krb5.git/src/lib/kadm5, branch kinit-c MIT Kerberos patches Avoid infinite loop on duplicate keysalts 2014-11-20T20:44:04+00:00 Ben Kaduk kaduk@mit.edu 2014-11-20T20:44:04+00:00 c828e7cb137de3559f026dcc552a52162d9ca5cd When duplicate suppression was requested, we would enter an infinite loop upon encountering a duplicate entry, a bug introduced in commit 0918990bf1d8560d74473fc0e41d08d433da1a15 and thus present in release 1.13. Rework the conditional to avoid the loop, at the expense of additional indentation for some of the code. Ticket: 8038 tags: pullup target_version: 1.13.1 
When duplicate suppression was requested, we would enter an
infinite loop upon encountering a duplicate entry, a bug
introduced in commit 0918990bf1d8560d74473fc0e41d08d433da1a15
and thus present in release 1.13.

Rework the conditional to avoid the loop, at the expense of
additional indentation for some of the code.

Ticket: 8038
tags: pullup
target_version: 1.13.1
Return only new keys in randkey [CVE-2014-5351] 2014-09-22T18:20:49+00:00 Greg Hudson ghudson@mit.edu 2014-08-21T17:52:07+00:00 af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca In kadmind's randkey operation, if a client specifies the keepold flag, do not include the preserved old keys in the response. CVE-2014-5351: An authenticated remote attacker can retrieve the current keys for a service principal when generating a new set of keys for that principal. The attacker needs to be authenticated as a user who has the elevated privilege for randomizing the keys of other principals. Normally, when a Kerberos administrator randomizes the keys of a service principal, kadmind returns only the new keys. This prevents an administrator who lacks legitimate privileged access to a service from forging tickets to authenticate to that service. If the "keepold" flag to the kadmin randkey RPC operation is true, kadmind retains the old keys in the KDC database as intended, but also unexpectedly returns the old keys to the client, which exposes the service to ticket forgery attacks from the administrator. A mitigating factor is that legitimate clients of the affected service will start failing to authenticate to the service once they begin to receive service tickets encrypted in the new keys. The affected service will be unable to decrypt the newly issued tickets, possibly alerting the legitimate administrator of the affected service. CVSSv2: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C [tlyu@mit.edu: CVE description and CVSS score] ticket: 8018 (new) target_version: 1.13 tags: pullup 
In kadmind's randkey operation, if a client specifies the keepold
flag, do not include the preserved old keys in the response.

CVE-2014-5351:

An authenticated remote attacker can retrieve the current keys for a
service principal when generating a new set of keys for that
principal.  The attacker needs to be authenticated as a user who has
the elevated privilege for randomizing the keys of other principals.

Normally, when a Kerberos administrator randomizes the keys of a
service principal, kadmind returns only the new keys.  This prevents
an administrator who lacks legitimate privileged access to a service
from forging tickets to authenticate to that service.  If the
"keepold" flag to the kadmin randkey RPC operation is true, kadmind
retains the old keys in the KDC database as intended, but also
unexpectedly returns the old keys to the client, which exposes the
service to ticket forgery attacks from the administrator.

A mitigating factor is that legitimate clients of the affected service
will start failing to authenticate to the service once they begin to
receive service tickets encrypted in the new keys.  The affected
service will be unable to decrypt the newly issued tickets, possibly
alerting the legitimate administrator of the affected service.

CVSSv2: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

[tlyu@mit.edu: CVE description and CVSS score]

ticket: 8018 (new)
target_version: 1.13
tags: pullup
Allow logger.c to work with redirected stderr 2014-08-29T18:51:54+00:00 Tom Yu tlyu@mit.edu 2014-08-26T22:18:02+00:00 a85923073ad2d1f5d0314ab330fd6c5f07749be8 In lib/kadm5/logger.c:krb5_klog_init(), if the configuration requests STDERR logging, call fdopen() using mode "w" instead of "a+", to avoid errors when stderr happens to be opened for write only. ticket: 8001 (new) target_version: 1.13 tags: pullup 
In lib/kadm5/logger.c:krb5_klog_init(), if the configuration requests
STDERR logging, call fdopen() using mode "w" instead of "a+", to avoid
errors when stderr happens to be opened for write only.

