summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* krb5int_pbkdf2_hmac_sha1 fails to set enctype on keyblockEzra Peisach2010-01-091-0/+1
| | | | | | | | | | | krb5int_pbkdf2_hmac_sha1 fails to set enctype on a termporary keyblock - resulting in valgrind picking up on a conditional branch w/ unset value. Initialize value. ticket: 6630 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23622 dc483132-0cff-0310-8789-dd5450dbe970
* Fix t_locate_kdc.c test program after r23613 when krb5_ prefix was removed ↵Zhanna Tsitkov2010-01-081-1/+1
| | | | | | from the names of the static functions in locate_kdc.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23614 dc483132-0cff-0310-8789-dd5450dbe970
* Move kdc related functionality from pac.c into pac_sign.cZhanna Tsitkov2010-01-085-307/+363
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23613 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_dk_string_to_key fails to set enctypeEzra Peisach2010-01-081-0/+1
| | | | | | | | | | Failure to set the enctype before invoking krb5_k_create_key results in potential memory leak. ticket: 6628 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23612 dc483132-0cff-0310-8789-dd5450dbe970
* Set enctype in crypto_tests to prevent memory leaksEzra Peisach2010-01-082-17/+13
| | | | | | | | | | The key caching is causing memory leaks if enctype is not set as the enctype specific cleanup handlers are not called. ticket: 6627 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23611 dc483132-0cff-0310-8789-dd5450dbe970
* Restore interoperability with 1.6 addprinc -randkeyGreg Hudson2010-01-081-0/+28
| | | | | | | | | | | | | The arcfour string-to-key operation in krb5 1.7 (or later) disagrees with the dummy password used by the addprinc -randkey operation in krb5 1.6's kadmin client, because it's not valid UTF-8. Recognize the 1.6 dummy password and use a random password instead. ticket: 6626 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23610 dc483132-0cff-0310-8789-dd5450dbe970
* yarrow code does not initialize keyblock enctype and uses unitialized valueEzra Peisach2010-01-082-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | The yarrow code uses a keyblock that is partially initialized. This results in krb5_k_free_key trying to look up the enctype to call the free handler. One of the valgrind reports: (there are several paths) ==26701== Conditional jump or move depends on uninitialised value(s) ==26701== at 0x40E9AF0: find_enctype (etypes.h:81) ==26701== by 0x40E9C9E: krb5_k_free_key (key.c:91) ==26701== by 0x40D641A: krb5int_yarrow_cipher_init (ycipher.c:49) ==26701== by 0x40D593A: yarrow_gate_locked (yarrow.c:578) ==26701== by 0x40D5349: krb5int_yarrow_output_Block (yarrow.c:423) ==26701== by 0x40D581B: yarrow_output_locked (yarrow.c:553) ==26701== by 0x40D5667: krb5int_yarrow_output (yarrow.c:513) ==26701== by 0x40EBD2D: krb5_c_random_make_octets (prng.c:112) ==26701== by 0x40D4119: krb5int_old_encrypt (old_aead.c:97) ==26701== by 0x40E9696: krb5_k_encrypt_iov (encrypt_iov.c:42) ==26701== by 0x8049554: main (t_encrypt.c:206) ==26701== ticket: 6625 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23609 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_derive_key results in cache with uninitialized valuesEzra Peisach2010-01-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | krb5int_derive_key creates a temporary keyblock to add to the derived cache. krb5_k_free_key will iterate over the derived keys and for ones with cache will lookup the enctype for the key_cleanup handler. Unfortunatly, there isn't a keyblock init function that does not allocate the keyblock - as I suspect this problem will appear in other places. The valgrind log of this problem is: ==7281== Conditional jump or move depends on uninitialised value(s) ==7281== at 0x40E9AE8: find_enctype (etypes.h:81) ==7281== by 0x40E9C96: krb5_k_free_key (key.c:91) ==7281== by 0x40E9C52: krb5_k_free_key (key.c:86) ==7281== by 0x40EBB00: krb5_c_prf (prf.c:87) ==7281== by 0x40E7B1B: prf_plus (cf2.c:77) ==7281== by 0x40E7CE6: krb5_c_fx_cf2_simple (cf2.c:125) ==7281== by 0x804899C: main (t_cf2.c:70) ==7281== with memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23608 dc483132-0cff-0310-8789-dd5450dbe970
* When retrieving the kadmin/history key, accept any enctype, as theGreg Hudson2010-01-071-2/+2
| | | | | | | | | | current master key enctype may not match the one the KDB was created with. ticket: 6546 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23607 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5_auth_con_getauthenticator into copy_athctr.c as a better logical ↵Zhanna Tsitkov2010-01-072-9/+41
| | | | | | location git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23606 dc483132-0cff-0310-8789-dd5450dbe970
* Make preauth_module_dir override, rather than supplement, theGreg Hudson2010-01-071-33/+10
