summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* mk_cred: memory managementSam Hartman2011-12-021-1/+1
| | | | | | | | | | | | | | Fix for mk_cred.c: calloc() not malloc() Avoid calling free() in cleanup on uninitialized sub-ptrs if error occurs. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7034 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25496 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust krb5int_decode_tgs_rep, closing a leakGreg Hudson2011-11-231-19/+20
| | | | | | | | Use current practices for parameter naming and resource cleanup. Avoid a leak of local_dec_rep (now named dec_rep) if we take a "goto cleanup" path. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25490 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace, style changes to past two commitsGreg Hudson2011-11-235-76/+84
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25489 dc483132-0cff-0310-8789-dd5450dbe970
* FAST TGSSam Hartman2011-11-237-18/+129
| | | | | | | | | | Implement RFC 6113 FAST TGS support. Includes library support for a varient of explicit TGS armor that has not yet been proposed within the IETF. ticket: 7026 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25488 dc483132-0cff-0310-8789-dd5450dbe970
* FAST: error handling and const keyblockSam Hartman2011-11-232-23/+34
| | | | | | | | | | | | krb5int_fast_process_error: Allow out_padata and retry to be null for TGS case. Refactor function to do more frees in the exit handling and to declare variables at the top. krb5int_fast_reply_key: input keyblock arguments should be const ticket: 7025 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25487 dc483132-0cff-0310-8789-dd5450dbe970
* ticket: newSam Hartman2011-11-233-21/+45
| | | | | | | | | | | | | | | | | subject: FAST PKINIT target_version: 1.10 tags: pullup Per RFC 6113 fast should use the inner request body for the pkinit checksum. We did that on the KDC; now do so on the client. Remove code that explicitly blocked pkinit under FAST. Also, use the reply key *before* the strengthen key is applied when verifying the PADATA_PKINIT_KX. Add FAST pkinit test. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25486 dc483132-0cff-0310-8789-dd5450dbe970
* Use POSIX constants instead of S_IREAD/S_IWRITEGreg Hudson2011-11-221-2/+2
| | | | | | | | S_IREAD and S_IWRITE are ancient names for S_IRUSR and S_IWUSR, and are not defined on some modern platforms (such as Android). Use the POSIX names instead. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25485 dc483132-0cff-0310-8789-dd5450dbe970
* Fix compile error in previous changeGreg Hudson2011-11-221-1/+0
| | | | | | | | | A last-minute code editing mistake crept into the previous commit; fix it. ticket: 7023 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25484 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up client-side preauth error data handlingGreg Hudson2011-11-214-48/+32
| | | | | | | | | | | | | | | | | | | | | | | | Change the clpreauth tryagain method to accept a list of pa-data, taken either from the FAST response or from decoding the e_data as either pa-data or typed-data. Also change the in_padata argument to contain just the type of the request padata rather than the whole element, since modules generally shouldn't care about the contents of their request padata (or they can remember it). In krb5int_fast_process_error, no longer re-encode FAST pa-data as typed-data for the inner error e_data, but decode traditional error e_data for all error types, and try both pa-data and typed-data encoding. In PKINIT, try all elements of the new pa-data list, since it may contain FAST elements as well as the actual PKINIT array. (Fixes an outstanding bug in FAST PKINIT.) ticket: 7023 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25483 dc483132-0cff-0310-8789-dd5450dbe970
* Recognize IAKERB mech in krb5_gss_display_statusGreg Hudson2011-11-211-1/+2
| | | | | | | | | | | | Minor status codes were not displaying properly when originated from the IAKERB mech, because of a safety check on mech_type. From Ralf Haferkamp <rhafer@suse.de>. ticket: 7020 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25482 dc483132-0cff-0310-8789-dd5450dbe970
* Make verto context available to kdcpreauth modulesGreg Hudson2011-11-151-2/+2
| | | | | | | | | | | | Add an event_context callback to kdcpreauth. Adjust the internal KDC and main loop interfaces to pass around the event context, and expose it to kdcpreauth modules via the rock. ticket: 7019 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25475 dc483132-0cff-0310-8789-dd5450dbe970
* Handle TGS referrals to the same realmGreg Hudson2011-11-141-1/+8
