2 * Copyright (c) 1997-2011 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Portions Copyright (c) 2010 - 2011 Apple Inc. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 static krb5_error_code
39 get_fastuser_crypto(astgs_request_t r
, krb5_enctype enctype
,
42 krb5_principal fast_princ
;
43 hdb_entry_ex
*fast_user
= NULL
;
44 Key
*cookie_key
= NULL
;
49 ret
= krb5_make_principal(r
->context
, &fast_princ
,
50 KRB5_WELLKNOWN_ORG_H5L_REALM
,
51 KRB5_WELLKNOWN_NAME
, "org.h5l.fast-cookie", NULL
);
55 ret
= _kdc_db_fetch(r
->context
, r
->config
, fast_princ
,
56 HDB_F_GET_FAST_COOKIE
, NULL
, NULL
, &fast_user
);
57 krb5_free_principal(r
->context
, fast_princ
);
61 if (enctype
== KRB5_ENCTYPE_NULL
)
62 ret
= _kdc_get_preferred_key(r
->context
, r
->config
, fast_user
,
63 "fast-cookie", &enctype
, &cookie_key
);
65 ret
= hdb_enctype2key(r
->context
, &fast_user
->entry
, NULL
,
66 enctype
, &cookie_key
);
70 ret
= krb5_crypto_init(r
->context
, &cookie_key
->key
, 0, crypto
);
76 _kdc_free_ent(r
->context
, fast_user
);
82 static krb5_error_code
83 fast_parse_cookie(astgs_request_t r
, const PA_DATA
*pa
)
85 krb5_crypto crypto
= NULL
;
91 ret
= decode_KDCFastCookie(pa
->padata_value
.data
,
92 pa
->padata_value
.length
,
97 if (len
!= pa
->padata_value
.length
|| strcmp("H5L1", data
.version
) != 0) {
98 free_KDCFastCookie(&data
);
99 return KRB5KDC_ERR_POLICY
;
102 ret
= get_fastuser_crypto(r
, data
.cookie
.etype
, &crypto
);
106 ret
= krb5_decrypt_EncryptedData(r
->context
, crypto
,
109 krb5_crypto_destroy(r
->context
, crypto
);
113 ret
= decode_KDCFastState(d1
.data
, d1
.length
, &r
->fast
, &len
);
118 if (r
->fast
.expiration
< kdc_time
) {
119 kdc_log(r
->context
, r
->config
, 2, "fast cookie expired");
120 ret
= KRB5KDC_ERR_POLICY
;
125 free_KDCFastCookie(&data
);
130 static krb5_error_code
131 fast_add_cookie(astgs_request_t r
, METHOD_DATA
*method_data
)
133 krb5_crypto crypto
= NULL
;
139 memset(&shell
, 0, sizeof(shell
));
141 r
->fast
.expiration
= kdc_time
+ FAST_EXPIRATION_TIME
;
143 ASN1_MALLOC_ENCODE(KDCFastState
, data
.data
, data
.length
,
144 &r
->fast
, &size
, ret
);
147 heim_assert(size
== data
.length
, "internal asn1 encoder error");
149 ret
= get_fastuser_crypto(r
, KRB5_ENCTYPE_NULL
, &crypto
);
153 ret
= krb5_encrypt_EncryptedData(r
->context
, crypto
,
155 data
.data
, data
.length
, 0,
157 krb5_crypto_destroy(r
->context
, crypto
);
163 shell
.version
= "H5L1";
165 ASN1_MALLOC_ENCODE(KDCFastCookie
, data
.data
, data
.length
,
167 free_EncryptedData(&shell
.cookie
);
170 heim_assert(size
== data
.length
, "internal asn1 encoder error");
172 ret
= krb5_padata_add(r
->context
, method_data
,
173 KRB5_PADATA_FX_COOKIE
,
174 data
.data
, data
.length
);
182 _kdc_fast_mk_response(krb5_context context
,
183 krb5_crypto armor_crypto
,
184 METHOD_DATA
*pa_data
,
185 krb5_keyblock
*strengthen_key
,
186 KrbFastFinished
*finished
,
190 PA_FX_FAST_REPLY fxfastrep
;
191 KrbFastResponse fastrep
;
196 memset(&fxfastrep
, 0, sizeof(fxfastrep
));
197 memset(&fastrep
, 0, sizeof(fastrep
));
198 krb5_data_zero(data
);
201 fastrep
.padata
.val
= pa_data
->val
;
202 fastrep
.padata
.len
= pa_data
->len
;
204 fastrep
.strengthen_key
= strengthen_key
;
205 fastrep
.finished
= finished
;
206 fastrep
.nonce
= nonce
;
208 ASN1_MALLOC_ENCODE(KrbFastResponse
, buf
.data
, buf
.length
,
209 &fastrep
, &size
, ret
);
212 if (buf
.length
!= size
)
213 krb5_abortx(context
