krb5.git/src/kdc, branch master MIT Kerberos patches Include autoconf.h before system headers 2014-07-08T23:19:24+00:00 Greg Hudson ghudson@mit.edu 2014-07-05T15:50:58+00:00 02a1123cf44381690c28f18ab2c4ba8036200539 Include autoconf.h (either directly or via proxy) before system headers, so that feature test macros defined there can affect the system namespace. Where include order was changed, eliminate some redundant or unnecessary includes. ticket: 7961 
Include autoconf.h (either directly or via proxy) before system
headers, so that feature test macros defined there can affect the
system namespace.  Where include order was changed, eliminate some
redundant or unnecessary includes.

ticket: 7961
Fix KDC worker process argument parsing 2014-06-27T20:02:46+00:00 Greg Hudson ghudson@mit.edu 2014-06-18T16:58:39+00:00 1776fd19120d230115527febbd22979eb64ee1ff To create worker processes, the KDC shuts down realms, forks off the worker processes, then reinitializes realms in each child. Reinitializing realms requires making a second pass over the command-line arguments. To do this with getopt, optind must be reinitialized to 1 for each pass; otherwise, no options will be seen the second time around. ticket: 7945 target_version: 1.12.2 tags: pullup 
To create worker processes, the KDC shuts down realms, forks off the
worker processes, then reinitializes realms in each child.
Reinitializing realms requires making a second pass over the
command-line arguments.  To do this with getopt, optind must be
reinitialized to 1 for each pass; otherwise, no options will be seen
the second time around.

ticket: 7945
target_version: 1.12.2
tags: pullup
Tidy up k5-int.h variable name constants 2014-06-16T22:40:21+00:00 Greg Hudson ghudson@mit.edu 2014-06-13T17:52:55+00:00 d4332d0f778b55ccd5ddb05a4cd0b96354da9f39 Fix three mismatched constant names, and properly alphabetize and columnize the lists of definitions. No functional changes. 
Fix three mismatched constant names, and properly alphabetize and
columnize the lists of definitions.  No functional changes.
Simplify ticket retrieval from AP-REQs 2014-06-11T03:54:41+00:00 Greg Hudson ghudson@mit.edu 2014-06-05T16:03:16+00:00 02de9935648c307098fb69da26f74424da8dde64 After krb5_rd_req_decoded or krb5_rd_req_decoded_anyflag, the ticket (with enc_part2 if we could decrypt it) is accessible via request->ticket; there is no need to copy it. Stop using the ticket parameter of those functions. Where we need to save the ticket beyond the lifetime of the krb5_ap_req, steal the pointer before freeing the request. 
After krb5_rd_req_decoded or krb5_rd_req_decoded_anyflag, the ticket
(with enc_part2 if we could decrypt it) is accessible via
request->ticket; there is no need to copy it.  Stop using the ticket
parameter of those functions.  Where we need to save the ticket beyond
the lifetime of the krb5_ap_req, steal the pointer before freeing the
request.
In KDC, log client principal in bad header ticket 2014-06-11T03:54:41+00:00 rbasch probe@tardis.internal.bright-prospects.com 2014-06-03T22:44:17+00:00 f07516a9f65207b1fb2f9f07b1ec7d3caa51c6be Fix KDC logging to include client principal in TGS_REQ logging even during error conditions such as "Ticket expired". As long as the TGS_REQ can be decrypted and the client principal is available, it should be included in the log, regardless of other errors which might be detected. krb5_rd_req_decoded and krb5_rd_req_decoded_anyflag (not public interfaces) now leave the decrypted ticket in req->ticket->enc_part2 on success or failure, if the ticket was successfully decrypted. This does not affect the behavior of krb5_rd_req. [ghudson@mit.edu: removed extraneous change, added commit message summary and description of internal API change, fixed possible memory leak, removed comment and #if 0 code block of purely historical interest] ticket: 7910 
Fix KDC logging to include client principal in TGS_REQ logging even
during error conditions such as "Ticket expired".  As long as the
TGS_REQ can be decrypted and the client principal is available, it
should be included in the log, regardless of other errors which might
be detected.

krb5_rd_req_decoded and krb5_rd_req_decoded_anyflag (not public
interfaces) now leave the decrypted ticket in req->ticket->enc_part2
on success or failure, if the ticket was successfully decrypted.  This
does not affect the behavior of krb5_rd_req.

