search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Misc last newline fixes
[heimdal.git] / kdc / kerberos5.c
blob95a74927f78a749a645823d37cf59a5dffecab80
1 /*
2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kdc_locl.h"
35
36 #define MAX_TIME ((time_t)((1U << 31) - 1))
37
38 void
39 _kdc_fix_time(time_t **t)
40 {
41 if(*t == NULL){
42 ALLOC(*t);
43 **t = MAX_TIME;
44 }
45 if(**t == 0) **t = MAX_TIME; /* fix for old clients */
46 }
47
48 static int
49 realloc_method_data(METHOD_DATA *md)
50 {
51 PA_DATA *pa;
52 pa = realloc(md->val, (md->len + 1) * sizeof(*md->val));
53 if(pa == NULL)
54 return ENOMEM;
55 md->val = pa;
56 md->len++;
57 return 0;
58 }
59
60 static void
61 set_salt_padata(METHOD_DATA *md, Salt *salt)
62 {
63 if (salt) {
64 realloc_method_data(md);
65 md->val[md->len - 1].padata_type = salt->type;
66 der_copy_octet_string(&salt->salt,
67 &md->val[md->len - 1].padata_value);
68 }
69 }
70
71 const PA_DATA*
72 _kdc_find_padata(const KDC_REQ *req, int *start, int type)
73 {
74 if (req->padata == NULL)
75 return NULL;
76
77 while((size_t)*start < req->padata->len){
78 (*start)++;
79 if(req->padata->val[*start - 1].padata_type == (unsigned)type)
80 return &req->padata->val[*start - 1];
81 }
82 return NULL;
83 }
84
85 /*
86 * This is a hack to allow predefined weak services, like afs to
87 * still use weak types
88 */
89
90 krb5_boolean
91 _kdc_is_weak_exception(krb5_principal principal, krb5_enctype etype)
92 {
93 if (principal->name.name_string.len > 0 &&
94 strcmp(principal->name.name_string.val[0], "afs") == 0 &&
95 (etype == (krb5_enctype)ETYPE_DES_CBC_CRC
96 || etype == (krb5_enctype)ETYPE_DES_CBC_MD4
97 || etype == (krb5_enctype)ETYPE_DES_CBC_MD5))
98 return TRUE;
99 return FALSE;
100 }
101
102
103 /*
104 * Detect if `key' is the using the the precomputed `default_salt'.
105 */
106
107 static krb5_boolean
108 is_default_salt_p(const krb5_salt *default_salt, const Key *key)
109 {
110 if (key->salt == NULL)
111 return TRUE;
112 if (default_salt->salttype != key->salt->type)
113 return FALSE;
114 if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
115 return FALSE;
116 return TRUE;
117 }
118
119 /*
120 * return the first appropriate key of `princ' in `ret_key'. Look for
121 * all the etypes in (`etypes', `len'), stopping as soon as we find
122 * one, but preferring one that has default salt.
123 */
124
125 krb5_error_code
126 _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
127 krb5_boolean is_preauth, hdb_entry_ex *princ,
128 krb5_enctype *etypes, unsigned len,
129 krb5_enctype *ret_enctype, Key **ret_key)
130 {
131 krb5_error_code ret;
132 krb5_salt def_salt;
133 krb5_enctype enctype = (krb5_enctype)ETYPE_NULL;
134 const krb5_enctype *p;
135 Key *key = NULL;
136 int i, k;
137
138 /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
139 ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt);
140 if (ret)
141 return ret;
142
143 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
144
145 if (use_strongest_session_key) {
146
147 /*
148 * Pick the strongest key that the KDC, target service, and
149 * client all support, using the local cryptosystem enctype
150 * list in strongest-to-weakest order to drive the search.
151 *
152 * This is not what RFC4120 says to do, but it encourages
153 * adoption of stronger enctypes. This doesn't play well with
154 * clients that have multiple Kerberos client implementations
155 * available with different supported enctype lists.
156 */
157
158 /* drive the search with local supported enctypes list */
159 p = krb5_kerberos_enctypes(context);
160 for (i = 0;
161 p[i] != (krb5_enctype)ETYPE_NULL && enctype == (krb5_enctype)ETYPE_NULL;
162 i++) {
163 if (krb5_enctype_valid(context, p[i]) != 0 &&
164 !_kdc_is_weak_exception(princ->entry.principal, p[i]))
165 continue;
166
167 /* check that the client supports it too */
168 for (k = 0; k < len && enctype == (krb5_enctype)ETYPE_NULL; k++) {
169
170 if (p[i] != etypes[k])
171 continue;
172
173 /* check target princ support */
174 key = NULL;
175 while (hdb_next_enctype2key(context, &princ->entry, NULL,
176 p[i], &key) == 0) {
177 if (key->key.keyvalue.length == 0) {
178 ret = KRB5KDC_ERR_NULL_KEY;
179 continue;
180 }
181 enctype = p[i];
182 ret = 0;
183 if (is_preauth && ret_key != NULL &&
184 !is_default_salt_p(&def_salt, key))
185 continue;
186 }
187 }
188 }
189 } else {
190 /*
191 * Pick the first key from the client's enctype list that is
192 * supported by the cryptosystem and by the given principal.
193 *
194 * RFC4120 says we SHOULD pick the first _strong_ key from the
195 * client's list... not the first key... If the admin disallows
196 * weak enctypes in krb5.conf and selects this key selection
197 * algorithm, then we get exactly what RFC4120 says.
198 */
199 for(i = 0; ret != 0 && i < len; i++) {
200
201 if (krb5_enctype_valid(context, etypes[i]) != 0 &&
202 !_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
203 continue;
204
205 key = NULL;
206 while (ret != 0 &&
207 hdb_next_enctype2key(context, &princ->entry, NULL,
208 etypes[i], &key) == 0) {
209 if (key->key.keyvalue.length == 0) {
210 ret = KRB5KDC_ERR_NULL_KEY;
211 continue;
212 }
213 enctype = etypes[i];
214 ret = 0;
215 if (is_preauth && ret_key != NULL &&
216 !is_default_salt_p(&def_salt, key))
217 continue;
218 }
219 }
220 }
221
222 if (enctype == (krb5_enctype)ETYPE_NULL) {
223 /*
224 * if the service principal is one for which there is a known 1DES
225 * exception and no other enctype matches both the client request and
226 * the service key list, provide a DES-CBC-CRC key.
227 */
228 if (ret_key == NULL &&
229 _kdc_is_weak_exception(princ->entry.principal, ETYPE_DES_CBC_CRC)) {
230 ret = 0;
231 enctype = ETYPE_DES_CBC_CRC;
232 } else {
233 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
234 }
235 }
236
237 if (ret == 0) {
238 if (ret_enctype != NULL)
239 *ret_enctype = enctype;
240 if (ret_key != NULL)
241 *ret_key = key;
242 }
243
244 krb5_free_salt (context, def_salt);
245 return ret;
246 }
247
248 krb5_error_code
249 _kdc_make_anonymous_principalname (PrincipalName *pn)
250 {
251 pn->name_type = KRB5_NT_PRINCIPAL;
252 pn->name_string.len = 1;
253 pn->name_string.val = malloc(sizeof(*pn->name_string.val));
254 if (pn->name_string.val == NULL)
255 return ENOMEM;
256 pn->name_string.val[0] = strdup("anonymous");
257 if (pn->name_string.val[0] == NULL) {
258 free(pn->name_string.val);
259 pn->name_string.val = NULL;
260 return ENOMEM;
261 }
262 return 0;
263 }
264
265 static void
266 _kdc_r_log(kdc_request_t r, int level, const char *fmt, ...)
