krb5.git/src/lib/gssapi/mechglue, branch kinit-c MIT Kerberos patches Fix glob memory leak in GSS initialization 2014-08-07T19:03:29+00:00 Greg Hudson ghudson@mit.edu 2014-08-05T03:34:32+00:00 20f91672568b1d2e341a9bb0dba88a831f152f1c In loadConfigFiles, call globfree even if glob fails, since glob can allocate memory and report partial results on failure. Also initialize globbuf before calling glob; this is not strictly required, but hedges against hypothetical libc implementation bugs which could leave globbuf.gl_pathc or globbuf.gl_pathv uninitialized on error. ticket: 7981 
In loadConfigFiles, call globfree even if glob fails, since glob can
allocate memory and report partial results on failure.  Also
initialize globbuf before calling glob; this is not strictly required,
but hedges against hypothetical libc implementation bugs which could
leave globbuf.gl_pathc or globbuf.gl_pathv uninitialized on error.

ticket: 7981
Fix the build on windows 2014-08-06T16:18:15+00:00 Ben Kaduk kaduk@mit.edu 2014-08-05T15:11:45+00:00 58312ae8beb0499ac3a06196164eb833e9f8975e Windows does not provide the glob() functionality used to implement the /etc/gss/mechs.d/ feature, so we must avoid compiling the relevant code for windows. (It would never have been called, anyway.) Adjust the ccache/Makefile.in rules to not use '-' or '@' in make variable names that are processed by nmake. Also in ccache/Makefile.in, remove some latent leading whitespace that had been previously hidden by the previous rule; this exposed some flawed dependencies that are now removed. Windows does not provide sys/socket.h or sys/un.h, so don't try to include them in cc_kcm.c. The commit which moved the KKDCP TLS support to a plugin left some dangling references to checkhost.c byproducts in os/Makefile.in, which can be safely removed. Use k5-platform.h in support/json.c instead of a set of system includes; this lets windows build the static inline helper functions therein. 
Windows does not provide the glob() functionality used to implement
the /etc/gss/mechs.d/ feature, so we must avoid compiling the
relevant code for windows.  (It would never have been called, anyway.)

Adjust the ccache/Makefile.in rules to not use '-' or '@' in
make variable names that are processed by nmake.

Also in ccache/Makefile.in, remove some latent leading whitespace that
had been previously hidden by the previous rule; this exposed some
flawed dependencies that are now removed.

Windows does not provide sys/socket.h or sys/un.h, so don't try
to include them in cc_kcm.c.

The commit which moved the KKDCP TLS support to a plugin left some
dangling references to checkhost.c byproducts in os/Makefile.in,
which can be safely removed.

Use k5-platform.h in support/json.c instead of a set of system includes;
this lets windows build the static inline helper functions therein.
Modify k5buf interfaces for easier use 2014-07-30T16:11:38+00:00 Greg Hudson ghudson@mit.edu 2014-07-02T16:03:54+00:00 651f3af251d172361a954f55f2d87561ae42c2d0 Make struct k5buf less opaque and get rid of k5buf-int.h. Make it easy to initialize a k5buf in an error state so that it can be freed in a cleanup handler. Add a function k5_buf_status which returns 0 or ENOMEM. Remove k5_buf_data and k5_buf_len. Rename k5_free_buf to k5_buf_free. Adjust all callers to match. 
Make struct k5buf less opaque and get rid of k5buf-int.h.  Make it
easy to initialize a k5buf in an error state so that it can be freed
in a cleanup handler.  Add a function k5_buf_status which returns 0 or
ENOMEM.  Remove k5_buf_data and k5_buf_len.  Rename k5_free_buf to
k5_buf_free.  Adjust all callers to match.
Fix leak on GSS module symbol resolution error 2014-07-21T03:38:37+00:00 Simo Sorce simo@redhat.com 2014-07-10T14:04:06+00:00 53362ba69fb5a60386dd358c3450bfcf4f6b7346 If krb5int_get_plugin_func fails, errinfo may contain an allocated error message. Free it on error when loading GSS modules. [ghudson@mit.edu: also fix GSS_ADD_DYNAMIC_METHOD; clarify commit message] ticket: 7966 (new) target_version: 1.12.2 tags: pullup 
If krb5int_get_plugin_func fails, errinfo may contain an allocated
error message.  Free it on error when loading GSS modules.

[ghudson@mit.edu: also fix GSS_ADD_DYNAMIC_METHOD; clarify commit
message]

ticket: 7966 (new)
target_version: 1.12.2
tags: pullup
Do not loop on add_cred_from and other new methods 2014-06-05T16:13:18+00:00 Sam Hartman hartmans@debian.org 2014-06-04T16:06:27+00:00 41d38531043b99e8daa334f2b6ddf376adf1e878 Several new GSS-API methods were added but GSSAPI_ADD_METHOD was called to add them rather than GSSAPI_ADD_METHOD_NOLOOP. This means that the implementation from the GSS-API mechglue would be used if the mechanism had no implementation. As a result, the mechglue will call into itself exhausting the call stack in an endless loop when one of these methods is called. ticket: 7926 target_version: 1.12.2 tags: pullup 
Several new GSS-API methods were added but GSSAPI_ADD_METHOD was
called to add them rather than GSSAPI_ADD_METHOD_NOLOOP.  This means
that the implementation from the GSS-API mechglue would be used if the
mechanism had no implementation.  As a result, the mechglue will call
into itself exhausting the call stack in an endless loop when one of
these methods is called.

