From cff64f5bfd0b3f548027fffb2bbce40b33ce4ad1 Mon Sep 17 00:00:00 2001 From: no author Date: Wed, 17 Nov 2004 21:39:15 +0000 Subject: [PATCH] This commit was manufactured by cvs2svn to create tag 'krb5-1-4-beta1'. git-svn-id: svn://anonsvn.mit.edu/krb5/tags/krb5-1-4-beta1@16883 dc483132-0cff-0310-8789-dd5450dbe970 --- README | 1028 +---------------- src/appl/gssftp/ftpd/ChangeLog | 10 + src/appl/gssftp/ftpd/ftpcmd.y | 13 + src/appl/gssftp/ftpd/ftpd.M | 7 +- src/appl/gssftp/ftpd/ftpd.c | 9 +- src/include/ChangeLog | 4 + src/include/fake-addrinfo.h | 3 +- src/lib/crypto/ChangeLog | 5 + src/lib/crypto/t_prng.expected | 8 +- src/lib/crypto/t_prng.reseedtest-expected | 2 +- src/lib/crypto/t_prng.seed | 2 +- src/lib/crypto/yarrow/ChangeLog | 4 + src/lib/crypto/yarrow/ycipher.h | 10 +- src/mac/MacOSX/Projects/GSS.pbexp | 14 + .../Projects/Kerberos5.pbproj/project.pbxproj | 17 +- src/mac/MacOSX/Projects/KerberosProfile.pbexp | 5 + src/patchlevel.h | 4 +- src/util/ChangeLog | 5 + src/util/et/ChangeLog | 6 + src/util/et/et_h.awk | 2 +- src/util/et/et_h.pl | 2 +- src/util/mkrel | 9 +- src/util/profile/ChangeLog | 13 + src/util/profile/prof_init.c | 30 + src/util/profile/prof_set.c | 3 - src/util/profile/profile.hin | 5 + 26 files changed, 216 insertions(+), 1004 deletions(-) diff --git a/README b/README index 2bfe2473c..4de346e9b 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ - Kerberos Version 5, Release 1.3.5 + Kerberos Version 5, Release 1.4 Release Notes The MIT Kerberos Team @@ -6,21 +6,16 @@ Unpacking the Source Distribution --------------------------------- -The source distribution of Kerberos 5 comes in a gzipped tarfile, -krb5-1.3.5.tar.gz. Instructions on how to extract the entire -distribution follow. +The source distribution of Kerberos 5 comes in a tarfile, +krb5-1.4-signed.tar. The tarfile contains a gzipped tarfile, +krb5-1.4.tar.gz, and its corresponding PGP signature, +krb5-1.4.tar.gz.asc. -If you have the GNU tar program and gzip installed, you can simply do: +You will need the GNU gzip program, and preferably, the GNU tar +program, to extract the source distribution. - gtar zxpf krb5-1.3.5.tar.gz - -If you don't have GNU tar, you will need to get the FSF gzip -distribution and use gzcat: - - gzcat krb5-1.3.5.tar.gz | tar xpf - - -Both of these methods will extract the sources into krb5-1.3.5/src and -the documentation into krb5-1.3.5/doc. +The distribution will extract into a subdirectory "krb5-1.4" of the +current directory. Building and Installing Kerberos 5 ---------------------------------- @@ -59,935 +54,23 @@ http://krbdev.mit.edu/rt/ and logging in as "guest" with password "guest". -Major changes in 1.3.5 ----------------------- - -* [2682] Fix ftpd hang caused by empty PASS command. - -* [2686] Fix double-free errors. [MITKRB5-SA-2004-002] - -* [2687] Fix denial-of-service vulnerability in ASN.1 - decoder. [MITKRB5-SA-2004-003] - -Minor changes in 1.3.5 ----------------------- - -* [2016] Fix build problem in fake-addrinfo.h by including stdio.h so - that sprintf() gets prototyped where needed on some platforms. - -* [2353] Add missing prototype for gss_krb5int_unseal_token_v3(). - -* [2607] Fix enctype filtering and some memory leaks in MSLSA ccache. - -* [2608] Remove incorrect localization in MSLSA ccache which was - resulting in crashes. - -* [2619] Update MSLSA ccache to support new LSA flag. - -* [2623] Update MSLSA ccache to reflect differences in registry layout - between Windows client and server OSes. - -* [2624] Do not ignore the cache when obtaining TGTs from the MSLSA if - the requested enctype is the NULL enctype. - -* [2626] Add Terminal Server compatibility for KfW. - -* [2627] Fix cc_mslsa thread safety. - -* [2634] Remove the caching of the ccache principal name from - krb5_context. - -* [2643] Fix another problem with krb4 ticket backdating. - -* [2675] Add new WiX-based MSI installer for KfW. - -* [2677] Add "-c ccache" option to kvno; use consistent memory - management to avoid crashes on Windows. - -* [2689] Misc MSLSA ccache fixes. - -* [2691] Improve documentation of ANSI C requirement. - -Major changes in 1.3.4 ----------------------- - -* [2024, 2583, 2584] Fixed buffer overflows in - krb5_aname_to_localname(). [MITKRB-SA-2004-001] - -Minor changes in 1.3.4 ----------------------- - -* [957] The auth_to_local rules now allow for the client realm to be - examined. - -* [2527, 2528, 2531] Keytab file names lacking a "FILE:" prefix now work - under Windows. - -* [2533] Updated installer scripts for Windows. - -* [2534] Fixed memory leak for when an incorrect password is input to - krb5_get_init_creds_password(). - -* [2535] Added missing newline to dnssrv.c. - -* [2551, 2564] Use compile-time checks to determine endianness. - -* [2558] krb5_send_tgs() now correctly sets message_type after - receiving a KRB_ERROR message. - -* [2561, 2574] Fixed memory allocation errors in the MSLSA ccache. - -* [2562] The Windows installer works around cases where DLLs cannot be - unloaded. - -* [2585] Documentation correctly describes AES support in GSSAPI. - -Major changes in 1.3.3 ----------------------- - -* [2284] Fixed accept_sec_context to use a replay cache in the - GSS_C_NO_CREDENTIAL case. Reported by Cesar Garcia. - -* [2426] Fixed a spurious SIGPIPE that happened in the TCP sendto_kdc - code on AIX. Thanks to Bill Dodd. - -* [2430] Fixed a crash in the MSLSA ccache. - -* [2453] The AES string-to-key function no longer returns a pointer to - stack memory when given a password longer than 64 characters. - -Minor changes in 1.3.3 ----------------------- - -* [2277] In sendto_kdc, a socket leak on connection failure was fixed. - Thanks to Bill Dodd. - -* [2384] A memory leak in the TCP handling code in the KDC has been - fixed. Thanks to Will Fiveash. - -* [2521] The Windows NSIS installer scripts are in the source tree. - -* [2522] The MSLSA ccache now supports Windows 9x. - -Major changes in 1.3.2 ----------------------- - -* [2040, 1471, 2067, 2077, 2079, 2166, 2167, 2220, 2266] Support for - AES in GSSAPI has been implemented. This corresponds to the - in-progress work in the IETF (CFX). - -* [2049, 2139, 2148, 2153, 2182, 2183, 2184, 2190, 2202] Added a new - ccache type "MSLSA:" for read-only access to the MS Windows LSA - cache. - -* [982] On windows, krb5.exe now has a checkbox to request addressless - tickets. - -* [2189, 2234] To avoid compatibility problems, unrecognized TGS - options will now be ignored. Thanks to Wyllys Ingersoll for finding - a problem with a previous fix. - -* [2218] 128-bit AES has been added to the default enctypes. - -* [2223, 2229] AES cryptosystem now chains IVs. This WILL break - backwards compatibility for the kcmd applications, if they are using - AES session keys. Thanks to Wyllys Ingersoll for finding a problem - with a previous fix. - -Minor changes in 1.3.2 ----------------------- - -* [1437] Applied patch from Stephen Grau so kinit returns non-zero - status under certain failure conditions where it had previously - returned zero. - -* [1586] On Windows, the krb4 CREDENTIALS structure has been changed - to align with KfW's version of the structure. - -* [1613] Applied patch from Dave Shrimpton to avoid truncation of - dates output from the kadmin CLI when long time zone names are - used. - -* [1622] krshd no longer calls syslog from inside a signal handler, in - an effort to avoid deadlocks on exit. - -* [1649] A com_err test program compiles properly on Darwin now. - -* [1692] A new configuration file