search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #177 from jelmer/reproducible
[heimdal.git] / kdc / kerberos5.c
blob53680d4879cc47ce08becb80cb1bafe15a61cd7b
1 /*
2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kdc_locl.h"
35
36 #define MAX_TIME ((time_t)((1U << 31) - 1))
37
38 void
39 _kdc_fix_time(time_t **t)
40 {
41 if(*t == NULL){
42 ALLOC(*t);
43 **t = MAX_TIME;
44 }
45 if(**t == 0) **t = MAX_TIME; /* fix for old clients */
46 }
47
48 static int
49 realloc_method_data(METHOD_DATA *md)
50 {
51 PA_DATA *pa;
52 pa = realloc(md->val, (md->len + 1) * sizeof(*md->val));
53 if(pa == NULL)
54 return ENOMEM;
55 md->val = pa;
56 md->len++;
57 return 0;
58 }
59
60 static void
61 set_salt_padata(METHOD_DATA *md, Salt *salt)
62 {
63 if (salt) {
64 realloc_method_data(md);
65 md->val[md->len - 1].padata_type = salt->type;
66 der_copy_octet_string(&salt->salt,
67 &md->val[md->len - 1].padata_value);
68 }
69 }
70
71 const PA_DATA*
72 _kdc_find_padata(const KDC_REQ *req, int *start, int type)
73 {
74 if (req->padata == NULL)
75 return NULL;
76
77 while((size_t)*start < req->padata->len){
78 (*start)++;
79 if(req->padata->val[*start - 1].padata_type == (unsigned)type)
80 return &req->padata->val[*start - 1];
81 }
82 return NULL;
83 }
84
85 /*
86 * This is a hack to allow predefined weak services, like afs to
87 * still use weak types
88 */
89
90 krb5_boolean
91 _kdc_is_weak_exception(krb5_principal principal, krb5_enctype etype)
92 {
93 if (principal->name.name_string.len > 0 &&
94 strcmp(principal->name.name_string.val[0], "afs") == 0 &&
95 (etype == (krb5_enctype)ETYPE_DES_CBC_CRC
96 || etype == (krb5_enctype)ETYPE_DES_CBC_MD4
97 || etype == (krb5_enctype)ETYPE_DES_CBC_MD5))
98 return TRUE;
99 return FALSE;
100 }
101
102
103 /*
104 * Detect if `key' is the using the the precomputed `default_salt'.
105 */
106
107 static krb5_boolean
108 is_default_salt_p(const krb5_salt *default_salt, const Key *key)
109 {
110 if (key->salt == NULL)
111 return TRUE;
112 if (default_salt->salttype != key->salt->type)
113 return FALSE;
114 if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
115 return FALSE;
116 return TRUE;
117 }
118
119 /*
120 * return the first appropriate key of `princ' in `ret_key'. Look for
121 * all the etypes in (`etypes', `len'), stopping as soon as we find
122 * one, but preferring one that has default salt.
123 */
124
125 krb5_error_code
126 _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
127 krb5_boolean is_preauth, hdb_entry_ex *princ,
128 krb5_enctype *etypes, unsigned len,
129 krb5_enctype *ret_enctype, Key **ret_key)
130 {
131 krb5_error_code ret;
132 krb5_salt def_salt;
133 krb5_enctype enctype = (krb5_enctype)ETYPE_NULL;
134 const krb5_enctype *p;
135 Key *key = NULL;
136 int i, k;
137
138 /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
139 ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt);
140 if (ret)
141 return ret;
142
143 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
144
145 if (use_strongest_session_key) {
146
147 /*
148 * Pick the strongest key that the KDC, target service, and
149 * client all support, using the local cryptosystem enctype
150 * list in strongest-to-weakest order to drive the search.
151 *
152 * This is not what RFC4120 says to do, but it encourages
153 * adoption of stronger enctypes. This doesn't play well with
154 * clients that have multiple Kerberos client implementations
155 * available with different supported enctype lists.
156 */
157
158 /* drive the search with local supported enctypes list */
159 p = krb5_kerberos_enctypes(context);
160 for (i = 0;
161 p[i] != (krb5_enctype)ETYPE_NULL && enctype == (krb5_enctype)ETYPE_NULL;
162 i++) {
163 if (krb5_enctype_valid(context, p[i]) != 0 &&
164 !_kdc_is_weak_exception(princ->entry.principal, p[i]))
165 continue;
166
167 /* check that the client supports it too */
168 for (k = 0; k < len && enctype == (krb5_enctype)ETYPE_NULL; k++) {
169
170 if (p[i] != etypes[k])
171 continue;
172
173 /* check target princ support */
174 key = NULL;
175 while (hdb_next_enctype2key(context, &princ->entry, NULL,
176 p[i], &key) == 0) {
177 if (key->key.keyvalue.length == 0) {
178 ret = KRB5KDC_ERR_NULL_KEY;
179 continue;
180 }
181 enctype = p[i];
182 ret = 0;
183 if (is_preauth && ret_key != NULL &&
184 !is_default_salt_p(&def_salt, key))
185 continue;
186 }
187 }
188 }
189 } else {
190 /*
191 * Pick the first key from the client's enctype list that is
192 * supported by the cryptosystem and by the given principal.
193 *
194 * RFC4120 says we SHOULD pick the first _strong_ key from the
195 * client's list... not the first key... If the admin disallows
196 * weak enctypes in krb5.conf and selects this key selection
197 * algorithm, then we get exactly what RFC4120 says.
198 */
199 for(i = 0; ret != 0 && i < len; i++) {
200
201 if (krb5_enctype_valid(context, etypes[i]) != 0 &&
202 !_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
203 continue;
204
205 key = NULL;
206 while (ret != 0 &&
207 hdb_next_enctype2key(context, &princ->entry, NULL,
208 etypes[i], &key) == 0) {
209 if (key->key.keyvalue.length == 0) {
210 ret = KRB5KDC_ERR_NULL_KEY;
211 continue;
212 }
213 enctype = etypes[i];
214 ret = 0;
215 if (is_preauth && ret_key != NULL &&
216 !is_default_salt_p(&def_salt, key))
217 continue;
218 }
219 }
220 }
221
222 if (enctype == (krb5_enctype)ETYPE_NULL) {
223 /*
224 * if the service principal is one for which there is a known 1DES
225 * exception and no other enctype matches both the client request and
226 * the service key list, provide a DES-CBC-CRC key.
227 */
228 if (ret_key == NULL &&
229 _kdc_is_weak_exception(princ->entry.principal, ETYPE_DES_CBC_CRC)) {
230 ret = 0;
231 enctype = ETYPE_DES_CBC_CRC;
232 } else {
233 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
234 }
235 }
236
237 if (ret == 0) {
238 if (ret_enctype != NULL)
239 *ret_enctype = enctype;
240 if (ret_key != NULL)
241 *ret_key = key;
242 }
243
244 krb5_free_salt (context, def_salt);
245 return ret;
246 }
247
248 krb5_error_code
249 _kdc_make_anonymous_principalname (PrincipalName *pn)
250 {
251 pn->name_type = KRB5_NT_PRINCIPAL;
252 pn->name_string.len = 1;
253 pn->name_string.val = malloc(sizeof(*pn->name_string.val));
254 if (pn->name_string.val == NULL)
255 return ENOMEM;
256 pn->name_string.val[0] = strdup("anonymous");
257 if (pn->name_string.val[0] == NULL) {
258 free(pn->name_string.val);
259 pn->name_string.val = NULL;
260 return ENOMEM;
261 }
262 return 0;
263 }
264
265 static void
266 _kdc_r_log(kdc_request_t r, int level, const char *fmt, ...)
