Greg Hudson [Sat, 11 Aug 2012 04:17:50 +0000 (00:17 -0400)]
Stop misusing gss_release_buffer in test programs
Use free() instead of gss_release_buffer() when freeing the locally
allocated context_token in the sample gss-server program. Use
gssalloc_free() instead of free when freeing buffers in
t_kgss_kernel.c (where we can't use gss_release_buffer).
Greg Hudson [Sat, 11 Aug 2012 04:16:25 +0000 (00:16 -0400)]
Stop misusing gss_release_buffer in libgssrpc
Use free() instead of gss_release_buffer() when freeing buffers in
libgssrpc which weren't constructed by GSSAPI. This mixing is
harmless in normal configurations (since libgssrpc is only used on
Unix), but fails with DEBUG_GSSALLOC.
Greg Hudson [Sat, 11 Aug 2012 04:13:05 +0000 (00:13 -0400)]
Use gssalloc in more parts of GSSAPI
Fix some GSSAPI buffer allocations which were missed in 800358b1790ef82710af0b6021c6ff2dca2b0de7: gss_export_sec_context,
gss_display_name, and IAKERB and SPNEGO token construction.
Greg Hudson [Sat, 11 Aug 2012 04:05:24 +0000 (00:05 -0400)]
Add debug mode to gssapi_alloc.h
Because the gssalloc macros are normally equivalent to malloc and free
on Unix, we cannot use the full test suite to find cases where we
allocate with malloc and free with gssalloc_free or vice versa.
Provide a way to test for this kind of bug (if only in a special build
configuration) by supporting a DEBUG_GSSALLOC symbol, which causes the
gssalloc wrappers to be deliberately incompatible with malloc and
free.
Greg Hudson [Fri, 10 Aug 2012 17:04:06 +0000 (13:04 -0400)]
Add tests for gss_inquire_cred
Now that we're doing a kind of deferred credential acquisition for
krb5, the behavior of gss_inquire_cred is a bit more subtle because
(per RFC 2743 section 2.1.4) we have to choose a credential cache or
acceptor name sooner than we would otherwise do so. Add a C program
to invoke gss_acquire_cred/gss_inquire_cred and some Python tests
using it.
Simo Sorce [Mon, 6 Aug 2012 20:11:17 +0000 (16:11 -0400)]
Remove gss_mechanism_ext
This function did not serve any useful purpose. Remove it and the
special case it creates; move the only function it contained to the
main gss_mechanism structure where it belongs. Note that the function
name is preserved so that loadable modules are not affected by this
change.
Greg Hudson [Tue, 7 Aug 2012 04:54:46 +0000 (00:54 -0400)]
Fix memory leak parsing name with default realm
After 74beb75bb07e3921d10c8eec05eacb1f393e5e44, allocate_princ()
allocates a one-byte realm field even if the principal doesn't have
one, so if we're replacing it with the default realm, we need to free
that.
Benjamin Kaduk [Thu, 19 Jul 2012 17:37:04 +0000 (13:37 -0400)]
Fix HTML rendering of long-form options
We at present only have long-form options for configure, the scope
of the change is somewhat limited. Our SmartyPants config for Sphinx
causes these options to appear as prefixed with an en dash, instead
of the two hyphens that demarcate the (GNU-style) long-form options.
Using a different type of markup for command options could work around
this, but that would be a much larger patch.
Instead, apply a workaround in the markup for display purposes, which
makes the source a bit more ugly but the output correct.
Man page output is unaffected.
This patch was automatically generated with:
git grep -- -- doc/rst_source | grep -v -- --- | cut -d ':' -f 1
| uniq | xargs sed -i '' -e 's/\*\*--\([a-zA-Z]\)/**-**\\ **-\1/g'
and manually reviewed for correctness.
Ben Kaduk [Mon, 16 Jul 2012 16:21:09 +0000 (12:21 -0400)]
Remove dash from man page rst source
This page gets rendered for the web with Sphinx but is also turned
into the krb5_conf.5 manual page. We need to use three-hyphen
em dashes for the Sphynx config, but those are a bit long for
monospace terminal output. Since the dash here can easily be
changed to a comma, do so, and avoid the conflict of formatting.
