summaryrefslogtreecommitdiffstats
path: root/src/plugins/preauth/pkinit/pkinit_srv.c
Commit message (Collapse)AuthorAgeFilesLines
* Include autoconf.h before system headersGreg Hudson2014-07-081-5/+0
| | | | | | | | | Include autoconf.h (either directly or via proxy) before system headers, so that feature test macros defined there can affect the system namespace. Where include order was changed, eliminate some redundant or unnecessary includes. ticket: 7961
* Remove stub pkinit_mapping_file codeGreg Hudson2014-06-031-4/+0
| | | | | | As contributed, the PKINIT code contained code to read a mapping filename, but never used the resulting structure variable. Get rid of the structure field and the code to populate it.
* Use constant-time comparisons for checksumsGreg Hudson2013-10-031-3/+3
|
* Split pkinit_identity_initialize into two phasesNalin Dahyabhai2013-07-171-1/+6
| | | | | | | | | | | Split part of pkinit_identity_initialize() into a second piece named pkinit_identity_prompt(). Have each piece pass a new boolean flag to crypto_load_certs() to indicate if it should defer prompting for a password/PIN for client identities that require one. If the flag isn't set, then crypto_load_certs() should attempt to use a responder-supplied value, or call the prompter if there isn't one. ticket: 7680
* Remove some apparently-accidental debug whitespaceNalin Dahyabhai2013-05-081-2/+2
|
* Use macro for IANA assigned PA-AS-CHECKSUM numberZhanna Tsitkov2013-04-181-3/+4
| | | | | Replace numeric value '132' by the macro KRB5_PADATA_AS_CHECKSUM in preauth plugin.
* Allow config of dh_min_bits < 2048Tom Yu2013-04-121-3/+4
| | | | | | | | | | Allow configuration to override the default dh_min_bits of 2048 to 1024. Disallow configuration of dh_min_bits < 1024, but continue to default to 2048. ticket: 7602 target_version: 1.11.3 tags: pullup
* Add and use k5memdup, k5memdup0 helpersGreg Hudson2013-02-091-2/+2
| | | | | | Add k5-int.h static functions to duplicate byte ranges, optionally with a trailing zero byte, and set an error code like k5alloc does. Use them where they would shorten existing code.
* PKINIT (draft9) null ptr deref [CVE-2012-1016]Nalin Dahyabhai2012-12-141-2/+3
| | | | | | | | | | | | | | | | | | Don't check for an agility KDF identifier in the non-draft9 reply structure when we're building a draft9 reply, because it'll be NULL. The KDC plugin for PKINIT can dereference a null pointer when handling a draft9 request, leading to a crash of the KDC process. An attacker would need to have a valid PKINIT certificate, or an unauthenticated attacker could execute the attack if anonymous PKINIT is enabled. CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C [tlyu@mit.edu: reformat comment and edit log message] ticket: 7506 (new) target_version: 1.11 tags: pullup
* Use config storage for client identity selectionNalin Dahyabhai2012-10-171-1/+2
| | | | | | | | * Keep track of the names of client identities when we load them. * Store the client identity we just used when we create or retry a client request. * If we read a client identity from the configuration, treat it like the KDC does: pick the "this is it, there is no other" logic branch.
* Simplify pkinit_server_verify_padata slightlyGreg Hudson2012-07-051-7/+2
| | | | | Eliminate the effectively unused variable tmp_as_req, and eliminate two unnecessary conditionals for freeing pointers.
