search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Allow KDC to always return the salt in the PA-ETYPE-INFO[2]
[heimdal.git] / kdc / kerberos5.c
blobb1e65e2ea5d2b5a2475059b048b79798933e482c
1 /*
2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kdc_locl.h"
35
36 #define MAX_TIME ((time_t)((1U << 31) - 1))
37
38 #undef __attribute__
39 #define __attribute__(X)
40
41 void
42 _kdc_fix_time(time_t **t)
43 {
44 if(*t == NULL){
45 ALLOC(*t);
46 **t = MAX_TIME;
47 }
48 if(**t == 0) **t = MAX_TIME; /* fix for old clients */
49 }
50
51 static int
52 realloc_method_data(METHOD_DATA *md)
53 {
54 PA_DATA *pa;
55 pa = realloc(md->val, (md->len + 1) * sizeof(*md->val));
56 if(pa == NULL)
57 return ENOMEM;
58 md->val = pa;
59 md->len++;
60 return 0;
61 }
62
63 static void
64 set_salt_padata(METHOD_DATA *md, Salt *salt)
65 {
66 if (salt) {
67 realloc_method_data(md);
68 md->val[md->len - 1].padata_type = salt->type;
69 der_copy_octet_string(&salt->salt,
70 &md->val[md->len - 1].padata_value);
71 }
72 }
73
74 const PA_DATA*
75 _kdc_find_padata(const KDC_REQ *req, int *start, int type)
76 {
77 if (req->padata == NULL)
78 return NULL;
79
80 while((size_t)*start < req->padata->len){
81 (*start)++;
82 if(req->padata->val[*start - 1].padata_type == (unsigned)type)
83 return &req->padata->val[*start - 1];
84 }
85 return NULL;
86 }
87
88 /*
89 * This is a hack to allow predefined weak services, like afs to
90 * still use weak types
91 */
92
93 krb5_boolean
94 _kdc_is_weak_exception(krb5_principal principal, krb5_enctype etype)
95 {
96 if (principal->name.name_string.len > 0 &&
97 strcmp(principal->name.name_string.val[0], "afs") == 0 &&
98 (etype == (krb5_enctype)ETYPE_DES_CBC_CRC
99 || etype == (krb5_enctype)ETYPE_DES_CBC_MD4
100 || etype == (krb5_enctype)ETYPE_DES_CBC_MD5))
101 return TRUE;
102 return FALSE;
103 }
104
105
106 /*
107 * Detect if `key' is the using the the precomputed `default_salt'.
108 */
109
110 static krb5_boolean
111 is_default_salt_p(const krb5_salt *default_salt, const Key *key)
112 {
113 if (key->salt == NULL)
114 return TRUE;
115 if (default_salt->salttype != key->salt->type)
116 return FALSE;
117 if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
118 return FALSE;
119 return TRUE;
120 }
121
122
123 krb5_boolean
124 _kdc_is_anon_request(const KDC_REQ *req)
125 {
126 const KDC_REQ_BODY *b = &req->req_body;
127
128 /*
129 * Versions of Heimdal from 0.9rc1 through 1.50 use bit 14 instead
130 * of 16 for request_anonymous, as indicated in the anonymous draft
131 * prior to version 11. Bit 14 is assigned to S4U2Proxy, but S4U2Proxy
132 * requests are only sent to the TGS and, in any case, would have an
133 * additional ticket present.
134 */
135 return b->kdc_options.request_anonymous ||
136 (b->kdc_options.cname_in_addl_tkt && !b->additional_tickets);
137 }
138
139 /*
140 * return the first appropriate key of `princ' in `ret_key'. Look for
141 * all the etypes in (`etypes', `len'), stopping as soon as we find
142 * one, but preferring one that has default salt.
143 *
144 * XXX This function does way way too much. Split it up!
145 *
146 * XXX `etypes' and `len' are always `b->etype.val' and `b->etype.len' -- the
147 * etype list from the KDC-REQ-BODY, which is available here as
148 * `r->req->req_body', so we could just stop having it passed in.
149 *
150 * XXX Picking an enctype(s) for PA-ETYPE-INFO* is rather different than
151 * picking an enctype for a ticket's session key. The former is what we do
152 * here when `(flags & KFE_IS_PREAUTH)', the latter otherwise.
153 */
154
155 krb5_error_code
156 _kdc_find_etype(astgs_request_t r, uint32_t flags,
157 krb5_enctype *etypes, unsigned len,
158 krb5_enctype *ret_enctype, Key **ret_key,
159 krb5_boolean *ret_default_salt)
160 {
161 krb5_context context = r->context;
162 krb5_boolean use_strongest_session_key;
163 krb5_boolean is_preauth = flags & KFE_IS_PREAUTH;
164 krb5_boolean is_tgs = flags & KFE_IS_TGS;
165 hdb_entry_ex *princ;
166 krb5_principal request_princ;
167 krb5_error_code ret;
168 krb5_salt def_salt;
169 krb5_enctype enctype = (krb5_enctype)ETYPE_NULL;
170 const krb5_enctype *p;
171 Key *key = NULL;
172 size_t i, k, m;
173
174 if (is_preauth && (flags & KFE_USE_CLIENT) &&
175 r->client->entry.flags.synthetic)
176 return KRB5KDC_ERR_ETYPE_NOSUPP;
177
178 if ((flags & KFE_USE_CLIENT) && !r->client->entry.flags.synthetic) {
179 princ = r->client;
180 request_princ = r->client_princ;
181 } else {
182 princ = r->server;
183 request_princ = r->server->entry.principal;
184 }
185
186 use_strongest_session_key =
187 is_preauth ? r->config->preauth_use_strongest_session_key
188 : (is_tgs ? r->config->tgt_use_strongest_session_key :
189 r->config->svc_use_strongest_session_key);
190
191 /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
192 ret = krb5_get_pw_salt(context, request_princ, &def_salt);
193 if (ret)
194 return ret;
195
196 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
197
198 /*
199 * Pick an enctype that is in the intersection of:
200 *
201 * - permitted_enctypes (local policy)
202 * - requested enctypes (KDC-REQ-BODY's etype list)
203 * - the client's long-term keys' enctypes
204 * OR
205 * the server's configured etype list
206 *
207 * There are two sub-cases:
208 *
209 * - use local enctype preference (local policy)
210 * - use the client's preference list
211 */
212
213 if (use_strongest_session_key) {
214 /*
215 * Pick the strongest key that the KDC, target service, and
216 * client all support, using the local cryptosystem enctype
217 * list in strongest-to-weakest order to drive the search.
218 *
219 * This is not what RFC4120 says to do, but it encourages
220 * adoption of stronger enctypes. This doesn't play well with
221 * clients that have multiple Kerberos client implementations
222 * with different supported enctype lists sharing the same ccache.
223 */
224
225 /* drive the search with local supported enctypes list */
226 p = krb5_kerberos_enctypes(context);
227 for (i = 0;
228 p[i] != (krb5_enctype)ETYPE_NULL && enctype == (krb5_enctype)ETYPE_NULL;
229 i++) {
230 if (krb5_enctype_valid(context, p[i]) != 0 &&
231 !_kdc_is_weak_exception(princ->entry.principal, p[i]))
232 continue;
233
234 /* check that the client supports it too */
235 for (k = 0; k < len && enctype == (krb5_enctype)ETYPE_NULL; k++) {
236
237 if (p[i] != etypes[k])
238 continue;
239
240 if (!is_preauth && (flags & KFE_USE_CLIENT)) {
241 /*
242 * It suffices that the client says it supports this
243 * enctype in its KDC-REQ-BODY's etype list, which is what
244 * `etypes' is here.
245 */
246 ret = 0;
247 break;
248 }
249
250 /* check target princ support */
251 key = NULL;
252 if (!(flags & KFE_USE_CLIENT) && princ->entry.etypes) {
253 /*
254 * Use the etypes list from the server's HDB entry instead
255 * of deriving it from its long-term keys. This allows an
256 * entry to have just one long-term key but record support
257 * for multiple enctypes.
258 */
259 for (m = 0; m < princ->entry.etypes->len; m++) {
260 if (p[i] == princ->entry.etypes->val[m]) {
261 ret = 0;
262 break;
263 }
264 }
265 } else {
266 /*
267 * Use the entry's long-term keys as the source of its
268 * supported enctypes, either because we're making
269 * PA-ETYPE-INFO* or because we're selecting a session key
270 * enctype.
271 */
272 while (hdb_next_enctype2key(context, &princ->entry, NULL,
273 p[i], &key) == 0) {
274 if (key->key.keyvalue.length == 0) {
275 ret = KRB5KDC_ERR_NULL_KEY;
276 continue;
277 }
278 enctype = p[i];
279 ret = 0;
280 if (is_preauth && ret_key != NULL &&
281 !is_default_salt_p(&def_salt, key))
282 continue;
283 }
284 }
285 }
286 }
287 } else {
288 /*
289 * Pick the first key from the client's enctype list that is
290 * supported by the cryptosystem and by the given principal.
291 *
292 * RFC4120 says we SHOULD pick the first _strong_ key from the
293 * client's list... not the first key... If the admin disallows
294 * weak enctypes in krb5.conf and selects this key selection
295 * algorithm, then we get exactly what RFC4120 says.
296 */
297 for(i = 0; ret != 0 && i < len; i++) {
298
299 if (krb5_enctype_valid(context, etypes[i]) != 0 &&
300 !_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
301 continue;
302
303 key = NULL;
304 while (ret != 0 &&
305 hdb_next_enctype2key(context, &princ->entry, NULL,
306 etypes[i], &key) == 0) {
307 if (key->key.keyvalue.length == 0) {
308 ret = KRB5KDC_ERR_NULL_KEY;
309 continue;
310 }
311 enctype = etypes[i];
312 ret = 0;
313 if (is_preauth && ret_key != NULL &&
314 !is_default_salt_p(&def_salt, key))
315 continue;
316 }
317 }
318 }
319
320 if (enctype == (krb5_enctype)ETYPE_NULL) {
321 /*
322 * if the service principal is one for which there is a known 1DES
323 * exception and no other enctype matches both the client request and
324 * the service key list, provide a DES-CBC-CRC key.
325 */
326 if (ret_key == NULL &&
327 _kdc_is_weak_exception(princ->entry.principal, ETYPE_DES_CBC_CRC)) {
328 ret = 0;
329 enctype = ETYPE_DES_CBC_CRC;
330 } else {
331 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
332 }
333 }
334
335 if (ret == 0) {
336 if (ret_enctype != NULL)
337 *ret_enctype = enctype;
338 if (ret_key != NULL)
339 *ret_key = key;
340 if (ret_default_salt != NULL)
341 *ret_default_salt = is_default_salt_p(&def_salt, key);
342 }
343
344 krb5_free_salt (context, def_salt);
345 return ret;
346 }
347
348 krb5_error_code
349 _kdc_make_anonymous_principalname (PrincipalName *pn)
350 {
351 pn->name_type = KRB5_NT_WELLKNOWN;
352 pn->name_string.len = 2;
353 pn->name_string.val = calloc(2, sizeof(*pn->name_string.val));
354 if (pn->name_string.val == NULL)
355 goto failed;
356
357 pn->name_string.val[0] = strdup(KRB5_WELLKNOWN_NAME);
358 if (pn->name_string.val[0] == NULL)
359 goto failed;
360
361 pn->name_string.val[1] = strdup(KRB5_ANON_NAME);
362 if (pn->name_string.val[1] == NULL)
363 goto failed;
364
365 return 0;
366
367 failed:
368 free_PrincipalName(pn);
369
370 pn->name_type = KRB5_NT_UNKNOWN;
371 pn->name_string.len = 0;
372 pn->name_string.val = NULL;
373
374 return ENOMEM;
375 }
376
377 static void
378 _kdc_r_log(astgs_request_t r, int level, const char *fmt, ...)
