Russ Allbery [Sun, 8 Jan 2012 03:49:59 +0000 (19:49 -0800)]
Shorten the wakeup interval on errors
When k5start or krenew are running as a daemon and obtaining new
tickets fails, both now shorten the wakeup interval to one minute and
keep trying at that interval until the error resolves itself, and then
go back to the normal wakeup interval.
Russ Allbery [Sun, 8 Jan 2012 02:37:26 +0000 (18:37 -0800)]
Add krenew -s option to SIGHUP the command on exit
Add a new -s option to krenew that, if given, tells krenew to send
SIGHUP to the command it's running when it exits because it can't
renew the ticket. This is useful when continuing to run the command
without a valid ticket would be pointless.
Russ Allbery [Sun, 8 Jan 2012 01:05:24 +0000 (17:05 -0800)]
Fix k5start -H with a cache for the wrong principal
Fix a regression introduced in kstart 4.0 where k5start -H would be
happy with an unexpired ticket for a different principal than the
desired client principal.
Russ Allbery [Thu, 5 Jan 2012 21:29:41 +0000 (13:29 -0800)]
Fix k5start -H and krenew -H with non-renewable tickets
Fix a regression introduced in kstart 4.0 that caused k5start -H and
krenew -H to fail and attempt reauthentication with non-renewable
tickets even if the lifetime was long enough. Thanks to pod for the
report.
Russ Allbery [Thu, 29 Dec 2011 22:16:08 +0000 (14:16 -0800)]
Always canonicalize the ticket cache name in k5start
Always canonicalize the ticket cache name in k5start before
propagating KRB5CCNAME to child processes. This combined with the
previous change allows -k to specify a ticket cache name that changes
once the cache is created, such as when creating new PIPE caches.
Russ Allbery [Thu, 29 Dec 2011 21:36:57 +0000 (13:36 -0800)]
Update documentation for recent changes
Document that -k can now be any cache identifier. Suggest -L with
-b in krenew as was done with k5start. Update the krenew -i
documentation for the current implementation. Add -i to the krenew
usage output. Remove the notes in k5start that -o, -g, and -m will
result in windows where the ticket cache is not accessible.
Russ Allbery [Thu, 29 Dec 2011 19:47:36 +0000 (11:47 -0800)]
Fix error reporting from ticket expiration checks
Don't report an error immediately when checking for ticket
expiration, since k5start doesn't want to report an error if the
ticket cache has gone away. It will just recreate it. Instead,
defer error reporting to the auth hook, where krenew can report
an error.
Russ Allbery [Thu, 29 Dec 2011 19:10:35 +0000 (11:10 -0800)]
Clean up ticket cache naming and permission handling
Ticket caches passed to k5start or krenew with the -k option are now
used as-is without prepending "FILE:". This allows both programs to
be used with non-file caches (unles the -o, -g, or -m options were
given to k5start, of course). However, users who were relying on
k5start or krenew prepending "FILE:" may now need to add this
explicitly to the -k argument if they want the ticket cache to be set
in the environment with that prefix.
k5start, when run with the -o, -g, or -m options to change ticket
cache ownership or permissions, now writes a temporary ticket cache in
the same directory, sets its ownership and permissions, and then
replaces the existing cache with an atomic rename. It also sets
permissions properly if it has to reauthenticate after backgrounding
itself. This closes two windows where the cache may not be accessible
to the program using it if k5start were in the middle of refreshing
it. Thanks to Harry Coin for the report.
Russ Allbery [Thu, 29 Dec 2011 08:02:49 +0000 (00:02 -0800)]
Add proper verification of -H and -K options
Copy the convert_number function from util/perms.c into framework.c
and use it in k5start and krenew to check the argument to -H and
-K. Add a test for error handling that currently only tests the
command-line option validation.
Russ Allbery [Thu, 29 Dec 2011 06:53:25 +0000 (22:53 -0800)]
Convert k5start to the new framework, fix error handling behavior
Convert k5start to use a shared framework with krenew, removing lots
of duplicate code. Fix error handling behavior so that k5start as a
daemon continues running even if it fails to obtain credentials.
