Greg Hudson [Tue, 17 Aug 2021 15:26:59 +0000 (11:26 -0400)]
Perform atomic ccache refreshes when possible
Allow ccache types to implement atomic replacement via a new replace
method (replacing the unused "move" vtable slot). Make krb5_cc_move()
use this method when possible, falling back to non-atomic replacement.
Implement atomic replacement for FILE, DIR, MEMORY, and KCM (using a
new opcode, falling back when it is not implemented).
Use krb5_cc_move() in get_in_tkt.c when an output ccache is specified,
in kinit for ticket validation and renewal, and in kvno --out-cache.
Add a test program to exercise concurrent krb5_get_credentials() and
cache refresh.
This commit does not implement atomic replacement for KEYRING or for
gss_store_creds().
Greg Hudson [Wed, 18 Aug 2021 16:07:04 +0000 (12:07 -0400)]
Fix conformance issue in GSSAPI tests
Although some C compilers allow a function returning void to be called
in a return statement from another function returning void, it isn't
conformant and generates an error from (at least) the HP-UX native
compiler. Reported by Michael Osipov.
Greg Hudson [Tue, 3 Aug 2021 05:15:27 +0000 (01:15 -0400)]
Fix KDC null deref on TGS inner body null server
After the KDC decodes a FAST inner body, it does not check for a null
server. Prior to commit 39548a5b17bbda9eeb63625a201cfd19b9de1c5b this
would typically result in an error from krb5_unparse_name(), but with
the addition of get_local_tgt() it results in a null dereference. Add
a null check.
Reported by Joseph Sutton of Catalyst.
CVE-2021-37750:
In MIT krb5 releases 1.14 and later, an authenticated attacker can
cause a null dereference in the KDC by sending a FAST TGS request with
no server field.
Commit 1cd2821c19b2b95e39d5fc2f451a035585a40fa5 altered the memory
management of krb5_gss_inquire_cred(), introducing defcred to act as
an owner pointer when the function must acquire a default credential.
The commit neglected to update the code to release the default cred
along the successful path. The old code does not trigger because
cred_handle is now reassigned, so the default credential is leaked.
Unify the success and failure cleanup for this function so that
defcred is properly released on success.
Reorganize ec_verify() and ec_return() to use cleanup labels instead
of if-ladders. Also use unconditional calls to free functions and
change a few variable names.
Joseph Sutton [Tue, 6 Jul 2021 23:47:44 +0000 (11:47 +1200)]
Fix KDC null deref on bad encrypted challenge
The function ec_verify() in src/kdc/kdc_preauth_ec.c contains a check
to avoid further processing if the armor key is NULL. However, this
check is bypassed by a call to k5memdup0() which overwrites retval
with 0 if the allocation succeeds. If the armor key is NULL, a call
to krb5_c_fx_cf2_simple() will then dereference it, resulting in a
crash. Add a check before the k5memdup0() call to avoid overwriting
retval.
CVE-2021-36222:
In MIT krb5 releases 1.16 and later, an unauthenticated attacker can
cause a null dereference in the KDC by sending a request containing a
PA-ENCRYPTED-CHALLENGE padata element without using FAST.
[ghudson@mit.edu: trimmed patch; added test case; edited commit
message]
Robbie Harwood [Wed, 26 May 2021 22:22:10 +0000 (18:22 -0400)]
Clean up gssapi_krb5 ccache name functions
Modernize kg_get_ccache_name() and kg_get_ccache_name(). Drop
unnecessary use of const in kg_get_ccache_name() so that its return
value can be properly freed. Fixes some static analyzer false
positives.
Robbie Harwood [Sat, 29 May 2021 18:54:56 +0000 (14:54 -0400)]
Modernize pkinit_get_certs_pkcs11
Remove unusable PKINIT_USE_MECH_LIST code since there's no build
system support and it would leak mechp. Factor out the code to load a
cert from the card. Avoid mixing PKCS11 and krb5 error codes. Fix
leaks of cert and cert_id reported by Coverity.