267 {
268 va_list ap;
269 char *s;
270 va_start(ap, fmt);
271 s = kdc_log_msg_va(r->context, r->config, level, fmt, ap);
272 if(s) free(s);
273 va_end(ap);
274 }
275
276 static void
277 _kdc_set_e_text(kdc_request_t r, const char *e_text)
278 {
279 r->e_text = e_text;
280 kdc_log(r->context, r->config, 0, "%s", e_text);
281 }
282
283 void
284 _kdc_log_timestamp(krb5_context context,
285 krb5_kdc_configuration *config,
286 const char *type,
287 KerberosTime authtime, KerberosTime *starttime,
288 KerberosTime endtime, KerberosTime *renew_till)
289 {
290 char authtime_str[100], starttime_str[100],
291 endtime_str[100], renewtime_str[100];
292
293 krb5_format_time(context, authtime,
294 authtime_str, sizeof(authtime_str), TRUE);
295 if (starttime)
296 krb5_format_time(context, *starttime,
297 starttime_str, sizeof(starttime_str), TRUE);
298 else
299 strlcpy(starttime_str, "unset", sizeof(starttime_str));
300 krb5_format_time(context, endtime,
301 endtime_str, sizeof(endtime_str), TRUE);
302 if (renew_till)
303 krb5_format_time(context, *renew_till,
304 renewtime_str, sizeof(renewtime_str), TRUE);
305 else
306 strlcpy(renewtime_str, "unset", sizeof(renewtime_str));
307
308 kdc_log(context, config, 5,
309 "%s authtime: %s starttime: %s endtime: %s renew till: %s",
310 type, authtime_str, starttime_str, endtime_str, renewtime_str);
311 }
312
313 /*
314 *
315 */
316
317 #ifdef PKINIT
318
319 static krb5_error_code
320 pa_pkinit_validate(kdc_request_t r, const PA_DATA *pa)
321 {
322 pk_client_params *pkp = NULL;
323 char *client_cert = NULL;
324 krb5_error_code ret;
325
326 ret = _kdc_pk_rd_padata(r->context, r->config, &r->req, pa, r->client, &pkp);
327 if (ret || pkp == NULL) {
328 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
329 _kdc_r_log(r, 5, "Failed to decode PKINIT PA-DATA -- %s",
330 r->client_name);
331 goto out;
332 }
333
334 ret = _kdc_pk_check_client(r->context,
335 r->config,
336 r->clientdb,
337 r->client,
338 pkp,
339 &client_cert);
340 if (ret) {
341 _kdc_set_e_text(r, "PKINIT certificate not allowed to "
342 "impersonate principal");
343 goto out;
344 }
345
346 _kdc_r_log(r, 0, "PKINIT pre-authentication succeeded -- %s using %s",
347 r->client_name, client_cert);
348 free(client_cert);
349
350 ret = _kdc_pk_mk_pa_reply(r->context, r->config, pkp, r->client,
351 r->sessionetype, &r->req, &r->request,
352 &r->reply_key, &r->session_key, &r->outpadata);
353 if (ret) {
354 _kdc_set_e_text(r, "Failed to build PK-INIT reply");
355 goto out;
356 }
357 #if 0
358 ret = _kdc_add_inital_verified_cas(r->context, r->config,
359 pkp, &r->et);
360 #endif
361 out:
362 if (pkp)
363 _kdc_pk_free_client_param(r->context, pkp);
364
365 return ret;
366 }
367
368 #endif /* PKINIT */
369
370 /*
371 *
372 */
373
374 static krb5_error_code
375 make_pa_enc_challange(krb5_context context, METHOD_DATA *md,
376 krb5_crypto crypto)
377 {
378 PA_ENC_TS_ENC p;
379 unsigned char *buf;
380 size_t buf_size;
381 size_t len;
382 EncryptedData encdata;
383 krb5_error_code ret;
384 int32_t usec;
385 int usec2;
386
387 krb5_us_timeofday (context, &p.patimestamp, &usec);
388 usec2 = usec;
389 p.pausec = &usec2;
390
391 ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
392 if (ret)
393 return ret;
394 if(buf_size != len)
395 krb5_abortx(context, "internal error in ASN.1 encoder");
396
397 ret = krb5_encrypt_EncryptedData(context,
398 crypto,
399 KRB5_KU_ENC_CHALLENGE_KDC,
400 buf,
401 len,
402 0,
403 &encdata);
404 free(buf);
405 if (ret)
406 return ret;
407
408 ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
409 free_EncryptedData(&encdata);
410 if (ret)
411 return ret;
412 if(buf_size != len)
413 krb5_abortx(context, "internal error in ASN.1 encoder");
414
415 ret = krb5_padata_add(context, md, KRB5_PADATA_ENCRYPTED_CHALLENGE, buf, len);
416 if (ret)
417 free(buf);
418 return ret;
419 }
420
421 static krb5_error_code
422 pa_enc_chal_validate(kdc_request_t r, const PA_DATA *pa)
423 {
424 krb5_data pepper1, pepper2, ts_data;
425 KDC_REQ_BODY *b = &r->req.req_body;
426 int invalidPassword = 0;
427 EncryptedData enc_data;
428 krb5_enctype aenctype;
429 krb5_error_code ret;
430 struct Key *k;
431 size_t size;
432 int i;
433
434 heim_assert(r->armor_crypto != NULL, "ENC-CHAL called for non FAST");
435
436 if (_kdc_is_anon_request(b)) {
437 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
438 kdc_log(r->context, r->config, 0, "ENC-CHALL doesn't support anon");
439 return ret;
440 }
441
442 ret = decode_EncryptedData(pa->padata_value.data,
443 pa->padata_value.length,
444 &enc_data,
445 &size);
446 if (ret) {
447 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
448 _kdc_r_log(r, 5, "Failed to decode PA-DATA -- %s",
449 r->client_name);
450 return ret;
451 }
452
453 pepper1.data = "clientchallengearmor";
454 pepper1.length = strlen(pepper1.data);
455 pepper2.data = "challengelongterm";
456 pepper2.length = strlen(pepper2.data);
457
458 krb5_crypto_getenctype(r->context, r->armor_crypto, &aenctype);
459
460 for (i = 0; i < r->client->entry.keys.len; i++) {
461 krb5_crypto challangecrypto, longtermcrypto;
462 krb5_keyblock challangekey;
463 PA_ENC_TS_ENC p;
464
465 k = &r->client->entry.keys.val[i];
466
467 ret = krb5_crypto_init(r->context, &k->key, 0, &longtermcrypto);
468 if (ret)
469 continue;
470
471 ret = krb5_crypto_fx_cf2(r->context, r->armor_crypto, longtermcrypto,
472 &pepper1, &pepper2, aenctype,
473 &challangekey);
474 krb5_crypto_destroy(r->context, longtermcrypto);
475 if (ret)
476 continue;
477
478 ret = krb5_crypto_init(r->context, &challangekey, 0,
479 &challangecrypto);
480 if (ret)
481 continue;
482
483 ret = krb5_decrypt_EncryptedData(r->context, challangecrypto,
484 KRB5_KU_ENC_CHALLENGE_CLIENT,
485 &enc_data,
486 &ts_data);
487 if (ret) {
488 const char *msg = krb5_get_error_message(r->context, ret);
489 krb5_error_code ret2;
490 char *str = NULL;
491
492 invalidPassword = 1;
493
494 ret2 = krb5_enctype_to_string(r->context, k->key.keytype, &str);
495 if (ret2)
496 str = NULL;
497 _kdc_r_log(r, 5, "Failed to decrypt ENC-CHAL -- %s "
498 "(enctype %s) error %s",
499 r->client_name, str ? str : "unknown enctype", msg);
500 krb5_free_error_message(r->context, msg);
501 free(str);
502
503 continue;
504 }
505
506 ret = decode_PA_ENC_TS_ENC(ts_data.data,
507 ts_data.length,
508 &p,
509 &size);
510 krb5_data_free(&ts_data);
511 if(ret){
512 krb5_crypto_destroy(r->context, challangecrypto);
513 ret = KRB5KDC_ERR_PREAUTH_FAILED;
514 _kdc_r_log(r, 5, "Failed to decode PA-ENC-TS_ENC -- %s",
515 r->client_name);
516 continue;
517 }
518
519 if (labs(kdc_time - p.patimestamp) > r->context->max_skew) {
520 char client_time[100];
521
522 krb5_crypto_destroy(r->context, challangecrypto);
523
524 krb5_format_time(r->context, p.patimestamp,
525 client_time, sizeof(client_time), TRUE);
526
527 ret = KRB5KRB_AP_ERR_SKEW;
528 _kdc_r_log(r, 0, "Too large time skew, "
529 "client time %s is out by %u > %u seconds -- %s",
530 client_time,
531 (unsigned)labs(kdc_time - p.patimestamp),
532 r->context->max_skew,
533 r->client_name);
534
535 free_PA_ENC_TS_ENC(&p);
536 goto out;
537 }
538
539 free_PA_ENC_TS_ENC(&p);
540
541 ret = make_pa_enc_challange(r->context, &r->outpadata,
542 challangecrypto);
543 krb5_crypto_destroy(r->context, challangecrypto);
544 if (ret)
545 goto out;
546
547 set_salt_padata(&r->outpadata, k->salt);
548 krb5_free_keyblock_contents(r->context, &r->reply_key);
549 ret = krb5_copy_keyblock_contents(r->context, &k->key, &r->reply_key);
550 if (ret)
551 goto out;
552
553 /*
554 * Success
555 */
556 if (r->clientdb->hdb_auth_status)
557 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
558 HDB_AUTH_SUCCESS);
559 goto out;
560 }
561
562 if (invalidPassword && r->clientdb->hdb_auth_status) {
563 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
564 HDB_AUTH_WRONG_PASSWORD);
565 ret = KRB5KDC_ERR_PREAUTH_FAILED;
566 }
567 out:
568 free_EncryptedData(&enc_data);
569
570 return ret;
571 }
572
573 static krb5_error_code
574 pa_enc_ts_validate(kdc_request_t r, const PA_DATA *pa)
575 {
576 EncryptedData enc_data;
577 krb5_error_code ret;
578 krb5_crypto crypto;
579 krb5_data ts_data;
580 PA_ENC_TS_ENC p;
581 size_t len;
582 Key *pa_key;
583 char *str;
584
585 if (_kdc_is_anon_request(&r->req.req_body)) {
586 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
587 _kdc_set_e_text(r, "ENC-TS doesn't support anon");
588 goto out;
589 }
590
591 ret = decode_EncryptedData(pa->padata_value.data,
592 pa->padata_value.length,
593 &enc_data,
594 &len);
595 if (ret) {
596 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
597 _kdc_r_log(r, 5, "Failed to decode PA-DATA -- %s",
598 r->client_name);
599 goto out;
600 }
601
602 ret = hdb_enctype2key(r->context, &r->client->entry, NULL,
603 enc_data.etype, &pa_key);
604 if(ret){
605 char *estr;
606 _kdc_set_e_text(r, "No key matching entype");
607 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
608 if(krb5_enctype_to_string(r->context, enc_data.etype, &estr))
609 estr = NULL;
610 if(estr == NULL)
611 _kdc_r_log(r, 5,
612 "No client key matching pa-data (%d) -- %s",
613 enc_data.etype, r->client_name);
614 else
615 _kdc_r_log(r, 5,
616 "No client key matching pa-data (%s) -- %s",
617 estr, r->client_name);
618 free(estr);
619 free_EncryptedData(&enc_data);
620 goto out;
621 }
622
623 try_next_key:
624 ret = krb5_crypto_init(r->context, &pa_key->key, 0, &crypto);
625 if (ret) {
626 const char *msg = krb5_get_error_message(r->context, ret);
627 _kdc_r_log(r, 0, "krb5_crypto_init failed: %s", msg);
628 krb5_free_error_message(r->context, msg);
629 free_EncryptedData(&enc_data);
630 goto out;
631 }
632
633 ret = krb5_decrypt_EncryptedData (r->context,
634 crypto,
635 KRB5_KU_PA_ENC_TIMESTAMP,
636 &enc_data,
637 &ts_data);
638 krb5_crypto_destroy(r->context, crypto);
639 /*
640 * Since the user might have several keys with the same
641 * enctype but with diffrent salting, we need to try all
642 * the keys with the same enctype.
