| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
| |
i.e. don't keep generated or foreign stuff in our source tree.
As a side effect, this lets us use a libtool, etc. from this century
|
| | |
|
| |
|
|
|
|
|
| |
The fact that the Heimdal and MIT APIs are subtly different strikes again.
I am honestly starting to wonder if they make it look this similar just
to frustrate people; I only don't believe it because neither team seems
like that sort of person. Fixes #74.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Since these are constants used in the protocol be explicit about what values
the C compiler is assigning them, and that they can't be arbitrarily
rearranged.
Also, since we were promising strings for describing them in zephyr.h
actually define the array.
|
| | |
|
| | |
|
| |
|
|
| |
notice->z_authent_authent_len will be zero.
|
| |
|
|
|
|
| |
with SO_REUSADDR set on a given port, other people can also open listening
sockets with SO_REUSEADDR set, so turn SO_REUSADDR back off after we've
bound our port.
|
| | |
|
| |
|
|
| |
the pointer
|
| |
|
|
| |
(thanks to wthrowe@mit.edu)
|
| |
|
|
| |
wthrowe@mit.edu
|
| |
|
|
| |
and it breaks the build when there isn't a utmp.h
|
| |
|
|
| |
nuke-trailing-whitespace.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
I am becoming increasingly enamored with the fall-through on error
clean-up-everything-at-the-end style of C error handling and resource
management.
Also remove some misleading/useless/wrong comments.
(also fix a problem in the tickets expired case where it was using
the wrong (possibly undefined) authenticator lengh)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per Nelson Elhage:
find_or_insert_uid sorts 'buffer' by the uid, which is a
remotely-provided field. However, in order to expire uids, it does:
while (num && (now - buffer[start % size].t) > CLOCK_SKEW)
start++, num--;
start %= size;
i.e. starts from the start of the queue and goes until it finds
something sufficiently new. Since the queue ordering is
attacker-controlled, we can send an arbitrarily-long sequence of
decreasing uids, consuming memory and forcing the client into an
ever-growing quadratic loop to insert them at the beginning.
--
Solve this by not keeping the buffer sorted; just tack the incoming
uids on the end. This way an attacker can make us keep five minutes
worth of UIDs, but only five minutes, and also anecdotally a client
under attack spends all of its CPU sort uids.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
krb5 actually checks in mk_req and fails if the ticks are expired,
rather than giving you an authenticator that would fail and, handing
you the session key that you'd already negotiated. This causes (meh)
sending auth to fail as opposed to just ending up unauthentic and
(poor) verifiable messages to look unauthentic or forged.
So get the session key from the ccache without checking the expiration
time, and have the cert routine skip making an authenticator if
krb5_mk_req_extended says the ticket is expired.
|
| | |
|
| |
|
|
|
|
|
| |
(The time used to be set before the bounds check, so one could
potentially get an accumulation of packets in the queue without
timestamps that could never be assembled into a full notice; thanks to
nelhage@mit.edu for noticing.)
|
| |
|
|
| |
(thanks to nelhage@mit.edu for noticing this)
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Print only the fields of ZGetDestAddr we care about checking -- the
address family and address. We can't just print the whole structure
and selectively examine fields, because we can't easily determine
whether sin_len will be present or not.
(from Ken Raeburn)
|
| |
|
|
| |
(from Ken Raeburn)
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
so that make check will fail.
|
| |
|
|
| |
a mac
|
| |
|
|
|
|
| |
keyusage stuff
such that it actually works.
|
| |
|
|
| |
(and probably not SEGV on a LP64 system)
|
| | |
|
| |
|
|
|
| |
it in it's own file. And then put it in a debian package.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
that we don't
inadvertantly alter the checksum.
|
| | |
|
| |
|
|
|
|
| |
(really once I pull the duplicate tests out of here there's no reason
for this to be runnable anyway...)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Using socketpair doesn't work because you end up with an AF_UNIX socket,
and it even if you _can_ use sendto with anonymous unix-domain sockets
(which the documentation is mute on and it doesn't seem worth experimenting
on), the zephyr library doesn't allocate enough storage for a sockaddr_un,
and although I'm not above fixing that, I determined that for structural
reasons it's too annoying right now. (But once we have a test suite...)
Anyway, cons up a udp socket, and extract a port number from the library,
and use the python socket interface to send the zephyr packet.
|
| |
|
|
|
|
|
|
| |
AF_INET, which is not terribly surprising now that I think about it.
However, ZPending() still returns -1, and I don't know how to debug why at
the moment.
|
| | |
|
| | |
|
| | |
|
Karl Ramm
Mark W. Eichin