Commit Graph

5369 Commits

Author SHA1 Message Date
Chris Lamb
2f3f88e53a Correct "allignment" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

(cherry-picked from Samba commit 8fcc49ecd44e69d7f9ada212c63896e0dcf488a4)
2018-09-10 14:42:18 -04:00
Andrew Bartlett
d99b8acd1c do not dereference NULL pointer modules if we do not have dlopen
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2018-09-10 14:40:51 -04:00
Gary Lockyer
1c8cae58cc heimdal: Use #ifdef HAVE_DLOPEN around functions and variables used by HAVE_DLOPEN
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2018-09-10 14:40:51 -04:00
Jeffrey Altman
1d4ebc0df7 lib/krb5: restore krb5_context_data field ordering to match 7.x
The struct krb5_context_data field can be passed to plugins
which might not be aware of the new structure layout.  To
reduce the risk of data corruption, fields must never be
removed, modified or reordered.  Old unused fields are marked
deprecated and new fields are appended to the end of the structure.

This change moves two fields that were added to master which
are not present in Heimdal 7.x:

fe43be8558 added config_include_depth.

5b39bd7c1d added no_ticket_store.

Change-Id: I28b157e128732324972c99b246a93a828bc077c1
2018-06-08 12:00:38 -04:00
Simon Wilkinson
3046fb914e krb5/crypto: Fix compiler error in new iovec CTS code
Some versions of gcc can't follow the logic in the encryption path
of the _krb5_evp_encrypt_iov_cts code, and believe that it is
possible for the lastpos structure to be used uninitialised.

This isn't actually possible. On entry to the loop, remaining is
guaranteed to be both greater than, and a multiple of blocksize.
In order to exit the loop, remaining must be set to 0. If
cursor.current.length >= remaining, then we set remaining to 0 and
also set lastpos. Otherwise, we calculate the number of whole blocks
in the current iovec, which must be less than remaining, and subtract
that from remaining. Remaining must still be a multiple of and greater
than or equal to blocksize. If remaining == blocksize, we set lastpos,
and set remaining to 0. Otherwise we consume a single block, and go
around again. All of the paths which may set remaining to 0 also
set lastpos, so lastpos must be populated when the loop terminates.

Coverity has a similiar misconception, albeit with ivec2, which is
mistaken for the same reasons.
2018-05-28 08:37:22 -04:00
Simon Wilkinson
f0bc313cef krb5/crypto: Fix a couple of places where return codes weren't
The recent iovec changes introduced a couple of places where return
codes were being incorrectly discarded. Fix them so errors get back
to callers.
2018-05-25 23:46:09 -04:00
Simon Wilkinson
8e301d44b1 krb5: Use iovecs for krb5_decrypt_iov_ivec
When we have an underlying iovec encryption function, use iovecs for
checksum-then-encrypt alogrithms in decrypt_iov_ivec, rather than
coalescing iovecs into a single memory buffer.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
a1c8f029b7 krb5: Add a verify mode for the HMAC_SHA1 checksum
Add a verify operation for this checksum. If a verify operation isn't
defined, then the verify_checksum code has to dynamically allocate and
free a block of memory for the computed checksum, which can be a
significant overhead when performing bulk data encryption.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
c611a23d77 krb5: Add EVP iovec encryption routines
Add iovec routines for both padded CBC, and CTS EVP based encryption.

These routines go to great lengths to minimise the number of times
we call EVP_Cipher. With some EVP implementations (such as OpenSSL's
AES-NI) there is a significant entrance and exit overhead from this
routine, due to the use of SIMD vectors for the ivec.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
57f7373583 krb5: Add an optional encrypt_iov function to encryption types
Add a encrypt_iov function pointer to all of our encryption types
which can be used to implement an iovec based encryption routine.

Modify krb5_encrypt_iov so that it calls the iovec based routine
if it is available.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
62a8fc89bc krb5: Use iovec checksum in krb5_encrypt_iov_ivec
Use the iovec checksum routines in krb5_encrypt_iov_ivec. This
still marshalls all of the iovecs together to perform the encryption
operation, but this change halves the amount of time spent on
data marshalling in this function.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
c45c0d3c66 krb5: Actually 0 padding
When we decide we need to zero the padding iovec, do so with 0, not
with the length that we've determined.

This had no effect because we zero the padding properly later, but it
should be fixed, so that things still work when the later memset() goes
away.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
550067f6d0 krb5: Expand list of vector types that are hashed
So that we can eventually use iovec hashes with encrypt, as well
as sign operations, add CRYPTO_TYPE_HEADER and CRYPTO_TYPE_PADDING
to the list of iovecs which will be hashed.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
b9b8e76376 krb5: Stash the HMAC context in the krb5_crypto object
Store the EVP HMAC context in the krb5_crypto object so that we
don't have to allocate it for every hashing operating we perform.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
e50faea7f0 krb5: Store a digest context in the crypto structure
Creating and destroying an EVP_CTX_MD structure with every hash
operation is very expensive. Speed things up by caching one within
the krb5_crypto structure. krb5_crypto can already only be safely
used by one thread at a time - adding a message digest context here
shouldn't introduce any further threading risks.

