Apple clang version 14.0.0 (clang-1400.0.17.3.1) fails the build
because stds.h defines `fallthrough` as a macro which is then
expanded when base.h evaluates
# if __has_attribute(fallthrough) && __clang_major__ >= 5
The macOS SDK defines `DISPATCH_FALLTHROUGH` as the macro instead
of `fallthrough`.
This change replaces the use of `fallthrough` in the tree with
`HEIM_FALLTHROUGH` and updates the declaration in configure logic
to define `HEIM_FALLTHROUGH` based upon existing definitions
(if any) of `fallthrough` or `DISPATCH_FALLTHROUGH`.
Any callback of kadm5_iter_principals() that wants to call other kadm5
functions (such as kadm5_get_principal()) needs to do so on a different
kadm5 handle than the one used for kadm5_iter_principals().
The online LIST interrupt message is a NOP, but it's expected to not
have a reply (the server doesn't send one if it receives it before the
LIST finishes).
However, if the interrupt message arrives after the LIST finished, then
it does get a reply, and this causes the client to get out of step with
the server.
Fixes include:
1) flavor the interrupt NOP to make sure it never gets a reply,
2) introduce a new kadm_list_interrtupt message that is like a NOP that
produces no reply
3) always consume -after the LIST ends- a reply to any list interrupt
NOP on the client side.
This implements (1).
Now that we have a properly working API for listing principals in an
online way, and a server-side implementation of it, use it.
This should work with old and new servers, but it will only be online
and fast when talking to new servers.
(Old servers have a bug though that prevents LIST from working.)
Implement a variation on the op for listing principals where if the
client indicates support for the new variation then we stream the list
instead of collecting it into one reply. This is the server-side
version of the associated, preceding commit:
kadm5: Add online kadm5_iter_principals()
Seeing "End of file" errors from kadm5 client calls which were the
result of not sending back errors in many error paths in
kadmin/server.c:kadmind_dispatch().
8dcc5e617b
("kadmin: add_one_principal refactor") made 'princ_name' a
top-level variable. This precludes the need to declare
subsequent block-level variables with the same name.
Change-Id: I4bf9e54b49a0e366ed4cd39920d3fe58439beb33
The pseudo keyword 'fallthrough' is defined such that case statement
blocks must end with any of these keywords:
* break;
* fallthrough;
* continue;
* goto <label>;
* return [expression];
*
* gcc: https://gcc.gnu.org/onlinedocs/gcc/Statement-Attributes.html#Statement-Attributes
The macro is defined either as
__attribute__((__fallthrough__))
or as
do {} while (0) /* fallthrough */
not including the semicolon.
This change implements the Linux kernel style and updates several locations
where "/*fallthrough*/ and /* FALLTHROUGH */ were not previously replaced.
Externally imported code such as libedit, libtommath and sqlite are
restored to their unaltered state.
Change-Id: I69db8167b0d5884f55d96d72de3059a0235a1ba3
124b8d0f78 ("kadmin: kadmind_dispatch
do not write NULL 'rsp' to 'out'") was committed with an
unintentional source code removal.
Change-Id: I3de21e3624d713a9b5a1e89d147a5db5f1f55ab1
1b213c1082 ("kadmind: Add missing
error checks") altered the behavior of kadmin_dispatch() such that
it unconditionally called
krb5_storage_to_data(rsp, out);
This change was unsafe because krb5_unparse_name_fixed() failure
would skip the allocation of the 'rsp' and 'sp' krb5_storage
objects.
This change allocates the krb5_storage objects prior to performing
any work. If either of them fail, kadmin_dispatch() immediately
returns ENOMEM.
Change-Id: I14fd96afe029a4e74bb769605286ca0e17d25043
If rand_password is true, allocate princ_name early to prevent
memory allocation errors after the principal was added.
Use memset_s to clear the 'password' so that it will not be
optimized away.
Change-Id: I80d11546166d2350e6a79c5a376cb9e8cb191fa3
Obtain the unparsed principal name early so that there is no
risk of memory allocation failure after kadm5_chpass_principal_3()
succeeds.
Change-Id: I389281004826da5752081c2f26127d55e3dc3989
1b213c1082 ("kadmind: Add missing
error checks") altered the behavior of kadmin_dispatch() such that
it unconditionally called
krb5_storage_to_data(rsp, out);
Previously kadmin_dispatch() only wrote to 'out' on success.
Doing so is important because 'rsp' might be NULL on error.
Change-Id: I2688a5c47db0f94d955971e785037c578d3f3fa4
1b213c1082 ("kadmind: Add missing
error checks") altered the scope of the
if (ret == HEIM_ERR_EOF)
ret = 0;
treatment of HEIM_ERR_EOF as a success code. Prior to that
commit HEIM_ERR_EOF meant success only when reading the 'keepold'
value. It indicated a premature failure if returned when reading
'princ' or 'n_key_data'.
This change corrects the scope of HEIM_ERR_EOF indicating success.
Change-Id: If5463b47dc3eabee6fa2f8e717147f02adc1586c
When an unsigned char is shifted << 24 bits its type will be
promoted to signed 32-bits. If the value is then assigned to
an unsigned 64-bit value sign extension will occur.
Prevent the unwanted sign extension by explicitly casting the
value to unsigned long before shifting.
Change-Id: Iabeac0f17dc3229a2dc89abe71960a8ffbf523f8
Remove hdb_entry_ex and revert to the original design of hdb_entry (except with
an additional context member in hdb_entry which is managed by the free_entry
method in HDB).
Decorate HDB_entry with context and move free_entry callback into HDB structure
itself. Requires updating hdb_free_entry() signature to include HDB parameter.
A follow-up commit will consolidate hdb_entry_ex (which has a single hdb_entry
member) into hdb_entry.
Add a new method for issuing referrals for entire namespaces of hostnames.
An alias of the form WELLKNOWN/HOSTBASED-NAMESPACE/service/namespace-fqdn@REALM
will cause all requests for host-based principals in the given namespace to be
referred to the given realm.
Add support for GSS-API pre-authentication to the KDC, using a simplified
variation of draft-perez-krb-wg-gss-preauth-02 that encodes GSS-API context
tokens directly in PADATA, and uses FX-COOKIE for state management.
More information on the protocol and implementation may be found in
lib/gssapi/preauth/README.md.
Sorting the units fixes a bug introduced in:
ae8908bf8 kadmin: Add disallow-client attribute
that I had fixed via:
f6ac4ee86 roken: Fix parse flags bug
which wasn't a bug at all.
This is useful for services that need not be clients. For example, an
untrusted service that need only accept authentication from clients,
but not initiate authentication to other services.
This is a large commit that adds several features:
- Revamps and moves virtual host-based service principal functionality
from kdc/ to lib/hdb/ so that it may be automatically visible to
lib/kadm5/, as well as kadmin(1)/kadmind(8) and ktutil(1).
The changes are backwards-incompatible.
- Completes support for documenting a service principal's supported
enctypes in its HDB entry independently of its long-term keys. This
will reduce HDB bloat by not requiring that service principals have
more long-term keys than they need just to document the service's
supported enctypes.
- Adds support for storing krb5.conf content in principals' HDB
entries. This may eventually be used for causing Heimdal KDC
services to reconfigure primary/secondary roles automatically by
discovering the configured primary in an HDB entry for the realm.
For now this will be used to help reduce the amount of configuration
needed by clients of an upcoming HTTP binding of the kadmin service.