| | | | | | | built-in path list, to avoid problems with running the same preauth module twice. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23602 dc483132-0cff-0310-8789-dd5450dbe970
* Add miising files from rev #23593Zhanna Tsitkov2010-01-072-0/+405
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23600 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_dbe_def_search_enctype more consistent about when it returnsGreg Hudson2010-01-061-27/+23
| | | | | | | KRB5_KDB_NO_PERMITTED_KEY. Now it will return that error if it sees any non-permitted enctypes which match the search criteria. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23599 dc483132-0cff-0310-8789-dd5450dbe970
* Don't return KRB5_KDB_NO_PERMITTED_KEY fromGreg Hudson2010-01-061-1/+2
| | | | | | | | | | | krb5_dbe_def_search_enctype if we previously returned results (i.e. if *start > 0). ticket: 6622 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23597 dc483132-0cff-0310-8789-dd5450dbe970
* Divide copy_auth.c into three files based on the functionality. Namely, Zhanna Tsitkov2010-01-065-321/+45
| | | | | | | | 1. copy/merge authdata 2. KDC related encode authdata 3. decode authdata git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23593 dc483132-0cff-0310-8789-dd5450dbe970
* Since krb5int_validate_times is used only inside krb dir do not export it ↵Zhanna Tsitkov2010-01-063-1/+4
| | | | | | and move its prototype into int-proto.h git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23592 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_validate_times into krb5int_validate_times as it is internal ↵Zhanna Tsitkov2010-01-054-5/+5
| | | | | | function git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23591 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5int_tgtname into krb5_tgtname as an internal functionZhanna Tsitkov2010-01-057-16/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23590 dc483132-0cff-0310-8789-dd5450dbe970
* disable weak crypto by defaultTom Yu2010-01-052-1/+4
| | | | | | | | | Set allow_weak_crypto=false by default. Set default master key enctype to sha256. Adjust test suite to compensate. ticket: 6621 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
* Don't accept AS replies encrypted in enctypes other than the ones weGreg Hudson2010-01-041-0/+18
| | | | | | asked for. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23577 dc483132-0cff-0310-8789-dd5450dbe970
* For the better code modularity keep some "free" routines closer to the ↵Zhanna Tsitkov2010-01-047-177/+100
| | | | | | resource allocators. Also, reindent cleanup in the touched files git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23576 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-01-038-65/+127
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23575 dc483132-0cff-0310-8789-dd5450dbe970
* Enable caching of key-derived context info such as key schedules fromKen Raeburn2010-01-032-18/+60
| | | | | | | | | | | | | one encryption operation to another. Use a new function in the enc_provider structure for cleanup. Implement caching of aes_ctx values. Using Greg's performance tests from the derived-key caching work, on a 2.8GHz Xeon, I see 1 million AES-128 encryptions of 16 bytes improved by 5-6%; encryptions of 1024 bytes and checksums are not significantly affected. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23574 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a case where krb5int_aes_decrypt was trying to encrypt a blockGreg Hudson2010-01-031-1/+1
| | | | | | instead of decrypting it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23573 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_gss_acquire_cred will deref garbage pointer if actual_mechs is NULLEzra Peisach2010-01-031-3/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23572 dc483132-0cff-0310-8789-dd5450dbe970
* Use krb5int_count_etypes in rd_req_decoded_optGreg Hudson2010-01-021-4/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23567 dc483132-0cff-0310-8789-dd5450dbe970
* Factor out copying and counting of zero-terminated enctype lists intoGreg Hudson2010-01-019-102/+102
| | | | | | a new file src/lib/krb5/krb/etype_list.c. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23565 dc483132-0cff-0310-8789-dd5450dbe970
* Declare function as static to avoid compiler warning on missing prototypesEzra Peisach2009-12-311-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23557 dc483132-0cff-0310-8789-dd5450dbe970
* Remove $(TOBJS) for make cleanEzra Peisach2009-12-311-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23556 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize hash_iov, in case of premature error exitKen Raeburn2009-12-311-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23551 dc483132-0cff-0310-8789-dd5450dbe970