Users of the stashed context must be careful to ensure that they
call no other hash functions whilst they are in the middle of using
the context.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
fa1e998b53 krb5: Implement krb5_verify_checksum_iov with iovecs
Instead of flattening the iovecs passed into
krb5_verify_checksum_iov, create a new internal verify_checksum_iov
function which passes iovecs down onto the individual ->verify or
->checksum functions.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
152a23f2ce krb5: Reorder checks in _key_schedule
_krb5_find_enctype is a moderately expensive operation, as it
does a linear search of the enctype lists. Avoid calling it
in _key_schedule when we already have a key schedule in place.

This change makes the most common check the first in the function.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
aedc1fd4bd krb5: Use iovecs throughout krb5_create_checksum_iov
Rather than flattening the iovecs supplied to
krb5_create_checksum_iov into a malloc()'d memory block, refactor
the function so that they can be passed straight through to the
backend hash functions.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
c2271cfbfb krb5: Use EVP HMAC() function for HMAC-SHA1
Use the EVP HMAC() function that we use for SHA2 HMACs for SHA1 as
well.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
9a66752926 test_rfc3961: Add performance tests for HMAC-SHA1
Add a selection of performance tests for HMAC-SHA1 to the
RFC3961 library tests.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
8f947638c7 krb5: Use iovecs internally for checksum verification
When verifying checksums, pass iovecs through to the individual
verify routines.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
ca756f0f7f krb5: Use iovecs for internal checksum handling
Modify the signature of the checksum operation in the
krb5_checksum_type structure so that it processes iovecs rather than
solid blocks of data.

Update all of the implementations of these functions for all of the
checksum types that we support so that they process iovecs, either
by iterating through the iovec in each function, or by calling
_krb5_evp_digest_iov or _krb5_evp_hmac_iov()

Update callers of these functions so that they turn their single blocks
of data into a single iovec of the correct type before calling checksum
2018-05-23 09:54:27 -04:00
Simon Wilkinson
3484f092e5 krb5: Add _krb5_evp_hmac_iov
Add a function which will perform an HMAC over a set of iovecs,
using the hcrypto provided HMAC functions.

Join contiguous iovecs together before passing them to the hash
function so we make as few calls into the hash as possible.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
cb632bfdeb krb5: Add _krb5_evp_digest_iov
Add a function which can apply an EVP message digest algorithm over
a set of iovecs to produce a signature.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
eb5eae59a4 krb5: Add _krb5_crypto_iov_should_sign helper function
Add a helper function which contains the knowledge about whether
a particular portion of a krb5_crypto_iovec should be signed or not.
2018-05-23 09:54:27 -04:00
Simon Wilkinson
ae62cc2341 test_rfc3961: Add HMAC tests
Add some HMAC-SHA1 tests using the test vectors in RFC2202
2018-05-23 09:54:27 -04:00
Luke Howard
73fde33757 KCM: restore support for Solaris doors IPC mechanism (#379)
This patch restores support for the Solaris doors IPC mechanism, removed
from KCM when lib/ipc was added.
2018-05-13 15:31:13 +10:00
Matt Selsky
37979747bc Fix subject verb agreement in error message...
for krb5_ticket_get_authorization_data_type()

And remove FIXME in translation files.

Fix heimdal#361
2018-03-09 17:04:29 -05:00
Daria Phoebe Brashear
0f5486eafc krb5: don't include plist support unless CoreFoundation is present
depending what's available when you compile for iOS it's possible to
be __APPLE__ and not have CF; actually test for it instead of blythely
assuming it can be used
2017-10-30 18:41:22 -04:00
Volker Lendecke
42fe2c2d85 lib/krb5: Harden _krb5_derive_key()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from Samba commit afd8c389c92e38aa59a55127b2594023561b2ddd)
2017-10-11 12:51:56 -05:00
Volker Lendecke
85b9992d9a lib/krb5: Harden ARCFOUR_sub{en,de}crypt()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from Samba commit c15464f886f9734982123d38594073601d49f151)
2017-10-11 12:51:56 -05:00
Stefan Metzmacher
6fa09c001f lib/krb5: use krb5_verify_checksum() in krb5_c_verify_checksum()
This allows the optimized checksum->verify() function to be used.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from Samba commit fb318ab0203297019c5e47c6bef4a9abfdeea8a5)
2017-10-11 12:51:56 -05:00
Stefan Metzmacher
641105bfbd lib/krb5: move checksum vs. enctype checks into get_checksum_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from Samba commit 05cc099499ef3a07d140981ef82937c842a3ffef)
2017-10-11 12:51:56 -05:00
Nicolas Williams
b2f6ba0fff Revert "lib: Fix printing a short into portstr"
This reverts commit ccb63bb0aa, which was
unnecessary and broke tests/kdc/check-kadmin (and other things).

