Sam Hartman [Fri, 14 Oct 2011 14:40:10 +0000 (14:40 +0000)]
Use gssalloc memory management where appropriate
gss_buffer_t may be freed in a different module from where they
are allocated so it is not safe to use strdup/malloc/calloc/free.
similarly, gss_OID_set need to use gssalloc functions.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25332 dc483132-0cff-0310-8789-dd5450dbe970
Sam Hartman [Fri, 14 Oct 2011 14:40:05 +0000 (14:40 +0000)]
Utility functions to move allocations from k5buf/krb5_data to gss_buffer_t
On Unix, these simply move the buffer pointer, but on windows they need to
reallocated with gssalloc_malloc and coied since the gss_buffer_t may need
to be freed in a separate module with potentially mismatched c runtime.
Also fix a mismatched parameter warning in generic_gss_copy_oid_set().
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25331 dc483132-0cff-0310-8789-dd5450dbe970
Sam Hartman [Fri, 14 Oct 2011 14:39:01 +0000 (14:39 +0000)]
Add new header gssapi_alloc.h
Contains allocator methods for use with mechanisms and mechglues for
allocations that must be made in one module but freed in another. On
windows, an allocation made in one module cannot safely be freed in
another using the usual c runtime malloc/free; runtime dll mismatch
will cause heap corruption in that case. But it is safe to instead
directly use HeapAlloc()/HeapFree() specifying the default process
heap. For now, this header is not public. If it becomes public
strncpy will need to be used instead of strlcpy.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25330 dc483132-0cff-0310-8789-dd5450dbe970
Greg Hudson [Wed, 12 Oct 2011 16:34:07 +0000 (16:34 +0000)]
Make krb5_pac_sign public
krb5int_pac_sign was created as a private API because it is only
needed by the KDC. But it is actually used by DAL or authdata plugin
modules, not the core KDC code. Since plugin modules should not need
to consume internal libkrb5 functions, rename krb5int_pac_sign to
krb5_pac_sign and make it public.
Zhanna Tsitkov [Fri, 7 Oct 2011 21:19:41 +0000 (21:19 +0000)]
Removed references to non-existing krb5_default_local_realm(3) and some source-code-defined macros from the administration programs documentation.
Also, minor cleanup & corrections.
Greg Hudson [Fri, 7 Oct 2011 14:26:25 +0000 (14:26 +0000)]
Use built-in modules for encrypted timestamp
Break out the encrypted timestamp code from kdc_preauth.c and
preauth2.c into built-in modules, allowing admins to disable it and
reducing the size of the framework code.
Greg Hudson [Thu, 6 Oct 2011 20:08:29 +0000 (20:08 +0000)]
Add get_string, free_string kdcpreauth callbacks
String attributes should be useful to preauth modules without having
to link against libkdb5. Add a callback to make client string
attributes accessible to modules.
Greg Hudson [Thu, 6 Oct 2011 19:24:56 +0000 (19:24 +0000)]
Ditch fast_factor.h since it contains only stubs
Leave a comment behind where we called fast_set_kdc_verified().
Remove the call to fast_kdc_replace_reply_key() since it's wrong
(encrypted challenge doesn't replace the reply key in that sense).
Greg Hudson [Thu, 6 Oct 2011 16:18:56 +0000 (16:18 +0000)]
Use type-safe callbacks in preauth interface
Replace the generic get_data functions in clpreauth and kdcpreauth
with structures containing callback functions. Each structure has a
minor version number to allow adding new callbacks.
For simplicity, the new fast armor key callbacks return aliases, which
is how we would supply the armor key as a function parameter. The new
client keys callback is paired with a free_keys callback to reduce the
amount of cleanup code needed in modules.
Sam Hartman [Wed, 5 Oct 2011 21:30:50 +0000 (21:30 +0000)]
Add krb5int_gettimeofday to k5sprt for platforms w/o native gettimeofday
Microsecond accuracy on _WIN32, but only one second accuracy on other,
AFAIK purely hypothetical, platforms that lack native gettimeofday.
