| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "-f" dump option allows a dump of the Heimdal
KDC in a format that the MIT kdb5_util command can
load into a MIT KDC's database.
This makes transitioning from the Heimdal KDC to
the current MIT one feasible without having to
re-create the KDC database from scratch.
glebius@ did the initial work, cherry picking these
commits from the Heimdal sources on github and then doing
extensive merge conflict resolution and other fixes so
that it would build.
Heimdal commit fca5399 authored by Nico Williams:
Initial commit for second approach for multiple kvno. NOT TESTED!
Heimdal commit 57f1545 authored by Nico Williams:
Add support for writing to KDB and dumping HDB to MIT KDB dump format
Before this change Heimdal could read KDBs. Now it can write to
them too.
Heimdal can now also dump HDBs (including KDBs) in MIT format,
which can then be imported with kdb5_util load.
This is intended to help in migrations from MIT to Heimdal by
allowing migrations from Heimdal to MIT so that it is possible
to rollback from Heimdal to MIT should there be any issues. The
idea is to allow a) running Heimdal kdc/kadmind with a KDB, or
b) running Heimdal with an HDB converted from a KDB and then
rollback by dumping the HDB and loading a KDB.
Note that not all TL data types are supported, only two: last
password change and modify-by. This is the minimum necessary.
PKINIT users may need to add support for KRB5_TL_USER_CERTIFICATE,
and for databases with K/M history we may need to add KRB5_TL_MKVNO
support.
This resulted in a Heimdal kadmin that would dump
the KDC database in MIT format. However, there
were issues when this dump was loaded into the
current MIT KDC in FreeBSD current/15.0.
The changes I did to make the dump more useful are listed below:
When "-f MIT" is used for "kadmin -l dump" it writes
the dump out in MIT format. This dump format is understood
by the MIT kdb5_util command. The patch modifies the above
so that the MIT KDC's master key keytab file can be provided
as the argument to "-f" so that the principals are re-encrypted in
it. This allows any principal with at least one strong encryption
type key to work without needing a change_password.
The strong encryption types supported by the Heimdal KDC are:
aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96
The issues my changes address are:
- If there are weak encryption keys in a principal's entry,
MIT's kadmin.local will report that the principcal's entry
is incomplete or corrupted.
- The keys are encrypted in Heimdal's master key. The
"-d" option can be used on the "kadmin -l dump" to
de-encrypt them, but the passwords will not work on the
current MIT KDC.
To try and deal with the above issues, this patch modied the above to:
- Does not dump the weak keys.
- Re-encrypts the strong keys in MIT's master key if the argument
to "-f" is actually a filename which holds the MIT KDC's
master key keytab and not "MIT".
- For principals that only have weak keys, it generates
a fake strong key. This key will not work on the MIT
KDC, but the principal entry will work once a
change_password is done to it.
- It always generates a "modified_by" entry, faking one if
not already present in the Heimdal KDC database.
This was necessary, since the MIT kadmin will
report that the principal entry is "incomplete or
corrupted" without one.
It also fixed a problem where "get principal" no longer
worked after the initial patch was applied.
A man page update will be done as a separate commit.
I believe this commit is acceptable since the Heimdal
sources are now essentially deprecated in favor of the
MIT sources and that this new "-f" patch simplifies
the transition to the MIT KDC.
Discussed with: glebius, cy
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream's explanation of the problem:
S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros parlance). This is useful to allow internal
code paths to be standardized around Kerberos.
S4U2Proxy (constrained-delegation) is an extension of this mechanism
allowing this impersonation to a second service over the network. It
allows a privileged server that obtained a S4U2Self ticket to itself
to then assert the identity of that principal to a second service and
present itself as that principal to get services from the second
service.
There is a flaw in Samba's AD DC in the Heimdal KDC. When the Heimdal
KDC checks the checksum that is placed on the S4U2Self packet by the
server to protect the requested principal against modification, it
does not confirm that the checksum algorithm that protects the user
name (principal) in the request is keyed. This allows a
man-in-the-middle attacker who can intercept the request to the KDC to
modify the packet by replacing the user name (principal) in the
request with any desired user name (principal) that exists in the KDC
and replace the checksum protecting that name with a CRC32 checksum
(which requires no prior knowledge to compute).
This would allow a S4U2Self ticket requested on behalf of user name
(principal) user@EXAMPLE.COM to any service to be changed to a
S4U2Self ticket with a user name (principal) of
Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
the modified user name (principal).
Reported by: emaste
Security: CVE-2018-16860
Obtained from: Upstream c6257cc2c
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply upstream b1e699103. This fixes a bug introduced by upstream
f469fc6 which may in some cases enable bypass of capath policy.