[ghudson@mit.edu: removed extraneous change, added commit message
summary and description of internal API change, fixed possible memory
leak, removed comment and #if 0 code block of purely historical
interest]

ticket: 7910
Use k5_setmsg 2014-06-05T15:22:50+00:00 Greg Hudson ghudson@mit.edu 2014-05-24T16:15:32+00:00 a7b5808b5df9e54ef8a8a7ac24e5faad458ddbce Replace most calls to krb5_set_error_message with k5_setmsg for brevity. Leave alone plugin sources where we don't include k5-int.h (mostly PKINIT). 
Replace most calls to krb5_set_error_message with k5_setmsg for
brevity.  Leave alone plugin sources where we don't include k5-int.h
(mostly PKINIT).
Refactor KDC option/flag processing 2014-04-28T20:30:37+00:00 Tom Yu tlyu@mit.edu 2014-04-24T21:10:58+00:00 4d08c9abfee0b5978d9db2280c10c85b3bf2ae11 A lot of KDC code was spent copying options to flags, and copying header_ticket flags to the output ticket. Behavior change: previous code didn't copy PROXY from the header_ticket, but this seems to have been a minor bug rather than intentional. This also seems to have been an omission from RFC 4120. 
A lot of KDC code was spent copying options to flags, and copying
header_ticket flags to the output ticket.

Behavior change: previous code didn't copy PROXY from the
header_ticket, but this seems to have been a minor bug rather than
intentional.  This also seems to have been an omission from RFC 4120.
Fix returning KDB_NOENTRY in find_alternate_tgs() 2014-03-18T21:15:17+00:00 Nalin Dahyabhai nalin@dahyabhai.net 2014-02-20T21:01:49+00:00 90cbf4eb60d8ec3c083195ba4a050a31ea36be0b After searching for a cross-realm TGS entry to provide to a client as a referral, if we're all set to return a success code but aren't actually returning an entry, we should be returning an error. We might not do so because we don't compare the right value against NULL. This corrects an error in a redundant check in the patch for CVE-2013-1417. The error in the check cannot occur in practice because the other part of the patch for CVE-2013-1417 prevents it, but static analyzers can flag the erroneous check. [tlyu@mit.edu: edit commit message] ticket: 7881 (new) tags: pullup target_version: 1.12.2 
After searching for a cross-realm TGS entry to provide to a client as a
referral, if we're all set to return a success code but aren't actually
returning an entry, we should be returning an error.  We might not do so
because we don't compare the right value against NULL.

This corrects an error in a redundant check in the patch for
CVE-2013-1417.  The error in the check cannot occur in practice
because the other part of the patch for CVE-2013-1417 prevents it, but
static analyzers can flag the erroneous check.

[tlyu@mit.edu: edit commit message]

ticket: 7881 (new)
tags: pullup
target_version: 1.12.2
Make KDC "status" statements more homogeneous 2014-02-19T19:23:40+00:00 Zhanna Tsitkov tsitkova@mit.edu 2013-12-23T14:23:54+00:00 daa80b9f4a478ce57be08f9dc3b7d5e65c6e7e66 Generally we want KDC status strings to be concise, informative and follow some common rules: - All letters in the status string should be capitalized; - the words in the status phrase are separated by underscore; - abbreviations should be avoided. Some acceptable "standard" acronyms are AS_REQ, TGS_REP etc. - since in almost all cases KDC status is set on error, no need to state this fact as part of the status string; - KDC status string should be an imperative phrase. For example, "DECRYPT_SERVER_KEY". This commit is to modify some KDC status messages to follow this format. Even though KDC status messages are not standardized, it is possible that some administrators use them in the Kerberos log file processing. Hence, the vast majority of them are left unchanged pending further investigation (mostly, feedback from the administrators). 
Generally we want KDC status strings to be concise, informative and follow
some common rules:

- All letters in the status string should be capitalized;
- the words in the status phrase are separated by underscore;
- abbreviations should be avoided.  Some acceptable "standard" acronyms
  are AS_REQ, TGS_REP etc.
- since in almost all cases KDC status is set on error, no need
  to state this fact as part of the status string;
- KDC status string should be an imperative phrase.

For example, "DECRYPT_SERVER_KEY".

This commit is to modify some KDC status messages to follow this format.

Even though KDC status messages are not standardized, it is possible that some
administrators use them in the Kerberos log file processing. Hence, the vast
majority of them are left unchanged pending further investigation (mostly,
feedback from the administrators).
Fix possible null deref in previous 2014-01-01T01:27:00+00:00 Tom Yu tlyu@mit.edu 2014-01-01T00:41:12+00:00 30589b2a1636de9f9b68591f0e546cb0fa21989f My rework of the do_tgs_req.c patch introduced a null deref if decode_krb5_tgs_req() failed. ticket: 7802 
My rework of the do_tgs_req.c patch introduced a null deref if
decode_krb5_tgs_req() failed.

ticket: 7802