Greg Hudson [Tue, 7 Feb 2017 18:12:24 +0000 (13:12 -0500)]
Avoid draft 9 fallback after PKINIT failure
If a KDC offers both RFC 4556 and draft 9 PKINIT, and we experience a
client-side failure trying RFC 4556 PKINIT (e.g. due to the user
entering the wrong PKCS #11 PIN), do not try to use draft 9 PKINIT.
Greg Hudson [Fri, 13 Jan 2017 17:16:04 +0000 (12:16 -0500)]
Track preauth failures instead of tries
In preauth2.c, instead of noting whenever we try a real preauth mech,
note when a mechanism fails on our side. Tracking only failures
eliminates the need to reset the list for multi-step preauth exchanges
or for processing padata in the AS-REP, but we will need the function
later for continuing after optimistic preauth failures.
Greg Hudson [Sat, 14 Jan 2017 01:45:48 +0000 (20:45 -0500)]
Simplify k5_preauth_tryagain()
When retrying pre-authentication for an error, try only the module for
the selected preauth type, not all preauth types in the original
method data. Pass the error and its padata to k5_preauth_tryagain()
explicitly, so that those fields of krb5_init_creds_context are only
referenced in get_in_tkt.c. Handle a degenerate case in
init_creds_step_reply() to simplify the code in
init_creds_step_request().
Greg Hudson [Fri, 13 Jan 2017 15:14:36 +0000 (10:14 -0500)]
Adjust processing of pa_type ccache config
Read the allowed preauth type from the input ccache in
restart_init_creds_loop(); there is no need to reread it each time we
produce a request. Move read_allowed_preauth_type() earlier in the
file to allow it to be called from restart_init_creds_loop() without a
prototype.
Clear the selected preauth type in restart_init_creds_loop(), not in
init_creds_step_request(). We want to make sure that it doesn't
survive a restart due to a realm referral or expiry, but we don't want
to forget about it when retrying after an error.
Greg Hudson [Mon, 30 Jan 2017 17:30:51 +0000 (12:30 -0500)]
Document multi-component PKINIT client certs
In pkinit.rst, note that the extensions.client file only works for
single-component client principals, and describe how to modify it for
multi-component principals.
Greg Hudson [Wed, 25 Jan 2017 18:07:42 +0000 (13:07 -0500)]
Document default realm and login authorization
Add documentation to host_config.rst describing what the default realm
does. Also add documentation discussing login authorization
configuration, and give an example showing how to give login access to
principals from a realm other than the default realm.
Greg Hudson [Mon, 9 Jan 2017 16:44:29 +0000 (11:44 -0500)]
Document and check init_creds context requirement
To ensure that the same clpreauth plugin modules and moddata pointers
are used for each step of an initial creds operation, the caller must
use the same library context for krb5_init_creds_init(),
krb5_init_creds_step(), and krb5_init_creds_free(). Document and
enforce this requirement.
Greg Hudson [Wed, 4 Jan 2017 23:31:15 +0000 (18:31 -0500)]
Add tests for per-request preauth data scoping
Add a test harness which interleaves calls for multiple initial creds
contexts using the same library context. Add a test case to
t_preauth.py using the new harness and the test preauth module to
verify that modreq pointers are correctly tracked.
Greg Hudson [Tue, 20 Dec 2016 21:06:24 +0000 (16:06 -0500)]
Properly scope per-request preauth data
It should be possible to successfully use multiple initial credentials
contexts with the same library context. Create a new internal type
krb5_preauth_req_context containing per-request preauth state,
including the clpreauth modreq handles and the list of preauth types
already tried. Remove this state from clpreauth_handle and
krb5_preauth_context.
Greg Hudson [Tue, 20 Dec 2016 20:25:29 +0000 (15:25 -0500)]
Make krb5_preauth_context a pointer type
For consistency with krb5_context and krb5_init_creds_context, make
krb5_preauth_context a pointer type. In preauth2.c, use the typedef
name rather than the structure tag except when defining the structure.
Add an optional method to kdb_vftabl to free e_data pointer in a
principal entry, in case it was populated by a module using a more
complex structure than a single memory region.