| | | | | | | | | | | | | | | krb5 1.6 through 1.8 contained a workaround for the Active Directory behavior of returning a TGS referral to the same realm as the request. 1.9 responds to this behavior by caching the returned TGT, trying again, and detecting a referral loop. This is a partial regression of ticket #4955. Detect this case and fall back to a non-referreal request. ticket: 7016 target_version: 1.9.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25472 dc483132-0cff-0310-8789-dd5450dbe970
* Add consistency check for plugin interface namesGreg Hudson2011-11-131-1/+5
| | | | | | | Add an assertion to ensure that the interface_names table in plugin.c is updated when a new pluggable interface is added. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25471 dc483132-0cff-0310-8789-dd5450dbe970
* Add plugin interface_names entry for ccselectGreg Hudson2011-11-121-1/+2
| | | | | | | | | | | | When the ccselect pluggable interface was added, the interface_names table wasn't updated, so configuring modules for it wouldn't work. Add it now. ticket: 7015 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25470 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid looping when preauth can't be generatedGreg Hudson2011-11-113-4/+15
| | | | | | | | | | | | | | | | | If we receive a PREAUTH_REQUIRED error and fail to generate any real preauthentication, error out immediately instead of continuing to generate non-preauthenticated requests until we hit the loop count. There is a lot of room to generate a more meaningful error about why we failed to generate preauth (although in many cases the answer may be too complicated to explain in an error message), but that requires more radical restructuring of the preauth framework. ticket: 6430 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25469 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up more stuff in make cleanGreg Hudson2011-11-042-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25437 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of periods in Python test success messagesGreg Hudson2011-11-034-4/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25432 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_check_clockskew publicGreg Hudson2011-10-317-6/+8
| | | | | | | | | | | | Rename krb5int_check_clockskew to krb5_check_clockskew and make it public, in order to give kdcpreauth plugins a way to check timestamps against the configured clock skew. ticket: 6996 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25424 dc483132-0cff-0310-8789-dd5450dbe970
* Fix intermediate key length in hmac-md5 checksumGreg Hudson2011-10-281-1/+1
| | | | | | | | | | | | When using hmac-md5, the intermediate key length is the output of the hash function (128 bits), not the input key length. Relevant if the input key is not an RC4 key. ticket: 6994 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25418 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_find_authdata publicGreg Hudson2011-10-255-26/+19
| | | | | | | | | | Rename krb5int_find_authdata to krb5_find_authdata and make it public. ticket: 6992 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25414 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor salt computation into libkdb5Greg Hudson2011-10-243-47/+66
| | | | | | | Add a new API krb5_dbe_compute_salt() to determine the salt for a key data entry, and use it in the three places we currently compute salts. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25410 dc483132-0cff-0310-8789-dd5450dbe970
* Fix krb5_cc_set_configGreg Hudson2011-10-201-8/+6
| | | | | | | | | | | | | | | krb5_cc_set_config has been non-functional since r24753 on cache types which don't support removal of credential entries. Fix it by only calling krb5_cc_remove_cred if data is NULL, since krb5_cc_store_cred will do it anyway in the positive case. Also fix an old memory leak in an uncommon error case. ticket: 6987 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25384 dc483132-0cff-0310-8789-dd5450dbe970
* Make reindentTom Yu2011-10-1721-98/+99
| | | | | | | Also fix pkinit_crypto_nss.c struct initializers and add parens to a ternary operator in do_as_req.c for better indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970
* Style policeGreg Hudson2011-10-171-2/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25359 dc483132-0cff-0310-8789-dd5450dbe970
* gssalloc-related fixes to naming_exts.cSam Hartman2011-10-171-28/+31
| | | | | | | | | | | | | renamed kg_data_list_to_buffer_set_nocopy to data_list_buffer_set (since nocopy is no longer guaranteed). removed extra indirection to input krb5_data list. ensured input krb5_data list is always completely freed. no longer returns EINVAL when output buffer set is NULL. fixed krb5_gss_get_name_attribute to use data_to_gss. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25358 dc483132-0cff-0310-8789-dd5450dbe970
