66 Commits

Author SHA1 Message Date
Minsoo Choo
aff90c322e Fix spelling 2024-06-16 23:30:48 -04:00
Nicolas Williams
5535ace6ea krb5: Fix ignored error in SCC: ccache 2023-01-04 00:43:36 -06:00
Nicolas Williams
1eda4920c8 krb5: Fix coverity warnings 2022-01-19 23:38:27 -06:00
Jeffrey Altman
c8956523a1 lib/krb5: scc_alloc do not leak 'freeme'
Introduce a common 'out' label to avoid leaking 'freeme'.

Change-Id: I8d58efc75125ee553b462372ad160394013f9a3a
2022-01-16 17:36:17 -05:00
Nicolas Williams
82a8744787 krb5: Fix SQLite3 ccache bugs/warnings 2022-01-14 17:10:16 -06:00
Nicolas Williams
6f7c6a7f67 krb5: Fix out-of-tree SQLite3 ccache perms issue
SQLite3 defaults to 0644 unless overridden, relying on the process'
umask to make that tighter.

Our in-tree SQLite3 uses 0600 as the permissions for DB files it
creates.

Out-of-tree builds of SQLite3 probably get the 0644 default.

We can't change the umask in libraries -- it's not thread-safe.

So this commit changes the SCC ccache type's default ccname to include
an intermediate directory which is created with `mkdir(2)` with
permissions set to 0700, then it chmods the DB file to 0644.
2021-11-30 11:34:04 -06:00
Nicolas Williams
bacc484b2a krb5: Fix umask issue with SQLite3 2021-11-30 11:42:00 -05:00
Nicolas Williams
886cc6026c krb5: Remove uses of KRB5_USE_PATH_TOKENS 2020-05-28 00:49:55 -05:00
Jeffrey Altman
d84512b8d2 krb5: krb5_cc_ops backward compatibility and extensibility
The krb5_cc_ops structure is an extensible structure to which new
functionality has been added over the years.

Version zero was the original.  It included all functions up to
and including get_default_name().

Version one added set_default().

Version two added lastchange().

Version three added set_kdc_offset() and get_kdc_offset().

Version four broke compatibility by modifying the signatures
of get_name() and resolve().   This was in change
7bf4d76e75 ("krb5: Improve cccol sub
naming; add gss_store_cred_into2()").

Version five restores the original signatures of get_name()
and resolve() and introduces get_name_2() and resolve_2() that
provide the additional cccol functionality.

This change

 * introduces version five
 * documents which functions are part of each version
 * replaces KRB5_CC_OPS_VERSION with KRB5_CC_OPS_VERSION_0,
   KRB5_CC_OPS_VERSION_1, KRB5_CC_OPS_VERSION_2, KRB5_CC_OPS_VERSION_3,
   and KRB5_CC_OPS_VERSION_5.  KRB5_CC_OPS_VERSION_4 is skipped
   because of the aforementioned breakage.
 * compatibility logic is added to permit ccache plugins to implement
   any of version one, two, three, five or a future version.
 * all in-tree krb5_cc_ops implementations are updated to version 5.

Change-Id: Iadfce01d10834bc6151939e4d9d196f03001626e
2020-05-27 23:22:40 -05:00
Nicolas Williams
8f3b5e0862 krb5: Use sqlite3_close(), not v2 2020-03-17 19:45:51 -05:00
Nicolas Williams
64d5f86ec3 Fix warnings (some bugs, some spurious)
Many spurious VC warnings not quieted though.
2020-03-12 21:02:09 -05:00
Nicolas Williams
7bf4d76e75 krb5: Improve cccol sub naming; add gss_store_cred_into2()
- Formalize the TYPE:collection_name:subsidiary_name naming scheme for
   ccaches in ccache collections
    - KEYRING: ccaches are weird because they have one more optional field: the
      "anchor", so rather than just assume a naming convention everywhere, we
      add new functions as well
 - Add krb5_cc_{resolve,default}_sub() that allows one to specify a
   "subsidiary" ccache name in a collection separately from the
   collection name
 - Add krb5_cc_{resolve,default}_for() which take a principal name,
   unparse it, and use it as the subsidiary ccache name (with colons
   replaced)
 - Make kinit use the new interfaces
 - Add missing DIR ccache iteration functionality
 - Revamps test_cc
 - Add krb5_cc_get_collection() and krb5_cc_get_subsidiary()
 - Bump the ccops SPI version number
 - Add gss_store_cred_into2()
 - Make MEMORY:anonymous not linked into the global MEMORY ccache
   collection, and uses this for delegated cred handles

TBD:

 - Split this up into a krb5 change and gss mech_krb5 change?
 - Add krb5_cc_init_and_store() utility, per Greg's suggestion?
2020-03-02 17:48:04 -06:00
Nicolas Williams
ec84667763 Fix krb5_cc_move() issues
Move init/copy/destroy fallback sequence from fcc_move() to
krb5_cc_move().

Make sure all backends's move() method calls krb5_cc_destroy() on the
source on success (and only on success).

