Commit Graph

2218 Commits

Author SHA1 Message Date
Luke Howard
4b543b727a gssapi/krb5: fix rc4-hmac gss_unwrap_iov() without DCE_STYLE
gss_unwrap_iov() with rc4-hmac (RFC4757) encryption types would fail unless
GSS_C_DCE_STYLE was specified, as an incorrect length was passed to
_gssapi_verify_mech_header(). (The correct length is the header length for
GSS_C_DCE_STYLE, and the wrap token length otherwise.)
2020-07-12 14:26:14 +10:00
Luke Howard
b73baa42ef gssapi/krb5: make PADDING buffer optional in GSS IOV API
RFC 4121/4757 don't require padding as they operate as stream ciphers. Make the
PADDING buffer optional when using these encryption types with gss_wrap_iov()
and gss_unwrap_iov().
2020-07-12 14:26:14 +10:00
Nicolas Williams
a684e001ba gsskrb5: Check dst-TGT pokicy at store time
Our initiator supports configuration-driven delegation of destination
TGTs.

This commit adds acceptor-side handling of destination TGT policy to
reject storing of non-destination TGTs when destination TGTs are
desired.

Currently we use the same appdefault for this.

Background:

    A root TGT is one of the form krbtgt/REALM@SAME-REALM.

    A destination TGT is a root TGT for the same realm as the acceptor
    service's realm.

    Normally clients delegate a root TGT for the client's realm.

    In some deployments clients may want to delegate destination TGTs as
    a form of constrained delegation: so that the destination service
    cannot use the delegated credential to impersonate the client
    principal to services in its home realm (due to KDC lineage/transit
    checks).  In those deployments there may not even be a route back to
    the KDCs of the client's realm, and attempting to use a
    non-destination TGT might even lead to timeouts.
2020-07-09 13:27:11 -05:00
Jeffrey Altman
99416eeead gssapi/krb5: delete_sec_context must close ccache if CLOSE_CCACHE
_gsskrb5_init_sec_context() when called with GSS_C_NO_CREDENTIAL
opens the default ccache and sets the CLOSE_CCACHE flag indicating
that the ccache lifetime is tied to the gsskrb5_ctx.   When
_gsskrb5_delete_sec_context() is called, it must close the ccache
if the CLOSE_CCACHE flag is set.  Otherwise, the ccache resources
will leak.

Leaked since 39fe446983.

Change-Id: I8d0faab1e844d68fe71b11b715f8d88fcd2f4af7
2020-06-29 11:40:48 -04:00
Andrew Bartlett
5e690fe70c Avoid -Werror=address failure due to embedded NULL check in _mg_buffer_zero
Seen with Ubuntu 18.04
gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)

mech/gss_krb5.c: In function ‘gss_krb5_ccache_name’:
mech/gss_krb5.c:501:18: error: the address of ‘buffer’ will always evaluate as ‘true’ [-Werror=address]
  _mg_buffer_zero(&buffer);
                  ^
mech/mech_locl.h:72:7: note: in definition of macro ‘_mg_buffer_zero’
   if (buffer) {   \
       ^~~~~~

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-05-27 23:23:43 -05:00
Andrew Bartlett
1a65611f61 Check some error returns from *asprintf()
This avoids these compiler warnings on Ubuntu 18.04
gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)

expand_path.c: In function ‘expand_token’:
expand_path.c:493:17: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Wunused-result]
                 asprintf(&arg, "%.*s", (int)(token_end - colon - 1), colon + 1);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
log.c: In function ‘fmtkv’:
log.c:646:5: warning: ignoring return value of ‘vasprintf’, declared with attribute warn_unused_result [-Wunused-result]
     vasprintf(&buf1, fmt, ap);
     ^~~~~~~~~~~~~~~~~~~~~~~~~

mech/context.c: In function ‘gss_mg_set_error_string’:
mech/context.c:212:5: warning: ignoring return value of ‘vasprintf’, declared with attribute warn_unused_result [-Wunused-result]
     (void) vasprintf(&str, fmt, ap);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mech/context.c: In function ‘_gss_mg_log_name’:
mech/context.c:319:6: warning: ignoring return value of ‘vasprintf’, declared with attribute warn_unused_result [-Wunused-result]
      (void) vasprintf(&str, fmt, ap);
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mech/context.c: In function ‘_gss_mg_log_cred’:
mech/context.c:346:5: warning: ignoring return value of ‘vasprintf’, declared with attribute warn_unused_result [-Wunused-result]
     (void) vasprintf(&str, fmt, ap);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

kerberos5.c: In function ‘_kdc_set_e_text’:
kerberos5.c:338:5: warning: ignoring return value of ‘vasprintf’, declared with attribute warn_unused_result [-Wunused-result]
     vasprintf(&e_text, fmt, ap);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-05-27 21:54:26 -04:00
Jeffrey Altman
afc9ebe08b fix calling conventions
When a function is assigned to a function pointer that is declared
with a particular calling convention, then the assigned function
must be declared with that calling convention as well.  Otherwise,
kaboom!!!

