Russ Allbery [Sat, 26 Dec 2015 00:45:40 +0000 (16:45 -0800)]
Clean up license notices and regenerate LICENSE
Use the Debian copyright-format 1.0 format for LICENSE. Fix up the
files that had unparseable license notices or ones with typos, and
add license notices to a few files that didn't have them.
Russ Allbery [Sat, 26 Dec 2015 00:18:14 +0000 (16:18 -0800)]
Remove strlcpy, strlcat, and strndup
These are no longer used by the utility library, so we don't have
to provide replacements for them. Also clean up a remaining build
rule for the concat test suite.
Russ Allbery [Sat, 26 Dec 2015 00:11:42 +0000 (16:11 -0800)]
Update to rra-c-util 5.9 and C TAP Harness 3.4
Update to rra-c-util 5.9:
* Add missing va_end to xasprintf implementation.
* Improve portability to Kerberos included in Solaris 10.
* Use appropriate warning flags with Clang (currently not warning clean).
* Use Lancaster Consensus environment variables to control tests.
* Use calloc or reallocarray for protection against integer overflows.
* Suppress warnings from Kerberos headers in non-system paths.
* Assume calloc initializes pointers to NULL.
* Assume free(NULL) is properly ignored.
* Improve error handling in xasprintf and xvasprintf.
* Check the return status of snprintf and vsnprintf properly.
* Preserve errno if snprintf fails in vasprintf replacement.
* Fix probing for Heimdal's libroken to work with older versions.
* Improve POD tests.
* Fix kafs compilation failure on Solaris 11 or later.
* Drop concat from the util library in favor of asprintf.
* Fail on any error in [bx]asprintf and [bx]vasprintf.
* Pass --deps to krb5-config in the non-reduced-dependencies case.
* Silence __attribute__ warnings on more compilers.
Update to C TAP Harness 3.4:
* Fix segfault in runtests with an empty test list.
* Display verbose test results with -v or C_TAP_VERBOSE.
* Support comments and blank lines in test lists.
* Check for integer overflow on memory allocations.
* Reopen standard input to /dev/null when running a test list.
* Don't leak extraneous file descriptors to tests.
* Suppress lazy plans and test summaries if the test failed with bail.
* runtests now treats the command line as a list of tests by default.
* The full test executable path can now be passed to runtests -o.
* Improved harness output for tests with lazy plans.
* Improved harness output to a terminal for some abort cases.
* Flush harness output after each test even when not on a terminal.
* Only use feature-test macros when requested or built with gcc -ansi.
* Drop is_double from the C TAP library to avoid requiring -lm.
* Avoid using local in the shell libtap.sh library.
* Silence __attribute__ warnings on more compilers.
* runtests now frees all allocated resources on exit.
Russ Allbery [Fri, 25 Dec 2015 22:46:00 +0000 (14:46 -0800)]
Retry initial authentication until it succeeds
For both k5start with a command or -K and no -x flag, and krenew with
the -i flag, repeatedly retry the initial authentication. The first
retry will be immediate, and then the commands will keep trying with
exponential backoff to one minute intervals, and then continuously at
one minute intervals until the command is killed or authentication
succeeds. k5start and krenew will no longer start any other command
until the initial authentication succeeds, fixing startup behavior
when running a command that must have valid Kerberos tickets
immediately on start. Based on a patch by Lars Hanke.
Add the -a option to k5start and krenew, which says to always try
to renew our tickets (and tokens, if -t) every time we wake up,
regardless of how much time is left on the tickets. This is useful if
you want to ensure that a certain amount of lifetime always exists
on the tickets, or if you want to ensure aklog gets run, even if
something else is keeping our tickets fresh.
Russ Allbery [Wed, 8 Jan 2014 00:23:44 +0000 (16:23 -0800)]
Make daemon test suite more robust
Extend delays, since authentication can take a while on a remote,
loaded network. Use better strategies for waiting for activity
than simple numeric delays. Fix the test count in k5start/daemon.
