Solaris'/Illumos' gss_acquire_cred_with_password() does not have
side-effects. MIT and Heimdal have differed, but it's now agreed that
the Solaris/Illumos behavior is correct.
To make a credential obained with gss_acquire_cred_with_password()
available to other processes, use gss_store_cred().
In at least two instances the krb5 cred handle expiration time was misused
as a remaining lifetime. This is not surprising since the field name is
wrong ("lifetime" not "expiration"). This commit fixes the code, the next
commit will rename the field and change its type from OM_uint32 to time_t.
gss_add_cred() with GSS_C_NO_CREDENTIAL as the input_cred_handle should
act like gss_acquire_cred() with desired_mechs containing just the
desired_mech.
In gsskrb5_accept_delegated_token() it is wrong to store the delegated
credentials in the default ccache by default. When the caller does not
provide a target credential handle, we just do nothing and return success.
Test the return value of gsskrb5_accept_delegated_token() against
GSS_S_COMPLETE, rather than 0.
Delegated or other explicit credentials were mishandled, the code only
worked correctly when processing default credentials. In particular
this caused root's default credential cache to be accessed when accepting
delegated credentials in SSH:
ssh_gssapi_accept_ctx() ->
ssh_gssapi_getclient() ->
gss_inquire_cred_by_mech()
When /tmp/krb5cc_0 contained expired tickets, cascaded credentials
stopped working for non-root users!
The first enctype RFC3961 prf output length's bytes are correct because
the little- and big-endian representations of unsigned zero are the
same. The second block of output was wrong because the counter was not
being encoded as big-endian.
This change could break applications. But those applications would not
have been interoperating with other implementations anyways (in
particular: MIT's).
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer. Note that we get different
warnings on different machines and so this will be a work in
progress. So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).
Notably, we fixed
1. a lot of missing structure initialisers,
2. unchecked return values for functions that glibc
marks as __attribute__((warn-unused-result)),
3. made minor modifications to slc and asn1_compile
which can generate code which generates warnings,
and
4. a few stragglers here and there.
We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g. rsh, rcp,
popper, ftp and telnet.
Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.
We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
Heimdal since fc702a97f5 (August 2009)
can't process DES wrap tokens unless the stack garbage in the zero
array happens to be all zeros.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
The pname to uid functionality at present assumes there is
an implementation of getpwnam() and that the local user
identifier is an integer. On Windows, the local user identifier
is a SId. Add NO_LOCALNAME as a build option so that Windows
(for now) can build without providing a getpwnam() implementation.
Change-Id: I04cfd6d2cd52e6228733f1da1dab420b453e6566
commit f5f9014c90 added the
first use of C99 named struct initializers which are not
supported on Windows. Remove their use in external.c and
in ks_dir.c.
Change-Id: Ibb6b2d5b3dbd4041cb638d2c7a9bd6f916fd45d7
most of these warnings are not problems because of ample
use of abort() calls. However, the large number of warnings
makes it difficult to identify real problems. Initialize
the variables to shut up the compilers.
Change-Id: I8477c11b17c7b6a7d9074c721fdd2d7303b186a8
