search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Reduce older log messages to level 4 and collect some errors.
[heimdal.git] / kdc / kerberos5.c
blob3fe80367dd8b28ed27c4a0949eb0e9abd44b614a
1 /*
2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kdc_locl.h"
35
36 #define MAX_TIME ((time_t)((1U << 31) - 1))
37
38 #undef __attribute__
39 #define __attribute__(X)
40
41 void
42 _kdc_fix_time(time_t **t)
43 {
44 if(*t == NULL){
45 ALLOC(*t);
46 **t = MAX_TIME;
47 }
48 if(**t == 0) **t = MAX_TIME; /* fix for old clients */
49 }
50
51 static int
52 realloc_method_data(METHOD_DATA *md)
53 {
54 PA_DATA *pa;
55 pa = realloc(md->val, (md->len + 1) * sizeof(*md->val));
56 if(pa == NULL)
57 return ENOMEM;
58 md->val = pa;
59 md->len++;
60 return 0;
61 }
62
63 static void
64 set_salt_padata(METHOD_DATA *md, Salt *salt)
65 {
66 if (salt) {
67 realloc_method_data(md);
68 md->val[md->len - 1].padata_type = salt->type;
69 der_copy_octet_string(&salt->salt,
70 &md->val[md->len - 1].padata_value);
71 }
72 }
73
74 const PA_DATA*
75 _kdc_find_padata(const KDC_REQ *req, int *start, int type)
76 {
77 if (req->padata == NULL)
78 return NULL;
79
80 while((size_t)*start < req->padata->len){
81 (*start)++;
82 if(req->padata->val[*start - 1].padata_type == (unsigned)type)
83 return &req->padata->val[*start - 1];
84 }
85 return NULL;
86 }
87
88 /*
89 * This is a hack to allow predefined weak services, like afs to
90 * still use weak types
91 */
92
93 krb5_boolean
94 _kdc_is_weak_exception(krb5_principal principal, krb5_enctype etype)
95 {
96 if (principal->name.name_string.len > 0 &&
97 strcmp(principal->name.name_string.val[0], "afs") == 0 &&
98 (etype == (krb5_enctype)ETYPE_DES_CBC_CRC
99 || etype == (krb5_enctype)ETYPE_DES_CBC_MD4
100 || etype == (krb5_enctype)ETYPE_DES_CBC_MD5))
101 return TRUE;
102 return FALSE;
103 }
104
105
106 /*
107 * Detect if `key' is the using the the precomputed `default_salt'.
108 */
109
110 static krb5_boolean
111 is_default_salt_p(const krb5_salt *default_salt, const Key *key)
112 {
113 if (key->salt == NULL)
114 return TRUE;
115 if (default_salt->salttype != key->salt->type)
116 return FALSE;
117 if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
118 return FALSE;
119 return TRUE;
120 }
121
122
123 krb5_boolean
124 _kdc_is_anon_request(const KDC_REQ *req)
125 {
126 const KDC_REQ_BODY *b = &req->req_body;
127
128 /*
129 * Versions of Heimdal from 0.9rc1 through 1.50 use bit 14 instead
130 * of 16 for request_anonymous, as indicated in the anonymous draft
131 * prior to version 11. Bit 14 is assigned to S4U2Proxy, but S4U2Proxy
132 * requests are only sent to the TGS and, in any case, would have an
133 * additional ticket present.
134 */
135 return b->kdc_options.request_anonymous ||
136 (b->kdc_options.cname_in_addl_tkt && !b->additional_tickets);
137 }
138
139 /*
140 * return the first appropriate key of `princ' in `ret_key'. Look for
141 * all the etypes in (`etypes', `len'), stopping as soon as we find
142 * one, but preferring one that has default salt.
143 */
144
145 krb5_error_code
146 _kdc_find_etype(astgs_request_t r, uint32_t flags,
147 krb5_enctype *etypes, unsigned len,
148 krb5_enctype *ret_enctype, Key **ret_key,
149 krb5_boolean *ret_default_salt)
150 {
151 krb5_context context = r->context;
152 krb5_boolean use_strongest_session_key;
153 krb5_boolean is_preauth = flags & KFE_IS_PREAUTH;
154 krb5_boolean is_tgs = flags & KFE_IS_TGS;
155 hdb_entry_ex *princ;
156 krb5_principal request_princ;
157 krb5_error_code ret;
158 krb5_salt def_salt;
159 krb5_enctype enctype = (krb5_enctype)ETYPE_NULL;
160 const krb5_enctype *p;
161 Key *key = NULL;
162 int i, k;
163
164 if (flags & KFE_USE_CLIENT) {
165 princ = r->client;
166 request_princ = r->client_princ;
167 } else {
168 princ = r->server;
169 request_princ = r->server->entry.principal;
170 }
171
172 use_strongest_session_key =
173 is_preauth ? r->config->preauth_use_strongest_session_key
174 : (is_tgs ? r->config->tgt_use_strongest_session_key :
175 r->config->svc_use_strongest_session_key);
176
177 /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
178 ret = krb5_get_pw_salt(context, request_princ, &def_salt);
179 if (ret)
180 return ret;
181
182 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
183
184 if (use_strongest_session_key) {
185
186 /*
187 * Pick the strongest key that the KDC, target service, and
188 * client all support, using the local cryptosystem enctype
189 * list in strongest-to-weakest order to drive the search.
190 *
191 * This is not what RFC4120 says to do, but it encourages
192 * adoption of stronger enctypes. This doesn't play well with
193 * clients that have multiple Kerberos client implementations
194 * available with different supported enctype lists.
195 */
196
197 /* drive the search with local supported enctypes list */
198 p = krb5_kerberos_enctypes(context);
199 for (i = 0;
200 p[i] != (krb5_enctype)ETYPE_NULL && enctype == (krb5_enctype)ETYPE_NULL;
201 i++) {
202 if (krb5_enctype_valid(context, p[i]) != 0 &&
203 !_kdc_is_weak_exception(princ->entry.principal, p[i]))
204 continue;
205
206 /* check that the client supports it too */
207 for (k = 0; k < len && enctype == (krb5_enctype)ETYPE_NULL; k++) {
208
209 if (p[i] != etypes[k])
210 continue;
211
212 /* check target princ support */
213 key = NULL;
214 while (hdb_next_enctype2key(context, &princ->entry, NULL,
215 p[i], &key) == 0) {
216 if (key->key.keyvalue.length == 0) {
217 ret = KRB5KDC_ERR_NULL_KEY;
218 continue;
219 }
220 enctype = p[i];
221 ret = 0;
222 if (is_preauth && ret_key != NULL &&
223 !is_default_salt_p(&def_salt, key))
224 continue;
225 }
226 }
227 }
228 } else {
229 /*
230 * Pick the first key from the client's enctype list that is
231 * supported by the cryptosystem and by the given principal.
232 *
233 * RFC4120 says we SHOULD pick the first _strong_ key from the
234 * client's list... not the first key... If the admin disallows
235 * weak enctypes in krb5.conf and selects this key selection
236 * algorithm, then we get exactly what RFC4120 says.
237 */
238 for(i = 0; ret != 0 && i < len; i++) {
239
240 if (krb5_enctype_valid(context, etypes[i]) != 0 &&
241 !_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
242 continue;
243
244 key = NULL;
245 while (ret != 0 &&
246 hdb_next_enctype2key(context, &princ->entry, NULL,
247 etypes[i], &key) == 0) {
248 if (key->key.keyvalue.length == 0) {
249 ret = KRB5KDC_ERR_NULL_KEY;
250 continue;
251 }
252 enctype = etypes[i];
253 ret = 0;
254 if (is_preauth && ret_key != NULL &&
255 !is_default_salt_p(&def_salt, key))
256 continue;
257 }
258 }
259 }
260
261 if (enctype == (krb5_enctype)ETYPE_NULL) {
262 /*
263 * if the service principal is one for which there is a known 1DES
264 * exception and no other enctype matches both the client request and
265 * the service key list, provide a DES-CBC-CRC key.
266 */
267 if (ret_key == NULL &&
268 _kdc_is_weak_exception(princ->entry.principal, ETYPE_DES_CBC_CRC)) {
269 ret = 0;
270 enctype = ETYPE_DES_CBC_CRC;
271 } else {
272 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
273 }
274 }
275
276 if (ret == 0) {
277 if (ret_enctype != NULL)
278 *ret_enctype = enctype;
279 if (ret_key != NULL)
280 *ret_key = key;
281 if (ret_default_salt != NULL)
282 *ret_default_salt = is_default_salt_p(&def_salt, key);
283 }
284
285 krb5_free_salt (context, def_salt);
286 return ret;
287 }
288
289 krb5_error_code
290 _kdc_make_anonymous_principalname (PrincipalName *pn)
291 {
292 pn->name_type = KRB5_NT_WELLKNOWN;
293 pn->name_string.len = 2;
294 pn->name_string.val = calloc(2, sizeof(*pn->name_string.val));
295 if (pn->name_string.val == NULL)
296 goto failed;
297
298 pn->name_string.val[0] = strdup(KRB5_WELLKNOWN_NAME);
299 if (pn->name_string.val[0] == NULL)
300 goto failed;
301
302 pn->name_string.val[1] = strdup(KRB5_ANON_NAME);
303 if (pn->name_string.val[1] == NULL)
304 goto failed;
305
306 return 0;
307
308 failed:
309 free_PrincipalName(pn);
310
311 pn->name_type = KRB5_NT_UNKNOWN;
312 pn->name_string.len = 0;
313 pn->name_string.val = NULL;
314
315 return ENOMEM;
316 }
317
318 static void
319 _kdc_r_log(astgs_request_t r, int level, const char *fmt, ...)
320 __attribute__ ((__format__ (__printf__, 3, 4)))
321 {
322 va_list ap;
323 char *s;
324 va_start(ap, fmt);
325 s = kdc_log_msg_va(r->context, r->config, level, fmt, ap);
326 if(s) free(s);
327 va_end(ap);
328 }
329
330 void
331 _kdc_set_e_text(astgs_request_t r, char *fmt, ...)
