| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
There is at least one case (with flatpaks) where configuration files
in the special read-only /etc all have an mtime of 0. Using an
initial last modified time of 0 in g_initialize.c causes these files
to never be read.
Change the initial high value to the be the "invalid" value
(time_t)-1. Since the C and POSIX standards do not require time_t to
be signed, special-case the checks in load_if_changed() and
updateMechList() to treat all mod times as newer than -1.
[ghudson@mit.edu: edited commit message; slightly modified approach]
(cherry picked from commit 2b34a007461065e0cab4490dfe1ae5ddd10da67b)
ticket: 9060
version_fixed: 1.20
|
|
kpropd produces a client principal name with
krb5_sname_to_principal(), then converts it to a string to pass as the
client principal to kadm5_init_with_skey(). This conversion loses the
name type, so no canonicalization is performed by libkadm5.
Commit dcb79089276624d7ddf44e08d35bd6d7d7e557d2 addresses this problem
for kadmin -k by looking for the referral realm, but kpropd sets the
realm in the krb5_sname_to_principal() result. Add an additional
check for a two-component principal with kiprop as the first
component.
(cherry picked from commit cd61bdcd6339b10e6cf3feb9f6cb369213e8d7fc)
ticket: 9056
version_fixed: 1.20
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Commit d7b3018d338fc9c989c3fa17505870f23c3759a8 (ticket 7905) changed
change_set_password() to prefer TCP. However, because UDP_LAST falls
back to UDP after one second, we can still get a replay error due to a
dropped packet, before the TCP layer has a chance to retry.
Instead, try k5_sendto() with NO_UDP, and only fall back to UDP after
TCP fails completely without reaching a server. In sendto_kdc.c,
implement an ONLY_UDP transport strategy to allow the UDP fallback.
ticket: 9037
|
|
[ghudson@mit.edu: edited comments]
ticket: 9055 (new)
|
|
If the dump file size does not fit in 32 bits, encode four zero bytes
(forcing an error for unmodified kpropd) followed by the size in the
next 64 bits.
Add a functional test case, but only run it when an environment
variable is set, as processing a 4GB dump file is too
resource-intensive for make check.
[ghudson@mit.edu: edited comments and commit message; eliminated use
of defined constant in some cases; added test case]
ticket: 9053 (new)
|
|
Defining bool_t and enum_t with the preprocessor conflicts with
namespaced declarations in fbthrift's headers. Use typedefs to avoid
this conflict and for consistency with other Sun RPC implementations.
[ghudson@mit.edu: clarified commit message]
ticket: 9054 (new)
|
|
Try to make it clearer that princ is the requested client principal,
not a principal extracted from the certificate, and that the module
must decode the certificate and inspect its attributes. Document
KRB5_CERTAUTH_HWAUTH_PASS in certauth_plugin.h.
ticket: 9051 (new)
|
|
XCode for macOS provides lldb but not gdb. For convenience, make
k5test default to lldb if gdb is not found in the path.
|
|
|
|
The Github Actions windows-latest runner label now uses Windows Server
2022, which requires different setup steps for the Visual Studio
environment and does not contain CRT merge modules for VS 2022 (though
it does for VS 2017). For now, run the Windows build on windows-2019.
|
|
Commit ff57dc682a27bd205d715f3c0bed84890f2453c4 removed the use of
per-request module data in SPAKE, but neglected to remove the
corresponding free_modreq method.
ticket: 9049
|
|
It is undefined behavior to pass null to a printf function for a %.*s
substitution, even if the accompanying length is zero. OpenBSD
generates syslog warnings from libc when it sees a null pointer in a
string substitution (reported by Nathanael Rensen).
krb5_sname_to_principal() passes a null pointer in the usual case
where there is no port trailer. Address this case and others where we
use asprintf() with %.*s substitutions and might pass null, either by
avoiding the use of asprintf() or by ensuring that the pointer isn't
null.
ticket: 9047 (new)
|
|
In the kdcpreauth match_client() callback, if it is necessary to look
up the given principal in the KDB, pass KRB5_KDB_FLAG_CLIENT to
krb5_db_get_principal(). Samba requires this flag to properly handle
enterprise client principals.
ticket: 9048 (new)
|
|
If a kdcpreauth module fully replaces the reply key during an AS
request, pass the reply key as the replaced_reply_key input to
issue_pac(). In Windows environments this is used to provide an NTLM
hash to the LSA when the client cannot be presumed to have a password
to derive it from.
