| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
We started generating gssapi_krb5.h from gssapi_krb5.hin when we
needed to use a 64-bit type for lucid contexts. Since we can now
assume a standard name for 64-bit types, we can stop generating the
header.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Get rid of the caller parameter. The kproplog semantics (without -R)
for mapping the ulog are simple and almost completely different from
other users of the ulog, so implement them as a static helper in
kproplog. With hierarchical iprop, kpropd will need the same
semantics as FKCOMMAND and FKADMIND, which were already identical.
Get rid of the db_args parameter, since ulog_map no longer opens the
database after #7552.
Remove an inoperative lseek() call when creating a new ulog file.
Rename ulog_filesize to filesize and compute it from scratch each time
we use it, for easier analysis. If kdb_hmagic is zero, init the ulog
header but don't skip the rest of the function; it's possible that we
need to expand the ulog file. Remove an unneeded conditional before
calling extend_file_to for an existing ulog.
ticket: 7855
|
|
|
|
|
|
|
|
|
| |
Use various standard C library functions rather than rolling our own.
Previous code spent many lines reimplementing realloc(), strpbrk(),
strtok_r(), etc.
Make a separate string_to_keysalt() parser for an individual keysalt
pair, which for now is private and destructive.
|
|
|
|
|
|
|
|
|
|
| |
Make krb5_string_to_keysalts() default to only ":" as a key:salt
separator character. Change most of its callers to pass NULL so they
get the default separators.
Adapted from a patch proposed by Jon Looney.
ticket: 884
|
|
|
|
|
|
|
|
| |
krb5_string_to_keysalts() treats an empty salt field as -1 ("ignore"),
rather than as the normal salttype. Default to normal instead, so
that omitting a salttype works as expected.
ticket: 6042
|
|
|
|
| |
ticket: 7800
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, if you passed a service name with a realm part to a
kadm5_init function, you would get a KRB5_PARSE_MALFORMED error
because the code would internally append its own '@realm' suffix
before parsing the name. Fix this as follows:
Change gic_iter so instead of producing a full service name, it
produces a krb5_principal which is taken from the cred it acquires.
Pass the client and full service name around as principals, rather
than strings, and use the gss_nt_krb5_principal name type to import
them in setup_gss(). Don't append a realm to the input service name;
instead, pass the input service name directly to the gic functions
(which do not need a realm in the service name and will ignore the
realm if one is present). For the INIT_CREDS case, parse the input
service name with KRB5_PRINCIPAL_PARSE_IGNORE_REALM and then set the
realm.
ticket: 7800
|
|
|
|
|
|
|
|
|
|
|
| |
The "realm" variable in init_any is used only to fill in the realm of
the service principal in gic_iter(). The service principal realm
should always be the realm we looked up config parameters for, so we
can supply that realm to get_init_creds() unconditionally and
eliminate the case where we use the client principal realm.
Also get rid of an outdated comment and an #if 0 block we will never
need again, and use SNPRINTF_OVERFLOW to check the snprintf result.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kprop code has been pretty unloved, and uses some routines that
are marked as deprecated (which show up as warnings in the build log).
Use the documented replacement for krb5_get_in_tkt_with_keytab,
krb5_get_init_creds_keytab, instead. As a bonus, there is no longer
a side effect of a credentials cache that needs to be destroyed.
The also-deprecated function krb5_get_in_tkt_with_skey was backending
to it when no keyblock was passed in; we can unroll the call to
krb5_get_init_creds_keytab ourselves as the documented workaround.
While here, improve style compliance with regards to cleanup.
The setkey test just wants to know whether it can use the key it
just put into a keytab to get credentials; as such the recommended
krb5_get_init_creds_keytab is quite sufficient.
While here, use that interface to request the particular enctype
as well, reducing the scope of an XXX comment.
ticket: 6366
|
|
|
|
|
|
|
|
|
|
|
| |
"kdb5_util use_mkey" should not require a kadmind restart to take
effect. At the cost of fetching the K/M principal once for each key
change operation, make kadmind use the current active master key list
for each operation.
ticket: 7685
target_version: 1.12
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Add kadmin support for "addprinc -nokey", which creates a principal
with no keys, and "purgekeys -all", which deletes all keys from a
principal. The KDC was modified by #7630 to support principals
without keys.
ticket: 7679 (new)
|
|
|
|
|
|
|
|
| |
When we allocate space for an array of key_data structures, make sure
we allocate at least one, so we don't spuriously fail on platforms
where malloc(0) returns NULL. Where we use malloc, use k5calloc
instead. Where we use krb5_db_alloc or realloc, just allocate an
extra entry.
|
|
|
|
|
| |
Wherever we use k5alloc with a multiplication in the size parameter,,
use the new k5calloc helper function instead.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the gak_data value used by krb5_get_as_key_password, separate the
already-known password from the storage we might have allocated to put
it in, so that we no longer use an empty data buffer to determine
whether we know the password. This allows empty passwords to work via
the API.
