summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* A couple more Windows build system adjustments for Fortuna as defaultGreg Hudson2011-02-252-2/+8
| | | | | | PRNG. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24659 dc483132-0cff-0310-8789-dd5450dbe970
* Add a stubs file missing from r24656Greg Hudson2011-02-251-0/+68
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24658 dc483132-0cff-0310-8789-dd5450dbe970
* Unbreak the OpenSSL and NSS crypto builds in the wake of r24652Greg Hudson2011-02-2411-79/+119
| | | | | | (Fortuna as default PRNG), and remove some unnecessary related files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24656 dc483132-0cff-0310-8789-dd5450dbe970
* Fix dangling Makefile reference after r24652Greg Hudson2011-02-241-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24655 dc483132-0cff-0310-8789-dd5450dbe970
* Make dependGreg Hudson2011-02-241-9/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24654 dc483132-0cff-0310-8789-dd5450dbe970
* Fortuna as default PRNGGreg Hudson2011-02-2412-839/+497
| | | | | | | | | | | | | | Rewrite prng_fortuna.c to much more closely match the description of Fortuna in chapter 9 of Cryptography Engineering. Add a facility to get OS entropy and implement it for Unix and Windows (not yet tested on Windows) to replace prng/fortuna/entropy.c. Rewrite the test harness to always ensure stable output and perform a statistical test on the predictable internal state resulting from the stable-output tests. ticket: 6874 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24652 dc483132-0cff-0310-8789-dd5450dbe970
* Remember to free the result of getaddrinfo() in the new sendto_kdcGreg Hudson2011-02-231-0/+1
| | | | | | | | code. ticket: 6868 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24651 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak in t_expire_warnEzra Peisach2011-02-231-0/+1
| | | | | | | | | Free context. Allows one to look for new leaks introduced in other pathways. ticket: 6872 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24650 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a memory leak introduced in r23926 where k_cred was not freed onGreg Hudson2011-02-221-30/+24
| | | | | | | | | | | successful return from kg_new_connection(). Reported by Julien Chaffraix. ticket: 6800 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24646 dc483132-0cff-0310-8789-dd5450dbe970
* Don't leak the mechanism internal context when we get an error in theGreg Hudson2011-02-221-1/+6
| | | | | | | | | | mechglue's gss_accept_sec_context. From aberry@likewise.com. ticket: 6813 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24645 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a conceptual bug in r24639: the intermediate key container lengthGreg Hudson2011-02-181-1/+1
| | | | | | | | | | should be the hash's output size, not its block size. (The bug did not show up in testing because it is harmless in practice; MD5 has a larger block size than output size.) ticket: 6869 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24641 dc483132-0cff-0310-8789-dd5450dbe970
* Don't reject AP-REQs based on PACsGreg Hudson2011-02-161-35/+11
| | | | | | | | | | | | | | | | | Experience has shown that it was a mistake to fail AP-REQ verification based on failure to verify the signature of PAC authdata contained in the ticket. We've had two rounds of interoperability issues with the hmac-md5 checksum code, an interoperability issue OSX generating unsigned PACs, and another problem where PACs are copied by older KDCs from a cross-realm TGT into the service ticket. If a PAC signature cannot be verified, just don't mark it as verified and continue on with the AP exchange. ticket: 6870 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24640 dc483132-0cff-0310-8789-dd5450dbe970
* hmac-md5 checksum doesn't work with DES keysGreg Hudson2011-02-161-1/+1
| | | | | | | | | | | | | | krb5int_hmacmd5_checksum calculates an intermediate key using an HMAC. The container for this key should be allocated using the HMAC output size (which is the hash blocksize), not the original key size. This bug was causing the function to fail with DES keys, which can be used with hmac-md5 in PAC signatures. ticket: 6869 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24639 dc483132-0cff-0310-8789-dd5450dbe970
* In kg_acceptor_princ, make Coverity happy by using a different test toGreg Hudson2011-02-141-1/+1
| | | | | | determine if we should set (*princ_out)->type. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24638 dc483132-0cff-0310-8789-dd5450dbe970
* In kadm5_rename_principal, fix an oversight which would cause errorsGreg Hudson2011-02-131-1/+2
| | | | | | from krb5_principal2salt_norealm to be ignored. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24637 dc483132-0cff-0310-8789-dd5450dbe970
