Commit Graph

29154 Commits

Author SHA1 Message Date
Love Hornquist Astrand
4e40f3e30f Make a memory copy of the keytab to avoid unbuffered krb5_storage
300req/s faster (20% performance increase)
2012-12-27 12:40:40 +01:00
Love Hornquist Astrand
dff11de56b use new plugin system for locate kdc plugins (30 as-req/s faster for kdc-tester on MacBookAir5,2) 2012-12-27 12:23:29 +01:00
Love Hornquist Astrand
ee068eaf21 note about = 2012-12-27 12:03:17 +01:00
Roland C. Dowdeswell
7f5a628dc9 Optimise _krb5_n_fold() a bit.
All in lib/krb5/n-fold.c:

       1.  eliminate malloc/free from rr13() because it is always a
	   buffer of the same size called in a tight loop.

       2.  eliminate memcpy(3) from rr13() by bouncing back and forth
	   between two buffers buf1, buf2 instead of performing the
	   calculation into a tmp buffer and memcpy(3)ing the result
	   back into buf.

       3.  eliminate code cases from rr13() that I can visually determine
	   will never occur but I'm guessing that the compiler can't, i.e.

	       i.   now that we're no longer using malloc(3), rr13()
		    cannot fail, so make it void and avoid the if in
		    the calling routine checking its error code.  In
		    case you ask, yes, this made the tests run a little
		    faster,

	       ii.  rr13() has code for being passed a number of bits
		    not divisble by 8 but _krb5_n_fold() only passes
		    an int * 8.	 So, we eliminate this conditional and
		    the associated code.

       4.  we make rr13() take 2 destination buffers and copy the results
	   into both of them, we use this to eliminate another memcpy(3)
	   from the calling routine.  This appears to make it a bit faster
	   as well.
2012-12-25 13:49:03 +08:00
Roland C. Dowdeswell
ce5c231b23 Allow krb5_verify_init_creds() to take NULL opt arg.
Without dereferencing it.  krb5_verify_init_creds_opt * to be
precise.
2012-12-22 00:23:18 +08:00
Love Hornquist Astrand
087c859db6 add socket_set_nonblocking 2012-12-20 12:03:54 +01:00
Love Hornquist Astrand
6a442d5df9 guess that this is how arcfour prf works 2012-12-10 12:39:23 -08:00
Love Hornquist Astrand
71bd63639f use productbuild 2012-12-10 12:39:23 -08:00
Kumar Thangavelu
0cc458463d unning "kinit --fast-armor-cache=xxx" against a Win2K3 domain resulted in a crash with the attached backtrace. FAST is not supported with RC4 keys which are used in Win2K3. The code already handles this but the error code is not propagated up the stack.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2012-12-09 15:22:55 -08:00
Roland C. Dowdeswell
1b5b82183c In lib/hx509/cert.c, fix cases where errors are returned as certs.
In both hx509_cert_init() and hx509_cert_init_data(), there is an
output parameter for the error code but there are cases where the
error is used as a return value instead of the specified hx509_cert.
We fix these issues.  We also check if error is non-NULL and only
set the error in this case, allowing the functions to be called
with error == NULL without segfault.
2012-12-03 14:12:52 +08:00
Roland C. Dowdeswell
27dd8621fb Remove a couple of NULL deferences in lib/krb5/get_cred.c. 2012-12-03 14:10:12 +08:00
Love Hornquist Astrand
f97f15a86c bound len 2012-11-27 22:01:37 -08:00
Love Hornquist Astrand
039b1941ea do chdir("/") after chroot() 2012-11-27 21:58:06 -08:00
Love Hornquist Astrand
237ac68bb0 don't write out stack data in reply file 2012-11-27 21:58:06 -08:00
Love Hornquist Astrand
50055fe3c4 bound data returned to size of buffer 2012-11-27 21:58:06 -08:00
Love Hornquist Astrand
764e701e2d try to unconfuse coverity 2012-11-27 21:58:05 -08:00
Love Hornquist Astrand
60472d48ea set vno to unconfuse coverity 2012-11-27 21:58:05 -08:00
Love Hornquist Astrand
c979a356f7 uninited memory free 2012-11-27 21:58:05 -08:00
Love Hornquist Astrand
b0ed05395a tell coverity that principal returns an allocated pointer 2012-11-27 21:58:05 -08:00
Love Hornquist Astrand
0570fbf9fd don't double free fd 2012-11-27 21:58:05 -08:00
Love Hornquist Astrand
c12dc3fa9d tell coverity that ret_princ returns an allocated pointer 2012-11-27 21:58:05 -08:00
Love Hornquist Astrand
ed87e9b33a use after free 2012-11-27 21:58:04 -08:00
Love Hornquist Astrand
353ac10863 fix use after free 2012-11-27 21:58:04 -08:00
Love Hörnquist Åstrand
6294c36526 avoid -Wshadow 2012-11-22 17:27:21 -08:00
Dana Koch
a95cae113d Fix typo with return values in realloc_descrs.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2012-11-22 17:24:40 -08:00
Love Hörnquist Åstrand
9ad763288d fix -Wshadow 2012-11-17 14:14:52 -08:00
Love Hörnquist Åstrand
6d783560e4 fix sizeof(uuid) 2012-11-17 14:13:54 -08:00
Love Hörnquist Åstrand
1c17814e6f fix memset 2012-11-17 14:12:22 -08:00
Dana Koch
3f71aca591 If multiple accept's happen during a select, make sure it gets stored correctly, and does not clobber an existing open descriptor.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2012-11-17 14:07:59 -08:00
Roland C. Dowdeswell
3ea8da179a Fix renewal/refresh logic when kinit is provided with a command.
1.  in ticket_lifetime() calculate the remaining lifetime
	    of the ticket rather than the requested lifetime.

