wshelper is clearly not intended to use unicode:
wprintf is used extensively and exclusively to write to char[] buffers and
fields in dns structs are used as explicitly ASCII text.
Kevin Wasserman [Wed, 6 Jun 2012 22:22:22 +0000 (18:22 -0400)]
KFW win-mac.h fixes
kfw: add int16_t, uint16_t typedefs to win-mac.h
uint16_t is used in chpw.c
include stdlib.h, crtdbg.h in win-mac.h
Allows leak-tracking using built-in msvc tools on windows.
crtdbg.h needs to come _after_ stdlib.h, but _before_ checking for
strdup. Define DEBUG and CRTDBG_MAP_ALLOC for full tracking.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7204 (new)
tags: pullup
Ben Kaduk [Fri, 29 Jun 2012 18:33:20 +0000 (14:33 -0400)]
Sync configure options with configure
We should try to stay coupled with the actual configure options, as
documented by 'configure --help'.
Remove an option which is no longer present and add several that
were missing.
Ben Kaduk [Fri, 29 Jun 2012 18:13:05 +0000 (14:13 -0400)]
Only list --enable-dns-for-realm once
If we list something as "commonly used", we seem to not also
list it with the rest of the options. This has the advantage
of not requiring us to remember to update two things for future
changes, but the disadvantage of requiring users to look in two
places for options. Stick with the prevailing form for now.
Ben Kaduk [Fri, 29 Jun 2012 18:10:07 +0000 (14:10 -0400)]
Sort configure options
Stick to the order of 'configure --help' for most sections, but
sort environment variables alphabetically (since, e.g.,
configure --help does not list CPPFLAGS and there is not a good
way to add that).
Note that this does not add or remove any content, even though
some options are missing/extra.
Ben Kaduk [Wed, 27 Jun 2012 18:35:30 +0000 (14:35 -0400)]
Cleanup docs for DNS lookup configure options
DNS lookups for KDCs have been unconditionally enabled in
configure since 2003; configure options only affect whether
DNS lookups are used for realm names.
Change the RST documentation of configure options to catch up.
Tom Yu [Thu, 12 Jul 2012 18:26:15 +0000 (14:26 -0400)]
Handle huge /bin directories in libdb2 test
The test suite for libdb2 uses /bin as a source of filenames and
contents for insertion into databases. Fedora 17 (and possibly other
OSes) have /bin symlinked to /usr/bin, which can vastly increase the
number of files found, exceeding some limits of the test databases.
Truncate this list of files at 100 to prevent this problem.
Tom Yu [Thu, 12 Jul 2012 03:35:44 +0000 (23:35 -0400)]
Always recreate acl files during dejagnu tests
The dejagnu tests create some persistent acl files containing
hostname-derived principal names. These can get out of date if the
host has changed names since the last time the dejagnu tests were run,
causing failures (notably in iprop.exp). To avoid this problem,
change the dejagnu tests to always create new acl files for each test
run.
Kevin Wasserman [Sun, 6 May 2012 19:14:46 +0000 (15:14 -0400)]
Add krb5int_cc_user_set_default_name
Set the default credential cache name for all processes for the current
user. Currently implemented, for windows only, by setting
HKEY_CURRENT_USER\Software\MIT\Kerberos5:ccname to the specified
ccache name. This will not override the environment variable 'KRB5CCNAME'.
It will override HKEY_LOCAL_MACHINE and 'indirect' registry values.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7199 (new)
tags: pullup
Kevin Wasserman [Sun, 6 May 2012 19:23:10 +0000 (15:23 -0400)]
Implement switch_to for ccapiv3
krb5_stdccv3_switch_to() calls cc_ccache_set_default().
krb5_stdccv3_resolve() checks for NULL or empty residual and calls
cc_context_get_default_ccache_name() in those cases.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7198 (new)
tags: pullup
Kevin Wasserman [Fri, 20 Apr 2012 15:36:13 +0000 (11:36 -0400)]
Translate WinSock errors to Posix counterparts
MSVC 2010 defines both Posix and WinSock error values so we can no longer
simply #define the Posix error values to be their WinSock counterpart.
