Russ Allbery [Mon, 25 Dec 2023 22:25:11 +0000 (14:25 -0800)]
Make xmalloc diagnostic suppression conditional
It looks like -Wuse-after-free was added in GCC 12, although it
doesn't appear in the changes. Make suppressing diagnostics about
it in util/xmalloc.c conditional on that version to avoid problems
on GitHub CI with an older GCC version.
Russ Allbery [Mon, 25 Dec 2023 21:22:35 +0000 (13:22 -0800)]
Fix make-c-data for Const::Fast
The change from Readonly to Const::Fast broke make-c-data because
of how it was using a hash of flags. Use exists explicitly so that
it still works with a read-only hash.
Russ Allbery [Mon, 25 Dec 2023 21:21:27 +0000 (13:21 -0800)]
Disable Clang -Wunsafe-buffer-usage
This new warning flag is designed for C++ code where it is now
possible to never use raw C pointers to manipulate buffers. C code
still requires this, so it should be disabled.
Russ Allbery [Mon, 25 Dec 2023 19:59:59 +0000 (11:59 -0800)]
Update to rra-c-util 10.5
* Assume a working snprintf rather than supplying a replacement.
* Fix detection of reallocarray on NetBSD.
* Check that Kerberos header files were found during configure.
* Use AS_ECHO in all Autoconf macros.
* Always use lib32 or lib64 if it exists, even on Debian.
* Fix rejection of unknown Clang warning flags.
* Disable -Wreserved-identifier for Clang warning builds.
Reformat and restructure Perl code for new perlcritic and perltidy
rules.
heimdal-history now requires the Perl modules Const::Fast and
JSON::MaybeXS instead of Readonly and JSON.
Russ Allbery [Sun, 17 May 2020 02:41:15 +0000 (19:41 -0700)]
Increase iterations for history hashing
Increase hash iterations for heimdal-history by roughly a factor of
four to increase the time required for a password hash to about 0.1
seconds on modern hardware. This will affect newly-stored history
entries but will not invalidate existing password history entries.
Russ Allbery [Sun, 17 May 2020 02:24:53 +0000 (19:24 -0700)]
Add new --check-only option to heimdal-history
Add new -c (--check-only) option to heimdal-history to check whether a
password would be accepted without updating the history or password
length databases. Based on work by macrotex.
Russ Allbery [Sun, 17 May 2020 01:02:25 +0000 (18:02 -0700)]
Remove initializations older cppcheck doesn't like
Current cppcheck is better about ignoring initializations that
don't matter, but the older version running on GitHub Actions
complaints. Fix a couple of those initializations to fix tests.
Russ Allbery [Sun, 17 May 2020 00:59:23 +0000 (17:59 -0700)]
Fix tests when built with system CrackLib
Skip tests that require the stronger rule configuration in the
embedded CrackLib when built against system CrackLib. This avoids
test failures when built with system CrackLib.
Russ Allbery [Sat, 16 May 2020 23:40:36 +0000 (16:40 -0700)]
Rework valgrind testing
Rework the check-valgrind target to use the new C TAP Harness valgrind
support and automatically check the valgrind log files for errors at
the end of the test suite.
Russ Allbery [Sat, 16 May 2020 22:42:42 +0000 (15:42 -0700)]
Use explicit_bzero to overwrite passwords
Use explicit_bzero instead of memset, where available, to overwrite
copies of passwords before freeing memory. This reduces the lifetime
of passwords in memory.
Russ Allbery [Sat, 16 May 2020 21:59:09 +0000 (14:59 -0700)]
Do not install libtest-spelling-perl for CI
Installing the libtest-spelling-perl package also installs
libperl-critic-perl, and although we later install a newer version,
Perl::Critic dynamically picks up all of its policy modules. This
means that installing the Ubuntu package will install obsolete
policy modules that will then be run during the test suite, causing
spurious failures.
Russ Allbery [Sat, 16 May 2020 20:34:17 +0000 (13:34 -0700)]
Update to rra-c-util 8.2 and C TAP Harness 4.7
Update to rra-c-util 8.2:
* Implement explicit_bzero with memset if it is not available.
* Reformat all C source using clang-format 10.
* Work around Test::Strict not skipping .git directories.
* Fix warnings with perltidy 20190601 and Perl::Critic 1.134.
* Improve check for obsolete strings.
* Use a more standard all-permissive license.
* Add SPDX-License-Identifier headers to all substantial source files.
* Skip more build system files when running the test suite.
* Fix warnings with Clang 10, GCC 10, and the Clang static analyzer.
* Exclude more valgrind false positives with Kerberos libraries.
Update to C TAP Harness 4.7:
* Fix warnings with GCC 10.
* Reformat all C source using clang-format 10.
* Fixed malloc error checking in bstrndup.
* Add support for valgrind testing via test list options.
* Report test failures as left and right, not wanted and seen.
* Fix is_string comparisons involving NULL pointers and "(null)".
* Add SPDX-License-Identifier headers to all substantial source files.
