Sam Hartman [Wed, 2 Dec 2009 16:16:50 +0000 (16:16 +0000)]
Both in the previous trunk code and in the fast negotiation code, referrals and pre-authentication did not work correctly.
In particular, the set of preauthentication mechanisms that had been used in the preauth context, the initial set of mechanisms to try, the fast state, and the negotiated state were not reset whenever the realm changed.
Refactor handling of init_creds loop restarts. There are three cases
where the loop starts up: at init_creds_init time, when negotiation
needs to restart (fast detected or negotiation not supported), or when
referrals cause the realm to change. Factor out as much code as
possible to be common in these cases.
Sam Hartman [Wed, 2 Dec 2009 16:16:47 +0000 (16:16 +0000)]
While developing the fast negotiation changes, the get_in_tkt code was
reorganized to be more maintainable and asynchronous. This commit
forward ports old changes found in users/hartmans/fast-negotiate to
the new architecture. All the changes were ported at once rather than
porting each individual change.
Sam Hartman [Wed, 2 Dec 2009 16:16:38 +0000 (16:16 +0000)]
Implement upgrade to FAST when the KDC supports FAST. Implement fall
back to no negotiation when the KDC doesn't appear to support it.
In order to do this control flow for get_init_creds is changed significantly.
A comment in the diff explains the logic.
* Move preauth_request_init into loop
* move preauth gic option handling into loop
* New function krb5int_upgrade_to_fast_p
* New fast state flag: KRB5INT_FAST_ARMOR_AVAIL
Sam Hartman [Wed, 2 Dec 2009 16:16:19 +0000 (16:16 +0000)]
Implement KDC side of protected negotiation:
* Move return_enc_padata so reply key is available
* Include checksum of reply if requested
* export encode_krb5_checksum so we can call it from the KDC
Sam Hartman [Wed, 2 Dec 2009 16:15:59 +0000 (16:15 +0000)]
Implement fast negotiation per discussion with Larry
This implementation is sloppy in that it always includes the padata
requesting reply checksum even though that will interact badly with some of our older KDCs.
Sam Hartman [Wed, 2 Dec 2009 16:15:48 +0000 (16:15 +0000)]
Integrate Apple APIs for storing configuration parameters in a ccache
* krb5_cc_get_config: get a config parameter from a ccache
* krb5_cc_set_config: set a configuration parameter in a ccache
* krb5_is_config_principal: should this principal be skipped during ccache iteration
* klist: skip config principals
Greg Hudson [Tue, 1 Dec 2009 01:36:42 +0000 (01:36 +0000)]
Fix AES IOV decryption of small messages
AES messages never need to be padded because the confounder ensures
that the plaintext is at least one block long. Remove a check in
krb5int_dk_decrypt_iov which was rejecting short AES messages because
it didn't count the header length.
Greg Hudson [Tue, 1 Dec 2009 01:32:02 +0000 (01:32 +0000)]
Make krb5int_c_decrypt_aead_compat more efficient by building the
buffers explicitly rather than using stream decryption. Sidesteps
some machinery and avoids copying the output.
Greg Hudson [Mon, 30 Nov 2009 19:03:58 +0000 (19:03 +0000)]
Fix ivec chaining for DES iov encryption
krb5int_des_cbc_decrypt_iov was using a plaintext block to update the
ivec. Fix it to use the last cipher block, borrowing from the
corresponding des3 function. The impact of this bug is not serious
since ivec chaining is not typically used with IOV encryption in 1.7.
Greg Hudson [Mon, 30 Nov 2009 16:19:24 +0000 (16:19 +0000)]
Add an AEAD provider for enctypes which use krb5_old_encrypt and
krb5_old_decrypt; this makes every enctype have an AEAD provider. To
make this work, expose make_unkeyed_checksum_iov to other files (under
the name krb5int_hash_iov) and make krb5int_c_padding_length take into
account the header length.
Greg Hudson [Mon, 30 Nov 2009 16:12:36 +0000 (16:12 +0000)]
Make the crc32 hash provider correctly chain multiple input buffers,
so that it returns the same result if you pass it one big buffer or
many small buffers containing the same data. To do this, change the
contract of mit_crc32 so that the cksum parameter is in-out.
Greg Hudson [Sun, 29 Nov 2009 23:13:57 +0000 (23:13 +0000)]
Remove the non-iov entry point introduced in r23378, since it's easy
to use the iov entry point at both call sites. Rename the iov entry
point to remove the "_iov" suffix since it's no longer needed to
disambiguate.
Greg Hudson [Sun, 29 Nov 2009 15:43:29 +0000 (15:43 +0000)]
Avoid using strncpy in the production of the arcfour salt because it
produces a (spurious) Coverity defect. Fix a memory leak in
krb5int_arcfour_encrypt.
Greg Hudson [Sat, 28 Nov 2009 23:10:31 +0000 (23:10 +0000)]
Create functional internal interfaces to allow GSSAPI to perform
arcfour encryption of GSS tokens. This factors out derivation of
the usage and encryption keys, and removes the need for the provider
structures to be visible to all of krb5 via k5-int.h.
