rpm/krb5
SHA256
1
0
Fork 0
forked from pool/krb5
Code Pull Requests Activity
a10696fea1
krb5/krb5-1.6.3-post.dif

3057 lines
103 KiB
Plaintext
Raw Blame History

Index: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
===================================================================
--- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c.orig
+++ src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
@@ -303,6 +303,11 @@ int main(argc, argv)
krb5_boolean realm_name_required = TRUE;
krb5_boolean print_help_message = FALSE;
+ /*
+ * Ensure that "progname" is set before calling com_err.
+ */
+ progname = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]);
+
retval = krb5_init_context(&util_context);
set_com_err_hook(extended_com_err_fn);
if (retval) {
@@ -311,8 +316,6 @@ int main(argc, argv)
goto cleanup;
}
- progname = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]);
-
cmd_argv = (char **) malloc(sizeof(char *)*argc);
if (cmd_argv == NULL) {
com_err(progname, ENOMEM, "while creating sub-command arguments");
@@ -344,7 +347,7 @@ int main(argc, argv)
}
} else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
if (krb5_string_to_enctype(koptarg, &global_params.enctype))
- com_err(argv[0], 0, "%s is an invalid enctype", koptarg);
+ com_err(progname, 0, "%s is an invalid enctype", koptarg);
else
global_params.mask |= KADM5_CONFIG_ENCTYPE;
} else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
@@ -466,7 +469,7 @@ int main(argc, argv)
retval = kadm5_get_config_params(util_context, 1,
&global_params, &global_params);
if (retval) {
- com_err(argv[0], retval, "while retreiving configuration parameters");
+ com_err(progname, retval, "while retreiving configuration parameters");
exit_status++;
goto cleanup;
}
@@ -474,7 +477,7 @@ int main(argc, argv)
}
if ((retval = krb5_ldap_lib_init()) != 0) {
- com_err(argv[0], retval, "while initializing error handling");
+ com_err(progname, retval, "while initializing error handling");
exit_status++;
goto cleanup;
}
@@ -482,7 +485,7 @@ int main(argc, argv)
/* Initialize the ldap context */
ldap_context = calloc(sizeof(krb5_ldap_context), 1);
if (ldap_context == NULL) {
- com_err(argv[0], ENOMEM, "while initializing ldap handle");
+ com_err(progname, ENOMEM, "while initializing ldap handle");
exit_status++;
goto cleanup;
}
@@ -495,7 +498,7 @@ int main(argc, argv)
if (passwd == NULL) {
passwd = (char *)malloc(MAX_PASSWD_LEN);
if (passwd == NULL) {
- com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
+ com_err(progname, ENOMEM, "while retrieving ldap configuration");
exit_status++;
goto cleanup;
}
@@ -503,7 +506,7 @@ int main(argc, argv)
if (prompt == NULL) {
free(passwd);
passwd = NULL;
- com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
+ com_err(progname, ENOMEM, "while retrieving ldap configuration");
exit_status++;
goto cleanup;
}
@@ -514,7 +517,7 @@ int main(argc, argv)
db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len);
if ((db_retval) || (passwd_len == 0)) {
- com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
+ com_err(progname, ENOMEM, "while retrieving ldap configuration");
free(passwd);
passwd = NULL;
exit_status++;
@@ -530,14 +533,14 @@ int main(argc, argv)
ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;
if (ldap_context->server_info_list == NULL) {
- com_err(argv[0], ENOMEM, "while initializing server list");
+ com_err(progname, ENOMEM, "while initializing server list");
exit_status++;
goto cleanup;
}
ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
if (ldap_context->server_info_list[0] == NULL) {
- com_err(argv[0], ENOMEM, "while initializing server list");
+ com_err(progname, ENOMEM, "while initializing server list");
exit_status++;
goto cleanup;
}
@@ -546,7 +549,7 @@ int main(argc, argv)
ldap_context->server_info_list[0]->server_name = strdup(ldap_server);
if (ldap_context->server_info_list[0]->server_name == NULL) {
- com_err(argv[0], ENOMEM, "while initializing server list");
+ com_err(progname, ENOMEM, "while initializing server list");
exit_status++;
goto cleanup;
}
@@ -554,7 +557,7 @@ int main(argc, argv)
if (bind_dn) {
ldap_context->bind_dn = strdup(bind_dn);
if (ldap_context->bind_dn == NULL) {
- com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
+ com_err(progname, ENOMEM, "while retrieving ldap configuration");
exit_status++;
goto cleanup;
}
@@ -566,7 +569,7 @@ int main(argc, argv)
if (realm_name_required) {
if ((global_params.enctype != ENCTYPE_UNKNOWN) &&
(!krb5_c_valid_enctype(global_params.enctype))) {
- com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
+ com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
"while setting up enctype %d", global_params.enctype);
}
}
@@ -583,7 +586,7 @@ int main(argc, argv)
db_retval = krb5_ldap_read_server_params(util_context, conf_section, KRB5_KDB_SRV_TYPE_OTHER);
if (db_retval) {
- com_err(argv[0], db_retval, "while reading ldap configuration");
+ com_err(progname, db_retval, "while reading ldap configuration");
exit_status++;
goto cleanup;
}
Index: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
===================================================================
--- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c.orig
+++ src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
@@ -67,7 +67,7 @@ static krb5_error_code init_ldap_realm (
retval = krb5_ldap_read_krbcontainer_params (util_context,
&(ldap_context->krbcontainer));
if (retval != 0) {
- com_err(argv[0], retval, "while reading kerberos container information");
+ com_err(progname, retval, "while reading kerberos container information");
goto cleanup;
}
}
@@ -95,7 +95,7 @@ kdb5_ldap_create_policy(argc, argv)
int argc;
char *argv[];
{
- char *me = argv[0];
+ char *me = progname;
krb5_error_code retval = 0;
krb5_ldap_policy_params *policyparams = NULL;
krb5_boolean print_usage = FALSE;
@@ -322,7 +322,7 @@ kdb5_ldap_destroy_policy(argc, argv)
int argc;
char *argv[];
{
- char *me = argv[0];
+ char *me = progname;
krb5_error_code retval = 0;
krb5_ldap_policy_params *policyparams = NULL;
krb5_boolean print_usage = FALSE;
@@ -426,7 +426,7 @@ kdb5_ldap_modify_policy(argc, argv)
int argc;
char *argv[];
{
- char *me = argv[0];
+ char *me = progname;
krb5_error_code retval = 0;
krb5_ldap_policy_params *policyparams = NULL;
krb5_boolean print_usage = FALSE;
@@ -683,7 +683,7 @@ kdb5_ldap_view_policy(argc, argv)
int argc;
char *argv[];
{
- char *me = argv[0];
+ char *me = progname;
krb5_ldap_policy_params *policyparams = NULL;
krb5_error_code retval = 0;
krb5_boolean print_usage = FALSE;
@@ -804,7 +804,7 @@ void kdb5_ldap_list_policies(argc, argv)
int argc;
char *argv[];
{
- char *me = argv[0];
+ char *me = progname;
krb5_error_code retval = 0;
krb5_boolean print_usage = FALSE;
char *basedn = NULL;
Index: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
===================================================================
--- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c.orig
+++ src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
@@ -152,7 +152,7 @@ static int get_ticket_policy(rparams,i,a
krb5_boolean no_msg = FALSE;
krb5_boolean print_usage = FALSE;
- char *me = argv[0];
+ char *me = progname;
time(&now);
if (!strcmp(argv[*i], "-maxtktlife")) {
@@ -364,7 +364,7 @@ void kdb5_ldap_create(argc, argv)
rparams->subtree = list;
} else if(strncmp(argv[i], "", strlen(argv[i]))==0) {
/* dont allow subtree value to be set at the root(NULL, "") of the tree */
- com_err(argv[0], EINVAL,
+ com_err(progname, EINVAL,
"for subtree while creating realm '%s'",
global_params.realm);
goto err_nomsg;
@@ -376,7 +376,7 @@ void kdb5_ldap_create(argc, argv)
goto err_usage;
if(strncmp(argv[i], "", strlen(argv[i]))==0) {
/* dont allow containerref value to be set at the root(NULL, "") of the tree */
- com_err(argv[0], EINVAL,
+ com_err(progname, EINVAL,
"for container reference while creating realm '%s'",
global_params.realm);
goto err_nomsg;
@@ -401,7 +401,7 @@ void kdb5_ldap_create(argc, argv)
rparams->search_scope = atoi(argv[i]);
if ((rparams->search_scope != 1) &&
(rparams->search_scope != 2)) {
- com_err(argv[0], EINVAL,
+ com_err(progname, EINVAL,
"invalid search scope while creating realm '%s'",
global_params.realm);
goto err_nomsg;
@@ -498,7 +498,7 @@ void kdb5_ldap_create(argc, argv)
retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
pw_str, &pw_size);
if (retval) {
- com_err(argv[0], retval, "while reading master key from keyboard");
+ com_err(progname, retval, "while reading master key from keyboard");
goto err_nomsg;
}
mkey_password = pw_str;
@@ -516,7 +516,7 @@ void kdb5_ldap_create(argc, argv)
rparams->realm_name = strdup(global_params.realm);
if (rparams->realm_name == NULL) {
retval = ENOMEM;
- com_err(argv[0], ENOMEM, "while creating realm '%s'",
+ com_err(progname, ENOMEM, "while creating realm '%s'",
global_params.realm);
goto err_nomsg;
}
@@ -588,11 +588,11 @@ void kdb5_ldap_create(argc, argv)
retval = krb5_ldap_read_krbcontainer_params(util_context,
&(ldap_context->krbcontainer));
if (retval) {
- com_err(argv[0], retval, "while reading kerberos container information");
+ com_err(progname, retval, "while reading kerberos container information");
goto cleanup;
}
} else if (retval) {
- com_err(argv[0], retval, "while reading kerberos container information");
+ com_err(progname, retval, "while reading kerberos container information");
goto cleanup;
}
@@ -608,7 +608,7 @@ void kdb5_ldap_create(argc, argv)
global_params.realm,
&(ldap_context->lrparams),
&mask))) {
- com_err(argv[0], retval, "while reading information of realm '%s'",
+ com_err(progname, retval, "while reading information of realm '%s'",
global_params.realm);
goto err_nomsg;
}
@@ -623,7 +623,7 @@ void kdb5_ldap_create(argc, argv)
global_params.mkey_name,
global_params.realm,
0, &master_princ))) {
- com_err(argv[0], retval, "while setting up master key name");
+ com_err(progname, retval, "while setting up master key name");
goto err_nomsg;
}
@@ -635,7 +635,7 @@ void kdb5_ldap_create(argc, argv)
pwd.length = strlen(mkey_password);
retval = krb5_principal2salt(util_context, master_princ, &master_salt);
if (retval) {
- com_err(argv[0], retval, "while calculating master key salt");
+ com_err(progname, retval, "while calculating master key salt");
goto err_nomsg;
}
@@ -646,7 +646,7 @@ void kdb5_ldap_create(argc, argv)
free(master_salt.data);
if (retval) {
- com_err(argv[0], retval, "while transforming master key from password");
+ com_err(progname, retval, "while transforming master key from password");
goto err_nomsg;
}
@@ -689,28 +689,28 @@ void kdb5_ldap_create(argc, argv)
/* Create 'K/M' ... */
rblock.flags |= KRB5_KDB_DISALLOW_ALL_TIX;
if ((retval = kdb_ldap_create_principal(util_context, master_princ, MASTER_KEY, &rblock))) {
- com_err(argv[0], retval, "while adding entries to the database");
+ com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
}
/* Create 'krbtgt' ... */
rblock.flags = 0; /* reset the flags */
if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
- com_err(argv[0], retval, "while adding entries to the database");
+ com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
}
/* Create 'kadmin/admin' ... */
snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_ADMIN_SERVICE, global_params.realm);
if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
- com_err(argv[0], retval, "while adding entries to the database");
+ com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
}
rblock.max_life = ADMIN_LIFETIME;
rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
krb5_free_principal(util_context, p);
- com_err(argv[0], retval, "while adding entries to the database");
+ com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
}
krb5_free_principal(util_context, p);
@@ -718,7 +718,7 @@ void kdb5_ldap_create(argc, argv)
/* Create 'kadmin/changepw' ... */
snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_CHANGEPW_SERVICE, global_params.realm);
if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
- com_err(argv[0], retval, "while adding entries to the database");
+ com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
}
rblock.max_life = CHANGEPW_LIFETIME;
@@ -726,7 +726,7 @@ void kdb5_ldap_create(argc, argv)
KRB5_KDB_PWCHANGE_SERVICE;
if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
krb5_free_principal(util_context, p);
- com_err(argv[0], retval, "while adding entries to the database");
+ com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
}
krb5_free_principal(util_context, p);
@@ -734,26 +734,26 @@ void kdb5_ldap_create(argc, argv)
/* Create 'kadmin/history' ... */
snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_HIST_PRINCIPAL, global_params.realm);
if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
- com_err(argv[0], retval, "while adding entries to the database");
+ com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
}
rblock.max_life = global_params.max_life;
rblock.flags = 0;
if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
krb5_free_principal(util_context, p);
- com_err(argv[0], retval, "while adding entries to the database");
+ com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
}
krb5_free_principal(util_context, p);
/* Create 'kadmin/<hostname>' ... */
if ((retval=krb5_sname_to_principal(util_context, NULL, "kadmin", KRB5_NT_SRV_HST, &p))) {
- com_err(argv[0], retval, "krb5_sname_to_principal, while adding entries to the database");
+ com_err(progname, retval, "krb5_sname_to_principal, while adding entries to the database");
goto err_nomsg;
}
if ((retval=krb5_copy_principal(util_context, p, &temp_p))) {
- com_err(argv[0], retval, "krb5_copy_principal, while adding entries to the database");
+ com_err(progname, retval, "krb5_copy_principal, while adding entries to the database");
goto err_nomsg;
}
@@ -762,7 +762,7 @@ void kdb5_ldap_create(argc, argv)
temp_p->realm.length = strlen(util_context->default_realm);
temp_p->realm.data = strdup(util_context->default_realm);
if (temp_p->realm.data == NULL) {
- com_err(argv[0], ENOMEM, "while adding entries to the database");
+ com_err(progname, ENOMEM, "while adding entries to the database");
goto err_nomsg;
}
