Remove t_replay.c, which wasn't used or built by default and no longer
works with the simplified replay cache interface. Add t_rcfile2.c to
the sources and rebuild dependencies.
In the unlikely case of an all-zero tag, rc_file2.c:store() could
mistake an empty record for a replay. Check that records from the
file are non-empty (by checking that the timestamp is non-zero) before
comparing them to the tag.
Rewriting the qualname Perl script to use getaddrinfo created an
unchecked dependency on Perl 5.14. Instead, remove the script and use
the C program in tests/resolve for the kadmin and gssrpc test suites.
Commit e23d24beacb73581bbf4351250f3955e6fd44361 missed some Python
scripts, in part because of the "PYTHON = python" line in
src/Makefile.in from commit 7be2ef2b6c8c491781251a5023db48d7690f5fa8.
Remove that line and convert the remaining scripts. Also fix the
check-pytests-no warning to mention Python 3 instead of Python 2.5.
Nothing in the code removes objects from soft_token.object.obs, so
simplify add_st_object() not to search for an empty slot. Avoid using
random() by using a counter for session handles and just the array
slot number for object handles. Add a helper get_rcfilename() to
facilitate checking the result of asprintf(). Properly initialize ap
in sprintf_fill(). Close the file handle in read_conf_file().
In the utilities used by the dejagnu test suites, use
getaddrinfo()/getnameinfo() instead of
gethostbyname()/gethostbyaddr(), as the results can vary when the
local hostname appears in multiple lines in /etc/hosts.
In t_ccselect.py, don't cause an error if the canonicalized local
hostname is "localhost". The tests will continue to run in this case,
as long as we don't try to create duplicate principals.
In sim_server.c, bind to the wildcard address instead of the resolved
local hostname, to resolve a mysterious problem observed in Travis
where the second of three sim_client send() operations fails with
ECONNREFUSED.
Michael Mattioli [Sun, 14 Jul 2019 21:35:17 +0000 (17:35 -0400)]
Correct documentation of final profiles
The documentation for krb5.conf explaining final values is incorrect.
Only sections and subsections may usefully be marked as final, and
final designations only apply to later files, not to the same file.
[ghudson@mit.edu: corrected and shortened documentation; rewrote
commit message]
krb5_ktfile_get_entry() used krb5_c_enctype_compare() to compare
enctypes, in order to share keys between single-DES enctypes. As
key-sharing between enctypes is no longer done and single-DES support
has been removed, use a simple equality test to match the enctype.
This fixes a bug where krb5_kt_get_entry() would error out if the
keytab contained any entries with invalid enctypes (include single-DES
entries, after commit fb2dada5eb89c4cd4e39dedd6dbb7dbd5e94f8b8) even
if a matching entry is found.
Greg Hudson [Fri, 7 Jun 2019 16:51:36 +0000 (12:51 -0400)]
Update edwards25519 code from BoringSSL
Bring the SPAKE edwards25519.c code up to date with BoringSSL, adding
edwards25519_fiat.h to contain the Fiat-generated code which BoringSSL
has split out. The relevant BoringSSL commits are:
The updated code avoids undefined signed left-shift behavior (not a
problem in practice, so far) and compiles to faster code with gcc on
platforms where the 64-bit code cannot be used.
Robbie Harwood [Fri, 28 Jun 2019 17:09:47 +0000 (13:09 -0400)]
Remove now-unused checksum functions
fb2dada5eb89c4cd4e39dedd6dbb7dbd5e94f8b8 removed all call sites of
krb5int_cbc_checksum(), krb5int_confounder_verify(), and
krb5int_confounder_checksum(), but neglected the functions themselves.
Greg Hudson [Tue, 18 Jun 2019 17:06:44 +0000 (13:06 -0400)]
Remove PKINIT draft 9 support
PKINIT draft 9 support is required to interoperate with Windows 2000,
Windows XP, and Windows Server 2003, all of which are well beyond
end-of-life. Remove it.
Greg Hudson [Thu, 20 Jun 2019 14:45:18 +0000 (10:45 -0400)]
Add soft-pkcs11 source code
soft-pkcs11 is no longer available upstream and is not generally
packaged in distributions, making it inconvenient to use for tests.
