Greg Hudson [Fri, 26 Mar 2010 22:43:11 +0000 (22:43 +0000)]
In gc_frm_kdc.c, rename cur_kdc to cur_realm and nxt_kdc to nxt_realm,
to make it easier to distinguish them from cur_tgt and nxt_tgt. Make
similar name changes to lst_kdc and kdc_list, as well as the function
find_nxt_kdc().
No functional changes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23837
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 25 Mar 2010 03:08:12 +0000 (03:08 +0000)]
Straighten the if-ladder in encrypted challenge's process_preauth,
making it clearer that control drops through if one of the first
couple of steps fails.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23836
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Mar 2010 22:00:13 +0000 (22:00 +0000)]
Apply patch from Arlene Berry to not use freed memory in
gss_import_sec_context in some error paths.
ticket: 6678
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23834
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Mar 2010 18:53:52 +0000 (18:53 +0000)]
MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
The SPNEGO implementation in krb5-1.7 and later could crash due to
assertion failure when receiving some sorts of invalid GSS-API tokens.
ticket: 6690
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23832
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Tue, 23 Mar 2010 14:08:23 +0000 (14:08 +0000)]
Include t_spengno.o in list of OBJS so make clean will remove
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23831
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 23 Mar 2010 06:09:02 +0000 (06:09 +0000)]
krb5_typed_data not castable to krb5_pa_data on 64-bit MacOSX
Move krb5_typed_data to krb5.hin from k5-int-pkinit.h because
krb5int_fast_process_error was assuming that it was safe to cast it to
krb5_pa_data. It's not safe to do the cast on 64-bit MacOSX because
krb5.hin uses #pragma pack on that platform.
ticket: 6689
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23829
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 20 Mar 2010 03:50:06 +0000 (03:50 +0000)]
Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
KRB5_AUTHDATA_SIGNTICKET, originally a Heimdal authorization data
type, was used to implement PAC-less constrained delegation in krb5
1.8. Unfortunately, it was found that Microsoft was using 142 for
other purposes, which could result in a ticket issued by an MIT or
Heimdal KDC being rejected by a Windows Server 2008 R2 application
server. Because KRB5_AUTHDATA_SIGNTICKET is only used to communicate
among a realm's KDCs, it is relatively easy to change the number, so
MIT and Heimdal are both migrating to a new number. This change will
cause a transitional interoperability issue when a realm mixes MIT
krb5 1.8 (or Heimdal 1.3.1) KDCs with MIT krb5 1.8.1 (or Heimdal
1.3.2) KDCs, but only for constrained delegation evidence tickets.
ticket: 6687
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23821
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 19 Mar 2010 16:17:05 +0000 (16:17 +0000)]
Document the ticket_lifetime libdefaults setting (which was added in
r16656, #2656). Based on a patch from nalin@redhat.com.
ticket: 6680
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23820
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 18 Mar 2010 17:37:31 +0000 (17:37 +0000)]
Fix the kpasswd fallback from the ccache principal name to the
username in the case where the ccache doesn't exist.
ticket: 6683
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23819
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 18 Mar 2010 17:17:31 +0000 (17:17 +0000)]
Include int-proto.h in mk_req_ext.c for krb5int_validate_times
declaration.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23818
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 18 Mar 2010 02:45:57 +0000 (02:45 +0000)]
Untabify
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23817
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Thu, 18 Mar 2010 02:44:41 +0000 (02:44 +0000)]
Copyright notice
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23816
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 17 Mar 2010 21:10:10 +0000 (21:10 +0000)]
When checking for KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT, don't
dereference options if it's NULL.
ticket: 6681
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23815
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 17 Mar 2010 20:16:32 +0000 (20:16 +0000)]
Add more verbosity when the -V option to kinit is specified. Based on
a patch from Jeff Blaine <jblaine@kickflop.net>.
