strlen(filepath) when !filepath isnt going to work very well. i believe
this to be the intent of the author of the original patch.
Change-Id: Ib78c5a189b6980223946aff9cf027419127c35bd
Reviewed-on: http://gerrit.openafs.org/5328
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Lion's Kerberos is rather unfortunate. deal with the multitude of
missing functionalities by hardcoding this case here.
Change-Id: I95f9136cecb476f70fe694847a518eabd2d1ef44
Reviewed-on: http://gerrit.openafs.org/5240
Tested-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Add the -config option to aklog so that a different configuration
directory location can be specified on the command line for testing
purposes.
Change-Id: Ic5f8d778304a43c823e53bf1855a3e6bf426f80c
Reviewed-on: http://gerrit.openafs.org/5170
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
ubik_PR_NameToID is a low level function which requires a large amount
of setup from the caller. Instead, use pr_Initialize() and pr_SNameToId()
which do all of the work in a library.
Change-Id: I6b8d50c3d16eb258a4a81335790be2654c4fb191
Reviewed-on: http://gerrit.openafs.org/5082
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Move the definitions of the INSTALL_* variables out to
Makefile.config rather than replicating them in each file.
Change-Id: I5f74dcbf544a93716994418bee3be2c51a2a82d0
Reviewed-on: http://gerrit.openafs.org/4781
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
When commit 3f54c934b9 removed all of
the Windows code from aklog, it missed the stuff in aklog.h. Get
rid of this too, for clarity.
Change-Id: I6d408ffc313d18fd512fa03494a15ec628f1e292
Reviewed-on: http://gerrit.openafs.org/4782
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Rewrite the asetkey binary so that it can support managing extended
key files.
Change-Id: Iad53e8cd4c193d8410d5f85d46d72629399b3189
Reviewed-on: http://gerrit.openafs.org/4574
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
This reverts commit 65186d8390, which
was mistakenly merged to the wrong branch.
Change-Id: I3b2bf874cca15b4248978575213eae21ece2207f
Reviewed-on: http://gerrit.openafs.org/4519
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
We weren't actually returning a token and username from
rxkad_get_converted_token. Do so.
This is a 1.6-specific change. This issue was fixed on master when
aklog was changed to use the new SetTokenEx family of pioctls in
commit 53837416cb.
Change-Id: I4c85c03be00c45fdae5657554dcd85b3a6301b23
Reviewed-on: http://gerrit.openafs.org/4513
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
A DES key is a DES key. Permit importing CRC, MD5 and MD4
when using non-MIT keytab support.
Add a special error message that specifies what principal
name, kvno, and enctype were being searched for when the
error is KRB5_KT_NOTFOUND.
Change-Id: I7d3b5fbc41db5e5e91278854ce52842720e6b5d3
Reviewed-on: http://gerrit.openafs.org/4458
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
We were shipping our own implementation of snprintf and friends, as
afs_snprintf. Now that we're using roken everywhere, we can make use
of roken's rk_snprintf, and no longer need to ship our own.
As Window's snprintf isn't C99 compliant, roken always uses its own
on this platform. The effect of this is that we can no longer use
AFS_UINT64_FMT and AFS_INT64_FMT for snprintf calls (and the Log
functions that call them). Instead, we need to always use the
Unix format specifiers when calling these functions.
Make thse changes across the whole tree.
Change-Id: I3fffef97566f239ad639f15c4decd136d5bbd765
Reviewed-on: http://gerrit.openafs.org/4316
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Since we adopted libroken, we get a lot of header includes automatically
from roken.h. Use these, instead of including lots of things multiple
times.
Also add pwd.h to the list of headers that we check for in configure,
and that roken will include if they are available
Change-Id: I61ab95eeca11127a33bb668dddfc24ec6ce7f8f1
Reviewed-on: http://gerrit.openafs.org/4303
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Now that we're using hcrypto for DES, rather than rolling our own,
we don't need to specific NO_DES_H_INCLUDE, so get rid of it.
