From ghudson at MIT.EDU Mon Jun 1 12:51:25 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 1 Jun 2009 12:51:25 -0400 Subject: svn rev #22396: trunk/doc/ Message-ID: <200906011651.n51GpPRV028909@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22396 Commit By: ghudson Log Message: Fix a typo in the admin guide (with not keyword -> with no keyword). Changed Files: U trunk/doc/admin.texinfo Modified: trunk/doc/admin.texinfo =================================================================== --- trunk/doc/admin.texinfo 2009-05-30 05:36:52 UTC (rev 22395) +++ trunk/doc/admin.texinfo 2009-06-01 16:51:24 UTC (rev 22396) @@ -1168,7 +1168,7 @@ @item PKCS11:[@b{module_name=}]@i{module-name}[@b{:slotid=}@i{slot-id}][@b{:token=}@i{token-label}][@b{:certid=}@i{cert-id}][@b{:certlabel=}@i{cert-label}] All keyword/values are optional. @i{module-name} specifies the location of a library implementing - at code{PKCS #11}. If a value is encountered with not keyword, it + at code{PKCS #11}. If a value is encountered with no keyword, it is assumed to be the @i{module-name}. If no @i{module-name} is specified, the default is @code{opensc-pkcs11.so}. @b{slotid=} and/or @b{token=} may be specified to force the use of a From ghudson at MIT.EDU Mon Jun 1 18:39:32 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 1 Jun 2009 18:39:32 -0400 Subject: svn rev #22397: trunk/src/lib/kdb/ Message-ID: <200906012239.n51MdWUD022777@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22397 Commit By: ghudson Log Message: ticket: 6506 subject: Make results of krb5_db_def_fetch_mkey more predictable tags: pullup target_version: 1.7 krb5_db_def_fetch_mkey tries the stash file as a keytab, then falls back to the old stash file format. If the stash file was in keytab format, but didn't contain the desired master key, we would try to read a keytab file as a stash file. This could succeed or fail depending on byte order and other unpredictable factors. The upshot was that one of the libkadm5 unit tests (init 108) was getting a different error code on different platforms. To fix this, only try the stash file format if we get KRB5_KEYTAB_BADVNO trying the keytab format. This requires reworking the error handling logic. Changed Files: U trunk/src/lib/kdb/kdb_default.c Modified: trunk/src/lib/kdb/kdb_default.c =================================================================== --- trunk/src/lib/kdb/kdb_default.c 2009-06-01 16:51:24 UTC (rev 22396) +++ trunk/src/lib/kdb/kdb_default.c 2009-06-01 22:39:31 UTC (rev 22397) @@ -403,7 +403,7 @@ krb5_kvno *kvno, char *db_args) { - krb5_error_code retval_ofs = 0, retval_kt = 0; + krb5_error_code retval; char keyfile[MAXPATHLEN+1]; krb5_data *realm = krb5_princ_realm(context, mname); @@ -418,31 +418,22 @@ /* null terminate no matter what */ keyfile[sizeof(keyfile) - 1] = '\0'; - /* assume the master key is in a keytab */ - retval_kt = krb5_db_def_fetch_mkey_keytab(context, keyfile, mname, key, kvno); - if (retval_kt != 0) { - /* - * If it's not in a keytab, fall back and try getting the mkey from the - * older stash file format. - */ - retval_ofs = krb5_db_def_fetch_mkey_stash(context, keyfile, key, kvno); - } + /* Try the keytab and old stash file formats. */ + retval = krb5_db_def_fetch_mkey_keytab(context, keyfile, mname, key, kvno); + if (retval == KRB5_KEYTAB_BADVNO) + retval = krb5_db_def_fetch_mkey_stash(context, keyfile, key, kvno); - if (retval_kt != 0 && retval_ofs != 0) { - /* - * Error, not able to get mkey from either file format. Note, in order - * to try to return a more correct error, the logic below is assuming - * that if either of the stash reading functions returned - * KRB5_KDB_BADSTORED_MKEY then this is probably the real error. - */ - krb5_set_error_message (context, KRB5_KDB_CANTREAD_STORED, - "Can not fetch master key either from keytab (error: %s) or old " - "format (error %s).", error_message(retval_kt), - error_message(retval_ofs)); - return KRB5_KDB_CANTREAD_STORED; - } else { - return 0; - } + /* + * Use a generic error code for failure to retrieve the master + * key, but set a message indicating the actual error. + */ + if (retval != 0) { + krb5_set_error_message(context, KRB5_KDB_CANTREAD_STORED, + "Can not fetch master key (error: %s).", + error_message(retval)); + return KRB5_KDB_CANTREAD_STORED; + } else + return 0; } /* From tlyu at MIT.EDU Mon Jun 1 20:25:45 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 1 Jun 2009 20:25:45 -0400 Subject: svn rev #22398: branches/krb5-1-7/ doc/ Message-ID: <200906020025.n520PjFQ030157@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22398 Commit By: tlyu Log Message: Update copyrights. Reorganize "major changes" listing. Changed Files: U branches/krb5-1-7/README U branches/krb5-1-7/doc/copyright.texinfo Modified: branches/krb5-1-7/README =================================================================== --- branches/krb5-1-7/README 2009-06-01 22:39:31 UTC (rev 22397) +++ branches/krb5-1-7/README 2009-06-02 00:25:44 UTC (rev 22398) @@ -53,6 +53,11 @@ compile and install Kerberos V5 on any platform, you may send mail to krb5-bugs at mit.edu. +Keep in mind that unencrypted e-mail is not secure; if you need to +send sensitive information, such as reporting potential security +vulnerabilities, please PGP-encrypt it to our security contact +address: krbcore-security at mit.edu. + You may view bug reports by visiting http://krbdev.mit.edu/rt/ @@ -72,59 +77,106 @@ Major changes in 1.7 -------------------- -* Remove support for version 4 of the Kerberos protocol (krb4). +The krb5-1.7 release contains a large number of changes, featuring +improvements in the following broad areas: -* New libdefaults configuration variable "allow_weak_crypto". NOTE: - Currently defaults to "true", but may default to "false" in a future - release. Setting this variable to "false" will have the effect of - removing weak enctypes (currently defined to be all single-DES - enctypes) from permitted_enctypes, default_tkt_enctypes, and - default_tgs_enctypes. +* Compatibility with Microsoft Windows -* Client library now follows client principal referrals, for - compatibility with Windows. +* Administrator experience +* User experience + +* Code quality + +* Protocol evolution + +Compatibility with Microsoft Windows: + +* Follow client principal referrals in the client library when + obtaining initial tickets. + * KDC can issue realm referrals for service principals based on domain names. -* Encryption algorithm negotiation (RFC 4537). +* Extensions supporting DCE RPC, including three-leg GSS context setup + and unencapsulated GSS tokens inside SPNEGO. -* In the replay cache, use a hash over the complete ciphertext to - avoid false-positive replay indications. - * Microsoft GSS_WrapEX, implemented using the gss_iov API, which is - similar to the equivalent SSPI functionality. + similar to the equivalent SSPI functionality. This is needed to + support some instances of DCE RPC. -* DCE RPC, including three-leg GSS context setup and unencapsulated - GSS tokens. - * NTLM recognition support in GSS-API, to facilitate dropping in an - NTLM implementation. + NTLM implementation for improved compatibility with older releases + of Microsoft Windows. * KDC support for principal aliases, if the back end supports them. Currently, only the LDAP back end supports aliases. -* Microsoft set/change password (RFC 3244) protocol in kadmind. +* Support Microsoft set/change password (RFC 3244) protocol in + kadmind. +* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which + allows a GSS application to request credential delegation only if + permitted by KDC policy. + +Administrator experience: + +* Install header files for the administration API, allowing + third-party software to manipulate the KDC database. + * Incremental propagation support for the KDC database. -* Master key rollover support. +* Master key rollover support, making it easier to change master key + passwords or encryption types. -* Flexible Authentication Secure Tunneling (FAST), a preauthentiation - framework that can protect the AS exchange from dictionary attack. +* New libdefaults configuration variable "allow_weak_crypto". NOTE: + Currently defaults to "true", but may default to "false" in a future + release. Setting this variable to "false" will have the effect of + removing weak enctypes (currently defined to be all single-DES + enctypes) from permitted_enctypes, default_tkt_enctypes, and + default_tgs_enctypes. -* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which - allows a GSS application to request credential delegation only if - permitted by KDC policy. +User experience: +* Provide enhanced GSS-API error message including supplementary + details about error conditions. + +* In the replay cache, use a hash over the complete ciphertext to + avoid false-positive replay indications. + +Code quality: + +* Replace many uses of "unsafe" string functions. While most of these + instances were innocuous, they impeded efficient automatic and + manual static code analysis. + +* Fix many instances of resource leaks and similar bugs identified by + static analysis tools. + * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 -- various vulnerabilities in SPNEGO and ASN.1 code. +Protocol evolution: + +* Remove support for version 4 of the Kerberos protocol (krb4). + +* Encryption algorithm negotiation (RFC 4537), allowing clients and + application services to negotiate stronger encryption than their KDC + supports. + +* Flexible Authentication Secure Tunneling (FAST), a preauthentiation + framework that can protect the AS exchange from dictionary attacks + on weak user passwords. + Known bugs by ticket ID ----------------------- 6481 kdb ldap integration removed rev/recurse kdb5_util dumps 6487 gss_unwrap_iov fails in stream mode +6505 fix t_prf test code properly +6506 Make results of krb5_db_def_fetch_mkey more predictable +6507 kdb5_util update_princ_encryption uses latest mkey instead of + active mkey Changes by ticket ID -------------------- Modified: branches/krb5-1-7/doc/copyright.texinfo =================================================================== --- branches/krb5-1-7/doc/copyright.texinfo 2009-06-01 22:39:31 UTC (rev 22397) +++ branches/krb5-1-7/doc/copyright.texinfo 2009-06-02 00:25:44 UTC (rev 22398) @@ -1,4 +1,4 @@ -Copyright @copyright{} 1985-2008 by the Massachusetts Institute of Technology. +Copyright @copyright{} 1985-2009 by the Massachusetts Institute of Technology. @quotation Export of software employing encryption from the United States of @@ -324,6 +324,12 @@ slave/kproplog.c @end smallexample +and marked portions of the following files: + + at smallexample + lib/krb5/os/hst_realm.c + at end smallexample + are subject to the following license: @quotation @@ -412,7 +418,7 @@ @iftex @smallfonts @rm @end iftex -Copyright (c) 2004-2005, Novell, Inc. +Copyright @copyright{} 2004-2005, Novell, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -553,6 +559,36 @@ @end iftex @end quotation +The implementations of strlcpy and strlcat in +src/util/support/strlcat.c have the following copyright and permission +notice: + + at quotation + at iftex + at smallfonts @rm + at end iftex + +Copyright @copyright{} 1998 Todd C. Miller + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + at iftex + at vskip 12pt + at hrule + at vskip 12pt + at end iftex + at end quotation + The implementations of UTF-8 string handling in src/util/support and src/lib/krb5/unicode are subject to the following copyright and permission notice: @@ -617,6 +653,51 @@ @end iftex @end quotation +Marked test programs in src/lib/krb5/krb have the following copyright: + + at quotation + at iftex + at smallfonts @rm + at end iftex + +Copyright @copyright{} 2006 Kungliga Tekniska H@"{o}gskolan +(Royal Institute of Technology, Stockholm, Sweden). +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of KTH nor the names of its contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY +EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + at iftex + at vskip 12pt + at hrule + at vskip 12pt + at end iftex + at end quotation + Permission is granted to make and distribute verbatim copies of this manual provided the copyright notices and this permission notice are preserved on all copies. From tlyu at MIT.EDU Mon Jun 1 20:45:43 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 1 Jun 2009 20:45:43 -0400 Subject: svn rev #22399: branches/krb5-1-7/src/ Message-ID: <200906020045.n520jh8K031434@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22399 Commit By: tlyu Log Message: krb5-1.7 Changed Files: U branches/krb5-1-7/src/patchlevel.h Modified: branches/krb5-1-7/src/patchlevel.h =================================================================== --- branches/krb5-1-7/src/patchlevel.h 2009-06-02 00:25:44 UTC (rev 22398) +++ branches/krb5-1-7/src/patchlevel.h 2009-06-02 00:45:43 UTC (rev 22399) @@ -53,6 +53,6 @@ #define KRB5_MAJOR_RELEASE 1 #define KRB5_MINOR_RELEASE 7 #define KRB5_PATCHLEVEL 0 -#define KRB5_RELTAIL "beta3-postrelease" +/* #undef KRB5_RELTAIL */ /* #undef KRB5_RELDATE */ -#define KRB5_RELTAG "branches/krb5-1-7" +#define KRB5_RELTAG "tags/krb5-1-7-final" From tlyu at MIT.EDU Mon Jun 1 20:48:21 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 1 Jun 2009 20:48:21 -0400 Subject: svn rev #22400: tags/ Message-ID: <200906020048.n520mLCW031610@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22400 Commit By: tlyu Log Message: tag krb5-1.7 Changed Files: A tags/krb5-1-7-final/ Copied: tags/krb5-1-7-final (from rev 22399, branches/krb5-1-7) From tlyu at MIT.EDU Mon Jun 1 21:04:21 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Mon, 1 Jun 2009 21:04:21 -0400 Subject: svn rev #22401: branches/krb5-1-7/src/ Message-ID: <200906020104.n5214LR5000301@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22401 Commit By: tlyu Log Message: krb5-1.7-postrelease Changed Files: U branches/krb5-1-7/src/patchlevel.h Modified: branches/krb5-1-7/src/patchlevel.h =================================================================== --- branches/krb5-1-7/src/patchlevel.h 2009-06-02 00:48:21 UTC (rev 22400) +++ branches/krb5-1-7/src/patchlevel.h 2009-06-02 01:04:20 UTC (rev 22401) @@ -53,6 +53,6 @@ #define KRB5_MAJOR_RELEASE 1 #define KRB5_MINOR_RELEASE 7 #define KRB5_PATCHLEVEL 0 -/* #undef KRB5_RELTAIL */ +#define KRB5_RELTAIL "postrelease" /* #undef KRB5_RELDATE */ -#define KRB5_RELTAG "tags/krb5-1-7-final" +#define KRB5_RELTAG "branches/krb5-1-7" From epeisach at MIT.EDU Fri Jun 5 23:55:46 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Fri, 5 Jun 2009 23:55:46 -0400 Subject: svn rev #22402: trunk/src/lib/kadm5/srv/ Message-ID: <200906060355.n563tkcA023305@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22402 Commit By: epeisach Log Message: ticket: 6508 subject: kadm5int_acl_parse_restrictions could ref uninitialized variable The variable sp is never initialized. If the first argument to the function is null, the code falls through to freeing sp if valid. However, sp is never set. Changed Files: U trunk/src/lib/kadm5/srv/server_acl.c Modified: trunk/src/lib/kadm5/srv/server_acl.c =================================================================== --- trunk/src/lib/kadm5/srv/server_acl.c 2009-06-02 01:04:20 UTC (rev 22401) +++ trunk/src/lib/kadm5/srv/server_acl.c 2009-06-06 03:55:44 UTC (rev 22402) @@ -278,7 +278,7 @@ char *s; restriction_t **rpp; { - char *sp, *tp, *ap; + char *sp = NULL, *tp, *ap; static const char *delims = "\t\n\f\v\r ,"; krb5_deltat dt; krb5_flags flag; From epeisach at MIT.EDU Sat Jun 6 09:46:07 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Sat, 6 Jun 2009 09:46:07 -0400 Subject: svn rev #22403: trunk/src/lib/kadm5/srv/ Message-ID: <200906061346.n56Dk7qM002112@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22403 