Previously getenv("KRB5_KTNAME") happened in
init_context_from_config_file()
which would capture the environment value as an override without
using strdup() to get a private copy, so it would get trashed in
applications that dynamically update the environment (e.g. Perl
code that has a tied %ENV).
The patch delays getenv("KRB5_KTNAME") until the context's value
of default_keytab is actually needed, and the environment can preempt
the context's default at that time.
[ Do we need to worry about issuid() being true initially when the
context is created, but not later, because the application changes
both the real and effective uid? If so the issuid() state should
be saved when the context is created and the saved value queried. ]
On any OS with a properly implemented getaddrinfo() this change is a
no-op. Passing NULL for the hint is supposed to be the same as an
addrinfo structure with all fields set to 0. There is no need to set
ai_family to AF_UNSPEC because that value is already 0.
GNU libc doesn't follow standard behaviour. Quoting from
http://man7.org/linux/man-pages/man3/getaddrinfo.3.html :
"Specifying hints as NULL is equivalent to setting ai_socktype and
ai_protocol to 0; ai_family to AF_UNSPEC; and ai_flags to
(AI_V4MAPPED | AI_ADDRCONFIG). (POSIX specifies different defaults for
ai_flags; see NOTES.)"
The NOTES section says:
"According to POSIX.1-2001, specifying hints as NULL should cause
ai_flags to be assumed as 0. The GNU C library instead assumes a value
of (AI_V4MAPPED | AI_ADDRCONFIG) for this case, since this value is
considered an improvement on the specification."
The patch makes sure that krb5_parse_address works consistently on both
GNU libc and systems that follow POSIX.1-2001 to the letter. Some
incorrect Fedora 17 patches managed to break IPv6 connectivity and were
later backed out (see discussion at https://bugzilla.redhat.com/808147).
This patch resolves the incompatibility.
Signed-off-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Commit ad7e54d698 introduced the use
of _krb5_expand_path_tokens() to expand tokens (and on Windows convert
path delimiters) within credential cache names. This is safe to do
for the path based credential cache types FILE, DIR and SCC but on
Windows is unsafe for the non-path types.
For example on Windows, the API credential cache names are often based
on the principal name and the principal name is parsed from the ccname.
This practice was introduced with the version v2 ccapi when there was
no method of enumerating the caches from the krb5 library.
This change adds a "filepath" boolean parameter to _krb5_expand_path_tokens()
which is set to TRUE (non-zero) when the input is a file path and FALSE
(zero) when the input is not a file path. _krb5_expand_path_tokens() will
only perform directory separator normalization on Windows when the
"filepath" parameter is TRUE.
This change is not the preferred solution because it requires that the
library be aware of all credential cache types that use path based
residuals. The preferred solution would require that the credential cache
implementation indicate whether or not it uses a path based residual.
This change has been implemented using a prefix test and not a change to
struct krb5_cc_ops because existing ccache plugins will not know how to
advertise their use of path based residuals and that path expansion is
safe.
Change-Id: I8135991e8ce69fc5273d381ea9c2078bc2bcd19a
Now that test_fx checks 1DES keys, we need to call allow_weak_crypto on
the test's context.
Without this fix, "make check" was failing with the following error:
lt-test_fx: krb5_crypto_init: Encryption type des-cbc-crc not
supported
(rebased on current Heimdal by abartlet)
The error Coverity complains about is in the malloc. krb5_enctypes is
an enum, so it is usually smaller than the size of a pointer. So we
overallocate, but in the memcpy further down we copy from potentially
invalid memory.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 13 11:05:44 CET 2013 on sn-devel-104
In the error case without EXTRA_ADDRESSES we access ignore_addresses
without initialization
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is a static const struct and the name is never used,
so just make it an anonymous struct.
This hopefully fixes the build on AIX:
"../lib/roken/roken-common.h", line 276.9: 1506-236 (W) Macro name __attribute__ has been redefined.
"../lib/roken/roken-common.h", line 276.9: 1506-358 (I) "__attribute__" is defined on line 45 of ../lib/com_err/com_err.h.
"../lib/krb5/expand_path.c", line 331.21: 1506-334 (S) Identifier token has already been defined on line 98 of "/usr/include/net/if_arp.h".
"../lib/krb5/expand_path.c", line 390.43: 1506-019 (S) Expecting an array or a pointer to object type.
"../lib/krb5/expand_path.c", line 391.31: 1506-019 (S) Expecting an array or a pointer to object type.
"../lib/krb5/expand_path.c", line 392.20: 1506-019 (S) Expecting an array or a pointer to object type.
"../lib/krb5/expand_path.c", line 392.48: 1506-019 (S) Expecting an array or a pointer to object type.
