Greg Hudson [Thu, 7 Jan 2021 17:34:57 +0000 (12:34 -0500)]
Allow kprop over more types of NATs
Do not send an r-address in messages from kprop, so that kpropd will
not check it against the receiver address. This change allows kprop
to work when a NAT changes the destination address. (Commit 775e496aac2650343ec20826b1ba7f6306a12f3c allows kprop to work when a
NAT changes the source address.) Reported by Jorj Bauer.
Greg Hudson [Sat, 21 Nov 2020 06:41:41 +0000 (01:41 -0500)]
Continue on KRB5_FCC_NOFILE in KCM cache iteration
Although Heimdal's KCM client only continues after KRB5_CC_END,
Heimdal's and macOS's KCM server returns KRB5_FCC_NOFILE if a cache
uuid no longer exists. Check for both errors during iteration. Also
set ret to 0 when continuing, in case the skipped uuid is the last one
in the list.
Greg Hudson [Mon, 28 Dec 2020 20:41:46 +0000 (15:41 -0500)]
Implement fallback for GSS acceptor names
Commit 3fcc365a6f049730b3f47168f7112c03997c5c0b added fallback support
to krb5_rd_req(), but acquiring acceptor creds for a host-based name
could still fail within check_keytab() in the krb5 mech.
Add an internal libkrb5 API k5_kt_have_match() to check for a matching
keytab entry with canonicalization, and use it in check_keytab(). Add
a library-internal function k5_sname_wildcard_host() to share logic
between rd_req and k5_kt_have_match().
As part of the first commit, the links to .so and .so.X were made
within the central directory instead of directly to the library build
directory. However, the dependencies were not updated to ensure that
the link target is created before the link, so when $(LN_S) is "cp
-pR" and not "ln -s", the build steps could be executed out of order
and fail. This part of the first commit was not reverted in the
second commit. Revert it now so that the dependencies match the
links.
Greg Hudson [Mon, 21 Dec 2020 15:25:58 +0000 (10:25 -0500)]
Revert dns_canonicalize_hostname default to true
Field testing of dns_canonicalize_hostname=fallback (ticket 8911)
revealed more disruptive edge cases than anticipated. Many were fixed
by ticket 8930, but host-based GSS initiator names were recently
discovered to not work, and one other edge case could not be resolved
without a change to external code.
Restore the default to true for now. Set the value to fallback in the
test suite, to continue testing the desired configuration and to avoid
restoring tests/resolve.
Greg Hudson [Mon, 14 Dec 2020 18:16:17 +0000 (13:16 -0500)]
Add support for start_realm cache config
When making TGS requests, if start_realm is set in the cache, use the
named realm to look up the initial TGT for referral or cross-realm
requests. (Also correct a comment in struct _tkt_creds_context: the
ccache field is an owner pointer, not an alias.)
Add an internal API k5_cc_store_primary_cred(), which sets start_realm
if the cred being stored is a TGT for a realm other than the client
realm. Use this API when acquiring initial tickets with a
caller-specified output ccache, when renewing or validating tickets
with kinit, when accepting a delegated credential in a GSS context,
and when storing a single cred with kvno --out-cache.
Greg Hudson [Sun, 8 Nov 2020 23:40:42 +0000 (18:40 -0500)]
Reduce warnings from mainline autoconf
In configure.ac and aclocal.m4, eliminate the use of old macros that
will generate warning from the forthcoming autoconf 2.70 release.
Specifically:
* Use AS_HELP_STRING instead of AC_HELP_STRING.
* Use AC_{COMPILE,LINK,RUN}_IFELSE and AC_LANG_{SOURCE,PROGRAM}
instead of AC_TRY_COMPILE and similar.
* Use m4_foreach_w instead of ac_foreach.
* Eliminate AC_PROG_LEX and yylineno checking, as we no longer use
lex.
* As recommended by autoconf, assume that signal handlers return void
as specified in C89.
* As recommmended by autoconf, assume <time.h> is present and that
<sys/time.h>, if present, can be included alongside it.
