Age | Commit message (Collapse) | Author | Files | Lines |
|
After gss_init_sec_context() or gss_accept_sec_context() has created a
context, don't delete the mechglue context on failures from subsequent
calls, even if the mechanism deletes the mech-specific context (which
is allowed by RFC 2744 but not preferred). Check for union contexts
with no mechanism context in each GSS function which accepts a
gss_ctx_id_t.
CVE-2017-11462:
RFC 2744 permits a GSS-API implementation to delete an existing
security context on a second or subsequent call to
gss_init_sec_context() or gss_accept_sec_context() if the call results
in an error. This API behavior has been found to be dangerous,
leading to the possibility of memory errors in some callers. For
safety, GSS-API implementations should instead preserve existing
security contexts on error until the caller deletes them.
All versions of MIT krb5 prior to this change may delete acceptor
contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through
1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on
error.
(cherry picked from commit 56f7b1bc95a2a3eeb420e069e7655fb181ade5cf)
ticket: 8598
version_fixed: 1.14.6
|
|
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
|
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
|
|
This patch creates a mapping in the mechglue/spnego code to modify
mechanism status codes when passing them back to the application, so
that mechglue's display_status dispatcher can determine the correct
mechanism to dispatch to.
This is part of the "get enhanced error messages from gssapi
applications" project; ticket 5590 has updates to the Kerberos 5
mechanism to extract enhanced error messages (when there are any) from
the Kerberos library.
util/gen.pl, util/t_*.pm: New code generation script and templates.
lib/gssapi/generic: Add a new, global mapping that enumerates the
{mechOID,status} pairs as they're seen, allowing a magic mechOID value
to indicate com_err error codes from mechglue and spnego, and
reserving status code 0 for unknown errors. Preload the Kerberos
"wrong principal" error code once for each mechanism OID used for
Kerberos, so the entries get fixed positions (1-3) in the table.
lib/gssapi/gss_libinit.c: Call the initializer and destructor
functions.
lib/gssapi/mechglue, lib/gssapi/spnego: Enter all mechanism-generated
or locally-generated status codes into the mapping table, and return
the table index to the application. Do the reverse in display_status,
to get the messages from the mechanism..
lib/rpc: Define new function gssrpcint_printf to use for debugging
instead of printf, to redirect output away from dejagnu; add a couple
more debugging calls. Check for minor status codes 1-3 now instead of
KRB5KRB_AP_WRONG_PRINC.
tests/dejagnu/krb-standalone/gssftp.exp: Test getting more detailed
error messages back, by having the ftp client attempt to authenticate
to a non-existent service, and examining the error message for the
service principal name.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19831 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Fix mechglue argument checks so that output pointers are always
initialized regardless of whether the other arguments fail to validate
for some reason. This avoids freeing of uninitialized pointers.
Initialize the gss_buffer_descs in ovsec_kadmd.c.
ticket: new
target_version: 1.6
tags: pullup
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19043 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* src/lib/gssapi/mechglue/g_unseal.c (gss_unwrap): Make match
prototype.
ticket: new
tags: pullup
target_version: 1.5
version_reported: 1.5
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18310 dc483132-0cff-0310-8789-dd5450dbe970
|
|
mechglue and SPNEGO implementations. Additional changes outside of
src/lib/gssapi:
* src/configure.in: Add lib/gssapi/mechglue and lib/gssapi/spnego
to list of directories to output Makefile in.
* src/lib/rpc/unit-test/rpc_test.0/expire.exp (expired): Update
regexp for mechglue.
* src/tests/dejagnu/krb-standalone/v4gssftp.exp (v4ftp_test):
Update "Miscellaneous failure" regexp for mechglue.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18131 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9788 dc483132-0cff-0310-8789-dd5450dbe970
|
|
gssapi/gssapi.h. On a Macintosh, #include gssapi.h instead of
gssapi/gssapi.h.
g_accept_sec_context.c, g_acquire_cred.c, g_compare_name.c,
g_context_time.c, g_delete_sec_context.c, g_dsp_name.c,
g_dsp_status.c, g_exp_sec_context.c, g_glue.c, g_imp_name.c,
g_imp_sec_context.c, g_indicate_mechs.c, g_init_sec_context.c,
g_initialize.c, g_inq_context.c, g_inq_cred.c, g_inq_names.c,
g_process_context.c, g_rel_buffer.c, g_rel_cred.c, g_rel_name.c,
g_rel_oid_set.c, g_seal.c, g_sign.c, g_unseal.c, g_verify.c,
gssd_pname_to_uid.c, mechglue.h, mglueP.h: Comment out #ident line.
This causes the Macintosh C compiler indigestion.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7685 dc483132-0cff-0310-8789-dd5450dbe970
|
|
g_inquire_cred.c (gss_inquire_cred_by_mech): New GSSAPI V2 function.
g_init_sec_context.c (gss_init_sec_context): Make sure we convert the
union credential into a mechanism specific credential.
g_glue.c (__gss_get_mechanism_cred): New function for returning the
mechanism-specific credential from a union credential.
g_inquire_names.c (gss_inquire_names_for_mech):
g_oid_ops.c (gss_str_to_oid, gss_oid_to_str, ss_test_oid_set_member,
gss_add_oid_set_member, gss_create_empty_oid_set, gss_release_oid):
g_imp_sec_context.c (gss_import_sec_context):
g_exp_sec_context.c (gss_export_sec_context):
g_inquire_cred.c (gss_inquire_cred):
g_rel_oid_set.c (gss_release_oid_set):
g_rel_buffer.c (gss_release_buffer):
g_rel_name.c (gss_release_name):
g_imp_name.c (gss_import_name):
g_dsp_name.c (gss_display_name):
g_compare_name.c (gss_compare_name):
g_indicate_mechs.c (gss_indicate_mechs):
g_dsp_status.c (gss_display_status):
g_unseal.c (gss_unseal, gss_unwrap):
g_seal.c (gss_seal, gss_wrap):
g_verify.c (gss_verify, gss_verify_mic):
g_sign.c (gss_sign, gss_get_mic):
g_context_time.c (gss_context_time):
g_delete_sec_context.c (gss_delete_sec_context):
g_process_context.c (gss_process_context):
g_accept_sec_context.c (gss_accept_sec_context):
g_init_sec_context.c (gss_init_sec_context):
g_rel_cred.c (gss_release_cred):
g_acquire_cred.c (gss_acquire_cred): Added INTERFACE keyword for Windows.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7536 dc483132-0cff-0310-8789-dd5450dbe970
|
|
This snapshot features a BSD-style copyright notice from Sun. It also
includes the code to parse a configuration file and then dlopen the
proper shared library. Miscellaneous cleanup in the mechglue directory.
Namespace uglieness (like get_mechanism) have been cleaned up, to use
things like __gss_get_mechanism instead.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7442 dc483132-0cff-0310-8789-dd5450dbe970
|
|
GSSAPI V2 functions to mechglueP.h (now mglueP.h)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7114 dc483132-0cff-0310-8789-dd5450dbe970
|