ticket: 6684
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23814
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 17 Mar 2010 19:34:48 +0000 (19:34 +0000)]
Fix the Python version check to use constructs available in older
versions of Python. (python --version was added in 2.5.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23813
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 17 Mar 2010 19:11:09 +0000 (19:11 +0000)]
Add a version check to the Python test, so that we don't try to run
k5test in Python 2.3 or below.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23812
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 17 Mar 2010 06:00:56 +0000 (06:00 +0000)]
Merge users/raeburn/branches/network-merge
Re-integrates the forked versions of network.c in kdc and
kadmin/server. Server-specific initialization and SIGHUP-reset code
is moved into other source files; the more generic network-servicing
code is merged and moved into apputils library already used by both
programs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23811
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 16 Mar 2010 19:14:33 +0000 (19:14 +0000)]
handle NT_SRV_INST in service principal referrals
Handle NT_SRV_INST in service principal cross-realm referrals, as
Windows apparently uses that instead of NT_SRV_HST for at least some
service principals.
ticket: 6685
target_version: 1.8.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23810
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 15 Mar 2010 18:53:02 +0000 (18:53 +0000)]
Set up KRB5_RUN_ENV for pytests, so that Python-based tests can run
without first running "make install".
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23805
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 11 Mar 2010 17:05:24 +0000 (17:05 +0000)]
Lazy history key creation
Create kadmin/history lazily when we need it (i.e. when a password is
changed on a principal with a policy) instead of whenever we open the
database. Allows kadmin.local to be used as a read-only tool on non-
kadmin-conformant database back ends such as the Samba bridge.
ticket: 6679
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23799
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 10 Mar 2010 20:45:12 +0000 (20:45 +0000)]
Use KRB5_CONF_ macros instead of strings in the source file for profile config attributes "default" and "logging"
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23798
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 10 Mar 2010 19:30:58 +0000 (19:30 +0000)]
Remove vestigial include/spnego-asn1.h
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23796
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 8 Mar 2010 04:39:08 +0000 (04:39 +0000)]
Add a "make testrealm" target using the Python test framework. As
part of this, expose the environments in K5Realm as attributes so
that test scripts can modify them.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23794
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 7 Mar 2010 20:01:36 +0000 (20:01 +0000)]
Make python test start_in_inetd function
util/k5test.py: Fix incorrect variable used
tests/dejagnu/t_inetd.c: Flush stdout after outputting "Ready!"
tests/dejagnu/Makefile.in: Always compile t_inetd - even in runtest is not
present
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23773
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 5 Mar 2010 20:35:26 +0000 (20:35 +0000)]
Release the internal_name field of a SPNEGO context if it has not been
claimed for a caller argument.
ticket: 6674
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23772
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 5 Mar 2010 20:33:37 +0000 (20:33 +0000)]
Add a Python test to run t_spnego
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23771
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 5 Mar 2010 20:32:40 +0000 (20:32 +0000)]
In post.in, add a check-pytests intermediate target for Makefile.in to
add dependencies to, for test scripts which run C test programs.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23770
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 5 Mar 2010 20:31:13 +0000 (20:31 +0000)]
Fix a double-free in the t_spnego test program resulting from overly
careless cutting and pasting.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23769
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 5 Mar 2010 19:30:32 +0000 (19:30 +0000)]
Add a message parameter to k5test's success(), to briefly indicate the
scope of test scripts. Only displayed when verbose is set.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23768
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 5 Mar 2010 19:19:42 +0000 (19:19 +0000)]
Add IPv6 support to changepw.c (reverting r21004 since it is no longer
necessary). Patch from Submit Bose <sbose@redhat.com>.
ticket: 6661
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23767
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 5 Mar 2010 17:45:46 +0000 (17:45 +0000)]
Ignore improperly encoded signedpath AD elements
We have some reason to believe Microsoft and Heimdal are both using
the authdata value 142 for different purposes, leading to failures in
verify_ad_signedpath(). For better interoperability, treat such
tickets as unsigned, rather than invalid.
