Greg Hudson [Sat, 8 Jan 2022 03:41:30 +0000 (22:41 -0500)]
Replace AD-SIGNEDPATH with minimal PACs
Remove all of the AD-SIGNEDPATH code. Instead, issue a signed minimal
PAC in all tickets and require a valid PAC to be present in all
tickets presented for S4U operations. Remove the get_authdata_info()
and sign_authdata() DAL methods, and add an issue_pac() method to
allow the KDB to add or copy buffers to the PAC. Add a disable_pac
realm flag.
Microsoft revised the S4U2Proxy rules for forwardable tickets. All
S4U2Proxy operations require forwardable evidence tickets, but
S4U2Self should issue a forwardable ticket if the requesting service
has no ok-to-auth-as-delegate bit but also no constrained delegation
privileges for traditional S4U2Proxy. Implement these rules,
extending the check_allowed_to_delegate() DAL method so that the KDC
can ask if a principal has any delegation privileges.
Combine the KRB5_KDB_FLAG_ISSUE_PAC and
KRB5_FLAG_CLIENT_REFERRALS_ONLY flags into KRB5_KDB_FLAG_CLIENT.
Rename the KRB5_KDB_FLAG_CANONICALIZE flag to
KRB5_KDB_FLAG_REFERRAL_OK, and only pass it to get_principal() for
lookup operations that can use a realm referral.
For consistency with Active Directory, honor the no-auth-data-required
server principal flag for S4U2Proxy but not for S4U2Self. Previously
we did the reverse.
Isaac Boukris [Fri, 7 Jan 2022 18:46:24 +0000 (13:46 -0500)]
Add PAC ticket signature APIs
Microsoft added a third PAC signature over the ticket to prevent
servers from setting the forwardable flag on evidence tickets. Add
new APIs to generate and verify ticket signatures, as well as defines
for this and other new PAC buffer types. Deprecate the old signing
functions as they cannot generate ticket signatures. Modify several
error returns to better match the protocol errors generated by Active
Directory.
[ghudson@mit.edu: adjusted contracts for KDC requirements; simplified
and commented code changes; wrote commit message. rharwood@redhat.com
also did some work on this commit.]
Isaac Boukris [Sun, 26 Dec 2021 01:28:41 +0000 (03:28 +0200)]
Don't fail krb5_cc_select() for no default realm
If the target server principal is a host-based service without
multiple dotted components and no default realm is configured,
krb5_cc_select() can fail, and therefore gss_init_sec_context().
Continue without filling in the realm in this case.
[ghudson@mit.edu: edited commit message and comment; slightly adjusted
flow control]
Nikhil Benesch [Wed, 22 Dec 2021 23:58:17 +0000 (18:58 -0500)]
Remove unnecessary flag in macOS build
The configuration logic for adding the `-search_paths_first` linker
flag on Darwin does not correctly handle cross compilation. It should
check the value of $krb5_cv_host rather than `uname -s` to detect when
the compilation target is Darwin, rather than the build machine.
It turns out `-search_paths_first` has been the default behavior of ld
on macOS since XCode 4. So just remove that bit of logic entirely.
(The flag was added in commit acd27af0e845f8b93de2e226cc2ec9ac8af52077
in 2004; XCode 4 was released in 2010.)
Greg Hudson [Sat, 11 Dec 2021 06:25:34 +0000 (01:25 -0500)]
Use 14 instead of 9 for unkeyed SHA-1 checksum
Although MIT krb5 had been using the value 9 for unkeyed SHA-1 since
its 1.0 release in 1996, RFC 3961 instead assigned this value to
rsa-md5-des3 (likely never used), and assigned the values 10 and 14 to
SHA-1. Heimdal and Microsoft use the value 14. Unkeyed SHA-1 almost
never appears on the wire, but has been seen in PKINIT asChecksum
fields in replies from Windows KDCs (despite the field being specified
as a keyed checksum).
Define a new symbol CKSUMTYPE_SHA1 with the value 14, and use it where
we currently use CKSUMTYPE_NIST_SHA. Continue to allow the value 9
for ABI compatibility. Remove the pkinit_clnt.c workaround as the
value 14 will now work without adjustment.
