Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

kerberos5.c

Visit:

Last change on this file was 988, checked in by Silvan Scherrer, 9 years ago
Samba Server: update vendor to version 4.4.3
File size: 49.5 KB

Line
1	/*
2	* Copyright (c) 1997-2007 Kungliga Tekniska HÃ¶gskolan
3	* (Royal Institute of Technology, Stockholm, Sweden).
4	* All rights reserved.
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	*
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	*
13	* 2. Redistributions in binary form must reproduce the above copyright
14	* notice, this list of conditions and the following disclaimer in the
15	* documentation and/or other materials provided with the distribution.
16	*
17	* 3. Neither the name of the Institute nor the names of its contributors
18	* may be used to endorse or promote products derived from this software
19	* without specific prior written permission.
20	*
21	* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24	* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	* SUCH DAMAGE.
32	*/
33
34	#include "kdc_locl.h"
35
36	#define MAX_TIME ((time_t)((1U << 31) - 1))
37
38	void
39	_kdc_fix_time(time_t **t)
40	{
41	if(*t == NULL){
42	ALLOC(*t);
43	**t = MAX_TIME;
44	}
45	if(t == 0) t = MAX_TIME; /* fix for old clients */
46	}
47
48	static int
49	realloc_method_data(METHOD_DATA *md)
50	{
51	PA_DATA *pa;
52	pa = realloc(md->val, (md->len + 1) * sizeof(*md->val));
53	if(pa == NULL)
54	return ENOMEM;
55	md->val = pa;
56	md->len++;
57	return 0;
58	}
59
60	static void
61	set_salt_padata(METHOD_DATA md, Salt salt)
62	{
63	if (salt) {
64	realloc_method_data(md);
65	md->val[md->len - 1].padata_type = salt->type;
66	der_copy_octet_string(&salt->salt,
67	&md->val[md->len - 1].padata_value);
68	}
69	}
70
71	const PA_DATA*
72	_kdc_find_padata(const KDC_REQ req, int start, int type)
73	{
74	if (req->padata == NULL)
75	return NULL;
76
77	while((size_t)*start < req->padata->len){
78	(*start)++;
79	if(req->padata->val[*start - 1].padata_type == (unsigned)type)
80	return &req->padata->val[*start - 1];
81	}
82	return NULL;
83	}
84
85	/*
86	* This is a hack to allow predefined weak services, like afs to
87	* still use weak types
88	*/
89
90	krb5_boolean
91	_kdc_is_weak_exception(krb5_principal principal, krb5_enctype etype)
92	{
93	if (principal->name.name_string.len > 0 &&
94	strcmp(principal->name.name_string.val[0], "afs") == 0 &&
95	(etype == ETYPE_DES_CBC_CRC
96	\|\| etype == ETYPE_DES_CBC_MD4
97	\|\| etype == ETYPE_DES_CBC_MD5))
98	return TRUE;
99	return FALSE;
100	}
101
102
103	/*
104	* Detect if `key' is the using the the precomputed `default_salt'.
105	*/
106
107	static krb5_boolean
108	is_default_salt_p(const krb5_salt default_salt, const Key key)
109	{
110	if (key->salt == NULL)
111	return TRUE;
112	if (default_salt->salttype != key->salt->type)
113	return FALSE;
114	if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
115	return FALSE;
116	return TRUE;
117	}
118
119	/*
120	* return the first appropriate key of `princ' in `ret_key'. Look for
121	* all the etypes in (`etypes', `len'), stopping as soon as we find
122	* one, but preferring one that has default salt
123	*/
124
125	krb5_error_code
126	_kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
127	krb5_boolean is_preauth, hdb_entry_ex *princ,
128	krb5_enctype *etypes, unsigned len,
129	krb5_enctype ret_enctype, Key *ret_key)
130	{
131	krb5_error_code ret;
132	krb5_salt def_salt;
133	krb5_enctype enctype = ETYPE_NULL;
134	Key *key;
135	int i;
136
137	/* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
138	ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt);
139	if (ret)
140	return ret;
141
142	ret = KRB5KDC_ERR_ETYPE_NOSUPP;
143
144	if (use_strongest_session_key) {
145	const krb5_enctype *p;
146	krb5_enctype clientbest = ETYPE_NULL;
147	int j;
148
149	/*
150	* Pick the strongest key that the KDC, target service, and
151	* client all support, using the local cryptosystem enctype
152	* list in strongest-to-weakest order to drive the search.
153	*
154	* This is not what RFC4120 says to do, but it encourages
155	* adoption of stronger enctypes. This doesn't play well with
156	* clients that have multiple Kerberos client implementations
157	* available with different supported enctype lists.
158	*/
159
160	/* drive the search with local supported enctypes list */
161	p = krb5_kerberos_enctypes(context);
162	for (i = 0; p[i] != ETYPE_NULL && enctype == ETYPE_NULL; i++) {
163	if (krb5_enctype_valid(context, p[i]) != 0)
164	continue;
165
166	/* check that the client supports it too */
167	for (j = 0; j < len && enctype == ETYPE_NULL; j++) {
168	if (p[i] != etypes[j])
169	continue;
170	/* save best of union of { client, crypto system } */
171	if (clientbest == ETYPE_NULL)
172	clientbest = p[i];
173	/* check target princ support */
174	ret = hdb_enctype2key(context, &princ->entry, p[i], &key);
175	if (ret)
176	continue;
177	if (is_preauth && !is_default_salt_p(&def_salt, key))
178	continue;
179	enctype = p[i];
180	}
181	}
182	if (clientbest != ETYPE_NULL && enctype == ETYPE_NULL)
183	enctype = clientbest;
184	else if (enctype == ETYPE_NULL)
185	ret = KRB5KDC_ERR_ETYPE_NOSUPP;
186	if (ret == 0 && ret_enctype != NULL)
187	*ret_enctype = enctype;
188	if (ret == 0 && ret_key != NULL)
189	*ret_key = key;
190	} else {
191	/*
192	* Pick the first key from the client's enctype list that is
193	* supported by the cryptosystem and by the given principal.
194	*
195	* RFC4120 says we SHOULD pick the first _strong_ key from the
196	* client's list... not the first key... If the admin disallows
197	* weak enctypes in krb5.conf and selects this key selection
198	* algorithm, then we get exactly what RFC4120 says.