* Convert C++ style comments into traditional C commentsKen Raeburn2009-12-311-5/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23550 dc483132-0cff-0310-8789-dd5450dbe970
* Include os-proto.h for _krb5_conf_boolean prototype before declarationEzra Peisach2009-12-301-0/+2
| | | | | | of function. (gcc warning) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23547 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5int_get_domain_realm_mapping into kdc_util.c as this function is a ↵Zhanna Tsitkov2009-12-302-60/+1
| | | | | | helper in kdc code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23546 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate the krb5_set_default_in_tkt_ktypes andGreg Hudson2009-12-301-7/+0
| | | | | | | krb5_set_default_tgs_ktypes during context initialization, as they weren't doing anything. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23545 dc483132-0cff-0310-8789-dd5450dbe970
* Create a separate file for krb5_copy_context for better code modularityZhanna Tsitkov2009-12-293-63/+141
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23538 dc483132-0cff-0310-8789-dd5450dbe970
* Combine the related code into one fileZhanna Tsitkov2009-12-295-143/+55
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23537 dc483132-0cff-0310-8789-dd5450dbe970
* Functions in enc_helper.c serve different code blocks. Split themZhanna Tsitkov2009-12-293-27/+70
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23535 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2009-003 CVE-2009-3295 KDC null deref in referralsTom Yu2009-12-291-0/+3
| | | | | | | | | | | | | On certain error conditions, prep_reprocess_req() calls kdc_err() with a null pointer as the format string, causing a null dereference and denial of service. Legitimate protocol requests can trigger this problem. ticket: 6608 tags: pullup target_version: 1.7.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23533 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new profile variable preauth_module_dir, which specifiesGreg Hudson2009-12-281-5/+48
| | | | | | | | directories to look for preauth plugins in prior to the hardcoded locations. Undocumented for now since, like db_module_dir, this is mostly intended for the test suite. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23531 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5_get_profile back to init_os_ctx.c for now and revert r23519.Greg Hudson2009-12-284-8/+9
| | | | | | | | At this time we link t_etypes against init_ctx.so during "make check", which breaks if init_ctx contains reference to the profile library. More general solutions to this problem are under discussion. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23530 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-285-32/+41
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-2812-34/+228
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* allow testing when offlineKen Raeburn2009-12-281-1/+5
| | | | | | | | | | Define new make variable OFFLINE to "no"; if it's set to "yes", skip the testing of t_locate_kdc, which requires access to mit.edu SRV records. ticket: 6606 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23520 dc483132-0cff-0310-8789-dd5450dbe970
* Include prof_int.h in init_ctx.c instead of init_os_ctx.c,Ken Raeburn2009-12-284-3/+2
| | | | | | corresponding to the moved use of profile_copy in r23484. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23519 dc483132-0cff-0310-8789-dd5450dbe970
* Code modularity related updatesZhanna Tsitkov2009-12-2313-316/+383
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23484 dc483132-0cff-0310-8789-dd5450dbe970
* Remove krb5_ prefix from some static func namesZhanna Tsitkov2009-12-229-102/+111
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23483 dc483132-0cff-0310-8789-dd5450dbe970
* Add a set_cred_option handler for SPNEGO which forwards to theGreg Hudson2009-12-212-1/+25
| | | | | | | | | | | | underlying mechanism. Fixes SPNEGO credential delegation in 1.7 and copying of SPNEGO initiator creds in both 1.7 and trunk. Patch provided by nalin@redhat.com. ticket: 6594 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23482 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a cleanup handler in the store_creds code; krb5_cc_close doesn'tGreg Hudson2009-12-171-2/+2
| | | | | | handle NULL arguments, so we have to check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23480 dc483132-0cff-0310-8789-dd5450dbe970
* Add GSS extensions to store credentials, generate random bitsGreg Hudson2009-12-1715-2/+511
| | | | | | | | | Merge /users/lhoward/gssextras-no-cqa to trunk. Adds gss_pseudo_random and gss_store_cred. ticket: 6597 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23479 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixesGreg Hudson2009-12-161-7/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23477 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-29 12:14:59 +0000