332 __attribute__ ((__format__ (__printf__, 2, 3)))
333 {
334 va_list ap;
335 char *e_text;
336
337 va_start(ap, fmt);
338 vasprintf(&e_text, fmt, ap);
339 va_end(ap);
340
341 if (!e_text)
342 /* not much else to do... */
343 return;
344
345 /* We should never see this */
346 if (r->e_text) {
347 kdc_log(r->context, r->config, 1, "trying to replace e-text: %s\n",
348 e_text);
349 free(e_text);
350 return;
351 }
352
353 r->e_text = e_text;
354 r->e_text_buf = e_text;
355 kdc_log(r->context, r->config, 4, "%s", e_text);
356 }
357
358 void
359 _kdc_log_timestamp(astgs_request_t r, const char *type,
360 KerberosTime authtime, KerberosTime *starttime,
361 KerberosTime endtime, KerberosTime *renew_till)
362 {
363 krb5_context context = r->context;
364 krb5_kdc_configuration *config = r->config;
365 char authtime_str[100], starttime_str[100],
366 endtime_str[100], renewtime_str[100];
367
368 if (authtime)
369 _kdc_audit_addkv((kdc_request_t)r, 0, "auth", "%ld", (long)authtime);
370 if (starttime && *starttime)
371 _kdc_audit_addkv((kdc_request_t)r, 0, "start", "%ld",
372 (long)*starttime);
373 if (endtime)
374 _kdc_audit_addkv((kdc_request_t)r, 0, "end", "%ld", (long)endtime);
375 if (renew_till && *renew_till)
376 _kdc_audit_addkv((kdc_request_t)r, 0, "renew", "%ld",
377 (long)*renew_till);
378
379 krb5_format_time(context, authtime,
380 authtime_str, sizeof(authtime_str), TRUE);
381 if (starttime)
382 krb5_format_time(context, *starttime,
383 starttime_str, sizeof(starttime_str), TRUE);
384 else
385 strlcpy(starttime_str, "unset", sizeof(starttime_str));
386 krb5_format_time(context, endtime,
387 endtime_str, sizeof(endtime_str), TRUE);
388 if (renew_till)
389 krb5_format_time(context, *renew_till,
390 renewtime_str, sizeof(renewtime_str), TRUE);
391 else
392 strlcpy(renewtime_str, "unset", sizeof(renewtime_str));
393
394 kdc_log(context, config, 4,
395 "%s authtime: %s starttime: %s endtime: %s renew till: %s",
396 type, authtime_str, starttime_str, endtime_str, renewtime_str);
397 }
398
399 /*
400 *
401 */
402
403 #ifdef PKINIT
404
405 static krb5_error_code
406 pa_pkinit_validate(astgs_request_t r, const PA_DATA *pa)
407 {
408 pk_client_params *pkp = NULL;
409 char *client_cert = NULL;
410 krb5_error_code ret;
411
412 ret = _kdc_pk_rd_padata(r, pa, &pkp);
413 if (ret || pkp == NULL) {
414 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
415 _kdc_r_log(r, 4, "Failed to decode PKINIT PA-DATA -- %s",
416 r->cname);
417 goto out;
418 }
419
420 ret = _kdc_pk_check_client(r, pkp, &client_cert);
421 if (ret) {
422 _kdc_set_e_text(r, "PKINIT certificate not allowed to "
423 "impersonate principal");
424 goto out;
425 }
426
427 _kdc_r_log(r, 4, "PKINIT pre-authentication succeeded -- %s using %s",
428 r->cname, client_cert);
429 free(client_cert);
430
431 ret = _kdc_pk_mk_pa_reply(r, pkp);
432 if (ret) {
433 _kdc_set_e_text(r, "Failed to build PK-INIT reply");
434 goto out;
435 }
436 #if 0
437 ret = _kdc_add_initial_verified_cas(r->context, r->config,
438 pkp, &r->et);
439 #endif
440 out:
441 if (pkp)
442 _kdc_pk_free_client_param(r->context, pkp);
443
444 return ret;
445 }
446
447 #endif /* PKINIT */
448
449 /*
450 *
451 */
452
453 static krb5_error_code
454 make_pa_enc_challange(astgs_request_t r, krb5_crypto crypto)
455 {
456 krb5_context context = r->context;
457 METHOD_DATA *md = &r->outpadata;
458 PA_ENC_TS_ENC p;
459 unsigned char *buf;
460 size_t buf_size;
461 size_t len;
462 EncryptedData encdata;
463 krb5_error_code ret;
464 int32_t usec;
465 int usec2;
466
467 krb5_us_timeofday (context, &p.patimestamp, &usec);
468 usec2 = usec;
469 p.pausec = &usec2;
470
471 ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
472 if (ret)
473 return ret;
474 if(buf_size != len)
475 krb5_abortx(context, "internal error in ASN.1 encoder");
476
477 ret = krb5_encrypt_EncryptedData(context,
478 crypto,
479 KRB5_KU_ENC_CHALLENGE_KDC,
480 buf,
481 len,
482 0,
483 &encdata);
484 free(buf);
485 if (ret)
486 return ret;
487
488 ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
489 free_EncryptedData(&encdata);
490 if (ret)
491 return ret;
492 if(buf_size != len)
493 krb5_abortx(context, "internal error in ASN.1 encoder");
494
495 ret = krb5_padata_add(context, md, KRB5_PADATA_ENCRYPTED_CHALLENGE, buf, len);
496 if (ret)
497 free(buf);
498 return ret;
499 }
500
501 static krb5_error_code
502 pa_enc_chal_validate(astgs_request_t r, const PA_DATA *pa)
503 {
504 krb5_data pepper1, pepper2, ts_data;
505 int invalidPassword = 0;
506 EncryptedData enc_data;
507 krb5_enctype aenctype;
508 krb5_error_code ret;
509 struct Key *k;
510 size_t size;
511 int i;
512
513 heim_assert(r->armor_crypto != NULL, "ENC-CHAL called for non FAST");
514
515 if (_kdc_is_anon_request(&r->req)) {
516 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
517 kdc_log(r->context, r->config, 4, "ENC-CHALL doesn't support anon");
518 return ret;
519 }
520
521 ret = decode_EncryptedData(pa->padata_value.data,
522 pa->padata_value.length,
523 &enc_data,
524 &size);
525 if (ret) {
526 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
527 _kdc_r_log(r, 4, "Failed to decode PA-DATA -- %s",
528 r->cname);
529 return ret;
530 }
531
532 pepper1.data = "clientchallengearmor";
533 pepper1.length = strlen(pepper1.data);
534 pepper2.data = "challengelongterm";
535 pepper2.length = strlen(pepper2.data);
536
537 krb5_crypto_getenctype(r->context, r->armor_crypto, &aenctype);
538
539 for (i = 0; i < r->client->entry.keys.len; i++) {
540 krb5_crypto challangecrypto, longtermcrypto;
541 krb5_keyblock challangekey;
542 PA_ENC_TS_ENC p;
543
544 k = &r->client->entry.keys.val[i];
545
546 ret = krb5_crypto_init(r->context, &k->key, 0, &longtermcrypto);
547 if (ret)
548 continue;
549
550 ret = krb5_crypto_fx_cf2(r->context, r->armor_crypto, longtermcrypto,
551 &pepper1, &pepper2, aenctype,
552 &challangekey);
553 krb5_crypto_destroy(r->context, longtermcrypto);
554 if (ret)
555 continue;
556
557 ret = krb5_crypto_init(r->context, &challangekey, 0,
558 &challangecrypto);
559 if (ret)
560 continue;
561
562 ret = krb5_decrypt_EncryptedData(r->context, challangecrypto,
563 KRB5_KU_ENC_CHALLENGE_CLIENT,
564 &enc_data,
565 &ts_data);
566 if (ret) {
567 const char *msg = krb5_get_error_message(r->context, ret);
568 krb5_error_code ret2;
569 char *str = NULL;
570
571 invalidPassword = 1;
572
573 ret2 = krb5_enctype_to_string(r->context, k->key.keytype, &str);
574 if (ret2)
575 str = NULL;
576 _kdc_r_log(r, 4, "Failed to decrypt ENC-CHAL -- %s "
577 "(enctype %s) error %s",
578 r->cname, str ? str : "unknown enctype", msg);
579 krb5_free_error_message(r->context, msg);
580 free(str);
581
582 continue;
583 }
584
585 ret = decode_PA_ENC_TS_ENC(ts_data.data,
586 ts_data.length,
587 &p,
588 &size);
589 krb5_data_free(&ts_data);
590 if(ret){
591 krb5_crypto_destroy(r->context, challangecrypto);
592 ret = KRB5KDC_ERR_PREAUTH_FAILED;
593 _kdc_r_log(r, 4, "Failed to decode PA-ENC-TS_ENC -- %s",
594 r->cname);
595 continue;
596 }
597
598 if (labs(kdc_time - p.patimestamp) > r->context->max_skew) {
599 char client_time[100];
600
601 krb5_crypto_destroy(r->context, challangecrypto);
602
603 krb5_format_time(r->context, p.patimestamp,
604 client_time, sizeof(client_time), TRUE);
605
606 ret = KRB5KRB_AP_ERR_SKEW;
607 _kdc_r_log(r, 4, "Too large time skew, "
608 "client time %s is out by %u > %u seconds -- %s",
609 client_time,
610 (unsigned)labs(kdc_time - p.patimestamp),
611 r->context->max_skew,
612 r->cname);
613
614 free_PA_ENC_TS_ENC(&p);
615 goto out;
616 }
617
618 free_PA_ENC_TS_ENC(&p);
619
620 ret = make_pa_enc_challange(r, challangecrypto);
621 krb5_crypto_destroy(r->context, challangecrypto);
622 if (ret)
623 goto out;
624
625 set_salt_padata(&r->outpadata, k->salt);
626 krb5_free_keyblock_contents(r->context, &r->reply_key);
627 ret = krb5_copy_keyblock_contents(r->context, &k->key, &r->reply_key);
628 if (ret)
629 goto out;
630
631 /*
632 * Success
633 */
634 if (r->clientdb->hdb_auth_status)
635 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
636 HDB_AUTH_SUCCESS);
637 goto out;
638 }
639
640 if (invalidPassword && r->clientdb->hdb_auth_status) {
641 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
642 HDB_AUTH_WRONG_PASSWORD);
643 ret = KRB5KDC_ERR_PREAUTH_FAILED;
644 }
645 out:
646 free_EncryptedData(&enc_data);
647
648 return ret;
649 }
650
651 static krb5_error_code
652 pa_enc_ts_validate(astgs_request_t r, const PA_DATA *pa)
653 {
654 EncryptedData enc_data;
655 krb5_error_code ret;
656 krb5_crypto crypto;
657 krb5_data ts_data;
658 PA_ENC_TS_ENC p;
659 size_t len;
660 Key *pa_key;
661 char *str;
662
663 ret = decode_EncryptedData(pa->padata_value.data,
664 pa->padata_value.length,
665 &enc_data,
666 &len);
667 if (ret) {
668 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
669 _kdc_r_log(r, 4, "Failed to decode PA-DATA -- %s",
670 r->cname);
671 goto out;
672 }
673
674 ret = hdb_enctype2key(r->context, &r->client->entry, NULL,
675 enc_data.etype, &pa_key);
676 if(ret){
677 char *estr;
678 _kdc_set_e_text(r, "No key matching entype");
679 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
680 if(krb5_enctype_to_string(r->context, enc_data.etype, &estr))
681 estr = NULL;
682 if(estr == NULL)
683 _kdc_r_log(r, 4,
684 "No client key matching pa-data (%d) -- %s",
685 enc_data.etype, r->cname);
686 else
687 _kdc_r_log(r, 4,
688 "No client key matching pa-data (%s) -- %s",
689 estr, r->cname);
690 free(estr);
691 free_EncryptedData(&enc_data);
692 goto out;
693 }
694
695 try_next_key:
696 ret = krb5_crypto_init(r->context, &pa_key->key, 0, &crypto);
697 if (ret) {
698 const char *msg = krb5_get_error_message(r->context, ret);
699 _kdc_r_log(r, 4, "krb5_crypto_init failed: %s", msg);
700 krb5_free_error_message(r->context, msg);
701 free_EncryptedData(&enc_data);
702 goto out;
703 }
704
705 ret = krb5_decrypt_EncryptedData (r->context,
706 crypto,
707 KRB5_KU_PA_ENC_TIMESTAMP,
708 &enc_data,
709 &ts_data);
710 krb5_crypto_destroy(r->context, crypto);
711 /*
712 * Since the user might have several keys with the same
713 * enctype but with diffrent salting, we need to try all
714 * the keys with the same enctype.
