summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove some more test suite cruft:Greg Hudson2010-02-281-7/+2
| | | | | | | | | | | | | * localhostname from get_hostname was unused. * database_name is no longer used except (misleadingly) in kdb5_util output. * admin_database_name and admin_database_lockfile are no longer used. * default_domain is only used for v4->v5 principal conversion, which isn't tested. * libkadm5's init-v2.exp had a copy of get_hostname; domain and localhostname from it were unused. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23759 dc483132-0cff-0310-8789-dd5450dbe970
* Two problems in kadm5_get_principal mask handlingGreg Hudson2010-02-241-6/+8
| | | | | | | | | | | | KADM5_MOD_NAME was being applied to entry->principal instead of entry->mod_name. KADM5_MKVNO was not being applied to entry->mkvno. Patch from Marcus Watts <mdw@umich.edu>. ticket: 6668 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23749 dc483132-0cff-0310-8789-dd5450dbe970
* Explain the current SPNEGO initiator/acceptor design in comments. NoGreg Hudson2010-02-221-11/+66
| | | | | | code changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23743 dc483132-0cff-0310-8789-dd5450dbe970
* Fix two unrelated problems in SPNEGO which don't crop up with the krb5Greg Hudson2010-02-221-10/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | mechanism. 1. The third call to spnego_init_accept_context uses faulty logic to determine if the exchange is complete, preventing a third mech token from being sent to the acceptor if no MIC exchange is required. Follow the logic used in the second call (in init_ctx_nego), which is correct. 2. If the acceptor selects a mech other than the optimistic mech, it sets sc->mic_reqd to 1 whether or not the selected mech supports MICs (which isn't known until the mech completes). Most code outside of handle_mic checks sc->mic_reqd along with (sc->ctx_flags & GSS_C_INTEG_FLAG), but the code in acc_ctx_call_acc neglected to do so, so it could improperly delegate responsibility for deciding when the negotiation was finished to handle_mic--which never gets called if (sc->ctx_flags & GSS_C_INTEG_FLAG) is false. Fix acc_ctx_call_acc to check sc->ctx_flags so that mechs which don't support integrity protection can complete if they are selected non-optimistically. ticket: 6603 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23742 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2010-02-201-0/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23740 dc483132-0cff-0310-8789-dd5450dbe970
* Fix cipher state chaining in OpenSSL back endGreg Hudson2010-02-183-61/+90
| | | | | | | | | | | | | | | | | | | | Make cipher state chaining work in the OpenSSL back end for des, des3, and arcfour enc providers. Subtleties: * DES and DES3 have checks to avoid clobbering ivec with uninitialized data if there is no data to encrypt. * Arcfour saves the OpenSSL cipher context across calls. To protect against a caller improperly copying the state (which happens to work with other enc providers), a loopback pointer is used, as in GSSAPI. * EVP_EncryptFinal_ex is unnecessary with stream ciphers and would interfere with cipher state chaining if it did anything, so just remove it. ticket: 6665 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23734 dc483132-0cff-0310-8789-dd5450dbe970
* Add display statements for the encrypted tokens generated by t_encryptGreg Hudson2010-02-171-0/+24
| | | | | | so that its output can be compared between different back ends. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23733 dc483132-0cff-0310-8789-dd5450dbe970
* Remove another remnant of krb4Ken Raeburn2010-02-151-86/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23723 dc483132-0cff-0310-8789-dd5450dbe970
* Clarify the SPNEGO NegHints code and plug two cases where half-createdGreg Hudson2010-02-131-25/+19
| | | | | | context could be leaked. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23722 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify the SPNEGO neg_mechs intersection logic a bit usingGreg Hudson2010-02-121-7/+6
| | | | | | gss_test_oid_set_member. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23717 dc483132-0cff-0310-8789-dd5450dbe970
* Minimal support for updating history keyGreg Hudson2010-02-115-131/+113
| | | | | | | | | | | | | | | | | | Add minimal support for re-randomizing the history key: * cpw -randkey kadmin/history now works, but creates only one key. * cpw -randkey -keepold kadmin/history still fails. * libkadm5 no longer caches the history key. Performance impact is minimal since password changes are not common. * randkey no longer checks the newly randomized key against old keys, and the disabled code to do so in setkey/setv4key is gone, so now only kadm5_chpass_principal_3 accesses the password history. ticket: 6660 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23716 dc483132-0cff-0310-8789-dd5450dbe970
