapi/krb5/k5seal.c 2009-02-04 23:28:09 UTC (rev 21886) +++ trunk/src/lib/gssapi/krb5/k5seal.c 2009-02-05 01:49:21 UTC (rev 21887) @@ -258,7 +258,7 @@ unsigned char bigend_seqnum[4]; krb5_keyblock *enc_key; int i; - store_32_be(seqnum, bigend_seqnum); + store_32_be(*seqnum, bigend_seqnum); code = krb5_copy_keyblock (context, enc, &enc_key); if (code) { From raeburn at MIT.EDU Wed Feb 4 21:16:25 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Wed, 4 Feb 2009 21:16:25 -0500 (EST) Subject: svn rev #21888: trunk/src/include/ Message-ID: <200902050216.VAA19703@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21888 Commit By: raeburn Log Message: ticket: 6364 subject: declare replacement [v]asprintf functions target_version: 1.7 tags: pullup If HAVE_VASPRINTF is not defined, make sure krb5int_{,v}asprintf functions always get declared, applying the preprocessor conditional test only to the GCC format attribute. If HAVE_VASPRINTF is defined, don't declare them at all. This fixes a bunch of function-not-declared warnings under Sun cc. Changed Files: U trunk/src/include/k5-platform.h Modified: trunk/src/include/k5-platform.h =================================================================== --- trunk/src/include/k5-platform.h 2009-02-05 01:49:21 UTC (rev 21887) +++ trunk/src/include/k5-platform.h 2009-02-05 02:16:22 UTC (rev 21888) @@ -912,15 +912,19 @@ #endif /* win32? */ #endif /* no vsnprintf */ +#ifndef HAVE_VASPRINTF + +extern int krb5int_vasprintf(char **, const char *, va_list) #if !defined(__cplusplus) && (__GNUC__ > 2) -extern int krb5int_vasprintf(char **, const char *, va_list) - __attribute__((__format__(__printf__, 2, 0))); + __attribute__((__format__(__printf__, 2, 0))) +#endif + ; extern int krb5int_asprintf(char **, const char *, ...) - __attribute__((__format__(__printf__, 2, 3))); +#if !defined(__cplusplus) && (__GNUC__ > 2) + __attribute__((__format__(__printf__, 2, 3))) #endif + ; -#ifndef HAVE_VASPRINTF - #define vasprintf krb5int_vasprintf /* Assume HAVE_ASPRINTF iff HAVE_VASPRINTF. */ #define asprintf krb5int_asprintf From raeburn at MIT.EDU Wed Feb 4 21:59:12 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Wed, 4 Feb 2009 21:59:12 -0500 (EST) Subject: svn rev #21889: trunk/src/ kadmin/server/ lib/kadm5/ plugins/kdb/db2/ Message-ID: <200902050259.VAA20926@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21889 Commit By: raeburn Log Message: ticket: 6365 subject: include omitted system header string.h target_version: 1.7 tags: pullup Sun cc warns about some of the string functions being undeclared in several source files. So, include string.h there. Changed Files: U trunk/src/kadmin/server/kadm_rpc_svc.c U trunk/src/lib/kadm5/chpass_util.c U trunk/src/plugins/kdb/db2/pol_xdr.c Modified: trunk/src/kadmin/server/kadm_rpc_svc.c =================================================================== --- trunk/src/kadmin/server/kadm_rpc_svc.c 2009-02-05 02:16:22 UTC (rev 21888) +++ trunk/src/kadmin/server/kadm_rpc_svc.c 2009-02-05 02:59:08 UTC (rev 21889) @@ -7,6 +7,7 @@ #include #include /* for gss_nt_krb5_name */ #include +#include #include "autoconf.h" #ifdef HAVE_MEMORY_H #include Modified: trunk/src/lib/kadm5/chpass_util.c =================================================================== --- trunk/src/lib/kadm5/chpass_util.c 2009-02-05 02:16:22 UTC (rev 21888) +++ trunk/src/lib/kadm5/chpass_util.c 2009-02-05 02:59:08 UTC (rev 21889) @@ -9,6 +9,7 @@ #include #endif #include +#include #include #include "admin_internal.h" Modified: trunk/src/plugins/kdb/db2/pol_xdr.c =================================================================== --- trunk/src/plugins/kdb/db2/pol_xdr.c 2009-02-05 02:16:22 UTC (rev 21888) +++ trunk/src/plugins/kdb/db2/pol_xdr.c 2009-02-05 02:59:08 UTC (rev 21889) @@ -6,6 +6,7 @@ #ifdef HAVE_MEMORY_H #include #endif +#include static bool_t xdr_nullstring(XDR *xdrs, char **objp) From ghudson at MIT.EDU Thu Feb 5 13:19:27 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 5 Feb 2009 13:19:27 -0500 (EST) Subject: svn rev #21890: trunk/src/lib/krb5/keytab/ Message-ID: <200902051819.NAA13146@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21890 Commit By: ghudson Log Message: ticket: 6367 tags: pullup target_version: 1.7 Fix a memory leak in krb5_kt_resolve when we fail to lock kt_typehead_lock. Changed Files: U trunk/src/lib/krb5/keytab/ktbase.c Modified: trunk/src/lib/krb5/keytab/ktbase.c =================================================================== --- trunk/src/lib/krb5/keytab/ktbase.c 2009-02-05 02:59:08 UTC (rev 21889) +++ trunk/src/lib/krb5/keytab/ktbase.c 2009-02-05 18:19:23 UTC (rev 21890) @@ -162,10 +162,10 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid) { const struct krb5_kt_typelist *tlist; - char *pfx; + char *pfx = NULL; unsigned int pfxlen; const char *cp, *resid; - krb5_error_code err; + krb5_error_code err = 0; cp = strchr (name, ':'); if (!cp) { @@ -201,7 +201,7 @@ err = k5_mutex_lock(&kt_typehead_lock); if (err) - return err; + goto cleanup; tlist = kt_typehead; /* Don't need to hold the lock, since entries are never modified or removed once they're in the list. Just need to protect @@ -209,12 +209,15 @@ k5_mutex_unlock(&kt_typehead_lock); for (; tlist; tlist = tlist->next) { if (strcmp (tlist->ops->prefix, pfx) == 0) { - free(pfx); - return (*tlist->ops->resolve)(context, resid, ktid); + err = (*tlist->ops->resolve)(context, resid, ktid); + goto cleanup; } } + err = KRB5_KT_UNKNOWN_TYPE; + +cleanup: free(pfx); - return KRB5_KT_UNKNOWN_TYPE; + return err; } /* From ghudson at MIT.EDU Thu Feb 5 13:26:49 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 5 Feb 2009 13:26:49 -0500 (EST) Subject: svn rev #21891: trunk/src/lib/krb5/os/ Message-ID: <200902051826.NAA13332@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21891 Commit By: ghudson Log Message: Coverity was nervous that hst_realm.c's domain_heuristic() wasn't checking for a NULL return from strchr. The code was safe because a previous call to strchr on the same argments was checked, but make Coverity less nervous by storing the result of that previous call and reusing it. Also make the function conform better to our standards. Changed Files: U trunk/src/lib/krb5/os/hst_realm.c Modified: trunk/src/lib/krb5/os/hst_realm.c =================================================================== --- trunk/src/lib/krb5/os/hst_realm.c 2009-02-05 18:19:23 UTC (rev 21890) +++ trunk/src/lib/krb5/os/hst_realm.c 2009-02-05 18:26:47 UTC (rev 21891) @@ -518,27 +518,28 @@ krb5_error_code retval = 0, r; struct addrlist alist; krb5_data drealm; - char *cp = NULL; - char *fqdn = NULL; + char *cp = NULL, *fqdn, *dot; *realm = NULL; if (limit < 0) return 0; memset(&drealm, 0, sizeof (drealm)); - if (!(fqdn = strdup(domain))) { + fqdn = strdup(domain); + if (!fqdn) { retval = ENOMEM; goto cleanup; } /* Upper case the domain (for use as a realm) */ - for (cp = fqdn; *cp; cp++) + for (cp = fqdn; *cp; cp++) { if (islower((int)(*cp))) *cp = toupper((int)*cp); + } /* Search up to limit parents, as long as we have multiple labels. */ cp = fqdn; - while (limit-- >= 0 && strchr(cp, '.') != NULL) { + while (limit-- >= 0 && (dot = strchr(cp, '.')) != NULL) { drealm.length = strlen(cp); drealm.data = cp; @@ -547,19 +548,18 @@ r = krb5_locate_kdc(context, &drealm, &alist, 0, SOCK_DGRAM, 0); if (!r) { /* Found a KDC! */ krb5int_free_addrlist(&alist); - if (!(*realm = strdup(cp))) { + *realm = strdup(cp); + if (!*realm) { retval = ENOMEM; goto cleanup; } break; } - cp = strchr(cp, '.'); - cp++; + cp = dot + 1; } cleanup: - if (fqdn) - free(fqdn); + free(fqdn); return retval; } From ghudson at MIT.EDU Thu Feb 5 13:34:58 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 5 Feb 2009 13:34:58 -0500 (EST) Subject: svn rev #21892: trunk/src/lib/krb5/keytab/ Message-ID: <200902051834.NAA13523@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21892 Commit By: ghudson Log Message: In krb5_ktfileint_find_slot, check for an error return from ftell. (Such an error will never happen in any reasonable stdio implementation but it's more correct to check.) Changed Files: U trunk/src/lib/krb5/keytab/kt_file.c Modified: trunk/src/lib/krb5/keytab/kt_file.c =================================================================== --- trunk/src/lib/krb5/keytab/kt_file.c 2009-02-05 18:26:47 UTC (rev 21891) +++ trunk/src/lib/krb5/keytab/kt_file.c 2009-02-05 18:34:57 UTC (rev 21892) @@ -1722,6 +1722,9 @@ * Make sure we zero any trailing data. */ zero_point = ftell(KTFILEP(id)); + if (zero_point < 0) { + return errno; + } while ((size = fread(iobuf, 1, sizeof(iobuf), KTFILEP(id)))) { if (size != sizeof(iobuf)) { remainder = size % sizeof(krb5_int32); From raeburn at MIT.EDU Thu Feb 5 13:42:13 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 5 Feb 2009 13:42:13 -0500 (EST) Subject: svn rev #21893: trunk/src/ include/ lib/kdb/ lib/krb5/ lib/krb5/krb/ Message-ID: <200902051842.NAA13749@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21893 Commit By: raeburn Log Message: Create and use (in several places) a variant of krb5int_copy_data_contents that adds a trailing '\0' so the result can be used as a C string. Changed Files: U trunk/src/include/k5-int.h U trunk/src/lib/kdb/kdb_cpw.c U trunk/src/lib/krb5/krb/bld_pr_ext.c U trunk/src/lib/krb5/krb/copy_data.c U trunk/src/lib/krb5/krb/copy_princ.c U trunk/src/lib/krb5/libkrb5.exports Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-02-05 18:34:57 UTC (rev 21892) +++ trunk/src/include/k5-int.h 2009-02-05 18:42:10 UTC (rev 21893) @@ -1149,6 +1149,9 @@ krb5int_copy_data_contents (krb5_context, const krb5_data *, krb5_data *); krb5_error_code +krb5int_copy_data_contents_add0 (krb5_context, const krb5_data *, krb5_data *); + +krb5_error_code krb5int_copy_creds_contents (krb5_context, const krb5_creds *, krb5_creds *); typedef krb5_error_code (*krb5_gic_get_as_key_fct) Modified: trunk/src/lib/kdb/kdb_cpw.c =================================================================== --- trunk/src/lib/kdb/kdb_cpw.c 2009-02-05 18:34:57 UTC (rev 21892) +++ trunk/src/lib/kdb/kdb_cpw.c 2009-02-05 18:42:10 UTC (rev 21893) @@ -1,7 +1,7 @@ /* * lib/kdb/kdb_cpw.c * - * Copyright 1995 by the Massachusetts Institute of Technology. + * Copyright 1995, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -431,32 +431,17 @@ key_salt.data.length = 0; key_salt.data.data = 0; break; - case KRB5_KDB_SALTTYPE_AFS3: { -#if 0 - krb5_data * saltdata; - if (retval = krb5_copy_data(context, krb5_princ_realm(context, - db_entry->princ), &saltdata)) - return(retval); - - key_salt.data = *saltdata; + case KRB5_KDB_SALTTYPE_AFS3: + /* The afs_mit_string_to_key needs to use strlen, and the + realm field is not (necessarily) NULL terminated. */ + retval = krb5int_copy_data_contents_add0(context, + krb5_princ_realm(context, + db_entry->princ), + &key_salt.data); + if (retval) + return retval; key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/ - free(saltdata); -#else - /* Why do we do this? Well, the afs_mit_string_to_key needs to - use strlen, and the realm is not NULL terminated.... */ - unsigned int slen = - (*krb5_princ_realm(context,db_entry->princ)).length; - if(!(key_salt.data.data = (char *) malloc(slen+1))) - return ENOMEM; - key_salt.data.data[slen] = 0; - memcpy(key_salt.data.data, - (*krb5_princ_realm(context,db_entry->princ)).data, - slen); - key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/ -#endif - - } - break; + break; default: return(KRB5_KDB_BAD_SALTTYPE); } Modified: trunk/src/lib/krb5/krb/bld_pr_ext.c =================================================================== --- trunk/src/lib/krb5/krb/bld_pr_ext.c 2009-02-05 18:34:57 UTC (rev 21892) +++ trunk/src/lib/krb5/krb/bld_pr_ext.c 2009-02-05 18:42:10 UTC (rev 21893) @@ -1,7 +1,7 @@ /* * lib/krb5/krb/bld_pr_ext.c * - * Copyright 1991, 2008 by the Massachusetts Institute of Technology. + * Copyright 1991, 2008, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -36,12 +36,10 @@ unsigned int rlen, const char * realm, ...) { va_list ap; - register int i, count = 0; - register unsigned int size; - register char *next; - char *tmpdata = 0; + int i, count = 0; krb5_data *princ_data; krb5_principal princ_ret; + krb5_data tmpdata; va_start(ap, realm); /* count up */ @@ -64,28 +62,22 @@ } princ_ret->data = princ_data; princ_ret->length = count; - tmpdata = malloc(rlen+1); - if (!tmpdata) { + tmpdata.length = rlen; + tmpdata.data = (char *) realm; + if (krb5int_copy_data_contents_add0(context, &tmpdata, &princ_ret->realm) != 0) { free(princ_data); free(princ_ret); return ENOMEM; } - krb5_princ_set_realm_length(context, princ_ret, rlen); - krb5_princ_set_realm_data(context, princ_ret, tmpdata); - memcpy(tmpdata, realm, rlen); - tmpdata[rlen] = 0; /* process rest of components */ va_start(ap, realm); for (i = 0; i < count; i++) { - size = va_arg(ap, unsigned int); - next = va_arg(ap, char *); - princ_data[i].length = size; - princ_data[i].data = malloc(size+1); - if (!princ_data[i].data) + tmpdata.length = va_arg(ap, unsigned int); + tmpdata.data = va_arg(ap, char *); + if (krb5int_copy_data_contents_add0(context, &tmpdata, + &princ_data[i]) != 0) goto free_out; - memcpy(princ_data[i].data, next, size); - princ_data[i].data[size] = 0; } va_end(ap); *princ = princ_ret; @@ -96,8 +88,8 @@ while (--i >= 0) free(princ_data[i].data); free(princ_data); + free(princ_ret->realm.data); free(princ_ret); - free(tmpdata); va_end(ap); return ENOMEM; } Modified: trunk/src/lib/krb5/krb/copy_data.c =================================================================== --- trunk/src/lib/krb5/krb/copy_data.c 2009-02-05 18:34:57 UTC (rev 21892) +++ trunk/src/lib/krb5/krb/copy_data.c 2009-02-05 18:42:10 UTC (rev 21893) @@ -1,7 +1,7 @@ /* * lib/krb5/krb/copy_data.c * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -75,3 +75,22 @@ return 0; } + +/* As above, but add an (uncounted) extra byte at the end to + null-terminate the data so it can be used as a standard C + string. */ +krb5_error_code +krb5int_copy_data_contents_add0(krb5_context context, const krb5_data *indata, krb5_data *outdata) +{ + if (!indata) + return EINVAL; + outdata->length = indata->length; + if (!(outdata->data = malloc(outdata->length + 1))) + return ENOMEM; + if (outdata->length) + memcpy(outdata->data, indata->data, outdata->length); + outdata->data[outdata->length] = 0; + outdata->magic = KV5M_DATA; + + return 0; +} Modified: trunk/src/lib/krb5/krb/copy_princ.c =================================================================== --- trunk/src/lib/krb5/krb/copy_princ.c 2009-02-05 18:34:57 UTC (rev 21892) +++ trunk/src/lib/krb5/krb/copy_princ.c 2009-02-05 18:42:10 UTC (rev 21893) @@ -1,7 +1,7 @@ /* * lib/krb5/krb/copy_princ.c * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -54,35 +54,25 @@ } for (i = 0; i < nelems; i++) { - unsigned int len = krb5_princ_component(context, inprinc, i)->length; - krb5_princ_component(context, tempprinc, i)->length = len; - if (len) { - if (((krb5_princ_component(context, tempprinc, i)->data = - malloc(len)) == 0)) { - while (--i >= 0) - free(krb5_princ_component(context, tempprinc, i)->data); - free (tempprinc->data); - free (tempprinc); - return ENOMEM; - } - memcpy(krb5_princ_component(context, tempprinc, i)->data, - krb5_princ_component(context, inprinc, i)->data, len); - } else - krb5_princ_component(context, tempprinc, i)->data = 0; + if (krb5int_copy_data_contents(context, + krb5_princ_component(context, inprinc, i), + krb5_princ_component(context, tempprinc, i)) != 0) { + while (--i >= 0) + free(krb5_princ_component(context, tempprinc, i)->data); + free (tempprinc->data); + free (tempprinc); + return ENOMEM; + } } - tempprinc->realm.data = - malloc((tempprinc->realm.length = inprinc->realm.length) + 1); - if (!tempprinc->realm.data) { + if (krb5int_copy_data_contents_add0(context, &inprinc->realm, + &tempprinc->realm) != 0) { for (i = 0; i < nelems; i++) free(krb5_princ_component(context, tempprinc, i)->data); free(tempprinc->data); free(tempprinc); return ENOMEM; } - memcpy(tempprinc->realm.data, inprinc->realm.data, - inprinc->realm.length); - tempprinc->realm.data[tempprinc->realm.length] = 0; *outprinc = tempprinc; return 0; Modified: trunk/src/lib/krb5/libkrb5.exports =================================================================== --- trunk/src/lib/krb5/libkrb5.exports 2009-02-05 18:34:57 UTC (rev 21892) +++ trunk/src/lib/krb5/libkrb5.exports 2009-02-05 18:42:10 UTC (rev 21893) @@ -506,6 +506,7 @@ krb5int_cc_default krb5int_cleanup_library krb5int_cm_call_select +krb5int_copy_data_contents_add0 krb5int_foreach_localaddr krb5int_free_addrlist krb5int_init_context_kdc From ghudson at MIT.EDU Thu Feb 5 13:43:11 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 5 Feb 2009 13:43:11 -0500 (EST) Subject: svn rev #21894: trunk/src/lib/krb5/krb/ Message-ID: <200902051843.NAA13906@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21894 Commit By: ghudson Log Message: ticket: 6368 tags: pullup target_version: 1.7 Add a missing break in the switch statement of krb5int_setpw_result_code_string. Changed Files: U trunk/src/lib/krb5/krb/chpw.c Modified: trunk/src/lib/krb5/krb/chpw.c =================================================================== --- trunk/src/lib/krb5/krb/chpw.c 2009-02-05 18:42:10 UTC (rev 21893) +++ trunk/src/lib/krb5/krb/chpw.c 2009-02-05 18:43:08 UTC (rev 21894) @@ -528,6 +528,7 @@ break; case 0: *code_string = "Success"; + break; default: *code_string = "Password change failed"; break; From epeisach at MIT.EDU Thu Feb 5 14:02:31 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Thu, 5 Feb 2009 14:02:31 -0500 (EST) Subject: svn rev #21895: trunk/src/lib/rpc/unit-test/ config/ rpc_test.0/ Message-ID: <200902051902.OAA14279@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21895 Commit By: epeisach Log Message: ticket: 6349 Detect failure to register with rpcbind/portmap due to security restrictons and not bomb out in tests. Changed Files: U trunk/src/lib/rpc/unit-test/config/unix.exp U trunk/src/lib/rpc/unit-test/rpc_test.0/expire.exp U trunk/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp U trunk/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp Modified: trunk/src/lib/rpc/unit-test/config/unix.exp =================================================================== --- trunk/src/lib/rpc/unit-test/config/unix.exp 2009-02-05 18:43:08 UTC (rev 21894) +++ trunk/src/lib/rpc/unit-test/config/unix.exp 2009-02-05 19:02:29 UTC (rev 21895) @@ -112,6 +112,10 @@ global server_started global kill + if { [info exists server_started] && $server_started == 0 } { + return + } + if {[catch { expect { -i $server_id @@ -143,6 +147,7 @@ verbose "% $SERVER" 1 set server_pid [spawn $SERVER $PROT] set server_id $spawn_id + set server_started 1 unset env(KRB5_KTNAME) @@ -150,6 +155,18 @@ expect { "running" { } + "Cannot register service" { + send_error "Server cannot register with portmap/rpcbind!!\n" + note "+++" + note "+++ These tests require the ability to register with portmap/rpcbind" + note "+++ Either the server is not running or it does not" + note "+++ allow registration using a loopback connection" + note "+++" + verbose $expect_out(buffer) 1 + set server_started 0 + unsupported "Server registration" + return + } eof { send_error "server exited!" verbose $expect_out(buffer) 1 Modified: trunk/src/lib/rpc/unit-test/rpc_test.0/expire.exp =================================================================== --- trunk/src/lib/rpc/unit-test/rpc_test.0/expire.exp 2009-02-05 18:43:08 UTC (rev 21894) +++ trunk/src/lib/rpc/unit-test/rpc_test.0/expire.exp 2009-02-05 19:02:29 UTC (rev 21895) @@ -2,7 +2,7 @@ load_lib "helpers.exp" -global spawn_id +global server_started proc expired {} { global spawn_id server_id @@ -18,8 +18,10 @@ flush_server } -expired +#if { [info exists server_pid] && ($server_pid >= 0) } { expired } +if { $server_started } {expired } + proc overlap {} { global spawn_id @@ -41,6 +43,6 @@ flush_server } -overlap +if { $server_started } {overlap} Modified: trunk/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp =================================================================== --- trunk/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp 2009-02-05 18:43:08 UTC (rev 21894) +++ trunk/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp 2009-02-05 19:02:29 UTC (rev 21895) @@ -4,7 +4,10 @@ global spawn_id global server_id +global server_started +if { !$server_started } {return} + # Start the client and do a full run start_client "full run" fullrun testuser notathena 8h 1026 set client_id $spawn_id Modified: trunk/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp =================================================================== --- trunk/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp 2009-02-05 18:43:08 UTC (rev 21894) +++ trunk/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp 2009-02-05 19:02:29 UTC (rev 21895) @@ -4,8 +4,11 @@ global spawn_id global server_id +global server_started global hostname +if { !$server_started } {return} + start_client "gss err" gsserr testuser notathena 8h 1026 notserver@$hostname eof_client "gss err" gsserr $spawn_id 2 From ghudson at MIT.EDU Thu Feb 5 14:44:38 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 5 Feb 2009 14:44:38 -0500 (EST) Subject: svn rev #21896: trunk/src/lib/krb5/rcache/ Message-ID: <200902051944.OAA15108@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21896 Commit By: ghudson Log Message: Change krb5_rc_resolve_type (not a public API) to allocate the rcache structure. Make output parameter values of krb5_rc_resolve_type and krb5_rc_default well-defined in case of errors. Changed Files: U trunk/src/lib/krb5/rcache/rc_base.c U trunk/src/lib/krb5/rcache/rc_dfl.c Modified: trunk/src/lib/krb5/rcache/rc_base.c =================================================================== --- trunk/src/lib/krb5/rcache/rc_base.c 2009-02-05 19:02:29 UTC (rev 21895) +++ trunk/src/lib/krb5/rcache/rc_base.c 2009-02-05 19:44:35 UTC (rev 21896) @@ -64,24 +64,39 @@ return 0; } -krb5_error_code krb5_rc_resolve_type(krb5_context context, krb5_rcache *id, +krb5_error_code krb5_rc_resolve_type(krb5_context context, krb5_rcache *idptr, char *type) { struct krb5_rc_typelist *t; krb5_error_code err; + krb5_rcache id; + + *idptr = NULL; + + /* Find the named type in the list. */ err = k5_mutex_lock(&rc_typelist_lock); if (err) return err; - for (t = typehead;t && strcmp(t->ops->type,type);t = t->next) + for (t = typehead; t && strcmp(t->ops->type, type); t = t->next) ; - if (!t) { - k5_mutex_unlock(&rc_typelist_lock); + k5_mutex_unlock(&rc_typelist_lock); + if (!t) return KRB5_RC_TYPE_NOTFOUND; + + /* Create and return the rcache structure. */ + id = malloc(sizeof(*id)); + if (!id) + return KRB5_RC_MALLOC; + err = k5_mutex_init(&id->lock); + if (err) { + free(id); + return err; } - /* allocate *id? nah */ - (*id)->ops = t->ops; - k5_mutex_unlock(&rc_typelist_lock); - return k5_mutex_init(&(*id)->lock); + id->data = NULL; /* Gets real data when resolved */ + id->magic = 0; /* Gets real magic after resolved */ + id->ops = t->ops; + *idptr = id; + return 0; } char * krb5_rc_get_type(krb5_context context, krb5_rcache id) @@ -108,25 +123,23 @@ } krb5_error_code -krb5_rc_default(krb5_context context, krb5_rcache *id) +krb5_rc_default(krb5_context context, krb5_rcache *idptr) { krb5_error_code retval; + krb5_rcache id; - if (!(*id = (krb5_rcache )malloc(sizeof(**id)))) - return KRB5_RC_MALLOC; - - if ((retval = krb5_rc_resolve_type(context, id, - krb5_rc_default_type(context)))) { - free(*id); + *idptr = NULL; + retval = krb5_rc_resolve_type(context, &id, krb5_rc_default_type(context)); + if (retval) return retval; - } - if ((retval = krb5_rc_resolve(context, *id, - krb5_rc_default_name(context)))) { - k5_mutex_destroy(&(*id)->lock); - free(*id); + retval = krb5_rc_resolve(context, id, krb5_rc_default_name(context)); + if (retval) { + k5_mutex_destroy(&id->lock); + free(id); return retval; } - (*id)->magic = KV5M_RCACHE; + id->magic = KV5M_RCACHE; + *idptr = id; return retval; } @@ -151,17 +164,10 @@ (void) strncpy(type, string_name, diff); type[residual - string_name] = '\0'; - if (!(id = (krb5_rcache) malloc(sizeof(*id)))) { - free(type); - return KRB5_RC_MALLOC; - } - - if ((retval = krb5_rc_resolve_type(context, &id,type))) { - free(type); - free(id); + retval = krb5_rc_resolve_type(context, &id,type); + free(type); + if (retval) return retval; - } - free(type); if ((retval = krb5_rc_resolve(context, id,residual + 1))) { k5_mutex_destroy(&id->lock); free(id); Modified: trunk/src/lib/krb5/rcache/rc_dfl.c =================================================================== --- trunk/src/lib/krb5/rcache/rc_dfl.c 2009-02-05 19:02:29 UTC (rev 21895) +++ trunk/src/lib/krb5/rcache/rc_dfl.c 2009-02-05 19:44:35 UTC (rev 21896) @@ -826,14 +826,9 @@ t = (struct dfl_data *)id->data; /* point to recovered cache */ } - tmp = (krb5_rcache) malloc(sizeof(*tmp)); - if (!tmp) - return ENOMEM; retval = krb5_rc_resolve_type(context, &tmp, "dfl"); - if (retval) { - free(tmp); + if (retval) return retval; - } retval = krb5_rc_resolve(context, tmp, 0); if (retval) goto cleanup; From ghudson at MIT.EDU Thu Feb 5 14:50:42 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 5 Feb 2009 14:50:42 -0500 (EST) Subject: svn rev #21897: trunk/src/lib/krb5/krb/ Message-ID: <200902051950.OAA15353@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21897 Commit By: ghudson Log Message: In recvauth_common, initialize ap_option. It can't be used uninitialized, but you can only deduce that by examining the relationships between ap_option, problem, and outbuf. Changed Files: U trunk/src/lib/krb5/krb/recvauth.c Modified: trunk/src/lib/krb5/krb/recvauth.c =================================================================== --- trunk/src/lib/krb5/krb/recvauth.c 2009-02-05 19:44:35 UTC (rev 21896) +++ trunk/src/lib/krb5/krb/recvauth.c 2009-02-05 19:50:41 UTC (rev 21897) @@ -50,7 +50,7 @@ krb5_data *version) { krb5_auth_context new_auth_context; - krb5_flags ap_option; + krb5_flags ap_option = 0; krb5_error_code retval, problem; krb5_data inbuf; krb5_data outbuf; From ghudson at MIT.EDU Thu Feb 5 14:59:10 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 5 Feb 2009 14:59:10 -0500 (EST) Subject: svn rev #21898: trunk/src/lib/krb5/rcache/ Message-ID: <200902051959.OAA15601@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21898 Commit By: ghudson Log Message: In krb5_rc_io_store, check the return value of krb5int_buf_len as well as krb5int_buf_data. The length can't be negative if the data is non-NULL, but Coverity doesn't know that. Changed Files: U trunk/src/lib/krb5/rcache/rc_dfl.c Modified: trunk/src/lib/krb5/rcache/rc_dfl.c =================================================================== --- trunk/src/lib/krb5/rcache/rc_dfl.c 2009-02-05 19:50:41 UTC (rev 21897) +++ trunk/src/lib/krb5/rcache/rc_dfl.c 2009-02-05 19:59:09 UTC (rev 21898) @@ -656,10 +656,11 @@ krb5_donot_replay *rep) { size_t clientlen, serverlen; + ssize_t buflen; unsigned int len; krb5_error_code ret; struct k5buf buf, extbuf; - char *ptr, *extstr; + char *bufptr, *extstr; clientlen = strlen(rep->client); serverlen = strlen(rep->server); @@ -706,11 +707,12 @@ krb5int_buf_add_len(&buf, (char *) &rep->cusec, sizeof(rep->cusec)); krb5int_buf_add_len(&buf, (char *) &rep->ctime, sizeof(rep->ctime)); - ptr = krb5int_buf_data(&buf); - if (ptr == NULL) + bufptr = krb5int_buf_data(&buf); + buflen = krb5int_buf_len(&buf); + if (bufptr == NULL || buflen < 0) return KRB5_RC_MALLOC; - ret = krb5_rc_io_write(context, &t->d, ptr, krb5int_buf_len(&buf)); + ret = krb5_rc_io_write(context, &t->d, bufptr, buflen); krb5int_free_buf(&buf); return ret; } From ghudson at MIT.EDU Thu Feb 5 15:07:47 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 5 Feb 2009 15:07:47 -0500 (EST) Subject: svn rev #21899: trunk/src/lib/krb5/krb/ Message-ID: <200902052007.PAA15860@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21899 Commit By: ghudson Log Message: In gc_frm_kdc.c's do_traversal(), fix an assert which was doing an assignment instead of a compare. Changed Files: U trunk/src/lib/krb5/krb/gc_frm_kdc.c Modified: trunk/src/lib/krb5/krb/gc_frm_kdc.c =================================================================== --- trunk/src/lib/krb5/krb/gc_frm_kdc.c 2009-02-05 19:59:09 UTC (rev 21898) +++ trunk/src/lib/krb5/krb/gc_frm_kdc.c 2009-02-05 20:07:45 UTC (rev 21899) @@ -745,7 +745,7 @@ } if (NXT_TGT_IS_CACHED(ts)) { - assert(ts->offpath_tgt = NULL); + assert(ts->offpath_tgt == NULL); *out_cc_tgt = *ts->cur_cc_tgt; *out_tgt = out_cc_tgt; MARK_CUR_CC_TGT_CLEAN(ts); From wfiveash at MIT.EDU Thu Feb 5 15:57:16 2009 From: wfiveash at MIT.EDU (wfiveash@MIT.EDU) Date: Thu, 5 Feb 2009 15:57:16 -0500 (EST) Subject: svn rev #21900: trunk/src/ kadmin/dbutil/ lib/kdb/ Message-ID: <200902052057.PAA16923@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21900 Commit By: wfiveash Log Message: ticket: 6371 subject: deal with memleaks in migrate mkey project Version_Reported: 1.7 Target_Version: 1.7 Tags: pullup Ken R. told me that Coverity found several potential memleaks introduced by the mkey migration project. This addresses those leaks and tweaks the code formatting in a few places. Changed Files: U trunk/src/kadmin/dbutil/kdb5_mkey.c U trunk/src/lib/kdb/kdb5.c U trunk/src/lib/kdb/kdb_default.c Modified: trunk/src/kadmin/dbutil/kdb5_mkey.c =================================================================== --- trunk/src/kadmin/dbutil/kdb5_mkey.c 2009-02-05 20:07:45 UTC (rev 21899) +++ trunk/src/kadmin/dbutil/kdb5_mkey.c 2009-02-05 20:57:09 UTC (rev 21900) @@ -187,8 +187,7 @@ } clean_n_exit: - if (mkey_aux_data_head) - krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_head); + krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_head); return (retval); } @@ -215,6 +214,10 @@ * called first to open the KDB and get the current mkey. */ + memset(&new_mkeyblock, 0, sizeof(new_mkeyblock)); + memset(&master_princ, 0, sizeof(master_princ)); + master_salt.data = NULL; + while ((optchar = getopt(argc, argv, "e:s")) != -1) { switch(optchar) { case 'e': @@ -254,19 +257,19 @@ "while getting master key principal %s", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries == 0) { com_err(progname, KRB5_KDB_NOENTRY, "principal %s not found in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries > 1) { com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "principal %s has multiple entries in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } printf("Creating new master key for master key principal '%s'\n", @@ -281,7 +284,7 @@ if (pw_str == NULL) { com_err(progname, ENOMEM, "while creating new master key"); exit_status++; - return; + goto cleanup_return; } retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2, @@ -289,7 +292,7 @@ if (retval) { com_err(progname, retval, "while reading new master key from keyboard"); exit_status++; - return; + goto cleanup_return; } new_mkey_password = pw_str; @@ -299,7 +302,7 @@ if (retval) { com_err(progname, retval, "while calculating master key salt"); exit_status++; - return; + goto cleanup_return; } retval = krb5_c_string_to_key(util_context, new_master_enctype, @@ -307,34 +310,34 @@ if (retval) { com_err(progname, retval, "while transforming master key from password"); exit_status++; - return; + goto cleanup_return; } retval = add_new_mkey(util_context, &master_entry, &new_mkeyblock, 0); if (retval) { com_err(progname, retval, "adding new master key to master principal"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_timeofday(util_context, &now))) { com_err(progname, retval, "while getting current time"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry, now, master_princ))) { com_err(progname, retval, "while updating the master key principal modification time"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_db_put_principal(util_context, &master_entry, &nentries))) { (void) krb5_db_fini(util_context); com_err(progname, retval, "while adding master key entry to the database"); exit_status++; - return; + goto cleanup_return; } if (do_stash) { @@ -349,6 +352,8 @@ printf("Warning: couldn't stash master key.\n"); } } + +cleanup_return: /* clean up */ (void) krb5_db_fini(util_context); zap((char *)master_keyblock.contents, master_keyblock.length); @@ -360,8 +365,7 @@ free(pw_str); } free(master_salt.data); - free(mkey_fullname); - + krb5_free_unparsed_name(util_context, mkey_fullname); return; } @@ -369,17 +373,19 @@ kdb5_use_mkey(int argc, char *argv[]) { krb5_error_code retval; - char *mkey_fullname; + char *mkey_fullname = NULL; krb5_kvno use_kvno; krb5_timestamp now, start_time; - krb5_actkvno_node *actkvno_list, *new_actkvno, + krb5_actkvno_node *actkvno_list = NULL, *new_actkvno = NULL, *prev_actkvno, *cur_actkvno; krb5_db_entry master_entry; - int nentries = 0; - krb5_boolean more = 0, found; - krb5_keylist_node *keylist_node; + int nentries = 0; + krb5_boolean more = FALSE; + krb5_keylist_node *keylist_node; krb5_boolean inserted = FALSE; + memset(&master_princ, 0, sizeof(master_princ)); + if (argc < 2 || argc > 3) { /* usage calls exit */ usage(); @@ -392,14 +398,12 @@ return; } else { /* verify use_kvno is valid */ - for (keylist_node = master_keylist, found = FALSE; keylist_node != NULL; + for (keylist_node = master_keylist; keylist_node != NULL; keylist_node = keylist_node->next) { - if (use_kvno == keylist_node->kvno) { - found = TRUE; + if (use_kvno == keylist_node->kvno) break; - } } - if (!found) { + if (!keylist_node) { com_err(progname, EINVAL, "%d is an invalid KVNO value", use_kvno); exit_status++; return; @@ -442,7 +446,7 @@ &mkey_fullname, &master_princ))) { com_err(progname, retval, "while setting up master key name"); exit_status++; - return; + goto cleanup_return; } retval = krb5_db_get_principal(util_context, master_princ, &master_entry, @@ -452,19 +456,19 @@ "while getting master key principal %s", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries == 0) { com_err(progname, KRB5_KDB_NOENTRY, "principal %s not found in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries > 1) { com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "principal %s has multiple entries in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list); @@ -472,7 +476,7 @@ com_err(progname, retval, "while looking up active version of master key"); exit_status++; - return; + goto cleanup_return; } /* @@ -511,7 +515,7 @@ if (new_actkvno == NULL) { com_err(progname, ENOMEM, "while adding new master key"); exit_status++; - return; + goto cleanup_return; } memset(new_actkvno, 0, sizeof(krb5_actkvno_node)); new_actkvno->act_kvno = use_kvno; @@ -548,34 +552,35 @@ if (actkvno_list->act_time > now) { com_err(progname, EINVAL, "there must be one master key currently active"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry, - /* new_actkvno_list_head))) { */ - actkvno_list))) { - com_err(progname, retval, "while updating actkvno data for master principal entry"); - exit_status++; - return; - } + actkvno_list))) { + com_err(progname, retval, "while updating actkvno data for master principal entry"); + exit_status++; + goto cleanup_return; + } if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry, now, master_princ))) { com_err(progname, retval, "while updating the master key principal modification time"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_db_put_principal(util_context, &master_entry, &nentries))) { (void) krb5_db_fini(util_context); com_err(progname, retval, "while adding master key entry to the database"); exit_status++; - return; + goto cleanup_return; } +cleanup_return: /* clean up */ (void) krb5_db_fini(util_context); - free(mkey_fullname); + krb5_free_unparsed_name(util_context, mkey_fullname); + krb5_free_principal(util_context, master_princ); krb5_dbe_free_actkvno_list(util_context, actkvno_list); return; } @@ -584,13 +589,13 @@ kdb5_list_mkeys(int argc, char *argv[]) { krb5_error_code retval; - char *mkey_fullname, *output_str = NULL, enctype[BUFSIZ]; + char *mkey_fullname = NULL, *output_str = NULL, enctype[BUFSIZ]; krb5_kvno act_kvno; krb5_timestamp act_time; - krb5_actkvno_node *actkvno_list = NULL, *cur_actkvno, *prev_actkvno; + krb5_actkvno_node *actkvno_list = NULL, *cur_actkvno; krb5_db_entry master_entry; int nentries = 0; - krb5_boolean more = 0; + krb5_boolean more = FALSE; krb5_keylist_node *cur_kb_node; krb5_keyblock *act_mkey; @@ -617,26 +622,26 @@ "while getting master key principal %s", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries == 0) { com_err(progname, KRB5_KDB_NOENTRY, "principal %s not found in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries > 1) { com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "principal %s has multiple entries in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list); if (retval != 0) { com_err(progname, retval, "while looking up active kvno list"); exit_status++; - return; + goto cleanup_return; } if (actkvno_list == NULL) { @@ -653,7 +658,7 @@ } else if (retval != 0) { com_err(progname, retval, "while looking up active master key"); exit_status++; - return; + goto cleanup_return; } } @@ -666,7 +671,7 @@ enctype, sizeof(enctype)))) { com_err(progname, retval, "while getting enctype description"); exit_status++; - return; + goto cleanup_return; } if (actkvno_list != NULL) { @@ -686,7 +691,7 @@ if ((retval = krb5_timeofday(util_context, &act_time))) { com_err(progname, retval, "while getting current time"); exit_status++; - return; + goto cleanup_return; } } @@ -706,22 +711,20 @@ if (retval == -1) { com_err(progname, ENOMEM, "asprintf could not allocate enough memory to hold output"); exit_status++; - return; + goto cleanup_return; } printf("%s", output_str); free(output_str); output_str = NULL; } +cleanup_return: /* clean up */ (void) krb5_db_fini(util_context); - free(mkey_fullname); + krb5_free_unparsed_name(util_context, mkey_fullname); free(output_str); - for (cur_actkvno = actkvno_list; cur_actkvno != NULL;) { - prev_actkvno = cur_actkvno; - cur_actkvno = cur_actkvno->next; - free(prev_actkvno); - } + krb5_free_principal(util_context, master_princ); + krb5_dbe_free_actkvno_list(util_context, actkvno_list); return; } @@ -845,7 +848,7 @@ goto fail; } - if (krb5_principal_compare (util_context, ent->princ, master_princ)) { + if (krb5_principal_compare(util_context, ent->princ, master_princ)) { goto skip; } @@ -1150,7 +1153,7 @@ { int optchar; krb5_error_code retval; - char *mkey_fullname; + char *mkey_fullname = NULL; krb5_timestamp now; krb5_db_entry master_entry; int nentries = 0; @@ -1160,10 +1163,13 @@ char buf[5]; unsigned int i, j, k, num_kvnos_inuse, num_kvnos_purged; unsigned int old_key_data_count; - krb5_actkvno_node *cur_actkvno_list, *actkvno_entry, *prev_actkvno_entry; - krb5_mkey_aux_node *cur_mkey_aux_list, *mkey_aux_entry, *prev_mkey_aux_entry; + krb5_actkvno_node *actkvno_list = NULL, *actkvno_entry, *prev_actkvno_entry; + krb5_mkey_aux_node *mkey_aux_list = NULL, *mkey_aux_entry, *prev_mkey_aux_entry; krb5_key_data *old_key_data; + memset(&master_princ, 0, sizeof(master_princ)); + memset(&args, 0, sizeof(args)); + optind = 1; while ((optchar = getopt(argc, argv, "fnv")) != -1) { switch(optchar) { @@ -1201,19 +1207,19 @@ "while getting master key principal %s", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries == 0) { com_err(progname, KRB5_KDB_NOENTRY, "principal %s not found in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries > 1) { com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "principal %s has multiple entries in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } if (!force) { @@ -1222,11 +1228,11 @@ printf("(type 'yes' to confirm)? "); if (fgets(buf, sizeof(buf), stdin) == NULL) { exit_status++; - return; + goto cleanup_return; } if (strcmp(buf, "yes\n")) { exit_status++; - return; + goto cleanup_return; } printf("OK, purging unused master keys from '%s'...\n", mkey_fullname); } @@ -1236,7 +1242,7 @@ if (old_key_data_count == 1) { if (verbose) printf("There is only one master key which can not be purged.\n"); - return; + goto cleanup_return; } old_key_data = master_entry.key_data; @@ -1245,7 +1251,7 @@ retval = ENOMEM; com_err(progname, ENOMEM, "while allocating args.kvnos"); exit_status++; - return; + goto cleanup_return; } memset(args.kvnos, 0, sizeof(struct kvnos_in_use) * old_key_data_count); args.num_kvnos = old_key_data_count; @@ -1261,7 +1267,7 @@ (krb5_pointer) &args))) { com_err(progname, retval, "while finding master keys in use"); exit_status++; - return; + goto cleanup_return; } /* * args.kvnos has been marked with the mkvno's that are currently protecting @@ -1282,7 +1288,7 @@ com_err(progname, KRB5_KDB_STORED_MKEY_NOTCURRENT, "master key stash file needs updating, command aborting"); exit_status++; - return; + goto cleanup_return; } num_kvnos_purged++; printf("KNVO: %d\n", args.kvnos[i].kvno); @@ -1291,26 +1297,26 @@ /* didn't find any keys to purge */ if (num_kvnos_inuse == args.num_kvnos) { printf("All keys in use, nothing purged.\n"); - goto clean_and_exit; + goto cleanup_return; } if (dry_run) { /* bail before doing anything else */ printf("%d key(s) would be purged.\n", num_kvnos_purged); - goto clean_and_exit; + goto cleanup_return; } - retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &cur_actkvno_list); + retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list); if (retval != 0) { com_err(progname, retval, "while looking up active kvno list"); exit_status++; - return; + goto cleanup_return; } - retval = krb5_dbe_lookup_mkey_aux(util_context, &master_entry, &cur_mkey_aux_list); + retval = krb5_dbe_lookup_mkey_aux(util_context, &master_entry, &mkey_aux_list); if (retval != 0) { com_err(progname, retval, "while looking up mkey aux data list"); exit_status++; - return; + goto cleanup_return; } master_entry.key_data = (krb5_key_data *) malloc(sizeof(krb5_key_data) * num_kvnos_inuse); @@ -1318,7 +1324,7 @@ retval = ENOMEM; com_err(progname, ENOMEM, "while allocating key_data"); exit_status++; - return; + goto cleanup_return; } memset(master_entry.key_data, 0, sizeof(krb5_key_data) * num_kvnos_inuse); master_entry.n_key_data = num_kvnos_inuse; /* there's only 1 mkey per kvno */ @@ -1336,15 +1342,15 @@ } else { /* remove unused mkey */ /* adjust the actkno data */ - for (prev_actkvno_entry = actkvno_entry = cur_actkvno_list; + for (prev_actkvno_entry = actkvno_entry = actkvno_list; actkvno_entry != NULL; actkvno_entry = actkvno_entry->next) { if (actkvno_entry->act_kvno == args.kvnos[j].kvno) { - if (actkvno_entry == cur_actkvno_list) { + if (actkvno_entry == actkvno_list) { /* remove from head */ - cur_actkvno_list = actkvno_entry->next; - prev_actkvno_entry = cur_actkvno_list; + actkvno_list = actkvno_entry->next; + prev_actkvno_entry = actkvno_list; } else if (actkvno_entry->next == NULL) { /* remove from tail */ prev_actkvno_entry->next = NULL; @@ -1352,27 +1358,29 @@ /* remove in between */ prev_actkvno_entry->next = actkvno_entry->next; } - /* XXX WAF: free actkvno_entry */ + actkvno_entry->next = NULL; + krb5_dbe_free_actkvno_list(util_context, actkvno_entry); break; /* deleted entry, no need to loop further */ } else { prev_actkvno_entry = actkvno_entry; } } /* adjust the mkey aux data */ - for (prev_mkey_aux_entry = mkey_aux_entry = cur_mkey_aux_list; + for (prev_mkey_aux_entry = mkey_aux_entry = mkey_aux_list; mkey_aux_entry != NULL; mkey_aux_entry = mkey_aux_entry->next) { if (mkey_aux_entry->mkey_kvno == args.kvnos[j].kvno) { - if (mkey_aux_entry == cur_mkey_aux_list) { - cur_mkey_aux_list = mkey_aux_entry->next; - prev_mkey_aux_entry = cur_mkey_aux_list; + if (mkey_aux_entry == mkey_aux_list) { + mkey_aux_list = mkey_aux_entry->next; + prev_mkey_aux_entry = mkey_aux_list; } else if (mkey_aux_entry->next == NULL) { prev_mkey_aux_entry->next = NULL; } else { prev_mkey_aux_entry->next = mkey_aux_entry->next; } - /* XXX WAF: free mkey_aux_entry */ + mkey_aux_entry->next = NULL; + krb5_dbe_free_mkey_aux_list(util_context, mkey_aux_entry); break; /* deleted entry, no need to loop further */ } else { prev_mkey_aux_entry = mkey_aux_entry; @@ -1385,15 +1393,15 @@ assert(k == num_kvnos_inuse); if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry, - cur_actkvno_list))) { + actkvno_list))) { com_err(progname, retval, "while updating actkvno data for master principal entry"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_dbe_update_mkey_aux(util_context, &master_entry, - cur_mkey_aux_list))) { + mkey_aux_list))) { com_err(progname, retval, "while updating mkey_aux data for master principal entry"); exit_status++; @@ -1403,7 +1411,7 @@ if ((retval = krb5_timeofday(util_context, &now))) { com_err(progname, retval, "while getting current time"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry, @@ -1411,21 +1419,24 @@ com_err(progname, retval, "while updating the master key principal modification time"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_db_put_principal(util_context, &master_entry, &nentries))) { (void) krb5_db_fini(util_context); com_err(progname, retval, "while adding master key entry to the database"); exit_status++; - return; + goto cleanup_return; } printf("%d key(s) purged.\n", num_kvnos_purged); -clean_and_exit: +cleanup_return: /* clean up */ (void) krb5_db_fini(util_context); + krb5_free_principal(util_context, master_princ); free(args.kvnos); - free(mkey_fullname); + krb5_free_unparsed_name(util_context, mkey_fullname); + krb5_dbe_free_actkvno_list(util_context, actkvno_list); + krb5_dbe_free_mkey_aux_list(util_context, mkey_aux_list); return; } Modified: trunk/src/lib/kdb/kdb5.c =================================================================== --- trunk/src/lib/kdb/kdb5.c 2009-02-05 20:07:45 UTC (rev 21899) +++ trunk/src/lib/kdb/kdb5.c 2009-02-05 20:57:09 UTC (rev 21900) @@ -115,11 +115,13 @@ { int i, idx; - idx = (key->key_data_ver == 1 ? 1 : 2); - for (i = 0; i < idx; i++) { - if (key->key_data_contents[i]) { - zap(key->key_data_contents[i], key->key_data_length[i]); - free(key->key_data_contents[i]); + if (key) { + idx = (key->key_data_ver == 1 ? 1 : 2); + for (i = 0; i < idx; i++) { + if (key->key_data_contents[i]) { + zap(key->key_data_contents[i], key->key_data_length[i]); + free(key->key_data_contents[i]); + } } } return; @@ -2383,6 +2385,7 @@ if (new_data->latest_mkey.key_data_contents[0] == NULL) { krb5_dbe_free_mkey_aux_list(context, head_data); + free(new_data); return (ENOMEM); } memcpy(new_data->latest_mkey.key_data_contents[0], curloc, Modified: trunk/src/lib/kdb/kdb_default.c =================================================================== --- trunk/src/lib/kdb/kdb_default.c 2009-02-05 20:07:45 UTC (rev 21899) +++ trunk/src/lib/kdb/kdb_default.c 2009-02-05 20:57:09 UTC (rev 21900) @@ -516,13 +516,14 @@ krb5_keyblock cur_mkey; krb5_keylist_node *mkey_list_head = NULL, **mkey_list_node; krb5_key_data *key_data; - krb5_mkey_aux_node *mkey_aux_data_list, *aux_data_entry; + krb5_mkey_aux_node *mkey_aux_data_list = NULL, *aux_data_entry; int i; if (mkeys_list == NULL) return (EINVAL); memset(&cur_mkey, 0, sizeof(cur_mkey)); + memset(&master_entry, 0, sizeof(master_entry)); nprinc = 1; if ((retval = krb5_db_get_principal(context, mprinc, @@ -645,6 +646,7 @@ clean_n_exit: krb5_db_free_principal(context, &master_entry, nprinc); + krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_list); if (retval != 0) krb5_dbe_free_key_list(context, mkey_list_head); return retval; From ghudson at MIT.EDU Thu Feb 5 16:27:58 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 5 Feb 2009 16:27:58 -0500 (EST) Subject: svn rev #21901: trunk/src/lib/krb5/krb/ Message-ID: <200902052127.QAA17574@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21901 Commit By: ghudson Log Message: ticket: 6372 subject: Fix memory handling bug in mk_req_ext tags: pullup target_version: 1.7 In make_etype_list, assign *authdata before we have a chance to fail, since we may have invalidated the previous value with realloc. Changed Files: U trunk/src/lib/krb5/krb/mk_req_ext.c Modified: trunk/src/lib/krb5/krb/mk_req_ext.c =================================================================== --- trunk/src/lib/krb5/krb/mk_req_ext.c 2009-02-05 20:57:09 UTC (rev 21900) +++ trunk/src/lib/krb5/krb/mk_req_ext.c 2009-02-05 21:27:54 UTC (rev 21901) @@ -391,6 +391,7 @@ krb5_free_data(context, ad_if_relevant); return ENOMEM; } + *authdata = adata; adata[i] = (krb5_authdata *)malloc(sizeof(krb5_authdata)); if (adata[i] == NULL) { @@ -405,8 +406,6 @@ adata[i + 1] = NULL; - *authdata = adata; - return 0; } From raeburn at MIT.EDU Thu Feb 5 16:56:23 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 5 Feb 2009 16:56:23 -0500 (EST) Subject: svn rev #21902: trunk/src/include/ Message-ID: <200902052156.QAA18070@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21902 Commit By: raeburn Log Message: use casts, for c++ compilation on windows Changed Files: U trunk/src/include/k5-platform.h Modified: trunk/src/include/k5-platform.h =================================================================== --- trunk/src/include/k5-platform.h 2009-02-05 21:27:54 UTC (rev 21901) +++ trunk/src/include/k5-platform.h 2009-02-05 21:56:21 UTC (rev 21902) @@ -533,10 +533,12 @@ # define SWAP64 OSSwapInt64 #endif +/* Note that on Windows at least this file can be included from C++ + source, so casts *from* void* are required. */ static inline void store_16_be (unsigned int val, void *vp) { - unsigned char *p = vp; + unsigned char *p = (unsigned char *) vp; #if defined(__GNUC__) && defined(K5_BE) PUT(16,p,val); #elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP16) @@ -549,7 +551,7 @@ static inline void store_32_be (unsigned int val, void *vp) { - unsigned char *p = vp; + unsigned char *p = (unsigned char *) vp; #if defined(__GNUC__) && defined(K5_BE) PUT(32,p,val); #elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP32) @@ -564,7 +566,7 @@ static inline void store_64_be (UINT64_TYPE val, void *vp) { - unsigned char *p = vp; + unsigned char *p = (unsigned char *) vp; #if defined(__GNUC__) && defined(K5_BE) PUT(64,p,val); #elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP64) @@ -583,7 +585,7 @@ static inline unsigned short load_16_be (const void *cvp) { - const unsigned char *p = cvp; + const unsigned char *p = (const unsigned char *) cvp; #if defined(__GNUC__) && defined(K5_BE) return GET(16,p); #elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP16) @@ -595,7 +597,7 @@ static inline unsigned int load_32_be (const void *cvp) { - const unsigned char *p = cvp; + const unsigned char *p = (const unsigned char *) cvp; #if defined(__GNUC__) && defined(K5_BE) return GET(32,p); #elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP32) @@ -609,7 +611,7 @@ static inline UINT64_TYPE load_64_be (const void *cvp) { - const unsigned char *p = cvp; + const unsigned char *p = (const unsigned char *) cvp; #if defined(__GNUC__) && defined(K5_BE) return GET(64,p); #elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP64) @@ -621,7 +623,7 @@ static inline void store_16_le (unsigned int val, void *vp) { - unsigned char *p = vp; + unsigned char *p = (unsigned char *) vp; #if defined(__GNUC__) && defined(K5_LE) PUT(16,p,val); #elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP16) @@ -634,7 +636,7 @@ static inline void store_32_le (unsigned int val, void *vp) { - unsigned char *p = vp; + unsigned char *p = (unsigned char *) vp; #if defined(__GNUC__) && defined(K5_LE) PUT(32,p,val); #elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP32) @@ -649,7 +651,7 @@ static inline void store_64_le (UINT64_TYPE val, void *vp) { - unsigned char *p = vp; + unsigned char *p = (unsigned char *) vp; #if defined(__GNUC__) && defined(K5_LE) PUT(64,p,val); #elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP64) @@ -668,7 +670,7 @@ static inline unsigned short load_16_le (const void *cvp) { - const unsigned char *p = cvp; + const unsigned char *p = (const unsigned char *) cvp; #if defined(__GNUC__) && defined(K5_LE) return GET(16,p); #elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP16) @@ -680,7 +682,7 @@ static inline unsigned int load_32_le (const void *cvp) { - const unsigned char *p = cvp; + const unsigned char *p = (const unsigned char *) cvp; #if defined(__GNUC__) && defined(K5_LE) return GET(32,p); #elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP32) @@ -692,7 +694,7 @@ static inline UINT64_TYPE load_64_le (const void *cvp) { - const unsigned char *p = cvp; + const unsigned char *p = (const unsigned char *) cvp; #if defined(__GNUC__) && defined(K5_LE) return GET(64,p); #elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP64) From raeburn at MIT.EDU Thu Feb 5 20:07:39 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 5 Feb 2009 20:07:39 -0500 (EST) Subject: svn rev #21903: trunk/src/lib/gssapi/krb5/ Message-ID: <200902060107.UAA23406@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21903 Commit By: raeburn Log Message: ticket: 6373 subject: remove some redundant or useless qualifiers target_version: 1.7 tags: pullup Remove some redundant qualifiers specified redundantly multiple times more than once in variable declarations. Also remove some useless qualifiers in casts and function argument declarations. Changed Files: U trunk/src/lib/gssapi/krb5/krb5_gss_glue.c Modified: trunk/src/lib/gssapi/krb5/krb5_gss_glue.c =================================================================== --- trunk/src/lib/gssapi/krb5/krb5_gss_glue.c 2009-02-05 21:56:21 UTC (rev 21902) +++ trunk/src/lib/gssapi/krb5/krb5_gss_glue.c 2009-02-06 01:07:32 UTC (rev 21903) @@ -60,7 +60,7 @@ gss_ctx_id_t context_handle, krb5_flags *ticket_flags) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH, GSS_KRB5_GET_TKT_FLAGS_OID }; OM_uint32 major_status; @@ -71,7 +71,7 @@ major_status = gss_inquire_sec_context_by_oid(minor_status, context_handle, - (const gss_OID)&req_oid, + (gss_OID)&req_oid, &data_set); if (major_status != GSS_S_COMPLETE) return major_status; @@ -98,7 +98,7 @@ gss_cred_id_t cred_handle, krb5_ccache out_ccache) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_COPY_CCACHE_OID_LENGTH, GSS_KRB5_COPY_CCACHE_OID }; OM_uint32 major_status; @@ -112,7 +112,7 @@ major_status = gssspi_set_cred_option(minor_status, cred_handle, - (const gss_OID)&req_oid, + (gss_OID)&req_oid, &req_buffer); return major_status; @@ -180,7 +180,7 @@ OM_uint32 num_ktypes, krb5_enctype *ktypes) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID }; OM_uint32 major_status; @@ -195,7 +195,7 @@ major_status = gssspi_set_cred_option(minor_status, cred, - (const gss_OID)&req_oid, + (gss_OID)&req_oid, &req_buffer); return major_status; @@ -207,7 +207,7 @@ const char *name, const char **out_name) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_CCACHE_NAME_OID_LENGTH, GSS_KRB5_CCACHE_NAME_OID }; OM_uint32 major_status; @@ -221,8 +221,8 @@ req_buffer.value = &req; major_status = gssspi_mech_invoke(minor_status, - (const gss_OID)gss_mech_krb5, - (const gss_OID)&req_oid, + (gss_OID)gss_mech_krb5, + (gss_OID)&req_oid, &req_buffer); return major_status; @@ -233,7 +233,7 @@ OM_uint32 *minor_status, void *kctx) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID }; OM_uint32 major_status; @@ -243,8 +243,8 @@ req_buffer.value = kctx; major_status = gssspi_mech_invoke(minor_status, - (const gss_OID)gss_mech_krb5, - (const gss_OID)&req_oid, + (gss_OID)gss_mech_krb5, + (gss_OID)&req_oid, &req_buffer); return major_status; @@ -253,7 +253,7 @@ OM_uint32 KRB5_CALLCONV krb5_gss_register_acceptor_identity(const char *keytab) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID }; OM_uint32 major_status; @@ -264,8 +264,8 @@ req_buffer.value = (char *)keytab; major_status = gssspi_mech_invoke(&minor_status, - (const gss_OID)gss_mech_krb5, - (const gss_OID)&req_oid, + (gss_OID)gss_mech_krb5, + (gss_OID)&req_oid, &req_buffer); return major_status; @@ -274,7 +274,7 @@ krb5_error_code krb5_gss_use_kdc_context(void) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, GSS_KRB5_USE_KDC_CONTEXT_OID }; OM_uint32 major_status; @@ -286,8 +286,8 @@ req_buffer.value = NULL; major_status = gssspi_mech_invoke(&minor_status, - (const gss_OID)gss_mech_krb5, - (const gss_OID)&req_oid, + (gss_OID)gss_mech_krb5, + (gss_OID)&req_oid, &req_buffer); if (major_status != GSS_S_COMPLETE) { @@ -308,7 +308,7 @@ OM_uint32 KRB5_CALLCONV gsskrb5_extract_authz_data_from_sec_context( OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, + gss_ctx_id_t context_handle, int ad_type, gss_buffer_t ad_data) { @@ -333,7 +333,7 @@ major_status = gss_inquire_sec_context_by_oid(minor_status, context_handle, - (const gss_OID)&req_oid, + (gss_OID)&req_oid, &data_set); if (major_status != GSS_S_COMPLETE) { return major_status; @@ -363,7 +363,7 @@ gss_cred_id_t cred, krb5_rcache rcache) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH, GSS_KRB5_SET_CRED_RCACHE_OID }; OM_uint32 major_status; @@ -374,7 +374,7 @@ major_status = gssspi_set_cred_option(minor_status, cred, - (const gss_OID)&req_oid, + (gss_OID)&req_oid, &req_buffer); return major_status; @@ -385,7 +385,7 @@ gss_ctx_id_t context_handle, krb5_timestamp *authtime) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID }; OM_uint32 major_status; @@ -396,7 +396,7 @@ major_status = gss_inquire_sec_context_by_oid(minor_status, context_handle, - (const gss_OID)&req_oid, + (gss_OID)&req_oid, &data_set); if (major_status != GSS_S_COMPLETE) return major_status; From epeisach at MIT.EDU Thu Feb 5 21:45:23 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Thu, 5 Feb 2009 21:45:23 -0500 (EST) Subject: svn rev #21904: trunk/src/lib/rpc/ Message-ID: <200902060245.VAA24980@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21904 Commit By: epeisach Log Message: Cleanup some warnings due to getsockname's third argument is sometimes unsigned. Use GETSOCKNAME_ARG3_TYPE and fallback to int if not defined. Changed Files: U trunk/src/lib/rpc/clnt_tcp.c U trunk/src/lib/rpc/clnt_udp.c U trunk/src/lib/rpc/pmap_rmt.c Modified: trunk/src/lib/rpc/clnt_tcp.c =================================================================== --- trunk/src/lib/rpc/clnt_tcp.c 2009-02-06 01:07:32 UTC (rev 21903) +++ trunk/src/lib/rpc/clnt_tcp.c 2009-02-06 02:45:21 UTC (rev 21904) @@ -64,6 +64,10 @@ #define MCALL_MSG_SIZE 24 +#ifndef GETSOCKNAME_ARG3_TYPE +#define GETSOCKNAME_ARG3_TYPE int +#endif + static enum clnt_stat clnttcp_call(CLIENT *, rpcproc_t, xdrproc_t, void *, xdrproc_t, void *, struct timeval); static void clnttcp_abort(CLIENT *); @@ -372,7 +376,7 @@ void *info) { register struct ct_data *ct = (struct ct_data *)cl->cl_private; - int len; + GETSOCKNAME_ARG3_TYPE len; switch (request) { case CLSET_TIMEOUT: Modified: trunk/src/lib/rpc/clnt_udp.c =================================================================== --- trunk/src/lib/rpc/clnt_udp.c 2009-02-06 01:07:32 UTC (rev 21903) +++ trunk/src/lib/rpc/clnt_udp.c 2009-02-06 02:45:21 UTC (rev 21904) @@ -52,6 +52,9 @@ #include #include +#ifndef GETSOCKNAME_ARG3_TYPE +#define GETSOCKNAME_ARG3_TYPE int +#endif /* * UDP bases client side rpc operations @@ -82,7 +85,7 @@ struct sockaddr_in cu_raddr; int cu_rlen; struct sockaddr_in cu_laddr; - int cu_llen; + GETSOCKNAME_ARG3_TYPE cu_llen; struct timeval cu_wait; struct timeval cu_total; struct rpc_err cu_error; @@ -235,7 +238,7 @@ register XDR *xdrs; register int outlen; register int inlen; - int fromlen; + GETSOCKNAME_ARG3_TYPE fromlen; /* Assumes recvfrom uses same type */ #ifdef FD_SETSIZE fd_set readfds; fd_set mask; Modified: trunk/src/lib/rpc/pmap_rmt.c =================================================================== --- trunk/src/lib/rpc/pmap_rmt.c 2009-02-06 01:07:32 UTC (rev 21903) +++ trunk/src/lib/rpc/pmap_rmt.c 2009-02-06 02:45:21 UTC (rev 21904) @@ -64,6 +64,9 @@ static struct timeval timeout = { 3, 0 }; +#ifndef GETSOCKNAME_ARG3_TYPE +#define GETSOCKNAME_ARG3_TYPE int +#endif /* * pmapper remote-call-service interface. @@ -245,7 +248,8 @@ AUTH *unix_auth = authunix_create_default(); XDR xdr_stream; register XDR *xdrs = &xdr_stream; - int outlen, inlen, fromlen, nets; + int outlen, inlen, nets; + GETSOCKNAME_ARG3_TYPE fromlen; SOCKET sock; int on = 1; #ifdef FD_SETSIZE From epeisach at MIT.EDU Thu Feb 5 21:46:16 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Thu, 5 Feb 2009 21:46:16 -0500 (EST) Subject: svn rev #21905: trunk/src/util/ss/ Message-ID: <200902060246.VAA25070@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21905 Commit By: epeisach Log Message: Unsigned/signed warnings cleanup. Changed Files: U trunk/src/util/ss/execute_cmd.c Modified: trunk/src/util/ss/execute_cmd.c =================================================================== --- trunk/src/util/ss/execute_cmd.c 2009-02-06 02:45:21 UTC (rev 21904) +++ trunk/src/util/ss/execute_cmd.c 2009-02-06 02:46:14 UTC (rev 21905) @@ -138,8 +138,9 @@ int sci_idx; register char *argv[]; { - register int i, argc; + register unsigned int i, argc; char **argp; + int ret; argc = 0; for (argp = argv; *argp; argp++) @@ -147,9 +148,9 @@ argp = (char **)malloc((argc+1)*sizeof(char *)); for (i = 0; i <= argc; i++) argp[i] = argv[i]; - i = really_execute_command(sci_idx, argc, &argp); + ret = really_execute_command(sci_idx, argc, &argp); free(argp); - return(i); + return(ret); } /* From epeisach at MIT.EDU Fri Feb 6 00:22:38 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Fri, 6 Feb 2009 00:22:38 -0500 (EST) Subject: svn rev #21906: trunk/src/lib/kadm5/ Message-ID: <200902060522.AAA27677@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21906 Commit By: epeisach Log Message: ticket: 6374 subject: Do not assume sizeof(bool_t) == sizeof(krb5_boolean) bool_t is defined as int, krb5_boolean as unsigned int. These are similar size but someone someday might change the krb5_boolean. Instead of passing a krb5_boolean * to xdr_bool, implement xdr_krb5_boolean which keeps the different types separate. This cleans up a number of warnings. Changed Files: U trunk/src/lib/kadm5/kadm_rpc_xdr.c Modified: trunk/src/lib/kadm5/kadm_rpc_xdr.c =================================================================== --- trunk/src/lib/kadm5/kadm_rpc_xdr.c 2009-02-06 02:46:14 UTC (rev 21905) +++ trunk/src/lib/kadm5/kadm_rpc_xdr.c 2009-02-06 05:22:34 UTC (rev 21906) @@ -220,6 +220,29 @@ +static bool_t xdr_krb5_boolean(XDR *xdrs, krb5_boolean *kbool) +{ + bool_t val; + + switch (xdrs->x_op) { + case XDR_DECODE: + if (!xdr_bool(xdrs, &val)) + return FALSE; + + *kbool = (val == FALSE) ? FALSE : TRUE; + return TRUE; + + case XDR_ENCODE: + val = *kbool ? TRUE : FALSE; + return xdr_bool(xdrs, &val); + + case XDR_FREE: + return TRUE; + } + + return FALSE; +} + bool_t xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp) { /* @@ -655,7 +678,7 @@ if (!xdr_krb5_principal(xdrs, &objp->princ)) { return (FALSE); } - if (!xdr_bool(xdrs, &objp->keepold)) { + if (!xdr_krb5_boolean(xdrs, &objp->keepold)) { return (FALSE); } if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple, @@ -715,7 +738,7 @@ if (!xdr_krb5_principal(xdrs, &objp->princ)) { return (FALSE); } - if (!xdr_bool(xdrs, &objp->keepold)) { + if (!xdr_krb5_boolean(xdrs, &objp->keepold)) { return (FALSE); } if (!xdr_array(xdrs, (caddr_t *) &objp->ks_tuple, @@ -752,7 +775,7 @@ if (!xdr_krb5_principal(xdrs, &objp->princ)) { return (FALSE); } - if (!xdr_bool(xdrs, &objp->keepold)) { + if (!xdr_krb5_boolean(xdrs, &objp->keepold)) { return (FALSE); } if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple, From epeisach at MIT.EDU Fri Feb 6 00:31:10 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Fri, 6 Feb 2009 00:31:10 -0500 (EST) Subject: svn rev #21907: trunk/src/lib/krb5/krb/ Message-ID: <200902060531.AAA27880@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21907 Commit By: epeisach Log Message: Change variable accepting return from strftime to time_t. This matches prototype for function and removes a signed/unsigned warning. Changed Files: U trunk/src/lib/krb5/krb/str_conv.c Modified: trunk/src/lib/krb5/krb/str_conv.c =================================================================== --- trunk/src/lib/krb5/krb/str_conv.c 2009-02-06 05:22:34 UTC (rev 21906) +++ trunk/src/lib/krb5/krb/str_conv.c 2009-02-06 05:31:09 UTC (rev 21907) @@ -217,7 +217,7 @@ krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string(krb5_timestamp timestamp, char *buffer, size_t buflen) { - int ret; + size_t ret; time_t timestamp2 = timestamp; struct tm tmbuf; const char *fmt = "%c"; /* This is to get around gcc -Wall warning that From epeisach at MIT.EDU Fri Feb 6 00:42:34 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Fri, 6 Feb 2009 00:42:34 -0500 (EST) Subject: svn rev #21908: trunk/src/lib/crypto/ enc_provider/ Message-ID: <200902060542.AAA28130@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21908 Commit By: epeisach Log Message: Unsigned/signed fixes Changed Files: U trunk/src/lib/crypto/enc_provider/aes.c U trunk/src/lib/crypto/enc_provider/des.c U trunk/src/lib/crypto/enc_provider/des3.c U trunk/src/lib/crypto/string_to_enctype.c Modified: trunk/src/lib/crypto/enc_provider/aes.c =================================================================== --- trunk/src/lib/crypto/enc_provider/aes.c 2009-02-06 05:31:09 UTC (rev 21907) +++ trunk/src/lib/crypto/enc_provider/aes.c 2009-02-06 05:42:32 UTC (rev 21908) @@ -286,7 +286,8 @@ { aes_ctx ctx; char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE]; - int nblocks = 0, blockno, i; + int nblocks = 0, blockno; + unsigned int i; size_t input_length; CHECK_SIZES; Modified: trunk/src/lib/crypto/enc_provider/des.c =================================================================== --- trunk/src/lib/crypto/enc_provider/des.c 2009-02-06 05:31:09 UTC (rev 21907) +++ trunk/src/lib/crypto/enc_provider/des.c 2009-02-06 05:42:32 UTC (rev 21908) @@ -113,7 +113,7 @@ { mit_des_key_schedule schedule; size_t input_length = 0; - int i; + unsigned int i; /* key->enctype was checked by the caller */ Modified: trunk/src/lib/crypto/enc_provider/des3.c =================================================================== --- trunk/src/lib/crypto/enc_provider/des3.c 2009-02-06 05:31:09 UTC (rev 21907) +++ trunk/src/lib/crypto/enc_provider/des3.c 2009-02-06 05:42:32 UTC (rev 21908) @@ -177,7 +177,7 @@ /* this has a return value, but the code always returns zero */ krb5int_des3_cbc_encrypt_iov(data, num_data, schedule[0], schedule[1], schedule[2], - ivec != NULL ? (const unsigned char *) ivec->data : NULL); + ivec != NULL ? (unsigned char *) ivec->data : NULL); zap(schedule, sizeof(schedule)); @@ -200,7 +200,7 @@ /* this has a return value, but the code always returns zero */ krb5int_des3_cbc_decrypt_iov(data, num_data, schedule[0], schedule[1], schedule[2], - ivec != NULL ? (const unsigned char *) ivec->data : NULL); + ivec != NULL ? (unsigned char *) ivec->data : NULL); zap(schedule, sizeof(schedule)); Modified: trunk/src/lib/crypto/string_to_enctype.c =================================================================== --- trunk/src/lib/crypto/string_to_enctype.c 2009-02-06 05:31:09 UTC (rev 21907) +++ trunk/src/lib/crypto/string_to_enctype.c 2009-02-06 05:42:32 UTC (rev 21908) @@ -30,7 +30,7 @@ krb5_error_code KRB5_CALLCONV krb5_string_to_enctype(char *string, krb5_enctype *enctypep) { - int i, j; + unsigned int i, j; for (i=0; i http://src.mit.edu/fisheye/changelog/krb5/?cs=21909 Commit By: ghudson Log Message: ticket: 6375 subject: Fix error handling in krb5_walk_realm_tree tags: pullup target_version: 1.7 rtree_hier_realms was forgetting to assign the return value of krb5int_copy_data_contents to retval, which would cause a failure to notice out-of-memory conditions. Changed Files: U trunk/src/lib/krb5/krb/walk_rtree.c Modified: trunk/src/lib/krb5/krb/walk_rtree.c =================================================================== --- trunk/src/lib/krb5/krb/walk_rtree.c 2009-02-06 05:42:32 UTC (rev 21908) +++ trunk/src/lib/krb5/krb/walk_rtree.c 2009-02-06 18:40:04 UTC (rev 21909) @@ -389,7 +389,7 @@ } /* Copy server realm "tweens" backward. */ for (twp = &stweens[nstween]; twp-- > stweens;) { - krb5int_copy_data_contents(context, twp, rp++); + retval = krb5int_copy_data_contents(context, twp, rp++); if (retval) goto error; } error: From ghudson at MIT.EDU Fri Feb 6 14:18:21 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Fri, 6 Feb 2009 14:18:21 -0500 (EST) Subject: svn rev #21910: trunk/src/lib/krb5/unicode/ure/ Message-ID: <200902061918.OAA17693@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21910 Commit By: ghudson Log Message: Pass the correct width argument to fprintf for URE_CHAR in ure_write_dfa. Changed Files: U trunk/src/lib/krb5/unicode/ure/ure.c Modified: trunk/src/lib/krb5/unicode/ure/ure.c =================================================================== --- trunk/src/lib/krb5/unicode/ure/ure.c 2009-02-06 18:40:04 UTC (rev 21909) +++ trunk/src/lib/krb5/unicode/ure/ure.c 2009-02-06 19:18:20 UTC (rev 21910) @@ -1918,7 +1918,8 @@ l = (ucs2_t) (((sym->sym.chr - 0x10000) & 1023) + 0xdc00); fprintf(out, "\\x%04hX\\x%04hX ", h, l); } else - fprintf(out, "\\x%04lX ", sym->sym.chr & 0xffff); + fprintf(out, "\\x%04lX ", + (unsigned long)(sym->sym.chr & 0xffff)); break; case _URE_ANY_CHAR: fprintf(out, " "); From ghudson at MIT.EDU Fri Feb 6 14:46:41 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Fri, 6 Feb 2009 14:46:41 -0500 (EST) Subject: svn rev #21911: trunk/src/lib/krb5/unicode/ure/ Message-ID: <200902061946.OAA19287@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21911 Commit By: ghudson Log Message: Fix whitespace on previous commit to ure.c. Correct two other cases where %lX was used with a krb5_ui_4 type argument without a cast to unsigned long. Changed Files: U trunk/src/lib/krb5/unicode/ure/ure.c Modified: trunk/src/lib/krb5/unicode/ure/ure.c =================================================================== --- trunk/src/lib/krb5/unicode/ure/ure.c 2009-02-06 19:18:20 UTC (rev 21910) +++ trunk/src/lib/krb5/unicode/ure/ure.c 2009-02-06 19:46:40 UTC (rev 21911) @@ -1878,7 +1878,8 @@ l = (ucs2_t) (((rp->min_code - 0x10000) & 1023) + 0xdc00); fprintf(out, "\\x%04hX\\x%04hX", h, l); } else - fprintf(out, "\\x%04lX", rp->min_code & 0xffff); + fprintf(out, "\\x%04lX", + (unsigned long)(rp->min_code & 0xffff)); if (rp->max_code != rp->min_code) { putc('-', out); if (rp->max_code >= 0x10000 && @@ -1887,7 +1888,8 @@ l = (ucs2_t) (((rp->max_code - 0x10000) & 1023) + 0xdc00); fprintf(out, "\\x%04hX\\x%04hX", h, l); } else - fprintf(out, "\\x%04lX", rp->max_code & 0xffff); + fprintf(out, "\\x%04lX", + (unsigned long)(rp->max_code & 0xffff)); } } if (sym->sym.ccl.ranges_used > 0) @@ -1918,8 +1920,8 @@ l = (ucs2_t) (((sym->sym.chr - 0x10000) & 1023) + 0xdc00); fprintf(out, "\\x%04hX\\x%04hX ", h, l); } else - fprintf(out, "\\x%04lX ", - (unsigned long)(sym->sym.chr & 0xffff)); + fprintf(out, "\\x%04lX ", + (unsigned long)(sym->sym.chr & 0xffff)); break; case _URE_ANY_CHAR: fprintf(out, " "); From ghudson at MIT.EDU Fri Feb 6 15:43:48 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Fri, 6 Feb 2009 15:43:48 -0500 (EST) Subject: svn rev #21912: trunk/src/lib/krb5/krb/ Message-ID: <200902062043.PAA20370@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21912 Commit By: ghudson Log Message: ticket: 6376 subject: Memory handling fixes in walk_rtree tags: pullup target_version: 1.7 In walk_rtree's rtree_hier_tree, don't leak the result of rtree_hier_realms. In rtree_hier_realms, avoid freeing one too many krb5_data contents on allocation failure, and use the recommend pattern to ensure well-defined output parameter values. Changed Files: U trunk/src/lib/krb5/krb/walk_rtree.c Modified: trunk/src/lib/krb5/krb/walk_rtree.c =================================================================== --- trunk/src/lib/krb5/krb/walk_rtree.c 2009-02-06 19:46:40 UTC (rev 21911) +++ trunk/src/lib/krb5/krb/walk_rtree.c 2009-02-06 20:43:44 UTC (rev 21912) @@ -74,6 +74,12 @@ size_t *nrealms, int sep); +static void +free_realmlist( + krb5_context context, + krb5_data *realms, + size_t nrealms); + static krb5_error_code rtree_hier_tweens( krb5_context context, @@ -333,12 +339,14 @@ srcrealm = dstrealm; } *rettree = tree; + free_realmlist(context, realms, nrealms); return 0; error: while (pprinc != NULL && pprinc > tree) { krb5_free_principal(context, *--pprinc); *pprinc = NULL; } + free_realmlist(context, realms, nrealms); free(tree); return retval; } @@ -360,6 +368,9 @@ krb5_data *ctweens, *stweens, *twp, *r, *rp; size_t nctween, nstween; + *realms = NULL; + *nrealms = 0; + r = rp = NULL; c.str = client->data; c.len = client->length; @@ -376,37 +387,48 @@ retval = rtree_hier_tweens(context, &s, &stweens, &nstween, 0, sep); if (retval) goto error; - *nrealms = nctween + nstween; - rp = r = calloc(*nrealms, sizeof(krb5_data)); + rp = r = calloc(nctween + nstween, sizeof(krb5_data)); if (r == NULL) { retval = ENOMEM; goto error; } /* Copy client realm "tweens" forward. */ for (twp = ctweens; twp < &ctweens[nctween]; twp++) { - retval = krb5int_copy_data_contents(context, twp, rp++); + retval = krb5int_copy_data_contents(context, twp, rp); if (retval) goto error; + rp++; } /* Copy server realm "tweens" backward. */ for (twp = &stweens[nstween]; twp-- > stweens;) { - retval = krb5int_copy_data_contents(context, twp, rp++); + retval = krb5int_copy_data_contents(context, twp, rp); if (retval) goto error; + rp++; } error: + free(ctweens); + free(stweens); if (retval) { - *nrealms = 0; - while (rp > r) { - krb5_free_data_contents(context, --rp); - } - free(r); - r = NULL; + free_realmlist(context, r, rp - r); + return retval; } - free(ctweens); - free(stweens); *realms = r; - return retval; + *nrealms = rp - r; + return 0; } +static void +free_realmlist( + krb5_context context, + krb5_data *realms, + size_t nrealms) +{ + size_t i; + + for (i = 0; i < nrealms; i++) + krb5_free_data_contents(context, &realms[i]); + free(realms); +} + /* * Build a list of realms between a given realm and the common * suffix. The original realm is included, but the "tail" is only From raeburn at MIT.EDU Mon Feb 9 10:58:01 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 10:58:01 -0500 (EST) Subject: svn rev #21913: trunk/src/ Message-ID: <200902091558.KAA09045@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21913 Commit By: raeburn Log Message: For Sun CC, create one errwarn arg with commas instead of multiple. Changed Files: U trunk/src/aclocal.m4 Modified: trunk/src/aclocal.m4 =================================================================== --- trunk/src/aclocal.m4 2009-02-06 20:43:44 UTC (rev 21912) +++ trunk/src/aclocal.m4 2009-02-09 15:57:58 UTC (rev 21913) @@ -664,7 +664,7 @@ # works, but it also means that declaration-in-code warnings won't # be issued. # -v -fd -errwarn=E_DECLARATION_IN_CODE ... - WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION -errwarn=E_BAD_PTR_INT_COMB_ARG -errwarn=E_PTR_TO_VOID_IN_ARITHMETIC" + WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION,E_BAD_PTR_INT_COMB_ARG,E_PTR_TO_VOID_IN_ARITHMETIC" WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64" fi fi From raeburn at MIT.EDU Mon Feb 9 11:07:43 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 11:07:43 -0500 (EST) Subject: svn rev #21914: trunk/src/lib/crypto/aes/ Message-ID: <200902091607.LAA09360@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21914 Commit By: raeburn Log Message: use unsigned value for shifting, avoiding undefined behavior Changed Files: U trunk/src/lib/crypto/aes/aes_s2k.c Modified: trunk/src/lib/crypto/aes/aes_s2k.c =================================================================== --- trunk/src/lib/crypto/aes/aes_s2k.c 2009-02-09 15:57:58 UTC (rev 21913) +++ trunk/src/lib/crypto/aes/aes_s2k.c 2009-02-09 16:07:42 UTC (rev 21914) @@ -53,7 +53,7 @@ /* The first two need casts in case 'int' is 16 bits. */ iter_count = load_32_be(p); if (iter_count == 0) { - iter_count = (1L << 16) << 16; + iter_count = (1UL << 16) << 16; if (((iter_count >> 16) >> 16) != 1) return KRB5_ERR_BAD_S2K_PARAMS; } From raeburn at MIT.EDU Mon Feb 9 11:14:39 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 11:14:39 -0500 (EST) Subject: svn rev #21915: trunk/src/appl/telnet/telnetd/ Message-ID: <200902091614.LAA09547@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21915 Commit By: raeburn Log Message: Supply missing fn declarations. Changed Files: U trunk/src/appl/telnet/telnetd/ext.h U trunk/src/appl/telnet/telnetd/termio-tn.c U trunk/src/appl/telnet/telnetd/termios-tn.c Modified: trunk/src/appl/telnet/telnetd/ext.h =================================================================== --- trunk/src/appl/telnet/telnetd/ext.h 2009-02-09 16:07:42 UTC (rev 21914) +++ trunk/src/appl/telnet/telnetd/ext.h 2009-02-09 16:14:38 UTC (rev 21915) @@ -170,7 +170,9 @@ tty_israw (void), tty_issofttab (void), tty_istrapsig (void), - tty_linemode (void); + tty_linemode (void), + readstream_termio(int, char *, char *, char *, int *), + readstream_termios(int, char *, char *, char *, int *); extern void tty_rspeed (int), Modified: trunk/src/appl/telnet/telnetd/termio-tn.c =================================================================== --- trunk/src/appl/telnet/telnetd/termio-tn.c 2009-02-09 16:07:42 UTC (rev 21914) +++ trunk/src/appl/telnet/telnetd/termio-tn.c 2009-02-09 16:14:38 UTC (rev 21915) @@ -6,6 +6,9 @@ #include #include +#include "defs.h" +#include "ext.h" + int readstream_termio(cmd, ibuf, vstop, vstart, ixon) int cmd; char *ibuf; Modified: trunk/src/appl/telnet/telnetd/termios-tn.c =================================================================== --- trunk/src/appl/telnet/telnetd/termios-tn.c 2009-02-09 16:07:42 UTC (rev 21914) +++ trunk/src/appl/telnet/telnetd/termios-tn.c 2009-02-09 16:14:38 UTC (rev 21915) @@ -9,6 +9,9 @@ #include #endif +#include "defs.h" +#include "ext.h" + int readstream_termios(cmd, ibuf, vstop, vstart, ixon) int cmd; char *ibuf; From raeburn at MIT.EDU Mon Feb 9 11:15:52 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 11:15:52 -0500 (EST) Subject: svn rev #21916: trunk/src/ Message-ID: <200902091615.LAA09660@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21916 Commit By: raeburn Log Message: For Sun CC, also make implicit function declarations into errors. Changed Files: U trunk/src/aclocal.m4 Modified: trunk/src/aclocal.m4 =================================================================== --- trunk/src/aclocal.m4 2009-02-09 16:14:38 UTC (rev 21915) +++ trunk/src/aclocal.m4 2009-02-09 16:15:51 UTC (rev 21916) @@ -664,7 +664,7 @@ # works, but it also means that declaration-in-code warnings won't # be issued. # -v -fd -errwarn=E_DECLARATION_IN_CODE ... - WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION,E_BAD_PTR_INT_COMB_ARG,E_PTR_TO_VOID_IN_ARITHMETIC" + WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION,E_BAD_PTR_INT_COMB_ARG,E_PTR_TO_VOID_IN_ARITHMETIC,E_NO_IMPLICIT_DECL_ALLOWED" WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64" fi fi From raeburn at MIT.EDU Mon Feb 9 11:28:30 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 11:28:30 -0500 (EST) Subject: svn rev #21917: trunk/src/include/ Message-ID: <200902091628.LAA09940@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21917 Commit By: raeburn Log Message: C++ compatibility fix -- g++ says "types may not be defined in casts", so do the gcc unaligned-struct trick only for C, not C++. Changed Files: U trunk/src/include/k5-platform.h Modified: trunk/src/include/k5-platform.h =================================================================== --- trunk/src/include/k5-platform.h 2009-02-09 16:15:51 UTC (rev 21916) +++ trunk/src/include/k5-platform.h 2009-02-09 16:28:29 UTC (rev 21917) @@ -539,9 +539,9 @@ store_16_be (unsigned int val, void *vp) { unsigned char *p = (unsigned char *) vp; -#if defined(__GNUC__) && defined(K5_BE) +#if defined(__GNUC__) && defined(K5_BE) && !defined(__cplusplus) PUT(16,p,val); -#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP16) +#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP16) && !defined(__cplusplus) PUTSWAPPED(16,p,val); #else p[0] = (val >> 8) & 0xff; @@ -552,9 +552,9 @@ store_32_be (unsigned int val, void *vp) { unsigned char *p = (unsigned char *) vp; -#if defined(__GNUC__) && defined(K5_BE) +#if defined(__GNUC__) && defined(K5_BE) && !defined(__cplusplus) PUT(32,p,val); -#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP32) +#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP32) && !defined(__cplusplus) PUTSWAPPED(32,p,val); #else p[0] = (val >> 24) & 0xff; @@ -567,9 +567,9 @@ store_64_be (UINT64_TYPE val, void *vp) { unsigned char *p = (unsigned char *) vp; -#if defined(__GNUC__) && defined(K5_BE) +#if defined(__GNUC__) && defined(K5_BE) && !defined(__cplusplus) PUT(64,p,val); -#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP64) +#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP64) && !defined(__cplusplus) PUTSWAPPED(64,p,val); #else p[0] = (unsigned char)((val >> 56) & 0xff); @@ -586,9 +586,9 @@ load_16_be (const void *cvp) { const unsigned char *p = (const unsigned char *) cvp; -#if defined(__GNUC__) && defined(K5_BE) +#if defined(__GNUC__) && defined(K5_BE) && !defined(__cplusplus) return GET(16,p); -#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP16) +#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP16) && !defined(__cplusplus) return GETSWAPPED(16,p); #else return (p[1] | (p[0] << 8)); @@ -598,9 +598,9 @@ load_32_be (const void *cvp) { const unsigned char *p = (const unsigned char *) cvp; -#if defined(__GNUC__) && defined(K5_BE) +#if defined(__GNUC__) && defined(K5_BE) && !defined(__cplusplus) return GET(32,p); -#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP32) +#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP32) && !defined(__cplusplus) return GETSWAPPED(32,p); #else return (p[3] | (p[2] << 8) @@ -612,9 +612,9 @@ load_64_be (const void *cvp) { const unsigned char *p = (const unsigned char *) cvp; -#if defined(__GNUC__) && defined(K5_BE) +#if defined(__GNUC__) && defined(K5_BE) && !defined(__cplusplus) return GET(64,p); -#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP64) +#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP64) && !defined(__cplusplus) return GETSWAPPED(64,p); #else return ((UINT64_TYPE)load_32_be(p) << 32) | load_32_be(p+4); @@ -624,9 +624,9 @@ store_16_le (unsigned int val, void *vp) { unsigned char *p = (unsigned char *) vp; -#if defined(__GNUC__) && defined(K5_LE) +#if defined(__GNUC__) && defined(K5_LE) && !defined(__cplusplus) PUT(16,p,val); -#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP16) +#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP16) && !defined(__cplusplus) PUTSWAPPED(16,p,val); #else p[1] = (val >> 8) & 0xff; @@ -637,9 +637,9 @@ store_32_le (unsigned int val, void *vp) { unsigned char *p = (unsigned char *) vp; -#if defined(__GNUC__) && defined(K5_LE) +#if defined(__GNUC__) && defined(K5_LE) && !defined(__cplusplus) PUT(32,p,val); -#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP32) +#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP32) && !defined(__cplusplus) PUTSWAPPED(32,p,val); #else p[3] = (val >> 24) & 0xff; @@ -652,9 +652,9 @@ store_64_le (UINT64_TYPE val, void *vp) { unsigned char *p = (unsigned char *) vp; -#if defined(__GNUC__) && defined(K5_LE) +#if defined(__GNUC__) && defined(K5_LE) && !defined(__cplusplus) PUT(64,p,val); -#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP64) +#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP64) && !defined(__cplusplus) PUTSWAPPED(64,p,val); #else p[7] = (unsigned char)((val >> 56) & 0xff); @@ -671,9 +671,9 @@ load_16_le (const void *cvp) { const unsigned char *p = (const unsigned char *) cvp; -#if defined(__GNUC__) && defined(K5_LE) +#if defined(__GNUC__) && defined(K5_LE) && !defined(__cplusplus) return GET(16,p); -#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP16) +#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP16) && !defined(__cplusplus) return GETSWAPPED(16,p); #else return (p[0] | (p[1] << 8)); @@ -683,9 +683,9 @@ load_32_le (const void *cvp) { const unsigned char *p = (const unsigned char *) cvp; -#if defined(__GNUC__) && defined(K5_LE) +#if defined(__GNUC__) && defined(K5_LE) && !defined(__cplusplus) return GET(32,p); -#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP32) +#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP32) && !defined(__cplusplus) return GETSWAPPED(32,p); #else return (p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24)); @@ -695,9 +695,9 @@ load_64_le (const void *cvp) { const unsigned char *p = (const unsigned char *) cvp; -#if defined(__GNUC__) && defined(K5_LE) +#if defined(__GNUC__) && defined(K5_LE) && !defined(__cplusplus) return GET(64,p); -#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP64) +#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP64) && !defined(__cplusplus) return GETSWAPPED(64,p); #else return ((UINT64_TYPE)load_32_le(p+4) << 32) | load_32_le(p); From raeburn at MIT.EDU Mon Feb 9 11:35:03 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 11:35:03 -0500 (EST) Subject: svn rev #21918: trunk/src/ include/ util/support/ Message-ID: <200902091635.LAA10136@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21918 Commit By: raeburn Log Message: More C++ compatibility: Don't use "typedef struct tag *tag"; rename the tag and keep the same typedefname. Changed Files: U trunk/src/include/k5-int.h U trunk/src/include/k5-ipc_stream.h U trunk/src/util/support/ipc_stream.c Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-02-09 16:28:29 UTC (rev 21917) +++ trunk/src/include/k5-int.h 2009-02-09 16:35:01 UTC (rev 21918) @@ -2123,11 +2123,11 @@ /* * Per-type ccache cursor. */ -struct krb5_cc_ptcursor { +struct krb5_cc_ptcursor_s { const struct _krb5_cc_ops *ops; krb5_pointer data; }; -typedef struct krb5_cc_ptcursor *krb5_cc_ptcursor; +typedef struct krb5_cc_ptcursor_s *krb5_cc_ptcursor; struct _krb5_cc_ops { krb5_magic magic; Modified: trunk/src/include/k5-ipc_stream.h =================================================================== --- trunk/src/include/k5-ipc_stream.h 2009-02-09 16:28:29 UTC (rev 21917) +++ trunk/src/include/k5-ipc_stream.h 2009-02-09 16:35:01 UTC (rev 21918) @@ -29,8 +29,8 @@ #include "k5-platform.h" -struct k5_ipc_stream; -typedef struct k5_ipc_stream *k5_ipc_stream; +struct k5_ipc_stream_s; +typedef struct k5_ipc_stream_s *k5_ipc_stream; int32_t k5_ipc_stream_new (k5_ipc_stream *out_stream); Modified: trunk/src/util/support/ipc_stream.c =================================================================== --- trunk/src/util/support/ipc_stream.c 2009-02-09 16:28:29 UTC (rev 21917) +++ trunk/src/util/support/ipc_stream.c 2009-02-09 16:35:01 UTC (rev 21918) @@ -1,7 +1,7 @@ /* * $Header$ * - * Copyright 2006, 2007 Massachusetts Institute of Technology. + * Copyright 2006, 2007, 2009 Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -37,13 +37,13 @@ /* Add debugging later */ #define k5_check_error(x) (x) -struct k5_ipc_stream { +struct k5_ipc_stream_s { char *data; uint64_t size; uint64_t max_size; }; -const struct k5_ipc_stream k5_ipc_stream_initializer = { NULL, 0, 0 }; +const struct k5_ipc_stream_s k5_ipc_stream_initializer = { NULL, 0, 0 }; #define K5_IPC_STREAM_SIZE_INCREMENT 128 From raeburn at MIT.EDU Mon Feb 9 11:36:11 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 11:36:11 -0500 (EST) Subject: svn rev #21919: trunk/src/tests/misc/ Message-ID: <200902091636.LAA10247@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21919 Commit By: raeburn Log Message: Check C++ compatibility for some internal headers that may (now or in the future) be used in C++ code on Windows. Changed Files: U trunk/src/tests/misc/Makefile.in A trunk/src/tests/misc/test_cxx_k5int.cpp Modified: trunk/src/tests/misc/Makefile.in =================================================================== --- trunk/src/tests/misc/Makefile.in 2009-02-09 16:35:01 UTC (rev 21918) +++ trunk/src/tests/misc/Makefile.in 2009-02-09 16:36:09 UTC (rev 21919) @@ -11,14 +11,16 @@ $(srcdir)/test_getpw.c \ $(srcdir)/test_getsockname.c \ $(srcdir)/test_cxx_krb5.cpp \ + $(srcdir)/test_cxx_k5int.cpp \ $(srcdir)/test_cxx_gss.cpp \ $(srcdir)/test_cxx_rpc.cpp all:: test_getpw -check:: test_getpw test_cxx_krb5 test_cxx_gss test_cxx_rpc +check:: test_getpw test_cxx_krb5 test_cxx_gss test_cxx_rpc test_cxx_k5int $(RUN_SETUP) $(VALGRIND) ./test_getpw $(RUN_SETUP) $(VALGRIND) ./test_cxx_krb5 + $(RUN_SETUP) $(VALGRIND) ./test_cxx_k5int $(RUN_SETUP) $(VALGRIND) ./test_cxx_gss $(RUN_SETUP) $(VALGRIND) ./test_cxx_rpc @@ -30,6 +32,8 @@ test_cxx_krb5: $(OUTPRE)test_cxx_krb5.