715 */
716 if(ret){
717 krb5_error_code ret2;
718 const char *msg = krb5_get_error_message(r->context, ret);
719
720 ret2 = krb5_enctype_to_string(r->context,
721 pa_key->key.keytype, &str);
722 if (ret2)
723 str = NULL;
724 _kdc_r_log(r, 4, "Failed to decrypt PA-DATA -- %s "
725 "(enctype %s) error %s",
726 r->cname, str ? str : "unknown enctype", msg);
727 krb5_free_error_message(r->context, msg);
728 free(str);
729
730 if(hdb_next_enctype2key(r->context, &r->client->entry, NULL,
731 enc_data.etype, &pa_key) == 0)
732 goto try_next_key;
733
734 free_EncryptedData(&enc_data);
735
736 if (r->clientdb->hdb_auth_status)
737 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
738 HDB_AUTH_WRONG_PASSWORD);
739
740 ret = KRB5KDC_ERR_PREAUTH_FAILED;
741 goto out;
742 }
743 free_EncryptedData(&enc_data);
744 ret = decode_PA_ENC_TS_ENC(ts_data.data,
745 ts_data.length,
746 &p,
747 &len);
748 krb5_data_free(&ts_data);
749 if(ret){
750 ret = KRB5KDC_ERR_PREAUTH_FAILED;
751 _kdc_r_log(r, 4, "Failed to decode PA-ENC-TS_ENC -- %s",
752 r->cname);
753 goto out;
754 }
755 if (labs(kdc_time - p.patimestamp) > r->context->max_skew) {
756 char client_time[100];
757
758 krb5_format_time(r->context, p.patimestamp,
759 client_time, sizeof(client_time), TRUE);
760
761 ret = KRB5KRB_AP_ERR_SKEW;
762 _kdc_r_log(r, 4, "Too large time skew, "
763 "client time %s is out by %u > %u seconds -- %s",
764 client_time,
765 (unsigned)labs(kdc_time - p.patimestamp),
766 r->context->max_skew,
767 r->cname);
768
769 /*
770 * The following is needed to make windows clients to
771 * retry using the timestamp in the error message, if
772 * there is a e_text, they become unhappy.
773 */
774 r->e_text = NULL;
775 free_PA_ENC_TS_ENC(&p);
776 goto out;
777 }
778 free_PA_ENC_TS_ENC(&p);
779
780 set_salt_padata(&r->outpadata, pa_key->salt);
781
782 ret = krb5_copy_keyblock_contents(r->context, &pa_key->key, &r->reply_key);
783 if (ret)
784 return ret;
785
786 ret = krb5_enctype_to_string(r->context, pa_key->key.keytype, &str);
787 if (ret)
788 str = NULL;
789 _kdc_r_log(r, 4, "ENC-TS Pre-authentication succeeded -- %s using %s",
790 r->cname, str ? str : "unknown enctype");
791 _kdc_audit_addkv((kdc_request_t)r, 0, "pa-etype", "%d",
792 (int)pa_key->key.keytype);
793 free(str);
794
795 ret = 0;
796
797 out:
798
799 return ret;
800 }
801
802 struct kdc_patypes {
803 int type;
804 char *name;
805 unsigned int flags;
806 #define PA_ANNOUNCE 1
807 #define PA_REQ_FAST 2 /* only use inside fast */
808 krb5_error_code (*validate)(astgs_request_t, const PA_DATA *pa);
809 };
810
811 static const struct kdc_patypes pat[] = {
812 #ifdef PKINIT
813 {
814 KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)", PA_ANNOUNCE,
815 pa_pkinit_validate
816 },
817 {
818 KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", PA_ANNOUNCE,
819 pa_pkinit_validate
820 },
821 {
822 KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", PA_ANNOUNCE,
823 NULL
824 },
825 #else
826 { KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)", 0, NULL },
827 { KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", 0, NULL },
828 { KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", 0, NULL },
829 #endif
830 { KRB5_PADATA_PA_PK_OCSP_RESPONSE , "OCSP", 0, NULL },
831 {
832 KRB5_PADATA_ENC_TIMESTAMP , "ENC-TS",
833 PA_ANNOUNCE,
834 pa_enc_ts_validate
835 },
836 {
837 KRB5_PADATA_ENCRYPTED_CHALLENGE , "ENC-CHAL",
838 PA_ANNOUNCE | PA_REQ_FAST,
839 pa_enc_chal_validate
840 },
841 { KRB5_PADATA_REQ_ENC_PA_REP , "REQ-ENC-PA-REP", 0, NULL },
842 { KRB5_PADATA_FX_FAST, "FX-FAST", PA_ANNOUNCE, NULL },
843 { KRB5_PADATA_FX_ERROR, "FX-ERROR", 0, NULL },
844 { KRB5_PADATA_FX_COOKIE, "FX-COOKIE", 0, NULL }
845 };
846
847 static void
848 log_patypes(astgs_request_t r, METHOD_DATA *padata)
849 {
850 krb5_context context = r->context;
851 krb5_kdc_configuration *config = r->config;
852 struct rk_strpool *p = NULL;
853 char *str;
854 size_t n, m;
855
856 for (n = 0; n < padata->len; n++) {
857 for (m = 0; m < sizeof(pat) / sizeof(pat[0]); m++) {
858 if (padata->val[n].padata_type == pat[m].type) {
859 p = rk_strpoolprintf(p, "%s", pat[m].name);
860 break;
861 }
862 }
863 if (m == sizeof(pat) / sizeof(pat[0]))
864 p = rk_strpoolprintf(p, "%d", padata->val[n].padata_type);
865 if (p && n + 1 < padata->len)
866 p = rk_strpoolprintf(p, ", ");
867 if (p == NULL) {
868 kdc_log(context, config, 1, "out of memory");
869 return;
870 }
871 }
872 if (p == NULL)
873 p = rk_strpoolprintf(p, "none");
874
875 str = rk_strpoolcollect(p);
876 kdc_log(context, config, 4, "Client sent patypes: %s", str);
877 _kdc_audit_addkv((kdc_request_t)r, KDC_AUDIT_EATWHITE,
878 "client-pa", "%s", str);
879 free(str);
880 }
881
882 /*
883 *
884 */
885
886 krb5_error_code
887 _kdc_encode_reply(krb5_context context,
888 krb5_kdc_configuration *config,
889 krb5_crypto armor_crypto, uint32_t nonce,
890 KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
891 krb5_enctype etype,
892 int skvno, const EncryptionKey *skey,
893 int ckvno, const EncryptionKey *reply_key,
894 int rk_is_subkey,
895 const char **e_text,
896 krb5_data *reply)
897 {
898 unsigned char *buf;
899 size_t buf_size;
900 size_t len = 0;
901 krb5_error_code ret;
902 krb5_crypto crypto;
903
904 ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
905 if(ret) {
906 const char *msg = krb5_get_error_message(context, ret);
907 kdc_log(context, config, 4, "Failed to encode ticket: %s", msg);
908 krb5_free_error_message(context, msg);
909 return ret;
910 }
911 if(buf_size != len)
912 krb5_abortx(context, "Internal error in ASN.1 encoder");
913
914 ret = krb5_crypto_init(context, skey, etype, &crypto);
915 if (ret) {
916 const char *msg = krb5_get_error_message(context, ret);
917 kdc_log(context, config, 4, "krb5_crypto_init failed: %s", msg);
918 krb5_free_error_message(context, msg);
919 free(buf);
920 return ret;
921 }
922
923 ret = krb5_encrypt_EncryptedData(context,
924 crypto,
925 KRB5_KU_TICKET,
926 buf,
927 len,
928 skvno,
929 &rep->ticket.enc_part);
930 free(buf);
931 krb5_crypto_destroy(context, crypto);
932 if(ret) {
933 const char *msg = krb5_get_error_message(context, ret);
934 kdc_log(context, config, 4, "Failed to encrypt data: %s", msg);
935 krb5_free_error_message(context, msg);
936 return ret;
937 }
938
939 if (armor_crypto) {
940 krb5_data data;
941 krb5_keyblock *strengthen_key = NULL;
942 KrbFastFinished finished;
943
944 kdc_log(context, config, 4, "FAST armor protection");
945
946 memset(&finished, 0, sizeof(finished));
947 krb5_data_zero(&data);
948
949 finished.timestamp = kdc_time;
950 finished.usec = 0;
951 finished.crealm = et->crealm;
952 finished.cname = et->cname;
953
954 ASN1_MALLOC_ENCODE(Ticket, data.data, data.length,
955 &rep->ticket, &len, ret);
956 if (ret)
957 return ret;
958 if (data.length != len)
959 krb5_abortx(context, "internal asn.1 error");
960
961 ret = krb5_create_checksum(context, armor_crypto,
962 KRB5_KU_FAST_FINISHED, 0,
963 data.data, data.length,
964 &finished.ticket_checksum);
965 krb5_data_free(&data);
966 if (ret)
967 return ret;
968
969 ret = _kdc_fast_mk_response(context, armor_crypto,
970 rep->padata, strengthen_key, &finished,
971 nonce, &data);
972 free_Checksum(&finished.ticket_checksum);
973 if (ret)
974 return ret;
975
976 if (rep->padata) {
977 free_METHOD_DATA(rep->padata);
978 } else {
979 rep->padata = calloc(1, sizeof(*(rep->padata)));
980 if (rep->padata == NULL) {
981 krb5_data_free(&data);
982 return ENOMEM;
983 }
984 }
985
986 ret = krb5_padata_add(context, rep->padata,
987 KRB5_PADATA_FX_FAST,
988 data.data, data.length);
989 if (ret)
990 return ret;
991
992 /*
993 * Hide client name of privacy reasons
994 */
995 if (1 /* r->fast_options.hide_client_names */) {
996 rep->crealm[0] = '\0';
997 free_PrincipalName(&rep->cname);
998 rep->cname.name_type = 0;
999 }
1000 }
1001
1002 if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep)
1003 ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
1004 else
1005 ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
1006 if(ret) {
1007 const char *msg = krb5_get_error_message(context, ret);
1008 kdc_log(context, config, 4, "Failed to encode KDC-REP: %s", msg);
1009 krb5_free_error_message(context, msg);
1010 return ret;
1011 }
1012 if(buf_size != len) {
1013 free(buf);
1014 kdc_log(context, config, 4, "Internal error in ASN.1 encoder");
1015 *e_text = "KDC internal error";
1016 return KRB5KRB_ERR_GENERIC;
1017 }
1018 ret = krb5_crypto_init(context, reply_key, 0, &crypto);
1019 if (ret) {
1020 const char *msg = krb5_get_error_message(context, ret);
1021 free(buf);
1022 kdc_log(context, config, 4, "krb5_crypto_init failed: %s", msg);
1023 krb5_free_error_message(context, msg);
1024 return ret;
1025 }
1026 if(rep->msg_type == krb_as_rep) {
1027 krb5_encrypt_EncryptedData(context,
1028 crypto,
1029 KRB5_KU_AS_REP_ENC_PART,
1030 buf,
1031 len,
1032 ckvno,
1033 &rep->enc_part);
1034 free(buf);
1035 ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
1036 } else {
1037 krb5_encrypt_EncryptedData(context,
1038 crypto,
1039 rk_is_subkey ? KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : KRB5_KU_TGS_REP_ENC_PART_SESSION,
1040 buf,
1041 len,
1042 ckvno,
1043 &rep->enc_part);
1044 free(buf);
1045 ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
1046 }
1047 krb5_crypto_destroy(context, crypto);
1048 if(ret) {
1049 const char *msg = krb5_get_error_message(context, ret);
1050 kdc_log(context, config, 4, "Failed to encode KDC-REP: %s", msg);
1051 krb5_free_error_message(context, msg);
1052 return ret;
1053 }
1054 if(buf_size != len) {
1055 free(buf);
1056 kdc_log(context, config, 4, "Internal error in ASN.1 encoder");
1057 *e_text = "KDC internal error";
1058 return KRB5KRB_ERR_GENERIC;
1059 }
1060 reply->data = buf;
1061 reply->length = buf_size;
1062 return 0;
1063 }
1064
1065 /*
1066 * Return 1 if the client have only older enctypes, this is for
1067 * determining if the server should send ETYPE_INFO2 or not.
