9 Commits

Author SHA1 Message Date
1c4902378f base: Make heim_log_ref() thread-safe
This is necessary to making multiple `krb5_context`s be able to share a
log facility.
2022-12-07 21:28:19 -06:00
ed24c41973 base: differentiate KRB5 and other configurations on Windows
When the "KRB5_CONFIG" is unset on Windows, the registry values
  HKLM\Software\Heimdal "config"
  HKCU\Software\Heimdal "config"
are used.   The migration of krb5_config to heimbase failed to
differentiate between KRB5_CONFIG, HX509_CONFIG, etc.   The above
registry values are only for the KRB5_CONFIG.

This change permits the envvar name to be searched for in the
registry.   For HX509_CONFIG the registry values
  HKLM\Software\Heimdal "HX509_CONFIG"
  HKCU\Software\Heimdal "HX509_CONFIG"
will be searched for configuration information.

Change-Id: I140945fa603d668d270eb5d740a11edc6fc121d7
2020-06-29 11:40:48 -04:00
1d8ab271d5 base: Default homedir access to !issuid() 2020-05-28 00:39:45 -05:00
aa47b5f1a3 Don't override the PATH_SEP definition if present
PATH_SEP is declared on Windows to be ";" and not ":"
by include/config.h.w32.

lib/base/context.c and lib/hx509.c must not override an existing
setting.  Otherwise, file lists cannot be separated and will be
treated as a single file name.

Change-Id: I5521188faca36e41fbae95fbb8942970eab261c8
2020-05-26 11:48:45 -05:00
e8441212d1 Move error functions from krb5 to base 2020-04-24 16:02:35 -05:00
01509f553d Move KDC audit functionality to lib/base/ 2020-04-24 16:02:35 -05:00
679bcb6872 hx509: Add hx509.conf support
Just like krb5.conf, but hx509.conf, with all the same default locations
on Windows, OS X, and elsewhere, and HX509_CONFIG as the environment
variable equivalent of KRB5_CONFIG.
2020-04-24 16:02:33 -05:00
78a21fdd95 Move more config file code from krb5 to base 2020-04-24 00:11:56 -05:00
ea90ca8666 Move some infra bits of lib/krb5/ to lib/base/ (2)
This is the second of two commits in a series that must be picked together.

This series of two commits moves parts of lib/krb5/ infrastructure
functionality to lib/base/, leaving behind wrappers.

Some parts of libkrb5 are entirely generic or easily made so, and could
be useful in various parts of Heimdal that are not specific to the krb5
API, such as:

 - lib/gssapi/  (especially since the integration of NegoEx)
 - lib/hx509/
 - bx509d       (which should really move out of kdc/)

For the above we need to move these bits of lib/krb5/:

 - lib/krb5/config_file.c   (all of it, leaving forwardings behind)
 - lib/krb5/config_reg.c    (all of it)
 - lib/krb5/plugin.c        (all of it, leaving forwardings behind)
 - lib/krb5/log.c           (all of it, ditto)
 - lib/krb5/heim_err.et     (all of it)

And because of those two, these too must also move:

 - lib/krb5/expand_path.c   (all of it, leaving forwardings behind)
 - lib/krb5/warn.c          (just the warning functions, ditto)

The changes to the moved files are mostly quite straightforward and are
best reviewed with --word-diff=color.

We're also creating a heim_context and a heim API to go with it.  But
it's as thin as possible, with as little state as necessary to enable
this move.  Functions for dealing with error messages use callbacks.

Moving plugin.c does have one knock-on effect on all users of the old
krb5 plugin API (which remains), which is that a global search and
replace of struct krb5_plugin_data to struct heim_plugin_data was
needed, though the layout and size of that structure doesn't change, so
the ABI doesn't either.

As well, we now build lib/vers/ and lib/com_err/ before lib/base/ so as
to be able to move lib/krb5/heim_err.et to lib/base/ so that we can make
use of HEIM_ERR_* in lib/base/, specifically in the files that moved.

Once this is all done we'll be able to use config files and plugins in
lib/hx509/, we'll be able to move bx509d out of kdc/, and so on.

Most if not all of the new functions in lib/base/ are Heimdal-private,
thus calling conventions for them are not declared.

Status:

 - builds and passes CIs (Travis, Appveyor)
 - ran make check-valgrind and no new leaks or other memory errors
 - ready for review

HOW TO REVIEW:

     $ # Review file moves:
     $ git log --stat -n1 HEAD^
     $
     $ # Review changes to moved files using --word-diff=color
     $ git log -p -b -w --word-diff=color HEAD^..HEAD   \
               lib/base/config_file.c                   \
               lib/base/config_reg.c                    \
               lib/base/expand_path.c                   \
               lib/base/warn.c                          \
               lib/krb5/config_file.c                   \
               lib/krb5/config_reg.c                    \
               lib/krb5/expand_path.c                   \
               lib/krb5/warn.c
     $
     $ # Review the whole thing, possibly adding -b and/or -w, and
     $ # maybe --word-diff=color:
     $ git log -p origin/master..HEAD
     $ git log -p -b -w origin/master..HEAD
     $ git log -p -b -w --word-diff=color origin/master..HEAD

TBD (future commits):

 - make lib/gssapi use the new heimbase functions
 - move kx509/bx509d common code to lib/hx509/ or other approp. location
 - move bx509d out of kdc/
2020-03-02 10:56:13 -06:00