$(OBJEXT) $(KRB5_DEPLIB) $(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_krb5 $(OUTPRE)test_cxx_krb5.$(OBJEXT) $(KRB5_BASE_LIBS) $(LIBS) +test_cxx_k5int: $(OUTPRE)test_cxx_k5int.$(OBJEXT) $(KRB5_DEPLIB) + $(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_k5int $(OUTPRE)test_cxx_k5int.$(OBJEXT) $(KRB5_BASE_LIBS) $(LIBS) test_cxx_gss: $(OUTPRE)test_cxx_gss.$(OBJEXT) $(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_gss $(OUTPRE)test_cxx_gss.$(OBJEXT) $(LIBS) test_cxx_rpc: $(OUTPRE)test_cxx_rpc.$(OBJEXT) $(GSSRPC_DEPLIBS) Added: trunk/src/tests/misc/test_cxx_k5int.cpp =================================================================== --- trunk/src/tests/misc/test_cxx_k5int.cpp 2009-02-09 16:35:01 UTC (rev 21918) +++ trunk/src/tests/misc/test_cxx_k5int.cpp 2009-02-09 16:36:09 UTC (rev 21919) @@ -0,0 +1,19 @@ +// Test that the krb5 internal headers are compatible with C++ code. +// (Some Windows-specific code is in C++ in this source tree.) + +#include +#include "k5-int.h" +#include "k5-ipc_stream.h" +#include "k5-utf8.h" + +int main (int argc, char *argv[]) +{ + krb5_context ctx; + + if (krb5_init_context(&ctx) != 0) { + printf("krb5_init_context returned an error\n"); + return 1; + } + printf("hello, world\n"); + return 0; +} From raeburn at MIT.EDU Mon Feb 9 12:53:28 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 12:53:28 -0500 (EST) Subject: svn rev #21920: trunk/src/lib/krb5/ krb/ os/ Message-ID: <200902091753.MAA11619@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21920 Commit By: raeburn Log Message: ticket: 6377 subject: make krb5_free_* functions ignore NULL This makes them safer to call in various contexts where NULL may leak through, and makes analysis easier. Also, remove some checks for NULL before calling a free routine that will also check for NULL. Changed Files: U trunk/src/lib/krb5/krb/free_rtree.c U trunk/src/lib/krb5/krb/init_ctx.c U trunk/src/lib/krb5/krb/kfree.c U trunk/src/lib/krb5/krb/preauth2.c U trunk/src/lib/krb5/os/free_krbhs.c U trunk/src/lib/krb5/os/promptusr.c Modified: trunk/src/lib/krb5/krb/free_rtree.c =================================================================== --- trunk/src/lib/krb5/krb/free_rtree.c 2009-02-09 16:36:09 UTC (rev 21919) +++ trunk/src/lib/krb5/krb/free_rtree.c 2009-02-09 17:53:21 UTC (rev 21920) @@ -33,6 +33,8 @@ krb5_free_realm_tree(krb5_context context, krb5_principal *realms) { register krb5_principal *nrealms = realms; + if (realms == NULL) + return; while (*nrealms) { krb5_free_principal(context, *nrealms); nrealms++; Modified: trunk/src/lib/krb5/krb/init_ctx.c =================================================================== --- trunk/src/lib/krb5/krb/init_ctx.c 2009-02-09 16:36:09 UTC (rev 21919) +++ trunk/src/lib/krb5/krb/init_ctx.c 2009-02-09 17:53:21 UTC (rev 21920) @@ -254,23 +254,16 @@ void KRB5_CALLCONV krb5_free_context(krb5_context ctx) { + if (ctx == NULL) + return; krb5_os_free_context(ctx); - if (ctx->in_tkt_ktypes) { - free(ctx->in_tkt_ktypes); - ctx->in_tkt_ktypes = 0; - } - - if (ctx->tgs_ktypes) { - free(ctx->tgs_ktypes); - ctx->tgs_ktypes = 0; - } - - if (ctx->default_realm) { - free(ctx->default_realm); - ctx->default_realm = 0; - } - + free(ctx->in_tkt_ktypes); + ctx->in_tkt_ktypes = 0; + free(ctx->tgs_ktypes); + ctx->tgs_ktypes = 0; + free(ctx->default_realm); + ctx->default_realm = 0; if (ctx->ser_ctx_count && ctx->ser_ctx) { free(ctx->ser_ctx); ctx->ser_ctx = 0; Modified: trunk/src/lib/krb5/krb/kfree.c =================================================================== --- trunk/src/lib/krb5/krb/kfree.c 2009-02-09 16:36:09 UTC (rev 21919) +++ trunk/src/lib/krb5/krb/kfree.c 2009-02-09 17:53:21 UTC (rev 21920) @@ -1,7 +1,7 @@ /* * lib/krb5/free/f_addr.c * - * Copyright 1990-1998 by the Massachusetts Institute of Technology. + * Copyright 1990-1998, 2009 by the Massachusetts Institute of Technology. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -58,6 +58,8 @@ void KRB5_CALLCONV krb5_free_address(krb5_context context, krb5_address *val) { + if (val == NULL) + return; if (val->contents) free(val->contents); free(val); @@ -68,9 +70,10 @@ { register krb5_address **temp; + if (val == NULL) + return; for (temp = val; *temp; temp++) { - if ((*temp)->contents) - free((*temp)->contents); + free((*temp)->contents); free(*temp); } free(val); @@ -80,48 +83,44 @@ void KRB5_CALLCONV krb5_free_ap_rep(krb5_context context, register krb5_ap_rep *val) { - if (val->enc_part.ciphertext.data) - free(val->enc_part.ciphertext.data); + if (val == NULL) + return; + free(val->enc_part.ciphertext.data); free(val); } void KRB5_CALLCONV krb5_free_ap_req(krb5_context context, register krb5_ap_req *val) { - if (val->ticket) - krb5_free_ticket(context, val->ticket); - if (val->authenticator.ciphertext.data) - free(val->authenticator.ciphertext.data); + if (val == NULL) + return; + krb5_free_ticket(context, val->ticket); + free(val->authenticator.ciphertext.data); free(val); } void KRB5_CALLCONV krb5_free_ap_rep_enc_part(krb5_context context, krb5_ap_rep_enc_part *val) { - if (val->subkey) - krb5_free_keyblock(context, val->subkey); + if (val == NULL) + return; + krb5_free_keyblock(context, val->subkey); free(val); } void KRB5_CALLCONV krb5_free_authenticator_contents(krb5_context context, krb5_authenticator *val) { - if (val->checksum) { - krb5_free_checksum(context, val->checksum); - val->checksum = 0; - } - if (val->client) { - krb5_free_principal(context, val->client); - val->client = 0; - } - if (val->subkey) { - krb5_free_keyblock(context, val->subkey); - val->subkey = 0; - } - if (val->authorization_data) { - krb5_free_authdata(context, val->authorization_data); - val->authorization_data = 0; - } + if (val == NULL) + return; + krb5_free_checksum(context, val->checksum); + val->checksum = 0; + krb5_free_principal(context, val->client); + val->client = 0; + krb5_free_keyblock(context, val->subkey); + val->subkey = 0; + krb5_free_authdata(context, val->authorization_data); + val->authorization_data = 0; } void KRB5_CALLCONV @@ -129,9 +128,10 @@ { register krb5_authdata **temp; + if (val == NULL) + return; for (temp = val; *temp; temp++) { - if ((*temp)->contents) - free((*temp)->contents); + free((*temp)->contents); free(*temp); } free(val); @@ -140,6 +140,8 @@ void KRB5_CALLCONV krb5_free_authenticator(krb5_context context, krb5_authenticator *val) { + if (val == NULL) + return; krb5_free_authenticator_contents(context, val); free(val); } @@ -147,6 +149,8 @@ void KRB5_CALLCONV krb5_free_checksum(krb5_context context, register krb5_checksum *val) { + if (val == NULL) + return; krb5_free_checksum_contents(context, val); free(val); } @@ -154,19 +158,19 @@ void KRB5_CALLCONV krb5_free_checksum_contents(krb5_context context, register krb5_checksum *val) { - if (val->contents) { - free(val->contents); - val->contents = 0; - } + if (val == NULL) + return; + free(val->contents); + val->contents = 0; } void KRB5_CALLCONV krb5_free_cred(krb5_context context, register krb5_cred *val) { - if (val->tickets) - krb5_free_tickets(context, val->tickets); - if (val->enc_part.ciphertext.data) - free(val->enc_part.ciphertext.data); + if (val == NULL) + return; + krb5_free_tickets(context, val->tickets); + free(val->enc_part.ciphertext.data); free(val); } @@ -178,35 +182,25 @@ void KRB5_CALLCONV krb5_free_cred_contents(krb5_context context, krb5_creds *val) { - if (val->client) { - krb5_free_principal(context, val->client); - val->client = 0; - } - if (val->server) { - krb5_free_principal(context, val->server); - val->server = 0; - } + if (val == NULL) + return; + krb5_free_principal(context, val->client); + val->client = 0; + krb5_free_principal(context, val->server); + val->server = 0; if (val->keyblock.contents) { memset(val->keyblock.contents, 0, val->keyblock.length); free(val->keyblock.contents); val->keyblock.contents = 0; } - if (val->ticket.data) { - free(val->ticket.data); - val->ticket.data = 0; - } - if (val->second_ticket.data) { - free(val->second_ticket.data); - val->second_ticket.data = 0; - } - if (val->addresses) { - krb5_free_addresses(context, val->addresses); - val->addresses = 0; - } - if (val->authdata) { - krb5_free_authdata(context, val->authdata); - val->authdata = 0; - } + free(val->ticket.data); + val->ticket.data = 0; + free(val->second_ticket.data); + val->second_ticket.data = 0; + krb5_free_addresses(context, val->addresses); + val->addresses = 0; + krb5_free_authdata(context, val->authdata); + val->authdata = 0; } void KRB5_CALLCONV @@ -214,26 +208,20 @@ { register krb5_cred_info **temp; - if (val->r_address) { - krb5_free_address(context, val->r_address); - val->r_address = 0; - } - if (val->s_address) { - krb5_free_address(context, val->s_address); - val->s_address = 0; - } + if (val == NULL) + return; + krb5_free_address(context, val->r_address); + val->r_address = 0; + krb5_free_address(context, val->s_address); + val->s_address = 0; if (val->ticket_info) { for (temp = val->ticket_info; *temp; temp++) { - if ((*temp)->session) - krb5_free_keyblock(context, (*temp)->session); - if ((*temp)->client) - krb5_free_principal(context, (*temp)->client); - if ((*temp)->server) - krb5_free_principal(context, (*temp)->server); - if ((*temp)->caddrs) - krb5_free_addresses(context, (*temp)->caddrs); - free((*temp)); + krb5_free_keyblock(context, (*temp)->session); + krb5_free_principal(context, (*temp)->client); + krb5_free_principal(context, (*temp)->server); + krb5_free_addresses(context, (*temp)->caddrs); + free(*temp); } free(val->ticket_info); val->ticket_info = 0; @@ -244,6 +232,8 @@ void KRB5_CALLCONV krb5_free_creds(krb5_context context, krb5_creds *val) { + if (val == NULL) + return; krb5_free_cred_contents(context, val); free(val); } @@ -252,14 +242,17 @@ void KRB5_CALLCONV krb5_free_data(krb5_context context, krb5_data *val) { - if (val->data) - free(val->data); + if (val == NULL) + return; + free(val->data); free(val); } void KRB5_CALLCONV krb5_free_data_contents(krb5_context context, krb5_data *val) { + if (val == NULL) + return; if (val->data) { free(val->data); val->data = 0; @@ -268,45 +261,41 @@ void krb5_free_etype_info(krb5_context context, krb5_etype_info info) { - int i; + int i; - for(i=0; info[i] != NULL; i++) { - if (info[i]->salt) - free(info[i]->salt); - krb5_free_data_contents( context, &info[i]->s2kparams); - free(info[i]); - } - free(info); + if (info == NULL) + return; + for (i=0; info[i] != NULL; i++) { + free(info[i]->salt); + krb5_free_data_contents(context, &info[i]->s2kparams); + free(info[i]); + } + free(info); } void KRB5_CALLCONV krb5_free_enc_kdc_rep_part(krb5_context context, register krb5_enc_kdc_rep_part *val) { - if (val->session) - krb5_free_keyblock(context, val->session); - if (val->last_req) - krb5_free_last_req(context, val->last_req); - if (val->server) - krb5_free_principal(context, val->server); - if (val->caddrs) - krb5_free_addresses(context, val->caddrs); + if (val == NULL) + return; + krb5_free_keyblock(context, val->session); + krb5_free_last_req(context, val->last_req); + krb5_free_principal(context, val->server); + krb5_free_addresses(context, val->caddrs); free(val); } void KRB5_CALLCONV krb5_free_enc_tkt_part(krb5_context context, krb5_enc_tkt_part *val) { - if (val->session) - krb5_free_keyblock(context, val->session); - if (val->client) - krb5_free_principal(context, val->client); - if (val->transited.tr_contents.data) - free(val->transited.tr_contents.data); - if (val->caddrs) - krb5_free_addresses(context, val->caddrs); - if (val->authorization_data) - krb5_free_authdata(context, val->authorization_data); + if (val == NULL) + return; + krb5_free_keyblock(context, val->session); + krb5_free_principal(context, val->client); + free(val->transited.tr_contents.data); + krb5_free_addresses(context, val->caddrs); + krb5_free_authdata(context, val->authorization_data); free(val); } @@ -314,30 +303,25 @@ void KRB5_CALLCONV krb5_free_error(krb5_context context, register krb5_error *val) { - if (val->client) - krb5_free_principal(context, val->client); - if (val->server) - krb5_free_principal(context, val->server); - if (val->text.data) - free(val->text.data); - if (val->e_data.data) - free(val->e_data.data); + if (val == NULL) + return; + krb5_free_principal(context, val->client); + krb5_free_principal(context, val->server); + free(val->text.data); + free(val->e_data.data); free(val); } void KRB5_CALLCONV krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *val) { - if (val->padata) - krb5_free_pa_data(context, val->padata); - if (val->client) - krb5_free_principal(context, val->client); - if (val->ticket) - krb5_free_ticket(context, val->ticket); - if (val->enc_part.ciphertext.data) - free(val->enc_part.ciphertext.data); - if (val->enc_part2) - krb5_free_enc_kdc_rep_part(context, val->enc_part2); + if (val == NULL) + return; + krb5_free_pa_data(context, val->padata); + krb5_free_principal(context, val->client); + krb5_free_ticket(context, val->ticket); + free(val->enc_part.ciphertext.data); + krb5_free_enc_kdc_rep_part(context, val->enc_part2); free(val); } @@ -345,22 +329,16 @@ void KRB5_CALLCONV krb5_free_kdc_req(krb5_context context, krb5_kdc_req *val) { - if (val->padata) - krb5_free_pa_data(context, val->padata); - if (val->client) - krb5_free_principal(context, val->client); - if (val->server) - krb5_free_principal(context, val->server); - if (val->ktype) - free(val->ktype); - if (val->addresses) - krb5_free_addresses(context, val->addresses); - if (val->authorization_data.ciphertext.data) - free(val->authorization_data.ciphertext.data); - if (val->unenc_authdata) - krb5_free_authdata(context, val->unenc_authdata); - if (val->second_ticket) - krb5_free_tickets(context, val->second_ticket); + if (val == NULL) + return; + krb5_free_pa_data(context, val->padata); + krb5_free_principal(context, val->client); + krb5_free_principal(context, val->server); + free(val->ktype); + krb5_free_addresses(context, val->addresses); + free(val->authorization_data.ciphertext.data); + krb5_free_authdata(context, val->unenc_authdata); + krb5_free_tickets(context, val->second_ticket); free(val); } @@ -383,6 +361,8 @@ { register krb5_last_req_entry **temp; + if (val == NULL) + return; for (temp = val; *temp; temp++) free(*temp); free(val); @@ -393,9 +373,10 @@ { register krb5_pa_data **temp; + if (val == NULL) + return; for (temp = val; *temp; temp++) { - if ((*temp)->contents) - free((*temp)->contents); + free((*temp)->contents); free(*temp); } free(val); @@ -415,36 +396,36 @@ free(krb5_princ_component(context, val, i)->data); free(val->data); } - if (val->realm.data) - free(val->realm.data); + free(val->realm.data); free(val); } void KRB5_CALLCONV krb5_free_priv(krb5_context context, register krb5_priv *val) { - if (val->enc_part.ciphertext.data) - free(val->enc_part.ciphertext.data); + if (val == NULL) + return; + free(val->enc_part.ciphertext.data); free(val); } void KRB5_CALLCONV krb5_free_priv_enc_part(krb5_context context, register krb5_priv_enc_part *val) { - if (val->user_data.data) - free(val->user_data.data); - if (val->r_address) - krb5_free_address(context, val->r_address); - if (val->s_address) - krb5_free_address(context, val->s_address); + if (val == NULL) + return; + free(val->user_data.data); + krb5_free_address(context, val->r_address); + krb5_free_address(context, val->s_address); free(val); } void KRB5_CALLCONV krb5_free_pwd_data(krb5_context context, krb5_pwd_data *val) { - if (val->element) - krb5_free_pwd_sequences(context, val->element); + if (val == NULL) + return; + krb5_free_pwd_sequences(context, val->element); free(val); } @@ -454,15 +435,13 @@ { register passwd_phrase_element **temp; + if (val == NULL) + return; for (temp = val; *temp; temp++) { - if ((*temp)->passwd) { - krb5_free_data(context, (*temp)->passwd); - (*temp)->passwd = 0; - } - if ((*temp)->phrase) { - krb5_free_data(context, (*temp)->phrase); - (*temp)->phrase = 0; - } + krb5_free_data(context, (*temp)->passwd); + (*temp)->passwd = 0; + krb5_free_data(context, (*temp)->phrase); + (*temp)->phrase = 0; free(*temp); } free(val); @@ -472,14 +451,12 @@ void KRB5_CALLCONV krb5_free_safe(krb5_context context, register krb5_safe *val) { - if (val->user_data.data) - free(val->user_data.data); - if (val->r_address) - krb5_free_address(context, val->r_address); - if (val->s_address) - krb5_free_address(context, val->s_address); - if (val->checksum) - krb5_free_checksum(context, val->checksum); + if (val == NULL) + return; + free(val->user_data.data); + krb5_free_address(context, val->r_address); + krb5_free_address(context, val->s_address); + krb5_free_checksum(context, val->checksum); free(val); } @@ -487,12 +464,11 @@ void KRB5_CALLCONV krb5_free_ticket(krb5_context context, krb5_ticket *val) { - if (val->server) - krb5_free_principal(context, val->server); - if (val->enc_part.ciphertext.data) - free(val->enc_part.ciphertext.data); - if (val->enc_part2) - krb5_free_enc_tkt_part(context, val->enc_part2); + if (val == NULL) + return; + krb5_free_principal(context, val->server); + free(val->enc_part.ciphertext.data); + krb5_free_enc_tkt_part(context, val->enc_part2); free(val); } @@ -501,6 +477,8 @@ { register krb5_ticket **temp; + if (val == NULL) + return; for (temp = val; *temp; temp++) krb5_free_ticket(context, *temp); free(val); @@ -511,6 +489,8 @@ krb5_free_tgt_creds(krb5_context context, krb5_creds **tgts) { register krb5_creds **tgtpp; + if (tgts == NULL) + return; for (tgtpp = tgts; *tgtpp; tgtpp++) krb5_free_creds(context, *tgtpp); free(tgts); @@ -519,18 +499,17 @@ void KRB5_CALLCONV krb5_free_tkt_authent(krb5_context context, krb5_tkt_authent *val) { - if (val->ticket) - krb5_free_ticket(context, val->ticket); - if (val->authenticator) - krb5_free_authenticator(context, val->authenticator); + if (val == NULL) + return; + krb5_free_ticket(context, val->ticket); + krb5_free_authenticator(context, val->authenticator); free(val); } void KRB5_CALLCONV krb5_free_unparsed_name(krb5_context context, char *val) { - if (val) - free(val); + free(val); } void KRB5_CALLCONV @@ -568,10 +547,8 @@ krb5_free_data_contents(ctx, &sc->sam_response_prompt); if (sc->sam_pk_for_sad.data) krb5_free_data_contents(ctx, &sc->sam_pk_for_sad); - if (sc->sam_cksum.contents) { - free(sc->sam_cksum.contents); - sc->sam_cksum.contents = 0; - } + free(sc->sam_cksum.contents); + sc->sam_cksum.contents = 0; } void KRB5_CALLCONV @@ -685,10 +662,8 @@ return; if (psr->sam_key.contents) krb5_free_keyblock_contents(ctx, &psr->sam_key); - if (psr->client) { - krb5_free_principal(ctx, psr->client); - psr->client = 0; - } + krb5_free_principal(ctx, psr->client); + psr->client = 0; if (psr->msd.data) krb5_free_data_contents(ctx, &psr->msd); } @@ -746,10 +721,8 @@ { if (req == NULL) return; - if (req->user != NULL) { - krb5_free_principal(context, req->user); - req->user = NULL; - } + krb5_free_principal(context, req->user); + req->user = NULL; krb5_free_checksum_contents(context, &req->cksum); krb5_free_data_contents(context, &req->auth_package); free(req); @@ -761,18 +734,12 @@ { if (ref == NULL) return; - if (ref->referred_realm) { - krb5_free_data(context, ref->referred_realm); - ref->referred_realm = NULL; - } - if (ref->true_principal_name != NULL) { - krb5_free_principal(context, ref->true_principal_name); - ref->true_principal_name = NULL; - } - if (ref->requested_principal_name != NULL) { - krb5_free_principal(context, ref->requested_principal_name); - ref->requested_principal_name = NULL; - } + krb5_free_data(context, ref->referred_realm); + ref->referred_realm = NULL; + krb5_free_principal(context, ref->true_principal_name); + ref->true_principal_name = NULL; + krb5_free_principal(context, ref->requested_principal_name); + ref->requested_principal_name = NULL; krb5_free_checksum_contents(context, &ref->rep_cksum); free(ref); } @@ -783,10 +750,8 @@ { if (ref == NULL) return; - if (ref->principal != NULL) { - krb5_free_principal(context, ref->principal); - ref->principal = NULL; - } + krb5_free_principal(context, ref->principal); + ref->principal = NULL; free(ref); } @@ -794,8 +759,6 @@ krb5_free_pa_pac_req(krb5_context context, krb5_pa_pac_req *req) { - if (req == NULL) - return; free(req); } @@ -804,8 +767,7 @@ krb5_etype_list *etypes) { if (etypes != NULL) { - if (etypes->etypes != NULL) - free(etypes->etypes); + free(etypes->etypes); free(etypes); } } Modified: trunk/src/lib/krb5/krb/preauth2.c =================================================================== --- trunk/src/lib/krb5/krb/preauth2.c 2009-02-09 16:36:09 UTC (rev 21919) +++ trunk/src/lib/krb5/krb/preauth2.c 2009-02-09 17:53:21 UTC (rev 21920) @@ -273,7 +273,7 @@ { int i; void *pctx; - if (context->preauth_context != NULL) { + if (context && context->preauth_context != NULL) { for (i = 0; i < context->preauth_context->n_modules; i++) { pctx = context->preauth_context->modules[i].plugin_context; if (context->preauth_context->modules[i].client_fini != NULL) { Modified: trunk/src/lib/krb5/os/free_krbhs.c =================================================================== --- trunk/src/lib/krb5/os/free_krbhs.c 2009-02-09 16:36:09 UTC (rev 21919) +++ trunk/src/lib/krb5/os/free_krbhs.c 2009-02-09 17:53:21 UTC (rev 21920) @@ -38,6 +38,8 @@ { register char * const *cp; + if (hostlist == NULL) + return; for (cp = hostlist; *cp; cp++) free(*cp); free((char *)hostlist); Modified: trunk/src/lib/krb5/os/promptusr.c =================================================================== --- trunk/src/lib/krb5/os/promptusr.c 2009-02-09 16:36:09 UTC (rev 21919) +++ trunk/src/lib/krb5/os/promptusr.c 2009-02-09 17:53:21 UTC (rev 21920) @@ -126,6 +126,8 @@ { krb5_uio p, next; + if (uio == NULL) + return; for (p = uio; p; p = next) { next = p->next; if (p->prompt && (p->flags & KRB5_UIO_FREE_PROMPT)) From raeburn at MIT.EDU Mon Feb 9 12:58:23 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 12:58:23 -0500 (EST) Subject: svn rev #21921: trunk/src/lib/krb5/os/ Message-ID: <200902091758.MAA11785@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21921 Commit By: raeburn Log Message: Remove unused file. Changed Files: D trunk/src/lib/krb5/os/promptusr.c Deleted: trunk/src/lib/krb5/os/promptusr.c From raeburn at MIT.EDU Mon Feb 9 13:13:09 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 13:13:09 -0500 (EST) Subject: svn rev #21922: trunk/src/lib/krb5/os/ Message-ID: <200902091813.NAA12168@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21922 Commit By: raeburn Log Message: ticket: 6377 Provide omitted return value in last change. Changed Files: U trunk/src/lib/krb5/os/free_krbhs.c Modified: trunk/src/lib/krb5/os/free_krbhs.c =================================================================== --- trunk/src/lib/krb5/os/free_krbhs.c 2009-02-09 17:58:22 UTC (rev 21921) +++ trunk/src/lib/krb5/os/free_krbhs.c 2009-02-09 18:13:08 UTC (rev 21922) @@ -39,7 +39,7 @@ register char * const *cp; if (hostlist == NULL) - return; + return 0; for (cp = hostlist; *cp; cp++) free(*cp); free((char *)hostlist); From ghudson at MIT.EDU Mon Feb 9 13:35:22 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 9 Feb 2009 13:35:22 -0500 (EST) Subject: svn rev #21923: trunk/src/ include/ lib/krb5/error_tables/ lib/krb5/unicode/ Message-ID: <200902091835.NAA12666@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21923 Commit By: ghudson Log Message: ticket: 6378 subject: Change contract of krb5int_utf8_normalize and fix memory leaks tags: pullup target_version: 1.7 Make krb5int_utf8_normalize return a krb5_error_code and always allocate a structure to be placed in the output parameter. Adjust the function structure to use a cleanup handler, fixing many memory leaks. Changed Files: U trunk/src/include/k5-unicode.h U trunk/src/lib/krb5/error_tables/krb5_err.et U trunk/src/lib/krb5/unicode/ucstr.c Modified: trunk/src/include/k5-unicode.h =================================================================== --- trunk/src/include/k5-unicode.h 2009-02-09 18:13:08 UTC (rev 21922) +++ trunk/src/include/k5-unicode.h 2009-02-09 18:35:19 UTC (rev 21923) @@ -117,9 +117,9 @@ #define KRB5_UTF8_ARG2NFC 0x4U #define KRB5_UTF8_APPROX 0x8U -krb5_data * krb5int_utf8_normalize( +krb5_error_code krb5int_utf8_normalize( krb5_data *, - krb5_data *, + krb5_data **, unsigned); int krb5int_utf8_normcmp( Modified: trunk/src/lib/krb5/error_tables/krb5_err.et =================================================================== --- trunk/src/lib/krb5/error_tables/krb5_err.et 2009-02-09 18:13:08 UTC (rev 21922) +++ trunk/src/lib/krb5/error_tables/krb5_err.et 2009-02-09 18:35:19 UTC (rev 21923) @@ -345,4 +345,6 @@ error_code KRB5_PLUGIN_NO_HANDLE, "Supplied data not handled by this plugin" error_code KRB5_PLUGIN_OP_NOTSUPP, "Plugin does not support the operaton" + +error_code KRB5_ERR_INVALID_UTF8, "Invalid UTF-8 string" end Modified: trunk/src/lib/krb5/unicode/ucstr.c =================================================================== --- trunk/src/lib/krb5/unicode/ucstr.c 2009-02-09 18:13:08 UTC (rev 21922) +++ trunk/src/lib/krb5/unicode/ucstr.c 2009-02-09 18:35:19 UTC (rev 21923) @@ -104,15 +104,17 @@ #define TOUPPER(c) (islower(c) ? toupper(c) : (c)) #define TOLOWER(c) (isupper(c) ? tolower(c) : (c)) -krb5_data * +krb5_error_code krb5int_utf8_normalize( krb5_data * data, - krb5_data * newdata, + krb5_data ** newdataptr, unsigned flags) { int i, j, len, clen, outpos, ucsoutlen, outsize, last; - char *out, *outtmp, *s; - krb5_ucs4 *ucs, *p, *ucsout; + char *out = NULL, *outtmp, *s; + krb5_ucs4 *ucs = NULL, *p, *ucsout = NULL; + krb5_data *newdata; + krb5_error_code retval = 0; static unsigned char mask[] = { 0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01}; @@ -120,17 +122,15 @@ unsigned casefold = flags & KRB5_UTF8_CASEFOLD; unsigned approx = flags & KRB5_UTF8_APPROX; - if (data == NULL) { - return NULL; - } + *newdataptr = NULL; + s = data->data; len = data->length; - if (!newdata) { - newdata = (krb5_data *) malloc(sizeof(*newdata)); - if (newdata == NULL) - return NULL; - } + newdata = malloc(sizeof(*newdata)); + if (newdata == NULL) + return ENOMEM; + /* * Should first check to see if string is already in proper normalized * form. This is almost as time consuming as the normalization though. @@ -140,9 +140,10 @@ if (KRB5_UTF8_ISASCII(s)) { if (casefold) { outsize = len + 7; - out = (char *) malloc(outsize); + out = malloc(outsize); if (out == NULL) { - return NULL; + retval = ENOMEM; + goto cleanup; } outpos = 0; @@ -151,10 +152,7 @@ } if (i == len) { out[outpos++] = TOLOWER(s[len - 1]); - out[outpos] = '\0'; - newdata->data = out; - newdata->length = outpos; - return newdata; + goto cleanup; } } else { for (i = 1; (i < len) && KRB5_UTF8_ISASCII(s + i); i++) { @@ -165,25 +163,29 @@ newdata->length = len; newdata->data = malloc(newdata->length + 1); if (newdata->data == NULL) { - return NULL; + retval = ENOMEM; + goto cleanup; } memcpy(newdata->data, s, len); newdata->data[len] = '\0'; - return newdata; + *newdataptr = newdata; + return 0; } outsize = len + 7; - out = (char *) malloc(outsize); + out = malloc(outsize); if (out == NULL) { - return NULL; + retval = ENOMEM; + goto cleanup; } outpos = i - 1; memcpy(out, s, outpos); } } else { outsize = len + 7; - out = (char *) malloc(outsize); + out = malloc(outsize); if (out == NULL) { - return NULL; + retval = ENOMEM; + goto cleanup; } outpos = 0; i = 0; @@ -191,8 +193,8 @@ p = ucs = malloc(len * sizeof(*ucs)); if (ucs == NULL) { - free(out); - return NULL; + retval = ENOMEM; + goto cleanup; } /* convert character before first non-ascii to ucs-4 */ if (i > 0) { @@ -206,9 +208,8 @@ while (i < len) { clen = KRB5_UTF8_CHARLEN2(s + i, clen); if (clen == 0) { - free(ucs); - free(out); - return NULL; + retval = KRB5_ERR_INVALID_UTF8; + goto cleanup; } if (clen == 1) { /* ascii */ @@ -218,9 +219,8 @@ i++; for (j = 1; j < clen; j++) { if ((s[i] & 0xc0) != 0x80) { - free(ucs); - free(out); - return NULL; + retval = KRB5_ERR_INVALID_UTF8; + goto cleanup; } *p <<= 6; *p |= s[i] & 0x3f; @@ -249,12 +249,10 @@ */ if (outsize - outpos < 7) { outsize = ucsoutlen - j + outpos + 6; - outtmp = (char *) realloc(out, outsize); + outtmp = realloc(out, outsize); if (outtmp == NULL) { - free(ucsout); - free(ucs); - free(out); - return NULL; + retval = ENOMEM; + goto cleanup; } out = outtmp; } @@ -273,11 +271,10 @@ /* Allocate more space in out if necessary */ if (len - i >= outsize - outpos) { outsize += 1 + ((len - i) - (outsize - outpos)); - outtmp = (char *) realloc(out, outsize); + outtmp = realloc(out, outsize); if (outtmp == NULL) { - free(ucs); - free(out); - return NULL; + retval = ENOMEM; + goto cleanup; } out = outtmp; } @@ -295,11 +292,19 @@ p = ucs + 1; } +cleanup: free(ucs); + free(ucsout); + if (retval) { + free(out); + free(newdata); + return retval; + } out[outpos] = '\0'; newdata->data = out; newdata->length = outpos; - return newdata; + *newdataptr = newdata; + return 0; } /* compare UTF8-strings, optionally ignore casing */ From ghudson at MIT.EDU Mon Feb 9 13:52:44 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 9 Feb 2009 13:52:44 -0500 (EST) Subject: svn rev #21924: trunk/src/lib/krb5/krb/ Message-ID: <200902091852.NAA13089@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21924 Commit By: ghudson Log Message: ticket: 6379 subject: Fix possible free of uninitialized value in walk_rtree tags: pullup target_version: 1.7 In rtree_hier_realms, if the first rtree_hier_tweens call failed, the cleanup handler would free stweens which had not been initialized. Initialize ctweens and stweens to NULL in the variable declarations to make the cleanup handler safe. Changed Files: U trunk/src/lib/krb5/krb/walk_rtree.c Modified: trunk/src/lib/krb5/krb/walk_rtree.c =================================================================== --- trunk/src/lib/krb5/krb/walk_rtree.c 2009-02-09 18:35:19 UTC (rev 21923) +++ trunk/src/lib/krb5/krb/walk_rtree.c 2009-02-09 18:52:40 UTC (rev 21924) @@ -365,7 +365,7 @@ { krb5_error_code retval; struct hstate c, s; - krb5_data *ctweens, *stweens, *twp, *r, *rp; + krb5_data *ctweens = NULL, *stweens = NULL, *twp, *r, *rp; size_t nctween, nstween; *realms = NULL; From tsitkova at MIT.EDU Mon Feb 9 14:07:10 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Mon, 9 Feb 2009 14:07:10 -0500 (EST) Subject: svn rev #21925: trunk/src/lib/krb5/os/ Message-ID: <200902091907.OAA13421@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21925 Commit By: tsitkova Log Message: Check if mem allocation was successful. Changed Files: U trunk/src/lib/krb5/os/init_os_ctx.c Modified: trunk/src/lib/krb5/os/init_os_ctx.c =================================================================== --- trunk/src/lib/krb5/os/init_os_ctx.c 2009-02-09 18:52:40 UTC (rev 21924) +++ trunk/src/lib/krb5/os/init_os_ctx.c 2009-02-09 19:07:09 UTC (rev 21925) @@ -1,7 +1,7 @@ /* * lib/krb5/os/init_ctx.c * - * Copyright 1994, 2007, 2008 by the Massachusetts Institute of Technology. + * Copyright 1994, 2007, 2008, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -30,7 +30,7 @@ #include "k5-int.h" #include "os-proto.h" -#include "prof_int.h" /* XXX for profile_copy, not public yet */ +#include "prof_int.h" /* XXX for profile_copy, not public yet */ #ifdef USE_KIM #include "kim_library_private.h" @@ -45,10 +45,8 @@ ) { UINT size = GetWindowsDirectory(0, 0); - *pname = malloc(size + 1 + - strlen(DEFAULT_PROFILE_FILENAME) + 1); - if (*pname) - { + *pname = malloc(size + strlen(DEFAULT_PROFILE_FILENAME) + 2); + if (*pname) { GetWindowsDirectory(*pname, size); strcat(*pname, "\\"); strcat(*pname, DEFAULT_PROFILE_FILENAME); @@ -65,8 +63,8 @@ { const DWORD size = 1024; /* fixed buffer */ int found = 0; - char *p; - char *name; + char *p = NULL; + char *name = NULL; struct _stat s; *pname = 0; @@ -91,7 +89,7 @@ if (found) *pname = name; else - if (name) free(name); + free(name); return 0; } @@ -118,8 +116,7 @@ const char *value_name = "config"; /* a wannabe assertion */ - if (!pbuffer) - { + if (!pbuffer) { /* * We have a programming error! For now, we segfault :) * There is no good mechanism to deal. @@ -128,26 +125,22 @@ *pbuffer = 0; if ((rc = RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE, - &hKey)) != ERROR_SUCCESS) - { + &hKey)) != ERROR_SUCCESS) { /* not a real error */ goto cleanup; } rc = RegQueryValueEx(hKey, value_name, 0, 0, 0, &size); - if ((rc != ERROR_SUCCESS) && (rc != ERROR_MORE_DATA)) - { + if ((rc != ERROR_SUCCESS) && (rc != ERROR_MORE_DATA)) { /* not a real error */ goto cleanup; } *pbuffer = malloc(size); - if (!*pbuffer) - { + if (!*pbuffer) { retval = ENOMEM; goto cleanup; } if ((rc = RegQueryValueEx(hKey, value_name, 0, 0, *pbuffer, &size)) != - ERROR_SUCCESS) - { + ERROR_SUCCESS) { /* * Let's not call it a real error in case it disappears, but * we need to free so that we say we did not find anything. @@ -159,8 +152,7 @@ cleanup: if (hKey) RegCloseKey(hKey); - if (retval && *pbuffer) - { + if (retval && *pbuffer) { free(*pbuffer); /* Let's say we did not find anything: */ *pbuffer = 0; @@ -179,7 +171,7 @@ return; for (cp = files; *cp; cp++) - free(*cp); + free(*cp); free(files); } @@ -193,35 +185,29 @@ krb5_error_code retval = 0; char *name = 0; - if (!secure) - { + if (!secure) { char *env = getenv("KRB5_CONFIG"); - if (env) - { + if (env) { name = strdup(env); if (!name) return ENOMEM; } } - if (!name && !secure) - { + if (!name && !secure) { /* HKCU */ retval = get_from_registry(&name, HKEY_CURRENT_USER); if (retval) return retval; } - if (!name) - { + if (!name) { /* HKLM */ retval = get_from_registry(&name, HKEY_LOCAL_MACHINE); if (retval) return retval; } - if (!name && !secure) - { + if (!name && !secure) { /* module dir */ retval = get_from_module_dir(&name); if (retval) return retval; } - if (!name) - { + if (!name) { /* windows dir */ retval = get_from_windows_dir(&name); } @@ -231,6 +217,8 @@ return KRB5_CONFIG_CANTOPEN; /* should never happen */ files = malloc(2 * sizeof(char *)); + if (!files) + return ENOMEM; files[0] = name; files[1] = 0; #else /* !_WIN32 */ @@ -241,12 +229,13 @@ #ifdef USE_KIM /* If kim_library_allow_home_directory_access() == FALSE, we are probably - trying to authenticate to a fileserver for the user's homedir. */ + * trying to authenticate to a fileserver for the user's homedir. + */ if (!kim_library_allow_home_directory_access ()) - secure = 1; + secure = 1; #endif if (secure) { - filepath = DEFAULT_SECURE_PROFILE_PATH; + filepath = DEFAULT_SECURE_PROFILE_PATH; } else { filepath = getenv("KRB5_CONFIG"); if (!filepath) filepath = DEFAULT_PROFILE_PATH; @@ -264,8 +253,7 @@ return ENOMEM; /* measure, copy, and skip each one */ - for(s = filepath, i=0; (t = strchr(s, ':')) || (t=s+strlen(s)); s=t+1, i++) - { + for(s = filepath, i=0; (t = strchr(s, ':')) || (t=s+strlen(s)); s=t+1, i++) { ent_len = t-s; files[i] = (char*) malloc(ent_len + 1); if (files[i] == 0) { @@ -291,26 +279,26 @@ static krb5_error_code add_kdc_config_file(profile_filespec_t **pfiles) { - char *file; - size_t count; + char *file = NULL; + size_t count = 0; profile_filespec_t *newfiles; file = getenv(KDC_PROFILE_ENV); if (file == NULL) - file = DEFAULT_KDC_PROFILE; + file = DEFAULT_KDC_PROFILE; for (count = 0; (*pfiles)[count]; count++) - ; + ; count += 2; newfiles = malloc(count * sizeof(*newfiles)); if (newfiles == NULL) - return ENOMEM; + return ENOMEM; memcpy(newfiles + 1, *pfiles, (count-1) * sizeof(*newfiles)); newfiles[0] = strdup(file); if (newfiles[0] == NULL) { - int e = ENOMEM; - free(newfiles); - return e; + int e = ENOMEM; + free(newfiles); + return e; } free(*pfiles); *pfiles = newfiles; @@ -325,7 +313,7 @@ static krb5_error_code os_init_paths(krb5_context ctx, krb5_boolean kdc) { - krb5_error_code retval = 0; + krb5_error_code retval = 0; profile_filespec_t *files = 0; krb5_boolean secure = ctx->profile_secure; @@ -336,11 +324,11 @@ retval = os_get_default_config_files(&files, secure); if (retval == 0 && kdc) - retval = add_kdc_config_file(&files); + retval = add_kdc_config_file(&files); if (!retval) { - retval = profile_init((const_profile_filespec_t *) files, - &ctx->profile); + retval = profile_init((const_profile_filespec_t *) files, + &ctx->profile); #ifdef KRB5_DNS_LOOKUP /* if none of the filenames can be opened use an empty profile */ @@ -374,66 +362,66 @@ krb5_error_code krb5_os_init_context(krb5_context ctx, krb5_boolean kdc) { - krb5_os_context os_ctx; - krb5_error_code retval = 0; + krb5_os_context os_ctx; + krb5_error_code retval = 0; #ifdef _WIN32 WORD wVersionRequested; WSADATA wsaData; #endif /* _WIN32 */ - os_ctx = &ctx->os_context; - os_ctx->magic = KV5M_OS_CONTEXT; - os_ctx->time_offset = 0; - os_ctx->usec_offset = 0; - os_ctx->os_flags = 0; - os_ctx->default_ccname = 0; + os_ctx = &ctx->os_context; + os_ctx->magic = KV5M_OS_CONTEXT; + os_ctx->time_offset = 0; + os_ctx->usec_offset = 0; + os_ctx->os_flags = 0; + os_ctx->default_ccname = 0; - ctx->vtbl = 0; - PLUGIN_DIR_INIT(&ctx->libkrb5_plugins); - PLUGIN_DIR_INIT(&ctx->preauth_plugins); - ctx->preauth_context = NULL; + ctx->vtbl = 0; + PLUGIN_DIR_INIT(&ctx->libkrb5_plugins); + PLUGIN_DIR_INIT(&ctx->preauth_plugins); + ctx->preauth_context = NULL; - retval = os_init_paths(ctx, kdc); - /* - * If there's an error in the profile, return an error. Just - * ignoring the error is a Bad Thing (tm). - */ + retval = os_init_paths(ctx, kdc); + /* + * If there's an error in the profile, return an error. Just + * ignoring the error is a Bad Thing (tm). + */ - if (!retval) { - krb5_cc_set_default_name(ctx, NULL); + if (!retval) { + krb5_cc_set_default_name(ctx, NULL); #ifdef _WIN32 - /* We initialize winsock to version 1.1 but - * we do not care if we succeed or fail. - */ - wVersionRequested = 0x0101; - WSAStartup (wVersionRequested, &wsaData); + /* We initialize winsock to version 1.1 but + * we do not care if we succeed or fail. + */ + wVersionRequested = 0x0101; + WSAStartup (wVersionRequested, &wsaData); #endif /* _WIN32 */ - } - return retval; + } + return retval; } krb5_error_code KRB5_CALLCONV krb5_get_profile (krb5_context ctx, profile_t *profile) { return profile_copy (ctx->profile, profile); -} +} krb5_error_code krb5_set_config_files(krb5_context ctx, const char **filenames) { - krb5_error_code retval; - profile_t profile; - - retval = profile_init(filenames, &profile); - if (retval) - return retval; + krb5_error_code retval = 0; + profile_t profile; + + retval = profile_init(filenames, &profile); + if (retval) + return retval; - if (ctx->profile) - profile_release(ctx->profile); - ctx->profile = profile; + if (ctx->profile) + profile_release(ctx->profile); + ctx->profile = profile; - return 0; + return 0; } krb5_error_code KRB5_CALLCONV @@ -454,50 +442,50 @@ krb5_error_code krb5_secure_config_files(krb5_context ctx) { - /* Obsolete interface; always return an error. + /* Obsolete interface; always return an error. + * This function should be removed next time a major version + * number change happens. + */ + krb5_error_code retval = 0; + + if (ctx->profile) { + profile_release(ctx->profile); + ctx->profile = 0; + } - This function should be removed next time a major version - number change happens. */ - krb5_error_code retval; - - if (ctx->profile) { - profile_release(ctx->profile); - ctx->profile = 0; - } + ctx->profile_secure = TRUE; + retval = os_init_paths(ctx, FALSE); + if (retval) + return retval; - ctx->profile_secure = TRUE; - retval = os_init_paths(ctx, FALSE); - if (retval) - return retval; - - return KRB5_OBSOLETE_FN; + return KRB5_OBSOLETE_FN; } void krb5_os_free_context(krb5_context ctx) { - krb5_os_context os_ctx; + krb5_os_context os_ctx; - os_ctx = &ctx->os_context; - - if (os_ctx->default_ccname) { - free(os_ctx->default_ccname); - os_ctx->default_ccname = 0; - } + os_ctx = &ctx->os_context; + + if (os_ctx->default_ccname) { + free(os_ctx->default_ccname); + os_ctx->default_ccname = 0; + } - os_ctx->magic = 0; + os_ctx->magic = 0; - if (ctx->profile) { - profile_release(ctx->profile); - ctx->profile = 0; - } + if (ctx->profile) { + profile_release(ctx->profile); + ctx->profile = 0; + } - if (ctx->preauth_context) { - krb5_free_preauth_context(ctx); - ctx->preauth_context = NULL; - } - krb5int_close_plugin_dirs (&ctx->preauth_plugins); - krb5int_close_plugin_dirs (&ctx->libkrb5_plugins); + if (ctx->preauth_context) { + krb5_free_preauth_context(ctx); + ctx->preauth_context = NULL; + } + krb5int_close_plugin_dirs (&ctx->preauth_plugins); + krb5int_close_plugin_dirs (&ctx->libkrb5_plugins); #ifdef _WIN32 WSACleanup(); From raeburn at MIT.EDU Mon Feb 9 15:39:56 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 15:39:56 -0500 (EST) Subject: svn rev #21926: trunk/src/lib/krb5/krb/ Message-ID: <200902092039.PAA14992@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21926 Commit By: raeburn Log Message: ticket: 6377 Fix one more case of an explicit null check before calling a free function that does the null check. Also, use krb5_free_keyblock_contents instead of open-coding all the work (and not trying hard enough to clear the memory). Changed Files: U trunk/src/lib/krb5/krb/kfree.c Modified: trunk/src/lib/krb5/krb/kfree.c =================================================================== --- trunk/src/lib/krb5/krb/kfree.c 2009-02-09 19:07:09 UTC (rev 21925) +++ trunk/src/lib/krb5/krb/kfree.c 2009-02-09 20:39:54 UTC (rev 21926) @@ -60,8 +60,7 @@ { if (val == NULL) return; - if (val->contents) - free(val->contents); + free(val->contents); free(val); } @@ -188,11 +187,7 @@ val->client = 0; krb5_free_principal(context, val->server); val->server = 0; - if (val->keyblock.contents) { - memset(val->keyblock.contents, 0, val->keyblock.length); - free(val->keyblock.contents); - val->keyblock.contents = 0; - } + krb5_free_keyblock_contents(context, &val->keyblock); free(val->ticket.data); val->ticket.data = 0; free(val->second_ticket.data); From ghudson at MIT.EDU Mon Feb 9 16:25:54 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 9 Feb 2009 16:25:54 -0500 (EST) Subject: svn rev #21928: trunk/src/lib/krb5/asn.1/ Message-ID: <200902092125.QAA15890@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21928 Commit By: ghudson Log Message: Make asn1buf_destroy return void, since it's a free function. In krb5_encode.c functions, make *code well-defined in case of error, and clean up some memory leaks. Changed Files: U trunk/src/lib/krb5/asn.1/asn1buf.c U trunk/src/lib/krb5/asn.1/asn1buf.h U trunk/src/lib/krb5/asn.1/krb5_encode.c Modified: trunk/src/lib/krb5/asn.1/asn1buf.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1buf.c 2009-02-09 21:23:00 UTC (rev 21927) +++ trunk/src/lib/krb5/asn.1/asn1buf.c 2009-02-09 21:25:53 UTC (rev 21928) @@ -154,14 +154,13 @@ return 0; } -asn1_error_code asn1buf_destroy(asn1buf **buf) +void asn1buf_destroy(asn1buf **buf) { if (*buf != NULL) { free((*buf)->base); free(*buf); *buf = NULL; } - return 0; } #ifdef asn1buf_insert_octet Modified: trunk/src/lib/krb5/asn.1/asn1buf.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1buf.h 2009-02-09 21:23:00 UTC (rev 21927) +++ trunk/src/lib/krb5/asn.1/asn1buf.h 2009-02-09 21:25:53 UTC (rev 21928) @@ -129,7 +129,7 @@ constructed indefinite sequence. effects skips trailing fields. */ -asn1_error_code asn1buf_destroy +void asn1buf_destroy (asn1buf **buf); /* effects Deallocates **buf, sets *buf to NULL. */ Modified: trunk/src/lib/krb5/asn.1/krb5_encode.c =================================================================== --- trunk/src/lib/krb5/asn.1/krb5_encode.c 2009-02-09 21:23:00 UTC (rev 21927) +++ trunk/src/lib/krb5/asn.1/krb5_encode.c 2009-02-09 21:25:53 UTC (rev 21928) @@ -44,7 +44,10 @@ asn1_error_code retval;\ unsigned int length, sum = 0;\ asn1buf *buf=NULL;\ + krb5_data *tmpcode;\ \ + *code = NULL;\ +\ if (rep == NULL) return ASN1_MISSING_FIELD;\ \ retval = asn1buf_create(&buf);\ @@ -52,21 +55,19 @@ /* produce the final output and clean up the workspace */ #define krb5_cleanup()\ - retval = asn12krb5_buf(buf,code);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - retval = asn1buf_destroy(&buf);\ - if (retval) {\ - return retval; }\ -\ + retval = asn12krb5_buf(buf,&tmpcode);\ +error:\ + asn1buf_destroy(&buf);\ + if (retval)\ + return retval;\ + *code = tmpcode;\ return 0 krb5_error_code encode_krb5_pa_pk_as_req(const krb5_pa_pk_as_req *rep, krb5_data **code) { krb5_setup(); retval = asn1_encode_pa_pk_as_req(buf,rep,&length); - if (retval) return retval; + if (retval) goto error; sum += length; krb5_cleanup(); } @@ -75,7 +76,7 @@ { krb5_setup(); retval = asn1_encode_pa_pk_as_req_draft9(buf,rep,&length); - if (retval) return retval; + if (retval) goto error; sum += length; krb5_cleanup(); } @@ -84,7 +85,7 @@ { krb5_setup(); retval = asn1_encode_pa_pk_as_rep(buf,rep,&length); - if (retval) return retval; + if (retval) goto error; sum += length; krb5_cleanup(); } @@ -93,7 +94,7 @@ { krb5_setup(); retval = asn1_encode_pa_pk_as_rep_draft9(buf,rep,&length); - if (retval) return retval; + if (retval) goto error; sum += length; krb5_cleanup(); } @@ -102,7 +103,7 @@ { krb5_setup(); retval = asn1_encode_auth_pack(buf,rep,&length); - if (retval) return retval; + if (retval) goto error; sum += length; krb5_cleanup(); } @@ -111,7 +112,7 @@ { krb5_setup(); retval = asn1_encode_auth_pack_draft9(buf,rep,&length); - if (retval) return retval; + if (retval) goto error; sum += length; krb5_cleanup(); } @@ -120,7 +121,7 @@ { krb5_setup(); retval = asn1_encode_kdc_dh_key_info(buf,rep,&length); - if (retval) return retval; + if (retval) goto error; sum += length; krb5_cleanup(); } @@ -129,7 +130,7 @@ { krb5_setup(); retval = asn1_encode_reply_key_pack(buf,rep,&length); - if (retval) return retval; + if (retval) goto error; sum += length; krb5_cleanup(); } @@ -138,7 +139,7 @@ { krb5_setup(); retval = asn1_encode_reply_key_pack_draft9(buf,rep,&length); - if (retval) return retval; + if (retval) goto error; sum += length; krb5_cleanup(); } @@ -147,7 +148,7 @@ { krb5_setup(); retval = asn1_encode_td_trusted_certifiers(buf,rep,&length); - if (retval) return retval; + if (retval) goto error; sum += length; krb5_cleanup(); } @@ -156,7 +157,7 @@ { krb5_setup(); retval = asn1_encode_sequence_of_typed_data(buf,rep,&length); - if (retval) return retval; + if (retval) goto error; sum += length; krb5_cleanup(); } @@ -165,7 +166,7 @@ { krb5_setup(); retval = asn1_encode_sequence_of_algorithm_identifier(buf,rep,&length); - if (retval) return retval; + if (retval) goto error; sum += length; krb5_cleanup(); } From ghudson at MIT.EDU Mon Feb 9 16:23:01 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 9 Feb 2009 16:23:01 -0500 (EST) Subject: svn rev #21927: trunk/src/lib/krb5/asn.1/ Message-ID: <200902092123.QAA15773@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21927 Commit By: ghudson Log Message: In asn1_k_encode.c, stop inconsistently destroying buf on some errors. It belongs to the caller. Changed Files: U trunk/src/lib/krb5/asn.1/asn1_k_encode.c Modified: trunk/src/lib/krb5/asn.1/asn1_k_encode.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_encode.c 2009-02-09 20:39:54 UTC (rev 21926) +++ trunk/src/lib/krb5/asn.1/asn1_k_encode.c 2009-02-09 21:23:00 UTC (rev 21927) @@ -1304,12 +1304,10 @@ { unsigned int length; \ retval = encoder(buf,len,value,&length); \ if (retval) {\ - asn1buf_destroy(&buf);\ return retval; }\ sum += length;\ retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ if (retval) {\ - asn1buf_destroy(&buf);\ return retval; }\ sum += length; } @@ -1402,10 +1400,8 @@ if (val->parameters.length != 0) { retval = asn1buf_insert_octetstring(buf, val->parameters.length, val->parameters.data); - if (retval) { - asn1buf_destroy(&buf); + if (retval) return retval; - } sum += val->parameters.length; } @@ -1415,10 +1411,8 @@ val->algorithm.data, &length); - if (retval) { - asn1buf_destroy(&buf); + if (retval) return retval; - } sum += length; } @@ -1440,20 +1434,16 @@ retval = asn1buf_insert_octetstring(buf, val->algorithm.parameters.length, val->algorithm.parameters.data); - if (retval) { - asn1buf_destroy(&buf); + if (retval) return retval; - } sum += val->algorithm.parameters.length; retval = asn1_encode_oid(buf, val->algorithm.algorithm.length, val->algorithm.algorithm.data, &length); - if (retval) { - asn1buf_destroy(&buf); + if (retval) return retval; - } sum += length; @@ -1461,10 +1451,8 @@ val->algorithm.parameters.length + length, &length); - if (retval) { - asn1buf_destroy(&buf); + if (retval) return retval; - } sum += length; } @@ -1661,10 +1649,8 @@ retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, val->subjectPublicKey.length + 1 + length, &length); - if (retval) { - asn1buf_destroy(&buf); + if (retval) return retval; - } sum += length; } @@ -1738,10 +1724,8 @@ { unsigned int length; retval = asn1_encode_sequence_of_external_principal_identifier(buf, val, &length); - if (retval) { - asn1buf_destroy(&buf); + if (retval) return retval; - } /* length set but ignored? sum not updated? */ } asn1_cleanup(); From raeburn at MIT.EDU Mon Feb 9 17:20:15 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 17:20:15 -0500 (EST) Subject: svn rev #21929: trunk/src/ lib/ lib/crypto/ lib/gssapi/ lib/kadm5/clnt/ lib/kadm5/srv/ ... Message-ID: <200902092220.RAA17862@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21929 Commit By: raeburn Log Message: Ignore files generated by in-place build on Mac. Changed Files: _U trunk/src/lib/ _U trunk/src/lib/crypto/ _U trunk/src/lib/gssapi/ _U trunk/src/lib/kadm5/clnt/ _U trunk/src/lib/kadm5/srv/ _U trunk/src/lib/kdb/ _U trunk/src/lib/krb5/ _U trunk/src/lib/krb5/unicode/ _U trunk/src/lib/rpc/ _U trunk/src/plugins/kdb/db2/ _U trunk/src/plugins/kdb/db2/libdb2/ _U trunk/src/tests/misc/ _U trunk/src/util/et/ _U trunk/src/util/profile/ _U trunk/src/util/support/ Property changes on: trunk/src/lib ___________________________________________________________________ Name: svn:ignore - k5sprt32.def Makefile lib*.a lib*.so lib*.so.* + *.dylib k5sprt32.def Makefile lib*.a lib*.so lib*.so.* Property changes on: trunk/src/lib/crypto ___________________________________________________________________ Name: svn:ignore - t_nfold t_encrypt t_prng t_prng.output t_hmac t_pkcs5 lib*.so.* Makefile *.so OBJS.* binutils.versions t_prf + darwin.exports *.dylib t_nfold t_encrypt t_prng t_prng.output t_hmac t_pkcs5 lib*.so.* Makefile *.so OBJS.* binutils.versions t_prf Property changes on: trunk/src/lib/gssapi ___________________________________________________________________ Name: svn:ignore - lib*.so.* Makefile *.so OBJS.* binutils.versions merged-gssapi-header.h + darwin.exports *.dylib lib*.so.* Makefile *.so OBJS.* binutils.versions merged-gssapi-header.h Property changes on: trunk/src/lib/kadm5/clnt ___________________________________________________________________ Name: svn:ignore - lib*.so.* Makefile *.so OBJS.* binutils.versions + darwin.exports *.dylib lib*.so.* Makefile *.so OBJS.* binutils.versions Property changes on: trunk/src/lib/kadm5/srv ___________________________________________________________________ Name: svn:ignore - lib*.so.* Makefile *.so OBJS.* binutils.versions + darwin.exports *.dylib lib*.so.* Makefile *.so OBJS.* binutils.versions Property changes on: trunk/src/lib/kdb ___________________________________________________________________ Name: svn:ignore - t_kdb lib*.so.* Makefile *.so OBJS.* binutils.versions adb_err.* + darwin.exports *.dylib t_kdb lib*.so.* Makefile *.so OBJS.* binutils.versions adb_err.* Property changes on: trunk/src/lib/krb5 ___________________________________________________________________ Name: svn:ignore - lib*.so.* Makefile *.so OBJS.* binutils.versions + darwin.exports *.dylib lib*.so.* Makefile *.so OBJS.* binutils.versions Property changes on: trunk/src/lib/krb5/unicode ___________________________________________________________________ Name: svn:ignore + .links Makefile OBJS.* ucdata.c ucdata.h *.so ucgendat.c uctable.h ure.c ure.h urestubs.c Makefile test_getpw test_cxx_krb5 test_cxx_rpc test_cxx_gss Property changes on: trunk/src/lib/rpc ___________________________________________________________________ Name: svn:ignore - types.h types.stamp dyntest lib*.so.* Makefile *.so OBJS.* binutils.versions + *.dylib darwin.exports types.h types.stamp dyntest lib*.so.* Makefile *.so OBJS.* binutils.versions Property changes on: trunk/src/plugins/kdb/db2 ___________________________________________________________________ Name: svn:ignore - configure autom4te.cache Makefile config.status config.log *.so OBJS.* binutils.versions + darwin.exports configure autom4te.cache Makefile config.status config.log *.so OBJS.* binutils.versions Property changes on: trunk/src/plugins/kdb/db2/libdb2 ___________________________________________________________________ Name: svn:ignore - lib*.so.* *.so Makefile binutils.versions + darwin.exports *.dylib lib*.so.* *.so Makefile binutils.versions Property changes on: trunk/src/tests/misc ___________________________________________________________________ Name: svn:ignore - Makefile test_getpw test_cxx_krb5 test_cxx_rpc test_cxx_gss + test_cxx_k5int Makefile test_getpw test_cxx_krb5 test_cxx_rpc test_cxx_gss Property changes on: trunk/src/util/et ___________________________________________________________________ Name: svn:ignore - compile_et et1.h et1.c et2.h et2.c t_com_err test1.h test1.c test2.h test2.c test_et lib*.so.* et_lex.lex.c Makefile *.so OBJS.* binutils.versions + darwin.exports *.dylib compile_et et1.h et1.c et2.h et2.c t_com_err test1.h test1.c test2.h test2.c test_et lib*.so.* et_lex.lex.c Makefile *.so OBJS.* binutils.versions Property changes on: trunk/src/util/profile ___________________________________________________________________ Name: svn:ignore - prof_err.h prtest prof_err.c profile.h test_parse test_profile lib*.so.* Makefile *.so OBJS.* binutils.versions test?.ini lib*.a *.bak profile_tcl + darwin.exports *.dylib prof_err.h prtest prof_err.c profile.h test_parse test_profile lib*.so.* Makefile *.so OBJS.* binutils.versions test?.ini lib*.a *.bak profile_tcl Property changes on: trunk/src/util/support ___________________________________________________________________ Name: svn:ignore - Makefile *.so OBJS.* lib*.so.* binutils.versions libkrb5support.exports t_k5buf + darwin.exports *.dylib Makefile *.so OBJS.* lib*.so.* binutils.versions libkrb5support.exports t_k5buf From raeburn at MIT.EDU Mon Feb 9 17:22:26 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 17:22:26 -0500 (EST) Subject: svn rev #21930: trunk/src/kadmin/passwd/ Message-ID: <200902092222.RAA17980@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21930 Commit By: raeburn Log Message: Rename X11 resource file to avoid name conflict on Mac in in-place build. Changed Files: D trunk/src/kadmin/passwd/Kpasswd A trunk/src/kadmin/passwd/Kpasswd.res Deleted: trunk/src/kadmin/passwd/Kpasswd Copied: trunk/src/kadmin/passwd/Kpasswd.res (from rev 19571, trunk/src/kadmin/passwd/Kpasswd) From raeburn at MIT.EDU Mon Feb 9 17:31:18 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 17:31:18 -0500 (EST) Subject: svn rev #21931: trunk/src/ ccapi/ ccapi/lib/win/ ccapi/server/win/ ccapi/test/ ... Message-ID: <200902092231.RAA18212@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21931 Commit By: raeburn Log Message: Ignore some stuff generated for KfW build. Changed Files: _U trunk/src/ccapi/ _U trunk/src/ccapi/lib/win/ _U trunk/src/ccapi/server/win/ _U trunk/src/ccapi/test/ _U trunk/src/clients/kcpytkt/ _U trunk/src/clients/kdeltkt/ _U trunk/src/lib/crypto/crc32/ _U trunk/src/lib/crypto/des/ _U trunk/src/lib/crypto/hash_provider/ _U trunk/src/lib/crypto/old/ _U trunk/src/lib/crypto/raw/ _U trunk/src/lib/crypto/yarrow/ _U trunk/src/lib/gssapi/ _U trunk/src/lib/gssapi/generic/ _U trunk/src/lib/gssapi/krb5/ _U trunk/src/lib/gssapi/mechglue/ _U trunk/src/lib/gssapi/spnego/ _U trunk/src/lib/krb5/ _U trunk/src/lib/krb5/asn.1/ _U trunk/src/lib/krb5/ccache/ _U trunk/src/lib/krb5/ccache/ccapi/ _U trunk/src/lib/krb5/error_tables/ _U trunk/src/lib/krb5/keytab/ _U trunk/src/lib/krb5/krb/ _U trunk/src/lib/krb5/os/ _U trunk/src/lib/krb5/posix/ _U trunk/src/lib/krb5/rcache/ _U trunk/src/lib/krb5/unicode/ _U trunk/src/util/windows/ _U trunk/src/windows/ _U trunk/src/windows/cns/ _U trunk/src/windows/gina/ _U trunk/src/windows/gss/ _U trunk/src/windows/kfwlogon/ _U trunk/src/windows/lib/ _U trunk/src/windows/ms2mit/ _U trunk/src/windows/wintel/ Property changes on: trunk/src/ccapi ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/ccapi/lib/win ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/ccapi/server/win ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/ccapi/test ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/clients/kcpytkt ___________________________________________________________________ Name: svn:ignore - kcpytkt + Makefile kcpytkt Property changes on: trunk/src/clients/kdeltkt ___________________________________________________________________ Name: svn:ignore - kdeltkt + Makefile kdeltkt Property changes on: trunk/src/lib/crypto/crc32 ___________________________________________________________________ Name: svn:ignore - t_crc Makefile *.so OBJS.* + obj t_crc Makefile *.so OBJS.* Property changes on: trunk/src/lib/crypto/des ___________________________________________________________________ Name: svn:ignore - verify destest t_afss2k Makefile *.so OBJS.* + obj verify destest t_afss2k Makefile *.so OBJS.* Property changes on: trunk/src/lib/crypto/hash_provider ___________________________________________________________________ Name: svn:ignore - Makefile *.so OBJS.* + obj Makefile *.so OBJS.* Property changes on: trunk/src/lib/crypto/old ___________________________________________________________________ Name: svn:ignore - Makefile *.so OBJS.* + obj Makefile *.so OBJS.* Property changes on: trunk/src/lib/crypto/raw ___________________________________________________________________ Name: svn:ignore - Makefile *.so OBJS.* + obj Makefile *.so OBJS.* Property changes on: trunk/src/lib/crypto/yarrow ___________________________________________________________________ Name: svn:ignore - Makefile *.so OBJS.* + obj Makefile *.so OBJS.* Property changes on: trunk/src/lib/gssapi ___________________________________________________________________ Name: svn:ignore - darwin.exports *.dylib lib*.so.* Makefile *.so OBJS.* binutils.versions merged-gssapi-header.h + obj darwin.exports *.dylib lib*.so.* Makefile *.so OBJS.* binutils.versions merged-gssapi-header.h Property changes on: trunk/src/lib/gssapi/generic ___________________________________________________________________ Name: svn:ignore - gssapi_err_generic.h gssapi_err_generic.c gssapi.h Makefile *.so OBJS.* errmap.h + obj gssapi_err_generic.h gssapi_err_generic.c gssapi.h Makefile *.so OBJS.* errmap.h Property changes on: trunk/src/lib/gssapi/krb5 ___________________________________________________________________ Name: svn:ignore - gssapi_err_krb5.h gssapi_err_krb5.c gssapi_krb5.h Makefile *.so OBJS.* error_map.h + obj gssapi_err_krb5.h gssapi_err_krb5.c gssapi_krb5.h Makefile *.so OBJS.* error_map.h Property changes on: trunk/src/lib/gssapi/mechglue ___________________________________________________________________ Name: svn:ignore - *.so Makefile OBJS.* + obj *.so Makefile OBJS.* Property changes on: trunk/src/lib/gssapi/spnego ___________________________________________________________________ Name: svn:ignore - *.so Makefile OBJS.* + obj *.so Makefile OBJS.* Property changes on: trunk/src/lib/krb5 ___________________________________________________________________ Name: svn:ignore - darwin.exports *.dylib lib*.so.* Makefile *.so OBJS.* binutils.versions + obj darwin.exports *.dylib lib*.so.* Makefile *.so OBJS.* binutils.versions Property changes on: trunk/src/lib/krb5/asn.1 ___________________________________________________________________ Name: svn:ignore - Makefile *.so OBJS.* + obj Makefile *.so OBJS.* Property changes on: trunk/src/lib/krb5/ccache ___________________________________________________________________ Name: svn:ignore - t_cc t_cccursor Makefile *.so OBJS.* + obj t_cc t_cccursor Makefile *.so OBJS.* Property changes on: trunk/src/lib/krb5/ccache/ccapi ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/lib/krb5/error_tables ___________________________________________________________________ Name: svn:ignore - asn1_err.h asn1_err.c kdb5_err.h kdb5_err.c krb5_err.h krb5_err.c kv5m_err.h kv5m_err.c adm_err.h adm_err.c krb524_err.c krb524_err.h Makefile *.so OBJS.* + obj asn1_err.h asn1_err.c kdb5_err.h kdb5_err.c krb5_err.h krb5_err.c kv5m_err.h kv5m_err.c adm_err.h adm_err.c krb524_err.c krb524_err.h Makefile *.so OBJS.* Property changes on: trunk/src/lib/krb5/keytab ___________________________________________________________________ Name: svn:ignore - Makefile *.so OBJS.* t_keytab + obj Makefile *.so OBJS.* t_keytab Property changes on: trunk/src/lib/krb5/krb ___________________________________________________________________ Name: svn:ignore - t_walk_rtree t_kerb t_ser t_deltat t_expand Makefile *.so OBJS.* deltat.output + obj t_walk_rtree t_kerb t_ser t_deltat t_expand Makefile *.so OBJS.* deltat.output Property changes on: trunk/src/lib/krb5/os ___________________________________________________________________ Name: svn:ignore - t_std_conf t_an_to_ln t_locate_kdc Makefile *.so OBJS.* + obj t_std_conf t_an_to_ln t_locate_kdc Makefile *.so OBJS.* Property changes on: trunk/src/lib/krb5/posix ___________________________________________________________________ Name: svn:ignore - Makefile *.so OBJS.* + obj Makefile *.so OBJS.* Property changes on: trunk/src/lib/krb5/rcache ___________________________________________________________________ Name: svn:ignore - Makefile *.so OBJS.* + obj Makefile *.so OBJS.* Property changes on: trunk/src/lib/krb5/unicode ___________________________________________________________________ Name: svn:ignore - .links Makefile OBJS.* ucdata.c ucdata.h *.so ucgendat.c uctable.h ure.c ure.h urestubs.c Makefile test_getpw test_cxx_krb5 test_cxx_rpc test_cxx_gss + obj .links Makefile OBJS.* ucdata.c ucdata.h *.so ucgendat.c uctable.h ure.c ure.h urestubs.c Makefile test_getpw test_cxx_krb5 test_cxx_rpc test_cxx_gss Property changes on: trunk/src/util/windows ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/windows ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/windows/cns ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/windows/gina ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/windows/gss ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/windows/kfwlogon ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/windows/lib ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/windows/ms2mit ___________________________________________________________________ Name: svn:ignore + Makefile Property changes on: trunk/src/windows/wintel ___________________________________________________________________ Name: svn:ignore + Makefile From raeburn at MIT.EDU Mon Feb 9 17:34:33 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 17:34:33 -0500 (EST) Subject: svn rev #21932: trunk/src/ ccapi/ ccapi/lib/win/ lib/ lib/crypto/ lib/crypto/aes/ ... Message-ID: <200902092234.RAA18349@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21932 Commit By: raeburn Log Message: More KfW generated stuff. Changed Files: _U trunk/src/ _U trunk/src/ccapi/ _U trunk/src/ccapi/lib/win/ _U trunk/src/lib/ _U trunk/src/lib/crypto/ _U trunk/src/lib/crypto/aes/ _U trunk/src/lib/crypto/arcfour/ _U trunk/src/lib/crypto/dk/ _U trunk/src/lib/crypto/enc_provider/ _U trunk/src/lib/crypto/keyhash_provider/ _U trunk/src/lib/crypto/md4/ _U trunk/src/lib/crypto/md5/ _U trunk/src/lib/crypto/sha1/ _U trunk/src/lib/krb5/ccache/ccapi/ _U trunk/src/util/et/ _U trunk/src/util/profile/ _U trunk/src/util/windows/ Property changes on: trunk/src ___________________________________________________________________ Name: svn:ignore - kerbsrc.zip kerbsrc.mac.tar kerbsrc-nt.zip config.cache krb5-config krb5-stamp-h configure autom4te.cache Makefile config.log config.status config.status.lineno + obj kerbsrc.zip kerbsrc.mac.tar kerbsrc-nt.zip config.cache krb5-config krb5-stamp-h configure autom4te.cache Makefile config.log config.status config.status.lineno Property changes on: trunk/src/ccapi ___________________________________________________________________ Name: svn:ignore - Makefile + obj Makefile Property changes on: trunk/src/ccapi/lib/win ___________________________________________________________________ Name: svn:ignore - Makefile + obj Makefile Property changes on: trunk/src/lib ___________________________________________________________________ Name: svn:ignore - *.dylib k5sprt32.def Makefile lib*.a lib*.so lib*.so.* + obj *.dylib k5sprt32.def Makefile lib*.a lib*.so lib*.so.* Property changes on: trunk/src/lib/crypto ___________________________________________________________________ Name: svn:ignore - darwin.exports *.dylib t_nfold t_encrypt t_prng t_prng.output t_hmac t_pkcs5 lib*.so.* Makefile *.so OBJS.* binutils.versions t_prf + obj darwin.exports *.dylib t_nfold t_encrypt t_prng t_prng.output t_hmac t_pkcs5 lib*.so.* Makefile *.so OBJS.* binutils.versions t_prf Property changes on: trunk/src/lib/crypto/aes ___________________________________________________________________ Name: svn:ignore - aes-gen aes-test kresults.out vk.txt vt.txt Makefile *.so OBJS.* + obj aes-gen aes-test kresults.out vk.txt vt.txt Makefile *.so OBJS.* Property changes on: trunk/src/lib/crypto/arcfour ___________________________________________________________________ Name: svn:ignore - Makefile *.so OBJS.* + obj Makefile *.so OBJS.* Property changes on: trunk/src/lib/crypto/dk ___________________________________________________________________ Name: svn:ignore - Makefile *.so OBJS.* + obj Makefile *.so OBJS.* Property changes on: trunk/src/lib/crypto/enc_provider ___________________________________________________________________ Name: svn:ignore - Makefile *.so OBJS.* + obj Makefile *.so OBJS.* Property changes on: trunk/src/lib/crypto/keyhash_provider ___________________________________________________________________ Name: svn:ignore - t_cksum4 t_cksum5 Makefile *.so OBJS.* + obj t_cksum4 t_cksum5 Makefile *.so OBJS.* Property changes on: trunk/src/lib/crypto/md4 ___________________________________________________________________ Name: svn:ignore - t_mddriver.c t_mddriver Makefile *.so OBJS.* + obj t_mddriver.c t_mddriver Makefile *.so OBJS.* Property changes on: trunk/src/lib/crypto/md5 ___________________________________________________________________ Name: svn:ignore - t_mddriver Makefile *.so OBJS.* + obj t_mddriver Makefile *.so OBJS.* Property changes on: trunk/src/lib/crypto/sha1 ___________________________________________________________________ Name: svn:ignore - t_shs t_shs3 Makefile *.so OBJS.* + obj t_shs t_shs3 Makefile *.so OBJS.* Property changes on: trunk/src/lib/krb5/ccache/ccapi ___________________________________________________________________ Name: svn:ignore - Makefile + obj Makefile Property changes on: trunk/src/util/et ___________________________________________________________________ Name: svn:ignore - darwin.exports *.dylib compile_et et1.h et1.c et2.h et2.c t_com_err test1.h test1.c test2.h test2.c test_et lib*.so.* et_lex.lex.c Makefile *.so OBJS.* binutils.versions + obj darwin.exports *.dylib compile_et et1.h et1.c et2.h et2.c t_com_err test1.h test1.c test2.h test2.c test_et lib*.so.* et_lex.lex.c Makefile *.so OBJS.* binutils.versions Property changes on: trunk/src/util/profile ___________________________________________________________________ Name: svn:ignore - darwin.exports *.dylib prof_err.h prtest prof_err.c profile.h test_parse test_profile lib*.so.* Makefile *.so OBJS.* binutils.versions test?.ini lib*.a *.bak profile_tcl + obj darwin.exports *.dylib prof_err.h prtest prof_err.c profile.h test_parse test_profile lib*.so.* Makefile *.so OBJS.* binutils.versions test?.ini lib*.a *.bak profile_tcl Property changes on: trunk/src/util/windows ___________________________________________________________________ Name: svn:ignore - Makefile + obj Makefile From raeburn at MIT.EDU Mon Feb 9 17:38:32 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 17:38:32 -0500 (EST) Subject: svn rev #21933: trunk/src/ ccapi/lib/ ccapi/lib/win/ include/ util/support/ Message-ID: <200902092238.RAA18509@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21933 Commit By: raeburn Log Message: More KfW generated stuff. Changed Files: _U trunk/src/ccapi/lib/ _U trunk/src/ccapi/lib/win/ _U trunk/src/include/ _U trunk/src/util/support/ Property changes on: trunk/src/ccapi/lib ___________________________________________________________________ Name: svn:ignore + ccapi_err.c ccapi_err.h Property changes on: trunk/src/ccapi/lib/win ___________________________________________________________________ Name: svn:ignore - obj Makefile + srctmp obj Makefile Property changes on: trunk/src/include ___________________________________________________________________ Name: svn:ignore - com_err.h ss profile.h libpty.h db.h db-config.h db-ndbm.h gssapi gssrpc kadm5 Makefile autoconf.h.in stamp-h.in autoconf.stmp autoconf.h autoconf.stamp osconf.h krb5.stamp private-and-public-decls + krb524_err.h kv5m_err.h kdb5_err.h asn1_err.h krb5_err.h com_err.h ss profile.h libpty.h db.h db-config.h db-ndbm.h gssapi gssrpc kadm5 Makefile autoconf.h.in stamp-h.in autoconf.stmp autoconf.h autoconf.stamp osconf.h krb5.stamp private-and-public-decls Property changes on: trunk/src/util/support ___________________________________________________________________ Name: svn:ignore - darwin.exports *.dylib Makefile *.so OBJS.* lib*.so.* binutils.versions libkrb5support.exports t_k5buf + obj darwin.exports *.dylib Makefile *.so OBJS.* lib*.so.* binutils.versions libkrb5support.exports t_k5buf From raeburn at MIT.EDU Mon Feb 9 17:42:45 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 17:42:45 -0500 (EST) Subject: svn rev #21934: trunk/src/util/support/ Message-ID: <200902092242.RAA18660@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21934 Commit By: raeburn Log Message: Use winsock2.h on Windows. Make initializer value static. Changed Files: U trunk/src/util/support/ipc_stream.c Modified: trunk/src/util/support/ipc_stream.c =================================================================== --- trunk/src/util/support/ipc_stream.c 2009-02-09 22:38:31 UTC (rev 21933) +++ trunk/src/util/support/ipc_stream.c 2009-02-09 22:42:43 UTC (rev 21934) @@ -24,6 +24,9 @@ * or implied warranty. */ +#ifdef _WIN32 +#include +#endif #include "k5-ipc_stream.h" #if !defined(htonll) @@ -43,7 +46,7 @@ uint64_t max_size; }; -const struct k5_ipc_stream_s k5_ipc_stream_initializer = { NULL, 0, 0 }; +static const struct k5_ipc_stream_s k5_ipc_stream_initializer = { NULL, 0, 0 }; #define K5_IPC_STREAM_SIZE_INCREMENT 128 From raeburn at MIT.EDU Mon Feb 9 17:59:01 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 17:59:01 -0500 (EST) Subject: svn rev #21935: trunk/src/util/support/ Message-ID: <200902092259.RAA18969@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21935 Commit By: raeburn Log Message: Include assert.h Changed Files: U trunk/src/util/support/utf8_conv.c Modified: trunk/src/util/support/utf8_conv.c =================================================================== --- trunk/src/util/support/utf8_conv.c 2009-02-09 22:42:43 UTC (rev 21934) +++ trunk/src/util/support/utf8_conv.c 2009-02-09 22:59:00 UTC (rev 21935) @@ -58,6 +58,7 @@ * All functions return -1 if the character or string cannot be converted. */ +#include #include "k5-platform.h" #include "k5-utf8.h" #include "supp-int.h" From raeburn at MIT.EDU Mon Feb 9 18:01:00 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 18:01:00 -0500 (EST) Subject: svn rev #21936: trunk/src/util/support/ Message-ID: <200902092301.SAA19076@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21936 Commit By: raeburn Log Message: Adjust names to not conflict with Windows headers. Changed Files: U trunk/src/util/support/k5buf-int.h U trunk/src/util/support/k5buf.c Modified: trunk/src/util/support/k5buf-int.h =================================================================== --- trunk/src/util/support/k5buf-int.h 2009-02-09 22:59:00 UTC (rev 21935) +++ trunk/src/util/support/k5buf-int.h 2009-02-09 23:00:59 UTC (rev 21936) @@ -46,6 +46,6 @@ #define SPACE_MAX (SIZE_MAX / 2) /* rounds down, since SIZE_MAX is odd */ /* Buffer type values. */ -enum { FIXED, DYNAMIC, ERROR }; +enum { BUFTYPE_FIXED, BUFTYPE_DYNAMIC, BUFTYPE_ERROR }; #endif /* K5BUF_INT_H */ Modified: trunk/src/util/support/k5buf.c =================================================================== --- trunk/src/util/support/k5buf.c 2009-02-09 22:59:00 UTC (rev 21935) +++ trunk/src/util/support/k5buf.c 2009-02-09 23:00:59 UTC (rev 21936) @@ -36,8 +36,8 @@ /* Structure invariants: - buftype is FIXED, DYNAMIC, or ERROR - if buftype is not ERROR: + buftype is BUFTYPE_FIXED, BUFTYPE_DYNAMIC, or BUFTYPE_ERROR + if buftype is not BUFTYPE_ERROR: space > 0 space <= floor(SIZE_MAX / 2) (to fit within ssize_t) len < space @@ -52,13 +52,13 @@ size_t new_space; char *new_data; - if (buf->buftype == ERROR) + if (buf->buftype == BUFTYPE_ERROR) return 0; if (buf->space - 1 - buf->len >= len) /* Enough room already. */ return 1; - if (buf->buftype == FIXED) /* Can't resize a fixed buffer. */ + if (buf->buftype == BUFTYPE_FIXED) /* Can't resize a fixed buffer. */ goto error_exit; - assert(buf->buftype == DYNAMIC); + assert(buf->buftype == BUFTYPE_DYNAMIC); new_space = buf->space * 2; while (new_space <= SPACE_MAX && new_space - buf->len - 1 < len) new_space *= 2; @@ -72,18 +72,18 @@ return 1; error_exit: - if (buf->buftype == DYNAMIC) { + if (buf->buftype == BUFTYPE_DYNAMIC) { free(buf->data); buf->data = NULL; } - buf->buftype = ERROR; + buf->buftype = BUFTYPE_ERROR; return 0; } void krb5int_buf_init_fixed(struct k5buf *buf, char *data, size_t space) { assert(space > 0); - buf->buftype = FIXED; + buf->buftype = BUFTYPE_FIXED; buf->data = data; buf->space = space; buf->len = 0; @@ -92,11 +92,11 @@ void krb5int_buf_init_dynamic(struct k5buf *buf) { - buf->buftype = DYNAMIC; + buf->buftype = BUFTYPE_DYNAMIC; buf->space = DYNAMIC_INITIAL_SIZE; buf->data = malloc(buf->space); if (buf->data == NULL) { - buf->buftype = ERROR; + buf->buftype = BUFTYPE_ERROR; return; } buf->len = 0; @@ -124,24 +124,24 @@ size_t remaining; char *tmp; - if (buf->buftype == ERROR) + if (buf->buftype == BUFTYPE_ERROR) return; remaining = buf->space - buf->len; - if (buf->buftype == FIXED) { + if (buf->buftype == BUFTYPE_FIXED) { /* Format the data directly into the fixed buffer. */ va_start(ap, fmt); r = vsnprintf(buf->data + buf->len, remaining, fmt, ap); va_end(ap); if (SNPRINTF_OVERFLOW(r, remaining)) - buf->buftype = ERROR; + buf->buftype = BUFTYPE_ERROR; else buf->len += (unsigned int) r; return; } /* Optimistically format the data directly into the dynamic buffer. */ - assert(buf->buftype == DYNAMIC); + assert(buf->buftype == BUFTYPE_DYNAMIC); va_start(ap, fmt); r = vsnprintf(buf->data + buf->len, remaining, fmt, ap); va_end(ap); @@ -159,7 +159,7 @@ r = vsnprintf(buf->data + buf->len, remaining, fmt, ap); va_end(ap); if (SNPRINTF_OVERFLOW(r, remaining)) /* Shouldn't ever happen. */ - buf->buftype = ERROR; + buf->buftype = BUFTYPE_ERROR; else buf->len += (unsigned int) r; return; @@ -171,7 +171,7 @@ r = vasprintf(&tmp, fmt, ap); va_end(ap); if (r < 0) { - buf->buftype = ERROR; + buf->buftype = BUFTYPE_ERROR; return; } if (ensure_space(buf, r)) { @@ -184,7 +184,7 @@ void krb5int_buf_truncate(struct k5buf *buf, size_t len) { - if (buf->buftype == ERROR) + if (buf->buftype == BUFTYPE_ERROR) return; assert(len <= buf->len); buf->len = len; @@ -194,20 +194,20 @@ char *krb5int_buf_data(struct k5buf *buf) { - return (buf->buftype == ERROR) ? NULL : buf->data; + return (buf->buftype == BUFTYPE_ERROR) ? NULL : buf->data; } ssize_t krb5int_buf_len(struct k5buf *buf) { - return (buf->buftype == ERROR) ? -1 : (ssize_t) buf->len; + return (buf->buftype == BUFTYPE_ERROR) ? -1 : (ssize_t) buf->len; } void krb5int_free_buf(struct k5buf *buf) { - if (buf->buftype == ERROR) + if (buf->buftype == BUFTYPE_ERROR) return; - assert(buf->buftype == DYNAMIC); + assert(buf->buftype == BUFTYPE_DYNAMIC); free(buf->data); buf->data = NULL; - buf->buftype = ERROR; + buf->buftype = BUFTYPE_ERROR; } From raeburn at MIT.EDU Mon Feb 9 18:27:52 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 18:27:52 -0500 (EST) Subject: svn rev #21937: trunk/src/util/support/ Message-ID: <200902092327.SAA19592@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21937 Commit By: raeburn Log Message: Add variables for optionally building ipc_stream.c; currently empty. Changed Files: U trunk/src/util/support/Makefile.in Modified: trunk/src/util/support/Makefile.in =================================================================== --- trunk/src/util/support/Makefile.in 2009-02-09 23:00:59 UTC (rev 21936) +++ trunk/src/util/support/Makefile.in 2009-02-09 23:27:50 UTC (rev 21937) @@ -36,6 +36,9 @@ PRINTF_ST_OBJ= @PRINTF_ST_OBJ@ PRINTF_OBJ= @PRINTF_OBJ@ +IPC_ST_OBJ= +IPC_OBJ= + STLIBOBJS= \ threads.o \ init-addrinfo.o \ @@ -46,6 +49,7 @@ fake-addrinfo.o \ utf8.o \ utf8_conv.o \ + $(IPC_ST_OBJ) \ $(STRLCPY_ST_OBJ) \ $(PRINTF_ST_OBJ) \ $(MKSTEMP_ST_OBJ) @@ -60,6 +64,7 @@ $(OUTPRE)fake-addrinfo.$(OBJEXT) \ $(OUTPRE)utf8.$(OBJEXT) \ $(OUTPRE)utf8_conv.$(OBJEXT) \ + $(IPC_OBJ) \ $(STRLCPY_OBJ) \ $(PRINTF_OBJ) \ $(MKSTEMP_OBJ) From raeburn at MIT.EDU Mon Feb 9 18:43:10 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Mon, 9 Feb 2009 18:43:10 -0500 (EST) Subject: svn rev #21938: trunk/src/ ccapi/common/ ccapi/lib/ ccapi/lib/win/ ccapi/server/ ... Message-ID: <200902092343.SAA19916@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21938 Commit By: raeburn Log Message: Rename functions from k5_ipc_stream_* to krb5int_ipc_stream_*, because some of them will have to be exported. Changed Files: U trunk/src/ccapi/common/cci_cred_union.c U trunk/src/ccapi/common/cci_identifier.c U trunk/src/ccapi/common/cci_message.c U trunk/src/ccapi/common/cci_message.h U trunk/src/ccapi/lib/ccapi_ccache.c U trunk/src/ccapi/lib/ccapi_ccache_iterator.c U trunk/src/ccapi/lib/ccapi_context.c U trunk/src/ccapi/lib/ccapi_credentials_iterator.c U trunk/src/ccapi/lib/ccapi_ipc.c U trunk/src/ccapi/lib/win/ccapi_os_ipc.cxx U trunk/src/ccapi/lib/win/ccs_reply_proc.c U trunk/src/ccapi/lib/win/debug.exports U trunk/src/ccapi/server/ccs_cache_collection.c U trunk/src/ccapi/server/ccs_ccache.c U trunk/src/ccapi/server/ccs_ccache_iterator.c U trunk/src/ccapi/server/ccs_credentials_iterator.c U trunk/src/ccapi/server/ccs_server.c U trunk/src/ccapi/server/win/WorkItem.cpp U trunk/src/ccapi/server/win/ccs_os_server.cpp U trunk/src/ccapi/server/win/ccs_request_proc.c U trunk/src/include/k5-ipc_stream.h U trunk/src/kim/agent/mac/ServerDemux.m U trunk/src/kim/lib/kim_options.c U trunk/src/kim/lib/kim_selection_hints.c U trunk/src/kim/lib/mac/kim_os_ui_gui.c U trunk/src/util/mac/k5_mig_client.c U trunk/src/util/mac/k5_mig_server.c U trunk/src/util/support/ipc_stream.c Modified: trunk/src/ccapi/common/cci_cred_union.c =================================================================== --- trunk/src/ccapi/common/cci_cred_union.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/common/cci_cred_union.