Sam Hartman [Fri, 6 Feb 2004 21:12:21 +0000 (21:12 +0000)]
Enable aes128-cts for client
Currently we support aes128-cts but do not enable it by default. It
looks like interoperability problems will be created by this decision.
So add aes128-cts to the default list of enctypes for client
configuration and for permitted_enctypes.
Jeffrey Altman [Fri, 6 Feb 2004 19:48:12 +0000 (19:48 +0000)]
2004-02-06 Jeffrey Altman <jaltman@mit.edu>
* Add new UI components to the gss.exe client
to support the use of GSS_C_SEQUENCE_FLAG or to
disable the use of either GSS_C_MUTUAL_FLAG or
GSS_C_REPLAY_FLAG
Jeffrey Altman [Fri, 6 Feb 2004 19:05:47 +0000 (19:05 +0000)]
2004-02-06 Jeffrey Altman <jaltman@mit.edu>
* Add new command line switches to the gss-client
to support the use of GSS_C_SEQUENCE_FLAG or to
disable the use of either GSS_C_MUTUAL_FLAG or
GSS_C_REPLAY_FLAG
Jeffrey Altman [Fri, 6 Feb 2004 07:00:51 +0000 (07:00 +0000)]
2004-02-05 Jeffrey Altman <jaltman@mit.edu>
* gssapiP_krb5.h: remove KG_IMPLFLAGS macro
* init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS
macro with previous macro definition
* accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS
macro with new definition. As per 1964 the INTEG and CONF flags
are supposed to indicate the availability of the services in
the client. By applying the previous definition of KG_IMPLFLAGS
the INTEG and CONF flags are always on. This can be a problem
because some clients such as Microsoft's Kerberos SSPI allow
CONF and INTEG to be used independently. By forcing the flags
on, we would end up with inconsist state with the client.
Jeffrey Altman [Wed, 4 Feb 2004 17:28:00 +0000 (17:28 +0000)]
Remove reference to the ntstatus.h header in cc_mslsa.c
This header is not present in the August 2001 Platform SDK which is
the current minimum SDK version.
Jeffrey Altman [Tue, 3 Feb 2004 00:50:43 +0000 (00:50 +0000)]
2004-02-02 Jeffrey Altman <jaltman@mit.edu>
* cc_msla.c:
GetMSCacheTicketFromCacheInfo() uses the tktinfo->TicketFlags as the
value to assign to TicketRequest->TicketFlags. This field is blindly
inserted into the kdc-options[0] field of the TGS_REQ. If there are
bits such as TRANSIT_POLICY_CHECKED in the TicketFlags, this will result
in an unknown TGS_OPTION being processed by the KDC.
This has been fixed by mapping the Ticket Flags to KDC options.
We only map Forwardable, Forwarded, Proxiable, and Renewable. The others
should not be used.
Jeffrey Altman [Mon, 2 Feb 2004 17:40:19 +0000 (17:40 +0000)]
* cc_mslsa.c: the MSLSA code was crashing on Pismere machines when
logging on with cross realm credentials. On these machines there are
8 tickets within the LSA cache from two different realms. One of the
krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but
a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe
processes. The attempt to access the ticket returns a SubStatus code
of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that
the logon attempt was invalid due to bad authentication information.
kerbtray has no problem listing this ticket. The other seven tickets
in the cache including the Initial Ticket are accessible. Modified
krb5_lcc_next_cred() to skip to the next ticket if an attempt to read
a single ticket fails.
Jeffrey Altman [Sun, 1 Feb 2004 05:40:48 +0000 (05:40 +0000)]
* Do not perform ticket importing if the initial TGT is not available
from the MSLSA krb5_ccache. This will be the case if the session key
enctype is NULL. (AllowTGTSessionKey regkey = 0)
Jeffrey Altman [Sat, 31 Jan 2004 09:29:13 +0000 (09:29 +0000)]
Do not export tickets from the LSA if they contain NULL session keys.
