summaryrefslogtreecommitdiffstats
path: root/src/kdc/do_as_req.c
Commit message (Collapse)AuthorAgeFilesLines
* Make KDC "status" statements more homogeneousZhanna Tsitkov2014-02-191-13/+13
| | | | | | | | | | | | | | | | | | | | | | Generally we want KDC status strings to be concise, informative and follow some common rules: - All letters in the status string should be capitalized; - the words in the status phrase are separated by underscore; - abbreviations should be avoided. Some acceptable "standard" acronyms are AS_REQ, TGS_REP etc. - since in almost all cases KDC status is set on error, no need to state this fact as part of the status string; - KDC status string should be an imperative phrase. For example, "DECRYPT_SERVER_KEY". This commit is to modify some KDC status messages to follow this format. Even though KDC status messages are not standardized, it is possible that some administrators use them in the Kerberos log file processing. Hence, the vast majority of them are left unchanged pending further investigation (mostly, feedback from the administrators).
* Log service princ in KDC more reliablyrbasch2013-12-301-12/+13
| | | | | | | | | | | | | | | | | | | | Under some error conditions, the KDC would log "<unknown server>" for the service principal because service principal information is not yet available to the logging functions. Set the appropriate variables earlier. do_as_req.c: After unparsing the client, immediately unparse the server before searching for the client principal in the KDB. do_tgs_req.c: Save a pointer to the client-requested service principal, to make sure it gets logged if an error happens before search_sprinc() successfully completes. [tlyu@mit.edu: commit message; fix TGS to catch more error cases] ticket: 7802 target_version: 1.12.1 tags: pullup
* KDC Audit infrastructure and plugin implementationZhanna Tsitkov2013-10-041-2/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Per project http://k5wiki.kerberos.org/wiki/Projects/Audit The purpose of this project is to create an Audit infrastructure to monitor security related events on the KDC. The following events are targeted in the initial version: - startup and shutdown of the KDC; - AS_REQ and TGS_REQ exchanges. This includes client address and port, KDC request and request ID, KDC reply, primary and derived ticket and their ticket IDs, second ticket ID, cross-realm referral, was ticket renewed and validated, local policy violation and protocol constraints, and KDC status message. Ticket ID is introduced to allow to link tickets to their initial TGT at any stage of the Kerberos exchange. For the purpose of this project it is a private to KDC ticket ID: each successfully created ticket is hashed and recorded into audit log. The administrators can correlate the primary and derived ticket IDs after the fact. Request ID is a randomly generated alpha-numeric string. Using this ID an administrator can easily correlate multiple audit events related to a single request. It should be informative both in cases when the request is sent to multiple KDCs, or to the same KDC multiple times. For the purpose of testing and demo of the Audit, the JSON based modules are implemented: "test" and "simple" audit modules respectively. The file plugins/audit/j_dict.h is a dictionary used in this implememtations. The new Audit system is build-time enabled and run-time pluggable. [kaduk@mit.edu: remove potential KDC crashes, minor reordering] ticket: 7712 target_version: 1.12
* Re-factoring of service processing code in AS-REQZhanna Tsitkov2013-09-231-12/+12
| | | | | | | | | | | | | | | | | | | | Take one step toward re-factoring of the KDC code: keep the service principal related code in one place. The code pattern was changed from: - unparse client - - unparse service - - db_get_ client - - client referrals - - db_get_ service - - validate policies etc into: - unparse client - - db_get_ client - - client referrals - - unparse service - - db_get_ service - - validate policies etc
* Err codes in KRB_ERROR protocol messages are < 128Zhanna Tsitkov2013-09-231-1/+1
| | | | | | If the error code is out of [0,127] range, assign it to KRB_ERR_GENERIC. This fix is to correct the previous behavior with [0,128] range. For more information see krb5_err.et
* Support FAST hide-client-names optionGreg Hudson2013-09-031-0/+4
| | | | | | | | In the KDC, if we see the hide-client-names option, identify the client as the anonymous principal in KDC-REP and KRB-ERROR responses. The actual client name is present in encrypted FAST elements. ticket: 7700 (new)
* Refactor KDC renewable ticket handlingGreg Hudson2013-06-061-26/+3
| | | | | | | | | | | | | | | | | | | | | Create a new helper to compute the renewable lifetime for AS and TGS requests. This has some minor behavior differences: * We only issue a renewable ticket if the renewable lifetime is greater than the normal ticket lifetime. * We give RENEWABLE precedence over RENEWABLE-OK in determining the requested renewable lifetime, instead of sometimes doing the reverse. * We use the client's maximum renewable life for TGS requests if we have looked up its DB entry. * Instead of rejecting requests for renewable tickets (if the client or server principal doesn't allow it, or a TGS request's TGT isn't renewable), issue non-renewable tickets. ticket: 7661 (new)
* Make AS requests work with no client keyGreg Hudson2013-05-031-16/+20
| | | | | | | | If we cannot find a client key while preparing an AS reply, give preauth mechanisms a chance to replace the reply key before erroring out. ticket: 7630
* Remove KDC macros for realm config fieldsGreg Hudson2013-01-151-1/+1
| | | | | | Stop using macros to refer to kdc_realm_t fields, as they could conflict with structure field names for the same. Leave behind the kdc_context and tgs_server macros for now.
