| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| |
|
|
|
| |
If we fail to allocate setptr, don't close ret, since we've already
done so.
|
| |
|
|
|
| |
If we fail to get the client principal when constructing the
stack-allocated creds structure, don't double-free creds.server.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code was correctly selecting the mechanism to execute, but it was
improperly setting the mechanism type of the internal context when the
selected mechanism was that of an interposer and vice versa.
When an interposer is involved the internal context is that of the
interposer, so the mechanism type of the context needs to be the
interposer oid. Conversely, when an interposer re-enters gssapi and
presents a token with a special oid, the mechanism called is the real
mechanism, and the context returned is a real mechanism context. In
this case the mechanism type of the context needs to be that of the
real mechanism.
ticket: 7592
target_version: 1.11.2
tags: pullup
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Move internal declarations from k5-int.h to more localized headers
(like int-proto.h) where appropriate. Rename many symbols whose
prototypes were moved to use the k5_ prefix instead of krb5int_.
Remove some unused declarations or move them to the single source file
they were needed in. Remove krb5_creds_compare since it isn't used
any more.
|
| |
|
|
|
| |
These functions were always internal. They haven't been used since
v5passwdd was eliminated in krb5 1.4.
|
| |
|
|
|
| |
These variables were marked as internal in 1996. Two are unused and
the other is easily replaced with the macro it is initialized from.
|
| | |
|
| |
|
|
|
|
| |
The caller of kg_unseal_v1 passes a gss_qop_t * for the qop_state
parameter, so make it use that type instead of an int *. Noted by
David Benjamin <davidben@mit.edu>.
|
| |
|
|
|
|
|
|
| |
Found by clang's warnings.
ticket: 7591 (new)
target_version: 1.11.2
tags: pullup
|
| |
|
|
| |
Caught by ASan.
|
| |
|
|
|
|
| |
If krb5_init_context fails, use a null context for getting the error
message, not a context we haven't yet initialized. Observed by David
Benjamin <davidben@mit.edu> using clang.
|
| |
|
|
|
| |
This unnecessary include was causing build failures on some systems by
making libkrb5 sources depend on gssapi.h.
|
| |
|
|
|
|
|
|
| |
Add a new pluggable interface for local authorization, and replace the
existing krb5_aname_to_localname and krb5_kuserok implementations with
implementations based on the pluggable interface.
ticket: 7583 (new)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
lookup_etypes_for_keytab was not freeing the keytab entries it
iterated over. Reported by nalin@redhat.com.
ticket: 7586
target_version: 1.11.2
tags: pullup
|
| |
|
|
|
|
|
| |
Rename krb5_free_ktypes to krb5_free_enctypes and add it to the public
API.
ticket: 7584
|
| |
|
|
| |
ticket: 7585
|
| |
|
|
|
|
|
|
|
|
| |
If dcc_ptcursor_next reached the end of a directory, it called free()
on the directory handle instead of closedir(), causing the directory
fd to be leaked. Call closedir() instead.
ticket: 7573
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
| |
A ccache type's close function is supposed to free the cache container
as well as the type-specific data. dcc_close was not doing so,
causing a small memory leak each time a ccache is created or
destroyed.
ticket: 7574 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Prior to 1.11, it was possible to do SAM-2 preauth exchanges with
multiple hops by sending repeated preauth-required errors with
different challenges (which is not the way multi-hop exchanges are
described in RFC 6113, but it can still work). This stopped working
when SAM-2 was converted to a built-in module. Make it work again.
ticket: 7571 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Result code 0 used to be converted properly by krb5_set_password,
though not krb5_change_password; this changed in 1.10 when
krb5int_setpw_result_code_string was folded into
krb5_chpw_result_code_string. Restore the old behavior, and make it
apply to krb5_change_password as well, by making
krb5_chpw_result_code_string convert result code 0.
[ghudson@mit.edu: commit message]
ticket: 7569 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
| |
Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity. Reformat some k5buf implementation code to match current
practices.
|
| |
|
|
|
|
| |
Add a template-based array constructor for convenient marshalling of
structured values as JSON array values. Use it to simplify
export_cred.c.
|
| |
|
|
|
|
|
|
|
| |
Return error codes (0, ENOMEM, or EINVAL) from JSON support functions
instead of returning results directly. This makes error handling
simpler for functions which assemble JSON objects and then return a
krb5_error_code values. Adjust all callers. Use shims in
export_cred.c to minimize changes there; it will be redesigned
internally in a subsequent commit.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
gss_const_ctx_id_t, gss_const_cred_id_t, and gss_const_name_t are
supposed to be const pointers to the appropriate structures, not the
structures themselves. These are not used by any prototypes yet, and
no application would have any reason to use them as they are, so it
should be safe to change them within the public header.
ticket: 7567 (new)
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
| |
Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.
|
| |
|
|
|
|
|
| |
Move krb5int_make_tgs_request from gc_via_tkt.c into send_tgs.c,
combine it with krb5int_make_tgs_request_ext (which nothing else
called), and rename the combined function to k5_make_tgs_req. Also
use a typedef for the pacb callback.
