Commit Graph

5715 Commits

Author SHA1 Message Date
Jeffrey Altman
4185e87a6c lib/krb5: domain_X500_Compress not domain_X500_compress
3a7c2c6a7f
("krb5.h: define DOMAIN_X500_COMPRESS macro")
defined DOMAIN_X500_COMPRESS to the wrong name.

Change-Id: I5c60d86b856ce6d3fa94b1fa8d7ffe17b97c8513
2022-01-28 13:49:16 -05:00
Nicolas Williams
2dec179e35 krb5: Add krb5_cccol_get_default_ccname() 2022-01-26 16:40:16 -06:00
Nicolas Williams
5cd49a8032 krb5: Manually expand some macros in fcc_move()
To help in debugging.
2022-01-25 17:22:23 -06:00
Nicolas Williams
a4396ee819 krb5: Fix leak in kcm_gen_new() 2022-01-25 15:38:55 -06:00
Nicolas Williams
4dcfd968d0 krb5: Better default KCM cache logic (moar)
Ah, we can't use context->default_cc_name because that will be taken
from KRB5CCNAME if it's set, and then we'll think whatever that value is
is the default, but we're really looking to special case resolving of
the "%{UID}" KCM cache name.  So do that.
2022-01-25 14:46:32 -06:00
Nicolas Williams
1a719bdc0e krb5: Better default KCM cache logic
Our kcm daemon will resolve default cache names (%{UID}) to the user's
session's default cache name.  SSSD's kcm daemon will not.

Therefore we add a heuristic for "if we're resolving what may be the
local configured default KCM cache, and it doesn't exist as such in the
KCM session, then use the KCM session's default cache".

This allows our kinit and klist to work as intended.
2022-01-25 13:12:06 -06:00
Nicolas Williams
ae181ee52e krb5: Check for KRB5_CC_NOSUPP in krb5_cc_move()
The KCM cache can return KRB5_CC_NOSUPP instead of ENOTSUP.
2022-01-25 13:12:06 -06:00
Jeffrey Altman
468a06e612 lib/krb5: krb5_store_string*() input must be non-NULL
krb5_store_string, krb5_store_stringz, krb5_store_stringnl

If the input string is NULL, fail the call with EINVAL.
Do not pass the NULL pointer to strlen().

Change-Id: Id87d72e263dde798f300353ec4c1656b310d17a4
2022-01-25 12:42:09 -05:00
Nicolas Williams
727682ec41 krb5: Fix KCM/API ccache type name confusion
Wrap all KCM cc ops that need to call kcm_alloc() so that they pass in
the cc ops pointer that they're associated with so that kcm_alloc() can
use the correct ccache type name if needed.
2022-01-25 01:16:08 -06:00
Nicolas Williams
c44f94fa7e krb5: Use krb5_enomem() in KCM 2022-01-24 22:11:49 -06:00
Nicolas Williams
2a7095971a krb5: Fix cccol support in KCM 2022-01-24 22:11:35 -06:00
Nicolas Williams
2137f0c28e kcm: Do not clobber error from server 2022-01-24 18:27:35 -06:00
Nicolas Williams
5bb5033f10 krb5: "KEYRING:" should work 2022-01-24 15:38:47 -06:00
Nicolas Williams
c4236f23bd krb5: Fix segfault in KCM ccache type 2022-01-24 13:52:36 -06:00
Jeffrey Altman
190263bb7a assert non-NULL ptrs before calling mem funcs
The definitions of memcpy(), memmove(), and memset() state that
the behaviour is undefined if any of the pointer arguments are
NULL, and some compilers are known to make use of this to
optimise away existing NULL checks in the source.

Change-Id: I489bc256e3eac7ff41d91becb0b43aba73dbb3f9
Link: https://www.imperialviolet.org/2016/06/26/nonnull.html
2022-01-24 00:07:51 -05:00
Jeffrey Altman
04527412e3 Follow the Linux kernel's lead on "fallthrough"
The pseudo keyword 'fallthrough' is defined such that case statement
blocks must end with any of these keywords:
 * break;
 * fallthrough;
 * continue;
 * goto <label>;
 * return [expression];
 *
 *  gcc: https://gcc.gnu.org/onlinedocs/gcc/Statement-Attributes.html#Statement-Attributes

The macro is defined either as

  __attribute__((__fallthrough__))

or as

  do {} while (0)  /* fallthrough */

not including the semicolon.

This change implements the Linux kernel style and updates several locations
where "/*fallthrough*/ and /* FALLTHROUGH */ were not previously replaced.

Externally imported code such as libedit, libtommath and sqlite are
restored to their unaltered state.