@@ -770,7 +770,7 @@ void kdb5_ldap_create(argc, argv)
rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, &rblock))) {
krb5_free_principal(util_context, p);
- com_err(argv[0], retval, "while adding entries to the database");
+ com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
}
krb5_free_principal(util_context, temp_p);
@@ -798,7 +798,7 @@ void kdb5_ldap_create(argc, argv)
LDAP_KDC_SERVICE, rparams->kdcservers[i],
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
- com_err(argv[0], retval, "while assigning rights to '%s'",
+ com_err(progname, retval, "while assigning rights to '%s'",
rparams->realm_name);
goto err_nomsg;
}
@@ -814,7 +814,7 @@ void kdb5_ldap_create(argc, argv)
LDAP_ADMIN_SERVICE, rparams->adminservers[i],
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
- com_err(argv[0], retval, "while assigning rights to '%s'",
+ com_err(progname, retval, "while assigning rights to '%s'",
rparams->realm_name);
goto err_nomsg;
}
@@ -830,7 +830,7 @@ void kdb5_ldap_create(argc, argv)
LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
- com_err(argv[0], retval, "while assigning rights to '%s'",
+ com_err(progname, retval, "while assigning rights to '%s'",
rparams->realm_name);
goto err_nomsg;
}
@@ -850,7 +850,7 @@ void kdb5_ldap_create(argc, argv)
master_princ,
&master_keyblock, NULL);
if (retval) {
- com_err(argv[0], errno, "while storing key");
+ com_err(progname, errno, "while storing key");
printf("Warning: couldn't stash master key.\n");
}
}
@@ -879,7 +879,7 @@ cleanup:
if (retval) {
if (!no_msg) {
- com_err(argv[0], retval, "while creating realm '%s'",
+ com_err(progname, retval, "while creating realm '%s'",
global_params.realm);
}
exit_status++;
@@ -932,7 +932,7 @@ void kdb5_ldap_modify(argc, argv)
if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
&(ldap_context->krbcontainer)))) {
- com_err(argv[0], retval, "while reading Kerberos container information");
+ com_err(progname, retval, "while reading Kerberos container information");
goto err_nomsg;
}
@@ -986,7 +986,7 @@ void kdb5_ldap_modify(argc, argv)
rparams->subtree = slist;
} else if(strncmp(argv[i], "", strlen(argv[i]))==0) {
/* dont allow subtree value to be set at the root(NULL, "") of the tree */
- com_err(argv[0], EINVAL,
+ com_err(progname, EINVAL,
"for subtree while modifying realm '%s'",
global_params.realm);
goto err_nomsg;
@@ -998,7 +998,7 @@ void kdb5_ldap_modify(argc, argv)
goto err_usage;
if(strncmp(argv[i], "", strlen(argv[i]))==0) {
/* dont allow containerref value to be set at the root(NULL, "") of the tree */
- com_err(argv[0], EINVAL,
+ com_err(progname, EINVAL,
"for container reference while modifying realm '%s'",
global_params.realm);
goto err_nomsg;
@@ -1024,7 +1024,7 @@ void kdb5_ldap_modify(argc, argv)
if ((rparams->search_scope != 1) &&
(rparams->search_scope != 2)) {
retval = EINVAL;
- com_err(argv[0], retval,
+ com_err(progname, retval,
"specified for search scope while modifying information of realm '%s'",
global_params.realm);
goto err_nomsg;
@@ -1529,7 +1529,7 @@ void kdb5_ldap_modify(argc, argv)
LDAP_KDC_SERVICE, oldkdcdns[i],
rparams->realm_name, oldsubtrees, rightsmask)) != 0) {
printf("failed\n");
- com_err(argv[0], retval, "while assigning rights '%s'",
+ com_err(progname, retval, "while assigning rights '%s'",
rparams->realm_name);
goto err_nomsg;
}
@@ -1546,7 +1546,7 @@ void kdb5_ldap_modify(argc, argv)
LDAP_KDC_SERVICE, newkdcdns[i], rparams->realm_name,
rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
- com_err(argv[0], retval, "while assigning rights to '%s'",
+ com_err(progname, retval, "while assigning rights to '%s'",
rparams->realm_name);
goto err_nomsg;
}
@@ -1608,7 +1608,7 @@ void kdb5_ldap_modify(argc, argv)
LDAP_ADMIN_SERVICE, oldadmindns[i],
rparams->realm_name, oldsubtrees, rightsmask)) != 0) {
printf("failed\n");
- com_err(argv[0], retval, "while assigning rights '%s'",
+ com_err(progname, retval, "while assigning rights '%s'",
rparams->realm_name);
goto err_nomsg;
}
@@ -1626,7 +1626,7 @@ void kdb5_ldap_modify(argc, argv)
LDAP_ADMIN_SERVICE, newadmindns[i],
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
- com_err(argv[0], retval, "while assigning rights to '%s'",
+ com_err(progname, retval, "while assigning rights to '%s'",
rparams->realm_name);
goto err_nomsg;
}
@@ -1688,7 +1688,7 @@ void kdb5_ldap_modify(argc, argv)
LDAP_PASSWD_SERVICE, oldpwddns[i],
rparams->realm_name, oldsubtrees, rightsmask))) {
printf("failed\n");
- com_err(argv[0], retval, "while assigning rights '%s'",
+ com_err(progname, retval, "while assigning rights '%s'",
rparams->realm_name);
goto err_nomsg;
}
@@ -1705,7 +1705,7 @@ void kdb5_ldap_modify(argc, argv)
LDAP_PASSWD_SERVICE, newpwddns[i],
rparams->realm_name, rparams->subtree, rightsmask))) {
printf("failed\n");
- com_err(argv[0], retval, "while assigning rights to '%s'",
+ com_err(progname, retval, "while assigning rights to '%s'",
rparams->realm_name);
goto err_nomsg;
}
@@ -1777,7 +1777,7 @@ cleanup:
if (retval) {
if (!no_msg)
- com_err(argv[0], retval, "while modifying information of realm '%s'",
+ com_err(progname, retval, "while modifying information of realm '%s'",
global_params.realm);
exit_status++;
}
@@ -1804,7 +1804,7 @@ void kdb5_ldap_view(argc, argv)
ldap_context = (krb5_ldap_context *) dal_handle->db_context;
if (!(ldap_context)) {
retval = EINVAL;
- com_err(argv[0], retval, "while initializing database");
+ com_err(progname, retval, "while initializing database");
exit_status++;
return;
}
@@ -1812,14 +1812,14 @@ void kdb5_ldap_view(argc, argv)
/* Read the kerberos container information */
if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
&(ldap_context->krbcontainer))) != 0) {
- com_err(argv[0], retval, "while reading kerberos container information");
+ com_err(progname, retval, "while reading kerberos container information");
exit_status++;
return;
}
if ((retval = krb5_ldap_read_realm_params(util_context,
global_params.realm, &rparams, &mask)) || (!rparams)) {
- com_err(argv[0], retval, "while reading information of realm '%s'",
+ com_err(progname, retval, "while reading information of realm '%s'",
global_params.realm);
exit_status++;
return;
@@ -2009,7 +2009,7 @@ void kdb5_ldap_list(argc, argv)
/* Read the kerberos container information */
if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
&(ldap_context->krbcontainer))) != 0) {
- com_err(argv[0], retval, "while reading kerberos container information");
+ com_err(progname, retval, "while reading kerberos container information");
exit_status++;
return;
}
@@ -2018,7 +2018,7 @@ void kdb5_ldap_list(argc, argv)
if (retval != 0) {
krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
ldap_context->krbcontainer = NULL;
- com_err (argv[0], retval, "while listing realms");
+ com_err (progname, retval, "while listing realms");
exit_status++;
return;
}
@@ -2434,7 +2434,7 @@ kdb5_ldap_destroy(argc, argv)
dal_handle = (kdb5_dal_handle *)util_context->db_context;
ldap_context = (krb5_ldap_context *) dal_handle->db_context;
if (!(ldap_context)) {
- com_err(argv[0], EINVAL, "while initializing database");
+ com_err(progname, EINVAL, "while initializing database");
exit_status++;
return;
}
@@ -2442,7 +2442,7 @@ kdb5_ldap_destroy(argc, argv)
/* Read the kerberos container from the LDAP Server */
if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
&(ldap_context->krbcontainer))) != 0) {
- com_err(argv[0], retval, "while reading kerberos container information");
+ com_err(progname, retval, "while reading kerberos container information");
exit_status++;
return;
}
@@ -2450,7 +2450,7 @@ kdb5_ldap_destroy(argc, argv)
/* Read the Realm information from the LDAP Server */
if ((retval = krb5_ldap_read_realm_params(util_context, global_params.realm,
&(ldap_context->lrparams), &mask)) != 0) {
- com_err(argv[0], retval, "while reading realm information");
+ com_err(progname, retval, "while reading realm information");
exit_status++;
return;
}
@@ -2472,7 +2472,7 @@ kdb5_ldap_destroy(argc, argv)
LDAP_KDC_SERVICE, rparams->kdcservers[i],
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
- com_err(argv[0], retval, "while assigning rights to '%s'",
+ com_err(progname, retval, "while assigning rights to '%s'",
rparams->realm_name);
return;
}
@@ -2487,7 +2487,7 @@ kdb5_ldap_destroy(argc, argv)
LDAP_ADMIN_SERVICE, rparams->adminservers[i],
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
- com_err(argv[0], retval, "while assigning rights to '%s'",
+ com_err(progname, retval, "while assigning rights to '%s'",
rparams->realm_name);
return;
}
@@ -2502,7 +2502,7 @@ kdb5_ldap_destroy(argc, argv)
LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
printf("failed\n");
- com_err(argv[0], retval, "while assigning rights to '%s'",
+ com_err(progname, retval, "while assigning rights to '%s'",
rparams->realm_name);
return;
}
@@ -2514,7 +2514,7 @@ kdb5_ldap_destroy(argc, argv)
/* Delete the realm container and all the associated principals */
retval = krb5_ldap_delete_realm(util_context, global_params.realm);
if (retval) {
- com_err(argv[0], retval, "deleting database of '%s'", global_params.realm);
+ com_err(progname, retval, "deleting database of '%s'", global_params.realm);
exit_status++;
return;
}
Index: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
===================================================================
--- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h.orig
+++ src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
@@ -58,6 +58,8 @@
#define DESTROY_POLICY 14
#define LIST_POLICY 15
+extern char *progname;
+
extern int exit_status;
extern krb5_context util_context;
Index: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
===================================================================
--- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c.orig
+++ src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
@@ -198,7 +198,7 @@ void kdb5_ldap_create_service(argc, argv
int argc;
char *argv[];
{
- char *me = argv[0];
+ char *me = progname;
krb5_error_code retval = 0;
krb5_ldap_service_params *srvparams = NULL;
krb5_boolean print_usage = FALSE;
@@ -496,7 +496,7 @@ void kdb5_ldap_modify_service(argc, argv
int argc;
char *argv[];
{
- char *me = argv[0];
+ char *me = progname;
krb5_error_code retval = 0;
krb5_ldap_service_params *srvparams = NULL;
krb5_boolean print_usage = FALSE;
@@ -569,7 +569,7 @@ void kdb5_ldap_modify_service(argc, argv
retval = krb5_ldap_read_service(util_context, servicedn, &srvparams, &in_mask);
if (retval) {
- com_err(argv[0], retval, "while reading information of service '%s'",
+ com_err(me, retval, "while reading information of service '%s'",
servicedn);
goto err_nomsg;
}
@@ -1061,7 +1061,7 @@ rem_service_entry_from_file(argc, argv,
char *service_object;
{
int st = EINVAL;
- char *me = argv[0];
+ char *me = progname;
char *tmp_file = NULL;
int tmpfd = -1;
FILE *pfile = NULL;
@@ -1175,7 +1175,7 @@ kdb5_ldap_destroy_service(argc, argv)
if (argv[i+1]) {
stashfilename=strdup(argv[i+1]);
if (stashfilename == NULL) {
- com_err(argv[0], ENOMEM, "while destroying service");
+ com_err(progname, ENOMEM, "while destroying service");
exit_status++;
goto cleanup;
}
@@ -1188,7 +1188,7 @@ kdb5_ldap_destroy_service(argc, argv)
if ((argv[i]) && (servicedn == NULL)) {
servicedn=strdup(argv[i]);
if (servicedn == NULL) {
- com_err(argv[0], ENOMEM, "while destroying service");
+ com_err(progname, ENOMEM, "while destroying service");
exit_status++;
goto cleanup;
}
@@ -1219,7 +1219,7 @@ kdb5_ldap_destroy_service(argc, argv)
if ((retval = krb5_ldap_read_service(util_context, servicedn,
&lserparams, &mask))) {
- com_err(argv[0], retval, "while destroying service '%s'",servicedn);
+ com_err(progname, retval, "while destroying service '%s'",servicedn);
exit_status++;
goto cleanup;
}
@@ -1227,7 +1227,7 @@ kdb5_ldap_destroy_service(argc, argv)
retval = krb5_ldap_delete_service(util_context, lserparams, servicedn);
if (retval) {
- com_err(argv[0], retval, "while destroying service '%s'", servicedn);
+ com_err(progname, retval, "while destroying service '%s'", servicedn);
exit_status++;
goto cleanup;
}
@@ -1235,7 +1235,7 @@ kdb5_ldap_destroy_service(argc, argv)
if (stashfilename == NULL) {
stashfilename = strdup(DEF_SERVICE_PASSWD_FILE);
if (stashfilename == NULL) {
- com_err(argv[0], ENOMEM, "while destroying service");
+ com_err(progname, ENOMEM, "while destroying service");
exit_status++;
goto cleanup;
}
@@ -1295,13 +1295,13 @@ void kdb5_ldap_view_service(argc, argv)
servicedn=strdup(argv[1]);
if (servicedn == NULL) {
- com_err(argv[0], ENOMEM, "while viewing service");
+ com_err(progname, ENOMEM, "while viewing service");
exit_status++;
goto cleanup;
}
if ((retval = krb5_ldap_read_service(util_context, servicedn, &lserparams, &mask))) {
- com_err(argv[0], retval, "while viewing service '%s'",servicedn);
+ com_err(progname, retval, "while viewing service '%s'",servicedn);
exit_status++;
goto cleanup;
}
@@ -1338,7 +1338,7 @@ void kdb5_ldap_list_services(argc, argv)
int argc;
char *argv[];
{
- char *me = argv[0];
+ char *me = progname;
krb5_error_code retval = 0;
char *basedn = NULL;
char **list = NULL;
@@ -1519,7 +1519,7 @@ kdb5_ldap_set_service_password(argc, arg
krb5_ldap_context *lparams = NULL;
char *file_name = NULL;
char *tmp_file = NULL;
- char *me = argv[0];
+ char *me = progname;
int filelen = 0;
int random_passwd = 0;
int set_dir_pwd = 1;
@@ -1902,7 +1902,7 @@ kdb5_ldap_stash_service_password(argc, a
{
int ret = 0;
unsigned int passwd_len = 0;
- char *me = argv[0];
+ char *me = progname;
char *service_object = NULL;
char *file_name = NULL, *tmp_file = NULL;
char passwd[MAX_SERVICE_PASSWD_LEN];
Index: src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M
===================================================================
--- src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M.orig
+++ src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M
@@ -73,7 +73,7 @@ set. This means all the ticket options w
The various flags are:
.TP
{\fB\-\fP|\fB+\fP}\fBallow_postdated\fP
-.B -allow_postdated
+.B \-allow_postdated
prohibits principals from obtaining postdated tickets. (Sets the
.SM KRB5_KDB_DISALLOW_POSTDATED
flag.)