[ghudson@mit.edu: handled minor version bump; simplified code; rewrote
commit message]
Greg Hudson [Wed, 18 Jan 2017 16:40:49 +0000 (11:40 -0500)]
Explicitly copy KDB vtable fields
In preparation for bumping the kdb_vftabl minor version, use explicit
field assignments when copying the module vtable to the internal copy,
so that we can conditionalize assignments for minor versions greater
than 0.
Greg Hudson [Tue, 17 Jan 2017 16:24:41 +0000 (11:24 -0500)]
Add k5test expected_msg, expected_trace
In k5test.py, add the optional keyword argument "expected_msg" to
methods that run commands, to make it easier to look for substrings in
the command output. Add the optional keyword "expected_trace" to run
the command with KRB5_TRACE enabled and look for an ordered series of
substrings in the trace output.
Greg Hudson [Wed, 11 Jan 2017 15:49:30 +0000 (10:49 -0500)]
Add test case for PKINIT DH renegotiation
In t_pkinit.py, add a PKINIT test case where the KDC sends
KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED and the client retries with the
KDC's TD_DH_PARAMETERS value, using the clpreauth tryagain method.
Use the trace log to verify that the renegotiation actually takes
place.
Greg Hudson [Wed, 11 Jan 2017 14:46:46 +0000 (09:46 -0500)]
Clean up krb5_db2_free_policy()
Commit 03d34fcfa329fbc2f686a0b34e2731e37f483a34 (ticket 8414) removed
the prototype and all uses of krb5_db2_free_policy(), but neglected to
remove the function definition, resulting in a warning. Remove the
definition now.
Ken Raeburn [Sat, 7 Jan 2017 03:39:39 +0000 (22:39 -0500)]
Fix detection of supported warnings in clang
Without -Werror=unknown-warning-option, clang will warn for
unrecognized -W options like "-Werror=discarded-qualifiers" but won't
return a nonzero exit status, leading configure to think the options
are supported and thus include them during the build, leading to a
rather noisy log.
This option isn't needed during the build, though it won't hurt
anything either. It is desirable during the testing of other -W
options for cleaner results, but the existing code tests each option
independently, requiring different handling for this option than for
other -W options.
Greg Hudson [Mon, 2 Jan 2017 19:20:29 +0000 (14:20 -0500)]
Remove addevent flag in net-server.c
The addevent flag to make_event() was always set to true except when
setting up the routing socket. Since we no longer set up the routing
socket (ticket 8348), we can remove the flag.
Greg Hudson [Mon, 2 Jan 2017 19:10:12 +0000 (14:10 -0500)]
Remove struct socksetup from net-server.c
struct socksetup was required when we iterated over local addresses
using foreach_localaddr. Since we no longer do that (ticket 8348),
the functions which use it can simply accept the parameters they
require and return error codes.
Greg Hudson [Mon, 26 Dec 2016 20:18:05 +0000 (15:18 -0500)]
Use pktinfo for explicit UDP wildcard listeners
In net-server.c, use pktinfo on UDP server sockets if they are bound
to wildcard addresses, whether that is explicit or implicit in the
address specification.
Greg Hudson [Mon, 26 Dec 2016 20:09:24 +0000 (15:09 -0500)]
Fix KDC/kadmind startup on some IPv4-only systems
getaddrinfo(NULL, ...) may yield an IPv6 wildcard address on IPv4-only
systems, and creating a socket for that address may result in an
EAFNOSUPPORT error. Tolerate that error as long as we can bind at
least one socket for the address.
Greg Hudson [Wed, 4 Jan 2017 16:33:57 +0000 (11:33 -0500)]
Deindent crypto_retrieve_X509_sans()
Fix some long lines in crypto_retrieve_X509_sans() by returning early
if X509_get_ext_by_NID() returns a negative result. Also ensure that
return parameters are always initialized.
Matt Rogers [Mon, 5 Dec 2016 17:17:59 +0000 (12:17 -0500)]
Improve PKINIT UPN SAN matching
Add the match_client() kdcpreauth callback and use it in
verify_client_san(). match_client() preserves the direct UPN to
request principal comparison and adds a direct comparison to the
client principal, falling back to an alias DB search and comparison
against the client principal. Change crypto_retreive_X509_sans() to
parse UPN values as enterprise principals.
