| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Also update copyright years.
|
|
Correct three cases where the wrong expression was checked to see if
an allocation function returned null.
[ghudson@mit.edu: commit message, patch splitting]
[tlyu@mit.edu: omit inapplicable lib/kadm/srv/svr_principal.c change]
(back ported from commit a9ee4a040eeacab1d410ff9e4c862484b531c401)
ticket: 7582
version_fixed: 1.10.4
status: resolved
|
|
gssrpc raw services could not work because svcraw_create did not set
svcraw_private after allocating memory for it.
[ghudson@mit.edu: commit message, patch splitting]
(cherry picked from commit 5e3bf4ac6cb02601c5f10c5b2804fd5028c80119)
ticket: 7582 (new)
subject: Minor pointer management patches
|
|
Some versions of clang report an uninitialized variable warning (which
we treat as an error) in process_k5beta_record. Due to the if-ladder
style of the function, uninitialized tmpint values can be copied
around in certain error cases, although the garbage values would be
ultimately ignored. As a minimal fix, initialize the tmpint
variables.
(cherry picked from commit 1b7f7eef8a95bda0135159b2c06a168b56d9f42b)
ticket: 7581 (new)
version_fixed: 1.10.4
status: resolved
|
|
If no_host_referral is set in both [kdcdefaults] and the realm
subsection, we're supposed to concatenate their values. But the logic
in handle_referral_params would overwrite the value with the
non-concatenated realm value. Similar bugs of this nature were fixed
in 639c9d0f5a7c68dc98a2a452abc05ca32443cddf (r22037) but this one was
missed.
(cherry picked from commit 6338d039cbd0b138642e3b123ac58dc802d1d907)
ticket: 7580 (new)
version_fixed: 1.10.4
status: resolved
|
|
gss_str_to_oid wasn't outputting any bytes for a zero-valued arc. It
should output one byte with value 0.
[ghudson@mit.edu: commit message]
(cherry picked from commit 54fa4433df7412267375240aba40959e97ac4fe2)
ticket: 7579 (new)
version_fixed: 1.10.4
status: resolved
|
|
(cherry picked from commit 74bee54227deb64a41c2e79f57dd2a2c5ea010a3)
ticket: 7578 (new)
version_fixed: 1.10.4
status: resolved
|
|
Don't dereference a null pointer when cleaning up.
The KDC plugin for PKINIT can dereference a null pointer when a
malformed packet causes processing to terminate early, leading to
a crash of the KDC process. An attacker would need to have a valid
PKINIT certificate or have observed a successful PKINIT authentication,
or an unauthenticated attacker could execute the attack if anonymous
PKINIT is enabled.
CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C
This is a minimal commit for pullup; style fixes in a followup.
[kaduk@mit.edu: reformat and edit commit message]
(cherry picked from commit c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed)
ticket: 7577 (new)
version_fixed: 1.10.4
status: resolved
|
|
Result code 0 used to be converted properly by krb5_set_password,
though not krb5_change_password; this changed in 1.10 when
krb5int_setpw_result_code_string was folded into
krb5_chpw_result_code_string. Restore the old behavior, and make it
apply to krb5_change_password as well, by making
krb5_chpw_result_code_string convert result code 0.
[ghudson@mit.edu: commit message]
(cherry picked from commit 316bf74b4696058e2b60c95c9d0fc90d6c2c2ffe)
ticket: 7576 (new)
version_fixed: 1.10.4
status: resolved
|
|
In krb5_auth_con_initivector and mk_priv/rd_priv, stop assuming that
the enctype's block size is the size of the cipher state. Instead,
make and discard a cipher state to get the size.
(cherry picked from commit 8d01455ec9ed88bd3ccae939961a6e123bb3d45f)
ticket: 7575 (new)
version_fixed: 1.10.4
status: resolved
|
|
In kdc_util.c and spnego_mech.c, error returns from ASN.1 length
functions could be ignored because they were assigned to unsigned
values. In spnego_mech.c, two buffer size checks could be rewritten
to reduce the likelihood of pointer overflow. In dump.c and
kdc_preauth.c, calloc() could be used to simplify the code and avoid
multiplication overflow. In pkinit_clnt.c, the wrong value was
checked for a null result from malloc(), and the code could be
simplified.
Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>.