ticket: 6676
target_version: 1.8.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23766
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 5 Mar 2010 04:18:51 +0000 (04:18 +0000)]
Error out if a Python test program fails
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23765
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 4 Mar 2010 21:37:20 +0000 (21:37 +0000)]
Clean up a help string in k5test
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23764
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 4 Mar 2010 21:24:54 +0000 (21:24 +0000)]
Python test framework
Add a framework for writing tests in Python. Documentation is in the
initial docstring of util/k5test.py. Inaugurate the framework with
two test scripts, t_general.py and t_anonypkinit.py, which together
test the same operations as standalone.exp from the dejagnu test
suite.
ticket: 6672
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23763
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 28 Feb 2010 20:32:00 +0000 (20:32 +0000)]
Remove some more test suite cruft:
* localhostname from get_hostname was unused.
* database_name is no longer used except (misleadingly) in kdb5_util
output.
* admin_database_name and admin_database_lockfile are no longer used.
* default_domain is only used for v4->v5 principal conversion, which
isn't tested.
* libkadm5's init-v2.exp had a copy of get_hostname; domain and
localhostname from it were unused.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23759
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 27 Feb 2010 09:49:32 +0000 (09:49 +0000)]
On Linux platforms, use -Wl,--enable-new-dtags when linking shared
libraries and programs using them. The primary effect is to get ld to
set DT_RUNPATH in addition to DT_RPATH, which in turn allows the
LD_LIBRARY_PATH environment variable to override the compiled-in
runpath, which is friendlier to the test framework.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23758
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 25 Feb 2010 21:16:16 +0000 (21:16 +0000)]
Updated documentation with information about --with-crypto-impl=IMPL configuration flag
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23752
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 25 Feb 2010 20:09:45 +0000 (20:09 +0000)]
doc updates for allow_weak_crypto
Update documentation to be more helpful about allow_weak_crypto.
ticket: 6669
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23750
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 24 Feb 2010 18:57:08 +0000 (18:57 +0000)]
Two problems in kadm5_get_principal mask handling
KADM5_MOD_NAME was being applied to entry->principal instead of
entry->mod_name. KADM5_MKVNO was not being applied to entry->mkvno.
Patch from Marcus Watts <mdw@umich.edu>.
ticket: 6668
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23749
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 22 Feb 2010 18:27:55 +0000 (18:27 +0000)]
Remove some more dejagnu test suite cruft:
* check_date was only used by the application tests.
* touch was never used.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23745
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 22 Feb 2010 18:12:51 +0000 (18:12 +0000)]
Remove some unused cruft in the dejagnu test suite's default.exp:
* RLOGIN, RLOGIN_FLAGS, ROOT_PROMPT, ROOT_SHELL, check_k5login,
restore_kerberos_env, setup_root_shell, setup_root_shell_noremote,
setup_wrapper: No longer used now that the applications are in a
separate tree.
* v4_compatible_enctype: No longer used with krb4 support gone.
* tail1, krb_exit: Apparently never used.
* KERBEROS_SERVER: Added long ago in r5686 and removed shortly after
in r5695, but the test suite support for it never got excised.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23744
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 22 Feb 2010 16:10:05 +0000 (16:10 +0000)]
Explain the current SPNEGO initiator/acceptor design in comments. No
code changes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23743
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 22 Feb 2010 04:52:30 +0000 (04:52 +0000)]
Fix two unrelated problems in SPNEGO which don't crop up with the krb5
mechanism.
1. The third call to spnego_init_accept_context uses faulty logic to
determine if the exchange is complete, preventing a third mech token
from being sent to the acceptor if no MIC exchange is required.
Follow the logic used in the second call (in init_ctx_nego), which is
correct.
