Add macros to give symbolic names to the flags which can be passed to
krb5_get_init_creds_opt_set_pkinit(). Reserve flags for BTMM and not validating
KDC anchors.
Add _krb5_principal_is_anonymous() private API for checking if a principal is
anonymous or not. The third argument determines whether to match authenticated
anonymous, unauthenticated anonymous, or both types of principal.
We choose a semantic for the file offset during truncate operations
which is to leave the offset as is unless it is off the end of the
file in which case we pull it back in to the end. We update fd and
stdio handling to match the {,e}mem behaviour.
On 32-bit Windows Intel builds the __cdecl and __stdcall calling
conventions are different so labeling the functions that are
exported or assigned to function pointers matters.
Change-Id: I03b6f34baeb9ffb2e683fd979f12f27a5078a4da
Heimdal declares functions that never return as non-void. Suppress
the following warnings now that functions are labeled 'noreturn'.
4646 - function declared with __declspec(noreturn) has non-void return type
4716 - 'function' must return a value
Change-Id: Id85cc435e99688bae7326a723a5a80d828859bf2
The 'plugin_prefix' variable was declared 'const' which generates
a warning because the C string is freed.
This change removes the 'const' designation.
Change-Id: I6f3838d6dbf1bb496f286c96aea96bae8948930d
Refactor plugin framework to use a single list of loaded plugins; add a new
plugin API where DSOs export a load function that can declare dependencies and
export multiple plugins; refactor kadm5 hook API to use krb5 plugin framework.
More information in krb5-plugin(7).
- Add --keepold/keepallold/pruneall options to various kadmin/ktutil
commands. Default behavior to "prune old keys".
- When setting keys for a service, we need to specify enctypes for it:
- Always use kadm5_randkey_principal_3() instead of the older
kadm5_randkey_principal().
- Add krb5_string_to_keysalts2(), like MIT's krb5_string_to_keysalts(),
but with a context, and simpler.
- Add --enctypes options to various kadmin/ktutil commands.
- Add [libdefaults] supported_enctypes param with enctype[:salttype]
list.
- Add [realms] realm supported_enctypes param with enctype[:salttype]
list.
Default to aes128-cts-hmac-sha1-96:normal.
For compatibility with MIT Kerberos, support automatic acquisition of initiator
credentials if a client keytab is available. The default path on non-Windows is
/var/heimdal/user/%{euid}/client.keytab, but can be overriden with the
KRB5_CLIENT_KTNAME environment variable or the default_client_keytab_name
configuration option. If a client keytab does not exist, or exists but does not
contain the principal for which initiator credentials are being acquired, the
system keytab is tried.
The meaning of the two is different and we should
not implicitly set both if one was requested (this
aligns the logic with MIT kinit -C/-E options).
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
The referral function does not handle short names,
so avoid falling over it in case capath fails, in
order to preserve the error code returned by the
KDC (it wasn't a problem before the order between
the two functions has changed).
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Prior to this change a KDC response of KRB5KDC_ERR_SVC_UNAVAILABLE
would result in the client looping forever. Setting the action to
KRB5_SENTO_CONTINUE repeats the current loop without altering the
current state. Hence the infinite loop.
As of this change, the action is set to KRB5_SENDTO_RESET which
forces the current kdc's response to be cleared and then to retry.
If KRB5KDC_ERR_SVC_UNAVAILABLE continues to be returned, the retry
limit will be reached and the loop will end.
This bug was filed by multiple sources including Samba and ScottUrban
on github.
Change-Id: If1611be0ada3422cefae89541ed3b3df1f6efe29
This patch adds the "enforce_on_admin_set" configuration knob in the
[password_quality] section. When this is enabled, administrative password
changes via the kadmin or kpasswd protocols will be subject to password quality
checks. (An administrative password change is one where the authenticating
principal is different to the principal whose password is being changed.)
Note that kadmin running in local mode (-l) is unaffected by this patch.
Using non-reentrant getpwuid() (or getpwnam(), or getspnam()) can be
dangerous. We had a report of a login application / PAM that calls
those, and Heimdal, by calling them too, clobbered the cached struct
passwd used by the login app / PAM.
We add roken_get_{shell, username, appdatadir, homedir}() functions. These use
a combination of secure_getenv(), getpwuid_r(), getlogin_r(), or various WIN32
functions to get this information.
Use roken_get_appdatadir() instead of roken_get_homedir() when looking for
dotfiles.