Remove the kadm5 test which explicitly uses an empty password.
Based on a patch from Stef Walter.
ticket: 7642
|
|
|
|
|
|
|
|
|
| |
Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make
sure to use DEFINES for local defines (not DEFS). Remove some other
unnecessary makefile content.
|
| |
|
|
|
|
|
|
| |
Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity. Reformat some k5buf implementation code to match current
practices.
|
|
|
|
|
|
| |
Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.
|
|
|
|
|
|
|
| |
Read realm parameters directly from the profile in the KDC's
init_realm(), getting rid of the intermediate krb5_realm_params
structure. Then get rid of krb5_realm_params and
krb5_read_realm_params, since nothing else uses it.
|
|
|
|
|
|
|
| |
krb5_realm_params is only consumed by the KDC (everything else uses
kadm5_config_params), so only needs to contain fields used by the KDC.
Get rid of everything else. Also get rid of realm_profile, which is
read in by KDC code but never used (and was never set anyway).
|
|
|
|
|
|
| |
Get rid of K&R-style function headers, format code and comments
consistently according to current conventions, rename some variables
using idiomatic names, and de-indent some nested control blocks.
|
|
|
|
|
|
|
|
|
|
|
| |
Remove some unnecessary optimizations to reduce code complexity. Get
rid of krb5_match_config_pattern in favor of a simpler helper function
in do_tgs_req_c. Get rid of KRB5_CONF_ASTERISK and just use "*"
instead. Use a helper function to combine [kdcdefaults] and realm
subsection values of variables, and don't bother adding leading and
trailing spaces. Consistently use the names "hostbased" and
"no_referral" to refer to variable values (with a "realm_" prefix for
structures which currently use it).
|
|
|
|
|
| |
Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.
|
|
|
|
|
|
|
|
|
| |
kadm5_create_policy and kadm5_modify_policy had _internal variants in
libkadm5srv (but not libkadm5clnt) which only existed to protect the
policy_refcnt field from modification over the wire. Now that
policy_refcnt is no longer used, we don't need the separation.
Bump the library soname since this is technically an ABI change.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.
In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.
ticket: 7385
|
|
|
|
|
|
|
|
|
|
|
| |
Correct three cases where the wrong expression was checked to see if
an allocation function returned null.
[ghudson@mit.edu: commit message, patch splitting]
ticket: 7534
target_version: 1.11.1
tags: pullup
|
|
|
|
|
|
|
| |
Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header. For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.
|
|
|
|
|
|
|
|
|
|
|
| |
If a master KDC uses only a 64-bit libkadm5srv then there is no reason
to impose any limit on ulog size: the practical maximum will be given by
the filesystem and available storage space.
Even when using a 32-bit libkadm5srv the maximum practical ulog size
will be found easily enough when mmap() fails.
ticket: 7368
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Make kpropd in iprop mode fork a child to listen for kprops from the
master. The child writes progress and outcome reports to the parent
for each kprop. This fixes a race between asking for a full resync
and setting up a listener socket for it.
- Add runonce (-t) for kpropd do_standalone() too.
- Add a new iprop parameter: iprop_resync_timeout. kpropd will keep
asking for incremental updates while waiting for a full resync to
finish, and will re-request a full resync if kadmind continues to
indicate that one is needed after this timeout passes since the
previous full resync was requested.
- Allow polling intervals less than 10 seconds.
[ghudson@mit.edu: split out debug output changes; note polling interval
change in commit message]
ticket: 7373
|
|
|
|
|
|
|
|
|
| |
If apply_keysalt_policy is called with null result arguments (as from
kadm5_setkey_principal_3), we would dereference a null pointer if the
principal has no policy or no policy allowed_keysalts field, due to an
incorrect optimization. Reported by Nico.
ticket: 7223
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This simply adds KADM5_API_VERSION_4 and various fields to the
policy structures:
- attributes (policy-ish principal attributes)
- max_life (max ticket life)
- max_renewable_life (max ticket renewable life)
- allowed_keysalts (allowed key/salt types)
- TL data (future policy extensions)
Of these only allowed_keysalts is currently implemented.
