search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Allow KDC to always return the salt in the PA-ETYPE-INFO[2]
[heimdal.git] / kdc / fast.c
blobaf232f88eb427116c455fb2304cdf72f6bb3099c
1 /*
2 * Copyright (c) 1997-2011 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2010 - 2011 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "kdc_locl.h"
37
38 static krb5_error_code
39 get_fastuser_crypto(astgs_request_t r, krb5_enctype enctype,
40 krb5_crypto *crypto)
41 {
42 krb5_principal fast_princ;
43 hdb_entry_ex *fast_user = NULL;
44 Key *cookie_key = NULL;
45 krb5_error_code ret;
46
47 *crypto = NULL;
48
49 ret = krb5_make_principal(r->context, &fast_princ,
50 KRB5_WELLKNOWN_ORG_H5L_REALM,
51 KRB5_WELLKNOWN_NAME, "org.h5l.fast-cookie", NULL);
52 if (ret)
53 goto out;
54
55 ret = _kdc_db_fetch(r->context, r->config, fast_princ,
56 HDB_F_GET_FAST_COOKIE, NULL, NULL, &fast_user);
57 krb5_free_principal(r->context, fast_princ);
58 if (ret)
59 goto out;
60
61 if (enctype == KRB5_ENCTYPE_NULL)
62 ret = _kdc_get_preferred_key(r->context, r->config, fast_user,
63 "fast-cookie", &enctype, &cookie_key);
64 else
65 ret = hdb_enctype2key(r->context, &fast_user->entry, NULL,
66 enctype, &cookie_key);
67 if (ret)
68 goto out;
69
70 ret = krb5_crypto_init(r->context, &cookie_key->key, 0, crypto);
71 if (ret)
72 goto out;
73
74 out:
75 if (fast_user)
76 _kdc_free_ent(r->context, fast_user);
77
78 return ret;
79 }
80
81
82 static krb5_error_code
83 fast_parse_cookie(astgs_request_t r, const PA_DATA *pa)
84 {
85 krb5_crypto crypto = NULL;
86 krb5_error_code ret;
87 KDCFastCookie data;
88 krb5_data d1;
89 size_t len;
90
91 ret = decode_KDCFastCookie(pa->padata_value.data,
92 pa->padata_value.length,
93 &data, &len);
94 if (ret)
95 return ret;
96
97 if (len != pa->padata_value.length || strcmp("H5L1", data.version) != 0) {
98 free_KDCFastCookie(&data);
99 return KRB5KDC_ERR_POLICY;
100 }
101
102 ret = get_fastuser_crypto(r, data.cookie.etype, &crypto);
103 if (ret)
104 goto out;
105
106 ret = krb5_decrypt_EncryptedData(r->context, crypto,
107 KRB5_KU_H5L_COOKIE,
108 &data.cookie, &d1);
109 krb5_crypto_destroy(r->context, crypto);
110 if (ret)
111 goto out;
112
113 ret = decode_KDCFastState(d1.data, d1.length, &r->fast, &len);
114 krb5_data_free(&d1);
115 if (ret)
116 goto out;
117
118 if (r->fast.expiration < kdc_time) {
119 kdc_log(r->context, r->config, 2, "fast cookie expired");
120 ret = KRB5KDC_ERR_POLICY;
121 goto out;
122 }
123
124 out:
125 free_KDCFastCookie(&data);
126
127 return ret;
128 }
129
130 static krb5_error_code
131 fast_add_cookie(astgs_request_t r, METHOD_DATA *method_data)
132 {
133 krb5_crypto crypto = NULL;
134 KDCFastCookie shell;
135 krb5_error_code ret;
136 krb5_data data;
137 size_t size;
138
139 memset(&shell, 0, sizeof(shell));
140
141 r->fast.expiration = kdc_time + FAST_EXPIRATION_TIME;
142
143 ASN1_MALLOC_ENCODE(KDCFastState, data.data, data.length,
144 &r->fast, &size, ret);
145 if (ret)
146 return ret;
147 heim_assert(size == data.length, "internal asn1 encoder error");
148
149 ret = get_fastuser_crypto(r, KRB5_ENCTYPE_NULL, &crypto);
150 if (ret)
151 goto out;
152
153 ret = krb5_encrypt_EncryptedData(r->context, crypto,
154 KRB5_KU_H5L_COOKIE,
155 data.data, data.length, 0,
156 &shell.cookie);
157 krb5_crypto_destroy(r->context, crypto);
158 if (ret)
159 goto out;
160
161 free(data.data);
162
163 shell.version = "H5L1";
