Greg Hudson [Sat, 7 Jan 2012 15:50:14 +0000 (15:50 +0000)]
Remove SAM encoders and structures
r24403 removed the old SAM support, but left behind the structures,
free functions, and ASN.1 encoders/decoders. Remove those now.
(SAM-2 support is still present.)
Greg Hudson [Fri, 6 Jan 2012 21:17:14 +0000 (21:17 +0000)]
Convert all remaining macro-coded ASN.1 encoders
Use data-driven encoders for all of the remaining types which still
used macros (primarily PKINIT types), and get rid of the macros. Do
not change any encoding behavior, but add some comments where behavior
differs from the spec.
DEFFNTYPE is now unused except for the kdc_req_body hack.
Greg Hudson [Fri, 6 Jan 2012 21:13:59 +0000 (21:13 +0000)]
Add support for CHOICE in ASN.1 encoder
Add a new field type where the length offset indicates a distinguisher
and the data offset indicates a union address. The field's type is an
atype_choice containing a seq_info indexed by the distinguisher.
Greg Hudson [Fri, 6 Jan 2012 21:08:54 +0000 (21:08 +0000)]
Support implicit context tags in ASN.1 fields
Add a field_info bit (the 32nd bit of the bitfields) indicating whether
the context tag is implicit, and support it in encode_a_field. Adjust
all field-generating macros and invocations to include the new bit
(always 0 for the moment).
For atype_tagged_thing, narrow the construction field to six bits and
add an implicit bit. We could remove the construction field if it
weren't for DEFOCTETWRAPPEDTYPE abusing atype_tagged_thing a little
bit, since (normal) explicit tags are always constructed and implicit
tag construction is computed from the base type.
Given how rarely implicit tagging is used, it might be nice to have
separate _IMPLICIT macros rather than an extra argument to every
field. But we already have separate _OPT macros for optional fields
and FIELDOF_STRING vs. FIELDOF_STRINGL, so we start to get a
combinatoric explosion in the number of macros.
Greg Hudson [Fri, 6 Jan 2012 21:06:10 +0000 (21:06 +0000)]
Support ASN.1 encoding without the outer tag
In order to support implicit tagging, make it possible to ASN.1-encode
a value without its outer tag, instead remembering the construction
bit of the omitted tag.
A cleaner design would be to have separate functions for encoding a
value's contents and its tag. However, we can't do that for atype_fn
or atype_opaque, and the possible indirections between types and
fields mean we want to stay at the "encode everything" level for as
long as possible to allow implicit tagging of the largest possible
subset of types. If we can get rid of atype_fn, we may be able to
switch to the cleaner design with some adjustments to atype_opaque.
Greg Hudson [Fri, 6 Jan 2012 20:52:12 +0000 (20:52 +0000)]
Use content-only ASN.1 primitives
As part of implicit tag support, rework ASN.1 encoding primitives so
that they encode only content, not tags. Combine primitives which
become identical with this change. The new atype_primitive type
invokes a primitive encoder and adds a tag. atype_fn_len is split
into atype_string and atype_opaque, both of which are hardcoded to
use asn1_encode_bytestring.
For the encoders still using macros, create asn1_addprimitive,
asn1_addinteger, and asn1_addstring macros which call the primitive
encoder function and add a tag.
Greg Hudson [Fri, 6 Jan 2012 20:52:09 +0000 (20:52 +0000)]
Make ASN.1 struct atype_info more extensible
Instead of including all of the possible type fields in struct
atype_info, use a pointer to a type-specific structure. This might
save a little space, but more importantly, if we get to the point of
exposing this stuff across plugin APIs, it allows ASN.1 type
information to be extensible via defining new atype_type values.
Greg Hudson [Fri, 6 Jan 2012 20:52:02 +0000 (20:52 +0000)]
Add test cases for PKINIT ASN.1 encoders
Do not add decode tests, because those would trip some bugs in the
decoders, and we can't safely fix some of those bugs without interop
testing. Encode tests are sufficient to detect when we
unintentionally change the output of the encoders.
