search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix racy file ccache corruption in cred_delete()
[heimdal.git] / lib / krb5 / pac.c
blob58d43dcc416c54d8af99bf972eab365091f39302
1 /*
2 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35 #include <wind.h>
36
37 struct PAC_INFO_BUFFER {
38 uint32_t type;
39 uint32_t buffersize;
40 uint32_t offset_hi;
41 uint32_t offset_lo;
42 };
43
44 struct PACTYPE {
45 uint32_t numbuffers;
46 uint32_t version;
47 struct PAC_INFO_BUFFER buffers[1];
48 };
49
50 struct krb5_pac_data {
51 struct PACTYPE *pac;
52 krb5_data data;
53 struct PAC_INFO_BUFFER *server_checksum;
54 struct PAC_INFO_BUFFER *privsvr_checksum;
55 struct PAC_INFO_BUFFER *logon_name;
56 };
57
58 #define PAC_ALIGNMENT 8
59
60 #define PACTYPE_SIZE 8
61 #define PAC_INFO_BUFFER_SIZE 16
62
63 #define PAC_SERVER_CHECKSUM 6
64 #define PAC_PRIVSVR_CHECKSUM 7
65 #define PAC_LOGON_NAME 10
66 #define PAC_CONSTRAINED_DELEGATION 11
67
68 #define CHECK(r,f,l) \
69 do { \
70 if (((r) = f ) != 0) { \
71 krb5_clear_error_message(context); \
72 goto l; \
73 } \
74 } while(0)
75
76 static const char zeros[PAC_ALIGNMENT] = { 0 };
77
78 /*
79 * HMAC-MD5 checksum over any key (needed for the PAC routines)
80 */
81
82 static krb5_error_code
83 HMAC_MD5_any_checksum(krb5_context context,
84 const krb5_keyblock *key,
85 const void *data,
86 size_t len,
87 unsigned usage,
88 Checksum *result)
89 {
90 struct _krb5_key_data local_key;
91 krb5_error_code ret;
92
93 memset(&local_key, 0, sizeof(local_key));
94
95 ret = krb5_copy_keyblock(context, key, &local_key.key);
96 if (ret)
97 return ret;
98
99 ret = krb5_data_alloc (&result->checksum, 16);
100 if (ret) {
101 krb5_free_keyblock(context, local_key.key);
102 return ret;
103 }
104
105 result->cksumtype = CKSUMTYPE_HMAC_MD5;
106 ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result);
107 if (ret)
108 krb5_data_free(&result->checksum);
109
110 krb5_free_keyblock(context, local_key.key);
111 return ret;
112 }
113
114
115 /*
116 *
117 */
118
119 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
120 krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
121 krb5_pac *pac)
122 {
123 krb5_error_code ret;
124 krb5_pac p;
125 krb5_storage *sp = NULL;
126 uint32_t i, tmp, tmp2, header_end;
127
128 p = calloc(1, sizeof(*p));
129 if (p == NULL) {
130 ret = krb5_enomem(context);
131 goto out;
132 }
133
134 sp = krb5_storage_from_readonly_mem(ptr, len);
135 if (sp == NULL) {
136 ret = krb5_enomem(context);
137 goto out;
138 }
139 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
140
141 CHECK(ret, krb5_ret_uint32(sp, &tmp), out);
142 CHECK(ret, krb5_ret_uint32(sp, &tmp2), out);
143 if (tmp < 1) {
144 ret = EINVAL; /* Too few buffers */
145 krb5_set_error_message(context, ret, N_("PAC have too few buffer", ""));
146 goto out;
147 }
148 if (tmp2 != 0) {
149 ret = EINVAL; /* Wrong version */
150 krb5_set_error_message(context, ret,
151 N_("PAC have wrong version %d", ""),
152 (int)tmp2);
153 goto out;
154 }
155
156 p->pac = calloc(1,
157 sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1)));
158 if (p->pac == NULL) {
159 ret = krb5_enomem(context);
160 goto out;
161 }
162
163 p->pac->numbuffers = tmp;
164 p->pac->version = tmp2;
165
166 header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
167 if (header_end > len) {
168 ret = EINVAL;
169 goto out;
170 }
171
172 for (i = 0; i < p->pac->numbuffers; i++) {
173 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].type), out);
174 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].buffersize), out);
175 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_lo), out);
176 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_hi), out);
177
178 /* consistency checks */
179 if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) {
180 ret = EINVAL;
181 krb5_set_error_message(context, ret,
182 N_("PAC out of allignment", ""));
183 goto out;
184 }
185 if (p->pac->buffers[i].offset_hi) {
186 ret = EINVAL;
187 krb5_set_error_message(context, ret,
188 N_("PAC high offset set", ""));
189 goto out;
190 }
191 if (p->pac->buffers[i].offset_lo > len) {
192 ret = EINVAL;
193 krb5_set_error_message(context, ret,
