From rt-comment at krbdev.mit.edu  Mon Feb  2 11:54:47 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon,  2 Feb 2009 16:54:47 +0000 (UTC)
Subject: [krbdev.mit.edu #6356] SVN Commit 
In-Reply-To: <rt-6356@krbdev.mit.edu>
Message-ID: <rt-6356-30337.6.36696736870611@krbdev.mit.edu>


Remove duplicate strdup call.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21860
Commit By: raeburn
Revision: 21860
Changed Files:
U   trunk/src/kdc/main.c


From rt-comment at krbdev.mit.edu  Mon Feb  2 13:42:27 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon,  2 Feb 2009 18:42:27 +0000 (UTC)
Subject: [krbdev.mit.edu #6357] SVN Commit 
In-Reply-To: <rt-6357@krbdev.mit.edu>
Message-ID: <rt-6357-30342.1.65406777600104@krbdev.mit.edu>


In mod-principal tests for clearing the principal's policy, instead of
just testing to see if the wrong string is output and timing out
looking for it, check also for the new expected value.  Cuts test
suite run time by about two minutes for each pass (client vs server).

http://src.mit.edu/fisheye/changelog/krb5/?cs=21866
Commit By: raeburn
Revision: 21866
Changed Files:
U   trunk/src/lib/kadm5/unit-test/api.0/mod-principal.exp
U   trunk/src/lib/kadm5/unit-test/api.2/mod-principal.exp


From rt-comment at krbdev.mit.edu  Mon Feb  2 13:45:27 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon,  2 Feb 2009 18:45:27 +0000 (UTC)
Subject: [krbdev.mit.edu #6357] address lib/kadm5 test suite slowness 
In-Reply-To: <rt-6357@krbdev.mit.edu>
Message-ID: <rt-6357-30347.12.9641916670381@krbdev.mit.edu>

See also patch in revision 21865, to reduce the delays used when waiting for server processes 
to start up.  This will affect other kadmin-related tests too.

From rt-comment at krbdev.mit.edu  Mon Feb  2 14:29:57 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon,  2 Feb 2009 19:29:57 +0000 (UTC)
Subject: [krbdev.mit.edu #6358] SVN Commit 
In-Reply-To: <rt-6358@krbdev.mit.edu>
Message-ID: <rt-6358-30348.15.317262700594@krbdev.mit.edu>


Reorder some tests and tune delays, so that we don't need to run for
much more than twice the min-password-life interval when testing that
functionality.  (This could be made faster if we can assume that
init_db will always have been run immediately before the tests start.)

In my tests, this cuts something like 11 seconds off the run time (now
down to about 65 seconds).

http://src.mit.edu/fisheye/changelog/krb5/?cs=21867
Commit By: raeburn
Revision: 21867
Changed Files:
U   trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp


From rt-comment at krbdev.mit.edu  Mon Feb  2 15:37:45 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon,  2 Feb 2009 20:37:45 +0000 (UTC)
Subject: [krbdev.mit.edu #6358] SVN Commit 
In-Reply-To: <rt-6358@krbdev.mit.edu>
Message-ID: <rt-6358-30351.4.09611164668853@krbdev.mit.edu>


Revise last change to better resemble the original test, keeping the
min-lifetime test code collected together.  Change policy to have a
minimum password lifetime of 10s instead of 30s, and reduce the test
delays accordingly.

http://src.mit.edu/fisheye/changelog/krb5/?cs=21868
Commit By: raeburn
Revision: 21868
Changed Files:
U   trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp
U   trunk/src/kadmin/testing/scripts/init_db


From rt-comment at krbdev.mit.edu  Mon Feb  2 20:43:39 2009
From: rt-comment at krbdev.mit.edu (william.fiveash@sun.com via RT)
Date: Tue,  3 Feb 2009 01:43:39 +0000 (UTC)
Subject: [krbdev.mit.edu #6359] new multi-masterkey support doesn't work well
	when system clock is set back 
In-Reply-To: <rt-6359@krbdev.mit.edu>
Message-ID: <rt-6359-30354.0.213495166254631@krbdev.mit.edu>

If the system clock on a KDC is set back in time after a mkey is
activated "now" or if the admin sets the active time for all existing
mkeys in the future it is possible that the code will not find any mkey
active.  This is a problem as there should always be one "active" mkey
used to protect principal keys.  I'd like to address this by making
several changes including:

- Modify krb5_dbe_find_act_mkey() to return the mkey with the lowest
  KVNO if there are no actkvno entries with a time equal or earlier than
  the current time.

- Modify krb5_dbe_fetch_act_key_list() to return a default actkvno entry
  with time == 0 if there is not actkvno TL data in the mkey princ
  entry.  Currently its setting time to the current time but again if
  the clock is set back this could cause problems.

- Remove the code in use_mkey that auto-trims the actkvno list.  I
  don't think this is really necessary since the actkvno list will be
  edited when the purge_mkeys command is run.




From rt-comment at krbdev.mit.edu  Mon Feb  2 23:15:19 2009
From: rt-comment at krbdev.mit.edu (Nicolas Williams via RT)
Date: Tue,  3 Feb 2009 04:15:19 +0000 (UTC)
Subject: [krbdev.mit.edu #6359] new multi-masterkey support doesn't work
	well when system clock is set back
In-Reply-To: <rt-6359@krbdev.mit.edu>
Message-ID: <rt-6359-30355.4.22707378458632@krbdev.mit.edu>

On Tue, Feb 03, 2009 at 01:43:39AM +0000, william.fiveash at sun.com via RT wrote:
> If the system clock on a KDC is set back in time after a mkey is
> activated "now" or if the admin sets the active time for all existing
> mkeys in the future it is possible that the code will not find any mkey
> active.  This is a problem as there should always be one "active" mkey
> used to protect principal keys.  I'd like to address this by making
> several changes including:

Can't the active key be marked in the principal's record via TL data?


From rt-comment at krbdev.mit.edu  Tue Feb  3 11:59:20 2009
From: rt-comment at krbdev.mit.edu (william.fiveash@sun.com via RT)
Date: Tue,  3 Feb 2009 16:59:20 +0000 (UTC)
Subject: [krbdev.mit.edu #6359] new multi-masterkey support doesn't work
	well when system clock is set back
In-Reply-To: <rt-6359@krbdev.mit.edu>
Message-ID: <rt-6359-30356.12.7252382139157@krbdev.mit.edu>

On Tue, Feb 03, 2009 at 04:15:19AM +0000, Nicolas Williams via RT wrote:
> On Tue, Feb 03, 2009 at 01:43:39AM +0000, william.fiveash at sun.com via RT wrote:
> > If the system clock on a KDC is set back in time after a mkey is
> > activated "now" or if the admin sets the active time for all existing
> > mkeys in the future it is possible that the code will not find any mkey
> > active.  This is a problem as there should always be one "active" mkey
> > used to protect principal keys.  I'd like to address this by making
> > several changes including:
> 
> Can't the active key be marked in the principal's record via TL data?

See: http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration

-- 
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/


From rt-comment at krbdev.mit.edu  Wed Feb  4 14:25:57 2009
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Wed,  4 Feb 2009 19:25:57 +0000 (UTC)
Subject: [krbdev.mit.edu #6360] SVN Commit 
In-Reply-To: <rt-6360@krbdev.mit.edu>
Message-ID: <rt-6360-30357.2.22067597864473@krbdev.mit.edu>


In krb5int_utf8s_to_ucs2les, free the correct value on error, instead
of the caller-supplied result pointer.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21881
Commit By: ghudson
Revision: 21881
Changed Files:
U   trunk/src/util/support/utf8_conv.c


From rt-comment at krbdev.mit.edu  Wed Feb  4 17:15:30 2009
From: rt-comment at krbdev.mit.edu (william.fiveash@sun.com via RT)
Date: Wed,  4 Feb 2009 22:15:30 +0000 (UTC)
Subject: [krbdev.mit.edu #6361] new multi-masterkey support doesn't work well
	when system clock is set back 
In-Reply-To: <rt-6361@krbdev.mit.edu>
Message-ID: <rt-6361-30362.3.5786026101313@krbdev.mit.edu>

If the system clock on a KDC is set back in time after a mkey is
activated "now" or if the admin sets the active time for all existing
mkeys in the future it is possible that the code will not find any mkey
active.  This is a problem as there should always be one "active" mkey
used to protect principal keys.  I'd like to address this by making
several changes including:

- Modify krb5_dbe_find_act_mkey() to return the mkey with the lowest
  KVNO if there are no actkvno entries with a time equal or earlier than
  the current time.

- Modify krb5_dbe_fetch_act_key_list() to return a default actkvno entry
  with time == 0 if there is not actkvno TL data in the mkey princ
  entry.  Currently its setting time to the current time but again if
  the clock is set back this could cause problems.

- Remove the code in use_mkey that auto-trims the actkvno list.  I
  don't think this is really necessary since the actkvno list will be
  edited when the purge_mkeys command is run.




From rt-comment at krbdev.mit.edu  Wed Feb  4 17:19:18 2009
From: rt-comment at krbdev.mit.edu (william.fiveash@sun.com via RT)
Date: Wed,  4 Feb 2009 22:19:18 +0000 (UTC)
Subject: [krbdev.mit.edu #6361] new multi-masterkey support doesn't work well
	when system clock is set back 
In-Reply-To: <rt-6361@krbdev.mit.edu>
Message-ID: <rt-6361-30363.6.24140615481309@krbdev.mit.edu>

[william.fiveash at sun.com - Wed Feb  4 17:15:30 2009]:

> If the system clock on a KDC is set back in time after a mkey is
> activated "now" or if the admin sets the active time for all existing
> mkeys in the future it is possible that the code will not find any mkey
> active.  This is a problem as there should always be one "active" mkey
> used to protect principal keys.  I'd like to address this by making
> several changes including:
> 
> - Modify krb5_dbe_find_act_mkey() to return the mkey with the lowest
>   KVNO if there are no actkvno entries with a time equal or earlier than
>   the current time.
> 
> - Modify krb5_dbe_fetch_act_key_list() to return a default actkvno entry
>   with time == 0 if there is not actkvno TL data in the mkey princ
>   entry.  Currently its setting time to the current time but again if
>   the clock is set back this could cause problems.
> 
> - Remove the code in use_mkey that auto-trims the actkvno list.  I
>   don't think this is really necessary since the actkvno list will be
>   edited when the purge_mkeys command is run.
> 
> 

- modify kdb5_use_mkey() to error out if the user tries to activate a
mkvno such that there would be no currently active mkey.


