2870 lines
98 KiB
Plaintext
2870 lines
98 KiB
Plaintext
|
Index: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
|
||
|
===================================================================
|
||
|
--- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c.orig
|
||
|
+++ src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
|
||
|
@@ -303,6 +303,11 @@ int main(argc, argv)
|
||
|
krb5_boolean realm_name_required = TRUE;
|
||
|
krb5_boolean print_help_message = FALSE;
|
||
|
|
||
|
+ /*
|
||
|
+ * Ensure that "progname" is set before calling com_err.
|
||
|
+ */
|
||
|
+ progname = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]);
|
||
|
+
|
||
|
retval = krb5_init_context(&util_context);
|
||
|
set_com_err_hook(extended_com_err_fn);
|
||
|
if (retval) {
|
||
|
@@ -311,8 +316,6 @@ int main(argc, argv)
|
||
|
goto cleanup;
|
||
|
}
|
||
|
|
||
|
- progname = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]);
|
||
|
-
|
||
|
cmd_argv = (char **) malloc(sizeof(char *)*argc);
|
||
|
if (cmd_argv == NULL) {
|
||
|
com_err(progname, ENOMEM, "while creating sub-command arguments");
|
||
|
@@ -344,7 +347,7 @@ int main(argc, argv)
|
||
|
}
|
||
|
} else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
|
||
|
if (krb5_string_to_enctype(koptarg, &global_params.enctype))
|
||
|
- com_err(argv[0], 0, "%s is an invalid enctype", koptarg);
|
||
|
+ com_err(progname, 0, "%s is an invalid enctype", koptarg);
|
||
|
else
|
||
|
global_params.mask |= KADM5_CONFIG_ENCTYPE;
|
||
|
} else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
|
||
|
@@ -466,7 +469,7 @@ int main(argc, argv)
|
||
|
retval = kadm5_get_config_params(util_context, 1,
|
||
|
&global_params, &global_params);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while retreiving configuration parameters");
|
||
|
+ com_err(progname, retval, "while retreiving configuration parameters");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -474,7 +477,7 @@ int main(argc, argv)
|
||
|
}
|
||
|
|
||
|
if ((retval = krb5_ldap_lib_init()) != 0) {
|
||
|
- com_err(argv[0], retval, "while initializing error handling");
|
||
|
+ com_err(progname, retval, "while initializing error handling");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -482,7 +485,7 @@ int main(argc, argv)
|
||
|
/* Initialize the ldap context */
|
||
|
ldap_context = calloc(sizeof(krb5_ldap_context), 1);
|
||
|
if (ldap_context == NULL) {
|
||
|
- com_err(argv[0], ENOMEM, "while initializing ldap handle");
|
||
|
+ com_err(progname, ENOMEM, "while initializing ldap handle");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -495,7 +498,7 @@ int main(argc, argv)
|
||
|
if (passwd == NULL) {
|
||
|
passwd = (char *)malloc(MAX_PASSWD_LEN);
|
||
|
if (passwd == NULL) {
|
||
|
- com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
|
||
|
+ com_err(progname, ENOMEM, "while retrieving ldap configuration");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -503,7 +506,7 @@ int main(argc, argv)
|
||
|
if (prompt == NULL) {
|
||
|
free(passwd);
|
||
|
passwd = NULL;
|
||
|
- com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
|
||
|
+ com_err(progname, ENOMEM, "while retrieving ldap configuration");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -514,7 +517,7 @@ int main(argc, argv)
|
||
|
db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len);
|
||
|
|
||
|
if ((db_retval) || (passwd_len == 0)) {
|
||
|
- com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
|
||
|
+ com_err(progname, ENOMEM, "while retrieving ldap configuration");
|
||
|
free(passwd);
|
||
|
passwd = NULL;
|
||
|
exit_status++;
|
||
|
@@ -530,14 +533,14 @@ int main(argc, argv)
|
||
|
|
||
|
ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;
|
||
|
if (ldap_context->server_info_list == NULL) {
|
||
|
- com_err(argv[0], ENOMEM, "while initializing server list");
|
||
|
+ com_err(progname, ENOMEM, "while initializing server list");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
|
||
|
ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
|
||
|
if (ldap_context->server_info_list[0] == NULL) {
|
||
|
- com_err(argv[0], ENOMEM, "while initializing server list");
|
||
|
+ com_err(progname, ENOMEM, "while initializing server list");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -546,7 +549,7 @@ int main(argc, argv)
|
||
|
|
||
|
ldap_context->server_info_list[0]->server_name = strdup(ldap_server);
|
||
|
if (ldap_context->server_info_list[0]->server_name == NULL) {
|
||
|
- com_err(argv[0], ENOMEM, "while initializing server list");
|
||
|
+ com_err(progname, ENOMEM, "while initializing server list");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -554,7 +557,7 @@ int main(argc, argv)
|
||
|
if (bind_dn) {
|
||
|
ldap_context->bind_dn = strdup(bind_dn);
|
||
|
if (ldap_context->bind_dn == NULL) {
|
||
|
- com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
|
||
|
+ com_err(progname, ENOMEM, "while retrieving ldap configuration");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -566,7 +569,7 @@ int main(argc, argv)
|
||
|
if (realm_name_required) {
|
||
|
if ((global_params.enctype != ENCTYPE_UNKNOWN) &&
|
||
|
(!krb5_c_valid_enctype(global_params.enctype))) {
|
||
|
- com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
|
||
|
+ com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
|
||
|
"while setting up enctype %d", global_params.enctype);
|
||
|
}
|
||
|
}
|
||
|
@@ -583,7 +586,7 @@ int main(argc, argv)
|
||
|
|
||
|
db_retval = krb5_ldap_read_server_params(util_context, conf_section, KRB5_KDB_SRV_TYPE_OTHER);
|
||
|
if (db_retval) {
|
||
|
- com_err(argv[0], db_retval, "while reading ldap configuration");
|
||
|
+ com_err(progname, db_retval, "while reading ldap configuration");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
Index: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
|
||
|
===================================================================
|
||
|
--- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c.orig
|
||
|
+++ src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
|
||
|
@@ -67,7 +67,7 @@ static krb5_error_code init_ldap_realm (
|
||
|
retval = krb5_ldap_read_krbcontainer_params (util_context,
|
||
|
&(ldap_context->krbcontainer));
|
||
|
if (retval != 0) {
|
||
|
- com_err(argv[0], retval, "while reading kerberos container information");
|
||
|
+ com_err(progname, retval, "while reading kerberos container information");
|
||
|
goto cleanup;
|
||
|
}
|
||
|
}
|
||
|
@@ -95,7 +95,7 @@ kdb5_ldap_create_policy(argc, argv)
|
||
|
int argc;
|
||
|
char *argv[];
|
||
|
{
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
krb5_error_code retval = 0;
|
||
|
krb5_ldap_policy_params *policyparams = NULL;
|
||
|
krb5_boolean print_usage = FALSE;
|
||
|
@@ -322,7 +322,7 @@ kdb5_ldap_destroy_policy(argc, argv)
|
||
|
int argc;
|
||
|
char *argv[];
|
||
|
{
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
krb5_error_code retval = 0;
|
||
|
krb5_ldap_policy_params *policyparams = NULL;
|
||
|
krb5_boolean print_usage = FALSE;
|
||
|
@@ -426,7 +426,7 @@ kdb5_ldap_modify_policy(argc, argv)
|
||
|
int argc;
|
||
|
char *argv[];
|
||
|
{
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
krb5_error_code retval = 0;
|
||
|
krb5_ldap_policy_params *policyparams = NULL;
|
||
|
krb5_boolean print_usage = FALSE;
|
||
|
@@ -683,7 +683,7 @@ kdb5_ldap_view_policy(argc, argv)
|
||
|
int argc;
|
||
|
char *argv[];
|
||
|
{
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
krb5_ldap_policy_params *policyparams = NULL;
|
||
|
krb5_error_code retval = 0;
|
||
|
krb5_boolean print_usage = FALSE;
|
||
|
@@ -804,7 +804,7 @@ void kdb5_ldap_list_policies(argc, argv)
|
||
|
int argc;
|
||
|
char *argv[];
|
||
|
{
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
krb5_error_code retval = 0;
|
||
|
krb5_boolean print_usage = FALSE;
|
||
|
char *basedn = NULL;
|
||
|
Index: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
|
||
|
===================================================================
|
||
|
--- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c.orig
|
||
|
+++ src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
|
||
|
@@ -152,7 +152,7 @@ static int get_ticket_policy(rparams,i,a
|
||
|
krb5_boolean no_msg = FALSE;
|
||
|
|
||
|
krb5_boolean print_usage = FALSE;
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
|
||
|
time(&now);
|
||
|
if (!strcmp(argv[*i], "-maxtktlife")) {
|
||
|
@@ -364,7 +364,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
rparams->subtree = list;
|
||
|
} else if(strncmp(argv[i], "", strlen(argv[i]))==0) {
|
||
|
/* dont allow subtree value to be set at the root(NULL, "") of the tree */
|
||
|
- com_err(argv[0], EINVAL,
|
||
|
+ com_err(progname, EINVAL,
|
||
|
"for subtree while creating realm '%s'",
|
||
|
global_params.realm);
|
||
|
goto err_nomsg;
|
||
|
@@ -376,7 +376,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
goto err_usage;
|
||
|
if(strncmp(argv[i], "", strlen(argv[i]))==0) {
|
||
|
/* dont allow containerref value to be set at the root(NULL, "") of the tree */
|
||
|
- com_err(argv[0], EINVAL,
|
||
|
+ com_err(progname, EINVAL,
|
||
|
"for container reference while creating realm '%s'",
|
||
|
global_params.realm);
|
||
|
goto err_nomsg;
|
||
|
@@ -401,7 +401,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
rparams->search_scope = atoi(argv[i]);
|
||
|
if ((rparams->search_scope != 1) &&
|
||
|
(rparams->search_scope != 2)) {
|
||
|
- com_err(argv[0], EINVAL,
|
||
|
+ com_err(progname, EINVAL,
|
||
|
"invalid search scope while creating realm '%s'",
|
||
|
global_params.realm);
|
||
|
goto err_nomsg;
|
||
|
@@ -498,7 +498,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
|
||
|
pw_str, &pw_size);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while reading master key from keyboard");
|
||
|
+ com_err(progname, retval, "while reading master key from keyboard");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
mkey_password = pw_str;
|
||
|
@@ -516,7 +516,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
rparams->realm_name = strdup(global_params.realm);
|
||
|
if (rparams->realm_name == NULL) {
|
||
|
retval = ENOMEM;
|
||
|
- com_err(argv[0], ENOMEM, "while creating realm '%s'",
|
||
|
+ com_err(progname, ENOMEM, "while creating realm '%s'",
|
||
|
global_params.realm);
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
@@ -588,11 +588,11 @@ void kdb5_ldap_create(argc, argv)
|
||
|
retval = krb5_ldap_read_krbcontainer_params(util_context,
|
||
|
&(ldap_context->krbcontainer));
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while reading kerberos container information");
|
||
|
+ com_err(progname, retval, "while reading kerberos container information");
|
||
|
goto cleanup;
|
||
|
}
|
||
|
} else if (retval) {
|
||
|
- com_err(argv[0], retval, "while reading kerberos container information");
|
||
|
+ com_err(progname, retval, "while reading kerberos container information");
|
||
|
goto cleanup;
|
||
|
}
|
||
|
|
||
|
@@ -608,7 +608,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
global_params.realm,
|
||
|
&(ldap_context->lrparams),
|
||
|
&mask))) {
|
||
|
- com_err(argv[0], retval, "while reading information of realm '%s'",
|
||
|
+ com_err(progname, retval, "while reading information of realm '%s'",
|
||
|
global_params.realm);
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
@@ -623,7 +623,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
global_params.mkey_name,
|
||
|
global_params.realm,
|
||
|
0, &master_princ))) {
|
||
|
- com_err(argv[0], retval, "while setting up master key name");
|
||
|
+ com_err(progname, retval, "while setting up master key name");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
|
||
|
@@ -635,7 +635,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
pwd.length = strlen(mkey_password);
|
||
|
retval = krb5_principal2salt(util_context, master_princ, &master_salt);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while calculating master key salt");
|
||
|
+ com_err(progname, retval, "while calculating master key salt");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
|
||
|
@@ -646,7 +646,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
free(master_salt.data);
|
||
|
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while transforming master key from password");
|
||
|
+ com_err(progname, retval, "while transforming master key from password");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
|
||
|
@@ -689,28 +689,28 @@ void kdb5_ldap_create(argc, argv)
|
||
|
/* Create 'K/M' ... */
|
||
|
rblock.flags |= KRB5_KDB_DISALLOW_ALL_TIX;
|
||
|
if ((retval = kdb_ldap_create_principal(util_context, master_princ, MASTER_KEY, &rblock))) {
|
||
|
- com_err(argv[0], retval, "while adding entries to the database");
|
||
|
+ com_err(progname, retval, "while adding entries to the database");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
|
||
|
/* Create 'krbtgt' ... */
|
||
|
rblock.flags = 0; /* reset the flags */
|
||
|
if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
|
||
|
- com_err(argv[0], retval, "while adding entries to the database");
|
||
|
+ com_err(progname, retval, "while adding entries to the database");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
|
||
|
/* Create 'kadmin/admin' ... */
|
||
|
snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_ADMIN_SERVICE, global_params.realm);
|
||
|
if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
|
||
|
- com_err(argv[0], retval, "while adding entries to the database");
|
||
|
+ com_err(progname, retval, "while adding entries to the database");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
rblock.max_life = ADMIN_LIFETIME;
|
||
|
rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
|
||
|
if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
|
||
|
krb5_free_principal(util_context, p);
|
||
|
- com_err(argv[0], retval, "while adding entries to the database");
|
||
|
+ com_err(progname, retval, "while adding entries to the database");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
krb5_free_principal(util_context, p);
|
||
|
@@ -718,7 +718,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
/* Create 'kadmin/changepw' ... */
|
||
|
snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_CHANGEPW_SERVICE, global_params.realm);
|
||
|
if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
|
||
|
- com_err(argv[0], retval, "while adding entries to the database");
|
||
|
+ com_err(progname, retval, "while adding entries to the database");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
rblock.max_life = CHANGEPW_LIFETIME;
|
||
|
@@ -726,7 +726,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
KRB5_KDB_PWCHANGE_SERVICE;
|
||
|
if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
|
||
|
krb5_free_principal(util_context, p);
|
||
|
- com_err(argv[0], retval, "while adding entries to the database");
|
||
|
+ com_err(progname, retval, "while adding entries to the database");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
krb5_free_principal(util_context, p);
|
||
|
@@ -734,26 +734,26 @@ void kdb5_ldap_create(argc, argv)
|
||
|
/* Create 'kadmin/history' ... */
|
||
|
snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_HIST_PRINCIPAL, global_params.realm);
|
||
|
if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
|
||
|
- com_err(argv[0], retval, "while adding entries to the database");
|
||
|
+ com_err(progname, retval, "while adding entries to the database");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
rblock.max_life = global_params.max_life;
|
||
|
rblock.flags = 0;
|
||
|
if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
|
||
|
krb5_free_principal(util_context, p);
|
||
|
- com_err(argv[0], retval, "while adding entries to the database");
|
||
|
+ com_err(progname, retval, "while adding entries to the database");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
krb5_free_principal(util_context, p);
|
||
|
|
||
|
/* Create 'kadmin/<hostname>' ... */
|
||
|
if ((retval=krb5_sname_to_principal(util_context, NULL, "kadmin", KRB5_NT_SRV_HST, &p))) {
|
||
|
- com_err(argv[0], retval, "krb5_sname_to_principal, while adding entries to the database");
|
||
|
+ com_err(progname, retval, "krb5_sname_to_principal, while adding entries to the database");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
|
||
|
if ((retval=krb5_copy_principal(util_context, p, &temp_p))) {
|
||
|
- com_err(argv[0], retval, "krb5_copy_principal, while adding entries to the database");
|
||
|
+ com_err(progname, retval, "krb5_copy_principal, while adding entries to the database");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
|
||
|
@@ -762,7 +762,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
temp_p->realm.length = strlen(util_context->default_realm);
|
||
|
temp_p->realm.data = strdup(util_context->default_realm);
|
||
|
if (temp_p->realm.data == NULL) {
|
||
|
- com_err(argv[0], ENOMEM, "while adding entries to the database");
|
||
|
+ com_err(progname, ENOMEM, "while adding entries to the database");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
|
||
|
@@ -770,7 +770,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
|
||
|
