Greg Hudson [Sun, 3 Feb 2013 18:21:34 +0000 (13:21 -0500)]
Make kprop/kpropd work with RC4 session key
In krb5_auth_con_initivector and mk_priv/rd_priv, stop assuming that
the enctype's block size is the size of the cipher state. Instead,
make and discard a cipher state to get the size.
Greg Hudson [Fri, 1 Feb 2013 16:52:48 +0000 (11:52 -0500)]
Fix kdb5_util dump.c uninitialized warnings
Some versions of clang report an uninitialized variable warning (which
we treat as an error) in process_k5beta_record. Due to the if-ladder
style of the function, uninitialized tmpint values can be copied
around in certain error cases, although the garbage values would be
ultimately ignored. As a minimal fix, initialize the tmpint
variables.
Greg Hudson [Fri, 11 Jan 2013 15:13:25 +0000 (10:13 -0500)]
Fix no_host_referral concatention in KDC
If no_host_referral is set in both [kdcdefaults] and the realm
subsection, we're supposed to concatenate their values. But the logic
in handle_referral_params would overwrite the value with the
non-concatenated realm value. Similar bugs of this nature were fixed
in 639c9d0f5a7c68dc98a2a452abc05ca32443cddf (r22037) but this one was
missed.
Tom Yu [Fri, 21 Dec 2012 20:45:53 +0000 (15:45 -0500)]
Add more formats to krb5_timestamp_to_sfstring
krb5_timestamp_to_string() can produce ambiguous dates. The final
fallback, "%d/%m/%Y %R", contains a European order date format that
can be confused with a US date format. Add some additional strftime()
format strings, including locale-dependent formats and some ISO 8601
formats. Remove the hardcoded strftime() format that had an ambiguous
date order.
Ben Kaduk [Thu, 13 Dec 2012 20:26:38 +0000 (15:26 -0500)]
Update retiring-des with real-world experience
We took notes when upgrading the ZONE.MIT.EDU realm to reduce
its usage of single-DES. Use these to give examples for the upgrade
procedure, and flesh out some parts of it that were missing or
under-specified.
Tom Yu [Mon, 17 Dec 2012 20:44:27 +0000 (15:44 -0500)]
Add copyright footer to HTML docs
The technique we use for inserting the feedback link in the footer
overrides the Sphinx basic/layout.html and agogo/layout.html footers
in a way that prevents us from getting the copyright link footer.
Copy the relevant part of the Sphinx basic/layout.html for now.
Add a copyright.rst that links to mitK5license.rst.
Nalin Dahyabhai [Thu, 13 Dec 2012 19:26:07 +0000 (14:26 -0500)]
PKINIT (draft9) null ptr deref [CVE-2012-1016]
Don't check for an agility KDF identifier in the non-draft9 reply
structure when we're building a draft9 reply, because it'll be NULL.
The KDC plugin for PKINIT can dereference a null pointer when handling
a draft9 request, leading to a crash of the KDC process. An attacker
would need to have a valid PKINIT certificate, or an unauthenticated
attacker could execute the attack if anonymous PKINIT is enabled.
Tom Yu [Thu, 13 Dec 2012 23:07:51 +0000 (18:07 -0500)]
Conditionally include MITKC logo in HTML doc
Conditionally include the MITKC logo in the HTML output from Sphinx if
the environment variable HTML_LOGO is set. During official builds for
the web site, that environment variable will point to an appropriately
scaled copy of the MITKC logo.
Ben Kaduk [Wed, 12 Dec 2012 18:23:03 +0000 (13:23 -0500)]
Better names for doxygen-Sphinx bridge functions
It is confusing when the codepath for the production doc build
involves calling functions with names like "test". Rename things
which are in active use so that routines which are actually only
used for testing are more discernable as such.
Ben Kaduk [Wed, 12 Dec 2012 15:36:18 +0000 (10:36 -0500)]
Make the doc build quieter
Don't print out every node processed (or not processed) in the
doxygen-Sphinx bridge, nor print out a summary of how many types
or functions were processed.
While here, tell doxygen to be quiet in its output as well, and
not print out each file that is generated. It still outputs
warnings, though.
Greg Hudson [Thu, 13 Dec 2012 19:53:58 +0000 (14:53 -0500)]
Use an empty challenge for the password question
If a question's challenge is NULL, it is unnecessarily difficult for a
responder callback to detect whether it was asked. So it's better to
use an empty challenge when there is no challenge data to communicate.