267 {
268 va_list ap;
269 char *s;
270 va_start(ap, fmt);
271 s = kdc_log_msg_va(r->context, r->config, level, fmt, ap);
272 if(s) free(s);
273 va_end(ap);
274 }
275
276 static void
277 _kdc_set_e_text(kdc_request_t r, const char *e_text)
278 {
279 r->e_text = e_text;
280 kdc_log(r->context, r->config, 0, "%s", e_text);
281 }
282
283 void
284 _kdc_log_timestamp(krb5_context context,
285 krb5_kdc_configuration *config,
286 const char *type,
287 KerberosTime authtime, KerberosTime *starttime,
288 KerberosTime endtime, KerberosTime *renew_till)
289 {
290 char authtime_str[100], starttime_str[100],
291 endtime_str[100], renewtime_str[100];
292
293 krb5_format_time(context, authtime,
294 authtime_str, sizeof(authtime_str), TRUE);
295 if (starttime)
296 krb5_format_time(context, *starttime,
297 starttime_str, sizeof(starttime_str), TRUE);
298 else
299 strlcpy(starttime_str, "unset", sizeof(starttime_str));
300 krb5_format_time(context, endtime,
301 endtime_str, sizeof(endtime_str), TRUE);
302 if (renew_till)
303 krb5_format_time(context, *renew_till,
304 renewtime_str, sizeof(renewtime_str), TRUE);
305 else
306 strlcpy(renewtime_str, "unset", sizeof(renewtime_str));
307
308 kdc_log(context, config, 5,
309 "%s authtime: %s starttime: %s endtime: %s renew till: %s",
310 type, authtime_str, starttime_str, endtime_str, renewtime_str);
311 }
312
313 /*
314 *
315 */
316
317 #ifdef PKINIT
318
319 static krb5_error_code
320 pa_pkinit_validate(kdc_request_t r, const PA_DATA *pa)
321 {
322 pk_client_params *pkp = NULL;
323 char *client_cert = NULL;
324 krb5_error_code ret;
325
326 ret = _kdc_pk_rd_padata(r->context, r->config, &r->req, pa, r->client, &pkp);
327 if (ret || pkp == NULL) {
328 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
329 _kdc_r_log(r, 5, "Failed to decode PKINIT PA-DATA -- %s",
330 r->client_name);
331 goto out;
332 }
333
334 ret = _kdc_pk_check_client(r->context,
335 r->config,
336 r->clientdb,
337 r->client,
338 pkp,
339 &client_cert);
340 if (ret) {
341 _kdc_set_e_text(r, "PKINIT certificate not allowed to "
342 "impersonate principal");
343 goto out;
344 }
345
346 _kdc_r_log(r, 0, "PKINIT pre-authentication succeeded -- %s using %s",
347 r->client_name, client_cert);
348 free(client_cert);
349
350 ret = _kdc_pk_mk_pa_reply(r->context, r->config, pkp, r->client,
351 r->sessionetype, &r->req, &r->request,
352 &r->reply_key, &r->session_key, &r->outpadata);
353 if (ret) {
354 _kdc_set_e_text(r, "Failed to build PK-INIT reply");
355 goto out;
356 }
357 #if 0
358 ret = _kdc_add_inital_verified_cas(r->context, r->config,
359 pkp, &r->et);
360 #endif
361 out:
362 if (pkp)
363 _kdc_pk_free_client_param(r->context, pkp);
364
365 return ret;
366 }
367
368 #endif /* PKINIT */
369
370 /*
371 *
372 */
373
374 static krb5_error_code
375 make_pa_enc_challange(krb5_context context, METHOD_DATA *md,
376 krb5_crypto crypto)
377 {
378 PA_ENC_TS_ENC p;
379 unsigned char *buf;
380 size_t buf_size;
381 size_t len;
382 EncryptedData encdata;
383 krb5_error_code ret;
384 int32_t usec;
385 int usec2;
386
387 krb5_us_timeofday (context, &p.patimestamp, &usec);
388 usec2 = usec;
389 p.pausec = &usec2;
390
391 ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
392 if (ret)
393 return ret;
394 if(buf_size != len)
395 krb5_abortx(context, "internal error in ASN.1 encoder");
396
397 ret = krb5_encrypt_EncryptedData(context,
398 crypto,
399 KRB5_KU_ENC_CHALLENGE_KDC,
400 buf,
401 len,
402 0,
403 &encdata);
404 free(buf);
405 if (ret)
406 return ret;
407
408 ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
409 free_EncryptedData(&encdata);
410 if (ret)
411 return ret;
412 if(buf_size != len)
413 krb5_abortx(context, "internal error in ASN.1 encoder");
414
415 ret = krb5_padata_add(context, md, KRB5_PADATA_ENCRYPTED_CHALLENGE, buf, len);
416 if (ret)
417 free(buf);
418 return ret;
419 }
420
421 static krb5_error_code
422 pa_enc_chal_validate(kdc_request_t r, const PA_DATA *pa)
423 {
424 krb5_data pepper1, pepper2, ts_data;
425 KDC_REQ_BODY *b = &r->req.req_body;
426 int invalidPassword = 0;
427 EncryptedData enc_data;
428 krb5_enctype aenctype;
429 krb5_error_code ret;
430 struct Key *k;
431 size_t size;
432 int i;
433
434 heim_assert(r->armor_crypto != NULL, "ENC-CHAL called for non FAST");
435
436 if (_kdc_is_anon_request(b)) {
437 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
438 kdc_log(r->context, r->config, 0, "ENC-CHALL doesn't support anon");
439 return ret;
440 }
441
442 ret = decode_EncryptedData(pa->padata_value.data,
443 pa->padata_value.length,
444 &enc_data,
445 &size);
446 if (ret) {
447 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
448 _kdc_r_log(r, 5, "Failed to decode PA-DATA -- %s",
449 r->client_name);
450 return ret;
451 }
452
453 pepper1.data = "clientchallengearmor";
454 pepper1.length = strlen(pepper1.data);
455 pepper2.data = "challengelongterm";
456 pepper2.length = strlen(pepper2.data);
457
458 krb5_crypto_getenctype(r->context, r->armor_crypto, &aenctype);
459
460 for (i = 0; i < r->client->entry.keys.len; i++) {
461 krb5_crypto challangecrypto, longtermcrypto;
462 krb5_keyblock challangekey;
463 PA_ENC_TS_ENC p;
464
465 k = &r->client->entry.keys.val[i];
466
467 ret = krb5_crypto_init(r->context, &k->key, 0, &longtermcrypto);
468 if (ret)
469 continue;
470
471 ret = krb5_crypto_fx_cf2(r->context, r->armor_crypto, longtermcrypto,
472 &pepper1, &pepper2, aenctype,
473 &challangekey);
474 krb5_crypto_destroy(r->context, longtermcrypto);
475 if (ret)
476 continue;
477
478 ret = krb5_crypto_init(r->context, &challangekey, 0,
479 &challangecrypto);
480 if (ret)
481 continue;
482
483 ret = krb5_decrypt_EncryptedData(r->context, challangecrypto,
484 KRB5_KU_ENC_CHALLENGE_CLIENT,
485 &enc_data,
486 &ts_data);
487 if (ret) {
488 const char *msg = krb5_get_error_message(r->context, ret);
489 krb5_error_code ret2;
490 char *str = NULL;
491
492 invalidPassword = 1;
493
494 ret2 = krb5_enctype_to_string(r->context, k->key.keytype, &str);
495 if (ret2)
496 str = NULL;
497 _kdc_r_log(r, 5, "Failed to decrypt ENC-CHAL -- %s "
498 "(enctype %s) error %s",
499 r->client_name, str ? str : "unknown enctype", msg);
500 krb5_free_error_message(r->context, msg);
501 free(str);
502
503 continue;
504 }
505
506 ret = decode_PA_ENC_TS_ENC(ts_data.data,
507 ts_data.length,
508 &p,
509 &size);
510 krb5_data_free(&ts_data);
511 if(ret){
512 krb5_crypto_destroy(r->context, challangecrypto);
513 ret = KRB5KDC_ERR_PREAUTH_FAILED;
514 _kdc_r_log(r, 5, "Failed to decode PA-ENC-TS_ENC -- %s",
515 r->client_name);
516 continue;
517 }
518
519 if (labs(kdc_time - p.patimestamp) > r->context->max_skew) {
520 char client_time[100];
521
522 krb5_crypto_destroy(r->context, challangecrypto);
523
524 krb5_format_time(r->context, p.patimestamp,
525 client_time, sizeof(client_time), TRUE);
526
527 ret = KRB5KRB_AP_ERR_SKEW;
528 _kdc_r_log(r, 0, "Too large time skew, "
529 "client time %s is out by %u > %u seconds -- %s",
530 client_time,
531 (unsigned)labs(kdc_time - p.patimestamp),
532 r->context->max_skew,
533 r->client_name);
534
535 free_PA_ENC_TS_ENC(&p);
536 goto out;
537 }
538
539 free_PA_ENC_TS_ENC(&p);
540
541 ret = make_pa_enc_challange(r->context, &r->outpadata,
542 challangecrypto);
543 krb5_crypto_destroy(r->context, challangecrypto);
544 if (ret)
545 goto out;
546
547 set_salt_padata(&r->outpadata, k->salt);
548 krb5_free_keyblock_contents(r->context, &r->reply_key);
549 ret = krb5_copy_keyblock_contents(r->context, &k->key, &r->reply_key);
550 if (ret)
551 goto out;
552
553 /*
554 * Success
555 */
556 if (r->clientdb->hdb_auth_status)
557 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
558 HDB_AUTH_SUCCESS);
559 goto out;
560 }
561
562 if (invalidPassword && r->clientdb->hdb_auth_status) {
563 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
564 HDB_AUTH_WRONG_PASSWORD);
565 ret = KRB5KDC_ERR_PREAUTH_FAILED;
566 }
567 out:
568 free_EncryptedData(&enc_data);
569
570 return ret;
571 }
572
573 static krb5_error_code
574 pa_enc_ts_validate(kdc_request_t r, const PA_DATA *pa)
575 {
576 EncryptedData enc_data;
577 krb5_error_code ret;
578 krb5_crypto crypto;
579 krb5_data ts_data;
580 PA_ENC_TS_ENC p;
581 size_t len;
582 Key *pa_key;
583 char *str;
584
585 if (_kdc_is_anon_request(&r->req.req_body)) {
586 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
587 _kdc_set_e_text(r, "ENC-TS doesn't support anon");
588 goto out;
589 }
590
591 ret = decode_EncryptedData(pa->padata_value.data,
592 pa->padata_value.length,
593 &enc_data,
594 &len);
595 if (ret) {
596 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
597 _kdc_r_log(r, 5, "Failed to decode PA-DATA -- %s",
598 r->client_name);
599 goto out;
600 }
601
602 ret = hdb_enctype2key(r->context, &r->client->entry, NULL,
603 enc_data.etype, &pa_key);
604 if(ret){
605 char *estr;
606 _kdc_set_e_text(r, "No key matching entype");
607 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
608 if(krb5_enctype_to_string(r->context, enc_data.etype, &estr))
609 estr = NULL;
610 if(estr == NULL)
611 _kdc_r_log(r, 5,
612 "No client key matching pa-data (%d) -- %s",
613 enc_data.etype, r->client_name);
614 else
615 _kdc_r_log(r, 5,
616 "No client key matching pa-data (%s) -- %s",
617 estr, r->client_name);
618 free(estr);
619 free_EncryptedData(&enc_data);
620 goto out;
621 }
622
623 try_next_key:
624 ret = krb5_crypto_init(r->context, &pa_key->key, 0, &crypto);
625 if (ret) {
626 const char *msg = krb5_get_error_message(r->context, ret);
627 _kdc_r_log(r, 0, "krb5_crypto_init failed: %s", msg);
628 krb5_free_error_message(r->context, msg);
629 free_EncryptedData(&enc_data);
630 goto out;
631 }
632
633 ret = krb5_decrypt_EncryptedData (r->context,
634 crypto,
635 KRB5_KU_PA_ENC_TIMESTAMP,
636 &enc_data,
637 &ts_data);
638 krb5_crypto_destroy(r->context, crypto);
639 /*
640 * Since the user might have several keys with the same
641 * enctype but with diffrent salting, we need to try all
642 * the keys with the same enctype.
