search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add const to _kdc_set_e_text()
[heimdal.git] / kdc / kerberos5.c
blob1c887d666a64d877eecc5fa29995acd38c785638
1 /*
2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kdc_locl.h"
35
36 #define MAX_TIME ((time_t)((1U << 31) - 1))
37
38 #undef __attribute__
39 #define __attribute__(X)
40
41 void
42 _kdc_fix_time(time_t **t)
43 {
44 if(*t == NULL){
45 ALLOC(*t);
46 **t = MAX_TIME;
47 }
48 if(**t == 0) **t = MAX_TIME; /* fix for old clients */
49 }
50
51 static int
52 realloc_method_data(METHOD_DATA *md)
53 {
54 PA_DATA *pa;
55 pa = realloc(md->val, (md->len + 1) * sizeof(*md->val));
56 if(pa == NULL)
57 return ENOMEM;
58 md->val = pa;
59 md->len++;
60 return 0;
61 }
62
63 static void
64 set_salt_padata(METHOD_DATA *md, Salt *salt)
65 {
66 if (salt) {
67 realloc_method_data(md);
68 md->val[md->len - 1].padata_type = salt->type;
69 der_copy_octet_string(&salt->salt,
70 &md->val[md->len - 1].padata_value);
71 }
72 }
73
74 const PA_DATA*
75 _kdc_find_padata(const KDC_REQ *req, int *start, int type)
76 {
77 if (req->padata == NULL)
78 return NULL;
79
80 while((size_t)*start < req->padata->len){
81 (*start)++;
82 if(req->padata->val[*start - 1].padata_type == (unsigned)type)
83 return &req->padata->val[*start - 1];
84 }
85 return NULL;
86 }
87
88 /*
89 * This is a hack to allow predefined weak services, like afs to
90 * still use weak types
91 */
92
93 krb5_boolean
94 _kdc_is_weak_exception(krb5_principal principal, krb5_enctype etype)
95 {
96 if (principal->name.name_string.len > 0 &&
97 strcmp(principal->name.name_string.val[0], "afs") == 0 &&
98 (etype == (krb5_enctype)ETYPE_DES_CBC_CRC
99 || etype == (krb5_enctype)ETYPE_DES_CBC_MD4
100 || etype == (krb5_enctype)ETYPE_DES_CBC_MD5))
101 return TRUE;
102 return FALSE;
103 }
104
105
106 /*
107 * Detect if `key' is the using the the precomputed `default_salt'.
108 */
109
110 static krb5_boolean
111 is_default_salt_p(const krb5_salt *default_salt, const Key *key)
112 {
113 if (key->salt == NULL)
114 return TRUE;
115 if (default_salt->salttype != key->salt->type)
116 return FALSE;
117 if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
118 return FALSE;
119 return TRUE;
120 }
121
122
123 krb5_boolean
124 _kdc_is_anon_request(const KDC_REQ *req)
125 {
126 const KDC_REQ_BODY *b = &req->req_body;
127
128 /*
129 * Versions of Heimdal from 0.9rc1 through 1.50 use bit 14 instead
130 * of 16 for request_anonymous, as indicated in the anonymous draft
131 * prior to version 11. Bit 14 is assigned to S4U2Proxy, but S4U2Proxy
132 * requests are only sent to the TGS and, in any case, would have an
133 * additional ticket present.
134 */
135 return b->kdc_options.request_anonymous ||
136 (b->kdc_options.cname_in_addl_tkt && !b->additional_tickets);
137 }
138
139 /*
140 * return the first appropriate key of `princ' in `ret_key'. Look for
141 * all the etypes in (`etypes', `len'), stopping as soon as we find
142 * one, but preferring one that has default salt.
143 *
144 * XXX This function does way way too much. Split it up!
145 *
146 * XXX `etypes' and `len' are always `b->etype.val' and `b->etype.len' -- the
147 * etype list from the KDC-REQ-BODY, which is available here as
148 * `r->req->req_body', so we could just stop having it passed in.
149 *
150 * XXX Picking an enctype(s) for PA-ETYPE-INFO* is rather different than
151 * picking an enctype for a ticket's session key. The former is what we do
152 * here when `(flags & KFE_IS_PREAUTH)', the latter otherwise.
153 */
154
155 krb5_error_code
156 _kdc_find_etype(astgs_request_t r, uint32_t flags,
157 krb5_enctype *etypes, unsigned len,
158 krb5_enctype *ret_enctype, Key **ret_key,
159 krb5_boolean *ret_default_salt)
160 {
161 krb5_context context = r->context;
162 krb5_boolean use_strongest_session_key;
163 krb5_boolean is_preauth = flags & KFE_IS_PREAUTH;
164 krb5_boolean is_tgs = flags & KFE_IS_TGS;
165 hdb_entry_ex *princ;
166 krb5_principal request_princ;
167 krb5_error_code ret;
168 krb5_salt def_salt;
169 krb5_enctype enctype = (krb5_enctype)ETYPE_NULL;
170 const krb5_enctype *p;
171 Key *key = NULL;
172 size_t i, k, m;
173
174 if (is_preauth && (flags & KFE_USE_CLIENT) &&
175 r->client->entry.flags.synthetic)
176 return KRB5KDC_ERR_ETYPE_NOSUPP;
177
178 if ((flags & KFE_USE_CLIENT) && !r->client->entry.flags.synthetic) {
179 princ = r->client;
180 request_princ = r->client_princ;
181 } else {
182 princ = r->server;
183 request_princ = r->server->entry.principal;
184 }
185
186 use_strongest_session_key =
187 is_preauth ? r->config->preauth_use_strongest_session_key
188 : (is_tgs ? r->config->tgt_use_strongest_session_key :
189 r->config->svc_use_strongest_session_key);
190
191 /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
192 ret = krb5_get_pw_salt(context, request_princ, &def_salt);
193 if (ret)
194 return ret;
195
196 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
197
198 /*
199 * Pick an enctype that is in the intersection of:
200 *
201 * - permitted_enctypes (local policy)
202 * - requested enctypes (KDC-REQ-BODY's etype list)
203 * - the client's long-term keys' enctypes
204 * OR
205 * the server's configured etype list
206 *
207 * There are two sub-cases:
208 *
209 * - use local enctype preference (local policy)
210 * - use the client's preference list
211 */
212
213 if (use_strongest_session_key) {
214 /*
215 * Pick the strongest key that the KDC, target service, and
216 * client all support, using the local cryptosystem enctype
217 * list in strongest-to-weakest order to drive the search.
218 *
219 * This is not what RFC4120 says to do, but it encourages
220 * adoption of stronger enctypes. This doesn't play well with
221 * clients that have multiple Kerberos client implementations
222 * with different supported enctype lists sharing the same ccache.
223 */
224
225 /* drive the search with local supported enctypes list */
226 p = krb5_kerberos_enctypes(context);
227 for (i = 0;
228 p[i] != (krb5_enctype)ETYPE_NULL && enctype == (krb5_enctype)ETYPE_NULL;
229 i++) {
230 if (krb5_enctype_valid(context, p[i]) != 0 &&
231 !_kdc_is_weak_exception(princ->entry.principal, p[i]))
232 continue;
233
234 /* check that the client supports it too */
235 for (k = 0; k < len && enctype == (krb5_enctype)ETYPE_NULL; k++) {
236
237 if (p[i] != etypes[k])
238 continue;
239
240 if (!is_preauth && (flags & KFE_USE_CLIENT)) {
241 /*
242 * It suffices that the client says it supports this
243 * enctype in its KDC-REQ-BODY's etype list, which is what
244 * `etypes' is here.
245 */
246 ret = 0;
247 break;
248 }
249
250 /* check target princ support */
251 key = NULL;
252 if (!(flags & KFE_USE_CLIENT) && princ->entry.etypes) {
253 /*
254 * Use the etypes list from the server's HDB entry instead
255 * of deriving it from its long-term keys. This allows an
256 * entry to have just one long-term key but record support
257 * for multiple enctypes.
258 */
259 for (m = 0; m < princ->entry.etypes->len; m++) {
260 if (p[i] == princ->entry.etypes->val[m]) {
261 ret = 0;
262 break;
263 }
264 }
265 } else {
266 /*
267 * Use the entry's long-term keys as the source of its
268 * supported enctypes, either because we're making
269 * PA-ETYPE-INFO* or because we're selecting a session key
270 * enctype.
271 */
272 while (hdb_next_enctype2key(context, &princ->entry, NULL,
273 p[i], &key) == 0) {
274 if (key->key.keyvalue.length == 0) {
275 ret = KRB5KDC_ERR_NULL_KEY;
276 continue;
277 }
278 enctype = p[i];
279 ret = 0;
280 if (is_preauth && ret_key != NULL &&
281 !is_default_salt_p(&def_salt, key))
282 continue;
283 }
284 }
285 }
286 }
287 } else {
288 /*
289 * Pick the first key from the client's enctype list that is
290 * supported by the cryptosystem and by the given principal.
291 *
292 * RFC4120 says we SHOULD pick the first _strong_ key from the
293 * client's list... not the first key... If the admin disallows
294 * weak enctypes in krb5.conf and selects this key selection
295 * algorithm, then we get exactly what RFC4120 says.
296 */
297 for(i = 0; ret != 0 && i < len; i++) {
298
299 if (krb5_enctype_valid(context, etypes[i]) != 0 &&
300 !_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
301 continue;
302
303 key = NULL;
304 while (ret != 0 &&
305 hdb_next_enctype2key(context, &princ->entry, NULL,
306 etypes[i], &key) == 0) {
307 if (key->key.keyvalue.length == 0) {
308 ret = KRB5KDC_ERR_NULL_KEY;
309 continue;
310 }
311 enctype = etypes[i];
312 ret = 0;
313 if (is_preauth && ret_key != NULL &&
314 !is_default_salt_p(&def_salt, key))
315 continue;
316 }
317 }
318 }
319
320 if (enctype == (krb5_enctype)ETYPE_NULL) {
321 /*
322 * if the service principal is one for which there is a known 1DES
323 * exception and no other enctype matches both the client request and
324 * the service key list, provide a DES-CBC-CRC key.
325 */
326 if (ret_key == NULL &&
327 _kdc_is_weak_exception(princ->entry.principal, ETYPE_DES_CBC_CRC)) {
328 ret = 0;
329 enctype = ETYPE_DES_CBC_CRC;
330 } else {
331 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
332 }
333 }
334
335 if (ret == 0) {
336 if (ret_enctype != NULL)
337 *ret_enctype = enctype;
338 if (ret_key != NULL)
339 *ret_key = key;
340 if (ret_default_salt != NULL)
341 *ret_default_salt = is_default_salt_p(&def_salt, key);
342 }
343
344 krb5_free_salt (context, def_salt);
345 return ret;
346 }
347
348 krb5_error_code
349 _kdc_make_anonymous_principalname (PrincipalName *pn)
350 {
351 pn->name_type = KRB5_NT_WELLKNOWN;
352 pn->name_string.len = 2;
353 pn->name_string.val = calloc(2, sizeof(*pn->name_string.val));
354 if (pn->name_string.val == NULL)
355 goto failed;
356
357 pn->name_string.val[0] = strdup(KRB5_WELLKNOWN_NAME);
358 if (pn->name_string.val[0] == NULL)
359 goto failed;
360
361 pn->name_string.val[1] = strdup(KRB5_ANON_NAME);
362 if (pn->name_string.val[1] == NULL)
363 goto failed;
364
365 return 0;
366
367 failed:
368 free_PrincipalName(pn);
369
370 pn->name_type = KRB5_NT_UNKNOWN;
371 pn->name_string.len = 0;
372 pn->name_string.val = NULL;
373
374 return ENOMEM;
375 }
376
377 static void
378 _kdc_r_log(astgs_request_t r, int level, const char *fmt, ...)