"../lib/krb5/expand_path.c", line 393.39: 1506-019 (S) Expecting an array or a pointer to object type.
Waf: Leaving directory `/opt/home/build/build_farm/samba_4_0_test/bin'
Build failed: -> task failed (err #1):
{task: cc expand_path.c -> expand_path_52.o}
gmake: *** [all] Error 1
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jun 16 15:20:59 CEST 2012 on sn-devel-104
It is necessary to use the RFC3961 random_to_key operation when
creating a key from a bitstring.
Signed-off-by: Nicolas Williams <nico@cryptonector.com>
RFC 3961 says the simplified profile PRF should truncate the hash
output to "multiple of m", which MIT krb5 interprets as the largest
possible multiple of m. RFC 6113 appendix A also uses that
interpretation for the KRB-FX-CF2 test vector. So the DES3 PRF should
truncate the 20-byte SHA-1 result to 16 bytes, not 8. Also make
krb5_crypto_prf_length work with DES3 by giving the DES3 enctype a
non-zero PRF length.
Signed-off-by: Nicolas Williams <nico@cryptonector.com>
It is much easier (i.e. actually possible) to debug transit path policy
violations when the logs specify the client and server realms, not just
the transit realm.
The problem is that fcc_get_cache_next() is called in a context where
context->default_cc_name is not set. We should call
krb5_cc_default_name(), and that fixes the problem. There's a comment
warning that this can result in reentering krb5_cc_cache_match(), but
nothing in libkrb5 calls krb5_cc_cache_match(), so the comment is wrong,
at least in the github tree.
An alternative would be to call krb5_cc_set_default_name(NULL) in
kuser/kinit.c before calling krb5_cc_cache_match(), however, that seems
like an insufficiently general solution. Also, the semantics of
krb5_cc_cache_match() would differ from MIT's -- it seems better to
match MIT's semantics.
comment the HAVE_DLADDR preprocessor #else and #endif
because they are so many lines apart.
indent the strrchr() call after the _Win32 block to demonstrate
they are related.
Change-Id: I112dc91b350b277cdb1dc1cd3ccd8f31a2084409
On Windows a file descriptor is an int value allocated by the
local module instance of the C Run Time Library. A socket handle is a
SOCKET value allocated by a Winsock Provider for the requested family and
protocol. These two values cannot be mixed and there is no mechanism for
converting between the two. The _get_osfhandle() and _open_osfhandle()
functions can work with a standard HANDLE (file, pipe, etc) but cannot be
used for a SOCKET.
The Heimdal krb5_storage_from_fd() routine counted on the osf conversion
functions working on SOCKET values. Since they do not any attempt to call
krb5_storage_from_fd() on a socket resulted in an assertion being thrown
by the C RTL.
Another problem is SOCKET value truncation when storing a 64-bit value
into a 32-bit int.
To address these problems a new krb5_storage_from_socket() routine is
introduced. This routine setups a krb5_storage that stores a socket value
as a rk_socket_t and provides a set of helper routines that always use
network ready functions.
The krb5_storage_from_fd() routines no longer use net_read() and
net_write() but provide helpers that follow their logic so that pipes can
be processed.
All call sites that allocate a socket now store the socket as rk_socket_t
and call krb5_storage_from_socket().
All locations that previously called the bare close() on a socket value
now call rk_closesocket().
Change-Id: I045f775b2a5dbf5cf803751409490bc27fffe597
In the previous implementation when .k5login or .k5login.d existed
and k5login_authoritative was false, no further plugins were tried.
Also when k5login_authoritative was true and .k5login did not match,
the directory was never tried.
C++ does not permit struct names and typedef names to be the same.
Rename
struct krb5_name_canon_rule to struct krb5_name_canon_rule_data
and
struct krb5_name_canon_iterator to struct krb5_name_canon_iterator_data
Change-Id: I92766e0878bf0beef92de1649baf9e5cafbf86aa
Since the memory is allocated inside the Kerberos library, it
should be freed by code inside the same library. free, as
previously recommended, therefore doesn't seem appropriate.
Instead, recommend krb5_xfree, which exists for this purpose.
krb5_set_default_realm.3 man page update
Change-Id: I11d119edf03148cbdc654480c72ddffb540084ec
Programs like sshd may create or access a ccache with
ruid != user's UID, euid == user's UID.
Set-uid-0 programs (ob reminder: they start life as ruid == user's UID,
euid == 0) shouldn't unintentionally access ccaches. Therefore we
shouldn't check both of ruid and euid, just euid.
Eventually we'll need to make sure that a) libroken's stdint.h defines
the max integer types, b) the libroken *printf()s can handle all the
standard length and conversion specifiers.
