| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
Commit 37b0e55e21926c7875b7176e24e13005920915a6 (#7063) prevented
clock skew caused by preauth delay by recording the time of the
initial request. However, it failed to take into account delay
between requests due to prompting during preauthentication. Fix this
by recording the request time for each request.
ticket: 7656 (new)
|
| |
|
|
|
|
|
|
|
| |
Check return values of read() and write(). Avoid some unsigned
comparisons. Cast a ptrdiff_t value to int for use with %d in a
format string.
[ghudson@mit.edu: rewrap long lines; fix one more warning; commit
message]
|
| |
|
|
|
|
|
|
| |
In a static build, linking dbtest could fail on platforms where libdb2
depends on krb5support (platforms without a native mkstemp). Reported
by Gilles Espinasse <g.esp@free.fr>.
ticket: 7651
|
| |
|
|
|
|
|
|
|
|
|
| |
If we make multiple requests in an initial creds exchange, the
krb5_sendto_kdc call in k5_init_creds_get may flip the use_master
value from 0 to 1 if it detects that the response was from a master
KDC. Don't turn this into a requirement for future requests during
the same exchange, or we may have trouble following AS referrals.
Reported by Sumit Bose.
ticket: 7650
|
| |
|
|
|
|
|
|
|
|
| |
AC_MSG_RESULT is to print result after AC_MSG_CHECKING.
AC_MSG_NOTICE is to deliver message to user.
So use AC_MSG_NOTICE for --with options.
Remove overquoting too.
ticket: 7648
|
| |
|
|
|
|
|
| |
Commit 4b0985f8573840838bcfa8ec1df3dcd39a3dbf15 went a bit too far in
pruning the placeholder makefiles for the openssl and nss crypto
modules. We need enough boilerplate to create OBJS.SH in each
directory.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the gak_data value used by krb5_get_as_key_password, separate the
already-known password from the storage we might have allocated to put
it in, so that we no longer use an empty data buffer to determine
whether we know the password. This allows empty passwords to work via
the API.
Remove the kadm5 test which explicitly uses an empty password.
Based on a patch from Stef Walter.
ticket: 7642
|
| |
|
|
|
|
|
|
|
|
|
| |
The internal UTF-8 to UCS-2 conversion functions did not properly
respect their length arguments, instead assuming that the input string
is terminated with a zero bytes. As a result,
krb5int_arcfour_string_to_key could fail on unterminated inputs. Fix
the underlying support functions to read their inputs only up to the
specified length.
ticket: 7643 (new)
|
| |
|
|
|
| |
Our portability assumptions now allow the use of variadic macros, so
don't warn or error on them.
|
| |
|
|
|
|
|
| |
If yasm and cpuid.h are present on a Linux i686 or x64 system, compile
the modified Intel AES-NI assembly sources. In the builtin AES enc
provider, check at runtime whether the CPU supports AES-NI
instructions and use the assembly functions if so.
|
| |
|
|
|
| |
Remove functions we don't need. Add macros to redefine functions with
an appropriate namespace prefix.
|
| |
|
|
|
|
| |
Add assembly files from the Intel AESNI Sample Library, version 1.2,
which implement AES encryption using AES-NI instructions. Trailing
whitespace was removed.
|
| |
|
|
|
|
|
| |
In preparation for AES-NI support, adjust the block encryption helpers
in the AES enc provider so that the cache is only touched by helpers,
and reframe the CTS operations in terms of CBC operations. Change the
Camellia enc provider as well for consistency.
|
| |
|
|
|
|
|
|
| |
Expand the concept of an IOV block state into a cursor which remembers
the IOV set being iterated over, the block size, and both input and
output positions. Eliminate the no-copy inline block getter for now,
but provide helpers to grab contiguous chains of blocks from a cursor.
