Stefan Metzmacher [Fri, 25 Feb 2022 03:09:47 +0000 (04:09 +0100)]
kdc: don't fail salt_fastuser_crypto with r->req.req_body.cname == NULL for TGS-REQ
Joseph Sutton [Wed, 22 Jun 2022 08:01:12 +0000 (20:01 +1200)]
kdc: Add function to get current KDC time
Assists Samba to address CVE-2022-2031
This allows the plugin to check the endtime of a ticket against the
KDC's current time, to see if the ticket will expire in the next two
minutes.
Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Stefan Metzmacher [Thu, 24 Feb 2022 12:27:29 +0000 (13:27 +0100)]
kdc: add kdc_log() before _kdc_fast_mk_error() also for as-req
We already have the same for the tgs-req case.
Got lost in https://github.com/heimdal/heimdal/pull/964
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Mon, 28 Feb 2022 23:00:48 +0000 (12:00 +1300)]
krb5: Check for signed overflow
This avoids a compiler error:
../../third_party/heimdal/lib/krb5/krbhst.c: In function ‘srv_find_realm.constprop’:
../../third_party/heimdal/lib/krb5/krbhst.c:113:8: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
if (num_srv == 0) {
^
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Tue, 22 Feb 2022 20:53:27 +0000 (09:53 +1300)]
kdc: Reinstate publicly accessible configuration structure members
We add some specific configuration options into
KRB5_KDC_CONFIGURATION_COMMON_ELEMENTS, as otherwise Samba no longer has
any way to access those options, other than through the configuration
file.
This is an adaptation to Heimdal:
commit
b82815733598da9ba0807ad4754572276b6ffc06
Author: Luke Howard <lukeh@padl.com>
Date: Thu Jan 20 09:15:24 2022 +1100
kdc: add accessor functions for KDC request structure
Add accessor functions for use by Samba and other plugin developers.
Documentation is in kdc/kdc-accessors.h.
Joseph Sutton [Mon, 21 Feb 2022 06:47:14 +0000 (19:47 +1300)]
kuser: Avoid conflicting macro definitions
This avoids a conflict introduced in:
commit
78b3507131482d0a5d2c0b362a0970a6d0e4025d
Author: Nicolas Williams <nico@twosigma.com>
Date: Wed Dec 15 16:17:52 2021 -0600
kinit: Use optimistic anon PKINIT armored FAST
Now that we can optimistically try FAST w/ anon PINIT armor, we should
do so in kinit whenever it makes sense.
Stefan Metzmacher [Mon, 6 Apr 2020 13:16:42 +0000 (15:16 +0200)]
krb5: Set canonicalize flag for enterprise principals
Stefan Metzmacher [Wed, 1 Apr 2020 21:09:57 +0000 (23:09 +0200)]
lib/krb5: allow access to anonymous mcache entries via name
The idea of anonymous mcache entries is that they won't be
included in the global ccache collection. But at the
same time they should be accessable via a name.
There might be better ways to do this, e.g. let the
caller specify a name like 'anonymous-application-key1'.
But we need a way to use MEMORY ccaches for different
security contexts, without the fear that they are randomly
used from the global list.
The better way would have been to opt-in in order to
fill the global ccache collection.
See
7e858c51b690ff0322766b328f60b41bc38d4ae3 for (at least part)
of the mess... there should not be a single global ccache collection
for MEMORY: ccaches! That is a security problem for applications
which used to be able to switch between different MEMORY ccaches!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 26 Sep 2017 03:34:38 +0000 (16:34 +1300)]
lib/krb5: Fix loss of information in _gsskrb5_canon_name() from call to krb5_sname_to_principal()
This would discard the realm the client specified.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 26 Sep 2017 02:11:53 +0000 (15:11 +1300)]
lib/krb5: Honour KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME in parse_name_canon_rules()
This is called from gsskrb5_set_dns_canonicalize() and krb5_set_dns_canonicalize_hostname()
and is used by Samba to ensure that the AD DC sees the name as specified by the client.
