To speed up tests/gss/check-gssmask we need to remove the `sleep 10`
found there, and to do that we need to make the gssmask daemons use
roken_detach_prep()/roken_detach_finish(), and to do that we need to
split up mini_inetd_addrinfo().
This commit authored by Claude with human guidance and review.
This flag has defined by POSIX for years if not decades, but glibc
and Windows apparently still don't have it.
We will use it with getnameinfo, along with all other NI_NUMERICxxx
options, to minimize risk of network leaks with block_dns.
This change has two parts:
1. Provide our own local implementation of numeric-only getaddrinfo
in auditdns.c used to audit for DNS leaks, rather than deferring
to dlsym(RTLD_NEXT, "getaddrinfo"), in terms of inet_pton.
To keep review and implementation simple, this is limited to
AI_NUMERICHOST _and_ AI_NUMERICSERV -- this requires that we
arrange to pass AI_NUMERICSERV in callers too.
2. Wherever we implement block_dns, set AI_NUMERICSERV in addition to
AI_NUMERICHOST as needed by the new auditdns.c getaddrinfo.
(In principle this might also avoid other network leaks -- POSIX
guarantees no name resolution service will be invoked, and gives
NIS+ as an example.)
One tiny semantic change to avoid tripping over the auditor:
kadmin(8) now uses the string "749" rather than the string
"kerberos-adm". (Currently we don't audit kadmin(8) for DNS leaks
but let's avoid leaving a rake to step on.) Every other caller I
found is already guaranteed to pass a numeric service rather than
named service to getaddrinfo.
fix https://github.com/heimdal/heimdal/issues/1212
Previously, the hostname was initialized to `localhost'. If it was
not cleared by init_syslog, init_logger_addr (via openlog) would
query gethostbyname to find the IP address of `localhost', which will
essentially always be 127.0.0.1. But if it was cleared by
init_syslog, init_logger_addr would return 127.0.0.1 anyway.
This way, it always returns 127.0.0.1 in the event of no init_syslog
call, and avoids a DNS lookup. You can always force a DNS lookup by
passing `localhost' to init_syslog explicitly, of course.
I'm not sure if anything even uses this as a fallback in Heimdal, but
let's avoid leaving a rake to step on.
If a char width is specified the number of output buffer bytes
consumed might be greater than one. Update append_char() to
return the number of bytes consumed and use that value in xyzprintf()
instead of one.
Excluded: libtomath and libedit files, most of which appear to be
testing or example code not involved in production, and which are
derived from an upstream that should perhaps have patches submitted
upstream instead.
fix https://github.com/heimdal/heimdal/issues/1111
Both the len and the index was decremented, which made the exit
condition (template[len - i] == 'X') trigger before it should.
Fixes solaris10 where mkdtemp is not available.
Add rk_undumptext(), which NUL-terminates the contents it reads.
rk_undumptext(), and now also rk_undumpdata(), can read from regular and
non-regular files (e.g., ttys, pipes, devices, but -on Windows- not
sockets).
This means that `asn1_print` can now read from `/dev/stdin`, which can
be a pipe.
There's a way to set a limit on how much to read from non-regular files,
and that limit defaults to 10MB.
At any rate, the rk_dumpdata(), rk_undumpdata(), and rk_undumptext() functions
really do not belong in lib/roken but in lib/base. There are other utility
functions in lib/roken that don't belong there too. A rationalization of the
split between lib/roken and lib/base is overdue. And while we're at it -lest I
forget- it'd be nice to move all the krb5_storage functions out of lib/krb5 and
into lib/base, as those could come in handy for, e.g., implementing OpenSSH
style certificates and other things outside the krb5 universe.
The bug fixed herein almost certainly means that PKINIT was never
working on Windows, since lib/hx509 uses rk_undumpdata() to read regular
files containing certificates and keys, but then since rk_undumpdata()
was using net_read(), that can't have worked. On Windows net_read()
insists on the FD being a socket, and because of winsock, the namespaces
of socket and file descriptors on Windows are distinct.
get_null() can fail for two reasons. There can be a memory allocation
issue or the hints->ai_family could be unsupported. This change
informs the caller of the error state instead of returning success
with an invalid struct addrinfo output parameter.
Fixes#1007
Reported-by: opless
Apple clang version 14.0.0 (clang-1400.0.17.3.1) fails the build
because stds.h defines `fallthrough` as a macro which is then
expanded when base.h evaluates
# if __has_attribute(fallthrough) && __clang_major__ >= 5
The macOS SDK defines `DISPATCH_FALLTHROUGH` as the macro instead
of `fallthrough`.
This change replaces the use of `fallthrough` in the tree with
`HEIM_FALLTHROUGH` and updates the declaration in configure logic
to define `HEIM_FALLTHROUGH` based upon existing definitions
(if any) of `fallthrough` or `DISPATCH_FALLTHROUGH`.
INTxx_MIN plus a positive integer of the same type will always be
negative, and so the result will always compare less than a positive
integer. Fix this check so that we produce the correct result when
adding two negative time_t values.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
