Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
After commit 95830231758de259abbbccedbac01613f578768a, the
documentation cannot be built with Python 2. Run make with
"PYTHON=python3" to ensure that we use Python 3.
(cherry picked from commit 17b40b1acb8f2e2c1f646ae76a9919089c4ba85c)
|
|
The DEBUG_GSSALLOC version of gssalloc_realloc() must add the sentinel
size to the byte count.
The mechglue gss_decapsulate_token(), gss_encapsulate_token(), and
gss_export_sec_context() must use gssalloc_malloc() to allocate
output buffers.
The krb5 mech's gss_export_name_composite() and gss_pseudo_random()
implementations must use gssalloc_malloc() to allocate output buffers.
SPNEGO's gss_display_status() implementation must use gssalloc for the
output buffer.
The sample GSS server must use gss_release_buffer() to free the result
of gss_export_sec_context().
(cherry picked from commit ab5c4259bdbe51dd3f4b5c5aff22628188d04322)
ticket: 8852
version_fixed: 1.17.1
|
|
If gss_set_sec_context_option() creates a union context object, it
must set the loopback pointer.
[ghudson@mit.edu: extracted this from a larger commit and wrote commit
message]
(cherry picked from commit 93b6d2a83849e157d7bec4f83fd94dbef10d6f05)
ticket: 8850
version_fixed: 1.17.1
|
|
Commit f07bca9fc94a5cf2e3c0f58226c7973a4b86b7a9 made addprinc -randkey
use a single RPC request, but the server-side handling always creates
the random keys with kvno 1. If a kvno is specified in the RPC
request, set the kvno of the key data after creating it. Reported by
Andreas Ladanyi.
(cherry picked from commit 462e85208d57b8d4120c99e801fbd156b9ccf16f)
ticket: 8848
version_fixed: 1.17.1
|
|
In init_ctx_call_init(), if gss_init_sec_context() fails while
producing the first SPNEGO initiator token, we remove the first
candidate mechanism from sc->mech_set and try again. If
sc->ctx_handle is present after the error (more likely after commit
56f7b1bc95a2a3eeb420e069e7655fb181ade5cf), we must clear it before
falling back or it will cause subsequent attempts to fail.
(cherry picked from commit 40ecfad10dd36700028ff0f3d0d79ce7925fe545)
ticket: 8846
version_fixed: 1.17.1
|
|
If gss_inquire_attrs_for_mech() is called for a mechanism which does
not implement it, the call will succeed with mech_attrs set to
GSS_C_NO_OID_SET (as is explicitly allowed by RFC 5587).
generic_gss_test_oid_set_member() returns an error on this value,
causing gss_accept_sec_context() to erroneously deny the mechanism
when no verifier credential handle is supplied. Change
allow_mech_by_default() to explicitly check for no mech attribute set.
(cherry picked from commit bd321c9caa6dc4b034bc3279a1af39af4c41210d)
ticket: 8840
version_fixed: 1.17.1
|
|
/etc/gss/mech lines begin with a name field, but this field was not
included in the format documentation.
(cherry picked from commit 208e85530f8a0d0490e50d89aed4f6f11acfd86a)
ticket: 8839
version_fixed: 1.17.1
|
|
Commit 969331732b62e73d1e073ff3ad87bf1774ee9fd1 (ticket 7369) removed
the code to return UPDATE_BUSY if the database was modified within the
last ten seconds, but did not remove the corresponding documentation
text. Remove it now.
(cherry picked from commit 16c3a5917a8fd2706a1e1b2e5a58e1319f8fa8f7)
ticket: 8835
version_fixed: 1.17.1
|
|
In commit 38a31852c3e58f6e2f6b3b035a87f817d1db5537, the aes-sha1
enctypes became the only defaults, but the documentation was not
updated.
(cherry picked from commit 56982b666e10fbb47c1fb70947b3e176c9a5e2d1)
ticket: 8834
version_fixed: 1.17.1
|
|
Remove ldapbackend.rst, as it is largely redundant with conf_ldap.rst.
