Commit 4963edfac2ef111f3d9e6f39e589d9075a185b51 changed calls to four
OpenSSL functions to use the new preferred names, but missed two call
sites. Reported by David Morash.
Commit 729896467e3c77904666019d6cbbda583ae49b95 amended
kg_cred_time_to_refresh() to attempt a refresh from a client keytab
when creds are close to expiration, even if no refresh_time config
entry is set (as would be the case if the creds were acquired from a
client keytab in the first place). The added conditional sets a
refresh_time config entry, which is unhelpful as it has no
corresponding check for one. kg_cred_time_to_refresh() is called
before can_get_initial_creds(), so we add a config entry on every
acquire_cred call when the creds are expired or close to expired, even
with no accessible keytab. Remove the set_refresh_time() call to
avoid this inefficient behavior.
For krb5_change_password(), krb5_set_password(), and
krb5_set_password_using_ccache(), document that result_code_string may
be NULL and that the caller should free result_code_string and
result_string with krb5_free_data_contents(). Also ensure that
result_code_string and result_string are initialized along all exit
paths. Reported by Joonas Tuomisto.
Greg Hudson [Wed, 11 Jun 2025 18:08:31 +0000 (14:08 -0400)]
Avoid undefined memcpy in asn1_encode.c
The C standard specifies that passing null pointers to most standard
library functions results in undefined behavior (C99 7.1.4). This
applies to memcpy() even when the length is 0. insert_bytes() in
asn1_encode.c may be called with a null pointer from an empty
krb5_data or other counted value in a structure to be encoded. Do not
call memcpy() in this case.
Greg Hudson [Thu, 12 Jun 2025 21:15:24 +0000 (17:15 -0400)]
Remove libkdb_ldap null argument checks
libkdb_ldap contains some spotty null argument pointer checks, which
is not the project's practice outside of the GSSAPI. Remove them.
Also remove krb5_ldap_delete_krbcontainer(), which became unused after
commit 0269810b1aec6c554fb746433f045d59fd34ab3a.
Dax Kelson [Tue, 13 May 2025 17:54:41 +0000 (11:54 -0600)]
Add xrealmauthz KDC policy module and tests
This module provides fine-grained access control for cross-realm
authentications by checking string attributes on the incoming
cross-realm TGT entry. It supports realm-based and principal-specific
authorization rules.
The module is not installed by the build system or loaded by default,
and is documented only in the module source code.
[ghudson@mit.edu: simplified code and tests; edited commit message]
Greg Hudson [Wed, 21 May 2025 21:11:07 +0000 (17:11 -0400)]
Refactor dnsglue functions using k5input
Use k5input to make the dnsglue.c and dnssrv.c functions simpler and
more robust. Rename the dnsglue functions to use the now-preferred
k5_ prefix instead of krb5int_. Use stdint type names instead of
unsigned char and unsigned short. Remove some out-of-date comments.
Change the query loop in k5_dns_init() to continue expanding the
buffer if the reported answer length is exactly equal to the buffer
size, as that is the observed behavior from the glibc res_nquery()
when the buffer size is too small for the answer.
Greg Hudson [Mon, 12 May 2025 20:21:05 +0000 (16:21 -0400)]
Simplify preauth fallback disabling
Remove the fallback_disabled field from krb5_init_creds_context, and
instead record the current preauth type as the only allowed preauth
type when a preauth module invokes the disable_fallback() method.
The previous method failed to prevent fallback when a KDC unexpectedly
responds with PREAUTH_REQUIRED partway through the preauth exchange.
Reported by Richard Silverman.
Avoid passing NULL to krb5_string_to_keysalt() in add_random_key().
When add_random_key() was first written, krb5_string_to_keysalts() did
nothing on a null string input. After commit 3576bd662be9b7cc2cca97065fe467e745542b69 it calls strdup(NULL) and
crashes.
Bring the SPAKE edwards25519_fiat.h up to date with BoringSSL commit 5813c2c10c73d800f1b0d890a7d74ff973abbffc. This update adds value
barriers to the conditional move functions, to prevent clang
optimizations that would make them not constant-time.
