Ken Raeburn [Tue, 5 Aug 2008 22:15:34 +0000 (22:15 +0000)]
error in socket number range check in kdc
Fix off-by-one error in checking that socket file descriptor numbers
are in range suitable for an fd_set. Also, don't do the check if we
should someday happen to get compiled on Windows.
Ken Raeburn [Sat, 2 Aug 2008 06:36:49 +0000 (06:36 +0000)]
Make more uses of load/store_32_be/le, which on x86 at least expands
to a single unaligned load/store instruction, instead of open-coding
the shifts and masks.
Ken Raeburn [Sat, 2 Aug 2008 06:24:55 +0000 (06:24 +0000)]
Use krb5int_random_string, load_32_be, load_16_be, store_32_be, and
store_16_be. Change krb5_krcc_unparse_int32 to call
krb5_krc_unparse_ui_4 and reduce duplicated code.
Use krb5_get_error_message instead of error_message for
detailed krb5 error strings. Also removed a few remaining
instances of types ending in _t and fixed up some
whitespace issues.
In the gss rpc package, replace the type used for a
socket on Windows with SOCKET (instead of int) and
replace all calls to close() that are used to close
sockets with closesocket().
src/include/port-sockets.h includes the definitions
of SOCKET and closesocket() for non-Windows systems.
The NIM error reporting functions (in src/windows/identity/kherr ) keep
track of the the error message with the highest severity level that was
reported for a specific error reporting context. However, if another
error message of the same severity is reported, the error message being
tracked will be updated to be the newly received error.
The user will often only be notified of the error message that was
tracked for a specific operation. Therefore, tracking the last message
with the highest priority has the unfortunate side-effect of not
reporting the cause of a failure.
This patch changes the condition for updating the tracked error message
to be the first message with the highest severity.
This patch modifies the NIM Kerberos v5 plug-in to use the
krb5_get_error_message() function to look up the error string
if the call to krb5_get_init_creds_password() fails. If the call
to krb5_get_error_message() fails, the caller will failover to
the previous method of looking up a suitable error message based
on the error code.
The /src/windows/identity/plugins/common/dynimport.{c,h} files are used
by the NIM Kerberos v5 plug-ins for run-time dynamic linking. They
currently do not declare or import the following functions:
This patch adds declarations and definitions required for locating these
functions. Relies on the addition of these functions to the prototype
list in the Pismere loadfuncs-krb5.h. See ticket 6045.
The behavior of the HDN_ENDTRACK notification has changed slightly on
Vista. HDM_GETITEMRECT, when used while handling HDN_ENDTRACK, returns
the item extents that were there prior to the user starting the resizing
operation. Earlier it would return the extents that resulted from the
resizing operation.
This resulted in a visual update problem on Windows Vista/2008
in the NIM Advanced View.
This patch addresses the issues raised in this ticket and ticket 5936
(a) In the case where 'cred_handle' != 'verifier_cred_handle'[1]
krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success
case and the failure cases that result in returning from the function
prior to reaching the end of the function.
(b) The meaningful 'minor_status' return value is destroyed during the
cleanup operations.
The approach taken is to add a new 'exit:' label prior to the end of the
function through which all function returns after reaching the 'fail:'
label will goto. After 'exit:', the 'cred_handle' will be released and
if there is a krb5_context 'context' to be freed, the error info will be
saved and krb5_free_context() will be called.
In the success case, the krb5_context is saved in the gss context and we
now set 'context' to NULL to prevent it from being freed.
In order to preserve the minor_status return code, a 'tmp_minor_status'
variable is added that is used after the 'fail:' label in calls to
krb5_gss_delete_sec_context() and krb5_gss_release_cred().
[1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to
the value of 'verifier_cred_handle'.
kadm5_decrypt_key(). This patch prevents the returned keyblock's
enctype from being coerced to the requested 'ktype' if the requested
'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored".
There are two mutex locking issues that Roland Dowdeswell noticed in
the memory ccache. The first one is in cc_memory.c:krb5_mcc_initialize().
When it is free(3)ing the existing credentials it does not lock the
data structures and hence two separate threads can run into issues.
The same problem exists in cc_memory.c:krb5_mcc_destroy().
All of the other libraries on Windows have fixed assignments
of ordinals to the exported functions. Assign the ordinals
that were in use in the last public release, kfw 3.2.2, so
that they will remain constant into the future in case additional
exports are added to the library.
