| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
For cntype_choice, count must be less than choice->n_options.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25684 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A backwards conditional in r25358 caused krb5_gss_get_name_attribute
not to set display_value on success. Fix the sense of the
conditional.
We still don't quite correctly handle the cases where data_to_gss()
fails, but those should be rare and the problem in those cases isn't
severe, so it can be fixed separately.
Also, value and display_value should probably be initialized to null
buffers on failure, as is common with GSS interfaces.
ticket: 7087
status: open
target_version: 1.10.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25674 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
New APIs of this sort should be discussed, and the goals motivating
the change clarified.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25670 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
diagnostics of the potential misconfiguration.
Added profile_get_(string/integer/boolean)_nodef functions to the profile library to get the typed values from the configuration
files (without setting these values to the defaults).
Used TRACE_PROFILE_ERR for the configuration diagnostics in krb5_init_context_profile API.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25669 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RFC 5587 defines an "arc name" and a "purpose" for each mechanism
attribute. gss_display_mech_attr was returning the purpose (which
isn't very short) in short_desc and a null buffer in long_desc (which
isn't necessarily conformant to the spec). Instead, output the arc
name as the short_desc and the purpose as the long_desc. This is more
useful and also more consistent with Heimdal, which outputs the arc
name as short_desc and either the purpose string or an empty string
for long_desc.
ticket: 7085
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25668 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_gss_inquire_cred_by_mech checks its mech argument against two of
the four mechs a krb5 cred might have (the krb5 mech and the old krb5
mech, but not the wrong Microsoft mech or the IAKERB mech), so would
spuriously fail for the other two mechs. There is no reason to check
the mechanism if we assume a reasonable mechglue is interpreting
application gss_inquire_cred_by_mech calls, so just remove the check.
ticket: 7084
target_version: 1.10.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25666 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Recent versions of gcc can generate a maybe-uninitialized warning from
bison output instead of a regular uninitialized warning. Suppress
both. Fix from nalin@redhat.com.
ticket: 7080
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25665 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
We were computing sizeof(void) when referencing atype_int_immediate
types in other types (primarily atype_tagged_thing). gcc gives this a
pass but the Solaris compiler does not. Use "int" as the dummy type
instead. (The type is unimportant since int-immediates aren't used by
offset or sequence-of types.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25658 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the "field" half of the ASN.1 encoder machinery with several
new struct atype_info types (offset, counted, and int_immediate) and a
new counted_type machinery used exclusively for object/integer pairs.
This change eliminates the two-way entanglement between atypes and
fields, and makes the encoder more independent of RFC 4120 ASN.1
conventions.
Defining sequences with the preprocessor macros is now slightly more
cumbersome; we need to define a type for each field and then string
them together with an array of struct atype_info *. But it's not so
bad, and hopefully we can auto-generate some of this soon.
*_optional functions now return a bitmask of sequence field offsets
not present in the C type. This will need some more attention before
we add decoding support to the engine, since it means sequence fields
no longer know whether they are optional or not.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25657 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
Instead of defining an auxiliary load function for each integer
type, just use its size and signedness to decide how to load it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25651 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Add tests to krb5_decode_test.c for PKINIT types. Where the decoders
do not match the encoders, include comments and hand-generated
encodings which work with the decoder.
Add a comment to asn1_k_encode.c documenting inconsistencies between
the draft 9 PA-PK-AS-REQ spec and our encoder results.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25650 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In get_in_tkt.c, a time offset is computed between the KDC's auth_time
and the current system time after the reply is decrypted. Time may
have elapsed between these events because of a gak_fct invocation
which blocks on user input. The resulting spurious time offset can
cause subsequent TGS-REQs to fail and can also cause the end time of
the next AS request to be in the past (issue #889) in cases where the
old ccache is opened to find the default principal.
Use the system time, without offset, for the request time of an AS
request, for more predictable kinit behavior. Use this request time,
rather than the current time, when computing the clock skew after the
reply is decrypted.
ticket: 7063
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25644 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
pa_fx_fast_request and pa_fx_fast_reply are defined in RFC 6113 as
extensible choice types with only one choice, which means they encode
as another type with a [0] tag wrapper. Use DEFTAGGEDTYPE to add
this wrapper instead of DEFFIELDTYPE/FIELDOF_ENCODEAS, and add a
comment describing why.