194 N_("PAC offset off end", ""));
195 goto out;
196 }
197 if (p->pac->buffers[i].offset_lo < header_end) {
198 ret = EINVAL;
199 krb5_set_error_message(context, ret,
200 N_("PAC offset inside header: %lu %lu", ""),
201 (unsigned long)p->pac->buffers[i].offset_lo,
202 (unsigned long)header_end);
203 goto out;
204 }
205 if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){
206 ret = EINVAL;
207 krb5_set_error_message(context, ret, N_("PAC length off end", ""));
208 goto out;
209 }
210
211 /* let save pointer to data we need later */
212 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
213 if (p->server_checksum) {
214 ret = EINVAL;
215 krb5_set_error_message(context, ret,
216 N_("PAC have two server checksums", ""));
217 goto out;
218 }
219 p->server_checksum = &p->pac->buffers[i];
220 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
221 if (p->privsvr_checksum) {
222 ret = EINVAL;
223 krb5_set_error_message(context, ret,
224 N_("PAC have two KDC checksums", ""));
225 goto out;
226 }
227 p->privsvr_checksum = &p->pac->buffers[i];
228 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
229 if (p->logon_name) {
230 ret = EINVAL;
231 krb5_set_error_message(context, ret,
232 N_("PAC have two logon names", ""));
233 goto out;
234 }
235 p->logon_name = &p->pac->buffers[i];
236 }
237 }
238
239 ret = krb5_data_copy(&p->data, ptr, len);
240 if (ret)
241 goto out;
242
243 krb5_storage_free(sp);
244
245 *pac = p;
246 return 0;
247
248 out:
249 if (sp)
250 krb5_storage_free(sp);
251 if (p) {
252 if (p->pac)
253 free(p->pac);
254 free(p);
255 }
256 *pac = NULL;
257
258 return ret;
259 }
260
261 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
262 krb5_pac_init(krb5_context context, krb5_pac *pac)
263 {
264 krb5_error_code ret;
265 krb5_pac p;
266
267 p = calloc(1, sizeof(*p));
268 if (p == NULL) {
269 return krb5_enomem(context);
270 }
271
272 p->pac = calloc(1, sizeof(*p->pac));
273 if (p->pac == NULL) {
274 free(p);
275 return krb5_enomem(context);
276 }
277
278 ret = krb5_data_alloc(&p->data, PACTYPE_SIZE);
279 if (ret) {
280 free (p->pac);
281 free(p);
282 return krb5_enomem(context);
283 }
284
285 *pac = p;
286 return 0;
287 }
288
289 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
290 krb5_pac_add_buffer(krb5_context context, krb5_pac p,
291 uint32_t type, const krb5_data *data)
292 {
293 krb5_error_code ret;
294 void *ptr;
295 size_t len, offset, header_end, old_end;
296 uint32_t i;
297
298 len = p->pac->numbuffers;
299
300 ptr = realloc(p->pac,
301 sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len));
302 if (ptr == NULL)
303 return krb5_enomem(context);
304
305 p->pac = ptr;
306
307 for (i = 0; i < len; i++)
308 p->pac->buffers[i].offset_lo += PAC_INFO_BUFFER_SIZE;
309
310 offset = p->data.length + PAC_INFO_BUFFER_SIZE;
311
312 p->pac->buffers[len].type = type;
313 p->pac->buffers[len].buffersize = data->length;
314 p->pac->buffers[len].offset_lo = offset;
315 p->pac->buffers[len].offset_hi = 0;
316
317 old_end = p->data.length;
318 len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE;
319 if (len < p->data.length) {
320 krb5_set_error_message(context, EINVAL, "integer overrun");
321 return EINVAL;
322 }
323
324 /* align to PAC_ALIGNMENT */
325 len = ((len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
326
327 ret = krb5_data_realloc(&p->data, len);
328 if (ret) {
329 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
330 return ret;
331 }
332
333 /*
334 * make place for new PAC INFO BUFFER header
335 */
336 header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
337 memmove((unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE,
338 (unsigned char *)p->data.data + header_end ,
339 old_end - header_end);
340 memset((unsigned char *)p->data.data + header_end, 0, PAC_INFO_BUFFER_SIZE);
341
342 /*
343 * copy in new data part
344 */
345
346 memcpy((unsigned char *)p->data.data + offset,
347 data->data, data->length);
348 memset((unsigned char *)p->data.data + offset + data->length,
349 0, p->data.length - offset - data->length);
350
351 p->pac->numbuffers += 1;
352
353 return 0;
354 }
355
356 /**
357 * Get the PAC buffer of specific type from the pac.