To test this, add a fake PAC_CREDENTIALS_INFO buffer to the PAC in the
test KDB module, and alter adata.c to display the set of PAC buffer
types when a PAC is present.
ticket: 9050 (new)
|
|
Provide an explicit way for kdcpreauth modules to replace the reply
key, and internally track when the reply key is fully replaced (as
opposed to strengthened by replacing it with a derivative of the
client long-term key). Use this facility in the FAST OTP, PKINIT, and
SPAKE kdcpreauth modules.
ticket: 9049 (new)
|
|
Add the global variables pkinit_enabled and pkinit_certs. Add the
realm flag pkinit=True. Add the realm method pkinit(). Use these
facilities in t_pkinit.py, t_certauth.py, and t_authdata.py.
|
|
|
|
Reduce code repetition in PAC checksum handling by adding a helper
function. Remove the unnecessary prefix on several function names.
|
|
Remove all of the AD-SIGNEDPATH code. Instead, issue a signed minimal
PAC in all tickets and require a valid PAC to be present in all
tickets presented for S4U operations. Remove the get_authdata_info()
and sign_authdata() DAL methods, and add an issue_pac() method to
allow the KDB to add or copy buffers to the PAC. Add a disable_pac
realm flag.
Microsoft revised the S4U2Proxy rules for forwardable tickets. All
S4U2Proxy operations require forwardable evidence tickets, but
S4U2Self should issue a forwardable ticket if the requesting service
has no ok-to-auth-as-delegate bit but also no constrained delegation
privileges for traditional S4U2Proxy. Implement these rules,
extending the check_allowed_to_delegate() DAL method so that the KDC
can ask if a principal has any delegation privileges.
Combine the KRB5_KDB_FLAG_ISSUE_PAC and
KRB5_FLAG_CLIENT_REFERRALS_ONLY flags into KRB5_KDB_FLAG_CLIENT.
Rename the KRB5_KDB_FLAG_CANONICALIZE flag to
KRB5_KDB_FLAG_REFERRAL_OK, and only pass it to get_principal() for
lookup operations that can use a realm referral.
For consistency with Active Directory, honor the no-auth-data-required
server principal flag for S4U2Proxy but not for S4U2Self. Previously
we did the reverse.
ticket: 9044 (new)
|
|
Add NDR marshalling functions for S4U_DELEGATION_INFO PAC buffers.
[ghudson@mit.edu: added safety checks; made minor style changes;
edited commit message]
|
|
Microsoft added a third PAC signature over the ticket to prevent
servers from setting the forwardable flag on evidence tickets. Add
new APIs to generate and verify ticket signatures, as well as defines
for this and other new PAC buffer types. Deprecate the old signing
functions as they cannot generate ticket signatures. Modify several
error returns to better match the protocol errors generated by Active
Directory.
[ghudson@mit.edu: adjusted contracts for KDC requirements; simplified
and commented code changes; wrote commit message. rharwood@redhat.com
also did some work on this commit.]
ticket: 9043 (new)
|
|
ticket: 9040
|
|
If the target server principal is a host-based service without
multiple dotted components and no default realm is configured,
krb5_cc_select() can fail, and therefore gss_init_sec_context().
Continue without filling in the realm in this case.
[ghudson@mit.edu: edited commit message and comment; slightly adjusted
flow control]
ticket: 9042 (new)
|
|
Recognize the Red Hat IdP preauth mechanism in trace messages, and add
a declaration for it in krb5.h.
[ghudson@mit.edu: edited comment and commit message]
ticket: 9041 (new)
|
|
The configuration logic for adding the `-search_paths_first` linker
flag on Darwin does not correctly handle cross compilation. It should
check the value of $krb5_cv_host rather than `uname -s` to detect when
the compilation target is Darwin, rather than the build machine.
It turns out `-search_paths_first` has been the default behavior of ld
on macOS since XCode 4. So just remove that bit of logic entirely.
(The flag was added in commit acd27af0e845f8b93de2e226cc2ec9ac8af52077
in 2004; XCode 4 was released in 2010.)
[ghudson@mit.edu: edited commit message]
|
|
Although MIT krb5 had been using the value 9 for unkeyed SHA-1 since
its 1.0 release in 1996, RFC 3961 instead assigned this value to
rsa-md5-des3 (likely never used), and assigned the values 10 and 14 to
SHA-1. Heimdal and Microsoft use the value 14. Unkeyed SHA-1 almost
never appears on the wire, but has been seen in PKINIT asChecksum
fields in replies from Windows KDCs (despite the field being specified
as a keyed checksum).
Define a new symbol CKSUMTYPE_SHA1 with the value 14, and use it where
we currently use CKSUMTYPE_NIST_SHA. Continue to allow the value 9
for ABI compatibility. Remove the pkinit_clnt.c workaround as the
value 14 will now work without adjustment.
ticket: 9040 (new)
|
|
Remove the unnecessary handling of negative inputs in
k5_time_to_seconds_since_1970() and k5_seconds_since_1970_to_time(),
and cast the krb5_timestamp input to uint32_t to properly handle
values after y2038.
ticket: 9039 (new)
|
|
Commit 7e8c41afc54db2ca75de5a1e2e440b034be8887b mistakenly left
two files. Fix them.
