Using non-reentrant getpwuid() (or getpwnam(), or getspnam()) can be
dangerous. We had a report of a login application / PAM that calls
those, and Heimdal, by calling them too, clobbered the cached struct
passwd used by the login app / PAM.
We add roken_get_{shell, username, appdatadir, homedir}() functions. These use
a combination of secure_getenv(), getpwuid_r(), getlogin_r(), or various WIN32
functions to get this information.
Use roken_get_appdatadir() instead of roken_get_homedir() when looking for
dotfiles.
We no longer use it since removing ftp from appl/.
Note that expansion of ~username/ couldn't have been working because
k_getpwnam() was being called with an unsigned short * that was forcibly
cast to char *, but it really was shorts, not chars... Anyone who ever
feels like reviving lib/roken/glob.[ch] will want to fix that...
Perform error checking for each function call and consistently return
errors at the point of failure.
Refactor functions to use a common exit path. Preserve error messages
stored in the kadm5_client_context.context when appropriate.
Change-Id: I7aa04020e4de3454066f0d88ba805fed999dbd1a
* Fix -O3 -Werror=unused-result build in dcache.c
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10)
with -O3 -Werror=unused-result
../lib/krb5/dcache.c:85:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&path, "%s/primary-XXXXXX", dc->dir);
^
../lib/krb5/dcache.c: In function ‘primary_create’:
../lib/krb5/dcache.c:56:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&primary, "%s/primary", dc->dir);
^
../lib/krb5/dcache.c: In function ‘dcc_gen_new’:
../lib/krb5/dcache.c:423:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&name, ":%s/tktXXXXXX", dc->dir);
^
../lib/krb5/dcache.c: In function ‘dcc_resolve’:
../lib/krb5/dcache.c:340:2: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&dc->name, ":%s/%s", dc->dir, residual);
^
../lib/krb5/dcache.c:348:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&filename, "FILE%s", dc->name);
^
cc1: all warnings being treated as errors
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Update dcache.c
When asprintf() fails it is not guaranteed that the output variable will be NULL on all platforms and releases.
* Update dcache.c
After the for loop 'key' cannot have the value -1. The loop
must execute at least once resulting either in the function
returning to the caller or the value of 'key' getting set to
a value other than -1.
Change-Id: Idaf65e3cf3d22a27828ad0dd04650a4f54ba94fc
At the completion of the while loop the value of 'ret' cannot
be zero. The expected value is KRB5_CC_END. Any other value
is an error to return to the caller. If 'ret' is KRB5_CC_END
then return krcc_end_get() result().
Change-Id: Ic2afb5a754e03d521c10a259c53fc70b86b4a132
OpenSSL 1.1 has the pkInitKDC OID built in, which breaks as it was redefined by
openssl.cnf in Heimdal. Try to determine if OpenSSL >= 1.1 and if so, use a
configuration file that omits this OID definition. The implementation is not
robust but as this is simply an example (not run by the test suites), it should
be adequete.
krb5_get_init_creds_opt_set_change_password_prompt() was being ignored by
krb5_init_creds_step() which broke pam_krb5 tests. MIT doesn't handle password
expiration within krb5_init_creds_step(), instead deferring to higher level
functions such as krb5_get_init_creds_password(). However, Heimdal kinit uses
krb5_init_creds_step() directly and thus requires this behaviour to be
implemented to pass its own tests.
Adds support for "hard" aliases when initially authenticating, that is,
allowing a client or server principal to be known by many names without
requiring that the client support name canonicalization.
In order to avoid changing the behavior for other backends such as Samba, this
is implemented in the HDB backend rather than the KDC.
To use, add an alias for both the client and TGS ("krbtgt") principals using
kadmin. This behavior is unchanged if name canonicalization is enabled.
This fixes compilation with -Wstrict-overflow=2.
with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2"
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives:
addr_families.c: In function ‘krb5_sockaddr2address’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:851:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr2address (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_sockaddr2port’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:879:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr2port (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_addr2sockaddr’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:914:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_addr2sockaddr (krb5_context context,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_max_sockaddr_size’:
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for(a = at; a < at + num_addrs; ++a)
^
addr_families.c:950:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_max_sockaddr_size (void)
^
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for(a = at; a < at + num_addrs; ++a)
^
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_sockaddr_uninteresting’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:974:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr_uninteresting(const struct sockaddr *sa)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_sockaddr_is_loopback’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:983:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr_is_loopback(const struct sockaddr *sa)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_h_addr2sockaddr’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1011:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_h_addr2sockaddr (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_h_addr2addr’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1042:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_h_addr2addr (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_anyaddr’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1073:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_anyaddr (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_print_address’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1108:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_print_address (const krb5_address *addr,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_address_order’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1238:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_address_order(krb5_context context,
^
addr_families.c:1238:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c: In function ‘krb5_free_address’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1333:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_free_address(krb5_context context,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_copy_address’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1383:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_copy_address(krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_address_prefixlen_boundary’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1537:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_address_prefixlen_boundary(krb5_context context,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
CC libkrb5_la-config_file.lo
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(Similar to Samba commit aa17db1f4061920512396032fcd3c7c8a4a8f38f)
This fixes compilation with -Wstrict-overflow=2
with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2"
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives:
config_file.c: In function ‘krb5_config_vget_strings’:
config_file.c:1122:10: warning: assuming signed overflow does not occur when simplifying conditional to constant [-Wstrict-overflow]
while(nstr--)
^
Upstream pull request:
https://github.com/heimdal/heimdal/pull/354
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to Samba commit 72979d1d60ca2eab1e7903c2e77b8cca69667691,
cut down to just the config_file.c and keytab_any.c changes reproduced
above by abartlet)
The size of portstr is too small to print an integer.
Instead just let snprintf do the work.
This fixes building with GCC 7.1
Based on feedback by Jeffrey Altman
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
(Inspired by Samba commit abd74c3ba5e3ee3f5320bff6ed7dff4fbcb79373)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2"
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives:
keytab_any.c: In function ‘any_remove_entry’:
keytab_any.c:241:7: warning: assuming signed overflow does not occur when simplifying conditional to constant [-Wstrict-overflow]
if(!found)
^
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from Samba commit e8fec94827c933041acd5b447eeeefd0b7b507ef)
The Solaris auxval test fails, because Solaris uses different preprocessor
symbols (and numbers) for its UID and GID auxval types.
Note that issuid() could simply be an alias of issetugid() on Solaris, so
perhaps this is not necessary.
it turns out that we don't need to tell lex we don't plan to use unput;
we can just.... not use unput. however, if we're flex, use the command
line option if it's available, to avoid warnings
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from Samba commit 521bc6056edc5252f2256664f4eacba13a3749e3)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from Samba commit e2c0af6bcdf271ff75c455695c129bc18322bd5a)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from Samba commit 899ef5d186c2c44f63c1cbf415daa33e9f668a5b)