* Get rid of adm.hGreg Hudson2013-01-101-1/+1
| | | | | | adm.h predates the ovsec kadm5 integration. It contains a bunch of obsolete defines and a redundant definition of krb5_realm_params. Get rid of it, and include <kadm5/admin.h> where we currently include it.
* Eliminate some KDC globalsTom Yu2012-10-151-13/+21
| | | | | | Make kdc_active_realm a local variable in every function that needs it. Pass it around in various state structures as needed. Keep the macros that reference its members remain for now.
* Set pointers to NULL after freeing themZhanna Tsitkov2012-10-151-0/+1
|
* Map CANTLOCK_DB to SVC_UNAVAILABLE in krb5kdcNicolas Williams2012-09-121-0/+4
| | | | | | | | | | | | | | The KDC should not return KRB5KRB_ERR_GENERIC (KRB_ERR_GENERIC) when the KDB plugin returns KRB5_KDB_CANTLOCK_DB: it should return KRB5KDC_ERR_SVC_UNAVAILABLE (KDC_ERR_SVC_UNAVAILABLE) instead. This allows clients to immediately fallback onto other KDCs. When we switch to using blocking locks in the db2 KDB backend we'll very rarely hit this code path, perhaps only when racing against a kdb5_util load. Other KDB backends might still return KRB5_KDB_CANTLOCK_DB often enough that this change is desirable. ticket: 7358 (new)
* Remove dead code in do_as_req.cZhanna Tsitkov2012-08-221-12/+0
| | | | Commit r21692 removed the KRB5_KDB_NON_MS_PRINCIPAL flag.
* Remove orphaned Apple PKINIT supportGreg Hudson2012-04-261-21/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25830 dc483132-0cff-0310-8789-dd5450dbe970
* Suppress some gcc uninitialized variable warningsGreg Hudson2012-03-221-0/+1
| | | | | | | | ticket: 7107 gcc 4.6.2 reportedly finds some spurious maybe-uninitialized warnings. Suppress them. Patch from Eray Aslan with some adjustment. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25783 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use stack variable address in as_req stateGreg Hudson2012-01-261-5/+5
| | | | | | | | | | | | | The KDC's process_as_req was storing the address of a stack variable (client_princ), which fails if the request is not immediately serviced. Move that variable to the state structure so its address remains valid for the lifetime of the request. ticket: 7081 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25659 dc483132-0cff-0310-8789-dd5450dbe970
* Stop using krb5_typed_data structure typeGreg Hudson2011-12-211-4/+3
| | | | | | | | | | | | Use the krb5_pa_data structure type when encoding or decoding TYPED-DATA. Leave the krb5_typed_data structure definition in krb5.h with a comment saying not to use it. Remove krb5_free_typed_data (which was never declared in krb5.h). Remove some vestigial accessor stuff related to PKINIT encoding and decoding TYPED-DATA, which was unneeded since r25483. Bump the accessor structure version to 19 accordingly. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25601 dc483132-0cff-0310-8789-dd5450dbe970
* Make verto context available to kdcpreauth modulesGreg Hudson2011-11-151-1/+3
| | | | | | | | | | | | Add an event_context callback to kdcpreauth. Adjust the internal KDC and main loop interfaces to pass around the event context, and expose it to kdcpreauth modules via the rock. ticket: 7019 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25475 dc483132-0cff-0310-8789-dd5450dbe970
* Simplify and fix kdcpreauth request_body callbackGreg Hudson2011-11-141-2/+14
| | | | | | | | | | | | | | | | | | | Alter the contract for the kdcpreauth request_body callback so that it returns an alias to the encoded body instead of a fresh copy. At the beginning of AS request processing, save a copy of the encoded request body, or the encoded inner request body for FAST requests. Previously the request_body callback would re-encode the request structure, which in some cases has been modified by the AS request code. No kdcpreauth modules currently use the request_body callback, but PKINIT will need to start using it in order to handle FAST requests correctly. ticket: 7017 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25473 dc483132-0cff-0310-8789-dd5450dbe970
* Use zero-filled states for all async ops in KDCGreg Hudson2011-10-281-22/+3
| | | | | | | | | There have been a couple of uninitialized field bugs in the restructured KDC code, partly because compilers can't find these bugs as easily as they can find uninitialized local variable bugs. Use zero-filled state structures to make this type of bug less likely. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25422 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize typed_e_data in as_req_stateGreg Hudson2011-10-281-0/+1
| | | | | | | | | | | | | | The typed_e_data field in struct as_req_state was not properly initialized, causing the KDC to sometimes respond with typed-data e_data for a preauth-required error when the client sends no padata. This bug was masked with recent clients, which send a KRB5_ENCPADATA_REQ_ENC_PA_REP padata. ticket: 6995 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25419 dc483132-0cff-0310-8789-dd5450dbe970