Fix trval2() not to use the context shortcut on primitive context
tags.
Greg Hudson [Fri, 6 Jan 2012 20:46:17 +0000 (20:46 +0000)]
Fix asn1_encode_subject_pk_info without params
r20923 inadvertently broke asn1_encode_subject_pk_info in the case
where algorithm.parameters.length == 0. Fortunately this case never
happens, but fix it anyway.
Greg Hudson [Wed, 21 Dec 2011 22:52:52 +0000 (22:52 +0000)]
Stop using krb5_typed_data structure type
Use the krb5_pa_data structure type when encoding or decoding
TYPED-DATA. Leave the krb5_typed_data structure definition in krb5.h
with a comment saying not to use it. Remove krb5_free_typed_data
(which was never declared in krb5.h). Remove some vestigial accessor
stuff related to PKINIT encoding and decoding TYPED-DATA, which was
unneeded since r25483. Bump the accessor structure version to 19
accordingly.
Greg Hudson [Wed, 21 Dec 2011 22:52:43 +0000 (22:52 +0000)]
Stop using krb5_octet_data
For consistency with the rest of the code base, make PKINIT use
krb5_data as a pointer/length container. Leave krb5_octet_data and
krb5_free_octet_data behind for API compatibility.
Greg Hudson [Fri, 16 Dec 2011 23:19:01 +0000 (23:19 +0000)]
Do mech fallback for first SPNEGO context token
When producing the first SPNEGO security context token, if the first
mechanism's init_sec_context fails, fall back to a later mechanism.
This fixes a regression in 1.10 for SPNEGO initiators using non-krb5
credentials. The identity selection work causes errors to be deferred
from krb5's acquire_cred in some cases, which means SPNEGO doesn't see
an error until it tries the krb5 init_sec_context.
Greg Hudson [Fri, 16 Dec 2011 23:18:54 +0000 (23:18 +0000)]
Verify acceptor's mech in SPNEGO initiator
In spnego_gss_ctx_id_rec, store the set of negotiable mechanisms as
well as the currently selected internal_mech, which becomes an alias
into mech_set. In init_ctx_reselect, locate the acceptor's counter-
proposal in sc->mech_set and consider the token defective if it is not
found.
If krb5_server_decrypt_ticket_keytab doesn't find a key of the
appropriate enctype in an iterable keytab, it returns 0 (without
decrypting the ticket) due to a misplaced initialization of retval.
This bug causes kinit -k to claim "keytab entry valid" when it
shouldn't. Reported by mark@mproehl.net.
Tom Yu [Mon, 12 Dec 2011 20:46:20 +0000 (20:46 +0000)]
Split cci_thread_init into per-process and per-thread portions
Call the per-thread code on thread attach and per-process once per
process. Previously, while the function was named 'thread', it was
only actually called once per process. Currently, the per-thread
code does nothing on non-windows platforms and is not even actually
invoked.
Fixes a windows bug when multiple non-main threads try to use ccapi
at the same time.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7050
mfc bug causes assertions when dialog is generated from
within PreTranslateMessages() (MSG input param points to a global
variable which is corrupted in the dialog message loop). So we need
to instead PostMessage() to cause the popup later.
Also fixed logic to cause warning dialog to actually be modal as intended
when the leash window is not minimized.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7050
Tom Yu [Mon, 12 Dec 2011 20:44:30 +0000 (20:44 +0000)]
Make ccapiserver exit if its receiveloop thread terminates for any reason
This happens, for example, when the rpc endpoint is already registered
by another ccapiserver process. There's no reason to leave a zombie
process running that can't receive messages.