2. If the acceptor selects a mech other than the optimistic mech, it
sets sc->mic_reqd to 1 whether or not the selected mech supports MICs
(which isn't known until the mech completes). Most code outside of
handle_mic checks sc->mic_reqd along with (sc->ctx_flags &
GSS_C_INTEG_FLAG), but the code in acc_ctx_call_acc neglected to do
so, so it could improperly delegate responsibility for deciding when
the negotiation was finished to handle_mic--which never gets called if
(sc->ctx_flags & GSS_C_INTEG_FLAG) is false. Fix acc_ctx_call_acc to
check sc->ctx_flags so that mechs which don't support integrity
protection can complete if they are selected non-optimistically.
ticket: 6603
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23742
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 20 Feb 2010 07:37:13 +0000 (07:37 +0000)]
Use bswap16 and bswap32 on NetBSD
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23741
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 20 Feb 2010 04:26:53 +0000 (04:26 +0000)]
Update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23740
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 20 Feb 2010 04:26:50 +0000 (04:26 +0000)]
Move array decl from mixed within code down into the block where it's
actually used, for C90 compliance.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23739
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 20 Feb 2010 04:26:47 +0000 (04:26 +0000)]
Update export list for 2007 plugin interface change
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23738
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 20 Feb 2010 04:26:43 +0000 (04:26 +0000)]
Move array decl from mixed within code down into the block where it's
actually used, for C90 compliance.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23737
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 19 Feb 2010 17:06:58 +0000 (17:06 +0000)]
Make plugins/cksum_body more likely to build, and remove the empty src
directory within.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23736
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 18 Feb 2010 18:49:11 +0000 (18:49 +0000)]
The TGS code was not freeing authdata. This is an old leak which was
made more evident in 1.8 by the addition of ad-signedpath authdata
appearing in most tickets issued through the TGS path.
ticket: 6659
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23735
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 18 Feb 2010 18:04:47 +0000 (18:04 +0000)]
Fix cipher state chaining in OpenSSL back end
Make cipher state chaining work in the OpenSSL back end for des, des3,
and arcfour enc providers. Subtleties:
* DES and DES3 have checks to avoid clobbering ivec with uninitialized
data if there is no data to encrypt.
* Arcfour saves the OpenSSL cipher context across calls. To protect
against a caller improperly copying the state (which happens to work
with other enc providers), a loopback pointer is used, as in GSSAPI.
* EVP_EncryptFinal_ex is unnecessary with stream ciphers and would
interfere with cipher state chaining if it did anything, so just
remove it.
ticket: 6665
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23734
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 17 Feb 2010 20:27:22 +0000 (20:27 +0000)]
Add display statements for the encrypted tokens generated by t_encrypt
so that its output can be compared between different back ends.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23733
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 17 Feb 2010 16:09:43 +0000 (16:09 +0000)]
validator.py is a tool to validate kerb configuration files.
First, the configuration file is parsed (confparser.py) and validated against formating errors (such as mismatching brackets)
Then the list of the allowed configuration attributes is compiled from k5-int.h and rules.yml
Finally, the kerb configuration file is validated against the list of the allowed strings.
If the error, or something that validator does not understand, is found the warning is issued in the tree-like form indicating the layer where the problem has occurred.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23732
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 16 Feb 2010 22:41:27 +0000 (22:41 +0000)]
update mkrel to deal with changed source layout
Update mkrel so it deals somewhat better with removed src/lib/des425,
NOTICES, etc.
ticket: 6663
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23726
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 16 Feb 2010 22:10:17 +0000 (22:10 +0000)]
MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service
Code introduced in krb5-1.7 can cause an assertion failure if a
KDC-REQ is internally inconsistent, specifically if the ASN.1 tag
doesn't match the msg_type field. Thanks to Emmanuel Bouillon (NATO
C3 Agency) for discovering and reporting this vulnerability.
