oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,480 Commits 2 Branches 2 Tags
7d5f8bb051ca84592d1196bf5d5522da5a50f9d6
Commit Graph

74 Commits

Author SHA1 Message Date
Nicolas Williams
e5126ab924 Fix warnings 2016-11-28 17:34:44 -06:00
Nicolas Williams
f38089257b Misc fixes (coverity) 2016-11-20 17:43:51 -06:00
Jeffrey Altman
bdfc24e9c0 kadmind: kadmin_dispatch leaks memory 
Change-Id: I8bc332c4c9b7a8dc1d63494a82ec7af89c0ec7ca
 2016-11-19 07:43:39 -05:00
Nicolas Williams
30299a4ee7 kadmind: don't leak ks_tuple 2016-02-29 19:13:13 -06:00
Nicolas Williams
e193671854 kadmind: fix pw leak from CVE-2016-2400 fix 2016-02-29 19:13:12 -06:00
Nicolas Williams
7442787f03 Fix leak in check_aliases() 2016-02-26 21:29:05 -06:00
Nicolas Williams
8343733562 kadmind: check ACLs for aliases CVE-2016-2400 
CVE-2016-2400

kadmind(8) was not checking for 'add' permission to aliases added via
kadm5_modify_principal().  This is a security vulnerability.  The impact
of this vulnerability is mostly minor because most sites that use
kadmind(8) generally grant roughly the same level of permissions to all
administrators.  However, the impact will be higher for sites that grant
modify privileges to large numbers of less-privileged users.

From what we know of existing deployments of Heimdal, it seems very
likely that the impact of this vulnerability will be minor for most
sites.
 2016-02-26 01:04:32 -06:00
Jeffrey Altman
34bf7ae162 kadmind: don't send bogus keys to ext_keytab et al 
The Heimdal kadmind sends bogus keys when the client has 'get'
but not 'get-keys' permission.  For some kadmin commands this is
dangerous.  For example, ext_keytab could happily write bogus
keys to a keytab when real keys are expected, causing eventual
breakage.  Sending bogus keys is important for the kadmin get
command: so it can list the keysets that a principal has.

This patch implements a heuristic detection of kadmin get vs.
ext_keytab, add_enctype, del_enctype, and check commands.  If the
client principal lacks 'get-keys' permission, then the server
will fail requests that appear to be from those kadmin commands,
but will continue to serve bogus keys to kadmin get commands.

Thanks to Nico Williams for the idea behind this implementation.
 2015-03-16 11:03:58 -05:00
Jeffrey Altman
6043cc8c88 kadmind: check for KADM5_PRIV_GET when op GET 
When performing a permission check for a GET operation the
KADM5_PRIV_GET_KEYS privilege should not be assumed to be a pure
superset of KADM5_PRIV_GET.  If the "get" permission is denied the
user cannot get an entry with or without key data.
 2015-03-16 10:47:16 -05:00
Love Hörnquist Åstrand
63672067ea add nob for [kadmin]allow_self_change_password 2011-07-30 12:34:40 -07:00
Nicolas Williams
11c54cd6c8 Protect against negative n_ks_tuple values and against randkey returning negative n_keys 2011-07-24 11:08:58 -05:00
Nicolas Williams
0d90e0c4d0 Complete --keepold support and fix crasher in kadmin cpw -r --keepold. 2011-07-22 16:07:06 -05:00
Nicolas Williams
2510d2d8fc Oops, reverse sense of get-keys check... 2011-07-22 16:07:06 -05:00
Nicolas Williams
f15745c60c Forgot to save edits to kadmin/server.c to use the new get-keys authorization. 2011-07-22 16:07:06 -05:00
Nicolas Williams
e8e314bbb1 Beginning of another new kadm5 function. Need to switch branches for a bit. 2011-07-22 16:04:52 -05:00
Nicolas Williams
6e04b05e9d Initial support for kadm5_randkey_principal_3(), needed by krb5_admin. 
NOT TESTED YET.
 2011-07-22 16:04:52 -05:00
Love Hörnquist Åstrand
277bec06e7 simplify error printing, context contains error 2011-06-14 07:11:43 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Love Hornquist Astrand
433b1d5073 drop RCSID 2010-03-16 12:52:58 -07:00
Love Hornquist Astrand
be73fa4687 use krb5_socket_t 2009-12-23 14:12:38 +01:00
Asanka Herath
a1942c1bad Use SOCKET data type instead of ints for sockets in kadmin 
Also use the new mini_inetd() API
 2009-11-24 10:17:51 -08:00
Love Hornquist Astrand
57faf165a0 [HEIMDAL-646] malloc(0) checks for AIX 2009-10-11 18:03:22 -07:00
Love Hornquist Astrand
8490e8fd34 make compile 2009-07-30 13:04:30 +02:00
Love Hornquist Astrand
3af78ea3fb out of memory [CID-63] 2009-07-30 12:53:50 +02:00
Love Hornquist Astrand
330fd7645d Always ask for principal (KADM5_PRINCIPAL) 
The protocol for "get principal" does not support not sending
principal, so when the caller doesn't add KADM5_PRINCIPAL to the mask,
lets add it for them.

