Commit Graph

1085 Commits

Author SHA1 Message Date
Daria Phoebe Brashear
b12e01035c gss: _locl.h files should include local copy of -private.h files
apparently some versions of heimdal installed mech private headers.
don't inadvertantly end up with it in your path from a previous version
2018-04-19 13:12:59 -04:00
Daria Phoebe Brashear
bc1b936a1d move _gssapi_make_mech_header to avoid need to prototype
move _gssapi_make_mech_header so it's declared before use
2018-04-19 13:12:59 -04:00
Jeffrey Altman
93518bfab4 use memset_s
lib roken includes support for memset_s() but it was not applied
to the Heimdal source tree.

Change-Id: I8362ec97a9be50205bb2d398e65b629b88ce1acd
2017-04-29 01:05:59 -04:00
Quanah Gibson-Mount
7c16ce3457 Minor typo/grammar fixes 2017-03-10 15:47:43 -05:00
Jeffrey Altman
d9f7718a42 gss/krb5: gsskrb5_acceptor_start authenticator leak (take two)
Change-Id: I11be62ab806ea89258fe60e29e6d6488908070fa
2016-11-19 23:59:30 -05:00
Jeffrey Altman
2be6646adc gss/krb5: gsskrb5_acceptor_start authenticator leak
Change-Id: I78c546590776ae4c30a49bfb919285b0eb15a06b
2016-11-19 10:18:12 -05:00
Nicolas Williams
52a562a3a4 Misc fixes (coverity) 2016-11-18 22:21:45 -06:00
Nicolas Williams
1c81ddf4e2 Round #2 of scan-build warnings cleanup 2016-11-16 17:03:14 -06:00
Jeffrey Altman
6a1db3fb1c princ type NT-UNKNOWN + "host" == NT-SRV-HST
Treat principals of type NT-UNKNOWN as NT-SRV-HST if the first component
of the principal name is "host".

Change-Id: I28fb619379daac827436040e701d4ab7b279852b
2016-11-14 21:29:47 -06:00
Jeffrey Altman
5aef50c800 gss-krb5: do_delegate remove dead comment
The check on principal type has been commented out since do_delegate()
was committed.  Remove it.

Change-Id: Id98f35471e346cb3d0e9666b7cdb6f564191e6c1
2016-11-14 21:29:47 -06:00
Heath Kehoe
545b5b41ce Fix race condition with global _gsskrb5_keytab
gsskrb5_acceptor_start() was making a copy of the global pointer
_gsskrb5_keytab to use later. This invites a race condition where
another thread could call gsskrb5_register_acceptor_identity()
(thus invalidating the target of the copied pointer) before it is
used by gsskrb5_acceptor_start().

So instead, clone the keytab to a new one while protected by the
mutex lock (similar to get_keytab() in acquire_cred.c).

Signed-off-by: Nicolas Williams <nico@twosigma.com>
2016-11-10 18:32:15 -06:00
Luke Howard
7b720cf61c krb5: implement draft-ietf-kitten-aes-cts-hmac-sha2-07 2016-10-08 08:17:11 +02:00
Love Hörnquist Åstrand
0a5de96d72 Merge pull request #134 from abartlet/allow-null-authenticator
gssapi: Allow a NULL authenticator
2015-08-03 20:18:16 +02:00
Stefan Metzmacher
ad3acc2aef lib/gssapi/krb5: implement gss_[un]wrap_iov[_length] with arcfour-hmac-md5
Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
2015-07-31 17:30:23 +12:00
Stefan Metzmacher
bafefad87f lib/gssapi/krb5: split out a arcfour_mic_cksum_iov() function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2015-07-31 17:30:23 +12:00
Stefan Metzmacher
ef0059b8b6 lib/gssapi/krb5: add const to arcfour_mic_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2015-07-31 17:30:23 +12:00
Stefan Metzmacher
5f79ac2bb9 lib/gssapi/krb5: clear temporary buffer with cleartext data.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2015-07-31 17:30:23 +12:00
Stefan Metzmacher
e33e47650a lib/gssapi/krb5: fix indentation in _gk_wrap_iov()
Now it matches _gk_unwrap_iov() and _gk_wrap_iov_length().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2015-07-31 17:30:23 +12:00
Stefan Metzmacher
63ed962041 lib/gssapi/krb5: make _gssapi_verify_pad() more robust
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2015-07-31 17:30:23 +12:00
Andrew Bartlett
8508294940 gssapi: Allow a NULL authenticator
Some non-GSSAPI implementations that instead try to create compatible packets by wrapping krb5_mk_req()
can trigger a NULL authenticator here.  Assume this to be equvilent to specifying an all-zero
channel bindings and some reasonable (fixed) flags.

Original patch by Andrew Bartlett, restructured by Douglas Bagnall

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2015-07-30 10:52:54 +12:00
Love Hörnquist Åstrand
532d1166fd remove always true condition 2015-04-28 08:20:39 -07:00
Nicolas Williams
db2ba88384 Make gss_acquire_cred_with_password() like Solaris
Solaris'/Illumos' gss_acquire_cred_with_password() does not have
side-effects.  MIT and Heimdal have differed, but it's now agreed that
the Solaris/Illumos behavior is correct.

