Ken Raeburn [Fri, 23 Jan 2009 18:04:08 +0000 (18:04 +0000)]
hash db2 code breaks if st_blksize > 64k
The hash db code assumes in places that the block size is no larger
than 64K. There's a range check in the case where you don't have a
file but provide initialization info. The btree code will cap the
block size used at 64K.
Apparently Sun's ZFS can report back a block size of 128K, causing the
db2 tests to fail.
Add such a cap to the hash db creation code.
Note that our default configuration is to use the btree code when
creating a new database, so it's unlikely that this will cause
real-world problems unless someone went out of their way to specify
use of the hash format.
Ken Raeburn [Fri, 23 Jan 2009 00:46:46 +0000 (00:46 +0000)]
Include cksumtypes.h from aead.h to get struct krb5_cksumtypes (moved
in rev 21753).
Protect cksumtypes.h from multiple inclusions.
Update dependencies.
Ken Raeburn [Thu, 15 Jan 2009 23:22:53 +0000 (23:22 +0000)]
Make enctype and checksumtype name mapping table types private to the
crypto library. Add a field for aliases to the record type so that
aliases don't have to be implemented by duplicating all the other
information.
Ken Raeburn [Thu, 15 Jan 2009 19:15:22 +0000 (19:15 +0000)]
Fix an additional multiple-write case noted by John, where sendauth
calls write_message twice in a row.
Add new function krb5int_write_messages, calls krb5_net_writev with
multiple messages (currently only two at a time). Use it from
krb5_write_message and krb5_sendauth.
Greg Hudson [Thu, 15 Jan 2009 19:11:45 +0000 (19:11 +0000)]
Rework the replay cache extensions to make the hash extension records
stand alone. Otherwise, reordering of records during an expunge could
cause the hash to be applied to the wrong record.
Also add an "expunge" option to the t_replay program, and clean up some
memory-handling inconsistencies.
Ken Raeburn [Thu, 15 Jan 2009 00:59:27 +0000 (00:59 +0000)]
Add new routine krb5int_net_writev using scatter-gather source.
Use it from krb5_net_write to ensure testing and reduce duplication.
Use it from krb5_write_message to avoid Nagle+DelayedAck problem.
Ken Raeburn [Wed, 14 Jan 2009 23:36:04 +0000 (23:36 +0000)]
If we have a local UDP socket without the PKTINFO option set, it's
bound to a local address, so use getsockname to extract the local
(destination) address.
Ken Raeburn [Wed, 14 Jan 2009 21:29:10 +0000 (21:29 +0000)]
If recv_from_to is passed a buffer for the local endpoint address,
clobber it before doing anything else, just in case we can't retrieve
the address and the caller blindly uses the buffer anyways.
Ken Raeburn [Wed, 14 Jan 2009 20:05:09 +0000 (20:05 +0000)]
Merge some very simple points of divergence in the two copies of network.c -- enum ordering, whitespace,
duplicate macro definitions, unused code, 0 vs NULL...
Russ Allbery [Wed, 14 Jan 2009 00:29:04 +0000 (00:29 +0000)]
Force tickets acquired by the kadm5 client library via password
authentication to be non-forwardable and non-proxiable, overridding
any [libdefaults] configuration. This may be necessary at sites that
set forwardable to true by default in their krb5.conf files but
disable forwardable tickets for privileged principals. Since the
ticket cache acquired by the kadm5 client library is used only for
kadmin operations, where forwardable is not useful or necessary, there
is no reason to ever attempt to obtain forwardable or proxiable tickets
here.
Sam Hartman [Tue, 13 Jan 2009 22:57:42 +0000 (22:57 +0000)]
Patch from Luke Howard to:
* Accept both CFX and non-CFX tokens all the time on acceptor
* Only produce an acceptor subkey if you are using cfx or dce or negotiating up to cfx
Additional changes from Sam Hartman:
* do not assume that the ticket key type (server key) is a valid target for negotiation: the client may not support it.
Ezra Peisach [Tue, 13 Jan 2009 19:43:18 +0000 (19:43 +0000)]
FreeBSD compiler errors out on an error "zero or negative size array"
after setting up an array with no elements.
ifdef out array declarations and code that uses it until there are entries.
Affects: krb5_gss_inquire_cred_by_oid_ops and
krb5_gss_set_sec_context_option_ops which would return an error in any
case as here are no entries in the arrays.
Sam Hartman [Mon, 12 Jan 2009 21:03:02 +0000 (21:03 +0000)]
Remove gss_export_name_object and gss_import_name_object.
These are not standard interfaces, are not used by our tree
and were added because they might be useful but ended up not being used.
The stubs in gssapi.hin remain as they were shipped with previous releases.
Sam Hartman [Mon, 12 Jan 2009 19:59:16 +0000 (19:59 +0000)]
Patch from Luke Howard:
Previously when using the kdb keytab, there was a check to confirm that the server
was supported as a server and that attackers
could not force an enctype downgrade.
Add these to kdc_get_server_key
Sam Hartman [Mon, 12 Jan 2009 19:43:07 +0000 (19:43 +0000)]
Restore behavior of returning KRB5APP_ERR_BAD_INTEGRITY from
preauth methods.
This creates a problem for Windows clients, but not doing it creates a problem for MIT clients.
Today our KDC is more likely to be used with MIT clients, but we need to examine this issues in more detail.
Greg Hudson [Mon, 12 Jan 2009 18:29:42 +0000 (18:29 +0000)]
Add message hash support to the replay interface, using extension
records (with an empty client string) to retain compatibility with old
code. For rd_req, the ciphertext of the authenticator (with no ASN.1
wrapping) is hashed; for other uses of the replay cache, no message
hash is used at this time.
