Sam Hartman [Thu, 26 Feb 2009 20:07:05 +0000 (20:07 +0000)]
Include authenticator and ticket authdata in gss-api
Currently, the GSS-API routines for handling authdata only extract the
authorization data from the ticket, not that from the authenticator.
This is incorrect. Introduce a new function krb5_merge_authadata to
merge two authdata arrays into a newly allocated result array. Use
this function in accept_sec_context.c to include both sets of
authdata.
Greg Hudson [Mon, 23 Feb 2009 20:15:05 +0000 (20:15 +0000)]
In krb5int_generate_and_save_subkey, check the return value of
krb5_crypto_us_timeofday. It can't really fail in practice, but if it
did we'd be passing stack garbage to krb5_c_random_add_entropy.
That's harmless, but poor form.
Greg Hudson [Fri, 20 Feb 2009 19:13:00 +0000 (19:13 +0000)]
In krcp, check the return value when closing the output file after
successfully writing it. close cannot return an error status on most
local filesystems, but can on some network filesystems such as AFS or
NFS.
Ken Raeburn [Thu, 19 Feb 2009 20:51:27 +0000 (20:51 +0000)]
remove obsolete GNU.ORG realm info
Our sample krb5.conf has obsolete info on the GNU.ORG realm; the DNS
entries named don't exist, and AFAIK this hasn't been accurate in
years. (I don't even know if they're currently running a Kerberos
realm.)
Greg Hudson [Tue, 17 Feb 2009 17:32:19 +0000 (17:32 +0000)]
Revert the fopen part of the previous krb5_kuserok change, but keep
the string-handling change. It introduced an unwanted behavior change
when .k5login was detectable but unreadable.
Greg Hudson [Tue, 17 Feb 2009 17:09:35 +0000 (17:09 +0000)]
In krb5_kuserok, just try opening .k5login; don't check ahead of time
whether it looks accessible. Also rewrite the construction of the
.k5login filename to use snprintf instead of strnpy/strncat.
Greg Hudson [Fri, 13 Feb 2009 22:00:47 +0000 (22:00 +0000)]
In tgs_construct_tgsreq, free scratch even if scratch->data is NULL.
(Which probably can't happen, but static analyzers don't know that.)
Also protect scratch from being freed before initialization.
Sam Hartman [Fri, 13 Feb 2009 15:55:32 +0000 (15:55 +0000)]
Implement TGS authenticator subkey usage
Implement support for use of a subkey in the TGS req. This is needed
by FAST TGS support. The interface to krb5_send_tgs changed in order
to gain a subkey output parameter. Since this is a private interface
it was renamed to krb5int_send_tgs and removed from the export list.
* send_tgs.c: generate a subkey and return to caller
* decode_kdc_rep.c: Use subkey keyusage
* gc_via_tkt.c: pass in subkey to decode_kdc_rep
* send_tgs.c: use subkey for encrypting authorization data
Greg Hudson [Thu, 12 Feb 2009 18:21:33 +0000 (18:21 +0000)]
Modify asn12krb5_buf and asn1_do_full_encode to make output parameter
values well-defined on error. Clean up memory handling and an unused
variable in asn1_do_full_encode.
Greg Hudson [Wed, 11 Feb 2009 20:18:43 +0000 (20:18 +0000)]
Ensure we have a free function for every data type we have an ASN.1
decoder for. Export the new free functions, but only declare them
in k5-int.h since they shouldn't be needed by applications. Also
export a couple of encoder and decoder functions not previously
exported.
Greg Hudson [Tue, 10 Feb 2009 19:05:58 +0000 (19:05 +0000)]
In krb5_ccache_internalize: fix resource leaks, fix several cases
where success could be returned on failure, validate the length of the
ccache name, make the value of *argp well-defined on failure, and lay
out the function in a linear style with a cleanup handler.
Greg Hudson [Tue, 10 Feb 2009 18:25:15 +0000 (18:25 +0000)]
In the ccache serialization code, remove some unnecessary checks for
nullity of ccache->ops; we assume a valid ops pointer in neighboring
parts of the code.