199	*/
200	for(key = NULL, i = 0; ret != 0 && i < len; i++, key = NULL) {
201
202	if (krb5_enctype_valid(context, etypes[i]) != 0 &&
203	!_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
204	continue;
205
206	while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) {
207	if (key->key.keyvalue.length == 0) {
208	ret = KRB5KDC_ERR_NULL_KEY;
209	continue;
210	}
211	if (ret_key != NULL)
212	*ret_key = key;
213	if (ret_enctype != NULL)
214	*ret_enctype = etypes[i];
215	ret = 0;
216	if (is_preauth && is_default_salt_p(&def_salt, key))
217	goto out;
218	}
219	}
220	}
221
222	out:
223	krb5_free_salt (context, def_salt);
224	return ret;
225	}
226
227	krb5_error_code
228	_kdc_make_anonymous_principalname (PrincipalName *pn)
229	{
230	pn->name_type = KRB5_NT_PRINCIPAL;
231	pn->name_string.len = 1;
232	pn->name_string.val = malloc(sizeof(*pn->name_string.val));
233	if (pn->name_string.val == NULL)
234	return ENOMEM;
235	pn->name_string.val[0] = strdup("anonymous");
236	if (pn->name_string.val[0] == NULL) {
237	free(pn->name_string.val);
238	pn->name_string.val = NULL;
239	return ENOMEM;
240	}
241	return 0;
242	}
243
244	void
245	_kdc_log_timestamp(krb5_context context,
246	krb5_kdc_configuration *config,
247	const char *type,
248	KerberosTime authtime, KerberosTime *starttime,
249	KerberosTime endtime, KerberosTime *renew_till)
250	{
251	char authtime_str[100], starttime_str[100],
252	endtime_str[100], renewtime_str[100];
253
254	krb5_format_time(context, authtime,
255	authtime_str, sizeof(authtime_str), TRUE);
256	if (starttime)
257	krb5_format_time(context, *starttime,
258	starttime_str, sizeof(starttime_str), TRUE);
259	else
260	strlcpy(starttime_str, "unset", sizeof(starttime_str));
261	krb5_format_time(context, endtime,
262	endtime_str, sizeof(endtime_str), TRUE);
263	if (renew_till)
264	krb5_format_time(context, *renew_till,
265	renewtime_str, sizeof(renewtime_str), TRUE);
266	else
267	strlcpy(renewtime_str, "unset", sizeof(renewtime_str));
268
269	kdc_log(context, config, 5,
270	"%s authtime: %s starttime: %s endtime: %s renew till: %s",
271	type, authtime_str, starttime_str, endtime_str, renewtime_str);
272	}
273
274	static void
275	log_patypes(krb5_context context,
276	krb5_kdc_configuration *config,
277	METHOD_DATA *padata)
278	{
279	struct rk_strpool *p = NULL;
280	char *str;
281	size_t i;
282
283	for (i = 0; i < padata->len; i++) {
284	switch(padata->val[i].padata_type) {
285	case KRB5_PADATA_PK_AS_REQ:
286	p = rk_strpoolprintf(p, "PK-INIT(ietf)");
287	break;
288	case KRB5_PADATA_PK_AS_REQ_WIN:
289	p = rk_strpoolprintf(p, "PK-INIT(win2k)");
290	break;
291	case KRB5_PADATA_PA_PK_OCSP_RESPONSE:
292	p = rk_strpoolprintf(p, "OCSP");
293	break;
294	case KRB5_PADATA_ENC_TIMESTAMP:
295	p = rk_strpoolprintf(p, "encrypted-timestamp");
296	break;
297	default:
298	p = rk_strpoolprintf(p, "%d", padata->val[i].padata_type);
299	break;
300	}
301	if (p && i + 1 < padata->len)
302	p = rk_strpoolprintf(p, ", ");
303	if (p == NULL) {
304	kdc_log(context, config, 0, "out of memory");
305	return;
306	}
307	}
308	if (p == NULL)
309	p = rk_strpoolprintf(p, "none");
310
311	str = rk_strpoolcollect(p);
312	kdc_log(context, config, 0, "Client sent patypes: %s", str);
313	free(str);
314	}
315
316	/*
317	*
318	*/
319
320
321	krb5_error_code
322	_kdc_encode_reply(krb5_context context,
323	krb5_kdc_configuration *config,
324	KDC_REP rep, const EncTicketPart et, EncKDCRepPart *ek,
325	krb5_enctype etype,
326	int skvno, const EncryptionKey *skey,
327	int ckvno, const EncryptionKey *reply_key,
328	int rk_is_subkey,
329	const char **e_text,
330	krb5_data *reply)
331	{
332	unsigned char *buf;
333	size_t buf_size;
334	size_t len = 0;
335	krb5_error_code ret;
336	krb5_crypto crypto;
337
338	ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
339	if(ret) {
340	const char *msg = krb5_get_error_message(context, ret);
341	kdc_log(context, config, 0, "Failed to encode ticket: %s", msg);
342	krb5_free_error_message(context, msg);
343	return ret;
344	}
345	if(buf_size != len) {
346	free(buf);
347	kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
348	*e_text = "KDC internal error";
349	return KRB5KRB_ERR_GENERIC;
350	}
351
352	ret = krb5_crypto_init(context, skey, etype, &crypto);
353	if (ret) {
354	const char *msg;
355	free(buf);
356	msg = krb5_get_error_message(context, ret);
357	kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
358	krb5_free_error_message(context, msg);
359	return ret;
360	}
361
362	ret = krb5_encrypt_EncryptedData(context,
363	crypto,
364	KRB5_KU_TICKET,
365	buf,
366	len,
367	skvno,
368	&rep->ticket.enc_part);
369	free(buf);
370	krb5_crypto_destroy(context, crypto);
371	if(ret) {
372	const char *msg = krb5_get_error_message(context, ret);
373	kdc_log(context, config, 0, "Failed to encrypt data: %s", msg);
374	krb5_free_error_message(context, msg);
375	return ret;
376	}
377
378	if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep)
379	ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
380	else
381	ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
382	if(ret) {
383	const char *msg = krb5_get_error_message(context, ret);
384	kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
385	krb5_free_error_message(context, msg);
386	return ret;
387	}
388	if(buf_size != len) {
389	free(buf);
390	kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
391	*e_text = "KDC internal error";
392	return KRB5KRB_ERR_GENERIC;
393	}
394	ret = krb5_crypto_init(context, reply_key, 0, &crypto);
395	if (ret) {
396	const char *msg = krb5_get_error_message(context, ret);
397	free(buf);
398	kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
399	krb5_free_error_message(context, msg);
400	return ret;
401	}
402	if(rep->msg_type == krb_as_rep) {
403	krb5_encrypt_EncryptedData(context,
404	crypto,
405	KRB5_KU_AS_REP_ENC_PART,
406	buf,
407	len,
408	ckvno,
409	&rep->enc_part);
410	free(buf);
411	ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
412	} else {
413	krb5_encrypt_EncryptedData(context,
414	crypto,
415	rk_is_subkey ? KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : KRB5_KU_TGS_REP_ENC_PART_SESSION,
416	buf,
417	len,
418	ckvno,
419	&rep->enc_part);
420	free(buf);
421	ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
422	}
423	krb5_crypto_destroy(context, crypto);
424	if(ret) {
425	const char *msg = krb5_get_error_message(context, ret);
426	kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg);
427	krb5_free_error_message(context, msg);
428	return ret;
429	}
430	if(buf_size != len) {
431	free(buf);
432	kdc_log(context, config, 0, "Internal error in ASN.1 encoder");
433	*e_text = "KDC internal error";
434	return KRB5KRB_ERR_GENERIC;
435	}
436	reply->data = buf;
437	reply->length = buf_size;
438	return 0;
439	}
440
441	/*
442	* Return 1 if the client have only older enctypes, this is for
443	* determining if the server should send ETYPE_INFO2 or not.
444	*/
445
446	static int
447	older_enctype(krb5_enctype enctype)
448	{
449	switch (enctype) {
450	case ETYPE_DES_CBC_CRC:
451	case ETYPE_DES_CBC_MD4:
452	case ETYPE_DES_CBC_MD5:
453	case ETYPE_DES3_CBC_SHA1:
454	case ETYPE_ARCFOUR_HMAC_MD5:
455	case ETYPE_ARCFOUR_HMAC_MD5_56:
456	/*
457	* The following three is "old" windows enctypes and is needed for
458	* windows 2000 hosts.
459	*/
460	case ETYPE_ARCFOUR_MD4:
461	case ETYPE_ARCFOUR_HMAC_OLD:
462	case ETYPE_ARCFOUR_HMAC_OLD_EXP:
463	return 1;
464	default:
465	return 0;
466	}
467	}
468
469	/*
470	*
471	*/
472
473	static krb5_error_code
474	make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY ent, Key key)
475	{
476	ent->etype = key->key.keytype;
477	if(key->salt){
478	#if 0
479	ALLOC(ent->salttype);
480
481	if(key->salt->type == hdb_pw_salt)
482	ent->salttype = 0; / or 1? or NULL? */
483	else if(key->salt->type == hdb_afs3_salt)
484	*ent->salttype = 2;
485	else {
486	kdc_log(context, config, 0, "unknown salt-type: %d",
487	key->salt->type);
488	return KRB5KRB_ERR_GENERIC;
489	}
490	/* according to `the specs', we can't send a salt if
491	we have AFS3 salted key, but that requires that you
492	know what cell you are using (e.g by assuming
493	that the cell is the same as the realm in lower
494	case) */
495	#elif 0
496	ALLOC(ent->salttype);
497	*ent->salttype = key->salt->type;
498	#else
499	/*
500	* We shouldn't sent salttype since it is incompatible with the
501	* specification and it breaks windows clients. The afs
502	* salting problem is solved by using KRB5-PADATA-AFS3-SALT
503	* implemented in Heimdal 0.7 and later.
