| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial k5test.py design, copied from the dejagnu suite, is to
create config files and environments for four expected roles: client,
server, master, and slave. This approach exaggerates the complexity
of the common case, where the configurations don't need to vary, and
limits us to having just one slave for kprop/iprop tests.
Instead, create just one configuration by default, and add a
special_env() method which sets up a differently configured
environment for the few test cases which need one. The run_as_*()
methods are collapsed into just run(), which accepts an optional
argument for the environment returned by special_env().
|
| |
|
|
|
|
| |
Nothing was using KRB5_KDB_SRV_TYPE_PASSWD, so get rid of it.
(kpasswdd is part of kadmind and interacts with the KDB using
KRB5_KDB_SRV_TYPE_ADMIN.)
|
| | |
|
| |
|
|
|
|
| |
ldap_realm.c had some code intended to handle a
krbTicketPolicyReference from a krbRealmContainer object, but there
wasn't enough of it to ever do anything. Remove it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Outside of krb5_ldap_read_krbcontainer_params and
krb5_ldap_create_krbcontainer, no fields of
krb5_ldap_krbcontainer_params were used except for the DN. There was
code to create a krbTicketPolicyReference attribute (which would fail
because the schema doesn't allow that attribute, and was never
exercised because kdb5_ldap_util would never set the parameter) and to
read fields like max ticket life from the referenced ticket policy,
but those fields were never used.
Eliminate the structure and just store the container DN in
krb5_ldap_context. Continue creating the container object when
creating a realm (by calling krb5_ldap_create_krbcontainer
unconditionally; it now exits successfully if the container already
exists), but don't ever read it.
|
| |
|
|
|
|
| |
krb5_ldap_put_principal contained some conditionals for the case where
entry->princ is NULL, but only after entry->princ was dereferenced
unconditionally. It's not necessary to handle this case, so don't.
|
| | |
|
| |
|
|
|
|
|
|
| |
All of our deps files have a trailing space in the first line,
originating from depfix.pl. This space triggers the whitespace
checker when generating a new deps file. Get rid of the trailing
whitespace in the script; the change will be reflected in the deps
files the next time they are regenerated.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If we are responding to a KDC_ERR_PREAUTH_REQUIRED and cannot
preauthenticate, report the error from the first real preauth type we
tried.
k5_preauth() now accepts a boolean input indicating that it must
succeed on a real preauth type, instead of returning a boolean saying
whether or not it did.
ticket: 7517 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The preauth functions are internal to libkrb5, so use the k5_ prefix,
don't use KRB5_CALLCONV, and prototype them in int-proto.h. Also
remove krb5_do_preauth from the Unix libkrb5 export list.
Reorder the k5_preauth() and k5_preauth_tryagain() arguments for more
consistency with the clpreauth interface, and put the output padata
arguments at the end.
Rename any remaining uses of "kcontext" to "context" in preauth2.c.
|
| |
|
|
|
|
|
|
| |
With one exception (KRB5_PADATA_PKINIT_KX), every padata type
processed by a clpreauth module is now a real preauthentication type.
Reduce the amount of boilerplate required for a clpreauth module by
making the flags method optional if all of the preauth types
advertised by the module are real.
|
| |
|
|
|
|
|
|
| |
In preauth2.c, use wrapper functions for calls to clpreauth functions.
Get rid of the expanded-out module table, instead using a helper
function to find the handle for a preauth type. Replace use counts
with a list of previously processed pa types. Check for pa type
conflicts when loading clpreauth modules.
|
| |
|
|
|
|
|
| |
Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header. For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.
|
| |
|
|
|
|
| |
In krb5_get_init_creds_password and krb5_get_init_creds_keytab, save
the extended error before retrying against the master KDC, and restore
that state if returning the error from the original request.
|
| | |
|
| |
|
|
|
|
| |
Eliminate the scratch_buf field of struct error_info and just return a
non-localized constant error message if we can't allocate a copy of
the real one. Also rely on a conformant strerror().
|
| |
|
|
|
|
|
| |
Fix style issues in kerrs.c and errors.c. Rename error handling
functions to use shorter k5_ prefix. Eliminate an inoperable
krb5int_set_error() call in gic_opte_alloc and convert the other
call to use krb5_set_error_message().
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The technique we use for inserting the feedback link in the footer
overrides the Sphinx basic/layout.html and agogo/layout.html footers
in a way that prevents us from getting the copyright link footer.
Copy the relevant part of the Sphinx basic/layout.html for now.
Add a copyright.rst that links to mitK5license.rst.
ticket: 7510 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't check for an agility KDF identifier in the non-draft9 reply
structure when we're building a draft9 reply, because it'll be NULL.
The KDC plugin for PKINIT can dereference a null pointer when handling
a draft9 request, leading to a crash of the KDC process. An attacker
would need to have a valid PKINIT certificate, or an unauthenticated
attacker could execute the attack if anonymous PKINIT is enabled.
CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C
[tlyu@mit.edu: reformat comment and edit log message]
ticket: 7506 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't print out every node processed (or not processed) in the
doxygen-Sphinx bridge, nor print out a summary of how many types
or functions were processed.
While here, tell doxygen to be quiet in its output as well, and
not print out each file that is generated. It still outputs
warnings, though.
ticket: 7495 (new)
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
| |
If a question's challenge is NULL, it is unnecessarily difficult for a
responder callback to detect whether it was asked. So it's better to
use an empty challenge when there is no challenge data to communicate.
Do this for the "password" question.
ticket: 7499 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
| |
Update mkrel so that it will explicitly set SPHINX_ARGS=-W to make
warnings fatal and so that it will work in an unconfigured tree.
ticket: 7497 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In a build with static libraries, functions tagged with
__attribute__((destructor)) may be executed in any order, not in a
topologically sorted order as they are in shared libraries. This
could result in libcom_err functions being invoked (from another
library's finalizer) after libcom_err has been finalized, which would
(at minimum) result in using a mutex after it is destroyed. To
prevent this kind of problem, disable finalizers in the static build
regardless of whether we have compiler or linker support for them.
Reported by Mihai Serban <mihai.serban@gmail.com>.
|
| |
|
|
|
|
|
|
|
|
| |
Pick up changes to kadmin.rst and krb5_conf.rst adding cross-references
for account lockout and detailing parameter expansion for keytab
and credentials cache names in krb5.conf
ticket: 7494 (new)
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
| |
Now that version.py is in place to update Sphinx's idea of the
version number in accordance reality, update the version in the
man pages that we check in; the master branch is currently a 1.12 prerelease.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently do not have any warnings. Let us keep it that way by
making warnings fatal in maintainer-mode (and configurable on the
buildslaves). Using sphinx-build -W also causes errors to be reported
in the exit status and picked up by make, which is quite useful.
In order to allow the build bot to use -W but end-users to not use it,
SPHINX_ARGS must be passed on the command line; it cannot be set by
the convenience target 'htmlsrc'. Document this.
ticket: 7468 (new)
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of requiring the user to specify srcdir, top_srcdir, PYTHON,
and possibly more in the future, make an 'htmlsrc' target that does so
for them.
This also lets us do the clean in the same step, so that only one
command is required of the user.
ticket: 7491 (new)
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
| |
Remove the inaccurate comments "unused" and replace them with
more useful representations of what they mean.
ticket: 7490 (new)
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
| |
We allow these rules to be used in an unconfigured tree, and some
makes do not supply a value for RM by default.
ticket: 7492 (new)
subject: Doc build in unconfigured tree broken on some platforms
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In kdc_util.c and spnego_mech.c, error returns from ASN.1 length
functions could be ignored because they were assigned to unsigned
values. In spnego_mech.c, two buffer size checks could be rewritten
to reduce the likelihood of pointer overflow. In dump.c and
kdc_preauth.c, calloc() could be used to simplify the code and avoid
multiplication overflow. In pkinit_clnt.c, the wrong value was
checked for a null result from malloc(), and the code could be
simplified.
Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>.
ticket: 7488
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This dependency has been in effect since the notice build was changed
to use the main conf.py, due to its unconditional execfile('version.py').
Adding another conditional in conf.py seems to add needless complication,
it is easier to just note the dependency in the Makefile and carry on.
ticket: 7470 (new)
title: NOTICE build has unnoted dependency on version.py
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
| |
A host referral to the same realm we just looked up the principal in
is useless at best and confusing to the client at worst. Don't
respond with one in the KDC.
ticket: 7483
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
| |
We omit the patchlevel if it is zero, but the check whether
the patchlevel was zero was checking the wrong variable, and thus
always succeeding.
ticket: 7481 (new)
queue: kfw
tags: pullup
target_version: 1.10.4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Improve accessibility by actually enabling access keys for ribbon
elements (tap alt and follow the onscreen hints for keys to press),
instead of just underlining a letter in the name of each element.
Supply an underlined letter in the text of each element, corresponding
to this access key, even if there is not a shortcut key bound to that
element. While here, fix conflicting assignment to 'R' on the 'options'
tab (between "Renewable Until" and "Automatic Ticket Renewal") by
making "Automatic Ticket Renewal" use 'T'. Microsoft's UI recommendations
seem to say that access keys should be easy to locate when searching
through the menu, and thus using the first letter of the first or
second word is advisable.
The Ribbon XML Reference seems to indicate that these elements should
be "keytip" elements, but MSVS creates "keys" elements, which seem
to work, whereas "keytip" does not. Apparently 'F' is standard for
the application button menu (which contains exit). Access keys work
somewhat poorly for us in this menu, as they appear on top of the text
of the menu items, since we have no icons here.
ticket: 7441
tags: pullup
target_version: 1.10.4
|
| |
|
|
|
|
|
|
|
|
| |
A big pile of XML on one line is not very readable.
