All of the hcrypto source files were updated with commit
0f97855826 to include roken.h. This
means that hash.h no longer needs to include the roken header.
Remove the multiple inclusion.
When processing a request, current tgs_make_reply uses the requested
set of addrs of the request to establish the set of addresses to
associate with the ticket in reply.
However, when the request input set of addrs is NULL, it reverts to
using the TGT set of addresses instead. As a result, it is not
possible to acquire an addressless TGS (or forwarded TGT) using a
TGT that is addressed.
This patch remove the fallback ensuring that a TGS_REQ with a set
of addrs set to NULL enables to acquire an addressless ticket.
When reading configuration file, keep an extra copy of
the encryption types, and use this when resetting the
encryption types to default.
GSSAPI always resets the enctypes to default before obtaining
a TGS, because the enctypes might have previously altered,
so this prevents changing the etypes from the configured ones
to the full set of supported etypes.
Signed-off-by: Uri Simchoni <uri@samba.org>
Some portions of libhcrypto are reused by other projects in
diverse environments, including within operating system kernel modules.
In some such build environments, hardening measures such as grsecurity
can (randomly) reorder structure elements, so as to make it harder
for an attacker to determine the offset from a known field's address
to a different field that is needed for an attack.
However, doing so requires the use of C99 designated initializers
to make the source code compatible with such structure rearrangement,
as opposed to the "traditional" C aggregate type initializers, which
just list fields in order. This feature is also available as a
GCC extension since early versions of GCC. However, it is not
provided by many common versions of visual studio (and presumably
also not by the vendor compiler for various commercial Unixes),
so the traditional initializers must remain, behind a conditional.
__GNUC__ or __STDC_VERSION__ >= 199901 should be enough to get
most cases with support for designated initializers, at least
for now.
Signed-off-by: Nicolas Williams <nico@twosigma.com>
Newer versions of SQLite3 have a number of new features that are
desirable to users who host other DBs in the same file as the HDB (for
example), as well as performance and bug fixes.
We should consider switching the SQLite3 backend for HDB to WITHOUT
ROWID tables for performance reasons. We should also consider using
foreign keys instead of triggers. Making any such changes requires care
to permit both, upgrade and downgrade.
We might want to use the SQLite3 session extension for a SQLite3-
specific, low-level replication (iprop). Given conflict resultion code,
or a sufficiently normalized schema, the session extension would make it
easy to create a multi-master replication system, not unlike what one
would expect of an LDAP setup, though with none of the atomicity that
LDAP is supposed to provide (specifically, O_EXCL semantics for creates
and predicates for updates) unless we were to add a locking protocol.
Note that as of 3.14, the session extension is mutually exclusive of
WITHOUT ROWID tables.
On a low update rate master, if we don't update old_version after
processing a poll timeout, we will generate spurious warnings about
missed (change) signals every time the timer expires, and will
needlessly contact the slaves.
Also implement KDC hierarchical transit policy checks. The "hier_capaths"
parameter defaults to "yes" in [libdefaults] or can be set explicitly in
[realms] per-realm.
Commit efed5633 (r24759) prefixed some symbols with rk_, but
introduced 6 duplicate symbols in the version script (because the
rk_-prefixed versions of the symbols were already present).
When the master's log does not contain the complete history, slaves
that bootstrap from scratch encountered a loop, because the master
falsely assumed a race with log truncation.
The HDB_F_ALL_KVNOS flag is not getting set in _kdc_db_fetch() if
kvno_ptr == NULL. Fix the conditional to ensure that one of
HDB_F_ALL_KVNOS or HDB_F_KVNO_SPECIFIED is set in the flags field.
Prior to this change cross-realm TGS_REQ failed with KRB5_GENERIC_ERROR
and e-text "encryption key has bad length". With this change, the
cross-realm TGS_REQ succeeds.
Change-Id: I4216137a192032544dfbdada12b5c377603ca4b6
The function, found in lib/krb5/mit_glue.c, is currently using
krb5_generate_random_keyblock(). This compiles because warning-level is
not high enough, but does not work. At runtime the
krb5_generate_random_keyblock() interprets the second argument as the
krb5_enctype (rather than a length of anything) and tries to verify it.
When the length does not match any known enctype, as usually happens, the
function fails and returns an error. If the length happened to correspond
to an enctype, the function would likely crash due to misinterpreting its
third argument as a valid krb5_keyblock.
The change uses krb5_generate_random_block() instead. This function does
not return anything -- upon detecting failure it will cause the entire
application to exist instead...
Change-Id: I865a360037a513ce91abc7abba1dc554f844b464
Follow Apple's lead and do not fail krb5_set_config_files() simply
because one of the files in the profile list fails to parse correctly.
Doing so can lead to hard to find failures and could lead to an end
user shooting themselves in the foot and no longer be able to login
to their system to fix it.
Parse as many of the files as we can. Only fail krb5_set_config_files()
if init_context_from_config_file() fails.
Change-Id: I122664c6d707a5f926643808ba414bf4f681f8b8
