summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Null pointer deref in kadmind [CVE-2012-1013]Richard Basch2012-05-291-1/+1
| | | | | | | | | | | | | | | | The fix for #6626 could cause kadmind to dereference a null pointer if a create-principal request contains no password but does contain the KRB5_KDB_DISALLOW_ALL_TIX flag (e.g. "addprinc -randkey -allow_tix name"). Only clients authorized to create principals can trigger the bug. Fix the bug by testing for a null password in check_1_6_dummy. CVSSv2 vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:H/RL:O/RC:C [ghudson@mit.edu: Minor style change and commit message] ticket: 7152 target_version: 1.10.2 tags: pullup
* Fix S4U user identification in preauth caseGreg Hudson2012-05-241-4/+2
| | | | | | | | | | | | | | | | | | | | | | | In 1.10, encrypted timestamp became a built-in module instead of a hardcoded padata handler. This changed the behavior of krb5_get_init_creds as invoked by s4u_identify_user such that KRB5_PREAUTH_FAILED is returned instead of the gak function's error. (Module failures are not treated as hard errors, while hardcoded padata handler errors are.) Accordingly, we should look for KRB5_PREAUTH_FAILED in s4u_identify_user. On a less harmful note, the gak function was returning a protocol error code instead of a com_err code, and the caller was testing for a different protocol error code (KDC_ERR_PREAUTH_REQUIRED) which could never be returned by krb5_get_init_creds. Clean up both of those by returning KRB5_PREAUTH_FAILED from the gak function and testing for that alone. Reported by Michael Morony. ticket: 7136 target_version: 1.10.2 tags: pullup
* Convert DEBUG_REFERRALS to TRACE_* frameworkW. Trevor King2012-05-235-68/+21
| | | | | | | | | The referrals debugging code under DEBUG_REFERRALS ceased building correctly at some point. Convert this debugging code to use the tracing framework instead, including adding new trace macros to k5-trace.h. ticket: 7151
* Add tests for trace.c formattingW. Trevor King2012-05-232-2/+259
| | | | | | This improves the previously minimal test coverage of "trace.c". ticket: 7151
* Add support for "{ptype}" trace format specifierW. Trevor King2012-05-231-0/+24
| | | | | | | Add the "{ptype}" trace format specifier, for principal name types. Also document the new option in the "k5-trace.h" comments. ticket: 7151
* Export gss_mech_krb5_wrong from libgssapi_krb5Greg Hudson2012-05-221-0/+1
| | | | | | | | | | Although there are few legitimate reasons to use gss_mech_krb5_wrong, it's declared in the public header and exported in the Windows DLL. So export it from the Unix library as well. ticket: 7148 (new) target_version: 1.10.2 tags: pullup
* Export krb5_set_trace_callback/filenameGreg Hudson2012-05-212-1/+6
| | | | | | | | | | krb5_set_trace_callback and krb5_set_trace_filename were added to krb5.h in krb5 1.9, but were mistakenly left out of the library export lists. Add them now. Reported by Russ Allbery. ticket: 7143 target_version: 1.10.2 tags: pullup
* Fix "(empty" typo in "{etypes}" handler in trace.cW. Trevor King2012-05-181-1/+1
| | | | ticket: 7137
* Fix "(null" typo in "{key}" handler in trace.cW. Trevor King2012-05-181-1/+1
| | | | ticket: 7134
* Correct the name of krb5int_trace in commentsTom Yu2012-05-171-4/+4
| | | | | | Patch from W. Trevor King. ticket: 7133
* Add missing $(LIBS) to some shared librariesTom Yu2012-05-173-3/+3
| | | | | | | | | | Add $(LIBS) to the $(SHLIB_EXPLIBS) for some shared libraries which did not previously include it, which prevented gcov from working properly in some cases. Patch from W. Trevor King. ticket: 7138
* Add missing newline to sn2princ debug messageGreg Hudson2012-05-141-1/+2
| | | | | | Patch from wking@tremily.us. ticket: 7131
* Check alloc_data result in krb5int_old_encryptGreg Hudson2012-05-131-0/+2
|
* Avoid extern inline in asn1buf.hGreg Hudson2012-05-131-2/+4
| | | | | | | | Avoid using extern inline in asn1buf.h, as there are two conflicting sets of semantics (gnu89's and C99's). gcc defaults to the gnu89 semantics, which we were using, while clang defines __GNUC__ but defaults to the C99 semantics. To simplify things, use static inline instead, like we do in k5-int.h.