379 __attribute__ ((__format__ (__printf__, 3, 4)))
380 {
381 va_list ap;
382 char *s;
383 va_start(ap, fmt);
384 s = kdc_log_msg_va(r->context, r->config, level, fmt, ap);
385 if(s) free(s);
386 va_end(ap);
387 }
388
389 void
390 _kdc_set_e_text(astgs_request_t r, const char *fmt, ...)
391 __attribute__ ((__format__ (__printf__, 2, 3)))
392 {
393 va_list ap;
394 char *e_text = NULL;
395 int vasprintf_ret;
396
397 va_start(ap, fmt);
398 vasprintf_ret = vasprintf(&e_text, fmt, ap);
399 va_end(ap);
400
401 if (vasprintf_ret < 0 || !e_text)
402 /* not much else to do... */
403 return;
404
405 /* We should never see this */
406 if (r->e_text) {
407 kdc_log(r->context, r->config, 1, "trying to replace e-text: %s\n",
408 e_text);
409 free(e_text);
410 return;
411 }
412
413 r->e_text = e_text;
414 r->e_text_buf = e_text;
415 kdc_log(r->context, r->config, 4, "%s", e_text);
416 }
417
418 void
419 _kdc_log_timestamp(astgs_request_t r, const char *type,
420 KerberosTime authtime, KerberosTime *starttime,
421 KerberosTime endtime, KerberosTime *renew_till)
422 {
423 krb5_context context = r->context;
424 krb5_kdc_configuration *config = r->config;
425 char authtime_str[100], starttime_str[100],
426 endtime_str[100], renewtime_str[100];
427
428 if (authtime)
429 _kdc_audit_addkv((kdc_request_t)r, 0, "auth", "%ld", (long)authtime);
430 if (starttime && *starttime)
431 _kdc_audit_addkv((kdc_request_t)r, 0, "start", "%ld",
432 (long)*starttime);
433 if (endtime)
434 _kdc_audit_addkv((kdc_request_t)r, 0, "end", "%ld", (long)endtime);
435 if (renew_till && *renew_till)
436 _kdc_audit_addkv((kdc_request_t)r, 0, "renew", "%ld",
437 (long)*renew_till);
438
439 krb5_format_time(context, authtime,
440 authtime_str, sizeof(authtime_str), TRUE);
441 if (starttime)
442 krb5_format_time(context, *starttime,
443 starttime_str, sizeof(starttime_str), TRUE);
444 else
445 strlcpy(starttime_str, "unset", sizeof(starttime_str));
446 krb5_format_time(context, endtime,
447 endtime_str, sizeof(endtime_str), TRUE);
448 if (renew_till)
449 krb5_format_time(context, *renew_till,
450 renewtime_str, sizeof(renewtime_str), TRUE);
451 else
452 strlcpy(renewtime_str, "unset", sizeof(renewtime_str));
453
454 kdc_log(context, config, 4,
455 "%s authtime: %s starttime: %s endtime: %s renew till: %s",
456 type, authtime_str, starttime_str, endtime_str, renewtime_str);
457 }
458
459 /*
460 *
461 */
462
463 #ifdef PKINIT
464
465 static krb5_error_code
466 pa_pkinit_validate(astgs_request_t r, const PA_DATA *pa)
467 {
468 pk_client_params *pkp = NULL;
469 char *client_cert = NULL;
470 krb5_error_code ret;
471
472 ret = _kdc_pk_rd_padata(r, pa, &pkp);
473 if (ret || pkp == NULL) {
474 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
475 _kdc_r_log(r, 4, "Failed to decode PKINIT PA-DATA -- %s",
476 r->cname);
477 goto out;
478 }
479
480 ret = _kdc_pk_check_client(r, pkp, &client_cert);
481 if (ret) {
482 _kdc_set_e_text(r, "PKINIT certificate not allowed to "
483 "impersonate principal");
484 goto out;
485 }
486
487 r->pa_endtime = _kdc_pk_endtime(pkp);
488 if (!r->client->entry.flags.synthetic)
489 r->pa_max_life = _kdc_pk_max_life(pkp);
490
491 _kdc_r_log(r, 4, "PKINIT pre-authentication succeeded -- %s using %s",
492 r->cname, client_cert);
493 free(client_cert);
494
495 ret = _kdc_pk_mk_pa_reply(r, pkp);
496 if (ret) {
497 _kdc_set_e_text(r, "Failed to build PK-INIT reply");
498 goto out;
499 }
500 ret = _kdc_add_initial_verified_cas(r->context, r->config,
501 pkp, &r->et);
502 out:
503 if (pkp)
504 _kdc_pk_free_client_param(r->context, pkp);
505
506 return ret;
507 }
508
509 #endif /* PKINIT */
510
511 /*
512 *
513 */
514
515 static krb5_error_code
516 make_pa_enc_challange(astgs_request_t r, krb5_crypto crypto)
517 {
518 krb5_context context = r->context;
519 METHOD_DATA *md = &r->outpadata;
520 PA_ENC_TS_ENC p;
521 unsigned char *buf;
522 size_t buf_size;
523 size_t len;
524 EncryptedData encdata;
525 krb5_error_code ret;
526 int32_t usec;
527 int usec2;
528
529 krb5_us_timeofday (context, &p.patimestamp, &usec);
530 usec2 = usec;
531 p.pausec = &usec2;
532
533 ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
534 if (ret)
535 return ret;
536 if(buf_size != len)
537 krb5_abortx(context, "internal error in ASN.1 encoder");
538
539 ret = krb5_encrypt_EncryptedData(context,
540 crypto,
541 KRB5_KU_ENC_CHALLENGE_KDC,
542 buf,
543 len,
544 0,
545 &encdata);
546 free(buf);
547 if (ret)
548 return ret;
549
550 ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
551 free_EncryptedData(&encdata);
552 if (ret)
553 return ret;
554 if(buf_size != len)
555 krb5_abortx(context, "internal error in ASN.1 encoder");
556
557 ret = krb5_padata_add(context, md, KRB5_PADATA_ENCRYPTED_CHALLENGE, buf, len);
558 if (ret)
559 free(buf);
560 return ret;
561 }
562
563 static krb5_error_code
564 pa_enc_chal_validate(astgs_request_t r, const PA_DATA *pa)
565 {
566 krb5_data pepper1, pepper2, ts_data;
567 int invalidPassword = 0;
568 EncryptedData enc_data;
569 krb5_enctype aenctype;
570 krb5_error_code ret;
571 struct Key *k;
572 size_t size;
573 int i;
574
575 heim_assert(r->armor_crypto != NULL, "ENC-CHAL called for non FAST");
576
577 if (_kdc_is_anon_request(&r->req)) {
578 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
579 kdc_log(r->context, r->config, 4, "ENC-CHALL doesn't support anon");
580 return ret;
581 }
582
583 if (r->client->entry.flags.locked_out) {
584 ret = KRB5KDC_ERR_CLIENT_REVOKED;
585 kdc_log(r->context, r->config, 0,
586 "Client (%s) is locked out", r->cname);
587 return ret;
588 }
589
590 ret = decode_EncryptedData(pa->padata_value.data,
591 pa->padata_value.length,
592 &enc_data,
593 &size);
594 if (ret) {
595 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
596 _kdc_r_log(r, 4, "Failed to decode PA-DATA -- %s",
597 r->cname);
598 return ret;
599 }
600
601 pepper1.data = "clientchallengearmor";
602 pepper1.length = strlen(pepper1.data);
603 pepper2.data = "challengelongterm";
604 pepper2.length = strlen(pepper2.data);
605
606 krb5_crypto_getenctype(r->context, r->armor_crypto, &aenctype);
607
608 for (i = 0; i < r->client->entry.keys.len; i++) {
609 krb5_crypto challangecrypto, longtermcrypto;
610 krb5_keyblock challangekey;
611 PA_ENC_TS_ENC p;
612
613 k = &r->client->entry.keys.val[i];
614
615 ret = krb5_crypto_init(r->context, &k->key, 0, &longtermcrypto);
616 if (ret)
617 continue;
618
619 ret = krb5_crypto_fx_cf2(r->context, r->armor_crypto, longtermcrypto,
620 &pepper1, &pepper2, aenctype,
621 &challangekey);
622 krb5_crypto_destroy(r->context, longtermcrypto);
623 if (ret)
624 continue;
625
626 ret = krb5_crypto_init(r->context, &challangekey, 0,
627 &challangecrypto);
628 if (ret)
629 continue;
630
631 ret = krb5_decrypt_EncryptedData(r->context, challangecrypto,
632 KRB5_KU_ENC_CHALLENGE_CLIENT,
633 &enc_data,
634 &ts_data);
635 if (ret) {
636 const char *msg = krb5_get_error_message(r->context, ret);
637 krb5_error_code ret2;
638 char *str = NULL;
639
640 invalidPassword = 1;
641
642 ret2 = krb5_enctype_to_string(r->context, k->key.keytype, &str);
643 if (ret2)
644 str = NULL;
645 _kdc_r_log(r, 2, "Failed to decrypt ENC-CHAL -- %s "
646 "(enctype %s) error %s",
647 r->cname, str ? str : "unknown enctype", msg);
648 krb5_free_error_message(r->context, msg);
649 free(str);
650
651 continue;
652 }
653
654 ret = decode_PA_ENC_TS_ENC(ts_data.data,
655 ts_data.length,
656 &p,
657 &size);
658 krb5_data_free(&ts_data);
659 if(ret){
660 krb5_crypto_destroy(r->context, challangecrypto);
661 ret = KRB5KDC_ERR_PREAUTH_FAILED;
662 _kdc_r_log(r, 4, "Failed to decode PA-ENC-TS_ENC -- %s",
663 r->cname);
664 continue;
665 }
666
667 if (labs(kdc_time - p.patimestamp) > r->context->max_skew) {
668 char client_time[100];
669
670 krb5_crypto_destroy(r->context, challangecrypto);
671
672 krb5_format_time(r->context, p.patimestamp,
673 client_time, sizeof(client_time), TRUE);
674
675 ret = KRB5KRB_AP_ERR_SKEW;
676 _kdc_r_log(r, 4, "Too large time skew, "
677 "client time %s is out by %u > %u seconds -- %s",
678 client_time,
679 (unsigned)labs(kdc_time - p.patimestamp),
680 r->context->max_skew,
681 r->cname);
682
683 free_PA_ENC_TS_ENC(&p);
684 goto out;
685 }
686
687 free_PA_ENC_TS_ENC(&p);
688
689 ret = make_pa_enc_challange(r, challangecrypto);
690 krb5_crypto_destroy(r->context, challangecrypto);
691 if (ret)
692 goto out;
693
694 set_salt_padata(&r->outpadata, k->salt);
695 krb5_free_keyblock_contents(r->context, &r->reply_key);
696 ret = krb5_copy_keyblock_contents(r->context, &k->key, &r->reply_key);
697 if (ret)
698 goto out;
699
700 /*
701 * Success
702 */
703 if (r->clientdb->hdb_auth_status)
704 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
705 HDB_AUTH_SUCCESS);
706 goto out;
707 }
708
709 if (invalidPassword && r->clientdb->hdb_auth_status) {
710 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
711 HDB_AUTH_WRONG_PASSWORD);
712 ret = KRB5KDC_ERR_PREAUTH_FAILED;
713 }
714 out:
715 free_EncryptedData(&enc_data);
716
717 return ret;
718 }
719
720 static krb5_error_code
721 pa_enc_ts_validate(astgs_request_t r, const PA_DATA *pa)
722 {
723 EncryptedData enc_data;
724 krb5_error_code ret;
725 krb5_crypto crypto;
726 krb5_data ts_data;
727 PA_ENC_TS_ENC p;
728 size_t len;
729 Key *pa_key;
730 char *str;
731
732 if (r->client->entry.flags.locked_out) {
733 ret = KRB5KDC_ERR_CLIENT_REVOKED;
734 kdc_log(r->context, r->config, 0,
735 "Client (%s) is locked out", r->cname);
736 return ret;
737 }
738
739 ret = decode_EncryptedData(pa->padata_value.data,
740 pa->padata_value.length,
741 &enc_data,
742 &len);
743 if (ret) {
744 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
745 _kdc_r_log(r, 4, "Failed to decode PA-DATA -- %s",
746 r->cname);
747 goto out;
748 }
749
750 ret = hdb_enctype2key(r->context, &r->client->entry, NULL,
751 enc_data.etype, &pa_key);
752 if(ret){
753 char *estr;
754 _kdc_set_e_text(r, "No key matching entype");
755 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
756 if(krb5_enctype_to_string(r->context, enc_data.etype, &estr))
757 estr = NULL;
758 if(estr == NULL)
759 _kdc_r_log(r, 4,
760 "No client key matching pa-data (%d) -- %s",
761 enc_data.etype, r->cname);
762 else
763 _kdc_r_log(r, 4,
764 "No client key matching pa-data (%s) -- %s",
765 estr, r->cname);
766 free(estr);
767 free_EncryptedData(&enc_data);
768 goto out;
769 }
770
771 try_next_key:
772 ret = krb5_crypto_init(r->context, &pa_key->key, 0, &crypto);
773 if (ret) {
774 const char *msg = krb5_get_error_message(r->context, ret);
775 _kdc_r_log(r, 4, "krb5_crypto_init failed: %s", msg);
776 krb5_free_error_message(r->context, msg);
777 free_EncryptedData(&enc_data);
778 goto out;
779 }
780
781 ret = krb5_decrypt_EncryptedData (r->context,
782 crypto,
783 KRB5_KU_PA_ENC_TIMESTAMP,
784 &enc_data,
785 &ts_data);
786 krb5_crypto_destroy(r->context, crypto);
787 /*
788 * Since the user might have several keys with the same
789 * enctype but with diffrent salting, we need to try all
790 * the keys with the same enctype.