[ghudson@mit.edu: use match_client for both kinds of SANs]
Greg Hudson [Wed, 14 Dec 2016 16:31:48 +0000 (11:31 -0500)]
Clean up PKINIT decode_data functions
In pkinit_crypto_openssl.c, fold decrypt_data() into its caller
pkinit_decode_data_fs(), and simplify its error-handling logic.
Initialize output parameters in pkinit_decode_data_pkcs11() and
pkinit_decode_data().
Greg Hudson [Fri, 2 Dec 2016 16:10:52 +0000 (11:10 -0500)]
Improve cleanup in krb5_rc_io_fetch()
In the error cleanup for krb5_rc_io_fetch(), null out rep->msghash
after freeing it, like we do with rep->client and rep->server. This
omission is currently harmless because krb5_rc_io_fetch() never sets
rep->msghash before failing, but it could result in a double-free or
use after free if the code changes.
Tomas Kuthan [Fri, 2 Dec 2016 14:22:54 +0000 (15:22 +0100)]
Add krbPwdPolicy attributes to kerberos.ldif
When LDAP backend support for policy extensions was added by 5edafa0532 (ticket 7223), the kerberos.ldif change neglected to add
the new attributes to krbPwdPolicy.
Greg Hudson [Sun, 27 Nov 2016 23:37:12 +0000 (18:37 -0500)]
Allow slapd path configuration in t_kdb.py
The upstream OpenLDAP installs slapd in libexec, which is not
typically in the path. Also, copying the binary can sometimes cause
it to fail; for instance, in the OpenCSW package,
/opt/csw/libexec/slapd is a script which chooses a binary based on the
system architecture and the path to the script. Allow the test runner
to set the SLAPD environment variable to specify the slapd location
and avoid the copy.
Greg Hudson [Tue, 22 Nov 2016 07:17:38 +0000 (02:17 -0500)]
Simplify LDAP module by relying on OpenLDAP 2.1
Solaris 11 provides an OpenLDAP library (which we don't auto-detect,
but should) in addition to the old Mozilla LDAP library; this will
become the default LDAP library in the next release. As there is no
longer a need to build against the Mozilla LDAP library, and as we
have unwittingly relied on some OpenLDAP-specific features since 1.13,
remove the compatibility code for the Mozilla LDAP library and just
require OpenLDAP 2.1 (which added ldap_str2dn).
Greg Hudson [Mon, 31 Oct 2016 15:48:54 +0000 (11:48 -0400)]
Make zap() more reliable
The gcc assembly version of zap() could still be optimized out under
gcc 5.1 or later, and the krb5int_zap() function could be optimized
out with link-time optimization. Based on work by Zhaomo Yang and
Brian Johannesmeyer, use the C11 memset_s() when available, then fall
back to a memory barrier with gcc or clang, and finally fall back to
using krb5int_zap(). Modify krb5int_zap() to use a volatile pointer
in case link-time optimization is used.
Greg Hudson [Fri, 28 Oct 2016 14:26:04 +0000 (10:26 -0400)]
Add doxygen comments for RFC 8009, RFC 4757
The aes-sha2 specification has been published as RFC 8009. Add
Doxygen comments to the #defines for its enctype and checksum type
comments. Also add comments for the RC4 enctype and checksum type
constants referring to RFC 4757.
Greg Hudson [Fri, 7 Oct 2016 15:23:02 +0000 (11:23 -0400)]
Clarify krb5_kt_resolve() API documentation
Explicitly say to use krb5_kt_close() like we do for most other
allocating API calls. Note the default type. Instead of saying "The
key table is not opened," say that the keytab file for FILE keytabs is
not opened by this call.
Greg Hudson [Thu, 6 Oct 2016 15:28:33 +0000 (11:28 -0400)]
Suggest unlocked iteration for mkey rollover
In database.rst when discussing the procedure for master key rollover,
suggest using unlocked iteration for large databases. Also make it
clear that unavailability due to locking during iteration is specific
to DB2.
Greg Hudson [Wed, 5 Oct 2016 14:51:52 +0000 (10:51 -0400)]
Fix "make depend" when cmocka.h not present
Add an intermediary header file k5-cmocka.h, which only includes
cmocka.h if we detected an appropriate version of cmocka at configure
time. This allows "make depend" to successfully run over cmocka test
programs when cmocka.h isn't present on the build platform.