* Don't stomp minor code in spnego_gss_acquire_credGreg Hudson2012-05-131-3/+3
| | | | | | | When spnego_gss_acquire_cred passes through a failure status from the mechglue, it overwrites the minor code with a call to gss_release_oid_set(). Use a temporary minor status for that and a related call.
* Null-terminate components of parsed principalsGreg Hudson2012-05-122-11/+10
| | | | | | | | | | The rewritten krb5_parse_name didn't null-terminate components or realms of principals, while the old one did. Fix the new one to do so as well. This means KRB5_PRINCIPAL_PARSE_IGNORE_REALM allocates one byte for the realm instead of leaving it as empty_data(), so we need to free the realm in build_in_tkt_name() before copying in the client realm.
* Omit start time in common AS requestsGreg Hudson2012-05-111-5/+9
| | | | | | | | | | | | | | | | | | | MIT and Heimdal KDCs ignore the start time for non-postdated ticket requests, but AD yields an error if the start time is in the KDC's future, defeating the kdc_timesync option. Omit the start time if the caller did not specify a start time offset. This change reenables the client check for too much clock skew in the KDC reply in the non-timesync configuration. That check had been unintentionally suppressed since the introduction of the get_init_creds interfaces. Adjust the t_skew test script to expect the new error behavior. Code changes from stefw@gnome.org with slight modifications. ticket: 7130 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25864 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid requiring default realm for in_tkt_serviceGreg Hudson2012-05-101-31/+17
| | | | | | | | Use the new KRB5_PRINCIPAL_PARSE_IGNORE_REALM flag when parsing in_tkt_service arguments in get_init_cred functions, since we're going to overwrite the realm anyway. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25863 dc483132-0cff-0310-8789-dd5450dbe970
* Add krb5_parse_name flag to ignore realmGreg Hudson2012-05-101-1/+5
| | | | | | | | | | The flag KRB5_PRINCIPAL_PARSE_IGNORE_REALM causes krb5_parse_name to return the principal with an empty realm whether or not a realm is present in the name. ticket: 7129 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25862 dc483132-0cff-0310-8789-dd5450dbe970
* Rewrite krb5_parse_nameGreg Hudson2012-05-101-285/+176
| | | | | | | | | krb5_parse_name started out a bit unwieldy, and has become more so with the introduction of flags. Rewrite it using two passes (allocate and fill), each broken out into its own helper, and a wrapper which handles the realm flags. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25861 dc483132-0cff-0310-8789-dd5450dbe970
* Make password change work without default realmGreg Hudson2012-05-101-0/+5
| | | | | | | | | | | | This fix is not very general or clean, but is suitable for backporting because it is minimally invasive. A more comprehensive fix will follow. ticket: 7127 target_version: 1.10.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25860 dc483132-0cff-0310-8789-dd5450dbe970
* Constify get_init_creds string input paramsGreg Hudson2012-05-094-9/+9
| | | | | | | | | | | | The get_init_creds functions take read-only string input parameters for passwords and initial ticket services. Make these const char * parameters instead of just char * parameters, for caller convenience. Reported by rra@stanford.edu. ticket: 7121 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25858 dc483132-0cff-0310-8789-dd5450dbe970
* Add API to interpret changepw result stringsGreg Hudson2012-05-094-6/+179
| | | | | | | | | | | | | Active Directory returns structured policy information in the nominally UTF-8 result string field of a password change reply. Add a new API krb5_chpw_message() to convert a result string into a displayable message, interpreting policy information if present. Patch from stefw@gnome.org with changes. ticket: 7128 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25857 dc483132-0cff-0310-8789-dd5450dbe970
* Constify krb5int_utf8_normalize input parameterGreg Hudson2012-05-091-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25856 dc483132-0cff-0310-8789-dd5450dbe970
* Improve display of error code 0 in trace outputGreg Hudson2012-05-081-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25853 dc483132-0cff-0310-8789-dd5450dbe970
* Modernize style in vfy_increds.cGreg Hudson2012-05-031-96/+104
| | | | | | | Make vfy_increds.c consistently use newer coding conventions. Also add a copyright statement. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25848 dc483132-0cff-0310-8789-dd5450dbe970
* Make verify_init_creds work with existing ccacheGreg Hudson2012-05-031-7/+0
| | | | | | | | | | | As the file ccache implementation currently stands, we don't want to turn off TC_OPENCLOSE on a file cache we're writing to, or it will be opened read-only and stores to it will fail. Reported by Russ Allbery. ticket: 5126 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25847 dc483132-0cff-0310-8789-dd5450dbe970