Import the 1.8 source code, detabified and with trailing whitespace
removed but otherwise unmodified.
Greg Hudson [Thu, 20 Jun 2019 02:31:57 +0000 (22:31 -0400)]
Improve Travis test coverage and simplify config
Specify the xenial (16.04) image, as Travis still sometimes uses 14.04
by default. Use cmocka from the package repository instead of
building it. Remove python3-paste as paste is no longer a test
dependency, but add python3-kdcproxy. Install pyrad via pip3 as the
Ubuntu-packaged version still has the assertion bug.
Greg Hudson [Wed, 19 Jun 2019 04:57:30 +0000 (00:57 -0400)]
Convert OTP and kdcproxy tests to Python 3
Commit e23d24beacb73581bbf4351250f3955e6fd44361 did not convert
t_otp.py or paste-kdcproxy.py. Convert t_otp.py to Python3. Rewrite
paste-kdcproxy.py using wsgiref from the standard Python library to
avoid the Paste dependency.
Greg Hudson [Tue, 11 Jun 2019 15:26:04 +0000 (11:26 -0400)]
Use krb5_flags_to_strings() in kproplog
Remove the local flags table in kproplog.c and instead use
krb5_flags_to_strings(), as was done for kadmin.c in commit 971fae8285427b27dfd8c9a535a18eb588ee0689.
Isaac Boukris [Mon, 10 Jun 2019 12:33:06 +0000 (15:33 +0300)]
Verify PAC client name independently of name-type
In krb5_pac_verify(), unparse the provided principal name and compare
using strcmp(), instead of parsing pac principal, in order to avoid
relying on the provided name type.
This change is needed for tickets issued with cross-realm S4U2Proxy
(with resource-based constrained delegation), because the final
request uses a cross-TGT as the evidence ticket, so the ticket client
name is taken from the PAC and does not preserve the name type.
Microsoft KDCs use NT-MS-PRINCIPAL as the ticket client name type in
this case, regardless of the original name type.
[ghudson@mit.edu: rewrote commit message; made minor style edits]
Greg Hudson [Mon, 3 Jun 2019 20:12:03 +0000 (16:12 -0400)]
Add new internal pa-data helpers
Add a new file with five new internal libkrb5 functions to help manage
pa-data lists. Move krb5int_find_pa_data() from fast.c into the new
file and simplify it slightly.
Greg Hudson [Thu, 6 Jun 2019 15:35:36 +0000 (11:35 -0400)]
Improve logging documentation
The default severity was removed by commit 6ce8fd4cfa2e9b1e92debd204a5b2ddf053cca55 (ticket 8630) but the example
still talks about it; remove that text. Add a note about the default
being syslog if nothing else is specified, and a note on how to
disable logging.
Greg Hudson [Thu, 6 Jun 2019 15:46:58 +0000 (11:46 -0400)]
Remove strerror() calls from k5_get_error()
Coverity models strerror() as a function which cannot accept negative
values, even though it has defined behavior on all integers.
k5_get_error() contains code to call strerror_r() and strerror() if
its fptr global is unset, which isn't an expected case in practice.
To silence a large number of Coverity false positives, just return a
fixed string if fptr is null.
Greg Hudson [Sat, 1 Jun 2019 19:08:24 +0000 (15:08 -0400)]
Make rcache file2 code slightly more robust
In rc_file2.c:store(), when making note of available records,
explicitly check for an empty record (r1stamp or t2stamp is 0), to
more closely match the check for terminating the search. This
silences a Coverity false positive, as Coverity does not assume that
now > skew as it would be in practice.
To preserve code readability, shorten some variable names, add an
expired() inline helper function, and add comments.
Michael Mattioli [Sun, 26 May 2019 15:50:21 +0000 (11:50 -0400)]
Update HTTP links
Move http links to https where appropriate. Update links which have
moved. Remove a couple of links which no longer work and have no
obvious replacement. Remove a link from a comment in the German
translation which does not appear to be related to the message.
Greg Hudson [Sat, 1 Jun 2019 17:37:14 +0000 (13:37 -0400)]
Simplify and modernize replay cache interface
Remove all of the replay cache methods except for resolve, close, and
store. Rename the dispatch functions to use a k5_ prefix to indicate
that they are not part of the libkrb5 API. Remove the unused code for
registering replay cache types at runtime.
