From noreply at github.com Mon Mar 2 07:17:26 2020 From: noreply at github.com (Luke Howard) Date: Sun, 01 Mar 2020 22:17:26 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] aaf4cf: gss: initialize output params in test_negoex_mech Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: aaf4cf89a5ba011483917cf9fe600489e491f704 https://github.com/heimdal/heimdal/commit/aaf4cf89a5ba011483917cf9fe600489e491f704 Author: Luke Howard Date: 2020-03-02 (Mon, 02 Mar 2020) Changed paths: M lib/gssapi/test_negoex_mech.c Log Message: ----------- gss: initialize output params in test_negoex_mech test_negoex_mech, being a simple test mechanism ported from MIT that was not designed to be particularly robust, failed to initialize various output parameters such as the source name. On Heimdal this triggered an invalid read because the mechglue did not initialize those variables before calling the mechanism. This commit fixes this. Commit: 41cb135b3044ad536859209a2d28301704fe70e6 https://github.com/heimdal/heimdal/commit/41cb135b3044ad536859209a2d28301704fe70e6 Author: Luke Howard Date: 2020-03-02 (Mon, 02 Mar 2020) Changed paths: M lib/gssapi/test_negoex_mech.c Log Message: ----------- gss: plug leak in test_negoex_mech test_negoex_mech should free the result of calling decode_GSSAPIContextToken() Commit: e8de24f236ed5fdfec184e5cc8b2aceae2d2ba57 https://github.com/heimdal/heimdal/commit/e8de24f236ed5fdfec184e5cc8b2aceae2d2ba57 Author: Luke Howard Date: 2020-03-02 (Mon, 02 Mar 2020) Changed paths: M lib/gssapi/mech/gss_accept_sec_context.c Log Message: ----------- gss: initialize mech output parameters in mechglue Initialize mechanism output parameters before calling mechanism GSS_Accept_sec_context(), to behave robustly with poorly implemented mechanisms that may return before initializing them. Compare: https://github.com/heimdal/heimdal/compare/839b073facd2...e8de24f236ed From noreply at github.com Mon Mar 2 17:56:30 2020 From: noreply at github.com (Nico Williams) Date: Mon, 02 Mar 2020 08:56:30 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] b2823c: Move some infra bits of lib/krb5/ to lib/base/ (1) Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: b2823cbd74ad94e704cb8d6b9cac571a34f1e8b3 https://github.com/heimdal/heimdal/commit/b2823cbd74ad94e704cb8d6b9cac571a34f1e8b3 Author: Nicolas Williams Date: 2020-03-02 (Mon, 02 Mar 2020) Changed paths: A lib/base/config_file.c A lib/base/config_reg.c A lib/base/expand_path.c A lib/base/log.c A lib/base/plugin.c A lib/base/warn.c R lib/krb5/config_file.c R lib/krb5/config_reg.c R lib/krb5/expand_path.c R lib/krb5/log.c R lib/krb5/plugin.c R lib/krb5/warn.c Log Message: ----------- Move some infra bits of lib/krb5/ to lib/base/ (1) This is the first of two commits in a series that must be picked together. This series of two commits moves parts of lib/krb5/ infrastructure functionality to lib/base/, leaving behind wrappers. This commit only renames files to enable git log/diff/blame to follow the renames: to help future code archeology, and to make reviewing these two commits easier. The next commit in this series ensures that the moved files have the correct content (i.e., defining heim APIs instead of krb5 APIs), and will create files in lib/krb5 with the same names and krb5 API wrappers around the new heim API functions. The next commit also explains the motivation, which, briefly, is to: - remove krb5 API usage from lib/gssapi/, - enable the use of configuration