Ah, we can't use context->default_cc_name because that will be taken
from KRB5CCNAME if it's set, and then we'll think whatever that value is
is the default, but we're really looking to special case resolving of
the "%{UID}" KCM cache name. So do that.
Our kcm daemon will resolve default cache names (%{UID}) to the user's
session's default cache name. SSSD's kcm daemon will not.
Therefore we add a heuristic for "if we're resolving what may be the
local configured default KCM cache, and it doesn't exist as such in the
KCM session, then use the KCM session's default cache".
This allows our kinit and klist to work as intended.
krb5_store_string, krb5_store_stringz, krb5_store_stringnl
If the input string is NULL, fail the call with EINVAL.
Do not pass the NULL pointer to strlen().
Change-Id: Id87d72e263dde798f300353ec4c1656b310d17a4
Wrap all KCM cc ops that need to call kcm_alloc() so that they pass in
the cc ops pointer that they're associated with so that kcm_alloc() can
use the correct ccache type name if needed.
If mp_ubin_size(s) returns zero then mp_to_ubin() will fail and
not return MP_OKAY. If MP_OKAY is not returned, NULL is returned
to the caller of mpz2BN().
This change avoids the unnecessary memory allocation and function
calls. It also removes a dereference after null warning from
coverity.
Change-Id: I52ff2c166964e41cb4eef1dac637904bf2bf13bf
190263bb7a
("assert non-NULL ptrs before calling mem funcs") introduced
two wrong size argument warnings. These locations are not
errors since the allocation is simply to ensure that the
data pointer is non-NULL; length is zero.
Change-Id: I7b3b58247799a48da3653008c7b6d7fbbbf83e25
The definitions of memcpy(), memmove(), and memset() state that
the behaviour is undefined if any of the pointer arguments are
NULL, and some compilers are known to make use of this to
optimise away existing NULL checks in the source.
Change-Id: I489bc256e3eac7ff41d91becb0b43aba73dbb3f9
Link: https://www.imperialviolet.org/2016/06/26/nonnull.html
instead of testing both cb_ctx.h and cb_ctx.h->prefix
for non-NULL, ensure that cb_ctx.h is NULL after each
failed for() loop. This also ensures that cb_ctx.h
is never left pointing to an invalid non-NULL value.
Change-Id: I3264577b0fbf1d620b00f87d251e8c43b81e0f29
Assign zero to the output size parameter at the start so that
callers that use the value when an error occurs do not see
garbage that might be misinterpreted.
Change-Id: Iccfcf4f6944b1bf72789c83919901d9b9d6f9153
AND and OR are now binary operators, left-associative, with AND having
higher precedence than OR.
The not operator is now higher-precedence than the AND and OR operators.
There remains one tough shift/reduce conflict, the warning for which is
quieted with an `%expect 1` directive.
The remaining conflict has to do with whether a constraint attaches to
the inner type that some other outer type is a SET OF or SEQUENCE OF or
tagged-type of, or whether it attaches to the outer type. The two are
really the same thing. The latter is the reduce side, so it's not used,
but if it were we could grab the constraint in the action and attach it
to the inner type anyways.
In order to resolve some shift/reduce conflicts in the ASn.1 compiler's
grammar we need to be strict about value names starting with lower case
and type names starting with upper-case.
The pseudo keyword 'fallthrough' is defined such that case statement
blocks must end with any of these keywords:
* break;
* fallthrough;
* continue;
* goto <label>;
* return [expression];
*
* gcc: https://gcc.gnu.org/onlinedocs/gcc/Statement-Attributes.html#Statement-Attributes
The macro is defined either as
__attribute__((__fallthrough__))
or as
do {} while (0) /* fallthrough */
not including the semicolon.
This change implements the Linux kernel style and updates several locations
where "/*fallthrough*/ and /* FALLTHROUGH */ were not previously replaced.
Externally imported code such as libedit, libtommath and sqlite are
restored to their unaltered state.
Change-Id: I69db8167b0d5884f55d96d72de3059a0235a1ba3
asprintf() return code must be checked because in case of failure
the value of the output buffer variable is undefined.
Change-Id: I75e06fffe2330ec10dbe4f678479ded479ab5931
The tests depend upon an ERANGE error for buffer length zero.
They broken due to 8324a2af1d
("lib/krb5: unparse_name_fixed error if invalid name buffer or length")
which returned EINVAL.
Change-Id: I81693f9d3f5fdc1838c11ffbfe0dafc742d9b207
If make_local_fast_ap_fxarmor() is called without a ccache
it will segmentation fault. Set a krb5 error message in the
context and fail with EINVAL.
Change-Id: I8a72a026dbae931e41498f55cd634ad2fee26772
krb5_cc_end_seq_get() is not expected to fail because it is a
cleanup routine. If it fails it indicates something wrong with
the cache or the system. Return the failure if there is one.
Otherwise, the failure from krb5_cc_next_cred() should be
returned UNLESS it is KRB5_CC_END in which case return success.
Change-Id: I80e07103e2fb38aa40418a436fa5351fb89549d3
Calls to krb5_principal_set_realm() can fail due to memory
allocation failures. If the client realm cannot be set in
the generated principal the wrong realm will be used.
Check for the result of krb5_principal_set_realm() and if
there is a failure, clean up and return the error code to
the caller.
Change-Id: Icadd04c858e88c1ba1d4344c60a784885a6a1344
If the output 'name' buffer is NULL or length is zero, there is
no place to unparse the principal name to. Fail with EINVAL and
if possible set an error message on the krb5_context.
This avoids potential NULL pointer dereferences.
Change-Id: Ie38d284f1867be883a2f2e31103ea50cd130a0fe
Refactor krb5_vset_error_message() to remove the many conditional
tests on the existence of krb5_context. If there is no krb5_context
then _krb5_debug() is a no-op. Therefore, there is no point in
performing any of the other work.
Change-Id: Ib88b592a542a195f27e352a80ced0a98a6f85300