Remove the krb5_donot_replay structure, as the only concrete replay
cache type just needs the authenticator checksum. Identify the
checksum part of the authenticator ciphertext at the dispatch layer.
Handle container allocation at the dispatch layer so that each replay
cache type only needs to work with its data pointer. Remember the
full name at the dispatch layer to implement a get_name operation.
Consolidate what remains of rcfns.c and rc_conv.c into rc_base.c.
Use k5_rc_default() in preference to krb5_get_server_rcache() since
they now do the same thing. Remove the sim_client code to create a
replay cache, as the per-message functions use a memory reply cache
now.
Greg Hudson [Fri, 17 May 2019 17:45:08 +0000 (13:45 -0400)]
Add KRB5RCACHENAME and default_rcache_name
In krb5_get_server_rcache(), stop constructing a residual value based
on piece and the euid, and instead resolve default replay cache
(previously an unused operation, as krb5_rc_default() was not part of
the API and was never used).
To determine the default replay cache name, try the KRB5RCACHENAME
environment variable first, and then try KRB5RCACHETYPE for
compatibility. If neither of those environment variables are set, try
the default_rcache_name profile relation in [libdefaults] before
falling back to "dfl:".
Greg Hudson [Wed, 15 May 2019 05:01:34 +0000 (01:01 -0400)]
Use file2 replay cache by default
Remove the existing default replay cache implementation and replace it
with a wrapper around the file2 replay cache code. Change the
filename to krb5_EUID.rcache2, ignoring the residual (and therefore
the server principal name). On Windows, use the local appdata
directory if KRB5RCACHEDIR is not set in the environment.
Greg Hudson [Tue, 19 Feb 2019 06:30:41 +0000 (01:30 -0500)]
Add tag to krb5_donot_replay
For each use of replay caches, supply a tag based on a ciphertext or
checksum associated with the use. Stop creating or checking replay
records for unencrypted KRB-CRED messages.
When neither the send-encrypted-sad nor the use-sad-as-key flag is set
in the SAM-2 challenge, the protocol calls for the AS key to be
combined with the string-to-key of the SAD using a key combination
method which has only been implemented for DES and 3DES enctypes.
Rather than extending key combination, remove support for this case.
Greg Hudson [Wed, 22 May 2019 17:05:15 +0000 (13:05 -0400)]
Simplify kdb5_util global argv processing
kdb5_util could issue an unexplained error if a command argument
matched a command name, such as when trying to load a dump file named
"dump". It could also mysteriously work if the command name and its
arguments were misordered, such as "kdb5_util kdb.dump load".
In the main option loop, build cmd_argv without special-casing command
names; then look up cmd_argv[0] after the loop.
Greg Hudson [Tue, 28 May 2019 16:16:41 +0000 (12:16 -0400)]
Stop double-caching referral tickets
Caching referral tickets under two names can generate duplicate cache
entries, and is speculative--if credentials are requested with the
referral realm, there is no good reason to expect a subsequent request
with the canonical realm. Only cache under the referral realm.
Greg Hudson [Tue, 28 May 2019 16:02:00 +0000 (12:02 -0400)]
In klist, display ticket server if different
If the ticket server differs from the credential server, display it as
an extra field. This happens most commonly when the credential is
cached under the referral realm.
Greg Hudson [Tue, 21 May 2019 17:34:39 +0000 (13:34 -0400)]
Display unsupported enctype names
Add a table of unsupported enctype numbers to enctype_util.c and
consult it in krb5_enctype_to_name(). Treat unsupported enctype
numbers as deprecated in krb5int_c_deprecated_enctype(). In kadmin,
display "UNSUPPORTED:" before invalid enctype names.
Robbie Harwood [Fri, 24 May 2019 17:12:03 +0000 (13:12 -0400)]
Remove support for single-DES and CRC
Single-DES removal brings us closer to compliance with RFC 6649.
Single-DES was disabled by default starting in release 1.8, and
user-visible deprecation warnings were issued starting in release
1.17.
