git.tremily.us Git - krb5.git/log

Corrected the name of KRB5_NT_SRV_HST macro. Added some doxygen comments

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25537 dc483132-0cff-0310-8789-dd5450dbe970

Fix subkey memory leak in krb5_get_credentials

If a get_credentials operation requires multiple TGS requests, we need
to free the subkey from previous requests before saving a new one.

ticket: 7049
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25536 dc483132-0cff-0310-8789-dd5450dbe970

Fix memory leaks in FAST TGS support

krb5int_fast_prep_req remove tgs from request->padata and needs to
free it. get_creds.c needs to use a fresh FAST state for each TGS
request to avoid leaking armor keys.

ticket: 7026

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25535 dc483132-0cff-0310-8789-dd5450dbe970

Actually allow null server key in krb5_pac_verify

ticket: 7048

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25534 dc483132-0cff-0310-8789-dd5450dbe970

Remove reference to krb5_anadd. Correct the name of HAVE_GETUSERSHELL flag

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25533 dc483132-0cff-0310-8789-dd5450dbe970

Allow null server key to krb5_pac_verify

When the KDC verifies a PAC, it doesn't really need to check the
server signature, since it can't trust that anyway. Allow the caller
to pass only a TGT key.

ticket: 7048

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25532 dc483132-0cff-0310-8789-dd5450dbe970

Add automated tests for S4U2Self and S4U2Proxy

These tests mainly exercise the client-side GSSAPI code for S4U2Self
and S4U2Proxy. They also exercise the KDC code for S4U2Self, but only
the denial logic for S4U2Proxy since the DB2 back end doesn't support
constrained delegation currently.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25531 dc483132-0cff-0310-8789-dd5450dbe970

Allow S4U2Proxy service tickets to be cached

Previous to this change, the GSS code avoids caching S4U2Proxy results
for fear of the memory cache growing without bound, but that seems
unlikely to be a serious problem. Allow these to be cached.

ticket: 7047

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25530 dc483132-0cff-0310-8789-dd5450dbe970

Allow S4U2Proxy delegated credentials to be saved

The initial implementation of client-side S4U2Proxy support did not
allow delegated proxy credentials to be stored (gss_store_cred would
error out, and gss_krb5_copy_ccache would generate a non-working
cache). To make this work, we save the impersonator name in a cache
config variable and in a cred structure field (replacing the
proxy_cred flag), and make the default principal of the proxy cache
the subject principal as the caller would expect for a regular
delegated cred.

ticket: 7046

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25529 dc483132-0cff-0310-8789-dd5450dbe970

SA-2011-007 KDC null pointer deref in TGS handling [CVE-2011-1530]

Fix a null pointer dereference condition that could cause a denial of
service.

ticket: 7042
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25525 dc483132-0cff-0310-8789-dd5450dbe970

make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25505 dc483132-0cff-0310-8789-dd5450dbe970

Set a default enctype for optimistic preauth

When the client application requests optimistic preauth for a preauth
type which uses the password, we don't have an etype-info2 to
interpret since we haven't talked to the KDC.  So we need to guess an
enctype, salt, and s2k parameters.  In 1.9 and prior, encrypted
timestamp contained code to use the first requested enctype in this
case, but encrypted challenge did not.  In 1.10 prior to this change,
neither mechanism uses a reasonable default.

Set a default enctype in krb5_init_creds_init so that all
password-based preauth mechanisms will use a reasonable default in the
optimistic preauth case.  The default salt and s2k parameters for this
case will be the principal-based default salt and the enctype-based
default parameters.

ticket: 7033
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25504 dc483132-0cff-0310-8789-dd5450dbe970

Added support for loading of Krb5.ini from Windows APPDATA

Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
ticket: 7038
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25500 dc483132-0cff-0310-8789-dd5450dbe970

Use LsaDeregisterLogonProcess(), not CloseHandle()

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7037
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25499 dc483132-0cff-0310-8789-dd5450dbe970

Fix free ofuninitialized memory in sname_to_princ

Fix free of uninitialized memory in error case introduced in 1.10
development cycle.

ticket: 7036
tags: pullup
Target_Version: 1.10

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25498 dc483132-0cff-0310-8789-dd5450dbe970

krb5_lcc_store() now ignores config credentials

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7035
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25497 dc483132-0cff-0310-8789-dd5450dbe970

mk_cred: memory management

Fix for mk_cred.c: calloc() not malloc()