Update the path reference comments in edwards25519.c and
edwards25519_tables.h, but do not update the code as the upstream
license has changed.
Recent versions of the Linux kernel (after commit 5b0af621c3f6ef9261cf6067812f2fd9943acb4b) return -1 with errno set to
EOPNOTSUPP when a process attempts to set SO_REUSEPORT on a UNIX
domain socket. We started setting this flag in commit c423f13cc2f3fbdbf48390535cb1629b99b0eb27 to work around a test suite
issue on macOS. Restrict setting SO_REUSEPORT to macOS to avoid
unnecessary interactions with its behavior on other platforms.
In libkadm5, change the type of the keepold parameters from
krb5_boolean to unsigned int (which is the underlying type of
krb5_boolean, so this is not an API or ABI change). In libkadm5srv,
interpret a keepold value greater than 2 to be a limit on the number
of resulting key versions including the new one.
In kadmind, when a principal changes its own keys, limit the number of
resulting key versions to 5.
The LDAP KDB module synthesizes KRB5_TL_CONSTRAINED_DELEGATION_ACL
tl-data when fetching a principal entry, and checks against those
values in krb5_ldap_check_allowed_to_delegate(). To avoid a locally
incorrect use of a counted data type, adjust the synthesized
attributes to include the trailing zero byte in tl_data_length, and
verify the zero terminator before calling krb5_parse_name() on the
value.
Ensure that kadm5_chpass_principal_3() does not reference pol or hist
when the principal has a policy reference but the policy does not
exist. (Both structures are zeroed in this case, so the resulting
checks are pointless but have defined and harmless behavior.)
Ensure that xdr_krb5_key_data() does not produce an inconsistent
representation if the serialized key_data_contents fields do not match
the corresponding byte array lengths. (This function is only used by
libkadm5srv to serialize historical key data in per-principal kadmin
data.)
iakerb_initiator_step() must pass through most KRB-ERROR messages in
order to properly handle recoverable AS and TGS errors such as
KDC_ERR_PREAUTH_REQUIRED. Only stop on IAKERB errors.
[ghudson@mit.edu: changed code to check for com_err codes instead of
protocol codes; changed iakerb_acceptor_realm() to respond with an
IAKERB error when realm determination fails and modified test case
accordingly; added a test case by requiring preauth on the user
principal when testing IAKERB; rewrote commit message]
Add a missing "else" to init_creds_step_request(). The mistake was
harmless because optimistic preauth can only be present for the first
step, and the other conditions can only be true after the state
machine has processed an error reply.
Rull Deef [Thu, 27 Mar 2025 07:54:46 +0000 (10:54 +0300)]
Fix getsockname() call in Windows localaddr
When querying local IP addresses, local_addr_fallback_kludge() is
called on Windows if gethostname() or gethostbyname() fails. This
function's call to getsockname() erroneously passes a small integer as
the third argument instead of a pointer, likely causing a process
crash. This bug has been present since 1.1, but is rarely encountered
due to the rarity of requests for addressful tickets. Fix it.
Greg Hudson [Mon, 31 Mar 2025 23:01:54 +0000 (19:01 -0400)]
Avoid gss_inquire_attrs_for_mech() null outputs
gss_inquire_attrs_for_mech() can return successfully with *mech_attrs
or *known_mech_attrs set to GSS_C_NO_OID_SET, which is at best
inconvenient as gss_test_oid_set_member() does not allow
GSS_C_NO_OID_SET as an input. Create empty sets instead.
When iakerb_gss_accept_sec_context() processes an initial token which
is not an IAKERB token (because the client already has a service
ticket), set *context_handle. Otherwise subsequent GSS calls using
this context will dereference a null pointer and crash.
[ghudson@mit.edu: moved fix to cleanup handler to avoid code
duplication; added tests; rewrote commit message]
When importing a name to IAKERB, don't add the default realm when we
parse strings. Host-based name imports will continue to use
krb5_sname_to_principal(), which may add a realm from [domain_realm]
but won't add the default realm.
