We weren't checking for errors, and we weren't using the convience
SEQUENCE OF add_METHOD_DATA() and add_ETYPE_INFO() functions generated
by the ASN.1 compiler. Using those utilities made get_pa_etype_info()
and make_etype_info_entry() sufficiently simpler that merging the two
makes for simpler, more readable code.
Build the entry to write to the log file in memory, the write it with
O_APPEND. This should make writes to the request log file safer in
multi-process KDC configurations.
Also, check results of krb5_store_*() functions (coverity alerted to
this).
We will use the kdc_ rather than krb5_kdc_ prefix for new public APIs exported
from libkdc. Amend the recently introduced
request_{get,set,copy,delete}_attribute APIs to conform.
Let the KRB5_SENDTO_DONE and KRB5_SENDTO_FAILED action states be
handled by the provided switch blocks. This ensures that the
'ret' value is set appropriately before exiting the loop.
Change-Id: I56f4cea83efd86203a9a7a36cf48c80f632cf779
If use_strongest_session_key and no keys are found the return
code will be set to KRB5KDC_ERR_ETYPE_NOSUPP. However, before
exiting if the principal is a weak exception then the return
code will be set to success and a NULL key pointer will be
dereferenced. Skip the weak exception check if the return
code is non-zero.
Change-Id: I36d0e1b179b3392171ad6767c75111d59c3f2f7d
warning: 'mp_read_unsigned_bin' is deprecated
(declared at ./libtommath/tommath.h:732): replaced by mp_from_ubin
[-Wdeprecated-declarations]
warning: 'mp_unsigned_bin_size' is deprecated
(declared at ./libtommath/tommath.h:731): replaced by mp_ubin_size
[-Wdeprecated-declarations]
warning: 'mp_to_unsigned_bin' is deprecated
(declared at ./libtommath/tommath.h:733): replaced by mp_to_ubin
[-Wdeprecated-declarations]
warning: 'mp_unsigned_bin_size' is deprecated
(declared at ./libtommath/tommath.h:731): replaced by mp_ubin_size
[-Wdeprecated-declarations]
warning: ignoring return value of 'mp_init_multi',
declared with attribute warn_unused_result [-Wunused-result]
warning: ignoring return value of 'mp_to_unsigned_bin',
declared with attribute warn_unused_result [-Wunused-result]
warning: ignoring return value of 'mp_read_unsigned_bin',
declared with attribute warn_unused_result [-Wunused-result]
Change-Id: I510fd7a57c9cd52b59086a85d13aa6204ebb9fd9
Refactor the call to verify_common() to pass the krb5_cred by
pointer to and call krb5_free_cred_contents() in
verify_user_opt_int() instead of verify_common().
Calling strerror() with a negative value is an error.
Besides fixing that, we streamline hx509_get_error_string(), making it much
simpler and easier to read.
Samba clients are often machine accounts with non-default salts that
will fail if they can't use the AES encryption type they know the KDC
supports. The problem is that arcfour-hmac-md5 has no salt so was
being used in preference.
Samba started to fail when
kdc_config->preauth_use_strongest_session_key = true;
was forced into the KDC configuration.
The history here is an attempt to avoid Kerberos v4 salts in des-cbc-crc
keys, but this instead broke Samba clients with AES-keys on machine accounts
as these have a non-default salt by default. These accounts were incorrectly
restricted to arcfour-hmac-md5 and they didn't like that.
A broader fix than Samba commit 8e1efd8bd3bf698dc0b6ed2081919f49b1412b53
REF: https://lists.samba.org/archive/samba/2021-October/237844.html
Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=14864
Change-Id: Ia8908a5a2eef107e6b133d7f0e4343c1988c18bb