Greg Hudson [Thu, 2 Dec 2021 00:35:32 +0000 (19:35 -0500)]
Fix PAC handling of authtimes after y2038
Remove the unnecessary handling of negative inputs in
k5_time_to_seconds_since_1970() and k5_seconds_since_1970_to_time(),
and cast the krb5_timestamp input to uint32_t to properly handle
values after y2038.
Commit 3b163eed1cf1f55dd4a7bc6d6fffc34f55695b00 mistakenly separated
the call to kdc_process_s4u2self_req() from its error check, causing
the KDC to ignore S4U2Self padata with bad checksums. Restore the
error check so that the KDC replies with an error as intended.
[ghudson@mit.edu: removed old error check later on in the code;
rewrote commit message]
Greg Hudson [Tue, 19 Oct 2021 14:42:34 +0000 (10:42 -0400)]
Use OpenSSL CMAC implementation with OpenSSL 3
Make krb5int_cmac_checksum() a crypto module interface. Move the
existing CMAC implementation from krb to builtin. Add an OpenSSL 3
implementation using EVP_MAC. Only implement Camellia CBC-MAC if
using the builtin CMAC implementation (it uses functions deprecated in
OpenSSL 3). Switch to using krb5int_camellia_encrypt() for
camellia-test.c since krb5int_camellia_cbc_mac() won't always be
available.
[ghudson@mit.edu: made the new SHA-1 and key decryption code work with
all suported OpenSSL versions with just one implementation; added
Diffie-Hellman changes]
In OpenSSL's terminology, id-pkinit-kdf is an instance of SSKDF,
AES-SHA2 and Camellia use KBKDF, and the KDF for DES3 and AES-SHA1 has
been named KRB5KDF. Support for these KDFs was added in OpenSSL 3; we
already supported the existing PBKDF2.
[ghudson@mit.edu: reorganize into builtin and openssl versions of the
file; detect hash and encryption provider identity using pointer
equality like we do in the OpenSSL PBKDF implementation; add helpers
for this translation; simplify and better refactor the PKINIT code;
fix some latent pkinit_kdf_test.c bugs]
Sumit Bose [Mon, 8 Nov 2021 16:48:50 +0000 (17:48 +0100)]
Support larger RADIUS attributes in libkrad
In kr_attrset_decode(), explicitly treat the length byte as unsigned.
Otherwise attributes longer than 125 characters will be rejected with
EBADMSG.
Add a 253-character-long NAS-Identifier attribute to the tests to make
sure that attributes with the maximal number of characters are working
as expected.
[ghudson@mit.edu: used uint8_t cast per current practices; edited
commit message]
Greg Hudson [Tue, 9 Nov 2021 18:00:43 +0000 (13:00 -0500)]
Avoid use after free during libkrad cleanup
libkrad client requests contain a list of references to remotes, with
no back-references or reference counts. To prevent accesses to
dangling references during cleanup, cancel all requests on all remotes
before freeing any remotes.
Remove the code for aging out unused servers. This code was fairly
safe as all requests referencing a remote should have completed or
timed out during an hour of disuse, but in the current design we have
no way to guarantee or check that. The set of addresses we send
RADIUS requests to will generally be small, so aging out servers is
unnecessary.
Greg Hudson [Fri, 5 Nov 2021 23:22:32 +0000 (19:22 -0400)]
Remove pkinit_kdf_constants.c
Commit 9a0575f84e988a23709429f7d4e626db833ab562 renamed this file to
pkinit_constants.c but neglected to remove it. Remove it now, and
also regenerate dependencies.
Greg Hudson [Thu, 28 Oct 2021 04:00:20 +0000 (00:00 -0400)]
Use EVP key agreement in PKINIT
In pkinit_crypto_openssl.c, use EVP_PKEY objects and interfaces to
perform DH operations to the extent possible in OpenSSL 1.0 and 1.1.
Define helper functions for DH operations to make it easier to
conditionalize on OpenSSL version.