Robbie Harwood [Sat, 29 May 2021 17:25:59 +0000 (13:25 -0400)]
Fix use-after-free during krad remote_shutdown()
Since elements of the queue can be removed on out-of-memory errors,
the correct call is K5_TAILQ_FOREACH_SAFE, not K5_TAILQ_FOREACH.
Reported by Coverity.
Greg Hudson [Sun, 20 Jun 2021 23:24:07 +0000 (19:24 -0400)]
Using locking in MEMORY krb5_cc_get_principal()
Without locking, the principal pointer could be freed out from under
krb5_copy_principal() by another thread calling krb5_cc_initialize()
or krb5_cc_destroy().
Greg Hudson [Wed, 23 Jun 2021 20:53:16 +0000 (16:53 -0400)]
Fix leaks on error in kadm5 init functions
In the GENERIC_CHECK_HANDLE function, separate out the
version-checking logic so we can call it in the init functions before
allocating resources.
In the client and server library initialization functions, use a
single exit path after argument validation, and share the destruction
code with kadm5_destroy() via a helper.
Robbie Harwood [Sat, 29 May 2021 16:05:49 +0000 (12:05 -0400)]
Fix k5tls module for OpenSSL 3
Starting in OpenSSL 3, connection termination without a close_notify
alert causes SSL_read() to return SSL_ERROR_SSL instead of
SSL_ERROR_SYSCALL. OpenSSL 3 also provides a new option
SSL_OP_IGNORE_UNEXPECTED_EOF which allows an application to explicitly
ignore possible truncation attacks and receive SSL_ERROR_ZERO_RETURN
instead.
Remove the call to SSL_CTX_get_options() since SSL_CTX_set_options()
doesn't clear existing options.
[ghudson@mit.edu: edited commit message and comment]
Robbie Harwood [Sat, 15 May 2021 21:35:25 +0000 (17:35 -0400)]
Fix softpkcs11 build issues with openssl 3.0
EVP_PKEY_get0_RSA() has been modified to have const return type. Remove
its usages in favor of the EVP_PKEY interface. Also remove calls to
RSA_blinding_off(), which we don't need and would require a non-const
object. Similarly, remove RSA_set_method() calls that set a pre-existing
default.
Since softpkcs11 doesn't link against krb5 and can't use zap(), allocate
buffers with OPENSSL_malloc() so can use OPENSSL_clear_free().
Move several argument validation checks to the top of their functions.
Greg Hudson [Mon, 7 Jun 2021 19:00:41 +0000 (15:00 -0400)]
Fix kadmin -k with fallback or referral realm
kadmin -k produces a client principal name with
krb5_sname_to_principal(), but it gets converted to a string and back
due to the signature of kadm5_init_with_skey(), which loses track of
the name type, so no canonicalization is performed.
In libkadm5clnt initialization, recognize the important subset of this
case--an empty realm indicates either fallback processing or the
referral realm--and restore the host-based name type so that the
client principal can be canonicalized against the keytab.
Greg Hudson [Mon, 7 Jun 2021 17:27:29 +0000 (13:27 -0400)]
Fix some principal realm canonicalization cases
The no_hostrealm and subst_defrealm flags in struct canonprinc were
only applied when dns_canonicalize_hostname=fallback; in the other
cases, the initial krb5_sname_to_principal() result is treated as
canonical. For no_hostrealm this limitation doesn't currently matter,
because all uses pass a principal with no realm as input. However,
subst_defrealm is used to convert the referral realm to the default
realm in krb5_get_init_creds_keytab(), krb5_cc_cache_match(), and
gss_acquire_cred() when it needs to check the desired name against a
specified ccache.
