krb5.git/src/lib/krb5/krb, branch master MIT Kerberos patches Include autoconf.h before system headers 2014-07-08T23:19:24+00:00 Greg Hudson ghudson@mit.edu 2014-07-05T15:50:58+00:00 02a1123cf44381690c28f18ab2c4ba8036200539 Include autoconf.h (either directly or via proxy) before system headers, so that feature test macros defined there can affect the system namespace. Where include order was changed, eliminate some redundant or unnecessary includes. ticket: 7961 
Include autoconf.h (either directly or via proxy) before system
headers, so that feature test macros defined there can affect the
system namespace.  Where include order was changed, eliminate some
redundant or unnecessary includes.

ticket: 7961
Fix unlikely null dereference in TGS client code 2014-06-30T22:23:04+00:00 Neng Xue xnsuda@yahoo.com 2014-06-30T21:04:56+00:00 81e503c09ad9aef4a0afc6bf66a0269cde2151f3 If krb5_get_tgs_ktypes fails (due to an out-of-memory condition or an error re-reading the profile), k5_make_tgs_req will dereference a null pointer. Check the return value before dereferencing defenctypes. [ghudson@mit.edu: clarified commit message] ticket: 7952 (new) target_version: 1.12.2 tags: pullup 
If krb5_get_tgs_ktypes fails (due to an out-of-memory condition or an
error re-reading the profile), k5_make_tgs_req will dereference a null
pointer.  Check the return value before dereferencing defenctypes.

[ghudson@mit.edu: clarified commit message]

ticket: 7952 (new)
target_version: 1.12.2
tags: pullup
Fix unlikely null dereference in mk_cred() 2014-06-25T18:40:27+00:00 Nalin Dahyabhai nalin@redhat.com 2014-06-25T16:56:42+00:00 476284de8dc9a52b5544445cb1b316a417ae88f0 If krb5_encrypt_keyhelper() returns an error, the ciphertext structure may contain a non-zero length, but it will already have freed the pointer to its data, making encrypt_credencpart()'s subsequent attempt to clear and free the memory fail. Remove that logic. Based on a patch from Jatin Nansi. ticket: 7948 (new) target_version: 1.12.2 tags: pullup 
If krb5_encrypt_keyhelper() returns an error, the ciphertext structure
may contain a non-zero length, but it will already have freed the
pointer to its data, making encrypt_credencpart()'s subsequent attempt
to clear and free the memory fail.  Remove that logic.

Based on a patch from Jatin Nansi.

ticket: 7948 (new)
target_version: 1.12.2
tags: pullup
Simplify ticket retrieval from AP-REQs 2014-06-11T03:54:41+00:00 Greg Hudson ghudson@mit.edu 2014-06-05T16:03:16+00:00 02de9935648c307098fb69da26f74424da8dde64 After krb5_rd_req_decoded or krb5_rd_req_decoded_anyflag, the ticket (with enc_part2 if we could decrypt it) is accessible via request->ticket; there is no need to copy it. Stop using the ticket parameter of those functions. Where we need to save the ticket beyond the lifetime of the krb5_ap_req, steal the pointer before freeing the request. 
After krb5_rd_req_decoded or krb5_rd_req_decoded_anyflag, the ticket
(with enc_part2 if we could decrypt it) is accessible via
request->ticket; there is no need to copy it.  Stop using the ticket
parameter of those functions.  Where we need to save the ticket beyond
the lifetime of the krb5_ap_req, steal the pointer before freeing the
request.
In KDC, log client principal in bad header ticket 2014-06-11T03:54:41+00:00 rbasch probe@tardis.internal.bright-prospects.com 2014-06-03T22:44:17+00:00 f07516a9f65207b1fb2f9f07b1ec7d3caa51c6be Fix KDC logging to include client principal in TGS_REQ logging even during error conditions such as "Ticket expired". As long as the TGS_REQ can be decrypted and the client principal is available, it should be included in the log, regardless of other errors which might be detected. krb5_rd_req_decoded and krb5_rd_req_decoded_anyflag (not public interfaces) now leave the decrypted ticket in req->ticket->enc_part2 on success or failure, if the ticket was successfully decrypted. This does not affect the behavior of krb5_rd_req. [ghudson@mit.edu: removed extraneous change, added commit message summary and description of internal API change, fixed possible memory leak, removed comment and #if 0 code block of purely historical interest] ticket: 7910 
Fix KDC logging to include client principal in TGS_REQ logging even
during error conditions such as "Ticket expired".  As long as the
TGS_REQ can be decrypted and the client principal is available, it
should be included in the log, regardless of other errors which might
be detected.

krb5_rd_req_decoded and krb5_rd_req_decoded_anyflag (not public
interfaces) now leave the decrypted ticket in req->ticket->enc_part2
on success or failure, if the ticket was successfully decrypted.  This
does not affect the behavior of krb5_rd_req.

