From ghudson at mit.edu Mon Sep 8 17:20:16 2025 From: ghudson at mit.edu (ghudson at mit.edu) Date: Mon, 8 Sep 2025 17:20:16 -0400 (EDT) Subject: krb5 commit: Fix SPNEGO mechListMIC parsing Message-ID: <20250908212016.1838F103EA2@krbdev.mit.edu> https://github.com/krb5/krb5/commit/942c5036e14066a1f4badfdf67716c47f2e33a39 commit 942c5036e14066a1f4badfdf67716c47f2e33a39 Author: dovsyannikov Date: Wed Sep 3 13:52:57 2025 +0000 Fix SPNEGO mechListMIC parsing Commit fdceb225f881e2b1337eebcb9a9443fa4a9be3fd erroneously altered get_negTokenResp() to look for mechListMIC with tag 0xA4 instead of 0xA3. Fix it. Restore the t_spnego.c reselection test by constructing a two-mechanism SPNEGO initiator credential using the internal structures. [ghudson at mit.edu: added test case; rewrote commit message] ticket: 9183 (new) tags: pullup target_version: 1.21-next target_version: 1.22-next src/lib/gssapi/spnego/spnego_mech.c | 2 +- src/tests/gssapi/Makefile.in | 2 +- src/tests/gssapi/deps | 19 ++++++++++-- src/tests/gssapi/t_spnego.c | 60 +++++++++++++++++++++++++++++-------- 4 files changed, 66 insertions(+), 17 deletions(-) diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 43ba63ab2..4a7783643 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -3515,7 +3515,7 @@ get_negTokenResp(OM_uint32 *minor_status, struct k5input *in, return GSS_S_DEFECTIVE_TOKEN; } - if (k5_der_get_value(&seq, CONTEXT | 0x04, &field)) { + if (k5_der_get_value(&seq, CONTEXT | 0x03, &field)) { *mechListMIC = get_octet_string(&field); /* Handle Windows 2000 duplicate response token */ diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in index 97a6ac3f3..5f57173cd 100644 --- a/src/tests/gssapi/Makefile.in +++ b/src/tests/gssapi/Makefile.in @@ -4,7 +4,7 @@ DEFINES = -DUSE_AUTOCONF_H # For t_prf.c LOCALINCLUDES = -I$(srcdir)/../../lib/gssapi/mechglue \ - -I$(srcdir)/../../lib/gssapi/krb5 \ + -I$(srcdir)/../../lib/gssapi/krb5 -I$(srcdir)/../../lib/gssapi/spnego \ -I$(srcdir)/../../lib/gssapi/generic -I../../lib/gssapi/krb5 \ -I../../lib/gssapi/generic diff --git a/src/tests/gssapi/deps b/src/tests/gssapi/deps index 2c55fa517..e93250af7 100644 --- a/src/tests/gssapi/deps +++ b/src/tests/gssapi/deps @@ -187,9 +187,24 @@ $(OUTPRE)t_saslname.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ common.h t_saslname.c -$(OUTPRE)t_spnego.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ +$(OUTPRE)t_spnego.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \ + $(COM_ERR_DEPS) $(srcdir)/../../lib/gssapi/generic/gssapiP_generic.h \ + $(srcdir)/../../lib/gssapi/generic/gssapi_ext.h $(srcdir)/../../lib/gssapi/generic/gssapi_generic.h \ + $(srcdir)/../../lib/gssapi/mechglue/mechglue.h $(srcdir)/../../lib/gssapi/mechglue/mglueP.h \ + $(srcdir)/../../lib/gssapi/spnego/gssapiP_negoex.h \ + $(srcdir)/../../lib/gssapi/spnego/gssapiP_spnego.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-input.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ common.h t_spnego.c $(OUTPRE)t_srcattrs.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ diff --git a/src/tests/gssapi/t_spnego.c b/src/tests/gssapi/t_spnego.c index 4091739f8..3b5309718 100644 --- a/src/tests/gssapi/t_spnego.c +++ b/src/tests/gssapi/t_spnego.c @@ -29,6 +29,11 @@ #include #include +/* See create_reselection_cred(). */ +#include "k5-int.h" +#include +#include + #include "common.h" static gss_OID_desc mech_krb5_wrong = { @@ -228,6 +233,47 @@ test_neghints(void) (void)gss_delete_sec_context(&minor, &actx, NULL); } +/* + * There is currently no API to create a SPNEGO credential supporting multiple + * mechanisms unless a third-party mechanism is configured in the mechs file; + * the default credential contains only krb5 (after tickets #8021 and #8217) + * and a SPNEGO cred cannot be created from an existing union