Commit By: epeisach Log Message: ticket: 6509 subject: kadmind is parsing acls good deref NULL pointer on error In kadm5int_acl_parse_line, if you setup an acl w/ restrictions (i.e. the four argument acl format) - but have an error parsing the first few fields, acle is NULLed out, and is then derefed. This adds a conditional and indents according to the krb5 c-style... Changed Files: U trunk/src/lib/kadm5/srv/server_acl.c Modified: trunk/src/lib/kadm5/srv/server_acl.c =================================================================== --- trunk/src/lib/kadm5/srv/server_acl.c 2009-06-06 03:55:44 UTC (rev 22402) +++ trunk/src/lib/kadm5/srv/server_acl.c 2009-06-06 13:46:06 UTC (rev 22403) @@ -238,20 +238,24 @@ free(acle); acle = (aent_t *) NULL; } - if ( nmatch >= 4 ) { - char *trailing; - trailing = &acle_restrictions[strlen(acle_restrictions)-1]; - while ( isspace((int) *trailing) ) - trailing--; - trailing[1] = '\0'; - acle->ae_restriction_string = strdup(acle_restrictions); + if (acle) { + if ( nmatch >= 4 ) { + char *trailing; + + trailing = &acle_restrictions[strlen(acle_restrictions)-1]; + while ( isspace((int) *trailing) ) + trailing--; + trailing[1] = '\0'; + acle->ae_restriction_string = + strdup(acle_restrictions); + } + else { + acle->ae_restriction_string = (char *) NULL; + } + acle->ae_restriction_bad = 0; + acle->ae_restrictions = (restriction_t *) NULL; } - else { - acle->ae_restriction_string = (char *) NULL; - } - acle->ae_restriction_bad = 0; - acle->ae_restrictions = (restriction_t *) NULL; } } DPRINT(DEBUG_CALLS, acl_debug_level, From ghudson at MIT.EDU Mon Jun 8 05:41:55 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 8 Jun 2009 05:41:55 -0400 Subject: svn rev #22404: trunk/src/lib/kadm5/unit-test/ Message-ID: <200906080941.n589ftV0005908@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22404 Commit By: ghudson Log Message: Don't build the kadm5/unit-test test programs during "make all"; build them during "make check" via test dependencies for consistency with the way we handle other test programs. (Also means we don't need libraries to be linkable until later in the build process.) Changed Files: U trunk/src/lib/kadm5/unit-test/Makefile.in Modified: trunk/src/lib/kadm5/unit-test/Makefile.in =================================================================== --- trunk/src/lib/kadm5/unit-test/Makefile.in 2009-06-06 13:46:06 UTC (rev 22403) +++ trunk/src/lib/kadm5/unit-test/Makefile.in 2009-06-08 09:41:55 UTC (rev 22404) @@ -11,10 +11,6 @@ SRCS= init-test.c destroy-test.c handle-test.c iter-test.c setkey-test.c \ randkey-test.c lock-test.c -all:: init-test destroy-test client-handle-test client-iter-test -all:: randkey-test server-handle-test lock-test server-iter-test -all:: server-setkey-test client-setkey-test - # # The client-side test programs. # From ghudson at MIT.EDU Mon Jun 8 05:43:45 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 8 Jun 2009 05:43:45 -0400 Subject: svn rev #22405: trunk/src/slave/ Message-ID: <200906080943.n589hjUb006015@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22405 Commit By: ghudson Log Message: libkdb5 now depends on libgssrpc. So when linking kpropd, specify $(KDB5_LIB) before $(KADMCLNT_LIBS) to get the link order right. Unimportant for dynamic linking in most environments, but relevant for static linking. Changed Files: U trunk/src/slave/Makefile.in Modified: trunk/src/slave/Makefile.in =================================================================== --- trunk/src/slave/Makefile.in 2009-06-08 09:41:55 UTC (rev 22404) +++ trunk/src/slave/Makefile.in 2009-06-08 09:43:45 UTC (rev 22405) @@ -23,8 +23,8 @@ kprop: $(CLIENTOBJS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o kprop $(CLIENTOBJS) $(KRB5_BASE_LIBS) @LIBUTIL@ -kpropd: $(SERVEROBJS) $(KADMCLNT_DEPLIBS) $(KDB5_DEPLIB) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB) - $(CC_LINK) -o kpropd $(SERVEROBJS) $(KADMCLNT_LIBS) $(KDB5_LIB) $(KRB5_BASE_LIBS) $(APPUTILS_LIB) @LIBUTIL@ +kpropd: $(SERVEROBJS) $(KDB5_DEPLIB) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB) + $(CC_LINK) -o kpropd $(SERVEROBJS) $(KDB5_LIB) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) $(APPUTILS_LIB) @LIBUTIL@ kproplog: $(LOGOBJS) $(CC_LINK) -o kproplog $(LOGOBJS) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) From ghudson at MIT.EDU Mon Jun 8 06:01:58 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 8 Jun 2009 06:01:58 -0400 Subject: svn rev #22406: trunk/src/ config/ include/ lib/kdb/ plugins/authdata/greet/ ... Message-ID: <200906081001.n58A1wij007386@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22406 Commit By: ghudson Log Message: ticket: 6510 subject: Restore limited support for static linking Add enough static linking support to run the test suite without shared libraries, to facilitate gcov and other kinds of instrumentation. The necessary changes include: * Undo some of the changes which removed static linking support, and cannibalize the defunct krb5_force_static conditional block in aclocal.m4. * Add --enable-static-only configure option. * For plugins, use a different symbol name for static and dynamic builds, via a macro in k5plugin.h. * Add build machinery for building static libraries for plugins (somewhat grotty due to the difference in names). * Move plugin subdirs earlier in SUBDIRS in src/Makefile.in. * Make the in-tree KDB5 plugins dependencies of libkdb5 in a static build (aclocal.m4 has to know what they are). * In kdb5.c, cannibalize the broken _KDB5_STATIC_LINK support to allow "loading" of statically linked plugin libraries. Preauth, authdata, locate, and GSSAPI plugins are not handled by this change, as they are not currently necessary to the test suite. Supporting GSSAPI plugins may be a bit tricky but the others should be straightforward if they become needed. $(STLIBEXT) changes from .a-nobuild to .a in a normal shared build as a result of these changes (except on AIX where aclocal.m4 changes it). This does not seem to be important as we avoid selecting the static library for building via other means. Changed Files: U trunk/src/Makefile.in U trunk/src/aclocal.m4 U trunk/src/config/libnover.in U trunk/src/config/libpriv.in U trunk/src/config/pre.in U trunk/src/include/k5-plugin.h U trunk/src/lib/kdb/kdb5.c U trunk/src/plugins/authdata/greet/Makefile.in U trunk/src/plugins/kdb/db2/Makefile.in U trunk/src/plugins/kdb/db2/db2_exp.c U trunk/src/plugins/kdb/ldap/Makefile.in U trunk/src/plugins/kdb/ldap/ldap_exp.c U trunk/src/plugins/locate/python/Makefile.in U trunk/src/plugins/preauth/encrypted_challenge/Makefile.in U trunk/src/plugins/preauth/pkinit/Makefile.in U trunk/src/plugins/preauth/pkinit/pkinit_clnt.c U trunk/src/plugins/preauth/pkinit/pkinit_srv.c Modified: trunk/src/Makefile.in =================================================================== --- trunk/src/Makefile.in 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/Makefile.in 2009-06-08 10:01:57 UTC (rev 22406) @@ -9,11 +9,12 @@ # plugins/preauth/wpse # plugins/preauth/cksum_body # plugins/authdata/greet -SUBDIRS=util include lib kdc kadmin @ldap_plugin_dir@ slave clients \ +SUBDIRS=util include lib \ + @ldap_plugin_dir@ \ plugins/kdb/db2 \ plugins/preauth/pkinit \ plugins/preauth/encrypted_challenge \ - appl tests \ + kdc kadmin slave clients appl tests \ config-files gen-manpages BUILDTOP=$(REL)$(C) LOCALINCLUDES = -I$(srcdir) Modified: trunk/src/aclocal.m4 =================================================================== --- trunk/src/aclocal.m4 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/aclocal.m4 2009-06-08 10:01:57 UTC (rev 22406) @@ -1141,6 +1141,11 @@ fi AC_SUBST(LIBLIST) AC_SUBST(LIBLINKS) +AC_SUBST(PLUGIN) +AC_SUBST(PLUGINLINK) +AC_SUBST(PLUGININST) +AC_SUBST(KDB5_PLUGIN_DEPLIBS) +AC_SUBST(KDB5_PLUGIN_LIBS) AC_SUBST(MAKE_SHLIB_COMMAND) AC_SUBST(SHLIB_RPATH_FLAGS) AC_SUBST(SHLIB_EXPFLAGS) @@ -1213,6 +1218,11 @@ [if test "$enableval" != yes; then AC_MSG_ERROR([Sorry, this release builds only shared libraries, cannot disable them.]) fi]) +AC_ARG_ENABLE([static-only], +AC_HELP_STRING([--enable-static-only],[use static libraries and plugins]), +[static_only=$enableval], +[static_only=no]) + AC_ARG_ENABLE([rpath], AC_HELP_STRING([--disable-rpath],[suppress run path flags in link lines]), [enable_rpath=$enableval], @@ -1231,16 +1241,24 @@ DEPLIBEXT=$SHLIBEXT -if test "$krb5_force_static" = "yes"; then +if test "x$static_only" = xyes; then LIBLIST='lib$(LIBBASE)$(STLIBEXT)' LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT)' + PLUGIN='libkrb5_$(LIBBASE)$(STLIBEXT)' + PLUGINLINK='$(TOPLIBD)/libkrb5_$(LIBBASE)$(STLIBEXT)' + PLUGININST=install-static OBJLISTS=OBJS.ST - # This used to be install-static, but now we only follow this - # path for internal libraries we don't want installed, not for - # configure-time requests for installed static libraries. - LIBINSTLIST= -# CFLAGS="$CFLAGS -D_KDB5_STATIC_LINK" + LIBINSTLIST=install-static + DEPLIBEXT=$STLIBEXT + AC_DEFINE([STATIC_PLUGINS], 1, [Define for static plugin linkage]) + KDB5_PLUGIN_DEPLIBS='$(TOPLIBD)/libkrb5_db2$(DEPLIBEXT)' + KDB5_PLUGIN_LIBS='-lkrb5_db2' + if test "x$OPENLDAP_PLUGIN" = xyes; then + KDB5_PLUGIN_DEBLIBS=$KDB5_PLUGIN_DEPLIBS' $(TOPLIBD)/libkrb5_ldap$(DEPLIBEXT)' + KDB5_PLUGIN_LIBS=$KDB_LUGIN_LIBS' -lkrb5_ldap' + fi + AC_MSG_RESULT([Forcing static libraries.]) # avoid duplicate rules generation for AIX and such SHLIBEXT=.so-nobuild @@ -1255,23 +1273,25 @@ fi case "$SHLIBSEXT" in .so.s-nobuild) - SHLIB_HAVE_MINOR_VERS=no LIBLIST='lib$(LIBBASE)$(SHLIBEXT)' LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT)' LIBINSTLIST="install-shared" ;; *) - SHLIB_HAVE_MINOR_VERS=yes LIBLIST='lib$(LIBBASE)$(SHLIBEXT) lib$(LIBBASE)$(SHLIBSEXT)' LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBSEXT)' LIBINSTLIST="install-shlib-soname" ;; esac OBJLISTS="OBJS.SH" + PLUGIN='$(LIBBASE)$(DYNOBJEXT)' + PLUGINLINK= + PLUGININST=install-plugin + KDB5_PLUGIN_DEPLIBS= + KDB5_PLUGIN_LIBS= fi CC_LINK="$CC_LINK_SHARED" CXX_LINK="$CXX_LINK_SHARED" -AC_SUBST(SHLIB_HAVE_MINOR_VERS) if test -z "$LIBLIST"; then AC_MSG_ERROR([must enable one of shared or static libraries]) Modified: trunk/src/config/libnover.in =================================================================== --- trunk/src/config/libnover.in 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/config/libnover.in 2009-06-08 10:01:57 UTC (rev 22406) @@ -27,16 +27,21 @@ # STOBJLISTS=dir1/OBJS.ST dir2/OBJS.ST etc... SHOBJLISTS=$(STOBJLISTS:.ST=.SH) +PFOBJLISTS=$(STOBJLISTS:.ST=.PF) dummy-target-1 $(SUBDIROBJLISTS) $(SUBDIROBJLISTS:.ST=.SH) $(SUBDIROBJLISTS:.ST=.PF): all-recurse # Gets invoked as $(PARSE_OBJLISTS) list-of-OBJS.*-files PARSE_OBJLISTS= set -x && $(PERL) -p -e 'BEGIN { $$SIG{__WARN__} = sub {die @_} }; $$e=$$ARGV; $$e =~ s/OBJS\...$$//; s/^/ /; s/ $$//; s/ / $$e/g;' -SHLIBVEXT=$(SHLIBEXT) -LIBLIST=$(LIBBASE)$(DYNOBJEXT) LIBINSTLIST=install-shared +libkrb5_$(LIBBASE)$(STLIBEXT): $(STOBJLISTS) + $(RM) $@ + @echo "building static $(LIBBASE) library" + set -x; objlist=`$(PARSE_OBJLISTS) $(STOBJLISTS)` && $(AR) cq $@ $$objlist + $(RANLIB) $@ + $(LIBBASE)$(DYNOBJEXT): $(SHOBJLISTS) $(DYNOBJ_EXPDEPS) $(SHLIB_EXPORT_FILE_DEP) $(RM) $@ @echo "building dynamic $(LIBBASE) object" @@ -80,18 +85,29 @@ $(RM) darwin.exports sed "s/^/_/" < $(SHLIB_EXPORT_FILE) > darwin.exports -$(TOPLIBD)/$(LIBBASE)$(SHLIBEXT): $(LIBBASE)$(SHLIBEXT) +libkrb5_$(LIBBASE)$(PFLIBEXT): $(PFOBJLISTS) $(RM) $@ - (cd $(TOPLIBD) && $(LN_S) $(RELDIR)/$(LIBBASE)$(SHLIBEXT) .) + @echo "building profiled $(LIBBASE) library" + set -x; objlist=`$(PARSE_OBJLISTS) $(PFOBJLISTS)` && $(AR) cq $@ $$objlist + $(RANLIB) $@ -all-libs: $(LIBBASE)$(DYNOBJEXT) # $(LIBLIST) +$(TOPLIBD)/libkrb5_$(LIBBASE)$(STLIBEXT): + $(RM) $@ + (cd $(TOPLIBD) && $(LN_S) $(RELDIR)/libkrb5_$(LIBBASE)$(STLIBEXT) .) +all-liblinks: all-libs $(PLUGINLINK) +all-libs: $(PLUGIN) + clean-libs: $(RM) $(LIBBASE)$(DYNOBJEXT) $(RM) binutils.versions osf1.exports darwin.exports hpux10.exports -install-libs: $(LIBINSTLIST) -install-shared: +install-libs: $(PLUGININST) +install-static: + $(RM) $(DESTDIR)$(KRB5_LIBDIR)/libkrb5_$(LIBBASE)$(STLIBEXT) + $(INSTALL_DATA) libkrb5_$(LIBBASE)$(STLIBEXT) $(DESTDIR)$(KRB5_LIBDIR) + $(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/libkrb5_$(LIBBASE)$(STLIBEXT) +install-plugin: $(RM) $(DESTDIR)$(MODULE_INSTALL_DIR)/$(LIBBASE)$(DYNOBJEXT) $(INSTALL_SHLIB) $(LIBBASE)$(DYNOBJEXT) $(DESTDIR)$(MODULE_INSTALL_DIR) Modified: trunk/src/config/libpriv.in =================================================================== --- trunk/src/config/libpriv.in 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/config/libpriv.in 2009-06-08 10:01:57 UTC (rev 22406) @@ -10,4 +10,3 @@ SHLIBEXT=.so-nobuild SHLIBVEXT=.so.v-nobuild SHLIBSEXT=.so.s-nobuild -STLIBEXT=$(STLIBEXT_if_static) Modified: trunk/src/config/pre.in =================================================================== --- trunk/src/config/pre.in 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/config/pre.in 2009-06-08 10:01:57 UTC (rev 22406) @@ -315,6 +315,9 @@ # depending on whether we're building with shared libraries. DEPLIBEXT=@DEPLIBEXT@ +KDB5_PLUGIN_DEPLIBS = @KDB5_PLUGIN_DEPLIBS@ +KDB5_PLUGIN_LIBS = @KDB5_PLUGIN_LIBS@ + KADMCLNT_DEPLIB = $(TOPLIBD)/libkadm5clnt$(DEPLIBEXT) KADMSRV_DEPLIB = $(TOPLIBD)/libkadm5srv$(DEPLIBEXT) KDB5_DEPLIB = $(TOPLIBD)/libkdb5$(DEPLIBEXT) @@ -337,7 +340,7 @@ APPUTILS_DEPLIB = $(TOPLIBD)/libapputils.a KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB) -KDB5_DEPLIBS = $(KDB5_DEPLIB) +KDB5_DEPLIBS = $(KDB5_DEPLIB) $(KDB5_PLUGIN_DEPLIBS) GSS_DEPLIBS = $(GSS_DEPLIB) GSSRPC_DEPLIBS = $(GSSRPC_DEPLIB) $(GSS_DEPLIBS) KADM_COMM_DEPLIBS = $(GSSRPC_DEPLIBS) $(KDB5_DEPLIBS) $(GSSRPC_DEPLIBS) @@ -365,7 +368,7 @@ SS_LIB = $(SS_LIB- at SS_VERSION@) SS_LIB-sys = @SS_LIB@ SS_LIB-k5 = $(TOPLIBD)/libss.a -KDB5_LIB = -lkdb5 +KDB5_LIB = -lkdb5 $(KDB5_PLUGIN_LIBS) DL_LIB = @DL_LIB@ @@ -471,26 +474,28 @@ # Set to "lib$(LIBBASE)$(STEXT) lib$(LIBBASE)$(SHEXT) lib$(LIBBASE)$(PFEXT)" or # some subset thereof by configure; determines which types of libs get # built. -LIBLIST=$(LIBLIST_ at SHLIB_HAVE_MINOR_VERS@) -LIBLIST_yes=lib$(LIBBASE)$(SHLIBEXT) lib$(LIBBASE)$(SHLIBSEXT) -LIBLIST_no=lib$(LIBBASE)$(SHLIBEXT) +LIBLIST=@LIBLIST@ # Set by configure; list of library symlinks to make to $(TOPLIBD) -LIBLINKS=$(LIBLINKS_ at SHLIB_HAVE_MINOR_VERS@) -LIBLINKS_yes=$(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBSEXT) -LIBLINKS_no=$(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT) +LIBLINKS=@LIBLINKS@ -# Set by configure; list of install targets -LIBINSTLIST=$(LIBINSTLIST_ at SHLIB_HAVE_MINOR_VERS@) -LIBINSTLIST_yes=install-shlib-soname -LIBINSTLIST_no=install-shared +# Set by configure; name of plugin module to build (libfoo.a or foo.so) +PLUGIN=@PLUGIN@ +# Set by configure; symlink for plugin module for static plugin linking +PLUGINLINK=@PLUGINLINK@ + +# Set by configure; list of install targets for libraries +LIBINSTLIST=@LIBINSTLIST@ + +# Set by configure; install target +PLUGININST=@PLUGININST@ + # Some of these should really move to pre.in, since programs will need # it too. (e.g. stuff that has dependencies on the libraries) # usually .a -STLIBEXT_if_static=@STLIBEXT@ -STLIBEXT=.a-nobuild +STLIBEXT=@STLIBEXT@ # usually .so.$(LIBMAJOR).