* Don't call AC_CHECK_FUNCS with a shell variable for the thread
safety checks. Instead just assume (as is currently the case) that
all of the functions have been previously checked.
Robbie Harwood [Tue, 23 Aug 2016 20:45:26 +0000 (16:45 -0400)]
Install shared libraries as executable
RPM expects this behavior, and systems with contrary policies (like
Debian) address permissions at the packaging layer. Most other build
systems appear to install shared libraries as executable.
Greg Hudson [Fri, 13 Nov 2020 20:32:31 +0000 (15:32 -0500)]
Add GSS credential store documentation
Add documentation for gss_acquire_cred_from() and
gss_store_cred_into(), including descriptions of the currently
supported options for the krb5 mechanism.
Simo Sorce [Tue, 6 Oct 2020 20:12:35 +0000 (16:12 -0400)]
Add verify option to cred store
The verify option instructs acquire_cred_from to verify a credential
obtained via a password, using the default keytab or the keytab
provided via the "keytab" key. The value is a principal name (in
string form) for a key in the selected keytab, or the empty string to
use any host key in the keytab.
Simo Sorce [Mon, 26 Oct 2020 18:47:19 +0000 (14:47 -0400)]
Fix gss_acquire_cred_from() IAKERB handling
Add a separate IAKERB entry point for gss_acquire_cred_from() and
correctly pass down the iakerb flag to acquire_cred_context(), so that
we don't attempt to acquire initial credentials directly.
[ghudson@mit.edu: rebased earlier in sequence; rewrote commit message]
Demi M. Obenour [Sun, 25 Oct 2020 15:05:23 +0000 (11:05 -0400)]
Be stricter about ASN.1 decoding
Remove support for BER indefinite-length encodings, which are not
valid in DER. Enforce validity of digits in GeneralizedTime values.
Reject signed integer encodings large enough to possibly overflow
intmax_t, and use regular arithmetic to avoid the undefined behavior
of left-shifting a negative integer. Reject trailing garbage in
explicitly-tagged single values. Remove the unnecessary
KRB5_GENEROUS_LR_TYPE workaround; our KDC doesn't generate last-req
information, so the broken pre-2000 encoding behavior had no impact.
Greg Hudson [Sat, 31 Oct 2020 21:07:05 +0000 (17:07 -0400)]
Add recursion limit for ASN.1 indefinite lengths
The libkrb5 ASN.1 decoder supports BER indefinite lengths. It
computes the tag length using recursion; the lack of a recursion limit
allows an attacker to overrun the stack and cause the process to
crash. Reported by Demi Obenour.
CVE-2020-28196:
In MIT krb5 releases 1.11 and later, an unauthenticated attacker can
cause a denial of service for any client or server to which it can
send an ASN.1-encoded Kerberos message of sufficient length.
Greg Hudson [Wed, 26 Aug 2020 20:49:37 +0000 (16:49 -0400)]
Allow KDC to canonicalize realm in TGS client
Active Directory canonicalizes the srealm field of TGS replies,
whether or not the client requests canonicalization. Allow this for
regular TGS and S4U2Self referrals queries by comparing only the name
part of the service principal. The S4U2Proxy code is already correct.
Greg Hudson [Mon, 5 Oct 2020 16:01:32 +0000 (12:01 -0400)]
Move more KDC checks to validate_tgs_request()
Move the following validity checks:
* the INVALID ticket flag check from kdc_process_tgs_req()
* the lineage check from process_tgs_req()
* the user-to-user second ticket client check from process_tgs_req()
* all S4U2Self validity checks from kdc_process_s4u2self_req()
* S4U2Proxy validity checks (but not KDB authorization checks) from
kdc_process_s4u2proxy_req()
In process_tgs_req(), call validate_tgs_request() after
kdc_process_s4u2self_req() and decrypt_2ndtkt() so that their outputs
can be used as validation inputs. Add stkt and is_crossrealm locals
for convenience, and remove st_idx.
