Sam Hartman [Wed, 28 Sep 2011 20:54:49 +0000 (20:54 +0000)]
if krb5_get_default_config_files() returns success and
an empty list, then get_profile_file() will attempt
to dereference a null pointer. check for the empty
list and treat it as failure.
Sam Hartman [Wed, 28 Sep 2011 20:54:45 +0000 (20:54 +0000)]
If the KRB5CCNAME variable gets set to the empty string
there will be no credential cache and the automatic credential
cache detection will be skipped. Ensure that the KRB5CCNAME
variable is not set to an empty string by us. If it was set
to the empty string by someone else, unset it.
Sam Hartman [Wed, 28 Sep 2011 20:54:41 +0000 (20:54 +0000)]
miscellaneous leash32.dll corrections
do not build leash32.dll with MessageBox() calls. Doing
so produces a library that on error must display a dialog
box to the end user. If this library is called from a
service (via gssapi32.dll) the service will block forever
while awaiting the dialog box to clear.
LeashKRB5GetTickets() treats krbv5Context as an in/out variable.
If the caller does not provide a krb5_context, one will be allocated.
It is up to the caller to ensure that the context is eventually freed.
A context can be returned even if the function returns an error.
Make sure that 'ctx' and 'cache' are properly initialized so that
it is possible to tell the difference. Do not free the context if
it was locally allocated.
In acquire_tkt_no_princ() do not set the KRB5CCNAME environment
variable if 'ccname' is an empty string.
For a very long time, KDCs have known how to perform a domain-based
realm walk when serving requests for TGTs. (So if a KDC for A.B.C
receives a request for krbtgt/X.B.C and doesn't have that principal,
it can return one for krbtgt/B.C instead.) Performing the same
heuristic on the client is unnecessary and inefficient in common
cases.
Add a new function k5_client_realm_path to walk_rtree.c which uses
capaths values only, and returns a list of realms (as desired by
get_creds.c) instead of TGT names.
If krb5_encrypt_helper returns an error, it's not the caller's
responsibility to free enc_data.ciphertext, and in one case (if
krb5_c_encrypt_length returns an error) it won't have been
initialized.
Remove CFLAGS and external deps from krb5-config --libs
r15217 apparently intended to prune $(CFLAGS) from the --libs output,
but actually substituted in the value from the invoker's environment.
Actually prune it.
Don't output external dependencies like -lresolv or -ldl in
krb5-config --libs. We already don't generate output suitable for
static linking because we omit -lkrb5support, and there is no
expectation that bringing in the krb5 API also brings in the resolv or
dl APIs for the application.
We still output internal dependencies and a com_err dependency; for
instance, e.g. krb5-config --libs gssapi outputs a dependency on -lkrb5
and -lk5crypto, which is inappropriate for a program using only GSSAPI
interfaces. Removing internal dependencies would likely break callers
who have come to depend on them, especially as we've never correctly
supported things like "krb5-config --libs gssapi krb5" for a program
using multiple APIs.
Move static function prototypes from header to individual file so header
can be used in other files without warning of function defined but never
declared.
Several of the u.tcp fields were also used for RPC connections. The
overlap between u.tcp.addr_s and u.rpc.closed could confuse
free_socket() into causing a null pointer dereference inside
svc_getreqset().
This change allows the "special" salt type to be used in
supported_enctypes or in the argument to kadmin's cpw -e. If used,
kadmind will pick a salt consisting of 64 random bits represented as
16 printable ASCII characters. The use of random explicit salts
creates some interoperability issues and is not generally recommended,
but can be useful for interop testing, as a workaround for obscure
bugs, or to increase the difficulty of brute-force password searches
in situations where none of the interoperability issues apply.
Sam Hartman [Wed, 21 Sep 2011 18:40:09 +0000 (18:40 +0000)]
Reordered pkinit_server_return_padata(), so that the alg-agility
KDF can be called after the reply is encoded, as it needs the
encoded reply as one of its arguments. Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25217 dc483132-0cff-0310-8789-dd5450dbe970
The new pkinit encoders for hash agility are in the library export
list (whereas older encoders are invoked via the accessor), so we need
to provide stubs for them if we're building without pkinit support.
Move asn1_decode_kdf_alg_id and asn1_decode_sequence_of_kdf_alg_id
inside the #ifndef DISABLE_PKINIT block; otherwise they reference a
nonexistent asn1_decode_kdf_alg_id_ptr when PKINIT is disabled.