Greg Hudson [Fri, 9 Dec 2011 17:57:47 +0000 (17:57 +0000)]
Fix memory leaks in FAST TGS support
krb5int_fast_prep_req remove tgs from request->padata and needs to
free it. get_creds.c needs to use a fresh FAST state for each TGS
request to avoid leaking armor keys.
Greg Hudson [Wed, 7 Dec 2011 19:38:32 +0000 (19:38 +0000)]
Allow null server key to krb5_pac_verify
When the KDC verifies a PAC, it doesn't really need to check the
server signature, since it can't trust that anyway. Allow the caller
to pass only a TGT key.
Greg Hudson [Wed, 7 Dec 2011 19:38:29 +0000 (19:38 +0000)]
Add automated tests for S4U2Self and S4U2Proxy
These tests mainly exercise the client-side GSSAPI code for S4U2Self
and S4U2Proxy. They also exercise the KDC code for S4U2Self, but only
the denial logic for S4U2Proxy since the DB2 back end doesn't support
constrained delegation currently.
Greg Hudson [Wed, 7 Dec 2011 19:38:22 +0000 (19:38 +0000)]
Allow S4U2Proxy service tickets to be cached
Previous to this change, the GSS code avoids caching S4U2Proxy results
for fear of the memory cache growing without bound, but that seems
unlikely to be a serious problem. Allow these to be cached.
Greg Hudson [Wed, 7 Dec 2011 19:38:13 +0000 (19:38 +0000)]
Allow S4U2Proxy delegated credentials to be saved
The initial implementation of client-side S4U2Proxy support did not
allow delegated proxy credentials to be stored (gss_store_cred would
error out, and gss_krb5_copy_ccache would generate a non-working
cache). To make this work, we save the impersonator name in a cache
config variable and in a cred structure field (replacing the
proxy_cred flag), and make the default principal of the proxy cache
the subject principal as the caller would expect for a regular
delegated cred.
Greg Hudson [Sun, 4 Dec 2011 22:38:36 +0000 (22:38 +0000)]
Set a default enctype for optimistic preauth
When the client application requests optimistic preauth for a preauth
type which uses the password, we don't have an etype-info2 to
interpret since we haven't talked to the KDC. So we need to guess an
enctype, salt, and s2k parameters. In 1.9 and prior, encrypted
timestamp contained code to use the first requested enctype in this
case, but encrypted challenge did not. In 1.10 prior to this change,
neither mechanism uses a reasonable default.
Set a default enctype in krb5_init_creds_init so that all
password-based preauth mechanisms will use a reasonable default in the
optimistic preauth case. The default salt and s2k parameters for this
case will be the principal-based default salt and the enctype-based
default parameters.
Sam Hartman [Tue, 29 Nov 2011 21:22:21 +0000 (21:22 +0000)]
AC_CHECK_LIB should put -lcrypto in PKINIT_CRYPTO_IMPL_LIBS not LIBS
for pkinit. A similar problem exists for crypto_impl and is not
addressed by this patch.
ticket: new Subject: LIBS should not include PKINIT_CRYPTO_IMPL_LIBS tags: pullup target_version: 1.10
Sam Hartman [Wed, 23 Nov 2011 01:00:36 +0000 (01:00 +0000)]
FAST: error handling and const keyblock
krb5int_fast_process_error: Allow out_padata and retry to be null for
TGS case. Refactor function to do more frees in the exit handling and
to declare variables at the top.
krb5int_fast_reply_key: input keyblock arguments should be const
Sam Hartman [Wed, 23 Nov 2011 01:00:27 +0000 (01:00 +0000)]
ticket: new
subject: FAST PKINIT
target_version: 1.10
tags: pullup
Per RFC 6113 fast should use the inner request body for the pkinit
checksum. We did that on the KDC; now do so on the client. Remove
code that explicitly blocked pkinit under FAST.
Also, use the reply key *before* the strengthen key is applied when
verifying the PADATA_PKINIT_KX.
projects / thirdparty / krb5.git / log