Ken Raeburn [Mon, 21 Jul 2008 18:39:34 +0000 (18:39 +0000)]
When reading from the routing socket, only provide enough space for
the header and ignore the rest of the message. Don't complain about
message size as long as we got the bits of the header we care about.
ccdefault.c:
krb5_cc_default_name() is permitted to return a NULL
pointer as a valid output. Passing a NULL pointer to
strcmp() will result in an exception as NULL is not
a valid input parameter to strcmp().
Save the output of krb5_cc_default_name() to a variable
and modify the conditional to set the new default ccache
name in the case where there is no existing default
ccache name.
Ken Raeburn [Sun, 20 Jul 2008 21:07:41 +0000 (21:07 +0000)]
Don't set LOCAL_SUBDIRS in many places and SUBDIRS in a few and
default SUBDIRS to LOCAL_SUBDIRS via pre.in. Instead, just set
SUBDIRS in each directory, and don't do anything in pre.in.
Ken Raeburn [Fri, 18 Jul 2008 06:45:34 +0000 (06:45 +0000)]
On systems with struct rt_msghdr, open a routing socket and wait for
messages; when they come in, if the types suggest a possibility of
network interface reconfiguration, shut down the KDC's networking and
bring it back up again, rescanning the interfaces in the process.
Leaving the ticket open because it should be improved:
* It should only close down sockets on addresses we no longer have, and
bring up sockets only on new addresses.
* If we have IPV6_PKTINFO support, it should only listen for IPv4
routing changes.
* If we also have IP_PKTINFO support, it shouldn't be used at all.
* If we build a KDC on a system with neither struct rt_msghdr nor
IP_PKTINFO (do we have any such?), we'll need another solution.
Thanks to Nico Williams for the routing socket suggestion, and Apple
for the initial (signal-driven) reconfiguration code.
Ken Raeburn [Tue, 15 Jul 2008 23:57:03 +0000 (23:57 +0000)]
r1926@ken-wireless: raeburn | 2008-07-15 16:49:17 -0400
ticket: 5947
status: open
Add a test script for the walk_rtree code, and run some test cases
that exercise the problem reported in RT ticket 5947.
r1927@ken-wireless: raeburn | 2008-07-15 19:55:10 -0400
Some more test cases.
Tom Yu [Tue, 15 Jul 2008 21:43:35 +0000 (21:43 +0000)]
krb5_get_cred_via_tkt() should null out_cred on errors
Helper function krb5_kdcrep2creds(), called from
krb5_get_cred_via_tkt(), should null its output pointer after freeing
allocated memory, to avoid returning an invalid pointer.
ticket: new
tags: pullup
target_version: 1.6.4
component: krb5-libs
Ken Raeburn [Sat, 12 Jul 2008 00:55:18 +0000 (00:55 +0000)]
Use all local addresses except loopback addresses, even if a non-loopback
address appears on a loopback interface. This might happen if that's how
your VPN code makes your local address visible.
Use a variant of Apple's patch, extended to handle the other variations of
local address determination.
CCacheServer crashes iterating over creds which have been destroyed
ccs_list_release was trying to manually delete the iterators with a
broken for loop which skipped iterators. Since the iterators were referenced
by the client, when the client exited it would tell the iterators to release
themselves. The orphaned itertors would attempt to remove themselves from
their list (which had been released) resulting in a crash.
On Fedora 9, glibc 2.8 is used. The kdc code conditionalizes
IPV6_PKTINFO and HAVE_STRUCT_IN6_PKTINFO in a number of places = but
misses two for the struct one.
/usr/include/netinet/in.h conditionalizes struct in6_pktinfo on
__USE_GNU - which I believe implies a gnu libc extension. People on
the net have defined GNU_SOURCE for various things to compile, etc.
I do note that /usr/include/linux/ipv6.h exists with the same definition.
I believe that ipv6 support in the kdc will not work with these changes - but
the tree compiles.
Added support for stash files with a consistent endianness (big endian)
so that one can migrate a KDC from a machine with one endianess to
a machine with the other endianess. Used by Kerberos for Macintosh.
Ken Raeburn [Fri, 27 Jun 2008 04:18:38 +0000 (04:18 +0000)]
fix ktutil listing with timestamp
ktutil's "list -t" option is supposed to show the timestamp stored in
the keytab file. Instead, it shows some random (uninitialized) value,
interpreted as a timestamp.
projects / thirdparty / krb5.git / log
