From rt-comment at krbdev.mit.edu  Tue Jul  1 13:38:44 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Tue, 1 Jul 2008 13:38:44 -0400 (EDT)
Subject: [krbdev.mit.edu #6005] SVN Commit 
In-Reply-To: <rt-6005@krbdev.mit.edu>
Message-ID: <rt-6005-27223.5.47047043295855@krbdev.mit.edu>


Changed temporary variables to use const char *

Commit By: lxs



Revision: 20494
Changed Files:
U   trunk/src/lib/kdb/kdb5.c


From rt-comment at krbdev.mit.edu  Tue Jul  1 13:50:43 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Tue, 1 Jul 2008 13:50:43 -0400 (EDT)
Subject: [krbdev.mit.edu #6001] SVN Commit 
In-Reply-To: <rt-6001@krbdev.mit.edu>
Message-ID: <rt-6001-27226.18.861282426699@krbdev.mit.edu>


Added type checking for 64-bit platforms.

Commit By: lxs



Revision: 20495
Changed Files:
U   trunk/src/lib/kdb/kdb_default.c


From rt-comment at krbdev.mit.edu  Tue Jul  1 14:29:07 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 1 Jul 2008 14:29:07 -0400 (EDT)
Subject: [krbdev.mit.edu #857] The BSDI login authentication system isn't
	supported 
In-Reply-To: <rt-857@krbdev.mit.edu>
Message-ID: <rt-857-27230.8.40118899924754@krbdev.mit.edu>

This patch is highly OS-specific, and the OS has been discontinued.


From rt-comment at krbdev.mit.edu  Tue Jul  1 14:37:29 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Tue, 1 Jul 2008 14:37:29 -0400 (EDT)
Subject: [krbdev.mit.edu #6006] APIs for service principal selection 
In-Reply-To: <rt-6006@krbdev.mit.edu>
Message-ID: <rt-6006-27231.4.32949744940075@krbdev.mit.edu>

Client applications need to be able to select the appropriate service principal name to acquire 
credentials for.  Clients may be operating in an environment using referrals, cross-realm or 
without DNS reverse resolution.

This parent bug should be used to track all requests of this nature so we can come up with 
more sophisticated versions of the existing APIs (eg: krb5_sname_to_princ).

From rt-comment at krbdev.mit.edu  Tue Jul  1 14:50:24 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 1 Jul 2008 14:50:24 -0400 (EDT)
Subject: [krbdev.mit.edu #155] security concern with using home directory for
	.k5login 
In-Reply-To: <rt-155@krbdev.mit.edu>
Message-ID: <rt-155-27233.0.325024012565152@krbdev.mit.edu>

This (or something comparable) really should get folded in at some point....

From rt-comment at krbdev.mit.edu  Tue Jul  1 14:55:48 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Tue, 1 Jul 2008 14:55:48 -0400 (EDT)
Subject: [krbdev.mit.edu #194] a stash file is not a keytab 
In-Reply-To: <rt-194@krbdev.mit.edu>
Message-ID: <rt-194-27235.3.22379612673345@krbdev.mit.edu>

Assigning bug to Will Fiveash because he's working on the project to 
make the stashfile a keytab.  Will, if you already have a bug open just 
merge this bug with that one.

From rt-comment at krbdev.mit.edu  Tue Jul  1 14:59:15 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 1 Jul 2008 14:59:15 -0400 (EDT)
Subject: [krbdev.mit.edu #214] There is no special error for a missing keytab
	file 
In-Reply-To: <rt-214@krbdev.mit.edu>
Message-ID: <rt-214-27236.13.8188575290135@krbdev.mit.edu>

We still don't have a special error code, but the enhanced error message should say "Key table 
file 'whatever' not found"

From rt-comment at krbdev.mit.edu  Tue Jul  1 15:19:39 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 1 Jul 2008 15:19:39 -0400 (EDT)
Subject: [krbdev.mit.edu #205] patches for kadmin forprinc and forpol commands
In-Reply-To: <rt-205@krbdev.mit.edu>
Message-ID: <rt-205-27241.19.745032654081@krbdev.mit.edu>

Russ Allbery may be interested in this.

From rt-comment at krbdev.mit.edu  Tue Jul  1 15:22:42 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 1 Jul 2008 15:22:42 -0400 (EDT)
Subject: [krbdev.mit.edu #208] kadmin should print princ name when prompting
	for password 
In-Reply-To: <rt-208@krbdev.mit.edu>
Message-ID: <rt-208-27245.18.5208818966641@krbdev.mit.edu>

Fixed at some point in the distant past.

From rt-comment at krbdev.mit.edu  Tue Jul  1 16:02:17 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 1 Jul 2008 16:02:17 -0400 (EDT)
Subject: [krbdev.mit.edu #214] There is no special error for a missing keytab
	file 
In-Reply-To: <rt-214@krbdev.mit.edu>
Message-ID: <rt-214-27263.5.78760104760953@krbdev.mit.edu>

Keep open until we add an error code...

From rt-comment at krbdev.mit.edu  Tue Jul  1 16:02:47 2008
From: rt-comment at krbdev.mit.edu (william.fiveash@sun.com via RT)
Date: Tue, 1 Jul 2008 16:02:47 -0400 (EDT)
Subject: [krbdev.mit.edu #194] a stash file is not a keytab
In-Reply-To: <rt-194@krbdev.mit.edu>
Message-ID: <rt-194-27264.16.6965041455294@krbdev.mit.edu>

On Tue, Jul 01, 2008 at 02:55:48PM -0400, Alexandra Ellwood via RT wrote:
> Assigning bug to Will Fiveash because he's working on the project to 
> make the stashfile a keytab.  Will, if you already have a bug open just 
> merge this bug with that one.

The masterkey keytab stash project is not dealing with keytab byte order
issues.  Ken convinced me that 194 is a separate bug but if you feel
otherwise given the above, then I will merge this with my ticket.

-- 
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/


From rt-comment at krbdev.mit.edu  Tue Jul  1 16:31:35 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 1 Jul 2008 16:31:35 -0400 (EDT)
Subject: [krbdev.mit.edu #194] a stash file is not a keytab
In-Reply-To: <rt-194@krbdev.mit.edu>
Message-ID: <rt-194-27265.16.0680874210264@krbdev.mit.edu>

"william.fiveash at sun.com via RT" <rt-comment at krbdev.mit.edu> writes:

> The masterkey keytab stash project is not dealing with keytab byte order
> issues.  Ken convinced me that 194 is a separate bug but if you feel
> otherwise given the above, then I will merge this with my ticket.

I think we can treat ticket #5662 as the stash file byte order
independence issue.  As far as I know, keytabs are a single byte
order.


From rt-comment at krbdev.mit.edu  Tue Jul  1 17:00:37 2008
From: rt-comment at krbdev.mit.edu (william.fiveash@sun.com via RT)
Date: Tue, 1 Jul 2008 17:00:37 -0400 (EDT)
Subject: [krbdev.mit.edu #194] a stash file is not a keytab
In-Reply-To: <rt-194@krbdev.mit.edu>
Message-ID: <rt-194-27266.0.955829695467187@krbdev.mit.edu>

On Tue, Jul 01, 2008 at 04:31:33PM -0400, Tom Yu via RT wrote:
> "william.fiveash at sun.com via RT" <rt-comment at krbdev.mit.edu> writes:
> 
> > The masterkey keytab stash project is not dealing with keytab byte order
> > issues.  Ken convinced me that 194 is a separate bug but if you feel
> > otherwise given the above, then I will merge this with my ticket.
> 
> I think we can treat ticket #5662 as the stash file byte order
> independence issue.  As far as I know, keytabs are a single byte
> order.

Someone should reassign 194 to someone other than myself then.  BTW, as
far as I can tell I can login to the RT system as guest only.  I don't
have a problem with that but I am not able to change ticket state.

-- 
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/


From rt-comment at krbdev.mit.edu  Tue Jul  1 18:19:34 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Tue, 1 Jul 2008 18:19:34 -0400 (EDT)
Subject: [krbdev.mit.edu #194] a stash file is not a keytab 
In-Reply-To: <rt-194@krbdev.mit.edu>
Message-ID: <rt-194-27267.14.9436952330775@krbdev.mit.edu>

[tlyu - Tue Jul  1 16:31:32 2008]:

> 
> I think we can treat ticket #5662 as the stash file byte order
> independence issue.  As far as I know, keytabs are a single byte
> order.

Keytabs aren't byte order independent?  So if a sysadmin creates a keytab for me on a machine 
with a different endianness from mine do I have to do something to it for it to work?

Also this bug seems to be specifically about wanting a stash file to be a keytab.  Machine 
independence is listed as just one of the side benefits of doing this.


From rt-comment at krbdev.mit.edu  Tue Jul  1 19:11:26 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 1 Jul 2008 19:11:26 -0400 (EDT)
Subject: [krbdev.mit.edu #194] a stash file is not a keytab 
In-Reply-To: <rt-194@krbdev.mit.edu>
Message-ID: <rt-194-27268.0.958008514525801@krbdev.mit.edu>

On Jul 1, 2008, at 18:19, Alexandra Ellwood via RT wrote:
> Keytabs aren't byte order independent?  So if a sysadmin creates a  
> keytab for me on a machine
> with a different endianness from mine do I have to do something to  
> it for it to work?

There have been a couple versions of the keytab file format; v1 was in  
native order, but v2 writes big-endian values.  (Mostly 16-bit values,  
though, I think, even for fields that are supposed to support 32-bit  
values -- and only 8 bits for the key version number, which will  
likely become a serious problem at some point.)

Ken


From rt-comment at krbdev.mit.edu  Tue Jul  1 19:17:46 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 1 Jul 2008 19:17:46 -0400 (EDT)
Subject: [krbdev.mit.edu #194] a stash file is not a keytab
In-Reply-To: <rt-194@krbdev.mit.edu>
Message-ID: <rt-194-27269.10.6754371902387@krbdev.mit.edu>

"Alexandra Ellwood via RT" <rt-comment at krbdev.mit.edu> writes:

> [tlyu - Tue Jul  1 16:31:32 2008]:
>
>> 
>> I think we can treat ticket #5662 as the stash file byte order
>> independence issue.  As far as I know, keytabs are a single byte
>> order.
>
> Keytabs aren't byte order independent?  So if a sysadmin creates a
> keytab for me on a machine with a different endianness from mine do
> I have to do something to it for it to work?

I meant that as far as I know, keytabs are a single
(platform-independent) byte order, and a brief scan of the source code
agrees.

> Also this bug seems to be specifically about wanting a stash file to
> be a keytab.  Machine independence is listed as just one of the side
> benefits of doing this.

Agreed.


From rt-comment at krbdev.mit.edu  Thu Jul  3 09:21:23 2008
From: rt-comment at krbdev.mit.edu (Kevin Koch via RT)
Date: Thu, 3 Jul 2008 09:21:23 -0400 (EDT)
Subject: [krbdev.mit.edu #6007] SVN Commit 
In-Reply-To: <rt-6007@krbdev.mit.edu>
Message-ID: <rt-6007-27270.13.7246688509574@krbdev.mit.edu>


Only check for repository access utilities (cvs, svn, plink) if repository action is UPDATE or CHECKOUT, not SKIP.  This allows builders who obtain sources from a distribution kit to be able to build without having to install these utilities.
Commit By: kpkoch



Revision: 20496
Changed Files:
U   branches/kpkoch-ccapi/src/windows/build/bkw.pl


From rt-comment at krbdev.mit.edu  Thu Jul  3 15:31:33 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Thu, 3 Jul 2008 15:31:33 -0400 (EDT)
Subject: [krbdev.mit.edu #6008] use of incorrect or unknown principal types 
In-Reply-To: <rt-6008@krbdev.mit.edu>
Message-ID: <rt-6008-27274.17.005333529288@krbdev.mit.edu>

I tweaked the KDC logging to record the principal name types used in AS and TGS requests, 
and ran the main dejagnu tests.  Mostly things look okay, except:

krbtgt/KRBTEST.COM at KRBTEST.COM always has type NT-UNKNOWN (0).  We construct these 
specially in the client code; we should always be able to specify NT-SRV-INST (2).

The kadmin/admin and kadmin/changepw principals always use NT-PRINCIPAL, but I think 
probably they should be NT-SRV-INST too.

The kadmin/fqdn principal always has type NT-PRINCIPAL (1); it should probably be NT-
SRV-HST (3).

The other service principal types (host, ftp, gssservice, and sample host-based services) all 
were correctly specified as NT-SRV-HST.

There were some cases where the client principal name type didn't get logged, but in those 
where it did, it appears to be correct.

From rt-comment at krbdev.mit.edu  Sat Jul  5 22:30:27 2008
From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT)
Date: Sat, 5 Jul 2008 22:30:27 -0400 (EDT)
Subject: [krbdev.mit.edu #6009] SVN Commit 
In-Reply-To: <rt-6009@krbdev.mit.edu>
Message-ID: <rt-6009-27275.5.61417749693895@krbdev.mit.edu>


On Fedora 9, glibc 2.8 is used.  The kdc code conditionalizes
IPV6_PKTINFO and HAVE_STRUCT_IN6_PKTINFO in a number of places = but
misses two for the struct one.

/usr/include/netinet/in.h conditionalizes struct in6_pktinfo on
__USE_GNU - which I believe implies a gnu libc extension.  People on
the net have defined GNU_SOURCE for various things to compile, etc.

I do note that /usr/include/linux/ipv6.h exists with the same definition. 

I believe that ipv6 support in the kdc will not work with these changes - but
the tree compiles.


Commit By: epeisach



Revision: 20498
Changed Files:
U   trunk/src/kdc/network.c


From rt-comment at krbdev.mit.edu  Mon Jul  7 15:08:11 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 15:08:11 -0400 (EDT)
Subject: [krbdev.mit.edu #6010] SVN Commit 
In-Reply-To: <rt-6010@krbdev.mit.edu>
Message-ID: <rt-6010-27288.15.5164458424067@krbdev.mit.edu>


Since we are copying from one structure to another, copy elements.
Using memcpy is fragile.

Commit By: lxs



Revision: 20499
Changed Files:
U   trunk/src/lib/krb5/krb/gic_opt.c


From rt-comment at krbdev.mit.edu  Mon Jul  7 15:17:56 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 15:17:56 -0400 (EDT)
Subject: [krbdev.mit.edu #6010] krb5int_gic_opte_copy should copy elements
	individually 
In-Reply-To: <rt-6010@krbdev.mit.edu>
Message-ID: <rt-6010-27295.3.87399107280579@krbdev.mit.edu>

Assigned to Tom for code review.

From rt-comment at krbdev.mit.edu  Mon Jul  7 15:26:57 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 15:26:57 -0400 (EDT)
Subject: [krbdev.mit.edu #6011] SVN Commit 
In-Reply-To: <rt-6011@krbdev.mit.edu>
Message-ID: <rt-6011-27296.8.71577173082436@krbdev.mit.edu>


This prevents the CCacheServer from being killed before it is 
done handling all the mach messages.

Commit By: lxs



Revision: 20500
Changed Files:
U   trunk/src/ccapi/server/mac/edu.mit.Kerberos.CCacheServer.plist


From rt-comment at krbdev.mit.edu  Mon Jul  7 15:27:40 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 15:27:40 -0400 (EDT)
Subject: [krbdev.mit.edu #6012] SVN Commit 
In-Reply-To: <rt-6012@krbdev.mit.edu>
Message-ID: <rt-6012-27299.7.39956170862818@krbdev.mit.edu>


This prevents the KerberosAgent from being killed before it is
done handling all the mach messages.

Commit By: lxs



Revision: 6419
Changed Files:
U   trunk/KerberosFramework/KerberosLogin/Resources/edu.mit.Kerberos.KerberosAgent.plist


From rt-comment at krbdev.mit.edu  Mon Jul  7 15:31:45 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 15:31:45 -0400 (EDT)
Subject: [krbdev.mit.edu #6013] SVN Commit 
In-Reply-To: <rt-6013@krbdev.mit.edu>
Message-ID: <rt-6013-27302.5.78752421384955@krbdev.mit.edu>


Commit By: lxs



Revision: 6420
Changed Files:
U   trunk/Common/Projects/Kerberos.xcodeproj/project.pbxproj


From rt-comment at krbdev.mit.edu  Mon Jul  7 15:49:44 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 15:49:44 -0400 (EDT)
Subject: [krbdev.mit.edu #6014] kinit should not fail when krb5 is missing 
In-Reply-To: <rt-6014@krbdev.mit.edu>
Message-ID: <rt-6014-27305.10.1125063281213@krbdev.mit.edu>

Only in ./KerberosFramework/Kerberos5/Sources/lib/krb5/os: .init_os_ctx.c.swp
diff -ur ../Kerberos.orig/KerberosFramework/Kerberos5/Sources/util/profile/prof_init.c ./KerberosFramework/Kerberos5/Sources/util/profile/prof_init.c
--- ../Kerberos.orig/KerberosFramework/Kerberos5/Sources/util/profile/prof_init.c	2007-03-28 13:07:50.000000000 -0700
+++ ./KerberosFramework/Kerberos5/Sources/util/profile/prof_init.c	2007-06-21 16:38:53.000000000 -0700
@@ -34,8 +34,11 @@
 	memset(profile, 0, sizeof(struct _profile_t));
 	profile->magic = PROF_MAGIC_PROFILE;
 
-        /* if the filenames list is not specified return an empty profile */
-        if ( files ) {
+	/*
+	 * If the filenames list is not specified or empty, return an empty
+	 * profile.
+	 */
+	if ( files && !PROFILE_LAST_FILESPEC(*files) ) {
 	    for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) {
 		retval = profile_open_file(*fs, &new_file);
 		/* if this file is missing, skip to the next */
Only in .: cscope.out


From rt-comment at krbdev.mit.edu  Mon Jul  7 15:55:26 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 15:55:26 -0400 (EDT)
Subject: [krbdev.mit.edu #6015] gss_export_lucid_sec_context support for
	SPNEGO 
In-Reply-To: <rt-6015@krbdev.mit.edu>
Message-ID: <rt-6015-27306.3.3696063860878@krbdev.mit.edu>

diff -r -u Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c	2007-03-01 13:31:55.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c	2007-03-01 13:34:48.000000000 -0800
@@ -24,8 +24,10 @@
  * $Id: krb5_gss_glue.c 18262 2006-06-29 04:38:48Z tlyu $
  */
 
+#include <syslog.h>
 #include "gssapiP_krb5.h"
 #include "mglueP.h"
+#include "../spnego/gssapiP_spnego.h"
 
 /** mechglue wrappers **/
 
@@ -1061,7 +1063,6 @@
     return GSS_S_DEFECTIVE_CREDENTIAL;
 }
 
-/* XXX need to delete mechglue ctx too */
 OM_uint32 KRB5_CALLCONV
 gss_krb5_export_lucid_sec_context(
     OM_uint32 *minor_status,
@@ -1069,17 +1070,39 @@
     OM_uint32 version,
     void **kctx)
 {
-    gss_union_ctx_id_t uctx;
+    gss_union_ctx_id_t uctx = (gss_union_ctx_id_t)*context_handle;
+    gss_union_ctx_id_t kerb_ctx;
+    OM_uint32 major = GSS_S_COMPLETE, minor = 0;
+    int is_spnego = 0;
+    
+    if (minor_status != NULL)
+	*minor_status = 0;
+    if (minor_status == NULL || context_handle == NULL || kctx == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+    *kctx = GSS_C_NO_CONTEXT;
+
+    if (uctx == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (g_OID_equal(uctx->mech_type, &spnego_oids[0])) {
+        kerb_ctx = uctx->internal_ctx_id;
+        is_spnego = 1;
+    }
+    else
+        kerb_ctx = uctx;
 
-    uctx = (gss_union_ctx_id_t)*context_handle;
-    /*
-    if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) &&
-	!g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type))
-	return GSS_S_BAD_MECH;
-    */
-    return gss_krb5int_export_lucid_sec_context(minor_status,
-						&uctx->internal_ctx_id,
-						version, kctx);
+    major =  gss_krb5int_export_lucid_sec_context(minor_status,
+	&kerb_ctx->internal_ctx_id, version, kctx);
+
+    if (major == GSS_S_COMPLETE) {
+	if (is_spnego) {
+	    uctx->internal_ctx_id = GSS_C_NO_CONTEXT;
+	    (void) gss_delete_sec_context(&minor, (gss_ctx_id_t *)&kerb_ctx, NULL);
+	}
+	(void) gss_delete_sec_context(&minor, context_handle, NULL);
+    }
+    
+    return (major);
 }
 
 OM_uint32 KRB5_CALLCONV
diff -r -u Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/gssapiP_spnego.h Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/gssapiP_spnego.h
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/gssapiP_spnego.h	2007-02-07 12:40:20.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/gssapiP_spnego.h	2007-03-01 13:32:22.000000000 -0800
@@ -111,11 +111,11 @@
 	{SPNEGO_OID_LENGTH, SPNEGO_OID},
 };
 
-const gss_OID_desc * const gss_mech_spnego = spnego_oids+0;
+static const gss_OID_desc * const gss_mech_spnego = spnego_oids+0;
 static const gss_OID_set_desc spnego_oidsets[] = {
 	{1, (gss_OID) spnego_oids+0},
 };
-const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0;
+static const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0;
 
 #ifdef DEBUG
 #define	dsyslog(a) syslog(LOG_DEBUG, a)


From rt-comment at krbdev.mit.edu  Mon Jul  7 15:57:08 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 15:57:08 -0400 (EDT)
Subject: [krbdev.mit.edu #6016] SAMBA support for SPNEGO 
In-Reply-To: <rt-6016@krbdev.mit.edu>
Message-ID: <rt-6016-27307.12.0024863738766@krbdev.mit.edu>

diff -u -r Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/spnego_mech.c Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/spnego_mech.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/spnego_mech.c	2007-08-09 13:29:15.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/spnego/spnego_mech.c	2008-06-19 14:54:44.000000000 -0700
@@ -151,6 +151,9 @@
 get_negTokenResp(OM_uint32 *, unsigned char *, unsigned int,
 		 OM_uint32 *, gss_OID *, gss_buffer_t *, gss_buffer_t *);
 
+static int
+is_kerb_mech(gss_OID oid);
+
 /*
  * The Mech OID for SPNEGO:
  * { iso(1) org(3) dod(6) internet(1) security(5)
@@ -585,7 +588,16 @@
 		*minor_status = ERR_SPNEGO_NEGOTIATION_FAILED;
 		return GSS_S_DEFECTIVE_TOKEN;
 	}
-	if (!g_OID_equal(supportedMech, sc->internal_mech)) {
+
+	/*
+	 * If the mechanism we sent is not the mechanism returned from the server
+	 * we need to handle the server's counter proposal. There is a bug in SAMBA
+	 * servers that always send the old Kerberos mech OID, even though we 
+	 * sent the new one. So we will treat all the Kerberos mech OIDS as the same.
+         */
+
+	if (!(is_kerb_mech(supportedMech) && is_kerb_mech(sc->internal_mech)) &&
+	    !g_OID_equal(supportedMech, sc->internal_mech)) {
 		ret = init_ctx_reselect(minor_status, sc,
 					acc_negState, supportedMech,
 					responseToken, mechListMIC,
@@ -2304,6 +2316,12 @@
 		gssint_der_length_size(spnego_ctx->DER_mechTypes.length) +
 		spnego_ctx->DER_mechTypes.length;
 	dataLen += mechListTokenSize;
+
+/*
+ * Whether the req_flags are set or not we should no longer send them per
+ * RFC 4178. If the old behavior is desired define SEND_REQ_FLAGS.
+ */
+#ifdef SEND_REQ_FLAGS
 	/*
 	 * 4 bytes for ret_flags:
 	 *   ASN.1 token + ASN.1 Length + Padding + Flags
@@ -2311,7 +2329,7 @@
 	 */
 	if (req_flags != 0)
 		dataLen += 6;
-
+#endif
 	/*
 	 * If a token from gss_init_sec_context exists,
 	 * add the length of the token + the ASN.1 overhead
@@ -2399,12 +2417,13 @@
 
 	ptr += spnego_ctx->DER_mechTypes.length;
 