* Make reindentTom Yu2011-10-171-6/+5
| | | | | | | Also fix pkinit_crypto_nss.c struct initializers and add parens to a ternary operator in do_as_req.c for better indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970
* Make get_preauth_hint_list respond via callbackGreg Hudson2011-10-151-25/+39
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25347 dc483132-0cff-0310-8789-dd5450dbe970
* Use an opaque handle in the kdcpreauth callbackGreg Hudson2011-10-051-9/+13
| | | | | | | | | | | | | | Instead of passing a request and entry to the kdcpreauth get_data callback, pass an opaque handle. Remove DB entry and key data parameters from kdcpreauth methods (but keep the request, since that's transparent). The SecurID plugin links against libkdb5 and needs access to the client DB entry. Rather than continue to pass a DB entry to kdcpreauth methods, add a get_data callback to get the client DB entry for the few plugins which might need it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25300 dc483132-0cff-0310-8789-dd5450dbe970
* Fix initialization and pointer bugs in new codeGreg Hudson2011-10-041-1/+2
| | | | | | | Coverity found some minor-to-medium bugs in some recent changes; fix them. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25299 dc483132-0cff-0310-8789-dd5450dbe970
* Create e_data as pa_data in KDC interfacesGreg Hudson2011-10-041-72/+28
| | | | | | | | | | | | All current known uses of e_data are encoded as pa-data or typed-data. FAST requires that e_data be expressed as pa-data. Change the DAL and kdcpreauth interfaces so that e_data is returned as a sequence of pa-data elements. Add a preauth module flag to indicate that the sequence should be encoded as typed-data in non-FAST errors. ticket: 6969 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25298 dc483132-0cff-0310-8789-dd5450dbe970
* Make check_padata() respond via a callbackGreg Hudson2011-10-031-407/+486
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25293 dc483132-0cff-0310-8789-dd5450dbe970
* Make do_as_req() respond via a callbackGreg Hudson2011-10-031-6/+8
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25292 dc483132-0cff-0310-8789-dd5450dbe970
* Convert preauth_plugin.h to new plugin frameworkGreg Hudson2011-06-171-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | The preauth plugin interface was introduced in 1.6 but was never made a public API. In preparation for making it public in 1.10, convert it to use the new plugin framework. This will require changes to any existing preauth plugins. A number of symbols were renamed for namespace cleanliness, and abstract types were introduced for module data and module per-request data for better type safety. On the consumer end (preauth2.c and kdc_preauth.c), this is a pretty rough conversion. Eventually we should create proper consumer APIs with module handles, and the flat lists of preauth types should hold pointers to module handles rather than copies of the vtables. The built-in preauth type handlers should then be converted to built-in module providers linked into the consumer code (as should encrypted challenge, since it has no external dependencies). None of this will impact the provider API for preauth plugins, so it can wait. ticket: 6921 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24970 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-101-1/+2
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a potential uninitialized free in prepare_error_as()Greg Hudson2011-04-011-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24779 dc483132-0cff-0310-8789-dd5450dbe970
* Use a helper function to clarify prepare_error_as() in the KDCGreg Hudson2011-03-181-63/+82
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24725 dc483132-0cff-0310-8789-dd5450dbe970
* KDC memory leak in FAST error pathGreg Hudson2011-03-171-3/+7
| | | | | | | | | | | | | | When kdc_fast_handle_error() produces a FAST-encoded error, it puts it into err->e_data and it never gets freed (since in the non-FAST case, err->e_data contains aliased pointers). Fix this by storing the encoded error in an output variable which is placed into the error's e_data by the caller and then freed. ticket: 6884 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24722 dc483132-0cff-0310-8789-dd5450dbe970
* KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]Tom Yu2011-03-151-0/+2
| | | | | | | | | | | Fix a double-free condition in the KDC that can occur during an AS-REQ when PKINIT is enabled. ticket: 6881 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24705 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-091-2/+1
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Add an error to be returned by a preauth mechanism indicating that the KDC ↵Sam Hartman2010-10-011-1/+3