In the IAKERB state machine, query for the service's realm if the
client name doesn't have a realm. To reduce code duplication, make
iakerb_make_token() responsible for saving the token and incrementing
the message count.
[ghudson@mit.edu: added tests; added a discovery state to the machine;
expanded import; adjusted iakerb_make_token() contract; rewrote commit
message]
Julien Rische [Tue, 14 Jan 2025 12:31:11 +0000 (13:31 +0100)]
Add PKINIT paChecksum2 from MS-PKCA v20230920
In 2023, Microsoft updated MS-PKCA to add the optional paChecksum2
element in the PKAuthenticator sequence. This checksum accepts SHA-1,
SHA-256, SHA-384, and SHA-512 digests.
In Windows Server 2025, this checksum becomes mandatory when using
PKINIT with FFDH (but strangely not with ECDH if SHA-1 is configured as
allowed).
[ghudson@mit.edu: refactored crypto interfaces to reduce complexity of
calling code]
Ken Hornstein [Sun, 2 Mar 2025 04:02:58 +0000 (23:02 -0500)]
Use k5_path_join() in krb5int_open_plugin_dirs()
Simplify and improve the portability of krb5int_open_plugin_dirs()
using k5_path_join(). (There is no immediate practical benefit as
this function is only used to find kdb5, authdata, and locate plugin
modules.)
[ghudson@mit.edu: further simplified code; edited commit message]
Ken Hornstein [Fri, 6 Dec 2024 20:29:33 +0000 (15:29 -0500)]
Build PKINIT on Windows
Include PKINIT in the Windows build if OPENSSL_DIR is set.
In the installer, require PKINIT to be built, and require
OPENSSL_VERSION to be set in the environment. Include the PKINIT
module and a copy of the OpenSSL libcrypto DLL.
Document the OpenSSL dependency in windows/README. Also clarify the
Visual Studio dependencies, and restore the prep-windows build step
which was accidentally removed by commit 5f33fb2cf19562175c8271cb9c54a67212f63b93.
[ghudson@mit.edu: added CI and installer integration; edited README
and commit message]
Greg Hudson [Wed, 15 Jan 2025 02:25:51 +0000 (21:25 -0500)]
Add alias support
Add a new kadmin command add_alias. Implement it for DB2 and LMDB by
writing stub principal entries with a tl-data entry giving the target
name. Add libkdb5 functions to create and interpret alias entries.
Handle these stub entries in krb5_db_get_principal(), iteratively
resolving aliases up to a depth of 10.
To allow kadm5_delete_principal() to work on aliases, remove the code
that fetches the entry prior to deletion; it was needed before commit 0780e46fc13dbafa177525164997cd204cc50b51 to decrement the policy
reference count, but now serves no purpose. Adjust kdb_delete_entry()
to translate KRB5_KDB_NOENTRY instead of ignoring it, as we still want
to return KADM5_UNK_PRINC when deleting a nonexistent principal name.
Modify the LDAP KDB module to work with alias entries. In
krb5_ldap_put_principal(), recognize stub alias entries and add an
alias to the object for the target principal. In
krb5_ldap_delete_principal(), don't delete the LDAP object when
deleting an alias name. In krb5_ldap_iterate(), generate stub entries
for each alias name in addition to the populated entry for the
canonical name. A small amount of refactoring was done as part of
this work: the LDAP-specific principal name parsing and unparsing
functions were simplified, and a helper function search_princ() was
added to find the LDAP object for a principal name.
In kdb5_util tabdump, add a dump type "alias" to display a list of
aliases in the database.
Greg Hudson [Wed, 18 Dec 2024 19:52:28 +0000 (14:52 -0500)]
Remove 32-bit build from KfW installer
In src/windows/README, document only the steps for a 64-bit build. In
the installer, expect only 64-bit binaries. In the CI, perform only a
64-bit Windows build, and split up the build into three steps so that
build failures are easier to understand.
