| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
Calls to gssint_mecherrmap_map_errcode would result in calling
mecherror_copy with a zero-length mech OID, which would result in an
OID with 0 for length and malloc(0) for elements. On platforms which
return non-null from malloc(0), gssint_mecherrmap_destroy() wouldn't
free the elements pointer.
Avoid calling malloc(0) and don't use the length field to decide
whether to free an elements pointer.
|
| |
|
|
|
|
|
|
|
|
|
| |
gss_str_to_oid wasn't outputting any bytes for a zero-valued arc. It
should output one byte with value 0.
[ghudson@mit.edu: commit message]
ticket: 7523 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
| |
The final fallback for krb5_timestamp_to_sfstring() is an explicit
European date-order format string passed to sprintf(). This can be
confused with a conventional US date format. Because we attempt to
build a strftime() replacement anyway, and we try passing some
unambiguous ISO 8601 date and time formats to strftime(), remove this
final fallback.
ticket: 7518 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_timestamp_to_string() can produce ambiguous dates. The final
fallback, "%d/%m/%Y %R", contains a European order date format that
can be confused with a US date format. Add some additional strftime()
format strings, including locale-dependent formats and some ISO 8601
formats. Remove the hardcoded strftime() format that had an ambiguous
date order.
ticket: 7458
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The clpreauth rock had become a collection of alias pointers into the
init_creds context structure. Get rid of it and just pass the context
(suitably casted) to clpreauth modules. Simplify the signatures of
k5_preauth(), k5_preauth_tryagain(), process_pa_data(), and
fill_response_items() by referencing fields from the init_creds
context.
Since we can't use the non-nullity of rock->selected_preauth_type to
determine whether to record the selected preauth type, k5_preauth now
reports it in an output parameter, and get_in_tkt.c decides whether or
not to record it.
|
| |
|
|
|
|
|
| |
If the for loop never consults any preauth modules and must_preauth is
false, we might never set ret, so we need to initialize it. The bug
was introduced in 5c23bce0e8d3328bb36bc85ee10cfac486b8ae9b and is
detected by some versions of gcc with -O2.
|
| |
|
|
|
|
|
|
|
| |
clntraw_create has been broken since inception; on the first call, it
would compute invalid values of xdrs and client and dereference them.
Fix that. (This is pretty strong evidence that no one has ever used
it.) Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>.
ticket: 7511
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial k5test.py design, copied from the dejagnu suite, is to
create config files and environments for four expected roles: client,
server, master, and slave. This approach exaggerates the complexity
of the common case, where the configurations don't need to vary, and
limits us to having just one slave for kprop/iprop tests.
Instead, create just one configuration by default, and add a
special_env() method which sets up a differently configured
environment for the few test cases which need one. The run_as_*()
methods are collapsed into just run(), which accepts an optional
argument for the environment returned by special_env().
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If we are responding to a KDC_ERR_PREAUTH_REQUIRED and cannot
preauthenticate, report the error from the first real preauth type we
tried.
k5_preauth() now accepts a boolean input indicating that it must
succeed on a real preauth type, instead of returning a boolean saying
whether or not it did.
ticket: 7517 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The preauth functions are internal to libkrb5, so use the k5_ prefix,
don't use KRB5_CALLCONV, and prototype them in int-proto.h. Also
remove krb5_do_preauth from the Unix libkrb5 export list.
Reorder the k5_preauth() and k5_preauth_tryagain() arguments for more
consistency with the clpreauth interface, and put the output padata
arguments at the end.
Rename any remaining uses of "kcontext" to "context" in preauth2.c.
|
| |
|
|
|
|
|
|
| |
With one exception (KRB5_PADATA_PKINIT_KX), every padata type
processed by a clpreauth module is now a real preauthentication type.
Reduce the amount of boilerplate required for a clpreauth module by
making the flags method optional if all of the preauth types
advertised by the module are real.
|
| |
|
|
|
|
|
|
| |
In preauth2.c, use wrapper functions for calls to clpreauth functions.
Get rid of the expanded-out module table, instead using a helper
function to find the handle for a preauth type. Replace use counts
with a list of previously processed pa types. Check for pa type
conflicts when loading clpreauth modules.
|
| |
|
|
|
|
|
| |
Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header. For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.
|
| |
|
|
|
|
| |
In krb5_get_init_creds_password and krb5_get_init_creds_keytab, save
the extended error before retrying against the master KDC, and restore
that state if returning the error from the original request.
|
| | |
|
| |
|
|
|
|
|
| |
Fix style issues in kerrs.c and errors.c. Rename error handling
functions to use shorter k5_ prefix. Eliminate an inoperable
krb5int_set_error() call in gic_opte_alloc and convert the other
call to use krb5_set_error_message().
|
| |
|
|
|
|
|
|
|
|
|
| |
If a question's challenge is NULL, it is unnecessarily difficult for a
responder callback to detect whether it was asked. So it's better to
use an empty challenge when there is no challenge data to communicate.
Do this for the "password" question.
ticket: 7499 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In kdc_util.c and spnego_mech.c, error returns from ASN.1 length
functions could be ignored because they were assigned to unsigned
values. In spnego_mech.c, two buffer size checks could be rewritten
to reduce the likelihood of pointer overflow. In dump.c and
kdc_preauth.c, calloc() could be used to simplify the code and avoid
multiplication overflow. In pkinit_clnt.c, the wrong value was
checked for a null result from malloc(), and the code could be
simplified.
Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>.
ticket: 7488
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add entries to OBJS and SRCS as well as STLIBOBJS.
Use KRB5_CALLCONV at function definition as well as declaration.
Declare missing variable in _WIN32-conditional code.
ticket: 7479 (new)
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
| |
Since r25120, kill_conn() has been responsible for closing and
invalidating conn->fd. In the unlikely event that the KDC sends a TCP
response to us before we send a TCP request, we were cleaning up the
socket again, which is useless (though also harmless). Get rid of
that code.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the second part of the first pass over the server list, we passed
the wrong list pointer to service_fds, causing it to see only a subset
of the server entries corresponding to sel_state. This could cause
service_fds to spin if an event is reported on an fd not in the
subset.
ticket: 7454
target_version: 1.10.4
tags: pullup
|
| |
|
|
|
|
|
|
| |
Fix memory leak.
ticket: 7457
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Our doxygen-to-sphinx documentation bridge only processes typedefs
and not structure definitions, since we almost universally use
typedefs for our data structures. krb5_trace_info is the sole
exception, so bring it into the fold.
While here, flesh out the comment a bit more.
ticket: 7447
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The trace messages in krb5int_clean_hostname were outputting the
entire contents of the output buffer (mostly uninitialized garbage)
into the trace log. Since these messages were essentially redundant
with messages in the callers, and were arguably at too low of a level
to begin with, simply remove them.
ticket: 7459 (new)
target_version: 1.11
tags: pullup
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add camellia256-cts-cmas and camellia128-cts-cmac to the default
permitted_enctypes, default_tkt_enctypes, and default_tgs_enctypes
lists, to simplify deployment of Camellia. The new enctypes still
aren't on supported_enctypes, so won't be in the set of long-term keys
for principals without administrator intervention.
ticket: 7446 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
| |
Release the cc_config_in and cc_config_out fields of a
krb5_init_creds_context when freeing the context.
ticket: 7428 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
Add an internal json function to make it easier to detect if an object
is empty, and use it to avoid creating a ccache config entry for
preauth module config data if there isn't any to save.
ticket: 7427 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
| |
The fencepost error was illusory.
|
| |
|
|
|
|
|
|
|
| |
Move where we record the selected preauth type so that we never record
an informational preauth type, only a real one.
ticket: 7422 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7420 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
For the responder callback signature, put the closure argument just
after the context, and use KRB5_CALLCONV. These changes make the
signature consistent with most other libkrb5 callbacks.
ticket: 7419 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
Some recently added test programs under lib/krb5 didn't have their
source files added to the appropriate Makefile.in variables, and
weren't getting dependencies as a result.
ticket: 7418 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7417 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
* Save the vendor name of the token we used to create the challenge.
* If we saved the name of a token vendor previously, prune out any
tokeninfos which contain different vendor names.
ticket: 7416 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
Commit bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41 altered the internal
contracts relating to salts, but neglected to adjust the sam2 preauth
code to match. Do that now.
ticket: 7415 (new)
target_version: 1.11
tags: pullup
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Read a "pa_config_data" item from an in_ccache, if provided, and add a
callback which client preauth plugins can use to retrieve a string
value from it that's keyed by a string.
* Add a callback which client preauth plugins can use to provide string
key/value pairs to be stored in the ccache.
* Moves the definition of (struct krb5_clpreauth_rock_st) from k5-int.h
to init_creds_ctx.h to try to reduce the number of files that will
need to include k5-json.h to understand k5_json_value.
|
| |
|
|
|
|
|
|
|
| |
* Add a krb5int_build_conf_principals() function to allow our get/set
code to directly prune out duplicate config entries.
* Verify that when we specify a pa_type, it affects whether or not we
will use a particular preauth plugin.
* Verify that we correctly save the KDC's preauth type number, that we
tried to answer, to the out_ccache.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* When producing preauth data, keep track of the type of padata in the
KDC's list of acceptable types which prompted the module to produce
padata.
* After obtaining credentials, store that value as a "pa_type"
configuration item in the out_ccache.
* Read that allowed preauth type from an in_ccache, if possible.
* If we have an allowed preauth type, only call "real" modules that
handle that value when filling in responder items and producing a
client request.
ticket: 7414 (new)
|
| |
|
|
|
|
|
|
| |
Add a krb5_get_init_creds_opt_set_in_ccache() function. An input
ccache may hold configuration data which the client libraries can
use to influence their decisions.
ticket: 7413 (new)
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Make kdc_active_realm a local variable in every function that needs
it. Pass it around in various state structures as needed. Keep the
macros that reference its members remain for now.
|
| |
|
|
|
|
| |
We made two sets of incompatible changes to the DAL and libkdb5 API
during development for 1.11 (master key list simplification and policy
extensions), so increment the appropriate version numbers.
|
| |
|
|
|
|
| |
When adding {str}, {lenstr}, or {data} to trace output, scan for
bytes which might be non-printable, and add them as hex-escaped
versions of themselves if any are found.
|
| | |
|
| | |
|
| | |
|
| | |
|