@@ -81,7 +81,7 @@ flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_forwardable\fP
-.B -allow_forwardable
+.B \-allow_forwardable
prohibits principals from obtaining forwardable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_FORWARDABLE
flag.)
@@ -89,7 +89,7 @@ flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_renewable\fP
-.B -allow_renewable
+.B \-allow_renewable
prohibits principals from obtaining renewable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_RENEWABLE
flag.)
@@ -97,7 +97,7 @@ flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_proxiable\fP
-.B -allow_proxiable
+.B \-allow_proxiable
prohibits principals from obtaining proxiable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_PROXIABLE
flag.)
@@ -105,7 +105,7 @@ flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_dup_skey\fP
-.B -allow_dup_skey
+.B \-allow_dup_skey
Disables user-to-user authentication for principals by prohibiting
principals from obtaining a session key for another user. (Sets the
.SM KRB5_KDB_DISALLOW_DUP_SKEY
@@ -119,7 +119,7 @@ requires principals to preauthenticate b
kinit. (Sets the
.SM KRB5_KDB_REQUIRES_PRE_AUTH
flag.)
-.B -requires_preauth
+.B \-requires_preauth
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBrequires_hwauth\fP
@@ -128,11 +128,11 @@ requires principals to preauthenticate u
before being allowed to kinit. (Sets the
.SM KRB5_KDB_REQUIRES_HW_AUTH
flag.)
-.B -requires_hwauth
+.B \-requires_hwauth
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_svr\fP
-.B -allow_svr
+.B \-allow_svr
prohibits the issuance of service tickets for principals. (Sets the
.SM KRB5_KDB_DISALLOW_SVR
flag.)
@@ -208,9 +208,9 @@ Specifies the list of Administration ser
of the Administration service objects separated by colon(:).
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
-create -subtrees o=org -sscope SUB
--r ATHENA.MIT.EDU\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu
+create \-subtrees o=org \-sscope SUB
+\-r ATHENA.MIT.EDU\fP
.nf
Password for "cn=admin,o=org":
Initializing database for realm 'ATHENA.MIT.EDU'
@@ -255,7 +255,7 @@ and no restriction will be set.
The various flags are:
.TP
{\fB\-\fP|\fB+\fP}\fBallow_postdated\fP
-.B -allow_postdated
+.B \-allow_postdated
prohibits principals from obtaining postdated tickets. (Sets the
.SM KRB5_KDB_DISALLOW_POSTDATED
flag.)
@@ -263,7 +263,7 @@ flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_forwardable\fP
-.B -allow_forwardable
+.B \-allow_forwardable
prohibits principals from obtaining forwardable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_FORWARDABLE
flag.)
@@ -271,7 +271,7 @@ flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_renewable\fP
-.B -allow_renewable
+.B \-allow_renewable
prohibits principals from obtaining renewable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_RENEWABLE
flag.)
@@ -279,7 +279,7 @@ flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_proxiable\fP
-.B -allow_proxiable
+.B \-allow_proxiable
prohibits principals from obtaining proxiable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_PROXIABLE
flag.)
@@ -287,7 +287,7 @@ flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_dup_skey\fP
-.B -allow_dup_skey
+.B \-allow_dup_skey
Disables user-to-user authentication for principals by prohibiting
principals from obtaining a session key for another user. (Sets the
.SM KRB5_KDB_DISALLOW_DUP_SKEY
@@ -301,7 +301,7 @@ requires principals to preauthenticate b
kinit. (Sets the
.SM KRB5_KDB_REQUIRES_PRE_AUTH
flag.)
-.B -requires_preauth
+.B \-requires_preauth
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBrequires_hwauth\fP
@@ -310,11 +310,11 @@ requires principals to preauthenticate u
before being allowed to kinit. (Sets the
.SM KRB5_KDB_REQUIRES_HW_AUTH
flag.)
-.B -requires_hwauth
+.B \-requires_hwauth
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_svr\fP
-.B -allow_svr
+.B \-allow_svr
prohibits the issuance of service tickets for principals. (Sets the
.SM KRB5_KDB_DISALLOW_SVR
flag.)
@@ -406,8 +406,8 @@ Specifies the list of Administration ser
contains the DNs of the Administration service objects separated by a colon (:).
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify
-+requires_preauth -r ATHENA.MIT.EDU \fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu modify
++requires_preauth \-r ATHENA.MIT.EDU \fP
.nf
Password for "cn=admin,o=org":
.fi
@@ -423,8 +423,8 @@ Specifies the Kerberos realm of the data
is used.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view
--r ATHENA.MIT.EDU\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu view
+\-r ATHENA.MIT.EDU\fP
.nf
Password for "cn=admin,o=org":
Realm Name: ATHENA.MIT.EDU
@@ -450,8 +450,8 @@ Specifies the Kerberos realm of the data
is used.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy
--r ATHENA.MIT.EDU\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu destroy
+\-r ATHENA.MIT.EDU\fP
.nf
Password for "cn=admin,o=org":
Deleting KDC database of 'ATHENA.MIT.EDU', are you sure?
@@ -467,7 +467,7 @@ Lists the name of realms.
.nf
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu list\fP
Password for "cn=admin,o=org":
ATHENA.MIT.EDU
OPENLDAP.MIT.EDU
@@ -487,7 +487,7 @@ Specifies the complete path of the servi
Specifies Distinguished name (DN) of the service object whose password is to be stored in file.
.TP
EXAMPLE:
-\fBkdb5_ldap_util stashsrvpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP
+\fBkdb5_ldap_util stashsrvpw \-f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP
.nf
Password for "cn=service-kdc,o=org":
Re-enter password for "cn=service-kdc,o=org":
@@ -517,7 +517,7 @@ set. This means all the ticket options w
The various flags are:
.TP
{\fB\-\fP|\fB+\fP}\fBallow_postdated\fP
-.B -allow_postdated
+.B \-allow_postdated
prohibits principals from obtaining postdated tickets. (Sets the
.SM KRB5_KDB_DISALLOW_POSTDATED
flag.)
@@ -525,7 +525,7 @@ flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_forwardable\fP
-.B -allow_forwardable
+.B \-allow_forwardable
prohibits principals from obtaining forwardable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_FORWARDABLE
flag.)
@@ -533,7 +533,7 @@ flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_renewable\fP
-.B -allow_renewable
+.B \-allow_renewable
prohibits principals from obtaining renewable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_RENEWABLE
flag.)
@@ -541,7 +541,7 @@ flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_proxiable\fP
-.B -allow_proxiable
+.B \-allow_proxiable
prohibits principals from obtaining proxiable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_PROXIABLE
flag.)
@@ -549,7 +549,7 @@ flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_dup_skey\fP
-.B -allow_dup_skey
+.B \-allow_dup_skey
Disables user-to-user authentication for principals by prohibiting
principals from obtaining a session key for another user. (Sets the
.SM KRB5_KDB_DISALLOW_DUP_SKEY
@@ -563,7 +563,7 @@ requires principals to preauthenticate b
kinit. (Sets the
.SM KRB5_KDB_REQUIRES_PRE_AUTH
flag.)
-.B -requires_preauth
+.B \-requires_preauth
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBrequires_hwauth\fP
@@ -572,11 +572,11 @@ requires principals to preauthenticate u
before being allowed to kinit. (Sets the
.SM KRB5_KDB_REQUIRES_HW_AUTH
flag.)
-.B -requires_hwauth
+.B \-requires_hwauth
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_svr\fP
-.B -allow_svr
+.B \-allow_svr
prohibits the issuance of service tickets for principals. (Sets the
.SM KRB5_KDB_DISALLOW_SVR
flag.)
@@ -639,7 +639,7 @@ flag on principals in the database.
Specifies the name of the ticket policy.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu create_policy -r ATHENA.MIT.EDU -maxtktlife "1 day" -maxrenewlife "1 week" -allow_postdated +needchange -allow_forwardable tktpolicy\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu create_policy \-r ATHENA.MIT.EDU \-maxtktlife "1 day" \-maxrenewlife "1 week" \-allow_postdated +needchange \-allow_forwardable tktpolicy\fP
.nf
Password for "cn=admin,o=org":
.fi
@@ -657,7 +657,7 @@ returned by
is used.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify_policy -r ATHENA.MIT.EDU -maxtktlife "60 minutes" -maxrenewlife "10 hours" +allow_postdated -requires_preauth tktpolicy\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu modify_policy \-r ATHENA.MIT.EDU \-maxtktlife "60 minutes" \-maxrenewlife "10 hours" +allow_postdated \-requires_preauth tktpolicy\fP
.nf
Password for "cn=admin,o=org":
.fi
@@ -671,7 +671,7 @@ Displays the attributes of a ticket poli
Specifies the name of the ticket policy.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view_policy -r ATHENA.MIT.EDU tktpolicy\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu view_policy \-r ATHENA.MIT.EDU tktpolicy\fP
.nf
Password for "cn=admin,o=org":
Ticket policy: tktpolicy
@@ -700,7 +700,7 @@ to confirm the deletion.
Specifies the name of the ticket policy.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy_policy -r ATHENA.MIT.EDU tktpolicy\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu destroy_policy \-r ATHENA.MIT.EDU tktpolicy\fP
.nf
Password for "cn=admin,o=org":
This will delete the policy object 'tktpolicy', are you sure?
@@ -720,7 +720,7 @@ returned by
is used.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list_policy -r ATHENA.MIT.EDU\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu list_policy \-r ATHENA.MIT.EDU\fP
.nf
Password for "cn=admin,o=org":
tktpolicy
@@ -735,22 +735,22 @@ userpolicy
\fBsetsrvpw\fP [\fB\-randpw\fP|\fB\-fileonly\fP] [\fB\-f\fP\ \fIfilename\fP] \fIservice_dn\fP
Allows an administrator to set password for service objects such as KDC and Administration server in
eDirectory and store them in a file. The
-.I -fileonly
+.I \-fileonly
option stores the password in a file and not in the eDirectory object. Options:
.RS
.TP
\fB\-randpw \fP
Generates and sets a random password. This options can be specified to store the password both in eDirectory and a file. The
-.I -fileonly
+.I \-fileonly
option can not be used if
-.I -randpw
+.I \-randpw
option is already specified.