We allow the krb5.conf to override, if specifically configured.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 5 Sep 2018 02:50:00 +0000 (14:50 +1200)]
kdc: Change KDC to respect HDB server name type if f.canonicalize is set
This changes behaviour flagged as being for Java 1.6. My hope is that this does not
set f.canonicalize
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 16 Nov 2021 06:59:44 +0000 (19:59 +1300)]
kdc: Don't conceal error code when using FAST
This matches Windows behaviour, which also places the error code in the
outer error.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Tue, 14 Dec 2021 01:19:15 +0000 (14:19 +1300)]
kdc: Send ETYPE-INFO2 instead of PW-SALT for validated timestamp
This matches Windows behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Tue, 25 Oct 2022 19:18:33 +0000 (08:18 +1300)]
Adapt apply_heimdal.sh to new Heimdal location in Samba
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 8 Nov 2017 12:18:29 +0000 (13:18 +0100)]
kdc: use the correct authtime from addtitional ticket for S4U2Proxy tickets
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13137
Signed-off-by: Stefan Metzmacher <metze@samba.org>
MR: https://github.com/heimdal/heimdal/pull/1156
Stefan Metzmacher [Wed, 20 Sep 2017 21:05:09 +0000 (23:05 +0200)]
kdc: if we don't have an authenticator subkey for S4U2Proxy we need to use the keys from evidence_tkt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13131
Signed-off-by: Stefan Metzmacher <metze@samba.org>
MR: https://github.com/heimdal/heimdal/pull/1156
Stefan Metzmacher [Wed, 20 Sep 2017 21:05:09 +0000 (23:05 +0200)]
kdc: decrypt b->enc_authorization_data in tgs_build_reply()
We need to do this after checking for constraint delegation (S4U2Proxy).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13131
Signed-off-by: Stefan Metzmacher <metze@samba.org>
MR: https://github.com/heimdal/heimdal/pull/1156
Stefan Metzmacher [Wed, 20 Sep 2017 21:05:09 +0000 (23:05 +0200)]
kdc: fix memory leak when decryption AuthorizationData
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13131
Signed-off-by: Stefan Metzmacher <metze@samba.org>
MR: https://github.com/heimdal/heimdal/pull/1156
Stefan Metzmacher [Fri, 4 Mar 2022 23:39:14 +0000 (00:39 +0100)]
kdc: remember kvno numbers for longterm key pre-auth
Signed-off-by: Stefan Metzmacher <metze@samba.org>
MR: https://github.com/heimdal/heimdal/pull/970
Stefan Metzmacher [Tue, 15 Feb 2022 17:26:55 +0000 (18:26 +0100)]
kdc: add KDC_AUTH_EVENT_HISTORIC_LONG_TERM_KEY support in pa_enc_chal_validate()
If the pre-authentication fails using the keys belonging to the current
kvno, we'll retry it with 2 passwords from the password history.
If we find such passwords were used for the pre-authentication,
we change KDC_AUTH_EVENT_WRONG_LONG_TERM_KEY into
KDC_AUTH_EVENT_HISTORIC_LONG_TERM_KEY.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze@samba.org>
MR: https://github.com/heimdal/heimdal/pull/970
Stefan Metzmacher [Tue, 15 Feb 2022 16:16:47 +0000 (17:16 +0100)]
kdc: add KDC_AUTH_EVENT_HISTORIC_LONG_TERM_KEY support in pa_enc_ts_validate()
If the pre-authentication fails using the keys belonging to the current
kvno, we'll retry it with 2 passwords from the password history.
If we find such passwords were used for the pre-authentication,
we change KDC_AUTH_EVENT_WRONG_LONG_TERM_KEY into
KDC_AUTH_EVENT_HISTORIC_LONG_TERM_KEY.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze@samba.org>
MR: https://github.com/heimdal/heimdal/pull/970
Stefan Metzmacher [Mon, 7 Feb 2022 18:48:18 +0000 (19:48 +0100)]
kdc: add KDC_AUTH_EVENT_HISTORIC_LONG_TERM_KEY value
This will be used to indicate that a historic password was
able to fullfil the pre-authentication. We'll still
fail the pre-authentication but pass
KDC_AUTH_EVENT_HISTORIC_LONG_TERM_KEY instead of
KDC_AUTH_EVENT_WRONG_LONG_TERM_KEY. It will allow
the hdb backend to avoid to lock out the account in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze@samba.org>
MR: https://github.com/heimdal/heimdal/pull/970
Stefan Metzmacher [Fri, 4 Mar 2022 23:24:41 +0000 (00:24 +0100)]
kdc: add success logging to pa_enc_chal_validate()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
MR: https://github.com/heimdal/heimdal/pull/970
Stefan Metzmacher [Tue, 15 Feb 2022 17:13:23 +0000 (18:13 +0100)]
kdc: split out pa_enc_chal_decrypt_kvno() from pa_enc_chal_validate()
This will simplify support for historic passwords in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze@samba.org>
MR: https://github.com/heimdal/heimdal/pull/970
Stefan Metzmacher [Tue, 15 Feb 2022 16:15:57 +0000 (17:15 +0100)]
kdc: split out pa_enc_ts_decrypt_kvno() from pa_enc_ts_validate()
This will simplify support for historic passwords in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze@samba.org>
MR: https://github.com/heimdal/heimdal/pull/970
Joseph Sutton [Tue, 1 Mar 2022 00:56:25 +0000 (13:56 +1300)]
lorikeet-heimdal: Move Heimdal into third_party directory
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Mon, 10 Sep 2018 21:13:07 +0000 (16:13 -0500)]
lorikeet-heimdal: modernize URLs in helper scripts
We have moved some repos and have https these days
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 10 Sep 2018 21:05:40 +0000 (16:05 -0500)]
lorikeet-heimdal: import-lorikeet: Use --no-verify when importing heimdal
This allows us to import byte-for-byte files even if they have whitespace "errors".