379 __attribute__ ((__format__ (__printf__, 3, 4)))
380 {
381 va_list ap;
382 char *s;
383 va_start(ap, fmt);
384 s = kdc_log_msg_va(r->context, r->config, level, fmt, ap);
385 if(s) free(s);
386 va_end(ap);
387 }
388
389 void
390 _kdc_set_e_text(astgs_request_t r, const char *fmt, ...)
391 __attribute__ ((__format__ (__printf__, 2, 3)))
392 {
393 va_list ap;
394 char *e_text = NULL;
395 int vasprintf_ret;
396
397 va_start(ap, fmt);
398 vasprintf_ret = vasprintf(&e_text, fmt, ap);
399 va_end(ap);
400
401 if (vasprintf_ret < 0 || !e_text)
402 /* not much else to do... */
403 return;
404
405 /* We should never see this */
406 if (r->e_text) {
407 kdc_log(r->context, r->config, 1, "trying to replace e-text: %s\n",
408 e_text);
409 free(e_text);
410 return;
411 }
412
413 r->e_text = e_text;
414 r->e_text_buf = e_text;
415 kdc_log(r->context, r->config, 4, "%s", e_text);
416 }
417
418 void
419 _kdc_log_timestamp(astgs_request_t r, const char *type,
420 KerberosTime authtime, KerberosTime *starttime,
421 KerberosTime endtime, KerberosTime *renew_till)
422 {
423 krb5_context context = r->context;
424 krb5_kdc_configuration *config = r->config;
425 char authtime_str[100], starttime_str[100],
426 endtime_str[100], renewtime_str[100];
427
428 if (authtime)
429 _kdc_audit_addkv((kdc_request_t)r, 0, "auth", "%ld", (long)authtime);
430 if (starttime && *starttime)
431 _kdc_audit_addkv((kdc_request_t)r, 0, "start", "%ld",
432 (long)*starttime);
433 if (endtime)
434 _kdc_audit_addkv((kdc_request_t)r, 0, "end", "%ld", (long)endtime);
435 if (renew_till && *renew_till)
436 _kdc_audit_addkv((kdc_request_t)r, 0, "renew", "%ld",
437 (long)*renew_till);
438
439 krb5_format_time(context, authtime,
440 authtime_str, sizeof(authtime_str), TRUE);
441 if (starttime)
442 krb5_format_time(context, *starttime,
443 starttime_str, sizeof(starttime_str), TRUE);
444 else
445 strlcpy(starttime_str, "unset", sizeof(starttime_str));
446 krb5_format_time(context, endtime,
447 endtime_str, sizeof(endtime_str), TRUE);
448 if (renew_till)
449 krb5_format_time(context, *renew_till,
450 renewtime_str, sizeof(renewtime_str), TRUE);
451 else
452 strlcpy(renewtime_str, "unset", sizeof(renewtime_str));
453
454 kdc_log(context, config, 4,
455 "%s authtime: %s starttime: %s endtime: %s renew till: %s",
456 type, authtime_str, starttime_str, endtime_str, renewtime_str);
457 }
458
459 /*
460 *
461 */
462
463 #ifdef PKINIT
464
465 static krb5_error_code
466 pa_pkinit_validate(astgs_request_t r, const PA_DATA *pa)
467 {
468 pk_client_params *pkp = NULL;
469 char *client_cert = NULL;
470 krb5_error_code ret;
471
472 ret = _kdc_pk_rd_padata(r, pa, &pkp);
473 if (ret || pkp == NULL) {
474 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
475 _kdc_r_log(r, 4, "Failed to decode PKINIT PA-DATA -- %s",
476 r->cname);
477 goto out;
478 }
479
480 ret = _kdc_pk_check_client(r, pkp, &client_cert);
481 if (ret) {
482 _kdc_set_e_text(r, "PKINIT certificate not allowed to "
483 "impersonate principal");
484 goto out;
485 }
486
487 r->pa_endtime = _kdc_pk_endtime(pkp);
488 if (!r->client->entry.flags.synthetic)
489 r->pa_max_life = _kdc_pk_max_life(pkp);
490
491 _kdc_r_log(r, 4, "PKINIT pre-authentication succeeded -- %s using %s",
492 r->cname, client_cert);
493 free(client_cert);
494
495 ret = _kdc_pk_mk_pa_reply(r, pkp);
496 if (ret) {
497 _kdc_set_e_text(r, "Failed to build PK-INIT reply");
498 goto out;
499 }
500 ret = _kdc_add_initial_verified_cas(r->context, r->config,
501 pkp, &r->et);
502 out:
503 if (pkp)
504 _kdc_pk_free_client_param(r->context, pkp);
505
506 return ret;
507 }
508
509 #endif /* PKINIT */
510
511 /*
512 *
513 */
514
515 static krb5_error_code
516 make_pa_enc_challange(astgs_request_t r, krb5_crypto crypto)
517 {
518 krb5_context context = r->context;
519 METHOD_DATA *md = &r->outpadata;
520 PA_ENC_TS_ENC p;
521 unsigned char *buf;
522 size_t buf_size;
523 size_t len;
524 EncryptedData encdata;
525 krb5_error_code ret;
526 int32_t usec;
527 int usec2;
528
529 krb5_us_timeofday (context, &p.patimestamp, &usec);
530 usec2 = usec;
531 p.pausec = &usec2;
532
533 ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
534 if (ret)
535 return ret;
536 if(buf_size != len)
537 krb5_abortx(context, "internal error in ASN.1 encoder");
538
539 ret = krb5_encrypt_EncryptedData(context,
540 crypto,
541 KRB5_KU_ENC_CHALLENGE_KDC,
542 buf,
543 len,
544 0,
545 &encdata);
546 free(buf);
547 if (ret)
548 return ret;
549
550 ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
551 free_EncryptedData(&encdata);
552 if (ret)
553 return ret;
554 if(buf_size != len)
555 krb5_abortx(context, "internal error in ASN.1 encoder");
556
557 ret = krb5_padata_add(context, md, KRB5_PADATA_ENCRYPTED_CHALLENGE, buf, len);
558 if (ret)
559 free(buf);
560 return ret;
561 }
562
563 static krb5_error_code
564 pa_enc_chal_validate(astgs_request_t r, const PA_DATA *pa)
565 {
566 krb5_data pepper1, pepper2, ts_data;
567 int invalidPassword = 0;
568 EncryptedData enc_data;
569 krb5_enctype aenctype;
570 krb5_error_code ret;
571 struct Key *k;
572 size_t size;
573 int i;
574
575 heim_assert(r->armor_crypto != NULL, "ENC-CHAL called for non FAST");
576
577 if (_kdc_is_anon_request(&r->req)) {
578 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
579 kdc_log(r->context, r->config, 4, "ENC-CHALL doesn't support anon");
580 return ret;
581 }
582
583 ret = decode_EncryptedData(pa->padata_value.data,
584 pa->padata_value.length,
585 &enc_data,
586 &size);
587 if (ret) {
588 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
589 _kdc_r_log(r, 4, "Failed to decode PA-DATA -- %s",
590 r->cname);
591 return ret;
592 }
593
594 pepper1.data = "clientchallengearmor";
595 pepper1.length = strlen(pepper1.data);
596 pepper2.data = "challengelongterm";
597 pepper2.length = strlen(pepper2.data);
598
599 krb5_crypto_getenctype(r->context, r->armor_crypto, &aenctype);
600
601 for (i = 0; i < r->client->entry.keys.len; i++) {
602 krb5_crypto challangecrypto, longtermcrypto;
603 krb5_keyblock challangekey;
604 PA_ENC_TS_ENC p;
605
606 k = &r->client->entry.keys.val[i];
607
608 ret = krb5_crypto_init(r->context, &k->key, 0, &longtermcrypto);
609 if (ret)
610 continue;
611
612 ret = krb5_crypto_fx_cf2(r->context, r->armor_crypto, longtermcrypto,
613 &pepper1, &pepper2, aenctype,
614 &challangekey);
615 krb5_crypto_destroy(r->context, longtermcrypto);
616 if (ret)
617 continue;
618
619 ret = krb5_crypto_init(r->context, &challangekey, 0,
620 &challangecrypto);
621 if (ret)
622 continue;
623
624 ret = krb5_decrypt_EncryptedData(r->context, challangecrypto,
625 KRB5_KU_ENC_CHALLENGE_CLIENT,
626 &enc_data,
627 &ts_data);
628 if (ret) {
629 const char *msg = krb5_get_error_message(r->context, ret);
630 krb5_error_code ret2;
631 char *str = NULL;
632
633 invalidPassword = 1;
634
635 ret2 = krb5_enctype_to_string(r->context, k->key.keytype, &str);
636 if (ret2)
637 str = NULL;
638 _kdc_r_log(r, 2, "Failed to decrypt ENC-CHAL -- %s "
639 "(enctype %s) error %s",
640 r->cname, str ? str : "unknown enctype", msg);
641 krb5_free_error_message(r->context, msg);
642 free(str);
643
644 continue;
645 }
646
647 ret = decode_PA_ENC_TS_ENC(ts_data.data,
648 ts_data.length,
649 &p,
650 &size);
651 krb5_data_free(&ts_data);
652 if(ret){
653 krb5_crypto_destroy(r->context, challangecrypto);
654 ret = KRB5KDC_ERR_PREAUTH_FAILED;
655 _kdc_r_log(r, 4, "Failed to decode PA-ENC-TS_ENC -- %s",
656 r->cname);
657 continue;
658 }
659
660 if (labs(kdc_time - p.patimestamp) > r->context->max_skew) {
661 char client_time[100];
662
663 krb5_crypto_destroy(r->context, challangecrypto);
664
665 krb5_format_time(r->context, p.patimestamp,
666 client_time, sizeof(client_time), TRUE);
667
668 ret = KRB5KRB_AP_ERR_SKEW;
669 _kdc_r_log(r, 4, "Too large time skew, "
670 "client time %s is out by %u > %u seconds -- %s",
671 client_time,
672 (unsigned)labs(kdc_time - p.patimestamp),
673 r->context->max_skew,
674 r->cname);
675
676 free_PA_ENC_TS_ENC(&p);
677 goto out;
678 }
679
680 free_PA_ENC_TS_ENC(&p);
681
682 ret = make_pa_enc_challange(r, challangecrypto);
683 krb5_crypto_destroy(r->context, challangecrypto);
684 if (ret)
685 goto out;
686
687 set_salt_padata(&r->outpadata, k->salt);
688 krb5_free_keyblock_contents(r->context, &r->reply_key);
689 ret = krb5_copy_keyblock_contents(r->context, &k->key, &r->reply_key);
690 if (ret)
691 goto out;
692
693 /*
694 * Success
695 */
696 if (r->clientdb->hdb_auth_status)
697 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
698 HDB_AUTH_SUCCESS);
699 goto out;
700 }
701
702 if (invalidPassword && r->clientdb->hdb_auth_status) {
703 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
704 HDB_AUTH_WRONG_PASSWORD);
705 ret = KRB5KDC_ERR_PREAUTH_FAILED;
706 }
707 out:
708 free_EncryptedData(&enc_data);
709
710 return ret;
711 }
712
713 static krb5_error_code
714 pa_enc_ts_validate(astgs_request_t r, const PA_DATA *pa)
715 {
716 EncryptedData enc_data;
717 krb5_error_code ret;
718 krb5_crypto crypto;
719 krb5_data ts_data;
720 PA_ENC_TS_ENC p;
721 size_t len;
722 Key *pa_key;
723 char *str;
724
725 ret = decode_EncryptedData(pa->padata_value.data,
726 pa->padata_value.length,
727 &enc_data,
728 &len);
729 if (ret) {
730 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
731 _kdc_r_log(r, 4, "Failed to decode PA-DATA -- %s",
732 r->cname);
733 goto out;
734 }
735
736 ret = hdb_enctype2key(r->context, &r->client->entry, NULL,
737 enc_data.etype, &pa_key);
738 if(ret){
739 char *estr;
740 _kdc_set_e_text(r, "No key matching entype");
741 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
742 if(krb5_enctype_to_string(r->context, enc_data.etype, &estr))
743 estr = NULL;
744 if(estr == NULL)
745 _kdc_r_log(r, 4,
746 "No client key matching pa-data (%d) -- %s",
747 enc_data.etype, r->cname);
748 else
749 _kdc_r_log(r, 4,
750 "No client key matching pa-data (%s) -- %s",
751 estr, r->cname);
752 free(estr);
753 free_EncryptedData(&enc_data);
754 goto out;
755 }
756
757 try_next_key:
758 ret = krb5_crypto_init(r->context, &pa_key->key, 0, &crypto);
759 if (ret) {
760 const char *msg = krb5_get_error_message(r->context, ret);
761 _kdc_r_log(r, 4, "krb5_crypto_init failed: %s", msg);
762 krb5_free_error_message(r->context, msg);
763 free_EncryptedData(&enc_data);
764 goto out;
765 }
766
767 ret = krb5_decrypt_EncryptedData (r->context,
768 crypto,
769 KRB5_KU_PA_ENC_TIMESTAMP,
770 &enc_data,
771 &ts_data);
772 krb5_crypto_destroy(r->context, crypto);
773 /*
774 * Since the user might have several keys with the same
775 * enctype but with diffrent salting, we need to try all
776 * the keys with the same enctype.