if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, &rblock))) {
|
||
|
krb5_free_principal(util_context, p);
|
||
|
- com_err(argv[0], retval, "while adding entries to the database");
|
||
|
+ com_err(progname, retval, "while adding entries to the database");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
krb5_free_principal(util_context, temp_p);
|
||
|
@@ -798,7 +798,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
LDAP_KDC_SERVICE, rparams->kdcservers[i],
|
||
|
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
|
||
|
printf("failed\n");
|
||
|
- com_err(argv[0], retval, "while assigning rights to '%s'",
|
||
|
+ com_err(progname, retval, "while assigning rights to '%s'",
|
||
|
rparams->realm_name);
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
@@ -814,7 +814,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
LDAP_ADMIN_SERVICE, rparams->adminservers[i],
|
||
|
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
|
||
|
printf("failed\n");
|
||
|
- com_err(argv[0], retval, "while assigning rights to '%s'",
|
||
|
+ com_err(progname, retval, "while assigning rights to '%s'",
|
||
|
rparams->realm_name);
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
@@ -830,7 +830,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
|
||
|
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
|
||
|
printf("failed\n");
|
||
|
- com_err(argv[0], retval, "while assigning rights to '%s'",
|
||
|
+ com_err(progname, retval, "while assigning rights to '%s'",
|
||
|
rparams->realm_name);
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
@@ -850,7 +850,7 @@ void kdb5_ldap_create(argc, argv)
|
||
|
master_princ,
|
||
|
&master_keyblock, NULL);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], errno, "while storing key");
|
||
|
+ com_err(progname, errno, "while storing key");
|
||
|
printf("Warning: couldn't stash master key.\n");
|
||
|
}
|
||
|
}
|
||
|
@@ -879,7 +879,7 @@ cleanup:
|
||
|
|
||
|
if (retval) {
|
||
|
if (!no_msg) {
|
||
|
- com_err(argv[0], retval, "while creating realm '%s'",
|
||
|
+ com_err(progname, retval, "while creating realm '%s'",
|
||
|
global_params.realm);
|
||
|
}
|
||
|
exit_status++;
|
||
|
@@ -932,7 +932,7 @@ void kdb5_ldap_modify(argc, argv)
|
||
|
|
||
|
if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
|
||
|
&(ldap_context->krbcontainer)))) {
|
||
|
- com_err(argv[0], retval, "while reading Kerberos container information");
|
||
|
+ com_err(progname, retval, "while reading Kerberos container information");
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
|
||
|
@@ -986,7 +986,7 @@ void kdb5_ldap_modify(argc, argv)
|
||
|
rparams->subtree = slist;
|
||
|
} else if(strncmp(argv[i], "", strlen(argv[i]))==0) {
|
||
|
/* dont allow subtree value to be set at the root(NULL, "") of the tree */
|
||
|
- com_err(argv[0], EINVAL,
|
||
|
+ com_err(progname, EINVAL,
|
||
|
"for subtree while modifying realm '%s'",
|
||
|
global_params.realm);
|
||
|
goto err_nomsg;
|
||
|
@@ -998,7 +998,7 @@ void kdb5_ldap_modify(argc, argv)
|
||
|
goto err_usage;
|
||
|
if(strncmp(argv[i], "", strlen(argv[i]))==0) {
|
||
|
/* dont allow containerref value to be set at the root(NULL, "") of the tree */
|
||
|
- com_err(argv[0], EINVAL,
|
||
|
+ com_err(progname, EINVAL,
|
||
|
"for container reference while modifying realm '%s'",
|
||
|
global_params.realm);
|
||
|
goto err_nomsg;
|
||
|
@@ -1024,7 +1024,7 @@ void kdb5_ldap_modify(argc, argv)
|
||
|
if ((rparams->search_scope != 1) &&
|
||
|
(rparams->search_scope != 2)) {
|
||
|
retval = EINVAL;
|
||
|
- com_err(argv[0], retval,
|
||
|
+ com_err(progname, retval,
|
||
|
"specified for search scope while modifying information of realm '%s'",
|
||
|
global_params.realm);
|
||
|
goto err_nomsg;
|
||
|
@@ -1529,7 +1529,7 @@ void kdb5_ldap_modify(argc, argv)
|
||
|
LDAP_KDC_SERVICE, oldkdcdns[i],
|
||
|
rparams->realm_name, oldsubtrees, rightsmask)) != 0) {
|
||
|
printf("failed\n");
|
||
|
- com_err(argv[0], retval, "while assigning rights '%s'",
|
||
|
+ com_err(progname, retval, "while assigning rights '%s'",
|
||
|
rparams->realm_name);
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
@@ -1546,7 +1546,7 @@ void kdb5_ldap_modify(argc, argv)
|
||
|
LDAP_KDC_SERVICE, newkdcdns[i], rparams->realm_name,
|
||
|
rparams->subtree, rightsmask)) != 0) {
|
||
|
printf("failed\n");
|
||
|
- com_err(argv[0], retval, "while assigning rights to '%s'",
|
||
|
+ com_err(progname, retval, "while assigning rights to '%s'",
|
||
|
rparams->realm_name);
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
@@ -1608,7 +1608,7 @@ void kdb5_ldap_modify(argc, argv)
|
||
|
LDAP_ADMIN_SERVICE, oldadmindns[i],
|
||
|
rparams->realm_name, oldsubtrees, rightsmask)) != 0) {
|
||
|
printf("failed\n");
|
||
|
- com_err(argv[0], retval, "while assigning rights '%s'",
|
||
|
+ com_err(progname, retval, "while assigning rights '%s'",
|
||
|
rparams->realm_name);
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
@@ -1626,7 +1626,7 @@ void kdb5_ldap_modify(argc, argv)
|
||
|
LDAP_ADMIN_SERVICE, newadmindns[i],
|
||
|
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
|
||
|
printf("failed\n");
|
||
|
- com_err(argv[0], retval, "while assigning rights to '%s'",
|
||
|
+ com_err(progname, retval, "while assigning rights to '%s'",
|
||
|
rparams->realm_name);
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
@@ -1688,7 +1688,7 @@ void kdb5_ldap_modify(argc, argv)
|
||
|
LDAP_PASSWD_SERVICE, oldpwddns[i],
|
||
|
rparams->realm_name, oldsubtrees, rightsmask))) {
|
||
|
printf("failed\n");
|
||
|
- com_err(argv[0], retval, "while assigning rights '%s'",
|
||
|
+ com_err(progname, retval, "while assigning rights '%s'",
|
||
|
rparams->realm_name);
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
@@ -1705,7 +1705,7 @@ void kdb5_ldap_modify(argc, argv)
|
||
|
LDAP_PASSWD_SERVICE, newpwddns[i],
|
||
|
rparams->realm_name, rparams->subtree, rightsmask))) {
|
||
|
printf("failed\n");
|
||
|
- com_err(argv[0], retval, "while assigning rights to '%s'",
|
||
|
+ com_err(progname, retval, "while assigning rights to '%s'",
|
||
|
rparams->realm_name);
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
@@ -1777,7 +1777,7 @@ cleanup:
|
||
|
|
||
|
if (retval) {
|
||
|
if (!no_msg)
|
||
|
- com_err(argv[0], retval, "while modifying information of realm '%s'",
|
||
|
+ com_err(progname, retval, "while modifying information of realm '%s'",
|
||
|
global_params.realm);
|
||
|
exit_status++;
|
||
|
}
|
||
|
@@ -1804,7 +1804,7 @@ void kdb5_ldap_view(argc, argv)
|
||
|
ldap_context = (krb5_ldap_context *) dal_handle->db_context;
|
||
|
if (!(ldap_context)) {
|
||
|
retval = EINVAL;
|
||
|
- com_err(argv[0], retval, "while initializing database");
|
||
|
+ com_err(progname, retval, "while initializing database");
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
@@ -1812,14 +1812,14 @@ void kdb5_ldap_view(argc, argv)
|
||
|
/* Read the kerberos container information */
|
||
|
if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
|
||
|
&(ldap_context->krbcontainer))) != 0) {
|
||
|
- com_err(argv[0], retval, "while reading kerberos container information");
|
||
|
+ com_err(progname, retval, "while reading kerberos container information");
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
if ((retval = krb5_ldap_read_realm_params(util_context,
|
||
|
global_params.realm, &rparams, &mask)) || (!rparams)) {
|
||
|
- com_err(argv[0], retval, "while reading information of realm '%s'",
|
||
|
+ com_err(progname, retval, "while reading information of realm '%s'",
|
||
|
global_params.realm);
|
||
|
exit_status++;
|
||
|
return;
|
||
|
@@ -2009,7 +2009,7 @@ void kdb5_ldap_list(argc, argv)
|
||
|
/* Read the kerberos container information */
|
||
|
if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
|
||
|
&(ldap_context->krbcontainer))) != 0) {
|
||
|
- com_err(argv[0], retval, "while reading kerberos container information");
|
||
|
+ com_err(progname, retval, "while reading kerberos container information");
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
@@ -2018,7 +2018,7 @@ void kdb5_ldap_list(argc, argv)
|
||
|
if (retval != 0) {
|
||
|
krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
|
||
|
ldap_context->krbcontainer = NULL;
|
||
|
- com_err (argv[0], retval, "while listing realms");
|
||
|
+ com_err (progname, retval, "while listing realms");
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
@@ -2434,7 +2434,7 @@ kdb5_ldap_destroy(argc, argv)
|
||
|
dal_handle = (kdb5_dal_handle *)util_context->db_context;
|
||
|
ldap_context = (krb5_ldap_context *) dal_handle->db_context;
|
||
|
if (!(ldap_context)) {
|
||
|
- com_err(argv[0], EINVAL, "while initializing database");
|
||
|
+ com_err(progname, EINVAL, "while initializing database");
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
@@ -2442,7 +2442,7 @@ kdb5_ldap_destroy(argc, argv)
|
||
|
/* Read the kerberos container from the LDAP Server */
|
||
|
if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
|
||
|
&(ldap_context->krbcontainer))) != 0) {
|
||
|
- com_err(argv[0], retval, "while reading kerberos container information");
|
||
|
+ com_err(progname, retval, "while reading kerberos container information");
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
@@ -2450,7 +2450,7 @@ kdb5_ldap_destroy(argc, argv)
|
||
|
/* Read the Realm information from the LDAP Server */
|
||
|
if ((retval = krb5_ldap_read_realm_params(util_context, global_params.realm,
|
||
|
&(ldap_context->lrparams), &mask)) != 0) {
|
||
|
- com_err(argv[0], retval, "while reading realm information");
|
||
|
+ com_err(progname, retval, "while reading realm information");
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
@@ -2472,7 +2472,7 @@ kdb5_ldap_destroy(argc, argv)
|
||
|
LDAP_KDC_SERVICE, rparams->kdcservers[i],
|
||
|
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
|
||
|
printf("failed\n");
|
||
|
- com_err(argv[0], retval, "while assigning rights to '%s'",
|
||
|
+ com_err(progname, retval, "while assigning rights to '%s'",
|
||
|
rparams->realm_name);
|
||
|
return;
|
||
|
}
|
||
|
@@ -2487,7 +2487,7 @@ kdb5_ldap_destroy(argc, argv)
|
||
|
LDAP_ADMIN_SERVICE, rparams->adminservers[i],
|
||
|
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
|
||
|
printf("failed\n");
|
||
|
- com_err(argv[0], retval, "while assigning rights to '%s'",
|
||
|
+ com_err(progname, retval, "while assigning rights to '%s'",
|
||
|
rparams->realm_name);
|
||
|
return;
|
||
|
}
|
||
|
@@ -2502,7 +2502,7 @@ kdb5_ldap_destroy(argc, argv)
|
||
|
LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
|
||
|
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
|
||
|
printf("failed\n");
|
||
|
- com_err(argv[0], retval, "while assigning rights to '%s'",
|
||
|
+ com_err(progname, retval, "while assigning rights to '%s'",
|
||
|
rparams->realm_name);
|
||
|
return;
|
||
|
}
|
||
|
@@ -2514,7 +2514,7 @@ kdb5_ldap_destroy(argc, argv)
|
||
|
/* Delete the realm container and all the associated principals */
|
||
|
retval = krb5_ldap_delete_realm(util_context, global_params.realm);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "deleting database of '%s'", global_params.realm);
|
||
|
+ com_err(progname, retval, "deleting database of '%s'", global_params.realm);
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
Index: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
|
||
|
===================================================================
|
||
|
--- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h.orig
|
||
|
+++ src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
|
||
|
@@ -58,6 +58,8 @@
|
||
|
#define DESTROY_POLICY 14
|
||
|
#define LIST_POLICY 15
|
||
|
|
||
|
+extern char *progname;
|
||
|
+
|
||
|
extern int exit_status;
|
||
|
extern krb5_context util_context;
|
||
|
|
||
|
Index: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||
|
===================================================================
|
||
|
--- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c.orig
|
||
|
+++ src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||
|
@@ -198,7 +198,7 @@ void kdb5_ldap_create_service(argc, argv
|
||
|
int argc;
|
||
|
char *argv[];
|
||
|
{
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
krb5_error_code retval = 0;
|
||
|
krb5_ldap_service_params *srvparams = NULL;
|
||
|
krb5_boolean print_usage = FALSE;
|
||
|
@@ -496,7 +496,7 @@ void kdb5_ldap_modify_service(argc, argv
|
||
|
int argc;
|
||
|
char *argv[];
|
||
|
{
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
krb5_error_code retval = 0;
|
||
|
krb5_ldap_service_params *srvparams = NULL;
|
||
|
krb5_boolean print_usage = FALSE;
|
||
|
@@ -569,7 +569,7 @@ void kdb5_ldap_modify_service(argc, argv
|
||
|
|
||
|
retval = krb5_ldap_read_service(util_context, servicedn, &srvparams, &in_mask);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while reading information of service '%s'",
|
||
|
+ com_err(me, retval, "while reading information of service '%s'",
|
||
|
servicedn);
|
||
|
goto err_nomsg;
|
||
|
}
|
||
|
@@ -1061,7 +1061,7 @@ rem_service_entry_from_file(argc, argv,
|
||
|
char *service_object;
|
||
|
{
|
||
|
int st = EINVAL;
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
char *tmp_file = NULL;
|
||
|
int tmpfd = -1;
|
||
|
FILE *pfile = NULL;
|
||
|
@@ -1175,7 +1175,7 @@ kdb5_ldap_destroy_service(argc, argv)
|
||
|
if (argv[i+1]) {
|
||
|
stashfilename=strdup(argv[i+1]);
|
||
|
if (stashfilename == NULL) {
|
||
|
- com_err(argv[0], ENOMEM, "while destroying service");
|
||
|
+ com_err(progname, ENOMEM, "while destroying service");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -1188,7 +1188,7 @@ kdb5_ldap_destroy_service(argc, argv)
|
||
|
if ((argv[i]) && (servicedn == NULL)) {
|
||
|
servicedn=strdup(argv[i]);
|
||
|
if (servicedn == NULL) {
|
||
|
- com_err(argv[0], ENOMEM, "while destroying service");
|
||
|
+ com_err(progname, ENOMEM, "while destroying service");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -1219,7 +1219,7 @@ kdb5_ldap_destroy_service(argc, argv)
|
||
|
|
||
|
if ((retval = krb5_ldap_read_service(util_context, servicedn,
|
||
|
&lserparams, &mask))) {
|
||
|
- com_err(argv[0], retval, "while destroying service '%s'",servicedn);
|
||
|
+ com_err(progname, retval, "while destroying service '%s'",servicedn);
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -1227,7 +1227,7 @@ kdb5_ldap_destroy_service(argc, argv)
|
||
|
retval = krb5_ldap_delete_service(util_context, lserparams, servicedn);
|
||
|
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while destroying service '%s'", servicedn);
|
||
|
+ com_err(progname, retval, "while destroying service '%s'", servicedn);
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -1235,7 +1235,7 @@ kdb5_ldap_destroy_service(argc, argv)
|
||
|
if (stashfilename == NULL) {
|
||
|
stashfilename = strdup(DEF_SERVICE_PASSWD_FILE);
|
||
|
if (stashfilename == NULL) {
|
||
|
- com_err(argv[0], ENOMEM, "while destroying service");
|
||
|
+ com_err(progname, ENOMEM, "while destroying service");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -1295,13 +1295,13 @@ void kdb5_ldap_view_service(argc, argv)
|
||
|
|
||
|
servicedn=strdup(argv[1]);
|
||
|
if (servicedn == NULL) {
|
||
|
- com_err(argv[0], ENOMEM, "while viewing service");
|
||
|
+ com_err(progname, ENOMEM, "while viewing service");
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
|
||
|
if ((retval = krb5_ldap_read_service(util_context, servicedn, &lserparams, &mask))) {
|
||
|
- com_err(argv[0], retval, "while viewing service '%s'",servicedn);
|
||
|
+ com_err(progname, retval, "while viewing service '%s'",servicedn);
|
||
|
exit_status++;
|
||
|
goto cleanup;
|
||
|
}
|
||
|
@@ -1338,7 +1338,7 @@ void kdb5_ldap_list_services(argc, argv)
|
||
|
int argc;
|
||
|
char *argv[];
|
||
|
{
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
krb5_error_code retval = 0;
|
||
|
char *basedn = NULL;
|
||
|
char **list = NULL;
|
||
|
@@ -1519,7 +1519,7 @@ kdb5_ldap_set_service_password(argc, arg
|
||
|
krb5_ldap_context *lparams = NULL;
|
||
|
char *file_name = NULL;
|
||
|
char *tmp_file = NULL;
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
int filelen = 0;
|
||
|
int random_passwd = 0;
|
||
|
int set_dir_pwd = 1;
|
||
|
@@ -1902,7 +1902,7 @@ kdb5_ldap_stash_service_password(argc, a
|
||
|
{
|
||
|
int ret = 0;
|
||
|
unsigned int passwd_len = 0;
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
char *service_object = NULL;
|
||
|
char *file_name = NULL, *tmp_file = NULL;
|
||
|
char passwd[MAX_SERVICE_PASSWD_LEN];
|
||
|
Index: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M
|
||
|
===================================================================
|
||
|
--- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M.orig
|
||
|
+++ src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M
|
||
|
@@ -73,7 +73,7 @@ set. This means all the ticket options w
|
||
|
The various flags are:
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_postdated\fP
|
||
|
-.B -allow_postdated
|
||
|
+.B \-allow_postdated
|
||
|
prohibits principals from obtaining postdated tickets. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_POSTDATED
|
||
|
flag.)
|
||
|
@@ -81,7 +81,7 @@ flag.)
