Commit Graph

5617 Commits

Author SHA1 Message Date
Joseph Sutton
717ad8b043 kdc: Add support for explicit armoring from MS-KILE
Normally when FAST is used with a TGS-REQ, the armor key is implicitly
derived from the TGT rather than armor being explicitly present, as for
AS-REQs. However, Windows allows a TGS-REQ to be explicitly armored with
a computer's TGT, so that the armor key also depends on the ticket
session key.

This is used for compound identity, where the computer's group
membership and claims are added to the PAC of the resulting ticket.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2021-12-14 16:19:01 +11:00
Joseph Sutton
814e58fda8 heimdal: Make _krb5_pac_get_kdc_checksum_info() into a global function
This lets us call it from Samba.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

[abartlet@samba.org Similar to Samba commit 3bdce12789af1e7a7aba56691f184625a432410d
 but also fixed for caller in Heimdal windc plugin tests]
2021-12-14 13:44:01 +11:00
Joseph Sutton
f1255da03c krb5: Check asprintf return value
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2021-12-13 21:20:10 -05:00
Luke Howard
f95f4bc99e krb5: require strengthen_key when FAST + GSS PA
Always require a strengthen key to be used if GSS pre-authentication is used
within FAST. TRhis avoids a MITM attack that could result in unintended
privilege escalation, should a KDC add additional positive authorization data
from the armor ticket to the issued ticket.

An upcoming revision of the draft will reflect this.
2021-12-14 09:03:42 +11:00
Luke Howard
9b55215a2a kdc: sync KDC FAST with Heimdal-597.121.1
Import KDC FAST from Apple's Heimdal-597.121.1, adding support for:

  - PA-ENC-CHALLENGE
  - reply key strengthening
  - FAST authentication in TGS

kuser: Apple sync (squash)

krb5_init_creds_store_config/krb5_init_creds_warn_user in kinit
2021-12-14 09:03:42 +11:00
Luke Howard
47282cae34 krb5: import Heimdal-597.121.1 AS/TGS client
Sync with most changes in AS/TGS client from Apple's Heimdal-597.121.1
(opensource.apple.com).

Changes include:

 - FAST support in TGS client
 - Refactored pre-auth client to be more easily extensible
 - Pin KDC host and AD site name in API calls

Note the completely refactored TGS client loop is not imported as that was
considered too intrusive.
2021-12-14 09:03:42 +11:00
Nicolas Williams
b5a58df8eb krb5: Document return of krb5_cc_get_config() 2021-12-10 17:20:05 -06:00
Nicolas Williams
f44596b14b krb5: Fix null deref in krb5_init_creds_free() 2021-12-10 17:20:05 -06:00
Luke Howard
cfa49a461c krb5: do not pack ccapi on Apple Silicon
Fix fb6f89f2 so #pragma(pop) is also similarly guarded to exclude ARM
2021-12-10 11:11:16 +11:00
Luke Howard
eb85614c24 Revert "s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows"
This reverts commit 24a7a82e82.

After further discussion in #863, the alignment (which differs according to
info buffer type) should be handled by the caller.
2021-12-10 11:02:17 +11:00
Joseph Sutton
24a7a82e82 s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from Samba commit 28a5a586c8e9cd155d676dcfcb81a2587ace99d1)
2021-12-09 09:53:03 +11:00
Joseph Sutton
9b62d72d51 heimdal:kdc: Match Windows error code for unsupported critical FAST options
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2021-12-07 15:31:58 +11:00
Joseph Sutton
d2dc61c720 heimdal: Initialise KDC reply
The reply structure was not being zero-initialised in all cases, leading
to crashes or possible heap corruption on error paths when we later
freed it.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2021-12-07 15:03:22 +11:00
Nicolas Williams
bba573f286 krb5: Fix dst TGT deleg w/o dns_lookup_realm
Setting `dns_lookup_realm = false` in `[libdefaults]` and setting name
canon rules that force the empty realm causes destination-TGT delegation
to break because the client doesn't know the service's realm.

Because MIT and Heimdal check that the (unauthenticated plaintext)
sname/realm of the Ticket in the KDC reply matches the sname/srealm in
the enc-part of the KDC reply, we know we can trust the realm of the
ticket found in the ccache.  So use that.
2021-12-06 17:39:22 -06:00
Nicolas Williams
6f7c6a7f67 krb5: Fix out-of-tree SQLite3 ccache perms issue
SQLite3 defaults to 0644 unless overridden, relying on the process'
umask to make that tighter.

Our in-tree SQLite3 uses 0600 as the permissions for DB files it
creates.

Out-of-tree builds of SQLite3 probably get the 0644 default.

We can't change the umask in libraries -- it's not thread-safe.

