Luke Howard [Sat, 2 Apr 2011 06:41:44 +0000 (06:41 +0000)]
When doing S4U2Self for the anon principal, use the server realm
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24793
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Sat, 2 Apr 2011 06:41:31 +0000 (06:41 +0000)]
typo fix
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24792
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 1 Apr 2011 19:36:50 +0000 (19:36 +0000)]
Allow absolute paths for mechglue libraries. From r24736 in
users/lhoward/moonshot-mechglue/fixes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24781
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 1 Apr 2011 19:34:57 +0000 (19:34 +0000)]
Implement draft-josefsson-gss-capsulate
Add gss_encapsulate_token(), gss_decapsulate_token(), and
gss_oid_equal() APIs, which are already present in Heimdal and Shishi.
From r24737, r24738, and r24740 in
users/lhoward/moonshot-mechglue-fixes.
ticket: 6890
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24780
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 1 Apr 2011 18:38:10 +0000 (18:38 +0000)]
Fix a potential uninitialized free in prepare_error_as()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24779
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:56:46 +0000 (05:56 +0000)]
only reset greeting if provided attribute is urn:greet:greeting
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24776
dc483132-0cff-0310-8789-
dd5450dbe970
Luke Howard [Fri, 1 Apr 2011 05:56:33 +0000 (05:56 +0000)]
s4u2proxy_set_attribute should only return EPERM for its own attribute
Failure to do this breaks other attribute providers' set_attribute()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24775
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 29 Mar 2011 22:44:30 +0000 (22:44 +0000)]
In r21175 (on the mskrb branch, merged in r21690) the result codes for
password quality and other errors were accidentally reversed. Fix
them so that password quality errors generate a "soft" failure and
other errors generate a "hard" failure, as Heimdal and Microsoft do.
Also recognize KADM5_PASS_Q_GENERIC (added in 1.9) as a password
quality error.
ticket: 6888
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24755
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 29 Mar 2011 18:52:22 +0000 (18:52 +0000)]
In krb5_cc_move if something went wrong, free the dst credential cache
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24754
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 29 Mar 2011 16:22:05 +0000 (16:22 +0000)]
If the new configuration data that is passed to krb5_cc_set_config is NULL, just remove the old configuration.
Moved short krb5_cc_set_config usage example from krb5.hin into the separate file.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24753
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 29 Mar 2011 15:19:41 +0000 (15:19 +0000)]
Updated the documentation for the krb5_ error_message function family.
Created the directory doc/doxy_examples/ to hold examples used in the doxygen documentation.
Added usage example for the krb5_get/set/free_error_message functions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24752
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 29 Mar 2011 15:10:00 +0000 (15:10 +0000)]
Static function names should not have krb5_ prefix
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24751
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 28 Mar 2011 23:35:54 +0000 (23:35 +0000)]
Remove the weak key checks from the builtin rc4 enc provider. There
is no standards support for avoiding RC4 weak keys, so rejecting them
causes periodic failures. Heimdal and Microsoft do not check for weak
keys. Attacks based on these weak keys are probably thwarted by the
use of a confounder, and even if not, the reduction in work factor is
not terribly significant for 128-bit keys.
ticket: 6886
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24750
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 28 Mar 2011 17:05:54 +0000 (17:05 +0000)]
Use first principal in keytab when verifying creds
In krb5_verify_init_creds(), use the first principal in the keytab
to verify the credentials instead of the result of
krb5_sname_to_principal(). Also add tests.
ticket: 6887
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24749
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 28 Mar 2011 15:04:27 +0000 (15:04 +0000)]
Documentation update. Mostly related to _kt_ and _cc_ routines
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24748
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Mar 2011 15:50:06 +0000 (15:50 +0000)]
Fix a precedence error in g_make_token_header() which caused it to
write the wrong length when no token type is passed.
(From r24739 in users/lhoward/moonshot-mechglue-fixes.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24745
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Mar 2011 15:46:03 +0000 (15:46 +0000)]
Set better error messages when plugins fail to load.