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_forwardable\fP
|
||
|
-.B -allow_forwardable
|
||
|
+.B \-allow_forwardable
|
||
|
prohibits principals from obtaining forwardable tickets. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_FORWARDABLE
|
||
|
flag.)
|
||
|
@@ -89,7 +89,7 @@ flag.)
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_renewable\fP
|
||
|
-.B -allow_renewable
|
||
|
+.B \-allow_renewable
|
||
|
prohibits principals from obtaining renewable tickets. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_RENEWABLE
|
||
|
flag.)
|
||
|
@@ -97,7 +97,7 @@ flag.)
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_proxiable\fP
|
||
|
-.B -allow_proxiable
|
||
|
+.B \-allow_proxiable
|
||
|
prohibits principals from obtaining proxiable tickets. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_PROXIABLE
|
||
|
flag.)
|
||
|
@@ -105,7 +105,7 @@ flag.)
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_dup_skey\fP
|
||
|
-.B -allow_dup_skey
|
||
|
+.B \-allow_dup_skey
|
||
|
Disables user-to-user authentication for principals by prohibiting
|
||
|
principals from obtaining a session key for another user. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_DUP_SKEY
|
||
|
@@ -119,7 +119,7 @@ requires principals to preauthenticate b
|
||
|
kinit. (Sets the
|
||
|
.SM KRB5_KDB_REQUIRES_PRE_AUTH
|
||
|
flag.)
|
||
|
-.B -requires_preauth
|
||
|
+.B \-requires_preauth
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBrequires_hwauth\fP
|
||
|
@@ -128,11 +128,11 @@ requires principals to preauthenticate u
|
||
|
before being allowed to kinit. (Sets the
|
||
|
.SM KRB5_KDB_REQUIRES_HW_AUTH
|
||
|
flag.)
|
||
|
-.B -requires_hwauth
|
||
|
+.B \-requires_hwauth
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_svr\fP
|
||
|
-.B -allow_svr
|
||
|
+.B \-allow_svr
|
||
|
prohibits the issuance of service tickets for principals. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_SVR
|
||
|
flag.)
|
||
|
@@ -208,9 +208,9 @@ Specifies the list of Administration ser
|
||
|
of the Administration service objects separated by colon(:).
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
|
||
|
-create -subtrees o=org -sscope SUB
|
||
|
--r ATHENA.MIT.EDU\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu
|
||
|
+create \-subtrees o=org \-sscope SUB
|
||
|
+\-r ATHENA.MIT.EDU\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
Initializing database for realm 'ATHENA.MIT.EDU'
|
||
|
@@ -255,7 +255,7 @@ and no restriction will be set.
|
||
|
The various flags are:
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_postdated\fP
|
||
|
-.B -allow_postdated
|
||
|
+.B \-allow_postdated
|
||
|
prohibits principals from obtaining postdated tickets. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_POSTDATED
|
||
|
flag.)
|
||
|
@@ -263,7 +263,7 @@ flag.)
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_forwardable\fP
|
||
|
-.B -allow_forwardable
|
||
|
+.B \-allow_forwardable
|
||
|
prohibits principals from obtaining forwardable tickets. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_FORWARDABLE
|
||
|
flag.)
|
||
|
@@ -271,7 +271,7 @@ flag.)
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_renewable\fP
|
||
|
-.B -allow_renewable
|
||
|
+.B \-allow_renewable
|
||
|
prohibits principals from obtaining renewable tickets. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_RENEWABLE
|
||
|
flag.)
|
||
|
@@ -279,7 +279,7 @@ flag.)
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_proxiable\fP
|
||
|
-.B -allow_proxiable
|
||
|
+.B \-allow_proxiable
|
||
|
prohibits principals from obtaining proxiable tickets. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_PROXIABLE
|
||
|
flag.)
|
||
|
@@ -287,7 +287,7 @@ flag.)
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_dup_skey\fP
|
||
|
-.B -allow_dup_skey
|
||
|
+.B \-allow_dup_skey
|
||
|
Disables user-to-user authentication for principals by prohibiting
|
||
|
principals from obtaining a session key for another user. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_DUP_SKEY
|
||
|
@@ -301,7 +301,7 @@ requires principals to preauthenticate b
|
||
|
kinit. (Sets the
|
||
|
.SM KRB5_KDB_REQUIRES_PRE_AUTH
|
||
|
flag.)
|
||
|
-.B -requires_preauth
|
||
|
+.B \-requires_preauth
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBrequires_hwauth\fP
|
||
|
@@ -310,11 +310,11 @@ requires principals to preauthenticate u
|
||
|
before being allowed to kinit. (Sets the
|
||
|
.SM KRB5_KDB_REQUIRES_HW_AUTH
|
||
|
flag.)
|
||
|
-.B -requires_hwauth
|
||
|
+.B \-requires_hwauth
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_svr\fP
|
||
|
-.B -allow_svr
|
||
|
+.B \-allow_svr
|
||
|
prohibits the issuance of service tickets for principals. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_SVR
|
||
|
flag.)
|
||
|
@@ -406,8 +406,8 @@ Specifies the list of Administration ser
|
||
|
contains the DNs of the Administration service objects separated by a colon (:).
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify
|
||
|
-+requires_preauth -r ATHENA.MIT.EDU \fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu modify
|
||
|
++requires_preauth \-r ATHENA.MIT.EDU \fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
.fi
|
||
|
@@ -423,8 +423,8 @@ Specifies the Kerberos realm of the data
|
||
|
is used.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view
|
||
|
--r ATHENA.MIT.EDU\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu view
|
||
|
+\-r ATHENA.MIT.EDU\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
Realm Name: ATHENA.MIT.EDU
|
||
|
@@ -450,8 +450,8 @@ Specifies the Kerberos realm of the data
|
||
|
is used.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy
|
||
|
--r ATHENA.MIT.EDU\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu destroy
|
||
|
+\-r ATHENA.MIT.EDU\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
Deleting KDC database of 'ATHENA.MIT.EDU', are you sure?
|
||
|
@@ -467,7 +467,7 @@ Lists the name of realms.
|
||
|
.nf
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu list\fP
|
||
|
Password for "cn=admin,o=org":
|
||
|
ATHENA.MIT.EDU
|
||
|
OPENLDAP.MIT.EDU
|
||
|
@@ -487,7 +487,7 @@ Specifies the complete path of the servi
|
||
|
Specifies Distinguished name (DN) of the service object whose password is to be stored in file.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util stashsrvpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP
|
||
|
+\fBkdb5_ldap_util stashsrvpw \-f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP
|
||
|
.nf
|
||
|
Password for "cn=service-kdc,o=org":
|
||
|
Re-enter password for "cn=service-kdc,o=org":
|
||
|
@@ -517,7 +517,7 @@ set. This means all the ticket options w
|
||
|
The various flags are:
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_postdated\fP
|
||
|
-.B -allow_postdated
|
||
|
+.B \-allow_postdated
|
||
|
prohibits principals from obtaining postdated tickets. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_POSTDATED
|
||
|
flag.)
|
||
|
@@ -525,7 +525,7 @@ flag.)
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_forwardable\fP
|
||
|
-.B -allow_forwardable
|
||
|
+.B \-allow_forwardable
|
||
|
prohibits principals from obtaining forwardable tickets. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_FORWARDABLE
|
||
|
flag.)
|
||
|
@@ -533,7 +533,7 @@ flag.)
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_renewable\fP
|
||
|
-.B -allow_renewable
|
||
|
+.B \-allow_renewable
|
||
|
prohibits principals from obtaining renewable tickets. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_RENEWABLE
|
||
|
flag.)
|
||
|
@@ -541,7 +541,7 @@ flag.)
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_proxiable\fP
|
||
|
-.B -allow_proxiable
|
||
|
+.B \-allow_proxiable
|
||
|
prohibits principals from obtaining proxiable tickets. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_PROXIABLE
|
||
|
flag.)
|
||
|
@@ -549,7 +549,7 @@ flag.)
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_dup_skey\fP
|
||
|
-.B -allow_dup_skey
|
||
|
+.B \-allow_dup_skey
|
||
|
Disables user-to-user authentication for principals by prohibiting
|
||
|
principals from obtaining a session key for another user. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_DUP_SKEY
|
||
|
@@ -563,7 +563,7 @@ requires principals to preauthenticate b
|
||
|
kinit. (Sets the
|
||
|
.SM KRB5_KDB_REQUIRES_PRE_AUTH
|
||
|
flag.)
|
||
|
-.B -requires_preauth
|
||
|
+.B \-requires_preauth
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBrequires_hwauth\fP
|
||
|
@@ -572,11 +572,11 @@ requires principals to preauthenticate u
|
||
|
before being allowed to kinit. (Sets the
|
||
|
.SM KRB5_KDB_REQUIRES_HW_AUTH
|
||
|
flag.)
|
||
|
-.B -requires_hwauth
|
||
|
+.B \-requires_hwauth
|
||
|
clears this flag.
|
||
|
.TP
|
||
|
{\fB\-\fP|\fB+\fP}\fBallow_svr\fP
|
||
|
-.B -allow_svr
|
||
|
+.B \-allow_svr
|
||
|
prohibits the issuance of service tickets for principals. (Sets the
|
||
|
.SM KRB5_KDB_DISALLOW_SVR
|
||
|
flag.)
|
||
|
@@ -639,7 +639,7 @@ flag on principals in the database.
|
||
|
Specifies the name of the ticket policy.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu create_policy -r ATHENA.MIT.EDU -maxtktlife "1 day" -maxrenewlife "1 week" -allow_postdated +needchange -allow_forwardable tktpolicy\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu create_policy \-r ATHENA.MIT.EDU \-maxtktlife "1 day" \-maxrenewlife "1 week" \-allow_postdated +needchange \-allow_forwardable tktpolicy\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
.fi
|
||
|
@@ -657,7 +657,7 @@ returned by
|
||
|
is used.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify_policy -r ATHENA.MIT.EDU -maxtktlife "60 minutes" -maxrenewlife "10 hours" +allow_postdated -requires_preauth tktpolicy\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu modify_policy \-r ATHENA.MIT.EDU \-maxtktlife "60 minutes" \-maxrenewlife "10 hours" +allow_postdated \-requires_preauth tktpolicy\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
.fi
|
||
|
@@ -671,7 +671,7 @@ Displays the attributes of a ticket poli
|
||
|
Specifies the name of the ticket policy.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view_policy -r ATHENA.MIT.EDU tktpolicy\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu view_policy \-r ATHENA.MIT.EDU tktpolicy\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
Ticket policy: tktpolicy
|
||
|
@@ -700,7 +700,7 @@ to confirm the deletion.
|
||
|
Specifies the name of the ticket policy.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy_policy -r ATHENA.MIT.EDU tktpolicy\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu destroy_policy \-r ATHENA.MIT.EDU tktpolicy\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
This will delete the policy object 'tktpolicy', are you sure?
|
||
|
@@ -720,7 +720,7 @@ returned by
|
||
|
is used.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list_policy -r ATHENA.MIT.EDU\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu list_policy \-r ATHENA.MIT.EDU\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
tktpolicy
|
||
|
@@ -735,22 +735,22 @@ userpolicy
|
||
|
\fBsetsrvpw\fP [\fB\-randpw\fP|\fB\-fileonly\fP] [\fB\-f\fP\ \fIfilename\fP] \fIservice_dn\fP
|
||
|
Allows an administrator to set password for service objects such as KDC and Administration server in
|
||
|
eDirectory and store them in a file. The
|
||
|
-.I -fileonly
|
||
|
+.I \-fileonly
|
||
|
option stores the password in a file and not in the eDirectory object. Options:
|
||
|
.RS
|
||
|
.TP
|
||
|
\fB\-randpw \fP
|
||
|
Generates and sets a random password. This options can be specified to store the password both in eDirectory and a file. The
|
||
|
-.I -fileonly
|
||
|
+.I \-fileonly
|
||
|
option can not be used if
|
||
|
-.I -randpw
|
||
|
+.I \-randpw
|
||
|
option is already specified.
|
||
|
.TP
|
||
|
\fB\-fileonly\fP
|
||
|
Stores the password only in a file and not in eDirectory. The
|
||
|
-.I -randpw
|
||
|
+.I \-randpw
|
||
|
option can not be used when
|
||
|
-.I -fileonly
|
||
|
+.I \-fileonly
|
||
|
options is specified.
|
||
|
.TP
|
||
|
\fB\-f\fP\ \fIfilename\fP
|
||
|
@@ -760,7 +760,7 @@ Specifies complete path of the service p
|
||
|
Specifies Distinguished name (DN) of the service object whose password is to be set.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util setsrvpw -D cn=admin,o=org setsrvpw -fileonly -f /home/andrew/conf_keyfile
|
||
|
+\fBkdb5_ldap_util setsrvpw \-D cn=admin,o=org setsrvpw \-fileonly \-f /home/andrew/conf_keyfile
|
||
|
cn=service-kdc,o=org\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
@@ -792,16 +792,16 @@ separated by a colon (:).
|
||
|
.TP
|
||
|
\fB\-randpw \fP
|
||
|
Generates and sets a random password. This option is used to set the random password for the service object in directory and also to store it in the file. The
|
||
|
-.I -fileonly
|
||
|
+.I \-fileonly
|
||
|
option can not be used if
|
||
|
-.I -randpw
|
||
|
+.I \-randpw
|
||
|
option is specified.
|
||
|
.TP
|
||
|
\fB\-fileonly\fP
|
||
|
Stores the password only in a file and not in eDirectory. The
|
||
|
-.I -randpw
|
||
|
+.I \-randpw
|
||
|
option can not be used when
|
||
|
-.I -fileonly
|
||
|
+.I \-fileonly
|
||
|
option is specified.
|
||
|
.TP
|
||
|
\fB\-f\fP\ \fIfilename\fP
|
||
|
@@ -811,7 +811,7 @@ Specifies the complete path of the file
|
||
|
Specifies Distinguished name (DN) of the Kerberos service to be created.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org create_service -kdc -randpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org create_service \-kdc \-randpw \-f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
File does not exist. Creating the file /home/andrew/conf_keyfile...