ticket: 8001 (new)
target_version: 1.13
tags: pullup
Make randkey update principal mkvno 2014-08-21T17:52:34+00:00 Greg Hudson ghudson@mit.edu 2014-08-18T19:09:41+00:00 05a3b205c5d7ee491a64e24581cb4def3814c05b In kadm5_randkey_principal_3, after updating the principal's keys, update its mkvno tl-data to indicate the master key version we encrypted the new keys with. ticket: 7994 target_version: 1.13 tags: pullup 
In kadm5_randkey_principal_3, after updating the principal's keys,
update its mkvno tl-data to indicate the master key version we
encrypted the new keys with.

ticket: 7994
target_version: 1.13
tags: pullup
Add flag word to KDB iteration APIs 2014-08-02T18:20:33+00:00 Tom Yu tlyu@mit.edu 2014-08-02T18:20:33+00:00 ab009b8568d9b64b7e992ecdb98114e895b4a7ff ticket: 7977 (new) subject: Enable unlocked KDB iteration 
ticket: 7977 (new)
subject: Enable unlocked KDB iteration
Modify k5buf interfaces for easier use 2014-07-30T16:11:38+00:00 Greg Hudson ghudson@mit.edu 2014-07-02T16:03:54+00:00 651f3af251d172361a954f55f2d87561ae42c2d0 Make struct k5buf less opaque and get rid of k5buf-int.h. Make it easy to initialize a k5buf in an error state so that it can be freed in a cleanup handler. Add a function k5_buf_status which returns 0 or ENOMEM. Remove k5_buf_data and k5_buf_len. Rename k5_free_buf to k5_buf_free. Adjust all callers to match. 
Make struct k5buf less opaque and get rid of k5buf-int.h.  Make it
easy to initialize a k5buf in an error state so that it can be freed
in a cleanup handler.  Add a function k5_buf_status which returns 0 or
ENOMEM.  Remove k5_buf_data and k5_buf_len.  Rename k5_free_buf to
k5_buf_free.  Adjust all callers to match.
Remove unused variables 2014-07-12T17:35:45+00:00 Lukas Slebodnik lslebodn@redhat.com 2014-06-21T20:41:08+00:00 43a26c6d8ea9e2a82f780171cd34365911d71228 [ghudson@mit.edu: squashed with similar commits] 
[ghudson@mit.edu: squashed with similar commits]
make depend 2014-07-08T23:36:32+00:00 Greg Hudson ghudson@mit.edu 2014-07-08T23:36:32+00:00 aea099ab5544eefb4d27d8cd963b1247c10dc559 






Include autoconf.h before system headers
2014-07-08T23:19:24+00:00

Greg Hudson
ghudson@mit.edu

2014-07-05T15:50:58+00:00

02a1123cf44381690c28f18ab2c4ba8036200539

Include autoconf.h (either directly or via proxy) before system
headers, so that feature test macros defined there can affect the
system namespace.  Where include order was changed, eliminate some
redundant or unnecessary includes.

ticket: 7961





Include autoconf.h (either directly or via proxy) before system
headers, so that feature test macros defined there can affect the
system namespace.  Where include order was changed, eliminate some
redundant or unnecessary includes.

ticket: 7961







Use k5_setmsg
2014-06-05T15:22:50+00:00

Greg Hudson
ghudson@mit.edu

2014-05-24T16:15:32+00:00

a7b5808b5df9e54ef8a8a7ac24e5faad458ddbce

Replace most calls to krb5_set_error_message with k5_setmsg for
brevity.  Leave alone plugin sources where we don't include k5-int.h
(mostly PKINIT).





Replace most calls to krb5_set_error_message with k5_setmsg for
brevity.  Leave alone plugin sources where we don't include k5-int.h
(mostly PKINIT).