Isaac Boukris [Wed, 31 Oct 2018 19:46:45 +0000 (21:46 +0200)]
tgs-rep: always return canonical realm
even if canonicalize falg is not set, same as Windows.
Regression introduced by upstream commit:
378f34b4be9865ed3949918fba8d2dd877b395c0
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
(cherry picked from Samba commit
a9e6119ca0c2a78ef314c3162122539ee834aa04)
Andrew Bartlett [Thu, 20 Sep 2018 23:36:18 +0000 (16:36 -0700)]
kdc: Provide flag to hint to KDC that this is a FAST key lookup
For Samba the fast key is not stored in the replicated DB, so
this helps Samba find it in the Samba hdb module.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 5 Sep 2018 05:41:57 +0000 (17:41 +1200)]
TODO: auth: For NTLM and KDC authentication, log the authentication duration
This is not a general purpose profiling solution, but these JSON logs are already being
generated and stored, so this is worth adding.
Some administrators are very keen to know how long authentication
takes, particularly due to long replication transactions in other
processes.
This complements a similar patch set to log the transaction duration.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(Simlar to Samba commit
1bb2a1c6b3eaccf114ac3f3b5b51f57828a04996)
[metze@samba.org: improved for upstream heimdal]
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 5 Sep 2018 05:35:47 +0000 (17:35 +1200)]
lib/krb5 correctly follow KRB5_KDC_ERR_WRONG_REALM client referrals
An AS-REQ with an enterprise principal will always directed to a kdc of the local
(default) realm. The KDC directs the client into the direction of the
final realm. See rfc6806.txt.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from Samba commit
fca11edc0b476f5b87b3301da32fd0409d9590c7)
Andrew Bartlett [Tue, 26 Sep 2017 03:34:38 +0000 (16:34 +1300)]
TODO CHECK heimdal: Fix loss of information in _gsskrb5_canon_name() from call to krb5_sname_to_principal()
This would discard the realm the client specified.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 26 Sep 2017 02:11:53 +0000 (15:11 +1300)]
heimdal: Honour KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME in parse_name_canon_rules()
This is called from gsskrb5_set_dns_canonicalize() and krb5_set_dns_canonicalize_hostname()
and is used by Samba to ensure that the AD DC sees the name as specified by the client.
We allow the krb5.conf to override, if specifically configured.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 21 Feb 2017 01:07:54 +0000 (14:07 +1300)]
TODO: heimdal: Pass extra information to hdb_auth_status() to log success and failures
We now pass on the original client name and the client address to allow
consistent audit logging in Samba across multiple protocols.
We use config->db[0] to find the first database to record incorrect
users.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(Similar to Samba commit
f498ba77df2313e78863e5f2706840c43e232a96)
[metze@samba.org: improved for heimdal upstream]
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 5 Sep 2018 02:50:00 +0000 (14:50 +1200)]
Change KDC to respect HDB server name type if f.canonicalize is set
This changes behaviour flagged as being for Java 1.6. My hope is that this does not
set f.canonicalize
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 5 Sep 2018 02:49:57 +0000 (14:49 +1200)]
Export krb5_init_creds_* functions
The function krb5_get_init_creds_opt_get_error() is deprecated and
krb5_init_creds_init() and krb5_init_creds_get_error() should be used
now.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from Samba commit
e4f82de7716e91a1c512a8c37ca768b591029a4a)
Stefan Metzmacher [Wed, 5 Sep 2018 02:49:54 +0000 (14:49 +1200)]
lib/krb5 correctly follow KRB5_KDC_ERR_WRONG_REALM client referrals
An AS-REQ with an enterprise principal will always directed to a kdc of the local
(default) realm. The KDC directs the client into the direction of the
final realm. See rfc6806.txt.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from Samba commit
fca11edc0b476f5b87b3301da32fd0409d9590c7)
Andrew Bartlett [Mon, 25 Nov 2013 01:13:02 +0000 (14:13 +1300)]
heimdal: Match windows and return KRB5KDC_ERR_CLIENT_REVOKED when the account is locked out
Change-Id: I3c306d1516aa569549f5f024fe1fff2d4f2abefc
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from Samba commit
580a705b83014e94556b9d5a8877406816e02190)
Stefan Metzmacher [Sun, 29 Jan 2017 16:19:14 +0000 (17:19 +0100)]
HEIMDAL:kdc: make it possible to disable the principal based referral detection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 25 Jul 2011 07:23:52 +0000 (09:23 +0200)]
lib/krb5: windows KDCs always return the canoncalized server principal
Is there a better way to handle this?
