krb5.git/src/lib/gssapi/mechglue, branch keyring MIT Kerberos patches Fix gss_accept_sec_context error tokens 2013-10-15T03:52:52+00:00 Greg Hudson ghudson@mit.edu 2013-10-08T21:07:34+00:00 c547bc16f2ab6ee66c076ef944c3fbac8a66f5d4 A GSS krb5 error response contains a KRB-ERROR message, which is required to have a server principal name, although few recipients actually use it. Starting in 1.3, accept_sec_context would fail to encode the error in the GSS_C_NO_NAME/GSS_C_NO_CREDENTIAL case (introduced by #1370) because cred->princ (which became cred->name->princ in 1.8) is unset. This problem got worse in 1.10 because we stopped setting the server field in all cases due to the changes for #6855. In 1.11 the problem got worse again when a misguided change to the mechglue started discarding output tokens when the mechanism returns an error; the mechglue should only do so when it itself causes the error. Fix krb5 gss_accept_sec_context by unconditionally decoding the AP-REQ and using krb5_rd_req_decoded, and then using the requested ticket server in the KRB-ERROR message. Fix the mechglue gss_accept_sec_context by reverting that part of commit 56feee187579905c9101b0cdbdd8c6a850adcfc9. Add a test program which artificially induces a replay cache failure (the easiest failure we can produce which has an associated RFC 4120 error code) and checks that this can be communicated back to the initiator via an error token. ticket: 1445 target_version: 1.12 tags: pullup 
A GSS krb5 error response contains a KRB-ERROR message, which is
required to have a server principal name, although few recipients
actually use it.  Starting in 1.3, accept_sec_context would fail to
encode the error in the GSS_C_NO_NAME/GSS_C_NO_CREDENTIAL case
(introduced by #1370) because cred->princ (which became
cred->name->princ in 1.8) is unset.

This problem got worse in 1.10 because we stopped setting the server
field in all cases due to the changes for #6855.  In 1.11 the problem
got worse again when a misguided change to the mechglue started
discarding output tokens when the mechanism returns an error; the
mechglue should only do so when it itself causes the error.

Fix krb5 gss_accept_sec_context by unconditionally decoding the AP-REQ
and using krb5_rd_req_decoded, and then using the requested ticket
server in the KRB-ERROR message.  Fix the mechglue
gss_accept_sec_context by reverting that part of commit
56feee187579905c9101b0cdbdd8c6a850adcfc9.  Add a test program which
artificially induces a replay cache failure (the easiest failure we
can produce which has an associated RFC 4120 error code) and checks
that this can be communicated back to the initiator via an error
token.

ticket: 1445
target_version: 1.12
tags: pullup
Add GSSAPI IOV MIC functions 2013-09-18T22:22:16+00:00 Greg Hudson ghudson@mit.edu 2013-09-08T01:13:48+00:00 d750ef3130b76dd079e863ed395eb3620a37386b Add gss_get_mic_iov, gss_get_mic_iov_length, and gss_verify_mic_iov functions, which work similarly to the corresponding IOV wrap functions. Add a new buffer type GSS_IOV_BUFFER_TYPE_MIC_TOKEN for the destination buffer. Most of the internal code for this was already present, and just needed to be fixed up and adjusted to use the new buffer type for the MIC token. ticket: 7705 (new) 
Add gss_get_mic_iov, gss_get_mic_iov_length, and gss_verify_mic_iov
functions, which work similarly to the corresponding IOV wrap
functions.  Add a new buffer type GSS_IOV_BUFFER_TYPE_MIC_TOKEN for
the destination buffer.

Most of the internal code for this was already present, and just
needed to be fixed up and adjusted to use the new buffer type for the
MIC token.

ticket: 7705 (new)
Load import/export cred functions from GSS modules 2013-07-21T06:24:11+00:00 Simo Sorce simo@redhat.com 2013-07-20T17:20:43+00:00 744d6f873393b6bbd12e1c1884738676a089fa65 When the import/export credential feature was implement the related functions were added to struct gss_config, but the initialization function that dynamically loads modules was not changed to see if the plugin being loaded provided such functions. This will allow non-builtin mechanism and interposer mechanism to implement custom import/export credential extensions if they wish. ticket: 7682 
When the import/export credential feature was implement the related
functions were added to struct gss_config, but the initialization
function that dynamically loads modules was not changed to see if
the plugin being loaded provided such functions.

