Using non-reentrant getpwuid() (or getpwnam(), or getspnam()) can be
dangerous. We had a report of a login application / PAM that calls
those, and Heimdal, by calling them too, clobbered the cached struct
passwd used by the login app / PAM.
We add roken_get_{shell, username, appdatadir, homedir}() functions. These use
a combination of secure_getenv(), getpwuid_r(), getlogin_r(), or various WIN32
functions to get this information.
Use roken_get_appdatadir() instead of roken_get_homedir() when looking for
dotfiles.
We no longer use it since removing ftp from appl/.
Note that expansion of ~username/ couldn't have been working because
k_getpwnam() was being called with an unsigned short * that was forcibly
cast to char *, but it really was shorts, not chars... Anyone who ever
feels like reviving lib/roken/glob.[ch] will want to fix that...
Perform error checking for each function call and consistently return
errors at the point of failure.
Refactor functions to use a common exit path. Preserve error messages
stored in the kadm5_client_context.context when appropriate.
Change-Id: I7aa04020e4de3454066f0d88ba805fed999dbd1a
* Fix -O3 -Werror=unused-result build in dcache.c
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10)
with -O3 -Werror=unused-result
../lib/krb5/dcache.c:85:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&path, "%s/primary-XXXXXX", dc->dir);
^
../lib/krb5/dcache.c: In function ‘primary_create’:
../lib/krb5/dcache.c:56:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&primary, "%s/primary", dc->dir);
^
../lib/krb5/dcache.c: In function ‘dcc_gen_new’:
../lib/krb5/dcache.c:423:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&name, ":%s/tktXXXXXX", dc->dir);
^
../lib/krb5/dcache.c: In function ‘dcc_resolve’:
../lib/krb5/dcache.c:340:2: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&dc->name, ":%s/%s", dc->dir, residual);
^
../lib/krb5/dcache.c:348:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&filename, "FILE%s", dc->name);
^
cc1: all warnings being treated as errors
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Update dcache.c
When asprintf() fails it is not guaranteed that the output variable will be NULL on all platforms and releases.
* Update dcache.c
After the for loop 'key' cannot have the value -1. The loop
must execute at least once resulting either in the function
returning to the caller or the value of 'key' getting set to
a value other than -1.
Change-Id: Idaf65e3cf3d22a27828ad0dd04650a4f54ba94fc
At the completion of the while loop the value of 'ret' cannot
be zero. The expected value is KRB5_CC_END. Any other value
is an error to return to the caller. If 'ret' is KRB5_CC_END
then return krcc_end_get() result().
Change-Id: Ic2afb5a754e03d521c10a259c53fc70b86b4a132
OpenSSL 1.1 has the pkInitKDC OID built in, which breaks as it was redefined by
openssl.cnf in Heimdal. Try to determine if OpenSSL >= 1.1 and if so, use a
configuration file that omits this OID definition. The implementation is not
robust but as this is simply an example (not run by the test suites), it should
be adequete.
kinit does not destroy ccaches created with krb5_cc_new_unique() if ticket
acquisition fails. This was leaving dangling keyring entries with the keyring
ccache.
From a suggestion by nicowilliams, put double quotes aroung the varaible
$foopassword in case the password contains whitespace or other special
characters.
When we use a custom patch that makes strong passwords required even for
administrators the check-kadmin test will fail because "foo" (the password
used in check-kadmin.in) is not a strong password. So, we make the
password used in check-kadmin.in settable as a parameter. This way, we
only have to change one line of check-kadmin.in rather than a dozen to get
check-kadmin to pass when using the strong-passwords everywhere patch.
Note that this change makes no real change to any of the tests in
check-kadmin.in: no tests are changed, removed, or added.
Adding a principal with a random key or password did not respect non-default
password expiration times, because the act of setting the key or password would
clobber it with the default. As we update the principal anyway after setting
the keys, use this opportunity to restore the requested password expiration
time. (There are other ways to solve this, but this is the least intrusive.)
krb5_get_init_creds_opt_set_change_password_prompt() was being ignored by
krb5_init_creds_step() which broke pam_krb5 tests. MIT doesn't handle password
expiration within krb5_init_creds_step(), instead deferring to higher level
functions such as krb5_get_init_creds_password(). However, Heimdal kinit uses
krb5_init_creds_step() directly and thus requires this behaviour to be
implemented to pass its own tests.
Adds support for "hard" aliases when initially authenticating, that is,
allowing a client or server principal to be known by many names without
requiring that the client support name canonicalization.
In order to avoid changing the behavior for other backends such as Samba, this
is implemented in the HDB backend rather than the KDC.
To use, add an alias for both the client and TGS ("krbtgt") principals using
kadmin. This behavior is unchanged if name canonicalization is enabled.
This fixes compilation with -Wstrict-overflow=2.
with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2"
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives:
addr_families.c: In function ‘krb5_sockaddr2address’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:851:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr2address (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_sockaddr2port’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:879:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr2port (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_addr2sockaddr’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:914:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_addr2sockaddr (krb5_context context,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_max_sockaddr_size’:
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for(a = at; a < at + num_addrs; ++a)
^
addr_families.c:950:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_max_sockaddr_size (void)
^
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for(a = at; a < at + num_addrs; ++a)
^
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_sockaddr_uninteresting’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:974:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr_uninteresting(const struct sockaddr *sa)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_sockaddr_is_loopback’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:983:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr_is_loopback(const struct sockaddr *sa)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_h_addr2sockaddr’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1011:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_h_addr2sockaddr (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_h_addr2addr’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1042:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_h_addr2addr (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_anyaddr’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1073:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_anyaddr (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_print_address’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1108:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_print_address (const krb5_address *addr,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_address_order’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1238:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_address_order(krb5_context context,
^
addr_families.c:1238:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c: In function ‘krb5_free_address’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1333:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_free_address(krb5_context context,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_copy_address’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1383:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_copy_address(krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_address_prefixlen_boundary’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1537:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_address_prefixlen_boundary(krb5_context context,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
CC libkrb5_la-config_file.lo
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(Similar to Samba commit aa17db1f4061920512396032fcd3c7c8a4a8f38f)
This fixes compilation with -Wstrict-overflow=2
with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2"
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives:
config_file.c: In function ‘krb5_config_vget_strings’:
config_file.c:1122:10: warning: assuming signed overflow does not occur when simplifying conditional to constant [-Wstrict-overflow]
while(nstr--)
^
Upstream pull request:
https://github.com/heimdal/heimdal/pull/354
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to Samba commit 72979d1d60ca2eab1e7903c2e77b8cca69667691,
cut down to just the config_file.c and keytab_any.c changes reproduced
above by abartlet)
The size of portstr is too small to print an integer.
Instead just let snprintf do the work.
This fixes building with GCC 7.1
Based on feedback by Jeffrey Altman
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
(Inspired by Samba commit abd74c3ba5e3ee3f5320bff6ed7dff4fbcb79373)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2"
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives:
keytab_any.c: In function ‘any_remove_entry’:
keytab_any.c:241:7: warning: assuming signed overflow does not occur when simplifying conditional to constant [-Wstrict-overflow]
if(!found)
^
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from Samba commit e8fec94827c933041acd5b447eeeefd0b7b507ef)