358 *
359 * @param context Kerberos 5 context.
360 * @param p the pac structure returned by krb5_pac_parse().
361 * @param type type of buffer to get
362 * @param data return data, free with krb5_data_free().
363 *
364 * @return Returns 0 to indicate success. Otherwise an kerberos et
365 * error code is returned, see krb5_get_error_message().
366 *
367 * @ingroup krb5_pac
368 */
369
370 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
371 krb5_pac_get_buffer(krb5_context context, krb5_pac p,
372 uint32_t type, krb5_data *data)
373 {
374 krb5_error_code ret;
375 uint32_t i;
376
377 for (i = 0; i < p->pac->numbuffers; i++) {
378 const size_t len = p->pac->buffers[i].buffersize;
379 const size_t offset = p->pac->buffers[i].offset_lo;
380
381 if (p->pac->buffers[i].type != type)
382 continue;
383
384 ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len);
385 if (ret) {
386 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
387 return ret;
388 }
389 return 0;
390 }
391 krb5_set_error_message(context, ENOENT, "No PAC buffer of type %lu was found",
392 (unsigned long)type);
393 return ENOENT;
394 }
395
396 /*
397 *
398 */
399
400 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
401 krb5_pac_get_types(krb5_context context,
402 krb5_pac p,
403 size_t *len,
404 uint32_t **types)
405 {
406 size_t i;
407
408 *types = calloc(p->pac->numbuffers, sizeof(*types));
409 if (*types == NULL) {
410 *len = 0;
411 return krb5_enomem(context);
412 }
413 for (i = 0; i < p->pac->numbuffers; i++)
414 (*types)[i] = p->pac->buffers[i].type;
415 *len = p->pac->numbuffers;
416
417 return 0;
418 }
419
420 /*
421 *
422 */
423
424 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
425 krb5_pac_free(krb5_context context, krb5_pac pac)
426 {
427 krb5_data_free(&pac->data);
428 free(pac->pac);
429 free(pac);
430 }
431
432 /*
433 *
434 */
435
436 static krb5_error_code
437 verify_checksum(krb5_context context,
438 const struct PAC_INFO_BUFFER *sig,
439 const krb5_data *data,
440 void *ptr, size_t len,
441 const krb5_keyblock *key)
442 {
443 krb5_storage *sp = NULL;
444 uint32_t type;
445 krb5_error_code ret;
446 Checksum cksum;
447
448 memset(&cksum, 0, sizeof(cksum));
449
450 sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo,
451 sig->buffersize);
452 if (sp == NULL)
453 return krb5_enomem(context);
454
455 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
456
457 CHECK(ret, krb5_ret_uint32(sp, &type), out);
458 cksum.cksumtype = type;
459 cksum.checksum.length =
460 sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR);
461 cksum.checksum.data = malloc(cksum.checksum.length);
462 if (cksum.checksum.data == NULL) {
463 ret = krb5_enomem(context);
464 goto out;
465 }
466 ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
467 if (ret != (int)cksum.checksum.length) {
468 ret = EINVAL;
469 krb5_set_error_message(context, ret, "PAC checksum missing checksum");
470 goto out;
471 }
472
473 if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
474 ret = EINVAL;
475 krb5_set_error_message(context, ret, "Checksum type %d not keyed",
476 cksum.cksumtype);
477 goto out;
478 }
479
480 /* If the checksum is HMAC-MD5, the checksum type is not tied to
481 * the key type, instead the HMAC-MD5 checksum is applied blindly
482 * on whatever key is used for this connection, avoiding issues
483 * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See
484 * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743
485 * for the same issue in MIT, and
486 * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx
487 * for Microsoft's explaination */
488