643 */
644 if(ret){
645 krb5_error_code ret2;
646 const char *msg = krb5_get_error_message(r->context, ret);
647
648 ret2 = krb5_enctype_to_string(r->context,
649 pa_key->key.keytype, &str);
650 if (ret2)
651 str = NULL;
652 _kdc_r_log(r, 5, "Failed to decrypt PA-DATA -- %s "
653 "(enctype %s) error %s",
654 r->client_name, str ? str : "unknown enctype", msg);
655 krb5_free_error_message(r->context, msg);
656 free(str);
657
658 if(hdb_next_enctype2key(r->context, &r->client->entry, NULL,
659 enc_data.etype, &pa_key) == 0)
660 goto try_next_key;
661
662 free_EncryptedData(&enc_data);
663
664 if (r->clientdb->hdb_auth_status)
665 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
666 HDB_AUTH_WRONG_PASSWORD);
667
668 ret = KRB5KDC_ERR_PREAUTH_FAILED;
669 goto out;
670 }
671 free_EncryptedData(&enc_data);
672 ret = decode_PA_ENC_TS_ENC(ts_data.data,
673 ts_data.length,
674 &p,
675 &len);
676 krb5_data_free(&ts_data);
677 if(ret){
678 ret = KRB5KDC_ERR_PREAUTH_FAILED;
679 _kdc_r_log(r, 5, "Failed to decode PA-ENC-TS_ENC -- %s",
680 r->client_name);
681 goto out;
682 }
683 if (labs(kdc_time - p.patimestamp) > r->context->max_skew) {
684 char client_time[100];
685
686 krb5_format_time(r->context, p.patimestamp,
687 client_time, sizeof(client_time), TRUE);
688
689 ret = KRB5KRB_AP_ERR_SKEW;
690 _kdc_r_log(r, 0, "Too large time skew, "
691 "client time %s is out by %u > %u seconds -- %s",
692 client_time,
693 (unsigned)labs(kdc_time - p.patimestamp),
694 r->context->max_skew,
695 r->client_name);
696
697 /*
698 * The following is needed to make windows clients to
699 * retry using the timestamp in the error message, if
700 * there is a e_text, they become unhappy.
701 */
702 r->e_text = NULL;
703 free_PA_ENC_TS_ENC(&p);
704 goto out;
705 }
706 free_PA_ENC_TS_ENC(&p);
707
708 set_salt_padata(&r->outpadata, pa_key->salt);
709
710 ret = krb5_copy_keyblock_contents(r->context, &pa_key->key, &r->reply_key);
711 if (ret)
712 return ret;
713
714 ret = krb5_enctype_to_string(r->context, pa_key->key.keytype, &str);
715 if (ret)
716 str = NULL;
717 _kdc_r_log(r, 2, "ENC-TS Pre-authentication succeeded -- %s using %s",
718 r->client_name, str ? str : "unknown enctype");
719 free(str);
720
721 ret = 0;
722
723 out:
724
725 return ret;
726 }
727
728 struct kdc_patypes {
729 int type;
730 char *name;
731 unsigned int flags;
732 #define PA_ANNOUNCE 1
733 #define PA_REQ_FAST 2 /* only use inside fast */
734 krb5_error_code (*validate)(kdc_request_t, const PA_DATA *pa);
735 };
736
737 static const struct kdc_patypes pat[] = {
738 #ifdef PKINIT
739 {
740 KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)", PA_ANNOUNCE,
741 pa_pkinit_validate
742 },
743 {
744 KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", PA_ANNOUNCE,
745 pa_pkinit_validate
746 },
747 {
748 KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", PA_ANNOUNCE,
749 NULL
750 },
751 #else
752 { KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)", 0, NULL },
753 { KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", 0, NULL },
754 { KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", 0, NULL },
755 #endif
756 { KRB5_PADATA_PA_PK_OCSP_RESPONSE , "OCSP", 0, NULL },
757 {
758 KRB5_PADATA_ENC_TIMESTAMP , "ENC-TS",
759 PA_ANNOUNCE,
760 pa_enc_ts_validate
761 },
762 {
763 KRB5_PADATA_ENCRYPTED_CHALLENGE , "ENC-CHAL",
764 PA_ANNOUNCE | PA_REQ_FAST,
765 pa_enc_chal_validate
766 },
767 { KRB5_PADATA_REQ_ENC_PA_REP , "REQ-ENC-PA-REP", 0, NULL },
768 { KRB5_PADATA_FX_FAST, "FX-FAST", PA_ANNOUNCE, NULL },
769 { KRB5_PADATA_FX_ERROR, "FX-ERROR", 0, NULL },
770 { KRB5_PADATA_FX_COOKIE, "FX-COOKIE", 0, NULL }
771 };
772
773 static void
774 log_patypes(krb5_context context,
775 krb5_kdc_configuration *config,
776 METHOD_DATA *padata)
777 {
778 struct rk_strpool *p = NULL;
779 char *str;
780 size_t n, m;
781
782 for (n = 0; n < padata->len; n++) {
783 for (m = 0; m < sizeof(pat) / sizeof(pat[0]); m++) {
784 if (padata->val[n].padata_type == pat[m].type) {
785 p = rk_strpoolprintf(p, "%s", pat[m].name);
786 break;
787 }
788 }
789 if (m == sizeof(pat) / sizeof(pat[0]))
790 p = rk_strpoolprintf(p, "%d", padata->val[n].padata_type);
791 if (p && n + 1 < padata->len)
792 p = rk_strpoolprintf(p, ", ");
793 if (p == NULL) {
794 kdc_log(context, config, 0, "out of memory");
795 return;
796 }
797 }
798 if (p == NULL)
799 p = rk_strpoolprintf(p, "none");
800
801 str = rk_strpoolcollect(p);
802 kdc_log(context, config, 0, "Client sent patypes: %s", str);
803 free(str);
804 }
805
806 /*
807 *
808 */
809
810 krb5_error_code
811 _kdc_encode_reply(krb5_context context,
812 krb5_kdc_configuration *config,
813 krb5_crypto armor_crypto, uint32_t nonce,
814 KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
815 krb5_enctype etype,
816 int skvno, const EncryptionKey *skey,
817 int ckvno, const EncryptionKey *reply_key,
818 int rk_is_subkey,
819 const char **e_text,
820 krb5_data *reply)
821 {
822 unsigned char *buf;
823 size_t buf_size;
824 size_t len = 0;
825 krb5_error_code ret;
826 krb5_crypto crypto;
827
828 ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
829 if(ret) {
830 const char *msg = krb5_get_error_message(context, ret);
831 kdc_log(context, config, 0, "Failed to encode ticket: %s", msg);
832 krb5_free_error_message(context, msg);
833 return ret;
834 }
835 if(buf_size != len)
836 krb5_abortx(context, "Internal error in ASN.1 encoder");
837
838 ret = krb5_crypto_init(context, skey, etype, &crypto);
839 if (ret) {
840 const char *msg = krb5_get_error_message(context, ret);
841 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
842 krb5_free_error_message(context, msg);
843 return ret;
844 }
845
846 ret = krb5_encrypt_EncryptedData(context,
847 crypto,
848 KRB5_KU_TICKET,
849 buf,
850 len,
851 skvno,
852 &rep->ticket.enc_part);
853 free(buf);
854 krb5_crypto_destroy(context, crypto);
855 if(ret) {
856 const char *msg = krb5_get_error_message(context, ret);
857 kdc_log(context, config, 0, "Failed to encrypt data: %s", msg);
858 krb5_free_error_message(context, msg);
859 return ret;
860 }
861
862 if (armor_crypto) {
863 krb5_data data;
864 krb5_keyblock *strengthen_key = NULL;
865 KrbFastFinished finished;
866
867 kdc_log(context, config, 0, "FAST armor protection");
868
869 memset(&finished, 0, sizeof(finished));
870 krb5_data_zero(&data);
871
872 finished.timestamp = kdc_time;
873 finished.usec = 0;
874 finished.crealm = et->crealm;
875 finished.cname = et->cname;
876
877 ASN1_MALLOC_ENCODE(Ticket, data.data, data.length,
878 &rep->ticket, &len, ret);
879 if (ret)
880 return ret;
881 if (data.length != len)
882 krb5_abortx(context, "internal asn.1 error");
883
884 ret = krb5_create_checksum(context, armor_crypto,
885 KRB5_KU_FAST_FINISHED, 0,
886 data.data, data.length,
887 &finished.ticket_checksum);
888 krb5_data_free(&data);
889 if (ret)
890 return ret;
891
892 ret = _kdc_fast_mk_response(context, armor_crypto,
893 rep->padata, strengthen_key, &finished,
894 nonce, &data);
895 free_Checksum(&finished.ticket_checksum);
896 if (ret)
897 return ret;
898
899 if (rep->padata) {
900 free_METHOD_DATA(rep->padata);
901 } else {
902 rep->padata = calloc(1, sizeof(*(rep->padata)));
903 if (rep->padata == NULL) {
904 krb5_data_free(&data);
905 return ENOMEM;
906 }
907 }
908
909 ret = krb5_padata_add(context, rep->padata,
910 KRB5_PADATA_FX_FAST,
911 data.data, data.length);
912 if (ret)
913 return ret;
914
915 /*
916 * Hide client name of privacy reasons
917 */
918 if (1 /* r->fast_options.hide_client_names */) {
919 rep->crealm[0] = '\0';
920 free_PrincipalName(&rep->cname);
921 rep->cname.name_type = 0;
922 }
923 }
924
925 if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep)
926 ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
927 else
928 ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
929 if(ret) {
930 const char *msg = krb5_get_error_message(context, ret);
931 kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
932 krb5_free_error_message(context, msg);
933 return ret;
934 }
935 if(buf_size != len) {
936 free(buf);
937 kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
938 *e_text = "KDC internal error";
939 return KRB5KRB_ERR_GENERIC;
940 }
941 ret = krb5_crypto_init(context, reply_key, 0, &crypto);
942 if (ret) {
943 const char *msg = krb5_get_error_message(context, ret);
944 free(buf);
945 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
946 krb5_free_error_message(context, msg);
947 return ret;
948 }
949 if(rep->msg_type == krb_as_rep) {
950 krb5_encrypt_EncryptedData(context,
951 crypto,
952 KRB5_KU_AS_REP_ENC_PART,
953 buf,
954 len,
955 ckvno,
956 &rep->enc_part);
957 free(buf);
958 ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
959 } else {
960 krb5_encrypt_EncryptedData(context,
961 crypto,
962 rk_is_subkey ? KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : KRB5_KU_TGS_REP_ENC_PART_SESSION,
963 buf,
964 len,
965 ckvno,
966 &rep->enc_part);
967 free(buf);
968 ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
969 }
970 krb5_crypto_destroy(context, crypto);
971 if(ret) {
972 const char *msg = krb5_get_error_message(context, ret);
973 kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
974 krb5_free_error_message(context, msg);
975 return ret;
976 }
977 if(buf_size != len) {
978 free(buf);
979 kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
980 *e_text = "KDC internal error";
981 return KRB5KRB_ERR_GENERIC;
982 }
983 reply->data = buf;
984 reply->length = buf_size;
985 return 0;
986 }
987
988 /*
989 * Return 1 if the client have only older enctypes, this is for
990 * determining if the server should send ETYPE_INFO2 or not.