Also provide an inline helper to sum the total length of an iov chain.
|
| |
|
|
|
| |
Pass the server principal to krb5_rd_req so it can do proper transited
checking.
|
| |
|
|
|
|
|
|
|
|
| |
For the user-to-user case, document that callers should pass a server
principal to krb5_rd_req. For the keytab case, more accurately
document which keytab keys are tried against the ticket.
ticket: 7641 (new)
target_version: 1.11.3
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Acceptor Names project (#6855) extended krb5_rd_req so that it can
accept a "matching principal" in the server parameter. If the
matching principal has an empty realm, rd_req_decoded_opt attempted to
do transited checking with an empty server realm.
To fix this, always reset server to req->ticket->server for future
processing steps if we decrypt the ticket using a keytab.
decrypt_ticket replaces req->ticket->server with the principal name
from the keytab entry, so we know this name is correct.
Based on a bug report and patch from nalin@redhat.com.
ticket: 7639
target_version: 1.11.3
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
Create macros to declare a DNS search handle, initialize a handle,
perform a search, and destroy a handle. On OS X, use the native
dns_open, dns_search, and dns_free functions, since using the res_*
interfaces may not contact the correct servers. On systems with
res_ninit, use res_nclose if we don't have res_ndestroy.
Based on a patch by Nate Rosenblum.
|
| |
|
|
|
|
|
|
|
| |
Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make
sure to use DEFINES for local defines (not DEFS). Remove some other
unnecessary makefile content.
|
| | |
|
| |
|
|
|
| |
Catch a few stragglers that missed the memo that k5_mutex_lock
cannot fail, and sprinkle some cc-int.h as needed.
|
| |
|
|
|
| |
Adjust a stray k5_mutex_lock invocation in the NSS crypto back end
after 6350fd0c909d84c00200885e722cc902049ada05.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Locking and unlocking a non-recursive mutex is a simple memory
operation and should not fail on any reasonable platform with correct
usage. A pthread mutex can return EDEADLK on lock or EPERM on unlock,
or EINVAL if the mutex is uninitialized, but all of these conditions
would reflect serious bugs in the calling code.
Change the k5_mutex_lock and k5_mutex_unlock wrappers to return void
and adjust all call sites. Propagate this change through
k5_cc_mutex_lock and k5_cc_mutex_unlock as well.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When building for IOS targets with clang, the stdbool.h header is
included by default. This header includes the following C99
definition:
#define bool _Bool
which wrecks havoc with the DEFBOOLTYPE macro.
ticket: 7525
|
| |
|
|
|
|
|
|
|
|
|
| |
Symbols from the NTT Camellia sources, used in the builtin crypto
provider, could conflict with symbols from other libraries such as
OpenSSL's libcrypto. Rename those like we rename the Gladman AES
symbols.
ticket: 7626
target_version: 1.11.3
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kpasswd service provided by kadmind was vulnerable to a UDP
"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.
Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.
Thanks to Vincent Danen for alerting us to this issue.
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C
ticket: 7637 (new)
target_version: 1.11.3
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some fixes, some use of different APIs which seem to clean things up
better, with the goal of being able to cleanly shut down NSS when we're
done using it.
* Use PK11_FreeSlot() instead of SECMOD_CloseUserDB() to close a
database opened with SECMOD_OpenUserDB().
* Fix a typo and use PK11_DestroyGenericObject() instead of
PK11_DestroyGenericObjects() to destroy one object.
* Use SECMOD_DestroyModule() instead of SECMOD_UnloadUserModule()
to close a module loaded with SECMOD_LoadUserModule().
* crypto_check_for_revocation_information(): don't leak a reference
to the CRL, or to intermediate issuers.
* Don't leak a reference to a PEM private key.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When the PEM module is given an encrypted key, it changes its token
flags to indicate that a password is required (by setting needs-login)
to signal the application that we need to supply a password to decrypt
it. Attempts to load any other items will fail until the flag is
cleared.
If we detect that the flag is set after we've attempted to load a
private key, attempt to "log in" to the "token" using a password. Even
if we fail, the token will reset its needs-login flag, which is
necessary before we can import anything else.
|
| |
|
|
|
|
| |
When loading certificates using the PEM module, use a better method for
finding the just-loaded certificate that will still work if we've
already got a copy of the certificate loaded somewhere else.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When using NSS's CMS API to generate signed-data messages, we identify
the key that we want to use for signing by specifying a certificate.