+#ifdef SEND_REQ_FLAGS
 	if (req_flags != 0) {
 		if ((ret = put_req_flags(&ptr, req_flags,
 					 tlen - (int)(ptr-t))))
 			goto errout;
 	}
-
+#endif
 	if (data != NULL) {
 		*ptr++ = CONTEXT | 0x02;
 		if ((ret = gssint_put_der_length(rspTokenSize,
@@ -2851,3 +2870,26 @@
 
 	return (ret);
 }
+
+/*
+ * Return non-zero if the oid is one of the kerberos mech oids,
+ * otherwise return zero.
+ *
+ * N.B. There are 3 oids that represent the kerberos mech:
+ * RFC-specified GSS_MECH_KRB5_OID,
+ * Old pre-RFC   GSS_MECH_KRB5_OLD_OID,
+ * Incorrect MS  GSS_MECH_KRB5_WRONG_OID
+ */
+
+static int
+is_kerb_mech(gss_OID oid)
+{
+	int answer = 0;
+	OM_uint32 minor;
+	extern const gss_OID_set_desc * const gss_mech_set_krb5_both;
+	
+	(void) gss_test_oid_set_member(&minor,
+		oid, (gss_OID_set)gss_mech_set_krb5_both, &answer);
+	
+	return (answer);
+}


From rt-comment at krbdev.mit.edu  Mon Jul  7 16:01:44 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 16:01:44 -0400 (EDT)
Subject: [krbdev.mit.edu #6017] KDC virtual address support 
In-Reply-To: <rt-6017@krbdev.mit.edu>
Message-ID: <rt-6017-27308.15.3877910000665@krbdev.mit.edu>

=== Kerberos/KerberosFramework/Kerberos5/Sources/lib/krb5/os/localaddr.c
==================================================================
--- Kerberos/KerberosFramework/Kerberos5/Sources/lib/krb5/os/localaddr.c	(revision 559)
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/krb5/os/localaddr.c	(local)
@@ -415,6 +415,23 @@
 
 #ifdef HAVE_IFADDRS_H
 
+static int
+is_loopback_address(struct sockaddr *sa)
+{
+    switch (sa->sa_family) {
+    case AF_INET: {
+	struct sockaddr_in *s4 = (struct sockaddr_in *)sa;
+	return s4->sin_addr.s_addr == htonl(INADDR_LOOPBACK);
+    }
+    case AF_INET6: {
+	struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)sa;
+	return IN6_IS_ADDR_LOOPBACK(&s6->sin6_addr);
+    }
+    default:
+	return 0;
+    }
+}
+
 int
 foreach_localaddr (/*@null@*/ void *data,
 		   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
@@ -436,7 +453,7 @@
 #endif
 	if ((ifp->ifa_flags & IFF_UP) == 0)
 	    continue;
-	if (ifp->ifa_flags & IFF_LOOPBACK) {
+	if (is_loopback_address(ifp->ifa_addr)) {
 	    /* Pretend it's not up, so the second pass will skip
 	       it.  */
 	    ifp->ifa_flags &= ~IFF_UP;
@@ -459,7 +476,7 @@
 	for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
 	    if ((ifp2->ifa_flags & IFF_UP) == 0)
 		continue;
-	    if (ifp2->ifa_flags & IFF_LOOPBACK)
+	    if (is_loopback_address(ifp2->ifa_addr))
 		continue;
 	    if (addr_eq (ifp->ifa_addr, ifp2->ifa_addr)) {
 		match = 1;


From rt-comment at krbdev.mit.edu  Mon Jul  7 16:03:02 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 16:03:02 -0400 (EDT)
Subject: [krbdev.mit.edu #6018] Support for recovering from broken rcache 
In-Reply-To: <rt-6018@krbdev.mit.edu>
Message-ID: <rt-6018-27309.2.81985104521929@krbdev.mit.edu>

--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c	2007-08-09 13:29:10.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c	2008-06-04 10:13:20.000000000 -0700
@@ -51,7 +51,6 @@
 {
     krb5_error_code	retval;
     char		*rcname;
-    char		*sname;
 
     rcname = (rcache_name) ? rcache_name : kdc_current_rcname;
 
@@ -61,23 +60,44 @@
 
     if (!rcname)
 	rcname = KDCRCACHE;
-    if (!(retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname))) {
-	/* Recover or initialize the replay cache */
-	if (!(retval = krb5_rc_recover(kcontext, kdc_rcache)) ||
-	    !(retval = krb5_rc_initialize(kcontext,
-					  kdc_rcache,
-					  kcontext->clockskew))
-	    ) {
-	    /* Expunge the replay cache */
-	    if (!(retval = krb5_rc_expunge(kcontext, kdc_rcache))) {
-		sname = kdc_current_rcname;
-		kdc_current_rcname = strdup(rcname);
-		if (sname)
-		    free(sname);
-	    }
-	}
+    retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname);
+    if (retval)
+	return retval;
+
+    /* First try to recover */
+    retval = krb5_rc_recover(kcontext, kdc_rcache);
+    if (retval) {
+	/* Either the cache is malformated or not there, lets remove
+	   it first and then initialize it */
+	retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname);
 	if (retval)
-	    krb5_rc_close(kcontext, kdc_rcache);
+	    return retval;
+	retval = krb5_rc_destroy(kcontext, kdc_rcache);
+	if (retval)
+	    return retval;
+
+	/* init */
+	retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname);
+	if (retval)
+	    return retval;
+	retval = krb5_rc_initialize(kcontext, kdc_rcache, kcontext->clockskew);
+	if (retval)
+	    goto out;
+    }
+    
+    /* Now that we have an open and valid rcache, expunge it */
+    retval = krb5_rc_expunge(kcontext, kdc_rcache);
+    if (retval == 0) {
+	char *sname = kdc_current_rcname;
+	kdc_current_rcname = strdup(rcname);
+	if (sname)
+	    free(sname);
+    }
+
+ out:
+    if (retval) {
+	krb5_rc_close(kcontext, kdc_rcache);
+	kdc_rcache = NULL;
     }
     return(retval);
 }
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_dfl.c	2007-08-09 13:29:17.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_dfl.c	2008-06-04 10:52:04.000000000 -0700
@@ -267,8 +267,18 @@
 krb5_rc_dfl_destroy(krb5_context context, krb5_rcache id)
 {
 #ifndef NOIOSTUFF
-    if (krb5_rc_io_destroy(context, &((struct dfl_data *) (id->data))->d))
-	return KRB5_RC_IO;
+    struct dfl_data *t = (struct dfl_data *)id->data;
+    krb5_error_code retval;
+
+    retval = krb5_rc_io_open(context, &t->d, t->name);
+    if (retval)
+	return retval;
+    retval = krb5_rc_io_destroy(context, &t->d);
+    if (retval)
+	return retval;
+    retval = krb5_rc_io_close(context, &t->d);
+    if (retval)
+	return retval;
 #endif
     return krb5_rc_dfl_close(context, id);
 }
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_io.c	2007-08-09 13:29:17.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/krb5/rcache/rc_io.c	2008-06-04 12:56:45.000000000 -0700
@@ -425,6 +425,8 @@
 				   strerror(errno));
 	    return KRB5_RC_IO_UNKNOWN;
 	}
+    if (count != num)
+	return KRB5_RC_IO_EOF;
     if (count == 0)
 	return KRB5_RC_IO_EOF;
     return 0;


From rt-comment at krbdev.mit.edu  Mon Jul  7 16:07:31 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 16:07:31 -0400 (EDT)
Subject: [krbdev.mit.edu #5662] KDC stash endian independence 
In-Reply-To: <rt-5662@krbdev.mit.edu>
Message-ID: <rt-5662-27313.4.89746142279252@krbdev.mit.edu>

Resolved by 6001 (see referred to section)

From rt-comment at krbdev.mit.edu  Mon Jul  7 16:09:07 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 16:09:07 -0400 (EDT)
Subject: [krbdev.mit.edu #5641] kadm5_setkey_principal_3 fix 
In-Reply-To: <rt-5641@krbdev.mit.edu>
Message-ID: <rt-5641-27316.3.8358691371883@krbdev.mit.edu>

Resolved by 5990

From rt-comment at krbdev.mit.edu  Mon Jul  7 16:19:32 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 16:19:32 -0400 (EDT)
Subject: [krbdev.mit.edu #6019] Add signal to force KDC to check for changed
	interfaces 
In-Reply-To: <rt-6019@krbdev.mit.edu>
Message-ID: <rt-6019-27320.1.65585895025551@krbdev.mit.edu>

diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.c	2006-11-16 14:54:22.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.c	2006-11-16 19:02:36.000000000 -0800
@@ -40,3 +40,4 @@
 
 volatile int signal_requests_exit = 0;	/* gets set when signal hits */
 volatile int signal_requests_hup = 0;   /* ditto */
+volatile int signal_requests_network = 0;   /* ditto (SIGUSR1) */
diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.h Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.h
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.h	2006-11-16 14:54:22.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.h	2006-11-16 19:02:36.000000000 -0800
@@ -96,4 +96,5 @@
 
 extern volatile int signal_requests_exit;
 extern volatile int signal_requests_hup;
+extern volatile int signal_requests_network;
 #endif /* __KRB5_KDC_EXTERN__ */
diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/main.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/main.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/main.c	2006-11-16 14:54:22.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/main.c	2006-11-16 19:12:43.000000000 -0800
@@ -56,6 +56,7 @@
 
 krb5_sigtype request_exit (int);
 krb5_sigtype request_hup  (int);
+krb5_sigtype request_network  (int);
 
 void setup_signal_handlers (void);
 
@@ -371,6 +372,18 @@
 #endif
 }
 
+krb5_sigtype
+request_network(int signo)
+{
+    signal_requests_network = 1;
+
+#ifdef POSIX_SIGTYPE
+    return;
+#else
+    return(0);
+#endif
+}
+
 void
 setup_signal_handlers(void)
 {
@@ -382,12 +395,15 @@
     (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL);
     s_action.sa_handler = request_hup;
     (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
+    s_action.sa_handler = request_network;
+    (void) sigaction(SIGUSR1, &s_action, (struct sigaction *) NULL);
     s_action.sa_handler = SIG_IGN;
     (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL);
 #else  /* POSIX_SIGNALS */
     signal(SIGINT, request_exit);
     signal(SIGTERM, request_exit);
     signal(SIGHUP, request_hup);
+    signal(SIGUSR1, request_network);
     signal(SIGPIPE, SIG_IGN);
 #endif /* POSIX_SIGNALS */
 
diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/network.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/network.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/network.c	2006-11-16 14:54:22.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/network.c	2006-11-16 19:02:36.000000000 -0800
@@ -207,7 +207,7 @@
   (set.data[idx] = set.data[--set.n], 0)
 
 #define FREE_SET_DATA(set) if(set.data) free(set.data);                 \
-   (set.data = 0, set.max = 0)
+   (set.data = 0, set.max = 0, set.n = 0)
 
 
 /* Set<struct connection *> connections; */
@@ -222,6 +222,8 @@
 
 static struct select_state sstate;
 
+static int getcurtime (struct timeval *tvp);
+
 static krb5_error_code add_udp_port(int port)
 {
     int	i;
@@ -1066,17 +1068,42 @@
        that junk on the stack.  */
     static struct select_state sout;
     int			i, sret;
+    int			netchanged; 
     krb5_error_code	err;
 
-    if (conns == (struct connection **) NULL)
-	return KDC5_NONET;
-    
+    netchanged = 0;
+    if (conns == (struct connection **) NULL){
+       sleep(30);
+       err = setup_network(prog);
+       if (conns == (struct connection **) NULL)
+                       return KDC5_NONET;
+               if (err){
+                       com_err(prog, err,"while initalizing the network");
+                       return err;
+               }
+     }   
+ 
     while (!signal_requests_exit) {
 	if (signal_requests_hup) {
 	    krb5_klog_reopen(kdc_context);
 	    signal_requests_hup = 0;
 	}
-	sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0;
+
+
+       if (signal_requests_network) {
+               com_err(prog, EINTR, "signal_requests_network recieved");
+               err = getcurtime(&(sstate.end_time));
+               if(err) {
+                       com_err(prog, err, "while getting the time");
+                       continue;
+               }
+               sstate.end_time.tv_sec += 3;
+               netchanged = 1;
+       } else {
+               sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0;
+       }
+
+
 	err = krb5int_cm_call_select(&sstate, &sout, &sret);
 	if (err) {
 	    com_err(prog, err, "while selecting for network input(1)");
@@ -1087,6 +1114,17 @@
 		com_err(prog, errno, "while selecting for network input(2)");
 	    continue;
 	}
+	if(netchanged && (sret == 0)) {
+               signal_requests_network = 0;
+               (void)closedown_network(prog);
+               err = setup_network(prog);
+               if(err) {
+                       com_err(prog, err, "while re-initializing network");
+                       return err;
+               }
+               netchanged = 0;
+       }
+
 	nfound = sret;
 	for (i=0; i<n_sockets && nfound > 0; i++) {
 	    int sflags = 0;
@@ -1129,4 +1167,24 @@
     return 0;
 }
 
+// stolen from sendto_kdc.c
+static int getcurtime (struct timeval *tvp)
+{
+#ifdef _WIN32
+    struct _timeb tb;
+    _ftime(&tb);
+    tvp->tv_sec = tb.time;
+    tvp->tv_usec = tb.millitm * 1000;
+    /* Can _ftime fail?  */
+    return 0;
+#else
+    if (gettimeofday(tvp, 0)) {
+      //dperror("gettimeofday");
+      return errno;
+    }
+    return 0;
+#endif
+}
+
+
 #endif /* INET */


From rt-comment at krbdev.mit.edu  Mon Jul  7 16:26:08 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 7 Jul 2008 16:26:08 -0400 (EDT)
Subject: [krbdev.mit.edu #6020] Application server side support for authdata
	generated by authdata plugins 
In-Reply-To: <rt-6020@krbdev.mit.edu>
Message-ID: <rt-6020-27321.14.186749380939@krbdev.mit.edu>

diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Headers/Kerberos5Prefix.h Kerberos/KerberosFramework/Kerberos5/Headers/Kerberos5Prefix.h
--- Kerberos.orig/KerberosFramework/Kerberos5/Headers/Kerberos5Prefix.h	2007-03-09 13:15:18.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Headers/Kerberos5Prefix.h	2007-03-29 01:54:58.000000000 -0700
@@ -12,6 +12,7 @@
 
 #define KRB5_PLUGIN_BUNDLE_DIR       "/System/Library/KerberosPlugins/KerberosFrameworkPlugins"
 #define KDB5_PLUGIN_BUNDLE_DIR       "/System/Library/KerberosPlugins/KerberosDatabasePlugins"
+#define KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR  "/System/Library/KerberosPlugins/KerberosAuthDataPlugins"
 
 #define SHARED                       1
 
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj Kerberos/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj
--- Kerberos.orig/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj	2007-03-29 01:52:29.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj	2007-03-29 01:54:58.000000000 -0700
@@ -70,8 +70,9 @@
 /* End PBXAggregateTarget section */
 
 /* Begin PBXBuildFile section */
-		729C0C390A526A75004D326F /* pkinit_apple_server.c in Sources */ = {isa = PBXBuildFile; fileRef = A15344CB0940F21400A3FB34 /* pkinit_apple_server.c */; };
 		724593AC0A54A8BB009AD017 /* notify_pws.c in Sources */ = {isa = PBXBuildFile; fileRef = 724593AB0A54A8BB009AD017 /* notify_pws.c */; };
+		727FB3180B55A7FA006E5270 /* kdc_authdata.c in Sources */ = {isa = PBXBuildFile; fileRef = 727FB3170B55A7FA006E5270 /* kdc_authdata.c */; };
+		729C0C390A526A75004D326F /* pkinit_apple_server.c in Sources */ = {isa = PBXBuildFile; fileRef = A15344CB0940F21400A3FB34 /* pkinit_apple_server.c */; };
 		A10D141A09DDBAF6004F9B1E /* fake-addrinfo.c in Sources */ = {isa = PBXBuildFile; fileRef = A15346A10940F21700A3FB34 /* fake-addrinfo.c */; };
 		A10D141B09DDBAF6004F9B1E /* init-addrinfo.c in Sources */ = {isa = PBXBuildFile; fileRef = A15346A20940F21700A3FB34 /* init-addrinfo.c */; };
 		A10D141C09DDBAF6004F9B1E /* plugins.c in Sources */ = {isa = PBXBuildFile; fileRef = A1E7180109C85F4400525147 /* plugins.c */; };
@@ -1159,9 +1160,10 @@
 /* End PBXCopyFilesBuildPhase section */
 
 /* Begin PBXFileReference section */
+		724593AB0A54A8BB009AD017 /* notify_pws.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = notify_pws.c; sourceTree = "<group>"; };
+		727FB3170B55A7FA006E5270 /* kdc_authdata.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = kdc_authdata.c; path = ../Sources/kdc/kdc_authdata.c; sourceTree = SOURCE_ROOT; };
 		A108E6210A41E1E0008545E5 /* Release.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = Release.xcconfig; path = ../../../Common/Resources/Release.xcconfig; sourceTree = SOURCE_ROOT; };
 		A108E6220A41E1E0008545E5 /* Debug.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = Debug.xcconfig; path = ../../../Common/Resources/Debug.xcconfig; sourceTree = SOURCE_ROOT; };
-		724593AB0A54A8BB009AD017 /* notify_pws.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = notify_pws.c; sourceTree = "<group>"; };
 		A10D141409DDBAC0004F9B1E /* libsupport.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsupport.a; sourceTree = BUILT_PRODUCTS_DIR; };
 		A10D155409DDCBB3004F9B1E /* libgssrpc.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libgssrpc.a; sourceTree = BUILT_PRODUCTS_DIR; };
 		A10D15B809DDCFE0004F9B1E /* types.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = types.h; sourceTree = "<group>"; };
@@ -7575,6 +7577,7 @@
 		F5CFD36F022D854401120112 = {
 			isa = PBXGroup;
 			children = (
+				727FB3170B55A7FA006E5270 /* kdc_authdata.c */,
 				A108E6210A41E1E0008545E5 /* Release.xcconfig */,
 				A108E6220A41E1E0008545E5 /* Debug.xcconfig */,
 				A1BB08AF09EEDE7C0099B7F0 /* des425.pbexp */,
@@ -8260,6 +8263,7 @@
 		F5CFD36E022D854401120112 /* Project object */ = {
 			isa = PBXProject;
 			buildConfigurationList = A1518ECE086C85C40042CBBC /* Build configuration list for PBXProject "Kerberos5" */;
+			compatibilityVersion = "Xcode 2.4";
 			hasScannedForEncodings = 1;
 			mainGroup = F5CFD36F022D854401120112;
 			productRefGroup = F5CFD5CB022D86AD01120112 /* Products */;
@@ -8282,6 +8286,8 @@
 					ProjectRef = A163FB7B0A51CD5E0082F6D4 /* KerberosIPC.xcodeproj */;
 				},
 			);
+			projectRoot = "";
+			shouldCheckCompatibility = 1;
 			targets = (
 				A1E4F4F409E5C62100A56C1C /* Configure */,
 				A1B08BF7087F22550063079F /* Error Tables */,
@@ -9325,6 +9331,7 @@
 				A140AA2F09F0138D001D95C6 /* policy.c in Sources */,
 				A140AA3009F0138D001D95C6 /* replay.c in Sources */,
 				724593AC0A54A8BB009AD017 /* notify_pws.c in Sources */,
+				727FB3180B55A7FA006E5270 /* kdc_authdata.c in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/include/krb5/authdata_plugin.h Kerberos/KerberosFramework/Kerberos5/Sources/include/krb5/authdata_plugin.h
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/include/krb5/authdata_plugin.h	1969-12-31 16:00:00.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/include/krb5/authdata_plugin.h	2007-03-29 01:54:58.000000000 -0700
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2007 Apple Inc.  All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *  * Neither the name of Apple Inc, nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * <krb5/authdata_plugin.h>
+ *
+ * AuthorizationData plugin definitions for Kerberos 5.
+ *
+ */
+
+#ifndef KRB5_AUTHDATA_PLUGIN_H_INCLUDED
+#define KRB5_AUTHDATA_PLUGIN_H_INCLUDED
+#include <krb5/krb5.h>
+
+/*
+ * While arguments of these types are passed-in, for the most part a preauth
+ * module can treat them as opaque.  If we need keying data, we can ask for
+ * it directly.
+ */
+struct _krb5_db_entry_new;
+
+/*
+ * The function table / structure which a preauth server module must export as
+ * "authdata_server_0".  NOTE: replace "0" with "1" for the type and
+ * variable names if this gets picked up by upstream.  If the interfaces work
+ * correctly, future versions of the table will add either more callbacks or
+ * more arguments to callbacks, and in both cases we'll be able to wrap the v0
+ * functions.
+ */
+typedef struct krb5plugin_authdata_ftable_v0 {
+    /* Not-usually-visible name. */
+    char *name;
+
+    /* Per-plugin initialization/cleanup.  The init function is called by the
+     * KDC when the plugin is loaded, and the fini function is called before
+     * the plugin is unloaded.  Both are optional. */
+    krb5_error_code (*init_proc)(krb5_context, void **);
+    void (*fini_proc)(krb5_context, void *);
+    krb5_error_code (*authdata_proc)(krb5_context,
+   				   struct _krb5_db_entry_new *client,
+				   krb5_data *req_pkt,
+				   krb5_kdc_req *request,
+				   krb5_enc_tkt_part *enc_tkt_reply);
+} krb5plugin_authdata_ftable_v0;
+#endif /* KRB5_AUTHDATA_PLUGIN_H_INCLUDED */
\ No newline at end of file
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/include/stock/osconf.h Kerberos/KerberosFramework/Kerberos5/Sources/include/stock/osconf.h
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/include/stock/osconf.h	2007-03-09 13:15:40.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/include/stock/osconf.h	2007-03-29 01:54:58.000000000 -0700
@@ -52,6 +52,8 @@
 #define DEFAULT_PROFILE_PATH        ("~/Library/Preferences/edu.mit.Kerberos" ":" DEFAULT_SECURE_PROFILE_PATH)
 #define KRB5_PLUGIN_BUNDLE_DIR       "/System/Library/KerberosPlugins/KerberosFrameworkPlugins"
 #define KDB5_PLUGIN_BUNDLE_DIR       "/System/Library/KerberosPlugins/KerberosDatabasePlugins"
+#define KDB5_PLUGIN_BUNDLE_DIR       "/System/Library/KerberosPlugins/KerberosDatabasePlugins"
+#define KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR  "/System/Library/KerberosPlugins/KerberosAuthDataPlugins"
 #else
 #define DEFAULT_SECURE_PROFILE_PATH	"/etc/krb5.conf:@SYSCONFDIR/krb5.conf"
 #define DEFAULT_PROFILE_PATH        DEFAULT_SECURE_PROFILE_PATH
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c	2007-03-29 01:52:28.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c	2007-03-29 01:54:58.000000000 -0700
@@ -1,6 +1,7 @@
 /*
  * kdc/do_as_req.c
  *
+ * Portions Copyright (C) 2007 Apple Inc.
  * Copyright 1990,1991 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
@@ -318,6 +319,11 @@
 	goto errout;
     }
 
