krb5.git/src/include, branch gss_cs MIT Kerberos patches Let SPNEGO display mechanism errors 2013-12-18T20:58:55+00:00 Simo Sorce simo@redhat.com 2013-12-17T21:15:14+00:00 d160bc733a3dbeb6d84f4e175234ff18738d9f66 To avoid potential recursion we use a thread local variable that tells us whether the ancestor was called via spnego_gss_display_name(). If we detect recursion, we assume that we returned a com_err code like ENOMEM and call error_message(); in the worst case that will result in an "Unknown error" message. [ghudson@mit.edu: Edited comments and commit message; removed an unneeded line of code.] ticket: 7045 target_version: 1.12.1 tags: pullup 
To avoid potential recursion we use a thread local variable that tells
us whether the ancestor was called via spnego_gss_display_name().  If
we detect recursion, we assume that we returned a com_err code like
ENOMEM and call error_message(); in the worst case that will result in
an "Unknown error" message.

[ghudson@mit.edu: Edited comments and commit message; removed an
unneeded line of code.]

ticket: 7045
target_version: 1.12.1
tags: pullup
Remove unused krb5_context fields 2013-12-18T17:16:23+00:00 Greg Hudson ghudson@mit.edu 2013-12-18T16:59:56+00:00 c91f2a285e77e71bd283483d583c68e76eb3a0dd The vtbl and locate_fptrs fields were ostensibly related to the locate pluggable interface, but weren't actually used. 
The vtbl and locate_fptrs fields were ostensibly related to the locate
pluggable interface, but weren't actually used.
Don't require krb5.conf without KRB5_DNS_LOOKUP 2013-12-16T22:09:00+00:00 Greg Hudson ghudson@mit.edu 2013-12-16T22:09:00+00:00 f7f6403626f26ff7fe7ec1dc5691e5923c8fea93 For a long time we have allowed krb5 contexts to be initialized in the absence of krb5.conf--but only if KRB5_DNS_LOOKUP is defined, presumably on the theory that no KDCs could be contacted without either DNS support or profile configuration. But locate plugins could provide the ability to find KDCs, and some libkrb5 operations (such as IAKERB initiation) could succeed without needing to locate KDCs. Also get rid of the profile_in_memory context flag, since we don't use it any more. 
For a long time we have allowed krb5 contexts to be initialized in the
absence of krb5.conf--but only if KRB5_DNS_LOOKUP is defined,
presumably on the theory that no KDCs could be contacted without
either DNS support or profile configuration.  But locate plugins could
provide the ability to find KDCs, and some libkrb5 operations (such as
IAKERB initiation) could succeed without needing to locate KDCs.

Also get rid of the profile_in_memory context flag, since we don't use
it any more.
Modernize sn2princ.c 2013-12-12T04:56:34+00:00 Greg Hudson ghudson@mit.edu 2013-12-03T21:19:35+00:00 1f728b9333401fd4b8c8a9bbb63cb125d53cd5c8 Refactor and edit sn2princ.c to match current coding style. No behavior changes, except to be less chatty in trace logs. 
Refactor and edit sn2princ.c to match current coding style.  No
behavior changes, except to be less chatty in trace logs.
Add new versions of log_badauth gssrpc callbacks 2013-11-25T22:03:09+00:00 Greg Hudson ghudson@mit.edu 2013-11-25T16:33:35+00:00 4c57a429760a3b3aa89938a13708742675f9548b libgssrpc supports two callbacks for gss_accept_sec_context failures on servers (one for AUTH_GSS and one for AUTH_GSSAPI), which are IPv4-specific. Provide an alternate version which supplies the transport handle instead of the address, so that we can get the address via the file descriptor for TCP connections. ticket: 7770 
libgssrpc supports two callbacks for gss_accept_sec_context failures
on servers (one for AUTH_GSS and one for AUTH_GSSAPI), which are
IPv4-specific.  Provide an alternate version which supplies the
transport handle instead of the address, so that we can get the
address via the file descriptor for TCP connections.

ticket: 7770
Improve default ccache name API documentation 2013-11-22T16:59:04+00:00 Greg Hudson ghudson@mit.edu 2013-11-21T22:30:54+00:00 3e5fe754b9f9742d1c9b1564633d4172277166db Document the lifetime and caching behavior of the krb5_cc_default_name() return value. Document that krb5_cc_set_default_name() may be called with NULL to purge the cached value. Correct a typo in the krb5_cc_default() summary and explicitly reference krb5_cc_default_name(). ticket: 7775 (new) target_version: 1.12 tags: pullup 
Document the lifetime and caching behavior of the
krb5_cc_default_name() return value.  Document that
krb5_cc_set_default_name() may be called with NULL to purge the cached
value.  Correct a typo in the krb5_cc_default() summary and explicitly
reference krb5_cc_default_name().

ticket: 7775 (new)
target_version: 1.12
tags: pullup
Make set_cloexec_fd return void 2013-11-04T18:51:17+00:00 Ben Kaduk kaduk@mit.edu 2013-10-30T18:11:40+00:00 4547a1078afdeeb781307cf4a125baccf2edab02 We never check its return value (causing clang to emit warnings), and its use is primarily in cases where we should continue processing in the event of failure. Just ignore errors from the underlying fcntl() call (if present) and treat this operation as best-effort. The #if 0 code should probably be removed. 
We never check its return value (causing clang to emit warnings),
and its use is primarily in cases where we should continue processing
in the event of failure.  Just ignore errors from the underlying
fcntl() call (if present) and treat this operation as best-effort.

