Greg Hudson [Tue, 16 Nov 2010 18:14:43 +0000 (18:14 +0000)]
Tweak derive_random_sp800_108_cmac to supply the bit length of the
output to the PRF instead of the byte length, for better conformity to
the NIST document.
Greg Hudson [Sat, 6 Nov 2010 00:02:13 +0000 (00:02 +0000)]
After a failed kdb5_util load, make a subsequent load operation work
by removing the remnant temporary files after obtaining a lock. To
make this safe, the private contract for temporary DB creation and
promotion had to be altered, along with many of the DB2 internal
helper functions.
Greg Hudson [Thu, 4 Nov 2010 21:27:03 +0000 (21:27 +0000)]
Further kdb_db2 code cleanup: make gen_dbsuffix return a
krb5_error_code to simplify error handling in callers, and discard the
db_lf_time field which was set but never used.
Greg Hudson [Tue, 2 Nov 2010 17:21:28 +0000 (17:21 +0000)]
Clean up the DB2 KDB module code a bit, making it more conformant with
current coding practices. Mostly namespace changes, but also simplify
krb5_db2_destroy().
Greg Hudson [Tue, 26 Oct 2010 19:36:58 +0000 (19:36 +0000)]
FILE keytabs have been able to handle write operations since krb5 1.7,
as an apparently unintended side effect of r20594. Clean up the code
by combining the identical resolve functions for FILE and WRFILE, and
removing the code to set up a WRFILE default keytab name in kadmin.c.
Also fixes a slight display bug; k5test.py needs to be adjusted to
expect the correct output.
Greg Hudson [Tue, 26 Oct 2010 17:18:22 +0000 (17:18 +0000)]
Add a kg_encrypt_inplace() utility function to the krb5 GSS mech, and
use it where we do in-place encryption of checksums in the non-CFX
seal tokens with raw DES enctypes. Avoids a harmless but incorrect
in-place memcpy().
Greg Hudson [Tue, 26 Oct 2010 14:17:38 +0000 (14:17 +0000)]
Set *conf_state on successful return from
gss_krb5int_make_seal_token_v3_iov, fixing a case where it wasn't
always set by gss_wrap_iov. Patch from aberry@likewise.com.
Greg Hudson [Mon, 25 Oct 2010 21:55:54 +0000 (21:55 +0000)]
When we create a temporary memory ccache for use within a
krb5_gss_cred_id_rec, set a flag to indicate that the ccache should be
destroyed rather than closed. Patch from aberry@likewise.com.
Greg Hudson [Mon, 25 Oct 2010 19:37:03 +0000 (19:37 +0000)]
In acquire_init_cred in the GSS krb5 mech, don't intern cred->name,
since it's not used as an output parameter. Fixes a memory leak.
Reported by aberry@likewise.com.
Greg Hudson [Sat, 23 Oct 2010 00:38:17 +0000 (00:38 +0000)]
Better libk5crypto NSS fork safety
Use SECMOD_RestartModules() from the forthcoming NSS 3.12.9 release to
make the libk5crypto back end work after a fork. Add a test program
to exercise fork detection in the NSS back end. Add a configure-time
version check to ensure that we're using NSS 3.12.9 or later.
Sam Hartman [Tue, 19 Oct 2010 19:57:56 +0000 (19:57 +0000)]
configure.in: don't force use of cache
Back when hardware was slower and we had lots and lots of
imakefile-like configure scripts, forcing the use of config.cache made
sense for performance reasons. Now that we have one configure script
and we build on modern hardware, config.cache just introduces errors
as you are debugging changes to the configure script.
This commit stops second guessing autoconf's cache handling.
Greg Hudson [Tue, 19 Oct 2010 19:08:38 +0000 (19:08 +0000)]
Remove KDC replay cache
Now that SAM1 support has been removed, the KDC does not need a replay
replay cache. Remove all code within USE_RCACHE and associated support.
Rename --disable-kdc-replay-cache to --disable-kdc-lookaside-cache.
Tom Yu [Thu, 14 Oct 2010 22:49:11 +0000 (22:49 +0000)]
copyright notice updates
Update copyright.texinfo. Move full copyright notices to appendices
of documentation. New rules to generate top-level NOTICE file from
copyright.texinfo. Regenerate NOTICE file.
