krb5.git/src/plugins/kdb/ldap, branch master MIT Kerberos patches Include autoconf.h before system headers 2014-07-08T23:19:24+00:00 Greg Hudson ghudson@mit.edu 2014-07-05T15:50:58+00:00 02a1123cf44381690c28f18ab2c4ba8036200539 Include autoconf.h (either directly or via proxy) before system headers, so that feature test macros defined there can affect the system namespace. Where include order was changed, eliminate some redundant or unnecessary includes. ticket: 7961 
Include autoconf.h (either directly or via proxy) before system
headers, so that feature test macros defined there can affect the
system namespace.  Where include order was changed, eliminate some
redundant or unnecessary includes.

ticket: 7961
Simplify usage of strerror_r 2014-07-08T23:19:24+00:00 Greg Hudson ghudson@mit.edu 2014-07-05T14:23:11+00:00 6a8da91b691b8f51ac62d8142cd2fa32a69f3d15 Take advantage of the strerror_r portability wrapper to simplify code using it. Remove unused macros related to strerror_r in ldap_service_stash.c and plugins.c. ticket: 7961 
Take advantage of the strerror_r portability wrapper to simplify code
using it.  Remove unused macros related to strerror_r in
ldap_service_stash.c and plugins.c.

ticket: 7961
Tidy up k5-int.h variable name constants 2014-06-16T22:40:21+00:00 Greg Hudson ghudson@mit.edu 2014-06-13T17:52:55+00:00 d4332d0f778b55ccd5ddb05a4cd0b96354da9f39 Fix three mismatched constant names, and properly alphabetize and columnize the lists of definitions. No functional changes. 
Fix three mismatched constant names, and properly alphabetize and
columnize the lists of definitions.  No functional changes.
Treat LDAP KrbKey salt field as optional 2014-06-05T15:34:28+00:00 Greg Hudson ghudson@mit.edu 2014-05-23T23:58:41+00:00 fb5cd8df0dbd04dac4f610e68cba5b80a3cb8d48 Per the ASN.1 definition, the KrbKey salt field is optional. Since 1.7, we have been treating it as mandatory in the encoder; since 1.11, we have been treating it as mandatory in the decoder. Mostly by luck, we have been encoding a salt type of 0 when key_data_ver is 1, but we really should not be looking at key_data_type[1] or key_data_length[1] in this situation. Treat the salt field as optional in the encoder and decoder. Although the previous commit ensures that we continue to always encode a salt (without any dangerous assumptions about krb5_key_data constructors), this change will allow us to decode key data encoded by 1.6 without salt fields. This also fixes issue #7918, by properly setting key_data_ver to 2 if a salt type but no salt value is present. It is difficult to get the decoder to actually assign 2 to key_data_ver just because the salt field is there, so take care of that in asn1_decode_sequence_of_keys. Adjust kdbtest.c to match the new behavior by setting key_data_ver to 2 in both test keys. ticket: 7919 target_version: 1.12.2 tags: pullup 
Per the ASN.1 definition, the KrbKey salt field is optional.  Since
1.7, we have been treating it as mandatory in the encoder; since 1.11,
we have been treating it as mandatory in the decoder.  Mostly by luck,
we have been encoding a salt type of 0 when key_data_ver is 1, but we
really should not be looking at key_data_type[1] or key_data_length[1]
in this situation.  Treat the salt field as optional in the encoder
and decoder.  Although the previous commit ensures that we continue to
always encode a salt (without any dangerous assumptions about
krb5_key_data constructors), this change will allow us to decode key
data encoded by 1.6 without salt fields.

This also fixes issue #7918, by properly setting key_data_ver to 2 if
a salt type but no salt value is present.  It is difficult to get the
decoder to actually assign 2 to key_data_ver just because the salt
field is there, so take care of that in asn1_decode_sequence_of_keys.

