search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use anon realm for anonymous PKINIT
[heimdal.git] / kdc / kerberos5.c
blobf93a0108b71eb44d2062d0540a60c8707b0e2c6e
1 /*
2 * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kdc_locl.h"
35
36 #define MAX_TIME ((time_t)((1U << 31) - 1))
37
38 void
39 _kdc_fix_time(time_t **t)
40 {
41 if(*t == NULL){
42 ALLOC(*t);
43 **t = MAX_TIME;
44 }
45 if(**t == 0) **t = MAX_TIME; /* fix for old clients */
46 }
47
48 static int
49 realloc_method_data(METHOD_DATA *md)
50 {
51 PA_DATA *pa;
52 pa = realloc(md->val, (md->len + 1) * sizeof(*md->val));
53 if(pa == NULL)
54 return ENOMEM;
55 md->val = pa;
56 md->len++;
57 return 0;
58 }
59
60 static void
61 set_salt_padata(METHOD_DATA *md, Salt *salt)
62 {
63 if (salt) {
64 realloc_method_data(md);
65 md->val[md->len - 1].padata_type = salt->type;
66 der_copy_octet_string(&salt->salt,
67 &md->val[md->len - 1].padata_value);
68 }
69 }
70
71 const PA_DATA*
72 _kdc_find_padata(const KDC_REQ *req, int *start, int type)
73 {
74 if (req->padata == NULL)
75 return NULL;
76
77 while((size_t)*start < req->padata->len){
78 (*start)++;
79 if(req->padata->val[*start - 1].padata_type == (unsigned)type)
80 return &req->padata->val[*start - 1];
81 }
82 return NULL;
83 }
84
85 /*
86 * This is a hack to allow predefined weak services, like afs to
87 * still use weak types
88 */
89
90 krb5_boolean
91 _kdc_is_weak_exception(krb5_principal principal, krb5_enctype etype)
92 {
93 if (principal->name.name_string.len > 0 &&
94 strcmp(principal->name.name_string.val[0], "afs") == 0 &&
95 (etype == (krb5_enctype)ETYPE_DES_CBC_CRC
96 || etype == (krb5_enctype)ETYPE_DES_CBC_MD4
97 || etype == (krb5_enctype)ETYPE_DES_CBC_MD5))
98 return TRUE;
99 return FALSE;
100 }
101
102
103 /*
104 * Detect if `key' is the using the the precomputed `default_salt'.
105 */
106
107 static krb5_boolean
108 is_default_salt_p(const krb5_salt *default_salt, const Key *key)
109 {
110 if (key->salt == NULL)
111 return TRUE;
112 if (default_salt->salttype != key->salt->type)
113 return FALSE;
114 if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
115 return FALSE;
116 return TRUE;
117 }
118
119 /*
120 * return the first appropriate key of `princ' in `ret_key'. Look for
121 * all the etypes in (`etypes', `len'), stopping as soon as we find
122 * one, but preferring one that has default salt.
123 */
124
125 krb5_error_code
126 _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
127 krb5_boolean is_preauth, hdb_entry_ex *princ,
128 krb5_enctype *etypes, unsigned len,
129 krb5_enctype *ret_enctype, Key **ret_key)
130 {
131 krb5_error_code ret;
132 krb5_salt def_salt;
133 krb5_enctype enctype = (krb5_enctype)ETYPE_NULL;
134 const krb5_enctype *p;
135 Key *key = NULL;
136 int i, k;
137
138 /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
139 ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt);
140 if (ret)
141 return ret;
142
143 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
144
145 if (use_strongest_session_key) {
146
147 /*
148 * Pick the strongest key that the KDC, target service, and
149 * client all support, using the local cryptosystem enctype
150 * list in strongest-to-weakest order to drive the search.
151 *
152 * This is not what RFC4120 says to do, but it encourages
153 * adoption of stronger enctypes. This doesn't play well with
154 * clients that have multiple Kerberos client implementations
155 * available with different supported enctype lists.
156 */
157
158 /* drive the search with local supported enctypes list */
159 p = krb5_kerberos_enctypes(context);
160 for (i = 0;
161 p[i] != (krb5_enctype)ETYPE_NULL && enctype == (krb5_enctype)ETYPE_NULL;
162 i++) {
163 if (krb5_enctype_valid(context, p[i]) != 0 &&
164 !_kdc_is_weak_exception(princ->entry.principal, p[i]))
165 continue;
166
167 /* check that the client supports it too */
168 for (k = 0; k < len && enctype == (krb5_enctype)ETYPE_NULL; k++) {
169
170 if (p[i] != etypes[k])
171 continue;
172
173 /* check target princ support */
174 key = NULL;
175 while (hdb_next_enctype2key(context, &princ->entry, NULL,
176 p[i], &key) == 0) {
177 if (key->key.keyvalue.length == 0) {
178 ret = KRB5KDC_ERR_NULL_KEY;
179 continue;
180 }
181 enctype = p[i];
182 ret = 0;
183 if (is_preauth && ret_key != NULL &&
184 !is_default_salt_p(&def_salt, key))
185 continue;
186 }
187 }
188 }
189 } else {
190 /*
191 * Pick the first key from the client's enctype list that is
192 * supported by the cryptosystem and by the given principal.
193 *
194 * RFC4120 says we SHOULD pick the first _strong_ key from the
195 * client's list... not the first key... If the admin disallows
196 * weak enctypes in krb5.conf and selects this key selection
197 * algorithm, then we get exactly what RFC4120 says.
198 */
199 for(i = 0; ret != 0 && i < len; i++) {
200
201 if (krb5_enctype_valid(context, etypes[i]) != 0 &&
202 !_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
203 continue;
204
205 key = NULL;
206 while (ret != 0 &&
207 hdb_next_enctype2key(context, &princ->entry, NULL,
208 etypes[i], &key) == 0) {
209 if (key->key.keyvalue.length == 0) {
210 ret = KRB5KDC_ERR_NULL_KEY;
211 continue;
212 }
213 enctype = etypes[i];
214 ret = 0;
215 if (is_preauth && ret_key != NULL &&
216 !is_default_salt_p(&def_salt, key))
217 continue;
218 }
219 }
220 }
221
222 if (enctype == (krb5_enctype)ETYPE_NULL) {
223 /*
224 * if the service principal is one for which there is a known 1DES
225 * exception and no other enctype matches both the client request and
226 * the service key list, provide a DES-CBC-CRC key.
227 */
228 if (ret_key == NULL &&
229 _kdc_is_weak_exception(princ->entry.principal, ETYPE_DES_CBC_CRC)) {
230 ret = 0;
231 enctype = ETYPE_DES_CBC_CRC;
232 } else {
233 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
234 }
235 }
236
237 if (ret == 0) {
238 if (ret_enctype != NULL)
239 *ret_enctype = enctype;
240 if (ret_key != NULL)
241 *ret_key = key;
242 }
243
244 krb5_free_salt (context, def_salt);
245 return ret;
246 }
247
248 krb5_error_code
249 _kdc_make_anonymous_principalname (PrincipalName *pn)
250 {
251 pn->name_type = KRB5_NT_PRINCIPAL;
252 pn->name_string.len = 1;
253 pn->name_string.val = malloc(sizeof(*pn->name_string.val));
254 if (pn->name_string.val == NULL)
255 return ENOMEM;
256 pn->name_string.val[0] = strdup("anonymous");
257 if (pn->name_string.val[0] == NULL) {
258 free(pn->name_string.val);
259 pn->name_string.val = NULL;
260 return ENOMEM;
261 }
262 return 0;
263 }
264
265 static void
266 _kdc_r_log(kdc_request_t r, int level, const char *fmt, ...)
