oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
c69717db61d3184c5a327f39c09d6be5aa2afca5
heimdal/lib/krb5
History
Love Hörnquist Åstrand ba2127c788 The "kaserver" part of Heimdal occasionally issues invalid AFS tokens 
(here "occasionally" means for certain users in certain realms).

In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket is
padded to a multiple of 8 bytes. If it is already a multiple of 8
bytes, 8 additional 0-bytes are added.

This catches the AFS krb4 ticket decoder by surprise: unless the
ticket is exactly 56 bytes, it only supports the minimum necessary
padding.  It detects the superfluous padding by comparing the ticket
length decoded to the advertised ticket length.

Hence a 7-letter userid in "cern.ch" which resulted in a ticket of 40
bytes, got "padded" to 48 bytes which the rxkad decoder rejected.

From Rainer Toebbicke.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23475 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-07-28 15:01:05 +00:00
..
acache.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
acl.c
close-on-exec
2008-07-27 12:11:16 +00:00
add_et_list.c
(krb5_add_et_list): doxygen.
2008-02-21 18:44:57 +00:00
addr_families.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
aes-test.c
Make argument to PKCS5_PBKDF2_HMAC_SHA1 unsigned char to make OpenSSL happy.
2006-10-07 13:50:34 +00:00
aname_to_localname.c
add KRB5_LIB_FUNCTION to all exported functions
2004-05-25 21:46:46 +00:00
appdefault.c
Remove redundant KRB5_LIB_FUNCTION
2005-01-05 05:40:59 +00:00
asn1_glue.c
check return value of alloc functions, from Charles Longeau
2007-07-31 16:11:25 +00:00
auth_context.c
switch to krb5_set_error_message
2008-06-23 03:25:00 +00:00
build_ap_req.c
add KRB5_LIB_FUNCTION to all exported functions
2004-05-25 21:46:46 +00:00
build_auth.c
switch to krb5_set_error_message
2008-06-23 03:25:00 +00:00
cache.c
Add principal to storing config data.
2008-07-26 18:36:33 +00:00
changepw.c
close-on-exec
2008-07-27 12:08:03 +00:00
codec.c
add KRB5_LIB_FUNCTION to all exported functions
2004-05-25 21:46:46 +00:00
config_file_netinfo.c
add KRB5_LIB_FUNCTION to all exported functions
2004-05-25 21:46:46 +00:00
config_file.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
constants.c
Add declspec for Windows
2008-04-17 10:02:03 +00:00
context.c
Support parsing KRB-ERROR passed back from windows server when the time is out of sync, modify krb5_cc_[sg]et_config interface to handle principals too, add tests for this
2008-07-26 18:37:48 +00:00
convert_creds.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
copy_host_realm.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
crc.c
Use unsigned where appropriate.
2008-04-07 18:49:55 +00:00
creds.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
crypto.c
sprinle O_CLOEXEC, from Andrew Bartlett
2008-07-28 08:49:43 +00:00
data.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
derived-key-test.c
Free more of the allocated memory.
2005-12-02 14:14:43 +00:00
digest.c
use krb5_set_error_message
2008-06-23 03:25:58 +00:00
doxygen.c
krb5_cc_new_unique() is name of the creation function.
2008-05-29 02:10:19 +00:00
eai_to_heim_errno.c
Doxygenify.
2007-11-11 16:41:06 +00:00
error_string.c
HEIMDAL_SMALLER includes no v4 compat functions.
