2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #define MAX_TIME ((time_t)((1U << 31) - 1))
39 #define __attribute__(X)
42 _kdc_fix_time(time_t **t
)
48 if(**t
== 0) **t
= MAX_TIME
; /* fix for old clients */
52 realloc_method_data(METHOD_DATA
*md
)
55 pa
= realloc(md
->val
, (md
->len
+ 1) * sizeof(*md
->val
));
64 set_salt_padata(METHOD_DATA
*md
, Salt
*salt
)
67 realloc_method_data(md
);
68 md
->val
[md
->len
- 1].padata_type
= salt
->type
;
69 der_copy_octet_string(&salt
->salt
,
70 &md
->val
[md
->len
- 1].padata_value
);
75 _kdc_find_padata(const KDC_REQ
*req
, int *start
, int type
)
77 if (req
->padata
== NULL
)
80 while((size_t)*start
< req
->padata
->len
){
82 if(req
->padata
->val
[*start
- 1].padata_type
== (unsigned)type
)
83 return &req
->padata
->val
[*start
- 1];
89 * This is a hack to allow predefined weak services, like afs to
90 * still use weak types
94 _kdc_is_weak_exception(krb5_principal principal
, krb5_enctype etype
)
96 if (principal
->name
.name_string
.len
> 0 &&
97 strcmp(principal
->name
.name_string
.val
[0], "afs") == 0 &&
98 (etype
== (krb5_enctype
)ETYPE_DES_CBC_CRC
99 || etype
== (krb5_enctype
)ETYPE_DES_CBC_MD4
100 || etype
== (krb5_enctype
)ETYPE_DES_CBC_MD5
))
107 * Detect if `key' is the using the the precomputed `default_salt'.
111 is_default_salt_p(const krb5_salt
*default_salt
, const Key
*key
)
113 if (key
->salt
== NULL
)
115 if (default_salt
->salttype
!= key
->salt
->type
)
117 if (krb5_data_cmp(&default_salt
->saltvalue
, &key
->salt
->salt
))
124 _kdc_is_anon_request(const KDC_REQ
*req
)
126 const KDC_REQ_BODY
*b
= &req
->req_body
;
129 * Versions of Heimdal from 0.9rc1 through 1.50 use bit 14 instead
130 * of 16 for request_anonymous, as indicated in the anonymous draft
131 * prior to version 11. Bit 14 is assigned to S4U2Proxy, but S4U2Proxy
132 * requests are only sent to the TGS and, in any case, would have an
133 * additional ticket present.
135 return b
->kdc_options
.request_anonymous
||
136 (b
->kdc_options
.cname_in_addl_tkt
&& !b
->additional_tickets
);
140 * return the first appropriate key of `princ' in `ret_key'. Look for
141 * all the etypes in (`etypes', `len'), stopping as soon as we find
142 * one, but preferring one that has default salt.
144 * XXX This function does way way too much. Split it up!
146 * XXX `etypes' and `len' are always `b->etype.val' and `b->etype.len' -- the
147 * etype list from the KDC-REQ-BODY, which is available here as
148 * `r->req->req_body', so we could just stop having it passed in.
150 * XXX Picking an enctype(s) for PA-ETYPE-INFO* is rather different than
151 * picking an enctype for a ticket's session key. The former is what we do
152 * here when `(flags & KFE_IS_PREAUTH)', the latter otherwise.
156 _kdc_find_etype(astgs_request_t r
, uint32_t flags
,
157 krb5_enctype
*etypes
, unsigned len
,
158 krb5_enctype
*ret_enctype
, Key
**ret_key
,
159 krb5_boolean
*ret_default_salt
)
161 krb5_boolean use_strongest_session_key
;
162 krb5_boolean is_preauth
= flags
& KFE_IS_PREAUTH
;
163 krb5_boolean is_tgs
= flags
& KFE_IS_TGS
;
165 krb5_principal request_princ
;
168 krb5_enctype enctype
= (krb5_enctype
)ETYPE_NULL
;
169 const krb5_enctype
*p
;
173 if (is_preauth
&& (flags
& KFE_USE_CLIENT
) &&
174 r
->client
->entry
.flags
.synthetic
)
175 return KRB5KDC_ERR_ETYPE_NOSUPP
;
177 if ((flags
& KFE_USE_CLIENT
) && !r
->client
->entry
.flags
.synthetic
) {
179 request_princ
= r
->client_princ
;
182 request_princ
= r
->server
->entry
.principal
;
185 use_strongest_session_key
=
186 is_preauth
? r
->config
->preauth_use_strongest_session_key
187 : (is_tgs
? r
->config
->tgt_use_strongest_session_key
:
188 r
->config
->svc_use_strongest_session_key
);
190 /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
191 ret
= krb5_get_pw_salt(r
->context
, request_princ
, &def_salt
);
195 ret
= KRB5KDC_ERR_ETYPE_NOSUPP
;
198 * Pick an enctype that is in the intersection of:
200 * - permitted_enctypes (local policy)
201 * - requested enctypes (KDC-REQ-BODY's etype list)
202 * - the client's long-term keys' enctypes
204 * the server's configured etype list
206 * There are two sub-cases:
208 * - use local enctype preference (local policy)
209 * - use the client's preference list
212 if (use_strongest_session_key
) {
214 * Pick the strongest key that the KDC, target service, and
215 * client all support, using the local cryptosystem enctype
216 * list in strongest-to-weakest order to drive the search.
218 * This is not what RFC4120 says to do, but it encourages
219 * adoption of stronger enctypes. This doesn't play well with
220 * clients that have multiple Kerberos client implementations
221 * with different supported enctype lists sharing the same ccache.
224 /* drive the search with local supported enctypes list */
225 p
= krb5_kerberos_enctypes(r
->context
);
227 p
[i
] != (krb5_enctype
)ETYPE_NULL
&& enctype
== (krb5_enctype
)ETYPE_NULL
;
229 if (krb5_enctype_valid(r
->context
, p
[i
]) != 0 &&
230 !_kdc_is_weak_exception(princ
->entry
.principal
, p
[i
]))
233 /* check that the client supports it too */
234 for (k
= 0; k
< len
&& enctype
== (krb5_enctype
)ETYPE_NULL
; k
++) {
236 if (p
[i
] != etypes
[k
])
239 if (!is_preauth
&& (flags
& KFE_USE_CLIENT
)) {
241 * It suffices that the client says it supports this
242 * enctype in its KDC-REQ-BODY's etype list, which is what
249 /* check target princ support */
251 if (!(flags
& KFE_USE_CLIENT
) && princ
->entry
.etypes
) {
253 * Use the etypes list from the server's HDB entry instead
254 * of deriving it from its long-term keys. This allows an
255 * entry to have just one long-term key but record support
256 * for multiple enctypes.
258 for (m
= 0; m
< princ
->entry
.etypes
->len
; m
++) {
259 if (p
[i
] == princ
->entry
.etypes
->val
[m
]) {
266 * Use the entry's long-term keys as the source of its
267 * supported enctypes, either because we're making
268 * PA-ETYPE-INFO* or because we're selecting a session key
271 while (hdb_next_enctype2key(r
->context
, &princ
->entry
, NULL
,
273 if (key
->key
.keyvalue
.length
== 0) {
274 ret
= KRB5KDC_ERR_NULL_KEY
;
279 if (is_preauth
&& ret_key
!= NULL
&&
280 !is_default_salt_p(&def_salt
, key
))
288 * Pick the first key from the client's enctype list that is
289 * supported by the cryptosystem and by the given principal.
291 * RFC4120 says we SHOULD pick the first _strong_ key from the
292 * client's list... not the first key... If the admin disallows
293 * weak enctypes in krb5.conf and selects this key selection
294 * algorithm, then we get exactly what RFC4120 says.
296 for(i
= 0; ret
!= 0 && i
< len
; i
++) {
298 if (krb5_enctype_valid(r
->context
, etypes
[i
]) != 0 &&
299 !_kdc_is_weak_exception(princ
->entry
.principal
, etypes
[i
]))
304 hdb_next_enctype2key(r
->context
, &princ
->entry
, NULL
,
305 etypes
[i
], &key
) == 0) {
306 if (key
->key
.keyvalue
.length
== 0) {
307 ret
= KRB5KDC_ERR_NULL_KEY
;
312 if (is_preauth
&& ret_key
!= NULL
&&
313 !is_default_salt_p(&def_salt
, key
))
319 if (enctype
== (krb5_enctype
)ETYPE_NULL
) {
321 * if the service principal is one for which there is a known 1DES
322 * exception and no other enctype matches both the client request and
323 * the service key list, provide a DES-CBC-CRC key.
325 if (ret_key
== NULL
&&
326 _kdc_is_weak_exception(princ
->entry
.principal
, ETYPE_DES_CBC_CRC
)) {
328 enctype
= ETYPE_DES_CBC_CRC
;
330 ret
= KRB5KDC_ERR_ETYPE_NOSUPP
;
335 if (ret_enctype
!= NULL
)
336 *ret_enctype
= enctype
;
339 if (ret_default_salt
!= NULL
)
340 *ret_default_salt
= is_default_salt_p(&def_salt
, key
);
343 krb5_free_salt (r
->context
, def_salt
);
348 _kdc_make_anonymous_principalname (PrincipalName
*pn
)
350 pn
->name_type
= KRB5_NT_WELLKNOWN
;
351 pn
->name_string
.len
= 2;
352 pn
->name_string
.val
= calloc(2, sizeof(*pn
->name_string
.val
));
353 if (pn
->name_string
.val
== NULL
)
356 pn
->name_string
.val
[0] = strdup(KRB5_WELLKNOWN_NAME
);
357 if (pn
->name_string
.val
[0] == NULL
)
360 pn
->name_string
.val
[1] = strdup(KRB5_ANON_NAME
);
361 if (pn
->name_string
.val
[1] == NULL
)
367 free_PrincipalName(pn
);
369 pn
->name_type
= KRB5_NT_UNKNOWN
;
370 pn
->name_string
.len
= 0;
371 pn
->name_string
.val
= NULL
;
377 _kdc_r_log(astgs_request_t r
, int level
, const char *fmt
, ...)
378 __attribute__ ((__format__ (__printf__
, 3, 4)))
383 s
= kdc_log_msg_va(r
->context
, r
->config
, level
, fmt
, ap
);
389 _kdc_set_const_e_text(astgs_request_t r
, const char *e_text
)
391 /* We should never see this */
393 kdc_log(r
->context
, r
->config
, 1,
394 "trying to replace e-text \"%s\" with \"%s\"\n",
400 kdc_log(r
->context
, r
->config
, 4, "%s", e_text
);
404 _kdc_set_e_text(astgs_request_t r
, const char *fmt
, ...)
