search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kdc: base _kdc_fast_mk_error() on krb5_mk_error_ext()
[heimdal.git] / kdc / kerberos5.c
blob8125a2eb96223301d9c62ad5f39482129d40b26e
1 /*
2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kdc_locl.h"
35
36 #define MAX_TIME ((time_t)((1U << 31) - 1))
37
38 void
39 _kdc_fix_time(time_t **t)
40 {
41 if(*t == NULL){
42 ALLOC(*t);
43 **t = MAX_TIME;
44 }
45 if(**t == 0) **t = MAX_TIME; /* fix for old clients */
46 }
47
48 static int
49 realloc_method_data(METHOD_DATA *md)
50 {
51 PA_DATA *pa;
52 pa = realloc(md->val, (md->len + 1) * sizeof(*md->val));
53 if(pa == NULL)
54 return ENOMEM;
55 md->val = pa;
56 md->len++;
57 return 0;
58 }
59
60 static void
61 set_salt_padata(METHOD_DATA *md, Salt *salt)
62 {
63 if (salt) {
64 realloc_method_data(md);
65 md->val[md->len - 1].padata_type = salt->type;
66 der_copy_octet_string(&salt->salt,
67 &md->val[md->len - 1].padata_value);
68 }
69 }
70
71 const PA_DATA*
72 _kdc_find_padata(const KDC_REQ *req, int *start, int type)
73 {
74 if (req->padata == NULL)
75 return NULL;
76
77 while((size_t)*start < req->padata->len){
78 (*start)++;
79 if(req->padata->val[*start - 1].padata_type == (unsigned)type)
80 return &req->padata->val[*start - 1];
81 }
82 return NULL;
83 }
84
85 /*
86 * This is a hack to allow predefined weak services, like afs to
87 * still use weak types
88 */
89
90 krb5_boolean
91 _kdc_is_weak_exception(krb5_principal principal, krb5_enctype etype)
92 {
93 if (principal->name.name_string.len > 0 &&
94 strcmp(principal->name.name_string.val[0], "afs") == 0 &&
95 (etype == (krb5_enctype)ETYPE_DES_CBC_CRC
96 || etype == (krb5_enctype)ETYPE_DES_CBC_MD4
97 || etype == (krb5_enctype)ETYPE_DES_CBC_MD5))
98 return TRUE;
99 return FALSE;
100 }
101
102
103 /*
104 * Detect if `key' is the using the the precomputed `default_salt'.
105 */
106
107 static krb5_boolean
108 is_default_salt_p(const krb5_salt *default_salt, const Key *key)
109 {
110 if (key->salt == NULL)
111 return TRUE;
112 if (default_salt->salttype != key->salt->type)
113 return FALSE;
114 if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
115 return FALSE;
116 return TRUE;
117 }
118
119 /*
120 * return the first appropriate key of `princ' in `ret_key'. Look for
121 * all the etypes in (`etypes', `len'), stopping as soon as we find
122 * one, but preferring one that has default salt.
123 */
124
125 krb5_error_code
126 _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
127 krb5_boolean is_preauth, hdb_entry_ex *princ,
128 krb5_enctype *etypes, unsigned len,
129 krb5_enctype *ret_enctype, Key **ret_key)
130 {
131 krb5_error_code ret;
132 krb5_salt def_salt;
133 krb5_enctype enctype = (krb5_enctype)ETYPE_NULL;
134 const krb5_enctype *p;
135 Key *key = NULL;
136 int i, k;
137
138 /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
139 ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt);
140 if (ret)
141 return ret;
142
143 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
144
145 if (use_strongest_session_key) {
146
147 /*
148 * Pick the strongest key that the KDC, target service, and
149 * client all support, using the local cryptosystem enctype
150 * list in strongest-to-weakest order to drive the search.
151 *
152 * This is not what RFC4120 says to do, but it encourages
153 * adoption of stronger enctypes. This doesn't play well with
154 * clients that have multiple Kerberos client implementations
155 * available with different supported enctype lists.
156 */
157
158 /* drive the search with local supported enctypes list */
159 p = krb5_kerberos_enctypes(context);
160 for (i = 0;
161 p[i] != (krb5_enctype)ETYPE_NULL && enctype == (krb5_enctype)ETYPE_NULL;
162 i++) {
163 if (krb5_enctype_valid(context, p[i]) != 0 &&
164 !_kdc_is_weak_exception(princ->entry.principal, p[i]))
165 continue;
166
167 /* check that the client supports it too */
168 for (k = 0; k < len && enctype == (krb5_enctype)ETYPE_NULL; k++) {
169
170 if (p[i] != etypes[k])
171 continue;
172
173 /* check target princ support */
174 key = NULL;
175 while (hdb_next_enctype2key(context, &princ->entry, NULL,
176 p[i], &key) == 0) {
177 if (key->key.keyvalue.length == 0) {
178 ret = KRB5KDC_ERR_NULL_KEY;
179 continue;
180 }
181 enctype = p[i];
182 ret = 0;
183 if (is_preauth && ret_key != NULL &&
184 !is_default_salt_p(&def_salt, key))
185 continue;
186 }
187 }
188 }
189 } else {
190 /*
191 * Pick the first key from the client's enctype list that is
192 * supported by the cryptosystem and by the given principal.
193 *
194 * RFC4120 says we SHOULD pick the first _strong_ key from the
195 * client's list... not the first key... If the admin disallows
196 * weak enctypes in krb5.conf and selects this key selection
197 * algorithm, then we get exactly what RFC4120 says.
198 */
199 for(i = 0; ret != 0 && i < len; i++) {
200
201 if (krb5_enctype_valid(context, etypes[i]) != 0 &&
202 !_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
203 continue;
204
205 key = NULL;
206 while (ret != 0 &&
207 hdb_next_enctype2key(context, &princ->entry, NULL,
208 etypes[i], &key) == 0) {
209 if (key->key.keyvalue.length == 0) {
210 ret = KRB5KDC_ERR_NULL_KEY;
211 continue;
212 }
213 enctype = etypes[i];
214 ret = 0;
215 if (is_preauth && ret_key != NULL &&
216 !is_default_salt_p(&def_salt, key))
217 continue;
218 }
219 }
220 }
221
222 if (enctype == (krb5_enctype)ETYPE_NULL) {
223 /*
224 * if the service principal is one for which there is a known 1DES
225 * exception and no other enctype matches both the client request and
226 * the service key list, provide a DES-CBC-CRC key.
227 */
228 if (ret_key == NULL &&
229 _kdc_is_weak_exception(princ->entry.principal, ETYPE_DES_CBC_CRC)) {
230 ret = 0;
231 enctype = ETYPE_DES_CBC_CRC;
232 } else {
233 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
234 }
235 }
236
237 if (ret == 0) {
238 if (ret_enctype != NULL)
239 *ret_enctype = enctype;
240 if (ret_key != NULL)
241 *ret_key = key;
242 }
243
244 krb5_free_salt (context, def_salt);
245 return ret;
246 }
247
248 krb5_error_code
249 _kdc_make_anonymous_principalname (PrincipalName *pn)
250 {
251 pn->name_type = KRB5_NT_PRINCIPAL;
252 pn->name_string.len = 1;
253 pn->name_string.val = malloc(sizeof(*pn->name_string.val));
254 if (pn->name_string.val == NULL)
255 return ENOMEM;
256 pn->name_string.val[0] = strdup("anonymous");
257 if (pn->name_string.val[0] == NULL) {
258 free(pn->name_string.val);
259 pn->name_string.val = NULL;
260 return ENOMEM;
261 }
262 return 0;
263 }
264
265 static void
266 _kdc_r_log(kdc_request_t r, int level, const char *fmt, ...)