cred. Using + * internal structures, create a two-mechanism initiator cred so that we can + * test reselection. + */ +static gss_cred_id_t +create_reselection_cred(void) +{ + OM_uint32 major, minor; + gss_OID_desc mlist[2] = { mech_krb5, mech_iakerb }; + gss_OID_set_desc mechs = { 2, mlist }; + gss_cred_id_t cred; + spnego_gss_cred_id_t scred; + gss_union_cred_t ucred; + + major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE, + &mechs, GSS_C_INITIATE, &cred, NULL, NULL); + check_gsserr("gss_acquire_cred(reslection)", major, minor); + + scred = calloc(1, sizeof(*scred)); + assert(scred != NULL); + scred->mcred = cred; + + ucred = calloc(1, sizeof(*ucred)); + assert(ucred != NULL); + ucred->loopback = ucred; + ucred->count = 1; + ucred->mechs_array = calloc(1, sizeof(*ucred->mechs_array)); + ucred->cred_array = calloc(1, sizeof(*ucred->cred_array)); + assert(ucred->mechs_array != NULL && ucred->cred_array != NULL); + ucred->mechs_array[0].elements = malloc(mech_spnego.length); + assert(ucred->mechs_array[0].elements != NULL); + g_OID_copy(&ucred->mechs_array[0], &mech_spnego); + ucred->cred_array[0] = (gss_cred_id_t)scred; + + return (gss_cred_id_t)ucred; +} + int main(int argc, char *argv[]) { @@ -254,19 +300,7 @@ main(int argc, char *argv[]) } /* Get default initiator cred. */ - major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE, - &mechset_spnego, GSS_C_INITIATE, - &initiator_cred_handle, NULL, NULL); - check_gsserr("gss_acquire_cred(initiator)", major, minor); - - /* - * The following test is designed to exercise SPNEGO reselection on the - * client and server. Unfortunately, it no longer does so after tickets - * #8217 and #8021, since SPNEGO now only acquires a single krb5 cred and - * there is no way to expand the underlying creds with gss_set_neg_mechs(). - * To fix this we need gss_acquire_cred_with_cred() or some other way to - * turn a cred with a specifically requested mech set into a SPNEGO cred. - */ + initiator_cred_handle = create_reselection_cred(); /* Make the initiator prefer IAKERB and offer krb5 as an alternative. */ pref_oids[0] = mech_iakerb; From ghudson at mit.edu Wed Sep 17 19:59:04 2025 From: ghudson at mit.edu (ghudson at mit.edu) Date: Wed, 17 Sep 2025 19:59:04 -0400 (EDT) Subject: krb5 commit: Update CI for windows-2025 runner Message-ID: <20250917235904.281EA103FC1@krbdev.mit.edu> https://github.com/krb5/krb5/commit/4c836b880003a8960d95e93a6707110e3215774f commit 4c836b880003a8960d95e93a6707110e3215774f Author: Greg Hudson Date: Fri Aug 15 01:30:50 2025 -0400 Update CI for windows-2025 runner .github/workflows/build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c16e77c43..f12422d19 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -67,18 +67,18 @@ jobs: fi windows: - runs-on: windows-latest + runs-on: windows-2025 env: KRB_INSTALL_DIR: C:\kfw OPENSSL_DIR: C:\Program Files\OpenSSL - OPENSSL_VERSION: 1_1 + OPENSSL_VERSION: 3 steps: - name: Checkout repository uses: actions/checkout at v1 - name: Setup - shell: cmd run: | - mkdir %KRB_INSTALL_DIR% + mkdir "$env:KRB_INSTALL_DIR" + copy "$env:OPENSSL_DIR\lib\VC\x64\MD\libcrypto.lib" "$env:OPENSSL_DIR\lib" - uses: ilammy/msvc-dev-cmd at v1 with: arch: x64 From ghudson at mit.edu Fri Sep 19 11:57:13 2025 From: ghudson at mit.edu (ghudson at mit.edu) Date: Fri, 19 Sep 2025 11:57:13 -0400 (EDT) Subject: krb5 commit: Fix profile_open_file() last_stat locking Message-ID: <20250919155713.B795E104104@krbdev.mit.edu> https://github.com/krb5/krb5/commit/3466589de7de7e74aa53c560b83313ae7d2f8b6f commit 3466589de7de7e74aa53c560b83313ae7d2f8b6f Author: Alexey Milovidov Date: Mon Apr 10 04:19:01 2023 +0200 Fix profile_open_file() last_stat locking Commit 53d6d0d64e96b84b57b7446a787e683312e2a529 changed profile_open_file() to force a stat() when reusing a profile object, by setting the last_stat field to 0 on the data object. The last_stat field is controlled by the data object mutex (unlike the refcount field, which is controlled by g_shared_trees_mutex). Lock the data object before setting last_stat. [ghudson at mit.edu: switched to using profile_update_data_file_locked() so we don't lock and unlock the data object twice; rewrote commit message] ticket: 9184 (new) src/util/profile/prof_file.