(From r24741 in users/lhowards/moonshot-mechglue-fixes.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24744
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Mar 2011 01:24:42 +0000 (01:24 +0000)]
Fix DAL documentation to recommend using krb5_db_get_context() and
krb5_db_set_context() instead of directly accessing
context->dal_handle->db_context (which requires internal headers).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24743
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 19 Mar 2011 15:06:21 +0000 (15:06 +0000)]
Update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24730
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 18 Mar 2011 21:29:23 +0000 (21:29 +0000)]
Minor clean-up in krb5.hin
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24729
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 18 Mar 2011 20:48:06 +0000 (20:48 +0000)]
Move doxygen comments from source to header. Updated comments and added some usage examples.
Affected functions: krb5_cc_get_config, krb5_cc_set_config, krb5_is_config_principal
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24728
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 18 Mar 2011 19:12:33 +0000 (19:12 +0000)]
Reinstate the line wrapping of the copyright notice in krb5.hin, and
fix the format of the header comment.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24727
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 18 Mar 2011 18:16:32 +0000 (18:16 +0000)]
Added usage examples to the krb5_build_principal function family
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24726
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 18 Mar 2011 00:04:22 +0000 (00:04 +0000)]
Use a helper function to clarify prepare_error_as() in the KDC
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24725
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 17 Mar 2011 22:10:44 +0000 (22:10 +0000)]
KDC memory leak of reply padata for FAST replies
kdc_fast_response_handle_padata() replaces rep->padata, causing the
old value to be leaked. As a minimal fix, free the old value of
rep->padata before replacing it.
ticket: 6885
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24724
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 17 Mar 2011 22:08:22 +0000 (22:08 +0000)]
Don't leak the default realm name when initializing the default realm
in the KDC.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24723
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 17 Mar 2011 20:02:01 +0000 (20:02 +0000)]
KDC memory leak in FAST error path
When kdc_fast_handle_error() produces a FAST-encoded error, it puts it
into err->e_data and it never gets freed (since in the non-FAST case,
err->e_data contains aliased pointers). Fix this by storing the
encoded error in an output variable which is placed into the error's
e_data by the caller and then freed.
ticket: 6884
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24722
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 15 Mar 2011 21:47:19 +0000 (21:47 +0000)]
KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
Fix a double-free condition in the KDC that can occur during an
AS-REQ when PKINIT is enabled.
ticket: 6881
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24705
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 15 Mar 2011 19:02:32 +0000 (19:02 +0000)]
Remove the Yarrow copyright notice since the code is gone
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24704
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 14 Mar 2011 20:34:59 +0000 (20:34 +0000)]
Resolve a few miscellaneous warnings
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24703
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 14 Mar 2011 19:12:18 +0000 (19:12 +0000)]
Remove two headers accidentally left behind in r24677
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24702
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Mar 2011 17:53:18 +0000 (17:53 +0000)]
Although it can't actually happen, make it more explicit that we won't
dereference a null mech in the cleanup handler of the mechglue's
gss_accept_sec_context.
ticket: 6813
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24701
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Mar 2011 17:47:21 +0000 (17:47 +0000)]
Fix NSS PBKDF2 in the v4 salt (i.e. empty salt) case
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24700
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Mar 2011 04:20:17 +0000 (04:20 +0000)]
Move the des and AFS string-to-key implementations into lib/crypto/krb,
since they aren't standard crypto primitives. Revise the module SPI
accordingly. Add tests for AFS string-to-key to t_str2key.c to replace
the ones in the (now defunct) t_afss2k.c.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24699
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 11 Mar 2011 04:17:42 +0000 (04:17 +0000)]
Fix a couple of key import modes in the NSS module, although they don't
seem to matter a lot.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24698
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Mar 2011 21:50:47 +0000 (21:50 +0000)]
Remove ser_eblk.c, which has been unused since r11001 (October 1998)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24697
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Mar 2011 21:47:51 +0000 (21:47 +0000)]
Add one-line descriptions in the filename comments to prototype.[ch]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24696
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Mar 2011 21:46:07 +0000 (21:46 +0000)]
Adjust most C source files to match the new standards for copyright
and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Mar 2011 21:42:08 +0000 (21:42 +0000)]
Add a script and Makefile target to check for violations of the
recently added standards for copyright and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24694
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 8 Mar 2011 20:53:55 +0000 (20:53 +0000)]
Fix a memory leak independently found by Tim Pozdeev and Arlene Berry
This change should be pulled up to the 1.8 and 1.7 branches as well.
