Windows: Remove *_PA_ClientCanon* from export list
[heimdal.git] / kdc / fast.c
blob095929f85300deb21816921cb6413311ea68e648
1 /*
2 * Copyright (c) 1997-2011 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
6 * Portions Copyright (c) 2010 - 2011 Apple Inc. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
36 #include "kdc_locl.h"
38 static krb5_error_code
39 get_fastuser_crypto(kdc_request_t r, krb5_enctype enctype, krb5_crypto *crypto)
41 krb5_principal fast_princ;
42 hdb_entry_ex *fast_user = NULL;
43 Key *cookie_key = NULL;
44 krb5_error_code ret;
46 *crypto = NULL;
48 ret = krb5_make_principal(r->context, &fast_princ,
49 KRB5_WELLKNOWN_ORG_H5L_REALM,
50 KRB5_WELLKNOWN_NAME, "org.h5l.fast-cookie", NULL);
51 if (ret)
52 goto out;
54 ret = _kdc_db_fetch(r->context, r->config, fast_princ,
55 HDB_F_GET_CLIENT, NULL, NULL, &fast_user);
56 krb5_free_principal(r->context, fast_princ);
57 if (ret)
58 goto out;
60 if (enctype == KRB5_ENCTYPE_NULL)
61 ret = _kdc_get_preferred_key(r->context, r->config, fast_user,
62 "fast-cookie", &enctype, &cookie_key);
63 else
64 ret = hdb_enctype2key(r->context, &fast_user->entry, NULL,
65 enctype, &cookie_key);
66 if (ret)
67 goto out;
69 ret = krb5_crypto_init(r->context, &cookie_key->key, 0, crypto);
70 if (ret)
71 goto out;
73 out:
74 if (fast_user)
75 _kdc_free_ent(r->context, fast_user);
77 return ret;
81 static krb5_error_code
82 fast_parse_cookie(kdc_request_t r, const PA_DATA *pa)
84 krb5_crypto crypto = NULL;
85 krb5_error_code ret;
86 KDCFastCookie data;
87 krb5_data d1;
88 size_t len;
90 ret = decode_KDCFastCookie(pa->padata_value.data,
91 pa->padata_value.length,
92 &data, &len);
93 if (ret)
94 return ret;
96 if (len != pa->padata_value.length || strcmp("H5L1", data.version) != 0) {
97 free_KDCFastCookie(&data);
98 return KRB5KDC_ERR_POLICY;
101 ret = get_fastuser_crypto(r, data.cookie.etype, &crypto);
102 if (ret)
103 goto out;
105 ret = krb5_decrypt_EncryptedData(r->context, crypto,
106 KRB5_KU_H5L_COOKIE,
107 &data.cookie, &d1);
108 krb5_crypto_destroy(r->context, crypto);
109 if (ret)
110 goto out;
112 ret = decode_KDCFastState(d1.data, d1.length, &r->fast, &len);
113 krb5_data_free(&d1);
114 if (ret)
115 goto out;
117 if (r->fast.expiration < kdc_time) {
118 kdc_log(r->context, r->config, 0, "fast cookie expired");
119 ret = KRB5KDC_ERR_POLICY;
120 goto out;
123 out:
124 free_KDCFastCookie(&data);
126 return ret;
129 static krb5_error_code
130 fast_add_cookie(kdc_request_t r, METHOD_DATA *method_data)
132 krb5_crypto crypto = NULL;
133 KDCFastCookie shell;
134 krb5_error_code ret;
135 krb5_data data;
136 size_t size;
138 memset(&shell, 0, sizeof(shell));
140 r->fast.expiration = kdc_time + FAST_EXPIRATION_TIME;
142 ASN1_MALLOC_ENCODE(KDCFastState, data.data, data.length,
143 &r->fast, &size, ret);
144 if (ret)
145 return ret;
146 heim_assert(size == data.length, "internal asn1 encoder error");
148 ret = get_fastuser_crypto(r, KRB5_ENCTYPE_NULL, &crypto);
149 if (ret)
150 goto out;
152 ret = krb5_encrypt_EncryptedData(r->context, crypto,
153 KRB5_KU_H5L_COOKIE,
154 data.data, data.length, 0,
155 &shell.cookie);
156 krb5_crypto_destroy(r->context, crypto);