Ben Kaduk [Tue, 3 Jul 2012 15:41:56 +0000 (11:41 -0400)]
Use '---' for em dashes in rst source
Our sphinx configuration uses SmartyPants, which produces smart
quotes and dashes in HTML output, using '--' for en dash and
'---' for em dash. (This is also the LaTeX convention.)
These points in the text are meant to be em dashes, so format them
as such. Also standardize on no spaces around the dash per
Chicago Manual of Style (and others).
Simo Sorce [Thu, 7 Jun 2012 16:54:43 +0000 (12:54 -0400)]
Pass the actual mech oid in creds functions
This way the mechanism handler knows what mech type is intended.
This allows plugin that implement multiple mechanisms or interposer
plugins to know what they are being asked to do.
Simo Sorce [Mon, 6 Aug 2012 19:41:27 +0000 (15:41 -0400)]
Always consider desired_mechs empty in spnego (2)
Follow previous change to add_cred_from.
The only case where the spnego gss_*_cred_* functions can be called
with specific OIDs is if the mechglue calls spnego with the spengo
oid, which we never want to loop on anyway. So always consider it as
null, it's the correct behavior with current semantics.
Simo Sorce [Tue, 12 Jun 2012 18:46:24 +0000 (14:46 -0400)]
Always consider desired_mechs empty in spnego
The only case where the spnego gss_aquire_cred function can be called
with specific OIDs is if the mechglue calls spenego with the spengo
oid, which we never want to loop on anyway. So always consider it as
null, it's the correct behavior with current semantics.
Kevin Wasserman [Wed, 1 Aug 2012 22:30:02 +0000 (18:30 -0400)]
Fix oid set construction in gss_inquire_cred()
Use gssapi calls to construct the oid sets. It is not safe on windows
to use malloc to hand-construct the set and then call gss_release_oid_set()
to clean it up.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7227 (new)
tags: pullup
Greg Hudson [Thu, 2 Aug 2012 05:27:47 +0000 (01:27 -0400)]
Change default client keytab name
Change the default client keytab name, if not overridden at build
time, to FILE:$localstatedir/krb5/user/%{euid}/client.keytab.
Introduce a second file from the autoconf archives in order to
recursively expand $localstatedir within configure.in.
* Fix the substhtml target in src/doc/Makefile.in
* Don't add FILE: when substituting the default keytab and client
keytab names, as the defaults already have it.
Tom Yu [Wed, 1 Aug 2012 02:45:08 +0000 (22:45 -0400)]
Fix KDC heap corruption vuln [CVE-2012-1015]
Fix KDC heap corruption vulnerability [MITKRB5-SA-2012-001
CVE-2012-1015]. The cleanup code in
kdc_handle_protected_negotiation() in kdc_util.c could free an
uninitialized pointer in some error conditions involving "similar"
enctypes and a failure in krb5_c_make_checksum().
Additionally, adjust the handling of "similar" enctypes to avoid
advertising enctypes that could lead to inadvertent triggering of this
vulnerability (possibly in unpatched KDCs).
Note that CVE-2012-1014 (also described in MITKRB5-SA-2012-001) only
applies to the krb5-1.10 branch and doesn't affect the master branch
or releases prior to krb5-1.10.
* fscanf field widths must be less than the buffer size, not equal to
it.
* Check for negative values of lengths we're going to allocate.
* Eliminate a warning in the comparison of the regexp end offset.
* process_r1_8 policy doesn't actually ignore additional values, so
get rid of the comment and inequality test suggesting that it does.
Use a helper function add_policy_mods() in
krb5_ldap_create_password_policy() and krb5_ldap_put_password_policy()
to avoid duplicating code for each field.
Corrections to stuff noticed by kaduk:
* Eliminate a space before paren in a call to free().