504	*/
505	ent->salttype = NULL;
506	#endif
507	krb5_copy_data(context, &key->salt->salt,
508	&ent->salt);
509	} else {
510	/* we return no salt type at all, as that should indicate
511	* the default salt type and make everybody happy. some
512	* systems (like w2k) dislike being told the salt type
513	* here. */
514
515	ent->salttype = NULL;
516	ent->salt = NULL;
517	}
518	return 0;
519	}
520
521	static krb5_error_code
522	get_pa_etype_info(krb5_context context,
523	krb5_kdc_configuration *config,
524	METHOD_DATA md, Key ckey)
525	{
526	krb5_error_code ret = 0;
527	ETYPE_INFO pa;
528	unsigned char *buf;
529	size_t len;
530
531
532	pa.len = 1;
533	pa.val = calloc(1, sizeof(pa.val[0]));
534	if(pa.val == NULL)
535	return ENOMEM;
536
537	ret = make_etype_info_entry(context, &pa.val[0], ckey);
538	if (ret) {
539	free_ETYPE_INFO(&pa);
540	return ret;
541	}
542
543	ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
544	free_ETYPE_INFO(&pa);
545	if(ret)
546	return ret;
547	ret = realloc_method_data(md);
548	if(ret) {
549	free(buf);
550	return ret;
551	}
552	md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO;
553	md->val[md->len - 1].padata_value.length = len;
554	md->val[md->len - 1].padata_value.data = buf;
555	return 0;
556	}
557
558	/*
559	*
560	*/
561
562	extern int _krb5_AES_string_to_default_iterator;
563
564	static krb5_error_code
565	make_etype_info2_entry(ETYPE_INFO2_ENTRY ent, Key key)
566	{
567	ent->etype = key->key.keytype;
568	if(key->salt) {
569	ALLOC(ent->salt);
570	if (ent->salt == NULL)
571	return ENOMEM;
572	*ent->salt = malloc(key->salt->salt.length + 1);
573	if (*ent->salt == NULL) {
574	free(ent->salt);
575	ent->salt = NULL;
576	return ENOMEM;
577	}
578	memcpy(*ent->salt, key->salt->salt.data, key->salt->salt.length);
579	(*ent->salt)[key->salt->salt.length] = '\0';
580	} else
581	ent->salt = NULL;
582
583	ent->s2kparams = NULL;
584
585	switch (key->key.keytype) {
586	case ETYPE_AES128_CTS_HMAC_SHA1_96:
587	case ETYPE_AES256_CTS_HMAC_SHA1_96:
588	ALLOC(ent->s2kparams);
589	if (ent->s2kparams == NULL)
590	return ENOMEM;
591	ent->s2kparams->length = 4;
592	ent->s2kparams->data = malloc(ent->s2kparams->length);
593	if (ent->s2kparams->data == NULL) {
594	free(ent->s2kparams);
595	ent->s2kparams = NULL;
596	return ENOMEM;
597	}
598	_krb5_put_int(ent->s2kparams->data,
599	_krb5_AES_string_to_default_iterator,
600	ent->s2kparams->length);
601	break;
602	case ETYPE_DES_CBC_CRC:
603	case ETYPE_DES_CBC_MD4:
604	case ETYPE_DES_CBC_MD5:
605	/* Check if this was a AFS3 salted key */
606	if(key->salt && key->salt->type == hdb_afs3_salt){
607	ALLOC(ent->s2kparams);
608	if (ent->s2kparams == NULL)
609	return ENOMEM;
610	ent->s2kparams->length = 1;
611	ent->s2kparams->data = malloc(ent->s2kparams->length);
612	if (ent->s2kparams->data == NULL) {
613	free(ent->s2kparams);
614	ent->s2kparams = NULL;
615	return ENOMEM;
616	}
617	_krb5_put_int(ent->s2kparams->data,
618	1,
619	ent->s2kparams->length);
620	}
621	break;
622	default:
623	break;
624	}
625	return 0;
626	}
627
628	/*
629	* Return an ETYPE-INFO2. Enctypes are storted the same way as in the
630	* database (client supported enctypes first, then the unsupported
631	* enctypes).
632	*/
633
634	static krb5_error_code
635	get_pa_etype_info2(krb5_context context,
636	krb5_kdc_configuration *config,
637	METHOD_DATA md, Key ckey)
638	{
639	krb5_error_code ret = 0;
640	ETYPE_INFO2 pa;
641	unsigned char *buf;
642	size_t len;
643
644	pa.len = 1;
645	pa.val = calloc(1, sizeof(pa.val[0]));
646	if(pa.val == NULL)
647	return ENOMEM;
648
649	ret = make_etype_info2_entry(&pa.val[0], ckey);
650	if (ret) {
651	free_ETYPE_INFO2(&pa);
652	return ret;
653	}
654
655	ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret);
656	free_ETYPE_INFO2(&pa);
657	if(ret)
658	return ret;
659	ret = realloc_method_data(md);
660	if(ret) {
661	free(buf);
662	return ret;
663	}
664	md->val[md->len - 1].padata_type = KRB5_PADATA_ETYPE_INFO2;
665	md->val[md->len - 1].padata_value.length = len;
666	md->val[md->len - 1].padata_value.data = buf;
667	return 0;
668	}
669
670	/*
671	*
672	*/
673
674	static void
675	log_as_req(krb5_context context,
676	krb5_kdc_configuration *config,
677	krb5_enctype cetype,
678	krb5_enctype setype,
679	const KDC_REQ_BODY *b)
680	{
681	krb5_error_code ret;
682	struct rk_strpool *p;
683	char *str;
684	size_t i;
685
686	p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: ");
687
688	for (i = 0; i < b->etype.len; i++) {
689	ret = krb5_enctype_to_string(context, b->etype.val[i], &str);
690	if (ret == 0) {
691	p = rk_strpoolprintf(p, "%s", str);
692	free(str);
693	} else
694	p = rk_strpoolprintf(p, "%d", b->etype.val[i]);
695	if (p && i + 1 < b->etype.len)
696	p = rk_strpoolprintf(p, ", ");
697	if (p == NULL) {
698	kdc_log(context, config, 0, "out of memory");
699	return;
700	}
701	}
702	if (p == NULL)
703	p = rk_strpoolprintf(p, "no encryption types");
704
705	{
706	char *cet;
707	char *set;
708
709	ret = krb5_enctype_to_string(context, cetype, &cet);
710	if(ret == 0) {
711	ret = krb5_enctype_to_string(context, setype, &set);
712	if (ret == 0) {
713	p = rk_strpoolprintf(p, ", using %s/%s", cet, set);
714	free(set);
715	}
716	free(cet);
717	}
718	if (ret != 0)
719	p = rk_strpoolprintf(p, ", using enctypes %d/%d",
720	cetype, setype);
721	}
722
723	str = rk_strpoolcollect(p);
724	kdc_log(context, config, 0, "%s", str);
725	free(str);
726
727	{
728	char fixedstr[128];
729	unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(),
730	fixedstr, sizeof(fixedstr));
731	if(*fixedstr)
732	kdc_log(context, config, 0, "Requested flags: %s", fixedstr);
733	}
734	}
735
736	/*
737	* verify the flags on `client' and `server', returning 0
738	* if they are OK and generating an error messages and returning
739	* and error code otherwise.
