Commit Graph

5526 Commits

Author SHA1 Message Date
Luke Howard
7e86a27c0c krb5: update keyring ccache for new atomic load/store API 2020-07-14 09:35:14 +10:00
Nicolas Williams
73e54c4731 krb5: Export krb5_principal_is_root_krbtgt() 2020-07-09 13:27:11 -05:00
Jeffrey Altman
bbe5bf669b krb5: krb5_free_context unconditionally call hx509_context_free
Its safe to call hx509_context_free() with a NULL context.

Change-Id: I47e3aa1b57a2008dbfcd8d6de1b9c6ded84414db
2020-06-29 11:40:48 -04:00
Jeffrey Altman
07ee8fd3f4 base|krb5: struct krb5_config_binding is public
ea90ca8666
("Move some infra bits of lib/krb5/ to lib/base/ (2)") introduced
struct heim_config_binding to heimbase.h and removed the
struct krb5_config_binding definition from krb5.h.  It changed
the krb5_config_binding typedef to be based upon the heim_config_binding
typedef.

These changes broke out of tree callers of krb5_config_get_list()
and krb5_config_vget_list().  The internals of struct krb5_config_binding
are required by callers of krb5_config_get_list() and krb5_config_vget_list()
and the names must remain the same.

This change restores struct krb5_config_binding to krb5.h.  The
structure cannot be changed because it is public and leaves struct
heim_config_binding as an independent structure definition within
heimbase.h.  As a result struct heim_config_binding in heimbase.h must
remain binary compatible until such time as krb5_config_get_list() and
krb5_config_vget_list() are no longer supported.

Change-Id: I69b4fda3f656cc8daa8f5fcd0c7151cee222fc8c
2020-05-31 00:02:34 -05:00
Nicolas Williams
886cc6026c krb5: Remove uses of KRB5_USE_PATH_TOKENS 2020-05-28 00:49:55 -05:00
Nicolas Williams
16482c4a68 krb5: Default homedir access to !issuid()
Also get rid of the global static `allow_homedir` and its mutex.  We
don't need this in-tree.
2020-05-28 00:39:45 -05:00
Nicolas Williams
335d9a9f17 krb5: Fix krb5_cc_get_name() 2020-05-28 00:39:45 -05:00
Nicolas Williams
c976cbc0f0 krb5: Fix krb5_cc_get_subsidiary() harder 2020-05-28 00:21:15 -05:00
Nicolas Williams
fc7b7af95a krb5: Fix kcm client 2020-05-28 00:02:36 -05:00
Nicolas Williams
c8e0461838 krb5: Fix krb5_cc_get_subsidiary() 2020-05-27 23:51:31 -05:00
Jeffrey Altman
d84512b8d2 krb5: krb5_cc_ops backward compatibility and extensibility
The krb5_cc_ops structure is an extensible structure to which new
functionality has been added over the years.

Version zero was the original.  It included all functions up to
and including get_default_name().

Version one added set_default().

Version two added lastchange().

Version three added set_kdc_offset() and get_kdc_offset().

Version four broke compatibility by modifying the signatures
of get_name() and resolve().   This was in change
7bf4d76e75 ("krb5: Improve cccol sub
naming; add gss_store_cred_into2()").

Version five restores the original signatures of get_name()
and resolve() and introduces get_name_2() and resolve_2() that
provide the additional cccol functionality.

This change

 * introduces version five
 * documents which functions are part of each version
 * replaces KRB5_CC_OPS_VERSION with KRB5_CC_OPS_VERSION_0,
   KRB5_CC_OPS_VERSION_1, KRB5_CC_OPS_VERSION_2, KRB5_CC_OPS_VERSION_3,
   and KRB5_CC_OPS_VERSION_5.  KRB5_CC_OPS_VERSION_4 is skipped
   because of the aforementioned breakage.
 * compatibility logic is added to permit ccache plugins to implement
   any of version one, two, three, five or a future version.
 * all in-tree krb5_cc_ops implementations are updated to version 5.

Change-Id: Iadfce01d10834bc6151939e4d9d196f03001626e
2020-05-27 23:22:40 -05:00
Jeffrey Altman
d4c0d34548 lib/krb5: krb5_get_instance does not work on Windows 7
krb5_get_instance() is meant to ensure that the shared library
instance of heimdal loaded by a plugin matches the instance that
loaded the plugin.  It works by declaring a static C string whose
memory address will be used as an instance identifier.  If the
instance returned from the plugin matches the instance obtain
by the code that loads the plugin, then we can conclude the two
instances are the same.

