summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/krb
Commit message (Collapse)AuthorAgeFilesLines
...
* krb5_do_preauth_tryagain should check for NULL padataAlexandra Ellwood2008-06-251-1/+4
| | | | | | | | | | Fixed so krb5_do_preauth_tryagain no longer crashes on NULL padata but instead returns an error. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20473 dc483132-0cff-0310-8789-dd5450dbe970
* This patch is derived from a patch originally submitted to RTJeffrey Altman2008-06-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | by: Nik Conwell <nik@bu.edu> krb5_set_real_time() accepts as input the time of the KDC or an application server as a combination of seconds and microseconds. Often it is the case that the time source does not provide the real time with less than one second granularity. Up until this patch such a caller would fill in the microseconds parameter as zero. krb5_set_real_time() would treat the zero microseconds as the actual reported time and compute a microsecond based offset. During a one second window subsequent calls to krb5_set_real_time() would have an ever increasing offset size until the number of seconds is incremented. This in turn produces a side effect in which the microseconds value of the local clock is effectively erased. If there are multiple processes or threads on the same machine each requesting service tickets using the same client principal for the same service principal where the number of seconds reported by the KDC are equivalent, then they will now all create authenticators with exactly the same timestamp. As a result, the authenticating service will detect a replay attack even though the authenticators are actually unique. The replay cache only maintains a tuple of client, server and timestamp. This patch modifies the interpretation of the microseconds parameter. If -1 is specified, the microseconds offset is ignored. ticket: 5924 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20413 dc483132-0cff-0310-8789-dd5450dbe970
* Change krb5_context.db_context to point to the real structure type,Ken Raeburn2008-06-022-8/+8
| | | | | | | | and change uses to not cast all the time. Also rename it from db_context to dal_handle, since one of the fields in the pointed-to structure is also called db_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20348 dc483132-0cff-0310-8789-dd5450dbe970
* Apple PKINIT patch commitAlexandra Ellwood2008-05-308-4/+3189
| | | | | | | | | | | | | Commit of Apple PKINIT patches under "APPLE_PKINIT" preprocessor symbol. Long term goal is to merge these patches with the pkinit preauth plugin which does not currently have support for Mac OS X crypto libraries or the exported functions used by Back To My Mac. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20346 dc483132-0cff-0310-8789-dd5450dbe970
* fix possible buffer overrun in handling generic-error returnKen Raeburn2008-04-181-2/+3
| | | | | | | | | | | | | | | | | | | Jeff Altman reported this, based on a crash seen in KfW in the wild. The krb5_data handle used to describe the message field returned by the KDC is not null-terminated, but we use a "%s" format to incorporate it into an error message string. In the right circumstances, garbage bytes can be pulled into the string, or a memory fault may result. However, as this is in the error-reporting part of the client-side code for fetching new credentials, it's a relatively minor DoS attack only, not a serious security exposure. Should be fixed in the next releases, though. ticket: new target_version: 1.6.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20304 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize options for _alloc interface to same defaults as for _initKen Raeburn2007-10-011-1/+9
| | | | | | | ticket: 5800 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20064 dc483132-0cff-0310-8789-dd5450dbe970
* revert accidental commit of gc_frm_kdc.cTom Yu2007-09-041-181/+20
| | | | | | ticket: 5707 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19915 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-4000 modify_policy vulnerabilityTom Yu2007-09-041-20/+181
| | | | | | | | | | | In kadm5_modify_policy_internal, check for nonexistence of policy before doing anything with it, to avoid memory corruption. ticket: new target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19914 dc483132-0cff-0310-8789-dd5450dbe970
* t_ser should no longer use kdb librariesEzra Peisach2007-08-142-4/+2
| | | | | | | | | | Remove the call to krb5_db_fini() - as rest of the db code was pulled during DAL integration. This removes dependency on db libraries - alter Makefile.in. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19822 dc483132-0cff-0310-8789-dd5450dbe970
* Based on Apple's patch, during the referrals loop, check to see if theTom Yu2007-08-031-65/+95
| | | | | | | | | | | session key enctype of a returned credential for the final service is among the enctypes explicitly selected by the application, and retry with old_use_conf_ktypes if it is not. ticket: 4950 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19748 dc483132-0cff-0310-8789-dd5450dbe970