In k5_canonprinc(), if the input principal is a
krb5_sname_to_principal() result and fallback isn't in effect, apply
subst_defrealm. Document in os-proto.h that no_hostrealm doesn't
remove an existing realm and that krb5_sname_to_principal() may
already have looked one up.
Greg Hudson [Fri, 21 May 2021 02:59:47 +0000 (22:59 -0400)]
Remove dejagnu test suite
Of the remaining test scripts, kprop.exp has a corresponding Python
script, and standalone.exp is covered by t_general.py, t_dump.py,
t_keytab.py, and t_pkinit.py.
Greg Hudson [Wed, 26 May 2021 19:08:28 +0000 (15:08 -0400)]
Fix doc build for Sphinx 4.0
Use app.add_css_file() to register krb5.css if possible (it was added
in Sphinx 1.8), since the old name app.add_stylesheet() was removed in
Sphinx 4.0.
Use the highlight directive instead of the highlightlang directive,
which was removed in Sphinx 4.0.
Remove two duplicate table of contents entries to fix warnings.
In the Github Actions configuration, add a second doc build using the
newest version of Sphinx.
Greg Hudson [Thu, 20 May 2021 21:31:49 +0000 (17:31 -0400)]
Rewrite not-yet-covered dejagnu tests in Python
Remove the dejagnu scripts gssapi.exp, princexpire.exp, sample.exp,
simple.exp, and tcp.exp.
Add server output checking to t_gss_sample.py to match the checks in
gssapi.exp.
Add a test to t_general.py matching the #6428 regression test in
princexpire.exp.
Add new test scripts t_sample.py and t_simply.py for the appl/sample
and appl/simple applications, to match sample.exp and simple.exp.
Adjust the simple and sample servers to allow for startup detection
when stdout is a pipe. Both of these test servers exit after one
client execution; add a k5test function await_daemon_exit() to allow
the daemon exit status to be checked without sending a kill signal.
Change start_in_inetd() not to require the program name to be
specified twice. Adjust the existing t_user2user.py for the
aforementioned changes.
Add a TCP test to t_bigreply.py to match the oversized-TCP-request
test in tcp.exp. The existing t_bigreply.py test already covers a
successful TCP request.
Remove the dejagnu scripts kadmin.exp, pwchange.exp, and pwhist.exp.
Add a new Python test script t_kadmin.py for the miscellaneous kadmin
tests from kadmin.exp.
In t_changepw.py, use modprinc +needchange for one of the kinit
password change tests to gain the same coverage as pwchange.exp had,
and add the "password changes are usable by kinit" tests from
kadmin.exp.
In t_policy.py, add the ticket 929 regression tests from kadmin.exp
and the ticket 2841 regression tests from pwhist.exp.
Greg Hudson [Tue, 11 May 2021 18:04:07 +0000 (14:04 -0400)]
Fix KCM retrieval support for sssd
Commit 795ebba8c039be172ab93cd41105c73ffdba0fdb added a retrieval
handler using KCM_OP_RETRIEVE, falling back on the same error codes as
the previous KCM_OP_GET_CRED_LIST support. But sssd (as of 2.4)
returns KRB5_CC_NOSUPP instead of KRB5_CC_IO if it recognizes an
opcode but does not implement it. Add a helper function to recognize
all known unsupported-opcode error codes, and use it in kcm_retrieve()
and kcm_start_seq_get().
Fix three Windows-specific argument type errors, including a crash bug
in the default replay cache type. Change the compiler flags to treat
several argument type warnings as errors.
The replay cache bug was reported by Thomas Wagner.
Ken Hornstein [Wed, 17 Mar 2021 21:44:46 +0000 (17:44 -0400)]
Add additional KRB5_TRACE points
Add additional tracing points to the PKINIT plugin for use with the
KRB5_TRACE facility, replacing many (but not all) of the existing
pkiDebug() trace points.
Fix a memory leak of an errinfo structure when loading a PKCS11 module
fails.
