2 * Copyright (c) 1997-2011 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Portions Copyright (c) 2010 - 2011 Apple Inc. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 static krb5_error_code
39 get_fastuser_crypto(astgs_request_t r
, krb5_enctype enctype
,
42 krb5_principal fast_princ
;
43 hdb_entry_ex
*fast_user
= NULL
;
44 Key
*cookie_key
= NULL
;
49 ret
= krb5_make_principal(r
->context
, &fast_princ
,
50 KRB5_WELLKNOWN_ORG_H5L_REALM
,
51 KRB5_WELLKNOWN_NAME
, "org.h5l.fast-cookie", NULL
);
55 ret
= _kdc_db_fetch(r
->context
, r
->config
, fast_princ
,
56 HDB_F_GET_FAST_COOKIE
, NULL
, NULL
, &fast_user
);
57 krb5_free_principal(r
->context
, fast_princ
);
61 if (enctype
== KRB5_ENCTYPE_NULL
)
62 ret
= _kdc_get_preferred_key(r
->context
, r
->config
, fast_user
,
63 "fast-cookie", &enctype
, &cookie_key
);
65 ret
= hdb_enctype2key(r
->context
, &fast_user
->entry
, NULL
,
66 enctype
, &cookie_key
);
70 ret
= krb5_crypto_init(r
->context
, &cookie_key
->key
, 0, crypto
);
76 _kdc_free_ent(r
->context
, fast_user
);
82 static krb5_error_code
83 fast_parse_cookie(astgs_request_t r
, const PA_DATA
*pa
)
85 krb5_crypto crypto
= NULL
;
91 ret
= decode_KDCFastCookie(pa
->padata_value
.data
,
92 pa
->padata_value
.length
,
97 if (len
!= pa
->padata_value
.length
|| strcmp("H5L1", data
.version
) != 0) {
98 free_KDCFastCookie(&data
);
99 return KRB5KDC_ERR_POLICY
;
102 ret
= get_fastuser_crypto(r
, data
.cookie
.etype
, &crypto
);
106 ret
= krb5_decrypt_EncryptedData(r
->context
, crypto
,
109 krb5_crypto_destroy(r
->context
, crypto
);
113 ret
= decode_KDCFastState(d1
.data
, d1
.length
, &r
->fast
, &len
);
118 if (r
->fast
.expiration
< kdc_time
) {
119 kdc_log(r
->context
, r
->config
, 2, "fast cookie expired");
120 ret
= KRB5KDC_ERR_POLICY
;
125 free_KDCFastCookie(&data
);
130 static krb5_error_code
131 fast_add_cookie(astgs_request_t r
, METHOD_DATA
*method_data
)
133 krb5_crypto crypto
= NULL
;
139 memset(&shell
, 0, sizeof(shell
));
141 r
->fast
.expiration
= kdc_time
+ FAST_EXPIRATION_TIME
;
143 ASN1_MALLOC_ENCODE(KDCFastState
, data
.data
, data
.length
,
144 &r
->fast
, &size
, ret
);
147 heim_assert(size
== data
.length
, "internal asn1 encoder error");
149 ret
= get_fastuser_crypto(r
, KRB5_ENCTYPE_NULL
, &crypto
);
153 ret
= krb5_encrypt_EncryptedData(r
->context
, crypto
,
155 data
.data
, data
.length
, 0,
157 krb5_crypto_destroy(r
->context
, crypto
);
163 shell
.version
= "H5L1";
165 ASN1_MALLOC_ENCODE(KDCFastCookie
, data
.data
, data
.length
,
167 free_EncryptedData(&shell
.cookie
);
170 heim_assert(size
== data
.length
, "internal asn1 encoder error");
172 ret
= krb5_padata_add(r
->context
, method_data
,
173 KRB5_PADATA_FX_COOKIE
,
174 data
.data
, data
.length
);
182 _kdc_fast_mk_response(krb5_context context
,
183 krb5_crypto armor_crypto
,
184 METHOD_DATA
*pa_data
,
185 krb5_keyblock
*strengthen_key
,
186 KrbFastFinished
*finished
,
190 PA_FX_FAST_REPLY fxfastrep
;
191 KrbFastResponse fastrep
;
196 memset(&fxfastrep
, 0, sizeof(fxfastrep
));
197 memset(&fastrep
, 0, sizeof(fastrep
));
198 krb5_data_zero(data
);
201 fastrep
.padata
.val
= pa_data
->val
;
202 fastrep
.padata
.len
= pa_data
->len
;
204 fastrep
.strengthen_key
= strengthen_key
;
205 fastrep
.finished
= finished
;
206 fastrep
.nonce
= nonce
;
208 ASN1_MALLOC_ENCODE(KrbFastResponse
, buf
.data
, buf
.length
,
209 &fastrep
, &size
, ret
);
212 if (buf
.length
!= size
)