267 {
268 va_list ap;
269 char *s;
270 va_start(ap, fmt);
271 s = kdc_log_msg_va(r->context, r->config, level, fmt, ap);
272 if(s) free(s);
273 va_end(ap);
274 }
275
276 static void
277 _kdc_set_e_text(kdc_request_t r, const char *e_text)
278 {
279 r->e_text = e_text;
280 kdc_log(r->context, r->config, 0, "%s", e_text);
281 }
282
283 void
284 _kdc_log_timestamp(krb5_context context,
285 krb5_kdc_configuration *config,
286 const char *type,
287 KerberosTime authtime, KerberosTime *starttime,
288 KerberosTime endtime, KerberosTime *renew_till)
289 {
290 char authtime_str[100], starttime_str[100],
291 endtime_str[100], renewtime_str[100];
292
293 krb5_format_time(context, authtime,
294 authtime_str, sizeof(authtime_str), TRUE);
295 if (starttime)
296 krb5_format_time(context, *starttime,
297 starttime_str, sizeof(starttime_str), TRUE);
298 else
299 strlcpy(starttime_str, "unset", sizeof(starttime_str));
300 krb5_format_time(context, endtime,
301 endtime_str, sizeof(endtime_str), TRUE);
302 if (renew_till)
303 krb5_format_time(context, *renew_till,
304 renewtime_str, sizeof(renewtime_str), TRUE);
305 else
306 strlcpy(renewtime_str, "unset", sizeof(renewtime_str));
307
308 kdc_log(context, config, 5,
309 "%s authtime: %s starttime: %s endtime: %s renew till: %s",
310 type, authtime_str, starttime_str, endtime_str, renewtime_str);
311 }
312
313 /*
314 *
315 */
316
317 #ifdef PKINIT
318
319 static krb5_error_code
320 pa_pkinit_validate(kdc_request_t r, const PA_DATA *pa)
321 {
322 pk_client_params *pkp = NULL;
323 char *client_cert = NULL;
324 krb5_error_code ret;
325
326 ret = _kdc_pk_rd_padata(r->context, r->config, &r->req, pa, r->client, &pkp);
327 if (ret || pkp == NULL) {
328 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
329 _kdc_r_log(r, 5, "Failed to decode PKINIT PA-DATA -- %s",
330 r->client_name);
331 goto out;
332 }
333
334 ret = _kdc_pk_check_client(r->context,
335 r->config,
336 r->clientdb,
337 r->client,
338 pkp,
339 &client_cert);
340 if (ret) {
341 _kdc_set_e_text(r, "PKINIT certificate not allowed to "
342 "impersonate principal");
343 goto out;
344 }
345
346 _kdc_r_log(r, 0, "PKINIT pre-authentication succeeded -- %s using %s",
347 r->client_name, client_cert);
348 free(client_cert);
349
350 ret = _kdc_pk_mk_pa_reply(r->context, r->config, pkp, r->client,
351 r->sessionetype, &r->req, &r->request,
352 &r->reply_key, &r->session_key, &r->outpadata);
353 if (ret) {
354 _kdc_set_e_text(r, "Failed to build PK-INIT reply");
355 goto out;
356 }
357 #if 0
358 ret = _kdc_add_inital_verified_cas(r->context, r->config,
359 pkp, &r->et);
360 #endif
361 out:
362 if (pkp)
363 _kdc_pk_free_client_param(r->context, pkp);
364
365 return ret;
366 }
367
368 #endif /* PKINIT */
369
370 /*
371 *
372 */
373
374 static krb5_error_code
375 make_pa_enc_challange(krb5_context context, METHOD_DATA *md,
376 krb5_crypto crypto)
377 {
378 PA_ENC_TS_ENC p;
379 unsigned char *buf;
380 size_t buf_size;
381 size_t len;
382 EncryptedData encdata;
383 krb5_error_code ret;
384 int32_t usec;
385 int usec2;
386
387 krb5_us_timeofday (context, &p.patimestamp, &usec);
388 usec2 = usec;
389 p.pausec = &usec2;
390
391 ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
392 if (ret)
393 return ret;
394 if(buf_size != len)
395 krb5_abortx(context, "internal error in ASN.1 encoder");
396
397 ret = krb5_encrypt_EncryptedData(context,
398 crypto,
399 KRB5_KU_ENC_CHALLENGE_KDC,
400 buf,
401 len,
402 0,
403 &encdata);
404 free(buf);
405 if (ret)
406 return ret;
407
408 ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
409 free_EncryptedData(&encdata);
410 if (ret)
411 return ret;
412 if(buf_size != len)
413 krb5_abortx(context, "internal error in ASN.1 encoder");
414
415 ret = krb5_padata_add(context, md, KRB5_PADATA_ENCRYPTED_CHALLENGE, buf, len);
416 if (ret)
417 free(buf);
418 return ret;
419 }
420
421 static krb5_error_code
422 pa_enc_chal_validate(kdc_request_t r, const PA_DATA *pa)
423 {
424 krb5_data pepper1, pepper2, ts_data;
425 KDC_REQ_BODY *b = &r->req.req_body;
426 EncryptedData enc_data;
427 krb5_enctype aenctype;
428 krb5_error_code ret;
429 struct Key *k;
430 size_t size;
431 int i;
432
433 heim_assert(r->armor_crypto != NULL, "ENC-CHAL called for non FAST");
434
435 if (_kdc_is_anon_request(b)) {
436 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
437 kdc_log(r->context, r->config, 0, "ENC-CHALL doesn't support anon");
438 return ret;
439 }
440
441 ret = decode_EncryptedData(pa->padata_value.data,
442 pa->padata_value.length,
443 &enc_data,
444 &size);
445 if (ret) {
446 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
447 _kdc_r_log(r, 5, "Failed to decode PA-DATA -- %s",
448 r->client_name);
449 return ret;
450 }
451
452 pepper1.data = "clientchallengearmor";
453 pepper1.length = strlen(pepper1.data);
454 pepper2.data = "challengelongterm";
455 pepper2.length = strlen(pepper2.data);
456
457 krb5_crypto_getenctype(r->context, r->armor_crypto, &aenctype);
458
459 for (i = 0; i < r->client->entry.keys.len; i++) {
460 krb5_crypto challangecrypto, longtermcrypto;
461 krb5_keyblock challangekey;
462 PA_ENC_TS_ENC p;
463
464 k = &r->client->entry.keys.val[i];
465
466 ret = krb5_crypto_init(r->context, &k->key, 0, &longtermcrypto);
467 if (ret)
468 continue;
469
470 ret = krb5_crypto_fx_cf2(r->context, r->armor_crypto, longtermcrypto,
471 &pepper1, &pepper2, aenctype,
472 &challangekey);
473 krb5_crypto_destroy(r->context, longtermcrypto);
474 if (ret)
475 continue;
476
477 ret = krb5_crypto_init(r->context, &challangekey, 0,
478 &challangecrypto);
479 if (ret)
480 continue;
481
482 ret = krb5_decrypt_EncryptedData(r->context, challangecrypto,
483 KRB5_KU_ENC_CHALLENGE_CLIENT,
484 &enc_data,
485 &ts_data);
486 if (ret)
487 continue;
488
489 ret = decode_PA_ENC_TS_ENC(ts_data.data,
490 ts_data.length,
491 &p,
492 &size);
493 krb5_data_free(&ts_data);
494 if(ret){
495 krb5_crypto_destroy(r->context, challangecrypto);
496 ret = KRB5KDC_ERR_PREAUTH_FAILED;
497 _kdc_r_log(r, 5, "Failed to decode PA-ENC-TS_ENC -- %s",
498 r->client_name);
499 continue;
500 }
501
502 if (abs(kdc_time - p.patimestamp) > r->context->max_skew) {
503 char client_time[100];
504
505 krb5_crypto_destroy(r->context, challangecrypto);
506
507 krb5_format_time(r->context, p.patimestamp,
508 client_time, sizeof(client_time), TRUE);
509
510 ret = KRB5KRB_AP_ERR_SKEW;
511 _kdc_r_log(r, 0, "Too large time skew, "
512 "client time %s is out by %u > %u seconds -- %s",
513 client_time,
514 (unsigned)abs(kdc_time - p.patimestamp),
515 r->context->max_skew,
516 r->client_name);
517
518 free_PA_ENC_TS_ENC(&p);
519 goto out;
520 }
521
522 free_PA_ENC_TS_ENC(&p);
523
524 ret = make_pa_enc_challange(r->context, &r->outpadata,
525 challangecrypto);
526 krb5_crypto_destroy(r->context, challangecrypto);
527 if (ret)
528 goto out;
529
530 set_salt_padata(&r->outpadata, k->salt);
531 krb5_free_keyblock_contents(r->context, &r->reply_key);
532 ret = krb5_copy_keyblock_contents(r->context, &k->key, &r->reply_key);
533 if (ret)
534 goto out;
535
536 break;
537 }
538 if (i < r->client->entry.keys.len)
539 ret = KRB5KDC_ERR_PREAUTH_FAILED;
540 out:
541 free_EncryptedData(&enc_data);
542
543 return ret;
544 }
545
546 static krb5_error_code
547 pa_enc_ts_validate(kdc_request_t r, const PA_DATA *pa)
548 {
549 EncryptedData enc_data;
550 krb5_error_code ret;
551 krb5_crypto crypto;
552 krb5_data ts_data;
553 PA_ENC_TS_ENC p;
554 size_t len;
555 Key *pa_key;
556 char *str;
557
558 if (_kdc_is_anon_request(&r->req.req_body)) {
559 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
560 _kdc_set_e_text(r, "ENC-TS doesn't support anon");
561 goto out;
562 }
563
564 ret = decode_EncryptedData(pa->padata_value.data,
565 pa->padata_value.length,
566 &enc_data,
567 &len);
568 if (ret) {
569 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
570 _kdc_r_log(r, 5, "Failed to decode PA-DATA -- %s",
571 r->client_name);
572 goto out;
573 }
574
575 ret = hdb_enctype2key(r->context, &r->client->entry, NULL,
576 enc_data.etype, &pa_key);
577 if(ret){
578 char *estr;
579 _kdc_set_e_text(r, "No key matching entype");
580 ret = KRB5KDC_ERR_ETYPE_NOSUPP;
581 if(krb5_enctype_to_string(r->context, enc_data.etype, &estr))
582 estr = NULL;
583 if(estr == NULL)
584 _kdc_r_log(r, 5,
585 "No client key matching pa-data (%d) -- %s",
586 enc_data.etype, r->client_name);
587 else
588 _kdc_r_log(r, 5,
589 "No client key matching pa-data (%s) -- %s",
590 estr, r->client_name);
591 free(estr);
592 free_EncryptedData(&enc_data);
593 goto out;
594 }
595
596 try_next_key:
597 ret = krb5_crypto_init(r->context, &pa_key->key, 0, &crypto);
598 if (ret) {
599 const char *msg = krb5_get_error_message(r->context, ret);
600 _kdc_r_log(r, 0, "krb5_crypto_init failed: %s", msg);
601 krb5_free_error_message(r->context, msg);
602 free_EncryptedData(&enc_data);
603 goto out;
604 }
605
606 ret = krb5_decrypt_EncryptedData (r->context,
607 crypto,
608 KRB5_KU_PA_ENC_TIMESTAMP,
609 &enc_data,
610 &ts_data);
611 krb5_crypto_destroy(r->context, crypto);
612 /*
613 * Since the user might have several keys with the same
614 * enctype but with diffrent salting, we need to try all
615 * the keys with the same enctype.