Avoid calling free() in cleanup on uninitialized sub-ptrs if error occurs.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7034
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25496 dc483132-0cff-0310-8789-dd5450dbe970

Added Test Coverage topic

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25495 dc483132-0cff-0310-8789-dd5450dbe970

Ldap dependency for parallel builds

The ldap plugin needs to declare a dependency on the ldap library

ticket: 7030
tags: pullup
target_version: 1.10

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25494 dc483132-0cff-0310-8789-dd5450dbe970

Fix --with-system-verto without pkg-config

If we're using the system verto and pkg-config isn't found but
libverto is, set VERTO_LIBS to just -lverto as there won't be a k5ev
module.

ticket: 7029
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25493 dc483132-0cff-0310-8789-dd5450dbe970

Use INSTALL_DATA to avoid marking .mo files executable

ticket: new target_version: 1.10 tags: pullup subject: Use INSTALL_DATA to install message catalogues

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25492 dc483132-0cff-0310-8789-dd5450dbe970

AC_CHECK_LIB should put -lcrypto in PKINIT_CRYPTO_IMPL_LIBS not LIBS
for pkinit. A similar problem exists for crypto_impl and is not
addressed by this patch.

ticket: new Subject: LIBS should not include PKINIT_CRYPTO_IMPL_LIBS tags: pullup target_version: 1.10

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25491 dc483132-0cff-0310-8789-dd5450dbe970

Adjust krb5int_decode_tgs_rep, closing a leak

Use current practices for parameter naming and resource cleanup.
Avoid a leak of local_dec_rep (now named dec_rep) if we take a "goto
cleanup" path.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25490 dc483132-0cff-0310-8789-dd5450dbe970

Whitespace, style changes to past two commits

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25489 dc483132-0cff-0310-8789-dd5450dbe970

FAST TGS

Implement RFC 6113 FAST TGS support.

Includes library support for a varient of explicit TGS armor that has not yet been proposed within the IETF.

ticket: 7026

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25488 dc483132-0cff-0310-8789-dd5450dbe970

FAST: error handling and const keyblock

krb5int_fast_process_error: Allow out_padata and retry to be null for
TGS case. Refactor function to do more frees in the exit handling and
to declare variables at the top.

krb5int_fast_reply_key: input keyblock arguments should be const

ticket: 7025

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25487 dc483132-0cff-0310-8789-dd5450dbe970

ticket: new
    subject: FAST PKINIT
    target_version: 1.10
    tags: pullup

    Per RFC 6113 fast should use the inner request body for the pkinit
    checksum. We did that on the KDC; now do so on the client.  Remove
    code that explicitly blocked pkinit under FAST.

    Also, use the reply key *before* the strengthen key is applied when
    verifying the PADATA_PKINIT_KX.

    Add FAST pkinit test.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25486 dc483132-0cff-0310-8789-dd5450dbe970

Use POSIX constants instead of S_IREAD/S_IWRITE

S_IREAD and S_IWRITE are ancient names for S_IRUSR and S_IWUSR, and
are not defined on some modern platforms (such as Android). Use the
POSIX names instead.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25485 dc483132-0cff-0310-8789-dd5450dbe970

Fix compile error in previous change

A last-minute code editing mistake crept into the previous commit; fix
it.

ticket: 7023

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25484 dc483132-0cff-0310-8789-dd5450dbe970

Clean up client-side preauth error data handling

Change the clpreauth tryagain method to accept a list of pa-data,
taken either from the FAST response or from decoding the e_data as
either pa-data or typed-data. Also change the in_padata argument to
contain just the type of the request padata rather than the whole
element, since modules generally shouldn't care about the contents of
their request padata (or they can remember it).

In krb5int_fast_process_error, no longer re-encode FAST pa-data as
typed-data for the inner error e_data, but decode traditional error
e_data for all error types, and try both pa-data and typed-data
encoding.

In PKINIT, try all elements of the new pa-data list, since it may
contain FAST elements as well as the actual PKINIT array. (Fixes an
outstanding bug in FAST PKINIT.)

ticket: 7023
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25483 dc483132-0cff-0310-8789-dd5450dbe970

Recognize IAKERB mech in krb5_gss_display_status

Minor status codes were not displaying properly when originated from
the IAKERB mech, because of a safety check on mech_type. From Ralf
Haferkamp <rhafer@suse.de>.

ticket: 7020
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25482 dc483132-0cff-0310-8789-dd5450dbe970

Formating fixes and update per rev#25480

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25481 dc483132-0cff-0310-8789-dd5450dbe970

Fix failure interval of 0 in LDAP lockout code

A failure count interval of 0 caused krb5_ldap_lockout_check_policy to
pass the lockout check (but didn't cause a reset of the failure count
in krb5_ldap_lockout_audit). It should be treated as forever, as in
the DB2 back end.