Greg Hudson [Mon, 25 Oct 2021 05:51:59 +0000 (01:51 -0400)]
Use OpenSSL SubjectPublicKeyInfo parsing in PKINIT
Shift responsibility for encoding and decoding SubjectPublicKeyInfo
from libkrb5 to the PKINIT ASN.1 module. OpenSSL 1.0 does not support
DHX (RFC 3279 section 3), so for that version use custom ASN.1
marshalling of the parameters and compose that into
SubjectPublicKeyInfo marshalling using X509_PUBKEY.
Greg Hudson [Sat, 23 Oct 2021 20:40:23 +0000 (16:40 -0400)]
Use pre-encoded DH parameter constants in PKINIT
Rename pkinit_kdf_constants.c to pkinit_constants.c and add encodings
of the three well-known Oakley groups. Use them to greatly simplify
pkinit_create_td_dh_parameters() and eliminate make_oakley_dh().
Change the interface for decoding parameters to take a krb5_data
pointer for caller convenience.
Ken Hornstein [Thu, 30 Sep 2021 21:10:06 +0000 (17:10 -0400)]
Support KRB5_CERTAUTH_HWAUTH_PASS in certauth
If a certauth module returns KRB5_CERTAUTH_HWAUTH_PASS, the certauth
accumulator sets the hw-authent flag in the ticket (like it would for
KRB5_CERTAUTH_HWAUTH), but defers authorization to other modules (like
it would for KRB5_PLUGIN_NO_HANDLE).
[ghudson@mit.edu: simplify tests by removing the HWAUTH returns from
the test2 module and allowing it to pass by authenticating as nocert]
Greg Hudson [Fri, 8 Oct 2021 21:45:03 +0000 (17:45 -0400)]
Use builtin MD4, RC4 for OpenSSL 3.0
In OpenSSL 3.0, to use MD4 or RC4 one must load the "legacy" crypto
provider. To do this in libk5crypto, we would need to create and use
an OpenSSL library context to avoid interfering with other users of
the library. Tearing down this context at finalization time would be
further complicated by OpenSSL's use of atexit() for library
finalization, which causes its finalizer to be run earlier than
properly registered finalizers on Linux.
For simplicity, use the builtin implementations of MD4 and RC4 for
OpenSSL 3.0 and later. Also use the builtin DES key parity
implementation since OpenSSL 3.0 deprecates DES_set_odd_parity() with
no replacement.
Greg Hudson [Fri, 8 Oct 2021 21:44:15 +0000 (17:44 -0400)]
Make test PKINIT certs work with OpenSSL 3.0
Add shell functions to reduce repetition in make-certs.sh. Create
PKCS12 files with the -descert flag so that they can be read by
OpenSSL 3.0 without enabling the legacy provider.
Greg Hudson [Thu, 7 Oct 2021 14:45:26 +0000 (10:45 -0400)]
Allow selective overrides in crypto back-ends
In the build system, always descend into all crypto subdirectories and
build all library objects. Conditionalize each object (or
enc_provider/hash_provider entry) on a preprocessor symbol defined in
crypto_int.h.
Remove crypto_mod.h and the libk5crypto initialization and
finalization functions as they are not currently needed. Remove stub
directories in the openssl back-end as it is no longer required to
maintain the same directory structure as builtin.
Make CRYPTO_IMPL_CFLAGS work if it is set manually at configure time
(previously only CRYPTO_IMPL_LIBS worked).
Remove the fortuna and device PRNG modules and PRNG modularity, and
move the prng_os implementation into prng.c. Remove the crypto_mod.h
requirement to implement failure-free AES256 and SHA256. Deprecate
krb5_c_random_add_entropy() and krb5_c_random_os_entropy() and remove
their call sites. Deprecate and ignore the -W (weak random) option to
kadmind and kdb5_util create, and stop using it in the test suite.
Isaac Boukris [Tue, 10 Aug 2021 14:50:35 +0000 (17:50 +0300)]
Fix verification of RODC-issued PAC KDC signature
Per [MS-PAC] 2.8, PAC_SIGNATURE_DATA may contain an RODCIdentifier
following the checksum. In k5_pac_verify_kdc_checksum(), do not
assume that the checksum spans the remainder of the buffer; instead,
look up the checksum length by its type.
[ghudson@mit.edu: edited commit message and comment; reordered code
for clarity]
Select an output credential cache using similar logic to kinit. Do
not require the target cache to be initialized.
