Greg Hudson [Wed, 9 Mar 2011 21:42:08 +0000 (21:42 +0000)]
Add a script and Makefile target to check for violations of the
recently added standards for copyright and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24694
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 8 Mar 2011 20:53:55 +0000 (20:53 +0000)]
Fix a memory leak independently found by Tim Pozdeev and Arlene Berry
This change should be pulled up to the 1.8 and 1.7 branches as well.
ticket: 6844
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24693
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 8 Mar 2011 19:34:31 +0000 (19:34 +0000)]
SPNEGO's accept_sec_context and init_sec_context produce a null context
on error, so it needs to silently succeed when deleting a null context.
It was instead passing the null context along to the mechglue which
would produce an error, causing a leak of the mechglue's union context
wrapper. Reported by aberry@likewise.com.
ticket: 6863
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24692
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 8 Mar 2011 17:22:20 +0000 (17:22 +0000)]
prototype/getopt.c hasn't been updated in quite some time and we don't
really need it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24691
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Mar 2011 16:33:47 +0000 (16:33 +0000)]
Update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24690
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Mar 2011 13:30:35 +0000 (13:30 +0000)]
Fix up signed/unsigned warnings in this directory. There are still
a few more - but these were the obvious ones.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24689
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Mar 2011 13:29:54 +0000 (13:29 +0000)]
Clean up memory leaks at end of program. No leaks now on success
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24688
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 6 Mar 2011 13:29:05 +0000 (13:29 +0000)]
On make clean remove test programs and object files. In lib/krb5/krb
make depend as a test program was missed from the source list.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24687
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 19:16:28 +0000 (19:16 +0000)]
Add test vectors from RFC 3961 for DES and DES3 to t_str2key.c. Fix
OpenSSL module handling of salts in its DES string-to-key.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24686
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 5 Mar 2011 17:37:21 +0000 (17:37 +0000)]
Add test script for user2user programs
Simple test programs to make sure that user2user functions.
ticket: 6878
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24685
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sat, 5 Mar 2011 15:56:33 +0000 (15:56 +0000)]
Include crypto_int.h for mit_des_fixup_key_parity prototype
Cleanup signed/unsigned warnings.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24684
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 14:33:37 +0000 (14:33 +0000)]
Fix a conceptual (but not practical) type mismatch in the OpenSSL
module's mit_des_fixup_key_parity resulting from r24677.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24683
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 14:00:38 +0000 (14:00 +0000)]
Make enc provider free_state function return void
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24682
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 13:51:00 +0000 (13:51 +0000)]
Remove the init_state and free_state enctype functions and go back to
always delegating state to the enc provider. (We needed enctype-
specific state initialization for CCM enctypes when we had them.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24681
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 13:36:53 +0000 (13:36 +0000)]
Move t_cf2 from lib/crypto/builtin to lib/crypto/crypto_tests, as it
is not specific to the builtin module.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24680
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sat, 5 Mar 2011 13:31:02 +0000 (13:31 +0000)]
Flatten lib/crypto/krb, as its seven subdirectories only contained a
few source file each (often only 1-2).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24679
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 3 Mar 2011 15:21:11 +0000 (15:21 +0000)]
Fix SHA-256 on big-endian platforms
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24678
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 2 Mar 2011 05:29:29 +0000 (05:29 +0000)]
Consolidate almost all lib/crypto/krb headers into a single
crypto_int.h. In that header, define and document responsibilities
for crypto modules, some of which are satisfied through a
module-specific crypto_mod.h. In the OpenSSL and NSS modules, remove
many of the headers and sources providing functionality which isn't
needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and
SHA-1 hashing, as well as DES weak key testing). Change most
Makefile.ins to only include headers from lib/crypto/krb and
lib/crypto/$(CRYPTO_IMPL), instead of from many different directories.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24677
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 2 Mar 2011 01:48:10 +0000 (01:48 +0000)]
Remove some declarations from kdc_preauth.c which are no longer needed
after r24403.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24676
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 2 Mar 2011 00:08:14 +0000 (00:08 +0000)]
In export-check.pl, display a better error if there are duplicate
symbols in the export list.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24675
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 28 Feb 2011 23:57:56 +0000 (23:57 +0000)]
Simplify lib/crypto/krb/arcfour in the wake of r23444. Move the
contents of arcfour_aead.c into arcfour.c, turn the key derivation
helper functions into static functions, and eliminate arcfour-int.h.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24673
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 28 Feb 2011 20:56:02 +0000 (20:56 +0000)]
Use the hash provider interface in krb5int_arcfour_string_to_key so
that we don't need a direct interface to MD4 in the crypto modules.