and plugins in lib/hx509/ (as well as lib/gssapi/ and future projects), and - enable the further disentanglement of bx509d from kdc/. Commit: ea90ca86664c73fb8d415f3cc7baacdf8a6dd685 https://github.com/heimdal/heimdal/commit/ea90ca86664c73fb8d415f3cc7baacdf8a6dd685 Author: Nicolas Williams Date: 2020-03-02 (Mon, 02 Mar 2020) Changed paths: M include/config.h.w32 M include/heim_threads.h M kdc/cjwt_token_validator.c M kdc/csr_authorizer.c M kdc/ipc_csr_authorizer.c M kdc/negotiate_token_validator.c M kdc/simple_csr_authorizer.c M kdc/token_validator.c M kdc/windc.c M lib/Makefile.am M lib/NTMakefile M lib/base/Makefile.am M lib/base/NTMakefile M lib/base/baselocl.h A lib/base/common_plugin.h M lib/base/config_file.c M lib/base/config_reg.c A lib/base/context.c M lib/base/expand_path.c A lib/base/heim_err.et M lib/base/heimbase.h M lib/base/log.c M lib/base/plugin.c M lib/base/version-script.map M lib/base/warn.c M lib/gssapi/NTMakefile M lib/gssapi/mech/context.c M lib/hdb/hdb.c M lib/kadm5/private.h M lib/kadm5/server_hooks.c M lib/krb5/Makefile.am M lib/krb5/NTMakefile M lib/krb5/aname_to_localname.c M lib/krb5/cache.c M lib/krb5/ccache_plugin.h R lib/krb5/common_plugin.h A lib/krb5/config_file.c M lib/krb5/context.c M lib/krb5/db_plugin.c A lib/krb5/expand_path.c R lib/krb5/heim_err.et M lib/krb5/krb5-plugin.7 M lib/krb5/krb5.h M lib/krb5/krb5_locl.h M lib/krb5/krbhst.c M lib/krb5/kuserok.c A lib/krb5/log.c M lib/krb5/pcache.c A lib/krb5/plugin.c M lib/krb5/send_to_kdc.c M lib/krb5/verify_krb5_conf.c A lib/krb5/warn.c M windows/NTMakefile.w32 Log Message: ----------- Move some infra bits of lib/krb5/ to lib/base/ (2) This is the second of two commits in a series that must be picked together. This series of two commits moves parts of lib/krb5/ infrastructure functionality to lib/base/, leaving behind wrappers. Some parts of libkrb5 are entirely generic or easily made so, and could be useful in various parts of Heimdal that are not specific to the krb5 API, such as: - lib/gssapi/ (especially since the integration of NegoEx) - lib/hx509/ - bx509d (which should really move out of kdc/) For the above we need to move these bits of lib/krb5/: - lib/krb5/config_file.c (all of it, leaving forwardings behind) - lib/krb5/config_reg.c (all of it) - lib/krb5/plugin.c (all of it, leaving forwardings behind) - lib/krb5/log.c (all of it, ditto) - lib/krb5/heim_err.et (all of it) And because of those two, these too must also move: - lib/krb5/expand_path.c (all of it, leaving forwardings behind) - lib/krb5/warn.c (just the warning functions, ditto) The changes to the moved files are mostly quite straightforward and are best reviewed with --word-diff=color. We're also creating a heim_context and a heim API to go with it. But it's as thin as possible, with as little state as necessary to enable this move. Functions for dealing with error messages use callbacks. Moving plugin.c does have one knock-on effect on all users of the old krb5 plugin API (which remains), which is that a global search and replace of struct krb5_plugin_data to struct heim_plugin_data was needed, though the layout and size of that structure doesn't change, so the ABI doesn't either. As well, we now build lib/vers/ and lib/com_err/ before lib/base/ so as to be able to move lib/krb5/heim_err.et to lib/base/ so that we can make use of HEIM_ERR_* in lib/base/, specifically in the files that moved. Once this is all done we'll be able to use config