|
||
|
@@ -855,7 +855,7 @@ realms separated by a colon (:).
|
||
|
Specifies Distinguished name (DN) of the Kerberos service to be modified.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org modify_service -realm ATHENA.MIT.EDU
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org modify_service \-realm ATHENA.MIT.EDU
|
||
|
cn=service-kdc,o=org\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
@@ -871,7 +871,7 @@ Displays the attributes of a service. O
|
||
|
Specifies Distinguished name (DN) of the Kerberos service to be viewed.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org view_service cn=service-kdc,o=org\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org view_service cn=service-kdc,o=org\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
Service dn: cn=service-kdc,o=org
|
||
|
@@ -897,7 +897,7 @@ needs to be removed.
|
||
|
Specifies Distinguished name (DN) of the Kerberos service to be destroyed.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org destroy_service cn=service-kdc,o=org\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org destroy_service cn=service-kdc,o=org\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
This will delete the service object 'cn=service-kdc,o=org', are you sure?
|
||
|
@@ -922,7 +922,7 @@ for the base DN is
|
||
|
.B Root.
|
||
|
.TP
|
||
|
EXAMPLE:
|
||
|
-\fBkdb5_ldap_util -D cn=admin,o=org list_service\fP
|
||
|
+\fBkdb5_ldap_util \-D cn=admin,o=org list_service\fP
|
||
|
.nf
|
||
|
Password for "cn=admin,o=org":
|
||
|
cn=service-kdc,o=org
|
||
|
Index: src/plugins/kdb/db2/libdb2/test/run.test
|
||
|
===================================================================
|
||
|
--- src/plugins/kdb/db2/libdb2/test/run.test.orig
|
||
|
+++ src/plugins/kdb/db2/libdb2/test/run.test
|
||
|
@@ -34,7 +34,7 @@ main()
|
||
|
bindir=/bin/.
|
||
|
|
||
|
if [ $# -eq 0 ]; then
|
||
|
- for t in 1 2 3 4 5 6 7 8 9 10 11 12 13 20; do
|
||
|
+ for t in 1 2 3 4 5 6 7 8 9 10 11 12 13 20 40 41; do
|
||
|
test$t
|
||
|
done
|
||
|
else
|
||
|
@@ -45,7 +45,7 @@ main()
|
||
|
[0-9]*)
|
||
|
test$1;;
|
||
|
btree)
|
||
|
- for t in 1 2 3 7 8 9 10 12 13; do
|
||
|
+ for t in 1 2 3 7 8 9 10 12 13 40 41; do
|
||
|
test$t
|
||
|
done;;
|
||
|
hash)
|
||
|
@@ -743,4 +743,162 @@ bsize=$bsize ffactor=$ffactor nelem=2500
|
||
|
done
|
||
|
}
|
||
|
|
||
|
+# Test for a weird page split condition where an insertion into index
|
||
|
+# 0 of a page that would cause the new item to be the only item on the
|
||
|
+# left page results in index 0 of the right page being erroneously
|
||
|
+# skipped; this only happens with one particular key+data length for
|
||
|
+# each page size.
|
||
|
+test40 () {
|
||
|
+ echo "Test 40: btree: page split on index 0"
|
||
|
+ e=:
|
||
|
+ for psize in 512 1024 2048 4096 8192; do
|
||
|
+ echo " page size $psize"
|
||
|
+ kdsizes=`awk 'BEGIN {
|
||
|
+ psize = '$psize'; hsize = int(psize/2);
|
||
|
+ for (kdsize = hsize-40; kdsize <= hsize; kdsize++) {
|
||
|
+ print kdsize;
|
||
|
+ }
|
||
|
+ }' /dev/null`
|
||
|
+
|
||
|
+ # Use a series of keylen+datalen values in the right
|
||
|
+ # neighborhood to find the one that triggers the bug.
|
||
|
+ # We could compute the exact size that triggers the
|
||
|
+ # bug but this additional fuzz may be useful.
|
||
|
+
|
||
|
+ # Insert keys in reverse order to maximize the chances
|
||
|
+ # for a split on index 0.
|
||
|
+
|
||
|
+ for kdsize in $kdsizes; do
|
||
|
+ awk 'BEGIN {
|
||
|
+ kdsize = '$kdsize';
|
||
|
+ for (i = 8; i-- > 0; ) {
|
||
|
+ s = sprintf("a%03d:%09d", i, kdsize);
|
||
|
+ for (j = 0; j < kdsize-20; j++) {
|
||
|
+ s = s "x";
|
||
|
+ }
|
||
|
+ printf("p\nka%03d\nd%s\n", i, s);
|
||
|
+ }
|
||
|
+ print "o";
|
||
|
+ }' /dev/null > $TMP2
|
||
|
+ sed -n 's/^d//p' $TMP2 | sort > $TMP1
|
||
|
+ $PROG -o $TMP3 -i psize=$psize btree $TMP2
|
||
|
+ if (cmp -s $TMP1 $TMP3); then :
|
||
|
+ else
|
||
|
+ echo "test40: btree: page size $psize, \
|
||
|
+keylen+datalen=$kdsize failed"
|
||
|
+ e='exit 1'
|
||
|
+ fi
|
||
|
+ done
|
||
|
+ done
|
||
|
+ $e
|
||
|
+}
|
||
|
+
|
||
|
+# Extremely tricky test attempting to replicate some unusual database
|
||
|
+# corruption seen in the field: pieces of the database becoming
|
||
|
+# inaccessible to random access, sequential access, or both. The
|
||
|
+# hypothesis is that at least some of these are triggered by the bug
|
||
|
+# in page splits on index 0 with a particular exact keylen+datalen.
|
||
|
+# (See Test 40.) For psize=4096, this size is exactly 2024.
|
||
|
+
|
||
|
+# The order of operations here relies on very specific knowledge of
|
||
|
+# the internals of the btree access method in order to place records
|
||
|
+# at specific offsets in a page and to create certain keys on internal
|
||
|
+# pages. The to-be-split page immediately prior to the bug-triggering
|
||
|
+# split has the following properties:
|
||
|
+#
|
||
|
+# * is not the leftmost leaf page
|
||
|
+# * key on the parent page is compares less than the key of the item
|
||
|
+# on index 0
|
||
|
+# * triggering record's key also compares greater than the key on the
|
||
|
+# parent page
|
||
|
+
|
||
|
+# Additionally, we prime the mpool LRU chain so that the head page on
|
||
|
+# the chain has the following properties:
|
||
|
+#
|
||
|
+# * record at index 0 is located where it will not get overwritten by
|
||
|
+# items written to the right-hand page during the split
|
||
|
+# * key of the record at index 0 compares less than the key of the
|
||
|
+# bug-triggering record
|
||
|
+
|
||
|
+# If the page-split bug exists, this test appears to create a database
|
||
|
+# where some records are inaccessible to a search, but still remain in
|
||
|
+# the file and are accessible by sequential traversal. At least one
|
||
|
+# record gets duplicated out of sequence.
|
||
|
+
|
||
|
+test41 () {
|
||
|
+ echo "Test 41: btree: no unsearchables due to page split on index 0"
|
||
|
+ # list of individual retrievals in a variable for easy reuse
|
||
|
+ list=`(for i in a b c d; do
|
||
|
+ for j in 990 998 999; do
|
||
|
+ echo g ${i}${j} 1024
|
||
|
+ done
|
||
|
+ done;
|
||
|
+ echo g y997 2014
|
||
|
+ for i in y z; do
|
||
|
+ for j in 998 999; do
|
||
|
+ echo g ${i}${j} 1024
|
||
|
+ done
|
||
|
+ done)`
|
||
|
+ # Exact number for trigger condition accounts for newlines
|
||
|
+ # retained by dbtest with -ofile but not without; we use
|
||
|
+ # -ofile, so count newlines. keylen=5,datalen=5+2014 for
|
||
|
+ # psize=4096 here.
|
||
|
+ (cat - <<EOF
|
||
|
+p z999 1024
|
||
|
+p z998 1024
|
||
|
+p y999 1024
|
||
|
+p y990 1024
|
||
|
+p d999 1024
|
||
|
+p d990 1024
|
||
|
+p c999 1024
|
||
|
+p c990 1024
|
||
|
+p b999 1024
|
||
|
+p b990 1024
|
||
|
+p a999 1024
|
||
|
+p a990 1024
|
||
|
+p y998 1024
|
||
|
+r y990
|
||
|
+p d998 1024
|
||
|
+p d990 1024
|
||
|
+p c998 1024
|
||
|
+p c990 1024
|
||
|
+p b998 1024
|
||
|
+p b990 1024
|
||
|
+p a998 1024
|
||
|
+p a990 1024
|
||
|
+p y997 2014
|
||
|
+S
|
||
|
+o
|
||
|
+EOF
|
||
|
+ echo "$list") |
|
||
|
+ # awk script input:
|
||
|
+ # {p|g|r} key [datasize]
|
||
|
+ awk '/^[pgr]/{
|
||
|
+ printf("%s\nk%s\n", $1, $2);
|
||
|
+ }
|
||
|
+ /^p/{
|
||
|
+ s = $2;
|
||
|
+ for (i = 0; i < $3; i++) {
|
||
|
+ s = s "x";
|
||
|
+ }
|
||
|
+ printf("d%s\n", s);
|
||
|
+ }
|
||
|
+ !/^[pgr]/{
|
||
|
+ print $0;
|
||
|
+ }' > $TMP2
|
||
|
+ (echo "$list"; echo "$list") | awk '{
|
||
|
+ s = $2;
|
||
|
+ for (i = 0; i < $3; i++) {
|
||
|
+ s = s "x";
|
||
|
+ }
|
||
|
+ print s;
|
||
|
+ }' > $TMP1
|
||
|
+ $PROG -o $TMP3 -i psize=4096 btree $TMP2
|
||
|
+ if (cmp -s $TMP1 $TMP3); then :
|
||
|
+ else
|
||
|
+ echo "test41: btree: failed"
|
||
|
+ exit 1
|
||
|
+ fi
|
||
|
+}
|
||
|
+
|
||
|
main $*
|
||
|
Index: src/plugins/kdb/db2/libdb2/mpool/mpool.c
|
||
|
===================================================================
|
||
|
--- src/plugins/kdb/db2/libdb2/mpool/mpool.c.orig
|
||
|
+++ src/plugins/kdb/db2/libdb2/mpool/mpool.c
|
||
|
@@ -377,7 +377,7 @@ mpool_bkt(mp)
|
||
|
head = &mp->hqh[HASHKEY(bp->pgno)];
|
||
|
CIRCLEQ_REMOVE(head, bp, hq);
|
||
|
CIRCLEQ_REMOVE(&mp->lqh, bp, q);
|
||
|
-#ifdef DEBUG
|
||
|
+#if defined(DEBUG) && !defined(DEBUG_IDX0SPLIT)
|
||
|
{ void *spage;
|
||
|
spage = bp->page;
|
||
|
memset(bp, 0xff, sizeof(BKT) + mp->pagesize);
|
||
|
Index: src/plugins/kdb/db2/libdb2/btree/bt_debug.c
|
||
|
===================================================================
|
||
|
--- src/plugins/kdb/db2/libdb2/btree/bt_debug.c.orig
|
||
|
+++ src/plugins/kdb/db2/libdb2/btree/bt_debug.c
|
||
|
@@ -257,7 +257,8 @@ __bt_dpage(dbp, h)
|
||
|
*(db_pgno_t *)bl->bytes,
|
||
|
*(u_int32_t *)(bl->bytes + sizeof(db_pgno_t)));
|
||
|
else if (bl->ksize)
|
||
|
- (void)fprintf(tracefp, "%s/", bl->bytes);
|
||
|
+ (void)fprintf(tracefp, "%.*s/",
|
||
|
+ (int)bl->ksize, bl->bytes);
|
||
|
if (bl->flags & P_BIGDATA)
|
||
|
(void)fprintf(tracefp,
|
||
|
"big data page %lu size %u",
|
||
|
Index: src/plugins/kdb/db2/libdb2/btree/bt_split.c
|
||
|
===================================================================
|
||
|
--- src/plugins/kdb/db2/libdb2/btree/bt_split.c.orig
|
||
|
+++ src/plugins/kdb/db2/libdb2/btree/bt_split.c
|
||
|
@@ -727,7 +727,7 @@ bt_psplit(t, h, l, r, pskip, ilen)
|
||
|
* the right page.
|
||
|
*/
|
||
|
if (skip <= off) {
|
||
|
- skip = 0;
|
||
|
+ skip = (indx_t)-1;
|
||
|
rval = l;
|
||
|
} else {
|
||
|
rval = r;
|
||
|
@@ -737,7 +737,7 @@ bt_psplit(t, h, l, r, pskip, ilen)
|
||
|
for (off = 0; nxt < top; ++off) {
|
||
|
if (skip == nxt) {
|
||
|
++off;
|
||
|
- skip = 0;
|
||
|
+ skip = (indx_t)-1;
|
||
|
}
|
||
|
switch (h->flags & P_TYPE) {
|
||
|
case P_BINTERNAL:
|
||
|
Index: src/plugins/preauth/pkinit/configure.in
|
||
|
===================================================================
|
||
|
--- src/plugins/preauth/pkinit/configure.in.orig
|
||
|
+++ src/plugins/preauth/pkinit/configure.in
|
||
|
@@ -6,8 +6,6 @@ AC_CHECK_HEADERS(unistd.h)
|
||
|
AC_TYPE_MODE_T
|
||
|
AC_TYPE_OFF_T
|
||
|
|
||
|
-AC_CHECK_FUNCS()
|
||
|
-
|
||
|
# XXX This is incorrect, but should cause -lcrypto to be included by default
|
||
|
AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
|
||
|
|
||
|
Index: src/appl/gssftp/ftp/ftp.M
|
||
|
===================================================================
|
||
|
--- src/appl/gssftp/ftp/ftp.M.orig
|
||
|
+++ src/appl/gssftp/ftp/ftp.M
|
||
|
@@ -537,7 +537,7 @@ $1.$2 and the remote file name "mydata.d
|
||
|
"mydata", and $2 would have the value "data". The
|
||
|
.I outpattern
|
||
|
determines the resulting mapped filename. The sequences `$1', `$2',
|
||
|
-...., `$9' are replaced by any value resulting from the
|
||
|
+\&..., `$9' are replaced by any value resulting from the
|
||
|
.I inpattern
|
||
|
template. The sequence `$0' is replace by the original filename.
|
||
|
Additionally, the sequence `[\fIseq1\fP, \fIseq2\fP]' is replaced by
|
||
|
Index: src/appl/bsd/v4rcp.M
|
||
|
===================================================================
|
||
|
--- src/appl/bsd/v4rcp.M.orig
|
||
|
+++ src/appl/bsd/v4rcp.M
|
||
|
@@ -1,5 +1,5 @@
|
||
|
.\" appl/bsd/v4rcp.M
|
||
|
-.TH RCP 1 \*h
|
||
|
+.TH V4RCP 1
|
||
|
.SH NAME
|
||
|
v4rcp \- back end for Kerberos V4 rcp
|
||
|
.SH SYNOPSIS
|
||
|
Index: src/appl/telnet/telnet/telnet.1
|
||
|
===================================================================
|
||
|
--- src/appl/telnet/telnet/telnet.1.orig
|
||
|
+++ src/appl/telnet/telnet/telnet.1
|
||
|
@@ -625,7 +625,7 @@ Sends the
|
||
|
.TP
|
||
|
.B escape
|
||
|
Sends the current
|
||
|
-.b telnet
|
||
|
+.B telnet
|
||
|
escape character (initially ``^''.
|
||
|
.TP
|
||
|
.B ga
|
||
|
@@ -761,7 +761,7 @@ character.
|
||
|
If
|
||
|
.B telnet
|
||
|
is in
|
||
|
-.b localchars
|
||
|
+.B localchars
|
||
|
mode (see
|
||
|
.B toggle localchars
|
||
|
below),
|
||
|
@@ -1296,9 +1296,9 @@ is omitted, then an interactive subshell
|
||
|
.TP
|
||
|
\fB\&?\fP \fIcommand\fP
|
||
|
Get help. With no arguments,
|
||
|
-.b telnet
|
||
|
+.B telnet
|
||
|
prints a help summary. If a command is specified,
|
||
|
-.b telnet
|
||
|
+.B telnet
|
||
|
will print the help information for just that command.