From rt-comment at krbdev.mit.edu  Wed Feb  4 17:29:48 2009
From: rt-comment at krbdev.mit.edu (william.fiveash@sun.com via RT)
Date: Wed,  4 Feb 2009 22:29:48 +0000 (UTC)
Subject: [krbdev.mit.edu #6361] SVN Commit 
In-Reply-To: <rt-6361@krbdev.mit.edu>
Message-ID: <rt-6361-30365.2.37147931086177@krbdev.mit.edu>


new multi-masterkey support doesn't work well when system clock is set
back

The ticket contains the details.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21884
Commit By: wfiveash
Revision: 21884
Changed Files:
U   trunk/src/kadmin/dbutil/kdb5_mkey.c
U   trunk/src/lib/kdb/kdb5.c


From rt-comment at krbdev.mit.edu  Wed Feb  4 18:28:15 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Wed,  4 Feb 2009 23:28:15 +0000 (UTC)
Subject: [krbdev.mit.edu #6362] SVN Commit 
In-Reply-To: <rt-6362@krbdev.mit.edu>
Message-ID: <rt-6362-30367.17.4669442473193@krbdev.mit.edu>


Fix one file in gssapi where we compute offsets from a void* without casting.
Change options used with Sun compiler to make such expressions an error.

http://src.mit.edu/fisheye/changelog/krb5/?cs=21886
Commit By: raeburn
Revision: 21886
Changed Files:
U   trunk/src/aclocal.m4
U   trunk/src/lib/gssapi/generic/oid_ops.c


From rt-comment at krbdev.mit.edu  Wed Feb  4 20:49:29 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Thu,  5 Feb 2009 01:49:29 +0000 (UTC)
Subject: [krbdev.mit.edu #6363] SVN Commit 
In-Reply-To: <rt-6363@krbdev.mit.edu>
Message-ID: <rt-6363-30370.11.1406467257282@krbdev.mit.edu>


Fix a pointer argument passed where an integer is needed.
Update Sun compiler options to make that an error.  (The options we're
currently using make it an error for assignment but not for argument passing.)

http://src.mit.edu/fisheye/changelog/krb5/?cs=21887
Commit By: raeburn
Revision: 21887
Changed Files:
U   trunk/src/aclocal.m4
U   trunk/src/lib/gssapi/krb5/k5seal.c


From rt-comment at krbdev.mit.edu  Wed Feb  4 21:16:27 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Thu,  5 Feb 2009 02:16:27 +0000 (UTC)
Subject: [krbdev.mit.edu #6364] SVN Commit 
In-Reply-To: <rt-6364@krbdev.mit.edu>
Message-ID: <rt-6364-30375.12.7703585297083@krbdev.mit.edu>


If HAVE_VASPRINTF is not defined, make sure krb5int_{,v}asprintf
functions always get declared, applying the preprocessor conditional
test only to the GCC format attribute.  If HAVE_VASPRINTF is defined,
don't declare them at all.

This fixes a bunch of function-not-declared warnings under Sun cc.

http://src.mit.edu/fisheye/changelog/krb5/?cs=21888
Commit By: raeburn
Revision: 21888
Changed Files:
U   trunk/src/include/k5-platform.h


From rt-comment at krbdev.mit.edu  Wed Feb  4 21:59:13 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Thu,  5 Feb 2009 02:59:13 +0000 (UTC)
Subject: [krbdev.mit.edu #6365] SVN Commit 
In-Reply-To: <rt-6365@krbdev.mit.edu>
Message-ID: <rt-6365-30380.14.8425521709239@krbdev.mit.edu>


Sun cc warns about some of the string functions being undeclared in
several source files.  So, include string.h there.

http://src.mit.edu/fisheye/changelog/krb5/?cs=21889
Commit By: raeburn
Revision: 21889
Changed Files:
U   trunk/src/kadmin/server/kadm_rpc_svc.c
U   trunk/src/lib/kadm5/chpass_util.c
U   trunk/src/plugins/kdb/db2/pol_xdr.c


From rt-comment at krbdev.mit.edu  Thu Feb  5 06:07:02 2009
From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT)
Date: Thu,  5 Feb 2009 11:07:02 +0000 (UTC)
Subject: [krbdev.mit.edu #1548] 1.3beta: kshd syslogs the following....
	(Redhat 9) 
In-Reply-To: <rt-1548@krbdev.mit.edu>
Message-ID: <rt-1548-30387.0.582415041969711@krbdev.mit.edu>

Redhat 9 is no longer supported.  Newer releases of redhat does not have
problem....

Closing...


From rt-comment at krbdev.mit.edu  Thu Feb  5 13:19:29 2009
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Thu,  5 Feb 2009 18:19:29 +0000 (UTC)
Subject: [krbdev.mit.edu #6367] SVN Commit 
In-Reply-To: <rt-6367@krbdev.mit.edu>
Message-ID: <rt-6367-30389.16.6681760696908@krbdev.mit.edu>


Fix a memory leak in krb5_kt_resolve when we fail to lock
kt_typehead_lock.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21890
Commit By: ghudson
Revision: 21890
Changed Files:
U   trunk/src/lib/krb5/keytab/ktbase.c


From rt-comment at krbdev.mit.edu  Thu Feb  5 13:43:13 2009
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Thu,  5 Feb 2009 18:43:13 +0000 (UTC)
Subject: [krbdev.mit.edu #6368] SVN Commit 
In-Reply-To: <rt-6368@krbdev.mit.edu>
Message-ID: <rt-6368-30394.2.27735032404119@krbdev.mit.edu>


Add a missing break in the switch statement of
krb5int_setpw_result_code_string.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21894
Commit By: ghudson
Revision: 21894
Changed Files:
U   trunk/src/lib/krb5/krb/chpw.c


From rt-comment at krbdev.mit.edu  Thu Feb  5 14:02:32 2009
From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT)
Date: Thu,  5 Feb 2009 19:02:32 +0000 (UTC)
Subject: [krbdev.mit.edu #6349] SVN Commit 
In-Reply-To: <rt-6349@krbdev.mit.edu>
Message-ID: <rt-6349-30400.16.6811453232756@krbdev.mit.edu>


Detect failure to register with rpcbind/portmap due to security
restrictons and not bomb out in tests.




http://src.mit.edu/fisheye/changelog/krb5/?cs=21895
Commit By: epeisach
Revision: 21895
Changed Files:
U   trunk/src/lib/rpc/unit-test/config/unix.exp
U   trunk/src/lib/rpc/unit-test/rpc_test.0/expire.exp
U   trunk/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp
U   trunk/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp


From rt-comment at krbdev.mit.edu  Thu Feb  5 14:05:16 2009
From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT)
Date: Thu,  5 Feb 2009 19:05:16 +0000 (UTC)
Subject: [krbdev.mit.edu #6369] lib/rpc should have way to register with
	secure rpcbind using unix domain socket 
In-Reply-To: <rt-6369@krbdev.mit.edu>
Message-ID: <rt-6369-30401.17.7881432741397@krbdev.mit.edu>

Under fedora 10 and other OS's - portmap has been replaced by rpcbind.

Security considerations have "improved" - requiring a loopback socket
and a reserved port (<1024) unless certain flags are given.

Looking at the sources for rpcbind - there is now support for a unix
domain socket connection - which is known to be local - and does not
therefore require a reserved port.

Either the rpc layer should be replaced with a newer implementation or 
the library could be shoehorned to attempt to use a unix domain socket
if present.
 

From rt-comment at krbdev.mit.edu  Thu Feb  5 15:13:53 2009
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Thu,  5 Feb 2009 20:13:53 +0000 (UTC)
Subject: [krbdev.mit.edu #6370] Fix assertion in gc_frm_kdc.c 
In-Reply-To: <rt-6370@krbdev.mit.edu>
Message-ID: <rt-6370-30402.10.4248324811457@krbdev.mit.edu>

See r21899.


From rt-comment at krbdev.mit.edu  Thu Feb  5 15:57:17 2009
From: rt-comment at krbdev.mit.edu (william.fiveash@sun.com via RT)
Date: Thu,  5 Feb 2009 20:57:17 +0000 (UTC)
Subject: [krbdev.mit.edu #6371] SVN Commit 
In-Reply-To: <rt-6371@krbdev.mit.edu>
Message-ID: <rt-6371-30403.12.9777738180226@krbdev.mit.edu>


Ken R. told me that Coverity found several potential memleaks introduced
by the mkey migration project.  This addresses those leaks and tweaks
the code formatting in a few places.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21900
Commit By: wfiveash
Revision: 21900
Changed Files:
U   trunk/src/kadmin/dbutil/kdb5_mkey.c
U   trunk/src/lib/kdb/kdb5.c
U   trunk/src/lib/kdb/kdb_default.c


From rt-comment at krbdev.mit.edu  Thu Feb  5 16:28:00 2009
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Thu,  5 Feb 2009 21:28:00 +0000 (UTC)
Subject: [krbdev.mit.edu #6372] SVN Commit 
In-Reply-To: <rt-6372@krbdev.mit.edu>
Message-ID: <rt-6372-30409.2.18691280188317@krbdev.mit.edu>


In make_etype_list, assign *authdata before we have a chance to fail,
since we may have invalidated the previous value with realloc.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21901
Commit By: ghudson
Revision: 21901
Changed Files:
U   trunk/src/lib/krb5/krb/mk_req_ext.c


From rt-comment at krbdev.mit.edu  Thu Feb  5 20:07:41 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Fri,  6 Feb 2009 01:07:41 +0000 (UTC)
Subject: [krbdev.mit.edu #6373] SVN Commit 
In-Reply-To: <rt-6373@krbdev.mit.edu>
Message-ID: <rt-6373-30414.12.5922026027208@krbdev.mit.edu>


Remove some redundant qualifiers specified redundantly multiple times more than once in variable declarations.
Also remove some useless qualifiers in casts and function argument declarations.

http://src.mit.edu/fisheye/changelog/krb5/?cs=21903
Commit By: raeburn
Revision: 21903
Changed Files:
U   trunk/src/lib/gssapi/krb5/krb5_gss_glue.c


From rt-comment at krbdev.mit.edu  Fri Feb  6 00:22:40 2009
From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT)
Date: Fri,  6 Feb 2009 05:22:40 +0000 (UTC)
Subject: [krbdev.mit.edu #6374] SVN Commit 
In-Reply-To: <rt-6374@krbdev.mit.edu>
Message-ID: <rt-6374-30419.3.1355457900306@krbdev.mit.edu>


bool_t is defined as int, krb5_boolean as unsigned int.  These are
similar size but someone someday might change the krb5_boolean.
Instead of passing a krb5_boolean * to xdr_bool, implement xdr_krb5_boolean
which keeps the different types separate. 