740	*/
741
742	krb5_error_code
743	kdc_check_flags(krb5_context context,
744	krb5_kdc_configuration *config,
745	hdb_entry_ex client_ex, const char client_name,
746	hdb_entry_ex server_ex, const char server_name,
747	krb5_boolean is_as_req)
748	{
749	if(client_ex != NULL) {
750	hdb_entry *client = &client_ex->entry;
751
752	/* check client */
753	if (client->flags.locked_out) {
754	kdc_log(context, config, 0,
755	"Client (%s) is locked out", client_name);
756	return KRB5KDC_ERR_CLIENT_REVOKED;
757	}
758
759	if (client->flags.invalid) {
760	kdc_log(context, config, 0,
761	"Client (%s) has invalid bit set", client_name);
762	return KRB5KDC_ERR_POLICY;
763	}
764
765	if(!client->flags.client){
766	kdc_log(context, config, 0,
767	"Principal may not act as client -- %s", client_name);
768	return KRB5KDC_ERR_POLICY;
769	}
770
771	if (client->valid_start && *client->valid_start > kdc_time) {
772	char starttime_str[100];
773	krb5_format_time(context, *client->valid_start,
774	starttime_str, sizeof(starttime_str), TRUE);
775	kdc_log(context, config, 0,
776	"Client not yet valid until %s -- %s",
777	starttime_str, client_name);
778	return KRB5KDC_ERR_CLIENT_NOTYET;
779	}
780
781	if (client->valid_end && *client->valid_end < kdc_time) {
782	char endtime_str[100];
783	krb5_format_time(context, *client->valid_end,
784	endtime_str, sizeof(endtime_str), TRUE);
785	kdc_log(context, config, 0,
786	"Client expired at %s -- %s",
787	endtime_str, client_name);
788	return KRB5KDC_ERR_NAME_EXP;
789	}
790
791	if (client->pw_end && *client->pw_end < kdc_time
792	&& (server_ex == NULL \|\| !server_ex->entry.flags.change_pw)) {
793	char pwend_str[100];
794	krb5_format_time(context, *client->pw_end,
795	pwend_str, sizeof(pwend_str), TRUE);
796	kdc_log(context, config, 0,
797	"Client's key has expired at %s -- %s",
798	pwend_str, client_name);
799	return KRB5KDC_ERR_KEY_EXPIRED;
800	}
801	}
802
803	/* check server */
804
805	if (server_ex != NULL) {
806	hdb_entry *server = &server_ex->entry;
807
808	if (server->flags.locked_out) {
809	kdc_log(context, config, 0,
810	"Client server locked out -- %s", server_name);
811	return KRB5KDC_ERR_POLICY;
812	}
813	if (server->flags.invalid) {
814	kdc_log(context, config, 0,
815	"Server has invalid flag set -- %s", server_name);
816	return KRB5KDC_ERR_POLICY;
817	}
818
819	if(!server->flags.server){
820	kdc_log(context, config, 0,
821	"Principal may not act as server -- %s", server_name);
822	return KRB5KDC_ERR_POLICY;
823	}
824
825	if(!is_as_req && server->flags.initial) {
826	kdc_log(context, config, 0,
827	"AS-REQ is required for server -- %s", server_name);
828	return KRB5KDC_ERR_POLICY;
829	}
830
831	if (server->valid_start && *server->valid_start > kdc_time) {
832	char starttime_str[100];
833	krb5_format_time(context, *server->valid_start,
834	starttime_str, sizeof(starttime_str), TRUE);
835	kdc_log(context, config, 0,
836	"Server not yet valid until %s -- %s",
837	starttime_str, server_name);
838	return KRB5KDC_ERR_SERVICE_NOTYET;
839	}
840
841	if (server->valid_end && *server->valid_end < kdc_time) {
842	char endtime_str[100];
843	krb5_format_time(context, *server->valid_end,
844	endtime_str, sizeof(endtime_str), TRUE);
845	kdc_log(context, config, 0,
846	"Server expired at %s -- %s",
847	endtime_str, server_name);
848	return KRB5KDC_ERR_SERVICE_EXP;
849	}
850
851	if (server->pw_end && *server->pw_end < kdc_time) {
852	char pwend_str[100];
853	krb5_format_time(context, *server->pw_end,
854	pwend_str, sizeof(pwend_str), TRUE);
855	kdc_log(context, config, 0,
856	"Server's key has expired at -- %s",
857	pwend_str, server_name);
858	return KRB5KDC_ERR_KEY_EXPIRED;
859	}
860	}
861	return 0;
862	}
863
864	/*
865	* Return TRUE if `from' is part of `addresses' taking into consideration
866	* the configuration variables that tells us how strict we should be about
867	* these checks
868	*/
869
870	krb5_boolean
871	_kdc_check_addresses(krb5_context context,
872	krb5_kdc_configuration *config,
873	HostAddresses addresses, const struct sockaddr from)
874	{
875	krb5_error_code ret;
876	krb5_address addr;
877	krb5_boolean result;
878	krb5_boolean only_netbios = TRUE;
879	size_t i;
880
881	if(config->check_ticket_addresses == 0)
882	return TRUE;
883
884	if(addresses == NULL)
885	return config->allow_null_ticket_addresses;
886
887	for (i = 0; i < addresses->len; ++i) {
888	if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
889	only_netbios = FALSE;
890	}
891	}
892
893	/* Windows sends it's netbios name, which I can only assume is
894	* used for the 'allowed workstations' check. This is painful,
895	* but we still want to check IP addresses if they happen to be
896	* present.
897	*/
898
899	if(only_netbios)
900	return config->allow_null_ticket_addresses;
901
902	ret = krb5_sockaddr2address (context, from, &addr);
903	if(ret)
904	return FALSE;
905
906	result = krb5_address_search(context, &addr, addresses);
907	krb5_free_address (context, &addr);
908	return result;
909	}
910
911	/*
912	*
913	*/
914
915	static krb5_boolean
916	send_pac_p(krb5_context context, KDC_REQ *req)
917	{
918	krb5_error_code ret;
919	PA_PAC_REQUEST pacreq;
920	const PA_DATA *pa;
921	int i = 0;
922
923	pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST);
924	if (pa == NULL)
925	return TRUE;
926
927	ret = decode_PA_PAC_REQUEST(pa->padata_value.data,
928	pa->padata_value.length,
929	&pacreq,
930	NULL);
931	if (ret)
932	return TRUE;
933	i = pacreq.include_pac;
934	free_PA_PAC_REQUEST(&pacreq);
935	if (i == 0)
936	return FALSE;
937	return TRUE;
938	}
939
940	krb5_boolean
941	_kdc_is_anonymous(krb5_context context, krb5_principal principal)
942	{
943	if (principal->name.name_type != KRB5_NT_WELLKNOWN \|\|
944	principal->name.name_string.len != 2 \|\|
945	strcmp(principal->name.name_string.val[0], KRB5_WELLKNOWN_NAME) != 0 \|\|
946	strcmp(principal->name.name_string.val[1], KRB5_ANON_NAME) != 0)
947	return 0;
948	return 1;
949	}
950
951	/*
952	*
953	*/
954
955	krb5_error_code
956	_kdc_as_rep(krb5_context context,
957	krb5_kdc_configuration *config,
958	KDC_REQ *req,
959	const krb5_data *req_buffer,
960	krb5_data *reply,
961	const char *from,
962	struct sockaddr *from_addr,
963	int datagram_reply)
964	{
965	KDC_REQ_BODY *b = &req->req_body;
966	AS_REP rep;
967	KDCOptions f = b->kdc_options;
968	hdb_entry_ex client = NULL, server = NULL;
969	HDB *clientdb;
970	krb5_enctype setype, sessionetype;
971	krb5_data e_data;
972	EncTicketPart et;
973	EncKDCRepPart ek;
974	krb5_principal client_princ = NULL, server_princ = NULL;
975	char client_name = NULL, server_name = NULL;
976	krb5_error_code ret = 0;
977	const char *e_text = NULL;
978	krb5_crypto crypto;
979	Key ckey, skey;
980	EncryptionKey *reply_key = NULL, session_key;
981	int flags = HDB_F_FOR_AS_REQ;
982	#ifdef PKINIT
983	pk_client_params *pkp = NULL;
984	#endif
985
986	memset(&rep, 0, sizeof(rep));
987	memset(&session_key, 0, sizeof(session_key));
988	krb5_data_zero(&e_data);
989
990	ALLOC(rep.padata);
991	rep.padata->len = 0;
992	rep.padata->val = NULL;
993
994	if (f.canonicalize)
995	flags \|= HDB_F_CANON;
996
997	if(b->sname == NULL){
998	ret = KRB5KRB_ERR_GENERIC;
999	e_text = "No server in request";
1000	} else{
1001	ret = _krb5_principalname2krb5_principal (context,
1002	&server_princ,
1003	*(b->sname),
1004	b->realm);
1005	if (ret == 0)
1006	ret = krb5_unparse_name(context, server_princ, &server_name);
1007	}
1008	if (ret) {
1009	kdc_log(context, config, 0,
1010	"AS-REQ malformed server name from %s", from);
1011	goto out;
1012	}
1013	if(b->cname == NULL){
1014	ret = KRB5KRB_ERR_GENERIC;
1015	e_text = "No client in request";
1016	} else {
1017	ret = _krb5_principalname2krb5_principal (context,
