70 Commits

Author SHA1 Message Date
Minsoo Choo
aff90c322e Fix spelling 2024-06-16 23:30:48 -04:00
Joseph Sutton
62e63b2da6 krb5: Fix unused variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-11-02 20:19:54 -05:00
Nicolas Williams
6b39972113 krb5: Fix acc_move() crash (CCAPI) 2022-02-11 15:13:13 -06:00
Nicolas Williams
1eda4920c8 krb5: Fix coverity warnings 2022-01-19 23:38:27 -06:00
Jeffrey Altman
70ac849844 lib/krb5: acc_resolve_2 leak if ccErrCacheNotFound
Fix the possible leak of 's' allocated by asprintf()

When squashing the changes reference "this fixes an issue introduced by 7bf4d76 ("krb5: Improve cccol sub naming; add gss_store_cred_into2()")" in the commit message.
2020-11-06 09:09:01 -05:00
Nicolas Williams
68eba10cf1 krb5: Fix API: ccache failure 2020-11-06 09:09:01 -05:00
Nicolas Williams
886cc6026c krb5: Remove uses of KRB5_USE_PATH_TOKENS 2020-05-28 00:49:55 -05:00
Jeffrey Altman
d84512b8d2 krb5: krb5_cc_ops backward compatibility and extensibility
The krb5_cc_ops structure is an extensible structure to which new
functionality has been added over the years.

Version zero was the original.  It included all functions up to
and including get_default_name().

Version one added set_default().

Version two added lastchange().

Version three added set_kdc_offset() and get_kdc_offset().

Version four broke compatibility by modifying the signatures
of get_name() and resolve().   This was in change
7bf4d76e75 ("krb5: Improve cccol sub
naming; add gss_store_cred_into2()").

Version five restores the original signatures of get_name()
and resolve() and introduces get_name_2() and resolve_2() that
provide the additional cccol functionality.

This change

 * introduces version five
 * documents which functions are part of each version
 * replaces KRB5_CC_OPS_VERSION with KRB5_CC_OPS_VERSION_0,
   KRB5_CC_OPS_VERSION_1, KRB5_CC_OPS_VERSION_2, KRB5_CC_OPS_VERSION_3,
   and KRB5_CC_OPS_VERSION_5.  KRB5_CC_OPS_VERSION_4 is skipped
   because of the aforementioned breakage.
 * compatibility logic is added to permit ccache plugins to implement
   any of version one, two, three, five or a future version.
 * all in-tree krb5_cc_ops implementations are updated to version 5.

Change-Id: Iadfce01d10834bc6151939e4d9d196f03001626e
2020-05-27 23:22:40 -05:00
Nicolas Williams
a8874a62bb krb5: Fix kinit harder
The previous fixes for using `krb5_cc_default_for()` weren't quite
correct.
2020-03-17 19:13:16 -05:00
Nicolas Williams
64d5f86ec3 Fix warnings (some bugs, some spurious)
Many spurious VC warnings not quieted though.
2020-03-12 21:02:09 -05:00
Nicolas Williams
7bf4d76e75 krb5: Improve cccol sub naming; add gss_store_cred_into2()
- Formalize the TYPE:collection_name:subsidiary_name naming scheme for
   ccaches in ccache collections
    - KEYRING: ccaches are weird because they have one more optional field: the
      "anchor", so rather than just assume a naming convention everywhere, we
      add new functions as well
 - Add krb5_cc_{resolve,default}_sub() that allows one to specify a
   "subsidiary" ccache name in a collection separately from the
   collection name
 - Add krb5_cc_{resolve,default}_for() which take a principal name,
   unparse it, and use it as the subsidiary ccache name (with colons
   replaced)
 - Make kinit use the new interfaces
 - Add missing DIR ccache iteration functionality
 - Revamps test_cc
 - Add krb5_cc_get_collection() and krb5_cc_get_subsidiary()
 - Bump the ccops SPI version number
 - Add gss_store_cred_into2()
 - Make MEMORY:anonymous not linked into the global MEMORY ccache
   collection, and uses this for delegated cred handles

TBD:

 - Split this up into a krb5 change and gss mech_krb5 change?
 - Add krb5_cc_init_and_store() utility, per Greg's suggestion?
2020-03-02 17:48:04 -06:00
Nicolas Williams
ec84667763 Fix krb5_cc_move() issues
Move init/copy/destroy fallback sequence from fcc_move() to
krb5_cc_move().

Make sure all backends's move() method calls krb5_cc_destroy() on the
source on success (and only on success).

In text_cc make sure that we can find in the destination the cred
stored into the source.
2019-10-03 13:09:18 -05:00
Luke Howard
befe1b8f90 always load plugins with RTLD_LOCAL/RTLD_GROUP if available 2019-01-03 20:06:27 -06:00
Jeffrey Altman
ef8e4da010 only perform dir separator normalization for file paths
Commit ad7e54d698 introduced the use
of _krb5_expand_path_tokens() to expand tokens (and on Windows convert
path delimiters) within credential cache names.  This is safe to do
for the path based credential cache types FILE, DIR and SCC but on
Windows is unsafe for the non-path types.

For example on Windows, the API credential cache names are often based
on the principal name and the principal name is parsed from the ccname.
This practice was introduced with the version v2 ccapi when there was
no method of enumerating the caches from the krb5 library.

This change adds a "filepath" boolean parameter to _krb5_expand_path_tokens()
which is set to TRUE (non-zero) when the input is a file path and FALSE
(zero) when the input is not a file path.  _krb5_expand_path_tokens() will
only perform directory separator normalization on Windows when the
"filepath" parameter is TRUE.