, "internal asn.1 error");
215 fxfastrep
.element
= choice_PA_FX_FAST_REPLY_armored_data
;
217 ret
= krb5_encrypt_EncryptedData(context
,
223 &fxfastrep
.u
.armored_data
.enc_fast_rep
);
224 krb5_data_free(&buf
);
228 ASN1_MALLOC_ENCODE(PA_FX_FAST_REPLY
, data
->data
, data
->length
,
229 &fxfastrep
, &size
, ret
);
230 free_PA_FX_FAST_REPLY(&fxfastrep
);
233 if (data
->length
!= size
)
234 krb5_abortx(context
, "internal asn.1 error");
241 _kdc_fast_mk_error(astgs_request_t r
,
242 METHOD_DATA
*error_method
,
243 krb5_crypto armor_crypto
,
244 const KDC_REQ_BODY
*req_body
,
245 krb5_error_code outer_error
,
247 krb5_principal error_server
,
248 const PrincipalName
*error_client_name
,
249 const Realm
*error_client_realm
,
250 time_t *csec
, int *cusec
,
251 krb5_data
*error_msg
)
253 krb5_context context
= r
->context
;
258 krb5_data_zero(&e_data
);
260 if (armor_crypto
|| (r
&& r
->fast
.fast_state
.len
)) {
262 ret
= fast_add_cookie(r
, error_method
);
264 ret
= krb5_padata_add(context
, error_method
,
265 KRB5_PADATA_FX_COOKIE
,
268 kdc_log(r
->context
, r
->config
, 1, "failed to add fast cookie with: %d", ret
);
269 free_METHOD_DATA(error_method
);
275 PA_FX_FAST_REPLY fxfastrep
;
276 KrbFastResponse fastrep
;
278 memset(&fxfastrep
, 0, sizeof(fxfastrep
));
279 memset(&fastrep
, 0, sizeof(fastrep
));
281 /* first add the KRB-ERROR to the fast errors */
283 ret
= krb5_mk_error_ext(context
,
296 ret
= krb5_padata_add(context
, error_method
,
297 KRB5_PADATA_FX_ERROR
,
298 e_data
.data
, e_data
.length
);
300 krb5_data_free(&e_data
);
304 error_client_name
= NULL
;
305 error_client_realm
= NULL
;
309 ret
= _kdc_fast_mk_response(context
, armor_crypto
,
310 error_method
, NULL
, NULL
,
311 req_body
->nonce
, &e_data
);
312 free_METHOD_DATA(error_method
);
316 ret
= krb5_padata_add(context
, error_method
,
318 e_data
.data
, e_data
.length
);
323 if (error_method
&& error_method
->len
) {
324 ASN1_MALLOC_ENCODE(METHOD_DATA
, e_data
.data
, e_data
.length
,
325 error_method
, &size
, ret
);
328 if (e_data
.length
!= size
)
329 krb5_abortx(context
, "internal asn.1 error");
332 ret
= krb5_mk_error_ext(context
,
335 (e_data
.length
? &e_data
: NULL
),
342 krb5_data_free(&e_data
);
347 static krb5_error_code
348 fast_unwrap_request(astgs_request_t r
)
350 krb5_principal armor_server
= NULL
;
351 hdb_entry_ex
*armor_user
= NULL
;
352 PA_FX_FAST_REQUEST fxreq
;
353 krb5_auth_context ac
= NULL
;
354 krb5_ticket
*ticket
= NULL
;
355 krb5_flags ap_req_options
;
356 Key
*armor_key
= NULL
;
357 krb5_keyblock armorkey
;
366 pa
= _kdc_find_padata(&r
->req
, &i
, KRB5_PADATA_FX_FAST
);
370 ret
= decode_PA_FX_FAST_REQUEST(pa
->padata_value
.data
,
371 pa
->padata_value
.length
,
376 if (len
!= pa
->padata_value
.length
) {
377 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
381 if (fxreq
.element
!= choice_PA_FX_FAST_REQUEST_armored_data
) {
382 kdc_log(r
->context
, r
->config
, 2,
383 "AS-REQ FAST contain unknown type: %d", (int)fxreq
.element
);
384 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
388 /* pull out armor key */
389 if (fxreq
.u
.armored_data
.armor
== NULL
) {
390 kdc_log(r
->context
, r
->config
, 2,
391 "AS-REQ armor missing");
392 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
396 if (fxreq
.u
.armored_data
.armor
->armor_type
!= 1) {
397 kdc_log(r
->context
, r
->config
, 2,
398 "AS-REQ armor type not ap-req");
399 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
403 ret