Upstream writes in their commit log:
Note, this may break sites that rely on the bug. With the bug some
incomplete [capaths] worked, that should not have. These may now break
authentication in some cross-realm configurations.
Reported by: emaste
Security: CVE-2017-6594
Obtained from: upstream b1e699103
MFC after: 1 week
|
| | |
|
| |
|
|
|
| |
Reported by: Jens Schweikhardt <schweikh@schweikhardt.net>
MFC: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following issues are patched:
- CVE-2022-42898 PAC parse integer overflows
- CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
- CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
- CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0
on the Common Vulnerability Scoring System (CVSS) v3, as we believe
it should be possible to get an RCE on a KDC, which means that
credentials can be compromised that can be used to impersonate
anyone in a realm or forest of realms.
Heimdal's ASN.1 compiler generates code that allows specially
crafted DER encodings of CHOICEs to invoke the wrong free function
on the decoded structure upon decode error. This is known to impact
the Heimdal KDC, leading to an invalid free() of an address partly
or wholly under the control of the attacker, in turn leading to a
potential remote code execution (RCE) vulnerability.
This error affects the DER codec for all extensible CHOICE types
used in Heimdal, though not all cases will be exploitable. We have
not completed a thorough analysis of all the Heimdal components
affected, thus the Kerberos client, the X.509 library, and other
parts, may be affected as well.
This bug has been in Heimdal's ASN.1 compiler since 2005, but it may
only affect Heimdal 1.6 and up. It was first reported by Douglas
Bagnall, though it had been found independently by the Heimdal
maintainers via fuzzing a few weeks earlier.
While no zero-day exploit is known, such an exploit will likely be
available soon after public disclosure.
- CVE-2019-14870: Validate client attributes in protocol-transition
- CVE-2019-14870: Apply forwardable policy in protocol-transition
- CVE-2019-14870: Always lookup impersonate client in DB
Sponsored by: so (philip)
Obtained from: so (philip)
Tested by: philip, cy
MFC after: immediately
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Existing work is underway to import a newer version of heimdal, but
this patchset gets us to a fully working tree to enable more wide
spread testing of OpenSSL 1.1 for now.
I've also enabled WARNS=1 for kerberos (which is the reason for the
change in libroken). Having -Werror enabled was useful during the
1.1 updates and we probably should have warnings enabled by default
for kerberos anyway.
This passes make tinderbox, and I have also done some very light
runtime testing on amd64.
Reviewed by: bjk, jkim, emaste
Differential Revision: https://reviews.freebsd.org/D17276
Notes:
svn path=/projects/openssl111/; revision=339198
|
| |\
| |
| |
| |
| |
| |
| | |
release, which fixes a DoS issue in libkrb5.
Notes:
svn path=/head/; revision=234027
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
Notes:
svn path=/head/; revision=233294
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=225864
|
| | |
| |
| |
| |
| |
| |
| | |
all non-style changes made by heimdal to our own libgssapi.
Notes:
svn path=/head/; revision=178828
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=178826
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=178825
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=142404
|
| | |
| |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=142403
svn path=/vendor-crypto/heimdal/0.6.3/; revision=142405; tag=vendor/heimdal/0.6.3
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
any import for several years.
If memory serves, this was
Suggested by: ru
an awfully long time ago-- sorry for the delay!
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=142400
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=127811
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=127809
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=127808
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=120946
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=120945
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=107208
|
| | |
| |
| |
| |
| |
| |
| | |
Approved by: re
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=107207
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=103426
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=103424
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=103423
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=102654
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=102648
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=102645
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=102644
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=90929
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=90927
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=90926
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=78536
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=78528
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=78527
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=76372
|
| | |
| |
| |
| |
| |
| |
| | |
Submitted by: ru
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=76371
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=72448
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=72446
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=72445
|
| |/
|
|
| |
Notes:
svn path=/head/; revision=57428
|
| |
|
|
|
| |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=57422
svn path=/vendor-crypto/heimdal/0.2p/; revision=57424; tag=vendor/heimdal/0.2p
|
| |
|
|
|
| |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=57419
svn path=/vendor-crypto/heimdal/0.2o/; revision=57421; tag=vendor/heimdal/0.2o
|
| |
|
|
|
| |
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=57416
svn path=/vendor-crypto/heimdal/0.2n/; revision=57418; tag=vendor/heimdal/0.2n
|
|
|
Userland to follow.
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=55682
svn path=/vendor-crypto/heimdal/0.2m/; revision=55684; tag=vendor/heimdal/0.2m
|