Try to use the per-thread cache set by gss_krb5_ccache_name() if no
output cache was specified via a cred store.
When the destination is a collection, honor the default_cred flag by
switching the primary cache to the selected output cache. When the
destination is not a collection, ignore the default_cred flag.
(Previously the default_cred flag was mandatory for gss_store_cred()
even though it is an advisory flag, and ignored for
gss_store_cred_into() even if no ccache was specified in the cred
store.)
Honor the overwrite_cred flag by refusing to replace an initialized
cache if it is not set. Stop using gss_acquire_cred() for this
purpose as it could go out and fetch credentials from a client keytab.
Perform atomic replacement of the target cache when possible, using
krb5_cc_move().
Add a test harness for calling gss_store_cred() or
gss_store_cred_into() and a suite of tests. Fix a broken trace log
message for krb5_cc_move() and update the expected trace logs for an
existing t_credstore.py test.
Pavel Březina [Wed, 8 Sep 2021 13:44:30 +0000 (15:44 +0200)]
Constify name field in four plugin vtables
For consistency with the other plugin vtables, declare the name field
as const char * in the audit, authdata, clpreauth, and kdcpreauth
pluggable interface headers.
Robbie Harwood [Wed, 15 Feb 2017 02:19:45 +0000 (21:19 -0500)]
Find gss_get_mic_iov extensions in GSS modules
Commit d750ef3130b76dd079e863ed395eb3620a37386b added
gss_get_mic_iov(), gss_verify_mic_iov(), and gss_get_mic_iov_length(),
but did not add them to the symbols looked up in external GSS modules
and interposer modules. Add them now.
Robbie Harwood [Wed, 15 Feb 2017 02:18:55 +0000 (21:18 -0500)]
Clarify and correct interposer plugin docs
Most importantly, note for gss_import_name() that the mechanism OID
encoding includes the ASN.1 tag prefix (per RFC 2743 section 3.2), and
add the length prefix for the mechanism token. For
gss_import_sec_context() and gss_import_cred(), note that the
concatenated OID must be used.
[ghudson@mit.edu: reverted part of gss_import_cred() change; reworded
gss_import_name() change; rewrote commit message]
Greg Hudson [Tue, 3 Aug 2021 03:15:12 +0000 (23:15 -0400)]
Add more dump.c bounds checks
Although dump files are privileged inputs, the code to read them
should not admit integer overflows. Add bounds checks for several
fields which are used as allocation lengths or are assigned to
structure fields of smaller size and different signedness. Reported
by Sharwan Ram and Kihong Keo.
Greg Hudson [Tue, 17 Aug 2021 15:26:59 +0000 (11:26 -0400)]
Perform atomic ccache refreshes when possible
Allow ccache types to implement atomic replacement via a new replace
method (replacing the unused "move" vtable slot). Make krb5_cc_move()
use this method when possible, falling back to non-atomic replacement.
Implement atomic replacement for FILE, DIR, MEMORY, and KCM (using a
new opcode, falling back when it is not implemented).
Use krb5_cc_move() in get_in_tkt.c when an output ccache is specified,
in kinit for ticket validation and renewal, and in kvno --out-cache.
Add a test program to exercise concurrent krb5_get_credentials() and
cache refresh.
This commit does not implement atomic replacement for KEYRING or for
gss_store_creds().
Greg Hudson [Wed, 18 Aug 2021 16:07:04 +0000 (12:07 -0400)]
Fix conformance issue in GSSAPI tests
Although some C compilers allow a function returning void to be called
in a return statement from another function returning void, it isn't
conformant and generates an error from (at least) the HP-UX native
compiler. Reported by Michael Osipov.
Greg Hudson [Tue, 3 Aug 2021 05:15:27 +0000 (01:15 -0400)]
Fix KDC null deref on TGS inner body null server
After the KDC decodes a FAST inner body, it does not check for a null
server. Prior to commit 39548a5b17bbda9eeb63625a201cfd19b9de1c5b this
would typically result in an error from krb5_unparse_name(), but with
the addition of get_local_tgt() it results in a null dereference. Add
a null check.