This bug is the previously unknown cause of the assertion failure
fixed in CVE-2011-1528.

ticket: 7021
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25480 dc483132-0cff-0310-8789-dd5450dbe970

Improve documentation in preauth_plugin.h

Also declare the verto_context structure to ensure that it is has the
proper scope when used as the return type of the event_context
callback.

ticket: 7019

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25479 dc483132-0cff-0310-8789-dd5450dbe970

Document --with-system-verto in rst docs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25478 dc483132-0cff-0310-8789-dd5450dbe970

Fix k5test error message for missing runenv.py

"make fake-install" no longer exists, so tell the developer to run
"make runenv.py" instead.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25477 dc483132-0cff-0310-8789-dd5450dbe970

Adjust "make check" constraints in rst docs

Recopy the text from the texinfo build docs into the rst version,
describing --disable-rpath and avoiding an erroneous reference to make
fake-install.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25476 dc483132-0cff-0310-8789-dd5450dbe970

Make verto context available to kdcpreauth modules

Add an event_context callback to kdcpreauth. Adjust the internal KDC
and main loop interfaces to pass around the event context, and expose
it to kdcpreauth modules via the rock.

ticket: 7019
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25475 dc483132-0cff-0310-8789-dd5450dbe970

Update verto to 0.2.2 release

Update verto sources to 0.2.2 release versions. verto_reinitialize()
now has a return value; check it in kdc/main.c. Store verto-libev.c
alongside verto-k5ev.c to make it easy to diff corresponding versions
when updating.

ticket: 7018
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25474 dc483132-0cff-0310-8789-dd5450dbe970

Simplify and fix kdcpreauth request_body callback

Alter the contract for the kdcpreauth request_body callback so that it
returns an alias to the encoded body instead of a fresh copy. At the
beginning of AS request processing, save a copy of the encoded request
body, or the encoded inner request body for FAST requests. Previously
the request_body callback would re-encode the request structure, which
in some cases has been modified by the AS request code.

No kdcpreauth modules currently use the request_body callback, but
PKINIT will need to start using it in order to handle FAST requests
correctly.

ticket: 7017
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25473 dc483132-0cff-0310-8789-dd5450dbe970

Handle TGS referrals to the same realm

krb5 1.6 through 1.8 contained a workaround for the Active Directory
behavior of returning a TGS referral to the same realm as the request.
1.9 responds to this behavior by caching the returned TGT, trying
again, and detecting a referral loop. This is a partial regression of
ticket #4955. Detect this case and fall back to a non-referreal
request.

ticket: 7016
target_version: 1.9.3
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25472 dc483132-0cff-0310-8789-dd5450dbe970

Add consistency check for plugin interface names

Add an assertion to ensure that the interface_names table in plugin.c
is updated when a new pluggable interface is added.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25471 dc483132-0cff-0310-8789-dd5450dbe970

Add plugin interface_names entry for ccselect

When the ccselect pluggable interface was added, the interface_names
table wasn't updated, so configuring modules for it wouldn't work.
Add it now.

ticket: 7015
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25470 dc483132-0cff-0310-8789-dd5450dbe970

Avoid looping when preauth can't be generated

If we receive a PREAUTH_REQUIRED error and fail to generate any real
preauthentication, error out immediately instead of continuing to
generate non-preauthenticated requests until we hit the loop count.