Change-Id: Id370ddacb0a57264cc8f5cdda3c59fbb627708af
Reviewed-on: http://gerrit.openafs.org/4302
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
In aklog, we set MODULE_CFLAGS to XCFLAGS and some other things.
However, when using AFS_LDRULE or AFS_CCRULE, CFLAGS will contain
MT_CFLAGS, which contains XCFLAGS. The end result is that the contents
of XCFLAGS appear twice in the compilation invocation, breaking some
platforms like HP-UX where the order of XCFLAGS relative to other
things is a bit fragile.
Fix this by removing XCFLAGS from the MODULE_CFLAGS definition.
Change-Id: I5eef9764d758885a995269edc5bef91ff06db8b5
Reviewed-on: http://gerrit.openafs.org/3960
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The aklog Makefile was setting XCFLAGS, but then not actually using them
which meant that we never used the correct include path for the Kerberos
libraries, or defined ALLOW_REGISTER
Change-Id: Iae573bc216b42bdf9aa49e9f5f42a883e08b6265
Reviewed-on: http://gerrit.openafs.org/3766
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
This change removes all of the local crypto use in userspace, in
favour of using our shiny new afshcrypto library.
Change-Id: Iac21b42e49bac424cc28c449a31f2da44121b7e5
Reviewed-on: http://gerrit.openafs.org/2577
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
A minimal change set to get libroken to build on Windows. Sadly,
libroken contains definitions for a number of platform compatibility
macros which were previously scattered throughout the windows code.
These scattered macros have to be removed in order to build libroken.
The impact of this removal is that a very large number of files
throughout the tree require the addition of "roken.h" to pick up the
new compatibility code. The bulk of this change is adding these
includes.
In addition, some of the added includes add roken dependencies to the
Unix build. So, also add libroken to the build rules in affected Unix
Makefiles.
Change-Id: Ifba431bd37e67b1e273fbc6f69b805a232193456
Reviewed-on: http://gerrit.openafs.org/3205
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
IRIX apparently has enough krb5 to try building aklog, but no
error_message. ok. so let's cope
Change-Id: I3cb6d529829de348f73d5c9f5380e153f8ccce52
Reviewed-on: http://gerrit.openafs.org/3208
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Rework the unix build system so that we support taking CFLAGS and
LDFLAGS from the command line, and don't replace them with our own
settings. Also, take the opportunity to bring some sanity and
consistency into our Makefiles.
The standard Makefile.config now defines rules for LWP, pthreaded
and shared library builds. The CFLAGS settings for these are
called LWP_CFLAGS, PTH_CFLAGS and SHD_CFLAGS, respectively.
Similarly named variables are provided for LDFLAGS.
A module may select to use a particular build type for its suffix
rule by including either Makefile.lwp, Makefile.pthread or
Makefile.shared from src/config. This creates an appropriate .c.o
suffix rule, defines AFS_CFLAGS and AFS_LDFLAGS as appropriate, and
creates two rules AFS_CCRULE and AFS_LDRULE, which can be used to
build, and link objects. For example:
foo.o: foo.c
$(AFS_CCRULE) foo.c
foo: foo.o
$(AFS_LDRULE) foo.o
If a you wish to override the CFLAGS or LDFLAGS for an object build
using these rules (or through the .c.o suffix rule) you can do so,
by defining CFLAGS_<object> or LDFLAGS_<object>. For example:
CFLAGS_foo.o= -DDEBUG
LDFLAGS_foo = -ldebugging
A module may also alter the behaviour of the compile and link steps
module wide by defining MODULE_CFLAGS or MODULE_LDFLAGS.
This functionality is now used throughout the tree:
*) Suffix rules are used wherever possible, removing a number of
unecessary build rules.