267 {
268 va_list ap;
269 char *s;
270 va_start(ap, fmt);
271 s = kdc_log_msg_va(r->context, r->config, level, fmt, ap);
272 if(s) free(s);
273 va_end(ap);
274 }
275
276 static void
277 _kdc_set_e_text(kdc_request_t r, const char *e_text)
278 {
279 r->e_text = e_text;
280 kdc_log(r->context, r->config, 0, "%s", e_text);
281 }
282
283 void
284 _kdc_log_timestamp(krb5_context context,
285 krb5_kdc_configuration *config,
286 const char *type,
287 KerberosTime authtime, KerberosTime *starttime,
288 KerberosTime endtime, KerberosTime *renew_till)
289 {
290 char authtime_str[100], starttime_str[100],
291 endtime_str[100], renewtime_str[100];
292
293 krb5_format_time(context, authtime,
294 authtime_str, sizeof(authtime_str), TRUE);
295 if (starttime)
296 krb5_format_time(context, *starttime,
297 starttime_str, sizeof(starttime_str), TRUE);
298 else
299 strlcpy(starttime_str, "unset", sizeof(starttime_str));
300 krb5_format_time(context, endtime,
301 endtime_str, sizeof(endtime_str), TRUE);
302 if (renew_till)
303 krb5_format_time(context, *renew_till,
304 renewtime_str, sizeof(renewtime_str), TRUE);
305 else
306 strlcpy(renewtime_str, "unset", sizeof(renewtime_str));
307
308 kdc_log(context, config, 5,
309 "%s authtime: %s starttime: %s endtime: %s renew till: %s",
310 type, authtime_str, starttime_str, endtime_str, renewtime_str);
311 }
312
313 /*
314 *
315 */
316
317 #ifdef PKINIT
318
319 static krb5_error_code
320 pa_pkinit_validate(kdc_request_t r, const PA_DATA *pa)
321 {
322 pk_client_params *pkp = NULL;
323 char *client_cert = NULL;
324 krb5_error_code ret;
325
326 ret = _kdc_pk_rd_padata(r->context, r->config, &r->req, pa, r->client, &pkp);
327 if (ret || pkp == NULL) {
328 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
329 _kdc_r_log(r, 5, "Failed to decode PKINIT PA-DATA -- %s",
330 r->client_name);
331 goto out;
332 }
333
334 ret = _kdc_pk_check_client(r->context,
335 r->config,
336 r->clientdb,
337 r->client,
338 pkp,
339 &client_cert);
340 if (ret) {
341 _kdc_set_e_text(r, "PKINIT certificate not allowed to "
342 "impersonate principal");
343 goto out;
344 }
345
346 _kdc_r_log(r, 0, "PKINIT pre-authentication succeeded -- %s using %s",
347 r->client_name, client_cert);
348 free(client_cert);
349
350 ret = _kdc_pk_mk_pa_reply(r->context, r->config, pkp, r->client,
351 r->sessionetype, &r->req, &r->request,
352 &r->reply_key, &r->session_key, &r->outpadata);
353 if (ret) {
354 _kdc_set_e_text(r, "Failed to build PK-INIT reply");
355 goto out;
356 }
357 #if 0
358 ret = _kdc_add_inital_verified_cas(r->context, r->config,
359 pkp, &r->et);
360 #endif
361 out:
362 if (pkp)
363 _kdc_pk_free_client_param(r->context, pkp);
364
365 return ret;
366 }
367
368 #endif /* PKINIT */
369
370 /*
371 *
372 */
373
374 static krb5_error_code
375 make_pa_enc_challange(krb5_context context, METHOD_DATA *md,
376 krb5_crypto crypto)
377 {
378 PA_ENC_TS_ENC p;
379 unsigned char *buf;
380 size_t buf_size;
381 size_t len;
382 EncryptedData encdata;
383 krb5_error_code ret;
384 int32_t usec;
385 int usec2;
386
387 krb5_us_timeofday (context, &p.patimestamp, &usec);
388 usec2 = usec;
389 p.pausec = &usec2;
390
391 ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
392 if (ret)
393 return ret;
394 if(buf_size != len)
395 krb5_abortx(context, "internal error in ASN.1 encoder");
396
397 ret = krb5_encrypt_EncryptedData(context,
398 crypto,
399 KRB5_KU_ENC_CHALLENGE_KDC,
400 buf,
401 len,
402 0,
403 &encdata);
404 free(buf);
405 if (ret)
406 return ret;
407
408 ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
409 free_EncryptedData(&encdata);
410 if (ret)
411 return ret;
412 if(buf_size != len)
413 krb5_abortx(context, "internal error in ASN.1 encoder");
414
415 ret = krb5_padata_add(context, md, KRB5_PADATA_ENCRYPTED_CHALLENGE, buf, len);
416 if (ret)
417 free(buf);
418 return ret;
419 }
420
421 static krb5_error_code
422 pa_enc_chal_validate(kdc_request_t r, const PA_DATA *pa)
423 {
424 krb5_data pepper1, pepper2, ts_data;
425 KDC_REQ_BODY *b = &r->req.req_body;
426 int invalidPassword = 0;
427 EncryptedData enc_data;
428 krb5_enctype aenctype;
429 krb5_error_code ret;
430 struct Key *k;
431 size_t size;
432 int i;
433
434 heim_assert(r->armor_crypto != NULL, "ENC-CHAL called for non FAST");
435
436 if (_kdc_is_anon_request(b)) {
437 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
438 kdc_log(r->context, r->config, 0, "ENC-CHALL doesn't support anon");
439 return ret;
440 }
441
442 ret = decode_EncryptedData(pa->padata_value.data,
443 pa->padata_value.length,
444 &enc_data,
445 &size);
446 if (ret) {
447 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
448 _kdc_r_log(r, 5, "Failed to decode PA-DATA -- %s",
449 r->client_name);
450 return ret;
451 }
452
453 pepper1.data = "clientchallengearmor";
454 pepper1.length = strlen(pepper1.data);
455 pepper2.data = "challengelongterm";
456 pepper2.length = strlen(pepper2.data);
457
458 krb5_crypto_getenctype(r->context, r->armor_crypto, &aenctype);
459
460 for (i = 0; i < r->client->entry.keys.len; i++) {
461 krb5_crypto challangecrypto, longtermcrypto;
462 krb5_keyblock challangekey;
463 PA_ENC_TS_ENC p;
464
465 k = &r->client->entry.keys.val[i];
466
467 ret = krb5_crypto_init(r->context, &k->key, 0, &longtermcrypto);
468 if (ret)
469 continue;
470
471 ret = krb5_crypto_fx_cf2(r->context, r->armor_crypto, longtermcrypto,
472 &pepper1, &pepper2, aenctype,
473 &challangekey);
474 krb5_crypto_destroy(r->context, longtermcrypto);
475 if (ret)
476 continue;
477
478 ret = krb5_crypto_init(r->context, &challangekey, 0,
479 &challangecrypto);
480 if (ret)
481 continue;
482
483 ret = krb5_decrypt_EncryptedData(r->context, challangecrypto,
484 KRB5_KU_ENC_CHALLENGE_CLIENT,
485 &enc_data,
486 &ts_data);
487 if (ret) {
488 const char *msg = krb5_get_error_message(r->context, ret);
489 krb5_error_code ret2;
490 char *str = NULL;
491
492 invalidPassword = 1;
493
494 ret2 = krb5_enctype_to_string(r->context, k->key.keytype, &str);
495 if (ret2)
496 str = NULL;
497 _kdc_r_log(r, 5, "Failed to decrypt ENC-CHAL -- %s "
498 "(enctype %s) error %s",
499 r->client_name, str ? str : "unknown enctype", msg);
500 krb5_free_error_message(r->context, msg);
501 free(str);
502
503 continue;
504 }
505
506 ret = decode_PA_ENC_TS_ENC(ts_data.data,
507 ts_data.length,
508 &p,
509 &size);
510 krb5_data_free(&ts_data);
511 if(ret){
512 krb5_crypto_destroy(r->context, challangecrypto);
513 ret = KRB5KDC_ERR_PREAUTH_FAILED;
514 _kdc_r_log(r, 5, "Failed to decode PA-ENC-TS_ENC -- %s",
515 r->client_name);
516 continue;
517 }
518
519 if (abs(kdc_time - p.patimestamp) > r->context->max_skew) {
520 char client_time[100];
521
522 krb5_crypto_destroy(r->context, challangecrypto);
523
524 krb5_format_time(r->context, p.patimestamp,
525 client_time, sizeof(client_time), TRUE);
526
527 ret = KRB5KRB_AP_ERR_SKEW;
528 _kdc_r_log(r, 0, "Too large time skew, "
529 "client time %s is out by %u > %u seconds -- %s",
530 client_time,
531 (unsigned)abs(kdc_time - p.patimestamp),
532 r->context->max_skew,
533 r->client_name);
534
535 free_PA_ENC_TS_ENC(&p);
536 goto out;
537 }
538
539 free_PA_ENC_TS_ENC(&p);
540
541 ret = make_pa_enc_challange(r->context, &r->outpadata,
542 challangecrypto);
543 krb5_crypto_destroy(r->context, challangecrypto);
544 if (ret)
545 goto out;
546
547 set_salt_padata(&r->outpadata, k->salt);
548 krb5_free_keyblock_contents(r->context, &r->reply_key);
549 ret = krb5_copy_keyblock_contents(r->context, &k->key, &r->reply_key);
550 if (ret)
551 goto out;
552
553 /*
554 * Success
555 */
556 if (r->clientdb->hdb_auth_status)
557 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
558 HDB_AUTH_SUCCESS);
559 goto out;
560 }
561
562 if (invalidPassword && r->clientdb->hdb_auth_status) {
563 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
564 HDB_AUTH_WRONG_PASSWORD);
565 ret = KRB5KDC_ERR_PREAUTH_FAILED;
566 }
567 out:
568 free_EncryptedData(&enc_data);
569
570 return ret;
571 }
572
573 static krb5_error_code
574 pa_enc_ts_validate(kdc_request_t r, const PA_DATA *pa)
575 {
576 EncryptedData enc_data;
577 krb5_error_code ret;
578 krb5_crypto crypto;
579 krb5_data ts_data;
580 PA_ENC_TS_ENC p;
581 size_t len;
582 Key *pa_key;
583 char *str;
584
585 if (_kdc_is_anon_request(&r->req.req_body)) {
586 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
587 _kdc_set_e_text(r, "ENC-TS doesn't support anon");
588 goto out;
589 }
590
591 ret = decode_EncryptedData(pa->padata_value.data,
592 pa->padata_value.length,
593 &enc_data,
594 &len);
595 if (ret) {
596 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
597 _kdc_r_log(r, 5, "Failed to decode PA-DATA -- %s",
598 r->client_name);
599 goto out;
600 }
601
602 ret = hdb_enctype2key(r->context, &r->client->entry, NULL,
603 enc_data.etype, &pa_key);
604 if(ret){
605 char *estr;
606 _kdc_set_e_text(r, "No key matching entype");
607 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
608 if(krb5_enctype_to_string(r->context, enc_data.etype, &estr))
609 estr = NULL;
610 if(estr == NULL)
611 _kdc_r_log(r, 5,
612 "No client key matching pa-data (%d) -- %s",
613 enc_data.etype, r->client_name);
614 else
615 _kdc_r_log(r, 5,
616 "No client key matching pa-data (%s) -- %s",
617 estr, r->client_name);
618 free(estr);
619 free_EncryptedData(&enc_data);
620 goto out;
621 }
622
623 try_next_key:
624 ret = krb5_crypto_init(r->context, &pa_key->key, 0, &crypto);
625 if (ret) {
626 const char *msg = krb5_get_error_message(r->context, ret);
627 _kdc_r_log(r, 0, "krb5_crypto_init failed: %s", msg);
628 krb5_free_error_message(r->context, msg);
629 free_EncryptedData(&enc_data);
630 goto out;
631 }
632
633 ret = krb5_decrypt_EncryptedData (r->context,
634 crypto,
635 KRB5_KU_PA_ENC_TIMESTAMP,
636 &enc_data,
637 &ts_data);
638 krb5_crypto_destroy(r->context, crypto);
639 /*
640 * Since the user might have several keys with the same
641 * enctype but with diffrent salting, we need to try all
642 * the keys with the same enctype.