2008-06-23 03:25:08 +00:00
expand_hostname.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
fcache.c
sprinle O_CLOEXEC, from Andrew Bartlett
2008-07-28 08:49:43 +00:00
free_host_realm.c
add KRB5_LIB_FUNCTION to all exported functions
2004-05-25 21:46:46 +00:00
free.c
s/sizeo/sizeof/
2005-05-18 10:06:16 +00:00
generate_seq_number.c
Rename u_intXX_t to uintXX_t
2006-05-05 09:31:15 +00:00
generate_subkey.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
get_addrs.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
get_cred.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
get_default_principal.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
get_default_realm.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
get_for_creds.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
get_host_realm.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
get_in_tkt_pw.c
use krb5_set_error_message
2008-06-23 03:26:58 +00:00
get_in_tkt_with_keytab.c
(krb5_keytab_key_proc): unconst argument
2005-06-17 04:56:44 +00:00
get_in_tkt_with_skey.c
add KRB5_LIB_FUNCTION to all exported functions
2004-05-25 21:46:46 +00:00
get_in_tkt.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
get_port.c
add KRB5_LIB_FUNCTION to all exported functions
2004-05-25 21:46:46 +00:00
heim_err.et
add HEIM_PKINIT specific errors
2004-02-13 16:23:40 +00:00
heim_threads.h
NetBSD 2.99.11 (any maybe 2.1) just needs pthread.h, threadlib is dead
2004-12-18 16:03:38 +00:00
init_creds_pw.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
init_creds.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
k524_err.et
add protocol compatible krb524 error codes
2001-06-20 02:45:58 +00:00
kcm.c
close-on-exec
2008-07-27 12:08:37 +00:00
kcm.h
first implementation of kcm-move-cache
2008-03-25 12:20:55 +00:00
kerberos.8
RFC 1510 was obsoleted by 4120.
2005-10-03 14:24:36 +00:00
keyblock.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
keytab_any.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
keytab_file.c
sprinle O_CLOEXEC, from Andrew Bartlett
2008-07-28 08:49:43 +00:00
keytab_keyfile.c
sprinle O_CLOEXEC, from Andrew Bartlett
2008-07-28 08:49:43 +00:00
keytab_memory.c
use krb5_set_error_message
2008-06-23 03:28:22 +00:00
keytab.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
krb5_425_conv_principal.3
fix [Gt]
2003-09-03 00:13:07 +00:00
krb5_acl_match_file.3
Various tweaks, from Jason McIntyre.
2006-05-11 22:43:44 +00:00
krb5_address.3
spelling, from openbsd via janne johansson
2008-07-14 10:37:54 +00:00
krb5_aname_to_localname.3
its vs it\'s etc. From Bjorn Sandell
2007-11-14 20:04:50 +00:00
krb5_appdefault.3
pacify mdoclint
2003-05-26 14:09:04 +00:00
krb5_auth_context.3
remove trailing space
2005-05-25 13:47:58 +00:00
krb5_c_make_checksum.3
Update krb5_c_keylengths
2006-11-17 22:09:25 +00:00
krb5_ccache.3
spelling, from openbsd via janne johansson
2008-07-14 10:38:05 +00:00
krb5_ccapi.h
Drop variable names to avoid -Wshadow.
2007-12-02 23:23:43 +00:00
krb5_check_transited.3
update .Dd and (c)
2006-05-01 07:09:16 +00:00
krb5_compare_creds.3
make more pretty, from Björn Sandell
2005-05-10 09:21:06 +00:00
krb5_config.3
Clarify
2008-04-28 10:56:32 +00:00
krb5_context.3
pacify mdoclint
2003-05-26 14:09:04 +00:00
krb5_create_checksum.3
Update prototype for krb5_create_checksum.
2005-08-12 09:01:22 +00:00
krb5_creds.3
Spelling/mdoc changes, from Björn Sandell.
2006-05-01 07:13:03 +00:00
krb5_crypto_init.3
remove various enctype related function
2004-03-20 12:00:01 +00:00
krb5_data.3
Document krb5_data_cmp.
2007-01-23 20:35:12 +00:00
krb5_digest.3
Small fixes, from David Love.
2007-02-17 23:49:54 +00:00
krb5_eai_to_heim_errno.3
document krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno
2004-08-03 11:13:46 +00:00
krb5_encrypt.3
its vs it\'s etc. From Bjorn Sandell
2007-11-14 20:04:50 +00:00
krb5_err.et
add plugin error codes
2008-07-15 11:23:34 +00:00
krb5_expand_hostname.3
Spelling/mdoc from Björn Sandell
2006-05-05 13:13:18 +00:00
krb5_find_padata.3
document padata functions
2004-03-21 13:17:41 +00:00
krb5_generate_random_block.3
Spelling/mdoc changes, from Björn Sandell.
