7 files changed, 55 insertions, 33 deletions

diff --git a/src/clients/kinit/ChangeLog b/src/clients/kinit/ChangeLog
index 802ab3e..bf365e0 100644
--- a/src/clients/kinit/ChangeLog
+++ b/src/clients/kinit/ChangeLog
@@ -1,3 +1,18 @@
+2003-08-01  Tom Yu  <tlyu@mit.edu>
+
+	* kinit.c (main): Apply patch from Stephen Grau to correctly
+	return non-zero for certain error conditions.
+
+2003-05-29  Ken Raeburn  <raeburn@mit.edu>
+
+	* kinit.c (KRB4_BACKUP_DEFAULT_LIFE_SECS): Update to one day.
+
+2003-05-23  Ken Raeburn  <raeburn@mit.edu>
+
+	* Makefile.in (kinit): Don't use krb524 library.
+	* kinit.c: Don't include krb524.h.
+	(try_convert524): Don't call krb524_init_ets.
+
 2002-11-05  Tom Yu  <tlyu@mit.edu>
 
 	* kinit.c (k4_kinit): Remove trailing colon, as new implementation
diff --git a/src/clients/kinit/Makefile.in b/src/clients/kinit/Makefile.in
index d7d5b95..1d2a6e4 100644
--- a/src/clients/kinit/Makefile.in
+++ b/src/clients/kinit/Makefile.in
@@ -13,8 +13,8 @@ all-unix:: kinit
 all-windows:: $(OUTPRE)kinit.exe
 all-mac::
 
-kinit: kinit.o $(KRB4COMPAT_DEPLIBS) $(KRB524_DEPLIB)
-	$(CC_LINK) -o $@ kinit.o $(KRB524_LIB) $(KRB4COMPAT_LIBS)
+kinit: kinit.o $(KRB4COMPAT_DEPLIBS)
+	$(CC_LINK) -o $@ kinit.o $(KRB4COMPAT_LIBS)
 
 $(OUTPRE)kinit.exe: $(OUTPRE)kinit.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib $(KLIB) $(CLIB)
 	link $(EXE_LINKOPTS) -out:$@ $** advapi32.lib
diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c
index 740b030..422c87d 100644
--- a/src/clients/kinit/kinit.c
+++ b/src/clients/kinit/kinit.c
@@ -55,10 +55,6 @@ extern int getopt();
 #endif /* HAVE_UNISTD_H */
 #endif /* GETOPT_LONG */
 
-#ifdef HAVE_KRB524
-#include "krb524.h"
-#endif
-
 #ifndef _WIN32
 #define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/')+1 : (x))
 #else
@@ -117,7 +113,7 @@ static int default_k4 = 0;
 static int authed_k5 = 0;
 static int authed_k4 = 0;
 
-#define KRB4_BACKUP_DEFAULT_LIFE_SECS 10*60*60 /* 10 hours */
+#define KRB4_BACKUP_DEFAULT_LIFE_SECS 24*60*60 /* 1 day */
 
 typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type;
 
@@ -994,9 +990,6 @@ static int try_convert524(k5)
       initialized.
     */
 
-    /* or do this directly with krb524_convert_creds_kdc */
-    krb524_init_ets(k5->ctx);
-
     if ((code = krb5_build_principal(k5->ctx,
 				     &kpcserver, 
 				     krb5_princ_realm(k5->ctx, k5->me)->length,
@@ -1130,7 +1123,8 @@ main(argc, argv)
     k5_end(&k5);
     k4_end(&k4);
 
-    if ((got_k5 && !authed_k5) || (got_k4 && !authed_k4))
+    if ((got_k5 && !authed_k5) || (got_k4 && !authed_k4) ||
+	(!got_k5 && !got_k4))
 	exit(1);
     return 0;
 }
diff --git a/src/clients/ksu/ChangeLog b/src/clients/ksu/ChangeLog
index 44415a0..17a1dff 100644
--- a/src/clients/ksu/ChangeLog
+++ b/src/clients/ksu/ChangeLog
@@ -1,3 +1,10 @@
+2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
+
+	* heuristic.c (get_closest_principal): Don't try to examine
+	principal name components after the last.
+	* krb_auth_su.c (get_best_principal): Check principal name length
+	before examining components.
+
 2002-12-23  Ezra Peisach  <epeisach@bu.edu>
 
 	* authorization.c, heuristic.c, ksu.h: Use uid_t instead of int in
diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in
index 5669d79..88c052c 100644
--- a/src/clients/ksu/Makefile.in
+++ b/src/clients/ksu/Makefile.in
@@ -47,39 +47,43 @@ install::
 #
 $(OUTPRE)krb_auth_su.$(OBJEXT): krb_auth_su.c ksu.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/syslog.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/k5-util.h \
+  $(SRCTOP)/include/syslog.h
 $(OUTPRE)ccache.$(OBJEXT): ccache.c ksu.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/syslog.h $(SRCTOP)/include/krb5/adm_proto.h
+  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/syslog.h \
+  $(SRCTOP)/include/krb5/adm_proto.h
 $(OUTPRE)authorization.$(OBJEXT): authorization.c ksu.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/syslog.h
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/k5-util.h \
+  $(SRCTOP)/include/syslog.h
 $(OUTPRE)main.$(OBJEXT): main.c ksu.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/syslog.h $(SRCTOP)/include/krb5/adm_proto.h
+  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/syslog.h \
+  $(SRCTOP)/include/krb5/adm_proto.h
 $(OUTPRE)heuristic.$(OBJEXT): heuristic.c ksu.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/syslog.h
+  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/syslog.h
 $(OUTPRE)xmalloc.$(OBJEXT): xmalloc.c ksu.h $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/syslog.h
+  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/syslog.h
 $(OUTPRE)setenv.$(OBJEXT): setenv.c
 
diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c
index c79f943..85b94b5 100644
--- a/src/clients/ksu/heuristic.c
+++ b/src/clients/ksu/heuristic.c
@@ -364,7 +364,7 @@ krb5_error_code get_closest_principal(context, plist, client, found)
 		krb5_data *p2 =
 		    krb5_princ_component(context, temp_client, j);
 		
-		if ((p1->length != p2->length) ||
+		if (!p1 || !p2 || (p1->length != p2->length) ||
 		    memcmp(p1->data,p2->data,p1->length)){
 		    got_one = FALSE;
 		    break;
diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c
index 6e76149..8e18342 100644
--- a/src/clients/ksu/krb_auth_su.c
+++ b/src/clients/ksu/krb_auth_su.c
@@ -547,7 +547,9 @@ krb5_error_code get_best_principal(context, plist, client)
 			 krb5_princ_realm(context, temp_client)->length))){
 	    
 	    
-	    if(nelem){ 
+	    if (nelem &&
+		krb5_princ_size(context, *client) > 0 &&
+		krb5_princ_size(context, temp_client) > 0) {
 		krb5_data *p1 =
 		    krb5_princ_component(context, *client, 0);
 		krb5_data *p2 =