791 */
792 if(ret){
793 krb5_error_code ret2;
794 const char *msg = krb5_get_error_message(r->context, ret);
795
796 ret2 = krb5_enctype_to_string(r->context,
797 pa_key->key.keytype, &str);
798 if (ret2)
799 str = NULL;
800 _kdc_r_log(r, 2, "Failed to decrypt PA-DATA -- %s "
801 "(enctype %s) error %s",
802 r->cname, str ? str : "unknown enctype", msg);
803 krb5_free_error_message(r->context, msg);
804 free(str);
805
806 if(hdb_next_enctype2key(r->context, &r->client->entry, NULL,
807 enc_data.etype, &pa_key) == 0)
808 goto try_next_key;
809
810 free_EncryptedData(&enc_data);
811
812 if (r->clientdb->hdb_auth_status)
813 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
814 HDB_AUTH_WRONG_PASSWORD);
815
816 ret = KRB5KDC_ERR_PREAUTH_FAILED;
817 goto out;
818 }
819 free_EncryptedData(&enc_data);
820 ret = decode_PA_ENC_TS_ENC(ts_data.data,
821 ts_data.length,
822 &p,
823 &len);
824 krb5_data_free(&ts_data);
825 if(ret){
826 ret = KRB5KDC_ERR_PREAUTH_FAILED;
827 _kdc_r_log(r, 4, "Failed to decode PA-ENC-TS_ENC -- %s",
828 r->cname);
829 goto out;
830 }
831 if (labs(kdc_time - p.patimestamp) > r->context->max_skew) {
832 char client_time[100];
833
834 krb5_format_time(r->context, p.patimestamp,
835 client_time, sizeof(client_time), TRUE);
836
837 ret = KRB5KRB_AP_ERR_SKEW;
838 _kdc_r_log(r, 4, "Too large time skew, "
839 "client time %s is out by %u > %u seconds -- %s",
840 client_time,
841 (unsigned)labs(kdc_time - p.patimestamp),
842 r->context->max_skew,
843 r->cname);
844
845 /*
846 * The following is needed to make windows clients to
847 * retry using the timestamp in the error message, if
848 * there is a e_text, they become unhappy.
849 */
850 r->e_text = NULL;
851 free_PA_ENC_TS_ENC(&p);
852 goto out;
853 }
854 free_PA_ENC_TS_ENC(&p);
855
856 set_salt_padata(&r->outpadata, pa_key->salt);
857
858 ret = krb5_copy_keyblock_contents(r->context, &pa_key->key, &r->reply_key);
859 if (ret)
860 return ret;
861
862 ret = krb5_enctype_to_string(r->context, pa_key->key.keytype, &str);
863 if (ret)
864 str = NULL;
865 _kdc_r_log(r, 4, "ENC-TS Pre-authentication succeeded -- %s using %s",
866 r->cname, str ? str : "unknown enctype");
867 _kdc_audit_addkv((kdc_request_t)r, 0, "pa-etype", "%d",
868 (int)pa_key->key.keytype);
869 free(str);
870
871 ret = 0;
872
873 out:
874
875 return ret;
876 }
877
878 struct kdc_patypes {
879 int type;
880 char *name;
881 unsigned int flags;
882 #define PA_ANNOUNCE 1
883 #define PA_REQ_FAST 2 /* only use inside fast */
884 #define PA_SYNTHETIC_OK 4
885 krb5_error_code (*validate)(astgs_request_t, const PA_DATA *pa);
886 };
887
888 static const struct kdc_patypes pat[] = {
889 #ifdef PKINIT
890 {
891 KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)",
892 PA_ANNOUNCE | PA_SYNTHETIC_OK,
893 pa_pkinit_validate
894 },
895 {
896 KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", PA_ANNOUNCE,
897 pa_pkinit_validate
898 },
899 {
900 KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", PA_ANNOUNCE,
901 NULL
902 },
903 #else
904 { KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)", 0, NULL },
905 { KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", 0, NULL },
906 { KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", 0, NULL },
907 #endif
908 { KRB5_PADATA_PA_PK_OCSP_RESPONSE , "OCSP", 0, NULL },
909 {
910 KRB5_PADATA_ENC_TIMESTAMP , "ENC-TS",
911 PA_ANNOUNCE,
912 pa_enc_ts_validate
913 },
914 {
915 KRB5_PADATA_ENCRYPTED_CHALLENGE , "ENC-CHAL",
916 PA_ANNOUNCE | PA_REQ_FAST,
917 pa_enc_chal_validate
918 },
919 { KRB5_PADATA_REQ_ENC_PA_REP , "REQ-ENC-PA-REP", 0, NULL },
920 { KRB5_PADATA_FX_FAST, "FX-FAST", PA_ANNOUNCE, NULL },
921 { KRB5_PADATA_FX_ERROR, "FX-ERROR", 0, NULL },
922 { KRB5_PADATA_FX_COOKIE, "FX-COOKIE", 0, NULL }
923 };
924
925 static void
926 log_patypes(astgs_request_t r, METHOD_DATA *padata)
927 {
928 krb5_context context = r->context;
929 krb5_kdc_configuration *config = r->config;
930 struct rk_strpool *p = NULL;
931 char *str;
932 size_t n, m;
933
934 for (n = 0; n < padata->len; n++) {
935 for (m = 0; m < sizeof(pat) / sizeof(pat[0]); m++) {
936 if (padata->val[n].padata_type == pat[m].type) {
937 p = rk_strpoolprintf(p, "%s", pat[m].name);
938 break;
939 }
940 }
941 if (m == sizeof(pat) / sizeof(pat[0]))
942 p = rk_strpoolprintf(p, "%d", padata->val[n].padata_type);
943 if (p && n + 1 < padata->len)
944 p = rk_strpoolprintf(p, ", ");
945 if (p == NULL) {
946 kdc_log(context, config, 1, "out of memory");
947 return;
948 }
949 }
950 if (p == NULL)
951 p = rk_strpoolprintf(p, "none");
952
953 str = rk_strpoolcollect(p);
954 kdc_log(context, config, 4, "Client sent patypes: %s", str);
955 _kdc_audit_addkv((kdc_request_t)r, KDC_AUDIT_EATWHITE,
956 "client-pa", "%s", str);
957 free(str);
958 }
959
960 /*
961 *
962 */
963
964 krb5_error_code
965 _kdc_encode_reply(krb5_context context,
966 krb5_kdc_configuration *config,
967 krb5_crypto armor_crypto, uint32_t nonce,
968 KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
969 krb5_enctype etype,
970 int skvno, const EncryptionKey *skey,
971 int ckvno, const EncryptionKey *reply_key,
972 int rk_is_subkey,
973 const char **e_text,
974 krb5_data *reply)
975 {
976 unsigned char *buf;
977 size_t buf_size;
978 size_t len = 0;
979 krb5_error_code ret;
980 krb5_crypto crypto;
981
982 ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
983 if(ret) {
984 const char *msg = krb5_get_error_message(context, ret);
985 kdc_log(context, config, 4, "Failed to encode ticket: %s", msg);
986 krb5_free_error_message(context, msg);
987 return ret;
988 }
989 if(buf_size != len)
990 krb5_abortx(context, "Internal error in ASN.1 encoder");
991
992 ret = krb5_crypto_init(context, skey, etype, &crypto);
993 if (ret) {
994 const char *msg = krb5_get_error_message(context, ret);
995 kdc_log(context, config, 4, "krb5_crypto_init failed: %s", msg);
996 krb5_free_error_message(context, msg);
997 free(buf);
998 return ret;
999 }
1000
1001 ret = krb5_encrypt_EncryptedData(context,
1002 crypto,
1003 KRB5_KU_TICKET,
1004 buf,
1005 len,
1006 skvno,
1007 &rep->ticket.enc_part);
1008 free(buf);
1009 krb5_crypto_destroy(context, crypto);
1010 if(ret) {
1011 const char *msg = krb5_get_error_message(context, ret);
1012 kdc_log(context, config, 4, "Failed to encrypt data: %s", msg);
1013 krb5_free_error_message(context, msg);
1014 return ret;
1015 }
1016
1017 if (armor_crypto) {
1018 krb5_data data;
1019 krb5_keyblock *strengthen_key = NULL;
1020 KrbFastFinished finished;
1021
1022 kdc_log(context, config, 4, "FAST armor protection");
1023
1024 memset(&finished, 0, sizeof(finished));
1025 krb5_data_zero(&data);
1026
1027 finished.timestamp = kdc_time;
1028 finished.usec = 0;
1029 finished.crealm = et->crealm;
1030 finished.cname = et->cname;
1031
1032 ASN1_MALLOC_ENCODE(Ticket, data.data, data.length,
1033 &rep->ticket, &len, ret);
1034 if (ret)
1035 return ret;
1036 if (data.length != len)
1037 krb5_abortx(context, "internal asn.1 error");
1038
1039 ret = krb5_create_checksum(context, armor_crypto,
1040 KRB5_KU_FAST_FINISHED, 0,
1041 data.data, data.length,
1042 &finished.ticket_checksum);
1043 krb5_data_free(&data);
1044 if (ret)
1045 return ret;
1046
1047 ret = _kdc_fast_mk_response(context, armor_crypto,
1048 rep->padata, strengthen_key, &finished,
1049 nonce, &data);
1050 free_Checksum(&finished.ticket_checksum);
1051 if (ret)
1052 return ret;
1053
1054 if (rep->padata) {
1055 free_METHOD_DATA(rep->padata);
1056 } else {
1057 rep->padata = calloc(1, sizeof(*(rep->padata)));
1058 if (rep->padata == NULL) {
1059 krb5_data_free(&data);
1060 return ENOMEM;
1061 }
1062 }
1063
1064 ret = krb5_padata_add(context, rep->padata,
1065 KRB5_PADATA_FX_FAST,
1066 data.data, data.length);
1067 if (ret)