So this commit changes the SCC ccache type's default ccname to include
an intermediate directory which is created with `mkdir(2)` with
permissions set to 0700, then it chmods the DB file to 0644.
2021-11-30 11:34:04 -06:00
Nicolas Williams
a025788a37 krb5: Make test_cc run keyctl new_session 2021-11-30 11:42:00 -05:00
Nicolas Williams
90db9b96a4 krb5: Make test_cc not step on user ccaches
And cleanup on exit.
2021-11-30 11:42:00 -05:00
Nicolas Williams
6918322c79 krb5: Fix FILE ccache my_basename() bug 2021-11-30 11:42:00 -05:00
Nicolas Williams
bacc484b2a krb5: Fix umask issue with SQLite3 2021-11-30 11:42:00 -05:00
Nicolas Williams
c84384c544 krb5: Fix doxygen comments 2021-11-30 11:42:00 -05:00
Andrew Bartlett
7686028718 Use UTF-8 in KTH copyright notice
Samba is starting to protect against bi-di attacks and the starting point
is to require that input files be fully UTF-8.  In 2021 this is a reasonable
starting point anyway.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2021-11-29 12:50:26 +11:00
Nicolas Williams
5f63215d0d Always perform == or != operation on cmp function result
Although not required to address bad code generation in
some versions of gcc 9 and 10, a coding style that requires
explicit comparison of the result to zero before use is
both clearer and would have avoided the generation of bad
code.

This change converts all use of cmp function usage from

```
    if (strcmp(a, b) || !strcmp(c, d)) ...
```

to

```
    if (strcmp(a, b) != 0 || strcmp(c, d)) == 0
```

for all C library cmp functions and related:

 - strcmp(), strncmp()
 - strcasecmp(), strncasecmp()
 - stricmp(), strnicmp()
 - memcmp()

Change-Id: Ic60c15e1e3a07e4faaf10648eefe3adae2543188
2021-11-24 22:30:44 -05:00
Jeffrey Altman
6cfbde4d86 plugin interface functions must specify calling convention
The plugin interfaces were originally implemented for use on
Unix where KRB5_CALLCONV, HEIM_CALLCONV and similar are defined
as nothing.  However, on 32-bit Windows the calling convention
matters and executing a __stdcall function through a __cdecl
function pointer will result in failures.

This change updates the krb5plugin_windc, krb5plugin_service_locate,
krb5plugin_send_to_kdc plugins to specify the KRB5_CALLCONV for
functions.   This brings the plugins into compliance with the
heim_plugin_common interface requirement that init() and fini()
use the platform specified HEIM_CALLCONV.

The krb5-plugin(7) man page is updated and the lib/krb5/test_plugin
test is also fixed.

With this change all tests pass on 32-bit Windows.

Change-Id: Ic9d2e1285c9c179e3898dc9d071ed092bcddc406
2021-11-18 18:52:54 -06:00
Nicolas Williams
54581d2d52 krb5: Fix PAC signature leak affecting KDC 2021-10-11 13:58:15 -05:00
Nicolas Williams
403a445f5b krb5: Document TGS HDB entry alias referral feature 2021-10-11 13:58:15 -05:00
Nicolas Williams
838431d95e krb5: Fix krb5.conf.5 man page bug 2021-10-11 13:58:15 -05:00
Isaac Boukris
3e466caf10 krb5: skip cache check in S4U2Proxy requests 2021-09-28 10:19:08 +10:00
Luke Howard
cba3f9a563 krb5: return KRB5KRB_AP_ERR_INAPP_CKSUM if PAC checksum fails
Return KRB5KRB_AP_ERR_INAPP_CKSUM instead of EINVAL when verifying a PAC, if
the checksum is absent or unkeyed.
2021-09-21 18:17:00 +10:00
Luke Howard
85756bd228 krb5: make keyed checksums mandatory where possible
Make keyed checksums mandatory when generating and verifying checksums, with
the following exceptions:

* the checksum is being generated or verified as part of encrypting data for
  a legacy (DES) encryption type

* the KRB5_CRYPTO_FLAG_ALLOW_UNKEYED_CHECKSUM flag was set on the crypto
  context, used to allow unkeyed checksums in krb5 authenticators

By making unkeyed checksums opt-in, we eliminate a class of potential
vulnerabilities where callers could pass unkeyed checksums.

Any code that uses the mandatory checksum type for a given non-legacy
encryption type should not be affected by this change. It could potentially
break, say, a client trying to do FAST with DES keys but, that should not be
supported (because FAST KDCs also support AES).

Closes: #835
2021-09-21 18:02:25 +10:00
Isaac Boukris
6df8be5091 krb5: rework PAC validation loop
Avoid allocating the PAC on error.

Closes: #836
2021-09-20 11:29:11 +10:00
Isaac Boukris
b295167208 krb5: allow NULL parameter to krb5_pac_free() 2021-09-20 11:29:09 +10:00
Luke Howard
2acc4508d9 krb5: fix test_pac format string
Don't pass a potentially (although in reality, not) untrusted string to
krb5_err(); cleanup error handling.
2021-09-19 14:01:51 +10:00
Isaac Boukris
6c339fd5a5 krb5: add pac ticket-signature unit tests 2021-09-19 13:25:34 +10:00
Isaac Boukris
2ffaba9401 kdc: sign ticket using Windows PAC
Split Windows PAC signing and verification logic, as the signing has to be when
the ticket is ready.