Rename pkinit_pkcs11_code_to_text() to pkcs11err() for brevity, and
modify it for thread safety.
[ghudson@mit.edu: added certificate index to regexp match trace
points; renamed various identifiers; edited commit message]
Greg Hudson [Wed, 31 Mar 2021 19:00:21 +0000 (15:00 -0400)]
Simplify krb5_cccol_have_content()
For the purposes of determining whether Kerberos credentials are
present, just check for an initialized ccache (as detected by
krb5_cc_get_principal()), not one with credentials in it. For KCM and
KEYRING caches, this changes avoids the O(n) expense of starting an
iteration.
Also fix a potential memory leak if a cache is found after an error is
saved.
Greg Hudson [Sat, 27 Mar 2021 03:38:54 +0000 (23:38 -0400)]
Use KCM_OP_RETRIEVE in KCM client
In kcm_retrieve(), try KCM_OP_RETRIEVE. Fall back to iteration if the
server doesn't implement it, or if we can an answer incompatible with
KRB5_TC_SUPPORTED_KTYPES.
In kcmserver.py, implement partial decoding for creds and cred tags so
that we can do a basic principal name match.
Greg Hudson [Mon, 29 Mar 2021 18:32:56 +0000 (14:32 -0400)]
Fix KCM flag transmission for remove_cred
MIT krb5 uses low bits for KRB5_TC flags, while Heimdal uses high bits
so that the same flag word can also hold KRB5_GC flags. Add a mapping
function and send the Heimdal flag values when performing a
remove_cred operation.
Greg Hudson [Sat, 27 Mar 2021 04:52:05 +0000 (00:52 -0400)]
Fix gss-krb5 handling of high sequence numbers
Commits abcfdaff756631d73f49103f679cafa7bc45f14e and 41ddaaeb286e8bb1bba64fb557ba0e4cff9b404d incorrectly changed the
interpretation of authenticator sequence numbers in the range
2^31..2^32-1, mapping them to sign-extended 64-bit values. The major
Kerberos implementations do not generate sequence numbers this large,
so the changed went unnoticed. Prevent unwanted sign extension by
casting sequence numbers retrieved from auth contexts to uint32_t
before assigning them to uint64_t fields. Reported by Jake Scott.
Greg Hudson [Thu, 25 Mar 2021 16:00:54 +0000 (12:00 -0400)]
Avoid rand() in aes-gen test program
rand() can output different sequences on different platforms with the
same seed, and (since commit cb5f190056ef4d123c5fe5d4923982b830288438)
we want fixed output. Use specified inputs instead. Reported by Ken
Hornstein.
Greg Hudson [Thu, 11 Mar 2021 02:53:33 +0000 (21:53 -0500)]
Fix PKINIT memory leaks
pkinit_client_process() calls pkinit_client_profile() a second time,
leaking the values obtained the first time. Remove the call.
Commit 13ae08e70a05768d4f65978ce1a8d4e16fec0d35 introduced more
possibilities for process_option_identity() to return failure after it
filled in some fields. PKCS11 option parsing already prevents leaks
by freeing old values before setting new ones; do so in the other
option-parsing functions as well.
Pavel Březina [Thu, 11 Feb 2021 14:33:10 +0000 (15:33 +0100)]
Add KCM_OP_GET_CRED_LIST for faster iteration
For large caches, one IPC operation per credential dominates the cost
of iteration. Instead transfer the whole list of credentials to the
client in one IPC operation.
Add optional support for the new opcode to the test KCM server to
allow testing of the main and fallback code paths.
[ghudson@mit.edu: fixed memory leaks and potential memory errors;
adjusted code style and comments; rewrote commit message; added
kcmserver.py support and tests]
Ivan A. Melnikov [Tue, 16 Mar 2021 10:18:01 +0000 (14:18 +0400)]
Drop extra listen() call in gss-server
There is already call to listen in create_socket(), and there is no
need to tie the backlog to the number of threads. Also, here listen()
was sometimes called with zero backlog, making gss-server execution
(and tests) racy on slower and busy systems.