643 */
644 if(ret){
645 krb5_error_code ret2;
646 const char *msg = krb5_get_error_message(r->context, ret);
647
648 ret2 = krb5_enctype_to_string(r->context,
649 pa_key->key.keytype, &str);
650 if (ret2)
651 str = NULL;
652 _kdc_r_log(r, 5, "Failed to decrypt PA-DATA -- %s "
653 "(enctype %s) error %s",
654 r->client_name, str ? str : "unknown enctype", msg);
655 krb5_free_error_message(r->context, msg);
656 free(str);
657
658 if(hdb_next_enctype2key(r->context, &r->client->entry, NULL,
659 enc_data.etype, &pa_key) == 0)
660 goto try_next_key;
661
662 free_EncryptedData(&enc_data);
663
664 if (r->clientdb->hdb_auth_status)
665 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
666 HDB_AUTH_WRONG_PASSWORD);
667
668 ret = KRB5KDC_ERR_PREAUTH_FAILED;
669 goto out;
670 }
671 free_EncryptedData(&enc_data);
672 ret = decode_PA_ENC_TS_ENC(ts_data.data,
673 ts_data.length,
674 &p,
675 &len);
676 krb5_data_free(&ts_data);
677 if(ret){
678 ret = KRB5KDC_ERR_PREAUTH_FAILED;
679 _kdc_r_log(r, 5, "Failed to decode PA-ENC-TS_ENC -- %s",
680 r->client_name);
681 goto out;
682 }
683 if (labs(kdc_time - p.patimestamp) > r->context->max_skew) {
684 char client_time[100];
685
686 krb5_format_time(r->context, p.patimestamp,
687 client_time, sizeof(client_time), TRUE);
688
689 ret = KRB5KRB_AP_ERR_SKEW;
690 _kdc_r_log(r, 0, "Too large time skew, "
691 "client time %s is out by %u > %u seconds -- %s",
692 client_time,
693 (unsigned)labs(kdc_time - p.patimestamp),
694 r->context->max_skew,
695 r->client_name);
696
697 /*
698 * The following is needed to make windows clients to
699 * retry using the timestamp in the error message, if
700 * there is a e_text, they become unhappy.
701 */
702 r->e_text = NULL;
703 free_PA_ENC_TS_ENC(&p);
704 goto out;
705 }
706 free_PA_ENC_TS_ENC(&p);
707
708 set_salt_padata(&r->outpadata, pa_key->salt);
709
710 ret = krb5_copy_keyblock_contents(r->context, &pa_key->key, &r->reply_key);
711 if (ret)
712 return ret;
713
714 ret = krb5_enctype_to_string(r->context, pa_key->key.keytype, &str);
715 if (ret)
716 str = NULL;
717 _kdc_r_log(r, 2, "ENC-TS Pre-authentication succeeded -- %s using %s",
718 r->client_name, str ? str : "unknown enctype");
719 free(str);
720
721 ret = 0;
722
723 out:
724
725 return ret;
726 }
727
728 struct kdc_patypes {
729 int type;
730 char *name;
731 unsigned int flags;
732 #define PA_ANNOUNCE 1
733 #define PA_REQ_FAST 2 /* only use inside fast */
734 krb5_error_code (*validate)(kdc_request_t, const PA_DATA *pa);
735 };
736
737 static const struct kdc_patypes pat[] = {
738 #ifdef PKINIT
739 {
740 KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)", PA_ANNOUNCE,
741 pa_pkinit_validate
742 },
743 {
744 KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", PA_ANNOUNCE,
745 pa_pkinit_validate
746 },
747 {
748 KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", PA_ANNOUNCE,
749 NULL
750 },
751 #else
752 { KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)", 0, NULL },
753 { KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", 0, NULL },
754 { KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", 0, NULL },
755 #endif
756 { KRB5_PADATA_PA_PK_OCSP_RESPONSE , "OCSP", 0, NULL },
757 {
758 KRB5_PADATA_ENC_TIMESTAMP , "ENC-TS",
759 PA_ANNOUNCE,
760 pa_enc_ts_validate
761 },
762 {
763 KRB5_PADATA_ENCRYPTED_CHALLENGE , "ENC-CHAL",
764 PA_ANNOUNCE | PA_REQ_FAST,
765 pa_enc_chal_validate
766 },
767 { KRB5_PADATA_REQ_ENC_PA_REP , "REQ-ENC-PA-REP", 0, NULL },
768 { KRB5_PADATA_FX_FAST, "FX-FAST", PA_ANNOUNCE, NULL },
769 { KRB5_PADATA_FX_ERROR, "FX-ERROR", 0, NULL },
770 { KRB5_PADATA_FX_COOKIE, "FX-COOKIE", 0, NULL }
771 };
772
773 static void
774 log_patypes(krb5_context context,
775 krb5_kdc_configuration *config,
776 METHOD_DATA *padata)
777 {
778 struct rk_strpool *p = NULL;
779 char *str;
780 size_t n, m;
781
782 for (n = 0; n < padata->len; n++) {
783 for (m = 0; m < sizeof(pat) / sizeof(pat[0]); m++) {
784 if (padata->val[n].padata_type == pat[m].type) {
785 p = rk_strpoolprintf(p, "%s", pat[m].name);
786 break;
787 }
788 }
789 if (m == sizeof(pat) / sizeof(pat[0]))
790 p = rk_strpoolprintf(p, "%d", padata->val[n].padata_type);
791 if (p && n + 1 < padata->len)
792 p = rk_strpoolprintf(p, ", ");
793 if (p == NULL) {
794 kdc_log(context, config, 0, "out of memory");
795 return;
796 }
797 }
798 if (p == NULL)
799 p = rk_strpoolprintf(p, "none");
800
801 str = rk_strpoolcollect(p);
802 kdc_log(context, config, 0, "Client sent patypes: %s", str);
803 free(str);
804 }
805
806 /*
807 *
808 */
809
810 krb5_error_code
811 _kdc_encode_reply(krb5_context context,
812 krb5_kdc_configuration *config,
813 krb5_crypto armor_crypto, uint32_t nonce,
814 KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
815 krb5_enctype etype,
816 int skvno, const EncryptionKey *skey,
817 int ckvno, const EncryptionKey *reply_key,
818 int rk_is_subkey,
819 const char **e_text,
820 krb5_data *reply)
821 {
822 unsigned char *buf;
823 size_t buf_size;
824 size_t len = 0;
825 krb5_error_code ret;
826 krb5_crypto crypto;
827
828 ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
829 if(ret) {
830 const char *msg = krb5_get_error_message(context, ret);
831 kdc_log(context, config, 0, "Failed to encode ticket: %s", msg);
832 krb5_free_error_message(context, msg);
833 return ret;
834 }
835 if(buf_size != len)
836 krb5_abortx(context, "Internal error in ASN.1 encoder");
837
838 ret = krb5_crypto_init(context, skey, etype, &crypto);
839 if (ret) {
840 const char *msg = krb5_get_error_message(context, ret);
841 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
842 krb5_free_error_message(context, msg);
843 free(buf);
844 return ret;
845 }
846
847 ret = krb5_encrypt_EncryptedData(context,
848 crypto,
849 KRB5_KU_TICKET,
850 buf,
851 len,
852 skvno,
853 &rep->ticket.enc_part);
854 free(buf);
855 krb5_crypto_destroy(context, crypto);
856 if(ret) {
857 const char *msg = krb5_get_error_message(context, ret);
858 kdc_log(context, config, 0, "Failed to encrypt data: %s", msg);
859 krb5_free_error_message(context, msg);
860 return ret;
861 }
862
863 if (armor_crypto) {
864 krb5_data data;
865 krb5_keyblock *strengthen_key = NULL;
866 KrbFastFinished finished;
867
868 kdc_log(context, config, 0, "FAST armor protection");
869
870 memset(&finished, 0, sizeof(finished));
871 krb5_data_zero(&data);
872
873 finished.timestamp = kdc_time;
874 finished.usec = 0;
875 finished.crealm = et->crealm;
876 finished.cname = et->cname;
877
878 ASN1_MALLOC_ENCODE(Ticket, data.data, data.length,
879 &rep->ticket, &len, ret);
880 if (ret)
881 return ret;
882 if (data.length != len)
883 krb5_abortx(context, "internal asn.1 error");
884
885 ret = krb5_create_checksum(context, armor_crypto,
886 KRB5_KU_FAST_FINISHED, 0,
887 data.data, data.length,
888 &finished.ticket_checksum);
889 krb5_data_free(&data);
890 if (ret)
891 return ret;
892
893 ret = _kdc_fast_mk_response(context, armor_crypto,
894 rep->padata, strengthen_key, &finished,
895 nonce, &data);
896 free_Checksum(&finished.ticket_checksum);
897 if (ret)
898 return ret;
899
900 if (rep->padata) {
901 free_METHOD_DATA(rep->padata);
902 } else {
903 rep->padata = calloc(1, sizeof(*(rep->padata)));
904 if (rep->padata == NULL) {
905 krb5_data_free(&data);
906 return ENOMEM;
907 }
908 }
909
910 ret = krb5_padata_add(context, rep->padata,
911 KRB5_PADATA_FX_FAST,
912 data.data, data.length);
913 if (ret)
914 return ret;
915
916 /*
917 * Hide client name of privacy reasons
918 */
919 if (1 /* r->fast_options.hide_client_names */) {
920 rep->crealm[0] = '\0';
921 free_PrincipalName(&rep->cname);
922 rep->cname.name_type = 0;
923 }
924 }
925
926 if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep)
927 ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
928 else
929 ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
930 if(ret) {
931 const char *msg = krb5_get_error_message(context, ret);
932 kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
933 krb5_free_error_message(context, msg);
934 return ret;
935 }
936 if(buf_size != len) {
937 free(buf);
938 kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
939 *e_text = "KDC internal error";
940 return KRB5KRB_ERR_GENERIC;
941 }
942 ret = krb5_crypto_init(context, reply_key, 0, &crypto);
943 if (ret) {
944 const char *msg = krb5_get_error_message(context, ret);
945 free(buf);
946 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
947 krb5_free_error_message(context, msg);
948 return ret;
949 }
950 if(rep->msg_type == krb_as_rep) {
951 krb5_encrypt_EncryptedData(context,
952 crypto,
953 KRB5_KU_AS_REP_ENC_PART,
954 buf,
955 len,
956 ckvno,
957 &rep->enc_part);
958 free(buf);
959 ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
960 } else {
961 krb5_encrypt_EncryptedData(context,
962 crypto,
963 rk_is_subkey ? KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : KRB5_KU_TGS_REP_ENC_PART_SESSION,
964 buf,
965 len,
966 ckvno,
967 &rep->enc_part);
968 free(buf);
969 ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
970 }
971 krb5_crypto_destroy(context, crypto);
972 if(ret) {
973 const char *msg = krb5_get_error_message(context, ret);
974 kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
975 krb5_free_error_message(context, msg);
976 return ret;
977 }
978 if(buf_size != len) {
979 free(buf);
980 kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
981 *e_text = "KDC internal error";
982 return KRB5KRB_ERR_GENERIC;
983 }
984 reply->data = buf;
985 reply->length = buf_size;
986 return 0;
987 }
988
989 /*
990 * Return 1 if the client have only older enctypes, this is for
991 * determining if the server should send ETYPE_INFO2 or not.