To make a credential obained with gss_acquire_cred_with_password()
available to other processes, use gss_store_cred().
2015-04-15 12:27:40 -05:00
Nicolas Williams
20c1e6c9ef Rename context handle lifetime to endtime 2015-04-14 11:27:25 -05:00
Viktor Dukhovni
dee03d9bee Rename cred handle lifetime to endtime
And change type from OM_uint32 to time_t.
2015-04-14 11:27:25 -05:00
Viktor Dukhovni
3bb33fa6e8 Fix cred handle lifetime/expiration confusion
In at least two instances the krb5 cred handle expiration time was misused
as a remaining lifetime.  This is not surprising since the field name is
wrong ("lifetime" not "expiration").  This commit fixes the code, the next
commit will rename the field and change its type from OM_uint32 to time_t.
2015-04-14 11:27:24 -05:00
Nicolas Williams
9a515026b9 gss_add_cred() doesn't always output lifetime 2015-04-14 11:27:24 -05:00
Nicolas Williams
67af588bce Don't require NUL term. in gss_add_cred_with_pw 2015-04-14 11:27:24 -05:00
Viktor Dukhovni
f93947672d Use start_realm cc config in export cred 2015-04-14 11:27:22 -05:00
Nicolas Williams
7e51f78178 Simplify __gsskrb5_ccache_lifetime 2015-04-13 16:59:21 -05:00
Nicolas Williams
f73c4edf69 Fix gss_store_cred() 2015-03-24 11:50:01 -05:00
Nicolas Williams
df41d53c67 Fix gss_add_cred() (krb5)
gss_add_cred() with GSS_C_NO_CREDENTIAL as the input_cred_handle should
act like gss_acquire_cred() with desired_mechs containing just the
desired_mech.
2015-03-24 11:50:01 -05:00
Nicolas Williams
533578e726 Make gss_store_cred() work 2015-03-24 11:50:00 -05:00
Nicolas Williams
487b6820f6 Revamp name canonicalization code 2015-03-24 11:49:58 -05:00
Viktor Dukhovni
cfdf6d5cbe gsskrb5: Make krb5 mech use referrals
Modify the gss krb5 mech to always use referrals unless the
KRB5_NCRO_NO_REFERRALS flag is set.

Change-Id: I7efd873ac922a43adafa2c492703b576847a885f
2015-03-14 16:08:32 -04:00
Viktor Dukhovni
fca6363307 Drop delegated creds when target is NULL
In gsskrb5_accept_delegated_token() it is wrong to store the delegated
credentials in the default ccache by default.  When the caller does not
provide a target credential handle, we just do nothing and return success.

Test the return value of gsskrb5_accept_delegated_token() against
GSS_S_COMPLETE, rather than 0.
2015-03-10 03:07:29 +00:00
Viktor Dukhovni
ca052eadd5 Fix gss_inquire_cred_by_mech.
Delegated or other explicit credentials were mishandled, the code only
worked correctly when processing default credentials.  In particular
this caused root's default credential cache to be accessed when accepting
delegated credentials in SSH:

    ssh_gssapi_accept_ctx() ->
        ssh_gssapi_getclient() ->
	    gss_inquire_cred_by_mech()

When /tmp/krb5cc_0 contained expired tickets, cascaded credentials
stopped working for non-root users!
2015-03-10 03:07:29 +00:00
Volker Lendecke
b408e93ae3 heimdal: Fix 241482 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2014-03-24 23:07:50 -05:00
Andreas Schneider
cfc398d32e s4-heimdal: Remove the execute flag of cfx.c.
The scripts which are extracting debuginfo are looking for files with
the executable bit and find cfx.c which isn't a executable.
2014-03-24 23:07:49 -05:00
Nicolas Williams
7d45909537 Fix krb5's gss_pseudo_random() (n is big-endian)
The first enctype RFC3961 prf output length's bytes are correct because
the little- and big-endian representations of unsigned zero are the
same.  The second block of output was wrong because the counter was not
being encoded as big-endian.

This change could break applications.  But those applications would not
have been interoperating with other implementations anyways (in
particular: MIT's).
2013-10-30 14:26:15 -05:00
Nicolas Williams
774f166e31 First attempt s/\<const gss_.*_t/gss_const_.*_t/g 2013-06-02 15:30:58 -05:00
Love Hornquist Astrand
58ff480763 rewrite send to kdc to be more agressive, try kdcs in paralell and easier to configure behavior 2013-02-10 19:02:52 -08:00
Roland C. Dowdeswell
cc47c8fa7b Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues.
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer.  Note that we get different
warnings on different machines and so this will be a work in
progress.  So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).

Notably, we fixed

	1.  a lot of missing structure initialisers,

	2.  unchecked return values for functions that glibc
	    marks as __attribute__((warn-unused-result)),

	3.  made minor modifications to slc and asn1_compile
	    which can generate code which generates warnings,
	    and

	4.  a few stragglers here and there.

We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g.  rsh, rcp,
popper, ftp and telnet.

Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.

We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
2012-02-20 19:45:41 +00:00
Andrew Bartlett
5ce504c1fb use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3
This allows a strict link between checksum types and key types to be
enforced.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2012-01-10 22:54:16 +01:00
Nicolas Williams
40a7d4b62f More fixes for -Werror (GCC 4.6 catches more stuff) 2011-11-02 23:20:55 -05:00
Luke Howard
07777511d1 implement gss_localname 2011-10-08 12:15:09 +11:00
Love Hörnquist Åstrand
f1c1e1bc6e remove used variables 2011-07-24 20:05:05 -07:00
Love Hörnquist Åstrand
8060a561db switch to KRB5_ENCTYPE 2011-07-24 16:02:22 -07:00
Love Hörnquist Åstrand
f60ec15834 partly unify enctype/keytype since there is only enctypes 2011-07-24 14:03:08 -07:00
ghudson@MIT.EDU
3c725a465e Initialize zero before using it in unwrap_des().
Heimdal since fc702a97f5 (August 2009)
can't process DES wrap tokens unless the stack garbage in the zero
array happens to be all zeros.

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
2011-06-13 21:18:07 -07:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00