After this change, all uses of DEFFIELDYPE are for dataptr/lenptr
types or just simple offset transformations on the base pointer.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25635 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
Due to some lingering confusion, the last commit changing
asn1_decode_kdc_dh_key_info was correct but overly complicated (and
contained an incorrect comment). Change it to just use get_lenfield
for subjectPublicKey.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25634 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The dh_key_info encoder expects subjectPublicKey to contain the
contents of a bit string, but the decoder outputs the DER encoding of
the bit string including tag. The PKINIT client code expects this, so
everything works, but the encoder and decoder should be symmetric.
Change the decoder to process the bit string (adding a bit string
decoding primitive) and modify the PKINIT client code to expect only
the bit string contents.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25626 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
krb5_pk_authenticator_draft9 had a kdcRealm field which was set by the
client code but never encoded or decoded. Remove it. Eliminating this
field exposed a bug in auth_pack_draft9_optional; fix that.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25624 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Use an explicit tag for serverDHNonce, as specified in RFC 4556,
rather than the implicit tag we historically used. This bug had no
practical effect (and creates no interoperability issues) because we
never generate a serverDHNonce.
ticket: 7061
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25623 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that the PKINIT types have been converted and atype_fn has only
one use, we can more easily modify the encoder so that any object can
be encoded without its tag, which makes for a cleaner design. The
basic building block is now krb5int_asn1_encode_type, which encodes
the contents of a function and returns its tag information to the
caller.
atype_fn now has its own structure, and the encoder function it
references follows the semantics of krb5int_asn1_encode_type.
atype_opaque is now atype_der and goes with a new corresponding field
type (field_der); stored DER encodings are parsed to separate the tag
from the content.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25622 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25620 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
krb5_alt_method was added in r6604 but never supported. krb5_pwd_data
became unused when the Sandia kadmin system was replaced.
krb5_pa_server_referral_data and krb5_pa_svr_referral_data were added
in r21690 with internally-visible encoders which nothing uses.
Leave behind structure declarations in krb5.hin for API compatibility.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25619 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
r24403 removed the old SAM support, but left behind the structures,
free functions, and ASN.1 encoders/decoders. Remove those now.
(SAM-2 support is still present.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25618 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Use data-driven encoders for all of the remaining types which still
used macros (primarily PKINIT types), and get rid of the macros. Do
not change any encoding behavior, but add some comments where behavior
differs from the spec.
DEFFNTYPE is now unused except for the kdc_req_body hack.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25617 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
Add a new field type where the length offset indicates a distinguisher
and the data offset indicates a union address. The field's type is an
atype_choice containing a seq_info indexed by the distinguisher.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25616 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25615 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a field_info bit (the 32nd bit of the bitfields) indicating whether
the context tag is implicit, and support it in encode_a_field. Adjust
all field-generating macros and invocations to include the new bit
(always 0 for the moment).
For atype_tagged_thing, narrow the construction field to six bits and
add an implicit bit. We could remove the construction field if it
weren't for DEFOCTETWRAPPEDTYPE abusing atype_tagged_thing a little
bit, since (normal) explicit tags are always constructed and implicit
tag construction is computed from the base type.
Given how rarely implicit tagging is used, it might be nice to have
separate _IMPLICIT macros rather than an extra argument to every
field. But we already have separate _OPT macros for optional fields
and FIELDOF_STRING vs. FIELDOF_STRINGL, so we start to get a
combinatoric explosion in the number of macros.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25614 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to support implicit tagging, make it possible to ASN.1-encode
a value without its outer tag, instead remembering the construction
bit of the omitted tag.
A cleaner design would be to have separate functions for encoding a
value's contents and its tag. However, we can't do that for atype_fn
or atype_opaque, and the possible indirections between types and
fields mean we want to stay at the "encode everything" level for as
long as possible to allow implicit tagging of the largest possible
subset of types. If we can get rid of atype_fn, we may be able to
switch to the cleaner design with some adjustments to atype_opaque.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25613 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of implicit tag support, rework ASN.1 encoding primitives so
that they encode only content, not tags. Combine primitives which
become identical with this change. The new atype_primitive type
invokes a primitive encoder and adds a tag. atype_fn_len is split
into atype_string and atype_opaque, both of which are hardcoded to
use asn1_encode_bytestring.
