| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
The new library libkrad provides code for the parsing of RADIUS packets
as well as client implementation based around libverto. This library
should be considered unstable.
ticket: 7678 (new)
|
| |
|
|
|
| |
The previous few commits introduced a couple of bugs where variables
could be used without being initialized. Fix them.
|
| |
|
|
|
|
|
| |
Register built-in localauth modules in the order we want them used by
default, and document accordingly.
ticket: 7665
|
| |
|
|
|
|
|
|
| |
Rewrite the plugin internals so that modules have a well-defined
order--either the order of enable_only tags, or dynamic modules
followed by the built-in modules in order of registration.
ticket: 7665 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the k5_sendto code for reading from a TCP socket, detect
end-of-stream when reading the length. Otherwise we can get stuck in
an infinite loop of poll() and read().
[ghudson@mit.edu: commit message]
ticket: 7508
target_version: 1.11.4
tags: pullup
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Calculate request timestamps each time we encode a request, and use
the adjusted current time when calculating them, including adjustments
resulting from preauth-required errors early in the AS exchange.
As a side effect, this reverts one of the changes in commit
37b0e55e21926c7875b7176e24e13005920915a6 (#7063); we will once again
use the time adjustment from any ccache we read before the AS
exchange, if we don't have a more specific adjustment from a
preauth-required error.
Based on a patch from Stef Walter.
ticket: 7657 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Create helper functions to set the request nonce and to set the
request timestamp. Don't bother picking a nonce in
restart_init_creds_loop since we will just pick a new one in
init_creds_step_request. Create a library-internal function to get
the current time with possible adjustment from a preauth-required
error. Only set ctx->request_time in one place (just before encoding
each request). Remove unused parameters from stash_as_reply.
Partially based on a patch from Stef Walter.
|
| |
|
|
|
|
|
|
|
|
| |
Commit 37b0e55e21926c7875b7176e24e13005920915a6 (#7063) prevented
clock skew caused by preauth delay by recording the time of the
initial request. However, it failed to take into account delay
between requests due to prompting during preauthentication. Fix this
by recording the request time for each request.
ticket: 7656 (new)
|
| |
|
|
|
|
|
|
|
|
|
| |
If we make multiple requests in an initial creds exchange, the
krb5_sendto_kdc call in k5_init_creds_get may flip the use_master
value from 0 to 1 if it detects that the response was from a master
KDC. Don't turn this into a requirement for future requests during
the same exchange, or we may have trouble following AS referrals.
Reported by Sumit Bose.
ticket: 7650
|
| |
|
|
|
|
|
| |
Commit 4b0985f8573840838bcfa8ec1df3dcd39a3dbf15 went a bit too far in
pruning the placeholder makefiles for the openssl and nss crypto
modules. We need enough boilerplate to create OBJS.SH in each
directory.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the gak_data value used by krb5_get_as_key_password, separate the
already-known password from the storage we might have allocated to put
it in, so that we no longer use an empty data buffer to determine
whether we know the password. This allows empty passwords to work via
the API.
Remove the kadm5 test which explicitly uses an empty password.
Based on a patch from Stef Walter.
ticket: 7642
|
| |
|
|
|
|
|
| |
If yasm and cpuid.h are present on a Linux i686 or x64 system, compile
the modified Intel AES-NI assembly sources. In the builtin AES enc
provider, check at runtime whether the CPU supports AES-NI
instructions and use the assembly functions if so.
|
| |
|
|
|
| |
Remove functions we don't need. Add macros to redefine functions with
an appropriate namespace prefix.
|
| |
|
|
|
|
| |
Add assembly files from the Intel AESNI Sample Library, version 1.2,
which implement AES encryption using AES-NI instructions. Trailing
whitespace was removed.
|
| |
|
|
|
|
|
| |
In preparation for AES-NI support, adjust the block encryption helpers
in the AES enc provider so that the cache is only touched by helpers,
and reframe the CTS operations in terms of CBC operations. Change the
Camellia enc provider as well for consistency.
|
| |
|
|
|
|
|
|
| |
Expand the concept of an IOV block state into a cursor which remembers
the IOV set being iterated over, the block size, and both input and
output positions. Eliminate the no-copy inline block getter for now,
but provide helpers to grab contiguous chains of blocks from a cursor.
