| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Add a new pluggable interface for local authorization, and replace the
existing krb5_aname_to_localname and krb5_kuserok implementations with
implementations based on the pluggable interface.
ticket: 7583 (new)
|
| |
|
|
|
|
|
|
|
| |
Use $(COMMON_DEPS) instead of $(COMMON_DEPLIBS) for dependencies; the
latter appears to be a typo. Fixes build when using "make -j".
ticket: 7587 (new)
target_version: 1.11.2
tags: pullup
|
| | |
|
| |
|
|
|
|
|
|
|
| |
lookup_etypes_for_keytab was not freeing the keytab entries it
iterated over. Reported by nalin@redhat.com.
ticket: 7586
target_version: 1.11.2
tags: pullup
|
| |
|
|
|
|
|
| |
Rename krb5_free_ktypes to krb5_free_enctypes and add it to the public
API.
ticket: 7584
|
| |
|
|
| |
ticket: 7585
|
| |
|
|
|
|
|
|
|
|
| |
Catch up to the split of preauth_plugin.h into client and
kdc specific portions. While here, use copy's /y flag to suppress
an override-confirmation prompt (though we do not list any dependencies
for this target at the moment, so no such prompt will be generated).
Do not disable library finalizers for windows, erroneously disabled
in 4538146e1452e0966164119cefb0804993ce6bbb.
|
| |
|
|
|
|
|
|
|
|
| |
If dcc_ptcursor_next reached the end of a directory, it called free()
on the directory handle instead of closedir(), causing the directory
fd to be leaked. Call closedir() instead.
ticket: 7573
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
| |
A ccache type's close function is supposed to free the cache container
as well as the type-specific data. dcc_close was not doing so,
causing a small memory leak each time a ccache is created or
destroyed.
ticket: 7574 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Prior to 1.11, it was possible to do SAM-2 preauth exchanges with
multiple hops by sending repeated preauth-required errors with
different challenges (which is not the way multi-hop exchanges are
described in RFC 6113, but it can still work). This stopped working
when SAM-2 was converted to a built-in module. Make it work again.
ticket: 7571 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
| |
Remove variables and labels which are no longer needed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't dereference a null pointer when cleaning up.
The KDC plugin for PKINIT can dereference a null pointer when a
malformed packet causes processing to terminate early, leading to
a crash of the KDC process. An attacker would need to have a valid
PKINIT certificate or have observed a successful PKINIT authentication,
or an unauthenticated attacker could execute the attack if anonymous
PKINIT is enabled.
CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C
This is a minimal commit for pullup; style fixes in a followup.
[kaduk@mit.edu: reformat and edit commit message]
ticket: 7570 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Result code 0 used to be converted properly by krb5_set_password,
though not krb5_change_password; this changed in 1.10 when
krb5int_setpw_result_code_string was folded into
krb5_chpw_result_code_string. Restore the old behavior, and make it
apply to krb5_change_password as well, by making
krb5_chpw_result_code_string convert result code 0.
[ghudson@mit.edu: commit message]
ticket: 7569 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
| |
Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity. Reformat some k5buf implementation code to match current
practices.
|
| |
|
|
|
|
| |
Add a template-based array constructor for convenient marshalling of
structured values as JSON array values. Use it to simplify
export_cred.c.
|
| |
|
|
|
|
|
|
|
| |
Return error codes (0, ENOMEM, or EINVAL) from JSON support functions
instead of returning results directly. This makes error handling
simpler for functions which assemble JSON objects and then return a
krb5_error_code values. Adjust all callers. Use shims in
export_cred.c to minimize changes there; it will be redesigned
internally in a subsequent commit.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
gss_const_ctx_id_t, gss_const_cred_id_t, and gss_const_name_t are
supposed to be const pointers to the appropriate structures, not the
structures themselves. These are not used by any prototypes yet, and
no application would have any reason to use them as they are, so it
should be safe to change them within the public header.
