Tom Yu [Tue, 20 Jul 2010 22:28:35 +0000 (22:28 +0000)]
pull up r24137 from trunk
------------------------------------------------------------------------
r24137 | ghudson | 2010-06-14 16:46:27 -0400 (Mon, 14 Jun 2010) | 7 lines
ticket: 6738
target_version: 1.8.3
tags: pullup
In PKINIT, notice if DH_compute_key() returns a value less than the
buffer size, and pad it on the left if so.
ticket: 6738
version_fixed: 1.8.3
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24194
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 10 Jun 2010 21:14:34 +0000 (21:14 +0000)]
pull up r24123 from trunk
------------------------------------------------------------------------
r24123 | ghudson | 2010-06-08 14:18:03 -0400 (Tue, 08 Jun 2010) | 11 lines
ticket: 6740
subject: kadmin ktadd may display wrong name of default keytab
target_version: 1.8.2
tags: pullup
kadmin's ktadd (and ktrem) displays WRFILE:/etc/krb5.keytab whenever
it uses the default keytab, even if the default has been overridden
(e.g. by KRB5_KTNAME). Use krb5_kt_get_name to get the correct name
of the default cache instead of displaying the string we think was
used to open it.
ticket: 6740
version_fixed: 1.8.3
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24131
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 10 Jun 2010 21:14:26 +0000 (21:14 +0000)]
pull up r24120, r24121 from trunk
------------------------------------------------------------------------
r24120 | ghudson | 2010-06-08 12:14:24 -0400 (Tue, 08 Jun 2010) | 12 lines
ticket: 6739
target_version: 1.8.2
tags: pullup
Stop checking the current time against the context expiration time in
the message wrap/unwrap functions in the krb5 GSS mech. Heimdal
doesn't do it, and it generally results in poor app behavior when a
ticket expires. In exchange, it doesn't provide much security benefit
since it's not enforced across the board--for example, ssh sessions
can persist beyond ticket expiration time since they don't use GSS to
wrap payload data.
ticket: 6739
version_fixed: 1.8.3
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24130
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 10 Jun 2010 18:29:35 +0000 (18:29 +0000)]
krb5-1.8.2-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24129
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 10 Jun 2010 18:14:11 +0000 (18:14 +0000)]
README and patchlevel for krb5-1.8.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24127
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 May 2010 23:00:02 +0000 (23:00 +0000)]
krb5-1.8.2-beta1-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24114
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 May 2010 22:55:45 +0000 (22:55 +0000)]
README and patchlevel.h for krb5-1.8.2-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24112
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 May 2010 18:41:45 +0000 (18:41 +0000)]
pull up r24102 from trunk
------------------------------------------------------------------------
r24102 | ghudson | 2010-05-24 22:44:45 -0400 (Mon, 24 May 2010) | 11 lines
ticket: 6734
subject: FAST negotiation could erroneously succeed
target_version: 1.8.2
tags: pullup
When FAST negotiation is performed against an older KDC
(rep->enc_part2->flags & TKT_FLG_ENC_PA_REP not set),
krb5int_fast_verify_nego did not set the value of *fast_avail, causing
stack garbage to be used in init_creds_step_reply. Initialize
*fast_avail at the beginning of the function per coding practices.
ticket: 6734
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24111
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 20 May 2010 22:57:53 +0000 (22:57 +0000)]
pull up r24074 from trunk
------------------------------------------------------------------------
r24074 | tlyu | 2010-05-20 16:42:26 -0400 (Thu, 20 May 2010) | 11 lines
ticket: 6730
subject: kdc_tcp_ports not documented in kdc.conf.M
target_version: 1.8.2
tags: pullup
The kdc.conf setting kdc_tcp_ports was not documented in kdc.conf.M,
though it was documented in doc/admin.texinfo. Copy text from there
for now. The setting defaults to an empty string at the moment,
causing the KDC to not listen on TCP by default, confusing some users.
Changing this behavior is a separate issue.
ticket: 6730
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24077
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 20 May 2010 22:57:50 +0000 (22:57 +0000)]
pull up r24075 from trunk
------------------------------------------------------------------------
r24075 | tlyu | 2010-05-20 17:32:47 -0400 (Thu, 20 May 2010) | 8 lines
ticket: 6726
target_version: 1.8.2
tags: pullup
Apply patch from Arlene Berry to detect and ignore a duplicate
mechanism token sent in the mechListMIC field, such as sent by Windows
2000 Server.
ticket: 6726
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24076
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 20 May 2010 20:41:16 +0000 (20:41 +0000)]
pull up r24055 from trunk
------------------------------------------------------------------------
r24055 | ghudson | 2010-05-18 13:19:15 -0400 (Tue, 18 May 2010) | 6 lines
ticket: 6562
When parsing a KDC or admin server string, allow the name or address
to be enclosed in brackets so that IPv6 addresses can be represented.
(IPv6 addresses contain colons, which look like port separators.)
ticket: 6562
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24073
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 May 2010 18:52:54 +0000 (18:52 +0000)]
pull up r24056 from trunk
------------------------------------------------------------------------
r24056 | tlyu | 2010-05-19 14:09:37 -0400 (Wed, 19 May 2010) | 8 lines
ticket: 6725
subject: CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
tags: pullup
target_version: 1.8.2
Make krb5_gss_accept_sec_context() check for a null authenticator
checksum pointer before attempting to dereference it.
ticket: 6725
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24063
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 May 2010 18:52:49 +0000 (18:52 +0000)]
pull up r24020 from trunk
------------------------------------------------------------------------
r24020 | ghudson | 2010-05-13 14:49:20 -0400 (Thu, 13 May 2010) | 8 lines
ticket: 6722
subject: Error handling bug in krb5_init_creds_init()
tags: pullup
target_version: 1.8.2
Fix a bug in krb5_init_creds_init() where a freed context could be
returned to the caller in certain error cases.
ticket: 6722
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24062
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 May 2010 18:52:46 +0000 (18:52 +0000)]
pull up r24002 from trunk
------------------------------------------------------------------------
r24002 | ghudson | 2010-05-10 18:23:57 -0400 (Mon, 10 May 2010) | 14 lines
ticket: 6718
subject: Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAP
target_version: 1.8.2
tags: pullup
In krb5_ldap_put_principal, use krb5_get_attributes_mask to determine
whether krbLoginFailedCount existed on the entry when it was
retrieved. If it didn't exist, don't try to use LDAP_MOD_INCREMENT,
and don't assert an old value when not using LDAP_MOD_INCREMENT.