Greg Hudson [Wed, 29 Jan 2025 05:22:57 +0000 (00:22 -0500)]
Allow only one salt type per enctype in key data
In the default libkdb5 password change method, omit requested key/salt
combinations that duplicate an earlier encryption type, even if they
have a different salt type. Any use cases for multiple salts for the
same enctype disappeared with single-DES support. (We already have
this behavior for chrand requests.)
If LISTEN_PID and LISTEN_FDS are set in the environment, expect
listener sockets to be present at fds starting at 3. If any match a
configured listener address and port, use it instead of creating a new
socket.
[ghudson@mit.edu: combined two commits; changed sa_compare() to
sa_equal(); restructured changes to fetch listener sockets into a list
once and to match on socket type as well as address; added tests]
Zoltan Borbely [Tue, 28 Jan 2025 21:39:25 +0000 (16:39 -0500)]
Prevent overflow when calculating ulog block size
In kdb_log.c:resize(), log an error and fail if the update size is
larger than the largest possible block size (2^16-1).
CVE-2025-24528:
In MIT krb5 release 1.7 and later with incremental propagation
enabled, an authenticated attacker can cause kadmind to write beyond
the end of the mapped region for the iprop log file, likely causing a
process crash.
[ghudson@mit.edu: edited commit message and added CVE description]
Julien Rische [Thu, 1 Aug 2024 08:56:07 +0000 (10:56 +0200)]
Set missing mask flags for kdb5_util operations
Set KADM5_TL_DATA for the use_mkey and update_princ_encryption
commands. (Commit c877f13c8985d820583b0d7ac1bb4c5dc36e677e did this
for the add_new_mkey and purge_mkeys commands.) Set appropriate flags
for the add_random_key command.
[ghudson@mit.edu: combined two commits; pruned out proposed mask flag
additions for values represented within key data or tl-data (like
KADM5_MKVNO), as those flags are currently only used in the kadm5
protocol, not to communicate with the KDB module]
Greg Hudson [Mon, 30 Dec 2024 01:30:56 +0000 (20:30 -0500)]
Work around Debian cyrus-sasl2 leak in t_kdb.py
A Debian patch to cyrus-sasl2 causes a memory leak in the DIGEST-MD5
plugin. To avoid CI failures in the asan build, suppress leak
detection during the DIGEST-MD5 tests for now.
Greg Hudson [Mon, 23 Dec 2024 22:16:00 +0000 (17:16 -0500)]
Work around llvm-symbolizer LD_LIBRARY_PATH issue
On some platforms llvm-symbolizer is linked against libcurl, which
depends on the krb5 libraries. When the test suite runs programs with
LD_LIBRARY_PATH pointed at asan-compiled krb5 libraries,
llvm-symbolizer will encounter a dynamic linker error at startup,
interfering with the display of stack traces.
In k5test.py, when the build enables asan, wrap the platform's
symbolizer in a script that unsets LD_LIBRARY_PATH (or similar) and
then runs the real llvm-symbolizer.
Greg Hudson [Fri, 20 Dec 2024 06:51:24 +0000 (01:51 -0500)]
Fix CI errors on Ubuntu 24.04
Supress a warning in the parser generated by Bison from x-deltat.y.
Convert krb5_ldap_get_age() to use a prototype. Fix memory leaks in
the ASN.1 tests. Check errflg after argument parsing in kdc5_hammer.
Pin the linux-clang job to Ubuntu 22.04 until we can work around an
llvm-symbolizer issue which causes test suite failures.
Ken Hornstein [Thu, 12 Dec 2024 17:56:52 +0000 (12:56 -0500)]
Remove use of -entry flag for DLLs on Windows
Remove the use of the -entry flag to specify a DLL entry point on
Windows, as it is no longer recommended. The default Windows entry
point will call a DllMain() function if one is provided; use that name
in kfwlogon instead of DllEntryPoint().