Some refactoring of TL data handling is also done.
ticket: 7223 (new)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a principal string attribute named "session_enctypes" which can
specify what enctypes the principal supports for session keys. (For
what it's worth, this actually allows one to list des-cbc-md5 as a
supported session key enctype, though obviously this hardly matters
now.)
Add a [realms] section parameter for specifying whether to assume that
principals (which lack the session_enctypes attribute) support
des-cbc-crc for session keys. This allows those who still need to use
allow_weak_crypto=true, for whatever reason, to start reducing the
number of tickets issued with des-cbc-crc session keys to clients
which still give des-cbc-crc preference in their default_tgs_enctypes
list.
[ghudson@mit.edu: Miscellaneous edits, cleanups, and fixes; refactored
test script; documented session_enctypes attribute]
|
|
|
|
| |
ticket: 7150
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The fix for #6626 could cause kadmind to dereference a null pointer if
a create-principal request contains no password but does contain the
KRB5_KDB_DISALLOW_ALL_TIX flag (e.g. "addprinc -randkey -allow_tix
name"). Only clients authorized to create principals can trigger the
bug. Fix the bug by testing for a null password in check_1_6_dummy.
CVSSv2 vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:H/RL:O/RC:C
[ghudson@mit.edu: Minor style change and commit message]
ticket: 7152
target_version: 1.10.2
tags: pullup
|
|
|
|
|
|
|
|
|
|
| |
Add $(LIBS) to the $(SHLIB_EXPLIBS) for some shared libraries which
did not previously include it, which prevented gcov from working
properly in some cases.
Patch from W. Trevor King.
ticket: 7138
|
|
|
|
|
|
|
|
|
|
| |
Although the kadmin client never generates a KADM5_POLICY_CLR mask bit
with addprinc, the bit will be set if a kadm5.acl line imposes the
-clearpolicy restriction. Relax the sanity checking in
kadm5_create_principal_3 to allow KADM5_POLICY_CLR as long as
KADM5_POLICY is not also set.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25827 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A database created prior to 1.3 will have multiple password history
keys, and kadmin prior to 1.8 won't necessarily choose the first one.
So if there are multiple keys, we have to try them all. If none of
the keys can decrypt a password history entry, don't fail the password
change operation; it's not worth it without positive evidence of
password reuse.
ticket: 7099
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25819 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we check for password reuse, only compare keys with the most
recent kvno against history entries, or else we will always fail with
-keepold.
This bug primarily affects rollover of cross-realm TGT principals,
which typically use password-derived keys and may have an associated
password policy such as "default".
Bug report and candidate fix (taken with a slight modification) by
Nicolas Williams.
ticket: 7110
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25801 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
ticket: 7107
gcc 4.6.2 reportedly finds some spurious maybe-uninitialized warnings.
Suppress them. Patch from Eray Aslan with some adjustment.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25783 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r24314 (#6778) created a hybrid owernship model for the master key
list, with one virtual copy stored in the DAL handle and one provided
to the caller of krb5_db_fetch_mkey_list. Replace this with a model
where only the DAL handle owns the list, and a caller can get access
to an alias pointer with a new function krb5_db_mkey_list_alias().
Functions which previously accepted the master key list as an input
parameter now expect to find it in the DAL handle.
Patch by Will Fiveash <will.fiveash@oracle.com>.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25781 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
The admin keytab hasn't been needed or used by kadmind since 1.4
(except possibly by legacy admin daemons which we no longer ship).
Eliminate remaining references to it in code, test cases, and
documentation.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25729 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Add a new API krb5_dbe_compute_salt() to determine the salt for a key
data entry, and use it in the three places we currently compute salts.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25410 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25344 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25215 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
by it not figuring out the control flow (initialization and use both
tied to some other variable).
DB2 code not included.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25146 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
Some minor reformatting added in places to avoid exceeding 80 columns.
Used Emacs 22.1 built-in C mode.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25144 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
complaints, almost entirely "rcsid" variables.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25141 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to ticket #6746, the RPC library opened the kadmin socket and
took responsibility for closing. When we added IPv6 support, the
calling code became the owner of the socket but wasn't closing it,
resulting in a file descriptor leak.
ticket: 6949
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25115 dc483132-0cff-0310-8789-dd5450dbe970
|