ticket: 7926
target_version: 1.12.2
tags: pullup
Read /etc/gss/mech if no mech.d/*.conf found 2014-06-04T20:42:43+00:00 Greg Hudson ghudson@mit.edu 2014-05-29T03:51:49+00:00 ac98187641f6943ae571606c0b6a97f236f9b60c Always read /etc/gss/mech, even if globbing /etc/gss/mech.d/*.conf doesn't work. Doing this using GLOB_DOOFFS proved error-prone, so use a simpler approach: factor out the per-pathname handling into a helper function load_if_changed, call it with MECH_CONF before the glob, then pass each glob result through the helper. ticket: 7925 
Always read /etc/gss/mech, even if globbing /etc/gss/mech.d/*.conf
doesn't work.  Doing this using GLOB_DOOFFS proved error-prone, so use
a simpler approach: factor out the per-pathname handling into a helper
function load_if_changed, call it with MECH_CONF before the glob, then
pass each glob result through the helper.

ticket: 7925
Improve pointer hygiene around gss_display_name 2014-05-24T15:11:33+00:00 Greg Hudson ghudson@mit.edu 2014-05-21T16:03:00+00:00 0bf18fd4363f9f1244688daac224bd456bf52e7f GSSAPI functions are responsible for setting their output parameters on failure. Take greater care to do so in krb5_gss_display_name. The mechglue is generally defensive about initializing variables used as outputs, and not assuming that mechs will set them on failure. Make gssint_convert_name_to_union_name initialize union_name->external_name before calling mech->gss_display_name, so that if the mech's gss_display_name doesn't touch it, we don't free an uninitialized pointer. Either one of these changes prevents an unlikely memory bug which could occur if krb5_gss_init_context fails within krb5_gss_display_name when called from gssint_convert_name_to_union_name. ticket: 7915 (new) target_version: 1.12.2 
GSSAPI functions are responsible for setting their output parameters
on failure.  Take greater care to do so in krb5_gss_display_name.

The mechglue is generally defensive about initializing variables used
as outputs, and not assuming that mechs will set them on failure.
Make gssint_convert_name_to_union_name initialize
union_name->external_name before calling mech->gss_display_name, so
that if the mech's gss_display_name doesn't touch it, we don't free an
uninitialized pointer.

Either one of these changes prevents an unlikely memory bug which
could occur if krb5_gss_init_context fails within
krb5_gss_display_name when called from
gssint_convert_name_to_union_name.

ticket: 7915 (new)
target_version: 1.12.2
Load mechglue config files from /etc/gss/mech.d 2014-05-22T21:54:10+00:00 Günther Deschner gdeschner@redhat.com 2014-03-05T14:25:43+00:00 05cbef80d53f49d30a5d0563501226dc173734d4 In addition to loading /etc/gss/mech, glob for *.conf files in /etc/gss/mech.d. Load only config files which have changed since the highest mtime we saw in the previous scan. Scan at most once per second to avoid excessive numbers of filesystem syscalls for busy GSSAPI applications. [ghudson@mit.edu: rewrote commit message; style changes; added once-per-second throttle on glob/stat calls] ticket: 7882 (new) 
In addition to loading /etc/gss/mech, glob for *.conf files in
/etc/gss/mech.d.  Load only config files which have changed since the
highest mtime we saw in the previous scan.  Scan at most once per
second to avoid excessive numbers of filesystem syscalls for busy
GSSAPI applications.

[ghudson@mit.edu: rewrote commit message; style changes; added
once-per-second throttle on glob/stat calls]

ticket: 7882 (new)
Remove dead code from the mechglue initialization 2014-05-22T21:54:09+00:00 Günther Deschner gdeschner@redhat.com 2014-03-05T15:21:55+00:00 123c14fd8862ee8f11f6084d25958cb380655f35 The stat check in gss_indicate_mechs had no consequent and would have been redundant with logic in updateMechList if it did. [ghudson@mit.edu: elaborated commit message; removed unused g_mechSetTime and now-irrelevant comment] 
The stat check in gss_indicate_mechs had no consequent and would have
been redundant with logic in updateMechList if it did.

[ghudson@mit.edu: elaborated commit message; removed unused
g_mechSetTime and now-irrelevant comment]
Stop generating gssapi_krb5.h 2014-02-26T21:15:20+00:00 Greg Hudson ghudson@mit.edu 2014-02-01T20:59:21+00:00 a7a2c02b618aea40ebd4f597ec956eaf0fe210f5 We started generating gssapi_krb5.h from gssapi_krb5.hin when we needed to use a 64-bit type for lucid contexts. Since we can now assume a standard name for 64-bit types, we can stop generating the header. 
We started generating gssapi_krb5.h from gssapi_krb5.hin when we
needed to use a 64-bit type for lucid contexts.  Since we can now
assume a standard name for 64-bit types, we can stop generating the
header.