The hc_evp_md_init, hc_evp_md_update and hc_evp_md_final typedefs
are defined as functions returning an int, but null_Init, null_Update
and null_Final are defined as void, and cast with the typedef when
assigned to the function vector.
This might result in some uninitialized value being returned to the
caller, if some of them make use of the return value. It also causes
warnings if the -Wcast-function-type warning is enabled.
Change the type to in to match the typedef, and return 1 (success).
This is not a very good fix, though the warnings remain. Such errors
can in principle be a problem because in C there is no standard enum
sizing.
In this case we have two enums with the same elements and so the same
size, so it's clearly not a problem.
This commits allows `heim_object_t` as a type and causes the generated
code to use the `heim_retain()` and `heim_release()` functions for
copying and releasing values of such types.
Also, now one can have more than one decoration per-type.
If the decorated external type is a void *, don't include the decoration
header in the ASN.1 header, only in the template implementation. This allows
the copy constructor and destructor to be implementation private.
This adds support for asn1_compile --decorate=... variation that causes
decoration of an ASN.1 SET/SEQUENCE type with a field of a non-ASN.1
type.
This means we can now have an ASN.1 type to represent a request that can
then have a "hidden" field -- hidden in that it is neither encoded nor
decoded. This field will be copied and freed when the decoration is of
an ASN.1 type or of a external, C type that comes with copy constructor
and destructor functions. Decoration with a `void *` field which is
neither copied nor freed is also supported.
We may end up using this to, for example, replace the `hdb_entry_ex`
type by decorating `HDB_entry` with a C type that points to the `HDB` in
which the entry was found or to which it should be written.
Fix regression introduced in 9427796f, where checked in files matching asn1_*.c
would be clobbered by "make clean".
Change-Id: Ifc4bbe3c46dd357fdd642040ad964c7cfe1d395c
Recent auditing changes (b1dcc1a4) introduced a leak into pa_enc_ts_validate()
where the encryption type name and error message could be leaked.
This patch fixes a compile error in the original commit.
We have a Heimdal special where when the acceptor sends back an error
token for clock skew or ticket-not-yet-valid errors then the acceptor
application will get GSS_S_CONTINUE_NEEDED from gss_accept_sec_context()
so that the initiator may retry with the same context.
But we were retaining the auth_context, which means that when the
initiator does send a new token, the acceptor leaks memory because
krb5_verify_ap_req2() doesn't clean up the auth_context on reuse. The
end result is that we leak a lot in those cases.
The implementation of GSS name attributes for Kerberos (or any mechanism
with more than a tiny handful) is much nicer as a table-driven
implementation.
We now have stubs for setting and deleting attributes as well, though
these currently always fail.
The Heimdal KDC does not add a PAC if an anonymous ticket was issued. As such,
test_context should not expect PAC naming attributes to be present if the
--anonymous option was passed. (This is irrelevant for now as GSS_C_ANON_FLAG
is not honored by the krb5 mechanism.)
When unsigned char values are shifted, they are promoted to int (unless
sizeof(int) == sizeof(char)). This means that the change in be708ca3cf
ultimately leads to a sign extension bug.
Use uintptr_t for hash type; this is consistent with CoreFoundation, which uses
32-bit integers on 32-bit platforms for the hash code, and 64-bit integers on
64-bit platforms. (libheimbase is modelled on CoreFoundation.)
Previously we used unsigned long, which would have the same behavior on
LP32/LP64 systems, but not on Windows (where unsigned long is 32-bits on 64-bit
platforms).
Cast integer constants to (void *) with an intermediate cast to
(uintptr_t). On Windows this avoid warnings about a signed
integer being cast to a pointer of larger size.
No functional change.
Change-Id: I7289fb772870c5f492c1a8b988e0d80cf008b7f4
The generated .x source and .hx header files are plain C source files.
Generate them as .c source files and avoid unnecessary file copying
and special makefile rules.
Change-Id: Ifc4bbe3c46dd357fdd642040ad964c7cfe1d395c
When generating code cast integer constants to (void *) with an
intermediate cast to (uintptr_t). On Windows this avoid hundreds
of warnings about a signed integer being cast to a pointer of larger
size.
No functional change.
Change-Id: Ifd2acd0cfe99a7859aad58e79ab0f0c12b28fdeb
This commit builds a static runtime version of the asn1 library
which is required for some thirdparty applications.
LIBASN1_S =$(LIBDIR)\libasn1_s.lib
This differs from libasn1.lib which is compiled to use the
dynamic runtime.
Change-Id: Ib04f5b53a7f16d7bbe9d2debb75e944322a6792a
Instead of defining ASN1_LIB in each of the generated ASN1 source
files require that the generated source file be compiled with the
ASN1_LIB symbol defined (on Windows). All of the compiled objects
linked into the same library which might be accessing an ASN1 exported
symbol must have ASN1_LIB defined to ensure that the use of the
exported symbols will not be via an import.
Change-Id: Ie38c105d1d376419717fce0830dc28f5b82547d4
The LIB_ASN1 definition instructs the library objects to access
exported ASN1 generated DATA symbols as internal symbols.
Change-Id: I58b055808893c6f3af48fc2dd997e0dedea2ffcb
The LIB_ASN1 definition instructs the library objects to access
exported ASN1 generated DATA symbols as internal symbols.
Change-Id: Ia8c674c879c9bc46ca9dc7f249114f22b1d0dfd5
The LIB_ASN1 definition instructs the library objects to access
exported DATA symbols as internal symbols.
Change-Id: Ifbc80a4e3c357cb323f7763c116101ae495b11df
oid_resolution.obj does not depend upon $(LIBASN1_OBJ) object
files. It depends upon the generated .x files produced by
asn1_compile.exe when building $(gen_files_xxx). Create a
new list of those dependencies explicitly for oid_resolution.obj.
Change-Id: I09a4dc9efb7a84e68da939b6a3ec5f55354c02ee
Build without Win32.mak, and using Universal C Runtime (UCRT)
windows: Check for APPVER, not VCVER for UCRT
When deciding whether UCRT is used (and thus no CRT merge modules), check for
Windows 10 rather than the version of Visual Studio, as we may be building with
an older SDK.
Add some notes about the KDC plugin API contract, and require plugins to
explicitly indicate which version of the API they support (remove the macro
alias for the current version).
r->canon_client_princ is always an alias to r->client->entry.principal in the
AS, but use it for consistency with the TGS. (In the TGS, it may also come from
te PAC.)
Move the Services for User (SFU/S4U) implementation -- protocol transition and
constrained delegation -- into its own compilation unit, with an interface that
only takes an astgs_request_t, so it can be easily factored out into a plugin
module in the future.
This refactoring is also careful to update all client names in the request
structure after the SFU/S4U validation has successfully completed.
Instead of having distinct preauth success/failure events for different
mechanisms, have a single event; the mechanism can be disambiguated by querying
the HDB_REQUEST_KV_PA_NAME key.
Note: there is still an explicit event for long-term key-based success/failure
in order to help the backend implement lockout.
Audit failure (HDB_AUTH_EVENT_PREAUTH_FAILED) in the main preauth loop, rather
than in each mechanism. Success is still audited in the mechanism to allow
client pre-authentication success to be noted even if something subsequent
(e.g. encoding a reply, memory allocation) fails. The generic catch-all for
success remains.