files and plugins in lib/hx509/, we'll be able to move bx509d out of kdc/, and so on. Most if not all of the new functions in lib/base/ are Heimdal-private, thus calling conventions for them are not declared. Status: - builds and passes CIs (Travis, Appveyor) - ran make check-valgrind and no new leaks or other memory errors - ready for review HOW TO REVIEW: $ # Review file moves: $ git log --stat -n1 HEAD^ $ $ # Review changes to moved files using --word-diff=color $ git log -p -b -w --word-diff=color HEAD^..HEAD \ lib/base/config_file.c \ lib/base/config_reg.c \ lib/base/expand_path.c \ lib/base/warn.c \ lib/krb5/config_file.c \ lib/krb5/config_reg.c \ lib/krb5/expand_path.c \ lib/krb5/warn.c $ $ # Review the whole thing, possibly adding -b and/or -w, and $ # maybe --word-diff=color: $ git log -p origin/master..HEAD $ git log -p -b -w origin/master..HEAD $ git log -p -b -w --word-diff=color origin/master..HEAD TBD (future commits): - make lib/gssapi use the new heimbase functions - move kx509/bx509d common code to lib/hx509/ or other approp. location - move bx509d out of kdc/ Commit: 3c0f59b658dd8f33df0e275c083f8adc4c826450 https://github.com/heimdal/heimdal/commit/3c0f59b658dd8f33df0e275c083f8adc4c826450 Author: Nicolas Williams Date: 2020-03-02 (Mon, 02 Mar 2020) Changed paths: M lib/hdb/keys.c Log Message: ----------- hdb: Fix memory leak in hdb_generate_key_set() Commit: 5ab1a2b7a673a9710b5375911a02205ad91431d1 https://github.com/heimdal/heimdal/commit/5ab1a2b7a673a9710b5375911a02205ad91431d1 Author: Nicolas Williams Date: 2020-03-02 (Mon, 02 Mar 2020) Changed paths: M appveyor.yml Log Message: ----------- appveyor: Minor improvements for debugging Compare: https://github.com/heimdal/heimdal/compare/e8de24f236ed...5ab1a2b7a673 From noreply at github.com Tue Mar 3 00:55:18 2020 From: noreply at github.com (Nico Williams) Date: Mon, 02 Mar 2020 15:55:18 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] 77619f: roken: Add base32 Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 77619f245da343dccf3c9a39c9625f524c3ae4a4 https://github.com/heimdal/heimdal/commit/77619f245da343dccf3c9a39c9625f524c3ae4a4 Author: Nicolas Williams Date: 2020-03-02 (Mon, 02 Mar 2020) Changed paths: M lib/roken/Makefile.am M lib/roken/NTMakefile A lib/roken/base32-test.c A lib/roken/base32.c A lib/roken/base32.h M lib/roken/version-script.map Log Message: ----------- roken: Add base32 Commit: a7359d689809263ef844f899c782b58e21e8165d https://github.com/heimdal/heimdal/commit/a7359d689809263ef844f899c782b58e21e8165d Author: Nicolas Williams Date: 2020-03-02 (Mon, 02 Mar 2020) Changed paths: M cf/roken-frag.m4 M lib/roken/Makefile.am M lib/roken/NTMakefile A lib/roken/mkdtemp.c M lib/roken/roken.h.in M lib/roken/version-script.map Log Message: ----------- roken: Add mkdtemp() Commit: 7bf4d76e75e904dd65a0fbb90c9cad981245f714 https://github.com/heimdal/heimdal/commit/7bf4d76e75e904dd65a0fbb90c9cad981245f714 Author: Nicolas Williams Date: 2020-03-02 (Mon, 02 Mar 2020) Changed paths: M kcm/glue.c M kuser/kinit.c M lib/gssapi/gssapi/gssapi.h M lib/gssapi/gssapi_mech.h M lib/gssapi/krb5/accept_sec_context.c M lib/gssapi/krb5/copy_ccache.c M lib/gssapi/krb5/external.c M lib/gssapi/krb5/set_cred_option.c M lib/gssapi/krb5/store_cred.c M lib/gssapi/libgssapi-exports.def M lib/gssapi/mech/gss_store_cred_into.c M lib/gssapi/ntlm/external.c M lib/gssapi/spnego/external.c M lib/gssapi/test_add_store_cred.c M lib/gssapi/version-script.map