There are some minor behavior changes:
* For invalid S4U2Self request options, the status string is changed
from "INVALID AS OPTIONS" to "INVALID S4U2SELF OPTIONS".
* For a header ticket with the INVALID flag, the reply code is changed
to KRB_AP_ERR_TKT_NYV (as specified in RFC 4120) and the status
string to "TICKET NOT VALID".
* For a lineage check failure, the explicit KDC log is removed, and
the status string is changed to "INVALID LINEAGE".
* For a user-to-user second ticket client mismatch, the explicit audit
call is removed, and the log message does not include the second
ticket client.
* e_data returned from the KDB check_policy_as() method will be
included in the error for S4U2Self requests.
Robbie Harwood [Thu, 15 Oct 2020 22:15:29 +0000 (18:15 -0400)]
Fix minor static analysis defects
Remove an unused variable in krb5_ldap_create(). Handle the return
value from krb5_dbe_get_string() in the certauth test plugin module.
Handle the return value from k5_expand_path_tokens() in
k5_rc_default(). Remove dead assignments in
krb5_get_credentials_for_user() and kg_accept_krb5().
[ghudson@mit.edu: squashed and edited commit message; simplified
k5_rc_default() change]
Greg Hudson [Fri, 16 Oct 2020 15:35:18 +0000 (11:35 -0400)]
Unregister thread key in SPNEGO finalization
Commit d160bc733a3dbeb6d84f4e175234ff18738d9f66 (ticket 7045) added a
new thread key K5_KEY_GSS_SPNEGO_STATUS and registered it in SPNEGO
library initialization, but neglected to unregister it in
finalization. As a result, loading, unloading, and reloading
libgssapi_krb5 could throw an assertion failure if libkrb5support
remained loaded. Unregister the key in SPNEGO finalization and add a
test case.
The following changes are made to the upstream code:
* In aes.h, #defines are added to give the linker-visible symbols a
prefix.
* In aes.h, AES_192 is undefined, since we only need AES-128 and
AES-256.
* In aesopt.h, USE_INTEL_AES_IF_PRESENT and USE_VIA_ACE_IF_PRESENT are
suppressed by changing the corresponding "#if 1"s to "#if 0"s.
* In aesopt.h, the conditionals for ENC_UNROLL, DEC_UNROLL, ENC_ROUND,
LAST_ENC_ROUND, DEC_ROUND, LAST_DEC_ROUND, and KEY_SCHED are changed
from "#if 1" to "#if !defined(CONFIG_SMALL) ||
defined(CONFIG_SMALL_NO_CRYPTO)".
Where possible, use the realm of the request server principal
(canonicalized via KDB lookup, if available) in preference to
tgs_server. This change facilitates alias realm support and potential
future support for serving multiple realms from the same KDB.
S4U2Self local user testing currently uses the uncanonicalized request
realm after this change, which will require attention for alias realm
support.
FAST armor ticket checking is unaffected by this change (it still
compares against tgs_server). This check poses no issue for realm
aliases, as both tgs_server and the armor ticket server should have
canonical realms, but it will require attention for multi-realm KDB
support.
Remove is_local_principal() as it is no longer used. Add an
is_local_tgs_principal() helper and shorten is_cross_tgs_principal().
Move the header ticket lineage check from kdc_process_tgs_req() to
process_tgs_req(), where we have the canonical request server name and
a more natural indication of whether the request was an S4U2Self
request.
In krb5.hin, fix some apparently harmless whitespace nits in comments
which cause newer Doxygen versions to generate <detaileddescription>
content containing <linebreak/> tags. Also remove the explicit "@n"
linebreaks in the responder JSON schemas, instead relying on Doxygen
markup support (added in Doxygen 1.8). Add a verbatim handler in
doxybuilder_types.py to translate the resulting section, replacing the
linebreak handler which is no longer needed.
css_files is deprecated in Sphinx. Instead use app.add_stylesheet()
in a setup function in conf.py. (Sphinx 1.8 has a slightly simpler
method, but that is currently too recent to depend on.) Also remove
the obsolete html_use_smartypants setting.