|
| |
|
|
|
| |
Bring send_tgs.c up to date with current coding practices. No
functional changes.
|
| |
|
|
|
| |
Use a proper cipher state in the auth context structure, and free it
when the auth context is freed. Simplify mk_priv/rd_priv accordingly.
|
| |
|
|
| |
ticket: 7565 (new)
|
| |
|
|
|
|
|
|
|
|
| |
In krb5_auth_con_initivector and mk_priv/rd_priv, stop assuming that
the enctype's block size is the size of the cipher state. Instead,
make and discard a cipher state to get the size.
ticket: 7561
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7553
target_version: 1.11.1
tags: pullup
|
| |
|
|
|
|
| |
Check the ulog pointer, which is a little more direct, rather than the
ulogfd field. (ulogfd is currently initialized to 0 prior to
ulog_map; we could fix that instead, but this feels simpler.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The db2 DB is not power-fail safe. There's no point trying to
replay an incompletely committed entry from the ulog at kadmind
startup time. For that matter, even if the db2 DB was power-fail
safe there'd be no point replaying an uncommitted entry from the
ulog as the libkadm5srv app (nor any client of it, as in the case of
kadmind) will not have received any notice of success -- it'd be
wrong to complete that operation later when the user thought it'd
failed.
[ghudson@mit.edu: merge with master, adjust comment]
ticket: 7552 (new)
|
| |
|
|
|
|
|
|
| |
Since iprop cannot carry policy changes, force a full resync to happen
each time a policy change occurs. Based on a patch from
Richard Basch <basch@alum.mit.edu>.
ticket: 7522
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the master iprop log is reinitialized to serial number 0, slaves
will need to take a full dump--but after that happens, we need to know
whether the slave has taken that full dump, we we don't offering full
dumps indefinitely.
So, record a timestamp in kdb_last_time when we reinitialize the log
header, and compare the slave timestamp to kdb_last_time whenever it
has the current serial number, even if it's 0. Test this by
performing a propagation with sno 0 in t_iprop.py and detecting
whether kpropd gets a second UPDATE_FULL_RESYNC_NEEDED response from
kadmind.
ticket: 7550 (new)
|
| |
|
|
|
| |
ulog_get_entries had an unreachable branch which was removed during
de-indentation.
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a helper predicate to determine whether to log operations. In the
predicate, check if the ulog is actually mapped. Use a single cleanup
label in krb5_db_put_principal. Use a cleanup label in
krb5_db_delete_principal instead of releasing resources individually
at each exit point. Avoid locking and unlocking the ulog if we're not
logging (although it would be a no-op).
Based on a patch from Nico Williams <nico@cryptonector.com>.
|
| |
|
|
|
|
|
| |
Read realm parameters directly from the profile in the KDC's
init_realm(), getting rid of the intermediate krb5_realm_params
structure. Then get rid of krb5_realm_params and
krb5_read_realm_params, since nothing else uses it.
|
| |
|
|
|
|
|
| |
krb5_realm_params is only consumed by the KDC (everything else uses
kadm5_config_params), so only needs to contain fields used by the KDC.
Get rid of everything else. Also get rid of realm_profile, which is
read in by KDC code but never used (and was never set anyway).
|
| |
|
|
|
|
| |
Get rid of K&R-style function headers, format code and comments
consistently according to current conventions, rename some variables
using idiomatic names, and de-indent some nested control blocks.
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove some unnecessary optimizations to reduce code complexity. Get
rid of krb5_match_config_pattern in favor of a simpler helper function
in do_tgs_req_c. Get rid of KRB5_CONF_ASTERISK and just use "*"
instead. Use a helper function to combine [kdcdefaults] and realm
subsection values of variables, and don't bother adding leading and
trailing spaces. Consistently use the names "hostbased" and
"no_referral" to refer to variable values (with a "realm_" prefix for
structures which currently use it).
|
| |
|
|
|
|
|
|
|
|
|
| |
profile_get_values() cannot return success with an empty list of
values, so don't bother counting them. Return 0 from
locate_srv_conf_1 if no profile values exist and from
dns_locate_server if we decide not to make a SRV query. Adjust
k5_locate_server to match the new helper behavior, and return
KRB5_REALM_UNKNOWN if neither profile nor DNS come up with any answers
(not KRB5_REALM_CANT_RESOLVE, which doesn't make sense now that we're
deferring KDC hostname resolution).
|
| |
|
|
|
| |
Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.
|
| |
|
|
|
|
|
|
|
| |
kadm5_create_policy and kadm5_modify_policy had _internal variants in
libkadm5srv (but not libkadm5clnt) which only existed to protect the
policy_refcnt field from modification over the wire. Now that
policy_refcnt is no longer used, we don't need the separation.
Bump the library soname since this is technically an ABI change.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.
In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.
ticket: 7385
|
| |
|
|
|
| |
KRB5_CONF_ prefix should be used for the krb5/kdc.conf parameters.
Use KRB5_CC_CONF_ prefix for cache configuration variables.
|