| | | | | | | | | | | should not respond to a packet * Do not generate an error response in this case * Drop a TCP connection if we are not going to respond to it. kdc: add KRB5KDC_ERR_DISCARD git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24406 dc483132-0cff-0310-8789-dd5450dbe970
* kdb: store mkey list in context and permit NULL mkey for ↵Sam Hartman2010-09-151-42/+2
| | | | | | | | | | | | | | | | | | | | | | | | kdb_dbe_decrypt_key_data Previously, code needed to run a loop to find the current master key, possibly fetch a new master key list and try finding the master key again around each key decryption. This was not universally done; there are cases where only the current master key was used. In addition, the correct ideom for decrypting key data is too complicated and is potentially unavailable to plugins that do not have access to the master key. Instead, store the master key list in the dal_handle whenever it is fetched and permit a NULL master key for krb5_dbe_decrypt_key_data. * Remove APIs for krb5_db_{get|set}_mkey_list * krb5_db_fetch_mkey_list: memoize master key list in dal_handle * krb5_db_free_mkey_list: don't free the memoized list; arrange for it to be freed later * krb5_dbe_decrypt_key_data: Search for correct master key on NULL argument * change call sites to take advantage ticket: 6778 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24314 dc483132-0cff-0310-8789-dd5450dbe970
* In AS replies, set the key-expiration field to the minimum of accountGreg Hudson2010-08-121-1/+12
| | | | | | | | | and password expiration time as specified in RFC 4120. Reported by Mary Cushion <mary@eiger.demon.co.uk>. ticket: 2032 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24240 dc483132-0cff-0310-8789-dd5450dbe970
* Create a KRB5_KDB_FLAG_ALIAS_OK to control whether plugin modulesGreg Hudson2010-07-081-0/+2
| | | | | | | | | | | should return in-realm aliases. Set it where appropriate, and use it in the LDAP module instead of intuiting the result based on other flags. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-061-69/+51
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson2010-07-021-6/+6
| | | | | | | | | just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
* Don't include nul characters in the text we send with krb-errorGreg Hudson2010-05-241-1/+1
| | | | | | responses from the KDC. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24097 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of serviceTom Yu2010-02-161-0/+5
| | | | | | | | | | | | | Code introduced in krb5-1.7 can cause an assertion failure if a KDC-REQ is internally inconsistent, specifically if the ASN.1 tag doesn't match the msg_type field. Thanks to Emmanuel Bouillon (NATO C3 Agency) for discovering and reporting this vulnerability. ticket: 6662 tags: pullup target_version: 1.8 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23724 dc483132-0cff-0310-8789-dd5450dbe970
* Followon fixes to r23712:Greg Hudson2010-02-101-1/+5
| | | | | | | | | | | | | | | | * A few formatting fixes. * Fix unlikely leak in kdc_handle_protected_negotiation: if add_pa_data_element with copy == FALSE fails, it's still the caller's responsibility to free pa.contents. * Fix pre-existing (since r23465) leak of reply_encpart.enc_padata in process_as_req. * Call add_pa_data_element with copy == TRUE in return_referral_enc_padata since we are passing memory owned by the database entry. ticket: 6656 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23714 dc483132-0cff-0310-8789-dd5450dbe970
* enc_padata can include empty sequenceSam Hartman2010-02-091-1/+1
| | | | | | | | | | | | | | | | | There are two issues with return_enc_padata. 1) It often will return an empty sequence of enc_padata rather than not including the field 2) FAST negotiation is double supported in the referral tgs path and not supported in the non-referral path Rewrite the return_enc_padata logic to: * Split out referral interactions with kdb into its own function * Use add_pa_data_element ticket: 6656 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23712 dc483132-0cff-0310-8789-dd5450dbe970
* Always treat anonymous as preauth requiredSam Hartman2010-01-071-0/+1
| | | | | | | | | | Always treat the WELLKNOWN/ANONYMOUS principal as requiring pre-authentication. The anonymous draft depends on a pre-auth exchange to invoke pkinit. ticket: 6623 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23603 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-281-1/+2
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-281-0/+18
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* fast negotiation projecSam Hartman2009-12-141-6/+8
| | | | | | | | | | | | | | | | Merge branches/fast-negotiate into trunk. This implements http://k5wiki.kerberos.org/wiki/Projects/Fast_negotiation Additional changes: * krb5_c_make_checksum with checksum type 0 uses mandatory checksum for given key enctype Conflicts: src/lib/crypto/krb/make_checksum.c ticket: 6595 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23465 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-09-21 13:16:54 +0000