$(LIBMINOR) SHLIBVEXT=@SHLIBVEXT@ @@ -536,7 +541,7 @@ # Set to "OBJS.ST OBJS.SH OBJS.PF" or some subset thereof by # configure; determines which types of object files get built. -OBJLISTS=OBJS.SH +OBJLISTS=@OBJLISTS@ # Note that $(LIBSRCS) *cannot* contain any variable references, or # the suffix substitution will break on some platforms! Modified: trunk/src/include/k5-plugin.h =================================================================== --- trunk/src/include/k5-plugin.h 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/include/k5-plugin.h 2009-06-08 10:01:57 UTC (rev 22406) @@ -65,6 +65,23 @@ #include "k5-err.h" +/* + * Plugins normally export fixed symbol names, but when statically + * linking plugins, we need a different symbol name for each plugin. + * The first argument to PLUGIN_SYMBOL_NAME acts as the + * differentiator, and is only used for static plugin linking. + * + * Although this macro (and thus this header file) are used in plugins + * whose code lies inside the krb5 tree, plugins maintained separately + * from the krb5 tree do not need it; they can just use the fixed + * symbol name unconditionally. + */ +#ifdef STATIC_PLUGINS +#define PLUGIN_SYMBOL_NAME(prefix, symbol) prefix ## _ ## symbol +#else +#define PLUGIN_SYMBOL_NAME(prefix, symbol) symbol +#endif + struct plugin_file_handle; /* opaque */ struct plugin_dir_handle { Modified: trunk/src/lib/kdb/kdb5.c =================================================================== --- trunk/src/lib/kdb/kdb5.c 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/lib/kdb/kdb5.c 2009-06-08 10:01:57 UTC (rev 22406) @@ -60,14 +60,6 @@ static k5_mutex_t db_lock = K5_MUTEX_PARTIAL_INITIALIZER; -#ifdef _KDB5_STATIC_LINK -#undef _KDB5_DYNAMIC_LINK -#else -#undef _KDB5_DYNAMIC_LINK -/* to avoid redefinition problem */ -#define _KDB5_DYNAMIC_LINK -#endif - static db_library lib_list; /* @@ -323,78 +315,54 @@ } } -static int kdb_db2_pol_err_loaded = 0; -#ifdef _KDB5_STATIC_LINK -#define DEF_SYMBOL(a) extern kdb_vftabl krb5_db_vftabl_ ## a -#define GET_SYMBOL(a) (krb5_db_vftabl_ ## a) +#ifdef STATIC_PLUGINS + +extern kdb_vftabl krb5_db2_kdb_function_table; +#ifdef ENABLE_LDAP +extern kdb_vftabl krb5_db2_ldap_function_table; +#endif + static krb5_error_code -kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) +kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr) { krb5_error_code status; - void *vftabl_addr = NULL; - char buf[KRB5_MAX_ERR_STR]; + db_library lib; + kdb_vftabl *vftabl_addr = NULL; - if (!strcmp("kdb_db2", lib_name) && (kdb_db2_pol_err_loaded == 0)) { - initialize_adb_error_table(); - kdb_db2_pol_err_loaded = 1; + if (strcmp(lib_name, "db2") == 0) + vftabl_addr = &krb5_db2_kdb_function_table; +#ifdef ENABLE_LDAP + if (strcmp(lib_name, "ldap") == 0) + vftabl_addr = &krb5_ldap_kdb_function_table; +#endif + if (!vftabl_addr) { + krb5_set_error_message(kcontext, KRB5_KDB_DBTYPE_NOTFOUND, + "Unable to find requested database type: %s", + lib_name); + return KRB5_KDB_DBTYPE_NOSUP; } - *lib = calloc((size_t) 1, sizeof(**lib)); - if (*lib == NULL) { - status = ENOMEM; - goto clean_n_exit; - } + lib = calloc(1, sizeof(*lib)); + if (lib == NULL) + return ENOMEM; status = kdb_init_lib_lock(*lib); - if (status) { - goto clean_n_exit; - } + if (status) + goto cleanup; - strlcpy((*lib)->name, lib_name, sizeof((*lib)->name)); + strlcpy(lib->name, lib_name, sizeof(lib->name)); + memcpy(&lib->vftabl, vftabl_addr, sizeof(kdb_vftabl)); + kdb_setup_opt_functions(lib); -#if !defined(KDB5_USE_LIB_KDB_DB2) && !defined(KDB5_USE_LIB_TEST) -#error No database module defined -#endif + status = lib->vftabl.init_library(); + if (status) + goto cleanup; -#ifdef KDB5_USE_LIB_KDB_DB2 - if (strcmp(lib_name, "kdb_db2") == 0) { - DEF_SYMBOL(kdb_db2); - vftabl_addr = (void *) &GET_SYMBOL(kdb_db2); - } else -#endif -#ifdef KDB5_USE_LIB_TEST - if (strcmp(lib_name, "test") == 0) { - DEF_SYMBOL(test); - vftabl_addr = (void *) &GET_SYMBOL(test); - } else -#endif - { - snprintf(buf, sizeof(buf), - "Program not built to support %s database type\n", - lib_name); - status = KRB5_KDB_DBTYPE_NOSUP; - krb5_db_set_err(kcontext, krb5_err_have_str, status, buf); - goto clean_n_exit; - } + *libptr = lib; + return 0; - memcpy(&(*lib)->vftabl, vftabl_addr, sizeof(kdb_vftabl)); - - kdb_setup_opt_functions(*lib); - - if ((status = (*lib)->vftabl.init_library())) { - /* ERROR. library not initialized cleanly */ - snprintf(buf, sizeof(buf), - "%s library initialization failed, error code %ld\n", - lib_name, status); - status = KRB5_KDB_DBTYPE_INIT; - krb5_db_set_err(kcontext, krb5_err_have_str, status, buf); - goto clean_n_exit; - } - - clean_n_exit: - if (status) { - free(*lib), *lib = NULL; - } +cleanup: + free(lib); return status; } @@ -424,11 +392,6 @@ filebases[0] = lib_name; filebases[1] = NULL; - if (!strcmp(DB2_NAME, lib_name) && (kdb_db2_pol_err_loaded == 0)) { - initialize_adb_error_table(); - kdb_db2_pol_err_loaded = 1; - } - *lib = calloc((size_t) 1, sizeof(**lib)); if (*lib == NULL) { status = ENOMEM; @@ -527,7 +490,13 @@ krb5_error_code status = 0; int locked = 0; db_library curr_elt, prev_elt = NULL; + static int kdb_db2_pol_err_loaded = 0; + if (!strcmp(DB2_NAME, lib_name) && (kdb_db2_pol_err_loaded == 0)) { + initialize_adb_error_table(); + kdb_db2_pol_err_loaded = 1; + } + if ((status = kdb_lock_list()) != 0) { goto clean_n_exit; } Modified: trunk/src/plugins/authdata/greet/Makefile.in =================================================================== --- trunk/src/plugins/authdata/greet/Makefile.in 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/plugins/authdata/greet/Makefile.in 2009-06-08 10:01:57 UTC (rev 22406) @@ -27,7 +27,7 @@ SRCS= greet_auth.c -all-unix:: $(LIBBASE)$(SO_EXT) +all-unix:: all-liblinks install-unix:: install-libs clean-unix:: clean-libs clean-libobjs Modified: trunk/src/plugins/kdb/db2/Makefile.in =================================================================== --- trunk/src/plugins/kdb/db2/Makefile.in 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/plugins/kdb/db2/Makefile.in 2009-06-08 10:01:57 UTC (rev 22406) @@ -68,7 +68,7 @@ pol_xdr.o \ db2_exp.o -all-unix:: $(LIBBASE)$(SO_EXT) +all-unix:: all-liblinks install-unix:: install-libs clean-unix:: clean-libs clean-libobjs Modified: trunk/src/plugins/kdb/db2/db2_exp.c =================================================================== --- trunk/src/plugins/kdb/db2/db2_exp.c 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/plugins/kdb/db2/db2_exp.c 2009-06-08 10:01:57 UTC (rev 22406) @@ -220,7 +220,7 @@ * Exposed API */ -kdb_vftabl kdb_function_table = { +kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = { 1, /* major version number 1 */ 0, /* minor version number 0 */ /* init_library */ hack_init, Modified: trunk/src/plugins/kdb/ldap/Makefile.in =================================================================== --- trunk/src/plugins/kdb/ldap/Makefile.in 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/plugins/kdb/ldap/Makefile.in 2009-06-08 10:01:57 UTC (rev 22406) @@ -38,7 +38,7 @@ STOBJLISTS=OBJS.ST STLIBOBJS= ldap_exp.o -all-unix:: $(LIBBASE)$(SO_EXT) +all-unix:: all-liblinks install-unix:: install-libs clean-unix:: clean-libs clean-libobjs Modified: trunk/src/plugins/kdb/ldap/ldap_exp.c =================================================================== --- trunk/src/plugins/kdb/ldap/ldap_exp.c 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/plugins/kdb/ldap/ldap_exp.c 2009-06-08 10:01:57 UTC (rev 22406) @@ -45,7 +45,7 @@ * Exposed API */ -kdb_vftabl kdb_function_table = { +kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_ldap, kdb_function_table) = { 1, /* major version number 1 */ 0, /* minor version number 0 */ /* init_library */ krb5_ldap_lib_init, Modified: trunk/src/plugins/locate/python/Makefile.in =================================================================== --- trunk/src/plugins/locate/python/Makefile.in 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/plugins/locate/python/Makefile.in 2009-06-08 10:01:57 UTC (rev 22406) @@ -21,7 +21,7 @@ STOBJLISTS=OBJS.ST STLIBOBJS= py-locate.o -all-unix:: $(LIBBASE)$(SO_EXT) +all-unix:: all-liblinks install-unix:: install-libs clean-unix:: clean-libs clean-libobjs Modified: trunk/src/plugins/preauth/encrypted_challenge/Makefile.in =================================================================== --- trunk/src/plugins/preauth/encrypted_challenge/Makefile.in 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/plugins/preauth/encrypted_challenge/Makefile.in 2009-06-08 10:01:57 UTC (rev 22406) @@ -29,7 +29,7 @@ SRCS= $(srcdir)/encrypted_challenge_main.c -all-unix:: $(LIBBASE)$(SO_EXT) +all-unix:: all-liblinks install-unix:: install-libs clean-unix:: clean-libs clean-libobjs Modified: trunk/src/plugins/preauth/pkinit/Makefile.in =================================================================== --- trunk/src/plugins/preauth/pkinit/Makefile.in 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/plugins/preauth/pkinit/Makefile.in 2009-06-08 10:01:57 UTC (rev 22406) @@ -46,7 +46,7 @@ $(srcdir)/pkinit_matching.c \ $(srcdir)/pkinit_crypto_openssl.c -all-unix:: $(LIBBASE)$(SO_EXT) +all-unix:: all-liblinks install-unix:: install-libs clean-unix:: clean-libs clean-libobjs Modified: trunk/src/plugins/preauth/pkinit/pkinit_clnt.c =================================================================== --- trunk/src/plugins/preauth/pkinit/pkinit_clnt.c 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/plugins/preauth/pkinit/pkinit_clnt.c 2009-06-08 10:01:57 UTC (rev 22406) @@ -1489,7 +1489,11 @@ return 0; } -struct krb5plugin_preauth_client_ftable_v1 preauthentication_client_1 = { +/* Only necessary for static plugin linking support. */ +#include "k5-plugin.h" + +struct krb5plugin_preauth_client_ftable_v1 +PLUGIN_SYMBOL_NAME(krb5_preauth, preauthentication_client_1) = { "pkinit", /* name */ supported_client_pa_types, /* pa_type_list */ NULL, /* enctype_list */ Modified: trunk/src/plugins/preauth/pkinit/pkinit_srv.c =================================================================== --- trunk/src/plugins/preauth/pkinit/pkinit_srv.c 2009-06-08 09:43:45 UTC (rev 22405) +++ trunk/src/plugins/preauth/pkinit/pkinit_srv.c 2009-06-08 10:01:57 UTC (rev 22406) @@ -1409,7 +1409,11 @@ free(reqctx); } -struct krb5plugin_preauth_server_ftable_v1 preauthentication_server_1 = { +/* Only necessary for static plugin linking support. */ +#include "k5-plugin.h" + +struct krb5plugin_preauth_server_ftable_v1 +PLUGIN_SYMBOL_NAME(krb5_pkinit, preauthentication_server_1) = { "pkinit", /* name */ supported_server_pa_types, /* pa_type_list */ pkinit_server_plugin_init, /* (*init_proc) */ From ghudson at MIT.EDU Mon Jun 8 15:11:35 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 8 Jun 2009 15:11:35 -0400 Subject: svn rev #22407: trunk/src/lib/kdb/ Message-ID: <200906081911.n58JBZw8016349@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22407 Commit By: ghudson Log Message: In kdb5.c, remove calls to the locking macros which were stubbed out in r17612. Changed Files: U trunk/src/lib/kdb/kdb5.c Modified: trunk/src/lib/kdb/kdb5.c =================================================================== --- trunk/src/lib/kdb/kdb5.c 2009-06-08 10:01:57 UTC (rev 22406) +++ trunk/src/lib/kdb/kdb5.c 2009-06-08 19:11:35 UTC (rev 22407) @@ -167,11 +167,6 @@ } } -#define kdb_init_lib_lock(a) 0 -#define kdb_destroy_lib_lock(a) (void)0 -#define kdb_lock_lib_lock(a, b) 0 -#define kdb_unlock_lib_lock(a, b) (void)0 - /* Caller must free result*/ static char * @@ -346,10 +341,6 @@ if (lib == NULL) return ENOMEM; - status = kdb_init_lib_lock(*lib); - if (status) - goto cleanup; - strlcpy(lib->name, lib_name, sizeof(lib->name)); memcpy(&lib->vftabl, vftabl_addr, sizeof(kdb_vftabl)); kdb_setup_opt_functions(lib); @@ -398,11 +389,6 @@ goto clean_n_exit; } - status = kdb_init_lib_lock(*lib); - if (status) { - goto clean_n_exit; - } - strlcpy((*lib)->name, lib_name, sizeof((*lib)->name)); /* Fetch the list of directories specified in the config @@ -470,7 +456,6 @@ free(path); if (status) { if (*lib) { - kdb_destroy_lib_lock(*lib); if (PLUGIN_DIR_OPEN((&(*lib)->dl_dir_handle))) { krb5int_close_plugin_dirs (&(*lib)->dl_dir_handle); } @@ -562,8 +547,6 @@ krb5int_close_plugin_dirs (&lib->dl_dir_handle); } - kdb_destroy_lib_lock(lib); - if (lib->prev == NULL) { /* first element in the list */ lib_list = lib->next; @@ -690,18 +673,12 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } status = dal_handle->lib_handle->vftabl.init_module(kcontext, section, db_args, mode); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); - clean_n_exit: if (section) free(section); @@ -739,17 +716,10 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_create(kcontext, section, db_args); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); - clean_n_exit: if (section) free(section); @@ -768,16 +738,9 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.fini_module(kcontext); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { goto clean_n_exit; } @@ -812,15 +775,9 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_destroy(kcontext, section, db_args); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: if (section) @@ -842,14 +799,8 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_get_age(kcontext, db_name, t); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -869,15 +820,9 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_set_option(kcontext, option, value); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -897,18 +842,9 @@ } dal_handle = kcontext->dal_handle; - /* acquire an exclusive lock, ensures no other thread uses this context */ - status = kdb_lock_lib_lock(dal_handle->lib_handle, TRUE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_lock(kcontext, lock_mode); get_errmsg(kcontext, status); - /* exclusive lock is still held, so no other thread could use this context */ - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); - clean_n_exit: return status; } @@ -927,17 +863,9 @@ } dal_handle = kcontext->dal_handle; - /* normal lock acquired and exclusive lock released */ - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_unlock(kcontext); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, TRUE); - clean_n_exit: return status; } @@ -959,17 +887,11 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, 0, entries, nentries, more); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -993,17 +915,11 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, flags, entries, nentries, more); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -1023,16 +939,10 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_free_principal(kcontext, entry, count); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -1171,14 +1081,7 @@ goto clean_n_exit; dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - /* - * We need the lock since ulog_conv_2logentry() does a get - */ if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) { if (!