search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kdc: _kdc_find_etype prevent NULL dereference
[heimdal.git] / kuser / kimpersonate.c
blobb8b0edaf1302bfd1c0d30e501de3c78cfe9a8c66
1 /*
2 * Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kuser_locl.h"
35 #include <parse_units.h>
36
37 static char *client_principal_str = NULL;
38 static krb5_principal client_principal;
39 static char *server_principal_str = NULL;
40 static krb5_principal server_principal;
41
42 static char *ccache_str = NULL;
43
44 static char *ticket_flags_str = NULL;
45 static TicketFlags ticket_flags;
46 static char *keytab_file = NULL;
47 static char *enctype_string = NULL;
48 static char *session_enctype_string = NULL;
49 static int expiration_time = 3600;
50 static struct getarg_strings client_addresses;
51 static int version_flag = 0;
52 static int help_flag = 0;
53 static int use_krb5 = 1;
54 static int add_to_ccache = 0;
55 static int use_referral_realm = 0;
56
57 static const char *enc_type = "aes256-cts-hmac-sha1-96";
58 static const char *session_enc_type = NULL;
59
60 static void
61 encode_ticket(krb5_context context,
62 EncryptionKey *skey,
63 krb5_enctype etype,
64 int skvno,
65 krb5_creds *cred)
66 {
67 size_t len, size;
68 char *buf;
69 krb5_error_code ret;
70 krb5_crypto crypto;
71 EncryptedData enc_part;
72 EncTicketPart et;
73 Ticket ticket;
74
75 memset(&enc_part, 0, sizeof(enc_part));
76 memset(&ticket, 0, sizeof(ticket));
77
78 /*
79 * Set up `enc_part'
80 */
81
82 et.flags = cred->flags.b;
83 et.key = cred->session;
84 et.crealm = cred->client->realm;
85 et.cname = cred->client->name;
86 {
87 krb5_data empty_string;
88
89 krb5_data_zero(&empty_string);
90 et.transited.tr_type = domain_X500_Compress;
91 et.transited.contents = empty_string;
92 }
93 et.authtime = cred->times.authtime;
94 et.starttime = NULL;
95 et.endtime = cred->times.endtime;
96 et.renew_till = NULL;
97 et.caddr = &cred->addresses;
98 et.authorization_data = NULL; /* XXX allow random authorization_data */
99
100 /*
101 * Encrypt `enc_part' of ticket with service key
102 */
103
104 ASN1_MALLOC_ENCODE(EncTicketPart, buf, len, &et, &size, ret);
105 if (ret)
106 krb5_err(context, 1, ret, "EncTicketPart");
107
108 ret = krb5_crypto_init(context, skey, etype, &crypto);
109 if (ret)
110 krb5_err(context, 1, ret, "krb5_crypto_init");
111 ret = krb5_encrypt_EncryptedData(context,
112 crypto,
113 KRB5_KU_TICKET,
114 buf,
115 len,
116 skvno,
117 &ticket.enc_part);
118 if (ret)
119 krb5_err(context, 1, ret, "krb5_encrypt_EncryptedData");
120
121 free(buf);
122 krb5_crypto_destroy(context, crypto);
123
124 /*
125 * Encode ticket
126 */
127
128 ticket.tkt_vno = 5;
129 ticket.realm = cred->server->realm;
130 ticket.sname = cred->server->name;
131 ASN1_MALLOC_ENCODE(Ticket, cred->ticket.data, cred->ticket.length, &ticket, &size, ret);
132 free_EncryptedData(&ticket.enc_part);
133 if(ret)
134 krb5_err(context, 1, ret, "encode_Ticket");
135 }
136
137 /*
138 *
139 */
140
141 static int
142 create_krb5_tickets(krb5_context context, krb5_keytab kt)
143 {
144 krb5_error_code ret;
145 krb5_keytab_entry entry;
146 krb5_creds cred;
147 krb5_enctype etype;
148 krb5_enctype session_etype;
149 krb5_ccache ccache;
150
151 memset(&cred, 0, sizeof(cred));
152
153 ret = krb5_string_to_enctype(context, enc_type, &etype);
154 if (ret)
155 krb5_err (context, 1, ret, "krb5_string_to_enctype (enc-type)");
156 ret = krb5_string_to_enctype(context, session_enc_type, &session_etype);
157 if (ret)