Greg Hudson [Mon, 2 Dec 2024 19:11:38 +0000 (14:11 -0500)]
Default kdc_tcp_listen to kdc_listen value
If kdc_tcp_listen is not specified in the realm or in [kdcdefaults],
use the same listeners as were given for UDP instead of separately
defaulting to port 88. This change makes the kdc_listen and
kpasswd_listen more consistent, while still allowing UDP and TCP
listening to be separately configured when required for the KDC.
Make the KDC and kadmind listen on UNIX domain sockets if any are
listed in kdc_listen, kadmind_listen, or kpasswd_listen. Send KDC and
kpasswd requests on UNIX domain sockets if any are listed in the kdc
and primary_kdc realm variables.
[ghudson@mit.edu: combined several commits; simplified client side by
treating UNIX domain socket entries like module-generated addresses;
edited commit message]
Add sa2sun() and ss2sun() helpers to socket-utils.h. Add UNIX domain
socket support to sa_socklen() and print_addr(). Expand buffers for
printing addresses to 128 bytes to accomodate the maximum UNIX domain
socket path length.
Add loop_add_unix_socket() to net-server.c, primarily using the
existing TCP support (renamed to "stream").
As there is no standard Kerberos address type for UNIX domain sockets,
add basic directional address support. Add a definition for
ADDRTYPE_DIRECTIONAL in krb5.h. Add private constant krb5_address
objects to libkrb5 for initiator and acceptor directional addresses.
Use directional addresses for the KRB-SAFE/KRB-PRIV source address in
the kprop and password change protocols when the transport is not IPv4
or IPv6.
krb5_address objects are used for auditing purposes in the KDC audit
and KDB pluggable interfaces. Add a local-use address type
ADDRTYPE_UNIXSOCK for use in these cases. Add a flag to
k5_sockaddr_to_address() to indicate whether this address type can be
used. Add UNIX domains socket conversion support to the test audit
plugin module.
[ghudson@mit.edu: combined several commits; used directional addresses
for KRB-SAFE/KRB-PRIV; reduced duplication in net-server.c support;
wrote commit message. Also based on work by Alexander Bokovoy.]
Greg Hudson [Thu, 14 Nov 2024 03:51:20 +0000 (22:51 -0500)]
Refactor libapputils handling of socket addresses
Add private libkrb5 APIs for sockaddr-to-krb5-address conversion and
for printing socket addresses. Use them in the KDC, kadmind,
kprop/kpropd, and trace logging.
In net-server.c, do not convert the local and remote socket addresses
to krb5_address; instead pass them directly to dispatch(). Convert
the addresses where needed in the KDC and kadmind.
Greg Hudson [Sun, 17 Nov 2024 18:54:12 +0000 (13:54 -0500)]
Fix minor logic errors
In k5_externalize_auth_context(), serialize the correct field when
remote_port is set. This is not a reachable bug because the function
is only accessible via gss_export_sec_context(), and the GSS library
does not set a remote port.
In generic_gss_oid_to_str(), remove an inconsistently-applied test for
a null minor_status. Also remove minor_status null checks from
generic_gss_release_oid() and generic_gss_str_to_oid(), but add output
initializations and pointer checks to the API functions in g_oid_ops.c
in a similar manner to other GSSAPI functions. Remove
gssint_copy_oid_set() and replace its one call with a call to
generic_gss_copy_oid_set().
In the checksum functions, avoid crashing if the caller passes a null
key and checksum type 0. An error will be returned instead when
find_cksumtype() can't find the checksum type.
(krb5_k_verify_checksum() already had this check.)
In pkinit_open_session(), remove an unnecessary null check for
ctx->p11_module_name, and add a check for p11name being null due to an
asprintf() failure.
In profile_add_node(), add a check for null ret_node in the duplicate
subsection check. This is not a reachable bug because the function is
currently never called with null ret_node and null value.
In ksu's main(), check for krb5_cc_default_name() returning NULL
(which only happens on allocation failure). Also clean up some
vestiges left behind by commit 9ebae7cb434b9b177c0af85c67a6d6267f46bc68.