This is primarily to prevent unusable TGTs from being imported into the
MIT Credential Cache
Jeffrey Altman [Sat, 31 Jan 2004 01:40:58 +0000 (01:40 +0000)]
2004-01-30 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: As per extensive conversations with Doug Engert we have
concluded that MS is not specifying a complete set of domain information
when it comes to service tickets other than the initial TGT. What happens
is the client principal domain cannot be derived from the fields they
export. Code has now been added to obtain the domain from the initial
TGT and use that when constructing the client principals for all tickets.
This behavior can be turned off by setting a registry either on a per-user
or a system-wide basis:
Jeffrey Altman [Sat, 31 Jan 2004 00:00:51 +0000 (00:00 +0000)]
A near complete re-write of the gss sample client on windows. Supports the
current protocol implemented in the Unix gss sample applications as well as
a new User Interface making this one neat testing tool.
There are still many little kinks to get out in a future version. The sliders
for the Call Count and the Message Count do not have text strings indicating
their current value. They slide from 1 to 20. And the known Mechanism
strings should be accessible in the drop down list.
A documentation file on how to use the tool would be a good addition.
Jeffrey Altman [Fri, 30 Jan 2004 23:52:07 +0000 (23:52 +0000)]
Address issues discovered while testing updated Windows gss sample client.
A Missing parameter to a sign_server call in gss-server.c and the need for
a select() call in read_all() to prevent blocking indefinitely.
Jeffrey Altman [Tue, 6 Jan 2004 23:21:13 +0000 (23:21 +0000)]
Add stub function implementations to support krb5_cc_remove_cred() which
would cause a null pointer dereference if called. The new KRB5_CC_NOSUPP
error is returned to indicate the lack of implementation.
Sam Hartman [Mon, 5 Jan 2004 21:42:34 +0000 (21:42 +0000)]
Only backdate the ticket that is created. The KDC reply must contain
the time from the client's request or the client will fail its
clockskew check if the request is backdated too far.
Ken Raeburn [Mon, 5 Jan 2004 21:12:23 +0000 (21:12 +0000)]
* init_sec_context.c: Include auth_con.h if CFX_EXERCISE is defined.
(make_gss_checksum) [CFX_EXERCISE]: If the key enctype is aes256, insert some
stuff after the delegation slot.
(new_connection) [CFX_EXERCISE]: Don't send messages with bogus token ids.
* accept_sec_context.c (krb5_gss_accept_sec_context): Don't discard the
delegation flag; only look for a delegation if the flag is set, and only look
for delegation, not other options. Ignore any other data there.
Jeffrey Altman [Mon, 22 Dec 2003 18:24:41 +0000 (18:24 +0000)]
* dnssrv.c: wrap the entire module in #ifdef KRB5_DNS_LOOKUP to prevent
the dependency on the resolver library when DNS functionality is not
being compiled into the krb5 library.
Ken Raeburn [Sat, 20 Dec 2003 03:19:00 +0000 (03:19 +0000)]
* prompter.c (catch_signals, restore_signals): Take pointer to old signal
handler info as new argument.
(osiginfo): New typedef.
(setup_tty, restore_tty): Take pointer to old signal handler info and old
termios settings as new arguments.
(krb5_prompter_posix): Pass the extra arguments, addresses of new automatic
variables.
(osigint, saveparm): Variables deleted.
Ken Raeburn [Sat, 20 Dec 2003 02:46:49 +0000 (02:46 +0000)]
* sendto_kdc.c (default_debug_handler, put, putstr): Define only if DEBUG is
defined.
(DEBUG): Don't define.
(krb5int_sendtokdc_debug_handler): Initialize to null if DEBUG is not defined.
Ken Raeburn [Sat, 20 Dec 2003 02:26:17 +0000 (02:26 +0000)]
Replace the array of 8 mit_des_cblock object 'mit_des_zeroblock' defined
locally in multiple files with one defined in f_cbc.c; make it a single element
rather than an array.
Jeffrey Altman [Fri, 19 Dec 2003 05:29:32 +0000 (05:29 +0000)]
The new functions krb5int_c_mandatory_cksumtype, krb5_ser_pack_int64,
and krb5_ser_unpack_int64 are considered private. Therefore, in order
for them to be used from within gssapi they must be added to the
krb5int_accessor mechanism. This allows us to not publicize their
existence via exportation on Windows or MacOSX.