157 if (ret)
158 goto out;
160 free(data.data);
162 shell.version = "H5L1";
164 ASN1_MALLOC_ENCODE(KDCFastCookie, data.data, data.length,
165 &shell, &size, ret);
166 free_EncryptedData(&shell.cookie);
167 if (ret)
168 goto out;
169 heim_assert(size == data.length, "internal asn1 encoder error");
171 ret = krb5_padata_add(r->context, method_data,
172 KRB5_PADATA_FX_COOKIE,
173 data.data, data.length);
174 out:
175 if (ret)
176 free(data.data);
177 return ret;
180 krb5_error_code
181 _kdc_fast_mk_response(krb5_context context,
182 krb5_crypto armor_crypto,
183 METHOD_DATA *pa_data,
184 krb5_keyblock *strengthen_key,
185 KrbFastFinished *finished,
186 krb5uint32 nonce,
187 krb5_data *data)
189 PA_FX_FAST_REPLY fxfastrep;
190 KrbFastResponse fastrep;
191 krb5_error_code ret;
192 krb5_data buf;
193 size_t size;
195 memset(&fxfastrep, 0, sizeof(fxfastrep));
196 memset(&fastrep, 0, sizeof(fastrep));
197 krb5_data_zero(data);
199 if (pa_data) {
200 fastrep.padata.val = pa_data->val;
201 fastrep.padata.len = pa_data->len;
203 fastrep.strengthen_key = strengthen_key;
204 fastrep.finished = finished;
205 fastrep.nonce = nonce;
207 ASN1_MALLOC_ENCODE(KrbFastResponse, buf.data, buf.length,
208 &fastrep, &size, ret);
209 if (ret)
210 return ret;
211 if (buf.length != size)
212 krb5_abortx(context, "internal asn.1 error");
214 fxfastrep.element = choice_PA_FX_FAST_REPLY_armored_data;
216 ret = krb5_encrypt_EncryptedData(context,
217 armor_crypto,
218 KRB5_KU_FAST_REP,
219 buf.data,
220 buf.length,
222 &fxfastrep.u.armored_data.enc_fast_rep);
223 krb5_data_free(&buf);
224 if (ret)
225 return ret;
227 ASN1_MALLOC_ENCODE(PA_FX_FAST_REPLY, data->data, data->length,
228 &fxfastrep, &size, ret);
229 free_PA_FX_FAST_REPLY(&fxfastrep);
230 if (ret)
231 return ret;
232 if (data->length != size)
233 krb5_abortx(context, "internal asn.1 error");
235 return 0;
239 krb5_error_code
240 _kdc_fast_mk_error(krb5_context context,
241 kdc_request_t r,
242 METHOD_DATA *error_method,
243 krb5_crypto armor_crypto,
244 const KDC_REQ_BODY *req_body,
245 krb5_error_code outer_error,
246 const char *e_text,
247 krb5_principal error_server,
248 const PrincipalName *error_client_name,
249 const Realm *error_client_realm,
250 time_t *csec, int *cusec,
251 krb5_data *error_msg)
253 krb5_error_code ret;
254 krb5_data e_data;
255 size_t size;
257 krb5_data_zero(&e_data);
259 if (armor_crypto) {
260 PA_FX_FAST_REPLY fxfastrep;
261 KrbFastResponse fastrep;
263 memset(&fxfastrep, 0, sizeof(fxfastrep));
264 memset(&fastrep, 0, sizeof(fastrep));
266 /* first add the KRB-ERROR to the fast errors */
268 ret = krb5_mk_error_ext(context,
269 outer_error,
270 e_text,
271 NULL,
272 error_server,
273 error_client_name,
274 error_client_realm,
275 NULL,
276 NULL,
277 &e_data);
278 if (ret)
279 return ret;
281 ret = krb5_padata_add(context, error_method,
282 KRB5_PADATA_FX_ERROR,
283 e_data.data, e_data.length);
284 if (ret) {
285 krb5_data_free(&e_data);
286 return ret;
289 if (/* hide_principal */ 0) {
290 error_client_name = NULL;
291 error_client_realm = NULL;
292 error_server = NULL;
293 e_text = NULL;
296 if (r)