* Add internal prototype for krb5_preauth_supply_preauth_data(). Clean up Ezra Peisach2007-08-034-492/+521
| | | | | | | | some shadow variable warnings, make depend... ticket: 5617 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19746 dc483132-0cff-0310-8789-dd5450dbe970
* Add PKINIT supportKevin Coffman2007-08-011-21/+36
| | | | | | | | | | | | | | | | Pull up PKINIT support onto the trunk. Changes from the version in branch users/coffman/pkinit are: - Update the preauth plugin interface version to avoid conflict with any existing plugins. - Add a pkcs11.h locally to the pkinit code rather than depending on opensc being installed. ticket: new Target_Version: 1.6.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19745 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out code for looking up the current time, comparing the offset ofKen Raeburn2007-07-204-37/+19
| | | | | | | a supplied timestamp against the configured maximum clock skew, and possibly generating an error message, into a separate routine. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19722 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid use of unchecked sprintf in libraries. Use asprintf if theKen Raeburn2007-07-125-66/+75
| | | | | | | output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
* If error is KDC_ERR_S_PRINCIPAL_UNKNOWN, report the server nameKen Raeburn2007-07-041-0/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19666 dc483132-0cff-0310-8789-dd5450dbe970
* Define a localtime_r wrapper around localtime if the system doesn'tKen Raeburn2007-06-291-7/+17
| | | | | | | | provide localtime_r, instead of handling it in-line. Check for error indication from localtime_r. Call localtime_r only once instead of each time around the loop. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19655 dc483132-0cff-0310-8789-dd5450dbe970
* set svn:eol-style to native for *.[ch]Ken Raeburn2007-06-201-94/+94
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19596 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_walk_realm_tree leaks in capaths caseTom Yu2007-06-181-0/+3
| | | | | | | | | | | | | | | Markus Moeller reports a leak in krb5_get_credentials() which was then traced down to profile strings leaking from within krb5_walk_realm_tree(). A pointer to a profile string was getting overwritten without the string being freed when *cap_nodes[0] == '.'. Fix is to free the string prior to overwriting the pointer if the pointer is non-null. ticket: new target_version: 1.6.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19582 dc483132-0cff-0310-8789-dd5450dbe970
* Move CCAPI sources to krb5 repositoryAlexandra Ellwood2007-05-311-1/+1
| | | | | | | ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19564 dc483132-0cff-0310-8789-dd5450dbe970
* Change struct _krb5_context.os_context into a single element instead of array[1]Ken Raeburn2007-05-212-21/+18
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19554 dc483132-0cff-0310-8789-dd5450dbe970
* Define and use some inline helper functions for comparing data and authdata ↵Ken Raeburn2007-05-105-43/+20
| | | | | | | | structures, instead of open-coding checks of multiple fields everywhere. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19544 dc483132-0cff-0310-8789-dd5450dbe970
* k5-int.h, gic_opt.cJeffrey Altman2007-05-021-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The krb5_get_init_creds_password() and krb5_get_init_creds_keytab() functions permit the gic_opts parameter to be NULL. This is not taken into account when testing the value with the macros krb5_gic_opt_is_extended() and krb5_gic_opt_is_shadowed(). Nor is it taken into account within krb5int_gic_opte_copy() which is called by krb5int_gic_opt_to_opte() when the input parameter is not a krb5_gic_opt_ext structure. This commit makes two changes: (1) it modifies the macros to ensure that the value is non-NULL before evaluation. (2) it modifies krb5int_gic_opte_copy() to avoid copying the original values with memcpy() when the input is NULL. In addition, the code was audited to ensure that the flag KRB5_GET_INIT_CREDS_OPT_SHADOWED is properly set and that when it is set, that the allocated krb5_gic_opt_ext structure is freed by krb5_get_init_creds_password() and krb5_get_init_creds_keytab(). ticket: 5552 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19537 dc483132-0cff-0310-8789-dd5450dbe970
* rd_req_decoded needs to deal with referral realmsSam Hartman2007-04-291-5/+21
| | | | | | | | | | | * Fix handling of null realm in krb5_rd_req_decoded; now we treat a null realm as a default realm there, as we do in the keytab code. ticket: new Target_Version: 1.6.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19536 dc483132-0cff-0310-8789-dd5450dbe970
* race condition in referrals fallbackTom Yu2007-04-251-0/+1