ticket: 6662
tags: pullup
target_version: 1.8
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23724
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 15 Feb 2010 01:49:19 +0000 (01:49 +0000)]
Remove another remnant of krb4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23723
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 13 Feb 2010 18:39:37 +0000 (18:39 +0000)]
Clarify the SPNEGO NegHints code and plug two cases where half-created
context could be leaked.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23722
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 12 Feb 2010 19:18:17 +0000 (19:18 +0000)]
Simplify the SPNEGO neg_mechs intersection logic a bit using
gss_test_oid_set_member.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23717
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 11 Feb 2010 16:07:08 +0000 (16:07 +0000)]
Minimal support for updating history key
Add minimal support for re-randomizing the history key:
* cpw -randkey kadmin/history now works, but creates only one key.
* cpw -randkey -keepold kadmin/history still fails.
* libkadm5 no longer caches the history key. Performance impact
is minimal since password changes are not common.
* randkey no longer checks the newly randomized key against old keys,
and the disabled code to do so in setkey/setv4key is gone, so now
only kadm5_chpass_principal_3 accesses the password history.
ticket: 6660
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23716
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 10 Feb 2010 23:44:18 +0000 (23:44 +0000)]
Implement gss_set_neg_mechs
Implement gss_set_neg_mechs in SPNEGO by intersecting the provided
mech set with the mechanisms available in the union credential. As
we now need space to hold the mech set, the SPNEGO credential is now
a structure and not just a mechglue credential.
t_spnego.c is a test program which exercises the new logic. Like the
other GSSAPI tests, it is not run as part of "make check" at this
time.
ticket: 6658
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23715
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 10 Feb 2010 01:55:36 +0000 (01:55 +0000)]
Followon fixes to r23712:
* A few formatting fixes.
* Fix unlikely leak in kdc_handle_protected_negotiation: if
add_pa_data_element with copy == FALSE fails, it's still the
caller's responsibility to free pa.contents.
* Fix pre-existing (since r23465) leak of reply_encpart.enc_padata in
process_as_req.
* Call add_pa_data_element with copy == TRUE in
return_referral_enc_padata since we are passing memory owned by the
database entry.
ticket: 6656
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23714
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Feb 2010 19:15:12 +0000 (19:15 +0000)]
krb5int_fast_free_state segfaults if state is null
krb5int_fast_free_state fails if state is null. INstead it should
simply return Reorganization of the get_init_creds logic has created
situations where the init_creds loop can fail between the time when
the context is initialized and the fast state is initialized.
ticket: 6657
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23713
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 9 Feb 2010 19:15:07 +0000 (19:15 +0000)]
enc_padata can include empty sequence
There are two issues with return_enc_padata.
1) It often will return an empty sequence of enc_padata rather than not including the field
2) FAST negotiation is double supported in the referral tgs path and not supported in the non-referral path
Rewrite the return_enc_padata logic to:
* Split out referral interactions with kdb into its own function
* Use add_pa_data_element
ticket: 6656
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23712
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 5 Feb 2010 21:46:35 +0000 (21:46 +0000)]
Consistently place $(LDFLAGS) after $(SHLIB_EXPFLAGS) when building
shared libraries. Previously we sometimes failing to use $(LDFLAGS)
at all, and at other times were putting it before $(SHLIB_EXPFLAGS)
where it could pick up tree-internal libraries from outside the build
tree.
ticket: 6643
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23699
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 5 Feb 2010 20:52:42 +0000 (20:52 +0000)]
Apply patch from Arlene Berry to handle the case where a mechanism
implements set_cred_option but does not implement the requested
option.
ticket: 6601
tags: pullup
target_version: 1.8
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23698
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 5 Feb 2010 03:43:54 +0000 (03:43 +0000)]
Fix cross-realm handling of AD-SIGNEDPATH
Avoid setting AD-SIGNEDPATH when returning a cross-realm TGT.
Previously we were avoiding it when answering a cross-realm client,
which was wrong.