1068 */
1069
1070 static int
1071 older_enctype(krb5_enctype enctype)
1072 {
1073 switch (enctype) {
1074 case ETYPE_DES_CBC_CRC:
1075 case ETYPE_DES_CBC_MD4:
1076 case ETYPE_DES_CBC_MD5:
1077 case ETYPE_DES3_CBC_SHA1:
1078 case ETYPE_ARCFOUR_HMAC_MD5:
1079 case ETYPE_ARCFOUR_HMAC_MD5_56:
1080 /*
1081 * The following three is "old" windows enctypes and is needed for
1082 * windows 2000 hosts.
1083 */
1084 case ETYPE_ARCFOUR_MD4:
1085 case ETYPE_ARCFOUR_HMAC_OLD:
1086 case ETYPE_ARCFOUR_HMAC_OLD_EXP:
1087 return 1;
1088 default:
1089 return 0;
1090 }
1091 }
1092
1093 /*
1094 *
1095 */
1096
1097 static krb5_error_code
1098 make_etype_info_entry(krb5_context context,
1099 ETYPE_INFO_ENTRY *ent,
1100 Key *key,
1101 krb5_boolean include_salt)
1102 {
1103 ent->etype = key->key.keytype;
1104 if (key->salt && include_salt){
1105 #if 0
1106 ALLOC(ent->salttype);
1107
1108 if(key->salt->type == hdb_pw_salt)
1109 *ent->salttype = 0; /* or 1? or NULL? */
1110 else if(key->salt->type == hdb_afs3_salt)
1111 *ent->salttype = 2;
1112 else {
1113 kdc_log(context, config, 4, "unknown salt-type: %d",
1114 key->salt->type);
1115 return KRB5KRB_ERR_GENERIC;
1116 }
1117 /* according to `the specs', we can't send a salt if
1118 we have AFS3 salted key, but that requires that you
1119 *know* what cell you are using (e.g by assuming
1120 that the cell is the same as the realm in lower
1121 case) */
1122 #elif 0
1123 ALLOC(ent->salttype);
1124 *ent->salttype = key->salt->type;
1125 #else
1126 /*
1127 * We shouldn't sent salttype since it is incompatible with the
1128 * specification and it breaks windows clients. The afs
1129 * salting problem is solved by using KRB5-PADATA-AFS3-SALT
1130 * implemented in Heimdal 0.7 and later.
1131 */
1132 ent->salttype = NULL;
1133 #endif
1134 krb5_copy_data(context, &key->salt->salt,
1135 &ent->salt);
1136 } else {
1137 /* we return no salt type at all, as that should indicate
1138 * the default salt type and make everybody happy. some
1139 * systems (like w2k) dislike being told the salt type
1140 * here. */
1141
1142 ent->salttype = NULL;
1143 ent->salt = NULL;
1144 }
1145 return 0;
1146 }
1147
1148 static krb5_error_code
1149 get_pa_etype_info(krb5_context context,
1150 krb5_kdc_configuration *config,
1151 METHOD_DATA *md, Key *ckey,
1152 krb5_boolean include_salt)
1153 {
1154 krb5_error_code ret = 0;
1155 ETYPE_INFO pa;
1156 unsigned char *buf;
1157 size_t len;
1158
1159
1160 pa.len = 1;
1161 pa.val = calloc(1, sizeof(pa.val[0]));
1162 if(pa.val == NULL)
1163 return ENOMEM;
1164
1165 ret = make_etype_info_entry(context, &pa.val[0], ckey, include_salt);
1166 if (ret) {
1167 free_ETYPE_INFO(&pa);
1168 return ret;
1169 }
1170
1171 ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
1172 free_ETYPE_INFO(&pa);
1173 if(ret)
1174 return ret;
1175 ret = realloc_method_data(md);
1176 if(ret) {
1177 free(buf);
1178 return ret;
1179 }
1180 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO;
1181 md->val[md->len - 1].padata_value.length = len;
1182 md->val[md->len - 1].padata_value.data = buf;
1183 return 0;
1184 }
1185
1186 /*
1187 *
1188 */
1189
1190 extern int _krb5_AES_SHA1_string_to_default_iterator;
1191 extern int _krb5_AES_SHA2_string_to_default_iterator;
1192
1193 static krb5_error_code
1194 make_s2kparams(int value, size_t len, krb5_data **ps2kparams)
1195 {
1196 krb5_data *s2kparams;
1197 krb5_error_code ret;
1198
1199 ALLOC(s2kparams);
1200 if (s2kparams == NULL)
1201 return ENOMEM;
1202 ret = krb5_data_alloc(s2kparams, len);
1203 if (ret) {
1204 free(s2kparams);
1205 return ret;
1206 }
1207 _krb5_put_int(s2kparams->data, value, len);
1208 *ps2kparams = s2kparams;
1209 return 0;
1210 }
1211
1212 static krb5_error_code
1213 make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent,
1214 Key *key,
1215 krb5_boolean include_salt)
1216 {
1217 krb5_error_code ret;
1218
1219 ent->etype = key->key.keytype;
1220 if (key->salt && include_salt) {
1221 ALLOC(ent->salt);
1222 if (ent->salt == NULL)
1223 return ENOMEM;
1224 *ent->salt = malloc(key->salt->salt.length + 1);
1225 if (*ent->salt == NULL) {
1226 free(ent->salt);
1227 ent->salt = NULL;
1228 return ENOMEM;
1229 }
1230 memcpy(*ent->salt, key->salt->salt.data, key->salt->salt.length);
1231 (*ent->salt)[key->salt->salt.length] = '\0';
1232 } else
1233 ent->salt = NULL;
1234
1235 ent->s2kparams = NULL;
1236
1237 switch (key->key.keytype) {
1238 case ETYPE_AES128_CTS_HMAC_SHA1_96:
1239 case ETYPE_AES256_CTS_HMAC_SHA1_96:
1240 ret = make_s2kparams(_krb5_AES_SHA1_string_to_default_iterator,
1241 4, &ent->s2kparams);
1242 break;
1243 case KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128:
1244 case KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192:
1245 ret = make_s2kparams(_krb5_AES_SHA2_string_to_default_iterator,
1246 4, &ent->s2kparams);
1247 break;
1248 case ETYPE_DES_CBC_CRC:
1249 case ETYPE_DES_CBC_MD4:
1250 case ETYPE_DES_CBC_MD5:
1251 /* Check if this was a AFS3 salted key */
1252 if(key->salt && key->salt->type == hdb_afs3_salt)
1253 ret = make_s2kparams(1, 1, &ent->s2kparams);
1254 else
1255 ret = 0;
1256 break;
1257 default:
1258 ret = 0;
1259 break;
1260 }
1261 return ret;
1262 }
1263
1264 /*
1265 * Return an ETYPE-INFO2. Enctypes are storted the same way as in the
1266 * database (client supported enctypes first, then the unsupported
1267 * enctypes).