ticket: 6844
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24693
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 8 Mar 2011 19:34:31 +0000 (19:34 +0000)]
SPNEGO's accept_sec_context and init_sec_context produce a null context
on error, so it needs to silently succeed when deleting a null context.
It was instead passing the null context along to the mechglue which
would produce an error, causing a leak of the mechglue's union context
wrapper. Reported by aberry@likewise.com.
ticket: 6863
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24692
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 8 Mar 2011 17:22:20 +0000 (17:22 +0000)]
prototype/getopt.c hasn't been updated in quite some time and we don't
really need it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24691
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Mar 2011 16:33:47 +0000 (16:33 +0000)]
Update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24690
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Mar 2011 13:30:35 +0000 (13:30 +0000)]
Fix up signed/unsigned warnings in this directory. There are still
a few more - but these were the obvious ones.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24689
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Mar 2011 13:29:54 +0000 (13:29 +0000)]
Clean up memory leaks at end of program. No leaks now on success
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24688
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Mar 2011 13:29:05 +0000 (13:29 +0000)]
On make clean remove test programs and object files. In lib/krb5/krb
make depend as a test program was missed from the source list.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24687
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 19:16:28 +0000 (19:16 +0000)]
Add test vectors from RFC 3961 for DES and DES3 to t_str2key.c. Fix
OpenSSL module handling of salts in its DES string-to-key.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24686
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 5 Mar 2011 17:37:21 +0000 (17:37 +0000)]
Add test script for user2user programs
Simple test programs to make sure that user2user functions.
ticket: 6878
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24685
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 5 Mar 2011 15:56:33 +0000 (15:56 +0000)]
Include crypto_int.h for mit_des_fixup_key_parity prototype
Cleanup signed/unsigned warnings.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24684
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 14:33:37 +0000 (14:33 +0000)]
Fix a conceptual (but not practical) type mismatch in the OpenSSL
module's mit_des_fixup_key_parity resulting from r24677.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24683
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 14:00:38 +0000 (14:00 +0000)]
Make enc provider free_state function return void
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24682
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 13:51:00 +0000 (13:51 +0000)]
Remove the init_state and free_state enctype functions and go back to
always delegating state to the enc provider. (We needed enctype-
specific state initialization for CCM enctypes when we had them.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24681
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 13:36:53 +0000 (13:36 +0000)]
Move t_cf2 from lib/crypto/builtin to lib/crypto/crypto_tests, as it
is not specific to the builtin module.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24680
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 13:31:02 +0000 (13:31 +0000)]
Flatten lib/crypto/krb, as its seven subdirectories only contained a
few source file each (often only 1-2).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24679
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 3 Mar 2011 15:21:11 +0000 (15:21 +0000)]
Fix SHA-256 on big-endian platforms
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24678
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 2 Mar 2011 05:29:29 +0000 (05:29 +0000)]
Consolidate almost all lib/crypto/krb headers into a single
crypto_int.h. In that header, define and document responsibilities
for crypto modules, some of which are satisfied through a
module-specific crypto_mod.h. In the OpenSSL and NSS modules, remove
many of the headers and sources providing functionality which isn't
needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and
SHA-1 hashing, as well as DES weak key testing). Change most
Makefile.ins to only include headers from lib/crypto/krb and
lib/crypto/$(CRYPTO_IMPL), instead of from many different directories.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24677
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 2 Mar 2011 01:48:10 +0000 (01:48 +0000)]
Remove some declarations from kdc_preauth.c which are no longer needed
after r24403.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24676
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 2 Mar 2011 00:08:14 +0000 (00:08 +0000)]
In export-check.pl, display a better error if there are duplicate
symbols in the export list.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24675
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 28 Feb 2011 23:57:56 +0000 (23:57 +0000)]
Simplify lib/crypto/krb/arcfour in the wake of r23444. Move the
contents of arcfour_aead.c into arcfour.c, turn the key derivation
helper functions into static functions, and eliminate arcfour-int.h.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24673
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 28 Feb 2011 20:56:02 +0000 (20:56 +0000)]
Use the hash provider interface in krb5int_arcfour_string_to_key so
that we don't need a direct interface to MD4 in the crypto modules.
