Will Fiveash [Fri, 30 Jan 2009 20:07:37 +0000 (20:07 +0000)]
Implemented kdb5_util purge_meys
Fixed a number of memleaks where the master key list was refetched.
Modified the initial actkvno TL entry to set the act_time to 0 in case
the kdc's clock is moved back after the initial entry is created. This
way the initial mkey will always be active.
Ken Raeburn [Thu, 29 Jan 2009 23:47:47 +0000 (23:47 +0000)]
When listing master key versions, if none of them appears to be active
(can currently happen in certain time-warp cases), print a message to
that effect and keep going with the listing.
Greg Hudson [Thu, 29 Jan 2009 19:07:52 +0000 (19:07 +0000)]
Implement krb5_db_store_master_key_list.
Make "kdb5_util stash" store the full master key list.
Make "kdb5_util stash" use a preexisting stashed key if available.
Will Fiveash [Thu, 29 Jan 2009 00:08:12 +0000 (00:08 +0000)]
Fix an issue Ken noted with the kdb5_util dump -mkey_convert logic
Also tweaked the add_mkey code to call krb5_dbe_update_mkvno to update
the mkvno stored in the K/M princ so the kadmin getprinc will output the
right value.
Will Fiveash [Wed, 28 Jan 2009 20:15:53 +0000 (20:15 +0000)]
Add code to refetch master key list if the matching mkey to decrypt a
princ isn't found on the current mkey list. This is useful if the mkey
princ has a new key but the running krb5kdc/kamind was started prior to
that.
Fix another issue related to nentries and krb5_db_get_principal() in
kdb5_mkey.c.
Will Fiveash [Tue, 27 Jan 2009 20:24:37 +0000 (20:24 +0000)]
More review changes:
If I use "kdb5_util dump -mkey_convert" after using the master key rollover
support, does something reasonably sane happen? E.g., process all the old
keys properly, leave just one new master key value in the output database,
reset the mkvno values attached to principals, etc.
Done. Note I may have to update the dump code to deal with the
various mkey input options which I'll do in a follow on commit.
Also note that I removed the locking around the krb5_db2_alloc and
free functions.
Will Fiveash [Tue, 27 Jan 2009 04:16:26 +0000 (04:16 +0000)]
More review changes:
Have both LDAP and DB2 back ends been tried with Will's new code? Looks
like some default routines like kdb_def_get_mkey_list won't do anything; is
that okay?
Done but not tested.
"XXX" comments in kdc/extern.h and elsewhere need to be looked into,
obviously.
Will Fiveash [Mon, 26 Jan 2009 21:42:23 +0000 (21:42 +0000)]
Restore krb5_free_key_data_contents() as it was in
src/lib/kadm5/misc_free.c and rename the version of that function in
kdb5.c to krb5_dbe_free_key_data_contents. Eventually this needs to be
consolidated somewhere.
Will Fiveash [Mon, 26 Jan 2009 19:24:03 +0000 (19:24 +0000)]
Work to address some of Ken's review comments. This doesn't address all
of his issues so there will be a follow up commit.
The type krb5_keylist_node shouldn't go into krb5.hin, as it's not part of
the library (or any other) public API. Maybe k5-int.h as a catch-all, if
there's not a more appropriate internal header?
Done.
Can we avoid moving krb5_free_key_data_contents, which deals with a data
structure used only in the KDC-related libraries, into libkrb5 and
k5-int.h? (Exception: The libkrb5 asn.1 code does encode/decode the data
structure and thus may allocate it. But I think we can assume the same C
runtime for kadm5srv/kdb and krb5 libs, so it's kind of okay. And the
asn.1 setup should be "modularized" at some point, so the ldap support can
move out into the ldap kdb plugin.) I think it can probably go into
libkdb?
Done.
If possible, k5-int.h shouldn't include kdb.h, so updating kdb.h doesn't
cause recompilation of (for example) all of the crypto library code.
Done.
After printing "master keys for principal", if enctype_to_string fails, we
haven't set retval to the error code but use it anyways. Later, asprintf
isn't checked for failure.
Done.
Some cases of indentation not matching MIT style, in particular,
continuation lines in function calls being indented four columns instead of
indented to make function arguments line up.
Done.
krb5_dbe_lookup_mkvno, krb5_dbe_lookup_mkey_aux, krb5_dbe_lookup_actkvno
need to verify lengths before decoding data.
Done.
kdb5_add_mkey should use the "zap" macro on key data instead of memset
before directly freeing it; some compilers (one reference I found mentions
the Microsoft C++ .NET compiler) may optimize away scribbles over storage
about to be freed, leaving the values to be retained in core dumps or
uninitialized heap allocations, and "zap" is intended to be where we dump
any necessary hacks to defeat that. Similarly for any other places where
key data is stored (e.g., within tl_data).
Done.
krb5_dbe_update_actkvno (and probably elsewhere in our existing code): Note
that failure in realloc (NULL return when size is nonzero) leaves the old
storage un-freed. So "x=realloc(x,sz)" is a good way to leak memory if
reallocation fails, since you no longer have a handle on the orignial "x".