992 */
993
994 static int
995 older_enctype(krb5_enctype enctype)
996 {
997 switch (enctype) {
998 case ETYPE_DES_CBC_CRC:
999 case ETYPE_DES_CBC_MD4:
1000 case ETYPE_DES_CBC_MD5:
1001 case ETYPE_DES3_CBC_SHA1:
1002 case ETYPE_ARCFOUR_HMAC_MD5:
1003 case ETYPE_ARCFOUR_HMAC_MD5_56:
1004 /*
1005 * The following three is "old" windows enctypes and is needed for
1006 * windows 2000 hosts.
1007 */
1008 case ETYPE_ARCFOUR_MD4:
1009 case ETYPE_ARCFOUR_HMAC_OLD:
1010 case ETYPE_ARCFOUR_HMAC_OLD_EXP:
1011 return 1;
1012 default:
1013 return 0;
1014 }
1015 }
1016
1017 /*
1018 *
1019 */
1020
1021 static krb5_error_code
1022 make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
1023 {
1024 ent->etype = key->key.keytype;
1025 if(key->salt){
1026 #if 0
1027 ALLOC(ent->salttype);
1028
1029 if(key->salt->type == hdb_pw_salt)
1030 *ent->salttype = 0; /* or 1? or NULL? */
1031 else if(key->salt->type == hdb_afs3_salt)
1032 *ent->salttype = 2;
1033 else {
1034 kdc_log(context, config, 0, "unknown salt-type: %d",
1035 key->salt->type);
1036 return KRB5KRB_ERR_GENERIC;
1037 }
1038 /* according to `the specs', we can't send a salt if
1039 we have AFS3 salted key, but that requires that you
1040 *know* what cell you are using (e.g by assuming
1041 that the cell is the same as the realm in lower
1042 case) */
1043 #elif 0
1044 ALLOC(ent->salttype);
1045 *ent->salttype = key->salt->type;
1046 #else
1047 /*
1048 * We shouldn't sent salttype since it is incompatible with the
1049 * specification and it breaks windows clients. The afs
1050 * salting problem is solved by using KRB5-PADATA-AFS3-SALT
1051 * implemented in Heimdal 0.7 and later.
1052 */
1053 ent->salttype = NULL;
1054 #endif
1055 krb5_copy_data(context, &key->salt->salt,
1056 &ent->salt);
1057 } else {
1058 /* we return no salt type at all, as that should indicate
1059 * the default salt type and make everybody happy. some
1060 * systems (like w2k) dislike being told the salt type
1061 * here. */
1062
1063 ent->salttype = NULL;
1064 ent->salt = NULL;
1065 }
1066 return 0;
1067 }
1068
1069 static krb5_error_code
1070 get_pa_etype_info(krb5_context context,
1071 krb5_kdc_configuration *config,
1072 METHOD_DATA *md, Key *ckey)
1073 {
1074 krb5_error_code ret = 0;
1075 ETYPE_INFO pa;
1076 unsigned char *buf;
1077 size_t len;
1078
1079
1080 pa.len = 1;
1081 pa.val = calloc(1, sizeof(pa.val[0]));
1082 if(pa.val == NULL)
1083 return ENOMEM;
1084
1085 ret = make_etype_info_entry(context, &pa.val[0], ckey);
1086 if (ret) {
1087 free_ETYPE_INFO(&pa);
1088 return ret;
1089 }
1090
1091 ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
1092 free_ETYPE_INFO(&pa);
1093 if(ret)
1094 return ret;
1095 ret = realloc_method_data(md);
1096 if(ret) {
1097 free(buf);
1098 return ret;
1099 }
1100 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO;
1101 md->val[md->len - 1].padata_value.length = len;
1102 md->val[md->len - 1].padata_value.data = buf;
1103 return 0;
1104 }
1105
1106 /*
1107 *
1108 */
1109
1110 extern int _krb5_AES_SHA1_string_to_default_iterator;
1111 extern int _krb5_AES_SHA2_string_to_default_iterator;
1112
1113 static krb5_error_code
1114 make_s2kparams(int value, size_t len, krb5_data **ps2kparams)
1115 {
1116 krb5_data *s2kparams;
1117 krb5_error_code ret;
1118
1119 ALLOC(s2kparams);
1120 if (s2kparams == NULL)
1121 return ENOMEM;
1122 ret = krb5_data_alloc(s2kparams, len);
1123 if (ret) {
1124 free(s2kparams);
1125 return ret;
1126 }
1127 _krb5_put_int(s2kparams->data, value, len);
1128 *ps2kparams = s2kparams;
1129 return 0;
1130 }
1131
1132 static krb5_error_code
1133 make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
1134 {
1135 krb5_error_code ret;
1136
1137 ent->etype = key->key.keytype;
1138 if(key->salt) {
1139 ALLOC(ent->salt);
1140 if (ent->salt == NULL)
1141 return ENOMEM;
1142 *ent->salt = malloc(key->salt->salt.length + 1);
1143 if (*ent->salt == NULL) {
1144 free(ent->salt);
1145 ent->salt = NULL;
1146 return ENOMEM;
1147 }
1148 memcpy(*ent->salt, key->salt->salt.data, key->salt->salt.length);
1149 (*ent->salt)[key->salt->salt.length] = '\0';
1150 } else
1151 ent->salt = NULL;
1152
1153 ent->s2kparams = NULL;
1154
1155 switch (key->key.keytype) {
1156 case ETYPE_AES128_CTS_HMAC_SHA1_96:
1157 case ETYPE_AES256_CTS_HMAC_SHA1_96:
1158 ret = make_s2kparams(_krb5_AES_SHA1_string_to_default_iterator,
1159 4, &ent->s2kparams);
1160 break;
1161 case KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128:
1162 case KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192:
1163 ret = make_s2kparams(_krb5_AES_SHA2_string_to_default_iterator,
1164 4, &ent->s2kparams);
1165 break;
1166 case ETYPE_DES_CBC_CRC:
1167 case ETYPE_DES_CBC_MD4:
1168 case ETYPE_DES_CBC_MD5:
1169 /* Check if this was a AFS3 salted key */
1170 if(key->salt && key->salt->type == hdb_afs3_salt)
1171 ret = make_s2kparams(1, 1, &ent->s2kparams);
1172 else
1173 ret = 0;
1174 break;
1175 default:
1176 ret = 0;
1177 break;
1178 }
1179 return ret;
1180 }
1181
1182 /*
1183 * Return an ETYPE-INFO2. Enctypes are storted the same way as in the
1184 * database (client supported enctypes first, then the unsupported
1185 * enctypes).