616 */
617 if(ret){
618 krb5_error_code ret2;
619 const char *msg = krb5_get_error_message(r->context, ret);
620
621 ret2 = krb5_enctype_to_string(r->context,
622 pa_key->key.keytype, &str);
623 if (ret2)
624 str = NULL;
625 _kdc_r_log(r, 5, "Failed to decrypt PA-DATA -- %s "
626 "(enctype %s) error %s",
627 r->client_name, str ? str : "unknown enctype", msg);
628 krb5_free_error_message(r->context, msg);
629 free(str);
630
631 if(hdb_next_enctype2key(r->context, &r->client->entry, NULL,
632 enc_data.etype, &pa_key) == 0)
633 goto try_next_key;
634
635 free_EncryptedData(&enc_data);
636
637 if (r->clientdb->hdb_auth_status)
638 r->clientdb->hdb_auth_status(r->context, r->clientdb, r->client,
639 HDB_AUTH_WRONG_PASSWORD);
640
641 ret = KRB5KDC_ERR_PREAUTH_FAILED;
642 goto out;
643 }
644 free_EncryptedData(&enc_data);
645 ret = decode_PA_ENC_TS_ENC(ts_data.data,
646 ts_data.length,
647 &p,
648 &len);
649 krb5_data_free(&ts_data);
650 if(ret){
651 ret = KRB5KDC_ERR_PREAUTH_FAILED;
652 _kdc_r_log(r, 5, "Failed to decode PA-ENC-TS_ENC -- %s",
653 r->client_name);
654 goto out;
655 }
656 if (abs(kdc_time - p.patimestamp) > r->context->max_skew) {
657 char client_time[100];
658
659 krb5_format_time(r->context, p.patimestamp,
660 client_time, sizeof(client_time), TRUE);
661
662 ret = KRB5KRB_AP_ERR_SKEW;
663 _kdc_r_log(r, 0, "Too large time skew, "
664 "client time %s is out by %u > %u seconds -- %s",
665 client_time,
666 (unsigned)abs(kdc_time - p.patimestamp),
667 r->context->max_skew,
668 r->client_name);
669
670 /*
671 * The following is needed to make windows clients to
672 * retry using the timestamp in the error message, if
673 * there is a e_text, they become unhappy.
674 */
675 r->e_text = NULL;
676 free_PA_ENC_TS_ENC(&p);
677 goto out;
678 }
679 free_PA_ENC_TS_ENC(&p);
680
681 set_salt_padata(&r->outpadata, pa_key->salt);
682
683 ret = krb5_copy_keyblock_contents(r->context, &pa_key->key, &r->reply_key);
684 if (ret)
685 return ret;
686
687 ret = krb5_enctype_to_string(r->context, pa_key->key.keytype, &str);
688 if (ret)
689 str = NULL;
690 _kdc_r_log(r, 2, "ENC-TS Pre-authentication succeeded -- %s using %s",
691 r->client_name, str ? str : "unknown enctype");
692 free(str);
693
694 ret = 0;
695
696 out:
697
698 return ret;
699 }
700
701 struct kdc_patypes {
702 int type;
703 char *name;
704 unsigned int flags;
705 #define PA_ANNOUNCE 1
706 #define PA_REQ_FAST 2 /* only use inside fast */
707 krb5_error_code (*validate)(kdc_request_t, const PA_DATA *pa);
708 };
709
710 static const struct kdc_patypes pat[] = {
711 #ifdef PKINIT
712 {
713 KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)", PA_ANNOUNCE,
714 pa_pkinit_validate
715 },
716 {
717 KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", PA_ANNOUNCE,
718 pa_pkinit_validate
719 },
720 {
721 KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", PA_ANNOUNCE,
722 NULL
723 },
724 #else
725 { KRB5_PADATA_PK_AS_REQ, "PK-INIT(ietf)", 0, NULL },
726 { KRB5_PADATA_PK_AS_REQ_WIN, "PK-INIT(win2k)", 0, NULL },
727 { KRB5_PADATA_PKINIT_KX, "Anonymous PK-INIT", 0, NULL },
728 #endif
729 { KRB5_PADATA_PA_PK_OCSP_RESPONSE , "OCSP", 0, NULL },
730 {
731 KRB5_PADATA_ENC_TIMESTAMP , "ENC-TS",
732 PA_ANNOUNCE,
733 pa_enc_ts_validate
734 },
735 {
736 KRB5_PADATA_ENCRYPTED_CHALLENGE , "ENC-CHAL",
737 PA_ANNOUNCE | PA_REQ_FAST,
738 pa_enc_chal_validate
739 },
740 { KRB5_PADATA_REQ_ENC_PA_REP , "REQ-ENC-PA-REP", 0, NULL },
741 { KRB5_PADATA_FX_FAST, "FX-FAST", PA_ANNOUNCE, NULL },
742 { KRB5_PADATA_FX_ERROR, "FX-ERROR", 0, NULL },
743 { KRB5_PADATA_FX_COOKIE, "FX-COOKIE", 0, NULL }
744 };
745
746 static void
747 log_patypes(krb5_context context,
748 krb5_kdc_configuration *config,
749 METHOD_DATA *padata)
750 {
751 struct rk_strpool *p = NULL;
752 char *str;
753 size_t n, m;
754
755 for (n = 0; n < padata->len; n++) {
756 for (m = 0; m < sizeof(pat) / sizeof(pat[0]); m++) {
757 if (padata->val[n].padata_type == pat[m].type) {
758 p = rk_strpoolprintf(p, "%s", pat[m].name);
759 break;
760 }
761 }
762 if (m == sizeof(pat) / sizeof(pat[0]))
763 p = rk_strpoolprintf(p, "%d", padata->val[n].padata_type);
764 if (p && n + 1 < padata->len)
765 p = rk_strpoolprintf(p, ", ");
766 if (p == NULL) {
767 kdc_log(context, config, 0, "out of memory");
768 return;
769 }
770 }
771 if (p == NULL)
772 p = rk_strpoolprintf(p, "none");
773
774 str = rk_strpoolcollect(p);
775 kdc_log(context, config, 0, "Client sent patypes: %s", str);
776 free(str);
777 }
778
779 /*
780 *
781 */
782
783 krb5_error_code
784 _kdc_encode_reply(krb5_context context,
785 krb5_kdc_configuration *config,
786 krb5_crypto armor_crypto, uint32_t nonce,
787 KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
788 krb5_enctype etype,
789 int skvno, const EncryptionKey *skey,
790 int ckvno, const EncryptionKey *reply_key,
791 int rk_is_subkey,
792 const char **e_text,
793 krb5_data *reply)
794 {
795 unsigned char *buf;
796 size_t buf_size;
797 size_t len = 0;
798 krb5_error_code ret;
799 krb5_crypto crypto;
800
801 ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
802 if(ret) {
803 const char *msg = krb5_get_error_message(context, ret);
804 kdc_log(context, config, 0, "Failed to encode ticket: %s", msg);
805 krb5_free_error_message(context, msg);
806 return ret;
807 }
808 if(buf_size != len)
809 krb5_abortx(context, "Internal error in ASN.1 encoder");
810
811 ret = krb5_crypto_init(context, skey, etype, &crypto);
812 if (ret) {
813 const char *msg = krb5_get_error_message(context, ret);
814 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
815 krb5_free_error_message(context, msg);
816 return ret;
817 }
818
819 ret = krb5_encrypt_EncryptedData(context,
820 crypto,
821 KRB5_KU_TICKET,
822 buf,
823 len,
824 skvno,
825 &rep->ticket.enc_part);
826 free(buf);
827 krb5_crypto_destroy(context, crypto);
828 if(ret) {
829 const char *msg = krb5_get_error_message(context, ret);
830 kdc_log(context, config, 0, "Failed to encrypt data: %s", msg);
831 krb5_free_error_message(context, msg);
832 return ret;
833 }
834
835 if (armor_crypto) {
836 krb5_data data;
837 krb5_keyblock *strengthen_key = NULL;
838 KrbFastFinished finished;
839
840 kdc_log(context, config, 0, "FAST armor protection");
841
842 memset(&finished, 0, sizeof(finished));
843 krb5_data_zero(&data);
844
845 finished.timestamp = kdc_time;
846 finished.usec = 0;
847 finished.crealm = et->crealm;
848 finished.cname = et->cname;
849
850 ASN1_MALLOC_ENCODE(Ticket, data.data, data.length,
851 &rep->ticket, &len, ret);
852 if (ret)
853 return ret;
854 if (data.length != len)
855 krb5_abortx(context, "internal asn.1 error");
856
857 ret = krb5_create_checksum(context, armor_crypto,
858 KRB5_KU_FAST_FINISHED, 0,
859 data.data, data.length,
860 &finished.ticket_checksum);
861 krb5_data_free(&data);
862 if (ret)
863 return ret;
864
865 ret = _kdc_fast_mk_response(context, armor_crypto,
866 rep->padata, strengthen_key, &finished,
867 nonce, &data);
868 free_Checksum(&finished.ticket_checksum);
869 if (ret)
870 return ret;
871
872 if (rep->padata) {
873 free_METHOD_DATA(rep->padata);
874 } else {
875 rep->padata = calloc(1, sizeof(*(rep->padata)));
876 if (rep->padata == NULL) {
877 krb5_data_free(&data);
878 return ENOMEM;
879 }
880 }
881
882 ret = krb5_padata_add(context, rep->padata,
883 KRB5_PADATA_FX_FAST,
884 data.data, data.length);
885 if (ret)
886 return ret;
887
888 /*
889 * Hide client name of privacy reasons
890 */
891 if (1 /* r->fast_options.hide_client_names */) {
892 rep->crealm[0] = '\0';
893 free_PrincipalName(&rep->cname);
894 rep->cname.name_type = 0;
895 }
896 }
897
898 if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep)
899 ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
900 else
901 ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
902 if(ret) {
903 const char *msg = krb5_get_error_message(context, ret);
904 kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
905 krb5_free_error_message(context, msg);
906 return ret;
907 }
908 if(buf_size != len) {
909 free(buf);
910 kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
911 *e_text = "KDC internal error";
912 return KRB5KRB_ERR_GENERIC;
913 }
914 ret = krb5_crypto_init(context, reply_key, 0, &crypto);
915 if (ret) {
916 const char *msg = krb5_get_error_message(context, ret);
917 free(buf);
918 kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
919 krb5_free_error_message(context, msg);
920 return ret;
921 }
922 if(rep->msg_type == krb_as_rep) {
923 krb5_encrypt_EncryptedData(context,
924 crypto,
925 KRB5_KU_AS_REP_ENC_PART,
926 buf,
927 len,
928 ckvno,
929 &rep->enc_part);
930 free(buf);
931 ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
932 } else {
933 krb5_encrypt_EncryptedData(context,
934 crypto,
935 rk_is_subkey ? KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : KRB5_KU_TGS_REP_ENC_PART_SESSION,
936 buf,
937 len,
938 ckvno,
939 &rep->enc_part);
940 free(buf);
941 ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
942 }
943 krb5_crypto_destroy(context, crypto);
944 if(ret) {
945 const char *msg = krb5_get_error_message(context, ret);
946 kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
947 krb5_free_error_message(context, msg);
948 return ret;
949 }
950 if(buf_size != len) {
951 free(buf);
952 kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
953 *e_text = "KDC internal error";
954 return KRB5KRB_ERR_GENERIC;
955 }
956 reply->data = buf;
957 reply->length = buf_size;
958 return 0;
959 }
960
961 /*
962 * Return 1 if the client have only older enctypes, this is for
963 * determining if the server should send ETYPE_INFO2 or not.