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -63,59 +63,59 @@ } if (!err) { - err = k5_ipc_stream_read_uint32 (io_stream, &v4creds->version); + err = krb5int_ipc_stream_read_uint32 (io_stream, &v4creds->version); } if (!err) { - err = k5_ipc_stream_read (io_stream, v4creds->principal, cc_v4_name_size); + err = krb5int_ipc_stream_read (io_stream, v4creds->principal, cc_v4_name_size); } if (!err) { - err = k5_ipc_stream_read (io_stream, v4creds->principal_instance, cc_v4_instance_size); + err = krb5int_ipc_stream_read (io_stream, v4creds->principal_instance, cc_v4_instance_size); } if (!err) { - err = k5_ipc_stream_read (io_stream, v4creds->service, cc_v4_name_size); + err = krb5int_ipc_stream_read (io_stream, v4creds->service, cc_v4_name_size); } if (!err) { - err = k5_ipc_stream_read (io_stream, v4creds->service_instance, cc_v4_instance_size); + err = krb5int_ipc_stream_read (io_stream, v4creds->service_instance, cc_v4_instance_size); } if (!err) { - err = k5_ipc_stream_read (io_stream, v4creds->realm, cc_v4_realm_size); + err = krb5int_ipc_stream_read (io_stream, v4creds->realm, cc_v4_realm_size); } if (!err) { - err = k5_ipc_stream_read (io_stream, v4creds->session_key, cc_v4_key_size); + err = krb5int_ipc_stream_read (io_stream, v4creds->session_key, cc_v4_key_size); } if (!err) { - err = k5_ipc_stream_read_int32 (io_stream, &v4creds->kvno); + err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->kvno); } if (!err) { - err = k5_ipc_stream_read_int32 (io_stream, &v4creds->string_to_key_type); + err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->string_to_key_type); } if (!err) { - err = k5_ipc_stream_read_time (io_stream, &v4creds->issue_date); + err = krb5int_ipc_stream_read_time (io_stream, &v4creds->issue_date); } if (!err) { - err = k5_ipc_stream_read_int32 (io_stream, &v4creds->lifetime); + err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->lifetime); } if (!err) { - err = k5_ipc_stream_read_uint32 (io_stream, &v4creds->address); + err = krb5int_ipc_stream_read_uint32 (io_stream, &v4creds->address); } if (!err) { - err = k5_ipc_stream_read_int32 (io_stream, &v4creds->ticket_size); + err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->ticket_size); } if (!err) { - err = k5_ipc_stream_read (io_stream, v4creds->ticket, cc_v4_ticket_size); + err = krb5int_ipc_stream_read (io_stream, v4creds->ticket, cc_v4_ticket_size); } if (!err) { @@ -139,59 +139,59 @@ if (!in_v4creds) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_write_uint32 (io_stream, in_v4creds->version); + err = krb5int_ipc_stream_write_uint32 (io_stream, in_v4creds->version); } if (!err) { - err = k5_ipc_stream_write (io_stream, in_v4creds->principal, cc_v4_name_size); + err = krb5int_ipc_stream_write (io_stream, in_v4creds->principal, cc_v4_name_size); } if (!err) { - err = k5_ipc_stream_write (io_stream, in_v4creds->principal_instance, cc_v4_instance_size); + err = krb5int_ipc_stream_write (io_stream, in_v4creds->principal_instance, cc_v4_instance_size); } if (!err) { - err = k5_ipc_stream_write (io_stream, in_v4creds->service, cc_v4_name_size); + err = krb5int_ipc_stream_write (io_stream, in_v4creds->service, cc_v4_name_size); } if (!err) { - err = k5_ipc_stream_write (io_stream, in_v4creds->service_instance, cc_v4_instance_size); + err = krb5int_ipc_stream_write (io_stream, in_v4creds->service_instance, cc_v4_instance_size); } if (!err) { - err = k5_ipc_stream_write (io_stream, in_v4creds->realm, cc_v4_realm_size); + err = krb5int_ipc_stream_write (io_stream, in_v4creds->realm, cc_v4_realm_size); } if (!err) { - err = k5_ipc_stream_write (io_stream, in_v4creds->session_key, cc_v4_key_size); + err = krb5int_ipc_stream_write (io_stream, in_v4creds->session_key, cc_v4_key_size); } if (!err) { - err = k5_ipc_stream_write_int32 (io_stream, in_v4creds->kvno); + err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->kvno); } if (!err) { - err = k5_ipc_stream_write_int32 (io_stream, in_v4creds->string_to_key_type); + err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->string_to_key_type); } if (!err) { - err = k5_ipc_stream_write_time (io_stream, in_v4creds->issue_date); + err = krb5int_ipc_stream_write_time (io_stream, in_v4creds->issue_date); } if (!err) { - err = k5_ipc_stream_write_int32 (io_stream, in_v4creds->lifetime); + err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->lifetime); } if (!err) { - err = k5_ipc_stream_write_uint32 (io_stream, in_v4creds->address); + err = krb5int_ipc_stream_write_uint32 (io_stream, in_v4creds->address); } if (!err) { - err = k5_ipc_stream_write_int32 (io_stream, in_v4creds->ticket_size); + err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->ticket_size); } if (!err) { - err = k5_ipc_stream_write (io_stream, in_v4creds->ticket, cc_v4_ticket_size); + err = krb5int_ipc_stream_write (io_stream, in_v4creds->ticket, cc_v4_ticket_size); } return cci_check_error (err); @@ -249,11 +249,11 @@ if (!io_ccdata) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_uint32 (io_stream, &type); + err = krb5int_ipc_stream_read_uint32 (io_stream, &type); } if (!err) { - err = k5_ipc_stream_read_uint32 (io_stream, &length); + err = krb5int_ipc_stream_read_uint32 (io_stream, &length); } if (!err && length > 0) { @@ -261,7 +261,7 @@ if (!data) { err = cci_check_error (ccErrNoMem); } if (!err) { - err = k5_ipc_stream_read (io_stream, data, length); + err = krb5int_ipc_stream_read (io_stream, data, length); } } @@ -288,15 +288,15 @@ if (!in_ccdata) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_write_uint32 (io_stream, in_ccdata->type); + err = krb5int_ipc_stream_write_uint32 (io_stream, in_ccdata->type); } if (!err) { - err = k5_ipc_stream_write_uint32 (io_stream, in_ccdata->length); + err = krb5int_ipc_stream_write_uint32 (io_stream, in_ccdata->length); } if (!err && in_ccdata->length > 0) { - err = k5_ipc_stream_write (io_stream, in_ccdata->data, in_ccdata->length); + err = krb5int_ipc_stream_write (io_stream, in_ccdata->data, in_ccdata->length); } return cci_check_error (err); @@ -340,7 +340,7 @@ if (!io_ccdata_array) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_uint32 (io_stream, &count); + err = krb5int_ipc_stream_read_uint32 (io_stream, &count); } if (!err && count > 0) { @@ -387,7 +387,7 @@ if (!err) { for (count = 0; in_ccdata_array && in_ccdata_array[count]; count++); - err = k5_ipc_stream_write_uint32 (io_stream, count); + err = krb5int_ipc_stream_write_uint32 (io_stream, count); } if (!err) { @@ -461,11 +461,11 @@ } if (!err) { - err = k5_ipc_stream_read_string (io_stream, &v5creds->client); + err = krb5int_ipc_stream_read_string (io_stream, &v5creds->client); } if (!err) { - err = k5_ipc_stream_read_string (io_stream, &v5creds->server); + err = krb5int_ipc_stream_read_string (io_stream, &v5creds->server); } if (!err) { @@ -473,27 +473,27 @@ } if (!err) { - err = k5_ipc_stream_read_time (io_stream, &v5creds->authtime); + err = krb5int_ipc_stream_read_time (io_stream, &v5creds->authtime); } if (!err) { - err = k5_ipc_stream_read_time (io_stream, &v5creds->starttime); + err = krb5int_ipc_stream_read_time (io_stream, &v5creds->starttime); } if (!err) { - err = k5_ipc_stream_read_time (io_stream, &v5creds->endtime); + err = krb5int_ipc_stream_read_time (io_stream, &v5creds->endtime); } if (!err) { - err = k5_ipc_stream_read_time (io_stream, &v5creds->renew_till); + err = krb5int_ipc_stream_read_time (io_stream, &v5creds->renew_till); } if (!err) { - err = k5_ipc_stream_read_uint32 (io_stream, &v5creds->is_skey); + err = krb5int_ipc_stream_read_uint32 (io_stream, &v5creds->is_skey); } if (!err) { - err = k5_ipc_stream_read_uint32 (io_stream, &v5creds->ticket_flags); + err = krb5int_ipc_stream_read_uint32 (io_stream, &v5creds->ticket_flags); } if (!err) { @@ -533,11 +533,11 @@ if (!in_v5creds) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, in_v5creds->client); + err = krb5int_ipc_stream_write_string (io_stream, in_v5creds->client); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, in_v5creds->server); + err = krb5int_ipc_stream_write_string (io_stream, in_v5creds->server); } if (!err) { @@ -545,27 +545,27 @@ } if (!err) { - err = k5_ipc_stream_write_time (io_stream, in_v5creds->authtime); + err = krb5int_ipc_stream_write_time (io_stream, in_v5creds->authtime); } if (!err) { - err = k5_ipc_stream_write_time (io_stream, in_v5creds->starttime); + err = krb5int_ipc_stream_write_time (io_stream, in_v5creds->starttime); } if (!err) { - err = k5_ipc_stream_write_time (io_stream, in_v5creds->endtime); + err = krb5int_ipc_stream_write_time (io_stream, in_v5creds->endtime); } if (!err) { - err = k5_ipc_stream_write_time (io_stream, in_v5creds->renew_till); + err = krb5int_ipc_stream_write_time (io_stream, in_v5creds->renew_till); } if (!err) { - err = k5_ipc_stream_write_uint32 (io_stream, in_v5creds->is_skey); + err = krb5int_ipc_stream_write_uint32 (io_stream, in_v5creds->is_skey); } if (!err) { - err = k5_ipc_stream_write_uint32 (io_stream, in_v5creds->ticket_flags); + err = krb5int_ipc_stream_write_uint32 (io_stream, in_v5creds->ticket_flags); } if (!err) { @@ -629,7 +629,7 @@ } if (!err) { - err = k5_ipc_stream_read_uint32 (io_stream, &credentials_union->version); + err = krb5int_ipc_stream_read_uint32 (io_stream, &credentials_union->version); } if (!err) { @@ -668,7 +668,7 @@ if (!in_credentials_union) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_write_uint32 (io_stream, in_credentials_union->version); + err = krb5int_ipc_stream_write_uint32 (io_stream, in_credentials_union->version); } if (!err) { Modified: trunk/src/ccapi/common/cci_identifier.c =================================================================== --- trunk/src/ccapi/common/cci_identifier.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/common/cci_identifier.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -252,19 +252,19 @@ if (!io_stream ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_string (io_stream, &server_id); + err = krb5int_ipc_stream_read_string (io_stream, &server_id); } if (!err) { - err = k5_ipc_stream_read_string (io_stream, &object_id); + err = krb5int_ipc_stream_read_string (io_stream, &object_id); } if (!err) { err = cci_identifier_alloc (out_identifier, server_id, object_id); } - k5_ipc_stream_free_string (server_id); - k5_ipc_stream_free_string (object_id); + krb5int_ipc_stream_free_string (server_id); + krb5int_ipc_stream_free_string (object_id); return cci_check_error (err); } @@ -280,11 +280,11 @@ if (!io_stream ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, in_identifier->server_id); + err = krb5int_ipc_stream_write_string (io_stream, in_identifier->server_id); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, in_identifier->object_id); + err = krb5int_ipc_stream_write_string (io_stream, in_identifier->object_id); } return cci_check_error (err); Modified: trunk/src/ccapi/common/cci_message.c =================================================================== --- trunk/src/ccapi/common/cci_message.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/common/cci_message.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -67,11 +67,11 @@ if (!out_request) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_request_name); + err = krb5int_ipc_stream_write_uint32 (request, in_request_name); } if (!err) { @@ -83,7 +83,7 @@ request = NULL; } - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (request); return cci_check_error (err); } @@ -103,7 +103,7 @@ if (!out_identifier ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request, &request_name); + err = krb5int_ipc_stream_read_uint32 (in_request, &request_name); } if (!err) { @@ -132,11 +132,11 @@ if (!out_reply) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&reply); + err = krb5int_ipc_stream_new (&reply); } if (!err) { - err = k5_ipc_stream_write_int32 (reply, in_error); + err = krb5int_ipc_stream_write_int32 (reply, in_error); } if (!err) { @@ -144,7 +144,7 @@ reply = NULL; } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } @@ -161,7 +161,7 @@ if (!out_reply_error) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_int32 (in_reply, &reply_err); + err = krb5int_ipc_stream_read_int32 (in_reply, &reply_err); } if (!err) { @@ -177,7 +177,7 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_read_time (k5_ipc_stream io_stream, +uint32_t krb5int_ipc_stream_read_time (k5_ipc_stream io_stream, cc_time_t *out_time) { int32_t err = 0; @@ -187,7 +187,7 @@ if (!out_time ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_int64 (io_stream, &t); + err = krb5int_ipc_stream_read_int64 (io_stream, &t); } if (!err) { @@ -199,15 +199,15 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_write_time (k5_ipc_stream io_stream, - cc_time_t in_time) +uint32_t krb5int_ipc_stream_write_time (k5_ipc_stream io_stream, + cc_time_t in_time) { int32_t err = 0; if (!io_stream) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_write_int64 (io_stream, in_time); + err = krb5int_ipc_stream_write_int64 (io_stream, in_time); } return cci_check_error (err); Modified: trunk/src/ccapi/common/cci_message.h =================================================================== --- trunk/src/ccapi/common/cci_message.h 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/common/cci_message.h 2009-02-09 23:43:04 UTC (rev 21938) @@ -45,9 +45,9 @@ cc_int32 cci_message_read_reply_header (k5_ipc_stream in_reply, cc_int32 *out_reply_error); -uint32_t k5_ipc_stream_read_time (k5_ipc_stream io_stream, - cc_time_t *out_time); -uint32_t k5_ipc_stream_write_time (k5_ipc_stream io_stream, - cc_time_t in_time); +uint32_t krb5int_ipc_stream_read_time (k5_ipc_stream io_stream, + cc_time_t *out_time); +uint32_t krb5int_ipc_stream_write_time (k5_ipc_stream io_stream, + cc_time_t in_time); #endif /* CCI_MESSAGE_H */ Modified: trunk/src/ccapi/lib/ccapi_ccache.c =================================================================== --- trunk/src/ccapi/lib/ccapi_ccache.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/lib/ccapi_ccache.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -221,10 +221,10 @@ } if (!err) { - err = k5_ipc_stream_read_uint32 (reply, out_credentials_version); + err = krb5int_ipc_stream_read_uint32 (reply, out_credentials_version); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } @@ -250,15 +250,15 @@ } if (!err) { - err = k5_ipc_stream_read_string (reply, &name); + err = krb5int_ipc_stream_read_string (reply, &name); } if (!err) { err = cci_string_new (out_name, name); } - k5_ipc_stream_release (reply); - k5_ipc_stream_free_string (name); + krb5int_ipc_stream_release (reply); + krb5int_ipc_stream_free_string (name); return cci_check_error (err); } @@ -279,11 +279,11 @@ if (!out_principal) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_credentials_version); + err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version); } if (!err) { @@ -294,16 +294,16 @@ } if (!err) { - err = k5_ipc_stream_read_string (reply, &principal); + err = krb5int_ipc_stream_read_string (reply, &principal); } if (!err) { err = cci_string_new (out_principal, principal); } - k5_ipc_stream_release (request); - k5_ipc_stream_release (reply); - k5_ipc_stream_free_string (principal); + krb5int_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); + krb5int_ipc_stream_free_string (principal); return cci_check_error (err); } @@ -322,15 +322,15 @@ if (!in_principal) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_credentials_version); + err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version); } if (!err) { - err = k5_ipc_stream_write_string (request, in_principal); + err = krb5int_ipc_stream_write_string (request, in_principal); } if (!err) { @@ -340,7 +340,7 @@ NULL); } - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (request); return cci_check_error (err); } @@ -358,7 +358,7 @@ if (!in_credentials_union) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { @@ -372,7 +372,7 @@ NULL); } - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (request); return cci_check_error (err); } @@ -390,7 +390,7 @@ if (!in_credentials) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { @@ -404,7 +404,7 @@ NULL); } - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (request); return cci_check_error (err); } @@ -437,7 +437,7 @@ err = cci_credentials_iterator_new (out_credentials_iterator, identifier); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); cci_identifier_release (identifier); return cci_check_error (err); @@ -459,7 +459,7 @@ if (!io_destination_ccache) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { @@ -473,7 +473,7 @@ NULL); } - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (request); return cci_check_error (err); } @@ -491,15 +491,15 @@ if (!io_ccache) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_lock_type); + err = krb5int_ipc_stream_write_uint32 (request, in_lock_type); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_block); + err = krb5int_ipc_stream_write_uint32 (request, in_block); } if (!err) { @@ -509,7 +509,7 @@ NULL); } - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (request); return cci_check_error (err); } @@ -553,10 +553,10 @@ } if (!err) { - err = k5_ipc_stream_read_time (reply, out_last_default_time); + err = krb5int_ipc_stream_read_time (reply, out_last_default_time); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } @@ -581,10 +581,10 @@ } if (!err) { - err = k5_ipc_stream_read_time (reply, out_change_time); + err = krb5int_ipc_stream_read_time (reply, out_change_time); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } @@ -601,11 +601,11 @@ if (!in_ccache) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_time (request, ccache->last_wait_for_change_time); + err = krb5int_ipc_stream_write_time (request, ccache->last_wait_for_change_time); } if (!err) { @@ -616,11 +616,11 @@ } if (!err) { - err = k5_ipc_stream_read_time (reply, &ccache->last_wait_for_change_time); + err = krb5int_ipc_stream_read_time (reply, &ccache->last_wait_for_change_time); } - k5_ipc_stream_release (request); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } @@ -663,11 +663,11 @@ if (!out_time_offset) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_credentials_version); + err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version); } if (!err) { @@ -678,11 +678,11 @@ } if (!err) { - err = k5_ipc_stream_read_time (reply, out_time_offset); + err = krb5int_ipc_stream_read_time (reply, out_time_offset); } - k5_ipc_stream_release (request); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } @@ -700,15 +700,15 @@ if (!io_ccache) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_credentials_version); + err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version); } if (!err) { - err = k5_ipc_stream_write_time (request, in_time_offset); + err = krb5int_ipc_stream_write_time (request, in_time_offset); } if (!err) { @@ -718,7 +718,7 @@ NULL); } - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (request); return cci_check_error (err); } @@ -735,11 +735,11 @@ if (!io_ccache) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_credentials_version); + err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version); } if (!err) { @@ -749,7 +749,7 @@ NULL); } - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (request); return cci_check_error (err); } Modified: trunk/src/ccapi/lib/ccapi_ccache_iterator.c =================================================================== --- trunk/src/ccapi/lib/ccapi_ccache_iterator.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/lib/ccapi_ccache_iterator.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -193,7 +193,7 @@ err = cci_ccache_new (out_ccache, identifier); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); cci_identifier_release (identifier); return cci_check_error (err); @@ -240,7 +240,7 @@ } cci_identifier_release (identifier); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } Modified: trunk/src/ccapi/lib/ccapi_context.c =================================================================== --- trunk/src/ccapi/lib/ccapi_context.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/lib/ccapi_context.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -247,11 +247,11 @@ NULL, &reply); } - if (!err && k5_ipc_stream_size (reply) > 0) { + if (!err && krb5int_ipc_stream_size (reply) > 0) { cc_time_t change_time = 0; /* got a response from the server */ - err = k5_ipc_stream_read_time (reply, &change_time); + err = krb5int_ipc_stream_read_time (reply, &change_time); if (!err) { err = cci_context_change_time_update (context->identifier, @@ -263,7 +263,7 @@ err = cci_context_change_time_get (out_change_time); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } @@ -280,11 +280,11 @@ if (!in_context) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_time (request, context->last_wait_for_change_time); + err = krb5int_ipc_stream_write_time (request, context->last_wait_for_change_time); } if (!err) { @@ -299,11 +299,11 @@ } if (!err) { - err = k5_ipc_stream_read_time (reply, &context->last_wait_for_change_time); + err = krb5int_ipc_stream_read_time (reply, &context->last_wait_for_change_time); } - k5_ipc_stream_release (request); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } @@ -334,9 +334,9 @@ } if (!err) { - if (k5_ipc_stream_size (reply) > 0) { + if (krb5int_ipc_stream_size (reply) > 0) { /* got a response from the server */ - err = k5_ipc_stream_read_string (reply, &reply_name); + err = krb5int_ipc_stream_read_string (reply, &reply_name); if (!err) { name = reply_name; @@ -350,8 +350,8 @@ err = cci_string_new (out_name, name); } - k5_ipc_stream_release (reply); - k5_ipc_stream_free_string (reply_name); + krb5int_ipc_stream_release (reply); + krb5int_ipc_stream_free_string (reply_name); return cci_check_error (err); } @@ -373,11 +373,11 @@ if (!out_ccache ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_string (request, in_name); + err = krb5int_ipc_stream_write_string (request, in_name); } if (!err) { @@ -391,7 +391,7 @@ &reply); } - if (!err && !(k5_ipc_stream_size (reply) > 0)) { + if (!err && !(krb5int_ipc_stream_size (reply) > 0)) { err = ccErrCCacheNotFound; } @@ -404,8 +404,8 @@ } cci_identifier_release (identifier); - k5_ipc_stream_release (reply); - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); return cci_check_error (err); } @@ -434,7 +434,7 @@ &reply); } - if (!err && !(k5_ipc_stream_size (reply) > 0)) { + if (!err && !(krb5int_ipc_stream_size (reply) > 0)) { err = ccErrCCacheNotFound; } @@ -447,7 +447,7 @@ } cci_identifier_release (identifier); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } @@ -472,19 +472,19 @@ if (!out_ccache ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_string (request, in_name); + err = krb5int_ipc_stream_write_string (request, in_name); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_cred_vers); + err = krb5int_ipc_stream_write_uint32 (request, in_cred_vers); } if (!err) { - err = k5_ipc_stream_write_string (request, in_principal); + err = krb5int_ipc_stream_write_string (request, in_principal); } if (!err) { @@ -507,8 +507,8 @@ } cci_identifier_release (identifier); - k5_ipc_stream_release (reply); - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); return cci_check_error (err); } @@ -531,15 +531,15 @@ if (!out_ccache ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_cred_vers); + err = krb5int_ipc_stream_write_uint32 (request, in_cred_vers); } if (!err) { - err = k5_ipc_stream_write_string (request, in_principal); + err = krb5int_ipc_stream_write_string (request, in_principal); } if (!err) { @@ -562,8 +562,8 @@ } cci_identifier_release (identifier); - k5_ipc_stream_release (reply); - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); return cci_check_error (err); } @@ -586,15 +586,15 @@ if (!out_ccache ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_cred_vers); + err = krb5int_ipc_stream_write_uint32 (request, in_cred_vers); } if (!err) { - err = k5_ipc_stream_write_string (request, in_principal); + err = krb5int_ipc_stream_write_string (request, in_principal); } if (!err) { @@ -617,8 +617,8 @@ } cci_identifier_release (identifier); - k5_ipc_stream_release (reply); - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); return cci_check_error (err); } @@ -648,7 +648,7 @@ } if (!err) { - if (k5_ipc_stream_size (reply) > 0) { + if (krb5int_ipc_stream_size (reply) > 0) { err = cci_identifier_read (&identifier, reply); } else { identifier = cci_identifier_uninitialized; @@ -659,7 +659,7 @@ err = cci_ccache_iterator_new (out_iterator, identifier); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); cci_identifier_release (identifier); return cci_check_error (err); @@ -678,15 +678,15 @@ if (!in_context) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_lock_type); + err = krb5int_ipc_stream_write_uint32 (request, in_lock_type); } if (!err) { - err = k5_ipc_stream_write_uint32 (request, in_block); + err = krb5int_ipc_stream_write_uint32 (request, in_block); } if (!err) { @@ -700,7 +700,7 @@ NULL); } - k5_ipc_stream_release (request); + krb5int_ipc_stream_release (request); return cci_check_error (err); } @@ -795,7 +795,7 @@ } if (!err) { - if (k5_ipc_stream_size (reply) > 0) { + if (krb5int_ipc_stream_size (reply) > 0) { err = cci_identifier_read (&new_identifier, reply); } else { new_identifier = cci_identifier_uninitialized; @@ -827,7 +827,7 @@ } cci_identifier_release (new_identifier); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } Modified: trunk/src/ccapi/lib/ccapi_credentials_iterator.c =================================================================== --- trunk/src/ccapi/lib/ccapi_credentials_iterator.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/lib/ccapi_credentials_iterator.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -168,7 +168,7 @@ err = cci_credentials_read (out_credentials, reply); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } @@ -201,7 +201,7 @@ err = cci_credentials_iterator_new (out_credentials_iterator, identifier); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); cci_identifier_release (identifier); return cci_check_error (err); Modified: trunk/src/ccapi/lib/ccapi_ipc.c =================================================================== --- trunk/src/ccapi/lib/ccapi_ipc.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/lib/ccapi_ipc.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -65,15 +65,15 @@ } if (!err && in_request_data) { - err = k5_ipc_stream_write (request, - k5_ipc_stream_data (in_request_data), - k5_ipc_stream_size (in_request_data)); + err = krb5int_ipc_stream_write (request, + krb5int_ipc_stream_data (in_request_data), + krb5int_ipc_stream_size (in_request_data)); } if (!err) { err = cci_os_ipc (in_launch_server, request, &reply); - if (!err && k5_ipc_stream_size (reply) > 0) { + if (!err && krb5int_ipc_stream_size (reply) > 0) { err = cci_message_read_reply_header (reply, &reply_error); } } @@ -87,8 +87,8 @@ reply = NULL; /* take ownership */ } - k5_ipc_stream_release (request); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } Modified: trunk/src/ccapi/lib/win/ccapi_os_ipc.cxx =================================================================== --- trunk/src/ccapi/lib/win/ccapi_os_ipc.cxx 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/lib/win/ccapi_os_ipc.cxx 2009-02-09 23:43:04 UTC (rev 21938) @@ -207,8 +207,8 @@ in_msg, /* Message type */ (unsigned char*)&ptspdata, /* Our tspdata* will be sent back to the reply proc. */ (unsigned char*)uuid, - k5_ipc_stream_size(in_request_stream), - (unsigned char*)k5_ipc_stream_data(in_request_stream), /* Data buffer */ + krb5int_ipc_stream_size(in_request_stream), + (unsigned char*)krb5int_ipc_stream_data(in_request_stream), /* Data buffer */ sst, /* session start time */ (long*)(&err) ); /* Return code */ } @@ -376,4 +376,4 @@ } return status; - } \ No newline at end of file + } Modified: trunk/src/ccapi/lib/win/ccs_reply_proc.c =================================================================== --- trunk/src/ccapi/lib/win/ccs_reply_proc.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/lib/win/ccs_reply_proc.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -53,11 +53,11 @@ cci_debug_printf("%s! msg#:%d SST:%ld uuid:%s", __FUNCTION__, rpcmsg, srvStartTime, uuid); #endif if (!status) { - status = k5_ipc_stream_new (&stream); /* Create a stream for the request data */ + status = krb5int_ipc_stream_new (&stream); /* Create a stream for the request data */ } if (!status) { /* Put the data into the stream */ - status = k5_ipc_stream_write (stream, chIn, cbIn); + status = krb5int_ipc_stream_write (stream, chIn, cbIn); } if (!status) { /* Put the data into the stream */ Modified: trunk/src/ccapi/lib/win/debug.exports =================================================================== --- trunk/src/ccapi/lib/win/debug.exports 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/lib/win/debug.exports 2009-02-09 23:43:04 UTC (rev 21938) @@ -3,9 +3,9 @@ cci_os_ipc cci_os_ipc_msg cci_os_ipc_thread_init - k5_ipc_stream_data - k5_ipc_stream_write - k5_ipc_stream_new + krb5int_ipc_stream_data + krb5int_ipc_stream_write + krb5int_ipc_stream_new ccs_authenticate Modified: trunk/src/ccapi/server/ccs_cache_collection.c =================================================================== --- trunk/src/ccapi/server/ccs_cache_collection.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/server/ccs_cache_collection.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -152,11 +152,11 @@ } if (!err) { - err = k5_ipc_stream_new (&reply_data); + err = krb5int_ipc_stream_new (&reply_data); } if (!err) { - err = k5_ipc_stream_write_time (reply_data, io_cache_collection->last_changed_time); + err = krb5int_ipc_stream_write_time (reply_data, io_cache_collection->last_changed_time); } if (!err) { @@ -181,7 +181,7 @@ err = ccs_os_notify_cache_collection_changed (io_cache_collection); } - k5_ipc_stream_release (reply_data); + krb5int_ipc_stream_release (reply_data); return cci_check_error (err); } @@ -601,7 +601,7 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_write_time (io_reply_data, io_cache_collection->last_changed_time); + err = krb5int_ipc_stream_write_time (io_reply_data, io_cache_collection->last_changed_time); } return cci_check_error (err); @@ -627,12 +627,12 @@ if (!out_will_block ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_time (in_request_data, &last_wait_for_change_time); + err = krb5int_ipc_stream_read_time (in_request_data, &last_wait_for_change_time); } if (!err) { if (last_wait_for_change_time < io_cache_collection->last_changed_time) { - err = k5_ipc_stream_write_time (io_reply_data, io_cache_collection->last_changed_time); + err = krb5int_ipc_stream_write_time (io_reply_data, io_cache_collection->last_changed_time); } else { ccs_callback_t callback = NULL; @@ -690,7 +690,7 @@ err = ccs_ccache_write_name (ccache, io_reply_data); } } else { - err = k5_ipc_stream_write_string (io_reply_data, + err = krb5int_ipc_stream_write_string (io_reply_data, k_cci_context_initial_ccache_name); } } @@ -713,7 +713,7 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_string (in_request_data, &name); + err = krb5int_ipc_stream_read_string (in_request_data, &name); } if (!err) { @@ -725,7 +725,7 @@ err = ccs_ccache_write (ccache, io_reply_data); } - k5_ipc_stream_free_string (name); + krb5int_ipc_stream_free_string (name); return cci_check_error (err); } @@ -772,15 +772,15 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_string (in_request_data, &name); + err = krb5int_ipc_stream_read_string (in_request_data, &name); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request_data, &cred_vers); + err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers); } if (!err) { - err = k5_ipc_stream_read_string (in_request_data, &principal); + err = krb5int_ipc_stream_read_string (in_request_data, &principal); } if (!err) { @@ -805,8 +805,8 @@ err = ccs_cache_collection_changed (io_cache_collection); } - k5_ipc_stream_free_string (name); - k5_ipc_stream_free_string (principal); + krb5int_ipc_stream_free_string (name); + krb5int_ipc_stream_free_string (principal); return cci_check_error (err); } @@ -827,11 +827,11 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request_data, &cred_vers); + err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers); } if (!err) { - err = k5_ipc_stream_read_string (in_request_data, &principal); + err = krb5int_ipc_stream_read_string (in_request_data, &principal); } if (!err) { @@ -864,7 +864,7 @@ err = ccs_cache_collection_changed (io_cache_collection); } - k5_ipc_stream_free_string (principal); + krb5int_ipc_stream_free_string (principal); return cci_check_error (err); } @@ -886,11 +886,11 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request_data, &cred_vers); + err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers); } if (!err) { - err = k5_ipc_stream_read_string (in_request_data, &principal); + err = krb5int_ipc_stream_read_string (in_request_data, &principal); } if (!err) { @@ -912,7 +912,7 @@ } free (name); - k5_ipc_stream_free_string (principal); + krb5int_ipc_stream_free_string (principal); return cci_check_error (err); } @@ -964,11 +964,11 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request_data, &lock_type); + err = krb5int_ipc_stream_read_uint32 (in_request_data, &lock_type); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request_data, &block); + err = krb5int_ipc_stream_read_uint32 (in_request_data, &block); } if (!err) { @@ -1028,7 +1028,7 @@ if (!out_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&reply_data); + err = krb5int_ipc_stream_new (&reply_data); } if (!err) { @@ -1104,7 +1104,7 @@ } } - k5_ipc_stream_release (reply_data); + krb5int_ipc_stream_release (reply_data); return cci_check_error (err); } Modified: trunk/src/ccapi/server/ccs_ccache.c =================================================================== --- trunk/src/ccapi/server/ccs_ccache.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/server/ccs_ccache.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -335,11 +335,11 @@ } if (!err) { - err = k5_ipc_stream_new (&reply_data); + err = krb5int_ipc_stream_new (&reply_data); } if (!err) { - err = k5_ipc_stream_write_time (reply_data, io_ccache->last_changed_time); + err = krb5int_ipc_stream_write_time (reply_data, io_ccache->last_changed_time); } if (!err) { @@ -365,7 +365,7 @@ io_ccache->name); } - k5_ipc_stream_release (reply_data); + krb5int_ipc_stream_release (reply_data); return cci_check_error (err); } @@ -487,7 +487,7 @@ if (!io_stream) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, in_ccache->name); + err = krb5int_ipc_stream_write_string (io_stream, in_ccache->name); } return cci_check_error (err); @@ -562,7 +562,7 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_write_uint32 (io_reply_data, io_ccache->creds_version); + err = krb5int_ipc_stream_write_uint32 (io_reply_data, io_ccache->creds_version); } return cci_check_error (err); @@ -583,7 +583,7 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_write_string (io_reply_data, io_ccache->name); + err = krb5int_ipc_stream_write_string (io_reply_data, io_ccache->name); } return cci_check_error (err); @@ -605,7 +605,7 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request_data, &version); + err = krb5int_ipc_stream_read_uint32 (in_request_data, &version); } if (!err && version == cc_credentials_v4_v5) { @@ -614,10 +614,10 @@ if (!err) { if (version == cc_credentials_v4) { - err = k5_ipc_stream_write_string (io_reply_data, io_ccache->v4_principal); + err = krb5int_ipc_stream_write_string (io_reply_data, io_ccache->v4_principal); } else if (version == cc_credentials_v5) { - err = k5_ipc_stream_write_string (io_reply_data, io_ccache->v5_principal); + err = krb5int_ipc_stream_write_string (io_reply_data, io_ccache->v5_principal); } else { err = cci_check_error (ccErrBadCredentialsVersion); @@ -644,11 +644,11 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request_data, &version); + err = krb5int_ipc_stream_read_uint32 (in_request_data, &version); } if (!err) { - err = k5_ipc_stream_read_string (in_request_data, &principal); + err = krb5int_ipc_stream_read_string (in_request_data, &principal); } if (!err) { @@ -681,7 +681,7 @@ err = ccs_ccache_changed (io_ccache, io_cache_collection); } - k5_ipc_stream_free_string (principal); + krb5int_ipc_stream_free_string (principal); return cci_check_error (err); } @@ -834,11 +834,11 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request_data, &lock_type); + err = krb5int_ipc_stream_read_uint32 (in_request_data, &lock_type); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request_data, &block); + err = krb5int_ipc_stream_read_uint32 (in_request_data, &block); } if (!err) { @@ -892,7 +892,7 @@ } if (!err) { - err = k5_ipc_stream_write_time (io_reply_data, io_ccache->last_default_time); + err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->last_default_time); } return cci_check_error (err); @@ -913,7 +913,7 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_write_time (io_reply_data, io_ccache->last_changed_time); + err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->last_changed_time); } return cci_check_error (err); @@ -941,13 +941,13 @@ if (!out_will_block ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_time (in_request_data, &last_wait_for_change_time); + err = krb5int_ipc_stream_read_time (in_request_data, &last_wait_for_change_time); } if (!err) { if (last_wait_for_change_time < io_ccache->last_changed_time) { cci_debug_printf ("%s returning immediately", __FUNCTION__); - err = k5_ipc_stream_write_time (io_reply_data, io_ccache->last_changed_time); + err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->last_changed_time); } else { ccs_callback_t callback = NULL; @@ -995,20 +995,20 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request_data, &cred_vers); + err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers); } if (!err) { if (cred_vers == cc_credentials_v4) { if (io_ccache->kdc_time_offset_v4_valid) { - err = k5_ipc_stream_write_time (io_reply_data, io_ccache->kdc_time_offset_v4); + err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->kdc_time_offset_v4); } else { err = cci_check_error (ccErrTimeOffsetNotSet); } } else if (cred_vers == cc_credentials_v5) { if (io_ccache->kdc_time_offset_v5_valid) { - err = k5_ipc_stream_write_time (io_reply_data, io_ccache->kdc_time_offset_v5); + err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->kdc_time_offset_v5); } else { err = cci_check_error (ccErrTimeOffsetNotSet); } @@ -1037,18 +1037,18 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request_data, &cred_vers); + err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers); } if (!err) { if (cred_vers == cc_credentials_v4) { - err = k5_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v4); + err = krb5int_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v4); if (!err) { io_ccache->kdc_time_offset_v4_valid = 1; } } else if (cred_vers == cc_credentials_v5) { - err = k5_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v5); + err = krb5int_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v5); if (!err) { io_ccache->kdc_time_offset_v5_valid = 1; @@ -1081,7 +1081,7 @@ if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_read_uint32 (in_request_data, &cred_vers); + err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers); } if (!err) { @@ -1132,7 +1132,7 @@ if (!out_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&reply_data); + err = krb5int_ipc_stream_new (&reply_data); } if (!err) { @@ -1231,7 +1231,7 @@ } } - k5_ipc_stream_release (reply_data); + krb5int_ipc_stream_release (reply_data); return cci_check_error (err); } Modified: trunk/src/ccapi/server/ccs_ccache_iterator.c =================================================================== --- trunk/src/ccapi/server/ccs_ccache_iterator.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/server/ccs_ccache_iterator.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -119,7 +119,7 @@ if (!out_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&reply_data); + err = krb5int_ipc_stream_new (&reply_data); } if (!err) { @@ -151,7 +151,7 @@ reply_data = NULL; /* take ownership */ } - k5_ipc_stream_release (reply_data); + krb5int_ipc_stream_release (reply_data); return cci_check_error (err); } Modified: trunk/src/ccapi/server/ccs_credentials_iterator.c =================================================================== --- trunk/src/ccapi/server/ccs_credentials_iterator.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/server/ccs_credentials_iterator.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -121,7 +121,7 @@ if (!out_reply_data ) { err = cci_check_error (ccErrBadParam); } if (!err) { - err = k5_ipc_stream_new (&reply_data); + err = krb5int_ipc_stream_new (&reply_data); } if (!err) { @@ -153,7 +153,7 @@ reply_data = NULL; /* take ownership */ } - k5_ipc_stream_release (reply_data); + krb5int_ipc_stream_release (reply_data); return cci_check_error (err); } Modified: trunk/src/ccapi/server/ccs_server.c =================================================================== --- trunk/src/ccapi/server/ccs_server.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/server/ccs_server.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -366,7 +366,7 @@ } cci_identifier_release (request_identifier); - k5_ipc_stream_release (reply_data); + krb5int_ipc_stream_release (reply_data); return cci_check_error (err); } @@ -386,17 +386,17 @@ err = cci_message_new_reply_header (&reply, in_reply_err); } - if (!err && in_reply_data && k5_ipc_stream_size (in_reply_data) > 0) { - err = k5_ipc_stream_write (reply, - k5_ipc_stream_data (in_reply_data), - k5_ipc_stream_size (in_reply_data)); + if (!err && in_reply_data && krb5int_ipc_stream_size (in_reply_data) > 0) { + err = krb5int_ipc_stream_write (reply, + krb5int_ipc_stream_data (in_reply_data), + krb5int_ipc_stream_size (in_reply_data)); } if (!err) { err = ccs_os_server_send_reply (in_reply_pipe, reply); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return cci_check_error (err); } Modified: trunk/src/ccapi/server/win/WorkItem.cpp =================================================================== --- trunk/src/ccapi/server/win/WorkItem.cpp 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/server/win/WorkItem.cpp 2009-02-09 23:43:04 UTC (rev 21938) @@ -53,17 +53,17 @@ WorkItem::WorkItem(const WorkItem& item) : _buf(NULL), _rpcmsg(0), _pipe(NULL), _sst(0) { k5_ipc_stream _buf = NULL; - k5_ipc_stream_new(&_buf); - k5_ipc_stream_write(_buf, - k5_ipc_stream_data(item.payload()), - k5_ipc_stream_size(item.payload()) ); + krb5int_ipc_stream_new(&_buf); + krb5int_ipc_stream_write(_buf, + krb5int_ipc_stream_data(item.payload()), + krb5int_ipc_stream_size(item.payload()) ); WorkItem(_buf, item._pipe, item._rpcmsg, item._sst); } WorkItem::WorkItem() : _buf(NULL), _rpcmsg(CCMSG_INVALID), _pipe(NULL), _sst(0) { } WorkItem::~WorkItem() { - if (_buf) k5_ipc_stream_release(_buf); + if (_buf) krb5int_ipc_stream_release(_buf); if (_pipe) ccs_win_pipe_release(_pipe); } @@ -123,4 +123,4 @@ } return !bEmpty; - } \ No newline at end of file + } Modified: trunk/src/ccapi/server/win/ccs_os_server.cpp =================================================================== --- trunk/src/ccapi/server/win/ccs_os_server.cpp 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/server/win/ccs_os_server.cpp 2009-02-09 23:43:04 UTC (rev 21938) @@ -279,8 +279,8 @@ break; case CCMSG_PING: cci_debug_printf(" Processing PING"); - err = k5_ipc_stream_new (&stream); - err = k5_ipc_stream_write(stream, "This is a test of the emergency broadcasting system", 52); + err = krb5int_ipc_stream_new (&stream); + err = krb5int_ipc_stream_write(stream, "This is a test of the emergency broadcasting system", 52); err = ccs_os_server_send_reply(pipe, stream); break; default: @@ -288,7 +288,7 @@ rpcmsg, uuid); break; } - if (buf) k5_ipc_stream_release(buf); + if (buf) krb5int_ipc_stream_release(buf); /* Don't free uuid, which was allocated here. A pointer to it is in the rpcargs struct which was passed to connectionListener which will be received by ccapi_listen when the client exits. ccapi_listen needs @@ -333,8 +333,8 @@ (unsigned char*)&h, /* client's tspdata* */ (unsigned char*)uuid, getMySST(), - k5_ipc_stream_size(in_reply_stream), /* Length of buffer */ - (const unsigned char*)k5_ipc_stream_data(in_reply_stream), /* Data buffer */ + krb5int_ipc_stream_size(in_reply_stream), /* Length of buffer */ + (const unsigned char*)krb5int_ipc_stream_data(in_reply_stream), /* Data buffer */ &status ); /* Return code */ } RpcExcept(1) { Modified: trunk/src/ccapi/server/win/ccs_request_proc.c =================================================================== --- trunk/src/ccapi/server/win/ccs_request_proc.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/ccapi/server/win/ccs_request_proc.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -52,11 +52,11 @@ status = (rpcmsg != CCMSG_REQUEST) && (rpcmsg != CCMSG_PING); if (!status) { - status = k5_ipc_stream_new (&stream); /* Create a stream for the request data */ + status = krb5int_ipc_stream_new (&stream); /* Create a stream for the request data */ } if (!status) { /* Put the data into the stream */ - status = k5_ipc_stream_write (stream, pbRequest, lenRequest); + status = krb5int_ipc_stream_write (stream, pbRequest, lenRequest); } pipe = ccs_win_pipe_new(pszUUID, *p); @@ -112,4 +112,4 @@ if (hMap) CloseHandle(hMap); return result; - } \ No newline at end of file + } Modified: trunk/src/include/k5-ipc_stream.h =================================================================== --- trunk/src/include/k5-ipc_stream.h 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/include/k5-ipc_stream.h 2009-02-09 23:43:04 UTC (rev 21938) @@ -33,45 +33,45 @@ typedef struct k5_ipc_stream_s *k5_ipc_stream; -int32_t k5_ipc_stream_new (k5_ipc_stream *out_stream); +int32_t krb5int_ipc_stream_new (k5_ipc_stream *out_stream); -uint32_t k5_ipc_stream_release (k5_ipc_stream io_stream); +uint32_t krb5int_ipc_stream_release (k5_ipc_stream io_stream); -uint64_t k5_ipc_stream_size (k5_ipc_stream in_stream); +uint64_t krb5int_ipc_stream_size (k5_ipc_stream in_stream); -const char *k5_ipc_stream_data (k5_ipc_stream in_stream); +const char *krb5int_ipc_stream_data (k5_ipc_stream in_stream); -uint32_t k5_ipc_stream_read (k5_ipc_stream in_stream, - void *io_data, - uint64_t in_size); -uint32_t k5_ipc_stream_write (k5_ipc_stream in_stream, - const void *in_data, - uint64_t in_size); +uint32_t krb5int_ipc_stream_read (k5_ipc_stream in_stream, + void *io_data, + uint64_t in_size); +uint32_t krb5int_ipc_stream_write (k5_ipc_stream in_stream, + const void *in_data, + uint64_t in_size); -uint32_t k5_ipc_stream_read_string (k5_ipc_stream io_stream, - char **out_string); -uint32_t k5_ipc_stream_write_string (k5_ipc_stream io_stream, - const char *in_string); -void k5_ipc_stream_free_string (char *in_string); +uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream io_stream, + char **out_string); +uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream io_stream, + const char *in_string); +void krb5int_ipc_stream_free_string (char *in_string); -uint32_t k5_ipc_stream_read_int32 (k5_ipc_stream io_stream, - int32_t *out_int32); -uint32_t k5_ipc_stream_write_int32 (k5_ipc_stream io_stream, - int32_t in_int32); +uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream io_stream, + int32_t *out_int32); +uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream, + int32_t in_int32); -uint32_t k5_ipc_stream_read_uint32 (k5_ipc_stream io_stream, - uint32_t *out_uint32); -uint32_t k5_ipc_stream_write_uint32 (k5_ipc_stream io_stream, - uint32_t in_uint32); +uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream io_stream, + uint32_t *out_uint32); +uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream, + uint32_t in_uint32); -uint32_t k5_ipc_stream_read_int64 (k5_ipc_stream io_stream, - int64_t *out_int64); -uint32_t k5_ipc_stream_write_int64 (k5_ipc_stream io_stream, - int64_t in_int64); +uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream io_stream, + int64_t *out_int64); +uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream, + int64_t in_int64); -uint32_t k5_ipc_stream_read_uint64 (k5_ipc_stream io_stream, - uint64_t *out_uint64); -uint32_t k5_ipc_stream_write_uint64 (k5_ipc_stream io_stream, - uint64_t in_uint64); +uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream io_stream, + uint64_t *out_uint64); +uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream, + uint64_t in_uint64); #endif /* K5_IPC_STREAM_H */ Modified: trunk/src/kim/agent/mac/ServerDemux.m =================================================================== --- trunk/src/kim/agent/mac/ServerDemux.m 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/kim/agent/mac/ServerDemux.m 2009-02-09 23:43:04 UTC (rev 21938) @@ -76,15 +76,15 @@ bool isFrontProcess = 0; if (!err) { - err = k5_ipc_stream_read_int32 (in_request_stream, &pid); + err = krb5int_ipc_stream_read_int32 (in_request_stream, &pid); } if (!err) { - err = k5_ipc_stream_read_string (in_request_stream, &name); + err = krb5int_ipc_stream_read_string (in_request_stream, &name); } if (!err) { - err = k5_ipc_stream_read_string (in_request_stream, &path); + err = krb5int_ipc_stream_read_string (in_request_stream, &path); } @@ -101,8 +101,8 @@ path:path]; } - k5_ipc_stream_free_string (name); - k5_ipc_stream_free_string (path); + krb5int_ipc_stream_free_string (name); + krb5int_ipc_stream_free_string (path); return err; } @@ -116,18 +116,18 @@ k5_ipc_stream reply = NULL; if (!err) { - err = k5_ipc_stream_new (&reply); + err = krb5int_ipc_stream_new (&reply); } if (!err) { - err = k5_ipc_stream_write_int32 (reply, in_error); + err = krb5int_ipc_stream_write_int32 (reply, in_error); } if (!err) { err = k5_ipc_server_send_reply (in_reply_port, reply); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return err; } @@ -174,19 +174,19 @@ } if (!err) { - err = k5_ipc_stream_new (&reply); + err = krb5int_ipc_stream_new (&reply); } if (!err) { - err = k5_ipc_stream_write_int32 (reply, in_error); + err = krb5int_ipc_stream_write_int32 (reply, in_error); } if (!err && !in_error) { - err = k5_ipc_stream_write_string (reply, identity_string); + err = krb5int_ipc_stream_write_string (reply, identity_string); } if (!err && !in_error) { - err = k5_ipc_stream_write_uint32 (reply, in_change_password); + err = krb5int_ipc_stream_write_uint32 (reply, in_change_password); } if (!err && !in_error) { @@ -198,7 +198,7 @@ } kim_string_free (&identity_string); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return err; } @@ -248,19 +248,19 @@ } if (!err) { - err = k5_ipc_stream_new (&reply); + err = krb5int_ipc_stream_new (&reply); } if (!err) { - err = k5_ipc_stream_write_int32 (reply, in_error); + err = krb5int_ipc_stream_write_int32 (reply, in_error); } if (!err && !in_error) { - err = k5_ipc_stream_write_string (reply, identity_string); + err = krb5int_ipc_stream_write_string (reply, identity_string); } if (!err && !in_error) { - err = k5_ipc_stream_write_uint32 (reply, in_change_password); + err = krb5int_ipc_stream_write_uint32 (reply, in_change_password); } if (!err && !in_error) { @@ -272,7 +272,7 @@ } kim_string_free (&identity_string); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return err; } @@ -295,31 +295,31 @@ char *description = NULL; if (!err) { - err = k5_ipc_stream_read_string (in_request_stream, &identity_string); + err = krb5int_ipc_stream_read_string (in_request_stream, &identity_string); } if (!err) { - err = k5_ipc_stream_read_int32 (in_request_stream, &type); + err = krb5int_ipc_stream_read_int32 (in_request_stream, &type); } if (!err) { - err = k5_ipc_stream_read_int32 (in_request_stream, &allow_save_reply); + err = krb5int_ipc_stream_read_int32 (in_request_stream, &allow_save_reply); } if (!err) { - err = k5_ipc_stream_read_int32 (in_request_stream, &hide_reply); + err = krb5int_ipc_stream_read_int32 (in_request_stream, &hide_reply); } if (!err) { - err = k5_ipc_stream_read_string (in_request_stream, &title); + err = krb5int_ipc_stream_read_string (in_request_stream, &title); } if (!err) { - err = k5_ipc_stream_read_string (in_request_stream, &message); + err = krb5int_ipc_stream_read_string (in_request_stream, &message); } if (!err) { - err = k5_ipc_stream_read_string (in_request_stream, &description); + err = krb5int_ipc_stream_read_string (in_request_stream, &description); } if (!err) { @@ -335,10 +335,10 @@ description:description]; } - k5_ipc_stream_free_string (identity_string); - k5_ipc_stream_free_string (title); - k5_ipc_stream_free_string (message); - k5_ipc_stream_free_string (description); + krb5int_ipc_stream_free_string (identity_string); + krb5int_ipc_stream_free_string (title); + krb5int_ipc_stream_free_string (message); + krb5int_ipc_stream_free_string (description); return err; } @@ -354,26 +354,26 @@ k5_ipc_stream reply = NULL; if (!err) { - err = k5_ipc_stream_new (&reply); + err = krb5int_ipc_stream_new (&reply); } if (!err) { - err = k5_ipc_stream_write_int32 (reply, in_error); + err = krb5int_ipc_stream_write_int32 (reply, in_error); } if (!err && !in_error) { - err = k5_ipc_stream_write_string (reply, in_prompt_response); + err = krb5int_ipc_stream_write_string (reply, in_prompt_response); } if (!err && !in_error) { - err = k5_ipc_stream_write_int32 (reply, in_allow_save_response); + err = krb5int_ipc_stream_write_int32 (reply, in_allow_save_response); } if (!err) { err = k5_ipc_server_send_reply (in_reply_port, reply); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return err; } @@ -391,11 +391,11 @@ int32_t old_password_expired = 0; if (!err) { - err = k5_ipc_stream_read_string (in_request_stream, &identity_string); + err = krb5int_ipc_stream_read_string (in_request_stream, &identity_string); } if (!err) { - err = k5_ipc_stream_read_int32 (in_request_stream, + err = krb5int_ipc_stream_read_int32 (in_request_stream, &old_password_expired); } @@ -407,7 +407,7 @@ expired:old_password_expired]; } - k5_ipc_stream_free_string (identity_string); + krb5int_ipc_stream_free_string (identity_string); return err; } @@ -424,30 +424,30 @@ k5_ipc_stream reply = NULL; if (!err) { - err = k5_ipc_stream_new (&reply); + err = krb5int_ipc_stream_new (&reply); } if (!err) { - err = k5_ipc_stream_write_int32 (reply, in_error); + err = krb5int_ipc_stream_write_int32 (reply, in_error); } if (!err && !in_error) { - err = k5_ipc_stream_write_string (reply, in_old_password); + err = krb5int_ipc_stream_write_string (reply, in_old_password); } if (!err && !in_error) { - err = k5_ipc_stream_write_string (reply, in_new_password); + err = krb5int_ipc_stream_write_string (reply, in_new_password); } if (!err && !in_error) { - err = k5_ipc_stream_write_string (reply, in_vfy_password); + err = krb5int_ipc_stream_write_string (reply, in_vfy_password); } if (!err) { err = k5_ipc_server_send_reply (in_reply_port, reply); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return err; } @@ -467,24 +467,24 @@ char *description = NULL; if (!err) { - err = k5_ipc_stream_read_string (in_request_stream, &identity_string); + err = krb5int_ipc_stream_read_string (in_request_stream, &identity_string); /* Can be empty string "" if there is no identity */ if (!err && !identity_string[0]) { - k5_ipc_stream_free_string (identity_string); + krb5int_ipc_stream_free_string (identity_string); identity_string = NULL; } } if (!err) { - err = k5_ipc_stream_read_int32 (in_request_stream, &error); + err = krb5int_ipc_stream_read_int32 (in_request_stream, &error); } if (!err) { - err = k5_ipc_stream_read_string (in_request_stream, &message); + err = krb5int_ipc_stream_read_string (in_request_stream, &message); } if (!err) { - err = k5_ipc_stream_read_string (in_request_stream, &description); + err = krb5int_ipc_stream_read_string (in_request_stream, &description); } if (!err) { @@ -497,9 +497,9 @@ description:description]; } - k5_ipc_stream_free_string (identity_string); - k5_ipc_stream_free_string (message); - k5_ipc_stream_free_string (description); + krb5int_ipc_stream_free_string (identity_string); + krb5int_ipc_stream_free_string (message); + krb5int_ipc_stream_free_string (description); return err; } @@ -513,18 +513,18 @@ k5_ipc_stream reply = NULL; if (!err) { - err = k5_ipc_stream_new (&reply); + err = krb5int_ipc_stream_new (&reply); } if (!err) { - err = k5_ipc_stream_write_int32 (reply, in_error); + err = krb5int_ipc_stream_write_int32 (reply, in_error); } if (!err) { err = k5_ipc_server_send_reply (in_reply_port, reply); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return err; } @@ -553,18 +553,18 @@ k5_ipc_stream reply = NULL; if (!err) { - err = k5_ipc_stream_new (&reply); + err = krb5int_ipc_stream_new (&reply); } if (!err) { - err = k5_ipc_stream_write_int32 (reply, in_error); + err = krb5int_ipc_stream_write_int32 (reply, in_error); } if (!err) { err = k5_ipc_server_send_reply (in_reply_port, reply); } - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (reply); return err; } @@ -609,7 +609,7 @@ char *message_type = NULL; if (!err) { - err = k5_ipc_stream_read_string (in_request_stream, &message_type); + err = krb5int_ipc_stream_read_string (in_request_stream, &message_type); } if (!err) { @@ -653,7 +653,7 @@ } } - k5_ipc_stream_free_string (message_type); + krb5int_ipc_stream_free_string (message_type); return err; } Modified: trunk/src/kim/lib/kim_options.c =================================================================== --- trunk/src/kim/lib/kim_options.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/kim/lib/kim_options.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -545,36 +545,36 @@ } if (!err) { - err = k5_ipc_stream_write_int64 (io_stream, options->start_time); + err = krb5int_ipc_stream_write_int64 (io_stream, options->start_time); } if (!err) { - err = k5_ipc_stream_write_int64 (io_stream, options->lifetime); + err = krb5int_ipc_stream_write_int64 (io_stream, options->lifetime); } if (!err) { - err = k5_ipc_stream_write_int32 (io_stream, options->renewable); + err = krb5int_ipc_stream_write_int32 (io_stream, options->renewable); } if (!err) { - err = k5_ipc_stream_write_int64 (io_stream, + err = krb5int_ipc_stream_write_int64 (io_stream, options->renewal_lifetime); } if (!err) { - err = k5_ipc_stream_write_int32 (io_stream, options->forwardable); + err = krb5int_ipc_stream_write_int32 (io_stream, options->forwardable); } if (!err) { - err = k5_ipc_stream_write_int32 (io_stream, options->proxiable); + err = krb5int_ipc_stream_write_int32 (io_stream, options->proxiable); } if (!err) { - err = k5_ipc_stream_write_int32 (io_stream, options->addressless); + err = krb5int_ipc_stream_write_int32 (io_stream, options->addressless); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, options->service_name); + err = krb5int_ipc_stream_write_string (io_stream, options->service_name); } if (options != in_options) { kim_options_free (&options); } @@ -593,37 +593,37 @@ if (!err && !io_stream ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { - err = k5_ipc_stream_read_int64 (io_stream, &io_options->start_time); + err = krb5int_ipc_stream_read_int64 (io_stream, &io_options->start_time); } if (!err) { - err = k5_ipc_stream_read_int64 (io_stream, &io_options->lifetime); + err = krb5int_ipc_stream_read_int64 (io_stream, &io_options->lifetime); } if (!err) { - err = k5_ipc_stream_read_int32 (io_stream, &io_options->renewable); + err = krb5int_ipc_stream_read_int32 (io_stream, &io_options->renewable); } if (!err) { - err = k5_ipc_stream_read_int64 (io_stream, + err = krb5int_ipc_stream_read_int64 (io_stream, &io_options->renewal_lifetime); } if (!err) { - err = k5_ipc_stream_read_int32 (io_stream, &io_options->forwardable); + err = krb5int_ipc_stream_read_int32 (io_stream, &io_options->forwardable); } if (!err) { - err = k5_ipc_stream_read_int32 (io_stream, &io_options->proxiable); + err = krb5int_ipc_stream_read_int32 (io_stream, &io_options->proxiable); } if (!err) { - err = k5_ipc_stream_read_int32 (io_stream, &io_options->addressless); + err = krb5int_ipc_stream_read_int32 (io_stream, &io_options->addressless); } if (!err) { char *service_name = NULL; - err = k5_ipc_stream_read_string (io_stream, &service_name); + err = krb5int_ipc_stream_read_string (io_stream, &service_name); if (!err) { kim_string_free (&io_options->service_name); @@ -634,7 +634,7 @@ } } - k5_ipc_stream_free_string (service_name); + krb5int_ipc_stream_free_string (service_name); } return check_error (err); Modified: trunk/src/kim/lib/kim_selection_hints.c =================================================================== --- trunk/src/kim/lib/kim_selection_hints.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/kim/lib/kim_selection_hints.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -593,13 +593,13 @@ if (!err && !io_stream ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, - in_selection_hints->application_identifier); + err = krb5int_ipc_stream_write_string (io_stream, + in_selection_hints->application_identifier); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, - in_selection_hints->explanation); + err = krb5int_ipc_stream_write_string (io_stream, + in_selection_hints->explanation); } if (!err) { @@ -608,33 +608,33 @@ } if (!err) { - err = k5_ipc_stream_write_string (io_stream, - in_selection_hints->service_identity); + err = krb5int_ipc_stream_write_string (io_stream, + in_selection_hints->service_identity); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, - in_selection_hints->client_realm); + err = krb5int_ipc_stream_write_string (io_stream, + in_selection_hints->client_realm); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, - in_selection_hints->user); + err = krb5int_ipc_stream_write_string (io_stream, + in_selection_hints->user); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, - in_selection_hints->service_realm); + err = krb5int_ipc_stream_write_string (io_stream, + in_selection_hints->service_realm); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, - in_selection_hints->service); + err = krb5int_ipc_stream_write_string (io_stream, + in_selection_hints->service); } if (!err) { - err = k5_ipc_stream_write_string (io_stream, - in_selection_hints->server); + err = krb5int_ipc_stream_write_string (io_stream, + in_selection_hints->server); } return check_error (err); @@ -652,26 +652,26 @@ if (!err) { char *application_identifier = NULL; - err = k5_ipc_stream_read_string (io_stream, &application_identifier); + err = krb5int_ipc_stream_read_string (io_stream, &application_identifier); if (!err) { err = kim_string_copy (&io_selection_hints->application_identifier, application_identifier); } - k5_ipc_stream_free_string (application_identifier); + krb5int_ipc_stream_free_string (application_identifier); } if (!err) { char *explanation = NULL; - err = k5_ipc_stream_read_string (io_stream, &explanation); + err = krb5int_ipc_stream_read_string (io_stream, &explanation); if (!err) { err = kim_string_copy (&io_selection_hints->explanation, explanation); } - k5_ipc_stream_free_string (explanation); + krb5int_ipc_stream_free_string (explanation); } if (!err) { @@ -686,71 +686,71 @@ if (!err) { char *service_identity = NULL; - err = k5_ipc_stream_read_string (io_stream, &service_identity); + err = krb5int_ipc_stream_read_string (io_stream, &service_identity); if (!err) { err = kim_string_copy (&io_selection_hints->service_identity, service_identity); } - k5_ipc_stream_free_string (service_identity); + krb5int_ipc_stream_free_string (service_identity); } if (!err) { char *client_realm = NULL; - err = k5_ipc_stream_read_string (io_stream, &client_realm); + err = krb5int_ipc_stream_read_string (io_stream, &client_realm); if (!err) { err = kim_string_copy (&io_selection_hints->client_realm, client_realm); } - k5_ipc_stream_free_string (client_realm); + krb5int_ipc_stream_free_string (client_realm); } if (!err) { char *user = NULL; - err = k5_ipc_stream_read_string (io_stream, &user); + err = krb5int_ipc_stream_read_string (io_stream, &user); if (!err) { err = kim_string_copy (&io_selection_hints->user, user); } - k5_ipc_stream_free_string (user); + krb5int_ipc_stream_free_string (user); } if (!err) { char *service_realm = NULL; - err = k5_ipc_stream_read_string (io_stream, &service_realm); + err = krb5int_ipc_stream_read_string (io_stream, &service_realm); if (!err) { err = kim_string_copy (&io_selection_hints->service_realm, service_realm); } - k5_ipc_stream_free_string (service_realm); + krb5int_ipc_stream_free_string (service_realm); } if (!err) { char *service = NULL; - err = k5_ipc_stream_read_string (io_stream, &service); + err = krb5int_ipc_stream_read_string (io_stream, &service); if (!err) { err = kim_string_copy (&io_selection_hints->service, service); } - k5_ipc_stream_free_string (service); + krb5int_ipc_stream_free_string (service); } if (!err) { char *server = NULL; - err = k5_ipc_stream_read_string (io_stream, &server); + err = krb5int_ipc_stream_read_string (io_stream, &server); if (!err) { err = kim_string_copy (&io_selection_hints->server, server); } - k5_ipc_stream_free_string (server); + krb5int_ipc_stream_free_string (server); } return check_error (err); Modified: trunk/src/kim/lib/mac/kim_os_ui_gui.c =================================================================== --- trunk/src/kim/lib/mac/kim_os_ui_gui.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/kim/lib/mac/kim_os_ui_gui.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -68,23 +68,23 @@ } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_string (request, "init"); + err = krb5int_ipc_stream_write_string (request, "init"); } if (!err) { - err = k5_ipc_stream_write_int32 (request, getpid()); + err = krb5int_ipc_stream_write_int32 (request, getpid()); } if (!err) { - err = k5_ipc_stream_write_string (request, name ? name : ""); + err = krb5int_ipc_stream_write_string (request, name ? name : ""); } if (!err) { - err = k5_ipc_stream_write_string (request, path ? path : ""); + err = krb5int_ipc_stream_write_string (request, path ? path : ""); } if (!err) { @@ -96,7 +96,7 @@ if (!err) { int32_t result = 0; - err = k5_ipc_stream_read_int32 (reply, &result); + err = krb5int_ipc_stream_read_int32 (reply, &result); if (!err) { err = check_error (result); } } @@ -104,8 +104,8 @@ io_context->tcontext = NULL; } - k5_ipc_stream_release (request); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); kim_string_free (&name); kim_string_free (&path); @@ -131,11 +131,11 @@ if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_string (request, "enter_identity"); + err = krb5int_ipc_stream_write_string (request, "enter_identity"); } if (!err) { @@ -152,16 +152,16 @@ if (!err) { int32_t result = 0; - err = k5_ipc_stream_read_int32 (reply, &result); + err = krb5int_ipc_stream_read_int32 (reply, &result); if (!err) { err = check_error (result); } } if (!err) { - err = k5_ipc_stream_read_string (reply, &identity_string); + err = krb5int_ipc_stream_read_string (reply, &identity_string); } if (!err) { - err = k5_ipc_stream_read_uint32 (reply, &change_password); + err = krb5int_ipc_stream_read_uint32 (reply, &change_password); } if (!err) { @@ -179,9 +179,9 @@ } kim_identity_free (&identity); - k5_ipc_stream_free_string (identity_string); - k5_ipc_stream_release (request); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_free_string (identity_string); + krb5int_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); return check_error (err); } @@ -206,11 +206,11 @@ if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_string (request, "select_identity"); + err = krb5int_ipc_stream_write_string (request, "select_identity"); } if (!err) { @@ -227,12 +227,12 @@ if (!err) { int32_t result = 0; - err = k5_ipc_stream_read_int32 (reply, &result); + err = krb5int_ipc_stream_read_int32 (reply, &result); if (!err) { err = check_error (result); } } if (!err) { - err = k5_ipc_stream_read_string (reply, &identity_string); + err = krb5int_ipc_stream_read_string (reply, &identity_string); } if (!err) { @@ -240,7 +240,7 @@ } if (!err) { - err = k5_ipc_stream_read_uint32 (reply, &change_password); + err = krb5int_ipc_stream_read_uint32 (reply, &change_password); } if (!err) { @@ -259,9 +259,9 @@ kim_identity_free (&identity); kim_options_free (&options); - k5_ipc_stream_free_string (identity_string); - k5_ipc_stream_release (request); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_free_string (identity_string); + krb5int_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); return check_error (err); } @@ -293,41 +293,41 @@ } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_string (request, "auth_prompt"); + err = krb5int_ipc_stream_write_string (request, "auth_prompt"); } if (!err) { - err = k5_ipc_stream_write_string (request, identity_string); + err = krb5int_ipc_stream_write_string (request, identity_string); } if (!err) { - err = k5_ipc_stream_write_int32 (request, in_type); + err = krb5int_ipc_stream_write_int32 (request, in_type); } if (!err) { - err = k5_ipc_stream_write_int32 (request, in_allow_save_reply); + err = krb5int_ipc_stream_write_int32 (request, in_allow_save_reply); } if (!err) { - err = k5_ipc_stream_write_int32 (request, in_hide_reply); + err = krb5int_ipc_stream_write_int32 (request, in_hide_reply); } if (!err) { - err = k5_ipc_stream_write_string (request, + err = krb5int_ipc_stream_write_string (request, in_title ? in_title : ""); } if (!err) { - err = k5_ipc_stream_write_string (request, + err = krb5int_ipc_stream_write_string (request, in_message ? in_message : ""); } if (!err) { - err = k5_ipc_stream_write_string (request, + err = krb5int_ipc_stream_write_string (request, in_description ? in_description : ""); } @@ -341,22 +341,22 @@ if (!err) { int32_t result = 0; - err = k5_ipc_stream_read_int32 (reply, &result); + err = krb5int_ipc_stream_read_int32 (reply, &result); if (!err) { err = check_error (result); } } if (!err) { - err = k5_ipc_stream_read_string (reply, out_reply); + err = krb5int_ipc_stream_read_string (reply, out_reply); } if (!err) { - err = k5_ipc_stream_read_int32 (reply, out_save_reply); + err = krb5int_ipc_stream_read_int32 (reply, out_save_reply); } kim_string_free (&identity_string); - k5_ipc_stream_release (request); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); return check_error (err); } @@ -389,19 +389,19 @@ } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_string (request, "change_password"); + err = krb5int_ipc_stream_write_string (request, "change_password"); } if (!err) { - err = k5_ipc_stream_write_string (request, identity_string); + err = krb5int_ipc_stream_write_string (request, identity_string); } if (!err) { - err = k5_ipc_stream_write_int32 (request, in_old_password_expired); + err = krb5int_ipc_stream_write_int32 (request, in_old_password_expired); } if (!err) { @@ -414,20 +414,20 @@ if (!err) { int32_t result = 0; - err = k5_ipc_stream_read_int32 (reply, &result); + err = krb5int_ipc_stream_read_int32 (reply, &result); if (!err) { err = check_error (result); } } if (!err) { - err = k5_ipc_stream_read_string (reply, &old_password); + err = krb5int_ipc_stream_read_string (reply, &old_password); } if (!err) { - err = k5_ipc_stream_read_string (reply, &new_password); + err = krb5int_ipc_stream_read_string (reply, &new_password); } if (!err) { - err = k5_ipc_stream_read_string (reply, &vfy_password); + err = krb5int_ipc_stream_read_string (reply, &vfy_password); } if (!err) { @@ -440,12 +440,12 @@ } kim_string_free (&identity_string); - k5_ipc_stream_free_string (old_password); - k5_ipc_stream_free_string (new_password); - k5_ipc_stream_free_string (vfy_password); + krb5int_ipc_stream_free_string (old_password); + krb5int_ipc_stream_free_string (new_password); + krb5int_ipc_stream_free_string (vfy_password); - k5_ipc_stream_release (request); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); return check_error (err); } @@ -471,27 +471,27 @@ } if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_string (request, "handle_error"); + err = krb5int_ipc_stream_write_string (request, "handle_error"); } if (!err) { - err = k5_ipc_stream_write_string (request, identity_string); + err = krb5int_ipc_stream_write_string (request, identity_string); } if (!err) { - err = k5_ipc_stream_write_int32 (request, in_error); + err = krb5int_ipc_stream_write_int32 (request, in_error); } if (!err) { - err = k5_ipc_stream_write_string (request, in_error_message); + err = krb5int_ipc_stream_write_string (request, in_error_message); } if (!err) { - err = k5_ipc_stream_write_string (request, in_error_description); + err = krb5int_ipc_stream_write_string (request, in_error_description); } if (!err) { @@ -504,14 +504,14 @@ if (!err) { int32_t result = 0; - err = k5_ipc_stream_read_int32 (reply, &result); + err = krb5int_ipc_stream_read_int32 (reply, &result); if (!err) { err = check_error (result); } } kim_string_free (&identity_string); - k5_ipc_stream_release (request); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); return check_error (err); } @@ -533,11 +533,11 @@ k5_ipc_stream reply = NULL; if (!err) { - err = k5_ipc_stream_new (&request); + err = krb5int_ipc_stream_new (&request); } if (!err) { - err = k5_ipc_stream_write_string (request, "fini"); + err = krb5int_ipc_stream_write_string (request, "fini"); } if (!err) { @@ -550,12 +550,12 @@ if (!err) { int32_t result = 0; - err = k5_ipc_stream_read_int32 (reply, &result); + err = krb5int_ipc_stream_read_int32 (reply, &result); if (!err) { err = check_error (result); } } - k5_ipc_stream_release (request); - k5_ipc_stream_release (reply); + krb5int_ipc_stream_release (request); + krb5int_ipc_stream_release (reply); return check_error (err); } Modified: trunk/src/util/mac/k5_mig_client.c =================================================================== --- trunk/src/util/mac/k5_mig_client.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/util/mac/k5_mig_client.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -325,12 +325,12 @@ if (!err) { if (in_inl_replyCnt) { - err = k5_ipc_stream_write (cinfo->reply_stream, - in_inl_reply, in_inl_replyCnt); + err = krb5int_ipc_stream_write (cinfo->reply_stream, + in_inl_reply, in_inl_replyCnt); } else if (in_ool_replyCnt) { - err = k5_ipc_stream_write (cinfo->reply_stream, - in_ool_reply, in_ool_replyCnt); + err = krb5int_ipc_stream_write (cinfo->reply_stream, + in_ool_reply, in_ool_replyCnt); } else { err = EINVAL; @@ -375,14 +375,14 @@ if (!err) { /* depending on how big the message is, use the fast inline buffer or * the slow dynamically allocated buffer */ - mach_msg_type_number_t request_length = k5_ipc_stream_size (in_request_stream); + mach_msg_type_number_t request_length = krb5int_ipc_stream_size (in_request_stream); if (request_length > K5_IPC_MAX_INL_MSG_SIZE) { /*dprintf ("%s choosing out of line buffer (size is %d)", * __FUNCTION__, request_length); */ err = vm_read (mach_task_self (), - (vm_address_t) k5_ipc_stream_data (in_request_stream), + (vm_address_t) krb5int_ipc_stream_data (in_request_stream), request_length, (vm_address_t *) &ool_request, &ool_request_length); @@ -391,7 +391,7 @@ * __FUNCTION__, request_length); */ inl_request_length = request_length; - inl_request = k5_ipc_stream_data (in_request_stream); + inl_request = krb5int_ipc_stream_data (in_request_stream); } } @@ -473,7 +473,7 @@ } if (!err) { - err = k5_ipc_stream_new (&cinfo->reply_stream); + err = krb5int_ipc_stream_new (&cinfo->reply_stream); } if (!err) { @@ -519,7 +519,7 @@ (vm_address_t) ool_request, ool_request_length); } if (cinfo && cinfo->reply_stream) { - k5_ipc_stream_release (cinfo->reply_stream); + krb5int_ipc_stream_release (cinfo->reply_stream); cinfo->reply_stream = NULL; } Modified: trunk/src/util/mac/k5_mig_server.c =================================================================== --- trunk/src/util/mac/k5_mig_server.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/util/mac/k5_mig_server.