This commit adds a command-line tool for testing the replay cache but
does not add any automated tests.
Sam Hartman [Wed, 7 Jan 2009 18:13:30 +0000 (18:13 +0000)]
kdb/keytab.c: map KRB5_KDB_NO_MATCHING_KEY to KRB5_KT_KVNONOTFOUND.
At least in cases other than tgts, this code handles its own enctype matching, so kvno not found is the only
thing that produces the no matching key error.
Sam Hartman [Tue, 6 Jan 2009 23:44:56 +0000 (23:44 +0000)]
Ksu should call krb5_verify_init_creds instead of using its own function.
This was prompted by a desire for ksu to work without a domain_realm mapping for the local server, but the duplication of code is bad anyway.
Greg Hudson [Tue, 6 Jan 2009 20:24:09 +0000 (20:24 +0000)]
In kadmin, remove a bunch of checks for handle being NULL (some old,
some introduced by the last rev) when it is known from context that
handle is not NULL.
Ken Raeburn [Mon, 5 Jan 2009 20:27:53 +0000 (20:27 +0000)]
move generated dependencies out of Makefile.in
Move automatically-generated dependencies into separate files in the
source tree, and take the data out of Makefile.in.
Keep the "make depend" rules for stripping out the dependencies from
Makefile.in, in case some optional directories were missed, but
everything that builds on my UNIX build has been converted.
(Converting a directory just requires creating an empty "deps" file so
that config.status can build the makefile, and then later running
"make depend" in that directory to get the correct content for it.)
Change configure scripts to incorporate the "deps" file when building
each Makefile. This change requires the existence of a file "deps" in
each source directory where we build a makefile, even if there are no
sources for which to compute dependencies; a switch to GNU make would
let us conditionalize that, but we can assess that later.
Update dependencies for the generate Makefile itself to list the deps
file.
This will also require some minor tweaking of the Windows build, to
make it incorporate the new deps file.
Sam Hartman [Sat, 3 Jan 2009 23:20:35 +0000 (23:20 +0000)]
Remove support for setting a client flag indicating pkinit is used on the db entry.
I'm reasonably sure that this would belong in a pkinit plugin not in do_as_req.c.
Also, the flag should be documented to indicate what it means--client attempted pkinit? Client succeeded in using pkinit?
I also wonder whether you want a mechanism for a db plugin to figure out all the padata or fast factors that a request is using.
Note that this flag will need to be added back by at least one vendor.
Sam Hartman [Sat, 3 Jan 2009 23:20:31 +0000 (23:20 +0000)]
xrealm_non_transitive not trust_non_transitive
Kerberos does not imply trust in the existence of a cross-realm key.
Trust is implied when a foreign principal is placed on an ACL: the remote realm
is trusted to authenticate that principal and is trusted
not to confuse one principal with another.
Keep terminology consistent.
Sam Hartman [Sat, 3 Jan 2009 23:20:26 +0000 (23:20 +0000)]
Remove flags that do not correspond to behavior we support
non_ms_principal would need to be phrased in terms of what behavior is being changed, not client OS.
The pkinit flag would need to be better documented
Sam Hartman [Sat, 3 Jan 2009 23:19:42 +0000 (23:19 +0000)]
Merge mskrb-integ onto trunk
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Tom Yu [Wed, 31 Dec 2008 17:25:25 +0000 (17:25 +0000)]
Set auth_context's rcache to NULL after destroying and before calling
krb5_auth_con_free, to avoid crashing when krb5_rc_close tries to run
using a destroyed rcache handle.
Ezra Peisach [Mon, 29 Dec 2008 17:39:29 +0000 (17:39 +0000)]
Add gssrpcint.h to contain prototype for gssrpcint_printf. Include
gcc printf attribute if supported. Include header file and fix up some
of the debugging printf arguments.
Greg Hudson [Mon, 29 Dec 2008 17:12:54 +0000 (17:12 +0000)]
Revert r21589, and export krb5_get_fallback_host_realm instead
Rationale: Zephyr and AFS both use the Kerberos realm name as the
name of the service realm (AFS realm or Zephyr galaxy). AFS can grab
the Kerberos realm from the ticket being aklogged, but Zephyr is not
necessarily getting credentials at all (you could be sending an
unauthenticated message), and currently finds its answer by looking
up the realm of the server host. Although we can't currently provide
an accurate result for this lookup in the presence of referrals, we do
need to provide enough tools to get as good of an answer as libzephyr
could have gotten before referrals went in.
Ezra Peisach [Mon, 29 Dec 2008 13:37:20 +0000 (13:37 +0000)]
Create a private header file for local functions missing prototypes.
Fix a number of warnning suggesting parenthesis.
Fix a signed/unsigned warning.
Update dependencies.
Greg Hudson [Wed, 24 Dec 2008 18:48:00 +0000 (18:48 +0000)]
Clean up krb5_get_fallback_host_realm in two respects:
1. It isn't exported from libkrb5 (and no one seems to complain about
that). So give it a krb5int_ name and move its declaration to
k5-int.h. Also stop exporting it from the collected client lib.
2. It returned a list of realms, but its only caller assumes that the
list contains exactly one realm. So just make it return a single
realm.
Greg Hudson [Wed, 24 Dec 2008 16:51:33 +0000 (16:51 +0000)]
Add a new fallback host-to-realm heuristic to try the components of the
hostname as domains. The heuristic is off by default and is controlled
by the realm_try_domains variable under libdefaults.
Based on a patch submitted by Mark Phalan from Sun.
projects / thirdparty / krb5.git / log