405 __attribute__ ((__format__ (__printf__
, 2, 3)))
412 vasprintf_ret
= vasprintf(&e_text
, fmt
, ap
);
415 if (vasprintf_ret
< 0 || !e_text
) {
416 /* not much else to do... */
417 kdc_log(r
->context
, r
->config
, 1,
418 "Could not set e_text: %s (out of memory)", fmt
);
422 /* We should never see this */
424 kdc_log(r
->context
, r
->config
, 1, "trying to replace e-text: %s\n",
431 r
->e_text_buf
= e_text
;
432 kdc_log(r
->context
, r
->config
, 4, "%s", e_text
);
436 _kdc_log_timestamp(astgs_request_t r
, const char *type
,
437 KerberosTime authtime
, KerberosTime
*starttime
,
438 KerberosTime endtime
, KerberosTime
*renew_till
)
440 krb5_kdc_configuration
*config
= r
->config
;
441 char authtime_str
[100], starttime_str
[100],
442 endtime_str
[100], renewtime_str
[100];
445 _kdc_audit_setkv_number((kdc_request_t
)r
, "auth", authtime
);
446 if (starttime
&& *starttime
)
447 _kdc_audit_setkv_number((kdc_request_t
)r
, "start", *starttime
);
449 _kdc_audit_setkv_number((kdc_request_t
)r
, "end", endtime
);
450 if (renew_till
&& *renew_till
)
451 _kdc_audit_setkv_number((kdc_request_t
)r
, "renew", *renew_till
);
453 krb5_format_time(r
->context
, authtime
,
454 authtime_str
, sizeof(authtime_str
), TRUE
);
456 krb5_format_time(r
->context
, *starttime
,
457 starttime_str
, sizeof(starttime_str
), TRUE
);
459 strlcpy(starttime_str
, "unset", sizeof(starttime_str
));
460 krb5_format_time(r
->context
, endtime
,
461 endtime_str
, sizeof(endtime_str
), TRUE
);
463 krb5_format_time(r
->context
, *renew_till
,
464 renewtime_str
, sizeof(renewtime_str
), TRUE
);
466 strlcpy(renewtime_str
, "unset", sizeof(renewtime_str
));
468 kdc_log(r
->context
, config
, 4,
469 "%s authtime: %s starttime: %s endtime: %s renew till: %s",
470 type
, authtime_str
, starttime_str
, endtime_str
, renewtime_str
);
479 static krb5_error_code
480 pa_pkinit_validate(astgs_request_t r
, const PA_DATA
*pa
)
482 pk_client_params
*pkp
= NULL
;
483 char *client_cert
= NULL
;
486 ret
= _kdc_pk_rd_padata(r
, pa
, &pkp
);
487 if (ret
|| pkp
== NULL
) {
488 ret
= KRB5KRB_AP_ERR_BAD_INTEGRITY
;
489 _kdc_r_log(r
, 4, "Failed to decode PKINIT PA-DATA -- %s",
494 ret
= _kdc_pk_check_client(r
, pkp
, &client_cert
);
496 _kdc_audit_addkv((kdc_request_t
)r
, 0, KDC_REQUEST_KV_PKINIT_CLIENT_CERT
,
499 _kdc_set_e_text(r
, "PKINIT certificate not allowed to "
500 "impersonate principal");
501 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
502 KDC_AUTH_EVENT_CLIENT_NAME_UNAUTHORIZED
);
506 r
->pa_endtime
= _kdc_pk_endtime(pkp
);
507 if (!r
->client
->entry
.flags
.synthetic
)
508 r
->pa_max_life
= _kdc_pk_max_life(pkp
);
510 _kdc_r_log(r
, 4, "PKINIT pre-authentication succeeded -- %s using %s",
511 r
->cname
, client_cert
);
513 ret
= _kdc_pk_mk_pa_reply(r
, pkp
);
515 _kdc_set_e_text(r
, "Failed to build PK-INIT reply");
518 ret
= _kdc_add_initial_verified_cas(r
->context
, r
->config
,
521 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
522 KDC_AUTH_EVENT_PREAUTH_SUCCEEDED
);
526 _kdc_pk_free_client_param(r
->context
, pkp
);
534 static krb5_error_code
535 pa_gss_validate(astgs_request_t r
, const PA_DATA
*pa
)
537 gss_client_params
*gcp
= NULL
;
538 char *client_name
= NULL
;
542 ret
= _kdc_gss_rd_padata(r
, pa
, &gcp
, &open
);
543 if (ret
&& gcp
== NULL
)
547 ret
= _kdc_gss_check_client(r
, gcp
, &client_name
);
549 _kdc_audit_addkv((kdc_request_t
)r
, 0, KDC_REQUEST_KV_GSS_INITIATOR
,
552 _kdc_set_e_text(r
, "GSS-API client not allowed to "
553 "impersonate principal");
554 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
555 KDC_AUTH_EVENT_CLIENT_NAME_UNAUTHORIZED
);
559 r
->pa_endtime
= _kdc_gss_endtime(r
, gcp
);
561 _kdc_r_log(r
, 4, "GSS pre-authentication succeeded -- %s using %s",
562 r
->cname
, client_name
);
563 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
564 KDC_AUTH_EVENT_PREAUTH_SUCCEEDED
);
566 ret
= _kdc_gss_mk_composite_name_ad(r
, gcp
);
568 _kdc_set_e_text(r
, "Failed to build GSS authorization data");
573 ret
= _kdc_gss_mk_pa_reply(r
, gcp
);
575 if (ret
!= KRB5_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED
)
576 _kdc_set_e_text(r
, "Failed to build GSS pre-authentication reply");
580 ret
= krb5_kdc_request_set_attribute((kdc_request_t
)r
,
581 HSTR("org.h5l.pa-gss-client-params"), gcp
);
592 static krb5_error_code
593 pa_gss_finalize_pac(astgs_request_t r
)
595 gss_client_params
*gcp
;
597 gcp
= krb5_kdc_request_get_attribute((kdc_request_t
)r
, HSTR("org.h5l.pa-gss-client-params"));
599 heim_assert(gcp
!= NULL
, "invalid GSS-API client params");
601 return _kdc_gss_finalize_pac(r
, gcp
);
604 static krb5_error_code
605 pa_enc_chal_validate(astgs_request_t r
, const PA_DATA
*pa
)
607 krb5_data pepper1
, pepper2
;
608 int invalidPassword
= 0;
609 EncryptedData enc_data
;
610 krb5_enctype aenctype
;
616 heim_assert(r
->armor_crypto
!= NULL
, "ENC-CHAL called for non FAST");
618 if (_kdc_is_anon_request(&r
->req
)) {
619 ret
= KRB5KRB_AP_ERR_BAD_INTEGRITY
;
620 kdc_log(r
->context
, r
->config
, 4, "ENC-CHALL doesn't support anon");
624 if (r
->client
->entry
.flags
.locked_out
) {
625 ret
= KRB5KDC_ERR_CLIENT_REVOKED
;
626 kdc_log(r
->context
, r
->config
, 0,
627 "Client (%s) is locked out", r
->cname
);
628 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
629 KDC_AUTH_EVENT_CLIENT_LOCKED_OUT
);
633 ret
= decode_EncryptedData(pa
->padata_value
.data
,
634 pa
->padata_value
.length
,
638 ret
= KRB5KRB_AP_ERR_BAD_INTEGRITY
;
639 _kdc_r_log(r
, 4, "Failed to decode PA-DATA -- %s",
644 pepper1
.data
= "clientchallengearmor";
645 pepper1
.length
= strlen(pepper1
.data
);
646 pepper2
.data
= "challengelongterm";
647 pepper2
.length
= strlen(pepper2
.data
);
649 krb5_crypto_getenctype(r
->context
, r
->armor_crypto
, &aenctype
);
651 kdc_log(r
->context
, r
->config
, 5, "FAST armor enctype is: %d", (int)aenctype
);
653 for (i
= 0; i
< r
->client
->entry
.keys
.len
; i
++) {
654 krb5_crypto challengecrypto
, longtermcrypto
;
655 krb5_keyblock challengekey
;
657 k
= &r
->client
->entry
.keys
.val
[i
];
659 ret
= krb5_crypto_init(r
->context
, &k
->key
, 0, &longtermcrypto
);
663 ret
= krb5_crypto_fx_cf2(r
->context
, r
->armor_crypto
, longtermcrypto
,
664 &pepper1
, &pepper2
, aenctype
,
667 krb5_crypto_destroy(r
->context
, longtermcrypto
);
671 ret
= krb5_crypto_init(r
->context
, &challengekey
, 0,
673 krb5_free_keyblock_contents(r
->context
, &challengekey
);
675 krb5_crypto_destroy(r
->context
, longtermcrypto
);
679 ret
= _krb5_validate_pa_enc_challenge(r
->context
,
681 KRB5_KU_ENC_CHALLENGE_CLIENT
,
684 krb5_crypto_destroy(r
->context
, challengecrypto
);
687 krb5_error_code ret2
;
690 krb5_crypto_destroy(r
->context
, longtermcrypto
);
692 invalidPassword
= (ret
== KRB5KRB_AP_ERR_BAD_INTEGRITY
);
693 if (!invalidPassword
) {
697 ret2
= krb5_enctype_to_string(r
->context
, k
->key
.keytype
, &str
);
700 msg
= krb5_get_error_message(r
->context
, ret
);
701 _kdc_r_log(r
, 2, "Failed to decrypt ENC-CHAL -- %s "
702 "(enctype %s) error %s",
703 r
->cname
, str
? str
: "unknown enctype", msg
);
704 krb5_free_error_message(r
->context
, msg
);
711 * Found a key that the client used, lets pick that as the reply key
714 krb5_free_keyblock_contents(r
->context
, &r
->reply_key
);
715 ret
= krb5_copy_keyblock_contents(r
->context
, &k
->key
, &r
->reply_key
);
717 krb5_crypto_destroy(r
->context
, longtermcrypto
);
721 krb5_free_keyblock_contents(r
->context
, &challengekey
);
724 * Provide KDC authentication to the client, uses a different
725 * challenge key (different pepper).