1268 */
1269
1270 static krb5_error_code
1271 get_pa_etype_info2(krb5_context context,
1272 krb5_kdc_configuration *config,
1273 METHOD_DATA *md, Key *ckey,
1274 krb5_boolean include_salt)
1275 {
1276 krb5_error_code ret = 0;
1277 ETYPE_INFO2 pa;
1278 unsigned char *buf;
1279 size_t len;
1280
1281 pa.len = 1;
1282 pa.val = calloc(1, sizeof(pa.val[0]));
1283 if(pa.val == NULL)
1284 return ENOMEM;
1285
1286 ret = make_etype_info2_entry(&pa.val[0], ckey, include_salt);
1287 if (ret) {
1288 free_ETYPE_INFO2(&pa);
1289 return ret;
1290 }
1291
1292 ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret);
1293 free_ETYPE_INFO2(&pa);
1294 if(ret)
1295 return ret;
1296 ret = realloc_method_data(md);
1297 if(ret) {
1298 free(buf);
1299 return ret;
1300 }
1301 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO2;
1302 md->val[md->len - 1].padata_value.length = len;
1303 md->val[md->len - 1].padata_value.data = buf;
1304 return 0;
1305 }
1306
1307 static int
1308 newer_enctype_present(struct KDC_REQ_BODY_etype *etype_list)
1309 {
1310 size_t i;
1311
1312 for (i = 0; i < etype_list->len; i++) {
1313 if (!older_enctype(etype_list->val[i]))
1314 return 1;
1315 }
1316 return 0;
1317 }
1318
1319 static krb5_error_code
1320 get_pa_etype_info_both(krb5_context context,
1321 krb5_kdc_configuration *config,
1322 struct KDC_REQ_BODY_etype *etype_list,
1323 METHOD_DATA *md, Key *ckey,
1324 krb5_boolean include_salt)
1325 {
1326 krb5_error_code ret;
1327
1328 /*
1329 * RFC4120 requires:
1330 * When the AS server is to include pre-authentication data in a
1331 * KRB-ERROR or in an AS-REP, it MUST use PA-ETYPE-INFO2, not
1332 * PA-ETYPE-INFO, if the etype field of the client's AS-REQ lists
1333 * at least one "newer" encryption type. Otherwise (when the etype
1334 * field of the client's AS-REQ does not list any "newer" encryption
1335 * types), it MUST send both PA-ETYPE-INFO2 and PA-ETYPE-INFO (both
1336 * with an entry for each enctype). A "newer" enctype is any enctype
1337 * first officially specified concurrently with or subsequent to the
1338 * issue of this RFC. The enctypes DES, 3DES, or RC4 and any defined
1339 * in [RFC1510] are not "newer" enctypes.
1340 *
1341 * It goes on to state:
1342 * The preferred ordering of the "hint" pre-authentication data that
1343 * affect client key selection is: ETYPE-INFO2, followed by ETYPE-INFO,
1344 * followed by PW-SALT. As noted in Section 3.1.3, a KDC MUST NOT send
1345 * ETYPE-INFO or PW-SALT when the client's AS-REQ includes at least one
1346 * "newer" etype.
1347 */
1348
1349 ret = get_pa_etype_info2(context, config, md, ckey, include_salt);
1350 if (ret)
1351 return ret;
1352
1353 if (!newer_enctype_present(etype_list))
1354 ret = get_pa_etype_info(context, config, md, ckey, include_salt);
1355
1356 return ret;
1357 }
1358
1359 /*
1360 *
1361 */
1362
1363 void
1364 _log_astgs_req(astgs_request_t r, krb5_enctype setype)
1365 {
1366 krb5_context context = r->context;
1367 const KDC_REQ_BODY *b = &r->req.req_body;
1368 krb5_enctype cetype = r->reply_key.keytype;
1369 krb5_error_code ret;
1370 struct rk_strpool *p;
1371 struct rk_strpool *s = NULL;
1372 char *str;
1373 char *cet;
1374 char *set;
1375 size_t i;
1376
1377 /*
1378 * we are collecting ``p'' and ``s''. The former is a textual
1379 * representation of the enctypes as strings which will be used
1380 * for debugging. The latter is a terse comma separated list of
1381 * the %d's of the enctypes to emit into our audit trail to
1382 * conserve space in the logs.
1383 */
1384
1385 p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: ");
1386
1387 for (i = 0; i < b->etype.len; i++) {
1388 ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
1389 if (ret == 0) {
1390 p = rk_strpoolprintf(p, "%s", str);
1391 free(str);
1392 } else
1393 p = rk_strpoolprintf(p, "%d", b->etype.val[i]);
1394 if (p == NULL) {
1395 rk_strpoolfree(s);
1396 _kdc_r_log(r, 4, "out of memory");
1397 return;
1398 }
1399 s = rk_strpoolprintf(s, "%d", b->etype.val[i]);
1400 if (i + 1 < b->etype.len) {
1401 p = rk_strpoolprintf(p, ", ");
1402 s = rk_strpoolprintf(s, ",");
1403 }
1404 }
1405 if (p == NULL)
1406 p = rk_strpoolprintf(p, "no encryption types");
1407
1408 str = rk_strpoolcollect(s);
1409 if (str)
1410 _kdc_audit_addkv((kdc_request_t)r, 0, "etypes", "%s", str);
1411 free(str);
1412
1413 ret = krb5_enctype_to_string(context, cetype, &cet);
1414 if(ret == 0) {
1415 ret = krb5_enctype_to_string(context, setype, &set);
1416 if (ret == 0) {
1417 p = rk_strpoolprintf(p, ", using %s/%s", cet, set);
1418 free(set);
1419 }
1420 free(cet);
1421 }
1422 if (ret != 0)
1423 p = rk_strpoolprintf(p, ", using enctypes %d/%d",
1424 cetype, setype);
1425
1426 str = rk_strpoolcollect(p);
1427 if (str)
1428 _kdc_r_log(r, 4, "%s", str);
1429 free(str);
1430
1431 _kdc_audit_addkv((kdc_request_t)r, 0, "etype", "%d/%d", cetype, setype);
1432
1433 {
1434 char fixedstr[128];
1435
1436 unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(),
1437 fixedstr, sizeof(fixedstr));
1438 if (*fixedstr) {
1439 _kdc_r_log(r, 4, "Requested flags: %s", fixedstr);
1440 _kdc_audit_addkv((kdc_request_t)r, KDC_AUDIT_EATWHITE,
1441 "flags", "%s", fixedstr);
1442 }
1443 }
1444 }
1445
1446 /*
1447 * verify the flags on `client' and `server', returning 0
1448 * if they are OK and generating an error messages and returning
1449 * and error code otherwise.
1450 */
1451
1452 krb5_error_code
1453 kdc_check_flags(astgs_request_t r, krb5_boolean is_as_req)
1454 {
1455 krb5_context context = r->context;
1456 hdb_entry_ex *client_ex = r->client;
1457 hdb_entry_ex *server_ex = r->server;
1458
1459 if(client_ex != NULL) {
1460 hdb_entry *client = &client_ex->entry;
1461
1462 /* check client */
1463 if (client->flags.locked_out) {
1464 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1465 "Client is locked out");
1466 return KRB5KDC_ERR_POLICY;
1467 }
1468
1469 if (client->flags.invalid) {
1470 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1471 "Client has invalid bit set");
1472 return KRB5KDC_ERR_POLICY;
1473 }
1474
1475 if (!client->flags.client) {
1476 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1477 "Principal may not act as client");
1478 return KRB5KDC_ERR_POLICY;
1479 }
1480
1481 if (client->valid_start && *client->valid_start > kdc_time) {
1482 char starttime_str[100];
1483 krb5_format_time(context, *client->valid_start,
1484 starttime_str, sizeof(starttime_str), TRUE);
1485 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1486 "Client not yet valid until %s", starttime_str);
1487 return KRB5KDC_ERR_CLIENT_NOTYET;
1488 }
1489
1490 if (client->valid_end && *client->valid_end < kdc_time) {
1491 char endtime_str[100];
1492 krb5_format_time(context, *client->valid_end,
1493 endtime_str, sizeof(endtime_str), TRUE);
1494 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1495 "Client expired at %s", endtime_str);
1496 return KRB5KDC_ERR_NAME_EXP;
1497 }
1498
1499 if (client->flags.require_pwchange &&
1500 (server_ex == NULL || !server_ex->entry.flags.change_pw))
1501 return KRB5KDC_ERR_KEY_EXPIRED;
1502
1503 if (client->pw_end && *client->pw_end < kdc_time
1504 && (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
1505 char pwend_str[100];
1506 krb5_format_time(context, *client->pw_end,
1507 pwend_str, sizeof(pwend_str), TRUE);
1508 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1509 "Client's key has expired at %s", pwend_str);
1510 return KRB5KDC_ERR_KEY_EXPIRED;
1511 }
1512 }
1513
1514 /* check server */
1515
1516 if (server_ex != NULL) {
1517 hdb_entry *server = &server_ex->entry;
1518
1519 if (server->flags.locked_out) {
1520 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1521 "Server locked out");
1522 return KRB5KDC_ERR_POLICY;
1523 }
1524 if (server->flags.invalid) {
1525 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1526 "Server has invalid flag set");
1527 return KRB5KDC_ERR_POLICY;
1528 }
1529 if (!server->flags.server) {
1530 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1531 "Principal may not act as server");
1532 return KRB5KDC_ERR_POLICY;
1533 }
1534
1535 if (!is_as_req && server->flags.initial) {
1536 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1537 "AS-REQ is required for server");
1538 return KRB5KDC_ERR_POLICY;
1539 }
1540
1541 if (server->valid_start && *server->valid_start > kdc_time) {
1542 char starttime_str[100];
1543 krb5_format_time(context, *server->valid_start,
1544 starttime_str, sizeof(starttime_str), TRUE);
1545 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1546 "Server not yet valid until %s", starttime_str);
1547 return KRB5KDC_ERR_SERVICE_NOTYET;
1548 }
1549
1550 if (server->valid_end && *server->valid_end < kdc_time) {
1551 char endtime_str[100];
1552 krb5_format_time(context, *server->valid_end,
1553 endtime_str, sizeof(endtime_str), TRUE);
1554 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1555 "Server expired at %s", endtime_str);
1556 return KRB5KDC_ERR_SERVICE_EXP;
1557 }
1558
1559 if (server->pw_end && *server->pw_end < kdc_time) {
1560 char pwend_str[100];
1561 krb5_format_time(context, *server->pw_end,
1562 pwend_str, sizeof(pwend_str), TRUE);
1563 _kdc_audit_addkv((kdc_request_t)r, 0, "reason",
1564 "Server's key has expired at %s", pwend_str);
1565 return KRB5KDC_ERR_KEY_EXPIRED;
1566 }
1567 }
1568 return 0;
1569 }
1570
1571 /*
1572 * Return TRUE if `from' is part of `addresses' taking into consideration
1573 * the configuration variables that tells us how strict we should be about
1574 * these checks
1575 */
1576
1577 krb5_boolean
1578 _kdc_check_addresses(astgs_request_t r, HostAddresses *addresses,
1579 const struct sockaddr *from)
1580 {
1581 krb5_context context = r->context;
1582 krb5_kdc_configuration *config = r->config;
1583 krb5_error_code ret;
1584 krb5_address addr;
1585 krb5_boolean result;
1586 krb5_boolean only_netbios = TRUE;
1587 size_t i;
1588
1589 if(config->check_ticket_addresses == 0)
1590 return TRUE;
1591
1592 if(addresses == NULL)
1593 return config->allow_null_ticket_addresses;
1594
1595 for (i = 0; i < addresses->len; ++i) {
1596 if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
1597 only_netbios = FALSE;
1598 }
1599 }
1600
1601 /* Windows sends it's netbios name, which I can only assume is
1602 * used for the 'allowed workstations' check. This is painful,
1603 * but we still want to check IP addresses if they happen to be
1604 * present.
