krb5.git/src/plugins, branch proxymech MIT Kerberos patches make depend 2013-03-24T05:30:33+00:00 Greg Hudson ghudson@mit.edu 2013-03-24T05:30:33+00:00 24c8bacbccc854dc30fd6baee49cdd2bf2557e47 






Add PEM password prompter callback in PKINIT
2013-03-15T16:07:10+00:00

Nalin Dahyabhai
nalin@redhat.com

2013-03-15T16:05:56+00:00

a8eec52a13ba108b8855aef8cf9dafeb37811d2e

Supply a callack to PEM_read_bio_PrivateKey() using the prompter to
request a password for encrypted PEM data.  Otherwise OpenSSL will use
the controlling terminal.

[ghudson@mit.edu: minor style cleanup, commit message]

ticket: 7590





Supply a callack to PEM_read_bio_PrivateKey() using the prompter to
request a password for encrypted PEM data.  Otherwise OpenSSL will use
the controlling terminal.

[ghudson@mit.edu: minor style cleanup, commit message]

ticket: 7590







Eliminate unused variables
2013-03-15T06:22:42+00:00

Greg Hudson
ghudson@mit.edu

2013-03-15T06:22:42+00:00

5bd6230bb2474bbed754c6d95eeee9c47c461d2c












Initialize status in krb5_ldap_parse_db_params
2013-03-11T20:09:06+00:00

Greg Hudson
ghudson@mit.edu

2013-03-11T20:09:06+00:00

233e97338784196ac610aaaffc74d4e7ba03ca9c

If db_args is non-null but empty, status could be returned without
being initialized; gcc with optimization correctly warns about this,
causing a build failure.  (This bug was introduced by
0b1dc2f93da4c860dd27f1ac997617b712dff383 which was pushed after the
1.11 release branch, so it isn't in any release.)





If db_args is non-null but empty, status could be returned without
being initialized; gcc with optimization correctly warns about this,
causing a build failure.  (This bug was introduced by
0b1dc2f93da4c860dd27f1ac997617b712dff383 which was pushed after the
1.11 release branch, so it isn't in any release.)







Remove stray include in localauth_plugin.h
2013-03-11T17:48:13+00:00

Greg Hudson
ghudson@mit.edu

2013-03-11T17:48:13+00:00

ec217570e20d4702be2830235bad56184d47b1d2

This unnecessary include was causing build failures on some systems by
making libkrb5 sources depend on gssapi.h.





This unnecessary include was causing build failures on some systems by
making libkrb5 sources depend on gssapi.h.







Add tests for localauth interface
2013-03-09T07:03:32+00:00

Greg Hudson
ghudson@mit.edu

2013-02-27T20:00:37+00:00

b8696b1ed70ffebbeee7142f1e5e086d75ce4e30

Create a test module, program, and script to exercise the
krb5_aname_to_localname and krb5_k5userok functions as well as the
localauth pluggable interface.

ticket: 7583





Create a test module, program, and script to exercise the
krb5_aname_to_localname and krb5_k5userok functions as well as the
localauth pluggable interface.

ticket: 7583







Add missing .gitignore entries and clean rules
2013-02-27T21:33:50+00:00

Greg Hudson
ghudson@mit.edu

2013-02-27T21:33:28+00:00

f09c97320e683a2ad0e42df63aeedd16b78c9ad2

ticket: 7585





ticket: 7585







Cleaner fix for #7570
2013-02-15T19:28:42+00:00

Ben Kaduk
kaduk@mit.edu

2013-02-15T16:41:27+00:00

b71f8c4aacea8849ceaf31a2fa95e143f3943097

Remove variables and labels which are no longer needed.





Remove variables and labels which are no longer needed.







PKINIT null pointer deref [CVE-2013-1415]
2013-02-15T19:28:41+00:00

Xi Wang
xi.wang@gmail.com

2013-02-14T23:17:40+00:00

c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed

Don't dereference a null pointer when cleaning up.

The KDC plugin for PKINIT can dereference a null pointer when a
malformed packet causes processing to terminate early, leading to
a crash of the KDC process.  An attacker would need to have a valid
PKINIT certificate or have observed a successful PKINIT authentication,
or an unauthenticated attacker could execute the attack if anonymous
PKINIT is enabled.

CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C

This is a minimal commit for pullup; style fixes in a followup.
[kaduk@mit.edu: reformat and edit commit message]

ticket: 7570 (new)
target_version: 1.11.1
tags: pullup





Don't dereference a null pointer when cleaning up.

The KDC plugin for PKINIT can dereference a null pointer when a
malformed packet causes processing to terminate early, leading to
a crash of the KDC process.  An attacker would need to have a valid
PKINIT certificate or have observed a successful PKINIT authentication,
or an unauthenticated attacker could execute the attack if anonymous
PKINIT is enabled.

CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C

This is a minimal commit for pullup; style fixes in a followup.
[kaduk@mit.edu: reformat and edit commit message]

ticket: 7570 (new)
target_version: 1.11.1
tags: pullup







Modernize k5buf
2013-02-14T16:42:28+00:00

Greg Hudson
ghudson@mit.edu

2013-02-14T16:41:10+00:00

6dda284554a869f7fa1e6d2a035df06c97f103ef

Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity.  Reformat some k5buf implementation code to match current
practices.





Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity.  Reformat some k5buf implementation code to match current
practices.