1068 return ret;
1069
1070 /*
1071 * Hide client name of privacy reasons
1072 */
1073 if (1 /* r->fast_options.hide_client_names */) {
1074 rep->crealm[0] = '\0';
1075 free_PrincipalName(&rep->cname);
1076 rep->cname.name_type = 0;
1077 }
1078 }
1079
1080 if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep)
1081 ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
1082 else
1083 ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
1084 if(ret) {
1085 const char *msg = krb5_get_error_message(context, ret);
1086 kdc_log(context, config, 4, "Failed to encode KDC-REP: %s", msg);
1087 krb5_free_error_message(context, msg);
1088 return ret;
1089 }
1090 if(buf_size != len) {
1091 free(buf);
1092 kdc_log(context, config, 4, "Internal error in ASN.1 encoder");
1093 *e_text = "KDC internal error";
1094 return KRB5KRB_ERR_GENERIC;
1095 }
1096 ret = krb5_crypto_init(context, reply_key, 0, &crypto);
1097 if (ret) {
1098 const char *msg = krb5_get_error_message(context, ret);
1099 free(buf);
1100 kdc_log(context, config, 4, "krb5_crypto_init failed: %s", msg);
1101 krb5_free_error_message(context, msg);
1102 return ret;
1103 }
1104 if(rep->msg_type == krb_as_rep) {
1105 krb5_encrypt_EncryptedData(context,
1106 crypto,
1107 KRB5_KU_AS_REP_ENC_PART,
1108 buf,
1109 len,
1110 ckvno,
1111 &rep->enc_part);
1112 free(buf);
1113 ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
1114 } else {
1115 krb5_encrypt_EncryptedData(context,
1116 crypto,
1117 rk_is_subkey ? KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : KRB5_KU_TGS_REP_ENC_PART_SESSION,
1118 buf,
1119 len,
1120 ckvno,
1121 &rep->enc_part);
1122 free(buf);
1123 ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
1124 }
1125 krb5_crypto_destroy(context, crypto);
1126 if(ret) {
1127 const char *msg = krb5_get_error_message(context, ret);
1128 kdc_log(context, config, 4, "Failed to encode KDC-REP: %s", msg);
1129 krb5_free_error_message(context, msg);
1130 return ret;
1131 }
1132 if(buf_size != len) {
1133 free(buf);
1134 kdc_log(context, config, 4, "Internal error in ASN.1 encoder");
1135 *e_text = "KDC internal error";
1136 return KRB5KRB_ERR_GENERIC;
1137 }
1138 reply->data = buf;
1139 reply->length = buf_size;
1140 return 0;
1141 }
1142
1143 /*
1144 * Return 1 if the client have only older enctypes, this is for
1145 * determining if the server should send ETYPE_INFO2 or not.
1146 */
1147
1148 static int
1149 older_enctype(krb5_enctype enctype)
1150 {
1151 switch (enctype) {
1152 case ETYPE_DES_CBC_CRC:
1153 case ETYPE_DES_CBC_MD4:
1154 case ETYPE_DES_CBC_MD5:
1155 case ETYPE_DES3_CBC_SHA1:
1156 case ETYPE_ARCFOUR_HMAC_MD5:
1157 case ETYPE_ARCFOUR_HMAC_MD5_56:
1158 /*
1159 * The following three is "old" windows enctypes and is needed for
1160 * windows 2000 hosts.
1161 */
1162 case ETYPE_ARCFOUR_MD4:
1163 case ETYPE_ARCFOUR_HMAC_OLD:
1164 case ETYPE_ARCFOUR_HMAC_OLD_EXP:
1165 return 1;
1166 default:
1167 return 0;
1168 }
1169 }
1170
1171 /*
1172 *
1173 */
1174
1175 static krb5_error_code
1176 make_etype_info_entry(krb5_context context,
1177 ETYPE_INFO_ENTRY *ent,
1178 Key *key,
1179 krb5_boolean include_salt)
1180 {
1181 ent->etype = key->key.keytype;
1182 if (key->salt && include_salt){
1183 #if 0
1184 ALLOC(ent->salttype);
1185
1186 if(key->salt->type == hdb_pw_salt)
1187 *ent->salttype = 0; /* or 1? or NULL? */
1188 else if(key->salt->type == hdb_afs3_salt)
1189 *ent->salttype = 2;
1190 else {
1191 kdc_log(context, config, 4, "unknown salt-type: %d",
1192 key->salt->type);
1193 return KRB5KRB_ERR_GENERIC;
1194 }
1195 /* according to `the specs', we can't send a salt if
1196 we have AFS3 salted key, but that requires that you
1197 *know* what cell you are using (e.g by assuming
1198 that the cell is the same as the realm in lower
1199 case) */
1200 #elif 0
1201 ALLOC(ent->salttype);
1202 *ent->salttype = key->salt->type;
1203 #else
1204 /*
1205 * We shouldn't sent salttype since it is incompatible with the
1206 * specification and it breaks windows clients. The afs
1207 * salting problem is solved by using KRB5-PADATA-AFS3-SALT
1208 * implemented in Heimdal 0.7 and later.
1209 */
1210 ent->salttype = NULL;
1211 #endif
1212 krb5_copy_data(context, &key->salt->salt,
1213 &ent->salt);
1214 } else {
1215 /* we return no salt type at all, as that should indicate
1216 * the default salt type and make everybody happy. some
1217 * systems (like w2k) dislike being told the salt type
1218 * here. */
1219
1220 ent->salttype = NULL;
1221 ent->salt = NULL;
1222 }
1223 return 0;
1224 }
1225
1226 static krb5_error_code
1227 get_pa_etype_info(krb5_context context,
1228 krb5_kdc_configuration *config,
1229 METHOD_DATA *md, Key *ckey,
1230 krb5_boolean include_salt)
1231 {
1232 krb5_error_code ret = 0;
1233 ETYPE_INFO pa;
1234 unsigned char *buf;
1235 size_t len;
1236
1237
1238 pa.len = 1;
1239 pa.val = calloc(1, sizeof(pa.val[0]));
1240 if(pa.val == NULL)
1241 return ENOMEM;
1242
1243 ret = make_etype_info_entry(context, &pa.val[0], ckey, include_salt);
1244 if (ret) {
1245 free_ETYPE_INFO(&pa);
1246 return ret;
1247 }
1248
1249 ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
1250 free_ETYPE_INFO(&pa);
1251 if(ret)
1252 return ret;
1253 ret = realloc_method_data(md);
1254 if(ret) {
1255 free(buf);
1256 return ret;
1257 }
1258 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO;
1259 md->val[md->len - 1].padata_value.length = len;
1260 md->val[md->len - 1].padata_value.data = buf;
1261 return 0;
1262 }
1263
1264 /*
1265 *
1266 */
1267
1268 extern int _krb5_AES_SHA1_string_to_default_iterator;
1269 extern int _krb5_AES_SHA2_string_to_default_iterator;
1270
1271 static krb5_error_code
1272 make_s2kparams(int value, size_t len, krb5_data **ps2kparams)
1273 {
1274 krb5_data *s2kparams;
1275 krb5_error_code ret;
1276
1277 ALLOC(s2kparams);
1278 if (s2kparams == NULL)
1279 return ENOMEM;
1280 ret = krb5_data_alloc(s2kparams, len);
1281 if (ret) {
1282 free(s2kparams);
1283 return ret;
1284 }
1285 _krb5_put_int(s2kparams->data, value, len);
1286 *ps2kparams = s2kparams;
1287 return 0;
1288 }
1289
1290 static krb5_error_code
1291 make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent,
1292 Key *key,
1293 krb5_boolean include_salt)
1294 {
1295 krb5_error_code ret;
1296
1297 ent->etype = key->key.keytype;
1298 if (key->salt && include_salt) {
1299 ALLOC(ent->salt);
1300 if (ent->salt == NULL)
1301 return ENOMEM;
1302 *ent->salt = malloc(key->salt->salt.length + 1);
1303 if (*ent->salt == NULL) {
1304 free(ent->salt);
1305 ent->salt = NULL;
1306 return ENOMEM;
1307 }
1308 memcpy(*ent->salt, key->salt->salt.data, key->salt->salt.length);
1309 (*ent->salt)[key->salt->salt.length] = '\0';
1310 } else
1311 ent->salt = NULL;
1312
1313 ent->s2kparams = NULL;
1314
1315 switch (key->key.keytype) {
1316 case ETYPE_AES128_CTS_HMAC_SHA1_96:
1317 case ETYPE_AES256_CTS_HMAC_SHA1_96:
1318 ret = make_s2kparams(_krb5_AES_SHA1_string_to_default_iterator,
1319 4, &ent->s2kparams);
1320 break;
1321 case KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128:
1322 case KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192:
1323 ret = make_s2kparams(_krb5_AES_SHA2_string_to_default_iterator,
1324 4, &ent->s2kparams);
1325 break;
1326 case ETYPE_DES_CBC_CRC:
1327 case ETYPE_DES_CBC_MD4:
1328 case ETYPE_DES_CBC_MD5:
1329 /* Check if this was a AFS3 salted key */
1330 if(key->salt && key->salt->type == hdb_afs3_salt)
1331 ret = make_s2kparams(1, 1, &ent->s2kparams);
1332 else
1333 ret = 0;
1334 break;
1335 default:
1336 ret = 0;
1337 break;
1338 }
1339 return ret;
1340 }
1341
1342 /*
1343 * Return an ETYPE-INFO2. Enctypes are storted the same way as in the
1344 * database (client supported enctypes first, then the unsupported
1345 * enctypes).