777 */
778 if(ret){
779 krb5_error_code ret2;
780 const char *msg = krb5_get_error_message(r->context, ret);
781
782 ret2 = krb5_enctype_to_string(r->context,
783 pa_key->key.keytype, &str);
784 if (ret2)
785 str = NULL;
786 _kdc_r_log(r, 2, "Failed to decrypt PA-DATA -- %s "
787 "(enctype %s) error %s",
788 r->cname, str ? str : "unknown enctype", msg);
789 krb5_free_error_message(r->context, msg);
790 free(str);
791
792 if(hdb_next_enctype2key(r->context, &r->client->entry, NULL,
793 enc_data.etype, &pa_key) == 0)
794 goto try_next_key;
795
796 free_EncryptedData(&enc_data);
797
798 if (r->clientdb->hdb_auth_status)
799 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
800 HDB_AUTH_WRONG_PASSWORD);
801
802 ret = KRB5KDC_ERR_PREAUTH_FAILED;
803 goto out;
804 }
805 free_EncryptedData(&enc_data);
806 ret = decode_PA_ENC_TS_ENC(ts_data.data,
807 ts_data.length,
808 &p,
809 &len);
810 krb5_data_free(&ts_data);
811 if(ret){
812 ret = KRB5KDC_ERR_PREAUTH_FAILED;
813 _kdc_r_log(r, 4, "Failed to decode PA-ENC-TS_ENC -- %s",
814 r->cname);
815 goto out;
816 }
817 if (labs(kdc_time - p.patimestamp) > r->context->max_skew) {
818 char client_time[100];
819
820 krb5_format_time(r->context, p.patimestamp,
821 client_time, sizeof(client_time), TRUE);
822
823 ret = KRB5KRB_AP_ERR_SKEW;
824 _kdc_r_log(r, 4, "Too large time skew, "
825 "client time %s is out by %u > %u seconds -- %s",
826 client_time,
827 (unsigned)labs(kdc_time - p.patimestamp),
828 r->context->max_skew,
829 r->cname);
830
831 /*
832 * The following is needed to make windows clients to
833 * retry using the timestamp in the error message, if
834 * there is a e_text, they become unhappy.
835 */
836 r->e_text = NULL;
837 free_PA_ENC_TS_ENC(&p);
838 goto out;
839 }
840 free_PA_ENC_TS_ENC(&p);
841
842 set_salt_padata(&r->outpadata, pa_key->salt);
843
844 ret = krb5_copy_keyblock_contents(r->context, &pa_key->key, &r->reply_key);
845 if (ret)
846 return ret;
847
848 ret = krb5_enctype_to_string(r->context, pa_key->key.keytype, &str);
849 if (ret)
850 str = NULL;
851 _kdc_r_log(r, 4, "ENC-TS Pre-authentication succeeded -- %s using %s",
852 r->cname, str ? str : "unknown enctype");
853 _kdc_audit_addkv((kdc_request_t)r, 0, "pa-etype", "%d",
854 (int)pa_key->key.keytype);
855 free(str);
856
857 ret = 0;
858
859 out:
860
861 return ret;
862 }
863
864 struct kdc_patypes {
865 int type;
866 char *name;
867 unsigned int flags;
868 #define PA_ANNOUNCE 1
869 #define PA_REQ_FAST 2 /* only use inside fast */
870 #define PA_SYNTHETIC_OK 4
871 krb5_error_code (*validate)(astgs_request_t, const PA_DATA *pa);
872 };
873
874 static const struct kdc_patypes pat[] = {
875 #ifdef PKINIT
876 {
877 KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)",
878 PA_ANNOUNCE | PA_SYNTHETIC_OK,
879 pa_pkinit_validate
880 },
881 {
882 KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", PA_ANNOUNCE,
883 pa_pkinit_validate
884 },
885 {
886 KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", PA_ANNOUNCE,
887 NULL
888 },
889 #else
890 { KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)", 0, NULL },
891 { KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", 0, NULL },
892 { KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", 0, NULL },
893 #endif
894 { KRB5_PADATA_PA_PK_OCSP_RESPONSE , "OCSP", 0, NULL },
895 {
896 KRB5_PADATA_ENC_TIMESTAMP , "ENC-TS",
897 PA_ANNOUNCE,
898 pa_enc_ts_validate
899 },
900 {
901 KRB5_PADATA_ENCRYPTED_CHALLENGE , "ENC-CHAL",
902 PA_ANNOUNCE | PA_REQ_FAST,
903 pa_enc_chal_validate
904 },
905 { KRB5_PADATA_REQ_ENC_PA_REP , "REQ-ENC-PA-REP", 0, NULL },
906 { KRB5_PADATA_FX_FAST, "FX-FAST", PA_ANNOUNCE, NULL },
907 { KRB5_PADATA_FX_ERROR, "FX-ERROR", 0, NULL },
908 { KRB5_PADATA_FX_COOKIE, "FX-COOKIE", 0, NULL }
909 };
910
911 static void
912 log_patypes(astgs_request_t r, METHOD_DATA *padata)
913 {
914 krb5_context context = r->context;
915 krb5_kdc_configuration *config = r->config;
916 struct rk_strpool *p = NULL;
917 char *str;
918 size_t n, m;
919
920 for (n = 0; n < padata->len; n++) {
921 for (m = 0; m < sizeof(pat) / sizeof(pat[0]); m++) {
922 if (padata->val[n].padata_type == pat[m].type) {
923 p = rk_strpoolprintf(p, "%s", pat[m].name);
924 break;
925 }
926 }
927 if (m == sizeof(pat) / sizeof(pat[0]))
928 p = rk_strpoolprintf(p, "%d", padata->val[n].padata_type);
929 if (p && n + 1 < padata->len)
930 p = rk_strpoolprintf(p, ", ");
931 if (p == NULL) {
932 kdc_log(context, config, 1, "out of memory");
933 return;
934 }
935 }
936 if (p == NULL)
937 p = rk_strpoolprintf(p, "none");
938
939 str = rk_strpoolcollect(p);
940 kdc_log(context, config, 4, "Client sent patypes: %s", str);
941 _kdc_audit_addkv((kdc_request_t)r, KDC_AUDIT_EATWHITE,
942 "client-pa", "%s", str);
943 free(str);
944 }
945
946 /*
947 *
948 */
949
950 krb5_error_code
951 _kdc_encode_reply(krb5_context context,
952 krb5_kdc_configuration *config,
953 krb5_crypto armor_crypto, uint32_t nonce,
954 KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
955 krb5_enctype etype,
956 int skvno, const EncryptionKey *skey,
957 int ckvno, const EncryptionKey *reply_key,
958 int rk_is_subkey,
959 const char **e_text,
960 krb5_data *reply)
961 {
962 unsigned char *buf;
963 size_t buf_size;
964 size_t len = 0;
965 krb5_error_code ret;
966 krb5_crypto crypto;
967
968 ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
969 if(ret) {
970 const char *msg = krb5_get_error_message(context, ret);
971 kdc_log(context, config, 4, "Failed to encode ticket: %s", msg);
972 krb5_free_error_message(context, msg);
973 return ret;
974 }
975 if(buf_size != len)
976 krb5_abortx(context, "Internal error in ASN.1 encoder");
977
978 ret = krb5_crypto_init(context, skey, etype, &crypto);
979 if (ret) {
980 const char *msg = krb5_get_error_message(context, ret);
981 kdc_log(context, config, 4, "krb5_crypto_init failed: %s", msg);
982 krb5_free_error_message(context, msg);
983 free(buf);
984 return ret;
985 }
986
987 ret = krb5_encrypt_EncryptedData(context,
988 crypto,
989 KRB5_KU_TICKET,
990 buf,
991 len,
992 skvno,
993 &rep->ticket.enc_part);
994 free(buf);
995 krb5_crypto_destroy(context, crypto);
996 if(ret) {
997 const char *msg = krb5_get_error_message(context, ret);
998 kdc_log(context, config, 4, "Failed to encrypt data: %s", msg);
999 krb5_free_error_message(context, msg);
1000 return ret;
1001 }
1002
1003 if (armor_crypto) {
1004 krb5_data data;
1005 krb5_keyblock *strengthen_key = NULL;
1006 KrbFastFinished finished;
1007
1008 kdc_log(context, config, 4, "FAST armor protection");
1009
1010 memset(&finished, 0, sizeof(finished));
1011 krb5_data_zero(&data);
1012
1013 finished.timestamp = kdc_time;
1014 finished.usec = 0;
1015 finished.crealm = et->crealm;
1016 finished.cname = et->cname;
1017
1018 ASN1_MALLOC_ENCODE(Ticket, data.data, data.length,
1019 &rep->ticket, &len, ret);
1020 if (ret)
1021 return ret;
1022 if (data.length != len)
1023 krb5_abortx(context, "internal asn.1 error");
1024
1025 ret = krb5_create_checksum(context, armor_crypto,
1026 KRB5_KU_FAST_FINISHED, 0,
1027 data.data, data.length,
1028 &finished.ticket_checksum);
1029 krb5_data_free(&data);
1030 if (ret)
1031 return ret;
1032
1033 ret = _kdc_fast_mk_response(context, armor_crypto,
1034 rep->padata, strengthen_key, &finished,
1035 nonce, &data);
1036 free_Checksum(&finished.ticket_checksum);
1037 if (ret)
1038 return ret;
1039
1040 if (rep->padata) {
1041 free_METHOD_DATA(rep->padata);
1042 } else {
1043 rep->padata = calloc(1, sizeof(*(rep->padata)));
1044 if (rep->padata == NULL) {
1045 krb5_data_free(&data);
1046 return ENOMEM;
1047 }
1048 }
1049
1050 ret = krb5_padata_add(context, rep->padata,
1051 KRB5_PADATA_FX_FAST,
1052 data.data, data.length);
1053 if (ret)