Don't fail out on an invalid AD-SIGNEDPATH checksum; just don't trust
the ticket for S4U2Proxy (as if AD-SIGNEDPATH weren't present).
ticket: 6655
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23697
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 5 Feb 2010 03:25:49 +0000 (03:25 +0000)]
Apply patch from Arlene Berry to avoid segfault if a mech
gss_inquire_context returns GSS_C_NO_NAME for the target name.
ticket: 6600
tags: pullup
target_version: 1.8
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23696
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 5 Feb 2010 03:05:42 +0000 (03:05 +0000)]
Apply patch from Arlene Berry to return a comparable static OID object
instead of the application-passed (probably dynamically allocated)
OID, to avoid use-after-free problems.
ticket: 6598
tags: pullup
target_version: 1.8
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23695
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 3 Feb 2010 19:55:05 +0000 (19:55 +0000)]
Fix greet_server build
Fix the export list for the greet_server plugin.
ticket: 6654
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23694
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 2 Feb 2010 00:37:33 +0000 (00:37 +0000)]
Clean up error handling in krb5int_make_tgs_request_ext, closing some
unlikely memory leaks.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23682
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 1 Feb 2010 21:48:19 +0000 (21:48 +0000)]
set_default_enctype_var should filter not reject weak enctypes
With allow_weak_crypto=false, set_default_enctype_var() (helper
function for krb5_set_default_tgs_enctypes(), etc.) was rejecting any
application-provided enctype list that contained any weak enctype even
when valid strong enctypes were present. This broke some Samba
things. Filter the weak enctypes instead. Add test cases.
Reported to Debian by Holger Isenberg. (Debian bug #566977)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977
Thanks to Simo Sorce for testing.
ticket: 6653
tags: pullup
target_version: 1.8
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23681
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 1 Feb 2010 17:18:23 +0000 (17:18 +0000)]
Correct the DAL documentation of
KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE; proxy is the target
service, not the delegating service.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23680
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 31 Jan 2010 21:04:48 +0000 (21:04 +0000)]
Fix minor error-handling bug in r23676
ticket: 6650
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23679
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 29 Jan 2010 23:51:00 +0000 (23:51 +0000)]
Correct the DAL documentation for how modules should handle referrals
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23678
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 29 Jan 2010 01:22:17 +0000 (01:22 +0000)]
Make decryption of master key list more robust
krb5_def_fetch_mkey_list was incorrectly filtering mkey_aux entries
when searching the list for an entry which can be decrypted with the
stashed master key. This bug was masked in most cases by the mkvno
heuristic.
Remove the mkvno heuristic, since performance is not an issue for this
rarely-performed operation, and remove the incorrect enctype
comparison in the brute-force search.
ticket: 6652
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23677
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 28 Jan 2010 21:39:31 +0000 (21:39 +0000)]
Handle migration from pre-1.7 databases with master key kvno != 1
krb5_dbe_lookup_mkvno assumes an mkvno of 1 for entries with no
explicit tl_data. We've seen at least one pre-1.7 KDB with a master
kvno of 0, violating this assumption. Fix this as follows:
* krb5_dbe_lookup_mkvno outputs 0 instead of 1 if no tl_data exists.
* A new function krb5_dbe_get_mkvno translates this 0 value to the
minimum version number in the mkey_list. (krb5_dbe_lookup_mkvno
cannot do this as it doesn't take the mkey_list as a parameter.)