+	errcode = handle_authdata(kdc_context, &client, req_pkt, request, &enc_tkt_reply);
+	if (errcode) {
+		krb5_klog_syslog(LOG_INFO,  "AS_REQ : handle_authdata (%d)", errcode);
+	}
+
     ticket_reply.enc_part2 = &enc_tkt_reply;
 
     /*
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_authdata.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/kdc_authdata.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_authdata.c	1969-12-31 16:00:00.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/kdc_authdata.c	2007-03-29 01:54:58.000000000 -0700
@@ -0,0 +1,232 @@
+/*
+ * Copyright (c) 2007 Apple Inc.  All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *  * Neither the name of Apple Inc, nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * kdc/kdc_authdata.c
+ *
+ * AuthorizationData routines for the KDC.
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+#include "extern.h"
+#include <stdio.h>
+#include "adm_proto.h"
+
+#include <syslog.h>
+
+#include <assert.h>
+#include "../include/krb5/authdata_plugin.h"
+
+#if TARGET_OS_MAC
+static const char *objdirs[] = { KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR, LIBDIR "/krb5/plugins/authdata", NULL }; /* should be a list */
+#else
+static const char *objdirs[] = { LIBDIR "/krb5/plugins/authdata", NULL };
+#endif
+
+typedef krb5_error_code (*authdata_proc)
+    (krb5_context, krb5_db_entry *client,
+		    krb5_data *req_pkt,
+		    krb5_kdc_req *request,
+		    krb5_enc_tkt_part * enc_tkt_reply);
+
+typedef krb5_error_code (*init_proc)
+    (krb5_context, void **);
+typedef void (*fini_proc)
+    (krb5_context, void *);
+
+typedef struct _krb5_authdata_systems {
+    const char *name;
+    int		type;
+    int		flags;
+    void       *plugin_context;
+    init_proc   init;
+    fini_proc   fini;
+    authdata_proc	handle_authdata;
+} krb5_authdata_systems;
+
+static krb5_authdata_systems static_authdata_systems[] = {
+    { "[end]", -1,}
+};
+
+static krb5_authdata_systems *authdata_systems;
+static int n_authdata_systems;
+static struct plugin_dir_handle authdata_plugins;
+
+krb5_error_code
+load_authdata_plugins(krb5_context context)
+{
+    struct errinfo err;
+    void **authdata_plugins_ftables = NULL;
+    struct krb5plugin_authdata_ftable_v0 *ftable = NULL;
+    int module_count, i, k;
+    init_proc server_init_proc = NULL;
+
+    memset(&err, 0, sizeof(err));
+
+    /* Attempt to load all of the authdata plugins we can find. */
+    PLUGIN_DIR_INIT(&authdata_plugins);
+    if (PLUGIN_DIR_OPEN(&authdata_plugins) == 0) {
+	if (krb5int_open_plugin_dirs(objdirs, NULL,
+				     &authdata_plugins, &err) != 0) {
+	    return KRB5_PLUGIN_NO_HANDLE;
+	}
+    }
+
+    /* Get the method tables provided by the loaded plugins. */
+    authdata_plugins_ftables = NULL;
+    n_authdata_systems = 0;
+    if (krb5int_get_plugin_dir_data(&authdata_plugins,
+				    "authdata_server_0",
+				    &authdata_plugins_ftables, &err) != 0) {
+	return KRB5_PLUGIN_NO_HANDLE;
+    }
+
+    /* Count the valid modules. */ 
+    module_count = sizeof(static_authdata_systems)
+		   / sizeof(static_authdata_systems[0]);
+    if (authdata_plugins_ftables != NULL) {
+		for (i = 0; authdata_plugins_ftables[i] != NULL; i++) {
+			ftable = authdata_plugins_ftables[i];
+			if ((ftable->authdata_proc != NULL)) {
+				module_count++;
+			}
+		}
+    }
+
+    /* Build the complete list of supported authdata options, and
+     * leave room for a terminator entry. */
+    authdata_systems = calloc((module_count + 1), sizeof(krb5_authdata_systems) );
+    if (authdata_systems == NULL) {
+		krb5int_free_plugin_dir_data(authdata_plugins_ftables);
+		return ENOMEM;
+    }
+
+    /* Add the locally-supplied mechanisms to the dynamic list first. */
+    for (i = 0, k = 0;
+	 i < sizeof(static_authdata_systems) / sizeof(static_authdata_systems[0]);
+	 i++) {
+			if (static_authdata_systems[i].type == -1)
+				break;
+			authdata_systems[k] = static_authdata_systems[i];
+			/* Try to initialize the authdata system.  If it fails, we'll remove it
+			 * from the list of systems we'll be using. */
+			server_init_proc = static_authdata_systems[i].init;
+			if ((server_init_proc != NULL) &&
+				((*server_init_proc)(context, NULL /* &plugin_context */) != 0)) {
+				memset(&authdata_systems[k], 0, sizeof(authdata_systems[k]));
+				continue;
+			}
+			k++;
+    }
+
+    /* Now add the dynamically-loaded mechanisms to the list. */
+    if (authdata_plugins_ftables != NULL) {
+		for (i = 0; authdata_plugins_ftables[i] != NULL; i++) {
+			ftable = authdata_plugins_ftables[i];
+			if ((ftable->authdata_proc == NULL)) {
+			continue;
+			}
+			server_init_proc = ftable->init_proc;
+			krb5_error_code initerr;
+			if ((server_init_proc != NULL) &&
+				((initerr = (*server_init_proc)(context, NULL /* &plugin_context */)) != 0)) {
+					const char *emsg;
+					emsg = krb5_get_error_message(context, initerr);
+					if (emsg) {
+						krb5_klog_syslog(LOG_ERR,
+							"authdata %s failed to initialize: %s",
+							ftable->name, emsg);
+						krb5_free_error_message(context, emsg);
+					}
+					memset(&authdata_systems[k], 0, sizeof(authdata_systems[k]));
+		
+					continue;
+			}
+	
+			authdata_systems[k].name = ftable->name;
+			authdata_systems[k].init = server_init_proc;
+			authdata_systems[k].fini = ftable->fini_proc;
+			authdata_systems[k].handle_authdata = ftable->authdata_proc;
+			k++;
+		}
+    }
+    n_authdata_systems = k;
+    /* Add the end-of-list marker. */
+    authdata_systems[k].name = "[end]";
+	authdata_systems[k].type = -1;
+    return 0;
+}
+
+krb5_error_code
+unload_authdata_plugins(krb5_context context)
+{
+    int i;
+    if (authdata_systems != NULL) {
+	for (i = 0; i < n_authdata_systems; i++) {
+	    if (authdata_systems[i].fini != NULL) {
+	        (*authdata_systems[i].fini)(context,
+					   authdata_systems[i].plugin_context);
+	    }
+	    memset(&authdata_systems[i], 0, sizeof(authdata_systems[i]));
+	}
+	free(authdata_systems);
+	authdata_systems = NULL;
+	n_authdata_systems = 0;
+	krb5int_close_plugin_dirs(&authdata_plugins);
+    }
+    return 0;
+}
+
+krb5_error_code
+handle_authdata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
+	      krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply)
+{
+    krb5_error_code retval = 0;
+    krb5_authdata_systems *authdata_sys;
+	int i;
+	const char *emsg;
+	
+    krb5_klog_syslog (LOG_DEBUG, "handling authdata");
+
+    for (authdata_sys = authdata_systems, i = 0; authdata_sys != NULL && i < n_authdata_systems; i++) {
+      	if (authdata_sys[i].handle_authdata && authdata_sys[i].type != -1) {
+			retval = authdata_sys[i].handle_authdata(context, client, req_pkt, request,
+							   enc_tkt_reply);
+			if (retval) {
+				emsg = krb5_get_error_message (context, retval);
+				krb5_klog_syslog (LOG_INFO, "authdata (%s) handling failure: %s",
+						  authdata_sys[i].name, emsg);
+				krb5_free_error_message (context, emsg);
+			} else {
+				krb5_klog_syslog (LOG_DEBUG, ".. .. ok");
+			}
+		}
+    }
+
+	return 0;
+ }
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.h Kerberos/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.h
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.h	2007-03-09 13:15:54.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.h	2007-03-29 01:54:58.000000000 -0700
@@ -1,6 +1,7 @@
 /*
  * kdc/kdc_util.h
  *
+ * Portions Copyright (C) 2007 Apple Inc.
  * Copyright 1990 by the Massachusetts Institute of Technology.
  *
  * Export of this software from the United States of America may
@@ -163,6 +164,13 @@
 krb5_error_code free_padata_context
     (krb5_context context, void **padata_context);
 
+/* kdc_authdata.c */
+krb5_error_code load_authdata_plugins(krb5_context context);
+krb5_error_code unload_authdata_plugins(krb5_context context);
+
+krb5_error_code handle_authdata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
+	      krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply);
+
 /* replay.c */
 krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **);
 void kdc_insert_lookaside (krb5_data *, krb5_data *);
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/main.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/main.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/main.c	2007-03-29 01:52:28.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/main.c	2007-03-29 01:54:58.000000000 -0700
@@ -1,6 +1,7 @@
 /*
  * kdc/main.c
  *
+ * Portions Copyright (C) 2007 Apple Inc.
  * Copyright 1990,2001 by the Massachusetts Institute of Technology.
  *
  * Export of this software from the United States of America may
@@ -747,6 +748,7 @@
     setup_signal_handlers();
 
     load_preauth_plugins(kcontext);
+    load_authdata_plugins(kcontext);
 
     retval = setup_sam();
     if (retval) {
@@ -776,6 +778,7 @@
     }
     krb5_klog_syslog(LOG_INFO, "shutting down");
     unload_preauth_plugins(kcontext);
+    unload_authdata_plugins(kcontext);
     krb5_klog_close(kdc_context);
     finish_realms(argv[0]);
     if (kdc_realmlist) 


From rt-comment at krbdev.mit.edu  Tue Jul  8 13:07:16 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Tue, 8 Jul 2008 13:07:16 -0400 (EDT)
Subject: [krbdev.mit.edu #5432] SVN Commit 
In-Reply-To: <rt-5432@krbdev.mit.edu>
Message-ID: <rt-5432-27333.3.4486685468098@krbdev.mit.edu>


Changes to krb5_kt_default_name changed the krb5 ABI.  Reverted
API prototype change and added a temporary variable to avoid casting 
problems.

Commit By: lxs



Revision: 20502
Changed Files:
U   trunk/src/include/krb5/krb5.hin
U   trunk/src/lib/krb5/os/ktdefname.c


From rt-comment at krbdev.mit.edu  Tue Jul  8 17:55:52 2008
From: rt-comment at krbdev.mit.edu (Nicolas Williams via RT)
Date: Tue, 8 Jul 2008 17:55:52 -0400 (EDT)
Subject: [krbdev.mit.edu #6019] Add signal to force KDC to check for
	changed interfaces
In-Reply-To: <rt-6019@krbdev.mit.edu>
Message-ID: <rt-6019-27334.19.8379077256138@krbdev.mit.edu>

Or use a PF_ROUTE socket?

On Mon, Jul 07, 2008 at 04:19:32PM -0400, Alexandra Ellwood via RT wrote:
> diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.c
> --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.c	2006-11-16 14:54:22.000000000 -0800
> +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.c	2006-11-16 19:02:36.000000000 -0800
> @@ -40,3 +40,4 @@
>  
>  volatile int signal_requests_exit = 0;	/* gets set when signal hits */
>  volatile int signal_requests_hup = 0;   /* ditto */
> +volatile int signal_requests_network = 0;   /* ditto (SIGUSR1) */
> diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.h Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.h
> --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/extern.h	2006-11-16 14:54:22.000000000 -0800
> +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/extern.h	2006-11-16 19:02:36.000000000 -0800
> @@ -96,4 +96,5 @@
>  
>  extern volatile int signal_requests_exit;
>  extern volatile int signal_requests_hup;
> +extern volatile int signal_requests_network;
>  #endif /* __KRB5_KDC_EXTERN__ */
> diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/main.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/main.c
> --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/main.c	2006-11-16 14:54:22.000000000 -0800
> +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/main.c	2006-11-16 19:12:43.000000000 -0800
> @@ -56,6 +56,7 @@
>  
>  krb5_sigtype request_exit (int);
>  krb5_sigtype request_hup  (int);
> +krb5_sigtype request_network  (int);
>  
>  void setup_signal_handlers (void);
>  
> @@ -371,6 +372,18 @@
>  #endif
>  }
>  
> +krb5_sigtype
> +request_network(int signo)
> +{
> +    signal_requests_network = 1;
> +
> +#ifdef POSIX_SIGTYPE
> +    return;
> +#else
> +    return(0);
> +#endif
> +}
> +
>  void
>  setup_signal_handlers(void)
>  {
> @@ -382,12 +395,15 @@
>      (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL);
>      s_action.sa_handler = request_hup;
>      (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
> +    s_action.sa_handler = request_network;
> +    (void) sigaction(SIGUSR1, &s_action, (struct sigaction *) NULL);
>      s_action.sa_handler = SIG_IGN;
>      (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL);
>  #else  /* POSIX_SIGNALS */
>      signal(SIGINT, request_exit);
>      signal(SIGTERM, request_exit);
>      signal(SIGHUP, request_hup);
> +    signal(SIGUSR1, request_network);
>      signal(SIGPIPE, SIG_IGN);
>  #endif /* POSIX_SIGNALS */
>  
> diff -uNr -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/network.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/network.c
> --- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/network.c	2006-11-16 14:54:22.000000000 -0800
> +++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/network.c	2006-11-16 19:02:36.000000000 -0800
> @@ -207,7 +207,7 @@
>    (set.data[idx] = set.data[--set.n], 0)
>  
>  #define FREE_SET_DATA(set) if(set.data) free(set.data);                 \
> -   (set.data = 0, set.max = 0)
> +   (set.data = 0, set.max = 0, set.n = 0)
>  
>  
>  /* Set<struct connection *> connections; */
> @@ -222,6 +222,8 @@
>  
>  static struct select_state sstate;
>  
> +static int getcurtime (struct timeval *tvp);
> +
>  static krb5_error_code add_udp_port(int port)
>  {
>      int	i;
> @@ -1066,17 +1068,42 @@
>         that junk on the stack.  */
>      static struct select_state sout;
>      int			i, sret;
> +    int			netchanged; 
>      krb5_error_code	err;
>  
> -    if (conns == (struct connection **) NULL)
> -	return KDC5_NONET;
> -    
> +    netchanged = 0;
> +    if (conns == (struct connection **) NULL){
> +       sleep(30);
> +       err = setup_network(prog);
> +       if (conns == (struct connection **) NULL)
> +                       return KDC5_NONET;
> +               if (err){
> +                       com_err(prog, err,"while initalizing the network");
> +                       return err;
> +               }
> +     }   
> + 
>      while (!signal_requests_exit) {
>  	if (signal_requests_hup) {
>  	    krb5_klog_reopen(kdc_context);
>  	    signal_requests_hup = 0;
>  	}
> -	sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0;
> +
> +
> +       if (signal_requests_network) {
> +               com_err(prog, EINTR, "signal_requests_network recieved");
> +               err = getcurtime(&(sstate.end_time));
> +               if(err) {
> +                       com_err(prog, err, "while getting the time");
> +                       continue;
> +               }
> +               sstate.end_time.tv_sec += 3;
> +               netchanged = 1;
> +       } else {
> +               sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0;
> +       }
> +
> +
>  	err = krb5int_cm_call_select(&sstate, &sout, &sret);
>  	if (err) {
>  	    com_err(prog, err, "while selecting for network input(1)");
> @@ -1087,6 +1114,17 @@
>  		com_err(prog, errno, "while selecting for network input(2)");
>  	    continue;
>  	}
> +	if(netchanged && (sret == 0)) {
> +               signal_requests_network = 0;
> +               (void)closedown_network(prog);
> +               err = setup_network(prog);
> +               if(err) {
> +                       com_err(prog, err, "while re-initializing network");
> +                       return err;
> +               }
> +               netchanged = 0;
> +       }
> +
>  	nfound = sret;
>  	for (i=0; i<n_sockets && nfound > 0; i++) {
>  	    int sflags = 0;
> @@ -1129,4 +1167,24 @@
>      return 0;
>  }
>  
> +// stolen from sendto_kdc.c
> +static int getcurtime (struct timeval *tvp)
> +{
> +#ifdef _WIN32
> +    struct _timeb tb;
> +    _ftime(&tb);
> +    tvp->tv_sec = tb.time;
> +    tvp->tv_usec = tb.millitm * 1000;
> +    /* Can _ftime fail?  */
> +    return 0;
> +#else
> +    if (gettimeofday(tvp, 0)) {
> +      //dperror("gettimeofday");
> +      return errno;
> +    }
> +    return 0;
> +#endif
> +}
> +
> +
>  #endif /* INET */
> 
> _______________________________________________
> krb5-bugs mailing list
> krb5-bugs at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krb5-bugs


From rt-comment at krbdev.mit.edu  Tue Jul  8 19:40:16 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 8 Jul 2008 19:40:16 -0400 (EDT)
Subject: [krbdev.mit.edu #6010] krb5int_gic_opte_copy should copy elements
	individually
In-Reply-To: <rt-6010@krbdev.mit.edu>
Message-ID: <rt-6010-27335.2.39565636091335@krbdev.mit.edu>

On most platforms, the memcpy() should work because the structure
layouts are identical for their initial overlapping elements.  (The C
standard does not guarantee this.)  On the Mac, the use of "#pragma
pack" could cause a difference in structure layout.

We need to investigate whether this constitutes an ABI change on the
Mac.  Given that a caller can receive a new structure type-punned to
the old one, I believe it is an ABI change.


From rt-comment at krbdev.mit.edu  Wed Jul  9 12:41:41 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Wed, 9 Jul 2008 12:41:41 -0400 (EDT)
Subject: [krbdev.mit.edu #6010] krb5int_gic_opte_copy should copy elements
	individually
In-Reply-To: <rt-6010@krbdev.mit.edu>
Message-ID: <rt-6010-27336.14.5849656451442@krbdev.mit.edu>

On Jul 8, 2008, at 19:40, Tom Yu via RT wrote:
> On most platforms, the memcpy() should work because the structure
> layouts are identical for their initial overlapping elements.  (The C
> standard does not guarantee this.)  On the Mac, the use of "#pragma
> pack" could cause a difference in structure layout.
>
> We need to investigate whether this constitutes an ABI change on the
> Mac.  Given that a caller can receive a new structure type-punned to
> the old one, I believe it is an ABI change.

Yes, I believe it is as well.  I think the only way to avoid that is a  
Mac-specific "#pragma pack" for the extended version of the structure  
too.  It will have no effect on other platforms, and the only Mac code  
it could break would be code trying to explicitly set one field after  
the extended structure has been put into use, and somehow relying on  
the fact that it *doesn't* set the intended field, but overwrites  
something else.  I won't lose any sleep over breaking such programs. :)

Ken


From rt-comment at krbdev.mit.edu  Wed Jul  9 13:50:59 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Wed, 9 Jul 2008 13:50:59 -0400 (EDT)
Subject: [krbdev.mit.edu #6019] Add signal to force KDC to check for
	changed interfaces
In-Reply-To: <rt-6019@krbdev.mit.edu>
Message-ID: <rt-6019-27337.15.0812706721895@krbdev.mit.edu>

On Jul 8, 2008, at 17:55, Nicolas Williams via RT wrote:
> Or use a PF_ROUTE socket?

I'm not terribly familiar with using PF_ROUTE sockets, but from a  
quick read of the route(4) man page, I suspect it would work, and  
would be more automated than having to send a signal.

At least one ipsec package doesn't visibly update the routing table  
when tunnels are brought up and new addresses assigned -- but then, it  
doesn't make the new addresses visible either, so we're no worse off.

Maybe lxs should check with Apple and see if they have a reason for  
not doing it this way.  I'd guess it probably was easier than trying  
to untangle our network handling callback setup, but I'd have no such  
excuse. :)

A minor problem with the Apple patch -- or any revised one that still  
uses closedown_network/setup_network -- is that it'll discard any  
pending requests over UDP that have been queued by the kernel but not  
yet read by the KDC.  I'd have to dig into the code to figure out if  
open TCP connections get closed, get serviced, or get ignored; my  
guess is they'll get closed.

Discarded UDP packets would get retransmitted by the client; that's  
okay.  Closed TCP connections won't be retried by an MIT client (to  
the same KDC address), but usually UDP will be getting tried as well,  
unless we've got too much PAC data.  Ignored TCP connections would  
waste resources on the KDC.  It would be nicer to only close down the  
listening sockets where we no longer own the address, so we never stop  
listening, but...

I'm also not 100% sure that closedown_network does a full cleanup.

getcurtime should probably become an inline function in one of the  
headers, it's a trivial enough thing and we should avoid the code  
duplication.


From rt-comment at krbdev.mit.edu  Wed Jul  9 15:16:39 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Wed, 9 Jul 2008 15:16:39 -0400 (EDT)
Subject: [krbdev.mit.edu #6019] Add signal to force KDC to check for
	changed interfaces
In-Reply-To: <rt-6019@krbdev.mit.edu>
Message-ID: <rt-6019-27338.14.3687364270859@krbdev.mit.edu>

(And of course insert once again my request for IP_PKTINFO support in  
the Darwin kernel, which would make all this unnecessary, on the Mac  
at least.)


From rt-comment at krbdev.mit.edu  Wed Jul  9 15:55:06 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 9 Jul 2008 15:55:06 -0400 (EDT)
Subject: [krbdev.mit.edu #6022] SVN Commit 
In-Reply-To: <rt-6022@krbdev.mit.edu>
Message-ID: <rt-6022-27339.14.2962874619504@krbdev.mit.edu>


lib/crypto/enc_provider/aes.c was missing a copyright statement.
Added.


Commit By: tlyu



Revision: 20503
Changed Files:
_U  trunk/
U   trunk/src/lib/crypto/enc_provider/aes.c


From rt-comment at krbdev.mit.edu  Wed Jul  9 17:16:09 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Wed, 9 Jul 2008 17:16:09 -0400 (EDT)
Subject: [krbdev.mit.edu #6024] SVN Commit 
In-Reply-To: <rt-6024@krbdev.mit.edu>
Message-ID: <rt-6024-27348.17.618362080141@krbdev.mit.edu>


ccache is a confusing abbreviation of credentials cache

Commit By: lxs



Revision: 20505
Changed Files:
U   trunk/src/kim/lib/kim_error_code.et


From rt-comment at krbdev.mit.edu  Wed Jul  9 17:18:59 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Wed, 9 Jul 2008 17:18:59 -0400 (EDT)
Subject: [krbdev.mit.edu #6025] SVN Commit 
In-Reply-To: <rt-6025@krbdev.mit.edu>
Message-ID: <rt-6025-27351.10.9664469871884@krbdev.mit.edu>


Macro is defined in Kerberos5Prefix.h

Commit By: lxs



Revision: 20507
Changed Files:
U   trunk/src/include/kerberosIV/des.h
U   trunk/src/include/kerberosIV/krb.h


From rt-comment at krbdev.mit.edu  Wed Jul  9 22:04:14 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 9 Jul 2008 22:04:14 -0400 (EDT)
Subject: [krbdev.mit.edu #5632] SVN Commit 
In-Reply-To: <rt-5632@krbdev.mit.edu>
Message-ID: <rt-5632-27369.16.1638233538931@krbdev.mit.edu>


Apply patch from Apple to handle missing krb5.conf for zeroconf
situations.