(cherry picked from commit d3c5450ddf0b20855e86dab41735d56c6860156b)
[tlyu@mit.edu: omitted pkinit and kdb5_util fixes because they're not
conservative]
ticket: 7545 (new)
version_fixed: 1.10.4
status: resolved
|
|
If a PKINIT Diffie-Hellman reply contains no certificates in the
SignedData object, that may be because the signer certificate was a
trust anchor as transmitted to the KDC. Heimdal's KDC, for instance,
filters client trust anchors out of the returned set of certificates.
Match against idctx->trustedCAs and idctx->intermediateCAs to handle
this case. This fix only works with OpenSSL 1.0 or later; when built
against OpenSSL 0.9.x, the client will still require a cert in the
reply.
Code changes suggested by nalin@redhat.com.
(cherry picked from commit db83abc7dcfe369bd4467c78eebb7028ba0c0e0d)
ticket: 7544 (new)
version_fixed: 1.10.4
status: resolved
|
|
gcc 4.6.2 reportedly finds some spurious maybe-uninitialized warnings.
Suppress them. Patch from Eray Aslan with some adjustment.
(cherry picked from commit cc2f16af06800bf9882c1589d3d6e9b8f19b6d6f)
ticket: 7543 (new)
version_fixed: 1.10.4
status: resolved
|
|
asserts may be compiled out with -DNDEBUG, so it's wrong to use an
assert expression with an important side effect.
(We also have scores of side-effecting asserts in test programs, but
those are less important and can be dealt with separately.)
(cherry picked from commit 221cd4a23691601a14500bc00146c265b50bdc94)
ticket: 7542 (new)
version_fixed: 1.10.4
status: resolved
|
|
Recent versions of gcc can generate a maybe-uninitialized warning from
bison output instead of a regular uninitialized warning. Suppress
both. Fix from nalin@redhat.com.
(cherry picked from commit d4f98cdd40559620531622c9c6d988f6aa850bd0)
ticket: 7541 (new)
version_fixed: 1.10.4
status: resolved
|
|
Fail during configure time if the configure script can't locate the
"ar" program, instead of producing a delayed failure during build time
by running the "false" command. Some Solaris releases have ar in
/usr/ccs/bin, which is not in the default path for some users.
(cherry picked from commit 2c990e6418cd7cee7ca178a3175b07ed6a01ffae)
ticket: 7540 (new)
version_fixed: 1.10.4
status: resolved
|
|
As the file ccache implementation currently stands, we don't want to
turn off TC_OPENCLOSE on a file cache we're writing to, or it will be
opened read-only and stores to it will fail. Reported by Russ
Allbery.
(cherry picked from commit 0ae663d35b7dcbf2c469ad0688a67f4d1c0e425e)
ticket: 7538 (new)
version_fixed: 1.10.4
status: resolved
|
|
Use krb5int_copy_data_contents_add0 when copying a pa-pw-salt or
pa-afs3-salt value in pa_salt(). If it's an afs3-salt, we're going to
throw away the length and use strcspn in krb5int_des_string_to_key,
which isn't safe if the value is unterminated.
(cherry picked from commit f566fee75f2455d6e5e7ee4fcdf5a0d327808639)
ticket: 7537 (new)
version_fixed: 1.10.4
status: resolved
|
|
A host referral to the same realm we just looked up the principal in
is useless at best and confusing to the client at worst. Don't
respond with one in the KDC.
(back ported from commit ee0d5eac353a13a194759b72cb44203fda1bf0fa)
ticket: 7536 (new)
version_fixed: 1.10.4
status: resolved
|
|
Don't check for an agility KDF identifier in the non-draft9 reply
structure when we're building a draft9 reply, because it'll be NULL.
The KDC plugin for PKINIT can dereference a null pointer when handling
a draft9 request, leading to a crash of the KDC process. An attacker
would need to have a valid PKINIT certificate, or an unauthenticated
attacker could execute the attack if anonymous PKINIT is enabled.
CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C
[tlyu@mit.edu: reformat comment and edit log message]
(back ported from commit cd5ff932c9d1439c961b0cf9ccff979356686aff)
ticket: 7527 (new)
version_fixed: 1.10.4
status: resolved
|
|
In get_in_tkt.c, a time offset is computed between the KDC's auth_time
and the current system time after the reply is decrypted. Time may
have elapsed between these events because of a gak_fct invocation
which blocks on user input. The resulting spurious time offset can
cause subsequent TGS-REQs to fail and can also cause the end time of
the next AS request to be in the past (issue #889) in cases where the
old ccache is opened to find the default principal.
Use the system time, without offset, for the request time of an AS
request, for more predictable kinit behavior. Use this request time,
rather than the current time, when computing the clock skew after the
reply is decrypted.
(cherry picked from commit 37b0e55e21926c7875b7176e24e13005920915a6)
ticket: 7528 (new)
version_fixed: 1.10.4
status: resolved
|
|
|
|
|
|
Release builds, not beta. Update reltag/reltail where
appropriate, and bump the buildlevel.
|
|
|
|
Bump versions where appropriate, and drop buildlevel back to zero
for the new version.
While here, remove KRB5_RELTAG and KRB5_RELDATE from
src/windows/kerberos.ver as they are unused and merely serve
to cause confusion with the values in src/patchlevel.h.
[tlyu@mit.edu: update patchlevel.h too]
|
|
We omit the patchlevel if it is zero, but the check whether
the patchlevel was zero was checking the wrong variable, and thus
always succeeding.
(cherry picked from commit de80646215b623b1ce16fe8a2c2db85bba531532)
ticket: 7481
status: resolved
|
|
Improve accessibility by actually enabling access keys for ribbon
elements (tap alt and follow the onscreen hints for keys to press),
instead of just underlining a letter in the name of each element.
Supply an underlined letter in the text of each element, corresponding
to this access key, even if there is not a shortcut key bound to that
element. While here, fix conflicting assignment to 'R' on the 'options'
tab (between "Renewable Until" and "Automatic Ticket Renewal") by
making "Automatic Ticket Renewal" use 'T'. Microsoft's UI recommendations
seem to say that access keys should be easy to locate when searching
through the menu, and thus using the first letter of the first or
second word is advisable.
The Ribbon XML Reference seems to indicate that these elements should
be "keytip" elements, but MSVS creates "keys" elements, which seem
to work, whereas "keytip" does not. Apparently 'F' is standard for
the application button menu (which contains exit). Access keys work
somewhat poorly for us in this menu, as they appear on top of the text
of the menu items, since we have no icons here.
(cherry picked from commit eacf40bdc52ae3c43dad58429086c39a8ce4d395)
ticket: 7441
status: resolved
|
|
A big pile of XML on one line is not very readable.
Use 'xmllint --format' to make things more sane.
(cherry picked from commit 1e362883dddc36bfb63b253e66485bbd8a1a50f7)
ticket: 7478
status: resolved
|
|
The AboutBox dialog as specified in the resource file is larger than
the one we display; the dialog init routine marks several things as
non-visible, moves the 'OK' button up to where the now-invisible items
were, and shrinks the dialog's bounding rectangle.
However, the edit boxes containing copyright and version information
seem to always present as being on top of the 'OK' button, and their
background causes the button to appear almost invisible with the current
repositioning.
To keep the 'OK' button visible, reduce the amount that it is moved
(and the amount the dialog is shrunk) so that the button does not overlap
with the edit box.
(cherry picked from commit ceb486df4301608d5b2462011fed6534e60721bd)
ticket: 7443
status: resolved
|
|
|
|
Remove the potentially misleading "experimental" annotation on the
description of the Camellia encryption feature.
ticket: 7438 (new)
version_fixed: 1.10.4
status: resolved
|
|
Changes in r25660 inadvertently failed to insert TGS-REPs into the
lookaside cache. Call finish_dispatch_cache() at the end of
dispatch() to handle this case.
(cherry picked from commit 22206a061dfe55db5cbe2c70190b3bd923d9e615)
ticket: 7388
version_fixed: 1.10.4
status: resolved
|
|
|
|
|
|
Switch away from beta to release versioning in site-local.wix,
and replace the beta tag with release.
Increment the buildlevel, as always.
Update patchlevel.h to indicate this is a KfW build.
|
|
Executables and shared libraries should have a file version, so
that the upgrade process works as expected.