1186 */
1187
1188 static krb5_error_code
1189 get_pa_etype_info2(krb5_context context,
1190 krb5_kdc_configuration *config,
1191 METHOD_DATA *md, Key *ckey)
1192 {
1193 krb5_error_code ret = 0;
1194 ETYPE_INFO2 pa;
1195 unsigned char *buf;
1196 size_t len;
1197
1198 pa.len = 1;
1199 pa.val = calloc(1, sizeof(pa.val[0]));
1200 if(pa.val == NULL)
1201 return ENOMEM;
1202
1203 ret = make_etype_info2_entry(&pa.val[0], ckey);
1204 if (ret) {
1205 free_ETYPE_INFO2(&pa);
1206 return ret;
1207 }
1208
1209 ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret);
1210 free_ETYPE_INFO2(&pa);
1211 if(ret)
1212 return ret;
1213 ret = realloc_method_data(md);
1214 if(ret) {
1215 free(buf);
1216 return ret;
1217 }
1218 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO2;
1219 md->val[md->len - 1].padata_value.length = len;
1220 md->val[md->len - 1].padata_value.data = buf;
1221 return 0;
1222 }
1223
1224 /*
1225 *
1226 */
1227
1228 static void
1229 log_as_req(krb5_context context,
1230 krb5_kdc_configuration *config,
1231 krb5_enctype cetype,
1232 krb5_enctype setype,
1233 const KDC_REQ_BODY *b)
1234 {
1235 krb5_error_code ret;
1236 struct rk_strpool *p;
1237 char *str;
1238 size_t i;
1239
1240 p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: ");
1241
1242 for (i = 0; i < b->etype.len; i++) {
1243 ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
1244 if (ret == 0) {
1245 p = rk_strpoolprintf(p, "%s", str);
1246 free(str);
1247 } else
1248 p = rk_strpoolprintf(p, "%d", b->etype.val[i]);
1249 if (p && i + 1 < b->etype.len)
1250 p = rk_strpoolprintf(p, ", ");
1251 if (p == NULL) {
1252 kdc_log(context, config, 0, "out of memory");
1253 return;
1254 }
1255 }
1256 if (p == NULL)
1257 p = rk_strpoolprintf(p, "no encryption types");
1258
1259 {
1260 char *cet;
1261 char *set;
1262
1263 ret = krb5_enctype_to_string(context, cetype, &cet);
1264 if(ret == 0) {
1265 ret = krb5_enctype_to_string(context, setype, &set);
1266 if (ret == 0) {
1267 p = rk_strpoolprintf(p, ", using %s/%s", cet, set);
1268 free(set);
1269 }
1270 free(cet);
1271 }
1272 if (ret != 0)
1273 p = rk_strpoolprintf(p, ", using enctypes %d/%d",
1274 cetype, setype);
1275 }
1276
1277 str = rk_strpoolcollect(p);
1278 kdc_log(context, config, 0, "%s", str);
1279 free(str);
1280
1281 {
1282 char fixedstr[128];
1283 unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(),
1284 fixedstr, sizeof(fixedstr));
1285 if(*fixedstr)
1286 kdc_log(context, config, 0, "Requested flags: %s", fixedstr);
1287 }
1288 }
1289
1290 /*
1291 * verify the flags on `client' and `server', returning 0
1292 * if they are OK and generating an error messages and returning
1293 * and error code otherwise.
1294 */
1295
1296 krb5_error_code
1297 kdc_check_flags(krb5_context context,
1298 krb5_kdc_configuration *config,
1299 hdb_entry_ex *client_ex, const char *client_name,
1300 hdb_entry_ex *server_ex, const char *server_name,
1301 krb5_boolean is_as_req)
1302 {
1303 if(client_ex != NULL) {
1304 hdb_entry *client = &client_ex->entry;
1305
1306 /* check client */
1307 if (client->flags.locked_out) {
1308 kdc_log(context, config, 0,
1309 "Client (%s) is locked out", client_name);
1310 return KRB5KDC_ERR_POLICY;
1311 }
1312
1313 if (client->flags.invalid) {
1314 kdc_log(context, config, 0,
1315 "Client (%s) has invalid bit set", client_name);
1316 return KRB5KDC_ERR_POLICY;
1317 }
1318
1319 if(!client->flags.client){
1320 kdc_log(context, config, 0,
1321 "Principal may not act as client -- %s", client_name);
1322 return KRB5KDC_ERR_POLICY;
1323 }
1324
1325 if (client->valid_start && *client->valid_start > kdc_time) {
1326 char starttime_str[100];
1327 krb5_format_time(context, *client->valid_start,
1328 starttime_str, sizeof(starttime_str), TRUE);
1329 kdc_log(context, config, 0,
1330 "Client not yet valid until %s -- %s",
1331 starttime_str, client_name);
1332 return KRB5KDC_ERR_CLIENT_NOTYET;
1333 }
1334
1335 if (client->valid_end && *client->valid_end < kdc_time) {
1336 char endtime_str[100];
1337 krb5_format_time(context, *client->valid_end,
1338 endtime_str, sizeof(endtime_str), TRUE);
1339 kdc_log(context, config, 0,
1340 "Client expired at %s -- %s",
1341 endtime_str, client_name);
1342 return KRB5KDC_ERR_NAME_EXP;
1343 }
1344
1345 if (client->flags.require_pwchange &&
1346 (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
1347 kdc_log(context, config, 0,
1348 "Client's key must be changed -- %s", client_name);
1349 return KRB5KDC_ERR_KEY_EXPIRED;
1350 }
1351
1352 if (client->pw_end && *client->pw_end < kdc_time
1353 && (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
1354 char pwend_str[100];
1355 krb5_format_time(context, *client->pw_end,
1356 pwend_str, sizeof(pwend_str), TRUE);
1357 kdc_log(context, config, 0,
1358 "Client's key has expired at %s -- %s",
1359 pwend_str, client_name);
1360 return KRB5KDC_ERR_KEY_EXPIRED;
1361 }
1362 }
1363
1364 /* check server */
1365
1366 if (server_ex != NULL) {
1367 hdb_entry *server = &server_ex->entry;
1368
1369 if (server->flags.locked_out) {
1370 kdc_log(context, config, 0,
1371 "Client server locked out -- %s", server_name);
1372 return KRB5KDC_ERR_POLICY;
1373 }
1374 if (server->flags.invalid) {
1375 kdc_log(context, config, 0,
1376 "Server has invalid flag set -- %s", server_name);
1377 return KRB5KDC_ERR_POLICY;
1378 }
1379
1380 if(!server->flags.server){
1381 kdc_log(context, config, 0,
1382 "Principal may not act as server -- %s", server_name);
1383 return KRB5KDC_ERR_POLICY;
1384 }
1385
1386 if(!is_as_req && server->flags.initial) {
1387 kdc_log(context, config, 0,
1388 "AS-REQ is required for server -- %s", server_name);
1389 return KRB5KDC_ERR_POLICY;
1390 }
1391
1392 if (server->valid_start && *server->valid_start > kdc_time) {
1393 char starttime_str[100];
1394 krb5_format_time(context, *server->valid_start,
1395 starttime_str, sizeof(starttime_str), TRUE);
1396 kdc_log(context, config, 0,
1397 "Server not yet valid until %s -- %s",
1398 starttime_str, server_name);
1399 return KRB5KDC_ERR_SERVICE_NOTYET;
1400 }
1401
1402 if (server->valid_end && *server->valid_end < kdc_time) {
1403 char endtime_str[100];
1404 krb5_format_time(context, *server->valid_end,
1405 endtime_str, sizeof(endtime_str), TRUE);
1406 kdc_log(context, config, 0,
1407 "Server expired at %s -- %s",
1408 endtime_str, server_name);
1409 return KRB5KDC_ERR_SERVICE_EXP;
1410 }
1411
1412 if (server->pw_end && *server->pw_end < kdc_time) {
1413 char pwend_str[100];
1414 krb5_format_time(context, *server->pw_end,
1415 pwend_str, sizeof(pwend_str), TRUE);
1416 kdc_log(context, config, 0,
1417 "Server's key has expired at -- %s",
1418 pwend_str, server_name);
1419 return KRB5KDC_ERR_KEY_EXPIRED;
1420 }
1421 }
1422 return 0;
1423 }
1424
1425 /*
1426 * Return TRUE if `from' is part of `addresses' taking into consideration
1427 * the configuration variables that tells us how strict we should be about
1428 * these checks
1429 */
1430
1431 krb5_boolean
1432 _kdc_check_addresses(krb5_context context,
1433 krb5_kdc_configuration *config,
1434 HostAddresses *addresses, const struct sockaddr *from)
1435 {
1436 krb5_error_code ret;
1437 krb5_address addr;
1438 krb5_boolean result;
1439 krb5_boolean only_netbios = TRUE;
1440 size_t i;
1441
1442 if(config->check_ticket_addresses == 0)
1443 return TRUE;
1444
1445 if(addresses == NULL)
1446 return config->allow_null_ticket_addresses;
1447
1448 for (i = 0; i < addresses->len; ++i) {
1449 if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
1450 only_netbios = FALSE;
1451 }
1452 }
1453
1454 /* Windows sends it's netbios name, which I can only assume is
1455 * used for the 'allowed workstations' check. This is painful,
1456 * but we still want to check IP addresses if they happen to be
1457 * present.