= krb5_decode_ap_req(r
->context
,
404 &fxreq
.u
.armored_data
.armor
->armor_value
,
407 kdc_log(r
->context
, r
->config
, 2, "AP-REQ decode failed");
411 /* Save that principal that was in the request */
412 ret
= _krb5_principalname2krb5_principal(r
->context
,
415 ap_req
.ticket
.realm
);
417 free_AP_REQ(&ap_req
);
421 ret
= _kdc_db_fetch(r
->context
, r
->config
, armor_server
,
423 | HDB_F_DELAY_NEW_KEYS
,
424 NULL
, NULL
, &armor_user
);
425 if(ret
== HDB_ERR_NOT_FOUND_HERE
) {
426 kdc_log(r
->context
, r
->config
, 5,
427 "armor key does not have secrets at this KDC, "
429 free_AP_REQ(&ap_req
);
432 free_AP_REQ(&ap_req
);
433 ret
= KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
;
437 ret
= hdb_enctype2key(r
->context
, &armor_user
->entry
, NULL
,
438 ap_req
.ticket
.enc_part
.etype
,
441 free_AP_REQ(&ap_req
);
445 ret
= krb5_verify_ap_req2(r
->context
, &ac
,
452 KRB5_KU_AP_REQ_AUTH
);
453 free_AP_REQ(&ap_req
);
457 if (ac
->remote_subkey
== NULL
) {
458 krb5_auth_con_free(r
->context
, ac
);
459 kdc_log(r
->context
, r
->config
, 2,
460 "FAST AP-REQ remote subkey missing");
461 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
465 ret
= _krb5_fast_armor_key(r
->context
,
470 krb5_auth_con_free(r
->context
, ac
);
471 krb5_free_ticket(r
->context
, ticket
);
475 krb5_free_keyblock_contents(r
->context
, &armorkey
);
477 /* verify req-checksum of the outer body */
478 ret
= krb5_verify_checksum(r
->context
, r
->armor_crypto
,
479 KRB5_KU_FAST_REQ_CHKSUM
,
480 r
->req
.req_body
._save
.data
,
481 r
->req
.req_body
._save
.length
,
482 &fxreq
.u
.armored_data
.req_checksum
);
484 kdc_log(r
->context
, r
->config
, 2,
485 "FAST request have a bad checksum");
489 ret
= krb5_decrypt_EncryptedData(r
->context
, r
->armor_crypto
,
491 &fxreq
.u
.armored_data
.enc_fast_req
,
494 kdc_log(r
->context
, r
->config
, 2,
495 "Failed to decrypt FAST request");
499 ret
= decode_KrbFastReq(data
.data
, data
.length
, &fastreq
, &size
);
501 krb5_data_free(&data
);
504 if (data
.length
!= size
) {
505 krb5_data_free(&data
);
506 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
509 krb5_data_free(&data
);
511 free_KDC_REQ_BODY(&r
->req
.req_body
);
512 ret
= copy_KDC_REQ_BODY(&fastreq
.req_body
, &r
->req
.req_body
);
516 /* check for unsupported mandatory options */
517 if (FastOptions2int(fastreq
.fast_options
) & 0xfffc) {
518 kdc_log(r
->context
, r
->config
, 2,
519 "FAST unsupported mandatory option set");
520 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
524 /* KDC MUST ignore outer pa data preauth-14 - 6.5.5 */
526 free_METHOD_DATA(r
->req
.padata
);
528 ALLOC(r
->req
.padata
);
530 ret
= copy_METHOD_DATA(&fastreq
.padata
, r
->req
.padata
);
534 free_KrbFastReq(&fastreq
);
535 free_PA_FX_FAST_REQUEST(&fxreq
);
539 krb5_free_principal(r
->context
, armor_server
);
541 _kdc_free_ent(r
->context
, armor_user
);
547 _kdc_fast_unwrap_request(astgs_request_t r
)
553 ret
= fast_unwrap_request(r
);
558 * Non-FAST mechanisms may use FX-COOKIE to manage state.
560 pa
= _kdc_find_padata(&r
->req
, &i
, KRB5_PADATA_FX_COOKIE
);
562 ret
= fast_parse_cookie(r
, pa
);
571 _kdc_free_fast_state(KDCFastState
*state
)
575 for (i
= 0; i
< state
->fast_state
.len
; i
++) {
576 PA_DATA
*pa
= &state
->fast_state
.val
[i
];
578 if (pa
->padata_value
.data
)
579 memset_s(pa
->padata_value
.data
, 0,
580 pa
->padata_value
.length
, pa
->padata_value
.length
);
582 free_KDCFastState(state
);