| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
In a build with static libraries, functions tagged with
__attribute__((destructor)) may be executed in any order, not in a
topologically sorted order as they are in shared libraries. This
could result in libcom_err functions being invoked (from another
library's finalizer) after libcom_err has been finalized, which would
(at minimum) result in using a mutex after it is destroyed. To
prevent this kind of problem, disable finalizers in the static build
regardless of whether we have compiler or linker support for them.
Reported by Mihai Serban <mihai.serban@gmail.com>.
|
| |
|
|
|
|
|
|
|
| |
Remove the inaccurate comments "unused" and replace them with
more useful representations of what they mean.
ticket: 7490 (new)
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Document the fact that the key usage type 26 is used by both
KBKRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST and
KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST, while 27 - by
KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY and KRB5_KEYUSAGE_PA_SAM_RESPONSE.
Also, since KRB5_KEYUSAGE_PA_REFERRAL is not actually used in MIT Kerberos
code and is not defined in the latest referrals draft
(http://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-referrals-15)
mark it as "unused".
ticket: 7474
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few places were using the standard C /* comment */ form, but
this is rendered poorly by doxygen through to our Sphinx bridge.
Use the special /**< comment */ form to get doxygen-specific behavior.
If the standard C comment form is used, the full comment (including
start and end markers) is included in the value of the macro, and
Sphinx then tries to treat the end of the comment as the start of
inline markup with no corresponding end-string, which is a warning.
Using the doxygen form of the comment, the contents of the comment
are put in a separate paragraph block, which is inserted in the
body of the generated RST document.
The markup for krb5_rd_priv() had a line that ended with an @c
markup statement without a symbol following it. This confused
doxygen into not parsing any more of the comment. The beginning
of the next line is a macro identifier with markup to auto-linkify it.
In RST, it is not possible to have a link and a terminal font on the
same text, so removing the @c is the appropriate fix.
There are also eleven deprecated functions which are replaced by
the krb5_c_* family of functions. However, referring to this class
of functions as the "krb5_c_" class of functions results in Sphinx
attempting to interpret this statement as a link to a label elsewhere
in the document, and no such label exists. To avoid this warning, use
"krb5_c_*" to refer to the class of functions, which is arguably
more correct anyways.
ticket: 7447
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Our doxygen-to-sphinx documentation bridge only processes typedefs
and not structure definitions, since we almost universally use
typedefs for our data structures. krb5_trace_info is the sole
exception, so bring it into the fold.
While here, flesh out the comment a bit more.
ticket: 7447
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
| |
More specifically, document that this new API was first
introduced in 1.11
ticket: 7460
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The trace messages in krb5int_clean_hostname were outputting the
entire contents of the output buffer (mostly uninitialized garbage)
into the trace log. Since these messages were essentially redundant
with messages in the callers, and were arguably at too low of a level
to begin with, simply remove them.
ticket: 7459 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
Avoid using asterix characters in the documentation for
krb5_unparse_ext_name, since they get intepreted as markdown
punctuation when translated to RST.
ticket: 7452 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
An RFC number has been assigned for the Camellia draft. Add Doxygen
markup to the enctype and cksumtype constants pointing to the
informational RFC.
|
| |
|
|
|
|
| |
ticket: 7431
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
Add an internal json function to make it easier to detect if an object
is empty, and use it to avoid creating a ccache config entry for
preauth module config data if there isn't any to save.
ticket: 7427 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
| |
[ghudson@mit.edu: avoid verto.h header dependency; minor fixes]
ticket: 7426 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7425 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
| |
ticket: 7421
|
| |
|
|
|
|
|
|
|
|
| |
For the responder callback signature, put the closure argument just
after the context, and use KRB5_CALLCONV. These changes make the
signature consistent with most other libkrb5 callbacks.
ticket: 7419 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7417 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
| |
* Read a "pa_config_data" item from an in_ccache, if provided, and add a
callback which client preauth plugins can use to retrieve a string
value from it that's keyed by a string.
* Add a callback which client preauth plugins can use to provide string
key/value pairs to be stored in the ccache.
* Moves the definition of (struct krb5_clpreauth_rock_st) from k5-int.h
to init_creds_ctx.h to try to reduce the number of files that will
need to include k5-json.h to understand k5_json_value.
|
| |
|
|
| |
It's wasn't used and wasn't implemented.
|
| |
|
|
|
|
|
|
|
| |
* Add a krb5int_build_conf_principals() function to allow our get/set
code to directly prune out duplicate config entries.
