summaryrefslogtreecommitdiffstats
path: root/src/lib/kdb/kdb_default.c
Commit message (Collapse)AuthorAgeFilesLines
* Remove last uses of "possibly-insecure" mktemp(3)Ben Kaduk2013-11-041-14/+23
| | | | | | | | | | | | | | | | | | | | Many libc implementations include notations to the linker to generate warnings upon references to mktemp(3), due to its potential for insecure operation. This has been the case for quite some time, as was noted in RT #6199. Our usage of the function has decreased with time, but has not yet disappeared entirely. This commit removes the last few instances from our tree. kprop's credentials never need to hit the disk, so a MEMORY ccache is sufficient (and does not need randomization). store_master_key_list is explicitly putting keys on disk so as to do an atomic rename of the stash file, but since the stash file should be in a root-only directory, we can just use a fixed name for the temporary file. When using this fixed name, we must detect (and error out) if the temporary file already exists; add a test to confirm that we do so. ticket: 1794
* Clean up stash file error handlingBen Kaduk2013-11-041-3/+2
| | | | | | | | | | | The comment previously failed to match the behavior. The intent was that if we failed to write out the entire stash file into the temporary location, we should remove the partial file. However, the code was actually checking whether the *real* stash file existed, not whether the temporary one existed. It is safe to always try to unlink the partial file, and not worry about whether it already exists.
* Add and use k5memdup, k5memdup0 helpersGreg Hudson2013-02-091-3/+3
| | | | | | Add k5-int.h static functions to duplicate byte ranges, optionally with a trailing zero byte, and set an error code like k5alloc does. Use them where they would shorten existing code.
* Fix KDC heap corruption vuln [CVE-2012-1015]Tom Yu2012-08-011-0/+3
| | | | | | | | | | | | | | | | | | | | Fix KDC heap corruption vulnerability [MITKRB5-SA-2012-001 CVE-2012-1015]. The cleanup code in kdc_handle_protected_negotiation() in kdc_util.c could free an uninitialized pointer in some error conditions involving "similar" enctypes and a failure in krb5_c_make_checksum(). Additionally, adjust the handling of "similar" enctypes to avoid advertising enctypes that could lead to inadvertent triggering of this vulnerability (possibly in unpatched KDCs). Note that CVE-2012-1014 (also described in MITKRB5-SA-2012-001) only applies to the krb5-1.10 branch and doesn't affect the master branch or releases prior to krb5-1.10. ticket: 7225 (new) target_version: 1.9.5 tags: pullup
* Only store master mey list in DAL handleGreg Hudson2012-03-211-1/+0
| | | | | | | | | | | | | | r24314 (#6778) created a hybrid owernship model for the master key list, with one virtual copy stored in the DAL handle and one provided to the caller of krb5_db_fetch_mkey_list. Replace this with a model where only the DAL handle owns the list, and a caller can get access to an alias pointer with a new function krb5_db_mkey_list_alias(). Functions which previously accepted the master key list as an input parameter now expect to find it in the DAL handle. Patch by Will Fiveash <will.fiveash@oracle.com>. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25781 dc483132-0cff-0310-8789-dd5450dbe970
* Silence various "may be used uninitialized" warnings from GCC causedKen Raeburn2011-09-051-0/+1
| | | | | | | | | by it not figuring out the control flow (initialization and use both tied to some other variable). DB2 code not included. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25146 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-101-14/+16
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-091-4/+1
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_dbe_def_search_enctype skip key data entries with invalidGreg Hudson2010-09-281-6/+4
| | | | | | | | | | | | enctypes instead of erroring out on them. We had this behavior prior to 1.8 (more by accident than by design), but it changed as a side-effect of r23599. ticket: 6790 target_version: 1.8.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24370 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-061-23/+14
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* Make the APIs for iterate, get_master_key_list, set_master_key_list,Greg Hudson2010-07-031-21/+0
| | | | | | | | | | and promote_db return KRB5_PLUGIN_OP_NOTSUPP if the KDB module does not implement them, avoiding the need for stub default implementations. ticket: 6749 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24171 dc483132-0cff-0310-8789-dd5450dbe970
* Remove store_master_key from the DAL table, and implementGreg Hudson2010-07-021-17/+0
