| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Define client_addr() in server_stubs.c and use it consistently in that
file and ipropd_svc.c to get the client address from a transport
handle. In it, call getpeername() on the client socket and use
inet_ntop() on the result, instead of using inet_ntoa() on the IPv4
socket address. Provide a log_badauth2 callback to GSSRPC, so that we
get a transport handle instead of an IPv4 socket address, and use
client_addr() within it instead of inet_ntoa().
ticket: 7770
target_version: 1.12
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In ure.c, though k is a short, the literal 1 is of type 'int', and
so the operation 'k + 1' is performed at the (32-bit) width of int,
and therefore the "%d" format string is correct.
In accept_sec_context.c, the 'length' field of krb5_data is an
unsigned type, so checking for a negative value has no effect.
In net-server.c, the helper routine rtm_type_name() is only used
in code that is disabled with #if 0 conditionals; make the
definition also disabled in the same way to avoid warnings of an
unused function.
In kdc_authdata.c, equality checks in double parentheses elicit
a warning from clang. The double-parentheses idiom is normally used
to indicate that an assignment is being performed, but the value of
the assignment is also to be used as the value for the conditional.
Since assignment and equality checking differ only by a single
character, clang considers this worthy of a warning. Since the extra
set of parentheses is redundant and against style, it is correct to
remove them.
In several places (sim_server.c, dump.c, kdb5_destroy.c,
ovsec_kadmd.c), there are declarations of extern variables relating
to getopt() functionality that are now unused in the code. Remove
these unused variables.
|
| |
|
|
|
|
| |
The krb5_db_store_master_key{,_list} functions return a
krb5_error_code, and do not necessarily set errno on failure.
Use the correct variable while reporting errors with com_err().
|
| |
|
|
|
|
|
|
|
| |
Use WELLKNOWN/ANONYMOUS@realm as the default principal for kadmin -n,
just like we do for kinit -n.
ticket: 7741 (new)
target_version: 1.12
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The krb5 implementation of gss_display_name() reports the name type as
GSS_C_NT_ANONYMOUS if the client uses an anonymous principal. Accept
this name type in gss_name_to_string and gss_to_krb5_name so that
anonymous kadmin can work.
Also improve code hygiene: call gss_name_to_string from
gss_to_krb5_name to reduce code repetition; use gss_oid_equal instead
of pointer comparison for name types; and don't assume that the
gss_display_name result buffer is zero-terminated.
ticket: 7740 (new)
target_version: 1.12
tags: pullup
|
| |
|
|
|
| |
After recent changes, krb5_dbe_lookup_actkvno cannot yield an empty
list and cannot return KRB5_KDB_NOACTMASTERKEY.
|
| |
|
|
|
|
|
|
|
| |
kdb5_util update_princ_encryption should update to the active master
key version, not the most recent.
ticket: 6507
target_version: 1.12
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
kdb5_util list_mkeys was beginning lines with "KNVO" instead of
"KVNO". kdb5_util purge_mkeys was displaying "follwing" instead of
"following" for both dry-run and normal cases.
ticket: 7730 (new)
target_version: 1.12
tags: pullup
|
| |
|
|
|
|
| |
If the error code is out of [0,127] range, assign it to KRB_ERR_GENERIC.
This fix is to correct the previous behavior with [0,128] range.
For more information see krb5_err.et
|
| |
|
|
|
|
| |
Get rid of "flags" bitfields and just use boolean values, to make the
internal contracts for dump and load functions more precise. Rename
"add_update" to "iprop_load" and reverse its sense.
|
| |
|
|
|
|
|
|
| |
If we are doing a full load, do not touch the ulog header until after
we promote the temporary DB to live. This avoids the same bugs as the
#7588 fix, but more robustly. Based on a patch from Richard Basch.
ticket: 7695
|
| |
|
|
|
|
|
|
|
|
| |
kdb5_util update_princ_encryption iterates over the KDB and writes
modified entries. With the DB2 back end, the first write operation
has to upgrade the lock and reopen the DB, which resets the cursor
state. Take out an explicit write lock before iterating to avoid this
step.
ticket: 7684 (new)
|
| |
|
|
|
|
|
| |
Make the purgekeys RPC allow self-service, like the chpass and chrand
RPCs.
ticket: 7681 (new)
|
| |
|
|
|
|
|
|
|
| |
Add kadmin support for "addprinc -nokey", which creates a principal
with no keys, and "purgekeys -all", which deletes all keys from a
principal. The KDC was modified by #7630 to support principals
without keys.
ticket: 7679 (new)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make
sure to use DEFINES for local defines (not DEFS). Remove some other
unnecessary makefile content.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kpasswd service provided by kadmind was vulnerable to a UDP
"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.
Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.
Thanks to Vincent Danen for alerting us to this issue.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C
ticket: 7637 (new)
target_version: 1.11.3
tags: pullup
|
| |
|
|
|
|
| |
fclose() might overwrite the errno value from fprintf, causing us to
return success when we shouldn't. Record the errno value at the time
of the fprintf failure.
|
| |
|
|
|
|
|
| |
If we fail to write the pid to the pid file, we should still close the
file before returning from write_pid_file(). The consequences of this
bug are trivial because kadmin is just going to exit regardless.