728 pepper1
.data
= "kdcchallengearmor";
729 pepper1
.length
= strlen(pepper1
.data
);
731 ret
= krb5_crypto_fx_cf2(r
->context
, r
->armor_crypto
, longtermcrypto
,
732 &pepper1
, &pepper2
, aenctype
,
734 krb5_crypto_destroy(r
->context
, longtermcrypto
);
738 ret
= krb5_crypto_init(r
->context
, &challengekey
, 0, &challengecrypto
);
739 krb5_free_keyblock_contents(r
->context
, &challengekey
);
743 ret
= _krb5_make_pa_enc_challenge(r
->context
, challengecrypto
,
744 KRB5_KU_ENC_CHALLENGE_KDC
,
746 krb5_crypto_destroy(r
->context
, challengecrypto
);
750 set_salt_padata(r
->rep
.padata
, k
->salt
);
755 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
756 KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY
);
760 if (invalidPassword
) {
761 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
762 KDC_AUTH_EVENT_WRONG_LONG_TERM_KEY
);
763 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
765 ret
= KRB5KDC_ERR_ETYPE_NOSUPP
;
768 free_EncryptedData(&enc_data
);
773 static krb5_error_code
774 pa_enc_ts_validate(astgs_request_t r
, const PA_DATA
*pa
)
776 EncryptedData enc_data
;
785 if (r
->armor_crypto
&& !r
->config
->enable_armored_pa_enc_timestamp
) {
786 ret
= KRB5KDC_ERR_POLICY
;
787 kdc_log(r
->context
, r
->config
, 0,
788 "Armored encrypted timestamp pre-authentication is disabled");
790 } else if (!r
->armor_crypto
&& !r
->config
->enable_unarmored_pa_enc_timestamp
) {
791 ret
= KRB5KDC_ERR_POLICY
;
792 kdc_log(r
->context
, r
->config
, 0,
793 "Unarmored encrypted timestamp pre-authentication is disabled");
797 if (r
->client
->entry
.flags
.locked_out
) {
798 ret
= KRB5KDC_ERR_CLIENT_REVOKED
;
799 kdc_log(r
->context
, r
->config
, 0,
800 "Client (%s) is locked out", r
->cname
);
801 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
802 KDC_AUTH_EVENT_CLIENT_LOCKED_OUT
);
806 ret
= decode_EncryptedData(pa
->padata_value
.data
,
807 pa
->padata_value
.length
,
811 ret
= KRB5KRB_AP_ERR_BAD_INTEGRITY
;
812 _kdc_r_log(r
, 4, "Failed to decode PA-DATA -- %s",
817 ret
= hdb_enctype2key(r
->context
, &r
->client
->entry
, NULL
,
818 enc_data
.etype
, &pa_key
);
821 _kdc_set_e_text(r
, "No key matching entype");
822 ret
= KRB5KDC_ERR_ETYPE_NOSUPP
;
823 if(krb5_enctype_to_string(r
->context
, enc_data
.etype
, &estr
))
827 "No client key matching pa-data (%d) -- %s",
828 enc_data
.etype
, r
->cname
);
831 "No client key matching pa-data (%s) -- %s",
834 free_EncryptedData(&enc_data
);
839 ret
= krb5_crypto_init(r
->context
, &pa_key
->key
, 0, &crypto
);
841 const char *msg
= krb5_get_error_message(r
->context
, ret
);
842 _kdc_r_log(r
, 4, "krb5_crypto_init failed: %s", msg
);
843 krb5_free_error_message(r
->context
, msg
);
844 free_EncryptedData(&enc_data
);
848 ret
= krb5_decrypt_EncryptedData (r
->context
,
850 KRB5_KU_PA_ENC_TIMESTAMP
,
853 krb5_crypto_destroy(r
->context
, crypto
);
855 * Since the user might have several keys with the same
856 * enctype but with diffrent salting, we need to try all
857 * the keys with the same enctype.
860 krb5_error_code ret2
;
861 const char *msg
= krb5_get_error_message(r
->context
, ret
);
863 ret2
= krb5_enctype_to_string(r
->context
,
864 pa_key
->key
.keytype
, &str
);
867 _kdc_r_log(r
, 2, "Failed to decrypt PA-DATA -- %s "
868 "(enctype %s) error %s",
869 r
->cname
, str
? str
: "unknown enctype", msg
);
871 krb5_free_error_message(r
->context
, msg
);
872 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_PA_ETYPE
,
873 pa_key
->key
.keytype
);
874 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
875 KDC_AUTH_EVENT_WRONG_LONG_TERM_KEY
);
876 if(hdb_next_enctype2key(r
->context
, &r
->client
->entry
, NULL
,
877 enc_data
.etype
, &pa_key
) == 0)
880 free_EncryptedData(&enc_data
);
882 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
885 free_EncryptedData(&enc_data
);
886 ret
= decode_PA_ENC_TS_ENC(ts_data
.data
,
890 krb5_data_free(&ts_data
);
892 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
893 _kdc_r_log(r
, 4, "Failed to decode PA-ENC-TS_ENC -- %s",
897 if (labs(kdc_time
- p
.patimestamp
) > r
->context
->max_skew
) {
898 char client_time
[100];
900 krb5_format_time(r
->context
, p
.patimestamp
,
901 client_time
, sizeof(client_time
), TRUE
);
903 ret
= KRB5KRB_AP_ERR_SKEW
;
904 _kdc_r_log(r
, 4, "Too large time skew, "
905 "client time %s is out by %u > %u seconds -- %s",
907 (unsigned)labs(kdc_time
- p
.patimestamp
),
908 r
->context
->max_skew
,
910 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
911 KDC_AUTH_EVENT_CLIENT_TIME_SKEW
);
914 * The following is needed to make windows clients to
915 * retry using the timestamp in the error message, if
916 * there is a e_text, they become unhappy.
919 free_PA_ENC_TS_ENC(&p
);
922 free_PA_ENC_TS_ENC(&p
);
924 set_salt_padata(r
->rep
.padata
, pa_key
->salt
);
926 ret
= krb5_copy_keyblock_contents(r
->context
, &pa_key
->key
, &r
->reply_key
);
930 ret
= krb5_enctype_to_string(r
->context
, pa_key
->key
.keytype
, &str
);
933 _kdc_r_log(r
, 4, "ENC-TS Pre-authentication succeeded -- %s using %s",
934 r
->cname
, str
? str
: "unknown enctype");
936 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_PA_ETYPE
,
937 pa_key
->key
.keytype
);
938 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
939 KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY
);
952 #define PA_ANNOUNCE 1
953 #define PA_REQ_FAST 2 /* only use inside fast */
954 #define PA_SYNTHETIC_OK 4
955 #define PA_REPLACE_REPLY_KEY 8 /* PA mech replaces reply key */
956 #define PA_USES_LONG_TERM_KEY 16 /* PA mech uses client's long-term key */
957 krb5_error_code (*validate
)(astgs_request_t
, const PA_DATA
*pa
);
958 krb5_error_code (*finalize_pac
)(astgs_request_t r
);
959 void (*cleanup
)(astgs_request_t r
);
962 static const struct kdc_patypes pat
[] = {
965 KRB5_PADATA_PK_AS_REQ
, "PK-INIT(ietf)",
966 PA_ANNOUNCE
| PA_SYNTHETIC_OK
| PA_REPLACE_REPLY_KEY
,
967 pa_pkinit_validate
, NULL
, NULL
970 KRB5_PADATA_PK_AS_REQ_WIN
, "PK-INIT(win2k)", PA_ANNOUNCE
| PA_REPLACE_REPLY_KEY
,
971 pa_pkinit_validate
, NULL
, NULL
974 KRB5_PADATA_PKINIT_KX
, "Anonymous PK-INIT", PA_ANNOUNCE
,
978 { KRB5_PADATA_PK_AS_REQ
, "PK-INIT(ietf)", 0, NULL
, NULL
, NULL
},
979 { KRB5_PADATA_PK_AS_REQ_WIN
, "PK-INIT(win2k)", 0, NULL
, NULL
, NULL
},
980 { KRB5_PADATA_PKINIT_KX
, "Anonymous PK-INIT", 0, NULL
, NULL
, NULL
},
982 { KRB5_PADATA_PA_PK_OCSP_RESPONSE
, "OCSP", 0, NULL
, NULL
, NULL
},
984 KRB5_PADATA_ENC_TIMESTAMP
, "ENC-TS",
985 PA_ANNOUNCE
| PA_USES_LONG_TERM_KEY
,
986 pa_enc_ts_validate
, NULL
, NULL
989 KRB5_PADATA_ENCRYPTED_CHALLENGE
, "ENC-CHAL",
990 PA_ANNOUNCE
| PA_USES_LONG_TERM_KEY
| PA_REQ_FAST
,
991 pa_enc_chal_validate
, NULL
, NULL
993 { KRB5_PADATA_REQ_ENC_PA_REP
, "REQ-ENC-PA-REP", 0, NULL
, NULL
, NULL
},
994 { KRB5_PADATA_FX_FAST
, "FX-FAST", PA_ANNOUNCE
, NULL
, NULL
, NULL
},
995 { KRB5_PADATA_FX_ERROR
, "FX-ERROR", 0, NULL
, NULL
, NULL
},
996 { KRB5_PADATA_FX_COOKIE
, "FX-COOKIE", 0, NULL
, NULL
, NULL
},
998 KRB5_PADATA_GSS
, "GSS",
999 PA_ANNOUNCE
| PA_SYNTHETIC_OK
| PA_REPLACE_REPLY_KEY
,
1000 pa_gss_validate
, pa_gss_finalize_pac
, NULL
1005 log_patypes(astgs_request_t r
, METHOD_DATA
*padata
)
1007 krb5_kdc_configuration
*config
= r
->config
;
1008 struct rk_strpool
*p
= NULL
;
1012 for (n
= 0; n
< padata
->len
; n
++) {
1013 for (m
= 0; m
< sizeof(pat
) / sizeof(pat
[0]); m
++) {
1014 if (padata
->val
[n
].padata_type
== pat
[m
].type
) {
1015 p
= rk_strpoolprintf(p
, "%s", pat
[m
].name
);
1019 if (m
== sizeof(pat
) / sizeof(pat
[0]))
1020 p
= rk_strpoolprintf(p
, "%d", padata
->val
[n
].padata_type
);
1021 if (p
&& n
+ 1 < padata
->len
)
1022 p
= rk_strpoolprintf(p
, ", ");
1024 kdc_log(r
->context
, config
, 1, "out of memory");
1029 p
= rk_strpoolprintf(p
, "none");
1031 str
= rk_strpoolcollect(p
);
1032 kdc_log(r
->context
, config
, 4, "Client sent patypes: %s", str
);
1033 _kdc_audit_addkv((kdc_request_t
)r
, KDC_AUDIT_EATWHITE
,
1034 "client-pa", "%s", str
);
1039 pa_used_flag_isset(astgs_request_t r
, unsigned int flag
)
1041 if (r
->pa_used
== NULL
)
1044 return (r
->pa_used
->flags
& flag
) == flag
;
1052 _kdc_encode_reply(krb5_context context
,
1053 krb5_kdc_configuration
*config
,
1054 astgs_request_t r
, uint32_t nonce
,
1056 int skvno
, const EncryptionKey
*skey
,
1064 krb5_error_code ret
;
1066 KDC_REP
*rep
= &r
->rep
;
1067 EncTicketPart
*et
= &r
->et
;
1068 EncKDCRepPart
*ek
= &r
->ek
;
1070 heim_assert(rep
->padata
!= NULL
, "reply padata uninitialized");
1072 ASN1_MALLOC_ENCODE(EncTicketPart