Change-Id: I69db8167b0d5884f55d96d72de3059a0235a1ba3
2022-01-21 10:39:47 -05:00
Nicolas Williams
b0fa256521 krb5: Fix coverity warning in krcache.c 2022-01-20 12:41:39 -06:00
Jeffrey Altman
34e918f210 lib/krb5: unparse_name_fixed ERANGE if zero buffer len
The tests depend upon an ERANGE error for buffer length zero.
They broken due to 8324a2af1d
("lib/krb5: unparse_name_fixed error if invalid name buffer or length")
which returned EINVAL.

Change-Id: I81693f9d3f5fdc1838c11ffbfe0dafc742d9b207
2022-01-20 11:09:04 -05:00
Jeffrey Altman
d55abd8f50 lib/krb5: make_local_fast_ap_fxarmor requires a ccache
If make_local_fast_ap_fxarmor() is called without a ccache
it will segmentation fault.  Set a krb5 error message in the
context and fail with EINVAL.

Change-Id: I8a72a026dbae931e41498f55cd634ad2fee26772
2022-01-20 10:22:51 -05:00
Jeffrey Altman
966e98d50b lib/krb5: fcc_remove_cred return krb5_cc_end_seq_get failure
krb5_cc_end_seq_get() is not expected to fail because it is a
cleanup routine.  If it fails it indicates something wrong with
the cache or the system.  Return the failure if there is one.

Otherwise, the failure from krb5_cc_next_cred() should be
returned UNLESS it is KRB5_CC_END in which case return success.

Change-Id: I80e07103e2fb38aa40418a436fa5351fb89549d3
2022-01-20 10:06:11 -05:00
Jeffrey Altman
29940dd22c lib/krb5: krb5_init_creds_set_service fail if set_realm fails
Calls to krb5_principal_set_realm() can fail due to memory
allocation failures.  If the client realm cannot be set in
the generated principal the wrong realm will be used.
Check for the result of krb5_principal_set_realm() and if
there is a failure, clean up and return the error code to
the caller.

Change-Id: Icadd04c858e88c1ba1d4344c60a784885a6a1344
2022-01-20 09:44:43 -05:00
Jeffrey Altman
8324a2af1d lib/krb5: unparse_name_fixed error if invalid name buffer or length
If the output 'name' buffer is NULL or length is zero, there is
no place to unparse the principal name to.  Fail with EINVAL and
if possible set an error message on the krb5_context.

This avoids potential NULL pointer dereferences.

Change-Id: Ie38d284f1867be883a2f2e31103ea50cd130a0fe
2022-01-20 09:27:59 -05:00
Jeffrey Altman
8836e6a39d lib/krb5: krb5_vset_error_message is no-op if no krb5_context
Refactor krb5_vset_error_message() to remove the many conditional
tests on the existence of krb5_context.  If there is no krb5_context
then _krb5_debug() is a no-op.  Therefore, there is no point in
performing any of the other work.

Change-Id: Ib88b592a542a195f27e352a80ced0a98a6f85300
2022-01-20 09:09:27 -05:00
Luke Howard
ec24edf700 kdc: add accessor functions for KDC request structure
Add accessor functions for use by Samba and other plugin developers.
Documentation is in kdc/kdc-accessors.h.
2022-01-20 17:23:24 +11:00
Nicolas Williams
9d0149d2f2 krb5: Context has to be opt. in for path tok. exp. 2022-01-19 23:49:06 -06:00
Nicolas Williams
1eda4920c8 krb5: Fix coverity warnings 2022-01-19 23:38:27 -06:00
Nicolas Williams
cf19a0f8e3 krb5: Context must be optional for error functions
We pass a NULL context to error functions in CCAPI (lib/krb5/acache.c)
code paths.
2022-01-19 23:33:44 -06:00
Nicolas Williams
fb4632edb1 krb5: Fix leak in test_ap-req.c 2022-01-18 15:40:54 -06:00
Nicolas Williams
3b0b9f2dfe krb5: Constify _krb5_principal2principalname() 2022-01-18 15:12:56 -06:00
Nicolas Williams
4ed4f2159c krb5: Check errors in krb5_auth_con_getauthenticator() 2022-01-18 00:32:51 -06:00
Joseph Sutton
1c93a6ff26 heimdal: Avoid overflow when performing bitwise shift operations
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-01-18 00:31:45 -05:00
Jeffrey Altman
5fa0b7b6ff lib/krb5: krb5_sento_context KRB5_SENDTO_DONE KRB5_SENDTO_FAILED
Let the KRB5_SENDTO_DONE and KRB5_SENDTO_FAILED action states be
handled by the provided switch blocks.   This ensures that the
'ret' value is set appropriately before exiting the loop.