Will Fiveash [Fri, 23 Jan 2009 19:57:08 +0000 (19:57 +0000)]
Merge with head of trunk. Pulled in Ken's fix for db2 hash bug on
filesystems whose record size is > 64K. All make check tests pass on my
Solaris test system using ZFS with recordsize=128K.
Will Fiveash [Thu, 22 Jan 2009 19:48:38 +0000 (19:48 +0000)]
Change the name of the krb5_dbe_act_mkey_list function to
krb5_dbe_act_key_list to indicate it is a generic function of use on any
princ. I also modified the process_tgs_req function to use the
master_keylist and look up the proper mkey when decrypting the server
key.
Will Fiveash [Wed, 21 Jan 2009 22:30:56 +0000 (22:30 +0000)]
Modified krb5_db_fetch_mkey() to use the enctype in the stash file.
After making this modification 917 dejagnu tests pass (did not see any
failures on my Solaris test system).
Will Fiveash [Wed, 21 Jan 2009 01:22:44 +0000 (01:22 +0000)]
Made a change to the code reading the mkey stash to use the enctype
stored in the stash instead of overriding that with what is set in the
gobal parameter. This allows a stashed mkey's enctype to differ from
the current mkey stored in the K/M princ. I also updated
krb5_def_fetch_mkey_list() to avoid a crash when trying to decrypt data
encrypted with a des-cbc-crc key with a aes-128 key.
Will Fiveash [Tue, 20 Jan 2009 22:52:29 +0000 (22:52 +0000)]
More bug fixes. There were several bugs in the existing new commands.
At this point the add_mkey, use_mkey and list_mkeys commands appear to
work generally. I've noticed however that specifying a non-default
enctype when using add_mkey and stashing the result (add_mkey -e
aes128-cts-hmac-sha1-96 -s) causes problems when the new mkey is fetched
from the stash file. I'll fix this in another commit.
Will Fiveash [Tue, 13 Jan 2009 01:17:16 +0000 (01:17 +0000)]
Added kdb5_util list_mkeys command, cleaned up some code formatting
(removed hard tabs), added logic to add default actkvno tl_data when
creating a new mkey princ.
Will Fiveash [Fri, 9 Jan 2009 20:11:57 +0000 (20:11 +0000)]
First commit. This project is not completely finished (the list_mkeys,
purge_mkeys, sync_stash and update_princ_encryption still need to be
written) so the purpose of this commit is to allow early review of the
addition of support for > 1 master key and the "active" master keylist.
This commit does not include any changes required to sync this level of
the branch with the current level of the trunk. That will follow this
commit.
Justin Anderson [Fri, 3 Oct 2008 15:56:54 +0000 (15:56 +0000)]
Only close windows in response to fini messages from clients.
Only center the windows the first time they are shown for a client.
Improve the math on the NSRect sent to -[NSWindow setFrame:] so dialog windows don't jump around the screen and the title bar stays in the same place.
Refactor repeated view swapping code to -[AuthenticationController swapView:].
Justin Anderson [Thu, 2 Oct 2008 03:48:48 +0000 (03:48 +0000)]
Make Enter Identity dialog have one auto-completing, auto-validating text field for principals drawn from KIM's list of favorites.
Changed options for a favorite identity get saved out to kim_preferences.
Make unset strings in kim_options and kim_selection_hints
be empty strings rather than NULL. This simplifies the
stream code (and makes it easier to read and debug).
In order to prevent copying tons of NUL bytes around,
special case kim_string functions to use a special
constant kim_empty_string.
Justin Anderson [Wed, 1 Oct 2008 20:38:26 +0000 (20:38 +0000)]
Update enterIdentity handler to support passing and setting ticket options.
Readded ticket options sheet to Enter Identity dialog.
Added helper methods to convert between kim_option and NSDictionary.
Justin Anderson [Tue, 30 Sep 2008 19:13:30 +0000 (19:13 +0000)]
Check for null saved password in kim_ui_prompter. Just because kim_os_get_saved_password didn't return an error doesn't mean it successfully got a password
Support legacy KerberosAgent preference for save passwords
and a new preference in the KIM preferences.
Updated test harness for save password arguments.
UI should lazy init so that init and fini are only called if one
of the UI calls is called. The problem is that when you call
krb5_get_init_creds_* you don't know if it will call the prompter
or not. (It won't if the password is saved in the keychain or
if pkinit succeeds.)
Create common stream and ipc layer for CCAPI and KIM.
Will switch CCAPI to this new code later though, so as
not to destabilize KfM and the Windows builds.
Renamed kim_identity_get_components to kim_identity_get_components_string
to better reflect what it does (a string of everything but the realm, not
an array of components like the old name might imply).
Added private functions which will be used by KLL to shim on top of KIM.
Private functions also reduce memory allocations inside of KIM.
projects / thirdparty / krb5.git / log