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -136,15 +136,15 @@ k5_ipc_stream request_stream = NULL; if (!err) { - err = k5_ipc_stream_new (&request_stream); + err = krb5int_ipc_stream_new (&request_stream); } if (!err) { if (in_inl_requestCnt) { - err = k5_ipc_stream_write (request_stream, in_inl_request, in_inl_requestCnt); + err = krb5int_ipc_stream_write (request_stream, in_inl_request, in_inl_requestCnt); } else if (in_ool_requestCnt) { - err = k5_ipc_stream_write (request_stream, in_ool_request, in_ool_requestCnt); + err = krb5int_ipc_stream_write (request_stream, in_ool_request, in_ool_requestCnt); } else { err = EINVAL; @@ -155,7 +155,7 @@ err = k5_ipc_server_handle_request (in_connection_port, in_reply_port, request_stream); } - k5_ipc_stream_release (request_stream); + krb5int_ipc_stream_release (request_stream); if (in_ool_requestCnt) { vm_deallocate (mach_task_self (), (vm_address_t) in_ool_request, in_ool_requestCnt); } return err; @@ -346,14 +346,14 @@ if (!err) { /* depending on how big the message is, use the fast inline buffer or * the slow dynamically allocated buffer */ - mach_msg_type_number_t reply_length = k5_ipc_stream_size (in_reply_stream); + mach_msg_type_number_t reply_length = krb5int_ipc_stream_size (in_reply_stream); if (reply_length > K5_IPC_MAX_INL_MSG_SIZE) { //dprintf ("%s choosing out of line buffer (size is %d)", // __FUNCTION__, reply_length); err = vm_read (mach_task_self (), - (vm_address_t) k5_ipc_stream_data (in_reply_stream), reply_length, + (vm_address_t) krb5int_ipc_stream_data (in_reply_stream), reply_length, (vm_address_t *) &ool_reply, &ool_reply_length); } else { @@ -361,7 +361,7 @@ // __FUNCTION__, reply_length); inl_reply_length = reply_length; - memcpy (inl_reply, k5_ipc_stream_data (in_reply_stream), reply_length); + memcpy (inl_reply, krb5int_ipc_stream_data (in_reply_stream), reply_length); } } Modified: trunk/src/util/support/ipc_stream.c =================================================================== --- trunk/src/util/support/ipc_stream.c 2009-02-09 23:27:50 UTC (rev 21937) +++ trunk/src/util/support/ipc_stream.c 2009-02-09 23:43:04 UTC (rev 21938) @@ -52,8 +52,8 @@ /* ------------------------------------------------------------------------ */ -static uint32_t k5_ipc_stream_reallocate (k5_ipc_stream io_stream, - uint64_t in_new_size) +static uint32_t krb5int_ipc_stream_reallocate (k5_ipc_stream io_stream, + uint64_t in_new_size) { int32_t err = 0; uint64_t new_max_size = 0; @@ -102,7 +102,7 @@ /* ------------------------------------------------------------------------ */ -int32_t k5_ipc_stream_new (k5_ipc_stream *out_stream) +int32_t krb5int_ipc_stream_new (k5_ipc_stream *out_stream) { int32_t err = 0; k5_ipc_stream stream = NULL; @@ -123,7 +123,7 @@ stream = NULL; } - k5_ipc_stream_release (stream); + krb5int_ipc_stream_release (stream); return k5_check_error (err); } @@ -131,7 +131,7 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_release (k5_ipc_stream io_stream) +uint32_t krb5int_ipc_stream_release (k5_ipc_stream io_stream) { int32_t err = 0; @@ -145,7 +145,7 @@ /* ------------------------------------------------------------------------ */ -uint64_t k5_ipc_stream_size (k5_ipc_stream in_stream) +uint64_t krb5int_ipc_stream_size (k5_ipc_stream in_stream) { return in_stream ? in_stream->size : 0; } @@ -153,7 +153,7 @@ /* ------------------------------------------------------------------------ */ -const char *k5_ipc_stream_data (k5_ipc_stream in_stream) +const char *krb5int_ipc_stream_data (k5_ipc_stream in_stream) { return in_stream ? in_stream->data : NULL; } @@ -164,9 +164,9 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_read (k5_ipc_stream io_stream, - void *io_data, - uint64_t in_size) +uint32_t krb5int_ipc_stream_read (k5_ipc_stream io_stream, + void *io_data, + uint64_t in_size) { int32_t err = 0; @@ -184,7 +184,7 @@ memmove (io_stream->data, &io_stream->data[in_size], io_stream->size - in_size); - err = k5_ipc_stream_reallocate (io_stream, io_stream->size - in_size); + err = krb5int_ipc_stream_reallocate (io_stream, io_stream->size - in_size); if (!err) { io_stream->size -= in_size; @@ -196,9 +196,9 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_write (k5_ipc_stream io_stream, - const void *in_data, - uint64_t in_size) +uint32_t krb5int_ipc_stream_write (k5_ipc_stream io_stream, + const void *in_data, + uint64_t in_size) { int32_t err = 0; @@ -213,7 +213,7 @@ } if (!err) { - err = k5_ipc_stream_reallocate (io_stream, io_stream->size + in_size); + err = krb5int_ipc_stream_reallocate (io_stream, io_stream->size + in_size); } if (!err) { @@ -230,15 +230,15 @@ /* ------------------------------------------------------------------------ */ -void k5_ipc_stream_free_string (char *in_string) +void krb5int_ipc_stream_free_string (char *in_string) { free (in_string); } /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_read_string (k5_ipc_stream io_stream, - char **out_string) +uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream io_stream, + char **out_string) { int32_t err = 0; uint32_t length = 0; @@ -248,7 +248,7 @@ if (!out_string) { err = k5_check_error (EINVAL); } if (!err) { - err = k5_ipc_stream_read_uint32 (io_stream, &length); + err = krb5int_ipc_stream_read_uint32 (io_stream, &length); } if (!err) { @@ -257,7 +257,7 @@ } if (!err) { - err = k5_ipc_stream_read (io_stream, string, length); + err = krb5int_ipc_stream_read (io_stream, string, length); } if (!err) { @@ -272,8 +272,8 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_write_string (k5_ipc_stream io_stream, - const char *in_string) +uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream io_stream, + const char *in_string) { int32_t err = 0; uint32_t length = 0; @@ -284,11 +284,11 @@ if (!err) { length = strlen (in_string) + 1; - err = k5_ipc_stream_write_uint32 (io_stream, length); + err = krb5int_ipc_stream_write_uint32 (io_stream, length); } if (!err) { - err = k5_ipc_stream_write (io_stream, in_string, length); + err = krb5int_ipc_stream_write (io_stream, in_string, length); } return k5_check_error (err); @@ -300,8 +300,8 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_read_int32 (k5_ipc_stream io_stream, - int32_t *out_int32) +uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream io_stream, + int32_t *out_int32) { int32_t err = 0; int32_t int32 = 0; @@ -310,7 +310,7 @@ if (!out_int32) { err = k5_check_error (EINVAL); } if (!err) { - err = k5_ipc_stream_read (io_stream, &int32, sizeof (int32)); + err = krb5int_ipc_stream_read (io_stream, &int32, sizeof (int32)); } if (!err) { @@ -322,8 +322,8 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_write_int32 (k5_ipc_stream io_stream, - int32_t in_int32) +uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream, + int32_t in_int32) { int32_t err = 0; int32_t int32 = htonl (in_int32); @@ -331,7 +331,7 @@ if (!io_stream) { err = k5_check_error (EINVAL); } if (!err) { - err = k5_ipc_stream_write (io_stream, &int32, sizeof (int32)); + err = krb5int_ipc_stream_write (io_stream, &int32, sizeof (int32)); } return k5_check_error (err); @@ -343,8 +343,8 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_read_uint32 (k5_ipc_stream io_stream, - uint32_t *out_uint32) +uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream io_stream, + uint32_t *out_uint32) { int32_t err = 0; uint32_t uint32 = 0; @@ -353,7 +353,7 @@ if (!out_uint32) { err = k5_check_error (EINVAL); } if (!err) { - err = k5_ipc_stream_read (io_stream, &uint32, sizeof (uint32)); + err = krb5int_ipc_stream_read (io_stream, &uint32, sizeof (uint32)); } if (!err) { @@ -365,8 +365,8 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_write_uint32 (k5_ipc_stream io_stream, - uint32_t in_uint32) +uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream, + uint32_t in_uint32) { int32_t err = 0; int32_t uint32 = htonl (in_uint32); @@ -374,7 +374,7 @@ if (!io_stream) { err = k5_check_error (EINVAL); } if (!err) { - err = k5_ipc_stream_write (io_stream, &uint32, sizeof (uint32)); + err = krb5int_ipc_stream_write (io_stream, &uint32, sizeof (uint32)); } return k5_check_error (err); @@ -386,8 +386,8 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_read_int64 (k5_ipc_stream io_stream, - int64_t *out_int64) +uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream io_stream, + int64_t *out_int64) { int32_t err = 0; uint64_t int64 = 0; @@ -396,7 +396,7 @@ if (!out_int64) { err = k5_check_error (EINVAL); } if (!err) { - err = k5_ipc_stream_read (io_stream, &int64, sizeof (int64)); + err = krb5int_ipc_stream_read (io_stream, &int64, sizeof (int64)); } if (!err) { @@ -408,8 +408,8 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_write_int64 (k5_ipc_stream io_stream, - int64_t in_int64) +uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream, + int64_t in_int64) { int32_t err = 0; int64_t int64 = htonll (in_int64); @@ -417,7 +417,7 @@ if (!io_stream) { err = k5_check_error (EINVAL); } if (!err) { - err = k5_ipc_stream_write (io_stream, &int64, sizeof (int64)); + err = krb5int_ipc_stream_write (io_stream, &int64, sizeof (int64)); } return k5_check_error (err); @@ -430,8 +430,8 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_read_uint64 (k5_ipc_stream io_stream, - uint64_t *out_uint64) +uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream io_stream, + uint64_t *out_uint64) { int32_t err = 0; uint64_t uint64 = 0; @@ -440,7 +440,7 @@ if (!out_uint64) { err = k5_check_error (EINVAL); } if (!err) { - err = k5_ipc_stream_read (io_stream, &uint64, sizeof (uint64)); + err = krb5int_ipc_stream_read (io_stream, &uint64, sizeof (uint64)); } if (!err) { @@ -452,8 +452,8 @@ /* ------------------------------------------------------------------------ */ -uint32_t k5_ipc_stream_write_uint64 (k5_ipc_stream io_stream, - uint64_t in_uint64) +uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream, + uint64_t in_uint64) { int32_t err = 0; int64_t uint64 = htonll (in_uint64); @@ -461,7 +461,7 @@ if (!io_stream) { err = k5_check_error (EINVAL); } if (!err) { - err = k5_ipc_stream_write (io_stream, &uint64, sizeof (uint64)); + err = krb5int_ipc_stream_write (io_stream, &uint64, sizeof (uint64)); } return k5_check_error (err); From ghudson at MIT.EDU Mon Feb 9 19:20:51 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 9 Feb 2009 19:20:51 -0500 (EST) Subject: svn rev #21939: trunk/src/util/support/ Message-ID: <200902100020.TAA20625@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21939 Commit By: ghudson Log Message: Update t_k5buf.c for the renamed buffer type constants. Changed Files: U trunk/src/util/support/t_k5buf.c Modified: trunk/src/util/support/t_k5buf.c =================================================================== --- trunk/src/util/support/t_k5buf.c 2009-02-09 23:43:04 UTC (rev 21938) +++ trunk/src/util/support/t_k5buf.c 2009-02-10 00:20:48 UTC (rev 21939) @@ -43,9 +43,9 @@ /* Test the invariants of a buffer. */ static void check_buf(struct k5buf *buf, const char *name) { - fail_if(buf->buftype != FIXED && buf->buftype != DYNAMIC - && buf->buftype != ERROR, name); - if (buf->buftype == ERROR) + fail_if(buf->buftype != BUFTYPE_FIXED && buf->buftype != BUFTYPE_DYNAMIC + && buf->buftype != BUFTYPE_ERROR, name); + if (buf->buftype == BUFTYPE_ERROR) return; fail_if(buf->space == 0, name); fail_if(buf->space > SPACE_MAX, name); @@ -135,7 +135,8 @@ check_buf(&buf, "realloc 5"); s = krb5int_buf_data(&buf); len = krb5int_buf_len(&buf); - fail_if(buf.buftype != ERROR || s != NULL || len != -1, "realloc 5"); + fail_if(buf.buftype != BUFTYPE_ERROR || s != NULL || len != -1, + "realloc 5"); krb5int_free_buf(&buf); /* Cause a reallocation to fail by integer overflow. */ @@ -145,7 +146,8 @@ check_buf(&buf, "realloc 6"); s = krb5int_buf_data(&buf); len = krb5int_buf_len(&buf); - fail_if(buf.buftype != ERROR || s != NULL || len != -1, "realloc 6"); + fail_if(buf.buftype != BUFTYPE_ERROR || s != NULL || len != -1, + "realloc 6"); krb5int_free_buf(&buf); } @@ -162,7 +164,8 @@ check_buf(&buf, "overflow 1"); s = krb5int_buf_data(&buf); len = krb5int_buf_len(&buf); - fail_if(buf.buftype != ERROR || s != NULL || len != -1, "overflow 1"); + fail_if(buf.buftype != BUFTYPE_ERROR || s != NULL || len != -1, + "overflow 1"); /* Cause a fixed-sized buffer overflow with integer overflow. */ krb5int_buf_init_fixed(&buf, storage, sizeof(storage)); @@ -171,7 +174,8 @@ check_buf(&buf, "overflow 2"); s = krb5int_buf_data(&buf); len = krb5int_buf_len(&buf); - fail_if(buf.buftype != ERROR || s != NULL || len != -1, "overflow 2"); + fail_if(buf.buftype != BUFTYPE_ERROR || s != NULL || len != -1, + "overflow 2"); } static void test_error() @@ -182,7 +186,7 @@ /* Cause an overflow and then perform actions afterwards. */ krb5int_buf_init_fixed(&buf, storage, sizeof(storage)); krb5int_buf_add(&buf, "1"); - fail_if(buf.buftype != ERROR, "error"); + fail_if(buf.buftype != BUFTYPE_ERROR, "error"); check_buf(&buf, "error"); krb5int_buf_add(&buf, "test"); check_buf(&buf, "error"); @@ -190,7 +194,7 @@ check_buf(&buf, "error"); krb5int_buf_truncate(&buf, 3); check_buf(&buf, "error"); - fail_if(buf.buftype != ERROR, "error"); + fail_if(buf.buftype != BUFTYPE_ERROR, "error"); } static void test_truncate() @@ -253,7 +257,7 @@ check_buf(&buf, "fmt 2"); s = krb5int_buf_data(&buf); len = krb5int_buf_len(&buf); - fail_if(buf.buftype != ERROR || s != NULL || len != -1, "fmt 2"); + fail_if(buf.buftype != BUFTYPE_ERROR || s != NULL || len != -1, "fmt 2"); /* Format some text into a non-empty dynamic buffer. */ krb5int_buf_init_dynamic(&buf); From ghudson at MIT.EDU Mon Feb 9 21:02:00 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 9 Feb 2009 21:02:00 -0500 (EST) Subject: svn rev #21940: trunk/src/lib/krb5/asn.1/ Message-ID: <200902100202.VAA22244@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21940 Commit By: ghudson Log Message: Adjust the structure of krb5_decode.c functions to initialize output parameters to NULL and not set them to the real values until a successful return is guaranteed. Also fix get_eoc which was returning without clean_return. Changed Files: U trunk/src/lib/krb5/asn.1/krb5_decode.c Modified: trunk/src/lib/krb5/asn.1/krb5_decode.c =================================================================== --- trunk/src/lib/krb5/asn.1/krb5_decode.c 2009-02-10 00:20:48 UTC (rev 21939) +++ trunk/src/lib/krb5/asn.1/krb5_decode.c 2009-02-10 02:01:58 UTC (rev 21940) @@ -35,32 +35,34 @@ /* set up variables */ /* the setup* macros can return, but are always used at function start and thus need no malloc cleanup */ -#define setup_buf_only()\ +#define setup_buf_only(type)\ asn1_error_code retval;\ asn1buf buf;\ +type rep = NULL;\ \ +*repptr = NULL;\ retval = asn1buf_wrap_data(&buf,code);\ if (retval) return retval -#define setup_no_tagnum()\ +#define setup_no_tagnum(type)\ asn1_class asn1class;\ asn1_construction construction;\ -setup_buf_only() +setup_buf_only(type) -#define setup_no_length()\ +#define setup_no_length(type)\ asn1_tagnum tagnum;\ -setup_no_tagnum() +setup_no_tagnum(type) -#define setup()\ +#define setup(type)\ unsigned int length;\ -setup_no_length() +setup_no_length(type) /* helper macros for cleanup */ #define clean_return(val) { retval = val; goto error_out; } /* alloc_field is the first thing to allocate storage that may need cleanup */ -#define alloc_field(var,type)\ -var = (type*)calloc(1,sizeof(type));\ +#define alloc_field(var)\ +var = calloc(1,sizeof(*var));\ if ((var) == NULL) clean_return(ENOMEM) /* process encoding header ***************************************/ @@ -111,7 +113,7 @@ #define get_eoc() \ { \ retval = asn1_get_eoc_tag(&subbuf); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ } /* decode sequence header and initialize tagnum with the first field */ @@ -196,30 +198,32 @@ /* finish up */ /* to make things less painful, assume the cleanup is passed rep */ #define cleanup(cleanup_routine)\ + *repptr = rep; \ return 0; \ error_out: \ - if (rep && *rep) { \ - cleanup_routine(*rep); \ - *rep = NULL; \ - } \ + if (rep) \ + cleanup_routine(rep); \ return retval; #define cleanup_none()\ + *repptr = rep; \ return 0; \ error_out: \ return retval; #define cleanup_manual()\ + *repptr = rep; \ return 0; #define free_field(rep,f) free((rep)->f) -#define clear_field(rep,f) (*(rep))->f = 0 +#define clear_field(rep,f) (rep)->f = 0 #ifndef LEAN_CLIENT -krb5_error_code decode_krb5_authenticator(const krb5_data *code, krb5_authenticator **rep) +krb5_error_code +decode_krb5_authenticator(const krb5_data *code, krb5_authenticator **repptr) { - setup(); - alloc_field(*rep,krb5_authenticator); + setup(krb5_authenticator *); + alloc_field(rep); clear_field(rep,subkey); clear_field(rep,checksum); clear_field(rep,client); @@ -229,29 +233,28 @@ { krb5_kvno kvno; get_field(kvno,0,asn1_decode_kvno); if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - alloc_field((*rep)->client,krb5_principal_data); - get_field((*rep)->client,1,asn1_decode_realm); - get_field((*rep)->client,2,asn1_decode_principal_name); + alloc_field(rep->client); + get_field(rep->client,1,asn1_decode_realm); + get_field(rep->client,2,asn1_decode_principal_name); if (tagnum == 3) { - alloc_field((*rep)->checksum,krb5_checksum); - get_field(*((*rep)->checksum),3,asn1_decode_checksum); } - get_field((*rep)->cusec,4,asn1_decode_int32); - get_field((*rep)->ctime,5,asn1_decode_kerberos_time); - if (tagnum == 6) { alloc_field((*rep)->subkey,krb5_keyblock); } - opt_field(*((*rep)->subkey),6,asn1_decode_encryption_key); - opt_field((*rep)->seq_number,7,asn1_decode_seqnum); - opt_field((*rep)->authorization_data,8,asn1_decode_authorization_data); - (*rep)->magic = KV5M_AUTHENTICATOR; + alloc_field(rep->checksum); + get_field(*(rep->checksum),3,asn1_decode_checksum); } + get_field(rep->cusec,4,asn1_decode_int32); + get_field(rep->ctime,5,asn1_decode_kerberos_time); + if (tagnum == 6) { alloc_field(rep->subkey); } + opt_field(*(rep->subkey),6,asn1_decode_encryption_key); + opt_field(rep->seq_number,7,asn1_decode_seqnum); + opt_field(rep->authorization_data,8,asn1_decode_authorization_data); + rep->magic = KV5M_AUTHENTICATOR; end_structure(); } cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,subkey); - free_field(*rep,checksum); - free_field(*rep,client); - free(*rep); - *rep = NULL; + if (rep) { + free_field(rep,subkey); + free_field(rep,checksum); + free_field(rep,client); + free(rep); } return retval; } @@ -259,15 +262,16 @@ krb5_error_code KRB5_CALLCONV -krb5_decode_ticket(const krb5_data *code, krb5_ticket **rep) +krb5_decode_ticket(const krb5_data *code, krb5_ticket **repptr) { - return decode_krb5_ticket(code, rep); + return decode_krb5_ticket(code, repptr); } -krb5_error_code decode_krb5_ticket(const krb5_data *code, krb5_ticket **rep) +krb5_error_code +decode_krb5_ticket(const krb5_data *code, krb5_ticket **repptr) { - setup(); - alloc_field(*rep,krb5_ticket); + setup(krb5_ticket *); + alloc_field(rep); clear_field(rep,server); check_apptag(1); @@ -276,130 +280,135 @@ get_field(kvno,0,asn1_decode_kvno); if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - alloc_field((*rep)->server,krb5_principal_data); - get_field((*rep)->server,1,asn1_decode_realm); - get_field((*rep)->server,2,asn1_decode_principal_name); - get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); - (*rep)->magic = KV5M_TICKET; + alloc_field(rep->server); + get_field(rep->server,1,asn1_decode_realm); + get_field(rep->server,2,asn1_decode_principal_name); + get_field(rep->enc_part,3,asn1_decode_encrypted_data); + rep->magic = KV5M_TICKET; end_structure(); } cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,server); - free(*rep); - *rep = NULL; + if (rep) { + free_field(rep,server); + free(rep); } return retval; } -krb5_error_code decode_krb5_encryption_key(const krb5_data *code, krb5_keyblock **rep) +krb5_error_code +decode_krb5_encryption_key(const krb5_data *code, krb5_keyblock **repptr) { - setup(); - alloc_field(*rep,krb5_keyblock); + setup(krb5_keyblock *); + alloc_field(rep); { begin_structure(); - get_field((*rep)->enctype,0,asn1_decode_enctype); - get_lenfield((*rep)->length,(*rep)->contents,1,asn1_decode_octetstring); + get_field(rep->enctype,0,asn1_decode_enctype); + get_lenfield(rep->length,rep->contents,1,asn1_decode_octetstring); end_structure(); - (*rep)->magic = KV5M_KEYBLOCK; + rep->magic = KV5M_KEYBLOCK; } cleanup(free); } -krb5_error_code decode_krb5_enc_tkt_part(const krb5_data *code, krb5_enc_tkt_part **rep) +krb5_error_code +decode_krb5_enc_tkt_part(const krb5_data *code, krb5_enc_tkt_part **repptr) { - setup(); - alloc_field(*rep,krb5_enc_tkt_part); + setup(krb5_enc_tkt_part *); + alloc_field(rep); clear_field(rep,session); clear_field(rep,client); check_apptag(3); { begin_structure(); - get_field((*rep)->flags,0,asn1_decode_ticket_flags); - alloc_field((*rep)->session,krb5_keyblock); - get_field(*((*rep)->session),1,asn1_decode_encryption_key); - alloc_field((*rep)->client,krb5_principal_data); - get_field((*rep)->client,2,asn1_decode_realm); - get_field((*rep)->client,3,asn1_decode_principal_name); - get_field((*rep)->transited,4,asn1_decode_transited_encoding); - get_field((*rep)->times.authtime,5,asn1_decode_kerberos_time); + get_field(rep->flags,0,asn1_decode_ticket_flags); + alloc_field(rep->session); + get_field(*(rep->session),1,asn1_decode_encryption_key); + alloc_field(rep->client); + get_field(rep->client,2,asn1_decode_realm); + get_field(rep->client,3,asn1_decode_principal_name); + get_field(rep->transited,4,asn1_decode_transited_encoding); + get_field(rep->times.authtime,5,asn1_decode_kerberos_time); if (tagnum == 6) - { get_field((*rep)->times.starttime,6,asn1_decode_kerberos_time); } + { get_field(rep->times.starttime,6,asn1_decode_kerberos_time); } else - (*rep)->times.starttime=(*rep)->times.authtime; - get_field((*rep)->times.endtime,7,asn1_decode_kerberos_time); - opt_field((*rep)->times.renew_till,8,asn1_decode_kerberos_time); - opt_field((*rep)->caddrs,9,asn1_decode_host_addresses); - opt_field((*rep)->authorization_data,10,asn1_decode_authorization_data); - (*rep)->magic = KV5M_ENC_TKT_PART; + rep->times.starttime=rep->times.authtime; + get_field(rep->times.endtime,7,asn1_decode_kerberos_time); + opt_field(rep->times.renew_till,8,asn1_decode_kerberos_time); + opt_field(rep->caddrs,9,asn1_decode_host_addresses); + opt_field(rep->authorization_data,10,asn1_decode_authorization_data); + rep->magic = KV5M_ENC_TKT_PART; end_structure(); } cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,session); - free_field(*rep,client); - free(*rep); - *rep = NULL; + if (rep) { + free_field(rep,session); + free_field(rep,client); + free(rep); } return retval; } -krb5_error_code decode_krb5_enc_kdc_rep_part(const krb5_data *code, krb5_enc_kdc_rep_part **rep) +krb5_error_code +decode_krb5_enc_kdc_rep_part(const krb5_data *code, + krb5_enc_kdc_rep_part **repptr) { taginfo t4; - setup_buf_only(); - alloc_field(*rep,krb5_enc_kdc_rep_part); + setup_buf_only(krb5_enc_kdc_rep_part *); + alloc_field(rep); retval = asn1_get_tag_2(&buf, &t4); if (retval) clean_return(retval); if (t4.asn1class != APPLICATION || t4.construction != CONSTRUCTED) clean_return(ASN1_BAD_ID); - if (t4.tagnum == 25) (*rep)->msg_type = KRB5_AS_REP; - else if (t4.tagnum == 26) (*rep)->msg_type = KRB5_TGS_REP; + if (t4.tagnum == 25) rep->msg_type = KRB5_AS_REP; + else if (t4.tagnum == 26) rep->msg_type = KRB5_TGS_REP; else clean_return(KRB5_BADMSGTYPE); - retval = asn1_decode_enc_kdc_rep_part(&buf,*rep); + retval = asn1_decode_enc_kdc_rep_part(&buf,rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_as_rep(const krb5_data *code, krb5_kdc_rep **rep) +krb5_error_code +decode_krb5_as_rep(const krb5_data *code, krb5_kdc_rep **repptr) { - setup_no_length(); - alloc_field(*rep,krb5_kdc_rep); + setup_no_length(krb5_kdc_rep *); + alloc_field(rep); check_apptag(11); - retval = asn1_decode_kdc_rep(&buf,*rep); + retval = asn1_decode_kdc_rep(&buf,rep); if (retval) clean_return(retval); #ifdef KRB5_MSGTYPE_STRICT - if ((*rep)->msg_type != KRB5_AS_REP) + if (rep->msg_type != KRB5_AS_REP) clean_return(KRB5_BADMSGTYPE); #endif cleanup(free); } -krb5_error_code decode_krb5_tgs_rep(const krb5_data *code, krb5_kdc_rep **rep) +krb5_error_code +decode_krb5_tgs_rep(const krb5_data *code, krb5_kdc_rep **repptr) { - setup_no_length(); - alloc_field(*rep,krb5_kdc_rep); + setup_no_length(krb5_kdc_rep *); + alloc_field(rep); check_apptag(13); - retval = asn1_decode_kdc_rep(&buf,*rep); + retval = asn1_decode_kdc_rep(&buf,rep); if (retval) clean_return(retval); #ifdef KRB5_MSGTYPE_STRICT - if ((*rep)->msg_type != KRB5_TGS_REP) clean_return(KRB5_BADMSGTYPE); + if (rep->msg_type != KRB5_TGS_REP) clean_return(KRB5_BADMSGTYPE); #endif cleanup(free); } -krb5_error_code decode_krb5_ap_req(const krb5_data *code, krb5_ap_req **rep) +krb5_error_code +decode_krb5_ap_req(const krb5_data *code, krb5_ap_req **repptr) { - setup(); - alloc_field(*rep,krb5_ap_req); + setup(krb5_ap_req *); + alloc_field(rep); clear_field(rep,ticket); check_apptag(14); @@ -413,27 +422,27 @@ if (msg_type != KRB5_AP_REQ) clean_return(KRB5_BADMSGTYPE); #endif } - get_field((*rep)->ap_options,2,asn1_decode_ap_options); - alloc_field((*rep)->ticket,krb5_ticket); - get_field(*((*rep)->ticket),3,asn1_decode_ticket); - get_field((*rep)->authenticator,4,asn1_decode_encrypted_data); + get_field(rep->ap_options,2,asn1_decode_ap_options); + alloc_field(rep->ticket); + get_field(*(rep->ticket),3,asn1_decode_ticket); + get_field(rep->authenticator,4,asn1_decode_encrypted_data); end_structure(); - (*rep)->magic = KV5M_AP_REQ; + rep->magic = KV5M_AP_REQ; } cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,ticket); - free(*rep); - *rep = NULL; + if (rep) { + free_field(rep,ticket); + free(rep); } return retval; } -krb5_error_code decode_krb5_ap_rep(const krb5_data *code, krb5_ap_rep **rep) +krb5_error_code +decode_krb5_ap_rep(const krb5_data *code, krb5_ap_rep **repptr) { - setup(); - alloc_field(*rep,krb5_ap_rep); + setup(krb5_ap_rep *); + alloc_field(rep); check_apptag(15); { begin_structure(); @@ -446,75 +455,79 @@ if (msg_type != KRB5_AP_REP) clean_return(KRB5_BADMSGTYPE); #endif } - get_field((*rep)->enc_part,2,asn1_decode_encrypted_data); + get_field(rep->enc_part,2,asn1_decode_encrypted_data); end_structure(); - (*rep)->magic = KV5M_AP_REP; + rep->magic = KV5M_AP_REP; } cleanup(free); } -krb5_error_code decode_krb5_ap_rep_enc_part(const krb5_data *code, krb5_ap_rep_enc_part **rep) +krb5_error_code +decode_krb5_ap_rep_enc_part(const krb5_data *code, + krb5_ap_rep_enc_part **repptr) { - setup(); - alloc_field(*rep,krb5_ap_rep_enc_part); + setup(krb5_ap_rep_enc_part *); + alloc_field(rep); clear_field(rep,subkey); check_apptag(27); { begin_structure(); - get_field((*rep)->ctime,0,asn1_decode_kerberos_time); - get_field((*rep)->cusec,1,asn1_decode_int32); - if (tagnum == 2) { alloc_field((*rep)->subkey,krb5_keyblock); } - opt_field(*((*rep)->subkey),2,asn1_decode_encryption_key); - opt_field((*rep)->seq_number,3,asn1_decode_seqnum); + get_field(rep->ctime,0,asn1_decode_kerberos_time); + get_field(rep->cusec,1,asn1_decode_int32); + if (tagnum == 2) { alloc_field(rep->subkey); } + opt_field(*(rep->subkey),2,asn1_decode_encryption_key); + opt_field(rep->seq_number,3,asn1_decode_seqnum); end_structure(); - (*rep)->magic = KV5M_AP_REP_ENC_PART; + rep->magic = KV5M_AP_REP_ENC_PART; } cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,subkey); - free(*rep); - *rep = NULL; + if (rep) { + free_field(rep,subkey); + free(rep); } return retval; } -krb5_error_code decode_krb5_as_req(const krb5_data *code, krb5_kdc_req **rep) +krb5_error_code +decode_krb5_as_req(const krb5_data *code, krb5_kdc_req **repptr) { - setup_no_length(); - alloc_field(*rep,krb5_kdc_req); + setup_no_length(krb5_kdc_req *); + alloc_field(rep); check_apptag(10); - retval = asn1_decode_kdc_req(&buf,*rep); + retval = asn1_decode_kdc_req(&buf,rep); if (retval) clean_return(retval); #ifdef KRB5_MSGTYPE_STRICT - if ((*rep)->msg_type != KRB5_AS_REQ) clean_return(KRB5_BADMSGTYPE); + if (rep->msg_type != KRB5_AS_REQ) clean_return(KRB5_BADMSGTYPE); #endif cleanup(free); } -krb5_error_code decode_krb5_tgs_req(const krb5_data *code, krb5_kdc_req **rep) +krb5_error_code +decode_krb5_tgs_req(const krb5_data *code, krb5_kdc_req **repptr) { - setup_no_length(); - alloc_field(*rep,krb5_kdc_req); + setup_no_length(krb5_kdc_req *); + alloc_field(rep); check_apptag(12); - retval = asn1_decode_kdc_req(&buf,*rep); + retval = asn1_decode_kdc_req(&buf,rep); if (retval) clean_return(retval); #ifdef KRB5_MSGTYPE_STRICT - if ((*rep)->msg_type != KRB5_TGS_REQ) clean_return(KRB5_BADMSGTYPE); + if (rep->msg_type != KRB5_TGS_REQ) clean_return(KRB5_BADMSGTYPE); #endif cleanup(free); } -krb5_error_code decode_krb5_kdc_req_body(const krb5_data *code, krb5_kdc_req **rep) +krb5_error_code +decode_krb5_kdc_req_body(const krb5_data *code, krb5_kdc_req **repptr) { - setup_buf_only(); - alloc_field(*rep,krb5_kdc_req); + setup_buf_only(krb5_kdc_req *); + alloc_field(rep); - retval = asn1_decode_kdc_req_body(&buf,*rep); + retval = asn1_decode_kdc_req_body(&buf,rep); if (retval) clean_return(retval); cleanup(free); @@ -534,14 +547,13 @@ * This does *not* perform any copying; the returned pointer to the * encoded KRB-SAFE-BODY points into the input buffer. */ -krb5_error_code decode_krb5_safe_with_body( - const krb5_data *code, - krb5_safe **rep, - krb5_data *body) +krb5_error_code +decode_krb5_safe_with_body(const krb5_data *code, krb5_safe **repptr, + krb5_data *body) { krb5_data tmpbody; - setup(); - alloc_field(*rep,krb5_safe); + setup(krb5_safe *); + alloc_field(rep); clear_field(rep,checksum); tmpbody.magic = 0; @@ -568,33 +580,34 @@ tmpbody.length = 0; tmpbody.data = NULL; } - get_field(**rep,2,asn1_decode_krb_safe_body); - alloc_field((*rep)->checksum,krb5_checksum); - get_field(*((*rep)->checksum),3,asn1_decode_checksum); - (*rep)->magic = KV5M_SAFE; + get_field(*rep,2,asn1_decode_krb_safe_body); + alloc_field(rep->checksum); + get_field(*(rep->checksum),3,asn1_decode_checksum); + rep->magic = KV5M_SAFE; end_structure(); } if (body != NULL) *body = tmpbody; cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,checksum); - free(*rep); - *rep = NULL; + if (rep) { + free_field(rep,checksum); + free(rep); } return retval; } -krb5_error_code decode_krb5_safe(const krb5_data *code, krb5_safe **rep) +krb5_error_code +decode_krb5_safe(const krb5_data *code, krb5_safe **repptr) { - return decode_krb5_safe_with_body(code, rep, NULL); + return decode_krb5_safe_with_body(code, repptr, NULL); } -krb5_error_code decode_krb5_priv(const krb5_data *code, krb5_priv **rep) +krb5_error_code +decode_krb5_priv(const krb5_data *code, krb5_priv **repptr) { - setup(); - alloc_field(*rep,krb5_priv); + setup(krb5_priv *); + alloc_field(rep); check_apptag(21); { begin_structure(); @@ -607,48 +620,49 @@ if (msg_type != KRB5_PRIV) clean_return(KRB5_BADMSGTYPE); #endif } - get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); - (*rep)->magic = KV5M_PRIV; + get_field(rep->enc_part,3,asn1_decode_encrypted_data); + rep->magic = KV5M_PRIV; end_structure(); } cleanup(free); } -krb5_error_code decode_krb5_enc_priv_part(const krb5_data *code, krb5_priv_enc_part **rep) +krb5_error_code +decode_krb5_enc_priv_part(const krb5_data *code, krb5_priv_enc_part **repptr) { - setup(); - alloc_field(*rep,krb5_priv_enc_part); + setup(krb5_priv_enc_part *); + alloc_field(rep); clear_field(rep,r_address); clear_field(rep,s_address); check_apptag(28); { begin_structure(); - get_lenfield((*rep)->user_data.length,(*rep)->user_data.data,0,asn1_decode_charstring); - opt_field((*rep)->timestamp,1,asn1_decode_kerberos_time); - opt_field((*rep)->usec,2,asn1_decode_int32); - opt_field((*rep)->seq_number,3,asn1_decode_seqnum); - alloc_field((*rep)->s_address,krb5_address); - get_field(*((*rep)->s_address),4,asn1_decode_host_address); - if (tagnum == 5) { alloc_field((*rep)->r_address,krb5_address); } - opt_field(*((*rep)->r_address),5,asn1_decode_host_address); - (*rep)->magic = KV5M_PRIV_ENC_PART; + get_lenfield(rep->user_data.length,rep->user_data.data,0,asn1_decode_charstring); + opt_field(rep->timestamp,1,asn1_decode_kerberos_time); + opt_field(rep->usec,2,asn1_decode_int32); + opt_field(rep->seq_number,3,asn1_decode_seqnum); + alloc_field(rep->s_address); + get_field(*(rep->s_address),4,asn1_decode_host_address); + if (tagnum == 5) { alloc_field(rep->r_address); } + opt_field(*(rep->r_address),5,asn1_decode_host_address); + rep->magic = KV5M_PRIV_ENC_PART; end_structure(); } cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,r_address); - free_field(*rep,s_address); - free(*rep); - *rep = NULL; + if (rep) { + free_field(rep,r_address); + free_field(rep,s_address); + free(rep); } return retval; } -krb5_error_code decode_krb5_cred(const krb5_data *code, krb5_cred **rep) +krb5_error_code +decode_krb5_cred(const krb5_data *code, krb5_cred **repptr) { - setup(); - alloc_field(*rep,krb5_cred); + setup(krb5_cred *); + alloc_field(rep); check_apptag(22); { begin_structure(); @@ -661,50 +675,51 @@ if (msg_type != KRB5_CRED) clean_return(KRB5_BADMSGTYPE); #endif } - get_field((*rep)->tickets,2,asn1_decode_sequence_of_ticket); - get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); - (*rep)->magic = KV5M_CRED; + get_field(rep->tickets,2,asn1_decode_sequence_of_ticket); + get_field(rep->enc_part,3,asn1_decode_encrypted_data); + rep->magic = KV5M_CRED; end_structure(); } cleanup(free); } -krb5_error_code decode_krb5_enc_cred_part(const krb5_data *code, krb5_cred_enc_part **rep) +krb5_error_code +decode_krb5_enc_cred_part(const krb5_data *code, krb5_cred_enc_part **repptr) { - setup(); - alloc_field(*rep,krb5_cred_enc_part); + setup(krb5_cred_enc_part *); + alloc_field(rep); clear_field(rep,r_address); clear_field(rep,s_address); check_apptag(29); { begin_structure(); - get_field((*rep)->ticket_info,0,asn1_decode_sequence_of_krb_cred_info); - opt_field((*rep)->nonce,1,asn1_decode_int32); - opt_field((*rep)->timestamp,2,asn1_decode_kerberos_time); - opt_field((*rep)->usec,3,asn1_decode_int32); - if (tagnum == 4) { alloc_field((*rep)->s_address,krb5_address); } - opt_field(*((*rep)->s_address),4,asn1_decode_host_address); - if (tagnum == 5) { alloc_field((*rep)->r_address,krb5_address); } - opt_field(*((*rep)->r_address),5,asn1_decode_host_address); - (*rep)->magic = KV5M_CRED_ENC_PART; + get_field(rep->ticket_info,0,asn1_decode_sequence_of_krb_cred_info); + opt_field(rep->nonce,1,asn1_decode_int32); + opt_field(rep->timestamp,2,asn1_decode_kerberos_time); + opt_field(rep->usec,3,asn1_decode_int32); + if (tagnum == 4) { alloc_field(rep->s_address); } + opt_field(*(rep->s_address),4,asn1_decode_host_address); + if (tagnum == 5) { alloc_field(rep->r_address); } + opt_field(*(rep->r_address),5,asn1_decode_host_address); + rep->magic = KV5M_CRED_ENC_PART; end_structure(); } cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,r_address); - free_field(*rep,s_address); - free(*rep); - *rep = NULL; + if (rep) { + free_field(rep,r_address); + free_field(rep,s_address); + free(rep); } return retval; } -krb5_error_code decode_krb5_error(const krb5_data *code, krb5_error **rep) +krb5_error_code +decode_krb5_error(const krb5_data *code, krb5_error **repptr) { - setup(); - alloc_field(*rep,krb5_error); + setup(krb5_error *); + alloc_field(rep); clear_field(rep,server); clear_field(rep,client); @@ -719,427 +734,469 @@ if (msg_type != KRB5_ERROR) clean_return(KRB5_BADMSGTYPE); #endif } - opt_field((*rep)->ctime,2,asn1_decode_kerberos_time); - opt_field((*rep)->cusec,3,asn1_decode_int32); - get_field((*rep)->stime,4,asn1_decode_kerberos_time); - get_field((*rep)->susec,5,asn1_decode_int32); - get_field((*rep)->error,6,asn1_decode_ui_4); - if (tagnum == 7) { alloc_field((*rep)->client,krb5_principal_data); } - opt_field((*rep)->client,7,asn1_decode_realm); - opt_field((*rep)->client,8,asn1_decode_principal_name); - alloc_field((*rep)->server,krb5_principal_data); - get_field((*rep)->server,9,asn1_decode_realm); - get_field((*rep)->server,10,asn1_decode_principal_name); - opt_lenfield((*rep)->text.length,(*rep)->text.data,11,asn1_decode_generalstring); - opt_lenfield((*rep)->e_data.length,(*rep)->e_data.data,12,asn1_decode_charstring); - (*rep)->magic = KV5M_ERROR; + opt_field(rep->ctime,2,asn1_decode_kerberos_time); + opt_field(rep->cusec,3,asn1_decode_int32); + get_field(rep->stime,4,asn1_decode_kerberos_time); + get_field(rep->susec,5,asn1_decode_int32); + get_field(rep->error,6,asn1_decode_ui_4); + if (tagnum == 7) { alloc_field(rep->client); } + opt_field(rep->client,7,asn1_decode_realm); + opt_field(rep->client,8,asn1_decode_principal_name); + alloc_field(rep->server); + get_field(rep->server,9,asn1_decode_realm); + get_field(rep->server,10,asn1_decode_principal_name); + opt_lenfield(rep->text.length,rep->text.data,11,asn1_decode_generalstring); + opt_lenfield(rep->e_data.length,rep->e_data.data,12,asn1_decode_charstring); + rep->magic = KV5M_ERROR; end_structure(); } cleanup_manual(); error_out: - if (rep && *rep) { - free_field(*rep,server); - free_field(*rep,client); - free(*rep); - *rep = NULL; + if (rep) { + free_field(rep,server); + free_field(rep,client); + free(rep); } return retval; } -krb5_error_code decode_krb5_authdata(const krb5_data *code, krb5_authdata ***rep) +krb5_error_code +decode_krb5_authdata(const krb5_data *code, krb5_authdata ***repptr) { - setup_buf_only(); - *rep = 0; - retval = asn1_decode_authorization_data(&buf,rep); + setup_buf_only(krb5_authdata **); + retval = asn1_decode_authorization_data(&buf,&rep); if (retval) clean_return(retval); cleanup_none(); /* we're not allocating anything here... */ } -krb5_error_code decode_krb5_pwd_sequence(const krb5_data *code, passwd_phrase_element **rep) +krb5_error_code +decode_krb5_pwd_sequence(const krb5_data *code, passwd_phrase_element **repptr) { - setup_buf_only(); - alloc_field(*rep,passwd_phrase_element); - retval = asn1_decode_passwdsequence(&buf,*rep); + setup_buf_only(passwd_phrase_element *); + alloc_field(rep); + retval = asn1_decode_passwdsequence(&buf,rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_pwd_data(const krb5_data *code, krb5_pwd_data **rep) +krb5_error_code +decode_krb5_pwd_data(const krb5_data *code, krb5_pwd_data **repptr) { - setup(); - alloc_field(*rep,krb5_pwd_data); + setup(krb5_pwd_data *); + alloc_field(rep); { begin_structure(); - get_field((*rep)->sequence_count,0,asn1_decode_int); - get_field((*rep)->element,1,asn1_decode_sequence_of_passwdsequence); - (*rep)->magic = KV5M_PWD_DATA; + get_field(rep->sequence_count,0,asn1_decode_int); + get_field(rep->element,1,asn1_decode_sequence_of_passwdsequence); + rep->magic = KV5M_PWD_DATA; end_structure (); } cleanup(free); } -krb5_error_code decode_krb5_padata_sequence(const krb5_data *code, krb5_pa_data ***rep) +krb5_error_code +decode_krb5_padata_sequence(const krb5_data *code, krb5_pa_data ***repptr) { - setup_buf_only(); - *rep = 0; - retval = asn1_decode_sequence_of_pa_data(&buf,rep); + setup_buf_only(krb5_pa_data **); + retval = asn1_decode_sequence_of_pa_data(&buf,&rep); if (retval) clean_return(retval); cleanup_none(); /* we're not allocating anything here */ } -krb5_error_code decode_krb5_alt_method(const krb5_data *code, krb5_alt_method **rep) +krb5_error_code +decode_krb5_alt_method(const krb5_data *code, krb5_alt_method **repptr) { - setup(); - alloc_field(*rep,krb5_alt_method); + setup(krb5_alt_method *); + alloc_field(rep); { begin_structure(); - get_field((*rep)->method,0,asn1_decode_int32); + get_field(rep->method,0,asn1_decode_int32); if (tagnum == 1) { - get_lenfield((*rep)->length,(*rep)->data,1,asn1_decode_octetstring); + get_lenfield(rep->length,rep->data,1,asn1_decode_octetstring); } else { - (*rep)->length = 0; - (*rep)->data = 0; + rep->length = 0; + rep->data = 0; } - (*rep)->magic = KV5M_ALT_METHOD; + rep->magic = KV5M_ALT_METHOD; end_structure(); } cleanup(free); } -krb5_error_code decode_krb5_etype_info(const krb5_data *code, krb5_etype_info_entry ***rep) +krb5_error_code +decode_krb5_etype_info(const krb5_data *code, krb5_etype_info_entry ***repptr) { - setup_buf_only(); - *rep = 0; - retval = asn1_decode_etype_info(&buf,rep); + setup_buf_only(krb5_etype_info_entry **); + retval = asn1_decode_etype_info(&buf,&rep); if (retval) clean_return(retval); cleanup_none(); /* we're not allocating anything here */ } -krb5_error_code decode_krb5_etype_info2(const krb5_data *code, krb5_etype_info_entry ***rep) +krb5_error_code +decode_krb5_etype_info2(const krb5_data *code, krb5_etype_info_entry ***repptr) { - setup_buf_only(); - *rep = 0; - retval = asn1_decode_etype_info2(&buf,rep, 0); + setup_buf_only(krb5_etype_info_entry **); + retval = asn1_decode_etype_info2(&buf,&rep, 0); if (retval == ASN1_BAD_ID) { retval = asn1buf_wrap_data(&buf,code); if (retval) clean_return(retval); - retval = asn1_decode_etype_info2(&buf, rep, 1); + retval = asn1_decode_etype_info2(&buf, &rep, 1); } if (retval) clean_return(retval); cleanup_none(); /* we're not allocating anything here */ } -krb5_error_code decode_krb5_enc_data(const krb5_data *code, krb5_enc_data **rep) +krb5_error_code +decode_krb5_enc_data(const krb5_data *code, krb5_enc_data **repptr) { - setup_buf_only(); - alloc_field(*rep,krb5_enc_data); + setup_buf_only(krb5_enc_data *); + alloc_field(rep); - retval = asn1_decode_encrypted_data(&buf,*rep); + retval = asn1_decode_encrypted_data(&buf,rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_pa_enc_ts(const krb5_data *code, krb5_pa_enc_ts **rep) +krb5_error_code +decode_krb5_pa_enc_ts(const krb5_data *code, krb5_pa_enc_ts **repptr) { - setup(); - alloc_field(*rep,krb5_pa_enc_ts); + setup(krb5_pa_enc_ts *); + alloc_field(rep); { begin_structure(); - get_field((*rep)->patimestamp,0,asn1_decode_kerberos_time); + get_field(rep->patimestamp,0,asn1_decode_kerberos_time); if (tagnum == 1) { - get_field((*rep)->pausec,1,asn1_decode_int32); + get_field(rep->pausec,1,asn1_decode_int32); } else - (*rep)->pausec = 0; + rep->pausec = 0; end_structure (); } cleanup(free); } -krb5_error_code decode_krb5_sam_challenge(const krb5_data *code, krb5_sam_challenge **rep) +krb5_error_code +decode_krb5_sam_challenge(const krb5_data *code, krb5_sam_challenge **repptr) { - setup_buf_only(); - alloc_field(*rep,krb5_sam_challenge); + setup_buf_only(krb5_sam_challenge *); + alloc_field(rep); - retval = asn1_decode_sam_challenge(&buf,*rep); + retval = asn1_decode_sam_challenge(&buf,rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_sam_challenge_2(const krb5_data *code, krb5_sam_challenge_2 **rep) +krb5_error_code +decode_krb5_sam_challenge_2(const krb5_data *code, + krb5_sam_challenge_2 **repptr) { - setup_buf_only(); - alloc_field(*rep,krb5_sam_challenge_2); + setup_buf_only(krb5_sam_challenge_2 *); + alloc_field(rep); - retval = asn1_decode_sam_challenge_2(&buf,*rep); + retval = asn1_decode_sam_challenge_2(&buf,rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_sam_challenge_2_body(const krb5_data *code, krb5_sam_challenge_2_body **rep) +krb5_error_code +decode_krb5_sam_challenge_2_body(const krb5_data *code, + krb5_sam_challenge_2_body **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_sam_challenge_2_body); + setup_buf_only(krb5_sam_challenge_2_body *); + alloc_field(rep); - retval = asn1_decode_sam_challenge_2_body(&buf, *rep); + retval = asn1_decode_sam_challenge_2_body(&buf, rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_enc_sam_key(const krb5_data *code, krb5_sam_key **rep) +krb5_error_code +decode_krb5_enc_sam_key(const krb5_data *code, krb5_sam_key **repptr) { - setup_buf_only(); - alloc_field(*rep,krb5_sam_key); + setup_buf_only(krb5_sam_key *); + alloc_field(rep); - retval = asn1_decode_enc_sam_key(&buf,*rep); + retval = asn1_decode_enc_sam_key(&buf,rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_enc_sam_response_enc(const krb5_data *code, krb5_enc_sam_response_enc **rep) +krb5_error_code +decode_krb5_enc_sam_response_enc(const krb5_data *code, + krb5_enc_sam_response_enc **repptr) { - setup_buf_only(); - alloc_field(*rep,krb5_enc_sam_response_enc); + setup_buf_only(krb5_enc_sam_response_enc *); + alloc_field(rep); - retval = asn1_decode_enc_sam_response_enc(&buf,*rep); + retval = asn1_decode_enc_sam_response_enc(&buf,rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_enc_sam_response_enc_2(const krb5_data *code, krb5_enc_sam_response_enc_2 **rep) +krb5_error_code +decode_krb5_enc_sam_response_enc_2(const krb5_data *code, + krb5_enc_sam_response_enc_2 **repptr) { - setup_buf_only(); - alloc_field(*rep,krb5_enc_sam_response_enc_2); + setup_buf_only(krb5_enc_sam_response_enc_2 *); + alloc_field(rep); - retval = asn1_decode_enc_sam_response_enc_2(&buf,*rep); + retval = asn1_decode_enc_sam_response_enc_2(&buf,rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_sam_response(const krb5_data *code, krb5_sam_response **rep) +krb5_error_code +decode_krb5_sam_response(const krb5_data *code, + krb5_sam_response **repptr) { - setup_buf_only(); - alloc_field(*rep,krb5_sam_response); + setup_buf_only(krb5_sam_response *); + alloc_field(rep); - retval = asn1_decode_sam_response(&buf,*rep); + retval = asn1_decode_sam_response(&buf,rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_sam_response_2(const krb5_data *code, krb5_sam_response_2 **rep) +krb5_error_code +decode_krb5_sam_response_2(const krb5_data *code, + krb5_sam_response_2 **repptr) { - setup_buf_only(); - alloc_field(*rep,krb5_sam_response_2); + setup_buf_only(krb5_sam_response_2 *); + alloc_field(rep); - retval = asn1_decode_sam_response_2(&buf,*rep); + retval = asn1_decode_sam_response_2(&buf,rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_predicted_sam_response(const krb5_data *code, krb5_predicted_sam_response **rep) +krb5_error_code +decode_krb5_predicted_sam_response(const krb5_data *code, + krb5_predicted_sam_response **repptr) { - setup_buf_only(); /* preallocated */ - alloc_field(*rep,krb5_predicted_sam_response); + setup_buf_only(krb5_predicted_sam_response *); /* preallocated */ + alloc_field(rep); - retval = asn1_decode_predicted_sam_response(&buf,*rep); + retval = asn1_decode_predicted_sam_response(&buf,rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_setpw_req(const krb5_data *code, - krb5_data **rep, - krb5_principal *principal) +krb5_error_code +decode_krb5_setpw_req(const krb5_data *code, krb5_data **repptr, + krb5_principal *principal) { - setup_buf_only(); - alloc_field(*rep, krb5_data); + setup_buf_only(krb5_data *); + alloc_field(rep); *principal = NULL; - retval = asn1_decode_setpw_req(&buf, *rep, principal); + retval = asn1_decode_setpw_req(&buf, rep, principal); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_pa_for_user(const krb5_data *code, krb5_pa_for_user **rep) +krb5_error_code +decode_krb5_pa_for_user(const krb5_data *code, krb5_pa_for_user **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_pa_for_user); + setup_buf_only(krb5_pa_for_user *); + alloc_field(rep); - retval = asn1_decode_pa_for_user(&buf, *rep); + retval = asn1_decode_pa_for_user(&buf, rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_pa_pac_req(const krb5_data *code, krb5_pa_pac_req **rep) +krb5_error_code +decode_krb5_pa_pac_req(const krb5_data *code, krb5_pa_pac_req **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_pa_pac_req); + setup_buf_only(krb5_pa_pac_req *); + alloc_field(rep); - retval = asn1_decode_pa_pac_req(&buf, *rep); + retval = asn1_decode_pa_pac_req(&buf, rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_etype_list(const krb5_data *code, krb5_etype_list **rep) +krb5_error_code +decode_krb5_etype_list(const krb5_data *code, krb5_etype_list **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_etype_list); + setup_buf_only(krb5_etype_list *); + alloc_field(rep); - retval = asn1_decode_sequence_of_enctype(&buf, &(*rep)->length, &(*rep)->etypes); + retval = asn1_decode_sequence_of_enctype(&buf, &rep->length, &rep->etypes); if (retval) clean_return(retval); cleanup(free); } #ifndef DISABLE_PKINIT -krb5_error_code decode_krb5_pa_pk_as_req(const krb5_data *code, krb5_pa_pk_as_req **rep) +krb5_error_code +decode_krb5_pa_pk_as_req(const krb5_data *code, krb5_pa_pk_as_req **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_pa_pk_as_req); + setup_buf_only(krb5_pa_pk_as_req *); + alloc_field(rep); - retval = asn1_decode_pa_pk_as_req(&buf, *rep); + retval = asn1_decode_pa_pk_as_req(&buf, rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_pa_pk_as_req_draft9(const krb5_data *code, krb5_pa_pk_as_req_draft9 **rep) +krb5_error_code +decode_krb5_pa_pk_as_req_draft9(const krb5_data *code, + krb5_pa_pk_as_req_draft9 **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_pa_pk_as_req_draft9); + setup_buf_only(krb5_pa_pk_as_req_draft9 *); + alloc_field(rep); - retval = asn1_decode_pa_pk_as_req_draft9(&buf, *rep); + retval = asn1_decode_pa_pk_as_req_draft9(&buf, rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_pa_pk_as_rep(const krb5_data *code, krb5_pa_pk_as_rep **rep) +krb5_error_code +decode_krb5_pa_pk_as_rep(const krb5_data *code, krb5_pa_pk_as_rep **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_pa_pk_as_rep); + setup_buf_only(krb5_pa_pk_as_rep *); + alloc_field(rep); - retval = asn1_decode_pa_pk_as_rep(&buf, *rep); + retval = asn1_decode_pa_pk_as_rep(&buf, rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_pa_pk_as_rep_draft9(const krb5_data *code, krb5_pa_pk_as_rep_draft9 **rep) +krb5_error_code +decode_krb5_pa_pk_as_rep_draft9(const krb5_data *code, + krb5_pa_pk_as_rep_draft9 **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_pa_pk_as_rep_draft9); + setup_buf_only(krb5_pa_pk_as_rep_draft9 *); + alloc_field(rep); - retval = asn1_decode_pa_pk_as_rep_draft9(&buf, *rep); + retval = asn1_decode_pa_pk_as_rep_draft9(&buf, rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_auth_pack(const krb5_data *code, krb5_auth_pack **rep) +krb5_error_code +decode_krb5_auth_pack(const krb5_data *code, krb5_auth_pack **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_auth_pack); + setup_buf_only(krb5_auth_pack *); + alloc_field(rep); - retval = asn1_decode_auth_pack(&buf, *rep); + retval = asn1_decode_auth_pack(&buf, rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_auth_pack_draft9(const krb5_data *code, krb5_auth_pack_draft9 **rep) +krb5_error_code +decode_krb5_auth_pack_draft9(const krb5_data *code, + krb5_auth_pack_draft9 **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_auth_pack_draft9); + setup_buf_only(krb5_auth_pack_draft9 *); + alloc_field(rep); - retval = asn1_decode_auth_pack_draft9(&buf, *rep); + retval = asn1_decode_auth_pack_draft9(&buf, rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_kdc_dh_key_info(const krb5_data *code, krb5_kdc_dh_key_info **rep) +krb5_error_code +decode_krb5_kdc_dh_key_info(const krb5_data *code, + krb5_kdc_dh_key_info **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_kdc_dh_key_info); + setup_buf_only(krb5_kdc_dh_key_info *); + alloc_field(rep); - retval = asn1_decode_kdc_dh_key_info(&buf, *rep); + retval = asn1_decode_kdc_dh_key_info(&buf, rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_principal_name(const krb5_data *code, krb5_principal_data **rep) +krb5_error_code +decode_krb5_principal_name(const krb5_data *code, krb5_principal_data **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_principal_data); + setup_buf_only(krb5_principal_data *); + alloc_field(rep); - retval = asn1_decode_krb5_principal_name(&buf, rep); + retval = asn1_decode_krb5_principal_name(&buf, &rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_reply_key_pack(const krb5_data *code, krb5_reply_key_pack **rep) +krb5_error_code +decode_krb5_reply_key_pack(const krb5_data *code, krb5_reply_key_pack **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_reply_key_pack); + setup_buf_only(krb5_reply_key_pack *); + alloc_field(rep); - retval = asn1_decode_reply_key_pack(&buf, *rep); + retval = asn1_decode_reply_key_pack(&buf, rep); if (retval) goto error_out; cleanup_manual(); error_out: - if (rep && *rep) { - free((*rep)->replyKey.contents); - free((*rep)->asChecksum.contents); - free(*rep); - *rep = NULL; + if (rep) { + free(rep->replyKey.contents); + free(rep->asChecksum.contents); + free(rep); } return retval; } -krb5_error_code decode_krb5_reply_key_pack_draft9(const krb5_data *code, krb5_reply_key_pack_draft9 **rep) +krb5_error_code +decode_krb5_reply_key_pack_draft9(const krb5_data *code, + krb5_reply_key_pack_draft9 **repptr) { - setup_buf_only(); - alloc_field(*rep, krb5_reply_key_pack_draft9); + setup_buf_only(krb5_reply_key_pack_draft9 *); + alloc_field(rep); - retval = asn1_decode_reply_key_pack_draft9(&buf, *rep); + retval = asn1_decode_reply_key_pack_draft9(&buf, rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_typed_data(const krb5_data *code, krb5_typed_data ***rep) +krb5_error_code +decode_krb5_typed_data(const krb5_data *code, krb5_typed_data ***repptr) { - setup_buf_only(); - retval = asn1_decode_sequence_of_typed_data(&buf, rep); + setup_buf_only(krb5_typed_data **); + retval = asn1_decode_sequence_of_typed_data(&buf, &rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_td_trusted_certifiers(const krb5_data *code, krb5_external_principal_identifier ***rep) +krb5_error_code +decode_krb5_td_trusted_certifiers(const krb5_data *code, + krb5_external_principal_identifier ***repptr) { - setup_buf_only(); - retval = asn1_decode_sequence_of_external_principal_identifier(&buf, rep); + setup_buf_only(krb5_external_principal_identifier **); + retval = asn1_decode_sequence_of_external_principal_identifier(&buf, &rep); if (retval) clean_return(retval); cleanup(free); } -krb5_error_code decode_krb5_td_dh_parameters(const krb5_data *code, krb5_algorithm_identifier ***rep) +krb5_error_code +decode_krb5_td_dh_parameters(const krb5_data *code, + krb5_algorithm_identifier ***repptr) { - setup_buf_only(); - retval = asn1_decode_sequence_of_algorithm_identifier(&buf, rep); + setup_buf_only(krb5_algorithm_identifier **); + retval = asn1_decode_sequence_of_algorithm_identifier(&buf, &rep); if (retval) clean_return(retval); cleanup(free); From tlyu at MIT.EDU Tue Feb 10 10:45:05 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 10 Feb 2009 10:45:05 -0500 (EST) Subject: svn rev #21941: branches/ Message-ID: <200902101545.KAA08438@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21941 Commit By: tlyu Log Message: test hooks again Changed Files: D branches/commit-handler-test/ From tlyu at MIT.EDU Tue Feb 10 10:46:02 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 10 Feb 2009 10:46:02 -0500 (EST) Subject: svn rev #21942: branches/ Message-ID: <200902101546.KAA08581@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21942 Commit By: tlyu Log Message: ticket: subject: test svn/rt hooks again test test test Changed Files: A branches/commit-handler-test/ From tlyu at MIT.EDU Tue Feb 10 11:07:58 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 10 Feb 2009 11:07:58 -0500 (EST) Subject: svn rev #21943: branches/commit-handler-test/ Message-ID: <200902101607.LAA09275@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21943 Commit By: tlyu Log Message: ticket: subject: test svn hooks again test test test Changed Files: A branches/commit-handler-test/aaaa/ From tlyu at MIT.EDU Tue Feb 10 11:09:21 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 10 Feb 2009 11:09:21 -0500 (EST) Subject: svn rev #21944: branches/commit-handler-test/ Message-ID: <200902101609.LAA09435@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21944 Commit By: tlyu Log Message: ticket: subject: test test svn hooks test Changed Files: D branches/commit-handler-test/aaaa/ From tlyu at MIT.EDU Tue Feb 10 11:10:13 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 10 Feb 2009 11:10:13 -0500 (EST) Subject: svn rev #21945: branches/commit-handler-test/ Message-ID: <200902101610.LAA09594@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21945 Commit By: tlyu Log Message: ticket: 6385 subject: test test test Changed Files: A branches/commit-handler-test/aaaa/ From tlyu at MIT.EDU Tue Feb 10 11:36:49 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 10 Feb 2009 11:36:49 -0500 (EST) Subject: svn rev #21948: branches/commit-handler-test/ Message-ID: <200902101636.LAA10342@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21948 Commit By: tlyu Log Message: ticket: 6388 subject: test new svn hooks old svn server test Changed Files: D branches/commit-handler-test/aaaa/ From tlyu at MIT.EDU Tue Feb 10 11:38:00 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 10 Feb 2009 11:38:00 -0500 (EST) Subject: svn rev #21949: branches/commit-handler-test/ Message-ID: <200902101638.LAA10434@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21949 Commit By: tlyu Log Message: ticket: 6388 status: resolved tags: nochange more test Changed Files: A branches/commit-handler-test/aaaa/ From ghudson at MIT.EDU Tue Feb 10 12:17:41 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Tue, 10 Feb 2009 12:17:41 -0500 (EST) Subject: svn rev #21950: trunk/src/lib/krb5/ccache/ Message-ID: <200902101717.MAA11127@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21950 Commit By: ghudson Log Message: Fix a memory leak (unlikely to happen in practice) in krb5_mcc_store; use a cleanup handler for robustness. Changed Files: U trunk/src/lib/krb5/ccache/cc_memory.c Modified: trunk/src/lib/krb5/ccache/cc_memory.c =================================================================== --- trunk/src/lib/krb5/ccache/cc_memory.c 2009-02-10 16:37:59 UTC (rev 21949) +++ trunk/src/lib/krb5/ccache/cc_memory.c 2009-02-10 17:17:39 UTC (rev 21950) @@ -643,18 +643,19 @@ if (new_node == NULL) return ENOMEM; err = krb5_copy_creds(ctx, creds, &new_node->creds); - if (err) { - free(new_node); - return err; - } + if (err) + goto cleanup; err = k5_cc_mutex_lock(ctx, &mptr->lock); if (err) - return err; + goto cleanup; new_node->next = mptr->link; mptr->link = new_node; update_mcc_change_time(mptr); k5_cc_mutex_unlock(ctx, &mptr->lock); return 0; +cleanup: + free(new_node); + return err; } static krb5_error_code KRB5_CALLCONV From ghudson at MIT.EDU Tue Feb 10 13:25:17 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Tue, 10 Feb 2009 13:25:17 -0500 (EST) Subject: svn rev #21951: trunk/src/lib/krb5/ccache/ Message-ID: <200902101825.NAA12417@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21951 Commit By: ghudson Log Message: In the ccache serialization code, remove some unnecessary checks for nullity of ccache->ops; we assume a valid ops pointer in neighboring parts of the code. Changed Files: U trunk/src/lib/krb5/ccache/ser_cc.c Modified: trunk/src/lib/krb5/ccache/ser_cc.c =================================================================== --- trunk/src/lib/krb5/ccache/ser_cc.c 2009-02-10 17:17:39 UTC (rev 21950) +++ trunk/src/lib/krb5/ccache/ser_cc.c 2009-02-10 18:25:15 UTC (rev 21951) @@ -73,7 +73,7 @@ * krb5_int32 for KV5M_CCACHE */ required = sizeof(krb5_int32) * 3; - if (ccache->ops && ccache->ops->prefix) + if (ccache->ops->prefix) required += (strlen(ccache->ops->prefix)+1); /* @@ -115,12 +115,11 @@ (void) krb5_ser_pack_int32(KV5M_CCACHE, &bp, &remain); /* Calculate the length of the name */ - namelen = (ccache->ops && ccache->ops->prefix) ? - strlen(ccache->ops->prefix)+1 : 0; + namelen = ccache->ops->prefix ? strlen(ccache->ops->prefix)+1 : 0; fnamep = krb5_cc_get_name(kcontext, ccache); namelen += (strlen(fnamep)+1); - if (ccache->ops && ccache->ops->prefix) { + if (ccache->ops->prefix) { if (asprintf(&ccname, "%s:%s", ccache->ops->prefix, fnamep) < 0) ccname = NULL; } else From ghudson at MIT.EDU Tue Feb 10 14:06:00 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Tue, 10 Feb 2009 14:06:00 -0500 (EST) Subject: svn rev #21952: trunk/src/lib/krb5/ccache/ Message-ID: <200902101906.OAA13281@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21952 Commit By: ghudson Log Message: In krb5_ccache_internalize: fix resource leaks, fix several cases where success could be returned on failure, validate the length of the ccache name, make the value of *argp well-defined on failure, and lay out the function in a linear style with a cleanup handler. Changed Files: U trunk/src/lib/krb5/ccache/ser_cc.c Modified: trunk/src/lib/krb5/ccache/ser_cc.c =================================================================== --- trunk/src/lib/krb5/ccache/ser_cc.c 2009-02-10 18:25:15 UTC (rev 21951) +++ trunk/src/lib/krb5/ccache/ser_cc.c 2009-02-10 19:05:58 UTC (rev 21952) @@ -158,36 +158,57 @@ krb5_int32 ibuf; krb5_octet *bp; size_t remain; - char *ccname; + char *ccname = NULL; + *argp = NULL; + bp = *buffer; remain = *lenremain; - kret = EINVAL; - /* Read our magic number */ - if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - ibuf = 0; - if (ibuf == KV5M_CCACHE) { - kret = ENOMEM; - /* Get the length of the ccache name */ - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + /* Read our magic number. */ + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + if (kret) + return kret; + if (ibuf != KV5M_CCACHE) + return EINVAL; - if (!kret && - (ccname = (char *) malloc((size_t) (ibuf+1))) && - !(kret = krb5_ser_unpack_bytes((krb5_octet *) ccname, - (size_t) ibuf, - &bp, &remain))) { - ccname[ibuf] = '\0'; - if (!(kret = krb5_cc_resolve(kcontext, ccname, &ccache)) && - !(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)) && - (ibuf == KV5M_CCACHE)) { - *buffer = bp; - *lenremain = remain; - *argp = (krb5_pointer) ccache; - } - free(ccname); - } + /* Unpack and validate the length of the ccache name. */ + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + if (kret) + return kret; + if (ibuf < 0 || ibuf > remain) + return EINVAL; + + /* Allocate and unpack the name. */ + ccname = malloc(ibuf + 1); + if (!ccname) + return ENOMEM; + kret = krb5_ser_unpack_bytes((krb5_octet *) ccname, (size_t) ibuf, + &bp, &remain); + if (kret) + goto cleanup; + ccname[ibuf] = '\0'; + + /* Read the second magic number. */ + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + if (kret) + goto cleanup; + if (ibuf != KV5M_CCACHE) { + kret = EINVAL; + goto cleanup; } + + /* Resolve the named credential cache. */ + kret = krb5_cc_resolve(kcontext, ccname, &ccache); + if (kret) + goto cleanup; + + *buffer = bp; + *lenremain = remain; + *argp = ccache; + +cleanup: + free(ccname); return(kret); } From raeburn at MIT.EDU Tue Feb 10 18:38:40 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 18:38:40 -0500 (EST) Subject: svn rev #21953: trunk/src/tests/misc/ Message-ID: <200902102338.SAA17757@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21953 Commit By: raeburn Log Message: update Changed Files: U trunk/src/tests/misc/deps Modified: trunk/src/tests/misc/deps =================================================================== --- trunk/src/tests/misc/deps 2009-02-10 19:05:58 UTC (rev 21952) +++ trunk/src/tests/misc/deps 2009-02-10 23:38:36 UTC (rev 21953) @@ -9,6 +9,17 @@ $(OUTPRE)test_cxx_krb5.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ $(SRCTOP)/include/krb5/locate_plugin.h test_cxx_krb5.cpp +$(OUTPRE)test_cxx_k5int.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-ipc_stream.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-utf8.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + test_cxx_k5int.cpp $(OUTPRE)test_cxx_gss.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ test_cxx_gss.cpp $(OUTPRE)test_cxx_rpc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ From raeburn at MIT.EDU Tue Feb 10 19:11:36 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 19:11:36 -0500 (EST) Subject: svn rev #21954: trunk/src/config/ Message-ID: <200902110011.TAA18348@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21954 Commit By: raeburn Log Message: pull in dependency files Changed Files: U trunk/src/config/win-post.in Modified: trunk/src/config/win-post.in =================================================================== --- trunk/src/config/win-post.in 2009-02-10 23:38:36 UTC (rev 21953) +++ trunk/src/config/win-post.in 2009-02-11 00:11:33 UTC (rev 21954) @@ -109,3 +109,8 @@ $(RM) .\$(OUTPRE)*.idb .\$(OUTPRE)*.ilk $(RM) .\$(OUTPRE)*.manifest !endif + +# Dependencies +!if exist($(srcdir)/deps) +!include $(srcdir)/deps +!endif From raeburn at MIT.EDU Tue Feb 10 19:16:24 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 19:16:24 -0500 (EST) Subject: svn rev #21956: trunk/src/include/ Message-ID: <200902110016.TAA18577@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21956 Commit By: raeburn Log Message: define SSIZE_MAX forWindows Changed Files: U trunk/src/include/k5-platform.h Modified: trunk/src/include/k5-platform.h =================================================================== --- trunk/src/include/k5-platform.h 2009-02-11 00:15:55 UTC (rev 21955) +++ trunk/src/include/k5-platform.h 2009-02-11 00:16:23 UTC (rev 21956) @@ -427,6 +427,10 @@ # define UINT64_MAX ((UINT64_TYPE)((UINT64_TYPE)0 - 1)) #endif +#ifdef _WIN32 +# define SSIZE_MAX ((ssize_t)(SIZE_MAX/2)) +#endif + /* Read and write integer values as (unaligned) octet strings in specific byte orders. Add per-platform optimizations as needed. */ From raeburn at MIT.EDU Tue Feb 10 19:15:57 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 19:15:57 -0500 (EST) Subject: svn rev #21955: trunk/src/include/ Message-ID: <200902110015.TAA18495@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21955 Commit By: raeburn Log Message: unistd.h is posix only Changed Files: U trunk/src/include/k5-buf.h Modified: trunk/src/include/k5-buf.h =================================================================== --- trunk/src/include/k5-buf.h 2009-02-11 00:11:33 UTC (rev 21954) +++ trunk/src/include/k5-buf.h 2009-02-11 00:15:55 UTC (rev 21955) @@ -41,7 +41,9 @@ #include #include +#ifndef _WIN32 #include +#endif /* The k5buf module is intended to allow multi-step string construction in a fixed or dynamic buffer without the need to check From raeburn at MIT.EDU Tue Feb 10 19:24:40 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 19:24:40 -0500 (EST) Subject: svn rev #21957: trunk/src/util/support/ Message-ID: <200902110024.TAA18772@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21957 Commit By: raeburn Log Message: build strlcpy.c, printf.c, ipc_stream.c on windows Changed Files: U trunk/src/util/support/Makefile.in Modified: trunk/src/util/support/Makefile.in =================================================================== --- trunk/src/util/support/Makefile.in 2009-02-11 00:16:23 UTC (rev 21956) +++ trunk/src/util/support/Makefile.in 2009-02-11 00:24:39 UTC (rev 21957) @@ -32,12 +32,27 @@ STRLCPY_ST_OBJ=@STRLCPY_ST_OBJ@ STRLCPY_OBJ=@STRLCPY_OBJ@ +##DOS##STRLCPY_ST_OBJ= strlcpy.o +##DOS##STRLCPY_OBJ= $(OUTPRE)strlcpy.$(OBJEXT) PRINTF_ST_OBJ= @PRINTF_ST_OBJ@ PRINTF_OBJ= @PRINTF_OBJ@ +##DOS##PRINTF_ST_OBJ= printf.o +##DOS##PRINTF_OBJ= $(OUTPRE)printf.$(OBJEXT) IPC_ST_OBJ= IPC_OBJ= +##DOS##IPC_ST_OBJ= ipc_stream.o +##DOS##IPC_OBJ= $(OUTPRE)ipc_stream.$(OBJEXT) +IPC_SYMS= \ + krb5int_ipc_stream_data krb5int_ipc_stream_new \ + krb5int_ipc_stream_write krb5int_ipc_stream_read \ + krb5int_ipc_stream_read_int32 krb5int_ipc_stream_write_int32 \ + krb5int_ipc_stream_read_int64 krb5int_ipc_stream_write_int64 \ + krb5int_ipc_stream_read_uint32 krb5int_ipc_stream_write_uint32 \ + krb5int_ipc_stream_read_string krb5int_ipc_stream_write_string \ + krb5int_ipc_stream_release krb5int_ipc_stream_size \ + krb5int_ipc_stream_free_string STLIBOBJS= \ threads.o \ @@ -116,7 +131,8 @@ ##DOS##all-windows:: libkrb5support.exports EXTRA_SUPPORT_SYMS= @EXTRA_SUPPORT_SYMS@ -##DOS##EXTRA_SUPPORT_SYMS= krb5int_mkstemp +##DOS##EXTRA_SUPPORT_SYMS= krb5int_mkstemp krb5int_strlcpy krb5int_strlcat \ +##DOS## krb5int_vasprintf krb5int_asprintf $(IPC_SYMS) ##DOS##!if 0 libkrb5support.exports: $(srcdir)/libkrb5support-fixed.exports Makefile From raeburn at MIT.EDU Tue Feb 10 19:51:07 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 19:51:07 -0500 (EST) Subject: svn rev #21958: trunk/src/lib/krb5/unicode/ Message-ID: <200902110051.TAA19243@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21958 Commit By: raeburn Log Message: Windows version of 'copy a bunch of files around' Changed Files: U trunk/src/lib/krb5/unicode/Makefile.in Modified: trunk/src/lib/krb5/unicode/Makefile.in =================================================================== --- trunk/src/lib/krb5/unicode/Makefile.in 2009-02-11 00:24:39 UTC (rev 21957) +++ trunk/src/lib/krb5/unicode/Makefile.in 2009-02-11 00:51:06 UTC (rev 21958) @@ -51,6 +51,7 @@ ucgendat: ucgendat.o $(CC_LINK) $(ALL_CFLAGS) -o ucgendat ucgendat.o $(LIBS) +##DOS##!if 0 .links : @for i in $(XXSRCS) $(XXHEADERS); do \ $(RM) $$i ; \ @@ -58,6 +59,16 @@ $(LN_S) $$ii . ; \ done touch .links +##DOS##!endif +##DOS##.links: +##DOS## $(CP) $(srcdir)\ucdata\ucdata.h ucdata.h +##DOS## $(CP) $(srcdir)\ucdata\ucdata.c ucdata.c +##DOS## $(CP) $(srcdir)\ucdata\ucgendat.c ucgendat.c +##DOS## $(CP) $(srcdir)\ucdata\uctable.h uctable.h +##DOS## $(CP) $(srcdir)\ure\ure.h ure.h +##DOS## $(CP) $(srcdir)\ure\ure.c ure.c +##DOS## $(CP) $(srcdir)\ure\urestubs.c urestubs.c +##DOS## $(CP) nul .links $(XXSRCS) $(XXHEADERS) : .links From raeburn at MIT.EDU Tue Feb 10 19:51:47 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 19:51:47 -0500 (EST) Subject: svn rev #21959: trunk/src/lib/krb5/unicode/ure/ Message-ID: <200902110051.TAA19329@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21959 Commit By: raeburn Log Message: make build on windows, in current makefile framework Changed Files: U trunk/src/lib/krb5/unicode/ure/ure.c U trunk/src/lib/krb5/unicode/ure/urestubs.c Modified: trunk/src/lib/krb5/unicode/ure/ure.c =================================================================== --- trunk/src/lib/krb5/unicode/ure/ure.c 2009-02-11 00:51:06 UTC (rev 21958) +++ trunk/src/lib/krb5/unicode/ure/ure.c 2009-02-11 00:51:46 UTC (rev 21959) @@ -39,7 +39,9 @@ #include #include +#ifndef _WIN32 #include +#endif #include "ure.h" Modified: trunk/src/lib/krb5/unicode/ure/urestubs.c =================================================================== --- trunk/src/lib/krb5/unicode/ure/urestubs.c 2009-02-11 00:51:06 UTC (rev 21958) +++ trunk/src/lib/krb5/unicode/ure/urestubs.c 2009-02-11 00:51:46 UTC (rev 21959) @@ -40,11 +40,7 @@ #include "ure.h" -#ifdef _MSC_VER -# include "../ucdata/ucdata.h" -#else -# include "ucdata.h" -#endif +#include "ucdata.h" /* * This file contains stub routines needed by the URE package to test From raeburn at MIT.EDU Tue Feb 10 19:53:01 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 19:53:01 -0500 (EST) Subject: svn rev #21960: trunk/src/lib/krb5/rcache/ Message-ID: <200902110053.TAA19425@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21960 Commit By: raeburn Log Message: hide stat buf init on windows Changed Files: U trunk/src/lib/krb5/rcache/rc_io.c Modified: trunk/src/lib/krb5/rcache/rc_io.c =================================================================== --- trunk/src/lib/krb5/rcache/rc_io.c 2009-02-11 00:51:46 UTC (rev 21959) +++ trunk/src/lib/krb5/rcache/rc_io.c 2009-02-11 00:53:00 UTC (rev 21960) @@ -80,9 +80,9 @@ krb5_error_code retval = 0; #if HAVE_SYS_STAT_H struct stat stbuf; -#endif memset(&stbuf, 0, sizeof(stbuf)); +#endif if (asprintf(&d->fn, "%s%skrb5_RCXXXXXX", dir, PATH_SEPARATOR) < 0) { d->fn = NULL; From raeburn at MIT.EDU Tue Feb 10 19:53:30 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 19:53:30 -0500 (EST) Subject: svn rev #21961: trunk/src/lib/krb5/ Message-ID: <200902110053.TAA19504@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21961 Commit By: raeburn Log Message: pull in unicode stuff on windows Changed Files: U trunk/src/lib/krb5/Makefile.in Modified: trunk/src/lib/krb5/Makefile.in =================================================================== --- trunk/src/lib/krb5/Makefile.in 2009-02-11 00:53:00 UTC (rev 21960) +++ trunk/src/lib/krb5/Makefile.in 2009-02-11 00:53:28 UTC (rev 21961) @@ -8,8 +8,8 @@ ##DOSBUILDTOP = ..\.. ##DOSLIBNAME=$(OUTPRE)krb5.lib -##DOSOBJFILEDEP=$(OUTPRE)asn1.lst $(OUTPRE)ccache.lst $(OUTPRE)err_tbls.lst $(OUTPRE)keytab.lst $(OUTPRE)krb.lst $(OUTPRE)os.lst $(OUTPRE)posix.lst $(OUTPRE)rcache.lst $(OUTPRE)krb5.lst -##DOSOBJFILELIST=@$(OUTPRE)asn1.lst @$(OUTPRE)ccache.lst @$(OUTPRE)err_tbls.lst @$(OUTPRE)keytab.lst @$(OUTPRE)krb.lst @$(OUTPRE)os.lst @$(OUTPRE)posix.lst @$(OUTPRE)rcache.lst @$(OUTPRE)krb5.lst +##DOSOBJFILEDEP=$(OUTPRE)asn1.lst $(OUTPRE)ccache.lst $(OUTPRE)err_tbls.lst $(OUTPRE)keytab.lst $(OUTPRE)krb.lst $(OUTPRE)os.lst $(OUTPRE)posix.lst $(OUTPRE)rcache.lst $(OUTPRE)krb5.lst $(OUTPRE)unicode.lst +##DOSOBJFILELIST=@$(OUTPRE)asn1.lst @$(OUTPRE)ccache.lst @$(OUTPRE)err_tbls.lst @$(OUTPRE)keytab.lst @$(OUTPRE)krb.lst @$(OUTPRE)os.lst @$(OUTPRE)posix.lst @$(OUTPRE)rcache.lst @$(OUTPRE)krb5.lst @$(OUTPRE)unicode.lst ##DOSOBJFILE=$(OUTPRE)krb5.lst ##DOSLIBOBJS=$(OBJS) ##DOSLOCALINCLUDES=-Iccache\ccapi -I..\..\windows\lib -Iccache -Ikeytab -Ircache -Ios From raeburn at MIT.EDU Tue Feb 10 19:58:43 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 19:58:43 -0500 (EST) Subject: svn rev #21962: trunk/src/ccapi/ common/win/ lib/win/ server/win/ Message-ID: <200902110058.TAA19659@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21962 Commit By: raeburn Log Message: Some updates to compile and link on Windows, with recent CCAPI changes. Changed Files: U trunk/src/ccapi/common/win/tls.h U trunk/src/ccapi/lib/win/Makefile.in U trunk/src/ccapi/server/win/Makefile.in U trunk/src/ccapi/server/win/WorkQueue.h U trunk/src/ccapi/server/win/ccs_os_server.cpp U trunk/src/ccapi/server/win/workitem.h Modified: trunk/src/ccapi/common/win/tls.h =================================================================== --- trunk/src/ccapi/common/win/tls.h 2009-02-11 00:53:28 UTC (rev 21961) +++ trunk/src/ccapi/common/win/tls.h 2009-02-11 00:58:41 UTC (rev 21962) @@ -33,7 +33,7 @@ #include "time.h" #include "rpc.h" -#include "cci_stream.h" +#include "k5-ipc_stream.h" #define UUID_SIZE 128 Modified: trunk/src/ccapi/lib/win/Makefile.in =================================================================== --- trunk/src/ccapi/lib/win/Makefile.in 2009-02-11 00:53:28 UTC (rev 21961) +++ trunk/src/ccapi/lib/win/Makefile.in 2009-02-11 00:58:41 UTC (rev 21962) @@ -7,6 +7,7 @@ $(OUTPRE)ccapi_credentials.obj \ $(OUTPRE)ccapi_credentials_iterator.obj \ $(OUTPRE)ccapi_ipc.obj \ + $(OUTPRE)ccapi_err.obj \ $(OUTPRE)ccapi_os_ipc.obj \ $(OUTPRE)ccapi_string.obj \ $(OUTPRE)ccapi_v2.obj \ @@ -17,7 +18,6 @@ $(OUTPRE)cci_message.obj \ $(OUTPRE)cci_os_debugging.obj \ $(OUTPRE)cci_os_identifier.obj \ - $(OUTPRE)cci_stream.obj \ $(OUTPRE)ccs_reply_proc.obj \ $(OUTPRE)ccs_reply_s.obj \ $(OUTPRE)ccs_request_c.obj \ @@ -62,7 +62,7 @@ ##### Linker LINK = link -LIBS = kernel32.lib ws2_32.lib user32.lib advapi32.lib +LIBS = ..\$(CLIB) ..\$(SLIB) kernel32.lib ws2_32.lib user32.lib advapi32.lib LFLAGS = /nologo $(LOPTS) all:: Makefile copysrc midl $(OUTPRE)ccapi.dll finish Modified: trunk/src/ccapi/server/win/Makefile.in =================================================================== --- trunk/src/ccapi/server/win/Makefile.in 2009-02-11 00:53:28 UTC (rev 21961) +++ trunk/src/ccapi/server/win/Makefile.in 2009-02-11 00:58:41 UTC (rev 21962) @@ -22,7 +22,6 @@ $(OUTPRE)cci_message.$(OBJEXT) \ $(OUTPRE)cci_os_debugging.$(OBJEXT) \ $(OUTPRE)cci_os_identifier.$(OBJEXT) \ - $(OUTPRE)cci_stream.$(OBJEXT) \ $(OUTPRE)ccs_array.$(OBJEXT) \ $(OUTPRE)ccs_cache_collection.$(OBJEXT) \ $(OUTPRE)ccs_callback.$(OBJEXT) \ @@ -66,7 +65,7 @@ ##### Linker LINK = link -LIBS = rpcrt4.lib advapi32.lib ws2_32.lib user32.lib +LIBS = ..\$(SLIB) rpcrt4.lib advapi32.lib ws2_32.lib user32.lib LFLAGS = /nologo $(LOPTS) Modified: trunk/src/ccapi/server/win/WorkQueue.h =================================================================== --- trunk/src/ccapi/server/win/WorkQueue.h 2009-02-11 00:53:28 UTC (rev 21961) +++ trunk/src/ccapi/server/win/WorkQueue.h 2009-02-11 00:58:41 UTC (rev 21962) @@ -28,7 +28,6 @@ #define _work_queue_h #include "windows.h" -#include "cci_stream.h" #include "ccs_pipe.h" EXTERN_C BOOL worklist_isEmpty(); @@ -43,4 +42,4 @@ k5_ipc_stream* stream, time_t* serverStartTime); -#endif // _work_queue_h \ No newline at end of file +#endif // _work_queue_h Modified: trunk/src/ccapi/server/win/ccs_os_server.cpp =================================================================== --- trunk/src/ccapi/server/win/ccs_os_server.cpp 2009-02-11 00:53:28 UTC (rev 21961) +++ trunk/src/ccapi/server/win/ccs_os_server.cpp 2009-02-11 00:58:41 UTC (rev 21962) @@ -29,13 +29,12 @@ extern "C" { #include "ccs_common.h" +#include "ccs_os_notify.h" #include "ccs_os_server.h" -#include #include "ccs_reply.h" #include "ccs_request.h" #include "win-utils.h" #include "ccutils.h" -#include "cci_stream.h" } #include "WorkQueue.h" @@ -949,3 +948,16 @@ extern "C" void __RPC_USER midl_user_free(void __RPC_FAR * ptr) { free(ptr); } + +/* stubs */ +extern "C" cc_int32 +ccs_os_notify_cache_collection_changed (ccs_cache_collection_t cc) +{ + return 0; +} + +extern "C" cc_int32 +ccs_os_notify_ccache_changed (ccs_cache_collection_t cc, const char *name) +{ + return 0; +} Modified: trunk/src/ccapi/server/win/workitem.h =================================================================== --- trunk/src/ccapi/server/win/workitem.h 2009-02-11 00:53:28 UTC (rev 21961) +++ trunk/src/ccapi/server/win/workitem.h 2009-02-11 00:58:41 UTC (rev 21962) @@ -5,7 +5,6 @@ #include "windows.h" extern "C" { - #include "cci_stream.h" #include "ccs_pipe.h" } @@ -45,4 +44,4 @@ bool isEmpty() {return wl.empty();} }; -#endif // __WorkItem \ No newline at end of file +#endif // __WorkItem From raeburn at MIT.EDU Tue Feb 10 20:12:22 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 20:12:22 -0500 (EST) Subject: svn rev #21963: trunk/src/ Message-ID: <200902110112.UAA19927@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21963 Commit By: raeburn Log Message: Updates for current CCAPI code; build krb5 unicode support. Changed Files: U trunk/src/Makefile.in Modified: trunk/src/Makefile.in =================================================================== --- trunk/src/Makefile.in 2009-02-11 00:58:41 UTC (rev 21962) +++ trunk/src/Makefile.in 2009-02-11 01:12:21 UTC (rev 21963) @@ -44,12 +44,6 @@ @echo Making autoconf.h in include cd include $(MAKE) -$(MFLAGS) autoconf.h - - @echo Making in ccapi - cd ..\ccapi - cd - $(MAKE) -$(MFLAGS) - @echo Making in util cd ..\util $(MAKE) -$(MFLAGS) @@ -59,6 +53,9 @@ @echo Making in lib cd ..\lib $(MAKE) -$(MFLAGS) + @echo Making in ccapi + cd ..\ccapi + $(MAKE) -$(MFLAGS) @echo Making in windows cd ..\windows $(MAKE) -$(MFLAGS) @@ -188,7 +185,7 @@ ccapi\Makefile \ ccapi\lib\win\Makefile \ ccapi\server\win\Makefile \ - ccapi\test\Makefile \ + ccapi\test\Makefile \ clients\Makefile clients\kdestroy\Makefile \ clients\kinit\Makefile clients\klist\Makefile \ clients\kpasswd\Makefile clients\kvno\Makefile \ @@ -214,6 +211,7 @@ lib\krb5\krb\Makefile \ lib\krb5\os\Makefile lib\krb5\posix\Makefile \ lib\krb5\rcache\Makefile \ + lib\krb5\unicode\Makefile \ util\Makefile \ util\et\Makefile util\profile\Makefile \ util\support\Makefile \ @@ -295,6 +293,8 @@ ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\gssapi\mechglue\Makefile: lib\gssapi\mechglue\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ +##DOS##lib\gssapi\spnego\Makefile: lib\gssapi\spnego\Makefile.in $(MKFDEP) +##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\gssapi\krb5\Makefile: lib\gssapi\krb5\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\krb5\Makefile: lib\krb5\Makefile.in $(MKFDEP) @@ -317,6 +317,8 @@ ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\krb5\rcache\Makefile: lib\krb5\rcache\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ +##DOS##lib\krb5\unicode\Makefile: lib\krb5\unicode\Makefile.in $(MKFDEP) +##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##util\Makefile: util\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##util\et\Makefile: util\et\Makefile.in $(MKFDEP) @@ -424,6 +426,7 @@ GK = lib/gssapi/krb5/ PR = util/profile/ CE = util/et/ +CCL = ccapi/lib/ ETOUT = \ $(INC)asn1_err.h $(ET)asn1_err.c \ @@ -433,7 +436,8 @@ $(INC)krb524_err.h $(ET)krb524_err.c \ $(PR)prof_err.h $(PR)prof_err.c \ $(GG)gssapi_err_generic.h $(GG)gssapi_err_generic.c \ - $(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c + $(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c \ + $(CCL)ccapi_err.h $(CCL)ccapi_err.c HOUT = $(INC)krb5\krb5.h $(GG)gssapi.h $(PR)profile.h @@ -494,6 +498,8 @@ $(AWK) -f $(AH) outfile=$@ $(GG)gssapi_err_generic.et $(GK)gssapi_err_krb5.h: $(AH) $(GK)gssapi_err_krb5.et $(AWK) -f $(AH) outfile=$@ $(GK)gssapi_err_krb5.et +$(CCL)ccapi_err.h: $(AH) $(CCL)ccapi_err.et + $(AWK) -f $(AH) outfile=$@ $(CCL)ccapi_err.et $(CE)test1.h: $(AH) $(CE)test1.et $(AWK) -f $(AH) outfile=$@ $(CE)test1.et $(CE)test2.h: $(AH) $(CE)test2.et @@ -515,6 +521,8 @@ $(AWK) -f $(AC) outfile=$@ $(GG)gssapi_err_generic.et $(GK)gssapi_err_krb5.c: $(AC) $(GK)gssapi_err_krb5.et $(AWK) -f $(AC) outfile=$@ $(GK)gssapi_err_krb5.et +$(CCL)ccapi_err.c: $(AC) $(CCL)ccapi_err.et + $(AWK) -f $(AC) outfile=$@ $(CCL)ccapi_err.et $(CE)test1.c: $(AC) $(CE)test1.et $(AWK) -f $(AC) outfile=$@ $(CE)test1.et $(CE)test2.c: $(AC) $(CE)test2.et From raeburn at MIT.EDU Tue Feb 10 20:14:28 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 20:14:28 -0500 (EST) Subject: svn rev #21964: trunk/src/lib/ Message-ID: <200902110114.UAA20032@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21964 Commit By: raeburn Log Message: remove des425 syms; add some new dce,iov syms needed for gssapi Changed Files: U trunk/src/lib/krb5_32.def Modified: trunk/src/lib/krb5_32.def =================================================================== --- trunk/src/lib/krb5_32.def 2009-02-11 01:12:21 UTC (rev 21963) +++ trunk/src/lib/krb5_32.def 2009-02-11 01:14:27 UTC (rev 21964) @@ -259,16 +259,15 @@ ; Temporary exports (DO NOT USE) - ; DO NOT USE -- Currently required for krb4_32.dll - des_ecb_encrypt @3 ; PRIVATE KRB4 - des_new_random_key @6 ; PRIVATE KRB4 - des_key_sched @5 ; PRIVATE KRB4 - des_pcbc_encrypt @7 ; PRIVATE KRB4 - des_quad_cksum @8 ; PRIVATE KRB4 - des_string_to_key @9 ; PRIVATE KRB4 - des_init_random_number_generator @4 ; PRIVATE KRB4 - afs_string_to_key @1 ; PRIVATE KRB4 +; des_ecb_encrypt @3 ; PRIVATE KRB4 +; des_new_random_key @6 ; PRIVATE KRB4 +; des_key_sched @5 ; PRIVATE KRB4 +; des_pcbc_encrypt @7 ; PRIVATE KRB4 +; des_quad_cksum @8 ; PRIVATE KRB4 +; des_string_to_key @9 ; PRIVATE KRB4 +; des_init_random_number_generator @4 ; PRIVATE KRB4 +; afs_string_to_key @1 ; PRIVATE KRB4 ; DO NOT USE -- Currently required to implement gssapi32.dll decode_krb5_ap_req @2 ; PRIVATE GSSAPI k5-int.h KRB5_CALLCONV_WRONG @@ -300,3 +299,13 @@ krb5_get_error_message @150 krb5_free_error_message @134 krb5_clear_error_message @94 + +; new in 1.7 + krb5_rd_rep_dce + krb5_mk_rep_dce + krb5_c_padding_length + krb5_c_crypto_length + krb5_c_encrypt_iov + krb5_c_decrypt_iov + krb5_c_make_checksum_iov + krb5_c_verify_checksum_iov From raeburn at MIT.EDU Tue Feb 10 20:16:00 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 10 Feb 2009 20:16:00 -0500 (EST) Subject: svn rev #21965: trunk/src/lib/gssapi/ Message-ID: <200902110116.UAA20135@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21965 Commit By: raeburn Log Message: remove local objects from list for windows Changed Files: U trunk/src/lib/gssapi/Makefile.in Modified: trunk/src/lib/gssapi/Makefile.in =================================================================== --- trunk/src/lib/gssapi/Makefile.in 2009-02-11 01:14:27 UTC (rev 21964) +++ trunk/src/lib/gssapi/Makefile.in 2009-02-11 01:15:58 UTC (rev 21965) @@ -6,10 +6,10 @@ DEFS=-D_GSS_STATIC_LINK=1 ##DOSLIBNAME=$(OUTPRE)gssapi.lib -##DOSOBJFILELIST=@$(OUTPRE)mechglue.lst @$(OUTPRE)spnego.lst @$(OUTPRE)generic.lst @$(OUTPRE)krb5.lst @$(OUTPRE)gssapi.lst -##DOSOBJFILEDEP=$(OUTPRE)mechglue.lst $(OUTPRE)spnego.lst $(OUTPRE)generic.lst $(OUTPRE)krb5.lst $(OUTPRE)gssapi.lst +##DOSOBJFILELIST=@$(OUTPRE)mechglue.lst @$(OUTPRE)spnego.lst @$(OUTPRE)generic.lst @$(OUTPRE)krb5.lst # @$(OUTPRE)gssapi.lst +##DOSOBJFILEDEP=$(OUTPRE)mechglue.lst $(OUTPRE)spnego.lst $(OUTPRE)generic.lst $(OUTPRE)krb5.lst # $(OUTPRE)gssapi.lst -##DOSOBJFILE=$(OUTPRE)gssapi.lst +###DOSOBJFILE=$(OUTPRE)gssapi.lst ##DOSLIBOBJS=$(OBJS) ##DOS##DLL_EXP_TYPE=GSS From rra at MIT.EDU Wed Feb 11 00:00:25 2009 From: rra at MIT.EDU (rra@MIT.EDU) Date: Wed, 11 Feb 2009 00:00:25 -0500 (EST) Subject: svn rev #21966: trunk/src/kadmin/ cli/ ktutil/ Message-ID: <200902110500.AAA23540@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21966 Commit By: rra Log Message: Ticket: 6348 Tags: pullup Install ktutil and kadmin into CLIENT_BINDIR instead of ADMIN_BINDIR since both are useful for users other than the system administrator. Changed Files: U trunk/src/kadmin/cli/Makefile.in U trunk/src/kadmin/ktutil/Makefile.in Modified: trunk/src/kadmin/cli/Makefile.in =================================================================== --- trunk/src/kadmin/cli/Makefile.in 2009-02-11 01:15:58 UTC (rev 21965) +++ trunk/src/kadmin/cli/Makefile.in 2009-02-11 05:00:24 UTC (rev 21966) @@ -28,7 +28,7 @@ install:: $(INSTALL_PROGRAM) $(PROG).local ${DESTDIR}$(ADMIN_BINDIR)/$(PROG).local - $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG) + $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(CLIENT_BINDIR)/$(PROG) $(INSTALL_SCRIPT) $(srcdir)/k5srvutil.sh ${DESTDIR}$(ADMIN_BINDIR)/k5srvutil $(INSTALL_DATA) $(srcdir)/k5srvutil.M ${DESTDIR}$(ADMIN_MANDIR)/k5srvutil.8 $(INSTALL_DATA) $(srcdir)/$(PROG).M ${DESTDIR}$(ADMIN_MANDIR)/$(PROG).8 Modified: trunk/src/kadmin/ktutil/Makefile.in =================================================================== --- trunk/src/kadmin/ktutil/Makefile.in 2009-02-11 01:15:58 UTC (rev 21965) +++ trunk/src/kadmin/ktutil/Makefile.in 2009-02-11 05:00:24 UTC (rev 21966) @@ -20,7 +20,7 @@ $(CC_LINK) -o ktutil $(OBJS) $(SS_LIB) $(KRB5_BASE_LIBS) install:: - $(INSTALL_PROGRAM) ktutil ${DESTDIR}$(ADMIN_BINDIR)/ktutil + $(INSTALL_PROGRAM) ktutil ${DESTDIR}$(CLIENT_BINDIR)/ktutil $(INSTALL_DATA) $(srcdir)/ktutil.M ${DESTDIR}$(ADMIN_MANDIR)/ktutil.8 generate-files-mac: ktutil_ct.c From epeisach at MIT.EDU Wed Feb 11 07:47:53 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Wed, 11 Feb 2009 07:47:53 -0500 (EST) Subject: svn rev #21967: trunk/src/lib/krb5/ccache/ Message-ID: <200902111247.HAA03989@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21967 Commit By: epeisach Log Message: Add test for krb5_cc_get_principal and ensure returned value correct. Changed Files: U trunk/src/lib/krb5/ccache/t_cc.c Modified: trunk/src/lib/krb5/ccache/t_cc.c =================================================================== --- trunk/src/lib/krb5/ccache/t_cc.c 2009-02-11 05:00:24 UTC (rev 21966) +++ trunk/src/lib/krb5/ccache/t_cc.c 2009-02-11 12:47:51 UTC (rev 21967) @@ -189,15 +189,23 @@ exit(1);\ } else if(debug) printf("%s went ok\n", msg); +#define CHECK_BOOL(expr,errstr,msg) \ + if (expr) {\ + fprintf(stderr, "%s %s\n", msg, errstr); \ + exit(1); \ + } else if(debug) printf("%s went ok\n", msg); + #define CHECK_FAIL(experr, kret, msg) \ if (experr != kret) { CHECK(kret, msg);} -static void cc_test(krb5_context context, const char *name, int flags) +static void cc_test(krb5_context context, const char *name, krb5_flags flags) { krb5_ccache id, id2; krb5_creds creds; krb5_error_code kret; krb5_cc_cursor cursor; + krb5_principal tmp; + const char *c_name; char newcache[300]; char *save_type; @@ -221,8 +229,21 @@ kret = krb5_cc_store_cred(context, id, &test_creds); CHECK(kret, "store"); + kret = krb5_cc_get_principal(context, id, &tmp); + CHECK(kret, "get_principal"); + + CHECK_BOOL(krb5_realm_compare(context, tmp, test_creds.client) != TRUE, + "realms do not match", "realm_compare"); + + + CHECK_BOOL(krb5_principal_compare(context, tmp, test_creds.client) != TRUE, + "principals do not match", "principal_compare"); + + krb5_free_principal(context, tmp); + kret = krb5_cc_set_flags (context, id, flags); CHECK(kret, "set_flags"); + kret = krb5_cc_start_seq_get(context, id, &cursor); CHECK(kret, "start_seq_get"); kret = 0; From epeisach at MIT.EDU Wed Feb 11 08:01:14 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Wed, 11 Feb 2009 08:01:14 -0500 (EST) Subject: svn rev #21968: trunk/src/ Message-ID: <200902111301.IAA04419@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21968 Commit By: epeisach Log Message: ticket: 6390 subject: --disable-rpath is not working tags: pullup target_version: 1.7 AC_ARG_ENABLE returns its value in enableval not withval. --disable-rpath was not working - or dependent on some previous setting... Changed Files: U trunk/src/aclocal.m4 Modified: trunk/src/aclocal.m4 =================================================================== --- trunk/src/aclocal.m4 2009-02-11 12:47:51 UTC (rev 21967) +++ trunk/src/aclocal.m4 2009-02-11 13:01:11 UTC (rev 21968) @@ -1215,7 +1215,7 @@ fi]) AC_ARG_ENABLE([rpath], AC_HELP_STRING([--disable-rpath],[suppress run path flags in link lines]), -[enable_rpath=$withval], +[enable_rpath=$enableval], [enable_rpath=yes]) if test "x$enable_rpath" != xyes ; then From ghudson at MIT.EDU Wed Feb 11 15:18:46 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Wed, 11 Feb 2009 15:18:46 -0500 (EST) Subject: svn rev #21969: trunk/src/ include/ lib/krb5/ lib/krb5/krb/ Message-ID: <200902112018.PAA11559@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21969 Commit By: ghudson Log Message: Ensure we have a free function for every data type we have an ASN.1 decoder for. Export the new free functions, but only declare them in k5-int.h since they shouldn't be needed by applications. Also export a couple of encoder and decoder functions not previously exported. Changed Files: U trunk/src/include/k5-int.h U trunk/src/lib/krb5/krb/kfree.c U trunk/src/lib/krb5/libkrb5.exports Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-02-11 13:01:11 UTC (rev 21968) +++ trunk/src/include/k5-int.h 2009-02-11 20:18:43 UTC (rev 21969) @@ -2509,6 +2509,12 @@ (krb5_context, krb5_pwd_data *); void KRB5_CALLCONV krb5_free_pwd_sequences (krb5_context, passwd_phrase_element **); +void KRB5_CALLCONV krb5_free_passwd_phrase_element + (krb5_context, passwd_phrase_element *); +void KRB5_CALLCONV krb5_free_alt_method + (krb5_context, krb5_alt_method *); +void KRB5_CALLCONV krb5_free_enc_data + (krb5_context, krb5_enc_data *); krb5_error_code krb5_set_config_files (krb5_context, const char **); Modified: trunk/src/lib/krb5/krb/kfree.c =================================================================== --- trunk/src/lib/krb5/krb/kfree.c 2009-02-11 13:01:11 UTC (rev 21968) +++ trunk/src/lib/krb5/krb/kfree.c 2009-02-11 20:18:43 UTC (rev 21969) @@ -80,6 +80,15 @@ void KRB5_CALLCONV +krb5_free_alt_method(krb5_context context, + krb5_alt_method *alt) +{ + if (alt) { + free(alt->data); + free(alt); + } +} +void KRB5_CALLCONV krb5_free_ap_rep(krb5_context context, register krb5_ap_rep *val) { if (val == NULL) @@ -254,6 +263,15 @@ } } +void KRB5_CALLCONV +krb5_free_enc_data(krb5_context context, krb5_enc_data *val) +{ + if (val == NULL) + return; + krb5_free_data_contents(context, &val->ciphertext); + free(val); +} + void krb5_free_etype_info(krb5_context context, krb5_etype_info info) { int i; @@ -426,19 +444,30 @@ void KRB5_CALLCONV +krb5_free_passwd_phrase_element(krb5_context context, + passwd_phrase_element *val) +{ + register passwd_phrase_element **temp; + + if (val == NULL) + return; + krb5_free_data(context, val->passwd); + val->passwd = NULL; + krb5_free_data(context, val->phrase); + val->phrase = NULL; + free(val); +} + + +void KRB5_CALLCONV krb5_free_pwd_sequences(krb5_context context, passwd_phrase_element **val) { register passwd_phrase_element **temp; if (val == NULL) return; - for (temp = val; *temp; temp++) { - krb5_free_data(context, (*temp)->passwd); - (*temp)->passwd = 0; - krb5_free_data(context, (*temp)->phrase); - (*temp)->phrase = 0; - free(*temp); - } + for (temp = val; *temp; temp++) + krb5_free_passwd_phrase_element(context, *temp); free(val); } Modified: trunk/src/lib/krb5/libkrb5.exports =================================================================== --- trunk/src/lib/krb5/libkrb5.exports 2009-02-11 13:01:11 UTC (rev 21968) +++ trunk/src/lib/krb5/libkrb5.exports 2009-02-11 20:18:43 UTC (rev 21969) @@ -13,10 +13,12 @@ decode_krb5_enc_kdc_rep_part decode_krb5_enc_priv_part decode_krb5_enc_sam_response_enc +decode_krb5_enc_sam_response_enc_2 decode_krb5_enc_tkt_part decode_krb5_encryption_key decode_krb5_error decode_krb5_etype_info +decode_krb5_etype_info2 decode_krb5_kdc_req_body decode_krb5_pa_enc_ts decode_krb5_pa_for_user @@ -29,6 +31,7 @@ decode_krb5_safe decode_krb5_sam_challenge decode_krb5_sam_response +decode_krb5_sam_response_2 decode_krb5_setpw_req decode_krb5_tgs_rep decode_krb5_tgs_req @@ -47,6 +50,7 @@ encode_krb5_enc_kdc_rep_part encode_krb5_enc_priv_part encode_krb5_enc_sam_response_enc +encode_krb5_enc_sam_response_enc_2 encode_krb5_enc_tkt_part encode_krb5_encryption_key encode_krb5_error @@ -66,6 +70,7 @@ encode_krb5_sam_challenge encode_krb5_sam_key encode_krb5_sam_response +encode_krb5_sam_response_2 encode_krb5_tgs_rep encode_krb5_tgs_req encode_krb5_ticket @@ -192,6 +197,7 @@ krb5_find_serializer krb5_free_address krb5_free_addresses +krb5_free_alt_method krb5_free_ap_rep krb5_free_ap_rep_enc_part krb5_free_ap_req @@ -209,6 +215,7 @@ krb5_free_data krb5_free_data_contents krb5_free_default_realm +krb5_free_enc_data krb5_free_enc_kdc_rep_part krb5_free_enc_sam_response_enc krb5_free_enc_sam_response_enc_2 @@ -233,6 +240,7 @@ krb5_free_pa_for_user krb5_free_pa_server_referral_data krb5_free_pa_svr_referral_data +krb5_free_passwd_phrase_element krb5_free_predicted_sam_response krb5_free_predicted_sam_response_contents krb5_free_principal From ghudson at MIT.EDU Wed Feb 11 15:28:42 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Wed, 11 Feb 2009 15:28:42 -0500 (EST) Subject: svn rev #21970: trunk/src/tests/asn.1/ Message-ID: <200902112028.PAA11808@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21970 Commit By: ghudson Log Message: Add a new test harness to facilitate memory leak detection in the ASN.1 decoder routines. Changed Files: U trunk/src/tests/asn.1/Makefile.in U trunk/src/tests/asn.1/deps A trunk/src/tests/asn.1/krb5_decode_leak.c Modified: trunk/src/tests/asn.1/Makefile.in =================================================================== --- trunk/src/tests/asn.1/Makefile.in 2009-02-11 20:18:43 UTC (rev 21969) +++ trunk/src/tests/asn.1/Makefile.in 2009-02-11 20:28:40 UTC (rev 21970) @@ -9,10 +9,11 @@ RUN_SETUP = @KRB5_RUN_ENV@ SRCS= $(srcdir)/krb5_encode_test.c $(srcdir)/krb5_decode_test.c \ - $(srcdir)/ktest.c $(srcdir)/ktest_equal.c $(srcdir)/utility.c \ + $(srcdir)/krb5_decode_leak.c $(srcdir)/ktest.c \ + $(srcdir)/ktest_equal.c $(srcdir)/utility.c \ $(srcdir)/trval.c $(srcdir)/t_trval.c -all:: krb5_encode_test krb5_decode_test t_trval +all:: krb5_encode_test krb5_decode_test krb5_decode_leak t_trval LOCALINCLUDES = -I$(srcdir)/../../lib/krb5/asn.1 @@ -26,11 +27,23 @@ krb5_decode_test: $(DECOBJS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o krb5_decode_test $(DECOBJS) $(KRB5_BASE_LIBS) +LEAKOBJS = krb5_decode_leak.o ktest.o ktest_equal.o utility.o + +krb5_decode_leak: $(LEAKOBJS) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o krb5_decode_leak $(LEAKOBJS) $(KRB5_BASE_LIBS) + t_trval: t_trval.o $(CC) -o t_trval $(ALL_CFLAGS) t_trval.o -check:: check-encode check-encode-trval check-decode +check:: check-encode check-encode-trval check-decode check-leak +# Does not actually test for leaks unless using valgrind or a similar +# tool, but does exercise a bunch of code. +check-leak: krb5_decode_leak + KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; \ + export KRB5_CONFIG ;\ + $(RUN_SETUP) $(VALGRIND) ./krb5_decode_leak + check-decode: krb5_decode_test KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; \ export KRB5_CONFIG ;\ Modified: trunk/src/tests/asn.1/deps =================================================================== --- trunk/src/tests/asn.1/deps 2009-02-11 20:18:43 UTC (rev 21969) +++ trunk/src/tests/asn.1/deps 2009-02-11 20:28:40 UTC (rev 21970) @@ -25,6 +25,18 @@ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/krb5/asn.1/asn1buf.h \ $(SRCTOP)/lib/krb5/asn.1/krbasn1.h debug.h krb5_decode_test.c \ ktest.h ktest_equal.h utility.h +$(OUTPRE)krb5_decode_leak.