* RFC 4120 says that we should not canonicalize using DNS. We cannot getSam Hartman2011-10-171-4/+3
| | | | | | | | | | | | | | that far today, but there's no reason we should fail to use a perfectly good principal name just because DNS is failing. For some services there isn't even a requirement they be in DNS. With AI_ADDRCONFIG there's no reason that Kerberos canonicalization should fail simply because a v6 address is not present, for example. So, if getaddrinfo fails in krb5_sname_to_principal simply use the input hostname uncanonicalized. sn2princ: On getaddrinfo failure use the input git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25357 dc483132-0cff-0310-8789-dd5450dbe970
* Allow rd_priv/rd_safe without remote addressGreg Hudson2011-10-153-12/+18
| | | | | | | | | | | | | | Allow krb5_rd_priv and krb5_rd_safe to work when there is no remote address set in the auth context, unless the KRB5_AUTH_CONTEXT_DO_TIMES flag is set (in which case we need the remote address for the replay cache name). Note that failing to set the remote address can create a vulnerability to reflection attacks in some protocols, although it is fairly easy to defend against--either use sequence numbers, or make sure that requests don't look like replies, or both. ticket: 6978 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25355 dc483132-0cff-0310-8789-dd5450dbe970
* Rename PAC type constants to avoid conflictsGreg Hudson2011-10-152-29/+46
| | | | | | | | Since the PAC type constants are now exposed in krb5.h, give them a KRB5_ prefix so they don't conflict with similar PAC type constants in other packages, like Samba. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25352 dc483132-0cff-0310-8789-dd5450dbe970
* Hide gak_fct interface and arguments in clpreauthGreg Hudson2011-10-154-89/+69
| | | | | | | | | | | | | | | | | | | | | | Remove the gak_fct, gak_data, salt, s2kparams, and as_key arguments of krb5_clpreauth_process_fn and krb5_clpreauth_tryagain_fn. To replace them, add two callbacks: one which gets the AS key using the previously selected etype-info2 information, and a second which lets the module replace the AS key with one it has computed. This changes limits module flexibility in a few ways. Modules cannot check whether the AS key was already obtained before asking for it, and they cannot use the etype-info2 salt and s2kparams for purposes other than getting the password-based AS key. It is believed that of existing preauth mechanisms, only SAM-2 preauth needs more flexibility than the new interfaces provide, and as an internal legacy mechanism it can cheat. Future mechanisms should be okay since the current IETF philosophy is that etype-info2 information should not be used for other purposes. ticket: 6976 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25351 dc483132-0cff-0310-8789-dd5450dbe970
* make dependTom Yu2011-10-146-492/+525
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25344 dc483132-0cff-0310-8789-dd5450dbe970
* Untabify a recent gssapi_alloc.h changeGreg Hudson2011-10-141-1/+2
| | | | | | Also mark the file as using the krb5 C style. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25343 dc483132-0cff-0310-8789-dd5450dbe970
* Fix gssapi_strdupSam Hartman2011-10-141-7/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25342 dc483132-0cff-0310-8789-dd5450dbe970
* gssalloc memory management for gss_buffer_setSam Hartman2011-10-143-9/+26
| | | | | | | | compiles, but untested Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25341 dc483132-0cff-0310-8789-dd5450dbe970
* build profile dll (xpprof32/64.dll) on windowsSam Hartman2011-10-141-1/+1
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25340 dc483132-0cff-0310-8789-dd5450dbe970
* Fix windows fork detectionSam Hartman2011-10-141-6/+10
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25334 dc483132-0cff-0310-8789-dd5450dbe970
* Use gssalloc memory management where appropriateSam Hartman2011-10-1416-65/+66
| | | | | | | | | | gss_buffer_t may be freed in a different module from where they are allocated so it is not safe to use strdup/malloc/calloc/free. similarly, gss_OID_set need to use gssalloc functions. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25332 dc483132-0cff-0310-8789-dd5450dbe970
* Utility functions to move allocations from k5buf/krb5_data to gss_buffer_tSam Hartman2011-10-142-1/+66