Simplify conf_ldap.rst, using kerberos.openldap.ldif (added by ticket
8529) and removing unnecessary command arguments. Mention the
possibility of using SASL authentication (added by ticket 7944) as an
alternative to binding with DN and password. Remove unnecessary
access rights.
In kdc_conf.rst, remove ldap_servers from the list of relations read
from [dbdefaults], as it is only read from the realm's database
configuration section.
In kdb5_ldap_util.rst, document "-r" as a global parameter, as it
applies in some fashion to all commands. Make the same changes to the
kdb5_ldap_util usage message, and make it fit within 80 columns.
Reported by Dilyan Palauzov.
(cherry picked from commit ca1057fe6a03b6679b7907ee41b8abd444acc70d)
ticket: 8831
version_fixed: 1.17.1
|
|
An inverted status check in get_kdc_offset() would cause querying the
offset time from the ccache to always fail (silently) on KCM. Fix the
status check so that KCM can properly handle desync.
(cherry picked from commit 323abb6d1ebe5469d6c2167c29aa5d696d099b90)
ticket: 8826
version_fixed: 1.17.1
|
|
In parse_quoted_string(), only process an escape sequence if there is
a second character after the backlash, to avoid reading past the
terminating zero byte. Reported by Lutz Justen.
(cherry picked from commit a449bfc16c32019fec8b4deea963a3e474b0d14d)
ticket: 8825
version_fixed: 1.17.1
|
|
A value of 0 indicates that the plugin doesn't wish to modify lifetimes.
Make this the default, rather than requiring all plugins to set these
values themselves.
(cherry picked from commit d81c5870013240c04642c8e0cb994b4c49e40ddf)
ticket: 8824
version_fixed: 1.17.1
|
|
The documentation for krb5.conf explaining final values is incorrect.
Only sections and subsections may usefully be marked as final, and
final designations only apply to later files, not to the same file.
[ghudson@mit.edu: corrected and shortened documentation; rewrote
commit message]
(cherry picked from commit 5105a91c9dc3210e242dff156b861e77aa80959a)
ticket: 8821
version_fixed: 1.17.1
|
|
The default severity was removed by commit
6ce8fd4cfa2e9b1e92debd204a5b2ddf053cca55 (ticket 8630) but the example
still talks about it; remove that text. Add a note about the default
being syslog if nothing else is specified, and a note on how to
disable logging.
(cherry picked from commit 4dabc3d0bcdcdcd5aad070b97a27141a3abd0bbd)
ticket: 8813
version_fixed: 1.17.1
|
|
Commit 2bd410ecdb366083fe9b4e5f6ac4b741b624230b (ticket 8709)
contained a typo "text" for "test", preventing the Python path check
from falling back from python2 to python. This is now a fallback from
python3 to python, but the typo remains. Fix it now.
Based on a patch by Michael Osipov.
(cherry picked from commit b7c260b22c5d815b83ff37a35569e07e847cd9c3)
ticket: 8810
version_fixed: 1.17.1
|
|
NetBSD 8's stdlib.h declares a hmac() function; rename ours to avoid a
conflict.
[ghudson@mit.edu: picked a different name and added a comment]
(cherry picked from commit e8b463c8d2c9b903d61c8646af3c0106808f906d)
ticket: 8803
version_fixed: 1.17.1
|
|
Some init systems, such as systemd, can run daemon processes in the
foreground, so admonishments to let krb5kdc and kadmind background
themselves in normal operation can be confusing. Remove those
sentences.
(cherry picked from commit 4ded6dbc23d27068567943bccf4d2d986b6f7d08)
ticket: 8802
version_fixed: 1.17.1
|
|
Fix five cases where return codes could be set (in unlikely cases) but
did not result in error exits.
[ghudson@mit.edu: squashed commits and rewrote commit message]
(cherry picked from commit 7c26740f9df3c79c3f01c3a4dda4d9dabba5298d)
ticket: 8801
version_fixed: 1.17.1
|
|
The example code for gss_get_mic_iov() using a caller-provided buffer
calls gss_wrap_iov_length() and gss_wrap_iov() instead of
gss_get_mic_iov_length() and gss_get_mic_iov() as intended. Reported
by Frank Filz.