.TP
\fB\-fileonly\fP
Stores the password only in a file and not in eDirectory. The
-.I -randpw
+.I \-randpw
option can not be used when
-.I -fileonly
+.I \-fileonly
options is specified.
.TP
\fB\-f\fP\ \fIfilename\fP
@@ -760,7 +760,7 @@ Specifies complete path of the service p
Specifies Distinguished name (DN) of the service object whose password is to be set.
.TP
EXAMPLE:
-\fBkdb5_ldap_util setsrvpw -D cn=admin,o=org setsrvpw -fileonly -f /home/andrew/conf_keyfile
+\fBkdb5_ldap_util setsrvpw \-D cn=admin,o=org setsrvpw \-fileonly \-f /home/andrew/conf_keyfile
cn=service-kdc,o=org\fP
.nf
Password for "cn=admin,o=org":
@@ -792,16 +792,16 @@ separated by a colon (:).
.TP
\fB\-randpw \fP
Generates and sets a random password. This option is used to set the random password for the service object in directory and also to store it in the file. The
-.I -fileonly
+.I \-fileonly
option can not be used if
-.I -randpw
+.I \-randpw
option is specified.
.TP
\fB\-fileonly\fP
Stores the password only in a file and not in eDirectory. The
-.I -randpw
+.I \-randpw
option can not be used when
-.I -fileonly
+.I \-fileonly
option is specified.
.TP
\fB\-f\fP\ \fIfilename\fP
@@ -811,7 +811,7 @@ Specifies the complete path of the file
Specifies Distinguished name (DN) of the Kerberos service to be created.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org create_service -kdc -randpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org create_service \-kdc \-randpw \-f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP
.nf
Password for "cn=admin,o=org":
File does not exist. Creating the file /home/andrew/conf_keyfile...
@@ -855,7 +855,7 @@ realms separated by a colon (:).
Specifies Distinguished name (DN) of the Kerberos service to be modified.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org modify_service -realm ATHENA.MIT.EDU
+\fBkdb5_ldap_util \-D cn=admin,o=org modify_service \-realm ATHENA.MIT.EDU
cn=service-kdc,o=org\fP
.nf
Password for "cn=admin,o=org":
@@ -871,7 +871,7 @@ Displays the attributes of a service. O
Specifies Distinguished name (DN) of the Kerberos service to be viewed.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org view_service cn=service-kdc,o=org\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org view_service cn=service-kdc,o=org\fP
.nf
Password for "cn=admin,o=org":
Service dn: cn=service-kdc,o=org
@@ -897,7 +897,7 @@ needs to be removed.
Specifies Distinguished name (DN) of the Kerberos service to be destroyed.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org destroy_service cn=service-kdc,o=org\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org destroy_service cn=service-kdc,o=org\fP
.nf
Password for "cn=admin,o=org":
This will delete the service object 'cn=service-kdc,o=org', are you sure?
@@ -922,7 +922,7 @@ for the base DN is
.B Root.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org list_service\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org list_service\fP
.nf
Password for "cn=admin,o=org":
cn=service-kdc,o=org
Index: src/plugins/kdb/db2/libdb2/test/run.test
===================================================================
--- src/plugins/kdb/db2/libdb2/test/run.test.orig
+++ src/plugins/kdb/db2/libdb2/test/run.test
@@ -34,7 +34,7 @@ main()
bindir=/bin/.
if [ $# -eq 0 ]; then
- for t in 1 2 3 4 5 6 7 8 9 10 11 12 13 20; do
+ for t in 1 2 3 4 5 6 7 8 9 10 11 12 13 20 40 41; do
test$t
done
else
@@ -45,7 +45,7 @@ main()
[0-9]*)
test$1;;
btree)
- for t in 1 2 3 7 8 9 10 12 13; do
+ for t in 1 2 3 7 8 9 10 12 13 40 41; do
test$t
done;;
hash)
@@ -743,4 +743,162 @@ bsize=$bsize ffactor=$ffactor nelem=2500
done
}
+# Test for a weird page split condition where an insertion into index
+# 0 of a page that would cause the new item to be the only item on the
+# left page results in index 0 of the right page being erroneously
+# skipped; this only happens with one particular key+data length for
+# each page size.
+test40 () {
+ echo "Test 40: btree: page split on index 0"
+ e=:
+ for psize in 512 1024 2048 4096 8192; do
+ echo " page size $psize"
+ kdsizes=`awk 'BEGIN {
+ psize = '$psize'; hsize = int(psize/2);
+ for (kdsize = hsize-40; kdsize <= hsize; kdsize++) {
+ print kdsize;
+ }
+ }' /dev/null`
+
+ # Use a series of keylen+datalen values in the right
+ # neighborhood to find the one that triggers the bug.
+ # We could compute the exact size that triggers the
+ # bug but this additional fuzz may be useful.
+
+ # Insert keys in reverse order to maximize the chances
+ # for a split on index 0.
+
+ for kdsize in $kdsizes; do
+ awk 'BEGIN {
+ kdsize = '$kdsize';
+ for (i = 8; i-- > 0; ) {
+ s = sprintf("a%03d:%09d", i, kdsize);
+ for (j = 0; j < kdsize-20; j++) {
+ s = s "x";
+ }
+ printf("p\nka%03d\nd%s\n", i, s);
+ }
+ print "o";
+ }' /dev/null > $TMP2
+ sed -n 's/^d//p' $TMP2 | sort > $TMP1
+ $PROG -o $TMP3 -i psize=$psize btree $TMP2
+ if (cmp -s $TMP1 $TMP3); then :
+ else
+ echo "test40: btree: page size $psize, \
+keylen+datalen=$kdsize failed"
+ e='exit 1'
+ fi
+ done
+ done
+ $e
+}
+
+# Extremely tricky test attempting to replicate some unusual database
+# corruption seen in the field: pieces of the database becoming
+# inaccessible to random access, sequential access, or both. The
+# hypothesis is that at least some of these are triggered by the bug
+# in page splits on index 0 with a particular exact keylen+datalen.
+# (See Test 40.) For psize=4096, this size is exactly 2024.
+
+# The order of operations here relies on very specific knowledge of
+# the internals of the btree access method in order to place records
+# at specific offsets in a page and to create certain keys on internal
+# pages. The to-be-split page immediately prior to the bug-triggering
+# split has the following properties:
+#
+# * is not the leftmost leaf page
+# * key on the parent page is compares less than the key of the item
+# on index 0
+# * triggering record's key also compares greater than the key on the
+# parent page
+
+# Additionally, we prime the mpool LRU chain so that the head page on
+# the chain has the following properties:
+#
+# * record at index 0 is located where it will not get overwritten by
+# items written to the right-hand page during the split
+# * key of the record at index 0 compares less than the key of the
+# bug-triggering record
+
+# If the page-split bug exists, this test appears to create a database
+# where some records are inaccessible to a search, but still remain in
+# the file and are accessible by sequential traversal. At least one
+# record gets duplicated out of sequence.
+
+test41 () {
+ echo "Test 41: btree: no unsearchables due to page split on index 0"
+ # list of individual retrievals in a variable for easy reuse
+ list=`(for i in a b c d; do
+ for j in 990 998 999; do
+ echo g ${i}${j} 1024
+ done
+ done;
+ echo g y997 2014
+ for i in y z; do
+ for j in 998 999; do
+ echo g ${i}${j} 1024
+ done
+ done)`
+ # Exact number for trigger condition accounts for newlines
+ # retained by dbtest with -ofile but not without; we use
+ # -ofile, so count newlines. keylen=5,datalen=5+2014 for
+ # psize=4096 here.
+ (cat - <<EOF
+p z999 1024
+p z998 1024
+p y999 1024
+p y990 1024
+p d999 1024
+p d990 1024
+p c999 1024
+p c990 1024
+p b999 1024
+p b990 1024
+p a999 1024
+p a990 1024
+p y998 1024
+r y990
+p d998 1024
+p d990 1024
+p c998 1024
+p c990 1024
+p b998 1024
+p b990 1024
+p a998 1024
+p a990 1024
+p y997 2014
+S
+o
+EOF
+ echo "$list") |
+ # awk script input:
+ # {p|g|r} key [datasize]
+ awk '/^[pgr]/{
+ printf("%s\nk%s\n", $1, $2);
+ }
+ /^p/{
+ s = $2;
+ for (i = 0; i < $3; i++) {
+ s = s "x";
+ }
+ printf("d%s\n", s);
+ }
+ !/^[pgr]/{
+ print $0;
+ }' > $TMP2
+ (echo "$list"; echo "$list") | awk '{
+ s = $2;
+ for (i = 0; i < $3; i++) {
+ s = s "x";
+ }
+ print s;
+ }' > $TMP1
+ $PROG -o $TMP3 -i psize=4096 btree $TMP2
+ if (cmp -s $TMP1 $TMP3); then :
+ else
+ echo "test41: btree: failed"
+ exit 1
+ fi
+}
+
main $*
Index: src/plugins/kdb/db2/libdb2/mpool/mpool.c
===================================================================
--- src/plugins/kdb/db2/libdb2/mpool/mpool.c.orig
+++ src/plugins/kdb/db2/libdb2/mpool/mpool.c
@@ -377,7 +377,7 @@ mpool_bkt(mp)
head = &mp->hqh[HASHKEY(bp->pgno)];
CIRCLEQ_REMOVE(head, bp, hq);
CIRCLEQ_REMOVE(&mp->lqh, bp, q);
-#ifdef DEBUG
+#if defined(DEBUG) && !defined(DEBUG_IDX0SPLIT)
{ void *spage;
spage = bp->page;
memset(bp, 0xff, sizeof(BKT) + mp->pagesize);
Index: src/plugins/kdb/db2/libdb2/btree/bt_debug.c
===================================================================
--- src/plugins/kdb/db2/libdb2/btree/bt_debug.c.orig
+++ src/plugins/kdb/db2/libdb2/btree/bt_debug.c
@@ -257,7 +257,8 @@ __bt_dpage(dbp, h)
*(db_pgno_t *)bl->bytes,
*(u_int32_t *)(bl->bytes + sizeof(db_pgno_t)));
else if (bl->ksize)
- (void)fprintf(tracefp, "%s/", bl->bytes);
+ (void)fprintf(tracefp, "%.*s/",
+ (int)bl->ksize, bl->bytes);
if (bl->flags & P_BIGDATA)
(void)fprintf(tracefp,
"big data page %lu size %u",
Index: src/plugins/kdb/db2/libdb2/btree/bt_split.c
===================================================================
--- src/plugins/kdb/db2/libdb2/btree/bt_split.c.orig
+++ src/plugins/kdb/db2/libdb2/btree/bt_split.c
@@ -727,7 +727,7 @@ bt_psplit(t, h, l, r, pskip, ilen)
* the right page.
*/
if (skip <= off) {
- skip = 0;
+ skip = (indx_t)-1;
rval = l;
} else {
rval = r;
@@ -737,7 +737,7 @@ bt_psplit(t, h, l, r, pskip, ilen)
for (off = 0; nxt < top; ++off) {
if (skip == nxt) {
++off;
- skip = 0;
+ skip = (indx_t)-1;
}
switch (h->flags & P_TYPE) {
case P_BINTERNAL:
Index: src/plugins/preauth/pkinit/configure.in
===================================================================
--- src/plugins/preauth/pkinit/configure.in.orig
+++ src/plugins/preauth/pkinit/configure.in
@@ -6,8 +6,6 @@ AC_CHECK_HEADERS(unistd.h)
AC_TYPE_MODE_T
AC_TYPE_OFF_T
-AC_CHECK_FUNCS()
-
# XXX This is incorrect, but should cause -lcrypto to be included by default
AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
Index: src/appl/gssftp/ftp/ftp.M
===================================================================
--- src/appl/gssftp/ftp/ftp.M.orig
+++ src/appl/gssftp/ftp/ftp.M
@@ -537,7 +537,7 @@ $1.$2 and the remote file name "mydata.d
"mydata", and $2 would have the value "data". The
.I outpattern
determines the resulting mapped filename. The sequences `$1', `$2',
-...., `$9' are replaced by any value resulting from the
+\&..., `$9' are replaced by any value resulting from the
.I inpattern
template. The sequence `$0' is replace by the original filename.
Additionally, the sequence `[\fIseq1\fP, \fIseq2\fP]' is replaced by
Index: src/appl/bsd/v4rcp.M
===================================================================
--- src/appl/bsd/v4rcp.M.orig
+++ src/appl/bsd/v4rcp.M
@@ -1,5 +1,5 @@
.\" appl/bsd/v4rcp.M
-.TH RCP 1 \*h
+.TH V4RCP 1
.SH NAME
v4rcp \- back end for Kerberos V4 rcp
.SH SYNOPSIS
Index: src/appl/telnet/telnet/telnet.1
===================================================================
--- src/appl/telnet/telnet/telnet.1.orig
+++ src/appl/telnet/telnet/telnet.1
@@ -625,7 +625,7 @@ Sends the
.TP
.B escape
Sends the current
-.b telnet
+.B telnet
escape character (initially ``^''.
.TP
.B ga
@@ -761,7 +761,7 @@ character.