297 ret = fast_add_cookie(r, error_method);
298 else
299 ret = krb5_padata_add(context, error_method,
300 KRB5_PADATA_FX_COOKIE,
301 NULL, 0);
302 if (ret) {
303 kdc_log(r->context, r->config, 0, "failed to add fast cookie with: %d", ret);
304 free_METHOD_DATA(error_method);
305 return ret;
308 ret = _kdc_fast_mk_response(context, armor_crypto,
309 error_method, NULL, NULL,
310 req_body->nonce, &e_data);
311 free_METHOD_DATA(error_method);
312 if (ret)
313 return ret;
315 ret = krb5_padata_add(context, error_method,
316 KRB5_PADATA_FX_FAST,
317 e_data.data, e_data.length);
318 if (ret)
319 return ret;
322 if (error_method && error_method->len) {
323 ASN1_MALLOC_ENCODE(METHOD_DATA, e_data.data, e_data.length,
324 error_method, &size, ret);
325 if (ret)
326 return ret;
327 if (e_data.length != size)
328 krb5_abortx(context, "internal asn.1 error");
331 ret = krb5_mk_error_ext(context,
332 outer_error,
333 e_text,
334 (e_data.length ? &e_data : NULL),
335 error_server,
336 error_client_name,
337 error_client_realm,
338 csec,
339 cusec,
340 error_msg);
341 krb5_data_free(&e_data);
343 return ret;
346 krb5_error_code
347 _kdc_fast_unwrap_request(kdc_request_t r)
349 krb5_principal armor_server = NULL;
350 hdb_entry_ex *armor_user = NULL;
351 PA_FX_FAST_REQUEST fxreq;
352 krb5_auth_context ac = NULL;
353 krb5_ticket *ticket = NULL;
354 krb5_flags ap_req_options;
355 Key *armor_key = NULL;
356 krb5_keyblock armorkey;
357 krb5_error_code ret;
358 krb5_ap_req ap_req;
359 unsigned char *buf;
360 KrbFastReq fastreq;
361 size_t len, size;
362 krb5_data data;
363 const PA_DATA *pa;
364 int i = 0;
367 * First look for FX_COOKIE and and process it
369 pa = _kdc_find_padata(&r->req, &i, KRB5_PADATA_FX_COOKIE);
370 if (pa) {
371 ret = fast_parse_cookie(r, pa);
372 if (ret)
373 goto out;
376 i = 0;
377 pa = _kdc_find_padata(&r->req, &i, KRB5_PADATA_FX_FAST);
378 if (pa == NULL)
379 return 0;
381 ret = decode_PA_FX_FAST_REQUEST(pa->padata_value.data,
382 pa->padata_value.length,
383 &fxreq,
384 &len);
385 if (ret)
386 goto out;
387 if (len != pa->padata_value.length) {
388 ret = KRB5KDC_ERR_PREAUTH_FAILED;
389 goto out;
392 if (fxreq.element != choice_PA_FX_FAST_REQUEST_armored_data) {
393 kdc_log(r->context, r->config, 0,
394 "AS-REQ FAST contain unknown type: %d", (int)fxreq.element);
395 ret = KRB5KDC_ERR_PREAUTH_FAILED;
396 goto out;
399 /* pull out armor key */
400 if (fxreq.u.armored_data.armor == NULL) {
401 kdc_log(r->context, r->config, 0,
402 "AS-REQ armor missing");
403 ret = KRB5KDC_ERR_PREAUTH_FAILED;
404 goto out;
407 if (fxreq.u.armored_data.armor->armor_type != 1) {
408 kdc_log(r->context, r->config, 0,
409 "AS-REQ armor type not ap-req");
410 ret = KRB5KDC_ERR_PREAUTH_FAILED;
411 goto out;
414 ret = krb5_decode_ap_req(r->context,
415 &fxreq.u.armored_data.armor->armor_value,
416 &ap_req);
417 if(ret) {
418 kdc_log(r->context, r->config, 0, "AP-REQ decode failed");
419 goto out;
422 /* Save that principal that was in the request */
423 ret = _krb5_principalname2krb5_principal(r->context,
424 &armor_server,
425 ap_req.ticket.sname,
426 ap_req.ticket.realm);
427 if (ret) {
428 free_AP_REQ(&ap_req);
429 goto out;