2006-05-01 08:48:55 +00:00
krb5_get_all_client_addrs.3
pacify mdoclint
2003-05-26 14:09:04 +00:00
krb5_get_credentials.3
mdoc fixes
2008-04-27 19:32:33 +00:00
krb5_get_creds.3
its vs it\'s etc. From Bjorn Sandell
2007-11-14 20:04:50 +00:00
krb5_get_forwarded_creds.3
krb5_get_forwarded_creds and friends
2004-07-26 13:34:33 +00:00
krb5_get_in_cred.3
spelling Björn Sandell
2006-05-29 14:55:18 +00:00
krb5_get_init_creds.3
document new options.
2007-02-18 10:41:10 +00:00
krb5_get_krbhst.3
spelling, from Björn Sandell <biorn@dce.chalmers.se>
2005-04-24 07:46:59 +00:00
krb5_getportbyname.3
its vs it\'s etc. From Bjorn Sandell
2007-11-14 20:04:50 +00:00
krb5_init_context.3
fix mdoc errors
2007-01-17 18:06:33 +00:00
krb5_is_thread_safe.3
Spelling/mdoc from Björn Sandell
2006-05-05 13:18:39 +00:00
krb5_keyblock.3
Spelling/mdoc changes, from Björn Sandell.
2006-05-01 08:48:55 +00:00
krb5_keytab.3
its vs it\'s etc. From Bjorn Sandell
2007-11-14 20:04:50 +00:00
krb5_krbhst_init.3
make more pretty, from Björn Sandell
2005-05-10 09:21:06 +00:00
krb5_kuserok.3
check the user's ~/.k5login.d directory for access files, all of which
2005-05-04 12:11:22 +00:00
krb5_locl.h
sprinle O_CLOEXEC, from Andrew Bartlett
2008-07-28 08:49:43 +00:00
krb5_mk_req.3
Remove leftovers, remove extra space.
2005-09-26 05:38:55 +00:00
krb5_mk_safe.3
Spelling/mdoc changes, from Björn Sandell.
2006-05-01 08:48:55 +00:00
krb5_openlog.3
pacify mdoclint
2003-05-26 14:09:04 +00:00
krb5_parse_name.3
Spelling/mdoc changes, from Björn Sandell.
2006-05-01 08:48:55 +00:00
krb5_principal.3
Document krb5_parse_nametype.
2007-06-21 04:36:31 +00:00
krb5_rcache.3
Spelling/mdoc from Björn Sandell
2006-05-05 13:18:39 +00:00
krb5_rd_error.3
Update prototype.
2007-06-12 17:52:46 +00:00
krb5_rd_safe.3
Spelling/mdoc changes, from Björn Sandell.
2006-05-01 08:48:55 +00:00
krb5_set_default_realm.3
Spelling/mdoc from Björn Sandell
2006-05-05 13:18:39 +00:00
krb5_set_password.3
update (c) year
2004-07-15 14:39:06 +00:00
krb5_storage.3
Document krb5_{ret,store}_stringnl functions.
2006-08-18 08:41:09 +00:00
krb5_string_to_key.3
Remove duplicate to.
2006-07-10 14:28:01 +00:00
krb5_ticket.3
Document krb5_ticket_get_endtime
2006-12-28 20:48:50 +00:00
krb5_timeofday.3
Fixes from Björn Sandell.
2006-09-16 09:27:28 +00:00
krb5_unparse_name.3
pacify mdoclint
2003-05-26 14:09:04 +00:00
krb5_verify_init_creds.3
its vs it\'s etc. From Bjorn Sandell
2007-11-14 20:04:50 +00:00
krb5_verify_user.3
its vs it\'s etc. From Bjorn Sandell
2007-11-14 20:04:50 +00:00
krb5_warn.3
document krb5_[gs]et_warn_dest
2006-11-21 07:55:20 +00:00
krb5-v4compat.h
Drop duplicate error codes.