metze
Stefan Metzmacher [Fri, 22 Aug 2008 09:45:26 +0000 (11:45 +0200)]
HACK: Netbios Domain as Realm
This is really a ugly hack, to support using the Netbios Domain Name
as realm against windows KDC's, they always return the full realm
based on the DNS Name.
metze
Stefan Metzmacher [Wed, 14 Sep 2016 22:07:27 +0000 (00:07 +0200)]
kdc: use the correct kvno number for PKINIT in the AS-REP
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 18 May 2016 15:07:42 +0000 (17:07 +0200)]
kdc: add krb5plugin_windc_pac_pk_generate() hook
This allows PAC_CRENDENTIAL_INFO to be added to the PAC
when using PKINIT. In that case PAC_CRENDENTIAL_INFO contains
an encrypted PAC_CRENDENTIAL_DATA.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to Samba commit
0022ea9efb0e7809fa2d060b294320eb0479cdd2)
Gary Lockyer [Wed, 20 Sep 2017 03:35:10 +0000 (15:35 +1200)]
Align locked out account behaviour with Windows
Windows does not check the password on an account that has been locked.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Andreas Schneider [Wed, 5 Sep 2018 02:49:59 +0000 (14:49 +1200)]
Fix size types
Upstream pull request:
https://github.com/heimdal/heimdal/pull/354
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(parts of cherry picked Samba commit
72979d1d60ca2eab1e7903c2e77b8cca69667691)
Andrew Bartlett [Mon, 10 Sep 2018 21:13:07 +0000 (16:13 -0500)]
lorikeet-heimdal: modernize URLs in helper scripts
We have moved some repos and have https these days
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 10 Sep 2018 21:05:40 +0000 (16:05 -0500)]
lorikeet-heimdal: import-lorikeet: Use --no-verify when importing heimdal
This allows us to import byte-for-byte files even if they have whitespace "errors".
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 5 Sep 2018 02:04:44 +0000 (14:04 +1200)]
lorikeet-heimdal: apply_heimdal: Try harder to apply patches from Samba
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 5 Sep 2018 01:57:35 +0000 (13:57 +1200)]
lorikeet-heimdal: apply_heimdal: Only show the Heimdal part of the patch to cherry-pick
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 5 Sep 2018 01:45:04 +0000 (13:45 +1200)]
lorikeet-heimdal: Include Samba commit in cherry-picked patches
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 21 Feb 2014 02:58:20 +0000 (15:58 +1300)]
lorikeet-heimdal: improve apply_heimdal.sh
Andrew Bartlett [Wed, 19 Feb 2014 09:06:57 +0000 (22:06 +1300)]
lorikeet-heimdal: specify hash to heimdal import, rather than using the date
Jelmer Vernooij [Tue, 21 Dec 2010 14:17:30 +0000 (15:17 +0100)]
lorikeet-heimdal: remove obsolete script for importing from svn.
Stefan Metzmacher [Fri, 22 Aug 2008 09:57:36 +0000 (11:57 +0200)]
lorikeet-heimdal: add IMPORT-HEIMDAL.sh
I think this can be removed...
metze
Jelmer Vernooij [Fri, 26 Oct 2012 14:34:47 +0000 (06:34 -0800)]
lorikeet-heimdal: rebase-lorikeet: Explicitly use bash.
Standard sh doesn't have pushd/popd.