The following functions are fixed by this change:

kuser/kx509.c
  validate1()
  add1_2chain()

lib/base/log.c
  log_syslog()
  close_syslog()
  log_file()
  close_file()

lib/gssapi/mech/context.c
  gss_set_log_function()

lib/krb5/kx509.c
  certs_export_func()

Change-Id: Ib68abf739e3385e98136fa4e4f5a0240e9fce033
2020-05-26 11:48:45 -05:00
Nico Williams
1243ea6a9a Merge pull request #711 from nicowilliams/master
Fix gss_krb5_copy_ccache() (broken by MEM:anon)
2020-05-13 21:57:25 -05:00
Luke Howard
0d3682e6a8 gss: unconditionally set certain flags in SAnon ISC
SAnon unconditionally sets the replay, sequence, confidentiality, and integrity
flags on the acceptor; do so on the initiator as well. Some indentation
cleanups are also included in this commit.
2020-04-28 07:38:31 +10:00
Luke Howard
815ea80b4f gss: mask out SAnon req_flags after computing session key
In SAnon, the optional flags send in the initial context token are input into
the key derivation function. Mask out the flags we wish to ignore after (not
before) calling the key derivation function, as the initiator may not know
which flags we wish to ignore.
2020-04-27 22:32:59 +10:00
Luke Howard
69b34d1b8a gss: fix signedness on is_initiator bitfield
In SAnon:

The is_initiator bitfield must be unsigned to avoid undefined behaviour, as
there is only a single bit defined. Thanks to Nico Williams for explaining
this.
2020-04-27 18:44:02 +10:00
Luke Howard
c785af8b62 gss: update SAnon for draft-howard-gss-sanon-13
draft-howard-gss-sanon-13 will move extended (RFC4757) flags from the NegoEx
metadata to an optional component of the initial context token
2020-04-27 15:18:14 +10:00
Luke Howard
55a553c56d gss: don't use mechglue private header in SPNEGO
Unbreak last commit, including mech_locl.h in SPNEGO appears to break Windows
builds
2020-04-27 15:10:29 +10:00
Luke Howard
7cdc9934b1 gss: initialize output parameters in NegoEx
NegoEx failed to initialize output parameters in _gss_negoex_{init,accept}
which could lead it to crash if the underlying mechanism returned an error.
2020-04-27 14:38:33 +10:00
Luke Howard
56842561f8 gss: initialize *minor in _gss_sanon_inquire_cred() 2020-04-27 11:15:49 +10:00
Nicolas Williams
2cb40ed97c sanon: Fix flags and ctx export/import confusion
We were passing SANON flags to _gss_mg_import_rfc4121_context(), which
wants GSS flags.  Meanwhile, I broke gss_inquire_context() on imported
SAnon contexts when I did my review of SAnon.

This commit fixes both issues and removes SANON_FLAG_*, which were only
ever needed because of a flag to track whether a context was locally
initiated or accepted.  Now we use a separate int field of the sanon_ctx
to track whether a context was locally initiated.  Once an SAnon context
is fully established, we rely on gss_inquire_context() on the rfc4121
sub-context for all metadata that isn't the initiator and acceptor names
nor the mechanism OID.
2020-04-26 01:30:37 -05:00
Nicolas Williams
5057d04f6a krb5: Fix display_status() incorrect major status 2020-04-25 23:19:30 -05:00
Luke Howard
4a7eb74374 gss: SAnon - the Simple Anonymous GSS-API mechanism
Add support for SAnon, a simple key agreement protocol that provides no
authentication of initiator or acceptor using x25519 ECDH key exchange.
See doc/standardization/draft-howard-gss-sanon-xx.txt for a protocol
description.
2020-04-25 23:19:30 -05:00
Nicolas Williams
20f9b2be48 gss: Fix some test leaks 2020-04-25 21:22:32 -05:00
Nicolas Williams
1a8855e6c4 spnego: Also use mechglue names 2020-04-25 21:22:32 -05:00
Luke Howard
8d19f3f47f gss: pass mechanism error tokens through SPNEGO
Fix for issue #486 based on a patch by Nico Williams.

A GSS-API acceptor can return an error token to be sent to the initiator. Our
SPNEGO implementation discarded these when sending a SPNEGO reject response.
This patch fixes the SPNEGO acceptor to convey those in the SPNEGO response.

The SPNEGO initiator is also updated to not bail out early on receiving a
SPNEGO reject response from the acceptor, but instead pass the response token
(if any) to gss_init_sec_context(). A reject response with no response token
will continue to return an error.
2020-04-24 15:07:55 +10:00
Nicolas Williams
7181c109d0 Properly implement neg_mechs & GM_USE_MG_CRED (fix) 2020-04-21 19:51:55 -05:00
Nicolas Williams
e48e75cd22 Better support for "non-standard" GSS mechs (fix) 2020-04-21 19:51:16 -05:00
Luke Howard
3bfe62df6a gss: remove gss_release_cred_by_mech()
gss_release_cred_by_mech() was previously used by SPNEGO's implementation of
gss_set_neg_mechs(). This is now implemented in the mechanism glue. As we never
shipped gss_release_cred_by_mech(), it is safe to remove it and its exported
symbol.
2020-04-21 00:21:32 -05:00
Nicolas Williams
a54761d68a Properly implement neg_mechs & GM_USE_MG_CRED
SPNEGO was already using union creds.  Now make the mechglue know about
it, delete all of the cred-related SPNEGO stubs that are now not called
(lib/gssapi/spnego/cred_stubs.c), and implement gss_get/set_neg_mechs()
by storing the OID set in the union cred.

This commit was essentially authored as much if not more by Luke Howard
<lukeh at padl.com> as much as by the listed author.
2020-04-21 00:21:32 -05:00
Luke Howard
2ec9e17042 gss: intern OID before adding to OID set
gss_add_oid_set_member() should according to RFC2744 add a copy of the OID to
the set; the current implementation just stored a pointer (which may not be
stable). As we have _gss_intern_oid(), call that before adding.
2020-04-21 00:13:50 -05:00
Nicolas Williams
9f3d9e1a0a Add gss_duplicate_oid_set() 2020-04-21 00:13:50 -05:00
Nicolas Williams
92c288994a Better support for "non-standard" GSS mechs
If an initial security context token doesn't have a standard header per
RFC2743 then try all mechanisms until one succeeds or all fail.