Reported by Henry.B.Hotz@jpl.nasa.gov in [HEIMDAL-588]
 2009-07-19 21:01:20 -07:00
Love Hörnquist Åstrand
e147d3fba4 use kadm5_s_init_with_password_ctx 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24548 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-30 16:48:46 +00:00
Love Hörnquist Åstrand
8d16bb0b68 add support for add,get,delete,chrand for the MIT kadmin protocol 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24240 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-11 21:42:02 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
9056a3263a revert previous 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17611 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-02 22:10:21 +00:00
Love Hörnquist Åstrand
d782cd55c5 Less shadowing. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17609 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-01 21:04:42 +00:00
Love Hörnquist Åstrand
59fa02a897 (kadm_get_privs): one less "pointer targets in passing argument differ 
in signedness" warning.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17511 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-08 13:40:58 +00:00
Love Hörnquist Åstrand
2a6831b56c (kadmind_dispatch): case kadm_rename, free princ2 on acl check failure. 
Coverity, NetBSD CID#1911


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17014 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-07 22:00:57 +00:00
Love Hörnquist Åstrand
8acefbf5a0 Update (c). 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15905 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-08-11 17:12:13 +00:00
Love Hörnquist Åstrand
e478a72278 Avoid shadowing exp(). 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15893 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-08-11 13:53:24 +00:00
Johan Danielsson
2450e7b7f8 nuke kerberos 4 kadmin goo 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13845 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-05-13 17:46:20 +00:00
Love Hörnquist Åstrand
84a8e5c39a (kadmind_dispatch): kadm_chpass: require the password to pass the 
password quality check in case the user changes the user's own password
kadm_chpass_with_key: disallow the user to change it own password to a
key, since that password might violate the password quality check.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11626 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-01-29 12:33:05 +00:00
Johan Danielsson
fed79b33b9 add option to disable kerberos 4 kadmin 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11489 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-10-21 13:21:24 +00:00
Johan Danielsson
120c4c61a0 constify match_appl_version() 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11437 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-09-10 19:23:28 +00:00
Jacques A. Vidrine
1d61dd312f While decoding arguments for kadm_chpass_with_key, sanity check the 
number of keys given: must be non-negative, small enough that it is
not truncated when stuffed into an int16_t for kadm5_free_key_data,
and small enough to avoid integer overflow when calculating the memory
required for the keys themselves.

XXX Why does kadm5_free_key_data use int16_t?


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11415 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-09-09 14:40:08 +00:00
Johan Danielsson
4fa94362ee fix for storage change 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11021 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-05-24 15:23:43 +00:00
Johan Danielsson
e18c7ab0f7 typo 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10387 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-07-23 13:46:47 +00:00
Assar Westerlund
9fcec97d9e (kadmind_loop): send in keytab to v4 handling function 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9065 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-09-19 12:46:01 +00:00
Assar Westerlund
f46be87764 (handle_v5): do not try to perform stupid stunts when printing errors 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9014 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-08-27 05:48:18 +00:00
Assar Westerlund
ef5c76e232 (handle_v5): accept any kadmin/admin@* principal as the server 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8973 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-08-18 05:18:34 +00:00
Johan Danielsson
be27bbbffe (v5_loop): check for termination 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8740 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-21 23:29:24 +00:00
Johan Danielsson
be4807afef use krb5_read_priv_message; (v5_loop): check for EOF 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8736 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-21 23:12:25 +00:00
Johan Danielsson
eb685752f6 (v5_loop): use krb5_{read,write}_priv_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8686 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-17 16:12:00 +00:00
Assar Westerlund
ad081120c4 adapt to new acl stuff 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8352 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-06-07 11:14:44 +00:00
Assar Westerlund
91b6bc6386 (kadmind_dispatch): add kadm_chpass_with_key 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8054 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-03-23 22:54:53 +00:00