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 5 Sep 2018 02:04:44 +0000 (14:04 +1200)]
lorikeet-heimdal: apply_heimdal: Try harder to apply patches from Samba
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 5 Sep 2018 01:57:35 +0000 (13:57 +1200)]
lorikeet-heimdal: apply_heimdal: Only show the Heimdal part of the patch to cherry-pick
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 5 Sep 2018 01:45:04 +0000 (13:45 +1200)]
lorikeet-heimdal: Include Samba commit in cherry-picked patches
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 21 Feb 2014 02:58:20 +0000 (15:58 +1300)]
lorikeet-heimdal: improve apply_heimdal.sh
Andrew Bartlett [Wed, 19 Feb 2014 09:06:57 +0000 (22:06 +1300)]
lorikeet-heimdal: specify hash to heimdal import, rather than using the date
Jelmer Vernooij [Fri, 26 Oct 2012 14:34:47 +0000 (06:34 -0800)]
lorikeet-heimdal: rebase-lorikeet: Explicitly use bash.
Standard sh doesn't have pushd/popd.
Andrew Tridgell [Wed, 1 Dec 2010 02:00:08 +0000 (13:00 +1100)]
lorikeet-heimdal: Add a new script to help merging patches from Samba4 to heimdal
Stefan Metzmacher [Thu, 14 Jul 2011 14:24:37 +0000 (16:24 +0200)]
lorikeet-heimdal: improve import-lorikeet.sh for the toplevel build
metze
Andrew Bartlett [Tue, 30 Nov 2010 23:54:49 +0000 (10:54 +1100)]
lorikeet-heimdal: Improve the heimdal import scripts
Stefan Metzmacher [Fri, 27 Mar 2009 06:31:11 +0000 (07:31 +0100)]
lorikeet-heimdal: add scipts to rebase and import the latest version into samba4
If you use this scripts, read them! :-)
metze
[abartlet@samba.org Removed lexyacc build step as this is no longer required
in Samba, which builds the files at compile time]
Stefan Metzmacher [Fri, 22 Aug 2008 09:57:06 +0000 (11:57 +0200)]
lorikeet-heimdal: add HEIMDAL-LICENCE.txt
metze
Stefan Metzmacher [Fri, 22 Aug 2008 09:43:50 +0000 (11:43 +0200)]
lorikeet-heimdal: camellia-ntt GPLv2+ license
metze
Stefan Metzmacher [Fri, 22 Aug 2008 09:42:21 +0000 (11:42 +0200)]
lorikeet-heimdal: autogen.sh modifications
metze
Nicolas Williams [Thu, 21 Sep 2023 21:56:45 +0000 (16:56 -0500)]
asn1: Do not emit the same ASN.1 C comments repeatedly
Nicolas Williams [Thu, 21 Sep 2023 21:56:11 +0000 (16:56 -0500)]
asn1: Do not emit extra typedefs that cause warnings
Andrew Sim [Sat, 10 Jun 2023 07:00:24 +0000 (09:00 +0200)]
Use perl module JSON:PP, part of core, instead of JSON package
This patch removes the need for an external package.