There is a lot of room to generate a more meaningful error about why
we failed to generate preauth (although in many cases the answer may
be too complicated to explain in an error message), but that requires
more radical restructuring of the preauth framework.

ticket: 6430
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25469 dc483132-0cff-0310-8789-dd5450dbe970

Fix com_err.h dependencies in gss-kernel-lib

make check was failing in util/gss-kernel-lib due to dependencies
when the build is configured with --with-system-et, because depfix.pl
wasn't smart enough to substitute the dependency on com_err.h in the
current directory. Make depfix.pl smarter, and adjust COM_ERR_DEPS
to be com_err.h in gss-kernel-lib when building with the bundled
com_err.

ticket: 7014
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25468 dc483132-0cff-0310-8789-dd5450dbe970

Remove -v from the preset valgrind flags

Verbose output from valgrind is rarely needed and makes it harder to
find errors and leaks in the output. When it is needed, it's easier
to add it in than to take it out.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25467 dc483132-0cff-0310-8789-dd5450dbe970

Added the note to the trace API functions that they have higher priority than the KRB5_TRACE env variable

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25466 dc483132-0cff-0310-8789-dd5450dbe970

Updated text for the KRB5_TRACE env variable.
Updated Sphinx index with the new API functions and changed macros names.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25465 dc483132-0cff-0310-8789-dd5450dbe970

Added Environment Variables document.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25457 dc483132-0cff-0310-8789-dd5450dbe970

Fix documentation typos

Fix the typos from r25290 which were also present in the RST
documentation.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25446 dc483132-0cff-0310-8789-dd5450dbe970

Fix warnings and version check for NSS pkinit

From nalin@redhat.com.

ticket: 6999
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25445 dc483132-0cff-0310-8789-dd5450dbe970

Fix month/year units in getdate

getdate strings like "1 month" or "next year" would fail some of the
time, depending on the value of stack garbage, because DSTcorrect()
doesn't set *error on success and RelativeMonth() doesn't initialize
error. Make DSTcorrect() responsible for setting *error in all cases.

ticket: 7003
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25444 dc483132-0cff-0310-8789-dd5450dbe970

Improve verto and libev documentation

NOTICE was missing the copyright statement for verto (it's not quite
the same as other Red Hat licenses). util/verto had no README file,
and neither the verto nor k5ev README contained pointers to the
upstream project pages.

ticket: 7002
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25443 dc483132-0cff-0310-8789-dd5450dbe970

Clean up more stuff in make clean

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25437 dc483132-0cff-0310-8789-dd5450dbe970

Get rid of fake-install

Instead, use $(BUILDTOP)/plugins as the plugin base for tests. For
each real plugin module, create a link in the parent directory if
we're doing a shared-library build--so built KDB modules can be found
in plugins/kdb, preauth modules in plugins/preauth, etc..

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25436 dc483132-0cff-0310-8789-dd5450dbe970

Add cross-realm support to "make testrealm"

Allow "make testrealm CROSSNUM=N" to make N fully-connected realms for
cross-realm testing convenience.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25435 dc483132-0cff-0310-8789-dd5450dbe970

Updated the documentation for the propagation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25434 dc483132-0cff-0310-8789-dd5450dbe970

Exit on error in kadmind kprop child

When we fork from kadmind to dump the database and kprop to an iprop
slave, if we encounter an error in the child process we should exit
rather than returning to the main loop.

ticket: 7000
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25433 dc483132-0cff-0310-8789-dd5450dbe970

Get rid of periods in Python test success messages

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25432 dc483132-0cff-0310-8789-dd5450dbe970

Clean up realms as we go in t_crossrealm.py

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25431 dc483132-0cff-0310-8789-dd5450dbe970

Fix typos in k5test.py

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25430 dc483132-0cff-0310-8789-dd5450dbe970

Add cross-realm tests to python test framework

Add a cross_realms function to k5test.py to generate several linked
realms. Add a test script t_crossrealm.py to exercise six different
cross-realm scenarios.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25429 dc483132-0cff-0310-8789-dd5450dbe970

Conditionalize po subdir on msgfmt, not dgetext

The presence of dgettext in libc or libintl doesn't imply that msgfmt
is installed, so conditionalize building the po subdir on whether
msgfmt is installed.

ticket: 6997
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25425 dc483132-0cff-0310-8789-dd5450dbe970

Make krb5_check_clockskew public

Rename krb5int_check_clockskew to krb5_check_clockskew and make it
public, in order to give kdcpreauth plugins a way to check timestamps
against the configured clock skew.

ticket: 6996
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25424 dc483132-0cff-0310-8789-dd5450dbe970

Added instruction on how to build this Sphinx documentation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25423 dc483132-0cff-0310-8789-dd5450dbe970

Use zero-filled states for all async ops in KDC

There have been a couple of uninitialized field bugs in the
restructured KDC code, partly because compilers can't find these bugs
as easily as they can find uninitialized local variable bugs. Use
zero-filled state structures to make this type of bug less likely.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25422 dc483132-0cff-0310-8789-dd5450dbe970