For the encoders still using macros, create asn1_addprimitive,
asn1_addinteger, and asn1_addstring macros which call the primitive
encoder function and add a tag.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25612 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Instead of including all of the possible type fields in struct
atype_info, use a pointer to a type-specific structure. This might
save a little space, but more importantly, if we get to the point of
exposing this stuff across plugin APIs, it allows ASN.1 type
information to be extensible via defining new atype_type values.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25611 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
Add test cases for ASN.1 types which didn't previously have them.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25610 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
r20923 inadvertently broke asn1_encode_subject_pk_info in the case
where algorithm.parameters.length == 0. Fortunately this case never
happens, but fix it anyway.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25607 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
krb5_free_realm_string
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25606 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 6936
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25604 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use the krb5_pa_data structure type when encoding or decoding
TYPED-DATA. Leave the krb5_typed_data structure definition in krb5.h
with a comment saying not to use it. Remove krb5_free_typed_data
(which was never declared in krb5.h). Remove some vestigial accessor
stuff related to PKINIT encoding and decoding TYPED-DATA, which was
unneeded since r25483. Bump the accessor structure version to 19
accordingly.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25601 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
For consistency with the rest of the code base, make PKINIT use
krb5_data as a pointer/length container. Leave krb5_octet_data and
krb5_free_octet_data behind for API compatibility.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25600 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When producing the first SPNEGO security context token, if the first
mechanism's init_sec_context fails, fall back to a later mechanism.
This fixes a regression in 1.10 for SPNEGO initiators using non-krb5
credentials. The identity selection work causes errors to be deferred
from krb5's acquire_cred in some cases, which means SPNEGO doesn't see
an error until it tries the krb5 init_sec_context.
ticket: 6936
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25591 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In spnego_gss_ctx_id_rec, store the set of negotiable mechanisms as
well as the currently selected internal_mech, which becomes an alias
into mech_set. In init_ctx_reselect, locate the acceptor's counter-
proposal in sc->mech_set and consider the token defective if it is not
found.
ticket: 7053
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25590 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If krb5_server_decrypt_ticket_keytab doesn't find a key of the
appropriate enctype in an iterable keytab, it returns 0 (without
decrypting the ticket) due to a misplaced initialization of retval.
This bug causes kinit -k to claim "keytab entry valid" when it
shouldn't. Reported by mark@mproehl.net.
ticket: 7051
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25584 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7050
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25571 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
If a get_credentials operation requires multiple TGS requests, we need
to free the subkey from previous requests before saving a new one.
ticket: 7049
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25536 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
krb5int_fast_prep_req remove tgs from request->padata and needs to
free it. get_creds.c needs to use a fresh FAST state for each TGS
request to avoid leaking armor keys.
ticket: 7026
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25535 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 7048
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25534 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
When the KDC verifies a PAC, it doesn't really need to check the
server signature, since it can't trust that anyway. Allow the caller
to pass only a TGT key.
ticket: 7048
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25532 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Previous to this change, the GSS code avoids caching S4U2Proxy results
for fear of the memory cache growing without bound, but that seems
unlikely to be a serious problem. Allow these to be cached.
ticket: 7047
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25530 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial implementation of client-side S4U2Proxy support did not
allow delegated proxy credentials to be stored (gss_store_cred would
error out, and gss_krb5_copy_ccache would generate a non-working
cache). To make this work, we save the impersonator name in a cache
config variable and in a cred structure field (replacing the
proxy_cred flag), and make the default principal of the proxy cache
the subject principal as the caller would expect for a regular
delegated cred.
ticket: 7046
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25529 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25505 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the client application requests optimistic preauth for a preauth
type which uses the password, we don't have an etype-info2 to
interpret since we haven't talked to the KDC. So we need to guess an
enctype, salt, and s2k parameters. In 1.9 and prior, encrypted
timestamp contained code to use the first requested enctype in this
case, but encrypted challenge did not. In 1.10 prior to this change,
neither mechanism uses a reasonable default.
Set a default enctype in krb5_init_creds_init so that all
password-based preauth mechanisms will use a reasonable default in the
optimistic preauth case. The default salt and s2k parameters for this
case will be the principal-based default salt and the enctype-based
default parameters.
ticket: 7033
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25504 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
ticket: 7038
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25500 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7037
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25499 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix free of uninitialized memory in error case introduced in 1.10
development cycle.
ticket: 7036
tags: pullup
Target_Version: 1.10
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25498 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7035
target_version: 1.10
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25497 dc483132-0cff-0310-8789-dd5450dbe970
|