, buf
, buf_size
, et
, &len
, ret
);
1074 const char *msg
= krb5_get_error_message(context
, ret
);
1075 kdc_log(context
, config
, 4, "Failed to encode ticket: %s", msg
);
1076 krb5_free_error_message(context
, msg
);
1080 krb5_abortx(context
, "Internal error in ASN.1 encoder");
1082 ret
= krb5_crypto_init(context
, skey
, etype
, &crypto
);
1084 const char *msg
= krb5_get_error_message(context
, ret
);
1085 kdc_log(context
, config
, 4, "krb5_crypto_init failed: %s", msg
);
1086 krb5_free_error_message(context
, msg
);
1091 ret
= krb5_encrypt_EncryptedData(context
,
1097 &rep
->ticket
.enc_part
);
1099 krb5_crypto_destroy(context
, crypto
);
1101 const char *msg
= krb5_get_error_message(context
, ret
);
1102 kdc_log(context
, config
, 4, "Failed to encrypt data: %s", msg
);
1103 krb5_free_error_message(context
, msg
);
1107 if (r
&& r
->armor_crypto
) {
1108 KrbFastFinished finished
;
1111 kdc_log(context
, config
, 4, "FAST armor protection");
1113 memset(&finished
, 0, sizeof(finished
));
1114 krb5_data_zero(&data
);
1116 finished
.timestamp
= kdc_time
;
1118 finished
.crealm
= et
->crealm
;
1119 finished
.cname
= et
->cname
;
1121 ASN1_MALLOC_ENCODE(Ticket
, data
.data
, data
.length
,
1122 &rep
->ticket
, &len
, ret
);
1125 if (data
.length
!= len
)
1126 krb5_abortx(context
, "internal asn.1 error");
1128 ret
= krb5_create_checksum(context
, r
->armor_crypto
,
1129 KRB5_KU_FAST_FINISHED
, 0,
1130 data
.data
, data
.length
,
1131 &finished
.ticket_checksum
);
1132 krb5_data_free(&data
);
1136 ret
= _kdc_fast_mk_response(context
, r
->armor_crypto
,
1137 rep
->padata
, &r
->strengthen_key
, &finished
,
1139 free_Checksum(&finished
.ticket_checksum
);
1143 free_METHOD_DATA(r
->rep
.padata
);
1145 ret
= krb5_padata_add(context
, rep
->padata
,
1146 KRB5_PADATA_FX_FAST
,
1147 data
.data
, data
.length
);
1152 * Hide client name for privacy reasons
1154 if (r
->fast
.flags
.requested_hidden_names
) {
1155 Realm anon_realm
= KRB5_ANON_REALM
;
1157 free_Realm(&rep
->crealm
);
1158 ret
= copy_Realm(&anon_realm
, &rep
->crealm
);
1160 free_PrincipalName(&rep
->cname
);
1161 ret
= _kdc_make_anonymous_principalname(&rep
->cname
);
1168 if (rep
->padata
->len
== 0) {
1169 free_METHOD_DATA(rep
->padata
);
1174 if(rep
->msg_type
== krb_as_rep
&& !config
->encode_as_rep_as_tgs_rep
)
1175 ASN1_MALLOC_ENCODE(EncASRepPart
, buf
, buf_size
, ek
, &len
, ret
);
1177 ASN1_MALLOC_ENCODE(EncTGSRepPart
, buf
, buf_size
, ek
, &len
, ret
);
1179 const char *msg
= krb5_get_error_message(context
, ret
);
1180 kdc_log(context
, config
, 4, "Failed to encode KDC-REP: %s", msg
);
1181 krb5_free_error_message(context
, msg
);
1184 if(buf_size
!= len
) {
1186 kdc_log(context
, config
, 4, "Internal error in ASN.1 encoder");
1187 _kdc_set_e_text(r
, "KDC internal error");
1188 return KRB5KRB_ERR_GENERIC
;
1190 ret
= krb5_crypto_init(context
, &r
->reply_key
, 0, &crypto
);
1192 const char *msg
= krb5_get_error_message(context
, ret
);
1194 kdc_log(context
, config
, 4, "krb5_crypto_init failed: %s", msg
);
1195 krb5_free_error_message(context
, msg
);
1198 if(rep
->msg_type
== krb_as_rep
) {
1199 krb5_encrypt_EncryptedData(context
,
1201 KRB5_KU_AS_REP_ENC_PART
,
1207 ASN1_MALLOC_ENCODE(AS_REP
, buf
, buf_size
, rep
, &len
, ret
);
1209 krb5_encrypt_EncryptedData(context
,
1211 rk_is_subkey
? KRB5_KU_TGS_REP_ENC_PART_SUB_KEY
: KRB5_KU_TGS_REP_ENC_PART_SESSION
,
1217 ASN1_MALLOC_ENCODE(TGS_REP
, buf
, buf_size
, rep
, &len
, ret
);
1219 krb5_crypto_destroy(context
, crypto
);
1221 const char *msg
= krb5_get_error_message(context
, ret
);
1222 kdc_log(context
, config
, 4, "Failed to encode KDC-REP: %s", msg
);
1223 krb5_free_error_message(context
, msg
);
1226 if(buf_size
!= len
) {
1228 kdc_log(context
, config
, 4, "Internal error in ASN.1 encoder");
1229 _kdc_set_e_text(r
, "KDC internal error");
1230 return KRB5KRB_ERR_GENERIC
;
1233 reply
->length
= buf_size
;
1241 static krb5_error_code
1242 make_etype_info_entry(krb5_context context
,
1243 ETYPE_INFO_ENTRY
*ent
,
1245 krb5_boolean include_salt
)
1247 ent
->etype
= key
->key
.keytype
;
1248 if (key
->salt
&& include_salt
){
1250 ALLOC(ent
->salttype
);
1252 if(key
->salt
->type
== hdb_pw_salt
)
1253 *ent
->salttype
= 0; /* or 1? or NULL? */
1254 else if(key
->salt
->type
== hdb_afs3_salt
)
1257 kdc_log(context
, config
, 4, "unknown salt-type: %d",
1259 return KRB5KRB_ERR_GENERIC
;
1261 /* according to `the specs', we can't send a salt if
1262 we have AFS3 salted key, but that requires that you
1263 *know* what cell you are using (e.g by assuming
1264 that the cell is the same as the realm in lower
1267 ALLOC(ent
->salttype
);
1268 *ent
->salttype
= key
->salt
->type
;
1271 * We shouldn't sent salttype since it is incompatible with the
1272 * specification and it breaks windows clients. The afs
1273 * salting problem is solved by using KRB5-PADATA-AFS3-SALT
1274 * implemented in Heimdal 0.7 and later.
1276 ent
->salttype
= NULL
;
1278 krb5_copy_data(context
, &key
->salt
->salt
,
1281 /* we return no salt type at all, as that should indicate
1282 * the default salt type and make everybody happy. some
1283 * systems (like w2k) dislike being told the salt type
1286 ent
->salttype
= NULL
;
1292 static krb5_error_code
1293 get_pa_etype_info(krb5_context context
,
1294 krb5_kdc_configuration
*config
,
1295 METHOD_DATA
*md
, Key
*ckey
,
1296 krb5_boolean include_salt
)
1298 krb5_error_code ret
= 0;
1305 pa
.val
= calloc(1, sizeof(pa
.val
[0]));
1309 ret
= make_etype_info_entry(context
, &pa
.val
[0], ckey
, include_salt
);
1311 free_ETYPE_INFO(&pa
);
1315 ASN1_MALLOC_ENCODE(ETYPE_INFO
, buf
, len
, &pa
, &len
, ret
);
1316 free_ETYPE_INFO(&pa
);
1319 ret
= realloc_method_data(md
);
1324 md
->val
[md
->len
- 1].padata_type
= KRB5_PADATA_ETYPE_INFO
;
1325 md
->val
[md
->len
- 1].padata_value
.length
= len
;
1326 md
->val
[md
->len
- 1].padata_value
.data
= buf
;
1334 extern int _krb5_AES_SHA1_string_to_default_iterator
;
1335 extern int _krb5_AES_SHA2_string_to_default_iterator
;
1337 static krb5_error_code
1338 make_s2kparams(int value
, size_t len
, krb5_data
**ps2kparams
)
1340 krb5_data
*s2kparams
;
1341 krb5_error_code ret
;
1344 if (s2kparams
== NULL
)
1346 ret
= krb5_data_alloc(s2kparams
, len
);
1351 _krb5_put_int(s2kparams
->data
, value
, len
);
1352 *ps2kparams
= s2kparams
;
1356 static krb5_error_code
1357 make_etype_info2_entry(ETYPE_INFO2_ENTRY
*ent
,
1359 krb5_boolean include_salt
)
1361 krb5_error_code ret
;
1363 ent
->etype
= key
->key
.keytype
;
1364 if (key
->salt
&& include_salt
) {
1366 if (ent
->salt
== NULL
)
1368 *ent
->salt
= malloc(key
->salt
->salt
.length
+ 1);
1369 if (*ent
->salt
== NULL
) {
1374 memcpy(*ent
->salt
, key
->salt
->salt
.data
, key
->salt
->salt
.length
);
1375 (*ent
->salt
)[key
->salt
->salt
.length
] = '\0';
1379 ent
->s2kparams
= NULL
;
1381 switch (key
->key
.keytype
) {
1382 case ETYPE_AES128_CTS_HMAC_SHA1_96
:
1383 case ETYPE_AES256_CTS_HMAC_SHA1_96
:
1384 ret
= make_s2kparams(_krb5_AES_SHA1_string_to_default_iterator
,
1385 4, &ent
->s2kparams
);
1387 case KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128
:
1388 case KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192
:
1389 ret
= make_s2kparams(_krb5_AES_SHA2_string_to_default_iterator
,
1390 4, &ent
->s2kparams
);
1392 case ETYPE_DES_CBC_CRC
:
1393 case ETYPE_DES_CBC_MD4
:
1394 case ETYPE_DES_CBC_MD5
:
1395 /* Check if this was a AFS3 salted key */
1396 if(key
->salt
&& key
->salt
->type
== hdb_afs3_salt
)
1397 ret
= make_s2kparams(1, 1, &ent
->s2kparams
);
1409 * Return an ETYPE-INFO2. Enctypes are storted the same way as in the
1410 * database (client supported enctypes first, then the unsupported
1414 static krb5_error_code
1415 get_pa_etype_info2(krb5_context context
,
1416 krb5_kdc_configuration
*config
,
1417 METHOD_DATA
*md
, Key
*ckey
,
1418 krb5_boolean include_salt
)
1420 krb5_error_code ret
= 0;
1426 pa
.val
= calloc(1, sizeof(pa
.val
[0]));
1430 ret
= make_etype_info2_entry(&pa
.val
[0], ckey
, include_salt
);
1432 free_ETYPE_INFO2(&pa
);
1436 ASN1_MALLOC_ENCODE(ETYPE_INFO2
, buf
, len
, &pa
, &len
, ret
);
1437 free_ETYPE_INFO2(&pa
);
1440 ret
= realloc_method_data(md
);
1445 md
->val
[md
->len
- 1].padata_type
= KRB5_PADATA_ETYPE_INFO2
;
1446 md
->val
[md
->len
- 1].padata_value
.length
= len
;
1447 md
->val
[md
->len
- 1].padata_value
.data
= buf
;
1452 * Return 0 if the client have only older enctypes, this is for
1453 * determining if the server should send ETYPE_INFO2 or not.