M lib/krb5/acache.c M lib/krb5/cache.c M lib/krb5/dcache.c M lib/krb5/fcache.c M lib/krb5/kcm.c M lib/krb5/krb5.h M lib/krb5/krcache.c M lib/krb5/libkrb5-exports.def.in M lib/krb5/mcache.c M lib/krb5/scache.c M lib/krb5/test_cc.c M lib/krb5/verify_krb5_conf.c M lib/krb5/version-script.map M tests/gss/check-basic.in M tests/gss/check-context.in M tests/kdc/Makefile.am M tests/kdc/check-cc.in A tests/kdc/krb5-cccol.conf.in Log Message: ----------- krb5: Improve cccol sub naming; add gss_store_cred_into2() - Formalize the TYPE:collection_name:subsidiary_name naming scheme for ccaches in ccache collections - KEYRING: ccaches are weird because they have one more optional field: the "anchor", so rather than just assume a naming convention everywhere, we add new functions as well - Add krb5_cc_{resolve,default}_sub() that allows one to specify a "subsidiary" ccache name in a collection separately from the collection name - Add krb5_cc_{resolve,default}_for() which take a principal name, unparse it, and use it as the subsidiary ccache name (with colons replaced) - Make kinit use the new interfaces - Add missing DIR ccache iteration functionality - Revamps test_cc - Add krb5_cc_get_collection() and krb5_cc_get_subsidiary() - Bump the ccops SPI version number - Add gss_store_cred_into2() - Make MEMORY:anonymous not linked into the global MEMORY ccache collection, and uses this for delegated cred handles TBD: - Split this up into a krb5 change and gss mech_krb5 change? - Add krb5_cc_init_and_store() utility, per Greg's suggestion? Compare: https://github.com/heimdal/heimdal/compare/5ab1a2b7a673...7bf4d76e75e9 From noreply at github.com Tue Mar 3 00:55:41 2020 From: noreply at github.com (Nico Williams) Date: Mon, 02 Mar 2020 15:55:41 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: Branch: refs/heads/subsidiaries-rebased Home: https://github.com/heimdal/heimdal From noreply at github.com Tue Mar 3 00:55:42 2020 From: noreply at github.com (Nico Williams) Date: Mon, 02 Mar 2020 15:55:42 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: Branch: refs/heads/subsidiaries Home: https://github.com/heimdal/heimdal From noreply at github.com Wed Mar 4 21:12:19 2020 From: noreply at github.com (Nico Williams) Date: Wed, 04 Mar 2020 12:12:19 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] c6b891: krb5: Init mutex of anon MEMORY ccaches Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: c6b891556edb509f7075c3c4a34f30a5eee8000d https://github.com/heimdal/heimdal/commit/c6b891556edb509f7075c3c4a34f30a5eee8000d Author: Nicolas Williams Date: 2020-03-04 (Wed, 04 Mar 2020) Changed paths: M lib/krb5/mcache.c Log Message: ----------- krb5: Init mutex of anon MEMORY ccaches From noreply at github.com Thu Mar 5 22:05:37 2020 From: noreply at github.com (Nico Williams) Date: Thu, 05 Mar 2020 13:05:37 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: Branch: refs/heads/subsidiaries Home: https://github.com/heimdal/heimdal From noreply at github.com Thu Mar 5 22:05:43 2020 From: noreply at github.com (Nico Williams) Date: Thu, 05 Mar 2020 13:05:43 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: Branch: refs/heads/subsidiaries-rebased Home: https://github.com/heimdal/heimdal From noreply at github.com Fri Mar 6 18:56:06 2020 From: noreply at github.com (Daria Phoebe Brashear) Date: Fri, 06 Mar 2020 09:56:06 -0800 Subject: [Heimdal-source-changes] [heimdal/heimdal] bfcc7a: kdc kx509: avoid double free of cprinc and s in ch... Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: bfcc7a90ed1a7fcbe214d6bf29f7f98a0374be8f https://github.com/heimdal/heimdal/commit/bfcc7a90ed1a7fcbe214d6bf29f7f98a0374be8f Author: Daria Phoebe Brashear Date: 2020-03-06 (Fri, 06 Mar 2020) Changed paths: M kdc/kx509.c Log Message: ----------- kdc kx509: avoid double free of cprinc and s in check_authz on error from der_parse_heim_old we early exit via out, which frees s and cprinc; we should not do so a second time unless we explicitly NULL the pointers but there is no value in doing so. Commit: c2a70414026143b7e8da5d56e229c950359a7ff4 https://github.com/heimdal/heimdal/commit/c2a70414026143b7e8da5d56e229c950359a7ff4 Author: Daria Phoebe Brashear Date: 2020-03-06 (Fri, 06 Mar 2020) Changed paths: M lib/krb5/mk_cred.c Log Message: ----------- krb5_mk_ncred: clean enc_krb_cred_part before use the early exit case can try to free enc_krb_cred_part, which will be stack garbage. clear it before it's used. Commit: efba1c21e974381b43ee617a2009d795a9a58131 https://github.com/heimdal/heimdal/commit/efba1c21e974381b43ee617a2009d795a9a58131 Author: Daria Phoebe Brashear Date: 2020-03-06 (Fri, 06 Mar 2020) Changed paths: M lib/kadm5/randkey_c.c Log Message: ----------- lib/kadm5 kadm5_c_randkey_principal allow keyblock cleanup on error the code to perform cleanup is present but an overzealous goto out precludes it from being called. break from our for loop in event of error and allow cleanup to take place Commit: 59d132f82569282f0cf2a10d80ce468f644c9871 https://github.com/heimdal/heimdal/commit/59d132f82569282f0cf2a10d80ce468f644c9871 Author: Daria Phoebe Brashear Date: 2020-03-06 (Fri, 06 Mar 2020) Changed paths: M lib/hdb/ndbm.c Log Message: ----------- hdb: don't use lock_file name after free in open_lock_file Commit: c295233648eadf899edd01681b8f6e9827986cf4 https://github.com/heimdal/heimdal/commit/c295233648eadf899edd01681b8f6e9827986cf4 Author: Daria Phoebe Brashear Date: 2020-03-06 (Fri, 06 Mar 2020) Changed paths: M lib/base/log.c Log Message: ----------- lib/base log_file should free filename in all cases once we've used the filename we built, free it before exit Commit: bcb5ed28fbe25d3b207d17ddd2f420f938a4ef03 https://github.com/heimdal/heimdal/commit/bcb5ed28fbe25d3b207d17ddd2f420f938a4ef03 Author: Daria Phoebe Brashear Date: 2020-03-06 (Fri, 06 Mar 2020) Changed paths: M kdc/kx509.c Log Message: ----------- kdc/kx509.c: clean up krb5_get_error_message strings used for mk_error_resp mk_error_response expects the strings it builds will need to be freed but not those passed in; krb5_get_error_message generates a string which needs to be freed. keep track of and free those strings. Compare: https://github.com/heimdal/heimdal/compare/c6b891556edb...bcb5ed28fbe2 From noreply at github.com Sun Mar 8 15:34:58 2020 From: noreply at github.com (Jeffrey Altman) Date: Sun, 08 Mar 2020 07:34:58 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 99a71b: kdc: kx509.c fix build failures Message-ID: Branch: refs/heads/jaltman/fix-pr679 Home: https://github.com/heimdal/heimdal Commit: 99a71b85c87b27123da193f3642ec93ea34d479d https://github.com/heimdal/heimdal/commit/99a71b85c87b27123da193f3642ec93ea34d479d Author: Jeffrey Altman Date: 2020-03-08 (Sun, 08 Mar 2020) Changed paths: M kdc/kx509.c Log Message: ----------- kdc: kx509.c fix build failures bcb5ed28fbe25d3b207d17ddd2f420f938a4ef03 ("kdc/kx509.c: clean up krb5_get_error_message strings used for mk_error_resp") introduced a build failure. 