489 if (cksum.cksumtype == CKSUMTYPE_HMAC_MD5) {
490 Checksum local_checksum;
491
492 memset(&local_checksum, 0, sizeof(local_checksum));
493
494 ret = HMAC_MD5_any_checksum(context, key, ptr, len,
495 KRB5_KU_OTHER_CKSUM, &local_checksum);
496
497 if (ret != 0 || krb5_data_ct_cmp(&local_checksum.checksum, &cksum.checksum) != 0) {
498 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
499 krb5_set_error_message(context, ret,
500 N_("PAC integrity check failed for "
501 "hmac-md5 checksum", ""));
502 }
503 krb5_data_free(&local_checksum.checksum);
504
505 } else {
506 krb5_crypto crypto = NULL;
507
508 ret = krb5_crypto_init(context, key, 0, &crypto);
509 if (ret)
510 goto out;
511
512 ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM,
513 ptr, len, &cksum);
514 krb5_crypto_destroy(context, crypto);
515 }
516 free(cksum.checksum.data);
517 krb5_storage_free(sp);
518
519 return ret;
520
521 out:
522 if (cksum.checksum.data)
523 free(cksum.checksum.data);
524 if (sp)
525 krb5_storage_free(sp);
526 return ret;
527 }
528
529 static krb5_error_code
530 create_checksum(krb5_context context,
531 const krb5_keyblock *key,
532 uint32_t cksumtype,
533 void *data, size_t datalen,
534 void *sig, size_t siglen)
535 {
536 krb5_crypto crypto = NULL;
537 krb5_error_code ret;
538 Checksum cksum;
539
540 /* If the checksum is HMAC-MD5, the checksum type is not tied to
541 * the key type, instead the HMAC-MD5 checksum is applied blindly
542 * on whatever key is used for this connection, avoiding issues
543 * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See
544 * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743
545 * for the same issue in MIT, and
546 * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx
547 * for Microsoft's explaination */
548
549 if (cksumtype == (uint32_t)CKSUMTYPE_HMAC_MD5) {
550 ret = HMAC_MD5_any_checksum(context, key, data, datalen,
551 KRB5_KU_OTHER_CKSUM, &cksum);
552 } else {
553 ret = krb5_crypto_init(context, key, 0, &crypto);
554 if (ret)
555 return ret;
556
557 ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0,
558 data, datalen, &cksum);
559 krb5_crypto_destroy(context, crypto);
560 if (ret)
561 return ret;
562 }
563 if (cksum.checksum.length != siglen) {
564 krb5_set_error_message(context, EINVAL, "pac checksum wrong length");
565 free_Checksum(&cksum);
566 return EINVAL;
567 }
568
569 memcpy(sig, cksum.checksum.data, siglen);
570 free_Checksum(&cksum);
571
572 return 0;
573 }
574
575
576 /*
577 *
578 */
579
580 #define NTTIME_EPOCH 0x019DB1DED53E8000LL
581
582 static uint64_t
583 unix2nttime(time_t unix_time)
584 {
585 long long wt;
586 wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
587 return wt;
588 }
589
590 static krb5_error_code
591 verify_logonname(krb5_context context,
592 const struct PAC_INFO_BUFFER *logon_name,
593 const krb5_data *data,
594 time_t authtime,
595 krb5_const_principal principal)
596 {
597 krb5_error_code ret;
598 krb5_principal p2;
599 uint32_t time1, time2;
600 krb5_storage *sp;
601 uint16_t len;
602 char *s;
603
604 sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
605 logon_name->buffersize);
606 if (sp == NULL)
607 return krb5_enomem(context);
608
609 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
610
611 CHECK(ret, krb5_ret_uint32(sp, &time1), out);
612 CHECK(ret, krb5_ret_uint32(sp, &time2), out);
613
614 {
615 uint64_t t1, t2;
616 t1 = unix2nttime(authtime);
617 t2 = ((uint64_t)time2 << 32) | time1;
618 /*
619 * When neither the ticket nor the PAC set an explicit authtime,
620 * both times are zero, but relative to different time scales.