|
||
|
.SH ENVIRONMENT
|
||
|
.B Telnet
|
||
|
Index: src/clients/kpasswd/kpasswd.M
|
||
|
===================================================================
|
||
|
--- src/clients/kpasswd/kpasswd.M.orig
|
||
|
+++ src/clients/kpasswd/kpasswd.M
|
||
|
@@ -21,8 +21,7 @@
|
||
|
.\" this software for any purpose. It is provided "as is" without express
|
||
|
.\" or implied warranty.
|
||
|
.\" "
|
||
|
-.\.so man1/header.doc
|
||
|
-.TH KPASSWD 1 \*h
|
||
|
+.TH KPASSWD 1
|
||
|
.SH NAME
|
||
|
kpasswd \- change a user's Kerberos password
|
||
|
.SH SYNOPSIS
|
||
|
Index: src/gen-manpages/k5login.M
|
||
|
===================================================================
|
||
|
--- src/gen-manpages/k5login.M.orig
|
||
|
+++ src/gen-manpages/k5login.M
|
||
|
@@ -1,6 +1,6 @@
|
||
|
.TH .K5LOGIN 5
|
||
|
.SH NAME
|
||
|
-.k5login \- Kerberos V5 acl file for host access.
|
||
|
+\&.k5login \- Kerberos V5 acl file for host access.
|
||
|
.SH DESCRIPTION
|
||
|
The
|
||
|
.B .k5login
|
||
|
Index: src/kadmin/dbutil/kdb5_destroy.c
|
||
|
===================================================================
|
||
|
--- src/kadmin/dbutil/kdb5_destroy.c.orig
|
||
|
+++ src/kadmin/dbutil/kdb5_destroy.c
|
||
|
@@ -60,19 +60,16 @@ kdb5_destroy(argc, argv)
|
||
|
retval1 = kadm5_init_krb5_context(&context);
|
||
|
if( retval1 )
|
||
|
{
|
||
|
- com_err(argv[0], retval1, "while initializing krb5_context");
|
||
|
+ com_err(progname, retval1, "while initializing krb5_context");
|
||
|
exit(1);
|
||
|
}
|
||
|
|
||
|
if ((retval1 = krb5_set_default_realm(context,
|
||
|
util_context->default_realm))) {
|
||
|
- com_err(argv[0], retval1, "while setting default realm name");
|
||
|
+ com_err(progname, retval1, "while setting default realm name");
|
||
|
exit(1);
|
||
|
}
|
||
|
|
||
|
- if (strrchr(argv[0], '/'))
|
||
|
- argv[0] = strrchr(argv[0], '/')+1;
|
||
|
-
|
||
|
dbname = global_params.dbname;
|
||
|
|
||
|
optind = 1;
|
||
|
@@ -102,7 +99,7 @@ kdb5_destroy(argc, argv)
|
||
|
|
||
|
retval1 = krb5_db_destroy(context, db5util_db_args);
|
||
|
if (retval1) {
|
||
|
- com_err(argv[0], retval1, "deleting database '%s'",dbname);
|
||
|
+ com_err(progname, retval1, "deleting database '%s'",dbname);
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
|
||
|
Index: src/kadmin/dbutil/dump.c
|
||
|
===================================================================
|
||
|
--- src/kadmin/dbutil/dump.c.orig
|
||
|
+++ src/kadmin/dbutil/dump.c
|
||
|
@@ -1016,7 +1016,6 @@ dump_db(argc, argv)
|
||
|
{
|
||
|
FILE *f;
|
||
|
struct dump_args arglist;
|
||
|
- char *programname;
|
||
|
char *ofile;
|
||
|
krb5_error_code kret, retval;
|
||
|
dump_version *dump;
|
||
|
@@ -1027,9 +1026,6 @@ dump_db(argc, argv)
|
||
|
/*
|
||
|
* Parse the arguments.
|
||
|
*/
|
||
|
- programname = argv[0];
|
||
|
- if (strrchr(programname, (int) '/'))
|
||
|
- programname = strrchr(argv[0], (int) '/') + 1;
|
||
|
ofile = (char *) NULL;
|
||
|
dump = &r1_3_version;
|
||
|
arglist.verbose = 0;
|
||
|
@@ -1081,7 +1077,7 @@ dump_db(argc, argv)
|
||
|
* to be opened if we try a dump that uses it.
|
||
|
*/
|
||
|
if (!dbactive) {
|
||
|
- com_err(argv[0], 0, Err_no_database);
|
||
|
+ com_err(progname, 0, Err_no_database);
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
@@ -1099,7 +1095,7 @@ dump_db(argc, argv)
|
||
|
(char *) NULL, 0,
|
||
|
&master_keyblock);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval,
|
||
|
+ com_err(progname, retval,
|
||
|
"while reading master key");
|
||
|
exit(1);
|
||
|
}
|
||
|
@@ -1107,7 +1103,7 @@ dump_db(argc, argv)
|
||
|
master_princ,
|
||
|
&master_keyblock);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval,
|
||
|
+ com_err(progname, retval,
|
||
|
"while verifying master key");
|
||
|
exit(1);
|
||
|
}
|
||
|
@@ -1124,7 +1120,7 @@ dump_db(argc, argv)
|
||
|
TRUE,
|
||
|
new_mkey_file, 0,
|
||
|
&new_master_keyblock))) {
|
||
|
- com_err(argv[0], retval, "while reading new master key");
|
||
|
+ com_err(progname, retval, "while reading new master key");
|
||
|
exit(1);
|
||
|
}
|
||
|
}
|
||
|
@@ -1150,7 +1146,7 @@ dump_db(argc, argv)
|
||
|
unlink(ofile);
|
||
|
if (!(f = fopen(ofile, "w"))) {
|
||
|
fprintf(stderr, ofopen_error,
|
||
|
- programname, ofile, error_message(errno));
|
||
|
+ progname, ofile, error_message(errno));
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
@@ -1158,7 +1154,7 @@ dump_db(argc, argv)
|
||
|
fileno(f),
|
||
|
KRB5_LOCKMODE_EXCLUSIVE))) {
|
||
|
fprintf(stderr, oflock_error,
|
||
|
- programname, ofile, error_message(kret));
|
||
|
+ progname, ofile, error_message(kret));
|
||
|
exit_status++;
|
||
|
}
|
||
|
else
|
||
|
@@ -1167,7 +1163,7 @@ dump_db(argc, argv)
|
||
|
f = stdout;
|
||
|
}
|
||
|
if (f && !(kret)) {
|
||
|
- arglist.programname = programname;
|
||
|
+ arglist.programname = progname;
|
||
|
arglist.ofile = f;
|
||
|
arglist.kcontext = util_context;
|
||
|
fprintf(arglist.ofile, "%s", dump->header);
|
||
|
@@ -1179,13 +1175,13 @@ dump_db(argc, argv)
|
||
|
dump->dump_princ,
|
||
|
(krb5_pointer) &arglist))) { /* TBD: backwards and recursive not supported */
|
||
|
fprintf(stderr, dumprec_err,
|
||
|
- programname, dump->name, error_message(kret));
|
||
|
+ progname, dump->name, error_message(kret));
|
||
|
exit_status++;
|
||
|
}
|
||
|
if (dump->dump_policy &&
|
||
|
(kret = krb5_db_iter_policy( util_context, "*", dump->dump_policy,
|
||
|
&arglist))) {
|
||
|
- fprintf(stderr, dumprec_err, programname, dump->name,
|
||
|
+ fprintf(stderr, dumprec_err, progname, dump->name,
|
||
|
error_message(kret));
|
||
|
exit_status++;
|
||
|
}
|
||
|
@@ -2126,7 +2122,6 @@ load_db(argc, argv)
|
||
|
FILE *f;
|
||
|
extern char *optarg;
|
||
|
extern int optind;
|
||
|
- char *programname;
|
||
|
char *dumpfile;
|
||
|
char *dbname;
|
||
|
char *dbname_tmp;
|
||
|
@@ -2140,9 +2135,6 @@ load_db(argc, argv)
|
||
|
/*
|
||
|
* Parse the arguments.
|
||
|
*/
|
||
|
- programname = argv[0];
|
||
|
- if (strrchr(programname, (int) '/'))
|
||
|
- programname = strrchr(argv[0], (int) '/') + 1;
|
||
|
dumpfile = (char *) NULL;
|
||
|
dbname = global_params.dbname;
|
||
|
load = NULL;
|
||
|
@@ -2180,7 +2172,7 @@ load_db(argc, argv)
|
||
|
|
||
|
if (!(dbname_tmp = (char *) malloc(strlen(dbname)+
|
||
|
strlen(dump_tmptrail)+1))) {
|
||
|
- fprintf(stderr, no_name_mem_fmt, argv[0]);
|
||
|
+ fprintf(stderr, no_name_mem_fmt, progname);
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
@@ -2191,7 +2183,7 @@ load_db(argc, argv)
|
||
|
* Initialize the Kerberos context and error tables.
|
||
|
*/
|
||
|
if ((kret = kadm5_init_krb5_context(&kcontext))) {
|
||
|
- fprintf(stderr, ctx_err_fmt, programname);
|
||
|
+ fprintf(stderr, ctx_err_fmt, progname);
|
||
|
free(dbname_tmp);
|
||
|
exit_status++;
|
||
|
return;
|
||
|
@@ -2199,7 +2191,7 @@ load_db(argc, argv)
|
||
|
|
||
|
if( (kret = krb5_set_default_realm(kcontext, util_context->default_realm)) )
|
||
|
{
|
||
|
- fprintf(stderr, "%s: Unable to set the default realm\n", programname);
|
||
|
+ fprintf(stderr, "%s: Unable to set the default realm\n", progname);
|
||
|
free(dbname_tmp);
|
||
|
exit_status++;
|
||
|
return;
|
||
|
@@ -2210,14 +2202,14 @@ load_db(argc, argv)
|
||
|
*/
|
||
|
if (dumpfile) {
|
||
|
if ((f = fopen(dumpfile, "r")) == NULL) {
|
||
|
- fprintf(stderr, dfile_err_fmt, programname, dumpfile,
|
||
|
+ fprintf(stderr, dfile_err_fmt, progname, dumpfile,
|
||
|
error_message(errno));
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
if ((kret = krb5_lock_file(kcontext, fileno(f),
|
||
|
KRB5_LOCKMODE_SHARED))) {
|
||
|
- fprintf(stderr, "%s: Cannot lock %s: %s\n", programname,
|
||
|
+ fprintf(stderr, "%s: Cannot lock %s: %s\n", progname,
|
||
|
dumpfile, error_message(errno));
|
||
|
exit_status++;
|
||
|
return;
|
||
|
@@ -2233,7 +2225,7 @@ load_db(argc, argv)
|
||
|
if (load) {
|
||
|
/* only check what we know; some headers only contain a prefix */
|
||
|
if (strncmp(buf, load->header, strlen(load->header)) != 0) {
|
||
|
- fprintf(stderr, head_bad_fmt, programname, dumpfile);
|
||
|
+ fprintf(stderr, head_bad_fmt, progname, dumpfile);
|
||
|
exit_status++;
|
||
|
if (dumpfile) fclose(f);
|
||
|
return;
|
||
|
@@ -2252,7 +2244,7 @@ load_db(argc, argv)
|
||
|
strlen(ov_version.header)) == 0)
|
||
|
load = &ov_version;
|
||
|
else {
|
||
|
- fprintf(stderr, head_bad_fmt, programname, dumpfile);
|
||
|
+ fprintf(stderr, head_bad_fmt, progname, dumpfile);
|
||
|
exit_status++;
|
||
|
if (dumpfile) fclose(f);
|
||
|
return;
|
||
|
@@ -2260,7 +2252,7 @@ load_db(argc, argv)
|
||
|
}
|
||
|
if (load->updateonly && !update) {
|
||
|
fprintf(stderr, "%s: dump version %s can only be loaded with the "
|
||
|
- "-update flag\n", programname, load->name);
|
||
|
+ "-update flag\n", progname, load->name);
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
@@ -2277,7 +2269,7 @@ load_db(argc, argv)
|
||
|
|
||
|
if ((kret = kadm5_get_config_params(kcontext, 1,
|
||
|
&newparams, &newparams))) {
|
||
|
- com_err(argv[0], kret,
|
||
|
+ com_err(progname, kret,
|
||
|
"while retreiving new configuration parameters");
|
||
|
exit_status++;
|
||
|
return;
|
||
|
@@ -2301,11 +2293,11 @@ load_db(argc, argv)
|
||
|
*/
|
||
|
|
||
|
if (emsg != NULL) {
|
||
|
- fprintf(stderr, "%s: %s\n", programname, emsg);
|
||
|
+ fprintf(stderr, "%s: %s\n", progname, emsg);
|
||
|
krb5_free_error_message (kcontext, emsg);
|
||
|
} else {
|
||
|
fprintf(stderr, dbcreaterr_fmt,
|
||
|
- programname, dbname, error_message(kret));
|
||
|
+ progname, dbname, error_message(kret));
|
||
|
}
|
||
|
exit_status++;
|
||
|
kadm5_free_config_params(kcontext, &newparams);
|
||
|
@@ -2326,11 +2318,11 @@ load_db(argc, argv)
|
||
|
*/
|
||
|
|
||
|
if (emsg != NULL) {
|
||
|
- fprintf(stderr, "%s: %s\n", programname, emsg);
|
||
|
+ fprintf(stderr, "%s: %s\n", progname, emsg);
|
||
|
krb5_free_error_message (kcontext, emsg);
|
||
|
} else {
|
||
|
fprintf(stderr, dbinit_err_fmt,
|
||
|
- programname, error_message(kret));
|
||
|
+ progname, error_message(kret));
|
||
|
}
|
||
|
exit_status++;
|
||
|
goto error;
|
||
|
@@ -2349,7 +2341,7 @@ load_db(argc, argv)
|
||
|
*/
|
||
|
if (kret != KRB5_PLUGIN_OP_NOTSUPP) {
|
||
|
fprintf(stderr, "%s: %s while permanently locking database\n",
|
||
|
- programname, error_message(kret));
|
||
|
+ progname, error_message(kret));
|
||
|
exit_status++;
|
||
|
goto error;
|
||
|
}
|
||
|
@@ -2357,10 +2349,10 @@ load_db(argc, argv)
|
||
|
else
|
||
|
db_locked = 1;
|
||
|
|
||
|
- if (restore_dump(programname, kcontext, (dumpfile) ? dumpfile : stdin_name,
|
||
|
+ if (restore_dump(progname, kcontext, (dumpfile) ? dumpfile : stdin_name,
|
||
|
f, verbose, load)) {
|
||
|
fprintf(stderr, restfail_fmt,
|
||
|
- programname, load->name);
|
||
|
+ progname, load->name);
|
||
|
exit_status++;
|
||
|
}
|
||
|
|
||
|
@@ -2373,14 +2365,14 @@ load_db(argc, argv)
|
||
|
if (db_locked && (kret = krb5_db_unlock(kcontext))) {
|
||
|
/* change this error? */
|
||
|
fprintf(stderr, dbunlockerr_fmt,
|
||
|
- programname, dbname, error_message(kret));
|
||
|
+ progname, dbname, error_message(kret));
|
||
|
exit_status++;
|
||
|
}
|
||
|
|
||
|
#if 0
|
||
|
if ((kret = krb5_db_fini(kcontext))) {
|
||
|
fprintf(stderr, close_err_fmt,
|
||
|
- programname, error_message(kret));
|
||
|
+ progname, error_message(kret));
|
||
|
exit_status++;
|
||
|
}
|
||
|
#endif
|
||
|
@@ -2395,7 +2387,7 @@ load_db(argc, argv)
|
||
|
*/
|
||
|
if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) {
|
||
|
fprintf(stderr, "%s: cannot make newly loaded database live (%s)\n",
|
||
|
- programname, error_message(kret));
|
||
|
+ progname, error_message(kret));
|
||
|
exit_status++;
|
||
|
}
|
||
|
}
|
||
|
@@ -2416,7 +2408,7 @@ error:
|
||
|
*/
|
||
|
if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) {
|
||
|
fprintf(stderr, dbdelerr_fmt,
|
||
|
- programname, dbname, error_message(kret));
|
||
|
+ progname, dbname, error_message(kret));
|
||
|
exit_status++;
|
||
|
}
|
||
|
}
|
||
|
Index: src/kadmin/dbutil/kdb5_create.c
|
||
|
===================================================================
|
||
|
--- src/kadmin/dbutil/kdb5_create.c.orig
|
||
|
+++ src/kadmin/dbutil/kdb5_create.c
|
||
|
@@ -162,9 +162,6 @@ void kdb5_create(argc, argv)
|
||
|
int do_stash = 0;
|
||
|
krb5_data pwd, seed;
|
||
|
|
||
|
- if (strrchr(argv[0], '/'))
|
||
|
- argv[0] = strrchr(argv[0], '/')+1;
|
||
|
-
|
||
|
while ((optchar = getopt(argc, argv, "s")) != -1) {
|
||
|
switch(optchar) {
|
||
|
case 's':
|
||
|
@@ -193,7 +190,7 @@ void kdb5_create(argc, argv)
|
||
|
printf ("Loading random data\n");
|
||
|
retval = krb5_c_random_os_entropy (util_context, 1, NULL);
|
||
|
if (retval) {
|
||
|
- com_err (argv[0], retval, "Loading random data");
|
||
|
+ com_err (progname, retval, "Loading random data");
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
|
||
|
@@ -203,7 +200,7 @@ void kdb5_create(argc, argv)
|
||
|
global_params.mkey_name,
|
||
|
global_params.realm,
|
||
|
&mkey_fullname, &master_princ))) {
|
||
|
- com_err(argv[0], retval, "while setting up master key name");
|
||
|
+ com_err(progname, retval, "while setting up master key name");
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
|
||
|
@@ -229,7 +226,7 @@ master key name '%s'\n",
|
||
|
retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
|
||
|
pw_str, &pw_size);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while reading master key from keyboard");
|
||
|
+ com_err(progname, retval, "while reading master key from keyboard");
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
mkey_password = pw_str;
|
||
|
@@ -239,14 +236,14 @@ master key name '%s'\n",
|
||
|
pwd.length = strlen(mkey_password);
|
||
|
retval = krb5_principal2salt(util_context, master_princ, &master_salt);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while calculating master key salt");
|
||
|
+ com_err(progname, retval, "while calculating master key salt");
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
|
||
|
retval = krb5_c_string_to_key(util_context, master_keyblock.enctype,
|
||
|
&pwd, &master_salt, &master_keyblock);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while transforming master key from password");
|
||
|
+ com_err(progname, retval, "while transforming master key from password");
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
|
||
|
@@ -256,28 +253,28 @@ master key name '%s'\n",
|
||
|
seed.data = master_keyblock.contents;
|
||
|
|
||
|
if ((retval = krb5_c_random_seed(util_context, &seed))) {
|
||
|
- com_err(argv[0], retval, "while initializing random key generator");
|
||
|
+ com_err(progname, retval, "while initializing random key generator");
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
if ((retval = krb5_db_create(util_context,
|
||
|
db5util_db_args))) {
|
||
|
- com_err(argv[0], retval, "while creating database '%s'",
|
||
|
+ com_err(progname, retval, "while creating database '%s'",
|
||
|
global_params.dbname);
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
/* if ((retval = krb5_db_fini(util_context))) { */
|
||
|
-/* com_err(argv[0], retval, "while closing current database"); */
|
||
|
+/* com_err(progname, retval, "while closing current database"); */
|
||
|
/* exit_status++; return; */
|
||
|
/* } */
|
||
|
/* if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) { */
|
||
|
-/* com_err(argv[0], retval, "while initializing the database '%s'", */
|
||
|
+/* com_err(progname, retval, "while initializing the database '%s'", */
|
||
|
/* global_params.dbname); */
|
||
|
/* exit_status++; return; */
|
||
|
/* } */
|
||
|
if ((retval = add_principal(util_context, master_princ, MASTER_KEY, &rblock)) ||
|
||
|
(retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
|
||
|
(void) krb5_db_fini(util_context);
|
||
|
- com_err(argv[0], retval, "while adding entries to the database");
|
||
|
+ com_err(progname, retval, "while adding entries to the database");
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
/*
|
||
|
@@ -291,7 +288,7 @@ master key name '%s'\n",
|
||
|
&master_keyblock,
|
||
|
mkey_password);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], errno, "while storing key");
|
||
|
+ com_err(progname, errno, "while storing key");
|
||
|
printf("Warning: couldn't stash master key.\n");
|
||
|
}
|
||
|
/* clean up */
|
||
|
Index: src/kadmin/dbutil/kdb5_util.c
|
||
|
===================================================================
|
||
|
--- src/kadmin/dbutil/kdb5_util.c.orig
|
||
|
+++ src/kadmin/dbutil/kdb5_util.c
|
||
|
@@ -186,16 +186,18 @@ int main(argc, argv)
|
||
|
|
||
|
set_com_err_hook(extended_com_err_fn);
|
||
|
|
||
|
+ /*
|
||
|
+ * Ensure that "progname" is set before calling com_err.