1605 */
1606
1607 if(only_netbios)
1608 return config->allow_null_ticket_addresses;
1609
1610 ret = krb5_sockaddr2address (context, from, &addr);
1611 if(ret)
1612 return FALSE;
1613
1614 result = krb5_address_search(context, &addr, addresses);
1615 krb5_free_address (context, &addr);
1616 return result;
1617 }
1618
1619 /*
1620 *
1621 */
1622 krb5_error_code
1623 _kdc_check_anon_policy(astgs_request_t r)
1624 {
1625 if (!r->config->allow_anonymous) {
1626 _kdc_audit_addkv((kdc_request_t)r, 0, "reason", "anonymous tickets "
1627 "denied by local policy");
1628 return KRB5KDC_ERR_POLICY;
1629 }
1630
1631 return 0;
1632 }
1633
1634 /*
1635 *
1636 */
1637
1638 static krb5_boolean
1639 send_pac_p(krb5_context context, KDC_REQ *req)
1640 {
1641 krb5_error_code ret;
1642 PA_PAC_REQUEST pacreq;
1643 const PA_DATA *pa;
1644 int i = 0;
1645
1646 pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST);
1647 if (pa == NULL)
1648 return TRUE;
1649
1650 ret = decode_PA_PAC_REQUEST(pa->padata_value.data,
1651 pa->padata_value.length,
1652 &pacreq,
1653 NULL);
1654 if (ret)
1655 return TRUE;
1656 i = pacreq.include_pac;
1657 free_PA_PAC_REQUEST(&pacreq);
1658 if (i == 0)
1659 return FALSE;
1660 return TRUE;
1661 }
1662
1663 /*
1664 *
1665 */
1666
1667 static krb5_error_code
1668 generate_pac(astgs_request_t r, Key *skey)
1669 {
1670 krb5_error_code ret;
1671 krb5_pac p = NULL;
1672 krb5_data data;
1673
1674 ret = _kdc_pac_generate(r->context, r->client, &p);
1675 if (ret) {
1676 _kdc_r_log(r, 4, "PAC generation failed for -- %s",
1677 r->cname);
1678 return ret;
1679 }
1680 if (p == NULL)
1681 return 0;
1682
1683 ret = _krb5_pac_sign(r->context, p, r->et.authtime,
1684 r->client->entry.principal,
1685 &skey->key, /* Server key */
1686 &skey->key, /* FIXME: should be krbtgt key */
1687 &data);
1688 krb5_pac_free(r->context, p);
1689 if (ret) {
1690 _kdc_r_log(r, 4, "PAC signing failed for -- %s",
1691 r->cname);
1692 return ret;
1693 }
1694
1695 ret = _kdc_tkt_add_if_relevant_ad(r->context, &r->et,
1696 KRB5_AUTHDATA_WIN2K_PAC,
1697 &data);
1698 krb5_data_free(&data);
1699
1700 return ret;
1701 }
1702
1703 /*
1704 *
1705 */
1706
1707 krb5_boolean
1708 _kdc_is_anonymous(krb5_context context, krb5_const_principal principal)
1709 {
1710 return krb5_principal_is_anonymous(context, principal, KRB5_ANON_MATCH_ANY);
1711 }
1712
1713 static int
1714 require_preauth_p(astgs_request_t r)
1715 {
1716 return r->config->require_preauth
1717 || r->client->entry.flags.require_preauth
1718 || r->server->entry.flags.require_preauth;
1719 }
1720
1721
1722 /*
1723 *
1724 */
1725
1726 static krb5_error_code
1727 add_enc_pa_rep(astgs_request_t r)
1728 {
1729 krb5_error_code ret;
1730 krb5_crypto crypto;
1731 Checksum checksum;
1732 krb5_data cdata;
1733 size_t len;
1734
1735 ret = krb5_crypto_init(r->context, &r->reply_key, 0, &crypto);
1736 if (ret)
1737 return ret;
1738
1739 ret = krb5_create_checksum(r->context, crypto,
1740 KRB5_KU_AS_REQ, 0,
1741 r->request.data, r->request.length,
1742 &checksum);
1743 krb5_crypto_destroy(r->context, crypto);
1744 if (ret)
1745 return ret;
1746
1747 ASN1_MALLOC_ENCODE(Checksum, cdata.data, cdata.length,
1748 &checksum, &len, ret);
1749 free_Checksum(&checksum);
1750 if (ret)
1751 return ret;
1752 heim_assert(cdata.length == len, "ASN.1 internal error");
1753
1754 if (r->ek.encrypted_pa_data == NULL) {
1755 ALLOC(r->ek.encrypted_pa_data);
1756 if (r->ek.encrypted_pa_data == NULL)
1757 return ENOMEM;
1758 }
1759 ret = krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1760 KRB5_PADATA_REQ_ENC_PA_REP, cdata.data, cdata.length);
1761 if (ret)
1762 return ret;
1763
1764 return krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1765 KRB5_PADATA_FX_FAST, NULL, 0);
1766 }
1767
1768 /*
1769 *
1770 */
1771
1772 krb5_error_code
1773 _kdc_as_rep(astgs_request_t r)
1774 {
1775 krb5_context context = r->context;
1776 krb5_kdc_configuration *config = r->config;
1777 KDC_REQ *req = &r->req;
1778 const char *from = r->from;
1779 KDC_REQ_BODY *b = NULL;
1780 AS_REP rep;
1781 KDCOptions f;
1782 krb5_enctype setype;
1783 krb5_error_code ret = 0;
1784 Key *skey;
1785 int found_pa = 0;
1786 int i, flags = HDB_F_FOR_AS_REQ;
1787 METHOD_DATA error_method;
1788 const PA_DATA *pa;
1789 krb5_boolean is_tgs;
1790 const char *msg;
1791
1792 memset(&rep, 0, sizeof(rep));
1793 error_method.len = 0;
1794 error_method.val = NULL;
1795
1796 /*
1797 * Look for FAST armor and unwrap
1798 */
1799 ret = _kdc_fast_unwrap_request(r);
1800 if (ret) {
1801 _kdc_r_log(r, 1, "FAST unwrap request from %s failed: %d", from, ret);
1802 goto out;
1803 }
1804
1805 b = &req->req_body;
1806 f = b->kdc_options;
1807
1808 if (f.canonicalize)
1809 flags |= HDB_F_CANON;
1810
1811 if (b->sname == NULL) {
1812 ret = KRB5KRB_ERR_GENERIC;
1813 _kdc_set_e_text(r, "No server in request");
1814 goto out;
1815 }
1816
1817 ret = _krb5_principalname2krb5_principal(context, &r->server_princ,
1818 *(b->sname), b->realm);
1819 if (!ret)
1820 ret = krb5_unparse_name(context, r->server_princ, &r->sname);
1821 if (ret) {
1822 kdc_log(context, config, 2,
1823 "AS_REQ malformed server name from %s", from);
1824 goto out;
1825 }
1826
1827 if (b->cname == NULL) {
1828 ret = KRB5KRB_ERR_GENERIC;
1829 _kdc_set_e_text(r, "No client in request");
1830 goto out;
1831 }
1832
1833 ret = _krb5_principalname2krb5_principal(context, &r->client_princ,
1834 *(b->cname), b->realm);
1835 if (!ret)
1836 ret = krb5_unparse_name(context, r->client_princ, &r->cname);
1837 if (ret) {
1838 kdc_log(context, config, 2,
1839 "AS-REQ malformed client name from %s", from);
1840 goto out;
1841 }
1842
1843 kdc_log(context, config, 4, "AS-REQ %s from %s for %s",
1844 r->cname, r->from, r->sname);
1845
1846 is_tgs = krb5_principal_is_krbtgt(context, r->server_princ);
1847
1848 if (_kdc_is_anonymous(context, r->client_princ) &&
1849 !_kdc_is_anon_request(req)) {
1850 kdc_log(context, config, 2, "Anonymous client w/o anonymous flag");
1851 ret = KRB5KDC_ERR_BADOPTION;
1852 goto out;
1853 }
1854
1855 ret = _kdc_db_fetch(context, config, r->client_princ,
1856 HDB_F_GET_CLIENT | flags, NULL,
1857 &r->clientdb, &r->client);
1858 switch (ret) {
1859 case 0: /* Success */
1860 break;
1861 case HDB_ERR_NOT_FOUND_HERE:
1862 kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy",
1863 r->cname);
1864 goto out;
1865 case HDB_ERR_WRONG_REALM: {
1866 char *fixed_client_name = NULL;
1867
1868 ret = krb5_unparse_name(context, r->client->entry.principal,
1869 &fixed_client_name);
1870 if (ret) {
1871 goto out;
1872 }
1873
1874 kdc_log(context, config, 4, "WRONG_REALM - %s -> %s",
1875 r->cname, fixed_client_name);
1876 free(fixed_client_name);
1877
1878 ret = _kdc_fast_mk_error(r, &error_method, r->armor_crypto,
1879 &req->req_body, KRB5_KDC_ERR_WRONG_REALM,
1880 NULL, r->server_princ, NULL,
1881 &r->client->entry.principal->realm,
1882 NULL, NULL, r->reply);
1883 goto out;
1884 }
1885 default:
1886 msg = krb5_get_error_message(context, ret);
1887 kdc_log(context, config, 4, "UNKNOWN -- %s: %s", r->cname, msg);
1888 krb5_free_error_message(context, msg);
1889 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1890 goto out;
1891 }
1892 ret = _kdc_db_fetch(context, config, r->server_princ,
1893 HDB_F_GET_SERVER | flags | (is_tgs ? HDB_F_GET_KRBTGT : 0),
1894 NULL, NULL, &r->server);
1895 switch (ret) {
1896 case 0: /* Success */
1897 break;
1898 case HDB_ERR_NOT_FOUND_HERE:
1899 kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy",
1900 r->sname);
1901 goto out;
1902 default:
1903 msg = krb5_get_error_message(context, ret);
1904 kdc_log(context, config, 4, "UNKNOWN -- %s: %s", r->sname, msg);
1905 krb5_free_error_message(context, msg);
1906 ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
1907 goto out;
1908 }
1909
1910 /*
1911 * Select a session enctype from the list of the crypto system
1912 * supported enctypes that is supported by the client and is one of
1913 * the enctype of the enctype of the service (likely krbtgt).