The library then looks up the corresponding private key when it needs to
generate the signature. This lookup fails if a certificate and a its
corresponding private key were loaded key-first, but succeeds if they
were loaded certificate-first (RHBZ#859535). To work around this,
switch to loading the certificate first. (We switch to using different
_pkinit_identity_crypto_file pointers for each instead of reusing just
one, so the diff is messier than it might have been.)
|
| |
|
|
|
|
| |
Use PORT_ErrorToName() to let us print an error name instead of an error
code in a couple of debug messages, since in practice we just end up
looking up the code in <secerr.h> anyway.
|
| |
|
|
|
|
|
|
| |
When PKINIT is built with NSS, change how it traverses tokens to match
the way it's done when built using OpenSSL: ignore slot names (we used
to treat the token label as a possible slot label, too), and either only
look at the token with the specified label, or the first token if a no
token label was specified.
|
| |
|
|
|
| |
We already call SEC_PKCS12DecoderFinish() before entering the switch()
statement, so don't call it again.
|
| |
|
|
|
|
|
|
| |
When PKINIT is built with NSS, make the text of prompts that we issue to
the user better match the text we use when we build with OpenSSL: ask
for a pass phrase when we're asking about a hardware token, ask for a
password the rest of the time, and take advantage of translations for
requests for a password.
|
| |
|
|
|
|
|
|
| |
When we're doing certificate matching and we're asked for the list of
SAN values for a certifiate, and it contains none, don't return an
error, as that will eventually cause the module to just return an error.
Instead, just return an empty list of SAN values so that processing will
continue on to check if other certificates match.
|
| |
|
|
|
|
| |
The locking wrapper for audit_as_req used the wrong function
signature, which was harmless but produced a couple of warnings. Fix
it.
|
| |
|
|
|
|
|
|
|
| |
The string "KDB:" has four characters, not three; check for all four
of them.
[ghudson@mit.edu: commit message]
ticket: 7636
|
| |
|
|
| |
ticket: 7635 (new)
|
| |
|
|
| |
ticket: 7634
|
| |
|
|
|
|
|
| |
If we cannot open the LDAP password file or cannot find the bind DN in
it, include the filename and DN in the error message.
ticket: 7632
|
| |
|
|
|
|
| |
The reassembled names used "," as a separator between attributes, when
passed-in values use ":". This was due to the original submitter being
confused - they weren't intended to be different.
|
| |
|
|
|
|
| |
When attempting to clean the files out from our temporary directory,
correct the test which was supposed to let us skip over "." and ".." so
that we actually don't try to remove them with remove().
|
| |
|
|
|
|
| |
The test, as submitted, included a copy/paste error which caused it to
test PKINIT using unencrypted PKCS12 bundles twice, and to not test a
DIR: location containing unencrypted PEM-formatted keys at all.
|
| | |
|
| |
|
|
|
|
|
| |
Remove a reference to eDirectory that persisted after support for
eDirectory was removed. Almost certainly harmless anyway.
[ghudson@mit.edu: also quote $with_ldap]
|
| |
|
|
|
|
|
|
| |
If we cannot find a client key while preparing an AS reply, give
preauth mechanisms a chance to replace the reply key before erroring
out.
ticket: 7630
|
| |
|
|
|
|
|
|
| |
RFC 4120 prohibits empty ETYPE-INFO2 sequences (though not ETYPE-INFO
sequences), and our client errors out if it sees an empty sequence of
either.
ticket: 7630
|
| |
|
|
|
|
|
|
| |
Encrypted timestamp and encrypted challenge cannot succeed if the
client has no long-term key matching the request enctypes, so do not
offer them in that case.
ticket: 7630
|
| |
|
|
|
|
|
|
| |
Add a new have_client_keys callback to the kdcpreauth interface,
allowing modules to efficiently check whether the client DB entry has
any keys matching the request enctypes.
ticket: 7630
|
| |
|
|
|
| |
The mechglue definitions of gssint_get_der_length and friends use
unsigned int for the buffer length, not OM_uint32.
|