If
.B telnet
is in
-.b localchars
+.B localchars
mode (see
.B toggle localchars
below),
@@ -1296,9 +1296,9 @@ is omitted, then an interactive subshell
.TP
\fB\&?\fP \fIcommand\fP
Get help. With no arguments,
-.b telnet
+.B telnet
prints a help summary. If a command is specified,
-.b telnet
+.B telnet
will print the help information for just that command.
.SH ENVIRONMENT
.B Telnet
Index: src/clients/kpasswd/kpasswd.M
===================================================================
--- src/clients/kpasswd/kpasswd.M.orig
+++ src/clients/kpasswd/kpasswd.M
@@ -21,8 +21,7 @@
.\" this software for any purpose. It is provided "as is" without express
.\" or implied warranty.
.\" "
-.\.so man1/header.doc
-.TH KPASSWD 1 \*h
+.TH KPASSWD 1
.SH NAME
kpasswd \- change a user's Kerberos password
.SH SYNOPSIS
Index: src/gen-manpages/k5login.M
===================================================================
--- src/gen-manpages/k5login.M.orig
+++ src/gen-manpages/k5login.M
@@ -1,6 +1,6 @@
.TH .K5LOGIN 5
.SH NAME
-.k5login \- Kerberos V5 acl file for host access.
+\&.k5login \- Kerberos V5 acl file for host access.
.SH DESCRIPTION
The
.B .k5login
Index: src/kadmin/dbutil/kdb5_destroy.c
===================================================================
--- src/kadmin/dbutil/kdb5_destroy.c.orig
+++ src/kadmin/dbutil/kdb5_destroy.c
@@ -60,19 +60,16 @@ kdb5_destroy(argc, argv)
retval1 = kadm5_init_krb5_context(&context);
if( retval1 )
{
- com_err(argv[0], retval1, "while initializing krb5_context");
+ com_err(progname, retval1, "while initializing krb5_context");
exit(1);
}
if ((retval1 = krb5_set_default_realm(context,
util_context->default_realm))) {
- com_err(argv[0], retval1, "while setting default realm name");
+ com_err(progname, retval1, "while setting default realm name");
exit(1);
}
- if (strrchr(argv[0], '/'))
- argv[0] = strrchr(argv[0], '/')+1;
-
dbname = global_params.dbname;
optind = 1;
@@ -102,7 +99,7 @@ kdb5_destroy(argc, argv)
retval1 = krb5_db_destroy(context, db5util_db_args);
if (retval1) {
- com_err(argv[0], retval1, "deleting database '%s'",dbname);
+ com_err(progname, retval1, "deleting database '%s'",dbname);
exit_status++; return;
}
Index: src/kadmin/dbutil/dump.c
===================================================================
--- src/kadmin/dbutil/dump.c.orig
+++ src/kadmin/dbutil/dump.c
@@ -1016,7 +1016,6 @@ dump_db(argc, argv)
{
FILE *f;
struct dump_args arglist;
- char *programname;
char *ofile;
krb5_error_code kret, retval;
dump_version *dump;
@@ -1027,9 +1026,6 @@ dump_db(argc, argv)
/*
* Parse the arguments.
*/
- programname = argv[0];
- if (strrchr(programname, (int) '/'))
- programname = strrchr(argv[0], (int) '/') + 1;
ofile = (char *) NULL;
dump = &r1_3_version;
arglist.verbose = 0;
@@ -1081,7 +1077,7 @@ dump_db(argc, argv)
* to be opened if we try a dump that uses it.
*/
if (!dbactive) {
- com_err(argv[0], 0, Err_no_database);
+ com_err(progname, 0, Err_no_database);
exit_status++;
return;
}
@@ -1099,7 +1095,7 @@ dump_db(argc, argv)
(char *) NULL, 0,
&master_keyblock);
if (retval) {
- com_err(argv[0], retval,
+ com_err(progname, retval,
"while reading master key");
exit(1);
}
@@ -1107,7 +1103,7 @@ dump_db(argc, argv)
master_princ,
&master_keyblock);
if (retval) {
- com_err(argv[0], retval,
+ com_err(progname, retval,
"while verifying master key");
exit(1);
}
@@ -1124,7 +1120,7 @@ dump_db(argc, argv)
TRUE,
new_mkey_file, 0,
&new_master_keyblock))) {
- com_err(argv[0], retval, "while reading new master key");
+ com_err(progname, retval, "while reading new master key");
exit(1);
}
}
@@ -1150,7 +1146,7 @@ dump_db(argc, argv)
unlink(ofile);
if (!(f = fopen(ofile, "w"))) {
fprintf(stderr, ofopen_error,
- programname, ofile, error_message(errno));
+ progname, ofile, error_message(errno));
exit_status++;
return;
}
@@ -1158,7 +1154,7 @@ dump_db(argc, argv)
fileno(f),
KRB5_LOCKMODE_EXCLUSIVE))) {
fprintf(stderr, oflock_error,
- programname, ofile, error_message(kret));
+ progname, ofile, error_message(kret));
exit_status++;
}
else
@@ -1167,7 +1163,7 @@ dump_db(argc, argv)
f = stdout;
}
if (f && !(kret)) {
- arglist.programname = programname;
+ arglist.programname = progname;
arglist.ofile = f;
arglist.kcontext = util_context;
fprintf(arglist.ofile, "%s", dump->header);
@@ -1179,13 +1175,13 @@ dump_db(argc, argv)
dump->dump_princ,
(krb5_pointer) &arglist))) { /* TBD: backwards and recursive not supported */
fprintf(stderr, dumprec_err,
- programname, dump->name, error_message(kret));
+ progname, dump->name, error_message(kret));
exit_status++;
}
if (dump->dump_policy &&
(kret = krb5_db_iter_policy( util_context, "*", dump->dump_policy,
&arglist))) {
- fprintf(stderr, dumprec_err, programname, dump->name,
+ fprintf(stderr, dumprec_err, progname, dump->name,
error_message(kret));
exit_status++;
}
@@ -2126,7 +2122,6 @@ load_db(argc, argv)
FILE *f;
extern char *optarg;
extern int optind;
- char *programname;
char *dumpfile;
char *dbname;
char *dbname_tmp;
@@ -2140,9 +2135,6 @@ load_db(argc, argv)
/*
* Parse the arguments.
*/
- programname = argv[0];
- if (strrchr(programname, (int) '/'))
- programname = strrchr(argv[0], (int) '/') + 1;
dumpfile = (char *) NULL;
dbname = global_params.dbname;
load = NULL;
@@ -2180,7 +2172,7 @@ load_db(argc, argv)
if (!(dbname_tmp = (char *) malloc(strlen(dbname)+
strlen(dump_tmptrail)+1))) {
- fprintf(stderr, no_name_mem_fmt, argv[0]);
+ fprintf(stderr, no_name_mem_fmt, progname);
exit_status++;
return;
}
@@ -2191,7 +2183,7 @@ load_db(argc, argv)
* Initialize the Kerberos context and error tables.
*/
if ((kret = kadm5_init_krb5_context(&kcontext))) {
- fprintf(stderr, ctx_err_fmt, programname);
+ fprintf(stderr, ctx_err_fmt, progname);
free(dbname_tmp);
exit_status++;
return;
@@ -2199,7 +2191,7 @@ load_db(argc, argv)
if( (kret = krb5_set_default_realm(kcontext, util_context->default_realm)) )
{
- fprintf(stderr, "%s: Unable to set the default realm\n", programname);
+ fprintf(stderr, "%s: Unable to set the default realm\n", progname);
free(dbname_tmp);
exit_status++;
return;
@@ -2210,14 +2202,14 @@ load_db(argc, argv)
*/
if (dumpfile) {
if ((f = fopen(dumpfile, "r")) == NULL) {
- fprintf(stderr, dfile_err_fmt, programname, dumpfile,
+ fprintf(stderr, dfile_err_fmt, progname, dumpfile,
error_message(errno));
exit_status++;
return;
}
if ((kret = krb5_lock_file(kcontext, fileno(f),
KRB5_LOCKMODE_SHARED))) {
- fprintf(stderr, "%s: Cannot lock %s: %s\n", programname,
+ fprintf(stderr, "%s: Cannot lock %s: %s\n", progname,
dumpfile, error_message(errno));
exit_status++;
return;
@@ -2233,7 +2225,7 @@ load_db(argc, argv)
if (load) {
/* only check what we know; some headers only contain a prefix */
if (strncmp(buf, load->header, strlen(load->header)) != 0) {
- fprintf(stderr, head_bad_fmt, programname, dumpfile);
+ fprintf(stderr, head_bad_fmt, progname, dumpfile);
exit_status++;
if (dumpfile) fclose(f);
return;
@@ -2252,7 +2244,7 @@ load_db(argc, argv)
strlen(ov_version.header)) == 0)
load = &ov_version;
else {
- fprintf(stderr, head_bad_fmt, programname, dumpfile);
+ fprintf(stderr, head_bad_fmt, progname, dumpfile);
exit_status++;
if (dumpfile) fclose(f);
return;
@@ -2260,7 +2252,7 @@ load_db(argc, argv)
}
if (load->updateonly && !update) {
fprintf(stderr, "%s: dump version %s can only be loaded with the "
- "-update flag\n", programname, load->name);
+ "-update flag\n", progname, load->name);
exit_status++;
return;
}
@@ -2277,7 +2269,7 @@ load_db(argc, argv)
if ((kret = kadm5_get_config_params(kcontext, 1,
&newparams, &newparams))) {
- com_err(argv[0], kret,
+ com_err(progname, kret,
"while retreiving new configuration parameters");
exit_status++;
return;
@@ -2301,11 +2293,11 @@ load_db(argc, argv)
*/
if (emsg != NULL) {
- fprintf(stderr, "%s: %s\n", programname, emsg);
+ fprintf(stderr, "%s: %s\n", progname, emsg);
krb5_free_error_message (kcontext, emsg);
} else {
fprintf(stderr, dbcreaterr_fmt,
- programname, dbname, error_message(kret));
+ progname, dbname, error_message(kret));
}
exit_status++;
kadm5_free_config_params(kcontext, &newparams);
@@ -2326,11 +2318,11 @@ load_db(argc, argv)
*/
if (emsg != NULL) {
- fprintf(stderr, "%s: %s\n", programname, emsg);
+ fprintf(stderr, "%s: %s\n", progname, emsg);
krb5_free_error_message (kcontext, emsg);
} else {
fprintf(stderr, dbinit_err_fmt,
- programname, error_message(kret));
+ progname, error_message(kret));
}
exit_status++;
goto error;
@@ -2349,7 +2341,7 @@ load_db(argc, argv)
*/
if (kret != KRB5_PLUGIN_OP_NOTSUPP) {
fprintf(stderr, "%s: %s while permanently locking database\n",
- programname, error_message(kret));
+ progname, error_message(kret));
exit_status++;
goto error;
}
@@ -2357,10 +2349,10 @@ load_db(argc, argv)
else
db_locked = 1;
- if (restore_dump(programname, kcontext, (dumpfile) ? dumpfile : stdin_name,
+ if (restore_dump(progname, kcontext, (dumpfile) ? dumpfile : stdin_name,
f, verbose, load)) {
fprintf(stderr, restfail_fmt,
- programname, load->name);
+ progname, load->name);
exit_status++;
}
@@ -2373,14 +2365,14 @@ load_db(argc, argv)
if (db_locked && (kret = krb5_db_unlock(kcontext))) {
/* change this error? */
fprintf(stderr, dbunlockerr_fmt,
- programname, dbname, error_message(kret));
+ progname, dbname, error_message(kret));
exit_status++;
}
#if 0
if ((kret = krb5_db_fini(kcontext))) {
fprintf(stderr, close_err_fmt,
- programname, error_message(kret));
+ progname, error_message(kret));
exit_status++;
}
#endif
@@ -2395,7 +2387,7 @@ load_db(argc, argv)
*/
if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) {
fprintf(stderr, "%s: cannot make newly loaded database live (%s)\n",
- programname, error_message(kret));
+ progname, error_message(kret));
exit_status++;
}
}
@@ -2416,7 +2408,7 @@ error:
*/
if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) {
fprintf(stderr, dbdelerr_fmt,
- programname, dbname, error_message(kret));
+ progname, dbname, error_message(kret));
exit_status++;
}
}
Index: src/kadmin/dbutil/kdb5_create.c
===================================================================
--- src/kadmin/dbutil/kdb5_create.c.orig
+++ src/kadmin/dbutil/kdb5_create.c
@@ -162,9 +162,6 @@ void kdb5_create(argc, argv)
int do_stash = 0;
krb5_data pwd, seed;
- if (strrchr(argv[0], '/'))
- argv[0] = strrchr(argv[0], '/')+1;
-
while ((optchar = getopt(argc, argv, "s")) != -1) {
switch(optchar) {
case 's':
@@ -193,7 +190,7 @@ void kdb5_create(argc, argv)
printf ("Loading random data\n");
retval = krb5_c_random_os_entropy (util_context, 1, NULL);
if (retval) {
- com_err (argv[0], retval, "Loading random data");
+ com_err (progname, retval, "Loading random data");
exit_status++; return;
}
@@ -203,7 +200,7 @@ void kdb5_create(argc, argv)
global_params.mkey_name,
global_params.realm,
&mkey_fullname, &master_princ))) {
- com_err(argv[0], retval, "while setting up master key name");
+ com_err(progname, retval, "while setting up master key name");
exit_status++; return;
}
@@ -229,7 +226,7 @@ master key name '%s'\n",
retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
pw_str, &pw_size);
if (retval) {
- com_err(argv[0], retval, "while reading master key from keyboard");
+ com_err(progname, retval, "while reading master key from keyboard");
exit_status++; return;
}
mkey_password = pw_str;
@@ -239,14 +236,14 @@ master key name '%s'\n",
pwd.length = strlen(mkey_password);
retval = krb5_principal2salt(util_context, master_princ, &master_salt);
if (retval) {
- com_err(argv[0], retval, "while calculating master key salt");
+ com_err(progname, retval, "while calculating master key salt");
exit_status++; return;
}
retval = krb5_c_string_to_key(util_context, master_keyblock.enctype,
&pwd, &master_salt, &master_keyblock);
if (retval) {
- com_err(argv[0], retval, "while transforming master key from password");
+ com_err(progname, retval, "while transforming master key from password");
exit_status++; return;
}
@@ -256,28 +253,28 @@ master key name '%s'\n",
seed.data = master_keyblock.contents;
if ((retval = krb5_c_random_seed(util_context, &seed))) {
- com_err(argv[0], retval, "while initializing random key generator");
+ com_err(progname, retval, "while initializing random key generator");
exit_status++; return;
}
if ((retval = krb5_db_create(util_context,
db5util_db_args))) {
- com_err(argv[0], retval, "while creating database '%s'",
+ com_err(progname, retval, "while creating database '%s'",
global_params.dbname);
exit_status++; return;
}
/* if ((retval = krb5_db_fini(util_context))) { */
-/* com_err(argv[0], retval, "while closing current database"); */
+/* com_err(progname, retval, "while closing current database"); */
/* exit_status++; return; */
/* } */
/* if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) { */
-/* com_err(argv[0], retval, "while initializing the database '%s'", */
+/* com_err(progname, retval, "while initializing the database '%s'", */
/* global_params.dbname); */
/* exit_status++; return; */
/* } */
if ((retval = add_principal(util_context, master_princ, MASTER_KEY, &rblock)) ||
(retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
(void) krb5_db_fini(util_context);
- com_err(argv[0], retval, "while adding entries to the database");
+ com_err(progname, retval, "while adding entries to the database");
exit_status++; return;
}
/*
@@ -291,7 +288,7 @@ master key name '%s'\n",
&master_keyblock,
mkey_password);
if (retval) {
- com_err(argv[0], errno, "while storing key");
+ com_err(progname, errno, "while storing key");
printf("Warning: couldn't stash master key.\n");
}
/* clean up */
Index: src/kadmin/dbutil/kdb5_util.c
===================================================================
--- src/kadmin/dbutil/kdb5_util.c.orig
+++ src/kadmin/dbutil/kdb5_util.c
@@ -186,16 +186,18 @@ int main(argc, argv)
set_com_err_hook(extended_com_err_fn);
+ /*
+ * Ensure that "progname" is set before calling com_err.