* Implement gss_set_neg_mechsGreg Hudson2010-02-109-81/+301
| | | | | | | | | | | | | | | | | Implement gss_set_neg_mechs in SPNEGO by intersecting the provided mech set with the mechanisms available in the union credential. As we now need space to hold the mech set, the SPNEGO credential is now a structure and not just a mechglue credential. t_spnego.c is a test program which exercises the new logic. Like the other GSSAPI tests, it is not run as part of "make check" at this time. ticket: 6658 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23715 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_fast_free_state segfaults if state is nullSam Hartman2010-02-091-0/+2
| | | | | | | | | | | | | krb5int_fast_free_state fails if state is null. INstead it should simply return Reorganization of the get_init_creds logic has created situations where the init_creds loop can fail between the time when the context is initialized and the fast state is initialized. ticket: 6657 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23713 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Arlene Berry to handle the case where a mechanismTom Yu2010-02-051-2/+10
| | | | | | | | | | | implements set_cred_option but does not implement the requested option. ticket: 6601 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23698 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Arlene Berry to avoid segfault if a mechTom Yu2010-02-051-0/+5
| | | | | | | | | | gss_inquire_context returns GSS_C_NO_NAME for the target name. ticket: 6600 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23696 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Arlene Berry to return a comparable static OID objectTom Yu2010-02-051-0/+3
| | | | | | | | | | | instead of the application-passed (probably dynamically allocated) OID, to avoid use-after-free problems. ticket: 6598 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23695 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up error handling in krb5int_make_tgs_request_ext, closing someGreg Hudson2010-02-021-60/+41
| | | | | | unlikely memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23682 dc483132-0cff-0310-8789-dd5450dbe970
* set_default_enctype_var should filter not reject weak enctypesTom Yu2010-02-012-32/+105
| | | | | | | | | | | | | | | | | | With allow_weak_crypto=false, set_default_enctype_var() (helper function for krb5_set_default_tgs_enctypes(), etc.) was rejecting any application-provided enctype list that contained any weak enctype even when valid strong enctypes were present. This broke some Samba things. Filter the weak enctypes instead. Add test cases. Reported to Debian by Holger Isenberg. (Debian bug #566977) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977 Thanks to Simo Sorce for testing. ticket: 6653 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23681 dc483132-0cff-0310-8789-dd5450dbe970
* Make decryption of master key list more robustGreg Hudson2010-01-291-37/+13
| | | | | | | | | | | | | | | | | krb5_def_fetch_mkey_list was incorrectly filtering mkey_aux entries when searching the list for an entry which can be decrypted with the stashed master key. This bug was masked in most cases by the mkvno heuristic. Remove the mkvno heuristic, since performance is not an issue for this rarely-performed operation, and remove the incorrect enctype comparison in the brute-force search. ticket: 6652 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23677 dc483132-0cff-0310-8789-dd5450dbe970
* Handle migration from pre-1.7 databases with master key kvno != 1Greg Hudson2010-01-283-3/+37
| | | | | | | | | | | | | | | | | | | | krb5_dbe_lookup_mkvno assumes an mkvno of 1 for entries with no explicit tl_data. We've seen at least one pre-1.7 KDB with a master kvno of 0, violating this assumption. Fix this as follows: * krb5_dbe_lookup_mkvno outputs 0 instead of 1 if no tl_data exists. * A new function krb5_dbe_get_mkvno translates this 0 value to the minimum version number in the mkey_list. (krb5_dbe_lookup_mkvno cannot do this as it doesn't take the mkey_list as a parameter.) * Call sites to krb5_dbe_lookup_mkvno are converted to krb5_dbe_get_mkvno, except for an LDAP case where it is acceptable to store 0 if the mkvno is unknown. ticket: 6650 target_version: 1.7.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23676 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of kdb_ext.h and allow out-of-tree KDB pluginsGreg Hudson2010-01-275-41/+86
| | | | | | | | | | | | | Move the contents of kdb_ext.h into kdb.h, since there is no meaningful "extensions" category of DB interfaces now that this stuff is in our tree. Allows out-of-tree KDB plugins to be built since we install kdb.h. ticket: 6649 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23674 dc483132-0cff-0310-8789-dd5450dbe970
* define MIN() in lib/gssapi/krb5/prf.cTom Yu2010-01-261-0/+4