Robbie Harwood [Wed, 3 Mar 2021 22:16:32 +0000 (17:16 -0500)]
Fix doxygen warnings
Fix three cases of parameter name mismatch. Additionally, fix an
instance of illegal characters in the docs of krb5_address_order. '>'
and '<' are valid on their own, but '>' indicates a blockquote, so
move each stanza onto the @retval line.
Greg Hudson [Sat, 6 Mar 2021 07:20:28 +0000 (02:20 -0500)]
Fix verbatim tag handling in Doxygen bridge
Commit 281210909beef4683be3b63bc1ac1e75c2c9c7eb added handling for
verbatim tags in doxybuilder_types.py, but did not check for tail
text. This wasn't a problem in Doxygen 1.8 because its XML output
ended paragraph tags after verbatim tags, but that isn't the case in
Doxygen 1.9. Move the is_tail check earlier so we don't have to check
for each tag type.
Also avoid putting spaces at the beginnings and ends of lines when
joining the elements of the result list, to avoid confusing the RST
parser at the end of literal blocks.
Ken Hornstein [Thu, 25 Feb 2021 01:20:39 +0000 (20:20 -0500)]
Only require one valid pkinit anchor/pool value
When processing pkinit_anchor or pkinit_pool values, return
successfully if at least one value is successfully loaded (or if none
are configured).
pkinit_identity_prompt() was the backstop against trying anonymous
PKINIT without configured anchors. After this change it no longer is,
so add an explicit check for no anchors in pkinit_client_process().
[ghudson@mit.edu: added code to clear ignored errors; made minor style
edits; added no-anchors check]
Greg Hudson [Wed, 24 Feb 2021 17:54:08 +0000 (12:54 -0500)]
Fix enctype display in Leash
In KrbListTickets.cpp, change etype_string() to write its output to a
caller-supplied buffer, so that the session key enctype name and
ticket enctype name don't occupy the same static buffer. Reported by
Oliver Freyermuth.
Robbie Harwood [Fri, 15 Jan 2021 20:55:01 +0000 (15:55 -0500)]
Synchronize command-line option documentation
Command-line options are described in the following places:
- .rst file "SYNOPSIS" section
- .rst file "OPTIONS" section
- parameters to getopt()
- results of getopt() that are actually handled
- a usage() or xusage() function
- occasionally, a long form in usage()/xusage()
- occasionally, libss subcommand specifications
Over time, these have drifted. Make an effort to correct this drift,
marking deprecated options as such. For consistency, remove mention
of long arguments that have an equivalent short form.
Greg Hudson [Fri, 12 Feb 2021 20:11:25 +0000 (15:11 -0500)]
Restore krb5_set_default_tgs_ktypes()
Samba only uses the correct name (krb5_set_default_tgs_enctypes) if it
cannot find the old one in the library, so removing the name causes a
linker error for existing builds.
Ken Hornstein [Thu, 28 Jan 2021 02:21:19 +0000 (21:21 -0500)]
Load certs when checking pkinit_identities values
Move the crypto_load_certs() probe from pkinit_identity_initialize()
to process_option_identity(). This will attempt to load a certificate
for each pkinit_identities value, and if the certificate load fails to
move to the next line.
For PKCS11, return an error if pkinit_open_session() fails, but do not
fail in pkinit_open_session() just because identity prompts are
deferred.
[ghudson@mit.edu: added test case; moved cert probe to
process_option_identity(); rewrote commit message]
Greg Hudson [Fri, 15 Jan 2021 18:51:34 +0000 (13:51 -0500)]
Support host-based GSS initiator names
When checking if we can get initial credentials in the GSS krb5 mech,
use krb5_kt_have_match() to support fallback iteration. When scanning
the ccache or getting initial credentials, rewrite cred->name->princ
to the canonical client name. When a name check is necessary (such as
when the caller specifies both a name and ccache), use a new internal
API k5_sname_compare() to support fallback iteration. Add fallback
iteration to krb5_cc_cache_match() to allow host-based names to be
canonicalized against the cache collection.