991 */
992
993 static int
994 older_enctype(krb5_enctype enctype)
995 {
996 switch (enctype) {
997 case ETYPE_DES_CBC_CRC:
998 case ETYPE_DES_CBC_MD4:
999 case ETYPE_DES_CBC_MD5:
1000 case ETYPE_DES3_CBC_SHA1:
1001 case ETYPE_ARCFOUR_HMAC_MD5:
1002 case ETYPE_ARCFOUR_HMAC_MD5_56:
1003 /*
1004 * The following three is "old" windows enctypes and is needed for
1005 * windows 2000 hosts.
1006 */
1007 case ETYPE_ARCFOUR_MD4:
1008 case ETYPE_ARCFOUR_HMAC_OLD:
1009 case ETYPE_ARCFOUR_HMAC_OLD_EXP:
1010 return 1;
1011 default:
1012 return 0;
1013 }
1014 }
1015
1016 /*
1017 *
1018 */
1019
1020 static krb5_error_code
1021 make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
1022 {
1023 ent->etype = key->key.keytype;
1024 if(key->salt){
1025 #if 0
1026 ALLOC(ent->salttype);
1027
1028 if(key->salt->type == hdb_pw_salt)
1029 *ent->salttype = 0; /* or 1? or NULL? */
1030 else if(key->salt->type == hdb_afs3_salt)
1031 *ent->salttype = 2;
1032 else {
1033 kdc_log(context, config, 0, "unknown salt-type: %d",
1034 key->salt->type);
1035 return KRB5KRB_ERR_GENERIC;
1036 }
1037 /* according to `the specs', we can't send a salt if
1038 we have AFS3 salted key, but that requires that you
1039 *know* what cell you are using (e.g by assuming
1040 that the cell is the same as the realm in lower
1041 case) */
1042 #elif 0
1043 ALLOC(ent->salttype);
1044 *ent->salttype = key->salt->type;
1045 #else
1046 /*
1047 * We shouldn't sent salttype since it is incompatible with the
1048 * specification and it breaks windows clients. The afs
1049 * salting problem is solved by using KRB5-PADATA-AFS3-SALT
1050 * implemented in Heimdal 0.7 and later.
1051 */
1052 ent->salttype = NULL;
1053 #endif
1054 krb5_copy_data(context, &key->salt->salt,
1055 &ent->salt);
1056 } else {
1057 /* we return no salt type at all, as that should indicate
1058 * the default salt type and make everybody happy. some
1059 * systems (like w2k) dislike being told the salt type
1060 * here. */
1061
1062 ent->salttype = NULL;
1063 ent->salt = NULL;
1064 }
1065 return 0;
1066 }
1067
1068 static krb5_error_code
1069 get_pa_etype_info(krb5_context context,
1070 krb5_kdc_configuration *config,
1071 METHOD_DATA *md, Key *ckey)
1072 {
1073 krb5_error_code ret = 0;
1074 ETYPE_INFO pa;
1075 unsigned char *buf;
1076 size_t len;
1077
1078
1079 pa.len = 1;
1080 pa.val = calloc(1, sizeof(pa.val[0]));
1081 if(pa.val == NULL)
1082 return ENOMEM;
1083
1084 ret = make_etype_info_entry(context, &pa.val[0], ckey);
1085 if (ret) {
1086 free_ETYPE_INFO(&pa);
1087 return ret;
1088 }
1089
1090 ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
1091 free_ETYPE_INFO(&pa);
1092 if(ret)
1093 return ret;
1094 ret = realloc_method_data(md);
1095 if(ret) {
1096 free(buf);
1097 return ret;
1098 }
1099 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO;
1100 md->val[md->len - 1].padata_value.length = len;
1101 md->val[md->len - 1].padata_value.data = buf;
1102 return 0;
1103 }
1104
1105 /*
1106 *
1107 */
1108
1109 extern int _krb5_AES_string_to_default_iterator;
1110
1111 static krb5_error_code
1112 make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
1113 {
1114 ent->etype = key->key.keytype;
1115 if(key->salt) {
1116 ALLOC(ent->salt);
1117 if (ent->salt == NULL)
1118 return ENOMEM;
1119 *ent->salt = malloc(key->salt->salt.length + 1);
1120 if (*ent->salt == NULL) {
1121 free(ent->salt);
1122 ent->salt = NULL;
1123 return ENOMEM;
1124 }
1125 memcpy(*ent->salt, key->salt->salt.data, key->salt->salt.length);
1126 (*ent->salt)[key->salt->salt.length] = '\0';
1127 } else
1128 ent->salt = NULL;
1129
1130 ent->s2kparams = NULL;
1131
1132 switch (key->key.keytype) {
1133 case ETYPE_AES128_CTS_HMAC_SHA1_96:
1134 case ETYPE_AES256_CTS_HMAC_SHA1_96:
1135 ALLOC(ent->s2kparams);
1136 if (ent->s2kparams == NULL)
1137 return ENOMEM;
1138 ent->s2kparams->length = 4;
1139 ent->s2kparams->data = malloc(ent->s2kparams->length);
1140 if (ent->s2kparams->data == NULL) {
1141 free(ent->s2kparams);
1142 ent->s2kparams = NULL;
1143 return ENOMEM;
1144 }
1145 _krb5_put_int(ent->s2kparams->data,
1146 _krb5_AES_string_to_default_iterator,
1147 ent->s2kparams->length);
1148 break;
1149 case ETYPE_DES_CBC_CRC:
1150 case ETYPE_DES_CBC_MD4:
1151 case ETYPE_DES_CBC_MD5:
1152 /* Check if this was a AFS3 salted key */
1153 if(key->salt && key->salt->type == hdb_afs3_salt){
1154 ALLOC(ent->s2kparams);
1155 if (ent->s2kparams == NULL)
1156 return ENOMEM;
1157 ent->s2kparams->length = 1;
1158 ent->s2kparams->data = malloc(ent->s2kparams->length);
1159 if (ent->s2kparams->data == NULL) {
1160 free(ent->s2kparams);
1161 ent->s2kparams = NULL;
1162 return ENOMEM;
1163 }
1164 _krb5_put_int(ent->s2kparams->data,
1165 1,
1166 ent->s2kparams->length);
1167 }
1168 break;
1169 default:
1170 break;
1171 }
1172 return 0;
1173 }
1174
1175 /*
1176 * Return an ETYPE-INFO2. Enctypes are storted the same way as in the
1177 * database (client supported enctypes first, then the unsupported
1178 * enctypes).