(upd = (kdb_incr_update_t *) malloc(sizeof (kdb_incr_update_t)* *nentries))) { @@ -1200,9 +1103,6 @@ ulog_locked = 1; for (i = 0; i < *nentries; i++) { - /* - * We'll be sharing the same locks as db for logging - */ if (fupd) { if ((status = krb5_unparse_name(kcontext, entries->princ, &princ_name))) @@ -1232,8 +1132,6 @@ if (ulog_locked) ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); - clean_n_exit: free_db_args(kcontext, db_args); @@ -1282,16 +1180,9 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = ulog_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE); - if (status) { - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); + if (status) return status; - } /* * We'll be sharing the same locks as db for logging @@ -1299,7 +1190,6 @@ if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) { if ((status = krb5_unparse_name(kcontext, search_for, &princ_name))) { ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); - (void) kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); return status; } @@ -1311,7 +1201,6 @@ if ((status = ulog_delete_update(kcontext, &upd)) != 0) { ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); free(princ_name); - (void) kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); return status; } @@ -1331,7 +1220,6 @@ (void) ulog_finish_update(kcontext, &upd); ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -1354,16 +1242,10 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_iterate(kcontext, match_entry, func, func_arg); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -1383,15 +1265,9 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_supported_realms(kcontext, realms); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -1411,16 +1287,10 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_free_supported_realms(kcontext, realms); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -1441,16 +1311,9 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.set_master_key(kcontext, pwd, key); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); - clean_n_exit: return status; } @@ -1476,16 +1339,9 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.set_master_key_list(kcontext, keylist); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); - clean_n_exit: return status; } @@ -1504,16 +1360,10 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - /* Let's use temp key and copy it later to avoid memory problems when freed by the caller. */ status = dal_handle->lib_handle->vftabl.get_master_key(kcontext, key); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -1533,16 +1383,10 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - /* Let's use temp key and copy it later to avoid memory problems when freed by the caller. */ status = dal_handle->lib_handle->vftabl.get_master_key_list(kcontext, keylist); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -1566,18 +1410,12 @@ } dal_handle = context->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.fetch_master_key_list(context, mname, mkey, mkvno, mkey_list); get_errmsg(context, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); if (status) { goto clean_n_exit; @@ -1621,18 +1459,12 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.store_master_key(kcontext, keyfile, mname, kvno, key, master_pwd); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -1656,18 +1488,12 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.store_master_key_list(kcontext, keyfile, mname, keylist, master_pwd); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -1754,10 +1580,6 @@ } dal_handle = context->dal_handle; - retval = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (retval) { - goto clean_n_exit; - } /* get the enctype from the stash */ tmp_key.enctype = ENCTYPE_UNKNOWN; @@ -1768,7 +1590,6 @@ kvno, db_args); get_errmsg(context, retval); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); if (retval) { goto clean_n_exit; @@ -1811,17 +1632,11 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.verify_master_key(kcontext, mprinc, kvno, mkey); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -2067,11 +1882,6 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.dbe_search_enctype(kcontext, dbentp, start, @@ -2079,7 +1889,6 @@ stype, kvno, kdatap); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -2734,11 +2543,6 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_change_pwd(kcontext, master_key, ks_tuple, @@ -2747,7 +2551,6 @@ new_kvno, keepold, db_entry); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -2768,14 +2571,8 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_create_policy(kcontext, policy); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -2796,16 +2593,10 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_get_policy(kcontext, name, policy, cnt); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -2825,14 +2616,8 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_put_policy(kcontext, policy); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -2853,16 +2638,10 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_iter_policy(kcontext, match_entry, func, data); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -2882,14 +2661,8 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_delete_policy(kcontext, policy); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -2909,14 +2682,8 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - dal_handle->lib_handle->vftabl.db_free_policy(kcontext, policy); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return; @@ -2946,15 +2713,9 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.promote_db(kcontext, section, db_args); get_errmsg(kcontext, status); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: if (section) @@ -2980,15 +2741,9 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.dbekd_decrypt_key_data(kcontext, mkey, key_data, dbkey, keysalt); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -3013,15 +2768,9 @@ } dal_handle = kcontext->dal_handle; - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.dbekd_encrypt_key_data(kcontext, mkey, dbkey, keysalt, keyver, key_data); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; @@ -3068,17 +2817,11 @@ goto clean_n_exit; } - status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); - if (status) { - goto clean_n_exit; - } - status = dal_handle->lib_handle->vftabl.db_invoke(kcontext, method, req, rep); - kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); clean_n_exit: return status; From ghudson at MIT.EDU Mon Jun 8 16:14:58 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Mon, 8 Jun 2009 16:14:58 -0400 Subject: svn rev #22408: trunk/src/lib/kdb/ Message-ID: <200906082014.n58KEw09021476@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22408 Commit By: ghudson Log Message: Clean up and simplify kdb5.c; no functional changes. Changed Files: U trunk/src/lib/kdb/kdb5.c Modified: trunk/src/lib/kdb/kdb5.c =================================================================== --- trunk/src/lib/kdb/kdb5.c 2009-06-08 19:11:35 UTC (rev 22407) +++ trunk/src/lib/kdb/kdb5.c 2009-06-08 20:14:58 UTC (rev 22408) @@ -220,9 +220,8 @@ /* default value is the realm name itself */ kcontext->default_realm, &value); - if (status) { + if (status) goto clean_n_exit; - } #define DB2_NAME "db2" /* we got the module section. Get the library name from the module */ @@ -237,77 +236,43 @@ } result = strdup(lib); - clean_n_exit: - if (value) { - /* free profile string */ - profile_release_string(value); - } - - if (lib) { - /* free profile string */ - profile_release_string(lib); - } +clean_n_exit: + profile_release_string(value); + profile_release_string(lib); return result; } static void kdb_setup_opt_functions(db_library lib) { - if (lib->vftabl.set_master_key == NULL) { + if (lib->vftabl.set_master_key == NULL) lib->vftabl.set_master_key = kdb_def_set_mkey; - } - - if (lib->vftabl.set_master_key_list == NULL) { + if (lib->vftabl.set_master_key_list == NULL) lib->vftabl.set_master_key_list = kdb_def_set_mkey_list; - } - - if (lib->vftabl.get_master_key == NULL) { + if (lib->vftabl.get_master_key == NULL) lib->vftabl.get_master_key = kdb_def_get_mkey; - } - - if (lib->vftabl.get_master_key_list == NULL) { + if (lib->vftabl.get_master_key_list == NULL) lib->vftabl.get_master_key_list = kdb_def_get_mkey_list; - } - - if (lib->vftabl.fetch_master_key == NULL) { + if (lib->vftabl.fetch_master_key == NULL) lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey; - } - - if (lib->vftabl.verify_master_key == NULL) { + if (lib->vftabl.verify_master_key == NULL) lib->vftabl.verify_master_key = krb5_def_verify_master_key; - } - - if (lib->vftabl.fetch_master_key_list == NULL) { + if (lib->vftabl.fetch_master_key_list == NULL) lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list; - } - - if (lib->vftabl.store_master_key_list == NULL) { + if (lib->vftabl.store_master_key_list == NULL) lib->vftabl.store_master_key_list = krb5_def_store_mkey_list; - } - - if (lib->vftabl.dbe_search_enctype == NULL) { + if (lib->vftabl.dbe_search_enctype == NULL) lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype; - } - - if (lib->vftabl.db_change_pwd == NULL) { + if (lib->vftabl.db_change_pwd == NULL) lib->vftabl.db_change_pwd = krb5_dbe_def_cpw; - } - - if (lib->vftabl.store_master_key == NULL) { + if (lib->vftabl.store_master_key == NULL) lib->vftabl.store_master_key = krb5_def_store_mkey; - } - - if (lib->vftabl.promote_db == NULL) { + if (lib->vftabl.promote_db == NULL) lib->vftabl.promote_db = krb5_def_promote_db; - } - - if (lib->vftabl.dbekd_decrypt_key_data == NULL) { + if (lib->vftabl.dbekd_decrypt_key_data == NULL) lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data; - } - - if (lib->vftabl.dbekd_encrypt_key_data == NULL) { + if (lib->vftabl.dbekd_encrypt_key_data == NULL) lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data; - } } #ifdef STATIC_PLUGINS @@ -384,10 +349,8 @@ filebases[1] = NULL; *lib = calloc((size_t) 1, sizeof(**lib)); - if (*lib == NULL) { - status = ENOMEM; - goto clean_n_exit; - } + if (*lib == NULL) + return ENOMEM; strlcpy((*lib)->name, lib_name, sizeof((*lib)->name)); @@ -444,24 +407,19 @@ memcpy(&(*lib)->vftabl, vftabl_addrs[0], sizeof(kdb_vftabl)); kdb_setup_opt_functions(*lib); - if ((status = (*lib)->vftabl.init_library())) { - /* ERROR. library not initialized cleanly */ + if ((status = (*lib)->vftabl.init_library())) goto clean_n_exit; - } clean_n_exit: - if (vftabl_addrs != NULL) { krb5int_free_plugin_dir_data (vftabl_addrs); } + krb5int_free_plugin_dir_data(vftabl_addrs); /* Both of these DTRT with NULL. */ profile_free_list(profpath); free(path); - if (status) { - if (*lib) { - if (PLUGIN_DIR_OPEN((&(*lib)->dl_dir_handle))) { - krb5int_close_plugin_dirs (&(*lib)->dl_dir_handle); - } - free(*lib); - *lib = NULL; - } + if (status && *lib) { + if (PLUGIN_DIR_OPEN((&(*lib)->dl_dir_handle))) + krb5int_close_plugin_dirs (&(*lib)->dl_dir_handle); + free(*lib); + *lib = NULL; } return status; } @@ -482,9 +440,8 @@ kdb_db2_pol_err_loaded = 1; } - if ((status = kdb_lock_list()) != 0) { + if ((status = kdb_lock_list()) != 0) goto clean_n_exit; - } locked = 1; curr_elt = lib_list; @@ -499,9 +456,8 @@ /* module not found. create and add to list */ status = kdb_load_library(kcontext, lib_name, lib); - if (status) { + if (status) goto clean_n_exit; - } if (prev_elt) { /* prev_elt points to the last element in the list */ @@ -511,14 +467,12 @@ lib_list = *lib; } - clean_n_exit: - if (*lib) { +clean_n_exit: + if (*lib) (*lib)->reference_cnt++; - } - if (locked) { + if (locked) kdb_unlock_list(); - } return status; } @@ -529,41 +483,34 @@ krb5_error_code status = 0; int locked = 0; - if ((status = kdb_lock_list()) != 0) { + if ((status = kdb_lock_list()) != 0) goto clean_n_exit; - } locked = 1; lib->reference_cnt--; if (lib->reference_cnt == 0) { status = lib->vftabl.fini_library(); - if (status) { + if (status) goto clean_n_exit; - } /* close the library */ - if (PLUGIN_DIR_OPEN((&lib->dl_dir_handle))) { + if (PLUGIN_DIR_OPEN((&lib->dl_dir_handle))) krb5int_close_plugin_dirs (&lib->dl_dir_handle); - } - if (lib->prev == NULL) { - /* first element in the list */ - lib_list = lib->next; - } else { + if (lib->prev == NULL) + lib_list = lib->next; /* first element in the list */ + else lib->prev->next = lib->next; - } - if (lib->next) { + if (lib->next) lib->next->prev = lib->prev; - } free(lib); } - clean_n_exit: - if (locked) { +clean_n_exit: + if (locked) kdb_unlock_list(); - } return status; } @@ -589,21 +536,19 @@ } status = kdb_find_library(kcontext, library, &lib); - if (status) { + if (status) goto clean_n_exit; - } dal_handle->lib_handle = lib; kcontext->dal_handle = dal_handle; - clean_n_exit: +clean_n_exit: free(library); if (status) { free(dal_handle); - if (lib) { + if (lib) kdb_free_library(lib); - } } return status; @@ -615,37 +560,48 @@ krb5_error_code status = 0; status = kdb_free_library(kcontext->dal_handle->lib_handle); - if (status) { - goto clean_n_exit; - } + if (status) + return status; free(kcontext->dal_handle); kcontext->dal_handle = NULL; - - clean_n_exit: - return status; + return 0; } static void -get_errmsg (krb5_context kcontext, krb5_error_code err_code) +get_errmsg(krb5_context kcontext, krb5_error_code err_code) { - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; const char *e; + if (err_code == 0) return; - assert(kcontext != NULL); - /* Must be called with dal_handle->lib_handle locked! */ - assert(kcontext->dal_handle != NULL); - dal_handle = kcontext->dal_handle; - if (dal_handle->lib_handle->vftabl.errcode_2_string == NULL) + assert(kcontext != NULL && kcontext->dal_handle != NULL); + v = &kcontext->dal_handle->lib_handle->vftabl; + if (v->errcode_2_string == NULL) return; - e = dal_handle->lib_handle->vftabl.errcode_2_string(kcontext, err_code); + e = v->errcode_2_string(kcontext, err_code); assert (e != NULL); krb5_set_error_message(kcontext, err_code, "%s", e); - if (dal_handle->lib_handle->vftabl.release_errcode_string) - dal_handle->lib_handle->vftabl.release_errcode_string(kcontext, e); + if (v->release_errcode_string) + v->release_errcode_string(kcontext, e); } +static krb5_error_code +get_vftabl(krb5_context kcontext, kdb_vftabl **vftabl_ptr) +{ + krb5_error_code status; + + *vftabl_ptr = NULL; + if (kcontext->dal_handle == NULL) { + status = krb5_db_setup_lib_handle(kcontext); + if (status) + return status; + } + *vftabl_ptr = &kcontext->dal_handle->lib_handle->vftabl; + return 0; +} + /* * External functions... DAL API */ @@ -654,7 +610,7 @@ { krb5_error_code status = 0; char *section = NULL; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; section = kdb_get_conf_section(kcontext); if (section == NULL) { @@ -665,21 +621,13 @@ goto clean_n_exit; } - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - - status = - dal_handle->lib_handle->vftabl.init_module(kcontext, section, db_args, - mode); + status = get_vftabl(kcontext, &v); + if (status) + goto clean_n_exit; + status = v->init_module(kcontext, section, db_args, mode); get_errmsg(kcontext, status); - clean_n_exit: +clean_n_exit: if (section) free(section); return status; @@ -697,7 +645,7 @@ { krb5_error_code status = 0; char *section = NULL; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; section = kdb_get_conf_section(kcontext); if (section == NULL) { @@ -708,19 +656,13 @@ goto clean_n_exit; } - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.db_create(kcontext, section, db_args); + status = get_vftabl(kcontext, &v); + if (status) + goto clean_n_exit; + status = v->db_create(kcontext, section, db_args); get_errmsg(kcontext, status); - clean_n_exit: +clean_n_exit: if (section) free(section); return status; @@ -730,25 +672,20 @@ krb5_db_fini(krb5_context kcontext) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - /* module not loaded. So nothing to be done */ - goto clean_n_exit; - } + /* Do nothing if module was never loaded. */ + if (kcontext->dal_handle == NULL) + return 0; - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.fini_module(kcontext); + v = &kcontext->dal_handle->lib_handle->vftabl; + status = v->fini_module(kcontext); get_errmsg(kcontext, status); - if (status) { - goto clean_n_exit; - } + if (status) + return status; - status = kdb_free_lib_handle(kcontext); - - clean_n_exit: - return status; + return kdb_free_lib_handle(kcontext); } krb5_error_code @@ -756,7 +693,7 @@ { krb5_error_code status = 0; char *section = NULL; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; section = kdb_get_conf_section(kcontext); if (section == NULL) { @@ -767,19 +704,13 @@ goto clean_n_exit; } - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.db_destroy(kcontext, section, db_args); + status = get_vftabl(kcontext, &v); + if (status) + goto clean_n_exit; + status = v->db_destroy(kcontext, section, db_args); get_errmsg(kcontext, status); - clean_n_exit: +clean_n_exit: if (section) free(section); return status; @@ -789,20 +720,13 @@ krb5_db_get_age(krb5_context kcontext, char *db_name, time_t * t) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.db_get_age(kcontext, db_name, t); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_get_age(kcontext, db_name, t); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -810,21 +734,13 @@ krb5_db_set_option(krb5_context kcontext, int option, void *value) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.db_set_option(kcontext, option, value); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_set_option(kcontext, option, value); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -832,20 +748,13 @@ krb5_db_lock(krb5_context kcontext, int lock_mode) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.db_lock(kcontext, lock_mode); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_lock(kcontext, lock_mode); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -853,20 +762,13 @@ krb5_db_unlock(krb5_context kcontext) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.db_unlock(kcontext); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_unlock(kcontext); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -877,23 +779,14 @@ int *nentries, krb5_boolean * more) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, 0, - entries, nentries, - more); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_get_principal(kcontext, search_for, 0, entries, nentries, + more); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -905,46 +798,26 @@ int *nentries, krb5_boolean * more) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, - flags, - entries, nentries, - more); - - clean_n_exit: - return status; + status = get_vftabl(kcontext, &v); + if (status) + return status; + return v->db_get_principal(kcontext, search_for, flags, entries, nentries, + more); } krb5_error_code krb5_db_free_principal(krb5_context kcontext, krb5_db_entry * entry, int count) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.db_free_principal(kcontext, entry, - count); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_free_principal(kcontext, entry, count); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -1032,21 +905,19 @@ krb5int_put_principal_no_log(krb5_context kcontext, krb5_db_entry *entries, int *nentries) { - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; krb5_error_code status; char **db_args; + status = get_vftabl(kcontext, &v); + if (status) + return status; status = extract_db_args_from_tl_data(kcontext, &entries->tl_data, &entries->n_tl_data, &db_args); if (status) return status; - assert (kcontext->dal_handle != NULL); /* XXX */ - dal_handle = kcontext->dal_handle; - /* XXX Locking? */ - status = dal_handle->lib_handle->vftabl.db_put_principal(kcontext, entries, - nentries, - db_args); + status = v->db_put_principal(kcontext, entries, nentries, db_args); get_errmsg(kcontext, status); free_db_args(kcontext, db_args); return status; @@ -1057,7 +928,7 @@ krb5_db_entry * entries, int *nentries) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; char **db_args = NULL; kdb_incr_update_t *upd, *fupd = 0; char *princ_name = NULL; @@ -1067,12 +938,9 @@ log_ctx = kcontext->kdblog_context; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } + status = get_vftabl(kcontext, &v); + if (status) + goto clean_n_exit; status = extract_db_args_from_tl_data(kcontext, &entries->tl_data, &entries->n_tl_data, @@ -1080,8 +948,6 @@ if (status) goto clean_n_exit; - dal_handle = kcontext->dal_handle; - if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) { if (!(upd = (kdb_incr_update_t *) malloc(sizeof (kdb_incr_update_t)* *nentries))) { @@ -1092,9 +958,8 @@ (void) memset(upd, 0, sizeof(kdb_incr_update_t)* *nentries); - if ((status = ulog_conv_2logentry(kcontext, entries, upd, *nentries))) { + if ((status = ulog_conv_2logentry(kcontext, entries, upd, *nentries))) goto err_lock; - } } status = ulog_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE); @@ -1117,9 +982,7 @@ } } - status = dal_handle->lib_handle->vftabl.db_put_principal(kcontext, entries, - nentries, - db_args); + status = v->db_put_principal(kcontext, entries, nentries, db_args); get_errmsg(kcontext, status); if (status == 0 && fupd) { upd = fupd; @@ -1132,7 +995,7 @@ if (ulog_locked) ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); - clean_n_exit: +clean_n_exit: free_db_args(kcontext, db_args); if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) @@ -1146,16 +1009,13 @@ krb5_principal search_for, int *nentries) { - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; krb5_error_code status; - assert (kcontext->dal_handle != NULL); /* XXX */ - - dal_handle = kcontext->dal_handle; - /* XXX Locking? */ - status = dal_handle->lib_handle->vftabl.db_delete_principal(kcontext, - search_for, - nentries); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_delete_principal(kcontext, search_for, nentries); get_errmsg(kcontext, status); return status; } @@ -1165,21 +1025,16 @@ krb5_principal search_for, int *nentries) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; kdb_incr_update_t upd; char *princ_name = NULL; kdb_log_context *log_ctx; log_ctx = kcontext->kdblog_context; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; + status = get_vftabl(kcontext, &v); + if (status) + return status; status = ulog_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE); if (status) return status; @@ -1207,9 +1062,7 @@ free(princ_name); } - status = dal_handle->lib_handle->vftabl.db_delete_principal(kcontext, - search_for, - nentries); + status = v->db_delete_principal(kcontext, search_for, nentries); get_errmsg(kcontext, status); /* @@ -1221,7 +1074,6 @@ ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK); - clean_n_exit: return status; } @@ -1232,22 +1084,13 @@ krb5_pointer func_arg) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.db_iterate(kcontext, - match_entry, - func, func_arg); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_iterate(kcontext, match_entry, func, func_arg); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -1255,21 +1098,13 @@ krb5_supported_realms(krb5_context kcontext, char **realms) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.db_supported_realms(kcontext, realms); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_supported_realms(kcontext, realms); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -1277,22 +1112,13 @@ krb5_free_supported_realms(krb5_context kcontext, char **realms) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.db_free_supported_realms(kcontext, - realms); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_free_supported_realms(kcontext, realms); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -1301,20 +1127,13 @@ char *pwd, krb5_keyblock * key) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.set_master_key(kcontext, pwd, key); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->set_master_key(kcontext, pwd, key); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -1329,20 +1148,13 @@ krb5_keylist_node * keylist) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.set_master_key_list(kcontext, keylist); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->set_master_key_list(kcontext, keylist); get_errmsg(kcontext, status); - -clean_n_exit: return status; } @@ -1350,22 +1162,13 @@ krb5_db_get_mkey(krb5_context kcontext, krb5_keyblock ** key) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - /* Let's use temp key and copy it later to avoid memory problems - when freed by the caller. */ - status = dal_handle->lib_handle->vftabl.get_master_key(kcontext, key); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->get_master_key(kcontext, key); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -1373,22 +1176,13 @@ krb5_db_get_mkey_list(krb5_context kcontext, krb5_keylist_node ** keylist) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - /* Let's use temp key and copy it later to avoid memory problems - when freed by the caller. */ - status = dal_handle->lib_handle->vftabl.get_master_key_list(kcontext, keylist); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->get_master_key_list(kcontext, keylist); get_errmsg(kcontext, status); - -clean_n_exit: return status; } @@ -1399,29 +1193,14 @@ krb5_kvno mkvno, krb5_keylist_node **mkey_list) { - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; krb5_error_code status = 0; - if (context->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(context); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = context->dal_handle; - status = dal_handle->lib_handle->vftabl.fetch_master_key_list(context, - mname, - mkey, - mkvno, - mkey_list); + status = get_vftabl(context, &v); + if (status) + return status; + status = v->fetch_master_key_list(context, mname, mkey, mkvno, mkey_list); get_errmsg(context, status); - - if (status) { - goto clean_n_exit; - } - -clean_n_exit: return status; } @@ -1449,24 +1228,14 @@ krb5_keyblock * key, char *master_pwd) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.store_master_key(kcontext, - keyfile, - mname, - kvno, - key, master_pwd); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->store_master_key(kcontext, keyfile, mname, kvno, key, + master_pwd); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -1478,24 +1247,14 @@ char *master_pwd) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.store_master_key_list(kcontext, - keyfile, - mname, - keylist, - master_pwd); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->store_master_key_list(kcontext, keyfile, mname, keylist, + master_pwd); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -1570,30 +1329,23 @@ zap(password, sizeof(password)); /* erase it */ } else { - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; if (context->dal_handle == NULL) { retval = krb5_db_setup_lib_handle(context); - if (retval) { + if (retval) goto clean_n_exit; - } } - dal_handle = context->dal_handle; - /* get the enctype from the stash */ tmp_key.enctype = ENCTYPE_UNKNOWN; - retval = dal_handle->lib_handle->vftabl.fetch_master_key(context, - mname, - &tmp_key, - kvno, - db_args); + v = &context->dal_handle->lib_handle->vftabl; + retval = v->fetch_master_key(context, mname, &tmp_key, kvno, db_args); get_errmsg(context, retval); - if (retval) { + if (retval) goto clean_n_exit; - } key->contents = malloc(tmp_key.length); if (key->contents == NULL) { @@ -1607,7 +1359,7 @@ memcpy(key->contents, tmp_key.contents, tmp_key.length); } - clean_n_exit: +clean_n_exit: if (tmp_key.contents) { zap(tmp_key.contents, tmp_key.length); krb5_db_free(context, tmp_key.contents); @@ -1622,23 +1374,13 @@ krb5_keyblock * mkey) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.verify_master_key(kcontext, - mprinc, - kvno, - mkey); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->verify_master_key(kcontext, mprinc, kvno, mkey); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -1756,12 +1498,11 @@ * The end of the list was encountered and all entries are < now so use * the latest entry. */ - if (prev_actkvno->act_time <= now) { + if (prev_actkvno->act_time <= now) tmp_act_kvno = prev_actkvno->act_kvno; - } else { - /* XXX this shouldn't happen */ - return (KRB5_KDB_NOACTMASTERKEY); - } + else + return KRB5_KDB_NOACTMASTERKEY; /* This shouldn't happen. */ + } while (cur_keyblock && cur_keyblock->kvno != tmp_act_kvno) @@ -1773,7 +1514,7 @@ *act_kvno = tmp_act_kvno; return (0); } else { - return (KRB5_KDB_NO_MATCHING_KEY); + return KRB5_KDB_NO_MATCHING_KEY; } } @@ -1802,7 +1543,7 @@ *mkey = &cur_keyblock->keyblock; return (0); } else { - return (KRB5_KDB_NO_MATCHING_KEY); + return KRB5_KDB_NO_MATCHING_KEY; } } @@ -1810,43 +1551,24 @@ krb5_db_alloc(krb5_context kcontext, void *ptr, size_t size) { krb5_error_code status; - kdb5_dal_handle *dal_handle; - void *new_ptr = NULL; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - - new_ptr = dal_handle->lib_handle->vftabl.db_alloc(kcontext, ptr, size); - - clean_n_exit: - return new_ptr; + status = get_vftabl(kcontext, &v); + if (status) + return NULL; + return v->db_alloc(kcontext, ptr, size); } void krb5_db_free(krb5_context kcontext, void *ptr) { krb5_error_code status; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - - dal_handle->lib_handle->vftabl.db_free(kcontext, ptr); - - clean_n_exit: - return; + status = get_vftabl(kcontext, &v); + if (status) + return; + v->db_free(kcontext, ptr); } /* has to be modified */ @@ -1872,25 +1594,14 @@ krb5_int32 kvno, krb5_key_data ** kdatap) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.dbe_search_enctype(kcontext, - dbentp, - start, - ktype, - stype, - kvno, kdatap); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->dbe_search_enctype(kcontext, dbentp, start, ktype, stype, + kvno, kdatap); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -2227,9 +1938,8 @@ } tl_data.tl_data_contents = (krb5_octet *) malloc(tl_data.tl_data_length); - if (tl_data.tl_data_contents == NULL) { + if (tl_data.tl_data_contents == NULL) return (ENOMEM); - } nextloc = tl_data.tl_data_contents; version = KRB5_TL_MKEY_AUX_VER; @@ -2362,16 +2072,15 @@ const krb5_actkvno_node *cur_actkvno; krb5_octet *tmpptr; - if (actkvno_list == NULL) { - return (EINVAL); - } + if (actkvno_list == NULL) + return EINVAL; memset(&new_tl_data, 0, sizeof(new_tl_data)); /* allocate initial KRB5_TL_ACTKVNO tl_data entry */ new_tl_data.tl_data_length = sizeof(version); new_tl_data.tl_data_contents = (krb5_octet *) malloc(new_tl_data.tl_data_length); if (new_tl_data.tl_data_contents == NULL) - return (ENOMEM); + return ENOMEM; /* add the current version # for the data format used for KRB5_TL_ACTKVNO */ version = KRB5_TL_ACTKVNO_VER; @@ -2384,7 +2093,7 @@ tmpptr = realloc(new_tl_data.tl_data_contents, new_tl_data.tl_data_length); if (tmpptr == NULL) { free(new_tl_data.tl_data_contents); - return (ENOMEM); + return ENOMEM; } else { new_tl_data.tl_data_contents = tmpptr; } @@ -2497,10 +2206,8 @@ /* If necessary, chain a new record in the beginning and point at it. */ if (!tl_data) { - if ((tl_data = - (krb5_tl_data *) krb5_db_alloc(context, NULL, - sizeof(krb5_tl_data))) - == NULL) { + tl_data = krb5_db_alloc(context, NULL, sizeof(krb5_tl_data)); + if (tl_data == NULL) { free(tmp); return (ENOMEM); } @@ -2533,26 +2240,14 @@ int new_kvno, krb5_boolean keepold, krb5_db_entry * db_entry) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.db_change_pwd(kcontext, - master_key, - ks_tuple, - ks_tuple_count, - passwd, - new_kvno, - keepold, db_entry); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_change_pwd(kcontext, master_key, ks_tuple, ks_tuple_count, + passwd, new_kvno, keepold, db_entry); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -2561,20 +2256,13 @@ krb5_db_create_policy(krb5_context kcontext, osa_policy_ent_t policy) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.db_create_policy(kcontext, policy); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_create_policy(kcontext, policy); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -2583,22 +2271,13 @@ osa_policy_ent_t * policy, int *cnt) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.db_get_policy(kcontext, name, policy, - cnt); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_get_policy(kcontext, name, policy, cnt); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -2606,20 +2285,13 @@ krb5_db_put_policy(krb5_context kcontext, osa_policy_ent_t policy) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.db_put_policy(kcontext, policy); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_put_policy(kcontext, policy); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -2628,22 +2300,13 @@ osa_adb_iter_policy_func func, void *data) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.db_iter_policy(kcontext, match_entry, - func, data); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_iter_policy(kcontext, match_entry, func, data); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -2651,20 +2314,13 @@ krb5_db_delete_policy(krb5_context kcontext, char *policy) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = dal_handle->lib_handle->vftabl.db_delete_policy(kcontext, policy); + status = get_vftabl(kcontext, &v); + if (status) + return status; + status = v->db_delete_policy(kcontext, policy); get_errmsg(kcontext, status); - - clean_n_exit: return status; } @@ -2672,21 +2328,13 @@ krb5_db_free_policy(krb5_context kcontext, osa_policy_ent_t policy) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - dal_handle->lib_handle->vftabl.db_free_policy(kcontext, policy); + status = get_vftabl(kcontext, &v); + if (status) + return; + v->db_free_policy(kcontext, policy); get_errmsg(kcontext, status); - - clean_n_exit: - return; } krb5_error_code @@ -2694,7 +2342,7 @@ { krb5_error_code status = 0; char *section = NULL; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; section = kdb_get_conf_section(kcontext); if (section == NULL) { @@ -2705,21 +2353,14 @@ goto clean_n_exit; } - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.promote_db(kcontext, section, db_args); + status = get_vftabl(kcontext, &v); + if (status) + goto clean_n_exit; + status = v->promote_db(kcontext, section, db_args); get_errmsg(kcontext, status); - clean_n_exit: - if (section) - free(section); +clean_n_exit: + free(section); return status; } @@ -2731,22 +2372,12 @@ krb5_keysalt * keysalt) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.dbekd_decrypt_key_data(kcontext, - mkey, key_data, dbkey, keysalt); - - clean_n_exit: - return status; + status = get_vftabl(kcontext, &v); + if (status) + return status; + return v->dbekd_decrypt_key_data(kcontext, mkey, key_data, dbkey, keysalt); } krb5_error_code @@ -2758,32 +2389,21 @@ krb5_key_data * key_data) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - status = - dal_handle->lib_handle->vftabl.dbekd_encrypt_key_data(kcontext, - mkey, dbkey, keysalt, keyver, key_data); - - clean_n_exit: - return status; + status = get_vftabl(kcontext, &v); + if (status) + return status; + return v->dbekd_encrypt_key_data(kcontext, mkey, dbkey, keysalt, keyver, + key_data); } krb5_error_code krb5_db_get_context(krb5_context context, void **db_context) { *db_context = KRB5_DB_GET_DB_CONTEXT(context); - if (*db_context == NULL) { + if (*db_context == NULL) return KRB5_KDB_DBNOTINITED; - } - return 0; } @@ -2802,28 +2422,12 @@ krb5_data *rep) { krb5_error_code status = 0; - kdb5_dal_handle *dal_handle; + kdb_vftabl *v; - if (kcontext->dal_handle == NULL) { - status = krb5_db_setup_lib_handle(kcontext); - if (status) { - goto clean_n_exit; - } - } - - dal_handle = kcontext->dal_handle; - if (dal_handle->lib_handle->vftabl.db_invoke == NULL) { - status = KRB5_KDB_DBTYPE_NOSUP; - goto clean_n_exit; - } - - status = - dal_handle->lib_handle->vftabl.db_invoke(kcontext, - method, - req, - rep); - - clean_n_exit: - return status; + status = get_vftabl(kcontext, &v); + if (status) + return status; + if (v->db_invoke == NULL) + return KRB5_KDB_DBTYPE_NOSUP; + return v->db_invoke(kcontext, method, req, rep); } - From epeisach at MIT.EDU Tue Jun 9 22:55:23 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Tue, 9 Jun 2009 22:55:23 -0400 Subject: svn rev #22409: trunk/src/lib/krb5/krb/ Message-ID: <200906100255.n5A2tN1k031957@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22409 Commit By: epeisach Log Message: ticket: 6511 subject: krb5int_rd_chpw_rep could call krb5_free_error with random value clang picked up on a path in which krberror is not set and passed as an argument to krb5_free_error(). Essentially if the clearresult length < 2 but everything decodes - you can hit this path... Changed Files: U trunk/src/lib/krb5/krb/chpw.c Modified: trunk/src/lib/krb5/krb/chpw.c =================================================================== --- trunk/src/lib/krb5/krb/chpw.c 2009-06-08 20:14:58 UTC (rev 22408) +++ trunk/src/lib/krb5/krb/chpw.c 2009-06-10 02:55:22 UTC (rev 22409) @@ -83,7 +83,7 @@ krb5_error_code ret; krb5_data cipherresult; krb5_data clearresult; - krb5_error *krberror; + krb5_error *krberror = NULL; krb5_replay_data replay; krb5_keyblock *tmp; From epeisach at MIT.EDU Thu Jun 11 13:01:15 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Thu, 11 Jun 2009 13:01:15 -0400 Subject: svn rev #22410: trunk/src/lib/crypto/yarrow/ Message-ID: <200906111701.n5BH1FKa022379@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22410 Commit By: epeisach Log Message: subject: krb5int_yarrow_final could deref NULL if out of memory ticket: 6512 krb5int_yarrow_final tests if the Yarrow_CTX* is valid (not NULL) - and if not - signals and error for return - but still invokes mem_zero (memset) with it as an argument. This will only happen in an out-of-memory situation. Changed Files: U trunk/src/lib/crypto/yarrow/yarrow.c Modified: trunk/src/lib/crypto/yarrow/yarrow.c =================================================================== --- trunk/src/lib/crypto/yarrow/yarrow.c 2009-06-10 02:55:22 UTC (rev 22409) +++ trunk/src/lib/crypto/yarrow/yarrow.c 2009-06-11 17:01:13 UTC (rev 22410) @@ -918,7 +918,8 @@ CATCH: krb5int_yarrow_cipher_final(&y->cipher); - mem_zero( y, sizeof(Yarrow_CTX) ); + if ( y ) + mem_zero( y, sizeof(Yarrow_CTX) ); if ( locked ) { TRY( UNLOCK() ); } EXCEP_RET; } From ghudson at MIT.EDU Thu Jun 11 13:27:45 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 11 Jun 2009 13:27:45 -0400 Subject: svn rev #22411: trunk/src/tests/dejagnu/krb-standalone/ Message-ID: <200906111727.n5BHRjVq025239@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22411 Commit By: ghudson Log Message: Use ticket forwarding in the GSSAPI test cases to exercise mk_cred/rd_cred etc. Changed Files: U trunk/src/tests/dejagnu/krb-standalone/gssapi.exp Modified: trunk/src/tests/dejagnu/krb-standalone/gssapi.exp =================================================================== --- trunk/src/tests/dejagnu/krb-standalone/gssapi.exp 2009-06-11 17:01:13 UTC (rev 22410) +++ trunk/src/tests/dejagnu/krb-standalone/gssapi.exp 2009-06-11 17:27:45 UTC (rev 22411) @@ -36,7 +36,7 @@ global spawn_id # Use kinit to get a ticket. - spawn $KINIT -5 -c $ccache $name@$REALMNAME + spawn $KINIT -f -5 -c $ccache $name@$REALMNAME expect { "Password for $name@$REALMNAME:" { verbose "kinit started" @@ -125,7 +125,7 @@ set env(KRB5CCNAME) $tkfile verbose "KRB5CCNAME=$env(KRB5CCNAME)" verbose "spawning gssclient, identity=$client" - spawn $GSSCLIENT -port [expr 8 + $portbase] $hostname gssservice@$hostname "message from $client" + spawn $GSSCLIENT -d -port [expr 8 + $portbase] $hostname gssservice@$hostname "message from $client" set got_client 0 set got_server 0 expect_after { From ghudson at MIT.EDU Wed Jun 17 11:08:25 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Wed, 17 Jun 2009 11:08:25 -0400 Subject: svn rev #22412: trunk/src/plugins/kdb/ldap/libkdb_ldap/ Message-ID: <200906171508.n5HF8PlB010037@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22412 Commit By: ghudson Log Message: In ldap_create.c, remove four incorrect uses of krb5_set_error_message which resulted in obscured and confusing error diagnostics. Changed Files: U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c =================================================================== --- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c 2009-06-11 17:27:45 UTC (rev 22411) +++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c 2009-06-17 15:08:25 UTC (rev 22412) @@ -280,13 +280,10 @@ status = krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)); - if (status) { - krb5_set_error_message(context, status, "while reading kerberos container information"); + if (status) goto cleanup; - } } else if (status) { - krb5_set_error_message(context, status, "while reading kerberos container information"); goto cleanup; } @@ -302,10 +299,8 @@ goto cleanup; } - if ((status = krb5_ldap_create_realm(context, rparams, mask))) { - krb5_set_error_message(context, status, "while creating realm object entry"); + if ((status = krb5_ldap_create_realm(context, rparams, mask))) goto cleanup; - } /* We just created the Realm container. Here starts our transaction tracking */ realm_obj_created = TRUE; @@ -314,10 +309,8 @@ if ((status = krb5_ldap_read_realm_params(context, rparams->realm_name, &(ldap_context->lrparams), - &mask))) { - krb5_set_error_message(context, status, "while reading realm object entry"); + &mask))) goto cleanup; - } #ifdef HAVE_EDIRECTORY if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) || From epeisach at MIT.EDU Wed Jun 17 13:51:31 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Wed, 17 Jun 2009 13:51:31 -0400 Subject: svn rev #22413: trunk/src/lib/crypto/yarrow/ Message-ID: <200906171751.n5HHpV3R023641@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22413 Commit By: epeisach Log Message: ticket: 6512 In the previous patch - I neglected a potential NULL deref in the call to krb5int_yarrow_cipher_final. Trivial fix. Changed Files: U trunk/src/lib/crypto/yarrow/yarrow.c Modified: trunk/src/lib/crypto/yarrow/yarrow.c =================================================================== --- trunk/src/lib/crypto/yarrow/yarrow.c 2009-06-17 15:08:25 UTC (rev 22412) +++ trunk/src/lib/crypto/yarrow/yarrow.c 2009-06-17 17:51:31 UTC (rev 22413) @@ -917,9 +917,11 @@ #endif CATCH: - krb5int_yarrow_cipher_final(&y->cipher); if ( y ) + { + krb5int_yarrow_cipher_final(&y->cipher); mem_zero( y, sizeof(Yarrow_CTX) ); + } if ( locked ) { TRY( UNLOCK() ); } EXCEP_RET; } From ghudson at MIT.EDU Wed Jun 17 23:48:39 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Wed, 17 Jun 2009 23:48:39 -0400 Subject: svn rev #22414: trunk/src/tests/dejagnu/config/ Message-ID: <200906180348.n5I3mdpo005071@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22414 Commit By: ghudson Log Message: In default.exp, import RLOGIN_FLAGS from the environment, as is apparently intended. Changed Files: U trunk/src/tests/dejagnu/config/default.exp Modified: trunk/src/tests/dejagnu/config/default.exp =================================================================== --- trunk/src/tests/dejagnu/config/default.exp 2009-06-17 17:51:31 UTC (rev 22413) +++ trunk/src/tests/dejagnu/config/default.exp 2009-06-18 03:48:38 UTC (rev 22414) @@ -1634,7 +1634,7 @@ set f [open $fname a] - spawn tail -f $fname + spawn tail -f -s 0.01 $fname set spawnid $spawn_id set pid [exp_pid] @@ -2784,7 +2784,7 @@ # helpful sometimes for debugging the test suite proc export_debug_envvars { } { global env - foreach i {KDB5_UTIL KRB5KDC KADMIND KADMIN KADMIN_LOCAL KINIT KTUTIL KLIST RLOGIN RLOGIND FTP FTPD KPASSWD REALMNAME GSSCLIENT KPROPLOG} { + foreach i {KDB5_UTIL KRB5KDC KADMIND KADMIN KADMIN_LOCAL KINIT KTUTIL KLIST RLOGIN RLOGIN_FLAGS RLOGIND FTP FTPD KPASSWD REALMNAME GSSCLIENT KPROPLOG} { global $i if [info exists $i] { set env($i) [set $i] } } From ghudson at MIT.EDU Thu Jun 18 00:34:47 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 18 Jun 2009 00:34:47 -0400 Subject: svn rev #22415: trunk/src/tests/dejagnu/config/ Message-ID: <200906180434.n5I4Ylqf008484@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22415 Commit By: ghudson Log Message: In default.exp, revert an unintended part of the last commit. Changed Files: U trunk/src/tests/dejagnu/config/default.exp Modified: trunk/src/tests/dejagnu/config/default.exp =================================================================== --- trunk/src/tests/dejagnu/config/default.exp 2009-06-18 03:48:38 UTC (rev 22414) +++ trunk/src/tests/dejagnu/config/default.exp 2009-06-18 04:34:47 UTC (rev 22415) @@ -1634,7 +1634,7 @@ set f [open $fname a] - spawn tail -f -s 0.01 $fname + spawn tail -f $fname set spawnid $spawn_id set pid [exp_pid] From ghudson at MIT.EDU Thu Jun 18 13:34:17 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Thu, 18 Jun 2009 13:34:17 -0400 Subject: svn rev #22416: trunk/src/ Message-ID: <200906181734.n5IHYHWr001945@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22416 Commit By: ghudson Log Message: Remove the new configure option --enable-static-only, and instead require --enable-static --disable-shared for the same effect. Error out if only one of those two is specified. While here, remove an unnecessary clause in the --disable-rpath block, and make the notices consistent when using shared and static libraries. Changed Files: U trunk/src/aclocal.m4 Modified: trunk/src/aclocal.m4 =================================================================== --- trunk/src/aclocal.m4 2009-06-18 04:34:47 UTC (rev 22415) +++ trunk/src/aclocal.m4 2009-06-18 17:34:17 UTC (rev 22416) @@ -1210,22 +1210,15 @@ AC_DEFUN(KRB5_LIB_AUX, [AC_REQUIRE([KRB5_LIB_PARAMS])dnl -AC_ARG_ENABLE([static],, -[if test "$enableval" != no; then - AC_MSG_ERROR([Sorry, static libraries do not work in this release.]) -fi]) -AC_ARG_ENABLE([shared], , -[if test "$enableval" != yes; then - AC_MSG_ERROR([Sorry, this release builds only shared libraries, cannot disable them.]) -fi]) -AC_ARG_ENABLE([static-only], -AC_HELP_STRING([--enable-static-only],[use static libraries and plugins]), -[static_only=$enableval], -[static_only=no]) +AC_ARG_ENABLE([static],,, [enable_static=no]) +AC_ARG_ENABLE([shared],,, [enable_shared=yes]) +if test "x$enable_static" = "x$enable_shared"; then + AC_MSG_ERROR([--enable-static must be specified with --disable-shared]) +fi + AC_ARG_ENABLE([rpath], -AC_HELP_STRING([--disable-rpath],[suppress run path flags in link lines]), -[enable_rpath=$enableval], +AC_HELP_STRING([--disable-rpath],[suppress run path flags in link lines]),, [enable_rpath=yes]) if test "x$enable_rpath" != xyes ; then @@ -1241,7 +1234,8 @@ DEPLIBEXT=$SHLIBEXT -if test "x$static_only" = xyes; then +if test "x$enable_static" = xyes; then + AC_MSG_NOTICE([using static libraries]) LIBLIST='lib$(LIBBASE)$(STLIBEXT)' LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT)' PLUGIN='libkrb5_$(LIBBASE)$(STLIBEXT)' @@ -1259,7 +1253,6 @@ KDB5_PLUGIN_LIBS=$KDB_LUGIN_LIBS' -lkrb5_ldap' fi - AC_MSG_RESULT([Forcing static libraries.]) # avoid duplicate rules generation for AIX and such SHLIBEXT=.so-nobuild SHLIBVEXT=.so.v-nobuild From raeburn at MIT.EDU Thu Jun 18 17:56:49 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 18 Jun 2009 17:56:49 -0400 Subject: svn rev #22417: trunk/ src/lib/krb5/rcache/ Message-ID: <200906182156.n5ILunu2022006@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22417 Commit By: raeburn Log Message: ticket: 6514 subject: minor memory leak in 'none' replay cache type tags: pullup target_version: 1.7.1 version_reported: 1.7 The replay cache type implementations are responsible for freeing the main rcache structure when the cache handle is closed. The 'none' rcache type wasn't doing this, resulting in a small memory leak each time such a cache was opened and closed. Not a big deal for a server process servicing a single client, but it could accumulate (very very slowly) for a long-running server. Changed Files: _U trunk/ U trunk/src/lib/krb5/rcache/rc_none.c Modified: trunk/src/lib/krb5/rcache/rc_none.c =================================================================== --- trunk/src/lib/krb5/rcache/rc_none.c 2009-06-18 17:34:17 UTC (rev 22416) +++ trunk/src/lib/krb5/rcache/rc_none.c 2009-06-18 21:56:48 UTC (rev 22417) @@ -44,11 +44,17 @@ return 0; } #define krb5_rc_none_recover krb5_rc_none_noargs -#define krb5_rc_none_destroy krb5_rc_none_noargs -#define krb5_rc_none_close krb5_rc_none_noargs #define krb5_rc_none_expunge krb5_rc_none_noargs static krb5_error_code KRB5_CALLCONV +krb5_rc_none_close(krb5_context ctx, krb5_rcache rc) +{ + free (rc); + return 0; +} +#define krb5_rc_none_destroy krb5_rc_none_close + +static krb5_error_code KRB5_CALLCONV krb5_rc_none_store(krb5_context ctx, krb5_rcache rc, krb5_donot_replay *r) { return 0; Property changes on: trunk ___________________________________________________________________ Name: svk:merge - 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/trunk:22385 