For convenience, k5-cmocka.h also includes stdarg.h, stddef.h, and
setjmp.h, which are required to include cmocka.h.
Greg Hudson [Tue, 4 Oct 2016 16:36:30 +0000 (12:36 -0400)]
Error on discarded qualifiers in gcc
If a function call passes a const pointer to a function accepting the
same pointer type without the const qualifier, that should be treated
as an erorr if possible. In sufficiently recent gcc, pass
-Werror=discarded-qualifiers. (In clang, this is already covered by
-Werror=incompatible-pointer-types which we recently added.)
Greg Hudson [Tue, 4 Oct 2016 15:35:29 +0000 (11:35 -0400)]
Improve builtin PBKDF2 code hygiene
In F() in the builtin implementation of PBKDF2, use make_data() to
fully initialize sdata and out; otherwise we (harmlessly) copy an
uninitialized magic field in hmac(). Also simplify out the local
variable tlen.
Tom Yu [Tue, 4 Oct 2016 22:14:51 +0000 (18:14 -0400)]
Set alg param correctly for PKCS1
When using a smart card and constructing a DigestInfo to pass to the
CKM_RSA_PKCS mechanism, make sure to set the AlgorithmIdentifier
parameters correctly. This is typically an ASN.1 NULL value.
Greg Hudson [Tue, 8 Dec 2015 04:32:18 +0000 (23:32 -0500)]
Add aes-sha2 test cases
Add test cases for all of the test vectors in the aes-sha2 draft. In
t_cksums.c and t_decrypt.c, modify the test structure to allow for
binary plaintexts. In t_str2key.c, modify the test structure to allow
for binary salts. In t_derive.c, allow tests to have outputs which
don't match the key size, using krb5int_derive_random() instead of
krb5int_derive_key().
Add test cases for KRB-FX-CF2 and for gss_pseudo_random() using test
vectors generated ourselves.
Add k5test and dejagnu test passes for aes-sha2 enctypes.
Greg Hudson [Tue, 8 Dec 2015 03:16:24 +0000 (22:16 -0500)]
Rewrite t_prf crypto test program
Rewrite the pseudo-random test program to use hardcoded test cases
instead of input and expected output files. The test cases are the
same, using hardcoded keys instead of running string-to-key over
"key1" or "key2".
Greg Hudson [Sun, 6 Dec 2015 00:36:57 +0000 (19:36 -0500)]
Add aes-sha2 enctype support
Add support to libk5crypto for the aes128-cts-hmac-sha256-128 and
aes256-cts-hmac-sha384-192 encryption types, and the
hmac-sha256-128-aes128 and hmac-sha384-192-aes256 checksum types.
Key derivation for the new encryption types uses a hash, so we need to
add a hash parameter to the krb5int_derive_ functions, which can be
null except when DERIVE_SP800_108_HMAC is given. Rename the helper
function derive_random_sp800_108_cmac() to
derive_random_sp800_108_feedback_cmac() to make it clear that feedback
mode is used, since the new enctype uses counter mode.
Greg Hudson [Mon, 7 Dec 2015 16:16:06 +0000 (11:16 -0500)]
Enable PBKDF2 with SHA-256 and SHA-384
Rename krb5int_pbkdf2_hmac_sha1() to krb5int_pbkdf2_hmac() and add a
hash parameter. In the OpenSSL implementation, look up the
corresponding PBKDF2 parameter based on the hash pointer. In
pbkdf2_string_to_key(), pass the hash function for the key type if one
is present, and use SHA-1 if it does not (as for the Camellia
enctypes).
In the builtin implementation, use the hash provider instead of
assuming SHA-1. Remove the functional parameterization of the PRF and
turn it into an hmac() helper function. Use krb5int_hmac_keyblock()
to remove the need for a krb5_key object containing the password.
Rename the internal function from krb5int_pbkdf2() to pbkdf2().
