- /* If we don't have a client cert, we're done */
- if(request->client == NULL) {
- kdcPkinitDebug("No request->client; aborting PKINIT\n");
- return KRB5KDC_ERR_PREAUTH_FAILED;
- }
- krtn = krb5_unparse_name(context, request->client, &princ_name);
- if(krtn) {
- return krtn;
- }
- krtn = krb5_pkinit_get_client_cert(princ_name, &client_cert);
- free(princ_name);
- if(krtn) {
- kdcPkinitDebug("No client cert; aborting PKINIT\n");
- return krtn;
- }
-
- memset(&local_key, 0, sizeof(local_key));
- asRep.data = (char *)in_padata->contents;
- asRep.length = in_padata->length;
- krtn = krb5int_pkinit_as_rep_parse(context, &asRep, client_cert,
- &local_key, &as_req_checksum_rcd, &sig_status,
- &signer_cert, NULL, NULL);
- if(krtn) {
- kdcPkinitDebug("pkinit_as_rep_parse returned %d\n", (int)krtn);
- return krtn;
- }
- switch(sig_status) {
- case pki_cs_good:
- break;
- case pki_cs_unknown_root:
- if (local_kdc_cert_match(context, &signer_cert, request->client))
- break;
- /* FALLTHROUGH */
- default:
- kdcPkinitDebug("pa_pkinit_parse_rep: bad cert/sig status %d\n",
- (int)sig_status);
- krtn = KRB5KDC_ERR_PREAUTH_FAILED;
- goto error_out;
- }
-
- /* calculate checksum of incoming AS-REQ using the decryption key
- * we just got from the ReplyKeyPack */
- krtn = encode_krb5_as_req(request, &encoded_as_req);
- if(krtn) {
- goto error_out;
- }
- krtn = krb5_c_make_checksum(context, context->kdc_req_sumtype,
- &local_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
- encoded_as_req, &as_req_checksum_gen);
- if(krtn) {
- goto error_out;
- }
- if((as_req_checksum_gen.length != as_req_checksum_rcd.length) ||
- memcmp(as_req_checksum_gen.contents,
- as_req_checksum_rcd.contents,
- as_req_checksum_gen.length)) {
- kdcPkinitDebug("pa_pkinit_parse_rep: checksum miscompare\n");
- krtn = KRB5KDC_ERR_PREAUTH_FAILED;
- goto error_out;
- }
-
- /* We have the key; transfer to caller */
- if (as_key->length) {
- krb5_free_keyblock_contents(context, as_key);
- }
- *as_key = local_key;
-
- #if PKINIT_DEBUG
- fprintf(stderr, "pa_pkinit_parse_rep: SUCCESS\n");
- fprintf(stderr, "enctype %d keylen %d keydata %02x %02x %02x %02x...\n",
- (int)as_key->enctype, (int)as_key->length,
- as_key->contents[0], as_key->contents[1],
- as_key->contents[2], as_key->contents[3]);
- #endif
-
- krtn = 0;
-
-error_out:
- if (signer_cert.data) {
- free(signer_cert.data);
- }
- if(as_req_checksum_rcd.contents) {
- free(as_req_checksum_rcd.contents);
- }
- if(as_req_checksum_gen.contents) {
- free(as_req_checksum_gen.contents);
- }
- if(encoded_as_req) {
- krb5_free_data(context, encoded_as_req);
- }
- if(krtn && (local_key.contents != NULL)) {
- krb5_free_keyblock_contents(context, &local_key);
- }
- return krtn;
-}
-#endif /* APPLE_PKINIT */
-
-static
-krb5_error_code pa_sam_2(krb5_context context,
- krb5_kdc_req *request,
- krb5_pa_data *in_padata,
- krb5_pa_data **out_padata,
- krb5_data *salt,
- krb5_data *s2kparams,
- krb5_enctype *etype,
- krb5_keyblock *as_key,
- krb5_prompter_fct prompter,
- void *prompter_data,
- krb5_gic_get_as_key_fct gak_fct,
- void *gak_data) {
-
- krb5_error_code retval;
- krb5_sam_challenge_2 *sc2 = NULL;
- krb5_sam_challenge_2_body *sc2b = NULL;
- krb5_data tmp_data;
- krb5_data response_data;
- char name[100], banner[100], prompt[100], response[100];
- krb5_prompt kprompt;
- krb5_prompt_type prompt_type;
- krb5_data defsalt;
- krb5_checksum **cksum;
- krb5_data *scratch = NULL;
- krb5_boolean valid_cksum = 0;
- krb5_enc_sam_response_enc_2 enc_sam_response_enc_2;
- krb5_sam_response_2 sr2;
- size_t ciph_len;
- krb5_pa_data *sam_padata;
-
- if (prompter == NULL)
- return KRB5_LIBOS_CANTREADPWD;
-
- tmp_data.length = in_padata->length;
- tmp_data.data = (char *)in_padata->contents;
-
- if ((retval = decode_krb5_sam_challenge_2(&tmp_data, &sc2)))
- return(retval);
-
- retval = decode_krb5_sam_challenge_2_body(&sc2->sam_challenge_2_body, &sc2b);
-
- if (retval)
- return(retval);