Do this for the "password" question.
Tom Yu [Wed, 12 Dec 2012 21:51:02 +0000 (16:51 -0500)]
Fix various integer issues
In kdc_util.c and spnego_mech.c, error returns from ASN.1 length
functions could be ignored because they were assigned to unsigned
values. In spnego_mech.c, two buffer size checks could be rewritten
to reduce the likelihood of pointer overflow. In dump.c and
kdc_preauth.c, calloc() could be used to simplify the code and avoid
multiplication overflow.
Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>.
Ben Kaduk [Tue, 11 Dec 2012 22:19:44 +0000 (17:19 -0500)]
Regenerate checked-in man pages
Pick up changes to kadmin.rst and krb5_conf.rst adding cross-references
for account lockout and detailing parameter expansion for keytab
and credentials cache names in krb5.conf
Ben Kaduk [Tue, 27 Nov 2012 23:45:59 +0000 (18:45 -0500)]
Make sphinx warnings fatal for doc build
We currently do not have any warnings. Let us keep it that way by
making warnings fatal in maintainer-mode (and configurable on the
buildslaves). Using sphinx-build -W also causes errors to be reported
in the exit status and picked up by make, which is quite useful.
In order to allow the build bot to use -W but end-users to not use it,
SPHINX_ARGS must be passed on the command line; it cannot be set by
the convenience target 'htmlsrc'. Document this.
Ben Kaduk [Mon, 10 Dec 2012 20:02:14 +0000 (15:02 -0500)]
Do not document unused symbols
The macro KRB5_KEYUSAGE_PA_REFERRAL was defined in an early revision
of draft-ietf-krb-wg-kerberos-referrals but did not make it into
RFC 6806. We retain the definition so as to not break code implementing
the early draft, but need not document it.
Likewise, the krb5_octet_data structure and krb5_free_octet_data routine
are marked as having been originally introduced for PKINIT and "Do not
use this." They are in fact unused, and should not be documented, but
the actual definitions must remain for compatibility.
Ben Kaduk [Thu, 29 Nov 2012 00:06:44 +0000 (19:06 -0500)]
Note notice.txt's dependency on version.py
This dependency has been in effect since the notice build was changed
to use the main conf.py, due to its unconditional execfile('version.py').
Adding another conditional in conf.py seems to add needless complication,
it is easier to just note the dependency in the Makefile and carry on.
Ben Kaduk [Tue, 27 Nov 2012 18:31:34 +0000 (13:31 -0500)]
Do not generate unused parts of toctree
Our css only displays up to depth 3 of the toctree, partially
because the API reference content explodes at depth 4 and that would
not be pretty to see in the sidebar. However, we would previously
always generate HTML for the full toctree and hide parts with CSS.
For the apiref, this proved to be about 65k per html file, and we
have one html file per function/type/macro.
Limit the depth of the toctree that gets generated to save on space
in the release tarball.
Unfortunately, there seems to be a Sphinx bug wherein the toctree
will only be generated to depth 1 for a document at a depth greater
than the maxdepth of the toctree, so the sidebar table of contents
on individual apiref pages will just be the toplevel toctree.
This issue is being tracked at
https://bitbucket.org/birkenfeld/sphinx/issue/1046/
Ben Kaduk [Wed, 28 Nov 2012 19:19:43 +0000 (14:19 -0500)]
Reformat RST to avoid sphinx warnings
Old versions of docutils will see inline markup (e.g., :ref:`foo`)
at the beginning of a line in the content of a directive block
and attempt to interpret that markup as options or arguments
to the directive. RST intended as inline markup (as opposed to
modifying the behavior of the directive) will not be interpretable
in this context, and causes Sphinx to emit a warning.
Work around this behavior by always leaving a blank line before
the content of a directive block, forcing it to be interpreted
as content and not options or arguments.
The buggy behavior was only encountered in note environments, but
for consistency of style, also reformat warning and error blocks.
Tom Yu [Thu, 6 Dec 2012 23:35:59 +0000 (18:35 -0500)]
Make resources.rst more useful to non-devs
Reorder the IRC channel listing so #kerberos is first. (Developers
form a smaller part of our audience for this documentation set.)
Remove some details that are available on the wiki and not of interest
to non-developers.