643 */
644 if(ret){
645 krb5_error_code ret2;
646 const char *msg = krb5_get_error_message(r->context, ret);
647
648 ret2 = krb5_enctype_to_string(r->context,
649 pa_key->key.keytype, &str);
650 if (ret2)
651 str = NULL;
652 _kdc_r_log(r, 5, "Failed to decrypt PA-DATA -- %s "
653 "(enctype %s) error %s",
654 r->client_name, str ? str : "unknown enctype", msg);
655 krb5_free_error_message(r->context, msg);
656 free(str);
657
658 if(hdb_next_enctype2key(r->context, &r->client->entry, NULL,
659 enc_data.etype, &pa_key) == 0)
660 goto try_next_key;
661
662 free_EncryptedData(&enc_data);
663
664 if (r->clientdb->hdb_auth_status)
665 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
666 HDB_AUTH_WRONG_PASSWORD);
667
668 ret = KRB5KDC_ERR_PREAUTH_FAILED;
669 goto out;
670 }
671 free_EncryptedData(&enc_data);
672 ret = decode_PA_ENC_TS_ENC(ts_data.data,
673 ts_data.length,
674 &p,
675 &len);
676 krb5_data_free(&ts_data);
677 if(ret){
678 ret = KRB5KDC_ERR_PREAUTH_FAILED;
679 _kdc_r_log(r, 5, "Failed to decode PA-ENC-TS_ENC -- %s",
680 r->client_name);
681 goto out;
682 }
683 if (abs(kdc_time - p.patimestamp) > r->context->max_skew) {
684 char client_time[100];
685
686 krb5_format_time(r->context, p.patimestamp,
687 client_time, sizeof(client_time), TRUE);
688
689 ret = KRB5KRB_AP_ERR_SKEW;
690 _kdc_r_log(r, 0, "Too large time skew, "
691 "client time %s is out by %u > %u seconds -- %s",
692 client_time,
693 (unsigned)abs(kdc_time - p.patimestamp),
694 r->context->max_skew,
695 r->client_name);
696
697 /*
698 * The following is needed to make windows clients to
699 * retry using the timestamp in the error message, if
700 * there is a e_text, they become unhappy.
701 */
702 r->e_text = NULL;
703 free_PA_ENC_TS_ENC(&p);
704 goto out;
705 }
706 free_PA_ENC_TS_ENC(&p);
707
708 set_salt_padata(&r->outpadata, pa_key->salt);
709
710 ret = krb5_copy_keyblock_contents(r->context, &pa_key->key, &r->reply_key);
711 if (ret)
712 return ret;
713
714 ret = krb5_enctype_to_string(r->context, pa_key->key.keytype, &str);
715 if (ret)
716 str = NULL;
717 _kdc_r_log(r, 2, "ENC-TS Pre-authentication succeeded -- %s using %s",
718 r->client_name, str ? str : "unknown enctype");
719 free(str);
720
721 ret = 0;
722
723 out:
724
725 return ret;
726 }
727
728 struct kdc_patypes {
729 int type;
730 char *name;
731 unsigned int flags;
732 #define PA_ANNOUNCE 1
733 #define PA_REQ_FAST 2 /* only use inside fast */
734 krb5_error_code (*validate)(kdc_request_t, const PA_DATA *pa);
735 };
736
737 static const struct kdc_patypes pat[] = {
738 #ifdef PKINIT
739 {
740 KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)", PA_ANNOUNCE,
741 pa_pkinit_validate
742 },
743 {
744 KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", PA_ANNOUNCE,
745 pa_pkinit_validate
746 },
747 {
748 KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", PA_ANNOUNCE,
749 NULL
750 },
751 #else
752 { KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)", 0, NULL },
753 { KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", 0, NULL },
754 { KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", 0, NULL },
755 #endif
756 { KRB5_PADATA_PA_PK_OCSP_RESPONSE , "OCSP", 0, NULL },
757 {
758 KRB5_PADATA_ENC_TIMESTAMP , "ENC-TS",
759 PA_ANNOUNCE,
760 pa_enc_ts_validate
761 },
762 {
763 KRB5_PADATA_ENCRYPTED_CHALLENGE , "ENC-CHAL",
764 PA_ANNOUNCE | PA_REQ_FAST,
765 pa_enc_chal_validate
766 },
767 { KRB5_PADATA_REQ_ENC_PA_REP , "REQ-ENC-PA-REP", 0, NULL },
768 { KRB5_PADATA_FX_FAST, "FX-FAST", PA_ANNOUNCE, NULL },
769 { KRB5_PADATA_FX_ERROR, "FX-ERROR", 0, NULL },
770 { KRB5_PADATA_FX_COOKIE, "FX-COOKIE", 0, NULL }
771 };
772
773 static void
774 log_patypes(krb5_context context,
775 krb5_kdc_configuration *config,
776 METHOD_DATA *padata)
777 {
778 struct rk_strpool *p = NULL;
779 char *str;
780 size_t n, m;
781
782 for (n = 0; n < padata->len; n++) {
783 for (m = 0; m < sizeof(pat) / sizeof(pat[0]); m++) {
784 if (padata->val[n].padata_type == pat[m].type) {
785 p = rk_strpoolprintf(p, "%s", pat[m].name);
786 break;
787 }
788 }
789 if (m == sizeof(pat) / sizeof(pat[0]))
790 p = rk_strpoolprintf(p, "%d", padata->val[n].padata_type);
791 if (p && n + 1 < padata->len)
792 p = rk_strpoolprintf(p, ", ");
793 if (p == NULL) {
794 kdc_log(context, config, 0, "out of memory");
795 return;
796 }
797 }
798 if (p == NULL)
799 p = rk_strpoolprintf(p, "none");
800
801 str = rk_strpoolcollect(p);
802 kdc_log(context, config, 0, "Client sent patypes: %s", str);
803 free(str);
804 }
805
806 /*
807 *
808 */
809
810 krb5_error_code
811 _kdc_encode_reply(krb5_context context,
812 krb5_kdc_configuration *config,
813 krb5_crypto armor_crypto, uint32_t nonce,
814 KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
815 krb5_enctype etype,
816 int skvno, const EncryptionKey *skey,
817 int ckvno, const EncryptionKey *reply_key,
818 int rk_is_subkey,
819 const char **e_text,
820 krb5_data *reply)
821 {
822 unsigned char *buf;
823 size_t buf_size;
824 size_t len = 0;
825 krb5_error_code ret;
826 krb5_crypto crypto;
827
828 ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
829 if(ret) {
830 const char *msg = krb5_get_error_message(context, ret);
831 kdc_log(context, config, 0, "Failed to encode ticket: %s", msg);
832 krb5_free_error_message(context, msg);
833 return ret;
834 }
835 if(buf_size != len)
836 krb5_abortx(context, "Internal error in ASN.1 encoder");
837
838 ret = krb5_crypto_init(context, skey, etype, &crypto);
839 if (ret) {
840 const char *msg = krb5_get_error_message(context, ret);
841 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
842 krb5_free_error_message(context, msg);
843 return ret;
844 }
845
846 ret = krb5_encrypt_EncryptedData(context,
847 crypto,
848 KRB5_KU_TICKET,
849 buf,
850 len,
851 skvno,
852 &rep->ticket.enc_part);
853 free(buf);
854 krb5_crypto_destroy(context, crypto);
855 if(ret) {
856 const char *msg = krb5_get_error_message(context, ret);
857 kdc_log(context, config, 0, "Failed to encrypt data: %s", msg);
858 krb5_free_error_message(context, msg);
859 return ret;
860 }
861
862 if (armor_crypto) {
863 krb5_data data;
864 krb5_keyblock *strengthen_key = NULL;
865 KrbFastFinished finished;
866
867 kdc_log(context, config, 0, "FAST armor protection");
868
869 memset(&finished, 0, sizeof(finished));
870 krb5_data_zero(&data);
871
872 finished.timestamp = kdc_time;
873 finished.usec = 0;
874 finished.crealm = et->crealm;
875 finished.cname = et->cname;
876
877 ASN1_MALLOC_ENCODE(Ticket, data.data, data.length,
878 &rep->ticket, &len, ret);
879 if (ret)
880 return ret;
881 if (data.length != len)
882 krb5_abortx(context, "internal asn.1 error");
883
884 ret = krb5_create_checksum(context, armor_crypto,
885 KRB5_KU_FAST_FINISHED, 0,
886 data.data, data.length,
887 &finished.ticket_checksum);
888 krb5_data_free(&data);
889 if (ret)
890 return ret;
891
892 ret = _kdc_fast_mk_response(context, armor_crypto,
893 rep->padata, strengthen_key, &finished,
894 nonce, &data);
895 free_Checksum(&finished.ticket_checksum);
896 if (ret)
897 return ret;
898
899 if (rep->padata) {
900 free_METHOD_DATA(rep->padata);
901 } else {
902 rep->padata = calloc(1, sizeof(*(rep->padata)));
903 if (rep->padata == NULL) {
904 krb5_data_free(&data);
905 return ENOMEM;
906 }
907 }
908
909 ret = krb5_padata_add(context, rep->padata,
910 KRB5_PADATA_FX_FAST,
911 data.data, data.length);
912 if (ret)
913 return ret;
914
915 /*
916 * Hide client name of privacy reasons
917 */
918 if (1 /* r->fast_options.hide_client_names */) {
919 rep->crealm[0] = '\0';
920 free_PrincipalName(&rep->cname);
921 rep->cname.name_type = 0;
922 }
923 }
924
925 if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep)
926 ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
927 else
928 ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
929 if(ret) {
930 const char *msg = krb5_get_error_message(context, ret);
931 kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
932 krb5_free_error_message(context, msg);
933 return ret;
934 }
935 if(buf_size != len) {
936 free(buf);
937 kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
938 *e_text = "KDC internal error";
939 return KRB5KRB_ERR_GENERIC;
940 }
941 ret = krb5_crypto_init(context, reply_key, 0, &crypto);
942 if (ret) {
943 const char *msg = krb5_get_error_message(context, ret);
944 free(buf);
945 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
946 krb5_free_error_message(context, msg);
947 return ret;
948 }
949 if(rep->msg_type == krb_as_rep) {
950 krb5_encrypt_EncryptedData(context,
951 crypto,
952 KRB5_KU_AS_REP_ENC_PART,
953 buf,
954 len,
955 ckvno,
956 &rep->enc_part);
957 free(buf);
958 ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
959 } else {
960 krb5_encrypt_EncryptedData(context,
961 crypto,
962 rk_is_subkey ? KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : KRB5_KU_TGS_REP_ENC_PART_SESSION,
963 buf,
964 len,
965 ckvno,
966 &rep->enc_part);
967 free(buf);
968 ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
969 }
970 krb5_crypto_destroy(context, crypto);
971 if(ret) {
972 const char *msg = krb5_get_error_message(context, ret);
973 kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
974 krb5_free_error_message(context, msg);
975 return ret;
976 }
977 if(buf_size != len) {
978 free(buf);
979 kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
980 *e_text = "KDC internal error";
981 return KRB5KRB_ERR_GENERIC;
982 }
983 reply->data = buf;
984 reply->length = buf_size;
985 return 0;
986 }
987
988 /*
989 * Return 1 if the client have only older enctypes, this is for
990 * determining if the server should send ETYPE_INFO2 or not.