-
- if (!sc2->sam_cksum || ! *sc2->sam_cksum) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- return(KRB5_SAM_NO_CHECKSUM);
- }
-
- if (sc2b->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- return(KRB5_SAM_UNSUPPORTED);
- }
-
- if (!krb5_c_valid_enctype(sc2b->sam_etype)) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- return(KRB5_SAM_INVALID_ETYPE);
- }
-
- /* All of the above error checks are KDC-specific, that is, they */
- /* assume a failure in the KDC reply. By returning anything other */
- /* than KRB5_KDC_UNREACH, KRB5_PREAUTH_FAILED, */
- /* KRB5_LIBOS_PWDINTR, or KRB5_REALM_CANT_RESOLVE, the client will */
- /* most likely go on to try the AS_REQ against master KDC */
-
- if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) {
- /* We will need the password to obtain the key used for */
- /* the checksum, and encryption of the sam_response. */
- /* Go ahead and get it now, preserving the ordering of */
- /* prompts for the user. */
-
- retval = (gak_fct)(context, request->client,
- sc2b->sam_etype, prompter,
- prompter_data, salt, s2kparams, as_key, gak_data);
- if (retval) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- return(retval);
- }
- }
-
- snprintf(name, sizeof(name), "%.*s",
- SAMDATA(sc2b->sam_type_name, "SAM Authentication",
- sizeof(name) - 1));
-
- snprintf(banner, sizeof(banner), "%.*s",
- SAMDATA(sc2b->sam_challenge_label,
- sam_challenge_banner(sc2b->sam_type),
- sizeof(banner)-1));
-
- snprintf(prompt, sizeof(prompt), "%s%.*s%s%.*s",
- sc2b->sam_challenge.length?"Challenge is [":"",
- SAMDATA(sc2b->sam_challenge, "", 20),
- sc2b->sam_challenge.length?"], ":"",
- SAMDATA(sc2b->sam_response_prompt, "passcode", 55));
-
- response_data.data = response;
- response_data.length = sizeof(response);
- kprompt.prompt = prompt;
- kprompt.hidden = 1;
- kprompt.reply = &response_data;
-
- prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
- krb5int_set_prompt_types(context, &prompt_type);
-
- if ((retval = ((*prompter)(context, prompter_data, name,
- banner, 1, &kprompt)))) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- krb5int_set_prompt_types(context, 0);
- return(retval);
- }
-
- krb5int_set_prompt_types(context, (krb5_prompt_type *)NULL);
-
- /* Generate salt used by string_to_key() */
- if ((salt->length == -1) && (salt->data == NULL)) {
- if ((retval =
- krb5_principal2salt(context, request->client, &defsalt))) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- return(retval);
- }
- salt = &defsalt;
- } else {
- defsalt.length = 0;
- }
-
- /* Get encryption key to be used for checksum and sam_response */
- if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) {
- /* as_key = string_to_key(password) */
-
- if (as_key->length) {
- krb5_free_keyblock_contents(context, as_key);
- as_key->length = 0;
- }
-
- /* generate a key using the supplied password */
- retval = krb5_c_string_to_key(context, sc2b->sam_etype,
- (krb5_data *)gak_data, salt, as_key);
-
- if (retval) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- if (defsalt.length) free(defsalt.data);
- return(retval);
- }
-
- if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) {
- /* as_key = combine_key (as_key, string_to_key(SAD)) */
- krb5_keyblock tmp_kb;
-
- retval = krb5_c_string_to_key(context, sc2b->sam_etype,
- &response_data, salt, &tmp_kb);
-
- if (retval) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- if (defsalt.length) free(defsalt.data);
- return(retval);
- }
-
- /* This should be a call to the crypto library some day */
- /* key types should already match the sam_etype */
- retval = krb5int_c_combine_keys(context, as_key, &tmp_kb, as_key);
-
- if (retval) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- if (defsalt.length) free(defsalt.data);
- return(retval);
- }
- krb5_free_keyblock_contents(context, &tmp_kb);
- }
-
- if (defsalt.length)
- free(defsalt.data);
-
- } else {
- /* as_key = string_to_key(SAD) */
-