213 krb5_abortx(context
, "internal asn.1 error");
215 fxfastrep
.element
= choice_PA_FX_FAST_REPLY_armored_data
;
217 ret
= krb5_encrypt_EncryptedData(context
,
223 &fxfastrep
.u
.armored_data
.enc_fast_rep
);
224 krb5_data_free(&buf
);
228 ASN1_MALLOC_ENCODE(PA_FX_FAST_REPLY
, data
->data
, data
->length
,
229 &fxfastrep
, &size
, ret
);
230 free_PA_FX_FAST_REPLY(&fxfastrep
);
233 if (data
->length
!= size
)
234 krb5_abortx(context
, "internal asn.1 error");
241 _kdc_fast_mk_error(astgs_request_t r
,
242 METHOD_DATA
*error_method
,
243 krb5_crypto armor_crypto
,
244 const KDC_REQ_BODY
*req_body
,
245 krb5_error_code outer_error
,
247 krb5_principal error_server
,
248 const PrincipalName
*error_client_name
,
249 const Realm
*error_client_realm
,
250 time_t *csec
, int *cusec
,
251 krb5_data
*error_msg
)
253 krb5_context context
= r
->context
;
258 krb5_data_zero(&e_data
);
261 PA_FX_FAST_REPLY fxfastrep
;
262 KrbFastResponse fastrep
;
264 memset(&fxfastrep
, 0, sizeof(fxfastrep
));
265 memset(&fastrep
, 0, sizeof(fastrep
));
267 /* first add the KRB-ERROR to the fast errors */
269 ret
= krb5_mk_error_ext(context
,
282 ret
= krb5_padata_add(context
, error_method
,
283 KRB5_PADATA_FX_ERROR
,
284 e_data
.data
, e_data
.length
);
286 krb5_data_free(&e_data
);
290 error_client_name
= NULL
;
291 error_client_realm
= NULL
;
296 ret
= fast_add_cookie(r
, error_method
);
298 ret
= krb5_padata_add(context
, error_method
,
299 KRB5_PADATA_FX_COOKIE
,
302 kdc_log(r
->context
, r
->config
, 1, "failed to add fast cookie with: %d", ret
);
303 free_METHOD_DATA(error_method
);
307 ret
= _kdc_fast_mk_response(context
, armor_crypto
,
308 error_method
, NULL
, NULL
,
309 req_body
->nonce
, &e_data
);
310 free_METHOD_DATA(error_method
);
314 ret
= krb5_padata_add(context
, error_method
,
316 e_data
.data
, e_data
.length
);
321 if (error_method
&& error_method
->len
) {
322 ASN1_MALLOC_ENCODE(METHOD_DATA
, e_data
.data
, e_data
.length
,
323 error_method
, &size
, ret
);
326 if (e_data
.length
!= size
)
327 krb5_abortx(context
, "internal asn.1 error");
330 ret
= krb5_mk_error_ext(context
,
333 (e_data
.length
? &e_data
: NULL
),
340 krb5_data_free(&e_data
);
346 _kdc_fast_unwrap_request(astgs_request_t r
)
348 krb5_principal armor_server
= NULL
;
349 hdb_entry_ex
*armor_user
= NULL
;
350 PA_FX_FAST_REQUEST fxreq
;
351 krb5_auth_context ac
= NULL
;
352 krb5_ticket
*ticket
= NULL
;
353 krb5_flags ap_req_options
;
354 Key
*armor_key
= NULL
;
355 krb5_keyblock armorkey
;
358 unsigned char *buf
= NULL
;
366 * First look for FX_COOKIE and and process it
368 pa
= _kdc_find_padata(&r
->req
, &i
, KRB5_PADATA_FX_COOKIE
);
370 ret
= fast_parse_cookie(r
, pa
);
376 pa
= _kdc_find_padata(&r
->req
, &i
, KRB5_PADATA_FX_FAST
);
380 ret
= decode_PA_FX_FAST_REQUEST(pa
->padata_value
.data
,
381 pa
->padata_value
.length
,
386 if (len
!= pa
->padata_value
.length
) {
387 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
391 if (fxreq
.element
!= choice_PA_FX_FAST_REQUEST_armored_data
) {
392 kdc_log(r
->context
, r
->config
, 2,
393 "AS-REQ FAST contain unknown type: %d", (int)fxreq
.element
);
394 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
398 /* pull out armor key */
399 if (fxreq
.u
.armored_data
.armor
== NULL
) {
400 kdc_log(r
->context
, r
->config
, 2,
401 "AS-REQ armor missing");
402 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
406 if (fxreq
.u
.armored_data
