1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
5 * Copyright (C) 2009 by the Massachusetts Institute of Technology.
8 * Export of this software from the United States of America may
9 * require a specific license from the United States Government.
10 * It is the responsibility of any person or organization contemplating
11 * export to obtain such a license before exporting.
13 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
14 * distribute this software and its documentation for any purpose and
15 * without fee is hereby granted, provided that the above copyright
16 * notice appear in all copies and that both that copyright notice and
17 * this permission notice appear in supporting documentation, and that
18 * the name of M.I.T. not be used in advertising or publicity pertaining
19 * to distribution of the software without specific, written prior
20 * permission. Furthermore if you modify this software you must label
21 * your software as modified software and not distribute it in such a
22 * fashion that it might be confused with the original M.I.T. software.
23 * M.I.T. makes no representations about the suitability of
24 * this software for any purpose. It is provided "as is" without express
25 * or implied warranty.
35 * This function will find the fast and cookie padata and if fast is
36 * successfully processed, will throw away (and free) the outer
37 * request and update the pointer to point to the inner request. The
38 * checksummed_data points to the data that is in the
39 * armored_fast_request checksum; either the pa-tgs-req or the
43 static krb5_error_code armor_ap_request
44 (struct kdc_request_state *state, krb5_fast_armor *armor)
46 krb5_error_code retval = 0;
47 krb5_auth_context authcontext = NULL;
48 krb5_ticket *ticket = NULL;
49 krb5_keyblock *subkey = NULL;
51 assert(armor->armor_type == KRB5_FAST_ARMOR_AP_REQUEST);
52 krb5_clear_error_message(kdc_context);
53 retval = krb5_auth_con_init(kdc_context, &authcontext);
55 retval = krb5_auth_con_setflags(kdc_context,
56 authcontext, 0); /*disable replay cache*/
57 retval = krb5_rd_req(kdc_context, &authcontext,
58 &armor->armor_value, NULL /*server*/,
59 kdc_active_realm->realm_keytab, NULL, &ticket);
61 const char * errmsg = krb5_get_error_message(kdc_context, retval);
62 krb5_set_error_message(kdc_context, retval,
63 "%s while handling ap-request armor", errmsg);
64 krb5_free_error_message(kdc_context, errmsg);
67 if (!krb5_principal_compare_any_realm(kdc_context,
70 krb5_set_error_message(kdc_context, KRB5KDC_ERR_SERVER_NOMATCH,
71 "ap-request armor for something other than the local TGS");
72 retval = KRB5KDC_ERR_SERVER_NOMATCH;
76 retval = krb5_auth_con_getrecvsubkey(kdc_context, authcontext, &subkey);
77 if (retval != 0 || subkey == NULL) {
78 krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
79 "ap-request armor without subkey");
80 retval = KRB5KDC_ERR_POLICY;
84 retval = krb5_c_fx_cf2_simple(kdc_context,
85 subkey, "subkeyarmor",
86 ticket->enc_part2->session, "ticketarmor",
89 krb5_free_ticket(kdc_context, ticket);
91 krb5_free_keyblock(kdc_context, subkey);
93 krb5_auth_con_free(kdc_context, authcontext);
97 static krb5_error_code
98 encrypt_fast_reply(struct kdc_request_state *state,
99 const krb5_fast_response *response,
100 krb5_data **fx_fast_reply)
102 krb5_error_code retval = 0;
103 krb5_enc_data encrypted_reply;
104 krb5_data *encoded_response = NULL;
105 assert(state->armor_key);
106 retval = encode_krb5_fast_response(response, &encoded_response);