Reported by Joseph Sutton of Catalyst.
CVE-2021-37750:
In MIT krb5 releases 1.14 and later, an authenticated attacker can
cause a null dereference in the KDC by sending a FAST TGS request with
no server field.
Commit 1cd2821c19b2b95e39d5fc2f451a035585a40fa5 altered the memory
management of krb5_gss_inquire_cred(), introducing defcred to act as
an owner pointer when the function must acquire a default credential.
The commit neglected to update the code to release the default cred
along the successful path. The old code does not trigger because
cred_handle is now reassigned, so the default credential is leaked.
Unify the success and failure cleanup for this function so that
defcred is properly released on success.
Reorganize ec_verify() and ec_return() to use cleanup labels instead
of if-ladders. Also use unconditional calls to free functions and
change a few variable names.
Joseph Sutton [Tue, 6 Jul 2021 23:47:44 +0000 (11:47 +1200)]
Fix KDC null deref on bad encrypted challenge
The function ec_verify() in src/kdc/kdc_preauth_ec.c contains a check
to avoid further processing if the armor key is NULL. However, this
check is bypassed by a call to k5memdup0() which overwrites retval
with 0 if the allocation succeeds. If the armor key is NULL, a call
to krb5_c_fx_cf2_simple() will then dereference it, resulting in a
crash. Add a check before the k5memdup0() call to avoid overwriting
retval.
CVE-2021-36222:
In MIT krb5 releases 1.16 and later, an unauthenticated attacker can
cause a null dereference in the KDC by sending a request containing a
PA-ENCRYPTED-CHALLENGE padata element without using FAST.
[ghudson@mit.edu: trimmed patch; added test case; edited commit
message]
Robbie Harwood [Wed, 26 May 2021 22:22:10 +0000 (18:22 -0400)]
Clean up gssapi_krb5 ccache name functions
Modernize kg_get_ccache_name() and kg_get_ccache_name(). Drop
unnecessary use of const in kg_get_ccache_name() so that its return
value can be properly freed. Fixes some static analyzer false
positives.
Robbie Harwood [Sat, 29 May 2021 18:54:56 +0000 (14:54 -0400)]
Modernize pkinit_get_certs_pkcs11
Remove unusable PKINIT_USE_MECH_LIST code since there's no build
system support and it would leak mechp. Factor out the code to load a
cert from the card. Avoid mixing PKCS11 and krb5 error codes. Fix
leaks of cert and cert_id reported by Coverity.
Robbie Harwood [Sat, 29 May 2021 17:25:59 +0000 (13:25 -0400)]
Fix use-after-free during krad remote_shutdown()
Since elements of the queue can be removed on out-of-memory errors,
the correct call is K5_TAILQ_FOREACH_SAFE, not K5_TAILQ_FOREACH.
Reported by Coverity.
Greg Hudson [Sun, 20 Jun 2021 23:24:07 +0000 (19:24 -0400)]
Using locking in MEMORY krb5_cc_get_principal()
Without locking, the principal pointer could be freed out from under
krb5_copy_principal() by another thread calling krb5_cc_initialize()
or krb5_cc_destroy().
Greg Hudson [Wed, 23 Jun 2021 20:53:16 +0000 (16:53 -0400)]
Fix leaks on error in kadm5 init functions
In the GENERIC_CHECK_HANDLE function, separate out the
version-checking logic so we can call it in the init functions before
allocating resources.
In the client and server library initialization functions, use a
single exit path after argument validation, and share the destruction
code with kadm5_destroy() via a helper.
Robbie Harwood [Sat, 29 May 2021 16:05:49 +0000 (12:05 -0400)]
Fix k5tls module for OpenSSL 3
Starting in OpenSSL 3, connection termination without a close_notify
alert causes SSL_read() to return SSL_ERROR_SSL instead of
SSL_ERROR_SYSCALL. OpenSSL 3 also provides a new option
SSL_OP_IGNORE_UNEXPECTED_EOF which allows an application to explicitly
ignore possible truncation attacks and receive SSL_ERROR_ZERO_RETURN
instead.
Remove the call to SSL_CTX_get_options() since SSL_CTX_set_options()
doesn't clear existing options.