This doesn't work on Windows 7.  When heimdal.dll loads a plugin
that is linked to heimdal.dll, the plugin's heimdal.dll is always
a new instance.  However, the requirement for plugin safety is
not that the plugin be the same instance in memory but that they
be the same instance on disk.

This change loads the path name and version string for the module
and generates a hash of those strings as an instance identifier.

Change-Id: I1c0651969e9738c5feecb0b323969d13efd4704d
2020-05-27 23:22:40 -05:00
Jeffrey Altman
739f7e0484 krb5: not_found must free krb5_get_error_message string
Even though krb5_get_error_message() returns 'const char *' the
C-string is allocated and must be freed using krb5_free_error_message().

Change-Id: I8d4ef6fce12f113617443d15abadf51f1e04cf1a
2020-05-27 09:01:22 -04:00
Jeffrey Altman
fde95037a8 lib/krb5: not_found() do not substitute the error text
not_found() is called internally with error code KRB5_CC_NOTFOUND
from find_cred() and get_cred_kdc_capath_worker() where a hard
coded error string "Matching credential not found" makes sense.
However, it is also called from krb5_get_creds() and
krb5_get_credentials_with_flags() with error codes that are
returned from the KDC where hiding the true error string
confuses the end user and hampers debugging.

This change replaces the hard coded string with the result
of krb5_get_error_message() and appends the service ticket
name.

Change-Id: I275c66c7b5783ae25029dce5b851cb389b118bcc
2020-05-26 11:48:45 -05:00
Jeffrey Altman
afc9ebe08b fix calling conventions
When a function is assigned to a function pointer that is declared
with a particular calling convention, then the assigned function
must be declared with that calling convention as well.  Otherwise,
kaboom!!!

The following functions are fixed by this change:

kuser/kx509.c
  validate1()
  add1_2chain()

lib/base/log.c
  log_syslog()
  close_syslog()
  log_file()
  close_file()

lib/gssapi/mech/context.c
  gss_set_log_function()

lib/krb5/kx509.c
  certs_export_func()

Change-Id: Ib68abf739e3385e98136fa4e4f5a0240e9fce033
2020-05-26 11:48:45 -05:00
Nicolas Williams
51fdb4bc04 krb5: Fix warning in krb5_get_error_string() 2020-04-26 01:30:37 -05:00
Luke Howard
4a7eb74374 gss: SAnon - the Simple Anonymous GSS-API mechanism
Add support for SAnon, a simple key agreement protocol that provides no
authentication of initiator or acceptor using x25519 ECDH key exchange.
See doc/standardization/draft-howard-gss-sanon-xx.txt for a protocol
description.
2020-04-25 23:19:30 -05:00
Nicolas Williams
e8441212d1 Move error functions from krb5 to base 2020-04-24 16:02:35 -05:00
Nicolas Williams
e2d435cf2f Move lib/krb5/error_string.c to lib/base/
This commit contains only renames.
2020-04-24 16:02:35 -05:00
Nicolas Williams
679bcb6872 hx509: Add hx509.conf support
Just like krb5.conf, but hx509.conf, with all the same default locations
on Windows, OS X, and elsewhere, and HX509_CONFIG as the environment
variable equivalent of KRB5_CONFIG.
2020-04-24 16:02:33 -05:00
Nicolas Williams
78a21fdd95 Move more config file code from krb5 to base 2020-04-24 00:11:56 -05:00
Luke Howard
1611ac457f krb5: allow NULL authenticator in krb5_auth_con_free()
When freeing an auth context, allow the authenticator to be NULL. Useful for
freeing partially allocated authentication context.
2020-04-15 16:23:02 +10:00
Luke Howard
4411448bfd krb5: always zero elastic storage
Elastic storage (returned from krb5_storage_emem()) often contains secret keys.
Ensure memory is zeroed on free using memset_s() rather than memset().
2020-04-15 09:00:20 +10:00
Luke Howard
ed41592876 krb5: use memset_s() in krb5_free_keyblock_contents()
krb5_free_keyblock_contents() should use memset_s() to ensure that the key is
zero'd before freeing
2020-04-14 20:22:07 +10:00
Nicolas Williams
31a73c3c27 List FILE collection even when KRB5CCNAME is a sub
Setting KRB5CCNAME=/tmp/krb5cc_${UID}+${princ} should not prevent
listing the FILE collection.
2020-03-18 00:43:01 -05:00
Nicolas Williams
8f3b5e0862 krb5: Use sqlite3_close(), not v2 2020-03-17 19:45:51 -05:00
Nicolas Williams
a8874a62bb krb5: Fix kinit harder
The previous fixes for using `krb5_cc_default_for()` weren't quite
correct.
2020-03-17 19:13:16 -05:00
Nicolas Williams
4c736cbeec krb5: Allow rename of empty FILE ccaches 2020-03-17 14:55:42 -05:00
Nicolas Williams
64d5f86ec3 Fix warnings (some bugs, some spurious)
Many spurious VC warnings not quieted though.
2020-03-12 21:02:09 -05:00
Nicolas Williams
f3e6c4ffd4 krb5: Make FILE ccache type a collection type! 2020-03-12 21:02:09 -05:00
Nicolas Williams
f70ccfa967 krb5: Restore FILE as the default ccache type 2020-03-12 10:57:49 -05:00
Nicolas Williams
bc5070d36f krb5: Add krb5_set_config() for test_cc 2020-03-12 10:57:49 -05:00
Daria Phoebe Brashear
c2a7041402 krb5_mk_ncred: clean enc_krb_cred_part before use
the early exit case can try to free enc_krb_cred_part, which will be
stack garbage. clear it before it's used.
2020-03-06 11:56:03 -06:00
Nicolas Williams
c6b891556e krb5: Init mutex of anon MEMORY ccaches 2020-03-04 14:11:52 -06:00
Nicolas Williams
7bf4d76e75 krb5: Improve cccol sub naming; add gss_store_cred_into2()
- Formalize the TYPE:collection_name:subsidiary_name naming scheme for
   ccaches in ccache collections
    - KEYRING: ccaches are weird because they have one more optional field: the
      "anchor", so rather than just assume a naming convention everywhere, we
      add new functions as well
 - Add krb5_cc_{resolve,default}_sub() that allows one to specify a
   "subsidiary" ccache name in a collection separately from the
   collection name
 - Add krb5_cc_{resolve,default}_for() which take a principal name,
   unparse it, and use it as the subsidiary ccache name (with colons
   replaced)
 - Make kinit use the new interfaces
 - Add missing DIR ccache iteration functionality
 - Revamps test_cc
 - Add krb5_cc_get_collection() and krb5_cc_get_subsidiary()
 - Bump the ccops SPI version number
 - Add gss_store_cred_into2()
 - Make MEMORY:anonymous not linked into the global MEMORY ccache
   collection, and uses this for delegated cred handles