Adjust kdbtest.c to match the new behavior by setting key_data_ver to
2 in both test keys.

ticket: 7919
target_version: 1.12.2
tags: pullup
Always include salt in LDAP KrbKey encoding 2014-06-05T15:34:27+00:00 Greg Hudson ghudson@mit.edu 2014-05-25T02:58:26+00:00 1825455ede7e61ab934b16262fb5b12b78a52f1a In the LDAP KDB module, ensure that every krb5_key_data we pass to asn1_encode_sequence_of_keys includes a salt type, for compatibility with the decoder in unpatched krb5 1.11 and 1.12. This is not a behavior change by itself; since 1.7 the encoder has always included a KrbKey salt field because it erroneously treats that field as non-optional. (Luckily, the encoded salt always happens to have salt type 0 because krb5_key_data constructors start with zeroed memory.) The next commit will fix the encoder and decoder to properly treat the KrbKey salt field as optional, so we need this change to ensure that our encodings remain compatible. Also fix the ASN.1 tests to set key_data_ver correctly for the sample test key data. ticket: 7919 
In the LDAP KDB module, ensure that every krb5_key_data we pass to
asn1_encode_sequence_of_keys includes a salt type, for compatibility
with the decoder in unpatched krb5 1.11 and 1.12.

This is not a behavior change by itself; since 1.7 the encoder has
always included a KrbKey salt field because it erroneously treats that
field as non-optional.  (Luckily, the encoded salt always happens to
have salt type 0 because krb5_key_data constructors start with zeroed
memory.)  The next commit will fix the encoder and decoder to properly
treat the KrbKey salt field as optional, so we need this change to
ensure that our encodings remain compatible.

Also fix the ASN.1 tests to set key_data_ver correctly for the sample
test key data.

ticket: 7919
Use k5_setmsg 2014-06-05T15:22:50+00:00 Greg Hudson ghudson@mit.edu 2014-05-24T16:15:32+00:00 a7b5808b5df9e54ef8a8a7ac24e5faad458ddbce Replace most calls to krb5_set_error_message with k5_setmsg for brevity. Leave alone plugin sources where we don't include k5-int.h (mostly PKINIT). 
Replace most calls to krb5_set_error_message with k5_setmsg for
brevity.  Leave alone plugin sources where we don't include k5-int.h
(mostly PKINIT).
Conditionalize use of LDAP_OPT_DEBUG_LEVEL 2014-02-28T23:17:48+00:00 Greg Hudson ghudson@mit.edu 2014-02-28T15:17:29+00:00 0364d0da094be0fbf3a9a08b79b6e23eaaf0d2d7 The LDAP debug level option (#7551) causes a build failure with the Solaris LDAP library, which does not have LDAP_OPT_DEBUG_LEVEL. ticket: 7870 (new) target_version: 1.12.2 tags: pullup 
The LDAP debug level option (#7551) causes a build failure with the
Solaris LDAP library, which does not have LDAP_OPT_DEBUG_LEVEL.

ticket: 7870 (new)
target_version: 1.12.2
tags: pullup
Improve LDAP KDB initialization error messages 2013-10-30T16:38:03+00:00 Greg Hudson ghudson@mit.edu 2013-10-28T15:23:11+00:00 5a77bb85294f37d1dfa4c7faedfdfb0d7faaf8dc In krb5_ldap_initialize, don't just blat the LDAP error into the extended message; give an indication of which LDAP operation we were trying to do and show what parameters we gave to it. (Also, krb5_set_error_message can handle a null context argument, so don't bother to check before calling.) ticket: 7739 (new) target_version: 1.12 tags: pullup 
In krb5_ldap_initialize, don't just blat the LDAP error into the
extended message; give an indication of which LDAP operation we were
trying to do and show what parameters we gave to it.

(Also, krb5_set_error_message can handle a null context argument, so
don't bother to check before calling.)

ticket: 7739 (new)
target_version: 1.12
tags: pullup
Avoid allocating zero key_data structures 2013-07-15T16:20:26+00:00 Greg Hudson ghudson@mit.edu 2013-07-15T16:20:26+00:00 d9457b501cbab535e5968dbdf195ca334b9fa555 When we allocate space for an array of key_data structures, make sure we allocate at least one, so we don't spuriously fail on platforms where malloc(0) returns NULL. Where we use malloc, use k5calloc instead. Where we use krb5_db_alloc or realloc, just allocate an extra entry. 
When we allocate space for an array of key_data structures, make sure
we allocate at least one, so we don't spuriously fail on platforms
where malloc(0) returns NULL.  Where we use malloc, use k5calloc
instead.  Where we use krb5_db_alloc or realloc, just allocate an
extra entry.
Fix various warnings 2013-06-07T19:19:37+00:00 Greg Hudson ghudson@mit.edu 2013-06-07T19:17:31+00:00 e51c089b745161dd6e1d64998e99d065fc22377e