1457 newer_enctype_present(krb5_context context
,
1458 struct KDC_REQ_BODY_etype
*etype_list
)
1462 for (i
= 0; i
< etype_list
->len
; i
++) {
1463 if (!krb5_is_enctype_old(context
, etype_list
->val
[i
]))
1469 static krb5_error_code
1470 get_pa_etype_info_both(krb5_context context
,
1471 krb5_kdc_configuration
*config
,
1472 struct KDC_REQ_BODY_etype
*etype_list
,
1473 METHOD_DATA
*md
, Key
*ckey
,
1474 krb5_boolean include_salt
)
1476 krb5_error_code ret
;
1479 * Windows 2019 (and earlier versions) always sends the salt
1480 * and Samba has testsuites that check this behaviour, so a
1481 * Samba AD DC will set this flag to match the AS-REP packet
1484 if (config
->force_include_pa_etype_salt
)
1485 include_salt
= TRUE
;
1489 * When the AS server is to include pre-authentication data in a
1490 * KRB-ERROR or in an AS-REP, it MUST use PA-ETYPE-INFO2, not
1491 * PA-ETYPE-INFO, if the etype field of the client's AS-REQ lists
1492 * at least one "newer" encryption type. Otherwise (when the etype
1493 * field of the client's AS-REQ does not list any "newer" encryption
1494 * types), it MUST send both PA-ETYPE-INFO2 and PA-ETYPE-INFO (both
1495 * with an entry for each enctype). A "newer" enctype is any enctype
1496 * first officially specified concurrently with or subsequent to the
1497 * issue of this RFC. The enctypes DES, 3DES, or RC4 and any defined
1498 * in [RFC1510] are not "newer" enctypes.
1500 * It goes on to state:
1501 * The preferred ordering of the "hint" pre-authentication data that
1502 * affect client key selection is: ETYPE-INFO2, followed by ETYPE-INFO,
1503 * followed by PW-SALT. As noted in Section 3.1.3, a KDC MUST NOT send
1504 * ETYPE-INFO or PW-SALT when the client's AS-REQ includes at least one
1508 ret
= get_pa_etype_info2(context
, config
, md
, ckey
, include_salt
);
1512 if (!newer_enctype_present(context
, etype_list
))
1513 ret
= get_pa_etype_info(context
, config
, md
, ckey
, include_salt
);
1523 _log_astgs_req(astgs_request_t r
, krb5_enctype setype
)
1525 const KDC_REQ_BODY
*b
= &r
->req
.req_body
;
1526 krb5_enctype cetype
= r
->reply_key
.keytype
;
1527 krb5_error_code ret
;
1528 struct rk_strpool
*p
;
1529 struct rk_strpool
*s
= NULL
;
1536 * we are collecting ``p'' and ``s''. The former is a textual
1537 * representation of the enctypes as strings which will be used
1538 * for debugging. The latter is a terse comma separated list of
1539 * the %d's of the enctypes to emit into our audit trail to
1540 * conserve space in the logs.
1543 p
= rk_strpoolprintf(NULL
, "%s", "Client supported enctypes: ");
1545 for (i
= 0; i
< b
->etype
.len
; i
++) {
1546 ret
= krb5_enctype_to_string(r
->context
, b
->etype
.val
[i
], &str
);
1548 p
= rk_strpoolprintf(p
, "%s", str
);
1551 p
= rk_strpoolprintf(p
, "%d", b
->etype
.val
[i
]);
1554 _kdc_r_log(r
, 4, "out of memory");
1557 s
= rk_strpoolprintf(s
, "%d", b
->etype
.val
[i
]);
1558 if (i
+ 1 < b
->etype
.len
) {
1559 p
= rk_strpoolprintf(p
, ", ");
1560 s
= rk_strpoolprintf(s
, ",");
1564 p
= rk_strpoolprintf(p
, "no encryption types");
1566 str
= rk_strpoolcollect(s
);
1568 _kdc_audit_addkv((kdc_request_t
)r
, KDC_AUDIT_EATWHITE
, "etypes", "%s",
1572 ret
= krb5_enctype_to_string(r
->context
, cetype
, &cet
);
1574 ret
= krb5_enctype_to_string(r
->context
, setype
, &set
);
1576 p
= rk_strpoolprintf(p
, ", using %s/%s", cet
, set
);
1582 p
= rk_strpoolprintf(p
, ", using enctypes %d/%d",
1585 str
= rk_strpoolcollect(p
);
1587 _kdc_r_log(r
, 4, "%s", str
);
1590 _kdc_audit_addkv((kdc_request_t
)r
, 0, "etype", "%d/%d", cetype
, setype
);
1596 result
= unparse_flags(KDCOptions2int(b
->kdc_options
), asn1_KDCOptions_units(),
1597 fixedstr
, sizeof(fixedstr
));
1599 _kdc_r_log(r
, 4, "Requested flags: %s", fixedstr
);
1600 _kdc_audit_addkv((kdc_request_t
)r
, KDC_AUDIT_EATWHITE
,
1601 "flags", "%s", fixedstr
);
1607 * verify the flags on `client' and `server', returning 0
1608 * if they are OK and generating an error messages and returning
1609 * and error code otherwise.
1612 KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL
1613 kdc_check_flags(astgs_request_t r
,
1614 krb5_boolean is_as_req
,
1615 hdb_entry_ex
*client_ex
,
1616 hdb_entry_ex
*server_ex
)
1618 if (client_ex
!= NULL
) {
1619 hdb_entry
*client
= &client_ex
->entry
;
1622 if (client
->flags
.locked_out
) {
1623 _kdc_audit_addreason((kdc_request_t
)r
, "Client is locked out");
1624 return KRB5KDC_ERR_CLIENT_REVOKED
;
1627 if (client
->flags
.invalid
) {
1628 _kdc_audit_addreason((kdc_request_t
)r
,
1629 "Client has invalid bit set");
1630 return KRB5KDC_ERR_POLICY
;
1633 if (!client
->flags
.client
) {
1634 _kdc_audit_addreason((kdc_request_t
)r
,
1635 "Principal may not act as client");
1636 return KRB5KDC_ERR_POLICY
;
1639 if (client
->valid_start
&& *client
->valid_start
> kdc_time
) {
1640 char starttime_str
[100];
1641 krb5_format_time(r
->context
, *client
->valid_start
,
1642 starttime_str
, sizeof(starttime_str
), TRUE
);
1643 _kdc_audit_addreason((kdc_request_t
)r
, "Client not yet valid "
1644 "until %s", starttime_str
);
1645 return KRB5KDC_ERR_CLIENT_NOTYET
;
1648 if (client
->valid_end
&& *client
->valid_end
< kdc_time
) {
1649 char endtime_str
[100];
1650 krb5_format_time(r
->context
, *client
->valid_end
,
1651 endtime_str
, sizeof(endtime_str
), TRUE
);
1652 _kdc_audit_addreason((kdc_request_t
)r
, "Client expired at %s",
1654 return KRB5KDC_ERR_NAME_EXP
;
1657 if (client
->flags
.require_pwchange
&&
1658 (server_ex
== NULL
|| !server_ex
->entry
.flags
.change_pw
))
1659 return KRB5KDC_ERR_KEY_EXPIRED
;
1661 if (client
->pw_end
&& *client
->pw_end
< kdc_time
1662 && (server_ex
== NULL
|| !server_ex
->entry
.flags
.change_pw
)) {
1663 char pwend_str
[100];
1664 krb5_format_time(r
->context
, *client
->pw_end
,
1665 pwend_str
, sizeof(pwend_str
), TRUE
);
1666 _kdc_audit_addreason((kdc_request_t
)r
, "Client's key has expired "
1667 "at %s", pwend_str
);
1668 return KRB5KDC_ERR_KEY_EXPIRED
;
1674 if (server_ex
!= NULL
) {
1675 hdb_entry
*server
= &server_ex
->entry
;
1677 if (server
->flags
.locked_out
) {
1678 _kdc_audit_addreason((kdc_request_t
)r
, "Server locked out");
1679 return KRB5KDC_ERR_SERVICE_REVOKED
;
1681 if (server
->flags
.invalid
) {
1682 _kdc_audit_addreason((kdc_request_t
)r
,
1683 "Server has invalid flag set");
1684 return KRB5KDC_ERR_POLICY
;
1686 if (!server
->flags
.server
) {
1687 _kdc_audit_addreason((kdc_request_t
)r
,
1688 "Principal may not act as server");
1689 return KRB5KDC_ERR_POLICY
;
1692 if (!is_as_req
&& server
->flags
.initial
) {
1693 _kdc_audit_addreason((kdc_request_t
)r
,
1694 "AS-REQ is required for server");
1695 return KRB5KDC_ERR_POLICY
;
1698 if (server
->valid_start
&& *server
->valid_start
> kdc_time
) {
1699 char starttime_str
[100];
1700 krb5_format_time(r
->context
, *server
->valid_start
,
1701 starttime_str
, sizeof(starttime_str
), TRUE
);
1702 _kdc_audit_addreason((kdc_request_t
)r
, "Server not yet valid "
1703 "until %s", starttime_str
);
1704 return KRB5KDC_ERR_SERVICE_NOTYET
;
1707 if (server
->valid_end
&& *server
->valid_end
< kdc_time
) {
1708 char endtime_str
[100];
1709 krb5_format_time(r
->context
, *server
->valid_end
,
1710 endtime_str
, sizeof(endtime_str
), TRUE
);
1711 _kdc_audit_addreason((kdc_request_t
)r
, "Server expired at %s",
1713 return KRB5KDC_ERR_SERVICE_EXP
;
1716 if (server
->pw_end
&& *server
->pw_end
< kdc_time
) {
1717 char pwend_str
[100];
1718 krb5_format_time(r
->context
, *server
->pw_end
,
1719 pwend_str
, sizeof(pwend_str
), TRUE
);
1720 _kdc_audit_addreason((kdc_request_t
)r
, "Server's key has expired "
1721 "at %s", pwend_str
);
1722 return KRB5KDC_ERR_KEY_EXPIRED
;
1729 * Return TRUE if `from' is part of `addresses' taking into consideration
1730 * the configuration variables that tells us how strict we should be about
1735 _kdc_check_addresses(astgs_request_t r
, HostAddresses
*addresses
,
1736 const struct sockaddr
*from
)
1738 krb5_kdc_configuration
*config
= r
->config
;
1739 krb5_error_code ret
;
1741 krb5_boolean result
;
1742 krb5_boolean only_netbios
= TRUE
;
1745 if (!config
->check_ticket_addresses
&& !config
->warn_ticket_addresses
)
1749 * Fields of HostAddresses type are always OPTIONAL and should be non-
1750 * empty, but we check for empty just in case as our compiler doesn't
1751 * support size constraints on SEQUENCE OF.
1753 if (addresses
== NULL
|| addresses
->len
== 0)
1754 return config
->allow_null_ticket_addresses
;
1756 for (i
= 0; i
< addresses
->len
; ++i
) {
1757 if (addresses
->val
[i
].addr_type
!= KRB5_ADDRESS_NETBIOS
) {
1758 only_netbios
= FALSE
;
1762 /* Windows sends it's netbios name, which I can only assume is
1763 * used for the 'allowed workstations' check. This is painful,
1764 * but we still want to check IP addresses if they happen to be
1769 return config
->allow_null_ticket_addresses
;
1771 ret
= krb5_sockaddr2address (r
->context
, from
, &addr
);
1775 result
= krb5_address_search(r
->context
, &addr
, addresses
);
1776 krb5_free_address (r
->context
, &addr
);
1784 _kdc_check_anon_policy(astgs_request_t r
)
1786 if (!r
->config
->allow_anonymous
) {
1787 _kdc_audit_addreason((kdc_request_t
)r
,
1788 "Anonymous tickets denied by local policy");
1789 return KRB5KDC_ERR_POLICY
;
1796 * Determine whether the client requested a PAC be included
1797 * or excluded explictly, or whether it doesn't care.