964 */
965
966 static int
967 older_enctype(krb5_enctype enctype)
968 {
969 switch (enctype) {
970 case ETYPE_DES_CBC_CRC:
971 case ETYPE_DES_CBC_MD4:
972 case ETYPE_DES_CBC_MD5:
973 case ETYPE_DES3_CBC_SHA1:
974 case ETYPE_ARCFOUR_HMAC_MD5:
975 case ETYPE_ARCFOUR_HMAC_MD5_56:
976 /*
977 * The following three is "old" windows enctypes and is needed for
978 * windows 2000 hosts.
979 */
980 case ETYPE_ARCFOUR_MD4:
981 case ETYPE_ARCFOUR_HMAC_OLD:
982 case ETYPE_ARCFOUR_HMAC_OLD_EXP:
983 return 1;
984 default:
985 return 0;
986 }
987 }
988
989 /*
990 *
991 */
992
993 static krb5_error_code
994 make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
995 {
996 ent->etype = key->key.keytype;
997 if(key->salt){
998 #if 0
999 ALLOC(ent->salttype);
1000
1001 if(key->salt->type == hdb_pw_salt)
1002 *ent->salttype = 0; /* or 1? or NULL? */
1003 else if(key->salt->type == hdb_afs3_salt)
1004 *ent->salttype = 2;
1005 else {
1006 kdc_log(context, config, 0, "unknown salt-type: %d",
1007 key->salt->type);
1008 return KRB5KRB_ERR_GENERIC;
1009 }
1010 /* according to `the specs', we can't send a salt if
1011 we have AFS3 salted key, but that requires that you
1012 *know* what cell you are using (e.g by assuming
1013 that the cell is the same as the realm in lower
1014 case) */
1015 #elif 0
1016 ALLOC(ent->salttype);
1017 *ent->salttype = key->salt->type;
1018 #else
1019 /*
1020 * We shouldn't sent salttype since it is incompatible with the
1021 * specification and it breaks windows clients. The afs
1022 * salting problem is solved by using KRB5-PADATA-AFS3-SALT
1023 * implemented in Heimdal 0.7 and later.
1024 */
1025 ent->salttype = NULL;
1026 #endif
1027 krb5_copy_data(context, &key->salt->salt,
1028 &ent->salt);
1029 } else {
1030 /* we return no salt type at all, as that should indicate
1031 * the default salt type and make everybody happy. some
1032 * systems (like w2k) dislike being told the salt type
1033 * here. */
1034
1035 ent->salttype = NULL;
1036 ent->salt = NULL;
1037 }
1038 return 0;
1039 }
1040
1041 static krb5_error_code
1042 get_pa_etype_info(krb5_context context,
1043 krb5_kdc_configuration *config,
1044 METHOD_DATA *md, Key *ckey)
1045 {
1046 krb5_error_code ret = 0;
1047 ETYPE_INFO pa;
1048 unsigned char *buf;
1049 size_t len;
1050
1051
1052 pa.len = 1;
1053 pa.val = calloc(1, sizeof(pa.val[0]));
1054 if(pa.val == NULL)
1055 return ENOMEM;
1056
1057 ret = make_etype_info_entry(context, &pa.val[0], ckey);
1058 if (ret) {
1059 free_ETYPE_INFO(&pa);
1060 return ret;
1061 }
1062
1063 ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
1064 free_ETYPE_INFO(&pa);
1065 if(ret)
1066 return ret;
1067 ret = realloc_method_data(md);
1068 if(ret) {
1069 free(buf);
1070 return ret;
1071 }
1072 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO;
1073 md->val[md->len - 1].padata_value.length = len;
1074 md->val[md->len - 1].padata_value.data = buf;
1075 return 0;
1076 }
1077
1078 /*
1079 *
1080 */
1081
1082 extern int _krb5_AES_string_to_default_iterator;
1083
1084 static krb5_error_code
1085 make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
1086 {
1087 ent->etype = key->key.keytype;
1088 if(key->salt) {
1089 ALLOC(ent->salt);
1090 if (ent->salt == NULL)
1091 return ENOMEM;
1092 *ent->salt = malloc(key->salt->salt.length + 1);
1093 if (*ent->salt == NULL) {
1094 free(ent->salt);
1095 ent->salt = NULL;
1096 return ENOMEM;
1097 }
1098 memcpy(*ent->salt, key->salt->salt.data, key->salt->salt.length);
1099 (*ent->salt)[key->salt->salt.length] = '\0';
1100 } else
1101 ent->salt = NULL;
1102
1103 ent->s2kparams = NULL;
1104
1105 switch (key->key.keytype) {
1106 case ETYPE_AES128_CTS_HMAC_SHA1_96:
1107 case ETYPE_AES256_CTS_HMAC_SHA1_96:
1108 ALLOC(ent->s2kparams);
1109 if (ent->s2kparams == NULL)
1110 return ENOMEM;
1111 ent->s2kparams->length = 4;
1112 ent->s2kparams->data = malloc(ent->s2kparams->length);
1113 if (ent->s2kparams->data == NULL) {
1114 free(ent->s2kparams);
1115 ent->s2kparams = NULL;
1116 return ENOMEM;
1117 }
1118 _krb5_put_int(ent->s2kparams->data,
1119 _krb5_AES_string_to_default_iterator,
1120 ent->s2kparams->length);
1121 break;
1122 case ETYPE_DES_CBC_CRC:
1123 case ETYPE_DES_CBC_MD4:
1124 case ETYPE_DES_CBC_MD5:
1125 /* Check if this was a AFS3 salted key */
1126 if(key->salt && key->salt->type == hdb_afs3_salt){
1127 ALLOC(ent->s2kparams);
1128 if (ent->s2kparams == NULL)
1129 return ENOMEM;
1130 ent->s2kparams->length = 1;
1131 ent->s2kparams->data = malloc(ent->s2kparams->length);
1132 if (ent->s2kparams->data == NULL) {
1133 free(ent->s2kparams);
1134 ent->s2kparams = NULL;
1135 return ENOMEM;
1136 }
1137 _krb5_put_int(ent->s2kparams->data,
1138 1,
1139 ent->s2kparams->length);
1140 }
1141 break;
1142 default:
1143 break;
1144 }
1145 return 0;
1146 }
1147
1148 /*
1149 * Return an ETYPE-INFO2. Enctypes are storted the same way as in the
1150 * database (client supported enctypes first, then the unsupported
1151 * enctypes).
1152 */
1153
1154 static krb5_error_code
1155 get_pa_etype_info2(krb5_context context,
1156 krb5_kdc_configuration *config,
1157 METHOD_DATA *md, Key *ckey)
1158 {
1159 krb5_error_code ret = 0;
1160 ETYPE_INFO2 pa;
1161 unsigned char *buf;
1162 size_t len;
1163
1164 pa.len = 1;
1165 pa.val = calloc(1, sizeof(pa.val[0]));
1166 if(pa.val == NULL)
1167 return ENOMEM;
1168
1169 ret = make_etype_info2_entry(&pa.val[0], ckey);
1170 if (ret) {
1171 free_ETYPE_INFO2(&pa);
1172 return ret;
1173 }
1174
1175 ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret);
1176 free_ETYPE_INFO2(&pa);
1177 if(ret)
1178 return ret;
1179 ret = realloc_method_data(md);
1180 if(ret) {
1181 free(buf);
1182 return ret;
1183 }
1184 md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO2;
1185 md->val[md->len - 1].padata_value.length = len;
1186 md->val[md->len - 1].padata_value.data = buf;
1187 return 0;
1188 }
1189
1190 /*
1191 *
1192 */
1193
1194 static void
1195 log_as_req(krb5_context context,
1196 krb5_kdc_configuration *config,
1197 krb5_enctype cetype,
1198 krb5_enctype setype,
1199 const KDC_REQ_BODY *b)
1200 {
1201 krb5_error_code ret;
1202 struct rk_strpool *p;
1203 char *str;
1204 size_t i;
1205
1206 p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: ");
1207
1208 for (i = 0; i < b->etype.len; i++) {
1209 ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
1210 if (ret == 0) {
1211 p = rk_strpoolprintf(p, "%s", str);
1212 free(str);
1213 } else
1214 p = rk_strpoolprintf(p, "%d", b->etype.val[i]);
1215 if (p && i + 1 < b->etype.len)
1216 p = rk_strpoolprintf(p, ", ");
1217 if (p == NULL) {
1218 kdc_log(context, config, 0, "out of memory");
1219 return;
1220 }
1221 }
1222 if (p == NULL)
1223 p = rk_strpoolprintf(p, "no encryption types");
1224
1225 {
1226 char *cet;
1227 char *set;
1228
1229 ret = krb5_enctype_to_string(context, cetype, &cet);
1230 if(ret == 0) {
1231 ret = krb5_enctype_to_string(context, setype, &set);
1232 if (ret == 0) {
1233 p = rk_strpoolprintf(p, ", using %s/%s", cet, set);
1234 free(set);
1235 }
1236 free(cet);
1237 }
1238 if (ret != 0)
1239 p = rk_strpoolprintf(p, ", using enctypes %d/%d",
1240 cetype, setype);
1241 }
1242
1243 str = rk_strpoolcollect(p);
1244 kdc_log(context, config, 0, "%s", str);
1245 free(str);
1246
1247 {
1248 char fixedstr[128];
1249 unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(),
1250 fixedstr, sizeof(fixedstr));
1251 if(*fixedstr)
1252 kdc_log(context, config, 0, "Requested flags: %s", fixedstr);
1253 }
1254 }
1255
1256 /*
1257 * verify the flags on `client' and `server', returning 0
1258 * if they are OK and generating an error messages and returning
1259 * and error code otherwise.
