Greg Hudson [Fri, 11 Mar 2011 17:53:18 +0000 (17:53 +0000)]
Although it can't actually happen, make it more explicit that we won't
dereference a null mech in the cleanup handler of the mechglue's
gss_accept_sec_context.
Greg Hudson [Fri, 11 Mar 2011 04:20:17 +0000 (04:20 +0000)]
Move the des and AFS string-to-key implementations into lib/crypto/krb,
since they aren't standard crypto primitives. Revise the module SPI
accordingly. Add tests for AFS string-to-key to t_str2key.c to replace
the ones in the (now defunct) t_afss2k.c.
Greg Hudson [Tue, 8 Mar 2011 19:34:31 +0000 (19:34 +0000)]
SPNEGO's accept_sec_context and init_sec_context produce a null context
on error, so it needs to silently succeed when deleting a null context.
It was instead passing the null context along to the mechglue which
would produce an error, causing a leak of the mechglue's union context
wrapper. Reported by aberry@likewise.com.
Greg Hudson [Sat, 5 Mar 2011 13:51:00 +0000 (13:51 +0000)]
Remove the init_state and free_state enctype functions and go back to
always delegating state to the enc provider. (We needed enctype-
specific state initialization for CCM enctypes when we had them.)
Greg Hudson [Wed, 2 Mar 2011 05:29:29 +0000 (05:29 +0000)]
Consolidate almost all lib/crypto/krb headers into a single
crypto_int.h. In that header, define and document responsibilities
for crypto modules, some of which are satisfied through a
module-specific crypto_mod.h. In the OpenSSL and NSS modules, remove
many of the headers and sources providing functionality which isn't
needed by lib/crypto/krb any more (direct interfaces to MD4, MD5, and
SHA-1 hashing, as well as DES weak key testing). Change most
Makefile.ins to only include headers from lib/crypto/krb and
lib/crypto/$(CRYPTO_IMPL), instead of from many different directories.
Greg Hudson [Mon, 28 Feb 2011 23:57:56 +0000 (23:57 +0000)]
Simplify lib/crypto/krb/arcfour in the wake of r23444. Move the
contents of arcfour_aead.c into arcfour.c, turn the key derivation
helper functions into static functions, and eliminate arcfour-int.h.
Greg Hudson [Mon, 28 Feb 2011 20:56:02 +0000 (20:56 +0000)]
Use the hash provider interface in krb5int_arcfour_string_to_key so
that we don't need a direct interface to MD4 in the crypto modules.
Also clean up the code a bit.
Greg Hudson [Sun, 27 Feb 2011 19:08:14 +0000 (19:08 +0000)]
Reference random-to-key handlers through the enctype instead of the
enc_provider, for consistency with string-to-key and the place of
implementation (other enc_provider functions are implemented in the
back end, but random-to-key handlers are in krb). Use a single
handler for non-DES/DES3 enctypes since it's always just directly
copying the bits. Collapse the three implementations (des, des3, and
direct) into random_to_key.c, as they're very short, and eliminate the
lib/crypto/krb/rand2key directory.
Greg Hudson [Sun, 27 Feb 2011 02:35:04 +0000 (02:35 +0000)]
Make sure ulog_map() is invoked whenever we open the database in
kdb5_util. Fixes all of the master key rollover commands in the
presence of iprop. Reported by kacarstensen@csupomona.edu.
Greg Hudson [Fri, 25 Feb 2011 17:23:54 +0000 (17:23 +0000)]
Now that all PRNG modules fit nicely into a single source file,
simplify the PRNG abstraction, flattening the implementations into
crypto/krb and removing the indirection through function pointers.
Move the guts of the NSS PRNG implementation into the nss subdir so
that crypto/krb doesn't need to be built with CRYPTO_IMPL_CFLAGS.
Greg Hudson [Thu, 24 Feb 2011 09:58:45 +0000 (09:58 +0000)]
Fortuna as default PRNG
Rewrite prng_fortuna.c to much more closely match the description of
Fortuna in chapter 9 of Cryptography Engineering. Add a facility to
get OS entropy and implement it for Unix and Windows (not yet tested
on Windows) to replace prng/fortuna/entropy.c. Rewrite the test
harness to always ensure stable output and perform a statistical test
on the predictable internal state resulting from the stable-output
tests.