tag "master_kdc" has been added to - allow master KDCs to be designated separately from admin servers. - -* [1702] krb5_get_host_realm() and krb5_free_host_realm() are no - longer marked as KRB5_PRIVATE. - -* [1711] Applied patch from Harry McGavran Jr to allow fake-addrinfo.h - to compile on libc5 Linux platforms. - -* [1712] Applied patch from Cesar Garcia to fix lifetime computation - in krb524 ticket conversion. - -* [1714] Fixed a 64-bit endianness bug in ticket starttime encoding in - krb524d. Found by Cesar Garcia. - -* [1715] kadmind4 and v5passwdd are no longer installed on Mac OS X. - -* [1718] The krb4 library configure script now recognizes - OpenDarwin/x86. Bug found by Rob Braun. - -* [1721] krb5_get_init_creds_password() no longer returns a spurious - KRB5_REALM_UNKNOWN if DNS SRV record support is turned off. - -* [1730] krb_mk_auth() no longer overzealously clears the key - schedule. - -* [1731] A double-free related to reading forwarded credentials has - been fixed. Found by Joseph Galbraith. - -* [1770] Applied patch from Maurice Massar to fix a foreachaddr() - problem that was causing the KDC to segfault on startup. - -* [1790] The Linux build uses $(CC) to create shared libraries, - avoiding a libgcc problem when building libdb. - -* [1792] The lib/kadm5 unit tests now work around a Solaris 9 - pty-close bug. - -* [1793] The test suite works around some Tru64 and Irix RPATH - issues, which previously could prevent tests from running on a build - with shared libraries enabled. - -* [1799] kadmind supports callouts to the Apple password server. - -* [1893] KRB-SAFE messages from older releases can now be read - successfully. Prior 1.3.x releases did not save the encoded - KRB-SAFE message, and experienced problems when re-encoding. Found - by Scooter Morris. - -* [1962] MS LSA tickets with short remaining lifetimes will be - rejected in favor of retrieving tickets bypassing the LSA cache. - -* [1973] sendto_kdc.c now closes sockets with closesocket() instead of - close(), avoiding a descriptor leak on Windows. - -* [1979] An erroneously short initial sequence number mask has been - fixed. - -* [2028] KfW now displays a kinit dialog when GSS fails to find - tickets. - -* [2051] Missing exports have been added to krb4_32.def on Windows. - -* [2058] Some problems with krb4 ticket lifetime backdating have - fixed. - -* [2060] GSSAPI's idea of the default ccache is less sticky now. - -* [2068] The profile library includes prof-int.h before conditionals - that rely on it. - -* [2084] The resolver library is no longer referenced by library code - if not building with DNS SRV record support. - -* [2085] Updated Windows README file to reflect current compilation - requirements, etc. - -* [2104] On Windows, only define strcasecmp and strncasecmp - replacement macros if said functions are missing. - -* [2106] Return an error for unimplemented ccache functions, rather - than calling through a null pointer. - -* [2118] Applied patch from Will Fiveash to use correct parameter for - KDC TCP listening sockets. - -* [2144,2230] Memory management errors in the Windows gss.exe test - client have been fixed. - -* [2171] krb5_locate_kpasswd() now correctly calls htons() on the - kpasswd port number. Found by Arlene Berry. - -* [2180] The profile library now includes pthread.h when compiled with - USE_PTHREADS. - -* [2181, 2224] A timeout has been added to gss-server, and a missing - parameter to sign_server() has been added. - -* [2196] config.{guess,sub} have been updated from autoconf-2.59. - -* [2204] Windows gss.exe now has support for specifying credentials - cache, as well as some minor bugfixes. - -* [2210] GSSAPI accept_sec_context() no longer unconditionally sets - INTEG and CONF flags in contradiction to what the initiator sent. - -* [2212] The GSS sample application has some additional options to - support testing of SSPI vs GSSAPI. - -* [2217] Windows gss.exe has new UI elements to support more flag - settings. - -* [2225] In the gss sample client, some extraneous parameters have - been removed from client_establish_context(). - -* [2228] Copyright notices updated in GSS sample apps. - -* [2233] On Windows compiles with KRB5_KFW_COMPILE, the lib path for - krbcc32.lib is now correct. - -* [2195, 2236, 2241, 2245] The Solaris 9 pty-close bug, which was - affecting the test suite, has been worked around by hacking - scheduler priorities. See the installation notes for details. - Thanks to Bill Sommerfeld for some useful hints. - -* [2258] An incorrect memcpy() statement in fakeka has been fixed. - Reported by David Thompson. - -Notes, Major Changes, and Known Bugs for 1.3.1 ----------------------------------------------- - -* [1681] The incorrect encoding of the ETYPE-INFO2 preauthentication - hint is no longer emitted, and the both the incorrect and the - correct encodings of ETYPE-INFO2 are now accepted. We STRONGLY - encourage deploying krb5-1.3.1 in preference to 1.3, especially on - client installations, as the 1.3 release did not conform to the - internet-draft for the revised Kerberos protocol in its encoding of - ETYPE-INFO2. - -* [1683] The non-caching getaddrinfo() API on Mac OS X, which was - causing significant slowdowns under some circumstances, has been - worked around. - -Minor changes in 1.3.1 ----------------------- - -* [1015] gss_accept_sec_context() now passes correct arguments to - TREAD_STR() when reading options beyond the forwarded credential - option. Thanks to Emily Ratliff. - -* [1365] The GSSAPI initiator credentials are no longer cached inside - the GSSAPI library. - -* [1651] A buffer overflow in krb_get_admhst() has been fixed. - -* [1655] krb5_get_permitted_enctypes() and krb5_set_real_time() are - now exported for use by Samba. - -* [1656] gss_init_sec_context() no longer leaks credentials under some - error conditions. - -* [1657] krb_get_lrealm() no longer returns "ATHENA.MIT.EDU" - inappropriately. - -* [1664] The crypto library no longer has bogus dependencies on - com_err. - -* [1665] krb5_init_context() no longer multiply registers error tables - when called more than once, preventing a memory leak. - -* [1666] The GSS_C_NT_* symbols are now exported from gssapi32.dll on - Windows. - -* [1667] ms2mit now imports any tickets with supported enctypes, and - does not import invalid tickets. - -* [1677] krb5_gss_register_acceptor_identity() no longer has an - off-by-one in its memory allocation. - -* [1679] krb5_principal2salt is now exported on all platforms. - -* [1684] The file credentials cache is now supported if USE_CCAPI is - defined, i.e., for KfM and KfW. - -* [1691] Documentation for the obsolete kdc_supported_enctypes config - variable has been removed. - -Notes, Major Changes, and Known Bugs for 1.3 --------------------------------------------- - -* We now install the compile_et program, so other packages can use the - installed com_err library with their own error tables. (If you use - our com_err code, that is; see below.) - -* The header files we install now assume ANSI/ISO C ('89, not '99). - We have stopped testing on SunOS 4, even with gcc. Some of our code - now has C89-based assumptions, like free(NULL) being well defined, - that will probably frustrate any attempts to run this code under SunOS - 4 or other pre-C89 systems. - -* Some new code, bug fixes, and cleanup for IPv6 support. Most of the - code should support IPv6 transparently now. The RPC code (and - therefore the admin system, which is based on it) does not yet - support IPv6. The support for Kerberos 4 may work with IPv6 in very - limited ways, if the address checking is turned off. The FTP client - and server do not have support for the new protocol messages needed - for IPv6 support (RFC 2428). - -* We have upgraded to autoconf 2.52 (or later), and the syntax for - specifying certain configuration options have changed. For example, - autoconf 2.52 configure scripts let you specify command-line options - like "configure CC=/some/path/foo-cc", so we have removed some of - our old options like --with-cc in favor of this approach. - -* The client libraries can now use TCP to connect to the KDC. This - may be necessary when talking to Microsoft KDCs (domain controllers), - if they issue you tickets with lots of PAC data. - -* If you have versions of the com_err or ss installed locally, you can - use the --with-system-et and --with-system-ss configure options to - use them rather than using the versions supplied here. Note that - the interfaces are assumed to be similar to those we supply; in - particular, some older, divergent versions of the com_err library - may not work with the krb5 sources. Many configure-time variables - can be used to help the compiler and linker find the installed - packages; see the build documentation for details. - -* The AES cryptosystem has been implemented. However, support in the - Kerberos GSSAPI mechanism has not been written (or even fully - specified), so it's not fully enabled. See the documentation for - details. - -Major changes listed by ticket ID ---------------------------------- - -* [492] PRNG breakage on 64-bit platforms no longer an issue due to - new PRNG implementation. - -* [523] Client library is now compatible with the RC4-based - cryptosystem used by Windows 2000. - -* [709] krb4 long lifetime support has been implemented. - -* [880] krb5_gss_register_acceptor_identity() implemented (is called - gsskrb5_register_acceptor_identity() by Heimdal). - -* [1087] ftpd no longer requires channel bindings, allowing easier use - of ftp from behind a NAT. - -* [1156, 1209] It is now possible to use the system com_err to build - this release. - -* [1174] TCP support added to client library. - -* [1175] TCP support added to the KDC, but is disabled by default. - -* [1176] autoconf-2.5x is now required by the build system. - -* [1184] It is now possible to use the system Berkeley/Sleepycat DB - library to build this release. - -* [1189, 1251] The KfM krb4 library source base has been merged. - -* [1190] The default KDC master key type is now triple-DES. KDCs - being updated may need their config files updated if they are not - already specifying the master key type. - -* [1190] The default ticket lifetime and default maximum renewable - ticket lifetime have been extended to one day and one week, - respectively. - -* [1191] A new script, k5srvutil, may be used to manipulate keytabs in - ways similar to the krb4 ksrvutil utility. - -* [1281] The "fakeka" program, which emulates the AFS kaserver, has - been integrated. Thanks to Ken Hornstein. - -* [1343] The KDC now defaults to not answering krb4 requests. - -* [1344] Addressless tickets are requested by default now. - -* [1372] There is no longer a need to create a special keytab for - kadmind. The legacy administration daemons "kadmind4" and - "v5passwdd" will still require a keytab, though. - -* [1377, 1442, 1443] The Microsoft set-password protocol has been - implemented. Thanks to Paul Nelson. - -* [1385, 1395, 1410] The krb4 protocol vulnerabilities - [MITKRB5-SA-2003-004] have been worked around. Note that this will - disable krb4 cross-realm functionality, as well as krb4 triple-DES - functionality. Please see doc/krb4-xrealm.txt for details of the - patch. - -* [1393] The xdrmem integer overflows [MITKRB5-SA-2003-003] have - been fixed. - -* [1397] The krb5_principal buffer bounds problems - [MITKRB5-SA-2003-005] have been fixed. Thanks to Nalin Dahyabhai. - -* [1415] Subsession key negotiation has been fixed to allow for - server-selected subsession keys in the future. - -* [1418, 1429, 1446, 1484, 1486, 1487, 1535, 1621] The AES - cryptosystem has been implemented. It is not usable for GSSAPI, - though. - -* [1491] The client-side functionality of the krb524 library has been - moved into the krb5 library. - -* [1550] SRV record support exists for Kerberos v4. - -* [1551] The heuristic for locating the Kerberos v4 KDC by prepending - "kerberos." to the realm name if no config file or DNS information - is available has been removed. - -* [1568, 1067] A krb524 stub library is built on Windows. - -Minor changes listed by ticket ID ---------------------------------- - -* [90] default_principal_flags documented. - -* [175] Docs refer to appropriate example domains/IPs now. - -* [299] kadmin no longer complains about missing kdc.conf parameters - when it really means krb5.conf parameters. - -* [318] Run-time load path for tcl is set now when linking test - programs. - -* [443] --includedir honored now. - -* [479] unused argument in try_krb4() in login.c deleted. - -* [590] The des_read_pw_string() function in libdes425 has been - aligned with the original krb4 and CNS APIs. - -* [608] login.krb5 handles SIGHUP more sanely now and thus avoids - getting the session into a weird state w.r.t. job control. +Major changes in 1.4 +-------------------- -* [620] krb4 encrypted rcp should work a little better now. Thanks to - Greg Hudson. +* [1349, 2578, 2601, 2606, 2613, 2743] Add implementation of the + RPCSEC_GSS authentication flavor to the RPC library. Thanks to + Kevin Coffman and the CITI group at the University of Michigan. -* [647] libtelnet/kerberos5.c no longer uses internal include files. +* [in progress] Thread safety for krb5 libraries. -* [673] Weird echoing of admin password in kadmin client worked around - by not using buffered stdio calls to read passwords. +Minor changes in 1.4 +-------------------- -* [677] The build system has been reworked to allow the user to set - CFLAGS, LDFLAGS, CPPFLAGS, etc. reasonably. +Please see -* [680] Related to [673], rewrite krb5_prompter_posix() to no longer - use longjmp(), thus avoiding some bugs relating to non-restoration - of terminal settings. +http://krbdev.mit.edu/rt/NoAuth/krb5-1.4/fixed-1.4.html -* [697] login.krb5 no longer zeroes out the terminal window size. - -* [710] decomp_ticket() in libkrb4 now looks up the local realm name - more correctly. Thanks to Booker Bense. - -* [771] .rconf files are excluded from the release now. - -* [772] LOG_AUTHPRIV syslog facility is now usable for logging on - systems that support it. - -* [844] krshd now syslogs using the LOG_AUTH facility. - -* [850] Berekely DB build is better integrated into the krb5 library - build process. - -* [866] lib/krb5/os/localaddr.c and kdc/network.c use a common source - for local address enumeration now. - -* [882] gss-client now correctly deletes the context on error. - -* [919] kdc/network.c problems relating to SIOCGIFCONF have been - fixed. - -* [922] An overflow in the string-to-time conversion routines has been - fixed. - -* [933] krb524d now handles single-DES session keys other than of type - des-cbc-crc. - -* [935] des-cbc-md4 now included in default enctypes. - -* [939] A minor grammatical error has been fixed in a telnet client - error message. - -* [953] des3 no longer failing on Windows due to SHA1 implementation - problems. - -* [964] kdb_init_hist() no longer fails if master_key_enctype is not - in