Ported from
https://github.com/openwrt/packages/blob/master/net/samba4/patches/105-perl-json-pp.patch
https://github.com/openwrt/packages/commit/
402f4ba4eff65b80a9deaa6085256112bec4d67b#diff-
208d4e0345c9d29fbec23d6f655ba794afd3052f5cb8dd73944db72ce81b847b
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Nicolas Williams [Mon, 5 Jun 2023 03:55:54 +0000 (22:55 -0500)]
kdc: Add global disable_pac config param
Nicolas Williams [Mon, 5 Jun 2023 03:55:28 +0000 (22:55 -0500)]
httpkadmind: Add auth-data-reqd attribute
Nicolas Williams [Mon, 5 Jun 2023 03:55:13 +0000 (22:55 -0500)]
kadmin: Add auth-data-reqd attribute
Nicolas Williams [Mon, 5 Jun 2023 03:54:28 +0000 (22:54 -0500)]
kadm5: Add KRB5_KDB_AUTH_DATA_REQUIRED attribute
Nicolas Williams [Mon, 5 Jun 2023 03:54:03 +0000 (22:54 -0500)]
hdb: Add auth-data-reqd flag
Nicolas Williams [Thu, 18 May 2023 02:17:13 +0000 (21:17 -0500)]
kdc: Honor no-auth-data-reqd on cross-real TGTs
Nowadays we use PACs instead of AD-SIGNEDPATH, so we want a PAC on every
TGT, but we don't necessarily want PACs on cross-realm TGTs.
Specifically, we don't interop well yet with AD when issuing cross-realm
TGTs with AD realms as the destination realm (see #1091).
Taylor R Campbell [Wed, 21 Jun 2023 23:08:32 +0000 (23:08 +0000)]
Makefile.am: Set AM_YFLAGS and AM_LFLAGS, not YFLAGS or LFLAGS.
YFLAGS and LFLAGS are reserved for the user to set, not for makefiles
to set:
https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
fix https://github.com/heimdal/heimdal/issues/1171
Taylor R Campbell [Thu, 25 May 2023 23:07:13 +0000 (23:07 +0000)]
Pass -d to yacc(1) so it generates the header file.
Bison must generate this unsolicited, but BSD yacc does not.
The makefiles for lib/com_err and lib/sl already did this; this
change just adds it to lib/asn1 and lib/hx509 too.
fix https://github.com/heimdal/heimdal/issues/1100
Taylor R Campbell [Wed, 21 Jun 2023 01:54:46 +0000 (01:54 +0000)]
kinit: Update SecKeychainFindGenericPassword to SecItemCopyMatching.
Tested on macOS Venture 13.4. Not sure if this requires some
compatibility ifdefs for older macOS.
fix https://github.com/heimdal/heimdal/issues/1168
Taylor R Campbell [Sat, 27 May 2023 10:36:35 +0000 (10:36 +0000)]
hdb/hdb-mitdb: Nix unused variable key_data in mdb_seq.
key_data is unused. Presumably this was copypasta from DB_seq in
hdb/db.c, where it is used for the Heimdal database format in which
the value may be missing a principal but it can be recovered from the
key. In contrast, the mit-krb5 format appears to always store the
principal in the value and _hdb_mdb_value2entry always retrieves it,
with no need for a key2principal fallback.
fix https://github.com/heimdal/heimdal/issues/1102
Taylor R Campbell [Fri, 26 May 2023 02:02:53 +0000 (02:02 +0000)]
gssmask: Use asprintf to avoid having to think about max uname.
This way there is no truncation and no build failure due to
-Werror=format-truncation as is the default in some compilers, such
as gcc7.4 with -Wall -Werror.
This is presumably not space-constrained or performance-critical; the
very next thing it does is another asprintf and frees it immediately.
And uname is not usually under any adversary's control.
fix https://github.com/heimdal/heimdal/issues/1105
Joseph Sutton [Mon, 12 Jun 2023 04:20:06 +0000 (16:20 +1200)]
kdc: Overwrite ‘error_code’ only if we have an actual error
‘r->error_code’ might have been set earlier, and we don’t want to
overwrite it with a successful error code.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Wed, 7 Jun 2023 04:21:37 +0000 (16:21 +1200)]
kdc: Ensure that we emit a non-zero error code
If ‘r->error_code’ was zero, we would turn it into an ERR_GENERIC error
and return that to the client. Now we return the actual error code
instead.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Tue, 9 May 2023 23:11:14 +0000 (11:11 +1200)]
kdc: Fix discarded qualifiers warning
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Thu, 27 Apr 2023 01:11:40 +0000 (13:11 +1200)]
kdc: Don’t abort if krb5_generate_random_keyblock() fails
There are a few reasons that this function could fail (e.g., failure to
allocate memory) besides random number generation being unavailable. No
other caller abort()s on failure like this.