1054 return ret;
1055
1056 /*
1057 * Hide client name of privacy reasons
1058 */
1059 if (1 /* r->fast_options.hide_client_names */) {
1060 rep->crealm[0] = '\0';
1061 free_PrincipalName(&rep->cname);
1062 rep->cname.name_type = 0;
1063 }
1064 }
1065
1066 if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep)
1067 ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
1068 else
1069 ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
1070 if(ret) {
1071 const char *msg = krb5_get_error_message(context, ret);
1072 kdc_log(context, config, 4, "Failed to encode KDC-REP: %s", msg);
1073 krb5_free_error_message(context, msg);
1074 return ret;
1075 }
1076 if(buf_size != len) {
1077 free(buf);
1078 kdc_log(context, config, 4, "Internal error in ASN.1 encoder");
1079 *e_text = "KDC internal error";
1080 return KRB5KRB_ERR_GENERIC;
1081 }
1082 ret = krb5_crypto_init(context, reply_key, 0, &crypto);
1083 if (ret) {
1084 const char *msg = krb5_get_error_message(context, ret);
1085 free(buf);
1086 kdc_log(context, config, 4, "krb5_crypto_init failed: %s", msg);
1087 krb5_free_error_message(context, msg);
1088 return ret;
1089 }
1090 if(rep->msg_type == krb_as_rep) {
1091 krb5_encrypt_EncryptedData(context,
1092 crypto,
1093 KRB5_KU_AS_REP_ENC_PART,
1094 buf,
1095 len,
1096 ckvno,
1097 &rep->enc_part);
1098 free(buf);
1099 ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
1100 } else {
1101 krb5_encrypt_EncryptedData(context,
1102 crypto,
1103 rk_is_subkey ? KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : KRB5_KU_TGS_REP_ENC_PART_SESSION,
1104 buf,
1105 len,
1106 ckvno,
1107 &rep->enc_part);
1108 free(buf);
1109 ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
1110 }
1111 krb5_crypto_destroy(context, crypto);
1112 if(ret) {
1113 const char *msg = krb5_get_error_message(context, ret);
1114 kdc_log(context, config, 4, "Failed to encode KDC-REP: %s", msg);
1115 krb5_free_error_message(context, msg);
1116 return ret;
1117 }
1118 if(buf_size != len) {
1119 free(buf);
1120 kdc_log(context, config, 4, "Internal error in ASN.1 encoder");
1121 *e_text = "KDC internal error";
1122 return KRB5KRB_ERR_GENERIC;
1123 }
1124 reply->data = buf;
1125 reply->length = buf_size;
1126 return 0;
1127 }
1128
1129 /*
1130 * Return 1 if the client have only older enctypes, this is for
1131 * determining if the server should send ETYPE_INFO2 or not.
1132 */
1133
1134 static int
1135 older_enctype(krb5_enctype enctype)
1136 {
1137 switch (enctype) {
1138 case ETYPE_DES_CBC_CRC:
1139 case ETYPE_DES_CBC_MD4:
1140 case ETYPE_DES_CBC_MD5:
1141 case ETYPE_DES3_CBC_SHA1:
1142 case ETYPE_ARCFOUR_HMAC_MD5:
1143 case ETYPE_ARCFOUR_HMAC_MD5_56:
1144 /*
1145 * The following three is "old" windows enctypes and is needed for
1146 * windows 2000 hosts.
1147 */
1148 case ETYPE_ARCFOUR_MD4:
1149 case ETYPE_ARCFOUR_HMAC_OLD:
1150 case ETYPE_ARCFOUR_HMAC_OLD_EXP:
1151 return 1;
1152 default:
1153 return 0;
1154 }
1155 }
1156
1157 /*
1158 *
1159 */
1160
1161 static krb5_error_code
1162 make_etype_info_entry(krb5_context context,
1163 ETYPE_INFO_ENTRY *ent,
1164 Key *key,
1165 krb5_boolean include_salt)
1166 {
1167 ent->etype = key->key.keytype;
1168 if (key->salt && include_salt){
1169 #if 0
1170 ALLOC(ent->salttype);
1171
1172 if(key->salt->type == hdb_pw_salt)
1173 *ent->salttype = 0; /* or 1? or NULL? */
1174 else if(key->salt->type == hdb_afs3_salt)
1175 *ent->salttype = 2;
1176 else {
1177 kdc_log(context, config, 4, "unknown salt-type: %d",
1178 key->salt->type);
1179 return KRB5KRB_ERR_GENERIC;
1180 }
1181 /* according to `the specs', we can't send a salt if
1182 we have AFS3 salted key, but that requires that you
1183 *know* what cell you are using (e.g by assuming
1184 that the cell is the same as the realm in lower
1185 case) */
1186 #elif 0
1187 ALLOC(ent->salttype);
1188 *ent->salttype = key->salt->type;
1189 #else
1190 /*
1191 * We shouldn't sent salttype since it is incompatible with the
1192 * specification and it breaks windows clients. The afs
1193 * salting problem is solved by using KRB5-PADATA-AFS3-SALT
1194 * implemented in Heimdal 0.7 and later.
1195 */
1196 ent->salttype = NULL;
1197 #endif
1198 krb5_copy_data(context, &key->salt->salt,
1199 &ent->salt);
1200 } else {
1201 /* we return no salt type at all, as that should indicate
1202 * the default salt type and make everybody happy. some
1203 * systems (like w2k) dislike being told the salt type
1204 * here. */
1205
1206 ent->salttype = NULL;
1207 ent->salt = NULL;
1208 }
1209 return 0;
1210 }
1211
1212 static krb5_error_code
1213 get_pa_etype_info(krb5_context context,
1214 krb5_kdc_configuration *config,
1215 METHOD_DATA *md, Key *ckey,
1216 krb5_boolean include_salt)
1217 {
1218 krb5_error_code ret = 0;
1219 ETYPE_INFO pa;
1220 unsigned char *buf;
1221 size_t len;
1222
1223
1224 pa.len = 1;
1225 pa.val = calloc(1, sizeof(pa.val[0]));
1226 if(pa.val == NULL)
1227 return ENOMEM;
1228
1229 ret = make_etype_info_entry(context, &pa.val[0], ckey, include_salt);
1230 if (ret) {
1231 free_ETYPE_INFO(&pa);
1232 return ret;
1233 }
1234
1235 ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
1236 free_ETYPE_INFO(&pa);
1237 if(ret)
1238 return ret;
1239 ret = realloc_method_data(md);
1240 if(ret) {
1241 free(buf);
1242 return ret;
1243 }
1244 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO;
1245 md->val[md->len - 1].padata_value.length = len;
1246 md->val[md->len - 1].padata_value.data = buf;
1247 return 0;
1248 }
1249
1250 /*
1251 *
1252 */
1253
1254 extern int _krb5_AES_SHA1_string_to_default_iterator;
1255 extern int _krb5_AES_SHA2_string_to_default_iterator;
1256
1257 static krb5_error_code
1258 make_s2kparams(int value, size_t len, krb5_data **ps2kparams)
1259 {
1260 krb5_data *s2kparams;
1261 krb5_error_code ret;
1262
1263 ALLOC(s2kparams);
1264 if (s2kparams == NULL)
1265 return ENOMEM;
1266 ret = krb5_data_alloc(s2kparams, len);
1267 if (ret) {
1268 free(s2kparams);
1269 return ret;
1270 }
1271 _krb5_put_int(s2kparams->data, value, len);
1272 *ps2kparams = s2kparams;
1273 return 0;
1274 }
1275
1276 static krb5_error_code
1277 make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent,
1278 Key *key,
1279 krb5_boolean include_salt)
1280 {
1281 krb5_error_code ret;
1282
1283 ent->etype = key->key.keytype;
1284 if (key->salt && include_salt) {
1285 ALLOC(ent->salt);
1286 if (ent->salt == NULL)
1287 return ENOMEM;
1288 *ent->salt = malloc(key->salt->salt.length + 1);
1289 if (*ent->salt == NULL) {
1290 free(ent->salt);
1291 ent->salt = NULL;
1292 return ENOMEM;
1293 }
1294 memcpy(*ent->salt, key->salt->salt.data, key->salt->salt.length);
1295 (*ent->salt)[key->salt->salt.length] = '\0';
1296 } else
1297 ent->salt = NULL;
1298
1299 ent->s2kparams = NULL;
1300
1301 switch (key->key.keytype) {
1302 case ETYPE_AES128_CTS_HMAC_SHA1_96:
1303 case ETYPE_AES256_CTS_HMAC_SHA1_96:
1304 ret = make_s2kparams(_krb5_AES_SHA1_string_to_default_iterator,
1305 4, &ent->s2kparams);
1306 break;
1307 case KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128:
1308 case KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192:
1309 ret = make_s2kparams(_krb5_AES_SHA2_string_to_default_iterator,
1310 4, &ent->s2kparams);
1311 break;
1312 case ETYPE_DES_CBC_CRC:
1313 case ETYPE_DES_CBC_MD4:
1314 case ETYPE_DES_CBC_MD5:
1315 /* Check if this was a AFS3 salted key */
1316 if(key->salt && key->salt->type == hdb_afs3_salt)
1317 ret = make_s2kparams(1, 1, &ent->s2kparams);
1318 else
1319 ret = 0;
1320 break;
1321 default:
1322 ret = 0;
1323 break;
1324 }
1325 return ret;
1326 }
1327
1328 /*
1329 * Return an ETYPE-INFO2. Enctypes are storted the same way as in the
1330 * database (client supported enctypes first, then the unsupported
1331 * enctypes).