Commit By: tlyu



Revision: 20509
Changed Files:
_U  trunk/
U   trunk/src/util/profile/prof_init.c


From rt-comment at krbdev.mit.edu  Thu Jul 10 16:17:59 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Thu, 10 Jul 2008 16:17:59 -0400 (EDT)
Subject: [krbdev.mit.edu #6026] SVN Commit 
In-Reply-To: <rt-6026@krbdev.mit.edu>
Message-ID: <rt-6026-27372.18.9581987688532@krbdev.mit.edu>


ccs_list_release was trying to manually delete the iterators with a 
broken for loop which skipped iterators.  Since the iterators were referenced
by the client, when the client exited it would tell the iterators to release
themselves.  The orphaned itertors would attempt to remove themselves from
their list (which had been released) resulting in a crash.

Commit By: lxs



Revision: 20510
Changed Files:
U   trunk/src/ccapi/server/ccs_list_internal.c


From rt-comment at krbdev.mit.edu  Thu Jul 10 18:34:33 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 10 Jul 2008 18:34:33 -0400 (EDT)
Subject: [krbdev.mit.edu #6010] SVN Commit 
In-Reply-To: <rt-6010@krbdev.mit.edu>
Message-ID: <rt-6010-27378.6.09107637388909@krbdev.mit.edu>


Use #pragma pop on the Mac to ensure that the krb5_gic_opt_ext
structure has the same layout as the public version.

Commit By: tlyu



Revision: 20511
Changed Files:
_U  trunk/
U   trunk/src/include/k5-int.h


From rt-comment at krbdev.mit.edu  Thu Jul 10 18:34:47 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 10 Jul 2008 18:34:47 -0400 (EDT)
Subject: [krbdev.mit.edu #6010] SVN Commit 
In-Reply-To: <rt-6010@krbdev.mit.edu>
Message-ID: <rt-6010-27379.17.6381097229412@krbdev.mit.edu>


Add comment and <TargetConditionals.h> to previous.

Commit By: tlyu



Revision: 20512
Changed Files:
_U  trunk/
U   trunk/src/include/k5-int.h


From rt-comment at krbdev.mit.edu  Fri Jul 11 20:55:29 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Fri, 11 Jul 2008 20:55:29 -0400 (EDT)
Subject: [krbdev.mit.edu #6017] SVN Commit 
In-Reply-To: <rt-6017@krbdev.mit.edu>
Message-ID: <rt-6017-27383.4.53793950455541@krbdev.mit.edu>


Use all local addresses except loopback addresses, even if a non-loopback
address appears on a loopback interface.  This might happen if that's how
your VPN code makes your local address visible.

Use a variant of Apple's patch, extended to handle the other variations of
local address determination.
Commit By: raeburn



Revision: 20513
Changed Files:
U   trunk/src/lib/krb5/os/localaddr.c


From rt-comment at krbdev.mit.edu  Fri Jul 11 21:15:34 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Fri, 11 Jul 2008 21:15:34 -0400 (EDT)
Subject: [krbdev.mit.edu #6019] SVN Commit 
In-Reply-To: <rt-6019@krbdev.mit.edu>
Message-ID: <rt-6019-27385.16.2117480121767@krbdev.mit.edu>


In FREE_SET_DATA, reset the current count as well.
Commit By: raeburn



Revision: 20514
Changed Files:
U   trunk/src/kdc/network.c


From rt-comment at krbdev.mit.edu  Mon Jul 14 06:59:20 2008
From: rt-comment at krbdev.mit.edu (Mark.Phalan@Sun.Com via RT)
Date: Mon, 14 Jul 2008 06:59:20 -0400 (EDT)
Subject: [krbdev.mit.edu #6028] 
In-Reply-To: <rt-6028@krbdev.mit.edu>
Message-ID: <rt-6028-27396.3.65134450072183@krbdev.mit.edu>


kdb5_util/kdb5_ldap_util can core if kadm5_init_krb5_context() fails.
progname is being used before it is initialized.

Patch attached.

From rt-comment at krbdev.mit.edu  Mon Jul 14 07:05:29 2008
From: rt-comment at krbdev.mit.edu (Mark.Phalan@Sun.Com via RT)
Date: Mon, 14 Jul 2008 07:05:29 -0400 (EDT)
Subject: [krbdev.mit.edu #6029] 
In-Reply-To: <rt-6029@krbdev.mit.edu>
Message-ID: <rt-6029-27397.14.4375660879369@krbdev.mit.edu>


On pretty much every failed kadmin "action" memory is leaked from
krb5_get_error_message(). The attached patch krb5_free_error_message()'s
the error message before returning.

From rt-comment at krbdev.mit.edu  Mon Jul 14 07:08:43 2008
From: rt-comment at krbdev.mit.edu (Mark.Phalan@Sun.Com via RT)
Date: Mon, 14 Jul 2008 07:08:43 -0400 (EDT)
Subject: [krbdev.mit.edu #6030] kdb5_util/kdb5_ldap_util core dumps and prints
	incorrect progname on error paths 
In-Reply-To: <rt-6030@krbdev.mit.edu>
Message-ID: <rt-6030-27398.15.0804250249184@krbdev.mit.edu>


There are a number of places in krb5_util and krb5_ldap_util where
argv[0] is being used instead of 'progname'. This results in core dumps
in some situations and in an incorrect string being printed instead of
the program name (when printing an error message).

e.g.
when the password read is interupted by a SIGINT

4# kdb5_ldap_util -D "cn=Directory Manager" create -r ACME.COM -s
Password for "cn=Directory Manager": 
zsh: segmentation fault (core dumped)  kdb5_ldap_util -D "cn=Directory
Manager" create -r ACME.COM -s

From rt-comment at krbdev.mit.edu  Mon Jul 14 07:15:10 2008
From: rt-comment at krbdev.mit.edu (Mark.Phalan@Sun.Com via RT)
Date: Mon, 14 Jul 2008 07:15:10 -0400 (EDT)
Subject: [krbdev.mit.edu #6031] krb needs better realm lookup logic 
In-Reply-To: <rt-6031@krbdev.mit.edu>
Message-ID: <rt-6031-27399.17.2552116443082@krbdev.mit.edu>

This patch implements a heuristic to determine the realm name from the
dns domain name of a host.

The algorithm is:

    domain = fqdn;
    while (domain.label_count > 2) {
        domain = pop_label(domain);
        realm = domain2realm(domain); /* for ASCII: toupper() */
        if (lookup_kdcs(realm) > 0)
            break;
        realm = NULL;
    }

    return (realm);

The patch as attached makes libresolv specific calls (as thats what
OpenSolaris uses).

From rt-comment at krbdev.mit.edu  Mon Jul 14 17:59:41 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 14 Jul 2008 17:59:41 -0400 (EDT)
Subject: [krbdev.mit.edu #5995] fix off-by-one error in FD_SETSIZE check in
	sendto_kdc.c 
In-Reply-To: <rt-5995@krbdev.mit.edu>
Message-ID: <rt-5995-27408.18.3293629051747@krbdev.mit.edu>

This appears to require r20127 as a prereq.

From rt-comment at krbdev.mit.edu  Mon Jul 14 18:11:20 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 14 Jul 2008 18:11:20 -0400 (EDT)
Subject: [krbdev.mit.edu #5544] SVN Commit 
In-Reply-To: <rt-5544@krbdev.mit.edu>
Message-ID: <rt-5544-27410.1.88182841597403@krbdev.mit.edu>


pull up r20316 from trunk

 r20316 at cathode-dark-space:  rra | 2008-05-10 23:54:41 -0400
 Ticket: 5544
 Tags: pullup
 
 Fix a typo in krb5.conf: ldap_server should be ldap_servers, as the
 latter is what the LDAP KDB plugin looks for.
 


Commit By: tlyu



Revision: 20516
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/config-files/krb5.conf.M


From rt-comment at krbdev.mit.edu  Mon Jul 14 18:11:42 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 14 Jul 2008 18:11:42 -0400 (EDT)
Subject: [krbdev.mit.edu #5953] SVN Commit 
In-Reply-To: <rt-5953@krbdev.mit.edu>
Message-ID: <rt-5953-27412.6.94983943442161@krbdev.mit.edu>


pull up r20311 from trunk

 r20311 at cathode-dark-space:  rra | 2008-04-28 19:05:27 -0400
 Ticket: new
 Subject: Properly escape - in kdb5_ldap_util man page
 Component: krb5-doc
 Version_Reported: 1.6.3
 Target_Version: 1.6.4
 Tags: pullup
 
 The LDAP plugin introduced a new man page which has unescaped hyphens.
 Unicode-aware groffs may convert those to real hyphens rather than
 the intended ASCII hyphen.  This patch adds backslashes in front of
 all the bare hyphens that I plus Debian's lintian program could find
 to force interpretation as ASCII hyphens.
 


Commit By: tlyu



Revision: 20517
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M


From rt-comment at krbdev.mit.edu  Mon Jul 14 18:12:14 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 14 Jul 2008 18:12:14 -0400 (EDT)
Subject: [krbdev.mit.edu #5924] SVN Commit 
In-Reply-To: <rt-5924@krbdev.mit.edu>
Message-ID: <rt-5924-27416.13.0451035786634@krbdev.mit.edu>


pull up r20413 from trunk

 r20413 at cathode-dark-space:  jaltman | 2008-06-18 15:36:49 -0400
 ticket: 5924
 tags: pullup
 
 This patch is derived from a patch originally submitted to RT
 by: Nik Conwell <nik at bu.edu>
 
 krb5_set_real_time() accepts as input the time of the KDC
 or an application server as a combination of seconds and 
 microseconds.  Often it is the case that the time source 
 does not provide the real time with less than one second
 granularity.  Up until this patch such a caller would fill
 in the microseconds parameter as zero.   krb5_set_real_time() 
 would treat the zero microseconds as the actual reported 
 time and compute a microsecond based offset.  
 
 During a one second window subsequent calls to 
 krb5_set_real_time() would have an ever increasing offset 
 size until the number of seconds is incremented.  This
 in turn produces a side effect in which the microseconds
 value of the local clock is effectively erased.
 
 If there are multiple processes or threads on the same
 machine each requesting service tickets using the same
 client principal for the same service principal where
 the number of seconds reported by the KDC are equivalent,
 then they will now all create authenticators with 
 exactly the same timestamp.  As a result, the authenticating
 service will detect a replay attack even though the 
 authenticators are actually unique.  The replay cache
 only maintains a tuple of client, server and timestamp.
 
 This patch modifies the interpretation of the microseconds
 parameter.  If -1 is specified, the microseconds offset is
 ignored.
 
 


Commit By: tlyu



Revision: 20519
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/krb5/krb/get_in_tkt.c
U   branches/krb5-1-6/src/lib/krb5/os/toffset.c


From rt-comment at krbdev.mit.edu  Mon Jul 14 18:11:58 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 14 Jul 2008 18:11:58 -0400 (EDT)
Subject: [krbdev.mit.edu #5632] SVN Commit 
In-Reply-To: <rt-5632@krbdev.mit.edu>
Message-ID: <rt-5632-27414.17.8151362443557@krbdev.mit.edu>


pull up r20509 from trunk

 r20509 at cathode-dark-space:  tlyu | 2008-07-09 22:04:03 -0400
 ticket: 5632
 
 Apply patch from Apple to handle missing krb5.conf for zeroconf
 situations.
 
 


Commit By: tlyu



Revision: 20518
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/util/profile/prof_init.c


From rt-comment at krbdev.mit.edu  Mon Jul 14 18:12:30 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 14 Jul 2008 18:12:30 -0400 (EDT)
Subject: [krbdev.mit.edu #5933] SVN Commit 
In-Reply-To: <rt-5933@krbdev.mit.edu>
Message-ID: <rt-5933-27418.16.0182281684344@krbdev.mit.edu>


pull up r20296 from trunk

 r20296 at cathode-dark-space:  raeburn | 2008-03-28 21:09:00 -0400
 ticket: new
 subject: Coverity CID 101: Fix minor bounds check error.
 target_version: 1.6.4
 tags: pullup
 
 Coverity CID 101: Fix minor bounds check error.
 
 


Commit By: tlyu



Revision: 20520
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/kdc/kerberos_v4.c


From rt-comment at krbdev.mit.edu  Mon Jul 14 18:12:46 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 14 Jul 2008 18:12:46 -0400 (EDT)
Subject: [krbdev.mit.edu #5944] SVN Commit 
In-Reply-To: <rt-5944@krbdev.mit.edu>
Message-ID: <rt-5944-27420.5.44780214393789@krbdev.mit.edu>


pull up r20304 from trunk

 r20304 at cathode-dark-space:  raeburn | 2008-04-18 15:31:47 -0400
 ticket: new
 subject: fix possible buffer overrun in handling generic-error return
 target_version: 1.6.5
 tags: pullup
 
 Jeff Altman reported this, based on a crash seen in KfW in the wild.
 
 The krb5_data handle used to describe the message field returned by the KDC is
 not null-terminated, but we use a "%s" format to incorporate it into an error
 message string.  In the right circumstances, garbage bytes can be pulled into
 the string, or a memory fault may result.
 
 However, as this is in the error-reporting part of the client-side code for
 fetching new credentials, it's a relatively minor DoS attack only, not a
 serious security exposure.  Should be fixed in the next releases, though.
 


Commit By: tlyu



Revision: 20521
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/krb5/krb/gc_via_tkt.c


From rt-comment at krbdev.mit.edu  Mon Jul 14 18:13:10 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 14 Jul 2008 18:13:10 -0400 (EDT)
Subject: [krbdev.mit.edu #5994] SVN Commit 
In-Reply-To: <rt-5994@krbdev.mit.edu>
Message-ID: <rt-5994-27422.15.919606793507@krbdev.mit.edu>


pull up r20477 from trunk

 r20477 at cathode-dark-space:  raeburn | 2008-06-26 20:20:33 -0400
 ticket: new
 target_version: 1.6.4
 
 Fix possible null pointer deref, possible uninit ptr use, possible
 leak in unlikely small-allocation failure case.


Commit By: tlyu



Revision: 20522
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/rpc/auth_gssapi.c


From rt-comment at krbdev.mit.edu  Mon Jul 14 18:13:28 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 14 Jul 2008 18:13:28 -0400 (EDT)
Subject: [krbdev.mit.edu #5996] SVN Commit 
In-Reply-To: <rt-5996@krbdev.mit.edu>
Message-ID: <rt-5996-27424.12.8975949304392@krbdev.mit.edu>


pull up r20480 from trunk

 r20480 at cathode-dark-space:  raeburn | 2008-06-26 21:26:08 -0400
 ticket: new
 subject: fix free of automatic storage
 target_version: 1.6.4
 tags: pullup
 
 Fix a possible free of automatic storage that can happen on an
 (unlikely) encoding failure.


Commit By: tlyu



Revision: 20523
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/krb5/krb/rd_safe.c


From rt-comment at krbdev.mit.edu  Mon Jul 14 19:23:23 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 14 Jul 2008 19:23:23 -0400 (EDT)
Subject: [krbdev.mit.edu #6022] SVN Commit 
In-Reply-To: <rt-6022@krbdev.mit.edu>
Message-ID: <rt-6022-27429.1.83923227789158@krbdev.mit.edu>


pull up r20503 from trunk

 r20503 at cathode-dark-space:  tlyu | 2008-07-09 15:54:56 -0400
 ticket: new
 tags: pullup
 component: krb5-libs
 subject: add copyright to lib/crypto/enc_provider/aes.c
 target_version: 1.6.4
 
 lib/crypto/enc_provider/aes.c was missing a copyright statement.
 Added.
 
 


Commit By: tlyu



Revision: 20524
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/crypto/enc_provider/aes.c


From rt-comment at krbdev.mit.edu  Mon Jul 14 21:15:28 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 14 Jul 2008 21:15:28 -0400 (EDT)
Subject: [krbdev.mit.edu #5786] Update Release Documentation for KFW 3.2.2 
In-Reply-To: <rt-5786@krbdev.mit.edu>
Message-ID: <rt-5786-27432.19.1613508559476@krbdev.mit.edu>

KFW 3.2.2 was shipped without this ticket being updated.


From rt-comment at krbdev.mit.edu  Tue Jul 15 13:26:46 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 15 Jul 2008 13:26:46 -0400 (EDT)
Subject: [krbdev.mit.edu #5895] mutex locking issues in memory ccaches 
In-Reply-To: <rt-5895@krbdev.mit.edu>
Message-ID: <rt-5895-27442.0.127801019569134@krbdev.mit.edu>

Looks good to me, Jeff, please go ahead check it in...

I don't know if Tom will want it for 1.6.4, but please mark it as ready for pullup, and he can 
make the call.

From rt-comment at krbdev.mit.edu  Tue Jul 15 13:32:14 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 15 Jul 2008 13:32:14 -0400 (EDT)
Subject: [krbdev.mit.edu #3499] race in replay cache file ownership  
In-Reply-To: <rt-3499@krbdev.mit.edu>
Message-ID: <rt-3499-27443.17.6361260434024@krbdev.mit.edu>

We should do the check after opening.

However, there are device files on some UNIX platforms where opening the file at all can have 
potentially undesirable effects.  So I think it's probably a good idea to keep the check before 
opening, as well.  (Though perhaps we want to use lstat, and make sure the replay cache "file" 
isn't actually a symlink.)

From rt-comment at krbdev.mit.edu  Tue Jul 15 14:07:16 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 15 Jul 2008 14:07:16 -0400 (EDT)
Subject: [krbdev.mit.edu #5839] fix krb5_string_to_keysalts() string
	processing infinite loop and default keysalt type 
In-Reply-To: <rt-5839@krbdev.mit.edu>
Message-ID: <rt-5839-27446.3.38379937050334@krbdev.mit.edu>

The first part looks like a no-brainer, go ahead...

I'm guessing the second part changes the software behavior from requiring the salt type to be 
explicitly given to defaulting to normal salt type?  I think it's probably okay, but I could imagine 
someone might think having the salt type explicit is a good thing, maybe.  And if it is a 
behavior change, there may be doc changes needed as well.

From rt-comment at krbdev.mit.edu  Tue Jul 15 14:09:08 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 15 Jul 2008 14:09:08 -0400 (EDT)
Subject: [krbdev.mit.edu #3499] race in replay cache file ownership  
In-Reply-To: <rt-3499@krbdev.mit.edu>
Message-ID: <rt-3499-27447.11.6209986401231@krbdev.mit.edu>

(And yes, I know the "before" test still has a race condition, but it's probably better than not 
doing it at all.)

From rt-comment at krbdev.mit.edu  Tue Jul 15 14:27:04 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 15 Jul 2008 14:27:04 -0400 (EDT)
Subject: [krbdev.mit.edu #6031] krb needs better realm lookup logic 
In-Reply-To: <rt-6031@krbdev.mit.edu>
Message-ID: <rt-6031-27449.7.51618941802334@krbdev.mit.edu>

Thanks.  The heuristic looks good.  Is there some specific reason you went with direct resolver 
calls, bypassing /etc/hosts and whatever else might be configured?

From rt-comment at krbdev.mit.edu  Tue Jul 15 15:57:56 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 15 Jul 2008 15:57:56 -0400 (EDT)
Subject: [krbdev.mit.edu #6032] SVN Commit 
In-Reply-To: <rt-6032@krbdev.mit.edu>
Message-ID: <rt-6032-27450.16.4817834792873@krbdev.mit.edu>


This ticket should end up in the "review" status.

Commit By: tlyu



Revision: 20526
Changed Files:
A   branches/commit-handler-test/bbb/


From rt-comment at krbdev.mit.edu  Tue Jul 15 17:43:43 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 15 Jul 2008 17:43:43 -0400 (EDT)
Subject: [krbdev.mit.edu #6033] SVN Commit 
In-Reply-To: <rt-6033@krbdev.mit.edu>
Message-ID: <rt-6033-27453.14.9994040288245@krbdev.mit.edu>


Helper function krb5_kdcrep2creds(), called from
krb5_get_cred_via_tkt(), should null its output pointer after freeing
allocated memory, to avoid returning an invalid pointer.


Commit By: tlyu



Revision: 20527
Changed Files:
_U  trunk/
U   trunk/src/lib/krb5/krb/gc_via_tkt.c


From rt-comment at krbdev.mit.edu  Tue Jul 15 19:58:54 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 15 Jul 2008 19:58:54 -0400 (EDT)
Subject: [krbdev.mit.edu #5947] FFM.EXAMPLE.ORG -> M.EXAMPLE.ORG broken 
In-Reply-To: <rt-5947@krbdev.mit.edu>
Message-ID: <rt-5947-27460.5.86298019333931@krbdev.mit.edu>

The supplied patch tests conditions which I think will always be true -- that the ccp-com_cdot 
and scp-com_sdot offsets are the same.  So I think it's really only breaking out of the loop when 
slen and/or clen are 1 and therefore about to be decremented to 0, which would break out of 
the loop, but only after the decrements of clen, slen, ccp, and scp.  The patch quits the loop 
without those decrements, which changes the code paths following that check for slen==0 or 
clen==0.

This causes a different result if the client and server realms supplied are the same (current 
code: return KRB5_NO_TKT_IN_RLM; with patch: walk up and down the realm tree).

It also causes different results if one realm is above or below the other in the hierarchy, e.g., 
A.EXAMPLE.COM and EXAMPLE.COM.

I've added a test script on the trunk that should exercise this code a bit...

From rt-comment at krbdev.mit.edu  Tue Jul 15 20:08:05 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 15 Jul 2008 20:08:05 -0400 (EDT)
Subject: [krbdev.mit.edu #3737] plugins support requires a Windows equivalent
	to opendir and friends 
In-Reply-To: <rt-3737@krbdev.mit.edu>
Message-ID: <rt-3737-27461.17.6004088355567@krbdev.mit.edu>

>  http://msdn.microsoft.com/library/en-us/dnucmg/html/UCMGch09.asp

For me that URL redirects to the "Unified Communications Developer Portal" page; that doesn't 
look quite right...

From rt-comment at krbdev.mit.edu  Tue Jul 15 20:14:12 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Tue, 15 Jul 2008 20:14:12 -0400 (EDT)
Subject: [krbdev.mit.edu #3737] plugins support requires a Windows
	equivalent to opendir and friends
In-Reply-To: <rt-3737@krbdev.mit.edu>
Message-ID: <rt-3737-27462.6.58814189549936@krbdev.mit.edu>

Ken Raeburn via RT wrote:
>>  http://msdn.microsoft.com/library/en-us/dnucmg/html/UCMGch09.asp
> 
> For me that URL redirects to the "Unified Communications Developer Portal" page; that doesn't 
> look quite right...

in other words, it has taken too long for someone to look at the link 
and MSFT redesigned their website.