Jeffrey Altman [Fri, 19 Dec 2003 00:19:20 +0000 (00:19 +0000)]
* cc_retr.c: Extract the test to determine if a credential matches
a requested credential according to the specified fields into
a private function: krb5int_cc_creds_match_request()
* cc_mslsa.c: Extend the functionality of krb5_lcc_retrieve() to
perform a MS Kerberos LSA ticket request if there is no matching
credential in the cache. The MS Kerberos LSA places the following
restriction on what tickets it will place into the LSA cache:
tickets obtained by an application request for a specific
set of kerberos flags or enctype will not be cached.
Therefore, we first make a request with no flags or enctype in
the hope that we will be lucky and get the right ones anyway.
If not, we make the application's request and return that ticket
if it matches the other criteria.
Implemented a similar technique for krb5_lcc_store(). Since we
can not write to the cache, when a store request is made we
instead perform a ticket request through the lsa for a matching
credential. If we receive one, we return success. Otherwise,
we return the KRB5_CC_READONLY error.
With these changes I am now able to operate entirely with the MSLSA
ccache as the default cache provided the MS LSA credentials are
for the principal I wish to use. Obviously, one cannot change
principals while the MSLSA ccache is the default.
Ken Raeburn [Tue, 16 Dec 2003 19:21:49 +0000 (19:21 +0000)]
* conv_creds.c (krb5int_encode_v4tkt): Zero out unused parts of ticket. Use a
temorary in case krb5_int32 isn't "int".
(decode_v4tkt): Use a temorary in case krb5_int32 isn't "int".
Jeffrey Altman [Mon, 15 Dec 2003 17:54:40 +0000 (17:54 +0000)]
* win-mac.h: source code written to the C99 standard assumes there
are standard definitions for the MAX sizes of C types including
size_t. The MAX preprocessor variables are declared in limits.h
but limits.h is not included by any of the other header files.
We will therefore include it via win-mac.h. We must also add a
declaration of SIZE_MAX (for size_t) because Microsoft does not
provide one.
Jeffrey Altman [Mon, 15 Dec 2003 15:55:15 +0000 (15:55 +0000)]
* cc_msla.c: Enable purging of the MS Kerberos LSA cache when the TGT
has expired. This will force the LSA to get a new TGT instead of
returning the expired version.
Jeffrey Altman [Mon, 15 Dec 2003 13:58:10 +0000 (13:58 +0000)]
* when initiating an enumeration of the ccache contents perform
a fetch of the TGT. This will trigger an update request by
the MS LSA on Windows 2000 and XP which is perfectly willing
to allow TGTs to expire.
Ken Raeburn [Sat, 13 Dec 2003 18:16:57 +0000 (18:16 +0000)]
Gets a bit closer, still not working..
* ftpcmd.y (getline): Allow "AUTH" as an unprotected command.
* ftpd.c (login): Fix checks for accept_sec_context status. Only send back one
message in the CONTINUE_NEEDED case.
(with_gss_error_text): New function, split out from reply_gss_error.
(reply_gss_error): Call it.
(reply_gss_error_1): New function.
(log_gss_error, log_gss_error_1): New functions.
(login): Call log_gss_error instead of syslog on error from gss_display_name.
Ken Raeburn [Sat, 13 Dec 2003 07:32:01 +0000 (07:32 +0000)]
* default.exp (passes): Add an AES-only pass.
(start_kerberos_daemons): Check for error "No principal in keytab matches
desired name".
(dump_db): New proc, for debugging.
(spawn_xterm): Add GSSCLIENT to list of exported variables.
Ken Raeburn [Sat, 13 Dec 2003 07:07:23 +0000 (07:07 +0000)]
Add 64-bit sequence number support. Do sequence number ordering tests relative
to the initial value rather than absolute. Support tokens without pseudo-ASN.1
wrappers. Don't restrict enctype lists. Implement CFX token support.
With CFX_EXERCISE defined, use random padding, random rotates, and bogus
initial tokens, to exercise the associated code paths.