supported_enctypes. - -* [970] A minor inconsistency in ccache.tex has been fixed. - -* [971] option parsing bugs rendered irrelevant by removal of unused - gss mechanism. - -* [976] make install mentioned in build documentation. - -* [986] Related to [677], problems with the ordering of LDFLAGS - initialization rendered irrelevant by use of native autoconf - idioms. - -* [992] Related to [677], quirks with --with-cc no longer relevant as - AC_PROG_CC is used instead now. - -* [999] The kdc_default_options configuration variable is now honored. - Thanks to Emily Ratliff. - -* [1006] Client library, as well as KDC, now perform reasonable - sorting of ETYPE-INFO preauthentication data. - -* [1055] NULL pointer dereferences in code calling - krb5_change_password() have been fixed. - -* [1063] Initial credentials acquisition failures related to client - host having a large number of local network interfaces should be - fixed now. - -* [1064] Incorrect option parsing in the gssapi library is no longer - relevant due to removal of the "v2" mechanism. - -* [1065, 1225] krb5_get_init_creds_password() should properly warn about - password expiration. - -* [1066] printf() argument mismatches in rpc unit tests fixed. - -* [1085] The krb5.conf manpage has been re-synchronized with other - documentation. - -* [1102] gssapi_generic.h should now work with C++. - -* [1135] The kadm5 ACL system is better documented. - -* [1136] Some documentation for the setup of cross-realm - authentication has been added. - -* [1164] krb5_auth_con_gen_addrs() now properly returns errno instead - of -1 if getpeername() fails. - -* [1173] Address-less forwardable tickets will remain address-less - when forwarded. - -* [1178, 1228, 1244, 1246, 1249] Test suite has been stabilized - somewhat. - -* [1188] As part of the modernization of our usage of autoconf, - AC_CONFIG_FILES is now used instead of passing a list of files to - AC_OUTPUT. - -* [1194] configure will no longer recurse out of the top of the source - tree when attempting to locate the top of the source tree. - -* [1192] Documentation for the krb5 afs functionality of krb524d has - been written. - -* [1195] Example krb5.conf file modified to include all enctypes - supported by the release. - -* [1202] The KDC no longer rejects unrecognized flags. - -* [1203] krb5_get_init_creds_keytab() no longer does a double-free. - -* [1211] The ASN.1 code no longer passes (harmless) uninitialized - values around. - -* [1212] libkadm5 now allows for persistent exclusive database locks. - -* [1217] krb5_read_password() and des_read_password() are now - implemented via krb5_prompter_posix(). - -* [1224] For SAM challenges, omitted optional strings are no longer - encoded as zero-length strings. - -* [1226] Client-side support for SAM hardware-based preauth - implemented. - -* [1229] The keytab search logic no longer fails prematurely if an - incorrect encryption type is found. Thanks to Wyllys Ingersoll. - -* [1232] If the master KDC cannot be resolved, but a slave is - reachable, the client library now returns the real error from the - slave rather than the resolution failure from the master. Thanks to - Ben Cox. - -* [1234] Assigned numbers for SAM preauth have been corrected. - sam-pk-for-sad implementation has been aligned. - -* [1237] Profile-sharing optimizations from KfM have been merged. - -* [1240] Windows calling conventions for krb5int_c_combine_keys() have - been aligned. - -* [1242] Build system incompatibilities with Debian's chimeric - autoconf installation have been worked around. - -* [1256] Incorrect sizes passed to memset() in combine_keys() - operations have been corrected. - -* [1260] Client credential lookup now gets new service tickets in - preference to attempting to use expired ticketes. Thanks to Ben - Cox. - -* [1262, 1572] Sequence numbers are now unsigned; negative sequence - numbers will be accepted for the purposes of backwards - compatibility. - -* [1263] A heuristic for matching the incorrectly encoded sequence - numbers emitted by Heimdal implementations has been written. - -* [1284] kshd accepts connections by IPv6 now. - -* [1292] kvno manpage title fixed. - -* [1293] Source files no longer explicitly attempt to declare errno. - -* [1304] kadmind4 no longer leaves sa_flags uninitialized. - -* [1305] Expired tickets now cause KfM to pop up a password dialog. - -* [1309] krb5_send_tgs() no longer leaks the storage associated with - the TGS-REQ. - -* [1310] kadm5_get_either() no longer leaks regexp library memory. - -* [1311] Output from krb5-config no longer contains spurious uses of - $(PURE). - -* [1324] The KDC no longer logs an inappropriate "no matching key" - error when an encrypted timestamp preauth password is incorrect. - -* [1334] The KDC now returns a clockskew error when the timestamp in - the encrypted timestamp preauth is out of bounds, rather than just - returning a preauthentcation failure. - -* [1342] gawk is no longer required for building kerbsrc.zip for the - Windows build. - -* [1346] gss_krb5_ccache_name() no longer attempts to return a pointer - to freed memory. - -* [1351] The filename globbing vulnerability [CERT VU#258721] in the - ftp client's handling of filenames beginning with "|" or "-" - returned from the "mget" command has been fixed. - -* [1352] GSS_C_PROT_READY_FLAG is no longer asserted inappropriately - during GSSAPI context establishment. - -* [1356] krb5_gss_accept_sec_context() no longer attempts to validate - a null credential if one is passed in. - -* [1362] The "-a user" option to telnetd now does the right thing. - Thanks to Nathan Neulinger. - -* [1363] ksu no longer inappropriately syslogs to stderr. - -* [1357] krb__get_srvtab_name() no longer leaks memory. - -* [1370] GSS_C_NO_CREDENTIAL now accepts any principal in the keytab. - -* [1373] Handling of SAM preauth no longer attempts to stuff a size_t - into an unsigned int. - -* [1387] BIND versions later than 8 now supported. - -* [1392] The getaddrinfo() wrapper should work better on AIX. - -* [1400] If DO_TIME is not set in the auth_context, and no replay - cache is available, no replay cache will be used. - -* [1406, 1108] libdb is no longer installed. If you installed - krb5-1.3-alpha1, you should ensure that no spurious libdb is left in - your install tree. - -* [1412] ETYPE_INFO handling no longer goes into an infinite loop. - -* [1414] libtelnet is now built using the same library build framework - as the rest of the tree. - -* [1417] A minor memory leak in krb5_read_password() has been fixed. - -* [1419] A memory leak in asn1_decode_kdc_req_body() has been fixed. - -* [1435] inet_ntop() is now emulated when needed. - -* [1439] krb5_free_pwd_sequences() now correctly frees the entire - sequence of elements. - -* [1440] errno is no longer explicitly declared. - -* [1441] kadmind should now return useful errors if an unrecognized - version is received in a changepw request. - -* [1454, 1480, 1517, 1525] The etype-info2 preauth type is now - supported. - -* [1459] (KfM/KLL internal) config file resolution can now be - prevented from accessing the user's homedir. - -* [1463] Preauth handling in the KDC has been reorganized. - -* [1470] Double-free in client-side preauth code fixed. - -* [1473] Ticket forwarding when the TGS and the end service have - different enctypes should work somewhat better now. - -* [1474] ASN.1 testsuite memory management has been cleaned up a - little to allow for memory leak checking. - -* [1476] Documentation updated to reflect