Greg Hudson [Tue, 10 Feb 2009 02:01:58 +0000 (02:01 +0000)]
Adjust the structure of krb5_decode.c functions to initialize output
parameters to NULL and not set them to the real values until a
successful return is guaranteed. Also fix get_eoc which was returning
without clean_return.
Greg Hudson [Mon, 9 Feb 2009 21:25:53 +0000 (21:25 +0000)]
Make asn1buf_destroy return void, since it's a free function. In
krb5_encode.c functions, make *code well-defined in case of error,
and clean up some memory leaks.
Greg Hudson [Mon, 9 Feb 2009 18:52:40 +0000 (18:52 +0000)]
Fix possible free of uninitialized value in walk_rtree
In rtree_hier_realms, if the first rtree_hier_tweens call failed, the
cleanup handler would free stweens which had not been initialized.
Initialize ctweens and stweens to NULL in the variable declarations to
make the cleanup handler safe.
Greg Hudson [Mon, 9 Feb 2009 18:35:19 +0000 (18:35 +0000)]
Change contract of krb5int_utf8_normalize and fix memory leaks
Make krb5int_utf8_normalize return a krb5_error_code and always allocate
a structure to be placed in the output parameter. Adjust the function
structure to use a cleanup handler, fixing many memory leaks.
Greg Hudson [Fri, 6 Feb 2009 20:43:44 +0000 (20:43 +0000)]
Memory handling fixes in walk_rtree
In walk_rtree's rtree_hier_tree, don't leak the result of
rtree_hier_realms. In rtree_hier_realms, avoid freeing one too many
krb5_data contents on allocation failure, and use the recommend
pattern to ensure well-defined output parameter values.
Greg Hudson [Fri, 6 Feb 2009 18:40:04 +0000 (18:40 +0000)]
Fix error handling in krb5_walk_realm_tree
rtree_hier_realms was forgetting to assign the return value of
krb5int_copy_data_contents to retval, which would cause a failure to
notice out-of-memory conditions.
Ezra Peisach [Fri, 6 Feb 2009 05:22:34 +0000 (05:22 +0000)]
Do not assume sizeof(bool_t) == sizeof(krb5_boolean)
bool_t is defined as int, krb5_boolean as unsigned int. These are
similar size but someone someday might change the krb5_boolean.
Instead of passing a krb5_boolean * to xdr_bool, implement xdr_krb5_boolean
which keeps the different types separate.
Ken Raeburn [Fri, 6 Feb 2009 01:07:32 +0000 (01:07 +0000)]
remove some redundant or useless qualifiers
Remove some redundant qualifiers specified redundantly multiple times more than once in variable declarations.
Also remove some useless qualifiers in casts and function argument declarations.
Will Fiveash [Thu, 5 Feb 2009 20:57:09 +0000 (20:57 +0000)]
deal with memleaks in migrate mkey project
Ken R. told me that Coverity found several potential memleaks introduced
by the mkey migration project. This addresses those leaks and tweaks
the code formatting in a few places.
Greg Hudson [Thu, 5 Feb 2009 19:59:09 +0000 (19:59 +0000)]
In krb5_rc_io_store, check the return value of krb5int_buf_len as well
as krb5int_buf_data. The length can't be negative if the data is
non-NULL, but Coverity doesn't know that.
Greg Hudson [Thu, 5 Feb 2009 19:50:41 +0000 (19:50 +0000)]
In recvauth_common, initialize ap_option. It can't be used
uninitialized, but you can only deduce that by examining the
relationships between ap_option, problem, and outbuf.
Greg Hudson [Thu, 5 Feb 2009 19:44:35 +0000 (19:44 +0000)]
Change krb5_rc_resolve_type (not a public API) to allocate the rcache
structure. Make output parameter values of krb5_rc_resolve_type and
krb5_rc_default well-defined in case of errors.
projects / thirdparty / krb5.git / log