Robbie Harwood [Fri, 24 May 2019 17:11:44 +0000 (13:11 -0400)]
Remove the v4 and afs3 salt types
In preparation for removing single-DES support, remove the v4 and afs3
salt types. The afs3 salt type could only be used with single-DES
keys, and the v4 salt type was only useful for single-DES keys from
krb4 databases.
Greg Hudson [Tue, 28 May 2019 14:55:56 +0000 (10:55 -0400)]
Fix Python fallback in configure.ac
Commit 2bd410ecdb366083fe9b4e5f6ac4b741b624230b (ticket 8709)
contained a typo "text" for "test", preventing the Python path check
from falling back from python2 to python. This is now a fallback from
python3 to python, but the typo remains. Fix it now.
Remove rcsid.sty and the uses of the \rcsId macro as git does not
perform the keyword expansion necessary to make it work. Add comments
indicating the historic status of the kadm5 documentation.
[ghudson@mit.edu: fix the tex files instead of marking them as
non-building]
Robbie Harwood [Thu, 2 May 2019 20:57:51 +0000 (16:57 -0400)]
Remove dead variable def_kslist from two files
def_kslist was part of kdb5_create.c since its addition (commit edf8b4d8a6a665c2aa150993cd813ea6c5cf12e1) and has always been
irrelevant since the rblock structure is fully initialized in
kdb5_create().
Robbie Harwood [Mon, 13 May 2019 18:19:57 +0000 (14:19 -0400)]
Remove checksum type profile variables
Remove support for the krb5.conf relations ap_req_checksum_type,
kdc_req_checksum_type, and safe_checksum_type. These values were
useful for interoperating with very old KDCs, which should no longer
be deployed.
Additionally, kdc_req_checksum_type was incorrectly documented as only
applying to single-DES keys; in practice it also worked for RC4. The
other two were not clearly documented, but safe_checksum_type did
allow use of hmac-md5-rc4 for any enctype, and ap_req_checksum_type
did not impose any limitations.
Robbie Harwood [Mon, 6 May 2019 17:13:16 +0000 (13:13 -0400)]
Improve error messages from kadmin change_password
The checks for missing option arguments were dead code, because the
loop condition requires at least two remaining arguments. Instead
check for at least one argument with a leading "-", and check for too
many or too few arguments after the loop. Add an initial message for
unrecognized options.
[ghudson@mit.edu: adjusted logic to improve mesages in more cases]
Robbie Harwood [Mon, 6 May 2019 19:14:49 +0000 (15:14 -0400)]
Avoid alignment warnings in openssl rc4.c
Add a comment to k5_arcfour_init_state() explaining how we stretch the
krb5_data cipher state contract. Use void * casts when interpreting
the data pointer to avoid alignment warnings.
[ghudson@mit.edu: moved and expanded comment; rewrote commit message]
Greg Hudson [Sun, 5 May 2019 22:53:27 +0000 (18:53 -0400)]
Simplify SAM-2 as_key handling
The ctx->gak_fct() call in sam2_process() used an empty salt instead
of the default salt when the KDC did not supply an explicit salt.
This bug arose when commit bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41
changed the internal contracts around salts but did not adjust the
SAM-2 code. Commit e9aa891fcdb4c08d39902ab89afb268042b60c86 fixed the
resulting bug, but mistakenly did not adjust the gak_fct call to use
the correct salt.
Later on, the code contains a redundant call to krb5_c_string_to_key()
in the non-USE_SAD_AS_KEY modes, replacing ctx->as_key. This call was
properly adjusted by commit e9aa891fcdb4c08d39902ab89afb268042b60c86,
so the improper gak_fct call did not manifest as a bug.
Fix the gak_fct call to supply the correct salt, and remove the
redundant string_to_key operation.
Greg Hudson [Sun, 5 May 2019 23:32:21 +0000 (19:32 -0400)]
Remove outdated text in krb5kdc/kadmind man pages
Some init systems, such as systemd, can run daemon processes in the
foreground, so admonishments to let krb5kdc and kadmind background
themselves in normal operation can be confusing. Remove those
sentences.
Robbie Harwood [Thu, 2 May 2019 17:36:38 +0000 (13:36 -0400)]
Initialize some data structure magic fields
Static analyzers may complain if they see a data structure copied with
an uninitialized field, even if the copy target won't use the field.