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/krb5/asn.1/asn1buf.h \ + $(SRCTOP)/lib/krb5/asn.1/krbasn1.h debug.h krb5_decode_leak.c \ + ktest.h utility.h $(OUTPRE)ktest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ Added: trunk/src/tests/asn.1/krb5_decode_leak.c =================================================================== --- trunk/src/tests/asn.1/krb5_decode_leak.c 2009-02-11 20:18:43 UTC (rev 21969) +++ trunk/src/tests/asn.1/krb5_decode_leak.c 2009-02-11 20:28:40 UTC (rev 21970) @@ -0,0 +1,650 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* + * This program is intended to help detect memory leaks in the ASN.1 + * decoder functions by exercising their failure paths. The setup + * code for the test cases is copied from krb5_encode_test.c. + * + * This code does not actually detect leaks by itself; it must be run + * through a leak-detection tool such as valgrind to do so. Simply + * running the program will exercise a bunch of ASN.1 encoder and + * decoder code paths but won't validate the results. + */ + +#include +#include "k5-int.h" +#include "com_err.h" +#include "utility.h" + +#include "ktest.h" +#include + +#include "debug.h" + +krb5_context test_context; + +int +main(int argc, char **argv) +{ + krb5_data *code; + krb5_error_code retval; + unsigned int i; + + retval = krb5_init_context(&test_context); + if (retval) { + com_err(argv[0], retval, "while initializing krb5"); + exit(1); + } + init_access(argv[0]); + +#define setup(value, typestring, constructor) \ + retval = constructor(&(value)); \ + if (retval) { \ + com_err("krb5_decode_leak", retval, "while making sample %s", \ + typestring); \ + exit(1); \ + } + +#define encode_run(value,type,typestring,description,encoder) + + /* + * Encode a value. Then attempt to trigger most failure paths of + * the decoder function by passing in corrupt encodings, which we + * generate by perturbing each byte of the encoding in turn. Some + * of the perturbed encodings are expected to decode successfully, + * so we need a free function to discard successful results. Make + * sure to define a pointer named "tmp" of the correct type in the + * enclosing block. + */ +#define leak_test(value, encoder, decoder, freefn) \ + retval = encoder(&(value),&(code)); \ + if (retval) { \ + com_err("krb5_decode_leak", retval, "while encoding"); \ + exit(1); \ + } \ + for (i = 0; i < code->length; i++) { \ + code->data[i] = (char)~((unsigned char)code->data[i]); \ + retval = decoder(code, &tmp); \ + code->data[i] = (char)~((unsigned char)code->data[i]); \ + if (retval == 0) \ + freefn(test_context, tmp); \ + } \ + krb5_free_data(test_context, code); + + /****************************************************************/ + /* encode_krb5_authenticator */ + { + krb5_authenticator authent, *tmp; + + setup(authent, "authenticator", ktest_make_sample_authenticator); + leak_test(authent, encode_krb5_authenticator, + decode_krb5_authenticator, krb5_free_authenticator); + + ktest_destroy_checksum(&(authent.checksum)); + ktest_destroy_keyblock(&(authent.subkey)); + authent.seq_number = 0; + ktest_empty_authorization_data(authent.authorization_data); + leak_test(authent, encode_krb5_authenticator, + decode_krb5_authenticator, krb5_free_authenticator); + + ktest_destroy_authorization_data(&(authent.authorization_data)); + leak_test(authent, encode_krb5_authenticator, + decode_krb5_authenticator, krb5_free_authenticator); + ktest_empty_authenticator(&authent); + } + + /****************************************************************/ + /* encode_krb5_ticket */ + { + krb5_ticket tkt, *tmp; + + setup(tkt, "ticket", ktest_make_sample_ticket); + leak_test(tkt, encode_krb5_ticket, decode_krb5_ticket, + krb5_free_ticket); + ktest_empty_ticket(&tkt); + } + + /****************************************************************/ + /* encode_krb5_encryption_key */ + { + krb5_keyblock keyblk, *tmp; + + setup(keyblk, "keyblock", ktest_make_sample_keyblock); + leak_test(keyblk, encode_krb5_encryption_key, + decode_krb5_encryption_key, krb5_free_keyblock); + ktest_empty_keyblock(&keyblk); + } + + /****************************************************************/ + /* encode_krb5_enc_tkt_part */ + { + krb5_ticket tkt; + krb5_enc_tkt_part *tmp; + + memset(&tkt, 0, sizeof(krb5_ticket)); + tkt.enc_part2 = calloc(1, sizeof(krb5_enc_tkt_part)); + if (tkt.enc_part2 == NULL) + com_err("allocating enc_tkt_part", errno, ""); + setup(*(tkt.enc_part2), "enc_tkt_part", + ktest_make_sample_enc_tkt_part); + + leak_test(*(tkt.enc_part2), encode_krb5_enc_tkt_part, + decode_krb5_enc_tkt_part, krb5_free_enc_tkt_part); + + tkt.enc_part2->times.starttime = 0; + tkt.enc_part2->times.renew_till = 0; + ktest_destroy_address(&(tkt.enc_part2->caddrs[1])); + ktest_destroy_address(&(tkt.enc_part2->caddrs[0])); + ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[1])); + ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[0])); + + /* ISODE version fails on the empty caddrs field */ + ktest_destroy_addresses(&(tkt.enc_part2->caddrs)); + ktest_destroy_authorization_data(&(tkt.enc_part2->authorization_data)); + + leak_test(*(tkt.enc_part2), encode_krb5_enc_tkt_part, + decode_krb5_enc_tkt_part, krb5_free_enc_tkt_part); + ktest_empty_ticket(&tkt); + } + + /****************************************************************/ + /* encode_krb5_enc_kdc_rep_part */ + { + krb5_kdc_rep kdcr; + krb5_enc_kdc_rep_part *tmp; + + memset(&kdcr, 0, sizeof(kdcr)); + + kdcr.enc_part2 = calloc(1, sizeof(krb5_enc_kdc_rep_part)); + if (kdcr.enc_part2 == NULL) + com_err("allocating enc_kdc_rep_part", errno, ""); + setup(*(kdcr.enc_part2), "enc_kdc_rep_part", + ktest_make_sample_enc_kdc_rep_part); + + leak_test(*(kdcr.enc_part2), encode_krb5_enc_kdc_rep_part, + decode_krb5_enc_kdc_rep_part, krb5_free_enc_kdc_rep_part); + + kdcr.enc_part2->key_exp = 0; + kdcr.enc_part2->times.starttime = 0; + kdcr.enc_part2->flags &= ~TKT_FLG_RENEWABLE; + ktest_destroy_addresses(&(kdcr.enc_part2->caddrs)); + + leak_test(*(kdcr.enc_part2), encode_krb5_enc_kdc_rep_part, + decode_krb5_enc_kdc_rep_part, krb5_free_enc_kdc_rep_part); + + ktest_empty_kdc_rep(&kdcr); + } + + /****************************************************************/ + /* encode_krb5_as_rep */ + { + krb5_kdc_rep kdcr, *tmp; + + setup(kdcr, "kdc_rep", ktest_make_sample_kdc_rep); + kdcr.msg_type = KRB5_AS_REP; + leak_test(kdcr, encode_krb5_as_rep, decode_krb5_as_rep, + krb5_free_kdc_rep); + + ktest_destroy_pa_data_array(&(kdcr.padata)); + leak_test(kdcr, encode_krb5_as_rep, decode_krb5_as_rep, + krb5_free_kdc_rep); + + ktest_empty_kdc_rep(&kdcr); + + } + + /****************************************************************/ + /* encode_krb5_tgs_rep */ + { + krb5_kdc_rep kdcr, *tmp; + + setup(kdcr, "kdc_rep", ktest_make_sample_kdc_rep); + kdcr.msg_type = KRB5_TGS_REP; + leak_test(kdcr, encode_krb5_tgs_rep, decode_krb5_tgs_rep, + krb5_free_kdc_rep); + + ktest_destroy_pa_data_array(&(kdcr.padata)); + leak_test(kdcr, encode_krb5_tgs_rep, decode_krb5_tgs_rep, + krb5_free_kdc_rep); + + ktest_empty_kdc_rep(&kdcr); + + } + + /****************************************************************/ + /* encode_krb5_ap_req */ + { + krb5_ap_req apreq, *tmp; + + setup(apreq, "ap_req", ktest_make_sample_ap_req); + leak_test(apreq, encode_krb5_ap_req, decode_krb5_ap_req, + krb5_free_ap_req); + ktest_empty_ap_req(&apreq); + } + + /****************************************************************/ + /* encode_krb5_ap_rep */ + { + krb5_ap_rep aprep, *tmp; + + setup(aprep, "ap_rep", ktest_make_sample_ap_rep); + leak_test(aprep, encode_krb5_ap_rep, decode_krb5_ap_rep, + krb5_free_ap_rep); + ktest_empty_ap_rep(&aprep); + } + + /****************************************************************/ + /* encode_krb5_ap_rep_enc_part */ + { + krb5_ap_rep_enc_part apenc, *tmp; + + setup(apenc, "ap_rep_enc_part", ktest_make_sample_ap_rep_enc_part); + leak_test(apenc, encode_krb5_ap_rep_enc_part, + decode_krb5_ap_rep_enc_part, krb5_free_ap_rep_enc_part); + + ktest_destroy_keyblock(&(apenc.subkey)); + apenc.seq_number = 0; + leak_test(apenc, encode_krb5_ap_rep_enc_part, + decode_krb5_ap_rep_enc_part, krb5_free_ap_rep_enc_part); + ktest_empty_ap_rep_enc_part(&apenc); + } + + /****************************************************************/ + /* encode_krb5_as_req */ + { + krb5_kdc_req asreq, *tmp; + + setup(asreq, "kdc_req", ktest_make_sample_kdc_req); + asreq.msg_type = KRB5_AS_REQ; + asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + leak_test(asreq, encode_krb5_as_req, decode_krb5_as_req, + krb5_free_kdc_req); + + ktest_destroy_pa_data_array(&(asreq.padata)); + ktest_destroy_principal(&(asreq.client)); +#ifndef ISODE_SUCKS + ktest_destroy_principal(&(asreq.server)); +#endif + asreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; + asreq.from = 0; + asreq.rtime = 0; + ktest_destroy_addresses(&(asreq.addresses)); + ktest_destroy_enc_data(&(asreq.authorization_data)); + leak_test(asreq, encode_krb5_as_req, decode_krb5_as_req, + krb5_free_kdc_req); + + ktest_destroy_sequence_of_ticket(&(asreq.second_ticket)); +#ifndef ISODE_SUCKS + ktest_make_sample_principal(&(asreq.server)); +#endif + asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + leak_test(asreq, encode_krb5_as_req, decode_krb5_as_req, + krb5_free_kdc_req); + ktest_empty_kdc_req(&asreq); + } + + /****************************************************************/ + /* encode_krb5_tgs_req */ + { + krb5_kdc_req tgsreq, *tmp; + + setup(tgsreq, "kdc_req", ktest_make_sample_kdc_req); + tgsreq.msg_type = KRB5_TGS_REQ; + tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + leak_test(tgsreq, encode_krb5_tgs_req, decode_krb5_tgs_req, + krb5_free_kdc_req); + + ktest_destroy_pa_data_array(&(tgsreq.padata)); + ktest_destroy_principal(&(tgsreq.client)); +#ifndef ISODE_SUCKS + ktest_destroy_principal(&(tgsreq.server)); +#endif + tgsreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; + tgsreq.from = 0; + tgsreq.rtime = 0; + ktest_destroy_addresses(&(tgsreq.addresses)); + ktest_destroy_enc_data(&(tgsreq.authorization_data)); + leak_test(tgsreq, encode_krb5_tgs_req, decode_krb5_tgs_req, + krb5_free_kdc_req); + + ktest_destroy_sequence_of_ticket(&(tgsreq.second_ticket)); +#ifndef ISODE_SUCKS + ktest_make_sample_principal(&(tgsreq.server)); +#endif + tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + leak_test(tgsreq, encode_krb5_tgs_req, decode_krb5_tgs_req, + krb5_free_kdc_req); + ktest_empty_kdc_req(&tgsreq); + } + + /****************************************************************/ + /* encode_krb5_kdc_req_body */ + { + krb5_kdc_req kdcrb, *tmp; + + memset(&kdcrb, 0, sizeof(kdcrb)); + setup(kdcrb, "kdc_req_body", ktest_make_sample_kdc_req_body); + kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + leak_test(kdcrb, encode_krb5_kdc_req_body, decode_krb5_kdc_req_body, + krb5_free_kdc_req); + + ktest_destroy_principal(&(kdcrb.client)); +#ifndef ISODE_SUCKS + ktest_destroy_principal(&(kdcrb.server)); +#endif + kdcrb.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; + kdcrb.from = 0; + kdcrb.rtime = 0; + ktest_destroy_addresses(&(kdcrb.addresses)); + ktest_destroy_enc_data(&(kdcrb.authorization_data)); + leak_test(kdcrb, encode_krb5_kdc_req_body, decode_krb5_kdc_req_body, + krb5_free_kdc_req); + + ktest_destroy_sequence_of_ticket(&(kdcrb.second_ticket)); +#ifndef ISODE_SUCKS + ktest_make_sample_principal(&(kdcrb.server)); +#endif + kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + leak_test(kdcrb, encode_krb5_kdc_req_body, decode_krb5_kdc_req_body, + krb5_free_kdc_req); + ktest_empty_kdc_req(&kdcrb); + } + + /****************************************************************/ + /* encode_krb5_safe */ + { + krb5_safe s, *tmp; + + setup(s, "safe", ktest_make_sample_safe); + leak_test(s, encode_krb5_safe, decode_krb5_safe, krb5_free_safe); + + s.timestamp = 0; + /* s.usec should be opted out by the timestamp */ + s.seq_number = 0; + ktest_destroy_address(&(s.r_address)); + leak_test(s, encode_krb5_safe, decode_krb5_safe, krb5_free_safe); + ktest_empty_safe(&s); + } + + /****************************************************************/ + /* encode_krb5_priv */ + { + krb5_priv p, *tmp; + + setup(p, "priv", ktest_make_sample_priv); + leak_test(p, encode_krb5_priv, decode_krb5_priv, krb5_free_priv); + ktest_empty_priv(&p); + } + + /****************************************************************/ + /* encode_krb5_enc_priv_part */ + { + krb5_priv_enc_part ep, *tmp; + + setup(ep, "priv_enc_part", ktest_make_sample_priv_enc_part); + leak_test(ep, encode_krb5_enc_priv_part, decode_krb5_enc_priv_part, + krb5_free_priv_enc_part); + + ep.timestamp = 0; + /* ep.usec should be opted out along with timestamp */ + ep.seq_number = 0; + ktest_destroy_address(&(ep.r_address)); + leak_test(ep, encode_krb5_enc_priv_part, decode_krb5_enc_priv_part, + krb5_free_priv_enc_part); + ktest_empty_priv_enc_part(&ep); + } + + /****************************************************************/ + /* encode_krb5_cred */ + { + krb5_cred c, *tmp; + + setup(c, "cred", ktest_make_sample_cred); + leak_test(c, encode_krb5_cred, decode_krb5_cred, krb5_free_cred); + ktest_empty_cred(&c); + } + + /****************************************************************/ + /* encode_krb5_enc_cred_part */ + { + krb5_cred_enc_part cep, *tmp; + + setup(cep, "cred_enc_part", ktest_make_sample_cred_enc_part); + leak_test(cep, encode_krb5_enc_cred_part, decode_krb5_enc_cred_part, + krb5_free_cred_enc_part); + + ktest_destroy_principal(&(cep.ticket_info[0]->client)); + ktest_destroy_principal(&(cep.ticket_info[0]->server)); + cep.ticket_info[0]->flags = 0; + cep.ticket_info[0]->times.authtime = 0; + cep.ticket_info[0]->times.starttime = 0; + cep.ticket_info[0]->times.endtime = 0; + cep.ticket_info[0]->times.renew_till = 0; + ktest_destroy_addresses(&(cep.ticket_info[0]->caddrs)); + cep.nonce = 0; + cep.timestamp = 0; + ktest_destroy_address(&(cep.s_address)); + ktest_destroy_address(&(cep.r_address)); + leak_test(cep, encode_krb5_enc_cred_part, decode_krb5_enc_cred_part, + krb5_free_cred_enc_part); + ktest_empty_cred_enc_part(&cep); + } + + /****************************************************************/ + /* encode_krb5_error */ + { + krb5_error kerr, *tmp; + + setup(kerr, "error", ktest_make_sample_error); + leak_test(kerr, encode_krb5_error, decode_krb5_error, krb5_free_error); + + kerr.ctime = 0; + ktest_destroy_principal(&(kerr.client)); + ktest_empty_data(&(kerr.text)); + ktest_empty_data(&(kerr.e_data)); + leak_test(kerr, encode_krb5_error, decode_krb5_error, krb5_free_error); + + ktest_empty_error(&kerr); + } + + /****************************************************************/ + /* encode_krb5_authdata */ + { + krb5_authdata **ad, **tmp; + + setup(ad, "authorization_data", ktest_make_sample_authorization_data); + leak_test(*ad, encode_krb5_authdata, decode_krb5_authdata, + krb5_free_authdata); + ktest_destroy_authorization_data(&ad); + } + + /****************************************************************/ + /* encode_pwd_sequence */ + { + passwd_phrase_element ppe, *tmp; + + setup(ppe, "PasswdSequence", ktest_make_sample_passwd_phrase_element); + leak_test(ppe, encode_krb5_pwd_sequence, decode_krb5_pwd_sequence, + krb5_free_passwd_phrase_element); + ktest_empty_passwd_phrase_element(&ppe); + } + + /****************************************************************/ + /* encode_passwd_data */ + { + krb5_pwd_data pd, *tmp; + + setup(pd, "PasswdData", ktest_make_sample_krb5_pwd_data); + leak_test(pd, encode_krb5_pwd_data, decode_krb5_pwd_data, + krb5_free_pwd_data); + ktest_empty_pwd_data(&pd); + } + + /****************************************************************/ + /* encode_padata_sequence */ + { + krb5_pa_data **pa, **tmp; + + setup(pa, "PreauthData", ktest_make_sample_pa_data_array); + leak_test(*pa, encode_krb5_padata_sequence, + decode_krb5_padata_sequence, krb5_free_pa_data); + ktest_destroy_pa_data_array(&pa); + } + + /****************************************************************/ + /* encode_padata_sequence (empty) */ + { + krb5_pa_data **pa, **tmp; + + setup(pa,"EmptyPreauthData",ktest_make_sample_empty_pa_data_array); + leak_test(*pa, encode_krb5_padata_sequence, + decode_krb5_padata_sequence, krb5_free_pa_data); + ktest_destroy_pa_data_array(&pa); + } + + /****************************************************************/ + /* encode_alt_method */ + { + krb5_alt_method am, *tmp; + + setup(am, "AltMethod", ktest_make_sample_alt_method); + leak_test(am, encode_krb5_alt_method, decode_krb5_alt_method, + krb5_free_alt_method); + am.length = 0; + if (am.data) + free(am.data); + am.data = 0; + leak_test(am, encode_krb5_alt_method, decode_krb5_alt_method, + krb5_free_alt_method); + ktest_empty_alt_method(&am); + } + + /****************************************************************/ + /* encode_etype_info */ + { + krb5_etype_info_entry **info, **tmp; + + setup(info, "etype_info", ktest_make_sample_etype_info); + leak_test(*info, encode_krb5_etype_info, decode_krb5_etype_info, + krb5_free_etype_info); + + ktest_destroy_etype_info_entry(info[2]); info[2] = 0; + ktest_destroy_etype_info_entry(info[1]); info[1] = 0; + leak_test(*info, encode_krb5_etype_info, decode_krb5_etype_info, + krb5_free_etype_info); + + ktest_destroy_etype_info_entry(info[0]); info[0] = 0; + leak_test(*info, encode_krb5_etype_info, decode_krb5_etype_info, + krb5_free_etype_info); + + ktest_destroy_etype_info(info); + } + + /* encode_etype_info 2*/ + { + krb5_etype_info_entry **info, **tmp; + + setup(info, "etype_info2", ktest_make_sample_etype_info2); + leak_test(*info, encode_krb5_etype_info2, decode_krb5_etype_info2, + krb5_free_etype_info); + + ktest_destroy_etype_info_entry(info[2]); info[2] = 0; + ktest_destroy_etype_info_entry(info[1]); info[1] = 0; + leak_test(*info, encode_krb5_etype_info2, decode_krb5_etype_info2, + krb5_free_etype_info); + + ktest_destroy_etype_info(info); + } + + /****************************************************************/ + /* encode_pa_enc_ts */ + { + krb5_pa_enc_ts pa_enc, *tmp; + + setup(pa_enc, "pa_enc_ts", ktest_make_sample_pa_enc_ts); + leak_test(pa_enc, encode_krb5_pa_enc_ts, decode_krb5_pa_enc_ts, + krb5_free_pa_enc_ts); + pa_enc.pausec = 0; + leak_test(pa_enc, encode_krb5_pa_enc_ts, decode_krb5_pa_enc_ts, + krb5_free_pa_enc_ts); + } + + /****************************************************************/ + /* encode_enc_data */ + { + krb5_enc_data enc_data, *tmp; + + setup(enc_data, "enc_data", ktest_make_sample_enc_data); + leak_test(enc_data, encode_krb5_enc_data, decode_krb5_enc_data, + krb5_free_enc_data); + ktest_destroy_enc_data(&enc_data); + } + /****************************************************************/ + /* encode_krb5_sam_challenge */ + { + krb5_sam_challenge sam_ch, *tmp; + + setup(sam_ch, "sam_challenge", ktest_make_sample_sam_challenge); + leak_test(sam_ch, encode_krb5_sam_challenge, decode_krb5_sam_challenge, + krb5_free_sam_challenge); + ktest_empty_sam_challenge(&sam_ch); + } + /****************************************************************/ + /* encode_krb5_sam_response */ + { + krb5_sam_response sam_ch, *tmp; + + setup(sam_ch, "sam_response", ktest_make_sample_sam_response); + leak_test(sam_ch, encode_krb5_sam_response, decode_krb5_sam_response, + krb5_free_sam_response); + ktest_empty_sam_response(&sam_ch); + } + /****************************************************************/ + /* encode_krb5_enc_sam_response_enc */ + { + krb5_enc_sam_response_enc sam_ch, *tmp; + + setup(sam_ch, "enc_sam_response_enc", + ktest_make_sample_enc_sam_response_enc); + leak_test(sam_ch, encode_krb5_enc_sam_response_enc, + decode_krb5_enc_sam_response_enc, + krb5_free_enc_sam_response_enc); + ktest_empty_enc_sam_response_enc(&sam_ch); + } + /****************************************************************/ + /* encode_krb5_predicted_sam_response */ + { + krb5_predicted_sam_response sam_ch, *tmp; + + setup(sam_ch, "predicted_sam_response", + ktest_make_sample_predicted_sam_response); + leak_test(sam_ch, encode_krb5_predicted_sam_response, + decode_krb5_predicted_sam_response, + krb5_free_predicted_sam_response); + ktest_empty_predicted_sam_response(&sam_ch); + } + /****************************************************************/ + /* encode_krb5_sam_response_2 */ + { + krb5_sam_response_2 sam_ch2, *tmp; + + setup(sam_ch2, "sam_response_2", ktest_make_sample_sam_response_2); + leak_test(sam_ch2, encode_krb5_sam_response_2, + decode_krb5_sam_response_2, krb5_free_sam_response_2); + ktest_empty_sam_response_2(&sam_ch2); + } + /****************************************************************/ + /* encode_krb5_sam_response_enc_2 */ + { + krb5_enc_sam_response_enc_2 sam_ch2, *tmp; + + setup(sam_ch2, "enc_sam_response_enc_2", + ktest_make_sample_enc_sam_response_enc_2); + leak_test(sam_ch2, encode_krb5_enc_sam_response_enc_2, + decode_krb5_enc_sam_response_enc_2, + krb5_free_enc_sam_response_enc_2); + ktest_empty_enc_sam_response_enc_2(&sam_ch2); + } + + krb5_free_context(test_context); + return 0; +} From tlyu at MIT.EDU Thu Feb 12 11:24:45 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Thu, 12 Feb 2009 11:24:45 -0500 Subject: svn rev #21971: branches/commit-handler-test/ Message-ID: <200902121624.n1CGOjaa000993@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21971 Commit By: tlyu Log Message: ticket: 6391 subject: test new svn server test new svn server Changed Files: D branches/commit-handler-test/aaaa/ From tlyu at MIT.EDU Thu Feb 12 11:26:15 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Thu, 12 Feb 2009 11:26:15 -0500 Subject: svn rev #21972: branches/commit-handler-test/ Message-ID: <200902121626.n1CGQFr1001217@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21972 Commit By: tlyu Log Message: ticket: 6391 update test Changed Files: A branches/commit-handler-test/aaaa/ From raeburn at MIT.EDU Thu Feb 12 11:51:31 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 11:51:31 -0500 Subject: svn rev #21973: tools/gssmonger/trunk/ Message-ID: <200902121651.n1CGpVCa003589@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21973 Commit By: raeburn Log Message: Update CPPFLAGS, not CFLAGS, with -I and -D options. Changed Files: U tools/gssmonger/trunk/configure.ac Modified: tools/gssmonger/trunk/configure.ac =================================================================== --- tools/gssmonger/trunk/configure.ac 2009-02-12 16:26:14 UTC (rev 21972) +++ tools/gssmonger/trunk/configure.ac 2009-02-12 16:51:30 UTC (rev 21973) @@ -16,7 +16,7 @@ AC_ARG_WITH(com_err, [ --with-com_err=PREFIX Specify location of com_err], [com_err="$withval"], [com_err=yes]) if test "$com_err" != no; then if test "$com_err" != yes; then - CFLAGS="$CFLAGS -I$com_err/include" + CPPFLAGS="$CPPFLAGS -I$com_err/include" LDFLAGS="$LDFLAGS -L$com_err/lib" fi AC_CHECK_HEADERS([com_err.h],,AC_MSG_ERROR([com_err.h header not found])) @@ -26,7 +26,7 @@ fi # Default args required by both MIT Kerberos and Heimdal Kerberos -CFLAGS="$CFLAGS -DUSE_GSSAPI=1 -DUSE_MITKRB5=1" +CPPFLAGS="$CPPFLAGS -DUSE_GSSAPI=1 -DUSE_MITKRB5=1" # We need exactly one of MIT and Heimdal Kerberos, # and we care which one we're asked to use. @@ -55,11 +55,11 @@ if test "$mitkrb5" != no; then if test "$mitkrb5" != yes; then - CFLAGS="$CFLAGS -I$mitkrb5/include" + CPPFLAGS="$CPPFLAGS -I$mitkrb5/include" LDFLAGS="$LDFLAGS -L$mitkrb5/lib" fi - CFLAGS="$CFLAGS -DKRB5_DEPRECATED=1 -DVERSION_STRING=\\\"MIT-KRB5\\\"" + CPPFLAGS="$CPPFLAGS -DKRB5_DEPRECATED=1 -DVERSION_STRING=\\\"MIT-KRB5\\\"" AC_CHECK_HEADERS([krb5.h],,AC_MSG_ERROR([krb5.h header not found])) AC_CHECK_LIB([krb5], [main],,AC_MSG_ERROR([krb5 library not found])) @@ -69,7 +69,7 @@ if test "$heimdal" != no; then if test "$heimdal" != yes; then - CFLAGS="$CFLAGS -I$heimdal/include" + CPPFLAGS="$CPPFLAGS -I$heimdal/include" LDFLAGS="$LDFLAGS -L$heimdal/lib" KRB5CONFIG="$heimdal/bin/krb5-config" @@ -83,7 +83,7 @@ fi fi - CFLAGS="$CFLAGS -DHEIMDAL=1 -DUSE_GSSAPI_H=1 -DUSE_KRB5_MAKE_PRINCIPAL=1 -DNO_SETPASSWORD=1 `$KRB5CONFIG --cflags gssapi` -DVERSION_STRING=\"HEIMDAL\"" + CPPFLAGS="$CPPFLAGS -DHEIMDAL=1 -DUSE_GSSAPI_H=1 -DUSE_KRB5_MAKE_PRINCIPAL=1 -DNO_SETPASSWORD=1 `$KRB5CONFIG --cflags gssapi` -DVERSION_STRING=\"HEIMDAL\"" LDFLAGS="$LDFLAGS `$KRB5CONFIG --libs gssapi` -Wl,-rpath,$heimdal/lib" # Not much to check; we hope that krb5-config checked everything for us @@ -93,7 +93,7 @@ AC_ARG_WITH(log4cpp, [ --with-log4cpp=PREFIX Specify location of log4cpp], [log4cpp="$withval"], [log4cpp=yes]) if test "$log4cpp" != no; then if test "$log4cpp" != yes; then - CFLAGS="$CFLAGS -I$log4cpp/include" + CPPFLAGS="$CPPFLAGS -I$log4cpp/include" LDFLAGS="$LDFLAGS -L$log4cpp/lib" fi # Check fails for unknown reason @@ -107,7 +107,7 @@ AC_ARG_WITH(pthread, [ --with-pthread=PREFIX Specify location of pthread], [pthread="$withval"], [pthread=yes]) if test "$pthread" != no; then if test "$pthread" != yes; then - CFLAGS="$CFLAGS -I$pthread/include" + CPPFLAGS="$CPPFLAGS -I$pthread/include" LDFLAGS="$LDFLAGS -L$pthread/lib" fi AC_CHECK_HEADERS([pthread.h],,AC_MSG_ERROR([pthread.h header not found])) @@ -124,10 +124,10 @@ AC_ARG_WITH(glib, [ --with-glib=PREFIX Specify location of glib-2.0], [glib="$withval"], [glib=yes]) if test "$glib" != no; then if test "$glib" != yes; then - CFLAGS="$CFLAGS -I$glib/include -I$glib/include/$glibversion -I$glib/include/$glibversion/glib -I$glib/lib/$glibversion/include" + CPPFLAGS="$CPPFLAGS -I$glib/include -I$glib/include/$glibversion -I$glib/include/$glibversion/glib -I$glib/lib/$glibversion/include" LDFLAGS="$LDFLAGS -L$glib/lib" else - CFLAGS="$CFLAGS -I/usr/include -I/usr/include/$glibversion -I/usr/include/$glibversion/glib -I/usr/lib/$glibversion/include" + CPPFLAGS="$CPPFLAGS -I/usr/include -I/usr/include/$glibversion -I/usr/include/$glibversion/glib -I/usr/lib/$glibversion/include" fi AC_CHECK_HEADERS([glib.h],,AC_MSG_ERROR([glib.h header not found])) AC_CHECK_LIB([glib-2.0], [g_option_context_new],,AC_MSG_ERROR([glib-2.0 library not found])) @@ -145,7 +145,7 @@ if test "`uname`" == "Linux"; then # I know this breaks with the whole spirit of autoconf and all that; # but I don't know what is needed from these two libraries so I can't test for it. - CFLAGS="$CFLAGS -DUSE_STRING_H=1 -DUSE_TIME_H=1" + CPPFLAGS="$CPPFLAGS -DUSE_STRING_H=1 -DUSE_TIME_H=1" fi # Checks for typedefs, structures, and compiler characteristics. @@ -163,7 +163,7 @@ AC_FUNC_VPRINTF AC_CHECK_FUNCS([getpass isascii memset select socket strchr strpbrk strrchr strtoul]) -CPPFLAGS="$CFLAGS" +CPPFLAGS="$CPPFLAGS" AC_CONFIG_FILES([gssmaster/Makefile gssmaggot/Makefile Makefile]) AC_OUTPUT From raeburn at MIT.EDU Thu Feb 12 12:26:52 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 12:26:52 -0500 Subject: svn rev #21974: tools/gssmonger/trunk/ gssmaggot/ gssmaster/ Message-ID: <200902121726.n1CHQqY1006614@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21974 Commit By: raeburn Log Message: support offset build Changed Files: U tools/gssmonger/trunk/gssmaggot/Makefile.am U tools/gssmonger/trunk/gssmaster/Makefile.am Modified: tools/gssmonger/trunk/gssmaggot/Makefile.am =================================================================== --- tools/gssmonger/trunk/gssmaggot/Makefile.am 2009-02-12 16:51:30 UTC (rev 21973) +++ tools/gssmonger/trunk/gssmaggot/Makefile.am 2009-02-12 17:26:52 UTC (rev 21974) @@ -63,5 +63,5 @@ bin_PROGRAMS = gssmaggot -AM_CFLAGS = -I../include +AM_CFLAGS = -I../include -I$(srcdir)/../include gssmaggot_SOURCES = gssapi.c server.c handlers.c netutil.c util.c resource.c mitkrb5.c extend.c logging.c Modified: tools/gssmonger/trunk/gssmaster/Makefile.am =================================================================== --- tools/gssmonger/trunk/gssmaster/Makefile.am 2009-02-12 16:51:30 UTC (rev 21973) +++ tools/gssmonger/trunk/gssmaster/Makefile.am 2009-02-12 17:26:52 UTC (rev 21974) @@ -1,7 +1,7 @@ AUTOMAKE_OPTIONS = foreign -AM_CFLAGS = -I../include -DHAVE_EZLOG -AM_CPPFLAGS = -I../include -DHAVE_EZLOG -DUSE_GSSAPI +AM_CFLAGS = -I$(srcdir)/../include -I../include -DHAVE_EZLOG +AM_CPPFLAGS = -I$(srcdir)/../include -I../include -DHAVE_EZLOG -DUSE_GSSAPI bin_PROGRAMS = gssmaster gssmaster_SOURCES = alltests.c caseprv.c chgpass.c combos.c context.c \ From raeburn at MIT.EDU Thu Feb 12 12:29:34 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 12:29:34 -0500 Subject: svn rev #21975: tools/gssmonger/trunk/gssmaster/ Message-ID: <200902121729.n1CHTY5e006930@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21975 Commit By: raeburn Log Message: use vsnprintf with a va_list arg; use va_start on correct arg Changed Files: U tools/gssmonger/trunk/gssmaster/ezlog_log4cpp.cpp Modified: tools/gssmonger/trunk/gssmaster/ezlog_log4cpp.cpp =================================================================== --- tools/gssmonger/trunk/gssmaster/ezlog_log4cpp.cpp 2009-02-12 17:26:52 UTC (rev 21974) +++ tools/gssmonger/trunk/gssmaster/ezlog_log4cpp.cpp 2009-02-12 17:29:34 UTC (rev 21975) @@ -149,7 +149,7 @@ // Start a new log4cpp log EZLOGAPI ezStartBlock(IN OPTIONAL HANDLE OldLevel, - IN OPTIONAL PHANDLE NewLevel, + OUT OPTIONAL PHANDLE NewLevel, IN OPTIONAL ULONG Flags, // currently ignored IN OPTIONAL ULONG LogLevel, IN LPEZSTR LogString, @@ -167,7 +167,7 @@ va_list args; va_start(args, LogString); - snprintf(ProcessedLogString, 4096, LogString, args); + vsnprintf(ProcessedLogString, 4096, LogString, args); va_end(args); char LogName[24]; @@ -218,7 +218,7 @@ vsnprintf(ProcessedLogString, 4096, LogString, *args); va_end(*args); - + cat->log(etol_priority(LogLevel), ProcessedLogString); @@ -233,7 +233,7 @@ IN LPEZSTR LogString, ...) { va_list args; - va_start(args, Line); + va_start(args, LogString); vezLogMsg( LogLevel, Log4cCategory, File, Line, LogString, &args ); } From raeburn at MIT.EDU Thu Feb 12 12:30:32 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 12:30:32 -0500 Subject: svn rev #21976: tools/gssmonger/trunk/gssmaster/ Message-ID: <200902121730.n1CHUWA9007051@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21976 Commit By: raeburn Log Message: pass correct maxfd to select for unix; check for pthread_create error Changed Files: U tools/gssmonger/trunk/gssmaster/clientapis.c Modified: tools/gssmonger/trunk/gssmaster/clientapis.c =================================================================== --- tools/gssmonger/trunk/gssmaster/clientapis.c 2009-02-12 17:29:34 UTC (rev 21975) +++ tools/gssmonger/trunk/gssmaster/clientapis.c 2009-02-12 17:30:31 UTC (rev 21976) @@ -1342,7 +1342,7 @@ ServerLogListeningThread( IN OUT HLOGTHREAD hThread ) { DWORD dwErr = ERROR_SUCCESS; - SOCKET tmpsock; + SOCKET tmpsock, maxfd; ULONG i; int nSet; fd_set readset, errorset; @@ -1431,13 +1431,16 @@ FD_SET( hThread->ListeningSocket, &readset ); + maxfd = hThread->ListeningSocket; for ( i = 0 ; i < hThread->Sockets.cSockets ; i ++ ) { - FD_SET( hThread->Sockets.pSockets[ i ], - &readset ); + SOCKET f = hThread->Sockets.pSockets[ i ]; + FD_SET( f, &readset ); + if (maxfd < f) + maxfd = f; } @@ -1445,13 +1448,12 @@ &readset, sizeof( errorset ) ); - nSet = select( 0, // ignored + nSet = select( maxfd+1, // ignored on Windows, important on UNIX &readset, NULL, // writeset -- never need to write &errorset, &tv ); - if ( nSet == SOCKET_ERROR ) { ezLogMsgA( EZLOG_WARN, @@ -1676,7 +1678,6 @@ } return dwErr; - } BOOL @@ -1689,6 +1690,7 @@ struct sockaddr_storage Addr = { 0 }; int AddrLen = sizeof( Addr ); char PortStr[6]; + int err; if ( MMALLOC( sizeof( *hThread ), @@ -1811,10 +1813,15 @@ hThread->hThread = malloc(sizeof(pthread_t)); - pthread_create( (pthread_t*)(hThread->hThread), - NULL, - (void*(*)(void*))ServerLogListeningThread, - (PVOID) hThread ); + err = pthread_create( &hThread->hThread, + NULL, + (void*(*)(void*))ServerLogListeningThread, + (PVOID) hThread ); + if (err) { + fprintf(stderr, "Can't create logging thread: %s\n", + strerror(err)); + ret = FALSE; + } #endif // WINNT From raeburn at MIT.EDU Thu Feb 12 12:30:52 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 12:30:52 -0500 Subject: svn rev #21977: tools/gssmonger/trunk/gssmaster/ Message-ID: <200902121730.n1CHUqWI007106@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21977 Commit By: raeburn Log Message: make thread handle be an actual pthread_t on unix Changed Files: U tools/gssmonger/trunk/gssmaster/clientlib.h Modified: tools/gssmonger/trunk/gssmaster/clientlib.h =================================================================== --- tools/gssmonger/trunk/gssmaster/clientlib.h 2009-02-12 17:30:31 UTC (rev 21976) +++ tools/gssmonger/trunk/gssmaster/clientlib.h 2009-02-12 17:30:51 UTC (rev 21977) @@ -231,8 +231,11 @@ } STRINGMAP, *PSTRINGMAP; typedef struct { - +#ifdef _WIN32 HANDLE hThread; +#else + pthread_t hThread; +#endif SOCKET ListeningSocket; SOCKETLIST Sockets; USHORT LoggingPort; From raeburn at MIT.EDU Thu Feb 12 12:31:37 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 12:31:37 -0500 Subject: svn rev #21978: tools/gssmonger/trunk/gssmaggot/ Message-ID: <200902121731.n1CHVbKM007206@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21978 Commit By: raeburn Log Message: pass correct maxfd to select on unix; when receiving 0-length string, allocate 1 byte instead of using NULL Changed Files: U tools/gssmonger/trunk/gssmaggot/netrw.c U tools/gssmonger/trunk/gssmaggot/netutil.c Modified: tools/gssmonger/trunk/gssmaggot/netrw.c =================================================================== --- tools/gssmonger/trunk/gssmaggot/netrw.c 2009-02-12 17:30:51 UTC (rev 21977) +++ tools/gssmonger/trunk/gssmaggot/netrw.c 2009-02-12 17:31:37 UTC (rev 21978) @@ -487,7 +487,7 @@ FD_ZERO( &fds ); FD_SET( Sock, &fds ); - if ( !select( 0, /* first parameter is ignored for compatibility */ + if ( !select( Sock+1, &fds, NULL, NULL, Modified: tools/gssmonger/trunk/gssmaggot/netutil.c =================================================================== --- tools/gssmonger/trunk/gssmaggot/netutil.c 2009-02-12 17:30:51 UTC (rev 21977) +++ tools/gssmonger/trunk/gssmaggot/netutil.c 2009-02-12 17:31:37 UTC (rev 21978) @@ -357,13 +357,15 @@ } else { - /* zero-length thingie sent. Set the pvData to null. - THIS IS PROBABLY NOT WHAT YOU WANT. */ + /* Zero-length thingie sent. Store an empty C string, + because later sometimes we try to compare or print it. */ - pEntries[ i ].pvData = NULL; - + ret = MMALLOC( 1, &pEntries[ i ].pvData ); + if (pEntries[ i ].pvData) + *(char *)pEntries[ i ].pvData = 0; } + } else { ASSERT( pEntries[ i ].pvData != NULL ); @@ -853,7 +855,7 @@ FD_SET( Socket, &fdsExcept ); } - return select( 0, /* first parameter ignored for compatibility */ + return select( Socket+1, &fdsRead, &fdsWrite, &fdsExcept, From raeburn at MIT.EDU Thu Feb 12 12:39:41 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 12:39:41 -0500 Subject: svn rev #21979: tools/gssmonger/trunk/ gssmaggot/ gssmaster/ Message-ID: <200902121739.n1CHdfWV007885@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21979 Commit By: raeburn Log Message: ignore some stuff generated by automake et al Changed Files: _U tools/gssmonger/trunk/ _U tools/gssmonger/trunk/gssmaggot/ _U tools/gssmonger/trunk/gssmaster/ Property changes on: tools/gssmonger/trunk ___________________________________________________________________ Name: svn:ignore + configure Makefile.in depcomp config.h.in autom4te.cache missing aclocal.m4 install-sh Property changes on: tools/gssmonger/trunk/gssmaggot ___________________________________________________________________ Name: svn:ignore + Makefile.in Property changes on: tools/gssmonger/trunk/gssmaster ___________________________________________________________________ Name: svn:ignore + Makefile.in From ghudson at MIT.EDU Thu Feb 12 12:51:45 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 12 Feb 2009 12:51:45 -0500 Subject: svn rev #21980: trunk/src/lib/krb5/krb/ Message-ID: <200902121751.n1CHpjS8008969@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21980 Commit By: ghudson Log Message: ticket: 6392 subject: Fix allocation failure check in walk_rtree tags: pullup target_version: 1.7 Check the correct variable for null after allocating the server string in rtree_capath_vals. Changed Files: U trunk/src/lib/krb5/krb/walk_rtree.c Modified: trunk/src/lib/krb5/krb/walk_rtree.c =================================================================== --- trunk/src/lib/krb5/krb/walk_rtree.c 2009-02-12 17:39:41 UTC (rev 21979) +++ trunk/src/lib/krb5/krb/walk_rtree.c 2009-02-12 17:51:45 UTC (rev 21980) @@ -273,7 +273,7 @@ memcpy(clientz, client->data, client->length); serverz = calloc(server->length + 1, 1); - if (clientz == NULL) { + if (serverz == NULL) { retval = ENOMEM; goto error; } From ghudson at MIT.EDU Thu Feb 12 13:21:33 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 12 Feb 2009 13:21:33 -0500 Subject: svn rev #21981: trunk/src/lib/krb5/asn.1/ Message-ID: <200902121821.n1CILX27011502@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21981 Commit By: ghudson Log Message: Modify asn12krb5_buf and asn1_do_full_encode to make output parameter values well-defined on error. Clean up memory handling and an unused variable in asn1_do_full_encode. Changed Files: U trunk/src/lib/krb5/asn.1/asn1_encode.c U trunk/src/lib/krb5/asn.1/asn1buf.c Modified: trunk/src/lib/krb5/asn.1/asn1_encode.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_encode.c 2009-02-12 17:51:45 UTC (rev 21980) +++ trunk/src/lib/krb5/asn.1/asn1_encode.c 2009-02-12 18:21:33 UTC (rev 21981) @@ -675,20 +675,26 @@ { unsigned int length; asn1_error_code retval; - unsigned int sum = 0; asn1buf *buf = NULL; + krb5_data *d; - if (rep == NULL) return ASN1_MISSING_FIELD; + *code = NULL; + if (rep == NULL) + return ASN1_MISSING_FIELD; + retval = asn1buf_create(&buf); if (retval) return retval; retval = krb5int_asn1_encode_a_thing(buf, rep, a, &length); if (retval) - return retval; - sum += length; - retval = asn12krb5_buf(buf, code); + goto cleanup; + retval = asn12krb5_buf(buf, &d); + if (retval) + goto cleanup; + *code = d; +cleanup: asn1buf_destroy(&buf); return retval; } Modified: trunk/src/lib/krb5/asn.1/asn1buf.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1buf.c 2009-02-12 17:51:45 UTC (rev 21980) +++ trunk/src/lib/krb5/asn.1/asn1buf.c 2009-02-12 18:21:33 UTC (rev 21981) @@ -253,21 +253,24 @@ asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code) { unsigned int i; - *code = (krb5_data*)calloc(1,sizeof(krb5_data)); - if (*code == NULL) return ENOMEM; - (*code)->magic = KV5M_DATA; - (*code)->data = NULL; - (*code)->length = 0; - (*code)->length = asn1buf_len(buf); - (*code)->data = (char*)malloc((((*code)->length)+1)*sizeof(char)); - if ((*code)->data == NULL) { - free(*code); - *code = NULL; + krb5_data *d; + + *code = NULL; + + d = calloc(1, sizeof(krb5_data)); + if (d == NULL) return ENOMEM; + d->length = asn1buf_len(buf); + d->data = malloc(d->length + 1); + if (d->data == NULL) { + free(d); + return ENOMEM; } - for (i=0; i < (*code)->length; i++) - ((*code)->data)[i] = (buf->base)[((*code)->length)-i-1]; - ((*code)->data)[(*code)->length] = '\0'; + for (i=0; i < d->length; i++) + d->data[i] = buf->base[d->length - i - 1]; + d->data[d->length] = '\0'; + d->magic = KV5M_DATA; + *code = d; return 0; } From ghudson at MIT.EDU Thu Feb 12 14:38:08 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 12 Feb 2009 14:38:08 -0500 Subject: svn rev #21982: trunk/src/lib/krb5/rcache/ Message-ID: <200902121938.n1CJc8ZA017537@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21982 Commit By: ghudson Log Message: In krb5_rc_io_open_internal, d->fn is always set for the cleanup handler, so do not check it. Changed Files: U trunk/src/lib/krb5/rcache/rc_io.c Modified: trunk/src/lib/krb5/rcache/rc_io.c =================================================================== --- trunk/src/lib/krb5/rcache/rc_io.c 2009-02-12 18:21:33 UTC (rev 21981) +++ trunk/src/lib/krb5/rcache/rc_io.c 2009-02-12 19:38:08 UTC (rev 21982) @@ -295,12 +295,10 @@ cleanup: if (retval) { - if (d->fn) { - if (!do_not_unlink) - (void) unlink(d->fn); - free(d->fn); - d->fn = NULL; - } + if (!do_not_unlink) + (void) unlink(d->fn); + free(d->fn); + d->fn = NULL; if (d->fd >= 0) (void) close(d->fd); } From raeburn at MIT.EDU Thu Feb 12 14:43:08 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 14:43:08 -0500 Subject: svn rev #21983: trunk/src/lib/krb5/asn.1/ Message-ID: <200902121943.n1CJh82M018005@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21983 Commit By: raeburn Log Message: Remove useless unsigned >=0 tests. Changed Files: U trunk/src/lib/krb5/asn.1/asn1_k_encode.c Modified: trunk/src/lib/krb5/asn.1/asn1_k_encode.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_encode.c 2009-02-12 19:38:08 UTC (rev 21982) +++ trunk/src/lib/krb5/asn.1/asn1_k_encode.c 2009-02-12 19:43:08 UTC (rev 21983) @@ -427,7 +427,7 @@ const krb5_etype_info_entry *val = vptr; unsigned int optional = 0; - if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT) + if (val->length != KRB5_ETYPE_NO_SALT) optional |= (1u << 1); return optional; @@ -445,7 +445,7 @@ const krb5_etype_info_entry *val = vptr; unsigned int optional = 0; - if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT) + if (val->length != KRB5_ETYPE_NO_SALT) optional |= (1u << 1); if (val->s2kparams.data) optional |= (1u << 2); From ghudson at MIT.EDU Thu Feb 12 14:43:24 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 12 Feb 2009 14:43:24 -0500 Subject: svn rev #21984: trunk/src/lib/krb5/krb/ Message-ID: <200902121943.n1CJhOri018068@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21984 Commit By: ghudson Log Message: Make output parameter of krb5_generate_subkey_extended well-defined on error, and reformat function to fit coding standards. Changed Files: U trunk/src/lib/krb5/krb/gen_subkey.c Modified: trunk/src/lib/krb5/krb/gen_subkey.c =================================================================== --- trunk/src/lib/krb5/krb/gen_subkey.c 2009-02-12 19:43:08 UTC (rev 21983) +++ trunk/src/lib/krb5/krb/gen_subkey.c 2009-02-12 19:43:23 UTC (rev 21984) @@ -47,20 +47,28 @@ { krb5_error_code retval; krb5_data seed; + krb5_keyblock *keyblock; + *subkey = NULL; + seed = key2data(*key); - if ((retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed))) - return(retval); + retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY, + &seed); + if (retval) + return retval; - if ((*subkey = (krb5_keyblock *) malloc(sizeof(krb5_keyblock))) == NULL) - return(ENOMEM); + keyblock = malloc(sizeof(krb5_keyblock)); + if (!keyblock) + return ENOMEM; - if ((retval = krb5_c_make_random_key(context, enctype, *subkey))) { + retval = krb5_c_make_random_key(context, enctype, keyblock); + if (retval) { free(*subkey); - return(retval); + return retval; } - return(0); + *subkey = keyblock; + return 0; } krb5_error_code From ghudson at MIT.EDU Thu Feb 12 15:07:16 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 12 Feb 2009 15:07:16 -0500 Subject: svn rev #21985: trunk/src/lib/krb5/krb/ Message-ID: <200902122007.n1CK7GKW020014@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21985 Commit By: ghudson Log Message: In krb5_get_in_tkt_with_password, free opte before returning the error from krb5_unparse_name, not after. Changed Files: U trunk/src/lib/krb5/krb/gic_pwd.c Modified: trunk/src/lib/krb5/krb/gic_pwd.c =================================================================== --- trunk/src/lib/krb5/krb/gic_pwd.c 2009-02-12 19:43:23 UTC (rev 21984) +++ trunk/src/lib/krb5/krb/gic_pwd.c 2009-02-12 20:07:15 UTC (rev 21985) @@ -502,8 +502,8 @@ return (retval); retval = krb5_unparse_name( context, creds->server, &server); if (retval) { + krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); return (retval); - krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte); } server_princ = creds->server; client_princ = creds->client; From raeburn at MIT.EDU Thu Feb 12 15:18:20 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 15:18:20 -0500 Subject: svn rev #21986: trunk/src/kadmin/testing/util/ Message-ID: <200902122018.n1CKIKnl020878@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21986 Commit By: raeburn Log Message: Don't apply 'const' twice. Changed Files: U trunk/src/kadmin/testing/util/tcl_kadm5.c Modified: trunk/src/kadmin/testing/util/tcl_kadm5.c =================================================================== --- trunk/src/kadmin/testing/util/tcl_kadm5.c 2009-02-12 20:07:15 UTC (rev 21985) +++ trunk/src/kadmin/testing/util/tcl_kadm5.c 2009-02-12 20:18:20 UTC (rev 21986) @@ -2085,7 +2085,7 @@ static int tcl_kadm5_get_principal(ClientData clientData, Tcl_Interp *interp, - int argc, const const char *argv[]) + int argc, const char *argv[]) { krb5_principal princ; kadm5_principal_ent_rec ent; From raeburn at MIT.EDU Thu Feb 12 15:19:21 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 15:19:21 -0500 Subject: svn rev #21987: trunk/src/lib/gssapi/krb5/ Message-ID: <200902122019.n1CKJLjW021036@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21987 Commit By: raeburn Log Message: Don't apply 'const' twice. Make kg_arcfour_l40 static. Changed Files: U trunk/src/lib/gssapi/krb5/util_crypt.c Modified: trunk/src/lib/gssapi/krb5/util_crypt.c =================================================================== --- trunk/src/lib/gssapi/krb5/util_crypt.c 2009-02-12 20:18:20 UTC (rev 21986) +++ trunk/src/lib/gssapi/krb5/util_crypt.c 2009-02-12 20:19:21 UTC (rev 21987) @@ -54,7 +54,7 @@ #include #endif -const char const kg_arcfour_l40[] = "fortybits"; +static const char kg_arcfour_l40[] = "fortybits"; static krb5_error_code kg_copy_keys(krb5_context context, From raeburn at MIT.EDU Thu Feb 12 15:35:16 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 15:35:16 -0500 Subject: svn rev #21988: trunk/src/util/support/ Message-ID: <200902122035.n1CKZGpn022333@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21988 Commit By: raeburn Log Message: Don't pass negative numbers to strerror. Changed Files: U trunk/src/util/support/errors.c Modified: trunk/src/util/support/errors.c =================================================================== --- trunk/src/util/support/errors.c 2009-02-12 20:19:21 UTC (rev 21987) +++ trunk/src/util/support/errors.c 2009-02-12 20:35:15 UTC (rev 21988) @@ -113,6 +113,20 @@ if (fptr == NULL) { unlock(); no_fptr: + /* Theoretically, according to ISO C, strerror should be able + to give us a message back for any int value. However, on + UNIX at least, the errno codes strerror will actually be + useful for are positive, so a negative value here would be + kind of weird. + + Coverity Prevent thinks we shouldn't be passing negative + values to strerror, and it's not likely to be useful, so + let's not do it. + + Besides, normally we shouldn't get here; fptr should take + us to a callback function in the com_err library. */ + if (code < 0) + goto format_number; #ifdef HAVE_STRERROR_R if (strerror_r (code, ep->scratch_buf, sizeof(ep->scratch_buf)) == 0) { char *p = strdup(ep->scratch_buf); From raeburn at MIT.EDU Thu Feb 12 19:52:01 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 19:52:01 -0500 Subject: svn rev #21989: tools/gssmonger/trunk/ Message-ID: <200902130052.n1D0q10a008363@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21989 Commit By: raeburn Log Message: Add com_err library, and put libraries in the proper order. Changed Files: U tools/gssmonger/trunk/configure.ac Modified: tools/gssmonger/trunk/configure.ac =================================================================== --- tools/gssmonger/trunk/configure.ac 2009-02-12 20:35:15 UTC (rev 21988) +++ tools/gssmonger/trunk/configure.ac 2009-02-13 00:52:00 UTC (rev 21989) @@ -62,9 +62,10 @@ CPPFLAGS="$CPPFLAGS -DKRB5_DEPRECATED=1 -DVERSION_STRING=\\\"MIT-KRB5\\\"" AC_CHECK_HEADERS([krb5.h],,AC_MSG_ERROR([krb5.h header not found])) + AC_CHECK_LIB([com_err], [error_message],,AC_MSG_ERROR([com_err library not found])) + AC_CHECK_LIB([k5crypto], [main],,AC_MSG_ERROR([k5crypto library not found])) AC_CHECK_LIB([krb5], [main],,AC_MSG_ERROR([krb5 library not found])) AC_CHECK_LIB([gssapi_krb5], [main],,AC_MSG_ERROR([gssapi_krb5 library not found])) - AC_CHECK_LIB([k5crypto], [main],,AC_MSG_ERROR([k5crypto library not found])) fi if test "$heimdal" != no; then From raeburn at MIT.EDU Thu Feb 12 19:53:15 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 19:53:15 -0500 Subject: svn rev #21990: tools/gssmonger/trunk/gssmaggot/ Message-ID: <200902130053.n1D0rFTf008439@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21990 Commit By: raeburn Log Message: set some socket options Changed Files: U tools/gssmonger/trunk/gssmaggot/netrw.c U tools/gssmonger/trunk/gssmaggot/netutil.c Modified: tools/gssmonger/trunk/gssmaggot/netrw.c =================================================================== --- tools/gssmonger/trunk/gssmaggot/netrw.c 2009-02-13 00:52:00 UTC (rev 21989) +++ tools/gssmonger/trunk/gssmaggot/netrw.c 2009-02-13 00:53:15 UTC (rev 21990) @@ -116,6 +116,20 @@ #define PF_NAME(x) ((x) == PF_INET ? "INET" : ((x) == PF_INET6 ? "INET6" : "Unknown")) +int +setnolinger(SOCKET s) +{ + static const struct linger ling = { 0, 0 }; + return setsockopt(s, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling)); +} +#include +int +setnodelay(SOCKET s) +{ + static const int one = 1; + return setsockopt(s, IPPROTO_TCP, TCP_NODELAY, &one, sizeof(one)); +} + /*++************************************************************** NAME: MakeSocket @@ -173,6 +187,8 @@ pAddrFamily ); } else { + setnolinger(*pSocket); + setnodelay(*pSocket); return TRUE; } } @@ -193,6 +209,8 @@ PF_NAME(pAddrIn->ai_family)); } else { + setnolinger(*pSocket); + setnodelay(*pSocket); return TRUE; } } Modified: tools/gssmonger/trunk/gssmaggot/netutil.c =================================================================== --- tools/gssmonger/trunk/gssmaggot/netutil.c 2009-02-13 00:52:00 UTC (rev 21989) +++ tools/gssmonger/trunk/gssmaggot/netutil.c 2009-02-13 00:53:15 UTC (rev 21990) @@ -925,6 +925,8 @@ } else { *pSession = SessionSock; + setnodelay(SessionSock); + setnolinger(SessionSock); } From raeburn at MIT.EDU Thu Feb 12 19:53:47 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 19:53:47 -0500 Subject: svn rev #21991: tools/gssmonger/trunk/gssmaggot/ Message-ID: <200902130053.n1D0rlUu008483@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21991 Commit By: raeburn Log Message: Use pclose after popen. Don't introduce gratuitous delay. Changed Files: U tools/gssmonger/trunk/gssmaggot/mitkrb5.c Modified: tools/gssmonger/trunk/gssmaggot/mitkrb5.c =================================================================== --- tools/gssmonger/trunk/gssmaggot/mitkrb5.c 2009-02-13 00:53:15 UTC (rev 21990) +++ tools/gssmonger/trunk/gssmaggot/mitkrb5.c 2009-02-13 00:53:47 UTC (rev 21991) @@ -204,7 +204,7 @@ TicketInfo ); #endif - fclose( pTickets ); + pclose( pTickets ); } } @@ -443,7 +443,7 @@ error. Sleeping can mitigate this problem, but it's a hack. */ - sleep( AcquireSleepTime ); +// sleep( AcquireSleepTime ); } From raeburn at MIT.EDU Thu Feb 12 19:54:47 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 12 Feb 2009 19:54:47 -0500 Subject: svn rev #21992: tools/gssmonger/trunk/gssmaster/ Message-ID: <200902130054.n1D0slwh008544@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21992 Commit By: raeburn Log Message: Check for buffer overrun. Fix signed-char bug leading to buffer overrun. Changed Files: U tools/gssmonger/trunk/gssmaster/misc.c Modified: tools/gssmonger/trunk/gssmaster/misc.c =================================================================== --- tools/gssmonger/trunk/gssmaster/misc.c 2009-02-13 00:53:47 UTC (rev 21991) +++ tools/gssmonger/trunk/gssmaster/misc.c 2009-02-13 00:54:47 UTC (rev 21992) @@ -63,6 +63,7 @@ --*/ +#include #include "everything.h" #include "svconn.h" #include "netutil.h" @@ -855,10 +856,13 @@ iChar < cbToken ; iChar ++, pbToken++ ) { + assert(HexCursor + 3 - HexContents < sizeof(HexContents)); HexCursor += sprintf( HexCursor, "%02x ", - *pbToken ); + 0xff & *pbToken ); + assert(HexCursor <= HexContents + sizeof(HexContents)); + assert(iLine < sizeof(AsciiContents)); if ( isprint( *pbToken ) ) { AsciiContents[ iLine ] = *pbToken; } else { @@ -866,14 +870,17 @@ } iLine++; + assert(iLine < sizeof(AsciiContents)); AsciiContents[ iLine ] = '\0'; if ( iChar == cbToken -1 ) { while ( iLine < CHUNKSIZE ) { + assert(HexCursor + 3 - HexContents < sizeof(HexContents)); HexCursor += sprintf( HexCursor, " " ); + assert(HexCursor <= HexContents + sizeof(HexContents)); iLine++; } From hartmans at MIT.EDU Fri Feb 13 10:55:33 2009 From: hartmans at MIT.EDU (hartmans@MIT.EDU) Date: Fri, 13 Feb 2009 10:55:33 -0500 Subject: svn rev #21993: trunk/src/ include/ lib/krb5/ lib/krb5/krb/ Message-ID: <200902131555.n1DFtXlr026214@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21993 Commit By: hartmans Log Message: Subject: Implement TGS authenticator subkey usage ticket: 6393 tags: enhancement Implement support for use of a subkey in the TGS req. This is needed by FAST TGS support. The interface to krb5_send_tgs changed in order to gain a subkey output parameter. Since this is a private interface it was renamed to krb5int_send_tgs and removed from the export list. * send_tgs.c: generate a subkey and return to caller * decode_kdc_rep.c: Use subkey keyusage * gc_via_tkt.c: pass in subkey to decode_kdc_rep * send_tgs.c: use subkey for encrypting authorization data Changed Files: U trunk/src/include/k5-int.h U trunk/src/lib/krb5/krb/decode_kdc.c U trunk/src/lib/krb5/krb/gc_via_tkt.c U trunk/src/lib/krb5/krb/send_tgs.c U trunk/src/lib/krb5/libkrb5.exports Modified: trunk/src/include/k5-int.h =================================================================== --- trunk/src/include/k5-int.h 2009-02-13 00:54:47 UTC (rev 21992) +++ trunk/src/include/k5-int.h 2009-02-13 15:55:32 UTC (rev 21993) @@ -2523,7 +2523,7 @@ void KRB5_CALLCONV krb5_free_config_files (char **filenames); -krb5_error_code krb5_send_tgs +krb5_error_code krb5int_send_tgs (krb5_context, krb5_flags, const krb5_ticket_times *, @@ -2534,11 +2534,16 @@ krb5_pa_data * const *, const krb5_data *, krb5_creds *, - krb5_response * ); + krb5_response * , krb5_keyblock **subkey); + /* The subkey field is an output parameter; if a + * tgs-rep is received then the subkey will be filled + * in with the subkey needed to decrypt the TGS + * response. Otherwise it will be set to null. + */ krb5_error_code krb5_decode_kdc_rep (krb5_context, krb5_data *, - const krb5_keyblock *, + const krb5_keyblock *, krb5_kdc_rep ** ); krb5_error_code krb5_rd_req_decoded Modified: trunk/src/lib/krb5/krb/decode_kdc.c =================================================================== --- trunk/src/lib/krb5/krb/decode_kdc.c 2009-02-13 00:54:47 UTC (rev 21992) +++ trunk/src/lib/krb5/krb/decode_kdc.c 2009-02-13 15:55:32 UTC (rev 21993) @@ -53,12 +53,7 @@ usage = KRB5_KEYUSAGE_AS_REP_ENCPART; retval = decode_krb5_as_rep(enc_rep, &local_dec_rep); } else if (krb5_is_tgs_rep(enc_rep)) { - usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY; - /* KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY would go here, except - that this client code base doesn't ever put a subkey in the - tgs_req authenticator, so the tgs_rep is never encrypted in - one. (Check send_tgs.c:krb5_send_tgs_basic(), near the top - where authent.subkey is set to 0) */ + usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY; retval = decode_krb5_tgs_rep(enc_rep, &local_dec_rep); } else { return KRB5KRB_AP_ERR_MSG_TYPE; Modified: trunk/src/lib/krb5/krb/gc_via_tkt.c =================================================================== --- trunk/src/lib/krb5/krb/gc_via_tkt.c 2009-02-13 00:54:47 UTC (rev 21992) +++ trunk/src/lib/krb5/krb/gc_via_tkt.c 2009-02-13 15:55:32 UTC (rev 21993) @@ -154,6 +154,7 @@ krb5_error *err_reply; krb5_response tgsrep; krb5_enctype *enctypes = 0; + krb5_keyblock *subkey = NULL; #ifdef DEBUG_REFERRALS printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off"); @@ -200,12 +201,12 @@ enctypes[1] = 0; } - retval = krb5_send_tgs(context, kdcoptions, &in_cred->times, enctypes, + retval = krb5int_send_tgs(context, kdcoptions, &in_cred->times, enctypes, in_cred->server, address, in_cred->authdata, 0, /* no padata */ (kdcoptions & KDC_OPT_ENC_TKT_IN_SKEY) ? &in_cred->second_ticket : NULL, - tkt, &tgsrep); + tkt, &tgsrep, &subkey); if (enctypes) free(enctypes); if (retval) { @@ -280,7 +281,7 @@ } if ((retval = krb5_decode_kdc_rep(context, &tgsrep.response, - &tkt->keyblock, &dec_rep))) + subkey, &dec_rep))) goto error_4; if (dec_rep->msg_type != KRB5_TGS_REP) { @@ -334,6 +335,9 @@ &in_cred->second_ticket, out_cred); error_3:; + if (subkey != NULL) + krb5_free_keyblock(context, subkey); + memset(dec_rep->enc_part2->session->contents, 0, dec_rep->enc_part2->session->length); krb5_free_kdc_rep(context, dec_rep); Modified: trunk/src/lib/krb5/krb/send_tgs.c =================================================================== --- trunk/src/lib/krb5/krb/send_tgs.c 2009-02-13 00:54:47 UTC (rev 21992) +++ trunk/src/lib/krb5/krb/send_tgs.c 2009-02-13 15:55:32 UTC (rev 21993) @@ -30,7 +30,7 @@ #include "k5-int.h" /* - Sends a request to the TGS and waits for a response. +Constructs a TGS request options is used for the options in the KRB_TGS_REQ. timestruct values are used for from, till, rtime " " " enctype is used for enctype " " ", and to encrypt the authorization data, @@ -48,7 +48,8 @@ returns system errors */ static krb5_error_code -krb5_send_tgs_basic(krb5_context context, krb5_data *in_data, krb5_creds *in_cred, krb5_data *outbuf) +tgs_construct_tgsreq(krb5_context context, krb5_data *in_data, + krb5_creds *in_cred, krb5_data *outbuf, krb5_keyblock **subkey) { krb5_error_code retval; krb5_checksum checksum; @@ -56,6 +57,12 @@ krb5_ap_req request; krb5_data * scratch; krb5_data * toutbuf; + checksum.contents = NULL; +/* Generate subkey*/ + if ((retval = krb5_generate_subkey( context, &in_cred->keyblock, + subkey)) != 0) + return retval; + /* Generate checksum */ if ((retval = krb5_c_make_checksum(context, context->kdc_req_sumtype, @@ -63,43 +70,42 @@ KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, in_data, &checksum))) { free(checksum.contents); - return(retval); + goto cleanup; } /* gen authenticator */ - authent.subkey = 0; + authent.subkey = *subkey; /*owned by caller*/ authent.seq_number = 0; authent.checksum = &checksum; authent.client = in_cred->client; authent.authorization_data = in_cred->authdata; if ((retval = krb5_us_timeofday(context, &authent.ctime, - &authent.cusec))) { - free(checksum.contents); - return(retval); - } + &authent.cusec))) + goto cleanup; + /* encode the authenticator */ - if ((retval = encode_krb5_authenticator(&authent, &scratch))) { - free(checksum.contents); - return(retval); - } + if ((retval = encode_krb5_authenticator(&authent, &scratch))) + goto cleanup; + free(checksum.contents); + checksum.contents = NULL; - request.authenticator.ciphertext.data = 0; + request.authenticator.ciphertext.data = NULL; request.authenticator.kvno = 0; request.ap_options = 0; request.ticket = 0; if ((retval = decode_krb5_ticket(&(in_cred)->ticket, &request.ticket))) /* Cleanup scratch and scratch data */ - goto cleanup_data; + goto cleanup; /* call the encryption routine */ if ((retval = krb5_encrypt_helper(context, &in_cred->keyblock, KRB5_KEYUSAGE_TGS_REQ_AUTH, scratch, &request.authenticator))) - goto cleanup_ticket; + goto cleanup; retval = encode_krb5_ap_req(&request, &toutbuf); *outbuf = *toutbuf; @@ -110,25 +116,30 @@ request.authenticator.ciphertext.length); free(request.authenticator.ciphertext.data); -cleanup_ticket: + cleanup: +if (request.ticket) krb5_free_ticket(context, request.ticket); -cleanup_data: - memset(scratch->data, 0, scratch->length); + if (scratch != NULL && scratch->data != NULL) { +zap(scratch->data, scratch->length); free(scratch->data); - free(scratch); + } + if (*subkey && retval != 0) { + krb5_free_keyblock(context, *subkey); + *subkey = NULL; + } return retval; } krb5_error_code -krb5_send_tgs(krb5_context context, krb5_flags kdcoptions, +krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions, const krb5_ticket_times *timestruct, const krb5_enctype *ktypes, krb5_const_principal sname, krb5_address *const *addrs, krb5_authdata *const *authorization_data, krb5_pa_data *const *padata, const krb5_data *second_ticket, - krb5_creds *in_cred, krb5_response *rep) + krb5_creds *in_cred, krb5_response *rep, krb5_keyblock **subkey) { krb5_error_code retval; krb5_kdc_req tgsreq; @@ -140,6 +151,8 @@ krb5_pa_data ap_req_padata; int tcp_only = 0, use_master; + assert (subkey != NULL); + *subkey = NULL; /* * in_creds MUST be a valid credential NOT just a partially filled in * place holder for us to get credentials for the caller. @@ -170,8 +183,8 @@ if ((retval = encode_krb5_authdata(authorization_data, &scratch))) return(retval); - if ((retval = krb5_encrypt_helper(context, &in_cred->keyblock, - KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY, + if ((retval = krb5_encrypt_helper(context, *subkey, + KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY, scratch, &tgsreq.authorization_data))) { free(tgsreq.authorization_data.ciphertext.data); @@ -212,7 +225,8 @@ /* * Get an ap_req. */ - if ((retval = krb5_send_tgs_basic(context, scratch, in_cred, &scratch2))) { + if ((retval = tgs_construct_tgsreq(context, scratch, in_cred + , &scratch2, subkey))) { krb5_free_data(context, scratch); goto send_tgs_error_2; } @@ -275,7 +289,7 @@ tcp_only = 1; krb5_free_error(context, err_reply); free(rep->response.data); - rep->response.data = 0; + rep->response.data = NULL; goto send_again; } krb5_free_error(context, err_reply); @@ -303,6 +317,11 @@ tgsreq.authorization_data.ciphertext.length); free(tgsreq.authorization_data.ciphertext.data); } + if (rep->message_type != KRB5_TGS_REP && *subkey){ + krb5_free_keyblock(context, *subkey); + *subkey = NULL; + } + return retval; } Modified: trunk/src/lib/krb5/libkrb5.exports =================================================================== --- trunk/src/lib/krb5/libkrb5.exports 2009-02-13 00:54:47 UTC (rev 21992) +++ trunk/src/lib/krb5/libkrb5.exports 2009-02-13 15:55:32 UTC (rev 21993) @@ -449,7 +449,6 @@ krb5_register_serializer krb5_salttype_to_string krb5_secure_config_files -krb5_send_tgs krb5_sendauth krb5_sendto_kdc krb5_ser_address_init From tsitkova at MIT.EDU Fri Feb 13 11:37:05 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Fri, 13 Feb 2009 11:37:05 -0500 Subject: svn rev #21994: users/ Message-ID: <200902131637.n1DGb5eo029120@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21994 Commit By: tsitkova Log Message: Development branch for Zhanna Tsitkova -line, and those below, will be ignored-- A svn+ssh://svn.mit.edu/krb5/users/tsitkova Changed Files: A users/tsitkova/ From tlyu at MIT.EDU Fri Feb 13 11:43:20 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 13 Feb 2009 11:43:20 -0500 Subject: svn rev #21995: branches/commit-handler-test/ Message-ID: <200902131643.n1DGhKQS029656@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21995 Commit By: tlyu Log Message: ticket: 6394 subject: test commit handler test commit handler again Changed Files: D branches/commit-handler-test/aaaa/ From tlyu at MIT.EDU Fri Feb 13 11:44:33 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 13 Feb 2009 11:44:33 -0500 Subject: svn rev #21996: branches/commit-handler-test/ Message-ID: <200902131644.n1DGiXpc029740@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21996 Commit By: tlyu Log Message: ticket: 6394 tags: nochange status: resolved test Changed Files: A branches/commit-handler-test/aaaa/ From tlyu at MIT.EDU Fri Feb 13 11:45:59 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 13 Feb 2009 11:45:59 -0500 Subject: svn rev #21997: branches/commit-handler-test/ Message-ID: <200902131645.n1DGjxGO030019@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21997 Commit By: tlyu Log Message: ticket: 6395 subject: test svn hooks incl anonsvn Changed Files: D branches/commit-handler-test/aaaa/ From tlyu at MIT.EDU Fri Feb 13 11:47:02 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 13 Feb 2009 11:47:02 -0500 Subject: svn rev #21998: branches/commit-handler-test/ Message-ID: <200902131647.n1DGl2k2030135@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21998 Commit By: tlyu Log Message: ticket: 6395 test anonvn propagation again Changed Files: A branches/commit-handler-test/aaaa/ From tlyu at MIT.EDU Fri Feb 13 11:55:05 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 13 Feb 2009 11:55:05 -0500 Subject: svn rev #21999: branches/commit-handler-test/ Message-ID: <200902131655.n1DGt5mh030672@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=21999 Commit By: tlyu Log Message: ticket: 6396 subject: test anonsvn test anonsvn propagation Changed Files: D branches/commit-handler-test/aaaa/ From tlyu at MIT.EDU Fri Feb 13 11:58:25 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Fri, 13 Feb 2009 11:58:25 -0500 Subject: svn rev #22000: branches/commit-handler-test/ Message-ID: <200902131658.n1DGwPAj030853@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22000 Commit By: tlyu Log Message: ticket: 6396 test again Changed Files: A branches/commit-handler-test/aaaa/ From ghudson at MIT.EDU Fri Feb 13 17:00:47 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Fri, 13 Feb 2009 17:00:47 -0500 Subject: svn rev #22002: trunk/src/lib/krb5/krb/ Message-ID: <200902132200.n1DM0lB8017441@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22002 Commit By: ghudson Log Message: In tgs_construct_tgsreq, free scratch even if scratch->data is NULL. (Which probably can't happen, but static analyzers don't know that.) Also protect scratch from being freed before initialization. Changed Files: U trunk/src/lib/krb5/krb/send_tgs.c Modified: trunk/src/lib/krb5/krb/send_tgs.c =================================================================== --- trunk/src/lib/krb5/krb/send_tgs.c 2009-02-13 19:02:14 UTC (rev 22001) +++ trunk/src/lib/krb5/krb/send_tgs.c 2009-02-13 22:00:47 UTC (rev 22002) @@ -55,7 +55,7 @@ krb5_checksum checksum; krb5_authenticator authent; krb5_ap_req request; - krb5_data * scratch; + krb5_data * scratch = NULL; krb5_data * toutbuf; checksum.contents = NULL; /* Generate subkey*/ @@ -123,8 +123,8 @@ if (scratch != NULL && scratch->data != NULL) { zap(scratch->data, scratch->length); free(scratch->data); - free(scratch); } + free(scratch); if (*subkey && retval != 0) { krb5_free_keyblock(context, *subkey); From ghudson at MIT.EDU Fri Feb 13 17:03:37 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Fri, 13 Feb 2009 17:03:37 -0500 Subject: svn rev #22003: trunk/src/tests/asn.1/ Message-ID: <200902132203.n1DM3bVn017720@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22003 Commit By: ghudson Log Message: In krb5_decode_leak.c, work around the oddity that krb5_free_cred_enc_part is a contents-only free function. Changed Files: U trunk/src/tests/asn.1/krb5_decode_leak.c Modified: trunk/src/tests/asn.1/krb5_decode_leak.c =================================================================== --- trunk/src/tests/asn.1/krb5_decode_leak.c 2009-02-13 22:00:47 UTC (rev 22002) +++ trunk/src/tests/asn.1/krb5_decode_leak.c 2009-02-13 22:03:37 UTC (rev 22003) @@ -22,6 +22,20 @@ krb5_context test_context; +/* + * Contrary to our usual convention, krb5_free_cred_enc_part is a + * contents-only free function (and is assumed to be by mk_cred and + * rd_cred) and we have no whole-structure free function for that data + * type. So create one here. + */ +static void +free_cred_enc_part_whole(krb5_context ctx, + krb5_cred_enc_part *val) +{ + krb5_free_cred_enc_part(ctx, val); + free(val); +} + int main(int argc, char **argv) { @@ -410,7 +424,7 @@ setup(cep, "cred_enc_part", ktest_make_sample_cred_enc_part); leak_test(cep, encode_krb5_enc_cred_part, decode_krb5_enc_cred_part, - krb5_free_cred_enc_part); + free_cred_enc_part_whole); ktest_destroy_principal(&(cep.ticket_info[0]->client)); ktest_destroy_principal(&(cep.ticket_info[0]->server)); @@ -425,7 +439,7 @@ ktest_destroy_address(&(cep.s_address)); ktest_destroy_address(&(cep.r_address)); leak_test(cep, encode_krb5_enc_cred_part, decode_krb5_enc_cred_part, - krb5_free_cred_enc_part); + free_cred_enc_part_whole); ktest_empty_cred_enc_part(&cep); } From ghudson at MIT.EDU Fri Feb 13 17:05:48 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Fri, 13 Feb 2009 17:05:48 -0500 Subject: svn rev #22004: trunk/src/lib/krb5/asn.1/ Message-ID: <200902132205.n1DM5mMt017892@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22004 Commit By: ghudson Log Message: Correct numerous memory leaks on error conditions in the ASN.1 decoder functions. Changed Files: U trunk/src/lib/krb5/asn.1/asn1_k_decode.c U trunk/src/lib/krb5/asn.1/asn1_k_decode.h U trunk/src/lib/krb5/asn.1/krb5_decode.c Modified: trunk/src/lib/krb5/asn.1/asn1_k_decode.c =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_decode.c 2009-02-13 22:03:37 UTC (rev 22003) +++ trunk/src/lib/krb5/asn.1/asn1_k_decode.c 2009-02-13 22:05:48 UTC (rev 22004) @@ -30,6 +30,8 @@ #include "asn1_get.h" #include "asn1_misc.h" +#define clean_return(val) { retval = val; goto error_out; } + /* Declare useful decoder variables. */ #define setup() \ asn1_error_code retval; \ @@ -44,7 +46,7 @@ #define next_tag() \ { taginfo t2; \ retval = asn1_get_tag_2(&subbuf, &t2); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ /* Copy out to match previous functionality, until better integrated. */ \ asn1class = t2.asn1class; \ construction = t2.construction; \ @@ -71,21 +73,38 @@ #define get_eoc() \ { \ retval = asn1_get_eoc_tag(&subbuf); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ } -#define alloc_field(var, type) \ - var = (type*)calloc(1, sizeof(type)); \ - if ((var) == NULL) return ENOMEM +#define alloc_field(var) \ + var = calloc(1, sizeof(*var)); \ + if ((var) == NULL) clean_return(ENOMEM) +/* + * Allocate a principal and initialize enough fields for + * krb5_free_principal to have defined behavior. + */ +#define alloc_principal(var) \ + alloc_field(var); \ + var->realm.data = NULL; \ + var->data = NULL + +/* + * Allocate a data structure and initialize enough fields for + * krb5_free_data to have defined behavior. + */ +#define alloc_data(var) \ + alloc_field(var); \ + var->data = NULL + /* Fetch an expected APPLICATION class tag and verify. */ #define apptag(tagexpect) \ { \ taginfo t1; \ retval = asn1_get_tag_2(buf, &t1); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED || \ - t1.tagnum != (tagexpect)) return ASN1_BAD_ID; \ + t1.tagnum != (tagexpect)) clean_return(ASN1_BAD_ID); \ /* Copy out to match previous functionality, until better integrated. */ \ asn1class = t1.asn1class; \ construction = t1.construction; \ @@ -104,7 +123,7 @@ */ #define get_field_body(var, decoder) \ retval = decoder(&subbuf, &(var)); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ if (!taglen && indef) { get_eoc(); } \ next_tag() @@ -115,7 +134,7 @@ * if not. */ #define error_if_bad_tag(tagexpect) \ - if (tagnum != (tagexpect)) { return (tagnum < (tagexpect)) ? ASN1_MISPLACED_FIELD : ASN1_MISSING_FIELD; } + if (tagnum != (tagexpect)) { clean_return((tagnum < (tagexpect)) ? ASN1_MISPLACED_FIELD : ASN1_MISSING_FIELD); } /* * get_field @@ -128,7 +147,7 @@ error_if_bad_tag(tagexpect); \ if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ && (tagnum || taglen || asn1class != UNIVERSAL)) \ - return ASN1_BAD_ID; \ + clean_return(ASN1_BAD_ID); \ get_field_body(var,decoder) /* @@ -143,7 +162,7 @@ if (asn1buf_remains(&subbuf, seqindef)) { \ if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ && (tagnum || taglen || asn1class != UNIVERSAL)) \ - return ASN1_BAD_ID; \ + clean_return(ASN1_BAD_ID); \ if (tagnum == (tagexpect)) { \ get_field_body(var, decoder); \ } else var = optvalue; \ @@ -154,7 +173,7 @@ /* similar to get_field_body */ #define get_lenfield_body(len, var, decoder) \ retval = decoder(&subbuf, &(len), &(var)); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ if (!taglen && indef) { get_eoc(); } \ next_tag() @@ -163,7 +182,7 @@ error_if_bad_tag(tagexpect); \ if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ && (tagnum || taglen || asn1class != UNIVERSAL)) \ - return ASN1_BAD_ID; \ + clean_return(ASN1_BAD_ID); \ get_lenfield_body(len, var, decoder) /* similar to opt_field */ @@ -176,20 +195,20 @@ * Deal with implicitly tagged fields */ #define get_implicit_octet_string(len, var, tagexpect) \ - if (tagnum != (tagexpect)) return ASN1_MISSING_FIELD; \ + if (tagnum != (tagexpect)) clean_return(ASN1_MISSING_FIELD); \ if (asn1class != CONTEXT_SPECIFIC || construction != PRIMITIVE) \ - return ASN1_BAD_ID; \ + clean_return(ASN1_BAD_ID); \ retval = asn1buf_remove_octetstring(&subbuf, taglen, &(var)); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ (len) = taglen; \ next_tag() #define opt_implicit_octet_string(len, var, tagexpect) \ if (tagnum == (tagexpect)) { \ if (asn1class != CONTEXT_SPECIFIC || construction != PRIMITIVE) \ - return ASN1_BAD_ID; \ + clean_return(ASN1_BAD_ID); \ retval = asn1buf_remove_octetstring(&subbuf, taglen, &(var)); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ (len) = taglen; \ next_tag(); \ } else { (len) = 0; (var) = NULL; } @@ -206,9 +225,9 @@ int seqindef; \ int indef; \ retval = asn1_get_sequence(buf, &length, &seqindef); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ next_tag() /* @@ -221,15 +240,15 @@ int seqindef; \ int indef; \ retval = asn1_get_sequence(buf, &length, &seqindef); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ - if (retval) return retval + if (retval) clean_return(retval) /* skip trailing garbage */ #define end_structure() \ retval = asn1buf_sync(buf, &subbuf, asn1class, tagnum, \ length, indef, seqindef); \ - if (retval) return retval + if (retval) clean_return(retval) /* * begin_choice @@ -244,7 +263,7 @@ int indef; \ taginfo t; \ retval = asn1_get_tag_2(buf, &t); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ tagnum = t.tagnum; \ taglen = t.length; \ indef = t.indef; \ @@ -253,14 +272,14 @@ asn1class = t.asn1class; \ construction = t.construction; \ retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ - if (retval) return retval + if (retval) clean_return(retval) /* skip trailing garbage */ #define end_choice() \ length -= t.length; \ retval = asn1buf_sync(buf, &subbuf, t.asn1class, t.tagnum, \ length, t.indef, seqindef); \ - if (retval) return retval + if (retval) clean_return(retval) /* * sequence_of @@ -295,13 +314,12 @@ * does not prefetch the next tag. */ #define sequence_of_common(buf) \ - int size = 0; \ asn1buf seqbuf; \ int seqofindef; \ retval = asn1_get_sequence(buf, &length, &seqofindef); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ retval = asn1buf_imbed(&seqbuf, buf, length, seqofindef); \ - if (retval) return retval + if (retval) clean_return(retval) /* * end_sequence_of @@ -313,7 +331,7 @@ { \ taginfo t4; \ retval = asn1_get_tag_2(&seqbuf, &t4); \ - if (retval) return retval; \ + if (retval) clean_return(retval); \ /* Copy out to match previous functionality, until better integrated. */ \ asn1class = t4.asn1class; \ construction = t4.construction; \ @@ -323,7 +341,7 @@ } \ retval = asn1buf_sync(buf, &seqbuf, asn1class, tagnum, \ length, indef, seqofindef); \ - if (retval) return retval; + if (retval) clean_return(retval); /* * end_sequence_of_no_tagvars @@ -348,8 +366,28 @@ #define end_sequence_of_no_tagvars(buf) \ end_sequence_of_no_tagvars_helper(buf, &seqbuf, seqofindef) -#define cleanup() \ - return 0 +/* + * Function body for a pointer decoder, which allocates a pointer + * field and invokes a structure decoder to fill it in. Pointer + * decoders always fill in their output parameters with NULL (on + * error) or a valid constructed structure, making cleanup easier on + * callers. + */ +#define decode_ptr(type, structure_decoder) \ + type val; \ + asn1_error_code retval; \ +\ + *valptr = NULL; \ + val = calloc(1, sizeof(*val)); \ + if (!val) \ + return ENOMEM; \ + retval = structure_decoder(buf, val); \ + if (retval) { \ + free(val); \ + return retval; \ + } \ + *valptr = val; \ + return 0; /* scalars */ asn1_error_code asn1_decode_kerberos_time(asn1buf *buf, krb5_timestamp *val) @@ -430,25 +468,27 @@ asn1_error_code asn1_decode_principal_name(asn1buf *buf, krb5_principal *val) { + int size = 0, i; + krb5_data *array = NULL, *new_array; + setup(); { begin_structure(); get_field((*val)->type,0,asn1_decode_int32); { sequence_of_no_tagvars(&subbuf); while (asn1buf_remains(&seqbuf,seqofindef) > 0) { + unsigned int len; + char *str; + + new_array = realloc(array, (size + 1) * sizeof(krb5_data)); + if (new_array == NULL) clean_return(ENOMEM); + array = new_array; + retval = asn1_decode_generalstring(&seqbuf, &len, &str); + if (retval) clean_return(retval); + array[size].data = str; + array[size].length = len; size++; - if ((*val)->data == NULL) - (*val)->data = (krb5_data*)malloc(size*sizeof(krb5_data)); - else - (*val)->data = (krb5_data*)realloc((*val)->data, - size*sizeof(krb5_data)); - if ((*val)->data == NULL) return ENOMEM; - retval = asn1_decode_generalstring(&seqbuf, - &((*val)->data[size-1].length), - &((*val)->data[size-1].data)); - if (retval) return retval; } - (*val)->length = size; end_sequence_of_no_tagvars(&subbuf); } if (indef) { @@ -456,38 +496,65 @@ } next_tag(); end_structure(); - (*val)->magic = KV5M_PRINCIPAL; } - cleanup(); + (*val)->data = array; + (*val)->length = size; + (*val)->magic = KV5M_PRINCIPAL; + return 0; +error_out: + for (i = 0; i < size; i++) + free(array[i].data); + free(array); + return retval; } asn1_error_code asn1_decode_checksum(asn1buf *buf, krb5_checksum *val) { setup(); + val->contents = NULL; { begin_structure(); get_field(val->checksum_type,0,asn1_decode_cksumtype); get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); end_structure(); val->magic = KV5M_CHECKSUM; } - cleanup(); + return 0; +error_out: + free(val->contents); + return retval; } +asn1_error_code asn1_decode_checksum_ptr(asn1buf *buf, krb5_checksum **valptr) +{ + decode_ptr(krb5_checksum *, asn1_decode_checksum); +} + asn1_error_code asn1_decode_encryption_key(asn1buf *buf, krb5_keyblock *val) { setup(); + val->contents = NULL; { begin_structure(); get_field(val->enctype,0,asn1_decode_enctype); get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); end_structure(); val->magic = KV5M_KEYBLOCK; } - cleanup(); + return 0; +error_out: + free(val->contents); + return retval; } +asn1_error_code +asn1_decode_encryption_key_ptr(asn1buf *buf, krb5_keyblock **valptr) +{ + decode_ptr(krb5_keyblock *, asn1_decode_encryption_key); +} + asn1_error_code asn1_decode_encrypted_data(asn1buf *buf, krb5_enc_data *val) { setup(); + val->ciphertext.data = NULL; { begin_structure(); get_field(val->enctype,0,asn1_decode_enctype); opt_field(val->kvno,1,asn1_decode_kvno,0); @@ -495,7 +562,11 @@ end_structure(); val->magic = KV5M_ENC_DATA; } - cleanup(); + return 0; +error_out: + free(val->ciphertext.data); + val->ciphertext.data = NULL; + return retval; } asn1_error_code asn1_decode_krb5_flags(asn1buf *buf, krb5_flags *val) @@ -551,21 +622,28 @@ asn1_error_code asn1_decode_transited_encoding(asn1buf *buf, krb5_transited *val) { setup(); + val->tr_contents.data = NULL; { begin_structure(); get_field(val->tr_type,0,asn1_decode_octet); get_lenfield(val->tr_contents.length,val->tr_contents.data,1,asn1_decode_charstring); end_structure(); val->magic = KV5M_TRANSITED; } - cleanup(); + return 0; +error_out: + krb5_free_data_contents(NULL, &val->tr_contents); + return retval; } asn1_error_code asn1_decode_enc_kdc_rep_part(asn1buf *buf, krb5_enc_kdc_rep_part *val) { setup(); + val->session = NULL; + val->last_req = NULL; + val->server = NULL; + val->caddrs = NULL; { begin_structure(); - alloc_field(val->session,krb5_keyblock); - get_field(*(val->session),0,asn1_decode_encryption_key); + get_field(val->session,0,asn1_decode_encryption_key_ptr); get_field(val->last_req,1,asn1_decode_last_req); get_field(val->nonce,2,asn1_decode_int32); opt_field(val->key_exp,3,asn1_decode_kerberos_time,0); @@ -575,7 +653,7 @@ opt_field(val->times.starttime,6,asn1_decode_kerberos_time,val->times.authtime); get_field(val->times.endtime,7,asn1_decode_kerberos_time); opt_field(val->times.renew_till,8,asn1_decode_kerberos_time,0); - alloc_field(val->server,krb5_principal_data); + alloc_principal(val->server); get_field(val->server,9,asn1_decode_realm); get_field(val->server,10,asn1_decode_principal_name); opt_field(val->caddrs,11,asn1_decode_host_addresses,NULL); @@ -583,7 +661,17 @@ end_structure(); val->magic = KV5M_ENC_KDC_REP_PART; } - cleanup(); + return 0; +error_out: + krb5_free_keyblock(NULL, val->session); + krb5_free_last_req(NULL, val->last_req); + krb5_free_principal(NULL, val->server); + krb5_free_addresses(NULL, val->caddrs); + val->session = NULL; + val->last_req = NULL; + val->server = NULL; + val->caddrs = NULL; + return retval; } asn1_error_code asn1_decode_ticket(asn1buf *buf, krb5_ticket *val) @@ -591,11 +679,14 @@ setup(); unsigned int applen; apptag(1); + val->server = NULL; + val->enc_part.ciphertext.data = NULL; + val->enc_part2 = NULL; { begin_structure(); { krb5_kvno vno; get_field(vno,0,asn1_decode_kvno); - if (vno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } - alloc_field(val->server,krb5_principal_data); + if (vno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + alloc_principal(val->server); get_field(val->server,1,asn1_decode_realm); get_field(val->server,2,asn1_decode_principal_name); get_field(val->enc_part,3,asn1_decode_encrypted_data); @@ -605,41 +696,64 @@ if (!applen) { taginfo t; retval = asn1_get_tag_2(buf, &t); - if (retval) return retval; + if (retval) clean_return(retval); } - cleanup(); + return 0; +error_out: + krb5_free_principal(NULL, val->server); + krb5_free_data_contents(NULL, &val->enc_part.ciphertext); + val->server = NULL; + return retval; } +asn1_error_code +asn1_decode_ticket_ptr(asn1buf *buf, krb5_ticket **valptr) +{ + decode_ptr(krb5_ticket *, asn1_decode_ticket); +} + asn1_error_code asn1_decode_kdc_req(asn1buf *buf, krb5_kdc_req *val) { setup(); + val->padata = NULL; { begin_structure(); { krb5_kvno kvno; get_field(kvno,1,asn1_decode_kvno); - if (kvno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } get_field(val->msg_type,2,asn1_decode_msgtype); opt_field(val->padata,3,asn1_decode_sequence_of_pa_data,NULL); get_field(*val,4,asn1_decode_kdc_req_body); end_structure(); val->magic = KV5M_KDC_REQ; } - cleanup(); + return 0; +error_out: + krb5_free_pa_data(NULL, val->padata); + val->padata = NULL; + return retval; } asn1_error_code asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val) { setup(); + val->client = NULL; + val->server = NULL; + val->ktype = NULL; + val->addresses = NULL; + val->authorization_data.ciphertext.data = NULL; + val->unenc_authdata = NULL; + val->second_ticket = NULL; { krb5_principal psave; begin_structure(); get_field(val->kdc_options,0,asn1_decode_kdc_options); - if (tagnum == 1) { alloc_field(val->client,krb5_principal_data); } + if (tagnum == 1) { alloc_principal(val->client); } opt_field(val->client,1,asn1_decode_principal_name,NULL); - alloc_field(val->server,krb5_principal_data); + alloc_principal(val->server); get_field(val->server,2,asn1_decode_realm); if (val->client != NULL) { retval = asn1_krb5_realm_copy(val->client,val->server); - if (retval) return retval; } + if (retval) clean_return(retval); } /* If opt_field server is missing, memory reference to server is lost and results in memory leak */ @@ -672,72 +786,119 @@ end_structure(); val->magic = KV5M_KDC_REQ; } - cleanup(); + return 0; +error_out: + krb5_free_principal(NULL, val->client); + krb5_free_principal(NULL, val->server); + free(val->ktype); + krb5_free_addresses(NULL, val->addresses); + krb5_free_data_contents(NULL, &val->authorization_data.ciphertext); + krb5_free_tickets(NULL, val->second_ticket); + val->client = NULL; + val->server = NULL; + val->ktype = NULL; + val->addresses = NULL; + val->unenc_authdata = NULL; + val->second_ticket = NULL; + return retval; } asn1_error_code asn1_decode_krb_safe_body(asn1buf *buf, krb5_safe *val) { setup(); + val->user_data.data = NULL; + val->r_address = NULL; + val->s_address = NULL; + val->checksum = NULL; { begin_structure(); get_lenfield(val->user_data.length,val->user_data.data,0,asn1_decode_charstring); opt_field(val->timestamp,1,asn1_decode_kerberos_time,0); opt_field(val->usec,2,asn1_decode_int32,0); opt_field(val->seq_number,3,asn1_decode_seqnum,0); - alloc_field(val->s_address,krb5_address); - get_field(*(val->s_address),4,asn1_decode_host_address); + get_field(val->s_address,4,asn1_decode_host_address_ptr); if (tagnum == 5) { - alloc_field(val->r_address,krb5_address); - get_field(*(val->r_address),5,asn1_decode_host_address); - } else val->r_address = NULL; + get_field(val->r_address,5,asn1_decode_host_address_ptr); + } end_structure(); val->magic = KV5M_SAFE; } - cleanup(); + return 0; +error_out: + krb5_free_data_contents(NULL, &val->user_data); + krb5_free_address(NULL, val->r_address); + krb5_free_address(NULL, val->s_address); + val->r_address = NULL; + val->s_address = NULL; + return retval; } asn1_error_code asn1_decode_host_address(asn1buf *buf, krb5_address *val) { setup(); + val->contents = NULL; { begin_structure(); get_field(val->addrtype,0,asn1_decode_addrtype); get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); end_structure(); val->magic = KV5M_ADDRESS; } - cleanup(); + return 0; +error_out: + free(val->contents); + val->contents = NULL; + return retval; } +asn1_error_code +asn1_decode_host_address_ptr(asn1buf *buf, krb5_address **valptr) +{ + decode_ptr(krb5_address *, asn1_decode_host_address); +} + asn1_error_code asn1_decode_kdc_rep(asn1buf *buf, krb5_kdc_rep *val) { setup(); + val->padata = NULL; + val->client = NULL; + val->ticket = NULL; + val->enc_part.ciphertext.data = NULL; + val->enc_part2 = NULL; { begin_structure(); { krb5_kvno pvno; get_field(pvno,0,asn1_decode_kvno); - if (pvno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } + if (pvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } get_field(val->msg_type,1,asn1_decode_msgtype); opt_field(val->padata,2,asn1_decode_sequence_of_pa_data,NULL); - alloc_field(val->client,krb5_principal_data); + alloc_principal(val->client); get_field(val->client,3,asn1_decode_realm); get_field(val->client,4,asn1_decode_principal_name); - alloc_field(val->ticket,krb5_ticket); - get_field(*(val->ticket),5,asn1_decode_ticket); + get_field(val->ticket,5,asn1_decode_ticket_ptr); get_field(val->enc_part,6,asn1_decode_encrypted_data); end_structure(); val->magic = KV5M_KDC_REP; } - cleanup(); + return 0; +error_out: + krb5_free_pa_data(NULL, val->padata); + krb5_free_principal(NULL, val->client); + krb5_free_ticket(NULL, val->ticket); + krb5_free_data_contents(NULL, &val->enc_part.ciphertext); + val->padata = NULL; + val->client = NULL; + val->ticket = NULL; + val->enc_part.ciphertext.data = NULL; + return retval; } /* arrays */ #define get_element(element,decoder)\ -retval = decoder(&seqbuf,element);\ -if (retval) return retval +retval = decoder(&seqbuf,&element);\ +if (retval) clean_return(retval) static void * array_expand (void *array, int n_elts, size_t elt_size) { - void *new_array; size_t new_size; if (n_elts <= 0) @@ -749,74 +910,120 @@ return NULL; if (new_size / elt_size != (unsigned int) n_elts) return NULL; - new_array = realloc(array, new_size); - return new_array; + return realloc(array, new_size); } #define array_append(array,size,element,type)\ -size++;\ -*(array) = array_expand(*(array), (size+1), sizeof(type*));\ -if (*(array) == NULL) return ENOMEM;\ -(*(array))[(size)-1] = elt + {\ + void *new_array = array_expand(*(array), (size)+2, sizeof(type*));\ + if (new_array == NULL) clean_return(ENOMEM);\ + *(array) = new_array;\ + (*(array))[(size)++] = elt;\ + } -#define decode_array_body(type,decoder)\ +/* + * Function body for array decoders. freefn is expected to look like + * a krb5_free_ function, so we pass a null first argument. + */ +#define decode_array_body(type,decoder,freefn)\ asn1_error_code retval;\ - type *elt;\ + type *elt = NULL, **array;\ + int size = 0, i; \ \ + array = *val = NULL;\ { sequence_of(buf);\ while (asn1buf_remains(&seqbuf,seqofindef) > 0) {\ - alloc_field(elt,type);\ get_element(elt,decoder);\ - array_append(val,size,elt,type);\ + array_append(&array,size,elt,type);\ + elt = NULL;\ }\ - if (*val == NULL)\ - *val = (type **)malloc(sizeof(type*));\ - (*val)[size] = NULL;\ + if (array == NULL)\ + array = malloc(sizeof(type*));\ + array[size] = NULL;\ end_sequence_of(buf);\ }\ - cleanup() + *val = array;\ + return 0;\ +error_out:\ + if (elt)\ + freefn(NULL,elt);\ + for (i = 0; i < size; i++)\ + freefn(NULL,array[i]);\ + free(array);\ + return retval +static void free_authdata_elt(void *dummy, krb5_authdata *val) +{ + free(val->contents); + free(val); +} asn1_error_code asn1_decode_authorization_data(asn1buf *buf, krb5_authdata ***val) { - decode_array_body(krb5_authdata,asn1_decode_authdata_elt); + decode_array_body(krb5_authdata,asn1_decode_authdata_elt_ptr, + free_authdata_elt); } asn1_error_code asn1_decode_authdata_elt(asn1buf *buf, krb5_authdata *val) { setup(); + val->contents = NULL; { begin_structure(); get_field(val->ad_type,0,asn1_decode_authdatatype); get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); end_structure(); val->magic = KV5M_AUTHDATA; } - cleanup(); + return 0; +error_out: + free(val->contents); + val->contents = NULL; + return retval; } +asn1_error_code +asn1_decode_authdata_elt_ptr(asn1buf *buf, krb5_authdata **valptr) +{ + decode_ptr(krb5_authdata *, asn1_decode_authdata_elt); +} + asn1_error_code asn1_decode_host_addresses(asn1buf *buf, krb5_address ***val) { - decode_array_body(krb5_address,asn1_decode_host_address); + decode_array_body(krb5_address,asn1_decode_host_address_ptr, + krb5_free_address); } asn1_error_code asn1_decode_sequence_of_ticket(asn1buf *buf, krb5_ticket ***val) { - decode_array_body(krb5_ticket,asn1_decode_ticket); + decode_array_body(krb5_ticket,asn1_decode_ticket_ptr,krb5_free_ticket); } +static void free_cred_info(void *dummy, krb5_cred_info *val) +{ + krb5_free_keyblock(NULL, val->session); + krb5_free_principal(NULL, val->client); + krb5_free_principal(NULL, val->server); + krb5_free_addresses(NULL, val->caddrs); + free(val); +} + asn1_error_code asn1_decode_sequence_of_krb_cred_info(asn1buf *buf, krb5_cred_info ***val) { - decode_array_body(krb5_cred_info,asn1_decode_krb_cred_info); + decode_array_body(krb5_cred_info,asn1_decode_krb_cred_info_ptr, + free_cred_info); } asn1_error_code asn1_decode_krb_cred_info(asn1buf *buf, krb5_cred_info *val) { setup(); + val->session = NULL; + val->client = NULL; + val->server = NULL; + val->caddrs = NULL; { begin_structure(); - alloc_field(val->session,krb5_keyblock); - get_field(*(val->session),0,asn1_decode_encryption_key); + get_field(val->session,0,asn1_decode_encryption_key_ptr); if (tagnum == 1) { - alloc_field(val->client,krb5_principal_data); + alloc_principal(val->client); opt_field(val->client,1,asn1_decode_realm,NULL); opt_field(val->client,2,asn1_decode_principal_name,NULL); } opt_field(val->flags,3,asn1_decode_ticket_flags,0); @@ -825,36 +1032,74 @@ opt_field(val->times.endtime,6,asn1_decode_kerberos_time,0); opt_field(val->times.renew_till,7,asn1_decode_kerberos_time,0); if (tagnum == 8) { - alloc_field(val->server,krb5_principal_data); + alloc_principal(val->server); opt_field(val->server,8,asn1_decode_realm,NULL); opt_field(val->server,9,asn1_decode_principal_name,NULL); } opt_field(val->caddrs,10,asn1_decode_host_addresses,NULL); end_structure(); val->magic = KV5M_CRED_INFO; } - cleanup(); + return 0; +error_out: + krb5_free_keyblock(NULL, val->session); + krb5_free_principal(NULL, val->client); + krb5_free_principal(NULL, val->server); + krb5_free_addresses(NULL, val->caddrs); + val->session = NULL; + val->client = NULL; + val->server = NULL; + val->caddrs = NULL; + return retval; } +asn1_error_code +asn1_decode_krb_cred_info_ptr(asn1buf *buf, krb5_cred_info **valptr) +{ + decode_ptr(krb5_cred_info *, asn1_decode_krb_cred_info); +} + +static void free_pa_data(void *dummy, krb5_pa_data *val) +{ + free(val->contents); + free(val); +} + asn1_error_code asn1_decode_sequence_of_pa_data(asn1buf *buf, krb5_pa_data ***val) { - decode_array_body(krb5_pa_data,asn1_decode_pa_data); + decode_array_body(krb5_pa_data,asn1_decode_pa_data_ptr,free_pa_data); } asn1_error_code asn1_decode_pa_data(asn1buf *buf, krb5_pa_data *val) { setup(); + val->contents = NULL; { begin_structure(); get_field(val->pa_type,1,asn1_decode_int32); get_lenfield(val->length,val->contents,2,asn1_decode_octetstring); end_structure(); val->magic = KV5M_PA_DATA; } - cleanup(); + return 0; +error_out: + free(val->contents); + val->contents = NULL; + return retval; } +asn1_error_code asn1_decode_pa_data_ptr(asn1buf *buf, krb5_pa_data **valptr) +{ + decode_ptr(krb5_pa_data *, asn1_decode_pa_data); +} + +static void free_last_req_entry(void *dummy, krb5_last_req_entry *val) +{ + free(val); +} + asn1_error_code asn1_decode_last_req(asn1buf *buf, krb5_last_req_entry ***val) { - decode_array_body(krb5_last_req_entry,asn1_decode_last_req_entry); + decode_array_body(krb5_last_req_entry,asn1_decode_last_req_entry_ptr, + free_last_req_entry); } asn1_error_code asn1_decode_last_req_entry(asn1buf *buf, krb5_last_req_entry *val) @@ -871,147 +1116,222 @@ if ((val->lr_type & 0xffffff80U) == 0x80) val->lr_type |= 0xffffff00U; #endif } - cleanup(); + return 0; +error_out: + return retval; } +asn1_error_code +asn1_decode_last_req_entry_ptr(asn1buf *buf, krb5_last_req_entry **valptr) +{ + decode_ptr(krb5_last_req_entry *, asn1_decode_last_req_entry); +} + asn1_error_code asn1_decode_sequence_of_enctype(asn1buf *buf, int *num, krb5_enctype **val) { + int size = 0; + krb5_enctype *array = NULL, *new_array; + asn1_error_code retval; { sequence_of(buf); while (asn1buf_remains(&seqbuf,seqofindef) > 0) { size++; - if (*val == NULL) - *val = (krb5_enctype*)malloc(size*sizeof(krb5_enctype)); - else - *val = (krb5_enctype*)realloc(*val,size*sizeof(krb5_enctype)); - if (*val == NULL) return ENOMEM; - retval = asn1_decode_enctype(&seqbuf,&((*val)[size-1])); - if (retval) return retval; + new_array = realloc(array,size*sizeof(krb5_enctype)); + if (new_array == NULL) clean_return(ENOMEM); + array = new_array; + retval = asn1_decode_enctype(&seqbuf,&array[size-1]); + if (retval) clean_return(retval); } - *num = size; end_sequence_of(buf); } - cleanup(); + *num = size; + *val = array; + return 0; +error_out: + free(array); + return retval; } asn1_error_code asn1_decode_sequence_of_checksum(asn1buf *buf, krb5_checksum ***val) { - decode_array_body(krb5_checksum, asn1_decode_checksum); + decode_array_body(krb5_checksum, asn1_decode_checksum_ptr, + krb5_free_checksum); } +static void free_etype_info_entry(void *dummy, krb5_etype_info_entry *val) +{ + krb5_free_data_contents(NULL, &val->s2kparams); + free(val->salt); + free(val); +} + static asn1_error_code asn1_decode_etype_info2_entry(asn1buf *buf, krb5_etype_info_entry *val ) { + char *salt = NULL; + krb5_octet *params = NULL; setup(); + val->salt = NULL; + val->s2kparams.data = NULL; { begin_structure(); get_field(val->etype,0,asn1_decode_enctype); if (tagnum == 1) { - char *salt; get_lenfield(val->length,salt,1,asn1_decode_generalstring); val->salt = (krb5_octet *) salt; - } else { + salt = NULL; + } else val->length = KRB5_ETYPE_NO_SALT; - val->salt = 0; - } if ( tagnum ==2) { - krb5_octet *params ; get_lenfield( val->s2kparams.length, params, 2, asn1_decode_octetstring); val->s2kparams.data = ( char *) params; - } else { - val->s2kparams.data = NULL; + params = NULL; + } else val->s2kparams.length = 0; - } end_structure(); val->magic = KV5M_ETYPE_INFO_ENTRY; } - cleanup(); + return 0; +error_out: + free(salt); + free(params); + krb5_free_data_contents(NULL, &val->s2kparams); + free(val->salt); + val->salt = NULL; + return retval; } +static asn1_error_code +asn1_decode_etype_info2_entry_ptr(asn1buf *buf, krb5_etype_info_entry **valptr) +{ + decode_ptr(krb5_etype_info_entry *, asn1_decode_etype_info2_entry); +} + static asn1_error_code asn1_decode_etype_info2_entry_1_3(asn1buf *buf, krb5_etype_info_entry *val ) { setup(); + val->salt = NULL; + val->s2kparams.data = NULL; { begin_structure(); get_field(val->etype,0,asn1_decode_enctype); if (tagnum == 1) { get_lenfield(val->length,val->salt,1,asn1_decode_octetstring); - } else { + } else val->length = KRB5_ETYPE_NO_SALT; - val->salt = 0; - } if ( tagnum ==2) { krb5_octet *params ; get_lenfield( val->s2kparams.length, params, 2, asn1_decode_octetstring); val->s2kparams.data = ( char *) params; - } else { - val->s2kparams.data = NULL; + } else val->s2kparams.length = 0; - } end_structure(); val->magic = KV5M_ETYPE_INFO_ENTRY; } - cleanup(); + return 0; +error_out: + krb5_free_data_contents(NULL, &val->s2kparams); + free(val->salt); + val->salt = NULL; + return retval; } +static asn1_error_code +asn1_decode_etype_info2_entry_1_3_ptr(asn1buf *buf, + krb5_etype_info_entry **valptr) +{ + decode_ptr(krb5_etype_info_entry *, asn1_decode_etype_info2_entry_1_3); +} static asn1_error_code asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_info_entry *val ) { setup(); + val->salt = NULL; + val->s2kparams.data = NULL; { begin_structure(); get_field(val->etype,0,asn1_decode_enctype); if (tagnum == 1) { get_lenfield(val->length,val->salt,1,asn1_decode_octetstring); - } else { + } else val->length = KRB5_ETYPE_NO_SALT; - val->salt = 0; - } - val->s2kparams.data = NULL; val->s2kparams.length = 0; end_structure(); val->magic = KV5M_ETYPE_INFO_ENTRY; } - cleanup(); + return 0; +error_out: + free(val->salt); + val->salt = NULL; + return retval; } +static asn1_error_code +asn1_decode_etype_info_entry_ptr(asn1buf *buf, krb5_etype_info_entry **valptr) +{ + decode_ptr(krb5_etype_info_entry *, asn1_decode_etype_info_entry); +} + asn1_error_code asn1_decode_etype_info(asn1buf *buf, krb5_etype_info_entry ***val ) { - decode_array_body(krb5_etype_info_entry,asn1_decode_etype_info_entry); + decode_array_body(krb5_etype_info_entry,asn1_decode_etype_info_entry_ptr, + free_etype_info_entry); } +static asn1_error_code decode_etype_info2_13(asn1buf *buf, krb5_etype_info_entry ***val) +{ + decode_array_body(krb5_etype_info_entry, + asn1_decode_etype_info2_entry_1_3_ptr, + free_etype_info_entry); +} + asn1_error_code asn1_decode_etype_info2(asn1buf *buf, krb5_etype_info_entry ***val , krb5_boolean v1_3_behavior) { - if (v1_3_behavior) { + if (v1_3_behavior) + return decode_etype_info2_13(buf, val); + else { decode_array_body(krb5_etype_info_entry, - asn1_decode_etype_info2_entry_1_3); - } else { - decode_array_body(krb5_etype_info_entry, - asn1_decode_etype_info2_entry); + asn1_decode_etype_info2_entry_ptr, + free_etype_info_entry); } } asn1_error_code asn1_decode_passwdsequence(asn1buf *buf, passwd_phrase_element *val) { setup(); + val->passwd = NULL; + val->phrase = NULL; { begin_structure(); - alloc_field(val->passwd,krb5_data); + alloc_data(val->passwd); get_lenfield(val->passwd->length,val->passwd->data, 0,asn1_decode_charstring); val->passwd->magic = KV5M_DATA; - alloc_field(val->phrase,krb5_data); + alloc_data(val->phrase); get_lenfield(val->phrase->length,val->phrase->data, 1,asn1_decode_charstring); val->phrase->magic = KV5M_DATA; end_structure(); val->magic = KV5M_PASSWD_PHRASE_ELEMENT; } - cleanup(); + return 0; +error_out: + krb5_free_data(NULL, val->passwd); + krb5_free_data(NULL, val->phrase); + val->passwd = NULL; + val->phrase = NULL; + return 0; } +asn1_error_code +asn1_decode_passwdsequence_ptr(asn1buf *buf, passwd_phrase_element **valptr) +{ + decode_ptr(passwd_phrase_element *, asn1_decode_passwdsequence); +} + asn1_error_code asn1_decode_sequence_of_passwdsequence(asn1buf *buf, passwd_phrase_element ***val) { - decode_array_body(passwd_phrase_element,asn1_decode_passwdsequence); + decode_array_body(passwd_phrase_element,asn1_decode_passwdsequence_ptr, + krb5_free_passwd_phrase_element); } asn1_error_code asn1_decode_sam_flags(asn1buf *buf, krb5_flags *val) @@ -1026,6 +1346,12 @@ asn1_error_code asn1_decode_sam_challenge(asn1buf *buf, krb5_sam_challenge *val) { setup(); + val->sam_type_name.data = NULL; + val->sam_track_id.data = NULL; + val->sam_challenge_label.data = NULL; + val->sam_response_prompt.data = NULL; + val->sam_pk_for_sad.data = NULL; + val->sam_cksum.contents = NULL; { begin_structure(); get_field(val->sam_type,0,asn1_decode_int32); get_field(val->sam_flags,1,asn1_decode_sam_flags); @@ -1040,37 +1366,58 @@ end_structure(); val->magic = KV5M_SAM_CHALLENGE; } - cleanup(); + return 0; +error_out: + krb5_free_sam_challenge_contents(NULL, val); + return retval; } asn1_error_code asn1_decode_sam_challenge_2(asn1buf *buf, krb5_sam_challenge_2 *val) { + krb5_checksum **cksump; setup(); + val->sam_challenge_2_body.data = NULL; + val->sam_cksum = NULL; { char *save, *end; size_t alloclen; begin_structure(); - if (tagnum != 0) return ASN1_MISSING_FIELD; + if (tagnum != 0) clean_return(ASN1_MISSING_FIELD); if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) - return ASN1_BAD_ID; + clean_return(ASN1_BAD_ID); save = subbuf.next; { sequence_of_no_tagvars(&subbuf); - unused_var(size); end_sequence_of_no_tagvars(&subbuf); } end = subbuf.next; alloclen = end - save; - if ((val->sam_challenge_2_body.data = (char *) malloc(alloclen)) == NULL) - return ENOMEM; + val->sam_challenge_2_body.data = malloc(alloclen); + if (!val->sam_challenge_2_body.data) + clean_return(ENOMEM); val->sam_challenge_2_body.length = alloclen; memcpy(val->sam_challenge_2_body.data, save, alloclen); next_tag(); get_field(val->sam_cksum, 1, asn1_decode_sequence_of_checksum); end_structure(); } - cleanup(); + return 0; +error_out: + krb5_free_data_contents(NULL, &val->sam_challenge_2_body); + if (val->sam_cksum) { + for (cksump = val->sam_cksum; *cksump; cksump++) + krb5_free_checksum(NULL, *cksump); + free(val->sam_cksum); + val->sam_cksum = NULL; + } + return retval; } asn1_error_code asn1_decode_sam_challenge_2_body(asn1buf *buf, krb5_sam_challenge_2_body *val) { setup(); + val->sam_type_name.data = NULL; + val->sam_track_id.data = NULL; + val->sam_challenge_label.data = NULL; + val->sam_challenge.data = NULL; + val->sam_response_prompt.data = NULL; + val->sam_pk_for_sad.data = NULL; { begin_structure(); get_field(val->sam_type,0,asn1_decode_int32); get_field(val->sam_flags,1,asn1_decode_sam_flags); @@ -1085,23 +1432,30 @@ end_structure(); val->magic = KV5M_SAM_CHALLENGE; } - cleanup(); + return 0; +error_out: + krb5_free_sam_challenge_2_body_contents(NULL, val); + return retval; } asn1_error_code asn1_decode_enc_sam_key(asn1buf *buf, krb5_sam_key *val) { setup(); + val->sam_key.contents = NULL; { begin_structure(); - /* alloc_field(val->sam_key,krb5_keyblock); */ get_field(val->sam_key,0,asn1_decode_encryption_key); end_structure(); val->magic = KV5M_SAM_KEY; } - cleanup(); + return 0; +error_out: + krb5_free_keyblock_contents(NULL, &val->sam_key); + return retval; } asn1_error_code asn1_decode_enc_sam_response_enc(asn1buf *buf, krb5_enc_sam_response_enc *val) { setup(); + val->sam_sad.data = NULL; { begin_structure(); opt_field(val->sam_nonce,0,asn1_decode_int32,0); opt_field(val->sam_timestamp,1,asn1_decode_kerberos_time,0); @@ -1110,19 +1464,26 @@ end_structure(); val->magic = KV5M_ENC_SAM_RESPONSE_ENC; } - cleanup(); + return 0; +error_out: + krb5_free_enc_sam_response_enc_contents(NULL, val); + return retval; } asn1_error_code asn1_decode_enc_sam_response_enc_2(asn1buf *buf, krb5_enc_sam_response_enc_2 *val) { setup(); + val->sam_sad.data = NULL; { begin_structure(); get_field(val->sam_nonce,0,asn1_decode_int32); opt_string(val->sam_sad,1,asn1_decode_charstring); end_structure(); val->magic = KV5M_ENC_SAM_RESPONSE_ENC_2; } - cleanup(); + return 0; +error_out: + krb5_free_enc_sam_response_enc_2_contents(NULL, val); + return retval; } #define opt_encfield(fld,tag,fn) \ @@ -1139,6 +1500,9 @@ asn1_error_code asn1_decode_sam_response(asn1buf *buf, krb5_sam_response *val) { setup(); + val->sam_track_id.data = NULL; + val->sam_enc_key.ciphertext.data = NULL; + val->sam_enc_nonce_or_ts.ciphertext.data = NULL; { begin_structure(); get_field(val->sam_type,0,asn1_decode_int32); get_field(val->sam_flags,1,asn1_decode_sam_flags); @@ -1150,12 +1514,17 @@ end_structure(); val->magic = KV5M_SAM_RESPONSE; } - cleanup(); + return 0; +error_out: + krb5_free_sam_response_contents(NULL, val); + return retval; } asn1_error_code asn1_decode_sam_response_2(asn1buf *buf, krb5_sam_response_2 *val) { setup(); + val->sam_track_id.data = NULL; + val->sam_enc_nonce_or_sad.ciphertext.data = NULL; { begin_structure(); get_field(val->sam_type,0,asn1_decode_int32); get_field(val->sam_flags,1,asn1_decode_sam_flags); @@ -1165,57 +1534,82 @@ end_structure(); val->magic = KV5M_SAM_RESPONSE; } - cleanup(); + return 0; +error_out: + krb5_free_sam_response_2_contents(NULL, val); + return retval; } asn1_error_code asn1_decode_predicted_sam_response(asn1buf *buf, krb5_predicted_sam_response *val) { setup(); + val->sam_key.contents = NULL; + val->client = NULL; + val->msd.data = NULL; { begin_structure(); get_field(val->sam_key,0,asn1_decode_encryption_key); get_field(val->sam_flags,1,asn1_decode_sam_flags); get_field(val->stime,2,asn1_decode_kerberos_time); get_field(val->susec,3,asn1_decode_int32); - alloc_field(val->client,krb5_principal_data); + alloc_principal(val->client); get_field(val->client,4,asn1_decode_realm); get_field(val->client,5,asn1_decode_principal_name); opt_string(val->msd,6,asn1_decode_charstring); /* should be octet */ end_structure(); val->magic = KV5M_PREDICTED_SAM_RESPONSE; } - cleanup(); + return 0; +error_out: + krb5_free_predicted_sam_response_contents(NULL, val); + return retval; } asn1_error_code asn1_decode_setpw_req(asn1buf *buf, krb5_data *newpasswd, krb5_principal *principal) { + krb5_principal princ = NULL; setup(); *principal = NULL; + newpasswd->data = NULL; { begin_structure(); get_lenfield(newpasswd->length, newpasswd->data, 0, asn1_decode_charstring); if (tagnum == 1) { - alloc_field(*principal, krb5_principal_data); - opt_field(*principal, 1, asn1_decode_principal_name, 0); - opt_field(*principal, 2, asn1_decode_realm, 0); + alloc_principal(princ); + opt_field(princ, 1, asn1_decode_principal_name, 0); + opt_field(princ, 2, asn1_decode_realm, 0); } end_structure(); } - cleanup(); + *principal = princ; + return 0; +error_out: + krb5_free_data_contents(NULL, newpasswd); + krb5_free_principal(NULL, princ); + return retval; } asn1_error_code asn1_decode_pa_for_user(asn1buf *buf, krb5_pa_for_user *val) { setup(); + val->user = NULL; + val->cksum.contents = NULL; + val->auth_package.data = NULL; { begin_structure(); - alloc_field(val->user, krb5_principal_data); + alloc_principal(val->user); get_field(val->user,0,asn1_decode_principal_name); get_field(val->user,1,asn1_decode_realm); get_field(val->cksum,2,asn1_decode_checksum); get_lenfield(val->auth_package.length,val->auth_package.data,3,asn1_decode_generalstring); end_structure(); } - cleanup(); + return 0; +error_out: + krb5_free_principal(NULL, val->user); + krb5_free_checksum_contents(NULL, &val->cksum); + krb5_free_data_contents(NULL, &val->auth_package); + val->user = NULL; + return retval; } asn1_error_code asn1_decode_pa_pac_req(asn1buf *buf, krb5_pa_pac_req *val) @@ -1225,7 +1619,9 @@ get_field(val->include_pac,0,asn1_decode_boolean); end_structure(); } - cleanup(); + return 0; +error_out: + return retval; } #ifndef DISABLE_PKINIT @@ -1234,6 +1630,9 @@ asn1_error_code asn1_decode_external_principal_identifier(asn1buf *buf, krb5_external_principal_identifier *val) { setup(); + val->subjectName.data = NULL; + val->issuerAndSerialNumber.data = NULL; + val->subjectKeyIdentifier.data = NULL; { begin_structure(); opt_implicit_octet_string(val->subjectName.length, val->subjectName.data, 0); @@ -1241,17 +1640,49 @@ opt_implicit_octet_string(val->subjectKeyIdentifier.length, val->subjectKeyIdentifier.data, 2); end_structure(); } - cleanup(); + return 0; +error_out: + free(val->subjectName.data); + free(val->issuerAndSerialNumber.data); + free(val->subjectKeyIdentifier.data); + val->subjectName.data = NULL; + val->issuerAndSerialNumber.data = NULL; + val->subjectKeyIdentifier.data = NULL; + return retval; } +asn1_error_code +asn1_decode_external_principal_identifier_ptr + (asn1buf *buf, + krb5_external_principal_identifier **valptr) +{ + decode_ptr(krb5_external_principal_identifier *, + asn1_decode_external_principal_identifier); +} + +static void +free_external_principal_identifier(void *dummy, + krb5_external_principal_identifier *val) +{ + free(val->subjectName.data); + free(val->issuerAndSerialNumber.data); + free(val->subjectKeyIdentifier.data); + free(val); +} + asn1_error_code asn1_decode_sequence_of_external_principal_identifier(asn1buf *buf, krb5_external_principal_identifier ***val) { - decode_array_body(krb5_external_principal_identifier,asn1_decode_external_principal_identifier); + decode_array_body(krb5_external_principal_identifier, + asn1_decode_external_principal_identifier_ptr, + free_external_principal_identifier); } asn1_error_code asn1_decode_pa_pk_as_req(asn1buf *buf, krb5_pa_pk_as_req *val) { setup(); + val->signedAuthPack.data = NULL; + val->trustedCertifiers = NULL; + val->kdcPkId.data = NULL; { begin_structure(); get_implicit_octet_string(val->signedAuthPack.length, val->signedAuthPack.data, 0); @@ -1259,13 +1690,22 @@ opt_implicit_octet_string(val->kdcPkId.length, val->kdcPkId.data, 2); end_structure(); } - cleanup(); + return 0; +error_out: + free(val->signedAuthPack.data); + free(val->trustedCertifiers); + free(val->kdcPkId.data); + val->signedAuthPack.data = NULL; + val->trustedCertifiers = NULL; + val->kdcPkId.data = NULL; + return retval; } #if 0 /* XXX This needs to be tested!!! XXX */ asn1_error_code asn1_decode_trusted_ca(asn1buf *buf, krb5_trusted_ca *val) { setup(); + val->choice = choice_trusted_cas_UNKNOWN; { char *start, *end; size_t alloclen; @@ -1275,6 +1715,7 @@ val->choice = choice_trusted_cas_principalName; } else if (t.tagnum == choice_trusted_cas_caName) { val->choice = choice_trusted_cas_caName; + val->u.caName.data = NULL; start = subbuf.next; { sequence_of_no_tagvars(&subbuf); @@ -1285,12 +1726,13 @@ alloclen = end - start; val->u.caName.data = malloc(alloclen); if (val->u.caName.data == NULL) - return ENOMEM; + clean_return(ENOMEM); memcpy(val->u.caName.data, start, alloclen); val->u.caName.length = alloclen; next_tag(); } else if (t.tagnum == choice_trusted_cas_issuerAndSerial) { val->choice = choice_trusted_cas_issuerAndSerial; + val->u.issuerAndSerial.data = NULL; start = subbuf.next; { sequence_of_no_tagvars(&subbuf); @@ -1301,45 +1743,84 @@ alloclen = end - start; val->u.issuerAndSerial.data = malloc(alloclen); if (val->u.issuerAndSerial.data == NULL) - return ENOMEM; + clean_return(ENOMEM); memcpy(val->u.issuerAndSerial.data, start, alloclen); val->u.issuerAndSerial.length = alloclen; next_tag(); - } else return ASN1_BAD_ID; + } else clean_return(ASN1_BAD_ID); end_explicit_choice(); } - cleanup(); + return 0; +error_out: + if (val->choice == choice_trusted_cas_caName) + free(val->u.caName.data); + else if (val->choice == choice_trusted_cas_issuerAndSerial) + free(val->u.issuerAndSerial.data); + val->choice = choice_trusted_cas_UNKNOWN; + return retval; } #else asn1_error_code asn1_decode_trusted_ca(asn1buf *buf, krb5_trusted_ca *val) { setup(); + val->choice = choice_trusted_cas_UNKNOWN; { begin_choice(); if (tagnum == choice_trusted_cas_principalName) { val->choice = choice_trusted_cas_principalName; + val->u.principalName = NULL; asn1_decode_krb5_principal_name(&subbuf, &(val->u.principalName)); } else if (tagnum == choice_trusted_cas_caName) { val->choice = choice_trusted_cas_caName; + val->u.caName.data = NULL; get_implicit_octet_string(val->u.caName.length, val->u.caName.data, choice_trusted_cas_caName); } else if (tagnum == choice_trusted_cas_issuerAndSerial) { val->choice = choice_trusted_cas_issuerAndSerial; + val->u.issuerAndSerial.data = NULL; get_implicit_octet_string(val->u.issuerAndSerial.length, val->u.issuerAndSerial.data, choice_trusted_cas_issuerAndSerial); - } else return ASN1_BAD_ID; + } else clean_return(ASN1_BAD_ID); end_choice(); } - cleanup(); + return 0; +error_out: + if (val->choice == choice_trusted_cas_caName) + free(val->u.caName.data); + else if (val->choice == choice_trusted_cas_issuerAndSerial) + free(val->u.issuerAndSerial.data); + val->choice = choice_trusted_cas_UNKNOWN; + return retval; } #endif +asn1_error_code +asn1_decode_trusted_ca_ptr(asn1buf *buf, krb5_trusted_ca **valptr) +{ + decode_ptr(krb5_trusted_ca *, asn1_decode_trusted_ca); +} + +static void free_trusted_ca(void *dummy, krb5_trusted_ca *val) +{ + if (val->choice == choice_trusted_cas_caName) + free(val->u.caName.data); + else if (val->choice == choice_trusted_cas_issuerAndSerial) + free(val->u.issuerAndSerial.data); + free(val); +} + asn1_error_code asn1_decode_sequence_of_trusted_ca(asn1buf *buf, krb5_trusted_ca ***val) { - decode_array_body(krb5_trusted_ca, asn1_decode_trusted_ca); + decode_array_body(krb5_trusted_ca, asn1_decode_trusted_ca_ptr, + free_trusted_ca); } asn1_error_code asn1_decode_pa_pk_as_req_draft9(asn1buf *buf, krb5_pa_pk_as_req_draft9 *val) { + int i; setup(); + val->signedAuthPack.data = NULL; + val->kdcCert.data = NULL; + val->encryptionCert.data = NULL; + val->trustedCertifiers = NULL; { begin_structure(); get_implicit_octet_string(val->signedAuthPack.length, val->signedAuthPack.data, 0); opt_field(val->trustedCertifiers, 1, asn1_decode_sequence_of_trusted_ca, NULL); @@ -1347,24 +1828,47 @@ opt_lenfield(val->encryptionCert.length, val->encryptionCert.data, 2, asn1_decode_octetstring); end_structure(); } - cleanup(); + return 0; +error_out: + free(val->signedAuthPack.data); + free(val->kdcCert.data); + free(val->encryptionCert.data); + if (val->trustedCertifiers) { + for (i = 0; val->trustedCertifiers[i]; i++) + free_trusted_ca(NULL, val->trustedCertifiers[i]); + free(val->trustedCertifiers); + } + val->signedAuthPack.data = NULL; + val->kdcCert.data = NULL; + val->encryptionCert.data = NULL; + val->trustedCertifiers = NULL; + return retval; } asn1_error_code asn1_decode_dh_rep_info(asn1buf *buf, krb5_dh_rep_info *val) { setup(); + val->dhSignedData.data = NULL; + val->serverDHNonce.data = NULL; { begin_structure(); get_implicit_octet_string(val->dhSignedData.length, val->dhSignedData.data, 0); opt_lenfield(val->serverDHNonce.length, val->serverDHNonce.data, 1, asn1_decode_octetstring); end_structure(); } - cleanup(); + return 0; +error_out: + free(val->dhSignedData.data); + free(val->serverDHNonce.data); + val->dhSignedData.data = NULL; + val->serverDHNonce.data = NULL; + return retval; } asn1_error_code asn1_decode_pk_authenticator(asn1buf *buf, krb5_pk_authenticator *val) { setup(); + val->paChecksum.contents = NULL; { begin_structure(); get_field(val->cusec, 0, asn1_decode_int32); get_field(val->ctime, 1, asn1_decode_kerberos_time); @@ -1372,14 +1876,19 @@ opt_lenfield(val->paChecksum.length, val->paChecksum.contents, 3, asn1_decode_octetstring); end_structure(); } - cleanup(); + return 0; +error_out: + krb5_free_checksum_contents(NULL, &val->paChecksum); + return retval; } asn1_error_code asn1_decode_pk_authenticator_draft9(asn1buf *buf, krb5_pk_authenticator_draft9 *val) { setup(); + val->kdcName = NULL; + val->kdcRealm.data = NULL; { begin_structure(); - alloc_field(val->kdcName,krb5_principal_data); + alloc_principal(val->kdcName); get_field(val->kdcName, 0, asn1_decode_principal_name); get_field(val->kdcName, 1, asn1_decode_realm); get_field(val->cusec, 2, asn1_decode_int32); @@ -1387,19 +1896,24 @@ get_field(val->nonce, 4, asn1_decode_int32); end_structure(); } - cleanup(); + return 0; +error_out: + krb5_free_principal(NULL, val->kdcName); + return retval; } asn1_error_code asn1_decode_algorithm_identifier(asn1buf *buf, krb5_algorithm_identifier *val) { setup(); + val->algorithm.data = NULL; + val->parameters.data = NULL; { begin_structure_no_tag(); /* * Forbid indefinite encoding because we don't read enough tag * information from the trailing octets ("ANY DEFINED BY") to * synchronize EOC tags, etc. */ - if (seqindef) return ASN1_BAD_FORMAT; + if (seqindef) clean_return(ASN1_BAD_FORMAT); /* * Set up tag variables because we don't actually call anything * that fetches tag info for us; it's all buried in the decoder @@ -1412,7 +1926,7 @@ indef = 0; retval = asn1_decode_oid(&subbuf, &val->algorithm.length, &val->algorithm.data); - if (retval) return retval; + if (retval) clean_return(retval); val->parameters.length = 0; val->parameters.data = NULL; @@ -1421,43 +1935,59 @@ unsigned int size = length - (subbuf.next - subbuf.base); retval = asn1buf_remove_octetstring(&subbuf, size, &val->parameters.data); - if (retval) return retval; + if (retval) clean_return(retval); val->parameters.length = size; } end_structure(); } - cleanup(); + return 0; +error_out: + free(val->algorithm.data); + free(val->parameters.data); + val->algorithm.data = NULL; + val->parameters.data = NULL; + return retval; } +asn1_error_code +asn1_decode_algorithm_identifier_ptr(asn1buf *buf, + krb5_algorithm_identifier **valptr) +{ + decode_ptr(krb5_algorithm_identifier *, asn1_decode_algorithm_identifier); +} + asn1_error_code asn1_decode_subject_pk_info(asn1buf *buf, krb5_subject_pk_info *val) { asn1_octet unused; setup(); + val->algorithm.algorithm.data = NULL; + val->algorithm.parameters.data = NULL; + val->subjectPublicKey.data = NULL; { begin_structure_no_tag(); retval = asn1_decode_algorithm_identifier(&subbuf, &val->algorithm); - if (retval) return retval; + if (retval) clean_return(retval); /* SubjectPublicKey encoded as a BIT STRING */ next_tag(); if (asn1class != UNIVERSAL || construction != PRIMITIVE || tagnum != ASN1_BITSTRING) - return ASN1_BAD_ID; + clean_return(ASN1_BAD_ID); retval = asn1buf_remove_octet(&subbuf, &unused); - if (retval) return retval; + if (retval) clean_return(retval); /* Number of unused bits must be between 0 and 7. */ /* What to do if unused is not zero? */ - if (unused > 7) return ASN1_BAD_FORMAT; + if (unused > 7) clean_return(ASN1_BAD_FORMAT); taglen--; val->subjectPublicKey.length = 0; val->subjectPublicKey.data = NULL; retval = asn1buf_remove_octetstring(&subbuf, taglen, &val->subjectPublicKey.data); - if (retval) return retval; + if (retval) clean_return(retval); val->subjectPublicKey.length = taglen; /* * We didn't call any macro that does next_tag(); do so now to @@ -1466,77 +1996,137 @@ next_tag(); end_structure(); } - cleanup(); + return 0; +error_out: + free(val->algorithm.algorithm.data); + free(val->algorithm.parameters.data); + free(val->subjectPublicKey.data); + val->algorithm.algorithm.data = NULL; + val->algorithm.parameters.data = NULL; + val->subjectPublicKey.data = NULL; + return 0; } +static void +free_algorithm_identifier(void *dummy, krb5_algorithm_identifier *val) +{ + free(val->algorithm.data); + free(val->parameters.data); + free(val); +} + asn1_error_code asn1_decode_sequence_of_algorithm_identifier(asn1buf *buf, krb5_algorithm_identifier ***val) { - decode_array_body(krb5_algorithm_identifier, asn1_decode_algorithm_identifier); + decode_array_body(krb5_algorithm_identifier, + asn1_decode_algorithm_identifier_ptr, + free_algorithm_identifier); } asn1_error_code asn1_decode_kdc_dh_key_info (asn1buf *buf, krb5_kdc_dh_key_info *val) { setup(); + val->subjectPublicKey.data = NULL; { begin_structure(); retval = asn1buf_remove_octetstring(&subbuf, taglen, &val->subjectPublicKey.data); - if (retval) return retval; + if (retval) clean_return(retval); val->subjectPublicKey.length = taglen; next_tag(); get_field(val->nonce, 1, asn1_decode_int32); opt_field(val->dhKeyExpiration, 2, asn1_decode_kerberos_time, 0); end_structure(); } - cleanup(); + return 0; +error_out: + free(val->subjectPublicKey.data); + val->subjectPublicKey.data = NULL; + return retval; } asn1_error_code asn1_decode_reply_key_pack (asn1buf *buf, krb5_reply_key_pack *val) { setup(); + val->replyKey.contents = NULL; + val->asChecksum.contents = NULL; { begin_structure(); get_field(val->replyKey, 0, asn1_decode_encryption_key); get_field(val->asChecksum, 1, asn1_decode_checksum); end_structure(); } - cleanup(); + return 0; +error_out: + free(val->replyKey.contents); + free(val->asChecksum.contents); + val->replyKey.contents = NULL; + val->asChecksum.contents = NULL; + return retval; } asn1_error_code asn1_decode_reply_key_pack_draft9 (asn1buf *buf, krb5_reply_key_pack_draft9 *val) { setup(); + val->replyKey.contents = NULL; { begin_structure(); get_field(val->replyKey, 0, asn1_decode_encryption_key); get_field(val->nonce, 1, asn1_decode_int32); end_structure(); } - cleanup(); + return 0; +error_out: + free(val->replyKey.contents); + val->replyKey.contents = NULL; + return retval; } asn1_error_code asn1_decode_krb5_principal_name (asn1buf *buf, krb5_principal *val) { + int i; setup(); + (*val)->realm.data = NULL; + (*val)->data = NULL; { begin_structure(); get_field(*val, 0, asn1_decode_realm); get_field(*val, 1, asn1_decode_principal_name); end_structure(); } - cleanup(); + return 0; +error_out: + krb5_free_data_contents(NULL, &(*val)->realm); + if ((*val)->data) { + for (i = 0; i < (*val)->length; i++) + krb5_free_data_contents(NULL, &(*val)->data[i]); + free((*val)->data); + } + (*val)->realm.data = NULL; + (*val)->data = NULL; + return retval; } asn1_error_code asn1_decode_auth_pack(asn1buf *buf, krb5_auth_pack *val) { + int i; setup(); + val->clientPublicValue = NULL; + val->pkAuthenticator.paChecksum.contents = NULL; + val->supportedCMSTypes = NULL; + val->clientDHNonce.data = NULL; { begin_structure(); get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator); - if (tagnum == 1) { alloc_field(val->clientPublicValue, krb5_subject_pk_info); } + if (tagnum == 1) { + alloc_field(val->clientPublicValue); + val->clientPublicValue->algorithm.algorithm.data = NULL; + val->clientPublicValue->algorithm.parameters.data = NULL; + val->clientPublicValue->subjectPublicKey.data = NULL; + } /* can't call opt_field because it does decoder(&subbuf, &(val)); */ if (asn1buf_remains(&subbuf, seqindef)) { if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) && (tagnum || taglen || asn1class != UNIVERSAL)) - return ASN1_BAD_ID; + clean_return(ASN1_BAD_ID); if (tagnum == 1) { retval = asn1_decode_subject_pk_info(&subbuf, val->clientPublicValue); + if (retval) clean_return(retval); if (!taglen && indef) { get_eoc(); } next_tag(); } else val->clientPublicValue = NULL; @@ -1544,7 +2134,8 @@ /* can't call opt_field because it does decoder(&subbuf, &(val)); */ if (asn1buf_remains(&subbuf, seqindef)) { if (tagnum == 2) { - asn1_decode_sequence_of_algorithm_identifier(&subbuf, &val->supportedCMSTypes); + retval = asn1_decode_sequence_of_algorithm_identifier(&subbuf, &val->supportedCMSTypes); + if (retval) clean_return(retval); if (!taglen && indef) { get_eoc(); } next_tag(); } else val->supportedCMSTypes = NULL; @@ -1552,24 +2143,49 @@ opt_lenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_decode_octetstring); end_structure(); } - cleanup(); + return 0; +error_out: + if (val->clientPublicValue) { + free(val->clientPublicValue->algorithm.algorithm.data); + free(val->clientPublicValue->algorithm.parameters.data); + free(val->clientPublicValue->subjectPublicKey.data); + free(val->clientPublicValue); + } + free(val->pkAuthenticator.paChecksum.contents); + if (val->supportedCMSTypes) { + for (i = 0; val->supportedCMSTypes[i]; i++) + free_algorithm_identifier(NULL, val->supportedCMSTypes[i]); + free(val->supportedCMSTypes); + } + free(val->clientDHNonce.data); + val->clientPublicValue = NULL; + val->pkAuthenticator.paChecksum.contents = NULL; + val->supportedCMSTypes = NULL; + val->clientDHNonce.data = NULL; + return retval; } asn1_error_code asn1_decode_auth_pack_draft9(asn1buf *buf, krb5_auth_pack_draft9 *val) { setup(); + val->pkAuthenticator.kdcName = NULL; + val->clientPublicValue = NULL; { begin_structure(); get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator_draft9); if (tagnum == 1) { - alloc_field(val->clientPublicValue, krb5_subject_pk_info); + alloc_field(val->clientPublicValue); + val->clientPublicValue->algorithm.algorithm.data = NULL; + val->clientPublicValue->algorithm.parameters.data = NULL; + val->clientPublicValue->subjectPublicKey.data = NULL; /* can't call opt_field because it does decoder(&subbuf, &(val)); */ if (asn1buf_remains(&subbuf, seqindef)) { if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) && (tagnum || taglen || asn1class != UNIVERSAL)) - return ASN1_BAD_ID; + clean_return(ASN1_BAD_ID); if (tagnum == 1) { retval = asn1_decode_subject_pk_info(&subbuf, val->clientPublicValue); + if (retval) clean_return(retval); if (!taglen && indef) { get_eoc(); } next_tag(); } else val->clientPublicValue = NULL; @@ -1577,18 +2193,33 @@ } end_structure(); } - cleanup(); + return 0; +error_out: + free(val->pkAuthenticator.kdcName); + if (val->clientPublicValue) { + free(val->clientPublicValue->algorithm.algorithm.data); + free(val->clientPublicValue->algorithm.parameters.data); + free(val->clientPublicValue->subjectPublicKey.data); + free(val->clientPublicValue); + } + val->pkAuthenticator.kdcName = NULL; + val->clientPublicValue = NULL; + return retval; } asn1_error_code asn1_decode_pa_pk_as_rep(asn1buf *buf, krb5_pa_pk_as_rep *val) { setup(); + val->choice = choice_pa_pk_as_rep_UNKNOWN; { begin_choice(); if (tagnum == choice_pa_pk_as_rep_dhInfo) { val->choice = choice_pa_pk_as_rep_dhInfo; + val->u.dh_Info.dhSignedData.data = NULL; + val->u.dh_Info.serverDHNonce.data = NULL; get_field_body(val->u.dh_Info, asn1_decode_dh_rep_info); } else if (tagnum == choice_pa_pk_as_rep_encKeyPack) { val->choice = choice_pa_pk_as_rep_encKeyPack; + val->u.encKeyPack.data = NULL; get_implicit_octet_string(val->u.encKeyPack.length, val->u.encKeyPack.data, choice_pa_pk_as_rep_encKeyPack); } else { @@ -1596,19 +2227,31 @@ } end_choice(); } - cleanup(); + return 0; +error_out: + if (val->choice == choice_pa_pk_as_rep_dhInfo) { + free(val->u.dh_Info.dhSignedData.data); + free(val->u.dh_Info.serverDHNonce.data); + } else if (val->choice == choice_pa_pk_as_rep_encKeyPack) { + free(val->u.encKeyPack.data); + } + val->choice = choice_pa_pk_as_rep_UNKNOWN; + return retval; } asn1_error_code asn1_decode_pa_pk_as_rep_draft9(asn1buf *buf, krb5_pa_pk_as_rep_draft9 *val) { setup(); + val->choice = choice_pa_pk_as_rep_draft9_UNKNOWN; { begin_structure(); if (tagnum == choice_pa_pk_as_rep_draft9_dhSignedData) { val->choice = choice_pa_pk_as_rep_draft9_dhSignedData; + val->u.dhSignedData.data = NULL; get_lenfield(val->u.dhSignedData.length, val->u.dhSignedData.data, choice_pa_pk_as_rep_draft9_dhSignedData, asn1_decode_octetstring); } else if (tagnum == choice_pa_pk_as_rep_draft9_encKeyPack) { val->choice = choice_pa_pk_as_rep_draft9_encKeyPack; + val->u.encKeyPack.data = NULL; get_lenfield(val->u.encKeyPack.length, val->u.encKeyPack.data, choice_pa_pk_as_rep_draft9_encKeyPack, asn1_decode_octetstring); } else { @@ -1616,22 +2259,47 @@ } end_structure(); } - cleanup(); + return 0; +error_out: + if (val->choice == choice_pa_pk_as_rep_draft9_dhSignedData) + free(val->u.dhSignedData.data); + else if (val->choice == choice_pa_pk_as_rep_draft9_encKeyPack) + free(val->u.encKeyPack.data); + val->choice = choice_pa_pk_as_rep_draft9_UNKNOWN; + return retval; } +static void free_typed_data(void *dummy, krb5_typed_data *val) +{ + free(val->data); + free(val); +} + asn1_error_code asn1_decode_sequence_of_typed_data(asn1buf *buf, krb5_typed_data ***val) { - decode_array_body(krb5_typed_data,asn1_decode_typed_data); + decode_array_body(krb5_typed_data,asn1_decode_typed_data_ptr, + free_typed_data); } asn1_error_code asn1_decode_typed_data(asn1buf *buf, krb5_typed_data *val) { setup(); + val->data = NULL; { begin_structure(); get_field(val->type,0,asn1_decode_int32); get_lenfield(val->length,val->data,1,asn1_decode_octetstring); end_structure(); } - cleanup(); + return 0; +error_out: + free(val->data); + val->data = NULL; + return retval; } + +asn1_error_code +asn1_decode_typed_data_ptr(asn1buf *buf, krb5_typed_data **valptr) +{ + decode_ptr(krb5_typed_data *, asn1_decode_typed_data); +} #endif /* DISABLE_PKINIT */ Modified: trunk/src/lib/krb5/asn.1/asn1_k_decode.h =================================================================== --- trunk/src/lib/krb5/asn.1/asn1_k_decode.h 2009-02-13 22:03:37 UTC (rev 22003) +++ trunk/src/lib/krb5/asn.1/asn1_k_decode.h 2009-02-13 22:05:48 UTC (rev 22004) @@ -104,8 +104,12 @@ (asn1buf *buf, krb5_principal *val); asn1_error_code asn1_decode_checksum (asn1buf *buf, krb5_checksum *val); +asn1_error_code asn1_decode_checksum_ptr + (asn1buf *buf, krb5_checksum **valptr); asn1_error_code asn1_decode_encryption_key (asn1buf *buf, krb5_keyblock *val); +asn1_error_code asn1_decode_encryption_key_ptr + (asn1buf *buf, krb5_keyblock **valptr); asn1_error_code asn1_decode_encrypted_data (asn1buf *buf, krb5_enc_data *val); asn1_error_code asn1_decode_ticket_flags @@ -122,6 +126,8 @@ (asn1buf *buf, krb5_flags *val); asn1_error_code asn1_decode_ticket (asn1buf *buf, krb5_ticket *val); +asn1_error_code asn1_decode_ticket_ptr + (asn1buf *buf, krb5_ticket **valptr); asn1_error_code asn1_decode_kdc_req (asn1buf *buf, krb5_kdc_req *val); asn1_error_code asn1_decode_kdc_req_body @@ -130,18 +136,30 @@ (asn1buf *buf, krb5_safe *val); asn1_error_code asn1_decode_host_address (asn1buf *buf, krb5_address *val); +asn1_error_code asn1_decode_host_address_ptr + (asn1buf *buf, krb5_address **valptr); asn1_error_code asn1_decode_kdc_rep (asn1buf *buf, krb5_kdc_rep *val); asn1_error_code asn1_decode_last_req_entry (asn1buf *buf, krb5_last_req_entry *val); +asn1_error_code asn1_decode_last_req_entry_ptr + (asn1buf *buf, krb5_last_req_entry **valptr); asn1_error_code asn1_decode_authdata_elt (asn1buf *buf, krb5_authdata *val); +asn1_error_code asn1_decode_authdata_elt_ptr + (asn1buf *buf, krb5_authdata **valptr); asn1_error_code asn1_decode_krb_cred_info (asn1buf *buf, krb5_cred_info *val); +asn1_error_code asn1_decode_krb_cred_info_ptr + (asn1buf *buf, krb5_cred_info **valptr); asn1_error_code asn1_decode_pa_data (asn1buf *buf, krb5_pa_data *val); +asn1_error_code asn1_decode_pa_data_ptr + (asn1buf *buf, krb5_pa_data **valptr); asn1_error_code asn1_decode_passwdsequence (asn1buf *buf, passwd_phrase_element *val); +asn1_error_code asn1_decode_passwdsequence_ptr + (asn1buf *buf, passwd_phrase_element **valptr); asn1_error_code asn1_decode_sam_challenge (asn1buf *buf, krb5_sam_challenge *val); asn1_error_code asn1_decode_sam_challenge_2 @@ -162,10 +180,14 @@ (asn1buf *buf, krb5_predicted_sam_response *val); asn1_error_code asn1_decode_external_principal_identifier (asn1buf *buf, krb5_external_principal_identifier *val); +asn1_error_code asn1_decode_external_principal_identifier_ptr + (asn1buf *buf, krb5_external_principal_identifier **valptr); asn1_error_code asn1_decode_pa_pk_as_req (asn1buf *buf, krb5_pa_pk_as_req *val); asn1_error_code asn1_decode_trusted_ca (asn1buf *buf, krb5_trusted_ca *val); +asn1_error_code asn1_decode_trusted_ca_ptr + (asn1buf *buf, krb5_trusted_ca **valptr); asn1_error_code asn1_decode_pa_pk_as_req_draft9 (asn1buf *buf, krb5_pa_pk_as_req_draft9 *val); asn1_error_code asn1_decode_dh_rep_info @@ -178,6 +200,8 @@ (asn1buf *buf, krb5_subject_pk_info *val); asn1_error_code asn1_decode_algorithm_identifier (asn1buf *buf, krb5_algorithm_identifier *val); +asn1_error_code asn1_decode_algorithm_identifier_ptr + (asn1buf *buf, krb5_algorithm_identifier **valptr); asn1_error_code asn1_decode_auth_pack (asn1buf *buf, krb5_auth_pack *val); asn1_error_code asn1_decode_auth_pack_draft9 @@ -198,6 +222,8 @@ (asn1buf *buf, krb5_typed_data ***val); asn1_error_code asn1_decode_typed_data (asn1buf *buf, krb5_typed_data *val); +asn1_error_code asn1_decode_typed_data_ptr + (asn1buf *buf, krb5_typed_data **valptr); /* arrays */ asn1_error_code asn1_decode_authorization_data Modified: trunk/src/lib/krb5/asn.1/krb5_decode.c =================================================================== --- trunk/src/lib/krb5/asn.1/krb5_decode.c 2009-02-13 22:03:37 UTC (rev 22003) +++ trunk/src/lib/krb5/asn.1/krb5_decode.c 2009-02-13 22:05:48 UTC (rev 22004) @@ -65,6 +65,15 @@ var = calloc(1,sizeof(*var));\ if ((var) == NULL) clean_return(ENOMEM) +/* + * Allocate a principal and initialize enough fields for + * krb5_free_principal to have defined behavior. + */ +#define alloc_principal(var) \ + alloc_field(var); \ + var->realm.data = NULL; \ + var->data = NULL + /* process encoding header ***************************************/ /* decode tag and check that it == [APPLICATION tagnum] */ #define check_apptag(tagexpect) \ @@ -227,22 +236,20 @@ clear_field(rep,subkey); clear_field(rep,checksum); clear_field(rep,client); + clear_field(rep,authorization_data); check_apptag(2); { begin_structure(); { krb5_kvno kvno; get_field(kvno,0,asn1_decode_kvno); if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - alloc_field(rep->client); + alloc_principal(rep->client); get_field(rep->client,1,asn1_decode_realm); get_field(rep->client,2,asn1_decode_principal_name); - if (tagnum == 3) { - alloc_field(rep->checksum); - get_field(*(rep->checksum),3,asn1_decode_checksum); } + opt_field(rep->checksum,3,asn1_decode_checksum_ptr); get_field(rep->cusec,4,asn1_decode_int32); get_field(rep->ctime,5,asn1_decode_kerberos_time); - if (tagnum == 6) { alloc_field(rep->subkey); } - opt_field(*(rep->subkey),6,asn1_decode_encryption_key); + opt_field(rep->subkey,6,asn1_decode_encryption_key_ptr); opt_field(rep->seq_number,7,asn1_decode_seqnum); opt_field(rep->authorization_data,8,asn1_decode_authorization_data); rep->magic = KV5M_AUTHENTICATOR; @@ -250,12 +257,7 @@ } cleanup_manual(); error_out: - if (rep) { - free_field(rep,subkey); - free_field(rep,checksum); - free_field(rep,client); - free(rep); - } + krb5_free_authenticator(NULL, rep); return retval; } #endif @@ -273,6 +275,8 @@ setup(krb5_ticket *); alloc_field(rep); clear_field(rep,server); + clear_field(rep,enc_part.ciphertext.data); + clear_field(rep,enc_part2); check_apptag(1); { begin_structure(); @@ -280,7 +284,7 @@ get_field(kvno,0,asn1_decode_kvno); if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - alloc_field(rep->server); + alloc_principal(rep->server); get_field(rep->server,1,asn1_decode_realm); get_field(rep->server,2,asn1_decode_principal_name); get_field(rep->enc_part,3,asn1_decode_encrypted_data); @@ -289,10 +293,7 @@ } cleanup_manual(); error_out: - if (rep) { - free_field(rep,server); - free(rep); - } + krb5_free_ticket(NULL, rep); return retval; } @@ -301,6 +302,7 @@ { setup(krb5_keyblock *); alloc_field(rep); + clear_field(rep,contents); { begin_structure(); get_field(rep->enctype,0,asn1_decode_enctype); @@ -308,7 +310,10 @@ end_structure(); rep->magic = KV5M_KEYBLOCK; } - cleanup(free); + cleanup_manual(); +error_out: + krb5_free_keyblock(NULL, rep); + return retval; } krb5_error_code @@ -318,13 +323,15 @@ alloc_field(rep); clear_field(rep,session); clear_field(rep,client); + clear_field(rep,transited.tr_contents.data); + clear_field(rep,caddrs); + clear_field(rep,authorization_data); check_apptag(3); { begin_structure(); get_field(rep->flags,0,asn1_decode_ticket_flags); - alloc_field(rep->session); - get_field(*(rep->session),1,asn1_decode_encryption_key); - alloc_field(rep->client); + get_field(rep->session,1,asn1_decode_encryption_key_ptr); + alloc_principal(rep->client); get_field(rep->client,2,asn1_decode_realm); get_field(rep->client,3,asn1_decode_principal_name); get_field(rep->transited,4,asn1_decode_transited_encoding); @@ -342,11 +349,7 @@ } cleanup_manual(); error_out: - if (rep) { - free_field(rep,session); - free_field(rep,client); - free(rep); - } + krb5_free_enc_tkt_part(NULL, rep); return retval; } @@ -376,6 +379,11 @@ { setup_no_length(krb5_kdc_rep *); alloc_field(rep); + clear_field(rep,padata); + clear_field(rep,client); + clear_field(rep,ticket); + clear_field(rep,enc_part.ciphertext.data); + clear_field(rep,enc_part2); check_apptag(11); retval = asn1_decode_kdc_rep(&buf,rep); @@ -385,7 +393,10 @@ clean_return(KRB5_BADMSGTYPE); #endif - cleanup(free); + cleanup_manual(); +error_out: + krb5_free_kdc_rep(NULL, rep); + return retval; } krb5_error_code @@ -393,6 +404,11 @@ { setup_no_length(krb5_kdc_rep *); alloc_field(rep); + clear_field(rep,padata); + clear_field(rep,client); + clear_field(rep,ticket); + clear_field(rep,enc_part.ciphertext.data); + clear_field(rep,enc_part2); check_apptag(13); retval = asn1_decode_kdc_rep(&buf,rep); @@ -401,7 +417,10 @@ if (rep->msg_type != KRB5_TGS_REP) clean_return(KRB5_BADMSGTYPE); #endif - cleanup(free); + cleanup_manual(); +error_out: + krb5_free_kdc_rep(NULL, rep); + return retval; } krb5_error_code @@ -410,6 +429,7 @@ setup(krb5_ap_req *); alloc_field(rep); clear_field(rep,ticket); + clear_field(rep,authenticator.ciphertext.data); check_apptag(14); { begin_structure(); @@ -423,18 +443,14 @@ #endif } get_field(rep->ap_options,2,asn1_decode_ap_options); - alloc_field(rep->ticket); - get_field(*(rep->ticket),3,asn1_decode_ticket); + get_field(rep->ticket,3,asn1_decode_ticket_ptr); get_field(rep->authenticator,4,asn1_decode_encrypted_data); end_structure(); rep->magic = KV5M_AP_REQ; } cleanup_manual(); error_out: - if (rep) { - free_field(rep,ticket); - free(rep); - } + krb5_free_ap_req(NULL, rep); return retval; } @@ -443,6 +459,7 @@ { setup(krb5_ap_rep *); alloc_field(rep); + clear_field(rep,enc_part.ciphertext.data); check_apptag(15); { begin_structure(); @@ -459,7 +476,10 @@ end_structure(); rep->magic = KV5M_AP_REP; } - cleanup(free); + cleanup_manual(); +error_out: + krb5_free_ap_rep(NULL, rep); + return retval; } krb5_error_code @@ -474,18 +494,14 @@ { begin_structure(); get_field(rep->ctime,0,asn1_decode_kerberos_time); get_field(rep->cusec,1,asn1_decode_int32); - if (tagnum == 2) { alloc_field(rep->subkey); } - opt_field(*(rep->subkey),2,asn1_decode_encryption_key); + opt_field(rep->subkey,2,asn1_decode_encryption_key_ptr); opt_field(rep->seq_number,3,asn1_decode_seqnum); end_structure(); rep->magic = KV5M_AP_REP_ENC_PART; } cleanup_manual(); error_out: - if (rep) { - free_field(rep,subkey); - free(rep); - } + krb5_free_ap_rep_enc_part(NULL, rep); return retval; } @@ -494,6 +510,14 @@ { setup_no_length(krb5_kdc_req *); alloc_field(rep); + clear_field(rep,padata); + clear_field(rep,client); + clear_field(rep,server); + clear_field(rep,ktype); + clear_field(rep,addresses); + clear_field(rep,authorization_data.ciphertext.data); + clear_field(rep,unenc_authdata); + clear_field(rep,second_ticket); check_apptag(10); retval = asn1_decode_kdc_req(&buf,rep); @@ -502,7 +526,10 @@ if (rep->msg_type != KRB5_AS_REQ) clean_return(KRB5_BADMSGTYPE); #endif - cleanup(free); + cleanup_manual(); +error_out: + krb5_free_kdc_req(NULL, rep); + return retval; } krb5_error_code @@ -510,6 +537,14 @@ { setup_no_length(krb5_kdc_req *); alloc_field(rep); + clear_field(rep,padata); + clear_field(rep,client); + clear_field(rep,server); + clear_field(rep,ktype); + clear_field(rep,addresses); + clear_field(rep,authorization_data.ciphertext.data); + clear_field(rep,unenc_authdata); + clear_field(rep,second_ticket); check_apptag(12); retval = asn1_decode_kdc_req(&buf,rep); @@ -518,7 +553,10 @@ if (rep->msg_type != KRB5_TGS_REQ) clean_return(KRB5_BADMSGTYPE); #endif - cleanup(free); + cleanup_manual(); +error_out: + krb5_free_kdc_req(NULL, rep); + return retval; } krb5_error_code @@ -554,6 +592,9 @@ krb5_data tmpbody; setup(krb5_safe *); alloc_field(rep); + clear_field(rep,user_data.data); + clear_field(rep,r_address); + clear_field(rep,s_address); clear_field(rep,checksum); tmpbody.magic = 0; @@ -581,8 +622,7 @@ tmpbody.data = NULL; } get_field(*rep,2,asn1_decode_krb_safe_body); - alloc_field(rep->checksum); - get_field(*(rep->checksum),3,asn1_decode_checksum); + get_field(rep->checksum,3,asn1_decode_checksum_ptr); rep->magic = KV5M_SAFE; end_structure(); } @@ -590,10 +630,7 @@ *body = tmpbody; cleanup_manual(); error_out: - if (rep) { - free_field(rep,checksum); - free(rep); - } + krb5_free_safe(NULL, rep); return retval; } @@ -608,6 +645,7 @@ { setup(krb5_priv *); alloc_field(rep); + clear_field(rep,enc_part.ciphertext.data); check_apptag(21); { begin_structure(); @@ -624,7 +662,10 @@ rep->magic = KV5M_PRIV; end_structure(); } - cleanup(free); + cleanup_manual(); +error_out: + krb5_free_priv(NULL, rep); + return retval; } krb5_error_code @@ -632,6 +673,7 @@ { setup(krb5_priv_enc_part *); alloc_field(rep); + clear_field(rep,user_data.data); clear_field(rep,r_address); clear_field(rep,s_address); @@ -641,20 +683,14 @@ opt_field(rep->timestamp,1,asn1_decode_kerberos_time); opt_field(rep->usec,2,asn1_decode_int32); opt_field(rep->seq_number,3,asn1_decode_seqnum); - alloc_field(rep->s_address); - get_field(*(rep->s_address),4,asn1_decode_host_address); - if (tagnum == 5) { alloc_field(rep->r_address); } - opt_field(*(rep->r_address),5,asn1_decode_host_address); + get_field(rep->s_address,4,asn1_decode_host_address_ptr); + opt_field(rep->r_address,5,asn1_decode_host_address_ptr); rep->magic = KV5M_PRIV_ENC_PART; end_structure(); } cleanup_manual(); error_out: - if (rep) { - free_field(rep,r_address); - free_field(rep,s_address); - free(rep); - } + krb5_free_priv_enc_part(NULL, rep); return retval; } @@ -663,6 +699,8 @@ { setup(krb5_cred *); alloc_field(rep); + clear_field(rep,tickets); + clear_field(rep,enc_part.ciphertext.data); check_apptag(22); { begin_structure(); @@ -680,7 +718,10 @@ rep->magic = KV5M_CRED; end_structure(); } - cleanup(free); + cleanup_manual(); +error_out: + krb5_free_cred(NULL, rep); + return retval; } krb5_error_code @@ -690,6 +731,7 @@ alloc_field(rep); clear_field(rep,r_address); clear_field(rep,s_address); + clear_field(rep,ticket_info); check_apptag(29); { begin_structure(); @@ -697,20 +739,16 @@ opt_field(rep->nonce,1,asn1_decode_int32); opt_field(rep->timestamp,2,asn1_decode_kerberos_time); opt_field(rep->usec,3,asn1_decode_int32); - if (tagnum == 4) { alloc_field(rep->s_address); } - opt_field(*(rep->s_address),4,asn1_decode_host_address); - if (tagnum == 5) { alloc_field(rep->r_address); } - opt_field(*(rep->r_address),5,asn1_decode_host_address); + opt_field(rep->s_address,4,asn1_decode_host_address_ptr); + opt_field(rep->r_address,5,asn1_decode_host_address_ptr); rep->magic = KV5M_CRED_ENC_PART; end_structure(); } cleanup_manual(); error_out: - if (rep) { - free_field(rep,r_address); - free_field(rep,s_address); - free(rep); - } + /* Despite the name, krb5_free_cred_enc_part is contents only. */ + krb5_free_cred_enc_part(NULL, rep); + free(rep); return retval; } @@ -722,6 +760,8 @@ alloc_field(rep); clear_field(rep,server); clear_field(rep,client); + clear_field(rep,text.data); + clear_field(rep,e_data.data); check_apptag(30); { begin_structure(); @@ -739,10 +779,10 @@ get_field(rep->stime,4,asn1_decode_kerberos_time); get_field(rep->susec,5,asn1_decode_int32); get_field(rep->error,6,asn1_decode_ui_4); - if (tagnum == 7) { alloc_field(rep->client); } + if (tagnum == 7) { alloc_principal(rep->client); } opt_field(rep->client,7,asn1_decode_realm); opt_field(rep->client,8,asn1_decode_principal_name); - alloc_field(rep->server); + alloc_principal(rep->server); get_field(rep->server,9,asn1_decode_realm); get_field(rep->server,10,asn1_decode_principal_name); opt_lenfield(rep->text.length,rep->text.data,11,asn1_decode_generalstring); @@ -752,11 +792,7 @@ } cleanup_manual(); error_out: - if (rep) { - free_field(rep,server); - free_field(rep,client); - free(rep); - } + krb5_free_error(NULL, rep); return retval; } @@ -784,12 +820,16 @@ { setup(krb5_pwd_data *); alloc_field(rep); + clear_field(rep,element); { begin_structure(); get_field(rep->sequence_count,0,asn1_decode_int); get_field(rep->element,1,asn1_decode_sequence_of_passwdsequence); rep->magic = KV5M_PWD_DATA; end_structure (); } - cleanup(free); + cleanup_manual(); +error_out: + krb5_free_pwd_data(NULL, rep); + return retval; } krb5_error_code @@ -806,6 +846,7 @@ { setup(krb5_alt_method *); alloc_field(rep); + clear_field(rep,data); { begin_structure(); get_field(rep->method,0,asn1_decode_int32); if (tagnum == 1) { @@ -817,7 +858,10 @@ rep->magic = KV5M_ALT_METHOD; end_structure(); } - cleanup(free); + cleanup_manual(); +error_out: + krb5_free_alt_method(NULL, rep); + return retval; } krb5_error_code @@ -1147,14 +1191,7 @@ if (retval) goto error_out; - cleanup_manual(); -error_out: - if (rep) { - free(rep->replyKey.contents); - free(rep->asChecksum.contents); - free(rep); - } - return retval; + cleanup(free); } krb5_error_code From raeburn at MIT.EDU Fri Feb 13 17:23:24 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Fri, 13 Feb 2009 17:23:24 -0500 Subject: svn rev #22005: trunk/src/kdc/ Message-ID: <200902132223.n1DMNOC2018904@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22005 Commit By: raeburn Log Message: Be less verbose about routing-socket messages. Changed Files: U trunk/src/kdc/network.c Modified: trunk/src/kdc/network.c =================================================================== --- trunk/src/kdc/network.c 2009-02-13 22:05:48 UTC (rev 22004) +++ trunk/src/kdc/network.c 2009-02-13 22:23:24 UTC (rev 22005) @@ -809,7 +809,6 @@ int n_read; struct rt_msghdr rtm; - krb5_klog_syslog(LOG_INFO, "routing socket readable"); while ((n_read = read(conn->fd, &rtm, sizeof(rtm))) > 0) { if (n_read < sizeof(rtm)) { /* Quick hack to figure out if the interesting @@ -828,10 +827,12 @@ return; } } +#if 0 krb5_klog_syslog(LOG_INFO, "got routing msg type %d(%s) v%d", rtm.rtm_type, rtm_type_name(rtm.rtm_type), rtm.rtm_version); +#endif if (rtm.rtm_msglen > sizeof(rtm)) { /* It appears we get a partial message and the rest is thrown away? */ @@ -848,7 +849,11 @@ case RTM_IFINFO: case RTM_OLDADD: case RTM_OLDDEL: - krb5_klog_syslog(LOG_INFO, "reconfiguration needed"); +#if 0 + krb5_klog_syslog(LOG_DEBUG, + "network reconfiguration message (%s) received", + rtm_type_name(rtm.rtm_type)); +#endif network_reconfiguration_needed = 1; break; case RTM_RESOLVE: @@ -861,10 +866,14 @@ case RTM_LOSING: case RTM_GET: /* Not interesting. */ +#if 0 krb5_klog_syslog(LOG_DEBUG, "routing msg not interesting"); +#endif break; default: - krb5_klog_syslog(LOG_INFO, "unhandled routing message type, will reconfigure just for the fun of it"); + krb5_klog_syslog(LOG_INFO, + "unhandled routing message type %d, will reconfigure just for the fun of it", + rtm.rtm_type); network_reconfiguration_needed = 1; break; } @@ -1610,7 +1619,9 @@ } if (network_reconfiguration_needed) { - krb5_klog_syslog(LOG_INFO, "network reconfiguration needed"); + /* No point in re-logging what we've just logged. */ + if (netchanged == 0) + krb5_klog_syslog(LOG_INFO, "network reconfiguration needed"); /* It might be tidier to add a timer-callback interface to the control loop here, but for this one use, it's not a big deal. */ From tlyu at MIT.EDU Tue Feb 17 11:10:12 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 17 Feb 2009 11:10:12 -0500 Subject: svn rev #22006: branches/krb5-1-7/src/tests/dejagnu/ krb-standalone/ Message-ID: <200902171610.n1HGACOR023540@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22006 Commit By: tlyu Log Message: ticket: 6355 version_fixed: 1.7 status: resolved pull up r21855 from trunk ------------------------------------------------------------------------ r21855 | raeburn | 2009-01-30 23:39:34 -0500 (Fri, 30 Jan 2009) | 28 lines Changed paths: M /trunk/src/tests/dejagnu/krb-standalone/rcp.exp M /trunk/src/tests/dejagnu/krb-standalone/rsh.exp M /trunk/src/tests/dejagnu/krb-standalone/sample.exp M /trunk/src/tests/dejagnu/t_inetd.c ticket: 6355 subject: use t_inetd with a ready message and avoid waiting a lot in non-root tests target_version: 1.7 tags: pullup Change t_inetd to print a ready message when it has started listening on the indicated port number. Look for this message in sample.exp rather than waiting an arbitrary (and usually excessive) 2s each time for the inetd-mode tests. Use run_once to perform the standalone-mode test only once per test suite invocation. Change rsh and rcp tests to start the servers via t_inetd and avoid excessive waiting at startup. In some of my tests, this reduces the tests/dejagnu tests from taking over 6 minutes to taking around 2 minutes. (This does mean the server process will no longer have started up before we launch the client, so it may be slower to respond, but it'll still be faster than the 2s delay we used before even trying to connect.) We can probably eliminate the -D option code from krshd.c now. The tests run as root (rlogin, telnet) still need updating. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/tests/dejagnu/krb-standalone/rcp.exp U branches/krb5-1-7/src/tests/dejagnu/krb-standalone/rsh.exp U branches/krb5-1-7/src/tests/dejagnu/krb-standalone/sample.exp U branches/krb5-1-7/src/tests/dejagnu/t_inetd.c Modified: branches/krb5-1-7/src/tests/dejagnu/krb-standalone/rcp.exp =================================================================== --- branches/krb5-1-7/src/tests/dejagnu/krb-standalone/rcp.exp 2009-02-13 22:23:24 UTC (rev 22005) +++ branches/krb5-1-7/src/tests/dejagnu/krb-standalone/rcp.exp 2009-02-17 16:10:11 UTC (rev 22006) @@ -36,7 +36,7 @@ proc start_rsh_daemon { } { global REALMNAME - global KRSHD + global KRSHD T_INETD global RCP global tmppwd global krshd_spawn_id @@ -49,21 +49,20 @@ } - # The -D argument tells it to accept a single connection, so we - # don't need to use inetd. The portbase+8 is the port to listen at. - # # The -L ENV_SET is for the I/S Athena brokeness in dot files where # LD_LIBRARY_PATH will be overridden causing the "exec csh -c rcp ..." # to fail as the .cshrc is read in. We do not use the -f option as # a users shell might be sh... # Later a proper fix would be to have kshd exec rcp directly # shell indirection... - spawn $KRSHD -k -c -D [expr 8 + $portbase] -P $tmppwd -S $tmppwd/srvtab -M $REALMNAME -L ENV_SET + spawn $T_INETD [expr 8 + $portbase] $KRSHD $KRSHD -k -c -P $tmppwd -S $tmppwd/srvtab -M $REALMNAME -L ENV_SET set krshd_spawn_id $spawn_id set krshd_pid [exp_pid] - # Give the rsh daemon a few seconds to get set up. - sleep 2 + expect { + -ex "Ready!" { } + eof { error "couldn't start t_inetd helper" } + } } # A procedure to stop the rsh daemon. Modified: branches/krb5-1-7/src/tests/dejagnu/krb-standalone/rsh.exp =================================================================== --- branches/krb5-1-7/src/tests/dejagnu/krb-standalone/rsh.exp 2009-02-13 22:23:24 UTC (rev 22005) +++ branches/krb5-1-7/src/tests/dejagnu/krb-standalone/rsh.exp 2009-02-17 16:10:11 UTC (rev 22006) @@ -35,20 +35,20 @@ proc start_rsh_daemon { option } { global REALMNAME - global KRSHD + global KRSHD T_INETD global tmppwd global krshd_spawn_id global krshd_pid global portbase - # The -D argument tells it to accept a single connection, so we - # don't need to use inetd. The portbase+8 is the port to listen at. - spawn $KRSHD -k -c -D [expr 8 + $portbase] -S $tmppwd/srvtab -M $REALMNAME -A $option + spawn $T_INETD [expr 8 + $portbase] $KRSHD $KRSHD -k -c -S $tmppwd/srvtab -M $REALMNAME -A $option set krshd_spawn_id $spawn_id set krshd_pid [exp_pid] - # Give the rsh daemon a few seconds to get set up. - sleep 2 + expect { + -ex "Ready!" { } + eof { error "couldn't start t_inetd helper" } + } } # A procedure to stop the rsh daemon. Modified: branches/krb5-1-7/src/tests/dejagnu/krb-standalone/sample.exp =================================================================== --- branches/krb5-1-7/src/tests/dejagnu/krb-standalone/sample.exp 2009-02-13 22:23:24 UTC (rev 22005) +++ branches/krb5-1-7/src/tests/dejagnu/krb-standalone/sample.exp 2009-02-17 16:10:11 UTC (rev 22006) @@ -47,6 +47,9 @@ set sserver_spawn_id $spawn_id verbose "sserver_spawn is $sserver_spawn_id" 1 + + # Give sserver some time to start + sleep 2 } else { # Start the sserver spawn $T_INETD [expr 8 + $portbase] $SSERVER sserver -S $tmppwd/srvtab @@ -54,11 +57,13 @@ set sserver_spawn_id $spawn_id verbose "sserver_spawn (t_inetd) is $sserver_spawn_id" 1 + + expect { + -ex "Ready!" { } + eof { error "couldn't start t_inetd helper" } + } } - # Give sserver some time to start - sleep 2 - return 1 } @@ -171,17 +176,19 @@ return } - if ![start_sserver_daemon 0 ] { - return - } + run_once sample_standalone { + if ![start_sserver_daemon 0 ] { + return + } - if ![test_sclient sclient] { - return - } + if ![test_sclient sclient] { + return + } - pass "sample - standalone" + pass "sample - standalone" - stop_check_sserver_daemon + stop_check_sserver_daemon + } if ![start_sserver_daemon 1 ] { return Modified: branches/krb5-1-7/src/tests/dejagnu/t_inetd.c =================================================================== --- branches/krb5-1-7/src/tests/dejagnu/t_inetd.c 2009-02-13 22:23:24 UTC (rev 22005) +++ branches/krb5-1-7/src/tests/dejagnu/t_inetd.c 2009-02-17 16:10:11 UTC (rev 22006) @@ -110,6 +110,7 @@ exit(3); } + printf("Ready!\n"); if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) { com_err(progname, errno, "accepting"); From tlyu at MIT.EDU Tue Feb 17 11:10:21 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 17 Feb 2009 11:10:21 -0500 Subject: svn rev #22007: branches/krb5-1-7/src/kdc/ Message-ID: <200902171610.n1HGALo6023577@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22007 Commit By: tlyu Log Message: ticket: 6356 version_fixed: 1.7 pull up r21860 from trunk ------------------------------------------------------------------------ r21860 | raeburn | 2009-02-02 11:54:38 -0500 (Mon, 02 Feb 2009) | 7 lines Changed paths: M /trunk/src/kdc/main.c ticket: 6356 subject: small storage leak in KDC startup target_version: 1.7 tags: pullup Remove duplicate strdup call. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/kdc/main.c Modified: branches/krb5-1-7/src/kdc/main.c =================================================================== --- branches/krb5-1-7/src/kdc/main.c 2009-02-17 16:10:11 UTC (rev 22006) +++ branches/krb5-1-7/src/kdc/main.c 2009-02-17 16:10:21 UTC (rev 22007) @@ -585,7 +585,6 @@ } } if (default_tcp_ports == 0) { - default_tcp_ports = strdup(DEFAULT_KDC_TCP_PORTLIST); default_tcp_ports = strdup(DEFAULT_KDC_TCP_PORTLIST); if (default_tcp_ports == 0) { fprintf(stderr," KDC cannot initialize. Not enough memory\n"); From tlyu at MIT.EDU Tue Feb 17 11:10:53 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 17 Feb 2009 11:10:53 -0500 Subject: svn rev #22008: branches/krb5-1-7/src/ kadmin/testing/scripts/ lib/kadm5/unit-test/api.0/ ... Message-ID: <200902171610.n1HGAr6G023630@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22008 Commit By: tlyu Log Message: ticket: 6357 version_fixed: 1.7 status: resolved pull up r21865, r21866 from trunk ------------------------------------------------------------------------ r21866 | raeburn | 2009-02-02 13:42:06 -0500 (Mon, 02 Feb 2009) | 8 lines Changed paths: M /trunk/src/lib/kadm5/unit-test/api.0/mod-principal.exp M /trunk/src/lib/kadm5/unit-test/api.2/mod-principal.exp ticket: 6357 subject: address lib/kadm5 test suite slowness target_version: 1.7 In mod-principal tests for clearing the principal's policy, instead of just testing to see if the wrong string is output and timing out looking for it, check also for the new expected value. Cuts test suite run time by about two minutes for each pass (client vs server). ------------------------------------------------------------------------ r21865 | raeburn | 2009-02-02 13:29:28 -0500 (Mon, 02 Feb 2009) | 1 line Changed paths: M /trunk/src/kadmin/testing/scripts/start_servers_local don't delay so long while waiting for daemon startup ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/kadmin/testing/scripts/start_servers_local U branches/krb5-1-7/src/lib/kadm5/unit-test/api.0/mod-principal.exp U branches/krb5-1-7/src/lib/kadm5/unit-test/api.2/mod-principal.exp Modified: branches/krb5-1-7/src/kadmin/testing/scripts/start_servers_local =================================================================== --- branches/krb5-1-7/src/kadmin/testing/scripts/start_servers_local 2009-02-17 16:10:21 UTC (rev 22007) +++ branches/krb5-1-7/src/kadmin/testing/scripts/start_servers_local 2009-02-17 16:10:53 UTC (rev 22008) @@ -132,7 +132,7 @@ (trap "" 2; cd $TOP/../kdc; ./krb5kdc $kdc_args; touch $kdc_start_file) \ < /dev/null > $usrtmp/kdc-log.$USER 2>&1 & -s=10 +s=1 max_s=60 sofar_s=0 timewait_s=300 @@ -140,7 +140,7 @@ while true; do rm -f $adm_start_file - (sleep 5; cd $TOP/server; ./kadmind $ovadm_args; \ + (sleep 1; cd $TOP/server; ./kadmind $ovadm_args; \ touch $adm_start_file) < /dev/null > $usrtmp/kadm-log.$USER 2>&1 & # wait until they start Modified: branches/krb5-1-7/src/lib/kadm5/unit-test/api.0/mod-principal.exp =================================================================== --- branches/krb5-1-7/src/lib/kadm5/unit-test/api.0/mod-principal.exp 2009-02-17 16:10:21 UTC (rev 22007) +++ branches/krb5-1-7/src/lib/kadm5/unit-test/api.0/mod-principal.exp 2009-02-17 16:10:53 UTC (rev 22008) @@ -598,6 +598,7 @@ send "lindex \$principal 10\n" expect { -re "test-pol\n$prompt$" { fail "$test" } + -re "null\n$prompt$" { pass "$test" } timeout { pass "$test" } } send "lindex \$p1 6\n" Modified: branches/krb5-1-7/src/lib/kadm5/unit-test/api.2/mod-principal.exp =================================================================== --- branches/krb5-1-7/src/lib/kadm5/unit-test/api.2/mod-principal.exp 2009-02-17 16:10:21 UTC (rev 22007) +++ branches/krb5-1-7/src/lib/kadm5/unit-test/api.2/mod-principal.exp 2009-02-17 16:10:53 UTC (rev 22008) @@ -598,6 +598,7 @@ send "lindex \$principal 10\n" expect { -re "test-pol\n$prompt$" { fail "$test" } + -re "null\n$prompt$" { pass "$test" } timeout { pass "$test" } } send "lindex \$p1 6\n" From tlyu at MIT.EDU Tue Feb 17 11:11:49 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Tue, 17 Feb 2009 11:11:49 -0500 Subject: svn rev #22009: branches/krb5-1-7/src/kadmin/ passwd/unit-test/kpasswd.0/ testing/scripts/ Message-ID: <200902171611.n1HGBnnD023742@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22009 Commit By: tlyu Log Message: ticket: 6358 version_fixed: 1.7 status: resolved pull up r21867, r21868 from trunk ------------------------------------------------------------------------ r21868 | raeburn | 2009-02-02 15:37:41 -0500 (Mon, 02 Feb 2009) | 6 lines Changed paths: M /trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp M /trunk/src/kadmin/testing/scripts/init_db ticket: 6358 Revise last change to better resemble the original test, keeping the min-lifetime test code collected together. Change policy to have a minimum password lifetime of 10s instead of 30s, and reduce the test delays accordingly. ------------------------------------------------------------------------ r21867 | raeburn | 2009-02-02 14:29:52 -0500 (Mon, 02 Feb 2009) | 10 lines Changed paths: M /trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp ticket: 6358 subject: speed up kpasswd tests Reorder some tests and tune delays, so that we don't need to run for much more than twice the min-password-life interval when testing that functionality. (This could be made faster if we can assume that init_db will always have been run immediately before the tests start.) In my tests, this cuts something like 11 seconds off the run time (now down to about 65 seconds). ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp U branches/krb5-1-7/src/kadmin/testing/scripts/init_db Modified: branches/krb5-1-7/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp =================================================================== --- branches/krb5-1-7/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp 2009-02-17 16:10:53 UTC (rev 22008) +++ branches/krb5-1-7/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp 2009-02-17 16:11:49 UTC (rev 22009) @@ -12,6 +12,8 @@ # Here are the tests # +set pol2_time [timestamp] + test_3pass {test2} {D.5: different new passwords} test2 test2 test2 foobar \ 4 {New passwords do not match - password not changed.} @@ -89,8 +91,13 @@ test_win {pol1} {successful change} pol1 polBBBBBB polCCCCCC test_win {pol1} {successful change} pol1 polCCCCCC pol111111 -verbose "(sleeping 30 seconds)" -catch "exec sleep 30" +# Under "make check", init_db will just have been run and we could +# jump right into the too-soon test. But if someone is working with +# the test suite manually, init_db may have been run a while ago. +# So, force some known state, first. +set delay [expr $pol2_time + 11 - [timestamp]] +verbose "(sleeping $delay seconds so pol2 password can be changed)" +sleep $delay test_win {pol2} {successful change} pol2 pol222222 polbbbbbb @@ -98,8 +105,9 @@ polbbbbbb pol222222 pol222222 \ 4 {Password cannot be changed because it was changed too recently. Please wait until .*[12][0-9][0-9][0-9] before you change it. If you need to change your password before then, contact your system security administrator.} -verbose "(sleeping 30 seconds)" -catch "exec sleep 30" +# Now delay a little longer (if needed) and try changing pol2's +# password again. +verbose "(sleeping 10 seconds)" +sleep 10 test_win {pol2} {password min life passed} pol2 polbbbbbb pol222222 - Modified: branches/krb5-1-7/src/kadmin/testing/scripts/init_db =================================================================== --- branches/krb5-1-7/src/kadmin/testing/scripts/init_db 2009-02-17 16:10:53 UTC (rev 22008) +++ branches/krb5-1-7/src/kadmin/testing/scripts/init_db 2009-02-17 16:11:49 UTC (rev 22009) @@ -106,7 +106,7 @@ {ovsec_kadm_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \ {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LENGTH OVSEC_KADM_PW_MIN_CLASSES OVSEC_KADM_PW_MAX_LIFE OVSEC_KADM_PW_HISTORY_NUM}} - {ovsec_kadm_create_policy $server_handle "once-a-min 30 0 0 0 0 0" \ + {ovsec_kadm_create_policy $server_handle "once-a-min 10 0 0 0 0 0" \ {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LIFE}} {ovsec_kadm_create_policy $server_handle "dict-only 0 0 0 0 0 0" \ {OVSEC_KADM_POLICY}} From ghudson at MIT.EDU Tue Feb 17 12:09:36 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Tue, 17 Feb 2009 12:09:36 -0500 Subject: svn rev #22010: trunk/src/lib/krb5/os/ Message-ID: <200902171709.n1HH9aYp027266@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22010 Commit By: ghudson Log Message: In krb5_kuserok, just try opening .k5login; don't check ahead of time whether it looks accessible. Also rewrite the construction of the .k5login filename to use snprintf instead of strnpy/strncat. Changed Files: U trunk/src/lib/krb5/os/kuserok.c Modified: trunk/src/lib/krb5/os/kuserok.c =================================================================== --- trunk/src/lib/krb5/os/kuserok.c 2009-02-17 16:11:49 UTC (rev 22009) +++ trunk/src/lib/krb5/os/kuserok.c 2009-02-17 17:09:35 UTC (rev 22010) @@ -79,22 +79,24 @@ char linebuf[BUFSIZ]; char *newline; int gobble; + char pwbuf[BUFSIZ]; + struct passwd pwx; + int result; /* no account => no access */ - char pwbuf[BUFSIZ]; - struct passwd pwx; if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0) return(FALSE); - (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1); - pbuf[sizeof(pbuf) - 1] = '\0'; - (void) strncat(pbuf, "/.k5login", sizeof(pbuf) - 1 - strlen(pbuf)); + result = snprintf(pbuf, sizeof(pbuf), "%s/.k5login", pwd->pw_dir); + if (SNPRINTF_OVERFLOW(result, sizeof(pbuf))) + return(FALSE); - if (access(pbuf, F_OK)) { /* not accessible */ + fp = fopen(pbuf, "r"); + if (!fp) { /* - * if he's trying to log in as himself, and there is no .k5login file, - * let him. To find out, call + * If he's trying to log in as himself, and there is no + * readable .k5login file, let him. To find out, call * krb5_aname_to_localname to convert the principal to a name - * which we can string compare. + * which we can string compare. */ if (!(krb5_aname_to_localname(context, principal, sizeof(kuser), kuser)) From ghudson at MIT.EDU Tue Feb 17 12:32:19 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Tue, 17 Feb 2009 12:32:19 -0500 Subject: svn rev #22011: trunk/src/lib/krb5/os/ Message-ID: <200902171732.n1HHWJlr028699@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22011 Commit By: ghudson Log Message: Revert the fopen part of the previous krb5_kuserok change, but keep the string-handling change. It introduced an unwanted behavior change when .k5login was detectable but unreadable. Changed Files: U trunk/src/lib/krb5/os/kuserok.c Modified: trunk/src/lib/krb5/os/kuserok.c =================================================================== --- trunk/src/lib/krb5/os/kuserok.c 2009-02-17 17:09:35 UTC (rev 22010) +++ trunk/src/lib/krb5/os/kuserok.c 2009-02-17 17:32:19 UTC (rev 22011) @@ -90,13 +90,12 @@ if (SNPRINTF_OVERFLOW(result, sizeof(pbuf))) return(FALSE); - fp = fopen(pbuf, "r"); - if (!fp) { + if (access(pbuf, F_OK)) { /* not accessible */ /* - * If he's trying to log in as himself, and there is no - * readable .k5login file, let him. To find out, call + * if he's trying to log in as himself, and there is no .k5login file, + * let him. To find out, call * krb5_aname_to_localname to convert the principal to a name - * which we can string compare. + * which we can string compare. */ if (!(krb5_aname_to_localname(context, principal, sizeof(kuser), kuser)) From tlyu at MIT.EDU Wed Feb 18 13:14:50 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 13:14:50 -0500 Subject: svn rev #22013: branches/krb5-1-7/src/ include/ kdc/ lib/kadm5/ lib/kdb/ lib/krb5/krb/ ... Message-ID: <200902181814.n1IIEoKN021343@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22013 Commit By: tlyu Log Message: ticket: 6397 status: resolved version_fixed: 1.7 pull up r21871, r21872, r21873, r21879, r21880 from trunk ------------------------------------------------------------------------ r21880 | ghudson | 2009-02-04 14:15:13 -0500 (Wed, 04 Feb 2009) | 3 lines Changed paths: M /trunk/src/plugins/preauth/pkinit/pkinit_clnt.c M /trunk/src/plugins/preauth/pkinit/pkinit_matching.c M /trunk/src/plugins/preauth/pkinit/pkinit_srv.c Include k5-int.h in several pkinit source files, in order to define the KRB5_CONFIG symbols now used by those files. ------------------------------------------------------------------------ r21879 | tsitkova | 2009-02-04 12:08:44 -0500 (Wed, 04 Feb 2009) | 2 lines Changed paths: M /trunk/src/include/k5-int.h M /trunk/src/kdc/do_tgs_req.c M /trunk/src/kdc/main.c M /trunk/src/lib/kadm5/alt_prof.c M /trunk/src/lib/kdb/kdb5.c M /trunk/src/lib/krb5/krb/conv_princ.c M /trunk/src/lib/krb5/krb/get_in_tkt.c M /trunk/src/lib/krb5/krb/init_ctx.c M /trunk/src/lib/krb5/krb/vfy_increds.c M /trunk/src/lib/krb5/os/an_to_ln.c M /trunk/src/lib/krb5/os/def_realm.c M /trunk/src/lib/krb5/os/get_krbhst.c M /trunk/src/lib/krb5/os/hst_realm.c M /trunk/src/lib/krb5/os/ktdefname.c M /trunk/src/lib/krb5/os/localaddr.c M /trunk/src/lib/krb5/os/locate_kdc.c M /trunk/src/lib/krb5/os/realm_dom.c M /trunk/src/lib/krb5/os/sendto_kdc.c M /trunk/src/lib/krb5/os/sn2princ.c M /trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c M /trunk/src/plugins/preauth/pkinit/pkinit_clnt.c M /trunk/src/plugins/preauth/pkinit/pkinit_matching.c M /trunk/src/plugins/preauth/pkinit/pkinit_profile.c M /trunk/src/plugins/preauth/pkinit/pkinit_srv.c Use macros for config parameters. ------------------------------------------------------------------------ r21873 | ghudson | 2009-02-02 16:55:13 -0500 (Mon, 02 Feb 2009) | 3 lines Changed paths: M /trunk/src/include/k5-int.h Fix a whitespace error introduced when fixing a typo in the defines added to k5-int.h. ------------------------------------------------------------------------ r21872 | ghudson | 2009-02-02 16:53:16 -0500 (Mon, 02 Feb 2009) | 2 lines Changed paths: M /trunk/src/include/k5-int.h Fix a typo in the defines added to k5-int.h. ------------------------------------------------------------------------ r21871 | tsitkova | 2009-02-02 16:34:19 -0500 (Mon, 02 Feb 2009) | 2 lines Changed paths: M /trunk/src/include/k5-int.h Introduces macros for config parameters. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/include/k5-int.h U branches/krb5-1-7/src/kdc/do_tgs_req.c U branches/krb5-1-7/src/kdc/main.c U branches/krb5-1-7/src/lib/kadm5/alt_prof.c U branches/krb5-1-7/src/lib/kdb/kdb5.c U branches/krb5-1-7/src/lib/krb5/krb/conv_princ.c U branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c U branches/krb5-1-7/src/lib/krb5/krb/init_ctx.c U branches/krb5-1-7/src/lib/krb5/krb/vfy_increds.c U branches/krb5-1-7/src/lib/krb5/os/an_to_ln.c U branches/krb5-1-7/src/lib/krb5/os/def_realm.c U branches/krb5-1-7/src/lib/krb5/os/get_krbhst.c U branches/krb5-1-7/src/lib/krb5/os/hst_realm.c U branches/krb5-1-7/src/lib/krb5/os/ktdefname.c U branches/krb5-1-7/src/lib/krb5/os/localaddr.c U branches/krb5-1-7/src/lib/krb5/os/locate_kdc.c U branches/krb5-1-7/src/lib/krb5/os/realm_dom.c U branches/krb5-1-7/src/lib/krb5/os/sendto_kdc.c U branches/krb5-1-7/src/lib/krb5/os/sn2princ.c U branches/krb5-1-7/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c U branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_clnt.c U branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_matching.c U branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_profile.c U branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_srv.c Modified: branches/krb5-1-7/src/include/k5-int.h =================================================================== --- branches/krb5-1-7/src/include/k5-int.h 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/include/k5-int.h 2009-02-18 18:14:48 UTC (rev 22013) @@ -179,6 +179,100 @@ /* Get string buffer support. */ #include "k5-buf.h" +/* cofiguration variables */ +#define KRB5_CONF_ACL_FILE "acl_file" +#define KRB5_CONF_ADMIN_KEYTAB "admin_keytab" +#define KRB5_CONF_ADMIN_SERVER "admin_server" +#define KRB5_CONF_ALLOW_WEAK_CRYPTO "allow_weak_crypto" +#define KRB5_CONF_AP_REQ_CHECKSUM_TYPE "ap_req_checksum_type" +#define KRB5_CONF_AUTH_TO_LOCAL "auth_to_local" +#define KRB5_CONF_AUTH_TO_LOCAL_NAMES "auth_to_local_names" +#define KRB5_CONF_CANONICALIZE "canonicalize" +#define KRB5_CONF_CCACHE_TYPE "ccache_type" +#define KRB5_CONF_CLOCKSKEW "clockskew" +#define KRB5_CONF_DATABASE_NAME "database_name" +#define KRB5_CONF_DB_MODULE_DIR "db_module_dir" +#define KRB5_CONF_DB_MODULES "db_modules" +#define KRB5_CONF_DOMAIN_REALM "domain_realm" +#define KRB5_CONF_DEFAULT_REALM "default_realm" +#define KRB5_CONF_DEFAULT_DOMAIN "default_domain" +#define KRB5_CONF_DEFAULT_TKT_ENCTYPES "default_tkt_enctypes" +#define KRB5_CONF_DEFAULT_TGS_ENCTYPES "default_tgs_enctypes" +#define KRB5_CONF_DEFAULT_KEYTAB_NAME "default_keytab_name" +#define KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION "default_principal_expiration" +#define KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS "default_principal_flags" +#define KRB5_CONF_DICT_FILE "dict_file" +#define KRB5_CONF_DNS_LOOKUP_KDC "dns_lookup_kdc" +#define KRB5_CONF_DNS_LOOKUP_REALM "dns_lookup_realm" +#define KRB5_CONF_DNS_FALLBACK "dns_fallback" +#define KRB5_CONF_EXTRA_ADDRESSES "extra_addresses" +#define KRB5_CONF_FORWARDABLE "forwardable" +#define KRB5_CONF_HOST_BASED_SERVICES "host_based_services" +#define KRB5_CONF_IPROP_ENABLE "iprop_enable" +#define KRB5_CONF_IPROP_MASTER_ULOGSIZE "iprop_master_ulogsize" +#define KRB5_CONF_IPROP_PORT "iprop_port" +#define KRB5_CONF_IPROP_SLAVE_POLL "iprop_slave_poll" +#define KRB5_CONF_IPROP_LOGFILE "iprop_logfile" +#define KRB5_CONF_KADMIND_PORT "kadmind_port" +#define KRB5_CONF_KRB524_SERVER "krb524_server" +#define KRB5_CONF_KDC "kdc" +#define KRB5_CONF_KDCDEFAULTS "kdcdefaults" +#define KRB5_CONF_KDC_PORTS "kdc_ports" +#define KRB5_CONF_KDC_TCP_PORTS "kdc_tcp_ports" +#define KRB5_CONF_MAX_DGRAM_REPLY_SIZE "kdc_max_dgram_reply_size" +#define KRB5_CONF_KDC_DEFAULT_OPTIONS "kdc_default_options" +#define KRB5_CONF_KDC_TIMESYNC "kdc_timesync" +#define KRB5_CONF_KDC_REQ_CHECKSUM_TYPE "kdc_req_checksum_type" +#define KRB5_CONF_KEY_STASH_FILE "key_stash_file" +#define KRB5_CONF_KPASSWD_PORT "kpasswd_port" +#define KRB5_CONF_KPASSWD_SERVER "kpasswd_server" +#define KRB5_CONF_LIBDEFAULTS "libdefaults" +#define KRB5_CONF_LDAP_KDC_DN "ldap_kdc_dn" +#define KRB5_CONF_LDAP_KADMIN_DN "ldap_kadmind_dn" +#define KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE "ldap_service_password_file" +#define KRB5_CONF_LDAP_ROOT_CERTIFICATE_FILE "ldap_root_certificate_file" +#define KRB5_CONF_LDAP_SERVERS "ldap_servers" +#define KRB5_CONF_LDAP_CONNS_PER_SERVER "ldap_conns_per_server" +#define KRB5_CONF_NO_HOST_REFERRAL "no_host_referral" +#define KRB5_CONF_MASTER_KEY_NAME "master_key_name" +#define KRB5_CONF_MASTER_KEY_TYPE "master_key_type" +#define KRB5_CONF_MASTER_KDC "master_kdc" +#define KRB5_CONF_MAX_LIFE "max_life" +#define KRB5_CONF_MAX_RENEWABLE_LIFE "max_renewable_life" +#define KRB5_CONF_NOADDRESSES "noaddresses" +#define KRB5_CONF_PERMITTED_ENCTYPES "permitted_enctypes" +#define KRB5_CONF_PKINIT_ALLOW_UPN "pkinit_allow_upn" +#define KRB5_CONF_PKINIT_ANCHORS "pkinit_anchors" +#define KRB5_CONF_PKINIT_CERT_MATCH "pkinit_cert_match" +#define KRB5_CONF_PKINIT_DH_MIN_BITS "pkinit_dh_min_bits" +#define KRB5_CONF_PKINIT_EKU_CHECKING "pkinit_eku_checking" +#define KRB5_CONF_PKINIT_IDENTITY "pkinit_identity" +#define KRB5_CONF_PKINIT_IDENTITIES "pkinit_identities" +#define KRB5_CONF_PKINIT_KDC_HOSTNAME "pkinit_kdc_hostname" +#define KRB5_CONF_PKINIT_KDC_OCSP "pkinit_kdc_ocsp" +#define KRB5_CONF_PKINIT_LONGHORN "pkinit_longhorn" +#define KRB5_CONF_PKINIT_MAPPING_FILE "pkinit_mappings_file" +#define KRB5_CONF_PKINIT_POOL "pkinit_pool" +#define KRB5_CONF_PKINIT_REVOKE "pkinit_revoke" +#define KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING "pkinit_require_crl_checking" +#define KRB5_CONF_PKINIT_WIN2K "pkinit_win2k" +#define KRB5_CONF_PKINIT_WIN2K_REQUIRE_BINDING "pkinit_win2k_require_binding" +#define KRB5_CONF_PREFERRED_PREAUTH_TYPES "preferred_preauth_types" +#define KRB5_CONF_PROXIABLE "proxiable" +#define KRB5_CONF_RDNS "rdns" +#define KRB5_CONF_REALMS "realms" +#define KRB5_CONF_REALM_TRY_DOMAINS "realm_try_domains" +#define KRB5_CONF_REJECT_BAD_TRANSIT "reject_bad_transit" +#define KRB5_CONF_RENEW_LIFETIME "renew_lifetime" +#define KRB5_CONF_SAFE_CHECKSUM_TYPE "safe_checksum_type" +#define KRB5_CONF_SUPPORTED_ENCTYPES "supported_enctypes" +#define KRB5_CONF_TICKET_LIFETIME "ticket_lifetime" +#define KRB5_CONF_UDP_PREFERENCE_LIMIT "udp_preference_limit" +#define KRB5_CONF_VERIFY_AP_REQ_NOFAIL "verify_ap_req_nofail" +#define KRB5_CONF_V4_INSTANCE_CONVERT "v4_instance_convert" +#define KRB5_CONF_V4_REALM "v4_realm" +#define KRB5_CONF_ASTERISK "*" + /* Error codes used in KRB_ERROR protocol messages. Return values of library routines are based on a different error table (which allows non-ambiguous error codes between subsystems) */ Modified: branches/krb5-1-7/src/kdc/do_tgs_req.c =================================================================== --- branches/krb5-1-7/src/kdc/do_tgs_req.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/kdc/do_tgs_req.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -1105,9 +1105,9 @@ (krb5_princ_type(kdc_context, request->server) == KRB5_NT_UNKNOWN && kdc_active_realm->realm_host_based_services != NULL && (krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, comp1_str) == TRUE || - krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, "*") == TRUE))) && + krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE))) && (kdc_active_realm->realm_no_host_referral == NULL || - (krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, "*") == FALSE && + (krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, KRB5_CONF_ASTERISK) == FALSE && krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, comp1_str) == FALSE))) { for (len=0; len < comp2->length; len++) { Modified: branches/krb5-1-7/src/kdc/main.c =================================================================== --- branches/krb5-1-7/src/kdc/main.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/kdc/main.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -176,14 +176,14 @@ { krb5_error_code retval = 0; - if (no_refrls && krb5_match_config_pattern(no_refrls, "*") == TRUE) { - rdp->realm_no_host_referral = strdup("*"); + if (no_refrls && krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == TRUE) { + rdp->realm_no_host_referral = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_no_host_referral) retval = ENOMEM; } else { if (rparams && rparams->realm_no_host_referral) { - if (krb5_match_config_pattern(rparams->realm_no_host_referral, "*") == TRUE) { - rdp->realm_no_host_referral = strdup("*"); + if (krb5_match_config_pattern(rparams->realm_no_host_referral, KRB5_CONF_ASTERISK) == TRUE) { + rdp->realm_no_host_referral = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_no_host_referral) retval = ENOMEM; } else if (no_refrls && (asprintf(&(rdp->realm_no_host_referral), "%s%s%s%s%s", @@ -198,19 +198,19 @@ rdp->realm_no_host_referral = NULL; } - if (rdp->realm_no_host_referral && krb5_match_config_pattern(rdp->realm_no_host_referral, "*") == TRUE) { + if (rdp->realm_no_host_referral && krb5_match_config_pattern(rdp->realm_no_host_referral, KRB5_CONF_ASTERISK) == TRUE) { rdp->realm_host_based_services = NULL; return 0; } - if (host_based_srvcs && (krb5_match_config_pattern(host_based_srvcs, "*") == TRUE)) { - rdp->realm_host_based_services = strdup("*"); + if (host_based_srvcs && (krb5_match_config_pattern(host_based_srvcs, KRB5_CONF_ASTERISK) == TRUE)) { + rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_host_based_services) retval = ENOMEM; } else { if (rparams && rparams->realm_host_based_services) { - if (krb5_match_config_pattern(rparams->realm_host_based_services, "*") == TRUE) { - rdp->realm_host_based_services = strdup("*"); + if (krb5_match_config_pattern(rparams->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE) { + rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_host_based_services) retval = ENOMEM; } else if (host_based_srvcs && asprintf(&(rdp->realm_host_based_services), "%s%s%s%s%s", @@ -552,22 +552,22 @@ extern char *optarg; if (!krb5_aprof_init(DEFAULT_KDC_PROFILE, KDC_PROFILE_ENV, &aprof)) { - hierarchy[0] = "kdcdefaults"; - hierarchy[1] = "kdc_ports"; + hierarchy[0] = KRB5_CONF_KDCDEFAULTS; + hierarchy[1] = KRB5_CONF_KDC_PORTS; hierarchy[2] = (char *) NULL; if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_udp_ports)) default_udp_ports = 0; - hierarchy[1] = "kdc_tcp_ports"; + hierarchy[1] = KRB5_CONF_KDC_TCP_PORTS; if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_tcp_ports)) default_tcp_ports = 0; - hierarchy[1] = "kdc_max_dgram_reply_size"; + hierarchy[1] = KRB5_CONF_MAX_DGRAM_REPLY_SIZE; if (krb5_aprof_get_int32(aprof, hierarchy, TRUE, &max_dgram_reply_size)) max_dgram_reply_size = MAX_DGRAM_SIZE; - hierarchy[1] = "no_host_referral"; + hierarchy[1] = KRB5_CONF_NO_HOST_REFERRAL; if (krb5_aprof_get_string_all(aprof, hierarchy, &no_refrls)) no_refrls = 0; - if (!no_refrls || krb5_match_config_pattern(no_refrls, "*") == FALSE) { - hierarchy[1] = "host_based_services"; + if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) { + hierarchy[1] = KRB5_CONF_HOST_BASED_SERVICES; if (krb5_aprof_get_string_all(aprof, hierarchy, &host_based_srvcs)) host_based_srvcs = 0; } Modified: branches/krb5-1-7/src/lib/kadm5/alt_prof.c =================================================================== --- branches/krb5-1-7/src/lib/kadm5/alt_prof.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/kadm5/alt_prof.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -566,7 +566,7 @@ goto cleanup; /* Initialize realm parameters */ - hierarchy[0] = "realms"; + hierarchy[0] = KRB5_CONF_REALMS; hierarchy[1] = lrealm; hierarchy[3] = (char *) NULL; @@ -576,7 +576,7 @@ aprofile, hierarchy, CONFTAG, DEFAULT) /* Get the value for the admin server */ - GET_STRING_PARAM(admin_server, KADM5_CONFIG_ADMIN_SERVER, "admin_server", + GET_STRING_PARAM(admin_server, KADM5_CONFIG_ADMIN_SERVER, KRB5_CONF_ADMIN_SERVER, NULL); if (params.mask & KADM5_CONFIG_ADMIN_SERVER) { @@ -590,7 +590,7 @@ } /* Get the value for the database */ - GET_STRING_PARAM(dbname, KADM5_CONFIG_DBNAME, "database_name", + GET_STRING_PARAM(dbname, KADM5_CONFIG_DBNAME, KRB5_CONF_DATABASE_NAME, DEFAULT_KDB_FILE); params.admin_dbname_was_here = NULL; @@ -599,7 +599,7 @@ /* Get the value for the admin (policy) database lock file*/ if (!GET_STRING_PARAM(admin_keytab, KADM5_CONFIG_ADMIN_KEYTAB, - "admin_keytab", NULL)) { + KRB5_CONF_ADMIN_KEYTAB, NULL)) { const char *s = getenv("KRB5_KTNAME"); if (s == NULL) s = DEFAULT_KADM5_KEYTAB; @@ -609,11 +609,11 @@ } /* Get the name of the acl file */ - GET_STRING_PARAM(acl_file, KADM5_CONFIG_ACL_FILE, "acl_file", + GET_STRING_PARAM(acl_file, KADM5_CONFIG_ACL_FILE, KRB5_CONF_ACL_FILE, DEFAULT_KADM5_ACL_FILE); /* Get the name of the dict file */ - GET_STRING_PARAM(dict_file, KADM5_CONFIG_DICT_FILE, "dict_file", NULL); + GET_STRING_PARAM(dict_file, KADM5_CONFIG_DICT_FILE, KRB5_CONF_DICT_FILE, NULL); #define GET_PORT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ get_port_param(¶ms.FIELD, params_in->FIELD, \ @@ -621,18 +621,18 @@ aprofile, hierarchy, CONFTAG, DEFAULT) /* Get the value for the kadmind port */ GET_PORT_PARAM(kadmind_port, KADM5_CONFIG_KADMIND_PORT, - "kadmind_port", DEFAULT_KADM5_PORT); + KRB5_CONF_KADMIND_PORT, DEFAULT_KADM5_PORT); /* Get the value for the kpasswd port */ GET_PORT_PARAM(kpasswd_port, KADM5_CONFIG_KPASSWD_PORT, - "kpasswd_port", DEFAULT_KPASSWD_PORT); + KRB5_CONF_KPASSWD_PORT, DEFAULT_KPASSWD_PORT); /* Get the value for the master key name */ GET_STRING_PARAM(mkey_name, KADM5_CONFIG_MKEY_NAME, - "master_key_name", NULL); + KRB5_CONF_MASTER_KEY_NAME, NULL); /* Get the value for the master key type */ - hierarchy[2] = "master_key_type"; + hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE; if (params_in->mask & KADM5_CONFIG_ENCTYPE) { params.mask |= KADM5_CONFIG_ENCTYPE; params.enctype = params_in->enctype; @@ -655,7 +655,7 @@ /* Get the value for the stashfile */ GET_STRING_PARAM(stash_file, KADM5_CONFIG_STASH_FILE, - "key_stash_file", NULL); + KRB5_CONF_KEY_STASH_FILE, NULL); /* Get the value for maximum ticket lifetime. */ #define GET_DELTAT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \ @@ -663,15 +663,15 @@ ¶ms.mask, params_in->mask, BIT, \ aprofile, hierarchy, CONFTAG, DEFAULT) - GET_DELTAT_PARAM(max_life, KADM5_CONFIG_MAX_LIFE, "max_life", + GET_DELTAT_PARAM(max_life, KADM5_CONFIG_MAX_LIFE, KRB5_CONF_MAX_LIFE, 24 * 60 * 60); /* 1 day */ /* Get the value for maximum renewable ticket lifetime. */ - GET_DELTAT_PARAM(max_rlife, KADM5_CONFIG_MAX_RLIFE, "max_renewable_life", + GET_DELTAT_PARAM(max_rlife, KADM5_CONFIG_MAX_RLIFE, KRB5_CONF_MAX_RENEWABLE_LIFE, 0); /* Get the value for the default principal expiration */ - hierarchy[2] = "default_principal_expiration"; + hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION; if (params_in->mask & KADM5_CONFIG_EXPIRATION) { params.mask |= KADM5_CONFIG_EXPIRATION; params.expiration = params_in->expiration; @@ -687,7 +687,7 @@ } /* Get the value for the default principal flags */ - hierarchy[2] = "default_principal_flags"; + hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS; if (params_in->mask & KADM5_CONFIG_FLAGS) { params.mask |= KADM5_CONFIG_FLAGS; params.flags = params_in->flags; @@ -729,7 +729,7 @@ } /* Get the value for the supported enctype/salttype matrix */ - hierarchy[2] = "supported_enctypes"; + hierarchy[2] = KRB5_CONF_SUPPORTED_ENCTYPES; if (params_in->mask & KADM5_CONFIG_ENCTYPES) { /* The following scenario is when the input keysalts are !NULL */ if(params_in->keysalts) { @@ -765,7 +765,7 @@ free(svalue); } - hierarchy[2] = "iprop_enable"; + hierarchy[2] = KRB5_CONF_IPROP_ENABLE; params.iprop_enabled = FALSE; params.mask |= KADM5_CONFIG_IPROP_ENABLED; @@ -783,7 +783,7 @@ } if (!GET_STRING_PARAM(iprop_logfile, KADM5_CONFIG_IPROP_LOGFILE, - "iprop_logfile", NULL)) { + KRB5_CONF_IPROP_LOGFILE, NULL)) { if (params.mask & KADM5_CONFIG_DBNAME) { if (asprintf(¶ms.iprop_logfile, "%s.ulog", params.dbname) >= 0) { params.mask |= KADM5_CONFIG_IPROP_LOGFILE; @@ -792,9 +792,9 @@ } GET_PORT_PARAM(iprop_port, KADM5_CONFIG_IPROP_PORT, - "iprop_port", 0); + KRB5_CONF_IPROP_PORT, 0); - hierarchy[2] = "iprop_master_ulogsize"; + hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE; params.iprop_ulogsize = DEF_ULOGENTRIES; params.mask |= KADM5_CONFIG_ULOG_SIZE; @@ -816,7 +816,7 @@ } GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME, - "iprop_slave_poll", 2 * 60); /* 2m */ + KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); /* 2m */ *params_out = params; @@ -955,40 +955,40 @@ memset((char *) rparams, 0, sizeof(krb5_realm_params)); /* Get the value for the database */ - hierarchy[0] = "realms"; + hierarchy[0] = KRB5_CONF_REALMS; hierarchy[1] = lrealm; - hierarchy[2] = "database_name"; + hierarchy[2] = KRB5_CONF_DATABASE_NAME; hierarchy[3] = (char *) NULL; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_dbname = svalue; /* Get the value for the KDC port list */ - hierarchy[2] = "kdc_ports"; + hierarchy[2] = KRB5_CONF_KDC_PORTS; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_kdc_ports = svalue; - hierarchy[2] = "kdc_tcp_ports"; + hierarchy[2] = KRB5_CONF_KDC_TCP_PORTS; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_kdc_tcp_ports = svalue; /* Get the name of the acl file */ - hierarchy[2] = "acl_file"; + hierarchy[2] = KRB5_CONF_ACL_FILE; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_acl_file = svalue; /* Get the value for the kadmind port */ - hierarchy[2] = "kadmind_port"; + hierarchy[2] = KRB5_CONF_KADMIND_PORT; if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) { rparams->realm_kadmind_port = ivalue; rparams->realm_kadmind_port_valid = 1; } /* Get the value for the master key name */ - hierarchy[2] = "master_key_name"; + hierarchy[2] = KRB5_CONF_MASTER_KEY_NAME; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_mkey_name = svalue; /* Get the value for the master key type */ - hierarchy[2] = "master_key_type"; + hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype)) rparams->realm_enctype_valid = 1; @@ -996,26 +996,26 @@ } /* Get the value for the stashfile */ - hierarchy[2] = "key_stash_file"; + hierarchy[2] = KRB5_CONF_KEY_STASH_FILE; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) rparams->realm_stash_file = svalue; /* Get the value for maximum ticket lifetime. */ - hierarchy[2] = "max_life"; + hierarchy[2] = KRB5_CONF_MAX_LIFE; if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { rparams->realm_max_life = dtvalue; rparams->realm_max_life_valid = 1; } /* Get the value for maximum renewable ticket lifetime. */ - hierarchy[2] = "max_renewable_life"; + hierarchy[2] = KRB5_CONF_MAX_RENEWABLE_LIFE; if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) { rparams->realm_max_rlife = dtvalue; rparams->realm_max_rlife_valid = 1; } /* Get the value for the default principal expiration */ - hierarchy[2] = "default_principal_expiration"; + hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { if (!krb5_string_to_timestamp(svalue, &rparams->realm_expiration)) @@ -1023,20 +1023,20 @@ free(svalue); } - hierarchy[2] = "reject_bad_transit"; + hierarchy[2] = KRB5_CONF_REJECT_BAD_TRANSIT; if (!krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) { rparams->realm_reject_bad_transit = bvalue; rparams->realm_reject_bad_transit_valid = 1; } - hierarchy[2] = "no_host_referral"; + hierarchy[2] = KRB5_CONF_NO_HOST_REFERRAL; if (!krb5_aprof_get_string_all(aprofile, hierarchy, &no_refrls)) rparams->realm_no_host_referral = no_refrls; else no_refrls = 0; - if (!no_refrls || krb5_match_config_pattern(no_refrls, "*") == FALSE) { - hierarchy[2] = "host_based_services"; + if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) { + hierarchy[2] = KRB5_CONF_HOST_BASED_SERVICES; if (!krb5_aprof_get_string_all(aprofile, hierarchy, &host_based_srvcs)) rparams->realm_host_based_services = host_based_srvcs; else @@ -1044,7 +1044,7 @@ } /* Get the value for the default principal flags */ - hierarchy[2] = "default_principal_flags"; + hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { char *sp, *ep, *tp; Modified: branches/krb5-1-7/src/lib/kdb/kdb5.c =================================================================== --- branches/krb5-1-7/src/lib/kdb/kdb5.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/kdb/kdb5.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -413,7 +413,7 @@ When it's static, it goes into ".picdata", which is read-write. */ static const char *const dbpath_names[] = { - KDB_MODULE_SECTION, "db_module_dir", NULL, + KDB_MODULE_SECTION, KRB5_CONF_DB_MODULE_DIR, NULL, }; const char *filebases[2]; char **profpath = NULL; Modified: branches/krb5-1-7/src/lib/krb5/krb/conv_princ.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/conv_princ.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/krb/conv_princ.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -220,8 +220,8 @@ if (context->profile == 0) return KRB5_CONFIG_CANTOPEN; - retval = profile_get_string(context->profile, "realms", - tmp_prealm, "v4_realm", 0, + retval = profile_get_string(context->profile, KRB5_CONF_REALMS, + tmp_prealm, KRB5_CONF_V4_REALM, 0, &tmp_realm); free(tmp_prealm); if (retval) { @@ -263,15 +263,15 @@ /* First, convert the realm, since the v4 realm is not necessarily the same as the v5 realm To do that, iterate over all the realms in the config file, looking for a matching v4_realm line */ - names2 [0] = "realms"; + names2 [0] = KRB5_CONF_REALMS; names2 [1] = NULL; retval = profile_iterator_create (context -> profile, names2, PROFILE_ITER_LIST_SECTION | PROFILE_ITER_SECTIONS_ONLY, &iterator); while (retval == 0) { retval = profile_iterator (&iterator, &realm_name, &dummy_value); if ((retval == 0) && (realm_name != NULL)) { - names [0] = "realms"; + names [0] = KRB5_CONF_REALMS; names [1] = realm_name; - names [2] = "v4_realm"; + names [2] = KRB5_CONF_V4_REALM; names [3] = NULL; retval = profile_get_values (context -> profile, names, &v4realms); @@ -314,9 +314,9 @@ } name = p->v5_str; if ((p->flags & DO_REALM_CONVERSION) && !strchr(instance, '.')) { - names[0] = "realms"; + names[0] = KRB5_CONF_REALMS; names[1] = realm; - names[2] = "v4_instance_convert"; + names[2] = KRB5_CONF_V4_INSTANCE_CONVERT; names[3] = instance; names[4] = 0; retval = profile_get_values(context->profile, names, &full_name); Modified: branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -800,7 +800,7 @@ profile = context->profile; - names[0] = "libdefaults"; + names[0] = KRB5_CONF_LIBDEFAULTS; /* * Try number one: @@ -887,7 +887,7 @@ return 0; } - ret = krb5_libdefault_string(context, realm, "preferred_preauth_types", + ret = krb5_libdefault_string(context, realm, KRB5_CONF_PREFERRED_PREAUTH_TYPES, &preauth_types); if ((ret != 0) || (preauth_types == NULL)) { /* Try to use PKINIT first. */ @@ -1022,7 +1022,7 @@ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)) tempint = options->forwardable; else if ((ret = krb5_libdefault_boolean(context, &client->realm, - "forwardable", &tempint)) == 0) + KRB5_CONF_FORWARDABLE, &tempint)) == 0) ; else tempint = 0; @@ -1034,7 +1034,7 @@ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)) tempint = options->proxiable; else if ((ret = krb5_libdefault_boolean(context, &client->realm, - "proxiable", &tempint)) == 0) + KRB5_CONF_PROXIABLE, &tempint)) == 0) ; else tempint = 0; @@ -1045,7 +1045,7 @@ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_CANONICALIZE)) tempint = 1; else if ((ret = krb5_libdefault_boolean(context, &client->realm, - "canonicalize", &tempint)) == 0) + KRB5_CONF_CANONICALIZE, &tempint)) == 0) ; else tempint = 0; @@ -1066,7 +1066,7 @@ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)) { tkt_life = options->tkt_life; } else if ((ret = krb5_libdefault_string(context, &client->realm, - "ticket_lifetime", &tempstr)) + KRB5_CONF_TICKET_LIFETIME, &tempstr)) == 0) { ret = krb5_string_to_deltat(tempstr, &tkt_life); free(tempstr); @@ -1084,7 +1084,7 @@ if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)) { renew_life = options->renew_life; } else if ((ret = krb5_libdefault_string(context, &client->realm, - "renew_lifetime", &tempstr)) + KRB5_CONF_RENEW_LIFETIME, &tempstr)) == 0) { ret = krb5_string_to_deltat(tempstr, &renew_life); free(tempstr); @@ -1178,7 +1178,7 @@ /* it would be nice if this parsed out an address list, but that would be work. */ else if (((ret = krb5_libdefault_boolean(context, &client->realm, - "noaddresses", &tempint)) != 0) + KRB5_CONF_NOADDRESSES, &tempint)) != 0) || (tempint == 1)) { ; } else { Modified: branches/krb5-1-7/src/lib/krb5/krb/init_ctx.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/init_ctx.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/krb/init_ctx.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -1,7 +1,7 @@ /* * lib/krb5/krb/init_ctx.c * - * Copyright 1994,1999,2000, 2002, 2003, 2007, 2008 by the Massachusetts Institute of Technology. + * Copyright 1994,1999,2000, 2002, 2003, 2007, 2008, 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -171,8 +171,8 @@ if ((retval = krb5_os_init_context(ctx, kdc))) goto cleanup; - retval = profile_get_boolean(ctx->profile, "libdefaults", - "allow_weak_crypto", NULL, 1, &tmp); + retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_ALLOW_WEAK_CRYPTO, NULL, 1, &tmp); if (retval) goto cleanup; ctx->allow_weak_crypto = tmp; @@ -189,41 +189,41 @@ goto cleanup; ctx->default_realm = 0; - profile_get_integer(ctx->profile, "libdefaults", "clockskew", + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CLOCKSKEW, 0, 5 * 60, &tmp); ctx->clockskew = tmp; #if 0 /* Default ticket lifetime is currently not supported */ - profile_get_integer(ctx->profile, "libdefaults", "tkt_lifetime", + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, "tkt_lifetime", 0, 10 * 60 * 60, &tmp); ctx->tkt_lifetime = tmp; #endif /* DCE 1.1 and below only support CKSUMTYPE_RSA_MD4 (2) */ /* DCE add kdc_req_checksum_type = 2 to krb5.conf */ - profile_get_integer(ctx->profile, "libdefaults", - "kdc_req_checksum_type", 0, CKSUMTYPE_RSA_MD5, + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_KDC_REQ_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5, &tmp); ctx->kdc_req_sumtype = tmp; - profile_get_integer(ctx->profile, "libdefaults", - "ap_req_checksum_type", 0, CKSUMTYPE_RSA_MD5, + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_AP_REQ_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5, &tmp); ctx->default_ap_req_sumtype = tmp; - profile_get_integer(ctx->profile, "libdefaults", - "safe_checksum_type", 0, + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_SAFE_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5_DES, &tmp); ctx->default_safe_sumtype = tmp; - profile_get_integer(ctx->profile, "libdefaults", - "kdc_default_options", 0, + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_KDC_DEFAULT_OPTIONS, 0, KDC_OPT_RENEWABLE_OK, &tmp); ctx->kdc_default_options = tmp; #define DEFAULT_KDC_TIMESYNC 1 - profile_get_integer(ctx->profile, "libdefaults", - "kdc_timesync", 0, DEFAULT_KDC_TIMESYNC, + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_KDC_TIMESYNC, 0, DEFAULT_KDC_TIMESYNC, &tmp); ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0; @@ -236,7 +236,7 @@ * DCE 1.1 supports a cache type of 2. */ #define DEFAULT_CCACHE_TYPE 4 - profile_get_integer(ctx->profile, "libdefaults", "ccache_type", + profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CCACHE_TYPE, 0, DEFAULT_CCACHE_TYPE, &tmp); ctx->fcc_default_format = tmp + 0x0500; ctx->prompt_types = 0; @@ -341,12 +341,12 @@ session key types. */ - char *retval; - char *sp, *ep; + char *retval = NULL; + char *sp = NULL, *ep = NULL; int i, j, count; krb5_error_code code; - code = profile_get_string(context->profile, "libdefaults", profstr, + code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, profstr, NULL, DEFAULT_ETYPE_LIST, &retval); if (code) return code; @@ -406,7 +406,7 @@ krb5_error_code krb5_get_default_in_tkt_ktypes(krb5_context context, krb5_enctype **ktypes) { - return(get_profile_etype_list(context, ktypes, "default_tkt_enctypes", + return(get_profile_etype_list(context, ktypes, KRB5_CONF_DEFAULT_TKT_ENCTYPES, context->in_tkt_ktype_count, context->in_tkt_ktypes)); } @@ -464,10 +464,10 @@ if (context->use_conf_ktypes) /* This one is set *only* by reading the config file; it's not set by the application. */ - return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes", + return(get_profile_etype_list(context, ktypes, KRB5_CONF_DEFAULT_TKT_ENCTYPES, 0, NULL)); else - return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes", + return(get_profile_etype_list(context, ktypes, KRB5_CONF_DEFAULT_TGS_ENCTYPES, context->tgs_ktype_count, context->tgs_ktypes)); } @@ -475,7 +475,7 @@ krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes(krb5_context context, krb5_enctype **ktypes) { - return(get_profile_etype_list(context, ktypes, "permitted_enctypes", + return(get_profile_etype_list(context, ktypes, KRB5_CONF_PERMITTED_ENCTYPES, context->tgs_ktype_count, context->tgs_ktypes)); } Modified: branches/krb5-1-7/src/lib/krb5/krb/vfy_increds.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/vfy_increds.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/krb/vfy_increds.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -115,7 +115,7 @@ goto cleanup; } else if (krb5_libdefault_boolean(context, &creds->client->realm, - "verify_ap_req_nofail", + KRB5_CONF_VERIFY_AP_REQ_NOFAIL, &nofail) == 0) { if (nofail) Modified: branches/krb5-1-7/src/lib/krb5/os/an_to_ln.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/os/an_to_ln.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/os/an_to_ln.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -703,9 +703,9 @@ * * [realms]->realm->"auth_to_local_names"->mapping_name */ - hierarchy[0] = "realms"; + hierarchy[0] = KRB5_CONF_REALMS; hierarchy[1] = realm; - hierarchy[2] = "auth_to_local_names"; + hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL_NAMES; hierarchy[3] = mname; hierarchy[4] = (char *) NULL; if (!(kret = profile_get_values(context->profile, @@ -747,9 +747,9 @@ * DEFAULT - Use default rule. * The first rule to find a match is used. */ - hierarchy[0] = "realms"; + hierarchy[0] = KRB5_CONF_REALMS; hierarchy[1] = realm; - hierarchy[2] = "auth_to_local"; + hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL; hierarchy[3] = (char *) NULL; if (!(kret = profile_get_values(context->profile, hierarchy, Modified: branches/krb5-1-7/src/lib/krb5/os/def_realm.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/os/def_realm.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/os/def_realm.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -84,8 +84,8 @@ */ context->default_realm = 0; if (context->profile != 0) { - retval = profile_get_string(context->profile, "libdefaults", - "default_realm", 0, 0, + retval = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_DEFAULT_REALM, 0, 0, &realm); if (!retval && realm) { @@ -210,7 +210,7 @@ realm = (char *)NULL; temp_realm = 0; while (cp ) { - retval = profile_get_string(context->profile, "domain_realm", cp, + retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp, 0, (char *)NULL, &temp_realm); if (retval) return retval; Modified: branches/krb5-1-7/src/lib/krb5/os/get_krbhst.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/os/get_krbhst.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/os/get_krbhst.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -68,9 +68,9 @@ rethosts = 0; - realm_kdc_names[0] = "realms"; + realm_kdc_names[0] = KRB5_CONF_REALMS; realm_kdc_names[1] = realm->data; - realm_kdc_names[2] = "kdc"; + realm_kdc_names[2] = KRB5_CONF_KDC; realm_kdc_names[3] = 0; if (context->profile == 0) Modified: branches/krb5-1-7/src/lib/krb5/os/hst_realm.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/os/hst_realm.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/os/hst_realm.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -234,7 +234,7 @@ #ifdef DEBUG_REFERRALS printf(" trying to look up %s in the domain_realm map\n",cp); #endif - retval = profile_get_string(context->profile, "domain_realm", cp, + retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp, 0, (char *)NULL, &temp_realm); if (retval) return retval; @@ -385,8 +385,8 @@ int limit; errcode_t code; - code = profile_get_integer(context->profile, "libdefaults", - "realm_try_domains", 0, -1, &limit); + code = profile_get_integer(context->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_REALM_TRY_DOMAINS, 0, -1, &limit); if (code == 0) { retval = domain_heuristic(context, local_host, &realm, limit); if (retval) Modified: branches/krb5-1-7/src/lib/krb5/os/ktdefname.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/os/ktdefname.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/os/ktdefname.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -51,8 +51,8 @@ if (strlcpy(name, cp, namesize) >= namesize) return KRB5_CONFIG_NOTENUFSPACE; } else if ((profile_get_string(context->profile, - "libdefaults", - "default_keytab_name", NULL, + KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_DEFAULT_KEYTAB_NAME, NULL, NULL, &retval) == 0) && retval) { if (strlcpy(name, retval, namesize) >= namesize) Modified: branches/krb5-1-7/src/lib/krb5/os/localaddr.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/os/localaddr.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/os/localaddr.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -1247,7 +1247,7 @@ { krb5_error_code err; static const char *const profile_name[] = { - "libdefaults", "extra_addresses", 0 + KRB5_CONF_LIBDEFAULTS, KRB5_CONF_EXTRA_ADDRESSES, 0 }; char **values; char **iter; Modified: branches/krb5-1-7/src/lib/krb5/os/locate_kdc.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/os/locate_kdc.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/os/locate_kdc.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -70,11 +70,11 @@ char * value = NULL; int use_dns = 0; - code = profile_get_string(context->profile, "libdefaults", + code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, name, 0, 0, &value); if (value == 0 && code == 0) - code = profile_get_string(context->profile, "libdefaults", - "dns_fallback", 0, 0, &value); + code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_DNS_FALLBACK, 0, 0, &value); if (code) return defalt; @@ -89,13 +89,13 @@ int _krb5_use_dns_kdc(krb5_context context) { - return maybe_use_dns (context, "dns_lookup_kdc", DEFAULT_LOOKUP_KDC); + return maybe_use_dns (context, KRB5_CONF_DNS_LOOKUP_KDC, DEFAULT_LOOKUP_KDC); } int _krb5_use_dns_realm(krb5_context context) { - return maybe_use_dns (context, "dns_lookup_realm", DEFAULT_LOOKUP_REALM); + return maybe_use_dns (context, KRB5_CONF_DNS_LOOKUP_REALM, DEFAULT_LOOKUP_REALM); } #endif /* KRB5_DNS_LOOKUP */ @@ -325,7 +325,7 @@ masterlist = NULL; - realm_srv_names[0] = "realms"; + realm_srv_names[0] = KRB5_CONF_REALMS; realm_srv_names[1] = host; realm_srv_names[2] = name; realm_srv_names[3] = 0; @@ -354,9 +354,9 @@ } if (get_masters) { - realm_srv_names[0] = "realms"; + realm_srv_names[0] = KRB5_CONF_REALMS; realm_srv_names[1] = host; - realm_srv_names[2] = "admin_server"; + realm_srv_names[2] = KRB5_CONF_ADMIN_SERVER; realm_srv_names[3] = 0; code = profile_get_values(context->profile, realm_srv_names, @@ -712,7 +712,7 @@ switch (svc) { case locate_service_kdc: - profname = "kdc"; + profname = KRB5_CONF_KDC; /* We used to use /etc/services for these, but enough systems have old, crufty, wrong settings that this is probably better. */ @@ -721,19 +721,19 @@ dflport2 = htons(KRB5_DEFAULT_SEC_PORT); break; case locate_service_master_kdc: - profname = "master_kdc"; + profname = KRB5_CONF_MASTER_KDC; goto kdc_ports; case locate_service_kadmin: - profname = "admin_server"; + profname = KRB5_CONF_ADMIN_SERVER; dflport1 = htons(DEFAULT_KADM5_PORT); break; case locate_service_krb524: - profname = "krb524_server"; + profname = KRB5_CONF_KRB524_SERVER; serv = getservbyname(KRB524_SERVICE, "udp"); dflport1 = serv ? serv->s_port : htons (KRB524_PORT); break; case locate_service_kpasswd: - profname = "kpasswd_server"; + profname = KRB5_CONF_KPASSWD_SERVER; dflport1 = htons(DEFAULT_KPASSWD_PORT); break; default: Modified: branches/krb5-1-7/src/lib/krb5/os/realm_dom.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/os/realm_dom.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/os/realm_dom.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -51,8 +51,8 @@ krb5_error_code retval; char *temp_domain = 0; - retval = profile_get_string(context->profile, "realms", realm, - "default_domain", realm, &temp_domain); + retval = profile_get_string(context->profile, KRB5_CONF_REALMS, realm, + KRB5_CONF_DEFAULT_DOMAIN, realm, &temp_domain); if (!retval && temp_domain) { *domain = strdup(temp_domain); Modified: branches/krb5-1-7/src/lib/krb5/os/sendto_kdc.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/os/sendto_kdc.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/os/sendto_kdc.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -377,7 +377,7 @@ if (!tcp_only && context->udp_pref_limit < 0) { int tmp; retval = profile_get_integer(context->profile, - "libdefaults", "udp_preference_limit", 0, + KRB5_CONF_LIBDEFAULTS, KRB5_CONF_UDP_PREFERENCE_LIMIT, 0, DEFAULT_UDP_PREF_LIMIT, &tmp); if (retval) return retval; Modified: branches/krb5-1-7/src/lib/krb5/os/sn2princ.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/os/sn2princ.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/lib/krb5/os/sn2princ.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -47,8 +47,8 @@ char * value = NULL; int use_rdns = 0; - code = profile_get_string(context->profile, "libdefaults", - "rdns", 0, 0, &value); + code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, + KRB5_CONF_RDNS, 0, 0, &value); if (code) return defalt; Modified: branches/krb5-1-7/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c =================================================================== --- branches/krb5-1-7/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -185,7 +185,7 @@ */ if (ldap_context->max_server_conns == 0) { st = prof_get_integer_def (context, conf_section, - "ldap_conns_per_server", + KRB5_CONF_LDAP_CONNS_PER_SERVER, DEFAULT_CONNS_PER_SERVER, &ldap_context->max_server_conns); if (st) @@ -208,9 +208,9 @@ if (ldap_context->bind_dn == NULL) { char *name = 0; if (srv_type == KRB5_KDB_SRV_TYPE_KDC) - name = "ldap_kdc_dn"; + name = KRB5_CONF_LDAP_KDC_DN; else if (srv_type == KRB5_KDB_SRV_TYPE_ADMIN) - name = "ldap_kadmind_dn"; + name = KRB5_CONF_LDAP_KADMIN_DN; else if (srv_type == KRB5_KDB_SRV_TYPE_PASSWD) name = "ldap_kpasswdd_dn"; @@ -229,7 +229,7 @@ */ if (ldap_context->service_password_file == NULL) { st = prof_get_string_def (context, conf_section, - "ldap_service_password_file", + KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE, &ldap_context->service_password_file); if (st) goto cleanup; @@ -243,7 +243,7 @@ */ if (ldap_context->root_certificate_file == NULL) { st = prof_get_string_def (context, conf_section, - "ldap_root_certificate_file", + KRB5_CONF_LDAP_ROOT_CERTIFICATE_FILE, &ldap_context->root_certificate_file); if (st) goto cleanup; @@ -268,7 +268,7 @@ } if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section, - "ldap_servers", NULL, &tempval)) != 0) { + KRB5_CONF_LDAP_SERVERS, NULL, &tempval)) != 0) { krb5_set_error_message (context, st, "Error reading 'ldap_servers' attribute"); goto cleanup; } Modified: branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_clnt.c =================================================================== --- branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_clnt.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_clnt.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -38,6 +38,7 @@ #include #include +#include "k5-int.h" #include "pkinit.h" #ifdef LONGHORN_BETA_COMPAT @@ -548,7 +549,7 @@ retval = pkinit_libdefault_strings(context, krb5_princ_realm(context, kdcprinc), - "pkinit_kdc_hostname", + KRB5_CONF_PKINIT_KDC_HOSTNAME, &cfghosts); if (retval || cfghosts == NULL) { pkiDebug("%s: No pkinit_kdc_hostname values found in config file\n", @@ -936,19 +937,19 @@ context, plgctx, reqctx, request); pkinit_libdefault_boolean(context, &request->server->realm, - "pkinit_win2k", + KRB5_CONF_PKINIT_WIN2K, reqctx->opts->win2k_target, &reqctx->opts->win2k_target); pkinit_libdefault_boolean(context, &request->server->realm, - "pkinit_win2k_require_binding", + KRB5_CONF_PKINIT_WIN2K_REQUIRE_BINDING, reqctx->opts->win2k_require_cksum, &reqctx->opts->win2k_require_cksum); pkinit_libdefault_boolean(context, &request->server->realm, - "pkinit_require_crl_checking", + KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING, reqctx->opts->require_crl_checking, &reqctx->opts->require_crl_checking); pkinit_libdefault_integer(context, &request->server->realm, - "pkinit_dh_min_bits", + KRB5_CONF_PKINIT_DH_MIN_BITS, reqctx->opts->dh_size, &reqctx->opts->dh_size); if (reqctx->opts->dh_size != 1024 && reqctx->opts->dh_size != 2048 @@ -959,7 +960,7 @@ reqctx->opts->dh_size = PKINIT_DEFAULT_DH_MIN_BITS; } pkinit_libdefault_string(context, &request->server->realm, - "pkinit_eku_checking", + KRB5_CONF_PKINIT_EKU_CHECKING, &eku_string); if (eku_string != NULL) { if (strcasecmp(eku_string, "kpKDC") == 0) { @@ -980,7 +981,7 @@ #ifdef LONGHORN_BETA_COMPAT /* Temporarily just set global flag from config file */ pkinit_libdefault_boolean(context, &request->server->realm, - "pkinit_longhorn", + KRB5_CONF_PKINIT_LONGHORN, 0, &longhorn); #endif @@ -988,16 +989,16 @@ /* Only process anchors here if they were not specified on command line */ if (reqctx->idopts->anchors == NULL) pkinit_libdefault_strings(context, &request->server->realm, - "pkinit_anchors", + KRB5_CONF_PKINIT_ANCHORS, &reqctx->idopts->anchors); pkinit_libdefault_strings(context, &request->server->realm, - "pkinit_pool", + KRB5_CONF_PKINIT_POOL, &reqctx->idopts->intermediates); pkinit_libdefault_strings(context, &request->server->realm, - "pkinit_revoke", + KRB5_CONF_PKINIT_REVOKE, &reqctx->idopts->crls); pkinit_libdefault_strings(context, &request->server->realm, - "pkinit_identities", + KRB5_CONF_PKINIT_IDENTITIES, &reqctx->idopts->identity_alt); } Modified: branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_matching.c =================================================================== --- branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_matching.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_matching.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -34,7 +34,7 @@ #include #include #include -#include +#include "k5-int.h" #include "pkinit.h" typedef struct _pkinit_cert_info pkinit_cert_info; @@ -746,7 +746,7 @@ /* If no matching rules, select the default cert and we're done */ pkinit_libdefault_strings(context, krb5_princ_realm(context, princ), - "pkinit_cert_match", &rules); + KRB5_CONF_PKINIT_CERT_MATCH, &rules); if (rules == NULL) { pkiDebug("%s: no matching rules found in config file\n", __FUNCTION__); retval = crypto_cert_select_default(context, plg_cryptoctx, Modified: branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_profile.c =================================================================== --- branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_profile.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_profile.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -114,7 +114,7 @@ * } */ - names[0] = "realms"; + names[0] = KRB5_CONF_REALMS; names[1] = realmname; names[2] = option; names[3] = 0; @@ -130,7 +130,7 @@ * option = */ - names[0] = "kdcdefaults"; + names[0] = KRB5_CONF_KDCDEFAULTS; names[1] = option; names[2] = 0; retval = profile_get_values(profile, names, &values); @@ -256,7 +256,7 @@ * } */ - names[0] = "libdefaults"; + names[0] = KRB5_CONF_LIBDEFAULTS; names[1] = realmstr; names[2] = option; names[3] = 0; @@ -273,7 +273,7 @@ * } */ - names[0] = "realms"; + names[0] = KRB5_CONF_REALMS; names[1] = realmstr; names[2] = option; names[3] = 0; @@ -289,7 +289,7 @@ * option = */ - names[0] = "libdefaults"; + names[0] = KRB5_CONF_LIBDEFAULTS; names[1] = option; names[2] = 0; retval = profile_get_values(profile, names, &values); Modified: branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_srv.c =================================================================== --- branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_srv.c 2009-02-18 13:10:25 UTC (rev 22012) +++ branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_srv.c 2009-02-18 18:14:48 UTC (rev 22013) @@ -33,6 +33,7 @@ #include #include +#include "k5-int.h" #include "pkinit.h" static krb5_error_code @@ -1092,7 +1093,7 @@ pkiDebug("%s: entered for realm %s\n", __FUNCTION__, plgctx->realmname); retval = pkinit_kdcdefault_string(context, plgctx->realmname, - "pkinit_identity", + KRB5_CONF_PKINIT_IDENTITY, &plgctx->idopts->identity); if (retval != 0 || NULL == plgctx->idopts->identity) { retval = EINVAL; @@ -1103,7 +1104,7 @@ } retval = pkinit_kdcdefault_strings(context, plgctx->realmname, - "pkinit_anchors", + KRB5_CONF_PKINIT_ANCHORS, &plgctx->idopts->anchors); if (retval != 0 || NULL == plgctx->idopts->anchors) { retval = EINVAL; @@ -1114,26 +1115,26 @@ } pkinit_kdcdefault_strings(context, plgctx->realmname, - "pkinit_pool", + KRB5_CONF_PKINIT_POOL, &plgctx->idopts->intermediates); pkinit_kdcdefault_strings(context, plgctx->realmname, - "pkinit_revoke", + KRB5_CONF_PKINIT_REVOKE, &plgctx->idopts->crls); pkinit_kdcdefault_string(context, plgctx->realmname, - "pkinit_kdc_ocsp", + KRB5_CONF_PKINIT_KDC_OCSP, &plgctx->idopts->ocsp); pkinit_kdcdefault_string(context, plgctx->realmname, - "pkinit_mappings_file", + KRB5_CONF_PKINIT_MAPPING_FILE, &plgctx->idopts->dn_mapping_file); pkinit_kdcdefault_integer(context, plgctx->realmname, - "pkinit_dh_min_bits", + KRB5_CONF_PKINIT_DH_MIN_BITS, PKINIT_DEFAULT_DH_MIN_BITS, &plgctx->opts->dh_min_bits); - if (plgctx->opts->dh_min_bits < 1024) { + if (plgctx->opts->dh_min_bits < PKINIT_DEFAULT_DH_MIN_BITS) { pkiDebug("%s: invalid value (%d) for pkinit_dh_min_bits, " "using default value (%d) instead\n", __FUNCTION__, plgctx->opts->dh_min_bits, PKINIT_DEFAULT_DH_MIN_BITS); @@ -1141,15 +1142,15 @@ } pkinit_kdcdefault_boolean(context, plgctx->realmname, - "pkinit_allow_upn", + KRB5_CONF_PKINIT_ALLOW_UPN, 0, &plgctx->opts->allow_upn); pkinit_kdcdefault_boolean(context, plgctx->realmname, - "pkinit_require_crl_checking", + KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING, 0, &plgctx->opts->require_crl_checking); pkinit_kdcdefault_string(context, plgctx->realmname, - "pkinit_eku_checking", + KRB5_CONF_PKINIT_EKU_CHECKING, &eku_string); if (eku_string != NULL) { if (strcasecmp(eku_string, "kpClientAuth") == 0) { From tlyu at MIT.EDU Wed Feb 18 13:17:47 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 13:17:47 -0500 Subject: svn rev #22015: branches/krb5-1-7/src/ kadmin/dbutil/ lib/kdb/ Message-ID: <200902181817.n1IIHls9021621@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22015 Commit By: tlyu Log Message: ticket: 6361 version_fixed: 1.7 status: resolved pull up r21884 from trunk ------------------------------------------------------------------------ r21884 | wfiveash | 2009-02-04 17:29:44 -0500 (Wed, 04 Feb 2009) | 7 lines Changed paths: M /trunk/src/kadmin/dbutil/kdb5_mkey.c M /trunk/src/lib/kdb/kdb5.c ticket: 6361 new multi-masterkey support doesn't work well when system clock is set back The ticket contains the details. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/kadmin/dbutil/kdb5_mkey.c U branches/krb5-1-7/src/lib/kdb/kdb5.c Modified: branches/krb5-1-7/src/kadmin/dbutil/kdb5_mkey.c =================================================================== --- branches/krb5-1-7/src/kadmin/dbutil/kdb5_mkey.c 2009-02-18 18:17:40 UTC (rev 22014) +++ branches/krb5-1-7/src/kadmin/dbutil/kdb5_mkey.c 2009-02-18 18:17:47 UTC (rev 22015) @@ -372,12 +372,13 @@ char *mkey_fullname; krb5_kvno use_kvno; krb5_timestamp now, start_time; - krb5_actkvno_node *actkvno_list, *new_actkvno_list_head, *new_actkvno, + krb5_actkvno_node *actkvno_list, *new_actkvno, *prev_actkvno, *cur_actkvno; krb5_db_entry master_entry; int nentries = 0; krb5_boolean more = 0, found; krb5_keylist_node *keylist_node; + krb5_boolean inserted = FALSE; if (argc < 2 || argc > 3) { /* usage calls exit */ @@ -413,7 +414,7 @@ if (argc == 3) { time_t t = get_date(argv[2]); - if (t == -1) { + if (t == -1) { com_err(progname, 0, "could not parse date-time string '%s'", argv[2]); exit_status++; @@ -474,37 +475,58 @@ return; } - /* alloc enough space to hold new and existing key_data */ - new_actkvno = (krb5_actkvno_node *) malloc(sizeof(krb5_actkvno_node)); - if (new_actkvno == NULL) { - com_err(progname, ENOMEM, "while adding new master key"); - exit_status++; - return; + /* + * If an entry already exists with the same kvno either delete it or if it's + * the only entry, just set its active time. + */ + for (prev_actkvno = NULL, cur_actkvno = actkvno_list; + cur_actkvno != NULL; + prev_actkvno = cur_actkvno, cur_actkvno = cur_actkvno->next) { + + if (cur_actkvno->act_kvno == use_kvno) { + /* delete it */ + if (prev_actkvno) { + prev_actkvno->next = cur_actkvno->next; + cur_actkvno->next = NULL; + krb5_dbe_free_actkvno_list(util_context, cur_actkvno); + } else { + if (cur_actkvno->next) { + /* delete it from front of list */ + actkvno_list = cur_actkvno->next; + cur_actkvno->next = NULL; + krb5_dbe_free_actkvno_list(util_context, cur_actkvno); + } else { + /* There's only one entry, go ahead and change the time */ + cur_actkvno->act_time = start_time; + inserted = TRUE; + } + } + break; + } } - memset(new_actkvno, 0, sizeof(krb5_actkvno_node)); - new_actkvno->act_kvno = use_kvno; - new_actkvno->act_time = start_time; + if (!inserted) { + /* alloc enough space to hold new and existing key_data */ + new_actkvno = (krb5_actkvno_node *) malloc(sizeof(krb5_actkvno_node)); + if (new_actkvno == NULL) { + com_err(progname, ENOMEM, "while adding new master key"); + exit_status++; + return; + } + memset(new_actkvno, 0, sizeof(krb5_actkvno_node)); + new_actkvno->act_kvno = use_kvno; + new_actkvno->act_time = start_time; - /* - * determine which nodes to delete and where to insert new act kvno node - */ + /* insert new act kvno node */ - if (actkvno_list == NULL) { - /* new actkvno is the list */ - new_actkvno_list_head = new_actkvno; - } else { - krb5_boolean inserted = FALSE, trimed = FALSE; + if (actkvno_list == NULL) { + /* new actkvno is the list */ + actkvno_list = new_actkvno; + } else { + for (prev_actkvno = NULL, cur_actkvno = actkvno_list; + cur_actkvno != NULL; + prev_actkvno = cur_actkvno, cur_actkvno = cur_actkvno->next) { - for (prev_actkvno = NULL, cur_actkvno = actkvno_list; - cur_actkvno != NULL; - prev_actkvno = cur_actkvno, cur_actkvno = cur_actkvno->next) { - - if (cur_actkvno->act_kvno == use_kvno) { - cur_actkvno->act_time = start_time; - inserted = TRUE; /* fake it */ - } - if (!inserted) { if (new_actkvno->act_time < cur_actkvno->act_time) { if (prev_actkvno) { prev_actkvno->next = new_actkvno; @@ -513,42 +535,32 @@ new_actkvno->next = actkvno_list; actkvno_list = new_actkvno; } - inserted = TRUE; + break; } else if (cur_actkvno->next == NULL) { /* end of line, just add new node to end of list */ cur_actkvno->next = new_actkvno; - inserted = TRUE; + break; } } - if (!trimed) { - /* trim entries in past that are superceded */ - if (cur_actkvno->act_time > now) { - if (prev_actkvno) { - new_actkvno_list_head = prev_actkvno; - } else { - new_actkvno_list_head = actkvno_list; - } - trimed = TRUE; - } else if (cur_actkvno->next == NULL) { - /* XXX this is buggy, fix soon. */ - new_actkvno_list_head = cur_actkvno; - trimed = TRUE; - } - } - if (trimed && inserted) - break; } } - if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry, - new_actkvno_list_head))) { - com_err(progname, retval, "while updating actkvno data for master principal entry"); + if (actkvno_list->act_time > now) { + com_err(progname, EINVAL, "there must be one master key currently active"); exit_status++; return; } + if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry, + /* new_actkvno_list_head))) { */ + actkvno_list))) { + com_err(progname, retval, "while updating actkvno data for master principal entry"); + exit_status++; + return; + } + if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry, - now, master_princ))) { + now, master_princ))) { com_err(progname, retval, "while updating the master key principal modification time"); exit_status++; return; @@ -658,7 +670,7 @@ } if (actkvno_list != NULL) { - act_time = 0; + act_time = -1; /* assume actkvno entry not found */ for (cur_actkvno = actkvno_list; cur_actkvno != NULL; cur_actkvno = cur_actkvno->next) { if (cur_actkvno->act_kvno == cur_kb_node->kvno) { @@ -683,7 +695,7 @@ retval = asprintf(&output_str, "KNVO: %d, Enctype: %s, Active on: %s *\n", cur_kb_node->kvno, enctype, strdate(act_time)); } else { - if (act_time) { + if (act_time != -1) { retval = asprintf(&output_str, "KNVO: %d, Enctype: %s, Active on: %s\n", cur_kb_node->kvno, enctype, strdate(act_time)); } else { Modified: branches/krb5-1-7/src/lib/kdb/kdb5.c =================================================================== --- branches/krb5-1-7/src/lib/kdb/kdb5.c 2009-02-18 18:17:40 UTC (rev 22014) +++ branches/krb5-1-7/src/lib/kdb/kdb5.c 2009-02-18 18:17:47 UTC (rev 22015) @@ -1878,8 +1878,10 @@ if (nprinc != 1) { if (nprinc) { krb5_db_free_principal(context, &entry, nprinc); + return (KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); + } else { + return(KRB5_KDB_NOMASTERKEY); } - return(KRB5_KDB_NOMASTERKEY); } else if (more) { krb5_db_free_principal(context, &entry, nprinc); return (KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); @@ -1888,24 +1890,19 @@ retval = krb5_dbe_lookup_actkvno(context, &entry, act_key_list); if (*act_key_list == NULL) { - krb5_actkvno_node *tmp_actkvno; - krb5_timestamp now; + krb5_actkvno_node *tmp_actkvno; /* * for mkey princ entries without KRB5_TL_ACTKVNO data provide a default */ - if ((retval = krb5_timeofday(context, &now))) - return (retval); - tmp_actkvno = (krb5_actkvno_node *) malloc(sizeof(krb5_actkvno_node)); if (tmp_actkvno == NULL) return (ENOMEM); memset(tmp_actkvno, 0, sizeof(krb5_actkvno_node)); - tmp_actkvno->act_time = now; + tmp_actkvno->act_time = 0; /* earliest time possible */ /* use most current key */ tmp_actkvno->act_kvno = entry.key_data[0].key_data_kvno; - *act_key_list = tmp_actkvno; } @@ -1915,7 +1912,7 @@ /* * Locates the "active" mkey used when encrypting a princ's keys. Note, the - * caller must not free the output act_mkey. + * caller must NOT free the output act_mkey. */ krb5_error_code @@ -1937,10 +1934,20 @@ /* * The list should be sorted in time, early to later so if the first entry - * is later than now, this is a problem + * is later than now, this is a problem. The fallback in this case is to + * return the earlist activation entry. */ if (act_mkey_list->act_time > now) { - return (KRB5_KDB_NOACTMASTERKEY); + while (cur_keyblock && cur_keyblock->kvno != act_mkey_list->act_kvno) + cur_keyblock = cur_keyblock->next; + if (cur_keyblock) { + *act_mkey = &cur_keyblock->keyblock; + if (act_kvno != NULL) + *act_kvno = cur_keyblock->kvno; + return (0); + } else { + return (KRB5_KDB_NOACTMASTERKEY); + } } /* find the most current entry <= now */ From tlyu at MIT.EDU Wed Feb 18 13:17:55 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 13:17:55 -0500 Subject: svn rev #22016: branches/krb5-1-7/src/ lib/gssapi/generic/ Message-ID: <200902181817.n1IIHtdB021660@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22016 Commit By: tlyu Log Message: ticket: 6362 version_fixed: 1.7 status: resolved pull up r21886 from trunk ------------------------------------------------------------------------ r21886 | raeburn | 2009-02-04 18:28:09 -0500 (Wed, 04 Feb 2009) | 5 lines Changed paths: M /trunk/src/aclocal.m4 M /trunk/src/lib/gssapi/generic/oid_ops.c ticket: 6362 subject: don't do arithmetic on void pointers Fix one file in gssapi where we compute offsets from a void* without casting. Change options used with Sun compiler to make such expressions an error. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/aclocal.m4 U branches/krb5-1-7/src/lib/gssapi/generic/oid_ops.c Modified: branches/krb5-1-7/src/aclocal.m4 =================================================================== --- branches/krb5-1-7/src/aclocal.m4 2009-02-18 18:17:47 UTC (rev 22015) +++ branches/krb5-1-7/src/aclocal.m4 2009-02-18 18:17:54 UTC (rev 22016) @@ -664,7 +664,7 @@ # works, but it also means that declaration-in-code warnings won't # be issued. # -v -fd -errwarn=E_DECLARATION_IN_CODE ... - WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION" + WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION -errwarn=E_PTR_TO_VOID_IN_ARITHMETIC" WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64" fi fi Modified: branches/krb5-1-7/src/lib/gssapi/generic/oid_ops.c =================================================================== --- branches/krb5-1-7/src/lib/gssapi/generic/oid_ops.c 2009-02-18 18:17:47 UTC (rev 22015) +++ branches/krb5-1-7/src/lib/gssapi/generic/oid_ops.c 2009-02-18 18:17:54 UTC (rev 22016) @@ -440,7 +440,7 @@ return GSS_S_FAILURE; } - op = oid->elements + prefix_len + nbytes; + op = (unsigned char *) oid->elements + prefix_len + nbytes; i = -1; while (suffix) { op[i] = (unsigned char)suffix & 0x7f; @@ -472,7 +472,7 @@ return GSS_S_BAD_MECH; } - op = oid->elements + prefix_len; + op = (unsigned char *) oid->elements + prefix_len; *suffix = 0; From tlyu at MIT.EDU Wed Feb 18 13:18:14 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 13:18:14 -0500 Subject: svn rev #22017: branches/krb5-1-7/src/ lib/gssapi/krb5/ Message-ID: <200902181818.n1IIIECS021714@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22017 Commit By: tlyu Log Message: ticket: 6363 version_fixed: 1.7 status: resolved pull up r21887 from trunk ------------------------------------------------------------------------ r21887 | raeburn | 2009-02-04 20:49:21 -0500 (Wed, 04 Feb 2009) | 8 lines Changed paths: M /trunk/src/aclocal.m4 M /trunk/src/lib/gssapi/krb5/k5seal.c ticket: 6363 subject: int/ptr bug in gssapi code target_version: 1.7 tags: pullup Fix a pointer argument passed where an integer is needed. Update Sun compiler options to make that an error. (The options we're currently using make it an error for assignment but not for argument passing.) ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/aclocal.m4 U branches/krb5-1-7/src/lib/gssapi/krb5/k5seal.c Modified: branches/krb5-1-7/src/aclocal.m4 =================================================================== --- branches/krb5-1-7/src/aclocal.m4 2009-02-18 18:17:54 UTC (rev 22016) +++ branches/krb5-1-7/src/aclocal.m4 2009-02-18 18:18:14 UTC (rev 22017) @@ -664,7 +664,7 @@ # works, but it also means that declaration-in-code warnings won't # be issued. # -v -fd -errwarn=E_DECLARATION_IN_CODE ... - WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION -errwarn=E_PTR_TO_VOID_IN_ARITHMETIC" + WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION -errwarn=E_BAD_PTR_INT_COMB_ARG -errwarn=E_PTR_TO_VOID_IN_ARITHMETIC" WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64" fi fi Modified: branches/krb5-1-7/src/lib/gssapi/krb5/k5seal.c =================================================================== --- branches/krb5-1-7/src/lib/gssapi/krb5/k5seal.c 2009-02-18 18:17:54 UTC (rev 22016) +++ branches/krb5-1-7/src/lib/gssapi/krb5/k5seal.c 2009-02-18 18:18:14 UTC (rev 22017) @@ -258,7 +258,7 @@ unsigned char bigend_seqnum[4]; krb5_keyblock *enc_key; int i; - store_32_be(seqnum, bigend_seqnum); + store_32_be(*seqnum, bigend_seqnum); code = krb5_copy_keyblock (context, enc, &enc_key); if (code) { From tlyu at MIT.EDU Wed Feb 18 13:17:40 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 13:17:40 -0500 Subject: svn rev #22014: branches/krb5-1-7/src/util/support/ Message-ID: <200902181817.n1IIHeir021584@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22014 Commit By: tlyu Log Message: ticket: 6360 status: resolved version_fixed: 1.7 pull up r21881 from trunk ------------------------------------------------------------------------ r21881 | ghudson | 2009-02-04 14:25:51 -0500 (Wed, 04 Feb 2009) | 7 lines Changed paths: M /trunk/src/util/support/utf8_conv.c ticket: 6360 tags: pullup target_version: 1.7 In krb5int_utf8s_to_ucs2les, free the correct value on error, instead of the caller-supplied result pointer. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/util/support/utf8_conv.c Modified: branches/krb5-1-7/src/util/support/utf8_conv.c =================================================================== --- branches/krb5-1-7/src/util/support/utf8_conv.c 2009-02-18 18:14:48 UTC (rev 22013) +++ branches/krb5-1-7/src/util/support/utf8_conv.c 2009-02-18 18:17:40 UTC (rev 22014) @@ -199,7 +199,7 @@ len = k5_utf8s_to_ucs2s((krb5_ucs2 *)*ucs2les, utf8s, chars + 1, 1); if (len < 0) { - free(ucs2les); + free(*ucs2les); *ucs2les = NULL; return EINVAL; } From tlyu at MIT.EDU Wed Feb 18 13:18:56 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 13:18:56 -0500 Subject: svn rev #22020: branches/krb5-1-7/src/lib/krb5/keytab/ Message-ID: <200902181818.n1IIIuH4021843@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22020 Commit By: tlyu Log Message: ticket: 6367 version_fixed: 1.7 status: resolved pull up r21890 from trunk ------------------------------------------------------------------------ r21890 | ghudson | 2009-02-05 13:19:23 -0500 (Thu, 05 Feb 2009) | 7 lines Changed paths: M /trunk/src/lib/krb5/keytab/ktbase.c ticket: 6367 tags: pullup target_version: 1.7 Fix a memory leak in krb5_kt_resolve when we fail to lock kt_typehead_lock. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/lib/krb5/keytab/ktbase.c Modified: branches/krb5-1-7/src/lib/krb5/keytab/ktbase.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/keytab/ktbase.c 2009-02-18 18:18:28 UTC (rev 22019) +++ branches/krb5-1-7/src/lib/krb5/keytab/ktbase.c 2009-02-18 18:18:56 UTC (rev 22020) @@ -162,10 +162,10 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid) { const struct krb5_kt_typelist *tlist; - char *pfx; + char *pfx = NULL; unsigned int pfxlen; const char *cp, *resid; - krb5_error_code err; + krb5_error_code err = 0; cp = strchr (name, ':'); if (!cp) { @@ -201,7 +201,7 @@ err = k5_mutex_lock(&kt_typehead_lock); if (err) - return err; + goto cleanup; tlist = kt_typehead; /* Don't need to hold the lock, since entries are never modified or removed once they're in the list. Just need to protect @@ -209,12 +209,15 @@ k5_mutex_unlock(&kt_typehead_lock); for (; tlist; tlist = tlist->next) { if (strcmp (tlist->ops->prefix, pfx) == 0) { - free(pfx); - return (*tlist->ops->resolve)(context, resid, ktid); + err = (*tlist->ops->resolve)(context, resid, ktid); + goto cleanup; } } + err = KRB5_KT_UNKNOWN_TYPE; + +cleanup: free(pfx); - return KRB5_KT_UNKNOWN_TYPE; + return err; } /* From tlyu at MIT.EDU Wed Feb 18 13:18:22 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 13:18:22 -0500 Subject: svn rev #22018: branches/krb5-1-7/src/include/ Message-ID: <200902181818.n1IIIMoR021751@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22018 Commit By: tlyu Log Message: ticket: 6364 version_fixed: 1.7 status: resolved pull up r21888 from trunk ------------------------------------------------------------------------ r21888 | raeburn | 2009-02-04 21:16:22 -0500 (Wed, 04 Feb 2009) | 11 lines Changed paths: M /trunk/src/include/k5-platform.h ticket: 6364 subject: declare replacement [v]asprintf functions target_version: 1.7 tags: pullup If HAVE_VASPRINTF is not defined, make sure krb5int_{,v}asprintf functions always get declared, applying the preprocessor conditional test only to the GCC format attribute. If HAVE_VASPRINTF is defined, don't declare them at all. This fixes a bunch of function-not-declared warnings under Sun cc. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/include/k5-platform.h Modified: branches/krb5-1-7/src/include/k5-platform.h =================================================================== --- branches/krb5-1-7/src/include/k5-platform.h 2009-02-18 18:18:14 UTC (rev 22017) +++ branches/krb5-1-7/src/include/k5-platform.h 2009-02-18 18:18:21 UTC (rev 22018) @@ -912,15 +912,19 @@ #endif /* win32? */ #endif /* no vsnprintf */ +#ifndef HAVE_VASPRINTF + +extern int krb5int_vasprintf(char **, const char *, va_list) #if !defined(__cplusplus) && (__GNUC__ > 2) -extern int krb5int_vasprintf(char **, const char *, va_list) - __attribute__((__format__(__printf__, 2, 0))); + __attribute__((__format__(__printf__, 2, 0))) +#endif + ; extern int krb5int_asprintf(char **, const char *, ...) - __attribute__((__format__(__printf__, 2, 3))); +#if !defined(__cplusplus) && (__GNUC__ > 2) + __attribute__((__format__(__printf__, 2, 3))) #endif + ; -#ifndef HAVE_VASPRINTF - #define vasprintf krb5int_vasprintf /* Assume HAVE_ASPRINTF iff HAVE_VASPRINTF. */ #define asprintf krb5int_asprintf From tlyu at MIT.EDU Wed Feb 18 13:18:29 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 13:18:29 -0500 Subject: svn rev #22019: branches/krb5-1-7/src/ kadmin/server/ lib/kadm5/ plugins/kdb/db2/ Message-ID: <200902181818.n1IIIT7J021803@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22019 Commit By: tlyu Log Message: ticket: 6365 version_fixed: 1.7 status: resolved pull up r21889 from trunk ------------------------------------------------------------------------ r21889 | raeburn | 2009-02-04 21:59:08 -0500 (Wed, 04 Feb 2009) | 7 lines Changed paths: M /trunk/src/kadmin/server/kadm_rpc_svc.c M /trunk/src/lib/kadm5/chpass_util.c M /trunk/src/plugins/kdb/db2/pol_xdr.c ticket: 6365 subject: include omitted system header string.h target_version: 1.7 tags: pullup Sun cc warns about some of the string functions being undeclared in several source files. So, include string.h there. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/kadmin/server/kadm_rpc_svc.c U branches/krb5-1-7/src/lib/kadm5/chpass_util.c U branches/krb5-1-7/src/plugins/kdb/db2/pol_xdr.c Modified: branches/krb5-1-7/src/kadmin/server/kadm_rpc_svc.c =================================================================== --- branches/krb5-1-7/src/kadmin/server/kadm_rpc_svc.c 2009-02-18 18:18:21 UTC (rev 22018) +++ branches/krb5-1-7/src/kadmin/server/kadm_rpc_svc.c 2009-02-18 18:18:28 UTC (rev 22019) @@ -7,6 +7,7 @@ #include #include /* for gss_nt_krb5_name */ #include +#include #include "autoconf.h" #ifdef HAVE_MEMORY_H #include Modified: branches/krb5-1-7/src/lib/kadm5/chpass_util.c =================================================================== --- branches/krb5-1-7/src/lib/kadm5/chpass_util.c 2009-02-18 18:18:21 UTC (rev 22018) +++ branches/krb5-1-7/src/lib/kadm5/chpass_util.c 2009-02-18 18:18:28 UTC (rev 22019) @@ -9,6 +9,7 @@ #include #endif #include +#include #include #include "admin_internal.h" Modified: branches/krb5-1-7/src/plugins/kdb/db2/pol_xdr.c =================================================================== --- branches/krb5-1-7/src/plugins/kdb/db2/pol_xdr.c 2009-02-18 18:18:21 UTC (rev 22018) +++ branches/krb5-1-7/src/plugins/kdb/db2/pol_xdr.c 2009-02-18 18:18:28 UTC (rev 22019) @@ -6,6 +6,7 @@ #ifdef HAVE_MEMORY_H #include #endif +#include static bool_t xdr_nullstring(XDR *xdrs, char **objp) From tlyu at MIT.EDU Wed Feb 18 13:19:10 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 13:19:10 -0500 Subject: svn rev #22021: branches/krb5-1-7/src/lib/krb5/krb/ Message-ID: <200902181819.n1IIJAeH021897@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22021 Commit By: tlyu Log Message: ticket: 6368 version_fixed: 1.7 status: resolved pull up r21894 from trunk ------------------------------------------------------------------------ r21894 | ghudson | 2009-02-05 13:43:08 -0500 (Thu, 05 Feb 2009) | 7 lines Changed paths: M /trunk/src/lib/krb5/krb/chpw.c ticket: 6368 tags: pullup target_version: 1.7 Add a missing break in the switch statement of krb5int_setpw_result_code_string. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/lib/krb5/krb/chpw.c Modified: branches/krb5-1-7/src/lib/krb5/krb/chpw.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/chpw.c 2009-02-18 18:18:56 UTC (rev 22020) +++ branches/krb5-1-7/src/lib/krb5/krb/chpw.c 2009-02-18 18:19:10 UTC (rev 22021) @@ -528,6 +528,7 @@ break; case 0: *code_string = "Success"; + break; default: *code_string = "Password change failed"; break; From tlyu at MIT.EDU Wed Feb 18 13:19:18 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 13:19:18 -0500 Subject: svn rev #22022: branches/krb5-1-7/src/lib/rpc/unit-test/ config/ rpc_test.0/ Message-ID: <200902181819.n1IIJIIE021934@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22022 Commit By: tlyu Log Message: ticket: 6349 version_fixed: 1.7 status: resolved pull up r21895 from trunk ------------------------------------------------------------------------ r21895 | epeisach | 2009-02-05 14:02:29 -0500 (Thu, 05 Feb 2009) | 7 lines Changed paths: M /trunk/src/lib/rpc/unit-test/config/unix.exp M /trunk/src/lib/rpc/unit-test/rpc_test.0/expire.exp M /trunk/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp M /trunk/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp ticket: 6349 Detect failure to register with rpcbind/portmap due to security restrictons and not bomb out in tests. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/lib/rpc/unit-test/config/unix.exp U branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/expire.exp U branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp U branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp Modified: branches/krb5-1-7/src/lib/rpc/unit-test/config/unix.exp =================================================================== --- branches/krb5-1-7/src/lib/rpc/unit-test/config/unix.exp 2009-02-18 18:19:10 UTC (rev 22021) +++ branches/krb5-1-7/src/lib/rpc/unit-test/config/unix.exp 2009-02-18 18:19:18 UTC (rev 22022) @@ -112,6 +112,10 @@ global server_started global kill + if { [info exists server_started] && $server_started == 0 } { + return + } + if {[catch { expect { -i $server_id @@ -143,6 +147,7 @@ verbose "% $SERVER" 1 set server_pid [spawn $SERVER $PROT] set server_id $spawn_id + set server_started 1 unset env(KRB5_KTNAME) @@ -150,6 +155,18 @@ expect { "running" { } + "Cannot register service" { + send_error "Server cannot register with portmap/rpcbind!!\n" + note "+++" + note "+++ These tests require the ability to register with portmap/rpcbind" + note "+++ Either the server is not running or it does not" + note "+++ allow registration using a loopback connection" + note "+++" + verbose $expect_out(buffer) 1 + set server_started 0 + unsupported "Server registration" + return + } eof { send_error "server exited!" verbose $expect_out(buffer) 1 Modified: branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/expire.exp =================================================================== --- branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/expire.exp 2009-02-18 18:19:10 UTC (rev 22021) +++ branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/expire.exp 2009-02-18 18:19:18 UTC (rev 22022) @@ -2,7 +2,7 @@ load_lib "helpers.exp" -global spawn_id +global server_started proc expired {} { global spawn_id server_id @@ -18,8 +18,10 @@ flush_server } -expired +#if { [info exists server_pid] && ($server_pid >= 0) } { expired } +if { $server_started } {expired } + proc overlap {} { global spawn_id @@ -41,6 +43,6 @@ flush_server } -overlap +if { $server_started } {overlap} Modified: branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp =================================================================== --- branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp 2009-02-18 18:19:10 UTC (rev 22021) +++ branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp 2009-02-18 18:19:18 UTC (rev 22022) @@ -4,7 +4,10 @@ global spawn_id global server_id +global server_started +if { !$server_started } {return} + # Start the client and do a full run start_client "full run" fullrun testuser notathena 8h 1026 set client_id $spawn_id Modified: branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp =================================================================== --- branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp 2009-02-18 18:19:10 UTC (rev 22021) +++ branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp 2009-02-18 18:19:18 UTC (rev 22022) @@ -4,8 +4,11 @@ global spawn_id global server_id +global server_started global hostname +if { !$server_started } {return} + start_client "gss err" gsserr testuser notathena 8h 1026 notserver@$hostname eof_client "gss err" gsserr $spawn_id 2 From raeburn at MIT.EDU Wed Feb 18 13:20:43 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Wed, 18 Feb 2009 13:20:43 -0500 Subject: svn rev #22023: trunk/src/ ccapi/ ccapi/lib/ ccapi/lib/unix/ ccapi/server/ ccapi/server/unix/ ... Message-ID: <200902181820.n1IIKhAp022115@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22023 Commit By: raeburn Log Message: Some fixups and stubs for building ccapi on UNIX, and dependencies. (Doesn't make a complete working implementation, but it mostly compiles.) Does *not* include the changes to actually cause the ccapi code to get built in normal UNIX builds. Changed Files: U trunk/src/ccapi/Makefile.in A trunk/src/ccapi/deps U trunk/src/ccapi/lib/Makefile.in A trunk/src/ccapi/lib/deps A trunk/src/ccapi/lib/libkrb5-ccapi.exports U trunk/src/ccapi/lib/unix/Makefile.in A trunk/src/ccapi/lib/unix/deps A trunk/src/ccapi/lib/unix/stubs.c U trunk/src/ccapi/server/Makefile.in A trunk/src/ccapi/server/deps U trunk/src/ccapi/server/unix/Makefile.in A trunk/src/ccapi/server/unix/deps A trunk/src/ccapi/test/deps U trunk/src/configure.in U trunk/src/lib/krb5/ccache/Makefile.in U trunk/src/lib/krb5/ccache/ccapi/Makefile.in A trunk/src/lib/krb5/ccache/ccapi/deps U trunk/src/lib/krb5/ccache/ccapi/stdcc_util.c Modified: trunk/src/ccapi/Makefile.in =================================================================== --- trunk/src/ccapi/Makefile.in 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/ccapi/Makefile.in 2009-02-18 18:20:41 UTC (rev 22023) @@ -7,7 +7,6 @@ all-windows:: @echo Making in ccapi\lib\win - @echo buildtop: $(BUILDTOP) cd lib\win cd $(MAKE) -$(MFLAGS) @@ -34,4 +33,3 @@ cd $(MAKE) -$(MFLAGS) clean -# +++ Dependency line eater +++ Added: trunk/src/ccapi/deps =================================================================== --- trunk/src/ccapi/deps 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/ccapi/deps 2009-02-18 18:20:41 UTC (rev 22023) @@ -0,0 +1 @@ +# No dependencies here. Modified: trunk/src/ccapi/lib/Makefile.in =================================================================== --- trunk/src/ccapi/lib/Makefile.in 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/ccapi/lib/Makefile.in 2009-02-18 18:20:41 UTC (rev 22023) @@ -3,10 +3,11 @@ mydir=ccapi/lib BUILDTOP=$(REL)..$(S).. SUBDIRS=unix -LOCALINCLUDES=-I$(srcdir)/../common +LOCALINCLUDES=-I$(srcdir)/../common -I. -SHLIB_EXPDEPS= $(COM_ERR_DEPLIB) -SHLIB_EXPLIBS=-lcom_err +SHLIB_EXPDEPS= $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB) +SHLIB_EXPLIBS=-lcom_err $(SUPPORT_LIB) +RELDIR=../ccapi/lib LIBBASE=krb5-ccapi LIBMAJOR=1 @@ -14,9 +15,7 @@ STOBJLISTS= \ OBJS.ST \ - unix/OBJS.ST \ - ../common/OBJS.ST \ - ../common/unix/OBJS.ST + unix/OBJS.ST STLIBOBJS= \ ccapi_ccache.o \ @@ -62,4 +61,3 @@ @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ Added: trunk/src/ccapi/lib/deps =================================================================== --- trunk/src/ccapi/lib/deps 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/ccapi/lib/deps 2009-02-18 18:20:41 UTC (rev 22023) @@ -0,0 +1,86 @@ +# +# Generated makefile dependencies follow. +# +ccapi_ccache.so ccapi_ccache.po $(OUTPRE)ccapi_ccache.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccapi_ccache.c ccapi_ccache.h ccapi_credentials.h ccapi_credentials_iterator.h \ + ccapi_ipc.h ccapi_string.h +ccapi_ccache_iterator.so ccapi_ccache_iterator.po $(OUTPRE)ccapi_ccache_iterator.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccapi_ccache.h ccapi_ccache_iterator.c ccapi_ccache_iterator.h \ + ccapi_ipc.h +ccapi_context.so ccapi_context.po $(OUTPRE)ccapi_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccapi_ccache.h ccapi_ccache_iterator.h ccapi_context.c \ + ccapi_context.h ccapi_context_change_time.h ccapi_err.h \ + ccapi_ipc.h ccapi_string.h +ccapi_context_change_time.so ccapi_context_change_time.po \ + $(OUTPRE)ccapi_context_change_time.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccapi_context_change_time.c ccapi_context_change_time.h +ccapi_credentials.so ccapi_credentials.po $(OUTPRE)ccapi_credentials.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccapi_credentials.c ccapi_credentials.h ccapi_string.h +ccapi_credentials_iterator.so ccapi_credentials_iterator.po \ + $(OUTPRE)ccapi_credentials_iterator.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccapi_credentials.h ccapi_credentials_iterator.c ccapi_credentials_iterator.h \ + ccapi_ipc.h +ccapi_err.so ccapi_err.po $(OUTPRE)ccapi_err.$(OBJEXT): \ + $(COM_ERR_DEPS) ccapi_err.c +ccapi_ipc.so ccapi_ipc.po $(OUTPRE)ccapi_ipc.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccapi_ipc.c ccapi_ipc.h ccapi_os_ipc.h +ccapi_string.so ccapi_string.po $(OUTPRE)ccapi_string.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccapi_string.c ccapi_string.h +ccapi_v2.so ccapi_v2.po $(OUTPRE)ccapi_v2.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccapi_ccache.h ccapi_ccache_iterator.h ccapi_context.h \ + ccapi_credentials.h ccapi_credentials_iterator.h ccapi_string.h \ + ccapi_v2.c Added: trunk/src/ccapi/lib/libkrb5-ccapi.exports =================================================================== --- trunk/src/ccapi/lib/libkrb5-ccapi.exports 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/ccapi/lib/libkrb5-ccapi.exports 2009-02-18 18:20:41 UTC (rev 22023) @@ -0,0 +1 @@ +cc_close Modified: trunk/src/ccapi/lib/unix/Makefile.in =================================================================== --- trunk/src/ccapi/lib/unix/Makefile.in 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/ccapi/lib/unix/Makefile.in 2009-02-18 18:20:41 UTC (rev 22023) @@ -2,10 +2,13 @@ myfulldir=ccapi/lib/unix mydir=ccapi/lib/unix BUILDTOP=$(REL)..$(S)..$(S).. +LOCALINCLUDES= -I$(srcdir)/.. -I$(srcdir)/../../common +STLIBOBJS= stubs.o +OBJS= $(OUTPRE)stubs.$(OBJEXT) + all-unix:: all-libobjs clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ Added: trunk/src/ccapi/lib/unix/deps =================================================================== --- trunk/src/ccapi/lib/unix/deps 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/ccapi/lib/unix/deps 2009-02-18 18:20:41 UTC (rev 22023) @@ -0,0 +1 @@ +# No dependencies here. Added: trunk/src/ccapi/lib/unix/stubs.c =================================================================== --- trunk/src/ccapi/lib/unix/stubs.c 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/ccapi/lib/unix/stubs.c 2009-02-18 18:20:41 UTC (rev 22023) @@ -0,0 +1,10 @@ +#include +#include "ccapi_os_ipc.h" + +cc_int32 cci_os_ipc_thread_init (void) +{ + return EINVAL; +} +void cci_os_ipc_thread_fini (void) +{ +} Modified: trunk/src/ccapi/server/Makefile.in =================================================================== --- trunk/src/ccapi/server/Makefile.in 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/ccapi/server/Makefile.in 2009-02-18 18:20:41 UTC (rev 22023) @@ -59,4 +59,3 @@ @libobj_frag@ -# +++ Dependency line eater +++ Added: trunk/src/ccapi/server/deps =================================================================== --- trunk/src/ccapi/server/deps 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/ccapi/server/deps 2009-02-18 18:20:41 UTC (rev 22023) @@ -0,0 +1,170 @@ +# +# Generated makefile dependencies follow. +# +ccs_array.so ccs_array.po $(OUTPRE)ccs_array.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_array_internal.h $(srcdir)/../common/cci_common.h \ + $(srcdir)/../common/cci_cred_union.h $(srcdir)/../common/cci_debugging.h \ + $(srcdir)/../common/cci_identifier.h $(srcdir)/../common/cci_message.h \ + $(srcdir)/../common/cci_types.h ccs_array.c ccs_array.h \ + ccs_cache_collection.h ccs_callback.h ccs_ccache.h \ + ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.h \ + ccs_credentials_iterator.h ccs_list.h ccs_lock.h ccs_lock_state.h \ + ccs_pipe.h ccs_server.h ccs_types.h +ccs_cache_collection.so ccs_cache_collection.po $(OUTPRE)ccs_cache_collection.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccs_array.h ccs_cache_collection.c ccs_cache_collection.h \ + ccs_callback.h ccs_ccache.h ccs_ccache_iterator.h ccs_client.h \ + ccs_common.h ccs_credentials.h ccs_credentials_iterator.h \ + ccs_list.h ccs_lock.h ccs_lock_state.h ccs_os_notify.h \ + ccs_pipe.h ccs_server.h ccs_types.h +ccs_callback.so ccs_callback.po $(OUTPRE)ccs_callback.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccs_array.h ccs_cache_collection.h ccs_callback.c ccs_callback.h \ + ccs_ccache.h ccs_ccache_iterator.h ccs_client.h ccs_common.h \ + ccs_credentials.h ccs_credentials_iterator.h ccs_list.h \ + ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \ + ccs_types.h +ccs_ccache.so ccs_ccache.po $(OUTPRE)ccs_ccache.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.c \ + ccs_ccache.h ccs_ccache_iterator.h ccs_client.h ccs_common.h \ + ccs_credentials.h ccs_credentials_iterator.h ccs_list.h \ + ccs_lock.h ccs_lock_state.h ccs_os_notify.h ccs_pipe.h \ + ccs_server.h ccs_types.h +ccs_ccache_iterator.so ccs_ccache_iterator.po $(OUTPRE)ccs_ccache_iterator.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \ + ccs_ccache_iterator.c ccs_ccache_iterator.h ccs_client.h \ + ccs_common.h ccs_credentials.h ccs_credentials_iterator.h \ + ccs_list.h ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \ + ccs_types.h +ccs_client.so ccs_client.po $(OUTPRE)ccs_client.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \ + ccs_ccache_iterator.h ccs_client.c ccs_client.h ccs_common.h \ + ccs_credentials.h ccs_credentials_iterator.h ccs_list.h \ + ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \ + ccs_types.h +ccs_credentials.so ccs_credentials.po $(OUTPRE)ccs_credentials.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \ + ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.c \ + ccs_credentials.h ccs_credentials_iterator.h ccs_list.h \ + ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \ + ccs_types.h +ccs_credentials_iterator.so ccs_credentials_iterator.po \ + $(OUTPRE)ccs_credentials_iterator.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \ + ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.h \ + ccs_credentials_iterator.c ccs_credentials_iterator.h \ + ccs_list.h ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \ + ccs_types.h +ccs_list.so ccs_list.po $(OUTPRE)ccs_list.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_array_internal.h $(srcdir)/../common/cci_common.h \ + $(srcdir)/../common/cci_cred_union.h $(srcdir)/../common/cci_debugging.h \ + $(srcdir)/../common/cci_identifier.h $(srcdir)/../common/cci_message.h \ + $(srcdir)/../common/cci_types.h ccs_array.h ccs_cache_collection.h \ + ccs_callback.h ccs_ccache.h ccs_ccache_iterator.h ccs_client.h \ + ccs_common.h ccs_credentials.h ccs_credentials_iterator.h \ + ccs_list.c ccs_list.h ccs_list_internal.h ccs_lock.h \ + ccs_lock_state.h ccs_pipe.h ccs_server.h ccs_types.h +ccs_list_internal.so ccs_list_internal.po $(OUTPRE)ccs_list_internal.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_array_internal.h $(srcdir)/../common/cci_common.h \ + $(srcdir)/../common/cci_cred_union.h $(srcdir)/../common/cci_debugging.h \ + $(srcdir)/../common/cci_identifier.h $(srcdir)/../common/cci_message.h \ + $(srcdir)/../common/cci_types.h ccs_array.h ccs_cache_collection.h \ + ccs_callback.h ccs_ccache.h ccs_ccache_iterator.h ccs_client.h \ + ccs_common.h ccs_credentials.h ccs_credentials_iterator.h \ + ccs_list.h ccs_list_internal.c ccs_list_internal.h \ + ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \ + ccs_types.h +ccs_lock.so ccs_lock.po $(OUTPRE)ccs_lock.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \ + ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.h \ + ccs_credentials_iterator.h ccs_list.h ccs_lock.c ccs_lock.h \ + ccs_lock_state.h ccs_pipe.h ccs_server.h ccs_types.h +ccs_lock_state.so ccs_lock_state.po $(OUTPRE)ccs_lock_state.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \ + ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.h \ + ccs_credentials_iterator.h ccs_list.h ccs_lock.h ccs_lock_state.c \ + ccs_lock_state.h ccs_pipe.h ccs_server.h ccs_types.h +ccs_pipe.so ccs_pipe.po $(OUTPRE)ccs_pipe.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \ + ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.h \ + ccs_credentials_iterator.h ccs_list.h ccs_lock.h ccs_lock_state.h \ + ccs_os_pipe.h ccs_pipe.c ccs_pipe.h ccs_server.h ccs_types.h +ccs_server.so ccs_server.po $(OUTPRE)ccs_server.