(cherry picked from commit cdaae4bd07e5b9d9ec0f7b14103f7e43b898d0aa)
ticket: 7386
version_fixed: 1.10.4
status: resolved
|
|
Actually expand the OUTPRE variable instead of just using a literal
string.
(cherry picked from commit 6298655a778e58af6f0faaff554e126378ce7c4a)
ticket: 7387
version_fixed: 1.10.4
status: resolved
|
|
The file 'checkbox blank.png' is unneeded and contains a space in the
name, unnecessarily interfering with running find | xargs over the
source tree. Remove it.
(cherry picked from commit 757860b48bcef42a9a5fddba984607edeb6e205c)
ticket: 7352
status: resolved
|
|
The build instructions have changed somewhat, as have the requirements
for a build environment.
The default behavior for KRB5_CONFIG and KRB5CCNAME has also changed.
Attempt to remove mention of overly specific Windows versions that
are now quite old when the behavior persists in newer versions of Windows.
Document the usage of DNS by default and the reduced need for a large
krb5.ini file.
Talk a little more about the LSA cache.
The kerbsrc.win target is no longer supported.
(cherry picked from commit d77308a1eaf9c996e10fbc2f82e79c4df3fc1078)
ticket: 7363
status: resolved
|
|
The NSIS installer appears to have only ever existed as a 32-bit
software. As such, unconditionally check the 32-bit registry tree
for an uninstall string; the architecture of the current package
being installed is not relevant to what was previously installed.
(cherry picked from commit 4d3200ca369b47e8cf6966ae7670823d57ef2b3f)
ticket: 7362
status: resolved
|
|
Continue to increment the buildlevel as well.
|
|
This installer option determines whether the -autoinit argument
is passed to the MIT Kerberos executable.
On startup, if this argument is passed, and if there are no tickets
in the default cache, and if no useful tickets can be imported from
the LSA cache, MIT Kerberos will open the get ticket dialog and prompt
for a password; this option does not appear to have any other effect.
(cherry picked from commit d9af383d069b571457849dea77dbef01ccb55370)
ticket: 7357
status: resolved
|
|
Revision fcdd2de1 added the K5_KEY_GSS_KRB5_ERROR_MESSAGE key, and
registered it in the gssapi library initialization routine, but
did not unregister it in the libary finalization routine.
When the library is unloaded and reloaded in the same process,
this leads to an assertion failure, since we check that
destructors_set[keynum] is zero (no destructor set) when registering
a key in util/support/threads.c.
Unregister the key on library cleanup to resolve the error.
(cherry picked from commit 4ab584c830024757cc628b1783dde6220a9fec6d)
ticket: 7353
version_fixed: 1.10.4
status: resolved
|
|
We already define EV_USE_REALTIME to 0 to avoid the use of
clock_gettime() (to avoid depending on librt). But in some build
environments libev can detect support for a monotonic clock, which
also results in using clock_gettime(). Define EV_USE_MONOTONIC to 0
as well to prevent this.
(cherry picked from commit fe285ec16b65ac6177a404baa635c1d09054dc81)
ticket: 7350
version_fixed: 1.10.4
status: resolved
|
|
In the MSLSA cache, if we get back a zero-length ticket, don't
accept it as success; continue on to try and get an acceptable
ticket.
(cherry picked from commit cd58adf4b0f52d0293ec8bf9d7d3e87bd1e6ce3f)
ticket: 7349
version_fixed: 1.10.4
status: resolved
|
|
Continue to increment the buildlevel as well.
|
|
Since the Start Menu and Desktop are different folders, we should
use different components for the shortcuts in those folders, given
that components operate at directory granularity.
Take the opportunity to use the newer style for installing shortcuts
and registry keys, and make the names more descriptive.
Increment the buildlevel to ensure new files are installed.
(cherry picked from commit fe9a1d24c5ce9dd415658493c1811aa9e54aebce)
ticket: 7348
status: resolved
|
|
These printfs spew to the console when command-line utilities
such as 'klist' and 'aklog' are run, reducing usability.
These printfs can also cause application hangs.
On a multiprocessor machine, when PuTTY and the ccapiserver are
running on different CPUs, PuTTY appears to deadlock with three
concurrent threads inside cci_debug_printf().
(cherry picked from commit 932866ad41edf830123bdfef927f1314f3100be9)
ticket: 7342
version_fixed: 1.10.4
status: resolved
|
