oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,824 Commits 2 Branches 2 Tags
12ed86de90504b75f9001a5429f4e151d19d49b4
Commit Graph

2116 Commits

Author SHA1 Message Date
Joseph Sutton
0e9e1a4f31 kdc: Make parameter const 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-11-28 21:37:56 -05:00
Joseph Sutton
ffac143401 kdc: Finish incomplete log message 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-11-28 21:37:56 -05:00
Joseph Sutton
9ba687cf22 kdc: Fix log message 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-11-28 21:37:56 -05:00
Joseph Sutton
68b475fa2e kdc: Finish incomplete warning message 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-11-28 21:37:56 -05:00
Joseph Sutton
079088e543 kdc: Fix incorrect log message 
‘list.len’ can be equal to zero.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-11-28 21:37:56 -05:00
Joseph Sutton
fbe89adf27 kdc: Fix spelling of error and log messages 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-11-28 21:34:35 -05:00
Joseph Sutton
560c9da844 kdc: Fix code spelling 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-11-28 21:34:35 -05:00
Joseph Sutton
9f05c65981 kdc: Specify client time in FAST inner KRB-ERROR 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-11-02 20:19:54 -05:00
Joseph Sutton
5de5e5f7f6 kdc: Use NULL to assign to pointers 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-11-02 20:19:54 -05:00
Joseph Sutton
f8ba91164c kdc: Don’t use uninitialized variable 
The call to free_KDCDHKeyInfo(), further down, could have caused heap
corruption.

Found by Coverity (Samba CID 1544611).

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-11-02 20:19:54 -05:00
Joseph Sutton
6f73fd8206 kdc: Remove pointer cast 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-11-02 20:19:54 -05:00
Nicolas Williams
2a38fa17b5 kdc: Add global disable_pac config param 2023-06-23 13:44:13 -05:00
Nicolas Williams
66445f4341 httpkadmind: Add auth-data-reqd attribute 2023-06-23 13:44:13 -05:00
Nicolas Williams
27cdf81995 kdc: Honor no-auth-data-reqd on cross-real TGTs 
Nowadays we use PACs instead of AD-SIGNEDPATH, so we want a PAC on every
TGT, but we don't necessarily want PACs on cross-realm TGTs.

Specifically, we don't interop well yet with AD when issuing cross-realm
TGTs with AD realms as the destination realm (see #1091).
 2023-06-23 13:44:13 -05:00
Joseph Sutton
da9cad2047 kdc: Overwrite ‘error_code’ only if we have an actual error 
‘r->error_code’ might have been set earlier, and we don’t want to
overwrite it with a successful error code.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-06-20 18:02:15 -05:00
Joseph Sutton
243207f10a kdc: Ensure that we emit a non-zero error code 
If ‘r->error_code’ was zero, we would turn it into an ERR_GENERIC error
and return that to the client. Now we return the actual error code
instead.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-06-20 18:02:15 -05:00
Joseph Sutton
af0b70fcc2 kdc: Fix discarded qualifiers warning 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-06-20 18:02:15 -05:00
Joseph Sutton
043b0d02c1 kdc: Don’t abort if krb5_generate_random_keyblock() fails 
There are a few reasons that this function could fail (e.g., failure to
allocate memory) besides random number generation being unavailable. No
other caller abort()s on failure like this.

Furthermore, krb5_generate_random_block(), which is called by
krb5_generate_random_keyblock(), already aborts if random generation
fails.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-06-20 18:02:15 -05:00
Joseph Sutton
43a4c01126 kdc: Fix missing space in log messages 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-06-20 18:02:15 -05:00
Joseph Sutton
4a699f2450 kdc: Remove trailing space from log message 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-06-20 18:02:15 -05:00
Joseph Sutton
cb69ce4382 kdc: Remove trailing space from log message 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-06-20 18:02:15 -05:00
Joseph Sutton
d83802e2d4 kdc: Fix log message typo 2023-06-20 18:02:15 -05:00
Robert Manner
56d97563f0 kcm,kdc/config.c: detect too big max_request sizes (>= 64 MB) 2023-06-20 12:57:28 -05:00
Taylor R Campbell
796e420c11 libkrb5, libkdc: Constify salted s2k default iterator counts. 
These externs should really be in a .h file shared by definition and
usage sites so the C compiler can verify that they match.
 2023-06-20 12:19:48 -05:00
Joseph Sutton
1b954faeeb kdc: Pass in HDB_F_ARMOR_PRINCIPAL when fetching armor ticket client principal 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-06-13 17:41:21 -05:00
Joseph Sutton
cf6b216868 kdc: Have caller pass HDB_F_FOR_TGS_REQ into _kdc_fast_check_armor_pac() 
We shall soon want to use this function for AS-REQs as well as TGS-REQs.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 2023-06-13 17:41:21 -05:00
Stefan Metzmacher
df848bfd97 kdc: don't announce KRB5_PADATA_GSS unless gss_preauth is enabled 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15273