* Stop using krb5_octet_dataGreg Hudson2011-12-211-25/+38
| | | | | | | | For consistency with the rest of the code base, make PKINIT use krb5_data as a pointer/length container. Leave krb5_octet_data and krb5_free_octet_data behind for API compatibility. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25600 dc483132-0cff-0310-8789-dd5450dbe970
* ticket: newSam Hartman2011-11-231-33/+1
| | | | | | | | | | | | | | | | | subject: FAST PKINIT target_version: 1.10 tags: pullup Per RFC 6113 fast should use the inner request body for the pkinit checksum. We did that on the KDC; now do so on the client. Remove code that explicitly blocked pkinit under FAST. Also, use the reply key *before* the strengthen key is applied when verifying the PADATA_PKINIT_KX. Add FAST pkinit test. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25486 dc483132-0cff-0310-8789-dd5450dbe970
* Make reindentTom Yu2011-10-171-1/+1
| | | | | | | Also fix pkinit_crypto_nss.c struct initializers and add parens to a ternary operator in do_as_req.c for better indentation. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25362 dc483132-0cff-0310-8789-dd5450dbe970
* Make kdcpreauth edata method respond via callbackGreg Hudson2011-10-151-5/+9
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25348 dc483132-0cff-0310-8789-dd5450dbe970
* Ditch fast_factor.h since it contains only stubsGreg Hudson2011-10-061-3/+0
| | | | | | | | Leave a comment behind where we called fast_set_kdc_verified(). Remove the call to fast_kdc_replace_reply_key() since it's wrong (encrypted challenge doesn't replace the reply key in that sense). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25317 dc483132-0cff-0310-8789-dd5450dbe970
* Use type-safe callbacks in preauth interfaceGreg Hudson2011-10-061-14/+9
| | | | | | | | | | | | | | | Replace the generic get_data functions in clpreauth and kdcpreauth with structures containing callback functions. Each structure has a minor version number to allow adding new callbacks. For simplicity, the new fast armor key callbacks return aliases, which is how we would supply the armor key as a function parameter. The new client keys callback is paired with a free_keys callback to reduce the amount of cleanup code needed in modules. ticket: 6971 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25315 dc483132-0cff-0310-8789-dd5450dbe970
* Make pkinit fall back to octetstring2key() if there are not matching KDFsSam Hartman2011-10-051-7/+5
| | | | | | From: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25304 dc483132-0cff-0310-8789-dd5450dbe970
* Treat the client's list of supported KDFs as an unordered listSam Hartman2011-10-051-4/+5
| | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25303 dc483132-0cff-0310-8789-dd5450dbe970
* Use an opaque handle in the kdcpreauth callbackGreg Hudson2011-10-051-13/+9
| | | | | | | | | | | | | | Instead of passing a request and entry to the kdcpreauth get_data callback, pass an opaque handle. Remove DB entry and key data parameters from kdcpreauth methods (but keep the request, since that's transparent). The SecurID plugin links against libkdb5 and needs access to the client DB entry. Rather than continue to pass a DB entry to kdcpreauth methods, add a get_data callback to get the client DB entry for the few plugins which might need it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25300 dc483132-0cff-0310-8789-dd5450dbe970
* Create e_data as pa_data in KDC interfacesGreg Hudson2011-10-041-6/+6
| | | | | | | | | | | | All current known uses of e_data are encoded as pa-data or typed-data. FAST requires that e_data be expressed as pa-data. Change the DAL and kdcpreauth interfaces so that e_data is returned as a sequence of pa-data elements. Add a preauth module flag to indicate that the sequence should be encoded as typed-data in non-FAST errors. ticket: 6969 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25298 dc483132-0cff-0310-8789-dd5450dbe970
* Make kdcpreauth verify respond via callbackGreg Hudson2011-10-031-24/+22
| | | | | | From npmccallum@redhat.com with changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25294 dc483132-0cff-0310-8789-dd5450dbe970
* Remove variables set but not usedEzra Peisach2011-09-261-3/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25233 dc483132-0cff-0310-8789-dd5450dbe970
* If the client offers the alg agility KDF, use itSam Hartman2011-09-211-7/+91
| | | | | | | | Signed-off-by: Margaret Wasserman <mrw@painless-security.com> pkinit: changes to call alg-agility KDF git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25218 dc483132-0cff-0310-8789-dd5450dbe970
* Reordered pkinit_server_return_padata(), so that the alg-agilitySam Hartman2011-09-211-8/+20