This patch explicitly #includes <errno.h> in port-sockets.h and still
conditionally defines the Posix error values for compatibility with older
MSVC but also translates WinSock errors to Posix for MSVC 2010
compatibility.
The downside to this approach is that there are some Posix errors we
do not currently detect (e.g. EADDRINUSE) that are neither #defined nor
translated. If we use one of those in the future but fail to update
TranslateWSAGetLastError() we'll once again be in the situation that the
windows build will compile but fail to work, possibly only when some rare
error condition occurs.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7197 (new)
tags: pullup
If the directory for a DIR ccache doesn't exist yet, try to create it
(but not its parents) with mode 700. Exercise this in test scripts by
not pre-creating directories.
In gssint_import_internal_name, don't map the minor code from
mech->gss_duplicate_name if it returned successfully. Fixes an
"unexpected non-zero minor status" error reported by SAP's gsstest
when it invokes gss_canonicalize_name().
Commit f609e5caff410cc8f71db7d95b4da219541437db accidentally omitted
the check for extra realm separators, leading to an assertion error
when parsing x@y@z or similar. Restore the check.
Ben Kaduk [Fri, 6 Jul 2012 22:56:57 +0000 (18:56 -0400)]
Revert "Document absolute times for 'kinit -s'"
This reverts commit 20f85a81151f69689e3c060e89852687eb6c5a3c.
The ability of 'kinit -s' to accept an absolute time is
intentionally undocumented and remains only for backwards
compatibility.
Leave a comment in the source to this effect, for future generations.
Ben Kaduk [Fri, 6 Jul 2012 19:45:20 +0000 (15:45 -0400)]
Allow using locales when gettext is absent
Previously, if configure did not detect dgettext(), we disabled
anything that smelled like localization, inadvertently including
setlocale(). Now that we use setlocale(LC_ALL, ""), we have
localized dates available as well as messages, so we should not
disable calls to setlocale() any more.
Since the routines from locale.h are only used in a relatively
small number of places, just include the header directly in those
files and remove it from k5-platform.h.
Ben Kaduk [Fri, 6 Jul 2012 00:18:32 +0000 (20:18 -0400)]
Pass the user's CPPFLAGS in ALL_CFLAGS
We need them if any headers we depend on are not in the default
search path (e.g., gettext.h). These files are built for
'make check' but not for the normal build.
Ben Kaduk [Thu, 5 Jul 2012 18:34:56 +0000 (14:34 -0400)]
Document absolute times for 'kinit -s'
kinit's -s argument takes a parameter, which is first interpreted
as a time interval ("deltat"), in the same format used for
the -l and -r arguments. However, if that fails, the
time argument is interpreted as an absolute time, in one of
twelve different possible formats, some of which are subject to
localization via strptime(). Explicitly listing all twelve
possible interpretations is overkill, but give the user a hint that
absolute times are possible at all.
Ben Kaduk [Thu, 5 Jul 2012 18:56:50 +0000 (14:56 -0400)]
Enable all localizations in main functions
Bite the bullet and pass LC_ALL to setlocale() instead of just
LC_MESSAGES. Calls to setlocale() itself were introduced in fabbf9e443459e8c0161c84563690ed70c7f6a61 for ticket 6918, but
only for LC_MESSAGES since only localized strings were needed
and that was the most conservative option.
However, klist, kadmin, and kinit (and perhaps others) would benefit
from localized formats for times (i.e., LC_TIME). If potentially
localized data is being sent on the wire, that is a bug that should
be fixed. No such bugs are found with the current test suite, so we
are comfortable enabling LC_ALL at this time.
Avoid dereferencing a null auth_pack pointer if we run out of memory
initializing info or auth_pack. Eliminate an unnecessary switch by
just cleaning up all of the potentially allocated variables.
Ben Kaduk [Fri, 29 Jun 2012 15:35:41 +0000 (11:35 -0400)]
Take care with types in process_routing_update()
read(2) returns an ssize_t, not an int. We want to compare this
value against several unsigned size_ts, so make a local copy.
Also cast to int for printing; size_t can be wider than int, but
these values should be small.