1179 */
1180
1181 static krb5_error_code
1182 get_pa_etype_info2(krb5_context context,
1183 krb5_kdc_configuration *config,
1184 METHOD_DATA *md, Key *ckey)
1185 {
1186 krb5_error_code ret = 0;
1187 ETYPE_INFO2 pa;
1188 unsigned char *buf;
1189 size_t len;
1190
1191 pa.len = 1;
1192 pa.val = calloc(1, sizeof(pa.val[0]));
1193 if(pa.val == NULL)
1194 return ENOMEM;
1195
1196 ret = make_etype_info2_entry(&pa.val[0], ckey);
1197 if (ret) {
1198 free_ETYPE_INFO2(&pa);
1199 return ret;
1200 }
1201
1202 ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret);
1203 free_ETYPE_INFO2(&pa);
1204 if(ret)
1205 return ret;
1206 ret = realloc_method_data(md);
1207 if(ret) {
1208 free(buf);
1209 return ret;
1210 }
1211 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO2;
1212 md->val[md->len - 1].padata_value.length = len;
1213 md->val[md->len - 1].padata_value.data = buf;
1214 return 0;
1215 }
1216
1217 /*
1218 *
1219 */
1220
1221 static void
1222 log_as_req(krb5_context context,
1223 krb5_kdc_configuration *config,
1224 krb5_enctype cetype,
1225 krb5_enctype setype,
1226 const KDC_REQ_BODY *b)
1227 {
1228 krb5_error_code ret;
1229 struct rk_strpool *p;
1230 char *str;
1231 size_t i;
1232
1233 p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: ");
1234
1235 for (i = 0; i < b->etype.len; i++) {
1236 ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
1237 if (ret == 0) {
1238 p = rk_strpoolprintf(p, "%s", str);
1239 free(str);
1240 } else
1241 p = rk_strpoolprintf(p, "%d", b->etype.val[i]);
1242 if (p && i + 1 < b->etype.len)
1243 p = rk_strpoolprintf(p, ", ");
1244 if (p == NULL) {
1245 kdc_log(context, config, 0, "out of memory");
1246 return;
1247 }
1248 }
1249 if (p == NULL)
1250 p = rk_strpoolprintf(p, "no encryption types");
1251
1252 {
1253 char *cet;
1254 char *set;
1255
1256 ret = krb5_enctype_to_string(context, cetype, &cet);
1257 if(ret == 0) {
1258 ret = krb5_enctype_to_string(context, setype, &set);
1259 if (ret == 0) {
1260 p = rk_strpoolprintf(p, ", using %s/%s", cet, set);
1261 free(set);
1262 }
1263 free(cet);
1264 }
1265 if (ret != 0)
1266 p = rk_strpoolprintf(p, ", using enctypes %d/%d",
1267 cetype, setype);
1268 }
1269
1270 str = rk_strpoolcollect(p);
1271 kdc_log(context, config, 0, "%s", str);
1272 free(str);
1273
1274 {
1275 char fixedstr[128];
1276 unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(),
1277 fixedstr, sizeof(fixedstr));
1278 if(*fixedstr)
1279 kdc_log(context, config, 0, "Requested flags: %s", fixedstr);
1280 }
1281 }
1282
1283 /*
1284 * verify the flags on `client' and `server', returning 0
1285 * if they are OK and generating an error messages and returning
1286 * and error code otherwise.
1287 */
1288
1289 krb5_error_code
1290 kdc_check_flags(krb5_context context,
1291 krb5_kdc_configuration *config,
1292 hdb_entry_ex *client_ex, const char *client_name,
1293 hdb_entry_ex *server_ex, const char *server_name,
1294 krb5_boolean is_as_req)
1295 {
1296 if(client_ex != NULL) {
1297 hdb_entry *client = &client_ex->entry;
1298
1299 /* check client */
1300 if (client->flags.locked_out) {
1301 kdc_log(context, config, 0,
1302 "Client (%s) is locked out", client_name);
1303 return KRB5KDC_ERR_POLICY;
1304 }
1305
1306 if (client->flags.invalid) {
1307 kdc_log(context, config, 0,
1308 "Client (%s) has invalid bit set", client_name);
1309 return KRB5KDC_ERR_POLICY;
1310 }
1311
1312 if(!client->flags.client){
1313 kdc_log(context, config, 0,
1314 "Principal may not act as client -- %s", client_name);
1315 return KRB5KDC_ERR_POLICY;
1316 }
1317
1318 if (client->valid_start && *client->valid_start > kdc_time) {
1319 char starttime_str[100];
1320 krb5_format_time(context, *client->valid_start,
1321 starttime_str, sizeof(starttime_str), TRUE);
1322 kdc_log(context, config, 0,
1323 "Client not yet valid until %s -- %s",
1324 starttime_str, client_name);
1325 return KRB5KDC_ERR_CLIENT_NOTYET;
1326 }
1327
1328 if (client->valid_end && *client->valid_end < kdc_time) {
1329 char endtime_str[100];
1330 krb5_format_time(context, *client->valid_end,
1331 endtime_str, sizeof(endtime_str), TRUE);
1332 kdc_log(context, config, 0,
1333 "Client expired at %s -- %s",
1334 endtime_str, client_name);
1335 return KRB5KDC_ERR_NAME_EXP;
1336 }
1337
1338 if (client->flags.require_pwchange &&
1339 (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
1340 kdc_log(context, config, 0,
1341 "Client's key must be changed -- %s", client_name);
1342 return KRB5KDC_ERR_KEY_EXPIRED;
1343 }
1344
1345 if (client->pw_end && *client->pw_end < kdc_time
1346 && (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
1347 char pwend_str[100];
1348 krb5_format_time(context, *client->pw_end,
1349 pwend_str, sizeof(pwend_str), TRUE);
1350 kdc_log(context, config, 0,
1351 "Client's key has expired at %s -- %s",
1352 pwend_str, client_name);
1353 return KRB5KDC_ERR_KEY_EXPIRED;
1354 }
1355 }
1356
1357 /* check server */
1358
1359 if (server_ex != NULL) {
1360 hdb_entry *server = &server_ex->entry;
1361
1362 if (server->flags.locked_out) {
1363 kdc_log(context, config, 0,
1364 "Client server locked out -- %s", server_name);
1365 return KRB5KDC_ERR_POLICY;
1366 }
1367 if (server->flags.invalid) {
1368 kdc_log(context, config, 0,
1369 "Server has invalid flag set -- %s", server_name);
1370 return KRB5KDC_ERR_POLICY;
1371 }
1372
1373 if(!server->flags.server){
1374 kdc_log(context, config, 0,
1375 "Principal may not act as server -- %s", server_name);
1376 return KRB5KDC_ERR_POLICY;
1377 }
1378
1379 if(!is_as_req && server->flags.initial) {
1380 kdc_log(context, config, 0,
1381 "AS-REQ is required for server -- %s", server_name);
1382 return KRB5KDC_ERR_POLICY;
1383 }
1384
1385 if (server->valid_start && *server->valid_start > kdc_time) {
1386 char starttime_str[100];
1387 krb5_format_time(context, *server->valid_start,
1388 starttime_str, sizeof(starttime_str), TRUE);
1389 kdc_log(context, config, 0,
1390 "Server not yet valid until %s -- %s",
1391 starttime_str, server_name);
1392 return KRB5KDC_ERR_SERVICE_NOTYET;
1393 }
1394
1395 if (server->valid_end && *server->valid_end < kdc_time) {
1396 char endtime_str[100];
1397 krb5_format_time(context, *server->valid_end,
1398 endtime_str, sizeof(endtime_str), TRUE);
1399 kdc_log(context, config, 0,
1400 "Server expired at %s -- %s",
1401 endtime_str, server_name);
1402 return KRB5KDC_ERR_SERVICE_EXP;
1403 }
1404
1405 if (server->pw_end && *server->pw_end < kdc_time) {
1406 char pwend_str[100];
1407 krb5_format_time(context, *server->pw_end,
1408 pwend_str, sizeof(pwend_str), TRUE);
1409 kdc_log(context, config, 0,
1410 "Server's key has expired at -- %s",
1411 pwend_str, server_name);
1412 return KRB5KDC_ERR_KEY_EXPIRED;
1413 }
1414 }
1415 return 0;
1416 }
1417
1418 /*
1419 * Return TRUE if `from' is part of `addresses' taking into consideration
1420 * the configuration variables that tells us how strict we should be about
1421 * these checks
1422 */
1423
1424 krb5_boolean
1425 _kdc_check_addresses(krb5_context context,
1426 krb5_kdc_configuration *config,
1427 HostAddresses *addresses, const struct sockaddr *from)
1428 {
1429 krb5_error_code ret;
1430 krb5_address addr;
1431 krb5_boolean result;
1432 krb5_boolean only_netbios = TRUE;
1433 size_t i;
1434
1435 if(config->check_ticket_addresses == 0)
1436 return TRUE;
1437
1438 if(addresses == NULL)
1439 return config->allow_null_ticket_addresses;
1440
1441 for (i = 0; i < addresses->len; ++i) {
1442 if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
1443 only_netbios = FALSE;
1444 }
1445 }
1446
1447 /* Windows sends it's netbios name, which I can only assume is
1448 * used for the 'allowed workstations' check. This is painful,
1449 * but we still want to check IP addresses if they happen to be
1450 * present.