2007-07-16 07:44:54 +00:00
krb5.3
Add krb5_digest functions.
2006-10-03 10:39:35 +00:00
krb5.conf.5
Document default_cc_type.
2008-04-28 18:01:53 +00:00
krb5.h
Add declspec for Windows
2008-04-17 10:02:03 +00:00
krb5.moduli
add Q for group 14
2005-10-08 15:39:42 +00:00
krb524_convert_creds_kdc.3
remove . for .Nd
2005-05-25 13:19:16 +00:00
krb_err.et
Prefix with KRB4.
2007-07-15 20:49:46 +00:00
krbhst-test.c
Make resolver output more pretty
2008-07-24 20:04:22 +00:00
krbhst.c
indent
2008-07-27 12:09:05 +00:00
kuserok.c
close-on-exec
2008-07-27 12:09:39 +00:00
locate_plugin.h
define constant KRB5_PLUGIN_LOCATE
2008-07-15 11:22:39 +00:00
log.c
set log file close on exec
2008-07-27 12:07:25 +00:00
Makefile.am
add send_to_kdc_plugin.h
2008-07-15 11:23:46 +00:00
mcache.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
misc.c
Windows likes little endian, so lets use that.
2007-06-19 10:10:58 +00:00
mit_glue.c
Add MIT glue for Kerberos RFC 3961 PRF functions.
2007-01-23 20:37:43 +00:00
mk_error.c
use rk_UNCONST
2005-06-16 21:16:40 +00:00
mk_priv.c
use krb5_set_error_message
2008-06-23 03:28:53 +00:00
mk_rep.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
mk_req_ext.c
(_krb5_mk_req_internal): use md5 for des-cbc-md4 and des-cbc-md5.
2006-12-27 12:07:22 +00:00
mk_req.c
add KRB5_LIB_FUNCTION to all exported functions
2004-05-25 21:46:46 +00:00
mk_safe.c
add KRB5_LIB_FUNCTION to all exported functions
2004-05-25 21:46:46 +00:00
n-fold-test.c
check return value of alloc functions, from Charles Longeau
2007-07-31 16:11:25 +00:00
n-fold.c
Revert "Use size_t where appropriate."
2008-04-08 14:51:33 +00:00
name-45-test.c
fix other place "bar" is used.
2007-01-08 13:35:49 +00:00
net_read.c
add KRB5_LIB_FUNCTION to all exported functions
2004-05-25 21:46:46 +00:00
net_write.c
add KRB5_LIB_FUNCTION to all exported functions
2004-05-25 21:46:46 +00:00
pac.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
padata.c
use krb5_set_error_message
2008-06-23 03:29:22 +00:00
parse-name-test.c
Free more of the allocated memory.
2005-12-02 14:14:43 +00:00
pkinit.c
close-on-exec
2008-07-27 12:10:10 +00:00
plugin.c
close-on-exec
2008-07-27 12:10:30 +00:00
principal.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
prog_setup.c
rename optind to optidx
2005-06-17 04:29:41 +00:00
prompter_posix.c
add KRB5_LIB_FUNCTION to all exported functions
2004-05-25 21:46:46 +00:00
rd_cred.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
rd_error.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
rd_priv.c
(krb5_rd_priv): clear error string.
2007-07-31 20:42:20 +00:00
rd_rep.c
use krb5_set_error_message
2008-06-23 03:29:56 +00:00
rd_req.c
Save the session ticket key when we know everything is fine and the
2008-07-26 18:35:44 +00:00
rd_safe.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
read_message.c
(krb5_read_message): clear error string.
2007-07-31 20:41:25 +00:00
recvauth.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
replay.c
close-on-exec
2008-07-27 12:16:37 +00:00
scache.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
send_to_kdc_plugin.h
add name for send_to_kdc plugin.