ticket: 7567 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
| |
Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.
|
| |
|
|
|
|
|
| |
Move krb5int_make_tgs_request from gc_via_tkt.c into send_tgs.c,
combine it with krb5int_make_tgs_request_ext (which nothing else
called), and rename the combined function to k5_make_tgs_req. Also
use a typedef for the pacb callback.
|
| |
|
|
|
| |
Bring send_tgs.c up to date with current coding practices. No
functional changes.
|
| |
|
|
|
| |
Use a proper cipher state in the auth context structure, and free it
when the auth context is freed. Simplify mk_priv/rd_priv accordingly.
|
| |
|
|
| |
ticket: 7565 (new)
|
| |
|
|
|
|
| |
Create a K5Realm.kprop_port method so test scripts can invoke kprop
usefully, and create a simple Python test script exercising the same
kprop functionality as the dejagnu suite's kprop.exp.
|
| |
|
|
|
|
|
|
|
|
| |
In krb5_auth_con_initivector and mk_priv/rd_priv, stop assuming that
the enctype's block size is the size of the cipher state. Instead,
make and discard a cipher state to get the size.
ticket: 7561
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
| |
Reformat and simplify dump.c code according to current coding
standards. No functional changes except for some error messages.
|
| |
|
|
|
|
|
| |
When dumping, use a common iterator function to unpack the dump_args
structure, unparse and filter the principal name, and convert master
keys. Add helper functions to dump and load the "octets or -1" format
used for optional binary fields in the current dump format.
|
| |
|
|
|
|
| |
Without changing anything (except to make a few internal functions
static), reorder dump.c to bottom-up order so that forward function
declarations aren't needed.
|
| |
|
|
|
|
|
| |
Get rid of the code to dump and load -b6 and -old format dump files.
Loading these versions hasn't worked since at least 1.3.
ticket: 7564 (new)
|
| |
|
|
|
|
|
|
| |
Move the existing dump/load tests from t_general.py to a new script
t_dump.py. Add additional tests using pre-created dumpfiles, to
exercise the -r18, -r13, -b7, and -ov formats.
bigredbutton: whitespace
|
| |
|
|
|
|
| |
kadm5_create_principal now uses a random key if passed a null
password, so we don't need a multi-step process to create admin
principals when creating a database any more.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some versions of clang report an uninitialized variable warning (which
we treat as an error) in process_k5beta_record. Due to the if-ladder
style of the function, uninitialized tmpint values can be copied
around in certain error cases, although the garbage values would be
ultimately ignored. As a minimal fix, initialize the tmpint
variables.
ticket: 7560 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
| |
Make dec_password a static function in ldap_service_stash.c and remove
some impedance mismatch with krb5_ldap_readpassword() by making it
operate on C strings and return a krb5_error_code.
|
| |
|
|
|
|
|
|
| |
The LDAP KDB module has some code to interpret {FILE} values in stash
files, and set the service_cert_path/pass fields in the ldap context.
But there was no code to actually use those values to do client cert
authentication, so it wasn't useful. Remove the partial
implementation.
|
| |
|
|
|
|
|
|
|
|
|
| |
In fake-addrinfo.c, the COPY_FIRST_CANONNAME logic erroneously assumes
that h_name is the same as h_aliases[0]. Look at h_name before
h_aliases for an FQDN, since h_name is normally the
forward-canonicalized name and h_aliases are not.
[ghudson@mit.edu: rewrote commit message]
ticket: 7556 (new)
|
| |
|
|
|
|
|
|
|
| |
Commit c072b059ecff257e7600be0e86869decd135d422 did not have the
intended effect because, at the point where is_referral is set,
request->server has already been modified to contain server->princ.
ticket: 7555
status: open
|
| |
|
|
|
|
|
|
|
| |
A server response which is a cross-realm TGT is not a referral if it
was directly requested by the client. Misclassifying such a response
as a referral means we don't mirror the request's name type, which has
been observed to break older Java clients.
ticket: 7555 (new)
|
| |
|
|
|
|
| |
Use the oerr parameter to fetch the existing message. Stop handling
oerr == 0, since no call sites were using it. Free the old error
message before returning.
|
| |
|
|
|
|
|
| |
Add a DB option in the LDAP KDB module to turn on debugging messages.