| | | | | | | | KDF can be called after the reply is encoded, as it needs the encoded reply as one of its arguments. Signed-off-by: Margaret Wasserman <mrw@painless-security.com> git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25217 dc483132-0cff-0310-8789-dd5450dbe970
* Support pkinit: SignedData with no signers (KDC)Sam Hartman2011-09-191-1/+1
| | | | | | | | | For anonymous, MIT 1.9 sends ContentInfo rather than SignedData. This violates RFc 6112. This patch accepts the RFC 6112 style encoding. ticket: 6961 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25184 dc483132-0cff-0310-8789-dd5450dbe970
* Silence various "may be used uninitialized" warnings from GCC causedKen Raeburn2011-09-051-1/+1
| | | | | | | | | by it not figuring out the control flow (initialization and use both tied to some other variable). DB2 code not included. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25146 dc483132-0cff-0310-8789-dd5450dbe970
* Change output type of pkinit_init_kdc_req_context so as not to requireKen Raeburn2011-09-051-3/+3
| | | | | | gratuitous casting. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25145 dc483132-0cff-0310-8789-dd5450dbe970
* Convert preauth_plugin.h to new plugin frameworkGreg Hudson2011-06-171-48/+60
| | | | | | | | | | | | | | | | | | | | | | | | The preauth plugin interface was introduced in 1.6 but was never made a public API. In preparation for making it public in 1.10, convert it to use the new plugin framework. This will require changes to any existing preauth plugins. A number of symbols were renamed for namespace cleanliness, and abstract types were introduced for module data and module per-request data for better type safety. On the consumer end (preauth2.c and kdc_preauth.c), this is a pretty rough conversion. Eventually we should create proper consumer APIs with module handles, and the flat lists of preauth types should hold pointers to module handles rather than copies of the vtables. The built-in preauth type handlers should then be converted to built-in module providers linked into the consumer code (as should encrypted challenge, since it has no external dependencies). None of this will impact the provider API for preauth plugins, so it can wait. ticket: 6921 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24970 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-101-7/+11
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* SA-2010-007 Checksum vulnerabilities (CVE-2010-1324 and others)Greg Hudson2010-11-301-10/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix multiple checksum handling bugs, as described in: CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021 * Return the correct (keyed) checksums as the mandatory checksum type for DES enctypes. * Restrict simplified-profile checksums to their corresponding etypes. * Add internal checks to reduce the risk of stream ciphers being used with simplified-profile key derivation or other algorithms relying on the block encryption primitive. * Use the mandatory checksum type for the PKINIT KDC signature, instead of the first-listed keyed checksum. * Use the mandatory checksum type when sending KRB-SAFE messages by default, instead of the first-listed keyed checksum. * Use the mandatory checksum type for the t_kperf test program. * Use the mandatory checksum type (without additional logic) for the FAST request checksum. * Preserve the existing checksum choices (unkeyed checksums for DES enctypes) for the authenticator checksum, using explicit logic. * Ensure that SAM checksums received from the KDC are keyed. * Ensure that PAC checksums are keyed. ticket: 6827 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24538 dc483132-0cff-0310-8789-dd5450dbe970
* Other changes in this ticket guarantee that the padata argument toSam Hartman2010-01-041-1/+1
| | | | | | | | return callbacks is non-null; don't check for null in pkinit_srv.c. ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23582 dc483132-0cff-0310-8789-dd5450dbe970
* Remove an inoperable error check in return_pkinit_kxGreg Hudson2009-12-291-2/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23536 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace fixes for new anonymous supportGreg Hudson2009-12-281-21/+25
| | | | | | ticket: 6607 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23528 dc483132-0cff-0310-8789-dd5450dbe970
* Anonymous support for KerberosSam Hartman2009-12-281-82/+107