| | | | | | | | | | | | Apply patch from Doug Engert to define MIN(), which was causing prf.c to fail compilation on Solaris. (The definition was probably leaking from sys/param.h, included indirectly somehow.) ticket: 6648 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23673 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Arlene Berry to plug a memory leakTom Yu2010-01-261-1/+3
| | | | | | | | ticket: 6599 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23672 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_allow_weak_crypto APIGreg Hudson2010-01-193-0/+40
| | | | | | | | | | | | Add an API to allow apps to override the profile setting of allow_weak_crypto, so that aklog can work with krb5 1.8 out of the box until OpenAFS finishes migrating away from DES. ticket: 6645 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23663 dc483132-0cff-0310-8789-dd5450dbe970
* Change basename of libkadm5 libraries to avoid Heimdal conflictGreg Hudson2010-01-194-2/+12
| | | | | | ticket: 6644 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23662 dc483132-0cff-0310-8789-dd5450dbe970
* Make history key exempt from permitted_enctypesGreg Hudson2010-01-141-7/+7
| | | | | | | | | | | | In kdb_init_hist, just use the first key entry in the kadmin/history entry. This makes the history key work even if the enctype is disallowed by allow_weak_crypto=false or other configuration. ticket: 6640 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23657 dc483132-0cff-0310-8789-dd5450dbe970
* Add test program for decryption of overly short buffersGreg Hudson2010-01-122-2/+135
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23652 dc483132-0cff-0310-8789-dd5450dbe970
* Use keyed checksum type for DES FASTGreg Hudson2010-01-121-0/+3
| | | | | | | | | | | | DES enctypes have unkeyed mandatory-to-implement checksums. Since FAST requires a keyed checksum, we must pick something else in that case. ticket: 6633 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23629 dc483132-0cff-0310-8789-dd5450dbe970
* Group together the funtions related to the supplying options to preauth ↵Zhanna Tsitkov2010-01-114-125/+159
| | | | | | | | plugin modules. Also, removed krb5int_ prefix from the names of some static functions in gic_opt.c.s git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23625 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5_authdata_export_authdata into the separate file for better code ↵Zhanna Tsitkov2010-01-103-65/+99
| | | | | | modularity git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23623 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_pbkdf2_hmac_sha1 fails to set enctype on keyblockEzra Peisach2010-01-091-0/+1
| | | | | | | | | | | krb5int_pbkdf2_hmac_sha1 fails to set enctype on a termporary keyblock - resulting in valgrind picking up on a conditional branch w/ unset value. Initialize value. ticket: 6630 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23622 dc483132-0cff-0310-8789-dd5450dbe970
* Fix t_locate_kdc.c test program after r23613 when krb5_ prefix was removed ↵Zhanna Tsitkov2010-01-081-1/+1
| | | | | | from the names of the static functions in locate_kdc.c git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23614 dc483132-0cff-0310-8789-dd5450dbe970
* Move kdc related functionality from pac.c into pac_sign.cZhanna Tsitkov2010-01-085-307/+363
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23613 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_dk_string_to_key fails to set enctypeEzra Peisach2010-01-081-0/+1
| | | | | | | | | | Failure to set the enctype before invoking krb5_k_create_key results in potential memory leak. ticket: 6628 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23612 dc483132-0cff-0310-8789-dd5450dbe970
* Set enctype in crypto_tests to prevent memory leaksEzra Peisach2010-01-082-17/+13
| | | | | | | | | | The key caching is causing memory leaks if enctype is not set as the enctype specific cleanup handlers are not called. ticket: 6627 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23611 dc483132-0cff-0310-8789-dd5450dbe970
* Restore interoperability with 1.6 addprinc -randkeyGreg Hudson2010-01-081-0/+28
| | | | | | | | | | | | | The arcfour string-to-key operation in krb5 1.7 (or later) disagrees with the dummy password used by the addprinc -randkey operation in krb5 1.6's kadmin client, because it's not valid UTF-8. Recognize the 1.6 dummy password and use a random password instead. ticket: 6626 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23610 dc483132-0cff-0310-8789-dd5450dbe970