I will try to figure out what page I was referring to and where it
got moved to





From rt-comment at krbdev.mit.edu  Wed Jul 16 03:47:56 2008
From: rt-comment at krbdev.mit.edu (Volker.Lendecke@SerNet.DE via RT)
Date: Wed, 16 Jul 2008 03:47:56 -0400 (EDT)
Subject: [krbdev.mit.edu #5947] FFM.EXAMPLE.ORG -> M.EXAMPLE.ORG broken
In-Reply-To: <rt-5947@krbdev.mit.edu>
Message-ID: <rt-5947-27463.2.43848854270233@krbdev.mit.edu>

On Tue, Jul 15, 2008 at 07:58:54PM -0400, Ken Raeburn via RT wrote:
> The supplied patch tests conditions which I think will always be true -- that the ccp-com_cdot 
> and scp-com_sdot offsets are the same.  So I think it's really only breaking out of the loop when 
> slen and/or clen are 1 and therefore about to be decremented to 0, which would break out of 
> the loop, but only after the decrements of clen, slen, ccp, and scp.  The patch quits the loop 
> without those decrements, which changes the code paths following that check for slen==0 or 
> clen==0.
> 
> This causes a different result if the client and server realms supplied are the same (current 
> code: return KRB5_NO_TKT_IN_RLM; with patch: walk up and down the realm tree).
> 
> It also causes different results if one realm is above or below the other in the hierarchy, e.g., 
> A.EXAMPLE.COM and EXAMPLE.COM.
> 
> I've added a test script on the trunk that should exercise this code a bit...

Sorry to reply by EMail, I don't see a way to comment on the
bug inside the trouble ticket system.

Thanks for looking at the bug. Are you saying that my patch
breaks other setups?

At my customer's site it does work, also for subrealms which
have different lengths in the subrealm part of EXAMPLE.COM.

Volker


From rt-comment at krbdev.mit.edu  Wed Jul 16 07:24:13 2008
From: rt-comment at krbdev.mit.edu (Mark.Phalan@Sun.Com via RT)
Date: Wed, 16 Jul 2008 07:24:13 -0400 (EDT)
Subject: [krbdev.mit.edu #6031] krb needs better realm lookup logic 
In-Reply-To: <rt-6031@krbdev.mit.edu>
Message-ID: <rt-6031-27464.4.99636836748309@krbdev.mit.edu>

[raeburn - Tue Jul 15 14:27:02 2008]:

> Thanks.  The heuristic looks good.  Is there some specific reason you
> went with direct resolver
> calls, bypassing /etc/hosts and whatever else might be configured?

The direct resolver calls will still use /etc/hosts (at least on Solaris).
On Solaris we only support Kerberos if DNS is used. I believe there may
have been issues with host resolution to get fully qualified domain
names when using NIS or NIS+ as a name service backend. I don't know if
the original reasons for only supporting DNS are still valid.


From rt-comment at krbdev.mit.edu  Wed Jul 16 12:10:47 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Wed, 16 Jul 2008 12:10:47 -0400 (EDT)
Subject: [krbdev.mit.edu #5947] FFM.EXAMPLE.ORG -> M.EXAMPLE.ORG broken
In-Reply-To: <rt-5947@krbdev.mit.edu>
Message-ID: <rt-5947-27465.15.5179431621398@krbdev.mit.edu>

On Jul 16, 2008, at 03:47, Volker.Lendecke at SerNet.DE via RT wrote:
> Sorry to reply by EMail, I don't see a way to comment on the
> bug inside the trouble ticket system.

It used to be allowed, but we got too much spam through the web  
forms.  Unless/until we find a way around that, this is how it's going  
to stay. :(

> Thanks for looking at the bug. Are you saying that my patch
> breaks other setups?

Yes, it appears that way.

> At my customer's site it does work, also for subrealms which
> have different lengths in the subrealm part of EXAMPLE.COM.

My tests that got wrong results were (and you can check them with the  
t_walk_rtree program in lib/krb5/krb, which you'll have to build  
explicitly if you haven't used "make check"):

from A.EXAMPLE.COM to EXAMPLE.COM or vice versa (with patch, went up  
to COM and back down)

from EXAMPLE.COM to EXAMPLE.COM (should've returned a specific error,  
instead went up to COM and back down)

Tom Yu has put together some code to replace part of the walk_rtree  
string processing, perhaps his version will be clearer, as well as  
correct. :-)  I haven't had a chance to try plugging it in yet though.

Ken


From rt-comment at krbdev.mit.edu  Wed Jul 16 16:21:48 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 16 Jul 2008 16:21:48 -0400 (EDT)
Subject: [krbdev.mit.edu #6034] rework gic_opt_ext to be more portable 
In-Reply-To: <rt-6034@krbdev.mit.edu>
Message-ID: <rt-6034-27467.17.7215897925313@krbdev.mit.edu>

krb5_gic_opt_ext is an opaque structure that is supposed to be
binary-compatible with krb5_get_init_creds_opt, but might not conform to
the C standard due to type punning.  Fix this by including a copy of
krb5_get_init_creds_opt as the first member of krb5_gic_opt and doing
all dependent changes.

From rt-comment at krbdev.mit.edu  Wed Jul 16 18:35:30 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 16 Jul 2008 18:35:30 -0400 (EDT)
Subject: [krbdev.mit.edu #5962] SVN Commit 
In-Reply-To: <rt-5962@krbdev.mit.edu>
Message-ID: <rt-5962-27472.9.90213089699203@krbdev.mit.edu>


Check return value from k5_mutex_lock() to partially mitigate some
assertion failures when mutexes get destroyed out from under us.


Commit By: tlyu



Revision: 20529
Changed Files:
_U  trunk/
U   trunk/src/lib/gssapi/mechglue/g_initialize.c
U   trunk/src/lib/krb5/ccache/cc_file.c
U   trunk/src/util/et/error_message.c


From rt-comment at krbdev.mit.edu  Wed Jul 16 19:01:50 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 16 Jul 2008 19:01:50 -0400 (EDT)
Subject: [krbdev.mit.edu #5962] SVN Commit 
In-Reply-To: <rt-5962@krbdev.mit.edu>
Message-ID: <rt-5962-27474.0.525807389824635@krbdev.mit.edu>


Fix indirection on assignment to minor status.


Commit By: tlyu



Revision: 20530
Changed Files:
_U  trunk/
U   trunk/src/lib/gssapi/mechglue/g_initialize.c


From rt-comment at krbdev.mit.edu  Wed Jul 16 19:02:03 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 16 Jul 2008 19:02:03 -0400 (EDT)
Subject: [krbdev.mit.edu #6028] SVN Commit 
In-Reply-To: <rt-6028@krbdev.mit.edu>
Message-ID: <rt-6028-27479.2.1940950870728@krbdev.mit.edu>


Apply patch from Mark Phalan to initialize progname before use.


Commit By: tlyu



Revision: 20531
Changed Files:
_U  trunk/
U   trunk/src/kadmin/dbutil/kdb5_util.c
U   trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c


From rt-comment at krbdev.mit.edu  Thu Jul 17 10:34:26 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 17 Jul 2008 10:34:26 -0400 (EDT)
Subject: [krbdev.mit.edu #3737] plugins support requires a Windows equivalent
	to opendir and friends 
In-Reply-To: <rt-3737@krbdev.mit.edu>
Message-ID: <rt-3737-27481.0.367355390158082@krbdev.mit.edu>

No pullup required for the commit because it predates the krb5-1.6
branch.  Leaving open for actual implementation.

From rt-comment at krbdev.mit.edu  Thu Jul 17 10:54:52 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 17 Jul 2008 10:54:52 -0400 (EDT)
Subject: [krbdev.mit.edu #6020] Application server side support for authdata
	generated by authdata plugins 
In-Reply-To: <rt-6020@krbdev.mit.edu>
Message-ID: <rt-6020-27483.17.6055972542505@krbdev.mit.edu>

The attached patch appears to be for the KDC support, not application
server support.

From rt-comment at krbdev.mit.edu  Thu Jul 17 11:02:49 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 17 Jul 2008 11:02:49 -0400 (EDT)
Subject: [krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp 
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27485.4.23034693271347@krbdev.mit.edu>

mkstemp() does not take file mode flags, so to get the correct file
permissions on the file, we need to either use umask() (not
thread-friendly) or fchmod().

From rt-comment at krbdev.mit.edu  Thu Jul 17 11:05:17 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Thu, 17 Jul 2008 11:05:17 -0400 (EDT)
Subject: [krbdev.mit.edu #6020] Application server side support for authdata
	generated by authdata plugins 
In-Reply-To: <rt-6020@krbdev.mit.edu>
Message-ID: <rt-6020-27486.15.9445305204378@krbdev.mit.edu>

diff -uNr -x '\*.orig\' -x '\*.rej\' -x '\*~\' Kerberos.orig/KerberosFramework/Kerberos5/Projects/gssapi_krb5.pbexp Kerberos/KerberosFramework/Kerberos5/Projects/gssapi_krb5.pbexp
--- Kerberos.orig/KerberosFramework/Kerberos5/Projects/gssapi_krb5.pbexp	2007-03-28 13:06:58.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Projects/gssapi_krb5.pbexp	2007-08-14 17:14:38.000000000 -0700
@@ -101,3 +101,9 @@
 _gss_krb5_set_allowable_enctypes
 _gss_krb5_export_lucid_sec_context
 _gss_krb5_free_lucid_sec_context
+#
+# Apple authdata if relevant 
+#
+    _apple_gss_krb5_export_authdata_if_relevant_context
+	_apple_gss_krb5_free_authdata_if_relevant
+#
diff -uNr -x '\*.orig\' -x '\*.rej\' -x '\*~\' Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/accept_sec_context.c Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/accept_sec_context.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/accept_sec_context.c	2007-03-28 13:07:44.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/accept_sec_context.c	2007-08-14 17:14:38.000000000 -0700
@@ -640,6 +640,11 @@
        goto fail;
    }
 
+   if ((code = krb5_copy_authdata(context, ticket->enc_part2->authorization_data, &ctx->apple_authdata_if_relevant))) {
+       major_status = GSS_S_FAILURE;
+       goto fail;
+   }
+   
    if ((code = krb5_copy_principal(context, authdat->client, &ctx->there))) {
        major_status = GSS_S_FAILURE;
        goto fail;
diff -uNr -x '\*.orig\' -x '\*.rej\' -x '\*~\' Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/delete_sec_context.c Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/delete_sec_context.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/delete_sec_context.c	2007-03-28 13:07:44.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/delete_sec_context.c	2007-08-14 17:14:38.000000000 -0700
@@ -93,6 +93,9 @@
    if (ctx->acceptor_subkey)
        krb5_free_keyblock(context, ctx->acceptor_subkey);
 
+   if (ctx->apple_authdata_if_relevant)
+		krb5_free_authdata(context, ctx->apple_authdata_if_relevant);
+
    if (ctx->auth_context) {
        if (ctx->cred_rcache)
 	   (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL);
diff -uNr -x '\*.orig\' -x '\*.rej\' -x '\*~\' Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/gssapiP_krb5.h Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/gssapiP_krb5.h
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/gssapiP_krb5.h	2007-03-28 13:07:44.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/gssapiP_krb5.h	2007-08-14 17:14:38.000000000 -0700
@@ -207,6 +207,7 @@
    krb5_keyblock *acceptor_subkey; /* CFX only */
    krb5_cksumtype acceptor_subkey_cksumtype;
    int cred_rcache;		/* did we get rcache from creds? */
+   krb5_authdata **apple_authdata_if_relevant; /* added by Apple for pac information */
 } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
 
 extern g_set kg_vdb;
@@ -675,6 +676,11 @@
 				     gss_ctx_id_t *context_handle,
 				     OM_uint32 version,
 				     void **kctx);
+OM_uint32 KRB5_CALLCONV
+apple_gss_krb5int_export_authdata_if_relevant_context(OM_uint32 *minor_status,
+				     gss_ctx_id_t *context_handle,
+				     OM_uint32 version,
+				     void **kctx);
 
 
 extern k5_mutex_t kg_kdc_flag_mutex;
diff -uNr -x '\*.orig\' -x '\*.rej\' -x '\*~\' Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/gssapi_err_krb5.et Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/gssapi_err_krb5.et
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/gssapi_err_krb5.et	2007-03-28 13:07:44.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/gssapi_err_krb5.et	2007-08-14 17:14:38.000000000 -0700
@@ -37,4 +37,5 @@
 error_code KG_EMPTY_CCACHE, "Credential cache is empty"
 error_code KG_NO_CTYPES, "Acceptor and Initiator share no checksum types"
 error_code KG_LUCID_VERSION, "Requested lucid context version not supported"
+error_code APPLE_KG_AUTHDATA_VERSION, "Requested authdata context version not supported"
 end
diff -uNr -x '\*.orig\' -x '\*.rej\' -x '\*~\' Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/gssapi_krb5.hin Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/gssapi_krb5.hin
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/gssapi_krb5.hin	2007-03-28 13:07:44.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/gssapi_krb5.hin	2007-08-14 17:14:38.000000000 -0700
@@ -152,6 +152,11 @@
 } gss_krb5_lucid_context_version_t;
 
 
+typedef struct apple_gss_krb5_authdata_if_relevant_key {
+OM_uint32	type;		/* key encryption type */
+OM_uint32	length;		/* length of key data */
+void *		data;		/* actual key data */
+} apple_gss_krb5_authdata_if_relevant;
 
 
 /* Alias for Heimdal compat. */
@@ -256,6 +261,52 @@
 				  OM_uint32 version,
 				  void **kctx);
 
+
+
+/*
+ * Returns a non-opaque (lucid) version of the internal context
+ * information.
+ *
+ * Note that context_handle must not be used again by the caller
+ * after this call.  The GSS implementation is free to release any
+ * resources associated with the original context.  It is up to the
+ * GSS implementation whether it returns pointers to existing data,
+ * or copies of the data.  The caller should treat the returned
+ * lucid context as read-only.
+ *
+ * The caller must call gss_krb5_free_lucid_context() to free
+ * the context and allocated resources when it is finished with it.
+ *
+ * 'version' is an integer indicating the highest version of lucid
+ * context understood by the caller.  The highest version
+ * understood by both the caller and the GSS implementation must
+ * be returned.  The caller can determine which version of the
+ * structure was actually returned by examining the version field
+ * of the returned structure.  gss_krb5_lucid_context_version_t
+ * may be used as a mask to examine the returned structure version.
+ *
+ * If there are no common versions, an error should be returned.
+ * (XXX Need error definition(s))
+ *
+ *
+ */
+
+OM_uint32 KRB5_CALLCONV
+apple_gss_krb5_export_authdata_if_relevant_context(OM_uint32 *minor_status,
+                  gss_ctx_id_t *context_handle,
+                  OM_uint32 version,
+                  void **kctx);
+
+/*
+* Frees the allocated storage associated with an
+* exported struct apple_gss_krb5_authdata_if_relevant.
+*/
+OM_uint32 KRB5_CALLCONV
+apple_gss_krb5_free_authdata_if_relevant(OM_uint32 *minor_status,
+void *kctx);
+
+
+
 /*
  * Frees the allocated storage associated with an
  * exported struct gss_krb5_lucid_context.
diff -uNr -x '\*.orig\' -x '\*.rej\' -x '\*~\' Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c	2007-08-14 17:14:13.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/krb5_gss_glue.c	2007-08-14 17:14:38.000000000 -0700
@@ -1105,6 +1105,27 @@
     return (major);
 }
 
+/* XXX need to delete mechglue ctx too */
+OM_uint32 KRB5_CALLCONV
+apple_gss_krb5_export_authdata_if_relevant_context(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t *context_handle,
+    OM_uint32 version,
+    void **kctx)
+{
+    gss_union_ctx_id_t uctx;
+
+    uctx = (gss_union_ctx_id_t)*context_handle;
+     /*
+     if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) &&
+ 	!g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type))
+ 	return GSS_S_BAD_MECH;
+     */
+    return apple_gss_krb5int_export_authdata_if_relevant_context(minor_status,
+ 						&uctx->internal_ctx_id,
+ 						version, kctx);
+ }
+
 OM_uint32 KRB5_CALLCONV
 gss_krb5_set_allowable_enctypes(
     OM_uint32 *minor_status, 
diff -uNr -x '\*.orig\' -x '\*.rej\' -x '\*~\' Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/lucid_context.c Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/lucid_context.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/lucid_context.c	2007-03-28 13:07:44.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/lib/gssapi/krb5/lucid_context.c	2007-08-14 17:42:19.000000000 -0700
@@ -54,6 +54,20 @@
     unsigned int version,
     void **out_ptr);
 
+static krb5_error_code
+apple_make_external_authdata_if_relevant(
+    krb5_gss_ctx_id_rec * gctx,
+    unsigned int version,
+    void **out_ptr);
+
+static krb5_error_code
+apple_copy_authdata_if_relevant_to_authdata_if_relevant_key(
+    krb5_authdata *k5data,
+    apple_gss_krb5_authdata_if_relevant **ldata);
+
+static void
+apple_gss_free_authdata_if_relevant(apple_gss_krb5_authdata_if_relevant *key);
+
 
 /*
  * Exported routines
@@ -130,6 +144,115 @@
     return(retval);
 }
 
+
+OM_uint32 KRB5_CALLCONV
+apple_gss_krb5int_export_authdata_if_relevant_context(
+    OM_uint32		*minor_status,
+    gss_ctx_id_t	*context_handle,
+    OM_uint32		version,
+    void		**kctx)
+{
+    krb5_error_code	kret = 0;
+    OM_uint32		retval;
+    krb5_gss_ctx_id_t	ctx;
+    void		*lctx = NULL;
+
+    /* Assume failure */
+    retval = GSS_S_FAILURE;
+    *minor_status = 0;
+
+    if (kctx)
+	*kctx = NULL;
+    else {
+	kret = EINVAL;
+    	goto error_out;
+    }
+
+    if (!kg_validate_ctx_id(*context_handle)) {
+	    kret = (OM_uint32) G_VALIDATE_FAILED;
+	    retval = GSS_S_NO_CONTEXT;
+	    goto error_out;
+    }
+	
+    ctx = (krb5_gss_ctx_id_t) *context_handle;
+    if (kret)
+	goto error_out;
+
+    /* Externalize a structure of the right version */
+    switch (version) {
+    case 1:
+	kret = apple_make_external_authdata_if_relevant((krb5_pointer)ctx,
+					      version, &lctx);
+        break;
+    default:
+	kret = (OM_uint32) APPLE_KG_AUTHDATA_VERSION;
+	break;
+    }
+
+    if (kret)
+	goto error_out;
+
+    /* Success!  Record the context and return the buffer */
+    if (! kg_save_lucidctx_id((void *)lctx)) {
+		kret = G_VALIDATE_FAILED;
+		goto error_out;
+    }
+    *kctx = lctx;
+    *minor_status = 0;
+    retval = GSS_S_COMPLETE;
+    return (retval);
+
+error_out:
+    if (*minor_status == 0) 
+	    *minor_status = (OM_uint32) kret;
+	if(kret == ENODATA)
+		retval = GSS_S_COMPLETE;
+    return(retval);
+}
+
+/*
+ * Frees the storage associated with an
+ * exported lucid context structure.
+ */
+OM_uint32 KRB5_CALLCONV
+apple_gss_krb5_free_authdata_if_relevant(
+			OM_uint32 *minor_status,
+			void *kctx)
+{
+    OM_uint32		retval;
+    krb5_error_code	kret = 0;
+	
+    /* Assume failure */
+    retval = GSS_S_FAILURE;
+    *minor_status = 0;
+	
+    if (!kctx) {
+		kret = EINVAL;
+		goto error_out;
+    }
+	
+    /* Verify pointer is valid lucid context */
+    if (! kg_validate_lucidctx_id(kctx)) {
+		kret = G_VALIDATE_FAILED;
+		goto error_out;
+    }
+	
+    apple_gss_free_authdata_if_relevant((apple_gss_krb5_authdata_if_relevant*)kctx);
+	
+    /* Success! */
+    (void)kg_delete_lucidctx_id(kctx);
+    *minor_status = 0;
+    retval = GSS_S_COMPLETE;
+	
+    return (retval);
+
+error_out:
+    if (*minor_status == 0) 
+	    *minor_status = (OM_uint32) kret;
+    return(retval);
+}
+
+
 /*
  * Frees the storage associated with an
  * exported lucid context structure.
@@ -253,6 +376,72 @@
 
 }
 
+static krb5_error_code
+apple_make_external_authdata_if_relevant(
+    krb5_gss_ctx_id_rec * gctx,
+    unsigned int version,
+    void **out_ptr)
+{
+    apple_gss_krb5_authdata_if_relevant *lctx = NULL;
+    krb5_error_code retval;
+	
+	if((gctx->apple_authdata_if_relevant != NULL) && (*(gctx->apple_authdata_if_relevant) != NULL)) {
+		if((retval = apple_copy_authdata_if_relevant_to_authdata_if_relevant_key(*(gctx->apple_authdata_if_relevant),&lctx)))
+			goto error_out;
+    }
+    else {
+		retval = ENODATA;
+		goto error_out;	/* XXX better error code? */
+    }
+    /* Success! */
+    *out_ptr = lctx;
+	
+    return 0;
+
+error_out:
+    if (lctx != NULL) {
+		apple_gss_free_authdata_if_relevant(lctx);
+    }
+    return retval;
+
+}
+
+
+/* Copy the contents of a krb5_authdata to a apple_gss_krb5_authdata_if_relevant structure */
+static krb5_error_code
+apple_copy_authdata_if_relevant_to_authdata_if_relevant_key(
+    krb5_authdata *k5data,
+    apple_gss_krb5_authdata_if_relevant **ldata)
+{
+	if(*ldata != NULL) {
+		apple_gss_free_authdata_if_relevant(*ldata);
+		*ldata = NULL;
+	}
+	
+    if (!k5data || !k5data->contents || k5data->length == 0)
+		return ENODATA;
+
+	unsigned int bufsize = sizeof(apple_gss_krb5_authdata_if_relevant);
+	apple_gss_krb5_authdata_if_relevant *authdataptr = NULL;
+
+    /* Allocate the structure */
+    if ((authdataptr = xmalloc(bufsize)) == NULL) {
+    	return ENOMEM;
+    }
+    memset(authdataptr, 0, sizeof(apple_gss_krb5_authdata_if_relevant));
+
+	if ((authdataptr->data = xmalloc(k5data->length)) == NULL) {
+		return ENOMEM;
+    }
+	memcpy(authdataptr->data,k5data->contents,k5data->length);
+	authdataptr->type = k5data->ad_type;
+	authdataptr->length = k5data->length;
+	
+	*ldata = authdataptr;
+    return 0;
+}
+
+
 /* Copy the contents of a krb5_keyblock to a gss_krb5_lucid_key_t structure */
 static krb5_error_code
 copy_keyblock_to_lucid_key(
@@ -307,3 +496,17 @@
 	ctx = NULL;
     }
 }
+
+/* Free any storage associated with a authdata_if_relevant structure */
+static void
+apple_gss_free_authdata_if_relevant(apple_gss_krb5_authdata_if_relevant *key)
+{
+    if (key!= NULL) {
+		if ((key->data!= NULL) && (key->length > 0)) {
+			memset(key->data, 0, key->length);
+			memset(key, 0, sizeof(apple_gss_krb5_authdata_if_relevant));
+		}
+		if(key->data != NULL)
+			xfree(key->data);
+    }
+}


From rt-comment at krbdev.mit.edu  Thu Jul 17 11:44:55 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 17 Jul 2008 11:44:55 -0400 (EDT)
Subject: [krbdev.mit.edu #6030] SVN Commit 
In-Reply-To: <rt-6030@krbdev.mit.edu>
Message-ID: <rt-6030-27491.7.12853081135357@krbdev.mit.edu>


Apply patch from Mark Phalan to correctly use progname instead of
argv[0].