108 retval = krb5_encrypt_helper(kdc_context, state->armor_key,
109 KRB5_KEYUSAGE_FAST_REP,
110 encoded_response, &encrypted_reply);
111 if (encoded_response)
112 krb5_free_data(kdc_context, encoded_response);
113 encoded_response = NULL;
115 retval = encode_krb5_pa_fx_fast_reply(&encrypted_reply,
117 krb5_free_data_contents(kdc_context, &encrypted_reply.ciphertext);
124 kdc_find_fast(krb5_kdc_req **requestptr,
125 krb5_data *checksummed_data,
126 krb5_keyblock *tgs_subkey,
127 krb5_keyblock *tgs_session,
128 struct kdc_request_state *state)
130 krb5_error_code retval = 0;
131 krb5_pa_data *fast_padata, *cookie_padata = NULL;
133 krb5_fast_req * fast_req = NULL;
134 krb5_kdc_req *request = *requestptr;
135 krb5_fast_armored_req *fast_armored_req = NULL;
136 krb5_checksum *cksum;
137 krb5_boolean cksum_valid;
138 krb5_keyblock empty_keyblock;
141 krb5_clear_error_message(kdc_context);
142 memset(&empty_keyblock, 0, sizeof(krb5_keyblock));
143 fast_padata = find_pa_data(request->padata,
144 KRB5_PADATA_FX_FAST);
145 if (fast_padata != NULL){
146 scratch.length = fast_padata->length;
147 scratch.data = (char *) fast_padata->contents;
148 retval = decode_krb5_pa_fx_fast_request(&scratch, &fast_armored_req);
149 if (retval == 0 &&fast_armored_req->armor) {
150 switch (fast_armored_req->armor->armor_type) {
151 case KRB5_FAST_ARMOR_AP_REQUEST:
153 krb5_set_error_message( kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
154 "Ap-request armor not permitted with TGS");
155 retval = KRB5KDC_ERR_PREAUTH_FAILED;
158 retval = armor_ap_request(state, fast_armored_req->armor);
161 krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
162 "Unknow FAST armor type %d",
163 fast_armored_req->armor->armor_type);
164 retval = KRB5KDC_ERR_PREAUTH_FAILED;
167 if (retval == 0 && !state->armor_key) {
169 retval = krb5_c_fx_cf2_simple(kdc_context,
170 tgs_subkey, "subkeyarmor",
171 tgs_session, "ticketarmor",
174 krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
175 "No armor key but FAST armored request present");
176 retval = KRB5KDC_ERR_PREAUTH_FAILED;
181 plaintext.length = fast_armored_req->enc_part.ciphertext.length;
182 plaintext.data = malloc(plaintext.length);
183 if (plaintext.data == NULL)
185 retval = krb5_c_decrypt(kdc_context,
187 KRB5_KEYUSAGE_FAST_ENC, NULL,
188 &fast_armored_req->enc_part,
191 retval = decode_krb5_fast_req(&plaintext, &fast_req);
193 free(plaintext.data);
195 cksum = &fast_armored_req->req_checksum;
197 retval = krb5_c_verify_checksum(kdc_context, state->armor_key,
198 KRB5_KEYUSAGE_FAST_REQ_CHKSUM,
199 checksummed_data, cksum,
201 if (retval == 0 && !cksum_valid) {
202 retval = KRB5KRB_AP_ERR_MODIFIED;
203 krb5_set_error_message(kdc_context, KRB5KRB_AP_ERR_MODIFIED,
204 "FAST req_checksum invalid; request modified");
207 if (!krb5_c_is_keyed_cksum(cksum->checksum_type)) {
208 retval = KRB5KDC_ERR_POLICY;
209 krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
210 "Unkeyed checksum used in fast_req");
214 if ((fast_req->fast_options & UNSUPPORTED_CRITICAL_FAST_OPTIONS) != 0)
215 retval = KRB5KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTION;
218 cookie_padata = find_pa_data(fast_req->req_body->padata,
219 KRB5_PADATA_FX_COOKIE);
221 state->fast_options = fast_req->fast_options;
222 if (request->kdc_state == state)
223 request->kdc_state = NULL;
224 krb5_free_kdc_req( kdc_context, request);
225 *requestptr = fast_req->req_body;
226 fast_req->req_body = NULL;