Create and store the matching principal for acceptor names in
acquire_accept_cred() so that it isn't affected by changes in
cred->name->princ during acquire_init_cred().
Greg Hudson [Fri, 15 Jan 2021 19:43:34 +0000 (14:43 -0500)]
Add hostname canonicalization helper to k5test.py
To facilitate fallback tests, add a canonicalize_hostname() function
to k5test.py which works similarly to krb5_expand_hostname(). Use it
in t_gssapi.py for the recently-added acceptor name fallback test.
Greg Hudson [Mon, 25 Jan 2021 18:41:24 +0000 (13:41 -0500)]
Clarify domain_realm documentation
The [domain_realm] section provides a mapping from hostnames to realm
names, but the individual mappings apply to domains (including
subdomains) or subdomains, not to hostnames. Reported by Ulf Bremer.
Greg Hudson [Thu, 7 Jan 2021 17:34:57 +0000 (12:34 -0500)]
Allow kprop over more types of NATs
Do not send an r-address in messages from kprop, so that kpropd will
not check it against the receiver address. This change allows kprop
to work when a NAT changes the destination address. (Commit 775e496aac2650343ec20826b1ba7f6306a12f3c allows kprop to work when a
NAT changes the source address.) Reported by Jorj Bauer.
Greg Hudson [Sat, 21 Nov 2020 06:41:41 +0000 (01:41 -0500)]
Continue on KRB5_FCC_NOFILE in KCM cache iteration
Although Heimdal's KCM client only continues after KRB5_CC_END,
Heimdal's and macOS's KCM server returns KRB5_FCC_NOFILE if a cache
uuid no longer exists. Check for both errors during iteration. Also
set ret to 0 when continuing, in case the skipped uuid is the last one
in the list.
Greg Hudson [Mon, 28 Dec 2020 20:41:46 +0000 (15:41 -0500)]
Implement fallback for GSS acceptor names
Commit 3fcc365a6f049730b3f47168f7112c03997c5c0b added fallback support
to krb5_rd_req(), but acquiring acceptor creds for a host-based name
could still fail within check_keytab() in the krb5 mech.
Add an internal libkrb5 API k5_kt_have_match() to check for a matching
keytab entry with canonicalization, and use it in check_keytab(). Add
a library-internal function k5_sname_wildcard_host() to share logic
between rd_req and k5_kt_have_match().
As part of the first commit, the links to .so and .so.X were made
within the central directory instead of directly to the library build
directory. However, the dependencies were not updated to ensure that
the link target is created before the link, so when $(LN_S) is "cp
-pR" and not "ln -s", the build steps could be executed out of order
and fail. This part of the first commit was not reverted in the
second commit. Revert it now so that the dependencies match the
links.
Greg Hudson [Mon, 21 Dec 2020 15:25:58 +0000 (10:25 -0500)]
Revert dns_canonicalize_hostname default to true
Field testing of dns_canonicalize_hostname=fallback (ticket 8911)
revealed more disruptive edge cases than anticipated. Many were fixed
by ticket 8930, but host-based GSS initiator names were recently
discovered to not work, and one other edge case could not be resolved
without a change to external code.
Restore the default to true for now. Set the value to fallback in the
test suite, to continue testing the desired configuration and to avoid
restoring tests/resolve.
Greg Hudson [Mon, 14 Dec 2020 18:16:17 +0000 (13:16 -0500)]
Add support for start_realm cache config
When making TGS requests, if start_realm is set in the cache, use the
named realm to look up the initial TGT for referral or cross-realm
requests. (Also correct a comment in struct _tkt_creds_context: the
ccache field is an owner pointer, not an alias.)