This cleans up a number of warnings.




http://src.mit.edu/fisheye/changelog/krb5/?cs=21906
Commit By: epeisach
Revision: 21906
Changed Files:
U   trunk/src/lib/kadm5/kadm_rpc_xdr.c


From rt-comment at krbdev.mit.edu  Fri Feb  6 13:40:25 2009
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Fri,  6 Feb 2009 18:40:25 +0000 (UTC)
Subject: [krbdev.mit.edu #6375] SVN Commit 
In-Reply-To: <rt-6375@krbdev.mit.edu>
Message-ID: <rt-6375-30422.0.259032282813436@krbdev.mit.edu>


rtree_hier_realms was forgetting to assign the return value of
krb5int_copy_data_contents to retval, which would cause a failure to
notice out-of-memory conditions.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21909
Commit By: ghudson
Revision: 21909
Changed Files:
U   trunk/src/lib/krb5/krb/walk_rtree.c


From rt-comment at krbdev.mit.edu  Fri Feb  6 15:43:49 2009
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Fri,  6 Feb 2009 20:43:49 +0000 (UTC)
Subject: [krbdev.mit.edu #6376] SVN Commit 
In-Reply-To: <rt-6376@krbdev.mit.edu>
Message-ID: <rt-6376-30427.19.7978708435064@krbdev.mit.edu>


In walk_rtree's rtree_hier_tree, don't leak the result of
rtree_hier_realms.  In rtree_hier_realms, avoid freeing one too many
krb5_data contents on allocation failure, and use the recommend
pattern to ensure well-defined output parameter values.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21912
Commit By: ghudson
Revision: 21912
Changed Files:
U   trunk/src/lib/krb5/krb/walk_rtree.c


From rt-comment at krbdev.mit.edu  Mon Feb  9 12:53:30 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon,  9 Feb 2009 17:53:30 +0000 (UTC)
Subject: [krbdev.mit.edu #6377] SVN Commit 
In-Reply-To: <rt-6377@krbdev.mit.edu>
Message-ID: <rt-6377-30432.15.009209980092@krbdev.mit.edu>


This makes them safer to call in various contexts where NULL may leak
through, and makes analysis easier.

Also, remove some checks for NULL before calling a free routine that
will also check for NULL.

http://src.mit.edu/fisheye/changelog/krb5/?cs=21920
Commit By: raeburn
Revision: 21920
Changed Files:
U   trunk/src/lib/krb5/krb/free_rtree.c
U   trunk/src/lib/krb5/krb/init_ctx.c
U   trunk/src/lib/krb5/krb/kfree.c
U   trunk/src/lib/krb5/krb/preauth2.c
U   trunk/src/lib/krb5/os/free_krbhs.c
U   trunk/src/lib/krb5/os/promptusr.c


From rt-comment at krbdev.mit.edu  Mon Feb  9 13:13:11 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon,  9 Feb 2009 18:13:11 +0000 (UTC)
Subject: [krbdev.mit.edu #6377] SVN Commit 
In-Reply-To: <rt-6377@krbdev.mit.edu>
Message-ID: <rt-6377-30435.12.4981837867042@krbdev.mit.edu>


Provide omitted return value in last change.

http://src.mit.edu/fisheye/changelog/krb5/?cs=21922
Commit By: raeburn
Revision: 21922
Changed Files:
U   trunk/src/lib/krb5/os/free_krbhs.c


From rt-comment at krbdev.mit.edu  Mon Feb  9 13:35:24 2009
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon,  9 Feb 2009 18:35:24 +0000 (UTC)
Subject: [krbdev.mit.edu #6378] SVN Commit 
In-Reply-To: <rt-6378@krbdev.mit.edu>
Message-ID: <rt-6378-30436.5.86737373920435@krbdev.mit.edu>


Make krb5int_utf8_normalize return a krb5_error_code and always allocate
a structure to be placed in the output parameter.  Adjust the function
structure to use a cleanup handler, fixing many memory leaks.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21923
Commit By: ghudson
Revision: 21923
Changed Files:
U   trunk/src/include/k5-unicode.h
U   trunk/src/lib/krb5/error_tables/krb5_err.et
U   trunk/src/lib/krb5/unicode/ucstr.c


From rt-comment at krbdev.mit.edu  Mon Feb  9 13:52:45 2009
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon,  9 Feb 2009 18:52:45 +0000 (UTC)
Subject: [krbdev.mit.edu #6379] SVN Commit 
In-Reply-To: <rt-6379@krbdev.mit.edu>
Message-ID: <rt-6379-30441.8.2868835291108@krbdev.mit.edu>


In rtree_hier_realms, if the first rtree_hier_tweens call failed, the
cleanup handler would free stweens which had not been initialized.
Initialize ctweens and stweens to NULL in the variable declarations to
make the cleanup handler safe.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21924
Commit By: ghudson
Revision: 21924
Changed Files:
U   trunk/src/lib/krb5/krb/walk_rtree.c


From rt-comment at krbdev.mit.edu  Mon Feb  9 15:39:58 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Mon,  9 Feb 2009 20:39:58 +0000 (UTC)
Subject: [krbdev.mit.edu #6377] SVN Commit 
In-Reply-To: <rt-6377@krbdev.mit.edu>
Message-ID: <rt-6377-30446.14.3657805871432@krbdev.mit.edu>


Fix one more case of an explicit null check before calling a free
function that does the null check.

Also, use krb5_free_keyblock_contents instead of open-coding all the
work (and not trying hard enough to clear the memory).

http://src.mit.edu/fisheye/changelog/krb5/?cs=21926
Commit By: raeburn
Revision: 21926
Changed Files:
U   trunk/src/lib/krb5/krb/kfree.c


From rt-comment at krbdev.mit.edu  Mon Feb  9 17:45:26 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Mon,  9 Feb 2009 22:45:26 +0000 (UTC)
Subject: [krbdev.mit.edu #6381] SVN Commit 
In-Reply-To: <rt-6381@krbdev.mit.edu>
Message-ID: <rt-6381-30447.13.2708752721762@krbdev.mit.edu>


IGNORE this revision number; it is only valid in the test environment!



http://src.mit.edu/fisheye/changelog/krb5/?cs=21769
Commit By: tlyu
Revision: 21769
Changed Files:
A   branches/commit-handler-test/aaaa/


From rt-comment at krbdev.mit.edu  Tue Feb 10 11:10:15 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 10 Feb 2009 16:10:15 +0000 (UTC)
Subject: [krbdev.mit.edu #6385] SVN Commit 
In-Reply-To: <rt-6385@krbdev.mit.edu>
Message-ID: <rt-6385-30452.18.6136301288595@krbdev.mit.edu>


test test


http://src.mit.edu/fisheye/changelog/krb5/?cs=21945
Commit By: tlyu
Revision: 21945
Changed Files:
A   branches/commit-handler-test/aaaa/


From rt-comment at krbdev.mit.edu  Tue Feb 10 11:36:51 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 10 Feb 2009 16:36:51 +0000 (UTC)
Subject: [krbdev.mit.edu #6388] SVN Commit 
In-Reply-To: <rt-6388@krbdev.mit.edu>
Message-ID: <rt-6388-30455.17.1863799130758@krbdev.mit.edu>


test


http://src.mit.edu/fisheye/changelog/krb5/?cs=21948
Commit By: tlyu
Revision: 21948
Changed Files:
D   branches/commit-handler-test/aaaa/


From rt-comment at krbdev.mit.edu  Tue Feb 10 11:38:02 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 10 Feb 2009 16:38:02 +0000 (UTC)
Subject: [krbdev.mit.edu #6388] SVN Commit 
In-Reply-To: <rt-6388@krbdev.mit.edu>
Message-ID: <rt-6388-30460.8.70995193330849@krbdev.mit.edu>


more test


http://src.mit.edu/fisheye/changelog/krb5/?cs=21949
Commit By: tlyu
Revision: 21949
Changed Files:
A   branches/commit-handler-test/aaaa/


From rt-comment at krbdev.mit.edu  Tue Feb 10 11:40:30 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 10 Feb 2009 16:40:30 +0000 (UTC)
Subject: [krbdev.mit.edu #6389] SVN Commit 
In-Reply-To: <rt-6389@krbdev.mit.edu>
Message-ID: <rt-6389-30461.0.830424312337286@krbdev.mit.edu>


IGNORE this revision number; it is only valid in the test environment!


http://src.mit.edu/fisheye/changelog/krb5/?cs=21771
Commit By: tlyu
Revision: 21771
Changed Files:
D   branches/commit-handler-test/test-dir/


From rt-comment at krbdev.mit.edu  Tue Feb 10 13:08:09 2009
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Tue, 10 Feb 2009 18:08:09 +0000 (UTC)
Subject: [krbdev.mit.edu #6348] kadmin and ktutil installed in sbin,
	should be bin 
In-Reply-To: <rt-6348@krbdev.mit.edu>
Message-ID: <rt-6348-30468.5.20318732169066@krbdev.mit.edu>

We discussed this at a meeting and we basically agree.  kadmin in
particular is normally run by non-root users and belongs in bin.  ktutil
is a little less clear because the usual use case is to operate on host
keytabs which are only readable by root--but there are other fairly
common use cases, so it probably belongs in bin.

Do you want to commit the change for this to our repository?

From rt-comment at krbdev.mit.edu  Tue Feb 10 14:01:21 2009
From: rt-comment at krbdev.mit.edu (Russ Allbery via RT)
Date: Tue, 10 Feb 2009 19:01:21 +0000 (UTC)
Subject: [krbdev.mit.edu #6348] kadmin and ktutil installed in sbin,
	should be bin
In-Reply-To: <rt-6348@krbdev.mit.edu>
Message-ID: <rt-6348-30469.8.95970703628315@krbdev.mit.edu>

"Greg Hudson via RT" <rt-comment at krbdev.mit.edu> writes:

> We discussed this at a meeting and we basically agree.  kadmin in
> particular is normally run by non-root users and belongs in bin.  ktutil
> is a little less clear because the usual use case is to operate on host
> keytabs which are only readable by root--but there are other fairly
> common use cases, so it probably belongs in bin.
>
> Do you want to commit the change for this to our repository?

Sure, I can do that.  I'll try to do that later tonight.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


From rt-comment at krbdev.mit.edu  Wed Feb 11 00:00:27 2009
From: rt-comment at krbdev.mit.edu (Russ Allbery <rra@stanford.edu> via RT)
Date: Wed, 11 Feb 2009 05:00:27 +0000 (UTC)
Subject: [krbdev.mit.edu #6348] SVN Commit 
In-Reply-To: <rt-6348@krbdev.mit.edu>
Message-ID: <rt-6348-30473.19.7884028552314@krbdev.mit.edu>


Install ktutil and kadmin into CLIENT_BINDIR instead of ADMIN_BINDIR
since both are useful for users other than the system administrator.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21966
Commit By: rra
Revision: 21966
Changed Files:
U   trunk/src/kadmin/cli/Makefile.in
U   trunk/src/kadmin/ktutil/Makefile.in


From rt-comment at krbdev.mit.edu  Wed Feb 11 00:01:51 2009
From: rt-comment at krbdev.mit.edu (Russ Allbery via RT)
Date: Wed, 11 Feb 2009 05:01:51 +0000 (UTC)
Subject: [krbdev.mit.edu #6348] kadmin and ktutil installed in sbin,
	should be bin
In-Reply-To: <rt-6348@krbdev.mit.edu>
Message-ID: <rt-6348-30474.5.66150313768937@krbdev.mit.edu>

"Greg Hudson via RT" <rt-comment at krbdev.mit.edu> writes:

> We discussed this at a meeting and we basically agree.  kadmin in
> particular is normally run by non-root users and belongs in bin.  ktutil
> is a little less clear because the usual use case is to operate on host
> keytabs which are only readable by root--but there are other fairly
> common use cases, so it probably belongs in bin.
>
> Do you want to commit the change for this to our repository?