* Use %lu for unsigned long in format strings.
* Simplify the tokens table definition.
* Add DEFCCNAME, DEFKTNAME, and DEFCKTNAME configure variables to
change the built-in ccache and keytab names.
* Add krb5-config options to display the built-in ccache and keytab
names.
* In the default build, use krb5-config to discover the system's
built-in ccache and keytab names and use them (if not overridden).
This can be controlled with the --with-krb5-config=PATH or
--without-krb5-config configure options.
* Make the built-in ccache name subject to parameter expansion.
Generalize the ccache collection tests in t_cccol.py to multiple kinds
of ccache tests, and rename it to avoid confusion with the lower-level
lib/krb5/ccache/t_cccol.py. Move a test from t_general.py into
t_ccache.py.
Eliminate the USE_CCAPI variant of get_from_os() which was only used
in KfM. Make get_from_os() allocate its result (wrapping the Windows
implementation so it can continue to use a fixed-size buffer).
Simplify krb5_cc_set_default_name() and krb5_cc_default_name(). Make
some minor style adjustments.
Add an adapted version of Heimdal's expand_path.c, defining
k5_expand_path_tokens() and k5_expand_path_tokens_extra(). These
functions allow template paths like %{TEMP}/krb5cc_%{uid} to be
resolved. Also add a test program to exercise the path expansion
code.
Simo Sorce [Fri, 2 Mar 2012 23:27:49 +0000 (18:27 -0500)]
Introduce credential store extensions
Add new APIs gss_acquire_cred_from, gss_add_cred_from, and
gss_store_cred_into, which take additional argments to specify the
location of the credential storage using a key-value map, where keys
are interpreted by the mechanisms.
In combination with -k, -i will cause kinit or klist to use the
default client keytab instead of the default acceptor keytab. This
gives an easy way to figure out what default client keytab name is in
use and to get credentials using it.
wshelper is clearly not intended to use unicode:
wprintf is used extensively and exclusively to write to char[] buffers and
fields in dns structs are used as explicitly ASCII text.
Kevin Wasserman [Wed, 6 Jun 2012 22:22:22 +0000 (18:22 -0400)]
KFW win-mac.h fixes
kfw: add int16_t, uint16_t typedefs to win-mac.h
uint16_t is used in chpw.c
include stdlib.h, crtdbg.h in win-mac.h
Allows leak-tracking using built-in msvc tools on windows.
crtdbg.h needs to come _after_ stdlib.h, but _before_ checking for
strdup. Define DEBUG and CRTDBG_MAP_ALLOC for full tracking.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7204 (new)
tags: pullup
Ben Kaduk [Fri, 29 Jun 2012 18:33:20 +0000 (14:33 -0400)]
Sync configure options with configure
We should try to stay coupled with the actual configure options, as
documented by 'configure --help'.
Remove an option which is no longer present and add several that
were missing.
Ben Kaduk [Fri, 29 Jun 2012 18:13:05 +0000 (14:13 -0400)]
Only list --enable-dns-for-realm once
If we list something as "commonly used", we seem to not also
list it with the rest of the options. This has the advantage
of not requiring us to remember to update two things for future
changes, but the disadvantage of requiring users to look in two
places for options. Stick with the prevailing form for now.
Ben Kaduk [Fri, 29 Jun 2012 18:10:07 +0000 (14:10 -0400)]
Sort configure options
Stick to the order of 'configure --help' for most sections, but
sort environment variables alphabetically (since, e.g.,
configure --help does not list CPPFLAGS and there is not a good
way to add that).
Note that this does not add or remove any content, even though
some options are missing/extra.
Ben Kaduk [Wed, 27 Jun 2012 18:35:30 +0000 (14:35 -0400)]
Cleanup docs for DNS lookup configure options
DNS lookups for KDCs have been unconditionally enabled in
configure since 2003; configure options only affect whether
DNS lookups are used for realm names.
Change the RST documentation of configure options to catch up.
projects / thirdparty / krb5.git / log