|
||
|
+ */
|
||
|
+ progname = (strrchr(argv[0], '/') ?
|
||
|
+ strrchr(argv[0], '/') + 1 : argv[0]);
|
||
|
+
|
||
|
retval = kadm5_init_krb5_context(&util_context);
|
||
|
if (retval) {
|
||
|
com_err (progname, retval, "while initializing Kerberos code");
|
||
|
exit(1);
|
||
|
}
|
||
|
|
||
|
-/* initialize_adb_error_table(); */
|
||
|
-
|
||
|
- progname = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]);
|
||
|
-
|
||
|
cmd_argv = (char **) malloc(sizeof(char *)*argc);
|
||
|
if (cmd_argv == NULL) {
|
||
|
com_err(progname, ENOMEM, "while creating sub-command arguments");
|
||
|
@@ -245,7 +247,7 @@ int main(argc, argv)
|
||
|
}
|
||
|
} else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
|
||
|
if (krb5_string_to_enctype(koptarg, &global_params.enctype))
|
||
|
- com_err(argv[0], 0, "%s is an invalid enctype", koptarg);
|
||
|
+ com_err(progname, 0, "%s is an invalid enctype", koptarg);
|
||
|
else
|
||
|
global_params.mask |= KADM5_CONFIG_ENCTYPE;
|
||
|
} else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
|
||
|
@@ -287,7 +289,7 @@ int main(argc, argv)
|
||
|
retval = kadm5_get_config_params(util_context, 1,
|
||
|
&global_params, &global_params);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while retreiving configuration parameters");
|
||
|
+ com_err(progname, retval, "while retreiving configuration parameters");
|
||
|
exit(1);
|
||
|
}
|
||
|
|
||
|
@@ -300,7 +302,7 @@ int main(argc, argv)
|
||
|
master_keyblock.enctype = global_params.enctype;
|
||
|
if ((master_keyblock.enctype != ENCTYPE_UNKNOWN) &&
|
||
|
(!krb5_c_valid_enctype(master_keyblock.enctype))) {
|
||
|
- com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
|
||
|
+ com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
|
||
|
"while setting up enctype %d", master_keyblock.enctype);
|
||
|
}
|
||
|
|
||
|
@@ -334,13 +336,13 @@ void set_dbname(argc, argv)
|
||
|
|
||
|
if (argc < 3) {
|
||
|
com_err(argv[0], 0, "Too few arguments");
|
||
|
- com_err(argv[0], 0, "Usage: %s dbpathname realmname", argv[0]);
|
||
|
+ com_err(progname, 0, "Usage: %s dbpathname realmname", argv[0]);
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
if (dbactive) {
|
||
|
if ((retval = krb5_db_fini(util_context)) && retval!= KRB5_KDB_DBNOTINITED) {
|
||
|
- com_err(argv[0], retval, "while closing previous database");
|
||
|
+ com_err(progname, retval, "while closing previous database");
|
||
|
exit_status++;
|
||
|
return;
|
||
|
}
|
||
|
@@ -353,7 +355,7 @@ void set_dbname(argc, argv)
|
||
|
dbactive = FALSE;
|
||
|
}
|
||
|
|
||
|
- (void) set_dbname_help(argv[0], argv[1]);
|
||
|
+ (void) set_dbname_help(progname, argv[1]);
|
||
|
return;
|
||
|
}
|
||
|
#endif
|
||
|
@@ -425,6 +427,7 @@ static int open_db_and_mkey()
|
||
|
retval = krb5_principal2salt(util_context, master_princ, &scratch);
|
||
|
if (retval) {
|
||
|
com_err(progname, retval, "while calculated master key salt");
|
||
|
+ exit_status++;
|
||
|
return(1);
|
||
|
}
|
||
|
|
||
|
@@ -442,6 +445,7 @@ static int open_db_and_mkey()
|
||
|
if (retval) {
|
||
|
com_err(progname, retval,
|
||
|
"while transforming master key from password");
|
||
|
+ exit_status++;
|
||
|
return(1);
|
||
|
}
|
||
|
free(scratch.data);
|
||
|
@@ -519,7 +523,7 @@ add_random_key(argc, argv)
|
||
|
krb5_int32 num_keysalts = 0;
|
||
|
|
||
|
int free_keysalts;
|
||
|
- char *me = argv[0];
|
||
|
+ char *me = progname;
|
||
|
char *ks_str = NULL;
|
||
|
char *pr_str;
|
||
|
|
||
|
Index: src/kadmin/dbutil/kdb5_stash.c
|
||
|
===================================================================
|
||
|
--- src/kadmin/dbutil/kdb5_stash.c.orig
|
||
|
+++ src/kadmin/dbutil/kdb5_stash.c
|
||
|
@@ -82,19 +82,16 @@ kdb5_stash(argc, argv)
|
||
|
char *keyfile = 0;
|
||
|
krb5_context context;
|
||
|
|
||
|
- if (strrchr(argv[0], '/'))
|
||
|
- argv[0] = strrchr(argv[0], '/')+1;
|
||
|
-
|
||
|
retval = kadm5_init_krb5_context(&context);
|
||
|
if( retval )
|
||
|
{
|
||
|
- com_err(argv[0], retval, "while initializing krb5_context");
|
||
|
+ com_err(progname, retval, "while initializing krb5_context");
|
||
|
exit(1);
|
||
|
}
|
||
|
|
||
|
if ((retval = krb5_set_default_realm(context,
|
||
|
util_context->default_realm))) {
|
||
|
- com_err(argv[0], retval, "while setting default realm name");
|
||
|
+ com_err(progname, retval, "while setting default realm name");
|
||
|
exit(1);
|
||
|
}
|
||
|
|
||
|
@@ -119,10 +116,10 @@ kdb5_stash(argc, argv)
|
||
|
if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
|
||
|
char tmp[32];
|
||
|
if (krb5_enctype_to_string(master_keyblock.enctype, tmp, sizeof(tmp)))
|
||
|
- com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
|
||
|
+ com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
|
||
|
"while setting up enctype %d", master_keyblock.enctype);
|
||
|
else
|
||
|
- com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, tmp);
|
||
|
+ com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, tmp);
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
|
||
|
@@ -130,14 +127,14 @@ kdb5_stash(argc, argv)
|
||
|
retval = krb5_db_setup_mkey_name(context, mkey_name, realm,
|
||
|
&mkey_fullname, &master_princ);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while setting up master key name");
|
||
|
+ com_err(progname, retval, "while setting up master key name");
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
|
||
|
retval = krb5_db_open(context, db5util_db_args,
|
||
|
KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while initializing the database '%s'",
|
||
|
+ com_err(progname, retval, "while initializing the database '%s'",
|
||
|
dbname);
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
@@ -148,7 +145,7 @@ kdb5_stash(argc, argv)
|
||
|
TRUE, FALSE, (char *) NULL,
|
||
|
0, &master_keyblock);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while reading master key");
|
||
|
+ com_err(progname, retval, "while reading master key");
|
||
|
(void) krb5_db_fini(context);
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
@@ -156,7 +153,7 @@ kdb5_stash(argc, argv)
|
||
|
retval = krb5_db_verify_master_key(context, master_princ,
|
||
|
&master_keyblock);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "while verifying master key");
|
||
|
+ com_err(progname, retval, "while verifying master key");
|
||
|
(void) krb5_db_fini(context);
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
@@ -164,7 +161,7 @@ kdb5_stash(argc, argv)
|
||
|
retval = krb5_db_store_master_key(context, keyfile, master_princ,
|
||
|
&master_keyblock, NULL);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], errno, "while storing key");
|
||
|
+ com_err(progname, errno, "while storing key");
|
||
|
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
|
||
|
(void) krb5_db_fini(context);
|
||
|
exit_status++; return;
|
||
|
@@ -173,7 +170,7 @@ kdb5_stash(argc, argv)
|
||
|
|
||
|
retval = krb5_db_fini(context);
|
||
|
if (retval) {
|
||
|
- com_err(argv[0], retval, "closing database '%s'", dbname);
|
||
|
+ com_err(progname, retval, "closing database '%s'", dbname);
|
||
|
exit_status++; return;
|
||
|
}
|
||
|
|
||
|
Index: src/kadmin/cli/kadmin.M
|
||
|
===================================================================
|
||
|
--- src/kadmin/cli/kadmin.M.orig
|
||
|
+++ src/kadmin/cli/kadmin.M
|
||
|
@@ -206,12 +206,12 @@ Specifying "ago" in a duration may resul
|
||
|
creates the principal
|
||
|
.IR newprinc ,
|
||
|
prompting twice for a password. If no policy is specified with the
|
||
|
--policy option, and the policy named "default" exists, then that
|
||
|
+\-policy option, and the policy named "default" exists, then that
|
||
|
policy is assigned to the principal; note that the assignment of the
|
||
|
policy "default" only occurs automatically when a principal is first
|
||
|
created, so the policy "default" must already exist for the assignment
|
||
|
to occur. This assignment of "default" can be suppressed with the
|
||
|
--clearpolicy option. This command requires the
|
||
|
+\-clearpolicy option. This command requires the
|
||
|
.I add
|
||
|
privilege. This command has the aliases
|
||
|
.B addprinc
|
||
|
@@ -411,7 +411,7 @@ Re-enter password for principal tlyu/adm
|
||
|
Principal "tlyu/admin@BLEEP.COM" created.
|
||
|
kadmin:
|
||
|
|
||
|
-kadmin: addprinc -x dn=cn=mwm_user,o=org mwm_user
|
||
|
+kadmin: addprinc \-x dn=cn=mwm_user,o=org mwm_user
|
||
|
WARNING: no policy specified for "mwm_user@BLEEP.COM";
|
||
|
defaulting to no policy.
|
||
|
Enter password for principal mwm_user@BLEEP.COM:
|
||
|
@@ -639,7 +639,7 @@ sets the number of past keys kept for a
|
||
|
.nf
|
||
|
.TP
|
||
|
EXAMPLES:
|
||
|
-kadmin: add_policy -maxlife "2 days" -minlength 5 guests
|
||
|
+kadmin: add_policy \-maxlife "2 days" \-minlength 5 guests
|
||
|
kadmin:
|
||
|
.TP
|
||
|
ERRORS:
|
||
|
Index: src/lib/crypto/enc_provider/aes.c
|
||
|
===================================================================
|
||
|
--- src/lib/crypto/enc_provider/aes.c.orig
|
||
|
+++ src/lib/crypto/enc_provider/aes.c
|
||
|
@@ -1,3 +1,29 @@
|
||
|
+/*
|
||
|
+ * lib/crypto/enc_provider/aes.h
|
||
|
+ *
|
||
|
+ * Copyright (C) 2003, 2007 by the Massachusetts Institute of Technology.
|
||
|
+ * All rights reserved.
|
||
|
+ *
|
||
|
+ * Export of this software from the United States of America may
|
||
|
+ * require a specific license from the United States Government.
|
||
|
+ * It is the responsibility of any person or organization contemplating
|
||
|
+ * export to obtain such a license before exporting.
|
||
|
+ *
|
||
|
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
||
|
+ * distribute this software and its documentation for any purpose and
|
||
|
+ * without fee is hereby granted, provided that the above copyright
|
||
|
+ * notice appear in all copies and that both that copyright notice and
|
||
|
+ * this permission notice appear in supporting documentation, and that
|
||
|
+ * the name of M.I.T. not be used in advertising or publicity pertaining
|
||
|
+ * to distribution of the software without specific, written prior
|
||
|
+ * permission. Furthermore if you modify this software you must label
|
||
|
+ * your software as modified software and not distribute it in such a
|
||
|
+ * fashion that it might be confused with the original M.I.T. software.
|
||
|
+ * M.I.T. makes no representations about the suitability of
|
||
|
+ * this software for any purpose. It is provided "as is" without express
|
||
|
+ * or implied warranty.