Also clean up the code a bit.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24672
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 27 Feb 2011 19:08:14 +0000 (19:08 +0000)]
Reference random-to-key handlers through the enctype instead of the
enc_provider, for consistency with string-to-key and the place of
implementation (other enc_provider functions are implemented in the
back end, but random-to-key handlers are in krb). Use a single
handler for non-DES/DES3 enctypes since it's always just directly
copying the bits. Collapse the three implementations (des, des3, and
direct) into random_to_key.c, as they're very short, and eliminate the
lib/crypto/krb/rand2key directory.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24669
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 27 Feb 2011 18:57:14 +0000 (18:57 +0000)]
Remove nonexistent aes_ctr from object and source file lists in
lib/crypto/openssl/enc_provider/Makefile.in.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24668
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 27 Feb 2011 02:35:04 +0000 (02:35 +0000)]
Make sure ulog_map() is invoked whenever we open the database in
kdb5_util. Fixes all of the master key rollover commands in the
presence of iprop. Reported by kacarstensen@csupomona.edu.
ticket: 6875
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24667
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 19:53:04 +0000 (19:53 +0000)]
Namespace-protect SHA-256 symbols. Build SHA-256 code independently of
whether Fortuna was selected.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24666
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 19:51:44 +0000 (19:51 +0000)]
Add Fortuna test program to file list for dependency generation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24665
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 19:29:23 +0000 (19:29 +0000)]
Add a non-default PRNG module which just retrieves entropy from
/dev/urandom without any cryptographic post-processing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24664
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 19:28:13 +0000 (19:28 +0000)]
Remove some unnecessary includes from prng_fortuna.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24663
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 17:30:37 +0000 (17:30 +0000)]
Make depend
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24662
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 17:23:54 +0000 (17:23 +0000)]
Now that all PRNG modules fit nicely into a single source file,
simplify the PRNG abstraction, flattening the implementations into
crypto/krb and removing the indirection through function pointers.
Move the guts of the NSS PRNG implementation into the nss subdir so
that crypto/krb doesn't need to be built with CRYPTO_IMPL_CFLAGS.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24661
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 15:05:38 +0000 (15:05 +0000)]
Remove Yarrow PRNG implementation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24660
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 15:04:49 +0000 (15:04 +0000)]
A couple more Windows build system adjustments for Fortuna as default
PRNG.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24659
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 14:28:20 +0000 (14:28 +0000)]
Add a stubs file missing from r24656
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24658
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 25 Feb 2011 14:27:06 +0000 (14:27 +0000)]
Make Fortuna the default PRNG for the Windows build
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24657
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Feb 2011 18:18:11 +0000 (18:18 +0000)]
Unbreak the OpenSSL and NSS crypto builds in the wake of r24652
(Fortuna as default PRNG), and remove some unnecessary related files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24656
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Feb 2011 16:13:58 +0000 (16:13 +0000)]
Fix dangling Makefile reference after r24652
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24655
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Feb 2011 10:00:12 +0000 (10:00 +0000)]
Make depend
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24654
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Feb 2011 09:59:22 +0000 (09:59 +0000)]
Make Fortuna the default PRNG algorithm
ticket: 6874
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24653
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 24 Feb 2011 09:58:45 +0000 (09:58 +0000)]
Fortuna as default PRNG
Rewrite prng_fortuna.c to much more closely match the description of
Fortuna in chapter 9 of Cryptography Engineering. Add a facility to
get OS entropy and implement it for Unix and Windows (not yet tested
on Windows) to replace prng/fortuna/entropy.c. Rewrite the test
harness to always ensure stable output and perform a statistical test
on the predictable internal state resulting from the stable-output
tests.
ticket: 6874
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24652
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 23 Feb 2011 18:14:11 +0000 (18:14 +0000)]
Remember to free the result of getaddrinfo() in the new sendto_kdc
code.
ticket: 6868
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24651
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 23 Feb 2011 11:38:33 +0000 (11:38 +0000)]
Fix memory leak in t_expire_warn
Free context. Allows one to look for new leaks introduced in other
pathways.
ticket: 6872
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24650
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 22 Feb 2011 21:06:23 +0000 (21:06 +0000)]
Fix a memory leak introduced in r23926 where k_cred was not freed on
successful return from kg_new_connection(). Reported by Julien
Chaffraix.
ticket: 6800
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24646
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 22 Feb 2011 20:30:24 +0000 (20:30 +0000)]
Don't leak the mechanism internal context when we get an error in the
mechglue's gss_accept_sec_context.