Also provide an inline helper to sum the total length of an iov chain.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Acceptor Names project (#6855) extended krb5_rd_req so that it can
accept a "matching principal" in the server parameter. If the
matching principal has an empty realm, rd_req_decoded_opt attempted to
do transited checking with an empty server realm.
To fix this, always reset server to req->ticket->server for future
processing steps if we decrypt the ticket using a keytab.
decrypt_ticket replaces req->ticket->server with the principal name
from the keytab entry, so we know this name is correct.
Based on a bug report and patch from nalin@redhat.com.
ticket: 7639
target_version: 1.11.3
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
Create macros to declare a DNS search handle, initialize a handle,
perform a search, and destroy a handle. On OS X, use the native
dns_open, dns_search, and dns_free functions, since using the res_*
interfaces may not contact the correct servers. On systems with
res_ninit, use res_nclose if we don't have res_ndestroy.
Based on a patch by Nate Rosenblum.
|
| |
|
|
|
|
|
|
|
| |
Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make
sure to use DEFINES for local defines (not DEFS). Remove some other
unnecessary makefile content.
|
| |
|
|
|
| |
Catch a few stragglers that missed the memo that k5_mutex_lock
cannot fail, and sprinkle some cc-int.h as needed.
|
| |
|
|
|
| |
Adjust a stray k5_mutex_lock invocation in the NSS crypto back end
after 6350fd0c909d84c00200885e722cc902049ada05.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Locking and unlocking a non-recursive mutex is a simple memory
operation and should not fail on any reasonable platform with correct
usage. A pthread mutex can return EDEADLK on lock or EPERM on unlock,
or EINVAL if the mutex is uninitialized, but all of these conditions
would reflect serious bugs in the calling code.
Change the k5_mutex_lock and k5_mutex_unlock wrappers to return void
and adjust all call sites. Propagate this change through
k5_cc_mutex_lock and k5_cc_mutex_unlock as well.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When building for IOS targets with clang, the stdbool.h header is
included by default. This header includes the following C99
definition:
#define bool _Bool
which wrecks havoc with the DEFBOOLTYPE macro.
ticket: 7525
|
| |
|
|
|
|
|
|
|
|
|
| |
Symbols from the NTT Camellia sources, used in the builtin crypto
provider, could conflict with symbols from other libraries such as
OpenSSL's libcrypto. Rename those like we rename the Gladman AES
symbols.
ticket: 7626
target_version: 1.11.3
tags: pullup
|
| |
|
|
| |
ticket: 7634
|
| |
|
|
|
| |
The mechglue definitions of gssint_get_der_length and friends use
unsigned int for the buffer length, not OM_uint32.
|
| |
|
|
| |
ticket: 7628
|
| |
|
|
|
|
|
|
| |
On many Linux systems, due to what is arguably a bug in rpcbind, the
portmapper doesn't allow service registration from non-root processes.
This causes the RPC tests to be frequently skipped. Modify the tests
so that they don't need the portmapper, by grabbing the port number
from the server process and passing it to the client.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The "expired" test in expire.exp tries to authenticate to the server
process with an expired TGT (obtained using kinit -l -1m). Using an
expired TGT to get an expired service cred no longer works after
#6948. We could use kinit -S to get an expired service cred, but
krb5_get_credentials won't return expired service cred from the cache
(even before #6948). We could use time offsets to simulate clock skew
between the client and server process, but that would be difficult
because the test programs don't have access to the krb5_context
objects used by the client or server process. Since we don't have a
simple workaround, disable the test.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We want to generate a KRB5_AP_ERR_TKT_EXPIRED code when the TGT is
expired, like we would if we tried the TGT against the KCD. To make
this work, separate the helpers for getting local and crossrealm
cached TGTs. For a crossrealm TGT, match against the endtime, as
there could be multiple entries. For a local TGT, find any match, but
check if it's expired. The cache_code field is no longer needed after
this change, so get rid of it.
ticket: 6948
|
| |
|
|
| |
ticket: 6948
|
| |
|
|
|
|
|
|
| |
If the context's default ccache name is a subsidiary file of a
directory collection, include that single cache in the cursor walk
over the DIR type.
ticket: 7172
|
| | |
|
| |
|
|
|
| |
It's a lot of code, and trace logging should cover most of the cases
where it's useful.
|
| |
|
|
|
|
|
|
|
|
|
| |
Wait ten seconds for a TCP connection to succeed or fail before moving
on. During this wait time, other TCP connections will be serviced if
we already initiated them, but no new TCP connections will be created
and no UDP packets will be retransmitted.