+ */
+ progname = (strrchr(argv[0], '/') ?
+ strrchr(argv[0], '/') + 1 : argv[0]);
+
retval = kadm5_init_krb5_context(&util_context);
if (retval) {
com_err (progname, retval, "while initializing Kerberos code");
exit(1);
}
-/* initialize_adb_error_table(); */
-
- progname = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]);
-
cmd_argv = (char **) malloc(sizeof(char *)*argc);
if (cmd_argv == NULL) {
com_err(progname, ENOMEM, "while creating sub-command arguments");
@@ -245,7 +247,7 @@ int main(argc, argv)
}
} else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
if (krb5_string_to_enctype(koptarg, &global_params.enctype))
- com_err(argv[0], 0, "%s is an invalid enctype", koptarg);
+ com_err(progname, 0, "%s is an invalid enctype", koptarg);
else
global_params.mask |= KADM5_CONFIG_ENCTYPE;
} else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
@@ -287,7 +289,7 @@ int main(argc, argv)
retval = kadm5_get_config_params(util_context, 1,
&global_params, &global_params);
if (retval) {
- com_err(argv[0], retval, "while retreiving configuration parameters");
+ com_err(progname, retval, "while retreiving configuration parameters");
exit(1);
}
@@ -300,7 +302,7 @@ int main(argc, argv)
master_keyblock.enctype = global_params.enctype;
if ((master_keyblock.enctype != ENCTYPE_UNKNOWN) &&
(!krb5_c_valid_enctype(master_keyblock.enctype))) {
- com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
+ com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
"while setting up enctype %d", master_keyblock.enctype);
}
@@ -334,13 +336,13 @@ void set_dbname(argc, argv)
if (argc < 3) {
com_err(argv[0], 0, "Too few arguments");
- com_err(argv[0], 0, "Usage: %s dbpathname realmname", argv[0]);
+ com_err(progname, 0, "Usage: %s dbpathname realmname", argv[0]);
exit_status++;
return;
}
if (dbactive) {
if ((retval = krb5_db_fini(util_context)) && retval!= KRB5_KDB_DBNOTINITED) {
- com_err(argv[0], retval, "while closing previous database");
+ com_err(progname, retval, "while closing previous database");
exit_status++;
return;
}
@@ -353,7 +355,7 @@ void set_dbname(argc, argv)
dbactive = FALSE;
}
- (void) set_dbname_help(argv[0], argv[1]);
+ (void) set_dbname_help(progname, argv[1]);
return;
}
#endif
@@ -425,6 +427,7 @@ static int open_db_and_mkey()
retval = krb5_principal2salt(util_context, master_princ, &scratch);
if (retval) {
com_err(progname, retval, "while calculated master key salt");
+ exit_status++;
return(1);
}
@@ -442,6 +445,7 @@ static int open_db_and_mkey()
if (retval) {
com_err(progname, retval,
"while transforming master key from password");
+ exit_status++;
return(1);
}
free(scratch.data);
@@ -519,7 +523,7 @@ add_random_key(argc, argv)
krb5_int32 num_keysalts = 0;
int free_keysalts;
- char *me = argv[0];
+ char *me = progname;
char *ks_str = NULL;
char *pr_str;
Index: src/kadmin/dbutil/kdb5_stash.c
===================================================================
--- src/kadmin/dbutil/kdb5_stash.c.orig
+++ src/kadmin/dbutil/kdb5_stash.c
@@ -82,19 +82,16 @@ kdb5_stash(argc, argv)
char *keyfile = 0;
krb5_context context;
- if (strrchr(argv[0], '/'))
- argv[0] = strrchr(argv[0], '/')+1;
-
retval = kadm5_init_krb5_context(&context);
if( retval )
{
- com_err(argv[0], retval, "while initializing krb5_context");
+ com_err(progname, retval, "while initializing krb5_context");
exit(1);
}
if ((retval = krb5_set_default_realm(context,
util_context->default_realm))) {
- com_err(argv[0], retval, "while setting default realm name");
+ com_err(progname, retval, "while setting default realm name");
exit(1);
}
@@ -119,10 +116,10 @@ kdb5_stash(argc, argv)
if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
char tmp[32];
if (krb5_enctype_to_string(master_keyblock.enctype, tmp, sizeof(tmp)))
- com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
+ com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
"while setting up enctype %d", master_keyblock.enctype);
else
- com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, tmp);
+ com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, tmp);
exit_status++; return;
}
@@ -130,14 +127,14 @@ kdb5_stash(argc, argv)
retval = krb5_db_setup_mkey_name(context, mkey_name, realm,
&mkey_fullname, &master_princ);
if (retval) {
- com_err(argv[0], retval, "while setting up master key name");
+ com_err(progname, retval, "while setting up master key name");
exit_status++; return;
}
retval = krb5_db_open(context, db5util_db_args,
KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER);
if (retval) {
- com_err(argv[0], retval, "while initializing the database '%s'",
+ com_err(progname, retval, "while initializing the database '%s'",
dbname);
exit_status++; return;
}
@@ -148,7 +145,7 @@ kdb5_stash(argc, argv)
TRUE, FALSE, (char *) NULL,
0, &master_keyblock);
if (retval) {
- com_err(argv[0], retval, "while reading master key");
+ com_err(progname, retval, "while reading master key");
(void) krb5_db_fini(context);
exit_status++; return;
}
@@ -156,7 +153,7 @@ kdb5_stash(argc, argv)
retval = krb5_db_verify_master_key(context, master_princ,
&master_keyblock);
if (retval) {
- com_err(argv[0], retval, "while verifying master key");
+ com_err(progname, retval, "while verifying master key");
(void) krb5_db_fini(context);
exit_status++; return;
}
@@ -164,7 +161,7 @@ kdb5_stash(argc, argv)
retval = krb5_db_store_master_key(context, keyfile, master_princ,
&master_keyblock, NULL);
if (retval) {
- com_err(argv[0], errno, "while storing key");
+ com_err(progname, errno, "while storing key");
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
(void) krb5_db_fini(context);
exit_status++; return;
@@ -173,7 +170,7 @@ kdb5_stash(argc, argv)
retval = krb5_db_fini(context);
if (retval) {
- com_err(argv[0], retval, "closing database '%s'", dbname);
+ com_err(progname, retval, "closing database '%s'", dbname);
exit_status++; return;
}
Index: src/kadmin/cli/kadmin.M
===================================================================
--- src/kadmin/cli/kadmin.M.orig
+++ src/kadmin/cli/kadmin.M
@@ -206,12 +206,12 @@ Specifying "ago" in a duration may resul
creates the principal
.IR newprinc ,
prompting twice for a password. If no policy is specified with the
--policy option, and the policy named "default" exists, then that
+\-policy option, and the policy named "default" exists, then that
policy is assigned to the principal; note that the assignment of the
policy "default" only occurs automatically when a principal is first
created, so the policy "default" must already exist for the assignment
to occur. This assignment of "default" can be suppressed with the
--clearpolicy option. This command requires the
+\-clearpolicy option. This command requires the
.I add
privilege. This command has the aliases
.B addprinc
@@ -411,7 +411,7 @@ Re-enter password for principal tlyu/adm
Principal "tlyu/admin@BLEEP.COM" created.
kadmin:
-kadmin: addprinc -x dn=cn=mwm_user,o=org mwm_user
+kadmin: addprinc \-x dn=cn=mwm_user,o=org mwm_user
WARNING: no policy specified for "mwm_user@BLEEP.COM";
defaulting to no policy.
Enter password for principal mwm_user@BLEEP.COM:
@@ -639,7 +639,7 @@ sets the number of past keys kept for a
.nf
.TP
EXAMPLES:
-kadmin: add_policy -maxlife "2 days" -minlength 5 guests
+kadmin: add_policy \-maxlife "2 days" \-minlength 5 guests
kadmin:
.TP
ERRORS:
Index: src/lib/crypto/enc_provider/aes.c
===================================================================
--- src/lib/crypto/enc_provider/aes.c.orig
+++ src/lib/crypto/enc_provider/aes.c
@@ -1,3 +1,29 @@
+/*
+ * lib/crypto/enc_provider/aes.h
+ *
+ * Copyright (C) 2003, 2007 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
#include "k5-int.h"
#include "enc_provider.h"
#include "aes.h"
Index: src/lib/rpc/auth_gssapi.c
===================================================================
--- src/lib/rpc/auth_gssapi.c.orig
+++ src/lib/rpc/auth_gssapi.c
@@ -164,6 +164,11 @@ AUTH *auth_gssapi_create(
auth = (AUTH *) malloc(sizeof(*auth));
pdata = (struct auth_gssapi_data *) malloc(sizeof(*pdata));
if (auth == NULL || pdata == NULL) {
+ /* They needn't both have failed; clean up. */
+ free(auth);
+ free(pdata);
+ auth = NULL;
+ pdata = NULL;
rpc_createerr.cf_stat = RPC_SYSTEMERROR;
rpc_createerr.cf_error.re_errno = ENOMEM;
goto cleanup;
@@ -436,12 +441,14 @@ next_token:
cleanup:
PRINTF(("gssapi_create: bailing\n\n"));
-
- if (AUTH_PRIVATE(auth))
- auth_gssapi_destroy(auth);
- else if (auth)
- free(auth);
- auth = NULL;
+
+ if (auth) {
+ if (AUTH_PRIVATE(auth))
+ auth_gssapi_destroy(auth);
+ else
+ free(auth);
+ auth = NULL;
+ }
/* don't assume the caller will want to change clnt->cl_auth */
clnt->cl_auth = save_auth;
Index: src/lib/gssapi/krb5/lucid_context.c
===================================================================
--- src/lib/gssapi/krb5/lucid_context.c.orig
+++ src/lib/gssapi/krb5/lucid_context.c
@@ -231,7 +231,7 @@ make_external_lucid_ctx_v1(
&lctx->cfx_kd.ctx_key)))
goto error_out;
if (gctx->have_acceptor_subkey) {
- if ((retval = copy_keyblock_to_lucid_key(gctx->enc,
+ if ((retval = copy_keyblock_to_lucid_key(gctx->acceptor_subkey,
&lctx->cfx_kd.acceptor_subkey)))
goto error_out;
lctx->cfx_kd.have_acceptor_subkey = 1;
Index: src/lib/kadm5/str_conv.c
===================================================================
--- src/lib/kadm5/str_conv.c.orig
+++ src/lib/kadm5/str_conv.c
@@ -310,7 +310,7 @@ krb5_string_to_keysalts(string, tuplesep
septmp = ksseplist;
for (sp = strchr(kp, (int) *septmp);
*(++septmp) && !sp;
- ep = strchr(kp, (int) *septmp));
+ sp = strchr(kp, (int) *septmp));
if (sp) {
/* Separate enctype from salttype */
Index: src/lib/krb5/keytab/kt_file.c
===================================================================
--- src/lib/krb5/keytab/kt_file.c.orig
+++ src/lib/krb5/keytab/kt_file.c
@@ -53,10 +53,30 @@ typedef struct _krb5_ktfile_data {
FILE *openf; /* open file, if any. */
char iobuf[BUFSIZ]; /* so we can zap it later */
int version; /* Version number of keytab */
+ unsigned int iter_count; /* Number of active iterators */
+ long start_offset; /* Starting offset after version */
k5_mutex_t lock; /* Protect openf, version */
} krb5_ktfile_data;
/*
+ * Some limitations:
+ *
+ * If the file OPENF is left open between calls, we have an iterator
+ * active, and OPENF is opened in read-only mode. So, no changes
+ * can be made via that handle.