229 else cookie_padata = find_pa_data(request->padata, KRB5_PADATA_FX_COOKIE);
230 if (retval == 0 && cookie_padata != NULL) {
231 krb5_pa_data *new_padata = malloc(sizeof (krb5_pa_data));
232 if (new_padata == NULL) {
235 new_padata->pa_type = KRB5_PADATA_FX_COOKIE;
236 new_padata->length = cookie_padata->length;
237 new_padata->contents = malloc(new_padata->length);
238 if (new_padata->contents == NULL) {
242 memcpy(new_padata->contents, cookie_padata->contents,
244 state->cookie = new_padata;
249 krb5_free_fast_req( kdc_context, fast_req);
250 if (fast_armored_req)
251 krb5_free_fast_armored_req(kdc_context, fast_armored_req);
257 kdc_make_rstate(struct kdc_request_state **out)
259 struct kdc_request_state *state = malloc( sizeof(struct kdc_request_state));
262 memset( state, 0, sizeof(struct kdc_request_state));
268 kdc_free_rstate (struct kdc_request_state *s)
273 krb5_free_keyblock(kdc_context, s->armor_key);
274 if (s->strengthen_key)
275 krb5_free_keyblock(kdc_context, s->strengthen_key);
277 free(s->cookie->contents);
284 kdc_fast_response_handle_padata(struct kdc_request_state *state,
285 krb5_kdc_req *request,
286 krb5_kdc_rep *rep, krb5_enctype enctype)
288 krb5_error_code retval = 0;
289 krb5_fast_finished finish;
290 krb5_fast_response fast_response;
291 krb5_data *encoded_ticket = NULL;
292 krb5_data *encrypted_reply = NULL;
293 krb5_pa_data *pa = NULL, **pa_array = NULL;
294 krb5_cksumtype cksumtype = CKSUMTYPE_RSA_MD5;
295 krb5_pa_data *empty_padata[] = {NULL};
296 krb5_keyblock *strengthen_key = NULL;
298 if (!state->armor_key)
300 memset(&finish, 0, sizeof(finish));
301 retval = krb5_init_keyblock(kdc_context, enctype, 0, &strengthen_key);
303 retval = krb5_c_make_random_key(kdc_context, enctype, strengthen_key);
305 state->strengthen_key = strengthen_key;
306 strengthen_key = NULL;
309 fast_response.padata = rep->padata;
310 if (fast_response.padata == NULL)
311 fast_response.padata = &empty_padata[0];
312 fast_response.strengthen_key = state->strengthen_key;
313 fast_response.nonce = request->nonce;
314 fast_response.finished = &finish;
315 finish.client = rep->client;
316 pa_array = calloc(3, sizeof(*pa_array));
317 if (pa_array == NULL)
319 pa = calloc(1, sizeof(krb5_pa_data));
320 if (retval == 0 && pa == NULL)
323 retval = krb5_us_timeofday(kdc_context, &finish.timestamp, &finish.usec);
325 retval = encode_krb5_ticket(rep->ticket, &encoded_ticket);
327 retval = krb5int_c_mandatory_cksumtype(kdc_context,
328 state->armor_key->enctype,
331 retval = krb5_c_make_checksum(kdc_context, cksumtype,
333 KRB5_KEYUSAGE_FAST_FINISHED,
334 encoded_ticket, &finish.ticket_checksum);
336 retval = encrypt_fast_reply(state, &fast_response, &encrypted_reply);
338 pa[0].pa_type = KRB5_PADATA_FX_FAST;
339 pa[0].length = encrypted_reply->length;
340 pa[0].contents = (unsigned char *) encrypted_reply->data;
341 pa_array[0] = &pa[0];
342 rep->padata = pa_array;
344 free(encrypted_reply);
345 encrypted_reply = NULL;
353 krb5_free_data(kdc_context, encrypted_reply);
355 krb5_free_data(kdc_context, encoded_ticket);
356 if (strengthen_key != NULL)
357 krb5_free_keyblock(kdc_context, strengthen_key);
358 if (finish.ticket_checksum.contents)
359 krb5_free_checksum_contents(kdc_context, &finish.ticket_checksum);
365 * We assume the caller is responsible for passing us an in_padata
366 * sufficient to include in a FAST error. In the FAST case we will
367 * throw away the e_data in the error (if any); in the non-FAST case
368 * we will not use the in_padata.