Add magic field initializers in three such places.
On systems with secure_getenv() (glibc 2.17+) use it directly. For
the fallback implementation, check the current process uids and gids
in a library initializer, looking at the saved uid and gid where
possible. Include a comment about more aggressive approaches to
detecting elevated privilege.
In krb5int_hmac_keyblock() and krb5int_pbkdf2_hmac(), check for errors
from previously unchecked OpenSSL function calls and return
KRB5_CRYPTO_INTERNAL if they fail.
HMAC_Init() is deprecated in OpenSSL 1.0 and later; as we are
modifying the call to check for errors, call HMAC_Init_ex() instead.
If configure is explicitly asked to build with libreadline, look for
and link against only -lreadline, relying on the platform to resolve
any dependencies.
The example code for gss_get_mic_iov() using a caller-provided buffer
calls gss_wrap_iov_length() and gss_wrap_iov() instead of
gss_get_mic_iov_length() and gss_get_mic_iov() as intended. Reported
by Frank Filz.
As part of error handling in d3b39a8bac6206b5ea78b0bf6a2958c1df0b0dd5,
an error path in delete_cred() may result in close(-1). While this
shouldn't be a prolblem in practice (just returning EBADF), it does
upset Coverity.
Use data_eq_string() to check the server realm, and do not check if
cred->server is NULL since it is not expected to be (and
k5_marshal_cred() would have already crashed if it were).
Previously, only KCM and MSLA implemented credential removal. Add
support for FILE (and therefore DIR), MEMORY, and KEYRING.
The FILE logic is similar Heimdal's implementation, with additional
logic for skipping removed creds during iteration. In addition to
setting endtime to 0 and changing the realm for config entries as
Heimdal does, we set authtime to -1 to make deleted entries
distinguishable from gssproxy encrypted creds and config entries.
For MEMORY, leave behind empty list elements when removing a cred will
leave behind an empty list element, in case an iterator holds a
pointer to that element.
[ghudson@mit.edu: edited commit message; made minor style and comment
changes; fixed memory leaks detected by asan]
Clarify header comment for krb5_cc_start_seq_get()
Previously this comment seemed to suggest that applications needed to
block all other access to the ccache (including by other processes)
during iteration.
Greg Hudson [Tue, 19 Mar 2019 15:15:26 +0000 (11:15 -0400)]
Suppress krb5_cc_start_seq_get() popups in Leash
Under some circumstances (perhaps related to a February Windows 10
update), Leash can get past the krb5_cc_get_principal() step when
processing an empty MSLSA ccache, and get a KRB5_CC_NOMATCH error from
krb5_cc_start_seq_get(). Do not display a modal error dialog if this
happens.
Robert Marshall [Wed, 13 Mar 2019 03:20:06 +0000 (23:20 -0400)]
Add option to build without libkeyutils
Add a --without-keyutils option to disable the keyring ccache, for
scenarios where minimizing libkrb5 dependencies is important.
[ghudson@mit.edu: moved processing to configure.ac; added error if
explicit --without-keyutils is given and libkeyutils is not found;
nested persistent keyring check for clarity; moved new documentation
to appropriate place and don't mention persistent keyrings; rephrased
commit message]
Isaac Boukris [Wed, 16 Jan 2019 22:23:25 +0000 (00:23 +0200)]
Add KDC support for X.509 S4U2Self requests
Add a KDB function krb5_db_get_s4u_x509_principal() and an associated
method in the DAL, bumping the minor version and cleaning up a
leftover comment in the table from major version 6.
When processing an AS-REQ, look up the client principal by certificate
if the request contains a non-empty PA-S4U-X509-USER value. When
processing an S4U2Self TGS-REQ, allow requests with certificates, and
look up the client principal by certificate if one is presented.
[ghudson@mit.edu: factored out lookup_client() in AS code; rewrote
commit message and some comments; adjusted flow control changes in
kdc_process_s4u_x509_user()]
Isaac Boukris [Tue, 15 Jan 2019 00:53:25 +0000 (02:53 +0200)]
Expand S4U2Self exception in KDC lineage check
An S4U2Self TGS-REQ using only a certificate to identify the user will
not include PA-FOR-USER, so we need to check both types when making an
exception in the lineage check. (S4U2Self requests are allowed to
bypass the lineage check because cross-realm S4U2Self ends with a
backwards cross-realm request to the server realm.)
