For a very long time, KDCs have known how to perform a domain-based
realm walk when serving requests for TGTs. (So if a KDC for A.B.C
receives a request for krbtgt/X.B.C and doesn't have that principal,
it can return one for krbtgt/B.C instead.) Performing the same
heuristic on the client is unnecessary and inefficient in common
cases.
Add a new function k5_client_realm_path to walk_rtree.c which uses
capaths values only, and returns a list of realms (as desired by
get_creds.c) instead of TGT names.
If krb5_encrypt_helper returns an error, it's not the caller's
responsibility to free enc_data.ciphertext, and in one case (if
krb5_c_encrypt_length returns an error) it won't have been
initialized.
Remove CFLAGS and external deps from krb5-config --libs
r15217 apparently intended to prune $(CFLAGS) from the --libs output,
but actually substituted in the value from the invoker's environment.
Actually prune it.
Don't output external dependencies like -lresolv or -ldl in
krb5-config --libs. We already don't generate output suitable for
static linking because we omit -lkrb5support, and there is no
expectation that bringing in the krb5 API also brings in the resolv or
dl APIs for the application.
We still output internal dependencies and a com_err dependency; for
instance, e.g. krb5-config --libs gssapi outputs a dependency on -lkrb5
and -lk5crypto, which is inappropriate for a program using only GSSAPI
interfaces. Removing internal dependencies would likely break callers
who have come to depend on them, especially as we've never correctly
supported things like "krb5-config --libs gssapi krb5" for a program
using multiple APIs.
Move static function prototypes from header to individual file so header
can be used in other files without warning of function defined but never
declared.
Several of the u.tcp fields were also used for RPC connections. The
overlap between u.tcp.addr_s and u.rpc.closed could confuse
free_socket() into causing a null pointer dereference inside
svc_getreqset().
This change allows the "special" salt type to be used in
supported_enctypes or in the argument to kadmin's cpw -e. If used,
kadmind will pick a salt consisting of 64 random bits represented as
16 printable ASCII characters. The use of random explicit salts
creates some interoperability issues and is not generally recommended,
but can be useful for interop testing, as a workaround for obscure
bugs, or to increase the difficulty of brute-force password searches
in situations where none of the interoperability issues apply.
Sam Hartman [Wed, 21 Sep 2011 18:40:09 +0000 (18:40 +0000)]
Reordered pkinit_server_return_padata(), so that the alg-agility
KDF can be called after the reply is encoded, as it needs the
encoded reply as one of its arguments. Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25217 dc483132-0cff-0310-8789-dd5450dbe970
The new pkinit encoders for hash agility are in the library export
list (whereas older encoders are invoked via the accessor), so we need
to provide stubs for them if we're building without pkinit support.
Move asn1_decode_kdf_alg_id and asn1_decode_sequence_of_kdf_alg_id
inside the #ifndef DISABLE_PKINIT block; otherwise they reference a
nonexistent asn1_decode_kdf_alg_id_ptr when PKINIT is disabled.
Sam Hartman [Mon, 19 Sep 2011 00:59:29 +0000 (00:59 +0000)]
Fix x64 compile issues: remove bufferoverflowu.lib; this is obsolete
as of VS2005SP1. Use undecorated _DllMainCRTStartup as entry point
instead of _DllMainCRTStartup@12
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25207 dc483132-0cff-0310-8789-dd5450dbe970
Sam Hartman [Mon, 19 Sep 2011 00:58:48 +0000 (00:58 +0000)]
Protect autoconf #defines (HAVE_FOO, et al) in win-mac.h with #ifdef KRB5_PRIVATE add -DKRB5_PRIVATE to CPPFLAGS in win-pre.in and to ALL_CXXFLAGS and ALL_CFLAGS in pre.in
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> Signed-off-by: Sam Hartman <hartmans@debian.org>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25199 dc483132-0cff-0310-8789-dd5450dbe970
Sam Hartman [Mon, 19 Sep 2011 00:58:38 +0000 (00:58 +0000)]
Remove the ticket from the pkinit-alg-agility KDF function, to match
agreed changes to the IETF specification. Includes removing a parameter from
the KDF function, removing the ticket from the ASN.1 encoder, and updating
the test code. Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25197 dc483132-0cff-0310-8789-dd5450dbe970
Sam Hartman [Mon, 19 Sep 2011 00:34:57 +0000 (00:34 +0000)]
implementation of new function and test program for pkinit agility.
Implementation of pkinit_alg_agility_kdf() function to implement the
key derivation function defined in draft-ietf-krb-wg-pkinit-alg-agility-04,
and implementation of pkinit_kdf_test program to test the new KDF
against the test vector in the draft.
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25191 dc483132-0cff-0310-8789-dd5450dbe970
Sam Hartman [Mon, 19 Sep 2011 00:34:52 +0000 (00:34 +0000)]
Added underlying ASN.1 structures for pkinit algorithm agility
Signed-off-by: Margaret Wasserman <mrw@painless-security.com>
tested-by: Sam Hartman <hartmans@debian.org>
fixes-from: Sam Hartman <hartmans@debian.org>
Sam Hartman [Mon, 19 Sep 2011 00:34:48 +0000 (00:34 +0000)]
In pkinit_crypto_openssl.c, modified pkinit_octetstring2key() to
eliminate a possible memory leak in the error path, where the
key_block->length was set to zero but the key_block->contents were
not freed. Also, changed calloc() call to a malloc() call to avoid
allocating up to 8 times as much buffer space as needed.