* Call sites to krb5_dbe_lookup_mkvno are converted to
krb5_dbe_get_mkvno, except for an LDAP case where it is acceptable
to store 0 if the mkvno is unknown.
ticket: 6650
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23676
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 27 Jan 2010 22:17:12 +0000 (22:17 +0000)]
Update the LDAP dependencies for r23674
ticket: 6649
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23675
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 27 Jan 2010 03:52:52 +0000 (03:52 +0000)]
Get rid of kdb_ext.h and allow out-of-tree KDB plugins
Move the contents of kdb_ext.h into kdb.h, since there is no meaningful
"extensions" category of DB interfaces now that this stuff is in our
tree. Allows out-of-tree KDB plugins to be built since we install
kdb.h.
ticket: 6649
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23674
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 26 Jan 2010 22:55:07 +0000 (22:55 +0000)]
define MIN() in lib/gssapi/krb5/prf.c
Apply patch from Doug Engert to define MIN(), which was causing prf.c
to fail compilation on Solaris. (The definition was probably leaking
from sys/param.h, included indirectly somehow.)
ticket: 6648
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23673
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 26 Jan 2010 18:43:29 +0000 (18:43 +0000)]
Apply patch from Arlene Berry to plug a memory leak
ticket: 6599
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23672
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 25 Jan 2010 18:15:46 +0000 (18:15 +0000)]
In the DAL comments, document KRB5_KDB_INCLUDE_PAC, and correct the
documentation of the S4U flags to indicate that they affect PAC
generation.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23667
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 25 Jan 2010 04:12:21 +0000 (04:12 +0000)]
Document the DAL interface in comments, as an aid to module
implementors.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23666
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 19 Jan 2010 23:35:39 +0000 (23:35 +0000)]
Add krb5_allow_weak_crypto API
Add an API to allow apps to override the profile setting of
allow_weak_crypto, so that aklog can work with krb5 1.8 out of the box
until OpenAFS finishes migrating away from DES.
ticket: 6645
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23663
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 19 Jan 2010 18:44:57 +0000 (18:44 +0000)]
Change basename of libkadm5 libraries to avoid Heimdal conflict
ticket: 6644
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23662
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 19 Jan 2010 17:20:45 +0000 (17:20 +0000)]
In kinit_anonymous, fail out if we receive a password request from
kinit, instead of hanging.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23661
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 14 Jan 2010 16:09:24 +0000 (16:09 +0000)]
Make history key exempt from permitted_enctypes
In kdb_init_hist, just use the first key entry in the kadmin/history
entry. This makes the history key work even if the enctype is
disallowed by allow_weak_crypto=false or other configuration.
ticket: 6640
tags: pullup
target_version: 1.8
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23657
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 12 Jan 2010 21:59:58 +0000 (21:59 +0000)]
Add test program for decryption of overly short buffers
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23652
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 12 Jan 2010 01:07:48 +0000 (01:07 +0000)]
Use keyed checksum type for DES FAST
DES enctypes have unkeyed mandatory-to-implement checksums. Since
FAST requires a keyed checksum, we must pick something else in that
case.
ticket: 6633
target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23629
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 12 Jan 2010 01:05:37 +0000 (01:05 +0000)]
Simplify and fix FAST check for keyed checksum type
Use krb5_c_is_keyed_checksum to detect unkeyed checksums when handling
FAST requests. The old check was broken for 1.8 because
krb5_c_verify_checksum got pickier about invalid keyblocks.
ticket: 6632
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23628
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 11 Jan 2010 15:19:42 +0000 (15:19 +0000)]
Group together the funtions related to the supplying options to preauth plugin modules.
Also, removed krb5int_ prefix from the names of some static functions in gic_opt.c.s
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23625
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 10 Jan 2010 04:31:51 +0000 (04:31 +0000)]
(memory leak)
ktest_make_sample_ad_signedpath_data: Do not initialize client field twice.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23624
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Sun, 10 Jan 2010 02:12:55 +0000 (02:12 +0000)]
Move krb5_authdata_export_authdata into the separate file for better code modularity
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23623
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 9 Jan 2010 16:02:13 +0000 (16:02 +0000)]
krb5int_pbkdf2_hmac_sha1 fails to set enctype on keyblock
krb5int_pbkdf2_hmac_sha1 fails to set enctype on a termporary keyblock
- resulting in valgrind picking up on a conditional branch w/ unset
value. Initialize value.