In func_document.tmpl, fix an incorrent use of "is".
The KDC has listened to TCP connections by default since commit 8d88e2ab00be126237569dc72827ced2ce6b7d04 (ticket 6731). Update the
documentation for _kerberos._tcp accordingly.
Add a second workflow to build documentation, with the HTML output as
a generated artifact. Skip the doc workflow if no documentation files
were changed. Skip the existing build workflow if no source files
were changed.
Isaac Boukris [Mon, 21 Sep 2020 22:11:39 +0000 (01:11 +0300)]
Adjust KDC alias helper function contract
Change the name of is_client_alias() to is_client_db_alias(), and
change the contract so that the already-canonical principal name comes
from a DB entry (which is less flexible, but clearer since DB entries
always contain canonical principal names). Make the function
available outside of kdc_util.c.
In enctypes.rst, note that des3-cbc-sha1 and arcfour-hmac are
deprecated, and add a paragraph about des3-cbc-sha1 support being
removed in the future. Add a section on migrating away from legacy
enctypes (briefer than the existing advanced/retiring-des.rst and not
specific to single-DES).
In kdc_conf.rst, note that des3-cbc-sha1 and arcfour-hmac are
deprecated.
Isaac Boukris [Fri, 4 Sep 2020 11:05:50 +0000 (14:05 +0300)]
Improve KDC alias checking for S4U requests
When processing an S4U2Self request, check for DB aliases when
matching the TGT client against the request server. When processing
an S4U2Proxy request, check for DB aliases when matching the TGT
client against the evidence ticket server.
[ghudson@mit.edu: minor edits; rewrote commit message]
Greg Hudson [Thu, 20 Aug 2020 03:03:28 +0000 (23:03 -0400)]
Remove Leash import functionality
Copying tickets from the MSLSA cache to another cache is no longer
possible in most circumstances, and the Leash ribbon UI does not have
an import button. Remove all remaining support for importing tickets.
Greg Hudson [Wed, 19 Aug 2020 15:37:12 +0000 (11:37 -0400)]
Fix Leash crash when ticket autorenewal fails
CLeashView::RenewTicket() falls back to an ImportTicket or InitTicket
operation if ticket renewal fails. A 2004 commit (from the old
pismere repository) added code to heuristically determine whether
Leash's cache was imported by comparing the MSLSA cache principal name
to ticketinfo.Krb5.principal. Commit 9bc411e72fce5bed3ed00ae5b09f8c239309bae0 broke this code by removing
the call to initialize ticketinfo.Krb5 and by making
ticketinfo.Krb5.principal ephemeral. The strcmp() call now crashes
the process with a null dereference.
Fix the crash by removing the heuristic detection of imported tickets,
using the current value of m_importedTickets (which should be correct
unless Leash was restarted after the tickets were obtained) to decide
whether to import or initialize tickets.
In get_mech_set(), check the length before reading the first byte, and
decrease the length by the tag byte when reading and verifying the
sequence length.
In get_req_flags(), check the length before reading the first byte,
and check the context tag length after decoding it.
When reading an OID in a SPNEGO token, use gssint_get_der_length()
rather than assuming the length fits in one byte. Although OID
lengths greater than 127 are unlikely, some NetApp products have been
observed to incorrectly encode the length in multiple bytes. Reported
by Richard Sharpe.
Greg Hudson [Wed, 26 Aug 2020 15:15:11 +0000 (11:15 -0400)]
Fix KRB5_GC_CACHED for S4U2Self requests
In krb5_get_credentials_for_user(), always exit after the first cache
check if KRB5_GC_CACHED is specified. Not making network requests
with this flag is more important than finding a post-realm-discovery
cached entry.
If KRB5_GC_CACHED is specified without a principal name, fail
immediately, as we cannot check the cache by certificate.
Greg Hudson [Thu, 25 Jun 2020 00:48:14 +0000 (20:48 -0400)]
Use the term "primary KDC" in source and docs
Where it does not affect program behavior, use the term "primary KDC".