I've committed this now.  I left the man pages in the man8 directory,
however, both because there are existing cross-references and because
there isn't always a one-to-one mapping between path and man1 vs. man8.
Let me know if you'd like me to move the man pages to section one as well,
though.

I also left k5srvutil where it is, although I wasn't sure that was the
right decision.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


From rt-comment at krbdev.mit.edu  Wed Feb 11 08:01:16 2009
From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT)
Date: Wed, 11 Feb 2009 13:01:16 +0000 (UTC)
Subject: [krbdev.mit.edu #6390] SVN Commit 
In-Reply-To: <rt-6390@krbdev.mit.edu>
Message-ID: <rt-6390-30475.8.39668158518428@krbdev.mit.edu>


AC_ARG_ENABLE returns its value in enableval not withval.  --disable-rpath 
was not working - or dependent on some previous setting...



http://src.mit.edu/fisheye/changelog/krb5/?cs=21968
Commit By: epeisach
Revision: 21968
Changed Files:
U   trunk/src/aclocal.m4


From rt-comment at krbdev.mit.edu  Thu Feb 12 11:24:46 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 12 Feb 2009 16:24:46 +0000 (UTC)
Subject: [krbdev.mit.edu #6391] SVN Commit 
In-Reply-To: <rt-6391@krbdev.mit.edu>
Message-ID: <rt-6391-30480.14.7278953397861@krbdev.mit.edu>


test new svn server


http://src.mit.edu/fisheye/changelog/krb5/?cs=21971
Commit By: tlyu
Revision: 21971
Changed Files:
D   branches/commit-handler-test/aaaa/


From rt-comment at krbdev.mit.edu  Thu Feb 12 11:26:16 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 12 Feb 2009 16:26:16 +0000 (UTC)
Subject: [krbdev.mit.edu #6391] SVN Commit 
In-Reply-To: <rt-6391@krbdev.mit.edu>
Message-ID: <rt-6391-30483.3.86754671188349@krbdev.mit.edu>


update test



http://src.mit.edu/fisheye/changelog/krb5/?cs=21972
Commit By: tlyu
Revision: 21972
Changed Files:
A   branches/commit-handler-test/aaaa/


From rt-comment at krbdev.mit.edu  Thu Feb 12 12:51:47 2009
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Thu, 12 Feb 2009 17:51:47 +0000 (UTC)
Subject: [krbdev.mit.edu #6392] SVN Commit 
In-Reply-To: <rt-6392@krbdev.mit.edu>
Message-ID: <rt-6392-30484.3.03912631312663@krbdev.mit.edu>


Check the correct variable for null after allocating the server string
in rtree_capath_vals.


http://src.mit.edu/fisheye/changelog/krb5/?cs=21980
Commit By: ghudson
Revision: 21980
Changed Files:
U   trunk/src/lib/krb5/krb/walk_rtree.c


From rt-comment at krbdev.mit.edu  Fri Feb 13 10:55:34 2009
From: rt-comment at krbdev.mit.edu (Sam Hartman via RT)
Date: Fri, 13 Feb 2009 15:55:34 +0000 (UTC)
Subject: [krbdev.mit.edu #6393] SVN Commit 
In-Reply-To: <rt-6393@krbdev.mit.edu>
Message-ID: <rt-6393-30489.10.7161671675956@krbdev.mit.edu>


Implement support for use of a subkey in the TGS req.  This is needed
by FAST TGS support.  The interface to krb5_send_tgs changed in order
to gain a subkey output parameter.  Since this is a private interface
it was renamed to krb5int_send_tgs and removed from the export list.

* send_tgs.c: generate a subkey and return to caller
* decode_kdc_rep.c: Use subkey keyusage
* gc_via_tkt.c: pass in subkey to decode_kdc_rep
* send_tgs.c: use subkey for encrypting authorization data

http://src.mit.edu/fisheye/changelog/krb5/?cs=21993
Commit By: hartmans
Revision: 21993
Changed Files:
U   trunk/src/include/k5-int.h
U   trunk/src/lib/krb5/krb/decode_kdc.c
U   trunk/src/lib/krb5/krb/gc_via_tkt.c
U   trunk/src/lib/krb5/krb/send_tgs.c
U   trunk/src/lib/krb5/libkrb5.exports


From rt-comment at krbdev.mit.edu  Fri Feb 13 11:43:21 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 13 Feb 2009 16:43:21 +0000 (UTC)
Subject: [krbdev.mit.edu #6394] SVN Commit 
In-Reply-To: <rt-6394@krbdev.mit.edu>
Message-ID: <rt-6394-30493.7.20993185958172@krbdev.mit.edu>


test commit handler again


http://src.mit.edu/fisheye/changelog/krb5/?cs=21995
Commit By: tlyu
Revision: 21995
Changed Files:
D   branches/commit-handler-test/aaaa/


From rt-comment at krbdev.mit.edu  Fri Feb 13 11:44:34 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 13 Feb 2009 16:44:34 +0000 (UTC)
Subject: [krbdev.mit.edu #6394] SVN Commit 
In-Reply-To: <rt-6394@krbdev.mit.edu>
Message-ID: <rt-6394-30498.9.82786203811223@krbdev.mit.edu>


test



http://src.mit.edu/fisheye/changelog/krb5/?cs=21996
Commit By: tlyu
Revision: 21996
Changed Files:
A   branches/commit-handler-test/aaaa/


From rt-comment at krbdev.mit.edu  Fri Feb 13 11:46:00 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 13 Feb 2009 16:46:00 +0000 (UTC)
Subject: [krbdev.mit.edu #6395] SVN Commit 
In-Reply-To: <rt-6395@krbdev.mit.edu>
Message-ID: <rt-6395-30499.15.5629893446555@krbdev.mit.edu>




http://src.mit.edu/fisheye/changelog/krb5/?cs=21997
Commit By: tlyu
Revision: 21997
Changed Files:
D   branches/commit-handler-test/aaaa/


From rt-comment at krbdev.mit.edu  Fri Feb 13 11:47:03 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 13 Feb 2009 16:47:03 +0000 (UTC)
Subject: [krbdev.mit.edu #6395] SVN Commit 
In-Reply-To: <rt-6395@krbdev.mit.edu>
Message-ID: <rt-6395-30502.16.4620615642732@krbdev.mit.edu>


test anonvn propagation again


http://src.mit.edu/fisheye/changelog/krb5/?cs=21998
Commit By: tlyu
Revision: 21998
Changed Files:
A   branches/commit-handler-test/aaaa/


From rt-comment at krbdev.mit.edu  Fri Feb 13 11:55:05 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 13 Feb 2009 16:55:05 +0000 (UTC)
Subject: [krbdev.mit.edu #6396] SVN Commit 
In-Reply-To: <rt-6396@krbdev.mit.edu>
Message-ID: <rt-6396-30503.3.35780022276843@krbdev.mit.edu>


test anonsvn propagation


http://src.mit.edu/fisheye/changelog/krb5/?cs=21999
Commit By: tlyu
Revision: 21999
Changed Files:
D   branches/commit-handler-test/aaaa/


From rt-comment at krbdev.mit.edu  Fri Feb 13 11:58:26 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 13 Feb 2009 16:58:26 +0000 (UTC)
Subject: [krbdev.mit.edu #6396] SVN Commit 
In-Reply-To: <rt-6396@krbdev.mit.edu>
Message-ID: <rt-6396-30506.6.81760582218224@krbdev.mit.edu>


test again


http://src.mit.edu/fisheye/changelog/krb5/?cs=22000
Commit By: tlyu
Revision: 22000
Changed Files:
A   branches/commit-handler-test/aaaa/


From rt-comment at krbdev.mit.edu  Tue Feb 17 11:10:14 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 17 Feb 2009 16:10:14 +0000 (UTC)
Subject: [krbdev.mit.edu #6355] SVN Commit 
In-Reply-To: <rt-6355@krbdev.mit.edu>
Message-ID: <rt-6355-30515.9.12109919434691@krbdev.mit.edu>


pull up r21855 from trunk

 ------------------------------------------------------------------------
 r21855 | raeburn | 2009-01-30 23:39:34 -0500 (Fri, 30 Jan 2009) | 28 lines
 Changed paths:
    M /trunk/src/tests/dejagnu/krb-standalone/rcp.exp
    M /trunk/src/tests/dejagnu/krb-standalone/rsh.exp
    M /trunk/src/tests/dejagnu/krb-standalone/sample.exp
    M /trunk/src/tests/dejagnu/t_inetd.c

 ticket: 6355
 subject: use t_inetd with a ready message and avoid waiting a lot in non-root tests
 target_version: 1.7
 tags: pullup

 Change t_inetd to print a ready message when it has started listening
 on the indicated port number.

 Look for this message in sample.exp rather than waiting an arbitrary
 (and usually excessive) 2s each time for the inetd-mode tests.  Use
 run_once to perform the standalone-mode test only once per test suite
 invocation.

 Change rsh and rcp tests to start the servers via t_inetd and avoid
 excessive waiting at startup.

 In some of my tests, this reduces the tests/dejagnu tests from taking
 over 6 minutes to taking around 2 minutes.

 (This does mean the server process will no longer have started up
 before we launch the client, so it may be slower to respond, but it'll
 still be faster than the 2s delay we used before even trying to
 connect.)

 We can probably eliminate the -D option code from krshd.c now.

 The tests run as root (rlogin, telnet) still need updating.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22006
Commit By: tlyu
Revision: 22006
Changed Files:
U   branches/krb5-1-7/src/tests/dejagnu/krb-standalone/rcp.exp
U   branches/krb5-1-7/src/tests/dejagnu/krb-standalone/rsh.exp
U   branches/krb5-1-7/src/tests/dejagnu/krb-standalone/sample.exp
U   branches/krb5-1-7/src/tests/dejagnu/t_inetd.c


From rt-comment at krbdev.mit.edu  Tue Feb 17 11:10:22 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 17 Feb 2009 16:10:22 +0000 (UTC)
Subject: [krbdev.mit.edu #6356] SVN Commit 
In-Reply-To: <rt-6356@krbdev.mit.edu>
Message-ID: <rt-6356-30517.2.8077992245769@krbdev.mit.edu>


pull up r21860 from trunk

 ------------------------------------------------------------------------
 r21860 | raeburn | 2009-02-02 11:54:38 -0500 (Mon, 02 Feb 2009) | 7 lines
 Changed paths:
    M /trunk/src/kdc/main.c

 ticket: 6356
 subject: small storage leak in KDC startup
 target_version: 1.7
 tags: pullup

 Remove duplicate strdup call.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22007
Commit By: tlyu
Revision: 22007
Changed Files:
U   branches/krb5-1-7/src/kdc/main.c


From rt-comment at krbdev.mit.edu  Tue Feb 17 11:10:54 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 17 Feb 2009 16:10:54 +0000 (UTC)
Subject: [krbdev.mit.edu #6357] SVN Commit 
In-Reply-To: <rt-6357@krbdev.mit.edu>
Message-ID: <rt-6357-30520.3.07683781797344@krbdev.mit.edu>


pull up r21865, r21866 from trunk

 ------------------------------------------------------------------------
 r21866 | raeburn | 2009-02-02 13:42:06 -0500 (Mon, 02 Feb 2009) | 8 lines
 Changed paths:
    M /trunk/src/lib/kadm5/unit-test/api.0/mod-principal.exp
    M /trunk/src/lib/kadm5/unit-test/api.2/mod-principal.exp

 ticket: 6357
 subject: address lib/kadm5 test suite slowness
 target_version: 1.7