Andrew Tridgell [Wed, 1 Dec 2010 02:00:08 +0000 (13:00 +1100)]
lorikeet-heimdal: Add a new script to help merging patches from Samba4 to heimdal
Stefan Metzmacher [Thu, 14 Jul 2011 14:24:37 +0000 (16:24 +0200)]
lorikeet-heimdal: improve import-lorikeet.sh for the toplevel build
metze
Andrew Bartlett [Tue, 30 Nov 2010 23:54:49 +0000 (10:54 +1100)]
lorikeet-heimdal: Improve the heimdal import scripts
Stefan Metzmacher [Fri, 27 Mar 2009 06:31:11 +0000 (07:31 +0100)]
lorikeet-heimdal: add scipts to rebase and import the latest version into samba4
If you use this scripts, read them! :-)
metze
Stefan Metzmacher [Fri, 22 Aug 2008 09:58:18 +0000 (11:58 +0200)]
lorikeet-heimdal: add wrap_ex_ntlm.diff from abartlet
metze
Stefan Metzmacher [Fri, 22 Aug 2008 09:57:06 +0000 (11:57 +0200)]
lorikeet-heimdal: add HEIMDAL-LICENCE.txt
metze
Stefan Metzmacher [Fri, 22 Aug 2008 09:43:50 +0000 (11:43 +0200)]
lorikeet-heimdal: camellia-ntt GPLv2+ license
metze
Stefan Metzmacher [Fri, 22 Aug 2008 09:42:21 +0000 (11:42 +0200)]
lorikeet-heimdal: autogen.sh modifications
metze
Nicolas Williams [Mon, 27 Apr 2020 22:56:53 +0000 (17:56 -0500)]
hcrypto: Fix more warnings (rsa-ltm)
Luke Howard [Mon, 27 Apr 2020 21:38:31 +0000 (07:38 +1000)]
gss: unconditionally set certain flags in SAnon ISC
SAnon unconditionally sets the replay, sequence, confidentiality, and integrity
flags on the acceptor; do so on the initiator as well. Some indentation
cleanups are also included in this commit.
Nicolas Williams [Mon, 27 Apr 2020 16:07:29 +0000 (11:07 -0500)]
hcrypto: Fix leaks in test_rsa.c
Nicolas Williams [Mon, 27 Apr 2020 03:10:39 +0000 (22:10 -0500)]
hcrypto: Better RSA key generation (ltm)
Nicolas Williams [Sun, 26 Apr 2020 22:25:29 +0000 (17:25 -0500)]
hcrypto: Fix warnings in LTM
Luke Howard [Mon, 27 Apr 2020 12:38:19 +0000 (22:38 +1000)]
doc: update to draft-howard-gss-sanon-13.txt
Luke Howard [Mon, 27 Apr 2020 12:32:59 +0000 (22:32 +1000)]
gss: mask out SAnon req_flags after computing session key
In SAnon, the optional flags send in the initial context token are input into
the key derivation function. Mask out the flags we wish to ignore after (not
before) calling the key derivation function, as the initiator may not know
which flags we wish to ignore.
Luke Howard [Mon, 27 Apr 2020 08:44:02 +0000 (18:44 +1000)]
gss: fix signedness on is_initiator bitfield
In SAnon:
The is_initiator bitfield must be unsigned to avoid undefined behaviour, as
there is only a single bit defined. Thanks to Nico Williams for explaining
this.
Luke Howard [Mon, 27 Apr 2020 04:52:10 +0000 (14:52 +1000)]
gss: update SAnon for draft-howard-gss-sanon-13
draft-howard-gss-sanon-13 will move extended (RFC4757) flags from the NegoEx
metadata to an optional component of the initial context token
Luke Howard [Mon, 27 Apr 2020 05:10:29 +0000 (15:10 +1000)]
gss: don't use mechglue private header in SPNEGO
Unbreak last commit, including mech_locl.h in SPNEGO appears to break Windows
builds
Luke Howard [Mon, 27 Apr 2020 04:38:33 +0000 (14:38 +1000)]
gss: initialize output parameters in NegoEx
NegoEx failed to initialize output parameters in _gss_negoex_{init,accept}
which could lead it to crash if the underlying mechanism returned an error.
Luke Howard [Mon, 27 Apr 2020 01:15:49 +0000 (11:15 +1000)]
gss: initialize *minor in _gss_sanon_inquire_cred()
Nicolas Williams [Sun, 26 Apr 2020 05:53:29 +0000 (00:53 -0500)]
sanon: Fix flags and ctx export/import confusion
We were passing SANON flags to _gss_mg_import_rfc4121_context(), which
wants GSS flags. Meanwhile, I broke gss_inquire_context() on imported
SAnon contexts when I did my review of SAnon.