Also, create the krbLoginFailedCount attribute when creating new
entries. This allows us to use LDAP_MOD_INCREMENT during the first
failed login (if the server supports it), avoiding a race condition.
ticket: 6718
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24061
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 May 2010 18:52:43 +0000 (18:52 +0000)]
pull up r23959 from trunk
------------------------------------------------------------------------
r23959 | tlyu | 2010-04-30 17:10:55 -0400 (Fri, 30 Apr 2010) | 8 lines
ticket: 6711
subject: memory leak in process_tgs_req in r23724
tags: pullup
target_version: 1.8.2
Fix a KDC memory leak that was introduced by r23724 that could leak
the decoded request.
ticket: 6711
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24060
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 May 2010 18:52:39 +0000 (18:52 +0000)]
pull up r23928 from trunk
------------------------------------------------------------------------
r23928 | tlyu | 2010-04-22 21:10:20 -0400 (Thu, 22 Apr 2010) | 10 lines
ticket: 6698
target_version: 1.8.2
tags: pullup
Adapted patch from Jason Rogers. It wasn't complete, so this commit
fixes the other instances of the 64-bit problem.
Also fix krb5_deltat_to_str(), which would previously always return an
empty string.
ticket: 6698
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24059
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 May 2010 18:52:36 +0000 (18:52 +0000)]
pull up r23929 from trunk
------------------------------------------------------------------------
r23929 | tlyu | 2010-04-22 21:30:48 -0400 (Thu, 22 Apr 2010) | 7 lines
ticket: 6697
target_version: 1.8.2
tags: pullup
Adapted patch from Arlene Berry to handle dlerror() returning a null
pointer.
ticket: 6697
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24058
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 May 2010 18:52:32 +0000 (18:52 +0000)]
pull up r23925 from trunk
------------------------------------------------------------------------
r23925 | tlyu | 2010-04-22 16:04:01 -0400 (Thu, 22 Apr 2010) | 8 lines
ticket: 6696
target_version: 1.8.2
tags: pullup
Apply patch from Arlene Berry to cease freeing error tokens output by
accept_sec_context, allowing them to actually be sent to the
initiator.
ticket: 6696
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24057
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 20 Apr 2010 22:37:22 +0000 (22:37 +0000)]
pull up r23912 from trunk
------------------------------------------------------------------------
r23912 | tlyu | 2010-04-20 17:12:10 -0400 (Tue, 20 Apr 2010) | 11 lines
ticket: 6702
target_version: 1.8.2
tags: pullup
Fix CVE-2010-1230 (MITKRB5-SA-2010-004) double-free in KDC triggered
by ticket renewal. Add a test case.
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490
Thanks to Joel Johnson and Brian Almeida for the reports.
ticket: 6702
version_fixed: 1.8.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23914
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 8 Apr 2010 20:35:03 +0000 (20:35 +0000)]
krb5-1.8.1-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23880
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 8 Apr 2010 20:33:32 +0000 (20:33 +0000)]
README and patchlevel.h for krb5-1.8.1 final
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23878
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 30 Mar 2010 01:54:21 +0000 (01:54 +0000)]
krb5-1.8.1-beta2-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23849
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 30 Mar 2010 01:52:51 +0000 (01:52 +0000)]
README and patchlevel for krb5-1.8.1-beta2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23847
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 30 Mar 2010 01:51:11 +0000 (01:51 +0000)]
make depend
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23846
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 30 Mar 2010 01:51:04 +0000 (01:51 +0000)]
pull up r23844 from trunk
------------------------------------------------------------------------
r23844 | ghudson | 2010-03-29 18:08:21 -0400 (Mon, 29 Mar 2010) | 9 lines
ticket: 6693
subject: Fix backwards flag output in krb5_init_creds_step()
tags: pullup
target_version: 1.8.1
krb5_init_creds_step() is taken from Heimdal, which sets *flags to 1
for "continue" and 0 for "stop". Unfortunately, we got it backwards
in 1.8; fix it for 1.8.1.
ticket: 6693
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23845
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 28 Mar 2010 23:00:08 +0000 (23:00 +0000)]
krb5-1.8.1-beta1-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23841
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sun, 28 Mar 2010 22:47:01 +0000 (22:47 +0000)]
README and patchlevel for krb5-1.8.1-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23839
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Mar 2010 22:31:00 +0000 (22:31 +0000)]
pull up r23834 from trunk
------------------------------------------------------------------------
r23834 | tlyu | 2010-03-23 15:00:13 -0700 (Tue, 23 Mar 2010) | 7 lines
ticket: 6678
target_version: 1.8.1
tags: pullup
Apply patch from Arlene Berry to not use freed memory in
gss_import_sec_context in some error paths.
ticket: 6678
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23835
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Mar 2010 19:08:53 +0000 (19:08 +0000)]
pull up r23832 from trunk
------------------------------------------------------------------------
r23832 | tlyu | 2010-03-23 11:53:52 -0700 (Tue, 23 Mar 2010) | 8 lines
ticket: 6690
target_version: 1.8.1
tags: pullup
subject: MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
The SPNEGO implementation in krb5-1.7 and later could crash due to
assertion failure when receiving some sorts of invalid GSS-API tokens.
ticket: 6690
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23833
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Mar 2010 07:21:04 +0000 (07:21 +0000)]
pull up r23829 from trunk
------------------------------------------------------------------------
r23829 | tlyu | 2010-03-22 23:09:02 -0700 (Mon, 22 Mar 2010) | 10 lines
ticket: 6689
target_version: 1.8.1
tags: pullup
subject: krb5_typed_data not castable to krb5_pa_data on 64-bit MacOSX
Move krb5_typed_data to krb5.hin from k5-int-pkinit.h because
krb5int_fast_process_error was assuming that it was safe to cast it to
krb5_pa_data. It's not safe to do the cast on 64-bit MacOSX because
krb5.hin uses #pragma pack on that platform.