 In mod-principal tests for clearing the principal's policy, instead of
 just testing to see if the wrong string is output and timing out
 looking for it, check also for the new expected value.  Cuts test
 suite run time by about two minutes for each pass (client vs server).
 ------------------------------------------------------------------------
 r21865 | raeburn | 2009-02-02 13:29:28 -0500 (Mon, 02 Feb 2009) | 1 line
 Changed paths:
    M /trunk/src/kadmin/testing/scripts/start_servers_local

 don't delay so long while waiting for daemon startup
 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22008
Commit By: tlyu
Revision: 22008
Changed Files:
U   branches/krb5-1-7/src/kadmin/testing/scripts/start_servers_local
U   branches/krb5-1-7/src/lib/kadm5/unit-test/api.0/mod-principal.exp
U   branches/krb5-1-7/src/lib/kadm5/unit-test/api.2/mod-principal.exp


From rt-comment at krbdev.mit.edu  Tue Feb 17 11:11:50 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 17 Feb 2009 16:11:50 +0000 (UTC)
Subject: [krbdev.mit.edu #6358] SVN Commit 
In-Reply-To: <rt-6358@krbdev.mit.edu>
Message-ID: <rt-6358-30523.6.12651937252188@krbdev.mit.edu>


pull up r21867, r21868 from trunk

 ------------------------------------------------------------------------
 r21868 | raeburn | 2009-02-02 15:37:41 -0500 (Mon, 02 Feb 2009) | 6 lines
 Changed paths:
    M /trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp
    M /trunk/src/kadmin/testing/scripts/init_db

 ticket: 6358

 Revise last change to better resemble the original test, keeping the
 min-lifetime test code collected together.  Change policy to have a
 minimum password lifetime of 10s instead of 30s, and reduce the test
 delays accordingly.
 ------------------------------------------------------------------------
 r21867 | raeburn | 2009-02-02 14:29:52 -0500 (Mon, 02 Feb 2009) | 10 lines
 Changed paths:
    M /trunk/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp

 ticket: 6358
 subject: speed up kpasswd tests

 Reorder some tests and tune delays, so that we don't need to run for
 much more than twice the min-password-life interval when testing that
 functionality.  (This could be made faster if we can assume that
 init_db will always have been run immediately before the tests start.)

 In my tests, this cuts something like 11 seconds off the run time (now
 down to about 65 seconds).
 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22009
Commit By: tlyu
Revision: 22009
Changed Files:
U   branches/krb5-1-7/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp
U   branches/krb5-1-7/src/kadmin/testing/scripts/init_db


From rt-comment at krbdev.mit.edu  Tue Feb 17 11:53:05 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Tue, 17 Feb 2009 16:53:05 +0000 (UTC)
Subject: [krbdev.mit.edu #6397] use macros for config parameter strings 
In-Reply-To: <rt-6397@krbdev.mit.edu>
Message-ID: <rt-6397-30525.13.2200651286428@krbdev.mit.edu>

Use C preprocessor macros for configuration parameter strings, to avoid problems from typos, 
etc.

Changes are in

r21871, r21872, r21873, r21879, r21880

From rt-comment at krbdev.mit.edu  Wed Feb 18 13:14:51 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 18 Feb 2009 18:14:51 +0000 (UTC)
Subject: [krbdev.mit.edu #6397] SVN Commit 
In-Reply-To: <rt-6397@krbdev.mit.edu>
Message-ID: <rt-6397-30535.3.9640094626909@krbdev.mit.edu>


pull up r21871, r21872, r21873, r21879, r21880 from trunk

 ------------------------------------------------------------------------
 r21880 | ghudson | 2009-02-04 14:15:13 -0500 (Wed, 04 Feb 2009) | 3 lines
 Changed paths:
    M /trunk/src/plugins/preauth/pkinit/pkinit_clnt.c
    M /trunk/src/plugins/preauth/pkinit/pkinit_matching.c
    M /trunk/src/plugins/preauth/pkinit/pkinit_srv.c

 Include k5-int.h in several pkinit source files, in order to define
 the KRB5_CONFIG symbols now used by those files.

 ------------------------------------------------------------------------
 r21879 | tsitkova | 2009-02-04 12:08:44 -0500 (Wed, 04 Feb 2009) | 2 lines
 Changed paths:
    M /trunk/src/include/k5-int.h
    M /trunk/src/kdc/do_tgs_req.c
    M /trunk/src/kdc/main.c
    M /trunk/src/lib/kadm5/alt_prof.c
    M /trunk/src/lib/kdb/kdb5.c
    M /trunk/src/lib/krb5/krb/conv_princ.c
    M /trunk/src/lib/krb5/krb/get_in_tkt.c
    M /trunk/src/lib/krb5/krb/init_ctx.c
    M /trunk/src/lib/krb5/krb/vfy_increds.c
    M /trunk/src/lib/krb5/os/an_to_ln.c
    M /trunk/src/lib/krb5/os/def_realm.c
    M /trunk/src/lib/krb5/os/get_krbhst.c
    M /trunk/src/lib/krb5/os/hst_realm.c
    M /trunk/src/lib/krb5/os/ktdefname.c
    M /trunk/src/lib/krb5/os/localaddr.c
    M /trunk/src/lib/krb5/os/locate_kdc.c
    M /trunk/src/lib/krb5/os/realm_dom.c
    M /trunk/src/lib/krb5/os/sendto_kdc.c
    M /trunk/src/lib/krb5/os/sn2princ.c
    M /trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
    M /trunk/src/plugins/preauth/pkinit/pkinit_clnt.c
    M /trunk/src/plugins/preauth/pkinit/pkinit_matching.c
    M /trunk/src/plugins/preauth/pkinit/pkinit_profile.c
    M /trunk/src/plugins/preauth/pkinit/pkinit_srv.c

 Use macros for config parameters.

 ------------------------------------------------------------------------
 r21873 | ghudson | 2009-02-02 16:55:13 -0500 (Mon, 02 Feb 2009) | 3 lines
 Changed paths:
    M /trunk/src/include/k5-int.h

 Fix a whitespace error introduced when fixing a typo in the defines
 added to k5-int.h.

 ------------------------------------------------------------------------
 r21872 | ghudson | 2009-02-02 16:53:16 -0500 (Mon, 02 Feb 2009) | 2 lines
 Changed paths:
    M /trunk/src/include/k5-int.h

 Fix a typo in the defines added to k5-int.h.

 ------------------------------------------------------------------------
 r21871 | tsitkova | 2009-02-02 16:34:19 -0500 (Mon, 02 Feb 2009) | 2 lines
 Changed paths:
    M /trunk/src/include/k5-int.h

 Introduces macros for config parameters.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22013
Commit By: tlyu
Revision: 22013
Changed Files:
U   branches/krb5-1-7/src/include/k5-int.h
U   branches/krb5-1-7/src/kdc/do_tgs_req.c
U   branches/krb5-1-7/src/kdc/main.c
U   branches/krb5-1-7/src/lib/kadm5/alt_prof.c
U   branches/krb5-1-7/src/lib/kdb/kdb5.c
U   branches/krb5-1-7/src/lib/krb5/krb/conv_princ.c
U   branches/krb5-1-7/src/lib/krb5/krb/get_in_tkt.c
U   branches/krb5-1-7/src/lib/krb5/krb/init_ctx.c
U   branches/krb5-1-7/src/lib/krb5/krb/vfy_increds.c
U   branches/krb5-1-7/src/lib/krb5/os/an_to_ln.c
U   branches/krb5-1-7/src/lib/krb5/os/def_realm.c
U   branches/krb5-1-7/src/lib/krb5/os/get_krbhst.c
U   branches/krb5-1-7/src/lib/krb5/os/hst_realm.c
U   branches/krb5-1-7/src/lib/krb5/os/ktdefname.c
U   branches/krb5-1-7/src/lib/krb5/os/localaddr.c
U   branches/krb5-1-7/src/lib/krb5/os/locate_kdc.c
U   branches/krb5-1-7/src/lib/krb5/os/realm_dom.c
U   branches/krb5-1-7/src/lib/krb5/os/sendto_kdc.c
U   branches/krb5-1-7/src/lib/krb5/os/sn2princ.c
U   branches/krb5-1-7/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
U   branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_clnt.c
U   branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_matching.c
U   branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_profile.c
U   branches/krb5-1-7/src/plugins/preauth/pkinit/pkinit_srv.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 13:17:41 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 18 Feb 2009 18:17:41 +0000 (UTC)
Subject: [krbdev.mit.edu #6360] SVN Commit 
In-Reply-To: <rt-6360@krbdev.mit.edu>
Message-ID: <rt-6360-30538.16.8256991783371@krbdev.mit.edu>


pull up r21881 from trunk

 ------------------------------------------------------------------------
 r21881 | ghudson | 2009-02-04 14:25:51 -0500 (Wed, 04 Feb 2009) | 7 lines
 Changed paths:
    M /trunk/src/util/support/utf8_conv.c

 ticket: 6360
 tags: pullup
 target_version: 1.7

 In krb5int_utf8s_to_ucs2les, free the correct value on error, instead
 of the caller-supplied result pointer.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22014
Commit By: tlyu
Revision: 22014
Changed Files:
U   branches/krb5-1-7/src/util/support/utf8_conv.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 13:18:22 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 18 Feb 2009 18:18:22 +0000 (UTC)
Subject: [krbdev.mit.edu #6364] SVN Commit 
In-Reply-To: <rt-6364@krbdev.mit.edu>
Message-ID: <rt-6364-30550.13.2644459193786@krbdev.mit.edu>


pull up r21888 from trunk

 ------------------------------------------------------------------------
 r21888 | raeburn | 2009-02-04 21:16:22 -0500 (Wed, 04 Feb 2009) | 11 lines
 Changed paths:
    M /trunk/src/include/k5-platform.h

 ticket: 6364
 subject: declare replacement [v]asprintf functions
 target_version: 1.7
 tags: pullup

 If HAVE_VASPRINTF is not defined, make sure krb5int_{,v}asprintf
 functions always get declared, applying the preprocessor conditional
 test only to the GCC format attribute.  If HAVE_VASPRINTF is defined,
 don't declare them at all.