Add an internal API k5_cc_store_primary_cred(), which sets start_realm
if the cred being stored is a TGT for a realm other than the client
realm. Use this API when acquiring initial tickets with a
caller-specified output ccache, when renewing or validating tickets
with kinit, when accepting a delegated credential in a GSS context,
and when storing a single cred with kvno --out-cache.
Greg Hudson [Sun, 8 Nov 2020 23:40:42 +0000 (18:40 -0500)]
Reduce warnings from mainline autoconf
In configure.ac and aclocal.m4, eliminate the use of old macros that
will generate warning from the forthcoming autoconf 2.70 release.
Specifically:
* Use AS_HELP_STRING instead of AC_HELP_STRING.
* Use AC_{COMPILE,LINK,RUN}_IFELSE and AC_LANG_{SOURCE,PROGRAM}
instead of AC_TRY_COMPILE and similar.
* Use m4_foreach_w instead of ac_foreach.
* Eliminate AC_PROG_LEX and yylineno checking, as we no longer use
lex.
* As recommended by autoconf, assume that signal handlers return void
as specified in C89.
* As recommmended by autoconf, assume <time.h> is present and that
<sys/time.h>, if present, can be included alongside it.
* Don't call AC_CHECK_FUNCS with a shell variable for the thread
safety checks. Instead just assume (as is currently the case) that
all of the functions have been previously checked.
Robbie Harwood [Tue, 23 Aug 2016 20:45:26 +0000 (16:45 -0400)]
Install shared libraries as executable
RPM expects this behavior, and systems with contrary policies (like
Debian) address permissions at the packaging layer. Most other build
systems appear to install shared libraries as executable.
Greg Hudson [Fri, 13 Nov 2020 20:32:31 +0000 (15:32 -0500)]
Add GSS credential store documentation
Add documentation for gss_acquire_cred_from() and
gss_store_cred_into(), including descriptions of the currently
supported options for the krb5 mechanism.
Simo Sorce [Tue, 6 Oct 2020 20:12:35 +0000 (16:12 -0400)]
Add verify option to cred store
The verify option instructs acquire_cred_from to verify a credential
obtained via a password, using the default keytab or the keytab
provided via the "keytab" key. The value is a principal name (in
string form) for a key in the selected keytab, or the empty string to
use any host key in the keytab.
Simo Sorce [Mon, 26 Oct 2020 18:47:19 +0000 (14:47 -0400)]
Fix gss_acquire_cred_from() IAKERB handling
Add a separate IAKERB entry point for gss_acquire_cred_from() and
correctly pass down the iakerb flag to acquire_cred_context(), so that
we don't attempt to acquire initial credentials directly.
[ghudson@mit.edu: rebased earlier in sequence; rewrote commit message]
Demi M. Obenour [Sun, 25 Oct 2020 15:05:23 +0000 (11:05 -0400)]
Be stricter about ASN.1 decoding
Remove support for BER indefinite-length encodings, which are not
valid in DER. Enforce validity of digits in GeneralizedTime values.
Reject signed integer encodings large enough to possibly overflow
intmax_t, and use regular arithmetic to avoid the undefined behavior
of left-shifting a negative integer. Reject trailing garbage in
explicitly-tagged single values. Remove the unnecessary
KRB5_GENEROUS_LR_TYPE workaround; our KDC doesn't generate last-req
information, so the broken pre-2000 encoding behavior had no impact.
Greg Hudson [Sat, 31 Oct 2020 21:07:05 +0000 (17:07 -0400)]
Add recursion limit for ASN.1 indefinite lengths
The libkrb5 ASN.1 decoder supports BER indefinite lengths. It
computes the tag length using recursion; the lack of a recursion limit
allows an attacker to overrun the stack and cause the process to
crash. Reported by Demi Obenour.