Greg Hudson [Fri, 7 Dec 2012 02:40:05 +0000 (21:40 -0500)]
Don't return a host referral to the service realm
A host referral to the same realm we just looked up the principal in
is useless at best and confusing to the client at worst. Don't
respond with one in the KDC.
Ben Kaduk [Mon, 3 Dec 2012 19:21:55 +0000 (14:21 -0500)]
Access keys for the KfW ribbon interface
Improve accessibility by actually enabling access keys for ribbon
elements (tap alt and follow the onscreen hints for keys to press),
instead of just underlining a letter in the name of each element.
Supply an underlined letter in the text of each element, corresponding
to this access key, even if there is not a shortcut key bound to that
element. While here, fix conflicting assignment to 'R' on the 'options'
tab (between "Renewable Until" and "Automatic Ticket Renewal") by
making "Automatic Ticket Renewal" use 'T'. Microsoft's UI recommendations
seem to say that access keys should be easy to locate when searching
through the menu, and thus using the first letter of the first or
second word is advisable.
The Ribbon XML Reference seems to indicate that these elements should
be "keytip" elements, but MSVS creates "keys" elements, which seem
to work, whereas "keytip" does not. Apparently 'F' is standard for
the application button menu (which contains exit). Access keys work
somewhat poorly for us in this menu, as they appear on top of the text
of the menu items, since we have no icons here.
Ben Kaduk [Mon, 3 Dec 2012 17:25:07 +0000 (12:25 -0500)]
Leave 'OK' button visible in Leash AboutBox
The AboutBox dialog as specified in the resource file is larger than
the one we display; the dialog init routine marks several things as
non-visible, moves the 'OK' button up to where the now-invisible items
were, and shrinks the dialog's bounding rectangle.
However, the edit boxes containing copyright and version information
seem to always present as being on top of the 'OK' button, and their
background causes the button to appear almost invisible with the current
repositioning.
To keep the 'OK' button visible, reduce the amount that it is moved
(and the amount the dialog is shrunk) so that the button does not overlap
with the edit box.
Greg Hudson [Wed, 5 Dec 2012 16:42:55 +0000 (11:42 -0500)]
Cross-reference account lockout documentation
Link to the database.rst description of policy objects when talking
about them. Briefly mention the "default" policy. Link to the
kadmin_local.rst description of policy fields when referencing them.
Describe policy fields more briefly, and expand the kadmin_local.rst
descriptions where appropriate.
Zhanna Tsitkov [Fri, 30 Nov 2012 21:54:42 +0000 (16:54 -0500)]
Document key usage assigned number conflict
Document the fact that the key usage type 26 is used by both
KBKRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST and
KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST, while 27 - by
KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY and KRB5_KEYUSAGE_PA_SAM_RESPONSE.
Also, since KRB5_KEYUSAGE_PA_REFERRAL is not actually used in MIT Kerberos
code and is not defined in the latest referrals draft
(http://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-referrals-15)
mark it as "unused".
Zhanna Tsitkov [Thu, 29 Nov 2012 19:01:00 +0000 (14:01 -0500)]
Document param expansion for keytab/ccache names
The DEFCCNAME, DEFCKTNAME and DEFKTNAME configuration options are
subjects to parameter expansion. Also note that this feature
was first introduced in release 1.11.
Greg Hudson [Thu, 29 Nov 2012 06:58:13 +0000 (01:58 -0500)]
Fix spin-loop bug in k5_sendto_kdc
In the second part of the first pass over the server list, we passed
the wrong list pointer to service_fds, causing it to see only a subset
of the server entries corresponding to sel_state. This could cause
service_fds to spin if an event is reported on an fd not in the
subset.
Ben Kaduk [Tue, 20 Nov 2012 23:06:22 +0000 (18:06 -0500)]
Remove last "document not in toctree" warnings
There were two of them, for notice.rst and mitK5license.rst.
The former is included in the latter, which is linked to from
the mitK5features document but not listed in a table of contents
otherwise. Includes are processed unconditionally, so we can
add notice.rst to the exclude_patterns array (formerly unused_docs)
and its content will still be included.
If we attempt to do the same for mitK5license.rst, it is not processed
at all, and the attempt to link to it will fail. Instead, put a dummy
table of contents in the mitK5features document (which links to the
license document), with the "hidden" attribute. This satisfies the
Sphinx need to know where all the input documents are without changing
the displayed table of contents.