| | | | | | | | | krb5_store_master_key in terms of krb5_store_master_key_list. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24168 dc483132-0cff-0310-8789-dd5450dbe970
* Remove verify_master_key from the DAL table, as well as its associatedGreg Hudson2010-07-021-57/+0
| | | | | | | | | | | libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson2010-07-021-13/+11
| | | | | | | | | just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the set_master_key and get_master_key DAL interfaces and theirGreg Hudson2010-07-021-15/+0
| | | | | | | | | | | | corresponding libkdb5 APIs, as they were not productively used. In kdb5_ldap_util, stop using the realm data's mkey field as a container to communicate the master key to static helper functions, since the field no longer exists. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
* Make decryption of master key list more robustGreg Hudson2010-01-291-37/+13
| | | | | | | | | | | | | | | | | krb5_def_fetch_mkey_list was incorrectly filtering mkey_aux entries when searching the list for an entry which can be decrypted with the stashed master key. This bug was masked in most cases by the mkvno heuristic. Remove the mkvno heuristic, since performance is not an issue for this rarely-performed operation, and remove the incorrect enctype comparison in the brute-force search. ticket: 6652 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23677 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_dbe_def_search_enctype more consistent about when it returnsGreg Hudson2010-01-061-27/+23
| | | | | | | KRB5_KDB_NO_PERMITTED_KEY. Now it will return that error if it sees any non-permitted enctypes which match the search criteria. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23599 dc483132-0cff-0310-8789-dd5450dbe970
* Don't return KRB5_KDB_NO_PERMITTED_KEY fromGreg Hudson2010-01-061-1/+2
| | | | | | | | | | | krb5_dbe_def_search_enctype if we previously returned results (i.e. if *start > 0). ticket: 6622 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23597 dc483132-0cff-0310-8789-dd5450dbe970
* handle negative enctypes betterTom Yu2009-12-071-2/+2
| | | | | | | | | | | krb5_dbe_def_search_enctype and krb5int_parse_enctype_list were making assumptions that enctype numbers are positive. Potentially more code makes this assumption, but these appear to be the major ones. ticket: 6592 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23454 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-311-145/+146
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Make results of krb5_db_def_fetch_mkey more predictableGreg Hudson2009-06-011-25/+16
| | | | | | | | | | | | | | | | | | | | krb5_db_def_fetch_mkey tries the stash file as a keytab, then falls back to the old stash file format. If the stash file was in keytab format, but didn't contain the desired master key, we would try to read a keytab file as a stash file. This could succeed or fail depending on byte order and other unpredictable factors. The upshot was that one of the libkadm5 unit tests (init 108) was getting a different error code on different platforms. To fix this, only try the stash file format if we get KRB5_KEYTAB_BADVNO trying the keytab format. This requires reworking the error handling logic. ticket: 6506 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22397 dc483132-0cff-0310-8789-dd5450dbe970
* deal with memleaks in migrate mkey projectWill Fiveash2009-02-051-1/+3
| | | | | | | | | | | | | Ken R. told me that Coverity found several potential memleaks introduced by the mkey migration project. This addresses those leaks and tweaks the code formatting in a few places. ticket: 6371 Version_Reported: 1.7 Target_Version: 1.7 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21900 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-021-1/+1
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* Master Key Migration ProjectWill Fiveash2009-01-301-16/+204
| | | | | | | | | | | | | | | Commit for the Master Key Migration Project. http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration This commit provides the ability to add a new master key (with an enctype differing from the current master key) to the master key principal and stash file and then migrate the encryption of existing principals long term keys to use the new master key. In addition deletion of master keys is provided. ticket: 6354 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
* Start to phase out krb5_xfree macro, which just casts its argument toKen Raeburn2009-01-281-1/+1