621 * So we must compare "not set" values without converting to a
622 * common time reference.
623 */
624 if (t1 != t2 && (t2 != 0 && authtime != 0)) {
625 krb5_storage_free(sp);
626 krb5_set_error_message(context, EINVAL, "PAC timestamp mismatch");
627 return EINVAL;
628 }
629 }
630 CHECK(ret, krb5_ret_uint16(sp, &len), out);
631 if (len == 0) {
632 krb5_storage_free(sp);
633 krb5_set_error_message(context, EINVAL, "PAC logon name length missing");
634 return EINVAL;
635 }
636
637 s = malloc(len);
638 if (s == NULL) {
639 krb5_storage_free(sp);
640 return krb5_enomem(context);
641 }
642 ret = krb5_storage_read(sp, s, len);
643 if (ret != len) {
644 krb5_storage_free(sp);
645 krb5_set_error_message(context, EINVAL, "Failed to read PAC logon name");
646 return EINVAL;
647 }
648 krb5_storage_free(sp);
649 {
650 size_t ucs2len = len / 2;
651 uint16_t *ucs2;
652 size_t u8len;
653 unsigned int flags = WIND_RW_LE;
654
655 ucs2 = malloc(sizeof(ucs2[0]) * ucs2len);
656 if (ucs2 == NULL)
657 return krb5_enomem(context);
658
659 ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len);
660 free(s);
661 if (ret) {
662 free(ucs2);
663 krb5_set_error_message(context, ret, "Failed to convert string to UCS-2");
664 return ret;
665 }
666 ret = wind_ucs2utf8_length(ucs2, ucs2len, &u8len);
667 if (ret) {
668 free(ucs2);
669 krb5_set_error_message(context, ret, "Failed to count length of UCS-2 string");
670 return ret;
671 }
672 u8len += 1; /* Add space for NUL */
673 s = malloc(u8len);
674 if (s == NULL) {
675 free(ucs2);
676 return krb5_enomem(context);
677 }
678 ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len);
679 free(ucs2);
680 if (ret) {
681 free(s);
682 krb5_set_error_message(context, ret, "Failed to convert to UTF-8");
683 return ret;
684 }
685 }
686 ret = krb5_parse_name_flags(context, s, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2);
687 free(s);
688 if (ret)
689 return ret;
690
691 if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) {
692 ret = EINVAL;
693 krb5_set_error_message(context, ret, "PAC logon name mismatch");
694 }
695 krb5_free_principal(context, p2);
696 return ret;
697 out:
698 return ret;
699 }
700
701 /*
702 *
703 */
704
705 static krb5_error_code
706 build_logon_name(krb5_context context,
707 time_t authtime,
708 krb5_const_principal principal,
709 krb5_data *logon)
710 {
711 krb5_error_code ret;
712 krb5_storage *sp;
713 uint64_t t;
714 char *s, *s2;
715 size_t s2_len;
716
717 t = unix2nttime(authtime);
718
719 krb5_data_zero(logon);
720
721 sp = krb5_storage_emem();
722 if (sp == NULL)
723 return krb5_enomem(context);
724
725 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
726
727 CHECK(ret, krb5_store_uint32(sp, t & 0xffffffff), out);
728 CHECK(ret, krb5_store_uint32(sp, t >> 32), out);
729
730 ret = krb5_unparse_name_flags(context, principal,
731 KRB5_PRINCIPAL_UNPARSE_NO_REALM, &s);
732 if (ret)
733 goto out;
734
735 {
