If the hostname was already set, a typo in a test meant we were not
freeing it. While we're at it, handle the unlikely possibility that
the existing pointer is passed as the new value.
On Debian stretch systems PAM modules linked against Heimdal run into
symbol conflicts with parse_time() in systemd libraries. We redefine
parse_time() and friends to rk_parse_time(), ... while keeping the old
names for ABI compatibility with existing clients.
The legacy names should eventually be droppped.
When the termination of a child process is observed by reap_kid() it
clears the pids[] element by assigning it the invalid pid value
(pid_t)-1. However, start_kdc() assumes that the unused pid[[] element
value is 0. As a result, each pid[] element's associated child process
can only be restarted once since start_kdc() will not be able to locate
an unused element.
This change alters start_kdc() to initialize all elements of pids[] to
(pid_t)-1 and use that as the marker for unused elements. By doing so
start_kdc() can properly record child process pids and indefinitely
restart child processes as necessary.
Change-Id: Ia93c9284ab21289994eca7fc9cf1278be7c00683
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
Unlike the ccache, we can't lock less because of the way in which keytab
entries are removed: by negating their length. Also unlike ccaches, we
hold locks across the entirety of keytab iteration.
Use stdio. Don't lock to read -- we only ever rename new ccaches into
place, or overwrite endtimes to delete entries, or overwrite part of the
realm name of cc config entries.
Dropping locks around ccache iterator stepping strongly implied that we
don't expect truncation, that we only expect appends (and the
overwriting done to delete entries).
Don't unlock -- let close(2) do it, thus making fewer system calls.
The ASN.1 functions copy_Realm(), copy_PrincipalName() and
copy_EncryptionKey() can fail. Check the return and perform error
handling as appropriate.
Change-Id: I2b3629d19db96eb41d1cd554cef1dca99745e753
When comparing the first component of a multi-component
string that uses a field separator (e.g., '/' or ':'), be sure
to include the separator in the comparison to ensure that the
comparison does not succeed due to a prefix match.
Change-Id: Ieec3e73cb015a83bb652ec11cd7d83e57755c3d2
Fix the numeric error value comparison performed by error_cmp().
Identified by AppChecker and previously fixed by Darwin.
Change-Id: I0a72fd381bef0b34b7e7d155bfff03ab4196d38e