ticket: 6689
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23830
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Mar 2010 01:58:29 +0000 (01:58 +0000)]
pull up r23821 from trunk
------------------------------------------------------------------------
r23821 | ghudson | 2010-03-19 20:50:06 -0700 (Fri, 19 Mar 2010) | 17 lines
ticket: 6687
subject: Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
target_version: 1.8.1
tags: pullup
KRB5_AUTHDATA_SIGNTICKET, originally a Heimdal authorization data
type, was used to implement PAC-less constrained delegation in krb5
1.8. Unfortunately, it was found that Microsoft was using 142 for
other purposes, which could result in a ticket issued by an MIT or
Heimdal KDC being rejected by a Windows Server 2008 R2 application
server. Because KRB5_AUTHDATA_SIGNTICKET is only used to communicate
among a realm's KDCs, it is relatively easy to change the number, so
MIT and Heimdal are both migrating to a new number. This change will
cause a transitional interoperability issue when a realm mixes MIT
krb5 1.8 (or Heimdal 1.3.1) KDCs with MIT krb5 1.8.1 (or Heimdal
1.3.2) KDCs, but only for constrained delegation evidence tickets.
ticket: 6687
version_fixed: 1.8.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23828
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Mar 2010 01:58:22 +0000 (01:58 +0000)]
pull up r23820 from trunk
------------------------------------------------------------------------
r23820 | ghudson | 2010-03-19 09:17:05 -0700 (Fri, 19 Mar 2010) | 7 lines
ticket: 6680
target_version: 1.8.1
tags: pullup
Document the ticket_lifetime libdefaults setting (which was added in
r16656, #2656). Based on a patch from nalin@redhat.com.
ticket: 6680
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23827
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Mar 2010 01:58:15 +0000 (01:58 +0000)]
pull up r23819 from trunk
------------------------------------------------------------------------
r23819 | ghudson | 2010-03-18 10:37:31 -0700 (Thu, 18 Mar 2010) | 7 lines
ticket: 6683
target_version: 1.8.1
tags: pullup
Fix the kpasswd fallback from the ccache principal name to the
username in the case where the ccache doesn't exist.
ticket: 6683
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23826
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Mar 2010 01:58:07 +0000 (01:58 +0000)]
pull up r23815 from trunk
------------------------------------------------------------------------
r23815 | ghudson | 2010-03-17 14:10:10 -0700 (Wed, 17 Mar 2010) | 7 lines
ticket: 6681
target_version: 1.8.1
tags: pullup
When checking for KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT, don't
dereference options if it's NULL.
ticket: 6681
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23825
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Mar 2010 01:58:00 +0000 (01:58 +0000)]
pull up r23810 from trunk
------------------------------------------------------------------------
r23810 | tlyu | 2010-03-16 12:14:33 -0700 (Tue, 16 Mar 2010) | 8 lines
ticket: 6685
target_version: 1.8.1
subject: handle NT_SRV_INST in service principal referrals
Handle NT_SRV_INST in service principal cross-realm referrals, as
Windows apparently uses that instead of NT_SRV_HST for at least some
service principals.
ticket: 6685
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23824
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 15 Mar 2010 23:50:52 +0000 (23:50 +0000)]
pull up r23766 from trunk
------------------------------------------------------------------------
r23766 | ghudson | 2010-03-05 12:45:46 -0500 (Fri, 05 Mar 2010) | 10 lines
ticket: 6676
subject: Ignore improperly encoded signedpath AD elements
target_version: 1.8.1
tags: pullup
We have some reason to believe Microsoft and Heimdal are both using
the authdata value 142 for different purposes, leading to failures in
verify_ad_signedpath(). For better interoperability, treat such
tickets as unsigned, rather than invalid.
ticket: 6676
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23809
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 15 Mar 2010 23:50:49 +0000 (23:50 +0000)]
pull up r23772 from trunk
------------------------------------------------------------------------
r23772 | ghudson | 2010-03-05 15:35:26 -0500 (Fri, 05 Mar 2010) | 7 lines
ticket: 6674
target_version: 1.8.1
tags: pullup
Release the internal_name field of a SPNEGO context if it has not been
claimed for a caller argument.
ticket: 6674
status: resolved
version_fixed: 1.8.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23808
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 15 Mar 2010 23:50:46 +0000 (23:50 +0000)]
pull up r23749 from trunk
------------------------------------------------------------------------
r23749 | ghudson | 2010-02-24 13:57:08 -0500 (Wed, 24 Feb 2010) | 9 lines
ticket: 6668
subject: Two problems in kadm5_get_principal mask handling
target_version: 1.8
tags: pullup
KADM5_MOD_NAME was being applied to entry->principal instead of
entry->mod_name. KADM5_MKVNO was not being applied to entry->mkvno.
Patch from Marcus Watts <mdw@umich.edu>.
ticket: 6668
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23807
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 15 Mar 2010 23:50:40 +0000 (23:50 +0000)]
pull up r23767 from trunk
------------------------------------------------------------------------
r23767 | ghudson | 2010-03-05 14:19:42 -0500 (Fri, 05 Mar 2010) | 7 lines
ticket: 6661
target_version: 1.8.1
tags: pullup
Add IPv6 support to changepw.c (reverting r21004 since it is no longer
necessary). Patch from Submit Bose <sbose@redhat.com>.
ticket: 6661
version_fixed: 1.8.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23806
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 10 Mar 2010 20:33:05 +0000 (20:33 +0000)]
Revert KRB5_CONF_ macro change intended for trunk
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23797
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 10 Mar 2010 15:59:30 +0000 (15:59 +0000)]
Use KRB5_CONF_ macros instead of strings in source for profile config arguments "default" and "logging"
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23795
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 2 Mar 2010 18:21:06 +0000 (18:21 +0000)]
krb5-1.8-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23762
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 2 Mar 2010 18:13:43 +0000 (18:13 +0000)]
README and patchlevel.h for krb5-1.8 final
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23760
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 25 Feb 2010 21:28:29 +0000 (21:28 +0000)]
krb5-1.8-beta2-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23755
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 25 Feb 2010 21:28:22 +0000 (21:28 +0000)]
README and patchlevel.h for krb5-1.8-beta2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23754
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 25 Feb 2010 20:14:21 +0000 (20:14 +0000)]
pull up r23750 from trunk
------------------------------------------------------------------------
r23750 | tlyu | 2010-02-25 15:09:45 -0500 (Thu, 25 Feb 2010) | 7 lines
ticket: 6669
target_version: 1.8
tags: pullup
subject: doc updates for allow_weak_crypto
Update documentation to be more helpful about allow_weak_crypto.