In ksu's get_authorized_princ_names(), close login_fp if we fail to
open k5users_path.
In the KDC and kpropd write_pid_file(), avoid briefly leaking the file
handle on write failure.
Ken Hornstein [Wed, 4 Dec 2024 02:54:35 +0000 (21:54 -0500)]
Fix Windows regression in k5_make_uri_query()
Commit d035119c3b2b402f3ad49a4c7b6264826ea923bb introduced an extra
parameter to the function k5_make_uri_query(), but did not add that
parameter to the Windows stub version of this function, causing a null
pointer exception when this function was called. Add the parameter
now.
Ken Hornstein [Fri, 29 Nov 2024 21:32:06 +0000 (16:32 -0500)]
Check for sys/random.h
The function getentropy() is supported on newer versions of MacOS X,
but requires the include file sys/random.h. Check for that and include
it where getentropy() is used.
Greg Hudson [Mon, 18 Nov 2024 23:45:16 +0000 (18:45 -0500)]
Constify some socket-utils.h functions
Accept constant pointers in sa_getport(), sa_is_inet(),
sa_is_wildcard(), and sa_socklen().
Make sa2sin() and sa2sin6() accept and return constant pointers. For
the most part we write to sockaddr_storage and read from sockaddr.
The biggest exception is udppktinfo.c; adjust its internal APIs to use
sockaddr_storage for output and inferred lengths for input. All of
the other exceptions use sa_setport().
Currently setting kdc_listen or kdc_tcp_listen to the empty string
disables listening for UDP and TCP connections respectively, but
setting kadmind_listen or kpasswd_listen to the empty string listens
on the wildcard address. Make the behavior consistent by changing
loop_add_addresses() to add no listeners when the string contains no
tokens. Remove the conditionals from the KDC code.
Document the new behavior of kadmind_listen and kpasswd_listen, and
the existing behavior of kdc_listen.
[ghudson@mit.edu: simplified loop_add_addresses(); combined several
commits and rewrote commit message]
Greg Hudson [Wed, 6 Nov 2024 22:31:37 +0000 (17:31 -0500)]
Prevent undefined shift in decode_krb5_flags()
In the statement "f |= bits[i] << (8 * (3 - i))", bits[i] is
implicitly promoted from uint8_t to int according to the integer
promotion rules (C99 6.3.1.1). If i is 0 and bits[i] >= 128, the
result cannot be represented as an int and the behavior of the shift
is undefined (C99 6.5.7). To ensure that the shift operation is
defined, cast bits[i] to uint32_t.
(f and the function output are int32_t, but the conversion of uint32_t
to int32_t is implementation-defined when the value cannot be
represented, not undefined. We check in configure.ac that the
platform is two's complement.)
Greg Hudson [Sun, 27 Oct 2024 23:01:51 +0000 (19:01 -0400)]
Fix krb5_ldap_list_policy() filtering loop
The loop at the end of this function is intended to ignore ticket
policy DNs that can't be converted to names. But it instead leaves a
hole in the output list if that happens, effectively truncating the
list and leaking any subsequent entries. Use the correct index for
the output list.
Greg Hudson [Mon, 28 Oct 2024 15:51:54 +0000 (11:51 -0400)]
Fix type violation in libkrad
remote.c uses casts to cover up a signature difference between
iterator() and krad_packet_iter_cb. The difference is unimportant in
typical platform ABIs, but calling the function this way is undefined
behavior (C99 6.3.2.8). Fix iterator() to conform to
krad_packet_iter_cb and remove the casts.
Greg Hudson [Sun, 20 Oct 2024 06:09:26 +0000 (02:09 -0400)]
Allow null keyblocks in IOV checksum functions
Null keyblocks are allowed by the libk5crypto checksum functions when
the checksum type is not keyed. However, krb5_c_make_checksum_iov()
and krb5_c_verify_checksum_iov() crash on null keyblock inputs because
they do not check before converting to krb5_key as their non-IOV
variants do. Add the missing null checks.