[ghudson@mit.edu: keep crypto_int.h include unconditional; wrote
commit message]
|
|
Commit 3b163eed1cf1f55dd4a7bc6d6fffc34f55695b00 mistakenly separated
the call to kdc_process_s4u2self_req() from its error check, causing
the KDC to ignore S4U2Self padata with bad checksums. Restore the
error check so that the KDC replies with an error as intended.
[ghudson@mit.edu: removed old error check later on in the code;
rewrote commit message]
ticket: 9038 (new)
|
|
Make krb5int_cmac_checksum() a crypto module interface. Move the
existing CMAC implementation from krb to builtin. Add an OpenSSL 3
implementation using EVP_MAC. Only implement Camellia CBC-MAC if
using the builtin CMAC implementation (it uses functions deprecated in
OpenSSL 3). Switch to using krb5int_camellia_encrypt() for
camellia-test.c since krb5int_camellia_cbc_mac() won't always be
available.
|
|
[ghudson@mit.edu: made the new SHA-1 and key decryption code work with
all suported OpenSSL versions with just one implementation; added
Diffie-Hellman changes]
|
|
Fixes deprecation warnings about AES_cbc_encrypt and friends.
|
|
OpenSSL 3 has deprecated the HMAC interface.
|
|
In OpenSSL's terminology, id-pkinit-kdf is an instance of SSKDF,
AES-SHA2 and Camellia use KBKDF, and the KDF for DES3 and AES-SHA1 has
been named KRB5KDF. Support for these KDFs was added in OpenSSL 3; we
already supported the existing PBKDF2.
[ghudson@mit.edu: reorganize into builtin and openssl versions of the
file; detect hash and encryption provider identity using pointer
equality like we do in the OpenSSL PBKDF implementation; add helpers
for this translation; simplify and better refactor the PKINIT code;
fix some latent pkinit_kdf_test.c bugs]
|
|
In kr_attrset_decode(), explicitly treat the length byte as unsigned.
Otherwise attributes longer than 125 characters will be rejected with
EBADMSG.
Add a 253-character-long NAS-Identifier attribute to the tests to make
sure that attributes with the maximal number of characters are working
as expected.
[ghudson@mit.edu: used uint8_t cast per current practices; edited
commit message]
ticket: 9036 (new)
|
|
[ghudson@mit.edu: use a list comprehension instead of map()]
|
|
libkrad client requests contain a list of references to remotes, with
no back-references or reference counts. To prevent accesses to
dangling references during cleanup, cancel all requests on all remotes
before freeing any remotes.
Remove the code for aging out unused servers. This code was fairly
safe as all requests referencing a remote should have completed or
timed out during an hour of disuse, but in the current design we have
no way to guarantee or check that. The set of addresses we send
RADIUS requests to will generally be small, so aging out servers is
unnecessary.
ticket: 9035 (new)
|
|
Commit 9a0575f84e988a23709429f7d4e626db833ab562 renamed this file to
pkinit_constants.c but neglected to remove it. Remove it now, and
also regenerate dependencies.
|
|
In pkinit_crypto_openssl.c, use EVP_PKEY objects and interfaces to
perform DH operations to the extent possible in OpenSSL 1.0 and 1.1.
Define helper functions for DH operations to make it easier to
conditionalize on OpenSSL version.
|
|
Shift responsibility for encoding and decoding SubjectPublicKeyInfo
from libkrb5 to the PKINIT ASN.1 module. OpenSSL 1.0 does not support
DHX (RFC 3279 section 3), so for that version use custom ASN.1
marshalling of the parameters and compose that into
SubjectPublicKeyInfo marshalling using X509_PUBKEY.
|
|
Rename pkinit_kdf_constants.c to pkinit_constants.c and add encodings
of the three well-known Oakley groups. Use them to greatly simplify
pkinit_create_td_dh_parameters() and eliminate make_oakley_dh().
Change the interface for decoding parameters to take a krb5_data
pointer for caller convenience.
|
|
If a certauth module returns KRB5_CERTAUTH_HWAUTH_PASS, the certauth
accumulator sets the hw-authent flag in the ticket (like it would for
KRB5_CERTAUTH_HWAUTH), but defers authorization to other modules (like
it would for KRB5_PLUGIN_NO_HANDLE).
[ghudson@mit.edu: simplify tests by removing the HWAUTH returns from
the test2 module and allowing it to pass by authenticating as nocert]
|
|
In OpenSSL 3.0, to use MD4 or RC4 one must load the "legacy" crypto
provider. To do this in libk5crypto, we would need to create and use
an OpenSSL library context to avoid interfering with other users of
the library. Tearing down this context at finalization time would be
further complicated by OpenSSL's use of atexit() for library
finalization, which causes its finalizer to be run earlier than
properly registered finalizers on Linux.
For simplicity, use the builtin implementations of MD4 and RC4 for
OpenSSL 3.0 and later. Also use the builtin DES key parity
implementation since OpenSSL 3.0 deprecates DES_set_odd_parity() with
no replacement.
ticket: 9034 (new)
|