Russ Allbery [Wed, 28 Dec 2011 19:42:27 +0000 (11:42 -0800)]
Rewrite krenew to use a new generic framework
The new framework will be used for both k5start and krenew and
refactors the common code between them, including the infrastructure
for running commands and running as a daemon.
Clean up handling of when to exit on errors. krenew now defaults
to remaining running if there's an error in contacting the KDC or
storing the new credentials, only exiting by default if the renewable
lifetime has expired or if the ticket cache has disappeared. -i can
still be used to keep it running in those cases as well. However,
without -i, it will always exit if the initial authentication fails.
krenew now removes any PID files that it writes on exit, and is better
about removing a copied ticket cache on exit.
Russ Allbery [Tue, 27 Dec 2011 18:15:54 +0000 (10:15 -0800)]
Remove k4start
Remove k4start from the distribution. I no longer have a Kerberos v4
environment with which to test and therefore no way to refactor and
restructure the code for other changes to the package. Users who
still need k4start should use an older version of the package.
Russ Allbery [Tue, 27 Dec 2011 17:57:48 +0000 (09:57 -0800)]
Update to rra-c-util 4.0
Update the included kafs library to the version from rra-c-util 4.0,
adding support for Mac OS X and Solaris 11.
* Build on systems where krb5/krb5.h exists but krb5.h does not.
* Build with OpenBSD Heimdal where there is no separate roken library.
* Kerberos probes no longer assume transitive library dependencies.
* Fix removal of /usr/include from Kerberos CPPFLAGS.
* Add notices to all files copied from rra-c-util.
* Fix replacement of krb5_free_error_message.
* Support older Heimdal with no-context krb5_get_init_creds_opt_free.
* Improve probe for krb5_kt_free_entry.
* Fix use of long long, where available, in replacement mkstemp.
* Include strings.h where present for more POSIX string functions.
* Use typedef for a missing sig_atomic_t.
* Avoid passing a NULL context to krb5_get_error_message.
* Fix integer data types in the messages utility library.
* Use configure-detected aklog path in the test suite.
* Add replacement for a missing strndup (such as on Mac OS X).
* Add tests for messages-krb5 utility functions.
* Update compiler warning flags for make warnings to gcc 4.6.1.
Russ Allbery [Tue, 27 Dec 2011 17:18:09 +0000 (09:18 -0800)]
Update to C TAP Harness 1.9
* Add a usage message and -h option to runtests.
* Honor -s and SOURCE in runtests even if BUILD is not set.
* Improve test summary at the end of a C test case.
* Flush stderr before printing TAP output.
* Improve portability of output functions in the shell libtap.sh.
* Add notices to all files copied from C TAP Harness.
Send an explicit SIGCHLD to the k5start job, and then run through
a SIGSTOP/SIGCONT cycle with some delays to ensure that the SIGCHLD
interruption was already seen. Enable the test by default.
Andy Cobaugh [Mon, 29 Mar 2010 22:35:30 +0000 (15:35 -0700)]
Update spec file for 3.16 and fix some problems
Update the RPM spec file to the 3.16 release. Use %{dist} in Release as
the old method of reading redhat-release doesn't work on distros like
centos and fedora. It also now correctly requires krb5-libs instead of
krb5-workstation.
Russ Allbery [Thu, 4 Feb 2010 00:55:41 +0000 (16:55 -0800)]
Reverse the direction of the krb5_free_unparsed_name probe
If krb5_xfree exists, use it, even if krb5_free_unparsed_name also exists.
This avoids a deprecation warning from Heimdal, which provides the latter
function but doesn't prefer it.
Russ Allbery [Thu, 4 Feb 2010 00:13:51 +0000 (16:13 -0800)]
Diagnose -U/-u/-i conflicts and use krb5_free_unparsed_name
Diagnose the nonsensical combination of -U and -u or -i options in
k5start and report an error rather than ignoring -u and appending the
instance from -i onto the principal obtained via -U.
Provide krb5_free_unparsed_name in terms of krb5_xfree for Heimdal.
Call krb5_free_unparsed_name to free the results of krb5_unparse_name
instead of just calling free. This probably will never matter on UNIX,
but it's correct coding style.