Adapted from a patch by Zoran Pericic <zpericic@inet.hr>.
ticket: 7551 (new)
|
| |
|
|
|
|
|
|
|
|
| |
krb5_ldap_open and krb5_ldap_create contain two large, almost
identical blocks of DB option processing code. Factor it out into a
new function krb5_ldap_parse_db_params in ldap_misc.c, and simplify
the factored-out code. Create a helper function to add server entries
and use it to simplify krb5_ldap_read_server_params as well as DB
option parsing. Since the new DB option helper uses isspace instead
of isblank, we no longer require portability goop for isblank.
|
| |
|
|
|
|
|
|
|
| |
kproplog currently assumes that an iprop log is full once it has
circled--which is true right now but will need to change for
hierarchical slaves. Avoid this assumption by using the correct
index modulus in print_update whether or not the log is full.
Based on a patch from Richard Basch <basch@alum.mit.edu>.
|
| |
|
|
|
|
| |
ticket: 7553
target_version: 1.11.1
tags: pullup
|
| |
|
|
| |
[ghudson@mit.edu: simplify slightly]
|
| |
|
|
|
|
| |
Check the ulog pointer, which is a little more direct, rather than the
ulogfd field. (ulogfd is currently initialized to 0 prior to
ulog_map; we could fix that instead, but this feels simpler.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The db2 DB is not power-fail safe. There's no point trying to
replay an incompletely committed entry from the ulog at kadmind
startup time. For that matter, even if the db2 DB was power-fail
safe there'd be no point replaying an uncommitted entry from the
ulog as the libkadm5srv app (nor any client of it, as in the case of
kadmind) will not have received any notice of success -- it'd be
wrong to complete that operation later when the user thought it'd
failed.
[ghudson@mit.edu: merge with master, adjust comment]
ticket: 7552 (new)
|
| |
|
|
|
|
|
|
| |
Since iprop cannot carry policy changes, force a full resync to happen
each time a policy change occurs. Based on a patch from
Richard Basch <basch@alum.mit.edu>.
ticket: 7522
|
| |
|
|
|
|
|
| |
In k5test.py, allow run_kadminl to take an environment argument. In
t_iprop.py, perform some queries on the slaves after each propagation
to spot-check that it got modifications from master. Use a helper
function to check serial numbers for conciseness.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the master iprop log is reinitialized to serial number 0, slaves
will need to take a full dump--but after that happens, we need to know
whether the slave has taken that full dump, we we don't offering full
dumps indefinitely.
So, record a timestamp in kdb_last_time when we reinitialize the log
header, and compare the slave timestamp to kdb_last_time whenever it
has the current serial number, even if it's 0. Test this by
performing a propagation with sno 0 in t_iprop.py and detecting
whether kpropd gets a second UPDATE_FULL_RESYNC_NEEDED response from
kadmind.
ticket: 7550 (new)
|
| |
|
|
|
| |
ulog_get_entries had an unreachable branch which was removed during
de-indentation.
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a helper predicate to determine whether to log operations. In the
predicate, check if the ulog is actually mapped. Use a single cleanup
label in krb5_db_put_principal. Use a cleanup label in
krb5_db_delete_principal instead of releasing resources individually
at each exit point. Avoid locking and unlocking the ulog if we're not
logging (although it would be a no-op).
Based on a patch from Nico Williams <nico@cryptonector.com>.
|
| |
|
|
|
|
|
|
|
| |
The error message was missing a newline, and the exit behavior causes
the database to be destroyed.
ticket: 7370
target_version: 1.11.1
tags: pullup
|