Also clean up the code a bit.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24672
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 27 Feb 2011 19:08:14 +0000 (19:08 +0000)]
Reference random-to-key handlers through the enctype instead of the
enc_provider, for consistency with string-to-key and the place of
implementation (other enc_provider functions are implemented in the
back end, but random-to-key handlers are in krb). Use a single
handler for non-DES/DES3 enctypes since it's always just directly
copying the bits. Collapse the three implementations (des, des3, and
direct) into random_to_key.c, as they're very short, and eliminate the
lib/crypto/krb/rand2key directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24669
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 27 Feb 2011 18:57:14 +0000 (18:57 +0000)]
Remove nonexistent aes_ctr from object and source file lists in
lib/crypto/openssl/enc_provider/Makefile.in.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24668
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 27 Feb 2011 02:35:04 +0000 (02:35 +0000)]
Make sure ulog_map() is invoked whenever we open the database in
kdb5_util. Fixes all of the master key rollover commands in the
presence of iprop. Reported by kacarstensen@csupomona.edu.
ticket: 6875
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24667
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 19:53:04 +0000 (19:53 +0000)]
Namespace-protect SHA-256 symbols. Build SHA-256 code independently of
whether Fortuna was selected.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24666
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 19:51:44 +0000 (19:51 +0000)]
Add Fortuna test program to file list for dependency generation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24665
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 19:29:23 +0000 (19:29 +0000)]
Add a non-default PRNG module which just retrieves entropy from
/dev/urandom without any cryptographic post-processing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24664
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 19:28:13 +0000 (19:28 +0000)]
Remove some unnecessary includes from prng_fortuna.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24663
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 17:30:37 +0000 (17:30 +0000)]
Make depend
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 17:23:54 +0000 (17:23 +0000)]
Now that all PRNG modules fit nicely into a single source file,
simplify the PRNG abstraction, flattening the implementations into
crypto/krb and removing the indirection through function pointers.
Move the guts of the NSS PRNG implementation into the nss subdir so
that crypto/krb doesn't need to be built with CRYPTO_IMPL_CFLAGS.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24661
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 15:05:38 +0000 (15:05 +0000)]
Remove Yarrow PRNG implementation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24660
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 15:04:49 +0000 (15:04 +0000)]
A couple more Windows build system adjustments for Fortuna as default
PRNG.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24659
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 14:28:20 +0000 (14:28 +0000)]
Add a stubs file missing from r24656
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24658
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 14:27:06 +0000 (14:27 +0000)]
Make Fortuna the default PRNG for the Windows build
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24657
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Feb 2011 18:18:11 +0000 (18:18 +0000)]
Unbreak the OpenSSL and NSS crypto builds in the wake of r24652
(Fortuna as default PRNG), and remove some unnecessary related files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24656
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Feb 2011 16:13:58 +0000 (16:13 +0000)]
Fix dangling Makefile reference after r24652
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24655
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Feb 2011 10:00:12 +0000 (10:00 +0000)]
Make depend
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24654
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Feb 2011 09:59:22 +0000 (09:59 +0000)]
Make Fortuna the default PRNG algorithm
ticket: 6874
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24653
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Feb 2011 09:58:45 +0000 (09:58 +0000)]
Fortuna as default PRNG
Rewrite prng_fortuna.c to much more closely match the description of
Fortuna in chapter 9 of Cryptography Engineering. Add a facility to
get OS entropy and implement it for Unix and Windows (not yet tested
on Windows) to replace prng/fortuna/entropy.c. Rewrite the test
harness to always ensure stable output and perform a statistical test
on the predictable internal state resulting from the stable-output
tests.