'context' is not a local variable but a field in the kx509_req_context. Change-Id: I38a8a9b1a19c3370dfc039d6e09445425936c32b From noreply at github.com Sun Mar 8 17:01:37 2020 From: noreply at github.com (Jeffrey Altman) Date: Sun, 08 Mar 2020 09:01:37 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 713aa7: kdc: kx509.c fix build failures Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 713aa7961aff4220ce21055e674abe79472761cb https://github.com/heimdal/heimdal/commit/713aa7961aff4220ce21055e674abe79472761cb Author: Jeffrey Altman Date: 2020-03-08 (Sun, 08 Mar 2020) Changed paths: M kdc/kx509.c Log Message: ----------- kdc: kx509.c fix build failures bcb5ed28fbe25d3b207d17ddd2f420f938a4ef03 ("kdc/kx509.c: clean up krb5_get_error_message strings used for mk_error_resp") introduced a build failure. 'context' is not a local variable but a field in the kx509_req_context. Change-Id: I38a8a9b1a19c3370dfc039d6e09445425936c32b From noreply at github.com Sun Mar 8 17:01:40 2020 From: noreply at github.com (Jeffrey Altman) Date: Sun, 08 Mar 2020 09:01:40 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] Message-ID: Branch: refs/heads/jaltman/fix-pr679 Home: https://github.com/heimdal/heimdal From noreply at github.com Fri Mar 13 03:02:59 2020 From: noreply at github.com (Nico Williams) Date: Thu, 12 Mar 2020 19:02:59 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 86bb80: Revert cccol changes to kinit Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 86bb80d7cf3d99cec3ac28d1588d91dae0a97244 https://github.com/heimdal/heimdal/commit/86bb80d7cf3d99cec3ac28d1588d91dae0a97244 Author: Nicolas Williams Date: 2020-03-12 (Thu, 12 Mar 2020) Changed paths: M kuser/kinit.c Log Message: ----------- Revert cccol changes to kinit Commit: bc5070d36f94acbe4b608b4e109f32838b5aab19 https://github.com/heimdal/heimdal/commit/bc5070d36f94acbe4b608b4e109f32838b5aab19 Author: Nicolas Williams Date: 2020-03-12 (Thu, 12 Mar 2020) Changed paths: M lib/krb5/context.c M lib/krb5/libkrb5-exports.def.in M lib/krb5/version-script.map Log Message: ----------- krb5: Add krb5_set_config() for test_cc Commit: 3a1f700cef7d6c1c0e1fb04b8f782e2f87077079 https://github.com/heimdal/heimdal/commit/3a1f700cef7d6c1c0e1fb04b8f782e2f87077079 Author: Nicolas Williams Date: 2020-03-12 (Thu, 12 Mar 2020) Changed paths: M lib/gssapi/krb5/store_cred.c Log Message: ----------- gsskrb5: Add unique ccache k/v for cred store This will allow sshd and such to be configured to request unique ccache names. Commit: f70ccfa967eaf3f7201073ef117b9d00ccc75339 https://github.com/heimdal/heimdal/commit/f70ccfa967eaf3f7201073ef117b9d00ccc75339 Author: Nicolas Williams Date: 2020-03-12 (Thu, 12 Mar 2020) Changed paths: M lib/krb5/cache.c M lib/krb5/context.c M lib/krb5/dcache.c Log Message: ----------- krb5: Restore FILE as the default ccache type Commit: f3e6c4ffd45a11cb055b2b6039cc124dd7886808 https://github.com/heimdal/heimdal/commit/f3e6c4ffd45a11cb055b2b6039cc124dd7886808 Author: Nicolas Williams Date: 2020-03-12 (Thu, 12 Mar 2020) Changed paths: M lib/krb5/cache.c M lib/krb5/fcache.c M lib/krb5/krb5.conf.5 M lib/krb5/test_cc.c Log Message: ----------- krb5: Make FILE ccache type a collection type! Commit: 64d5f86ec3b7089a3cf8eee49e3bf9bbdef9d545 https://github.com/heimdal/heimdal/commit/64d5f86ec3b7089a3cf8eee49e3bf9bbdef9d545 Author: Nicolas Williams Date: 2020-03-12 (Thu, 12 Mar 