From aberry@likewise.com.
ticket: 6813
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24645
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 22 Feb 2011 17:08:54 +0000 (17:08 +0000)]
Delete kinit_kdb.o in make clean
ticket: 6871
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24644
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 18 Feb 2011 15:06:57 +0000 (15:06 +0000)]
Fix a conceptual bug in r24639: the intermediate key container length
should be the hash's output size, not its block size. (The bug did
not show up in testing because it is harmless in practice; MD5 has a
larger block size than output size.)
ticket: 6869
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24641
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Feb 2011 23:34:37 +0000 (23:34 +0000)]
Don't reject AP-REQs based on PACs
Experience has shown that it was a mistake to fail AP-REQ verification
based on failure to verify the signature of PAC authdata contained in
the ticket. We've had two rounds of interoperability issues with the
hmac-md5 checksum code, an interoperability issue OSX generating
unsigned PACs, and another problem where PACs are copied by older KDCs
from a cross-realm TGT into the service ticket. If a PAC signature
cannot be verified, just don't mark it as verified and continue on
with the AP exchange.
ticket: 6870
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24640
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 16 Feb 2011 22:52:41 +0000 (22:52 +0000)]
hmac-md5 checksum doesn't work with DES keys
krb5int_hmacmd5_checksum calculates an intermediate key using an HMAC.
The container for this key should be allocated using the HMAC output
size (which is the hash blocksize), not the original key size. This
bug was causing the function to fail with DES keys, which can be used
with hmac-md5 in PAC signatures.
ticket: 6869
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24639
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 14 Feb 2011 00:13:17 +0000 (00:13 +0000)]
In kg_acceptor_princ, make Coverity happy by using a different test to
determine if we should set (*princ_out)->type.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24638
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Feb 2011 22:36:13 +0000 (22:36 +0000)]
In kadm5_rename_principal, fix an oversight which would cause errors
from krb5_principal2salt_norealm to be ignored.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24637
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Feb 2011 21:14:43 +0000 (21:14 +0000)]
Untabify trace.c (tabs crept in when the file was created)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24636
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Feb 2011 21:14:00 +0000 (21:14 +0000)]
Defer hostname lookups in krb5_sendto_kdc
Restructure the locate_kdc and sendto_kdc code to defer getaddrinfo
calls until we need the answer. This requires many changes:
* struct addrlist is now called struct serverlist, and is declared in
os-proto.h instead of k5-int.h. It contains an array of struct
server_entry structures which can hold either a name or an address.
(Address entries are used for locate_kdc module results.)
* The connection state list is now a linked list, and holds address
information directly instead of using a struct addrinfo (this
simplifies memory management). Each connection entry contains a
callback buffer (previously stored in a separate array) and an index
into the server list.
* The {addrstate} trace formatting primitive is no longer needed, and
has been replaced by {connstate}. There is also a new tracing event
for resolving hostnames.
* locate_server, locate_kdc, free_serverlist, and sendto get their
prefixes changed from krb5int_ to k5_ as their prototypes were being
adjusted anyway. The family argument is gone from the locate
functions as it was never productively used. k5_sendto now receives
the socket types of interest.
* krb5_sendto_kdc will now pass a 0 socktype to k5_locate_kdc if both
socket types are wanted. There were some allowances for this in
locate but this was never previously done. In order to be
conservative when invoking locate modules, we always pass an
explicit socktype, thus calling lookup twice (as we did before,
albeit with a separate init/fini cycle) in the common case. When
creating hostname entries in serverlist from profile configuration,
we preserve the 0 value of socktype, and later create both TCP and
UDP addresses from the getaddrinfo results when the host is
resolved.
* Some accessor functions previously used by libkrb4 have been removed
as they impinged upon this work.
ticket: 6868
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24635
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Feb 2011 19:12:36 +0000 (19:12 +0000)]
Trace logging file descriptor leak
File descriptors created for trace logging were never being closed.
With short-lived contexts this leak would eventually overflow the
process's file table. Correct this oversight by closing the file
descriptor in file_trace_cb before freeing its container.
ticket: 6867
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24634
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Sun, 13 Feb 2011 18:48:06 +0000 (18:48 +0000)]
Reposition a trace call which was dereferencing freed memory after
r24616.
ticket: 6855
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24633
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 9 Feb 2011 20:25:08 +0000 (20:25 +0000)]
KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
[CVE-2011-0281 CVE-2011-0282] Fix some LDAP back end principal name
handling that could cause the KDC to hang or crash.