 This fixes a bunch of function-not-declared warnings under Sun cc.
 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22018
Commit By: tlyu
Revision: 22018
Changed Files:
U   branches/krb5-1-7/src/include/k5-platform.h


From rt-comment at krbdev.mit.edu  Wed Feb 18 13:17:48 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 18 Feb 2009 18:17:48 +0000 (UTC)
Subject: [krbdev.mit.edu #6361] SVN Commit 
In-Reply-To: <rt-6361@krbdev.mit.edu>
Message-ID: <rt-6361-30541.0.949876206762141@krbdev.mit.edu>


pull up r21884 from trunk

 ------------------------------------------------------------------------
 r21884 | wfiveash | 2009-02-04 17:29:44 -0500 (Wed, 04 Feb 2009) | 7 lines
 Changed paths:
    M /trunk/src/kadmin/dbutil/kdb5_mkey.c
    M /trunk/src/lib/kdb/kdb5.c

 ticket: 6361

 new multi-masterkey support doesn't work well when system clock is set
 back

 The ticket contains the details.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22015
Commit By: tlyu
Revision: 22015
Changed Files:
U   branches/krb5-1-7/src/kadmin/dbutil/kdb5_mkey.c
U   branches/krb5-1-7/src/lib/kdb/kdb5.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 13:17:55 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 18 Feb 2009 18:17:55 +0000 (UTC)
Subject: [krbdev.mit.edu #6362] SVN Commit 
In-Reply-To: <rt-6362@krbdev.mit.edu>
Message-ID: <rt-6362-30544.0.499514528385347@krbdev.mit.edu>


pull up r21886 from trunk
 ------------------------------------------------------------------------
 r21886 | raeburn | 2009-02-04 18:28:09 -0500 (Wed, 04 Feb 2009) | 5 lines
 Changed paths:
    M /trunk/src/aclocal.m4
    M /trunk/src/lib/gssapi/generic/oid_ops.c

 ticket: 6362
 subject: don't do arithmetic on void pointers

 Fix one file in gssapi where we compute offsets from a void* without casting.
 Change options used with Sun compiler to make such expressions an error.
 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22016
Commit By: tlyu
Revision: 22016
Changed Files:
U   branches/krb5-1-7/src/aclocal.m4
U   branches/krb5-1-7/src/lib/gssapi/generic/oid_ops.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 13:18:15 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 18 Feb 2009 18:18:15 +0000 (UTC)
Subject: [krbdev.mit.edu #6363] SVN Commit 
In-Reply-To: <rt-6363@krbdev.mit.edu>
Message-ID: <rt-6363-30547.4.81098190957958@krbdev.mit.edu>


pull up r21887 from trunk

 ------------------------------------------------------------------------
 r21887 | raeburn | 2009-02-04 20:49:21 -0500 (Wed, 04 Feb 2009) | 8 lines
 Changed paths:
    M /trunk/src/aclocal.m4
    M /trunk/src/lib/gssapi/krb5/k5seal.c

 ticket: 6363
 subject: int/ptr bug in gssapi code
 target_version: 1.7
 tags: pullup

 Fix a pointer argument passed where an integer is needed.
 Update Sun compiler options to make that an error.  (The options we're
 currently using make it an error for assignment but not for argument passing.)
 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22017
Commit By: tlyu
Revision: 22017
Changed Files:
U   branches/krb5-1-7/src/aclocal.m4
U   branches/krb5-1-7/src/lib/gssapi/krb5/k5seal.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 13:18:57 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 18 Feb 2009 18:18:57 +0000 (UTC)
Subject: [krbdev.mit.edu #6367] SVN Commit 
In-Reply-To: <rt-6367@krbdev.mit.edu>
Message-ID: <rt-6367-30556.14.0799531208565@krbdev.mit.edu>


pull up r21890 from trunk

 ------------------------------------------------------------------------
 r21890 | ghudson | 2009-02-05 13:19:23 -0500 (Thu, 05 Feb 2009) | 7 lines
 Changed paths:
    M /trunk/src/lib/krb5/keytab/ktbase.c

 ticket: 6367
 tags: pullup
 target_version: 1.7

 Fix a memory leak in krb5_kt_resolve when we fail to lock
 kt_typehead_lock.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22020
Commit By: tlyu
Revision: 22020
Changed Files:
U   branches/krb5-1-7/src/lib/krb5/keytab/ktbase.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 13:18:30 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 18 Feb 2009 18:18:30 +0000 (UTC)
Subject: [krbdev.mit.edu #6365] SVN Commit 
In-Reply-To: <rt-6365@krbdev.mit.edu>
Message-ID: <rt-6365-30553.1.44860359916741@krbdev.mit.edu>


pull up r21889 from trunk

 ------------------------------------------------------------------------
 r21889 | raeburn | 2009-02-04 21:59:08 -0500 (Wed, 04 Feb 2009) | 7 lines
 Changed paths:
    M /trunk/src/kadmin/server/kadm_rpc_svc.c
    M /trunk/src/lib/kadm5/chpass_util.c
    M /trunk/src/plugins/kdb/db2/pol_xdr.c

 ticket: 6365
 subject: include omitted system header string.h
 target_version: 1.7
 tags: pullup

 Sun cc warns about some of the string functions being undeclared in
 several source files.  So, include string.h there.
 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22019
Commit By: tlyu
Revision: 22019
Changed Files:
U   branches/krb5-1-7/src/kadmin/server/kadm_rpc_svc.c
U   branches/krb5-1-7/src/lib/kadm5/chpass_util.c
U   branches/krb5-1-7/src/plugins/kdb/db2/pol_xdr.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 13:19:11 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 18 Feb 2009 18:19:11 +0000 (UTC)
Subject: [krbdev.mit.edu #6368] SVN Commit 
In-Reply-To: <rt-6368@krbdev.mit.edu>
Message-ID: <rt-6368-30559.5.28718276491666@krbdev.mit.edu>


pull up r21894 from trunk

 ------------------------------------------------------------------------
 r21894 | ghudson | 2009-02-05 13:43:08 -0500 (Thu, 05 Feb 2009) | 7 lines
 Changed paths:
    M /trunk/src/lib/krb5/krb/chpw.c

 ticket: 6368
 tags: pullup
 target_version: 1.7

 Add a missing break in the switch statement of
 krb5int_setpw_result_code_string.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22021
Commit By: tlyu
Revision: 22021
Changed Files:
U   branches/krb5-1-7/src/lib/krb5/krb/chpw.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 13:19:19 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Wed, 18 Feb 2009 18:19:19 +0000 (UTC)
Subject: [krbdev.mit.edu #6349] SVN Commit 
In-Reply-To: <rt-6349@krbdev.mit.edu>
Message-ID: <rt-6349-30562.0.191141921862013@krbdev.mit.edu>


pull up r21895 from trunk

 ------------------------------------------------------------------------
 r21895 | epeisach | 2009-02-05 14:02:29 -0500 (Thu, 05 Feb 2009) | 7 lines
 Changed paths:
    M /trunk/src/lib/rpc/unit-test/config/unix.exp
    M /trunk/src/lib/rpc/unit-test/rpc_test.0/expire.exp
    M /trunk/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp
    M /trunk/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp

 ticket: 6349

 Detect failure to register with rpcbind/portmap due to security
 restrictons and not bomb out in tests.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22022
Commit By: tlyu
Revision: 22022
Changed Files:
U   branches/krb5-1-7/src/lib/rpc/unit-test/config/unix.exp
U   branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/expire.exp
U   branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/fullrun.exp
U   branches/krb5-1-7/src/lib/rpc/unit-test/rpc_test.0/gsserr.exp


From rt-comment at krbdev.mit.edu  Wed Feb 18 19:35:57 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 19 Feb 2009 00:35:57 +0000 (UTC)
Subject: [krbdev.mit.edu #6371] SVN Commit 
In-Reply-To: <rt-6371@krbdev.mit.edu>
Message-ID: <rt-6371-30573.14.3187936030542@krbdev.mit.edu>


pull up r21900 from trunk

 ------------------------------------------------------------------------
 r21900 | wfiveash | 2009-02-05 15:57:09 -0500 (Thu, 05 Feb 2009) | 10 lines
 Changed paths:
    M /trunk/src/kadmin/dbutil/kdb5_mkey.c
    M /trunk/src/lib/kdb/kdb5.c
    M /trunk/src/lib/kdb/kdb_default.c

 ticket: 6371
 subject: deal with memleaks in migrate mkey project
 Version_Reported: 1.7
 Target_Version: 1.7
 Tags: pullup

 Ken R. told me that Coverity found several potential memleaks introduced
 by the mkey migration project.  This addresses those leaks and tweaks
 the code formatting in a few places.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22026
Commit By: tlyu
Revision: 22026
Changed Files:
U   branches/krb5-1-7/src/kadmin/dbutil/kdb5_mkey.c
U   branches/krb5-1-7/src/lib/kdb/kdb5.c
U   branches/krb5-1-7/src/lib/kdb/kdb_default.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 19:36:08 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 19 Feb 2009 00:36:08 +0000 (UTC)
Subject: [krbdev.mit.edu #6372] SVN Commit 
In-Reply-To: <rt-6372@krbdev.mit.edu>
Message-ID: <rt-6372-30576.5.78557168675864@krbdev.mit.edu>


pull up r21901 from trunk

 ------------------------------------------------------------------------
 r21901 | ghudson | 2009-02-05 16:27:54 -0500 (Thu, 05 Feb 2009) | 8 lines
 Changed paths:
    M /trunk/src/lib/krb5/krb/mk_req_ext.c

 ticket: 6372
 subject: Fix memory handling bug in mk_req_ext
 tags: pullup
 target_version: 1.7

 In make_etype_list, assign *authdata before we have a chance to fail,
 since we may have invalidated the previous value with realloc.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22027
Commit By: tlyu
Revision: 22027
Changed Files:
U   branches/krb5-1-7/src/lib/krb5/krb/mk_req_ext.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 19:35:38 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 19 Feb 2009 00:35:38 +0000 (UTC)
Subject: [krbdev.mit.edu #6370] SVN Commit 
In-Reply-To: <rt-6370@krbdev.mit.edu>
Message-ID: <rt-6370-30570.3.7559796737721@krbdev.mit.edu>


pull up r21899 from trunk

 ------------------------------------------------------------------------
 r21899 | ghudson | 2009-02-05 15:07:45 -0500 (Thu, 05 Feb 2009) | 3 lines
 Changed paths:
    M /trunk/src/lib/krb5/krb/gc_frm_kdc.c

 In gc_frm_kdc.c's do_traversal(), fix an assert which was doing an
 assignment instead of a compare.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22025
Commit By: tlyu
Revision: 22025
Changed Files:
U   branches/krb5-1-7/src/lib/krb5/krb/gc_frm_kdc.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 19:36:24 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 19 Feb 2009 00:36:24 +0000 (UTC)
Subject: [krbdev.mit.edu #6373] SVN Commit 
In-Reply-To: <rt-6373@krbdev.mit.edu>
Message-ID: <rt-6373-30579.2.69825272338743@krbdev.mit.edu>


pull up r21903 from trunk

 ------------------------------------------------------------------------
 r21903 | raeburn | 2009-02-05 20:07:32 -0500 (Thu, 05 Feb 2009) | 7 lines
 Changed paths:
    M /trunk/src/lib/gssapi/krb5/krb5_gss_glue.c

 ticket: 6373
 subject: remove some redundant or useless qualifiers
 target_version: 1.7
 tags: pullup

 Remove some redundant qualifiers specified redundantly multiple times more than once in variable declarations.
 Also remove some useless qualifiers in casts and function argument declarations.
 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22028
Commit By: tlyu
Revision: 22028
Changed Files:
U   branches/krb5-1-7/src/lib/gssapi/krb5/krb5_gss_glue.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 19:36:33 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 19 Feb 2009 00:36:33 +0000 (UTC)
Subject: [krbdev.mit.edu #6374] SVN Commit 
In-Reply-To: <rt-6374@krbdev.mit.edu>
Message-ID: <rt-6374-30582.18.0082346692895@krbdev.mit.edu>


pull up r21906 from trunk

 ------------------------------------------------------------------------
 r21906 | epeisach | 2009-02-06 00:22:34 -0500 (Fri, 06 Feb 2009) | 12 lines
 Changed paths:
    M /trunk/src/lib/kadm5/kadm_rpc_xdr.c

 ticket: 6374
 subject: Do not assume sizeof(bool_t) == sizeof(krb5_boolean)

 bool_t is defined as int, krb5_boolean as unsigned int.  These are
 similar size but someone someday might change the krb5_boolean.
 Instead of passing a krb5_boolean * to xdr_bool, implement xdr_krb5_boolean
 which keeps the different types separate.