Greg Hudson [Sat, 28 Nov 2009 15:53:39 +0000 (15:53 +0000)]
Clean up the arcfour token encryption and decryption functions by
making use of newer convenience functions and by factoring out the
derivation of the usage and encryption keys.
Greg Hudson [Fri, 27 Nov 2009 21:15:53 +0000 (21:15 +0000)]
Allow null keys to be referenced (a no-op) for simpler "copying" of
keys which might or might not exist. Consistent with allowing freeing
of null keys.
Greg Hudson [Fri, 27 Nov 2009 09:15:50 +0000 (09:15 +0000)]
Move the arcfour directory from the crypto module dirs into krb. This
directory contains the token encryption code (similar to dk, old, and
raw) which is Kerberos-specific. The actual stream cipher lives in
enc_provider/rc4.c, which is still in the module dirs.
arcfour/arcfour-int.h contained the definitions of some structures
used only in enc_provider/rc4.c. Move those definitions into that
source file so that everything in arcfour is at the right level of
abstraction to live in krb.
Tom Yu [Thu, 26 Nov 2009 03:54:59 +0000 (03:54 +0000)]
Pullup to 1.7-branch is only for the test case, as krb5-1.7 behaved
correctly for these checksums.
Fix regression in MD4-DES and MD5-DES keyed checksums. The original
key was being used for the DES encryption, not the "xorkey". (key
with each byte XORed with 0xf0)
Add a test case that will catch future regressions of this sort, by
including a verification of a "known-good" checksum (derived from a
known-to-be-interoperable version of the implementation).
Greg Hudson [Thu, 26 Nov 2009 00:05:08 +0000 (00:05 +0000)]
libkrb5 support for non-blocking AS requests
Merge Luke's iakerb-libkrb5-as-only branch into trunk with several bug
fixes. Adds support for the krb5_init_creds APIs (same as Heimdal's)
which allow AS requests to be performed via a different transport than
the blocking send_to_kdc.
Greg Hudson [Wed, 25 Nov 2009 23:09:07 +0000 (23:09 +0000)]
Defer the conversion of the gic options structure to the extended form
until we reach krb5_get_init_creds. Rename that function to
krb5int_get_init_creds since it isn't public. Also stop exporting it.
Greg Hudson [Wed, 25 Nov 2009 14:36:05 +0000 (14:36 +0000)]
In krb5_db2_db_init, make a format string constant to make Coverity
happy. (Previously it was a disjunction of two constants, which is
fine, but not as obviously safe to a static analysis tool.)
Sam Hartman [Tue, 24 Nov 2009 01:05:30 +0000 (01:05 +0000)]
KDC MUST NOT accept ap-request armor in FAST TGS
Per the latest preauth framework spec, the working group has decided
to forbid ap-request armor in the TGS request because of security
problems with that armor type.
This commit was tested against an implementation of FAST TGS client to
confirm that if explicit armor is sent, the request is rejected.
Greg Hudson [Mon, 23 Nov 2009 20:52:16 +0000 (20:52 +0000)]
Simplify depfix.pl by assuming that all files outside of the source
and build directory (after substitutions) are external headers which
should not be tracked.
Greg Hudson [Sun, 22 Nov 2009 18:20:36 +0000 (18:20 +0000)]
Update the build system documentation:
* The test suite no longer requires root.
* appl no longer contains what it used to contain.
* Mention --disable-rpath as an alternative for make check.
Greg Hudson [Sun, 22 Nov 2009 18:13:29 +0000 (18:13 +0000)]
Consolidate Makefile variables now that we have only a single global
configure script:
$(SRCTOP) --> $(top_srcdir)
$(srcdir)/$(thisconfigdir) --> $(top_srcdir)
$(thisconfigdir) --> $(BUILDTOP)
$(myfulldir) --> $(mydir)
Greg Hudson [Sun, 22 Nov 2009 14:58:54 +0000 (14:58 +0000)]
Unbundle applications into separate repository
Remove libpty, gssftp, telnet, and the bsd applications from the
source tree, build system, and tests.
Docs still need to be updated to remove mentions of the applications.
The build system should be simplified now that we're down to one
configure script and don't need some of the functionality currently in
aclocal.m4.
Ezra Peisach [Fri, 20 Nov 2009 20:55:34 +0000 (20:55 +0000)]
Correct argument to kadm5_get_principal is a pointer to a struct - not
a pointer to a pointer.... Does not really matter as the field is not used -
this test program expects a failer.
Clean up memory leaks by freeing principal and releasing context.
Ezra Peisach [Fri, 20 Nov 2009 03:42:40 +0000 (03:42 +0000)]
The size of kadm5_server_handle_rec differs between the client and
server code. Valgrind picked up on access past end of allocated
structure. Include proper internal header in client/server test.
Greg Hudson [Sat, 14 Nov 2009 18:56:43 +0000 (18:56 +0000)]
Reindent include directory, reformatting prototypes as necessary.
Exclude include/gssrpc due to its Sun origin and k5-platform.h due to
macros too hairy for emacs c-mode to handle.
projects / thirdparty / krb5.git / log