304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339 7730498b-6e33-413f-85a5-9d713b9baaee:/krb5/dev/1ac:533 7730498b-6e33-413f-85a5-9d713b9baaee:/krb5/dev/advisory:1726 7730498b-6e33-413f-85a5-9d713b9baaee:/krb5/dev/misc:1927 7730498b-6e33-413f-85a5-9d713b9baaee:/krb5/dev/sprintf:936 dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199 dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581 f228080b-b206-47c0-aedc-518b743a947e:/krb5/dev/coverity:18 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/asn1:1187 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/asn1-encode-tests:1181 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/ldap-patches-080218:908 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/threads-no-debug:832 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/walk-rtree:767 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/warnings:837 + 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/trunk:22385 304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339 7730498b-6e33-413f-85a5-9d713b9baaee:/krb5/dev/1ac:533 7730498b-6e33-413f-85a5-9d713b9baaee:/krb5/dev/advisory:1726 7730498b-6e33-413f-85a5-9d713b9baaee:/krb5/dev/misc:1927 7730498b-6e33-413f-85a5-9d713b9baaee:/krb5/dev/sprintf:936 dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199 dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581 f228080b-b206-47c0-aedc-518b743a947e:/krb5/dev/coverity:18 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/asn1:1187 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/asn1-encode-tests:1181 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/ldap-patches-080218:908 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/rcache-none-leak:1772 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/threads-no-debug:832 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/walk-rtree:767 f8a82ec2-6512-0410-82e6-bb8077266e58:/krb5/dev/warnings:837 From raeburn at MIT.EDU Thu Jun 18 19:25:26 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Thu, 18 Jun 2009 19:25:26 -0400 Subject: svn rev #22418: trunk/src/util/profile/ Message-ID: <200906182325.n5INPQ4c028703@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22418 Commit By: raeburn Log Message: ticket: 6515 subject: reduce some mutex performance problems in profile library tags: pullup target_version: 1.7.1 version_reported: 1.7 In profile_node_iterator we unlock a mutex in order to call profile_update_file_data, which wants to lock that mutex itself, and then when it returns we re-lock the mutex. (We don't use recursive mutexes, and I would continue to argue that we shouldn't.) On the Mac, when running multiple threads, it appears that this results in very poor peformance, and much system and user CPU time is spent working with the locks. (Linux doesn't seem to suffer as much.) So: Split profile_update_file_data into a locking wrapper, and an inner routine that does the real work but requires that the lock be held on entry. Call the latter from profile_node_iterator *without* unlocking first, and only unlock if there's an error. This doesn't move any significant amount of work into the locking region; it pretty much just joins locking regions that were disjoint for no good reason. On my tests on an 8-core Mac, in a test program running gss_init_sec_context in a loop in 6 threads, this brought CPU usage per call down by 40%, and improved wall-clock time even more. Single-threaded performance improved very slightly, probably in the noise. Linux showed modest improvement (5% or less) in CPU usage in a 3-thread test on a 4-core system. Similar tests with gss_accept_sec_context showed similar contention around the profile-library mutexes, but I haven't analyzed the performance changes there from this patch. More work is needed, but this will help. Changed Files: U trunk/src/util/profile/prof_file.c U trunk/src/util/profile/prof_int.h U trunk/src/util/profile/prof_tree.c Modified: trunk/src/util/profile/prof_file.c =================================================================== --- trunk/src/util/profile/prof_file.c 2009-06-18 21:56:48 UTC (rev 22417) +++ trunk/src/util/profile/prof_file.c 2009-06-18 23:25:25 UTC (rev 22418) @@ -303,7 +303,7 @@ return 0; } -errcode_t profile_update_file_data(prf_data_t data) +errcode_t profile_update_file_data_locked(prf_data_t data) { errcode_t retval; #ifdef HAVE_STAT @@ -313,20 +313,13 @@ #endif FILE *f; - retval = k5_mutex_lock(&data->lock); - if (retval) - return retval; - #ifdef HAVE_STAT now = time(0); if (now == data->last_stat && data->root != NULL) { - k5_mutex_unlock(&data->lock); return 0; } if (stat(data->filespec, &st)) { - retval = errno; - k5_mutex_unlock(&data->lock); - return retval; + return errno; } data->last_stat = now; #if defined HAVE_STRUCT_STAT_ST_MTIMENSEC @@ -341,7 +334,6 @@ if (st.st_mtime == data->timestamp && frac == data->frac_ts && data->root != NULL) { - k5_mutex_unlock(&data->lock); return 0; } if (data->root) { @@ -359,7 +351,6 @@ * profile file if it changes. */ if (data->root) { - k5_mutex_unlock(&data->lock); return 0; } #endif @@ -367,7 +358,6 @@ f = fopen(data->filespec, "r"); if (f == NULL) { retval = errno; - k5_mutex_unlock(&data->lock); if (retval == 0) retval = ENOENT; return retval; @@ -378,7 +368,6 @@ retval = profile_parse_file(f, &data->root); fclose(f); if (retval) { - k5_mutex_unlock(&data->lock); return retval; } assert(data->root != NULL); @@ -386,10 +375,21 @@ data->timestamp = st.st_mtime; data->frac_ts = frac; #endif - k5_mutex_unlock(&data->lock); return 0; } +errcode_t profile_update_file_data(prf_data_t data) +{ + errcode_t retval, retval2; + + retval = k5_mutex_lock(&data->lock); + if (retval) + return retval; + retval = profile_update_file_data_locked(data); + retval2 = k5_mutex_unlock(&data->lock); + return retval ? retval : retval2; +} + static int make_hard_link(const char *oldpath, const char *newpath) { Modified: trunk/src/util/profile/prof_int.h =================================================================== --- trunk/src/util/profile/prof_int.h 2009-06-18 21:56:48 UTC (rev 22417) +++ trunk/src/util/profile/prof_int.h 2009-06-18 23:25:25 UTC (rev 22418) @@ -203,6 +203,9 @@ #define profile_update_file(P) profile_update_file_data((P)->data) errcode_t profile_update_file_data (prf_data_t profile); +#define profile_update_file_locked(P) profile_update_file_data_locked((P)->data) +errcode_t profile_update_file_data_locked + (prf_data_t data); #define profile_flush_file(P) (((P) && (P)->magic == PROF_MAGIC_FILE) ? profile_flush_file_data((P)->data) : PROF_MAGIC_FILE) errcode_t profile_flush_file_data Modified: trunk/src/util/profile/prof_tree.c =================================================================== --- trunk/src/util/profile/prof_tree.c 2009-06-18 21:56:48 UTC (rev 22417) +++ trunk/src/util/profile/prof_tree.c 2009-06-18 23:25:25 UTC (rev 22418) @@ -497,8 +497,8 @@ *ret_value =0; return 0; } - k5_mutex_unlock(&iter->file->data->lock); - if ((retval = profile_update_file(iter->file))) { + if ((retval = profile_update_file_locked(iter->file))) { + k5_mutex_unlock(&iter->file->data->lock); if (retval == ENOENT || retval == EACCES) { /* XXX memory leak? */ iter->file = iter->file->next; @@ -517,11 +517,6 @@ return retval; } } - retval = k5_mutex_lock(&iter->file->data->lock); - if (retval) { - profile_node_iterator_free(iter_p); - return retval; - } iter->file_serial = iter->file->data->upd_serial; /* * Find the section to list if we are a LIST_SECTION, From epeisach at MIT.EDU Sun Jun 21 07:43:19 2009 From: epeisach at MIT.EDU (epeisach@MIT.EDU) Date: Sun, 21 Jun 2009 07:43:19 -0400 Subject: svn rev #22419: trunk/src/lib/krb5/ccache/ Message-ID: <200906211143.n5LBhJIx004077@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22419 Commit By: epeisach Log Message: Update comments to reflect reality and the fact that this is not a file based cache. Changed Files: U trunk/src/lib/krb5/ccache/cc_memory.c Modified: trunk/src/lib/krb5/ccache/cc_memory.c =================================================================== --- trunk/src/lib/krb5/ccache/cc_memory.c 2009-06-18 23:25:25 UTC (rev 22418) +++ trunk/src/lib/krb5/ccache/cc_memory.c 2009-06-21 11:43:18 UTC (rev 22419) @@ -130,20 +130,19 @@ static void update_mcc_change_time(krb5_mcc_data *); +static void krb5_mcc_free (krb5_context context, krb5_ccache id); + /* * Modifies: * id * * Effects: - * Creates/refreshes the file cred cache id. If the cache exists, its + * Creates/refreshes the memory cred cache id. If the cache exists, its * contents are destroyed. * * Errors: * system errors - * permission errors */ -static void krb5_mcc_free (krb5_context context, krb5_ccache id); - krb5_error_code KRB5_CALLCONV krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ) { @@ -173,8 +172,8 @@ * id * * Effects: - * Closes the file cache, invalidates the id, and frees any resources - * associated with the cache. + * Invalidates the id, and frees any resources associated with accessing + * the cache. */ krb5_error_code KRB5_CALLCONV krb5_mcc_close(krb5_context context, krb5_ccache id) @@ -183,7 +182,7 @@ return KRB5_OK; } -void +static void krb5_mcc_free(krb5_context context, krb5_ccache id) { krb5_mcc_cursor curr,next; @@ -202,10 +201,10 @@ /* * Effects: - * Destroys the contents of id. + * Destroys the contents of id. id is invalid after call. * * Errors: - * none + * system errors (locks related) */ krb5_error_code KRB5_CALLCONV krb5_mcc_destroy(krb5_context context, krb5_ccache id) @@ -252,8 +251,8 @@ * id * * Effects: - * creates a file-based cred cache that will reside in the file - * residual. The cache is not opened, but the filename is reserved. + * creates or accesses a memory-based cred cache that is referenced by + * residual. * * Returns: * A filled in krb5_ccache structure "id". @@ -261,7 +260,7 @@ * Errors: * KRB5_CC_NOMEM - there was insufficient memory to allocate the * krb5_ccache. id is undefined. - * permission errors + * system errors (mutex locks related) */ static krb5_error_code new_mcc_data (const char *, krb5_mcc_data **); @@ -383,7 +382,7 @@ * id, cursor * * Effects: - * Finishes sequential processing of the file credentials ccache id, + * Finishes sequential processing of the memory credentials ccache id, * and invalidates the cursor (it must never be used after this call). */ /* ARGSUSED */ @@ -444,9 +443,8 @@ /* * Effects: - * Creates a new file cred cache whose name is guaranteed to be + * Creates a new memory cred cache whose name is guaranteed to be * unique. The name begins with the string TKT_ROOT (from mcc.h). - * The cache is not opened, but the new filename is reserved. * * Returns: * The filled in krb5_ccache id. @@ -454,7 +452,7 @@ * Errors: * KRB5_CC_NOMEM - there was insufficient memory to allocate the * krb5_ccache. id is undefined. - * system errors (from open) + * system errors (from open, mutex locking) */ krb5_error_code KRB5_CALLCONV @@ -553,7 +551,7 @@ * id is a file credential cache * * Returns: - * The name of the file cred cache id. + * A pointer to the name of the file cred cache id. */ const char * KRB5_CALLCONV krb5_mcc_get_name (krb5_context context, krb5_ccache id) @@ -572,7 +570,7 @@ * * Errors: * system errors - * KRB5_CC_NOMEM + * ENOMEM */ krb5_error_code KRB5_CALLCONV krb5_mcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ) @@ -610,7 +608,7 @@ /* * Requires: * id is a cred cache returned by krb5_mcc_resolve or - * krb5_mcc_generate_new, but has not been opened by krb5_mcc_initialize. + * krb5_mcc_generate_new. * * Modifies: * id @@ -631,7 +629,17 @@ return KRB5_OK; } -/* store: Save away creds in the ccache. */ +/* + * Modifies: + * the memory cache + * + * Effects: + * Save away creds in the ccache. + * + * Errors: + * system errors (mutex locking) + * ENOMEM + */ krb5_error_code KRB5_CALLCONV krb5_mcc_store(krb5_context ctx, krb5_ccache id, krb5_creds *creds) { From raeburn at MIT.EDU Tue Jun 23 00:21:40 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 23 Jun 2009 00:21:40 -0400 Subject: svn rev #22420: trunk/src/tests/threads/ Message-ID: <200906230421.n5N4Le5V024172@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22420 Commit By: raeburn Log Message: GSSAPI init/accept_sec_context performance testing program Changed Files: U trunk/src/tests/threads/Makefile.in A trunk/src/tests/threads/gss-perf.c Modified: trunk/src/tests/threads/Makefile.in =================================================================== --- trunk/src/tests/threads/Makefile.in 2009-06-21 11:43:18 UTC (rev 22419) +++ trunk/src/tests/threads/Makefile.in 2009-06-23 04:21:40 UTC (rev 22420) @@ -29,6 +29,9 @@ prof1.o: prof1.c +gss-perf: gss-perf.o + $(CC_LINK) $(PTHREAD_CFLAGS) -o gss-perf gss-perf.o $(GSS_LIBS) $(KRB5_BASE_LIBS) $(THREAD_LINKOPTS) + check-unix:: run-t_rcache install:: Added: trunk/src/tests/threads/gss-perf.c =================================================================== --- trunk/src/tests/threads/gss-perf.c 2009-06-21 11:43:18 UTC (rev 22419) +++ trunk/src/tests/threads/gss-perf.c 2009-06-23 04:21:40 UTC (rev 22420) @@ -0,0 +1,454 @@ +/* + * test/threads/gss-perf.c + * + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * GSSAPI performance testing + * initially contributed by Ken Raeburn + */ +/* + * Possible to-do items: + * - init-mutual testing (process msg back from accept) + * - wrap/unwrap testing (one init/accept per thread, loop on wrap/unwrap) + * - wrap/unwrap MT testing (one init/accept for process) ? + * - init+accept with replay cache + * - default to target "host at localhostname" + * - input ccache option? + * + * Also, perhaps try to simulate certain application patterns, like + * init/accept, exchange N messages with wrap/unwrap, destroy context, + * all in a loop in M parallel threads. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#define N_THREADS 2 +#define ITER_COUNT 10000 +static int init_krb5_first = 0; + +struct resource_info { + struct timeval start_time, end_time; +}; +struct thread_info { + pthread_t tid; + struct resource_info r; +}; + +static gss_name_t target; +static char *prog, *target_name; +static unsigned int n_threads = N_THREADS; +static int iter_count = ITER_COUNT; +static int do_pause, do_mutual; +static int test_init, test_accept; + +static void usage (void) __attribute__((noreturn)); +static void set_target (char *); + +static void +usage () +{ + fprintf (stderr, "usage: %s [ options ] service-name\n", prog); + fprintf (stderr, " service-name\tGSSAPI host-based service name (e.g., 'host at FQDN')\n"); + fprintf (stderr, "options:\n"); + fprintf (stderr, "\t-I\ttest gss_init_sec_context\n"); + fprintf (stderr, "\t-A\ttest gss_accept_sec_context\n"); + fprintf (stderr, "\t-k K\tspecify keytab (remember FILE: or other prefix!)\n"); + fprintf (stderr, "\t-t N\tspecify number of threads (default %d)\n", + N_THREADS); + fprintf (stderr, "\t-i N\tset iteration count (default %d)\n", + ITER_COUNT); + fprintf (stderr, "\t-m\tenable mutual authentication flag (but don't do the additional calls)\n"); + fprintf (stderr, "\t-K\tinitialize a krb5_context for the duration\n"); + fprintf (stderr, "\t-P\tpause briefly after starting, to allow attaching dtrace/strace/etc\n"); + exit (1); +} + +static int +numarg (char *arg) +{ + char *end; + long val; + + val = strtol (arg, &end, 10); + if (*arg == 0 || *end != 0) { + fprintf (stderr, "invalid numeric argument '%s'\n", arg); + usage (); + } + if (val >= 1 && val <= INT_MAX) + return val; + fprintf (stderr, "out of range numeric value %ld (1..