Change-Id: I56f4cea83efd86203a9a7a36cf48c80f632cf779
2022-01-17 23:02:01 -05:00
Jeffrey Altman
27a2ad7bfc lib/kerb: verify_user_opt_int pass krb5_creds by ptr verify_common
Refactor the call to verify_common() to pass the krb5_cred by
pointer to and call krb5_free_cred_contents() in
verify_user_opt_int() instead of verify_common().
2022-01-17 16:31:48 -05:00
Nicolas Williams
b6114c5492 krb5: Make krb5_data_cmp() be good for sorting
The doc comment says it's good for sorting, but it wasn't really.  Now
it should be.
2022-01-17 15:17:33 -06:00
Nicolas Williams
a25cf6335e krb5: Fix ENOMEM path null deref in _krb5_pac_sign 2022-01-17 12:16:28 -06:00
Nicolas Williams
e15657679c krb5: Check for errors in pa_announce() 2022-01-17 12:14:23 -06:00
Nicolas Williams
014aa4569d krb5: Attempt to quiet coverity in warning user
We sometimes use this idiom where we ignore the result of some function
such as krb5_unparse_name() and then we log something and we use the
ternary operator to handle any error from that function by substituting
a string like "<unknown>" or "<out-of-memory>".  This yields some static
analyzer complaints.  Maybe casting the function's result to void will
help.
2022-01-17 12:11:49 -06:00
Nicolas Williams
2e631d3b1b krb5: FAST: Remove dead code 2022-01-17 11:53:42 -06:00
Nicolas Williams
e894ed0162 krb5: Remove dead code in enc_chal_step() 2022-01-17 11:35:12 -06:00
Nicolas Williams
5c68a02407 krb5: FAST: Fix potential double-free
Coverity incorrectly thinks this is a NULL dereference after NULL check,
but it's not.  If anything, this could be a double-free.
2022-01-17 11:22:19 -06:00
Nicolas Williams
fc42ff0212 krb5: Fix NULL-deref in send_to_kdc
Coverity thinks `handle` in lib/krb5/send_to_kdc.c:krb5_sendto_context()
at 1241 can be NULL, leading to a NULL derefence in `get_next()`.  This
is an attempt to fix this by having `get_next()` check handle for NULL.
2022-01-17 11:16:07 -06:00
Nicolas Williams
cf37c99222 krb5: get_cred: Add missing enc retval check 2022-01-17 10:53:13 -06:00
Nicolas Williams
c3643bb607 krb5: Remove KEYRING ccache dead code 2022-01-17 10:48:28 -06:00
Jeffrey Altman
f466b43975 lib/krb5: fallback_get_hosts free addrinfo if gTLD collision or error
If getaddrinfo() succeeds and returns the gTLD name collision
address the result is ignored but the allocated addrinfo was not
freed.

If allocation of the krb5_krbhst_info structure fails the addrinfo
would also be leaked.

Change-Id: I94111e081cba9548f57ad7b7e7cbea3faab7502c
2022-01-16 19:50:40 -05:00
Jeffrey Altman
9c27eaa079 lib/krb5: krb5_rc_store always fclose(f)
Change-Id: Ibc4864e97e6ada0ef09b0610669eabb1a52f896e
2022-01-16 19:37:44 -05:00
Jeffrey Altman
0a088b9b61 lib/krb5: make_pa_tgs_req do not pass ptr to in param to allocator
_krb5_mk_req_internal() accepts a (krb5_auth_context *) because
it can allocate and return a krb5_auth_context to the caller.
mkae_pa_tgs_req() should never be called with a non-NULL
krb5_auth_context but to avoid confusion, alter the signature
to accept a (krb5_auth_context *) instead of (krb5_auth_context)
so _krb5_mk_req_internal() is not called with a pointer to an
input parameter.

Change-Id: I6c2293529766eb06a9eebf41715533d8195b1f72
2022-01-16 19:31:34 -05:00
Jeffrey Altman
5838fcaa61 lib/krb5: build_logon_name use common 'out' do not leak 's2'
CHECK(ret, func(), label) jumps to the label if the function
returns non-zero.  As a result it bypasses the free(s2) call.
Use the common out label to free(s2).

Change-Id: I9a79df669e6407a82991f4a849fc16a0afaae561
2022-01-16 19:13:26 -05:00
Jeffrey Altman
6be242d46e lib/krb5: _krb5_pk_set_user_id free 'str' not 'name'
if der_print_hex_heim_integer() failed the wrong variable
would be freed.

Change-Id: I706c910423bd1f79fa7ce41af78c2f5bca24dfa5
2022-01-16 19:05:06 -05:00
Luke Howard
15f37ce09b krb5: fix hx509_free_error_string() usage
Fix build error in 7fb4698a: hx509_free_error_string() does not take a context
argument.

Change-Id: Ib24713d2425f53eb69fc9ebfc7cc1af3272b6271
2022-01-17 10:24:44 +11:00
Jeffrey Altman
800515b033 lib/krb5: akf_add_entry do not leak 'fd'
5be5faa722
("Use all DES keys, not just des-cbc-md5, verify that they all are the same.")
introduced a common out but missed a code path.

Change-Id: I27c1913c8cf87600ae34c42874bfc9d49ae1d22e
2022-01-16 18:08:50 -05:00