Russ Allbery [Wed, 8 Jan 2014 00:21:33 +0000 (16:21 -0800)]
Skip keyring tests if the resulting tickets disappear
MIT Kerberos doesn't cope well with UID session keyrings. It can
get tickets, but then the tickets disappear. Check for that and
skip the keyring tests if we're running into that problem.
k5start -K no longer exits if initial authentication fails
k5start, when run with the -K option to run as a daemon, no longer
exits if the initial authentication fails. Instead, it reports the
error to standard error and then continues to run, attempting
authentication every minute as if authentication had failed after it
had started. Patch from Rasmus Borup Hansen.
Shorten the wake-up period if there was an initial failure
If -i is given to krenew and the initial ticket renewal failed, start
with the shorter wake-up interval of one minute just as if a
subsequent renewal failed.
- The .spec file refers to version 3.16.
- SLED doesn't have krb5-libs; both SLED and RHEL seem fine with
Requires: krb5'.
- The %defattr lines cause some directory permissions problems.
Russ Allbery [Sun, 8 Jan 2012 03:49:59 +0000 (19:49 -0800)]
Shorten the wakeup interval on errors
When k5start or krenew are running as a daemon and obtaining new
tickets fails, both now shorten the wakeup interval to one minute and
keep trying at that interval until the error resolves itself, and then
go back to the normal wakeup interval.
Russ Allbery [Sun, 8 Jan 2012 02:37:26 +0000 (18:37 -0800)]
Add krenew -s option to SIGHUP the command on exit
Add a new -s option to krenew that, if given, tells krenew to send
SIGHUP to the command it's running when it exits because it can't
renew the ticket. This is useful when continuing to run the command
without a valid ticket would be pointless.
Russ Allbery [Sun, 8 Jan 2012 01:05:24 +0000 (17:05 -0800)]
Fix k5start -H with a cache for the wrong principal
Fix a regression introduced in kstart 4.0 where k5start -H would be
happy with an unexpired ticket for a different principal than the
desired client principal.
Russ Allbery [Thu, 5 Jan 2012 21:29:41 +0000 (13:29 -0800)]
Fix k5start -H and krenew -H with non-renewable tickets
Fix a regression introduced in kstart 4.0 that caused k5start -H and
krenew -H to fail and attempt reauthentication with non-renewable
tickets even if the lifetime was long enough. Thanks to pod for the
report.
Russ Allbery [Thu, 29 Dec 2011 22:16:08 +0000 (14:16 -0800)]
Always canonicalize the ticket cache name in k5start
Always canonicalize the ticket cache name in k5start before
propagating KRB5CCNAME to child processes. This combined with the
previous change allows -k to specify a ticket cache name that changes
once the cache is created, such as when creating new PIPE caches.
Russ Allbery [Thu, 29 Dec 2011 21:36:57 +0000 (13:36 -0800)]
Update documentation for recent changes
Document that -k can now be any cache identifier. Suggest -L with
-b in krenew as was done with k5start. Update the krenew -i
documentation for the current implementation. Add -i to the krenew
usage output. Remove the notes in k5start that -o, -g, and -m will
result in windows where the ticket cache is not accessible.
Russ Allbery [Thu, 29 Dec 2011 19:47:36 +0000 (11:47 -0800)]
Fix error reporting from ticket expiration checks
Don't report an error immediately when checking for ticket
expiration, since k5start doesn't want to report an error if the
ticket cache has gone away. It will just recreate it. Instead,
defer error reporting to the auth hook, where krenew can report
an error.