432 ret = _kdc_db_fetch(r->context, r->config, armor_server,
433 HDB_F_GET_SERVER, NULL, NULL, &armor_user);
434 if(ret == HDB_ERR_NOT_FOUND_HERE) {
435 kdc_log(r->context, r->config, 5,
436 "armor key does not have secrets at this KDC, "
437 "need to proxy");
438 goto out;
439 } else if (ret) {
440 free_AP_REQ(&ap_req);
441 ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
442 goto out;
445 ret = hdb_enctype2key(r->context, &armor_user->entry, NULL,
446 ap_req.ticket.enc_part.etype,
447 &armor_key);
448 if (ret) {
449 free_AP_REQ(&ap_req);
450 goto out;
453 ret = krb5_verify_ap_req2(r->context, &ac,
454 &ap_req,
455 armor_server,
456 &armor_key->key,
458 &ap_req_options,
459 &ticket,
460 KRB5_KU_AP_REQ_AUTH);
461 free_AP_REQ(&ap_req);
462 if (ret)
463 goto out;
465 if (ac->remote_subkey == NULL) {
466 krb5_auth_con_free(r->context, ac);
467 kdc_log(r->context, r->config, 0,
468 "FAST AP-REQ remote subkey missing");
469 ret = KRB5KDC_ERR_PREAUTH_FAILED;
470 goto out;
473 ret = _krb5_fast_armor_key(r->context,
474 ac->remote_subkey,
475 &ticket->ticket.key,
476 &armorkey,
477 &r->armor_crypto);
478 krb5_auth_con_free(r->context, ac);
479 krb5_free_ticket(r->context, ticket);
480 if (ret)
481 goto out;
483 krb5_free_keyblock_contents(r->context, &armorkey);
485 /* verify req-checksum of the outer body */
487 ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, len, &r->req.req_body, &size, ret);
488 if (ret)
489 goto out;
490 if (size != len) {
491 ret = KRB5KDC_ERR_PREAUTH_FAILED;
492 goto out;
495 ret = krb5_verify_checksum(r->context, r->armor_crypto,
496 KRB5_KU_FAST_REQ_CHKSUM,
497 buf, len,
498 &fxreq.u.armored_data.req_checksum);
499 free(buf);
500 if (ret) {
501 kdc_log(r->context, r->config, 0,
502 "FAST request have a bad checksum");
503 goto out;
506 ret = krb5_decrypt_EncryptedData(r->context, r->armor_crypto,
507 KRB5_KU_FAST_ENC,
508 &fxreq.u.armored_data.enc_fast_req,
509 &data);
510 if (ret) {
511 kdc_log(r->context, r->config, 0,
512 "Failed to decrypt FAST request");
513 goto out;
516 ret = decode_KrbFastReq(data.data, data.length, &fastreq, &size);
517 if (ret) {
518 krb5_data_free(&data);
519 goto out;
521 if (data.length != size) {
522 krb5_data_free(&data);
523 ret = KRB5KDC_ERR_PREAUTH_FAILED;
524 goto out;
526 krb5_data_free(&data);
528 free_KDC_REQ_BODY(&r->req.req_body);
529 ret = copy_KDC_REQ_BODY(&fastreq.req_body, &r->req.req_body);
530 if (ret)
531 goto out;
533 /* check for unsupported mandatory options */
534 if (FastOptions2int(fastreq.fast_options) & 0xfffc) {
535 kdc_log(r->context, r->config, 0,
536 "FAST unsupported mandatory option set");
537 ret = KRB5KDC_ERR_PREAUTH_FAILED;
538 goto out;
541 /* KDC MUST ignore outer pa data preauth-14 - 6.5.5 */
542 if (r->req.padata)
543 free_METHOD_DATA(r->req.padata);
544 else
545 ALLOC(r->req.padata);
547 ret = copy_METHOD_DATA(&fastreq.padata, r->req.padata);
548 if (ret)
549 goto out;
551 free_KrbFastReq(&fastreq);
552 free_PA_FX_FAST_REQUEST(&fxreq);
554 out:
555 if (armor_server)
556 krb5_free_principal(r->context, armor_server);
557 if(armor_user)
558 _kdc_free_ent(r->context, armor_user);
560 return ret;