* Fix -O3 -Werror=unused-result build in dcache.c
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10)
with -O3 -Werror=unused-result
../lib/krb5/dcache.c:85:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&path, "%s/primary-XXXXXX", dc->dir);
^
../lib/krb5/dcache.c: In function ‘primary_create’:
../lib/krb5/dcache.c:56:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&primary, "%s/primary", dc->dir);
^
../lib/krb5/dcache.c: In function ‘dcc_gen_new’:
../lib/krb5/dcache.c:423:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&name, ":%s/tktXXXXXX", dc->dir);
^
../lib/krb5/dcache.c: In function ‘dcc_resolve’:
../lib/krb5/dcache.c:340:2: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&dc->name, ":%s/%s", dc->dir, residual);
^
../lib/krb5/dcache.c:348:5: error: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&filename, "FILE%s", dc->name);
^
cc1: all warnings being treated as errors
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Update dcache.c
When asprintf() fails it is not guaranteed that the output variable will be NULL on all platforms and releases.
* Update dcache.c
After the for loop 'key' cannot have the value -1. The loop
must execute at least once resulting either in the function
returning to the caller or the value of 'key' getting set to
a value other than -1.
Change-Id: Idaf65e3cf3d22a27828ad0dd04650a4f54ba94fc
At the completion of the while loop the value of 'ret' cannot
be zero. The expected value is KRB5_CC_END. Any other value
is an error to return to the caller. If 'ret' is KRB5_CC_END
then return krcc_end_get() result().
Change-Id: Ic2afb5a754e03d521c10a259c53fc70b86b4a132
krb5_get_init_creds_opt_set_change_password_prompt() was being ignored by
krb5_init_creds_step() which broke pam_krb5 tests. MIT doesn't handle password
expiration within krb5_init_creds_step(), instead deferring to higher level
functions such as krb5_get_init_creds_password(). However, Heimdal kinit uses
krb5_init_creds_step() directly and thus requires this behaviour to be
implemented to pass its own tests.
This fixes compilation with -Wstrict-overflow=2.
with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2"
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives:
addr_families.c: In function ‘krb5_sockaddr2address’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:851:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr2address (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_sockaddr2port’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:879:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr2port (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_addr2sockaddr’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:914:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_addr2sockaddr (krb5_context context,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_max_sockaddr_size’:
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for(a = at; a < at + num_addrs; ++a)
^
addr_families.c:950:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_max_sockaddr_size (void)
^
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for(a = at; a < at + num_addrs; ++a)
^
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c:955:2: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_sockaddr_uninteresting’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:974:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr_uninteresting(const struct sockaddr *sa)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_sockaddr_is_loopback’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:983:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_sockaddr_is_loopback(const struct sockaddr *sa)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_h_addr2sockaddr’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1011:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_h_addr2sockaddr (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_h_addr2addr’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1042:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_h_addr2addr (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_anyaddr’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1073:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_anyaddr (krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_print_address’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1108:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_print_address (const krb5_address *addr,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_address_order’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1238:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_address_order(krb5_context context,
^
addr_families.c:1238:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c: In function ‘krb5_free_address’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1333:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_free_address(krb5_context context,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_copy_address’:
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1383:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_copy_address(krb5_context context,
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:820:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
addr_families.c: In function ‘krb5_address_prefixlen_boundary’:
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:1537:1: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
krb5_address_prefixlen_boundary(krb5_context context,
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (a = at; a < at + num_addrs; ++a)
^
addr_families.c:831:5: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
CC libkrb5_la-config_file.lo
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(Similar to Samba commit aa17db1f4061920512396032fcd3c7c8a4a8f38f)
This fixes compilation with -Wstrict-overflow=2
with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2"
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives:
config_file.c: In function ‘krb5_config_vget_strings’:
config_file.c:1122:10: warning: assuming signed overflow does not occur when simplifying conditional to constant [-Wstrict-overflow]
while(nstr--)
^
Upstream pull request:
https://github.com/heimdal/heimdal/pull/354
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to Samba commit 72979d1d60ca2eab1e7903c2e77b8cca69667691,
cut down to just the config_file.c and keytab_any.c changes reproduced
above by abartlet)
The size of portstr is too small to print an integer.
Instead just let snprintf do the work.
This fixes building with GCC 7.1
Based on feedback by Jeffrey Altman
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
(Inspired by Samba commit abd74c3ba5e3ee3f5320bff6ed7dff4fbcb79373)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
with CFLAGS="-O3 -Werror=strict-overflow -Wstrict-overflow=2"
gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10) gives:
keytab_any.c: In function ‘any_remove_entry’:
keytab_any.c:241:7: warning: assuming signed overflow does not occur when simplifying conditional to constant [-Wstrict-overflow]
if(!found)
^
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Without this, in an AS-REQ that has no local key for FAST
we would send the AS-REQ again, which can bump the bad
password count on the KDC twice.
So only try again if FAST was actually tried.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
The iovec encryption code doesn't handle 0 length iovecs correctly.
Instead of just skipping them, _krb5_evp_encrypt_iov_cts() will spin
on the 0 length iovec.
Modify the _krb5_evp_iov_cursor_expand helper so that iovec expansion
simply skips 0 length iovecs, and make _krb5_evp_iov_cursor_nextcrypt
do the same.
Original bug report and tests from Andrew Bartlett <abartlet@samba.org>