1346 */
1347
1348 static krb5_error_code
1349 get_pa_etype_info2(krb5_context context,
1350 krb5_kdc_configuration *config,
1351 METHOD_DATA *md, Key *ckey,
1352 krb5_boolean include_salt)
1353 {
1354 krb5_error_code ret = 0;
1355 ETYPE_INFO2 pa;
1356 unsigned char *buf;
1357 size_t len;
1358
1359 pa.len = 1;
1360 pa.val = calloc(1, sizeof(pa.val[0]));
1361 if(pa.val == NULL)
1362 return ENOMEM;
1363
1364 ret = make_etype_info2_entry(&pa.val[0], ckey, include_salt);
1365 if (ret) {
1366 free_ETYPE_INFO2(&pa);
1367 return ret;
1368 }
1369
1370 ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret);
1371 free_ETYPE_INFO2(&pa);
1372 if(ret)
1373 return ret;
1374 ret = realloc_method_data(md);
1375 if(ret) {
1376 free(buf);
1377 return ret;
1378 }
1379 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO2;
1380 md->val[md->len - 1].padata_value.length = len;
1381 md->val[md->len - 1].padata_value.data = buf;
1382 return 0;
1383 }
1384
1385 static int
1386 newer_enctype_present(struct KDC_REQ_BODY_etype *etype_list)
1387 {
1388 size_t i;
1389
1390 for (i = 0; i < etype_list->len; i++) {
1391 if (!older_enctype(etype_list->val[i]))
1392 return 1;
1393 }
1394 return 0;
1395 }
1396
1397 static krb5_error_code
1398 get_pa_etype_info_both(krb5_context context,
1399 krb5_kdc_configuration *config,
1400 struct KDC_REQ_BODY_etype *etype_list,
1401 METHOD_DATA *md, Key *ckey,
1402 krb5_boolean include_salt)
1403 {
1404 krb5_error_code ret;
1405
1406 /*
1407 * Windows 2019 (and earlier versions) always sends the salt
1408 * and Samba has testsuites that check this behaviour, so a
1409 * Samba AD DC will set this flag to match the AS-REP packet
1410 * more closely.
1411 */
1412 if (config->force_include_pa_etype_salt)
1413 include_salt = TRUE;
1414
1415 /*
1416 * RFC4120 requires:
1417 * When the AS server is to include pre-authentication data in a
1418 * KRB-ERROR or in an AS-REP, it MUST use PA-ETYPE-INFO2, not
1419 * PA-ETYPE-INFO, if the etype field of the client's AS-REQ lists
1420 * at least one "newer" encryption type. Otherwise (when the etype
1421 * field of the client's AS-REQ does not list any "newer" encryption
1422 * types), it MUST send both PA-ETYPE-INFO2 and PA-ETYPE-INFO (both
1423 * with an entry for each enctype). A "newer" enctype is any enctype
1424 * first officially specified concurrently with or subsequent to the
1425 * issue of this RFC. The enctypes DES, 3DES, or RC4 and any defined
1426 * in [RFC1510] are not "newer" enctypes.
1427 *
1428 * It goes on to state:
1429 * The preferred ordering of the "hint" pre-authentication data that
1430 * affect client key selection is: ETYPE-INFO2, followed by ETYPE-INFO,
1431 * followed by PW-SALT. As noted in Section 3.1.3, a KDC MUST NOT send
1432 * ETYPE-INFO or PW-SALT when the client's AS-REQ includes at least one
1433 * "newer" etype.
1434 */
1435
1436 ret = get_pa_etype_info2(context, config, md, ckey, include_salt);
1437 if (ret)
1438 return ret;
1439
1440 if (!newer_enctype_present(etype_list))
1441 ret = get_pa_etype_info(context, config, md, ckey, include_salt);
1442
1443 return ret;
1444 }
1445
1446 /*
1447 *
1448 */
1449
1450 void
1451 _log_astgs_req(astgs_request_t r, krb5_enctype setype)
1452 {
1453 krb5_context context = r->context;
1454 const KDC_REQ_BODY *b = &r->req.req_body;
1455 krb5_enctype cetype = r->reply_key.keytype;
1456 krb5_error_code ret;
1457 struct rk_strpool *p;
1458 struct rk_strpool *s = NULL;
1459 char *str;
1460 char *cet;
1461 char *set;
1462 size_t i;
1463
1464 /*
1465 * we are collecting ``p'' and ``s''. The former is a textual
1466 * representation of the enctypes as strings which will be used
1467 * for debugging. The latter is a terse comma separated list of
1468 * the %d's of the enctypes to emit into our audit trail to
1469 * conserve space in the logs.
1470 */
1471
1472 p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: ");
1473
1474 for (i = 0; i < b->etype.len; i++) {
1475 ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
1476 if (ret == 0) {
1477 p = rk_strpoolprintf(p, "%s", str);
1478 free(str);
1479 } else
1480 p = rk_strpoolprintf(p, "%d", b->etype.val[i]);
1481 if (p == NULL) {
1482 rk_strpoolfree(s);
1483 _kdc_r_log(r, 4, "out of memory");
1484 return;
1485 }
1486 s = rk_strpoolprintf(s, "%d", b->etype.val[i]);
1487 if (i + 1 < b->etype.len) {
1488 p = rk_strpoolprintf(p, ", ");
1489 s = rk_strpoolprintf(s, ",");
1490 }
1491 }
1492 if (p == NULL)
1493 p = rk_strpoolprintf(p, "no encryption types");
1494
1495 str = rk_strpoolcollect(s);
1496 if (str)
1497 _kdc_audit_addkv((kdc_request_t)r, KDC_AUDIT_EATWHITE, "etypes", "%s",
1498 str);
1499 free(str);
1500
1501 ret = krb5_enctype_to_string(context, cetype, &cet);
1502 if(ret == 0) {
1503 ret = krb5_enctype_to_string(context, setype, &set);
1504 if (ret == 0) {
1505 p = rk_strpoolprintf(p, ", using %s/%s", cet, set);
1506 free(set);
1507 }
1508 free(cet);
1509 }
1510 if (ret != 0)
1511 p = rk_strpoolprintf(p, ", using enctypes %d/%d",
1512 cetype, setype);
1513
1514 str = rk_strpoolcollect(p);
1515 if (str)
1516 _kdc_r_log(r, 4, "%s", str);
1517 free(str);
1518
1519 _kdc_audit_addkv((kdc_request_t)r, 0, "etype", "%d/%d", cetype, setype);
1520
1521 {
1522 char fixedstr[128];
1523
1524 unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(),
1525 fixedstr, sizeof(fixedstr));
1526 if (*fixedstr) {
1527 _kdc_r_log(r, 4, "Requested flags: %s", fixedstr);
1528 _kdc_audit_addkv((kdc_request_t)r, KDC_AUDIT_EATWHITE,
1529 "flags", "%s", fixedstr);
1530 }
1531 }
1532 }
1533
1534 /*
1535 * verify the flags on `client' and `server', returning 0
1536 * if they are OK and generating an error messages and returning
1537 * and error code otherwise.
1538 */
1539
1540 krb5_error_code
1541 kdc_check_flags(astgs_request_t r, krb5_boolean is_as_req)
1542 {
1543 krb5_context context = r->context;
1544 hdb_entry_ex *client_ex = r->client;
1545 hdb_entry_ex *server_ex = r->server;
1546
1547 if(client_ex != NULL) {
1548 hdb_entry *client = &client_ex->entry;
1549
1550 /* check client */
1551 if (client->flags.locked_out) {
1552 _kdc_audit_addreason((kdc_request_t)r, "Client is locked out");
1553 return KRB5KDC_ERR_CLIENT_REVOKED;
1554 }
1555
1556 if (client->flags.invalid) {
1557 _kdc_audit_addreason((kdc_request_t)r,
1558 "Client has invalid bit set");
1559 return KRB5KDC_ERR_POLICY;
1560 }
1561
1562 if (!client->flags.client) {
1563 _kdc_audit_addreason((kdc_request_t)r,
1564 "Principal may not act as client");
1565 return KRB5KDC_ERR_POLICY;
1566 }
1567
1568 if (client->valid_start && *client->valid_start > kdc_time) {
1569 char starttime_str[100];
1570 krb5_format_time(context, *client->valid_start,
1571 starttime_str, sizeof(starttime_str), TRUE);
1572 _kdc_audit_addreason((kdc_request_t)r, "Client not yet valid "
1573 "until %s", starttime_str);
1574 return KRB5KDC_ERR_CLIENT_NOTYET;
1575 }
1576
1577 if (client->valid_end && *client->valid_end < kdc_time) {
1578 char endtime_str[100];
1579 krb5_format_time(context, *client->valid_end,
1580 endtime_str, sizeof(endtime_str), TRUE);
1581 _kdc_audit_addreason((kdc_request_t)r, "Client expired at %s",
1582 endtime_str);
1583 return KRB5KDC_ERR_NAME_EXP;
1584 }
1585
1586 if (client->flags.require_pwchange &&
1587 (server_ex == NULL || !server_ex->entry.flags.change_pw))
1588 return KRB5KDC_ERR_KEY_EXPIRED;
1589
1590 if (client->pw_end && *client->pw_end < kdc_time
1591 && (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
1592 char pwend_str[100];
1593 krb5_format_time(context, *client->pw_end,
1594 pwend_str, sizeof(pwend_str), TRUE);
1595 _kdc_audit_addreason((kdc_request_t)r, "Client's key has expired "
1596 "at %s", pwend_str);
1597 return KRB5KDC_ERR_KEY_EXPIRED;
1598 }
1599 }
1600
1601 /* check server */
1602
1603 if (server_ex != NULL) {
1604 hdb_entry *server = &server_ex->entry;
1605
1606 if (server->flags.locked_out) {
1607 _kdc_audit_addreason((kdc_request_t)r, "Server locked out");
1608 return KRB5KDC_ERR_SERVICE_REVOKED;
1609 }
1610 if (server->flags.invalid) {
1611 _kdc_audit_addreason((kdc_request_t)r,
1612 "Server has invalid flag set");
1613 return KRB5KDC_ERR_POLICY;
1614 }
1615 if (!server->flags.server) {
1616 _kdc_audit_addreason((kdc_request_t)r,
1617 "Principal may not act as server");
1618 return KRB5KDC_ERR_POLICY;
1619 }
1620
1621 if (!is_as_req && server->flags.initial) {
1622 _kdc_audit_addreason((kdc_request_t)r,
1623 "AS-REQ is required for server");
1624 return KRB5KDC_ERR_POLICY;
1625 }
1626
1627 if (server->valid_start && *server->valid_start > kdc_time) {
1628 char starttime_str[100];
1629 krb5_format_time(context, *server->valid_start,
1630 starttime_str, sizeof(starttime_str), TRUE);
1631 _kdc_audit_addreason((kdc_request_t)r, "Server not yet valid "
1632 "until %s", starttime_str);
1633 return KRB5KDC_ERR_SERVICE_NOTYET;
1634 }
1635
1636 if (server->valid_end && *server->valid_end < kdc_time) {
1637 char endtime_str[100];
1638 krb5_format_time(context, *server->valid_end,
1639 endtime_str, sizeof(endtime_str), TRUE);
1640 _kdc_audit_addreason((kdc_request_t)r, "Server expired at %s",
1641 endtime_str);
1642 return KRB5KDC_ERR_SERVICE_EXP;
1643 }
1644
1645 if (server->pw_end && *server->pw_end < kdc_time) {
1646 char pwend_str[100];
1647 krb5_format_time(context, *server->pw_end,
1648 pwend_str, sizeof(pwend_str), TRUE);
1649 _kdc_audit_addreason((kdc_request_t)r, "Server's key has expired "
1650 "at %s", pwend_str);
1651 return KRB5KDC_ERR_KEY_EXPIRED;
1652 }
1653 }
1654 return 0;
1655 }
1656
1657 /*
1658 * Return TRUE if `from' is part of `addresses' taking into consideration
1659 * the configuration variables that tells us how strict we should be about
1660 * these checks
1661 */
1662
1663 krb5_boolean
1664 _kdc_check_addresses(astgs_request_t r, HostAddresses *addresses,
1665 const struct sockaddr *from)
1666 {
1667 krb5_context context = r->context;
1668 krb5_kdc_configuration *config = r->config;
1669 krb5_error_code ret;
1670 krb5_address addr;
1671 krb5_boolean result;
1672 krb5_boolean only_netbios = TRUE;
1673 size_t i;
1674
1675 if (!config->check_ticket_addresses && !config->warn_ticket_addresses)
1676 return TRUE;
1677
1678 /*
1679 * Fields of HostAddresses type are always OPTIONAL and should be non-
1680 * empty, but we check for empty just in case as our compiler doesn't
1681 * support size constraints on SEQUENCE OF.