This commit does not change any profile variables, DNS labels,
pathnames, or externally visible identifiers, nor does it change the
term "master key".
Greg Hudson [Wed, 19 Aug 2020 15:49:29 +0000 (11:49 -0400)]
Suppress Leash error popup on MSLSA renew failure
Attempting to renew the MSLSA cache can commonly fail with
KRB5_CC_NOTFOUND due to LSA policy. Do not display an error popup in
this case. Also fix a logic error in the existing suppressions.
Replace the TARGET_OS_MAC conditionals with the conditionals used in
Heimdal, so that we do not pack structures inconsistently with macOS
on ARM. Suggested by Luke Howard.
Robbie Harwood [Thu, 20 Aug 2020 21:49:29 +0000 (17:49 -0400)]
Unify kvno option documentation
Add missing kvno options to the kvno.rst synopsis and option
descriptions, and to the kvno usage message. Remove mention of '-h'
(help text), from kvno.rst as it is an implicit option. Note that the
three new caching options were added in release 1.19.
Indicate the two exclusions (-u/-S and --u2u with the S4U2Self options)
and dependency (-P on S4U2Self) where they are missing.
Switch xusage() to print only a single localized string, rather than
running each line of output through localization separately.
Leave kvno -C undocumented for now, as the semantics of
KRB5_GC_CANONICALIZE are minimally useful and likely to change.
[ghudson@mit.edu: edited documentation and commit message]
Isaac Boukris [Mon, 20 Jul 2020 22:40:06 +0000 (00:40 +0200)]
Cache S4U2Proxy requests by second ticket
krb5_get_credentials() does not know the client principal for an
S4U2Proxy request until the end, because it is in the encrypted part
of the evidence ticket. However, we can check the cache by second
ticket, since all S4U2Proxy requests in a cache will generally be made
with the same evidence ticket.
In the ccache types, allow mcreds->client and mcreds->server to be
NULL (as Heimdal does) to ignore them for the purpose of matching. In
krb5int_construct_matching_creds(), set mcreds->client to NULL for
S4U2Proxy requests. Add a cache check to
k5_get_proxy_cred_from_kdc(), and remove the cache check from
krb5_get_credentials_for_proxy() and the krb5 mech's
get_credentials().
In get_proxy_cred_from_kdc(), fix a bug where cross-realm S4U2Proxy
would cache the evidence ticket used in the final request, rather than
the original evidence ticket.
[ghudson@mit.edu: debugged cache check and cross-realm caching;
switched from new flag to null matching cred principals; wrote commit
message]
In krb5_sname_to_principal(), when using fallback, defer realm lookup
and any kind of hostname canonicalization until use. Add a
lightweight iterator k5_canonprinc() to yield the one or two possible
candidates for a principal. In the iterator, don't yield the same
hostname part twice.
Add fallback processing to the stepwise TGS state machine, and remove
it from krb5_get_credentials(). Add fallback processing to
k5_get_proxy_cred_from_kdc().
Add fallback processing to krb5_init_creds_set_keytab(), and use the
principal we find in the keytab as the request client principal.
Defer restart_init_creds_loop() to the first step call so that server
principal is built using the correct realm.
Unix-like platforms do not provide a simple method to find the
fully-qualified local hostname as the machine is expected to appear to
other hosts. Canonicalizing the gethostname() result with
getaddrinfo() usually works, but potentially uses DNS. Now that
dns_canonicalize_hostname=true is no longer the default, KDB creation
would generally create the wrong host-based principals.
kadmin/hostname is unnecessary because the client software can also
use kadmin/admin, and kiprop/hostname is one of several principals
that must be created for incremental propagation.
The MIT krb5 kadmin protocol originally used kadmin/admin as the
service principal. Commits 493f0da5fbf92b0ac2f10e887706d1964d8a15e8
and 5cfaec38a8e8f1c4b76228ba0a252987af797ca4 changed it to use
kadmin/hostname preferentially, with kadmin/admin as a fallback, for
interoperability with the Solaris SEAM administrative protocol.