1914 *
1915 * The latter is used as a hint of what enctypes all KDC support,
1916 * to make sure a newer version of KDC won't generate a session
1917 * enctype that an older version of a KDC in the same realm can't
1918 * decrypt.
1919 */
1920
1921 ret = _kdc_find_etype(r, (is_tgs ? KFE_IS_TGS:0) | KFE_USE_CLIENT,
1922 b->etype.val, b->etype.len,
1923 &r->sessionetype, NULL, NULL);
1924 if (ret) {
1925 kdc_log(context, config, 4,
1926 "Client (%s) from %s has no common enctypes with KDC "
1927 "to use for the session key",
1928 r->cname, from);
1929 goto out;
1930 }
1931
1932 /*
1933 * Pre-auth processing
1934 */
1935
1936 if(req->padata){
1937 unsigned int n;
1938
1939 log_patypes(r, req->padata);
1940
1941 /* Check if preauth matching */
1942
1943 for (n = 0; !found_pa && n < sizeof(pat) / sizeof(pat[0]); n++) {
1944 if (pat[n].validate == NULL)
1945 continue;
1946 if (r->armor_crypto == NULL && (pat[n].flags & PA_REQ_FAST))
1947 continue;
1948
1949 kdc_log(context, config, 5,
1950 "Looking for %s pa-data -- %s", pat[n].name, r->cname);
1951 i = 0;
1952 pa = _kdc_find_padata(req, &i, pat[n].type);
1953 if (pa) {
1954 _kdc_audit_addkv((kdc_request_t)r, 0, "pa", "%s", pat[n].name);
1955 ret = pat[n].validate(r, pa);
1956 if (ret != 0) {
1957 krb5_error_code ret2;
1958 Key *ckey = NULL;
1959 krb5_boolean default_salt;
1960
1961 /*
1962 * If there is a client key, send ETYPE_INFO{,2}
1963 */
1964 ret2 = _kdc_find_etype(r, KFE_IS_PREAUTH|KFE_USE_CLIENT,
1965 b->etype.val, b->etype.len,
1966 NULL, &ckey, &default_salt);
1967 if (ret2 == 0) {
1968 ret2 = get_pa_etype_info_both(context, config, &b->etype,
1969 &error_method, ckey, !default_salt);
1970 if (ret2 != 0)
1971 ret = ret2;
1972 }
1973 goto out;
1974 }
1975 kdc_log(context, config, 4,
1976 "%s pre-authentication succeeded -- %s",
1977 pat[n].name, r->cname);
1978 found_pa = 1;
1979 r->et.flags.pre_authent = 1;
1980 }
1981 }
1982 }
1983
1984 if (found_pa == 0) {
1985 Key *ckey = NULL;
1986 size_t n;
1987 krb5_boolean default_salt;
1988
1989 for (n = 0; n < sizeof(pat) / sizeof(pat[0]); n++) {
1990 if ((pat[n].flags & PA_ANNOUNCE) == 0)
1991 continue;
1992 ret = krb5_padata_add(context, &error_method,
1993 pat[n].type, NULL, 0);
1994 if (ret)
1995 goto out;
1996 }
1997
1998 /*
1999 * If there is a client key, send ETYPE_INFO{,2}
2000 */
2001 ret = _kdc_find_etype(r, KFE_IS_PREAUTH|KFE_USE_CLIENT,
2002 b->etype.val, b->etype.len,
2003 NULL, &ckey, &default_salt);
2004 if (ret == 0) {
2005 ret = get_pa_etype_info_both(context, config, &b->etype,
2006 &error_method, ckey, !default_salt);
2007 if (ret)
2008 goto out;
2009 }
2010
2011 /*
2012 * send requre preauth is its required or anon is requested,
2013 * anon is today only allowed via preauth mechanisms.
2014 */
2015 if (require_preauth_p(r) || _kdc_is_anon_request(&r->req)) {
2016 ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
2017 _kdc_set_e_text(r, "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ");
2018 goto out;
2019 }
2020
2021 if (ckey == NULL) {
2022 ret = KRB5KDC_ERR_CLIENT_NOTYET;
2023 _kdc_set_e_text(r, "Doesn't have a client key available");
2024 goto out;
2025 }
2026 krb5_free_keyblock_contents(r->context, &r->reply_key);
2027 ret = krb5_copy_keyblock_contents(r->context, &ckey->key, &r->reply_key);
2028 if (ret)
2029 goto out;
2030 }
2031
2032 if (r->clientdb->hdb_auth_status) {
2033 r->clientdb->hdb_auth_status(context, r->clientdb, r->client,
2034 HDB_AUTH_SUCCESS);
2035 }
2036
2037 /*
2038 * Verify flags after the user been required to prove its identity
2039 * with in a preauth mech.
2040 */
2041
2042 ret = _kdc_check_access(r, req, &error_method);
2043 if(ret)
2044 goto out;
2045
2046 if (_kdc_is_anon_request(&r->req)) {
2047 ret = _kdc_check_anon_policy(r);
2048 if (ret) {
2049 _kdc_set_e_text(r, "Anonymous ticket requests are disabled");
2050 goto out;
2051 }
2052
2053 r->et.flags.anonymous = 1;
2054 }
2055
2056 /*
2057 * Select the best encryption type for the KDC with out regard to
2058 * the client since the client never needs to read that data.
2059 */
2060
2061 ret = _kdc_get_preferred_key(context, config,
2062 r->server, r->sname,
2063 &setype, &skey);
2064 if(ret)
2065 goto out;
2066
2067 if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey) {
2068 ret = KRB5KDC_ERR_BADOPTION;
2069 _kdc_set_e_text(r, "Bad KDC options");
2070 goto out;
2071 }
2072
2073 /*
2074 * Build reply
2075 */
2076
2077 rep.pvno = 5;
2078 rep.msg_type = krb_as_rep;
2079
2080 if (!config->historical_anon_realm &&
2081 _kdc_is_anonymous(context, r->client_princ)) {
2082 Realm anon_realm = KRB5_ANON_REALM;
2083 ret = copy_Realm(&anon_realm, &rep.crealm);
2084 } else if (f.canonicalize || r->client->entry.flags.force_canonicalize)
2085 ret = copy_Realm(&r->client->entry.principal->realm, &rep.crealm);
2086 else
2087 ret = copy_Realm(&r->client_princ->realm, &rep.crealm);
2088 if (ret)
2089 goto out;
2090 if (r->et.flags.anonymous)
2091 ret = _kdc_make_anonymous_principalname(&rep.cname);
2092 else if (f.canonicalize || r->client->entry.flags.force_canonicalize)
2093 ret = _krb5_principal2principalname(&rep.cname, r->client->entry.principal);
2094 else
2095 ret = _krb5_principal2principalname(&rep.cname, r->client_princ);
2096 if (ret)
2097 goto out;
2098
2099 rep.ticket.tkt_vno = 5;
2100 if (f.canonicalize || r->server->entry.flags.force_canonicalize)
2101 ret = copy_Realm(&r->server->entry.principal->realm, &rep.ticket.realm);
2102 else
2103 ret = copy_Realm(&r->server_princ->realm, &rep.ticket.realm);
2104 if (ret)
2105 goto out;
2106 if (f.canonicalize || r->server->entry.flags.force_canonicalize)
2107 _krb5_principal2principalname(&rep.ticket.sname,
2108 r->server->entry.principal);
2109 else
2110 _krb5_principal2principalname(&rep.ticket.sname,
2111 r->server_princ);
2112 /* java 1.6 expects the name to be the same type, lets allow that
2113 * uncomplicated name-types. */
2114 #define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
2115 if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
2116 rep.ticket.sname.name_type = b->sname->name_type;
2117 #undef CNT
2118
2119 r->et.flags.initial = 1;
2120 if(r->client->entry.flags.forwardable && r->server->entry.flags.forwardable)
2121 r->et.flags.forwardable = f.forwardable;
2122 if(r->client->entry.flags.proxiable && r->server->entry.flags.proxiable)
2123 r->et.flags.proxiable = f.proxiable;
2124 else if (f.proxiable) {
2125 _kdc_set_e_text(r, "Ticket may not be proxiable");
2126 ret = KRB5KDC_ERR_POLICY;
2127 goto out;
2128 }
2129 if(r->client->entry.flags.postdate && r->server->entry.flags.postdate)
2130 r->et.flags.may_postdate = f.allow_postdate;
2131 else if (f.allow_postdate){
2132 _kdc_set_e_text(r, "Ticket may not be postdate");
2133 ret = KRB5KDC_ERR_POLICY;
2134 goto out;
2135 }
2136
2137 /* check for valid set of addresses */
2138 if (!_kdc_check_addresses(r, b->addresses, r->addr)) {
2139 _kdc_set_e_text(r, "Bad address list in requested");
2140 ret = KRB5KRB_AP_ERR_BADADDR;
2141 goto out;
2142 }
2143
2144 ret = copy_PrincipalName(&rep.cname, &r->et.cname);
2145 if (ret)
2146 goto out;
2147 ret = copy_Realm(&rep.crealm, &r->et.crealm);
2148 if (ret)
2149 goto out;
2150
2151 {
2152 time_t start;
2153 time_t t;
2154
2155 start = r->et.authtime = kdc_time;
2156
2157 if(f.postdated && req->req_body.from){
2158 ALLOC(r->et.starttime);
2159 start = *r->et.starttime = *req->req_body.from;
2160 r->et.flags.invalid = 1;
2161 r->et.flags.postdated = 1; /* XXX ??? */
2162 }
2163 _kdc_fix_time(&b->till);
2164 t = *b->till;
2165
2166 /* be careful not overflowing */
2167
2168 if(r->client->entry.max_life)
2169 t = start + min(t - start, *r->client->entry.max_life);
2170 if(r->server->entry.max_life)
2171 t = start + min(t - start, *r->server->entry.max_life);
2172 #if 0
2173 t = min(t, start + realm->max_life);
2174 #endif
2175 r->et.endtime = t;
2176 if(f.renewable_ok && r->et.endtime < *b->till){
2177 f.renewable = 1;
2178 if(b->rtime == NULL){
2179 ALLOC(b->rtime);
2180 *b->rtime = 0;
2181 }
2182 if(*b->rtime < *b->till)
2183 *b->rtime = *b->till;
2184 }
2185 if(f.renewable && b->rtime){
2186 t = *b->rtime;
2187 if(t == 0)
2188 t = MAX_TIME;
2189 if(r->client->entry.max_renew)
2190 t = start + min(t - start, *r->client->entry.max_renew);
2191 if(r->server->entry.max_renew)
2192 t = start + min(t - start, *r->server->entry.max_renew);
2193 #if 0
2194 t = min(t, start + realm->max_renew);
2195 #endif
2196 ALLOC(r->et.renew_till);
2197 *r->et.renew_till = t;
2198 r->et.flags.renewable = 1;
2199 }
2200 }
2201
2202 if(b->addresses){
2203 ALLOC(r->et.caddr);
2204 copy_HostAddresses(b->addresses, r->et.caddr);
2205 }
2206
2207 r->et.transited.tr_type = DOMAIN_X500_COMPRESS;
2208 krb5_data_zero(&r->et.transited.contents);
2209
2210 /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
2211 * as 0 and as 0x80 (meaning indefinite length) apart, and is thus
2212 * incapable of correctly decoding SEQUENCE OF's of zero length.