991 */
992
993 static int
994 older_enctype(krb5_enctype enctype)
995 {
996 switch (enctype) {
997 case ETYPE_DES_CBC_CRC:
998 case ETYPE_DES_CBC_MD4:
999 case ETYPE_DES_CBC_MD5:
1000 case ETYPE_DES3_CBC_SHA1:
1001 case ETYPE_ARCFOUR_HMAC_MD5:
1002 case ETYPE_ARCFOUR_HMAC_MD5_56:
1003 /*
1004 * The following three is "old" windows enctypes and is needed for
1005 * windows 2000 hosts.
1006 */
1007 case ETYPE_ARCFOUR_MD4:
1008 case ETYPE_ARCFOUR_HMAC_OLD:
1009 case ETYPE_ARCFOUR_HMAC_OLD_EXP:
1010 return 1;
1011 default:
1012 return 0;
1013 }
1014 }
1015
1016 /*
1017 *
1018 */
1019
1020 static krb5_error_code
1021 make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
1022 {
1023 ent->etype = key->key.keytype;
1024 if(key->salt){
1025 #if 0
1026 ALLOC(ent->salttype);
1027
1028 if(key->salt->type == hdb_pw_salt)
1029 *ent->salttype = 0; /* or 1? or NULL? */
1030 else if(key->salt->type == hdb_afs3_salt)
1031 *ent->salttype = 2;
1032 else {
1033 kdc_log(context, config, 0, "unknown salt-type: %d",
1034 key->salt->type);
1035 return KRB5KRB_ERR_GENERIC;
1036 }
1037 /* according to `the specs', we can't send a salt if
1038 we have AFS3 salted key, but that requires that you
1039 *know* what cell you are using (e.g by assuming
1040 that the cell is the same as the realm in lower
1041 case) */
1042 #elif 0
1043 ALLOC(ent->salttype);
1044 *ent->salttype = key->salt->type;
1045 #else
1046 /*
1047 * We shouldn't sent salttype since it is incompatible with the
1048 * specification and it breaks windows clients. The afs
1049 * salting problem is solved by using KRB5-PADATA-AFS3-SALT
1050 * implemented in Heimdal 0.7 and later.
1051 */
1052 ent->salttype = NULL;
1053 #endif
1054 krb5_copy_data(context, &key->salt->salt,
1055 &ent->salt);
1056 } else {
1057 /* we return no salt type at all, as that should indicate
1058 * the default salt type and make everybody happy. some
1059 * systems (like w2k) dislike being told the salt type
1060 * here. */
1061
1062 ent->salttype = NULL;
1063 ent->salt = NULL;
1064 }
1065 return 0;
1066 }
1067
1068 static krb5_error_code
1069 get_pa_etype_info(krb5_context context,
1070 krb5_kdc_configuration *config,
1071 METHOD_DATA *md, Key *ckey)
1072 {
1073 krb5_error_code ret = 0;
1074 ETYPE_INFO pa;
1075 unsigned char *buf;
1076 size_t len;
1077
1078
1079 pa.len = 1;
1080 pa.val = calloc(1, sizeof(pa.val[0]));
1081 if(pa.val == NULL)
1082 return ENOMEM;
1083
1084 ret = make_etype_info_entry(context, &pa.val[0], ckey);
1085 if (ret) {
1086 free_ETYPE_INFO(&pa);
1087 return ret;
1088 }
1089
1090 ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
1091 free_ETYPE_INFO(&pa);
1092 if(ret)
1093 return ret;
1094 ret = realloc_method_data(md);
1095 if(ret) {
1096 free(buf);
1097 return ret;
1098 }
1099 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO;
1100 md->val[md->len - 1].padata_value.length = len;
1101 md->val[md->len - 1].padata_value.data = buf;
1102 return 0;
1103 }
1104
1105 /*
1106 *
1107 */
1108
1109 extern int _krb5_AES_string_to_default_iterator;
1110
1111 static krb5_error_code
1112 make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
1113 {
1114 ent->etype = key->key.keytype;
1115 if(key->salt) {
1116 ALLOC(ent->salt);
1117 if (ent->salt == NULL)
1118 return ENOMEM;
1119 *ent->salt = malloc(key->salt->salt.length + 1);
1120 if (*ent->salt == NULL) {
1121 free(ent->salt);
1122 ent->salt = NULL;
1123 return ENOMEM;
1124 }
1125 memcpy(*ent->salt, key->salt->salt.data, key->salt->salt.length);
1126 (*ent->salt)[key->salt->salt.length] = '\0';
1127 } else
1128 ent->salt = NULL;
1129
1130 ent->s2kparams = NULL;
1131
1132 switch (key->key.keytype) {
1133 case ETYPE_AES128_CTS_HMAC_SHA1_96:
1134 case ETYPE_AES256_CTS_HMAC_SHA1_96:
1135 ALLOC(ent->s2kparams);
1136 if (ent->s2kparams == NULL)
1137 return ENOMEM;
1138 ent->s2kparams->length = 4;
1139 ent->s2kparams->data = malloc(ent->s2kparams->length);
1140 if (ent->s2kparams->data == NULL) {
1141 free(ent->s2kparams);
1142 ent->s2kparams = NULL;
1143 return ENOMEM;
1144 }
1145 _krb5_put_int(ent->s2kparams->data,
1146 _krb5_AES_string_to_default_iterator,
1147 ent->s2kparams->length);
1148 break;
1149 case ETYPE_DES_CBC_CRC:
1150 case ETYPE_DES_CBC_MD4:
1151 case ETYPE_DES_CBC_MD5:
1152 /* Check if this was a AFS3 salted key */
1153 if(key->salt && key->salt->type == hdb_afs3_salt){
1154 ALLOC(ent->s2kparams);
1155 if (ent->s2kparams == NULL)
1156 return ENOMEM;
1157 ent->s2kparams->length = 1;
1158 ent->s2kparams->data = malloc(ent->s2kparams->length);
1159 if (ent->s2kparams->data == NULL) {
1160 free(ent->s2kparams);
1161 ent->s2kparams = NULL;
1162 return ENOMEM;
1163 }
1164 _krb5_put_int(ent->s2kparams->data,
1165 1,
1166 ent->s2kparams->length);
1167 }
1168 break;
1169 default:
1170 break;
1171 }
1172 return 0;
1173 }
1174
1175 /*
1176 * Return an ETYPE-INFO2. Enctypes are storted the same way as in the
1177 * database (client supported enctypes first, then the unsupported
1178 * enctypes).