736 size_t ucs2_len;
737 uint16_t *ucs2;
738 unsigned int flags;
739
740 ret = wind_utf8ucs2_length(s, &ucs2_len);
741 if (ret) {
742 krb5_set_error_message(context, ret, "Principal %s is not valid UTF-8", s);
743 free(s);
744 return ret;
745 }
746
747 ucs2 = malloc(sizeof(ucs2[0]) * ucs2_len);
748 if (ucs2 == NULL) {
749 free(s);
750 return krb5_enomem(context);
751 }
752
753 ret = wind_utf8ucs2(s, ucs2, &ucs2_len);
754 if (ret) {
755 free(ucs2);
756 krb5_set_error_message(context, ret, "Principal %s is not valid UTF-8", s);
757 free(s);
758 return ret;
759 } else
760 free(s);
761
762 s2_len = (ucs2_len + 1) * 2;
763 s2 = malloc(s2_len);
764 if (ucs2 == NULL) {
765 free(ucs2);
766 return krb5_enomem(context);
767 }
768
769 flags = WIND_RW_LE;
770 ret = wind_ucs2write(ucs2, ucs2_len,
771 &flags, s2, &s2_len);
772 free(ucs2);
773 if (ret) {
774 free(s2);
775 krb5_set_error_message(context, ret, "Failed to write to UCS-2 buffer");
776 return ret;
777 }
778
779 /*
780 * we do not want zero termination
781 */
782 s2_len = ucs2_len * 2;
783 }
784
785 CHECK(ret, krb5_store_uint16(sp, s2_len), out);
786
787 ret = krb5_storage_write(sp, s2, s2_len);
788 free(s2);
789 if (ret != (int)s2_len) {
790 ret = krb5_enomem(context);
791 goto out;
792 }
793 ret = krb5_storage_to_data(sp, logon);
794 if (ret)
795 goto out;
796 krb5_storage_free(sp);
797
798 return 0;
799 out:
800 krb5_storage_free(sp);
801 return ret;
802 }
803
804
805 /**
806 * Verify the PAC.
807 *
808 * @param context Kerberos 5 context.
809 * @param pac the pac structure returned by krb5_pac_parse().
810 * @param authtime The time of the ticket the PAC belongs to.
811 * @param principal the principal to verify.
812 * @param server The service key, most always be given.
813 * @param privsvr The KDC key, may be given.
814
815 * @return Returns 0 to indicate success. Otherwise an kerberos et
816 * error code is returned, see krb5_get_error_message().
817 *
818 * @ingroup krb5_pac
819 */
820
821 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
822 krb5_pac_verify(krb5_context context,
823 const krb5_pac pac,
824 time_t authtime,
825 krb5_const_principal principal,
826 const krb5_keyblock *server,
827 const krb5_keyblock *privsvr)
828 {
829 krb5_error_code ret;
830
831 if (pac->server_checksum == NULL) {
832 krb5_set_error_message(context, EINVAL, "PAC missing server checksum");
833 return EINVAL;
834 }
835 if (pac->privsvr_checksum == NULL) {
836 krb5_set_error_message(context, EINVAL, "PAC missing kdc checksum");
837 return EINVAL;
838 }
839 if (pac->logon_name == NULL) {
840 krb5_set_error_message(context, EINVAL, "PAC missing logon name");
841 return EINVAL;
842 }
843
844 ret = verify_logonname(context,
845 pac->logon_name,
846 &pac->data,
847 authtime,
848 principal);
849 if (ret)
850 return ret;
851
852 /*
853 * in the service case, clean out data option of the privsvr and
854 * server checksum before checking the checksum.