[ghudson@mit.edu: minor adjustments; commit message]
ticket: 7604 (new)
|
| |
|
|
|
|
|
|
|
|
| |
Replace the end_time field of struct select_state with an endtime
argument to cm_select_or_poll, expressed in milliseconds since the
epoch. Add a helper function to get the current time in that format.
Use a millisecond interval argument to service_fds for consistency.
[ghudson@mit.edu: fix overflow issue in get_curtime_ms; service_fds
interval argument change; log message]
|
| |
|
|
|
|
|
|
|
|
|
| |
Since net-server.c now uses libverto, only sendto_kdc.c consumes cm.c.
Move stuff out of cm.c and cm.h into sendto_kdc.c and get rid of them.
Change the sendto_kdc callback (used by chpw.c) to receive the socket
descriptor instead of the entire conn_state structure, and move the
declarations into os-proto.h. struct remote_address also needs to be
in os-proto.h so that trace.c and t_trace.c can use it. k5_curtime
isn't needed since k5-platform.h now guarantees the presence of
gettimeofday().
|
| |
|
|
|
|
|
| |
In struct conn_state, collect together the fields for the remote
address and put them in a substructure. Pass this substructure to
trace logging macros instead of the entire conn_state structure, so
that trace.c doesn't have to know about the whole structure.
|
| |
|
|
| |
Avoid or notice truncations, rather than letting them happen silently.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since krb5 1.3, krb5_get_host_realm (and therefore
krb5_sname_to_principal) has refused hostnames which appear to be
numeric addresses--with the exception of 1.6, which was ignoring
errors from clean_hostname. In specialized environments, it may be
desirable to use IP addresses in service principal names, and there's
no compelling reason for us to get in the way of that.
Move the numeric address check out of k5_clean_hostname into a new
helper function, and simply skip the domain-based mechanisms if it
returns true. Factor out the [domain_realm] search into a second new
helper function to make it easier to skip.
ticket: 7603 (new)
|
| |
|
|
|
| |
Bring this file up to date with current coding style. No functional
changes, except some trace logs were removed.
|
| |
|
|
|
|
|
|
| |
After k5memdup0 was slightly modified in
31124ffb81e8c0935403a9fdc169dead5ecaa777, some older versions of gcc
complain about outpos being possibly used before it is initialized.
This can't actually happen, but we can silence the error and also
simplify how outpos is initialized.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By a strict reading of the C standard, memcpy and memcmp have
undefined behavior if their pointer arguments aren't valid object
pointers, even if the length argument is 0. Compilers are becoming
more aggressive about breaking code with undefined behavior, so we
should try to avoid it when possible.
In a krb5_data object, we frequently use NULL as the data value when
the length is 0. Accordingly, we should avoid copying from or
comparing the data field of a length-0 krb5_data object. Add checks
to our wrapper functions (like data_eq and k5_memdup) and to code
which works with possibly-empty krb5_data objects. In a few places,
use wrapper functions to simplify the code rather than adding checks.
|
| |
|
|
|
| |
For conciseness, directly use fields of krb5_principal objects instead
of using the accessor macros.
|
| |
|
|
|
|
|
| |
Add an API to duplicate keytab handles, mirroring krb5_cc_dup. Use it
to simplify the krb5 GSS acquire_cred code.
ticket: 7599 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new credential store extensions added support for specifying a
specific ccache name and also a specific keytab to be used for accepting
security contexts, but did not add a way to specify a client keytab
to be used in conjunction with the Keytab initiation support added also
in 1.11
This patch introduces a new URN named client_keytab through which a
specific client_keytab can be set when calling gss_acquire_cred_from()
and Keytab Initiation will use that keytab to initialize credentials.
[ghudson@mit.edu: minor C style fix]
ticket: 7598 (new)
|
| | |
|
| |
|
|
|
|
| |
Use empty_data(), alloc_data(), and make_data() in some appropriate
places. This has the side effect of initializing the krb5_data magic
field, which can placate debugging tools.
|
| |
|
|
|
|
| |
In krb5int_dk_cmac_encrypt, cksum wasn't used. In
krb5int_dk_cmac_decrypt, cksum needs to be initialized since we clean
it up.
|