Ben Kaduk [Wed, 27 Jun 2012 20:35:20 +0000 (16:35 -0400)]
Minor cleanups relating to size_t being unsigned
In order to use -1 as a sentinel value, we should explicitly cast
to make it clear what we are doing. It might be better to use
a less convoluted sentinel value such as SIZE_T_MAX, though.
Additionally, since size_t is unsigned and at least as wide as
an int, a loop with int index variable that compares against a
size_t for its termination check could become an infinite loop.
Make the loop index size_t for consistency.
Ben Kaduk [Wed, 27 Jun 2012 19:38:47 +0000 (15:38 -0400)]
Avoid unsigned/signed comparison in loop condition
The gid_len length is declared as an unsigned int, and loop
index 'i' is a signed int. This could manifest as an infinite
loop if gid_len is very large. In practice, gid_len should be small,
but make 'i' the same type for consistency.
Ben Kaduk [Wed, 27 Jun 2012 19:14:00 +0000 (15:14 -0400)]
Improve printf handling of size_t args
The %*s format takes two arguments, a precision length/width and
an actual string; the length is specified as a signed integer.
The size_t length field of the gss_buffer_desc type is an unsigned
type, which must be cast or otherwise converted to a signed type
to match the format string expectations.
I do not think that the length will approach SIZE_T_MAX in practice,
due to buffer constraints, so do not include handling for the
edge case.
There is a '%zu' format string for printing size_ts, but it is not
available everywhere (e.g., AIX). Instead, use the
unsigned long long abomination.
Ben Kaduk [Wed, 27 Jun 2012 18:28:16 +0000 (14:28 -0400)]
Resolve no-previous-prototype warning in os/cm.c
The warning is
../../../../krb5/src/lib/krb5/os/cm.c:43: warning: no previous prototype for 'k5
_getcurtime'
which occurs because
int k5_getcurtime(struct timeval *tvp)
is defined (and used) in cm.c but there is no forward declaration.
Include the os-proto.h (internal) header which declares this function
to eliminate the warning. k5_getcurtime() is the first declaration in
cm.c, so there is not an ABI concern.
The only other consumer of k5_getcurtime(), sendto_kdc.c, already includes
os-proto.h, so this issue is purely cosmetic.
Accept UDP datagrams up to 64K in size. We should still detect when
an oversized datagram comes in by comparing against the maximum size,
but this is trivial and covers 90% of the practical issues.
Revert 18b02f3e839c007fff54fc9b693f479b7563ec73 in the KDC. Instead,
when making an initial request with a keytab, transmit the whole
default_tkt_enctypes list, but sorted with the enctypes we have in the
keytab first. That way the KDC should prefer enctypes which we have
keys for (for both reply key and session key), but the other enctypes
are still available for use as ticket session keys.
Greg Hudson [Fri, 22 Jun 2012 16:48:26 +0000 (12:48 -0400)]
Add client keytab initiation support
Support acquiring GSSAPI krb5 credentials by fetching initial
credentials using the client keytab. Credentials obtained this way
will be stored in the default ccache or collection, and will be
refreshed when they are halfway to expiring.
Greg Hudson [Sat, 30 Jun 2012 01:45:26 +0000 (21:45 -0400)]
Document GSSAPI name type behavior
Separate out the general interpretation of GSSAPI name types by the
krb5 mechanism from the specific behavior of host-based and principal
name types when used as acceptor names.
Greg Hudson [Fri, 15 Jun 2012 15:14:39 +0000 (11:14 -0400)]
Add krb5_kt_client_default API
The default client keytab is intended to be used to automatically
acquire initial credentials for client applications. The current
hardcoded default is a placeholder, and will likely change before
1.11.
Add test framework settings to ensure that a system default client
keytab doesn't interfere with tests, and to allow tests to be written
to deliberately use the default client keytab.
Add documentation about keytabs to the concepts section of the RST
docs, and describe the default client keytab there.
In the regular krb5 code path, only get a default krb5 cred for the
initial token, since we don't need the cred for mutual_auth anyway.
In the IAKERB mechanism, cache the default cred in iakerb_ctx_id_rec
so we don't have to construct it again for each token. Also, get an
IAKERB default cred, not a regular krb5 cred (a bug which is harmless
now, but becomes more of a problem with keytab initiation changes).
