Luke Howard
ec24edf700
kdc: add accessor functions for KDC request structure
...
Add accessor functions for use by Samba and other plugin developers.
Documentation is in kdc/kdc-accessors.h.
2022-01-20 17:23:24 +11:00
Luke Howard
ed4fe65794
base: change ret fieldname to error_code in request struct
2022-01-20 17:23:24 +11:00
Luke Howard
f4e936c893
include: fix token_validator_plugin.h typo
...
token_validator_plugin.h was also missing in Makefile.am:CLEANFILES.
2022-01-20 17:23:11 +11:00
Nicolas Williams
302250026c
kdc: Do not announce via Bonjour when testing
...
Let's see if this fixes the GitHub Actions OS X CI.
2022-01-20 00:20:30 -06:00
Luke Howard
0c26edd468
include: add more generated files to CLEANFILES
...
take #2 , fix build breakage.
Recently added features for Heimdal 8 did not update
include/Makefile.am:CLEANFILES appropriately.
2022-01-20 17:17:58 +11:00
Luke Howard
d74b411f12
Revert "include: add more generated files to CLEANFILES"
...
This reverts commit 622527d9ca
2022-01-20 17:17:09 +11:00
Luke Howard
622527d9ca
include: add more generated files to CLEANFILES
...
Recently added features for Heimdal 8 did not update
include/Makefile.am:CLEANFILES appropriately.
2022-01-20 17:15:51 +11:00
Nicolas Williams
9d0149d2f2
krb5: Context has to be opt. in for path tok. exp.
2022-01-19 23:49:06 -06:00
Nicolas Williams
1eda4920c8
krb5: Fix coverity warnings
2022-01-19 23:38:27 -06:00
Nicolas Williams
9203c4a3f4
ipropd: Ignore setsockopt() result
2022-01-19 23:37:32 -06:00
Nicolas Williams
4eec82dc52
ipc: Ignore setsockopt result
2022-01-19 23:37:01 -06:00
Nicolas Williams
dd2ad50fbf
hdb: Make HDB-as-keytab get function match API
...
krb5_kt_get_entry() allows a NULL principal to be given ("match all").
The get method of the HDB-as-keytab keytab did not know this, and could
dereference a NULL as a result.
2022-01-19 23:35:19 -06:00
Nicolas Williams
cf19a0f8e3
krb5: Context must be optional for error functions
...
We pass a NULL context to error functions in CCAPI (lib/krb5/acache.c)
code paths.
2022-01-19 23:33:44 -06:00
Nicolas Williams
1e634df8a5
base: Context has to be optional in for path tok. exp.
...
We call path token expansion functions with a NULL context in CCAPI
(lib/krb5/acache.c). We only need the context for errors.
2022-01-19 23:32:22 -06:00
Nicolas Williams
82e00128a2
base: Context has to be opt. in for error functions
...
This is needed so that it can be optional for path token expansion,
which has to have the context be optional for ccapi (lib/krb5/acache.c),
which in some cases calls path token expansion functions w/ a NULL
context.
2022-01-19 23:30:55 -06:00
Nicolas Williams
c650e37321
kdc: Fix leak caused by a1481f1f0
2022-01-19 17:32:16 -06:00
Nicolas Williams
03c69ffe1c
GitHub: Use -Wnonnull for GCC build
2022-01-19 17:00:11 -06:00
Nicolas Williams
4a0e01f9ed
kadm5: Add missing error checks
2022-01-19 16:57:06 -06:00
Nicolas Williams
97cef99f54
iprop: Fix coverity warnings
2022-01-19 16:53:45 -06:00
Nicolas Williams
1b213c1082
kadmind: Add missing error checks
2022-01-19 16:33:37 -06:00
Nicolas Williams
655c057769
kadm5: Add missing error checks
2022-01-19 16:33:17 -06:00
Nicolas Williams
9d6dd21256
iprop-log: Add missing error checks
2022-01-19 13:59:04 -06:00
Nicolas Williams
ff4c82cd47
kpasswdd: Fix leak of keytab on exit
2022-01-19 13:41:29 -06:00
Nicolas Williams
8c5030bcf7
gss: test_context: Fix leak
2022-01-19 12:35:08 -06:00
Nicolas Williams
26054d835c
gss: Fix leak in gss-token
2022-01-19 12:33:11 -06:00
Nicolas Williams
abb9a46ccc
kadmin: Add missing error check in init()
2022-01-18 15:41:43 -06:00
Nicolas Williams
fb4632edb1
krb5: Fix leak in test_ap-req.c
2022-01-18 15:40:54 -06:00
Nicolas Williams
b349b4add0
kdc: Fix recent dangling ptr; move more into r
...
As we move more and more state into astgs_request_t we need to be
careful not to leave locals and function arguments aliasing objects from
the astgs_request_t.