* Try all host keys by default in vfy_incredsGreg Hudson2012-05-033-75/+219
| | | | | | | | | | | | | | | Factor out the core code of krb5_verify_init_creds into a helper, add new helper functions to retrieve the list of unique host principals from a keytab, and make krb5_verify_init_creds drive the helper once per host principal. Augment the test harness and test cases to better test the new behavior. Add a k5test method to retrieve an NFS principal for the test realm for the sake of the new test cases. ticket: 7125 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25845 dc483132-0cff-0310-8789-dd5450dbe970
* In sn2princ, getaddrinfo without AI_ADDRCONFIGGreg Hudson2012-05-031-1/+1
| | | | | | | | | | | | | | | | | | When canonicalizing a principal, use AI_CANONNAME alone in the hint flags for getaddrinfo, for two reasons. First, it works around a gnu libc bug where getaddrinfo does a PTR lookup for the canonical name (we tried to work around this in r24977 bug the addition of AI_ADDRCONFIG caused the same problem as the use of AF_INET). Second, an IPv4-only host should be able create a principal for an IPv6-only host even if it can't contact the host. This does result in extra AAAA queries in the common case (IPv4-only host contacting IPv4-only service), which is unfortunate. But we need to leave that optimization up to the platform at this point. ticket: 7124 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25844 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify krb5_do_preauthGreg Hudson2012-04-301-48/+33
| | | | | | | | Now that krb5_do_preauth has many fewer moving parts, simplify its flow control. Also remove an unused output parameter from run_preauth_plugins. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25842 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of built-in preauth types tableGreg Hudson2012-04-301-103/+53
| | | | | | | | Turn the last two entries of the pa_types table into helper functions which we invoke before the loop. Then, get rid of the part of the loop which consults the pa_types table. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25841 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify preauth2 helper functions using reallocGreg Hudson2012-04-301-45/+16
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25840 dc483132-0cff-0310-8789-dd5450dbe970
* Use correct name-type in TGS-REQs for 2008R2 RODCsTom Yu2012-04-272-12/+19
| | | | | | | | | | | | | | | | | Correctly set the name-type for the TGS principals to KRB5_NT_SRV_INST in TGS-REQs. (Previously, only AS-REQs had the name-type set in this way.) Windows Server 2008 R2 read-only domain controllers (RODCs) insist on having the correct name-type for the TGS principal in TGS-REQs as well as AS-REQs, at least for the TGT-forwarding case. Thanks to Sebastian Galiano for reporting this bug and helping with testing. ticket: 7120 target_version: 1.10.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25839 dc483132-0cff-0310-8789-dd5450dbe970
* Split up and fix get_etype_infoGreg Hudson2012-04-271-66/+83
| | | | | | | | The addition of afs3-salt processing in get_etype_info made it overly large, so split out the pw-salt/afs3-salt processing into a separate function. Also fix two dumb bugs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25838 dc483132-0cff-0310-8789-dd5450dbe970
* Stop using SALT_TYPE_AFS_LENGTHGreg Hudson2012-04-278-48/+49
| | | | | | | | | | | | In krb5_init_creds_ctx and krb5_clpreauth_rock_st, use a boolean to track whether we're still using the default salt instead of overloading salt.length. In preauth2.c, process afs3 salt values like we would in krb5int_des_string_to_key, and set an s2kparams indicator instead of overloading salt.length. Also use an s2kparams indicator in kdb_cpw.c's add_key_pwd. Remove the s2k code to handle overloaded salt lengths, except for a sanity check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25837 dc483132-0cff-0310-8789-dd5450dbe970
* Refactor client etype-info handling in preauth2.cGreg Hudson2012-04-271-134/+78
| | | | | | | Pull etype-info2, etype-info, pw-salt, and afs3-salt handling out of the pa_types loop into a new helper function get_etype_info(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25834 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure null termination of AFS saltsGreg Hudson2012-04-271-1/+1
| | | | | | | | | | | Use krb5int_copy_data_contents_add0 when copying a pa-pw-salt or pa-afs3-salt value in pa_salt(). If it's an afs3-salt, we're going to throw away the length and use strcspn in krb5int_des_string_to_key, which isn't safe if the value is unterminated. ticket: 2545 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25833 dc483132-0cff-0310-8789-dd5450dbe970
* Convert SAM-2 preauth mechanism to a moduleGreg Hudson2012-04-264-371/+442
| | | | | | | Move the last real preauth mechanism, SAM-2, from the pa_types table to a built-in module. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25831 dc483132-0cff-0310-8789-dd5450dbe970