1682 */
1683 if (addresses == NULL || addresses->len == 0)
1684 return config->allow_null_ticket_addresses;
1685
1686 for (i = 0; i < addresses->len; ++i) {
1687 if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
1688 only_netbios = FALSE;
1689 }
1690 }
1691
1692 /* Windows sends it's netbios name, which I can only assume is
1693 * used for the 'allowed workstations' check. This is painful,
1694 * but we still want to check IP addresses if they happen to be
1695 * present.
1696 */
1697
1698 if(only_netbios)
1699 return config->allow_null_ticket_addresses;
1700
1701 ret = krb5_sockaddr2address (context, from, &addr);
1702 if(ret)
1703 return FALSE;
1704
1705 result = krb5_address_search(context, &addr, addresses);
1706 krb5_free_address (context, &addr);
1707 return result;
1708 }
1709
1710 /*
1711 *
1712 */
1713 krb5_error_code
1714 _kdc_check_anon_policy(astgs_request_t r)
1715 {
1716 if (!r->config->allow_anonymous) {
1717 _kdc_audit_addreason((kdc_request_t)r,
1718 "Anonymous tickets denied by local policy");
1719 return KRB5KDC_ERR_POLICY;
1720 }
1721
1722 return 0;
1723 }
1724
1725 /*
1726 *
1727 */
1728
1729 static krb5_boolean
1730 send_pac_p(krb5_context context, KDC_REQ *req)
1731 {
1732 krb5_error_code ret;
1733 PA_PAC_REQUEST pacreq;
1734 const PA_DATA *pa;
1735 int i = 0;
1736
1737 pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST);
1738 if (pa == NULL)
1739 return TRUE;
1740
1741 ret = decode_PA_PAC_REQUEST(pa->padata_value.data,
1742 pa->padata_value.length,
1743 &pacreq,
1744 NULL);
1745 if (ret)
1746 return TRUE;
1747 i = pacreq.include_pac;
1748 free_PA_PAC_REQUEST(&pacreq);
1749 if (i == 0)
1750 return FALSE;
1751 return TRUE;
1752 }
1753
1754 /*
1755 *
1756 */
1757
1758 static krb5_error_code
1759 generate_pac(astgs_request_t r, Key *skey)
1760 {
1761 krb5_error_code ret;
1762 krb5_pac p = NULL;
1763 krb5_data data;
1764
1765 ret = _kdc_pac_generate(r->context, r->client, &p);
1766 if (ret) {
1767 _kdc_r_log(r, 4, "PAC generation failed for -- %s",
1768 r->cname);
1769 return ret;
1770 }
1771 if (p == NULL)
1772 return 0;
1773
1774 ret = _krb5_pac_sign(r->context, p, r->et.authtime,
1775 r->client->entry.principal,
1776 &skey->key, /* Server key */
1777 &skey->key, /* FIXME: should be krbtgt key */
1778 &data);
1779 krb5_pac_free(r->context, p);
1780 if (ret) {
1781 _kdc_r_log(r, 4, "PAC signing failed for -- %s",
1782 r->cname);
1783 return ret;
1784 }
1785
1786 ret = _kdc_tkt_add_if_relevant_ad(r->context, &r->et,
1787 KRB5_AUTHDATA_WIN2K_PAC,
1788 &data);
1789 krb5_data_free(&data);
1790
1791 return ret;
1792 }
1793
1794 /*
1795 *
1796 */
1797
1798 krb5_boolean
1799 _kdc_is_anonymous(krb5_context context, krb5_const_principal principal)
1800 {
1801 return krb5_principal_is_anonymous(context, principal, KRB5_ANON_MATCH_ANY);
1802 }
1803
1804 static int
1805 require_preauth_p(astgs_request_t r)
1806 {
1807 return r->config->require_preauth
1808 || r->client->entry.flags.require_preauth
1809 || r->server->entry.flags.require_preauth;
1810 }
1811
1812
1813 /*
1814 *
1815 */
1816
1817 static krb5_error_code
1818 add_enc_pa_rep(astgs_request_t r)
1819 {
1820 krb5_error_code ret;
1821 krb5_crypto crypto;
1822 Checksum checksum;
1823 krb5_data cdata;
1824 size_t len;
1825
1826 ret = krb5_crypto_init(r->context, &r->reply_key, 0, &crypto);
1827 if (ret)
1828 return ret;
1829
1830 ret = krb5_create_checksum(r->context, crypto,
1831 KRB5_KU_AS_REQ, 0,
1832 r->request.data, r->request.length,
1833 &checksum);
1834 krb5_crypto_destroy(r->context, crypto);
1835 if (ret)
1836 return ret;
1837
1838 ASN1_MALLOC_ENCODE(Checksum, cdata.data, cdata.length,
1839 &checksum, &len, ret);
1840 free_Checksum(&checksum);
1841 if (ret)
1842 return ret;
1843 heim_assert(cdata.length == len, "ASN.1 internal error");
1844
1845 if (r->ek.encrypted_pa_data == NULL) {
1846 ALLOC(r->ek.encrypted_pa_data);
1847 if (r->ek.encrypted_pa_data == NULL)
1848 return ENOMEM;
1849 }
1850 ret = krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1851 KRB5_PADATA_REQ_ENC_PA_REP, cdata.data, cdata.length);
1852 if (ret)
1853 return ret;
1854
1855 return krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1856 KRB5_PADATA_FX_FAST, NULL, 0);
1857 }
1858
1859 /*
1860 *
1861 */
1862
1863 krb5_error_code
1864 _kdc_as_rep(astgs_request_t r)
1865 {
1866 krb5_context context = r->context;
1867 krb5_kdc_configuration *config = r->config;
1868 KDC_REQ *req = &r->req;
1869 const char *from = r->from;
1870 KDC_REQ_BODY *b = NULL;
1871 AS_REP rep;
1872 KDCOptions f;
1873 krb5_enctype setype;
1874 krb5_error_code ret = 0;
1875 Key *skey;
1876 int found_pa = 0;
1877 int i, flags = HDB_F_FOR_AS_REQ;
1878 METHOD_DATA error_method;
1879 const PA_DATA *pa;
1880 krb5_boolean is_tgs;
1881 const char *msg;
1882
1883 memset(&rep, 0, sizeof(rep));
1884 error_method.len = 0;
1885 error_method.val = NULL;
1886
1887 /*
1888 * Look for FAST armor and unwrap
1889 */
1890 ret = _kdc_fast_unwrap_request(r);
1891 if (ret) {
1892 _kdc_r_log(r, 1, "FAST unwrap request from %s failed: %d", from, ret);
1893 goto out;
1894 }
1895
1896 b = &req->req_body;
1897 f = b->kdc_options;
1898
1899 if (f.canonicalize)
1900 flags |= HDB_F_CANON;
1901
1902 if (b->sname == NULL) {
1903 ret = KRB5KRB_ERR_GENERIC;
1904 _kdc_set_e_text(r, "No server in request");
1905 goto out;
1906 }
1907
1908 ret = _krb5_principalname2krb5_principal(context, &r->server_princ,
1909 *(b->sname), b->realm);
1910 if (!ret)
1911 ret = krb5_unparse_name(context, r->server_princ, &r->sname);
1912 if (ret) {
1913 kdc_log(context, config, 2,
1914 "AS_REQ malformed server name from %s", from);
1915 goto out;
1916 }
1917
1918 if (b->cname == NULL) {
1919 ret = KRB5KRB_ERR_GENERIC;
1920 _kdc_set_e_text(r, "No client in request");
1921 goto out;
1922 }
1923
1924 ret = _krb5_principalname2krb5_principal(context, &r->client_princ,
1925 *(b->cname), b->realm);
1926 if (!ret)
1927 ret = krb5_unparse_name(context, r->client_princ, &r->cname);
1928 if (ret) {
1929 kdc_log(context, config, 2,
1930 "AS-REQ malformed client name from %s", from);
1931 goto out;
1932 }
1933
1934 kdc_log(context, config, 4, "AS-REQ %s from %s for %s",
1935 r->cname, r->from, r->sname);
1936
1937 is_tgs = krb5_principal_is_krbtgt(context, r->server_princ);
1938
1939 if (_kdc_is_anonymous(context, r->client_princ) &&
1940 !_kdc_is_anon_request(req)) {
1941 kdc_log(context, config, 2, "Anonymous client w/o anonymous flag");
1942 ret = KRB5KDC_ERR_BADOPTION;
1943 goto out;
1944 }
1945
1946 ret = _kdc_db_fetch(context, config, r->client_princ,
1947 HDB_F_GET_CLIENT | HDB_F_SYNTHETIC_OK | flags, NULL,
1948 &r->clientdb, &r->client);
1949 switch (ret) {
1950 case 0: /* Success */
1951 break;
1952 case HDB_ERR_NOT_FOUND_HERE:
1953 kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy",
1954 r->cname);
1955 goto out;
1956 case HDB_ERR_WRONG_REALM: {
1957 char *fixed_client_name = NULL;
1958
1959 ret = krb5_unparse_name(context, r->client->entry.principal,
1960 &fixed_client_name);
1961 if (ret) {
1962 goto out;
1963 }
1964
1965 kdc_log(context, config, 4, "WRONG_REALM - %s -> %s",
1966 r->cname, fixed_client_name);
1967 free(fixed_client_name);
1968
1969 ret = _kdc_fast_mk_error(r, &error_method, r->armor_crypto,
1970 &req->req_body, KRB5_KDC_ERR_WRONG_REALM,
1971 NULL, r->server_princ, NULL,
1972 &r->client->entry.principal->realm,
1973 NULL, NULL, r->reply);
1974 goto out;
1975 }
1976 default:
1977 msg = krb5_get_error_message(context, ret);
1978 kdc_log(context, config, 4, "UNKNOWN -- %s: %s", r->cname, msg);
1979 krb5_free_error_message(context, msg);
1980 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1981 goto out;
1982 }
1983 ret = _kdc_db_fetch(context, config, r->server_princ,
1984 HDB_F_GET_SERVER | HDB_F_DELAY_NEW_KEYS |
1985 flags | (is_tgs ? HDB_F_GET_KRBTGT : 0),
1986 NULL, NULL, &r->server);
1987 switch (ret) {
1988 case 0: /* Success */
1989 break;
1990 case HDB_ERR_NOT_FOUND_HERE:
1991 kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy",
1992 r->sname);
1993 goto out;
1994 default:
1995 msg = krb5_get_error_message(context, ret);
1996 kdc_log(context, config, 4, "UNKNOWN -- %s: %s", r->sname, msg);
1997 krb5_free_error_message(context, msg);
1998 ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
1999 goto out;
2000 }
2001
2002 /*
2003 * Select an enctype for the to-be-issued ticket's session key using the
2004 * intersection of the client's requested enctypes and the server's (like a
2005 * root krbtgt, but not necessarily) etypes from its HDB entry.