1332 */
1333
1334 static krb5_error_code
1335 get_pa_etype_info2(krb5_context context,
1336 krb5_kdc_configuration *config,
1337 METHOD_DATA *md, Key *ckey,
1338 krb5_boolean include_salt)
1339 {
1340 krb5_error_code ret = 0;
1341 ETYPE_INFO2 pa;
1342 unsigned char *buf;
1343 size_t len;
1344
1345 pa.len = 1;
1346 pa.val = calloc(1, sizeof(pa.val[0]));
1347 if(pa.val == NULL)
1348 return ENOMEM;
1349
1350 ret = make_etype_info2_entry(&pa.val[0], ckey, include_salt);
1351 if (ret) {
1352 free_ETYPE_INFO2(&pa);
1353 return ret;
1354 }
1355
1356 ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret);
1357 free_ETYPE_INFO2(&pa);
1358 if(ret)
1359 return ret;
1360 ret = realloc_method_data(md);
1361 if(ret) {
1362 free(buf);
1363 return ret;
1364 }
1365 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO2;
1366 md->val[md->len - 1].padata_value.length = len;
1367 md->val[md->len - 1].padata_value.data = buf;
1368 return 0;
1369 }
1370
1371 static int
1372 newer_enctype_present(struct KDC_REQ_BODY_etype *etype_list)
1373 {
1374 size_t i;
1375
1376 for (i = 0; i < etype_list->len; i++) {
1377 if (!older_enctype(etype_list->val[i]))
1378 return 1;
1379 }
1380 return 0;
1381 }
1382
1383 static krb5_error_code
1384 get_pa_etype_info_both(krb5_context context,
1385 krb5_kdc_configuration *config,
1386 struct KDC_REQ_BODY_etype *etype_list,
1387 METHOD_DATA *md, Key *ckey,
1388 krb5_boolean include_salt)
1389 {
1390 krb5_error_code ret;
1391
1392 /*
1393 * RFC4120 requires:
1394 * When the AS server is to include pre-authentication data in a
1395 * KRB-ERROR or in an AS-REP, it MUST use PA-ETYPE-INFO2, not
1396 * PA-ETYPE-INFO, if the etype field of the client's AS-REQ lists
1397 * at least one "newer" encryption type. Otherwise (when the etype
1398 * field of the client's AS-REQ does not list any "newer" encryption
1399 * types), it MUST send both PA-ETYPE-INFO2 and PA-ETYPE-INFO (both
1400 * with an entry for each enctype). A "newer" enctype is any enctype
1401 * first officially specified concurrently with or subsequent to the
1402 * issue of this RFC. The enctypes DES, 3DES, or RC4 and any defined
1403 * in [RFC1510] are not "newer" enctypes.
1404 *
1405 * It goes on to state:
1406 * The preferred ordering of the "hint" pre-authentication data that
1407 * affect client key selection is: ETYPE-INFO2, followed by ETYPE-INFO,
1408 * followed by PW-SALT. As noted in Section 3.1.3, a KDC MUST NOT send
1409 * ETYPE-INFO or PW-SALT when the client's AS-REQ includes at least one
1410 * "newer" etype.
1411 */
1412
1413 ret = get_pa_etype_info2(context, config, md, ckey, include_salt);
1414 if (ret)
1415 return ret;
1416
1417 if (!newer_enctype_present(etype_list))
1418 ret = get_pa_etype_info(context, config, md, ckey, include_salt);
1419
1420 return ret;
1421 }
1422
1423 /*
1424 *
1425 */
1426
1427 void
1428 _log_astgs_req(astgs_request_t r, krb5_enctype setype)
1429 {
1430 krb5_context context = r->context;
1431 const KDC_REQ_BODY *b = &r->req.req_body;
1432 krb5_enctype cetype = r->reply_key.keytype;
1433 krb5_error_code ret;
1434 struct rk_strpool *p;
1435 struct rk_strpool *s = NULL;
1436 char *str;
1437 char *cet;
1438 char *set;
1439 size_t i;
1440
1441 /*
1442 * we are collecting ``p'' and ``s''. The former is a textual
1443 * representation of the enctypes as strings which will be used
1444 * for debugging. The latter is a terse comma separated list of
1445 * the %d's of the enctypes to emit into our audit trail to
1446 * conserve space in the logs.
1447 */
1448
1449 p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: ");
1450
1451 for (i = 0; i < b->etype.len; i++) {
1452 ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
1453 if (ret == 0) {
1454 p = rk_strpoolprintf(p, "%s", str);
1455 free(str);
1456 } else
1457 p = rk_strpoolprintf(p, "%d", b->etype.val[i]);
1458 if (p == NULL) {
1459 rk_strpoolfree(s);
1460 _kdc_r_log(r, 4, "out of memory");
1461 return;
1462 }
1463 s = rk_strpoolprintf(s, "%d", b->etype.val[i]);
1464 if (i + 1 < b->etype.len) {
1465 p = rk_strpoolprintf(p, ", ");
1466 s = rk_strpoolprintf(s, ",");
1467 }
1468 }
1469 if (p == NULL)
1470 p = rk_strpoolprintf(p, "no encryption types");
1471
1472 str = rk_strpoolcollect(s);
1473 if (str)
1474 _kdc_audit_addkv((kdc_request_t)r, KDC_AUDIT_EATWHITE, "etypes", "%s",
1475 str);
1476 free(str);
1477
1478 ret = krb5_enctype_to_string(context, cetype, &cet);
1479 if(ret == 0) {
1480 ret = krb5_enctype_to_string(context, setype, &set);
1481 if (ret == 0) {
1482 p = rk_strpoolprintf(p, ", using %s/%s", cet, set);
1483 free(set);
1484 }
1485 free(cet);
1486 }
1487 if (ret != 0)
1488 p = rk_strpoolprintf(p, ", using enctypes %d/%d",
1489 cetype, setype);
1490
1491 str = rk_strpoolcollect(p);
1492 if (str)
1493 _kdc_r_log(r, 4, "%s", str);
1494 free(str);
1495
1496 _kdc_audit_addkv((kdc_request_t)r, 0, "etype", "%d/%d", cetype, setype);
1497
1498 {
1499 char fixedstr[128];
1500
1501 unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(),
1502 fixedstr, sizeof(fixedstr));
1503 if (*fixedstr) {
1504 _kdc_r_log(r, 4, "Requested flags: %s", fixedstr);
1505 _kdc_audit_addkv((kdc_request_t)r, KDC_AUDIT_EATWHITE,
1506 "flags", "%s", fixedstr);
1507 }
1508 }
1509 }
1510
1511 /*
1512 * verify the flags on `client' and `server', returning 0
1513 * if they are OK and generating an error messages and returning
1514 * and error code otherwise.
1515 */
1516
1517 krb5_error_code
1518 kdc_check_flags(astgs_request_t r, krb5_boolean is_as_req)
1519 {
1520 krb5_context context = r->context;
1521 hdb_entry_ex *client_ex = r->client;
1522 hdb_entry_ex *server_ex = r->server;
1523
1524 if(client_ex != NULL) {
1525 hdb_entry *client = &client_ex->entry;
1526
1527 /* check client */
1528 if (client->flags.locked_out) {
1529 _kdc_audit_addreason((kdc_request_t)r, "Client is locked out");
1530 return KRB5KDC_ERR_POLICY;
1531 }
1532
1533 if (client->flags.invalid) {
1534 _kdc_audit_addreason((kdc_request_t)r,
1535 "Client has invalid bit set");
1536 return KRB5KDC_ERR_POLICY;
1537 }
1538
1539 if (!client->flags.client) {
1540 _kdc_audit_addreason((kdc_request_t)r,
1541 "Principal may not act as client");
1542 return KRB5KDC_ERR_POLICY;
1543 }
1544
1545 if (client->valid_start && *client->valid_start > kdc_time) {
1546 char starttime_str[100];
1547 krb5_format_time(context, *client->valid_start,
1548 starttime_str, sizeof(starttime_str), TRUE);
1549 _kdc_audit_addreason((kdc_request_t)r, "Client not yet valid "
1550 "until %s", starttime_str);
1551 return KRB5KDC_ERR_CLIENT_NOTYET;
1552 }
1553
1554 if (client->valid_end && *client->valid_end < kdc_time) {
1555 char endtime_str[100];
1556 krb5_format_time(context, *client->valid_end,
1557 endtime_str, sizeof(endtime_str), TRUE);
1558 _kdc_audit_addreason((kdc_request_t)r, "Client expired at %s",
1559 endtime_str);
1560 return KRB5KDC_ERR_NAME_EXP;
1561 }
1562
1563 if (client->flags.require_pwchange &&
1564 (server_ex == NULL || !server_ex->entry.flags.change_pw))
1565 return KRB5KDC_ERR_KEY_EXPIRED;
1566
1567 if (client->pw_end && *client->pw_end < kdc_time
1568 && (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
1569 char pwend_str[100];
1570 krb5_format_time(context, *client->pw_end,
1571 pwend_str, sizeof(pwend_str), TRUE);
1572 _kdc_audit_addreason((kdc_request_t)r, "Client's key has expired "
1573 "at %s", pwend_str);
1574 return KRB5KDC_ERR_KEY_EXPIRED;
1575 }
1576 }
1577
1578 /* check server */
1579
1580 if (server_ex != NULL) {
1581 hdb_entry *server = &server_ex->entry;
1582
1583 if (server->flags.locked_out) {
1584 _kdc_audit_addreason((kdc_request_t)r, "Server locked out");
1585 return KRB5KDC_ERR_POLICY;
1586 }
1587 if (server->flags.invalid) {
1588 _kdc_audit_addreason((kdc_request_t)r,
1589 "Server has invalid flag set");
1590 return KRB5KDC_ERR_POLICY;
1591 }
1592 if (!server->flags.server) {
1593 _kdc_audit_addreason((kdc_request_t)r,
1594 "Principal may not act as server");
1595 return KRB5KDC_ERR_POLICY;
1596 }
1597
1598 if (!is_as_req && server->flags.initial) {
1599 _kdc_audit_addreason((kdc_request_t)r,
1600 "AS-REQ is required for server");
1601 return KRB5KDC_ERR_POLICY;
1602 }
1603
1604 if (server->valid_start && *server->valid_start > kdc_time) {
1605 char starttime_str[100];
1606 krb5_format_time(context, *server->valid_start,
1607 starttime_str, sizeof(starttime_str), TRUE);
1608 _kdc_audit_addreason((kdc_request_t)r, "Server not yet valid "
1609 "until %s", starttime_str);
1610 return KRB5KDC_ERR_SERVICE_NOTYET;
1611 }
1612
1613 if (server->valid_end && *server->valid_end < kdc_time) {
1614 char endtime_str[100];
1615 krb5_format_time(context, *server->valid_end,
1616 endtime_str, sizeof(endtime_str), TRUE);
1617 _kdc_audit_addreason((kdc_request_t)r, "Server expired at %s",
1618 endtime_str);
1619 return KRB5KDC_ERR_SERVICE_EXP;
1620 }
1621
1622 if (server->pw_end && *server->pw_end < kdc_time) {
1623 char pwend_str[100];
1624 krb5_format_time(context, *server->pw_end,
1625 pwend_str, sizeof(pwend_str), TRUE);
1626 _kdc_audit_addreason((kdc_request_t)r, "Server's key has expired "
1627 "at %s", pwend_str);
1628 return KRB5KDC_ERR_KEY_EXPIRED;
1629 }
1630 }
1631 return 0;
1632 }
1633
1634 /*
1635 * Return TRUE if `from' is part of `addresses' taking into consideration
1636 * the configuration variables that tells us how strict we should be about
1637 * these checks
1638 */
1639
1640 krb5_boolean
1641 _kdc_check_addresses(astgs_request_t r, HostAddresses *addresses,
1642 const struct sockaddr *from)
1643 {
1644 krb5_context context = r->context;
1645 krb5_kdc_configuration *config = r->config;
1646 krb5_error_code ret;
1647 krb5_address addr;
1648 krb5_boolean result;
1649 krb5_boolean only_netbios = TRUE;
1650 size_t i;
1651
1652 if (!config->check_ticket_addresses && !config->warn_ticket_addresses)
1653 return TRUE;
1654
1655 /*
1656 * Fields of HostAddresses type are always OPTIONAL and should be non-
1657 * empty, but we check for empty just in case as our compiler doesn't
1658 * support size constraints on SEQUENCE OF.