 This cleans up a number of warnings.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22029
Commit By: tlyu
Revision: 22029
Changed Files:
U   branches/krb5-1-7/src/lib/kadm5/kadm_rpc_xdr.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 19:36:52 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 19 Feb 2009 00:36:52 +0000 (UTC)
Subject: [krbdev.mit.edu #6375] SVN Commit 
In-Reply-To: <rt-6375@krbdev.mit.edu>
Message-ID: <rt-6375-30585.18.5367100786632@krbdev.mit.edu>


pull up r21909 from trunk

 ------------------------------------------------------------------------
 r21909 | ghudson | 2009-02-06 13:40:04 -0500 (Fri, 06 Feb 2009) | 9 lines
 Changed paths:
    M /trunk/src/lib/krb5/krb/walk_rtree.c

 ticket: 6375
 subject: Fix error handling in krb5_walk_realm_tree
 tags: pullup
 target_version: 1.7

 rtree_hier_realms was forgetting to assign the return value of
 krb5int_copy_data_contents to retval, which would cause a failure to
 notice out-of-memory conditions.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22030
Commit By: tlyu
Revision: 22030
Changed Files:
U   branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 19:37:04 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 19 Feb 2009 00:37:04 +0000 (UTC)
Subject: [krbdev.mit.edu #6376] SVN Commit 
In-Reply-To: <rt-6376@krbdev.mit.edu>
Message-ID: <rt-6376-30588.7.45927454049045@krbdev.mit.edu>


pull up r21912 from trunk

 ------------------------------------------------------------------------
 r21912 | ghudson | 2009-02-06 15:43:44 -0500 (Fri, 06 Feb 2009) | 10 lines
 Changed paths:
    M /trunk/src/lib/krb5/krb/walk_rtree.c

 ticket: 6376
 subject: Memory handling fixes in walk_rtree
 tags: pullup
 target_version: 1.7

 In walk_rtree's rtree_hier_tree, don't leak the result of
 rtree_hier_realms.  In rtree_hier_realms, avoid freeing one too many
 krb5_data contents on allocation failure, and use the recommend
 pattern to ensure well-defined output parameter values.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22031
Commit By: tlyu
Revision: 22031
Changed Files:
U   branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 19:37:46 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 19 Feb 2009 00:37:46 +0000 (UTC)
Subject: [krbdev.mit.edu #6378] SVN Commit 
In-Reply-To: <rt-6378@krbdev.mit.edu>
Message-ID: <rt-6378-30594.16.6351942865392@krbdev.mit.edu>


pull up r21923 from trunk

 ------------------------------------------------------------------------
 r21923 | ghudson | 2009-02-09 13:35:19 -0500 (Mon, 09 Feb 2009) | 9 lines
 Changed paths:
    M /trunk/src/include/k5-unicode.h
    M /trunk/src/lib/krb5/error_tables/krb5_err.et
    M /trunk/src/lib/krb5/unicode/ucstr.c

 ticket: 6378
 subject: Change contract of krb5int_utf8_normalize and fix memory leaks
 tags: pullup
 target_version: 1.7

 Make krb5int_utf8_normalize return a krb5_error_code and always allocate
 a structure to be placed in the output parameter.  Adjust the function
 structure to use a cleanup handler, fixing many memory leaks.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22033
Commit By: tlyu
Revision: 22033
Changed Files:
U   branches/krb5-1-7/src/include/k5-unicode.h
U   branches/krb5-1-7/src/lib/krb5/error_tables/krb5_err.et
U   branches/krb5-1-7/src/lib/krb5/unicode/ucstr.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 19:37:18 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 19 Feb 2009 00:37:18 +0000 (UTC)
Subject: [krbdev.mit.edu #6377] SVN Commit 
In-Reply-To: <rt-6377@krbdev.mit.edu>
Message-ID: <rt-6377-30591.4.39434226213301@krbdev.mit.edu>


pull up r21920, r21922, r21926 from trunk

 ------------------------------------------------------------------------
 r21926 | raeburn | 2009-02-09 15:39:54 -0500 (Mon, 09 Feb 2009) | 7 lines
 Changed paths:
    M /trunk/src/lib/krb5/krb/kfree.c

 ticket: 6377

 Fix one more case of an explicit null check before calling a free
 function that does the null check.

 Also, use krb5_free_keyblock_contents instead of open-coding all the
 work (and not trying hard enough to clear the memory).
 ------------------------------------------------------------------------
 r21922 | raeburn | 2009-02-09 13:13:08 -0500 (Mon, 09 Feb 2009) | 3 lines
 Changed paths:
    M /trunk/src/lib/krb5/os/free_krbhs.c

 ticket: 6377

 Provide omitted return value in last change.
 ------------------------------------------------------------------------
 r21920 | raeburn | 2009-02-09 12:53:21 -0500 (Mon, 09 Feb 2009) | 8 lines
 Changed paths:
    M /trunk/src/lib/krb5/krb/free_rtree.c
    M /trunk/src/lib/krb5/krb/init_ctx.c
    M /trunk/src/lib/krb5/krb/kfree.c
    M /trunk/src/lib/krb5/krb/preauth2.c
    M /trunk/src/lib/krb5/os/free_krbhs.c
    M /trunk/src/lib/krb5/os/promptusr.c

 ticket: 6377
 subject: make krb5_free_* functions ignore NULL

 This makes them safer to call in various contexts where NULL may leak
 through, and makes analysis easier.

 Also, remove some checks for NULL before calling a free routine that
 will also check for NULL.
 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22032
Commit By: tlyu
Revision: 22032
Changed Files:
U   branches/krb5-1-7/src/lib/krb5/krb/free_rtree.c
U   branches/krb5-1-7/src/lib/krb5/krb/init_ctx.c
U   branches/krb5-1-7/src/lib/krb5/krb/kfree.c
U   branches/krb5-1-7/src/lib/krb5/krb/preauth2.c
U   branches/krb5-1-7/src/lib/krb5/os/free_krbhs.c
U   branches/krb5-1-7/src/lib/krb5/os/promptusr.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 19:38:28 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 19 Feb 2009 00:38:28 +0000 (UTC)
Subject: [krbdev.mit.edu #6392] SVN Commit 
In-Reply-To: <rt-6392@krbdev.mit.edu>
Message-ID: <rt-6392-30603.16.7511769717773@krbdev.mit.edu>


pull up r21980 from trunk

 ------------------------------------------------------------------------
 r21980 | ghudson | 2009-02-12 12:51:45 -0500 (Thu, 12 Feb 2009) | 8 lines
 Changed paths:
    M /trunk/src/lib/krb5/krb/walk_rtree.c

 ticket: 6392
 subject: Fix allocation failure check in walk_rtree
 tags: pullup
 target_version: 1.7

 Check the correct variable for null after allocating the server string
 in rtree_capath_vals.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22036
Commit By: tlyu
Revision: 22036
Changed Files:
U   branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 19:38:10 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 19 Feb 2009 00:38:10 +0000 (UTC)
Subject: [krbdev.mit.edu #6379] SVN Commit 
In-Reply-To: <rt-6379@krbdev.mit.edu>
Message-ID: <rt-6379-30597.6.05234433973486@krbdev.mit.edu>


pull up r21924 from trunk

 ------------------------------------------------------------------------
 r21924 | ghudson | 2009-02-09 13:52:40 -0500 (Mon, 09 Feb 2009) | 10 lines
 Changed paths:
    M /trunk/src/lib/krb5/krb/walk_rtree.c

 ticket: 6379
 subject: Fix possible free of uninitialized value in walk_rtree
 tags: pullup
 target_version: 1.7

 In rtree_hier_realms, if the first rtree_hier_tweens call failed, the
 cleanup handler would free stweens which had not been initialized.
 Initialize ctweens and stweens to NULL in the variable declarations to
 make the cleanup handler safe.

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22034
Commit By: tlyu
Revision: 22034
Changed Files:
U   branches/krb5-1-7/src/lib/krb5/krb/walk_rtree.c


From rt-comment at krbdev.mit.edu  Wed Feb 18 19:38:19 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Thu, 19 Feb 2009 00:38:19 +0000 (UTC)
Subject: [krbdev.mit.edu #6390] SVN Commit 
In-Reply-To: <rt-6390@krbdev.mit.edu>
Message-ID: <rt-6390-30600.16.938025663442@krbdev.mit.edu>


pull up r21968 from trunk

 ------------------------------------------------------------------------
 r21968 | epeisach | 2009-02-11 08:01:11 -0500 (Wed, 11 Feb 2009) | 9 lines
 Changed paths:
    M /trunk/src/aclocal.m4

 ticket: 6390
 subject: --disable-rpath is not working
 tags: pullup
 target_version: 1.7

 AC_ARG_ENABLE returns its value in enableval not withval.  --disable-rpath
 was not working - or dependent on some previous setting...