We still try to guess NTLMSSP, raw Kerberos, and SPNEGO, from tasting
the initial security context token.
2020-04-17 14:37:39 -05:00
Luke Howard
4199118c76 gss: fix gss_decapsulate_token() return codes
gss_decapsulate_token() should return GSS_S_BAD_MECH if the mechanism did not
match the expected one, and GSS_S_DEFECTIVE_TOKEN if the token could not be
parsed for some other reason, rather than GSS_S_FAILURE in both cases
2020-04-17 11:11:43 +10:00
Luke Howard
26a69856f6 gss: GSS_KRB5_IMPORT_RFC4121_CONTEXT_X / _gss_mg_import_rfc4121_context()
Add a new private interface (accessed through _gss_mg_import_rfc4121_context())
through which a skeletal krb5 mechanism context can be created, suitable for
RFC4121 message protection and PRF services.
2020-04-17 11:04:33 +10:00
Luke Howard
9383a88a86 gss: honor allocated_ctx in gss_{exchange,query}_meta_data
The NegoEx gss_{exchange,query}_meta_data functions set allocated_ctx but never
did anything with it. Use it to determine whether we should free the context
handle on error.
2020-04-16 17:22:37 +10:00
Luke Howard
c70540480b gss: free user keytab before resolving system keytab
get_client_keytab() leaked the user keytab if it resolved but we could not find
the client principal. Free it before trying the system keytab.
2020-04-16 17:22:31 +10:00
Luke Howard
9eab344d35 gss: don't leak client_cred in test_context
Don't leak client credential handle in test_context.
2020-04-16 17:22:27 +10:00
Luke Howard
33137a8c82 gss: allow source/target to be null on export/import
Allow the source and target names to be NULL when exporting or importing a
security context for the krb5 mechanism. This will be used in the future to
support skeletal contexts that only provide RFC4121 message protection
services.
2020-04-16 15:20:10 +10:00
Luke Howard
865fffb0f5 gss: fix typo regression in setting minor_status
_gss_secure_release_buffer_set() patch changed minor_status to 0, not
*minor_status as correct. No behavioural change as
_gss_secure_release_buffer_set() would have set it anyway, but obviously this
was unintentional.
2020-04-16 10:44:04 +10:00
Luke Howard
2c8fa27224 gss: use _gss_secure_release_buffer_[set]
Use new helper APIs for securely zeroing and releasing buffers and buffer sets.
2020-04-15 16:23:17 +10:00
Luke Howard
689eef20ec gss: add _gss_secure_release_buffer_set()
Add _gss_secure_release_buffer_set() helper function for zeroing buffer set
contents before release.
2020-04-15 16:23:13 +10:00
Luke Howard
b2eb5b0edf gss: add _gss_secure_release_buffer()
Add _gss_secure_release_buffer() helper function that zeros buffer
2020-04-15 16:23:08 +10:00
Luke Howard
baeebd4113 gss: check for replays in test_context
Add GSS_C_REPLAY_FLAG to the default set of flags in test_context.
2020-04-14 20:03:29 +10:00
Luke Howard
8fad2cf5c3 gss: don't use heim_assert() in test_context
Use errx() rather than heim_assert() in test_context
2020-04-14 17:27:55 +10:00
Luke Howard
73a5bc8499 gss: make gss_compare_name comply with RFC2743
Anonymous names should always compare FALSE in GSS_Compare_name(). If the names
are being compared at the mechglue layer then we should check for
GSS_C_NT_ANONYMOUS.
2020-04-14 17:04:25 +10:00
Luke Howard
846c839cbf gss: add tests for importing and exporting contexts
Add the --export-import-context flag to test_context, for validating that
security contexts round-trip through GSS_Export_sec_context() and
GSS_Import_sec_context().
2020-04-14 17:04:03 +10:00
Luke Howard
9a9aaa078c gss: allow gss_set_sec_context_option() to allocate a context
The prototype for gss_set_sec_context_option() allows it to return a new
context, however this was not implemented. This functionality is required by
GSS_KRB5_IMPORT_RFC4121_CONTEXT_X.
2020-04-14 17:03:58 +10:00
Luke Howard
b73c9cc063 gss: add support for gss_duplicate_cred() in SPNEGO
The SPNEGO dispatch table does not include gss_duplicate_cred(). It can call
directly into the mechglue because a SPNEGO credential is a mechglue
credential.
2020-04-13 21:06:42 +10:00
Luke Howard
9eb01c66e9 gss: remove superfluous SPNEGO cred wrappers
SPNEGO credentials are mechglue credentials. SPNEGO credential wrapper
functions can be replaced with direct calls into the mechglue, unless a
specific check is required to avoid infinite recursion (as is the case where
the mechglue enumerates all mechanism when passed a null credential handle).
2020-04-13 21:06:37 +10:00
Luke Howard
2d2d8a0979 gss: fix test_acquire_cred usage description 2020-04-13 16:39:44 +10:00
Luke Howard
7df0195c26 gss: fix downlevel Windows interop regression
The recent changes to SPNEGO removed support for GSS_C_PEER_HAS_UPDATED_SPNEGO,
through which the Kerberos mechanism could indicate to SPNEGO that the peer did
not suffer from SPNEGO conformance bugs present in some versions of Windows.*

This patch restores this workaround, documented in [MS-SPNG] Appendix A <7>
Section 3.1.5.1. Whilst improving interoperability with these admittedly now
unsupported versions of Windows, it does introduce a risk that Kerberos with
pre-AES ciphers could be negotiated in lieu of a stronger and more preferred
mechanism.

Note: this patch inverts the mechanism interface from
GSS_C_PEER_HAS_UPDATED_SPNEGO to GSS_C_INQ_PEER_HAS_BUGGY_SPNEGO, so that new
mechanisms (which did not ship with these older versions of Windows) are not
required to implement it.

* Windows 2000, Windows 2003, and Windows XP
2020-04-13 10:26:38 +10:00
Luke Howard
0cb752258e gss: remove GSS_C_MA_AUTH_INIT_ANON from krb5 mech
Pending integration of #551, the krb5 mechanism does not support
GSS_C_ANON_FLAG. Remove the GSS_C_MA_AUTH_INIT_ANON mechanism attribute until
such time it does.
2020-04-13 09:50:18 +10:00
Luke Howard
3b7aae7fce gss: order SPNEGO proposed mechs by req_flags
Sort the list of mechanisms proposed by the initiator so that mechanisms are
preferred by their advertised support for GSS flags. For example, if
GSS_C_MUTUAL_FLAG is requested, a mechanism that offers GSS_C_MA_AUTH_TARG will
be preferred over one that doesn't. The flag/mechanism attribute combinations
are also assigned a weight (mutual trumps anonymous, for example).
2020-04-12 13:25:09 -05:00
Luke Howard
4f7dc7694e gss: __gss_c_attr_stream_sizes_oid_desc declspec
__gss_c_attr_stream_sizes_oid_desc was tagged with GSSAPI_LIB_FUNCTION instead
of GSSAPI_LIB_VARIABLE; whilst the macro expansion is identical, fix for
cleanliness
2020-04-11 10:04:43 +10:00