Commit Graph

17716 Commits

Author SHA1 Message Date
Nicolas Williams
c4e962ea04 kafs: Fix a warning 2022-01-14 17:54:55 -06:00
Nicolas Williams
55fa5bf7d2 gsskrb5: Fix warnings 2022-01-14 17:39:05 -06:00
Nicolas Williams
96b7ea671d gss: Fix warnings 2022-01-14 17:39:05 -06:00
Nicolas Williams
65caff79a3 gss-token: Fix leak 2022-01-14 17:39:05 -06:00
Nicolas Williams
4f8399a433 hdb: Fix warnings and leaks 2022-01-14 17:10:16 -06:00
Nicolas Williams
fb553dde1d krb5: Fix warnings 2022-01-14 17:10:16 -06:00
Nicolas Williams
82a8744787 krb5: Fix SQLite3 ccache bugs/warnings 2022-01-14 17:10:16 -06:00
Nicolas Williams
aea18c3006 Use fallthrough statement attribute (moar)
GCC is very finicky.
2022-01-14 16:58:59 -06:00
Nicolas Williams
c607135a03 Use fallthrough statement attribute (moar) 2022-01-14 16:53:34 -06:00
Nicolas Williams
ddc6113610 Use fallthrough statement attribute 2022-01-14 16:32:58 -06:00
Nicolas Williams
367f9ddd7d kadm5: Revert part of 69eee19541 2022-01-14 15:41:32 -06:00
Nicolas Williams
489da75e65 tommath: Fix warning in s_read_getrandom()
See https://github.com/libtom/libtommath/pull/512

(Note: this has not shipped.  Only OS X would be affected, specifically
RSA key gen would be affected on OS X.)
2022-01-14 15:26:59 -06:00
Nicolas Williams
318b73f002 krb5: Drop duplicated krb5.conf.5 content 2022-01-14 14:59:02 -06:00
Nicolas Williams
69eee19541 kadm5: Fix warnings 2022-01-14 14:58:59 -06:00
Nicolas Williams
6f467b8097 wind: Fix some warnings 2022-01-14 14:47:13 -06:00
Nicolas Williams
005a43da96 gsspa: Quiet GCC fallthrough warning
Somehow GCC was honoring lower-case "fallthrough" comments elsewhere but
not here.  Anyways, there was no need to fall through, so now we don't.
2022-01-14 14:47:13 -06:00
Jeffrey Altman
6426e7550f roken: do not globally define 'timezone' and 'tzname'
ec866e635e
("Windows 10 SDK build fixes") introduced CPP macros

  timezone -> _timezone
  tzname   -> _tzname

but these names are common and the macros rewrite too much.

The name mapping is only required when building strftime.c
with Visual Studio 2017 and later.  Move the definitions
into strftime.c.

Change-Id: Ic813bff842124595fd3d86761cee6dcea4ae44e4
2022-01-14 14:56:39 -05:00
Nicolas Williams
05e8c0ede6 Check HMAC_Init_ex() return value 2022-01-14 12:48:32 -06:00
Nicolas Williams
52f3dc6aa4 hcrypto: HMAC_Init_Ex(): return int like OpenSSL 2022-01-14 12:48:32 -06:00
Nicolas Williams
77392d5d9c hcrypto: Fix warnings 2022-01-14 12:48:32 -06:00
Nicolas Williams
ea61f68d55 hx509: Fix name expansion bug 2022-01-14 12:44:00 -06:00
Nicolas Williams
e23bc7d53d hx509: Fix warnings and leaks 2022-01-14 12:42:52 -06:00
Nicolas Williams
d88298649b asn1: Fix ENOMEM NULL deref 2022-01-14 12:36:34 -06:00
Nicolas Williams
f0c46e7830 asn1: Use calloc() in generated C code 2022-01-14 12:25:43 -06:00
Nicolas Williams
1fe3d293e1 asn1: Fix warnings 2022-01-14 12:25:43 -06:00
Nicolas Williams
7f8fa65c5b asn1: Fix leak in der_copy_octet_string()
This manifested as a leak via _save fields in the template backend.
2022-01-14 12:01:34 -06:00
Nicolas Williams
a7e11df142 sl: Fix warnings in lib/sl/sl.c 2022-01-14 12:01:33 -06:00
Nicolas Williams
ed0fd1263a base: Fix warnings 2022-01-14 12:01:33 -06:00
Nicolas Williams
69b3c5368c base: Context should optional in more error funcs 2022-01-14 12:01:33 -06:00
Nicolas Williams
94bb267a8b roken: Delete getcap/cgetent/cgetstr() 2022-01-14 12:01:33 -06:00
Nicolas Williams
a90e1cb65c roken: Fix warnings 2022-01-14 12:01:33 -06:00
Jeffrey Altman
3a7c2c6a7f krb5.h: define DOMAIN_X500_COMPRESS macro
db7763ca7b
("asn1: X.681/682/683 magic handling of open types")
renamed 'DOMAIN_X500_COMPRESS' to 'domain_X500_Compress'
for compliance with ASN.1 which requires values to start with
lower case and types to start with upper case.

This change adds a CPP macro DOMAIN_X500_COMPRESS for use by
third-party applications that rely upon the prior name.