Greg Hudson [Sun, 6 Dec 2015 00:36:41 +0000 (19:36 -0500)]
Add libk5crypto SHA-256 and SHA-384 hash providers
Add SHA-256 and SHA-384 hash providers to each of the libk5crypto back
ends, in preparation for AES-SHA2 support. For the builtin back end,
adapt SHA-512 code from Heimdal (SHA-384 is just truncated SHA-512
with different initial values). Replace builtin/sha2/t_sha256.c with
a program under crypto_tests which tests SHA-256 and SHA-384 in all
back ends.
Greg Hudson [Sat, 5 Dec 2015 22:20:26 +0000 (17:20 -0500)]
Consolidate libk5crypto OpenSSL hash providers
In the libk5crypto OpenSSL back end, combine all of the hash providers
which use the OpenSSL EVP interface into a single file to reduce code
duplication.
In the previous code, when the remote peer performed an orderly shutdown
on the socket, libkrad would enter a state in which all future requests
timed out. Instead, if the peer shuts down its socket, we need to
attempt to reopen it.
Ben Kaduk [Mon, 26 Jan 2015 16:15:42 +0000 (11:15 -0500)]
Improve keytab documentation
In the k5srvutil man page, do not give the impression that arbitrary
new keys can be added to the keytab (requested by Dan Gillmor), since
only the new keys randomly generated by the KDC via 'k5srvutil change'
can be added to the keytab. Reiterate the importance of running
k5srvutil delold after running k5srvutil change in the description of
k5srvutil change, as well as in the description of k5srvutil delold
itself.
In install_kdc.rst, mention using a separate keytab file when
generating a keytab on a KDC for use on another host.
[ghudson@mit.edu: squashed two commits, condensed commit message]
Ben Kaduk [Wed, 11 Jun 2014 20:38:57 +0000 (16:38 -0400)]
Document krb5_kt_next_entry() requirement
Successful calls to krb5_kt_next_entry() return a krb5_keytab_entry
that the caller is responsible for freeing. Note this, and the
proper function to do so, in the doxygen comments.
In prepare_error_as(), if krb5_us_timeofday() fails and error pa-data
was supplied, the FAST cookie and a shallow copy of the error padata
can be leaked. Reported by Will Fiveash.
Greg Hudson [Tue, 3 May 2016 17:22:46 +0000 (13:22 -0400)]
Add PKINIT support for OpenSSL 1.1.0
OpenSSL 1.1 makes the DH, EVP_MD_CTX, X509, and X509_STORE_CTX types
opaque, removes asn1_mac.h, removes the M_ASN1_* macros, and removes
CRYPTO_malloc_init(). Change the PKINIT code to work with OpenSSL 1.1
while retaining compatibility with OpenSSL 1.0. The new code uses
X509_STORE_set_verify_cb(), which is not present in OpenSSL 0.9, so
require OpenSSL 1.0 for PKINIT support.
Greg Hudson [Fri, 17 Jun 2016 16:00:21 +0000 (12:00 -0400)]
Add libk5crypto support for OpenSSL 1.1.0
OpenSSL 1.1.0 makes the EVP_MD_CTX, EVP_CIPH_CTX, and EVP_HMAC_CTX
types opaque. Change the libk5crypto OpenSSL code to work with
OpenSSL 1.1 while retaining compatibility with previous versions.
Add the prng_os.c module, using the name previously occupied by what
is now prng_device.c. Unlike prng_device.c, this PRNG module
maintains no file descriptor and just uses k5_os_random(), which is
most efficient on platforms which have a getrandom() system call.
Sarah Day [Fri, 19 Aug 2016 17:47:22 +0000 (13:47 -0400)]
Fix KDC lookaside cache entry count tracking
The KDC lookaside cache was incrementing num_entries when an entry was
added, but it did not decrement num_entries when an entry was removed.
Decrement num_entries in discard_entry(). Also fix some function
comments to correctly explain what the function is doing, and refactor
kdc_insert_lookaside by moving the code that inserts an entry into a
new static function called insert_entry().
Tom Yu [Tue, 20 Sep 2016 19:58:50 +0000 (15:58 -0400)]
Silence warnings in lib/rpc
Cast through (void *) in xdr.c to silence pointer target width
warnings. In xdr_sizeof.c, use x_private and x_base as proper
pointers as in xdr_mem.c instead of trying to store an integer in a
pointer.
projects / thirdparty / krb5.git / log