default krb4 mode. - -* [1482] RFC-1964 OIDs now provided using the suggested symbolic - names. - -* [1483, 1528] KRB5_DEPRECATED is now false by default on all - platforms. - -* [1488] The KDC will now return integrity errors if a decryption - error is responsible for preauthentication failure. - -* [1492] The autom4te.cache directories are now deleted from the - release tarfiles. - -* [1501] Writable keytabs are registered by default. - -* [1515] The check for cross-realm TGTs no longer reads past the end - of an array. - -* [1518] The kdc_default_options option is now actually honored. - -* [1519] The changepw protocol implementation in kadmind now logs - password changes. - -* [1520] Documentation of OS-specific build options has been updated. - -* [1536] A missing prototype for krb5_db_iterate_ext() has been - added. - -* [1537] An incorrect path to kdc.conf show in the kdc.conf manpage - has been fixed. - -* [1540] verify_as_reply() will only check the "renew-till" time - against the "till" time if the RENEWABLE is not set in the request. - -* [1547] gssftpd no longer uses vfork(), as this was causing problems - under RedHat 9. - -* [1549] SRV records with a value of "." are now interpreted as a lack - of support for the protocol. - -* [1553] The undocumented (and confusing!) kdc_supported_enctypes - kdc.conf variable is no longer used. - -* [1560] Some spurious double-colons in password prompts have been - fixed. - -* [1571] The test suite tries a little harder to get a root shell. - -* [1573] The KfM build process now sets localstatedir=/var/db. - -* [1576, 1575] The client library no longer requests RENEWABLE_OK if - the renew lifetime is greater than the ticket lifetime. - -* [1587] A more standard autoconf test to locate the C compiler allows - for gcc to be found by default without additional configuration - arguments. - -* [1593] Replay cache filenames are now escaped with hyphens, not - backslashes. - -* [1598] MacOS 9 support removed from in-tree com_err. - -* [1602] Fixed a memory leak in make_ap_req_v1(). Thanks to Kent Wu. - -* [1604] Fixed a memory leak in krb5_gss_init_sec_context(), and an - uninitialized memory reference in kg_unseal_v1(). Thanks to Kent - Wu. - -* [1607] kerberos-iv SRV records are now documented. - -* [1610] Fixed AES credential delegation under GSSAPI. - -* [1618] ms2mit no longer inserts local addresses into tickets - converted from the MS ccache if they began as addressless tickets. - -* [1619] etype_info parser (once again) accepts extra field emitted by - Heimdal. - -* [1643] Some typos in kdc.conf.M have been fixed. - -* [1648] For consistency, leading spaces before preprocessor - directives in profile.h have been removed. - ---[ DELETE BEFORE RELEASE ---changes to unreleased code, etc.--- ]-- - -* [1054] KRB-CRED messages for RC4 are encrypted now. - -* [1177] krb5-1-2-2-branch merged onto trunk. - -* [1193] Punted comment about reworking key storage architecture. - -* [1208] install-headers target implemented. - -* [1223] asn1_decode_oid, asn1_encode_oid implemented - -* [1248] RC4 is explicitly excluded from combine_keys. - -* [1276] Generated dependencies handle --without-krb4 properly now. - -* [1339] An inadvertent change to the krb4 get_adm_hst API (strcpy vs - strncpy etc.) has been fixed. - -* [1384, 1413] Use of autoconf-2.52 in util/reconf will now cause a - warning. - -* [1388] DNS support is turned on in KfM. - -* [1391] Fix kadmind startup failure with krb4 vuln patch. - -* [1409] get_ad_tkt() now prompts for password if there are no tickets - (in KfM). - -* [1447] vts_long() and vts_short() work now. - -* [1462] KfM adds exports of set_pw calls. - -* [1477] compile_et output not used in err_txt.c. - -* [1495] KfM now exports string_to_key_with_params. - -* [1512, 1522] afs_string_to_key now works with etype_info2. - -* [1514] krb5int_populate_gic_opt returns void now. - -* [1521] Using an afs3 salt for an AES key no longer causes - segfaults. - -* [1533] krb524.h no longer contains invalid Mac pragmas. - -* [1546] krb_mk_req_creds() no longer zeros the session key. - -* [1554] The krb4 string-to-key iteration now accounts correctly for - the decrypt-in-place semantics of libdes425. - -* [1557] KerberosLoginPrivate.h is now correctly included for the use - of __KLAllowHomeDirectoryAccess() in init_os_ctx.c (for KfM). - -* [1558] KfM exports the new krb524 interface. - -* [1563] krb__get_srvtaname() no longer returns a pointer that is - free()d upon a subsequent call. - -* [1569] A debug statement has been removed from krb524init. - -* [1592] Document possible file rename lossage when building against - system libdb. - -* [1594] Darwin gets an explicit dependency of err_txt.o on - krb_err.c. - -* [1596] Calling conventions, etc. tweaked for KfW build of - krb524.dll. - -* [1600] Minor tweaks to README to improve notes on IPv6, etc. - -* [1605] Fixed a leak of subkeys in krb5_rd_rep(). - -* [1630] krb5_get_in_tkt_with_keytab() works now; previously borken by - reimplementation in terms of krb5_get_init_creds(). - -* [1642] KfM build now inherits CFLAGS and LDFLAGS from parent project. +for a complete list. Copyright Notice and Legal Administrivia ---------------------------------------- @@ -1130,7 +213,39 @@ src/lib/crypto/aes has the following copyright: in respect of any properties, including, but not limited to, correctness and fitness for purpose. - +---- The implementation of the RPCSEC_GSS authentication flavor in +src/lib/rpc has the following copyright: + + Copyright (c) 2000 The Regents of the University of Michigan. + All rights reserved. + + Copyright (c) 2000 Dug Song . + All rights reserved, all wrongs reversed. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Acknowledgements ---------------- @@ -1139,40 +254,11 @@ Appreciation Time!!!! There are far too many people to try to thank them all; many people have contributed to the development of Kerberos V5. This is only a partial listing.... -Thanks to Paul Vixie and the Internet Software Consortium for funding -the work of Barry Jaspan. This funding was invaluable for the OV -administration server integration, as well as the 1.0 release -preparation process. - -Thanks to John Linn, Scott Foote, and all of the folks at OpenVision -Technologies, Inc., who donated their administration server for use in -the MIT release of Kerberos. - -Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken -Raeburn, and all of the folks at Cygnus Support, who provided -innumerable bug fixes and portability enhancements to the Kerberos V5 -tree. Thanks especially to Jeff Bigler, for the new user and system -administrator's documentation. - -Thanks to Doug Engert from ANL for providing many bug fixes, as well -as testing to ensure DCE interoperability. - -Thanks to Ken Hornstein at NRL for providing many bug fixes and -suggestions, and for working on SAM preauthentication. - -Thanks to Matt Crawford at FNAL for bugfixes and enhancements. - -Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for -their many suggestions and bug fixes. - -Thanks to Nalin Dahyabhai of RedHat and Chris Evans for locating and -providing patches for numerous buffer overruns. - -Thanks to Christopher Thompson and Marcus Watts for discovering the -ftpd security bug. +Thanks to Kevin Coffman and the CITI group at the University of +Michigan for providing patches for implementing RPCSEC_GSS +authentication in the RPC library. -Thanks to Paul Nelson of Thursby Software Systems for implementing the -Microsoft