2022-01-18 15:32:05 -06:00
Nicolas Williams
3b0b9f2dfe
krb5: Constify _krb5_principal2principalname()
2022-01-18 15:12:56 -06:00
Nicolas Williams
01848fe1de
GitHub: Valgrind build: use LMDB
...
Let's see if the output from valgrind we're currently getting has to do
with BDB or if it's to do with Heimdal (I can't reproduce locally with
LDMB).
2022-01-18 12:35:26 -06:00
Nicolas Williams
f26bc69ded
gss: Fix name attr leak in test_context
2022-01-18 12:35:26 -06:00
Nicolas Williams
0b137e3287
gss: Workaround valgrind "lifetime not equal" issue
2022-01-18 12:35:26 -06:00
Nicolas Williams
257be08bbb
GitHub: Make valgrind build a debug build
...
To get line numbers from valgrind stack traces we need the valgrind
build to be a debug (-g) build.
2022-01-18 10:31:20 -06:00
Nicolas Williams
f155150969
kdc: Rewrite get_pa_etype_info and set_salt_padata
...
We weren't checking for errors, and we weren't using the convience
SEQUENCE OF add_METHOD_DATA() and add_ETYPE_INFO() functions generated
by the ASN.1 compiler. Using those utilities made get_pa_etype_info()
and make_etype_info_entry() sufficiently simpler that merging the two
makes for simpler, more readable code.
2022-01-18 09:14:29 -05:00
Nicolas Williams
2801606b80
GitHub: Fix valgrind build
2022-01-18 01:15:09 -06:00
Nicolas Williams
a1481f1f05
kdc: Check krb5_ret_uint32() in connect loop
2022-01-18 00:42:11 -06:00
Nicolas Williams
fcba7a9fd1
kdc: Check errors from krb5_auth_con_getauthenticator()
2022-01-18 00:32:51 -06:00
Nicolas Williams
4ed4f2159c
krb5: Check errors in krb5_auth_con_getauthenticator()
2022-01-18 00:32:51 -06:00
Nicolas Williams
1a08b3b47f
kdc: Make --kdc-request-log-file concrrency-safe
...
Build the entry to write to the log file in memory, the write it with
O_APPEND. This should make writes to the request log file safer in
multi-process KDC configurations.
Also, check results of krb5_store_*() functions (coverity alerted to
this).
2022-01-18 00:19:15 -06:00
Nicolas Williams
d41467dcde
kdc: Explicitly ignore setsockopt() result
2022-01-18 00:16:09 -06:00
Joseph Sutton
ef059b8831
heimdal:base: Don't perform arithmetic on a NULL pointer
...
Doing so is undefined behaviour.
Change-Id: Ic57baac0fc5fb06945c0dfbd5d4eb913a12fc13d
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
2022-01-18 00:31:45 -05:00
Joseph Sutton
1c93a6ff26
heimdal: Avoid overflow when performing bitwise shift operations
...
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz >
2022-01-18 00:31:45 -05:00
Luke Howard
bc37bf1afd
kdc: use public audit API in altsecid authorizer plugin
...
Regression fix for 94ed961d02
2022-01-18 16:27:05 +11:00
Nicolas Williams
376d347500
GitHub: Use just clang for valgrind build
2022-01-17 23:14:16 -06:00
Luke Howard
94ed961d02
kdc: make auditing API public
...
Samba plugins will need to use auditing API without including krb5-private.h,
so make the auditing APIs public.
2022-01-18 16:09:50 +11:00
Luke Howard
4befd3e355
kdc: remove krb5_ prefix for KDC attribute functions
...
We will use the kdc_ rather than krb5_kdc_ prefix for new public APIs exported
from libkdc. Amend the recently introduced
request_{get,set,copy,delete}_attribute APIs to conform.
2022-01-17 23:50:04 -05:00
Jeffrey Altman
5fa0b7b6ff
lib/krb5: krb5_sento_context KRB5_SENDTO_DONE KRB5_SENDTO_FAILED
...
Let the KRB5_SENDTO_DONE and KRB5_SENDTO_FAILED action states be
handled by the provided switch blocks. This ensures that the
'ret' value is set appropriately before exiting the loop.
Change-Id: I56f4cea83efd86203a9a7a36cf48c80f632cf779
2022-01-17 23:02:01 -05:00
Jeffrey Altman
238fd7c6c6
kdc: kdc_issue_certificate remove dead code
...
'ret' cannot equal EACCES after setting it to KRB5KDC_ERR_POLICY.
Change-Id: I2fbb0c91f6fdc541813685fde26229833fa56e42
2022-01-17 22:41:33 -05:00
Jeffrey Altman
51575264d4
kadmin: read_words pass correct type to sizeof
...
(char *) not (char **).
Change-Id: I2c34fa5b0ea9f81b08451ed1b4a816684b7ab638
2022-01-17 22:36:29 -05:00
Jeffrey Altman
2cd3f7089e
kdc: cmd_append fix broken commit
...
4101280459
2022-01-17 22:36:29 -05:00