Sam Hartman [Wed, 13 Oct 2010 01:19:14 +0000 (01:19 +0000)]
Fix leaks in get_init_creds interface
In Debian Bug 598032, Bastian Blank points out that there are two
leaks in the get_init_creds interface:
* Free ctx->request->padata after sending the KDC request so it is not
overwritten the next time around the loop.
* If options is NULL passed into krb5_get_init_creds_init, then set up
a non-extended options structure so that krb5_get_init_creds_free will
free the options.
Greg Hudson [Thu, 7 Oct 2010 17:49:44 +0000 (17:49 +0000)]
Performance issue in LDAP policy fetch
Instead of performing a tree search to fill in the refcnt field of a
policy object whenever a policy is fetched, set the refcnt to 0 and
perform a check when policies are deleted.
Tom Yu [Tue, 5 Oct 2010 21:05:19 +0000 (21:05 +0000)]
CVE-2010-1322 KDC uninitialized pointer crash in authorization data handling (MITKRB5-SA-2010-006)
When the KDC receives certain TGS-REQ messages, it may dereference an
uninitialized pointer while processing authorization data, causing a
crash, or in rare cases, unauthorized information disclosure, ticket
modification, or execution of arbitrary code. The crash may be
triggered by legitimate requests.
Correctly implement the filtering of authorization data items to avoid
leaving uninitialized pointers when omitting items.
Greg Hudson [Tue, 5 Oct 2010 14:53:09 +0000 (14:53 +0000)]
Propagate modprinc -unlock from master to slave KDCs
Create a new tl-data type to hold the time of the last administrative
unlock, and factor it into decisions about account lockout. Since
tl-data values are propagated from master to slave, this will cause
modprinc -unlock operations to reach slave KDCs on the next
propagation.
Zhanna Tsitkov [Tue, 5 Oct 2010 03:18:22 +0000 (03:18 +0000)]
Improves prng code modularity. Introduces fortuna-like prng that can be used in lieu of yarrow.
Yarrow stays the default prng while fortuna may be engaged during configuration by using "--with-prng-alg=fortuna" flag.
Also, nss crypto backend continues to use its own prng.
Greg Hudson [Sat, 2 Oct 2010 11:48:06 +0000 (11:48 +0000)]
In the krb5_kuserok implementation, fix an unintentional type change
to "gobble" (was an int, was accidentally changed to a char) which
could result in an infinite loop.
Ken Raeburn [Sat, 2 Oct 2010 03:29:34 +0000 (03:29 +0000)]
Try to require function declarations for GCC, as we already do for the
Sun compiler.
Change the cache variable name construction to distinguish "=" from
"-" in option names. Prefer -Werror-implicit-function-declaration
over -Werror=implicit-function-declaration since in some versions of
GCC only the former works properly.
Sam Hartman [Fri, 1 Oct 2010 17:12:26 +0000 (17:12 +0000)]
Remove support for the old pa-sam-challenge and pa-sam-response
preauth type per discussion on krbdev. The pa-sam-challenge-2 code
remains in the client.
Greg Hudson [Fri, 1 Oct 2010 03:47:38 +0000 (03:47 +0000)]
A cleaner impleentation of r24399 which adds two new auth context APIs
(and is therefore less suitable for backporting to 1.8) but doesn't
reach inside the auth context structure in the krb5 mechanism code.
Greg Hudson [Fri, 1 Oct 2010 03:45:43 +0000 (03:45 +0000)]
GSSAPI forwarded credentials must be encrypted in session key
When IAKERB support was added, the krb5_mk_req checksum function
gained access to the send subkey. This caused GSSAPI forwarded
credentials to be encrypted in the subkey, which violates RFC 4121
section 4.1.1 and is not accepted by Microsoft's implementation.
Temporarily null out the send subkey in the auth context so that
krb5_mk_ncred uses the session key instead.
Use a different construction for defaulting ks_tuple and n_ks_tuple in
the libkadm5 server principal routines, to avoid repeated conditional
expressions.
Follow-on to r24258: initialize the new k5e1 error table where we
initialize the krb5 error table, and add initialize_k5e1_error_table
to the libkrb5 exports list for consistency with the other error
tables.
projects / thirdparty / krb5.git / log