1801 get_pac_attributes(krb5_context context
, KDC_REQ
*req
)
1803 krb5_error_code ret
;
1804 PA_PAC_REQUEST pacreq
;
1807 uint32_t pac_attributes
;
1809 pa
= _kdc_find_padata(req
, &i
, KRB5_PADATA_PA_PAC_REQUEST
);
1811 return KRB5_PAC_WAS_GIVEN_IMPLICITLY
;
1813 ret
= decode_PA_PAC_REQUEST(pa
->padata_value
.data
,
1814 pa
->padata_value
.length
,
1818 return KRB5_PAC_WAS_GIVEN_IMPLICITLY
;
1820 pac_attributes
= pacreq
.include_pac
? KRB5_PAC_WAS_REQUESTED
: 0;
1821 free_PA_PAC_REQUEST(&pacreq
);
1822 return pac_attributes
;
1829 static krb5_error_code
1830 generate_pac(astgs_request_t r
, const Key
*skey
, const Key
*tkey
,
1831 krb5_boolean is_tgs
)
1833 krb5_error_code ret
;
1836 krb5_principal client
;
1837 krb5_const_principal canon_princ
= NULL
;
1839 r
->pac_attributes
= get_pac_attributes(r
->context
, &r
->req
);
1840 _kdc_audit_setkv_number((kdc_request_t
)r
, "pac_attributes",
1843 if (!_kdc_include_pac_p(r
))
1847 * When a PA mech does not use the client's long-term key, the PAC
1848 * may include the client's long-term key (encrypted in the reply key)
1849 * for use by other shared secret authentication protocols, e.g. NTLM.
1850 * Validate a PA mech was actually used before doing this.
1853 ret
= _kdc_pac_generate(r
->context
,
1856 r
->pa_used
&& !pa_used_flag_isset(r
, PA_USES_LONG_TERM_KEY
)
1857 ? &r
->reply_key
: NULL
,
1861 _kdc_r_log(r
, 4, "PAC generation failed for -- %s",
1868 rodc_id
= r
->server
->entry
.kvno
>> 16;
1870 /* libkrb5 expects ticket and PAC client names to match */
1871 ret
= _krb5_principalname2krb5_principal(r
->context
, &client
,
1872 r
->et
.cname
, r
->et
.crealm
);
1877 * Include the canonical name of the principal in the authorization
1878 * data, if the realms match (if they don't, then the KDC could
1879 * impersonate any realm. Windows always canonicalizes the realm,
1880 * but Heimdal permits aliases between realms.)
1882 if (krb5_realm_compare(r
->context
, client
, r
->canon_client_princ
)) {
1885 canon_princ
= r
->canon_client_princ
;
1887 krb5_unparse_name(r
->context
, canon_princ
, &cpn
);
1888 _kdc_audit_addkv((kdc_request_t
)r
, 0, "canon_client_name", "%s",
1889 cpn
? cpn
: "<unknown>");
1893 if (r
->pa_used
&& r
->pa_used
->finalize_pac
) {
1894 ret
= r
->pa_used
->finalize_pac(r
);
1899 ret
= _krb5_pac_sign(r
->context
,
1903 &skey
->key
, /* Server key */
1904 &tkey
->key
, /* TGS key */
1908 is_tgs
? &r
->pac_attributes
: NULL
,
1910 krb5_free_principal(r
->context
, client
);
1911 krb5_pac_free(r
->context
, r
->pac
);
1914 _kdc_r_log(r
, 4, "PAC signing failed for -- %s",
1919 ret
= _kdc_tkt_insert_pac(r
->context
, &r
->et
, &data
);
1920 krb5_data_free(&data
);
1930 _kdc_is_anonymous(krb5_context context
, krb5_const_principal principal
)
1932 return krb5_principal_is_anonymous(context
, principal
, KRB5_ANON_MATCH_ANY
);
1936 * Returns TRUE if principal is the unauthenticated anonymous identity,
1937 * i.e. WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS. Unfortunately due to
1938 * backwards compatibility logic in krb5_principal_is_anonymous() we
1939 * have to use our own implementation.
1943 _kdc_is_anonymous_pkinit(krb5_context context
, krb5_const_principal principal
)
1945 return _kdc_is_anonymous(context
, principal
) &&
1946 strcmp(principal
->realm
, KRB5_ANON_REALM
) == 0;
1950 require_preauth_p(astgs_request_t r
)
1952 return r
->config
->require_preauth
1953 || r
->client
->entry
.flags
.require_preauth
1954 || r
->server
->entry
.flags
.require_preauth
;
1962 static krb5_error_code
1963 add_enc_pa_rep(astgs_request_t r
)
1965 krb5_error_code ret
;
1971 ret
= krb5_crypto_init(r
->context
, &r
->reply_key
, 0, &crypto
);
1975 ret
= krb5_create_checksum(r
->context
, crypto
,
1977 r
->request
.data
, r
->request
.length
,
1979 krb5_crypto_destroy(r
->context
, crypto
);
1983 ASN1_MALLOC_ENCODE(Checksum
, cdata
.data
, cdata
.length
,
1984 &checksum
, &len
, ret
);
1985 free_Checksum(&checksum
);
1988 heim_assert(cdata
.length
== len
, "ASN.1 internal error");
1990 if (r
->ek
.encrypted_pa_data
== NULL
) {
1991 ALLOC(r
->ek
.encrypted_pa_data
);
1992 if (r
->ek
.encrypted_pa_data
== NULL
)
1995 ret
= krb5_padata_add(r
->context
, r
->ek
.encrypted_pa_data
,
1996 KRB5_PADATA_REQ_ENC_PA_REP
, cdata
.data
, cdata
.length
);
2000 return krb5_padata_add(r
->context
, r
->ek
.encrypted_pa_data
,
2001 KRB5_PADATA_FX_FAST
, NULL
, 0);
2005 * Add an authorization data element indicating that a synthetic
2006 * principal was used, so that the TGS does not accidentally
2007 * synthesize a non-synthetic principal that has since been deleted.
2009 static krb5_error_code
2010 add_synthetic_princ_ad(astgs_request_t r
)
2014 krb5_data_zero(&data
);
2016 return _kdc_tkt_add_if_relevant_ad(r
->context
, &r
->et
,
2017 KRB5_AUTHDATA_SYNTHETIC_PRINC_USED
,
2021 static krb5_error_code
2022 get_local_tgs(krb5_context context
,
2023 krb5_kdc_configuration
*config
,
2024 krb5_const_realm realm
,
2025 hdb_entry_ex
**krbtgt
)
2027 krb5_error_code ret
;
2028 krb5_principal tgs_name
;
2032 ret
= krb5_make_principal(context
,
2041 ret
= _kdc_db_fetch(context
, config
, tgs_name
,
2042 HDB_F_GET_KRBTGT
, NULL
, NULL
, krbtgt
);
2043 krb5_free_principal(context
, tgs_name
);
2053 _kdc_as_rep(astgs_request_t r
)
2055 krb5_kdc_configuration
*config
= r
->config
;
2056 KDC_REQ
*req
= &r
->req
;
2057 const char *from
= r
->from
;
2058 KDC_REQ_BODY
*b
= NULL
;
2059 KDC_REP
*rep
= &r
->rep
;
2061 krb5_enctype setype
;
2062 krb5_error_code ret
= 0;
2065 int i
, flags
= HDB_F_FOR_AS_REQ
;
2067 krb5_boolean is_tgs
;
2069 hdb_entry_ex
*krbtgt
= NULL
;
2072 memset(rep
, 0, sizeof(*rep
));
2075 if (rep
->padata
== NULL
) {
2077 krb5_set_error_message(r
->context
, ret
, N_("malloc: out of memory", ""));
2082 * Look for FAST armor and unwrap
2084 ret
= _kdc_fast_unwrap_request(r
, NULL
, NULL
);
2086 _kdc_r_log(r
, 1, "FAST unwrap request from %s failed: %d", from
, ret
);
2094 flags
|= HDB_F_CANON
;
2096 if (b
->sname
== NULL
) {
2097 ret
= KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
;
2098 _kdc_set_e_text(r
, "No server in request");
2102 ret
= _krb5_principalname2krb5_principal(r
->context
, &r
->server_princ
,
2103 *(b
->sname
), b
->realm
);
2105 ret
= krb5_unparse_name(r
->context
, r
->server_princ
, &r
->sname
);
2107 kdc_log(r
->context
, config
, 2,
2108 "AS_REQ malformed server name from %s", from
);
2112 if (b
->cname
== NULL
) {
2113 ret
= KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN
;
2114 _kdc_set_e_text(r
, "No client in request");
2118 ret
= _krb5_principalname2krb5_principal(r
->context
, &r
->client_princ
,
2119 *(b
->cname
), b
->realm
);
2121 ret
= krb5_unparse_name(r
->context
, r
->client_princ
, &r
->cname
);
2123 kdc_log(r
->context
, config
, 2,
2124 "AS-REQ malformed client name from %s", from
);
2128 kdc_log(r
->context
, config
, 4, "AS-REQ %s from %s for %s",
2129 r
->cname
, r
->from
, r
->sname
);
2131 is_tgs
= krb5_principal_is_krbtgt(r
->context
, r
->server_princ
);
2133 if (_kdc_is_anonymous(r
->context
, r
->client_princ
) &&
2134 !_kdc_is_anon_request(req
)) {
2135 kdc_log(r
->context
, config
, 2, "Anonymous client w/o anonymous flag");
2136 ret
= KRB5KDC_ERR_BADOPTION
;
2140 ret
= _kdc_db_fetch(r
->context
, config
, r
->client_princ
,
2141 HDB_F_GET_CLIENT
| HDB_F_SYNTHETIC_OK
| flags
, NULL
,
2142 &r
->clientdb
, &r
->client
);
2144 case 0: /* Success */
2146 case HDB_ERR_NOT_FOUND_HERE
:
2147 kdc_log(r
->context
, config
, 5, "client %s does not have secrets at this KDC, need to proxy",
2150 case HDB_ERR_WRONG_REALM
: {
2151 char *fixed_client_name
= NULL
;
2153 ret
= krb5_unparse_name(r
->context
, r
->client
->entry
.principal
,
2154 &fixed_client_name
);
2159 kdc_log(r
->context
, config
, 4, "WRONG_REALM - %s -> %s",
2160 r
->cname
, fixed_client_name
);
2161 free(fixed_client_name
);
2164 ret
= _kdc_fast_mk_error(r
, r
->rep
.padata
, r
->armor_crypto
,
2166 r
->ret
= KRB5_KDC_ERR_WRONG_REALM
,
2167 r
->client
->entry
.principal
, r
->server_princ
,
2168 NULL
, NULL
, r
->reply
);
2173 msg
= krb5_get_error_message(r
->context
, ret
);
2174 kdc_log(r
->context
, config
, 4, "UNKNOWN -- %s: %s", r
->cname
, msg
);
2175 krb5_free_error_message(r
->context
, msg
);
2176 ret
= KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN
;
2177 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
2178 KDC_AUTH_EVENT_CLIENT_UNKNOWN
);
2182 ret
= _kdc_db_fetch(r
->context
, config
, r
->server_princ
,
2183 HDB_F_GET_SERVER
| HDB_F_DELAY_NEW_KEYS
|
2184 flags
| (is_tgs
? HDB_F_GET_KRBTGT
: 0),
2185 NULL
, NULL
, &r
->server
);
2187 case 0: /* Success */
2189 case HDB_ERR_NOT_FOUND_HERE
:
2190 kdc_log(r
->context
, config
, 5, "target %s does not have secrets at this KDC, need to proxy",
2194 msg
= krb5_get_error_message(r
->context
, ret
);
2195 kdc_log(r
->context
, config
, 4, "UNKNOWN -- %s: %s", r
->sname
, msg
);
2196 krb5_free_error_message(r
->context
, msg
);
2197 ret
= KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
;
2202 * Select an enctype for the to-be-issued ticket's session key using the
2203 * intersection of the client's requested enctypes and the server's (like a
2204 * root krbtgt, but not necessarily) etypes from its HDB entry.