+ *
+ * An advisory file lock is used while the file is open. Thus,
+ * multiple handles on the same underlying file cannot be used without
+ * disrupting the locking in effect.
+ *
+ * The start_offset field is only valid if the file is open. It will
+ * almost certainly always be the same constant. It's used so that
+ * if an iterator is active, and we start another one, we don't have
+ * to seek back to the start and re-read the version number to set
+ * the position for the iterator.
+ */
+
+/*
* Macros
*/
#define KTPRIVATE(id) ((krb5_ktfile_data *)(id)->data)
@@ -64,6 +84,8 @@ typedef struct _krb5_ktfile_data {
#define KTFILEP(id) (((krb5_ktfile_data *)(id)->data)->openf)
#define KTFILEBUFP(id) (((krb5_ktfile_data *)(id)->data)->iobuf)
#define KTVERSION(id) (((krb5_ktfile_data *)(id)->data)->version)
+#define KTITERS(id) (((krb5_ktfile_data *)(id)->data)->iter_count)
+#define KTSTARTOFF(id) (((krb5_ktfile_data *)(id)->data)->start_offset)
#define KTLOCK(id) k5_mutex_lock(&((krb5_ktfile_data *)(id)->data)->lock)
#define KTUNLOCK(id) k5_mutex_unlock(&((krb5_ktfile_data *)(id)->data)->lock)
#define KTCHECKLOCK(id) k5_mutex_assert_locked(&((krb5_ktfile_data *)(id)->data)->lock)
@@ -208,6 +230,7 @@ krb5_ktfile_resolve(krb5_context context
(void) strcpy(data->name, name);
data->openf = 0;
data->version = 0;
+ data->iter_count = 0;
(*id)->data = (krb5_pointer)data;
(*id)->magic = KV5M_KEYTAB;
@@ -255,15 +278,27 @@ krb5_ktfile_get_entry(krb5_context conte
int found_wrong_kvno = 0;
krb5_boolean similar;
int kvno_offset = 0;
+ int was_open;
kerror = KTLOCK(id);
if (kerror)
return kerror;
- /* Open the keyfile for reading */
- if ((kerror = krb5_ktfileint_openr(context, id))) {
- KTUNLOCK(id);
- return(kerror);
+ if (KTFILEP(id) != NULL) {
+ was_open = 1;
+
+ if (fseek(KTFILEP(id), KTSTARTOFF(id), SEEK_SET) == -1) {
+ KTUNLOCK(id);
+ return errno;
+ }
+ } else {
+ was_open = 0;
+
+ /* Open the keyfile for reading */
+ if ((kerror = krb5_ktfileint_openr(context, id))) {
+ KTUNLOCK(id);
+ return(kerror);
+ }
}
/*
@@ -370,12 +405,13 @@ krb5_ktfile_get_entry(krb5_context conte
kerror = KRB5_KT_NOTFOUND;
}
if (kerror) {
- (void) krb5_ktfileint_close(context, id);
+ if (was_open == 0)
+ (void) krb5_ktfileint_close(context, id);
KTUNLOCK(id);
krb5_kt_free_entry(context, &cur_entry);
return kerror;
}
- if ((kerror = krb5_ktfileint_close(context, id)) != 0) {
+ if (was_open == 0 && (kerror = krb5_ktfileint_close(context, id)) != 0) {
KTUNLOCK(id);
krb5_kt_free_entry(context, &cur_entry);
return kerror;
@@ -430,18 +466,30 @@ krb5_ktfile_start_seq_get(krb5_context c
if (retval)
return retval;
- if ((retval = krb5_ktfileint_openr(context, id))) {
- KTUNLOCK(id);
- return retval;
+ if (KTITERS(id) == 0) {
+ if ((retval = krb5_ktfileint_openr(context, id))) {
+ KTUNLOCK(id);
+ return retval;
+ }
}
if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) {
- krb5_ktfileint_close(context, id);
+ if (KTITERS(id) == 0)
+ krb5_ktfileint_close(context, id);
KTUNLOCK(id);
return ENOMEM;
}
- *fileoff = ftell(KTFILEP(id));
+ *fileoff = KTSTARTOFF(id);
*cursorp = (krb5_kt_cursor)fileoff;
+ KTITERS(id)++;
+ if (KTITERS(id) == 0) {
+ /* Wrapped?! */
+ KTITERS(id)--;
+ KTUNLOCK(id);
+ krb5_set_error_message(context, KRB5_KT_IOERR,
+ "Too many keytab iterators active");
+ return KRB5_KT_IOERR; /* XXX */
+ }
KTUNLOCK(id);
return 0;
@@ -490,7 +538,11 @@ krb5_ktfile_end_get(krb5_context context
krb5_xfree(*cursor);
KTLOCK(id);
- kerror = krb5_ktfileint_close(context, id);
+ KTITERS(id)--;
+ if (KTFILEP(id) != NULL && KTITERS(id) == 0)
+ kerror = krb5_ktfileint_close(context, id);
+ else
+ kerror = 0;
KTUNLOCK(id);
return kerror;
}
@@ -811,6 +863,7 @@ krb5_ktfile_wresolve(krb5_context contex
(void) strcpy(data->name, name);
data->openf = 0;
data->version = 0;
+ data->iter_count = 0;
(*id)->data = (krb5_pointer)data;
(*id)->magic = KV5M_KEYTAB;
@@ -830,6 +883,13 @@ krb5_ktfile_add(krb5_context context, kr
retval = KTLOCK(id);
if (retval)
return retval;
+ if (KTFILEP(id)) {
+ /* Iterator(s) active -- no changes. */
+ KTUNLOCK(id);
+ krb5_set_error_message(context, KRB5_KT_IOERR,
+ "Cannot change keytab with keytab iterators active");
+ return KRB5_KT_IOERR; /* XXX */
+ }
if ((retval = krb5_ktfileint_openw(context, id))) {
KTUNLOCK(id);
return retval;
@@ -858,6 +918,13 @@ krb5_ktfile_remove(krb5_context context,
kerror = KTLOCK(id);
if (kerror)
return kerror;
+ if (KTFILEP(id)) {
+ /* Iterator(s) active -- no changes. */
+ KTUNLOCK(id);
+ krb5_set_error_message(context, KRB5_KT_IOERR,
+ "Cannot change keytab with keytab iterators active");
+ return KRB5_KT_IOERR; /* XXX */
+ }
if ((kerror = krb5_ktfileint_openw(context, id))) {
KTUNLOCK(id);
@@ -1114,6 +1181,7 @@ krb5_ktfileint_open(krb5_context context
return KRB5_KEYTAB_BADVNO;
}
}
+ KTSTARTOFF(id) = ftell(KTFILEP(id));
return 0;
}
@@ -1424,7 +1492,7 @@ krb5_ktfileint_write_entry(krb5_context
krb5_timestamp timestamp;
krb5_int32 princ_type;
krb5_int32 size_needed;
- krb5_int32 commit_point;
+ krb5_int32 commit_point = -1;
int i;
KTCHECKLOCK(id);
Index: src/lib/krb5/os/toffset.c
===================================================================
--- src/lib/krb5/os/toffset.c.orig
+++ src/lib/krb5/os/toffset.c
@@ -34,6 +34,9 @@
* routines will return the correct time as corrected by difference
* between the system time and the "real time" as passed to this
* routine
+ *
+ * If the real time microseconds are given as -1 the caller doesn't
+ * know the microseconds value so the usec offset is always zero.
*/
krb5_error_code KRB5_CALLCONV
krb5_set_real_time(krb5_context context, krb5_timestamp seconds, krb5_int32 microseconds)
@@ -45,8 +48,10 @@ krb5_set_real_time(krb5_context context,
retval = krb5_crypto_us_timeofday(&sec, &usec);
if (retval)
return retval;
+
os_ctx->time_offset = seconds - sec;
- os_ctx->usec_offset = microseconds - usec;
+ os_ctx->usec_offset = (microseconds > -1) ? microseconds - usec : 0;
+
os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
KRB5_OS_TOFFSET_VALID);
return 0;
Index: src/lib/krb5/os/locate_kdc.c
===================================================================
--- src/lib/krb5/os/locate_kdc.c.orig
+++ src/lib/krb5/os/locate_kdc.c
@@ -611,6 +611,7 @@ module_locate_server (krb5_context ctx,
krb5_error_code code;
struct krb5plugin_service_locate_ftable *vtbl = NULL;
void **ptrs;
+ char *realmz; /* NUL-terminated realm */
int i;
struct module_callback_data cbdata = { 0, };
@@ -632,6 +633,17 @@ module_locate_server (krb5_context ctx,
return KRB5_PLUGIN_NO_HANDLE;
}
+ if (realm->length >= UINT_MAX) {
+ krb5int_free_plugin_dir_data(ptrs);
+ return ENOMEM;
+ }
+ realmz = malloc(realm->length + 1);
+ if (realmz == NULL) {
+ krb5int_free_plugin_dir_data(ptrs);
+ return ENOMEM;
+ }
+ memcpy(realmz, realm->data, realm->length);
+ realmz[realm->length] = '\0';
for (i = 0; ptrs[i]; i++) {
void *blob;
@@ -644,7 +656,7 @@ module_locate_server (krb5_context ctx,
if (code)
continue;
- code = vtbl->lookup(blob, svc, realm->data, socktype, family,
+ code = vtbl->lookup(blob, svc, realmz, socktype, family,
module_callback, &cbdata);
vtbl->fini(blob);
if (code == KRB5_PLUGIN_NO_HANDLE) {
@@ -657,6 +669,7 @@ module_locate_server (krb5_context ctx,
/* Module encountered an actual error. */
Tprintf("plugin lookup routine returned error %d: %s\n",
code, error_message(code));
+ free(realmz);
krb5int_free_plugin_dir_data (ptrs);
return code;
}
@@ -664,6 +677,7 @@ module_locate_server (krb5_context ctx,
}
if (ptrs[i] == NULL) {
Tprintf("ran off end of plugin list\n");
+ free(realmz);
krb5int_free_plugin_dir_data (ptrs);
return KRB5_PLUGIN_NO_HANDLE;
}
@@ -672,6 +686,7 @@ module_locate_server (krb5_context ctx,
/* Got something back, yippee. */
Tprintf("now have %d addrs in list %p\n", addrlist->naddrs, addrlist);
print_addrlist(addrlist);
+ free(realmz);
krb5int_free_plugin_dir_data (ptrs);
return 0;
}
Index: src/lib/krb5/rcache/rc_io.c
===================================================================
--- src/lib/krb5/rcache/rc_io.c.orig
+++ src/lib/krb5/rcache/rc_io.c
@@ -83,6 +83,7 @@ krb5_rc_io_creat(krb5_context context, k
(void) strcpy(d->fn, dir);
(void) strcat(d->fn, PATH_SEPARATOR);
(void) strcat(d->fn, *fn);
+ unlink(d->fn);
d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL |
O_BINARY, 0600);
}
@@ -425,7 +426,7 @@ krb5_rc_io_read(krb5_context context, kr
strerror(errno));
return KRB5_RC_IO_UNKNOWN;
}
- if (count == 0)
+ if (count != num)
return KRB5_RC_IO_EOF;
return 0;
}
Index: src/lib/krb5/ccache/cc_memory.c
===================================================================
--- src/lib/krb5/ccache/cc_memory.c.orig
+++ src/lib/krb5/ccache/cc_memory.c
@@ -135,10 +135,18 @@ krb5_error_code KRB5_CALLCONV
krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
{
krb5_error_code ret;
+ krb5_mcc_data *d;
+
+ d = (krb5_mcc_data *)id->data;
+ ret = k5_mutex_lock(&d->lock);
+ if (ret)
+ return ret;
krb5_mcc_free(context, id);
ret = krb5_copy_principal(context, princ,
&((krb5_mcc_data *)id->data)->prin);
+
+ k5_mutex_unlock(&d->lock);
if (ret == KRB5_OK)
krb5_change_cache();
return ret;
@@ -205,8 +213,13 @@ krb5_mcc_destroy(krb5_context context, k
}
k5_mutex_unlock(&krb5int_mcc_mutex);
+ err = k5_mutex_lock(&d->lock);
+ if (err)
+ return err;
+
krb5_mcc_free(context, id);
krb5_xfree(d->name);
+ k5_mutex_unlock(&d->lock);
k5_mutex_destroy(&d->lock);
krb5_xfree(d);
krb5_xfree(id);
@@ -244,12 +257,6 @@ krb5_mcc_resolve (krb5_context context,
krb5_error_code err;
krb5_mcc_data *d;
- lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
- if (lid == NULL)
- return KRB5_CC_NOMEM;
-
- lid->ops = &krb5_mcc_ops;
-
err = k5_mutex_lock(&krb5int_mcc_mutex);
if (err)
return err;
@@ -262,11 +269,16 @@ krb5_mcc_resolve (krb5_context context,
err = new_mcc_data(residual, &d);
if (err) {
k5_mutex_unlock(&krb5int_mcc_mutex);
- krb5_xfree(lid);
return err;
}
}
k5_mutex_unlock(&krb5int_mcc_mutex);
+
+ lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
+ if (lid == NULL)
+ return KRB5_CC_NOMEM;
+
+ lid->ops = &krb5_mcc_ops;
lid->data = d;
*id = lid;
return KRB5_OK;
Index: src/lib/krb5/ccache/ccdefault.c
===================================================================
--- src/lib/krb5/ccache/ccdefault.c.orig
+++ src/lib/krb5/ccache/ccdefault.c
@@ -1,7 +1,7 @@
/*
* lib/krb5/ccache/ccdefault.c
*
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990, 2007, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -45,22 +45,30 @@ static HANDLE hLeashDLL = INVALID_HANDLE
krb5_error_code KRB5_CALLCONV
krb5_cc_default(krb5_context context, krb5_ccache *ccache)
{
- krb5_os_context os_ctx;
+ const char *default_name;
if (!context || context->magic != KV5M_CONTEXT)
return KV5M_CONTEXT;
+
+ default_name = krb5_cc_default_name(context);
+ if (default_name == NULL) {
+ /* Could be a bogus context, or an allocation failure, or
+ other things. Unfortunately the API doesn't allow us
+ to find out any specifics. */
+ return KRB5_FCC_INTERNAL;
+ }
- os_ctx = context->os_context;
-
- return krb5_cc_resolve(context, krb5_cc_default_name(context), ccache);
+ return krb5_cc_resolve(context, default_name, ccache);
}
-/* This is the internal function which opens the default ccache. On platforms supporting
- the login library's automatic popup dialog to get tickets, this function also updated the
- library's internal view of the current principal associated with this cache.
