krb5.git/src/lib, branch kinit-c MIT Kerberos patches Do not loop on principal unknown errors 2015-01-20T19:27:06+00:00 Simo Sorce simo@redhat.com 2015-01-20T18:48:34+00:00 fa32f6c018e8894ece11c0d32d5f666644239ca2 If the canonicalize flag is set, the MIT KDC always return the client principal when KRB5_KDC_ERR_C_PRICIPAL_UNKNOWN is returned. Check that this is really a referral by testing that the returned client realm differs from the requested one. Signed-off-by: Simo Sorce <simo@redhat.com> 
If the canonicalize flag is set, the MIT KDC always return the client
principal when KRB5_KDC_ERR_C_PRICIPAL_UNKNOWN is returned.

Check that this is really a referral by testing that the returned
client realm differs from the requested one.

Signed-off-by: Simo Sorce <simo@redhat.com>
Include file ccache name in error messages 2014-12-15T22:33:46+00:00 Nicolas Williams nico@cryptonector.com 2014-10-30T00:42:49+00:00 98b55e86d7ec8b0a3b9b9f9b415ffdf78f4fd2e8 When a FILE ccache method returns an error, append the filename to the standard message for the code. Remove code to set extended messages in helper functions as they would just be overwritten. Also change the interpretation of errno values. Treat ENAMETOOLONG as KRB5_FCC_NOFILE instead of KRB5_FCC_INTERNAL, since it has an external cause and a name that long can't be opened by normal means. Treat EROFS as KRB5_FCC_PERM. Treat ENOTDIR and ELOOP as KRB5_FCC_NOFILE instead of KRB5_FCC_PERM as both errors imply that the full pathname doesn't exist. Treat EBUSY and ETXTBSY as KRB5_CC_IO instead of KRB5_FCC_PERM as they indicate a conflict rather than a permission issue. [ghudson@mit.edu: renamed set_error to set_errmsg_filename; removed now-inoperative code to set extended messages in helper functions; trimmed changes to interpret_errno; clarified and shortened commit message] ticket: 8052 (new) 
When a FILE ccache method returns an error, append the filename to the
standard message for the code.  Remove code to set extended messages
in helper functions as they would just be overwritten.

Also change the interpretation of errno values.  Treat ENAMETOOLONG as
KRB5_FCC_NOFILE instead of KRB5_FCC_INTERNAL, since it has an external
cause and a name that long can't be opened by normal means.  Treat
EROFS as KRB5_FCC_PERM.  Treat ENOTDIR and ELOOP as KRB5_FCC_NOFILE
instead of KRB5_FCC_PERM as both errors imply that the full pathname
doesn't exist.  Treat EBUSY and ETXTBSY as KRB5_CC_IO instead of
KRB5_FCC_PERM as they indicate a conflict rather than a permission
issue.

[ghudson@mit.edu: renamed set_error to set_errmsg_filename; removed
now-inoperative code to set extended messages in helper functions;
trimmed changes to interpret_errno; clarified and shortened commit
message]

ticket: 8052 (new)
Use OFD locks where available 2014-12-15T20:22:39+00:00 Greg Hudson ghudson@mit.edu 2014-10-07T16:12:11+00:00 0008014a748310e38b3e4d69e3227af935e86cf7 Linux 3.15 has added OFD locks, which contend with POSIX file locks but are owned by the open file description instead of the process. Use these in krb5_lock_file where available, for safer concurrency behavior. ticket: 8023 (new) 
Linux 3.15 has added OFD locks, which contend with POSIX file locks
but are owned by the open file description instead of the process.
Use these in krb5_lock_file where available, for safer concurrency
behavior.

ticket: 8023 (new)
Add err_fmt profile parameter 2014-12-07T20:11:02+00:00 Nicolas Williams nico@cryptonector.com 2014-11-12T21:50:53+00:00 8c0b9a839fdf8ef1485a85300d82e41654864719 Support the err_fmt relation in [libdefaults] which allows custom error message formatting. [ghudson@mit.edu: maintain alphabetical order in documentation and reword docs; simplify err_fmt_fmt; expand commit message] ticket: 8047 (new) 
Support the err_fmt relation in [libdefaults] which allows custom
error message formatting.

[ghudson@mit.edu: maintain alphabetical order in documentation and
reword docs; simplify err_fmt_fmt; expand commit message]

ticket: 8047 (new)
Use new error message wrapping APIs 2014-12-07T20:11:01+00:00 Nicolas Williams nico@cryptonector.com 2014-11-12T21:49:37+00:00 ebcdf02f8ec212555b1762007fa8454615900f36 Define internal names k5_prendmsg and k5_wrapmsg and use them where we amend error messages. This slightly changes the error message when we fail to construct FAST AP-REQ armor, decrypt a FAST reply, or store credentials in a gic_opts output ccache. Adjust the test suite for the latter of those changes. [ghudson@mit.edu: define and use internal names for brevity; pull in test fix from later commit; expand commit message; fix redundant separators in LDAP messages] ticket: 8046 
Define internal names k5_prendmsg and k5_wrapmsg and use them where we
amend error messages.  This slightly changes the error message when we
fail to construct FAST AP-REQ armor, decrypt a FAST reply, or store
credentials in a gic_opts output ccache.  Adjust the test suite for
the latter of those changes.