2006 */
2007 ret = _kdc_find_etype(r, (is_tgs ? KFE_IS_TGS:0) | KFE_USE_CLIENT,
2008 b->etype.val, b->etype.len,
2009 &r->sessionetype, NULL, NULL);
2010 if (ret) {
2011 kdc_log(context, config, 4,
2012 "Client (%s) from %s has no common enctypes with KDC "
2013 "to use for the session key",
2014 r->cname, from);
2015 goto out;
2016 }
2017
2018 /*
2019 * Pre-auth processing
2020 */
2021
2022 if(req->padata){
2023 unsigned int n;
2024
2025 log_patypes(r, req->padata);
2026
2027 /* Check if preauth matching */
2028
2029 for (n = 0; !found_pa && n < sizeof(pat) / sizeof(pat[0]); n++) {
2030 if (pat[n].validate == NULL)
2031 continue;
2032 if (r->armor_crypto == NULL && (pat[n].flags & PA_REQ_FAST))
2033 continue;
2034
2035 kdc_log(context, config, 5,
2036 "Looking for %s pa-data -- %s", pat[n].name, r->cname);
2037 i = 0;
2038 pa = _kdc_find_padata(req, &i, pat[n].type);
2039 if (pa) {
2040 if (r->client->entry.flags.synthetic &&
2041 !(pat[n].flags & PA_SYNTHETIC_OK)) {
2042 kdc_log(context, config, 4, "UNKNOWN -- %s", r->cname);
2043 ret = HDB_ERR_NOENTRY;
2044 goto out;
2045 }
2046 _kdc_audit_addkv((kdc_request_t)r, KDC_AUDIT_VIS, "pa", "%s",
2047 pat[n].name);
2048 ret = pat[n].validate(r, pa);
2049 if (ret != 0) {
2050 krb5_error_code ret2;
2051 Key *ckey = NULL;
2052 krb5_boolean default_salt;
2053
2054 /*
2055 * If there is a client key, send ETYPE_INFO{,2}
2056 */
2057 ret2 = _kdc_find_etype(r, KFE_IS_PREAUTH|KFE_USE_CLIENT,
2058 b->etype.val, b->etype.len,
2059 NULL, &ckey, &default_salt);
2060 if (ret2 == 0) {
2061 ret2 = get_pa_etype_info_both(context, config, &b->etype,
2062 &error_method, ckey, !default_salt);
2063 if (ret2 != 0)
2064 ret = ret2;
2065 }
2066 goto out;
2067 }
2068 kdc_log(context, config, 4,
2069 "%s pre-authentication succeeded -- %s",
2070 pat[n].name, r->cname);
2071 found_pa = 1;
2072 r->et.flags.pre_authent = 1;
2073 }
2074 }
2075 }
2076
2077 if (found_pa == 0) {
2078 Key *ckey = NULL;
2079 size_t n;
2080 krb5_boolean default_salt;
2081
2082 if (r->client->entry.flags.synthetic) {
2083 kdc_log(context, config, 4, "UNKNOWN -- %s", r->cname);
2084 ret = HDB_ERR_NOENTRY;
2085 goto out;
2086 }
2087
2088 for (n = 0; n < sizeof(pat) / sizeof(pat[0]); n++) {
2089 if ((pat[n].flags & PA_ANNOUNCE) == 0)
2090 continue;
2091 ret = krb5_padata_add(context, &error_method,
2092 pat[n].type, NULL, 0);
2093 if (ret)
2094 goto out;
2095 }
2096
2097 /*
2098 * If there is a client key, send ETYPE_INFO{,2}
2099 */
2100 ret = _kdc_find_etype(r, KFE_IS_PREAUTH|KFE_USE_CLIENT,
2101 b->etype.val, b->etype.len,
2102 NULL, &ckey, &default_salt);
2103 if (ret == 0) {
2104 ret = get_pa_etype_info_both(context, config, &b->etype,
2105 &error_method, ckey, !default_salt);
2106 if (ret)
2107 goto out;
2108 }
2109
2110 /*
2111 * send requre preauth is its required or anon is requested,
2112 * anon is today only allowed via preauth mechanisms.
2113 */
2114 if (require_preauth_p(r) || _kdc_is_anon_request(&r->req)) {
2115 ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
2116 _kdc_set_e_text(r, "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ");
2117 goto out;
2118 }
2119
2120 if (ckey == NULL) {
2121 ret = KRB5KDC_ERR_CLIENT_NOTYET;
2122 _kdc_set_e_text(r, "Doesn't have a client key available");
2123 goto out;
2124 }
2125 krb5_free_keyblock_contents(r->context, &r->reply_key);
2126 ret = krb5_copy_keyblock_contents(r->context, &ckey->key, &r->reply_key);
2127 if (ret)
2128 goto out;
2129 }
2130
2131 if (r->clientdb->hdb_auth_status) {
2132 r->clientdb->hdb_auth_status(context, r->clientdb, r->client,
2133 HDB_AUTH_SUCCESS);
2134 }
2135
2136 /*
2137 * Verify flags after the user been required to prove its identity
2138 * with in a preauth mech.
2139 */
2140
2141 ret = _kdc_check_access(r, req, &error_method);
2142 if(ret)
2143 goto out;
2144
2145 if (_kdc_is_anon_request(&r->req)) {
2146 ret = _kdc_check_anon_policy(r);
2147 if (ret) {
2148 _kdc_set_e_text(r, "Anonymous ticket requests are disabled");
2149 goto out;
2150 }
2151
2152 r->et.flags.anonymous = 1;
2153 }
2154
2155 /*
2156 * Select the best encryption type for the KDC with out regard to
2157 * the client since the client never needs to read that data.
2158 */
2159
2160 ret = _kdc_get_preferred_key(context, config,
2161 r->server, r->sname,
2162 &setype, &skey);
2163 if(ret)
2164 goto out;
2165
2166 if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey) {
2167 ret = KRB5KDC_ERR_BADOPTION;
2168 _kdc_set_e_text(r, "Bad KDC options");
2169 goto out;
2170 }
2171
2172 /*
2173 * Build reply
2174 */
2175
2176 rep.pvno = 5;
2177 rep.msg_type = krb_as_rep;
2178
2179 if (!config->historical_anon_realm &&
2180 _kdc_is_anonymous(context, r->client_princ)) {
2181 Realm anon_realm = KRB5_ANON_REALM;
2182 ret = copy_Realm(&anon_realm, &rep.crealm);
2183 } else if (f.canonicalize || r->client->entry.flags.force_canonicalize)
2184 ret = copy_Realm(&r->client->entry.principal->realm, &rep.crealm);
2185 else
2186 ret = copy_Realm(&r->client_princ->realm, &rep.crealm);
2187 if (ret)
2188 goto out;
2189 if (r->et.flags.anonymous)
2190 ret = _kdc_make_anonymous_principalname(&rep.cname);
2191 else if (f.canonicalize || r->client->entry.flags.force_canonicalize)
2192 ret = _krb5_principal2principalname(&rep.cname, r->client->entry.principal);
2193 else
2194 ret = _krb5_principal2principalname(&rep.cname, r->client_princ);
2195 if (ret)
2196 goto out;
2197
2198 rep.ticket.tkt_vno = 5;
2199 if (f.canonicalize || r->server->entry.flags.force_canonicalize)
2200 ret = copy_Realm(&r->server->entry.principal->realm, &rep.ticket.realm);
2201 else
2202 ret = copy_Realm(&r->server_princ->realm, &rep.ticket.realm);
2203 if (ret)
2204 goto out;
2205 if (f.canonicalize || r->server->entry.flags.force_canonicalize)
2206 _krb5_principal2principalname(&rep.ticket.sname,
2207 r->server->entry.principal);
2208 else
2209 _krb5_principal2principalname(&rep.ticket.sname,
2210 r->server_princ);
2211 /* java 1.6 expects the name to be the same type, lets allow that
2212 * uncomplicated name-types. */
2213 #define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
2214 if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
2215 rep.ticket.sname.name_type = b->sname->name_type;
2216 #undef CNT
2217
2218 r->et.flags.initial = 1;
2219 if(r->client->entry.flags.forwardable && r->server->entry.flags.forwardable)
2220 r->et.flags.forwardable = f.forwardable;
2221 if(r->client->entry.flags.proxiable && r->server->entry.flags.proxiable)
2222 r->et.flags.proxiable = f.proxiable;
2223 else if (f.proxiable) {
2224 _kdc_set_e_text(r, "Ticket may not be proxiable");
2225 ret = KRB5KDC_ERR_POLICY;
2226 goto out;
2227 }
2228 if(r->client->entry.flags.postdate && r->server->entry.flags.postdate)
2229 r->et.flags.may_postdate = f.allow_postdate;
2230 else if (f.allow_postdate){
2231 _kdc_set_e_text(r, "Ticket may not be postdate");
2232 ret = KRB5KDC_ERR_POLICY;
2233 goto out;
2234 }
2235
2236 if (b->addresses)
2237 _kdc_audit_addaddrs((kdc_request_t)r, b->addresses, "reqaddrs");
2238
2239 /* check for valid set of addresses */
2240 if (!_kdc_check_addresses(r, b->addresses, r->addr)) {
2241 if (r->config->warn_ticket_addresses) {
2242 _kdc_audit_addkv((kdc_request_t)r, 0, "wrongaddr", "yes");
2243 } else {
2244 _kdc_set_e_text(r, "Request from wrong address");
2245 ret = KRB5KRB_AP_ERR_BADADDR;
2246 goto out;
2247 }
2248 }
2249
2250 ret = copy_PrincipalName(&rep.cname, &r->et.cname);
2251 if (ret)
2252 goto out;
2253 ret = copy_Realm(&rep.crealm, &r->et.crealm);
2254 if (ret)
2255 goto out;
2256
2257 {
2258 time_t start;
2259 time_t t;
2260
2261 start = r->et.authtime = kdc_time;
2262
2263 if(f.postdated && req->req_body.from){
2264 ALLOC(r->et.starttime);
2265 start = *r->et.starttime = *req->req_body.from;
2266 r->et.flags.invalid = 1;
2267 r->et.flags.postdated = 1; /* XXX ??? */
2268 }
2269 _kdc_fix_time(&b->till);
2270 t = *b->till;
2271
2272 /* be careful not overflowing */
2273
2274 /*
2275 * Pre-auth can override r->client->entry.max_life if configured.
2276 *
2277 * See pre-auth methods, specifically PKINIT, which can get or derive
2278 * this from the client's certificate.