Sam Hartman [Mon, 19 Sep 2011 00:59:29 +0000 (00:59 +0000)]
Fix x64 compile issues: remove bufferoverflowu.lib; this is obsolete
as of VS2005SP1. Use undecorated _DllMainCRTStartup as entry point
instead of _DllMainCRTStartup@12
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25207 dc483132-0cff-0310-8789-dd5450dbe970
Sam Hartman [Mon, 19 Sep 2011 00:58:48 +0000 (00:58 +0000)]
Protect autoconf #defines (HAVE_FOO, et al) in win-mac.h with #ifdef KRB5_PRIVATE add -DKRB5_PRIVATE to CPPFLAGS in win-pre.in and to ALL_CXXFLAGS and ALL_CFLAGS in pre.in
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25199 dc483132-0cff-0310-8789-dd5450dbe970
Sam Hartman [Mon, 19 Sep 2011 00:58:38 +0000 (00:58 +0000)]
Remove the ticket from the pkinit-alg-agility KDF function, to match
agreed changes to the IETF specification. Includes removing a parameter from
the KDF function, removing the ticket from the ASN.1 encoder, and updating
the test code. Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25197 dc483132-0cff-0310-8789-dd5450dbe970
Sam Hartman [Mon, 19 Sep 2011 00:34:57 +0000 (00:34 +0000)]
implementation of new function and test program for pkinit agility.
Implementation of pkinit_alg_agility_kdf() function to implement the
key derivation function defined in draft-ietf-krb-wg-pkinit-alg-agility-04,
and implementation of pkinit_kdf_test program to test the new KDF
against the test vector in the draft.
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25191 dc483132-0cff-0310-8789-dd5450dbe970
Sam Hartman [Mon, 19 Sep 2011 00:34:52 +0000 (00:34 +0000)]
Added underlying ASN.1 structures for pkinit algorithm agility
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
tested-by: Sam Hartman <hartmans@debian.org>
fixes-from: Sam Hartman <hartmans@debian.org>
Sam Hartman [Mon, 19 Sep 2011 00:34:48 +0000 (00:34 +0000)]
In pkinit_crypto_openssl.c, modified pkinit_octetstring2key() to
eliminate a possible memory leak in the error path, where the
key_block->length was set to zero but the key_block->contents were
not freed. Also, changed calloc() call to a malloc() call to avoid
allocating up to 8 times as much buffer space as needed.
In keyblocks.c, modified kr5_free_keyblock_contents() to set the
key->length to zero after the key->contents have been freed.
Sam Hartman [Mon, 19 Sep 2011 00:34:40 +0000 (00:34 +0000)]
asn1_encode.{c,h}: support DEFOCTETWRAPTYPE
Support a way of defining a type that indicates that the DER encoding
of some other type is wrapped inside an octet string in a produced
encoding. To support this, support encoding of tagged things where
the class is not constructed; in this case it will be primitive.
Ken Raeburn [Sun, 18 Sep 2011 09:43:25 +0000 (09:43 +0000)]
Add invocations of AC_LANG_SOURCE to deal with autoconf 2.68 warning
messages. Verified to produce the same configure script (under
autoconf 2.68 on Mac OS X) as before.
This avoids a race condition where a child reports "starting..." and
begins to service requests before the monitor is ready to handle
termination signals. Really only an issue for the test suite. From
npmccallum@redhat.com.
When we build with the internal verto, we include verto-k5ev.h in
order to create loops. When we build with the system verto, we don't
include that header file. Add depfix logic and pre.in variables to
avoid depending on verto-k5ev.h for a system verto build.
When we have conditionally built bundled source, we need logic in
depfix.pl and variables in pre.in to avoid depending on the bundled
verto.h in generated dependencies. Add that logic for verto.
Tom Yu [Wed, 7 Sep 2011 21:31:48 +0000 (21:31 +0000)]
Fall back to EV_USE_SELECT
ev.c explicitly disables poll() on Mac and FreeBSD, which left our
standalone version without any working back ends on Mac OS X, for
example. Fall back to using select() on these platforms.
Now that we're not using dynamic loading for libverto-k5ev, we don't
need to use hard links for liblinks, and using them would interfere
with an AFS build tree.
Give libverto-k5ev a header file. When using the internal verto
library, link against -lverto-k5ev and use verto_default_k5ev()
instead of verto_default(), bypassing the module loading logic and
making static builds possible.
projects / thirdparty / krb5.git / log