This change is not the preferred solution because it requires that the
library be aware of all credential cache types that use path based
residuals.  The preferred solution would require that the credential cache
implementation indicate whether or not it uses a path based residual.

This change has been implemented using a prefix test and not a change to
struct krb5_cc_ops because existing ccache plugins will not know how to
advertise their use of path based residuals and that path expansion is
safe.

Change-Id: I8135991e8ce69fc5273d381ea9c2078bc2bcd19a
2015-01-07 14:43:19 -05:00
Jeffrey Altman
5f138a16ef libkrb5: Add missing KRB5_LIB_FUNCTION/KRB5_LIB_CALL
KRB5_LIB_FUNCTION and KRB5_LIB_CALL are necessary even on private
functions that are exported.

Change-Id: Iccd0cfe87ff0a9d851e29890e9cb55b3ae517ce1
2013-06-22 21:17:32 -04:00
Roland C. Dowdeswell
f0f07ff408 Use krb5_enomem() more consistently in lib/krb5. 2013-02-13 16:15:00 +08:00
Nicolas Williams
ad7e54d698 Generalize token expansion to allow for context-specific tokens 2011-12-08 13:33:37 -06:00
Nicolas Williams
6aec02f979 Make krb5_kuserok() pluggable and add features (including MIT config compat) 2011-12-08 13:33:36 -06:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
2011-04-29 20:25:05 -07:00
Asanka Herath
e8e56defaf Don't rely on non-CCAPI v3 exports
krb5_ipc_client_set_target_uid() and krb5_ipc_client_clear_target()
may not be present in CCAPI plug-in.  Don't rely on their existence.
2010-09-14 08:04:12 -04:00
Asanka Herath
5dcc605f6b Fix calling conventions for Windows 2010-08-20 13:14:10 -04:00
Love Hornquist Astrand
788189805c catch error from as.*printf 2010-05-30 13:28:49 -07:00
Asanka Herath
5c0f3f99c6 Use path tokens when locating plug-in .dlls 2010-05-26 10:38:44 -04:00
Love Hornquist Astrand
7aba6f94bd poke hole into the underlaying mach code, allow NULL krb5_context 2009-11-22 12:33:53 -08:00
Love Hörnquist Åstrand
9f46439d78 remove unused stuff
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25251 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-05-28 01:20:47 +00:00
Love Hörnquist Åstrand
942a821fab remove RCSID
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25171 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-05-04 06:17:40 +00:00
Love Hörnquist Åstrand
998d22462c plugs leaks
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25020 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-04-03 03:59:43 +00:00
Love Hörnquist Åstrand
83595c6202 Add support for setting and getting kdc offset
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24910 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-03-22 17:21:50 +00:00
Love Hörnquist Åstrand
ef088ee696 error never read again, just drop it
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24846 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-02-27 03:28:59 +00:00
Love Hörnquist Åstrand
91f2ef3f76 dont leak addr on error, cid#81
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24120 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-12-11 05:03:07 +00:00
Love Hörnquist Åstrand
230ddb5707 fix N_() arguments, From metze
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23996 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-10-30 06:45:25 +00:00
Love Hörnquist Åstrand
7811db9c1f add lastmodified
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23923 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-10-18 21:14:54 +00:00
Love Hörnquist Åstrand
03babea1e3 switch to krb5_clear_error_message
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23911 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-10-14 02:55:39 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
4f023f744b provide i18n hooks and renew krb5_create_checksum_iov from comments from metze
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23733 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-07 21:06:34 +00:00
Love Hörnquist Åstrand
7fcd266fdd use krb5_set_error_message
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand
854ef9a202 switch to krb5_set_error_message
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23273 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-06-23 03:25:00 +00:00
Love Hörnquist Åstrand
3b7ff465c1 Add declspec for Windows
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23026 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-04-17 10:02:03 +00:00
Love Hörnquist Åstrand
96ece475a2 get_version returns an int, update
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22985 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-04-15 15:54:57 +00:00
Love Hörnquist Åstrand
7a47e167d9 Use unsigned where appropriate.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22892 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-04-07 18:52:06 +00:00
Love Hörnquist Åstrand
331b920fdc Add version number to krb5_cc_ops
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22845 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-04-07 11:48:51 +00:00
Love Hörnquist Åstrand
21abe2d75e Implement set_default.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22838 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-04-07 11:48:15 +00:00
Love Hörnquist Åstrand
972ea571f3 Translate ccErrInvalidCCache.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22824 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-04-07 11:47:18 +00:00
Love Hörnquist Åstrand
2e62b79c07 Only release context if its in use.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22818 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-04-07 11:46:51 +00:00
Love Hörnquist Åstrand
aff5c9adc4 Create a new credential cache is ->get_name is called, make
acc_initialize() reset the existing credential cache if needed.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22669 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-03-09 23:39:25 +00:00
Love Hörnquist Åstrand
32809668a9 (acc_get_name): just return the cache_name directly instead of trying
to resolve it.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22667 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-03-09 23:08:32 +00:00
Love Hörnquist Åstrand
bdb625ddf0 Free context when done, implement krb5_cc_ops->default_name.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22099 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-12-03 17:14:34 +00:00
Love Hörnquist Åstrand
759bf557e0 Implement the move operation. Avoid using cc_set_principal() since it
broken on Mac OS X 10.5.0.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22091 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-12-03 12:38:53 +00:00