2008-07-15 11:26:29 +00:00
send_to_kdc.c
close-on-exec
2008-07-27 12:09:22 +00:00
sendauth.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
set_default_realm.c
use krb5_set_error_message
2008-06-23 03:30:41 +00:00
sock_principal.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
store_emem.c
Make compile on-pre c99 compilers. From Dennis Davis.
2008-02-05 20:31:55 +00:00
store_fd.c
(krb5_storage_from_fd): don't leak fd on malloc failure
2006-06-30 21:23:19 +00:00
store_mem.c
indent.
2007-04-11 11:16:28 +00:00
store-int.h
make the krb5_storage opaque, and add function wrappers for
2002-04-18 14:00:44 +00:00
store-test.c
Free more of the allocated memory.
2005-12-02 15:15:43 +00:00
store.c
its vs it\'s etc. From Bjorn Sandell
2007-11-14 20:04:50 +00:00
string-to-key-test.c
Free more of the allocated memory.
2005-12-02 15:15:43 +00:00
test_acl.c
#include <err.h>
2005-04-30 15:19:58 +00:00
test_addr.c
#include <err.h>
2005-04-30 15:19:58 +00:00
test_alname.c
rename optind to optidx
2005-06-17 04:48:02 +00:00
test_cc.c
skip unknown types
2008-06-24 23:49:39 +00:00
test_config.c
#include <err.h>
2005-04-30 15:19:58 +00:00
test_crypto_wrapping.c
Try to not leak memory.
2006-10-22 07:11:43 +00:00
test_crypto.c
Split encryption and s2k iterations to diffrent counters, 38seconds of
2005-11-24 09:57:50 +00:00
test_forward.c
Don't print krb5_error_code since we are using krb5_err().
2008-04-15 19:36:35 +00:00
test_get_addrs.c
rename optind to optidx
2005-06-17 04:48:02 +00:00
test_hostname.c
Testprogram for krb5_expand_hostname() and krb5_expand_hostname_realms().
2005-08-23 20:18:55 +00:00
test_keytab.c
no more krb4
2008-07-15 11:25:19 +00:00
test_kuserok.c
add <err.h>
2005-04-30 15:15:38 +00:00
test_mem.c
Rename logf to avoid shadowing.
2005-08-12 13:43:46 +00:00
test_pac.c
make work with cpp again, reported by Hai Zaar
2007-08-27 14:21:04 +00:00
test_pkinit_dh2key.c
Try to not leak memory.
2006-10-22 07:11:43 +00:00
test_pknistkdf.c
correct second half of key
2008-04-09 13:07:19 +00:00
test_plugin.c
expose krb5_plugin_register
2007-11-03 21:36:55 +00:00
test_prf.c
plug memory leak.
2007-06-03 14:23:20 +00:00
test_princ.c
its vs it\'s etc. From Bjorn Sandell
2007-11-14 20:04:50 +00:00
test_renew.c
Fix error message to match function called.
2008-03-24 12:06:04 +00:00
test_store.c
(test_uint16): unsigned ints can't be negative
2007-02-05 23:21:03 +00:00
test_time.c
Try to not leak memory.
2006-10-22 07:11:43 +00:00
ticket.c
use krb5_set_error_message
2008-06-23 03:30:49 +00:00
time.c
(krb5_set_real_time): handle negative usec
2008-06-21 15:22:37 +00:00
transited.c
use krb5_set_error_message
2008-06-23 04:32:32 +00:00
v4_glue.c
The "kaserver" part of Heimdal occasionally issues invalid AFS tokens
2008-07-28 15:01:05 +00:00
verify_init.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
verify_krb5_conf.8
spelling, from openbsd
2004-12-08 17:52:41 +00:00
verify_krb5_conf.c
Catch deprecated entries.
2008-01-27 11:55:30 +00:00
verify_user.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00
version-script.map
export krb5_set_kdc_sec_offset
2008-07-26 20:49:48 +00:00
version.c
remove advertising clause
1999-12-02 17:05:13 +00:00
warn.c
make compile
2008-05-29 02:13:41 +00:00
write_message.c
use krb5_set_error_message
2008-06-23 03:26:18 +00:00