* yarrow code does not initialize keyblock enctype and uses unitialized valueEzra Peisach2010-01-082-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | The yarrow code uses a keyblock that is partially initialized. This results in krb5_k_free_key trying to look up the enctype to call the free handler. One of the valgrind reports: (there are several paths) ==26701== Conditional jump or move depends on uninitialised value(s) ==26701== at 0x40E9AF0: find_enctype (etypes.h:81) ==26701== by 0x40E9C9E: krb5_k_free_key (key.c:91) ==26701== by 0x40D641A: krb5int_yarrow_cipher_init (ycipher.c:49) ==26701== by 0x40D593A: yarrow_gate_locked (yarrow.c:578) ==26701== by 0x40D5349: krb5int_yarrow_output_Block (yarrow.c:423) ==26701== by 0x40D581B: yarrow_output_locked (yarrow.c:553) ==26701== by 0x40D5667: krb5int_yarrow_output (yarrow.c:513) ==26701== by 0x40EBD2D: krb5_c_random_make_octets (prng.c:112) ==26701== by 0x40D4119: krb5int_old_encrypt (old_aead.c:97) ==26701== by 0x40E9696: krb5_k_encrypt_iov (encrypt_iov.c:42) ==26701== by 0x8049554: main (t_encrypt.c:206) ==26701== ticket: 6625 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23609 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_derive_key results in cache with uninitialized valuesEzra Peisach2010-01-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | krb5int_derive_key creates a temporary keyblock to add to the derived cache. krb5_k_free_key will iterate over the derived keys and for ones with cache will lookup the enctype for the key_cleanup handler. Unfortunatly, there isn't a keyblock init function that does not allocate the keyblock - as I suspect this problem will appear in other places. The valgrind log of this problem is: ==7281== Conditional jump or move depends on uninitialised value(s) ==7281== at 0x40E9AE8: find_enctype (etypes.h:81) ==7281== by 0x40E9C96: krb5_k_free_key (key.c:91) ==7281== by 0x40E9C52: krb5_k_free_key (key.c:86) ==7281== by 0x40EBB00: krb5_c_prf (prf.c:87) ==7281== by 0x40E7B1B: prf_plus (cf2.c:77) ==7281== by 0x40E7CE6: krb5_c_fx_cf2_simple (cf2.c:125) ==7281== by 0x804899C: main (t_cf2.c:70) ==7281== with memory leaks. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23608 dc483132-0cff-0310-8789-dd5450dbe970
* When retrieving the kadmin/history key, accept any enctype, as theGreg Hudson2010-01-071-2/+2
| | | | | | | | | | current master key enctype may not match the one the KDB was created with. ticket: 6546 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23607 dc483132-0cff-0310-8789-dd5450dbe970
* Move krb5_auth_con_getauthenticator into copy_athctr.c as a better logical ↵Zhanna Tsitkov2010-01-072-9/+41
| | | | | | location git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23606 dc483132-0cff-0310-8789-dd5450dbe970
* Make preauth_module_dir override, rather than supplement, theGreg Hudson2010-01-071-33/+10
| | | | | | | built-in path list, to avoid problems with running the same preauth module twice. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23602 dc483132-0cff-0310-8789-dd5450dbe970
* Add miising files from rev #23593Zhanna Tsitkov2010-01-072-0/+405
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23600 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_dbe_def_search_enctype more consistent about when it returnsGreg Hudson2010-01-061-27/+23
| | | | | | | KRB5_KDB_NO_PERMITTED_KEY. Now it will return that error if it sees any non-permitted enctypes which match the search criteria. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23599 dc483132-0cff-0310-8789-dd5450dbe970
* Don't return KRB5_KDB_NO_PERMITTED_KEY fromGreg Hudson2010-01-061-1/+2
| | | | | | | | | | | krb5_dbe_def_search_enctype if we previously returned results (i.e. if *start > 0). ticket: 6622 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23597 dc483132-0cff-0310-8789-dd5450dbe970
* Divide copy_auth.c into three files based on the functionality. Namely, Zhanna Tsitkov2010-01-065-321/+45
| | | | | | | | 1. copy/merge authdata 2. KDC related encode authdata 3. decode authdata git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23593 dc483132-0cff-0310-8789-dd5450dbe970
* Since krb5int_validate_times is used only inside krb dir do not export it ↵Zhanna Tsitkov2010-01-063-1/+4
| | | | | | and move its prototype into int-proto.h git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23592 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_validate_times into krb5int_validate_times as it is internal ↵Zhanna Tsitkov2010-01-054-5/+5
| | | | | | function git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23591 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5int_tgtname into krb5_tgtname as an internal functionZhanna Tsitkov2010-01-057-16/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23590 dc483132-0cff-0310-8789-dd5450dbe970
* disable weak crypto by defaultTom Yu2010-01-052-1/+4
| | | | | | | | | Set allow_weak_crypto=false by default. Set default master key enctype to sha256. Adjust test suite to compensate. ticket: 6621 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23586 dc483132-0cff-0310-8789-dd5450dbe970
* Don't accept AS replies encrypted in enctypes other than the ones weGreg Hudson2010-01-041-0/+18
| | | | | | asked for. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23577 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-29 19:58:01 +0000