855 */
856 {
857 krb5_data *copy;
858
859 ret = krb5_copy_data(context, &pac->data, &copy);
860 if (ret)
861 return ret;
862
863 if (pac->server_checksum->buffersize < 4)
864 return EINVAL;
865 if (pac->privsvr_checksum->buffersize < 4)
866 return EINVAL;
867
868 memset((char *)copy->data + pac->server_checksum->offset_lo + 4,
869 0,
870 pac->server_checksum->buffersize - 4);
871
872 memset((char *)copy->data + pac->privsvr_checksum->offset_lo + 4,
873 0,
874 pac->privsvr_checksum->buffersize - 4);
875
876 ret = verify_checksum(context,
877 pac->server_checksum,
878 &pac->data,
879 copy->data,
880 copy->length,
881 server);
882 krb5_free_data(context, copy);
883 if (ret)
884 return ret;
885 }
886 if (privsvr) {
887 /* The priv checksum covers the server checksum */
888 ret = verify_checksum(context,
889 pac->privsvr_checksum,
890 &pac->data,
891 (char *)pac->data.data
892 + pac->server_checksum->offset_lo + 4,
893 pac->server_checksum->buffersize - 4,
894 privsvr);
895 if (ret)
896 return ret;
897 }
898
899 return 0;
900 }
901
902 /*
903 *
904 */
905
906 static krb5_error_code
907 fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
908 {
909 ssize_t sret;
910 size_t l;
911
912 while (len) {
913 l = len;
914 if (l > sizeof(zeros))
915 l = sizeof(zeros);
916 sret = krb5_storage_write(sp, zeros, l);
917 if (sret <= 0)
918 return krb5_enomem(context);
919
920 len -= sret;
921 }
922 return 0;
923 }
924
925 static krb5_error_code
926 pac_checksum(krb5_context context,
927 const krb5_keyblock *key,
928 uint32_t *cksumtype,
929 size_t *cksumsize)
930 {
931 krb5_cksumtype cktype;
932 krb5_error_code ret;
933 krb5_crypto crypto = NULL;
934
935 ret = krb5_crypto_init(context, key, 0, &crypto);
936 if (ret)
937 return ret;
938
939 ret = krb5_crypto_get_checksum_type(context, crypto, &cktype);
940 krb5_crypto_destroy(context, crypto);
941 if (ret)
942 return ret;
943
944 if (krb5_checksum_is_keyed(context, cktype) == FALSE) {
945 *cksumtype = CKSUMTYPE_HMAC_MD5;
946 *cksumsize = 16;
947 }
948
949 ret = krb5_checksumsize(context, cktype, cksumsize);
950 if (ret)
951 return ret;
952
953 *cksumtype = (uint32_t)cktype;
954
955 return 0;
956 }
957
958 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
959 _krb5_pac_sign(krb5_context context,
960 krb5_pac p,
961 time_t authtime,
962 krb5_principal principal,
963 const krb5_keyblock *server_key,
964 const krb5_keyblock *priv_key,
965 krb5_data *data)
966 {
967 krb5_error_code ret;
968 krb5_storage *sp = NULL, *spdata = NULL;
969 uint32_t end;
970 size_t server_size, priv_size;
971 uint32_t server_offset = 0, priv_offset = 0;
972 uint32_t server_cksumtype = 0, priv_cksumtype = 0;
973 int num = 0;
974 size_t i;
975 krb5_data logon, d;
976
977 krb5_data_zero(&logon);
978
979 if (p->logon_name == NULL)
980 num++;
981 if (p->server_checksum == NULL)
982 num++;
983 if (p->privsvr_checksum == NULL)
984 num++;
985
986 if (num) {
987 void *ptr;
988
989 ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1)));
990 if (ptr == NULL)
991 return krb5_enomem(context);
992
993 p->pac = ptr;
994
995 if (p->logon_name == NULL) {
996 p->logon_name = &p->pac->buffers[p->pac->numbuffers++];
997 memset(p->logon_name, 0, sizeof(*p->logon_name));
998 p->logon_name->type = PAC_LOGON_NAME;
999 }
1000 if (p->server_checksum == NULL) {
1001 p->server_checksum = &p->pac->buffers[p->pac->numbuffers++];
1002 memset(p->server_checksum, 0, sizeof(*p->server_checksum));
1003 p->server_checksum->type = PAC_SERVER_CHECKSUM;
1004 }
1005 if (p->privsvr_checksum == NULL) {
1006 p->privsvr_checksum = &p->pac->buffers[p->pac->numbuffers++];
1007 memset(p->privsvr_checksum, 0, sizeof(*p->privsvr_checksum));
1008 p->privsvr_checksum->type = PAC_PRIVSVR_CHECKSUM;
1009 }
1010 }
1011
1012 /* Calculate LOGON NAME */
1013 ret = build_logon_name(context, authtime, principal, &logon);