164
165 ASN1_MALLOC_ENCODE(KDCFastCookie, data.data, data.length,
166 &shell, &size, ret);
167 free_EncryptedData(&shell.cookie);
168 if (ret)
169 goto out;
170 heim_assert(size == data.length, "internal asn1 encoder error");
171
172 ret = krb5_padata_add(r->context, method_data,
173 KRB5_PADATA_FX_COOKIE,
174 data.data, data.length);
175 out:
176 if (ret)
177 free(data.data);
178 return ret;
179 }
180
181 krb5_error_code
182 _kdc_fast_mk_response(krb5_context context,
183 krb5_crypto armor_crypto,
184 METHOD_DATA *pa_data,
185 krb5_keyblock *strengthen_key,
186 KrbFastFinished *finished,
187 krb5uint32 nonce,
188 krb5_data *data)
189 {
190 PA_FX_FAST_REPLY fxfastrep;
191 KrbFastResponse fastrep;
192 krb5_error_code ret;
193 krb5_data buf;
194 size_t size;
195
196 memset(&fxfastrep, 0, sizeof(fxfastrep));
197 memset(&fastrep, 0, sizeof(fastrep));
198 krb5_data_zero(data);
199
200 if (pa_data) {
201 fastrep.padata.val = pa_data->val;
202 fastrep.padata.len = pa_data->len;
203 }
204 fastrep.strengthen_key = strengthen_key;
205 fastrep.finished = finished;
206 fastrep.nonce = nonce;
207
208 ASN1_MALLOC_ENCODE(KrbFastResponse, buf.data, buf.length,
209 &fastrep, &size, ret);
210 if (ret)
211 return ret;
212 if (buf.length != size)
213 krb5_abortx(context, "internal asn.1 error");
214
215 fxfastrep.element = choice_PA_FX_FAST_REPLY_armored_data;
216
217 ret = krb5_encrypt_EncryptedData(context,
218 armor_crypto,
219 KRB5_KU_FAST_REP,
220 buf.data,
221 buf.length,
222 0,
223 &fxfastrep.u.armored_data.enc_fast_rep);
224 krb5_data_free(&buf);
225 if (ret)
226 return ret;
227
228 ASN1_MALLOC_ENCODE(PA_FX_FAST_REPLY, data->data, data->length,
229 &fxfastrep, &size, ret);
230 free_PA_FX_FAST_REPLY(&fxfastrep);
231 if (ret)
232 return ret;
233 if (data->length != size)
234 krb5_abortx(context, "internal asn.1 error");
235
236 return 0;
237 }
238
239
240 krb5_error_code
241 _kdc_fast_mk_error(astgs_request_t r,
242 METHOD_DATA *error_method,
243 krb5_crypto armor_crypto,
244 const KDC_REQ_BODY *req_body,
245 krb5_error_code outer_error,
246 const char *e_text,
247 krb5_principal error_server,
248 const PrincipalName *error_client_name,
249 const Realm *error_client_realm,
250 time_t *csec, int *cusec,
251 krb5_data *error_msg)
252 {
253 krb5_context context = r->context;
254 krb5_error_code ret;
255 krb5_data e_data;
256 size_t size;
257
258 krb5_data_zero(&e_data);
259
260 if (armor_crypto) {
261 PA_FX_FAST_REPLY fxfastrep;
262 KrbFastResponse fastrep;
263
264 memset(&fxfastrep, 0, sizeof(fxfastrep));
265 memset(&fastrep, 0, sizeof(fastrep));
266
267 /* first add the KRB-ERROR to the fast errors */
268
269 ret = krb5_mk_error_ext(context,
270 outer_error,
271 e_text,
272 NULL,
273 error_server,
274 error_client_name,
275 error_client_realm,
276 NULL,
277 NULL,
278 &e_data);
279 if (ret)
280 return ret;
281
282 ret = krb5_padata_add(context, error_method,
283 KRB5_PADATA_FX_ERROR,
284 e_data.data, e_data.length);
285 if (ret) {
286 krb5_data_free(&e_data);
287 return ret;
288 }
289
290 error_client_name = NULL;
291 error_client_realm = NULL;
292 error_server = NULL;
293 e_text = NULL;
294
295 if (r)
296 ret = fast_add_cookie(r, error_method);
297 else
298 ret = krb5_padata_add(context, error_method,
299 KRB5_PADATA_FX_COOKIE,
300 NULL, 0);
301 if (ret) {
302 kdc_log(r->context, r->config, 1, "failed to add fast cookie with: %d", ret);