2206 ret
= _kdc_find_etype(r
, (is_tgs
? KFE_IS_TGS
:0) | KFE_USE_CLIENT
,
2207 b
->etype
.val
, b
->etype
.len
,
2208 &r
->sessionetype
, NULL
, NULL
);
2210 kdc_log(r
->context
, config
, 4,
2211 "Client (%s) from %s has no common enctypes with KDC "
2212 "to use for the session key",
2218 * Pre-auth processing
2224 log_patypes(r
, req
->padata
);
2226 /* Check if preauth matching */
2228 for (n
= 0; !found_pa
&& n
< sizeof(pat
) / sizeof(pat
[0]); n
++) {
2229 if (pat
[n
].validate
== NULL
)
2231 if (r
->armor_crypto
== NULL
&& (pat
[n
].flags
& PA_REQ_FAST
))
2234 kdc_log(r
->context
, config
, 5,
2235 "Looking for %s pa-data -- %s", pat
[n
].name
, r
->cname
);
2237 pa
= _kdc_find_padata(req
, &i
, pat
[n
].type
);
2239 if (r
->client
->entry
.flags
.synthetic
&&
2240 !(pat
[n
].flags
& PA_SYNTHETIC_OK
)) {
2241 kdc_log(r
->context
, config
, 4, "UNKNOWN -- %s", r
->cname
);
2242 ret
= KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN
;
2245 _kdc_audit_addkv((kdc_request_t
)r
, KDC_AUDIT_VIS
, "pa", "%s",
2247 ret
= pat
[n
].validate(r
, pa
);
2249 krb5_error_code ret2
;
2251 krb5_boolean default_salt
;
2253 if (ret
!= KRB5_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED
&&
2254 !_kdc_audit_getkv((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
))
2255 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
2256 KDC_AUTH_EVENT_PREAUTH_FAILED
);
2259 * If there is a client key, send ETYPE_INFO{,2}
2261 ret2
= _kdc_find_etype(r
, KFE_IS_PREAUTH
|KFE_USE_CLIENT
,
2262 b
->etype
.val
, b
->etype
.len
,
2263 NULL
, &ckey
, &default_salt
);
2265 ret2
= get_pa_etype_info_both(r
->context
, config
, &b
->etype
,
2266 r
->rep
.padata
, ckey
, !default_salt
);
2272 if (!_kdc_audit_getkv((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
))
2273 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
2274 KDC_AUTH_EVENT_PREAUTH_SUCCEEDED
);
2275 kdc_log(r
->context
, config
, 4,
2276 "%s pre-authentication succeeded -- %s",
2277 pat
[n
].name
, r
->cname
);
2279 r
->pa_used
= &pat
[n
];
2280 r
->et
.flags
.pre_authent
= 1;
2285 if (found_pa
== 0) {
2288 krb5_boolean default_salt
;
2290 if (r
->client
->entry
.flags
.synthetic
) {
2291 kdc_log(r
->context
, config
, 4, "UNKNOWN -- %s", r
->cname
);
2292 ret
= KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN
;
2296 for (n
= 0; n
< sizeof(pat
) / sizeof(pat
[0]); n
++) {
2297 if ((pat
[n
].flags
& PA_ANNOUNCE
) == 0)
2300 if (!r
->armor_crypto
&& (pat
[n
].flags
& PA_REQ_FAST
))
2302 if (pat
[n
].type
== KRB5_PADATA_ENC_TIMESTAMP
) {
2303 if (r
->armor_crypto
&& !r
->config
->enable_armored_pa_enc_timestamp
)
2305 if (!r
->armor_crypto
&& !r
->config
->enable_unarmored_pa_enc_timestamp
)
2309 ret
= krb5_padata_add(r
->context
, r
->rep
.padata
,
2310 pat
[n
].type
, NULL
, 0);
2316 * If there is a client key, send ETYPE_INFO{,2}
2318 ret
= _kdc_find_etype(r
, KFE_IS_PREAUTH
|KFE_USE_CLIENT
,
2319 b
->etype
.val
, b
->etype
.len
,
2320 NULL
, &ckey
, &default_salt
);
2322 ret
= get_pa_etype_info_both(r
->context
, config
, &b
->etype
,
2323 r
->rep
.padata
, ckey
, !default_salt
);
2329 * send requre preauth is its required or anon is requested,
2330 * anon is today only allowed via preauth mechanisms.
2332 if (require_preauth_p(r
) || _kdc_is_anon_request(&r
->req
)) {
2333 ret
= KRB5KDC_ERR_PREAUTH_REQUIRED
;
2334 _kdc_set_e_text(r
, "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ");
2339 ret
= KRB5KDC_ERR_CLIENT_NOTYET
;
2340 _kdc_set_e_text(r
, "Doesn't have a client key available");
2343 krb5_free_keyblock_contents(r
->context
, &r
->reply_key
);
2344 ret
= krb5_copy_keyblock_contents(r
->context
, &ckey
->key
, &r
->reply_key
);
2349 r
->canon_client_princ
= r
->client
->entry
.principal
;
2352 * Verify flags after the user been required to prove its identity
2353 * with in a preauth mech.
2356 ret
= _kdc_check_access(r
);
2360 if (_kdc_is_anon_request(&r
->req
)) {
2361 ret
= _kdc_check_anon_policy(r
);
2363 _kdc_set_e_text(r
, "Anonymous ticket requests are disabled");
2367 r
->et
.flags
.anonymous
= 1;
2370 _kdc_audit_setkv_number((kdc_request_t
)r
, KDC_REQUEST_KV_AUTH_EVENT
,
2371 KDC_AUTH_EVENT_CLIENT_AUTHORIZED
);
2374 * Select the best encryption type for the KDC with out regard to
2375 * the client since the client never needs to read that data.
2378 ret
= _kdc_get_preferred_key(r
->context
, config
,
2379 r
->server
, r
->sname
,
2384 /* If server is not krbtgt, fetch local krbtgt key for signing authdata */
2388 ret
= get_local_tgs(r
->context
, config
, r
->server_princ
->realm
,
2393 ret
= _kdc_get_preferred_key(r
->context
, config
, krbtgt
,
2394 r
->server_princ
->realm
,
2400 if(f
.renew
|| f
.validate
|| f
.proxy
|| f
.forwarded
|| f
.enc_tkt_in_skey
) {
2401 ret
= KRB5KDC_ERR_BADOPTION
;
2402 _kdc_set_e_text(r
, "Bad KDC options");
2410 rep
->msg_type
= krb_as_rep
;
2412 if (!config
->historical_anon_realm
&&
2413 _kdc_is_anonymous(r
->context
, r
->client_princ
)) {
2414 Realm anon_realm
= KRB5_ANON_REALM
;
2415 ret
= copy_Realm(&anon_realm
, &rep
->crealm
);
2416 } else if (f
.canonicalize
|| r
->client
->entry
.flags
.force_canonicalize
)
2417 ret
= copy_Realm(&r
->canon_client_princ
->realm
, &rep
->crealm
);
2419 ret
= copy_Realm(&r
->client_princ
->realm
, &rep
->crealm
);
2422 if (r
->et
.flags
.anonymous
)
2423 ret
= _kdc_make_anonymous_principalname(&rep
->cname
);
2424 else if (f
.canonicalize
|| r
->client
->entry
.flags
.force_canonicalize
)
2425 ret
= _krb5_principal2principalname(&rep
->cname
, r
->canon_client_princ
);
2427 ret
= _krb5_principal2principalname(&rep
->cname
, r
->client_princ
);
2431 rep
->ticket
.tkt_vno
= 5;
2432 if (f
.canonicalize
|| r
->server
->entry
.flags
.force_canonicalize
)
2433 ret
= copy_Realm(&r
->server
->entry
.principal
->realm
, &rep
->ticket
.realm
);
2435 ret
= copy_Realm(&r
->server_princ
->realm
, &rep
->ticket
.realm
);
2438 if (f
.canonicalize
|| r
->server
->entry
.flags
.force_canonicalize
)
2439 _krb5_principal2principalname(&rep
->ticket
.sname
,
2440 r
->server
->entry
.principal
);
2442 _krb5_principal2principalname(&rep
->ticket
.sname
,
2444 /* java 1.6 expects the name to be the same type, lets allow that
2445 * uncomplicated name-types. */
2446 #define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
2447 if (CNT(b
, UNKNOWN
) || CNT(b
, PRINCIPAL
) || CNT(b
, SRV_INST
) || CNT(b
, SRV_HST
) || CNT(b
, SRV_XHST
))
2448 rep
->ticket
.sname
.name_type
= b
->sname
->name_type
;
2451 r
->et
.flags
.initial
= 1;
2452 if(r
->client
->entry
.flags
.forwardable
&& r
->server
->entry
.flags
.forwardable
)
2453 r
->et
.flags
.forwardable
= f
.forwardable
;
2454 if(r
->client
->entry
.flags
.proxiable
&& r
->server
->entry
.flags
.proxiable
)
2455 r
->et
.flags
.proxiable
= f
.proxiable
;
2456 else if (f
.proxiable
) {
2457 _kdc_set_e_text(r
, "Ticket may not be proxiable");
2458 ret
= KRB5KDC_ERR_POLICY
;
2461 if(r
->client
->entry
.flags
.postdate
&& r
->server
->entry
.flags
.postdate
)
2462 r
->et
.flags
.may_postdate
= f
.allow_postdate
;
2463 else if (f
.allow_postdate
){
2464 _kdc_set_e_text(r
, "Ticket may not be postdate");
2465 ret
= KRB5KDC_ERR_POLICY
;
2470 _kdc_audit_addaddrs((kdc_request_t
)r
, b
->addresses
, "reqaddrs");
2472 /* check for valid set of addresses */
2473 if (!_kdc_check_addresses(r
, b
->addresses
, r
->addr
)) {
2474 if (r
->config
->warn_ticket_addresses
) {
2475 _kdc_audit_setkv_bool((kdc_request_t
)r
, "wrongaddr", TRUE
);
2477 _kdc_set_e_text(r
, "Request from wrong address");
2478 ret
= KRB5KRB_AP_ERR_BADADDR
;
2483 ret
= copy_PrincipalName(&rep
->cname
, &r
->et
.cname
);
2486 ret
= copy_Realm(&rep
->crealm
, &r
->et
.crealm
);
2494 start
= r
->et
.authtime
= kdc_time
;
2496 if(f
.postdated
&& req
->req_body
.from
){
2497 ALLOC(r
->et
.starttime
);
2498 start
= *r
->et
.starttime
= *req
->req_body
.from
;
2499 r
->et
.flags
.invalid
= 1;
2500 r
->et
.flags
.postdated
= 1; /* XXX ??? */
2502 _kdc_fix_time(&b
->till
);
2505 /* be careful not overflowing */
2508 * Pre-auth can override r->client->entry.max_life if configured.
