28 Commits

Author SHA1 Message Date
Joseph Sutton
b90b219ab8 krb5: CVE-2022-42898 PAC parse integer overflows
Catch overflows that result from adding PAC_INFO_BUFFER_SIZE.

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203

Heavily edited by committer Nico Williams <nico@twosigma.com>, original by
Joseph Sutton <josephsutton@catalyst.net.nz>.

Signed-off-by: Nico Williams <nico@twosigma.com>
2022-11-15 17:51:45 -06:00
Luke Howard
f7964251ff kdc: support for PAC_ATTRIBUTES_INFO
Add PAC_ATTRIBUTES_INFO to the PAC. This info buffer indicates whether the user
explicitly requested a PAC be present or absent.

Note: this changes the windc plugin ABI.
2021-12-22 10:36:26 +11:00
Luke Howard
0ab3b7b2dd krb5: support for canonical name in PAC
If the UPN_DNS_INFO buffer in the Windows PAC contains a canonical principal
name, use it in lieu of the ticket client name to determine the GSS-API
initiator name.
2021-12-22 10:36:26 +11:00
Joseph Sutton
814e58fda8 heimdal: Make _krb5_pac_get_kdc_checksum_info() into a global function
This lets us call it from Samba.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

[abartlet@samba.org Similar to Samba commit 3bdce12789af1e7a7aba56691f184625a432410d
 but also fixed for caller in Heimdal windc plugin tests]
2021-12-14 13:44:01 +11:00
Luke Howard
2acc4508d9 krb5: fix test_pac format string
Don't pass a potentially (although in reality, not) untrusted string to
krb5_err(); cleanup error handling.
2021-09-19 14:01:51 +10:00
Isaac Boukris
6c339fd5a5 krb5: add pac ticket-signature unit tests 2021-09-19 13:25:34 +10:00
Isaac Boukris
2ffaba9401 kdc: sign ticket using Windows PAC
Split Windows PAC signing and verification logic, as the signing has to be when
the ticket is ready.

Create sign and verify the PAC KDC signature if the plugin did not, allowing
for S4U2Proxy to work, instead of KRB5SignedPath.

Use the header key to verify PAC server signature, as the same key used to
encrypt/decrypt the ticket should be used for PAC server signature, like U2U
tickets are signed witht the tgt session-key and not with the longterm key,
and so krbtgt should be no different and the header key should be used.

Lookup the delegated client in DB instead of passing the delegator DB entry.

Add PAC ticket-signatures and related functions.

Note: due to the change from KRB5SignedPath to PAC, S4U2Proxy requests
against new KDC will not work if the evidence ticket was acquired from
an old KDC, and vide versa.

Closes: 
2021-09-19 13:25:27 +10:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
55c4979df2 Now pac from christian passes since we make hmac checksums always use the raw key 2010-11-06 20:23:49 +01:00
Love Hornquist Astrand
76cf97e2b0 free pac after reading it 2009-09-21 09:59:38 -07:00
Love Hornquist Astrand
f5a7b42db6 Don't parse realm for names, makes test pass for hosts w/o default realm 2009-09-19 13:43:58 -07:00
Love Hörnquist Åstrand
47ebb62930 Release p2, valgrind output from Andrew Bartlett
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25280 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-06-08 21:57:45 +00:00
Love Hörnquist Åstrand
942a821fab remove RCSID
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25171 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-05-04 06:17:40 +00:00
Love Hörnquist Åstrand
953cf8b43e make new pac test fail
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24061 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-12-11 04:51:08 +00:00
Love Hörnquist Åstrand
ccfd154900 test pac from christian
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24038 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-11-12 04:20:24 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
743ccd85cf make work with cpp again, reported by Hai Zaar
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21934 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-08-27 14:21:04 +00:00
Love Hörnquist Åstrand
e73b363f90 plug memory leaks.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20844 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-03 14:31:01 +00:00
Love Hörnquist Åstrand
390ccdaa8a Use more interesting data to cause more errors.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19845 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-11 10:42:54 +00:00
Love Hörnquist Åstrand
191c1f4ffa move around to code test on real PAC.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19784 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-09 11:25:09 +00:00
Love Hörnquist Åstrand
fe73261177 Test more PAC (note that the values used in this test is wrong, they
have to be fixed when the pac code is fixed).


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19782 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-09 11:09:13 +00:00
Love Hörnquist Åstrand
4e6e594fc6 export some more pac functions.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19670 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-04 11:00:52 +00:00
Love Hörnquist Åstrand
150c794a7c add comments, fix pac_get_types test
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19621 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-02 12:49:11 +00:00
Love Hörnquist Åstrand
a253f3b44c test krb5_pac_get_types
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19620 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-02 12:43:11 +00:00
Love Hörnquist Åstrand
c8c330e163 test Add/remove pac buffer functions.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19618 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-01-02 12:19:35 +00:00
Love Hörnquist Åstrand
cffffb6192 Test signing.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18993 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-11-12 08:38:10 +00:00
Love Hörnquist Åstrand
7eaec81548 PAC testing.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18989 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-11-10 07:47:04 +00:00