[ghudson@mit.edu: edited commit message and comment]
Robbie Harwood [Sat, 15 May 2021 21:35:25 +0000 (17:35 -0400)]
Fix softpkcs11 build issues with openssl 3.0
EVP_PKEY_get0_RSA() has been modified to have const return type. Remove
its usages in favor of the EVP_PKEY interface. Also remove calls to
RSA_blinding_off(), which we don't need and would require a non-const
object. Similarly, remove RSA_set_method() calls that set a pre-existing
default.
Since softpkcs11 doesn't link against krb5 and can't use zap(), allocate
buffers with OPENSSL_malloc() so can use OPENSSL_clear_free().
Move several argument validation checks to the top of their functions.
Greg Hudson [Mon, 7 Jun 2021 19:00:41 +0000 (15:00 -0400)]
Fix kadmin -k with fallback or referral realm
kadmin -k produces a client principal name with
krb5_sname_to_principal(), but it gets converted to a string and back
due to the signature of kadm5_init_with_skey(), which loses track of
the name type, so no canonicalization is performed.
In libkadm5clnt initialization, recognize the important subset of this
case--an empty realm indicates either fallback processing or the
referral realm--and restore the host-based name type so that the
client principal can be canonicalized against the keytab.
Greg Hudson [Mon, 7 Jun 2021 17:27:29 +0000 (13:27 -0400)]
Fix some principal realm canonicalization cases
The no_hostrealm and subst_defrealm flags in struct canonprinc were
only applied when dns_canonicalize_hostname=fallback; in the other
cases, the initial krb5_sname_to_principal() result is treated as
canonical. For no_hostrealm this limitation doesn't currently matter,
because all uses pass a principal with no realm as input. However,
subst_defrealm is used to convert the referral realm to the default
realm in krb5_get_init_creds_keytab(), krb5_cc_cache_match(), and
gss_acquire_cred() when it needs to check the desired name against a
specified ccache.
In k5_canonprinc(), if the input principal is a
krb5_sname_to_principal() result and fallback isn't in effect, apply
subst_defrealm. Document in os-proto.h that no_hostrealm doesn't
remove an existing realm and that krb5_sname_to_principal() may
already have looked one up.
Greg Hudson [Fri, 21 May 2021 02:59:47 +0000 (22:59 -0400)]
Remove dejagnu test suite
Of the remaining test scripts, kprop.exp has a corresponding Python
script, and standalone.exp is covered by t_general.py, t_dump.py,
t_keytab.py, and t_pkinit.py.
Greg Hudson [Wed, 26 May 2021 19:08:28 +0000 (15:08 -0400)]
Fix doc build for Sphinx 4.0
Use app.add_css_file() to register krb5.css if possible (it was added
in Sphinx 1.8), since the old name app.add_stylesheet() was removed in
Sphinx 4.0.
Use the highlight directive instead of the highlightlang directive,
which was removed in Sphinx 4.0.
Remove two duplicate table of contents entries to fix warnings.
In the Github Actions configuration, add a second doc build using the
newest version of Sphinx.
Greg Hudson [Thu, 20 May 2021 21:31:49 +0000 (17:31 -0400)]
Rewrite not-yet-covered dejagnu tests in Python
Remove the dejagnu scripts gssapi.exp, princexpire.exp, sample.exp,
simple.exp, and tcp.exp.
Add server output checking to t_gss_sample.py to match the checks in
gssapi.exp.
Add a test to t_general.py matching the #6428 regression test in
princexpire.exp.
Add new test scripts t_sample.py and t_simply.py for the appl/sample
and appl/simple applications, to match sample.exp and simple.exp.
Adjust the simple and sample servers to allow for startup detection
when stdout is a pipe. Both of these test servers exit after one
client execution; add a k5test function await_daemon_exit() to allow
the daemon exit status to be checked without sending a kill signal.
Change start_in_inetd() not to require the program name to be
specified twice. Adjust the existing t_user2user.py for the
aforementioned changes.
Add a TCP test to t_bigreply.py to match the oversized-TCP-request
test in tcp.exp. The existing t_bigreply.py test already covers a
successful TCP request.