set password protocol. +[...] Thanks to the members of the Kerberos V5 development team at MIT, both past and present: Danilo Almeida, Jeffrey Altman, Jay Berkenbilt, diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index 6ead450fc..58fab439b 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,13 @@ +2004-11-03 Tom Yu + + * ftpcmd.y (getline): Merge Athena change to reject MICed + password. + + * ftpd.M: Document '-E'. + + * ftpd.c (main): Merge Athena's '-E' changes to prohibit + unencrypted passwords. + 2004-09-22 Tom Yu * Makefile.in (ftpd): Use UTIL_LIB. diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y index db50d5bfb..bb6bbcdde 100644 --- a/src/appl/gssftp/ftpd/ftpcmd.y +++ b/src/appl/gssftp/ftpd/ftpcmd.y @@ -124,6 +124,7 @@ extern int ccc_ok; extern int timeout; extern int maxtimeout; extern int pdata; +extern int authlevel; extern char hostname[], remotehost[]; extern char proctitle[]; extern char *globerr; @@ -1150,6 +1151,18 @@ getline(s, n, iop) } #endif /* GSSAPI */ /* Other auth types go here ... */ + + /* A password should never be MICed, but the CNS ftp + * client and the pre-6/98 Krb5 client did this if you + * authenticated but didn't encrypt. + */ + if (authlevel && mic && !strncmp(s, "PASS", 4)) { + lreply(530, "There is a problem with your ftp client. Password refused."); + reply(530, "Enable encryption before logging in, or update your ftp program."); + *s = 0; + return s; + } + } #if defined KRB5_KRB4_COMPAT || defined GSSAPI /* or other auth types */ else { /* !auth_type */ diff --git a/src/appl/gssftp/ftpd/ftpd.M b/src/appl/gssftp/ftpd/ftpd.M index dc75e9b8d..b26a4bd94 100644 --- a/src/appl/gssftp/ftpd/ftpd.M +++ b/src/appl/gssftp/ftpd/ftpd.M @@ -36,8 +36,8 @@ ftpd \- DARPA Internet File Transfer Protocol server .SH SYNOPSIS .B ftpd -[\fB\-A \fP|\fB -a\fP] [\fB\-C\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB\-l\fP] -[\fB\-v\fP] [\fB\-T\fP \fImaxtimeout\fP] [\fB\-t\fP \fItimeout\fP] +[\fB\-A \fP|\fB -a\fP] [\fB\-C\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB-E\fP] +[\fB\-l\fP] [\fB\-v\fP] [\fB\-T\fP \fImaxtimeout\fP] [\fB\-t\fP \fItimeout\fP] [\fB\-p\fP \fIport\fP] [\fB\-U\fP \fIftpusers-file\fP] [\fB\-u\fP \fIumask\fP] [\fB\-r\fP \fIrealm-file\fP] [\fB\-s\fP \fIsrvtab\fP] [\fB\-w\fP{\fBip\fP|\fImaxhostlen\fP[\fB,\fP{\fBstriplocal\fP|\fBnostriplocal\fP}]}] @@ -77,6 +77,9 @@ less secure connections, and should probably only be used when debugging. .B \-d Debugging information is written to the syslog. (Identical to -v) .TP +.B \-E +Don't allow passwords to be typed across unencrypted connections. +.TP .B \-l Each .IR ftp (1) diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 6048278d7..4e3ef9064 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -293,9 +293,9 @@ main(argc, argv, envp) extern char *optarg; extern int optopt; #ifdef KRB5_KRB4_COMPAT - char *option_string = "AaCcdlp:r:s:T:t:U:u:vw:"; + char *option_string = "AaCcdElp:r:s:T:t:U:u:vw:"; #else /* !KRB5_KRB4_COMPAT */ - char *option_string = "AaCcdlp:r:T:t:U:u:vw:"; + char *option_string = "AaCcdElp:r:T:t:U:u:vw:"; #endif /* KRB5_KRB4_COMPAT */ ftpusers = _PATH_FTPUSERS_DEFAULT; @@ -328,6 +328,11 @@ main(argc, argv, envp) debug = 1; break; + case 'E': + if (!authlevel) + authlevel = AUTHLEVEL_AUTHENTICATE; + break; + case 'l': logging ++; break; diff --git a/src/include/ChangeLog b/src/include/ChangeLog index f3e2ae9e3..c9837b3d4 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,7 @@ +2004-10-29 Ken Raeburn + + * fake-addrinfo.h: Include errno.h earlier. + 2004-10-28 Ken Raeburn * k5-thread.h (return_after_yield, k5_mutex_lock) [__GNUC__]: Add diff --git a/src/include/fake-addrinfo.h b/src/include/fake-addrinfo.h index cc23a3f7d..9ed8d406e 100644 --- a/src/include/fake-addrinfo.h +++ b/src/include/fake-addrinfo.h @@ -105,6 +105,7 @@ #include "k5-thread.h" #include /* for sprintf */ +#include #ifdef S_SPLINT_S /*@-incondefs@*/ @@ -967,7 +968,6 @@ fake_getaddrinfo (const char *name, const char *serv, } #ifdef NEED_FAKE_GETNAMEINFO -#include static inline int fake_getnameinfo (const struct sockaddr *sa, socklen_t len, char *host, socklen_t hostlen, @@ -1058,7 +1058,6 @@ fake_getnameinfo (const struct sockaddr *sa, socklen_t len, } #endif -#include #if defined(HAVE_FAKE_GETADDRINFO) || defined(NEED_FAKE_GETNAMEINFO) static inline diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index c28350461..baeeb800e 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,8 @@ +2004-11-15 Sam Hartman + + * t_prng.expected t_prng.reseedtest-expected : Update expected + PRNG test output and confirm that reseeds and gates happen correctly. + 2004-06-16 Ken Raeburn * Makefile.in (MAC_SUBDIRS): Don't set. diff --git a/src/lib/crypto/t_prng.expected b/src/lib/crypto/t_prng.expected index 70b8b5ae4..f7f165051 100644 --- a/src/lib/crypto/t_prng.expected +++ b/src/lib/crypto/t_prng.expected @@ -1,4 +1,4 @@ -18086b1e91f730facb2d6e1b -c562653b24814eb3651b1e68301a3c14b96302bb -6d017f7aef74662ed8dd51eef14281eaad223298db370bfaca -30c04231cb3de404e4b8a5359a74066fd963291d7986be835834ab07870c097682a953bfff38784780eef844de47fb36c34f8e034c96cfa64d9cb5decee472138236e9fb79e9fe1fba6b7757b970f22477d167832206900473f09f3e8c822db6d9a8273340ed6743d99638d6cf192d821b6f33d23278b1a929f303a80865c426d01add11b2f2416babd13e70b44d8eeb731c09c7163af9d1a23cbe20ddb08b0f67ecaa2eed511263a67e9c12e59ef113f0b9e4e4e140b43896078a7571c61826ba099b3dd8c4b096a9785b4434e97ea99e662ba6fdb60a41547ccae4c67d3e1f3ef515198e91f009c75c9e80fda90d13ee29d8aad5d87cc2437ce60e6ce55700837fb0815bfd2495f8aa1a33fe67c1ae28a885506a78ca6257f5a5f2a8042e28680acc83b1aecb3a9cb51911126f2f0deaf14fcfa5f165e9a5c3f8f2d1c3f4683b2d75927a7bc802d63b680a5e22768cc0439854ccd49e58a002794f541bddd6ef6fbd4f9869843a72d0ae9d438c90353a46c0c9863a16b1de206c717ab7ce6ea6f648a38efa12b70bbe3388b35adec7a789ea98de217520d7d6ce699841e17e5946bf5a8b3c7a2c3e2d6767422baf3159ff08d913ec78011ab7d34bc24af26c24a8d46f7261c7705a7b270e27590c29583c659a0df8dada4e7a0532f115040165d18f74a55a4f39bb1dcfd865e94a488ca910cc447e121b2a19450239e75d24 +d2f8fbd707a8ece5cb11a02f +eb4cb6e06236ea1c0529f7acbfca8d78cb85bb1d +a244005ae870604342b0386025874ec4306c1dd483c118621b +63e6408afdf9fd225839a7afcc6da6ae494fb4f82bd21ea06bb17ca0848bdae8cea671f545aac52699951caba960c536024b4102f47d61d61fd7b17582a4cf50ba7d215062558f71483249e079689893f3bf25def7f45f9e852281269904d401d6719e3115f6410088c6c5171e878494362684d2116633bb9ea8d9ed5faec73cb076c44d5d639bc2c8ae3de54f0e1e092d5ea439e607e9cd73053bbdf40723f5b48f298fdeeef845e22e06f2f6362fc67fba366e638a7988999d456dcc3d53b23388d685620a7c446d28cd94b13049761b64779db5412e78ac4bab2aacf103fd1b9ceb7213d43710d6a46fd4223fa20e0a68d3e16a82cbadea650ba815dc9ee99b4eb8e2acdac866a05d90ab9de3246db0560fb4b36633bb642c3ea9bf358937dda743f9cef1148791c2cac58995b8eb8fdb1c0cce1686e04ebef5ae7aae36691faafbe8920d3c013f125b687eb019faefa70fc750c52e2e2e33f426824bf1da31268a9bb8d9501f2290375755f8bf77b46639346b4011b78ce9d81105c7791ec5991a2f1eab037488b604df1a21c5c4e36a7c76dca5884d36e30fe8d30d0e7d93fab72062219390655eace2b434b0e2cd21ec9c5a8aa13e783afadcdf386fc43b960c518acb38d7e3da2f67695c1c1c25c4f251b40f4c2e42e89f6f642c32e66159f6ce24aa910fb5d95e3a899a4de5efcf570996e1a662d14362b65d00524df79cd56be93bd572526e4dfd1cf9f7586bc021105cf5456b28c1f45a6d354d000a113e15f64aa0b5253830c07afc8fa47b58dbba8bbae1645b2093035f2387036229dec6f7141b444b8bb7d0382a742bd5c746ba2d7af3af1cadb2dd90bda87d5daed2d2eebd243c7b2d06955d0cc7fe1061d4cfa3b061aaeb97084d9f9a7ec9dbe9e642f4f090d57b5ea1bd8b393f00896d3dc7089e1fc4c2fed7336c2a8c6d119a682c6cc