Greg Hudson [Fri, 18 Feb 2011 15:06:57 +0000 (15:06 +0000)]
Fix a conceptual bug in r24639: the intermediate key container length
should be the hash's output size, not its block size. (The bug did
not show up in testing because it is harmless in practice; MD5 has a
larger block size than output size.)
Greg Hudson [Wed, 16 Feb 2011 23:34:37 +0000 (23:34 +0000)]
Don't reject AP-REQs based on PACs
Experience has shown that it was a mistake to fail AP-REQ verification
based on failure to verify the signature of PAC authdata contained in
the ticket. We've had two rounds of interoperability issues with the
hmac-md5 checksum code, an interoperability issue OSX generating
unsigned PACs, and another problem where PACs are copied by older KDCs
from a cross-realm TGT into the service ticket. If a PAC signature
cannot be verified, just don't mark it as verified and continue on
with the AP exchange.
Greg Hudson [Wed, 16 Feb 2011 22:52:41 +0000 (22:52 +0000)]
hmac-md5 checksum doesn't work with DES keys
krb5int_hmacmd5_checksum calculates an intermediate key using an HMAC.
The container for this key should be allocated using the HMAC output
size (which is the hash blocksize), not the original key size. This
bug was causing the function to fail with DES keys, which can be used
with hmac-md5 in PAC signatures.
Greg Hudson [Sun, 13 Feb 2011 21:14:00 +0000 (21:14 +0000)]
Defer hostname lookups in krb5_sendto_kdc
Restructure the locate_kdc and sendto_kdc code to defer getaddrinfo
calls until we need the answer. This requires many changes:
* struct addrlist is now called struct serverlist, and is declared in
os-proto.h instead of k5-int.h. It contains an array of struct
server_entry structures which can hold either a name or an address.
(Address entries are used for locate_kdc module results.)
* The connection state list is now a linked list, and holds address
information directly instead of using a struct addrinfo (this
simplifies memory management). Each connection entry contains a
callback buffer (previously stored in a separate array) and an index
into the server list.
* The {addrstate} trace formatting primitive is no longer needed, and
has been replaced by {connstate}. There is also a new tracing event
for resolving hostnames.
* locate_server, locate_kdc, free_serverlist, and sendto get their
prefixes changed from krb5int_ to k5_ as their prototypes were being
adjusted anyway. The family argument is gone from the locate
functions as it was never productively used. k5_sendto now receives
the socket types of interest.
* krb5_sendto_kdc will now pass a 0 socktype to k5_locate_kdc if both
socket types are wanted. There were some allowances for this in
locate but this was never previously done. In order to be
conservative when invoking locate modules, we always pass an
explicit socktype, thus calling lookup twice (as we did before,
albeit with a separate init/fini cycle) in the common case. When
creating hostname entries in serverlist from profile configuration,
we preserve the 0 value of socktype, and later create both TCP and
UDP addresses from the getaddrinfo results when the host is
resolved.
* Some accessor functions previously used by libkrb4 have been removed
as they impinged upon this work.
Greg Hudson [Sun, 13 Feb 2011 19:12:36 +0000 (19:12 +0000)]
Trace logging file descriptor leak
File descriptors created for trace logging were never being closed.
With short-lived contexts this leak would eventually overflow the
process's file table. Correct this oversight by closing the file
descriptor in file_trace_cb before freeing its container.
Greg Hudson [Wed, 9 Feb 2011 04:46:46 +0000 (04:46 +0000)]
Assume ELF on FreeBSD if objformat doesn't exist
If /usr/bin/objformat doesn't exist on a FreeBSD system, it could
indicate a pre-3.0 a.out version or a post-7.0 ELF version. Since
FreeBSD 3.0 is now twelve years old, it's safer to assume ELF than
a.out.
Zhanna Tsitkov [Tue, 8 Feb 2011 21:25:21 +0000 (21:25 +0000)]
Set JAVADOC_AUTOBRIEF to YES to allow Doxygen interpret the first line of a JavaDoc-style comment as the brief description.