*) All link steps are replaced with AFS_LDRULE
*) All standard compile steps are replaced with AFS_CCRULE
*) Unusal compile steps are defined, as far as possible, int
terms of the LWP_ PTH_ and SHD_ variables.
*) The use of $? has been removed entirely, as it makes it
impossible to provide build rules with dependency information
Change-Id: If76207e45da402a0ed9d7c1bdbe83c58c911a4f2
Reviewed-on: http://gerrit.openafs.org/2896
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Fix some format warnings (size_t vs int) which only appear when we're
building with Heimdal.
Change-Id: I7313ea1a7e01532b11fc6039a8a56e0fd874c347
Reviewed-on: http://gerrit.openafs.org/2740
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
The tests for the various ways of enabling weak cryptography fail
with current Heimdal master, because it defines krb5_allow_weak_crypto
but does not prototype it.
Fix this by testing for the Heimdal version (which MIT does not provide)
first, and only if that's not available, try to use allow_weak_crypto.
Change-Id: I559d5fd40c196fefc947dd0f7b10ed78fbd2c7e6
Reviewed-on: http://gerrit.openafs.org/2739
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Make aklog use the new extended ktc set token function when storing
tokens.
Change-Id: I2e84cda2bf8a4c6c9f6627569cae2d34fd7b5c0f
Reviewed-on: http://gerrit.openafs.org/2583
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
The ifdefs in klog_prompter were getting a bit confusing. Split out
some logic into a separate "is this prompt a password prompt"
function. As a result, we can build without KRB5_PROMPT_TYPE_PASSWORD
defined, which happens to be the case on hp_ux11i.
Change-Id: I1d5f794bfc33017f699478e367cde91a3e77d33c
Reviewed-on: http://gerrit.openafs.org/2353
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
In auth_to_cell(), we only strdup() into the linkedcell argument
if there is a linkedCell in the current cellconf. However, in
main(), we free linkedcell if it is non-NULL, but it is allocated
on the stack and could contain garbage. free() chokes on such
garbage, causing aklog to abort().
If we copy nothing into linkedcell, set it to NULL so that we
do not attempt to free the bogus pointer.
Change-Id: I92905a5f17021ce1bc41909f5ceb1b0344456d93
Reviewed-on: http://gerrit.openafs.org/2213
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Fix various warnings in the aklog and klog code when building with
Heimdal. Use krb5_get_init_creds_opt_alloc if it's available rather
than allocating the struct off the stack, since the _opt_init
function is deprecated.
Change-Id: Ieff986121de9078e9402b0a51a8855655330caba
Reviewed-on: http://gerrit.openafs.org/2082
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Previously, building with Kerberos support required either passing a
flag to configure giving the location of a krb5-config script, or
manually setting variables specifying the Kerberos libraries and
header path. Replace that code with code that checks for Kerberos
libraries automatically and builds the Kerberos code if any were
found, with support for doing direct library probing if there is no
krb5-config script.
Add several platform-specific overrides directly into the configure
support, so we should be able to build out of the box on Mac OS X 10.3,
HP-UX, and AIX Kerberos with the new probes.
The Kerberos Autoconf macros are now the versions that come with
rra-c-util and are tested with multiple other packages, so both
OpenAFS and those packages will be able to benefit from further
portability improvements.
Update README for the new building instructions, documenting how to
configure the Kerberos probes if they can't automatically figure out
the location and flags for Kerberos on your system.
Change-Id: Ia35bb0dbc6b94c6b4dfe8165388447dbfcb31a29
Reviewed-on: http://gerrit.openafs.org/2026
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
When klog saved the password entered by the user to allow attempts
at multiple AFS principals without reprompting, it copied the whole
buffer according to the declared reply length into local storage.
This was done without regard to the local allocated storage size,
and was then nul-terminated without regard to the allocated storage
size. Both klog and Heimdal use a size of BUFSIZ for the reply
buffer by default, which meant that klog on Heimdal was writing past
the end of the allocated structure when nul-terminating the password.
