From noreply at github.com Thu Jun 18 01:21:16 2015 From: noreply at github.com (GitHub) Date: Wed, 17 Jun 2015 16:21:16 -0700 Subject: [Heimdal-source-changes] [heimdal/heimdal] 960fa4: Add test for incorrect password Message-ID: <558200ec8ddb_1dcb3fcd0656f2bc311ad@hookshot-fe5-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/heimdal/heimdal Commit: 960fa481bedbe8485b1be18ba7b61481eeff32ed https://github.com/heimdal/heimdal/commit/960fa481bedbe8485b1be18ba7b61481eeff32ed Author: Andrew Bartlett Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M tests/kdc/check-kdc.in Log Message: ----------- Add test for incorrect password Signed-off-by: Andrew Bartlett Commit: 95256a612961939f09ab2cfd72cd93c411a9673f https://github.com/heimdal/heimdal/commit/95256a612961939f09ab2cfd72cd93c411a9673f Author: Andrew Bartlett Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M kdc/kerberos5.c Log Message: ----------- kdc: Preserve error code from Pre Authentication .validate hook This is required to ensure the client still gets errors like KRB5KDC_ERR_PREAUTH_FAILED, rather than KRB5KDC_ERR_PREAUTH_REQUIRED, which become a confusing KRB5_GET_IN_TKT_LOOP. Andrew Bartlett Signed-off-by: Andrew Bartlett Pair-programmed-with: Garming Sam Signed-off-by: Garming Sam Commit: 5c8e3c6108434d31fe6056a1dcc200c9f6f8a70d https://github.com/heimdal/heimdal/commit/5c8e3c6108434d31fe6056a1dcc200c9f6f8a70d Author: Andrew Bartlett Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M .travis.yml Log Message: ----------- Fix shell syntax in COVERITY_SCAN_BRANCH test Signed-off-by: Andrew Bartlett Commit: 324ac13b32cc381f4d2c5b581f3b499147535d0a https://github.com/heimdal/heimdal/commit/324ac13b32cc381f4d2c5b581f3b499147535d0a Author: Andrew Bartlett Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M kdc/krb5tgs.c Log Message: ----------- heimdal: remove checking of KDC PAC signature, delegate to wdc plugin The checking of the KDC signature is more complex than it looks, it may be of a different enc type to that which the ticket is encrypted with, and may even be prefixed with the RODC number. This is better handled in the plugin which can easily look up the DB for the correct key to verify this with, and can also quickly determine if this is an interdomain trust, which we cannot verify the PAC for. Andrew Bartlett Commit: e5144acab084f999bf351a4b151aa8ccc2f4ef7c https://github.com/heimdal/heimdal/commit/e5144acab084f999bf351a4b151aa8ccc2f4ef7c Author: Santosh Kumar Pradhan Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M lib/krb5/principal.c Log Message: ----------- heimdal: Use krb5_free_default_realm() for free() The resource allocated by krb5_default_default_realm() should be free()'d by krb5_free_default_realm() instead of plain free() for better readability. Signed-off-by: Santosh Kumar Pradhan Reviewed-by: Volker Lendecke Reviewed-by: Andreas Schneider Commit: 0f19fdec83da166b4d685e4c21b5bf7b0c503f5e https://github.com/heimdal/heimdal/commit/0f19fdec83da166b4d685e4c21b5bf7b0c503f5e Author: Günther Deschner Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M lib/krb5/init_creds.c Log Message: ----------- s4-heimdal: fix krb5_get_init_creds_opt_set_process_last_req(). Most probably just a copy/paste error. Guenther Signed-off-by: Günther Deschner Reviewed-by: Andrew Bartlett Commit: c450abd01ac6d1bd7b4f460806dc3d3ee8cd1815 https://github.com/heimdal/heimdal/commit/c450abd01ac6d1bd7b4f460806dc3d3ee8cd1815 Author: Andrew Bartlett Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M kdc/misc.c Log Message: ----------- heimdal: Ensure that HDB_ERR_NOT_FOUND_HERE, critical for the RODC, is not overwritten This change ensures that our RODC will correctly proxy when asked to provide a ticket for a service or user where the keys are not on this RODC. Signed-off-by: Garming Sam Pair-programmed-with: Garming Sam Signed-off-by: Andrew Bartlett Commit: 02616866e54692c9cf0537d62cb50e8259ef84fc https://github.com/heimdal/heimdal/commit/02616866e54692c9cf0537d62cb50e8259ef84fc Author: Volker Lendecke Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M lib/krb5/store.c Log Message: ----------- heimdal: Fix the developer O3 build Signed-off-by: Volker Lendecke Reviewed-by: Alexander Bokovoy Commit: 2e6318f09ac0dc40c8fa058cc20108d6b5e591e7 https://github.com/heimdal/heimdal/commit/2e6318f09ac0dc40c8fa058cc20108d6b5e591e7 Author: Stefan Metzmacher Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M lib/krb5/pac.c Log Message: ----------- heimdal:lib/krb5: allow enterprise principals in verify_logonname() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Reviewed-by: Guenther Deschner Commit: 8c8a39b0b7dc8c24cad1c2dcf68d2c7b238b19fe https://github.com/heimdal/heimdal/commit/8c8a39b0b7dc8c24cad1c2dcf68d2c7b238b19fe Author: Stefan Metzmacher Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M lib/krb5/pac.c Log Message: ----------- heimdal:lib/krb5: let build_logon_name() use KRB5_PRINCIPAL_UNPARSE_DISPLAY An ENTERPRISE principal should result in 'administrator at S4XDOM.BASE' instead of 'administrator\@S4XDOM.BASE'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Reviewed-by: Guenther Deschner Commit: 358e2b7b0a460962f8d8da4492270c65fec79d1a https://github.com/heimdal/heimdal/commit/358e2b7b0a460962f8d8da4492270c65fec79d1a Author: Stefan Metzmacher Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M kdc/kerberos5.c Log Message: ----------- kdc: remove KRB5_PADATA_CLIENT_CANONICALIZED handling This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt and the final rfc6806.txt. The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt. (Samba commit 9ebd10b3432c271625db9fbc1987759c02b23f83 forward-ported to Heimdal master by Andrew Bartlett) Commit: 29f6290fe60cebb4ad08860214e324af0c8b23b1 https://github.com/heimdal/heimdal/commit/29f6290fe60cebb4ad08860214e324af0c8b23b1 Author: Andrew Bartlett Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M lib/krb5/ticket.c Log Message: ----------- lib/krb5: Remove KRB5_PADATA_CLIENT_CANONICALIZED from ticket.c This will shortly be removed from krb5.asn1. This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt and the final rfc6806.txt. The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt. Andrew Bartlett based on work by metze to remove it from othert parts of the code Signed-off-by: Andrew Bartlett Commit: be63a2914adcbea7d42d56e674ee6edb4883ebaf https://github.com/heimdal/heimdal/commit/be63a2914adcbea7d42d56e674ee6edb4883ebaf Author: Stefan Metzmacher Date: 2015-06-17 (Wed, 17 Jun 2015) Changed paths: M lib/asn1/krb5.asn1 Log Message: ----------- heimdal:krb5.asn1: remove KRB5_PADATA_CLIENT_CANONICALIZED handling This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt and the final rfc6806.txt. The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Reviewed-by: Guenther Deschner Compare: https://github.com/heimdal/heimdal/compare/50e2a5ce95f4...be63a2914adc