(cherry picked from commit bf4156db4f6c2e8cd420cd556bfa9e39f1a3d556)
ticket: 8797
version_fixed: 1.17.1
|
|
Document that if no krb5kdc -r option is specified, the default realm
is served.
(cherry picked from commit e5f866de8f47b91f609a6bab0d0e002f1a826222)
ticket: 8796
version_fixed: 1.17.1
|
|
gss_inquire_sec_context_by_oid(GSS_C_INQ_SSPI_SESSION_KEY) fails on
Windows because generic_gss_add_buffer_set_member() relies on the
ability to realloc() a null pointer. Unlike realloc(), HeapReAlloc()
requires an input pointer that (from the MSDN documentation) "is
returned by an earlier call to the HeapAlloc or HeapReAlloc function".
So gssalloc_realloc() must test for null inputs and call HeapAlloc()
instead.
Reported by Eric Pauly.
(cherry picked from commit d66b311093f1782c3610bbc77bd78fce411e8f79)
ticket: 8735
version_fixed: 1.17.1
|
|
pyrad 2.2 throws a KeyError exception in DecodePacket if any
attributes from the packet are not defined in the dictionary. Add a
dictionary entry for Service-Type so this doesn't happen.
(cherry picked from commit e60d01eb1686e112fba4743d4216ba61fec2bdc0)
ticket: 8841
version_fixed: 1.17.1
|
|
Commit e23d24beacb73581bbf4351250f3955e6fd44361 did not convert
t_otp.py or paste-kdcproxy.py. Convert t_otp.py to Python3. Rewrite
paste-kdcproxy.py using wsgiref from the standard Python library to
avoid the Paste dependency.
(cherry picked from commit 56be947ac4469d9d79b2e451311278f5bcdb2063)
ticket: 8818
version_fixed: 1.17.1
|
|
Rewriting the qualname Perl script to use getaddrinfo created an
unchecked dependency on Perl 5.14. Instead, remove the script and use
the C program in tests/resolve for the kadmin and gssrpc test suites.
(cherry picked from commit 2a852b1f3fb00c7d19f4dbfba76f5ff7ebccd2c7)
|
|
In the utilities used by the dejagnu test suites, use
getaddrinfo()/getnameinfo() instead of
gethostbyname()/gethostbyaddr(), as the results can vary when the
local hostname appears in multiple lines in /etc/hosts.
In t_ccselect.py, don't cause an error if the canonicalized local
hostname is "localhost". The tests will continue to run in this case,
as long as we don't try to create duplicate principals.
In sim_server.c, bind to the wildcard address instead of the resolved
local hostname, to resolve a mysterious problem observed in Travis
where the second of three sim_client send() operations fails with
ECONNREFUSED.
(cherry picked from commit c2497d46b4bad473e164943d67b58cd1ae261c3a)
|
|
|
|
|
|
|
|
Under some circumstances (perhaps related to a February Windows 10
update), Leash can get past the krb5_cc_get_principal() step when
processing an empty MSLSA ccache, and get a KRB5_CC_NOMATCH error from
krb5_cc_start_seq_get(). Do not display a modal error dialog if this
happens.
(cherry picked from commit 3208e88cae1c5b3c3f0477e64565764118df6316)
ticket: 8790
version_fixed: 1.17.1
|
|
(cherry picked from commit 5ba6e02a7b96ddd15dde01db0f9aff3d65773a8e)
ticket: 8789
version_fixed: 1.17.1
|
|
Commit 0f06098e2ab419d02e89a1ca6bc9f2828f6bdb1e fixed part of a memory
leak in the 'none' replay cache type by freeing the outer container,
but we also need to free the mutex.
[ghudson@mit.edu: wrote commit message]
(cherry picked from commit af2a3115cb8feb5174151b4b40223ae45aa9db17)
ticket: 8783
version_fixed: 1.17.1
|
|
Commit 4c4859fa83295db5c26f47b96c719060cfd9e2b1 changed the kinit man
page to state that kinit -E (enterprise) implies -C (canonicalize).