2020) Changed paths: M lib/base/config_reg.c M lib/gssapi/gssapi/gssapi.h M lib/gssapi/krb5/store_cred.c M lib/gssapi/mech/gss_utils.c M lib/hx509/ks_file.c M lib/hx509/name.c M lib/hx509/req.c M lib/kadm5/ipropd_master.c M lib/krb5/acache.c M lib/krb5/cache.c M lib/krb5/context.c M lib/krb5/kx509.c M lib/krb5/plugin.c M lib/krb5/scache.c M lib/krb5/store_sock.c M lib/krb5/store_stdio.c M lib/roken/getauxval.c M lib/roken/getuserinfo.c M lib/roken/roken.h.in M lib/roken/sleep.c Log Message: ----------- Fix warnings (some bugs, some spurious) Many spurious VC warnings not quieted though. Commit: 7dae771eefb29b57d5d4a4d507d5a847258e0179 https://github.com/heimdal/heimdal/commit/7dae771eefb29b57d5d4a4d507d5a847258e0179 Author: Nicolas Williams Date: 2020-03-12 (Thu, 12 Mar 2020) Changed paths: M kuser/kinit.1 M kuser/kinit.c M tests/kdc/check-cc.in Log Message: ----------- kinit: Add --cache-default-for flag (fix check-cc) Commit: 02db43a1aede9cbafc7908333abf83680567aeca https://github.com/heimdal/heimdal/commit/02db43a1aede9cbafc7908333abf83680567aeca Author: Nicolas Williams Date: 2020-03-12 (Thu, 12 Mar 2020) Changed paths: M kuser/kinit.c Log Message: ----------- kinit: Prefer the default ccache when user_realm If using the new --cache-default-for option, use the real default if the principal is the best principal for the user. A principal is the best principal for a user when the principal has just one component, the component is the user's username, and the realm is the configured user_realm. Commit: 312f353b986f37b4868b826989841a1f981fe8d0 https://github.com/heimdal/heimdal/commit/312f353b986f37b4868b826989841a1f981fe8d0 Author: Nicolas Williams Date: 2020-03-12 (Thu, 12 Mar 2020) Changed paths: M lib/gssapi/krb5/store_cred.c Log Message: ----------- gss: Prefer the default ccache when user_realm gss_store_cred_into*() will now switch the new cred cache to be the primary/default cred cache when - the caller requested it and, - if the caller passed in a user name, the creds' principal is the best principal for the named user. A principal is the best principal for a user when the principal has just one component, the component is the user's username, and the realm is the configured user_realm. Compare: https://github.com/heimdal/heimdal/compare/713aa7961aff...312f353b986f From noreply at github.com Fri Mar 13 05:11:03 2020 From: noreply at github.com (Nico Williams) Date: Thu, 12 Mar 2020 21:11:03 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 327d7e: Fix Appveyor Windows build Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 327d7e7b435406c58a6f770c2859c6ce17f8f675 https://github.com/heimdal/heimdal/commit/327d7e7b435406c58a6f770c2859c6ce17f8f675 Author: Nicolas Williams Date: 2020-03-12 (Thu, 12 Mar 2020) Changed paths: M kuser/NTMakefile Log Message: ----------- Fix Appveyor Windows build From noreply at github.com Sat Mar 14 00:14:25 2020 From: noreply at github.com (Nico Williams) Date: Fri, 13 Mar 2020 16:14:25 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 93d638: gss: Fix default cache preference Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 93d638a48612b982d5579361ce435033f4a4119a https://github.com/heimdal/heimdal/commit/93d638a48612b982d5579361ce435033f4a4119a Author: Nicolas Williams Date: 2020-03-13 (Fri, 13 Mar 2020) Changed paths: M lib/gssapi/krb5/store_cred.c Log Message: ----------- gss: Fix default cache preference From noreply at github.com Sat Mar 14 01:05:55 