Remove the dejagnu scripts kadmin.exp, pwchange.exp, and pwhist.exp.
Add a new Python test script t_kadmin.py for the miscellaneous kadmin
tests from kadmin.exp.
In t_changepw.py, use modprinc +needchange for one of the kinit
password change tests to gain the same coverage as pwchange.exp had,
and add the "password changes are usable by kinit" tests from
kadmin.exp.
In t_policy.py, add the ticket 929 regression tests from kadmin.exp
and the ticket 2841 regression tests from pwhist.exp.
Greg Hudson [Tue, 11 May 2021 18:04:07 +0000 (14:04 -0400)]
Fix KCM retrieval support for sssd
Commit 795ebba8c039be172ab93cd41105c73ffdba0fdb added a retrieval
handler using KCM_OP_RETRIEVE, falling back on the same error codes as
the previous KCM_OP_GET_CRED_LIST support. But sssd (as of 2.4)
returns KRB5_CC_NOSUPP instead of KRB5_CC_IO if it recognizes an
opcode but does not implement it. Add a helper function to recognize
all known unsupported-opcode error codes, and use it in kcm_retrieve()
and kcm_start_seq_get().
Fix three Windows-specific argument type errors, including a crash bug
in the default replay cache type. Change the compiler flags to treat
several argument type warnings as errors.
The replay cache bug was reported by Thomas Wagner.
Ken Hornstein [Wed, 17 Mar 2021 21:44:46 +0000 (17:44 -0400)]
Add additional KRB5_TRACE points
Add additional tracing points to the PKINIT plugin for use with the
KRB5_TRACE facility, replacing many (but not all) of the existing
pkiDebug() trace points.
Fix a memory leak of an errinfo structure when loading a PKCS11 module
fails.
Rename pkinit_pkcs11_code_to_text() to pkcs11err() for brevity, and
modify it for thread safety.
[ghudson@mit.edu: added certificate index to regexp match trace
points; renamed various identifiers; edited commit message]
Greg Hudson [Wed, 31 Mar 2021 19:00:21 +0000 (15:00 -0400)]
Simplify krb5_cccol_have_content()
For the purposes of determining whether Kerberos credentials are
present, just check for an initialized ccache (as detected by
krb5_cc_get_principal()), not one with credentials in it. For KCM and
KEYRING caches, this changes avoids the O(n) expense of starting an
iteration.
Also fix a potential memory leak if a cache is found after an error is
saved.
Greg Hudson [Sat, 27 Mar 2021 03:38:54 +0000 (23:38 -0400)]
Use KCM_OP_RETRIEVE in KCM client
In kcm_retrieve(), try KCM_OP_RETRIEVE. Fall back to iteration if the
server doesn't implement it, or if we can an answer incompatible with
KRB5_TC_SUPPORTED_KTYPES.
In kcmserver.py, implement partial decoding for creds and cred tags so
that we can do a basic principal name match.
Greg Hudson [Mon, 29 Mar 2021 18:32:56 +0000 (14:32 -0400)]
Fix KCM flag transmission for remove_cred
MIT krb5 uses low bits for KRB5_TC flags, while Heimdal uses high bits
so that the same flag word can also hold KRB5_GC flags. Add a mapping
function and send the Heimdal flag values when performing a
remove_cred operation.
Greg Hudson [Sat, 27 Mar 2021 04:52:05 +0000 (00:52 -0400)]
Fix gss-krb5 handling of high sequence numbers
Commits abcfdaff756631d73f49103f679cafa7bc45f14e and 41ddaaeb286e8bb1bba64fb557ba0e4cff9b404d incorrectly changed the
interpretation of authenticator sequence numbers in the range
2^31..2^32-1, mapping them to sign-extended 64-bit values. The major
Kerberos implementations do not generate sequence numbers this large,
so the changed went unnoticed. Prevent unwanted sign extension by
casting sequence numbers retrieved from auth contexts to uint32_t
before assigning them to uint64_t fields. Reported by Jake Scott.
Greg Hudson [Thu, 25 Mar 2021 16:00:54 +0000 (12:00 -0400)]
Avoid rand() in aes-gen test program
rand() can output different sequences on different platforms with the
same seed, and (since commit cb5f190056ef4d123c5fe5d4923982b830288438)
we want fixed output. Use specified inputs instead. Reported by Ken
Hornstein.