1179 */
1180
1181 static krb5_error_code
1182 get_pa_etype_info2(krb5_context context,
1183 krb5_kdc_configuration *config,
1184 METHOD_DATA *md, Key *ckey)
1185 {
1186 krb5_error_code ret = 0;
1187 ETYPE_INFO2 pa;
1188 unsigned char *buf;
1189 size_t len;
1190
1191 pa.len = 1;
1192 pa.val = calloc(1, sizeof(pa.val[0]));
1193 if(pa.val == NULL)
1194 return ENOMEM;
1195
1196 ret = make_etype_info2_entry(&pa.val[0], ckey);
1197 if (ret) {
1198 free_ETYPE_INFO2(&pa);
1199 return ret;
1200 }
1201
1202 ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret);
1203 free_ETYPE_INFO2(&pa);
1204 if(ret)
1205 return ret;
1206 ret = realloc_method_data(md);
1207 if(ret) {
1208 free(buf);
1209 return ret;
1210 }
1211 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO2;
1212 md->val[md->len - 1].padata_value.length = len;
1213 md->val[md->len - 1].padata_value.data = buf;
1214 return 0;
1215 }
1216
1217 /*
1218 *
1219 */
1220
1221 static void
1222 log_as_req(krb5_context context,
1223 krb5_kdc_configuration *config,
1224 krb5_enctype cetype,
1225 krb5_enctype setype,
1226 const KDC_REQ_BODY *b)
1227 {
1228 krb5_error_code ret;
1229 struct rk_strpool *p;
1230 char *str;
1231 size_t i;
1232
1233 p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: ");
1234
1235 for (i = 0; i < b->etype.len; i++) {
1236 ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
1237 if (ret == 0) {
1238 p = rk_strpoolprintf(p, "%s", str);
1239 free(str);
1240 } else
1241 p = rk_strpoolprintf(p, "%d", b->etype.val[i]);
1242 if (p && i + 1 < b->etype.len)
1243 p = rk_strpoolprintf(p, ", ");
1244 if (p == NULL) {
1245 kdc_log(context, config, 0, "out of memory");
1246 return;
1247 }
1248 }
1249 if (p == NULL)
1250 p = rk_strpoolprintf(p, "no encryption types");
1251
1252 {
1253 char *cet;
1254 char *set;
1255
1256 ret = krb5_enctype_to_string(context, cetype, &cet);
1257 if(ret == 0) {
1258 ret = krb5_enctype_to_string(context, setype, &set);
1259 if (ret == 0) {
1260 p = rk_strpoolprintf(p, ", using %s/%s", cet, set);
1261 free(set);
1262 }
1263 free(cet);
1264 }
1265 if (ret != 0)
1266 p = rk_strpoolprintf(p, ", using enctypes %d/%d",
1267 cetype, setype);
1268 }
1269
1270 str = rk_strpoolcollect(p);
1271 kdc_log(context, config, 0, "%s", str);
1272 free(str);
1273
1274 {
1275 char fixedstr[128];
1276 unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(),
1277 fixedstr, sizeof(fixedstr));
1278 if(*fixedstr)
1279 kdc_log(context, config, 0, "Requested flags: %s", fixedstr);
1280 }
1281 }
1282
1283 /*
1284 * verify the flags on `client' and `server', returning 0
1285 * if they are OK and generating an error messages and returning
1286 * and error code otherwise.
1287 */
1288
1289 krb5_error_code
1290 kdc_check_flags(krb5_context context,
1291 krb5_kdc_configuration *config,
1292 hdb_entry_ex *client_ex, const char *client_name,
1293 hdb_entry_ex *server_ex, const char *server_name,
1294 krb5_boolean is_as_req)
1295 {
1296 if(client_ex != NULL) {
1297 hdb_entry *client = &client_ex->entry;
1298
1299 /* check client */
1300 if (client->flags.locked_out) {
1301 kdc_log(context, config, 0,
1302 "Client (%s) is locked out", client_name);
1303 return KRB5KDC_ERR_POLICY;
1304 }
1305
1306 if (client->flags.invalid) {
1307 kdc_log(context, config, 0,
1308 "Client (%s) has invalid bit set", client_name);
1309 return KRB5KDC_ERR_POLICY;
1310 }
1311
1312 if(!client->flags.client){
1313 kdc_log(context, config, 0,
1314 "Principal may not act as client -- %s", client_name);
1315 return KRB5KDC_ERR_POLICY;
1316 }
1317
1318 if (client->valid_start && *client->valid_start > kdc_time) {
1319 char starttime_str[100];
1320 krb5_format_time(context, *client->valid_start,
1321 starttime_str, sizeof(starttime_str), TRUE);
1322 kdc_log(context, config, 0,
1323 "Client not yet valid until %s -- %s",
1324 starttime_str, client_name);
1325 return KRB5KDC_ERR_CLIENT_NOTYET;
1326 }
1327
1328 if (client->valid_end && *client->valid_end < kdc_time) {
1329 char endtime_str[100];
1330 krb5_format_time(context, *client->valid_end,
1331 endtime_str, sizeof(endtime_str), TRUE);
1332 kdc_log(context, config, 0,
1333 "Client expired at %s -- %s",
1334 endtime_str, client_name);
1335 return KRB5KDC_ERR_NAME_EXP;
1336 }
1337
1338 if (client->flags.require_pwchange &&
1339 (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
1340 kdc_log(context, config, 0,
1341 "Client's key must be changed -- %s", client_name);
1342 return KRB5KDC_ERR_KEY_EXPIRED;
1343 }
1344
1345 if (client->pw_end && *client->pw_end < kdc_time
1346 && (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
1347 char pwend_str[100];
1348 krb5_format_time(context, *client->pw_end,
1349 pwend_str, sizeof(pwend_str), TRUE);
1350 kdc_log(context, config, 0,
1351 "Client's key has expired at %s -- %s",
1352 pwend_str, client_name);
1353 return KRB5KDC_ERR_KEY_EXPIRED;
1354 }
1355 }
1356
1357 /* check server */
1358
1359 if (server_ex != NULL) {
1360 hdb_entry *server = &server_ex->entry;
1361
1362 if (server->flags.locked_out) {
1363 kdc_log(context, config, 0,
1364 "Client server locked out -- %s", server_name);
1365 return KRB5KDC_ERR_POLICY;
1366 }
1367 if (server->flags.invalid) {
1368 kdc_log(context, config, 0,
1369 "Server has invalid flag set -- %s", server_name);
1370 return KRB5KDC_ERR_POLICY;
1371 }
1372
1373 if(!server->flags.server){
1374 kdc_log(context, config, 0,
1375 "Principal may not act as server -- %s", server_name);
1376 return KRB5KDC_ERR_POLICY;
1377 }
1378
1379 if(!is_as_req && server->flags.initial) {
1380 kdc_log(context, config, 0,
1381 "AS-REQ is required for server -- %s", server_name);
1382 return KRB5KDC_ERR_POLICY;
1383 }
1384
1385 if (server->valid_start && *server->valid_start > kdc_time) {
1386 char starttime_str[100];
1387 krb5_format_time(context, *server->valid_start,
1388 starttime_str, sizeof(starttime_str), TRUE);
1389 kdc_log(context, config, 0,
1390 "Server not yet valid until %s -- %s",
1391 starttime_str, server_name);
1392 return KRB5KDC_ERR_SERVICE_NOTYET;
1393 }
1394
1395 if (server->valid_end && *server->valid_end < kdc_time) {
1396 char endtime_str[100];
1397 krb5_format_time(context, *server->valid_end,
1398 endtime_str, sizeof(endtime_str), TRUE);
1399 kdc_log(context, config, 0,
1400 "Server expired at %s -- %s",
1401 endtime_str, server_name);
1402 return KRB5KDC_ERR_SERVICE_EXP;
1403 }
1404
1405 if (server->pw_end && *server->pw_end < kdc_time) {
1406 char pwend_str[100];
1407 krb5_format_time(context, *server->pw_end,
1408 pwend_str, sizeof(pwend_str), TRUE);
1409 kdc_log(context, config, 0,
1410 "Server's key has expired at -- %s",
1411 pwend_str, server_name);
1412 return KRB5KDC_ERR_KEY_EXPIRED;
1413 }
1414 }
1415 return 0;
1416 }
1417
1418 /*
1419 * Return TRUE if `from' is part of `addresses' taking into consideration
1420 * the configuration variables that tells us how strict we should be about
1421 * these checks
1422 */
1423
1424 krb5_boolean
1425 _kdc_check_addresses(krb5_context context,
1426 krb5_kdc_configuration *config,
1427 HostAddresses *addresses, const struct sockaddr *from)
1428 {
1429 krb5_error_code ret;
1430 krb5_address addr;
1431 krb5_boolean result;
1432 krb5_boolean only_netbios = TRUE;
1433 size_t i;
1434
1435 if(config->check_ticket_addresses == 0)
1436 return TRUE;
1437
1438 if(addresses == NULL)
1439 return config->allow_null_ticket_addresses;
1440
1441 for (i = 0; i < addresses->len; ++i) {
1442 if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
1443 only_netbios = FALSE;
1444 }
1445 }
1446
1447 /* Windows sends it's netbios name, which I can only assume is
1448 * used for the 'allowed workstations' check. This is painful,
1449 * but we still want to check IP addresses if they happen to be
1450 * present.
