oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,216 Commits 2 Branches 2 Tags
1eda4920c877bcccddec8ccef3a5423440ba8cf5
Commit Graph

30216 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicolas Williams
1eda4920c8 krb5: Fix coverity warnings 2022-01-19 23:38:27 -06:00
Nicolas Williams
9203c4a3f4 ipropd: Ignore setsockopt() result 2022-01-19 23:37:32 -06:00
Nicolas Williams
4eec82dc52 ipc: Ignore setsockopt result 2022-01-19 23:37:01 -06:00
Nicolas Williams
dd2ad50fbf hdb: Make HDB-as-keytab get function match API 
krb5_kt_get_entry() allows a NULL principal to be given ("match all").

The get method of the HDB-as-keytab keytab did not know this, and could
dereference a NULL as a result.
 2022-01-19 23:35:19 -06:00
Nicolas Williams
cf19a0f8e3 krb5: Context must be optional for error functions 
We pass a NULL context to error functions in CCAPI (lib/krb5/acache.c)
code paths.
 2022-01-19 23:33:44 -06:00
Nicolas Williams
1e634df8a5 base: Context has to be optional in for path tok. exp. 
We call path token expansion functions with a NULL context in CCAPI
(lib/krb5/acache.c).  We only need the context for errors.
 2022-01-19 23:32:22 -06:00
Nicolas Williams
82e00128a2 base: Context has to be opt. in for error functions 
This is needed so that it can be optional for path token expansion,
which has to have the context be optional for ccapi (lib/krb5/acache.c),
which in some cases calls path token expansion functions w/ a NULL
context.
 2022-01-19 23:30:55 -06:00
Nicolas Williams
c650e37321 kdc: Fix leak caused by a1481f1f0 2022-01-19 17:32:16 -06:00
Nicolas Williams
03c69ffe1c GitHub: Use -Wnonnull for GCC build 2022-01-19 17:00:11 -06:00
Nicolas Williams
4a0e01f9ed kadm5: Add missing error checks 2022-01-19 16:57:06 -06:00
Nicolas Williams
97cef99f54 iprop: Fix coverity warnings 2022-01-19 16:53:45 -06:00
Nicolas Williams
1b213c1082 kadmind: Add missing error checks 2022-01-19 16:33:37 -06:00
Nicolas Williams
655c057769 kadm5: Add missing error checks 2022-01-19 16:33:17 -06:00
Nicolas Williams
9d6dd21256 iprop-log: Add missing error checks 2022-01-19 13:59:04 -06:00
Nicolas Williams
ff4c82cd47 kpasswdd: Fix leak of keytab on exit 2022-01-19 13:41:29 -06:00
Nicolas Williams
8c5030bcf7 gss: test_context: Fix leak 2022-01-19 12:35:08 -06:00
Nicolas Williams
26054d835c gss: Fix leak in gss-token 2022-01-19 12:33:11 -06:00
Nicolas Williams
abb9a46ccc kadmin: Add missing error check in init() 2022-01-18 15:41:43 -06:00
Nicolas Williams
fb4632edb1 krb5: Fix leak in test_ap-req.c 2022-01-18 15:40:54 -06:00
Nicolas Williams
b349b4add0 kdc: Fix recent dangling ptr; move more into r 
As we move more and more state into astgs_request_t we need to be
careful not to leave locals and function arguments aliasing objects from
the astgs_request_t.
 2022-01-18 15:32:05 -06:00
Nicolas Williams
3b0b9f2dfe krb5: Constify _krb5_principal2principalname() 2022-01-18 15:12:56 -06:00
Nicolas Williams
01848fe1de GitHub: Valgrind build: use LMDB 
Let's see if the output from valgrind we're currently getting has to do
with BDB or if it's to do with Heimdal (I can't reproduce locally with
LDMB).
 2022-01-18 12:35:26 -06:00
Nicolas Williams
f26bc69ded gss: Fix name attr leak in test_context 2022-01-18 12:35:26 -06:00
Nicolas Williams
0b137e3287 gss: Workaround valgrind "lifetime not equal" issue 2022-01-18 12:35:26 -06:00
Nicolas Williams
257be08bbb GitHub: Make valgrind build a debug build 
To get line numbers from valgrind stack traces we need the valgrind
build to be a debug (-g) build.
 2022-01-18 10:31:20 -06:00
Nicolas Williams
f155150969 kdc: Rewrite get_pa_etype_info and set_salt_padata 
We weren't checking for errors, and we weren't using the convience
SEQUENCE OF add_METHOD_DATA() and add_ETYPE_INFO() functions generated
by the ASN.1 compiler.  Using those utilities made get_pa_etype_info()
and make_etype_info_entry() sufficiently simpler that merging the two
makes for simpler, more readable code.
 2022-01-18 09:14:29 -05:00
Nicolas Williams
2801606b80 GitHub: Fix valgrind build 2022-01-18 01:15:09 -06:00
Nicolas Williams
a1481f1f05 kdc: Check krb5_ret_uint32() in connect loop 2022-01-18 00:42:11 -06:00
Nicolas Williams
fcba7a9fd1 kdc: Check errors from krb5_auth_con_getauthenticator() 2022-01-18 00:32:51 -06:00
Nicolas Williams
4ed4f2159c krb5: Check errors in krb5_auth_con_getauthenticator() 2022-01-18 00:32:51 -06:00
Nicolas Williams
1a08b3b47f kdc: Make --kdc-request-log-file concrrency-safe 
Build the entry to write to the log file in memory, the write it with
O_APPEND.  This should make writes to the request log file safer in
multi-process KDC configurations.