* Verify that when we specify a pa_type, it affects whether or not we
will use a particular preauth plugin.
* Verify that we correctly save the KDC's preauth type number, that we
tried to answer, to the out_ccache.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* When producing preauth data, keep track of the type of padata in the
KDC's list of acceptable types which prompted the module to produce
padata.
* After obtaining credentials, store that value as a "pa_type"
configuration item in the out_ccache.
* Read that allowed preauth type from an in_ccache, if possible.
* If we have an allowed preauth type, only call "real" modules that
handle that value when filling in responder items and producing a
client request.
ticket: 7414 (new)
|
| |
|
|
|
|
|
|
| |
Add a krb5_get_init_creds_opt_set_in_ccache() function. An input
ccache may hold configuration data which the client libraries can
use to influence their decisions.
ticket: 7413 (new)
|
| |
|
|
|
|
| |
Our traditional practice is to use hex integer literals for flag bits.
Bit shifting can be dangerous because shifting into the sign bit is
undefined. Convert existing bit shift expressions to hex literals.
|
| | |
|
| |
|
|
|
|
| |
We made two sets of incompatible changes to the DAL and libkdb5 API
during development for 1.11 (master key list simplification and policy
extensions), so increment the appropriate version numbers.
|
| | |
|
| |
|
|
|
| |
This follows the design laid out on the project page:
http://k5wiki.kerberos.org/wiki/Projects/Password_response_item
|
| |
|
|
|
|
|
|
|
|
| |
The Camellia enctypes and cksumtypes have received IANA assignments.
Add #defines using those assignments to krb5.h, remove the CAMELLIA
conditional, and enable testing code as appropriate.
The Camellia draft has not received an RFC number yet, so there is no
Doxygen markup for the enctype and cksumtype #defines. That can be
added once the RFC number is known.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a kdb5_util load gets killed between rename()ing the new KDB file
into place and resetting the iprop ulog then the ulog can reflect the
pre-load state, which will almost certainly be incorrect.
This matters because we want to impose a timeout on full resyncs in
kpropd when iprop dictates that a full resync is needed, and the
simplest timeout scheme involves signaling the kdb5_util load process.
But also, we want no such races in general.
The fix is simple: re-initialize the ulog before renaming the new KDB
file into place, then proceed as usual. If the ulog is not properly
updated at the end of the load it will at least always result in
subsequent iprop get updates operations always indicating that a full
resync is required.
ticket: 7399
|
| |
|
|
|
|
|
|
|
|
|
| |
If a master KDC uses only a 64-bit libkadm5srv then there is no reason
to impose any limit on ulog size: the practical maximum will be given by
the filesystem and available storage space.
Even when using a 32-bit libkadm5srv the maximum practical ulog size
will be found easily enough when mmap() fails.
ticket: 7368
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a global dump (the default dump file) for full syncs for iprop.
When a slave asks for a fullsync we kprop the existing global dump to it
if that is good enough, else we dump the DB and send the new global
dump.
Before this change kadmind would run kdb5_util dump -i... each time a
slave asked for a full dump. This was done in a sub-process,
thankfully, but it was still a waste of time and storage (e.g., if one
has a huge KDB).
Also, long dump times might cause a slave to give up (the timeout for
this is now configurable). But since iprop dumps bear a serial number
and timestamp and since slaves will resync from that point forward, it
doesn't matter if the dump we send a slave is fresh as long as it is
fresh enough (i.e., that its sno and timestamp are in the ulog).
Also:
- Rename dumps into place instead of unlink, create, write (but we
still keep the dump ok files as lock files and as a method of
signaling to kprop that the dump is complete).
ticket: 7371
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Make kpropd in iprop mode fork a child to listen for kprops from the
master. The child writes progress and outcome reports to the parent
for each kprop. This fixes a race between asking for a full resync
and setting up a listener socket for it.
- Add runonce (-t) for kpropd do_standalone() too.
- Add a new iprop parameter: iprop_resync_timeout. kpropd will keep
asking for incremental updates while waiting for a full resync to
finish, and will re-request a full resync if kadmind continues to
indicate that one is needed after this timeout passes since the
previous full resync was requested.