TBD:

 - Split this up into a krb5 change and gss mech_krb5 change?
 - Add krb5_cc_init_and_store() utility, per Greg's suggestion?
2020-03-02 17:48:04 -06:00
Nicolas Williams
ea90ca8666 Move some infra bits of lib/krb5/ to lib/base/ (2)
This is the second of two commits in a series that must be picked together.

This series of two commits moves parts of lib/krb5/ infrastructure
functionality to lib/base/, leaving behind wrappers.

Some parts of libkrb5 are entirely generic or easily made so, and could
be useful in various parts of Heimdal that are not specific to the krb5
API, such as:

 - lib/gssapi/  (especially since the integration of NegoEx)
 - lib/hx509/
 - bx509d       (which should really move out of kdc/)

For the above we need to move these bits of lib/krb5/:

 - lib/krb5/config_file.c   (all of it, leaving forwardings behind)
 - lib/krb5/config_reg.c    (all of it)
 - lib/krb5/plugin.c        (all of it, leaving forwardings behind)
 - lib/krb5/log.c           (all of it, ditto)
 - lib/krb5/heim_err.et     (all of it)

And because of those two, these too must also move:

 - lib/krb5/expand_path.c   (all of it, leaving forwardings behind)
 - lib/krb5/warn.c          (just the warning functions, ditto)

The changes to the moved files are mostly quite straightforward and are
best reviewed with --word-diff=color.

We're also creating a heim_context and a heim API to go with it.  But
it's as thin as possible, with as little state as necessary to enable
this move.  Functions for dealing with error messages use callbacks.

Moving plugin.c does have one knock-on effect on all users of the old
krb5 plugin API (which remains), which is that a global search and
replace of struct krb5_plugin_data to struct heim_plugin_data was
needed, though the layout and size of that structure doesn't change, so
the ABI doesn't either.

As well, we now build lib/vers/ and lib/com_err/ before lib/base/ so as
to be able to move lib/krb5/heim_err.et to lib/base/ so that we can make
use of HEIM_ERR_* in lib/base/, specifically in the files that moved.

Once this is all done we'll be able to use config files and plugins in
lib/hx509/, we'll be able to move bx509d out of kdc/, and so on.

Most if not all of the new functions in lib/base/ are Heimdal-private,
thus calling conventions for them are not declared.