In keyblocks.c, modified kr5_free_keyblock_contents() to set the
key->length to zero after the key->contents have been freed.
Sam Hartman [Mon, 19 Sep 2011 00:34:40 +0000 (00:34 +0000)]
asn1_encode.{c,h}: support DEFOCTETWRAPTYPE
Support a way of defining a type that indicates that the DER encoding
of some other type is wrapped inside an octet string in a produced
encoding. To support this, support encoding of tagged things where
the class is not constructed; in this case it will be primitive.
Ken Raeburn [Sun, 18 Sep 2011 09:43:25 +0000 (09:43 +0000)]
Add invocations of AC_LANG_SOURCE to deal with autoconf 2.68 warning
messages. Verified to produce the same configure script (under
autoconf 2.68 on Mac OS X) as before.
This avoids a race condition where a child reports "starting..." and
begins to service requests before the monitor is ready to handle
termination signals. Really only an issue for the test suite. From
npmccallum@redhat.com.
When we build with the internal verto, we include verto-k5ev.h in
order to create loops. When we build with the system verto, we don't
include that header file. Add depfix logic and pre.in variables to
avoid depending on verto-k5ev.h for a system verto build.
When we have conditionally built bundled source, we need logic in
depfix.pl and variables in pre.in to avoid depending on the bundled
verto.h in generated dependencies. Add that logic for verto.
Tom Yu [Wed, 7 Sep 2011 21:31:48 +0000 (21:31 +0000)]
Fall back to EV_USE_SELECT
ev.c explicitly disables poll() on Mac and FreeBSD, which left our
standalone version without any working back ends on Mac OS X, for
example. Fall back to using select() on these platforms.
Now that we're not using dynamic loading for libverto-k5ev, we don't
need to use hard links for liblinks, and using them would interfere
with an AFS build tree.
Give libverto-k5ev a header file. When using the internal verto
library, link against -lverto-k5ev and use verto_default_k5ev()
instead of verto_default(), bypassing the module loading logic and
making static builds possible.
cred could be used uninitialized if krb5_timeofday() failed. defcred
had the wrong type. kg_cred_resolve() should be used instead of
krb5_gss_validate_cred() to do delayed name/ccache resolution and get
a lock.
For default credentials, defer ccache resolution until we need the
information. If this happens in init_sec_context when we have the
target principal in hand, use krb5_cc_select() to pick a cache. If
the target principal is not known, use the default cache.
For credentials with a specified principal, use krb5_cc_cache_match()
to find the cache. If no cache is found and a password is specified,
create a new cache within the collection to hold the new credentials,
if the default cache type supports a collection.
The interface has two built-in modules. The realm module guesses a
cache based on the server realm if it is known. The k5identity module
(Unix only) chooses a client principal based on rules in a .k5identity
file in the user's homedir.
* "kdestroy -A" destroys all caches in collection.
* "kinit princ" searches the collection for a matching cache and
overwrites it, or creates a new cache in the collection, if the
type of the default cache is collection-enabled. The chosen cache
also becomes the primary cache for the collection.
* "klist -l" lists (in summary form) the caches in the collection.
* "klist -A" lists the content of all of the caches in the collection.
* "kswitch -c cache" (new command) makes cache the primary cache.
* "kswitch -p princ" makes the cache for princ the primary cache.
Do not yield any default caches in the top level cccol implementation.
In the FILE type, yield the default cache if it exists and is of type
FILE, instead of yielding the set of open file caches.
* krb5_cc_get_full_name retrieves the full type:name of a cache.
* krb5_cc_switch makes a cache the primary cache.
* krb5_cc_cache_match searches the collection for a client principal.
* krb5_free_string releases a string (for the krb5_cc_get_full_name
result).
All of these are from Heimdal except for krb5_free_string (Heimdal uses
krb5_xfree).
The DIR ccache type supports a collection of credential caches within
a private directory (which must be created out of band). One cache is
designated as primary at any given time. Setting the default cache
name to DIR:dirname will cause caches within dirname to be present in
the global cache collection.
verto uses dladdr() to figure out where it should look for modules,
and dladdr may or may not follow symlinks. Hard links ensure that it
always looks in the directory where liblinks are, allowing it to find
the verto-k5ev module.
Make symlinks within the lib directory for .so and .so.X instead of
symlinking those back to the library build directory.
Ken Raeburn [Mon, 5 Sep 2011 01:58:48 +0000 (01:58 +0000)]
Instead of passing a 0 to add_new_mkey for kvno and leaving
new_mkey_kvno (used when stashing) uninitialized, use get_next_kvno to
set the latter to the only non-zero value that add_new_mkey will
accept.
Ken Raeburn [Mon, 5 Sep 2011 01:22:03 +0000 (01:22 +0000)]
Fix "may be used uninitialized" warnings in db2 code, even though all
such cases appear to be safe. This will permit making
uninitialized-variable messages fatal.
Ken Raeburn [Mon, 5 Sep 2011 01:21:55 +0000 (01:21 +0000)]
Silence various "may be used uninitialized" warnings from GCC caused
by it not figuring out the control flow (initialization and use both
tied to some other variable).
projects / thirdparty / krb5.git / log