1260 */
1261
1262 krb5_error_code
1263 kdc_check_flags(krb5_context context,
1264 krb5_kdc_configuration *config,
1265 hdb_entry_ex *client_ex, const char *client_name,
1266 hdb_entry_ex *server_ex, const char *server_name,
1267 krb5_boolean is_as_req)
1268 {
1269 if(client_ex != NULL) {
1270 hdb_entry *client = &client_ex->entry;
1271
1272 /* check client */
1273 if (client->flags.locked_out) {
1274 kdc_log(context, config, 0,
1275 "Client (%s) is locked out", client_name);
1276 return KRB5KDC_ERR_POLICY;
1277 }
1278
1279 if (client->flags.invalid) {
1280 kdc_log(context, config, 0,
1281 "Client (%s) has invalid bit set", client_name);
1282 return KRB5KDC_ERR_POLICY;
1283 }
1284
1285 if(!client->flags.client){
1286 kdc_log(context, config, 0,
1287 "Principal may not act as client -- %s", client_name);
1288 return KRB5KDC_ERR_POLICY;
1289 }
1290
1291 if (client->valid_start && *client->valid_start > kdc_time) {
1292 char starttime_str[100];
1293 krb5_format_time(context, *client->valid_start,
1294 starttime_str, sizeof(starttime_str), TRUE);
1295 kdc_log(context, config, 0,
1296 "Client not yet valid until %s -- %s",
1297 starttime_str, client_name);
1298 return KRB5KDC_ERR_CLIENT_NOTYET;
1299 }
1300
1301 if (client->valid_end && *client->valid_end < kdc_time) {
1302 char endtime_str[100];
1303 krb5_format_time(context, *client->valid_end,
1304 endtime_str, sizeof(endtime_str), TRUE);
1305 kdc_log(context, config, 0,
1306 "Client expired at %s -- %s",
1307 endtime_str, client_name);
1308 return KRB5KDC_ERR_NAME_EXP;
1309 }
1310
1311 if (client->flags.require_pwchange &&
1312 (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
1313 kdc_log(context, config, 0,
1314 "Client's key must be changed -- %s", client_name);
1315 return KRB5KDC_ERR_KEY_EXPIRED;
1316 }
1317
1318 if (client->pw_end && *client->pw_end < kdc_time
1319 && (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
1320 char pwend_str[100];
1321 krb5_format_time(context, *client->pw_end,
1322 pwend_str, sizeof(pwend_str), TRUE);
1323 kdc_log(context, config, 0,
1324 "Client's key has expired at %s -- %s",
1325 pwend_str, client_name);
1326 return KRB5KDC_ERR_KEY_EXPIRED;
1327 }
1328 }
1329
1330 /* check server */
1331
1332 if (server_ex != NULL) {
1333 hdb_entry *server = &server_ex->entry;
1334
1335 if (server->flags.locked_out) {
1336 kdc_log(context, config, 0,
1337 "Client server locked out -- %s", server_name);
1338 return KRB5KDC_ERR_POLICY;
1339 }
1340 if (server->flags.invalid) {
1341 kdc_log(context, config, 0,
1342 "Server has invalid flag set -- %s", server_name);
1343 return KRB5KDC_ERR_POLICY;
1344 }
1345
1346 if(!server->flags.server){
1347 kdc_log(context, config, 0,
1348 "Principal may not act as server -- %s", server_name);
1349 return KRB5KDC_ERR_POLICY;
1350 }
1351
1352 if(!is_as_req && server->flags.initial) {
1353 kdc_log(context, config, 0,
1354 "AS-REQ is required for server -- %s", server_name);
1355 return KRB5KDC_ERR_POLICY;
1356 }
1357
1358 if (server->valid_start && *server->valid_start > kdc_time) {
1359 char starttime_str[100];
1360 krb5_format_time(context, *server->valid_start,
1361 starttime_str, sizeof(starttime_str), TRUE);
1362 kdc_log(context, config, 0,
1363 "Server not yet valid until %s -- %s",
1364 starttime_str, server_name);
1365 return KRB5KDC_ERR_SERVICE_NOTYET;
1366 }
1367
1368 if (server->valid_end && *server->valid_end < kdc_time) {
1369 char endtime_str[100];
1370 krb5_format_time(context, *server->valid_end,
1371 endtime_str, sizeof(endtime_str), TRUE);
1372 kdc_log(context, config, 0,
1373 "Server expired at %s -- %s",
1374 endtime_str, server_name);
1375 return KRB5KDC_ERR_SERVICE_EXP;
1376 }
1377
1378 if (server->pw_end && *server->pw_end < kdc_time) {
1379 char pwend_str[100];
1380 krb5_format_time(context, *server->pw_end,
1381 pwend_str, sizeof(pwend_str), TRUE);
1382 kdc_log(context, config, 0,
1383 "Server's key has expired at -- %s",
1384 pwend_str, server_name);
1385 return KRB5KDC_ERR_KEY_EXPIRED;
1386 }
1387 }
1388 return 0;
1389 }
1390
1391 /*
1392 * Return TRUE if `from' is part of `addresses' taking into consideration
1393 * the configuration variables that tells us how strict we should be about
1394 * these checks
1395 */
1396
1397 krb5_boolean
1398 _kdc_check_addresses(krb5_context context,
1399 krb5_kdc_configuration *config,
1400 HostAddresses *addresses, const struct sockaddr *from)
1401 {
1402 krb5_error_code ret;
1403 krb5_address addr;
1404 krb5_boolean result;
1405 krb5_boolean only_netbios = TRUE;
1406 size_t i;
1407
1408 if(config->check_ticket_addresses == 0)
1409 return TRUE;
1410
1411 if(addresses == NULL)
1412 return config->allow_null_ticket_addresses;
1413
1414 for (i = 0; i < addresses->len; ++i) {
1415 if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
1416 only_netbios = FALSE;
1417 }
1418 }
1419
1420 /* Windows sends it's netbios name, which I can only assume is
1421 * used for the 'allowed workstations' check. This is painful,
1422 * but we still want to check IP addresses if they happen to be
1423 * present.