Expanded documentation on configure/build options

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25421 dc483132-0cff-0310-8789-dd5450dbe970

Added "Unable to find requested database type" to the troubleshooting doc

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25420 dc483132-0cff-0310-8789-dd5450dbe970

Initialize typed_e_data in as_req_state

The typed_e_data field in struct as_req_state was not properly
initialized, causing the KDC to sometimes respond with typed-data
e_data for a preauth-required error when the client sends no padata.
This bug was masked with recent clients, which send a
KRB5_ENCPADATA_REQ_ENC_PA_REP padata.

ticket: 6995
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25419 dc483132-0cff-0310-8789-dd5450dbe970

Fix intermediate key length in hmac-md5 checksum

When using hmac-md5, the intermediate key length is the output of the
hash function (128 bits), not the input key length. Relevant if the
input key is not an RC4 key.

ticket: 6994
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25418 dc483132-0cff-0310-8789-dd5450dbe970

Fix format string for TRACE_INIT_CREDS_SERVICE

This should also be pulled up to 1.10.

ticket: 6993
tags: pullup
target_version: 1.9.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25417 dc483132-0cff-0310-8789-dd5450dbe970

Make krb5_find_authdata public

Rename krb5int_find_authdata to krb5_find_authdata and make it public.

ticket: 6992
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25414 dc483132-0cff-0310-8789-dd5450dbe970

Refactor salt computation into libkdb5

Add a new API krb5_dbe_compute_salt() to determine the salt for a key
data entry, and use it in the three places we currently compute salts.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25410 dc483132-0cff-0310-8789-dd5450dbe970

Revised KDC propagation section.
Removed rst files that are not used any more.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25406 dc483132-0cff-0310-8789-dd5450dbe970

Add MIT Kerberos License notice file

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25405 dc483132-0cff-0310-8789-dd5450dbe970

Updated "MIT Kerberos defaults" with references to the internet drafts/standards and projects

On the unrelated note, commiting the reference to the new API krb5_pac_sign in krb_appldev/refs/api/index.rst

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25404 dc483132-0cff-0310-8789-dd5450dbe970

Updated some of the topics related to "how to build Kerberos"

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25403 dc483132-0cff-0310-8789-dd5450dbe970

Remove unneeded stuff from util directory

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25398 dc483132-0cff-0310-8789-dd5450dbe970

fix tar invocation in mkrel

Fix the tar invocation in mkrel so that it defaults to using "tar" as
the tar program rather than "gtar".

This should probably be pulled up to at least 1.9 and 1.8 as well.

ticket: 6989
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25395 dc483132-0cff-0310-8789-dd5450dbe970

Added documentation on how to build Kerberos. Mainly from the Installation Guide with some corrections

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25393 dc483132-0cff-0310-8789-dd5450dbe970

Fix handling of null edata method in KDC preauth

Correctly include an empty padata value if a KDC preauth system has no
get_edata method. This bug prevented the KDC from indicating FAST
support in preauth-required errors.

ticket: 6988
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25385 dc483132-0cff-0310-8789-dd5450dbe970

Fix krb5_cc_set_config

krb5_cc_set_config has been non-functional since r24753 on cache types
which don't support removal of credential entries. Fix it by only
calling krb5_cc_remove_cred if data is NULL, since krb5_cc_store_cred
will do it anyway in the positive case.

Also fix an old memory leak in an uncommon error case.

ticket: 6987
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25384 dc483132-0cff-0310-8789-dd5450dbe970

Updated kpropd option list

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25371 dc483132-0cff-0310-8789-dd5450dbe970

SA-2011-006 KDC denial of service [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]

Fix null pointer dereference and assertion failure conditions that
could cause a denial of service.

ticket: 6981
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25368 dc483132-0cff-0310-8789-dd5450dbe970

Ensure termination in Windows vsnprintf wrapper

The Windows _vsnprintf does not terminate its output buffer in the
overflow case. Make sure we do that in the wrapper. Reported by
Chris Hecker.