Greg Hudson [Mon, 21 Oct 2024 23:04:08 +0000 (19:04 -0400)]
Prevent late initialization of GSS error map
Some of the peripheral libgssapi_krb5 utility functions, such as
gss_str_to_oid(), do not access the mechanism list and therefore do
not reach any of the calls to gssint_mechglue_initialize_library().
If one of these functions is called early and produces an error, its
call to map_error() will operate on the uninitialized error map. When
the library is later initialized, any entries added to the error map
this way will be leaked.
To ensure that the error map is initialized before it is operated on,
add library initialization calls to gssint_mecherrmap_map() and
gssint_mecherrmap_get().
In kpasswd_sendto_msg_callback(), if getsockname() does not reveal the
local address, a copy of the first local address's contents is made
and never freed. Instead of making an allocated copy of the address
contents, make a shallow copy of the whole address. Delay freeing the
address array until the end of the function so that alias pointer made
by the shallow copy remains valid.
[ghudson@mit.edu: further simplified code; rewrote commit message]
Commit aa91cb5dbbd4356c7a9069f4f52a10f70d91bc00 added kadmind_listen,
kpasswd_listen, and iprop_listen fields to kadm5_config_params, but
did not add them to the fields freed in kadm5_free_config_params().
Add them now.
Julien Rische [Thu, 22 Aug 2024 15:15:50 +0000 (17:15 +0200)]
Generate and verify message MACs in libkrad
Implement some of the measures specified in
draft-ietf-radext-deprecating-radius-03 for mitigating the BlastRADIUS
attack (CVE-2024-3596):
* Include a Message-Authenticator MAC as the first attribute when
generating a packet of type Access-Request, Access-Reject,
Access-Accept, or Access-Challenge (sections 5.2.1 and 5.2.4), if
the secret is non-empty. (An empty secret indicates the use of Unix
domain socket transport.)
* Validate the Message-Authenticator MAC in received packets, if
present.
FreeRADIUS enforces Message-Authenticator as of versions 3.2.5 and
3.0.27. libkrad must generate Message-Authenticator attributes in
order to remain compatible with these implementations.
[ghudson@mit.edu: adjusted style and naming; simplified some
functions; edited commit message]
Arjun [Fri, 11 Oct 2024 03:22:52 +0000 (08:52 +0530)]
Fix potential PAC processing crash
An input to krb5_pac_parse() with a zero-length buffer at the end of
the PAC can cause an assertion failure in k5_pac_locate_buffer() due
to an off-by-one error. Correct the assertion.
Arjun [Thu, 10 Oct 2024 19:07:52 +0000 (00:37 +0530)]
Disable include and includedir in fuzzing build
When building for fuzz teting, ignore "include" and "incluedir"
directives in the profile library's parse_line(), to prevent it from
trying to open non-existent paths generated by the fuzzing library.
Alexey Tikhonov [Fri, 4 Oct 2024 16:00:21 +0000 (18:00 +0200)]
Avoid mutex locking in krb5int_trace()
Trace logging doesn't need unique timestamps, so the locking within
krb5_crypto_us_timeofday() makes trace logging slower for no reason.
Add a new helper k5_us_timeofday(), which is merely a wrapper around
the existing get_time_now(), and use it in krb5int_trace().
Alexey Tikhonov [Thu, 3 Oct 2024 16:40:04 +0000 (18:40 +0200)]
Fix krb5_crypto_us_timeofday() microseconds check
Commit a60db180211a383bd382afe729e9309acb8dcf53 mistakenly reversed
the sense of the krb5_crypto_us_timeofday() conditional that enforces
fowards movement of the microseconds value within a second. Moreover,
the macros ts_after() and ts_incr() should not have been applied to
non-timestamp values. Revert the incorrect changes.
In klists's show_credential(), ensure that the column counter doesn't
decrease if printf() fails.
In process_k5beta7_princ(), bounds-check the e_length field.
In ndr_enc_delegation_info(), initialize b so it is always valid for
the cleanup handler.