1018	&client_princ,
1019	*(b->cname),
1020	b->realm);
1021	if (ret)
1022	goto out;
1023
1024	ret = krb5_unparse_name(context, client_princ, &client_name);
1025	}
1026	if (ret) {
1027	kdc_log(context, config, 0,
1028	"AS-REQ malformed client name from %s", from);
1029	goto out;
1030	}
1031
1032	kdc_log(context, config, 0, "AS-REQ %s from %s for %s",
1033	client_name, from, server_name);
1034
1035	/*
1036	*
1037	*/
1038
1039	if (_kdc_is_anonymous(context, client_princ)) {
1040	if (!b->kdc_options.request_anonymous) {
1041	kdc_log(context, config, 0, "Anonymous ticket w/o anonymous flag");
1042	ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1043	goto out;
1044	}
1045	} else if (b->kdc_options.request_anonymous) {
1046	kdc_log(context, config, 0,
1047	"Request for a anonymous ticket with non "
1048	"anonymous client name: %s", client_name);
1049	ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1050	goto out;
1051	}
1052
1053	/*
1054	*
1055	*/
1056
1057	ret = _kdc_db_fetch(context, config, client_princ,
1058	HDB_F_GET_CLIENT \| flags, NULL,
1059	&clientdb, &client);
1060	if(ret == HDB_ERR_NOT_FOUND_HERE) {
1061	kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy", client_name);
1062	goto out;
1063	} else if (ret == HDB_ERR_WRONG_REALM) {
1064	char *fixed_client_name = NULL;
1065
1066	ret = krb5_unparse_name(context, client->entry.principal,
1067	&fixed_client_name);
1068	if (ret) {
1069	goto out;
1070	}
1071
1072	kdc_log(context, config, 0, "WRONG_REALM - %s -> %s",
1073	client_name, fixed_client_name);
1074	free(fixed_client_name);
1075
1076	ret = krb5_mk_error_ext(context,
1077	KRB5_KDC_ERR_WRONG_REALM,
1078	NULL, /* e_text */
1079	NULL, /* e_data */
1080	server_princ,
1081	NULL, /* client_name */
1082	&client->entry.principal->realm,
1083	NULL, /* client_time */
1084	NULL, /* client_usec */
1085	reply);
1086	goto out;
1087	} else if(ret){
1088	const char *msg = krb5_get_error_message(context, ret);
1089	kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, msg);
1090	krb5_free_error_message(context, msg);
1091	ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
1092	goto out;
1093	}
1094	ret = _kdc_db_fetch(context, config, server_princ,
1095	HDB_F_GET_SERVER\|HDB_F_GET_KRBTGT \| flags,
1096	NULL, NULL, &server);
1097	if(ret == HDB_ERR_NOT_FOUND_HERE) {
1098	kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", server_name);
1099	goto out;
1100	} else if(ret){
1101	const char *msg = krb5_get_error_message(context, ret);
1102	kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, msg);
1103	krb5_free_error_message(context, msg);
1104	ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
1105	goto out;
1106	}
1107
1108	memset(&et, 0, sizeof(et));
1109	memset(&ek, 0, sizeof(ek));
1110
1111	/*
1112	* Select a session enctype from the list of the crypto system
1113	* supported enctypes that is supported by the client and is one of
1114	* the enctype of the enctype of the service (likely krbtgt).
1115	*
1116	* The latter is used as a hint of what enctypes all KDC support,
1117	* to make sure a newer version of KDC won't generate a session
1118	* enctype that an older version of a KDC in the same realm can't
1119	* decrypt.
1120	*/
1121	ret = _kdc_find_etype(context, config->as_use_strongest_session_key, FALSE,
1122	client, b->etype.val, b->etype.len, &sessionetype,
1123	NULL);
1124	if (ret) {
1125	kdc_log(context, config, 0,
1126	"Client (%s) from %s has no common enctypes with KDC "
1127	"to use for the session key",
1128	client_name, from);
1129	goto out;
1130	}
1131	/*
1132	* But if the KDC admin is paranoid and doesn't want to have "not
1133	* the best" enctypes on the krbtgt, lets save the best pick from
1134	* the client list and hope that that will work for any other
1135	* KDCs.
1136	*/
1137
1138	/*
1139	* Pre-auth processing
1140	*/
1141
1142	if(req->padata){
1143	int i;
1144	const PA_DATA *pa;
1145	int found_pa = 0;
1146
1147	log_patypes(context, config, req->padata);
1148
1149	#ifdef PKINIT
1150	kdc_log(context, config, 5,
1151	"Looking for PKINIT pa-data -- %s", client_name);
1152
1153	e_text = "No PKINIT PA found";
1154
1155	i = 0;
1156	pa = _kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_REQ);
1157	if (pa == NULL) {
1158	i = 0;
1159	pa = _kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_REQ_WIN);
1160	}
1161	if (pa) {
1162	char *client_cert = NULL;
1163
1164	ret = _kdc_pk_rd_padata(context, config, req, pa, client, &pkp);
1165	if (ret) {
1166	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
1167	kdc_log(context, config, 5,
1168	"Failed to decode PKINIT PA-DATA -- %s",
1169	client_name);
1170	goto ts_enc;
1171	}
1172	if (ret == 0 && pkp == NULL)
1173	goto ts_enc;
1174
1175	ret = _kdc_pk_check_client(context,
1176	config,
1177	clientdb,
1178	client,
1179	pkp,
1180	&client_cert);
1181	if (ret) {
1182	e_text = "PKINIT certificate not allowed to "
1183	"impersonate principal";
1184	_kdc_pk_free_client_param(context, pkp);
1185
1186	kdc_log(context, config, 0, "%s", e_text);
1187	pkp = NULL;
1188	goto out;
1189	}
1190
1191	found_pa = 1;
1192	et.flags.pre_authent = 1;
1193	kdc_log(context, config, 0,
1194	"PKINIT pre-authentication succeeded -- %s using %s",
1195	client_name, client_cert);
1196	free(client_cert);
1197	if (pkp)
1198	goto preauth_done;
1199	}
1200	ts_enc:
1201	#endif
1202
1203	if (client->entry.flags.locked_out) {
1204	ret = KRB5KDC_ERR_CLIENT_REVOKED;
1205	kdc_log(context, config, 0,
1206	"Client (%s) is locked out", client_name);
1207	goto out;
1208	}
1209
1210	kdc_log(context, config, 5, "Looking for ENC-TS pa-data -- %s",
1211	client_name);
1212
1213	i = 0;
1214	e_text = "No ENC-TS found";
1215	while((pa = _kdc_find_padata(req, &i, KRB5_PADATA_ENC_TIMESTAMP))){
1216	krb5_data ts_data;
1217	PA_ENC_TS_ENC p;
1218	size_t len;
1219	EncryptedData enc_data;
1220	Key *pa_key;
1221	char *str;
1222
1223	found_pa = 1;
1224
1225	if (b->kdc_options.request_anonymous) {
1226	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
1227	kdc_log(context, config, 0, "ENC-TS doesn't support anon");
1228	goto out;
1229	}
1230
1231	ret = decode_EncryptedData(pa->padata_value.data,
1232	pa->padata_value.length,
1233	&enc_data,
1234	&len);
1235	if (ret) {
1236	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
1237	kdc_log(context, config, 5, "Failed to decode PA-DATA -- %s",
1238	client_name);
1239	goto out;
1240	}
1241
1242	ret = hdb_enctype2key(context, &client->entry,
1243	enc_data.etype, &pa_key);
1244	if(ret){
1245	char *estr;
1246	e_text = "No key matches pa-data";
1247	ret = KRB5KDC_ERR_ETYPE_NOSUPP;
1248	if(krb5_enctype_to_string(context, enc_data.etype, &estr))
1249	estr = NULL;
1250	if(estr == NULL)
1251	kdc_log(context, config, 5,
1252	"No client key matching pa-data (%d) -- %s",
1253	enc_data.etype, client_name);
1254	else
1255	kdc_log(context, config, 5,
1256	"No client key matching pa-data (%s) -- %s",
1257	estr, client_name);
1258	free(estr);
1259	free_EncryptedData(&enc_data);
1260
1261	continue;
1262	}
1263
1264	try_next_key:
1265	ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto);
1266	if (ret) {
1267	const char *msg = krb5_get_error_message(context, ret);
1268	kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
1269	krb5_free_error_message(context, msg);
1270	free_EncryptedData(&enc_data);
1271	continue;
1272	}
1273
1274	ret = krb5_decrypt_EncryptedData (context,
1275	crypto,
1276	KRB5_KU_PA_ENC_TIMESTAMP,
1277	&enc_data,
1278	&ts_data);
1279	krb5_crypto_destroy(context, crypto);
1280	/*
1281	* Since the user might have several keys with the same
1282	* enctype but with diffrent salting, we need to try all
1283	* the keys with the same enctype.