Commit By: tlyu



Revision: 20532
Changed Files:
_U  trunk/
U   trunk/src/kadmin/dbutil/dump.c
U   trunk/src/kadmin/dbutil/kdb5_create.c
U   trunk/src/kadmin/dbutil/kdb5_destroy.c
U   trunk/src/kadmin/dbutil/kdb5_stash.c
U   trunk/src/kadmin/dbutil/kdb5_util.c
U   trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
U   trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
U   trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
U   trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
U   trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h


From rt-comment at krbdev.mit.edu  Thu Jul 17 15:31:09 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Thu, 17 Jul 2008 15:31:09 -0400 (EDT)
Subject: [krbdev.mit.edu #6018] Support for recovering from broken rcache 
In-Reply-To: <rt-6018@krbdev.mit.edu>
Message-ID: <rt-6018-27500.11.2103560233615@krbdev.mit.edu>

diff -Nur -x '*~' -x '*.orig' -x '*.rej' -x lha.mode1v3 -x lha.mode2v3 -x lha.pbxuser -x windows -x .DS_Store Kerberos.AEP-6.5a2.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c Kerberos.AEP-6.5a2/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c
--- Kerberos.AEP-6.5a2.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c	2008-07-13 13:38:42.000000000 +0100
+++ Kerberos.AEP-6.5a2/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.c	2008-07-13 14:46:04.000000000 +0100
@@ -65,9 +65,9 @@
 	return retval;
 
     /* First try to recover */
-    retval = krb5_rc_recover(kcontext, kdc_rcache);
+    retval = krb5_rc_recover_or_initialize(kcontext, kdc_rcache, kcontext->clockskew);
     if (retval) {
-	/* Either the cache is malformated or not there, lets remove
+	/* The cache is malformated ?, lets remove
 	   it first and then initialize it */
 	retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname);
 	if (retval)


From rt-comment at krbdev.mit.edu  Thu Jul 17 19:40:44 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 17 Jul 2008 19:40:44 -0400 (EDT)
Subject: [krbdev.mit.edu #6018] SVN Commit 
In-Reply-To: <rt-6018@krbdev.mit.edu>
Message-ID: <rt-6018-27536.7.07884672174508@krbdev.mit.edu>


In krb5_rc_io_creat(), unlink any existing rcache file before trying
to create a new rcache.  This allows better recovery from corrupt
rcache files.


Commit By: tlyu



Revision: 20536
Changed Files:
_U  trunk/
U   trunk/src/lib/krb5/rcache/rc_io.c


From rt-comment at krbdev.mit.edu  Thu Jul 17 20:18:30 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 17 Jul 2008 20:18:30 -0400 (EDT)
Subject: [krbdev.mit.edu #6002] SVN Commit 
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27538.13.6743705401411@krbdev.mit.edu>


Make krb5_rc_io_creat() use mkstemp.


Commit By: tlyu



Revision: 20537
Changed Files:
_U  trunk/
U   trunk/src/lib/krb5/rcache/rc_io.c


From rt-comment at krbdev.mit.edu  Thu Jul 17 20:47:57 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Thu, 17 Jul 2008 20:47:57 -0400 (EDT)
Subject: [krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp 
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27539.0.0123977007292808@krbdev.mit.edu>

On Jul 17, 2008, at 11:02, Tom Yu via RT wrote:
> mkstemp() does not take file mode flags, so to get the correct file
> permissions on the file, we need to either use umask() (not
> thread-friendly) or fchmod().

With fchmod, we would have a race condition where some other party  
could open the file after it was created but before the fchmod call.   
In the normal UNIX model, fchmod does not revoke access to an already  
opened file.


From rt-comment at krbdev.mit.edu  Thu Jul 17 23:08:46 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 17 Jul 2008 23:08:46 -0400 (EDT)
Subject: [krbdev.mit.edu #6002] SVN Commit 
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27541.15.6849356608679@krbdev.mit.edu>


Revert due to potential file modes race condition.


Commit By: tlyu



Revision: 20538
Changed Files:
_U  trunk/
U   trunk/src/lib/krb5/rcache/rc_io.c


From rt-comment at krbdev.mit.edu  Thu Jul 17 23:09:00 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 17 Jul 2008 23:09:00 -0400 (EDT)
Subject: [krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27542.10.5295830551947@krbdev.mit.edu>

"Ken Raeburn via RT" <rt-comment at krbdev.mit.edu> writes:

> With fchmod, we would have a race condition where some other party  
> could open the file after it was created but before the fchmod call.   
> In the normal UNIX model, fchmod does not revoke access to an already  
> opened file.

Ok, so this is a case where using mkstemp() is clearly less safe.
What should we do?  tmpnam() and open(O_CREAT|O_EXCL)?  Some
development environments are evolving toward warning about uses of
mktemp(), which is similar to tmpnam(), so they may also flag uses of
tmpnam().

We could use umask(), but while we could lock around it, we could not
guarantee that the application would not call umask() outside of our
locks.

I'm going to revert this change for now.


From rt-comment at krbdev.mit.edu  Thu Jul 17 23:24:07 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Thu, 17 Jul 2008 23:24:07 -0400 (EDT)
Subject: [krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27544.1.51272854748598@krbdev.mit.edu>

On Jul 17, 2008, at 23:09, Tom Yu via RT wrote:
> Ok, so this is a case where using mkstemp() is clearly less safe.
> What should we do?  tmpnam() and open(O_CREAT|O_EXCL)?  Some
> development environments are evolving toward warning about uses of
> mktemp(), which is similar to tmpnam(), so they may also flag uses of
> tmpnam().

Coming up with names not already taken isn't all that hard, it just  
requires setting up a loop and having a reasonably large space of  
names to work through.  With a large enough namespace and a halfway  
decent PRNG, we ought to be able to find an unused name in one or two  
tries, actually: dir + "/krb5_RC" + base64(random).

Do we have this sort of thing happening elsewhere, such that a utility  
function mkstemp_mode_0600 would help?

Ken


From rt-comment at krbdev.mit.edu  Thu Jul 17 23:53:18 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 17 Jul 2008 23:53:18 -0400 (EDT)
Subject: [krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27545.10.9037901420559@krbdev.mit.edu>

"Ken Raeburn via RT" <rt-comment at krbdev.mit.edu> writes:

> Coming up with names not already taken isn't all that hard, it just  
> requires setting up a loop and having a reasonably large space of  
> names to work through.  With a large enough namespace and a halfway  
> decent PRNG, we ought to be able to find an unused name in one or two  
> tries, actually: dir + "/krb5_RC" + base64(random).

We already have a mkstemp() replacement in the tree, it seems, but
only use it when the system does not already have mkstemp().

> Do we have this sort of thing happening elsewhere, such that a utility  
> function mkstemp_mode_0600 would help?

It looks like recent BSD-derived implementations of mkstemp() use mode
0600, but POSIX does not guarantee this.  We could call mkstemp() and
then fstat() to make sure we got the modes we expect, and if we get
modes we do not expect, fall back on something more irritating.  (Or
do autoconf run-time tests to see if mkstemp() is sane, but I'd rather
not do run-time tests.)


From rt-comment at krbdev.mit.edu  Fri Jul 18 01:39:20 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Fri, 18 Jul 2008 01:39:20 -0400 (EDT)
Subject: [krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27546.1.04226324688128@krbdev.mit.edu>

On Jul 17, 2008, at 23:53, Tom Yu via RT wrote:
> It looks like recent BSD-derived implementations of mkstemp() use mode
> 0600, but POSIX does not guarantee this.  We could call mkstemp() and
> then fstat() to make sure we got the modes we expect, and if we get
> modes we do not expect, fall back on something more irritating.  (Or
> do autoconf run-time tests to see if mkstemp() is sane, but I'd rather
> not do run-time tests.)

If we need to have the fallback code anyways, what's the benefit in  
trying mkstemp+fstat?

Ken


From rt-comment at krbdev.mit.edu  Fri Jul 18 02:45:52 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Fri, 18 Jul 2008 02:45:52 -0400 (EDT)
Subject: [krbdev.mit.edu #6019] SVN Commit 
In-Reply-To: <rt-6019@krbdev.mit.edu>
Message-ID: <rt-6019-27547.19.8554582482418@krbdev.mit.edu>


On systems with struct rt_msghdr, open a routing socket and wait for
messages; when they come in, if the types suggest a possibility of
network interface reconfiguration, shut down the KDC's networking and
bring it back up again, rescanning the interfaces in the process.

Leaving the ticket open because it should be improved:
 * It should only close down sockets on addresses we no longer have, and
   bring up sockets only on new addresses.
 * If we have IPV6_PKTINFO support, it should only listen for IPv4
   routing changes.
 * If we also have IP_PKTINFO support, it shouldn't be used at all.
 * If we build a KDC on a system with neither struct rt_msghdr nor
   IP_PKTINFO (do we have any such?), we'll need another solution.

Thanks to Nico Williams for the routing socket suggestion, and Apple
for the initial (signal-driven) reconfiguration code.
Commit By: raeburn



Revision: 20540
Changed Files:
U   trunk/src/configure.in
U   trunk/src/kdc/network.c


From rt-comment at krbdev.mit.edu  Fri Jul 18 14:59:56 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 18 Jul 2008 14:59:56 -0400 (EDT)
Subject: [krbdev.mit.edu #6002] SVN Commit 
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27549.19.9537343399813@krbdev.mit.edu>


Use mkstemp(), and fstat() the file to make sure that the mkstemp()
implementation is setting sane file modes.


Commit By: tlyu



Revision: 20543
Changed Files:
_U  trunk/
U   trunk/src/lib/krb5/rcache/rc_io.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 12:07:58 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 21 Jul 2008 12:07:58 -0400 (EDT)
Subject: [krbdev.mit.edu #6018] SVN Commit 
In-Reply-To: <rt-6018@krbdev.mit.edu>
Message-ID: <rt-6018-27559.15.2453866608655@krbdev.mit.edu>


pull up r20536 from trunk

 r20536 at cathode-dark-space:  tlyu | 2008-07-17 19:40:32 -0400
 ticket: 6018
 target_version: 1.6.4
 tags: pullup
 
 In krb5_rc_io_creat(), unlink any existing rcache file before trying
 to create a new rcache.  This allows better recovery from corrupt
 rcache files.
 
 


Commit By: tlyu



Revision: 20547
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/krb5/rcache/rc_io.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 12:08:14 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 21 Jul 2008 12:08:14 -0400 (EDT)
Subject: [krbdev.mit.edu #6028] SVN Commit 
In-Reply-To: <rt-6028@krbdev.mit.edu>
Message-ID: <rt-6028-27562.19.4719134791037@krbdev.mit.edu>


pull up r20531 from trunk

 r20531 at cathode-dark-space:  tlyu | 2008-07-16 19:01:54 -0400
 ticket: 6028
 target_version: 1.6.4
 tags: pullup
 
 Apply patch from Mark Phalan to initialize progname before use.
 
 


Commit By: tlyu



Revision: 20548
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/kadmin/dbutil/kdb5_util.c
U   branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 12:08:27 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 21 Jul 2008 12:08:27 -0400 (EDT)
Subject: [krbdev.mit.edu #6030] SVN Commit 
In-Reply-To: <rt-6030@krbdev.mit.edu>
Message-ID: <rt-6030-27565.5.39252021426613@krbdev.mit.edu>


pull up r20532 from trunk

 r20532 at cathode-dark-space:  tlyu | 2008-07-17 11:44:43 -0400
 ticket: 6030
 tags: pullup
 target_version: 1.6.4
 
 Apply patch from Mark Phalan to correctly use progname instead of
 argv[0].
 
 


Commit By: tlyu



Revision: 20549
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/kadmin/dbutil/dump.c
U   branches/krb5-1-6/src/kadmin/dbutil/kdb5_create.c
U   branches/krb5-1-6/src/kadmin/dbutil/kdb5_destroy.c
U   branches/krb5-1-6/src/kadmin/dbutil/kdb5_stash.c
U   branches/krb5-1-6/src/kadmin/dbutil/kdb5_util.c
U   branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
U   branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
U   branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
U   branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
U   branches/krb5-1-6/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h


From rt-comment at krbdev.mit.edu  Mon Jul 21 12:08:41 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 21 Jul 2008 12:08:41 -0400 (EDT)
Subject: [krbdev.mit.edu #6033] SVN Commit 
In-Reply-To: <rt-6033@krbdev.mit.edu>
Message-ID: <rt-6033-27568.14.1867325974842@krbdev.mit.edu>


pull up r20527 from trunk

 r20527 at cathode-dark-space:  tlyu | 2008-07-15 17:43:35 -0400
 ticket: new
 subject: krb5_get_cred_via_tkt() should null out_cred on errors
 tags: pullup
 target_version: 1.6.4
 component: krb5-libs
 
 Helper function krb5_kdcrep2creds(), called from
 krb5_get_cred_via_tkt(), should null its output pointer after freeing
 allocated memory, to avoid returning an invalid pointer.
 
 


Commit By: tlyu



Revision: 20550
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/krb5/krb/gc_via_tkt.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 13:51:45 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 13:51:45 -0400 (EDT)
Subject: [krbdev.mit.edu #5980] krb5_cc_default_name() can return NULL,
	but is passed directly to strcmp() (causing crash) 
In-Reply-To: <rt-5980@krbdev.mit.edu>
Message-ID: <rt-5980-27578.19.1330890138063@krbdev.mit.edu>

From: jaltman at mit.edu
Subject: SVN Commit


ccdefault.c:
krb5_cc_default_name() is permitted to return a NULL
pointer as a valid output.  Passing a NULL pointer to
strcmp() will result in an exception as NULL is not
a valid input parameter to strcmp().

Save the output of krb5_cc_default_name() to a variable
and modify the conditional to set the new default ccache
name in the case where there is no existing default
ccache name.


Commit By: jaltman



Revision: 20551
Changed Files:
U   trunk/src/lib/krb5/ccache/ccdefault.c

From rt-comment at krbdev.mit.edu  Mon Jul 21 14:11:33 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 14:11:33 -0400 (EDT)
Subject: [krbdev.mit.edu #5925] Windows socket(...) returns SOCKET,
	not file handle 
In-Reply-To: <rt-5925@krbdev.mit.edu>
Message-ID: <rt-5925-27582.18.4144112369219@krbdev.mit.edu>

[raeburn - Thu Jun 26 20:32:05 2008]:

> 
> Don't do FD_SETSIZE check on Windows.
> Also, for form's sake, use closesocket instead of close inside the check.
> 
> Kevin or Jeff, could you please verify that the code works again?
> Commit By: raeburn
> 
> 
> 
> Revision: 20479
> Changed Files:
> U   trunk/src/lib/krb5/os/sendto_kdc.c

This is correct.  

This fix is not required on the 1.6 branch so I am resolving the ticket.





From rt-comment at krbdev.mit.edu  Mon Jul 21 14:29:51 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon, 21 Jul 2008 14:29:51 -0400 (EDT)
Subject: [krbdev.mit.edu #5925] Windows socket(...) returns SOCKET,
	not file handle 
In-Reply-To: <rt-5925@krbdev.mit.edu>
Message-ID: <rt-5925-27585.3.11245196479788@krbdev.mit.edu>

Okay.  Thanks for checking.

Ken


From rt-comment at krbdev.mit.edu  Mon Jul 21 14:42:18 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon, 21 Jul 2008 14:42:18 -0400 (EDT)
Subject: [krbdev.mit.edu #6039] more cleanup needed on routing-socket code 
In-Reply-To: <rt-6039@krbdev.mit.edu>
Message-ID: <rt-6039-27586.5.65574862283498@krbdev.mit.edu>

Revision 20552 reduces the buffer space needed.

Still to do:

Don't monitor IPv6 routing changes if we have IPV6_PKTINFO support.

Don't monitor routing changes at all if we have IPV6_PKTINFO and IP_PKTINFO support.

Only close down sockets on addresses we no longer have; only set up new sockets on addresses 
we didn't have before.

Log a warning if we don't have struct rt_msghdr nor IP_PKTINFO.

From rt-comment at krbdev.mit.edu  Mon Jul 21 14:44:07 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon, 21 Jul 2008 14:44:07 -0400 (EDT)
Subject: [krbdev.mit.edu #6019] Add signal to force KDC to check for changed
	interfaces 
In-Reply-To: <rt-6019@krbdev.mit.edu>
Message-ID: <rt-6019-27589.7.64117248798527@krbdev.mit.edu>

Basic problem should be addressed (at least on our main OSes) by the patch checked in.

Ticket 6039 addresses some desirable refinements and cleanup.

From rt-comment at krbdev.mit.edu  Mon Jul 21 14:45:35 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon, 21 Jul 2008 14:45:35 -0400 (EDT)
Subject: [krbdev.mit.edu #6039] more cleanup needed on routing-socket code 
In-Reply-To: <rt-6039@krbdev.mit.edu>
Message-ID: <rt-6039-27590.5.22158643330471@krbdev.mit.edu>

Oh yeah: Quiet down some more of the debug messages, particularly when reporting messages 
we don't care about.

From rt-comment at krbdev.mit.edu  Mon Jul 21 14:48:10 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 14:48:10 -0400 (EDT)
Subject: [krbdev.mit.edu #6040] SVN Commit 
In-Reply-To: <rt-6040@krbdev.mit.edu>
Message-ID: <rt-6040-27591.12.5203171286946@krbdev.mit.edu>


All of the other libraries on Windows have fixed assignments
of ordinals to the exported functions.  Assign the ordinals 
that were in use in the last public release, kfw 3.2.2, so 
that they will remain constant into the future in case additional
exports are added to the library.


Commit By: jaltman



Revision: 20553
Changed Files:
U   trunk/src/lib/comerr32.def


From rt-comment at krbdev.mit.edu  Mon Jul 21 15:20:12 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 15:20:12 -0400 (EDT)
Subject: [krbdev.mit.edu #3737] SVN Commit 
In-Reply-To: <rt-3737@krbdev.mit.edu>
Message-ID: <rt-3737-27597.5.45239803923572@krbdev.mit.edu>


An implementation of opendir() and friends for _WIN32
plus an implementation of the plugin support that makes
use of them.


Commit By: jaltman



Revision: 20554
Changed Files:
U   trunk/src/util/support/plugins.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 15:21:18 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 15:21:18 -0400 (EDT)
Subject: [krbdev.mit.edu #3737] plugins support requires a Windows equivalent
	to opendir and friends 
In-Reply-To: <rt-3737@krbdev.mit.edu>
Message-ID: <rt-3737-27598.19.3243021349369@krbdev.mit.edu>

There will be conflicts when this is pulled up to 1.6



From rt-comment at krbdev.mit.edu  Mon Jul 21 15:43:29 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 15:43:29 -0400 (EDT)
Subject: [krbdev.mit.edu #5895] SVN Commit 
In-Reply-To: <rt-5895@krbdev.mit.edu>
Message-ID: <rt-5895-27602.14.1666130682668@krbdev.mit.edu>


There are two mutex locking issues that Roland Dowdeswell noticed in 
the memory ccache.  The first one is in cc_memory.c:krb5_mcc_initialize(). 
When it is free(3)ing the existing credentials it does not lock the 
data structures and hence two separate threads can run into issues.

The same problem exists in cc_memory.c:krb5_mcc_destroy().


Commit By: jaltman



Revision: 20555
Changed Files:
U   trunk/src/lib/krb5/ccache/cc_memory.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 16:30:53 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 16:30:53 -0400 (EDT)
Subject: [krbdev.mit.edu #5839] SVN Commit 
In-Reply-To: <rt-5839@krbdev.mit.edu>
Message-ID: <rt-5839-27606.11.2461588818794@krbdev.mit.edu>


krb5_string_to_keysalts()
  Fix an infinite loop in the parsing of 'kp' 


Commit By: jaltman



Revision: 20557
Changed Files:
U   trunk/src/lib/kadm5/str_conv.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 16:34:02 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 16:34:02 -0400 (EDT)
Subject: [krbdev.mit.edu #5840] SVN Commit 
In-Reply-To: <rt-5840@krbdev.mit.edu>
Message-ID: <rt-5840-27610.1.42659679597521@krbdev.mit.edu>


kadm5_decrypt_key(). This patch prevents the returned keyblock's 
enctype from being coerced to the requested 'ktype' if the requested 
'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored".


Commit By: jaltman



Revision: 20558
Changed Files:
U   trunk/src/lib/kadm5/srv/svr_principal.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 16:47:44 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 16:47:44 -0400 (EDT)
Subject: [krbdev.mit.edu #5442] SVN Commit 
In-Reply-To: <rt-5442@krbdev.mit.edu>
Message-ID: <rt-5442-27614.1.749329628258@krbdev.mit.edu>


This patch addresses the issues raised in this ticket and ticket 5936.

(a) In the case where 'cred_handle' != 'verifier_cred_handle'[1]
krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success
case and the failure cases that result in returning from the function
prior to reaching the end of the function.

(b) The meaningful 'minor_status' return value is destroyed during the
cleanup operations.

The approach taken is to add a new 'exit:' label prior to the end of the
function through which all function returns after reaching the 'fail:'
label will goto.  After 'exit:', the 'cred_handle' will be released and
if there is a krb5_context 'context' to be freed, the error info will be
saved and krb5_free_context() will be called.

In the success case, the krb5_context is saved in the gss context and we
now set 'context' to NULL to prevent it from being freed.

In order to preserve the minor_status return code, a 'tmp_minor_status'
variable is added that is used after the 'fail:' label in calls to
krb5_gss_delete_sec_context() and krb5_gss_release_cred().


[1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to
the value of 'verifier_cred_handle'.




Commit By: jaltman



Revision: 20559
Changed Files:
U   trunk/src/lib/gssapi/krb5/accept_sec_context.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 16:49:11 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 16:49:11 -0400 (EDT)
Subject: [krbdev.mit.edu #5442] memory leak in gss_accept_sec_context() 
In-Reply-To: <rt-5442@krbdev.mit.edu>
Message-ID: <rt-5442-27615.13.5566186841051@krbdev.mit.edu>

update 5936 after review.


From rt-comment at krbdev.mit.edu  Mon Jul 21 16:50:54 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 16:50:54 -0400 (EDT)
Subject: [krbdev.mit.edu #5936] gss_accept_sec_context() returns minor_status
	== 0 if arg3 == GSS_C_NO_CREDENTIAL 
In-Reply-To: <rt-5936@krbdev.mit.edu>
Message-ID: <rt-5936-27616.6.46900199993844@krbdev.mit.edu>

Copied from 5442

From: jaltman at mit.edu
Subject: SVN Commit


This patch addresses the issues raised in this ticket and ticket 5936.

(a) In the case where 'cred_handle' != 'verifier_cred_handle'[1]
krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success
case and the failure cases that result in returning from the function
prior to reaching the end of the function.