Change the preference order so that kadmin/admin is tried first, with
kadmin/hostname as a fallback.
Xcode 12 will change its clang to have
-Werror=implicit-function-declaration by default. Fix three autoconf
tests which generate this warning due to missing include declarations.
Reported by Misty De Meo.
Bison 3.5 adds a POSIX yacc compliance warning that %type should only
be applied to non-terminals. Use %token for terminals in getdate.y.
Reported by Norm Green.
Fixes a problem where the presence of legacy/unrecognized keysalts in
supported_enctypes would prevent the kadmin programs from starting.
[ghudson@mit.edu: ideally we would put a warning in the kadmind log,
but that is difficult to do when the parsing is done inside a library.
Even adding a trace log is difficult because the kadm5 str_conv
functions do not accept contexts.]
Windows Remote Management, when used with an RC4 session key, appears
to generate GSS wrap tokens with no padding instead of the expected
one byte (RFC 4757 section 7.3). These tokens cannot be decoded with
gss_unwrap() or a STREAM buffer (even with Microsoft SSPI), but SSPI
allows them to be decoded using explicit IOVs with either a
zero-length padding buffer or no padding buffer. Allow these cases to
work in kg_fixup_padding_iov(). (It is already possible to make this
work with HEADER | DATA | DATA, but only by
accident--kg_fixup_padding_iov() doesn't find a data buffer because
kg_locate_iov() only looks for singleton buffers, so it exits early.)
When considering or bypassing an empty record in a keytab file, check
for a lenth of INT32_MIN. Otherwise we could perform a backwards
seek, as the inverse of INT32_MIN is still negative.
[ghudson@mit.edu: adjusted comments; wrote commit message]
Greg Hudson [Fri, 19 Jun 2020 19:05:37 +0000 (15:05 -0400)]
Avoid using LMDB environments across forks
In krb5kdc and kadmind, reinitialize the DB state after daemonizing,
to prevent using an LMDB environment in a different process than it
was created. Otherwise the daemon's reader table slot appears to be
stale and can be claimed by another process.
In kadmind, this change means that global_server_handle changes value
after the loop setup. Add an extra level of pointer indirection so
that the handle passed to the loop remains valid.
kdb_init_hist() is now called twice by kadmind. Change it to avoid
leaking hist_princ on the second invocation.
Isaac Boukris [Mon, 12 Aug 2019 11:13:07 +0000 (11:13 +0000)]
Add GSS_KRB5_NT_X509_CERT name type
If this name type is used for the desired_name parameter of
gss_acquire_cred_impersonate_name(), identify the S4U2Self user by
certificate. Co-authored with Purand Chand <pchand@vmware.com>.
[ghudson@mit.edu: added documentation; updated to use a boolean at the
GSS layer rather than a new krb5 name type; rewrote commit message]
Greg Hudson [Tue, 23 Jun 2020 17:30:59 +0000 (13:30 -0400)]
Fix KDC choice to send encrypted S4U_X509_USER
The KDC's decision to send a PA_S4U_X509_USER entry in encrypted
padata has no connection to the client USE_REPLY_KEY_USAGE flag. Only
conditionalize on the enctype.
Greg Hudson [Thu, 18 Jun 2020 00:48:38 +0000 (20:48 -0400)]
Add three kvno options from Heimdal kgetcred
Add the flags --cached-only and --no-store, which pass the
corresponding options to krb5_get_credentials(). Add the option
--out-cache to write the retrieved credentials to a specified output
cache.
Add a Python test script for kvno command-line options, including
tests for the new options.
Isaac Boukris [Tue, 9 Jun 2020 22:32:56 +0000 (01:32 +0300)]
Interop with Heimdal KDC for S4U2Self requests
[MS-SFU] 3.1.5.1.1.1 says the KDC SHOULD send PA_S4U_X509_USER pa-data
if the TGT session key is of a newer enctype. Our S4U2Self client
code has enforced this clause as if it were a MUST. For consistency
with Microsoft and interoperability with Heimdal (which does not
implement PA_S4U_X509_USER), stop enforcing this constraint.