2510 * See pre-auth methods, specifically PKINIT, which can get or derive
2511 * this from the client's certificate.
2513 if (r
->pa_max_life
> 0)
2514 t
= start
+ min(t
- start
, r
->pa_max_life
);
2515 else if (r
->client
->entry
.max_life
)
2516 t
= start
+ min(t
- start
, *r
->client
->entry
.max_life
);
2518 if (r
->server
->entry
.max_life
)
2519 t
= start
+ min(t
- start
, *r
->server
->entry
.max_life
);
2521 /* Pre-auth can bound endtime as well */
2522 if (r
->pa_endtime
> 0)
2523 t
= start
+ min(t
- start
, r
->pa_endtime
);
2525 t
= min(t
, start
+ realm
->max_life
);
2528 if(f
.renewable_ok
&& r
->et
.endtime
< *b
->till
){
2530 if(b
->rtime
== NULL
){
2534 if(*b
->rtime
< *b
->till
)
2535 *b
->rtime
= *b
->till
;
2537 if(f
.renewable
&& b
->rtime
){
2541 if(r
->client
->entry
.max_renew
)
2542 t
= start
+ min(t
- start
, *r
->client
->entry
.max_renew
);
2543 if(r
->server
->entry
.max_renew
)
2544 t
= start
+ min(t
- start
, *r
->server
->entry
.max_renew
);
2546 t
= min(t
, start
+ realm
->max_renew
);
2548 ALLOC(r
->et
.renew_till
);
2549 *r
->et
.renew_till
= t
;
2550 r
->et
.flags
.renewable
= 1;
2556 copy_HostAddresses(b
->addresses
, r
->et
.caddr
);
2559 r
->et
.transited
.tr_type
= domain_X500_Compress
;
2560 krb5_data_zero(&r
->et
.transited
.contents
);
2562 /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
2563 * as 0 and as 0x80 (meaning indefinite length) apart, and is thus
2564 * incapable of correctly decoding SEQUENCE OF's of zero length.
2566 * To fix this, always send at least one no-op last_req
2568 * If there's a pw_end or valid_end we will use that,
2569 * otherwise just a dummy lr.
2571 r
->ek
.last_req
.val
= malloc(2 * sizeof(*r
->ek
.last_req
.val
));
2572 if (r
->ek
.last_req
.val
== NULL
) {
2576 r
->ek
.last_req
.len
= 0;
2577 if (r
->client
->entry
.pw_end
2578 && (config
->kdc_warn_pwexpire
== 0
2579 || kdc_time
+ config
->kdc_warn_pwexpire
>= *r
->client
->entry
.pw_end
)) {
2580 r
->ek
.last_req
.val
[r
->ek
.last_req
.len
].lr_type
= LR_PW_EXPTIME
;
2581 r
->ek
.last_req
.val
[r
->ek
.last_req
.len
].lr_value
= *r
->client
->entry
.pw_end
;
2582 ++r
->ek
.last_req
.len
;
2584 if (r
->client
->entry
.valid_end
) {
2585 r
->ek
.last_req
.val
[r
->ek
.last_req
.len
].lr_type
= LR_ACCT_EXPTIME
;
2586 r
->ek
.last_req
.val
[r
->ek
.last_req
.len
].lr_value
= *r
->client
->entry
.valid_end
;
2587 ++r
->ek
.last_req
.len
;
2589 if (r
->ek
.last_req
.len
== 0) {
2590 r
->ek
.last_req
.val
[r
->ek
.last_req
.len
].lr_type
= LR_NONE
;
2591 r
->ek
.last_req
.val
[r
->ek
.last_req
.len
].lr_value
= 0;
2592 ++r
->ek
.last_req
.len
;
2594 r
->ek
.nonce
= b
->nonce
;
2595 if (r
->client
->entry
.valid_end
|| r
->client
->entry
.pw_end
) {
2596 ALLOC(r
->ek
.key_expiration
);
2597 if (r
->client
->entry
.valid_end
) {
2598 if (r
->client
->entry
.pw_end
)
2599 *r
->ek
.key_expiration
= min(*r
->client
->entry
.valid_end
,
2600 *r
->client
->entry
.pw_end
);
2602 *r
->ek
.key_expiration
= *r
->client
->entry
.valid_end
;
2604 *r
->ek
.key_expiration
= *r
->client
->entry
.pw_end
;
2606 r
->ek
.key_expiration
= NULL
;
2607 r
->ek
.flags
= r
->et
.flags
;
2608 r
->ek
.authtime
= r
->et
.authtime
;
2609 if (r
->et
.starttime
) {
2610 ALLOC(r
->ek
.starttime
);
2611 *r
->ek
.starttime
= *r
->et
.starttime
;
2613 r
->ek
.endtime
= r
->et
.endtime
;
2614 if (r
->et
.renew_till
) {
2615 ALLOC(r
->ek
.renew_till
);
2616 *r
->ek
.renew_till
= *r
->et
.renew_till
;
2618 ret
= copy_Realm(&rep
->ticket
.realm
, &r
->ek
.srealm
);
2621 ret
= copy_PrincipalName(&rep
->ticket
.sname
, &r
->ek
.sname
);
2626 copy_HostAddresses(r
->et
.caddr
, r
->ek
.caddr
);
2630 * Check and session and reply keys
2633 if (r
->session_key
.keytype
== ETYPE_NULL
) {
2634 ret
= krb5_generate_random_keyblock(r
->context
, r
->sessionetype
, &r
->session_key
);
2639 if (r
->reply_key
.keytype
== ETYPE_NULL
) {
2640 _kdc_set_e_text(r
, "Client have no reply key");
2641 ret
= KRB5KDC_ERR_CLIENT_NOTYET
;
2645 ret
= copy_EncryptionKey(&r
->session_key
, &r
->et
.key
);
2649 ret
= copy_EncryptionKey(&r
->session_key
, &r
->ek
.key
);
2654 if (!r
->et
.flags
.anonymous
) {
2655 generate_pac(r
, skey
, krbtgt_key
, is_tgs
);
2658 if (r
->client
->entry
.flags
.synthetic
) {
2659 ret
= add_synthetic_princ_ad(r
);
2664 _kdc_log_timestamp(r
, "AS-REQ", r
->et
.authtime
,
2665 r
->et
.starttime
, r
->et
.endtime
,
2668 _log_astgs_req(r
, setype
);
2671 * We always say we support FAST/enc-pa-rep
2674 r
->et
.flags
.enc_pa_rep
= r
->ek
.flags
.enc_pa_rep
= 1;
2677 * update reply-key with strengthen-key
2680 ret
= _kdc_fast_strengthen_reply_key(r
);
2685 * Add REQ_ENC_PA_REP if client supports it
2689 pa
= _kdc_find_padata(req
, &i
, KRB5_PADATA_REQ_ENC_PA_REP
);
2692 ret
= add_enc_pa_rep(r
);
2694 msg
= krb5_get_error_message(r
->context
, ret
);
2695 _kdc_r_log(r
, 4, "add_enc_pa_rep failed: %s: %d", msg
, ret
);
2696 krb5_free_error_message(r
->context
, msg
);
2702 * Last chance for plugins to update reply
2704 ret
= _kdc_finalize_reply(r
);
2709 * Don't send kvno from client entry if the pre-authentication
2710 * mechanism replaced the reply key.
2713 ret
= _kdc_encode_reply(r
->context
, config
,
2714 r
, req
->req_body
.nonce
, setype
,
2715 r
->server
->entry
.kvno
, &skey
->key
,
2716 pa_used_flag_isset(r
, PA_REPLACE_REPLY_KEY
) ? 0 : r
->client
->entry
.kvno
,
2722 * Check if message too large
2724 if (r
->datagram_reply
&& r
->reply
->length
> config
->max_datagram_reply_length
) {
2725 krb5_data_free(r
->reply
);
2726 ret
= KRB5KRB_ERR_RESPONSE_TOO_BIG
;
2727 _kdc_set_e_text(r
, "Reply packet too large");
2732 _kdc_audit_request(r
);
2735 * In case of a non proxy error, build an error message.
2737 if (ret
!= 0 && ret
!= HDB_ERR_NOT_FOUND_HERE
&& r
->reply
->length
== 0)
2738 ret
= _kdc_fast_mk_error(r
,
2748 if (r
->pa_used
&& r
->pa_used
->cleanup
)
2749 r
->pa_used
->cleanup(r
);
2751 free_AS_REP(&r
->rep
);
2752 free_EncTicketPart(&r
->et
);
2753 free_EncKDCRepPart(&r
->ek
);
2754 _kdc_free_fast_state(&r
->fast
);
2756 if (r
->client_princ
) {
2757 krb5_free_principal(r
->context
, r
->client_princ
);
2758 r
->client_princ
= NULL
;
2760 if (r
->server_princ
){
2761 krb5_free_principal(r
->context
, r
->server_princ
);
2762 r
->server_princ
= NULL
;
2765 _kdc_free_ent(r
->context
, r
->client
);
2767 _kdc_free_ent(r
->context
, r
->server
);
2769 _kdc_free_ent(r
->context
, krbtgt
);
2770 if (r
->armor_crypto
) {
2771 krb5_crypto_destroy(r
->context
, r
->armor_crypto
);
2772 r
->armor_crypto
= NULL
;
2774 if (r
->armor_ticket
)
2775 krb5_free_ticket(r
->context
, r
->armor_ticket
);
2776 if (r
->armor_server
)
2777 _kdc_free_ent(r
->context
, r
->armor_server
);
2778 krb5_free_keyblock_contents(r
->context
, &r
->reply_key
);
2779 krb5_free_keyblock_contents(r
->context
, &r
->session_key
);
2780 krb5_free_keyblock_contents(r
->context
, &r
->strengthen_key
);
2781 krb5_pac_free(r
->context
, r
->pac
);