1284	*/
1285	if(ret){
1286	krb5_error_code ret2;
1287	const char *msg = krb5_get_error_message(context, ret);
1288
1289	ret2 = krb5_enctype_to_string(context,
1290	pa_key->key.keytype, &str);
1291	if (ret2)
1292	str = NULL;
1293	kdc_log(context, config, 5,
1294	"Failed to decrypt PA-DATA -- %s "
1295	"(enctype %s) error %s",
1296	client_name, str ? str : "unknown enctype", msg);
1297	krb5_free_error_message(context, msg);
1298	free(str);
1299
1300	if(hdb_next_enctype2key(context, &client->entry,
1301	enc_data.etype, &pa_key) == 0)
1302	goto try_next_key;
1303	e_text = "Failed to decrypt PA-DATA";
1304
1305	free_EncryptedData(&enc_data);
1306
1307	if (clientdb->hdb_auth_status)
1308	(clientdb->hdb_auth_status)(context, clientdb, client, HDB_AUTH_WRONG_PASSWORD);
1309
1310	ret = KRB5KDC_ERR_PREAUTH_FAILED;
1311	continue;
1312	}
1313	free_EncryptedData(&enc_data);
1314	ret = decode_PA_ENC_TS_ENC(ts_data.data,
1315	ts_data.length,
1316	&p,
1317	&len);
1318	krb5_data_free(&ts_data);
1319	if(ret){
1320	e_text = "Failed to decode PA-ENC-TS-ENC";
1321	ret = KRB5KDC_ERR_PREAUTH_FAILED;
1322	kdc_log(context, config,
1323	5, "Failed to decode PA-ENC-TS_ENC -- %s",
1324	client_name);
1325	continue;
1326	}
1327	free_PA_ENC_TS_ENC(&p);
1328	if (abs(kdc_time - p.patimestamp) > context->max_skew) {
1329	char client_time[100];
1330
1331	krb5_format_time(context, p.patimestamp,
1332	client_time, sizeof(client_time), TRUE);
1333
1334	ret = KRB5KRB_AP_ERR_SKEW;
1335	kdc_log(context, config, 0,
1336	"Too large time skew, "
1337	"client time %s is out by %u > %u seconds -- %s",
1338	client_time,
1339	(unsigned)abs(kdc_time - p.patimestamp),
1340	context->max_skew,
1341	client_name);
1342
1343	/*
1344	* The following is needed to make windows clients to
1345	* retry using the timestamp in the error message, if
1346	* there is a e_text, they become unhappy.
1347	*/
1348	e_text = NULL;
1349	goto out;
1350	}
1351	et.flags.pre_authent = 1;
1352
1353	set_salt_padata(rep.padata, pa_key->salt);
1354
1355	reply_key = &pa_key->key;
1356
1357	ret = krb5_enctype_to_string(context, pa_key->key.keytype, &str);
1358	if (ret)
1359	str = NULL;
1360
1361	kdc_log(context, config, 2,
1362	"ENC-TS Pre-authentication succeeded -- %s using %s",
1363	client_name, str ? str : "unknown enctype");
1364	free(str);
1365	break;
1366	}
1367	#ifdef PKINIT
1368	preauth_done:
1369	#endif
1370	if(found_pa == 0 && config->require_preauth)
1371	goto use_pa;
1372	/* We come here if we found a pa-enc-timestamp, but if there
1373	was some problem with it, other than too large skew */
1374	if(found_pa && et.flags.pre_authent == 0){
1375	kdc_log(context, config, 0, "%s -- %s", e_text, client_name);
1376	e_text = NULL;
1377	goto out;
1378	}
1379	}else if (config->require_preauth
1380	\|\| b->kdc_options.request_anonymous /* hack to force anon */
1381	\|\| client->entry.flags.require_preauth
1382	\|\| server->entry.flags.require_preauth) {
1383	METHOD_DATA method_data;
1384	PA_DATA *pa;
1385	unsigned char *buf;
1386	size_t len;
1387
1388	use_pa:
1389	method_data.len = 0;
1390	method_data.val = NULL;
1391
1392	ret = realloc_method_data(&method_data);
1393	if (ret) {
1394	free_METHOD_DATA(&method_data);
1395	goto out;
1396	}
1397	pa = &method_data.val[method_data.len-1];
1398	pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP;
1399	pa->padata_value.length = 0;
1400	pa->padata_value.data = NULL;
1401
1402	#ifdef PKINIT
1403	ret = realloc_method_data(&method_data);
1404	if (ret) {
1405	free_METHOD_DATA(&method_data);
1406	goto out;
1407	}
1408	pa = &method_data.val[method_data.len-1];
1409	pa->padata_type = KRB5_PADATA_PK_AS_REQ;
1410	pa->padata_value.length = 0;
1411	pa->padata_value.data = NULL;
1412
1413	ret = realloc_method_data(&method_data);
1414	if (ret) {
1415	free_METHOD_DATA(&method_data);
1416	goto out;
1417	}
1418	pa = &method_data.val[method_data.len-1];
1419	pa->padata_type = KRB5_PADATA_PK_AS_REQ_WIN;
1420	pa->padata_value.length = 0;
1421	pa->padata_value.data = NULL;
1422	#endif
1423
1424	/*
1425	* If there is a client key, send ETYPE_INFO{,2}
1426	*/
1427	ret = _kdc_find_etype(context,
1428	config->preauth_use_strongest_session_key, TRUE,
1429	client, b->etype.val, b->etype.len, NULL, &ckey);
1430	if (ret == 0) {
1431
1432	/*
1433	* RFC4120 requires:
1434	* - If the client only knows about old enctypes, then send
1435	* both info replies (we send 'info' first in the list).
1436	* - If the client is 'modern', because it knows about 'new'
1437	* enctype types, then only send the 'info2' reply.
1438	*
1439	* Before we send the full list of etype-info data, we pick
1440	* the client key we would have used anyway below, just pick
1441	* that instead.