303 free_METHOD_DATA(error_method);
304 return ret;
305 }
306
307 ret = _kdc_fast_mk_response(context, armor_crypto,
308 error_method, NULL, NULL,
309 req_body->nonce, &e_data);
310 free_METHOD_DATA(error_method);
311 if (ret)
312 return ret;
313
314 ret = krb5_padata_add(context, error_method,
315 KRB5_PADATA_FX_FAST,
316 e_data.data, e_data.length);
317 if (ret)
318 return ret;
319 }
320
321 if (error_method && error_method->len) {
322 ASN1_MALLOC_ENCODE(METHOD_DATA, e_data.data, e_data.length,
323 error_method, &size, ret);
324 if (ret)
325 return ret;
326 if (e_data.length != size)
327 krb5_abortx(context, "internal asn.1 error");
328 }
329
330 ret = krb5_mk_error_ext(context,
331 outer_error,
332 e_text,
333 (e_data.length ? &e_data : NULL),
334 error_server,
335 error_client_name,
336 error_client_realm,
337 csec,
338 cusec,
339 error_msg);
340 krb5_data_free(&e_data);
341
342 return ret;
343 }
344
345 krb5_error_code
346 _kdc_fast_unwrap_request(astgs_request_t r)
347 {
348 krb5_principal armor_server = NULL;
349 hdb_entry_ex *armor_user = NULL;
350 PA_FX_FAST_REQUEST fxreq;
351 krb5_auth_context ac = NULL;
352 krb5_ticket *ticket = NULL;
353 krb5_flags ap_req_options;
354 Key *armor_key = NULL;
355 krb5_keyblock armorkey;
356 krb5_error_code ret;
357 krb5_ap_req ap_req;
358 unsigned char *buf = NULL;
359 KrbFastReq fastreq;
360 size_t len, size;
361 krb5_data data;
362 const PA_DATA *pa;
363 int i = 0;
364
365 /*
366 * First look for FX_COOKIE and and process it
367 */
368 pa = _kdc_find_padata(&r->req, &i, KRB5_PADATA_FX_COOKIE);
369 if (pa) {
370 ret = fast_parse_cookie(r, pa);
371 if (ret)
372 goto out;
373 }
374
375 i = 0;
376 pa = _kdc_find_padata(&r->req, &i, KRB5_PADATA_FX_FAST);
377 if (pa == NULL)
378 return 0;
379
380 ret = decode_PA_FX_FAST_REQUEST(pa->padata_value.data,
381 pa->padata_value.length,
382 &fxreq,
383 &len);
384 if (ret)
385 goto out;
386 if (len != pa->padata_value.length) {
387 ret = KRB5KDC_ERR_PREAUTH_FAILED;
388 goto out;
389 }
390
391 if (fxreq.element != choice_PA_FX_FAST_REQUEST_armored_data) {
392 kdc_log(r->context, r->config, 2,
393 "AS-REQ FAST contain unknown type: %d", (int)fxreq.element);
394 ret = KRB5KDC_ERR_PREAUTH_FAILED;
395 goto out;
396 }
397
398 /* pull out armor key */
399 if (fxreq.u.armored_data.armor == NULL) {
400 kdc_log(r->context, r->config, 2,
401 "AS-REQ armor missing");
402 ret = KRB5KDC_ERR_PREAUTH_FAILED;
403 goto out;
404 }
405
406 if (fxreq.u.armored_data.armor->armor_type != 1) {
407 kdc_log(r->context, r->config, 2,
408 "AS-REQ armor type not ap-req");
409 ret = KRB5KDC_ERR_PREAUTH_FAILED;
410 goto out;
411 }
412
413 ret = krb5_decode_ap_req(r->context,
414 &fxreq.u.armored_data.armor->armor_value,
415 &ap_req);
416 if(ret) {
417 kdc_log(r->context, r->config, 2, "AP-REQ decode failed");
418 goto out;
419 }
420
421 /* Save that principal that was in the request */
422 ret = _krb5_principalname2krb5_principal(r->context,
423 &armor_server,
424 ap_req.ticket.sname,
425 ap_req.ticket.realm);
426 if (ret) {
427 free_AP_REQ(&ap_req);
428 goto out;
429 }
430
431 ret = _kdc_db_fetch(r->context, r->config, armor_server,
432 HDB_F_GET_KRBTGT
433 | HDB_F_DELAY_NEW_KEYS,
434 NULL, NULL, &armor_user);
435 if(ret == HDB_ERR_NOT_FOUND_HERE) {
436 kdc_log(r->context, r->config, 5,
437 "armor key does not have secrets at this KDC, "
438 "need to proxy");