Status:

 - builds and passes CIs (Travis, Appveyor)
 - ran make check-valgrind and no new leaks or other memory errors
 - ready for review

HOW TO REVIEW:

     $ # Review file moves:
     $ git log --stat -n1 HEAD^
     $
     $ # Review changes to moved files using --word-diff=color
     $ git log -p -b -w --word-diff=color HEAD^..HEAD   \
               lib/base/config_file.c                   \
               lib/base/config_reg.c                    \
               lib/base/expand_path.c                   \
               lib/base/warn.c                          \
               lib/krb5/config_file.c                   \
               lib/krb5/config_reg.c                    \
               lib/krb5/expand_path.c                   \
               lib/krb5/warn.c
     $
     $ # Review the whole thing, possibly adding -b and/or -w, and
     $ # maybe --word-diff=color:
     $ git log -p origin/master..HEAD
     $ git log -p -b -w origin/master..HEAD
     $ git log -p -b -w --word-diff=color origin/master..HEAD

TBD (future commits):

 - make lib/gssapi use the new heimbase functions
 - move kx509/bx509d common code to lib/hx509/ or other approp. location
 - move bx509d out of kdc/
2020-03-02 10:56:13 -06:00
Nicolas Williams
b2823cbd74 Move some infra bits of lib/krb5/ to lib/base/ (1)
This is the first of two commits in a series that must be picked
together.

This series of two commits moves parts of lib/krb5/ infrastructure
functionality to lib/base/, leaving behind wrappers.

This commit only renames files to enable git log/diff/blame to follow
the renames: to help future code archeology, and to make reviewing these
two commits easier.

The next commit in this series ensures that the moved files have the
correct content (i.e., defining heim APIs instead of krb5 APIs), and
will create files in lib/krb5 with the same names and krb5 API wrappers
around the new heim API functions.

The next commit also explains the motivation, which, briefly, is to:

 - remove krb5 API usage from lib/gssapi/,
 - enable the use of configuration and plugins in lib/hx509/
   (as well as lib/gssapi/ and future projects),

and

 - enable the further disentanglement of bx509d from kdc/.
2020-03-02 10:56:13 -06:00
Luke Howard
6af3ea9099 gss: merge enhanced Apple mechglue logging
Add _gss_mg_log() and friends for logging from within the mechanism glue and
SPNEGO. These APIs wrap around the libkrb5 logging APIs.
2020-02-04 17:28:35 +11:00
Nicolas Williams
1a3716a132 krb5: Do not write start_realm ccconfig twice 2019-12-30 20:45:40 -06:00
Nicolas Williams
9063d92dbb krb5: Fix fcc_open() leak on double-init, and msg 2019-12-10 21:26:47 -06:00
Nicolas Williams
7102f2be9e krb5: Fix leak in PKINIT client 2019-12-06 23:07:16 -06:00
Nicolas Williams
90a59a064b krb5: Fix fcc_open() FD leak 2019-12-06 23:07:13 -06:00
Roland C. Dowdeswell
001e312ba5 Make krb5_cc_close(ctx, NULL) stop SEGV'ing. 2019-12-05 00:05:56 -05:00
Roland C. Dowdeswell
c76e30e90c Document that log level 7 is for tracing. 2019-12-05 00:05:56 -05:00
Roland C. Dowdeswell
fb9a78223c We stop strnvisx(3)ing logs to FILE: by default.
Our logging framework used to strnvisx(3) each and every line
iff it is written to a FILE.  This is often unhelpful because
the line usually contains a number of elements that have already
been quoted and it makes the logs much more difficult to read in
this case.  An example if krb5_unparse_name() which will already
quote most characters that one cares about.

We change the behaviour to simply drop unprintable characters
rather than encoding them.  We thus rely on the rest of the
code to properly encode data elements written into the logs.
2019-12-05 00:05:56 -05:00
Nicolas Williams
575c67806b Add bx509d 2019-12-04 21:34:44 -06:00
Roland C. Dowdeswell
62d13ebf28 lib/krb5/kx509.c: fix memory leak in an error case. 2019-11-26 13:38:17 -06:00
Roland C. Dowdeswell
8ee86db261 Add enforce_ok_as_delegate setting
If this flag is set to true, then GSSAPI credential delegation will
be disabled when the "ok-as-delegate" flag is not set in the service
ticket.
2019-11-20 18:18:57 -05:00
Roland C. Dowdeswell
b5449e6c97 disable test_cc on Windows 2019-11-20 18:14:44 -05:00
Roland C. Dowdeswell
69dd82d33e Stop stuttering in libkrb5-exports.def.in 2019-11-20 18:14:44 -05:00