1442	*/
1443
1444	if (older_enctype(ckey->key.keytype)) {
1445	ret = get_pa_etype_info(context, config,
1446	&method_data, ckey);
1447	if (ret) {
1448	free_METHOD_DATA(&method_data);
1449	goto out;
1450	}
1451	}
1452	ret = get_pa_etype_info2(context, config,
1453	&method_data, ckey);
1454	if (ret) {
1455	free_METHOD_DATA(&method_data);
1456	goto out;
1457	}
1458	}
1459
1460	ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
1461	free_METHOD_DATA(&method_data);
1462
1463	e_data.data = buf;
1464	e_data.length = len;
1465	e_text ="Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
1466
1467	ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
1468
1469	kdc_log(context, config, 0,
1470	"No preauth found, returning PREAUTH-REQUIRED -- %s",
1471	client_name);
1472	goto out;
1473	}
1474
1475	/*
1476	* Verify flags after the user been required to prove its identity
1477	* with in a preauth mech.
1478	*/
1479
1480	ret = _kdc_check_access(context, config, client, client_name,
1481	server, server_name,
1482	req, &e_data);
1483	if(ret)
1484	goto out;
1485
1486	if (clientdb->hdb_auth_status)
1487	(clientdb->hdb_auth_status)(context, clientdb, client,
1488	HDB_AUTH_SUCCESS);
1489
1490	/*
1491	* Selelct the best encryption type for the KDC with out regard to
1492	* the client since the client never needs to read that data.
1493	*/
1494
1495	ret = _kdc_get_preferred_key(context, config,
1496	server, server_name,
1497	&setype, &skey);
1498	if(ret)
1499	goto out;
1500
1501	if(f.renew \|\| f.validate \|\| f.proxy \|\| f.forwarded \|\| f.enc_tkt_in_skey
1502	\|\| (f.request_anonymous && !config->allow_anonymous)) {
1503	ret = KRB5KDC_ERR_BADOPTION;
1504	e_text = "Bad KDC options";
1505	kdc_log(context, config, 0, "Bad KDC options -- %s", client_name);
1506	goto out;
1507	}
1508
1509	rep.pvno = 5;
1510	rep.msg_type = krb_as_rep;
1511
1512	ret = copy_Realm(&client->entry.principal->realm, &rep.crealm);
1513	if (ret)
1514	goto out;
1515	ret = _krb5_principal2principalname(&rep.cname, client->entry.principal);
1516	if (ret)
1517	goto out;
1518
1519	rep.ticket.tkt_vno = 5;
1520	copy_Realm(&server->entry.principal->realm, &rep.ticket.realm);
1521	_krb5_principal2principalname(&rep.ticket.sname,
1522	server->entry.principal);
1523	/* java 1.6 expects the name to be the same type, lets allow that
1524	* uncomplicated name-types. */
1525	#define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
1526	if (CNT(b, UNKNOWN) \|\| CNT(b, PRINCIPAL) \|\| CNT(b, SRV_INST) \|\| CNT(b, SRV_HST) \|\| CNT(b, SRV_XHST))
1527	rep.ticket.sname.name_type = b->sname->name_type;
1528	#undef CNT
1529
1530	et.flags.initial = 1;
1531	if(client->entry.flags.forwardable && server->entry.flags.forwardable)
1532	et.flags.forwardable = f.forwardable;
1533	else if (f.forwardable) {
1534	e_text = "Ticket may not be forwardable";
1535	ret = KRB5KDC_ERR_POLICY;
1536	kdc_log(context, config, 0,
1537	"Ticket may not be forwardable -- %s", client_name);
1538	goto out;
1539	}
1540	if(client->entry.flags.proxiable && server->entry.flags.proxiable)
1541	et.flags.proxiable = f.proxiable;
1542	else if (f.proxiable) {
1543	e_text = "Ticket may not be proxiable";
1544	ret = KRB5KDC_ERR_POLICY;
1545	kdc_log(context, config, 0,
1546	"Ticket may not be proxiable -- %s", client_name);
1547	goto out;
1548	}
1549	if(client->entry.flags.postdate && server->entry.flags.postdate)
1550	et.flags.may_postdate = f.allow_postdate;
1551	else if (f.allow_postdate){
1552	e_text = "Ticket may not be postdate";
1553	ret = KRB5KDC_ERR_POLICY;
1554	kdc_log(context, config, 0,
1555	"Ticket may not be postdatable -- %s", client_name);
1556	goto out;
1557	}
1558
1559	/* check for valid set of addresses */
1560	if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) {
1561	e_text = "Bad address list in requested";
1562	ret = KRB5KRB_AP_ERR_BADADDR;
1563	kdc_log(context, config, 0,
1564	"Bad address list requested -- %s", client_name);
1565	goto out;
1566	}
1567
1568	ret = copy_PrincipalName(&rep.cname, &et.cname);
1569	if (ret)
1570	goto out;
1571	ret = copy_Realm(&rep.crealm, &et.crealm);
1572	if (ret)
1573	goto out;
1574
1575	{
1576	time_t start;
1577	time_t t;
1578
1579	start = et.authtime = kdc_time;
1580
1581	if(f.postdated && req->req_body.from){
1582	ALLOC(et.starttime);
1583	start = et.starttime = req->req_body.from;
1584	et.flags.invalid = 1;
1585	et.flags.postdated = 1; /* XXX ??? */
1586	}
1587	_kdc_fix_time(&b->till);
1588	t = *b->till;
1589
1590	/* be careful not overflowing */
1591
1592	if(client->entry.max_life)
1593	t = start + min(t - start, *client->entry.max_life);
1594	if(server->entry.max_life)
1595	t = start + min(t - start, *server->entry.max_life);
1596	#if 0
1597	t = min(t, start + realm->max_life);
1598	#endif
1599	et.endtime = t;
1600	if(f.renewable_ok && et.endtime < *b->till){
1601	f.renewable = 1;
1602	if(b->rtime == NULL){
1603	ALLOC(b->rtime);
1604	*b->rtime = 0;
1605	}
1606	if(b->rtime < b->till)
1607	b->rtime = b->till;
1608	}
1609	if(f.renewable && b->rtime){
1610	t = *b->rtime;
1611	if(t == 0)
1612	t = MAX_TIME;
1613	if(client->entry.max_renew)
1614	t = start + min(t - start, *client->entry.max_renew);
1615	if(server->entry.max_renew)
1616	t = start + min(t - start, *server->entry.max_renew);
1617	#if 0
1618	t = min(t, start + realm->max_renew);
1619	#endif
1620	ALLOC(et.renew_till);
1621	*et.renew_till = t;
1622	et.flags.renewable = 1;
1623	}
1624	}
1625
1626	if (f.request_anonymous)
1627	et.flags.anonymous = 1;
1628
1629	if(b->addresses){
1630	ALLOC(et.caddr);
1631	copy_HostAddresses(b->addresses, et.caddr);
1632	}
1633
1634	et.transited.tr_type = DOMAIN_X500_COMPRESS;
1635	krb5_data_zero(&et.transited.contents);
1636
1637	/* The MIT ASN.1 library (obviously) doesn't tell lengths encoded
1638	* as 0 and as 0x80 (meaning indefinite length) apart, and is thus
1639	* incapable of correctly decoding SEQUENCE OF's of zero length.
1640	*
1641	* To fix this, always send at least one no-op last_req
1642	*
1643	* If there's a pw_end or valid_end we will use that,
1644	* otherwise just a dummy lr.