1451 */
1452
1453 if(only_netbios)
1454 return config->allow_null_ticket_addresses;
1455
1456 ret = krb5_sockaddr2address (context, from, &addr);
1457 if(ret)
1458 return FALSE;
1459
1460 result = krb5_address_search(context, &addr, addresses);
1461 krb5_free_address (context, &addr);
1462 return result;
1463 }
1464
1465 /*
1466 *
1467 */
1468
1469 static krb5_boolean
1470 send_pac_p(krb5_context context, KDC_REQ *req)
1471 {
1472 krb5_error_code ret;
1473 PA_PAC_REQUEST pacreq;
1474 const PA_DATA *pa;
1475 int i = 0;
1476
1477 pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST);
1478 if (pa == NULL)
1479 return TRUE;
1480
1481 ret = decode_PA_PAC_REQUEST(pa->padata_value.data,
1482 pa->padata_value.length,
1483 &pacreq,
1484 NULL);
1485 if (ret)
1486 return TRUE;
1487 i = pacreq.include_pac;
1488 free_PA_PAC_REQUEST(&pacreq);
1489 if (i == 0)
1490 return FALSE;
1491 return TRUE;
1492 }
1493
1494 /*
1495 *
1496 */
1497
1498 static krb5_error_code
1499 generate_pac(kdc_request_t r, Key *skey)
1500 {
1501 krb5_error_code ret;
1502 krb5_pac p = NULL;
1503 krb5_data data;
1504
1505 ret = _kdc_pac_generate(r->context, r->client, &p);
1506 if (ret) {
1507 _kdc_r_log(r, 0, "PAC generation failed for -- %s",
1508 r->client_name);
1509 return ret;
1510 }
1511 if (p == NULL)
1512 return 0;
1513
1514 ret = _krb5_pac_sign(r->context, p, r->et.authtime,
1515 r->client->entry.principal,
1516 &skey->key, /* Server key */
1517 &skey->key, /* FIXME: should be krbtgt key */
1518 &data);
1519 krb5_pac_free(r->context, p);
1520 if (ret) {
1521 _kdc_r_log(r, 0, "PAC signing failed for -- %s",
1522 r->client_name);
1523 return ret;
1524 }
1525
1526 ret = _kdc_tkt_add_if_relevant_ad(r->context, &r->et,
1527 KRB5_AUTHDATA_WIN2K_PAC,
1528 &data);
1529 krb5_data_free(&data);
1530
1531 return ret;
1532 }
1533
1534 /*
1535 *
1536 */
1537
1538 krb5_boolean
1539 _kdc_is_anonymous(krb5_context context, krb5_principal principal)
1540 {
1541 if (principal->name.name_type != KRB5_NT_WELLKNOWN ||
1542 principal->name.name_string.len != 2 ||
1543 strcmp(principal->name.name_string.val[0], KRB5_WELLKNOWN_NAME) != 0 ||
1544 strcmp(principal->name.name_string.val[1], KRB5_ANON_NAME) != 0)
1545 return 0;
1546 return 1;
1547 }
1548
1549 static int
1550 require_preauth_p(kdc_request_t r)
1551 {
1552 return r->config->require_preauth
1553 || r->client->entry.flags.require_preauth
1554 || r->server->entry.flags.require_preauth;
1555 }
1556
1557
1558 /*
1559 *
1560 */
1561
1562 static krb5_error_code
1563 add_enc_pa_rep(kdc_request_t r)
1564 {
1565 krb5_error_code ret;
1566 krb5_crypto crypto;
1567 Checksum checksum;
1568 krb5_data cdata;
1569 size_t len;
1570
1571 ret = krb5_crypto_init(r->context, &r->reply_key, 0, &crypto);
1572 if (ret)
1573 return ret;
1574
1575 ret = krb5_create_checksum(r->context, crypto,
1576 KRB5_KU_AS_REQ, 0,
1577 r->request.data, r->request.length,
1578 &checksum);
1579 krb5_crypto_destroy(r->context, crypto);
1580 if (ret)
1581 return ret;
1582
1583 ASN1_MALLOC_ENCODE(Checksum, cdata.data, cdata.length,
1584 &checksum, &len, ret);
1585 free_Checksum(&checksum);
1586 if (ret)
1587 return ret;
1588 heim_assert(cdata.length == len, "ASN.1 internal error");
1589
1590 if (r->ek.encrypted_pa_data == NULL) {
1591 ALLOC(r->ek.encrypted_pa_data);
1592 if (r->ek.encrypted_pa_data == NULL)
1593 return ENOMEM;
1594 }
1595 ret = krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1596 KRB5_PADATA_REQ_ENC_PA_REP, cdata.data, cdata.length);
1597 if (ret)
1598 return ret;
1599
1600 return krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1601 KRB5_PADATA_FX_FAST, NULL, 0);
1602 }
1603
1604 /*
1605 *
1606 */
1607
1608 krb5_error_code
1609 _kdc_as_rep(kdc_request_t r,
1610 krb5_data *reply,
1611 const char *from,
1612 struct sockaddr *from_addr,
1613 int datagram_reply)
1614 {
1615 krb5_context context = r->context;
1616 krb5_kdc_configuration *config = r->config;
1617 KDC_REQ *req = &r->req;
1618 KDC_REQ_BODY *b = NULL;
1619 AS_REP rep;
1620 KDCOptions f;
1621 krb5_enctype setype;
1622 krb5_error_code ret = 0;
1623 Key *skey;
1624 int found_pa = 0;
1625 int i, flags = HDB_F_FOR_AS_REQ;
1626 METHOD_DATA error_method;
1627 const PA_DATA *pa;
1628
1629 memset(&rep, 0, sizeof(rep));
1630 error_method.len = 0;
1631 error_method.val = NULL;
1632
1633 /*
1634 * Look for FAST armor and unwrap
1635 */
1636 ret = _kdc_fast_unwrap_request(r);
1637 if (ret) {
1638 _kdc_r_log(r, 0, "FAST unwrap request from %s failed: %d", from, ret);
1639 goto out;
1640 }
1641
1642 b = &req->req_body;
1643 f = b->kdc_options;
1644
1645 if (f.canonicalize)
1646 flags |= HDB_F_CANON;
1647
1648 if(b->sname == NULL){
1649 ret = KRB5KRB_ERR_GENERIC;
1650 _kdc_set_e_text(r, "No server in request");
1651 } else{
1652 ret = _krb5_principalname2krb5_principal (context,
1653 &r->server_princ,
1654 *(b->sname),
1655 b->realm);
1656 if (ret == 0)
1657 ret = krb5_unparse_name(context, r->server_princ, &r->server_name);
1658 }
1659 if (ret) {
1660 kdc_log(context, config, 0,
1661 "AS-REQ malformed server name from %s", from);
1662 goto out;
1663 }
1664 if(b->cname == NULL){
1665 ret = KRB5KRB_ERR_GENERIC;
1666 _kdc_set_e_text(r, "No client in request");
1667 } else {
1668 ret = _krb5_principalname2krb5_principal (context,
1669 &r->client_princ,
1670 *(b->cname),
1671 b->realm);
1672 if (ret)
1673 goto out;
1674
1675 ret = krb5_unparse_name(context, r->client_princ, &r->client_name);
1676 }
1677 if (ret) {
1678 kdc_log(context, config, 0,
1679 "AS-REQ malformed client name from %s", from);
1680 goto out;
1681 }
1682
1683 kdc_log(context, config, 0, "AS-REQ %s from %s for %s",
1684 r->client_name, from, r->server_name);
1685
1686 /*
1687 *
1688 */
1689
1690 if (_kdc_is_anonymous(context, r->client_princ)) {
1691 if (!_kdc_is_anon_request(b)) {
1692 kdc_log(context, config, 0, "Anonymous ticket w/o anonymous flag");
1693 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1694 goto out;
1695 }
1696 } else if (_kdc_is_anon_request(b)) {
1697 kdc_log(context, config, 0,
1698 "Request for a anonymous ticket with non "
1699 "anonymous client name: %s", r->client_name);
1700 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1701 goto out;
1702 }
1703
1704 /*
1705 *
1706 */
1707
1708 ret = _kdc_db_fetch(context, config, r->client_princ,
1709 HDB_F_GET_CLIENT | flags, NULL,
1710 &r->clientdb, &r->client);
1711 if(ret == HDB_ERR_NOT_FOUND_HERE) {
1712 kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy",
1713 r->client_name);
1714 goto out;
1715 } else if(ret){
1716 const char *msg = krb5_get_error_message(context, ret);
1717 kdc_log(context, config, 0, "UNKNOWN -- %s: %s", r->client_name, msg);
1718 krb5_free_error_message(context, msg);
1719 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1720 goto out;
1721 }
1722 ret = _kdc_db_fetch(context, config, r->server_princ,
1723 HDB_F_GET_SERVER|HDB_F_GET_KRBTGT | flags,
1724 NULL, NULL, &r->server);
1725 if(ret == HDB_ERR_NOT_FOUND_HERE) {
1726 kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy",
1727 r->server_name);
1728 goto out;
1729 } else if(ret){
1730 const char *msg = krb5_get_error_message(context, ret);
1731 kdc_log(context, config, 0, "UNKNOWN -- %s: %s", r->server_name, msg);
1732 krb5_free_error_message(context, msg);
1733 ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
1734 goto out;
1735 }
1736
1737 /*
1738 * Select a session enctype from the list of the crypto system
1739 * supported enctypes that is supported by the client and is one of
1740 * the enctype of the enctype of the service (likely krbtgt).
1741 *
1742 * The latter is used as a hint of what enctypes all KDC support,
1743 * to make sure a newer version of KDC won't generate a session
1744 * enctype that an older version of a KDC in the same realm can't
1745 * decrypt.
1746 */
1747
1748 ret = _kdc_find_etype(context,
1749 krb5_principal_is_krbtgt(context, r->server_princ) ?