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c index 8b0b2bb44..4ff1538fd 100644 --- a/src/util/profile/prof_file.c +++ b/src/util/profile/prof_file.c @@ -220,9 +220,11 @@ errcode_t profile_open_file(const_profile_filespec_t filespec, } if (data) { data->refcount++; - data->last_stat = 0; /* Make sure to stat when updating. */ k5_mutex_unlock(&g_shared_trees_mutex); - retval = profile_update_file_data(data, NULL); + k5_mutex_lock(&data->lock); + data->last_stat = 0; /* Make sure to stat when updating. */ + retval = profile_update_file_data_locked(data, NULL); + k5_mutex_unlock(&data->lock); free(expanded_filename); if (retval) { profile_dereference_data(data); From ghudson at mit.edu Fri Sep 26 12:49:14 2025 From: ghudson at mit.edu (ghudson at mit.edu) Date: Fri, 26 Sep 2025 12:49:14 -0400 (EDT) Subject: krb5 commit: Add k5test --trace option Message-ID: <20250926164914.81E71103EFC@krbdev.mit.edu> https://github.com/krb5/krb5/commit/26f94a2b9952089066c1f42403a35307575ac606 commit 26f94a2b9952089066c1f42403a35307575ac606 Author: Greg Hudson Date: Mon Sep 22 15:43:43 2025 -0400 Add k5test --trace option Make it easier to collect trace logs for commands invoked by test scripts. Trace output will be placed in testtrace. for daemons, or collected in the log for regular command invocations. .gitignore | 2 +- src/config/post.in | 2 +- src/util/k5test.py | 20 ++++++++++++++++---- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index ae6780c37..d4e978349 100644 --- a/.gitignore +++ b/.gitignore @@ -21,7 +21,7 @@ obj/ skiptests testdir/ testlog -testtrace +testtrace* # Ignore the build directory /build/ diff --git a/src/config/post.in b/src/config/post.in index 4d0cb7535..36751f292 100644 --- a/src/config/post.in +++ b/src/config/post.in @@ -168,7 +168,7 @@ clean: clean-$(WHAT) clean-unix:: $(RM) $(OBJS) $(DEPTARGETS_CLEAN) $(EXTRA_FILES) - $(RM) et-[ch]-*.et et-[ch]-*.[ch] testlog testtrace runenv.sh + $(RM) et-[ch]-*.et et-[ch]-*.[ch] testlog testtrace* runenv.sh -$(RM) -r testdir clean-windows:: diff --git a/src/util/k5test.py b/src/util/k5test.py index d22cb5c80..5659fed1c 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -595,7 +595,7 @@ def _find_symbolizer(): # be used by the test script. def _parse_args(): global args, verbose, testpass, _debug, _debugger_command - global _stop_before, _stop_after, _shell_before, _shell_after + global _stop_before, _stop_after, _shell_before, _shell_after, _trace parser = optparse.OptionParser() parser.add_option('-v', '--verbose', action='store_true', dest='verbose', default=False, help='Display verbose output') @@ -613,6 +613,8 @@ def _parse_args(): help='Spawn shell before numbered command (or "all")') parser.add_option('--shell-after', dest='shella', metavar='NUM', help='Spawn shell after numbered command (or "all")') + parser.add_option('--trace', dest='trace', metavar='NUM', + help='Collect trace log for numbered command (or "all")') (options, args) = parser.parse_args() verbose = options.verbose testpass = options.testpass @@ -621,6 +623,7 @@ def _parse_args(): _stop_after = _parse_cmdnum('--stop-after', options.stopa) _shell_before = _parse_cmdnum('--shell-before', options.shellb) _shell_after = _parse_cmdnum('--shell-after', options.shella) + _trace = _parse_cmdnum('--trace', options.trace) if options.debugger is not None: _debugger_command = shlex.split(options.debugger) @@ -736,10 +739,11 @@ def _check_trace(trace, expected): def _run_cmd(args, env, input=None, expected_code=0, expected_msg=None, expected_trace=None, return_trace=False): global null_input, _cmd_index, _last_cmd, _last_cmd_output, _debug - global _stop_before, _stop_after, _shell_before, _shell_after + global _stop_before, _stop_after, _shell_before, _shell_after, _trace tracefile = None - if expected_trace is not None or return_trace: + if (expected_trace is not None or return_trace or + _match_cmdnum(_trace, _cmd_index)): tracefile = 'testtrace' if os.path.exists(tracefile): os.remove(tracefile) @@ -813,7 +817,7 @@ def _debug_cmd(args, env, input): # Clean up the daemon process on exit. def _start_daemon(args, env, sentinel): global null_input, _cmd_index, _last_cmd, _last_cmd_output, _debug - global _stop_before, _stop_after, _shell_before, _shell_after + global _stop_before, _stop_after, _shell_before, _shell_after, _trace if (_match_cmdnum(_debug, _cmd_index)): output('*** [%d] Warning: ' % _cmd_index, True) @@ -822,6 +826,14 @@ def _start_daemon(args, env, sentinel): output('*** Exiting after debugging daemon\n', True) sys.exit(1) + if (_match_cmdnum(_trace, _cmd_index)): + tracefile = 'testtrace.' + str(_cmd_index) + output('*** [%d] trace log in %s\n' % (_cmd_index, tracefile), True) + if os.path.exists(tracefile): + os.remove(tracefile) + env = env.copy() + env['KRB5_TRACE'] = tracefile + args = _valgrind(args) _last_cmd = _shell_equiv(args) output('*** [%d] Starting: %s\n' % (_cmd_index, _last_cmd)) From ghudson at mit.edu Fri Sep 26 13:20:57 2025 From: ghudson at mit.edu (ghudson at mit.edu) Date: Fri, 26 Sep 2025 13:20:57 -0400 (EDT) Subject: krb5 commit: Remove outdated comments in pre.in Message-ID: <20250926172057.406EF103ED2@krbdev.mit.edu> https://github.com/krb5/krb5/commit/dc9e13c98d64304b47637386884d93af2defc777 commit dc9e13c98d64304b47637386884d93af2defc777 Author: Greg Hudson Date: Mon Sep 22 13:34:16 2025 -0400 Remove outdated comments in pre.in These comments were added in commit 5969630081b7eb43a4e6d4374407544174d77770 to indicate that certain library dependencies would need framework alternatives for a planned macOS build design. The framework placeholders were reverted in commit 25935ea0f4fcd60eca8dba0371ea168fd729e908, rendering the comments obsolete. Reported by Gordon Steemson. src/config/pre.in | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/config/pre.in b/src/config/pre.in index 6a6a4adbb..4a07a76eb 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -381,10 +381,8 @@ HESIOD_LIBS = @HESIOD_LIBS@ KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(LIBS) $(DL_LIB) KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS) GSS_LIBS = $(GSS_KRB5_LIB) -# needs fixing if ever used on macOS! GSSRPC_LIBS = -lgssrpc $(GSS_LIBS) KADM_COMM_LIBS = $(GSSRPC_LIBS) -# need fixing if ever used on macOS! KADMSRV_LIBS = -lkadm5srv_mit $(HESIOD_LIBS) $(KDB5_LIBS) $(KADM_COMM_LIBS) KADMCLNT_LIBS = -lkadm5clnt_mit $(KADM_COMM_LIBS) From ghudson at mit.edu Fri Sep 26 16:57:42 2025 From: ghudson at mit.edu (ghudson at mit.edu) Date: Fri, 26 Sep 2025 16:57:42 -0400 (EDT) Subject: krb5 commit: Block library unloading on HP-UX Message-ID: <20250926205742.D8B90104132@krbdev.mit.edu> https://github.com/krb5/krb5/commit/340253cac7cbb249d8d859eae0ea0c44fd62025a commit 340253cac7cbb249d8d859eae0ea0c44fd62025a Author: Michael Osipov Date: Thu Sep 18 22:04:28 2025 +0200 Block library unloading on HP-UX src/config/lib.in | 6 ------ src/config/libnover.in | 6 ------ src/config/shlib.conf | 12 ++++-------- src/include/k5-platform.h | 26 -------------------------- 4 files changed, 4 insertions(+), 46 deletions(-) diff --git a/src/config/lib.in b/src/config/lib.in index 774e120a0..25215eb05 100644 --- a/src/config/lib.in +++ b/src/config/lib.in @@ -75,12 +75,6 @@ osf1.exports: $(SHLIB_EXPORT_FILE) Makefile hpux.exports: $(SHLIB_EXPORT_FILE) Makefile $(RM) hpux.tmp hpux.exports sed "s/^/+e /" < $(SHLIB_EXPORT_FILE) > hpux.tmp - a=""; \ - for f in . $(LIBFINIFUNC); do \ - if test "$$f" != .; then \ - a="+I $${f}__auxfini $$a"; \ - else :; fi; \ - done; echo "$$a" >> hpux.tmp echo "+e errno" >> hpux.tmp base=`echo "$(LIBBASE)" | sed -e 's/-/_/'`; \ echo "+e _GLOBAL__FD_lib$${base}_$(LIBMAJOR)_$(LIBMINOR)" >> hpux.tmp; \ diff --git a/src/config/libnover.in b/src/config/libnover.in index ab6baea82..bbac0cd17 100644 --- a/src/config/libnover.in +++ b/src/config/libnover.in @@ -64,12 +64,6 @@ osf1.exports: $(SHLIB_EXPORT_FILE) Makefile hpux.exports: $(SHLIB_EXPORT_FILE) Makefile $(RM) hpux.tmp hpux.exports sed "s/^/+e /" < $(SHLIB_EXPORT_FILE) > hpux.tmp - a=""; \ - for f in . $(LIBFINIFUNC); do \ - if test "$$f" != .; then \ - a="+I $${f}__auxfini $$a"; \ - else :; fi; \ - done; echo "$$a" >> hpux.tmp echo "+e errno" >> hpux.tmp mv -f hpux.tmp hpux.exports diff --git a/src/config/shlib.conf b/src/config/shlib.conf index f838c2536..d14ededab 100644 --- a/src/config/shlib.conf +++ b/src/config/shlib.conf @@ -93,12 +93,12 @@ case $krb5_cv_host in PICFLAGS=-fPIC SHLIB_RPATH_FLAGS='-Wl,+b,$(SHLIB_RDIRS)' SHLIB_EXPFLAGS='-Wl,+s $(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' - LDCOMBINE='gcc -fPIC -shared -Wl,+h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) -Wl,-c,hpux.exports' + LDCOMBINE='gcc -fPIC -shared -Wl,+h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) -Wl,-c,hpux.exports -Wl,-B,nodelete' else PICFLAGS=+z SHLIB_RPATH_FLAGS='+b $(SHLIB_RDIRS)' SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' - LDCOMBINE='ld -b +h $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) -c hpux.exports' + LDCOMBINE='ld -b +h $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) -c hpux.exports -B nodelete' fi MAKE_SHLIB_COMMAND="${LDCOMBINE} -o \$@ \$\$objlist \$(LDFLAGS) \$(SHLIB_EXPFLAGS) ${LDCOMBINE_TAIL}" PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' @@ -112,12 +112,8 @@ case $krb5_cv_host in # Do *not* set use_linker_init_option=yes here, because in the # case where the library is specified at program link time, the # initialization function appears not to get called, only for - # shl_load. But for finalization functions, the shl_load case - # is the one we care about. - # - # Not setting use_linker_init_option here should cause compilation - # failures if the user tries to disable delayed initialization. - use_linker_fini_option=yes + # shl_load. + lib_unload_prevented=yes ;; mips-*-netbsd*) diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h index 0a19b3668..18119f891 100644 --- a/src/include/k5-platform.h +++ b/src/include/k5-platform.h @@ -376,35 +376,9 @@ typedef struct { int error; unsigned char did_run; } k5_init_t; matter what compiler we're using. Do it the same way regardless. */ -# ifdef __hpux - - /* On HP-UX, we need this auxiliary function. At dynamic load or - unload time (but *not* program startup and termination for - link-time specified libraries), the linker-indicated function - is called with a handle on the library and a flag indicating - whether it's being loaded or unloaded. - - The "real" fini function doesn't need to be exported, so - declare it static. - - As usual, the final declaration is just for syntactic - convenience, so the top-level invocation of this macro can be - followed by a semicolon. */ - -# include -# define MAKE_FINI_FUNCTION(NAME) \ - static void NAME(void); \ - void JOIN__2(NAME, auxfini)(shl_t, int); /* silence gcc warnings */ \ - void JOIN__2(NAME, auxfini)(shl_t h, int l) { if (!l) NAME(); } \ - static void NAME(void) - -# else /* not hpux */ - # define MAKE_FINI_FUNCTION(NAME) \ void NAME(void) -# endif - #elif !defined(SHARED) || defined(LIB_UNLOAD_PREVENTED) /* From ghudson at mit.edu Tue Sep 30 17:06:04 2025 From: ghudson at mit.edu (ghudson at mit.edu) Date: Tue, 30 Sep 2025 17:06:04 -0400 (EDT) Subject: krb5 commit: Collect failed command trace logs in k5test Message-ID: <20250930210604.78FBE101C34@krbdev.mit.edu> https://github.com/krb5/krb5/commit/d908e4b505ccf038602bf8e4bb1540fd1826fc84 commit d908e4b505ccf038602bf8e4bb1540fd1826fc84 Author: Greg Hudson Date: Sat Sep 27 02:32:58 2025 -0400 Collect failed command trace logs in k5test In _run_cmd(), read the trace file and copy it into the log before checking the return code and expected output message. src/util/k5test.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/util/k5test.py b/src/util/k5test.py index 5659fed1c..bef645dd0 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -776,20 +776,24 @@ def _run_cmd(args, env, input=None, expected_code=0, expected_msg=None, _stop_or_shell(_stop_after, _shell_after, env, _cmd_index) _cmd_index += 1 - # Check the return code and return the output. + # Copy trace output into the log if we collected it. + if tracefile is not None: + with open(tracefile, 'r') as f: + trace = f.read() + output('*** Trace output for previous command:\n') + output(trace) + + # Check the return code. if code != expected_code: fail('%s failed with code %d.' % (args[0], code)) + # Check for the expected message if given. if expected_msg is not None and expected_msg not in outdata: fail('Expected string not found in command output: ' + expected_msg) - if tracefile is not None: - with open(tracefile, 'r') as f: - trace = f.read() - output('*** Trace output for previous command:\n') - output(trace) - if expected_trace is not None: - _check_trace(trace, expected_trace) + # Check for expected trace log messages if given. + if expected_trace is not None: + _check_trace(trace, expected_trace) return (outdata, trace) if return_trace else outdata From ghudson at mit.edu Tue Sep 30 17:40:10 2025 From: ghudson at mit.edu (ghudson at mit.edu) Date: Tue, 30 Sep 2025 17:40:10 -0400 (EDT) Subject: krb5 commit: Fix kvno argument order in t_authdata.py Message-ID: <20250930214010.889FF101C34@krbdev.mit.edu> https://github.com/krb5/krb5/commit/14b762a41e61c677bd47bc6ced19ce8b05c000f0 commit 14b762a41e61c677bd47bc6ced19ce8b05c000f0 Author: Michael Osipov Date: Sat Sep 27 11:44:25 2025 +0200 Fix kvno argument order in t_authdata.py In t_authdata.py, correct a kvno invocation so that it doesn't rely on GNU getopt behavior. In k5test.py, add POSIXLY_CORRECT=1 to the test environment to prevent future mistakes in this category. [ghudson at mit.edu: added test environment setting; edited commit message] src/tests/t_authdata.py | 2 +- src/util/k5test.py | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/tests/t_authdata.py b/src/tests/t_authdata.py index bde1c3684..72b57b0d7 100644 --- a/src/tests/t_authdata.py +++ b/src/tests/t_authdata.py @@ -331,7 +331,7 @@ rb.extract_keytab('user at B', rb.keytab) usercache = 'FILE:' + os.path.join(rb.testdir, 'usercache') rb.kinit(rb.user_princ, None, ['-k', '-f', '-c', usercache]) -rb.run([kvno, '-C', 'impersonator at A', '-c', usercache]) +rb.run([kvno, '-C', '-c', usercache, 'impersonator at A']) ra.kinit('impersonator at A', None, ['-f', '-k', '-t', ra.keytab]) ra.run(['./s4u2proxy', usercache, 'resource at A']) diff --git a/src/util/k5test.py b/src/util/k5test.py index bef645dd0..fa8a75d15 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -671,6 +671,8 @@ def _build_env(): # Make sure we don't get confused by translated messages # or localized times. env['LC_ALL'] = 'C' + # Enforce proper argument order in tests with GNU getopt. + env['POSIXLY_CORRECT'] = '1' return env