Ken Raeburn [Sat, 13 Dec 2003 06:28:35 +0000 (06:28 +0000)]
Add platform-dependent 64-bit and inline-function support via new header
k5-platform.h. Add 64-bit serializer support. [Not needed for ticket 1471,
but needed for 2040 and annoying to check in separately.]
Add to (internal for now) crypto API a function to get the mandatory checksum
type associated with an enctype.
New support for server-generated subkey, selected via an auth_context flag.
Tom Yu [Sat, 13 Dec 2003 01:20:56 +0000 (01:20 +0000)]
* Makefile.in: Move ##WIN32## constructs from inside
backslash-continued lists, as it was breaking them. Move explicit
dependency information from under automatic dependencies.
Jeffrey Altman [Fri, 12 Dec 2003 22:22:36 +0000 (22:22 +0000)]
* Added new krb5_ccache type "MSLSA" for Windows only.
This new ccache type provides an interface for the MIT krb5_cc api
functions to be used to access the contents of the MS Kerberos LSA
cache. The ccache type is read-only because the MS Kerberos LSA
does not allow third party applications to insert credentials into
the cache.
The primary motivation of this work was to encapsulate the complex
operations necessary to manipulate the MS Kerberos LSA. The code
was far from trivial and was often implemented incorrectly. Worse
still was the fact that each version of Windows since W2K modified
the use of the LSA API.
The code which was originally donated in the form of ms2mit.c had
many memory and handle leaks which were acceptable for a one time
application such as ms2mit.c. Unfortunately, this code has started
to appear in many other applications: KfW's Leash, the AFS Wake
systray tool, and others.
By using the new MSLSA ccache the implementation of ms2mit.c went
from 890 lines to 50 lines of code and comments. All that is necessary
is for the MSLSA ccache to be resolved and for its contents to be
copied with krb5_cc_copy_creds to the default ccache.
The MSLSA ccache implements all of the functions of a ccache except
those which would be used to store data into the ccache. When a
write attempt is performed the new error KRB5_CC_READONLY is returned.
The residual portion of the MSLSA ccache name is current ignored
but preserved. If you ask for ccache "MSLSA:myname" you will be
given access to the LSA cache for the current Logon Session. If
you later ask for the name of the ccache you will be returned the
same name. In the future, the residual might be used to provide
information necessary to identify a specific logon session whose
cache it is desired to access. If this is ever done, the applications
which use it will have to possess the SeTcbPrivilege privilege.
Using KfW's Leash it is now possible to set the Krb5 credential
cache to "MSLSA:" and use it to monitor the contents of the
MS Kerberos LSA cache.
As part of adding this functionality, krb5_32.dll is not linked
against the "secur32.lib" library as the Lsa security sdk routines
are stored in the SECUR32.DLL file.
Added kg_sync_ccache_name(), kg_get_ccache_name, and kg_set_ccache_name() and rewrote gss_krb5_ccache_name() and added a call to kg_sync_ccache_name() to acquire_init_cred() to fix a bug where on systems with multiple ccaches that GSSAPI gets stuck on the ccache that was default when it launched
Jeffrey Altman [Mon, 8 Dec 2003 20:17:00 +0000 (20:17 +0000)]
Add support for conditional inclusion of flags when building as part of
KfW. The only flag defined at this time is USE_LEASH which is defined
to allow GSSAPI32.DLL to enable the use of Leash Kinit dialogs when
there are no tickets
Tom Yu [Sat, 6 Dec 2003 00:39:23 +0000 (00:39 +0000)]
work around Solaris 9 pty-close bug
Create a LD_PRELOAD object, exitsleep, that will sleep for a short
time prior to calling the real exit() function. This attempts to work
around a Solaris 9 kernel bug where output will get lost if it is
written to a pty immediately prior to the pty close.
Jeffrey Altman [Mon, 27 Oct 2003 19:59:22 +0000 (19:59 +0000)]
* sendto_kdc.c: Sockets must be closed with closesocket() instead
of close() for proper socket deallocation on systems which do
not use file descriptors for sockets. i.e., Windows.
projects / thirdparty / krb5.git / log