[ghudson@mit.edu: factored out padata check; deindented the code block
by combining conditionals; rewrote commit message]
Isaac Boukris [Fri, 11 Jan 2019 08:49:19 +0000 (10:49 +0200)]
Fix client code for S4U2Self with certificate
During realm identification, don't send the certificate in the AS
request if we have an enterprise name, for consistency with the
Windows LSA API behavior. If we are using just a certificate, use the
appropriate client principal name type with a single empty data
component.
krb5int_process_tgs_reply() needs to see an S4U2Self padata type in
in_padata to apply the correct logic when verifying the client
principal in the reply. If we are using only a certificate, we
currently do not pass any in_padata (because we do not send
PA-FOR-USER in this case, and the PA-S4U-X509-USER is constructed via
a callback). Change the code to place an empty PA-S4U-X509-USER in
in_padata, to be modified by the callback; that way we can reliably
detect the S4U2Self case when processing the reply.
In krb5_get_self_cred_from_kdc(), when constructing an empty client
principal for a cert-only S4U2Self request, properly terminate the
krb5_build_principal_ext() argument list to avoid a crash. Don't
bother setting the name type as it isn't sent.
Only send the certificate in the first TGS-REQ to the client realm.
To the intermediate and final realms, send the principal name only.
Use the checksum-protected principal name in the first KDC's
PA-S4U-X509-USER response for subsequent requests and to verify the
unprotected client name in the final reply.
After receiving the final reply, check if we had cached credentials
under the discovered client name (unless it's the same as the input
client name) and return the cached credentials if we find them.
Greg Hudson [Fri, 1 Mar 2019 02:28:43 +0000 (21:28 -0500)]
Use memory replay cache for DO_TIME auth contexts
Instead of requiring the caller to set up a persistent replay cache
for KRB-PRIV/KRB-SAFE/KRB-CRED messages produced in DO_TIME auth
contexts, use an in-memory replay cache.
Update the API documentation for the affected functions and correct
some inaccuracies.
Greg Hudson [Wed, 2 Jan 2019 21:54:28 +0000 (16:54 -0500)]
Improve S4U2Self realm identification internals
Realm identification for S4U2Self requests ([MS-SFU] 3.1.5.1.1.1) uses
the AS code path with some differences: we might want to include a
subject certificate in pa-data, we want to stop as soon as we get a
reply indicating which realm the client is in, and we want to
communicate that realm to the caller. The current method of making
these changes is fragile--it uses an optimistic preauth type but does
not actually pre-authenticate, and it assumes that the AS code will
terminate with a predictable error if there is no prompter and a
trivial GAK function.
Instead, add fields to krb5_get_init_creds_context for realm
identification, and support them in the AS state machine, making sure
never to invoke preauth modules. Add a new library-internal function
k5_identify_realm() to set up an appropriate context, run the state
machine, and copy out the client principal of the last request on
success.
Greg Hudson [Mon, 4 Mar 2019 21:11:11 +0000 (16:11 -0500)]
Update comment in lock_file.c
Gnu libc commit 06ab719d30b01da401150068054d3b8ea93dd12f fixed the OFD
locking issue on 32-bit Linux. We still need to work around the bug
for older versions, but update the comment to note the release in
which the bug was fixed.
Greg Hudson [Mon, 4 Mar 2019 16:07:45 +0000 (11:07 -0500)]
Fix ASN.1 test secure cookie comparison
One of the comparisons in ktest_equal_secure_cookie() was
tautological. Use scalar_equal() for consistency with other tests.
Also use scalar_equal() in ktest_equal_kkdcp_message().
Greg Hudson [Sun, 3 Mar 2019 20:42:04 +0000 (15:42 -0500)]
Rename configure.in to configure.ac
autotools plans to drop support for the name configure.in.
(automake's NEWS file expresses plans to drop support for it in
autoconf 2.0; autoconf added a warning in commit 560f16b52d3d3db1536d9ca5b863ce9b1a5c9e35, indicating in the commit
message that support will be dropped in a future version.)
projects / thirdparty / krb5.git / log