This commit fixes both issues and removes SANON_FLAG_*, which were only
ever needed because of a flag to track whether a context was locally
initiated or accepted. Now we use a separate int field of the sanon_ctx
to track whether a context was locally initiated. Once an SAnon context
is fully established, we rely on gss_inquire_context() on the rfc4121
sub-context for all metadata that isn't the initiator and acceptor names
nor the mechanism OID.
Nicolas Williams [Sun, 26 Apr 2020 05:59:08 +0000 (00:59 -0500)]
krb5: Fix warning in krb5_get_error_string()
Nicolas Williams [Sun, 26 Apr 2020 04:16:40 +0000 (23:16 -0500)]
krb5: Fix display_status() incorrect major status
Luke Howard [Mon, 30 Dec 2019 10:07:04 +0000 (21:07 +1100)]
gss: SAnon - the Simple Anonymous GSS-API mechanism
Add support for SAnon, a simple key agreement protocol that provides no
authentication of initiator or acceptor using x25519 ECDH key exchange.
See doc/standardization/draft-howard-gss-sanon-xx.txt for a protocol
description.
Luke Howard [Mon, 30 Dec 2019 10:07:04 +0000 (21:07 +1100)]
hcrypto: Add X25519
The X25519 implementation comes from libsodium. Explicit copyright
notices have been added to each file as well as some portability changes
(e.g. align.h).
Nicolas Williams [Sat, 25 Apr 2020 22:19:25 +0000 (17:19 -0500)]
gss: Fix some test leaks
Nicolas Williams [Sat, 25 Apr 2020 00:04:50 +0000 (19:04 -0500)]
spnego: Also use mechglue names
Nicolas Williams [Sat, 25 Apr 2020 00:05:07 +0000 (19:05 -0500)]
Revert "travis: Use ccache to speed up builds"
This reverts commit
37dee9bbc3cefdbe772ef68881f54ac743fd8715, which did
not help speed up Travis-CI builds.
Nicolas Williams [Fri, 24 Apr 2020 22:38:02 +0000 (17:38 -0500)]
travis: Use ccache to speed up builds
Nicolas Williams [Fri, 24 Apr 2020 02:47:28 +0000 (21:47 -0500)]
travis: Show valgrind output in log
This might cause logs to get large. We might need to post the logs to
some URI.
Nicolas Williams [Fri, 24 Apr 2020 01:54:50 +0000 (20:54 -0500)]
travis: Allow CI config to make check-valgrind
Setting MAKE_CHECK_SUFFIX=-valgrind in the environment will cause Travis
to make check-valgrind.
Nicolas Williams [Fri, 24 Apr 2020 01:45:02 +0000 (20:45 -0500)]
kadmin: fix leak
Nicolas Williams [Fri, 24 Apr 2020 01:44:32 +0000 (20:44 -0500)]
roken: fix valgrind leak noise
Nicolas Williams [Thu, 23 Apr 2020 23:31:14 +0000 (18:31 -0500)]
hx509: Fix hx509_context_free() leak
Nicolas Williams [Thu, 23 Apr 2020 19:30:42 +0000 (14:30 -0500)]
Move error functions from krb5 to base
Nicolas Williams [Thu, 23 Apr 2020 18:26:25 +0000 (13:26 -0500)]
Move lib/krb5/error_string.c to lib/base/
This commit contains only renames.
Nicolas Williams [Tue, 3 Mar 2020 21:24:46 +0000 (15:24 -0600)]
Move KDC audit functionality to lib/base/
Nicolas Williams [Tue, 3 Mar 2020 04:33:07 +0000 (22:33 -0600)]
hx509: Add hx509.conf support
Just like krb5.conf, but hx509.conf, with all the same default locations
on Windows, OS X, and elsewhere, and HX509_CONFIG as the environment
variable equivalent of KRB5_CONFIG.
Nicolas Williams [Tue, 3 Mar 2020 04:26:17 +0000 (22:26 -0600)]
Move more config file code from krb5 to base
Nicolas Williams [Tue, 3 Mar 2020 21:28:54 +0000 (15:28 -0600)]
com_err: make error_table_name() thread-safe
Luke Howard [Tue, 21 Apr 2020 23:35:14 +0000 (09:35 +1000)]
gss: pass mechanism error tokens through SPNEGO
Fix for issue #486 based on a patch by Nico Williams.