1458 */
1459
1460 if(only_netbios)
1461 return config->allow_null_ticket_addresses;
1462
1463 ret = krb5_sockaddr2address (context, from, &addr);
1464 if(ret)
1465 return FALSE;
1466
1467 result = krb5_address_search(context, &addr, addresses);
1468 krb5_free_address (context, &addr);
1469 return result;
1470 }
1471
1472 /*
1473 *
1474 */
1475
1476 static krb5_boolean
1477 send_pac_p(krb5_context context, KDC_REQ *req)
1478 {
1479 krb5_error_code ret;
1480 PA_PAC_REQUEST pacreq;
1481 const PA_DATA *pa;
1482 int i = 0;
1483
1484 pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST);
1485 if (pa == NULL)
1486 return TRUE;
1487
1488 ret = decode_PA_PAC_REQUEST(pa->padata_value.data,
1489 pa->padata_value.length,
1490 &pacreq,
1491 NULL);
1492 if (ret)
1493 return TRUE;
1494 i = pacreq.include_pac;
1495 free_PA_PAC_REQUEST(&pacreq);
1496 if (i == 0)
1497 return FALSE;
1498 return TRUE;
1499 }
1500
1501 /*
1502 *
1503 */
1504
1505 static krb5_error_code
1506 generate_pac(kdc_request_t r, Key *skey)
1507 {
1508 krb5_error_code ret;
1509 krb5_pac p = NULL;
1510 krb5_data data;
1511
1512 ret = _kdc_pac_generate(r->context, r->client, &p);
1513 if (ret) {
1514 _kdc_r_log(r, 0, "PAC generation failed for -- %s",
1515 r->client_name);
1516 return ret;
1517 }
1518 if (p == NULL)
1519 return 0;
1520
1521 ret = _krb5_pac_sign(r->context, p, r->et.authtime,
1522 r->client->entry.principal,
1523 &skey->key, /* Server key */
1524 &skey->key, /* FIXME: should be krbtgt key */
1525 &data);
1526 krb5_pac_free(r->context, p);
1527 if (ret) {
1528 _kdc_r_log(r, 0, "PAC signing failed for -- %s",
1529 r->client_name);
1530 return ret;
1531 }
1532
1533 ret = _kdc_tkt_add_if_relevant_ad(r->context, &r->et,
1534 KRB5_AUTHDATA_WIN2K_PAC,
1535 &data);
1536 krb5_data_free(&data);
1537
1538 return ret;
1539 }
1540
1541 /*
1542 *
1543 */
1544
1545 krb5_boolean
1546 _kdc_is_anonymous(krb5_context context, krb5_principal principal)
1547 {
1548 if ((principal->name.name_type != KRB5_NT_WELLKNOWN &&
1549 principal->name.name_type != KRB5_NT_UNKNOWN) ||
1550 principal->name.name_string.len != 2 ||
1551 strcmp(principal->name.name_string.val[0], KRB5_WELLKNOWN_NAME) != 0 ||
1552 strcmp(principal->name.name_string.val[1], KRB5_ANON_NAME) != 0)
1553 return 0;
1554 return 1;
1555 }
1556
1557 static int
1558 require_preauth_p(kdc_request_t r)
1559 {
1560 return r->config->require_preauth
1561 || r->client->entry.flags.require_preauth
1562 || r->server->entry.flags.require_preauth;
1563 }
1564
1565
1566 /*
1567 *
1568 */
1569
1570 static krb5_error_code
1571 add_enc_pa_rep(kdc_request_t r)
1572 {
1573 krb5_error_code ret;
1574 krb5_crypto crypto;
1575 Checksum checksum;
1576 krb5_data cdata;
1577 size_t len;
1578
1579 ret = krb5_crypto_init(r->context, &r->reply_key, 0, &crypto);
1580 if (ret)
1581 return ret;
1582
1583 ret = krb5_create_checksum(r->context, crypto,
1584 KRB5_KU_AS_REQ, 0,
1585 r->request.data, r->request.length,
1586 &checksum);
1587 krb5_crypto_destroy(r->context, crypto);
1588 if (ret)
1589 return ret;
1590
1591 ASN1_MALLOC_ENCODE(Checksum, cdata.data, cdata.length,
1592 &checksum, &len, ret);
1593 free_Checksum(&checksum);
1594 if (ret)
1595 return ret;
1596 heim_assert(cdata.length == len, "ASN.1 internal error");
1597
1598 if (r->ek.encrypted_pa_data == NULL) {
1599 ALLOC(r->ek.encrypted_pa_data);
1600 if (r->ek.encrypted_pa_data == NULL)
1601 return ENOMEM;
1602 }
1603 ret = krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1604 KRB5_PADATA_REQ_ENC_PA_REP, cdata.data, cdata.length);
1605 if (ret)
1606 return ret;
1607
1608 return krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1609 KRB5_PADATA_FX_FAST, NULL, 0);
1610 }
1611
1612 /*
1613 *
1614 */
1615
1616 krb5_error_code
1617 _kdc_as_rep(kdc_request_t r,
1618 krb5_data *reply,
1619 const char *from,
1620 struct sockaddr *from_addr,
1621 int datagram_reply)
1622 {
1623 krb5_context context = r->context;
1624 krb5_kdc_configuration *config = r->config;
1625 KDC_REQ *req = &r->req;
1626 KDC_REQ_BODY *b = NULL;
1627 AS_REP rep;
1628 KDCOptions f;
1629 krb5_enctype setype;
1630 krb5_error_code ret = 0;
1631 Key *skey;
1632 int found_pa = 0;
1633 int i, flags = HDB_F_FOR_AS_REQ;
1634 METHOD_DATA error_method;
1635 const PA_DATA *pa;
1636
1637 memset(&rep, 0, sizeof(rep));
1638 error_method.len = 0;
1639 error_method.val = NULL;
1640
1641 /*
1642 * Look for FAST armor and unwrap
1643 */
1644 ret = _kdc_fast_unwrap_request(r);
1645 if (ret) {
1646 _kdc_r_log(r, 0, "FAST unwrap request from %s failed: %d", from, ret);
1647 goto out;
1648 }
1649
1650 b = &req->req_body;
1651 f = b->kdc_options;
1652
1653 if (f.canonicalize)
1654 flags |= HDB_F_CANON;
1655
1656 if(b->sname == NULL){
1657 ret = KRB5KRB_ERR_GENERIC;
1658 _kdc_set_e_text(r, "No server in request");
1659 } else{
1660 ret = _krb5_principalname2krb5_principal (context,
1661 &r->server_princ,
1662 *(b->sname),
1663 b->realm);
1664 if (ret == 0)
1665 ret = krb5_unparse_name(context, r->server_princ, &r->server_name);
1666 }
1667 if (ret) {
1668 kdc_log(context, config, 0,
1669 "AS-REQ malformed server name from %s", from);
1670 goto out;
1671 }
1672 if(b->cname == NULL){
1673 ret = KRB5KRB_ERR_GENERIC;
1674 _kdc_set_e_text(r, "No client in request");
1675 } else {
1676 ret = _krb5_principalname2krb5_principal (context,
1677 &r->client_princ,
1678 *(b->cname),
1679 b->realm);
1680 if (ret)
1681 goto out;
1682
1683 ret = krb5_unparse_name(context, r->client_princ, &r->client_name);
1684 }
1685 if (ret) {
1686 kdc_log(context, config, 0,
1687 "AS-REQ malformed client name from %s", from);
1688 goto out;
1689 }
1690
1691 kdc_log(context, config, 0, "AS-REQ %s from %s for %s",
1692 r->client_name, from, r->server_name);
1693
1694 /*
1695 *
1696 */
1697
1698 if (_kdc_is_anonymous(context, r->client_princ)) {
1699 if (!_kdc_is_anon_request(b)) {
1700 kdc_log(context, config, 0, "Anonymous ticket w/o anonymous flag");
1701 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1702 goto out;
1703 }
1704 } else if (_kdc_is_anon_request(b)) {
1705 kdc_log(context, config, 0,
1706 "Request for a anonymous ticket with non "
1707 "anonymous client name: %s", r->client_name);
1708 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1709 goto out;
1710 }
1711
1712 /*
1713 *
1714 */
1715
1716 ret = _kdc_db_fetch(context, config, r->client_princ,
1717 HDB_F_GET_CLIENT | flags, NULL,
1718 &r->clientdb, &r->client);
1719 if(ret == HDB_ERR_NOT_FOUND_HERE) {
1720 kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy",
1721 r->client_name);
1722 goto out;
1723 } else if (ret == HDB_ERR_WRONG_REALM) {
1724 char *fixed_client_name = NULL;
1725
1726 ret = krb5_unparse_name(context, r->client->entry.principal,
1727 &fixed_client_name);
1728 if (ret) {
1729 goto out;
1730 }
1731
1732 kdc_log(context, config, 0, "WRONG_REALM - %s -> %s",
1733 r->client_name, fixed_client_name);
1734 free(fixed_client_name);
1735
1736 ret = _kdc_fast_mk_error(context, r,
1737 &error_method,
1738 r->armor_crypto,
1739 &req->req_body,
1740 KRB5_KDC_ERR_WRONG_REALM,
1741 NULL,
1742 r->server_princ,
1743 NULL,
1744 &r->client->entry.principal->realm,
1745 NULL, NULL,
1746 reply);
1747 goto out;
1748 } else if(ret){
1749 const char *msg = krb5_get_error_message(context, ret);
1750 kdc_log(context, config, 0, "UNKNOWN -- %s: %s", r->client_name, msg);
1751 krb5_free_error_message(context, msg);
1752 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1753 goto out;
1754 }
1755 ret = _kdc_db_fetch(context, config, r->server_princ,
1756 HDB_F_GET_SERVER|HDB_F_GET_KRBTGT | flags,
1757 NULL, NULL, &r->server);
1758 if(ret == HDB_ERR_NOT_FOUND_HERE) {
1759 kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy",
1760 r->server_name);
1761 goto out;
1762 } else if(ret){
1763 const char *msg = krb5_get_error_message(context, ret);
1764 kdc_log(context, config, 0, "UNKNOWN -- %s: %s", r->server_name, msg);
1765 krb5_free_error_message(context, msg);
1766 ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
1767 goto out;
1768 }
1769
1770 /*
1771 * Select a session enctype from the list of the crypto system
1772 * supported enctypes that is supported by the client and is one of
1773 * the enctype of the enctype of the service (likely krbtgt).
1774 *
1775 * The latter is used as a hint of what enctypes all KDC support,
1776 * to make sure a newer version of KDC won't generate a session
1777 * enctype that an older version of a KDC in the same realm can't
1778 * decrypt.
1779 */
1780
1781 ret = _kdc_find_etype(context,
1782 krb5_principal_is_krbtgt(context, r->server_princ) ?