%d)\n", + val, INT_MAX); + usage (); +} + +static char optstring[] = "k:t:i:KPmIA"; + +static void +process_options (int argc, char *argv[]) +{ + int c; + + prog = strrchr (argv[0], '/'); + if (prog) + prog++; + else + prog = argv[0]; + while ((c = getopt (argc, argv, optstring)) != -1) { + switch (c) { + case '?': + case ':': + usage (); + break; + + case 'k': + setenv ("KRB5_KTNAME", optarg, 1); + break; + + case 't': + n_threads = numarg (optarg); + if (n_threads >= SIZE_MAX / sizeof (struct thread_info)) { + n_threads = SIZE_MAX / sizeof (struct thread_info); + fprintf (stderr, "limiting n_threads to %u\n", n_threads); + } + break; + + case 'i': + iter_count = numarg (optarg); + break; + + case 'K': + init_krb5_first = 1; + break; + + case 'P': + do_pause = 1; + break; + + case 'I': + test_init = 1; + break; + case 'A': + test_accept = 1; + break; + } + } + if (argc == optind + 1) + set_target (argv[optind]); + else + usage (); + + if (test_init && test_accept) { + fprintf (stderr, "-I and -A are mutually exclusive\n"); + usage (); + } + if (test_init == 0 && test_accept == 0) + test_init = 1; +} + +static void +display_a_status (const char *s_type, OM_uint32 type, OM_uint32 val) +{ + OM_uint32 mctx = 0; + OM_uint32 maj_stat, min_stat; + gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; + + do { + maj_stat = gss_display_status (&min_stat, + val, + type, + GSS_C_NO_OID, + &mctx, + &msg); + if (maj_stat != GSS_S_COMPLETE) { + fprintf (stderr, + "error getting display form of %s status code %#lx\n", + s_type, (unsigned long) val); + exit (1); + } + fprintf (stderr, " %s: %.*s\n", s_type, + (int) msg.length, (char *) msg.value); + gss_release_buffer (&min_stat, &msg); + } while (mctx != 0); +} + +static void +gss_error(const char *where, OM_uint32 maj_stat, OM_uint32 min_stat) +{ + fprintf (stderr, "%s: %s:\n", prog, where); + display_a_status ("major", GSS_C_GSS_CODE, maj_stat); + display_a_status ("minor", GSS_C_MECH_CODE, min_stat); + exit (1); +} + +static void +do_accept (gss_buffer_desc *msg, int iter) +{ + OM_uint32 maj_stat, min_stat; + gss_name_t client = GSS_C_NO_NAME; + gss_buffer_desc reply = GSS_C_EMPTY_BUFFER; + gss_OID oid = GSS_C_NO_OID; + gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; + OM_uint32 flags = do_mutual ? GSS_C_MUTUAL_FLAG : 0; + + reply.value = NULL; + reply.length = 0; + maj_stat = gss_accept_sec_context (&min_stat, + &ctx, + GSS_C_NO_CREDENTIAL, + msg, + GSS_C_NO_CHANNEL_BINDINGS, + &client, + &oid, + &reply, + &flags, + NULL, /* time_rec */ + NULL); /* del_cred_handle */ + if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) { + fprintf (stderr, "pid %lu thread %#lx failing in iteration %d\n", + (unsigned long) getpid (), (unsigned long) pthread_self (), + iter); + gss_error ("accepting context", maj_stat, min_stat); + } + gss_release_buffer (&min_stat, &reply); + if (ctx != GSS_C_NO_CONTEXT) + gss_delete_sec_context (&min_stat, &ctx, GSS_C_NO_BUFFER); + gss_release_name (&min_stat, &client); +} + +static gss_buffer_desc +do_init () +{ + OM_uint32 maj_stat, min_stat; + gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; + OM_uint32 flags = 0, ret_flags = 0; + gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; + + if (do_mutual) + flags |= GSS_C_MUTUAL_FLAG; + + msg.value = NULL; + msg.length = 0; + maj_stat = gss_init_sec_context (&min_stat, + GSS_C_NO_CREDENTIAL, + &ctx, + target, + GSS_C_NO_OID, + flags, + 0, + NULL, /* no channel bindings */ + NULL, /* no previous token */ + NULL, /* ignore mech type */ + &msg, + &ret_flags, + NULL); /* time_rec */ + if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) { + gss_error ("initiating", maj_stat, min_stat); + } + if (ctx != GSS_C_NO_CONTEXT) + gss_delete_sec_context (&min_stat, &ctx, GSS_C_NO_BUFFER); + return msg; +} + +static void +set_target (char *name) +{ + OM_uint32 maj_stat, min_stat; + gss_buffer_desc namebuf; + + target_name = name; + namebuf.value = name; + namebuf.length = strlen (name); + maj_stat = gss_import_name (&min_stat, + &namebuf, + GSS_C_NT_HOSTBASED_SERVICE, + &target); + if (maj_stat != GSS_S_COMPLETE) + gss_error ("importing target name", maj_stat, min_stat); +} + +static long double +tvsub (struct timeval t1, struct timeval t2) +{ + /* POSIX says .tv_usec is signed. */ + return (t1.tv_sec - t2.tv_sec + + (long double) 1.0e-6 * (t1.tv_usec - t2.tv_usec)); +} + +static struct timeval +now (void) +{ + struct timeval tv; + if (gettimeofday (&tv, NULL) < 0) { + perror ("gettimeofday"); + exit (1); + } + return tv; +} + +static gss_buffer_desc init_msg; + +static void run_iterations (struct resource_info *r) +{ + int i; + OM_uint32 min_stat; + + r->start_time = now (); + for (i = 0; i < iter_count; i++) { + if (test_init) { + gss_buffer_desc msg = do_init (); + gss_release_buffer (&min_stat, &msg); + } else if (test_accept) { + do_accept (&init_msg, i); + } else + assert (test_init || test_accept); + } + r->end_time = now (); +} + +static void * +thread_proc (void *p) +{ + run_iterations (p); + return 0; +} + +static struct thread_info *tinfo; + +static krb5_context kctx; +static struct rusage start, finish; +static struct timeval start_time, finish_time; + +int +main (int argc, char *argv[]) +{ + long double user, sys, wallclock, total; + unsigned int i; + + /* Probably should have a command-line option controlling this, + but if a replay cache is used, we can't do just one + init_sec_context and easily time just the accept_sec_context + side. */ + setenv ("KRB5RCACHETYPE", "none", 1); + + process_options (argc, argv); + + /* + * Some places in the krb5 library cache data globally. + * This option allows you to test the effect of that. + */ + if (init_krb5_first && krb5_init_context (&kctx) != 0) { + fprintf (stderr, "krb5_init_context error\n"); + exit (1); + } + tinfo = calloc (n_threads, sizeof (*tinfo)); + if (tinfo == NULL) { + perror ("calloc"); + exit (1); + } + printf ("Test: %s threads: %d iterations: %d target: %s\n", + test_init ? "init" : "accept", n_threads, iter_count, + target_name ? target_name : "(NONE)"); + if (do_pause) { + printf ("pid %lu napping...\n", (unsigned long) getpid ()); + sleep (10); + } + /* + * Some tests use one message and process it over and over. Even + * if not, this sort of "primes" things by fetching any needed + * tickets just once. + */ + init_msg = do_init (); + printf ("starting...\n"); + /* And *now* we start measuring the performance. */ + if (getrusage (RUSAGE_SELF, &start) < 0) { + perror ("getrusage"); + exit (1); + } + start_time = now (); +#define foreach_thread(IDXVAR) for (IDXVAR = 0; IDXVAR < n_threads; IDXVAR++) + foreach_thread (i) { + int err; + + err = pthread_create (&tinfo[i].tid, NULL, thread_proc, &tinfo[i].r); + if (err) { + fprintf (stderr, "pthread_create: %s\n", strerror (err)); + exit (1); + } + } + foreach_thread (i) { + int err; + void *val; + + err = pthread_join (tinfo[i].tid, &val); + if (err) { + fprintf (stderr, "pthread_join: %s\n", strerror (err)); + exit (1); + } + } + finish_time = now (); + if (getrusage (RUSAGE_SELF, &finish) < 0) { + perror ("getrusage"); + exit (1); + } + if (init_krb5_first) + krb5_free_context (kctx); + foreach_thread (i) { + printf ("Thread %2d: elapsed time %Lfs\n", i, + tvsub (tinfo[i].r.end_time, tinfo[i].r.start_time)); + } + wallclock = tvsub (finish_time, start_time); + /* + * Report on elapsed time and CPU usage. Depending what + * performance issue you're chasing down, different values may be + * of particular interest, so report all the info we've got. + */ + printf ("Overall run time with %d threads = %Lfs, %Lfms per iteration.\n", + n_threads, wallclock, 1000 * wallclock / iter_count); + user = tvsub (finish.ru_utime, start.ru_utime); + sys = tvsub (finish.ru_stime, start.ru_stime); + total = user + sys; + printf ("CPU usage: user=%Lfs sys=%Lfs total=%Lfs.\n", user, sys, total); + printf ("Utilization: user=%5.1Lf%% sys=%5.1Lf%% total=%5.1Lf%%\n", + 100 * user / wallclock, + 100 * sys / wallclock, + 100 * total / wallclock); + printf ("Util/thread: user=%5.1Lf%% sys=%5.1Lf%% total=%5.1Lf%%\n", + 100 * user / wallclock / n_threads, + 100 * sys / wallclock / n_threads, + 100 * total / wallclock / n_threads); + printf ("Total CPU use per iteration per thread: %Lfms\n", + 1000 * total / n_threads / iter_count); + return 0; +} From raeburn at MIT.EDU Tue Jun 23 00:26:14 2009 From: raeburn at MIT.EDU (raeburn@MIT.EDU) Date: Tue, 23 Jun 2009 00:26:14 -0400 Subject: svn rev #22421: trunk/src/tests/threads/ Message-ID: <200906230426.n5N4QEVe024532@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22421 Commit By: raeburn Log Message: syms.c doesn't exist; update clean target and dependencies Changed Files: U trunk/src/tests/threads/Makefile.in U trunk/src/tests/threads/deps Modified: trunk/src/tests/threads/Makefile.in =================================================================== --- trunk/src/tests/threads/Makefile.in 2009-06-23 04:21:40 UTC (rev 22420) +++ trunk/src/tests/threads/Makefile.in 2009-06-23 04:26:14 UTC (rev 22421) @@ -7,7 +7,9 @@ RUN_SETUP = @KRB5_RUN_ENV@ -SRCS=$(srcdir)/t_rcache.c +SRCS=$(srcdir)/t_rcache.c \ + $(srcdir)/gss-perf.c \ + $(srcdir)/prof1.c all:: @@ -18,12 +20,6 @@ t_rcache: t_rcache.o $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o t_rcache t_rcache.o $(KRB5_BASE_LIBS) $(THREAD_LINKOPTS) -syms: syms.o - $(CC_LINK) -o syms syms.o - -run-syms: syms - $(RUN_SETUP) $(VALGRIND) ./syms - prof1: prof1.o $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o prof1 prof1.o $(KRB5_BASE_LIBS) $(THREAD_LINKOPTS) @@ -37,5 +33,4 @@ install:: clean:: - $(RM) t_rcache.o t_rcache - + $(RM) *.o t_rcache syms prof1 gss-perf Modified: trunk/src/tests/threads/deps =================================================================== --- trunk/src/tests/threads/deps 2009-06-23 04:21:40 UTC (rev 22420) +++ trunk/src/tests/threads/deps 2009-06-23 04:26:14 UTC (rev 22421) @@ -11,3 +11,8 @@ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ t_rcache.c +$(OUTPRE)gss-perf.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ + gss-perf.c +$(OUTPRE)prof1.$(OBJEXT): $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) prof1.c From tlyu at MIT.EDU Thu Jun 25 22:43:21 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Thu, 25 Jun 2009 22:43:21 -0400 Subject: svn rev #22422: trunk/src/kdc/ Message-ID: <200906260243.n5Q2hLm3008598@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22422 Commit By: tlyu Log Message: ticket: 6428 version_reported: 1.7 target_version: 1.7.1 tags: pullup Check for principal expiration prior to checking for password expiration. Reported by Phil Pishioneri. Changed Files: U trunk/src/kdc/kdc_util.c Modified: trunk/src/kdc/kdc_util.c =================================================================== --- trunk/src/kdc/kdc_util.c 2009-06-23 04:26:14 UTC (rev 22421) +++ trunk/src/kdc/kdc_util.c 2009-06-26 02:43:21 UTC (rev 22422) @@ -936,6 +936,16 @@ return KDC_ERR_BADOPTION; } + /* The client must not be expired */ + if (client.expiration && client.expiration < kdc_time) { + *status = "CLIENT EXPIRED"; +#ifdef KRBCONF_VAGUE_ERRORS + return(KRB_ERR_GENERIC); +#else + return(KDC_ERR_NAME_EXP); +#endif + } + /* The client's password must not be expired, unless the server is a KRB5_KDC_PWCHANGE_SERVICE. */ if (client.pw_expiration && client.pw_expiration < kdc_time && @@ -948,16 +958,6 @@ #endif } - /* The client must not be expired */ - if (client.expiration && client.expiration < kdc_time) { - *status = "CLIENT EXPIRED"; -#ifdef KRBCONF_VAGUE_ERRORS - return(KRB_ERR_GENERIC); -#else - return(KDC_ERR_NAME_EXP); -#endif - } - /* The server must not be expired */ if (server.expiration && server.expiration < kdc_time) { *status = "SERVICE EXPIRED"; @@ -1868,6 +1868,12 @@ int errcode; krb5_db_entry server = { 0 }; + /* The client must not be expired */ + if (client->expiration && client->expiration < kdc_time) { + *status = "CLIENT EXPIRED"; + return KDC_ERR_NAME_EXP; + } + /* The client's password must not be expired, unless the server is a KRB5_KDC_PWCHANGE_SERVICE. */ if (client->pw_expiration && client->pw_expiration < kdc_time) { @@ -1875,12 +1881,6 @@ return KDC_ERR_KEY_EXP; } - /* The client must not be expired */ - if (client->expiration && client->expiration < kdc_time) { - *status = "CLIENT EXPIRED"; - return KDC_ERR_NAME_EXP; - } - /* * If the client requires password changing, then return an * error; S4U2Self cannot be used to change a password. From tlyu at MIT.EDU Thu Jun 25 22:44:42 2009 From: tlyu at MIT.EDU (tlyu@MIT.EDU) Date: Thu, 25 Jun 2009 22:44:42 -0400 Subject: svn rev #22423: trunk/src/tests/dejagnu/krb-standalone/ Message-ID: <200906260244.n5Q2igQK008714@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22423 Commit By: tlyu Log Message: ticket: 6428 Add test case omitted in last commit. Changed Files: A trunk/src/tests/dejagnu/krb-standalone/princexpire.exp Added: trunk/src/tests/dejagnu/krb-standalone/princexpire.exp =================================================================== --- trunk/src/tests/dejagnu/krb-standalone/princexpire.exp 2009-06-26 02:43:21 UTC (rev 22422) +++ trunk/src/tests/dejagnu/krb-standalone/princexpire.exp 2009-06-26 02:44:41 UTC (rev 22423) @@ -0,0 +1,105 @@ +proc doit { } { + global REALMNAME + global KLIST + global KINIT + global KDESTROY + global KEY + global KADMIN_LOCAL + global KTUTIL + global hostname + global tmppwd + global spawn_id + global supported_enctypes + global KRBIV + global portbase + global mode + + set princ "expiredprinc" + + # Start up the kerberos and kadmind daemons. + if ![start_kerberos_daemons 0] { + return 1 + } + + # Use kadmin to add a key. + if ![add_kerberos_key $princ 0] { + return 1 + } + + setup_kerberos_env kdc + + set test "kadmin.local modprinc -expire" + spawn $KADMIN_LOCAL -q "modprinc -expire \"2 days ago\" $princ" + catch expect_after + expect { + timeout { + fail $test + } + eof { + pass $test + } + } + set k_stat [wait -i $spawn_id] + verbose "wait -i $spawn_id returned $k_stat ($test)" + catch "close -i $spawn_id" + + set test "kadmin.local -pwexpire" + spawn $KADMIN_LOCAL -q "modprinc -pwexpire \"2 days ago\" $princ" + catch expect_after + expect { + timeout { + fail $test + } + eof { + pass $test + } + } + set k_stat [wait -i $spawn_id] + verbose "wait -i $spawn_id returned $k_stat ($test)" + catch "close -i $spawn_id" + + setup_kerberos_env client + spawn $KINIT -5 -k -t /dev/null $princ + expect { + "entry in database has expired" { + pass $test + } + "Password has expired" { + fail "$test (inappropriate password expiration message)" + } + timeout { + expect eof + fail "$test (timeout)" + return 0 + } + eof { + fail "$test (eof)" + return 0 + } + } + expect eof + return 0 +} + +run_once princexpire { + # Set up the Kerberos files and environment. + if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { + return + } + # Initialize the Kerberos database. The argument tells + # setup_kerberos_db that it is not being called from + # standalone.exp. + if ![setup_kerberos_db 0] { + return + } + + set status [catch doit msg] + + stop_kerberos_daemons + + if { $status != 0 } { + send_error "ERROR: error in pwchange.exp\n" + send_error "$msg\n" + exit 1 + } +} From ghudson at MIT.EDU Fri Jun 26 21:00:06 2009 From: ghudson at MIT.EDU (ghudson@MIT.EDU) Date: Fri, 26 Jun 2009 21:00:06 -0400 Subject: svn rev #22424: trunk/src/lib/krb5/krb/ Message-ID: <200906270100.n5R106mK019864@drugstore.mit.edu> http://src.mit.edu/fisheye/changelog/krb5/?cs=22424 Commit By: ghudson Log Message: ticket: 6519 tags: pullup target_version: 1.7 In krb5_copy_error_message, pass correct pointer to krb5int_clear_error. Changed Files: U trunk/src/lib/krb5/krb/kerrs.c Modified: trunk/src/lib/krb5/krb/kerrs.c =================================================================== --- trunk/src/lib/krb5/krb/kerrs.c 2009-06-26 02:44:41 UTC (rev 22423) +++ trunk/src/lib/krb5/krb/kerrs.c 2009-06-27 01:00:05 UTC (rev 22424) @@ -108,7 +108,7 @@ krb5int_set_error(&dest_ctx->err, src_ctx->err.code, "%s", src_ctx->err.msg); } else { - krb5int_clear_error(dest_ctx); + krb5int_clear_error(&dest_ctx->err); } }