When flushing the uber record, retain the current log version. When the
uber record is the only (thus last) record in the log, return its nominal
version as the last version, not 0. Upgrade the log if the current uber
record version number is not 0.
Otherwise we risk storing a name with the referral (empty) realm name,
which will then cause various knock-on effects, such as thinking that
the start_realm is "", and failing to find matching credentials in the
ccache.
When storing credentials whose ticket principal is not equal to the
requested principal, store the ticket under both names not only when
the original realm is the referral realm, but more generally for any
difference at all. This matches MIT behaviour.
Allow explicit name_canon rules to specify a realm to go with the
canonicalized hostname, if that realm is empty the effect is the
same "use-referrals"
Also fix segfault when no creds and debugging
At least one "windc" plugin provided by OS X lacks a client_access()
entry point and caused the KDC to crash. The KDC now checks for each
entry point in "windc" plugins and either falls back on alternative
default functionality or fails more gracefully than by crashing.
On OS X anyways, since Heimdal cannot be built to replace the system
Kerberos implementation in OS X (even though it's based on Heimdal).
Heimdal plugins other than the CCAPI plugins have private ABIs with
strong coupling to the internals of the Heimdal libraries, thus using
system plugins in a non-system Heimdal is likely to end in tears (e.g.,
segfaults).
This means, for example, that OS X's plugins for PAC creation and
verification cannot be used by Heimdal.
When the master's log has all entries from version 1 to now, and no
uber entry (legacy master), then new slaves will not pull version 1,
because their uber record has version 1.
The fix is to force the uber version to 0 always, and avoid adding a
truncate nop when doing a full prop. The uber record now records the
database version even in the absence of any other log entries so that
we know what to pull going forward.
Prior change 83011252d7 which fixed
cross-realm trusts from AD to Heimdal removed the assignment of
'*kvno_ptr' to 'kvno' in the case where a non-zero key version
number is supplied by the caller. This breaks cross-realm trusts
from Heimdal to another realm.
This change restores the missing assignment.
Change-Id: Ic041d9d797ba4c8c0c567da55066ba5d3d1874bb
A KVNO is unsigned and this is reflected in the internal
interfaces. However, for compatibility reasons its encoding
is signed and this creates a pointer mismatch when passing a
kvno pointer to _kdc_db_fetch.
Signed-off-by: Uri Simchoni <uri@samba.org>
For consistency make "-I" part of the macro value set by autoconf.
For now, don't attempt to handle OpenSSL rpath in cf/crypto.m4.
That's much easier by just setting LDFLAGS when running configure.
Otherwise too many Makefiles to edit and libtool and automake do
their best to undo the rpath.
We added some new OID symbols in libasn1, make them public.
When an older Heimdal is already installed and its libraries don't
have some newly created symbols we run into build or test problems,
if libtool decides to use installed rather than just-built libraries.
This was happening with a few of test programs in libhx509. Fixed.
If we are not code signing we must define an action for _CODESIGN_SHA256
or the build system macros will be unbalanced.
Change-Id: I3c545de3c8ee809709defd12faeead358fde26dd
When building evp-openssl.c without support for OpenSSL it is necessary
to include evp-hcrypto.h to define the HCRYPTO_FALLBACK functions.
Change-Id: Ifd51f9fcd2b1805a534a9f88992162818afffe7d
HCRYPTO_FALLBACK is a required definition for building lib/hcrypto.
However, it wasn't added to the Windows build system. This change
does so and enables fallback functionality.
Change-Id: I4a711c6da58e8832a61a3c0b2b8d9b10038425f0
Weak crypto is disabled on every other system. OpenAFS no longer
requires it and AuriStor doesn't need it. Turn it off.
Change-Id: I6fab2328f71d1c38a655560ab0f83b8df9b53c73
Permit an explicit version of signtool.exe to be specified via an
environment variable. Now that sha256 signatures are required the version
of signtool.exe that matches the SDK or Visual Studio version might not
be sufficient to apply code signatures.
Change-Id: I694e2b319bd692d6358ae7ce3d241da2da7648f8
Move roken.h to the top of the header after config.h and remove the
includes that are duplicated by roken.h.
Change-Id: I33e29736519177f17c36e5c5948d7022011ab2b2
All source files must start with
include <config.h>
include <roken.h>
when krb5_locl.h or kdc_locl.h are includes, they must come before
other Heimdal include files.
Do not include stdint.h when roken.h is included.
Do not include config.h more than once.
Change-Id: I0baecb5d48317996f48b1a6c41b051f42f2fde61
In verify() if krb5_unparse_name() fails 'sname' will be used
unitialized in the subsequent krb5_warnx() and free() calls.
Change-Id: I5a49bf06879eb5a77cf2d1d3f0d4b9c6549aeff8
Coverity complains about the leakage of 'handle' when the identifier
goes out of scope. Change handle into a static global to hold the
value instead of a stack variable.
Change-Id: I040707ac731558f7d523f128a006a80b98d45b79
The Windows and PKCS#11 backends do this. The Common Crypto (OS X)
backend does not. Ideally this should be a ./configure option, and that
might be the next step, but right now we need this fallback in order to
get tests passing in Travis-CI.