439 free_AP_REQ(&ap_req);
440 goto out;
441 } else if (ret) {
442 free_AP_REQ(&ap_req);
443 ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
444 goto out;
445 }
446
447 ret = hdb_enctype2key(r->context, &armor_user->entry, NULL,
448 ap_req.ticket.enc_part.etype,
449 &armor_key);
450 if (ret) {
451 free_AP_REQ(&ap_req);
452 goto out;
453 }
454
455 ret = krb5_verify_ap_req2(r->context, &ac,
456 &ap_req,
457 armor_server,
458 &armor_key->key,
459 0,
460 &ap_req_options,
461 &ticket,
462 KRB5_KU_AP_REQ_AUTH);
463 free_AP_REQ(&ap_req);
464 if (ret)
465 goto out;
466
467 if (ac->remote_subkey == NULL) {
468 krb5_auth_con_free(r->context, ac);
469 kdc_log(r->context, r->config, 2,
470 "FAST AP-REQ remote subkey missing");
471 ret = KRB5KDC_ERR_PREAUTH_FAILED;
472 goto out;
473 }
474
475 ret = _krb5_fast_armor_key(r->context,
476 ac->remote_subkey,
477 &ticket->ticket.key,
478 &armorkey,
479 &r->armor_crypto);
480 krb5_auth_con_free(r->context, ac);
481 krb5_free_ticket(r->context, ticket);
482 if (ret)
483 goto out;
484
485 krb5_free_keyblock_contents(r->context, &armorkey);
486
487 /* verify req-checksum of the outer body */
488
489 ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, len, &r->req.req_body, &size, ret);
490 if (ret)
491 goto out;
492 if (size != len) {
493 ret = KRB5KDC_ERR_PREAUTH_FAILED;
494 goto out;
495 }
496
497 ret = krb5_verify_checksum(r->context, r->armor_crypto,
498 KRB5_KU_FAST_REQ_CHKSUM,
499 buf, len,
500 &fxreq.u.armored_data.req_checksum);
501 if (ret) {
502 kdc_log(r->context, r->config, 2,
503 "FAST request have a bad checksum");
504 goto out;
505 }
506
507 ret = krb5_decrypt_EncryptedData(r->context, r->armor_crypto,
508 KRB5_KU_FAST_ENC,
509 &fxreq.u.armored_data.enc_fast_req,
510 &data);
511 if (ret) {
512 kdc_log(r->context, r->config, 2,
513 "Failed to decrypt FAST request");
514 goto out;
515 }
516
517 ret = decode_KrbFastReq(data.data, data.length, &fastreq, &size);
518 if (ret) {
519 krb5_data_free(&data);
520 goto out;
521 }
522 if (data.length != size) {
523 krb5_data_free(&data);
524 ret = KRB5KDC_ERR_PREAUTH_FAILED;
525 goto out;
526 }
527 krb5_data_free(&data);
528
529 free_KDC_REQ_BODY(&r->req.req_body);
530 ret = copy_KDC_REQ_BODY(&fastreq.req_body, &r->req.req_body);
531 if (ret)
532 goto out;
533
534 /* check for unsupported mandatory options */
535 if (FastOptions2int(fastreq.fast_options) & 0xfffc) {
536 kdc_log(r->context, r->config, 2,
537 "FAST unsupported mandatory option set");
538 ret = KRB5KDC_ERR_PREAUTH_FAILED;
539 goto out;
540 }
541
542 /* KDC MUST ignore outer pa data preauth-14 - 6.5.5 */
543 if (r->req.padata)
544 free_METHOD_DATA(r->req.padata);
545 else
546 ALLOC(r->req.padata);
547
548 ret = copy_METHOD_DATA(&fastreq.padata, r->req.padata);
549 if (ret)
550 goto out;
551
552 free_KrbFastReq(&fastreq);
553 free_PA_FX_FAST_REQUEST(&fxreq);
554
555 out:
556 if (armor_server)
557 krb5_free_principal(r->context, armor_server);
558 if(armor_user)
559 _kdc_free_ent(r->context, armor_user);
560 free(buf);
561
562 return ret;
563 }
564
565 void
566 _kdc_free_fast_state(KDCFastState *state)
567 {
568 size_t i;
569
570 for (i = 0; i < state->fast_state.len; i++) {
571 PA_DATA *pa = &state->fast_state.val[i];
572
573 if (pa->padata_value.data)
574 memset_s(pa->padata_value.data, 0,
575 pa->padata_value.length, pa->padata_value.length);
576 }
577 free_KDCFastState(state);
578 }
Heimdal