[CVE-2011-0283] Fix a KDC null pointer dereference introduced in krb5-1.9.
ticket: 6860
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24622
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 9 Feb 2011 20:25:03 +0000 (20:25 +0000)]
kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
When operating in standalone mode and not doing iprop, don't return
from do_standalone() if the child exits with abnormal status.
ticket: 6859
tags: pullup
target_version: 1.9.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24621
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Feb 2011 04:59:38 +0000 (04:59 +0000)]
Add missing KRB5_USE_INET6 ifdefs around some bits of IPv6 code which
didn't have them. From aberry@likewise.com.
ticket: 6857
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24620
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 9 Feb 2011 04:46:46 +0000 (04:46 +0000)]
Assume ELF on FreeBSD if objformat doesn't exist
If /usr/bin/objformat doesn't exist on a FreeBSD system, it could
indicate a pre-3.0 a.out version or a post-7.0 ELF version. Since
FreeBSD 3.0 is now twelve years old, it's safer to assume ELF than
a.out.
From aberry@likewise.com.
ticket: 6858
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24619
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 8 Feb 2011 22:31:10 +0000 (22:31 +0000)]
Fix seg faulting trace log message for use of fallback realm
The call to TRACE_TKT_CREDS_FALLBACK in get_creds.c was supplying the
wrong argument, causing a crash.
ticket: 6856
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24618
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 8 Feb 2011 21:25:21 +0000 (21:25 +0000)]
Set JAVADOC_AUTOBRIEF to YES to allow Doxygen interpret the first line of a JavaDoc-style comment as the brief description.
Also, minor argument name fix in krb5.hin
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24617
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 7 Feb 2011 18:40:00 +0000 (18:40 +0000)]
Improve acceptor name flexibility
Be more flexible about the principal names we will accept for a given
GSS acceptor name. Also add support for a new libdefaults profile
variable ignore_acceptor_hostname, which causes the hostnames of
host-based service principals to be ignored when passed by server
applications as acceptor names.
Note that we still always invoke krb5_sname_to_principal() when
importing a gss-krb5 mechanism name, even though we won't always use
the result. This is an unfortunate waste of getaddrinfo/getnameinfo
queries in some situations, but the code surgery necessary to defer
it appears too risky at this time.
The project proposal for this change is at:
http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names
ticket: 6855
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24616
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 7 Feb 2011 17:06:44 +0000 (17:06 +0000)]
Add "make doxugen" option to generate doxygen output
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24615
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Mon, 7 Feb 2011 16:50:13 +0000 (16:50 +0000)]
Added doxygen comments (mostly from the backup location)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24614
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 4 Feb 2011 20:25:05 +0000 (20:25 +0000)]
Change flow control in krb5_gss_import_name to better match current
coding practices.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24613
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 3 Feb 2011 17:39:57 +0000 (17:39 +0000)]
Remove an unnecessary statement in acquire_init_cred(). We never set
an acceptor name different from desired_princ.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24612
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 1 Feb 2011 01:11:51 +0000 (01:11 +0000)]
kadmin's ktremove can remove wrong entries when removing kvno 0
Because of 8-bit wraparound, keytabs can contain entries with kvno 0.
Because 0 is a distinguished kvno value for krb5_kt_get_entry(),
kadmin's remove_principal() winds up substituting the specified kvno
with the highest-numbered kvno of the specified principal in the
keytab. Make sure not to perform this substitution when in
specified-kvno mode.
(This fix leaves behind a very minor bug where "ktrem principal 0"
returns silently, instead of producing an error message like it
normally would, if principal exists in the keytab but not at kvno 0.)
ticket: 6854
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24611
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 26 Jan 2011 19:48:16 +0000 (19:48 +0000)]
Restore KRB5_CALLCONV_WRONG attribute to krb5_auth_con_getrcache
It was incorrectly removed in r24600.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24606
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 26 Jan 2011 18:23:23 +0000 (18:23 +0000)]
When building PKINIT against OpenSSL 1.0 or later, use the CMS APIs for
better interoperability. From nalin@redhat.com.
ticket: 6851
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24605
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 25 Jan 2011 05:20:07 +0000 (05:20 +0000)]
Make principal renaming work in libkadm5srv by converting to explicit
salts as necessary. Add a principal rename command to the client.
(The RPC infrastructure was already present.)