(Not an issue for KfW 3.2 since we weren't using snprintf in 1.6.x
except in Unix-specific code.)

ticket: 6980
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25367 dc483132-0cff-0310-8789-dd5450dbe970

Bump release numbers in definitions.texinfo

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25365 dc483132-0cff-0310-8789-dd5450dbe970

Noted that kadmind should be restarted if its acl file has been changed

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25364 dc483132-0cff-0310-8789-dd5450dbe970

Delete Network Identity Manager

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25363 dc483132-0cff-0310-8789-dd5450dbe970

Make reindent

Also fix pkinit_crypto_nss.c struct initializers and add parens to a
ternary operator in do_as_req.c for better indentation.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970

Exclude util/wshelper from reindent

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25361 dc483132-0cff-0310-8789-dd5450dbe970

Add AC_LANG_SOURCE to PKINIT NSS version check

The configure.in code for the PKINIT NSS back end version check was
copied from the k5crypto NSS back end version check, but from before
r25181 which added AC_LANG_SOURCE wrappers.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25360 dc483132-0cff-0310-8789-dd5450dbe970

Style police

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25359 dc483132-0cff-0310-8789-dd5450dbe970

gssalloc-related fixes to naming_exts.c

renamed kg_data_list_to_buffer_set_nocopy to data_list_buffer_set
(since nocopy is no longer guaranteed).
removed extra indirection to input krb5_data list.
ensured input krb5_data list is always completely freed.
no longer returns EINVAL when output buffer set is NULL.
fixed krb5_gss_get_name_attribute to use data_to_gss.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25358 dc483132-0cff-0310-8789-dd5450dbe970

RFC 4120 says that we should not canonicalize using DNS. We cannot get
that far today, but there's no reason we should fail to use a
perfectly good principal name just because DNS is failing. For some
services there isn't even a requirement they be in DNS. With
AI_ADDRCONFIG there's no reason that Kerberos canonicalization should
fail simply because a v6 address is not present, for example. So, if
getaddrinfo fails in krb5_sname_to_principal simply use the input
hostname uncanonicalized.

sn2princ: On getaddrinfo failure use the input

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25357 dc483132-0cff-0310-8789-dd5450dbe970

Allow password changes over NATs

In the kpasswd server code, don't set a remote address in the auth
context before calling krb5_rd_priv, since the kpasswd protocol is
well-protected against reflection attacks. This allows password
changes to work in cases where a NAT has changed the client IP address
as it is seen by the server.

ticket: 6979

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25356 dc483132-0cff-0310-8789-dd5450dbe970

Allow rd_priv/rd_safe without remote address

Allow krb5_rd_priv and krb5_rd_safe to work when there is no remote
address set in the auth context, unless the KRB5_AUTH_CONTEXT_DO_TIMES
flag is set (in which case we need the remote address for the replay
cache name). Note that failing to set the remote address can create a
vulnerability to reflection attacks in some protocols, although it is
fairly easy to defend against--either use sequence numbers, or make
sure that requests don't look like replies, or both.

ticket: 6978

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25355 dc483132-0cff-0310-8789-dd5450dbe970

Update mit-krb5.pot

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25354 dc483132-0cff-0310-8789-dd5450dbe970

Install krb5/preauth_plugin.h

The clpreauth and kdcpreauth pluggable interfaces are public as of
krb5 1.10. Install the header so that preauth modules can be built
outside of the krb5 source tree.

ticket: 6977

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25353 dc483132-0cff-0310-8789-dd5450dbe970

Rename PAC type constants to avoid conflicts

Since the PAC type constants are now exposed in krb5.h, give them a
KRB5_ prefix so they don't conflict with similar PAC type constants
in other packages, like Samba.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25352 dc483132-0cff-0310-8789-dd5450dbe970

Hide gak_fct interface and arguments in clpreauth

Remove the gak_fct, gak_data, salt, s2kparams, and as_key arguments
of krb5_clpreauth_process_fn and krb5_clpreauth_tryagain_fn.  To
replace them, add two callbacks: one which gets the AS key using the
previously selected etype-info2 information, and a second which lets
the module replace the AS key with one it has computed.

This changes limits module flexibility in a few ways.  Modules cannot
check whether the AS key was already obtained before asking for it,
and they cannot use the etype-info2 salt and s2kparams for purposes
other than getting the password-based AS key.  It is believed that
of existing preauth mechanisms, only SAM-2 preauth needs more
flexibility than the new interfaces provide, and as an internal legacy
mechanism it can cheat.  Future mechanisms should be okay since the
current IETF philosophy is that etype-info2 information should not be
used for other purposes.

ticket: 6976

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25351 dc483132-0cff-0310-8789-dd5450dbe970