1645	*/
1646	ek.last_req.val = malloc(2 * sizeof(*ek.last_req.val));
1647	if (ek.last_req.val == NULL) {
1648	ret = ENOMEM;
1649	goto out;
1650	}
1651	ek.last_req.len = 0;
1652	if (client->entry.pw_end
1653	&& (config->kdc_warn_pwexpire == 0
1654	\|\| kdc_time + config->kdc_warn_pwexpire >= *client->entry.pw_end)) {
1655	ek.last_req.val[ek.last_req.len].lr_type = LR_PW_EXPTIME;
1656	ek.last_req.val[ek.last_req.len].lr_value = *client->entry.pw_end;
1657	++ek.last_req.len;
1658	}
1659	if (client->entry.valid_end) {
1660	ek.last_req.val[ek.last_req.len].lr_type = LR_ACCT_EXPTIME;
1661	ek.last_req.val[ek.last_req.len].lr_value = *client->entry.valid_end;
1662	++ek.last_req.len;
1663	}
1664	if (ek.last_req.len == 0) {
1665	ek.last_req.val[ek.last_req.len].lr_type = LR_NONE;
1666	ek.last_req.val[ek.last_req.len].lr_value = 0;
1667	++ek.last_req.len;
1668	}
1669	ek.nonce = b->nonce;
1670	if (client->entry.valid_end \|\| client->entry.pw_end) {
1671	ALLOC(ek.key_expiration);
1672	if (client->entry.valid_end) {
1673	if (client->entry.pw_end)
1674	ek.key_expiration = min(client->entry.valid_end,
1675	*client->entry.pw_end);
1676	else
1677	ek.key_expiration = client->entry.valid_end;
1678	} else
1679	ek.key_expiration = client->entry.pw_end;
1680	} else
1681	ek.key_expiration = NULL;
1682	ek.flags = et.flags;
1683	ek.authtime = et.authtime;
1684	if (et.starttime) {
1685	ALLOC(ek.starttime);
1686	ek.starttime = et.starttime;
1687	}
1688	ek.endtime = et.endtime;
1689	if (et.renew_till) {
1690	ALLOC(ek.renew_till);
1691	ek.renew_till = et.renew_till;
1692	}
1693	copy_Realm(&rep.ticket.realm, &ek.srealm);
1694	copy_PrincipalName(&rep.ticket.sname, &ek.sname);
1695	if(et.caddr){
1696	ALLOC(ek.caddr);
1697	copy_HostAddresses(et.caddr, ek.caddr);
1698	}
1699
1700	#if PKINIT
1701	if (pkp) {
1702	e_text = "Failed to build PK-INIT reply";
1703	ret = _kdc_pk_mk_pa_reply(context, config, pkp, client,
1704	sessionetype, req, req_buffer,
1705	&reply_key, &et.key, rep.padata);
1706	if (ret)
1707	goto out;
1708	ret = _kdc_add_inital_verified_cas(context,
1709	config,
1710	pkp,
1711	&et);
1712	if (ret)
1713	goto out;
1714
1715	} else
1716	#endif
1717	{
1718	ret = krb5_generate_random_keyblock(context, sessionetype, &et.key);
1719	if (ret)
1720	goto out;
1721	}
1722
1723	if (reply_key == NULL) {
1724	e_text = "Client have no reply key";
1725	ret = KRB5KDC_ERR_CLIENT_NOTYET;
1726	goto out;
1727	}
1728
1729	ret = copy_EncryptionKey(&et.key, &ek.key);
1730	if (ret)
1731	goto out;
1732
1733	if (rep.padata->len == 0) {
1734	free(rep.padata);
1735	rep.padata = NULL;
1736	}
1737
1738	/* Add the PAC */
1739	if (send_pac_p(context, req)) {
1740	krb5_pac p = NULL;
1741	krb5_data data;
1742
1743	ret = _kdc_pac_generate(context, client, &p);
1744	if (ret) {
1745	kdc_log(context, config, 0, "PAC generation failed for -- %s",
1746	client_name);
1747	goto out;
1748	}
1749	if (p != NULL) {
1750	ret = _krb5_pac_sign(context, p, et.authtime,
1751	client->entry.principal,
1752	&skey->key, /* Server key */
1753	&skey->key, /* FIXME: should be krbtgt key */
1754	&data);
1755	krb5_pac_free(context, p);
1756	if (ret) {
1757	kdc_log(context, config, 0, "PAC signing failed for -- %s",
1758	client_name);
1759	goto out;
1760	}
1761
1762	ret = _kdc_tkt_add_if_relevant_ad(context, &et,
1763	KRB5_AUTHDATA_WIN2K_PAC,
1764	&data);
1765	krb5_data_free(&data);
1766	if (ret)
1767	goto out;
1768	}
1769	}
1770
1771	_kdc_log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime,
1772	et.endtime, et.renew_till);
1773
1774	/* do this as the last thing since this signs the EncTicketPart */
1775	ret = _kdc_add_KRB5SignedPath(context,
1776	config,
1777	server,
1778	setype,
1779	client->entry.principal,
1780	NULL,
1781	NULL,
1782	&et);
1783	if (ret)
1784	goto out;
1785
1786	log_as_req(context, config, reply_key->keytype, setype, b);
1787
1788	ret = _kdc_encode_reply(context, config,
1789	&rep, &et, &ek, setype, server->entry.kvno,
1790	&skey->key, client->entry.kvno,
1791	reply_key, 0, &e_text, reply);
1792	free_EncTicketPart(&et);
1793	free_EncKDCRepPart(&ek);
1794	if (ret)
1795	goto out;
1796
1797	/* */
1798	if (datagram_reply && reply->length > config->max_datagram_reply_length) {
1799	krb5_data_free(reply);
1800	ret = KRB5KRB_ERR_RESPONSE_TOO_BIG;
1801	e_text = "Reply packet too large";
1802	}
1803
1804	out:
1805	free_AS_REP(&rep);
1806	if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) {
1807	krb5_mk_error(context,
1808	ret,
1809	e_text,
1810	(e_data.data ? &e_data : NULL),
1811	client_princ,
1812	server_princ,
1813	NULL,
1814	NULL,
1815	reply);
1816	ret = 0;
1817	}
1818	#ifdef PKINIT
1819	if (pkp)
1820	_kdc_pk_free_client_param(context, pkp);
1821	#endif
1822	if (e_data.data)
1823	free(e_data.data);
1824	if (client_princ)
1825	krb5_free_principal(context, client_princ);
1826	free(client_name);
1827	if (server_princ)
1828	krb5_free_principal(context, server_princ);
1829	free(server_name);
1830	if(client)
1831	_kdc_free_ent(context, client);
1832	if(server)
1833	_kdc_free_ent(context, server);
1834	return ret;
1835	}
1836
1837	/*
1838	* Add the AuthorizationData `dataÂŽ of `typeÂŽ to the last element in
1839	* the sequence of authorization_data in `tktÂŽ wrapped in an IF_RELEVANT
1840	*/
1841
1842	krb5_error_code
1843	_kdc_tkt_add_if_relevant_ad(krb5_context context,
1844	EncTicketPart *tkt,
1845	int type,
1846	const krb5_data *data)
1847	{
1848	krb5_error_code ret;
1849	size_t size = 0;
1850
1851	if (tkt->authorization_data == NULL) {
1852	tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
1853	if (tkt->authorization_data == NULL) {
1854	krb5_set_error_message(context, ENOMEM, "out of memory");
1855	return ENOMEM;
1856	}
1857	}
1858
1859	/* add the entry to the last element */
1860	{
1861	AuthorizationData ad = { 0, NULL };
1862	AuthorizationDataElement ade;
1863
1864	ade.ad_type = type;
1865	ade.ad_data = *data;
1866
1867	ret = add_AuthorizationData(&ad, &ade);
1868	if (ret) {
1869	krb5_set_error_message(context, ret, "add AuthorizationData failed");
1870	return ret;
1871	}
1872
1873	ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
1874
1875	ASN1_MALLOC_ENCODE(AuthorizationData,
1876	ade.ad_data.data, ade.ad_data.length,
1877	&ad, &size, ret);
1878	free_AuthorizationData(&ad);
1879	if (ret) {
1880	krb5_set_error_message(context, ret, "ASN.1 encode of "
1881	"AuthorizationData failed");
1882	return ret;
1883	}
1884	if (ade.ad_data.length != size)
1885	krb5_abortx(context, "internal asn.1 encoder error");
1886
1887	ret = add_AuthorizationData(tkt->authorization_data, &ade);
1888	der_free_octet_string(&ade.ad_data);
1889	if (ret) {
1890	krb5_set_error_message(context, ret, "add AuthorizationData failed");
1891	return ret;
1892	}
1893	}
1894
1895	return 0;
1896	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: vendor/current/source4/heimdal/kdc/kerberos5.c

Download in other formats: