Commit Graph

17963 Commits

Author SHA1 Message Date
Luke Howard
351145309d krb5: consolidate cc_ops enumeration
Consolidate the enumeration of the cc_ops table by using cc_get_prefix_ops() (a
variant of krb5_cc_get_prefix_ops that also returns the residual).
2020-08-30 13:44:19 +10:00
Luke Howard
cbcc50cd00 krb5: consolidate default ccache type logic into get_default_cc_type()
Consolidate the default credentials cache type logic into
get_default_cc_type(), so that the API: and MSLSA: types are respected on macOS
and Windows.
2020-08-29 16:13:00 +10:00
Jeffrey Altman
51912c0215 roken: introduce rk_socket_set_keepalive
Change-Id: I3086a10cd3d23bef00336f5db7db3a35ca02d568
2020-07-24 01:32:34 -04:00
Luke Howard
ee7e345af1 sqlite: silence OSAtomicCompareAndSwapPtrBarrier warning
The deprecated OSAtomicCompareAndSwapPtrBarrier() function is used by a code
path only taken on macOS systems with a single CPU. As very few Macs have a
single CPU today, remove this optimization. (Replacing it with <stdatomic.h> as
suggested would break compatability with macOS prior to 10.12.)
2020-07-20 13:41:53 +10:00
Luke Howard
bb7b4f7a94 base: use atomic load/store in reference counting
Use the new atomic load and store macros for testing and setting reference
count overflow.
2020-07-14 09:35:14 +10:00
Luke Howard
4986ebcb67 base: rename heim_base_atomic_{max,type} to ...integer_{max,type}
Rename heim_base_atomic_max to heim_base_atomic_integer_max (ditto with _type)
in order to better reflect their usage, now we have a separate
heim_base_atomic() macro for making an atomic version of any type.
2020-07-14 09:35:14 +10:00
Luke Howard
504d059580 base: use heim_base_atomic_load in heimqueue.h
Use heim_base_atomic_load() rather than heim_base_exchange_pointer() when
iterating an atomic SLIST
2020-07-14 09:35:14 +10:00
Luke Howard
7e86a27c0c krb5: update keyring ccache for new atomic load/store API 2020-07-14 09:35:14 +10:00
Luke Howard
9ba00949dd base: add atomic init, load and store macros
Add new macros for atomic initialization, load and store, with ordering
semantics equivalent to <stdatomic.h>
2020-07-14 09:35:14 +10:00
Luke Howard
cbb2ceb018 base: use <stdatomic.h> for atomics, where present
C11 introduces a new set of atomic APIs in <stdatomic.h>. If available, use
those in preference to compiler- or platform-specific intrinsics.
2020-07-14 09:35:14 +10:00
Luke Howard
932605c01e base: heim_base_exchange_{32,64} for platforms without atomics
heim_base_exchange_32() and heim_base_exchange_64() inline functions for
platforms without atomics were missing (these are very inefficient but,
clearly rarely used given the lack of build error reports)
2020-07-14 09:35:14 +10:00
Luke Howard
fcfca367cf base: move atomic macros into separate header
Move the atomic macros into a distinct header, heimbase-atomics.h, in
preparation for the introduction of additional macros
2020-07-14 09:35:14 +10:00
Jeffrey Altman
bc3270cd88 asn1: function ptrs passed as ASN1CALL ptrs must be ASN1CALL
On Windows i386 the asn1 tests would crash due to stack corruption
as a result of functions being executed with the wrong calling
conventions.

Change-Id: Ic4f8b3a05dad36e3db6397fbd9270b98f0a5dfc5
2020-07-13 15:48:06 -04:00
Jeffrey Altman
136abf55b7 asn1: code generators that left bit shift .gt. 31 must use 1ULL
The code generators were shifting "1LU" by (<< 32) and (<< 63) which
are undefined operations for a 32-bit integer.  To ensure the integer
is 64-bit use "1ULL".

Change-Id: I062cae5638139a9fe51563f64b1964f87e2f49e3
2020-07-13 15:48:06 -04:00
Luke Howard
ad2a352600 gssapi/krb5: treat empty padding buffers as absent
For compatibility with SSPI, treat an empty padding buffer as equivalent to an
absent padding buffer (unelss the caller is requesting allocation).
2020-07-12 15:55:02 +10:00
Luke Howard
c105b15605 gssapi/krb5: ensure singleton buffer in _gk_find_buffer()
_gk_find_buffer() is used to locate singleton header, padding or trailer
buffers. Return NULL if multiple such buffers are found.
2020-07-12 15:54:52 +10:00
Jeffrey Altman
33ff163141 gss/krb5: acquire_cred_with_password set opt default flags
acquire_cred_with_password() must call
krb5_get_init_creds_opt_set_default_flags() to initialize the
krb5_get_init_creds option flags to the values obtained from
the krb5_context.

Change-Id: Icd8c500dd0787a781c2382284f19cef277b1d30b
2020-07-12 15:28:19 +10:00
Luke Howard
62d913a551 gssapi/krb5: use GSS_IOV_BUFFER_FLAG_ALLOCATE constants
GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE is deprecated as indicated in gssapi.h, use
GSS_IOV_BUFFER_FLAG_ALLOCATE instead
2020-07-12 14:26:14 +10:00
Luke Howard
4b543b727a gssapi/krb5: fix rc4-hmac gss_unwrap_iov() without DCE_STYLE
gss_unwrap_iov() with rc4-hmac (RFC4757) encryption types would fail unless
GSS_C_DCE_STYLE was specified, as an incorrect length was passed to
_gssapi_verify_mech_header(). (The correct length is the header length for
GSS_C_DCE_STYLE, and the wrap token length otherwise.)
2020-07-12 14:26:14 +10:00
Luke Howard
b73baa42ef gssapi/krb5: make PADDING buffer optional in GSS IOV API
RFC 4121/4757 don't require padding as they operate as stream ciphers. Make the
PADDING buffer optional when using these encryption types with gss_wrap_iov()
and gss_unwrap_iov().
2020-07-12 14:26:14 +10:00
Nicolas Williams
a684e001ba gsskrb5: Check dst-TGT pokicy at store time
Our initiator supports configuration-driven delegation of destination
TGTs.

This commit adds acceptor-side handling of destination TGT policy to
reject storing of non-destination TGTs when destination TGTs are
desired.

Currently we use the same appdefault for this.

Background:

    A root TGT is one of the form krbtgt/REALM@SAME-REALM.

    A destination TGT is a root TGT for the same realm as the acceptor
    service's realm.

    Normally clients delegate a root TGT for the client's realm.

    In some deployments clients may want to delegate destination TGTs as
    a form of constrained delegation: so that the destination service
    cannot use the delegated credential to impersonate the client
    principal to services in its home realm (due to KDC lineage/transit
    checks).  In those deployments there may not even be a route back to
    the KDCs of the client's realm, and attempting to use a
    non-destination TGT might even lead to timeouts.
2020-07-09 13:27:11 -05:00
Nicolas Williams
73e54c4731 krb5: Export krb5_principal_is_root_krbtgt() 2020-07-09 13:27:11 -05:00
Luke Howard
ca51f9eae6 kafs: disable use of AFS syscall on macOS
Using syscall() directly on macOS has been deprecated since 10.12. The value of
AFS_SYSCALL on libkafs overlaps with SYS_poll, causing k_hasafs() to hang on
macOS 11.0. Remove the AFS_SYSCALL macro to disable the AFS syscall on macOS.
2020-07-05 11:42:39 +10:00
Jeffrey Altman
99416eeead gssapi/krb5: delete_sec_context must close ccache if CLOSE_CCACHE
_gsskrb5_init_sec_context() when called with GSS_C_NO_CREDENTIAL
opens the default ccache and sets the CLOSE_CCACHE flag indicating
that the ccache lifetime is tied to the gsskrb5_ctx.   When
_gsskrb5_delete_sec_context() is called, it must close the ccache
if the CLOSE_CCACHE flag is set.  Otherwise, the ccache resources
will leak.

Leaked since 39fe446983.

Change-Id: I8d0faab1e844d68fe71b11b715f8d88fcd2f4af7
2020-06-29 11:40:48 -04:00
Jeffrey Altman
226a3ba7d7 hx509: hx509_context_free do not leak configuration files
hx509_context_free() must call heim_config_file_free() on
the hx509_context.cf section binding.  Otherwise the memory
is leaked.

Change-Id: Ib3350a5be67203904fc1aee727c342c3ed552978
2020-06-29 11:40:48 -04:00
Jeffrey Altman
bbe5bf669b krb5: krb5_free_context unconditionally call hx509_context_free
Its safe to call hx509_context_free() with a NULL context.

Change-Id: I47e3aa1b57a2008dbfcd8d6de1b9c6ded84414db
2020-06-29 11:40:48 -04:00
Jeffrey Altman
ed24c41973 base: differentiate KRB5 and other configurations on Windows
When the "KRB5_CONFIG" is unset on Windows, the registry values
  HKLM\Software\Heimdal "config"
  HKCU\Software\Heimdal "config"
are used.   The migration of krb5_config to heimbase failed to
differentiate between KRB5_CONFIG, HX509_CONFIG, etc.   The above
registry values are only for the KRB5_CONFIG.

This change permits the envvar name to be searched for in the
registry.   For HX509_CONFIG the registry values
  HKLM\Software\Heimdal "HX509_CONFIG"
  HKCU\Software\Heimdal "HX509_CONFIG"
will be searched for configuration information.

Change-Id: I140945fa603d668d270eb5d740a11edc6fc121d7
2020-06-29 11:40:48 -04:00
Earl Chew
5e7bc8d881 [libedit/configure.ac] Refactor tgetent message to reflect libraries searched
Signed-off-by: Earl Chew <earl_chew@yahoo.com>
2020-05-31 11:59:33 -04:00
Jeffrey Altman
07ee8fd3f4 base|krb5: struct krb5_config_binding is public
ea90ca8666
("Move some infra bits of lib/krb5/ to lib/base/ (2)") introduced
struct heim_config_binding to heimbase.h and removed the
struct krb5_config_binding definition from krb5.h.  It changed
the krb5_config_binding typedef to be based upon the heim_config_binding
typedef.

These changes broke out of tree callers of krb5_config_get_list()
and krb5_config_vget_list().  The internals of struct krb5_config_binding
are required by callers of krb5_config_get_list() and krb5_config_vget_list()
and the names must remain the same.

This change restores struct krb5_config_binding to krb5.h.  The
structure cannot be changed because it is public and leaves struct
heim_config_binding as an independent structure definition within
heimbase.h.  As a result struct heim_config_binding in heimbase.h must
remain binary compatible until such time as krb5_config_get_list() and
krb5_config_vget_list() are no longer supported.

Change-Id: I69b4fda3f656cc8daa8f5fcd0c7151cee222fc8c
2020-05-31 00:02:34 -05:00
Andrew Bartlett
44b2d68536 Squash using #if 0 a longstanding TODO to avoid warnings
Seen on Ubuntu 18.04 with
gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)
giving:

test_cipher.c: In function ‘test_cipher’:
test_cipher.c:299:19: error: suggest braces around empty body in an ‘if’ statement [-Werror=empty-body]
  /* XXXX check  */;
                   ^
cc1: all warnings being treated as errors

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-05-28 11:10:57 -04:00
Andrew Bartlett
bf3c4219fe Make rk_SOCK_INIT an inline function and check the result to avoid warnings
Similar to f6e0d19cc0 but
fixed in the header by making it a proper static inline
function (as some callers treats it as one, so do it
for all now for consistency).

Seen on Ubuntu 18.04 with

giving:

In file included from getaddrinfo-test.c:36:0:
getaddrinfo-test.c: In function ‘main’:
roken.h:110:24: error: statement with no effect [-Werror=unused-value]
 #define rk_SOCK_INIT() 0
                        ^
getaddrinfo-test.c:132:5: note: in expansion of macro ‘rk_SOCK_INIT’
     rk_SOCK_INIT();
     ^~~~~~~~~~~~

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-05-28 11:10:57 -04:00
Andrew Bartlett
9ffbc17a0f Fix (deliberately) unused variable warning in rsa-ltm.c
Seen on Ubuntu 18.04 with
gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)
giving:

rsa-ltm.c: In function ‘ltm_rsa_private_calculate’:
rsa-ltm.c:135:9: error: variable ‘where’ set but not used [-Werror=unused-but-set-variable]
     int where = 0; /* Ignore the set-but-unused warning from this */
         ^~~~~
rsa-ltm.c: In function ‘gen_p’:
rsa-ltm.c:482:9: error: variable ‘where’ set but not used [-Werror=unused-but-set-variable]
     int where = 0; /* Ignore the set-but-unused warning from this */
         ^~~~~

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-05-28 11:10:57 -04:00
Nicolas Williams
886cc6026c krb5: Remove uses of KRB5_USE_PATH_TOKENS 2020-05-28 00:49:55 -05:00
Nicolas Williams
4c34168b01 base: Fix use of HEIM_USE_PATH_TOKENS 2020-05-28 00:49:30 -05:00
Nicolas Williams
16482c4a68 krb5: Default homedir access to !issuid()
Also get rid of the global static `allow_homedir` and its mutex.  We
don't need this in-tree.
2020-05-28 00:39:45 -05:00
Nicolas Williams
1d8ab271d5 base: Default homedir access to !issuid() 2020-05-28 00:39:45 -05:00
Nicolas Williams
8ed2a27e4e base: Add HOME and USERCONFIG tokens 2020-05-28 00:39:45 -05:00
Nicolas Williams
335d9a9f17 krb5: Fix krb5_cc_get_name() 2020-05-28 00:39:45 -05:00
Nicolas Williams
c976cbc0f0 krb5: Fix krb5_cc_get_subsidiary() harder 2020-05-28 00:21:15 -05:00
Nicolas Williams
fc7b7af95a krb5: Fix kcm client 2020-05-28 00:02:36 -05:00
Nicolas Williams
c8e0461838 krb5: Fix krb5_cc_get_subsidiary() 2020-05-27 23:51:31 -05:00
Andrew Bartlett
5e690fe70c Avoid -Werror=address failure due to embedded NULL check in _mg_buffer_zero
Seen with Ubuntu 18.04
gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)

mech/gss_krb5.c: In function ‘gss_krb5_ccache_name’:
mech/gss_krb5.c:501:18: error: the address of ‘buffer’ will always evaluate as ‘true’ [-Werror=address]
  _mg_buffer_zero(&buffer);
                  ^
mech/mech_locl.h:72:7: note: in definition of macro ‘_mg_buffer_zero’
   if (buffer) {   \
       ^~~~~~

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-05-27 23:23:43 -05:00
Jeffrey Altman
d84512b8d2 krb5: krb5_cc_ops backward compatibility and extensibility
The krb5_cc_ops structure is an extensible structure to which new
functionality has been added over the years.

Version zero was the original.  It included all functions up to
and including get_default_name().

Version one added set_default().

Version two added lastchange().

Version three added set_kdc_offset() and get_kdc_offset().

Version four broke compatibility by modifying the signatures
of get_name() and resolve().   This was in change
7bf4d76e75 ("krb5: Improve cccol sub
naming; add gss_store_cred_into2()").

Version five restores the original signatures of get_name()
and resolve() and introduces get_name_2() and resolve_2() that
provide the additional cccol functionality.

This change

 * introduces version five
 * documents which functions are part of each version
 * replaces KRB5_CC_OPS_VERSION with KRB5_CC_OPS_VERSION_0,
   KRB5_CC_OPS_VERSION_1, KRB5_CC_OPS_VERSION_2, KRB5_CC_OPS_VERSION_3,
   and KRB5_CC_OPS_VERSION_5.  KRB5_CC_OPS_VERSION_4 is skipped
   because of the aforementioned breakage.
 * compatibility logic is added to permit ccache plugins to implement
   any of version one, two, three, five or a future version.
 * all in-tree krb5_cc_ops implementations are updated to version 5.

Change-Id: Iadfce01d10834bc6151939e4d9d196f03001626e
2020-05-27 23:22:40 -05:00
Jeffrey Altman
33bb2479b9 base: common_plugin.h define KRB5_CALLCONV / KRB5_LIB_CALL
common_plugin.h is expected to be usable on its own.
For backward compatibility, restore the definitions of
KRB5_CALLCONV and KRB5_LIB_CALL.

Change-Id: I6d2239f91ab48b9a6b71816b5221807382dc5914
2020-05-27 23:22:40 -05:00
Jeffrey Altman
d4c0d34548 lib/krb5: krb5_get_instance does not work on Windows 7
krb5_get_instance() is meant to ensure that the shared library
instance of heimdal loaded by a plugin matches the instance that
loaded the plugin.  It works by declaring a static C string whose
memory address will be used as an instance identifier.  If the
instance returned from the plugin matches the instance obtain
by the code that loads the plugin, then we can conclude the two
instances are the same.