In text_cc make sure that we can find in the destination the cred
stored into the source.
2019-10-03 13:09:18 -05:00
Nicolas Williams
7fa85e6d6d Round of scan-build warnings cleanup 2016-11-16 23:27:27 -06:00
Nicolas Williams
953dc07391 Round of scan-build warnings cleanup 2016-11-15 21:27:20 -06:00
Roland C. Dowdeswell
f0f07ff408 Use krb5_enomem() more consistently in lib/krb5. 2013-02-13 16:15:00 +08:00
Roland C. Dowdeswell
e8779d5d4a Add -Wshadow and deal with the warnings. 2012-02-21 11:17:55 +00:00
Roland C. Dowdeswell
cc47c8fa7b Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues.
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer.  Note that we get different
warnings on different machines and so this will be a work in
progress.  So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).

Notably, we fixed

	1.  a lot of missing structure initialisers,

	2.  unchecked return values for functions that glibc
	    marks as __attribute__((warn-unused-result)),

	3.  made minor modifications to slc and asn1_compile
	    which can generate code which generates warnings,
	    and

	4.  a few stragglers here and there.

We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g.  rsh, rcp,
popper, ftp and telnet.

Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.

We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
2012-02-20 19:45:41 +00:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Jeffrey Altman
36dcd37cc7 use %p printf format spec for pointers
do not cast to unsigned long since a 64-bit pointer
and 32-bit long will truncate the value.

Change-Id: Ibeda98171ccbab4b55950bb02c858773e1028cbf
2011-05-17 12:02:15 -04:00
Asanka Herath
5dcc605f6b Fix calling conventions for Windows 2010-08-20 13:14:10 -04:00
Love Hornquist Astrand
f337b458f3 catch error from as.*printf 2010-05-30 14:16:35 -07:00
Love Hornquist Astrand
788189805c catch error from as.*printf 2010-05-30 13:28:49 -07:00
Love Hornquist Astrand
687db64c56 Patch from Secure Endpoints/Asanka Herath for windows support 2009-12-21 08:45:28 +01:00
Love Hornquist Astrand
4bc5f02317 use HAVE_SCC 2009-11-22 12:23:29 -08:00
Love Hornquist Astrand
14a68d5668 Set umask before creating credentials database to make sure cache is user only readable
Reported by Anton Lundin <glance@acc.umu.se>
2009-08-20 08:40:50 -07:00
Love Hornquist Astrand
a1964f4747 use after free [CID-184] [CID-185] 2009-07-30 07:38:24 +02:00
Love Hörnquist Åstrand
fd5cbcfe3f better free of scache data
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25078 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-04-03 05:09:53 +00:00
Love Hörnquist Åstrand
501d4ceadb scache -> scc
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25077 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-04-03 05:09:41 +00:00
Love Hörnquist Åstrand
f1d4a3a1da rename SDB to SCC
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25073 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-04-03 04:09:53 +00:00
Love Hörnquist Åstrand
a1992b1ea4 rename SDB to SCC
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25072 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-04-03 04:09:42 +00:00
Love Hörnquist Åstrand
813bb8414b rename SDB to SCC
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25071 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-04-03 04:09:32 +00:00
Love Hörnquist Åstrand
4b7c75eaf8 plug memory leak
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25024 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-04-03 04:00:40 +00:00
Love Hörnquist Åstrand
9001ff8752 drop unused value for exec_stat()
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24826 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-02-27 03:25:42 +00:00
Love Hörnquist Åstrand
3767202e6e drop RCSID
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24359 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-01-25 00:31:10 +00:00
Love Hörnquist Åstrand
1abdd59600 dont leak scache context on error, cid#82
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24119 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-12-11 05:02:57 +00:00
Love Hörnquist Åstrand
3fd24a3ac3 print pointer with %p
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24076 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-12-11 04:54:44 +00:00
Love Hörnquist Åstrand
18038ded5c always include SDB backend
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24031 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-11-12 04:19:10 +00:00
Love Hörnquist Åstrand
106c810509 make scache dependant on sqlite
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23993 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-10-26 18:27:24 +00:00
Love Hörnquist Åstrand
03babea1e3 switch to krb5_clear_error_message
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23911 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-10-14 02:55:39 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
d1728c8424 make compile again
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23803 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-07 21:36:01 +00:00
Love Hörnquist Åstrand
b29245d5d1 N_()ify
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23801 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-07 21:35:27 +00:00
Love Hörnquist Åstrand
46158df0d7 use the right database to get the error from.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23666 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-08-25 02:31:28 +00:00
Love Hörnquist Åstrand
eeab965755 include <sqlite3.h> instead of "sqlite3.h"
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23609 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-08-17 15:56:32 +00:00
Love Hörnquist Åstrand
7fcd266fdd use krb5_set_error_message
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand
37cc9f4f36 use krb5_set_error_message
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23308 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-06-23 03:30:33 +00:00
Love Hörnquist Åstrand
3b7ff465c1 Add declspec for Windows
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23026 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-04-17 10:02:03 +00:00
Love Hörnquist Åstrand
adeccfb453 Cast krb5_error_code to int to avoid warning.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22992 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-04-15 15:55:25 +00:00