Use 'xmllint --format' to make things more sane.
ticket: 7478 (new)
queue: kfw
tags: pullup
target_version: 1.10.4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The AboutBox dialog as specified in the resource file is larger than
the one we display; the dialog init routine marks several things as
non-visible, moves the 'OK' button up to where the now-invisible items
were, and shrinks the dialog's bounding rectangle.
However, the edit boxes containing copyright and version information
seem to always present as being on top of the 'OK' button, and their
background causes the button to appear almost invisible with the current
repositioning.
To keep the 'OK' button visible, reduce the amount that it is moved
(and the amount the dialog is shrunk) so that the button does not overlap
with the edit box.
ticket: 7443
tags: pullup
target_version: 1.10.4
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add entries to OBJS and SRCS as well as STLIBOBJS.
Use KRB5_CALLCONV at function definition as well as declaration.
Declare missing variable in _WIN32-conditional code.
ticket: 7479 (new)
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Document the fact that the key usage type 26 is used by both
KBKRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST and
KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST, while 27 - by
KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY and KRB5_KEYUSAGE_PA_SAM_RESPONSE.
Also, since KRB5_KEYUSAGE_PA_REFERRAL is not actually used in MIT Kerberos
code and is not defined in the latest referrals draft
(http://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-referrals-15)
mark it as "unused".
ticket: 7474
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
| |
Since r25120, kill_conn() has been responsible for closing and
invalidating conn->fd. In the unlikely event that the KDC sends a TCP
response to us before we send a TCP request, we were cleaning up the
socket again, which is useless (though also harmless). Get rid of
that code.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the second part of the first pass over the server list, we passed
the wrong list pointer to service_fds, causing it to see only a subset
of the server entries corresponding to sel_state. This could cause
service_fds to spin if an event is reported on an fd not in the
subset.
ticket: 7454
target_version: 1.10.4
tags: pullup
|
| |
|
|
|
|
|
|
| |
Fix memory leak.
ticket: 7457
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few places were using the standard C /* comment */ form, but
this is rendered poorly by doxygen through to our Sphinx bridge.
Use the special /**< comment */ form to get doxygen-specific behavior.
If the standard C comment form is used, the full comment (including
start and end markers) is included in the value of the macro, and
Sphinx then tries to treat the end of the comment as the start of
inline markup with no corresponding end-string, which is a warning.
Using the doxygen form of the comment, the contents of the comment
are put in a separate paragraph block, which is inserted in the
body of the generated RST document.
The markup for krb5_rd_priv() had a line that ended with an @c
markup statement without a symbol following it. This confused
doxygen into not parsing any more of the comment. The beginning
of the next line is a macro identifier with markup to auto-linkify it.
In RST, it is not possible to have a link and a terminal font on the
same text, so removing the @c is the appropriate fix.
There are also eleven deprecated functions which are replaced by
the krb5_c_* family of functions. However, referring to this class
of functions as the "krb5_c_" class of functions results in Sphinx
attempting to interpret this statement as a link to a label elsewhere
in the document, and no such label exists. To avoid this warning, use
"krb5_c_*" to refer to the class of functions, which is arguably
more correct anyways.
ticket: 7447
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Our doxygen-to-sphinx documentation bridge only processes typedefs
and not structure definitions, since we almost universally use
typedefs for our data structures. krb5_trace_info is the sole
exception, so bring it into the fold.
While here, flesh out the comment a bit more.
ticket: 7447
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
|
|
|
| |
Sphinx produces .doctree pickles that can be over 17MB with the
current documentation. Remove them when running "make clean" in
src/doc so that they don't pollute distribution tar files.
ticket: 7461 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
| |
More specifically, document that this new API was first
introduced in 1.11
ticket: 7460
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The trace messages in krb5int_clean_hostname were outputting the
entire contents of the output buffer (mostly uninitialized garbage)
into the trace log. Since these messages were essentially redundant
with messages in the callers, and were arguably at too low of a level
to begin with, simply remove them.
ticket: 7459 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
| |
ticket: 7453 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
| |
Avoid using asterix characters in the documentation for
krb5_unparse_ext_name, since they get intepreted as markdown
punctuation when translated to RST.
ticket: 7452 (new)
target_version: 1.11
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modify ldap_filter_correct() to quote special characters for DN
strings as well as filters, since it is already used to quote a DN
string in krb5_ldap_name_to_policydn() and there's no harm in
over-quoting. In krb5_ldap_put_principal(), quote the unparsed
principal name for use in DNs we choose. In
krb5_ldap_create_password_policy(), use the policy name for the CN of
the policy entry instead of the (possibly quoted) first element of the
DN.
Adapted from a patch by Jim Shi <hanmao_shi@apple.com>.
ticket: 7296
|