| | | | | | | | | | | char* and calls free. Replace most uses, outside of the LDAP KDB plugin, which doesn't build on my test system of the moment because of version dependencies. Add one explicit cast to make the change warning-neutral (under gcc 4.0.1 on Mac OS X 10.5.6). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21812 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unneeded LEAN_CLIENT #define'sZhanna Tsitkov2008-12-021-12/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21261 dc483132-0cff-0310-8789-dd5450dbe970
* Apply a patch from Apple to correct a few memory leaksGreg Hudson2008-11-031-2/+9
| | | | | | ticket: 6201 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20958 dc483132-0cff-0310-8789-dd5450dbe970
* Use snprintf instead of strcpy/strcat in many placesGreg Hudson2008-10-231-9/+4
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20912 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_def_store_mkey(), mktemp was being invoked with a string WRFILE:....Ezra Peisach2008-10-191-9/+8
| | | | | | | | | | | | | | This returns an error - as it actually tries to open the file. Move some of the logic that points to the actual filename earlier - so mktemp works on the .... portion. Note that the netbsd linker gives a warning on using mktemp as it may be insecure - but there is no obvious way to avoid it. ticket: new subhect: netbsd mktemp actually tries to open file git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20896 dc483132-0cff-0310-8789-dd5450dbe970
* lean client changesZhanna Tsitkov2008-08-201-2/+13
| | | | | | | | | All changes are under LEAN_CLIENT macro. Application server functionality is disabled. Ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20680 dc483132-0cff-0310-8789-dd5450dbe970
* a stash file is not a keytabWill Fiveash2008-08-151-86/+225
| | | | | | | | | Note, this is the commit for the associated Krb Consortium project: Projects/Masterkey Keytab Stash ticket: 194 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20661 dc483132-0cff-0310-8789-dd5450dbe970
* Added type checking for 64-bit platformsAlexandra Ellwood2008-07-011-7/+10
| | | | | | ticket: 6001 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20495 dc483132-0cff-0310-8789-dd5450dbe970
* Big endian stash file supportAlexandra Ellwood2008-06-271-2/+18
| | | | | | | | | | Added support for stash files with a consistent endianness (big endian) so that one can migrate a KDC from a machine with one endianess to a machine with the other endianess. Used by Kerberos for Macintosh. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20489 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-5972: double fclose() in krb5_def_store_mkey()Tom Yu2007-12-141-2/+1
| | | | | | | | ticket: 5857 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20179 dc483132-0cff-0310-8789-dd5450dbe970
* Set close-on-exec flag in most places where file descriptors areKen Raeburn2007-10-221-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | opened in our libraries (in case another application thread spawns a new process) and in the KDC programs (in case a plugin library spawns a new process). Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup dup2 pipe. In: util lib plugins kdc kadmin/server krb524. The various programs are less critical than the libraries, as any well-written plugin that spawns a new process should close all file descriptors it doesn't need to communicate with the new process. This approach also isn't bulletproof, as the call to set the close-on-exec flag is necessarily a separate call from creating the file descriptor, and the fork call could happen in between them. So plugins should be careful regardless of this patch; it will only reduce the window of potential lossage should a plugin be poorly written. (AFAIK there are currently no plugins that spawn processes where this would be a problem.) Update dependencies. ticket: 5561 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
* Another patch from Will Fiveash, to make "kdb5_util load <dumpfile>"Ken Raeburn2006-10-121-4/+4
| | | | | | | work with the LDAP KDB back end, in simple cases (all entries stored under the krbcontainer entry). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18690 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_default.c (krb5_def_store_mkey): If the file can't be opened, constructKen Raeburn2006-08-151-0/+3
| | | | | | an error message that includes the file's name. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18448 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_default.c (krb5_def_promote_db): New function.Ken Raeburn2006-06-301-0/+6
| | | | | | | | | | | * kdb5.c (kdb_setup_opt_functions): Use it if promote_db is null. * libkdb5.exports: Export krb5_db_promote. ticket: 3964 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18292 dc483132-0cff-0310-8789-dd5450dbe970