1783 config->tgt_use_strongest_session_key :
1784 config->svc_use_strongest_session_key, FALSE,
1785 r->client, b->etype.val, b->etype.len, &r->sessionetype,
1786 NULL);
1787 if (ret) {
1788 kdc_log(context, config, 0,
1789 "Client (%s) from %s has no common enctypes with KDC "
1790 "to use for the session key",
1791 r->client_name, from);
1792 goto out;
1793 }
1794
1795 /*
1796 * Pre-auth processing
1797 */
1798
1799 if(req->padata){
1800 unsigned int n;
1801
1802 log_patypes(context, config, req->padata);
1803
1804 /* Check if preauth matching */
1805
1806 for (n = 0; !found_pa && n < sizeof(pat) / sizeof(pat[0]); n++) {
1807 if (pat[n].validate == NULL)
1808 continue;
1809 if (r->armor_crypto == NULL && (pat[n].flags & PA_REQ_FAST))
1810 continue;
1811
1812 kdc_log(context, config, 5,
1813 "Looking for %s pa-data -- %s", pat[n].name, r->client_name);
1814 i = 0;
1815 pa = _kdc_find_padata(req, &i, pat[n].type);
1816 if (pa) {
1817 ret = pat[n].validate(r, pa);
1818 if (ret != 0) {
1819 goto out;
1820 }
1821 kdc_log(context, config, 0,
1822 "%s pre-authentication succeeded -- %s",
1823 pat[n].name, r->client_name);
1824 found_pa = 1;
1825 r->et.flags.pre_authent = 1;
1826 }
1827 }
1828 }
1829
1830 if (found_pa == 0) {
1831 Key *ckey = NULL;
1832 size_t n;
1833
1834 for (n = 0; n < sizeof(pat) / sizeof(pat[0]); n++) {
1835 if ((pat[n].flags & PA_ANNOUNCE) == 0)
1836 continue;
1837 ret = krb5_padata_add(context, &error_method,
1838 pat[n].type, NULL, 0);
1839 if (ret)
1840 goto out;
1841 }
1842
1843 /*
1844 * If there is a client key, send ETYPE_INFO{,2}
1845 */
1846 ret = _kdc_find_etype(context,
1847 config->preauth_use_strongest_session_key, TRUE,
1848 r->client, b->etype.val, b->etype.len, NULL, &ckey);
1849 if (ret == 0) {
1850
1851 /*
1852 * RFC4120 requires:
1853 * - If the client only knows about old enctypes, then send
1854 * both info replies (we send 'info' first in the list).
1855 * - If the client is 'modern', because it knows about 'new'
1856 * enctype types, then only send the 'info2' reply.
1857 *
1858 * Before we send the full list of etype-info data, we pick
1859 * the client key we would have used anyway below, just pick
1860 * that instead.
1861 */
1862
1863 if (older_enctype(ckey->key.keytype)) {
1864 ret = get_pa_etype_info(context, config,
1865 &error_method, ckey);
1866 if (ret)
1867 goto out;
1868 }
1869 ret = get_pa_etype_info2(context, config,
1870 &error_method, ckey);
1871 if (ret)
1872 goto out;
1873 }
1874
1875 /*
1876 * send requre preauth is its required or anon is requested,
1877 * anon is today only allowed via preauth mechanisms.
1878 */
1879 if (require_preauth_p(r) || _kdc_is_anon_request(b)) {
1880 ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
1881 _kdc_set_e_text(r, "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ");
1882 goto out;
1883 }
1884
1885 if (ckey == NULL) {
1886 ret = KRB5KDC_ERR_CLIENT_NOTYET;
1887 _kdc_set_e_text(r, "Doesn't have a client key available");
1888 goto out;
1889 }
1890 krb5_free_keyblock_contents(r->context, &r->reply_key);
1891 ret = krb5_copy_keyblock_contents(r->context, &ckey->key, &r->reply_key);
1892 if (ret)
1893 goto out;
1894 }
1895
1896 if (r->clientdb->hdb_auth_status) {
1897 r->clientdb->hdb_auth_status(context, r->clientdb, r->client,
1898 HDB_AUTH_SUCCESS);
1899 }
1900
1901 /*
1902 * Verify flags after the user been required to prove its identity
1903 * with in a preauth mech.
1904 */
1905
1906 ret = _kdc_check_access(context, config, r->client, r->client_name,
1907 r->server, r->server_name,
1908 req, &error_method);
1909 if(ret)
1910 goto out;
1911
1912 /*
1913 * Select the best encryption type for the KDC with out regard to
1914 * the client since the client never needs to read that data.
1915 */
1916
1917 ret = _kdc_get_preferred_key(context, config,
1918 r->server, r->server_name,
1919 &setype, &skey);
1920 if(ret)
1921 goto out;
1922
1923 if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
1924 || (_kdc_is_anon_request(b) && !config->allow_anonymous)) {
1925 ret = KRB5KDC_ERR_BADOPTION;
1926 _kdc_set_e_text(r, "Bad KDC options");
1927 goto out;
1928 }
1929
1930 /*
1931 * Build reply
1932 */
1933
1934 rep.pvno = 5;
1935 rep.msg_type = krb_as_rep;
1936
1937 if (_kdc_is_anonymous(context, r->client_princ)) {
1938 Realm anon_realm=KRB5_ANON_REALM;
1939 ret = copy_Realm(&anon_realm, &rep.crealm);
1940 } else
1941 ret = copy_Realm(&r->client->entry.principal->realm, &rep.crealm);
1942 if (ret)
1943 goto out;
1944 ret = _krb5_principal2principalname(&rep.cname, r->client->entry.principal);
1945 if (ret)
1946 goto out;
1947
1948 rep.ticket.tkt_vno = 5;
1949 copy_Realm(&r->server->entry.principal->realm, &rep.ticket.realm);
1950 _krb5_principal2principalname(&rep.ticket.sname,
1951 r->server->entry.principal);
1952 /* java 1.6 expects the name to be the same type, lets allow that
1953 * uncomplicated name-types. */
1954 #define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
1955 if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
1956 rep.ticket.sname.name_type = b->sname->name_type;
1957 #undef CNT
1958
1959 r->et.flags.initial = 1;
1960 if(r->client->entry.flags.forwardable && r->server->entry.flags.forwardable)
1961 r->et.flags.forwardable = f.forwardable;
1962 else if (f.forwardable) {
1963 _kdc_set_e_text(r, "Ticket may not be forwardable");
1964 ret = KRB5KDC_ERR_POLICY;
1965 goto out;
1966 }
1967 if(r->client->entry.flags.proxiable && r->server->entry.flags.proxiable)
1968 r->et.flags.proxiable = f.proxiable;
1969 else if (f.proxiable) {
1970 _kdc_set_e_text(r, "Ticket may not be proxiable");
1971 ret = KRB5KDC_ERR_POLICY;
1972 goto out;
1973 }
1974 if(r->client->entry.flags.postdate && r->server->entry.flags.postdate)
1975 r->et.flags.may_postdate = f.allow_postdate;
1976 else if (f.allow_postdate){
1977 _kdc_set_e_text(r, "Ticket may not be postdate");
1978 ret = KRB5KDC_ERR_POLICY;
1979 goto out;
1980 }
1981
1982 /* check for valid set of addresses */
1983 if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) {
1984 _kdc_set_e_text(r, "Bad address list in requested");
1985 ret = KRB5KRB_AP_ERR_BADADDR;
1986 goto out;
1987 }
1988
1989 ret = copy_PrincipalName(&rep.cname, &r->et.cname);
1990 if (ret)
1991 goto out;
1992 ret = copy_Realm(&rep.crealm, &r->et.crealm);
1993 if (ret)
1994 goto out;
1995
1996 {
1997 time_t start;
1998 time_t t;
1999
2000 start = r->et.authtime = kdc_time;
2001
2002 if(f.postdated && req->req_body.from){
2003 ALLOC(r->et.starttime);
2004 start = *r->et.starttime = *req->req_body.from;
2005 r->et.flags.invalid = 1;
2006 r->et.flags.postdated = 1; /* XXX ??? */
2007 }
2008 _kdc_fix_time(&b->till);
2009 t = *b->till;
2010
2011 /* be careful not overflowing */
2012
2013 if(r->client->entry.max_life)
2014 t = start + min(t - start, *r->client->entry.max_life);
2015 if(r->server->entry.max_life)
2016 t = start + min(t - start, *r->server->entry.max_life);
2017 #if 0
2018 t = min(t, start + realm->max_life);
2019 #endif
2020 r->et.endtime = t;
2021 if(f.renewable_ok && r->et.endtime < *b->till){
2022 f.renewable = 1;
2023 if(b->rtime == NULL){
2024 ALLOC(b->rtime);
2025 *b->rtime = 0;
2026 }
2027 if(*b->rtime < *b->till)
2028 *b->rtime = *b->till;
2029 }
2030 if(f.renewable && b->rtime){
2031 t = *b->rtime;
2032 if(t == 0)
2033 t = MAX_TIME;
2034 if(r->client->entry.max_renew)
2035 t = start + min(t - start, *r->client->entry.max_renew);
2036 if(r->server->entry.max_renew)
2037 t = start + min(t - start, *r->server->entry.max_renew);
2038 #if 0
2039 t = min(t, start + realm->max_renew);
2040 #endif
2041 ALLOC(r->et.renew_till);
2042 *r->et.renew_till = t;
2043 r->et.flags.renewable = 1;
2044 }
2045 }
2046
2047 if (_kdc_is_anon_request(b))
2048 r->et.flags.anonymous = 1;
2049
2050 if(b->addresses){
2051 ALLOC(r->et.caddr);
2052 copy_HostAddresses(b->addresses, r->et.caddr);
2053 }
2054
2055 r->et.transited.tr_type = DOMAIN_X500_COMPRESS;
2056 krb5_data_zero(&r->et.transited.contents);
2057
2058 /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
2059 * as 0 and as 0x80 (meaning indefinite length) apart, and is thus
2060 * incapable of correctly decoding SEQUENCE OF's of zero length.
2061 *
2062 * To fix this, always send at least one no-op last_req
2063 *
2064 * If there's a pw_end or valid_end we will use that,
2065 * otherwise just a dummy lr.