The client does not automatically set the canonicalize option when
getting tickets for an enterprise principal, and Windows KDCs can
issue tickets for enterprise principals without canonicalizing the
principal (contrary to the implication of RFC 6806 section 5). Remove
the misleading text.
[ghudson@mit.edu: updated RST man page and regenerated nroff file;
rewrote commit message]
(cherry picked from commit 8e31335a7722a2f7f1722506befe4fd26d3e3f3f)
ticket: 8779
version_fixed: 1.17.1
|
|
Also remove a debugging print from DocModel.__repr__.
(cherry picked from commit 95830231758de259abbbccedbac01613f578768a)
ticket: 8774
version_fixed: 1.17.1
|
|
|
|
|
|
|
|
(cherry picked from commit 7e127ebdbf88dccae9f9e5427e90319981a69266)
|
|
In the LDAP KDB module, fix an empty initializer. In the SPAKE
edwards25519 code, use autoconf tests to determine whether to use the
64-bit code. In the SPAKE update_thash() function, make sure the
types of the conditional expression results match exactly. In
libkrb5support, link against zap.o now that k5buf.o can use zap() (as
of commit 8ee8246c14702dc03b02e31b9fb5b7c2bb674bfb).
[ghudson@mit.edu: squashed commits; rewrote commit message; adjusted
autoconf tests; minor code changes]
(cherry picked from commit ecb03a4c31cf8a6b1bca3459ae56d4122398c18e)
ticket: 8769
version_fixed: 1.17
|
|
If list_union() fails due to an allocation failure, then close_time()
will attempt to fclose users_fp and login_fp a second time.
This bug was originally introduced in commit
be95b52c2d0c21b1fe92f9f90166fc2fa8eecc95, and has been present in
every krb5 release since 1.1.
(cherry picked from commit 0b8c6f3e1e8e561aa56a7d4e2171320119991dae)
ticket: 8768
version_fixed: 1.17
|
|
The assertion in return_enc_padata() is reachable because
kdc_make_s4u2self_rep() may have previously added encrypted padata.
It is no longer necessary because the code uses add_pa_data_element()
instead of allocating a new list.
CVE-2018-20217:
In MIT krb5 1.8 or later, an authenticated user who can obtain a TGT
using an older encryption type (DES, DES3, or RC4) can cause an
assertion failure in the KDC by sending an S4U2Self request.
[ghudson@mit.edu: rewrote commit message with CVE description]
(cherry picked from commit 94e5eda5bb94d1d44733a49c3d9b6d1e42c74def)
ticket: 8767
version_fixed: 1.17
|
|
For consistency with Windows KDCs, allow protocol transition to work
even if the password has expired or needs changing.
Also, when looking up an enterprise principal with an AS request,
treat ERR_KEY_EXP as confirmation that the client is present in the
realm.
[ghudson@mit.edu: added comment in kdc_process_s4u2self_req(); edited
commit message]
(cherry picked from commit 5e6d1796106df8ba6bc1973ee0917c170d929086)
ticket: 8763
version_fixed: 1.17
|
|
|
|
(cherry picked from commit 23ef16ac32554e547ac42a9cb79d9040af8de5ba)
ticket: 8762
version_fixed: 1.17
|
|
During master key rollover, if the old master key is purged
immediately after updating principal encryption, running processes may
not successfully update their in-memory copies of the master key.
Document that the administrator should delay purging the master key
until after propagation and some daemon activity.
(cherry picked from commit 24425b730161c3d27d86a7ae0caa2305f70167f6)
ticket: 8744
version_fixed: 1.17
|
|
Commit 33634a940166d0b21c3105bab8dcf5550fbbd678 accidentally changed
the return value from kcmio_unix_socket_write to be the result of the
write call. Most commonly this resulted in it returning 8, which led
to many commands failing with "Exec format error".
(cherry picked from commit 3e76ea104cdaf22c4537833b203f8aeed1691f18)
ticket: 8758
version_fixed: 1.17
|