* * lib/kadm5/alt_prof.c (kadm5_get_config_params): Replace filename andKen Raeburn2006-05-161-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | envvar arguments with a flag indicating whether KDC config data should be used. Prototype and all callers changed. (krb5_read_realm_params): Delete config file and env var arguments. Prototype and all callers changed. * lib/kadm5/admin.h (KADM5_CONFIG_PROFILE): Commented out. (struct _kadm5_config_params): Delete field PROFILE. * lib/kadm5/alt_prof.c (kadm5_get_config_params): Don't look at it. (kadm5_free_config_params): Don't free it. * kadmin/testing/tcl/util.t: Remove profile data from config params. * kadmin/testing/util/tcl_kadm5.c (config_mask_flags): Deleted KADM5_CONFIG_PROFILE entry. (parse_config_params): Changed to require 20 parameters instead of 21. * lib/kadm5/unit-test/api.2/init-v2.exp (test100): Deleted. * lib/kadm5/alt_prof.c (krb5_aprof_init): Fetch the list of config files from the library and add the caller-indicated config file to the front of the list. * lib/kadm5/clnt/client_init.c (kadm5_init_krb5_context): New function. * lib/kadm5/clnt/libkadm5clnt.exports: Export it. * lib/kadm5/srv/server_init.c: Include k5-int.h, osconf.h, gssapiP_krb5.h. (kadm5_init_krb5_context): New function. * lib/kadm5/srv/libkadm5srv.exports: Export it. * lib/kadm5/srv/Makefile.in (LOCAL_INCLUDES): Add gssapi directories. * lib/kadm5/admin.h (kadm5_init_krb5_context): Declare it. * kadmin/dbutil/kdb5_destroy.c (kdb5_destroy): Call kadm5_init_krb5_context instead of krb5_init_context. * kadmin/dbutil/dump.c (load_db): Likewise. * kadmin/dbutil/kdb5_util.c (main): Likewise. * kadmin/dbutil/kadm5_create.c (kadm5_create): Likewise. * kadmin/dbutil/kdb5_stash.c (kdb5_stash): Likewise. * kadmin/dbutil/loadv4.c (load_v4db): Likewise. * kadmin/server/ovsec_kadmd.c (main): Likewise. * kadmin/cli/kadmin.c (kadmin_startup): Likewise. * kadmin/testing/util/tcl_ovsec_kadm.c (tcl_ovsec_kadm_init): Likewise. * lib/kadm5/unit-test/lock-test.c (main): Likewise. * lib/kadm5/unit-test/handle-test.c (main): Likewise. * lib/kadm5/unit-test/randkey-test.c (main): Likewise. * lib/kadm5/unit-test/setkey-test.c (main): Likewise. * lib/kadm5/chpass_util.c (_kadm5_chpass_principal_util): Likewise. * lib/kadm5/kadm_rpc_xdr.c (xdr_krb5_principal): Likewise. * lib/krb5/os/init_os_ctx.c (add_kdc_config_file): New function. (os_init_paths): Add new argument KDC; call add_kdc_config_file if true. * lib/krb5/krb/init_ctx.c (krb5int_init_context_kdc): New function. (init_common): Add new argument KDC, passed to krb5_os_init_context. * lib/krb5/libkrb5.exports: Export krb5int_init_context_kdc. * k5-int.h (krb5_os_init_context): Update decl. * lib/kadm5/srv/server_init.c (kadm5_init): Call krb5int_init_context_kdc. * krb524/krb524d.c (main): Likewise. * lib/kadm5/unit-test/api.2/init-v2.exp: Don't run test 154 for error for $KRB5_KDC_PROFILE file not present. * lib/krb5/os/init_os_ctx.c (os_get_default_config_files): Rewrite KLL test so as not to confuse Emacs indentation support. * lib/gssapi/krb5/init_sec_context.c (kg_kdc_flag_mutex, kdc_flag): New variables. (krb5_gss_init_context, krb5_gss_use_kdc_context): New functions. * lib/gssapi/krb5/gssapiP_krb5.h (kg_kdc_flag_mutex): Declare. (krb5_gss_init_context, krb5_gss_use_kdc_context): Declare. (krb5_init_context): Define as macro to invoke krb5_gss_init_context for now. * lib/gssapi/gss_libinit.c (gssint_lib_init): Initialize the mutex. (gssint_lib_fini): Destroy it. * lib/gssapi/libgssapi_krb5.exports: Export krb5_gss_use_kdc_context. * lib/kadm5/srv/server_init.c (kadm5_init): Don't complain if the config files specify an admin server, since we now look at krb5.conf as well. * lib/kadm5/unit-test/api.2/init-v2.exp: Delete test test114 for bad server params. * plugins/kdb/db2/adb_openclose.c (osa_adb_init_db): Use krb5int_init_context_kdc instead of krb5_init_context. * kdc/rtest.c (main): Likewise. * kdc/fakeka.c (main): Likewise. * kdc/main.c (main, init_realm): Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18009 dc483132-0cff-0310-8789-dd5450dbe970
* Don't include kdb.h from k5-int.h; instead, include it in the handfulKen Raeburn2006-04-131-0/+1
| | | | | | of places where it's actually needed. Update dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17898 dc483132-0cff-0310-8789-dd5450dbe970
* Novell Database Abstraction Layer merge.Ken Raeburn2005-06-211-0/+329
Will probably break things. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17258 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-06-19 12:47:00 +0000