ticket: 6669
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23751
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Feb 2010 00:25:58 +0000 (00:25 +0000)]
pull up r23742 from trunk
------------------------------------------------------------------------
r23742 | ghudson | 2010-02-21 23:52:30 -0500 (Sun, 21 Feb 2010) | 24 lines
ticket: 6603
target_version: 1.8
tags: pullup
Fix two unrelated problems in SPNEGO which don't crop up with the krb5
mechanism.
1. The third call to spnego_init_accept_context uses faulty logic to
determine if the exchange is complete, preventing a third mech token
from being sent to the acceptor if no MIC exchange is required.
Follow the logic used in the second call (in init_ctx_nego), which is
correct.
2. If the acceptor selects a mech other than the optimistic mech, it
sets sc->mic_reqd to 1 whether or not the selected mech supports MICs
(which isn't known until the mech completes). Most code outside of
handle_mic checks sc->mic_reqd along with (sc->ctx_flags &
GSS_C_INTEG_FLAG), but the code in acc_ctx_call_acc neglected to do
so, so it could improperly delegate responsibility for deciding when
the negotiation was finished to handle_mic--which never gets called if
(sc->ctx_flags & GSS_C_INTEG_FLAG) is false. Fix acc_ctx_call_acc to
check sc->ctx_flags so that mechs which don't support integrity
protection can complete if they are selected non-optimistically.
ticket: 6603
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23748
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Feb 2010 00:25:54 +0000 (00:25 +0000)]
pull up r23735 from trunk
------------------------------------------------------------------------
r23735 | ghudson | 2010-02-18 13:49:11 -0500 (Thu, 18 Feb 2010) | 8 lines
ticket: 6659
target_version: 1.8
tags: pullup
The TGS code was not freeing authdata. This is an old leak which was
made more evident in 1.8 by the addition of ad-signedpath authdata
appearing in most tickets issued through the TGS path.
ticket: 6659
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23747
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Feb 2010 00:25:51 +0000 (00:25 +0000)]
pull up r23734 from trunk
------------------------------------------------------------------------
r23734 | ghudson | 2010-02-18 13:04:47 -0500 (Thu, 18 Feb 2010) | 17 lines
ticket: 6665
subject: Fix cipher state chaining in OpenSSL back end
target_version: 1.8
tags: pullup
Make cipher state chaining work in the OpenSSL back end for des, des3,
and arcfour enc providers. Subtleties:
* DES and DES3 have checks to avoid clobbering ivec with uninitialized
data if there is no data to encrypt.
* Arcfour saves the OpenSSL cipher context across calls. To protect
against a caller improperly copying the state (which happens to work
with other enc providers), a loopback pointer is used, as in GSSAPI.
* EVP_EncryptFinal_ex is unnecessary with stream ciphers and would
interfere with cipher state chaining if it did anything, so just
remove it.
ticket: 6665
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23746
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 17 Feb 2010 03:41:03 +0000 (03:41 +0000)]
krb5-1.8-beta1-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23730
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 17 Feb 2010 03:13:29 +0000 (03:13 +0000)]
README and patchlevel.h for krb5-1.8-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23728
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 16 Feb 2010 23:01:30 +0000 (23:01 +0000)]
pull up r23726 from trunk
------------------------------------------------------------------------
r23726 | tlyu | 2010-02-16 17:41:27 -0500 (Tue, 16 Feb 2010) | 8 lines
ticket: 6663
subject: update mkrel to deal with changed source layout
target_version: 1.8
tags: pullup
Update mkrel so it deals somewhat better with removed src/lib/des425,
NOTICES, etc.
ticket: 6663
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23727
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 16 Feb 2010 22:21:08 +0000 (22:21 +0000)]
pull up r23724 from trunk
------------------------------------------------------------------------
r23724 | tlyu | 2010-02-16 17:10:17 -0500 (Tue, 16 Feb 2010) | 10 lines
ticket: 6662
subject: MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service
tags: pullup
target_version: 1.8
Code introduced in krb5-1.7 can cause an assertion failure if a
KDC-REQ is internally inconsistent, specifically if the ASN.1 tag
doesn't match the msg_type field. Thanks to Emmanuel Bouillon (NATO
C3 Agency) for discovering and reporting this vulnerability.
ticket: 6662
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23725
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 12 Feb 2010 20:28:51 +0000 (20:28 +0000)]
pull up r23716 from trunk
------------------------------------------------------------------------
r23716 | ghudson | 2010-02-11 11:07:08 -0500 (Thu, 11 Feb 2010) | 15 lines
ticket: 6660
subject: Minimal support for updating history key
target_version: 1.8
tags: pullup
Add minimal support for re-randomizing the history key:
* cpw -randkey kadmin/history now works, but creates only one key.
* cpw -randkey -keepold kadmin/history still fails.
* libkadm5 no longer caches the history key. Performance impact
is minimal since password changes are not common.
* randkey no longer checks the newly randomized key against old keys,
and the disabled code to do so in setkey/setv4key is gone, so now
only kadm5_chpass_principal_3 accesses the password history.