- Allow polling intervals less than 10 seconds.
[ghudson@mit.edu: split out debug output changes; note polling interval
change in commit message]
ticket: 7373
|
| | |
|
| |
|
|
| |
Add JSON support based loosely on Heimdal's heimbase code.
|
| |
|
|
| |
Add base64 support based on Heimdal's libroken base64 code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new APIs:
* krb5_get_init_creds_opt_set_responder
* krb5_responder_get_challenge
* krb5_responder_list_questions
* krb5_responder_set_answer
If a caller sets a responder, it will be invoked after preauth modules
have had a chance to review their incoming padata but before they produce
outgoing padata. The responder will be presented a set of questions with
optional challenges. The responder should then answer all questions it knows
how to handle. Both the answers and the challenges are printable UTF-8 and
may contain encoded, structured data specific to the question asked.
Add two new callbacks and one optional method to the clpreauth
interface. The new method (prep_questions) allows modules to ask questions
by setting them in the responder context using one of the new callbacks
(ask_responder_question). The other new callback (get_responder_answer) is
used by the process method to read the answers to the questions asked.
ticket: 7355 (new)
|
| |
|
|
|
|
| |
Since zapfree(str, strlen(str)) won't work for possibly-null values of
str, add a helper zapfreestr() which only calls strlen() if the string
value is non-null.
|
| |
|
|
|
| |
Remove KRB5_PADATA_OTP_CONFIRM pre-authentication data (padata) type
as it is marked as OBSOLETE in RFC 6560.
|
| |
|
|
|
|
|
| |
Implements the client side of RFC 6560. Not all features are
implemented, but it should work for the most common cases.
ticket: 7242 (new)
|
| |
|
|
|
|
|
| |
Add encoders and decoders for the OTP-TOKENINFO, PA-OTP-CHALLENGE,
PA-OTP-REQUEST, and PA-OTP-ENC-REQUEST types from RFC 6560. For more
thorough testing, add support for generating test encodings using
asn1c for sample objects (currently only for the OTP types).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't translate '0' (no error).
Handle WSAEAFNOSUPPORT and WSAEINVAL.
Add Posix->WSA translation.
Add default translation for unrecognized errors.
[ghudson@mit.edu: Merged with master and adjusted comments.]
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7228 (new)
tags: pullup
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This simply adds KADM5_API_VERSION_4 and various fields to the
policy structures:
- attributes (policy-ish principal attributes)
- max_life (max ticket life)
- max_renewable_life (max ticket renewable life)
- allowed_keysalts (allowed key/salt types)
- TL data (future policy extensions)
Of these only allowed_keysalts is currently implemented.
Some refactoring of TL data handling is also done.
ticket: 7223 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add DEFCCNAME, DEFKTNAME, and DEFCKTNAME configure variables to
change the built-in ccache and keytab names.
* Add krb5-config options to display the built-in ccache and keytab
names.
* In the default build, use krb5-config to discover the system's
built-in ccache and keytab names and use them (if not overridden).
This can be controlled with the --with-krb5-config=PATH or
--without-krb5-config configure options.
* Make the built-in ccache name subject to parameter expansion.
ticket: 7221 (new)
|
| |
|
|
|
|
|
| |
Like default_keytab_name and default_client_keytab_name,
default_ccache_name is subject to parameter expansion.
ticket: 7220 (new)
|
| |
|
|
|
|
|
| |
Make the default_keytab_name and default_client_keytab_name variables
subject to parameter expansion.
ticket: 7219 (new)
|
| | |
|
| |
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7215 (new)
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kfw: add int16_t, uint16_t typedefs to win-mac.h
uint16_t is used in chpw.c
include stdlib.h, crtdbg.h in win-mac.h
Allows leak-tracking using built-in msvc tools on windows.
crtdbg.h needs to come _after_ stdlib.h, but _before_ checking for
strdup. Define DEBUG and CRTDBG_MAP_ALLOC for full tracking.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7204 (new)
tags: pullup
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Set the default credential cache name for all processes for the current
user. Currently implemented, for windows only, by setting
HKEY_CURRENT_USER\Software\MIT\Kerberos5:ccname to the specified
ccache name. This will not override the environment variable 'KRB5CCNAME'.
It will override HKEY_LOCAL_MACHINE and 'indirect' registry values.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7199 (new)
tags: pullup
|