Store our allocated buffer size in the struct and only copy at most
one fewer than that many characters, and then nul-terminate
accordingly.
(The assumption that BUFSIZ is always long enough is still bogus,
but that's larger surgery.)
Change-Id: Ic8d4357aad2f8dfa0fffe9849d2546a88ecd246a
Reviewed-on: http://gerrit.openafs.org/2129
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
if you're disabling krb524, these variables are unused. make them
not be part of such a compile
Change-Id: Ib10e8fc82614b7a821daa7c77540ce246551cb0a
Reviewed-on: http://gerrit.openafs.org/2066
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
aklog was previously writing the magic AFS ID string into previously
alloated memory with sprintf, but the variable in question was only
as long as the username, so this code could overwrite memory and lead
to heap corruption. Free previously allocated memory and use
afs_asprintf to format the AFS ID string instead.
Change-Id: I7649864817340764c39c176606a9a543c10983c9
Reviewed-on: http://gerrit.openafs.org/1706
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
initialize the rest that we might need
Change-Id: If4e02add67994ae5397c60de3e64c072c3512a2e
Reviewed-on: http://gerrit.openafs.org/1661
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Rename dprintf to afs_dprintf to avoid potential conflict with
system headers on some platforms.
Change-Id: I2aef6a55c00ddf8a312531cc1203b3baaca4cd73
Reviewed-on: http://gerrit.openafs.org/1342
Tested-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Pull the token management operations (get, set and compare tokens) out
into their own functions. Again, this is purely a refactoring exercise -
no behaviour changes are anticipated as a result of this change.
Change-Id: I9c64a319fcaa2edeb492c7822f9bae64c91cc20c
Reviewed-on: http://gerrit.openafs.org/1326
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
This change refactors all of the rxkad specific token acquisition code
out of the common auth_cell loop, and into a number of functions of its
own. There should be no functional changes.
Change-Id: I61314588ba4db6b85db03314d4524322f74c9230
Reviewed-on: http://gerrit.openafs.org/1325
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
aklog was scattered with things like
if (dflag) {
printf("Oh no, the world is ending\n");
}
Simplify these by adding a dprintf() function, which only prints its
arguments if dflag is defined. Use this throughout the code.
Change-Id: I673942e9ea6a8b96ea9d11a608cfaeaf00098b88
Reviewed-on: http://gerrit.openafs.org/1324
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
An earlier patch added the new get_realm_from_cred function,
but failed to update the callsite to use it. Fix that.
Change-Id: I9e9d7545b20df041400d140e80c7f018b033043e
Reviewed-on: http://gerrit.openafs.org/1334
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Assorted small changes to the way realms are handled by aklog:
* Remove static buffers when realms are passed between functions
* Add cleanup for all dynamically allocated strings to auth_to_cell
* Create an extract_realm helper function to handle extracting realm
information from principals.
* Add a function to handle extracting realm information from decoded
tickets
Change-Id: I320389033f4862d30774b40103e536fd5bac841b
Reviewed-on: http://gerrit.openafs.org/1323
Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
confname makes a static copy of the AFSDIR_CLIENT_ETC_DIRPATH string. As
pr_Initialize takes it as const, there's no need to maintain our own
copy, and so this is superfluous. Remove it.
Change-Id: I64b13aae80b15f6b7511a040f39467bca76186b8
Reviewed-on: http://gerrit.openafs.org/1322
Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Clean up the aklog get_cellconfig routine, so that it is no longer
reliant upon global variables.
* Tidy the handling of local_cell, and use dynamically allocated,
rather than fixed length buffers.
* Use the cell name contained within the afsconf_cell structure,
rather than a local copy
* Access linked cell information from afsconf_cell, rather than
explicitly returning it
* Don't use globals for linkedcell
Change-Id: I6ad42c70dcac7f285997be7c95a77dc67bf63679
Reviewed-on: http://gerrit.openafs.org/1321
Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