Russ Allbery [Mon, 22 May 2017 02:35:52 +0000 (19:35 -0700)]
Support building without CrackLib support
Support building without CrackLib support by passing
--without-cracklib to configure. This makes the code a bit simpler
and lighter if you don't intend to ever use the CrackLib support.
Russ Allbery [Mon, 19 Dec 2016 02:58:34 +0000 (18:58 -0800)]
Handle errors in heimdal-strength tests better
In Travis CI, the heimdal-strength test was failing with a broken
pipe. Apparently the timing was such that the child process would
exit with an error before IPC::Run could try to write the input,
and then IPC::Run would die with a broken pipe. Work around this
by allowing a flag to be passed to run_heimdal_strength saying whether
to expect an error, and don't send input in that case.
Russ Allbery [Sat, 26 Nov 2016 07:02:05 +0000 (23:02 -0800)]
Move configuration instructions to man pages
Create a new krb5-strength man page that gets the configuration
instructions for the plugins (with the proper path substituted in
by the Makefile) and move other configuration details to the
heimdal-strength and heimdal-history man pages. Duplicate the
documentation for cracklib_maxlen in the heimdal-strength man page.
This will make it easier to automate generation of the README file,
since it will now require less complex formatting.
Russ Allbery [Mon, 7 Nov 2016 06:23:13 +0000 (22:23 -0800)]
Fix some sorting bugs in embedded CrackLib
Patch the mkdict and packer in the embedded copy of CrackLib to force
C locale when sorting (avoiding a corrupted dictionary) and warn and
skip out-of-order words rather than creating a corrupted dictionary.
Patch from Mark Sirota.
Russ Allbery [Mon, 7 Nov 2016 02:27:57 +0000 (18:27 -0800)]
Update to rra-c-util 5.7 and C TAP Harness 4.1
Update to rra-c-util 6.2:
* Use calloc in preference to malloc wherever appropriate.
* Use reallocarray in preference to realloc wherever appropriate.
* Suppress warnings from Kerberos headers under make warnings.
* Support the embedded Kerberos in Solaris 10 in library probes.
* Add missing va_end in xasprintf implementation.
* Fix logic in Test::RRA::Automake for new Automake dist checking.
* Fix all return-value checks for snprintf to avoid off-by-one error.
* Update warning flags for make warnings to GCC 6.1.0.
* Fix Test::RRA::Config for new "do" semantics in Perl 5.22.2.
* Add a new test for obsolete eyrie.org URLs.
* Require Test::Strict 0.25 or newer for Perl strictness checks.
Update to C TAP Harness 4.1:
* Replace all remaining uses of sprintf.
* Test lists may now have comments and blank lines.
* runtests -v will show the complete output from a test.
* Fix segfault in runtests when given an empty test list.
* Tests use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
Jorj Bauer [Sun, 6 Nov 2016 23:08:57 +0000 (15:08 -0800)]
Add option to bypass CrackLib for longer passwords
Add a trapdoor length, after which cracklib doesn't function. This is
done via a cracklib_maxlen option to krb5.conf. passwords of that length
or shorter are still vetted. (0, the default, performs the cracklib
fascist check at any length.)
CrackLib was designed to work with passwords, when passwords were 5-8
characters long. CrackLib makes working with passphrases difficult,
rejecting some good ones. The SQLite dictionary can be seeded with
Engligh trigrams, providing a compensating control. Ergo, CrackLib
shouldn't be vetting passphrases; we should leave that to SQLite.
Russ Allbery [Wed, 19 Oct 2016 16:12:30 +0000 (09:12 -0700)]
Double buffer size in Mangle to allow for duplicate rules
No duplicating rules are enabled for the default rule set that is
run by the krb5-strength package, but close the latent security
vulnerability anyway.
Russ Allbery [Thu, 15 May 2014 05:03:42 +0000 (22:03 -0700)]
Fix heimdal-history with the default DB_File::Lock
Change the DB_File::Lock calling method in heimdal-history to work
properly with the (buggy) CPAN version of DB_File::Lock, instead of
relying on Debian's patched version. Thanks to Bernt Jernberg for the
report.
Russ Allbery [Thu, 27 Mar 2014 19:58:58 +0000 (12:58 -0700)]
Begin error messages with a capital letter
Change the error messages returned for passwords that fail strength
checking to start with a capital letter. This appears to be more
consistent with the error message conventions used inside Heimdal.
Russ Allbery [Wed, 26 Mar 2014 03:58:30 +0000 (20:58 -0700)]
Stick to SQLite interfaces in 3.7
Use sqlite3_close instead of sqlite3_close_v2. We don't need the
new semantics of sqlite3_close_v2. Also use sqlite3_errmsg instead
of sqlite3_errstr, which actually appears to be better, assuming it
works as documented.
Russ Allbery [Tue, 25 Mar 2014 20:06:37 +0000 (13:06 -0700)]
Refactor krb5-strength-wordlist
Separate the filter construction into a separate function and use
a hash for command-line arguments to make perlcritic happier with
the complexity of the main routine.