- if (as_key->length) {
- krb5_free_keyblock_contents(context, as_key);
- as_key->length = 0;
- }
-
- /* generate a key using the supplied password */
- retval = krb5_c_string_to_key(context, sc2b->sam_etype,
- &response_data, salt, as_key);
-
- if (defsalt.length)
- free(defsalt.data);
-
- if (retval) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- return(retval);
- }
- }
-
- /* Now we have a key, verify the checksum on the sam_challenge */
-
- cksum = sc2->sam_cksum;
-
- while (*cksum) {
- /* Check this cksum */
- retval = krb5_c_verify_checksum(context, as_key,
- KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
- &sc2->sam_challenge_2_body,
- *cksum, &valid_cksum);
- if (retval) {
- krb5_free_data(context, scratch);
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- return(retval);
- }
- if (valid_cksum)
- break;
- cksum++;
- }
-
- if (!valid_cksum) {
-
- /* If KRB5_SAM_SEND_ENCRYPTED_SAD is set, then password is only */
- /* source for checksum key. Therefore, a bad checksum means a */
- /* bad password. Don't give that direct feedback to someone */
- /* trying to brute-force passwords. */
-
- if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD))
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- /*
- * Note: We return AP_ERR_BAD_INTEGRITY so upper-level applications
- * can interpret that as "password incorrect", which is probably
- * the best error we can return in this situation.
- */
- return(KRB5KRB_AP_ERR_BAD_INTEGRITY);
- }
-
- /* fill in enc_sam_response_enc_2 */
- enc_sam_response_enc_2.magic = KV5M_ENC_SAM_RESPONSE_ENC_2;
- enc_sam_response_enc_2.sam_nonce = sc2b->sam_nonce;
- if (sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) {
- enc_sam_response_enc_2.sam_sad = response_data;
- } else {
- enc_sam_response_enc_2.sam_sad.data = NULL;
- enc_sam_response_enc_2.sam_sad.length = 0;
- }
-
- /* encode and encrypt enc_sam_response_enc_2 with as_key */
- retval = encode_krb5_enc_sam_response_enc_2(&enc_sam_response_enc_2,
- &scratch);
- if (retval) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- return(retval);
- }
-
- /* Fill in sam_response_2 */
- memset(&sr2, 0, sizeof(sr2));
- sr2.sam_type = sc2b->sam_type;
- sr2.sam_flags = sc2b->sam_flags;
- sr2.sam_track_id = sc2b->sam_track_id;
- sr2.sam_nonce = sc2b->sam_nonce;
-
- /* Now take care of sr2.sam_enc_nonce_or_sad by encrypting encoded */
- /* enc_sam_response_enc_2 from above */
-
- retval = krb5_c_encrypt_length(context, as_key->enctype, scratch->length,
- &ciph_len);
- if (retval) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- return(retval);
- }
- sr2.sam_enc_nonce_or_sad.ciphertext.length = ciph_len;
-
- sr2.sam_enc_nonce_or_sad.ciphertext.data =
- (char *)malloc(sr2.sam_enc_nonce_or_sad.ciphertext.length);
-
- if (!sr2.sam_enc_nonce_or_sad.ciphertext.data) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- return(ENOMEM);
- }
-
- retval = krb5_c_encrypt(context, as_key, KRB5_KEYUSAGE_PA_SAM_RESPONSE,
- NULL, scratch, &sr2.sam_enc_nonce_or_sad);
- if (retval) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- krb5_free_data(context, scratch);
- krb5_free_data_contents(context, &sr2.sam_enc_nonce_or_sad.ciphertext);
- return(retval);
- }
- krb5_free_data(context, scratch);
- scratch = NULL;
-
- /* Encode the sam_response_2 */
- retval = encode_krb5_sam_response_2(&sr2, &scratch);
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- krb5_free_data_contents(context, &sr2.sam_enc_nonce_or_sad.ciphertext);
-
- if (retval) {
- return (retval);
- }
-
- /* Almost there, just need to make padata ! */
- sam_padata = malloc(sizeof(krb5_pa_data));
- if (sam_padata == NULL) {
- krb5_free_data(context, scratch);
- return(ENOMEM);
- }
-
- sam_padata->magic = KV5M_PA_DATA;
- sam_padata->pa_type = KRB5_PADATA_SAM_RESPONSE_2;
- sam_padata->length = scratch->length;
- sam_padata->contents = (krb5_octet *) scratch->data;
-
- *out_padata = sam_padata;
-
- return(0);