[ghudson@mit.edu: compressed code slightly; wrote commit message]
Nikhil Benesch [Sat, 13 Jun 2020 23:54:34 +0000 (19:54 -0400)]
Try to find <target>-ar when cross compiling
Teach the configure script to look for an ar tool prefixed with the
target triple (i.e., `<target>-ar`) when cross compiling. This matches
the behavior for tools that have built-in autoconf macros, like ranlib.
(For some reason there is no AC_PROG_AR macro.)
Also, remove the AC_PROG_ARCHIVE and AC_PROG_ARCHIVE_ADD macros, which
have been dead code since 780b34cd.
With this change, cross compiling libkrb5 works a bit better out of the
box.
Robbie Harwood [Tue, 9 Jun 2020 20:23:37 +0000 (16:23 -0400)]
Improve negoex_parse_token() code hygiene
If the while loop in negoex_parse_token() runs for zero iterations,
major will be used initialized. Currently this cannot happen, but
only because both of the call sites check for zero-length tokens.
Initialize major for safety.
Greg Hudson [Thu, 4 Jun 2020 17:19:53 +0000 (13:19 -0400)]
Set pw_expiration during LDAP load
When loading a principal entry in process_k5beta7_princ(), set the
KADM5_PW_EXPIRATION mask bit so that the password expiration time is
set on the principal entry. Add a regression test.
Greg Hudson [Wed, 27 May 2020 22:48:35 +0000 (18:48 -0400)]
Default dns_canonicalize_hostname to "fallback"
This change should mitigate some of the pain caused by the rdns=true
default (generally associated with unwanted PTR records that cannot
easily be changed), with a minimum of fallout.
Update the documentation and tests accordingly. In test environments,
disable qualify_shortname and use the uncanonicalized system hostname
(lowercased) to match the initial sn2princ result.
Greg Hudson [Fri, 22 May 2020 17:10:36 +0000 (13:10 -0400)]
Return GSS_S_NO_CRED from krb5 gss_acquire_cred
Earlier versions of the GSS-API spec (RFCs 1508 and 2078) do not list
GSS_S_NO_CRED as a valid error code for gss_acquire_cred. As a
result, the OpenVision developers of the GSSAPI krb5 mech created
GSS_S_CRED_UNAVAIL as an alias for GSS_S_FAILURE and returned it when
no valid credentials could be obtained. RFC 2743 lists GSS_S_NO_CRED
as the proper return code when matching credentials cannot be
accessed. Change the krb5 gss_acquire_cred() implementation to return
GSS_S_NO_CRED where it currently returns GSS_S_CRED_UNAVAIL.
Also stop using GSS_S_CRED_UNAVAIL in the krb5 gss_store_cred(), but
change it to explicitly use GSS_S_FAILURE instead. RFC 5588 specifies
GSS_S_NO_CRED as indicating a problem with input_cred_handle, not the
receiving store, so GSS_S_NO_CRED would be inappropriate.
Greg Hudson [Thu, 21 May 2020 18:15:25 +0000 (14:15 -0400)]
Fix SPNEGO acceptor mech filtering
Commit c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851)
accidentally changed the SPNEGO acceptor code to filter mechanisms by
the obtainability of initiator credentials rather than acceptor
credentials, when the default acceptor credential is used.
Isaac Boukris [Thu, 19 Mar 2020 23:17:28 +0000 (00:17 +0100)]
Add channel bindings tests
[ghudson@mit.edu: adjusted test program to output channel-bound state
instead of optionally enforcing it; adjusted tests to check program
output; split out tests into separate Python script; made cosmetic
changes]
Isaac Boukris [Tue, 10 Mar 2020 12:13:17 +0000 (13:13 +0100)]
Add client_aware_channel_bindings option
Add client support for KERB_AP_OPTIONS_CBT in the form of a profile
option "client_aware_gss_bindings". Adjust the make_etype_list()
helper so that enctype negotiation and AP_OPTIONS can be included in
the same IF-RELEVANT wrapper.