2066 */
2067 r->ek.last_req.val = malloc(2 * sizeof(*r->ek.last_req.val));
2068 if (r->ek.last_req.val == NULL) {
2069 ret = ENOMEM;
2070 goto out;
2071 }
2072 r->ek.last_req.len = 0;
2073 if (r->client->entry.pw_end
2074 && (config->kdc_warn_pwexpire == 0
2075 || kdc_time + config->kdc_warn_pwexpire >= *r->client->entry.pw_end)) {
2076 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_PW_EXPTIME;
2077 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.pw_end;
2078 ++r->ek.last_req.len;
2079 }
2080 if (r->client->entry.valid_end) {
2081 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_ACCT_EXPTIME;
2082 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.valid_end;
2083 ++r->ek.last_req.len;
2084 }
2085 if (r->ek.last_req.len == 0) {
2086 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_NONE;
2087 r->ek.last_req.val[r->ek.last_req.len].lr_value = 0;
2088 ++r->ek.last_req.len;
2089 }
2090 r->ek.nonce = b->nonce;
2091 if (r->client->entry.valid_end || r->client->entry.pw_end) {
2092 ALLOC(r->ek.key_expiration);
2093 if (r->client->entry.valid_end) {
2094 if (r->client->entry.pw_end)
2095 *r->ek.key_expiration = min(*r->client->entry.valid_end,
2096 *r->client->entry.pw_end);
2097 else
2098 *r->ek.key_expiration = *r->client->entry.valid_end;
2099 } else
2100 *r->ek.key_expiration = *r->client->entry.pw_end;
2101 } else
2102 r->ek.key_expiration = NULL;
2103 r->ek.flags = r->et.flags;
2104 r->ek.authtime = r->et.authtime;
2105 if (r->et.starttime) {
2106 ALLOC(r->ek.starttime);
2107 *r->ek.starttime = *r->et.starttime;
2108 }
2109 r->ek.endtime = r->et.endtime;
2110 if (r->et.renew_till) {
2111 ALLOC(r->ek.renew_till);
2112 *r->ek.renew_till = *r->et.renew_till;
2113 }
2114 copy_Realm(&rep.ticket.realm, &r->ek.srealm);
2115 copy_PrincipalName(&rep.ticket.sname, &r->ek.sname);
2116 if(r->et.caddr){
2117 ALLOC(r->ek.caddr);
2118 copy_HostAddresses(r->et.caddr, r->ek.caddr);
2119 }
2120
2121 /*
2122 * Check and session and reply keys
2123 */
2124
2125 if (r->session_key.keytype == ETYPE_NULL) {
2126 ret = krb5_generate_random_keyblock(context, r->sessionetype, &r->session_key);
2127 if (ret)
2128 goto out;
2129 }
2130
2131 if (r->reply_key.keytype == ETYPE_NULL) {
2132 _kdc_set_e_text(r, "Client have no reply key");
2133 ret = KRB5KDC_ERR_CLIENT_NOTYET;
2134 goto out;
2135 }
2136
2137 ret = copy_EncryptionKey(&r->session_key, &r->et.key);
2138 if (ret)
2139 goto out;
2140
2141 ret = copy_EncryptionKey(&r->session_key, &r->ek.key);
2142 if (ret)
2143 goto out;
2144
2145 if (r->outpadata.len) {
2146
2147 ALLOC(rep.padata);
2148 if (rep.padata == NULL) {
2149 ret = ENOMEM;
2150 goto out;
2151 }
2152 ret = copy_METHOD_DATA(&r->outpadata, rep.padata);
2153 if (ret)
2154 goto out;
2155 }
2156
2157 /* Add the PAC */
2158 if (send_pac_p(context, req)) {
2159 generate_pac(r, skey);
2160 }
2161
2162 _kdc_log_timestamp(context, config, "AS-REQ", r->et.authtime, r->et.starttime,
2163 r->et.endtime, r->et.renew_till);
2164
2165 /* do this as the last thing since this signs the EncTicketPart */
2166 ret = _kdc_add_KRB5SignedPath(context,
2167 config,
2168 r->server,
2169 setype,
2170 r->client->entry.principal,
2171 NULL,
2172 NULL,
2173 &r->et);
2174 if (ret)
2175 goto out;
2176
2177 log_as_req(context, config, r->reply_key.keytype, setype, b);
2178
2179 /*
2180 * We always say we support FAST/enc-pa-rep
2181 */
2182
2183 r->et.flags.enc_pa_rep = r->ek.flags.enc_pa_rep = 1;
2184
2185 /*
2186 * Add REQ_ENC_PA_REP if client supports it
2187 */
2188
2189 i = 0;
2190 pa = _kdc_find_padata(req, &i, KRB5_PADATA_REQ_ENC_PA_REP);
2191 if (pa) {
2192
2193 ret = add_enc_pa_rep(r);
2194 if (ret) {
2195 const char *msg = krb5_get_error_message(r->context, ret);
2196 _kdc_r_log(r, 0, "add_enc_pa_rep failed: %s: %d", msg, ret);
2197 krb5_free_error_message(r->context, msg);
2198 goto out;
2199 }
2200 }
2201
2202 /*
2203 *
2204 */
2205
2206 ret = _kdc_encode_reply(context, config,
2207 r->armor_crypto, req->req_body.nonce,
2208 &rep, &r->et, &r->ek, setype, r->server->entry.kvno,
2209 &skey->key, r->client->entry.kvno,
2210 &r->reply_key, 0, &r->e_text, reply);
2211 if (ret)
2212 goto out;
2213
2214 /*
2215 * Check if message too large
2216 */
2217 if (datagram_reply && reply->length > config->max_datagram_reply_length) {
2218 krb5_data_free(reply);
2219 ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
2220 _kdc_set_e_text(r, "Reply packet too large");
2221 }
2222
2223 out:
2224 free_AS_REP(&rep);
2225
2226 /*
2227 * In case of a non proxy error, build an error message.
2228 */
2229 if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
2230 ret = _kdc_fast_mk_error(context, r,
2231 &error_method,
2232 r->armor_crypto,
2233 &req->req_body,
2234 ret, r->e_text,
2235 r->server_princ,
2236 &r->client_princ->name,
2237 &r->client_princ->realm,
2238 NULL, NULL,
2239 reply);
2240 if (ret)
2241 goto out2;
2242 }
2243 out2:
2244 free_EncTicketPart(&r->et);
2245 free_EncKDCRepPart(&r->ek);
2246 free_KDCFastState(&r->fast);
2247
2248 if (error_method.len)
2249 free_METHOD_DATA(&error_method);
2250 if (r->outpadata.len)
2251 free_METHOD_DATA(&r->outpadata);
2252 if (r->client_princ) {
2253 krb5_free_principal(context, r->client_princ);
2254 r->client_princ = NULL;
2255 }
2256 if (r->client_name) {
2257 free(r->client_name);
2258 r->client_name = NULL;
2259 }
2260 if (r->server_princ){
2261 krb5_free_principal(context, r->server_princ);
2262 r->server_princ = NULL;
2263 }
2264 if (r->server_name) {
2265 free(r->server_name);
2266 r->server_name = NULL;
2267 }
2268 if (r->client)
2269 _kdc_free_ent(context, r->client);
2270 if (r->server)
2271 _kdc_free_ent(context, r->server);
2272 if (r->armor_crypto) {
2273 krb5_crypto_destroy(r->context, r->armor_crypto);
2274 r->armor_crypto = NULL;
2275 }
2276 krb5_free_keyblock_contents(r->context, &r->reply_key);
2277 krb5_free_keyblock_contents(r->context, &r->session_key);
2278 return ret;
2279 }
2280
2281 /*
2282 * Add the AuthorizationData `data´ of `type´ to the last element in
2283 * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT
2284 */
2285
2286 krb5_error_code
2287 _kdc_tkt_add_if_relevant_ad(krb5_context context,
2288 EncTicketPart *tkt,
2289 int type,
2290 const krb5_data *data)
2291 {
2292 krb5_error_code ret;
2293 size_t size = 0;
2294
2295 if (tkt->authorization_data == NULL) {
2296 tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
2297 if (tkt->authorization_data == NULL) {
2298 krb5_set_error_message(context, ENOMEM, "out of memory");
2299 return ENOMEM;
2300 }
2301 }
2302
2303 /* add the entry to the last element */
2304 {
2305 AuthorizationData ad = { 0, NULL };
2306 AuthorizationDataElement ade;
2307
2308 ade.ad_type = type;
2309 ade.ad_data = *data;
2310
2311 ret = add_AuthorizationData(&ad, &ade);
2312 if (ret) {
2313 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2314 return ret;
2315 }
2316
2317 ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
2318
2319 ASN1_MALLOC_ENCODE(AuthorizationData,
2320 ade.ad_data.data, ade.ad_data.length,
2321 &ad, &size, ret);
2322 free_AuthorizationData(&ad);
2323 if (ret) {
2324 krb5_set_error_message(context, ret, "ASN.1 encode of "
2325 "AuthorizationData failed");
2326 return ret;
2327 }
2328 if (ade.ad_data.length != size)
2329 krb5_abortx(context, "internal asn.1 encoder error");
2330
2331 ret = add_AuthorizationData(tkt->authorization_data, &ade);
2332 der_free_octet_string(&ade.ad_data);
2333 if (ret) {
2334 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2335 return ret;
2336 }
2337 }
2338
2339 return 0;
2340 }
2341
2342 krb5_boolean
2343 _kdc_is_anon_request(const KDC_REQ_BODY *b)
2344 {
2345 /* some versions of heimdal use bit 14 instead of 16 for
2346 request_anonymous, as indicated in the anonymous draft prior to
2347 version 11. Bit 14 is assigned to S4U2Proxy, but all S4U2Proxy
2348 requests will have a second ticket; don't consider those anonymous */
2349 return (b->kdc_options.request_anonymous ||
2350 (b->kdc_options.constrained_delegation && !b->additional_tickets));
2351 }
Heimdal