2279 */
2280 if (r->pa_max_life > 0)
2281 t = start + min(t - start, r->pa_max_life);
2282 else if (r->client->entry.max_life)
2283 t = start + min(t - start, *r->client->entry.max_life);
2284
2285 if (r->server->entry.max_life)
2286 t = start + min(t - start, *r->server->entry.max_life);
2287
2288 /* Pre-auth can bound endtime as well */
2289 if (r->pa_endtime > 0)
2290 t = start + min(t - start, r->pa_endtime);
2291 #if 0
2292 t = min(t, start + realm->max_life);
2293 #endif
2294 r->et.endtime = t;
2295 if(f.renewable_ok && r->et.endtime < *b->till){
2296 f.renewable = 1;
2297 if(b->rtime == NULL){
2298 ALLOC(b->rtime);
2299 *b->rtime = 0;
2300 }
2301 if(*b->rtime < *b->till)
2302 *b->rtime = *b->till;
2303 }
2304 if(f.renewable && b->rtime){
2305 t = *b->rtime;
2306 if(t == 0)
2307 t = MAX_TIME;
2308 if(r->client->entry.max_renew)
2309 t = start + min(t - start, *r->client->entry.max_renew);
2310 if(r->server->entry.max_renew)
2311 t = start + min(t - start, *r->server->entry.max_renew);
2312 #if 0
2313 t = min(t, start + realm->max_renew);
2314 #endif
2315 ALLOC(r->et.renew_till);
2316 *r->et.renew_till = t;
2317 r->et.flags.renewable = 1;
2318 }
2319 }
2320
2321 if(b->addresses){
2322 ALLOC(r->et.caddr);
2323 copy_HostAddresses(b->addresses, r->et.caddr);
2324 }
2325
2326 r->et.transited.tr_type = domain_X500_Compress;
2327 krb5_data_zero(&r->et.transited.contents);
2328
2329 /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
2330 * as 0 and as 0x80 (meaning indefinite length) apart, and is thus
2331 * incapable of correctly decoding SEQUENCE OF's of zero length.
2332 *
2333 * To fix this, always send at least one no-op last_req
2334 *
2335 * If there's a pw_end or valid_end we will use that,
2336 * otherwise just a dummy lr.
2337 */
2338 r->ek.last_req.val = malloc(2 * sizeof(*r->ek.last_req.val));
2339 if (r->ek.last_req.val == NULL) {
2340 ret = ENOMEM;
2341 goto out;
2342 }
2343 r->ek.last_req.len = 0;
2344 if (r->client->entry.pw_end
2345 && (config->kdc_warn_pwexpire == 0
2346 || kdc_time + config->kdc_warn_pwexpire >= *r->client->entry.pw_end)) {
2347 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_PW_EXPTIME;
2348 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.pw_end;
2349 ++r->ek.last_req.len;
2350 }
2351 if (r->client->entry.valid_end) {
2352 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_ACCT_EXPTIME;
2353 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.valid_end;
2354 ++r->ek.last_req.len;
2355 }
2356 if (r->ek.last_req.len == 0) {
2357 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_NONE;
2358 r->ek.last_req.val[r->ek.last_req.len].lr_value = 0;
2359 ++r->ek.last_req.len;
2360 }
2361 r->ek.nonce = b->nonce;
2362 if (r->client->entry.valid_end || r->client->entry.pw_end) {
2363 ALLOC(r->ek.key_expiration);
2364 if (r->client->entry.valid_end) {
2365 if (r->client->entry.pw_end)
2366 *r->ek.key_expiration = min(*r->client->entry.valid_end,
2367 *r->client->entry.pw_end);
2368 else
2369 *r->ek.key_expiration = *r->client->entry.valid_end;
2370 } else
2371 *r->ek.key_expiration = *r->client->entry.pw_end;
2372 } else
2373 r->ek.key_expiration = NULL;
2374 r->ek.flags = r->et.flags;
2375 r->ek.authtime = r->et.authtime;
2376 if (r->et.starttime) {
2377 ALLOC(r->ek.starttime);
2378 *r->ek.starttime = *r->et.starttime;
2379 }
2380 r->ek.endtime = r->et.endtime;
2381 if (r->et.renew_till) {
2382 ALLOC(r->ek.renew_till);
2383 *r->ek.renew_till = *r->et.renew_till;
2384 }
2385 ret = copy_Realm(&rep.ticket.realm, &r->ek.srealm);
2386 if (ret)
2387 goto out;
2388 ret = copy_PrincipalName(&rep.ticket.sname, &r->ek.sname);
2389 if (ret)
2390 goto out;
2391 if(r->et.caddr){
2392 ALLOC(r->ek.caddr);
2393 copy_HostAddresses(r->et.caddr, r->ek.caddr);
2394 }
2395
2396 /*
2397 * Check and session and reply keys
2398 */
2399
2400 if (r->session_key.keytype == ETYPE_NULL) {
2401 ret = krb5_generate_random_keyblock(context, r->sessionetype, &r->session_key);
2402 if (ret)
2403 goto out;
2404 }
2405
2406 if (r->reply_key.keytype == ETYPE_NULL) {
2407 _kdc_set_e_text(r, "Client have no reply key");
2408 ret = KRB5KDC_ERR_CLIENT_NOTYET;
2409 goto out;
2410 }
2411
2412 ret = copy_EncryptionKey(&r->session_key, &r->et.key);
2413 if (ret)
2414 goto out;
2415
2416 ret = copy_EncryptionKey(&r->session_key, &r->ek.key);
2417 if (ret)
2418 goto out;
2419
2420 if (r->outpadata.len) {
2421
2422 ALLOC(rep.padata);
2423 if (rep.padata == NULL) {
2424 ret = ENOMEM;
2425 goto out;
2426 }
2427 ret = copy_METHOD_DATA(&r->outpadata, rep.padata);
2428 if (ret)
2429 goto out;
2430 }
2431
2432 /* Add the PAC */
2433 if (send_pac_p(context, req) && !r->et.flags.anonymous) {
2434 generate_pac(r, skey);
2435 }
2436
2437 _kdc_log_timestamp(r, "AS-REQ", r->et.authtime,
2438 r->et.starttime, r->et.endtime,
2439 r->et.renew_till);
2440
2441 {
2442 krb5_principal client_principal;
2443
2444 ret = _krb5_principalname2krb5_principal(context, &client_principal,
2445 rep.cname, rep.crealm);
2446 if (ret)
2447 goto out;
2448
2449 /* do this as the last thing since this signs the EncTicketPart */
2450 ret = _kdc_add_KRB5SignedPath(context,
2451 config,
2452 r->server,
2453 setype,
2454 client_principal,
2455 NULL,
2456 NULL,
2457 &r->et);
2458 krb5_free_principal(context, client_principal);
2459 if (ret)
2460 goto out;
2461 }
2462
2463 _log_astgs_req(r, setype);
2464
2465 /*
2466 * We always say we support FAST/enc-pa-rep
2467 */
2468
2469 r->et.flags.enc_pa_rep = r->ek.flags.enc_pa_rep = 1;
2470
2471 /*
2472 * Add REQ_ENC_PA_REP if client supports it
2473 */
2474
2475 i = 0;
2476 pa = _kdc_find_padata(req, &i, KRB5_PADATA_REQ_ENC_PA_REP);
2477 if (pa) {
2478
2479 ret = add_enc_pa_rep(r);
2480 if (ret) {
2481 msg = krb5_get_error_message(r->context, ret);
2482 _kdc_r_log(r, 4, "add_enc_pa_rep failed: %s: %d", msg, ret);
2483 krb5_free_error_message(r->context, msg);
2484 goto out;
2485 }
2486 }
2487
2488 /*
2489 *
2490 */
2491
2492 ret = _kdc_encode_reply(context, config,
2493 r->armor_crypto, req->req_body.nonce,
2494 &rep, &r->et, &r->ek, setype,
2495 r->server->entry.kvno, &skey->key,
2496 r->client->entry.kvno,
2497 &r->reply_key, 0, &r->e_text, r->reply);
2498 if (ret)
2499 goto out;
2500
2501 /*
2502 * Check if message too large
2503 */
2504 if (r->datagram_reply && r->reply->length > config->max_datagram_reply_length) {
2505 krb5_data_free(r->reply);
2506 ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
2507 _kdc_set_e_text(r, "Reply packet too large");
2508 }
2509
2510 out:
2511 free_AS_REP(&rep);
2512
2513 /*
2514 * In case of a non proxy error, build an error message.
2515 */
2516 if (ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && r->reply->length == 0)
2517 ret = _kdc_fast_mk_error(r, &error_method,
2518 r->armor_crypto,
2519 &req->req_body,
2520 ret, r->e_text,
2521 r->server_princ,
2522 r->client_princ ?
2523 &r->client_princ->name : NULL,
2524 r->client_princ ?
2525 &r->client_princ->realm : NULL,
2526 NULL, NULL,
2527 r->reply);
2528
2529 free_EncTicketPart(&r->et);
2530 free_EncKDCRepPart(&r->ek);
2531 _kdc_free_fast_state(&r->fast);
2532
2533 if (error_method.len)
2534 free_METHOD_DATA(&error_method);
2535 if (r->outpadata.len)
2536 free_METHOD_DATA(&r->outpadata);
2537 if (r->client_princ) {
2538 krb5_free_principal(context, r->client_princ);
2539 r->client_princ = NULL;
2540 }
2541 if (r->server_princ){
2542 krb5_free_principal(context, r->server_princ);
2543 r->server_princ = NULL;
2544 }
2545 if (r->client)
2546 _kdc_free_ent(context, r->client);
2547 if (r->server)
2548 _kdc_free_ent(context, r->server);
2549 if (r->armor_crypto) {
2550 krb5_crypto_destroy(r->context, r->armor_crypto);
2551 r->armor_crypto = NULL;
2552 }
2553 krb5_free_keyblock_contents(r->context, &r->reply_key);
2554 krb5_free_keyblock_contents(r->context, &r->session_key);
2555 return ret;
2556 }
2557
2558 /*
2559 * Add the AuthorizationData `data´ of `type´ to the last element in
2560 * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT
2561 */
2562
2563 krb5_error_code
2564 _kdc_tkt_add_if_relevant_ad(krb5_context context,
2565 EncTicketPart *tkt,
2566 int type,
2567 const krb5_data *data)
2568 {
2569 krb5_error_code ret;
2570 size_t size = 0;
2571
2572 if (tkt->authorization_data == NULL) {
2573 tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
2574 if (tkt->authorization_data == NULL) {
2575 krb5_set_error_message(context, ENOMEM, "out of memory");
2576 return ENOMEM;
2577 }
2578 }
2579
2580 /* add the entry to the last element */
2581 {
2582 AuthorizationData ad = { 0, NULL };
2583 AuthorizationDataElement ade;
2584
2585 ade.ad_type = type;
2586 ade.ad_data = *data;
2587
2588 ret = add_AuthorizationData(&ad, &ade);
2589 if (ret) {
2590 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2591 return ret;
2592 }
2593
2594 ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
2595
2596 ASN1_MALLOC_ENCODE(AuthorizationData,
2597 ade.ad_data.data, ade.ad_data.length,
2598 &ad, &size, ret);
2599 free_AuthorizationData(&ad);
2600 if (ret) {
2601 krb5_set_error_message(context, ret, "ASN.1 encode of "
2602 "AuthorizationData failed");
2603 return ret;
2604 }
2605 if (ade.ad_data.length != size)
2606 krb5_abortx(context, "internal asn.1 encoder error");
2607
2608 ret = add_AuthorizationData(tkt->authorization_data, &ade);
2609 der_free_octet_string(&ade.ad_data);
2610 if (ret) {
2611 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2612 return ret;
2613 }
2614 }
2615
2616 return 0;
2617 }
Heimdal