Adapted from patches submitted by mdw@umich.edu and lha@apple.com.
ticket: 6323
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24604
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 25 Jan 2011 00:23:48 +0000 (00:23 +0000)]
Make gss_krb5_set_allowable_enctypes work for the acceptor
With the addition of enctype negotiation in 1.7, a gss-krb5 acceptor
can choose an enctype for the acceptor subkey other than the one in
the keytab. If the resulting security context will be exported and
re-imported by another gss-krb5 implementation (such as one in the
kernel), the acceptor needs a way to restrict the set of negotiated
enctypes to those supported by the other implementation. We had that
functionality for the initiator already in the form of
gss_krb5_set_allowable_enctypes; this change makes it work for the
acceptor as well.
ticket: 6852
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24603
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 21 Jan 2011 18:09:56 +0000 (18:09 +0000)]
Add a trace log event for unrecognized enctypes in a profile enctype
list.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24602
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Fri, 21 Jan 2011 05:00:53 +0000 (05:00 +0000)]
Fix edge case in LDAP last_admin_unlock processing
In the LDAP KDB module, set appropriate flags when zeroing
entry->fail_auth_count due to an administrative unlock.
ticket: 6849
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24601
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Wed, 19 Jan 2011 16:49:41 +0000 (16:49 +0000)]
Where missing, add the argument's names to the function signatures
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24600
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 18 Jan 2011 21:54:58 +0000 (21:54 +0000)]
Renamed static function krb5_rd_safe_basic into rd_safe_basic to avoid confusion with API
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24599
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 18 Jan 2011 17:51:58 +0000 (17:51 +0000)]
In t_expire_warn.py, put the hashbang line at the top, instead of
after the copyright comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24598
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 18 Jan 2011 17:03:54 +0000 (17:03 +0000)]
Update copyright year in prototype sources
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24597
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Thu, 13 Jan 2011 15:32:47 +0000 (15:32 +0000)]
Doxygen style re-formating of the existing comments
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24596
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 12 Jan 2011 23:31:58 +0000 (23:31 +0000)]
In krb5_set_realm():
* Return EINVAL and ENOMEM correctly.
* Accept an empty realm instead of returning EINVAL.
* Wrap a long line.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24595
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 12 Jan 2011 22:00:40 +0000 (22:00 +0000)]
Don't call memset with a zero length
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24594
dc483132-0cff-0310-8789-
dd5450dbe970
Zhanna Tsitkov [Tue, 11 Jan 2011 20:00:52 +0000 (20:00 +0000)]
Asn.1 decode related file rearrangement. It was made based on the following criteria:
1. based on functionality (for example, kdc-only code)
2. Well defined clusters of functions (fast, sam).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24593
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 10 Jan 2011 20:32:56 +0000 (20:32 +0000)]
Tighten up the error handling in the mechglue's gss_canonicalize_name,
eliminating a null pointer dereference in the (unlikely) case that
allocation of out_union fails. Reported by aberry@likewise.com.
ticket: 6817
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24592
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 10 Jan 2011 18:25:36 +0000 (18:25 +0000)]
Fix a couple of cases in the SPNEGO implementation where a
half-constructed SPNEGO context could be leaked. Patch from
aberry@likewise.com, slightly amended.
ticket: 6816
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24591
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 28 Dec 2010 18:27:17 +0000 (18:27 +0000)]
Don't attempt to serialize a NULL authdata context when serializing a
GSSAPI context (most often seen with initiator contexts). Patch from
aberry@likewise.com.
ticket: 6675
target_version: 1.9.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24590
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 28 Dec 2010 17:27:15 +0000 (17:27 +0000)]
Don't use a krb5 context in t_fork, since we don't set up a krb5.conf
in the crypto test directory's "make check".
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24589
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 20 Dec 2010 22:52:35 +0000 (22:52 +0000)]
Document rdns libdefault setting
ticket: 6794
tags: pullup
target_version: 1.9
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24584
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Mon, 20 Dec 2010 17:48:06 +0000 (17:48 +0000)]
Eliminate some unused variable warnings
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24583
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Thu, 16 Dec 2010 05:07:24 +0000 (05:07 +0000)]
Remove an unnecessary clause from safe_cksumtype() which served only
to create a theoretical (but impossible in practice) memory leak.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24581
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Dec 2010 19:14:37 +0000 (19:14 +0000)]
update acknowledgments
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24575
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 14 Dec 2010 18:46:46 +0000 (18:46 +0000)]
Ensure time() is prototyped in g_accept_sec_context.c
r22736 added a call to time() in g_accept_sec_context.c. Include
<time.h> to ensure that this call is correctly prototyped. Previously
<time.h> was only included implicitly through <pthread.h>, which
doesn't apply when thread support is disabled.