1424 */
1425
1426 if(only_netbios)
1427 return config->allow_null_ticket_addresses;
1428
1429 ret = krb5_sockaddr2address (context, from, &addr);
1430 if(ret)
1431 return FALSE;
1432
1433 result = krb5_address_search(context, &addr, addresses);
1434 krb5_free_address (context, &addr);
1435 return result;
1436 }
1437
1438 /*
1439 *
1440 */
1441
1442 static krb5_boolean
1443 send_pac_p(krb5_context context, KDC_REQ *req)
1444 {
1445 krb5_error_code ret;
1446 PA_PAC_REQUEST pacreq;
1447 const PA_DATA *pa;
1448 int i = 0;
1449
1450 pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST);
1451 if (pa == NULL)
1452 return TRUE;
1453
1454 ret = decode_PA_PAC_REQUEST(pa->padata_value.data,
1455 pa->padata_value.length,
1456 &pacreq,
1457 NULL);
1458 if (ret)
1459 return TRUE;
1460 i = pacreq.include_pac;
1461 free_PA_PAC_REQUEST(&pacreq);
1462 if (i == 0)
1463 return FALSE;
1464 return TRUE;
1465 }
1466
1467 /*
1468 *
1469 */
1470
1471 static krb5_error_code
1472 generate_pac(kdc_request_t r, Key *skey)
1473 {
1474 krb5_error_code ret;
1475 krb5_pac p = NULL;
1476 krb5_data data;
1477
1478 ret = _kdc_pac_generate(r->context, r->client, &p);
1479 if (ret) {
1480 _kdc_r_log(r, 0, "PAC generation failed for -- %s",
1481 r->client_name);
1482 return ret;
1483 }
1484 if (p == NULL)
1485 return 0;
1486
1487 ret = _krb5_pac_sign(r->context, p, r->et.authtime,
1488 r->client->entry.principal,
1489 &skey->key, /* Server key */
1490 &skey->key, /* FIXME: should be krbtgt key */
1491 &data);
1492 krb5_pac_free(r->context, p);
1493 if (ret) {
1494 _kdc_r_log(r, 0, "PAC signing failed for -- %s",
1495 r->client_name);
1496 return ret;
1497 }
1498
1499 ret = _kdc_tkt_add_if_relevant_ad(r->context, &r->et,
1500 KRB5_AUTHDATA_WIN2K_PAC,
1501 &data);
1502 krb5_data_free(&data);
1503
1504 return ret;
1505 }
1506
1507 /*
1508 *
1509 */
1510
1511 krb5_boolean
1512 _kdc_is_anonymous(krb5_context context, krb5_principal principal)
1513 {
1514 if (principal->name.name_type != KRB5_NT_WELLKNOWN ||
1515 principal->name.name_string.len != 2 ||
1516 strcmp(principal->name.name_string.val[0], KRB5_WELLKNOWN_NAME) != 0 ||
1517 strcmp(principal->name.name_string.val[1], KRB5_ANON_NAME) != 0)
1518 return 0;
1519 return 1;
1520 }
1521
1522 static int
1523 require_preauth_p(kdc_request_t r)
1524 {
1525 return r->config->require_preauth
1526 || r->client->entry.flags.require_preauth
1527 || r->server->entry.flags.require_preauth;
1528 }
1529
1530
1531 /*
1532 *
1533 */
1534
1535 static krb5_error_code
1536 add_enc_pa_rep(kdc_request_t r)
1537 {
1538 krb5_error_code ret;
1539 krb5_crypto crypto;
1540 Checksum checksum;
1541 krb5_data cdata;
1542 size_t len;
1543
1544 ret = krb5_crypto_init(r->context, &r->reply_key, 0, &crypto);
1545 if (ret)
1546 return ret;
1547
1548 ret = krb5_create_checksum(r->context, crypto,
1549 KRB5_KU_AS_REQ, 0,
1550 r->request.data, r->request.length,
1551 &checksum);
1552 krb5_crypto_destroy(r->context, crypto);
1553 if (ret)
1554 return ret;
1555
1556 ASN1_MALLOC_ENCODE(Checksum, cdata.data, cdata.length,
1557 &checksum, &len, ret);
1558 free_Checksum(&checksum);
1559 if (ret)
1560 return ret;
1561 heim_assert(cdata.length == len, "ASN.1 internal error");
1562
1563 if (r->ek.encrypted_pa_data == NULL) {
1564 ALLOC(r->ek.encrypted_pa_data);
1565 if (r->ek.encrypted_pa_data == NULL)
1566 return ENOMEM;
1567 }
1568 ret = krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1569 KRB5_PADATA_REQ_ENC_PA_REP, cdata.data, cdata.length);
1570 if (ret)
1571 return ret;
1572
1573 return krb5_padata_add(r->context, r->ek.encrypted_pa_data,
1574 KRB5_PADATA_FX_FAST, NULL, 0);
1575 }
1576
1577 /*
1578 *
1579 */
1580
1581 krb5_error_code
1582 _kdc_as_rep(kdc_request_t r,
1583 krb5_data *reply,
1584 const char *from,
1585 struct sockaddr *from_addr,
1586 int datagram_reply)
1587 {
1588 krb5_context context = r->context;
1589 krb5_kdc_configuration *config = r->config;
1590 KDC_REQ *req = &r->req;
1591 KDC_REQ_BODY *b = NULL;
1592 AS_REP rep;
1593 KDCOptions f;
1594 krb5_enctype setype;
1595 krb5_error_code ret = 0;
1596 Key *skey;
1597 int found_pa = 0;
1598 int i, flags = HDB_F_FOR_AS_REQ;
1599 METHOD_DATA error_method;
1600 const PA_DATA *pa;
1601
1602 memset(&rep, 0, sizeof(rep));
1603 error_method.len = 0;
1604 error_method.val = NULL;
1605
1606 /*
1607 * Look for FAST armor and unwrap
1608 */
1609 ret = _kdc_fast_unwrap_request(r);
1610 if (ret) {
1611 _kdc_r_log(r, 0, "FAST unwrap request from %s failed: %d", from, ret);
1612 goto out;
1613 }
1614
1615 b = &req->req_body;
1616 f = b->kdc_options;
1617
1618 if (f.canonicalize)
1619 flags |= HDB_F_CANON;
1620
1621 if(b->sname == NULL){
1622 ret = KRB5KRB_ERR_GENERIC;
1623 _kdc_set_e_text(r, "No server in request");
1624 } else{
1625 ret = _krb5_principalname2krb5_principal (context,
1626 &r->server_princ,
1627 *(b->sname),
1628 b->realm);
1629 if (ret == 0)
1630 ret = krb5_unparse_name(context, r->server_princ, &r->server_name);
1631 }
1632 if (ret) {
1633 kdc_log(context, config, 0,
1634 "AS-REQ malformed server name from %s", from);
1635 goto out;
1636 }
1637 if(b->cname == NULL){
1638 ret = KRB5KRB_ERR_GENERIC;
1639 _kdc_set_e_text(r, "No client in request");
1640 } else {
1641 ret = _krb5_principalname2krb5_principal (context,
1642 &r->client_princ,
1643 *(b->cname),
1644 b->realm);
1645 if (ret)
1646 goto out;
1647
1648 ret = krb5_unparse_name(context, r->client_princ, &r->client_name);
1649 }
1650 if (ret) {
1651 kdc_log(context, config, 0,
1652 "AS-REQ malformed client name from %s", from);
1653 goto out;
1654 }
1655
1656 kdc_log(context, config, 0, "AS-REQ %s from %s for %s",
1657 r->client_name, from, r->server_name);
1658
1659 /*
1660 *
1661 */
1662
1663 if (_kdc_is_anonymous(context, r->client_princ)) {
1664 if (!_kdc_is_anon_request(b)) {
1665 kdc_log(context, config, 0, "Anonymous ticket w/o anonymous flag");
1666 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1667 goto out;
1668 }
1669 } else if (_kdc_is_anon_request(b)) {
1670 kdc_log(context, config, 0,
1671 "Request for a anonymous ticket with non "
1672 "anonymous client name: %s", r->client_name);
1673 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1674 goto out;
1675 }
1676
1677 /*
1678 *
1679 */
1680
1681 ret = _kdc_db_fetch(context, config, r->client_princ,
1682 HDB_F_GET_CLIENT | flags, NULL,
1683 &r->clientdb, &r->client);
1684 if(ret == HDB_ERR_NOT_FOUND_HERE) {
1685 kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy",
1686 r->client_name);
1687 goto out;
1688 } else if(ret){
1689 const char *msg = krb5_get_error_message(context, ret);
1690 kdc_log(context, config, 0, "UNKNOWN -- %s: %s", r->client_name, msg);
1691 krb5_free_error_message(context, msg);
1692 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1693 goto out;
1694 }
1695 ret = _kdc_db_fetch(context, config, r->server_princ,
1696 HDB_F_GET_SERVER|HDB_F_GET_KRBTGT | flags,
1697 NULL, NULL, &r->server);
1698 if(ret == HDB_ERR_NOT_FOUND_HERE) {
1699 kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy",
1700 r->server_name);
1701 goto out;
1702 } else if(ret){
1703 const char *msg = krb5_get_error_message(context, ret);
1704 kdc_log(context, config, 0, "UNKNOWN -- %s: %s", r->server_name, msg);
1705 krb5_free_error_message(context, msg);
1706 ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
1707 goto out;
1708 }
1709
1710 /*
1711 * Select a session enctype from the list of the crypto system
1712 * supported enctypes that is supported by the client and is one of
1713 * the enctype of the enctype of the service (likely krbtgt).
1714 *
1715 * The latter is used as a hint of what enctypes all KDC support,
1716 * to make sure a newer version of KDC won't generate a session
1717 * enctype that an older version of a KDC in the same realm can't
1718 * decrypt.
1719 */
1720
1721 ret = _kdc_find_etype(context,
1722 krb5_principal_is_krbtgt(context, r->server_princ) ?
1723 config->tgt_use_strongest_session_key :
1724 config->svc_use_strongest_session_key, FALSE,
1725 r->client, b->etype.val, b->etype.len, &r->sessionetype,
1726 NULL);
1727 if (ret) {
1728 kdc_log(context, config, 0,
1729 "Client (%s) from %s has no common enctypes with KDC "
1730 "to use for the session key",
1731 r->client_name, from);
1732 goto out;
1733 }
1734
1735 /*
1736 * Pre-auth processing
1737 */
1738
1739 if(req->padata){
1740 unsigned int n;
1741
1742 log_patypes(context, config, req->padata);
1743
1744 /* Check if preauth matching */
1745
1746 for (n = 0; !found_pa && n < sizeof(pat) / sizeof(pat[0]); n++) {
1747 if (pat[n].validate == NULL)
1748 continue;
1749 if (r->armor_crypto == NULL && (pat[n].flags & PA_REQ_FAST))
1750 continue;
1751
1752 kdc_log(context, config, 5,
1753 "Looking for %s pa-data -- %s", pat[n].name, r->client_name);
1754 i = 0;
1755 pa = _kdc_find_padata(req, &i, pat[n].type);
1756 if (pa) {
1757 ret = pat[n].validate(r, pa);
1758 if (ret == 0) {
1759 kdc_log(context, config, 0,
1760 "%s pre-authentication succeeded -- %s",
1761 pat[n].name, r->client_name);
1762 found_pa = 1;
1763 r->et.flags.pre_authent = 1;
1764 }
1765 }
1766 }
1767 }
1768
1769 if (found_pa == 0) {
1770 Key *ckey = NULL;
1771 size_t n;
1772
1773 for (n = 0; n < sizeof(pat) / sizeof(pat[0]); n++) {
1774 if ((pat[n].flags & PA_ANNOUNCE) == 0)
1775 continue;
1776 ret = krb5_padata_add(context, &error_method,
1777 pat[n].type, NULL, 0);
1778 if (ret)
1779 goto out;
1780 }
1781
1782 /*
1783 * If there is a client key, send ETYPE_INFO{,2}
1784 */
1785 ret = _kdc_find_etype(context,
1786 config->preauth_use_strongest_session_key, TRUE,
1787 r->client, b->etype.val, b->etype.len, NULL, &ckey);
1788 if (ret == 0) {
1789
1790 /*
1791 * RFC4120 requires:
1792 * - If the client only knows about old enctypes, then send
1793 * both info replies (we send 'info' first in the list).