| | | | | | | | | | | | | | | | | | | | | | This ticket implements Project/Anonymous pkinit from k5wiki. Provides support for completely anonymous principals and untested client support for realm-exposed anonymous authentication. * Introduce kinit -n * Introduce kadmin -n * krb5_get_init_creds_opt_set_out_ccache aliases the supplied ccache * No longer generate ad-initial-verified-cas in pkinit * Fix pkinit interactions with non-TGT authentication Merge remote branch 'anonymous' into trunk Conflicts: src/lib/krb5/krb/gic_opt.c ticket: 6607 Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23527 dc483132-0cff-0310-8789-dd5450dbe970
* Mark and reindent the pkinit plugin code, except for the header filesGreg Hudson2009-11-251-754/+757
| | | | | | which are kind of difficult. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23354 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-311-22/+22
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Minor code cleanups in pkinit plugin, mostly around malloc/freeGreg Hudson2009-08-181-21/+12
| | | | | | invocations. No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22534 dc483132-0cff-0310-8789-dd5450dbe970
* In pkinit_clnt.c, make private functions static. There and inGreg Hudson2009-08-101-46/+0
| | | | | | | | | pkinit_srv.c, only declare static functions when necessary for forward references (as is consistent with the other pkinit sources). Remove the empty functions pkinit_init_client_profile and pkinit_fini_client_profile. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22514 dc483132-0cff-0310-8789-dd5450dbe970
* Restore limited support for static linkingGreg Hudson2009-06-081-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add enough static linking support to run the test suite without shared libraries, to facilitate gcov and other kinds of instrumentation. The necessary changes include: * Undo some of the changes which removed static linking support, and cannibalize the defunct krb5_force_static conditional block in aclocal.m4. * Add --enable-static-only configure option. * For plugins, use a different symbol name for static and dynamic builds, via a macro in k5plugin.h. * Add build machinery for building static libraries for plugins (somewhat grotty due to the difference in names). * Move plugin subdirs earlier in SUBDIRS in src/Makefile.in. * Make the in-tree KDB5 plugins dependencies of libkdb5 in a static build (aclocal.m4 has to know what they are). * In kdb5.c, cannibalize the broken _KDB5_STATIC_LINK support to allow "loading" of statically linked plugin libraries. Preauth, authdata, locate, and GSSAPI plugins are not handled by this change, as they are not currently necessary to the test suite. Supporting GSSAPI plugins may be a bit tricky but the others should be straightforward if they become needed. $(STLIBEXT) changes from .a-nobuild to .a in a normal shared build as a result of these changes (except on AIX where aclocal.m4 changes it). This does not seem to be important as we avoid selecting the static library for building via other means. ticket: 6510 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22406 dc483132-0cff-0310-8789-dd5450dbe970
* Temporarily disable FAST PKINIT for 1.7 releaseGreg Hudson2009-05-251-0/+23
| | | | | | | | | | | | | There are protocol issues and implementation defects surrounding the combination of FAST an PKINIT currently. To avoid impacting the 1.7 scheduled and to avoid creating interoperability problems later, disable the combination until the problems are resolved. ticket: 6501 tags: pullup target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22381 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r21880 which included k5-int.h in several pkinit source files.Greg Hudson2009-03-241-1/+0
| | | | | | | | Instead, move the pkinit-specific KRB5_CONF macros to pkinit.h, and add duplicate definitions of the non-pkinit-specific macros used by the pkinit code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22113 dc483132-0cff-0310-8789-dd5450dbe970
* Include k5-int.h in several pkinit source files, in order to defineGreg Hudson2009-02-041-0/+1
| | | | | | the KRB5_CONFIG symbols now used by those files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21880 dc483132-0cff-0310-8789-dd5450dbe970
* Use macros for config parametersZhanna Tsitkov2009-02-041-11/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21879 dc483132-0cff-0310-8789-dd5450dbe970
* Add PKINIT supportKevin Coffman2007-08-011-0/+1399
Pull up PKINIT support onto the trunk. Changes from the version in branch users/coffman/pkinit are: - Update the preauth plugin interface version to avoid conflict with any existing plugins. - Add a pkcs11.h locally to the pkinit code rather than depending on opensc being installed. ticket: new Target_Version: 1.6.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19745 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-01 13:04:38 +0000