* Untabify trace.c (tabs crept in when the file was created)Greg Hudson2011-02-131-14/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24636 dc483132-0cff-0310-8789-dd5450dbe970
* Defer hostname lookups in krb5_sendto_kdcGreg Hudson2011-02-1310-767/+588
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restructure the locate_kdc and sendto_kdc code to defer getaddrinfo calls until we need the answer. This requires many changes: * struct addrlist is now called struct serverlist, and is declared in os-proto.h instead of k5-int.h. It contains an array of struct server_entry structures which can hold either a name or an address. (Address entries are used for locate_kdc module results.) * The connection state list is now a linked list, and holds address information directly instead of using a struct addrinfo (this simplifies memory management). Each connection entry contains a callback buffer (previously stored in a separate array) and an index into the server list. * The {addrstate} trace formatting primitive is no longer needed, and has been replaced by {connstate}. There is also a new tracing event for resolving hostnames. * locate_server, locate_kdc, free_serverlist, and sendto get their prefixes changed from krb5int_ to k5_ as their prototypes were being adjusted anyway. The family argument is gone from the locate functions as it was never productively used. k5_sendto now receives the socket types of interest. * krb5_sendto_kdc will now pass a 0 socktype to k5_locate_kdc if both socket types are wanted. There were some allowances for this in locate but this was never previously done. In order to be conservative when invoking locate modules, we always pass an explicit socktype, thus calling lookup twice (as we did before, albeit with a separate init/fini cycle) in the common case. When creating hostname entries in serverlist from profile configuration, we preserve the 0 value of socktype, and later create both TCP and UDP addresses from the getaddrinfo results when the host is resolved. * Some accessor functions previously used by libkrb4 have been removed as they impinged upon this work. ticket: 6868 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24635 dc483132-0cff-0310-8789-dd5450dbe970
* Trace logging file descriptor leakGreg Hudson2011-02-131-0/+1
| | | | | | | | | | | | | File descriptors created for trace logging were never being closed. With short-lived contexts this leak would eventually overflow the process's file table. Correct this oversight by closing the file descriptor in file_trace_cb before freeing its container. ticket: 6867 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24634 dc483132-0cff-0310-8789-dd5450dbe970
* Reposition a trace call which was dereferencing freed memory afterGreg Hudson2011-02-131-1/+2
| | | | | | | | r24616. ticket: 6855 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24633 dc483132-0cff-0310-8789-dd5450dbe970
* Add missing KRB5_USE_INET6 ifdefs around some bits of IPv6 code whichGreg Hudson2011-02-091-0/+2
| | | | | | | | didn't have them. From aberry@likewise.com. ticket: 6857 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24620 dc483132-0cff-0310-8789-dd5450dbe970
* Fix seg faulting trace log message for use of fallback realmGreg Hudson2011-02-081-1/+1
| | | | | | | | | | | The call to TRACE_TKT_CREDS_FALLBACK in get_creds.c was supplying the wrong argument, causing a crash. ticket: 6856 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24618 dc483132-0cff-0310-8789-dd5450dbe970
* Improve acceptor name flexibilityGreg Hudson2011-02-0713-150/+388
| | | | | | | | | | | | | | | | | | | | | | Be more flexible about the principal names we will accept for a given GSS acceptor name. Also add support for a new libdefaults profile variable ignore_acceptor_hostname, which causes the hostnames of host-based service principals to be ignored when passed by server applications as acceptor names. Note that we still always invoke krb5_sname_to_principal() when importing a gss-krb5 mechanism name, even though we won't always use the result. This is an unfortunate waste of getaddrinfo/getnameinfo queries in some situations, but the code surgery necessary to defer it appears too risky at this time. The project proposal for this change is at: http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names ticket: 6855 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24616 dc483132-0cff-0310-8789-dd5450dbe970
* Change flow control in krb5_gss_import_name to better match currentGreg Hudson2011-02-041-95/+60
| | | | | | coding practices. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24613 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an unnecessary statement in acquire_init_cred(). We never setGreg Hudson2011-02-031-7/+1