1794 * - If the client is 'modern', because it knows about 'new'
1795 * enctype types, then only send the 'info2' reply.
1796 *
1797 * Before we send the full list of etype-info data, we pick
1798 * the client key we would have used anyway below, just pick
1799 * that instead.
1800 */
1801
1802 if (older_enctype(ckey->key.keytype)) {
1803 ret = get_pa_etype_info(context, config,
1804 &error_method, ckey);
1805 if (ret)
1806 goto out;
1807 }
1808 ret = get_pa_etype_info2(context, config,
1809 &error_method, ckey);
1810 if (ret)
1811 goto out;
1812 }
1813
1814 /*
1815 * send requre preauth is its required or anon is requested,
1816 * anon is today only allowed via preauth mechanisms.
1817 */
1818 if (require_preauth_p(r) || _kdc_is_anon_request(b)) {
1819 ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
1820 _kdc_set_e_text(r, "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ");
1821 goto out;
1822 }
1823
1824 if (ckey == NULL) {
1825 ret = KRB5KDC_ERR_CLIENT_NOTYET;
1826 _kdc_set_e_text(r, "Doesn't have a client key available");
1827 goto out;
1828 }
1829 krb5_free_keyblock_contents(r->context, &r->reply_key);
1830 ret = krb5_copy_keyblock_contents(r->context, &ckey->key, &r->reply_key);
1831 if (ret)
1832 goto out;
1833 }
1834
1835 if (r->clientdb->hdb_auth_status)
1836 r->clientdb->hdb_auth_status(context, r->clientdb, r->client,
1837 HDB_AUTH_SUCCESS);
1838
1839 /*
1840 * Verify flags after the user been required to prove its identity
1841 * with in a preauth mech.
1842 */
1843
1844 ret = _kdc_check_access(context, config, r->client, r->client_name,
1845 r->server, r->server_name,
1846 req, &error_method);
1847 if(ret)
1848 goto out;
1849
1850 /*
1851 * Select the best encryption type for the KDC with out regard to
1852 * the client since the client never needs to read that data.
1853 */
1854
1855 ret = _kdc_get_preferred_key(context, config,
1856 r->server, r->server_name,
1857 &setype, &skey);
1858 if(ret)
1859 goto out;
1860
1861 if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
1862 || (_kdc_is_anon_request(b) && !config->allow_anonymous)) {
1863 ret = KRB5KDC_ERR_BADOPTION;
1864 _kdc_set_e_text(r, "Bad KDC options");
1865 goto out;
1866 }
1867
1868 /*
1869 * Build reply
1870 */
1871
1872 rep.pvno = 5;
1873 rep.msg_type = krb_as_rep;
1874
1875 if (_kdc_is_anonymous(context, r->client_princ)) {
1876 Realm anon_realm=KRB5_ANON_REALM;
1877 ret = copy_Realm(&anon_realm, &rep.crealm);
1878 } else
1879 ret = copy_Realm(&r->client->entry.principal->realm, &rep.crealm);
1880 if (ret)
1881 goto out;
1882 ret = _krb5_principal2principalname(&rep.cname, r->client->entry.principal);
1883 if (ret)
1884 goto out;
1885
1886 rep.ticket.tkt_vno = 5;
1887 copy_Realm(&r->server->entry.principal->realm, &rep.ticket.realm);
1888 _krb5_principal2principalname(&rep.ticket.sname,
1889 r->server->entry.principal);
1890 /* java 1.6 expects the name to be the same type, lets allow that
1891 * uncomplicated name-types. */
1892 #define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
1893 if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
1894 rep.ticket.sname.name_type = b->sname->name_type;
1895 #undef CNT
1896
1897 r->et.flags.initial = 1;
1898 if(r->client->entry.flags.forwardable && r->server->entry.flags.forwardable)
1899 r->et.flags.forwardable = f.forwardable;
1900 else if (f.forwardable) {
1901 _kdc_set_e_text(r, "Ticket may not be forwardable");
1902 ret = KRB5KDC_ERR_POLICY;
1903 goto out;
1904 }
1905 if(r->client->entry.flags.proxiable && r->server->entry.flags.proxiable)
1906 r->et.flags.proxiable = f.proxiable;
1907 else if (f.proxiable) {
1908 _kdc_set_e_text(r, "Ticket may not be proxiable");
1909 ret = KRB5KDC_ERR_POLICY;
1910 goto out;
1911 }
1912 if(r->client->entry.flags.postdate && r->server->entry.flags.postdate)
1913 r->et.flags.may_postdate = f.allow_postdate;
1914 else if (f.allow_postdate){
1915 _kdc_set_e_text(r, "Ticket may not be postdate");
1916 ret = KRB5KDC_ERR_POLICY;
1917 goto out;
1918 }
1919
1920 /* check for valid set of addresses */
1921 if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) {
1922 _kdc_set_e_text(r, "Bad address list in requested");
1923 ret = KRB5KRB_AP_ERR_BADADDR;
1924 goto out;
1925 }
1926
1927 ret = copy_PrincipalName(&rep.cname, &r->et.cname);
1928 if (ret)
1929 goto out;
1930 ret = copy_Realm(&rep.crealm, &r->et.crealm);
1931 if (ret)
1932 goto out;
1933
1934 {
1935 time_t start;
1936 time_t t;
1937
1938 start = r->et.authtime = kdc_time;
1939
1940 if(f.postdated && req->req_body.from){
1941 ALLOC(r->et.starttime);
1942 start = *r->et.starttime = *req->req_body.from;
1943 r->et.flags.invalid = 1;
1944 r->et.flags.postdated = 1; /* XXX ??? */
1945 }
1946 _kdc_fix_time(&b->till);
1947 t = *b->till;
1948
1949 /* be careful not overflowing */
1950
1951 if(r->client->entry.max_life)
1952 t = start + min(t - start, *r->client->entry.max_life);
1953 if(r->server->entry.max_life)
1954 t = start + min(t - start, *r->server->entry.max_life);
1955 #if 0
1956 t = min(t, start + realm->max_life);
1957 #endif
1958 r->et.endtime = t;
1959 if(f.renewable_ok && r->et.endtime < *b->till){
1960 f.renewable = 1;
1961 if(b->rtime == NULL){
1962 ALLOC(b->rtime);
1963 *b->rtime = 0;
1964 }
1965 if(*b->rtime < *b->till)
1966 *b->rtime = *b->till;
1967 }
1968 if(f.renewable && b->rtime){
1969 t = *b->rtime;
1970 if(t == 0)
1971 t = MAX_TIME;
1972 if(r->client->entry.max_renew)
1973 t = start + min(t - start, *r->client->entry.max_renew);
1974 if(r->server->entry.max_renew)
1975 t = start + min(t - start, *r->server->entry.max_renew);
1976 #if 0
1977 t = min(t, start + realm->max_renew);
1978 #endif
1979 ALLOC(r->et.renew_till);
1980 *r->et.renew_till = t;
1981 r->et.flags.renewable = 1;
1982 }
1983 }
1984
1985 if (_kdc_is_anon_request(b))
1986 r->et.flags.anonymous = 1;
1987
1988 if(b->addresses){
1989 ALLOC(r->et.caddr);
1990 copy_HostAddresses(b->addresses, r->et.caddr);
1991 }
1992
1993 r->et.transited.tr_type = DOMAIN_X500_COMPRESS;
1994 krb5_data_zero(&r->et.transited.contents);
1995
1996 /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
1997 * as 0 and as 0x80 (meaning indefinite length) apart, and is thus
1998 * incapable of correctly decoding SEQUENCE OF's of zero length.
1999 *
2000 * To fix this, always send at least one no-op last_req
2001 *
2002 * If there's a pw_end or valid_end we will use that,
2003 * otherwise just a dummy lr.