(b) The meaningful 'minor_status' return value is destroyed during the
cleanup operations.

The approach taken is to add a new 'exit:' label prior to the end of the
function through which all function returns after reaching the 'fail:'
label will goto.  After 'exit:', the 'cred_handle' will be released and
if there is a krb5_context 'context' to be freed, the error info will be
saved and krb5_free_context() will be called.

In the success case, the krb5_context is saved in the gss context and we
now set 'context' to NULL to prevent it from being freed.

In order to preserve the minor_status return code, a 'tmp_minor_status'
variable is added that is used after the 'fail:' label in calls to
krb5_gss_delete_sec_context() and krb5_gss_release_cred().


[1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to
the value of 'verifier_cred_handle'.




Commit By: jaltman



Revision: 20559
Changed Files:
U   trunk/src/lib/gssapi/krb5/accept_sec_context.c

From rt-comment at krbdev.mit.edu  Mon Jul 21 16:59:41 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon, 21 Jul 2008 16:59:41 -0400 (EDT)
Subject: [krbdev.mit.edu #5980] SVN Commit 
In-Reply-To: <rt-5980@krbdev.mit.edu>
Message-ID: <rt-5980-27617.10.4322188122412@krbdev.mit.edu>


Another check for null return from krb5_cc_default_name.
Commit By: raeburn



Revision: 20561
Changed Files:
U   trunk/src/lib/krb5/ccache/ccdefault.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 17:07:05 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 17:07:05 -0400 (EDT)
Subject: [krbdev.mit.edu #6041] WIN32 SOCKET != int in gss lib 
In-Reply-To: <rt-6041@krbdev.mit.edu>
Message-ID: <rt-6041-27618.3.17562898920251@krbdev.mit.edu>

A WIN32 SOCKET is a HANDLE type and is not equivalent in size to an
'int'.   Windows SOCKET values frequently exceed MAX_INT and become
truncated.  

convert all references to SOCKET and use closesocket() to release the
them instead of the C Runtime Library close() which only applies to file
descriptors.

Proposed patch attached.



From rt-comment at krbdev.mit.edu  Mon Jul 21 17:52:20 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon, 21 Jul 2008 17:52:20 -0400 (EDT)
Subject: [krbdev.mit.edu #6018] Support for recovering from broken rcache 
In-Reply-To: <rt-6018@krbdev.mit.edu>
Message-ID: <rt-6018-27621.18.0635082697037@krbdev.mit.edu>

Should this ticket also include the change to src/kdc/kdc_util.c or 
should I open a new ticket for that change?

From rt-comment at krbdev.mit.edu  Mon Jul 21 18:02:42 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 21 Jul 2008 18:02:42 -0400 (EDT)
Subject: [krbdev.mit.edu #6018] Support for recovering from broken rcache
In-Reply-To: <rt-6018@krbdev.mit.edu>
Message-ID: <rt-6018-27622.16.476003761072@krbdev.mit.edu>

"Alexandra Ellwood via RT" <rt-comment at krbdev.mit.edu> writes:

> Should this ticket also include the change to src/kdc/kdc_util.c or 
> should I open a new ticket for that change?

The changes to src/kdc/kdc_util.c are (mostly) redundant because it
the kdc_util.c code explicitly does a krb5_rc_recover() followed by
krb5_rc_initialize() if that fails, which is almost exactly what
krb5_rc_recover_or_initialize() does.

If you would like to introduce a change to use recover_or_initialize
for stylistic reasons, feel free to open a new ticket for that.


From rt-comment at krbdev.mit.edu  Mon Jul 21 18:36:18 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 21 Jul 2008 18:36:18 -0400 (EDT)
Subject: [krbdev.mit.edu #5839] fix krb5_string_to_keysalts() string
	processing infinite loop and default keysalt type 
In-Reply-To: <rt-5839@krbdev.mit.edu>
Message-ID: <rt-5839-27624.18.0100858946685@krbdev.mit.edu>

There will need to be a new separate ticket for the default keysalt type
issue if there is not already one.

From rt-comment at krbdev.mit.edu  Mon Jul 21 18:40:31 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon, 21 Jul 2008 18:40:31 -0400 (EDT)
Subject: [krbdev.mit.edu #6041] WIN32 SOCKET != int in gss and rpc libs 
In-Reply-To: <rt-6041@krbdev.mit.edu>
Message-ID: <rt-6041-27625.18.6396814937338@krbdev.mit.edu>

Proposed patch approved, with discussed changes to use SOCKET/closesocket unconditionally, 
anywhere but in the installed headers.  (Don't forget to make sure port-sockets.h is included.)

From rt-comment at krbdev.mit.edu  Mon Jul 21 18:54:28 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Mon, 21 Jul 2008 18:54:28 -0400 (EDT)
Subject: [krbdev.mit.edu #6042] Do not permit salttype after a lookup to be
	assigned "Ignore salttype" 
In-Reply-To: <rt-6042@krbdev.mit.edu>
Message-ID: <rt-6042-27626.9.53577876616805@krbdev.mit.edu>

Index: str_conv.c
===================================================================
--- str_conv.c  (revision 20163)
+++ str_conv.c  (working copy)

@@ -346,6 +346,9 @@
                    krb5_xfree(savep);
                }
+                if (stype == -1)
+                    stype == KRB5_KDB_SALT_TYPETYPE_NORMAL;
+
                /* Save our values */
                (*ksaltp)[(*nksaltp)].ks_enctype = ktype;
                (*ksaltp)[(*nksaltp)].ks_salttype = stype;

Instead of setting the ks_salttype field to -1 which is an invalid
salttype, we default to using the normal salt type instead.



From rt-comment at krbdev.mit.edu  Mon Jul 21 18:59:24 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 21 Jul 2008 18:59:24 -0400 (EDT)
Subject: [krbdev.mit.edu #5839] SVN Commit 
In-Reply-To: <rt-5839@krbdev.mit.edu>
Message-ID: <rt-5839-27634.19.4567762835165@krbdev.mit.edu>


pull up r20557 from trunk

 r20557 at cathode-dark-space:  jaltman | 2008-07-21 16:30:44 -0400
 ticket: 5839
 tags: pullup
 
 krb5_string_to_keysalts()
   Fix an infinite loop in the parsing of 'kp' 
 
 


Commit By: tlyu



Revision: 20563
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/kadm5/str_conv.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 18:59:35 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 21 Jul 2008 18:59:35 -0400 (EDT)
Subject: [krbdev.mit.edu #5980] SVN Commit 
In-Reply-To: <rt-5980@krbdev.mit.edu>
Message-ID: <rt-5980-27635.7.89554755280072@krbdev.mit.edu>


pull up r20551 from trunk

 r20551 at cathode-dark-space:  jaltman | 2008-07-21 13:44:43 -0400
 ticket: 5080
 tags: pullup
 
 ccdefault.c:
 krb5_cc_default_name() is permitted to return a NULL
 pointer as a valid output.  Passing a NULL pointer to
 strcmp() will result in an exception as NULL is not
 a valid input parameter to strcmp().
 
 Save the output of krb5_cc_default_name() to a variable
 and modify the conditional to set the new default ccache
 name in the case where there is no existing default 
 ccache name.
 
 


Commit By: tlyu



Revision: 20564
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/krb5/ccache/ccdefault.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 18:59:48 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 21 Jul 2008 18:59:48 -0400 (EDT)
Subject: [krbdev.mit.edu #5980] SVN Commit 
In-Reply-To: <rt-5980@krbdev.mit.edu>
Message-ID: <rt-5980-27638.5.82041638514305@krbdev.mit.edu>


pull up r20561 from trunk
(includes unrelated cleanup of dead assignment)

 r20561 at cathode-dark-space:  raeburn | 2008-07-21 16:59:24 -0400
 ticket: 5980
 
 Another check for null return from krb5_cc_default_name.


Commit By: tlyu



Revision: 20565
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/krb5/ccache/ccdefault.c


From rt-comment at krbdev.mit.edu  Mon Jul 21 18:59:10 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon, 21 Jul 2008 18:59:10 -0400 (EDT)
Subject: [krbdev.mit.edu #5895] SVN Commit 
In-Reply-To: <rt-5895@krbdev.mit.edu>
Message-ID: <rt-5895-27631.14.65068007896@krbdev.mit.edu>


pull up r20555 from trunk

 r20555 at cathode-dark-space:  jaltman | 2008-07-21 15:43:21 -0400
 ticket: 5895
 tags: pullup
 
 There are two mutex locking issues that Roland Dowdeswell noticed in 
 the memory ccache.  The first one is in cc_memory.c:krb5_mcc_initialize(). 
 When it is free(3)ing the existing credentials it does not lock the 
 data structures and hence two separate threads can run into issues.
 
 The same problem exists in cc_memory.c:krb5_mcc_destroy().
 
 


Commit By: tlyu



Revision: 20562
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/krb5/ccache/cc_memory.c


From rt-comment at krbdev.mit.edu  Tue Jul 22 15:16:03 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 22 Jul 2008 15:16:03 -0400 (EDT)
Subject: [krbdev.mit.edu #5962] SVN Commit 
In-Reply-To: <rt-5962@krbdev.mit.edu>
Message-ID: <rt-5962-27641.15.1452156909024@krbdev.mit.edu>


A step towards ensuring we check mutex lock attempt results...

Always use inline function k5_mutex_lock_1 instead of gcc statement
expression, even under gcc.

Under gcc 4, declane k5_mutex_lock_1 and krb5int_mutex_lock with attribute
warn_unused_result.

In k5_mutex_destroy macro, only store destroy code source+line if we succeed
in temporarily locking the mutex.
Commit By: raeburn



Revision: 20566
Changed Files:
U   trunk/src/include/k5-thread.h


From rt-comment at krbdev.mit.edu  Tue Jul 22 15:34:32 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue, 22 Jul 2008 15:34:32 -0400 (EDT)
Subject: [krbdev.mit.edu #5962] SVN Commit 
In-Reply-To: <rt-5962@krbdev.mit.edu>
Message-ID: <rt-5962-27643.9.55710589031035@krbdev.mit.edu>


Catch a few more cases of unchecked k5_mutex_lock calls.
Commit By: raeburn



Revision: 20567
Changed Files:
U   trunk/src/lib/krb5/keytab/kt_file.c
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
U   trunk/src/util/support/errors.c


From rt-comment at krbdev.mit.edu  Tue Jul 22 15:56:17 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Tue, 22 Jul 2008 15:56:17 -0400 (EDT)
Subject: [krbdev.mit.edu #6044] SVN Commit 
In-Reply-To: <rt-6044@krbdev.mit.edu>
Message-ID: <rt-6044-27647.15.6742746576881@krbdev.mit.edu>


Commit By: lxs



Revision: 20568
Changed Files:
U   trunk/README
U   trunk/doc/copyright.texinfo


From rt-comment at krbdev.mit.edu  Tue Jul 22 18:28:38 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Tue, 22 Jul 2008 18:28:38 -0400 (EDT)
Subject: [krbdev.mit.edu #6041] WIN32 SOCKET != int in gss and rpc libs 
In-Reply-To: <rt-6041@krbdev.mit.edu>
Message-ID: <rt-6041-27656.9.23784906993731@krbdev.mit.edu>

[raeburn - Mon Jul 21 18:40:28 2008]:

> Proposed patch approved, with discussed changes to use
> SOCKET/closesocket unconditionally,
> anywhere but in the installed headers.  (Don't forget to make sure
> port-sockets.h is included.)

When you get an opportunity please try the attached patch,
rt6041-gssrpc-socket-2.patch

Thank you.


From rt-comment at krbdev.mit.edu  Wed Jul 23 10:38:39 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Wed, 23 Jul 2008 10:38:39 -0400 (EDT)
Subject: [krbdev.mit.edu #5605] SVN Commit 
In-Reply-To: <rt-5605@krbdev.mit.edu>
Message-ID: <rt-5605-27678.12.0742367169102@krbdev.mit.edu>


cw_handle_header_msg():

The behavior of the HDN_ENDTRACK notification has changed slightly on
Vista.  HDM_GETITEMRECT, when used while handling HDN_ENDTRACK, returns
the item extents that were there prior to the user starting the resizing
operation.  Earlier it would return the extents that resulted from the
resizing operation.

This resulted in a visual update problem on Windows Vista/2008
in the NIM Advanced View.



Commit By: jaltman



Revision: 20570
Changed Files:
U   trunk/src/windows/identity/ui/credwnd.c


From rt-comment at krbdev.mit.edu  Wed Jul 23 10:44:59 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Wed, 23 Jul 2008 10:44:59 -0400 (EDT)
Subject: [krbdev.mit.edu #6046] SVN Commit 
In-Reply-To: <rt-6046@krbdev.mit.edu>
Message-ID: <rt-6046-27687.13.6939903356349@krbdev.mit.edu>


 	

The /src/windows/identity/plugins/common/dynimport.{c,h} files are used
by the NIM Kerberos v5 plug-ins for run-time dynamic linking.  They
currently do not declare or import the following functions:

krb5_get_error_message()
krb5_free_error_message()
krb5_clear_error_message()

This patch adds declarations and definitions required for locating these
functions.  Relies on the addition of these functions to the prototype
list in the Pismere loadfuncs-krb5.h.  See ticket 6045.



Commit By: jaltman



Revision: 20571
Changed Files:
U   trunk/src/windows/identity/plugins/common/dynimport.c
U   trunk/src/windows/identity/plugins/common/dynimport.h


From rt-comment at krbdev.mit.edu  Wed Jul 23 11:09:24 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Wed, 23 Jul 2008 11:09:24 -0400 (EDT)
Subject: [krbdev.mit.edu #6047] SVN Commit 
In-Reply-To: <rt-6047@krbdev.mit.edu>
Message-ID: <rt-6047-27703.8.80189419335032@krbdev.mit.edu>


The NIM error reporting functions (in src/windows/identity/kherr ) keep
track of the the error message with the highest severity level that was
reported for a specific error reporting context.  However, if another
error message of the same severity is reported, the error message being
tracked will be updated to be the newly received error.

The user will often only be notified of the error message that was
tracked for a specific operation.  Therefore, tracking the last message
with the highest priority has the unfortunate side-effect of not
reporting the cause of a failure.

This patch changes the condition for updating the tracked error message
to be the first message with the highest severity.


Commit By: jaltman



Revision: 20573
Changed Files:
U   trunk/src/windows/identity/kherr/kherr.c


From rt-comment at krbdev.mit.edu  Wed Jul 23 11:54:57 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 23 Jul 2008 11:54:57 -0400 (EDT)
Subject: [krbdev.mit.edu #5442] memory leak in gss_accept_sec_context() 
In-Reply-To: <rt-5442@krbdev.mit.edu>
Message-ID: <rt-5442-27704.6.17977951224461@krbdev.mit.edu>

Having a goto label named "exit" is not robust.  While technically the C
standard only reserves library header-declared file scope identifiers at
file scope, and goto labels are not at file scope, it is still a bad
idea to name a goto label "exit".  Operating systems sometimes use
object-like macros to implement symbol renaming, even though that
practice is not formally permitted by the standard.

From rt-comment at krbdev.mit.edu  Wed Jul 23 12:03:47 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Wed, 23 Jul 2008 12:03:47 -0400 (EDT)
Subject: [krbdev.mit.edu #5442] SVN Commit 
In-Reply-To: <rt-5442@krbdev.mit.edu>
Message-ID: <rt-5442-27705.4.14560131805295@krbdev.mit.edu>


replace "exit" label with "done"


Commit By: jaltman



Revision: 20574
Changed Files:
U   trunk/src/lib/gssapi/krb5/accept_sec_context.c


From rt-comment at krbdev.mit.edu  Wed Jul 23 13:07:04 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 23 Jul 2008 13:07:04 -0400 (EDT)
Subject: [krbdev.mit.edu #5442] SVN Commit 
In-Reply-To: <rt-5442@krbdev.mit.edu>
Message-ID: <rt-5442-27706.9.79955839069838@krbdev.mit.edu>


Fix one missed rename of "exit" label to "done".


Commit By: tlyu



Revision: 20575
Changed Files:
_U  trunk/
U   trunk/src/lib/gssapi/krb5/accept_sec_context.c


From rt-comment at krbdev.mit.edu  Wed Jul 23 13:18:37 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Wed, 23 Jul 2008 13:18:37 -0400 (EDT)
Subject: [krbdev.mit.edu #6041] WIN32 SOCKET != int in gss and rpc libs 
In-Reply-To: <rt-6041@krbdev.mit.edu>
Message-ID: <rt-6041-27707.6.76916790254815@krbdev.mit.edu>

closesocket returns an int as close does.  If we're intentionally  
ignoring the return values, please keep the (void) casts, at least for  
now.

Why do you need to define INVALID_SOCKET in svc_udp.c?

Ken


From rt-comment at krbdev.mit.edu  Wed Jul 23 13:25:30 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Wed, 23 Jul 2008 13:25:30 -0400 (EDT)
Subject: [krbdev.mit.edu #6041] WIN32 SOCKET != int in gss and rpc libs
In-Reply-To: <rt-6041@krbdev.mit.edu>
Message-ID: <rt-6041-27708.15.0076026242639@krbdev.mit.edu>

Ken Raeburn via RT wrote:
> closesocket returns an int as close does.  If we're intentionally  
> ignoring the return values, please keep the (void) casts, at least for  
> now.

sure although I don't understand why ignoring that return value should 
be treated specially.

> Why do you need to define INVALID_SOCKET in svc_udp.c?

INVALID_SOCKET is a special value on Windows which is architecture 
dependent.  Is INVALID_SOCKET defined somewhere else for Unix?




From rt-comment at krbdev.mit.edu  Wed Jul 23 14:40:13 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Wed, 23 Jul 2008 14:40:13 -0400 (EDT)
Subject: [krbdev.mit.edu #6041] WIN32 SOCKET != int in gss and rpc libs 
In-Reply-To: <rt-6041@krbdev.mit.edu>
Message-ID: <rt-6041-27709.15.8217088256092@krbdev.mit.edu>

Take three.

(void) casting re-applied

INVALID_SOCKET defined in port-sockets.h and removed from .c file


From rt-comment at krbdev.mit.edu  Wed Jul 23 14:42:36 2008
From: rt-comment at krbdev.mit.edu (Kevin Koch via RT)
Date: Wed, 23 Jul 2008 14:42:36 -0400 (EDT)
Subject: [krbdev.mit.edu #5594] SVN Commit 
In-Reply-To: <rt-5594@krbdev.mit.edu>
Message-ID: <rt-5594-27711.6.34049284814203@krbdev.mit.edu>


Don't show window when spawning server.
Commit By: kpkoch



Revision: 20577
Changed Files:
U   branches/kpkoch-ccapi/src/ccapi/lib/win/OldCC/client.cxx


From rt-comment at krbdev.mit.edu  Wed Jul 23 16:37:05 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Wed, 23 Jul 2008 16:37:05 -0400 (EDT)
Subject: [krbdev.mit.edu #6041] WIN32 SOCKET != int in gss and rpc libs
In-Reply-To: <rt-6041@krbdev.mit.edu>
Message-ID: <rt-6041-27715.5.97262698751344@krbdev.mit.edu>

On Jul 23, 2008, at 13:25, Jeffrey Altman via RT wrote:
> sure although I don't understand why ignoring that return value should
> be treated specially.

It's not that there's anything special about close/closesocket, I just  
don't want to make removing such casts a part of this otherwise fairly  
specific change, in the absence of a specific coding style guideline  
regarding ignored return values.

>> Why do you need to define INVALID_SOCKET in svc_udp.c?
>
> INVALID_SOCKET is a special value on Windows which is architecture
> dependent.  Is INVALID_SOCKET defined somewhere else for Unix?

Yes, port-sockets.h already has a definition for the UNIX case.

The revised patch looks good, please check it in...

Ken


From rt-comment at krbdev.mit.edu  Wed Jul 23 16:56:04 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Wed, 23 Jul 2008 16:56:04 -0400 (EDT)
Subject: [krbdev.mit.edu #6041] SVN Commit 
In-Reply-To: <rt-6041@krbdev.mit.edu>
Message-ID: <rt-6041-27718.17.0315358888572@krbdev.mit.edu>


In the gss rpc package, replace the type used for a 
socket on Windows with SOCKET (instead of int) and 
replace all calls to close() that are used to close 
sockets with closesocket().

src/include/port-sockets.h includes the definitions
of SOCKET and closesocket() for non-Windows systems.


Commit By: jaltman



Revision: 20578
Changed Files:
U   trunk/src/include/gssrpc/svc.h
U   trunk/src/lib/rpc/clnt_simple.c
U   trunk/src/lib/rpc/clnt_tcp.c
U   trunk/src/lib/rpc/clnt_udp.c
U   trunk/src/lib/rpc/pmap_rmt.c
U   trunk/src/lib/rpc/svc_tcp.c
U   trunk/src/lib/rpc/svc_udp.c


From rt-comment at krbdev.mit.edu  Wed Jul 23 17:41:38 2008
From: rt-comment at krbdev.mit.edu (The RT System itself via RT)
Date: Wed, 23 Jul 2008 17:41:38 -0400 (EDT)
Subject: [krbdev.mit.edu #6049] krb5_ktfile_get_entry() not dealing with
	enctype arg properly 
In-Reply-To: <rt-6049@krbdev.mit.edu>
Message-ID: <rt-6049-27719.10.4438093917658@krbdev.mit.edu>

>From krb5-bugs-incoming-bounces at PCH.MIT.EDU  Wed Jul 23 17:41:32 2008
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP
	id m6NLfWo4020151; Wed, 23 Jul 2008 17:41:32 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m6NLfRb2024830;
	Wed, 23 Jul 2008 17:41:27 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
	[18.7.7.76])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m6NLfQOG024827
	for <krb5-bugs-incoming at PCH.mit.edu>; Wed, 23 Jul 2008 17:41:26 -0400
Received: from mit.edu (M24-004-BARRACUDA-1.MIT.EDU [18.7.7.111])
	by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
	m6NLfGSG028229
	for <krb5-bugs at mit.edu>; Wed, 23 Jul 2008 17:41:16 -0400 (EDT)
Received: from brmea-mail-3.sun.com (brmea-mail-3.sun.com [192.18.98.34])
	by mit.edu (Spam Firewall) with ESMTP id 6A3FAA533B3
	for <krb5-bugs at mit.edu>; Wed, 23 Jul 2008 17:41:14 -0400 (EDT)
Received: from dm-central-02.central.sun.com ([129.147.62.5])
	by brmea-mail-3.sun.com (8.13.6+Sun/8.12.9) with ESMTP id
	m6NLfEeQ020289 for <krb5-bugs at mit.edu>; Wed, 23 Jul 2008 21:41:14 GMT
Received: from alton.central.sun.com (alton.Central.Sun.COM [129.153.128.101])
	by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,
	v2.2) with ESMTP id m6NLfDt6046654
	for <krb5-bugs at mit.edu>; Wed, 23 Jul 2008 15:41:14 -0600 (MDT)
Received: from alton.central.sun.com (localhost [127.0.0.1])
	by alton.central.sun.com (8.14.2+Sun/8.14.2) with ESMTP id
	m6NLXiJd026078
	for <krb5-bugs at mit.edu>; Wed, 23 Jul 2008 16:33:44 -0500 (CDT)
Received: (from willf at localhost)
	by alton.central.sun.com (8.14.2+Sun/8.14.2/Submit) id m6NLXirJ026077
	for krb5-bugs at mit.edu; Wed, 23 Jul 2008 16:33:44 -0500 (CDT)
Date: Wed, 23 Jul 2008 16:33:44 -0500
From: Will Fiveash <William.Fiveash at Sun.COM>
To: krb5-bugs at mit.edu
Message-ID: <20080723213344.GA26070 at sun.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.17 (2007-11-01)
X-Spam-Score: 2.29
X-Spam-Level: ** (2.29)
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Sender: krb5-bugs-incoming-bounces at PCH.MIT.EDU
Errors-To: krb5-bugs-incoming-bounces at PCH.MIT.EDU


>Submitter-Id:	net
>Originator:	William Fiveash
>Organization:
	Sun Microsystems
>Confidential:	no 
>Synopsis:	krb5_ktfile_get_entry() not dealing with enctype arg properly 
>Severity:	serious 
>Priority:	medium 
>Category:	krb5-libs 
>Class:		sw-bug 
>Release:	krb5-1.6.3
>Environment:
	
System: SunOS alton 5.11 snv_88 i86pc i386 i86pc
Architecture: i86pc

>Description:
	
In krb5_ktfile_get_entry() there is this code:

    /* if the enctype is not ignored and doesn't match, free new_entry
       and continue to the next */

    if (enctype != IGNORE_ENCTYPE) {
        if ((kerror = krb5_c_enctype_compare(context, enctype, 
                         new_entry.key.enctype,
                         &similar))) {
        krb5_kt_free_entry(context, &new_entry);
        break;
        }

Seems to me the break; should actually be continue; in the case that the
keytab has an entry with an unknown enctype.

