3a7c2c6a7f
("krb5.h: define DOMAIN_X500_COMPRESS macro")
defined DOMAIN_X500_COMPRESS to the wrong name.
Change-Id: I5c60d86b856ce6d3fa94b1fa8d7ffe17b97c8513
Ah, we can't use context->default_cc_name because that will be taken
from KRB5CCNAME if it's set, and then we'll think whatever that value is
is the default, but we're really looking to special case resolving of
the "%{UID}" KCM cache name. So do that.
Our kcm daemon will resolve default cache names (%{UID}) to the user's
session's default cache name. SSSD's kcm daemon will not.
Therefore we add a heuristic for "if we're resolving what may be the
local configured default KCM cache, and it doesn't exist as such in the
KCM session, then use the KCM session's default cache".
This allows our kinit and klist to work as intended.
krb5_store_string, krb5_store_stringz, krb5_store_stringnl
If the input string is NULL, fail the call with EINVAL.
Do not pass the NULL pointer to strlen().
Change-Id: Id87d72e263dde798f300353ec4c1656b310d17a4
Wrap all KCM cc ops that need to call kcm_alloc() so that they pass in
the cc ops pointer that they're associated with so that kcm_alloc() can
use the correct ccache type name if needed.
The definitions of memcpy(), memmove(), and memset() state that
the behaviour is undefined if any of the pointer arguments are
NULL, and some compilers are known to make use of this to
optimise away existing NULL checks in the source.
Change-Id: I489bc256e3eac7ff41d91becb0b43aba73dbb3f9
Link: https://www.imperialviolet.org/2016/06/26/nonnull.html
The pseudo keyword 'fallthrough' is defined such that case statement
blocks must end with any of these keywords:
* break;
* fallthrough;
* continue;
* goto <label>;
* return [expression];
*
* gcc: https://gcc.gnu.org/onlinedocs/gcc/Statement-Attributes.html#Statement-Attributes
The macro is defined either as
__attribute__((__fallthrough__))
or as
do {} while (0) /* fallthrough */
not including the semicolon.
This change implements the Linux kernel style and updates several locations
where "/*fallthrough*/ and /* FALLTHROUGH */ were not previously replaced.
Externally imported code such as libedit, libtommath and sqlite are
restored to their unaltered state.
Change-Id: I69db8167b0d5884f55d96d72de3059a0235a1ba3
The tests depend upon an ERANGE error for buffer length zero.
They broken due to 8324a2af1d
("lib/krb5: unparse_name_fixed error if invalid name buffer or length")
which returned EINVAL.
Change-Id: I81693f9d3f5fdc1838c11ffbfe0dafc742d9b207
If make_local_fast_ap_fxarmor() is called without a ccache
it will segmentation fault. Set a krb5 error message in the
context and fail with EINVAL.
Change-Id: I8a72a026dbae931e41498f55cd634ad2fee26772
krb5_cc_end_seq_get() is not expected to fail because it is a
cleanup routine. If it fails it indicates something wrong with
the cache or the system. Return the failure if there is one.
Otherwise, the failure from krb5_cc_next_cred() should be
returned UNLESS it is KRB5_CC_END in which case return success.
Change-Id: I80e07103e2fb38aa40418a436fa5351fb89549d3
Calls to krb5_principal_set_realm() can fail due to memory
allocation failures. If the client realm cannot be set in
the generated principal the wrong realm will be used.
Check for the result of krb5_principal_set_realm() and if
there is a failure, clean up and return the error code to
the caller.
Change-Id: Icadd04c858e88c1ba1d4344c60a784885a6a1344
If the output 'name' buffer is NULL or length is zero, there is
no place to unparse the principal name to. Fail with EINVAL and
if possible set an error message on the krb5_context.
This avoids potential NULL pointer dereferences.
Change-Id: Ie38d284f1867be883a2f2e31103ea50cd130a0fe
Refactor krb5_vset_error_message() to remove the many conditional
tests on the existence of krb5_context. If there is no krb5_context
then _krb5_debug() is a no-op. Therefore, there is no point in
performing any of the other work.
Change-Id: Ib88b592a542a195f27e352a80ced0a98a6f85300
Let the KRB5_SENDTO_DONE and KRB5_SENDTO_FAILED action states be
handled by the provided switch blocks. This ensures that the
'ret' value is set appropriately before exiting the loop.
Change-Id: I56f4cea83efd86203a9a7a36cf48c80f632cf779
Refactor the call to verify_common() to pass the krb5_cred by
pointer to and call krb5_free_cred_contents() in
verify_user_opt_int() instead of verify_common().
We sometimes use this idiom where we ignore the result of some function
such as krb5_unparse_name() and then we log something and we use the
ternary operator to handle any error from that function by substituting
a string like "<unknown>" or "<out-of-memory>". This yields some static
analyzer complaints. Maybe casting the function's result to void will
help.
Coverity thinks `handle` in lib/krb5/send_to_kdc.c:krb5_sendto_context()
at 1241 can be NULL, leading to a NULL derefence in `get_next()`. This
is an attempt to fix this by having `get_next()` check handle for NULL.
If getaddrinfo() succeeds and returns the gTLD name collision
address the result is ignored but the allocated addrinfo was not
freed.
If allocation of the krb5_krbhst_info structure fails the addrinfo
would also be leaked.
Change-Id: I94111e081cba9548f57ad7b7e7cbea3faab7502c
_krb5_mk_req_internal() accepts a (krb5_auth_context *) because
it can allocate and return a krb5_auth_context to the caller.
mkae_pa_tgs_req() should never be called with a non-NULL
krb5_auth_context but to avoid confusion, alter the signature
to accept a (krb5_auth_context *) instead of (krb5_auth_context)
so _krb5_mk_req_internal() is not called with a pointer to an
input parameter.
Change-Id: I6c2293529766eb06a9eebf41715533d8195b1f72
CHECK(ret, func(), label) jumps to the label if the function
returns non-zero. As a result it bypasses the free(s2) call.
Use the common out label to free(s2).
Change-Id: I9a79df669e6407a82991f4a849fc16a0afaae561
5be5faa722
("Use all DES keys, not just des-cbc-md5, verify that they all are the same.")
introduced a common out but missed a code path.
Change-Id: I27c1913c8cf87600ae34c42874bfc9d49ae1d22e