1659 */
1660 if (addresses == NULL || addresses->len == 0)
1661 return config->allow_null_ticket_addresses;
1662
1663 for (i = 0; i < addresses->len; ++i) {
1664 if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
1665 only_netbios = FALSE;
1666 }
1667 }
1668
1669 /* Windows sends it's netbios name, which I can only assume is
1670 * used for the 'allowed workstations' check. This is painful,
1671 * but we still want to check IP addresses if they happen to be
1672 * present.
1673 */
1674
1675 if(only_netbios)
1676 return config->allow_null_ticket_addresses;
1677
1678 ret = krb5_sockaddr2address (context, from, &addr);
1679 if(ret)
1680 return FALSE;
1681
1682 result = krb5_address_search(context, &addr, addresses);
1683 krb5_free_address (context, &addr);
1684 return result;
1685 }
1686
1687 /*
1688 *
1689 */
1690 krb5_error_code
1691 _kdc_check_anon_policy(astgs_request_t r)
1692 {
1693 if (!r->config->allow_anonymous) {
1694 _kdc_audit_addreason((kdc_request_t)r,
1695 "Anonymous tickets denied by local policy");
1696 return KRB5KDC_ERR_POLICY;
1697 }
1698
1699 return 0;
1700 }
1701
1702 /*
1703 *
1704 */
1705
1706 static krb5_boolean
1707 send_pac_p(krb5_context context, KDC_REQ *req)
1708 {
1709 krb5_error_code ret;
1710 PA_PAC_REQUEST pacreq;
1711 const PA_DATA *pa;
1712 int i = 0;
1713
1714 pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST);
1715 if (pa == NULL)
1716 return TRUE;
1717
1718 ret = decode_PA_PAC_REQUEST(pa->padata_value.data,
1719 pa->padata_value.length,
1720 &pacreq,
1721 NULL);
1722 if (ret)
1723 return TRUE;
1724 i = pacreq.include_pac;
1725 free_PA_PAC_REQUEST(&pacreq);
1726 if (i == 0)
1727 return FALSE;
1728 return TRUE;
1729 }
1730
1731 /*
1732 *
1733 */
1734
1735 static krb5_error_code
1736 generate_pac(astgs_request_t r, Key *skey)
1737 {
1738 krb5_error_code ret;
1739 krb5_pac p = NULL;
1740 krb5_data data;
1741
1742 ret = _kdc_pac_generate(r->context, r->client, &p);
1743 if (ret) {
1744 _kdc_r_log(r, 4, "PAC generation failed for -- %s",
1745 r->cname);
1746 return ret;
1747 }
1748 if (p == NULL)
1749 return 0;
1750
1751 ret = _krb5_pac_sign(r->context, p, r->et.authtime,
1752 r->client->entry.principal,
1753 &skey->key, /* Server key */
1754 &skey->key, /* FIXME: should be krbtgt key */
1755 &data);
1756 krb5_pac_free(r->context, p);
1757 if (ret) {
1758 _kdc_r_log(r, 4, "PAC signing failed for -- %s",
1759 r->cname);
1760 return ret;
1761 }
1762
1763 ret = _kdc_tkt_add_if_relevant_ad(r->context, &r->et,
1764 KRB5_AUTHDATA_WIN2K_PAC,
1765 &data);
1766 krb5_data_free(&data);
1767
1768 return ret;
1769 }
1770
1771 /*
1772 *
1773 */
1774
1775 krb5_boolean
1776 _kdc_is_anonymous(krb5_context context, krb5_const_principal principal)
1777 {
1778 return krb5_principal_is_anonymous(context, principal, KRB5_ANON_MATCH_ANY);
1779 }
1780
1781 static int
1782 require_preauth_p(astgs_request_t r)
1783 {
1784 return r->config->require_preauth
1785 || r->client->entry.flags.require_preauth
1786 || r->server->entry.flags.require_preauth;
1787 }
1788
1789
1790 /*
1791 *
1792 */
1793
1794 static krb5_error_code
1795 add_enc_pa_rep(astgs_request_t r)
1796 {
1797 krb5_error_code ret;
1798 krb5_crypto crypto;
1799 Checksum checksum;
1800 krb5_data cdata;
1801 size_t len;
1802
1803 ret = krb5_crypto_init(r->context, &r->reply_key, 0, &crypto);
1804 if (ret)
1805 return ret;
1806
1807 ret = krb5_create_checksum(r->context, crypto,
1808 KRB5_KU_AS_REQ, 0,
1809 r->request.data, r->request.length,
1810 &checksum);
1811 krb5_crypto_destroy(r->context, crypto);
1812 if (ret)
1813 return ret;
1814
1815 ASN1_MALLOC_ENCODE(Checksum, cdata.data, cdata.length,
1816 &checksum, &len, ret);
1817 free_Checksum(&checksum);
1818 if (ret)
1819 return ret;
1820 heim_assert(cdata.length == len, "ASN.1 internal error");
1821
1822 if (r->ek.encrypted_pa_data == NULL) {
1823 ALLOC(r->ek.encrypted_pa_data);
1824 if (r->ek.encrypted_pa_data == NULL)
1825 return ENOMEM;
1826 }
1827 ret = krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1828 KRB5_PADATA_REQ_ENC_PA_REP, cdata.data, cdata.length);
1829 if (ret)
1830 return ret;
1831
1832 return krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1833 KRB5_PADATA_FX_FAST, NULL, 0);
1834 }
1835
1836 /*
1837 *
1838 */
1839
1840 krb5_error_code
1841 _kdc_as_rep(astgs_request_t r)
1842 {
1843 krb5_context context = r->context;
1844 krb5_kdc_configuration *config = r->config;
1845 KDC_REQ *req = &r->req;
1846 const char *from = r->from;
1847 KDC_REQ_BODY *b = NULL;
1848 AS_REP rep;
1849 KDCOptions f;
1850 krb5_enctype setype;
1851 krb5_error_code ret = 0;
1852 Key *skey;
1853 int found_pa = 0;
1854 int i, flags = HDB_F_FOR_AS_REQ;
1855 METHOD_DATA error_method;
1856 const PA_DATA *pa;
1857 krb5_boolean is_tgs;
1858 const char *msg;
1859
1860 memset(&rep, 0, sizeof(rep));
1861 error_method.len = 0;
1862 error_method.val = NULL;
1863
1864 /*
1865 * Look for FAST armor and unwrap
1866 */
1867 ret = _kdc_fast_unwrap_request(r);
1868 if (ret) {
1869 _kdc_r_log(r, 1, "FAST unwrap request from %s failed: %d", from, ret);
1870 goto out;
1871 }
1872
1873 b = &req->req_body;
1874 f = b->kdc_options;
1875
1876 if (f.canonicalize)
1877 flags |= HDB_F_CANON;
1878
1879 if (b->sname == NULL) {
1880 ret = KRB5KRB_ERR_GENERIC;
1881 _kdc_set_e_text(r, "No server in request");
1882 goto out;
1883 }
1884
1885 ret = _krb5_principalname2krb5_principal(context, &r->server_princ,
1886 *(b->sname), b->realm);
1887 if (!ret)
1888 ret = krb5_unparse_name(context, r->server_princ, &r->sname);
1889 if (ret) {
1890 kdc_log(context, config, 2,
1891 "AS_REQ malformed server name from %s", from);
1892 goto out;
1893 }
1894
1895 if (b->cname == NULL) {
1896 ret = KRB5KRB_ERR_GENERIC;
1897 _kdc_set_e_text(r, "No client in request");
1898 goto out;
1899 }
1900
1901 ret = _krb5_principalname2krb5_principal(context, &r->client_princ,
1902 *(b->cname), b->realm);
1903 if (!ret)
1904 ret = krb5_unparse_name(context, r->client_princ, &r->cname);
1905 if (ret) {
1906 kdc_log(context, config, 2,
1907 "AS-REQ malformed client name from %s", from);
1908 goto out;
1909 }
1910
1911 kdc_log(context, config, 4, "AS-REQ %s from %s for %s",
1912 r->cname, r->from, r->sname);
1913
1914 is_tgs = krb5_principal_is_krbtgt(context, r->server_princ);
1915
1916 if (_kdc_is_anonymous(context, r->client_princ) &&
1917 !_kdc_is_anon_request(req)) {
1918 kdc_log(context, config, 2, "Anonymous client w/o anonymous flag");
1919 ret = KRB5KDC_ERR_BADOPTION;
1920 goto out;
1921 }
1922
1923 ret = _kdc_db_fetch(context, config, r->client_princ,
1924 HDB_F_GET_CLIENT | HDB_F_SYNTHETIC_OK | flags, NULL,
1925 &r->clientdb, &r->client);
1926 switch (ret) {
1927 case 0: /* Success */
1928 break;
1929 case HDB_ERR_NOT_FOUND_HERE:
1930 kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy",
1931 r->cname);
1932 goto out;
1933 case HDB_ERR_WRONG_REALM: {
1934 char *fixed_client_name = NULL;
1935
1936 ret = krb5_unparse_name(context, r->client->entry.principal,
1937 &fixed_client_name);
1938 if (ret) {
1939 goto out;
1940 }
1941
1942 kdc_log(context, config, 4, "WRONG_REALM - %s -> %s",
1943 r->cname, fixed_client_name);
1944 free(fixed_client_name);
1945
1946 ret = _kdc_fast_mk_error(r, &error_method, r->armor_crypto,
1947 &req->req_body, KRB5_KDC_ERR_WRONG_REALM,
1948 NULL, r->server_princ, NULL,
1949 &r->client->entry.principal->realm,
1950 NULL, NULL, r->reply);
1951 goto out;
1952 }
1953 default:
1954 msg = krb5_get_error_message(context, ret);
1955 kdc_log(context, config, 4, "UNKNOWN -- %s: %s", r->cname, msg);
1956 krb5_free_error_message(context, msg);
1957 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1958 goto out;
1959 }
1960 ret = _kdc_db_fetch(context, config, r->server_princ,
1961 HDB_F_GET_SERVER | HDB_F_DELAY_NEW_KEYS |
1962 flags | (is_tgs ? HDB_F_GET_KRBTGT : 0),
1963 NULL, NULL, &r->server);
1964 switch (ret) {
1965 case 0: /* Success */
1966 break;
1967 case HDB_ERR_NOT_FOUND_HERE:
1968 kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy",
1969 r->sname);
1970 goto out;
1971 default:
1972 msg = krb5_get_error_message(context, ret);
1973 kdc_log(context, config, 4, "UNKNOWN -- %s: %s", r->sname, msg);
1974 krb5_free_error_message(context, msg);
1975 ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
1976 goto out;
1977 }
1978
1979 /*
1980 * Select an enctype for the to-be-issued ticket's session key using the
1981 * intersection of the client's requested enctypes and the server's (like a
1982 * root krbtgt, but not necessarily) etypes from its HDB entry.