1451 */
1452
1453 if(only_netbios)
1454 return config->allow_null_ticket_addresses;
1455
1456 ret = krb5_sockaddr2address (context, from, &addr);
1457 if(ret)
1458 return FALSE;
1459
1460 result = krb5_address_search(context, &addr, addresses);
1461 krb5_free_address (context, &addr);
1462 return result;
1463 }
1464
1465 /*
1466 *
1467 */
1468
1469 static krb5_boolean
1470 send_pac_p(krb5_context context, KDC_REQ *req)
1471 {
1472 krb5_error_code ret;
1473 PA_PAC_REQUEST pacreq;
1474 const PA_DATA *pa;
1475 int i = 0;
1476
1477 pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST);
1478 if (pa == NULL)
1479 return TRUE;
1480
1481 ret = decode_PA_PAC_REQUEST(pa->padata_value.data,
1482 pa->padata_value.length,
1483 &pacreq,
1484 NULL);
1485 if (ret)
1486 return TRUE;
1487 i = pacreq.include_pac;
1488 free_PA_PAC_REQUEST(&pacreq);
1489 if (i == 0)
1490 return FALSE;
1491 return TRUE;
1492 }
1493
1494 /*
1495 *
1496 */
1497
1498 static krb5_error_code
1499 generate_pac(kdc_request_t r, Key *skey)
1500 {
1501 krb5_error_code ret;
1502 krb5_pac p = NULL;
1503 krb5_data data;
1504
1505 ret = _kdc_pac_generate(r->context, r->client, &p);
1506 if (ret) {
1507 _kdc_r_log(r, 0, "PAC generation failed for -- %s",
1508 r->client_name);
1509 return ret;
1510 }
1511 if (p == NULL)
1512 return 0;
1513
1514 ret = _krb5_pac_sign(r->context, p, r->et.authtime,
1515 r->client->entry.principal,
1516 &skey->key, /* Server key */
1517 &skey->key, /* FIXME: should be krbtgt key */
1518 &data);
1519 krb5_pac_free(r->context, p);
1520 if (ret) {
1521 _kdc_r_log(r, 0, "PAC signing failed for -- %s",
1522 r->client_name);
1523 return ret;
1524 }
1525
1526 ret = _kdc_tkt_add_if_relevant_ad(r->context, &r->et,
1527 KRB5_AUTHDATA_WIN2K_PAC,
1528 &data);
1529 krb5_data_free(&data);
1530
1531 return ret;
1532 }
1533
1534 /*
1535 *
1536 */
1537
1538 krb5_boolean
1539 _kdc_is_anonymous(krb5_context context, krb5_principal principal)
1540 {
1541 if (principal->name.name_type != KRB5_NT_WELLKNOWN ||
1542 principal->name.name_string.len != 2 ||
1543 strcmp(principal->name.name_string.val[0], KRB5_WELLKNOWN_NAME) != 0 ||
1544 strcmp(principal->name.name_string.val[1], KRB5_ANON_NAME) != 0)
1545 return 0;
1546 return 1;
1547 }
1548
1549 static int
1550 require_preauth_p(kdc_request_t r)
1551 {
1552 return r->config->require_preauth
1553 || r->client->entry.flags.require_preauth
1554 || r->server->entry.flags.require_preauth;
1555 }
1556
1557
1558 /*
1559 *
1560 */
1561
1562 static krb5_error_code
1563 add_enc_pa_rep(kdc_request_t r)
1564 {
1565 krb5_error_code ret;
1566 krb5_crypto crypto;
1567 Checksum checksum;
1568 krb5_data cdata;
1569 size_t len;
1570
1571 ret = krb5_crypto_init(r->context, &r->reply_key, 0, &crypto);
1572 if (ret)
1573 return ret;
1574
1575 ret = krb5_create_checksum(r->context, crypto,
1576 KRB5_KU_AS_REQ, 0,
1577 r->request.data, r->request.length,
1578 &checksum);
1579 krb5_crypto_destroy(r->context, crypto);
1580 if (ret)
1581 return ret;
1582
1583 ASN1_MALLOC_ENCODE(Checksum, cdata.data, cdata.length,
1584 &checksum, &len, ret);
1585 free_Checksum(&checksum);
1586 if (ret)
1587 return ret;
1588 heim_assert(cdata.length == len, "ASN.1 internal error");
1589
1590 if (r->ek.encrypted_pa_data == NULL) {
1591 ALLOC(r->ek.encrypted_pa_data);
1592 if (r->ek.encrypted_pa_data == NULL)
1593 return ENOMEM;
1594 }
1595 ret = krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1596 KRB5_PADATA_REQ_ENC_PA_REP, cdata.data, cdata.length);
1597 if (ret)
1598 return ret;
1599
1600 return krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1601 KRB5_PADATA_FX_FAST, NULL, 0);
1602 }
1603
1604 /*
1605 *
1606 */
1607
1608 krb5_error_code
1609 _kdc_as_rep(kdc_request_t r,
1610 krb5_data *reply,
1611 const char *from,
1612 struct sockaddr *from_addr,
1613 int datagram_reply)
1614 {
1615 krb5_context context = r->context;
1616 krb5_kdc_configuration *config = r->config;
1617 KDC_REQ *req = &r->req;
1618 KDC_REQ_BODY *b = NULL;
1619 AS_REP rep;
1620 KDCOptions f;
1621 krb5_enctype setype;
1622 krb5_error_code ret = 0;
1623 Key *skey;
1624 int found_pa = 0;
1625 int i, flags = HDB_F_FOR_AS_REQ;
1626 METHOD_DATA error_method;
1627 const PA_DATA *pa;
1628
1629 memset(&rep, 0, sizeof(rep));
1630 error_method.len = 0;
1631 error_method.val = NULL;
1632
1633 /*
1634 * Look for FAST armor and unwrap
1635 */
1636 ret = _kdc_fast_unwrap_request(r);
1637 if (ret) {
1638 _kdc_r_log(r, 0, "FAST unwrap request from %s failed: %d", from, ret);
1639 goto out;
1640 }
1641
1642 b = &req->req_body;
1643 f = b->kdc_options;
1644
1645 if (f.canonicalize)
1646 flags |= HDB_F_CANON;
1647
1648 if(b->sname == NULL){
1649 ret = KRB5KRB_ERR_GENERIC;
1650 _kdc_set_e_text(r, "No server in request");
1651 } else{
1652 ret = _krb5_principalname2krb5_principal (context,
1653 &r->server_princ,
1654 *(b->sname),
1655 b->realm);
1656 if (ret == 0)
1657 ret = krb5_unparse_name(context, r->server_princ, &r->server_name);
1658 }
1659 if (ret) {
1660 kdc_log(context, config, 0,
1661 "AS-REQ malformed server name from %s", from);
1662 goto out;
1663 }
1664 if(b->cname == NULL){
1665 ret = KRB5KRB_ERR_GENERIC;
1666 _kdc_set_e_text(r, "No client in request");
1667 } else {
1668 ret = _krb5_principalname2krb5_principal (context,
1669 &r->client_princ,
1670 *(b->cname),
1671 b->realm);
1672 if (ret)
1673 goto out;
1674
1675 ret = krb5_unparse_name(context, r->client_princ, &r->client_name);
1676 }
1677 if (ret) {
1678 kdc_log(context, config, 0,
1679 "AS-REQ malformed client name from %s", from);
1680 goto out;
1681 }
1682
1683 kdc_log(context, config, 0, "AS-REQ %s from %s for %s",
1684 r->client_name, from, r->server_name);
1685
1686 /*
1687 *
1688 */
1689
1690 if (_kdc_is_anonymous(context, r->client_princ)) {
1691 if (!_kdc_is_anon_request(b)) {
1692 kdc_log(context, config, 0, "Anonymous ticket w/o anonymous flag");
1693 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1694 goto out;
1695 }
1696 } else if (_kdc_is_anon_request(b)) {
1697 kdc_log(context, config, 0,
1698 "Request for a anonymous ticket with non "
1699 "anonymous client name: %s", r->client_name);
1700 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1701 goto out;
1702 }
1703
1704 /*
1705 *
1706 */
1707
1708 ret = _kdc_db_fetch(context, config, r->client_princ,
1709 HDB_F_GET_CLIENT | flags, NULL,
1710 &r->clientdb, &r->client);
1711 if(ret == HDB_ERR_NOT_FOUND_HERE) {
1712 kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy",
1713 r->client_name);
1714 goto out;
1715 } else if (ret == HDB_ERR_WRONG_REALM) {
1716 char *fixed_client_name = NULL;
1717
1718 ret = krb5_unparse_name(context, r->client->entry.principal,
1719 &fixed_client_name);
1720 if (ret) {
1721 goto out;
1722 }
1723
1724 kdc_log(context, config, 0, "WRONG_REALM - %s -> %s",
1725 r->client_name, fixed_client_name);
1726 free(fixed_client_name);
1727
1728 ret = _kdc_fast_mk_error(context, r,
1729 &error_method,
1730 r->armor_crypto,
1731 &req->req_body,
1732 KRB5_KDC_ERR_WRONG_REALM,
1733 NULL,
1734 r->server_princ,
1735 NULL,
1736 &r->client->entry.principal->realm,
1737 NULL, NULL,
1738 reply);
1739 goto out;
1740 } else if(ret){
1741 const char *msg = krb5_get_error_message(context, ret);
1742 kdc_log(context, config, 0, "UNKNOWN -- %s: %s", r->client_name, msg);
1743 krb5_free_error_message(context, msg);
1744 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1745 goto out;
1746 }
1747 ret = _kdc_db_fetch(context, config, r->server_princ,
1748 HDB_F_GET_SERVER|HDB_F_GET_KRBTGT | flags,
1749 NULL, NULL, &r->server);
1750 if(ret == HDB_ERR_NOT_FOUND_HERE) {
1751 kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy",
1752 r->server_name);
1753 goto out;
1754 } else if(ret){
1755 const char *msg = krb5_get_error_message(context, ret);
1756 kdc_log(context, config, 0, "UNKNOWN -- %s: %s", r->server_name, msg);
1757 krb5_free_error_message(context, msg);
1758 ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
1759 goto out;
1760 }
1761
1762 /*
1763 * Select a session enctype from the list of the crypto system
1764 * supported enctypes that is supported by the client and is one of
1765 * the enctype of the enctype of the service (likely krbtgt).
1766 *
1767 * The latter is used as a hint of what enctypes all KDC support,
1768 * to make sure a newer version of KDC won't generate a session
1769 * enctype that an older version of a KDC in the same realm can't
1770 * decrypt.
1771 */
1772
1773 ret = _kdc_find_etype(context,
1774 krb5_principal_is_krbtgt(context, r->server_princ) ?