| | | | | | | | | | | | | | | | | * src/lib/krb5/krb/gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): During referrals fallback, set *tgts to NULL after freeing. This avoids returning a pointer to freed memory when the first call to do_traversal() obtains some TGTs and the subsequent krb5_cc_retrieve_cred() of the final-hop TGT succeeds (due to some other thread or process storing that TGT into the ccache), causing second do_traversal() call (which would re-initialize *tgts) to not execute. Race condition found during KfW-3.2 testing. ticket: new target_version: 1.6.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19526 dc483132-0cff-0310-8789-dd5450dbe970
* Provide more detailed error message for 'client not found in kdb'Ken Raeburn2007-04-131-0/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19455 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unused scc_default_format field from krb5_contextKen Raeburn2007-03-262-13/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19287 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust type of 'stable' in krb5_register_serializer to reduce warningsKen Raeburn2007-03-251-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19283 dc483132-0cff-0310-8789-dd5450dbe970
* Change strnchr sought value to int to match passed valueKen Raeburn2007-03-251-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19282 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize values to avoid 'possibly uninitialized' compiler warningsKen Raeburn2007-03-251-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19281 dc483132-0cff-0310-8789-dd5450dbe970
* Convert keyblock or padata types to krb5_data without compiler warnings.Ken Raeburn2007-03-253-7/+33
| | | | | | (Added inline functions, with appropriate casts, for data conversion.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19280 dc483132-0cff-0310-8789-dd5450dbe970
* Use memset to silence some 'may be used uninitialized' warningsKen Raeburn2007-03-252-0/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19279 dc483132-0cff-0310-8789-dd5450dbe970
* whitespace (mostly wrapping long lines produced by protoize)Ken Raeburn2007-03-2513-36/+74
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19278 dc483132-0cff-0310-8789-dd5450dbe970
* * include/k5-platform.h: Add load_{16,32,64}_n for loading values fromKen Raeburn2007-03-141-2/+15
| | | | | | | | | | | (possibly unaligned) memory in native order. * lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): Fetch four random bytes from the crypto library and generate a 31-bit (non-negative) nonce, instead of using the timestamp. ticket: 5425 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19223 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_cred_from_kdc fails to null terminate the tgt listJeffrey Altman2007-03-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | if the next tgt in a cross-realm traversal cannot be obtained find_nxt_kdc() was calling krb5_free_creds() on the last tgt in the list but was failing to nullify the pointer to the cred that was just freed. if there were no additional tgts obtained, krb5_get_cred_from_kdc() would return a non-NULL terminated cred list to the caller. This would result in a crash when attempting to manipulate the non-existent cred past the end of the list. This commit nullifies the credential pointer in find_nxt_kdc() after the call to krb5_free_creds() ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19195 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure consistancy between prototypes and functionsEzra Peisach2007-02-192-9/+2
| | | | | | | | | | | | I am using an older compiler that is complaining that prototypes do not match the functions they reference. The issue is that a number of prototypes are using "const int foo" while the function is "int foo". From a caller sense it makes no difference - but the compiler is correct they are different. All is now consistant. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19169 dc483132-0cff-0310-8789-dd5450dbe970
* rename krb5_server_decrypt_ticket_keyblock() toTom Yu2007-02-131-4/+5
| | | | | | | | krb5int_server_decrypt_ticket_keyblock() ticket: 5349 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19159 dc483132-0cff-0310-8789-dd5450dbe970
* Don't need to register WRFILE: keytab type, it's already in the compiled-inKen Raeburn2007-02-011-7/+1
| | | | | | list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19132 dc483132-0cff-0310-8789-dd5450dbe970
* Fix merge botches:Tom Yu2007-01-312-12/+30
| | | | | | | | | | | | restore krb5_get_init_creds_opt_set_change_password_prompt() undo accidental reversion of preauth_tryagain change to krb5_get_init_creds() ticket: 5420 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19131 dc483132-0cff-0310-8789-dd5450dbe970
* remove krb5_get_init_creds_opt_set_pkinit() for nowTom Yu2007-01-311-63/+0
| | | | | | | ticket: 5420 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19130 dc483132-0cff-0310-8789-dd5450dbe970
* get_init_creds_opt extensibilityTom Yu2007-01-305-63/+573
