Verify integrity flag on server-side GSS-API context

After gss_accept_sec_context() completes, verify that the INTEG flag
is set in ret_flags.  Without integrity protection, GSS-TSIG message
authentication cannot function correctly.

The server side was previously passing NULL for ret_flags, meaning it
never verified the negotiated security properties.  The client side
was fixed in the previous commit; this fixes the server side.

diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c
index ea86c4b43bbecd31223b4ea6eff40b24ea85663b..8f4c1c56c92d1ae5ce89dd272eab5d5f4ddda749 100644 (file)
--- a/lib/dns/gssapictx.c
+++ b/lib/dns/gssapictx.c
@@ -442,15 +442,30 @@ dst_gssapi_acceptctx(const char *gssapi_keytab, isc_region_t *intoken,
 #endif
        }
 
+       OM_uint32 ret_flags = 0;
+
        gret = gss_accept_sec_context(&minor, &context, GSS_C_NO_CREDENTIAL,
                                      &gintoken, GSS_C_NO_CHANNEL_BINDINGS,
-                                     &gname, NULL, &gouttoken, NULL, NULL,
-                                     NULL);
+                                     &gname, NULL, &gouttoken, &ret_flags,
+                                     NULL, NULL);
 
        result = ISC_R_FAILURE;
 
        switch (gret) {
        case GSS_S_COMPLETE:
+               /*
+                * RFC 2743 Section 1.2.2: verify that the negotiated
+                * context provides integrity protection.
+                */
+               if ((ret_flags & GSS_C_INTEG_FLAG) == 0) {
+                       gss_log(3,
+                               "GSS-API context lacks required INTEG "
+                               "flag (ret_flags=0x%x)",
+                               (unsigned int)ret_flags);
+                       (void)gss_delete_sec_context(&minor, &context, NULL);
+                       result = DNS_R_INVALIDTKEY;
+                       goto cleanup;
+               }
                break;
        /*
         * RFC 3645 4.1.3: we don't handle GSS_S_CONTINUE_NEEDED