1775 config->tgt_use_strongest_session_key :
1776 config->svc_use_strongest_session_key, FALSE,
1777 r->client, b->etype.val, b->etype.len, &r->sessionetype,
1778 NULL);
1779 if (ret) {
1780 kdc_log(context, config, 0,
1781 "Client (%s) from %s has no common enctypes with KDC "
1782 "to use for the session key",
1783 r->client_name, from);
1784 goto out;
1785 }
1786
1787 /*
1788 * Pre-auth processing
1789 */
1790
1791 if(req->padata){
1792 unsigned int n;
1793
1794 log_patypes(context, config, req->padata);
1795
1796 /* Check if preauth matching */
1797
1798 for (n = 0; !found_pa && n < sizeof(pat) / sizeof(pat[0]); n++) {
1799 if (pat[n].validate == NULL)
1800 continue;
1801 if (r->armor_crypto == NULL && (pat[n].flags & PA_REQ_FAST))
1802 continue;
1803
1804 kdc_log(context, config, 5,
1805 "Looking for %s pa-data -- %s", pat[n].name, r->client_name);
1806 i = 0;
1807 pa = _kdc_find_padata(req, &i, pat[n].type);
1808 if (pa) {
1809 ret = pat[n].validate(r, pa);
1810 if (ret != 0) {
1811 goto out;
1812 }
1813 kdc_log(context, config, 0,
1814 "%s pre-authentication succeeded -- %s",
1815 pat[n].name, r->client_name);
1816 found_pa = 1;
1817 r->et.flags.pre_authent = 1;
1818 }
1819 }
1820 }
1821
1822 if (found_pa == 0) {
1823 Key *ckey = NULL;
1824 size_t n;
1825
1826 for (n = 0; n < sizeof(pat) / sizeof(pat[0]); n++) {
1827 if ((pat[n].flags & PA_ANNOUNCE) == 0)
1828 continue;
1829 ret = krb5_padata_add(context, &error_method,
1830 pat[n].type, NULL, 0);
1831 if (ret)
1832 goto out;
1833 }
1834
1835 /*
1836 * If there is a client key, send ETYPE_INFO{,2}
1837 */
1838 ret = _kdc_find_etype(context,
1839 config->preauth_use_strongest_session_key, TRUE,
1840 r->client, b->etype.val, b->etype.len, NULL, &ckey);
1841 if (ret == 0) {
1842
1843 /*
1844 * RFC4120 requires:
1845 * - If the client only knows about old enctypes, then send
1846 * both info replies (we send 'info' first in the list).
1847 * - If the client is 'modern', because it knows about 'new'
1848 * enctype types, then only send the 'info2' reply.
1849 *
1850 * Before we send the full list of etype-info data, we pick
1851 * the client key we would have used anyway below, just pick
1852 * that instead.
1853 */
1854
1855 if (older_enctype(ckey->key.keytype)) {
1856 ret = get_pa_etype_info(context, config,
1857 &error_method, ckey);
1858 if (ret)
1859 goto out;
1860 }
1861 ret = get_pa_etype_info2(context, config,
1862 &error_method, ckey);
1863 if (ret)
1864 goto out;
1865 }
1866
1867 /*
1868 * send requre preauth is its required or anon is requested,
1869 * anon is today only allowed via preauth mechanisms.
1870 */
1871 if (require_preauth_p(r) || _kdc_is_anon_request(b)) {
1872 ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
1873 _kdc_set_e_text(r, "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ");
1874 goto out;
1875 }
1876
1877 if (ckey == NULL) {
1878 ret = KRB5KDC_ERR_CLIENT_NOTYET;
1879 _kdc_set_e_text(r, "Doesn't have a client key available");
1880 goto out;
1881 }
1882 krb5_free_keyblock_contents(r->context, &r->reply_key);
1883 ret = krb5_copy_keyblock_contents(r->context, &ckey->key, &r->reply_key);
1884 if (ret)
1885 goto out;
1886 }
1887
1888 if (r->clientdb->hdb_auth_status) {
1889 r->clientdb->hdb_auth_status(context, r->clientdb, r->client,
1890 HDB_AUTH_SUCCESS);
1891 }
1892
1893 /*
1894 * Verify flags after the user been required to prove its identity
1895 * with in a preauth mech.
1896 */
1897
1898 ret = _kdc_check_access(context, config, r->client, r->client_name,
1899 r->server, r->server_name,
1900 req, &error_method);
1901 if(ret)
1902 goto out;
1903
1904 /*
1905 * Select the best encryption type for the KDC with out regard to
1906 * the client since the client never needs to read that data.
1907 */
1908
1909 ret = _kdc_get_preferred_key(context, config,
1910 r->server, r->server_name,
1911 &setype, &skey);
1912 if(ret)
1913 goto out;
1914
1915 if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
1916 || (_kdc_is_anon_request(b) && !config->allow_anonymous)) {
1917 ret = KRB5KDC_ERR_BADOPTION;
1918 _kdc_set_e_text(r, "Bad KDC options");
1919 goto out;
1920 }
1921
1922 /*
1923 * Build reply
1924 */
1925
1926 rep.pvno = 5;
1927 rep.msg_type = krb_as_rep;
1928
1929 if (_kdc_is_anonymous(context, r->client_princ)) {
1930 Realm anon_realm=KRB5_ANON_REALM;
1931 ret = copy_Realm(&anon_realm, &rep.crealm);
1932 } else
1933 ret = copy_Realm(&r->client->entry.principal->realm, &rep.crealm);
1934 if (ret)
1935 goto out;
1936 ret = _krb5_principal2principalname(&rep.cname, r->client->entry.principal);
1937 if (ret)
1938 goto out;
1939
1940 rep.ticket.tkt_vno = 5;
1941 copy_Realm(&r->server->entry.principal->realm, &rep.ticket.realm);
1942 _krb5_principal2principalname(&rep.ticket.sname,
1943 r->server->entry.principal);
1944 /* java 1.6 expects the name to be the same type, lets allow that
1945 * uncomplicated name-types. */
1946 #define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
1947 if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
1948 rep.ticket.sname.name_type = b->sname->name_type;
1949 #undef CNT
1950
1951 r->et.flags.initial = 1;
1952 if(r->client->entry.flags.forwardable && r->server->entry.flags.forwardable)
1953 r->et.flags.forwardable = f.forwardable;
1954 else if (f.forwardable) {
1955 _kdc_set_e_text(r, "Ticket may not be forwardable");
1956 ret = KRB5KDC_ERR_POLICY;
1957 goto out;
1958 }
1959 if(r->client->entry.flags.proxiable && r->server->entry.flags.proxiable)
1960 r->et.flags.proxiable = f.proxiable;
1961 else if (f.proxiable) {
1962 _kdc_set_e_text(r, "Ticket may not be proxiable");
1963 ret = KRB5KDC_ERR_POLICY;
1964 goto out;
1965 }
1966 if(r->client->entry.flags.postdate && r->server->entry.flags.postdate)
1967 r->et.flags.may_postdate = f.allow_postdate;
1968 else if (f.allow_postdate){
1969 _kdc_set_e_text(r, "Ticket may not be postdate");
1970 ret = KRB5KDC_ERR_POLICY;
1971 goto out;
1972 }
1973
1974 /* check for valid set of addresses */
1975 if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) {
1976 _kdc_set_e_text(r, "Bad address list in requested");
1977 ret = KRB5KRB_AP_ERR_BADADDR;
1978 goto out;
1979 }
1980
1981 ret = copy_PrincipalName(&rep.cname, &r->et.cname);
1982 if (ret)
1983 goto out;
1984 ret = copy_Realm(&rep.crealm, &r->et.crealm);
1985 if (ret)
1986 goto out;
1987
1988 {
1989 time_t start;
1990 time_t t;
1991
1992 start = r->et.authtime = kdc_time;
1993
1994 if(f.postdated && req->req_body.from){
1995 ALLOC(r->et.starttime);
1996 start = *r->et.starttime = *req->req_body.from;
1997 r->et.flags.invalid = 1;
1998 r->et.flags.postdated = 1; /* XXX ??? */
1999 }
2000 _kdc_fix_time(&b->till);
2001 t = *b->till;
2002
2003 /* be careful not overflowing */
2004
2005 if(r->client->entry.max_life)
2006 t = start + min(t - start, *r->client->entry.max_life);
2007 if(r->server->entry.max_life)
2008 t = start + min(t - start, *r->server->entry.max_life);
2009 #if 0
2010 t = min(t, start + realm->max_life);
2011 #endif
2012 r->et.endtime = t;
2013 if(f.renewable_ok && r->et.endtime < *b->till){
2014 f.renewable = 1;
2015 if(b->rtime == NULL){
2016 ALLOC(b->rtime);
2017 *b->rtime = 0;
2018 }
2019 if(*b->rtime < *b->till)
2020 *b->rtime = *b->till;
2021 }
2022 if(f.renewable && b->rtime){
2023 t = *b->rtime;
2024 if(t == 0)
2025 t = MAX_TIME;
2026 if(r->client->entry.max_renew)
2027 t = start + min(t - start, *r->client->entry.max_renew);
2028 if(r->server->entry.max_renew)
2029 t = start + min(t - start, *r->server->entry.max_renew);
2030 #if 0
2031 t = min(t, start + realm->max_renew);
2032 #endif
2033 ALLOC(r->et.renew_till);
2034 *r->et.renew_till = t;
2035 r->et.flags.renewable = 1;
2036 }
2037 }
2038
2039 if (_kdc_is_anon_request(b))
2040 r->et.flags.anonymous = 1;
2041
2042 if(b->addresses){
2043 ALLOC(r->et.caddr);
2044 copy_HostAddresses(b->addresses, r->et.caddr);
2045 }
2046
2047 r->et.transited.tr_type = DOMAIN_X500_COMPRESS;
2048 krb5_data_zero(&r->et.transited.contents);
2049
2050 /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
2051 * as 0 and as 0x80 (meaning indefinite length) apart, and is thus
2052 * incapable of correctly decoding SEQUENCE OF's of zero length.
2053 *
2054 * To fix this, always send at least one no-op last_req
2055 *
2056 * If there's a pw_end or valid_end we will use that,
2057 * otherwise just a dummy lr.