1014 if (ret)
1015 goto out;
1016
1017 /* Set lengths for checksum */
1018 ret = pac_checksum(context, server_key, &server_cksumtype, &server_size);
1019 if (ret)
1020 goto out;
1021 ret = pac_checksum(context, priv_key, &priv_cksumtype, &priv_size);
1022 if (ret)
1023 goto out;
1024
1025 /* Encode PAC */
1026 sp = krb5_storage_emem();
1027 if (sp == NULL)
1028 return krb5_enomem(context);
1029
1030 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
1031
1032 spdata = krb5_storage_emem();
1033 if (spdata == NULL) {
1034 krb5_storage_free(sp);
1035 return krb5_enomem(context);
1036 }
1037 krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE);
1038
1039 CHECK(ret, krb5_store_uint32(sp, p->pac->numbuffers), out);
1040 CHECK(ret, krb5_store_uint32(sp, p->pac->version), out);
1041
1042 end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
1043
1044 for (i = 0; i < p->pac->numbuffers; i++) {
1045 uint32_t len;
1046 size_t sret;
1047 void *ptr = NULL;
1048
1049 /* store data */
1050
1051 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
1052 len = server_size + 4;
1053 server_offset = end + 4;
1054 CHECK(ret, krb5_store_uint32(spdata, server_cksumtype), out);
1055 CHECK(ret, fill_zeros(context, spdata, server_size), out);
1056 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
1057 len = priv_size + 4;
1058 priv_offset = end + 4;
1059 CHECK(ret, krb5_store_uint32(spdata, priv_cksumtype), out);
1060 CHECK(ret, fill_zeros(context, spdata, priv_size), out);
1061 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
1062 len = krb5_storage_write(spdata, logon.data, logon.length);
1063 if (logon.length != len) {
1064 ret = EINVAL;
1065 goto out;
1066 }
1067 } else {
1068 len = p->pac->buffers[i].buffersize;
1069 ptr = (char *)p->data.data + p->pac->buffers[i].offset_lo;
1070
1071 sret = krb5_storage_write(spdata, ptr, len);
1072 if (sret != len) {
1073 ret = krb5_enomem(context);
1074 goto out;
1075 }
1076 /* XXX if not aligned, fill_zeros */
1077 }
1078
1079 /* write header */
1080 CHECK(ret, krb5_store_uint32(sp, p->pac->buffers[i].type), out);
1081 CHECK(ret, krb5_store_uint32(sp, len), out);
1082 CHECK(ret, krb5_store_uint32(sp, end), out);
1083 CHECK(ret, krb5_store_uint32(sp, 0), out);
1084
1085 /* advance data endpointer and align */
1086 {
1087 int32_t e;
1088
1089 end += len;
1090 e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
1091 if ((int32_t)end != e) {
1092 CHECK(ret, fill_zeros(context, spdata, e - end), out);
1093 }
1094 end = e;
1095 }
1096
1097 }
1098
1099 /* assert (server_offset != 0 && priv_offset != 0); */
1100
1101 /* export PAC */
1102 ret = krb5_storage_to_data(spdata, &d);
1103 if (ret) {
1104 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
1105 goto out;
1106 }
1107 ret = krb5_storage_write(sp, d.data, d.length);
1108 if (ret != (int)d.length) {
1109 krb5_data_free(&d);
1110 ret = krb5_enomem(context);
1111 goto out;
1112 }
1113 krb5_data_free(&d);
1114
1115 ret = krb5_storage_to_data(sp, &d);
1116 if (ret) {
1117 ret = krb5_enomem(context);
1118 goto out;
1119 }
1120
1121 /* sign */
1122 ret = create_checksum(context, server_key, server_cksumtype,
1123 d.data, d.length,
1124 (char *)d.data + server_offset, server_size);
1125 if (ret) {
1126 krb5_data_free(&d);
1127 goto out;
1128 }
1129 ret = create_checksum(context, priv_key, priv_cksumtype,
1130 (char *)d.data + server_offset, server_size,
1131 (char *)d.data + priv_offset, priv_size);
1132 if (ret) {
1133 krb5_data_free(&d);
1134 goto out;
1135 }
1136
1137 /* done */
1138 *data = d;
1139
1140 krb5_data_free(&logon);
1141 krb5_storage_free(sp);
1142 krb5_storage_free(spdata);
1143
1144 return 0;
1145 out:
1146 krb5_data_free(&logon);
1147 if (sp)
1148 krb5_storage_free(sp);
1149 if (spdata)
1150 krb5_storage_free(spdata);
1151 return ret;
1152 }
Heimdal