CVE-2020-28196:
In MIT krb5 releases 1.11 and later, an unauthenticated attacker can
cause a denial of service for any client or server to which it can
send an ASN.1-encoded Kerberos message of sufficient length.
Greg Hudson [Wed, 26 Aug 2020 20:49:37 +0000 (16:49 -0400)]
Allow KDC to canonicalize realm in TGS client
Active Directory canonicalizes the srealm field of TGS replies,
whether or not the client requests canonicalization. Allow this for
regular TGS and S4U2Self referrals queries by comparing only the name
part of the service principal. The S4U2Proxy code is already correct.
Greg Hudson [Mon, 5 Oct 2020 16:01:32 +0000 (12:01 -0400)]
Move more KDC checks to validate_tgs_request()
Move the following validity checks:
* the INVALID ticket flag check from kdc_process_tgs_req()
* the lineage check from process_tgs_req()
* the user-to-user second ticket client check from process_tgs_req()
* all S4U2Self validity checks from kdc_process_s4u2self_req()
* S4U2Proxy validity checks (but not KDB authorization checks) from
kdc_process_s4u2proxy_req()
In process_tgs_req(), call validate_tgs_request() after
kdc_process_s4u2self_req() and decrypt_2ndtkt() so that their outputs
can be used as validation inputs. Add stkt and is_crossrealm locals
for convenience, and remove st_idx.
There are some minor behavior changes:
* For invalid S4U2Self request options, the status string is changed
from "INVALID AS OPTIONS" to "INVALID S4U2SELF OPTIONS".
* For a header ticket with the INVALID flag, the reply code is changed
to KRB_AP_ERR_TKT_NYV (as specified in RFC 4120) and the status
string to "TICKET NOT VALID".
* For a lineage check failure, the explicit KDC log is removed, and
the status string is changed to "INVALID LINEAGE".
* For a user-to-user second ticket client mismatch, the explicit audit
call is removed, and the log message does not include the second
ticket client.
* e_data returned from the KDB check_policy_as() method will be
included in the error for S4U2Self requests.
Robbie Harwood [Thu, 15 Oct 2020 22:15:29 +0000 (18:15 -0400)]
Fix minor static analysis defects
Remove an unused variable in krb5_ldap_create(). Handle the return
value from krb5_dbe_get_string() in the certauth test plugin module.
Handle the return value from k5_expand_path_tokens() in
k5_rc_default(). Remove dead assignments in
krb5_get_credentials_for_user() and kg_accept_krb5().
[ghudson@mit.edu: squashed and edited commit message; simplified
k5_rc_default() change]
Greg Hudson [Fri, 16 Oct 2020 15:35:18 +0000 (11:35 -0400)]
Unregister thread key in SPNEGO finalization
Commit d160bc733a3dbeb6d84f4e175234ff18738d9f66 (ticket 7045) added a
new thread key K5_KEY_GSS_SPNEGO_STATUS and registered it in SPNEGO
library initialization, but neglected to unregister it in
finalization. As a result, loading, unloading, and reloading
libgssapi_krb5 could throw an assertion failure if libkrb5support
remained loaded. Unregister the key in SPNEGO finalization and add a
test case.
The following changes are made to the upstream code:
* In aes.h, #defines are added to give the linker-visible symbols a
prefix.
* In aes.h, AES_192 is undefined, since we only need AES-128 and
AES-256.
* In aesopt.h, USE_INTEL_AES_IF_PRESENT and USE_VIA_ACE_IF_PRESENT are
suppressed by changing the corresponding "#if 1"s to "#if 0"s.
* In aesopt.h, the conditionals for ENC_UNROLL, DEC_UNROLL, ENC_ROUND,
LAST_ENC_ROUND, DEC_ROUND, LAST_DEC_ROUND, and KEY_SCHED are changed
from "#if 1" to "#if !defined(CONFIG_SMALL) ||
defined(CONFIG_SMALL_NO_CRYPTO)".
projects / thirdparty / krb5.git / log