Reported by Will Fiveash <will.fiveash@oracle.com>.
|
| | |
|
| |
|
|
| |
Based on a patch from Xi Wang <xi@mit.edu>.
|
| |
|
|
|
|
|
|
|
|
|
| |
If an iprop slave tries to load a dump from the master and it fails,
reset the ulog header so we take another full dump, instead of
reporting that the slave is current when it isn't. Reported by
Richard Basch <basch@alum.mit.edu>.
ticket: 7588
target_version: 1.11.2
tags: pullup
|
| |
|
|
|
|
|
| |
Commit 0780e46fc13dbafa177525164997cd204cc50b51 matched a %ld format
string with the integer 0, which is an int rather than a long. Just
put 0 in the format string instead. Noted by David Benjamin
<davidben@mit.edu>.
|
| |
|
|
|
|
|
|
|
|
|
| |
k5srvutil is a little more convenient to use for rolling keys than
kadmin is. When migrating off 1DES, though, it may be desirable to
explicitly specify the desired keysalts. This adds an option, -e, to
k5srvutil to specify desired keysalts.
[ghudson@mit.edu: style fix; make whitespace in keysalt list work]
ticket: 7589 (new)
|
| |
|
|
|
|
| |
Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.
|
| |
|
|
|
| |
Reformat and simplify dump.c code according to current coding
standards. No functional changes except for some error messages.
|
| |
|
|
|
|
|
| |
When dumping, use a common iterator function to unpack the dump_args
structure, unparse and filter the principal name, and convert master
keys. Add helper functions to dump and load the "octets or -1" format
used for optional binary fields in the current dump format.
|
| |
|
|
|
|
| |
Without changing anything (except to make a few internal functions
static), reorder dump.c to bottom-up order so that forward function
declarations aren't needed.
|
| |
|
|
|
|
|
| |
Get rid of the code to dump and load -b6 and -old format dump files.
Loading these versions hasn't worked since at least 1.3.
ticket: 7564 (new)
|
| |
|
|
|
|
| |
kadm5_create_principal now uses a random key if passed a null
password, so we don't need a multi-step process to create admin
principals when creating a database any more.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some versions of clang report an uninitialized variable warning (which
we treat as an error) in process_k5beta_record. Due to the if-ladder
style of the function, uninitialized tmpint values can be copied
around in certain error cases, although the garbage values would be
ultimately ignored. As a minimal fix, initialize the tmpint
variables.
ticket: 7560 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the master iprop log is reinitialized to serial number 0, slaves
will need to take a full dump--but after that happens, we need to know
whether the slave has taken that full dump, we we don't offering full
dumps indefinitely.
So, record a timestamp in kdb_last_time when we reinitialize the log
header, and compare the slave timestamp to kdb_last_time whenever it
has the current serial number, even if it's 0. Test this by
performing a propagation with sno 0 in t_iprop.py and detecting
whether kpropd gets a second UPDATE_FULL_RESYNC_NEEDED response from
kadmind.
ticket: 7550 (new)
|
| |
|
|
|
|
|
|
|
| |
The error message was missing a newline, and the exit behavior causes
the database to be destroyed.
ticket: 7370
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
| |
Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.
In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.
ticket: 7385
|
| |
|
|
|
|
|
|
|
|
|
| |
cea0b28045b262b1098f17f17f78b2efbf89a6c1 contained an incorrect
definition of DPRINT. Fix it.
[ghudson@mit.edu: commit message]
ticket: 7525 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
|
| |
Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header. For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In kdc_util.c and spnego_mech.c, error returns from ASN.1 length
functions could be ignored because they were assigned to unsigned
values. In spnego_mech.c, two buffer size checks could be rewritten
to reduce the likelihood of pointer overflow. In dump.c and
kdc_preauth.c, calloc() could be used to simplify the code and avoid
multiplication overflow. In pkinit_clnt.c, the wrong value was
checked for a null result from malloc(), and the code could be
simplified.
Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>.
ticket: 7488
|
| |
|
|
|
|
|
|
|
|
|
| |
The LDAP module doesn't support locking. There's code to ignore this
in load but not in dump. dump used to only lock for iprop dumps, but
now locks all the time after e65a16d898f3a686525e83661f4fd86c76e27bbf
(#7384), causing it to fail with LDAP.
ticket: 7445 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
The old man pages are gone, so we can't install them anymore.
Also clean up install and install-unix targets that were installing
the old man pages by hand.
|
| |
|
|
|
|
|
| |
We generate man pages from RST sources now; they are checked into
the tree in src/man/.
The gen-manpages directory is no longer needed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a kdb5_util load gets killed between rename()ing the new KDB file
into place and resetting the iprop ulog then the ulog can reflect the
pre-load state, which will almost certainly be incorrect.
This matters because we want to impose a timeout on full resyncs in
kpropd when iprop dictates that a full resync is needed, and the
simplest timeout scheme involves signaling the kdb5_util load process.
But also, we want no such races in general.
The fix is simple: re-initialize the ulog before renaming the new KDB
file into place, then proceed as usual. If the ulog is not properly
updated at the end of the load it will at least always result in
subsequent iprop get updates operations always indicating that a full
resync is required.
ticket: 7399
|
| |
|
|
| |
ticket: 7384
|
| |
|
|
| |
[ghudson@mit.edu: split out from previous commit]
|
| |
|
|
| |
ticket: 7370
|
| |
|
|
|
|
|
|
|
|
|
|
| |
New options:
-p path-to-kdb5_util
-K path-to-kprop
-F dump-file
These are needed for testing without first having to install.
ticket: 7372
|
| |
|
|
| |
Make DPRINT a varargs macro and add some new debug prints.
|
| |
|
|
| |
ticket: 7377
|