------------------------------------------------------------------------
ticket: 6660
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23721
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 12 Feb 2010 20:28:47 +0000 (20:28 +0000)]
pull up r23715 from trunk
------------------------------------------------------------------------
r23715 | ghudson | 2010-02-10 18:44:18 -0500 (Wed, 10 Feb 2010) | 14 lines
ticket: 6658
subject: Implement gss_set_neg_mechs
target_version: 1.8
tags: pullup
Implement gss_set_neg_mechs in SPNEGO by intersecting the provided
mech set with the mechanisms available in the union credential. As
we now need space to hold the mech set, the SPNEGO credential is now
a structure and not just a mechglue credential.
t_spnego.c is a test program which exercises the new logic. Like the
other GSSAPI tests, it is not run as part of "make check" at this
time.
ticket: 6658
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23720
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 12 Feb 2010 20:28:43 +0000 (20:28 +0000)]
pull up r23713 from trunk
------------------------------------------------------------------------
r23713 | hartmans | 2010-02-09 14:15:12 -0500 (Tue, 09 Feb 2010) | 10 lines
subject: krb5int_fast_free_state segfaults if state is null
ticket: 6657
target_version: 1.8
tags: pullup
krb5int_fast_free_state fails if state is null. INstead it should
simply return Reorganization of the get_init_creds logic has created
situations where the init_creds loop can fail between the time when
the context is initialized and the fast state is initialized.
ticket: 6657
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23719
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 12 Feb 2010 20:28:39 +0000 (20:28 +0000)]
pull up r23712, r23714 from trunk
------------------------------------------------------------------------
r23714 | ghudson | 2010-02-09 20:55:36 -0500 (Tue, 09 Feb 2010) | 13 lines
ticket: 6656
Followon fixes to r23712:
* A few formatting fixes.
* Fix unlikely leak in kdc_handle_protected_negotiation: if
add_pa_data_element with copy == FALSE fails, it's still the
caller's responsibility to free pa.contents.
* Fix pre-existing (since r23465) leak of reply_encpart.enc_padata in
process_as_req.
* Call add_pa_data_element with copy == TRUE in
return_referral_enc_padata since we are passing memory owned by the
database entry.
------------------------------------------------------------------------
r23712 | hartmans | 2010-02-09 14:15:07 -0500 (Tue, 09 Feb 2010) | 14 lines
subject: enc_padata can include empty sequence
ticket: 6656
target_version: 1.8
tags: pullup
There are two issues with return_enc_padata.
1) It often will return an empty sequence of enc_padata rather than not including the field
2) FAST negotiation is double supported in the referral tgs path and not supported in the non-referral path
Rewrite the return_enc_padata logic to:
* Split out referral interactions with kdb into its own function
* Use add_pa_data_element
ticket: 6656
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23718
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 8 Feb 2010 21:22:18 +0000 (21:22 +0000)]
pull up r23677 from trunk
------------------------------------------------------------------------
r23677 | ghudson | 2010-01-28 20:22:17 -0500 (Thu, 28 Jan 2010) | 14 lines
ticket: 6652
subject: Make decryption of master key list more robust
target_version: 1.8
tags: pullup
krb5_def_fetch_mkey_list was incorrectly filtering mkey_aux entries
when searching the list for an entry which can be decrypted with the
stashed master key. This bug was masked in most cases by the mkvno
heuristic.
Remove the mkvno heuristic, since performance is not an issue for this
rarely-performed operation, and remove the incorrect enctype
comparison in the brute-force search.
ticket: 6652
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23711
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 8 Feb 2010 20:55:48 +0000 (20:55 +0000)]
pull up r23699 from trunk
------------------------------------------------------------------------
r23699 | ghudson | 2010-02-05 16:46:35 -0500 (Fri, 05 Feb 2010) | 10 lines
ticket: 6643
target_version: 1.8
tags: pullup
Consistently place $(LDFLAGS) after $(SHLIB_EXPFLAGS) when building
shared libraries. Previously we sometimes failing to use $(LDFLAGS)
at all, and at other times were putting it before $(SHLIB_EXPFLAGS)
where it could pick up tree-internal libraries from outside the build
tree.
ticket: 6643
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23710
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 8 Feb 2010 20:55:46 +0000 (20:55 +0000)]
pull up r23698 from trunk
------------------------------------------------------------------------
r23698 | tlyu | 2010-02-05 15:52:42 -0500 (Fri, 05 Feb 2010) | 8 lines
ticket: 6601
tags: pullup
target_version: 1.8
Apply patch from Arlene Berry to handle the case where a mechanism
implements set_cred_option but does not implement the requested
option.
ticket: 6601
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23709
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 8 Feb 2010 20:55:43 +0000 (20:55 +0000)]
pull up r23697 from trunk
------------------------------------------------------------------------
r23697 | ghudson | 2010-02-04 22:43:54 -0500 (Thu, 04 Feb 2010) | 12 lines
ticket: 6655
subject: Fix cross-realm handling of AD-SIGNEDPATH
target_version: 1.8
tags: pullup
Avoid setting AD-SIGNEDPATH when returning a cross-realm TGT.
Previously we were avoiding it when answering a cross-realm client,
which was wrong.
Don't fail out on an invalid AD-SIGNEDPATH checksum; just don't trust
the ticket for S4U2Proxy (as if AD-SIGNEDPATH weren't present).
ticket: 6655
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23708
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 8 Feb 2010 20:55:39 +0000 (20:55 +0000)]
pull up r23696 from trunk
------------------------------------------------------------------------
r23696 | tlyu | 2010-02-04 22:25:49 -0500 (Thu, 04 Feb 2010) | 7 lines
ticket: 6600
tags: pullup
target_version: 1.8
Apply patch from Arlene Berry to avoid segfault if a mech
gss_inquire_context returns GSS_C_NO_NAME for the target name.
ticket: 6600
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23707
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 8 Feb 2010 20:55:36 +0000 (20:55 +0000)]
pull up r23695 from trunk
------------------------------------------------------------------------
r23695 | tlyu | 2010-02-04 22:05:42 -0500 (Thu, 04 Feb 2010) | 8 lines
ticket: 6598
tags: pullup
target_version: 1.8
Apply patch from Arlene Berry to return a comparable static OID object
instead of the application-passed (probably dynamically allocated)
OID, to avoid use-after-free problems.
ticket: 6598
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23706
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 8 Feb 2010 20:55:34 +0000 (20:55 +0000)]
pull up r23694 from trunk
------------------------------------------------------------------------
r23694 | ghudson | 2010-02-03 14:55:05 -0500 (Wed, 03 Feb 2010) | 7 lines
ticket: 6654
subject: Fix greet_server build
target_version: 1.8
tags: pullup
Fix the export list for the greet_server plugin.
ticket: 6654
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23705
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 8 Feb 2010 20:55:31 +0000 (20:55 +0000)]
pull up r23681 from trunk
------------------------------------------------------------------------
r23681 | tlyu | 2010-02-01 16:48:19 -0500 (Mon, 01 Feb 2010) | 15 lines
ticket: 6653
subject: set_default_enctype_var should filter not reject weak enctypes
tags: pullup
target_version: 1.8
With allow_weak_crypto=false, set_default_enctype_var() (helper
function for krb5_set_default_tgs_enctypes(), etc.) was rejecting any
application-provided enctype list that contained any weak enctype even
when valid strong enctypes were present. This broke some Samba
things. Filter the weak enctypes instead. Add test cases.