[ghudson@mit.edu: removed extraneous change, added commit message
summary and description of internal API change, fixed possible memory
leak, removed comment and #if 0 code block of purely historical
interest]

ticket: 7910
Use k5_setmsg 2014-06-05T15:22:50+00:00 Greg Hudson ghudson@mit.edu 2014-05-24T16:15:32+00:00 a7b5808b5df9e54ef8a8a7ac24e5faad458ddbce Replace most calls to krb5_set_error_message with k5_setmsg for brevity. Leave alone plugin sources where we don't include k5-int.h (mostly PKINIT). 
Replace most calls to krb5_set_error_message with k5_setmsg for
brevity.  Leave alone plugin sources where we don't include k5-int.h
(mostly PKINIT).
Remove DEBUG_ERROR_LOCATIONS support 2014-06-05T15:21:16+00:00 Greg Hudson ghudson@mit.edu 2014-05-24T15:35:30+00:00 ba2879ca8f8ba84d2431a9a40de4ac7ee1e758f8 It wasn't being used and it added too much complexity to the error-handling functions. 
It wasn't being used and it added too much complexity to the
error-handling functions.
Add ASN.1 codec for KKDCP's KDC-PROXY-MESSAGE 2014-06-02T21:58:26+00:00 Nathaniel McCallum npmccallum@redhat.com 2013-09-09T18:23:56+00:00 bb89afd7c59deea855d2818fe36ef7472b4abf2e Handle encoding and decoding [MS-KKDCP] proxy messages, including handling of the additional length bytes. Early versions of [MS-KKDCP] incorrectly omit that the size of the proxied message is prepended to the proxied message, as it is when we're using plain TCP, before encoding the proxy-message structure. This is fixed at least as of version 2.1 of the spec. [nalin@redhat.com: add tests] ticket: 7929 
Handle encoding and decoding [MS-KKDCP] proxy messages, including
handling of the additional length bytes.  Early versions of [MS-KKDCP]
incorrectly omit that the size of the proxied message is prepended to
the proxied message, as it is when we're using plain TCP, before
encoding the proxy-message structure.  This is fixed at least as of
version 2.1 of the spec.

[nalin@redhat.com: add tests]

ticket: 7929
Make x-deltat.y work with bison 3 2014-06-01T04:39:35+00:00 Greg Hudson ghudson@mit.edu 2014-05-29T16:54:50+00:00 ca8207d5ab5482e6d09a52bdb8b139cb5a28a95d Bison 3 removed support for YYPARSE_PARAM and YYLEX_PARAM, breaking x-deltat.y. Use %parse-param and %lex-param instead. (In Bison 3 we could use just %param, but that doesn't work in 2.x.) The parameter added by %parse-param is also passed to yyerror, so adjust the macro we use to suppress yyerror accordingly. Also use "%define api.pure" instead of "%pure_parser", which was deprecated in bison 2.3b. (The correct spelling was actually "%pure-parser", and bison 3 generates a warning about the underscore spelling.) Regenerate deltat.c using the new x-deltat.y and bison 3.0.2. ticket: 7923 
Bison 3 removed support for YYPARSE_PARAM and YYLEX_PARAM, breaking
x-deltat.y.  Use %parse-param and %lex-param instead.  (In Bison 3 we
could use just %param, but that doesn't work in 2.x.)  The parameter
added by %parse-param is also passed to yyerror, so adjust the macro
we use to suppress yyerror accordingly.

Also use "%define api.pure" instead of "%pure_parser", which was
deprecated in bison 2.3b.  (The correct spelling was actually
"%pure-parser", and bison 3 generates a warning about the underscore
spelling.)

Regenerate deltat.c using the new x-deltat.y and bison 3.0.2.

ticket: 7923
Modernize rd_cred.c 2014-05-17T22:42:39+00:00 Greg Hudson ghudson@mit.edu 2014-05-08T16:14:42+00:00 ba1558660f0cbd8639ac323dac11c52f88ac079d Adjust the internal abstractions so that decrypt_encpart is responsible for the fallback from receiving subkey to session key, and krb5_rd_cred is responsible for decoding and calling decrypt_encpart. Rename krb5_rd_cred_basic to make_cred_list since it is now only responsible for constructing the list. 
Adjust the internal abstractions so that decrypt_encpart is
responsible for the fallback from receiving subkey to session key, and
krb5_rd_cred is responsible for decoding and calling decrypt_encpart.
Rename krb5_rd_cred_basic to make_cred_list since it is now only
responsible for constructing the list.