	2.  in renew_func(), attempt to renew if the tickets are
	    renewable rather than only if --renewable is specified.

	3.  fix the call to renew_validate() in renew_func() to
	    specify renewable tickets if the original tickets are
	    renewable rather than only if --renewable is specified.

	4.  stop printing constant warnings to the terminal about
	    how tickets cannot be obtained if they expire, cannot
	    be renewed and we can't non-interactively obtain fresh
	    ones.  We limit it to a single warning.

	5.  after the tickets expire, we backoff the requests to
	    obtain fresh tickets exponentially.
2012-10-17 01:32:43 +08:00
Magnus Ahltorp
7d4b6c3d4d Capture return value from __sync_add_and_fetch in the test
__sync_add_and_fetch is treated as a built in function by the compiler if the return value is not used (as in the autoconf test), but it is treated as a regular function when the return value is used

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2012-10-15 09:18:34 -07:00
Love Hörnquist Åstrand
f25c6000fa Merge pull request #21 from hyc/mdb2
Add support for OpenLDAP libmdb
2012-10-07 18:54:53 -07:00
Howard Chu
9f95207933 Add support for OpenLDAP libmdb 2012-10-07 16:47:45 -07:00
Love Hornquist Astrand
47c71b5971 rename KRB5_PLUGIN_KUSEROK since kuserok is a little bit too common 2012-10-07 11:28:28 -07:00
Love Hornquist Astrand
b45e4a6f98 require version >= 0 2012-10-07 11:13:17 -07:00
Love Hornquist Astrand
4ebfd6b818 make sure logs are truncated 2012-10-07 11:11:17 -07:00
Love Hornquist Astrand
c707016669 scan whole logfile 2012-10-07 11:06:29 -07:00
Love Hornquist Astrand
029de6cfa4 pass back an heim_error from hx509_cert_init 2012-10-07 06:33:13 -07:00
Love Hornquist Astrand
216bfa564d rename mdb to mitdb 2012-10-06 15:38:56 -07:00
Love Hornquist Astrand
65107e39ee fixup error messages 2012-10-01 09:54:13 -07:00
Love Hornquist Astrand
0a237dc778 don't use free'd string 2012-10-01 09:53:52 -07:00
Love Hornquist Astrand
d9aa1ff496 use configuration for db-dir 2012-10-01 09:50:46 -07:00
Love Hornquist Astrand
703ae0e22d add db-dir 2012-10-01 09:50:32 -07:00
Love Hornquist Astrand
baf748fb8e catch better slave message now that iprop is more verbose 2012-10-01 09:36:11 -07:00
Marco Molteni
8cc9326f64 Document some GSS-API functions and fix some spelling errors. No code changes.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2012-09-27 14:26:29 -07:00
Stef Walter
b0b94a445a Add pkg-config files for krb5 libraries
* These can be used along side krb5-config

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2012-09-27 14:00:49 -07:00
Love Hornquist Astrand
9ba23d7da8 guess some code for SUN_PROC_POINT 2012-09-24 21:28:04 -07:00
Love Hornquist Astrand
db85d0998e include <stddef.h> so that we have a size_t
from metanest and https://github.com/heimdal/heimdal/issues/15
2012-09-23 10:56:16 -07:00
Love Hornquist Astrand
8fb0c019ec use Getopt::Std, patch original from Leonardo <rnalrd@gmail.com>, updated by me 2012-09-23 10:41:34 -07:00
Love Hornquist Astrand
846f6e0e7b always produce a signature that is the size of the modulus 2012-09-11 20:45:43 -07:00