 ------------------------------------------------------------------------

http://src.mit.edu/fisheye/changelog/krb5/?cs=22035
Commit By: tlyu
Revision: 22035
Changed Files:
U   branches/krb5-1-7/src/aclocal.m4


From rt-comment at krbdev.mit.edu  Thu Feb 19 15:51:28 2009
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Thu, 19 Feb 2009 20:51:28 +0000 (UTC)
Subject: [krbdev.mit.edu #6398] SVN Commit 
In-Reply-To: <rt-6398@krbdev.mit.edu>
Message-ID: <rt-6398-30604.16.7171140535017@krbdev.mit.edu>


Our sample krb5.conf has obsolete info on the GNU.ORG realm; the DNS
entries named don't exist, and AFAIK this hasn't been accurate in
years.  (I don't even know if they're currently running a Kerberos
realm.)

http://src.mit.edu/fisheye/changelog/krb5/?cs=22038
Commit By: raeburn
Revision: 22038
Changed Files:
U   trunk/src/config-files/krb5.conf


From rt-comment at krbdev.mit.edu  Thu Feb 19 18:10:11 2009
From: rt-comment at krbdev.mit.edu (The RT System itself via RT)
Date: Thu, 19 Feb 2009 23:10:11 +0000 (UTC)
Subject: [krbdev.mit.edu #6399] rcp needs to check the result of close() when
	writing files 
In-Reply-To: <rt-6399@krbdev.mit.edu>
Message-ID: <rt-6399-30609.12.689724947161@krbdev.mit.edu>

>From krb5-bugs-incoming-bounces at PCH.mit.edu  Thu Feb 19 23:10:11 2009
Return-Path: <krb5-bugs-incoming-bounces at PCH.mit.edu>
X-Original-To: krb5-send-pr-nospam1 at krbdev.mit.edu
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
	by krbdev.mit.edu (Postfix) with ESMTP id 7ABBC5C0EA;
	Thu, 19 Feb 2009 23:10:11 +0000 (UTC)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n1JNABJ8016130;
	Thu, 19 Feb 2009 18:10:11 -0500
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
	[18.7.21.83])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n1JMMpQU010032
	for <krb5-bugs-incoming at PCH.mit.edu>; Thu, 19 Feb 2009 17:22:51 -0500
Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114])
	by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id
	n1JMMiLH008803
	for <krb5-bugs at mit.edu>; Thu, 19 Feb 2009 17:22:45 -0500 (EST)
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by mit.edu (Spam Firewall) with ESMTP id 263CD12BA5E0
	for <krb5-bugs at mit.edu>; Thu, 19 Feb 2009 17:22:03 -0500 (EST)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
	[172.16.52.254])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n1JMM34t020839
	for <krb5-bugs at mit.edu>; Thu, 19 Feb 2009 17:22:03 -0500
Received: from blade.bos.redhat.com (blade.bos.redhat.com [10.16.0.23])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n1JMLw9h010774
	for <krb5-bugs at mit.edu>; Thu, 19 Feb 2009 17:21:58 -0500
Received: from blade.bos.redhat.com (localhost.localdomain [127.0.0.1])
	by blade.bos.redhat.com (8.14.3/8.14.2) with ESMTP id n1JMM3SV002141
	for <krb5-bugs at mit.edu>; Thu, 19 Feb 2009 17:22:03 -0500
Received: (from nalin at localhost)
	by blade.bos.redhat.com (8.14.3/8.14.3/Submit) id n1JMM3DC002140;
	Thu, 19 Feb 2009 17:22:03 -0500
Date: Thu, 19 Feb 2009 17:22:03 -0500
Message-Id: <200902192222.n1JMM3DC002140 at blade.bos.redhat.com>
To: krb5-bugs at mit.edu
Subject: rcp needs to check the result of close() when writing files
From: nalin at redhat.com
X-send-pr-version: 3.99
X-Scanned-By: MIMEDefang 2.42
X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254
X-Spam-Score: 0.55
X-Spam-Flag: NO
X-Mailman-Approved-At: Thu, 19 Feb 2009 18:10:10 -0500
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: nalin at redhat.com
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu


>Submitter-Id:	net
>Originator:	
>Organization:
>Confidential:	no
>Synopsis:	rcp needs to check the result of close() when writing files
>Severity:	non-critical
>Priority:	medium
>Category:	krb5-appl
>Class:		sw-bug
>Release:	1.6.3
>Environment:
	
System: Linux blade.bos.redhat.com 2.6.27.15-170.2.24.fc10.x86_64 #1 SMP Wed Feb 11 23:14:31 EST 2009 x86_64 x86_64 x86_64 GNU/Linux
Architecture: x86_64

>Description:
	Tomas Smetana noted that rcp wasn't reporting out-of-space errors
	when copying files to an NFS filesystem, and traced it down to
	an unchecked call to close(), which is when the error would have
	been reported to the receiving rcp.
>How-To-Repeat:
	Mount an NFS filesystem read-write from a remote host.  Use rcp
	to attempt to copy a file which is larger than the filesystem
	to the NFS client.  The copy will fail due to insufficient space,
	but write() won't fail.  The close() call will fail but it's
	not checked, so rcp will indicate success for an incomplete copy.
>Fix:
	Tomas's patch:

Index: src/appl/bsd/krcp.c
===================================================================
--- src/appl/bsd/krcp.c	(revision 22038)
+++ src/appl/bsd/krcp.c	(working copy)
@@ -1115,7 +1115,10 @@
 	  wrerr++;
 	if (ftruncate(of, size))
 	  error("rcp: can't truncate %s: %s\n", nambuf, error_message(errno));
-	(void) close(of);
+	if (close(of) != 0)
+	{
+		error("rcp: error closing %s: %s\n", nambuf, error_message(errno));
+	}
 	(void) response();
 	if (setimes) {
 	    setimes = 0;


From rt-comment at krbdev.mit.edu  Fri Feb 20 12:31:07 2009
From: rt-comment at krbdev.mit.edu (Tom Yu via RT)
Date: Fri, 20 Feb 2009 17:31:07 +0000 (UTC)
Subject: [krbdev.mit.edu #6348] kadmin and ktutil installed in sbin,
	should be bin
In-Reply-To: <rt-6348@krbdev.mit.edu>
Message-ID: <rt-6348-30614.5.79036082666768@krbdev.mit.edu>

"Russ Allbery via RT" <rt-comment at krbdev.mit.edu> writes:

> "Greg Hudson via RT" <rt-comment at krbdev.mit.edu> writes:
>
>> We discussed this at a meeting and we basically agree.  kadmin in
>> particular is normally run by non-root users and belongs in bin.  ktutil
>> is a little less clear because the usual use case is to operate on host
>> keytabs which are only readable by root--but there are other fairly
>> common use cases, so it probably belongs in bin.
>>
>> Do you want to commit the change for this to our repository?
>
> I've committed this now.  I left the man pages in the man8 directory,
> however, both because there are existing cross-references and because
> there isn't always a one-to-one mapping between path and man1 vs. man8.
> Let me know if you'd like me to move the man pages to section one as well,
> though.
>
> I also left k5srvutil where it is, although I wasn't sure that was the
> right decision.

After thinking about it somewhat, I forsee a use case where a Kerberos
administrator wishes to run k5srvutil (as a non-superuser) to generate
a keytab for a customer to install.

I think we should also put k5srvutil in the PREFIX/bin for this
reason.


From rt-comment at krbdev.mit.edu  Fri Feb 20 13:48:36 2009
From: rt-comment at krbdev.mit.edu (Russ Allbery via RT)
Date: Fri, 20 Feb 2009 18:48:36 +0000 (UTC)
Subject: [krbdev.mit.edu #6348] kadmin and ktutil installed in sbin,
	should be bin
In-Reply-To: <rt-6348@krbdev.mit.edu>
Message-ID: <rt-6348-30616.0.0128224917168751@krbdev.mit.edu>

"Tom Yu via RT" <rt-comment at krbdev.mit.edu> writes:

> After thinking about it somewhat, I forsee a use case where a Kerberos
> administrator wishes to run k5srvutil (as a non-superuser) to generate a
> keytab for a customer to install.
>
> I think we should also put k5srvutil in the PREFIX/bin for this reason.

Committed.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


From rt-comment at krbdev.mit.edu  Fri Feb 20 13:48:27 2009
From: rt-comment at krbdev.mit.edu (Russ Allbery <rra@stanford.edu> via RT)
Date: Fri, 20 Feb 2009 18:48:27 +0000 (UTC)
Subject: [krbdev.mit.edu #6348] SVN Commit 
In-Reply-To: <rt-6348@krbdev.mit.edu>
Message-ID: <rt-6348-30615.9.38733098173792@krbdev.mit.edu>


Also install k5srvutil into PREFIX/bin instead of PREFIX/sbin.


http://src.mit.edu/fisheye/changelog/krb5/?cs=22042
Commit By: rra
Revision: 22042
Changed Files:
U   trunk/src/kadmin/cli/Makefile.in


From rt-comment at krbdev.mit.edu  Fri Feb 20 14:14:39 2009
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Fri, 20 Feb 2009 19:14:39 +0000 (UTC)
Subject: [krbdev.mit.edu #6399] rcp needs to check the result of close() when
	writing files 
In-Reply-To: <rt-6399@krbdev.mit.edu>
Message-ID: <rt-6399-30618.11.8492073889627@krbdev.mit.edu>

Fix committed to the mainline (r22043).  Thanks!

From rt-comment at krbdev.mit.edu  Mon Feb 23 11:22:48 2009
From: rt-comment at krbdev.mit.edu (Sam Hartman via RT)
Date: Mon, 23 Feb 2009 16:22:48 +0000 (UTC)
Subject: [krbdev.mit.edu #6393] SVN Commit 
In-Reply-To: <rt-6393@krbdev.mit.edu>
Message-ID: <rt-6393-30619.8.20046498051191@krbdev.mit.edu>


send_tgs.c:
* Move generation of subkey into krb5int_send_tgs from construct_authenticator so that it is available for encrypting authorization data.

* Initialize rep->message_type and note that rep is touched on
unsuccessful calls (this has always been true).

* Do not set *subkey until successful return.
Thanks to Greg Hudson for pointing out these problems.

http://src.mit.edu/fisheye/changelog/krb5/?cs=22044
Commit By: hartmans
Revision: 22044
Changed Files:
U   trunk/src/lib/krb5/krb/send_tgs.c


From rt-comment at krbdev.mit.edu  Thu Feb 26 15:07:07 2009
From: rt-comment at krbdev.mit.edu (Sam Hartman via RT)
Date: Thu, 26 Feb 2009 20:07:07 +0000 (UTC)
Subject: [krbdev.mit.edu #6400] SVN Commit 
In-Reply-To: <rt-6400@krbdev.mit.edu>
Message-ID: <rt-6400-30621.17.5595534553965@krbdev.mit.edu>


Currently, the GSS-API routines for handling authdata only extract the
authorization data from the ticket, not that from the authenticator.
This is incorrect.  Introduce a new function krb5_merge_authadata to
merge two authdata arrays into a newly allocated result array.  Use
this function in accept_sec_context.c to include both sets of
authdata.

http://src.mit.edu/fisheye/changelog/krb5/?cs=22056
Commit By: hartmans
Revision: 22056
Changed Files:
U   trunk/src/include/krb5/krb5.hin
U   trunk/src/lib/gssapi/krb5/accept_sec_context.c
U   trunk/src/lib/krb5/krb/copy_auth.c
U   trunk/src/lib/krb5/libkrb5.exports


From rt-comment at krbdev.mit.edu  Thu Feb 26 15:32:36 2009
From: rt-comment at krbdev.mit.edu (Sam Hartman via RT)
Date: Thu, 26 Feb 2009 20:32:36 +0000 (UTC)
Subject: [krbdev.mit.edu #6400] SVN Commit 
In-Reply-To: <rt-6400@krbdev.mit.edu>
Message-ID: <rt-6400-30626.7.91000316927487@krbdev.mit.edu>


krb5_merge_authdata  should initialize output on failure.

http://src.mit.edu/fisheye/changelog/krb5/?cs=22057
Commit By: hartmans
Revision: 22057
Changed Files:
U   trunk/src/lib/krb5/krb/copy_auth.c