* Remove orphaned Apple PKINIT supportGreg Hudson2012-04-268-3191/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25830 dc483132-0cff-0310-8789-dd5450dbe970
* Allow clearpolicy restriction for kadmin addprincGreg Hudson2012-04-261-4/+5
| | | | | | | | | | Although the kadmin client never generates a KADM5_POLICY_CLR mask bit with addprinc, the bit will be set if a kadm5.acl line imposes the -clearpolicy restriction. Relax the sanity checking in kadm5_create_principal_3 to allow KADM5_POLICY_CLR as long as KADM5_POLICY is not also set. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25827 dc483132-0cff-0310-8789-dd5450dbe970
* Flip the default of start_kadmind in k5test.pyGreg Hudson2012-04-263-4/+4
| | | | | | | Very few Python tests need kadmind, so it makes more sense to have to turn it on than to have to turn it off. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25825 dc483132-0cff-0310-8789-dd5450dbe970
* Clear preauth use counts for each AS requestGreg Hudson2012-04-251-0/+1
| | | | | | | | | | | | | Initialize use_count fields in krb5_preauth_request_context_init, which is invoked before each AS request. Previously they were initialized only in krb5_init_preauth_context, which is only invoked once per krb5 library context. ticket: 7119 target_version: 1.10.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25822 dc483132-0cff-0310-8789-dd5450dbe970
* Try all history keys to decrypt password historyGreg Hudson2012-04-243-45/+62
| | | | | | | | | | | | | A database created prior to 1.3 will have multiple password history keys, and kadmin prior to 1.8 won't necessarily choose the first one. So if there are multiple keys, we have to try them all. If none of the keys can decrypt a password history entry, don't fail the password change operation; it's not worth it without positive evidence of password reuse. ticket: 7099 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25819 dc483132-0cff-0310-8789-dd5450dbe970
* Use etypes from keytab in krb5_gic_keytabGreg Hudson2012-04-191-0/+118
| | | | | | | | | | | When getting initial credentials with a keytab, filter the list of request enctypes based on the keys in the keytab. Based on a patch from Stef Walter. ticket: 2131 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25818 dc483132-0cff-0310-8789-dd5450dbe970
* Unify krb5_get_init_creds_keytab code pathsGreg Hudson2012-04-194-15/+55
| | | | | | | | | | | Use krb5_init_creds_set_keytab in krb5_get_init_creds_keytab, so that processing added to the former will be used by the latter. This is slightly awkward because of the way we do the use_master fallback, in that we have to duplicate some of krb5int_get_init_creds. Based on a patch from Stef Walter. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25817 dc483132-0cff-0310-8789-dd5450dbe970
* Allow preauth mechs to work with clock skewGreg Hudson2012-04-175-26/+86
| | | | | | | | | | | | | | | Add a clpreauth callback which gets the time of day using an offset determined by the preauth-required error, and use it in encrypted timestamp and encrypted challenge. This timestamp is not necessarily authenticated, but the security consequences for those preauth mechs are minor (and can be mitigated by turning off kdc_timesync on clients). Based on a patch from Stef Walter. ticket: 7114 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25808 dc483132-0cff-0310-8789-dd5450dbe970
* Fix trace logging initializationGreg Hudson2012-04-051-1/+1
| | | | | | | | Reported by stefw@gnome.org. ticket: 7112 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25803 dc483132-0cff-0310-8789-dd5450dbe970
* Fix app tag choices for decoding EncASRepPartGreg Hudson2012-04-051-1/+1
| | | | | | | | | | When decoding an AS-REP enc part, we should accept app tags 26 (the bogus one we generate) and 25 (the correct value). We were accepting 26 and 24. Bug report and fix by stefw@gnome.org. ticket: 7111 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25802 dc483132-0cff-0310-8789-dd5450dbe970
* Fix password reuse check with cpw -keepoldGreg Hudson2012-04-041-0/+3
| | | | | | | | | | | | | | | | | When we check for password reuse, only compare keys with the most recent kvno against history entries, or else we will always fail with -keepold. This bug primarily affects rollover of cross-realm TGT principals, which typically use password-derived keys and may have an associated password policy such as "default". Bug report and candidate fix (taken with a slight modification) by Nicolas Williams. ticket: 7110 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25801 dc483132-0cff-0310-8789-dd5450dbe970
* If trace logging facility is enabled, report misconfiguration errors ↵Zhanna Tsitkov2012-04-021-29/+47
| | | | | | | | encountered while initializing krb5 library context ticket: 7091 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25800 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 08:49:15 +0000