1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
|
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 2010 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "common.h"
static gss_OID_desc mech_krb5_wrong = {
9, "\052\206\110\202\367\022\001\002\002"
};
gss_OID_set_desc mechset_krb5_wrong = { 1, &mech_krb5_wrong };
/*
* Test program for SPNEGO and gss_set_neg_mechs
*
* Example usage:
*
* kinit testuser
* ./t_spnego host/test.host@REALM testhost.keytab
*/
/* Replace *tok and *len with the concatenation of prefix and *tok. */
static void
prepend(const void *prefix, size_t plen, uint8_t **tok, size_t *len)
{
uint8_t *newtok;
newtok = malloc(plen + *len);
assert(newtok != NULL);
memcpy(newtok, prefix, plen);
memcpy(newtok + plen, *tok, *len);
free(*tok);
*tok = newtok;
*len = plen + *len;
}
/* Replace *tok and *len with *tok wrapped in a DER tag with the given tag
* byte. *len must be less than 2^16. */
static void
der_wrap(uint8_t tag, uint8_t **tok, size_t *len)
{
char lenbuf[3];
uint8_t *wrapped;
size_t llen;
if (*len < 128) {
lenbuf[0] = *len;
llen = 1;
} else if (*len < 256) {
lenbuf[0] = 0x81;
lenbuf[1] = *len;
llen = 2;
} else {
assert(*len >> 16 == 0);
lenbuf[0] = 0x82;
lenbuf[1] = *len >> 8;
lenbuf[2] = *len & 0xFF;
llen = 3;
}
wrapped = malloc(1 + llen + *len);
assert(wrapped != NULL);
*wrapped = tag;
memcpy(wrapped + 1, lenbuf, llen);
memcpy(wrapped + 1 + llen, *tok, *len);
free(*tok);
*tok = wrapped;
*len = 1 + llen + *len;
}
/*
* Create a SPNEGO initiator token for the erroneous Microsoft krb5 mech OID,
* wrapping a krb5 token ktok. The token should look like:
*
* 60 <len> (GSS framing sequence)
* 06 06 2B 06 01 05 05 02 (SPNEGO OID)
* A0 <len> (NegotiationToken choice 0, negTokenInit)
* 30 <len> (sequence)
* A0 0D (context tag 0, mechTypes)
* 30 0B (sequence of)
* 06 09 2A 86 48 82 F7 12 01 02 02 (wrong krb5 OID)
* A2 <len> (context tag 2, mechToken)
* 04 <len> (octet string)
* <mech token octets>
*/
static void
create_mskrb5_spnego_token(gss_buffer_t ktok, gss_buffer_desc *tok_out)
{
uint8_t *tok;
size_t len;
len = ktok->length;
tok = malloc(len);
assert(tok != NULL);
memcpy(tok, ktok->value, len);
/* Wrap the krb5 token in OCTET STRING and [2] tags. */
der_wrap(0x04, &tok, &len);
der_wrap(0xA2, &tok, &len);
/* Prepend the wrong krb5 OID inside OBJECT IDENTIFIER and [0] tags. */
prepend("\xA0\x0D\x30\x0B\x06\x09\x2A\x86\x48\x82\xF7\x12\x01\x02\x02", 15,
&tok, &len);
/* Wrap the previous two things in SEQUENCE and [0] tags. */
der_wrap(0x30, &tok, &len);
der_wrap(0xA0, &tok, &len);
/* Prepend the SPNEGO OID in an OBJECT IDENTIFIER tag. */
prepend("\x06\x06\x2B\x06\x01\x05\x05\x02", 8, &tok, &len);
/* Wrap the whole thing in an [APPLICATION 0] tag. */
der_wrap(0x60, &tok, &len);
tok_out->value = tok;
tok_out->length = len;
}
/*
* Test that the SPNEGO acceptor code accepts and properly reflects back the
* erroneous Microsoft mech OID in the supportedMech field of the NegTokenResp
* message. Use acred as the verifier cred handle.
*/
static void
test_mskrb_oid(gss_name_t tname, gss_cred_id_t acred)
{
OM_uint32 major, minor;
gss_ctx_id_t ictx = GSS_C_NO_CONTEXT, actx = GSS_C_NO_CONTEXT;
gss_buffer_desc atok = GSS_C_EMPTY_BUFFER, ktok = GSS_C_EMPTY_BUFFER, stok;
const unsigned char *atok_oid;
/*
* Our SPNEGO mech no longer acquires creds for the wrong mech OID, so we
* have to construct a SPNEGO token ourselves.
*/
major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &ictx, tname,
&mech_krb5, 0, GSS_C_INDEFINITE,
GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL, &ktok,
NULL, NULL);
check_gsserr("gss_init_sec_context(mskrb)", major, minor);
assert(major == GSS_S_COMPLETE);
create_mskrb5_spnego_token(&ktok, &stok);
/*
* Look directly at the DER encoding of the response token. Since we
* didn't request mutual authentication, the SPNEGO reply will contain no
* underlying mech token; therefore, the encoding of the correct
* NegotiationToken response is completely predictable:
*
* A1 14 (choice 1, length 20, meaning negTokenResp)
* 30 12 (sequence, length 18)
* A0 03 (context tag 0, length 3)
* 0A 01 00 (enumerated value 0, meaning accept-completed)
* A1 0B (context tag 1, length 11)
* 06 09 (object identifier, length 9)
* 2A 86 48 82 F7 12 01 02 02 (the erroneous krb5 OID)
*
* So we can just compare the length to 22 and the nine bytes at offset 13
* to the expected OID.