2004 */
2005 r->ek.last_req.val = malloc(2 * sizeof(*r->ek.last_req.val));
2006 if (r->ek.last_req.val == NULL) {
2007 ret = ENOMEM;
2008 goto out;
2009 }
2010 r->ek.last_req.len = 0;
2011 if (r->client->entry.pw_end
2012 && (config->kdc_warn_pwexpire == 0
2013 || kdc_time + config->kdc_warn_pwexpire >= *r->client->entry.pw_end)) {
2014 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_PW_EXPTIME;
2015 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.pw_end;
2016 ++r->ek.last_req.len;
2017 }
2018 if (r->client->entry.valid_end) {
2019 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_ACCT_EXPTIME;
2020 r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.valid_end;
2021 ++r->ek.last_req.len;
2022 }
2023 if (r->ek.last_req.len == 0) {
2024 r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_NONE;
2025 r->ek.last_req.val[r->ek.last_req.len].lr_value = 0;
2026 ++r->ek.last_req.len;
2027 }
2028 r->ek.nonce = b->nonce;
2029 if (r->client->entry.valid_end || r->client->entry.pw_end) {
2030 ALLOC(r->ek.key_expiration);
2031 if (r->client->entry.valid_end) {
2032 if (r->client->entry.pw_end)
2033 *r->ek.key_expiration = min(*r->client->entry.valid_end,
2034 *r->client->entry.pw_end);
2035 else
2036 *r->ek.key_expiration = *r->client->entry.valid_end;
2037 } else
2038 *r->ek.key_expiration = *r->client->entry.pw_end;
2039 } else
2040 r->ek.key_expiration = NULL;
2041 r->ek.flags = r->et.flags;
2042 r->ek.authtime = r->et.authtime;
2043 if (r->et.starttime) {
2044 ALLOC(r->ek.starttime);
2045 *r->ek.starttime = *r->et.starttime;
2046 }
2047 r->ek.endtime = r->et.endtime;
2048 if (r->et.renew_till) {
2049 ALLOC(r->ek.renew_till);
2050 *r->ek.renew_till = *r->et.renew_till;
2051 }
2052 copy_Realm(&rep.ticket.realm, &r->ek.srealm);
2053 copy_PrincipalName(&rep.ticket.sname, &r->ek.sname);
2054 if(r->et.caddr){
2055 ALLOC(r->ek.caddr);
2056 copy_HostAddresses(r->et.caddr, r->ek.caddr);
2057 }
2058
2059 /*
2060 * Check and session and reply keys
2061 */
2062
2063 if (r->session_key.keytype == ETYPE_NULL) {
2064 ret = krb5_generate_random_keyblock(context, r->sessionetype, &r->session_key);
2065 if (ret)
2066 goto out;
2067 }
2068
2069 if (r->reply_key.keytype == ETYPE_NULL) {
2070 _kdc_set_e_text(r, "Client have no reply key");
2071 ret = KRB5KDC_ERR_CLIENT_NOTYET;
2072 goto out;
2073 }
2074
2075 ret = copy_EncryptionKey(&r->session_key, &r->et.key);
2076 if (ret)
2077 goto out;
2078
2079 ret = copy_EncryptionKey(&r->session_key, &r->ek.key);
2080 if (ret)
2081 goto out;
2082
2083 /*
2084 * Add signing of alias referral
2085 */
2086
2087 if (f.canonicalize) {
2088 PA_ClientCanonicalized canon;
2089 krb5_data data;
2090 PA_DATA tmppa;
2091 krb5_crypto cryptox;
2092 size_t len = 0;
2093
2094 memset(&canon, 0, sizeof(canon));
2095
2096 canon.names.requested_name = *b->cname;
2097 canon.names.mapped_name = r->client->entry.principal->name;
2098
2099 ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length,
2100 &canon.names, &len, ret);
2101 if (ret)
2102 goto out;
2103 if (data.length != len)
2104 krb5_abortx(context, "internal asn.1 error");
2105
2106 /* sign using "returned session key" */
2107 ret = krb5_crypto_init(context, &r->et.key, 0, &cryptox);
2108 if (ret) {
2109 free(data.data);
2110 goto out;
2111 }
2112
2113 ret = krb5_create_checksum(context, cryptox,
2114 KRB5_KU_CANONICALIZED_NAMES, 0,
2115 data.data, data.length,
2116 &canon.canon_checksum);
2117 free(data.data);
2118 krb5_crypto_destroy(context, cryptox);
2119 if (ret)
2120 goto out;
2121
2122 ASN1_MALLOC_ENCODE(PA_ClientCanonicalized, data.data, data.length,
2123 &canon, &len, ret);
2124 free_Checksum(&canon.canon_checksum);
2125 if (ret)
2126 goto out;
2127 if (data.length != len)
2128 krb5_abortx(context, "internal asn.1 error");
2129
2130 tmppa.padata_type = KRB5_PADATA_CLIENT_CANONICALIZED;
2131 tmppa.padata_value = data;
2132 ret = add_METHOD_DATA(&r->outpadata, &tmppa);
2133 free(data.data);
2134 if (ret)
2135 goto out;
2136 }
2137
2138 if (r->outpadata.len) {
2139
2140 ALLOC(rep.padata);
2141 if (rep.padata == NULL) {
2142 ret = ENOMEM;
2143 goto out;
2144 }
2145 ret = copy_METHOD_DATA(&r->outpadata, rep.padata);
2146 if (ret)
2147 goto out;
2148 }
2149
2150 /* Add the PAC */
2151 if (send_pac_p(context, req)) {
2152 generate_pac(r, skey);
2153 }
2154
2155 _kdc_log_timestamp(context, config, "AS-REQ", r->et.authtime, r->et.starttime,
2156 r->et.endtime, r->et.renew_till);
2157
2158 /* do this as the last thing since this signs the EncTicketPart */
2159 ret = _kdc_add_KRB5SignedPath(context,
2160 config,
2161 r->server,
2162 setype,
2163 r->client->entry.principal,
2164 NULL,
2165 NULL,
2166 &r->et);
2167 if (ret)
2168 goto out;
2169
2170 log_as_req(context, config, r->reply_key.keytype, setype, b);
2171
2172 /*
2173 * We always say we support FAST/enc-pa-rep
2174 */
2175
2176 r->et.flags.enc_pa_rep = r->ek.flags.enc_pa_rep = 1;
2177
2178 /*
2179 * Add REQ_ENC_PA_REP if client supports it
2180 */
2181
2182 i = 0;
2183 pa = _kdc_find_padata(req, &i, KRB5_PADATA_REQ_ENC_PA_REP);
2184 if (pa) {
2185
2186 ret = add_enc_pa_rep(r);
2187 if (ret) {
2188 const char *msg = krb5_get_error_message(r->context, ret);
2189 _kdc_r_log(r, 0, "add_enc_pa_rep failed: %s: %d", msg, ret);
2190 krb5_free_error_message(r->context, msg);
2191 goto out;
2192 }
2193 }
2194
2195 /*
2196 *
2197 */
2198
2199 ret = _kdc_encode_reply(context, config,
2200 r->armor_crypto, req->req_body.nonce,
2201 &rep, &r->et, &r->ek, setype, r->server->entry.kvno,
2202 &skey->key, r->client->entry.kvno,
2203 &r->reply_key, 0, &r->e_text, reply);
2204 if (ret)
2205 goto out;
2206
2207 /*
2208 * Check if message too large
2209 */
2210 if (datagram_reply && reply->length > config->max_datagram_reply_length) {
2211 krb5_data_free(reply);
2212 ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
2213 _kdc_set_e_text(r, "Reply packet too large");
2214 }
2215
2216 out:
2217 free_AS_REP(&rep);
2218
2219 /*
2220 * In case of a non proxy error, build an error message.
2221 */
2222 if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE) {
2223 ret = _kdc_fast_mk_error(context, r,
2224 &error_method,
2225 r->armor_crypto,
2226 &req->req_body,
2227 ret, r->e_text,
2228 r->client_princ, r->server_princ,
2229 NULL, NULL,
2230 reply);
2231 if (ret)
2232 goto out2;
2233 }
2234 out2:
2235 free_EncTicketPart(&r->et);
2236 free_EncKDCRepPart(&r->ek);
2237 free_KDCFastState(&r->fast);
2238
2239 if (error_method.len)
2240 free_METHOD_DATA(&error_method);
2241 if (r->outpadata.len)
2242 free_METHOD_DATA(&r->outpadata);
2243 if (r->client_princ) {
2244 krb5_free_principal(context, r->client_princ);
2245 r->client_princ = NULL;
2246 }
2247 if (r->client_name) {
2248 free(r->client_name);
2249 r->client_name = NULL;
2250 }
2251 if (r->server_princ){
2252 krb5_free_principal(context, r->server_princ);
2253 r->server_princ = NULL;
2254 }
2255 if (r->server_name) {
2256 free(r->server_name);
2257 r->server_name = NULL;
2258 }
2259 if (r->client)
2260 _kdc_free_ent(context, r->client);
2261 if (r->server)
2262 _kdc_free_ent(context, r->server);
2263 if (r->armor_crypto) {
2264 krb5_crypto_destroy(r->context, r->armor_crypto);
2265 r->armor_crypto = NULL;
2266 }
2267 krb5_free_keyblock_contents(r->context, &r->reply_key);
2268 krb5_free_keyblock_contents(r->context, &r->session_key);
2269 return ret;
2270 }
2271
2272 /*
2273 * Add the AuthorizationData `data´ of `type´ to the last element in
2274 * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT
2275 */
2276
2277 krb5_error_code
2278 _kdc_tkt_add_if_relevant_ad(krb5_context context,
2279 EncTicketPart *tkt,
2280 int type,
2281 const krb5_data *data)
2282 {
2283 krb5_error_code ret;
2284 size_t size = 0;
2285
2286 if (tkt->authorization_data == NULL) {
2287 tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
2288 if (tkt->authorization_data == NULL) {
2289 krb5_set_error_message(context, ENOMEM, "out of memory");
2290 return ENOMEM;
2291 }
2292 }
2293
2294 /* add the entry to the last element */
2295 {
2296 AuthorizationData ad = { 0, NULL };
2297 AuthorizationDataElement ade;
2298
2299 ade.ad_type = type;
2300 ade.ad_data = *data;
2301
2302 ret = add_AuthorizationData(&ad, &ade);
2303 if (ret) {
2304 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2305 return ret;
2306 }
2307
2308 ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
2309
2310 ASN1_MALLOC_ENCODE(AuthorizationData,
2311 ade.ad_data.data, ade.ad_data.length,
2312 &ad, &size, ret);
2313 free_AuthorizationData(&ad);
2314 if (ret) {
2315 krb5_set_error_message(context, ret, "ASN.1 encode of "
2316 "AuthorizationData failed");
2317 return ret;
2318 }
2319 if (ade.ad_data.length != size)
2320 krb5_abortx(context, "internal asn.1 encoder error");
2321
2322 ret = add_AuthorizationData(tkt->authorization_data, &ade);
2323 der_free_octet_string(&ade.ad_data);
2324 if (ret) {
2325 krb5_set_error_message(context, ret, "add AuthorizationData failed");
2326 return ret;
2327 }
2328 }
2329
2330 return 0;
2331 }
2332
2333 krb5_boolean
2334 _kdc_is_anon_request(const KDC_REQ_BODY *b)
2335 {
2336 /* some versions of heimdal use bit 14 instead of 16 for
2337 request_anonymous, as indicated in the anonymous draft prior to
2338 version 11. Bit 14 is assigned to S4U2Proxy, but all S4U2Proxy
2339 requests will have a second ticket; don't consider those anonymous */
2340 return (b->kdc_options.request_anonymous ||
2341 (b->kdc_options.constrained_delegation && !b->additional_tickets));
2342 }
Heimdal