-
- All krb5 and GSS functions which need to open a cache to get a tgt to obtain service tickets
- should call this function, not krb5_cc_default() */
+/* This is the internal function which opens the default ccache. On
+ platforms supporting the login library's automatic popup dialog to
+ get tickets, this function also updated the library's internal view
+ of the current principal associated with this cache.
+
+ All krb5 and GSS functions which need to open a cache to get a tgt
+ to obtain service tickets should call this function, not
+ krb5_cc_default(). */
krb5_error_code KRB5_CALLCONV
krb5int_cc_default(krb5_context context, krb5_ccache *ccache)
@@ -82,7 +90,8 @@ krb5int_cc_default(krb5_context context,
/* This function tries to get tickets and put them in the specified
cache, however, if the cache does not exist, it may choose to put
them elsewhere (ie: the system default) so we set that here */
- if (strcmp (krb5_cc_default_name (context), outCacheName) != 0) {
+ char * ccdefname = krb5_cc_default_name (context);
+ if (!ccdefname || strcmp (ccdefname, outCacheName) != 0) {
krb5_cc_set_default_name (context, outCacheName);
}
KLDisposeString (outCacheName);
@@ -102,7 +111,8 @@ krb5int_cc_default(krb5_context context,
char ccname[256]="";
pLeash_AcquireInitialTicketsIfNeeded(context, NULL, ccname, sizeof(ccname));
if (ccname[0]) {
- if (strcmp (krb5_cc_default_name (context),ccname) != 0) {
+ char * ccdefname = krb5_cc_default_name (context);
+ if (!ccdefname || strcmp (ccdefname, ccname) != 0) {
krb5_cc_set_default_name (context, ccname);
}
}
Index: src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- src/lib/krb5/krb/get_in_tkt.c.orig
+++ src/lib/krb5/krb/get_in_tkt.c
@@ -290,7 +290,7 @@ verify_as_reply(krb5_context context,
if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) {
retval = krb5_set_real_time(context,
- as_reply->enc_part2->times.authtime, 0);
+ as_reply->enc_part2->times.authtime, -1);
if (retval)
return retval;
} else {
Index: src/lib/krb5/krb/rd_safe.c
===================================================================
--- src/lib/krb5/krb/rd_safe.c.orig
+++ src/lib/krb5/krb/rd_safe.c
@@ -1,7 +1,7 @@
/*
* lib/krb5/krb/rd_safe.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -114,11 +114,11 @@ krb5_rd_safe_basic(krb5_context context,
message->checksum = &our_cksum;
- if ((retval = encode_krb5_safe_with_body(message, &safe_body, &scratch)))
+ retval = encode_krb5_safe_with_body(message, &safe_body, &scratch);
+ message->checksum = his_cksum;
+ if (retval)
goto cleanup;
- message->checksum = his_cksum;
-
retval = krb5_c_verify_checksum(context, keyblock,
KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
scratch, his_cksum, &valid);
Index: src/lib/krb5/krb/gc_via_tkt.c
===================================================================
--- src/lib/krb5/krb/gc_via_tkt.c.orig
+++ src/lib/krb5/krb/gc_via_tkt.c
@@ -1,7 +1,7 @@
/*
* lib/krb5/krb/gc_via_tgt.c
*
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -100,6 +100,7 @@ cleanup_keyblock:
cleanup:
free (*ppcreds);
+ *ppcreds = NULL;
return retval;
}
@@ -249,7 +250,8 @@ krb5_get_cred_via_tkt (krb5_context cont
switch (err_reply->error) {
case KRB_ERR_GENERIC:
krb5_set_error_message(context, retval,
- "KDC returned error string: %s",
+ "KDC returned error string: %.*s",
+ err_reply->text.length,
err_reply->text.data);
break;
default:
Index: src/slave/kpropd.M
===================================================================
--- src/slave/kpropd.M.orig
+++ src/slave/kpropd.M
@@ -122,7 +122,7 @@ mode.
.TP
.B \-a
allows the user to specify the path to the
-.KR kpropd.acl
+kpropd.acl
file; by default the path used is KPROPD_ACL_FILE
(normally @manlocalstatedir@/krb5kdc/kpropd.acl).
.SH FILES
Index: src/util/depfix.pl
===================================================================
--- src/util/depfix.pl.orig
+++ src/util/depfix.pl
@@ -214,6 +214,7 @@ my $buf = '';
while (<STDIN>) {
# Strip newline.
chop;
+ next if /^\s*#/;
# Do directory-specific path substitutions on each filename read.
$_ = &do_subs($_);
if (m/\\$/) {
Index: src/util/profile/prof_init.c
===================================================================
--- src/util/profile/prof_init.c.orig
+++ src/util/profile/prof_init.c
@@ -34,8 +34,11 @@ profile_init(const_profile_filespec_t *f
memset(profile, 0, sizeof(struct _profile_t));
profile->magic = PROF_MAGIC_PROFILE;
- /* if the filenames list is not specified return an empty profile */
- if ( files ) {
+ /*
+ * If the filenames list is not specified or empty, return an empty
+ * profile.
+ */
+ if ( files && !PROFILE_LAST_FILESPEC(*files) ) {
for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) {
retval = profile_open_file(*fs, &new_file);
/* if this file is missing, skip to the next */
Index: src/kdc/network.c
===================================================================
--- src/kdc/network.c (Revision 20580)
+++ src/kdc/network.c (Revision 20587)
@@ -277,6 +277,12 @@
struct connection *newconn;
void *tmp;
+ if (sock > FD_SETSIZE) {
+ data->retval = EMFILE; /* XXX */
+ com_err(data->prog, 0,
+ "file descriptor number %d too high", sock);
+ return 0;
+ }
newconn = malloc(sizeof(*newconn));
if (newconn == 0) {
data->retval = errno;
@@ -360,6 +366,12 @@
paddr(addr));
return -1;
}
+ if (sock > FD_SETSIZE) {
+ close(sock);
+ com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high",
+ sock, paddr(addr));
+ return -1;
+ }
if (setreuseaddr(sock, 1) < 0)
com_err(data->prog, errno,
"Cannot enable SO_REUSEADDR on fd %d", sock);
@@ -791,6 +803,10 @@
s = accept(conn->fd, addr, &addrlen);
if (s < 0)
return;
+ if (s > FD_SETSIZE) {
+ close(s);
+ return;
+ }
setnbio(s), setnolinger(s);
sockdata.prog = prog;
Index: src/lib/gssapi/krb5/accept_sec_context.c
===================================================================
--- src/lib/gssapi/krb5/accept_sec_context.c (Revision 20580)
+++ src/lib/gssapi/krb5/accept_sec_context.c (Revision 20587)
@@ -1,5 +1,5 @@
/*
- * Copyright 2000, 2004 by the Massachusetts Institute of Technology.
+ * Copyright 2000, 2004, 2008 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
@@ -249,6 +249,7 @@
krb5_data option;
const gss_OID_desc *mech_used = NULL;
OM_uint32 major_status = GSS_S_FAILURE;
+ OM_uint32 tmp_minor_status;
krb5_error krb_error_data;
krb5_data scratch;
gss_cred_id_t cred_handle = NULL;
@@ -903,13 +904,14 @@
if (!GSS_ERROR(major_status) && major_status != GSS_S_CONTINUE_NEEDED) {
ctx->k5_context = context;
- return(major_status);
+ context = NULL;
+ goto done;
}
/* from here on is the real "fail" code */
if (ctx)
- (void) krb5_gss_delete_sec_context(minor_status,
+ (void) krb5_gss_delete_sec_context(&tmp_minor_status,
(gss_ctx_id_t *) &ctx, NULL);
if (deleg_cred) { /* free memory associated with the deleg credential */
if (deleg_cred->ccache)
@@ -936,10 +938,9 @@
if (decode_req_message) {
krb5_ap_req * request;
- if (decode_krb5_ap_req(&ap_req, &request)) {
- krb5_free_context(context);
- return (major_status);
- }
+ if (decode_krb5_ap_req(&ap_req, &request))
+ goto done;
+
if (request->ap_options & AP_OPTS_MUTUAL_REQUIRED)
gss_flags |= GSS_C_MUTUAL_FLAG;
krb5_free_ap_req(context, request);
@@ -967,20 +968,16 @@
krb_error_data.server = cred->princ;
code = krb5_mk_error(context, &krb_error_data, &scratch);
- if (code) {
- krb5_free_context(context);
- return (major_status);
- }
+ if (code)
+ goto done;
tmsglen = scratch.length;
toktype = KG_TOK_CTX_ERROR;
token.length = g_token_size(mech_used, tmsglen);
token.value = (unsigned char *) xmalloc(token.length);
- if (!token.value) {
- krb5_free_context(context);
- return (major_status);
- }
+ if (!token.value)
+ goto done;
ptr = token.value;
g_make_token_header(mech_used, tmsglen, &ptr, toktype);
@@ -990,9 +987,13 @@
*output_token = token;
}
+
+ done:
if (!verifier_cred_handle && cred_handle) {
- krb5_gss_release_cred(minor_status, &cred_handle);
+ krb5_gss_release_cred(&tmp_minor_status, &cred_handle);
}
- krb5_free_context(context);
+ if (context) {
+ krb5_free_context(context);
+ }
return (major_status);
}
Index: src/lib/comerr32.def
===================================================================
--- src/lib/comerr32.def (Revision 20580)
+++ src/lib/comerr32.def (Revision 20587)
@@ -3,10 +3,10 @@
HEAPSIZE 8192
EXPORTS
- com_err
- com_err_va
- error_message
- add_error_table
- remove_error_table
- set_com_err_hook
- reset_com_err_hook
+ com_err @2
+ com_err_va @3
+ error_message @4
+ add_error_table @1
+ remove_error_table @5
+ set_com_err_hook @6
+ reset_com_err_hook @7
Index: src/lib/kadm5/srv/svr_principal.c
===================================================================
--- src/lib/kadm5/srv/svr_principal.c (Revision 20580)
+++ src/lib/kadm5/srv/svr_principal.c (Revision 20587)
@@ -2099,7 +2099,8 @@
* inexact match on the enctype; this behavior will go away when
* the key storage architecture gets redesigned for 1.3.
*/
- keyblock->enctype = ktype;
+ if (ktype != -1)
+ keyblock->enctype = ktype;
if (kvnop)
*kvnop = key_data->key_data_kvno;
Index: src/lib/krb5/os/sendto_kdc.c
===================================================================
--- src/lib/krb5/os/sendto_kdc.c (Revision 20580)
+++ src/lib/krb5/os/sendto_kdc.c (Revision 20587)
@@ -654,6 +654,12 @@
dprint("socket: %m creating with af %d\n", state->err, ai->ai_family);
return -1; /* try other hosts */
}
+ if (fd >= FD_SETSIZE) {
+ close(fd);
+ state->err = EMFILE;
+ dprint("socket: fd %d too high\n", fd);
+ return -1;
+ }
/* Make it non-blocking. */
if (ai->ai_socktype == SOCK_STREAM) {
static const int one = 1;
View Git Blame Copy Permalink