Change-Id: I2eb6fec2c795c8adeeef893b00909a202257ad74
2022-01-14 12:46:08 -05:00
Jeffrey Altman
05781f22ab roken: fix net_write if _WIN32 and !SOCKET_IS_NOT_AN_FD
12826c9586
("Handle partial writes on non-blocking sockets") introduced
unconditional use of 'use_write' which is only declared if
defined(SOCKET_IS_NOT_AN_FD).

Change-Id: I0c43ed44a86b4f245acba849afabeb9ce739d0e5
2022-01-14 12:35:50 -05:00
Nicolas Williams
e56b558616 osx: Import fix for tommath #159 2022-01-13 19:56:12 -06:00
Nicolas Williams
4d8badc9a8 roken: Handle not having getpwnam_r() 2022-01-13 19:56:02 -06:00
Nicolas Williams
0c7b06f9ca cf: Check cc support of -Werror=enum-conversion 2022-01-13 15:33:04 -06:00
Marc Dionne
fc4b3ce49b hcrypto: Fix return type for null_Init, null_Update and null_Final
The hc_evp_md_init, hc_evp_md_update and hc_evp_md_final typedefs
are defined as functions returning an int, but null_Init, null_Update
and null_Final are defined as void, and cast with the typedef when
assigned to the function vector.

This might result in some uninitialized value being returned to the
caller, if some of them make use of the return value.  It also causes
warnings if the -Wcast-function-type warning is enabled.

Change the type to in to match the typedef, and return 1 (success).
2022-01-13 16:00:50 -05:00
Luke Howard
6530021f09 kdc: move auth event definitions into KDC header
Move KDC auth event macro definitions out of hdb.h and into a new KDC header,
kdc-audit.h.
2022-01-13 14:51:31 +11:00
Nicolas Williams
04523254c1 asn1: Restore styling of generated sources 2022-01-11 17:45:27 -06:00
Nicolas Williams
ff4033eb59 asn1: Fix Windows build 2022-01-11 17:15:59 -06:00
Nicolas Williams
6ee1554f3e Ignore enum-conversion errors
This is not a very good fix, though the warnings remain.  Such errors
can in principle be a problem because in C there is no standard enum
sizing.

In this case we have two enums with the same elements and so the same
size, so it's clearly not a problem.
2022-01-11 17:15:59 -06:00
Nicolas Williams
284b29a85c asn1: Fix missing LIB_heimbase dependency 2022-01-11 10:55:19 -06:00
Nicolas Williams
40d1271094 asn1: Expand decoration w/ C types
This commits allows `heim_object_t` as a type and causes the generated
code to use the `heim_retain()` and `heim_release()` functions for
copying and releasing values of such types.

Also, now one can have more than one decoration per-type.
2022-01-11 10:21:05 -06:00
Luke Howard
ef906991fd asn1: don't include decoration header for void *
If the decorated external type is a void *, don't include the decoration
header in the ASN.1 header, only in the template implementation. This allows
the copy constructor and destructor to be implementation private.
2022-01-11 09:57:11 -06:00
Nicolas Williams
df3e08485b asn1: Add support for decoration w/ external types
This adds support for asn1_compile --decorate=... variation that causes
decoration of an ASN.1 SET/SEQUENCE type with a field of a non-ASN.1
type.

This means we can now have an ASN.1 type to represent a request that can
then have a "hidden" field -- hidden in that it is neither encoded nor
decoded.  This field will be copied and freed when the decoration is of
an ASN.1 type or of a external, C type that comes with copy constructor
and destructor functions.  Decoration with a `void *` field which is
neither copied nor freed is also supported.

We may end up using this to, for example, replace the `hdb_entry_ex`
type by decorating `HDB_entry` with a C type that points to the `HDB` in
which the entry was found or to which it should be written.
2022-01-11 09:57:11 -06:00
Luke Howard
2520c30b28 base: harmonize implementation/headers
heim_retain() should both accept and return a heim_object_t; harmonize this
across header and implementation
2022-01-08 17:40:22 +11:00
Luke Howard
a96f87c4ab asn1: don't clobber checked in files in clean target
Fix regression introduced in 9427796f, where checked in files matching asn1_*.c
would be clobbered by "make clean".

Change-Id: Ifc4bbe3c46dd357fdd642040ad964c7cfe1d395c
2022-01-08 17:38:46 +11:00
Nicolas Williams
472509fd46 gsskrb5: Do not leak authenticator on retry
We have a Heimdal special where when the acceptor sends back an error
token for clock skew or ticket-not-yet-valid errors then the acceptor
application will get GSS_S_CONTINUE_NEEDED from gss_accept_sec_context()
so that the initiator may retry with the same context.

But we were retaining the auth_context, which means that when the
initiator does send a new token, the acceptor leaks memory because
krb5_verify_ap_req2() doesn't clean up the auth_context on reuse.  The
end result is that we leak a lot in those cases.
2022-01-07 21:04:19 -06:00
Nicolas Williams
2d83a0b8cd gss: Make sure to indicate PAC buffers 2022-01-08 10:38:01 +11:00
Nicolas Williams
c2e3c5b66e gss: Add way to set authenticator authz-data
Now we can set Authenticator authorization-data with
gss_set_name_attribute().
2022-01-08 10:38:01 +11:00