Russ Allbery [Thu, 4 Feb 2010 00:03:46 +0000 (16:03 -0800)]
Refactor Kerberos portability into a new portability layer
Move the #ifdefs out of the main code and instead provide a Kerberos
portability layer that exposes roughly the Heimdal API. Then call that
layer uniformly throughout the rest of the code.
Russ Allbery [Wed, 20 Jan 2010 01:34:31 +0000 (17:34 -0800)]
Skip the xmalloc tests unless RRA_MAINTAINER_TESTS is set
All of the failures in automated testing have been problems with the
assumptions around memory allocation or problems with the test suite, not
problems with the underlying xmalloc code.
Russ Allbery [Tue, 19 Jan 2010 04:33:43 +0000 (20:33 -0800)]
Update to rra-c-util 2.2
* Add GCC function attributes alloc_size, malloc, and nonnull.
* Use AC_TYPE_LONG_LONG_INT instead of AC_CHECK_TYPES([long long]).
Also split up util/util.h into separate header files for each set of
functions and add similar header files for the functions that are
unique to this package.
Add some missing krb5.h includes that were masked by includes in other
header files.
Russ Allbery [Tue, 19 Jan 2010 02:51:18 +0000 (18:51 -0800)]
Use a better test for how to get the realm
Now that I know about krb5_principal_get_realm, don't probe for the
krb5_realm type, just for that function. We assume that Heimdal has
that function; it looks like it's been there since around 0.4.
Russ Allbery [Tue, 19 Jan 2010 02:42:05 +0000 (18:42 -0800)]
Fix the test suite to pass with Heimdal user space
Heimdal's klist has a different output format. Update the horrible
regexes that parse the klist output to allow for either output format.
We should probably be building our own klist equivalent for testing.
Russ Allbery [Tue, 19 Jan 2010 02:19:50 +0000 (18:19 -0800)]
Avoid Heimdal functions marked as deprecated
Use krb5_principal_get_realm instead of krb5_princ_realm, which
also simplifies the logic. Add appropriate const markings.
Use krb5_get_init_creds_opt_alloc if available instead of using a
static structure and calling _opt_init. Always allocate new memory
for the krb5_get_init_creds_opt structure, even if _opt_alloc isn't
available, and store a pointer in the options struct instead of the
struct itself.
Russ Allbery [Tue, 19 Jan 2010 00:16:28 +0000 (16:16 -0800)]
Mention PAG support in -h output if compiled in
k5start and krenew now say, in -h output, if they will attempt to
create a new AFS PAG for commands run in combination with -t (enabled
by --enable-setpag), allowing one to determine whether that support
was compiled in.
Russ Allbery [Tue, 19 Jan 2010 00:12:03 +0000 (16:12 -0800)]
Define HAVE_KAFS if built with any sort of AFS support
AFS support may result in a wide variety of different #defines depending
on what's available, and kafs/kafs.h already untangles them. Export from
it a simple HAVE_KAFS define that's set only if some sort of AFS support
is available. This allows programs using it to, for instance, display
different help output based on whether AFS support is compiled in.
Russ Allbery [Tue, 5 Jan 2010 21:41:28 +0000 (13:41 -0800)]
Allow the argument to -k to start with FILE:
Allow the argument to -k to start with FILE: and strip off that prefix
to form the ticket cache name. -k still forces its argument to be a
file-based cache, however; FILE: is the only cache type designator
supported. Use the KRB5CCNAME environment variable for other ticket
cache types.
Russ Allbery [Tue, 5 Jan 2010 21:39:48 +0000 (13:39 -0800)]
Fix segfault when -o is used without -k in k5start
Correctly set the ticket cache path in k5start when the -k option was
not given, fixing a NULL pointer dereference when the -o, -g, or -m
options were given without -k.
Russ Allbery [Sat, 15 Aug 2009 21:05:46 +0000 (14:05 -0700)]
Clean up in the kafs test suite even if skipping everything
When AFS support isn't available or built, we were still creating
basic-output and basic-errors but not removing them. Fix that and
add -f to the rm commands so that they don't fail if the files
don't exist for some reason.