Shamelessly cribbed from Heimdal.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25310 dc483132-0cff-0310-8789-dd5450dbe970
Greg Hudson [Wed, 5 Oct 2011 17:27:15 +0000 (17:27 +0000)]
Use an opaque handle in the kdcpreauth callback
Instead of passing a request and entry to the kdcpreauth get_data
callback, pass an opaque handle. Remove DB entry and key data
parameters from kdcpreauth methods (but keep the request, since that's
transparent).
The SecurID plugin links against libkdb5 and needs access to the client
DB entry. Rather than continue to pass a DB entry to kdcpreauth
methods, add a get_data callback to get the client DB entry for the few
plugins which might need it.
Greg Hudson [Tue, 4 Oct 2011 20:16:07 +0000 (20:16 +0000)]
Create e_data as pa_data in KDC interfaces
All current known uses of e_data are encoded as pa-data or typed-data.
FAST requires that e_data be expressed as pa-data. Change the DAL and
kdcpreauth interfaces so that e_data is returned as a sequence of
pa-data elements. Add a preauth module flag to indicate that the
sequence should be encoded as typed-data in non-FAST errors.
Greg Hudson [Tue, 4 Oct 2011 15:11:45 +0000 (15:11 +0000)]
Improve k5_get_os_entropy for Windows
When acquiring a crypto context for CryptGenRandom, pass
CRYPT_VERIFYCONTEXT to indicate that we don't need access to private
keys. Appears to make OS entropy work on Windows XP.
Greg Hudson [Mon, 3 Oct 2011 19:32:28 +0000 (19:32 +0000)]
Fix a Fortuna PRNG failure case
If we don't have entropy when krb5_c_random_make_octets is called,
unlock the mutex before returning an error. From
kevin.wasserman@painless-security.com.
Sam Hartman [Wed, 28 Sep 2011 20:55:53 +0000 (20:55 +0000)]
Fix ccapi rpc methods to always pass 8 byte handles instead of sizeof(void*).
ccapi server always stores all 8 bytes, whether compiled as 32 bit or 64 bit.
If 32 bit, client zero-pads handle when sending and truncates when receiving.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25265 dc483132-0cff-0310-8789-dd5450dbe970
Sam Hartman [Wed, 28 Sep 2011 20:54:49 +0000 (20:54 +0000)]
if krb5_get_default_config_files() returns success and
an empty list, then get_profile_file() will attempt
to dereference a null pointer. check for the empty
list and treat it as failure.
Sam Hartman [Wed, 28 Sep 2011 20:54:45 +0000 (20:54 +0000)]
If the KRB5CCNAME variable gets set to the empty string
there will be no credential cache and the automatic credential
cache detection will be skipped. Ensure that the KRB5CCNAME
variable is not set to an empty string by us. If it was set
to the empty string by someone else, unset it.
Sam Hartman [Wed, 28 Sep 2011 20:54:41 +0000 (20:54 +0000)]
miscellaneous leash32.dll corrections
do not build leash32.dll with MessageBox() calls. Doing
so produces a library that on error must display a dialog
box to the end user. If this library is called from a
service (via gssapi32.dll) the service will block forever
while awaiting the dialog box to clear.
LeashKRB5GetTickets() treats krbv5Context as an in/out variable.
If the caller does not provide a krb5_context, one will be allocated.
It is up to the caller to ensure that the context is eventually freed.
A context can be returned even if the function returns an error.
Make sure that 'ctx' and 'cache' are properly initialized so that
it is possible to tell the difference. Do not free the context if
it was locally allocated.
In acquire_tkt_no_princ() do not set the KRB5CCNAME environment
variable if 'ccname' is an empty string.
For a very long time, KDCs have known how to perform a domain-based
realm walk when serving requests for TGTs. (So if a KDC for A.B.C
receives a request for krbtgt/X.B.C and doesn't have that principal,
it can return one for krbtgt/B.C instead.) Performing the same
heuristic on the client is unnecessary and inefficient in common
cases.
Add a new function k5_client_realm_path to walk_rtree.c which uses
capaths values only, and returns a list of realms (as desired by
get_creds.c) instead of TGT names.
projects / thirdparty / krb5.git / log