The #if 0 code should probably be removed.
KDC Audit infrastructure and plugin implementation 2013-10-05T00:25:49+00:00 Zhanna Tsitkov tsitkova@mit.edu 2013-07-20T19:47:42+00:00 1003f0173f266a6428ccf2c89976f0029d3ee831 Per project http://k5wiki.kerberos.org/wiki/Projects/Audit The purpose of this project is to create an Audit infrastructure to monitor security related events on the KDC. The following events are targeted in the initial version: - startup and shutdown of the KDC; - AS_REQ and TGS_REQ exchanges. This includes client address and port, KDC request and request ID, KDC reply, primary and derived ticket and their ticket IDs, second ticket ID, cross-realm referral, was ticket renewed and validated, local policy violation and protocol constraints, and KDC status message. Ticket ID is introduced to allow to link tickets to their initial TGT at any stage of the Kerberos exchange. For the purpose of this project it is a private to KDC ticket ID: each successfully created ticket is hashed and recorded into audit log. The administrators can correlate the primary and derived ticket IDs after the fact. Request ID is a randomly generated alpha-numeric string. Using this ID an administrator can easily correlate multiple audit events related to a single request. It should be informative both in cases when the request is sent to multiple KDCs, or to the same KDC multiple times. For the purpose of testing and demo of the Audit, the JSON based modules are implemented: "test" and "simple" audit modules respectively. The file plugins/audit/j_dict.h is a dictionary used in this implememtations. The new Audit system is build-time enabled and run-time pluggable. [kaduk@mit.edu: remove potential KDC crashes, minor reordering] ticket: 7712 target_version: 1.12 
Per project http://k5wiki.kerberos.org/wiki/Projects/Audit

The purpose of this project is to create an Audit infrastructure to monitor
security related events on the KDC.

The following events are targeted in the initial version:
- startup and shutdown of the KDC;
- AS_REQ and TGS_REQ exchanges.  This includes client address and port, KDC
  request and request ID, KDC reply, primary and derived ticket and their
  ticket IDs, second ticket ID, cross-realm referral, was ticket renewed and
  validated, local policy violation and protocol constraints, and KDC status
  message.

Ticket ID is introduced to allow to link tickets to their initial TGT at any
stage of the Kerberos exchange. For the purpose of this project it is a private
to KDC ticket ID: each successfully created ticket is hashed and recorded
into audit log. The administrators can correlate the primary and derived
ticket IDs after the fact.

Request ID is a randomly generated alpha-numeric string. Using this ID an
administrator can easily correlate multiple audit events related to a single
request. It should be informative both in cases when the request is sent to
multiple KDCs, or to the same KDC multiple times.

For the purpose of testing and demo of the Audit, the JSON based modules are
implemented: "test" and "simple" audit modules respectively.
The file plugins/audit/j_dict.h is a dictionary used in this implememtations.

The new Audit system is build-time enabled and run-time pluggable.

[kaduk@mit.edu: remove potential KDC crashes, minor reordering]

ticket: 7712
target_version: 1.12
Add an internal constant-time comparison function 2013-10-03T19:26:00+00:00 Greg Hudson ghudson@mit.edu 2013-10-02T21:55:28+00:00 ac7d07c2cc54e9f07fe81ac4c50bcc80ecc7ac54 k5_bcmp acts similarly to the deprecated Unix bcmp() function, returning zero if two memory regions are equal and nonzero if they are not. It is implemented such that it should take the same amount of time regardless of how many bytes are equal within the memory regions. 
k5_bcmp acts similarly to the deprecated Unix bcmp() function,
returning zero if two memory regions are equal and nonzero if they are
not.  It is implemented such that it should take the same amount of
time regardless of how many bytes are equal within the memory regions.
Support authoritative KDB check_transited methods 2013-09-25T14:49:56+00:00 Greg Hudson ghudson@mit.edu 2013-09-25T14:40:23+00:00 0406cd81ef9d18cd505fffabba3ac78901dc797d In kdc_check_transited_list, consult the KDB module first. If it succeeds, treat this as authoritative and do not use the core transited mechanisms. Modules can return KRB5_PLUGIN_NO_HANDLE to fall back to core mechanisms. ticket: 7709 
In kdc_check_transited_list, consult the KDB module first.  If it
succeeds, treat this as authoritative and do not use the core
transited mechanisms.  Modules can return KRB5_PLUGIN_NO_HANDLE to
fall back to core mechanisms.

ticket: 7709