4ae1ccedd30292f2c5570bf4d6287ce8e20b8b34e7fc38e87273f588cd33b8c913defaee5f6bf8fdeda72531c845a6f97a84d5e9b9a6497d4c48614dee7693df35faedc008fded852be8d4bffd475476336e54ed48a827b99d3f0e39019a40d43aef5ae522ec6e280f6a8e7d2713f3c3188bed2476a84af5a5afefa0fa178ed07de0e073693e8790f8bbd0cf9183e48f140b556e723565c382cf7a4c186748189a14e603e4ac70e2b80c266334231207721d16d834a973b48cfec584620624686603cfd66d55dbf8dd8eccd99d85f041c624ec3a7bec314af95d2313afd43cc5cc19249cf85b7ab0b5a4530b597341e7477b249fef1a07eb0d8fa790e9bce752e8b2f7086e98ab44751e0a1b37f29682ce67c0de7a2fd036f26ed719fc343bbf49432aec651d884c99c24d5943c747f7ec3b48d4c2236a8cb6151794daeda073774cc88ff121fdd423b81ef2f34c8f281ca2e5366faee87ff7a623484f2937cc0680ed76ead32b43cb6c67a21f8089b435f38a404d267397c6435cfac16591a3573d9e92f8c4a8028719c22662b903ddb16e08ea7bb2d6b8938c06bdddb4d174c7f2c5d812ed3a34ba8859a1ae841b3b9d5522372018c9aa55b048df826f05a087f185808cb66899f320783a1c4aa2dcd5f2665405ba7e5726e122b67559a39da30956e49fe7711d1b2506e159c5ea42ce0a1ad497220ee3b3e5ebcb73db975bd08e8be56e5f4533b8295b10d4b0fef466de6540f8fe10530c9716d83a12f5ffbba5b4dbc50ed89388d04e7a15d3d9d251041ed5303efa2525bc62a5aeb821f7838676811784584534be8a7fc667f09c3fe1bbf7d0aad29324f562086ecb8326829413867 diff --git a/src/lib/crypto/t_prng.reseedtest-expected b/src/lib/crypto/t_prng.reseedtest-expected index af9b02b04..d7b50801e 100644 --- a/src/lib/crypto/t_prng.reseedtest-expected +++ b/src/lib/crypto/t_prng.reseedtest-expected @@ -1 +1 @@ -7a2f63cdd9b0bfae94b75ee554be49ff8e7bc82e +fd543f42aded9bd725c9b05682cd0f504c1b33d1 diff --git a/src/lib/crypto/t_prng.seed b/src/lib/crypto/t_prng.seed index 0b3c7033d..79f4f6458 100644 --- a/src/lib/crypto/t_prng.seed +++ b/src/lib/crypto/t_prng.seed @@ -22,4 +22,4 @@ de 7c f0 c5 6a 37 0b 34 f4 0c 3a 19 31 eb 66 f1 ae 5f c6 a3 64 3f 2e a9 76 e1 87 93 df b6 94 86 bd 96 57 3f 31 e6 88 8c -512 +1290 diff --git a/src/lib/crypto/yarrow/ChangeLog b/src/lib/crypto/yarrow/ChangeLog index 38d6fe7c6..40a60157b 100644 --- a/src/lib/crypto/yarrow/ChangeLog +++ b/src/lib/crypto/yarrow/ChangeLog @@ -1,3 +1,7 @@ +2004-11-15 Sam Hartman + + * ycipher.h: Use AES256 not 3des + 2004-06-04 Ken Raeburn * yarrow.c (yarrow_str_error): Now const. diff --git a/src/lib/crypto/yarrow/ycipher.h b/src/lib/crypto/yarrow/ycipher.h index c858c6dd8..96999c0db 100644 --- a/src/lib/crypto/yarrow/ycipher.h +++ b/src/lib/crypto/yarrow/ycipher.h @@ -17,15 +17,15 @@ typedef struct * call the enc_provider function to get the info. */ -#define yarrow_enc_provider krb5int_enc_des3 +#define yarrow_enc_provider krb5int_enc_aes256 -#define CIPHER_BLOCK_SIZE 8 -#define CIPHER_KEY_SIZE 21 +#define CIPHER_BLOCK_SIZE 16 +#define CIPHER_KEY_SIZE 32 #if defined( YARROW_NO_MATHLIB ) /* see macros at end for functions evaluated */ -#define POW_CIPHER_KEY_SIZE 72057594037927936.0 -#define POW_CIPHER_BLOCK_SIZE 18446744073709551616.0 +#define POW_CIPHER_KEY_SIZE 115792089237316195423570985008687907853269984665640564039457584007913129639936.0 +#define POW_CIPHER_BLOCK_SIZE 340282366920938463463374607431768211456.0 #endif diff --git a/src/mac/MacOSX/Projects/GSS.pbexp b/src/mac/MacOSX/Projects/GSS.pbexp index e61e856e7..6c2e4137a 100644 --- a/src/mac/MacOSX/Projects/GSS.pbexp +++ b/src/mac/MacOSX/Projects/GSS.pbexp @@ -94,3 +94,17 @@ _gss_nt_exported_name # _GSS_KRB5_NT_PRINCIPAL_NAME + +# +# GSS-API krb5 symbols from gssapi_krb5.h +# + +_gss_mech_krb5 +_gss_mech_krb5_old +_gss_mech_set_krb5 +_gss_mech_set_krb5_both +_gss_mech_set_krb5_old + +_gss_nt_krb5_name +_gss_nt_krb5_principal +_krb5_gss_oid_array diff --git a/src/mac/MacOSX/Projects/Kerberos5.pbproj/project.pbxproj b/src/mac/MacOSX/Projects/Kerberos5.pbproj/project.pbxproj index 66c6311a8..853af0e53 100644 --- a/src/mac/MacOSX/Projects/Kerberos5.pbproj/project.pbxproj +++ b/src/mac/MacOSX/Projects/Kerberos5.pbproj/project.pbxproj @@ -1755,6 +1755,12 @@ refType = 4; sourceTree = ""; }; + A14E78E90725B12A00A025E3 = { + fileRef = F517327003F1B65901120114; + isa = PBXBuildFile; + settings = { + }; + }; A166BCC3040D36F8004AA618 = { fileEncoding = 4; isa = PBXFileReference; @@ -3201,7 +3207,7 @@ DYLIB_CURRENT_VERSION = 1; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h; - HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include"; + HEADER_SEARCH_PATHS = "$(SRCROOT)/../Sources/lib/crypto/des $(SRCROOT)/../Sources/include $(SRCROOT)/../Sources/include/krb5 $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include/krb5"; LIBRARY_STYLE = STATIC; PRODUCT_NAME = KerberosDES; REZ_EXECUTABLE = YES; @@ -3226,6 +3232,7 @@ buildActionMask = 2147483647; files = ( A1AB1DEF05DDC40100526345, + A14E78E90725B12A00A025E3, ); isa = PBXHeadersBuildPhase; runOnlyForDeploymentPostprocessing = 0; @@ -3377,7 +3384,7 @@ DYLIB_CURRENT_VERSION = 1; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h; - HEADER_SEARCH_PATHS = "$(SRCROOT)/../../Common/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include"; + HEADER_SEARCH_PATHS = "$(SRCROOT)/../../Common/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(SRCROOT)/../Sources/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include/krb5"; LIBRARY_STYLE = STATIC; PRODUCT_NAME = KerberosProfile; REZ_EXECUTABLE = YES; @@ -3524,7 +3531,7 @@ DYLIB_CURRENT_VERSION = 1; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h; - HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/ErrorTables $(SRCROOT)/../../Common/Headers $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosDebug/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(SRCROOT)/../../CredentialsCache/Headers $(SRCROOT)/../../CredentialsCache/Headers/Kerberos $(SRCROOT)/../../KerberosLogin/Headers $(SRCROOT)/../../KerberosLogin/Headers/Kerberos"; + HEADER_SEARCH_PATHS = "$(SRCROOT)/../Sources/include $(SRCROOT)/../Sources/include/krb5 $(SRCROOT)/../Sources/include/kerberosIV $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include/krb5 $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/ErrorTables $(SRCROOT)/../../Common/Headers $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosDebug/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(SRCROOT)/../../CredentialsCache/Headers $(SRCROOT)/../../CredentialsCache/Headers/Kerberos $(SRCROOT)/../../KerberosLogin/Headers $(SRCROOT)/../../KerberosLogin/Headers/Kerberos"; LIBRARY_STYLE = STATIC; PRODUCT_NAME = Kerberos4; REZ_EXECUTABLE = YES; @@ -3985,7 +3992,7 @@ DYLIB_CURRENT_VERSION = 1; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h; - HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(SRCROOT)/../Sources/include $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(SRCROOT)/../../CredentialsCache/Headers $(SRCROOT)/../../CredentialsCache/Headers/Kerberos $(SRCROOT)/../../KerberosLogin/Headers $(SRCROOT)/../../KerberosLogin/Headers/Kerberos"; + HEADER_SEARCH_PATHS = "$(SRCROOT)/../Sources/ $(SRCROOT)/../Sources/include $(SRCROOT)/../Sources/include/krb5 $(SRCROOT)/../Sources/lib/crypto/aes $(SRCROOT)/../Sources/lib/crypto $(SRCROOT)/../Sources/lib/crypto/arcfour $(SRCROOT)/../Sources/lib/crypto/enc_provider $(SRCROOT)/../Sources/lib/crypto/crc32 $(SRCROOT)/../Sources/lib/crypto/des $(SRCROOT)/../Sources/lib/crypto/dk $(SRCROOT)/../Sources/lib/crypto/hash_provider $(SRCROOT)/../Sources/lib/crypto/keyhash_provider $(SRCROOT)/../Sources/lib/crypto/md4 $(SRCROOT)/../Sources/lib/crypto/md5 $(SRCROOT)/../Sources/lib/crypto/old $(SRCROOT)/../Sources/lib/crypto/raw $(SRCROOT)/../Sources/lib/crypto/sha1 $(SRCROOT)/../Sources/lib/crypto/yarrow $(SRCROOT)/../Sources/lib/krb5/os $(SRCROOT)/../Sources/lib/krb5/keytab $(SRCROOT)/../Sources/lib/krb5/rcache $(SRCROOT)/../Sources/lib/krb5/ccache $(SRCROOT)/../Sources/lib/krb5/ccache/ccapi $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include/krb5 $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/ErrorTables $(SRCROOT)/../Sources/include $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos $(SRCROOT)/../../CredentialsCache/Headers $(SRCROOT)/../../CredentialsCache/Headers/Kerberos $(SRCROOT)/../../KerberosLogin/Headers $(SRCROOT)/../../KerberosLogin/Headers/Kerberos"; LIBRARY_STYLE = STATIC; PRODUCT_NAME = Kerberos5; REZ_EXECUTABLE = YES; @@ -6138,7 +6145,7 @@ DYLIB_CURRENT_VERSION = 1; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = ../Sources/mac/MacOSX/Headers/Kerberos5Prefix.h; - HEADER_SEARCH_PATHS = "$(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos"; + HEADER_SEARCH_PATHS = "$(SRCROOT)/../Sources/include $(SRCROOT)/../Sources/include/krb5 $(SRCROOT)/../Sources/lib/gssapi $(SRCROOT)/../Sources/lib/gssapi/krb5 $(SRCROOT)/../Sources/lib/gssapi/generic $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/ErrorTables $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include/krb5 $(BUILT_PRODUCTS_DIR)/Kerberos5.intermediates/include/gssapi $(SRCROOT)/../../KerberosErrors/Headers $(SRCROOT)/../../KerberosErrors/Headers/Kerberos"; LIBRARY_STYLE = STATIC; PRODUCT_NAME = GSS; REZ_EXECUTABLE = YES; diff --git a/src/mac/MacOSX/Projects/KerberosProfile.pbexp b/src/mac/MacOSX/Projects/KerberosProfile.pbexp index 9033b54ea..d6fc152af 100644 --- a/src/mac/MacOSX/Projects/KerberosProfile.pbexp +++ b/src/mac/MacOSX/Projects/KerberosProfile.pbexp @@ -7,7 +7,12 @@ _profile_init _profile_init_path _FSp_profile_init _FSp_profile_init_path +_profile_is_writable +_profile_is_modified _profile_flush +_profile_flush_to_file +_profile_flush_to_buffer +_profile_free_buffer _profile_abandon _profile_release _profile_get_values diff --git a/src/patchlevel.h b/src/patchlevel.h index a5206281a..9aaa9dd36 100644 --- a/src/patchlevel.h +++ b/src/patchlevel.h @@ -53,6 +53,6 @@ #define KRB5_MAJOR_RELEASE 1 #define KRB5_MINOR_RELEASE 4 #define KRB5_PATCHLEVEL 0 -#define KRB5_RELTAIL "prerelease" +#define KRB5_RELTAIL "beta1" /* #undef KRB5_RELDATE */ -/* #undef KRB5_RELTAG */ +#define KRB5_RELTAG "krb5-1-4-beta1" diff --git a/src/util/ChangeLog b/src/util/ChangeLog index 990ca78cf..4de8fce38 100644 --- a/src/util/ChangeLog +++ b/src/util/ChangeLog @@ -1,3 +1,8 @@ +2004-10-31 Tom Yu + + * mkrel: Rework quoting for RELTAIL check. Don't check RELTAIL if + doing a "-current" snapshot. + 2004-09-24 Tom Yu * mkrel: Rework somewhat to handle patchlevel.h being the new diff --git a/src/util/et/ChangeLog b/src/util/et/ChangeLog index 934983400..e9b0e232b 100644 --- a/src/util/et/ChangeLog +++ b/src/util/et/ChangeLog @@ -1,3 +1,9 @@ +2004-11-05 Ken Raeburn + + * et_h.awk: Declare initialize_*_error_table as taking no + arguments. + * et_h.pl: Regenerated. + 2004-10-07 Tom Yu * et_c.awk, et_h.awk: Fix off-by-one error. diff --git a/src/util/et/et_h.awk b/src/util/et/et_h.awk index e3d9fa4c7..65c6c453f 100644 --- a/src/util/et/et_h.awk +++ b/src/util/et/et_h.awk @@ -155,7 +155,7 @@ END { print "" > outfile print "#if !defined(_WIN32)" > outfile print "/* for compatibility with older versions... */" > outfile - print "extern void initialize_" table_name "_error_table () /*@modifies internalState@*/;" > outfile + print "extern void initialize_" table_name "_error_table (void) /*@modifies internalState@*/;" > outfile print "#else" > outfile print "#define initialize_" table_name "_error_table()" > outfile print "#endif" > outfile diff --git a/src/util/et/et_h.pl b/src/util/et/et_h.pl index e0965de4d..5ab8e8b46 100644 --- a/src/util/et/et_h.pl +++ b/src/util/et/et_h.pl @@ -203,7 +203,7 @@ else { &Pick('>', $outfile) && (print $fh 'extern void initialize_' . $table_name . - '_error_table () /*@modifies internalState@*/;'); + '_error_table (void) /*@modifies internalState@*/;'); &Pick('>', $outfile) && (print $fh '#else'); &Pick('>', $outfile) && diff --git a/src/util/mkrel b/src/util/mkrel index 97a08d126..804dd5f90 100644 --- a/src/util/mkrel +++ b/src/util/mkrel @@ -120,10 +120,11 @@ if test $newstyle = t; then if test "$KRB5_RELTAG" != $reltag; then echo "WARNING: patchlevel.h '$KRB5_RELTAG' != $reltag" fi - if test "$KRB5_MAJOR_RELEASE" != $relmajor || \ - test "$KRB5_MINOR_RELEASE" != $relminor || \ - test "$KRB5_PATCHLEVEL" != $relpatch || \ - test "$KRB5_RELTAIL" != $reltail; then + if test "$KRB5_MAJOR_RELEASE" != "$relmajor" || \ + test "$KRB5_MINOR_RELEASE" != "$relminor" || \ + test "$KRB5_PATCHLEVEL" != "$relpatch" || \ + ( test -n "$reltail" && \ + test "$KRB5_RELTAIL" != "$reltail" ); then echo "WARNING: patchlevel.h $KRB5_MAJOR_RELEASE.$KRB5_MINOR_RELEASE.$KRB5_PATCHLEVEL${KRB5_RELTAIL+-$KRB5_RELTAIL} != $relmajor.$relminor.$relpatch${reltail+-$reltail}" fi diff --git a/src/util/profile/ChangeLog b/src/util/profile/ChangeLog index 1366bd4d1..b736e5d08 100644 --- a/src/util/profile/ChangeLog +++ b/src/util/profile/ChangeLog @@ -1,3 +1,16 @@ +2004-11-04 Alexandra Ellwood + + * prof_init.c, profile.hin: added profile_is_modified + and profile_is_writable so that callers can check to see + if profile_release() will fail before calling it. + +2004-11-04 Alexandra Ellwood + + * prof_set.c: profile calls which set values should not fail + if file is not writable. You can now write to a different + file with profile_flush_to_file() or buffer with + profile_flush_to_buffer(). + 2004-10-26 Ken Raeburn Permit exporting profile file data into a buffer. diff --git a/src/util/profile/prof_init.c b/src/util/profile/prof_init.c index 02d61ee1f..0be2a0e53 100644 --- a/src/util/profile/prof_init.c +++ b/src/util/profile/prof_init.c @@ -120,6 +120,36 @@ profile_init_path(const_profile_filespec_list_t filepath, return retval; } +errcode_t KRB5_CALLCONV +profile_is_writable(profile_t profile, int *writable) +{ + if (!profile || profile->magic != PROF_MAGIC_PROFILE) + return PROF_MAGIC_PROFILE; + + if (!writable) + return EINVAL; + + if (profile->first_file) + *writable = (profile->first_file->data->flags & PROFILE_FILE_RW); + + return 0; +} + +errcode_t KRB5_CALLCONV +profile_is_modified(profile_t profile, int *modified) +{ + if (!profile || profile->magic != PROF_MAGIC_PROFILE) + return PROF_MAGIC_PROFILE; + + if (!modified) + return EINVAL; + + if (profile->first_file) + *modified = (profile->first_file->data->flags & PROFILE_FILE_DIRTY); + + return 0; +} + errcode_t KRB5_CALLCONV profile_flush(profile_t profile) { diff --git a/src/util/profile/prof_set.c b/src/util/profile/prof_set.c index 67274c23f..85f228630 100644 --- a/src/util/profile/prof_set.c +++ b/src/util/profile/prof_set.c @@ -33,9 +33,6 @@ static errcode_t rw_setup(profile_t profile) file = profile->first_file; - if (!(file->data->flags & PROFILE_FILE_RW)) - return PROF_READ_ONLY; - retval = profile_lock_global(); if (retval) return retval; diff --git a/src/util/profile/profile.hin b/src/util/profile/profile.hin index ec822ca8b..10abe725a 100644 --- a/src/util/profile/profile.hin +++ b/src/util/profile/profile.hin @@ -54,6 +54,11 @@ long KRB5_CALLCONV profile_flush_to_buffer void KRB5_CALLCONV profile_free_buffer (profile_t profile, char *buf); +long KRB5_CALLCONV profile_is_writable + (profile_t profile, int *writable); +long KRB5_CALLCONV profile_is_modified + (profile_t profile, int *modified); + void KRB5_CALLCONV profile_abandon (profile_t profile); -- 2.26.2