Ben Kaduk [Sat, 17 Nov 2012 00:48:55 +0000 (19:48 -0500)]
Render macros as literals
Some convenience macros are referring to and dereferencing pointers,
and Sphinx will get a bit confused trying to interpret this as markup.
There should never be any markup intended to be interpreted in the
value of a macro definition, so we can silence this class of
warnings by treating them as literals. (In some sense, they actually
are literals, too.)
This will cause a warning for macros that only cause a
symbol to be defined, that is, a literal "#define MACRO" with no
initializer, due to the lack of body in the inline-literal markup.
Such macros should probably be added to the exclude list for conversion
to reStructuredText in the Doxygen-Sphinx bridge, as was already
done for KRB5_OLD_CRYPTO. Support code to programmatically omit
macros of this sort is deliberately *not* included, so that explicit
action must be taken when a new macro is to be undocumented.
Also, strip leading and trailing whitespace from the macro name,
since this causes problems with the markup.
Ben Kaduk [Wed, 21 Nov 2012 16:31:06 +0000 (11:31 -0500)]
Exclude lists for doxygen API docs
Doxygen will pick up every function, macro, and typedef defined
in krb5.h; some of these may not actually be part of the public
API for one reason or another. Provide hardcoded exclude lists
for macro/function/type names for which we do not want to emit
reStructuredText documentation, and check these lists when processing
the Doxygen XML output.
Seed these lists with the macros TRUE, FALSE, KRB5_OLD_CRYPTO,
KRB5_GENERAL__, KRB5_CALLCONV, KRB5_CALLCONV_C, KRB5_CALLCONV_WRONG,
KRB5INT_BEGIN_DECLS, KRB5INT_END_DECLS, and KRB5_ATTR_DEPRECATED,
and typedefs krb5_cc_ops and krb5_responder_context. The booleans
are compatibility cruft that we do not want to advertise, and the other
macros are for internal use for signalling and platform compatibility.
The typedefs are functioning just as forward declarations.
For consistency, remove KRB5_OLD_CRYPTO.rst from the macros index; it
had no content even when we did generate it.
Ben Kaduk [Thu, 15 Nov 2012 21:27:57 +0000 (16:27 -0500)]
Handle adjacent notes from doxygen more correctly
The Doxygen documentation seems to claim that adjacent @note entries
will be collapsed into a single "note" element, as separate paragraphs.
This seems to be reflected in the XML output: multiple <para> entries
in a single <simplesec kind="note"> with a <simplesecsep/> element
between them.
Our XML-to-RST converter gets the entire contents of the simplesec
element, parsed into a unicode string with a single newline between
paragraphs. Paragraphs seem to always start with two spaces, though
I have not tracked down the origin of this behavior. Prior to this
commit, we would just output this entire unicode string directly.
Since our template puts a tab character before the note string, this
means that the first paragraph is indented by a tab and two spaces,
and the second paragraph by just two spaces. Sphinx warns about this,
as "block did not end with blank line; unexpected whitespace", and
the paragraphs are indented differently within the note.
Fix the warning by checking for newlines in the interior of the
parsed unicode string, and introducing the appropriate whitespace
for the Sphinx parser.
Ben Kaduk [Wed, 14 Nov 2012 18:44:08 +0000 (13:44 -0500)]
Fix overflowing cell in HTML table
sphinx-build defaults to the 'tabulary' environment for tables,
but uses regular 'tabular' for those involving literal blocks,
since tabulary does not handle them properly. It seems that this
deficiency of tabulary also applies to inline literals, which
are rendered as \code{} sections by the latex builder.
Fortunately, sphinx provides a workaround to force a particular
column specification for the table.
The requirement for a table:: statement after the tabularcolumns::
statement is very poorly documented.
Ben Kaduk [Tue, 20 Nov 2012 18:13:12 +0000 (13:13 -0500)]
Update doxygen markup in krb5.hin
A few places were using the standard C /* comment */ form, but
this is rendered poorly by doxygen through to our Sphinx bridge.
Use the special /**< comment */ form to get doxygen-specific behavior.
If the standard C comment form is used, the full comment (including
start and end markers) is included in the value of the macro, and
Sphinx then tries to treat the end of the comment as the start of
inline markup with no corresponding end-string, which is a warning.
Using the doxygen form of the comment, the contents of the comment
are put in a separate paragraph block, which is inserted in the
body of the generated RST document.