158 krb5_err (context, 1, ret, "krb5_string_to_enctype (session-enc-type)");
159 ret = krb5_kt_get_entry(context, kt, server_principal, 0, etype, &entry);
160 if (ret)
161 krb5_err(context, 1, ret, "krb5_kt_get_entry (perhaps use different --enc-type)");
162
163 /*
164 * setup cred
165 */
166
167
168 ret = krb5_copy_principal(context, client_principal, &cred.client);
169 if (ret)
170 krb5_err(context, 1, ret, "krb5_copy_principal");
171 ret = krb5_copy_principal(context, server_principal, &cred.server);
172 if (ret)
173 krb5_err(context, 1, ret, "krb5_copy_principal");
174 krb5_generate_random_keyblock(context, session_etype, &cred.session);
175
176 cred.times.authtime = time(NULL);
177 cred.times.starttime = time(NULL);
178 cred.times.endtime = time(NULL) + expiration_time;
179 cred.times.renew_till = 0;
180 krb5_data_zero(&cred.second_ticket);
181
182 ret = krb5_get_all_client_addrs(context, &cred.addresses);
183 if (ret)
184 krb5_err(context, 1, ret, "krb5_get_all_client_addrs");
185 cred.flags.b = ticket_flags;
186
187
188 /*
189 * Encode encrypted part of ticket
190 */
191
192 encode_ticket(context, &entry.keyblock, etype, entry.vno, &cred);
193 krb5_kt_free_entry(context, &entry);
194
195 /*
196 * Write to cc
197 */
198
199 if (ccache_str) {
200 ret = krb5_cc_resolve(context, ccache_str, &ccache);
201 if (ret)
202 krb5_err(context, 1, ret, "krb5_cc_resolve");
203 } else {
204 ret = krb5_cc_default(context, &ccache);
205 if (ret)
206 krb5_err(context, 1, ret, "krb5_cc_default");
207 }
208
209 if (add_to_ccache) {
210 krb5_principal def_princ = NULL;
211
212 /*
213 * Force fcache to read the ccache header, otherwise the store
214 * will fail.
215 */
216 ret = krb5_cc_get_principal(context, ccache, &def_princ);
217 if (ret) {
218 krb5_warn(context, ret,
219 "Given ccache appears not to exist; initializing it");
220 ret = krb5_cc_initialize(context, ccache, cred.client);
221 if (ret)
222 krb5_err(context, 1, ret, "krb5_cc_initialize");
223 }
224 krb5_free_principal(context, def_princ);
225 } else {
226 ret = krb5_cc_initialize(context, ccache, cred.client);
227 if (ret)
228 krb5_err(context, 1, ret, "krb5_cc_initialize");
229 }
230
231 if (use_referral_realm &&
232 strcmp(krb5_principal_get_realm(context, cred.server), "") != 0) {
233 krb5_free_principal(context, cred.server);
234 ret = krb5_copy_principal(context, server_principal, &cred.server);
235 if (ret)
236 krb5_err(context, 1, ret, "krb5_copy_principal");
237 ret = krb5_principal_set_realm(context, cred.server, "");
238 if (ret)
239 krb5_err(context, 1, ret, "krb5_principal_set_realm");
240 ret = krb5_cc_store_cred(context, ccache, &cred);
241 if (ret)
242 krb5_err(context, 1, ret, "krb5_cc_store_cred");
243
244 krb5_free_principal(context, cred.server);
245 ret = krb5_copy_principal(context, server_principal, &cred.server);
246 if (ret)
247 krb5_err(context, 1, ret, "krb5_copy_principal");
248 }
249 ret = krb5_cc_store_cred(context, ccache, &cred);
250 if (ret)
251 krb5_err(context, 1, ret, "krb5_cc_store_cred");
252
253 krb5_free_cred_contents(context, &cred);
254 krb5_cc_close(context, ccache);
255
256 return 0;
257 }
258
259 /*
260 *
261 */
262
263 static void
264 setup_env(krb5_context context, krb5_keytab *kt)
265 {
266 krb5_error_code ret;
267
268 if (keytab_file)
269 ret = krb5_kt_resolve(context, keytab_file, kt);
270 else
271 ret = krb5_kt_default(context, kt);
272 if (ret)
273 krb5_err(context, 1, ret, "resolving keytab");
274
275 if (client_principal_str == NULL)