Furthermore, krb5_generate_random_block(), which is called by
krb5_generate_random_keyblock(), already aborts if random generation
fails.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Wed, 26 Apr 2023 05:01:05 +0000 (17:01 +1200)]
kdc: Fix missing space in log messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Wed, 26 Apr 2023 04:55:34 +0000 (16:55 +1200)]
kdc: Remove trailing space from log message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Tue, 25 Apr 2023 23:52:21 +0000 (11:52 +1200)]
kdc: Remove trailing space from log message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Mon, 9 Jan 2023 03:31:48 +0000 (16:31 +1300)]
krb5: Return appropriate error code
Joseph Sutton [Wed, 14 Dec 2022 01:28:08 +0000 (14:28 +1300)]
kdc: Fix log message typo
Joseph Sutton [Fri, 23 Sep 2022 04:58:36 +0000 (16:58 +1200)]
third_party/heimdal: Fix deprecation messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Siva Mahadevan [Mon, 19 Jun 2023 18:36:55 +0000 (14:36 -0400)]
kadmin/check: move error messages to stderr
This helps with certain automation tools, such as ansible, that usually
expect failure to be visible in stderr.
Other minor changes:
* replace "doesn't" with "does not" to keep messages consistent and
avoid escaping quotes in grep, etc.
* add newlines
Robert Manner [Wed, 11 Jan 2023 15:24:23 +0000 (16:24 +0100)]
hx509/hxtool.c: ensure parse_bytes() result does not overflow
Robert Manner [Fri, 18 Nov 2022 13:49:37 +0000 (14:49 +0100)]
asn1/check-gen.c: disable some non working bignum tests on 32 bit systems
Robert Manner [Wed, 11 Jan 2023 15:02:23 +0000 (16:02 +0100)]
kcm,kdc/config.c: detect too big max_request sizes (>= 64 MB)
Robert Manner [Tue, 8 Nov 2022 13:47:40 +0000 (14:47 +0100)]
roken/parse_bytes: fix test for >= terabyte units on 32 bit systems
On 32 bit systems, sizeof(ssize_t) and sizeof(unsigned long aka UL) is
32 bits which is not able to hold the value of a terabyte.
Taylor R Campbell [Sun, 28 May 2023 20:34:34 +0000 (20:34 +0000)]
krb5: Make heimdal_version and heimdal_long_version const.
Pretty sure it is not useful for applications to be able to write to
this.
However, caveat: this could break programs that expect to pass around
&heimdal_version or &heimdal_long_version to functions that expect
pointers to non-const objects even if they don't modify them.
Taylor R Campbell [Sun, 28 May 2023 21:13:55 +0000 (21:13 +0000)]
com_err: Constify xyz_error_strings arrays.
Note: This changes the types of public symbols. It is unlikely that
any applications would rightly _write_ to these arrays, but it is
possible they might require some UNCONST in order to pass the
pointers to other functions that are missing const qualifiers.
Taylor R Campbell [Sun, 28 May 2023 19:06:40 +0000 (19:06 +0000)]
krb5/constants.c: Make some constants constant.
This changes the public header file but I doubt it was ever intended
that applications could change these by writing to them. (Not sure
why they're not declared as const arrays in any case.)
Taylor R Campbell [Sun, 28 May 2023 21:11:56 +0000 (21:11 +0000)]
ipc/client.c: Make never-modified global ipcstable const.
Taylor R Campbell [Sun, 28 May 2023 21:11:36 +0000 (21:11 +0000)]
krb5/send_to_kdc.c: Constify plugin stuff.
Taylor R Campbell [Sun, 28 May 2023 21:11:26 +0000 (21:11 +0000)]
krb5/pcache.c: Constify plugin stuff.
Taylor R Campbell [Sun, 28 May 2023 21:11:14 +0000 (21:11 +0000)]
krb5/kuserok.c: Constify plugin stuff.
Taylor R Campbell [Sun, 28 May 2023 21:10:45 +0000 (21:10 +0000)]
krb5/krbhst.c: Constify plugin stuff.
Taylor R Campbell [Sun, 28 May 2023 21:10:32 +0000 (21:10 +0000)]
krb5/db_plugin.c: Constify plugin stuff.