1750 config->tgt_use_strongest_session_key :
1751 config->svc_use_strongest_session_key, FALSE,
1752 r->client, b->etype.val, b->etype.len, &r->sessionetype,
1753 NULL);
1754 if (ret) {
1755 kdc_log(context, config, 0,
1756 "Client (%s) from %s has no common enctypes with KDC "
1757 "to use for the session key",
1758 r->client_name, from);
1759 goto out;
1760 }
1761
1762 /*
1763 * Pre-auth processing
1764 */
1765
1766 if(req->padata){
1767 unsigned int n;
1768
1769 log_patypes(context, config, req->padata);
1770
1771 /* Check if preauth matching */
1772
1773 for (n = 0; !found_pa && n < sizeof(pat) / sizeof(pat[0]); n++) {
1774 if (pat[n].validate == NULL)
1775 continue;
1776 if (r->armor_crypto == NULL && (pat[n].flags & PA_REQ_FAST))
1777 continue;
1778
1779 kdc_log(context, config, 5,
1780 "Looking for %s pa-data -- %s", pat[n].name, r->client_name);
1781 i = 0;
1782 pa = _kdc_find_padata(req, &i, pat[n].type);
1783 if (pa) {
1784 ret = pat[n].validate(r, pa);
1785 if (ret != 0) {
1786 goto out;
1787 }
1788 kdc_log(context, config, 0,
1789 "%s pre-authentication succeeded -- %s",
1790 pat[n].name, r->client_name);
1791 found_pa = 1;
1792 r->et.flags.pre_authent = 1;
1793 }
1794 }
1795 }
1796
1797 if (found_pa == 0) {
1798 Key *ckey = NULL;
1799 size_t n;
1800
1801 for (n = 0; n < sizeof(pat) / sizeof(pat[0]); n++) {
1802 if ((pat[n].flags & PA_ANNOUNCE) == 0)
1803 continue;
1804 ret = krb5_padata_add(context, &error_method,
1805 pat[n].type, NULL, 0);
1806 if (ret)
1807 goto out;
1808 }
1809
1810 /*
1811 * If there is a client key, send ETYPE_INFO{,2}
1812 */
1813 ret = _kdc_find_etype(context,
1814 config->preauth_use_strongest_session_key, TRUE,
1815 r->client, b->etype.val, b->etype.len, NULL, &ckey);
1816 if (ret == 0) {
1817
1818 /*
1819 * RFC4120 requires:
1820 * - If the client only knows about old enctypes, then send
1821 * both info replies (we send 'info' first in the list).
1822 * - If the client is 'modern', because it knows about 'new'
1823 * enctype types, then only send the 'info2' reply.
1824 *
1825 * Before we send the full list of etype-info data, we pick
1826 * the client key we would have used anyway below, just pick
1827 * that instead.
1828 */
1829
1830 if (older_enctype(ckey->key.keytype)) {
1831 ret = get_pa_etype_info(context, config,
1832 &error_method, ckey);
1833 if (ret)
1834 goto out;
1835 }
1836 ret = get_pa_etype_info2(context, config,
1837 &error_method, ckey);
1838 if (ret)
1839 goto out;
1840 }
1841
1842 /*
1843 * send requre preauth is its required or anon is requested,
1844 * anon is today only allowed via preauth mechanisms.
1845 */
1846 if (require_preauth_p(r) || _kdc_is_anon_request(b)) {
1847 ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
1848 _kdc_set_e_text(r, "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ");
1849 goto out;
1850 }
1851
1852 if (ckey == NULL) {
1853 ret = KRB5KDC_ERR_CLIENT_NOTYET;
1854 _kdc_set_e_text(r, "Doesn't have a client key available");
1855 goto out;
1856 }
1857 krb5_free_keyblock_contents(r->context, &r->reply_key);
1858 ret = krb5_copy_keyblock_contents(r->context, &ckey->key, &r->reply_key);
1859 if (ret)
1860 goto out;
1861 }
1862
1863 if (r->clientdb->hdb_auth_status) {
1864 r->clientdb->hdb_auth_status(context, r->clientdb, r->client,
1865 HDB_AUTH_SUCCESS);
1866 }
1867
1868 /*
1869 * Verify flags after the user been required to prove its identity
1870 * with in a preauth mech.
1871 */
1872
1873 ret = _kdc_check_access(context, config, r->client, r->client_name,
1874 r->server, r->server_name,
1875 req, &error_method);
1876 if(ret)
1877 goto out;
1878
1879 /*
1880 * Select the best encryption type for the KDC with out regard to
1881 * the client since the client never needs to read that data.
1882 */
1883
1884 ret = _kdc_get_preferred_key(context, config,
1885 r->server, r->server_name,
1886 &setype, &skey);
1887 if(ret)
1888 goto out;
1889
1890 if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
1891 || (_kdc_is_anon_request(b) && !config->allow_anonymous)) {
1892 ret = KRB5KDC_ERR_BADOPTION;
1893 _kdc_set_e_text(r, "Bad KDC options");
1894 goto out;
1895 }
1896
1897 /*
1898 * Build reply
1899 */
1900
1901 rep.pvno = 5;
1902 rep.msg_type = krb_as_rep;
1903
1904 if (_kdc_is_anonymous(context, r->client_princ)) {
1905 Realm anon_realm=KRB5_ANON_REALM;
1906 ret = copy_Realm(&anon_realm, &rep.crealm);
1907 } else
1908 ret = copy_Realm(&r->client->entry.principal->realm, &rep.crealm);
1909 if (ret)
1910 goto out;
1911 ret = _krb5_principal2principalname(&rep.cname, r->client->entry.principal);
1912 if (ret)
1913 goto out;
1914
1915 rep.ticket.tkt_vno = 5;
1916 copy_Realm(&r->server->entry.principal->realm, &rep.ticket.realm);
1917 _krb5_principal2principalname(&rep.ticket.sname,
1918 r->server->entry.principal);
1919 /* java 1.6 expects the name to be the same type, lets allow that
1920 * uncomplicated name-types. */
1921 #define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
1922 if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
1923 rep.ticket.sname.name_type = b->sname->name_type;
1924 #undef CNT
1925
1926 r->et.flags.initial = 1;
1927 if(r->client->entry.flags.forwardable && r->server->entry.flags.forwardable)
1928 r->et.flags.forwardable = f.forwardable;
1929 else if (f.forwardable) {
1930 _kdc_set_e_text(r, "Ticket may not be forwardable");
1931 ret = KRB5KDC_ERR_POLICY;
1932 goto out;
1933 }
1934 if(r->client->entry.flags.proxiable && r->server->entry.flags.proxiable)
1935 r->et.flags.proxiable = f.proxiable;
1936 else if (f.proxiable) {
1937 _kdc_set_e_text(r, "Ticket may not be proxiable");
1938 ret = KRB5KDC_ERR_POLICY;
1939 goto out;
1940 }
1941 if(r->client->entry.flags.postdate && r->server->entry.flags.postdate)
1942 r->et.flags.may_postdate = f.allow_postdate;
1943 else if (f.allow_postdate){
1944 _kdc_set_e_text(r, "Ticket may not be postdate");
1945 ret = KRB5KDC_ERR_POLICY;
1946 goto out;
1947 }
1948
1949 /* check for valid set of addresses */
1950 if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) {
1951 _kdc_set_e_text(r, "Bad address list in requested");
1952 ret = KRB5KRB_AP_ERR_BADADDR;
1953 goto out;
1954 }
1955
1956 ret = copy_PrincipalName(&rep.cname, &r->et.cname);
1957 if (ret)
1958 goto out;
1959 ret = copy_Realm(&rep.crealm, &r->et.crealm);
1960 if (ret)
1961 goto out;
1962
1963 {
1964 time_t start;
1965 time_t t;
1966
1967 start = r->et.authtime = kdc_time;
1968
1969 if(f.postdated && req->req_body.from){
1970 ALLOC(r->et.starttime);
1971 start = *r->et.starttime = *req->req_body.from;
1972 r->et.flags.invalid = 1;
1973 r->et.flags.postdated = 1; /* XXX ??? */
1974 }
1975 _kdc_fix_time(&b->till);
1976 t = *b->till;
1977
1978 /* be careful not overflowing */
1979
1980 if(r->client->entry.max_life)
1981 t = start + min(t - start, *r->client->entry.max_life);
1982 if(r->server->entry.max_life)
1983 t = start + min(t - start, *r->server->entry.max_life);
1984 #if 0
1985 t = min(t, start + realm->max_life);
1986 #endif
1987 r->et.endtime = t;
1988 if(f.renewable_ok && r->et.endtime < *b->till){
1989 f.renewable = 1;
1990 if(b->rtime == NULL){
1991 ALLOC(b->rtime);
1992 *b->rtime = 0;
1993 }
1994 if(*b->rtime < *b->till)
1995 *b->rtime = *b->till;
1996 }
1997 if(f.renewable && b->rtime){
1998 t = *b->rtime;
1999 if(t == 0)
2000 t = MAX_TIME;
2001 if(r->client->entry.max_renew)
2002 t = start + min(t - start, *r->client->entry.max_renew);
2003 if(r->server->entry.max_renew)
2004 t = start + min(t - start, *r->server->entry.max_renew);
2005 #if 0
2006 t = min(t, start + realm->max_renew);
2007 #endif
2008 ALLOC(r->et.renew_till);
2009 *r->et.renew_till = t;
2010 r->et.flags.renewable = 1;
2011 }
2012 }
2013
2014 if (_kdc_is_anon_request(b))
2015 r->et.flags.anonymous = 1;
2016
2017 if(b->addresses){
2018 ALLOC(r->et.caddr);
2019 copy_HostAddresses(b->addresses, r->et.caddr);
2020 }
2021
2022 r->et.transited.tr_type = DOMAIN_X500_COMPRESS;
2023 krb5_data_zero(&r->et.transited.contents);
2024
2025 /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
2026 * as 0 and as 0x80 (meaning indefinite length) apart, and is thus
2027 * incapable of correctly decoding SEQUENCE OF's of zero length.
2028 *
2029 * To fix this, always send at least one no-op last_req
2030 *
2031 * If there's a pw_end or valid_end we will use that,
2032 * otherwise just a dummy lr.