A GSS-API acceptor can return an error token to be sent to the initiator. Our
SPNEGO implementation discarded these when sending a SPNEGO reject response.
This patch fixes the SPNEGO acceptor to convey those in the SPNEGO response.
The SPNEGO initiator is also updated to not bail out early on receiving a
SPNEGO reject response from the acceptor, but instead pass the response token
(if any) to gss_init_sec_context(). A reject response with no response token
will continue to return an error.
Luke Howard [Sun, 12 Apr 2020 10:39:16 +0000 (20:39 +1000)]
hcrypto: trim number of trials in prime number generation
Reduce the number of trials when generating RSA keys by calling
mp_prime_rabin_miller_trials() with the number of desired bits.
See libtom/libtommath#482.
Luke Howard [Sun, 12 Apr 2020 08:38:00 +0000 (18:38 +1000)]
hcrypto: make libtommath v1.2.0 work with Heimdal
Luke Howard [Sun, 12 Apr 2020 08:37:13 +0000 (18:37 +1000)]
hcrypto: import libtommath v1.2.0
Nicolas Williams [Wed, 22 Apr 2020 00:51:55 +0000 (19:51 -0500)]
Properly implement neg_mechs & GM_USE_MG_CRED (fix)
Nicolas Williams [Wed, 22 Apr 2020 00:51:16 +0000 (19:51 -0500)]
Better support for "non-standard" GSS mechs (fix)
Luke Howard [Sun, 19 Apr 2020 23:29:22 +0000 (09:29 +1000)]
gss: remove gss_release_cred_by_mech()
gss_release_cred_by_mech() was previously used by SPNEGO's implementation of
gss_set_neg_mechs(). This is now implemented in the mechanism glue. As we never
shipped gss_release_cred_by_mech(), it is safe to remove it and its exported
symbol.
Nicolas Williams [Sun, 19 Apr 2020 03:15:00 +0000 (22:15 -0500)]
Properly implement neg_mechs & GM_USE_MG_CRED
SPNEGO was already using union creds. Now make the mechglue know about
it, delete all of the cred-related SPNEGO stubs that are now not called
(lib/gssapi/spnego/cred_stubs.c), and implement gss_get/set_neg_mechs()
by storing the OID set in the union cred.
This commit was essentially authored as much if not more by Luke Howard
<lukeh at padl.com> as much as by the listed author.
Luke Howard [Tue, 21 Apr 2020 04:54:18 +0000 (14:54 +1000)]
gss: intern OID before adding to OID set
gss_add_oid_set_member() should according to RFC2744 add a copy of the OID to
the set; the current implementation just stored a pointer (which may not be
stable). As we have _gss_intern_oid(), call that before adding.
Nicolas Williams [Sun, 19 Apr 2020 02:32:45 +0000 (21:32 -0500)]
Add gss_duplicate_oid_set()
Nicolas Williams [Fri, 17 Apr 2020 03:53:22 +0000 (22:53 -0500)]
Better support for "non-standard" GSS mechs
If an initial security context token doesn't have a standard header per
RFC2743 then try all mechanisms until one succeeds or all fail.
We still try to guess NTLMSSP, raw Kerberos, and SPNEGO, from tasting
the initial security context token.
Luke Howard [Fri, 17 Apr 2020 01:11:43 +0000 (11:11 +1000)]
gss: fix gss_decapsulate_token() return codes
gss_decapsulate_token() should return GSS_S_BAD_MECH if the mechanism did not
match the expected one, and GSS_S_DEFECTIVE_TOKEN if the token could not be
parsed for some other reason, rather than GSS_S_FAILURE in both cases
Luke Howard [Tue, 14 Apr 2020 02:36:09 +0000 (12:36 +1000)]
gss: GSS_KRB5_IMPORT_RFC4121_CONTEXT_X / _gss_mg_import_rfc4121_context()
Add a new private interface (accessed through _gss_mg_import_rfc4121_context())
through which a skeletal krb5 mechanism context can be created, suitable for
RFC4121 message protection and PRF services.
Luke Howard [Thu, 16 Apr 2020 07:20:43 +0000 (07:20 +0000)]
gss: honor allocated_ctx in gss_{exchange,query}_meta_data
The NegoEx gss_{exchange,query}_meta_data functions set allocated_ctx but never
did anything with it. Use it to determine whether we should free the context
handle on error.