.armor
->armor_type
!= 1) {
407 kdc_log(r
->context
, r
->config
, 2,
408 "AS-REQ armor type not ap-req");
409 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
413 ret
= krb5_decode_ap_req(r
->context
,
414 &fxreq
.u
.armored_data
.armor
->armor_value
,
417 kdc_log(r
->context
, r
->config
, 2, "AP-REQ decode failed");
421 /* Save that principal that was in the request */
422 ret
= _krb5_principalname2krb5_principal(r
->context
,
425 ap_req
.ticket
.realm
);
427 free_AP_REQ(&ap_req
);
431 ret
= _kdc_db_fetch(r
->context
, r
->config
, armor_server
,
433 | HDB_F_DELAY_NEW_KEYS
,
434 NULL
, NULL
, &armor_user
);
435 if(ret
== HDB_ERR_NOT_FOUND_HERE
) {
436 kdc_log(r
->context
, r
->config
, 5,
437 "armor key does not have secrets at this KDC, "
439 free_AP_REQ(&ap_req
);
442 free_AP_REQ(&ap_req
);
443 ret
= KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
;
447 ret
= hdb_enctype2key(r
->context
, &armor_user
->entry
, NULL
,
448 ap_req
.ticket
.enc_part
.etype
,
451 free_AP_REQ(&ap_req
);
455 ret
= krb5_verify_ap_req2(r
->context
, &ac
,
462 KRB5_KU_AP_REQ_AUTH
);
463 free_AP_REQ(&ap_req
);
467 if (ac
->remote_subkey
== NULL
) {
468 krb5_auth_con_free(r
->context
, ac
);
469 kdc_log(r
->context
, r
->config
, 2,
470 "FAST AP-REQ remote subkey missing");
471 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
475 ret
= _krb5_fast_armor_key(r
->context
,
480 krb5_auth_con_free(r
->context
, ac
);
481 krb5_free_ticket(r
->context
, ticket
);
485 krb5_free_keyblock_contents(r
->context
, &armorkey
);
487 /* verify req-checksum of the outer body */
489 ASN1_MALLOC_ENCODE(KDC_REQ_BODY
, buf
, len
, &r
->req
.req_body
, &size
, ret
);
493 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
497 ret
= krb5_verify_checksum(r
->context
, r
->armor_crypto
,
498 KRB5_KU_FAST_REQ_CHKSUM
,
500 &fxreq
.u
.armored_data
.req_checksum
);
502 kdc_log(r
->context
, r
->config
, 2,
503 "FAST request have a bad checksum");
507 ret
= krb5_decrypt_EncryptedData(r
->context
, r
->armor_crypto
,
509 &fxreq
.u
.armored_data
.enc_fast_req
,
512 kdc_log(r
->context
, r
->config
, 2,
513 "Failed to decrypt FAST request");
517 ret
= decode_KrbFastReq(data
.data
, data
.length
, &fastreq
, &size
);
519 krb5_data_free(&data
);
522 if (data
.length
!= size
) {
523 krb5_data_free(&data
);
524 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
527 krb5_data_free(&data
);
529 free_KDC_REQ_BODY(&r
->req
.req_body
);
530 ret
= copy_KDC_REQ_BODY(&fastreq
.req_body
, &r
->req
.req_body
);
534 /* check for unsupported mandatory options */
535 if (FastOptions2int(fastreq
.fast_options
) & 0xfffc) {
536 kdc_log(r
->context
, r
->config
, 2,
537 "FAST unsupported mandatory option set");
538 ret
= KRB5KDC_ERR_PREAUTH_FAILED
;
542 /* KDC MUST ignore outer pa data preauth-14 - 6.5.5 */
544 free_METHOD_DATA(r
->req
.padata
);
546 ALLOC(r
->req
.padata
);
548 ret
= copy_METHOD_DATA(&fastreq
.padata
, r
->req
.padata
);
552 free_KrbFastReq(&fastreq
);
553 free_PA_FX_FAST_REQUEST(&fxreq
);
557 krb5_free_principal(r
->context
, armor_server
);
559 _kdc_free_ent(r
->context
, armor_user
);
566 _kdc_free_fast_state(KDCFastState
*state
)
570 for (i
= 0; i
< state
->fast_state
.len
; i
++) {
571 PA_DATA
*pa
= &state
->fast_state
.val
[i
];
573 if (pa
->padata_value
.data
)
574 memset_s(pa
->padata_value
.data
, 0,
575 pa
->padata_value
.length
, pa
->padata_value
.length
);
577 free_KDCFastState(state
);