Reported to Debian by Holger Isenberg. (Debian bug #566977)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977
Thanks to Simo Sorce for testing.
ticket: 6653
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23704
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 8 Feb 2010 20:55:27 +0000 (20:55 +0000)]
pull up r23676, r23679 from trunk
------------------------------------------------------------------------
r23679 | ghudson | 2010-01-31 16:04:48 -0500 (Sun, 31 Jan 2010) | 4 lines
ticket: 6650
Fix minor error-handling bug in r23676.
------------------------------------------------------------------------
r23676 | ghudson | 2010-01-28 16:39:31 -0500 (Thu, 28 Jan 2010) | 17 lines
ticket: 6650
subject: Handle migration from pre-1.7 databases with master key kvno != 1
target_version: 1.7.1
tags: pullup
krb5_dbe_lookup_mkvno assumes an mkvno of 1 for entries with no
explicit tl_data. We've seen at least one pre-1.7 KDB with a master
kvno of 0, violating this assumption. Fix this as follows:
* krb5_dbe_lookup_mkvno outputs 0 instead of 1 if no tl_data exists.
* A new function krb5_dbe_get_mkvno translates this 0 value to the
minimum version number in the mkey_list. (krb5_dbe_lookup_mkvno
cannot do this as it doesn't take the mkey_list as a parameter.)
* Call sites to krb5_dbe_lookup_mkvno are converted to
krb5_dbe_get_mkvno, except for an LDAP case where it is acceptable
to store 0 if the mkvno is unknown.
ticket: 6651
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23703
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 8 Feb 2010 20:55:22 +0000 (20:55 +0000)]
pull up r23674, r23675 from trunk
------------------------------------------------------------------------
r23675 | ghudson | 2010-01-27 17:17:12 -0500 (Wed, 27 Jan 2010) | 4 lines
ticket: 6649
Update the LDAP dependencies for r23674.
------------------------------------------------------------------------
r23674 | ghudson | 2010-01-26 22:52:52 -0500 (Tue, 26 Jan 2010) | 10 lines
ticket: 6649
subject: Get rid of kdb_ext.h and allow out-of-tree KDB plugins
target_version: 1.8
tags: pullup
Move the contents of kdb_ext.h into kdb.h, since there is no meaningful
"extensions" category of DB interfaces now that this stuff is in our
tree. Allows out-of-tree KDB plugins to be built since we install
kdb.h.
ticket: 6649
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23702
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 8 Feb 2010 20:55:17 +0000 (20:55 +0000)]
pull up r23673 from trunk
------------------------------------------------------------------------
r23673 | tlyu | 2010-01-26 17:55:07 -0500 (Tue, 26 Jan 2010) | 9 lines
ticket: 6648
target_version: 1.8
tags: pullup
subject: define MIN() in lib/gssapi/krb5/prf.c
Apply patch from Doug Engert to define MIN(), which was causing prf.c
to fail compilation on Solaris. (The definition was probably leaking
from sys/param.h, included indirectly somehow.)
ticket: 6648
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23701
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 8 Feb 2010 20:55:12 +0000 (20:55 +0000)]
pull up r23672 from trunk
------------------------------------------------------------------------
r23672 | tlyu | 2010-01-26 13:43:29 -0500 (Tue, 26 Jan 2010) | 6 lines
ticket: 6599
target_version: 1.8
tags: pullup
Apply patch from Arlene Berry to plug a memory leak.
ticket: 6599
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23700
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 21 Jan 2010 22:49:07 +0000 (22:49 +0000)]
pull up r23663 from trunk
------------------------------------------------------------------------
r23663 | ghudson | 2010-01-19 18:35:39 -0500 (Tue, 19 Jan 2010) | 9 lines
ticket: 6645
subject: Add krb5_allow_weak_crypto API
target_version: 1.8
tags: pullup
Add an API to allow apps to override the profile setting of
allow_weak_crypto, so that aklog can work with krb5 1.8 out of the box
until OpenAFS finishes migrating away from DES.
ticket: 6645
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23665
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 21 Jan 2010 22:49:01 +0000 (22:49 +0000)]
pull up r23662 from trunk
------------------------------------------------------------------------
r23662 | ghudson | 2010-01-19 13:44:57 -0500 (Tue, 19 Jan 2010) | 3 lines
ticket: 6644
subject: Change basename of libkadm5 libraries to avoid Heimdal conflict
ticket: 6644
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23664
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 14 Jan 2010 19:27:33 +0000 (19:27 +0000)]
Add test program for decryption of overly short buffers
Pull up r23652 from trunk.
Test case for integer underflow in AES and RC4 decryption.
[MITKRB5-SA-2009-004, CVE-2009-4212] krb5-1.8 branch isn't vulnerable,
but include this test anyway.
