krb5.git/src/kadmin/server, branch keyring MIT Kerberos patches Clean up the code to eliminate some clang warnings 2013-11-04T18:51:17+00:00 Ben Kaduk kaduk@mit.edu 2013-10-30T18:51:12+00:00 3a8eaa43045fb242739ad9729bb66f915be209b9 In ure.c, though k is a short, the literal 1 is of type 'int', and so the operation 'k + 1' is performed at the (32-bit) width of int, and therefore the "%d" format string is correct. In accept_sec_context.c, the 'length' field of krb5_data is an unsigned type, so checking for a negative value has no effect. In net-server.c, the helper routine rtm_type_name() is only used in code that is disabled with #if 0 conditionals; make the definition also disabled in the same way to avoid warnings of an unused function. In kdc_authdata.c, equality checks in double parentheses elicit a warning from clang. The double-parentheses idiom is normally used to indicate that an assignment is being performed, but the value of the assignment is also to be used as the value for the conditional. Since assignment and equality checking differ only by a single character, clang considers this worthy of a warning. Since the extra set of parentheses is redundant and against style, it is correct to remove them. In several places (sim_server.c, dump.c, kdb5_destroy.c, ovsec_kadmd.c), there are declarations of extern variables relating to getopt() functionality that are now unused in the code. Remove these unused variables. 
In ure.c, though k is a short, the literal 1 is of type 'int', and
so the operation 'k + 1' is performed at the (32-bit) width of int,
and therefore the "%d" format string is correct.

In accept_sec_context.c, the 'length' field of krb5_data is an
unsigned type, so checking for a negative value has no effect.

In net-server.c, the helper routine rtm_type_name() is only used
in code that is disabled with #if 0 conditionals; make the
definition also disabled in the same way to avoid warnings of an
unused function.

In kdc_authdata.c, equality checks in double parentheses elicit
a warning from clang.  The double-parentheses idiom is normally used
to indicate that an assignment is being performed, but the value of
the assignment is also to be used as the value for the conditional.
Since assignment and equality checking differ only by a single
character, clang considers this worthy of a warning.  Since the extra
set of parentheses is redundant and against style, it is correct to
remove them.

In several places (sim_server.c, dump.c, kdb5_destroy.c,
ovsec_kadmd.c), there are declarations of extern variables relating
to getopt() functionality that are now unused in the code.  Remove
these unused variables.
Accept anonymous GSS names in kadmind 2013-10-30T16:31:00+00:00 Greg Hudson ghudson@mit.edu 2013-10-28T17:09:15+00:00 664f0d779ddc0aaf54a118a98a21ce7d53d81e08 The krb5 implementation of gss_display_name() reports the name type as GSS_C_NT_ANONYMOUS if the client uses an anonymous principal. Accept this name type in gss_name_to_string and gss_to_krb5_name so that anonymous kadmin can work. Also improve code hygiene: call gss_name_to_string from gss_to_krb5_name to reduce code repetition; use gss_oid_equal instead of pointer comparison for name types; and don't assume that the gss_display_name result buffer is zero-terminated. ticket: 7740 (new) target_version: 1.12 tags: pullup 
The krb5 implementation of gss_display_name() reports the name type as
GSS_C_NT_ANONYMOUS if the client uses an anonymous principal.  Accept
this name type in gss_name_to_string and gss_to_krb5_name so that
anonymous kadmin can work.

Also improve code hygiene: call gss_name_to_string from
gss_to_krb5_name to reduce code repetition; use gss_oid_equal instead
of pointer comparison for name types; and don't assume that the
gss_display_name result buffer is zero-terminated.

ticket: 7740 (new)
target_version: 1.12
tags: pullup
Err codes in KRB_ERROR protocol messages are < 128 2013-09-23T16:06:47+00:00 Zhanna Tsitkov tsitkova@mit.edu 2013-09-19T17:11:15+00:00 58ea3bdbfe6330225a2d58dfb00ccf1ad70617fe If the error code is out of [0,127] range, assign it to KRB_ERR_GENERIC. This fix is to correct the previous behavior with [0,128] range. For more information see krb5_err.et 
If the error code is out of [0,127] range, assign it to KRB_ERR_GENERIC.
This fix is to correct the previous behavior with [0,128] range.
For more information see  krb5_err.et
Allow self-service for kadmin purgekeys RPC 2013-07-19T14:08:08+00:00 Greg Hudson ghudson@mit.edu 2013-07-19T14:08:08+00:00 9a735044d70304f22a013a81ab5c2901a64d3719 Make the purgekeys RPC allow self-service, like the chpass and chrand RPCs. ticket: 7681 (new) 
Make the purgekeys RPC allow self-service, like the chpass and chrand
RPCs.

ticket: 7681 (new)
Fix various warnings 2013-06-07T19:19:37+00:00 Greg Hudson ghudson@mit.edu 2013-06-07T19:17:31+00:00 e51c089b745161dd6e1d64998e99d065fc22377e 






Reduce boilerplate in makefiles
2013-05-17T00:09:27+00:00

Greg Hudson
ghudson@mit.edu

2013-05-16T18:21:12+00:00

4b0985f8573840838bcfa8ec1df3dcd39a3dbf15

Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.





Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.







Fix kpasswd UDP ping-pong [CVE-2002-2443]
2013-05-13T16:46:34+00:00

Tom Yu
tlyu@mit.edu

2013-05-03T20:26:46+00:00

cf1a0c411b2668c57c41e9c4efd15ba17b6b322c

The kpasswd service provided by kadmind was vulnerable to a UDP
"ping-pong" attack [CVE-2002-2443].  Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.

Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.

Thanks to Vincent Danen for alerting us to this issue.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C

ticket: 7637 (new)
target_version: 1.11.3
tags: pullup





The kpasswd service provided by kadmind was vulnerable to a UDP
"ping-pong" attack [CVE-2002-2443].  Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.

Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.

Thanks to Vincent Danen for alerting us to this issue.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C

ticket: 7637 (new)
target_version: 1.11.3
tags: pullup







Fix errno hygiene in kadmind write_pid_file
2013-03-29T06:22:12+00:00

Greg Hudson
ghudson@mit.edu

2013-03-29T06:22:12+00:00

fb473d814d5b422c67f2e2e69764edee1fdd9783

fclose() might overwrite the errno value from fprintf, causing us to
return success when we shouldn't.  Record the errno value at the time
of the fprintf failure.





fclose() might overwrite the errno value from fprintf, causing us to
return success when we shouldn't.  Record the errno value at the time
of the fprintf failure.







Fix a trivial file leak writing kadmind pid file
2013-03-26T17:01:29+00:00

Greg Hudson
ghudson@mit.edu

2013-03-25T21:38:41+00:00

47ec1ab146334f94b97e6572904a14ad67ee2524

If we fail to write the pid to the pid file, we should still close the
file before returning from write_pid_file().  The consequences of this
bug are trivial because kadmin is just going to exit regardless.
Reported by Will Fiveash <will.fiveash@oracle.com>.





If we fail to write the pid to the pid file, we should still close the
file before returning from write_pid_file().  The consequences of this
bug are trivial because kadmin is just going to exit regardless.
Reported by Will Fiveash <will.fiveash@oracle.com>.







make depend
2013-03-24T05:30:33+00:00

Greg Hudson
ghudson@mit.edu

2013-03-24T05:30:33+00:00

24c8bacbccc854dc30fd6baee49cdd2bf2557e47