|
||
|
+ */
|
||
|
+
|
||
|
#include "k5-int.h"
|
||
|
#include "enc_provider.h"
|
||
|
#include "aes.h"
|
||
|
Index: src/lib/rpc/auth_gssapi.c
|
||
|
===================================================================
|
||
|
--- src/lib/rpc/auth_gssapi.c.orig
|
||
|
+++ src/lib/rpc/auth_gssapi.c
|
||
|
@@ -164,6 +164,11 @@ AUTH *auth_gssapi_create(
|
||
|
auth = (AUTH *) malloc(sizeof(*auth));
|
||
|
pdata = (struct auth_gssapi_data *) malloc(sizeof(*pdata));
|
||
|
if (auth == NULL || pdata == NULL) {
|
||
|
+ /* They needn't both have failed; clean up. */
|
||
|
+ free(auth);
|
||
|
+ free(pdata);
|
||
|
+ auth = NULL;
|
||
|
+ pdata = NULL;
|
||
|
rpc_createerr.cf_stat = RPC_SYSTEMERROR;
|
||
|
rpc_createerr.cf_error.re_errno = ENOMEM;
|
||
|
goto cleanup;
|
||
|
@@ -436,12 +441,14 @@ next_token:
|
||
|
|
||
|
cleanup:
|
||
|
PRINTF(("gssapi_create: bailing\n\n"));
|
||
|
-
|
||
|
- if (AUTH_PRIVATE(auth))
|
||
|
- auth_gssapi_destroy(auth);
|
||
|
- else if (auth)
|
||
|
- free(auth);
|
||
|
- auth = NULL;
|
||
|
+
|
||
|
+ if (auth) {
|
||
|
+ if (AUTH_PRIVATE(auth))
|
||
|
+ auth_gssapi_destroy(auth);
|
||
|
+ else
|
||
|
+ free(auth);
|
||
|
+ auth = NULL;
|
||
|
+ }
|
||
|
|
||
|
/* don't assume the caller will want to change clnt->cl_auth */
|
||
|
clnt->cl_auth = save_auth;
|
||
|
Index: src/lib/gssapi/krb5/lucid_context.c
|
||
|
===================================================================
|
||
|
--- src/lib/gssapi/krb5/lucid_context.c.orig
|
||
|
+++ src/lib/gssapi/krb5/lucid_context.c
|
||
|
@@ -231,7 +231,7 @@ make_external_lucid_ctx_v1(
|
||
|
&lctx->cfx_kd.ctx_key)))
|
||
|
goto error_out;
|
||
|
if (gctx->have_acceptor_subkey) {
|
||
|
- if ((retval = copy_keyblock_to_lucid_key(gctx->enc,
|
||
|
+ if ((retval = copy_keyblock_to_lucid_key(gctx->acceptor_subkey,
|
||
|
&lctx->cfx_kd.acceptor_subkey)))
|
||
|
goto error_out;
|
||
|
lctx->cfx_kd.have_acceptor_subkey = 1;
|
||
|
Index: src/lib/kadm5/str_conv.c
|
||
|
===================================================================
|
||
|
--- src/lib/kadm5/str_conv.c.orig
|
||
|
+++ src/lib/kadm5/str_conv.c
|
||
|
@@ -310,7 +310,7 @@ krb5_string_to_keysalts(string, tuplesep
|
||
|
septmp = ksseplist;
|
||
|
for (sp = strchr(kp, (int) *septmp);
|
||
|
*(++septmp) && !sp;
|
||
|
- ep = strchr(kp, (int) *septmp));
|
||
|
+ sp = strchr(kp, (int) *septmp));
|
||
|
|
||
|
if (sp) {
|
||
|
/* Separate enctype from salttype */
|
||
|
Index: src/lib/krb5/keytab/kt_file.c
|
||
|
===================================================================
|
||
|
--- src/lib/krb5/keytab/kt_file.c.orig
|
||
|
+++ src/lib/krb5/keytab/kt_file.c
|
||
|
@@ -53,10 +53,30 @@ typedef struct _krb5_ktfile_data {
|
||
|
FILE *openf; /* open file, if any. */
|
||
|
char iobuf[BUFSIZ]; /* so we can zap it later */
|
||
|
int version; /* Version number of keytab */
|
||
|
+ unsigned int iter_count; /* Number of active iterators */
|
||
|
+ long start_offset; /* Starting offset after version */
|
||
|
k5_mutex_t lock; /* Protect openf, version */
|
||
|
} krb5_ktfile_data;
|
||
|
|
||
|
/*
|
||
|
+ * Some limitations:
|
||
|
+ *
|
||
|
+ * If the file OPENF is left open between calls, we have an iterator
|
||
|
+ * active, and OPENF is opened in read-only mode. So, no changes
|
||
|
+ * can be made via that handle.
|
||
|
+ *
|
||
|
+ * An advisory file lock is used while the file is open. Thus,
|
||
|
+ * multiple handles on the same underlying file cannot be used without
|
||
|
+ * disrupting the locking in effect.
|
||
|
+ *
|
||
|
+ * The start_offset field is only valid if the file is open. It will
|
||
|
+ * almost certainly always be the same constant. It's used so that
|
||
|
+ * if an iterator is active, and we start another one, we don't have
|
||
|
+ * to seek back to the start and re-read the version number to set
|
||
|
+ * the position for the iterator.
|
||
|
+ */
|
||
|
+
|
||
|
+/*
|
||
|
* Macros
|
||
|
*/
|
||
|
#define KTPRIVATE(id) ((krb5_ktfile_data *)(id)->data)
|
||
|
@@ -64,6 +84,8 @@ typedef struct _krb5_ktfile_data {
|
||
|
#define KTFILEP(id) (((krb5_ktfile_data *)(id)->data)->openf)
|
||
|
#define KTFILEBUFP(id) (((krb5_ktfile_data *)(id)->data)->iobuf)
|
||
|
#define KTVERSION(id) (((krb5_ktfile_data *)(id)->data)->version)
|
||
|
+#define KTITERS(id) (((krb5_ktfile_data *)(id)->data)->iter_count)
|
||
|
+#define KTSTARTOFF(id) (((krb5_ktfile_data *)(id)->data)->start_offset)
|
||
|
#define KTLOCK(id) k5_mutex_lock(&((krb5_ktfile_data *)(id)->data)->lock)
|
||
|
#define KTUNLOCK(id) k5_mutex_unlock(&((krb5_ktfile_data *)(id)->data)->lock)
|
||
|
#define KTCHECKLOCK(id) k5_mutex_assert_locked(&((krb5_ktfile_data *)(id)->data)->lock)
|
||
|
@@ -208,6 +230,7 @@ krb5_ktfile_resolve(krb5_context context
|
||
|
(void) strcpy(data->name, name);
|
||
|
data->openf = 0;
|
||
|
data->version = 0;
|
||
|
+ data->iter_count = 0;
|
||
|
|
||
|
(*id)->data = (krb5_pointer)data;
|
||
|
(*id)->magic = KV5M_KEYTAB;
|
||
|
@@ -255,15 +278,27 @@ krb5_ktfile_get_entry(krb5_context conte
|
||
|
int found_wrong_kvno = 0;
|
||
|
krb5_boolean similar;
|
||
|
int kvno_offset = 0;
|
||
|
+ int was_open;
|
||
|
|
||
|
kerror = KTLOCK(id);
|
||
|
if (kerror)
|
||
|
return kerror;
|
||
|
|
||
|
- /* Open the keyfile for reading */
|
||
|
- if ((kerror = krb5_ktfileint_openr(context, id))) {
|
||
|
- KTUNLOCK(id);
|
||
|
- return(kerror);
|
||
|
+ if (KTFILEP(id) != NULL) {
|
||
|
+ was_open = 1;
|
||
|
+
|
||
|
+ if (fseek(KTFILEP(id), KTSTARTOFF(id), SEEK_SET) == -1) {
|
||
|
+ KTUNLOCK(id);
|
||
|
+ return errno;
|
||
|
+ }
|
||
|
+ } else {
|
||
|
+ was_open = 0;
|
||
|
+
|
||
|
+ /* Open the keyfile for reading */
|
||
|
+ if ((kerror = krb5_ktfileint_openr(context, id))) {
|
||
|
+ KTUNLOCK(id);
|
||
|
+ return(kerror);
|
||
|
+ }
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
@@ -370,12 +405,13 @@ krb5_ktfile_get_entry(krb5_context conte
|
||
|
kerror = KRB5_KT_NOTFOUND;
|
||
|
}
|
||
|
if (kerror) {
|
||
|
- (void) krb5_ktfileint_close(context, id);
|
||
|
+ if (was_open == 0)
|
||
|
+ (void) krb5_ktfileint_close(context, id);
|
||
|
KTUNLOCK(id);
|
||
|
krb5_kt_free_entry(context, &cur_entry);
|
||
|
return kerror;
|
||
|
}
|
||
|
- if ((kerror = krb5_ktfileint_close(context, id)) != 0) {
|
||
|
+ if (was_open == 0 && (kerror = krb5_ktfileint_close(context, id)) != 0) {
|
||
|
KTUNLOCK(id);
|
||
|
krb5_kt_free_entry(context, &cur_entry);
|
||
|
return kerror;
|
||
|
@@ -430,18 +466,30 @@ krb5_ktfile_start_seq_get(krb5_context c
|
||
|
if (retval)
|
||
|
return retval;
|
||
|
|
||
|
- if ((retval = krb5_ktfileint_openr(context, id))) {
|
||
|
- KTUNLOCK(id);
|
||
|
- return retval;
|
||
|
+ if (KTITERS(id) == 0) {
|
||
|
+ if ((retval = krb5_ktfileint_openr(context, id))) {
|
||
|
+ KTUNLOCK(id);
|
||
|
+ return retval;
|
||
|
+ }
|
||
|
}
|
||
|
|
||
|
if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) {
|
||
|
- krb5_ktfileint_close(context, id);
|
||
|
+ if (KTITERS(id) == 0)
|
||
|
+ krb5_ktfileint_close(context, id);
|
||
|
KTUNLOCK(id);
|
||
|
return ENOMEM;
|
||
|
}
|
||
|
- *fileoff = ftell(KTFILEP(id));
|
||
|
+ *fileoff = KTSTARTOFF(id);
|
||
|
*cursorp = (krb5_kt_cursor)fileoff;
|
||
|
+ KTITERS(id)++;
|
||
|
+ if (KTITERS(id) == 0) {
|
||
|
+ /* Wrapped?! */
|
||
|
+ KTITERS(id)--;
|
||
|
+ KTUNLOCK(id);
|
||
|
+ krb5_set_error_message(context, KRB5_KT_IOERR,
|
||
|
+ "Too many keytab iterators active");
|
||
|
+ return KRB5_KT_IOERR; /* XXX */
|
||
|
+ }
|
||
|
KTUNLOCK(id);
|
||
|
|
||
|
return 0;
|
||
|
@@ -490,7 +538,11 @@ krb5_ktfile_end_get(krb5_context context
|
||
|
|
||
|
krb5_xfree(*cursor);
|
||
|
KTLOCK(id);
|
||
|
- kerror = krb5_ktfileint_close(context, id);
|
||
|
+ KTITERS(id)--;
|
||
|
+ if (KTFILEP(id) != NULL && KTITERS(id) == 0)
|
||
|
+ kerror = krb5_ktfileint_close(context, id);
|
||
|
+ else
|
||
|
+ kerror = 0;
|
||
|
KTUNLOCK(id);
|
||
|
return kerror;
|
||
|
}
|
||
|
@@ -811,6 +863,7 @@ krb5_ktfile_wresolve(krb5_context contex
|
||
|
(void) strcpy(data->name, name);
|
||
|
data->openf = 0;
|
||
|
data->version = 0;
|
||
|
+ data->iter_count = 0;
|
||
|
|
||
|
(*id)->data = (krb5_pointer)data;
|
||
|
(*id)->magic = KV5M_KEYTAB;
|
||
|
@@ -830,6 +883,13 @@ krb5_ktfile_add(krb5_context context, kr
|
||
|
retval = KTLOCK(id);
|
||
|
if (retval)
|
||
|
return retval;
|
||
|
+ if (KTFILEP(id)) {
|
||
|
+ /* Iterator(s) active -- no changes. */
|
||
|
+ KTUNLOCK(id);
|
||
|
+ krb5_set_error_message(context, KRB5_KT_IOERR,
|
||
|
+ "Cannot change keytab with keytab iterators active");
|
||
|
+ return KRB5_KT_IOERR; /* XXX */
|
||
|
+ }
|
||
|
if ((retval = krb5_ktfileint_openw(context, id))) {
|
||
|
KTUNLOCK(id);
|
||
|
return retval;
|
||
|
@@ -858,6 +918,13 @@ krb5_ktfile_remove(krb5_context context,
|
||
|
kerror = KTLOCK(id);
|
||
|
if (kerror)
|
||
|
return kerror;
|
||
|
+ if (KTFILEP(id)) {
|
||
|
+ /* Iterator(s) active -- no changes. */
|
||
|
+ KTUNLOCK(id);
|
||
|
+ krb5_set_error_message(context, KRB5_KT_IOERR,
|
||
|
+ "Cannot change keytab with keytab iterators active");
|
||
|
+ return KRB5_KT_IOERR; /* XXX */
|
||
|
+ }
|
||
|
|
||
|
if ((kerror = krb5_ktfileint_openw(context, id))) {
|
||
|
KTUNLOCK(id);
|
||
|
@@ -1114,6 +1181,7 @@ krb5_ktfileint_open(krb5_context context
|
||
|
return KRB5_KEYTAB_BADVNO;
|
||
|
}
|
||
|
}
|
||
|
+ KTSTARTOFF(id) = ftell(KTFILEP(id));
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
@@ -1424,7 +1492,7 @@ krb5_ktfileint_write_entry(krb5_context
|
||
|
krb5_timestamp timestamp;
|
||
|
krb5_int32 princ_type;
|
||
|
krb5_int32 size_needed;
|
||
|
- krb5_int32 commit_point;
|
||
|
+ krb5_int32 commit_point = -1;
|
||
|
int i;
|
||
|
|
||
|
KTCHECKLOCK(id);
|
||
|
Index: src/lib/krb5/os/toffset.c
|
||
|
===================================================================
|
||
|
--- src/lib/krb5/os/toffset.c.orig
|
||
|
+++ src/lib/krb5/os/toffset.c
|
||
|
@@ -34,6 +34,9 @@
|
||
|
* routines will return the correct time as corrected by difference
|
||
|
* between the system time and the "real time" as passed to this
|
||
|
* routine
|
||
|
+ *
|
||
|
+ * If the real time microseconds are given as -1 the caller doesn't
|
||
|
+ * know the microseconds value so the usec offset is always zero.