In krb5_dbe_def_decrypt_key_data(), change the flow control so ret is
always set by the end of the function. Return KRB5_KDB_INVALIDKEYSIZE
if there isn't enough data in the first key_data_contents field or if
the serialized key length is invalid.
In svcauth_gss_validate(), expand rpchdr to accomodate the header plus
MAX_AUTH_BYTES.
In svcudp_reply(), change slen to unsigned to match the return type of
XDR_GETPOS() and eliminate an unnecessary check for slen >= 0.
In krb5int_pthread_loaded()(), remove pthread_equal() from the weak
symbol checks. It is implemented as an inline function in some glibc
versions, which makes the comparison "&pthread_equal == 0" always
false.
[ghudson@mit.edu: further modified krb5_dbe_def_decrypt_key_data() for
clarity; added detail to commit message]
Greg Hudson [Thu, 29 Aug 2024 19:25:54 +0000 (15:25 -0400)]
Block library unloading to avoid finalizer races
Library finalizers can run due to the library being unloaded or the
process exiting. If the library is being unloaded, global memory
resources must be released to avoid memory leaks. But if the process
is exiting, releasing memory resources can lead to race conditions if
another thread invokes functions from the library during or after
finalizer execution. Most commonly this manifests as an assertion
error about trying to lock a destroyed mutex.
We can block unloading of our library on ELF platforms by passing "-z
nodelete" to the linker. Add a shell variable "lib_unload_prevented"
to the shlib.conf outputs, set it on platforms where we can block
unloading, and suppress finalizers when it is set.
On Windows we can detect if the process is exiting by checking for a
non-null lpvReserved argument in DllMain(). Do not execute finalizers
when the process is executing.
Greg Hudson [Thu, 15 Aug 2024 15:30:07 +0000 (11:30 -0400)]
Replace Windows installer FilesInUse dialog text
Windows installers must provide a FilesInUse dialog, with the intent
of minimizing the need to restart the system after software
installations. For reasons related to the LSA cache, the KfW
installer always schedules a post-installation reboot (see commit 50a3c3cbeab32577fba2b21deb72a64015c48ec7). Reword the FilesInUse
dialog text to recommend clicking Ignore, causing the conflicting
files to replaced on the reboot. (The affected files are likely C
runtime DLLs, and the existing versions will almost certainly suffice
if KfW programs are run prior to a reboot.)
Greg Hudson [Mon, 24 Jun 2024 19:46:50 +0000 (15:46 -0400)]
Refactor GSS per-message token parsing
Replace kg_unseal_v1() and gss_krb5int_unseal_token_v3() with new
functions using current coding practices. Notable differences
include:
* The new functions use k5input for improved safety.
* The new functions do not modify the input buffer.
* The new functions will never try to allocate zero bytes of memory.
* There are separate functions for unwrap and verify_mic, which means
there is no message_buffer parameter acting conditionally as an
input or output.
Commit 1b57a4d134bbd0e7c52d5885a92eccc815726463 made the KDC stop
issuing des3 and rc4 session keys by default. To make the des3 and
arcfour passes of the test suite work, it added aes256-sha1 to the
permitted enctypes for those passes. Negotiating AES session keys
reduces coverage of pre-CFX GSSAPI code and other uses of the older
enctypes. Instead set the enable_des3 and enable_rc4 variables.
Greg Hudson [Wed, 19 Jun 2024 22:55:35 +0000 (18:55 -0400)]
Refactor GSS token header parsing
Rewrite g_verify_token_header() to use k5input and not to handle
two-byte token IDs (which are specific to the krb5 mechanism). Add a
more general g_get_token_header() which can handle detached wrappers
and cases where the mech is not known in advance. Adjust all current
callers, and get rid of the duplicate DER parsing code added in commit b0a2f8a5365f2eec3e27d78907de9f9d2c80505a.
In k5-input.h, split out tag and length parsing into
k5_der_get_taglen(), needed by g_get_token_header().
projects / thirdparty / krb5.git / log