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2023-06-12 12:41:02 -05:00
Stefan Metzmacher
eb388539ec kdc: don't announce KRB5_PADATA_PKINIT_KX unless anonymous is allowed 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15273

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2023-06-12 12:41:02 -05:00
Stefan Metzmacher
67a6eb3218 kdc: don't announce KRB5_PADATA_FX_FAST unless fast is enabled 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15273

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2023-06-12 12:41:02 -05:00
Taylor R Campbell
a142767598 Fix ctype.h misuse. 
Excluded: libtomath and libedit files, most of which appear to be
testing or example code not involved in production, and which are
derived from an upstream that should perhaps have patches submitted
upstream instead.

fix https://github.com/heimdal/heimdal/issues/1111
 2023-05-26 14:10:11 -05:00
Nicolas Williams
cb5262014a Revert "kdc: Quiet warning in FAST unwrap" 
This reverts commit a9c0b8f264.

From Joseph Sutton:

> I found that this commit would result in `KRB5KRB_AP_ERR_BAD_INTEGRITY`
> errors in Samba whenever explicit FAST armor was present. Reverting the
> commit made FAST work again.

> It should be safe to use `tgs_ac` here, since it will always be non-NULL if
> `r->explicit_armor_present` is true. Maybe a local variable
> `explicit_armor_present` (which would be assigned to
> `r->explicit_armor_present` before the function returns successfully) would
> help a static analyser to deduce that its value doesn't change within the
> function, and that `tgs_ac != NULL` still holds.

a9c0b8f264 (commitcomment-95581208)
 2023-01-09 22:30:10 -06:00
Nicolas Williams
561c60ca29 kdc: Explicitly ignore return in audit code 2023-01-04 16:25:22 -06:00
Nicolas Williams
a13c3fc32c httpkadmind: If early ENOMEM, close the connection 2023-01-04 16:24:55 -06:00
Nicolas Williams
e27ddc6596 bx509d: If early ENOMEM, close the connection 2023-01-04 16:24:32 -06:00
Nicolas Williams
23c13886c4 bx509: Fix error path NULL dereference 2023-01-04 16:23:56 -06:00
Nicolas Williams
2d5880734b httpkadmind: Quiet warning 2023-01-04 02:23:01 -06:00
Nicolas Williams
cb09267ed9 kdc: Fix deref-before-NULL-check in _kdc_db_fetch() 2023-01-04 02:07:25 -06:00
Nicolas Williams
82475cbf8e httpkadmind: Fix ENOMEM leak 2023-01-04 01:36:02 -06:00
Nicolas Williams
cd4e693865 httpkadmind: Quiet set-but-not-use variable warning 2023-01-04 01:36:02 -06:00
Nicolas Williams
1a0e535871 hpropd: Fix use-after-free? (WIP) 2023-01-04 01:36:02 -06:00
Nicolas Williams
12160382a0 bx509d: Fix leaks 2023-01-04 01:36:02 -06:00
Nicolas Williams
c6074377bc bx509d: Fix free() of text string 
Also fix a leak, and quiet some warnings.
 2023-01-04 01:36:02 -06:00
Nicolas Williams
e3bcc21dcb test_token_validator: Quiet set-but-not-use variable warning 2023-01-04 01:36:02 -06:00
Nicolas Williams
90856e35cc test_csr_authorizer: Fix use-after-free 2023-01-04 01:36:02 -06:00
Nicolas Williams
6cf01fea19 kdc: Quiet warnings re: debug logging 2023-01-04 01:36:02 -06:00
Nicolas Williams
d33e26de1a kdc: Quiet set-but-not-use variable warning in HDB dump code 2023-01-04 01:36:02 -06:00
Nicolas Williams
20b2dda743 kdc: Quiet a static analyzer warning 2023-01-04 01:36:02 -06:00
Nicolas Williams
3ff12a7fcd kdc: Fix ENOMEM double-free in IPC CSR authorizer 2023-01-04 01:36:01 -06:00
Nicolas Williams
ea39bc5a6b kdc: Fix #1059 2023-01-04 01:36:01 -06:00
Nicolas Williams
be0d4036a9 kdc: Quiet set-but-not-use variable warning 2023-01-04 01:36:01 -06:00