| | | | | | | | | | | | On Unix, these simply move the buffer pointer, but on windows they need to reallocated with gssalloc_malloc and coied since the gss_buffer_t may need to be freed in a separate module with potentially mismatched c runtime. Also fix a mismatched parameter warning in generic_gss_copy_oid_set(). Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25331 dc483132-0cff-0310-8789-dd5450dbe970
* Add new header gssapi_alloc.hSam Hartman2011-10-143-1/+67
| | | | | | | | | | | | | | | Contains allocator methods for use with mechanisms and mechglues for allocations that must be made in one module but freed in another. On windows, an allocation made in one module cannot safely be freed in another using the usual c runtime malloc/free; runtime dll mismatch will cause heap corruption in that case. But it is safe to instead directly use HeapAlloc()/HeapFree() specifying the default process heap. For now, this header is not public. If it becomes public strncpy will need to be used instead of strlcpy. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25330 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify gss_indicate_mechs() by using generic_gss_copy_oid_setSam Hartman2011-10-141-52/+3
| | | | | | | | | ...instead of hand-duplicating all the logic therein. Also makes the switch to using gssalloc functions with oid_sets easier. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25329 dc483132-0cff-0310-8789-dd5450dbe970
* Removed unused macrosZhanna Tsitkov2011-10-142-6/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25328 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_pac_sign publicGreg Hudson2011-10-124-17/+14
| | | | | | | | | | | | krb5int_pac_sign was created as a private API because it is only needed by the KDC. But it is actually used by DAL or authdata plugin modules, not the core KDC code. Since plugin modules should not need to consume internal libkrb5 functions, rename krb5int_pac_sign to krb5_pac_sign and make it public. ticket: 6974 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25325 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak in make_gss_checksumGreg Hudson2011-10-071-0/+1
| | | | | | | | | | From greg.mcclement@sap.com. ticket: 6972 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25323 dc483132-0cff-0310-8789-dd5450dbe970
* Minor cleanups to encrypted challengeGreg Hudson2011-10-071-34/+26
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25320 dc483132-0cff-0310-8789-dd5450dbe970
* Use built-in modules for encrypted timestampGreg Hudson2011-10-074-80/+147
| | | | | | | | Break out the encrypted timestamp code from kdc_preauth.c and preauth2.c into built-in modules, allowing admins to disable it and reducing the size of the framework code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25319 dc483132-0cff-0310-8789-dd5450dbe970
* Ditch fast_factor.h since it contains only stubsGreg Hudson2011-10-062-5/+3
| | | | | | | | Leave a comment behind where we called fast_set_kdc_verified(). Remove the call to fast_kdc_replace_reply_key() since it's wrong (encrypted challenge doesn't replace the reply key in that sense). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25317 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize localname on error in gss_localnameGreg Hudson2011-10-061-4/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25316 dc483132-0cff-0310-8789-dd5450dbe970
* Use type-safe callbacks in preauth interfaceGreg Hudson2011-10-062-108/+27
| | | | | | | | | | | | | | | Replace the generic get_data functions in clpreauth and kdcpreauth with structures containing callback functions. Each structure has a minor version number to allow adding new callbacks. For simplicity, the new fast armor key callbacks return aliases, which is how we would supply the armor key as a function parameter. The new client keys callback is paired with a free_keys callback to reduce the amount of cleanup code needed in modules. ticket: 6971 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25315 dc483132-0cff-0310-8789-dd5450dbe970
* Replace gss_pname_to_uid with gss_localname in gssapi32.defSam Hartman2011-10-051-1/+1
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25312 dc483132-0cff-0310-8789-dd5450dbe970
* Don't need to check for fork on windowsSam Hartman2011-10-051-3/+8
| | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25311 dc483132-0cff-0310-8789-dd5450dbe970
* gss_unwrap_iov crashes with stream buffers for 3des, des, rc4Sam Hartman2011-10-051-1/+5
| | | | | | | | | | | | | | Use correct key to determine enctype for KG2 tokens in kg_unseal_stream_iov Tested with AES for a new enctype and 3DES for an old enctype. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 6970 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25309 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 22:47:10 +0000