A refinement to this would be to verify that the enctype input arg is a
valid enctype early on.

>How-To-Repeat:
	

Create a keytab with an unsupported enctype followed by a supported
enctype then try to get a key with the supported enctype.

>Fix:
	
--- ./lib/krb5/keytab/kt_file.c Wed Jul 23 13:35:30 2008
+++ /tmp/kt_file.c      Wed Jul 23 16:08:47 2008
@@ -333,7 +333,7 @@
                                                 new_entry.key.enctype,
                                                 &similar))) {
                krb5_kt_free_entry(context, &new_entry);
-               break;
+               continue;
            }
 
            if (!similar) {



From rt-comment at krbdev.mit.edu  Thu Jul 24 04:43:38 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Thu, 24 Jul 2008 04:43:38 -0400 (EDT)
Subject: [krbdev.mit.edu #6050] WINDOWS: %windir% no longer permitted for
	storage of appl config files 
In-Reply-To: <rt-6050@krbdev.mit.edu>
Message-ID: <rt-6050-27723.7.06221762305319@krbdev.mit.edu>

Since before Windows 2000, it has been against Windows Application
Development guidelines to store application specific configuration files
in the %windir% directory.  The "Common Application Data" directory was
created in Windows 95 for the storage of application specific
per-machine configuration files.  KFW continued to use the %windir%
directory for backwards compatibility with prior releases.

With the deployment of dual 32-bit / 64-bit systems, the %windir%
directory is now redirected for 32-bit processes.  64-bit and 32-bit
processes cannot open the same version of the file.  

With the release of 2003 SP1 the %windir% is also locked down to prevent
access by most user accounts.  

As a result, the krb5 profile should be moved by default to the "Common
Application Data" directory.



From rt-comment at krbdev.mit.edu  Thu Jul 24 04:45:39 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Thu, 24 Jul 2008 04:45:39 -0400 (EDT)
Subject: [krbdev.mit.edu #6050] WINDOWS: %windir% no longer permitted for
	storage of appl config files 
In-Reply-To: <rt-6050@krbdev.mit.edu>
Message-ID: <rt-6050-27725.1.89638917272873@krbdev.mit.edu>

Proposed patch attached to ticket.

If a profile file can be found in the %windir% directory, use it.

Otherwise, default to the "Common Application Data" directory tree.

Please review.


From rt-comment at krbdev.mit.edu  Thu Jul 24 11:36:07 2008
From: rt-comment at krbdev.mit.edu (Christian Krause via RT)
Date: Thu, 24 Jul 2008 11:36:07 -0400 (EDT)
Subject: [krbdev.mit.edu #6051] krb5_gss_accept_sec_context always returns
	minor_status = 0 
In-Reply-To: <rt-6051@krbdev.mit.edu>
Message-ID: <rt-6051-27726.1.62194988284661@krbdev.mit.edu>

Hi,

I've started to use krb5's (krb-1.6.3) gss API and it happened quite 
often in the first time, that this function failed for various reasons 
(which is not a problem so far).

The function returned GSS_S_FAILURE and according to the documentation a 
more specific error code should be in minor_status. But in my case 
minor_status was always 0.

I've digged a little bit in the implementation in 
krb5/src/lib/gssapi/krb5/accept_sec_context.c and it looks like in line 
928 the minor_status is correctly set to code, which is the return value 
of most krb5 functions:

    *minor_status = code;

So far this would work perfectly.

Unfortunately, at the end of this function it will be overwritten:

   if (!verifier_cred_handle && cred_handle) {
            krb5_gss_release_cred(minor_status, &cred_handle);
    }

At least in my case, the condition was always true (because I've called 
accept_sec_contect with verifier_cred_handle=GSS_C_NO_CREDENTIAL) and so 
the real error was always hidden.

Because this is not very convenient (and usually the return code of 
krb5_gss_release_cred is much less helpful than the real error code of a 
previous failed function), I'd suggest to change the code like this:

--- src/lib/gssapi/krb5/accept_sec_context.c
+++ src/lib/gssapi/krb5/accept_sec_context.c
@@ -991,7 +991,8 @@
         *output_token = token;
     }
     if (!verifier_cred_handle && cred_handle) {
-          krb5_gss_release_cred(minor_status, &cred_handle);
+          int release_minor_status;
+          krb5_gss_release_cred(&release_minor_status, &cred_handle);
     }
     krb5_free_context(context);
     return (major_status);


It would be great if you could review this patch and consider to apply 
the it.

Thank you very much in advance!


Best regards,
Christian


From rt-comment at krbdev.mit.edu  Thu Jul 24 14:02:30 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Thu, 24 Jul 2008 14:02:30 -0400 (EDT)
Subject: [krbdev.mit.edu #6051] krb5_gss_accept_sec_context always returns
	minor_status = 0
In-Reply-To: <rt-6051@krbdev.mit.edu>
Message-ID: <rt-6051-27727.1.49834822923346@krbdev.mit.edu>

Please see RT #5442.  A patch for this issue and a memory leak within 
the same function has already been committed to the trunk and is 
awaiting review and pullup to the release branch.



From rt-comment at krbdev.mit.edu  Thu Jul 24 17:26:25 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Thu, 24 Jul 2008 17:26:25 -0400 (EDT)
Subject: [krbdev.mit.edu #6052] SVN Commit 
In-Reply-To: <rt-6052@krbdev.mit.edu>
Message-ID: <rt-6052-27728.1.91326527467275@krbdev.mit.edu>


Use krb5_get_error_message instead of error_message for
detailed krb5 error strings.  Also removed a few remaining
instances of types ending in _t and fixed up some
whitespace issues.

Recommend ignoring whitespace diff.

Commit By: lxs



Revision: 20579
Changed Files:
U   trunk/src/include/kim/kim_options.h
U   trunk/src/kim/lib/kim_ccache.c
U   trunk/src/kim/lib/kim_ccache_private.h
U   trunk/src/kim/lib/kim_credential.c
U   trunk/src/kim/lib/kim_error.c
U   trunk/src/kim/lib/kim_error_private.h
U   trunk/src/kim/lib/kim_identity.c
U   trunk/src/kim/lib/kim_identity_private.h
U   trunk/src/kim/lib/kim_options.c
U   trunk/src/kim/lib/kim_options_private.h
U   trunk/src/kim/lib/kim_preferences.c
U   trunk/src/kim/lib/kim_preferences_private.h
U   trunk/src/kim/lib/kim_selection_hints_private.h
U   trunk/src/kim/lib/kim_string.c
U   trunk/src/kim/lib/kim_string_private.h
U   trunk/src/kim/lib/mac/kim_os_preferences.c
U   trunk/src/kim/lib/mac/kim_os_private.h
U   trunk/src/kim/lib/mac/kim_os_selection_hints.c
U   trunk/src/kim/lib/mac/kim_os_string.c


From rt-comment at krbdev.mit.edu  Fri Jul 25 03:50:19 2008
From: rt-comment at krbdev.mit.edu (Christian Krause via RT)
Date: Fri, 25 Jul 2008 03:50:19 -0400 (EDT)
Subject: [krbdev.mit.edu #6051] krb5_gss_accept_sec_context always returns
	minor_status = 0
In-Reply-To: <rt-6051@krbdev.mit.edu>
Message-ID: <rt-6051-27731.7.85579451340666@krbdev.mit.edu>

Hi Jeffrey,

Jeffrey Altman via RT wrote:
> Please see RT #5442.  A patch for this issue and a memory leak within 
> the same function has already been committed to the trunk and is 
> awaiting review and pullup to the release branch
Sorry for opening this new bug - I've searched in RT before I've created 
it, but without success.
I've checked now #5442 and some referred bugs, and I think it would be 
the best to set this one (#6051) as a duplicate of #5936.

Good news that it is already fixed- I'd like to try it out. Is there a 
public access to the krb SVN server?

Best regards,
Christian


From rt-comment at krbdev.mit.edu  Fri Jul 25 12:07:32 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 25 Jul 2008 12:07:32 -0400 (EDT)
Subject: [krbdev.mit.edu #6051] krb5_gss_accept_sec_context always returns
	minor_status = 0
In-Reply-To: <rt-6051@krbdev.mit.edu>
Message-ID: <rt-6051-27732.10.0011347892175@krbdev.mit.edu>

"Christian Krause via RT" <rt-comment at krbdev.mit.edu> writes:

> Good news that it is already fixed- I'd like to try it out. Is there a 
> public access to the krb SVN server?

svn://anonsvn.mit.edu/


From rt-comment at krbdev.mit.edu  Fri Jul 25 12:21:17 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 25 Jul 2008 12:21:17 -0400 (EDT)
Subject: [krbdev.mit.edu #5936] gss_accept_sec_context() returns minor_status
	== 0 if arg3 == GSS_C_NO_CREDENTIAL 
In-Reply-To: <rt-5936@krbdev.mit.edu>
Message-ID: <rt-5936-27734.6.98372002163367@krbdev.mit.edu>

Merging into #5936.

From rt-comment at krbdev.mit.edu  Fri Jul 25 13:43:40 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Fri, 25 Jul 2008 13:43:40 -0400 (EDT)
Subject: [krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp 
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27737.1.56888428016863@krbdev.mit.edu>

> Revision: 20543
> U   trunk/src/lib/krb5/rcache/rc_io.c

It looks to me like, if strdup fails, the file is left open (which is probably okay if the caller then uses krb5_rc_close to dispose 
of the handle, but may cause a file and file descriptor leak if the caller tries krb5_rc_io_creat again), and d->fn is a dangling 
pointer (which could be freed again by krb5_rc_io_close).

From rt-comment at krbdev.mit.edu  Fri Jul 25 15:19:16 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Fri, 25 Jul 2008 15:19:16 -0400 (EDT)
Subject: [krbdev.mit.edu #6053] SVN Commit 
In-Reply-To: <rt-6053@krbdev.mit.edu>
Message-ID: <rt-6053-27738.17.3078858860051@krbdev.mit.edu>


Clear gss_client and gss_target before any possible branch to 'error',
where they can be used.
Commit By: raeburn



Revision: 20580
Changed Files:
U   trunk/src/lib/kadm5/clnt/client_init.c


From rt-comment at krbdev.mit.edu  Fri Jul 25 15:54:49 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 25 Jul 2008 15:54:49 -0400 (EDT)
Subject: [krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27744.11.2478632625605@krbdev.mit.edu>

"Ken Raeburn via RT" <rt-comment at krbdev.mit.edu> writes:

>> Revision: 20543
>> U   trunk/src/lib/krb5/rcache/rc_io.c
>
> It looks to me like, if strdup fails, the file is left open (which
> is probably okay if the caller then uses krb5_rc_close to dispose of
> the handle, but may cause a file and file descriptor leak if the
> caller tries krb5_rc_io_creat again), and d->fn is a dangling
> pointer (which could be freed again by krb5_rc_io_close).

That looks like a pre-existing bug.  You could open a new ticket for it.


From rt-comment at krbdev.mit.edu  Fri Jul 25 16:33:11 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 25 Jul 2008 16:33:11 -0400 (EDT)
Subject: [krbdev.mit.edu #5442] SVN Commit 
In-Reply-To: <rt-5442@krbdev.mit.edu>
Message-ID: <rt-5442-27746.8.14317881206328@krbdev.mit.edu>


pull up r20559 from trunk

 r20559 at cathode-dark-space:  jaltman | 2008-07-21 16:47:35 -0400
 ticket: 5442
 tags: pullup
 
 This patch addresses the issues raised in this ticket and ticket 5936.
 
 (a) In the case where 'cred_handle' != 'verifier_cred_handle'[1]
 krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success
 case and the failure cases that result in returning from the function
 prior to reaching the end of the function.
 
 (b) The meaningful 'minor_status' return value is destroyed during the
 cleanup operations.
 
 The approach taken is to add a new 'exit:' label prior to the end of the
 function through which all function returns after reaching the 'fail:'
 label will goto.  After 'exit:', the 'cred_handle' will be released and
 if there is a krb5_context 'context' to be freed, the error info will be
 saved and krb5_free_context() will be called.
 
 In the success case, the krb5_context is saved in the gss context and we
 now set 'context' to NULL to prevent it from being freed.
 
 In order to preserve the minor_status return code, a 'tmp_minor_status'
 variable is added that is used after the 'fail:' label in calls to
 krb5_gss_delete_sec_context() and krb5_gss_release_cred().
 
 
 [1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to
 the value of 'verifier_cred_handle'.
 
 
 
 


Commit By: tlyu



Revision: 20581
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/gssapi/krb5/accept_sec_context.c


From rt-comment at krbdev.mit.edu  Fri Jul 25 16:33:25 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 25 Jul 2008 16:33:25 -0400 (EDT)
Subject: [krbdev.mit.edu #5442] SVN Commit 
In-Reply-To: <rt-5442@krbdev.mit.edu>
Message-ID: <rt-5442-27747.10.1375690994998@krbdev.mit.edu>


pull up r20574 from trunk

 r20574 at cathode-dark-space:  jaltman | 2008-07-23 12:03:40 -0400
 ticket: 5442
 
 replace "exit" label with "done"
 
 


Commit By: tlyu



Revision: 20582
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/gssapi/krb5/accept_sec_context.c


From rt-comment at krbdev.mit.edu  Fri Jul 25 16:33:40 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 25 Jul 2008 16:33:40 -0400 (EDT)
Subject: [krbdev.mit.edu #5442] SVN Commit 
In-Reply-To: <rt-5442@krbdev.mit.edu>
Message-ID: <rt-5442-27750.14.3638485957151@krbdev.mit.edu>


 r20575 at cathode-dark-space:  tlyu | 2008-07-23 13:06:56 -0400
 ticket: 5442
 
 Fix one missed rename of "exit" label to "done".
 
 


Commit By: tlyu



Revision: 20583
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/gssapi/krb5/accept_sec_context.c


From rt-comment at krbdev.mit.edu  Fri Jul 25 16:38:11 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 25 Jul 2008 16:38:11 -0400 (EDT)
Subject: [krbdev.mit.edu #5936] gss_accept_sec_context() returns minor_status
	== 0 if arg3 == GSS_C_NO_CREDENTIAL 
In-Reply-To: <rt-5936@krbdev.mit.edu>
Message-ID: <rt-5936-27755.9.40596651568057@krbdev.mit.edu>

Fixed by patches in #5442.

From rt-comment at krbdev.mit.edu  Fri Jul 25 17:08:05 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 25 Jul 2008 17:08:05 -0400 (EDT)
Subject: [krbdev.mit.edu #5840] SVN Commit 
In-Reply-To: <rt-5840@krbdev.mit.edu>
Message-ID: <rt-5840-27758.16.1183313008612@krbdev.mit.edu>


pull up r20558 from trunk

 r20558 at cathode-dark-space:  jaltman | 2008-07-21 16:33:53 -0400
 ticket: 5840
 tags: pullup
 
 kadm5_decrypt_key(). This patch prevents the returned keyblock's 
 enctype from being coerced to the requested 'ktype' if the requested 
 'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored".
 
 


Commit By: tlyu



Revision: 20584
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/kadm5/srv/svr_principal.c


From rt-comment at krbdev.mit.edu  Fri Jul 25 17:47:13 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 25 Jul 2008 17:47:13 -0400 (EDT)
Subject: [krbdev.mit.edu #6040] SVN Commit 
In-Reply-To: <rt-6040@krbdev.mit.edu>
Message-ID: <rt-6040-27761.6.76864186844135@krbdev.mit.edu>


pull up r20553 from trunk

 r20553 at cathode-dark-space:  jaltman | 2008-07-21 14:48:03 -0400
 ticket: new
 subject: Assign fixed ordinals to comerr32.dll exports
 component: krb5-libs
 tags: pullup
 
 All of the other libraries on Windows have fixed assignments
 of ordinals to the exported functions.  Assign the ordinals 
 that were in use in the last public release, kfw 3.2.2, so 
 that they will remain constant into the future in case additional
 exports are added to the library.
 
 


Commit By: tlyu



Revision: 20585
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/comerr32.def


From rt-comment at krbdev.mit.edu  Fri Jul 25 18:00:56 2008
From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT)
Date: Fri, 25 Jul 2008 18:00:56 -0400 (EDT)
Subject: [krbdev.mit.edu #6050] WINDOWS: %windir% no longer permitted for
	storage of appl config files 
In-Reply-To: <rt-6050@krbdev.mit.edu>
Message-ID: <rt-6050-27762.9.37510825423558@krbdev.mit.edu>

Revised patch. Uses SHGetFolderPath() to obtain the current Common
AppData directory instead of reading directly from the registry which is
unsupported.   





From rt-comment at krbdev.mit.edu  Fri Jul 25 18:04:38 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Fri, 25 Jul 2008 18:04:38 -0400 (EDT)
Subject: [krbdev.mit.edu #6041] WIN32 SOCKET != int in gss and rpc libs 
In-Reply-To: <rt-6041@krbdev.mit.edu>
Message-ID: <rt-6041-27764.13.7881378386938@krbdev.mit.edu>

Tom caught a problem I overlooked: clnttcp_create is a public interface.  You updated the 
function definition to take SOCKET*, but the declaration still says int*.  Please update the header 
(and since it gets installed, you can only use SOCKET for Windows environments, it has to stay 
with int for UNIX).

You might also want to look into why compile-time warnings didn't catch this for you....

From rt-comment at krbdev.mit.edu  Fri Jul 25 18:39:11 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 25 Jul 2008 18:39:11 -0400 (EDT)
Subject: [krbdev.mit.edu #5995] SVN Commit 
In-Reply-To: <rt-5995@krbdev.mit.edu>
Message-ID: <rt-5995-27766.10.1781895438423@krbdev.mit.edu>


pull up r20127 from trunk

 r20127 at cathode-dark-space:  raeburn | 2007-10-17 20:14:01 -0400
 Reject socket fds > FD_SETSIZE.


Commit By: tlyu



Revision: 20586
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/kdc/network.c
U   branches/krb5-1-6/src/lib/krb5/os/sendto_kdc.c


From rt-comment at krbdev.mit.edu  Fri Jul 25 18:39:38 2008
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 25 Jul 2008 18:39:38 -0400 (EDT)
Subject: [krbdev.mit.edu #5995] SVN Commit 
In-Reply-To: <rt-5995@krbdev.mit.edu>
Message-ID: <rt-5995-27769.1.17882967071886@krbdev.mit.edu>


pull up r20478 from trunk

 r20478 at cathode-dark-space:  raeburn | 2008-06-26 20:22:43 -0400
 ticket: new
 target_version: 1.6.4
 
 Fix off-by-one error in range check on file descriptor number.


Commit By: tlyu



Revision: 20587
Changed Files:
_U  branches/krb5-1-6/
U   branches/krb5-1-6/src/lib/krb5/os/sendto_kdc.c


From rt-comment at krbdev.mit.edu  Fri Jul 25 19:32:55 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Fri, 25 Jul 2008 19:32:55 -0400 (EDT)
Subject: [krbdev.mit.edu #6054] dangling pointer,
	file descriptor leak in krb5_rc_io_creat 
In-Reply-To: <rt-6054@krbdev.mit.edu>
Message-ID: <rt-6054-27771.4.36002908939294@krbdev.mit.edu>

>From #6002, in regards to the patch applied there:

It looks to me like, if strdup fails, the file is left open (which is probably okay
if the caller then uses krb5_rc_close to dispose
of the handle, but may cause a file and file descriptor leak if the caller tries
krb5_rc_io_creat again), and d->fn is a dangling
pointer (which could be freed again by krb5_rc_io_close).


From rt-comment at krbdev.mit.edu  Fri Jul 25 19:33:28 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Fri, 25 Jul 2008 19:33:28 -0400 (EDT)
Subject: [krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp 
In-Reply-To: <rt-6002@krbdev.mit.edu>
Message-ID: <rt-6002-27774.17.1126572616224@krbdev.mit.edu>

Okay, opened #6054.

From rt-comment at krbdev.mit.edu  Wed Jul 30 16:51:15 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Wed, 30 Jul 2008 16:51:15 -0400 (EDT)
Subject: [krbdev.mit.edu #6055] KIM API 
In-Reply-To: <rt-6055@krbdev.mit.edu>
Message-ID: <rt-6055-27783.19.4156861079402@krbdev.mit.edu>



From rt-comment at krbdev.mit.edu  Wed Jul 30 16:52:20 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Wed, 30 Jul 2008 16:52:20 -0400 (EDT)
Subject: [krbdev.mit.edu #6055] SVN Commit 
In-Reply-To: <rt-6055@krbdev.mit.edu>
Message-ID: <rt-6055-27784.5.79299587833042@krbdev.mit.edu>


Additional implementation of the KerberosAgent.

Commit By: lxs



Revision: 20590
Changed Files:
U   trunk/src/include/kim/kim_ccache.h
U   trunk/src/include/kim/kim_error.h
A   trunk/src/kim/agent/mac/BadgedImageView.h
A   trunk/src/kim/agent/mac/BadgedImageView.m
A   trunk/src/kim/agent/mac/Identities.h
A   trunk/src/kim/agent/mac/Identities.m
A   trunk/src/kim/agent/mac/KerberosAgentController.h
A   trunk/src/kim/agent/mac/KerberosAgentController.m
A   trunk/src/kim/agent/mac/PopupButton.h
A   trunk/src/kim/agent/mac/PopupButton.m
A   trunk/src/kim/agent/mac/SelectIdentityController.h
A   trunk/src/kim/agent/mac/SelectIdentityController.m
U   trunk/src/kim/agent/mac/resources/English.lproj/Authentication.xib
U   trunk/src/kim/agent/mac/resources/English.lproj/MainMenu.xib
A   trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib
U   trunk/src/kim/lib/kim.exports
U   trunk/src/kim/lib/kim_ccache.c
U   trunk/src/kim/lib/kim_credential.c
U   trunk/src/kim/lib/kim_error.c