2213 *
2214 * To fix this, always send at least one no-op last_req
2215 *
2216 * If there's a pw_end or valid_end we will use that,
2217 * otherwise just a dummy lr.
2218 */
2219 r->ek.last_req.val = malloc(2 * sizeof(*r->ek.last_req.val));
2220 if (r->ek.last_req.val == NULL) {
2221 ret = ENOMEM;
2222 goto out;
2223 }
2224 r->ek.last_req.len = 0;
2225 if (r->client->entry.pw_end
2226 && (config->kdc_warn_pwexpire == 0
2227 || kdc_time + config->kdc_warn_pwexpire >= *r->client->entry.pw_end)) {
2228 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_PW_EXPTIME;
2229 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.pw_end;
2230 ++r->ek.last_req.len;
2231 }
2232 if (r->client->entry.valid_end) {
2233 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_ACCT_EXPTIME;
2234 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.valid_end;
2235 ++r->ek.last_req.len;
2236 }
2237 if (r->ek.last_req.len == 0) {
2238 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_NONE;
2239 r->ek.last_req.val[r->ek.last_req.len].lr_value = 0;
2240 ++r->ek.last_req.len;
2241 }
2242 r->ek.nonce = b->nonce;
2243 if (r->client->entry.valid_end || r->client->entry.pw_end) {
2244 ALLOC(r->ek.key_expiration);
2245 if (r->client->entry.valid_end) {
2246 if (r->client->entry.pw_end)
2247 *r->ek.key_expiration = min(*r->client->entry.valid_end,
2248 *r->client->entry.pw_end);
2249 else
2250 *r->ek.key_expiration = *r->client->entry.valid_end;
2251 } else
2252 *r->ek.key_expiration = *r->client->entry.pw_end;
2253 } else
2254 r->ek.key_expiration = NULL;
2255 r->ek.flags = r->et.flags;
2256 r->ek.authtime = r->et.authtime;
2257 if (r->et.starttime) {
2258 ALLOC(r->ek.starttime);
2259 *r->ek.starttime = *r->et.starttime;
2260 }
2261 r->ek.endtime = r->et.endtime;
2262 if (r->et.renew_till) {
2263 ALLOC(r->ek.renew_till);
2264 *r->ek.renew_till = *r->et.renew_till;
2265 }
2266 ret = copy_Realm(&rep.ticket.realm, &r->ek.srealm);
2267 if (ret)
2268 goto out;
2269 ret = copy_PrincipalName(&rep.ticket.sname, &r->ek.sname);
2270 if (ret)
2271 goto out;
2272 if(r->et.caddr){
2273 ALLOC(r->ek.caddr);
2274 copy_HostAddresses(r->et.caddr, r->ek.caddr);
2275 }
2276
2277 /*
2278 * Check and session and reply keys
2279 */
2280
2281 if (r->session_key.keytype == ETYPE_NULL) {
2282 ret = krb5_generate_random_keyblock(context, r->sessionetype, &r->session_key);
2283 if (ret)
2284 goto out;
2285 }
2286
2287 if (r->reply_key.keytype == ETYPE_NULL) {
2288 _kdc_set_e_text(r, "Client have no reply key");
2289 ret = KRB5KDC_ERR_CLIENT_NOTYET;
2290 goto out;
2291 }
2292
2293 ret = copy_EncryptionKey(&r->session_key, &r->et.key);
2294 if (ret)
2295 goto out;
2296
2297 ret = copy_EncryptionKey(&r->session_key, &r->ek.key);
2298 if (ret)
2299 goto out;
2300
2301 if (r->outpadata.len) {
2302
2303 ALLOC(rep.padata);
2304 if (rep.padata == NULL) {
2305 ret = ENOMEM;
2306 goto out;
2307 }
2308 ret = copy_METHOD_DATA(&r->outpadata, rep.padata);
2309 if (ret)
2310 goto out;
2311 }
2312
2313 /* Add the PAC */
2314 if (send_pac_p(context, req) && !r->et.flags.anonymous) {
2315 generate_pac(r, skey);
2316 }
2317
2318 _kdc_log_timestamp(r, "AS-REQ", r->et.authtime,
2319 r->et.starttime, r->et.endtime,
2320 r->et.renew_till);
2321
2322 {
2323 krb5_principal client_principal;
2324
2325 ret = _krb5_principalname2krb5_principal(context, &client_principal,
2326 rep.cname, rep.crealm);
2327 if (ret)
2328 goto out;
2329
2330 /* do this as the last thing since this signs the EncTicketPart */
2331 ret = _kdc_add_KRB5SignedPath(context,
2332 config,
2333 r->server,
2334 setype,
2335 client_principal,
2336 NULL,
2337 NULL,
2338 &r->et);
2339 krb5_free_principal(context, client_principal);
2340 if (ret)
2341 goto out;
2342 }
2343
2344 _log_astgs_req(r, setype);
2345
2346 /*
2347 * We always say we support FAST/enc-pa-rep
2348 */
2349
2350 r->et.flags.enc_pa_rep = r->ek.flags.enc_pa_rep = 1;
2351
2352 /*
2353 * Add REQ_ENC_PA_REP if client supports it
2354 */
2355
2356 i = 0;
2357 pa = _kdc_find_padata(req, &i, KRB5_PADATA_REQ_ENC_PA_REP);
2358 if (pa) {
2359
2360 ret = add_enc_pa_rep(r);
2361 if (ret) {
2362 msg = krb5_get_error_message(r->context, ret);
2363 _kdc_r_log(r, 4, "add_enc_pa_rep failed: %s: %d", msg, ret);
2364 krb5_free_error_message(r->context, msg);
2365 goto out;
2366 }
2367 }
2368
2369 /*
2370 *
2371 */
2372
2373 ret = _kdc_encode_reply(context, config,
2374 r->armor_crypto, req->req_body.nonce,
2375 &rep, &r->et, &r->ek, setype,
2376 r->server->entry.kvno, &skey->key,
2377 r->client->entry.kvno,
2378 &r->reply_key, 0, &r->e_text, r->reply);
2379 if (ret)
2380 goto out;
2381
2382 /*
2383 * Check if message too large
2384 */
2385 if (r->datagram_reply && r->reply->length > config->max_datagram_reply_length) {
2386 krb5_data_free(r->reply);
2387 ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
2388 _kdc_set_e_text(r, "Reply packet too large");
2389 }
2390
2391 out:
2392 free_AS_REP(&rep);
2393
2394 /*
2395 * In case of a non proxy error, build an error message.
2396 */
2397 if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && r->reply->length == 0)
2398 /* We don't want to clobber the original error here... */
2399 _kdc_fast_mk_error(r, &error_method,
2400 r->armor_crypto,
2401 &req->req_body,
2402 ret, r->e_text,
2403 r->server_princ,
2404 r->client_princ ?
2405 &r->client_princ->name : NULL,
2406 r->client_princ ?
2407 &r->client_princ->realm : NULL,
2408 NULL, NULL,
2409 r->reply);
2410
2411 free_EncTicketPart(&r->et);
2412 free_EncKDCRepPart(&r->ek);
2413 free_KDCFastState(&r->fast);
2414
2415 if (error_method.len)
2416 free_METHOD_DATA(&error_method);
2417 if (r->outpadata.len)
2418 free_METHOD_DATA(&r->outpadata);
2419 if (r->client_princ) {
2420 krb5_free_principal(context, r->client_princ);
2421 r->client_princ = NULL;
2422 }
2423 if (r->server_princ){
2424 krb5_free_principal(context, r->server_princ);
2425 r->server_princ = NULL;
2426 }
2427 if (r->client)
2428 _kdc_free_ent(context, r->client);
2429 if (r->server)
2430 _kdc_free_ent(context, r->server);
2431 if (r->armor_crypto) {
2432 krb5_crypto_destroy(r->context, r->armor_crypto);
2433 r->armor_crypto = NULL;
2434 }
2435 krb5_free_keyblock_contents(r->context, &r->reply_key);
2436 krb5_free_keyblock_contents(r->context, &r->session_key);
2437 return ret;
2438 }
2439
2440 /*
2441 * Add the AuthorizationData `data´ of `type´ to the last element in
2442 * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT
2443 */
2444
2445 krb5_error_code
2446 _kdc_tkt_add_if_relevant_ad(krb5_context context,
2447 EncTicketPart *tkt,
2448 int type,
2449 const krb5_data *data)
2450 {
2451 krb5_error_code ret;
2452 size_t size = 0;
2453
2454 if (tkt->authorization_data == NULL) {
2455 tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
2456 if (tkt->authorization_data == NULL) {
2457 krb5_set_error_message(context, ENOMEM, "out of memory");
2458 return ENOMEM;
2459 }
2460 }
2461
2462 /* add the entry to the last element */
2463 {
2464 AuthorizationData ad = { 0, NULL };
2465 AuthorizationDataElement ade;
2466
2467 ade.ad_type = type;
2468 ade.ad_data = *data;
2469
2470 ret = add_AuthorizationData(&ad, &ade);
2471 if (ret) {
2472 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2473 return ret;
2474 }
2475
2476 ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
2477
2478 ASN1_MALLOC_ENCODE(AuthorizationData,
2479 ade.ad_data.data, ade.ad_data.length,
2480 &ad, &size, ret);
2481 free_AuthorizationData(&ad);
2482 if (ret) {
2483 krb5_set_error_message(context, ret, "ASN.1 encode of "
2484 "AuthorizationData failed");
2485 return ret;
2486 }
2487 if (ade.ad_data.length != size)
2488 krb5_abortx(context, "internal asn.1 encoder error");
2489
2490 ret = add_AuthorizationData(tkt->authorization_data, &ade);
2491 der_free_octet_string(&ade.ad_data);
2492 if (ret) {
2493 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2494 return ret;
2495 }
2496 }
2497
2498 return 0;
2499 }
Heimdal