The markup for krb5_rd_priv() had a line that ended with an @c
markup statement without a symbol following it. This confused
doxygen into not parsing any more of the comment. The beginning
of the next line is a macro identifier with markup to auto-linkify it.
In RST, it is not possible to have a link and a terminal font on the
same text, so removing the @c is the appropriate fix.
There are also eleven deprecated functions which are replaced by
the krb5_c_* family of functions. However, referring to this class
of functions as the "krb5_c_" class of functions results in Sphinx
attempting to interpret this statement as a link to a label elsewhere
in the document, and no such label exists. To avoid this warning, use
"krb5_c_*" to refer to the class of functions, which is arguably
more correct anyways.
Ben Kaduk [Mon, 19 Nov 2012 21:36:56 +0000 (16:36 -0500)]
Make krb5_trace_info a typedef
Our doxygen-to-sphinx documentation bridge only processes typedefs
and not structure definitions, since we almost universally use
typedefs for our data structures. krb5_trace_info is the sole
exception, so bring it into the fold.
Zhanna Tsitkov [Mon, 26 Nov 2012 21:45:08 +0000 (16:45 -0500)]
Move Release tag into footer for Sphinx HTML
The current position of the Release tag is in the body of the main page
of the Sphinx html. Move it to the footer. This way the release number
can be viewed from every page.
Tom Yu [Mon, 26 Nov 2012 21:01:23 +0000 (16:01 -0500)]
Remove .doctrees when cleaning src/doc
Sphinx produces .doctree pickles that can be over 17MB with the
current documentation. Remove them when running "make clean" in
src/doc so that they don't pollute distribution tar files.
Zhanna Tsitkov [Wed, 21 Nov 2012 19:45:44 +0000 (14:45 -0500)]
Update feature list in the documentation
In Quick facts section:
- restructure the Supported platforms section;
- do not tie KfW to 1.11 release;
- move references to GSS-API extensions to Feature list table.
In Feature list section:
- reformat the table;
- move PRNG and Pre-auth mechanisms into their own tables;
- clarify GS2 feature description;
- reference rfc6680 for GSS-API naming extensions.
Lowercase the words in the title of the document.
Greg Hudson [Sun, 25 Nov 2012 22:53:02 +0000 (17:53 -0500)]
Remove broken clean_hostname trace messages
The trace messages in krb5int_clean_hostname were outputting the
entire contents of the output buffer (mostly uninitialized garbage)
into the trace log. Since these messages were essentially redundant
with messages in the callers, and were arguably at too low of a level
to begin with, simply remove them.
Greg Hudson [Tue, 20 Nov 2012 17:33:14 +0000 (12:33 -0500)]
Reword krb5_unparse_name_ext doxygen markup
Avoid using asterix characters in the documentation for
krb5_unparse_ext_name, since they get intepreted as markdown
punctuation when translated to RST.
Ben Kaduk [Thu, 27 Sep 2012 16:46:26 +0000 (12:46 -0400)]
Make kinit smarter about using keytabs
Previously, we would happily accept -i or -t name and do nothing
with it, if -k was not given. If the user is passing -i or -t, they
clearly want to use a keytab, so do so (but print a warning).
While here, enforce that only one of -t and -i is given.
Ben Kaduk [Fri, 16 Nov 2012 22:05:23 +0000 (17:05 -0500)]
Rebuild krb5.conf.man for default enctypes
Now that the Camellia enctypes are in the default lists for
permitted_enctypes, default_tkt_enctypes, and default_tgs_enctypes,
regenerate the man page to reflect that change.
Greg Hudson [Wed, 14 Nov 2012 21:49:33 +0000 (16:49 -0500)]
Add Camellia enctypes to default enctype lists
Add camellia256-cts-cmas and camellia128-cts-cmac to the default
permitted_enctypes, default_tkt_enctypes, and default_tgs_enctypes
lists, to simplify deployment of Camellia. The new enctypes still
aren't on supported_enctypes, so won't be in the set of long-term keys
for principals without administrator intervention.
Ben Kaduk [Wed, 17 Oct 2012 00:11:14 +0000 (20:11 -0400)]
Make glue for building PDFs
sphinx-build's latex output engine creates a subdirectory with
various latex files, and a Makefile. The generated Makefile assumes
gmake, which we do not. The logic needed in this makefile is rather
simple, so we just include it in src/doc/Makefile.in, even if we
do need a rather complicated shell expression to work in the subdirectory.
projects / thirdparty / krb5.git / log