Also, minor argument name fix in krb5.hin
Greg Hudson [Mon, 7 Feb 2011 18:40:00 +0000 (18:40 +0000)]
Improve acceptor name flexibility
Be more flexible about the principal names we will accept for a given
GSS acceptor name. Also add support for a new libdefaults profile
variable ignore_acceptor_hostname, which causes the hostnames of
host-based service principals to be ignored when passed by server
applications as acceptor names.
Note that we still always invoke krb5_sname_to_principal() when
importing a gss-krb5 mechanism name, even though we won't always use
the result. This is an unfortunate waste of getaddrinfo/getnameinfo
queries in some situations, but the code surgery necessary to defer
it appears too risky at this time.
Greg Hudson [Tue, 1 Feb 2011 01:11:51 +0000 (01:11 +0000)]
kadmin's ktremove can remove wrong entries when removing kvno 0
Because of 8-bit wraparound, keytabs can contain entries with kvno 0.
Because 0 is a distinguished kvno value for krb5_kt_get_entry(),
kadmin's remove_principal() winds up substituting the specified kvno
with the highest-numbered kvno of the specified principal in the
keytab. Make sure not to perform this substitution when in
specified-kvno mode.
(This fix leaves behind a very minor bug where "ktrem principal 0"
returns silently, instead of producing an error message like it
normally would, if principal exists in the keytab but not at kvno 0.)
Greg Hudson [Tue, 25 Jan 2011 05:20:07 +0000 (05:20 +0000)]
Make principal renaming work in libkadm5srv by converting to explicit
salts as necessary. Add a principal rename command to the client.
(The RPC infrastructure was already present.)
Adapted from patches submitted by mdw@umich.edu and lha@apple.com.
Greg Hudson [Tue, 25 Jan 2011 00:23:48 +0000 (00:23 +0000)]
Make gss_krb5_set_allowable_enctypes work for the acceptor
With the addition of enctype negotiation in 1.7, a gss-krb5 acceptor
can choose an enctype for the acceptor subkey other than the one in
the keytab. If the resulting security context will be exported and
re-imported by another gss-krb5 implementation (such as one in the
kernel), the acceptor needs a way to restrict the set of negotiated
enctypes to those supported by the other implementation. We had that
functionality for the initiator already in the form of
gss_krb5_set_allowable_enctypes; this change makes it work for the
acceptor as well.
Zhanna Tsitkov [Tue, 11 Jan 2011 20:00:52 +0000 (20:00 +0000)]
Asn.1 decode related file rearrangement. It was made based on the following criteria:
1. based on functionality (for example, kdc-only code)
2. Well defined clusters of functions (fast, sam).
Greg Hudson [Mon, 10 Jan 2011 20:32:56 +0000 (20:32 +0000)]
Tighten up the error handling in the mechglue's gss_canonicalize_name,
eliminating a null pointer dereference in the (unlikely) case that
allocation of out_union fails. Reported by aberry@likewise.com.
Greg Hudson [Mon, 10 Jan 2011 18:25:36 +0000 (18:25 +0000)]
Fix a couple of cases in the SPNEGO implementation where a
half-constructed SPNEGO context could be leaked. Patch from
aberry@likewise.com, slightly amended.
Greg Hudson [Tue, 28 Dec 2010 18:27:17 +0000 (18:27 +0000)]
Don't attempt to serialize a NULL authdata context when serializing a
GSSAPI context (most often seen with initiator contexts). Patch from
aberry@likewise.com.
Greg Hudson [Tue, 14 Dec 2010 18:46:46 +0000 (18:46 +0000)]
Ensure time() is prototyped in g_accept_sec_context.c
r22736 added a call to time() in g_accept_sec_context.c. Include
<time.h> to ensure that this call is correctly prototyped. Previously
<time.h> was only included implicitly through <pthread.h>, which
doesn't apply when thread support is disabled.
Greg Hudson [Tue, 14 Dec 2010 17:28:38 +0000 (17:28 +0000)]
Fix a regression in the client-side ticket renewal code where KDC
options were not folded into the renewal request (most notably, the
KDC_OPT_RENEWABLE flag), so we didn't request renewable renewed
tickets. Add a simple test case for ticket renewal.
projects / thirdparty / krb5.git / log