1983 */
1984 ret = _kdc_find_etype(r, (is_tgs ? KFE_IS_TGS:0) | KFE_USE_CLIENT,
1985 b->etype.val, b->etype.len,
1986 &r->sessionetype, NULL, NULL);
1987 if (ret) {
1988 kdc_log(context, config, 4,
1989 "Client (%s) from %s has no common enctypes with KDC "
1990 "to use for the session key",
1991 r->cname, from);
1992 goto out;
1993 }
1994
1995 /*
1996 * Pre-auth processing
1997 */
1998
1999 if(req->padata){
2000 unsigned int n;
2001
2002 log_patypes(r, req->padata);
2003
2004 /* Check if preauth matching */
2005
2006 for (n = 0; !found_pa && n < sizeof(pat) / sizeof(pat[0]); n++) {
2007 if (pat[n].validate == NULL)
2008 continue;
2009 if (r->armor_crypto == NULL && (pat[n].flags & PA_REQ_FAST))
2010 continue;
2011
2012 kdc_log(context, config, 5,
2013 "Looking for %s pa-data -- %s", pat[n].name, r->cname);
2014 i = 0;
2015 pa = _kdc_find_padata(req, &i, pat[n].type);
2016 if (pa) {
2017 if (r->client->entry.flags.synthetic &&
2018 !(pat[n].flags & PA_SYNTHETIC_OK)) {
2019 kdc_log(context, config, 4, "UNKNOWN -- %s", r->cname);
2020 ret = HDB_ERR_NOENTRY;
2021 goto out;
2022 }
2023 _kdc_audit_addkv((kdc_request_t)r, KDC_AUDIT_VIS, "pa", "%s",
2024 pat[n].name);
2025 ret = pat[n].validate(r, pa);
2026 if (ret != 0) {
2027 krb5_error_code ret2;
2028 Key *ckey = NULL;
2029 krb5_boolean default_salt;
2030
2031 /*
2032 * If there is a client key, send ETYPE_INFO{,2}
2033 */
2034 ret2 = _kdc_find_etype(r, KFE_IS_PREAUTH|KFE_USE_CLIENT,
2035 b->etype.val, b->etype.len,
2036 NULL, &ckey, &default_salt);
2037 if (ret2 == 0) {
2038 ret2 = get_pa_etype_info_both(context, config, &b->etype,
2039 &error_method, ckey, !default_salt);
2040 if (ret2 != 0)
2041 ret = ret2;
2042 }
2043 goto out;
2044 }
2045 kdc_log(context, config, 4,
2046 "%s pre-authentication succeeded -- %s",
2047 pat[n].name, r->cname);
2048 found_pa = 1;
2049 r->et.flags.pre_authent = 1;
2050 }
2051 }
2052 }
2053
2054 if (found_pa == 0) {
2055 Key *ckey = NULL;
2056 size_t n;
2057 krb5_boolean default_salt;
2058
2059 if (r->client->entry.flags.synthetic) {
2060 kdc_log(context, config, 4, "UNKNOWN -- %s", r->cname);
2061 ret = HDB_ERR_NOENTRY;
2062 goto out;
2063 }
2064
2065 for (n = 0; n < sizeof(pat) / sizeof(pat[0]); n++) {
2066 if ((pat[n].flags & PA_ANNOUNCE) == 0)
2067 continue;
2068 ret = krb5_padata_add(context, &error_method,
2069 pat[n].type, NULL, 0);
2070 if (ret)
2071 goto out;
2072 }
2073
2074 /*
2075 * If there is a client key, send ETYPE_INFO{,2}
2076 */
2077 ret = _kdc_find_etype(r, KFE_IS_PREAUTH|KFE_USE_CLIENT,
2078 b->etype.val, b->etype.len,
2079 NULL, &ckey, &default_salt);
2080 if (ret == 0) {
2081 ret = get_pa_etype_info_both(context, config, &b->etype,
2082 &error_method, ckey, !default_salt);
2083 if (ret)
2084 goto out;
2085 }
2086
2087 /*
2088 * send requre preauth is its required or anon is requested,
2089 * anon is today only allowed via preauth mechanisms.
2090 */
2091 if (require_preauth_p(r) || _kdc_is_anon_request(&r->req)) {
2092 ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
2093 _kdc_set_e_text(r, "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ");
2094 goto out;
2095 }
2096
2097 if (ckey == NULL) {
2098 ret = KRB5KDC_ERR_CLIENT_NOTYET;
2099 _kdc_set_e_text(r, "Doesn't have a client key available");
2100 goto out;
2101 }
2102 krb5_free_keyblock_contents(r->context, &r->reply_key);
2103 ret = krb5_copy_keyblock_contents(r->context, &ckey->key, &r->reply_key);
2104 if (ret)
2105 goto out;
2106 }
2107
2108 if (r->clientdb->hdb_auth_status) {
2109 r->clientdb->hdb_auth_status(context, r->clientdb, r->client,
2110 HDB_AUTH_SUCCESS);
2111 }
2112
2113 /*
2114 * Verify flags after the user been required to prove its identity
2115 * with in a preauth mech.
2116 */
2117
2118 ret = _kdc_check_access(r, req, &error_method);
2119 if(ret)
2120 goto out;
2121
2122 if (_kdc_is_anon_request(&r->req)) {
2123 ret = _kdc_check_anon_policy(r);
2124 if (ret) {
2125 _kdc_set_e_text(r, "Anonymous ticket requests are disabled");
2126 goto out;
2127 }
2128
2129 r->et.flags.anonymous = 1;
2130 }
2131
2132 /*
2133 * Select the best encryption type for the KDC with out regard to
2134 * the client since the client never needs to read that data.
2135 */
2136
2137 ret = _kdc_get_preferred_key(context, config,
2138 r->server, r->sname,
2139 &setype, &skey);
2140 if(ret)
2141 goto out;
2142
2143 if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey) {
2144 ret = KRB5KDC_ERR_BADOPTION;
2145 _kdc_set_e_text(r, "Bad KDC options");
2146 goto out;
2147 }
2148
2149 /*
2150 * Build reply
2151 */
2152
2153 rep.pvno = 5;
2154 rep.msg_type = krb_as_rep;
2155
2156 if (!config->historical_anon_realm &&
2157 _kdc_is_anonymous(context, r->client_princ)) {
2158 Realm anon_realm = KRB5_ANON_REALM;
2159 ret = copy_Realm(&anon_realm, &rep.crealm);
2160 } else if (f.canonicalize || r->client->entry.flags.force_canonicalize)
2161 ret = copy_Realm(&r->client->entry.principal->realm, &rep.crealm);
2162 else
2163 ret = copy_Realm(&r->client_princ->realm, &rep.crealm);
2164 if (ret)
2165 goto out;
2166 if (r->et.flags.anonymous)
2167 ret = _kdc_make_anonymous_principalname(&rep.cname);
2168 else if (f.canonicalize || r->client->entry.flags.force_canonicalize)
2169 ret = _krb5_principal2principalname(&rep.cname, r->client->entry.principal);
2170 else
2171 ret = _krb5_principal2principalname(&rep.cname, r->client_princ);
2172 if (ret)
2173 goto out;
2174
2175 rep.ticket.tkt_vno = 5;
2176 if (f.canonicalize || r->server->entry.flags.force_canonicalize)
2177 ret = copy_Realm(&r->server->entry.principal->realm, &rep.ticket.realm);
2178 else
2179 ret = copy_Realm(&r->server_princ->realm, &rep.ticket.realm);
2180 if (ret)
2181 goto out;
2182 if (f.canonicalize || r->server->entry.flags.force_canonicalize)
2183 _krb5_principal2principalname(&rep.ticket.sname,
2184 r->server->entry.principal);
2185 else
2186 _krb5_principal2principalname(&rep.ticket.sname,
2187 r->server_princ);
2188 /* java 1.6 expects the name to be the same type, lets allow that
2189 * uncomplicated name-types. */
2190 #define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
2191 if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
2192 rep.ticket.sname.name_type = b->sname->name_type;
2193 #undef CNT
2194
2195 r->et.flags.initial = 1;
2196 if(r->client->entry.flags.forwardable && r->server->entry.flags.forwardable)
2197 r->et.flags.forwardable = f.forwardable;
2198 if(r->client->entry.flags.proxiable && r->server->entry.flags.proxiable)
2199 r->et.flags.proxiable = f.proxiable;
2200 else if (f.proxiable) {
2201 _kdc_set_e_text(r, "Ticket may not be proxiable");
2202 ret = KRB5KDC_ERR_POLICY;
2203 goto out;
2204 }
2205 if(r->client->entry.flags.postdate && r->server->entry.flags.postdate)
2206 r->et.flags.may_postdate = f.allow_postdate;
2207 else if (f.allow_postdate){
2208 _kdc_set_e_text(r, "Ticket may not be postdate");
2209 ret = KRB5KDC_ERR_POLICY;
2210 goto out;
2211 }
2212
2213 if (b->addresses)
2214 _kdc_audit_addaddrs((kdc_request_t)r, b->addresses, "reqaddrs");
2215
2216 /* check for valid set of addresses */
2217 if (!_kdc_check_addresses(r, b->addresses, r->addr)) {
2218 if (r->config->warn_ticket_addresses) {
2219 _kdc_audit_addkv((kdc_request_t)r, 0, "wrongaddr", "yes");
2220 } else {
2221 _kdc_set_e_text(r, "Request from wrong address");
2222 ret = KRB5KRB_AP_ERR_BADADDR;
2223 goto out;
2224 }
2225 }
2226
2227 ret = copy_PrincipalName(&rep.cname, &r->et.cname);
2228 if (ret)
2229 goto out;
2230 ret = copy_Realm(&rep.crealm, &r->et.crealm);
2231 if (ret)
2232 goto out;
2233
2234 {
2235 time_t start;
2236 time_t t;
2237
2238 start = r->et.authtime = kdc_time;
2239
2240 if(f.postdated && req->req_body.from){
2241 ALLOC(r->et.starttime);
2242 start = *r->et.starttime = *req->req_body.from;
2243 r->et.flags.invalid = 1;
2244 r->et.flags.postdated = 1; /* XXX ??? */
2245 }
2246 _kdc_fix_time(&b->till);
2247 t = *b->till;
2248
2249 /* be careful not overflowing */
2250
2251 /*
2252 * Pre-auth can override r->client->entry.max_life if configured.
2253 *
2254 * See pre-auth methods, specifically PKINIT, which can get or derive
2255 * this from the client's certificate.
