[Heimdal-source-changes] [heimdal/heimdal] afc9eb: fix calling conventions

Jeffrey Altman noreply at github.com
Tis May 26 18:51:43 CEST 2020 

  Branch: refs/heads/master
  Home:   https://github.com/heimdal/heimdal
  Commit: afc9ebe08b84b9b8ea9077b678d3cd5e99c3d1f7
      https://github.com/heimdal/heimdal/commit/afc9ebe08b84b9b8ea9077b678d3cd5e99c3d1f7
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2020-05-26 (Tue, 26 May 2020)

  Changed paths:
    M kuser/kx509.c
    M lib/base/log.c
    M lib/gssapi/mech/context.c
    M lib/krb5/kx509.c

  Log Message:
  -----------
  fix calling conventions

When a function is assigned to a function pointer that is declared
with a particular calling convention, then the assigned function
must be declared with that calling convention as well.  Otherwise,
kaboom!!!

The following functions are fixed by this change:

kuser/kx509.c
  validate1()
  add1_2chain()

lib/base/log.c
  log_syslog()
  close_syslog()
  log_file()
  close_file()

lib/gssapi/mech/context.c
  gss_set_log_function()

lib/krb5/kx509.c
  certs_export_func()

Change-Id: Ib68abf739e3385e98136fa4e4f5a0240e9fce033


  Commit: f77618ef15d37b7abea2d17c00bd4aa8f2406fef
      https://github.com/heimdal/heimdal/commit/f77618ef15d37b7abea2d17c00bd4aa8f2406fef
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2020-05-26 (Tue, 26 May 2020)

  Changed paths:
    M lib/roken/stdint.hin

  Log Message:
  -----------
  roken: stdint.hin libtommath 1.2.0 needs more

libtommath 1.2.0 c403b660825f0f99451a805408f6a8ef354d1cd7
("hcrypto: import libtommath v1.2.0") needs more from stdint.h
than what Heimdal previously declared.  Add more integer type
declarations and integer MIN/MAX macros.

Also, on Windows declare 64-bit integers using __int64 as
"long long" is not supported as 64-bit type across all visual
studio compiler versions.

Change-Id: I944bedc67bcb26374ffb30eb3dfd7c6108a98fc3


  Commit: 30745617960c85586d1b8a067c89d4abecf6f465
      https://github.com/heimdal/heimdal/commit/30745617960c85586d1b8a067c89d4abecf6f465
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2020-05-26 (Tue, 26 May 2020)

  Changed paths:
    M lib/base/baselocl.h
    M lib/base/config_file.c
    M lib/base/log.c

  Log Message:
  -----------
  lib/base: introduce HEIM_BASE_USE_PATH_TOKENS

KRB5_USE_PATH_TOKENS cannot be used within lib/base as its value
is declared in lib/krb5/krb5.h.  Declare HEIM_BASE_USE_PATH_TOKENS
in lib/base/baselocl.h and test for it in
heim_config_parse_file_multi().

By conditionalizing heim_config_parse_file_multi() behavior on
KRB5_USE_PATH_TOKENS heim_expand_path_tokens() is not executed
and open() is called on a path without token substitution.  As a
result open() always fails with ENOENT.

Change-Id: I29dc018bc560519b76314232b2d51f53bde6313c


  Commit: 6bdbf3ca273d6f24e25f1277add70931d0a6a5fd
      https://github.com/heimdal/heimdal/commit/6bdbf3ca273d6f24e25f1277add70931d0a6a5fd
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2020-05-26 (Tue, 26 May 2020)

  Changed paths:
    M windows/NTMakefile.w32

  Log Message:
  -----------
  windows: revert change to ldebug

ea90ca86664c73fb8d415f3cc7baacdf8a6dd685 ("Move some infra bits of
lib/krb5/ to lib/base/ (2)") inappropriately altered the declaration
of the "ldebug" macro which stores the switches passed to "link.exe".
There is no "/RELEASE" switch and the "/DEBUG" switch instructs the
linker to produce files containing debug symbols (.pdb) which are
required for generating the Windows assemblies.

This change restores the prior behavior.

Change-Id: I61b8fd4759ba84671858f7c8275dbd25af1638e6


  Commit: aa47b5f1a37f8284e994f2acd1a769f41938c6c6
      https://github.com/heimdal/heimdal/commit/aa47b5f1a37f8284e994f2acd1a769f41938c6c6
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2020-05-26 (Tue, 26 May 2020)

  Changed paths:
    M lib/base/context.c
    M lib/hx509/cert.c

  Log Message:
  -----------
  Don't override the PATH_SEP definition if present

PATH_SEP is declared on Windows to be ";" and not ":"
by include/config.h.w32.

lib/base/context.c and lib/hx509.c must not override an existing
setting.  Otherwise, file lists cannot be separated and will be
treated as a single file name.