|
||
|
*/
|
||
|
krb5_error_code KRB5_CALLCONV
|
||
|
krb5_set_real_time(krb5_context context, krb5_timestamp seconds, krb5_int32 microseconds)
|
||
|
@@ -45,8 +48,10 @@ krb5_set_real_time(krb5_context context,
|
||
|
retval = krb5_crypto_us_timeofday(&sec, &usec);
|
||
|
if (retval)
|
||
|
return retval;
|
||
|
+
|
||
|
os_ctx->time_offset = seconds - sec;
|
||
|
- os_ctx->usec_offset = microseconds - usec;
|
||
|
+ os_ctx->usec_offset = (microseconds > -1) ? microseconds - usec : 0;
|
||
|
+
|
||
|
os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
|
||
|
KRB5_OS_TOFFSET_VALID);
|
||
|
return 0;
|
||
|
Index: src/lib/krb5/os/locate_kdc.c
|
||
|
===================================================================
|
||
|
--- src/lib/krb5/os/locate_kdc.c.orig
|
||
|
+++ src/lib/krb5/os/locate_kdc.c
|
||
|
@@ -611,6 +611,7 @@ module_locate_server (krb5_context ctx,
|
||
|
krb5_error_code code;
|
||
|
struct krb5plugin_service_locate_ftable *vtbl = NULL;
|
||
|
void **ptrs;
|
||
|
+ char *realmz; /* NUL-terminated realm */
|
||
|
int i;
|
||
|
struct module_callback_data cbdata = { 0, };
|
||
|
|
||
|
@@ -632,6 +633,17 @@ module_locate_server (krb5_context ctx,
|
||
|
return KRB5_PLUGIN_NO_HANDLE;
|
||
|
}
|
||
|
|
||
|
+ if (realm->length >= UINT_MAX) {
|
||
|
+ krb5int_free_plugin_dir_data(ptrs);
|
||
|
+ return ENOMEM;
|
||
|
+ }
|
||
|
+ realmz = malloc(realm->length + 1);
|
||
|
+ if (realmz == NULL) {
|
||
|
+ krb5int_free_plugin_dir_data(ptrs);
|
||
|
+ return ENOMEM;
|
||
|
+ }
|
||
|
+ memcpy(realmz, realm->data, realm->length);
|
||
|
+ realmz[realm->length] = '\0';
|
||
|
for (i = 0; ptrs[i]; i++) {
|
||
|
void *blob;
|
||
|
|
||
|
@@ -644,7 +656,7 @@ module_locate_server (krb5_context ctx,
|
||
|
if (code)
|
||
|
continue;
|
||
|
|
||
|
- code = vtbl->lookup(blob, svc, realm->data, socktype, family,
|
||
|
+ code = vtbl->lookup(blob, svc, realmz, socktype, family,
|
||
|
module_callback, &cbdata);
|
||
|
vtbl->fini(blob);
|
||
|
if (code == KRB5_PLUGIN_NO_HANDLE) {
|
||
|
@@ -657,6 +669,7 @@ module_locate_server (krb5_context ctx,
|
||
|
/* Module encountered an actual error. */
|
||
|
Tprintf("plugin lookup routine returned error %d: %s\n",
|
||
|
code, error_message(code));
|
||
|
+ free(realmz);
|
||
|
krb5int_free_plugin_dir_data (ptrs);
|
||
|
return code;
|
||
|
}
|
||
|
@@ -664,6 +677,7 @@ module_locate_server (krb5_context ctx,
|
||
|
}
|
||
|
if (ptrs[i] == NULL) {
|
||
|
Tprintf("ran off end of plugin list\n");
|
||
|
+ free(realmz);
|
||
|
krb5int_free_plugin_dir_data (ptrs);
|
||
|
return KRB5_PLUGIN_NO_HANDLE;
|
||
|
}
|
||
|
@@ -672,6 +686,7 @@ module_locate_server (krb5_context ctx,
|
||
|
/* Got something back, yippee. */
|
||
|
Tprintf("now have %d addrs in list %p\n", addrlist->naddrs, addrlist);
|
||
|
print_addrlist(addrlist);
|
||
|
+ free(realmz);
|
||
|
krb5int_free_plugin_dir_data (ptrs);
|
||
|
return 0;
|
||
|
}
|
||
|
Index: src/lib/krb5/rcache/rc_io.c
|
||
|
===================================================================
|
||
|
--- src/lib/krb5/rcache/rc_io.c.orig
|
||
|
+++ src/lib/krb5/rcache/rc_io.c
|
||
|
@@ -83,6 +83,7 @@ krb5_rc_io_creat(krb5_context context, k
|
||
|
(void) strcpy(d->fn, dir);
|
||
|
(void) strcat(d->fn, PATH_SEPARATOR);
|
||
|
(void) strcat(d->fn, *fn);
|
||
|
+ unlink(d->fn);
|
||
|
d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL |
|
||
|
O_BINARY, 0600);
|
||
|
}
|
||
|
@@ -425,7 +426,7 @@ krb5_rc_io_read(krb5_context context, kr
|
||
|
strerror(errno));
|
||
|
return KRB5_RC_IO_UNKNOWN;
|
||
|
}
|
||
|
- if (count == 0)
|
||
|
+ if (count != num)
|
||
|
return KRB5_RC_IO_EOF;
|
||
|
return 0;
|
||
|
}
|
||
|
Index: src/lib/krb5/ccache/cc_memory.c
|
||
|
===================================================================
|
||
|
--- src/lib/krb5/ccache/cc_memory.c.orig
|
||
|
+++ src/lib/krb5/ccache/cc_memory.c
|
||
|
@@ -135,10 +135,18 @@ krb5_error_code KRB5_CALLCONV
|
||
|
krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
|
||
|
{
|
||
|
krb5_error_code ret;
|
||
|
+ krb5_mcc_data *d;
|
||
|
+
|
||
|
+ d = (krb5_mcc_data *)id->data;
|
||
|
+ ret = k5_mutex_lock(&d->lock);
|
||
|
+ if (ret)
|
||
|
+ return ret;
|
||
|
|
||
|
krb5_mcc_free(context, id);
|
||
|
ret = krb5_copy_principal(context, princ,
|
||
|
&((krb5_mcc_data *)id->data)->prin);
|
||
|
+
|
||
|
+ k5_mutex_unlock(&d->lock);
|
||
|
if (ret == KRB5_OK)
|
||
|
krb5_change_cache();
|
||
|
return ret;
|
||
|
@@ -205,8 +213,13 @@ krb5_mcc_destroy(krb5_context context, k
|
||
|
}
|
||
|
k5_mutex_unlock(&krb5int_mcc_mutex);
|
||
|
|
||
|
+ err = k5_mutex_lock(&d->lock);
|
||
|
+ if (err)
|
||
|
+ return err;
|
||
|
+
|
||
|
krb5_mcc_free(context, id);
|
||
|
krb5_xfree(d->name);
|
||
|
+ k5_mutex_unlock(&d->lock);
|
||
|
k5_mutex_destroy(&d->lock);
|
||
|
krb5_xfree(d);
|
||
|
krb5_xfree(id);
|
||
|
@@ -244,12 +257,6 @@ krb5_mcc_resolve (krb5_context context,
|
||
|
krb5_error_code err;
|
||
|
krb5_mcc_data *d;
|
||
|
|
||
|
- lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
|
||
|
- if (lid == NULL)
|
||
|
- return KRB5_CC_NOMEM;
|
||
|
-
|
||
|
- lid->ops = &krb5_mcc_ops;
|
||
|
-
|
||
|
err = k5_mutex_lock(&krb5int_mcc_mutex);
|
||
|
if (err)
|
||
|
return err;
|
||
|
@@ -262,11 +269,16 @@ krb5_mcc_resolve (krb5_context context,
|
||
|
err = new_mcc_data(residual, &d);
|
||
|
if (err) {
|
||
|
k5_mutex_unlock(&krb5int_mcc_mutex);
|
||
|
- krb5_xfree(lid);
|
||
|
return err;
|
||
|
}
|
||
|
}
|
||
|
k5_mutex_unlock(&krb5int_mcc_mutex);
|
||
|
+
|
||
|
+ lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
|
||
|
+ if (lid == NULL)
|
||
|
+ return KRB5_CC_NOMEM;
|
||
|
+
|
||
|
+ lid->ops = &krb5_mcc_ops;
|
||
|
lid->data = d;
|
||
|
*id = lid;
|
||
|
return KRB5_OK;
|
||
|
Index: src/lib/krb5/ccache/ccdefault.c
|
||
|
===================================================================
|
||
|
--- src/lib/krb5/ccache/ccdefault.c.orig
|
||
|
+++ src/lib/krb5/ccache/ccdefault.c
|
||
|
@@ -1,7 +1,7 @@
|
||
|
/*
|
||
|
* lib/krb5/ccache/ccdefault.c
|
||
|
*
|
||
|
- * Copyright 1990 by the Massachusetts Institute of Technology.
|
||
|
+ * Copyright 1990, 2007, 2008 by the Massachusetts Institute of Technology.
|
||
|
* All Rights Reserved.
|
||
|
*
|
||
|
* Export of this software from the United States of America may
|
||
|
@@ -45,22 +45,30 @@ static HANDLE hLeashDLL = INVALID_HANDLE
|
||
|
krb5_error_code KRB5_CALLCONV
|
||
|
krb5_cc_default(krb5_context context, krb5_ccache *ccache)
|
||
|
{
|
||
|
- krb5_os_context os_ctx;
|
||
|
+ const char *default_name;
|
||
|
|
||
|
if (!context || context->magic != KV5M_CONTEXT)
|
||
|
return KV5M_CONTEXT;
|
||
|
+
|
||
|
+ default_name = krb5_cc_default_name(context);
|
||
|
+ if (default_name == NULL) {
|
||
|
+ /* Could be a bogus context, or an allocation failure, or
|
||
|
+ other things. Unfortunately the API doesn't allow us
|
||
|
+ to find out any specifics. */
|
||
|
+ return KRB5_FCC_INTERNAL;
|
||
|
+ }
|
||
|
|
||
|
- os_ctx = context->os_context;
|
||
|
-
|
||
|
- return krb5_cc_resolve(context, krb5_cc_default_name(context), ccache);
|
||
|
+ return krb5_cc_resolve(context, default_name, ccache);
|
||
|
}
|
||
|
|
||
|
-/* This is the internal function which opens the default ccache. On platforms supporting
|
||
|
- the login library's automatic popup dialog to get tickets, this function also updated the
|
||
|
- library's internal view of the current principal associated with this cache.
|
||
|
-
|
||
|
- All krb5 and GSS functions which need to open a cache to get a tgt to obtain service tickets
|
||
|
- should call this function, not krb5_cc_default() */
|
||
|
+/* This is the internal function which opens the default ccache. On
|
||
|
+ platforms supporting the login library's automatic popup dialog to
|
||
|
+ get tickets, this function also updated the library's internal view
|
||
|
+ of the current principal associated with this cache.
|
||
|
+
|
||
|
+ All krb5 and GSS functions which need to open a cache to get a tgt
|
||
|
+ to obtain service tickets should call this function, not
|
||
|
+ krb5_cc_default(). */
|
||
|
|
||
|
krb5_error_code KRB5_CALLCONV
|
||
|
krb5int_cc_default(krb5_context context, krb5_ccache *ccache)
|
||
|
@@ -82,7 +90,8 @@ krb5int_cc_default(krb5_context context,
|
||
|
/* This function tries to get tickets and put them in the specified
|
||
|
cache, however, if the cache does not exist, it may choose to put
|
||
|
them elsewhere (ie: the system default) so we set that here */
|
||
|
- if (strcmp (krb5_cc_default_name (context), outCacheName) != 0) {
|
||
|
+ char * ccdefname = krb5_cc_default_name (context);
|
||
|
+ if (!ccdefname || strcmp (ccdefname, outCacheName) != 0) {
|
||
|
krb5_cc_set_default_name (context, outCacheName);
|
||
|
}
|
||
|
KLDisposeString (outCacheName);
|
||
|
@@ -102,7 +111,8 @@ krb5int_cc_default(krb5_context context,
|
||
|
char ccname[256]="";
|
||
|
pLeash_AcquireInitialTicketsIfNeeded(context, NULL, ccname, sizeof(ccname));
|
||
|
if (ccname[0]) {
|
||
|
- if (strcmp (krb5_cc_default_name (context),ccname) != 0) {
|
||
|
+ char * ccdefname = krb5_cc_default_name (context);
|
||
|
+ if (!ccdefname || strcmp (ccdefname, ccname) != 0) {
|
||
|
krb5_cc_set_default_name (context, ccname);
|
||
|
}
|
||
|
}
|
||
|
Index: src/lib/krb5/krb/get_in_tkt.c
|
||
|
===================================================================
|
||
|
--- src/lib/krb5/krb/get_in_tkt.c.orig
|
||
|
+++ src/lib/krb5/krb/get_in_tkt.c
|
||
|
@@ -290,7 +290,7 @@ verify_as_reply(krb5_context context,
|
||
|
|
||
|
if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) {
|
||
|
retval = krb5_set_real_time(context,
|
||
|
- as_reply->enc_part2->times.authtime, 0);
|
||
|
+ as_reply->enc_part2->times.authtime, -1);
|
||
|
if (retval)
|
||
|
return retval;
|
||
|
} else {
|
||
|
Index: src/lib/krb5/krb/rd_safe.c
|
||
|
===================================================================
|
||
|
--- src/lib/krb5/krb/rd_safe.c.orig
|
||
|
+++ src/lib/krb5/krb/rd_safe.c
|
||
|
@@ -1,7 +1,7 @@
|
||
|
/*
|
||
|
* lib/krb5/krb/rd_safe.c
|
||
|
*
|
||
|
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
|
||
|
+ * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
|
||
|
* All Rights Reserved.
|
||
|
*
|
||
|
* Export of this software from the United States of America may
|
||
|
@@ -114,11 +114,11 @@ krb5_rd_safe_basic(krb5_context context,
|
||
|
|
||
|
message->checksum = &our_cksum;
|
||
|
|
||
|
- if ((retval = encode_krb5_safe_with_body(message, &safe_body, &scratch)))
|
||
|
+ retval = encode_krb5_safe_with_body(message, &safe_body, &scratch);
|
||
|
+ message->checksum = his_cksum;
|
||
|
+ if (retval)
|
||
|
goto cleanup;
|
||
|
|
||
|
- message->checksum = his_cksum;
|
||
|
-
|
||
|
retval = krb5_c_verify_checksum(context, keyblock,
|
||
|
KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
|
||
|
scratch, his_cksum, &valid);
|
||
|
Index: src/lib/krb5/krb/gc_via_tkt.c
|
||
|
===================================================================
|
||
|
--- src/lib/krb5/krb/gc_via_tkt.c.orig
|
||
|
+++ src/lib/krb5/krb/gc_via_tkt.c
|
||
|
@@ -1,7 +1,7 @@
|
||
|
/*
|
||
|
* lib/krb5/krb/gc_via_tgt.c
|
||
|
*
|
||
|
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
|
||
|
+ * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
|
||
|
* All Rights Reserved.
|
||
|
*
|
||
|
* Export of this software from the United States of America may
|
||
|
@@ -100,6 +100,7 @@ cleanup_keyblock:
|
||
|
|
||
|
cleanup:
|
||
|
free (*ppcreds);
|
||
|
+ *ppcreds = NULL;
|
||
|
return retval;
|
||
|
}
|
||
|
|
||
|
@@ -249,7 +250,8 @@ krb5_get_cred_via_tkt (krb5_context cont
|
||
|
switch (err_reply->error) {
|
||
|
case KRB_ERR_GENERIC:
|
||
|
krb5_set_error_message(context, retval,
|
||
|
- "KDC returned error string: %s",
|
||
|
+ "KDC returned error string: %.*s",
|
||
|
+ err_reply->text.length,
|
||
|
err_reply->text.data);
|
||
|
break;
|
||
|
default:
|
||
|
Index: src/slave/kpropd.M
|
||
|
===================================================================
|
||
|
--- src/slave/kpropd.M.orig
|
||
|
+++ src/slave/kpropd.M
|
||
|
@@ -122,7 +122,7 @@ mode.
|
||
|
.TP
|
||
|
.B \-a
|
||
|
allows the user to specify the path to the
|
||
|
-.KR kpropd.acl
|
||
|
+kpropd.acl
|
||
|
file; by default the path used is KPROPD_ACL_FILE
|
||
|
(normally @manlocalstatedir@/krb5kdc/kpropd.acl).
|
||
|
.SH FILES
|
||
|
Index: src/util/depfix.pl
|
||
|
===================================================================
|
||
|
--- src/util/depfix.pl.orig
|
||
|
+++ src/util/depfix.pl
|
||
|
@@ -214,6 +214,7 @@ my $buf = '';
|
||
|
while (<STDIN>) {
|
||
|
# Strip newline.
|
||
|
chop;
|
||
|
+ next if /^\s*#/;
|
||
|
# Do directory-specific path substitutions on each filename read.
|
||
|
$_ = &do_subs($_);
|
||
|
if (m/\\$/) {
|
||
|
Index: src/util/profile/prof_init.c
|
||
|
===================================================================
|
||
|
--- src/util/profile/prof_init.c.orig
|
||
|
+++ src/util/profile/prof_init.c
|
||
|
@@ -34,8 +34,11 @@ profile_init(const_profile_filespec_t *f
|
||
|
memset(profile, 0, sizeof(struct _profile_t));
|
||
|
profile->magic = PROF_MAGIC_PROFILE;
|
||
|
|
||
|
- /* if the filenames list is not specified return an empty profile */
|
||
|
- if ( files ) {
|
||
|
+ /*
|
||
|
+ * If the filenames list is not specified or empty, return an empty
|
||
|
+ * profile.
|
||
|
+ */
|
||
|
+ if ( files && !PROFILE_LAST_FILESPEC(*files) ) {
|
||
|
for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) {
|
||
|
retval = profile_open_file(*fs, &new_file);
|
||
|
/* if this file is missing, skip to the next */
|