371 kdc_fast_handle_error(krb5_context context,
372 struct kdc_request_state *state,
373 krb5_kdc_req *request,
374 krb5_pa_data **in_padata, krb5_error *err)
376 krb5_error_code retval = 0;
377 krb5_fast_response resp;
379 krb5_data *encoded_fx_error = NULL, *encrypted_reply = NULL;
381 krb5_pa_data *outer_pa[3], *cookie = NULL;
382 krb5_pa_data **inner_pa = NULL;
384 krb5_data *encoded_e_data = NULL;
386 memset(outer_pa, 0, sizeof(outer_pa));
387 if (!state->armor_key)
390 fx_error.e_data.data = NULL;
391 fx_error.e_data.length = 0;
392 for (size = 0; in_padata&&in_padata[size]; size++);
394 inner_pa = calloc(size, sizeof(krb5_pa_data *));
395 if (inner_pa == NULL)
398 for (size=0; in_padata&&in_padata[size]; size++)
399 inner_pa[size] = in_padata[size];
401 retval = encode_krb5_error(&fx_error, &encoded_fx_error);
403 pa[0].pa_type = KRB5_PADATA_FX_ERROR;
404 pa[0].length = encoded_fx_error->length;
405 pa[0].contents = (unsigned char *) encoded_fx_error->data;
406 inner_pa[size++] = &pa[0];
407 if (find_pa_data(inner_pa, KRB5_PADATA_FX_COOKIE) == NULL)
408 retval = kdc_preauth_get_cookie(state, &cookie);
411 inner_pa[size++] = cookie;
413 resp.padata = inner_pa;
414 resp.nonce = request->nonce;
415 resp.strengthen_key = NULL;
416 resp.finished = NULL;
419 retval = encrypt_fast_reply(state, &resp, &encrypted_reply);
421 free(inner_pa); /*contained storage from caller and our stack*/
423 free(cookie->contents);
428 pa[0].pa_type = KRB5_PADATA_FX_FAST;
429 pa[0].length = encrypted_reply->length;
430 pa[0].contents = (unsigned char *) encrypted_reply->data;
431 outer_pa[0] = &pa[0];
433 retval = encode_krb5_padata_sequence(outer_pa, &encoded_e_data);
435 /*process_as holds onto a pointer to the original e_data and frees it*/
436 err->e_data = *encoded_e_data;
437 free(encoded_e_data); /*contents belong to err*/
438 encoded_e_data = NULL;
441 krb5_free_data(kdc_context, encoded_e_data);
443 krb5_free_data(kdc_context, encrypted_reply);
444 if (encoded_fx_error)
445 krb5_free_data(kdc_context, encoded_fx_error);
450 kdc_fast_handle_reply_key(struct kdc_request_state *state,
451 krb5_keyblock *existing_key,
452 krb5_keyblock **out_key)
454 krb5_error_code retval = 0;
455 if (state->armor_key)
456 retval = krb5_c_fx_cf2_simple(kdc_context,
457 state->strengthen_key, "strengthenkey",
459 "replykey", out_key);
461 retval = krb5_copy_keyblock(kdc_context, existing_key, out_key);
467 kdc_preauth_get_cookie(struct kdc_request_state *state,
468 krb5_pa_data **cookie)
471 krb5_pa_data *pa = NULL;
472 /* In our current implementation, the only purpose served by
473 * returning a cookie is to indicate that a conversation should
474 * continue on error. Thus, the cookie can have a constant
475 * string. If cookies are used for real, versioning so that KDCs
476 * can be upgraded, keying, expiration and many other issues need
479 contents = strdup("MIT");
480 if (contents == NULL)
482 pa = calloc(1, sizeof(krb5_pa_data));
487 pa->pa_type = KRB5_PADATA_FX_COOKIE;
488 pa->length = strlen(contents);
489 pa->contents = (unsigned char *) contents;