[ghudson@mit.edu: define and use internal names for brevity; pull in
test fix from later commit; expand commit message; fix redundant
separators in LDAP messages]

ticket: 8046
Add new error message wrapping APIs 2014-12-07T20:11:01+00:00 Nicolas Williams nico@cryptonector.com 2014-11-12T21:47:53+00:00 12bf3e3f3ecd58f53d4a604e318766e4264b02c1 Add four new public APIs for wrapping error messages: krb5_prepend_error_message, krb5_vprepend_error_message, krb5_wrap_error_message, and krb5_vwrap_error_message. The first two functions are from Heimdal and allow a prefix to be added to the existing message for a code. The latter two functions also allow the code to be changed. [ghudson@mit.edu: rename krb5_prepend_error_message2 to krb5_wrap_error_message; clarify doxygen comments and put them in the proper form; implement krb5_prepend_error_message in terms of krb5_wrap_error_message; fix leak and null context handling in krb5_wrap_error_message; rewrite commit message] ticket: 8046 (new) 
Add four new public APIs for wrapping error messages:
krb5_prepend_error_message, krb5_vprepend_error_message,
krb5_wrap_error_message, and krb5_vwrap_error_message.  The first two
functions are from Heimdal and allow a prefix to be added to the
existing message for a code.  The latter two functions also allow the
code to be changed.

[ghudson@mit.edu: rename krb5_prepend_error_message2 to
krb5_wrap_error_message; clarify doxygen comments and put them in the
proper form; implement krb5_prepend_error_message in terms of
krb5_wrap_error_message; fix leak and null context handling in
krb5_wrap_error_message; rewrite commit message]

ticket: 8046 (new)
Don't fdopen() in append mode in cc_file.c 2014-11-29T21:22:59+00:00 Ben Kaduk kaduk@mit.edu 2014-11-24T23:23:32+00:00 d65c504432f01eb1a03703af07356f538f16f8c6 Implementations of fdopen() are inconsistent about the state of the file offset after fdopen(., "a+") -- some position the stream at the end of the file immediately (e.g., Solaris), for both reading and writing, but others let reads occur from the beginning of the file (e.g., glibc). As it turns out, we only ever write to the file descriptor, not through stdio, so opening the file with O_APPEND and using fdopen() with "r+b" should give us sufficient append semantics, while more portably letting the stream read from the beginning of the file. This fixes the test suite on Solaris, a regression introduced by commit 6979ead5e5c24ca0ec3569eb4bef48c2e5d8a726. ticket: 8026 
Implementations of fdopen() are inconsistent about the state of
the file offset after fdopen(., "a+") -- some position the stream
at the end of the file immediately (e.g., Solaris), for both reading
and writing, but others let reads occur from the beginning of the
file (e.g., glibc).

As it turns out, we only ever write to the file descriptor, not
through stdio, so opening the file with O_APPEND and using fdopen()
with "r+b" should give us sufficient append semantics, while
more portably letting the stream read from the beginning of the file.

This fixes the test suite on Solaris, a regression introduced
by commit 6979ead5e5c24ca0ec3569eb4bef48c2e5d8a726.

ticket: 8026
Avoid infinite loop on duplicate keysalts 2014-11-20T20:44:04+00:00 Ben Kaduk kaduk@mit.edu 2014-11-20T20:44:04+00:00 c828e7cb137de3559f026dcc552a52162d9ca5cd When duplicate suppression was requested, we would enter an infinite loop upon encountering a duplicate entry, a bug introduced in commit 0918990bf1d8560d74473fc0e41d08d433da1a15 and thus present in release 1.13. Rework the conditional to avoid the loop, at the expense of additional indentation for some of the code. Ticket: 8038 tags: pullup target_version: 1.13.1 
When duplicate suppression was requested, we would enter an
infinite loop upon encountering a duplicate entry, a bug
introduced in commit 0918990bf1d8560d74473fc0e41d08d433da1a15
and thus present in release 1.13.

Rework the conditional to avoid the loop, at the expense of
additional indentation for some of the code.

Ticket: 8038
tags: pullup
target_version: 1.13.1
Fix minor cleanup issue in file ccache 2014-11-05T19:53:59+00:00 Greg Hudson ghudson@mit.edu 2014-11-04T15:13:11+00:00 16989828e9b9137b4f3c701962d838360f895636 If we fail to open the cache file in fcc_initialize, we could wind up calling close(-1) which is harmless but incorrect. Avoid this by initializing fd and conditionalizing its cleanup. ticket: 8026 
If we fail to open the cache file in fcc_initialize, we could wind up
calling close(-1) which is harmless but incorrect.  Avoid this by
initializing fd and conditionalizing its cleanup.

ticket: 8026
Fix spurious gcc warning in cc_file.c 2014-11-03T22:32:18+00:00 Greg Hudson ghudson@mit.edu 2014-11-03T22:27:00+00:00 35ab0d013f35a9840d0fbcb8de3b194eb501199d gcc 4.6.3 (present in Ubuntu 12.04) is smart enough to look at get_size and see that it does not always assign to *size_out, but not smart enough to figure out that it always assigns to *size_out when it returns 0. As a result, it outputs two warnings which we treat as errors. Add an initial assignment to *size_out at the beginning of get_size to work around this. ticket: 8026 
gcc 4.6.3 (present in Ubuntu 12.04) is smart enough to look at
get_size and see that it does not always assign to *size_out, but not
smart enough to figure out that it always assigns to *size_out when it
returns 0.  As a result, it outputs two warnings which we treat as
errors.  Add an initial assignment to *size_out at the beginning of
get_size to work around this.

ticket: 8026