ticket: 6874
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24652
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 23 Feb 2011 18:14:11 +0000 (18:14 +0000)]
Remember to free the result of getaddrinfo() in the new sendto_kdc
code.
ticket: 6868
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24651
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 23 Feb 2011 11:38:33 +0000 (11:38 +0000)]
Fix memory leak in t_expire_warn
Free context. Allows one to look for new leaks introduced in other
pathways.
ticket: 6872
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24650
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 22 Feb 2011 21:06:23 +0000 (21:06 +0000)]
Fix a memory leak introduced in r23926 where k_cred was not freed on
successful return from kg_new_connection(). Reported by Julien
Chaffraix.
ticket: 6800
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24646
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 22 Feb 2011 20:30:24 +0000 (20:30 +0000)]
Don't leak the mechanism internal context when we get an error in the
mechglue's gss_accept_sec_context.
From aberry@likewise.com.
ticket: 6813
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24645
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 22 Feb 2011 17:08:54 +0000 (17:08 +0000)]
Delete kinit_kdb.o in make clean
ticket: 6871
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24644
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 18 Feb 2011 15:06:57 +0000 (15:06 +0000)]
Fix a conceptual bug in r24639: the intermediate key container length
should be the hash's output size, not its block size. (The bug did
not show up in testing because it is harmless in practice; MD5 has a
larger block size than output size.)
ticket: 6869
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24641
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Feb 2011 23:34:37 +0000 (23:34 +0000)]
Don't reject AP-REQs based on PACs
Experience has shown that it was a mistake to fail AP-REQ verification
based on failure to verify the signature of PAC authdata contained in
the ticket. We've had two rounds of interoperability issues with the
hmac-md5 checksum code, an interoperability issue OSX generating
unsigned PACs, and another problem where PACs are copied by older KDCs
from a cross-realm TGT into the service ticket. If a PAC signature
cannot be verified, just don't mark it as verified and continue on
with the AP exchange.
ticket: 6870
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24640
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Feb 2011 22:52:41 +0000 (22:52 +0000)]
hmac-md5 checksum doesn't work with DES keys
krb5int_hmacmd5_checksum calculates an intermediate key using an HMAC.
The container for this key should be allocated using the HMAC output
size (which is the hash blocksize), not the original key size. This
bug was causing the function to fail with DES keys, which can be used
with hmac-md5 in PAC signatures.
ticket: 6869
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24639
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 14 Feb 2011 00:13:17 +0000 (00:13 +0000)]
In kg_acceptor_princ, make Coverity happy by using a different test to
determine if we should set (*princ_out)->type.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24638
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Feb 2011 22:36:13 +0000 (22:36 +0000)]
In kadm5_rename_principal, fix an oversight which would cause errors
from krb5_principal2salt_norealm to be ignored.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24637
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Feb 2011 21:14:43 +0000 (21:14 +0000)]
Untabify trace.c (tabs crept in when the file was created)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24636
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Feb 2011 21:14:00 +0000 (21:14 +0000)]
Defer hostname lookups in krb5_sendto_kdc
Restructure the locate_kdc and sendto_kdc code to defer getaddrinfo
calls until we need the answer. This requires many changes:
* struct addrlist is now called struct serverlist, and is declared in
os-proto.h instead of k5-int.h. It contains an array of struct
server_entry structures which can hold either a name or an address.
(Address entries are used for locate_kdc module results.)
* The connection state list is now a linked list, and holds address
information directly instead of using a struct addrinfo (this
simplifies memory management). Each connection entry contains a
callback buffer (previously stored in a separate array) and an index
into the server list.
* The {addrstate} trace formatting primitive is no longer needed, and
has been replaced by {connstate}. There is also a new tracing event
for resolving hostnames.