When making a keytab-based AS request, a client has to choose between
sending its reply key enctype preference list (the enctypes it has in
the keytab) and its session key enctype preference list (all of the
enctypes it supports). Heimdal and MIT krb5 1.11 clients send the
reply key preference list. If this list doesn't overlap with the
server principal keys (say, because the krbtgt principal has only a
DES key), then the AS request will fail.
Try to make this work by making the KDC optimistically pick the first
permitted enctype in the request as the session key, even though it
can't be certain that other KDCs in the realm support that enctype.
Make sure to exercise this case in t_keytab.py by doing a multipass
keytab kinit test.
Greg Hudson [Wed, 27 Jun 2012 20:04:32 +0000 (16:04 -0400)]
Rename gss-krb5 cred tgt_expire field
The tgt_expire field is used to store non-TGT expiry times in a couple
of cases: when the ccache has no TGT, and after we've obtained a cred
for the target service. Rename it to just "expire" to be less
misleading.
Tom Yu [Mon, 25 Jun 2012 19:17:02 +0000 (15:17 -0400)]
Restore some spaces in trval
This is a cosmetic change to reintroduce some space characters that cff6ea939f061d17a5742a04b8eeb2905c1813dc removed, e.g. between the tag
and the length or short value.
Greg Hudson [Mon, 25 Jun 2012 15:19:56 +0000 (11:19 -0400)]
Fix crash on invalid DIR ccache primary file
If read_primary_file() fails with an error other than ENOENT, abort
cache resolution rather than dereferencing a null pointer. Reported
by Oliver Loch.
Greg Hudson [Fri, 22 Jun 2012 18:47:16 +0000 (14:47 -0400)]
Eliminate trailing whitespace in trval output
Modify the trval output slightly so that the reference trval output
files don't containing trailing whitespace, to make them friendlier to
our git hooks. (The pkinit and ldap trval reference files now contain
a leading blank line, which isn't very elegant, but avoiding that
requires too much Makefile.in complexity.) Also correct a typo.
Greg Hudson [Fri, 15 Jun 2012 22:06:43 +0000 (18:06 -0400)]
Simplify acquire_cred.c
struct acquire_cred_args was used purely to pass arguments to
acquire_cred (a static function), and had no advantages for that
purpose over positional arguments.
Greg Hudson [Sat, 16 Jun 2012 15:38:57 +0000 (11:38 -0400)]
Limit size of lookaside cache
Add a preprocessor constant LOOKASIDE_MAX_SIZE (defaulting to 10MB)
which limits the total size of the lookaside cache entries. Purge
stale entries in kdc_insert_lookaside instead of kdc_check_lookaside,
and when doing so, continue purging non-stale entries until the total
cache size (including the new entry) is within the size constraint.
Greg Hudson [Thu, 21 Jun 2012 21:20:29 +0000 (17:20 -0400)]
Handle PKINIT DH replies with no certs
If a PKINIT Diffie-Hellman reply contains no certificates in the
SignedData object, that may be because the signer certificate was a
trust anchor as transmitted to the KDC. Heimdal's KDC, for instance,
filters client trust anchors out of the returned set of certificates.
Match against idctx->trustedCAs and idctx->intermediateCAs to handle
this case. This fix only works with OpenSSL 1.0 or later; when built
against OpenSSL 0.9.x, the client will still require a cert in the
reply.
Greg Hudson [Thu, 14 Jun 2012 18:15:05 +0000 (14:15 -0400)]
Fail from gss_acquire_cred if we have no creds
If a caller tries to acquire krb5 initiator creds with no desired name
and we have no credentials in the cache collection, fail from
gss_acquire_cred intead of deferring until gss_init_sec_context.
Greg Hudson [Fri, 8 Jun 2012 21:02:28 +0000 (17:02 -0400)]
Remove big-endian gss-krb5 support
The big_endian flag in krb5_gss_ctx_id_rec is there for
interoperability with a really ancient implementation which we believe
is no longer in use. Get rid of it and the code to handle it.
projects / thirdparty / krb5.git / log