Change-Id: I5521188faca36e41fbae95fbb8942970eab261c8


  Commit: fde95037a8558aeaf47797f39fc9a1645819a040
      https://github.com/heimdal/heimdal/commit/fde95037a8558aeaf47797f39fc9a1645819a040
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2020-05-26 (Tue, 26 May 2020)

  Changed paths:
    M lib/krb5/get_cred.c

  Log Message:
  -----------
  lib/krb5: not_found() do not substitute the error text

not_found() is called internally with error code KRB5_CC_NOTFOUND
from find_cred() and get_cred_kdc_capath_worker() where a hard
coded error string "Matching credential not found" makes sense.
However, it is also called from krb5_get_creds() and
krb5_get_credentials_with_flags() with error codes that are
returned from the KDC where hiding the true error string
confuses the end user and hampers debugging.

This change replaces the hard coded string with the result
of krb5_get_error_message() and appends the service ticket
name.

Change-Id: I275c66c7b5783ae25029dce5b851cb389b118bcc


  Commit: 728639e8170ca72f6c2e2dbe79e7090a6d7b3dc1
      https://github.com/heimdal/heimdal/commit/728639e8170ca72f6c2e2dbe79e7090a6d7b3dc1
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2020-05-26 (Tue, 26 May 2020)

  Changed paths:
    M lib/base/config_file.c

  Log Message:
  -----------
  lib/base: heim_config_parse_debug initialize output parameters

The caller of heim_config_parse_debug() expects the output
parameters to be initialized even when the return code is non-zero.
This change initializes the output parameters in case the caller
did not.  Not all code paths assign values to the output parameters
which can result in unexpected termination of the process when
an uninitialized stack pointer is assumed to be valid.

Change-Id: Ib7530a9f16ba3e1500a7e27ccdd8ad9f0492b464


  Commit: 965121630c02240ef417a5237e0529145ed5d230
      https://github.com/heimdal/heimdal/commit/965121630c02240ef417a5237e0529145ed5d230
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2020-05-26 (Tue, 26 May 2020)

  Changed paths:
    M lib/base/config_file.c

  Log Message:
  -----------
  lib/base: heim_config_parse_dir_multi do not overwrite error

In heim_config_parse_dir_multi() do not call heim_enomem(context)
when returning ENOMEM when a better error has already been set in
the context.  Just return ENOMEM.

Change-Id: I9bd9de552b2b04b5a7328ac635e911d6e95422ef


  Commit: 58db0edea0d67e1b9a6abcc14eeb474441f50dfa
      https://github.com/heimdal/heimdal/commit/58db0edea0d67e1b9a6abcc14eeb474441f50dfa
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2020-05-26 (Tue, 26 May 2020)

  Changed paths:
    M lib/base/config_file.c

  Log Message:
  -----------
  lib/base: heim_config_parse_debug doesn't return com_err table errors

A non-zero return value from heim_config_parse_debug() means there
was an failure to open or parse the configuration data.  However, it
is not necessarily an error code.  Callers when setting an error
message must use an error code.

This change to heim_config_parse_file_multi() and
heim_config_parse_string_multi() set an error code of
HEIM_ERR_CONFIG_BADFORMAT when setting the error message.

Change-Id: I534b9af1c50e32d79799a936cb6252dab99c2a64


  Commit: 5502fa4ecaad44628d91be1edca904d701c880f4
      https://github.com/heimdal/heimdal/commit/5502fa4ecaad44628d91be1edca904d701c880f4
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2020-05-26 (Tue, 26 May 2020)

  Changed paths:
    M lib/base/config_file.c

  Log Message:
  -----------
  lib/base: heim_config_parse_file do not leak 'newfname'

Refactor heim_config_parse_file() to use a common exit and
ensure that 'newfname' is freed on all exit paths.

Change-Id: Ie805ce2f9d6cbd26a3b98dc944b40864945b6d80


  Commit: f0de5f5c43f39d45b5d9a656a80864f7a643e283
      https://github.com/heimdal/heimdal/commit/f0de5f5c43f39d45b5d9a656a80864f7a643e283
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2020-05-26 (Tue, 26 May 2020)

  Changed paths:
    M lib/base/config_file.c

  Log Message:
  -----------
  lib/base: heim_config_parse_file_multi warn if ignoring included config

At present Heimdal silently ignores included configuration files that
cannot be successfully opened or parsed.  This is done to ensure that
an administrator or configuration management tool cannot lock users
out of a machine due to an editing mistake.

This change modifies heim_config_parse_file_multi() to warn the user
if a configuration file cannot be parsed or if an included ("include"
or "includedir") configuration file cannot be opened.  Example warnings
for a configuration file starting with:

  includedir c:/temp

where some of the matching file names cannot be parsed:

  Ignoring: c:\temp\20170516:1: binding before section

or opened:

  Ignoring: open or stat c:\temp\AUAA-83: Permission denied

A top level configuration file will also generate a warning if it
can be opened but cannot be parsed successfully produces

  Ignoring: c:\temp\foo.cmd:1: binding before section
  Ignoring: C:\ProgramData\Kerberos\krb5.conf:22: unmatched }

Change-Id: I455854156f4a61e1b7dad7f96601eca23d2368eb


Compare: https://github.com/heimdal/heimdal/compare/e3dbc89f8fb6...f0de5f5c43f3

More information about the Heimdal-source-changes mailing list