2020 From: noreply at github.com (Nico Williams) Date: Fri, 13 Mar 2020 17:05:55 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] d725f2: gss: Sometimes set KRB5CCNAME when not overwriting Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: d725f28384919bdc33a7e098581434412ea00687 https://github.com/heimdal/heimdal/commit/d725f28384919bdc33a7e098581434412ea00687 Author: Nicolas Williams Date: 2020-03-13 (Fri, 13 Mar 2020) Changed paths: M lib/gssapi/krb5/store_cred.c Log Message: ----------- gss: Sometimes set KRB5CCNAME when not overwriting From noreply at github.com Wed Mar 18 01:14:27 2020 From: noreply at github.com (Nico Williams) Date: Tue, 17 Mar 2020 17:14:27 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 4c736c: krb5: Allow rename of empty FILE ccaches Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 4c736cbeecccc9a1b296fe6087c01b37ce2ecc96 https://github.com/heimdal/heimdal/commit/4c736cbeecccc9a1b296fe6087c01b37ce2ecc96 Author: Nicolas Williams Date: 2020-03-17 (Tue, 17 Mar 2020) Changed paths: M lib/krb5/fcache.c Log Message: ----------- krb5: Allow rename of empty FILE ccaches Commit: a8874a62bbf041b469874fe2e20e5752dfe29b32 https://github.com/heimdal/heimdal/commit/a8874a62bbf041b469874fe2e20e5752dfe29b32 Author: Nicolas Williams Date: 2020-03-17 (Tue, 17 Mar 2020) Changed paths: M kuser/kinit.1 M kuser/kinit.c M lib/krb5/acache.c M tests/kdc/check-cc.in Log Message: ----------- krb5: Fix kinit harder The previous fixes for using `krb5_cc_default_for()` weren't quite correct. Compare: https://github.com/heimdal/heimdal/compare/d725f2838491...a8874a62bbf0 From noreply at github.com Fri Mar 20 20:43:40 2020 From: noreply at github.com (Nico Williams) Date: Fri, 20 Mar 2020 12:43:40 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 8f3b5e: krb5: Use sqlite3_close(), not v2 Message-ID: Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 8f3b5e0862cf66a39cb6fdeacacafb585c5852c9 https://github.com/heimdal/heimdal/commit/8f3b5e0862cf66a39cb6fdeacacafb585c5852c9 Author: Nicolas Williams Date: 2020-03-17 (Tue, 17 Mar 2020) Changed paths: M lib/krb5/scache.c Log Message: ----------- krb5: Use sqlite3_close(), not v2 Commit: cc6a3f337bac0411d0bb1c924fd857603a258d2f https://github.com/heimdal/heimdal/commit/cc6a3f337bac0411d0bb1c924fd857603a258d2f Author: Nicolas Williams Date: 2020-03-17 (Tue, 17 Mar 2020) Changed paths: M lib/hcrypto/Makefile.am Log Message: ----------- hcrypto: Fix Makefile build race Commit: 31a73c3c2730cfc0aefad42ef1908828181029f1 https://github.com/heimdal/heimdal/commit/31a73c3c2730cfc0aefad42ef1908828181029f1 Author: Nicolas Williams Date: 2020-03-18 (Wed, 18 Mar 2020) Changed paths: M lib/krb5/fcache.c Log Message: ----------- List FILE collection even when KRB5CCNAME is a sub Setting KRB5CCNAME=/tmp/krb5cc_${UID}+${princ} should not prevent listing the FILE collection. Commit: 7055365f47d94d9f1f089afab556bf17414dff44 https://github.com/heimdal/heimdal/commit/7055365f47d94d9f1f089afab556bf17414dff44 Author: Nicolas Williams Date: 2020-03-18 (Wed, 18 Mar 2020) Changed paths: M lib/gssapi/krb5/store_cred.c M tests/gss/check-basic.in Log Message: ----------- Expand tokens in gss cred store "ccache" value This is needed so that sshd and such can get make practical use of the "ccache" key in GSS cred stores. This commit only changes the store path, not the acquisition path. Compare: https://github.com/heimdal/heimdal/compare/a8874a62bbf0...7055365f47d9