------------------------------------------------------------------------
r23652 | ghudson | 2010-01-12 16:59:58 -0500 (Tue, 12 Jan 2010) | 2 lines
Add test program for decryption of overly short buffers.
ticket: 6642
target_version: 1.8
version_fixed: 1.8
tags: pullup
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23660
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 14 Jan 2010 18:51:13 +0000 (18:51 +0000)]
pull up r23657 from trunk
------------------------------------------------------------------------
r23657 | ghudson | 2010-01-14 11:09:24 -0500 (Thu, 14 Jan 2010) | 9 lines
ticket: 6640
subject: Make history key exempt from permitted_enctypes
tags: pullup
target_version: 1.8
In kdb_init_hist, just use the first key entry in the kadmin/history
entry. This makes the history key work even if the enctype is
disallowed by allow_weak_crypto=false or other configuration.
ticket: 6640
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23659
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 14 Jan 2010 18:51:09 +0000 (18:51 +0000)]
pull up r23607 from trunk
------------------------------------------------------------------------
r23607 | ghudson | 2010-01-07 15:57:02 -0500 (Thu, 07 Jan 2010) | 7 lines
ticket: 6546
status: open
When retrieving the kadmin/history key, accept any enctype, as the
current master key enctype may not match the one the KDB was created
with.
ticket: 6546
status: resolved
version_fixed: 1.8
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23658
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 12 Jan 2010 05:03:49 +0000 (05:03 +0000)]
pull up r23628 from trunk
------------------------------------------------------------------------
r23628 | ghudson | 2010-01-11 20:05:37 -0500 (Mon, 11 Jan 2010) | 9 lines
ticket: 6632
subject: Simplify and fix FAST check for keyed checksum type
target_version: 1.8
tags: pullup
Use krb5_c_is_keyed_checksum to detect unkeyed checksums when handling
FAST requests. The old check was broken for 1.8 because
krb5_c_verify_checksum got pickier about invalid keyblocks.
ticket: 6632
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23649
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 12 Jan 2010 05:03:44 +0000 (05:03 +0000)]
pull up r23629 from trunk
------------------------------------------------------------------------
r23629 | ghudson | 2010-01-11 20:07:48 -0500 (Mon, 11 Jan 2010) | 9 lines
ticket: 6633
subject: Use keyed checksum type for DES FAST
target_version: 1.7
tags: pullup
DES enctypes have unkeyed mandatory-to-implement checksums. Since
FAST requires a keyed checksum, we must pick something else in that
case.
ticket: 6633
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23648
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 11 Jan 2010 21:44:18 +0000 (21:44 +0000)]
pull up r23622 from trunk
------------------------------------------------------------------------
r23622 | epeisach | 2010-01-09 11:02:13 -0500 (Sat, 09 Jan 2010) | 8 lines
subject: krb5int_pbkdf2_hmac_sha1 fails to set enctype on keyblock
ticket: 6630
tags: pullup
krb5int_pbkdf2_hmac_sha1 fails to set enctype on a termporary keyblock
- resulting in valgrind picking up on a conditional branch w/ unset
value. Initialize value.
ticket: 6630
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23627
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 11 Jan 2010 21:44:13 +0000 (21:44 +0000)]
pull up r23608 from trunk
------------------------------------------------------------------------
r23608 | epeisach | 2010-01-07 20:51:19 -0500 (Thu, 07 Jan 2010) | 23 lines
subject: krb5int_derive_key results in cache with uninitialized values
krb5int_derive_key creates a temporary keyblock to add to the derived cache.
krb5_k_free_key will iterate over the derived keys and for ones with cache will
lookup the enctype for the key_cleanup handler.
Unfortunatly, there isn't a keyblock init function that does not allocate the
keyblock - as I suspect this problem will appear in other places.
The valgrind log of this problem is:
==7281== Conditional jump or move depends on uninitialised value(s)
==7281== at 0x40E9AE8: find_enctype (etypes.h:81)
==7281== by 0x40E9C96: krb5_k_free_key (key.c:91)
==7281== by 0x40E9C52: krb5_k_free_key (key.c:86)
==7281== by 0x40EBB00: krb5_c_prf (prf.c:87)
==7281== by 0x40E7B1B: prf_plus (cf2.c:77)
==7281== by 0x40E7CE6: krb5_c_fx_cf2_simple (cf2.c:125)
==7281== by 0x804899C: main (t_cf2.c:70)
==7281==
with memory leaks.
ticket: 6629
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23626
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 8 Jan 2010 23:43:18 +0000 (23:43 +0000)]
pull up r23612 from trunk
------------------------------------------------------------------------
r23612 | epeisach | 2010-01-08 09:54:04 -0500 (Fri, 08 Jan 2010) | 7 lines
ticket: 6628
subject: krb5int_dk_string_to_key fails to set enctype
tags: pullup
Failure to set the enctype before invoking krb5_k_create_key results in
potential memory leak.
ticket: 6628
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23621
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 8 Jan 2010 23:43:15 +0000 (23:43 +0000)]
pull up r23611 from trunk
------------------------------------------------------------------------
r23611 | epeisach | 2010-01-07 22:43:37 -0500 (Thu, 07 Jan 2010) | 7 lines
subject: Set enctype in crypto_tests to prevent memory leaks
ticket: 6627
tags: pullup
The key caching is causing memory leaks if enctype is not set as the
enctype specific cleanup handlers are not called.
ticket: 6627
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23620
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 8 Jan 2010 23:43:12 +0000 (23:43 +0000)]
pull up r23610 from trunk
------------------------------------------------------------------------
r23610 | ghudson | 2010-01-07 21:43:21 -0500 (Thu, 07 Jan 2010) | 10 lines
ticket: 6626
subject: Restore interoperability with 1.6 addprinc -randkey
tags: pullup
target_version: 1.8
The arcfour string-to-key operation in krb5 1.7 (or later) disagrees
with the dummy password used by the addprinc -randkey operation in
krb5 1.6's kadmin client, because it's not valid UTF-8. Recognize the
1.6 dummy password and use a random password instead.
ticket: 6626
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23619
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 8 Jan 2010 23:43:09 +0000 (23:43 +0000)]
pull up r23609 from trunk
------------------------------------------------------------------------
r23609 | epeisach | 2010-01-07 21:12:24 -0500 (Thu, 07 Jan 2010) | 23 lines
subject: yarrow code does not initialize keyblock enctype and uses unitialized value
ticket: 6625
tags: pullup
The yarrow code uses a keyblock that is partially initialized. This results
in krb5_k_free_key trying to look up the enctype to call the free handler.