Greg Hudson [Thu, 11 Mar 2021 02:53:33 +0000 (21:53 -0500)]
Fix PKINIT memory leaks
pkinit_client_process() calls pkinit_client_profile() a second time,
leaking the values obtained the first time. Remove the call.
Commit 13ae08e70a05768d4f65978ce1a8d4e16fec0d35 introduced more
possibilities for process_option_identity() to return failure after it
filled in some fields. PKCS11 option parsing already prevents leaks
by freeing old values before setting new ones; do so in the other
option-parsing functions as well.
Pavel Březina [Thu, 11 Feb 2021 14:33:10 +0000 (15:33 +0100)]
Add KCM_OP_GET_CRED_LIST for faster iteration
For large caches, one IPC operation per credential dominates the cost
of iteration. Instead transfer the whole list of credentials to the
client in one IPC operation.
Add optional support for the new opcode to the test KCM server to
allow testing of the main and fallback code paths.
[ghudson@mit.edu: fixed memory leaks and potential memory errors;
adjusted code style and comments; rewrote commit message; added
kcmserver.py support and tests]
Ivan A. Melnikov [Tue, 16 Mar 2021 10:18:01 +0000 (14:18 +0400)]
Drop extra listen() call in gss-server
There is already call to listen in create_socket(), and there is no
need to tie the backlog to the number of threads. Also, here listen()
was sometimes called with zero backlog, making gss-server execution
(and tests) racy on slower and busy systems.
Robbie Harwood [Wed, 3 Mar 2021 22:16:32 +0000 (17:16 -0500)]
Fix doxygen warnings
Fix three cases of parameter name mismatch. Additionally, fix an
instance of illegal characters in the docs of krb5_address_order. '>'
and '<' are valid on their own, but '>' indicates a blockquote, so
move each stanza onto the @retval line.
Greg Hudson [Sat, 6 Mar 2021 07:20:28 +0000 (02:20 -0500)]
Fix verbatim tag handling in Doxygen bridge
Commit 281210909beef4683be3b63bc1ac1e75c2c9c7eb added handling for
verbatim tags in doxybuilder_types.py, but did not check for tail
text. This wasn't a problem in Doxygen 1.8 because its XML output
ended paragraph tags after verbatim tags, but that isn't the case in
Doxygen 1.9. Move the is_tail check earlier so we don't have to check
for each tag type.
Also avoid putting spaces at the beginnings and ends of lines when
joining the elements of the result list, to avoid confusing the RST
parser at the end of literal blocks.
Ken Hornstein [Thu, 25 Feb 2021 01:20:39 +0000 (20:20 -0500)]
Only require one valid pkinit anchor/pool value
When processing pkinit_anchor or pkinit_pool values, return
successfully if at least one value is successfully loaded (or if none
are configured).
pkinit_identity_prompt() was the backstop against trying anonymous
PKINIT without configured anchors. After this change it no longer is,
so add an explicit check for no anchors in pkinit_client_process().
[ghudson@mit.edu: added code to clear ignored errors; made minor style
edits; added no-anchors check]
Greg Hudson [Wed, 24 Feb 2021 17:54:08 +0000 (12:54 -0500)]
Fix enctype display in Leash
In KrbListTickets.cpp, change etype_string() to write its output to a
caller-supplied buffer, so that the session key enctype name and
ticket enctype name don't occupy the same static buffer. Reported by
Oliver Freyermuth.
Robbie Harwood [Fri, 15 Jan 2021 20:55:01 +0000 (15:55 -0500)]
Synchronize command-line option documentation
Command-line options are described in the following places:
- .rst file "SYNOPSIS" section
- .rst file "OPTIONS" section
- parameters to getopt()
- results of getopt() that are actually handled
- a usage() or xusage() function
- occasionally, a long form in usage()/xusage()
- occasionally, libss subcommand specifications
Over time, these have drifted. Make an effort to correct this drift,
marking deprecated options as such. For consistency, remove mention
of long arguments that have an equivalent short form.
projects / thirdparty / krb5.git / log