This doesn't work on Windows 7.  When heimdal.dll loads a plugin
that is linked to heimdal.dll, the plugin's heimdal.dll is always
a new instance.  However, the requirement for plugin safety is
not that the plugin be the same instance in memory but that they
be the same instance on disk.

This change loads the path name and version string for the module
and generates a hash of those strings as an instance identifier.

Change-Id: I1c0651969e9738c5feecb0b323969d13efd4704d
2020-05-27 23:22:40 -05:00
Andrew Bartlett
1a65611f61 Check some error returns from *asprintf()
This avoids these compiler warnings on Ubuntu 18.04
gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)

expand_path.c: In function ‘expand_token’:
expand_path.c:493:17: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result [-Wunused-result]
                 asprintf(&arg, "%.*s", (int)(token_end - colon - 1), colon + 1);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
log.c: In function ‘fmtkv’:
log.c:646:5: warning: ignoring return value of ‘vasprintf’, declared with attribute warn_unused_result [-Wunused-result]
     vasprintf(&buf1, fmt, ap);
     ^~~~~~~~~~~~~~~~~~~~~~~~~

mech/context.c: In function ‘gss_mg_set_error_string’:
mech/context.c:212:5: warning: ignoring return value of ‘vasprintf’, declared with attribute warn_unused_result [-Wunused-result]
     (void) vasprintf(&str, fmt, ap);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mech/context.c: In function ‘_gss_mg_log_name’:
mech/context.c:319:6: warning: ignoring return value of ‘vasprintf’, declared with attribute warn_unused_result [-Wunused-result]
      (void) vasprintf(&str, fmt, ap);
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mech/context.c: In function ‘_gss_mg_log_cred’:
mech/context.c:346:5: warning: ignoring return value of ‘vasprintf’, declared with attribute warn_unused_result [-Wunused-result]
     (void) vasprintf(&str, fmt, ap);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

kerberos5.c: In function ‘_kdc_set_e_text’:
kerberos5.c:338:5: warning: ignoring return value of ‘vasprintf’, declared with attribute warn_unused_result [-Wunused-result]
     vasprintf(&e_text, fmt, ap);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-05-27 21:54:26 -04:00
Jeffrey Altman
f91f786dd6 base: common_plugin.h add missing typedefs
ea90ca86664c73fb8d415f3cc7baacdf8a6dd685("Move some infra bits of
lib/krb5/ to lib/base/ (2)") forgot to add typedefs

  heim_get_instance_func_t
  krb5_get_instance_t

required for compilation of krb5_get_instance style plugins.

Change-Id: I3130f86034be1f9f79694eca0d1b309e247fd03f
2020-05-27 09:01:22 -04:00
Jeffrey Altman
739f7e0484 krb5: not_found must free krb5_get_error_message string
Even though krb5_get_error_message() returns 'const char *' the
C-string is allocated and must be freed using krb5_free_error_message().

Change-Id: I8d4ef6fce12f113617443d15abadf51f1e04cf1a
2020-05-27 09:01:22 -04:00
Jeffrey Altman
c6213fc894 base: heim_conf_parse_file_multi remove extra unused parameter
This call

  heim_warn(context, ret, "Ignoring", fname);

doesn't require the 'fname' paramter.  Remove it.

Change-Id: Ia339568658306a903a64ff9e098f914e7387bdd7
2020-05-27 09:01:22 -04:00
Jeffrey Altman
f0de5f5c43 lib/base: heim_config_parse_file_multi warn if ignoring included config
At present Heimdal silently ignores included configuration files that
cannot be successfully opened or parsed.  This is done to ensure that
an administrator or configuration management tool cannot lock users
out of a machine due to an editing mistake.

This change modifies heim_config_parse_file_multi() to warn the user
if a configuration file cannot be parsed or if an included ("include"
or "includedir") configuration file cannot be opened.  Example warnings
for a configuration file starting with:

  includedir c:/temp

where some of the matching file names cannot be parsed:

  Ignoring: c:\temp\20170516:1: binding before section

or opened:

  Ignoring: open or stat c:\temp\AUAA-83: Permission denied

A top level configuration file will also generate a warning if it
can be opened but cannot be parsed successfully produces

  Ignoring: c:\temp\foo.cmd:1: binding before section
  Ignoring: C:\ProgramData\Kerberos\krb5.conf:22: unmatched }

Change-Id: I455854156f4a61e1b7dad7f96601eca23d2368eb
2020-05-26 11:48:45 -05:00