* locate_server, locate_kdc, free_serverlist, and sendto get their
prefixes changed from krb5int_ to k5_ as their prototypes were being
adjusted anyway. The family argument is gone from the locate
functions as it was never productively used. k5_sendto now receives
the socket types of interest.
* krb5_sendto_kdc will now pass a 0 socktype to k5_locate_kdc if both
socket types are wanted. There were some allowances for this in
locate but this was never previously done. In order to be
conservative when invoking locate modules, we always pass an
explicit socktype, thus calling lookup twice (as we did before,
albeit with a separate init/fini cycle) in the common case. When
creating hostname entries in serverlist from profile configuration,
we preserve the 0 value of socktype, and later create both TCP and
UDP addresses from the getaddrinfo results when the host is
resolved.
* Some accessor functions previously used by libkrb4 have been removed
as they impinged upon this work.
ticket: 6868
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24635
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Feb 2011 19:12:36 +0000 (19:12 +0000)]
Trace logging file descriptor leak
File descriptors created for trace logging were never being closed.
With short-lived contexts this leak would eventually overflow the
process's file table. Correct this oversight by closing the file
descriptor in file_trace_cb before freeing its container.
ticket: 6867
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24634
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Feb 2011 18:48:06 +0000 (18:48 +0000)]
Reposition a trace call which was dereferencing freed memory after
r24616.
ticket: 6855
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24633
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 9 Feb 2011 20:25:08 +0000 (20:25 +0000)]
KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
[CVE-2011-0281 CVE-2011-0282] Fix some LDAP back end principal name
handling that could cause the KDC to hang or crash.
[CVE-2011-0283] Fix a KDC null pointer dereference introduced in krb5-1.9.
ticket: 6860
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24622
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 9 Feb 2011 20:25:03 +0000 (20:25 +0000)]
kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
When operating in standalone mode and not doing iprop, don't return
from do_standalone() if the child exits with abnormal status.
ticket: 6859
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24621
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Feb 2011 04:59:38 +0000 (04:59 +0000)]
Add missing KRB5_USE_INET6 ifdefs around some bits of IPv6 code which
didn't have them. From aberry@likewise.com.
ticket: 6857
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24620
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Feb 2011 04:46:46 +0000 (04:46 +0000)]
Assume ELF on FreeBSD if objformat doesn't exist
If /usr/bin/objformat doesn't exist on a FreeBSD system, it could
indicate a pre-3.0 a.out version or a post-7.0 ELF version. Since
FreeBSD 3.0 is now twelve years old, it's safer to assume ELF than
a.out.
From aberry@likewise.com.
ticket: 6858
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24619
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 8 Feb 2011 22:31:10 +0000 (22:31 +0000)]
Fix seg faulting trace log message for use of fallback realm
The call to TRACE_TKT_CREDS_FALLBACK in get_creds.c was supplying the
wrong argument, causing a crash.
ticket: 6856
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24618
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 8 Feb 2011 21:25:21 +0000 (21:25 +0000)]
Set JAVADOC_AUTOBRIEF to YES to allow Doxygen interpret the first line of a JavaDoc-style comment as the brief description.
Also, minor argument name fix in krb5.hin
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24617
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 7 Feb 2011 18:40:00 +0000 (18:40 +0000)]
Improve acceptor name flexibility
Be more flexible about the principal names we will accept for a given
GSS acceptor name. Also add support for a new libdefaults profile
variable ignore_acceptor_hostname, which causes the hostnames of
host-based service principals to be ignored when passed by server
applications as acceptor names.
Note that we still always invoke krb5_sname_to_principal() when
importing a gss-krb5 mechanism name, even though we won't always use
the result. This is an unfortunate waste of getaddrinfo/getnameinfo
queries in some situations, but the code surgery necessary to defer
it appears too risky at this time.
The project proposal for this change is at:
http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names
ticket: 6855
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24616
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 7 Feb 2011 17:06:44 +0000 (17:06 +0000)]
Add "make doxugen" option to generate doxygen output
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24615
dc483132-0cff-0310-8789-
dd5450dbe970