krb5.git/src/lib/krb5/krb, branch master Unnamed repository; edit this file 'description' to name the repository. Use preauth options when changing password 2014-03-03T16:58:58+00:00 Greg Hudson ghudson@mit.edu 2014-02-28T19:49:35+00:00 9f9c4acd9629913d2ff197e0f4994d091f2073d5 If we try to change the password in rb5_get_init_creds_password, we must use all application-specified gic options which affect preauthentication when getting the kadmin/changepw ticket. Create a helper function make_chpw_options which copies the application's options, unsets the options we don't want, and sets options appropriate for a temporary ticket. ticket: 7868 
If we try to change the password in rb5_get_init_creds_password, we
must use all application-specified gic options which affect
preauthentication when getting the kadmin/changepw ticket.  Create a
helper function make_chpw_options which copies the application's
options, unsets the options we don't want, and sets options
appropriate for a temporary ticket.

ticket: 7868
Eliminate internal fixed-width type wrappers 2014-02-26T21:15:20+00:00 Greg Hudson ghudson@mit.edu 2014-02-01T21:26:51+00:00 1041af9f85e4be342339475cf5c8878fef1de10d Directly use stdint.h names for integer types in preference to the various internal names we have made up for them. 
Directly use stdint.h names for integer types in preference to the
various internal names we have made up for them.
Support referrals from Windows Server 2003 2014-02-18T20:20:15+00:00 Nate Rosenblum nater@maginatics.com 2013-12-23T21:21:44+00:00 3093b92734adfe2deb9ad6bad5a221acc967fd8b Although RFC 6806 Section 7 requires servers to indicate a client referral in a WRONG_REALM message, Microsoft Windows Server 2003 returns this information in a message with error code PRINCIPAL_UNKNOWN. Failure to follow the referral in these messages prevents referral chasing in Windows Server 2003 forests. Detect referral messages of this type by checking for a non-empty client.realm field in the response, and activate the referral logic in these cases. [tlyu@mit.edu: style, comments, and commit message] ticket: 7856 (new) target_version: 1.12.2 tags: pullup 
Although RFC 6806 Section 7 requires servers to indicate a client
referral in a WRONG_REALM message, Microsoft Windows Server 2003
returns this information in a message with error code
PRINCIPAL_UNKNOWN.  Failure to follow the referral in these messages
prevents referral chasing in Windows Server 2003 forests.  Detect
referral messages of this type by checking for a non-empty
client.realm field in the response, and activate the referral logic in
these cases.

[tlyu@mit.edu: style, comments, and commit message]

ticket: 7856 (new)
target_version: 1.12.2
tags: pullup
Fix SAM-2 preauth when password argument is used 2014-02-12T03:50:02+00:00 Greg Hudson ghudson@mit.edu 2014-02-12T01:00:51+00:00 3bedfe7c3724b0d22c72d1684f1cf76cfb600fdd sam2_process accesses gak_data to get the password, so that it can do string-to-key with the etype in the SAM-2 challenge. When #7642 changed gic_pwd.c to use struct gak_password instead of krb5_data, sam2_process wasn't altered to match. We don't see a problem when the password is read through the prompter (as with kinit), because the password winds up in the storage field at the beginning of the gak_password structure. But when a password is supplied as a parameter (as with ksu), the storage field is empty and we get the wrong answer from sam2_process. ticket: 7862 target_version: 1.12.2 tags: pullup 
sam2_process accesses gak_data to get the password, so that it can do
string-to-key with the etype in the SAM-2 challenge.  When #7642
changed gic_pwd.c to use struct gak_password instead of krb5_data,
sam2_process wasn't altered to match.  We don't see a problem when the
password is read through the prompter (as with kinit), because the
password winds up in the storage field at the beginning of the
gak_password structure.  But when a password is supplied as a
parameter (as with ksu), the storage field is empty and we get the
wrong answer from sam2_process.

ticket: 7862
target_version: 1.12.2
tags: pullup
make depend 2013-12-21T04:13:57+00:00 Greg Hudson ghudson@mit.edu 2013-12-21T04:13:57+00:00 f5d5fa24c6c58b54349351beaea8220f5ca0f3ef 






Fix typo that broke 'make clean'
2013-12-20T16:06:19+00:00

Zhanna Tsitkov
tsitkova@mit.edu

2013-12-20T16:06:19+00:00

28633f186a943721b6948875ca85a4a34bc87da4

Missing $





Missing $







Add a test program for krb5_copy_context
2013-12-18T21:56:52+00:00

Greg Hudson
ghudson@mit.edu

2013-12-18T18:08:25+00:00

b78c3c8c5025aec870d20472f80d4a652062f921

This test program isn't completely proof against the kind of mistakes
we've made with krb5_copy_context in the past, but it at least
exercises krb5_copy_context and can detect some kinds of bugs.

ticket: 7807





This test program isn't completely proof against the kind of mistakes
we've made with krb5_copy_context in the past, but it at least
exercises krb5_copy_context and can detect some kinds of bugs.

ticket: 7807







Fix krb5_copy_context
2013-12-18T21:56:52+00:00

Greg Hudson
ghudson@mit.edu

2013-12-18T20:03:03+00:00

c452644d91d57d8b05ef396a029e34d0c7a48920

krb5_copy_context has been broken since 1.8 (it broke in r22456)
because k5_copy_etypes crashes on null enctype lists.  Subsequent
additions to the context structure were not reflected in
krb5_copy_context, creating double-free bugs.  Make k5_copy_etypes
handle null input and account for all new fields in krb5_copy_context.
Reported by Arran Cudbard-Bell.

ticket: 7807 (new)
target_version: 1.12.1
tags: pullup





krb5_copy_context has been broken since 1.8 (it broke in r22456)
because k5_copy_etypes crashes on null enctype lists.  Subsequent
additions to the context structure were not reflected in
krb5_copy_context, creating double-free bugs.  Make k5_copy_etypes
handle null input and account for all new fields in krb5_copy_context.
Reported by Arran Cudbard-Bell.

ticket: 7807 (new)
target_version: 1.12.1
tags: pullup







Remove unused krb5_context fields
2013-12-18T17:16:23+00:00

Greg Hudson
ghudson@mit.edu

2013-12-18T16:59:56+00:00

c91f2a285e77e71bd283483d583c68e76eb3a0dd

The vtbl and locate_fptrs fields were ostensibly related to the locate
pluggable interface, but weren't actually used.





The vtbl and locate_fptrs fields were ostensibly related to the locate
pluggable interface, but weren't actually used.







make depend
2013-12-11T03:24:03+00:00

Tom Yu
tlyu@mit.edu

2013-12-11T03:24:03+00:00

88bc9cfb9bcbdb0daffe02db5bdb8e22d14b6853