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \ + $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \ + $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \ + ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \ + ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.h \ + ccs_credentials_iterator.h ccs_list.h ccs_lock.h ccs_lock_state.h \ + ccs_os_server.h ccs_pipe.h ccs_server.c ccs_server.h \ + ccs_types.h Modified: trunk/src/ccapi/server/unix/Makefile.in =================================================================== --- trunk/src/ccapi/server/unix/Makefile.in 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/ccapi/server/unix/Makefile.in 2009-02-18 18:20:41 UTC (rev 22023) @@ -12,4 +12,3 @@ @libobj_frag@ -# +++ Dependency line eater +++ Added: trunk/src/ccapi/server/unix/deps =================================================================== --- trunk/src/ccapi/server/unix/deps 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/ccapi/server/unix/deps 2009-02-18 18:20:41 UTC (rev 22023) @@ -0,0 +1 @@ +# No dependencies here. Added: trunk/src/ccapi/test/deps =================================================================== Modified: trunk/src/configure.in =================================================================== --- trunk/src/configure.in 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/configure.in 2009-02-18 18:20:41 UTC (rev 22023) @@ -1054,6 +1054,7 @@ lib/crypto/arcfour lib/crypto/yarrow lib/crypto/aes lib/krb5 lib/krb5/error_tables lib/krb5/asn.1 lib/krb5/ccache +dnl lib/krb5/ccache/ccapi lib/krb5/keytab lib/krb5/krb lib/krb5/rcache lib/krb5/os lib/krb5/unicode @@ -1066,6 +1067,8 @@ lib/apputils +dnl ccapi ccapi/lib ccapi/lib/unix ccapi/server ccapi/server/unix ccapi/test + kdc slave config-files gen-manpages include plugins/locate/python Modified: trunk/src/lib/krb5/ccache/Makefile.in =================================================================== --- trunk/src/lib/krb5/ccache/Makefile.in 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/lib/krb5/ccache/Makefile.in 2009-02-18 18:20:41 UTC (rev 22023) @@ -2,7 +2,7 @@ myfulldir=lib/krb5/ccache mydir=lib/krb5/ccache BUILDTOP=$(REL)..$(S)..$(S).. -SUBDIRS = +SUBDIRS = # ccapi DEFS= RUN_SETUP = @KRB5_RUN_ENV@ Modified: trunk/src/lib/krb5/ccache/ccapi/Makefile.in =================================================================== --- trunk/src/lib/krb5/ccache/ccapi/Makefile.in 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/lib/krb5/ccache/ccapi/Makefile.in 2009-02-18 18:20:41 UTC (rev 22023) @@ -1,10 +1,11 @@ -thisconfigdir=./../.. +thisconfigdir=../../../.. myfulldir=lib/krb5/ccache/ccapi -mydir=ccache/ccapi +mydir=lib/krb5/ccache/ccapi BUILDTOP=$(REL)..$(S)..$(S)..$(S).. LOCALINCLUDES = $(WIN_INCLUDES) -DEFS= +DEFS= -DUSE_CCAPI -DUSE_CCAPI_V3 +##DOS##DEFS= ##DOS##WIN_INCLUDES = -I$(SRCTOP)\windows\lib ##DOS##BUILDTOP = ..\..\..\.. @@ -24,3 +25,5 @@ all-unix:: all-libobjs clean-unix:: clean-libobjs + + at libobj_frag@ Added: trunk/src/lib/krb5/ccache/ccapi/deps =================================================================== --- trunk/src/lib/krb5/ccache/ccapi/deps 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/lib/krb5/ccache/ccapi/deps 2009-02-18 18:20:41 UTC (rev 22023) @@ -0,0 +1,18 @@ +# +# Generated makefile dependencies follow. +# +stdcc.so stdcc.po $(OUTPRE)stdcc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h stdcc.c stdcc.h stdcc_util.h +stdcc_util.so stdcc_util.po $(OUTPRE)stdcc_util.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \ + $(SRCTOP)/include/krb5.h stdcc_util.c stdcc_util.h +winccld.so winccld.po $(OUTPRE)winccld.$(OBJEXT): winccld.c Modified: trunk/src/lib/krb5/ccache/ccapi/stdcc_util.c =================================================================== --- trunk/src/lib/krb5/ccache/ccapi/stdcc_util.c 2009-02-18 18:19:18 UTC (rev 22022) +++ trunk/src/lib/krb5/ccache/ccapi/stdcc_util.c 2009-02-18 18:20:41 UTC (rev 22023) @@ -17,7 +17,9 @@ #include "stdcc_util.h" #include "krb5.h" +#ifdef _WIN32 /* it's part of krb5.h everywhere else */ #include "kv5m_err.h" +#endif #define fieldSize 255 From tlyu at MIT.EDU Wed Feb 18 19:35:37 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 19:35:37 -0500 Subject: svn rev #22025: branches/krb5-1-7/src/lib/krb5/krb/ Message-ID: <200902190035.n1J0Zb8p020275@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22025 Commit By: tlyu Log Message: ticket: 6370 version_fixed: 1.7 status: resolved pull up r21899 from trunk ------------------------------------------------------------------------ r21899 | ghudson | 2009-02-05 15:07:45 -0500 (Thu, 05 Feb 2009) | 3 lines Changed paths: M /trunk/src/lib/krb5/krb/gc_frm_kdc.c In gc_frm_kdc.c's do_traversal(), fix an assert which was doing an assignment instead of a compare. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/lib/krb5/krb/gc_frm_kdc.c Modified: branches/krb5-1-7/src/lib/krb5/krb/gc_frm_kdc.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/gc_frm_kdc.c 2009-02-18 21:05:54 UTC (rev 22024) +++ branches/krb5-1-7/src/lib/krb5/krb/gc_frm_kdc.c 2009-02-19 00:35:36 UTC (rev 22025) @@ -745,7 +745,7 @@ } if (NXT_TGT_IS_CACHED(ts)) { - assert(ts->offpath_tgt = NULL); + assert(ts->offpath_tgt == NULL); *out_cc_tgt = *ts->cur_cc_tgt; *out_tgt = out_cc_tgt; MARK_CUR_CC_TGT_CLEAN(ts); From tlyu at MIT.EDU Wed Feb 18 19:35:56 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 19:35:56 -0500 Subject: svn rev #22026: branches/krb5-1-7/src/ kadmin/dbutil/ lib/kdb/ Message-ID: <200902190035.n1J0Zu0Q020328@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22026 Commit By: tlyu Log Message: ticket: 6371 version_fixed: 1.7 status: resolved pull up r21900 from trunk ------------------------------------------------------------------------ r21900 | wfiveash | 2009-02-05 15:57:09 -0500 (Thu, 05 Feb 2009) | 10 lines Changed paths: M /trunk/src/kadmin/dbutil/kdb5_mkey.c M /trunk/src/lib/kdb/kdb5.c M /trunk/src/lib/kdb/kdb_default.c ticket: 6371 subject: deal with memleaks in migrate mkey project Version_Reported: 1.7 Target_Version: 1.7 Tags: pullup Ken R. told me that Coverity found several potential memleaks introduced by the mkey migration project. This addresses those leaks and tweaks the code formatting in a few places. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/kadmin/dbutil/kdb5_mkey.c U branches/krb5-1-7/src/lib/kdb/kdb5.c U branches/krb5-1-7/src/lib/kdb/kdb_default.c Modified: branches/krb5-1-7/src/kadmin/dbutil/kdb5_mkey.c =================================================================== --- branches/krb5-1-7/src/kadmin/dbutil/kdb5_mkey.c 2009-02-19 00:35:36 UTC (rev 22025) +++ branches/krb5-1-7/src/kadmin/dbutil/kdb5_mkey.c 2009-02-19 00:35:56 UTC (rev 22026) @@ -187,8 +187,7 @@ } clean_n_exit: - if (mkey_aux_data_head) - krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_head); + krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_head); return (retval); } @@ -215,6 +214,10 @@ * called first to open the KDB and get the current mkey. */ + memset(&new_mkeyblock, 0, sizeof(new_mkeyblock)); + memset(&master_princ, 0, sizeof(master_princ)); + master_salt.data = NULL; + while ((optchar = getopt(argc, argv, "e:s")) != -1) { switch(optchar) { case 'e': @@ -254,19 +257,19 @@ "while getting master key principal %s", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries == 0) { com_err(progname, KRB5_KDB_NOENTRY, "principal %s not found in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries > 1) { com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "principal %s has multiple entries in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } printf("Creating new master key for master key principal '%s'\n", @@ -281,7 +284,7 @@ if (pw_str == NULL) { com_err(progname, ENOMEM, "while creating new master key"); exit_status++; - return; + goto cleanup_return; } retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2, @@ -289,7 +292,7 @@ if (retval) { com_err(progname, retval, "while reading new master key from keyboard"); exit_status++; - return; + goto cleanup_return; } new_mkey_password = pw_str; @@ -299,7 +302,7 @@ if (retval) { com_err(progname, retval, "while calculating master key salt"); exit_status++; - return; + goto cleanup_return; } retval = krb5_c_string_to_key(util_context, new_master_enctype, @@ -307,34 +310,34 @@ if (retval) { com_err(progname, retval, "while transforming master key from password"); exit_status++; - return; + goto cleanup_return; } retval = add_new_mkey(util_context, &master_entry, &new_mkeyblock, 0); if (retval) { com_err(progname, retval, "adding new master key to master principal"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_timeofday(util_context, &now))) { com_err(progname, retval, "while getting current time"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry, now, master_princ))) { com_err(progname, retval, "while updating the master key principal modification time"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_db_put_principal(util_context, &master_entry, &nentries))) { (void) krb5_db_fini(util_context); com_err(progname, retval, "while adding master key entry to the database"); exit_status++; - return; + goto cleanup_return; } if (do_stash) { @@ -349,6 +352,8 @@ printf("Warning: couldn't stash master key.\n"); } } + +cleanup_return: /* clean up */ (void) krb5_db_fini(util_context); zap((char *)master_keyblock.contents, master_keyblock.length); @@ -360,8 +365,7 @@ free(pw_str); } free(master_salt.data); - free(mkey_fullname); - + krb5_free_unparsed_name(util_context, mkey_fullname); return; } @@ -369,17 +373,19 @@ kdb5_use_mkey(int argc, char *argv[]) { krb5_error_code retval; - char *mkey_fullname; + char *mkey_fullname = NULL; krb5_kvno use_kvno; krb5_timestamp now, start_time; - krb5_actkvno_node *actkvno_list, *new_actkvno, + krb5_actkvno_node *actkvno_list = NULL, *new_actkvno = NULL, *prev_actkvno, *cur_actkvno; krb5_db_entry master_entry; - int nentries = 0; - krb5_boolean more = 0, found; - krb5_keylist_node *keylist_node; + int nentries = 0; + krb5_boolean more = FALSE; + krb5_keylist_node *keylist_node; krb5_boolean inserted = FALSE; + memset(&master_princ, 0, sizeof(master_princ)); + if (argc < 2 || argc > 3) { /* usage calls exit */ usage(); @@ -392,14 +398,12 @@ return; } else { /* verify use_kvno is valid */ - for (keylist_node = master_keylist, found = FALSE; keylist_node != NULL; + for (keylist_node = master_keylist; keylist_node != NULL; keylist_node = keylist_node->next) { - if (use_kvno == keylist_node->kvno) { - found = TRUE; + if (use_kvno == keylist_node->kvno) break; - } } - if (!found) { + if (!keylist_node) { com_err(progname, EINVAL, "%d is an invalid KVNO value", use_kvno); exit_status++; return; @@ -442,7 +446,7 @@ &mkey_fullname, &master_princ))) { com_err(progname, retval, "while setting up master key name"); exit_status++; - return; + goto cleanup_return; } retval = krb5_db_get_principal(util_context, master_princ, &master_entry, @@ -452,19 +456,19 @@ "while getting master key principal %s", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries == 0) { com_err(progname, KRB5_KDB_NOENTRY, "principal %s not found in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries > 1) { com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "principal %s has multiple entries in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list); @@ -472,7 +476,7 @@ com_err(progname, retval, "while looking up active version of master key"); exit_status++; - return; + goto cleanup_return; } /* @@ -511,7 +515,7 @@ if (new_actkvno == NULL) { com_err(progname, ENOMEM, "while adding new master key"); exit_status++; - return; + goto cleanup_return; } memset(new_actkvno, 0, sizeof(krb5_actkvno_node)); new_actkvno->act_kvno = use_kvno; @@ -548,34 +552,35 @@ if (actkvno_list->act_time > now) { com_err(progname, EINVAL, "there must be one master key currently active"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry, - /* new_actkvno_list_head))) { */ - actkvno_list))) { - com_err(progname, retval, "while updating actkvno data for master principal entry"); - exit_status++; - return; - } + actkvno_list))) { + com_err(progname, retval, "while updating actkvno data for master principal entry"); + exit_status++; + goto cleanup_return; + } if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry, now, master_princ))) { com_err(progname, retval, "while updating the master key principal modification time"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_db_put_principal(util_context, &master_entry, &nentries))) { (void) krb5_db_fini(util_context); com_err(progname, retval, "while adding master key entry to the database"); exit_status++; - return; + goto cleanup_return; } +cleanup_return: /* clean up */ (void) krb5_db_fini(util_context); - free(mkey_fullname); + krb5_free_unparsed_name(util_context, mkey_fullname); + krb5_free_principal(util_context, master_princ); krb5_dbe_free_actkvno_list(util_context, actkvno_list); return; } @@ -584,13 +589,13 @@ kdb5_list_mkeys(int argc, char *argv[]) { krb5_error_code retval; - char *mkey_fullname, *output_str = NULL, enctype[BUFSIZ]; + char *mkey_fullname = NULL, *output_str = NULL, enctype[BUFSIZ]; krb5_kvno act_kvno; krb5_timestamp act_time; - krb5_actkvno_node *actkvno_list = NULL, *cur_actkvno, *prev_actkvno; + krb5_actkvno_node *actkvno_list = NULL, *cur_actkvno; krb5_db_entry master_entry; int nentries = 0; - krb5_boolean more = 0; + krb5_boolean more = FALSE; krb5_keylist_node *cur_kb_node; krb5_keyblock *act_mkey; @@ -617,26 +622,26 @@ "while getting master key principal %s", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries == 0) { com_err(progname, KRB5_KDB_NOENTRY, "principal %s not found in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries > 1) { com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "principal %s has multiple entries in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list); if (retval != 0) { com_err(progname, retval, "while looking up active kvno list"); exit_status++; - return; + goto cleanup_return; } if (actkvno_list == NULL) { @@ -653,7 +658,7 @@ } else if (retval != 0) { com_err(progname, retval, "while looking up active master key"); exit_status++; - return; + goto cleanup_return; } } @@ -666,7 +671,7 @@ enctype, sizeof(enctype)))) { com_err(progname, retval, "while getting enctype description"); exit_status++; - return; + goto cleanup_return; } if (actkvno_list != NULL) { @@ -686,7 +691,7 @@ if ((retval = krb5_timeofday(util_context, &act_time))) { com_err(progname, retval, "while getting current time"); exit_status++; - return; + goto cleanup_return; } } @@ -706,22 +711,20 @@ if (retval == -1) { com_err(progname, ENOMEM, "asprintf could not allocate enough memory to hold output"); exit_status++; - return; + goto cleanup_return; } printf("%s", output_str); free(output_str); output_str = NULL; } +cleanup_return: /* clean up */ (void) krb5_db_fini(util_context); - free(mkey_fullname); + krb5_free_unparsed_name(util_context, mkey_fullname); free(output_str); - for (cur_actkvno = actkvno_list; cur_actkvno != NULL;) { - prev_actkvno = cur_actkvno; - cur_actkvno = cur_actkvno->next; - free(prev_actkvno); - } + krb5_free_principal(util_context, master_princ); + krb5_dbe_free_actkvno_list(util_context, actkvno_list); return; } @@ -845,7 +848,7 @@ goto fail; } - if (krb5_principal_compare (util_context, ent->princ, master_princ)) { + if (krb5_principal_compare(util_context, ent->princ, master_princ)) { goto skip; } @@ -1150,7 +1153,7 @@ { int optchar; krb5_error_code retval; - char *mkey_fullname; + char *mkey_fullname = NULL; krb5_timestamp now; krb5_db_entry master_entry; int nentries = 0; @@ -1160,10 +1163,13 @@ char buf[5]; unsigned int i, j, k, num_kvnos_inuse, num_kvnos_purged; unsigned int old_key_data_count; - krb5_actkvno_node *cur_actkvno_list, *actkvno_entry, *prev_actkvno_entry; - krb5_mkey_aux_node *cur_mkey_aux_list, *mkey_aux_entry, *prev_mkey_aux_entry; + krb5_actkvno_node *actkvno_list = NULL, *actkvno_entry, *prev_actkvno_entry; + krb5_mkey_aux_node *mkey_aux_list = NULL, *mkey_aux_entry, *prev_mkey_aux_entry; krb5_key_data *old_key_data; + memset(&master_princ, 0, sizeof(master_princ)); + memset(&args, 0, sizeof(args)); + optind = 1; while ((optchar = getopt(argc, argv, "fnv")) != -1) { switch(optchar) { @@ -1201,19 +1207,19 @@ "while getting master key principal %s", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries == 0) { com_err(progname, KRB5_KDB_NOENTRY, "principal %s not found in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } else if (nentries > 1) { com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "principal %s has multiple entries in Kerberos database", mkey_fullname); exit_status++; - return; + goto cleanup_return; } if (!force) { @@ -1222,11 +1228,11 @@ printf("(type 'yes' to confirm)? "); if (fgets(buf, sizeof(buf), stdin) == NULL) { exit_status++; - return; + goto cleanup_return; } if (strcmp(buf, "yes\n")) { exit_status++; - return; + goto cleanup_return; } printf("OK, purging unused master keys from '%s'...\n", mkey_fullname); } @@ -1236,7 +1242,7 @@ if (old_key_data_count == 1) { if (verbose) printf("There is only one master key which can not be purged.\n"); - return; + goto cleanup_return; } old_key_data = master_entry.key_data; @@ -1245,7 +1251,7 @@ retval = ENOMEM; com_err(progname, ENOMEM, "while allocating args.kvnos"); exit_status++; - return; + goto cleanup_return; } memset(args.kvnos, 0, sizeof(struct kvnos_in_use) * old_key_data_count); args.num_kvnos = old_key_data_count; @@ -1261,7 +1267,7 @@ (krb5_pointer) &args))) { com_err(progname, retval, "while finding master keys in use"); exit_status++; - return; + goto cleanup_return; } /* * args.kvnos has been marked with the mkvno's that are currently protecting @@ -1282,7 +1288,7 @@ com_err(progname, KRB5_KDB_STORED_MKEY_NOTCURRENT, "master key stash file needs updating, command aborting"); exit_status++; - return; + goto cleanup_return; } num_kvnos_purged++; printf("KNVO: %d\n", args.kvnos[i].kvno); @@ -1291,26 +1297,26 @@ /* didn't find any keys to purge */ if (num_kvnos_inuse == args.num_kvnos) { printf("All keys in use, nothing purged.\n"); - goto clean_and_exit; + goto cleanup_return; } if (dry_run) { /* bail before doing anything else */ printf("%d key(s) would be purged.\n", num_kvnos_purged); - goto clean_and_exit; + goto cleanup_return; } - retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &cur_actkvno_list); + retval = krb5_dbe_lookup_actkvno(util_context, &master_entry, &actkvno_list); if (retval != 0) { com_err(progname, retval, "while looking up active kvno list"); exit_status++; - return; + goto cleanup_return; } - retval = krb5_dbe_lookup_mkey_aux(util_context, &master_entry, &cur_mkey_aux_list); + retval = krb5_dbe_lookup_mkey_aux(util_context, &master_entry, &mkey_aux_list); if (retval != 0) { com_err(progname, retval, "while looking up mkey aux data list"); exit_status++; - return; + goto cleanup_return; } master_entry.key_data = (krb5_key_data *) malloc(sizeof(krb5_key_data) * num_kvnos_inuse); @@ -1318,7 +1324,7 @@ retval = ENOMEM; com_err(progname, ENOMEM, "while allocating key_data"); exit_status++; - return; + goto cleanup_return; } memset((char *) master_entry.key_data, 0, sizeof(krb5_key_data) * num_kvnos_inuse); master_entry.n_key_data = num_kvnos_inuse; /* there's only 1 mkey per kvno */ @@ -1336,15 +1342,15 @@ } else { /* remove unused mkey */ /* adjust the actkno data */ - for (prev_actkvno_entry = actkvno_entry = cur_actkvno_list; + for (prev_actkvno_entry = actkvno_entry = actkvno_list; actkvno_entry != NULL; actkvno_entry = actkvno_entry->next) { if (actkvno_entry->act_kvno == args.kvnos[j].kvno) { - if (actkvno_entry == cur_actkvno_list) { + if (actkvno_entry == actkvno_list) { /* remove from head */ - cur_actkvno_list = actkvno_entry->next; - prev_actkvno_entry = cur_actkvno_list; + actkvno_list = actkvno_entry->next; + prev_actkvno_entry = actkvno_list; } else if (actkvno_entry->next == NULL) { /* remove from tail */ prev_actkvno_entry->next = NULL; @@ -1352,27 +1358,29 @@ /* remove in between */ prev_actkvno_entry->next = actkvno_entry->next; } - /* XXX WAF: free actkvno_entry */ + actkvno_entry->next = NULL; + krb5_dbe_free_actkvno_list(util_context, actkvno_entry); break; /* deleted entry, no need to loop further */ } else { prev_actkvno_entry = actkvno_entry; } } /* adjust the mkey aux data */ - for (prev_mkey_aux_entry = mkey_aux_entry = cur_mkey_aux_list; + for (prev_mkey_aux_entry = mkey_aux_entry = mkey_aux_list; mkey_aux_entry != NULL; mkey_aux_entry = mkey_aux_entry->next) { if (mkey_aux_entry->mkey_kvno == args.kvnos[j].kvno) { - if (mkey_aux_entry == cur_mkey_aux_list) { - cur_mkey_aux_list = mkey_aux_entry->next; - prev_mkey_aux_entry = cur_mkey_aux_list; + if (mkey_aux_entry == mkey_aux_list) { + mkey_aux_list = mkey_aux_entry->next; + prev_mkey_aux_entry = mkey_aux_list; } else if (mkey_aux_entry->next == NULL) { prev_mkey_aux_entry->next = NULL; } else { prev_mkey_aux_entry->next = mkey_aux_entry->next; } - /* XXX WAF: free mkey_aux_entry */ + mkey_aux_entry->next = NULL; + krb5_dbe_free_mkey_aux_list(util_context, mkey_aux_entry); break; /* deleted entry, no need to loop further */ } else { prev_mkey_aux_entry = mkey_aux_entry; @@ -1385,15 +1393,15 @@ assert(k == num_kvnos_inuse); if ((retval = krb5_dbe_update_actkvno(util_context, &master_entry, - cur_actkvno_list))) { + actkvno_list))) { com_err(progname, retval, "while updating actkvno data for master principal entry"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_dbe_update_mkey_aux(util_context, &master_entry, - cur_mkey_aux_list))) { + mkey_aux_list))) { com_err(progname, retval, "while updating mkey_aux data for master principal entry"); exit_status++; @@ -1403,7 +1411,7 @@ if ((retval = krb5_timeofday(util_context, &now))) { com_err(progname, retval, "while getting current time"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_dbe_update_mod_princ_data(util_context, &master_entry, @@ -1411,21 +1419,24 @@ com_err(progname, retval, "while updating the master key principal modification time"); exit_status++; - return; + goto cleanup_return; } if ((retval = krb5_db_put_principal(util_context, &master_entry, &nentries))) { (void) krb5_db_fini(util_context); com_err(progname, retval, "while adding master key entry to the database"); exit_status++; - return; + goto cleanup_return; } printf("%d key(s) purged.\n", num_kvnos_purged); -clean_and_exit: +cleanup_return: /* clean up */ (void) krb5_db_fini(util_context); + krb5_free_principal(util_context, master_princ); free(args.kvnos); - free(mkey_fullname); + krb5_free_unparsed_name(util_context, mkey_fullname); + krb5_dbe_free_actkvno_list(util_context, actkvno_list); + krb5_dbe_free_mkey_aux_list(util_context, mkey_aux_list); return; } Modified: branches/krb5-1-7/src/lib/kdb/kdb5.c =================================================================== --- branches/krb5-1-7/src/lib/kdb/kdb5.c 2009-02-19 00:35:36 UTC (rev 22025) +++ branches/krb5-1-7/src/lib/kdb/kdb5.c 2009-02-19 00:35:56 UTC (rev 22026) @@ -115,11 +115,13 @@ { int i, idx; - idx = (key->key_data_ver == 1 ? 1 : 2); - for (i = 0; i < idx; i++) { - if (key->key_data_contents[i]) { - zap(key->key_data_contents[i], key->key_data_length[i]); - free(key->key_data_contents[i]); + if (key) { + idx = (key->key_data_ver == 1 ? 1 : 2); + for (i = 0; i < idx; i++) { + if (key->key_data_contents[i]) { + zap(key->key_data_contents[i], key->key_data_length[i]); + free(key->key_data_contents[i]); + } } } return; @@ -2383,6 +2385,7 @@ if (new_data->latest_mkey.key_data_contents[0] == NULL) { krb5_dbe_free_mkey_aux_list(context, head_data); + free(new_data); return (ENOMEM); } memcpy(new_data->latest_mkey.key_data_contents[0], curloc, Modified: branches/krb5-1-7/src/lib/kdb/kdb_default.c =================================================================== --- branches/krb5-1-7/src/lib/kdb/kdb_default.c 2009-02-19 00:35:36 UTC (rev 22025) +++ branches/krb5-1-7/src/lib/kdb/kdb_default.c 2009-02-19 00:35:56 UTC (rev 22026) @@ -516,13 +516,14 @@ krb5_keyblock cur_mkey; krb5_keylist_node *mkey_list_head = NULL, **mkey_list_node; krb5_key_data *key_data; - krb5_mkey_aux_node *mkey_aux_data_list, *aux_data_entry; + krb5_mkey_aux_node *mkey_aux_data_list = NULL, *aux_data_entry; int i; if (mkeys_list == NULL) return (EINVAL); memset(&cur_mkey, 0, sizeof(cur_mkey)); + memset(&master_entry, 0, sizeof(master_entry)); nprinc = 1; if ((retval = krb5_db_get_principal(context, mprinc, @@ -645,6 +646,7 @@ clean_n_exit: krb5_db_free_principal(context, &master_entry, nprinc); + krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_list); if (retval != 0) krb5_dbe_free_key_list(context, mkey_list_head); return retval; From tlyu at MIT.EDU Wed Feb 18 19:36:07 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 19:36:07 -0500 Subject: svn rev #22027: branches/krb5-1-7/src/lib/krb5/krb/ Message-ID: <200902190036.n1J0a7rC020367@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22027 Commit By: tlyu Log Message: ticket: 6372 version_fixed: 1.7 status: resolved pull up r21901 from trunk ------------------------------------------------------------------------ r21901 | ghudson | 2009-02-05 16:27:54 -0500 (Thu, 05 Feb 2009) | 8 lines Changed paths: M /trunk/src/lib/krb5/krb/mk_req_ext.c ticket: 6372 subject: Fix memory handling bug in mk_req_ext tags: pullup target_version: 1.7 In make_etype_list, assign *authdata before we have a chance to fail, since we may have invalidated the previous value with realloc. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/lib/krb5/krb/mk_req_ext.c Modified: branches/krb5-1-7/src/lib/krb5/krb/mk_req_ext.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/mk_req_ext.c 2009-02-19 00:35:56 UTC (rev 22026) +++ branches/krb5-1-7/src/lib/krb5/krb/mk_req_ext.c 2009-02-19 00:36:07 UTC (rev 22027) @@ -391,6 +391,7 @@ krb5_free_data(context, ad_if_relevant); return ENOMEM; } + *authdata = adata; adata[i] = (krb5_authdata *)malloc(sizeof(krb5_authdata)); if (adata[i] == NULL) { @@ -405,8 +406,6 @@ adata[i + 1] = NULL; - *authdata = adata; - return 0; } From tlyu at MIT.EDU Wed Feb 18 19:36:52 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 19:36:52 -0500 Subject: svn rev #22030: branches/krb5-1-7/src/lib/krb5/krb/ Message-ID: <200902190036.n1J0aqgU020495@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22030 Commit By: tlyu Log Message: ticket: 6375 version_fixed: 1.7 status: resolved pull up r21909 from trunk ------------------------------------------------------------------------ r21909 | ghudson | 2009-02-06 13:40:04 -0500 (Fri, 06 Feb 2009) | 9 lines Changed paths: M /trunk/src/lib/krb5/krb/walk_rtree.c ticket: 6375 subject: Fix error handling in krb5_walk_realm_tree tags: pullup target_version: 1.7 rtree_hier_realms was forgetting to assign the return value of krb5int_copy_data_contents to retval, which would cause a failure to notice out-of-memory conditions. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c Modified: branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c 2009-02-19 00:36:31 UTC (rev 22029) +++ branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c 2009-02-19 00:36:51 UTC (rev 22030) @@ -389,7 +389,7 @@ } /* Copy server realm "tweens" backward. */ for (twp = &stweens[nstween]; twp-- > stweens;) { - krb5int_copy_data_contents(context, twp, rp++); + retval = krb5int_copy_data_contents(context, twp, rp++); if (retval) goto error; } error: From tlyu at MIT.EDU Wed Feb 18 19:36:32 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 19:36:32 -0500 Subject: svn rev #22029: branches/krb5-1-7/src/lib/kadm5/ Message-ID: <200902190036.n1J0aWdw020458@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22029 Commit By: tlyu Log Message: ticket: 6374 version_fixed: 1.7 status: resolved pull up r21906 from trunk ------------------------------------------------------------------------ r21906 | epeisach | 2009-02-06 00:22:34 -0500 (Fri, 06 Feb 2009) | 12 lines Changed paths: M /trunk/src/lib/kadm5/kadm_rpc_xdr.c ticket: 6374 subject: Do not assume sizeof(bool_t) == sizeof(krb5_boolean) bool_t is defined as int, krb5_boolean as unsigned int. These are similar size but someone someday might change the krb5_boolean. Instead of passing a krb5_boolean * to xdr_bool, implement xdr_krb5_boolean which keeps the different types separate. This cleans up a number of warnings. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/lib/kadm5/kadm_rpc_xdr.c Modified: branches/krb5-1-7/src/lib/kadm5/kadm_rpc_xdr.c =================================================================== --- branches/krb5-1-7/src/lib/kadm5/kadm_rpc_xdr.c 2009-02-19 00:36:22 UTC (rev 22028) +++ branches/krb5-1-7/src/lib/kadm5/kadm_rpc_xdr.c 2009-02-19 00:36:31 UTC (rev 22029) @@ -220,6 +220,29 @@ +static bool_t xdr_krb5_boolean(XDR *xdrs, krb5_boolean *kbool) +{ + bool_t val; + + switch (xdrs->x_op) { + case XDR_DECODE: + if (!xdr_bool(xdrs, &val)) + return FALSE; + + *kbool = (val == FALSE) ? FALSE : TRUE; + return TRUE; + + case XDR_ENCODE: + val = *kbool ? TRUE : FALSE; + return xdr_bool(xdrs, &val); + + case XDR_FREE: + return TRUE; + } + + return FALSE; +} + bool_t xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp) { /* @@ -655,7 +678,7 @@ if (!xdr_krb5_principal(xdrs, &objp->princ)) { return (FALSE); } - if (!xdr_bool(xdrs, &objp->keepold)) { + if (!xdr_krb5_boolean(xdrs, &objp->keepold)) { return (FALSE); } if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple, @@ -715,7 +738,7 @@ if (!xdr_krb5_principal(xdrs, &objp->princ)) { return (FALSE); } - if (!xdr_bool(xdrs, &objp->keepold)) { + if (!xdr_krb5_boolean(xdrs, &objp->keepold)) { return (FALSE); } if (!xdr_array(xdrs, (caddr_t *) &objp->ks_tuple, @@ -752,7 +775,7 @@ if (!xdr_krb5_principal(xdrs, &objp->princ)) { return (FALSE); } - if (!xdr_bool(xdrs, &objp->keepold)) { + if (!xdr_krb5_boolean(xdrs, &objp->keepold)) { return (FALSE); } if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple, From tlyu at MIT.EDU Wed Feb 18 19:36:23 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 19:36:23 -0500 Subject: svn rev #22028: branches/krb5-1-7/src/lib/gssapi/krb5/ Message-ID: <200902190036.n1J0aNRZ020404@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22028 Commit By: tlyu Log Message: ticket: 6373 version_fixed: 1.7 status: resolved pull up r21903 from trunk ------------------------------------------------------------------------ r21903 | raeburn | 2009-02-05 20:07:32 -0500 (Thu, 05 Feb 2009) | 7 lines Changed paths: M /trunk/src/lib/gssapi/krb5/krb5_gss_glue.c ticket: 6373 subject: remove some redundant or useless qualifiers target_version: 1.7 tags: pullup Remove some redundant qualifiers specified redundantly multiple times more than once in variable declarations. Also remove some useless qualifiers in casts and function argument declarations. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/lib/gssapi/krb5/krb5_gss_glue.c Modified: branches/krb5-1-7/src/lib/gssapi/krb5/krb5_gss_glue.c =================================================================== --- branches/krb5-1-7/src/lib/gssapi/krb5/krb5_gss_glue.c 2009-02-19 00:36:07 UTC (rev 22027) +++ branches/krb5-1-7/src/lib/gssapi/krb5/krb5_gss_glue.c 2009-02-19 00:36:22 UTC (rev 22028) @@ -60,7 +60,7 @@ gss_ctx_id_t context_handle, krb5_flags *ticket_flags) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH, GSS_KRB5_GET_TKT_FLAGS_OID }; OM_uint32 major_status; @@ -71,7 +71,7 @@ major_status = gss_inquire_sec_context_by_oid(minor_status, context_handle, - (const gss_OID)&req_oid, + (gss_OID)&req_oid, &data_set); if (major_status != GSS_S_COMPLETE) return major_status; @@ -98,7 +98,7 @@ gss_cred_id_t cred_handle, krb5_ccache out_ccache) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_COPY_CCACHE_OID_LENGTH, GSS_KRB5_COPY_CCACHE_OID }; OM_uint32 major_status; @@ -112,7 +112,7 @@ major_status = gssspi_set_cred_option(minor_status, cred_handle, - (const gss_OID)&req_oid, + (gss_OID)&req_oid, &req_buffer); return major_status; @@ -180,7 +180,7 @@ OM_uint32 num_ktypes, krb5_enctype *ktypes) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID }; OM_uint32 major_status; @@ -195,7 +195,7 @@ major_status = gssspi_set_cred_option(minor_status, cred, - (const gss_OID)&req_oid, + (gss_OID)&req_oid, &req_buffer); return major_status; @@ -207,7 +207,7 @@ const char *name, const char **out_name) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_CCACHE_NAME_OID_LENGTH, GSS_KRB5_CCACHE_NAME_OID }; OM_uint32 major_status; @@ -221,8 +221,8 @@ req_buffer.value = &req; major_status = gssspi_mech_invoke(minor_status, - (const gss_OID)gss_mech_krb5, - (const gss_OID)&req_oid, + (gss_OID)gss_mech_krb5, + (gss_OID)&req_oid, &req_buffer); return major_status; @@ -233,7 +233,7 @@ OM_uint32 *minor_status, void *kctx) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID }; OM_uint32 major_status; @@ -243,8 +243,8 @@ req_buffer.value = kctx; major_status = gssspi_mech_invoke(minor_status, - (const gss_OID)gss_mech_krb5, - (const gss_OID)&req_oid, + (gss_OID)gss_mech_krb5, + (gss_OID)&req_oid, &req_buffer); return major_status; @@ -253,7 +253,7 @@ OM_uint32 KRB5_CALLCONV krb5_gss_register_acceptor_identity(const char *keytab) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID }; OM_uint32 major_status; @@ -264,8 +264,8 @@ req_buffer.value = (char *)keytab; major_status = gssspi_mech_invoke(&minor_status, - (const gss_OID)gss_mech_krb5, - (const gss_OID)&req_oid, + (gss_OID)gss_mech_krb5, + (gss_OID)&req_oid, &req_buffer); return major_status; @@ -274,7 +274,7 @@ krb5_error_code krb5_gss_use_kdc_context(void) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, GSS_KRB5_USE_KDC_CONTEXT_OID }; OM_uint32 major_status; @@ -286,8 +286,8 @@ req_buffer.value = NULL; major_status = gssspi_mech_invoke(&minor_status, - (const gss_OID)gss_mech_krb5, - (const gss_OID)&req_oid, + (gss_OID)gss_mech_krb5, + (gss_OID)&req_oid, &req_buffer); if (major_status != GSS_S_COMPLETE) { @@ -308,7 +308,7 @@ OM_uint32 KRB5_CALLCONV gsskrb5_extract_authz_data_from_sec_context( OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, + gss_ctx_id_t context_handle, int ad_type, gss_buffer_t ad_data) { @@ -333,7 +333,7 @@ major_status = gss_inquire_sec_context_by_oid(minor_status, context_handle, - (const gss_OID)&req_oid, + (gss_OID)&req_oid, &data_set); if (major_status != GSS_S_COMPLETE) { return major_status; @@ -363,7 +363,7 @@ gss_cred_id_t cred, krb5_rcache rcache) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH, GSS_KRB5_SET_CRED_RCACHE_OID }; OM_uint32 major_status; @@ -374,7 +374,7 @@ major_status = gssspi_set_cred_option(minor_status, cred, - (const gss_OID)&req_oid, + (gss_OID)&req_oid, &req_buffer); return major_status; @@ -385,7 +385,7 @@ gss_ctx_id_t context_handle, krb5_timestamp *authtime) { - static const gss_OID_desc const req_oid = { + static const gss_OID_desc req_oid = { GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID }; OM_uint32 major_status; @@ -396,7 +396,7 @@ major_status = gss_inquire_sec_context_by_oid(minor_status, context_handle, - (const gss_OID)&req_oid, + (gss_OID)&req_oid, &data_set); if (major_status != GSS_S_COMPLETE) return major_status; From tlyu at MIT.EDU Wed Feb 18 19:37:17 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 19:37:17 -0500 Subject: svn rev #22032: branches/krb5-1-7/src/lib/krb5/ krb/ os/ Message-ID: <200902190037.n1J0bH3P020589@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22032 Commit By: tlyu Log Message: ticket: 6377 version_fixed: 1.7 status: resolved pull up r21920, r21922, r21926 from trunk ------------------------------------------------------------------------ r21926 | raeburn | 2009-02-09 15:39:54 -0500 (Mon, 09 Feb 2009) | 7 lines Changed paths: M /trunk/src/lib/krb5/krb/kfree.c ticket: 6377 Fix one more case of an explicit null check before calling a free function that does the null check. Also, use krb5_free_keyblock_contents instead of open-coding all the work (and not trying hard enough to clear the memory). ------------------------------------------------------------------------ r21922 | raeburn | 2009-02-09 13:13:08 -0500 (Mon, 09 Feb 2009) | 3 lines Changed paths: M /trunk/src/lib/krb5/os/free_krbhs.c ticket: 6377 Provide omitted return value in last change. ------------------------------------------------------------------------ r21920 | raeburn | 2009-02-09 12:53:21 -0500 (Mon, 09 Feb 2009) | 8 lines Changed paths: M /trunk/src/lib/krb5/krb/free_rtree.c M /trunk/src/lib/krb5/krb/init_ctx.c M /trunk/src/lib/krb5/krb/kfree.c M /trunk/src/lib/krb5/krb/preauth2.c M /trunk/src/lib/krb5/os/free_krbhs.c M /trunk/src/lib/krb5/os/promptusr.c ticket: 6377 subject: make krb5_free_* functions ignore NULL This makes them safer to call in various contexts where NULL may leak through, and makes analysis easier. Also, remove some checks for NULL before calling a free routine that will also check for NULL. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/lib/krb5/krb/free_rtree.c U branches/krb5-1-7/src/lib/krb5/krb/init_ctx.c U branches/krb5-1-7/src/lib/krb5/krb/kfree.c U branches/krb5-1-7/src/lib/krb5/krb/preauth2.c U branches/krb5-1-7/src/lib/krb5/os/free_krbhs.c U branches/krb5-1-7/src/lib/krb5/os/promptusr.c Modified: branches/krb5-1-7/src/lib/krb5/krb/free_rtree.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/free_rtree.c 2009-02-19 00:37:02 UTC (rev 22031) +++ branches/krb5-1-7/src/lib/krb5/krb/free_rtree.c 2009-02-19 00:37:16 UTC (rev 22032) @@ -33,6 +33,8 @@ krb5_free_realm_tree(krb5_context context, krb5_principal *realms) { register krb5_principal *nrealms = realms; + if (realms == NULL) + return; while (*nrealms) { krb5_free_principal(context, *nrealms); nrealms++; Modified: branches/krb5-1-7/src/lib/krb5/krb/init_ctx.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/init_ctx.c 2009-02-19 00:37:02 UTC (rev 22031) +++ branches/krb5-1-7/src/lib/krb5/krb/init_ctx.c 2009-02-19 00:37:16 UTC (rev 22032) @@ -254,23 +254,16 @@ void KRB5_CALLCONV krb5_free_context(krb5_context ctx) { + if (ctx == NULL) + return; krb5_os_free_context(ctx); - if (ctx->in_tkt_ktypes) { - free(ctx->in_tkt_ktypes); - ctx->in_tkt_ktypes = 0; - } - - if (ctx->tgs_ktypes) { - free(ctx->tgs_ktypes); - ctx->tgs_ktypes = 0; - } - - if (ctx->default_realm) { - free(ctx->default_realm); - ctx->default_realm = 0; - } - + free(ctx->in_tkt_ktypes); + ctx->in_tkt_ktypes = 0; + free(ctx->tgs_ktypes); + ctx->tgs_ktypes = 0; + free(ctx->default_realm); + ctx->default_realm = 0; if (ctx->ser_ctx_count && ctx->ser_ctx) { free(ctx->ser_ctx); ctx->ser_ctx = 0; Modified: branches/krb5-1-7/src/lib/krb5/krb/kfree.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/kfree.c 2009-02-19 00:37:02 UTC (rev 22031) +++ branches/krb5-1-7/src/lib/krb5/krb/kfree.c 2009-02-19 00:37:16 UTC (rev 22032) @@ -1,7 +1,7 @@ /* * lib/krb5/free/f_addr.c * - * Copyright 1990-1998 by the Massachusetts Institute of Technology. + * Copyright 1990-1998, 2009 by the Massachusetts Institute of Technology. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -58,8 +58,9 @@ void KRB5_CALLCONV krb5_free_address(krb5_context context, krb5_address *val) { - if (val->contents) - free(val->contents); + if (val == NULL) + return; + free(val->contents); free(val); } @@ -68,9 +69,10 @@ { register krb5_address **temp; + if (val == NULL) + return; for (temp = val; *temp; temp++) { - if ((*temp)->contents) - free((*temp)->contents); + free((*temp)->contents); free(*temp); } free(val); @@ -80,48 +82,44 @@ void KRB5_CALLCONV krb5_free_ap_rep(krb5_context context, register krb5_ap_rep *val) { - if (val->enc_part.ciphertext.data) - free(val->enc_part.ciphertext.data); + if (val == NULL) + return; + free(val->enc_part.ciphertext.data); free(val); } void KRB5_CALLCONV krb5_free_ap_req(krb5_context context, register krb5_ap_req *val) { - if (val->ticket) - krb5_free_ticket(context, val->ticket); - if (val->authenticator.ciphertext.data) - free(val->authenticator.ciphertext.data); + if (val == NULL) + return; + krb5_free_ticket(context, val->ticket); + free(val->authenticator.ciphertext.data); free(val); } void KRB5_CALLCONV krb5_free_ap_rep_enc_part(krb5_context context, krb5_ap_rep_enc_part *val) { - if (val->subkey) - krb5_free_keyblock(context, val->subkey); + if (val == NULL) + return; + krb5_free_keyblock(context, val->subkey); free(val); } void KRB5_CALLCONV krb5_free_authenticator_contents(krb5_context context, krb5_authenticator *val) { - if (val->checksum) { - krb5_free_checksum(context, val->checksum); - val->checksum = 0; - } - if (val->client) { - krb5_free_principal(context, val->client); - val->client = 0; - } - if (val->subkey) { - krb5_free_keyblock(context, val->subkey); - val->subkey = 0; - } - if (val->authorization_data) { - krb5_free_authdata(context, val->authorization_data); - val->authorization_data = 0; - } + if (val == NULL) + return; + krb5_free_checksum(context, val->checksum); + val->checksum = 0; + krb5_free_principal(context, val->client); + val->client = 0; + krb5_free_keyblock(context, val->subkey); + val->subkey = 0; + krb5_free_authdata(context, val->authorization_data); + val->authorization_data = 0; } void KRB5_CALLCONV @@ -129,9 +127,10 @@ { register krb5_authdata **temp; + if (val == NULL) + return; for (temp = val; *temp; temp++) { - if ((*temp)->contents) - free((*temp)->contents); + free((*temp)->contents); free(*temp); } free(val); @@ -140,6 +139,8 @@ void KRB5_CALLCONV krb5_free_authenticator(krb5_context context, krb5_authenticator *val) { + if (val == NULL) + return; krb5_free_authenticator_contents(context, val); free(val); } @@ -147,6 +148,8 @@ void KRB5_CALLCONV krb5_free_checksum(krb5_context context, register krb5_checksum *val) { + if (val == NULL) + return; krb5_free_checksum_contents(context, val); free(val); } @@ -154,19 +157,19 @@ void KRB5_CALLCONV krb5_free_checksum_contents(krb5_context context, register krb5_checksum *val) { - if (val->contents) { - free(val->contents); - val->contents = 0; - } + if (val == NULL) + return; + free(val->contents); + val->contents = 0; } void KRB5_CALLCONV krb5_free_cred(krb5_context context, register krb5_cred *val) { - if (val->tickets) - krb5_free_tickets(context, val->tickets); - if (val->enc_part.ciphertext.data) - free(val->enc_part.ciphertext.data); + if (val == NULL) + return; + krb5_free_tickets(context, val->tickets); + free(val->enc_part.ciphertext.data); free(val); } @@ -178,35 +181,21 @@ void KRB5_CALLCONV krb5_free_cred_contents(krb5_context context, krb5_creds *val) { - if (val->client) { - krb5_free_principal(context, val->client); - val->client = 0; - } - if (val->server) { - krb5_free_principal(context, val->server); - val->server = 0; - } - if (val->keyblock.contents) { - memset((char *)val->keyblock.contents, 0, val->keyblock.length); - free(val->keyblock.contents); - val->keyblock.contents = 0; - } - if (val->ticket.data) { - free(val->ticket.data); - val->ticket.data = 0; - } - if (val->second_ticket.data) { - free(val->second_ticket.data); - val->second_ticket.data = 0; - } - if (val->addresses) { - krb5_free_addresses(context, val->addresses); - val->addresses = 0; - } - if (val->authdata) { - krb5_free_authdata(context, val->authdata); - val->authdata = 0; - } + if (val == NULL) + return; + krb5_free_principal(context, val->client); + val->client = 0; + krb5_free_principal(context, val->server); + val->server = 0; + krb5_free_keyblock_contents(context, &val->keyblock); + free(val->ticket.data); + val->ticket.data = 0; + free(val->second_ticket.data); + val->second_ticket.data = 0; + krb5_free_addresses(context, val->addresses); + val->addresses = 0; + krb5_free_authdata(context, val->authdata); + val->authdata = 0; } void KRB5_CALLCONV @@ -214,26 +203,20 @@ { register krb5_cred_info **temp; - if (val->r_address) { - krb5_free_address(context, val->r_address); - val->r_address = 0; - } - if (val->s_address) { - krb5_free_address(context, val->s_address); - val->s_address = 0; - } + if (val == NULL) + return; + krb5_free_address(context, val->r_address); + val->r_address = 0; + krb5_free_address(context, val->s_address); + val->s_address = 0; if (val->ticket_info) { for (temp = val->ticket_info; *temp; temp++) { - if ((*temp)->session) - krb5_free_keyblock(context, (*temp)->session); - if ((*temp)->client) - krb5_free_principal(context, (*temp)->client); - if ((*temp)->server) - krb5_free_principal(context, (*temp)->server); - if ((*temp)->caddrs) - krb5_free_addresses(context, (*temp)->caddrs); - free((*temp)); + krb5_free_keyblock(context, (*temp)->session); + krb5_free_principal(context, (*temp)->client); + krb5_free_principal(context, (*temp)->server); + krb5_free_addresses(context, (*temp)->caddrs); + free(*temp); } free(val->ticket_info); val->ticket_info = 0; @@ -244,6 +227,8 @@ void KRB5_CALLCONV krb5_free_creds(krb5_context context, krb5_creds *val) { + if (val == NULL) + return; krb5_free_cred_contents(context, val); free(val); } @@ -252,14 +237,17 @@ void KRB5_CALLCONV krb5_free_data(krb5_context context, krb5_data *val) { - if (val->data) - free(val->data); + if (val == NULL) + return; + free(val->data); free(val); } void KRB5_CALLCONV krb5_free_data_contents(krb5_context context, krb5_data *val) { + if (val == NULL) + return; if (val->data) { free(val->data); val->data = 0; @@ -268,45 +256,41 @@ void krb5_free_etype_info(krb5_context context, krb5_etype_info info) { - int i; + int i; - for(i=0; info[i] != NULL; i++) { - if (info[i]->salt) - free(info[i]->salt); - krb5_free_data_contents( context, &info[i]->s2kparams); - free(info[i]); - } - free(info); + if (info == NULL) + return; + for (i=0; info[i] != NULL; i++) { + free(info[i]->salt); + krb5_free_data_contents(context, &info[i]->s2kparams); + free(info[i]); + } + free(info); } void KRB5_CALLCONV krb5_free_enc_kdc_rep_part(krb5_context context, register krb5_enc_kdc_rep_part *val) { - if (val->session) - krb5_free_keyblock(context, val->session); - if (val->last_req) - krb5_free_last_req(context, val->last_req); - if (val->server) - krb5_free_principal(context, val->server); - if (val->caddrs) - krb5_free_addresses(context, val->caddrs); + if (val == NULL) + return; + krb5_free_keyblock(context, val->session); + krb5_free_last_req(context, val->last_req); + krb5_free_principal(context, val->server); + krb5_free_addresses(context, val->caddrs); free(val); } void KRB5_CALLCONV krb5_free_enc_tkt_part(krb5_context context, krb5_enc_tkt_part *val) { - if (val->session) - krb5_free_keyblock(context, val->session); - if (val->client) - krb5_free_principal(context, val->client); - if (val->transited.tr_contents.data) - free(val->transited.tr_contents.data); - if (val->caddrs) - krb5_free_addresses(context, val->caddrs); - if (val->authorization_data) - krb5_free_authdata(context, val->authorization_data); + if (val == NULL) + return; + krb5_free_keyblock(context, val->session); + krb5_free_principal(context, val->client); + free(val->transited.tr_contents.data); + krb5_free_addresses(context, val->caddrs); + krb5_free_authdata(context, val->authorization_data); free(val); } @@ -314,30 +298,25 @@ void KRB5_CALLCONV krb5_free_error(krb5_context context, register krb5_error *val) { - if (val->client) - krb5_free_principal(context, val->client); - if (val->server) - krb5_free_principal(context, val->server); - if (val->text.data) - free(val->text.data); - if (val->e_data.data) - free(val->e_data.data); + if (val == NULL) + return; + krb5_free_principal(context, val->client); + krb5_free_principal(context, val->server); + free(val->text.data); + free(val->e_data.data); free(val); } void KRB5_CALLCONV krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *val) { - if (val->padata) - krb5_free_pa_data(context, val->padata); - if (val->client) - krb5_free_principal(context, val->client); - if (val->ticket) - krb5_free_ticket(context, val->ticket); - if (val->enc_part.ciphertext.data) - free(val->enc_part.ciphertext.data); - if (val->enc_part2) - krb5_free_enc_kdc_rep_part(context, val->enc_part2); + if (val == NULL) + return; + krb5_free_pa_data(context, val->padata); + krb5_free_principal(context, val->client); + krb5_free_ticket(context, val->ticket); + free(val->enc_part.ciphertext.data); + krb5_free_enc_kdc_rep_part(context, val->enc_part2); free(val); } @@ -345,22 +324,16 @@ void KRB5_CALLCONV krb5_free_kdc_req(krb5_context context, krb5_kdc_req *val) { - if (val->padata) - krb5_free_pa_data(context, val->padata); - if (val->client) - krb5_free_principal(context, val->client); - if (val->server) - krb5_free_principal(context, val->server); - if (val->ktype) - free(val->ktype); - if (val->addresses) - krb5_free_addresses(context, val->addresses); - if (val->authorization_data.ciphertext.data) - free(val->authorization_data.ciphertext.data); - if (val->unenc_authdata) - krb5_free_authdata(context, val->unenc_authdata); - if (val->second_ticket) - krb5_free_tickets(context, val->second_ticket); + if (val == NULL) + return; + krb5_free_pa_data(context, val->padata); + krb5_free_principal(context, val->client); + krb5_free_principal(context, val->server); + free(val->ktype); + krb5_free_addresses(context, val->addresses); + free(val->authorization_data.ciphertext.data); + krb5_free_authdata(context, val->unenc_authdata); + krb5_free_tickets(context, val->second_ticket); free(val); } @@ -383,6 +356,8 @@ { register krb5_last_req_entry **temp; + if (val == NULL) + return; for (temp = val; *temp; temp++) free(*temp); free(val); @@ -393,9 +368,10 @@ { register krb5_pa_data **temp; + if (val == NULL) + return; for (temp = val; *temp; temp++) { - if ((*temp)->contents) - free((*temp)->contents); + free((*temp)->contents); free(*temp); } free(val); @@ -415,36 +391,36 @@ free(krb5_princ_component(context, val, i)->data); free(val->data); } - if (val->realm.data) - free(val->realm.data); + free(val->realm.data); free(val); } void KRB5_CALLCONV krb5_free_priv(krb5_context context, register krb5_priv *val) { - if (val->enc_part.ciphertext.data) - free(val->enc_part.ciphertext.data); + if (val == NULL) + return; + free(val->enc_part.ciphertext.data); free(val); } void KRB5_CALLCONV krb5_free_priv_enc_part(krb5_context context, register krb5_priv_enc_part *val) { - if (val->user_data.data) - free(val->user_data.data); - if (val->r_address) - krb5_free_address(context, val->r_address); - if (val->s_address) - krb5_free_address(context, val->s_address); + if (val == NULL) + return; + free(val->user_data.data); + krb5_free_address(context, val->r_address); + krb5_free_address(context, val->s_address); free(val); } void KRB5_CALLCONV krb5_free_pwd_data(krb5_context context, krb5_pwd_data *val) { - if (val->element) - krb5_free_pwd_sequences(context, val->element); + if (val == NULL) + return; + krb5_free_pwd_sequences(context, val->element); free(val); } @@ -454,15 +430,13 @@ { register passwd_phrase_element **temp; + if (val == NULL) + return; for (temp = val; *temp; temp++) { - if ((*temp)->passwd) { - krb5_free_data(context, (*temp)->passwd); - (*temp)->passwd = 0; - } - if ((*temp)->phrase) { - krb5_free_data(context, (*temp)->phrase); - (*temp)->phrase = 0; - } + krb5_free_data(context, (*temp)->passwd); + (*temp)->passwd = 0; + krb5_free_data(context, (*temp)->phrase); + (*temp)->phrase = 0; free(*temp); } free(val); @@ -472,14 +446,12 @@ void KRB5_CALLCONV krb5_free_safe(krb5_context context, register krb5_safe *val) { - if (val->user_data.data) - free(val->user_data.data); - if (val->r_address) - krb5_free_address(context, val->r_address); - if (val->s_address) - krb5_free_address(context, val->s_address); - if (val->checksum) - krb5_free_checksum(context, val->checksum); + if (val == NULL) + return; + free(val->user_data.data); + krb5_free_address(context, val->r_address); + krb5_free_address(context, val->s_address); + krb5_free_checksum(context, val->checksum); free(val); } @@ -487,12 +459,11 @@ void KRB5_CALLCONV krb5_free_ticket(krb5_context context, krb5_ticket *val) { - if (val->server) - krb5_free_principal(context, val->server); - if (val->enc_part.ciphertext.data) - free(val->enc_part.ciphertext.data); - if (val->enc_part2) - krb5_free_enc_tkt_part(context, val->enc_part2); + if (val == NULL) + return; + krb5_free_principal(context, val->server); + free(val->enc_part.ciphertext.data); + krb5_free_enc_tkt_part(context, val->enc_part2); free(val); } @@ -501,6 +472,8 @@ { register krb5_ticket **temp; + if (val == NULL) + return; for (temp = val; *temp; temp++) krb5_free_ticket(context, *temp); free(val); @@ -511,6 +484,8 @@ krb5_free_tgt_creds(krb5_context context, krb5_creds **tgts) { register krb5_creds **tgtpp; + if (tgts == NULL) + return; for (tgtpp = tgts; *tgtpp; tgtpp++) krb5_free_creds(context, *tgtpp); free(tgts); @@ -519,18 +494,17 @@ void KRB5_CALLCONV krb5_free_tkt_authent(krb5_context context, krb5_tkt_authent *val) { - if (val->ticket) - krb5_free_ticket(context, val->ticket); - if (val->authenticator) - krb5_free_authenticator(context, val->authenticator); + if (val == NULL) + return; + krb5_free_ticket(context, val->ticket); + krb5_free_authenticator(context, val->authenticator); free(val); } void KRB5_CALLCONV krb5_free_unparsed_name(krb5_context context, char *val) { - if (val) - free(val); + free(val); } void KRB5_CALLCONV @@ -568,10 +542,8 @@ krb5_free_data_contents(ctx, &sc->sam_response_prompt); if (sc->sam_pk_for_sad.data) krb5_free_data_contents(ctx, &sc->sam_pk_for_sad); - if (sc->sam_cksum.contents) { - free(sc->sam_cksum.contents); - sc->sam_cksum.contents = 0; - } + free(sc->sam_cksum.contents); + sc->sam_cksum.contents = 0; } void KRB5_CALLCONV @@ -685,10 +657,8 @@ return; if (psr->sam_key.contents) krb5_free_keyblock_contents(ctx, &psr->sam_key); - if (psr->client) { - krb5_free_principal(ctx, psr->client); - psr->client = 0; - } + krb5_free_principal(ctx, psr->client); + psr->client = 0; if (psr->msd.data) krb5_free_data_contents(ctx, &psr->msd); } @@ -746,10 +716,8 @@ { if (req == NULL) return; - if (req->user != NULL) { - krb5_free_principal(context, req->user); - req->user = NULL; - } + krb5_free_principal(context, req->user); + req->user = NULL; krb5_free_checksum_contents(context, &req->cksum); krb5_free_data_contents(context, &req->auth_package); free(req); @@ -761,18 +729,12 @@ { if (ref == NULL) return; - if (ref->referred_realm) { - krb5_free_data(context, ref->referred_realm); - ref->referred_realm = NULL; - } - if (ref->true_principal_name != NULL) { - krb5_free_principal(context, ref->true_principal_name); - ref->true_principal_name = NULL; - } - if (ref->requested_principal_name != NULL) { - krb5_free_principal(context, ref->requested_principal_name); - ref->requested_principal_name = NULL; - } + krb5_free_data(context, ref->referred_realm); + ref->referred_realm = NULL; + krb5_free_principal(context, ref->true_principal_name); + ref->true_principal_name = NULL; + krb5_free_principal(context, ref->requested_principal_name); + ref->requested_principal_name = NULL; krb5_free_checksum_contents(context, &ref->rep_cksum); free(ref); } @@ -783,10 +745,8 @@ { if (ref == NULL) return; - if (ref->principal != NULL) { - krb5_free_principal(context, ref->principal); - ref->principal = NULL; - } + krb5_free_principal(context, ref->principal); + ref->principal = NULL; free(ref); } @@ -794,8 +754,6 @@ krb5_free_pa_pac_req(krb5_context context, krb5_pa_pac_req *req) { - if (req == NULL) - return; free(req); } @@ -804,8 +762,7 @@ krb5_etype_list *etypes) { if (etypes != NULL) { - if (etypes->etypes != NULL) - free(etypes->etypes); + free(etypes->etypes); free(etypes); } } Modified: branches/krb5-1-7/src/lib/krb5/krb/preauth2.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/preauth2.c 2009-02-19 00:37:02 UTC (rev 22031) +++ branches/krb5-1-7/src/lib/krb5/krb/preauth2.c 2009-02-19 00:37:16 UTC (rev 22032) @@ -273,7 +273,7 @@ { int i; void *pctx; - if (context->preauth_context != NULL) { + if (context && context->preauth_context != NULL) { for (i = 0; i < context->preauth_context->n_modules; i++) { pctx = context->preauth_context->modules[i].plugin_context; if (context->preauth_context->modules[i].client_fini != NULL) { Modified: branches/krb5-1-7/src/lib/krb5/os/free_krbhs.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/os/free_krbhs.c 2009-02-19 00:37:02 UTC (rev 22031) +++ branches/krb5-1-7/src/lib/krb5/os/free_krbhs.c 2009-02-19 00:37:16 UTC (rev 22032) @@ -38,6 +38,8 @@ { register char * const *cp; + if (hostlist == NULL) + return 0; for (cp = hostlist; *cp; cp++) free(*cp); free((char *)hostlist); Modified: branches/krb5-1-7/src/lib/krb5/os/promptusr.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/os/promptusr.c 2009-02-19 00:37:02 UTC (rev 22031) +++ branches/krb5-1-7/src/lib/krb5/os/promptusr.c 2009-02-19 00:37:16 UTC (rev 22032) @@ -126,6 +126,8 @@ { krb5_uio p, next; + if (uio == NULL) + return; for (p = uio; p; p = next) { next = p->next; if (p->prompt && (p->flags & KRB5_UIO_FREE_PROMPT)) From tlyu at MIT.EDU Wed Feb 18 19:37:03 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 19:37:03 -0500 Subject: svn rev #22031: branches/krb5-1-7/src/lib/krb5/krb/ Message-ID: <200902190037.n1J0b3KU020550@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22031 Commit By: tlyu Log Message: ticket: 6376 version_fixed: 1.7 status: resolved pull up r21912 from trunk ------------------------------------------------------------------------ r21912 | ghudson | 2009-02-06 15:43:44 -0500 (Fri, 06 Feb 2009) | 10 lines Changed paths: M /trunk/src/lib/krb5/krb/walk_rtree.c ticket: 6376 subject: Memory handling fixes in walk_rtree tags: pullup target_version: 1.7 In walk_rtree's rtree_hier_tree, don't leak the result of rtree_hier_realms. In rtree_hier_realms, avoid freeing one too many krb5_data contents on allocation failure, and use the recommend pattern to ensure well-defined output parameter values. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c Modified: branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c 2009-02-19 00:36:51 UTC (rev 22030) +++ branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c 2009-02-19 00:37:02 UTC (rev 22031) @@ -74,6 +74,12 @@ size_t *nrealms, int sep); +static void +free_realmlist( + krb5_context context, + krb5_data *realms, + size_t nrealms); + static krb5_error_code rtree_hier_tweens( krb5_context context, @@ -333,12 +339,14 @@ srcrealm = dstrealm; } *rettree = tree; + free_realmlist(context, realms, nrealms); return 0; error: while (pprinc != NULL && pprinc > tree) { krb5_free_principal(context, *--pprinc); *pprinc = NULL; } + free_realmlist(context, realms, nrealms); free(tree); return retval; } @@ -360,6 +368,9 @@ krb5_data *ctweens, *stweens, *twp, *r, *rp; size_t nctween, nstween; + *realms = NULL; + *nrealms = 0; + r = rp = NULL; c.str = client->data; c.len = client->length; @@ -376,37 +387,48 @@ retval = rtree_hier_tweens(context, &s, &stweens, &nstween, 0, sep); if (retval) goto error; - *nrealms = nctween + nstween; - rp = r = calloc(*nrealms, sizeof(krb5_data)); + rp = r = calloc(nctween + nstween, sizeof(krb5_data)); if (r == NULL) { retval = ENOMEM; goto error; } /* Copy client realm "tweens" forward. */ for (twp = ctweens; twp < &ctweens[nctween]; twp++) { - retval = krb5int_copy_data_contents(context, twp, rp++); + retval = krb5int_copy_data_contents(context, twp, rp); if (retval) goto error; + rp++; } /* Copy server realm "tweens" backward. */ for (twp = &stweens[nstween]; twp-- > stweens;) { - retval = krb5int_copy_data_contents(context, twp, rp++); + retval = krb5int_copy_data_contents(context, twp, rp); if (retval) goto error; + rp++; } error: + free(ctweens); + free(stweens); if (retval) { - *nrealms = 0; - while (rp > r) { - krb5_free_data_contents(context, --rp); - } - free(r); - r = NULL; + free_realmlist(context, r, rp - r); + return retval; } - free(ctweens); - free(stweens); *realms = r; - return retval; + *nrealms = rp - r; + return 0; } +static void +free_realmlist( + krb5_context context, + krb5_data *realms, + size_t nrealms) +{ + size_t i; + + for (i = 0; i < nrealms; i++) + krb5_free_data_contents(context, &realms[i]); + free(realms); +} + /* * Build a list of realms between a given realm and the common * suffix. The original realm is included, but the "tail" is only From tlyu at MIT.EDU Wed Feb 18 19:37:45 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 19:37:45 -0500 Subject: svn rev #22033: branches/krb5-1-7/src/ include/ lib/krb5/error_tables/ lib/krb5/unicode/ Message-ID: <200902190037.n1J0bjOv020645@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22033 Commit By: tlyu Log Message: ticket: 6378 version_fixed: 1.7 status: resolved pull up r21923 from trunk ------------------------------------------------------------------------ r21923 | ghudson | 2009-02-09 13:35:19 -0500 (Mon, 09 Feb 2009) | 9 lines Changed paths: M /trunk/src/include/k5-unicode.h M /trunk/src/lib/krb5/error_tables/krb5_err.et M /trunk/src/lib/krb5/unicode/ucstr.c ticket: 6378 subject: Change contract of krb5int_utf8_normalize and fix memory leaks tags: pullup target_version: 1.7 Make krb5int_utf8_normalize return a krb5_error_code and always allocate a structure to be placed in the output parameter. Adjust the function structure to use a cleanup handler, fixing many memory leaks. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/include/k5-unicode.h U branches/krb5-1-7/src/lib/krb5/error_tables/krb5_err.et U branches/krb5-1-7/src/lib/krb5/unicode/ucstr.c Modified: branches/krb5-1-7/src/include/k5-unicode.h =================================================================== --- branches/krb5-1-7/src/include/k5-unicode.h 2009-02-19 00:37:16 UTC (rev 22032) +++ branches/krb5-1-7/src/include/k5-unicode.h 2009-02-19 00:37:45 UTC (rev 22033) @@ -117,9 +117,9 @@ #define KRB5_UTF8_ARG2NFC 0x4U #define KRB5_UTF8_APPROX 0x8U -krb5_data * krb5int_utf8_normalize( +krb5_error_code krb5int_utf8_normalize( krb5_data *, - krb5_data *, + krb5_data **, unsigned); int krb5int_utf8_normcmp( Modified: branches/krb5-1-7/src/lib/krb5/error_tables/krb5_err.et =================================================================== --- branches/krb5-1-7/src/lib/krb5/error_tables/krb5_err.et 2009-02-19 00:37:16 UTC (rev 22032) +++ branches/krb5-1-7/src/lib/krb5/error_tables/krb5_err.et 2009-02-19 00:37:45 UTC (rev 22033) @@ -345,4 +345,6 @@ error_code KRB5_PLUGIN_NO_HANDLE, "Supplied data not handled by this plugin" error_code KRB5_PLUGIN_OP_NOTSUPP, "Plugin does not support the operaton" + +error_code KRB5_ERR_INVALID_UTF8, "Invalid UTF-8 string" end Modified: branches/krb5-1-7/src/lib/krb5/unicode/ucstr.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/unicode/ucstr.c 2009-02-19 00:37:16 UTC (rev 22032) +++ branches/krb5-1-7/src/lib/krb5/unicode/ucstr.c 2009-02-19 00:37:45 UTC (rev 22033) @@ -104,15 +104,17 @@ #define TOUPPER(c) (islower(c) ? toupper(c) : (c)) #define TOLOWER(c) (isupper(c) ? tolower(c) : (c)) -krb5_data * +krb5_error_code krb5int_utf8_normalize( krb5_data * data, - krb5_data * newdata, + krb5_data ** newdataptr, unsigned flags) { int i, j, len, clen, outpos, ucsoutlen, outsize, last; - char *out, *outtmp, *s; - krb5_ucs4 *ucs, *p, *ucsout; + char *out = NULL, *outtmp, *s; + krb5_ucs4 *ucs = NULL, *p, *ucsout = NULL; + krb5_data *newdata; + krb5_error_code retval = 0; static unsigned char mask[] = { 0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01}; @@ -120,17 +122,15 @@ unsigned casefold = flags & KRB5_UTF8_CASEFOLD; unsigned approx = flags & KRB5_UTF8_APPROX; - if (data == NULL) { - return NULL; - } + *newdataptr = NULL; + s = data->data; len = data->length; - if (!newdata) { - newdata = (krb5_data *) malloc(sizeof(*newdata)); - if (newdata == NULL) - return NULL; - } + newdata = malloc(sizeof(*newdata)); + if (newdata == NULL) + return ENOMEM; + /* * Should first check to see if string is already in proper normalized * form. This is almost as time consuming as the normalization though. @@ -140,9 +140,10 @@ if (KRB5_UTF8_ISASCII(s)) { if (casefold) { outsize = len + 7; - out = (char *) malloc(outsize); + out = malloc(outsize); if (out == NULL) { - return NULL; + retval = ENOMEM; + goto cleanup; } outpos = 0; @@ -151,10 +152,7 @@ } if (i == len) { out[outpos++] = TOLOWER(s[len - 1]); - out[outpos] = '\0'; - newdata->data = out; - newdata->length = outpos; - return newdata; + goto cleanup; } } else { for (i = 1; (i < len) && KRB5_UTF8_ISASCII(s + i); i++) { @@ -165,25 +163,29 @@ newdata->length = len; newdata->data = malloc(newdata->length + 1); if (newdata->data == NULL) { - return NULL; + retval = ENOMEM; + goto cleanup; } memcpy(newdata->data, s, len); newdata->data[len] = '\0'; - return newdata; + *newdataptr = newdata; + return 0; } outsize = len + 7; - out = (char *) malloc(outsize); + out = malloc(outsize); if (out == NULL) { - return NULL; + retval = ENOMEM; + goto cleanup; } outpos = i - 1; memcpy(out, s, outpos); } } else { outsize = len + 7; - out = (char *) malloc(outsize); + out = malloc(outsize); if (out == NULL) { - return NULL; + retval = ENOMEM; + goto cleanup; } outpos = 0; i = 0; @@ -191,8 +193,8 @@ p = ucs = malloc(len * sizeof(*ucs)); if (ucs == NULL) { - free(out); - return NULL; + retval = ENOMEM; + goto cleanup; } /* convert character before first non-ascii to ucs-4 */ if (i > 0) { @@ -206,9 +208,8 @@ while (i < len) { clen = KRB5_UTF8_CHARLEN2(s + i, clen); if (clen == 0) { - free(ucs); - free(out); - return NULL; + retval = KRB5_ERR_INVALID_UTF8; + goto cleanup; } if (clen == 1) { /* ascii */ @@ -218,9 +219,8 @@ i++; for (j = 1; j < clen; j++) { if ((s[i] & 0xc0) != 0x80) { - free(ucs); - free(out); - return NULL; + retval = KRB5_ERR_INVALID_UTF8; + goto cleanup; } *p <<= 6; *p |= s[i] & 0x3f; @@ -249,12 +249,10 @@ */ if (outsize - outpos < 7) { outsize = ucsoutlen - j + outpos + 6; - outtmp = (char *) realloc(out, outsize); + outtmp = realloc(out, outsize); if (outtmp == NULL) { - free(ucsout); - free(ucs); - free(out); - return NULL; + retval = ENOMEM; + goto cleanup; } out = outtmp; } @@ -273,11 +271,10 @@ /* Allocate more space in out if necessary */ if (len - i >= outsize - outpos) { outsize += 1 + ((len - i) - (outsize - outpos)); - outtmp = (char *) realloc(out, outsize); + outtmp = realloc(out, outsize); if (outtmp == NULL) { - free(ucs); - free(out); - return NULL; + retval = ENOMEM; + goto cleanup; } out = outtmp; } @@ -295,11 +292,19 @@ p = ucs + 1; } +cleanup: free(ucs); + free(ucsout); + if (retval) { + free(out); + free(newdata); + return retval; + } out[outpos] = '\0'; newdata->data = out; newdata->length = outpos; - return newdata; + *newdataptr = newdata; + return 0; } /* compare UTF8-strings, optionally ignore casing */ From tlyu at MIT.EDU Wed Feb 18 19:38:28 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 19:38:28 -0500 Subject: svn rev #22036: branches/krb5-1-7/src/lib/krb5/krb/ Message-ID: <200902190038.n1J0cSds020789@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22036 Commit By: tlyu Log Message: ticket: 6392 version_fixed: 1.7 status: resolved pull up r21980 from trunk ------------------------------------------------------------------------ r21980 | ghudson | 2009-02-12 12:51:45 -0500 (Thu, 12 Feb 2009) | 8 lines Changed paths: M /trunk/src/lib/krb5/krb/walk_rtree.c ticket: 6392 subject: Fix allocation failure check in walk_rtree tags: pullup target_version: 1.7 Check the correct variable for null after allocating the server string in rtree_capath_vals. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c Modified: branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c 2009-02-19 00:38:17 UTC (rev 22035) +++ branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c 2009-02-19 00:38:27 UTC (rev 22036) @@ -273,7 +273,7 @@ memcpy(clientz, client->data, client->length); serverz = calloc(server->length + 1, 1); - if (clientz == NULL) { + if (serverz == NULL) { retval = ENOMEM; goto error; } From tlyu at MIT.EDU Wed Feb 18 19:38:09 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 19:38:09 -0500 Subject: svn rev #22034: branches/krb5-1-7/src/lib/krb5/krb/ Message-ID: <200902190038.n1J0c9wY020700@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22034 Commit By: tlyu Log Message: ticket: 6379 version_fixed: 1.7 status: resolved pull up r21924 from trunk ------------------------------------------------------------------------ r21924 | ghudson | 2009-02-09 13:52:40 -0500 (Mon, 09 Feb 2009) | 10 lines Changed paths: M /trunk/src/lib/krb5/krb/walk_rtree.c ticket: 6379 subject: Fix possible free of uninitialized value in walk_rtree tags: pullup target_version: 1.7 In rtree_hier_realms, if the first rtree_hier_tweens call failed, the cleanup handler would free stweens which had not been initialized. Initialize ctweens and stweens to NULL in the variable declarations to make the cleanup handler safe. ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c Modified: branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c =================================================================== --- branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c 2009-02-19 00:37:45 UTC (rev 22033) +++ branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c 2009-02-19 00:38:09 UTC (rev 22034) @@ -365,7 +365,7 @@ { krb5_error_code retval; struct hstate c, s; - krb5_data *ctweens, *stweens, *twp, *r, *rp; + krb5_data *ctweens = NULL, *stweens = NULL, *twp, *r, *rp; size_t nctween, nstween; *realms = NULL; From tlyu at MIT.EDU Wed Feb 18 19:38:18 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Wed, 18 Feb 2009 19:38:18 -0500 Subject: svn rev #22035: branches/krb5-1-7/src/ Message-ID: <200902190038.n1J0cIOG020737@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22035 Commit By: tlyu Log Message: ticket: 6390 version_fixed: 1.7 status: resolved pull up r21968 from trunk ------------------------------------------------------------------------ r21968 | epeisach | 2009-02-11 08:01:11 -0500 (Wed, 11 Feb 2009) | 9 lines Changed paths: M /trunk/src/aclocal.m4 ticket: 6390 subject: --disable-rpath is not working tags: pullup target_version: 1.7 AC_ARG_ENABLE returns its value in enableval not withval. --disable-rpath was not working - or dependent on some previous setting... ------------------------------------------------------------------------ Changed Files: U branches/krb5-1-7/src/aclocal.m4 Modified: branches/krb5-1-7/src/aclocal.m4 =================================================================== --- branches/krb5-1-7/src/aclocal.m4 2009-02-19 00:38:09 UTC (rev 22034) +++ branches/krb5-1-7/src/aclocal.m4 2009-02-19 00:38:17 UTC (rev 22035) @@ -1215,7 +1215,7 @@ fi]) AC_ARG_ENABLE([rpath], AC_HELP_STRING([--disable-rpath],[suppress run path flags in link lines]), -[enable_rpath=$withval], +[enable_rpath=$enableval], [enable_rpath=yes]) if test "x$enable_rpath" != xyes ; then From tsitkova at MIT.EDU Thu Feb 19 15:15:04 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Thu, 19 Feb 2009 15:15:04 -0500 Subject: svn rev #22037: trunk/src/kdc/ Message-ID: <200902192015.n1JKF4Xu002101@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22037 Commit By: tsitkova Log Message: Fix in handle_referral_params Changed Files: U trunk/src/kdc/main.c Modified: trunk/src/kdc/main.c =================================================================== --- trunk/src/kdc/main.c 2009-02-19 00:38:27 UTC (rev 22036) +++ trunk/src/kdc/main.c 2009-02-19 20:15:04 UTC (rev 22037) @@ -175,7 +175,6 @@ kdc_realm_t *rdp ) { krb5_error_code retval = 0; - if (no_refrls && krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == TRUE) { rdp->realm_no_host_referral = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_no_host_referral) @@ -192,9 +191,10 @@ else if (asprintf(&(rdp->realm_no_host_referral),"%s%s%s", " ", rparams->realm_no_host_referral, " ") < 0) retval = ENOMEM; - } else if( no_refrls != NULL && asprintf(&(rdp->realm_no_host_referral),"%s%s%s", " ", no_refrls, " ") < 0) - retval = ENOMEM; - else + } else if( no_refrls != NULL) { + if ( asprintf(&(rdp->realm_no_host_referral),"%s%s%s", " ", no_refrls, " ") < 0) + retval = ENOMEM; + } else rdp->realm_no_host_referral = NULL; } @@ -213,16 +213,17 @@ rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK); if (!rdp->realm_host_based_services) retval = ENOMEM; - } else if (host_based_srvcs && asprintf(&(rdp->realm_host_based_services), "%s%s%s%s%s", + } else if (host_based_srvcs) { + if (asprintf(&(rdp->realm_host_based_services), "%s%s%s%s%s", " ", host_based_srvcs," ",rparams->realm_host_based_services, " ") < 0) retval = ENOMEM; - else if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", + } else if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", rparams->realm_host_based_services, " ") < 0) retval = ENOMEM; - } else if(host_based_srvcs != NULL && asprintf(&(rdp->realm_host_based_services),"%s%s%s", - " ", host_based_srvcs, " ") < 0) + } else if (host_based_srvcs) { + if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", host_based_srvcs, " ") < 0) retval = ENOMEM; - else + } else rdp->realm_host_based_services = NULL; } From raeburn at MIT.EDU Thu Feb 19 15:51:28 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 19 Feb 2009 15:51:28 -0500 Subject: svn rev #22038: trunk/src/config-files/ Message-ID: <200902192051.n1JKpSYg006417@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22038 Commit By: raeburn Log Message: ticket: 6398 subject: remove obsolete GNU.ORG realm info target_version: 1.7 tags: pullup Our sample krb5.conf has obsolete info on the GNU.ORG realm; the DNS entries named don't exist, and AFAIK this hasn't been accurate in years. (I don't even know if they're currently running a Kerberos realm.) Changed Files: U trunk/src/config-files/krb5.conf Modified: trunk/src/config-files/krb5.conf =================================================================== --- trunk/src/config-files/krb5.conf 2009-02-19 20:15:04 UTC (rev 22037) +++ trunk/src/config-files/krb5.conf 2009-02-19 20:51:27 UTC (rev 22038) @@ -2,6 +2,7 @@ default_realm = ATHENA.MIT.EDU [realms] +# use "kdc = ..." if realm admins haven't put SRV records into DNS ATHENA.MIT.EDU = { admin_server = KERBEROS.MIT.EDU default_domain = MIT.EDU @@ -13,12 +14,6 @@ ANDREW.CMU.EDU = { admin_server = vice28.fs.andrew.cmu.edu } -# use "kdc =" if realm admins haven't put SRV records into DNS - GNU.ORG = { - kdc = kerberos.gnu.org - kdc = kerberos-2.gnu.org - admin_server = kerberos.gnu.org - } [domain_realm] .mit.edu = ATHENA.MIT.EDU From tsitkova at MIT.EDU Fri Feb 20 09:34:34 2009 From: tsitkova at MIT.EDU (tsitkova@MIT.EDU) Date: Fri, 20 Feb 2009 09:34:34 -0500 Subject: svn rev #22040: trunk/src/tests/ kdc_realm/ kdc_realm/input_conf/ Message-ID: <200902201434.n1KEYY75023812@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22040 Commit By: tsitkova Log Message: KDC realm referral test Changed Files: A trunk/src/tests/kdc_realm/ A trunk/src/tests/kdc_realm/input_conf/ A trunk/src/tests/kdc_realm/input_conf/kdc_pri_template.conf A trunk/src/tests/kdc_realm/input_conf/kdc_ref_template.conf A trunk/src/tests/kdc_realm/input_conf/krb5_priCL_template.conf A trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_1_template.conf A trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_2_template.conf A trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_3_template.conf A trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_4_template.conf A trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_5_template.conf A trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_6_template.conf A trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_7_template.conf A trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_8_template.conf A trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_template.conf A trunk/src/tests/kdc_realm/input_conf/krb5_ref_template.conf A trunk/src/tests/kdc_realm/input_conf/test_KDCs.conf A trunk/src/tests/kdc_realm/input_conf/test_princs.conf A trunk/src/tests/kdc_realm/input_conf/test_setup.conf A trunk/src/tests/kdc_realm/kdcref.py Added: trunk/src/tests/kdc_realm/input_conf/kdc_pri_template.conf =================================================================== --- trunk/src/tests/kdc_realm/input_conf/kdc_pri_template.conf 2009-02-20 05:17:04 UTC (rev 22039) +++ trunk/src/tests/kdc_realm/input_conf/kdc_pri_template.conf 2009-02-20 14:34:34 UTC (rev 22040) @@ -0,0 +1,13 @@ +[kdcdefaults] + kdc_ports = 7777 + +[realms] + Y.COM = { + database_name = %(tier2)s/principal + admin_keytab = FILE:%(tier2)s/kadm5.keytab + acl_file = %(tier2)s/kadm5.acl + key_stash_file = %(tier2)s/.k5.ATHENA.MIT.EDU + kdc_ports = 7777 + max_life = 10h 0m 0s + max_renewable_life = 7d 0h 0m 0s + } Added: trunk/src/tests/kdc_realm/input_conf/kdc_ref_template.conf =================================================================== --- trunk/src/tests/kdc_realm/input_conf/kdc_ref_template.conf 2009-02-20 05:17:04 UTC (rev 22039) +++ trunk/src/tests/kdc_realm/input_conf/kdc_ref_template.conf 2009-02-20 14:34:34 UTC (rev 22040) @@ -0,0 +1,13 @@ +[kdcdefaults] + kdc_ports = 7778 + +[realms] + Z.COM = { + database_name = %(tier1)s/principal + admin_keytab = FILE:%(tier1)s/kadm5.keytab + acl_file = %(tier1)s/kadm5.acl + key_stash_file = %(tier1)s/.k5.ATHENA.MIT.EDU + kdc_ports = 7778 + max_life = 10h 0m 0s + max_renewable_life = 7d 0h 0m 0s + } Added: trunk/src/tests/kdc_realm/input_conf/krb5_priCL_template.conf =================================================================== --- trunk/src/tests/kdc_realm/input_conf/krb5_priCL_template.conf 2009-02-20 05:17:04 UTC (rev 22039) +++ trunk/src/tests/kdc_realm/input_conf/krb5_priCL_template.conf 2009-02-20 14:34:34 UTC (rev 22040) @@ -0,0 +1,34 @@ +[libdefaults] + default_realm = Y.COM + default_keytab_name = FILE:%(tier2)s/krb5.keytab + default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + dns_lookup_kdc = true + dns_lookup_realm = false + +[realms] + Y.COM = { + admin_server = KERBEROS.Y.COM + kdc = %(localFQDN)s:7777 + default_domain = Y.COM + } + Z.COM = { + admin_server = KERBEROS.Z.COM + kdc = %(localFQDN)s:7778 + default_domain = Z.COM + } + +[domain_realm] +# .mit.edu = Y.COM + %(localFQDN)s = Y.COM + .%(localFQDN)s = Y.COM + .y.com = Y.COM + y.com = Y.COM + +[dbmodules] + db_module_dir = %(srcdir)s/plugins/kdb/db2 + + +[logging] + kdc = FILE:%(tier2)s/krb5kdc_cl.log + Added: trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_1_template.conf =================================================================== --- trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_1_template.conf 2009-02-20 05:17:04 UTC (rev 22039) +++ trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_1_template.conf 2009-02-20 14:34:34 UTC (rev 22040) @@ -0,0 +1,30 @@ +[libdefaults] + default_realm = Y.COM + default_keytab_name = FILE:%(tier2)s/krb5.keytab + default_tkt_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + default_tgs_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + dns_lookup_kdc = true + dns_lookup_realm = false + + +[kdcdefaults] + no_host_referral = * + host_based_services = * + +[realms] + Y.COM = { + kdc = %(localFQDN)s:7777 + } + +[domain_realm] + mybox.mit.edu=Z.COM + %(localFQDN)s=Y.COM + .y.com = Y.COM + y.com = Y.COM + +[dbmodules] + db_module_dir = %(srcdir)s/plugins/kdb/db2 + +[logging] + kdc = FILE:%(tier2)s/krb5kdc.log + Added: trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_2_template.conf =================================================================== --- trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_2_template.conf 2009-02-20 05:17:04 UTC (rev 22039) +++ trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_2_template.conf 2009-02-20 14:34:34 UTC (rev 22040) @@ -0,0 +1,31 @@ +[libdefaults] + default_realm = Y.COM + default_keytab_name = FILE:%(tier2)s/krb5.keytab + default_tkt_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + default_tgs_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + dns_lookup_kdc = true + dns_lookup_realm = false + + +[kdcdefaults] + no_host_referral = host1 + + +[realms] + Y.COM = { + kdc = %(localFQDN)s:7777 + host_based_services = * + } + +[domain_realm] + mybox.mit.edu=Z.COM + %(localFQDN)s=Y.COM + .y.com = Y.COM + y.com = Y.COM + +[dbmodules] + db_module_dir = %(srcdir)s/plugins/kdb/db2 + +[logging] + kdc = FILE:%(tier2)s/krb5kdc.log + Added: trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_3_template.conf =================================================================== --- trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_3_template.conf 2009-02-20 05:17:04 UTC (rev 22039) +++ trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_3_template.conf 2009-02-20 14:34:34 UTC (rev 22040) @@ -0,0 +1,30 @@ +[libdefaults] + default_realm = Y.COM + default_keytab_name = FILE:%(tier2)s/krb5.keytab + default_tkt_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + default_tgs_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + dns_lookup_kdc = true + dns_lookup_realm = false + + +[kdcdefaults] +# no_host_referral = * +# host_based_services = * + +[realms] + Y.COM = { + kdc = %(localFQDN)s:7777 + } + +[domain_realm] + mybox.mit.edu = Z.COM + %(localFQDN)s = Y.COM + .y.com = Y.COM + y.com = Y.COM + +[dbmodules] + db_module_dir = %(srcdir)s/plugins/kdb/db2 + +[logging] + kdc = FILE:%(tier2)s/krb5kdc.log + Added: trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_4_template.conf =================================================================== --- trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_4_template.conf 2009-02-20 05:17:04 UTC (rev 22039) +++ trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_4_template.conf 2009-02-20 14:34:34 UTC (rev 22040) @@ -0,0 +1,30 @@ +[libdefaults] + default_realm = Y.COM + default_keytab_name = FILE:%(tier2)s/krb5.keytab + default_tkt_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + default_tgs_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + dns_lookup_kdc = true + dns_lookup_realm = false + + +[kdcdefaults] + host_based_services = * + +[realms] + Y.COM = { + kdc = %(localFQDN)s:7777 + no_host_referral = host1, * host2 + } + +[domain_realm] + mybox.mit.edu = Z.COM + %(localFQDN)s = Y.COM + .y.com = Y.COM + y.com = Y.COM + +[dbmodules] + db_module_dir = %(srcdir)s/plugins/kdb/db2 + +[logging] + kdc = FILE:%(tier2)s/krb5kdc.log + Added: trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_5_template.conf =================================================================== --- trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_5_template.conf 2009-02-20 05:17:04 UTC (rev 22039) +++ trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_5_template.conf 2009-02-20 14:34:34 UTC (rev 22040) @@ -0,0 +1,30 @@ +[libdefaults] + default_realm = Y.COM + default_keytab_name = FILE:%(tier2)s/krb5.keytab + default_tkt_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + default_tgs_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + dns_lookup_kdc = true + dns_lookup_realm = false + + +[kdcdefaults] + no_host_referral = host1 testHost host2 + host_based_services = * + +[realms] + Y.COM = { + kdc = %(localFQDN)s:7777 + } + +[domain_realm] + mybox.mit.edu = Z.COM + %(localFQDN)s = Y.COM + .y.com = Y.COM + y.com = Y.COM + +[dbmodules] + db_module_dir = %(srcdir)s/plugins/kdb/db2 + +[logging] + kdc = FILE:%(tier2)s/krb5kdc.log + Added: trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_6_template.conf =================================================================== --- trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_6_template.conf 2009-02-20 05:17:04 UTC (rev 22039) +++ trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_6_template.conf 2009-02-20 14:34:34 UTC (rev 22040) @@ -0,0 +1,31 @@ +[libdefaults] + default_realm = Y.COM + default_keytab_name = FILE:%(tier2)s/krb5.keytab + default_tkt_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + default_tgs_enctypes = aes256-cts-hmac-sha1-96 des3-hmac-sha1 des-cbc-crc + dns_lookup_kdc = true + dns_lookup_realm = false + + +[kdcdefaults] +# no_host_referral = * + host_based_services = * + +[realms] + Y.COM = { + kdc = %(localFQDN)s:7777 + no_host_referral = testHost + } + +[domain_realm] + mybox.mit.edu = Z.COM + %(localFQDN)s = Y.COM + .y.com = Y.COM + y.com = Y.COM + +[dbmodules] + db_module_dir = %(srcdir)s/plugins/kdb/db2 + +[logging] + kdc = FILE:%(tier2)s/krb5kdc.log + Added: trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_7_template.conf =================================================================== --- trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_7_template.conf 2009-02-20 05:17:04 UTC (rev 22039) +++ trunk/src/tests/kdc_realm/input_conf/krb5_priKDC_7_template.conf 2009-02-20 14:34:34 UTC (rev 22040) @@ -0,0 +1,29 @@ +[libdefaults] + default_realm = Y.COM + default_keytab_name = FILE:%(tier2)s/krb5.keytab + default_tkt_enctypes = aes256-cts-hmac-sha1-96 des3-h