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r18922@cathode-dark-space: coffman | 2006-12-04 18:30:15 -0500 First cut at making the get_init_creds_opt structure extendable and adding library functions to set options for preauthentication plugins. This does *not* include a compatibility function to work like Heimdal's krb5_get_init_creds_opt_set_pkinit() function. Hopefully, the test code that doesn't belong in kinit.c is obvious. r18929@cathode-dark-space: coffman | 2006-12-07 10:01:20 -0500 Remove extra "user_id" parameter. Add function which duplicates the Heimdal interface (if we can agree on what the matching attribute names should be). r18934@cathode-dark-space: coffman | 2006-12-08 15:28:03 -0500 Update to use the simplified interface for krb5_get_init_creds_opt_set_pa() Add code in kinit to process "-X" options as preauth options and pass them along. r18936@cathode-dark-space: coffman | 2006-12-11 12:04:26 -0500 Move prototypes for get_init_creds_opt_get_pa() and krb5_get_init_creds_opt_free_pa() into the preauth_plugin.h header rather than krb5.hin. ticket: new status: open component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19127 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2007-01-201-8/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19096 dc483132-0cff-0310-8789-dd5450dbe970
* Don't explicitly include error table headers that are also in krb5.hKen Raeburn2007-01-201-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19094 dc483132-0cff-0310-8789-dd5450dbe970
* This commit adds two new functions, krb5_server_decrypt_ticket_keyblock Jeffrey Altman2007-01-162-0/+105
| | | | | | | | | | | | | | | | | (private) and krb5_server_decrypt_ticket_keytab (public). These functions take a krb5_ticket as input and decrypt it using the provided key data. The public function is useful for higher level application protocols such a TLS-KRB5 and AFS RX-KRB5 which exchange a service but do not use the AP-REQ/AP-REP messages. This commit also adds new functionality to kvno which permits kvno when provided a keytab as input to verify whether or not the keytab contains a key that can successfully decrypt the obtains service ticket. ticket: 5349 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19062 dc483132-0cff-0310-8789-dd5450dbe970
* * copy_data.c (krb5_copy_data): Use krb5int_copy_data_contentsKen Raeburn2006-12-281-10/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19019 dc483132-0cff-0310-8789-dd5450dbe970
* * lib/krb5/krb/copy_creds.c (krb5int_copy_creds_contents): New function, splitKen Raeburn2006-12-281-2/+21
| | | | | | | | out from krb5_copy_creds. (krb5_copy_creds): Call it. * include/k5-int.h (krb5int_copy_creds_contents): Declare. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19017 dc483132-0cff-0310-8789-dd5450dbe970
* * src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): FixTom Yu2006-12-221-3/+4
| | | | | | | | ordering bug in previous patch. ticket: 5123 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19007 dc483132-0cff-0310-8789-dd5450dbe970
* use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC in preauth2.cTom Yu2006-12-191-3/+3
| | | | | | | | | | | | * src/lib/krb5/krb/preauth2.c (krb5_do_preauth_tryagain): Use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC. ticket: new target_version: 1.6 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18977 dc483132-0cff-0310-8789-dd5450dbe970
* don't pass null pointer to krb5_do_preauth_tryagain()Tom Yu2006-12-191-17/+24
| | | | | | | | | | | | | * src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): If the error isn't PREAUTH_NEEDED and preauth_to_use is null, return the error in err_reply, rather than attempting to pass a null pointer to krb5_do_preauth_tryagain(). ticket: new status: open target_version: 1.6 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18976 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_is_referral_realm now takes a pointer to const krb5_data, since it doesn'tKen Raeburn2006-12-191-1/+1
| | | | | | | | | modify it. ticket: 5121 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18974 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_init_creds_opt_set_change_password_promptJeffrey Altman2006-12-142-2/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | krb5_get_init_creds_opt_set_change_password_prompt is a new gic option that permits the prompter code to be skipped when the password has expired. This option is meant to be used by credential managers such as NetIDMgr and Kerberos.app that have their own built in password change dialogs. This patch adds the new function, exports it on Windows, and makes use of it within the Krb5 identity provider for NetIDMgr. The patch is written to ensure that no changes to the krb5_get_init_creds_opt structure are required and to ensure that the default behavior, prompting, is maintained. The export lists for UNIX and KFM must still be updated. The function prototype was committed as part of ticket 3642. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18954 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-29 05:18:01 +0000