Russ Allbery [Thu, 29 Dec 2011 19:10:35 +0000 (11:10 -0800)]
Clean up ticket cache naming and permission handling
Ticket caches passed to k5start or krenew with the -k option are now
used as-is without prepending "FILE:". This allows both programs to
be used with non-file caches (unles the -o, -g, or -m options were
given to k5start, of course). However, users who were relying on
k5start or krenew prepending "FILE:" may now need to add this
explicitly to the -k argument if they want the ticket cache to be set
in the environment with that prefix.
k5start, when run with the -o, -g, or -m options to change ticket
cache ownership or permissions, now writes a temporary ticket cache in
the same directory, sets its ownership and permissions, and then
replaces the existing cache with an atomic rename. It also sets
permissions properly if it has to reauthenticate after backgrounding
itself. This closes two windows where the cache may not be accessible
to the program using it if k5start were in the middle of refreshing
it. Thanks to Harry Coin for the report.
Russ Allbery [Thu, 29 Dec 2011 08:02:49 +0000 (00:02 -0800)]
Add proper verification of -H and -K options
Copy the convert_number function from util/perms.c into framework.c
and use it in k5start and krenew to check the argument to -H and
-K. Add a test for error handling that currently only tests the
command-line option validation.
Russ Allbery [Thu, 29 Dec 2011 06:53:25 +0000 (22:53 -0800)]
Convert k5start to the new framework, fix error handling behavior
Convert k5start to use a shared framework with krenew, removing lots
of duplicate code. Fix error handling behavior so that k5start as a
daemon continues running even if it fails to obtain credentials.
Russ Allbery [Wed, 28 Dec 2011 19:42:27 +0000 (11:42 -0800)]
Rewrite krenew to use a new generic framework
The new framework will be used for both k5start and krenew and
refactors the common code between them, including the infrastructure
for running commands and running as a daemon.
Clean up handling of when to exit on errors. krenew now defaults
to remaining running if there's an error in contacting the KDC or
storing the new credentials, only exiting by default if the renewable
lifetime has expired or if the ticket cache has disappeared. -i can
still be used to keep it running in those cases as well. However,
without -i, it will always exit if the initial authentication fails.
krenew now removes any PID files that it writes on exit, and is better
about removing a copied ticket cache on exit.
Russ Allbery [Tue, 27 Dec 2011 18:15:54 +0000 (10:15 -0800)]
Remove k4start
Remove k4start from the distribution. I no longer have a Kerberos v4
environment with which to test and therefore no way to refactor and
restructure the code for other changes to the package. Users who
still need k4start should use an older version of the package.
Russ Allbery [Tue, 27 Dec 2011 17:57:48 +0000 (09:57 -0800)]
Update to rra-c-util 4.0
Update the included kafs library to the version from rra-c-util 4.0,
adding support for Mac OS X and Solaris 11.
* Build on systems where krb5/krb5.h exists but krb5.h does not.
* Build with OpenBSD Heimdal where there is no separate roken library.
* Kerberos probes no longer assume transitive library dependencies.
* Fix removal of /usr/include from Kerberos CPPFLAGS.
* Add notices to all files copied from rra-c-util.
* Fix replacement of krb5_free_error_message.
* Support older Heimdal with no-context krb5_get_init_creds_opt_free.
* Improve probe for krb5_kt_free_entry.
* Fix use of long long, where available, in replacement mkstemp.
* Include strings.h where present for more POSIX string functions.
* Use typedef for a missing sig_atomic_t.
* Avoid passing a NULL context to krb5_get_error_message.
* Fix integer data types in the messages utility library.
* Use configure-detected aklog path in the test suite.
* Add replacement for a missing strndup (such as on Mac OS X).
* Add tests for messages-krb5 utility functions.
* Update compiler warning flags for make warnings to gcc 4.6.1.
Russ Allbery [Tue, 27 Dec 2011 17:18:09 +0000 (09:18 -0800)]
Update to C TAP Harness 1.9
* Add a usage message and -h option to runtests.
* Honor -s and SOURCE in runtests even if BUILD is not set.
* Improve test summary at the end of a C test case.
* Flush stderr before printing TAP output.
* Improve portability of output functions in the shell libtap.sh.
* Add notices to all files copied from C TAP Harness.