Also, check results of krb5_store_*() functions (coverity alerted to
this).
 2022-01-18 00:19:15 -06:00
Nicolas Williams
d41467dcde kdc: Explicitly ignore setsockopt() result 2022-01-18 00:16:09 -06:00
Joseph Sutton
ef059b8831 heimdal:base: Don't perform arithmetic on a NULL pointer 
Doing so is undefined behaviour.

Change-Id: Ic57baac0fc5fb06945c0dfbd5d4eb913a12fc13d
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2022-01-18 00:31:45 -05:00
Joseph Sutton
1c93a6ff26 heimdal: Avoid overflow when performing bitwise shift operations 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2022-01-18 00:31:45 -05:00
Luke Howard
bc37bf1afd kdc: use public audit API in altsecid authorizer plugin 
Regression fix for 94ed961d02 when building
altsecid_gss_preauth_authorizer.
 2022-01-18 16:27:05 +11:00
Nicolas Williams
376d347500 GitHub: Use just clang for valgrind build 2022-01-17 23:14:16 -06:00
Luke Howard
94ed961d02 kdc: make auditing API public 
Samba plugins will need to use auditing API without including krb5-private.h,
so make the auditing APIs public.
 2022-01-18 16:09:50 +11:00
Luke Howard
4befd3e355 kdc: remove krb5_ prefix for KDC attribute functions 
We will use the kdc_ rather than krb5_kdc_ prefix for new public APIs exported
from libkdc. Amend the recently introduced
request_{get,set,copy,delete}_attribute APIs to conform.
 2022-01-17 23:50:04 -05:00
Jeffrey Altman
5fa0b7b6ff lib/krb5: krb5_sento_context KRB5_SENDTO_DONE KRB5_SENDTO_FAILED 
Let the KRB5_SENDTO_DONE and KRB5_SENDTO_FAILED action states be
handled by the provided switch blocks.   This ensures that the
'ret' value is set appropriately before exiting the loop.

Change-Id: I56f4cea83efd86203a9a7a36cf48c80f632cf779
 2022-01-17 23:02:01 -05:00
Jeffrey Altman
238fd7c6c6 kdc: kdc_issue_certificate remove dead code 
'ret' cannot equal EACCES after setting it to KRB5KDC_ERR_POLICY.

Change-Id: I2fbb0c91f6fdc541813685fde26229833fa56e42
 2022-01-17 22:41:33 -05:00
Jeffrey Altman
51575264d4 kadmin: read_words pass correct type to sizeof 
(char *) not (char **).

Change-Id: I2c34fa5b0ea9f81b08451ed1b4a816684b7ab638
 2022-01-17 22:36:29 -05:00
Jeffrey Altman
2cd3f7089e kdc: cmd_append fix broken commit 
4101280459
("kdc: cmd_append do not forget va_end()")

Change-Id: Ief8b8b4a5c85a38c799e2aa554e845728a92b1fd
 2022-01-17 22:36:29 -05:00
Nicolas Williams
0e19c6b429 GitHub: Don't use find -cpio 2022-01-17 21:29:46 -06:00
Jeffrey Altman
4101280459 kdc: cmd_append do not forget va_end() 
If va_start() is called then va_end() must be called before
returning.

Change-Id: I5312cf9b6ff238fc76bea248472302d5094bbc2b
 2022-01-17 22:05:36 -05:00
Jeffrey Altman
d0e2467120 kdc: _kdc_do_kx509 prevent use of NULL cprincipal 
If the return code is non-zero do not call krb5_unparse_name()
as cprincipal will be NULL.

Change-Id: I901b3f5dcdbc186f89257aef935b91e1d207119c
 2022-01-17 21:57:07 -05:00
Jeffrey Altman
4b6fb5ab1a kdc: _kdc_find_etype prevent NULL dereference 
If use_strongest_session_key and no keys are found the return
code will be set to KRB5KDC_ERR_ETYPE_NOSUPP.  However, before
exiting if the principal is a weak exception then the return
code will be set to success and a NULL key pointer will be
dereferenced.   Skip the weak exception check if the return
code is non-zero.

Change-Id: I36d0e1b179b3392171ad6767c75111d59c3f2f7d
 2022-01-17 21:51:57 -05:00
Jeffrey Altman
0e3acff241 lib/hcrypto: mpz2BN unsafe to call mp_to_ubin with NULL 
remove the (size != 0) exception to malloc() failure.

Change-Id: I7a678b0fadd51c673491b61c06afd4203c871318
 2022-01-17 21:41:21 -05:00
Jeffrey Altman
1ebebe1d2f lib/hcrypto: RSA_check_key if rsa->n is NULL cannot call RSA_size 
Avoid a theoretical NULL pointer dereference.

Change-Id: Ia7b8671152b5444fd5cfdb3e37fd62e4db68c9c5
 2022-01-17 21:36:49 -05:00
Jeffrey Altman
ee3cd2e4a9 lib/hcrypto: RSA_new_method pass correct ptr to ENGINE_finish 
Pass rsa->engine not engine.

Change-Id: I1251c50898b267d14cbf0bb2adb40516d24fa369
 2022-01-17 21:28:37 -05:00
Jeffrey Altman
94a7e97e09 lib/hcrypto: DH_new_method pass correct ptr to ENGINE_finish 
Pass dh->engine not engine.

Change-Id: Id7294a5ac3715d557202349bf20755d873ced7ae
 2022-01-17 21:27:00 -05:00