host->port happens to be an unsigned short, so that promotion to an integer in
the snprintf() call is safe in that the promoted value will still be
non-negative, and no larger than an unsigned short's maximum value.  We're
still assuming that 7 bytes is sufficient to hold the text representation of
that maximum value, which indeed it is, assuming sizeof(unsigned short) == 2
and CHAR_BIT == 8, which are fair assumptions here.  A better patch, if we
needed it, would be to just make portstr[] an array of 11 char, or perhaps make
it a VLA (but we can't yet use VLAs, I don't think, because of older Windows
systems that must be supported still).
2017-10-05 10:43:42 -05:00
Russ Allbery
7b15a833a3 Set default principal for password change to credential client
The default client principal for krb5_set_password, if the
principal argument were NULL, was krb5_get_default_principal.  But
krb5_set_password requires credentials for the password change service
be passed in, and those credentials are already associated with a
client principal that's much more likely to be the correct choice for
a default.  Use that principal instead of krb5_get_default_principal.
2017-09-25 18:17:01 -05:00
Andreas Schneider
ccb63bb0aa lib: Fix printing a short into portstr
The size of portstr is too small to print an integer and we should print
a short anyway.

This fixes building with GCC 7.1
2017-09-25 18:16:18 -05:00
Viktor Dukhovni
766e6cda8a Avoid potential memory leak in krb5_sendto_set_hostname
If the hostname was already set, a typo in a test meant we were not
freeing it.  While we're at it, handle the unlikely possibility that
the existing pointer is passed as the new value.
2017-08-23 15:10:38 -05:00
Jeffrey Altman
6dd3eb836b CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'.  Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.

Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.

Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
2017-07-10 16:51:25 -04:00
Nicolas Williams
122cdc578e Fix some krb5_storage_write() usages 2017-05-26 23:24:30 -04:00
Nicolas Williams
2c542ce8b1 Better corrupt keytab recovery? 2017-05-26 23:24:30 -04:00
Nicolas Williams
a7e585c85e Fix storage usage in lib/krb5/keytab_file.c 2017-05-26 23:24:30 -04:00
Nicolas Williams
48c137f355 Use stdio for keytab operations
Unlike the ccache, we can't lock less because of the way in which keytab
entries are removed: by negating their length.  Also unlike ccaches, we
hold locks across the entirety of keytab iteration.
2017-05-26 23:24:30 -04:00
Nicolas Williams
322b166c37 Use stdio, lock less to make FILE ccache faster
Use stdio.  Don't lock to read -- we only ever rename new ccaches into
place, or overwrite endtimes to delete entries, or overwrite part of the
realm name of cc config entries.

Dropping locks around ccache iterator stepping strongly implied that we
don't expect truncation, that we only expect appends (and the
overwriting done to delete entries).

Don't unlock -- let close(2) do it, thus making fewer system calls.
2017-05-26 23:24:30 -04:00
Nicolas Williams
c01c48e0f4 Add stdio-based krb5_storage 2017-05-26 23:24:30 -04:00
Nicolas Williams
3fb30ff0a6 Fix fd_store() return value for short writes 2017-05-26 23:24:30 -04:00
Nicolas Williams
e17cbff0ae Fix fd_fetch() return value for short reads 2017-05-26 23:24:30 -04:00
Viktor Dukhovni
5b39bd7c1d New KRB5_NO_TICKET_STORE env var 2017-05-26 10:53:37 -05:00
Roland C. Dowdeswell
e65db603bf Issue 282: fix tolower_ascii in lib/krb5/principal.c. 2017-05-16 11:51:33 -05:00
Jeffrey Altman
6f3ab01c75 check return copy_Realm, copy_PrincipalName, copy_EncryptionKey
The ASN.1 functions copy_Realm(), copy_PrincipalName() and
copy_EncryptionKey() can fail.  Check the return and perform error
handling as appropriate.

Change-Id: I2b3629d19db96eb41d1cd554cef1dca99745e753
2017-04-29 15:24:42 -04:00
Jeffrey Altman
029d32580a fix calls to memset_s
In random_password() and DES3_string_to_key(), do not call
memset_s() with the sizeof a pointer.

Change-Id: I7dd49b9f717e1cb5c262f2d375d2b85be82cd2db
2017-04-29 13:55:24 -04:00