2256 */
2257 if (r->pa_max_life > 0)
2258 t = start + min(t - start, r->pa_max_life);
2259 else if (r->client->entry.max_life)
2260 t = start + min(t - start, *r->client->entry.max_life);
2261
2262 if (r->server->entry.max_life)
2263 t = start + min(t - start, *r->server->entry.max_life);
2264
2265 /* Pre-auth can bound endtime as well */
2266 if (r->pa_endtime > 0)
2267 t = start + min(t - start, r->pa_endtime);
2268 #if 0
2269 t = min(t, start + realm->max_life);
2270 #endif
2271 r->et.endtime = t;
2272 if(f.renewable_ok && r->et.endtime < *b->till){
2273 f.renewable = 1;
2274 if(b->rtime == NULL){
2275 ALLOC(b->rtime);
2276 *b->rtime = 0;
2277 }
2278 if(*b->rtime < *b->till)
2279 *b->rtime = *b->till;
2280 }
2281 if(f.renewable && b->rtime){
2282 t = *b->rtime;
2283 if(t == 0)
2284 t = MAX_TIME;
2285 if(r->client->entry.max_renew)
2286 t = start + min(t - start, *r->client->entry.max_renew);
2287 if(r->server->entry.max_renew)
2288 t = start + min(t - start, *r->server->entry.max_renew);
2289 #if 0
2290 t = min(t, start + realm->max_renew);
2291 #endif
2292 ALLOC(r->et.renew_till);
2293 *r->et.renew_till = t;
2294 r->et.flags.renewable = 1;
2295 }
2296 }
2297
2298 if(b->addresses){
2299 ALLOC(r->et.caddr);
2300 copy_HostAddresses(b->addresses, r->et.caddr);
2301 }
2302
2303 r->et.transited.tr_type = domain_X500_Compress;
2304 krb5_data_zero(&r->et.transited.contents);
2305
2306 /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
2307 * as 0 and as 0x80 (meaning indefinite length) apart, and is thus
2308 * incapable of correctly decoding SEQUENCE OF's of zero length.
2309 *
2310 * To fix this, always send at least one no-op last_req
2311 *
2312 * If there's a pw_end or valid_end we will use that,
2313 * otherwise just a dummy lr.
2314 */
2315 r->ek.last_req.val = malloc(2 * sizeof(*r->ek.last_req.val));
2316 if (r->ek.last_req.val == NULL) {
2317 ret = ENOMEM;
2318 goto out;
2319 }
2320 r->ek.last_req.len = 0;
2321 if (r->client->entry.pw_end
2322 && (config->kdc_warn_pwexpire == 0
2323 || kdc_time + config->kdc_warn_pwexpire >= *r->client->entry.pw_end)) {
2324 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_PW_EXPTIME;
2325 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.pw_end;
2326 ++r->ek.last_req.len;
2327 }
2328 if (r->client->entry.valid_end) {
2329 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_ACCT_EXPTIME;
2330 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.valid_end;
2331 ++r->ek.last_req.len;
2332 }
2333 if (r->ek.last_req.len == 0) {
2334 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_NONE;
2335 r->ek.last_req.val[r->ek.last_req.len].lr_value = 0;
2336 ++r->ek.last_req.len;
2337 }
2338 r->ek.nonce = b->nonce;
2339 if (r->client->entry.valid_end || r->client->entry.pw_end) {
2340 ALLOC(r->ek.key_expiration);
2341 if (r->client->entry.valid_end) {
2342 if (r->client->entry.pw_end)
2343 *r->ek.key_expiration = min(*r->client->entry.valid_end,
2344 *r->client->entry.pw_end);
2345 else
2346 *r->ek.key_expiration = *r->client->entry.valid_end;
2347 } else
2348 *r->ek.key_expiration = *r->client->entry.pw_end;
2349 } else
2350 r->ek.key_expiration = NULL;
2351 r->ek.flags = r->et.flags;
2352 r->ek.authtime = r->et.authtime;
2353 if (r->et.starttime) {
2354 ALLOC(r->ek.starttime);
2355 *r->ek.starttime = *r->et.starttime;
2356 }
2357 r->ek.endtime = r->et.endtime;
2358 if (r->et.renew_till) {
2359 ALLOC(r->ek.renew_till);
2360 *r->ek.renew_till = *r->et.renew_till;
2361 }
2362 ret = copy_Realm(&rep.ticket.realm, &r->ek.srealm);
2363 if (ret)
2364 goto out;
2365 ret = copy_PrincipalName(&rep.ticket.sname, &r->ek.sname);
2366 if (ret)
2367 goto out;
2368 if(r->et.caddr){
2369 ALLOC(r->ek.caddr);
2370 copy_HostAddresses(r->et.caddr, r->ek.caddr);
2371 }
2372
2373 /*
2374 * Check and session and reply keys
2375 */
2376
2377 if (r->session_key.keytype == ETYPE_NULL) {
2378 ret = krb5_generate_random_keyblock(context, r->sessionetype, &r->session_key);
2379 if (ret)
2380 goto out;
2381 }
2382
2383 if (r->reply_key.keytype == ETYPE_NULL) {
2384 _kdc_set_e_text(r, "Client have no reply key");
2385 ret = KRB5KDC_ERR_CLIENT_NOTYET;
2386 goto out;
2387 }
2388
2389 ret = copy_EncryptionKey(&r->session_key, &r->et.key);
2390 if (ret)
2391 goto out;
2392
2393 ret = copy_EncryptionKey(&r->session_key, &r->ek.key);
2394 if (ret)
2395 goto out;
2396
2397 if (r->outpadata.len) {
2398
2399 ALLOC(rep.padata);
2400 if (rep.padata == NULL) {
2401 ret = ENOMEM;
2402 goto out;
2403 }
2404 ret = copy_METHOD_DATA(&r->outpadata, rep.padata);
2405 if (ret)
2406 goto out;
2407 }
2408
2409 /* Add the PAC */
2410 if (send_pac_p(context, req) && !r->et.flags.anonymous) {
2411 generate_pac(r, skey);
2412 }
2413
2414 _kdc_log_timestamp(r, "AS-REQ", r->et.authtime,
2415 r->et.starttime, r->et.endtime,
2416 r->et.renew_till);
2417
2418 {
2419 krb5_principal client_principal;
2420
2421 ret = _krb5_principalname2krb5_principal(context, &client_principal,
2422 rep.cname, rep.crealm);
2423 if (ret)
2424 goto out;
2425
2426 /* do this as the last thing since this signs the EncTicketPart */
2427 ret = _kdc_add_KRB5SignedPath(context,
2428 config,
2429 r->server,
2430 setype,
2431 client_principal,
2432 NULL,
2433 NULL,
2434 &r->et);
2435 krb5_free_principal(context, client_principal);
2436 if (ret)
2437 goto out;
2438 }
2439
2440 _log_astgs_req(r, setype);
2441
2442 /*
2443 * We always say we support FAST/enc-pa-rep
2444 */
2445
2446 r->et.flags.enc_pa_rep = r->ek.flags.enc_pa_rep = 1;
2447
2448 /*
2449 * Add REQ_ENC_PA_REP if client supports it
2450 */
2451
2452 i = 0;
2453 pa = _kdc_find_padata(req, &i, KRB5_PADATA_REQ_ENC_PA_REP);
2454 if (pa) {
2455
2456 ret = add_enc_pa_rep(r);
2457 if (ret) {
2458 msg = krb5_get_error_message(r->context, ret);
2459 _kdc_r_log(r, 4, "add_enc_pa_rep failed: %s: %d", msg, ret);
2460 krb5_free_error_message(r->context, msg);
2461 goto out;
2462 }
2463 }
2464
2465 /*
2466 *
2467 */
2468
2469 ret = _kdc_encode_reply(context, config,
2470 r->armor_crypto, req->req_body.nonce,
2471 &rep, &r->et, &r->ek, setype,
2472 r->server->entry.kvno, &skey->key,
2473 r->client->entry.kvno,
2474 &r->reply_key, 0, &r->e_text, r->reply);
2475 if (ret)
2476 goto out;
2477
2478 /*
2479 * Check if message too large
2480 */
2481 if (r->datagram_reply && r->reply->length > config->max_datagram_reply_length) {
2482 krb5_data_free(r->reply);
2483 ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
2484 _kdc_set_e_text(r, "Reply packet too large");
2485 }
2486
2487 out:
2488 free_AS_REP(&rep);
2489
2490 /*
2491 * In case of a non proxy error, build an error message.
2492 */
2493 if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && r->reply->length == 0)
2494 ret = _kdc_fast_mk_error(r, &error_method,
2495 r->armor_crypto,
2496 &req->req_body,
2497 ret, r->e_text,
2498 r->server_princ,
2499 r->client_princ ?
2500 &r->client_princ->name : NULL,
2501 r->client_princ ?
2502 &r->client_princ->realm : NULL,
2503 NULL, NULL,
2504 r->reply);
2505
2506 free_EncTicketPart(&r->et);
2507 free_EncKDCRepPart(&r->ek);
2508 free_KDCFastState(&r->fast);
2509
2510 if (error_method.len)
2511 free_METHOD_DATA(&error_method);
2512 if (r->outpadata.len)
2513 free_METHOD_DATA(&r->outpadata);
2514 if (r->client_princ) {
2515 krb5_free_principal(context, r->client_princ);
2516 r->client_princ = NULL;
2517 }
2518 if (r->server_princ){
2519 krb5_free_principal(context, r->server_princ);
2520 r->server_princ = NULL;
2521 }
2522 if (r->client)
2523 _kdc_free_ent(context, r->client);
2524 if (r->server)
2525 _kdc_free_ent(context, r->server);
2526 if (r->armor_crypto) {
2527 krb5_crypto_destroy(r->context, r->armor_crypto);
2528 r->armor_crypto = NULL;
2529 }
2530 krb5_free_keyblock_contents(r->context, &r->reply_key);
2531 krb5_free_keyblock_contents(r->context, &r->session_key);
2532 return ret;
2533 }
2534
2535 /*
2536 * Add the AuthorizationData `data´ of `type´ to the last element in
2537 * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT
2538 */
2539
2540 krb5_error_code
2541 _kdc_tkt_add_if_relevant_ad(krb5_context context,
2542 EncTicketPart *tkt,
2543 int type,
2544 const krb5_data *data)
2545 {
2546 krb5_error_code ret;
2547 size_t size = 0;
2548
2549 if (tkt->authorization_data == NULL) {
2550 tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
2551 if (tkt->authorization_data == NULL) {
2552 krb5_set_error_message(context, ENOMEM, "out of memory");
2553 return ENOMEM;
2554 }
2555 }
2556
2557 /* add the entry to the last element */
2558 {
2559 AuthorizationData ad = { 0, NULL };
2560 AuthorizationDataElement ade;
2561
2562 ade.ad_type = type;
2563 ade.ad_data = *data;
2564
2565 ret = add_AuthorizationData(&ad, &ade);
2566 if (ret) {
2567 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2568 return ret;
2569 }
2570
2571 ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
2572
2573 ASN1_MALLOC_ENCODE(AuthorizationData,
2574 ade.ad_data.data, ade.ad_data.length,
2575 &ad, &size, ret);
2576 free_AuthorizationData(&ad);
2577 if (ret) {
2578 krb5_set_error_message(context, ret, "ASN.1 encode of "
2579 "AuthorizationData failed");
2580 return ret;
2581 }
2582 if (ade.ad_data.length != size)
2583 krb5_abortx(context, "internal asn.1 encoder error");
2584
2585 ret = add_AuthorizationData(tkt->authorization_data, &ade);
2586 der_free_octet_string(&ade.ad_data);
2587 if (ret) {
2588 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2589 return ret;
2590 }
2591 }
2592
2593 return 0;
2594 }
Heimdal