Taylor R Campbell [Sun, 28 May 2023 21:07:25 +0000 (21:07 +0000)]
krb5/aname_to_localname.c: Constify plugin stuff.
Taylor R Campbell [Sun, 28 May 2023 21:05:50 +0000 (21:05 +0000)]
krb5/plugin.c: Constify.
Taylor R Campbell [Sun, 28 May 2023 21:00:15 +0000 (21:00 +0000)]
base/plugin.c: Constify.
As a bonus, eliminate an unnecessary rk_UNCONST.
Taylor R Campbell [Sun, 28 May 2023 20:29:48 +0000 (20:29 +0000)]
krb5/send_to_kdc.c: Sprinkle const on global data never changed.
Taylor R Campbell [Sun, 28 May 2023 20:27:14 +0000 (20:27 +0000)]
libkrb5, libkdc: Constify salted s2k default iterator counts.
These externs should really be in a .h file shared by definition and
usage sites so the C compiler can verify that they match.
Taylor R Campbell [Sun, 28 May 2023 20:24:53 +0000 (20:24 +0000)]
krb/pac.c: Sprinkle const on global data never changed.
Taylor R Campbell [Sun, 28 May 2023 20:17:11 +0000 (20:17 +0000)]
krb5/init_creds_pw.c: Sprinkle const on global data not changed.
Taylor R Campbell [Sun, 28 May 2023 19:51:02 +0000 (19:51 +0000)]
krb5/get_in_tkt.c: Sprinkle const on global data never changed.
Taylor R Campbell [Sun, 28 May 2023 19:47:39 +0000 (19:47 +0000)]
krb5/get_host_realm.c: Sprinkle const on global data never changed.
Taylor R Campbell [Sun, 28 May 2023 19:13:12 +0000 (19:13 +0000)]
krb5/context.c: Sprinkle const for global data never changed.
Taylor R Campbell [Sun, 28 May 2023 19:10:27 +0000 (19:10 +0000)]
krb5/changepw.c: Sprinkle const for global data never changed.
Taylor R Campbell [Sun, 28 May 2023 18:59:43 +0000 (18:59 +0000)]
krb5/addr_families.c: Sprinkle const for global data never changed.
Taylor R Campbell [Sun, 28 May 2023 20:13:58 +0000 (20:13 +0000)]
libheimbase: Allow static const heim types.
Taylor R Campbell [Sun, 28 May 2023 20:21:05 +0000 (20:21 +0000)]
krb5/mk_error.c: Constify and rk_UNCONST a static buffer.
This is almost certainly intended never to be written to, so let's
let the operating system detect that mistake for us by mapping it in
a .rodata segment mapped read-only that will cause SIGSEGV on write.
fix https://github.com/heimdal/heimdal/issues/1136
Taylor R Campbell [Sun, 28 May 2023 20:08:15 +0000 (20:08 +0000)]
krb5_decrypt_iov_ivec: Make sure const zero IV is actually const.
This way if anything _does_ write to it, it has the opportunity to be
caught by SIGSEGV, by having zero_ivec in a .rodata segment mapped
read-only.
fix https://github.com/heimdal/heimdal/issues/1135
Joseph Sutton [Tue, 16 May 2023 05:06:17 +0000 (17:06 +1200)]
kdc: Pass in HDB_F_ARMOR_PRINCIPAL when fetching armor ticket client principal
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Tue, 16 May 2023 05:05:49 +0000 (17:05 +1200)]
hdb: Add flag to indicate a fetch for the client of an armor ticket
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Tue, 16 May 2023 05:03:44 +0000 (17:03 +1200)]
kdc: Have caller pass HDB_F_FOR_TGS_REQ into _kdc_fast_check_armor_pac()
We shall soon want to use this function for AS-REQs as well as TGS-REQs.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Stefan Metzmacher [Thu, 29 Dec 2022 10:19:02 +0000 (11:19 +0100)]
kdc: don't announce KRB5_PADATA_GSS unless gss_preauth is enabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15273
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 29 Dec 2022 10:18:22 +0000 (11:18 +0100)]
kdc: don't announce KRB5_PADATA_PKINIT_KX unless anonymous is allowed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15273
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 29 Dec 2022 10:16:06 +0000 (11:16 +0100)]
kdc: don't announce KRB5_PADATA_FX_FAST unless fast is enabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15273
Signed-off-by: Stefan Metzmacher <metze@samba.org>