One of the valgrind reports: (there are several paths)
==26701== Conditional jump or move depends on uninitialised value(s)
==26701== at 0x40E9AF0: find_enctype (etypes.h:81)
==26701== by 0x40E9C9E: krb5_k_free_key (key.c:91)
==26701== by 0x40D641A: krb5int_yarrow_cipher_init (ycipher.c:49)
==26701== by 0x40D593A: yarrow_gate_locked (yarrow.c:578)
==26701== by 0x40D5349: krb5int_yarrow_output_Block (yarrow.c:423)
==26701== by 0x40D581B: yarrow_output_locked (yarrow.c:553)
==26701== by 0x40D5667: krb5int_yarrow_output (yarrow.c:513)
==26701== by 0x40EBD2D: krb5_c_random_make_octets (prng.c:112)
==26701== by 0x40D4119: krb5int_old_encrypt (old_aead.c:97)
==26701== by 0x40E9696: krb5_k_encrypt_iov (encrypt_iov.c:42)
==26701== by 0x8049554: main (t_encrypt.c:206)
==26701==
ticket: 6625
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23618
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 8 Jan 2010 23:43:05 +0000 (23:43 +0000)]
pull up r23602, r23604, r23605 from trunk
------------------------------------------------------------------------
r23605 | hartmans | 2010-01-07 13:35:15 -0500 (Thu, 07 Jan 2010) | 4 lines
ticket: 6624
Revert change to Makefile.in that ended up not being needed
------------------------------------------------------------------------
r23604 | hartmans | 2010-01-07 13:32:20 -0500 (Thu, 07 Jan 2010) | 10 lines
Subject: automated tests for anonymous pkinit
ticket: 6624
target_version: 1.8
tags: pullup
Implement tests for anonymous pkinit. A certificate and private key
are checked in; these tests will stop working in 2023.
Note that r23602 needs to be pulled up before this ticket.
------------------------------------------------------------------------
r23602 | ghudson | 2010-01-07 12:26:58 -0500 (Thu, 07 Jan 2010) | 4 lines
Make preauth_module_dir override, rather than supplement, the
built-in path list, to avoid problems with running the same preauth
module twice.
ticket: 6624
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23617
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 8 Jan 2010 23:43:02 +0000 (23:43 +0000)]
pull up r23603 from trunk
------------------------------------------------------------------------
r23603 | hartmans | 2010-01-07 13:32:15 -0500 (Thu, 07 Jan 2010) | 7 lines
subject: Always treat anonymous as preauth required
ticket: 6623
target_version: 1.8
tags: pullup
Always treat the WELLKNOWN/ANONYMOUS principal as requiring pre-authentication. The anonymous draft depends on a pre-auth exchange to invoke pkinit.
ticket: 6623
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23616
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 8 Jan 2010 23:42:59 +0000 (23:42 +0000)]
pull up r23597, r23599 from trunk
------------------------------------------------------------------------
r23599 | ghudson | 2010-01-06 18:44:04 -0500 (Wed, 06 Jan 2010) | 4 lines
Make krb5_dbe_def_search_enctype more consistent about when it returns
KRB5_KDB_NO_PERMITTED_KEY. Now it will return that error if it sees
any non-permitted enctypes which match the search criteria.
------------------------------------------------------------------------
r23597 | ghudson | 2010-01-06 18:14:14 -0500 (Wed, 06 Jan 2010) | 8 lines
ticket: 6622
target_version: 1.8
tags: pullup
Don't return KRB5_KDB_NO_PERMITTED_KEY from
krb5_dbe_def_search_enctype if we previously returned results (i.e. if
*start > 0).
ticket: 6622
version_fixed: 1.8
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23615
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 6 Jan 2010 23:11:52 +0000 (23:11 +0000)]
krb5-1.8-alpha1-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23596
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 6 Jan 2010 22:58:45 +0000 (22:58 +0000)]
README, patchlevel, etc. for krb5-1.8-alpha1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23594
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 5 Jan 2010 04:38:21 +0000 (04:38 +0000)]
branch for krb5-1.8
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@23588
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 5 Jan 2010 04:37:07 +0000 (04:37 +0000)]
README, copyright, patchlevel for krb5-1.8 branch
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23587
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 5 Jan 2010 02:47:58 +0000 (02:47 +0000)]
disable weak crypto by default
Set allow_weak_crypto=false by default. Set default master key
enctype to sha256. Adjust test suite to compensate.
ticket: 6621
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 4 Jan 2010 21:45:23 +0000 (21:45 +0000)]
Install encrypted_challenge plugin during fake-install
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23585
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 4 Jan 2010 21:22:00 +0000 (21:22 +0000)]
Add preauth_module_dir support to the KDC preauth module loader
(should have been part of r23531). Most or all of this logic should
be moved into the plugin code or a layer above it, after the branch.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23584
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 4 Jan 2010 19:59:25 +0000 (19:59 +0000)]
Anonymous documentation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23583
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 4 Jan 2010 19:59:20 +0000 (19:59 +0000)]
Other changes in this ticket guarantee that the padata argument to
return callbacks is non-null; don't check for null in pkinit_srv.c.
ticket: 6607
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23582
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 4 Jan 2010 19:59:16 +0000 (19:59 +0000)]
Bring back krb5_kt_free_entry which really does the same thing as
krb5_free_keytab_entry_contents per discussion on krbdev in order to
avoid breaking samba builds.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23581
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 4 Jan 2010 19:59:12 +0000 (19:59 +0000)]
Test FAST authentication during each pass
Because a new principal is added to the database, the iprop test
expected output is updated.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23580
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Mon, 4 Jan 2010 19:59:03 +0000 (19:59 +0000)]
Fix documentation of armor cache based on fast negotiation project
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23579
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 4 Jan 2010 19:34:33 +0000 (19:34 +0000)]
kdc_supported_enctypes does nothing; eradicate mentions thereof
kdc_supported_enctypes does nothing. Remove all mention of it from
documentation and test suites.
ticket: 6620
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23578
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 4 Jan 2010 17:00:23 +0000 (17:00 +0000)]
Don't accept AS replies encrypted in enctypes other than the ones we
asked for.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23577
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 4 Jan 2010 06:22:41 +0000 (06:22 +0000)]
For the better code modularity keep some "free" routines closer to the resource allocators. Also, reindent cleanup in the touched files
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23576
dc483132-0cff-0310-8789-
dd5450dbe970