This will allow non-builtin mechanism and interposer mechanism to
implement custom import/export credential extensions if they wish.

ticket: 7682
Load cred store functions from GSS modules 2013-07-21T06:24:00+00:00 Simo Sorce simo@redhat.com 2013-07-20T17:19:19+00:00 ee53a887bead08ec1354de3e74659da537f87515 When the credential store feature was implement the related functions were added to struct gss_config, but the initialization function that dynamically loads modules was not changed to see if the plugin being loaded provided such functions. This will allow non-builtin mechanism and interposer mechanism to implement custom credential store extensions if they wish. ticket: 7682 
When the credential store feature was implement the related functions
were added to struct gss_config, but the initialization function that
dynamically loads modules was not changed to see if the plugin being
loaded provided such functions.

This will allow non-builtin mechanism and interposer mechanism to
implement custom credential store extensions if they wish.

ticket: 7682
Reduce boilerplate in makefiles 2013-05-17T00:09:27+00:00 Greg Hudson ghudson@mit.edu 2013-05-16T18:21:12+00:00 4b0985f8573840838bcfa8ec1df3dcd39a3dbf15 Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH, SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make sure to use DEFINES for local defines (not DEFS). Remove some other unnecessary makefile content. 
Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.
Assume mutex locking cannot fail 2013-05-14T17:31:41+00:00 Greg Hudson ghudson@mit.edu 2013-05-10T18:01:48+00:00 6350fd0c909d84c00200885e722cc902049ada05 Locking and unlocking a non-recursive mutex is a simple memory operation and should not fail on any reasonable platform with correct usage. A pthread mutex can return EDEADLK on lock or EPERM on unlock, or EINVAL if the mutex is uninitialized, but all of these conditions would reflect serious bugs in the calling code. Change the k5_mutex_lock and k5_mutex_unlock wrappers to return void and adjust all call sites. Propagate this change through k5_cc_mutex_lock and k5_cc_mutex_unlock as well. 
Locking and unlocking a non-recursive mutex is a simple memory
operation and should not fail on any reasonable platform with correct
usage.  A pthread mutex can return EDEADLK on lock or EPERM on unlock,
or EINVAL if the mutex is uninitialized, but all of these conditions
would reflect serious bugs in the calling code.

Change the k5_mutex_lock and k5_mutex_unlock wrappers to return void
and adjust all call sites.  Propagate this change through
k5_cc_mutex_lock and k5_cc_mutex_unlock as well.
Fix unused assignment in mechglue loadConfigFile 2013-03-28T06:24:05+00:00 Greg Hudson ghudson@mit.edu 2013-03-28T06:24:05+00:00 eaa16b361c032204f42148a302cf5623396ff39f 






Fix import_sec_context with interposers
2013-03-24T05:48:51+00:00

Simo Sorce
simo@redhat.com

2013-03-16T19:23:03+00:00

36c76aa3c625afc9291b9e1df071db51ccf37dab

The code was correctly selecting the mechanism to execute, but it was
improperly setting the mechanism type of the internal context when the
selected mechanism was that of an interposer and vice versa.

When an interposer is involved the internal context is that of the
interposer, so the mechanism type of the context needs to be the
interposer oid.  Conversely, when an interposer re-enters gssapi and
presents a token with a special oid, the mechanism called is the real
mechanism, and the context returned is a real mechanism context.  In
this case the mechanism type of the context needs to be that of the
real mechanism.

ticket: 7592
target_version: 1.11.2
tags: pullup





The code was correctly selecting the mechanism to execute, but it was
improperly setting the mechanism type of the internal context when the
selected mechanism was that of an interposer and vice versa.

When an interposer is involved the internal context is that of the
interposer, so the mechanism type of the context needs to be the
interposer oid.  Conversely, when an interposer re-enters gssapi and
presents a token with a special oid, the mechanism called is the real
mechanism, and the context returned is a real mechanism context.  In
this case the mechanism type of the context needs to be that of the
real mechanism.

ticket: 7592
target_version: 1.11.2
tags: pullup







make depend
2013-03-24T05:30:33+00:00

Greg Hudson
ghudson@mit.edu

2013-03-24T05:30:33+00:00

24c8bacbccc854dc30fd6baee49cdd2bf2557e47












Eliminate unused variables
2013-03-15T06:22:42+00:00

Greg Hudson
ghudson@mit.edu

2013-03-15T06:22:42+00:00

5bd6230bb2474bbed754c6d95eeee9c47c461d2c