2033 */
2034 r->ek.last_req.val = malloc(2 * sizeof(*r->ek.last_req.val));
2035 if (r->ek.last_req.val == NULL) {
2036 ret = ENOMEM;
2037 goto out;
2038 }
2039 r->ek.last_req.len = 0;
2040 if (r->client->entry.pw_end
2041 && (config->kdc_warn_pwexpire == 0
2042 || kdc_time + config->kdc_warn_pwexpire >= *r->client->entry.pw_end)) {
2043 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_PW_EXPTIME;
2044 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.pw_end;
2045 ++r->ek.last_req.len;
2046 }
2047 if (r->client->entry.valid_end) {
2048 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_ACCT_EXPTIME;
2049 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.valid_end;
2050 ++r->ek.last_req.len;
2051 }
2052 if (r->ek.last_req.len == 0) {
2053 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_NONE;
2054 r->ek.last_req.val[r->ek.last_req.len].lr_value = 0;
2055 ++r->ek.last_req.len;
2056 }
2057 r->ek.nonce = b->nonce;
2058 if (r->client->entry.valid_end || r->client->entry.pw_end) {
2059 ALLOC(r->ek.key_expiration);
2060 if (r->client->entry.valid_end) {
2061 if (r->client->entry.pw_end)
2062 *r->ek.key_expiration = min(*r->client->entry.valid_end,
2063 *r->client->entry.pw_end);
2064 else
2065 *r->ek.key_expiration = *r->client->entry.valid_end;
2066 } else
2067 *r->ek.key_expiration = *r->client->entry.pw_end;
2068 } else
2069 r->ek.key_expiration = NULL;
2070 r->ek.flags = r->et.flags;
2071 r->ek.authtime = r->et.authtime;
2072 if (r->et.starttime) {
2073 ALLOC(r->ek.starttime);
2074 *r->ek.starttime = *r->et.starttime;
2075 }
2076 r->ek.endtime = r->et.endtime;
2077 if (r->et.renew_till) {
2078 ALLOC(r->ek.renew_till);
2079 *r->ek.renew_till = *r->et.renew_till;
2080 }
2081 copy_Realm(&rep.ticket.realm, &r->ek.srealm);
2082 copy_PrincipalName(&rep.ticket.sname, &r->ek.sname);
2083 if(r->et.caddr){
2084 ALLOC(r->ek.caddr);
2085 copy_HostAddresses(r->et.caddr, r->ek.caddr);
2086 }
2087
2088 /*
2089 * Check and session and reply keys
2090 */
2091
2092 if (r->session_key.keytype == ETYPE_NULL) {
2093 ret = krb5_generate_random_keyblock(context, r->sessionetype, &r->session_key);
2094 if (ret)
2095 goto out;
2096 }
2097
2098 if (r->reply_key.keytype == ETYPE_NULL) {
2099 _kdc_set_e_text(r, "Client have no reply key");
2100 ret = KRB5KDC_ERR_CLIENT_NOTYET;
2101 goto out;
2102 }
2103
2104 ret = copy_EncryptionKey(&r->session_key, &r->et.key);
2105 if (ret)
2106 goto out;
2107
2108 ret = copy_EncryptionKey(&r->session_key, &r->ek.key);
2109 if (ret)
2110 goto out;
2111
2112 if (r->outpadata.len) {
2113
2114 ALLOC(rep.padata);
2115 if (rep.padata == NULL) {
2116 ret = ENOMEM;
2117 goto out;
2118 }
2119 ret = copy_METHOD_DATA(&r->outpadata, rep.padata);
2120 if (ret)
2121 goto out;
2122 }
2123
2124 /* Add the PAC */
2125 if (send_pac_p(context, req)) {
2126 generate_pac(r, skey);
2127 }
2128
2129 _kdc_log_timestamp(context, config, "AS-REQ", r->et.authtime, r->et.starttime,
2130 r->et.endtime, r->et.renew_till);
2131
2132 /* do this as the last thing since this signs the EncTicketPart */
2133 ret = _kdc_add_KRB5SignedPath(context,
2134 config,
2135 r->server,
2136 setype,
2137 r->client->entry.principal,
2138 NULL,
2139 NULL,
2140 &r->et);
2141 if (ret)
2142 goto out;
2143
2144 log_as_req(context, config, r->reply_key.keytype, setype, b);
2145
2146 /*
2147 * We always say we support FAST/enc-pa-rep
2148 */
2149
2150 r->et.flags.enc_pa_rep = r->ek.flags.enc_pa_rep = 1;
2151
2152 /*
2153 * Add REQ_ENC_PA_REP if client supports it
2154 */
2155
2156 i = 0;
2157 pa = _kdc_find_padata(req, &i, KRB5_PADATA_REQ_ENC_PA_REP);
2158 if (pa) {
2159
2160 ret = add_enc_pa_rep(r);
2161 if (ret) {
2162 const char *msg = krb5_get_error_message(r->context, ret);
2163 _kdc_r_log(r, 0, "add_enc_pa_rep failed: %s: %d", msg, ret);
2164 krb5_free_error_message(r->context, msg);
2165 goto out;
2166 }
2167 }
2168
2169 /*
2170 *
2171 */
2172
2173 ret = _kdc_encode_reply(context, config,
2174 r->armor_crypto, req->req_body.nonce,
2175 &rep, &r->et, &r->ek, setype, r->server->entry.kvno,
2176 &skey->key, r->client->entry.kvno,
2177 &r->reply_key, 0, &r->e_text, reply);
2178 if (ret)
2179 goto out;
2180
2181 /*
2182 * Check if message too large
2183 */
2184 if (datagram_reply && reply->length > config->max_datagram_reply_length) {
2185 krb5_data_free(reply);
2186 ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
2187 _kdc_set_e_text(r, "Reply packet too large");
2188 }
2189
2190 out:
2191 free_AS_REP(&rep);
2192
2193 /*
2194 * In case of a non proxy error, build an error message.
2195 */
2196 if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE) {
2197 ret = _kdc_fast_mk_error(context, r,
2198 &error_method,
2199 r->armor_crypto,
2200 &req->req_body,
2201 ret, r->e_text,
2202 r->server_princ,
2203 &r->client_princ->name,
2204 &r->client_princ->realm,
2205 NULL, NULL,
2206 reply);
2207 if (ret)
2208 goto out2;
2209 }
2210 out2:
2211 free_EncTicketPart(&r->et);
2212 free_EncKDCRepPart(&r->ek);
2213 free_KDCFastState(&r->fast);
2214
2215 if (error_method.len)
2216 free_METHOD_DATA(&error_method);
2217 if (r->outpadata.len)
2218 free_METHOD_DATA(&r->outpadata);
2219 if (r->client_princ) {
2220 krb5_free_principal(context, r->client_princ);
2221 r->client_princ = NULL;
2222 }
2223 if (r->client_name) {
2224 free(r->client_name);
2225 r->client_name = NULL;
2226 }
2227 if (r->server_princ){
2228 krb5_free_principal(context, r->server_princ);
2229 r->server_princ = NULL;
2230 }
2231 if (r->server_name) {
2232 free(r->server_name);
2233 r->server_name = NULL;
2234 }
2235 if (r->client)
2236 _kdc_free_ent(context, r->client);
2237 if (r->server)
2238 _kdc_free_ent(context, r->server);
2239 if (r->armor_crypto) {
2240 krb5_crypto_destroy(r->context, r->armor_crypto);
2241 r->armor_crypto = NULL;
2242 }
2243 krb5_free_keyblock_contents(r->context, &r->reply_key);
2244 krb5_free_keyblock_contents(r->context, &r->session_key);
2245 return ret;
2246 }
2247
2248 /*
2249 * Add the AuthorizationData `data´ of `type´ to the last element in
2250 * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT
2251 */
2252
2253 krb5_error_code
2254 _kdc_tkt_add_if_relevant_ad(krb5_context context,
2255 EncTicketPart *tkt,
2256 int type,
2257 const krb5_data *data)
2258 {
2259 krb5_error_code ret;
2260 size_t size = 0;
2261
2262 if (tkt->authorization_data == NULL) {
2263 tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
2264 if (tkt->authorization_data == NULL) {
2265 krb5_set_error_message(context, ENOMEM, "out of memory");
2266 return ENOMEM;
2267 }
2268 }
2269
2270 /* add the entry to the last element */
2271 {
2272 AuthorizationData ad = { 0, NULL };
2273 AuthorizationDataElement ade;
2274
2275 ade.ad_type = type;
2276 ade.ad_data = *data;
2277
2278 ret = add_AuthorizationData(&ad, &ade);
2279 if (ret) {
2280 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2281 return ret;
2282 }
2283
2284 ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
2285
2286 ASN1_MALLOC_ENCODE(AuthorizationData,
2287 ade.ad_data.data, ade.ad_data.length,
2288 &ad, &size, ret);
2289 free_AuthorizationData(&ad);
2290 if (ret) {
2291 krb5_set_error_message(context, ret, "ASN.1 encode of "
2292 "AuthorizationData failed");
2293 return ret;
2294 }
2295 if (ade.ad_data.length != size)
2296 krb5_abortx(context, "internal asn.1 encoder error");
2297
2298 ret = add_AuthorizationData(tkt->authorization_data, &ade);
2299 der_free_octet_string(&ade.ad_data);
2300 if (ret) {
2301 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2302 return ret;
2303 }
2304 }
2305
2306 return 0;
2307 }
2308
2309 krb5_boolean
2310 _kdc_is_anon_request(const KDC_REQ_BODY *b)
2311 {
2312 /* some versions of heimdal use bit 14 instead of 16 for
2313 request_anonymous, as indicated in the anonymous draft prior to
2314 version 11. Bit 14 is assigned to S4U2Proxy, but all S4U2Proxy
2315 requests will have a second ticket; don't consider those anonymous */
2316 return (b->kdc_options.request_anonymous ||
2317 (b->kdc_options.constrained_delegation && !b->additional_tickets));
2318 }
Heimdal