[ghudson@mit.edu: refactored; edited documentation; wrote commit
message]
Isaac Boukris [Mon, 9 Mar 2020 15:04:21 +0000 (16:04 +0100)]
Implement KERB_AP_OPTIONS_CBT (server side)
Add server support for Microsoft's KERB_AP_OPTIONS_CBT as described in
MS-KILE. If the client includes the AP option in the authenticator
authdata and the server passed channel bindings, require the bindings
to match.
[ghudson@mit.edu: refactored to put more logic in the helper function;
added a comment; clarified commit message]
Define a new channel-bound GSS return flag, and set it in the krb5
mech if the initiator sent channel bindings matching the acceptor's.
Do not error out if the acceptor specifies channel bindings and the
initiator does not send them.
[ghudson@mit.edu: simplified code changes; fleshed out commit message]
[iboukris: cherry-picked from another PR and reduced in scope]
Greg Hudson [Wed, 13 May 2020 17:01:31 +0000 (13:01 -0400)]
Add KDC helpers for current key and kvno
Add a simple static inline function current_kvno() to safely fetch the
current kvno of a principal entry, and use it where we currently write
entry->key_data[0].key_data_kvno.
Add a function get_first_current_key() to find and decrypt the first
valid current key from an entry. Use it in get_local_tgt() and when
selecting a ticket encryption key during AS and TGS processing.
Add a local_tgt_key field to krb5_kdcpreauth_rock_st and use it in
add_freshness_token() so we don't have to decrypt it again.
Greg Hudson [Wed, 13 May 2020 17:05:49 +0000 (13:05 -0400)]
Prevent use of invalid local TGT key
Commit 570967e11bd5ea60a82fc8157ad7d07602402ebb took a shortcut in
get_local_tgt() by using the first key data entry in the TGT principal
entry. This is usually correct, but if the first key data entry has
an invalid enctype (such as a single-DES enctype), we can select a key
we can't use. Call krb5_dbe_find_enctype() instead. Reported by
Leonard Peirce.
Greg Hudson [Sun, 10 May 2020 16:59:24 +0000 (12:59 -0400)]
Add stubs for some removed replay cache functions
Commit dcb853ac32779b173f39e19c0f24b0087de85771 removed some replay
cache functions that haven't been considered part of the libkrb5 API.
Some of these functions were used in OpenSSL (despite the lack of
prototypes) prior to the OpenSSL 1.1 release. Run-time linker errors
can occur if an OpenSSL 1.0.x (or earlier) libssl is used with a 1.18
libkrb5, even though the Kerberos code would likely never be used.
Add stubs for the four functions historically used in OpenSSL.
Greg Hudson [Sun, 10 May 2020 16:25:52 +0000 (12:25 -0400)]
Add KRB5_PRINCIPAL_PARSE_NO_DEF_REALM flag
Implement KRB5_PRINCIPAL_PARSE_NO_DEF_REALM from Heimdal. This flag
for krb5_parse_name_flags() suppresses the addition of the default
realm, but allows and preserves the realm if one is specified in the
string.
Greg Hudson [Wed, 6 May 2020 20:03:13 +0000 (16:03 -0400)]
Omit KDC indicator check for S4U2Self requests
As there was no initial ticket exchange from the client for an
S4U2Self request, the auth indicator check is inapplicable (and would
always fail if any auth indicators are required).
Commit 24b844714dea3e47b17511746b5df5b6ddf13d43 (ticket 8845) added
releases of sc->internal_name and sc->deleg_cred before calling the
underlying mech's gss_accept_sec_context(), to avoid a potential leak
if the mech reports a value multiple times. Commit c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851) added a branch
which calls negoex_accept() instead of calling directly into the
underlying mech. If negoex_accept() doesn't call into the mech on the
last acceptor leg, the src_name and deleg_cred values from the final
mech call are lost.
Move the releases to the non-NegoEx branch. negoex_accept() already
does its own releases when it calls into the mech.
projects / thirdparty / krb5.git / log