Create sign and verify the PAC KDC signature if the plugin did not, allowing
for S4U2Proxy to work, instead of KRB5SignedPath.

Use the header key to verify PAC server signature, as the same key used to
encrypt/decrypt the ticket should be used for PAC server signature, like U2U
tickets are signed witht the tgt session-key and not with the longterm key,
and so krbtgt should be no different and the header key should be used.

Lookup the delegated client in DB instead of passing the delegator DB entry.

Add PAC ticket-signatures and related functions.

Note: due to the change from KRB5SignedPath to PAC, S4U2Proxy requests
against new KDC will not work if the evidence ticket was acquired from
an old KDC, and vide versa.

Closes: #767
2021-09-19 13:25:27 +10:00
Isaac Boukris
544515931b tests: default verify_pac to true in test_ap-req 2021-09-19 13:00:21 +10:00
Isaac Boukris
152e28fc40 tests: add PAC test for CVE-2020-17049 (bronze bit) 2021-09-19 12:58:40 +10:00
Luke Howard
b2f9bb67d7 krb5: specify krb5_enomem() calling convention
krb5_enomem() was lacking a calling convention decoration, breaking Windows
consumers if __cdecl was not the default calling convention. Add KRB5_LIB_CALL
to make it consistent with other library functions.

Closes: #834
2021-09-16 14:59:25 +10:00
Luke Howard
3ac48a8dfd krb5: KRB5_KRBHST_TKTBRIDGEAP
Add a new krbhst type, KRB5_KRBHST_TKTBRIDGEAP to krb5_krbhst_init_flags(),
that looks for the DNS SRV record kerberos-tkt-bridge. This is to support a new
PADL project.
2021-09-13 19:20:11 +10:00
Luke Howard
207bfc066d krb5: add unkeyed SHA-2 checksum types
Add unkeyed checksum types for SHA-256, SHA-384 and SHA-512, for future
internal use. They are assigned private (negative) checksum types and must
never appear in cleartext on the wire.
2021-09-13 17:08:32 +10:00
Luke Howard
908ef18c9f Revert "krb5: zero nonce before encoding for GSS preauth"
This reverts commit 34b374b5e4.

We are revising the GSS-API pre-authentication draft to include the nonce from
the first request in the GSS channel bindings, to avoid re-encoding issues that
may surface with Kerberos implementations that do not correctly implement DER.
2021-09-13 13:39:58 +10:00
Luke Howard
34b374b5e4 krb5: zero nonce before encoding for GSS preauth
Zero nonce before encoding KDC-REQ-BODY to be used as channel binding
application data in GSS-API pre-authentication. This is because the nonce may
change between AS-REQs and the channel binding data should be invariant between
calls to GSS_Init_sec_context().
2021-09-07 15:18:55 +10:00
Luke Howard
c3a5f20041 krb5: update krb5.conf(5) with RFC8009 enctypes
Add aes256-cts-hmac-sha384-192 and aes128-cts-hmac-sha256-128 to krb5.conf(5).

Closes #815.
2021-09-06 13:31:03 +10:00
Luke Howard
76624dd4eb krb5: export krb5_set_log_dest()
krb5_set_log_dest() was not exported. Export it.
2021-08-24 21:16:10 +10:00
Luke Howard
1cdc9d5f3c krb5: export krb5_init_creds_step()
Public API included in headers but not exported.
2021-08-16 22:42:36 +10:00
Luke Howard
939cdbe4ad krb5: always canonicalize GSS federated name
When using WELLKNOWN/FEDERATED in GSS-API pre-authentication, always
replace with the cname in the AS-REP.
2021-08-15 13:50:21 +10:00
Luke Howard
49f3f5bd99 kdc: support for GSS-API pre-authentication
Add support for GSS-API pre-authentication to the KDC, using a simplified
variation of draft-perez-krb-wg-gss-preauth-02 that encodes GSS-API context
tokens directly in PADATA, and uses FX-COOKIE for state management.

More information on the protocol and implementation may be found in
lib/gssapi/preauth/README.md.
2021-08-12 17:37:01 +10:00
Luke Howard
0c74bec235 krb5: pass realm to _krb5_make_fast_ap_fxarmor()
Fix merge issue introduced in ef1d63a9 which did not update the call
site after updating the _krb5_make_fast_ap_fxarmor() prototype to take
the realm (used in the anonymous PKINIT case).
2021-08-11 19:09:18 +10:00
Luke Howard
b510b90239 krb5: export krb5_time_abs for test_time
Function introduced in 8a4ce995 needs to be exported.
2021-08-10 20:47:44 +10:00
Luke Howard
d34700b4d9 krb5: add extra sanity check in pk_verify_sign()
Assert either PKINIT signer certificate was validated, or caller requested no
KDC certificate validation.
2021-08-10 16:25:26 +10:00
Luke Howard
ef1d63a997 kinit: add --pk-anon-fast-armor option
Add the  --pk-anon-fast-armor option, which acquires a temporary anonymous
PKINIT TGT to use as a FAST armor key.
2021-08-10 15:30:45 +10:00