| | | | | | an acceptor name different from desired_princ. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24612 dc483132-0cff-0310-8789-dd5450dbe970
* Make principal renaming work in libkadm5srv by converting to explicitGreg Hudson2011-01-251-15/+49
| | | | | | | | | | | salts as necessary. Add a principal rename command to the client. (The RPC infrastructure was already present.) Adapted from patches submitted by mdw@umich.edu and lha@apple.com. ticket: 6323 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24604 dc483132-0cff-0310-8789-dd5450dbe970
* Make gss_krb5_set_allowable_enctypes work for the acceptorGreg Hudson2011-01-251-0/+9
| | | | | | | | | | | | | | | | | | With the addition of enctype negotiation in 1.7, a gss-krb5 acceptor can choose an enctype for the acceptor subkey other than the one in the keytab. If the resulting security context will be exported and re-imported by another gss-krb5 implementation (such as one in the kernel), the acceptor needs a way to restrict the set of negotiated enctypes to those supported by the other implementation. We had that functionality for the initiator already in the form of gss_krb5_set_allowable_enctypes; this change makes it work for the acceptor as well. ticket: 6852 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24603 dc483132-0cff-0310-8789-dd5450dbe970
* Add a trace log event for unrecognized enctypes in a profile enctypeGreg Hudson2011-01-212-6/+9
| | | | | | list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24602 dc483132-0cff-0310-8789-dd5450dbe970
* Renamed static function krb5_rd_safe_basic into rd_safe_basic to avoid ↵Zhanna Tsitkov2011-01-181-5/+5
| | | | | | confusion with API git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24599 dc483132-0cff-0310-8789-dd5450dbe970
* In t_expire_warn.py, put the hashbang line at the top, instead ofGreg Hudson2011-01-181-1/+2
| | | | | | after the copyright comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24598 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_set_realm():Greg Hudson2011-01-121-4/+5
| | | | | | | | * Return EINVAL and ENOMEM correctly. * Accept an empty realm instead of returning EINVAL. * Wrap a long line. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24595 dc483132-0cff-0310-8789-dd5450dbe970
* Don't call memset with a zero lengthKen Raeburn2011-01-121-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24594 dc483132-0cff-0310-8789-dd5450dbe970
* Asn.1 decode related file rearrangement. It was made based on the following ↵Zhanna Tsitkov2011-01-1110-1292/+1560
| | | | | | | | | | criteria: 1. based on functionality (for example, kdc-only code) 2. Well defined clusters of functions (fast, sam). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24593 dc483132-0cff-0310-8789-dd5450dbe970
* Tighten up the error handling in the mechglue's gss_canonicalize_name,Greg Hudson2011-01-101-32/+14
| | | | | | | | | eliminating a null pointer dereference in the (unlikely) case that allocation of out_union fails. Reported by aberry@likewise.com. ticket: 6817 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24592 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a couple of cases in the SPNEGO implementation where aGreg Hudson2011-01-101-1/+4
| | | | | | | | | half-constructed SPNEGO context could be leaked. Patch from aberry@likewise.com, slightly amended. ticket: 6816 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24591 dc483132-0cff-0310-8789-dd5450dbe970
* Don't attempt to serialize a NULL authdata context when serializing aGreg Hudson2010-12-281-2/+4
| | | | | | | | | | | GSSAPI context (most often seen with initiator contexts). Patch from aberry@likewise.com. ticket: 6675 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24590 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use a krb5 context in t_fork, since we don't set up a krb5.confGreg Hudson2010-12-281-2/+5
| | | | | | in the crypto test directory's "make check". git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24589 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate some unused variable warningsGreg Hudson2010-12-203-2/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24583 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an unnecessary clause from safe_cksumtype() which served onlyGreg Hudson2010-12-161-1/+1
| | | | | | to create a theoretical (but impossible in practice) memory leak. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24581 dc483132-0cff-0310-8789-dd5450dbe970
* Ensure time() is prototyped in g_accept_sec_context.cGreg Hudson2010-12-141-0/+1
| | | | | | | | | | | | | r22736 added a call to time() in g_accept_sec_context.c. Include <time.h> to ensure that this call is correctly prototyped. Previously <time.h> was only included implicitly through <pthread.h>, which doesn't apply when thread support is disabled. ticket: 6842 tags: pullup target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24568 dc483132-0cff-0310-8789-dd5450dbe970