*/
major = gss_accept_sec_context(&minor, &actx, acred, &stok,
GSS_C_NO_CHANNEL_BINDINGS, NULL,
NULL, &atok, NULL, NULL, NULL);
check_gsserr("gss_accept_sec_context(mskrb)", major, minor);
assert(atok.length == 22);
atok_oid = (unsigned char *)atok.value + 13;
assert(memcmp(atok_oid, mech_krb5_wrong.elements, 9) == 0);
(void)gss_delete_sec_context(&minor, &ictx, NULL);
(void)gss_delete_sec_context(&minor, &actx, NULL);
(void)gss_release_buffer(&minor, &ktok);
(void)gss_release_buffer(&minor, &atok);
free(stok.value);
}
/* Check that we return a compatibility NegTokenInit2 message containing
* NegHints for an empty initiator token. */
static void
test_neghints()
{
OM_uint32 major, minor;
gss_buffer_desc itok = GSS_C_EMPTY_BUFFER, atok;
gss_ctx_id_t actx = GSS_C_NO_CONTEXT;
const char *expected =
/* RFC 2743 token framing: [APPLICATION 0] IMPLICIT SEQUENCE followed
* by OBJECT IDENTIFIER and the SPNEGO OID */
"\x60\x47\x06\x06" "\x2B\x06\x01\x05\x05\x02"
/* [0] SEQUENCE for the NegotiationToken negtokenInit choice */
"\xA0\x3D\x30\x3B"
/* [0] MechTypeList containing the krb5 OID */
"\xA0\x0D\x30\x0B\x06\x09" "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"
/* [3] NegHints containing [0] GeneralString containing the dummy
* hintName string defined in [MS-SPNG] */
"\xA3\x2A\x30\x28\xA0\x26\x1B\x24"
"not_defined_in_RFC4178@please_ignore";
/* Produce a hint token. */
major = gss_accept_sec_context(&minor, &actx, GSS_C_NO_CREDENTIAL, &itok,
GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
&atok, NULL, NULL, NULL);
check_gsserr("gss_accept_sec_context(neghints)", major, minor);
/* Verify it against the expected contents, which are fixed as long as we
* only list the krb5 mech in the token. */
assert(atok.length == strlen(expected));
assert(memcmp(atok.value, expected, atok.length) == 0);
(void)gss_release_buffer(&minor, &atok);
(void)gss_delete_sec_context(&minor, &actx, NULL);
}
int
main(int argc, char *argv[])
{
OM_uint32 minor, major, flags;
gss_cred_id_t verifier_cred_handle = GSS_C_NO_CREDENTIAL;
gss_cred_id_t initiator_cred_handle = GSS_C_NO_CREDENTIAL;
gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
gss_ctx_id_t initiator_context, acceptor_context;
gss_name_t target_name, source_name = GSS_C_NO_NAME;
gss_OID mech = GSS_C_NO_OID;
gss_OID_desc pref_oids[2];
gss_OID_set_desc pref_mechs;
if (argc < 2 || argc > 3) {
fprintf(stderr, "Usage: %s target_name [keytab]\n", argv[0]);
exit(1);
}
target_name = import_name(argv[1]);
if (argc >= 3) {
major = krb5_gss_register_acceptor_identity(argv[2]);
check_gsserr("krb5_gss_register_acceptor_identity", major, 0);
}
/* Get default initiator cred. */
major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
&mechset_spnego, GSS_C_INITIATE,
&initiator_cred_handle, NULL, NULL);
check_gsserr("gss_acquire_cred(initiator)", major, minor);
/*
* The following test is designed to exercise SPNEGO reselection on the
* client and server. Unfortunately, it no longer does so after tickets
* #8217 and #8021, since SPNEGO now only acquires a single krb5 cred and
* there is no way to expand the underlying creds with gss_set_neg_mechs().
* To fix this we need gss_acquire_cred_with_cred() or some other way to
* turn a cred with a specifically requested mech set into a SPNEGO cred.
*/
/* Make the initiator prefer IAKERB and offer krb5 as an alternative. */
pref_oids[0] = mech_iakerb;
pref_oids[1] = mech_krb5;
pref_mechs.count = 2;
pref_mechs.elements = pref_oids;
major = gss_set_neg_mechs(&minor, initiator_cred_handle, &pref_mechs);
check_gsserr("gss_set_neg_mechs(initiator)", major, minor);
/* Get default acceptor cred. */
major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
&mechset_spnego, GSS_C_ACCEPT,
&verifier_cred_handle, &actual_mechs, NULL);
check_gsserr("gss_acquire_cred(acceptor)", major, minor);
/* Restrict the acceptor to krb5 (which will force a reselection). */
major = gss_set_neg_mechs(&minor, verifier_cred_handle, &mechset_krb5);
check_gsserr("gss_set_neg_mechs(acceptor)", major, minor);
flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
establish_contexts(&mech_spnego, initiator_cred_handle,
verifier_cred_handle, target_name, flags,
&initiator_context, &acceptor_context, &source_name,
&mech, NULL);
display_canon_name("Source name", source_name, &mech_krb5);
display_oid("Source mech", mech);
/* Test acceptance of the erroneous Microsoft krb5 OID, with and without an
* acceptor cred. */
test_mskrb_oid(target_name, verifier_cred_handle);
test_mskrb_oid(target_name, GSS_C_NO_CREDENTIAL);
test_neghints();
(void)gss_delete_sec_context(&minor, &initiator_context, NULL);
(void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
(void)gss_release_name(&minor, &source_name);
(void)gss_release_name(&minor, &target_name);
(void)gss_release_cred(&minor, &initiator_cred_handle);
(void)gss_release_cred(&minor, &verifier_cred_handle);
(void)gss_release_oid_set(&minor, &actual_mechs);
return 0;
}
|