ticket: 6630
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23622
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 8 Jan 2010 19:53:34 +0000 (19:53 +0000)]
Fix t_locate_kdc.c test program after r23613 when krb5_ prefix was removed from the names of the static functions in locate_kdc.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23614
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Fri, 8 Jan 2010 19:35:40 +0000 (19:35 +0000)]
Move kdc related functionality from pac.c into pac_sign.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23613
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 8 Jan 2010 14:54:04 +0000 (14:54 +0000)]
krb5int_dk_string_to_key fails to set enctype
Failure to set the enctype before invoking krb5_k_create_key results in
potential memory leak.
ticket: 6628
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23612
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 8 Jan 2010 03:43:37 +0000 (03:43 +0000)]
Set enctype in crypto_tests to prevent memory leaks
The key caching is causing memory leaks if enctype is not set as the
enctype specific cleanup handlers are not called.
ticket: 6627
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23611
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 8 Jan 2010 02:43:21 +0000 (02:43 +0000)]
Restore interoperability with 1.6 addprinc -randkey
The arcfour string-to-key operation in krb5 1.7 (or later) disagrees
with the dummy password used by the addprinc -randkey operation in
krb5 1.6's kadmin client, because it's not valid UTF-8. Recognize the
1.6 dummy password and use a random password instead.
ticket: 6626
tags: pullup
target_version: 1.8
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23610
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 8 Jan 2010 02:12:24 +0000 (02:12 +0000)]
yarrow code does not initialize keyblock enctype and uses unitialized value
The yarrow code uses a keyblock that is partially initialized. This results
in krb5_k_free_key trying to look up the enctype to call the free handler.
One of the valgrind reports: (there are several paths)
==26701== Conditional jump or move depends on uninitialised value(s)
==26701== at 0x40E9AF0: find_enctype (etypes.h:81)
==26701== by 0x40E9C9E: krb5_k_free_key (key.c:91)
==26701== by 0x40D641A: krb5int_yarrow_cipher_init (ycipher.c:49)
==26701== by 0x40D593A: yarrow_gate_locked (yarrow.c:578)
==26701== by 0x40D5349: krb5int_yarrow_output_Block (yarrow.c:423)
==26701== by 0x40D581B: yarrow_output_locked (yarrow.c:553)
==26701== by 0x40D5667: krb5int_yarrow_output (yarrow.c:513)
==26701== by 0x40EBD2D: krb5_c_random_make_octets (prng.c:112)
==26701== by 0x40D4119: krb5int_old_encrypt (old_aead.c:97)
==26701== by 0x40E9696: krb5_k_encrypt_iov (encrypt_iov.c:42)
==26701== by 0x8049554: main (t_encrypt.c:206)
==26701==
ticket: 6625
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23609
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Fri, 8 Jan 2010 01:51:19 +0000 (01:51 +0000)]
krb5int_derive_key results in cache with uninitialized values
krb5int_derive_key creates a temporary keyblock to add to the derived cache.
krb5_k_free_key will iterate over the derived keys and for ones with cache will
lookup the enctype for the key_cleanup handler.
Unfortunatly, there isn't a keyblock init function that does not allocate the
keyblock - as I suspect this problem will appear in other places.
The valgrind log of this problem is:
==7281== Conditional jump or move depends on uninitialised value(s)
==7281== at 0x40E9AE8: find_enctype (etypes.h:81)
==7281== by 0x40E9C96: krb5_k_free_key (key.c:91)
==7281== by 0x40E9C52: krb5_k_free_key (key.c:86)
==7281== by 0x40EBB00: krb5_c_prf (prf.c:87)
==7281== by 0x40E7B1B: prf_plus (cf2.c:77)
==7281== by 0x40E7CE6: krb5_c_fx_cf2_simple (cf2.c:125)
==7281== by 0x804899C: main (t_cf2.c:70)
==7281==
with memory leaks.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23608
dc483132-0cff-0310-8789-
dd5450dbe970