2058 */
2059 r->ek.last_req.val = malloc(2 * sizeof(*r->ek.last_req.val));
2060 if (r->ek.last_req.val == NULL) {
2061 ret = ENOMEM;
2062 goto out;
2063 }
2064 r->ek.last_req.len = 0;
2065 if (r->client->entry.pw_end
2066 && (config->kdc_warn_pwexpire == 0
2067 || kdc_time + config->kdc_warn_pwexpire >= *r->client->entry.pw_end)) {
2068 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_PW_EXPTIME;
2069 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.pw_end;
2070 ++r->ek.last_req.len;
2071 }
2072 if (r->client->entry.valid_end) {
2073 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_ACCT_EXPTIME;
2074 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.valid_end;
2075 ++r->ek.last_req.len;
2076 }
2077 if (r->ek.last_req.len == 0) {
2078 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_NONE;
2079 r->ek.last_req.val[r->ek.last_req.len].lr_value = 0;
2080 ++r->ek.last_req.len;
2081 }
2082 r->ek.nonce = b->nonce;
2083 if (r->client->entry.valid_end || r->client->entry.pw_end) {
2084 ALLOC(r->ek.key_expiration);
2085 if (r->client->entry.valid_end) {
2086 if (r->client->entry.pw_end)
2087 *r->ek.key_expiration = min(*r->client->entry.valid_end,
2088 *r->client->entry.pw_end);
2089 else
2090 *r->ek.key_expiration = *r->client->entry.valid_end;
2091 } else
2092 *r->ek.key_expiration = *r->client->entry.pw_end;
2093 } else
2094 r->ek.key_expiration = NULL;
2095 r->ek.flags = r->et.flags;
2096 r->ek.authtime = r->et.authtime;
2097 if (r->et.starttime) {
2098 ALLOC(r->ek.starttime);
2099 *r->ek.starttime = *r->et.starttime;
2100 }
2101 r->ek.endtime = r->et.endtime;
2102 if (r->et.renew_till) {
2103 ALLOC(r->ek.renew_till);
2104 *r->ek.renew_till = *r->et.renew_till;
2105 }
2106 copy_Realm(&rep.ticket.realm, &r->ek.srealm);
2107 copy_PrincipalName(&rep.ticket.sname, &r->ek.sname);
2108 if(r->et.caddr){
2109 ALLOC(r->ek.caddr);
2110 copy_HostAddresses(r->et.caddr, r->ek.caddr);
2111 }
2112
2113 /*
2114 * Check and session and reply keys
2115 */
2116
2117 if (r->session_key.keytype == ETYPE_NULL) {
2118 ret = krb5_generate_random_keyblock(context, r->sessionetype, &r->session_key);
2119 if (ret)
2120 goto out;
2121 }
2122
2123 if (r->reply_key.keytype == ETYPE_NULL) {
2124 _kdc_set_e_text(r, "Client have no reply key");
2125 ret = KRB5KDC_ERR_CLIENT_NOTYET;
2126 goto out;
2127 }
2128
2129 ret = copy_EncryptionKey(&r->session_key, &r->et.key);
2130 if (ret)
2131 goto out;
2132
2133 ret = copy_EncryptionKey(&r->session_key, &r->ek.key);
2134 if (ret)
2135 goto out;
2136
2137 if (r->outpadata.len) {
2138
2139 ALLOC(rep.padata);
2140 if (rep.padata == NULL) {
2141 ret = ENOMEM;
2142 goto out;
2143 }
2144 ret = copy_METHOD_DATA(&r->outpadata, rep.padata);
2145 if (ret)
2146 goto out;
2147 }
2148
2149 /* Add the PAC */
2150 if (send_pac_p(context, req)) {
2151 generate_pac(r, skey);
2152 }
2153
2154 _kdc_log_timestamp(context, config, "AS-REQ", r->et.authtime, r->et.starttime,
2155 r->et.endtime, r->et.renew_till);
2156
2157 /* do this as the last thing since this signs the EncTicketPart */
2158 ret = _kdc_add_KRB5SignedPath(context,
2159 config,
2160 r->server,
2161 setype,
2162 r->client->entry.principal,
2163 NULL,
2164 NULL,
2165 &r->et);
2166 if (ret)
2167 goto out;
2168
2169 log_as_req(context, config, r->reply_key.keytype, setype, b);
2170
2171 /*
2172 * We always say we support FAST/enc-pa-rep
2173 */
2174
2175 r->et.flags.enc_pa_rep = r->ek.flags.enc_pa_rep = 1;
2176
2177 /*
2178 * Add REQ_ENC_PA_REP if client supports it
2179 */
2180
2181 i = 0;
2182 pa = _kdc_find_padata(req, &i, KRB5_PADATA_REQ_ENC_PA_REP);
2183 if (pa) {
2184
2185 ret = add_enc_pa_rep(r);
2186 if (ret) {
2187 const char *msg = krb5_get_error_message(r->context, ret);
2188 _kdc_r_log(r, 0, "add_enc_pa_rep failed: %s: %d", msg, ret);
2189 krb5_free_error_message(r->context, msg);
2190 goto out;
2191 }
2192 }
2193
2194 /*
2195 *
2196 */
2197
2198 ret = _kdc_encode_reply(context, config,
2199 r->armor_crypto, req->req_body.nonce,
2200 &rep, &r->et, &r->ek, setype, r->server->entry.kvno,
2201 &skey->key, r->client->entry.kvno,
2202 &r->reply_key, 0, &r->e_text, reply);
2203 if (ret)
2204 goto out;
2205
2206 /*
2207 * Check if message too large
2208 */
2209 if (datagram_reply && reply->length > config->max_datagram_reply_length) {
2210 krb5_data_free(reply);
2211 ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
2212 _kdc_set_e_text(r, "Reply packet too large");
2213 }
2214
2215 out:
2216 free_AS_REP(&rep);
2217
2218 /*
2219 * In case of a non proxy error, build an error message.
2220 */
2221 if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
2222 ret = _kdc_fast_mk_error(context, r,
2223 &error_method,
2224 r->armor_crypto,
2225 &req->req_body,
2226 ret, r->e_text,
2227 r->server_princ,
2228 &r->client_princ->name,
2229 &r->client_princ->realm,
2230 NULL, NULL,
2231 reply);
2232 if (ret)
2233 goto out2;
2234 }
2235 out2:
2236 free_EncTicketPart(&r->et);
2237 free_EncKDCRepPart(&r->ek);
2238 free_KDCFastState(&r->fast);
2239
2240 if (error_method.len)
2241 free_METHOD_DATA(&error_method);
2242 if (r->outpadata.len)
2243 free_METHOD_DATA(&r->outpadata);
2244 if (r->client_princ) {
2245 krb5_free_principal(context, r->client_princ);
2246 r->client_princ = NULL;
2247 }
2248 if (r->client_name) {
2249 free(r->client_name);
2250 r->client_name = NULL;
2251 }
2252 if (r->server_princ){
2253 krb5_free_principal(context, r->server_princ);
2254 r->server_princ = NULL;
2255 }
2256 if (r->server_name) {
2257 free(r->server_name);
2258 r->server_name = NULL;
2259 }
2260 if (r->client)
2261 _kdc_free_ent(context, r->client);
2262 if (r->server)
2263 _kdc_free_ent(context, r->server);
2264 if (r->armor_crypto) {
2265 krb5_crypto_destroy(r->context, r->armor_crypto);
2266 r->armor_crypto = NULL;
2267 }
2268 krb5_free_keyblock_contents(r->context, &r->reply_key);
2269 krb5_free_keyblock_contents(r->context, &r->session_key);
2270 return ret;
2271 }
2272
2273 /*
2274 * Add the AuthorizationData `data´ of `type´ to the last element in
2275 * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT
2276 */
2277
2278 krb5_error_code
2279 _kdc_tkt_add_if_relevant_ad(krb5_context context,
2280 EncTicketPart *tkt,
2281 int type,
2282 const krb5_data *data)
2283 {
2284 krb5_error_code ret;
2285 size_t size = 0;
2286
2287 if (tkt->authorization_data == NULL) {
2288 tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
2289 if (tkt->authorization_data == NULL) {
2290 krb5_set_error_message(context, ENOMEM, "out of memory");
2291 return ENOMEM;
2292 }
2293 }
2294
2295 /* add the entry to the last element */
2296 {
2297 AuthorizationData ad = { 0, NULL };
2298 AuthorizationDataElement ade;
2299
2300 ade.ad_type = type;
2301 ade.ad_data = *data;
2302
2303 ret = add_AuthorizationData(&ad, &ade);
2304 if (ret) {
2305 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2306 return ret;
2307 }
2308
2309 ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
2310
2311 ASN1_MALLOC_ENCODE(AuthorizationData,
2312 ade.ad_data.data, ade.ad_data.length,
2313 &ad, &size, ret);
2314 free_AuthorizationData(&ad);
2315 if (ret) {
2316 krb5_set_error_message(context, ret, "ASN.1 encode of "
2317 "AuthorizationData failed");
2318 return ret;
2319 }
2320 if (ade.ad_data.length != size)
2321 krb5_abortx(context, "internal asn.1 encoder error");
2322
2323 ret = add_AuthorizationData(tkt->authorization_data, &ade);
2324 der_free_octet_string(&ade.ad_data);
2325 if (ret) {
2326 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2327 return ret;
2328 }
2329 }
2330
2331 return 0;
2332 }
2333
2334 krb5_boolean
2335 _kdc_is_anon_request(const KDC_REQ_BODY *b)
2336 {
2337 /* some versions of heimdal use bit 14 instead of 16 for
2338 request_anonymous, as indicated in the anonymous draft prior to
2339 version 11. Bit 14 is assigned to S4U2Proxy, but all S4U2Proxy
2340 requests will have a second ticket; don't consider those anonymous */
2341 return (b->kdc_options.request_anonymous ||
2342 (b->kdc_options.constrained_delegation && !b->additional_tickets));
2343 }
Heimdal