Windows plugins must be loaded from the same directory as the
heimdal.dll in order to ensure that "DLL Hell" is not revisited.
Since plugins cannot be grouped in a directory by "module" name
the plugins must have a name of the form:
plugin_<module>_<name>.dll
Construct the "plugin_<module>_" prefix string dynamically and
test for both the prefix and the ".dll" extension when building
the list of plugins to load.
Change-Id: I0ff7bf7287f8fb38061c226f0844d7d0f1fb59ec
rename callback() to cc_plugin_register_to_context() and document
its purpose.
The parameter that is the cc_ops structure is 'plugctx' not 'plug'.
This is critical because 'plug' is the common_plugin_model structure
and casting the wrong object leads to random behavior including
crashes.
The test to exit without action was reversed.
With these changes ccache plugins can be registered on each
krb5_init_context() operation.
Change-Id: I295ea91759f69b36ac13b1bfff87306d40df4a26
Windows treats '\\' and '/' equivalently but we cannot control
the form that will be used by end users. Introduce ISPATHSEP()
macro which tests only for '/' on UNIX and both on Windows.
Introduce ISTILDE() macro to test for '~'. When testing for
'/' with strchr() or strrchr() add conditional checks for '\\' on
Windows.
Change-Id: Ia85e698fc88f15a6a71db649db5417f02ef7e5fe
st_dev and st_ino are not set in a consistent fashion by stat()
and fstat() so disable the symlink test.
disable the open group/other readable test because st_mode
cannot be used to perform such a test on Windows.
Change-Id: I1b68c672f882018def7e6d40d4bc7f7add58df36
Do not look for plugin DLLs in either
$ORIGIN/../lib/plugin/krb5
$ORIGIN/../lib
Only look for plugin DLLs in $ORIGIN
Change-Id: I432cd81720b172e7451601b56ea7bba3c03d7d47
Execute tests that were built on Windows but previously skipped.
Remove the duplicate build rules for test-rfc3961.exe.
Change-Id: Icc84c07a33afbdc6ffa509222a3c81de35168eaf
Rely on roken to determine which random function should be
used.
Rename parameter "rand" to "randbytes" to avoid collision with
functions named "rand()".
Change-Id: Ic07cf149daef1cd568b58277773fbe27aef04f7b
Normally one would dlopen() a shared object's basename, not its absolute
path. However, lib/krb5/plugin.c, in an effort to be zero-conf-ish,
wants to readdir() to find plugins to load, and in the process it ends
up defeating the RTLD's search-the-caller's-rpath.
This commit partially addresses this by allowing the use of $ORIGIN in
plugin_dir values and using them for the default (except on OS X).
This allows multiple Heimdal versions installed on the same host, but
with different plugin ABIs, to co-exist. A step forward for doing make
check on hosts where Heimdal is installed.
For now we hardcode $ORIGIN/../lib/plugin/krb5 (linux, Solaris, *BSD),
or $ORIGIN (Windows; for assemblies objects need to be in the same
directory) and we eval $ORIGIN by using dladdr() (Linux, Solaris) or
GetModuleHandleEx() (Win32, via a dladdr() wrapper in libroken) to find
the path to libkrb5 whose dirname to use as $ORIGIN. For Windows,
because we need the plugins to be in the same directory as libkrb5, we
require a prefix on plugin DLLs ("plugin_krb5_") to distinguish them
from other objects.
We should add a special token to mean "look in $ORIGIN, sure, but
dlopen() the plugin basenames only (so the RTLD can search the rpath)".
rk_mkdir() should not be redefined to mkdir() nor should mkdir()
be redefined to rk_mkdir() when compiling lib/roken/mkdir.c
Change-Id: I329fd2eb5794548635d33218a65df8958746a6f9
Although rk_mkdir can be provided on all platforms there is no
reason to require that it be used by unconditionally mapping
mkdir -> rk_mkdir
Change-Id: Ic149500037abf446434332bf6ba67dfb3906cd72
- use O_NOFOLLOW
- be more strict not to follow symlinks
- require cache files to be owned by the user
- have sane permissions (not group/other readable)
As kerberos(8) provides a brief outline of this network authentication
system I would suggest extending SEE ALSO to include a few section 8
commands. I have excluded kadmind(8) and kpasswdd(8) as these servers
can be easily reachable from kadmin(8) and kpasswd(8) manual pages
respectively.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
There is no fchmod() implementation on Windows. For now prevent its
use on Windows with #ifndef _WIN32 but in the future set_default_cache()
should be updated to set ownership permissions for the cache file.
Change-Id: I57214dfecbd25d7b337a568fa5e522c0a22dbb76
The Windows version of mkdir() does not share the same signature
as the POSIX version. Add rk_mkdir() with an POSIX compliant signature
to libroken. The current implementation ignores the 'mode' parameter
on Windows but a future implementation could provide the required
functionality with native Win32 APIs.
Change-Id: I084d42e0f27932e9b8131d310dbf34849f5fe4b6
POSIX mkdir (unlike the Windows version) takes a 'mode_t' parameter.
Provide definitions for the mode_t constants.
Change-Id: Ie57e746aa3e579e28f93064ab430f1128508cc84