276 krb5_errx(context, 1, "missing client principal");
277 ret = krb5_parse_name(context, client_principal_str, &client_principal);
278 if (ret)
279 krb5_err(context, 1, ret, "resolvning client name");
280
281 if (server_principal_str == NULL)
282 krb5_errx(context, 1, "missing server principal");
283 ret = krb5_parse_name(context, server_principal_str, &server_principal);
284 if (ret)
285 krb5_err(context, 1, ret, "resolvning server name");
286
287 /* If no session-enc-type specified on command line and this is an afs */
288 /* service ticket, change default of session_enc_type to DES. */
289 if (session_enctype_string == NULL
290 && strcmp("afs", *server_principal->name.name_string.val) == 0)
291 session_enc_type = "des-cbc-crc";
292
293 if (ticket_flags_str) {
294 int ticket_flags_int;
295
296 ticket_flags_int = parse_flags(ticket_flags_str,
297 asn1_TicketFlags_units(), 0);
298 if (ticket_flags_int <= 0) {
299 krb5_warnx(context, "bad ticket flags: `%s'", ticket_flags_str);
300 print_flags_table(asn1_TicketFlags_units(), stderr);
301 exit(1);
302 }
303 if (ticket_flags_int)
304 ticket_flags = int2TicketFlags(ticket_flags_int);
305 }
306 }
307
308 /*
309 *
310 */
311
312 struct getargs args[] = {
313 { "ccache", 0, arg_string, &ccache_str,
314 "name of kerberos 5 credential cache", "cache-name"},
315 { "server", 's', arg_string, &server_principal_str,
316 "name of server principal", NULL },
317 { "client", 'c', arg_string, &client_principal_str,
318 "name of client principal", NULL },
319 { "keytab", 'k', arg_string, &keytab_file,
320 "name of keytab file", NULL },
321 { "krb5", '5', arg_flag, &use_krb5,
322 "create a kerberos 5 ticket", NULL },
323 { "add", 'A', arg_flag, &add_to_ccache,
324 "add to ccache without re-initializing it", NULL },
325 { "referral", 'R', arg_flag, &use_referral_realm,
326 "store an additional entry for the service with the empty realm", NULL },
327 { "expire-time", 'e', arg_integer, &expiration_time,
328 "lifetime of ticket in seconds", NULL },
329 { "client-addresses", 'a', arg_strings, &client_addresses,
330 "addresses of client", NULL },
331 { "enc-type", 't', arg_string, &enctype_string,
332 "encryption type", NULL },
333 { "session-enc-type", 0, arg_string,&session_enctype_string,
334 "encryption type", NULL },
335 { "ticket-flags", 'f', arg_string, &ticket_flags_str,
336 "ticket flags for krb5 ticket", NULL },
337 { "version", 0, arg_flag, &version_flag, "Print version",
338 NULL },
339 { "help", 0, arg_flag, &help_flag, NULL,
340 NULL }
341 };
342
343 static void
344 usage(int ret)
345 {
346 arg_printusage(args,
347 sizeof(args) / sizeof(args[0]),
348 NULL,
349 "");
350 exit(ret);
351 }
352
353 int
354 main(int argc, char **argv)
355 {
356 int optidx = 0;
357 krb5_error_code ret;
358 krb5_context context;
359 krb5_keytab kt;
360
361 setprogname(argv[0]);
362
363 ret = krb5_init_context(&context);
364 if (ret)
365 errx(1, "krb5_init_context failed: %u", ret);
366
367 if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
368 usage(1);
369
370 if (help_flag)
371 usage(0);
372
373 if (version_flag) {
374 print_version(NULL);
375 return 0;
376 }
377
378 if (enctype_string)
379 enc_type = enctype_string;
380 if (session_enctype_string)
381 session_enc_type = session_enctype_string;
382 else
383 session_enc_type = enc_type;
384
385 setup_env(context, &kt);
386
387 if (use_krb5)
388 create_krb5_tickets(context, kt);
389
390 krb5_kt_close(context, kt);
391 krb5_free_context(context);
392
393 return 0;
394 }
Heimdal