Luke Howard [Thu, 16 Apr 2020 07:19:35 +0000 (07:19 +0000)]
gss: free user keytab before resolving system keytab
get_client_keytab() leaked the user keytab if it resolved but we could not find
the client principal. Free it before trying the system keytab.
Luke Howard [Thu, 16 Apr 2020 07:13:16 +0000 (07:13 +0000)]
gss: don't leak client_cred in test_context
Don't leak client credential handle in test_context.
Luke Howard [Tue, 14 Apr 2020 02:34:44 +0000 (12:34 +1000)]
gss: allow source/target to be null on export/import
Allow the source and target names to be NULL when exporting or importing a
security context for the krb5 mechanism. This will be used in the future to
support skeletal contexts that only provide RFC4121 message protection
services.
Luke Howard [Thu, 16 Apr 2020 00:44:04 +0000 (10:44 +1000)]
gss: fix typo regression in setting minor_status
_gss_secure_release_buffer_set() patch changed minor_status to 0, not
*minor_status as correct. No behavioural change as
_gss_secure_release_buffer_set() would have set it anyway, but obviously this
was unintentional.
Nicolas Williams [Wed, 15 Apr 2020 23:48:26 +0000 (18:48 -0500)]
Improve coverage script a bit
Luke Howard [Wed, 15 Apr 2020 06:20:06 +0000 (16:20 +1000)]
gss: use _gss_secure_release_buffer_[set]
Use new helper APIs for securely zeroing and releasing buffers and buffer sets.
Luke Howard [Wed, 15 Apr 2020 06:11:42 +0000 (16:11 +1000)]
gss: add _gss_secure_release_buffer_set()
Add _gss_secure_release_buffer_set() helper function for zeroing buffer set
contents before release.
Luke Howard [Wed, 15 Apr 2020 05:59:01 +0000 (15:59 +1000)]
gss: add _gss_secure_release_buffer()
Add _gss_secure_release_buffer() helper function that zeros buffer
Luke Howard [Tue, 14 Apr 2020 02:37:56 +0000 (12:37 +1000)]
krb5: allow NULL authenticator in krb5_auth_con_free()
When freeing an auth context, allow the authenticator to be NULL. Useful for
freeing partially allocated authentication context.
Nicolas Williams [Wed, 15 Apr 2020 01:48:19 +0000 (20:48 -0500)]
Fix Coveralls badge to master branch
Nicolas Williams [Wed, 15 Apr 2020 00:23:39 +0000 (19:23 -0500)]
Recover coverage data on more files
Luke Howard [Tue, 14 Apr 2020 22:58:27 +0000 (08:58 +1000)]
krb5: always zero elastic storage
Elastic storage (returned from krb5_storage_emem()) often contains secret keys.
Ensure memory is zeroed on free using memset_s() rather than memset().
Nicolas Williams [Tue, 14 Apr 2020 22:03:05 +0000 (17:03 -0500)]
Add Coveralls badge to README.md
Nicolas Williams [Tue, 14 Apr 2020 10:04:00 +0000 (05:04 -0500)]
Send coverage data from Travis to Coveralls
Luke Howard [Tue, 14 Apr 2020 10:21:09 +0000 (20:21 +1000)]
krb5: use memset_s() in krb5_free_keyblock_contents()
krb5_free_keyblock_contents() should use memset_s() to ensure that the key is
zero'd before freeing
Luke Howard [Tue, 14 Apr 2020 10:02:59 +0000 (20:02 +1000)]
gss: check for replays in test_context
Add GSS_C_REPLAY_FLAG to the default set of flags in test_context.
Luke Howard [Tue, 14 Apr 2020 07:27:55 +0000 (17:27 +1000)]
gss: don't use heim_assert() in test_context
Use errx() rather than heim_assert() in test_context
Luke Howard [Tue, 14 Apr 2020 04:46:32 +0000 (14:46 +1000)]
gss: make gss_compare_name comply with RFC2743
Anonymous names should always compare FALSE in GSS_Compare_name(). If the names
are being compared at the mechglue layer then we should check for
GSS_C_NT_ANONYMOUS.