In SAnon:
The is_initiator bitfield must be unsigned to avoid undefined behaviour, as
there is only a single bit defined. Thanks to Nico Williams for explaining
this.
We were passing SANON flags to _gss_mg_import_rfc4121_context(), which
wants GSS flags. Meanwhile, I broke gss_inquire_context() on imported
SAnon contexts when I did my review of SAnon.
This commit fixes both issues and removes SANON_FLAG_*, which were only
ever needed because of a flag to track whether a context was locally
initiated or accepted. Now we use a separate int field of the sanon_ctx
to track whether a context was locally initiated. Once an SAnon context
is fully established, we rely on gss_inquire_context() on the rfc4121
sub-context for all metadata that isn't the initiator and acceptor names
nor the mechanism OID.
Add support for SAnon, a simple key agreement protocol that provides no
authentication of initiator or acceptor using x25519 ECDH key exchange.
See doc/standardization/draft-howard-gss-sanon-xx.txt for a protocol
description.
The X25519 implementation comes from libsodium. Explicit copyright
notices have been added to each file as well as some portability changes
(e.g. align.h).
Just like krb5.conf, but hx509.conf, with all the same default locations
on Windows, OS X, and elsewhere, and HX509_CONFIG as the environment
variable equivalent of KRB5_CONFIG.
Fix for issue #486 based on a patch by Nico Williams.
A GSS-API acceptor can return an error token to be sent to the initiator. Our
SPNEGO implementation discarded these when sending a SPNEGO reject response.
This patch fixes the SPNEGO acceptor to convey those in the SPNEGO response.
The SPNEGO initiator is also updated to not bail out early on receiving a
SPNEGO reject response from the acceptor, but instead pass the response token
(if any) to gss_init_sec_context(). A reject response with no response token
will continue to return an error.
Reduce the number of trials when generating RSA keys by calling
mp_prime_rabin_miller_trials() with the number of desired bits.
See libtom/libtommath#482.
gss_release_cred_by_mech() was previously used by SPNEGO's implementation of
gss_set_neg_mechs(). This is now implemented in the mechanism glue. As we never
shipped gss_release_cred_by_mech(), it is safe to remove it and its exported
symbol.
SPNEGO was already using union creds. Now make the mechglue know about
it, delete all of the cred-related SPNEGO stubs that are now not called
(lib/gssapi/spnego/cred_stubs.c), and implement gss_get/set_neg_mechs()
by storing the OID set in the union cred.
This commit was essentially authored as much if not more by Luke Howard
<lukeh at padl.com> as much as by the listed author.
gss_add_oid_set_member() should according to RFC2744 add a copy of the OID to
the set; the current implementation just stored a pointer (which may not be
stable). As we have _gss_intern_oid(), call that before adding.
If an initial security context token doesn't have a standard header per
RFC2743 then try all mechanisms until one succeeds or all fail.
We still try to guess NTLMSSP, raw Kerberos, and SPNEGO, from tasting
the initial security context token.
gss_decapsulate_token() should return GSS_S_BAD_MECH if the mechanism did not
match the expected one, and GSS_S_DEFECTIVE_TOKEN if the token could not be
parsed for some other reason, rather than GSS_S_FAILURE in both cases
Add a new private interface (accessed through _gss_mg_import_rfc4121_context())
through which a skeletal krb5 mechanism context can be created, suitable for
RFC4121 message protection and PRF services.
The NegoEx gss_{exchange,query}_meta_data functions set allocated_ctx but never
did anything with it. Use it to determine whether we should free the context
handle on error.
Allow the source and target names to be NULL when exporting or importing a
security context for the krb5 mechanism. This will be used in the future to
support skeletal contexts that only provide RFC4121 message protection
services.
_gss_secure_release_buffer_set() patch changed minor_status to 0, not
*minor_status as correct. No behavioural change as
_gss_secure_release_buffer_set() would have set it anyway, but obviously this
was unintentional.
Luke Howard