* memory leak in changepw.cTom Yu2010-12-141-0/+1
| | | | | | | | | | Apply patch from Marcus Watts to avoid a memory leak in changepw.c. ticket: 6841 tags: pullup target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24567 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a regression in the client-side ticket renewal code where KDCGreg Hudson2010-12-141-1/+4
| | | | | | | | | | | | options were not folded into the renewal request (most notably, the KDC_OPT_RENEWABLE flag), so we didn't request renewable renewed tickets. Add a simple test case for ticket renewal. ticket: 6838 tags: pullups target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24566 dc483132-0cff-0310-8789-dd5450dbe970
* typo in plugin-related error messageTom Yu2010-12-141-1/+1
| | | | | | | | | | Apply patch from Marcus Watts to fix error message typo. ticket: 6840 tags: pullup target_version: 1.9 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24565 dc483132-0cff-0310-8789-dd5450dbe970
* handle MS PACs that lack server checksumTom Yu2010-12-101-1/+26
| | | | | | | | | | | | | | | | | | | | | | target_version 1.9 tags: pullup Apple Mac OS X Server's Open Directory KDC issues MS PAC like authorization data that lacks a server checksum. If this checksum is missing, mark the PAC as unverfied, but allow krb5int_authdata_verify() to succeed. Filter out the unverified PAC in subsequent calls to krb5_authdata_get_attribute(). Add trace points to indicate where this behavior occurs. Thanks to Helmut Grohne for help with analysis. This bug is also Debian Bug #604925: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604925 This change should also get backported to krb5-1.8.x. ticket: 6839 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24564 dc483132-0cff-0310-8789-dd5450dbe970
* Add comment noting that RFC 4121 appears to omit RC4-HMAC from theTom Yu2010-12-072-0/+4
| | | | | | | | | list of "not-newer" enctypes, even though RFC 4757 effectively treats it as one. Suggested by Derrick Brashear. ticket: 6835 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24563 dc483132-0cff-0310-8789-dd5450dbe970
* update dependenciesKen Raeburn2010-12-058-63/+91
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24561 dc483132-0cff-0310-8789-dd5450dbe970
* Implement restrict_anonymous_to_tgt realm flagGreg Hudson2010-12-012-0/+8
| | | | | | | | | | | | | Implement a new realm flag to reject ticket requests from anonymous principals to any principal other than the local TGT. Allows FAST to be deployed using anonymous tickets as armor in realms where the set of authenticatable users must be constrained. ticket: 6829 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24547 dc483132-0cff-0310-8789-dd5450dbe970
* SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)Greg Hudson2010-11-3011-71/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix multiple checksum handling bugs, as described in: CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021 * Return the correct (keyed) checksums as the mandatory checksum type for DES enctypes. * Restrict simplified-profile checksums to their corresponding etypes. * Add internal checks to reduce the risk of stream ciphers being used with simplified-profile key derivation or other algorithms relying on the block encryption primitive. * Use the mandatory checksum type for the PKINIT KDC signature, instead of the first-listed keyed checksum. * Use the mandatory checksum type when sending KRB-SAFE messages by default, instead of the first-listed keyed checksum. * Use the mandatory checksum type for the t_kperf test program. * Use the mandatory checksum type (without additional logic) for the FAST request checksum. * Preserve the existing checksum choices (unkeyed checksums for DES enctypes) for the authenticator checksum, using explicit logic. * Ensure that SAM checksums received from the KDC are keyed. * Ensure that PAC checksums are keyed. ticket: 6827 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24538 dc483132-0cff-0310-8789-dd5450dbe970
* Install gssapi_ext.h on Windows. Include gssapi_ext.h in the headerGreg Hudson2010-11-301-1/+2
| | | | | | | | files considered by def-check.pl in verify-calling-conventions-gssapi. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24537 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-2869-788/+74
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* Supply static ordinals for new symbols in gssapi32.def and krb5_32.def,Greg Hudson2010-11-262-182/+182
| | | | | | | | for consistency with KFW 3.x. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24535 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 13:23:00 +0000