ticket: 6842
tags: pullup
target_version: 1.9
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24568
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Dec 2010 17:34:48 +0000 (17:34 +0000)]
memory leak in changepw.c
Apply patch from Marcus Watts to avoid a memory leak in changepw.c.
ticket: 6841
tags: pullup
target_version: 1.9
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24567
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 14 Dec 2010 17:28:38 +0000 (17:28 +0000)]
Fix a regression in the client-side ticket renewal code where KDC
options were not folded into the renewal request (most notably, the
KDC_OPT_RENEWABLE flag), so we didn't request renewable renewed
tickets. Add a simple test case for ticket renewal.
ticket: 6838
tags: pullups
target_version: 1.9
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24566
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 14 Dec 2010 17:24:21 +0000 (17:24 +0000)]
typo in plugin-related error message
Apply patch from Marcus Watts to fix error message typo.
ticket: 6840
tags: pullup
target_version: 1.9
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24565
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 10 Dec 2010 01:06:26 +0000 (01:06 +0000)]
handle MS PACs that lack server checksum
target_version 1.9
tags: pullup
Apple Mac OS X Server's Open Directory KDC issues MS PAC like
authorization data that lacks a server checksum. If this checksum is
missing, mark the PAC as unverfied, but allow
krb5int_authdata_verify() to succeed. Filter out the unverified PAC
in subsequent calls to krb5_authdata_get_attribute(). Add trace
points to indicate where this behavior occurs.
Thanks to Helmut Grohne for help with analysis. This bug is also
Debian Bug #604925:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604925
This change should also get backported to krb5-1.8.x.
ticket: 6839
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24564
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 7 Dec 2010 23:45:15 +0000 (23:45 +0000)]
Add comment noting that RFC 4121 appears to omit RC4-HMAC from the
list of "not-newer" enctypes, even though RFC 4757 effectively treats
it as one. Suggested by Derrick Brashear.
ticket: 6835
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24563
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sun, 5 Dec 2010 20:16:17 +0000 (20:16 +0000)]
update dependencies
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24561
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 3 Dec 2010 12:34:53 +0000 (12:34 +0000)]
Test for key rollover for TGT, including purging old keys
ticket: 1219
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24555
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 1 Dec 2010 22:36:38 +0000 (22:36 +0000)]
Correct typo in admin documentation for restrict_anonymous_to_tgt
ticket: 6829
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24550
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Wed, 1 Dec 2010 20:01:46 +0000 (20:01 +0000)]
Implement restrict_anonymous_to_tgt realm flag
Implement a new realm flag to reject ticket requests from anonymous
principals to any principal other than the local TGT. Allows FAST to
be deployed using anonymous tickets as armor in realms where the set
of authenticatable users must be constrained.
ticket: 6829
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24547
dc483132-0cff-0310-8789-
dd5450dbe970
Sam Hartman [Tue, 30 Nov 2010 22:46:54 +0000 (22:46 +0000)]
Install kadm5_hook_plugin.h
Install the kadm5 hook plugin header
ticket: 6828
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24539
dc483132-0cff-0310-8789-
dd5450dbe970
Greg Hudson [Tue, 30 Nov 2010 21:20:49 +0000 (21:20 +0000)]
SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)
Fix multiple checksum handling bugs, as described in:
CVE-2010-1324
CVE-2010-1323
CVE-2010-4020
CVE-2010-4021
* Return the correct (keyed) checksums as the mandatory checksum type
for DES enctypes.
* Restrict simplified-profile checksums to their corresponding etypes.
* Add internal checks to reduce the risk of stream ciphers being used
with simplified-profile key derivation or other algorithms relying
on the block encryption primitive.
* Use the mandatory checksum type for the PKINIT KDC signature,
instead of the first-listed keyed checksum.
* Use the mandatory checksum type when sending KRB-SAFE messages by
default, instead of the first-listed keyed checksum.
* Use the mandatory checksum type for the t_kperf test program.
* Use the mandatory checksum type (without additional logic) for the
FAST request checksum.
* Preserve the existing checksum choices (unkeyed checksums for DES
enctypes) for the authenticator checksum, using explicit logic.
* Ensure that SAM checksums received from the KDC are keyed.
* Ensure that PAC checksums are keyed.
ticket: 6827
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24538
dc483132-0cff-0310-8789-
dd5450dbe970